-
Notifications
You must be signed in to change notification settings - Fork 247
/
advapi32_constants.go
300 lines (287 loc) · 12 KB
/
advapi32_constants.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
package w32
// Registry predefined keys
const (
HKEY_CLASSES_ROOT HKEY = 0x80000000
HKEY_CURRENT_USER HKEY = 0x80000001
HKEY_LOCAL_MACHINE HKEY = 0x80000002
HKEY_USERS HKEY = 0x80000003
HKEY_PERFORMANCE_DATA HKEY = 0x80000004
HKEY_CURRENT_CONFIG HKEY = 0x80000005
HKEY_DYN_DATA HKEY = 0x80000006
)
// Registry Key Security and Access Rights
const (
KEY_ALL_ACCESS = 0xF003F
KEY_CREATE_SUB_KEY = 0x0004
KEY_ENUMERATE_SUB_KEYS = 0x0008
KEY_NOTIFY = 0x0010
KEY_QUERY_VALUE = 0x0001
KEY_SET_VALUE = 0x0002
KEY_READ = 0x20019
KEY_WRITE = 0x20006
)
const (
NFR_ANSI = 1
NFR_UNICODE = 2
NF_QUERY = 3
NF_REQUERY = 4
)
// Registry value types
const (
RRF_RT_REG_NONE = 0x00000001
RRF_RT_REG_SZ = 0x00000002
RRF_RT_REG_EXPAND_SZ = 0x00000004
RRF_RT_REG_BINARY = 0x00000008
RRF_RT_REG_DWORD = 0x00000010
RRF_RT_REG_MULTI_SZ = 0x00000020
RRF_RT_REG_QWORD = 0x00000040
RRF_RT_DWORD = (RRF_RT_REG_BINARY | RRF_RT_REG_DWORD)
RRF_RT_QWORD = (RRF_RT_REG_BINARY | RRF_RT_REG_QWORD)
RRF_RT_ANY = 0x0000ffff
RRF_NOEXPAND = 0x10000000
RRF_ZEROONFAILURE = 0x20000000
REG_PROCESS_APPKEY = 0x00000001
REG_MUI_STRING_TRUNCATE = 0x00000001
)
// Service Control Manager object specific access types
const (
SC_MANAGER_CONNECT = 0x0001
SC_MANAGER_CREATE_SERVICE = 0x0002
SC_MANAGER_ENUMERATE_SERVICE = 0x0004
SC_MANAGER_LOCK = 0x0008
SC_MANAGER_QUERY_LOCK_STATUS = 0x0010
SC_MANAGER_MODIFY_BOOT_CONFIG = 0x0020
SC_MANAGER_ALL_ACCESS = STANDARD_RIGHTS_REQUIRED | SC_MANAGER_CONNECT | SC_MANAGER_CREATE_SERVICE | SC_MANAGER_ENUMERATE_SERVICE | SC_MANAGER_LOCK | SC_MANAGER_QUERY_LOCK_STATUS | SC_MANAGER_MODIFY_BOOT_CONFIG
)
// Service Types (Bit Mask)
const (
SERVICE_KERNEL_DRIVER = 0x00000001
SERVICE_FILE_SYSTEM_DRIVER = 0x00000002
SERVICE_ADAPTER = 0x00000004
SERVICE_RECOGNIZER_DRIVER = 0x00000008
SERVICE_DRIVER = SERVICE_KERNEL_DRIVER | SERVICE_FILE_SYSTEM_DRIVER | SERVICE_RECOGNIZER_DRIVER
SERVICE_WIN32_OWN_PROCESS = 0x00000010
SERVICE_WIN32_SHARE_PROCESS = 0x00000020
SERVICE_WIN32 = SERVICE_WIN32_OWN_PROCESS | SERVICE_WIN32_SHARE_PROCESS
SERVICE_INTERACTIVE_PROCESS = 0x00000100
SERVICE_TYPE_ALL = SERVICE_WIN32 | SERVICE_ADAPTER | SERVICE_DRIVER | SERVICE_INTERACTIVE_PROCESS
)
// Service State -- for CurrentState
const (
SERVICE_STOPPED = 0x00000001
SERVICE_START_PENDING = 0x00000002
SERVICE_STOP_PENDING = 0x00000003
SERVICE_RUNNING = 0x00000004
SERVICE_CONTINUE_PENDING = 0x00000005
SERVICE_PAUSE_PENDING = 0x00000006
SERVICE_PAUSED = 0x00000007
)
// Controls Accepted (Bit Mask)
const (
SERVICE_ACCEPT_STOP = 0x00000001
SERVICE_ACCEPT_PAUSE_CONTINUE = 0x00000002
SERVICE_ACCEPT_SHUTDOWN = 0x00000004
SERVICE_ACCEPT_PARAMCHANGE = 0x00000008
SERVICE_ACCEPT_NETBINDCHANGE = 0x00000010
SERVICE_ACCEPT_HARDWAREPROFILECHANGE = 0x00000020
SERVICE_ACCEPT_POWEREVENT = 0x00000040
SERVICE_ACCEPT_SESSIONCHANGE = 0x00000080
SERVICE_ACCEPT_PRESHUTDOWN = 0x00000100
SERVICE_ACCEPT_TIMECHANGE = 0x00000200
SERVICE_ACCEPT_TRIGGEREVENT = 0x00000400
)
// Service object specific access type
const (
SERVICE_QUERY_CONFIG = 0x0001
SERVICE_CHANGE_CONFIG = 0x0002
SERVICE_QUERY_STATUS = 0x0004
SERVICE_ENUMERATE_DEPENDENTS = 0x0008
SERVICE_START = 0x0010
SERVICE_STOP = 0x0020
SERVICE_PAUSE_CONTINUE = 0x0040
SERVICE_INTERROGATE = 0x0080
SERVICE_USER_DEFINED_CONTROL = 0x0100
SERVICE_ALL_ACCESS = STANDARD_RIGHTS_REQUIRED |
SERVICE_QUERY_CONFIG |
SERVICE_CHANGE_CONFIG |
SERVICE_QUERY_STATUS |
SERVICE_ENUMERATE_DEPENDENTS |
SERVICE_START |
SERVICE_STOP |
SERVICE_PAUSE_CONTINUE |
SERVICE_INTERROGATE |
SERVICE_USER_DEFINED_CONTROL
)
const (
KERNEL_LOGGER_NAME = "NT Kernel Logger"
)
// WNODE flags, for ETW (Event Tracing for Windows) / WMI
const (
WNODE_FLAG_ALL_DATA = 0x00000001
WNODE_FLAG_SINGLE_INSTANCE = 0x00000002
WNODE_FLAG_SINGLE_ITEM = 0x00000004
WNODE_FLAG_EVENT_ITEM = 0x00000008
WNODE_FLAG_FIXED_INSTANCE_SIZE = 0x00000010
WNODE_FLAG_TOO_SMALL = 0x00000020
WNODE_FLAG_INSTANCES_SAME = 0x00000040
WNODE_FLAG_STATIC_INSTANCE_NAMES = 0x00000080
WNODE_FLAG_INTERNAL = 0x00000100
WNODE_FLAG_USE_TIMESTAMP = 0x00000200
WNODE_FLAG_PERSIST_EVENT = 0x00000400
WNODE_FLAG_EVENT_REFERENCE = 0x00002000
WNODE_FLAG_ANSI_INSTANCENAMES = 0x00004000
WNODE_FLAG_METHOD_ITEM = 0x00008000
WNODE_FLAG_PDO_INSTANCE_NAMES = 0x00010000
WNODE_FLAG_TRACED_GUID = 0x00020000
WNODE_FLAG_LOG_WNODE = 0x00040000
WNODE_FLAG_USE_GUID_PTR = 0x00080000
WNODE_FLAG_USE_MOF_PTR = 0x00100000
WNODE_FLAG_NO_HEADER = 0x00200000
WNODE_FLAG_SEVERITY_MASK = 0xff000000
)
// ETW flags and types etc
const (
EVENT_TRACE_TYPE_INFO = 0x00
EVENT_TRACE_TYPE_START = 0x01
EVENT_TRACE_TYPE_END = 0x02
EVENT_TRACE_TYPE_STOP = 0x02
EVENT_TRACE_TYPE_DC_START = 0x03
EVENT_TRACE_TYPE_DC_END = 0x04
EVENT_TRACE_TYPE_EXTENSION = 0x05
EVENT_TRACE_TYPE_REPLY = 0x06
EVENT_TRACE_TYPE_DEQUEUE = 0x07
EVENT_TRACE_TYPE_RESUME = 0x07
EVENT_TRACE_TYPE_CHECKPOINT = 0x08
EVENT_TRACE_TYPE_SUSPEND = 0x08
EVENT_TRACE_TYPE_WINEVT_SEND = 0x09
EVENT_TRACE_TYPE_WINEVT_RECEIVE = 0XF0
TRACE_LEVEL_NONE = 0
TRACE_LEVEL_CRITICAL = 1
TRACE_LEVEL_FATAL = 1
TRACE_LEVEL_ERROR = 2
TRACE_LEVEL_WARNING = 3
TRACE_LEVEL_INFORMATION = 4
TRACE_LEVEL_VERBOSE = 5
TRACE_LEVEL_RESERVED6 = 6
TRACE_LEVEL_RESERVED7 = 7
TRACE_LEVEL_RESERVED8 = 8
TRACE_LEVEL_RESERVED9 = 9
EVENT_TRACE_TYPE_LOAD = 0x0A
EVENT_TRACE_TYPE_IO_READ = 0x0A
EVENT_TRACE_TYPE_IO_WRITE = 0x0B
EVENT_TRACE_TYPE_IO_READ_INIT = 0x0C
EVENT_TRACE_TYPE_IO_WRITE_INIT = 0x0D
EVENT_TRACE_TYPE_IO_FLUSH = 0x0E
EVENT_TRACE_TYPE_IO_FLUSH_INIT = 0x0F
EVENT_TRACE_TYPE_MM_TF = 0x0A
EVENT_TRACE_TYPE_MM_DZF = 0x0B
EVENT_TRACE_TYPE_MM_COW = 0x0C
EVENT_TRACE_TYPE_MM_GPF = 0x0D
EVENT_TRACE_TYPE_MM_HPF = 0x0E
EVENT_TRACE_TYPE_MM_AV = 0x0F
EVENT_TRACE_TYPE_SEND = 0x0A
EVENT_TRACE_TYPE_RECEIVE = 0x0B
EVENT_TRACE_TYPE_CONNECT = 0x0C
EVENT_TRACE_TYPE_DISCONNECT = 0x0D
EVENT_TRACE_TYPE_RETRANSMIT = 0x0E
EVENT_TRACE_TYPE_ACCEPT = 0x0F
EVENT_TRACE_TYPE_RECONNECT = 0x10
EVENT_TRACE_TYPE_CONNFAIL = 0x11
EVENT_TRACE_TYPE_COPY_TCP = 0x12
EVENT_TRACE_TYPE_COPY_ARP = 0x13
EVENT_TRACE_TYPE_ACKFULL = 0x14
EVENT_TRACE_TYPE_ACKPART = 0x15
EVENT_TRACE_TYPE_ACKDUP = 0x16
EVENT_TRACE_TYPE_GUIDMAP = 0x0A
EVENT_TRACE_TYPE_CONFIG = 0x0B
EVENT_TRACE_TYPE_SIDINFO = 0x0C
EVENT_TRACE_TYPE_SECURITY = 0x0D
EVENT_TRACE_TYPE_REGCREATE = 0x0A
EVENT_TRACE_TYPE_REGOPEN = 0x0B
EVENT_TRACE_TYPE_REGDELETE = 0x0C
EVENT_TRACE_TYPE_REGQUERY = 0x0D
EVENT_TRACE_TYPE_REGSETVALUE = 0x0E
EVENT_TRACE_TYPE_REGDELETEVALUE = 0x0F
EVENT_TRACE_TYPE_REGQUERYVALUE = 0x10
EVENT_TRACE_TYPE_REGENUMERATEKEY = 0x11
EVENT_TRACE_TYPE_REGENUMERATEVALUEKEY = 0x12
EVENT_TRACE_TYPE_REGQUERYMULTIPLEVALUE = 0x13
EVENT_TRACE_TYPE_REGSETINFORMATION = 0x14
EVENT_TRACE_TYPE_REGFLUSH = 0x15
EVENT_TRACE_TYPE_REGKCBCREATE = 0x16
EVENT_TRACE_TYPE_REGKCBDELETE = 0x17
EVENT_TRACE_TYPE_REGKCBRUNDOWNBEGIN = 0x18
EVENT_TRACE_TYPE_REGKCBRUNDOWNEND = 0x19
EVENT_TRACE_TYPE_REGVIRTUALIZE = 0x1A
EVENT_TRACE_TYPE_REGCLOSE = 0x1B
EVENT_TRACE_TYPE_REGSETSECURITY = 0x1C
EVENT_TRACE_TYPE_REGQUERYSECURITY = 0x1D
EVENT_TRACE_TYPE_REGCOMMIT = 0x1E
EVENT_TRACE_TYPE_REGPREPARE = 0x1F
EVENT_TRACE_TYPE_REGROLLBACK = 0x20
EVENT_TRACE_TYPE_REGMOUNTHIVE = 0x21
EVENT_TRACE_TYPE_CONFIG_CPU = 0x0A
EVENT_TRACE_TYPE_CONFIG_PHYSICALDISK = 0x0B
EVENT_TRACE_TYPE_CONFIG_LOGICALDISK = 0x0C
EVENT_TRACE_TYPE_CONFIG_NIC = 0x0D
EVENT_TRACE_TYPE_CONFIG_VIDEO = 0x0E
EVENT_TRACE_TYPE_CONFIG_SERVICES = 0x0F
EVENT_TRACE_TYPE_CONFIG_POWER = 0x10
EVENT_TRACE_TYPE_CONFIG_NETINFO = 0x11
EVENT_TRACE_TYPE_CONFIG_IRQ = 0x15
EVENT_TRACE_TYPE_CONFIG_PNP = 0x16
EVENT_TRACE_TYPE_CONFIG_IDECHANNEL = 0x17
EVENT_TRACE_TYPE_CONFIG_PLATFORM = 0x19
EVENT_TRACE_FLAG_PROCESS = 0x00000001
EVENT_TRACE_FLAG_THREAD = 0x00000002
EVENT_TRACE_FLAG_IMAGE_LOAD = 0x00000004
EVENT_TRACE_FLAG_DISK_IO = 0x00000100
EVENT_TRACE_FLAG_DISK_FILE_IO = 0x00000200
EVENT_TRACE_FLAG_MEMORY_PAGE_FAULTS = 0x00001000
EVENT_TRACE_FLAG_MEMORY_HARD_FAULTS = 0x00002000
EVENT_TRACE_FLAG_NETWORK_TCPIP = 0x00010000
EVENT_TRACE_FLAG_REGISTRY = 0x00020000
EVENT_TRACE_FLAG_DBGPRINT = 0x00040000
EVENT_TRACE_FLAG_PROCESS_COUNTERS = 0x00000008
EVENT_TRACE_FLAG_CSWITCH = 0x00000010
EVENT_TRACE_FLAG_DPC = 0x00000020
EVENT_TRACE_FLAG_INTERRUPT = 0x00000040
EVENT_TRACE_FLAG_SYSTEMCALL = 0x00000080
EVENT_TRACE_FLAG_DISK_IO_INIT = 0x00000400
EVENT_TRACE_FLAG_ALPC = 0x00100000
EVENT_TRACE_FLAG_SPLIT_IO = 0x00200000
EVENT_TRACE_FLAG_DRIVER = 0x00800000
EVENT_TRACE_FLAG_PROFILE = 0x01000000
EVENT_TRACE_FLAG_FILE_IO = 0x02000000
EVENT_TRACE_FLAG_FILE_IO_INIT = 0x04000000
EVENT_TRACE_FLAG_DISPATCHER = 0x00000800
EVENT_TRACE_FLAG_VIRTUAL_ALLOC = 0x00004000
EVENT_TRACE_FLAG_EXTENSION = 0x80000000
EVENT_TRACE_FLAG_FORWARD_WMI = 0x40000000
EVENT_TRACE_FLAG_ENABLE_RESERVE = 0x20000000
EVENT_TRACE_FILE_MODE_NONE = 0x00000000
EVENT_TRACE_FILE_MODE_SEQUENTIAL = 0x00000001
EVENT_TRACE_FILE_MODE_CIRCULAR = 0x00000002
EVENT_TRACE_FILE_MODE_APPEND = 0x00000004
EVENT_TRACE_REAL_TIME_MODE = 0x00000100
EVENT_TRACE_DELAY_OPEN_FILE_MODE = 0x00000200
EVENT_TRACE_BUFFERING_MODE = 0x00000400
EVENT_TRACE_PRIVATE_LOGGER_MODE = 0x00000800
EVENT_TRACE_ADD_HEADER_MODE = 0x00001000
EVENT_TRACE_USE_GLOBAL_SEQUENCE = 0x00004000
EVENT_TRACE_USE_LOCAL_SEQUENCE = 0x00008000
EVENT_TRACE_RELOG_MODE = 0x00010000
EVENT_TRACE_USE_PAGED_MEMORY = 0x01000000
EVENT_TRACE_FILE_MODE_NEWFILE = 0x00000008
EVENT_TRACE_FILE_MODE_PREALLOCATE = 0x00000020
EVENT_TRACE_NONSTOPPABLE_MODE = 0x00000040
EVENT_TRACE_SECURE_MODE = 0x00000080
EVENT_TRACE_USE_KBYTES_FOR_SIZE = 0x00002000
EVENT_TRACE_PRIVATE_IN_PROC = 0x00020000
EVENT_TRACE_MODE_RESERVED = 0x00100000
EVENT_TRACE_NO_PER_PROCESSOR_BUFFERING = 0x10000000
EVENT_TRACE_CONTROL_QUERY = 0
EVENT_TRACE_CONTROL_STOP = 1
EVENT_TRACE_CONTROL_UPDATE = 2
EVENT_TRACE_CONTROL_FLUSH = 3
)