---
-- Implements functionality related to Server Message Block (SMB, an extension
-- of CIFS) version 2 traffic, which is a Windows protocol.
--
-- SMB traffic is normally sent to/from ports 139 or 445 of Windows systems. Microsoft's
-- extensive documentation is available at the following URL:
-- * SMB2: https://msdn.microsoft.com/en-us/library/cc246482.aspx
-----------------------------------------------------------------------
local asn1 = require "asn1"
local bin = require "bin"
local bit = require "bit"
local coroutine = require "coroutine"
local io = require "io"
local math = require "math"
local match = require "match"
local netbios = require "netbios"
local nmap = require "nmap"
local os = require "os"
local smbauth = require "smbauth"
local stdnse = require "stdnse"
local string = require "string"
local table = require "table"
local unicode = require "unicode"
local smb = require "smb"
_ENV = stdnse.module("smb2", stdnse.seeall)

-- These arrays are filled in with constants at the bottom of this file
command_codes = {}
command_names = {}
status_codes = {}
status_names = {}
filetype_codes = {}
filetype_names = {}
file_attributes = {}
smb2_flags = {}
smb2_OplockLevel = {}
smb2_ImpersonationLevel = {}
file_share_access = {}
create_disposition = {}
create_options = {}

local TIMEOUT = 10000

---Wrapper around <code>smbauth.add_account</code>.
function add_account(host, username, domain, password, password_hash, hash_type, is_admin)
  smbauth.add_account(host, username, domain, password, password_hash, hash_type, is_admin)
end

---Wrapper around <code>smbauth.get_account</code>.
function get_account(host)
  return smbauth.get_account(host)
end

---Get an 'overrides' table for the anonymous user
--
--@param overrides [optional] A base table of overrides. The appropriate fields will be added.
function get_overrides_anonymous(overrides)
  if(not(overrides)) then
    return {username='', domain='', password='', password_hash=nil, hash_type='none'}
  else
    overrides['username'] = ''
    overrides['domain'] = ''
    overrides['password'] = ''
    overrides['password_hash'] = ''
    overrides['hash_type'] = 'none'
  end
end

---Convert a status number from the SMB header into a status name, returning an error message (not nil) if
-- it wasn't found.
--
--@param status The numerical status.
--@return A string representing the error. Never nil.
function get_status_name(status)
  stdnse.debug(2, "SMB2: Got status '%s'", status)
  if(status_names[status] == nil) then
    -- If the name wasn't found in the array, do a linear search on it
    for i, v in pairs(status_names) do
      if(v == status) then
        return i
      end
    end

    return string.format("NT_STATUS_UNKNOWN (0x%08x)", status)
  else
    return status_names[status]
  end
end

--- Begins a SMB session, automatically determining the best way to connect.
--
-- @param host The host object
-- @return (status, smb) if the status is true, result is the newly crated smb object;
--         otherwise, socket is the error message.
function start(host)
  local port = smb.get_port(host)
  local status, result
  local state = {}

  state['uid']      = 0
  state['tid']      = 0
  state['mid']      = 1
  state['pid']      = math.random(32766) + 1
  state['host']     = host
  state['ip']       = host.ip
  state['sequence'] = -1
  state['MessageId']      = -1

  -- Store the name of the server
  local nbcache_mutex = nmap.mutex("Netbios lookup mutex")
  nbcache_mutex "lock"
  if ( not(host.registry['netbios_name']) ) then
    status, result = netbios.get_server_name(host.ip)
    if(status == true) then
      host.registry['netbios_name'] = result
      state['name'] = result
    end
  else
    stdnse.debug2("SMB: Resolved netbios name from cache")
    state['name'] = host.registry['netbios_name']
  end
  nbcache_mutex "done"

  stdnse.debug2("SMB: Starting SMB2 session for %s (%s)", host.name, host.ip)

  if(port == nil) then
    return false, "SMB: Couldn't find a valid port to check"
  end

  -- Initialize the accounts for logging on
  smbauth.init_account(host)

  if(port ~= 139) then
    status, state['socket'] = start_raw(host, port)
    state['port'] = port

    if(status == false) then
      return false, state['socket']
    end
    return true, state

  else
    status, state['socket'] = start_netbios(host, port)
    state['port'] = port
    if(status == false) then
      return false, state['socket']
    end
    return true, state

  end

  return false, "SMB: Couldn't find a valid port to check"
end

--- Kills the SMB connection and closes the socket.
--
--  In addition to killing the connection, this function will log off the user and disconnect
--  the connected tree, if possible.
--
--@param smb    The SMB object associated with the connection
--@return (status, result) If status is false, result is an error message. Otherwise, result
--        is undefined.
function stop(smb)

  if(smb['TreeId'] ~= 0) then
    tree_disconnect(smb)
  end

  if(smb['MessageId'] ~= -1) then
    logoff(smb)
  end

  stdnse.debug2("SMB: Closing socket")
  if(smb['socket'] ~= nil) then
    local status, err = smb['socket']:close()

    if(status == false) then
      return false, "SMB: Failed to close socket: " .. err
    end
  end

  return true
end

--- Begins a raw SMB session, likely over port 445. Since nothing extra is required, this
--  function simply makes a connection and returns the socket.
--
--@param host The host object to check.
--@param port The port to use (most likely 445).
--@return (status, socket) if status is true, result is the newly created socket.
--        Otherwise, socket is the error message.
function start_raw(host, port)
  local status, err
  local socket = nmap.new_socket()

  socket:set_timeout(TIMEOUT)
  status, err = socket:connect(host, port, "tcp")

  if(status == false) then
    return false, "SMB: Failed to connect to host: " .. err
  end

  return true, socket
end

--- Begins a SMB session over NetBIOS.
--
-- This requires a NetBIOS Session Start message to be sent first, which in
-- turn requires the NetBIOS name. The name can be provided as a parameter, or
-- it can be automatically determined.
--
-- Automatically determining the name is interesting, to say the least. Here
-- are the names it tries, and the order it tries them in:
-- * The name the user provided, if present
-- * The name pulled from NetBIOS (udp/137), if possible
-- * The generic name "*SMBSERVER"
-- * Each subset of the domain name (for example, scanme.insecure.org would
--   attempt "scanme", "scanme.insecure", and "scanme.insecure.org")
--
-- This whole sequence is a little hackish, but it's the standard way of doing
-- it.
--
--@param host The host object to check.
--@param port The port to use (most likely 139).
--@param name [optional] The NetBIOS name of the host. Will attempt to
--            automatically determine if it isn't given.
--@return (status, socket) if status is true, result is the port
--        Otherwise, socket is the error message.
function start_netbios(host, port, name)
  local i
  local status, err
  local pos, result, flags, length
  local socket = nmap.new_socket()

  -- First, populate the name array with all possible names, in order of significance
  local names = {}

  -- Use the name parameter
  if(name ~= nil) then
    names[#names + 1] = name
  end

  -- Get the name of the server from NetBIOS
  status, name = netbios.get_server_name(host.ip)
  if(status == true) then
    names[#names + 1] = name
  end

  -- "*SMBSERVER" is a special name that any server should respond to
  names[#names + 1] = "*SMBSERVER"

  -- If all else fails, use each substring of the DNS name (this is a HUGE hack, but is actually
  -- a recommended way of doing this!)
  if(host.name ~= nil and host.name ~= "") then
    local new_names = get_subnames(host.name)
    for i = 1, #new_names, 1 do
      names[#names + 1] = new_names[i]
    end
  end

  -- This loop will try all the NetBIOS names we've collected, hoping one of them will work. Yes,
  -- this is a hackish way, but it's actually the recommended way.
  i = 1
  repeat

    -- Use the current name
    name = names[i]

    -- Some debug information
    stdnse.debug1("SMB: Trying to start NetBIOS session with name = '%s'", name)
    -- Request a NetBIOS session
    local session_request = bin.pack(">CCSzz",
      0x81,                        -- session request
      0x00,                        -- flags
      0x44,                        -- length
      netbios.name_encode(name),   -- server name
      netbios.name_encode("NMAP")  -- client name
      );

    stdnse.debug3("SMB: Connecting to %s", host.ip)
    socket:set_timeout(TIMEOUT)
    status, err = socket:connect(host, port, "tcp")
    if(status == false) then
      socket:close()
      return false, "SMB: Failed to connect: " .. err
    end

    -- Send the session request
    stdnse.debug3("SMB: Sending NetBIOS session request with name %s", name)
    status, err = socket:send(session_request)
    if(status == false) then
      socket:close()
      return false, "SMB: Failed to send: " .. err
    end
    socket:set_timeout(TIMEOUT)

    -- Receive the session response
    stdnse.debug3("SMB: Receiving NetBIOS session response")
    status, result = socket:receive_buf(match.numbytes(4), true);
    if(status == false) then
      socket:close()
      return false, "SMB: Failed to close socket: " .. result
    end
    pos, result, flags, length = bin.unpack(">CCS", result)
    if(result == nil or length == nil) then
      return false, "SMB: ERROR: Server returned less data than it was supposed to (one or more fields are missing); aborting [1]"
    end

    -- Check for a positive session response (0x82)
    if result == 0x82 then
      stdnse.debug3("SMB: Successfully established NetBIOS session with server name %s", name)
      return true, socket
    end

    -- If the session failed, close the socket and try the next name
    stdnse.debug1("SMB: Session request failed, trying next name")
    socket:close()

    -- Try the next name
    i = i + 1

  until i > #names

  -- We reached the end of our names list
  stdnse.debug1("SMB: None of the NetBIOS names worked!")
  return false, "SMB: Couldn't find a NetBIOS name that works for the server. Sorry!"
end

--- Creates a string containing a SMB packet header - async. The header looks like this:
--
--<code>
-- --------------------------------------------------------------------------------------------------
-- | 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9  8  7  6  5  4  3  2  1  0 |
-- --------------------------------------------------------------------------------------------------
-- |         0xFE           |          'S'          |        'M'            |         'B'           |
-- --------------------------------------------------------------------------------------------------
-- |                   StructureSize                |                  CreditCharge                 |
-- --------------------------------------------------------------------------------------------------
-- |                                 (ChannelSequence/Reserved)/Status                              |
-- --------------------------------------------------------------------------------------------------
-- |                    Command                     |            CreditRequest/CreditResponse       |
-- --------------------------------------------------------------------------------------------------
-- |                                              Flags                                             |
-- --------------------------------------------------------------------------------------------------
-- |                                           NextCommand                                          |
-- --------------------------------------------------------------------------------------------------
-- |                                             MessageId                                          |
-- --------------------------------------------------------------------------------------------------
-- |                                               ...                                              |
-- --------------------------------------------------------------------------------------------------
-- |                                              AsyncId                                           |
-- --------------------------------------------------------------------------------------------------
-- |                                               ...                                              |
-- --------------------------------------------------------------------------------------------------
-- |                                             MessageId                                          |
-- --------------------------------------------------------------------------------------------------
-- |                                               ...                                              |
-- --------------------------------------------------------------------------------------------------
-- |                                             SessionId                                          |
-- --------------------------------------------------------------------------------------------------
-- |                                               ...                                              |
-- --------------------------------------------------------------------------------------------------
-- |                                             Signature                                          |
-- --------------------------------------------------------------------------------------------------
-- |                                               ...                                              |
-- --------------------------------------------------------------------------------------------------
-- |                                               ...                                              |
-- --------------------------------------------------------------------------------------------------
-- |                                               ...                                              |
-- --------------------------------------------------------------------------------------------------
--</code>
--
-- All fields are, incidentally, encoded in little endian byte order.
--
-- For the purposes here, the program doesn't care about most of the fields so they're given default
-- values. The "command" field is the only one we ever have to set manually, in my experience. The TID
-- and UID need to be set, but those are stored in the smb state and don't require user intervention.
--
--@param smb     The smb state table.
--@param command The command to use.
--@param overrides The overrides table. Keep in mind that overriding things like flags is generally a very bad idea, unless you know what you're doing.
--@return A binary string containing the packed packet header.
function smb_encode_header_async(smb, command, overrides)
  -- TODO
end
---Turn off extended security negotiations for this connection.
--
-- There are a few reasons you might want to do that, the main ones being that
-- extended security is going to be marginally slower and it's not going to
-- give the same level of information in some cases (namely, it doesn't present
-- the server's name).
--@param smb The SMB state table.
function disable_extended(smb)
  smb['extended_security'] = false
end
---
-- Starts SMB2 connection
--
--
function start_ex(host, bool_negotiate_protocol, bool_start_session, str_tree_connect, str_create_file, bool_disable_extended, overrides)
  local smbstate
  local status, err

  -- Make sure we have overrides
  overrides = overrides or {}

  -- Begin the SMB session
  status, smbstate = start(host)
  if(status == false) then
    return false, smbstate
  end

  -- Disable extended security if it was requested
  if(bool_disable_extended == true) then
    disable_extended(smbstate)
  end

  if(bool_negotiate_protocol == true) then
    -- Negotiate the protocol
    status, err = negotiate_protocol(smbstate, overrides)
    if(status == false) then
      stop(smbstate)
      return false, err
    end

    if(bool_start_session == true) then
      -- Start up a session
      status, err = start_session(smbstate, overrides)
      if(status == false) then
        stop(smbstate)
        return false, err
      end

      if(str_tree_connect ~= nil) then
        -- Connect to share
        status, err = tree_connect(smbstate, str_tree_connect, overrides)
        if(status == false) then
          stop(smbstate)
          return false, err
        end

        if(str_create_file ~= nil) then
          -- Try to connect to requested pipe
          status, err = create_file(smbstate, str_create_file, overrides)
          if(status == false) then
            stop(smbstate)
            return false, err
          end
        end
      end
    end
  end

  -- Return everything
  return true, smbstate
end


--- Creates a string containing a SMB packet header - sync. The header looks like this:
--
--<code>
-- --------------------------------------------------------------------------------------------------
-- | 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9  8  7  6  5  4  3  2  1  0 |
-- --------------------------------------------------------------------------------------------------
-- |         0xFE           |          'S'          |        'M'            |         'B'           |
-- --------------------------------------------------------------------------------------------------
-- |                   StructureSize                |                  CreditCharge                 |
-- --------------------------------------------------------------------------------------------------
-- |                                 (ChannelSequence/Reserved)/Status                              |
-- --------------------------------------------------------------------------------------------------
-- |                    Command                     |            CreditRequest/CreditResponse       |
-- --------------------------------------------------------------------------------------------------
-- |                                              Flags                                             |
-- --------------------------------------------------------------------------------------------------
-- |                                           NextCommand                                          |
-- --------------------------------------------------------------------------------------------------
-- |                                             MessageId                                          |
-- --------------------------------------------------------------------------------------------------
-- |                                               ...                                              |
-- --------------------------------------------------------------------------------------------------
-- |                                              Reserved                                          |
-- --------------------------------------------------------------------------------------------------
-- |                                               TreeId                                           |
-- --------------------------------------------------------------------------------------------------
-- |                                             SessionId                                          |
-- --------------------------------------------------------------------------------------------------
-- |                                               ...                                              |
-- --------------------------------------------------------------------------------------------------
-- |                                             Signature                                          |
-- --------------------------------------------------------------------------------------------------
-- |                                               ...                                              |
-- --------------------------------------------------------------------------------------------------
-- |                                               ...                                              |
-- --------------------------------------------------------------------------------------------------
-- |                                               ...                                              |
-- --------------------------------------------------------------------------------------------------
--</code>
--
-- All fields are, incidentally, encoded in little endian byte order.
--
-- For the purposes here, the program doesn't care about most of the fields so they're given default
-- values. The "command" field is the only one we ever have to set manually, in my experience. The TID
-- and UID need to be set, but those are stored in the smb state and don't require user intervention.
--
--@param smb     The smb state table.
--@param command The command to use.
--@param overrides The overrides table. Keep in mind that overriding things like flags is generally a very bad idea, unless you know what you're doing.
--@return A binary string containing the packed packet header.
function smb_encode_header_sync(smb, command, overrides)
  -- Make sure we have an overrides array
  overrides = overrides or {}

  -- Used for the ProtocolId
  local sig = "\xFESMB"

  local structureSize = 64
  local flags = 0

  if smb['MessageId'] then
    smb['MessageId'] = smb['MessageId'] + 1
  end

  local header = bin.pack("<CCCCSSISSIILIILLL",
    sig:byte(1),  -- Header
    sig:byte(2),  -- Header
    sig:byte(3),  -- Header
    sig:byte(4),  -- Header
    structureSize,                      -- 2 bytes. StructureSize.
    (overrides['CreditCharge'] or 0),   -- 2 bytes. CreditCharge. In the SMB 2.002, the sender MUST set this to 0
    (overrides['Status'] or 0),         -- 4 bytes. (ChannelSequence/Reserved)/Status. 
    command,                            -- 2 bytes. Commands.
    (overrides['CreditR'] or 0),        -- 2 bytes. CreditRequest/CreditResponse.
    (overrides['Flags'] or flags),      -- 4 bytes. Flags. TODO
    (overrides['NextCommand'] or 0),    -- 4 bytes. NextCommand.
    (overrides['MessageId'] or smb['MessageId']),       -- 8 bytes. MessageId.
    (overrides['Reserved'] or 0x0000feff),       -- 4 bytes. Reserved.
    (overrides['TreeId'] or smb['TreeId'] or 0),         -- 4 bytes. TreeId.
    (overrides['SessionId'] or smb['SessionId'] or 0),      -- 8 bytes. SessionId.
    (overrides['Signature1'] or 0),     -- 8 bytes. Signature1.
    (overrides['Signature2'] or 0)      -- 8 bytes. Signature2.
    )

  return header
end

--- Prepends the NetBIOS header to the packet, which is essentially the length, encoded
--  in 4 bytes of big endian, and sends it out.
--
--  The length field is actually 17 or 24 bits wide, depending on whether or
--  not we're using raw, but that shouldn't matter.
--
--@param smb        The SMB object associated with the connection
--@param header     The header, encoded with <code>smb_get_header</code>.
--@param data       The data.
--@param overrides  Overrides table.
--@return (result, err) If result is false, err is the error message. Otherwise, err is
--        undefined
function smb_send(smb, header, data, overrides)
  overrides = overrides or {}
  local body               = header .. data
  local attempts           = 5
  local status, err

  local out = bin.pack(">I<A", #body, body)
  repeat
    attempts = attempts - 1
    stdnse.debug3("SMB: Sending SMB packet (len: %d, attempts remaining: %d)", #out, attempts)
    status, err = smb['socket']:send(out)
  until(status or (attempts == 0))

  if(attempts == 0) then
    stdnse.debug1("SMB: Sending packet failed after 5 tries! Giving up.")
  end

  return status, err
end



--- Reads the next packet from the socket, and parses it into the header, parameters,
--  and data.
--@return (status, header, data) If status is true, the header,
--        , and data are all the raw arrays (with the lengths already
--        removed). If status is false, header contains an error message and 
--        data are undefined.
function smb2_read(smb, read_data)
  local status
  local pos, netbios_data, netbios_length, length, header, parameter_length, parameters, data_length, data
  local attempts = 5

  stdnse.debug3("SMB2: Receiving SMB2 packet")

  -- Receive the response -- we make sure to receive at least 4 bytes, the length of the NetBIOS length
  smb['socket']:set_timeout(TIMEOUT)

  -- perform 5 attempt to read the Netbios header
  local netbios
  repeat
    attempts = attempts - 1
    status, netbios_data = smb['socket']:receive_buf(match.numbytes(4), true);

    if ( not(status) and netbios_data == "EOF" ) then
      return false, "SMB2: ERROR: Server disconnected the connection"
    end
  until(status or (attempts == 0))

  -- Make sure the connection is still alive
  if(status ~= true) then
    return false, "SMB2: Failed to receive bytes after 5 attempts: " .. netbios_data
  end

  -- The length of the packet is 4 bytes of big endian (for our purposes).
  -- The NetBIOS header is 24 bits, big endian
  pos, netbios_length   = bin.unpack(">I", netbios_data)
  if(netbios_length == nil) then
    return false, "SMB2: ERROR: Server returned less data than it was supposed to (one or more fields are missing); aborting [2]"
  end
  -- Make the length 24 bits
  netbios_length = bit.band(netbios_length, 0x00FFFFFF)

  -- The total length is the netbios_length, plus 4 (for the length itself)
  length = netbios_length + 4

  local attempts = 5
  local smb_data
  repeat
    attempts = attempts - 1
    status, smb_data = smb['socket']:receive_buf(match.numbytes(netbios_length), true)
  until(status or (attempts == 0))

  -- Make sure the connection is still alive
  if(status ~= true) then
    return false, "SMB2: Failed to receive bytes after 5 attempts: " .. smb_data
  end

  local result = netbios_data .. smb_data
  if(#result ~= length) then
    stdnse.debug1("SMB2: ERROR: Received wrong number of bytes, there will likely be issues (received %d, expected %d)", #result, length)
    return false, string.format("SMB2: ERROR: Didn't receive the expected number of bytes; received %d, expected %d. This will almost certainly cause some errors.", #result, length)
  end


  -- The header is 64 bytes.
  pos, header = bin.unpack("<A64", result, pos)
  if(header == nil) then
    return false, "SMB2: ERROR: Server returned less data than it was supposed to (one or more fields are missing); aborting [3]"
  end

  -- Read that many bytes of data.
  if(read_data == nil or read_data == true) then
    pos, data = bin.unpack("<A" .. #result - pos + 1, result, pos)
    if(data == nil) then
      return false, "SMB2: ERROR: Server returned less data than it was supposed to (one or more fields are missing); aborting [7]"
    end
  else
    data = nil
  end

  stdnse.debug3("SMB2: Received %d bytes", #result)
  return true, header, data
end

--- Sends out <code>SMB2 NEGOTIATE</code>, which is typically the first SMB packet sent out.
function negotiate_protocol(smb, overrides)
  stdnse.debug(1, "SMB2:Negotiating connection")
  local header, data
  -- Make sure we have overrides
  overrides = overrides or {}  
  header = smb_encode_header_sync(smb, command_codes['SMB2_COM_NEGOTIATE'], overrides)

  local StructureSize = 36
  local DialectCount
  -- Data is a list of strings, terminated by a blank one.
  if(overrides['Dialects'] == nil) then
    DialectCount = 2
  else
    DialectCount = #overrides['Dialects']
  end

  local SecurityMode = overrides["SecurityMode"] or 0x01
  local Reserved = 0
  local Capabilities = overrides["SecurityMode"] or 0
  local GUID1 = overrides["GUID1"] or 1
  local GUID2 = overrides["GUID2"] or 1
  local ClientStartTime = overrides["ClientStartTime"] or 0x010
  local Dialects1 = 0x0202      --Dialect 2.0.2
  local Dialects2 = 0x0210      --Dialect 2.1.0
  local Dialects3 = 0x0300      --Dialect 3.0
  local Dialects3_0_2 = 0x0302  --Dialect 3.0.2
  local Dialects3_1_1 = 0x0311  --Dialect 3.1.1
  local Dialects = {0x0202, 0x0210}
  local data = bin.pack("<SSSSILLL", 
    StructureSize,  --2 bytes
    DialectCount,   --2 bytes
    SecurityMode,   --2 bytes
    Reserved,       --2 bytes
    Capabilities,   --4 bytes
    GUID1,          --8 bytes
    GUID2,          --8 bytes
    ClientStartTime  --8 bytes
    )

  if(overrides['Dialects'] == nil) then
    for _, d in ipairs(Dialects) do
      data = data .. bin.pack("<S", d)
    end
  else
    for _, v in ipairs(overrides['Dialects']) do
      data = data .. bin.pack("<I", v)
    end
  end

  -- Send the negotiate request
  stdnse.debug2("SMB: Sending SMB2_COM_NEGOTIATE")
  local status, err = smb_send(smb, header, data)
  if(status == false) then
    return false, err
  end

  -- Read the result
  status, header, data = smb2_read(smb)
  if(status ~= true) then
    return false, header
  end

  -- Parse out the header
  local pos, header1, header2, header3, header4, h_StructureSize, CreditCharge, Status, Command, CreditR, Flags, NextCommand, MessageId, Reserved, TreeId, SessionId, Signature1, Signature2 = bin.unpack("<CCCCSSISSIILIILLL", header)

-- Get the protocol version
  local protocol_version = string.char(header1, header2, header3, header4)
  if(protocol_version ~= ("\xFESMB")) then
    return false, "SMB: Server did not return a SMBv2 packet"
  end

  -- Check if we fell off the packet (if that happened, the last parameter will be nil)
  if(header1 == nil) then
    return false, "SMB: ERROR: Server returned less data than it was supposed to (one or more fields are missing); aborting [8]"
  end
  print(data)
  stdnse.debug(5, "Data:%s", data)
  local SecurityBufferOffset, SecurityBufferLength, Reserved2, d_StructureSize
  pos, d_StructureSize, smb['SecurityMode'], smb['Dialect'], Reserved, smb['GUID1'], smb['GUID2'], smb['Capabilities']  = bin.unpack("<SSSSLLI", data)
  print(d_StructureSize)
  print(smb['SecurityMode'])
  print(smb['Dialect'])
  pos, smb['MaxTransactSize'], smb['MaxReadSize'], smb['MaxWriteSize'], smb['SystemTime'], smb['ServerStartTime'], 
        SecurityBufferOffset, SecurityBufferLength, Reserved2 = 
        bin.unpack("IIILLSSI", data, pos)
  -- Check if we ran off the packet
  if(smb['Dialect'] == nil) then
    return false, "SMB: ERROR: Server returned less data than it was supposed to (one or more fields are missing); aborting [10]"
  end
  stdnse.debug(2, "SMB2: Dialect chosen by server:%X", smb['Dialect'])
  if(smb['SecurityMode'] == nil or smb['Capabilities'] == nil) then
    return false, "SMB: ERROR: Server returned less data than it was supposed to (one or more fields are missing); aborting [11]"
  end
  -- Some broken implementations of SMB don't send these variables
  if(smb['SystemTime'] == nil) then
    smb['SystemTime'] = 0
  end

  stdnse.debug(1, "SecurityBufferLength:%s", SecurityBufferLength)
  -- do we have a security blob?
  if ( SecurityBufferLength > 0 ) then
    pos, smb['SecurityBlob'] = bin.unpack("<A" .. SecurityBufferLength, data, pos)
    stdnse.debug(1, "Security Blob:%s", smb['SecurityBlob'])
  end
  return true
end

function start_session(smb, log_errors, overrides)
  local header, data
    -- Make sure we have overrides
  overrides = overrides or {}
  local StructureSize = 25
  local Flags = 0x00
  local SecurityMode = 0x01
  local Capabilities = overrides["Capabilities"] or 0
  local Channel = 0
  local SecurityBufferOffset = 0x58
  local PreviousSessionId = 0

  -- Set a default status_name, in case everything fails
  local status_name = "An unknown error has occurred"

  local username, domain, password, password_hash, hash_type
  local result
  -- Get the first account, unless they overrode it
  if(overrides ~= nil and overrides['username'] ~= nil) then
    result = true
    username      = overrides['username']
    domain        = overrides['domain']
    password      = overrides['password']
    password_hash = overrides['password_hash']
    hash_type     = overrides['hash_type']
  else
    result, username, domain, password, password_hash, hash_type = smbauth.get_account(smb['host'])
    stdnse.debug1("password_hash: %s; hash_type: %s", password_hash, hash_type)
    if(not(result)) then
      return result, username
    end
  end

  -- check what kind of security blob we were given in the negotiate protocol request
  local sp_nego = false
  if ( smb['SecurityBlob'] and #smb['SecurityBlob'] > 11 ) then
    local pos, oid = bin.unpack(">A6", smb['SecurityBlob'], 5)
    sp_nego = ( oid == "\x2b\x06\x01\x05\x05\x02" ) -- check for SPNEGO OID 1.3.6.1.5.5.2
  end

  while result ~= false do
    -- These are loop variables
    local security_blob = nil
    local security_blob_length = 0

    repeat
      -- Get the new security blob, passing the old security blob as a parameter. If there was no previous security blob, then nil is passed, which creates a new one
      if ( not(security_blob) ) then
        status, security_blob, smb['mac_key'] = smbauth.get_security_blob(security_blob, smb['ip'], username, domain, password, password_hash, hash_type, (sp_nego and 0x00088215))
        if ( sp_nego ) then
          local enc = asn1.ASN1Encoder:new()
          local mechtype = enc:encode( { type = 'A0', value = enc:encode( { type = '30', value = enc:encode( { type = '06', value = bin.pack("H", "2b06010401823702020a") } ) } ) } )
          local oid = enc:encode( { type = '06', value = bin.pack("H", "2b0601050502") } )

          security_blob = enc:encode(security_blob)
          security_blob = enc:encode( { type = 'A2', value = security_blob } )
          security_blob = mechtype .. security_blob
          security_blob = enc:encode( { type = '30', value = security_blob } )
          security_blob = enc:encode( { type = 'A0', value = security_blob } )
          security_blob = oid .. security_blob
          security_blob = enc:encode( { type = '60', value = security_blob } )
        end
      else
        if ( sp_nego ) then
          if ( smb['domain'] or smb['server'] and ( not(domain) or #domain == 0 ) ) then
            domain = smb['domain'] or smb['server']
          end
          hash_type = "ntlm"
        end
        status, security_blob, smb['mac_key'] = smbauth.get_security_blob(security_blob, smb['ip'], username, domain, password, password_hash, hash_type, (sp_nego and 0x00088215))
        if ( sp_nego ) then
          local enc = asn1.ASN1Encoder:new()
          security_blob = enc:encode(security_blob)
          security_blob = enc:encode( { type = 'A2', value = security_blob } )
          security_blob = enc:encode( { type = '30', value = security_blob } )
          security_blob = enc:encode( { type = 'A1', value = security_blob } )
        end
      end

      -- There was an error processing the security blob
      if(status == false) then
        return false, string.format("SMB: ERROR: Security blob: %s", security_blob)
      end

      local data = bin.pack("<SCCIISSL", 
                            StructureSize,  --2 bytes
                            Flags,   --1 bytes
                            SecurityMode,   --1 bytes
                            Capabilities,       --4 bytes
                            Channel,   --4 bytes
                            SecurityBufferOffset,          --2 bytes
                            #security_blob,          --2 bytes
                            PreviousSessionId  --8 bytes
                            )

      header     = smb_encode_header_sync(smb, command_codes['SMB2_COM_SESSION_SETUP'], overrides)

      -- Data is a list of strings, terminated by a blank one.
      data = data .. bin.pack("<A",
        security_blob         -- Security blob
        )
      -- Send the session setup request
      stdnse.debug2("SMB: Sending SMB2_COM_SESSION_SETUP")
      result, err = smb_send(smb, header, data, overrides)
      if(result == false) then
        return false, err
      end

      -- Read the result
      status, header, data = smb2_read(smb)
      if(status ~= true) then
        return false, header
      end

      -- Parse out the header
      pos, header1, header2, header3, header4, h_StructureSize, CreditCharge, Status, Command, CreditR, h_Flags, NextCommand, MessageId, Reserved, TreeId, smb['SessionId'], Signature1, Signature2 = bin.unpack("<CCCCSSISSIILIILLL", header)
      if(header1 == nil) then
        return false, "SMB: ERROR: Server returned less data than it was supposed to (one or more fields are missing); aborting [17]"
      end

      -- Get a human readable name
      status_name = get_status_name(Status)

      -- Only parse the parameters if it's ok or if we're going to keep going
      if(status_name == "NT_STATUS_SUCCESS" or status_name == "NT_STATUS_MORE_PROCESSING_REQUIRED") then
        -- Parse the parameters
        local s_StructureSize, s_SessionFlags, s_SecurityBufferOffset, s_SecurityBufferLength
        pos, s_StructureSize, s_SessionFlags, s_SecurityBufferOffset, s_SecurityBufferLength = bin.unpack("<SSSS", data)
        if(s_SecurityBufferLength == nil) then
          return false, "SMB: ERROR: Server returned less data than it was supposed to (one or more fields are missing); aborting [18]"
        end
        smb['is_guest']   = bit.band(s_SessionFlags, 1)

        -- Parse the data
        pos, security_blob = bin.unpack(string.format("<A%d", s_SecurityBufferLength), data, pos)

        if ( status_name == "NT_STATUS_MORE_PROCESSING_REQUIRED" and sp_nego ) then
          local start = security_blob:find("NTLMSSP")
          security_blob = security_blob:sub(start)
        end

        if(security_blob == nil) then
          return false, "SMB: ERROR: Server returned less data than it was supposed to (one or more fields are missing); aborting [19]"
        end
        if(status_name == "NT_STATUS_MORE_PROCESSING_REQUIRED") then
          local host_info = smbauth.get_host_info_from_security_blob(security_blob)
          if ( host_info ) then
            smb['fqdn'] = host_info['fqdn']
            smb['domain_dns'] = host_info['dns_domain_name']
            smb['forest_dns'] = host_info['dns_forest_name']
            smb['server'] = host_info['netbios_computer_name']
            smb['domain'] = host_info['netbios_domain_name']
          end
        end

        -- If it's ok, do a cleanup and return true
        if(status_name == "NT_STATUS_SUCCESS") then
          -- Check if they were logged in as a guest
          if(log_errors == nil or log_errors == true) then
            if(smb['is_guest'] == 1) then
              stdnse.debug1("SMB: Extended login to %s as %s\\%s failed, but was given guest access (username may be wrong, or system may only allow guest)", smb['ip'], domain, stdnse.string_or_blank(username))
            else
              stdnse.debug2("SMB: Extended login to %s as %s\\%s succeeded", smb['ip'], domain, stdnse.string_or_blank(username))
            end
          end

          -- Set the initial sequence number
          smb['sequence'] = 1

          return true
        end -- Status is ok
      end -- Should we parse the parameters/data?
    until status_name ~= "NT_STATUS_MORE_PROCESSING_REQUIRED"

    -- Check if we got the error NT_STATUS_REQUEST_NOT_ACCEPTED
    if(status == 0xc00000d0) then
      busy_count = busy_count + 1

      if(busy_count > 9) then
        return false, "SMB: ERROR: Server has too many active connections; giving up."
      end

      local backoff = math.random() * 10
      stdnse.debug1("SMB: Server has too many active connections; pausing for %s seconds.", math.floor(backoff * 100) / 100)
      stdnse.sleep(backoff)
    else
      -- Display a message to the user, and try the next account
      if(log_errors == nil or log_errors == true) then
        stdnse.debug1("SMB: Extended login to %s as %s\\%s failed (%s)", smb['ip'], domain, stdnse.string_or_blank(username), status_name)
      end

      --Go to the next account
      if(overrides == nil or overrides['username'] == nil) then
        smbauth.next_account(smb['host'])
        result, username, domain, password, password_hash, hash_type = smbauth.get_account(smb['host'])
        if(not(result)) then
          return false, username
        end
      else
        result = false
      end
      result = false
    end

  end -- Loop over the accounts

  if(log_errors == nil or log_errors == true) then
    stdnse.debug1("SMB: ERROR: All logins failed, sorry it didn't work out!")
  end

  return false, status_name
end

---
-- SMB2_COM_TREE_CONNECT
---
function tree_connect(smb, path, overrides)
  overrides = overrides or {}
  local buffer = ""
  for i = 1, #path do 
    buffer = buffer .. bin.pack("<S", path:byte(i))
  end
  local header = smb_encode_header_sync(smb, command_codes['SMB2_COM_TREE_CONNECT'], overrides)
  local StructureSize = 9 --The client MUST set this field to 9 regardless of how long buffer actually is
  local Reserved = 0
  local PathOffset = 0x48
  local PathLength = #buffer
  local data = bin.pack("<SSSS", 
                      StructureSize,  --2 bytes
                      Reserved,   --2 bytes
                      PathOffset,   --2 bytes
                      PathLength       --2 bytes
                      )
  data = data .. buffer
  stdnse.debug2("SMB: Sending SMB2_COM_TREE_CONNECT")
  local result, err, status
  result, err = smb_send(smb, header, data, overrides)
  if(result == false) then
    return false, err
  end

  -- Read the result
  status, header, data = smb2_read(smb)
  if(status ~= true) then
    return false, header
  end

  -- Parse out the header
  local pos, header1, header2, header3, header4, h_StructureSize, CreditCharge, Status, Command, CreditR, h_Flags, NextCommand, MessageId, Reserved, Signature1, Signature2
  pos, header1, header2, header3, header4, h_StructureSize, CreditCharge, Status, Command, CreditR, h_Flags, NextCommand, MessageId, Reserved, smb["TreeId"], smb['SessionId'], Signature1, Signature2 = bin.unpack("<CCCCSSISSIILIILLL", header)
  if(header1 == nil) then
    return false, "SMB: ERROR: Server returned less data than it was supposed to (one or more fields are missing); aborting [17]"
  end

  if(Status ~= 0) then
    return false, get_status_name(Status)
  end

  return true
end

--- Disconnects a tree session. Should be called before logging off and disconnecting.
function tree_disconnect(smb, overrides)
  overrides = overrides or {}
  local header = smb_encode_header_sync(smb, command_codes['SMB2_COM_TREE_DISCONNECT'], overrides)
  local StructureSize = 4
  local Reserved = 0
  local data = bin.pack("<SS",
                        StructureSize,  -- 2 bytes
                        Reserved        -- 2 bytes
                        )
  local result, err
  result, err = smb_send(smb, header, data, overrides)
  if(result == false) then
    return false, err
  end 
  local status
  status, header, data = smb2_read(smb)
  local pos, header1, header2, header3, header4, h_StructureSize, CreditCharge, Status, Command, CreditR, h_Flags, NextCommand, MessageId, Reserved, Signature1, Signature2
  pos, header1, header2, header3, header4, h_StructureSize, CreditCharge, Status, Command, CreditR, h_Flags, NextCommand, MessageId, Reserved, smb["TreeId"], smb['SessionId'], Signature1, Signature2 = bin.unpack("<CCCCSSISSIILIILLL", header)
  if(Status ~= 0) then
    return false, get_status_name(Status)
  end
  smb["TreeId"] = 0
  return true
end

---Logs off the current user. Strictly speaking this isn't necessary, but it's the polite thing to do.
--@return (status, result) If status is false, result is an error message. If status is true,
--              the logoff was successful.
function logoff(smb, overrides)
  overrides = overrides or {}
  local header = smb_encode_header_sync(smb, command_codes['SMB2_COM_LOGOFF'], overrides)
  local StructureSize = 4
  local Reserved = 0
  local data = bin.pack("<SS",
                        StructureSize,  -- 2 bytes
                        Reserved        -- 2 bytes
                        )
  local result, err
  result, err = smb_send(smb, header, data, overrides)
  if(result == false) then
    return false, err
  end 
  local status
  status, header, data = smb2_read(smb)
  local pos, header1, header2, header3, header4, h_StructureSize, CreditCharge, Status, Command, CreditR, h_Flags, NextCommand, MessageId, Reserved, Signature1, Signature2
  pos, header1, header2, header3, header4, h_StructureSize, CreditCharge, Status, Command, CreditR, h_Flags, NextCommand, MessageId, Reserved, smb["TreeId"], smb['SessionId'], Signature1, Signature2 = bin.unpack("<CCCCSSISSIILIILLL", header)
  if(Status ~= 0) then
    return false, get_status_name(Status)
  end
  smb['MessageId'] = -1
  return true
end

---
-- Implements SMB2_COM_CREATE.
---
function create_file(smb, path, overrides)
  overrides = overrides or {}
  local buffer = ""
  for i = 1, #path do 
    buffer = buffer .. bin.pack("<S", path:byte(i))
  end
  local header = smb_encode_header_sync(smb, command_codes['SMB2_COM_CREATE'], overrides)  
  local StructureSize = 57
  local SecurityFlags = 0x00
  local RequestedOplockLevel = smb2_OplockLevel['SMB2_OPLOCK_LEVEL_NONE']
  local ImpersonationLevel = smb2_ImpersonationLevel['Impersonation']
  local SmbCreateFlags = 0x0000000000000000
  local Reserved = 0x0000000000000000
  local DesiredAccess = bit.bor(directory_Access_Mask['GENERIC_WRITE'], directory_Access_Mask['GENERIC_READ'], 
                                directory_Access_Mask['FILE_READ_ATTRIBUTES'], directory_Access_Mask['FILE_WRITE_ATTRIBUTES'], 
                                directory_Access_Mask['READ_CONTROL'], directory_Access_Mask['FILE_READ_EA'], 
                                directory_Access_Mask['FILE_WRITE_EA'], file_share_access['FILE_SHARE_READ'], 
                                file_share_access['FILE_SHARE_WRITE'], file_share_access['FILE_SHARE_DELETE'])
  local FileAttributes = file_attributes['FILE_ATTRIBUTE_NORMAL']
  local ShareAccess = bit.bor(file_share_access['FILE_SHARE_READ'], file_share_access['FILE_SHARE_WRITE'])
  local CreateDisposition = create_disposition['FILE_OPEN']
  local CreateOptions = 0x00000000
  local NameOffset = 0x0078
  local NameLength = #buffer
  local CreateContextsOffset = 0x0000
  local CreateContextsLength = 0
  local data = bin.pack("<SCCILLIIIIISSII", 
                        StructureSize,      --StructureSize (2 bytes): The client MUST set this field to 57. 
                      SecurityFlags,        --SecurityFlags (1 byte): This field MUST NOT be used and MUST be reserved.
                      RequestedOplockLevel, --RequestedOplockLevel (1 byte): The requested oplock level. 
                      ImpersonationLevel,   --ImpersonationLevel (4 bytes): This field specifies the impersonation level.
                      SmbCreateFlags,       --SmbCreateFlags (8 bytes): This field MUST NOT be used and MUST be reserved.
                      Reserved,             --Reserved (8 bytes): This field MUST NOT be used and MUST be reserved.
                      DesiredAccess,        --DesiredAccess (4 bytes): The level of access that is required
                      FileAttributes,       --FileAttributes (4 bytes): File attributes.
                      ShareAccess,          --ShareAccess (4 bytes): Specifies the sharing mode for the open.
                      CreateDisposition,    --CreateDisposition (4 bytes): Defines the action the server MUST take if the
                                            -- file that is specified in the name field already exists.
                      CreateOptions,        --CreateOptions (4 bytes): Specifies the options to be applied when creating or opening the file.
                      NameOffset,           --NameOffset (2 bytes): The offset, in bytes, from the beginning of the SMB2 header to the 8-byte aligned file name.
                      NameLength,           --NameLength (2 bytes): The length of the file name, in bytes.
                      CreateContextsOffset, --CreateContextsOffset (4 bytes): The offset, in bytes, from the beginning of the SMB2 header to the first 8-byte
                                            -- aligned SMB2_CREATE_CONTEXT structure in the request.
                      CreateContextsLength  --CreateContextsLength (4 bytes): The length, in bytes, of the list of SMB2_CREATE_CONTEXT structures sent in this request.
                      )
  data = data .. bin.pack("<A", buffer)
  local result, err
  result, err = smb_send(smb, header, data, overrides)
  if(result == false) then
    return false, err
  end 
  local status
  status, header, data = smb2_read(smb)
  local pos, header1, header2, header3, header4, h_StructureSize, CreditCharge, Status, Command, CreditR, h_Flags, NextCommand, MessageId, Reserved, Signature1, Signature2
  pos, header1, header2, header3, header4, h_StructureSize, CreditCharge, Status, Command, CreditR, h_Flags, NextCommand, MessageId, Reserved, smb["TreeId"], smb['SessionId'], Signature1, Signature2 = bin.unpack("<CCCCSSISSIILIILLL", header)
  if(Status ~= 0) then
    return false, get_status_name(Status)
  end
  pos, _, smb['OplockLevel'], _, smb['CreateAction'], smb['CreationTime'], smb['LastAccessTime'],
   smb['LastWriteTime'], smb['ChangeTime'], smb['AllocationSize'], smb['EndofFile'], 
   smb['FileAttributes'], _, smb['FileId1'], smb['FileId2'] = bin.unpack("<SCCILLLLLLIILL", data)
  stdnse.debug(1, "FILE ID:%x %x", smb['FileId1'], smb['FileId2'])
end
---Determine whether or not a host will accept any share name (I've seen this on certain systems; it's
-- bad, because it means we cannot tell whether or not a share exists).
--
--@param host     The host object
--@param use_anonymous [optional] If set to 'true', test is done by the anonymous user rather than the current user.
--@return (status, result) If status is false, result is an error message. Otherwise, result is a boolean value:
--        true if the file was successfully written, false if it was not.
function share_host_returns_proper_error(host, use_anonymous)
  stdnse.debug(3, "SMB2: Testing proper error for non existing shares...")
  local status, smbstate, err
  local share = "nmap-share-test"
  local overrides

  if ( use_anonymous ) then
    overrides = get_overrides_anonymous()
  end

  -- Begin the SMB session
  status, smbstate = start(host)
  if(status == false) then
    return false, smbstate
  end

  -- Negotiate the protocol
  status, err = negotiate_protocol(smbstate, overrides)
  if(status == false) then
    stop(smbstate)
    return false, err
  end

  -- Start up a null session
  status, err = start_session(smbstate, overrides)
  if(status == false) then
    stop(smbstate)
    return false, err
  end

  -- Connect to the share
  stdnse.debug1("SMB: Trying a random share to see if server responds properly: %s", share)
  status, err = tree_connect(smbstate, share, overrides)

  if(status == false) then
    -- If the error is NT_STATUS_ACCESS_DENIED (0xc0000022), that's bad -- we don't want non-existent shares
    -- showing up as 'access denied'. Any other error is ok.
    if(err == 0xc0000022 or err == 'NT_STATUS_ACCESS_DENIED') then
      stdnse.debug1("SMB2: Server doesn't return proper value for non-existent shares (returns ACCESS_DENIED)")
      stop(smbstate)
      return true, false
    end
  else
    -- If we were actually able to connect to this share, then there's probably a serious issue
    stdnse.debug1("SMB2: Server doesn't return proper value for non-existent shares (accepts the connection)")
    stop(smbstate)
    return true, false
  end

  stop(smbstate)
  return true, true
end
---
-- Implements SMB2_COM_WRITE
---
function write_file(smb, write_data, offset, overrides)
  overrides = overrides or {}

  local header, parameters, data
  local pos
  local header1, header2, header3, header4, command, status, flags, flags2, pid_high, signature, unused, pid, mid
  local response = {}

  local structure_size = 49
  local data_offset = 0x70
  local length = #write_data
  local offset = offset
  local file_id = smb['FileId1'] .. smb['FileId2']
  local channel = 0
  local remaining_bytes = #write_data
  local write_channel_offset = 0
  local write_channel_length = 0
  local flags = 0
  header = smb_encode_header_sync(smb, command_codes['SMB2_COM_WRITE'], overrides)
  parameters = bin.pack("<SSILLLIISSI",
    structure_size,   --StructureSize. Must be set to 49.
    data_offset, --DataOffset (2 bytes): The offset, in bytes, 
                  --from the beginning of the SMB2 header to the data being written.
    length, --Length (4 bytes): The length of the data being written, in bytes. 
            --The length of the data being written may be zero bytes.
    offset, --Offset (8 bytes): The offset, in bytes, of where to write the data in the destination file.
            --If the write is being executed on a pipe, 
            --the Offset MUST be set to 0 by the client and MUST be ignored by the server.
    smb['FileId1'], --FileId (16 bytes): An SMB2_FILEID. The identifier of the file or pipe on which to perform the write.
    smb['FileId2'], 
    channel, --Channel (4 bytes): For the SMB 2.0.2 and 2.1 dialects, this field MUST NOT be used and MUST be reserved. 
              --The client MUST set this field to 0, and the server MUST ignore it on receipt.
    remaining_bytes, --RemainingBytes (4 bytes): The number of subsequent bytes the client intends to write to the file 
                      --after this operation completes. This value is provided to facilitate write caching and 
                      --is not binding on the server.
    write_channel_offset, --WriteChannelInfoOffset (2 bytes): For the SMB 2.0.2 and 2.1 dialects, 
                          --this field MUST NOT be used and MUST be reserved. 
                          --The client MUST set this field to 0, and the server MUST ignore it on receipt.
    write_channel_length, --WriteChannelInfoLength (2 bytes): For the SMB 2.0.2 and SMB 2.1 dialects, 
                          --this field MUST NOT be used and MUST be reserved. 
                          --The client MUST set this field to 0, and the server MUST ignore it on receipt.
    flags --Flags (4 bytes): A Flags field indicates how to process the operation.
    )

  data = parameters .. bin.pack("<A", write_data)  --Buffer (variable): A variable-length buffer that contains the data to write 
                                  --and the write channel information, as described by 
                                  --DataOffset, Length, WriteChannelInfoOffset, and WriteChannelInfoLength.


  -- Send the create file
  stdnse.debug2("SMB2: Sending SMB2_COM_WRITE")
  local result, err = smb_send(smb, header, data, overrides)
  if(result == false) then
    return false, err
  end


  -- Read the result
  status, header, data = smb2_read(smb)
  stdnse.debug(1, "Status:%s Header:%s Data:%s", status, header, data)
  if(status ~= true) then
    return false, header
  end
  -- Check if we were allowed in
  local size, reserved, count, remaining, write_channel_offset_response, write_channel_offset_length = bin.unpack("<SSIISS", header)
  stdnse.debug(1, "Structure size:%d Reserved:%d Count:%d Remaining:%d Write Channel Offset Response:%d Write Channel Offset Length:%d", size, reserved, count, remaining, write_channel_offset_response, write_channel_offset_length)
  if(size == nil or count == nil) then
    return false, "SMB2: ERROR: Server returned less data than it was supposed to (one or more fields are missing); aborting [27]"
  end

  return true, data
end
---
-- Implements SMB2_COM_READ
---
function read_file(smb, offset, count, overrides)
  overrides = overrides or {}

  local header, parameters, data
  local pos
  local header1, header2, header3, header4, command, status, flags, flags2, pid_high, signature, unused, pid, mid
  local response = {}

  local structure_size = 49
  local padding = 0
  local flags = 0x0
  local length = count
  local offset = offset
  local file_id = smb['FileId1'] .. smb['FileId2']
  local minimum_count = count
  local channel = 0
  local remaining_bytes = 0 
  local read_channel_info_offset = 0
  local read_channel_info_length = 0
  header = smb_encode_header_sync(smb, command_codes['SMB2_COM_READ'], overrides)
  parameters = bin.pack("<SCCILLLIIISS",
    structure_size,   --StructureSize (2 bytes): Must be set to 49.
    padding,--Padding (1 byte): The requested offset from the start of the SMB2 header, 
            --in bytes, at which to place the data read in the SMB2 READ Response
    flags,  --Flags (1 byte): For the SMB 2.0.2, 2.1 and 3.0 dialects, this field MUST NOT be used and MUST be reserved.
            --The client MUST set this field to 0, and the server MUST ignore it on receipt.
    length, --Length (4 bytes): The length, in bytes, of the data to read from the specified file or pipe.
    offset, --Offset (8 bytes): The offset, in bytes, into the file from which the data MUST be read.
    smb['FileId1'], --FileId (16 bytes): An SMB2_FILEID, The identifier of the file or pipe on which to perform the read. 
    smb['FileId2'], 
    minimum_count, --MinimumCount (4 bytes): The minimum number of bytes to be read for this operation to be successful.
    channel,--Channel (4 bytes): For SMB 2.0.2 and 2.1 dialects, this field MUST NOT be used and MUST be reserved.
            --The client MUST set this field to 0, and the server MUST ignore it on receipt.
    remaining_bytes,--RemainingBytes (4 bytes): The number of subsequent bytes that the client intends to read from the 
                    --file after this operation completes.
    read_channel_info_offset,--ReadChannelInfoOffset (2 bytes): For the SMB 2.0.2 and 2.1 dialects, this field MUST NOT be used and MUST be reserved. 
                             --The client MUST set this field to 0, and the server MUST ignore it on receipt.
    read_channel_info_length --ReadChannelInfoLength (2 bytes): For the SMB 2.0.2 and 2.1 dialects, this field MUST NOT be used and MUST be reserved. 
                             --The client MUST set this field to 0, and the server MUST ignore it on receipt.
    )

  data = parameters

  -- Send the create file
  stdnse.debug2("SMB2: Sending SMB2_COM_READ")
  local result, err = smb_send(smb, header, data, overrides)
  if(result == false) then
    return false, err
  end


  -- Read the result
  status, header, data = smb2_read(smb)
  stdnse.debug(1, "Status:%s Header:%s Data:%s", status, header, data)
  if(status ~= true) then
    return false, header
  end
  -- Check if we were allowed in
  local size, data_offset, reserved, data_length, data_remaining, reserved2, buffer = bin.unpack("<SCCIIIB", header)
  stdnse.debug(1, "Structure size:%d Data offset:%d Reserved:%d Data Length:%d Data Remaining:%d Reserved2:%d Buffer:%s", size, data_offset, reserved, data_length, data_remaining, reserved2,buffer)
  if(size == nil or count == nil) then
    return false, "SMB2: ERROR: Server returned less data than it was supposed to (one or more fields are missing); aborting [27]"
  end

  return true, data
end

---
-- Implements IOCTL Requests (SMB2_COM_IOCTL)
---
function ioctl_request(smb, data_buffer, fsctl_name, overrides)
  local structure_size = 57
  local reserved = 0
  local ctl_code = fsctl_codes[fsctl_name]
  local input_offset = 78
  local input_count = #data
  local max_input_response = 0x99999999
  local output_offset = 0
  local output_count = 0
  local max_output_response = 0x999999
  local flags = 0
  local buffer 
  header = smb_encode_header_sync(smb, command_codes['SMB2_COM_IOCTL'], overrides)
  parameters = bin.pack("<SSILLIIIIIIII",
    structure_size,     --StructureSize (2 bytes): Must be set to 57.
    reserved,           --Reserved (2 bytes): This field MUST NOT be used and MUST be reserved. 
    ctl_code,           --CtlCode (4 bytes): The control code of the FSCTL/IOCTL method.
    smb['FileId1'],     --FileId (16 bytes): An SMB2_FILEID, The identifier of the file or pipe on which to perform the read. 
    smb['FileId2'],
    input_offset,       --InputOffset (4 bytes): The offset, in bytes, from the beginning of the SMB2 header to the input data buffer.
    input_count,        --InputCount (4 bytes): The size, in bytes, of the input data.
    max_input_response, --MaxInputResponse (4 bytes): The maximum number of bytes that the server can return for the input data.
    output_offset,      --OutputOffset (4 bytes): The client SHOULD set this to 0.
    output_count,       --OutputCount (4 bytes): The client MUST set this to 0.
    max_output_response,--MaxOutputResponse (4 bytes): The maximum number of bytes that the server can return for the output data.
    flags,              --Flags (4 bytes): A Flags field indicating how to process the operation.
    reserved           --Reserved2 (4 bytes): This field MUST NOT be used and MUST be reserved.
    )
  data = parameters .. bin.pack("<A", data_buffer)

  -- Send the IOCTL Request
  stdnse.debug2("SMB2: Sending SMB2_COM_IOCTL")
  local result, err = smb_send(smb, header, data, overrides)
  if(result == false) then
    return false, err
  end

  -- Read the result
  status, header, data = smb2_read(smb)
  stdnse.debug(1, "Status:%s Header:%s Data:%s", status, header, data)
  if(status ~= true) then
    return false, header
  end
  local size, reserved, ctl_code_response, smb['FileId1'], smb['FileId2'], input_offset, output_offset, output_count, flags, _, buffer = bin.unpack("<SSILLIIIIIIA", header) 
    
end

---
-- Implements SMB2_COM_LOCK requests as described in https://msdn.microsoft.com/en-us/library/cc246497.aspx.
--
--@param smb  The SMB2 object associated with the connection
--@param locks SMB2_LOCK_ELEMENT structures that define the ranges to be locked or unlocked
--@param overrides [optional] A base table of overrides. The appropriate fields will be added.
---
function lock_request(smb, locks, overrides)
  local result, err, status, header, data
  local structure_size = 48
  local lock_count = #locks
  local lock_sqn = 0
  overrides = overrides or {}
  header = smb_encode_header_sync(smb, command_codes['SMB2_COM_LOCK'], overrides)
  parameters = bin.pack("<S2HLLH",
    structure_size, --StructureSize (2 bytes): The client MUST set this to 48.
    lock_count,     --LockCount (2 bytes): MUST be set to the number of SMB2_LOCK_ELEMENT structures that are contained in the Locks[] array.
    lock_sqn,       --LockSequenceIndex (28 bits): In the SMB 2.0.2 dialect, this field is unused and MUST be 0.
                    -- In all other dialects, a 28-bit integer value that MUST contain a value from 0 to 64, where 0 is reserved.
    smb['FileId1'], --FileId (16 bytes): An SMB2_FILEID that identifies the file on which to perform the byte range locks or unlocks.
    smb['FileId2'],
    locks           --Locks (variable): An array of LockCount (SMB2_LOCK_ELEMENT) structures that define the ranges to be locked or unlocked.
  )
  --Send SMB2_COM_LOCK request
  stdnse.debug2("SMB2: Sending SMB2_COM_LOCK request")
  result, err = smb_send(smb, header, data, overrides)
  if(result == false) then
    return false, err
  end
  --Read SMB2_COM_LOCK response
  stdnse.debug2("SMB2: Reading SMB2_COM_LOCK response")
  status, header, data = smb2_read(smb)
  if(status ~= true) then
    return false, header
  end
  local size, reserved = bin.unpack("<S2", header)
  if(size ~= 4) then
    return false, "Structure size in SMB2_COM_LOCK response must be 4."
  end

  return true, data
end

---Check whether or not a share is accessible by the current user. Assumes that <code>share_host_returns_proper_error</code>
-- has been called and returns <code>true</code>.
--
--@param host     The host object
--@param share    The share to test
--@return (status, result) If status is false, result is an error message. Otherwise, result is a boolean value:
--        true if anonymous access is permitted, false otherwise.
function share_user_can_read(host, share)
  local status, smbstate, err
  local overrides = {}

  -- Begin the SMB session
  status, smbstate = start(host)
  if(status == false) then
    return false, smbstate
  end

  -- Negotiate the protocol
  status, err = negotiate_protocol(smbstate, overrides)
  if(status == false) then
    stop(smbstate)
    return false, err
  end

  -- Start up a null session
  status, err = start_session(smbstate, overrides)
  if(status == false) then
    stop(smbstate)
    return false, err
  end

  -- Attempt a connection to the share
  status, err = tree_connect(smbstate, share, overrides)
  if(status == false) then

    -- Stop the session
    stop(smbstate)

    -- ACCESS_DENIED is the expected error: it tells us that the connection failed
    if(err == 0xc0000022 or err == 'NT_STATUS_ACCESS_DENIED') then
      return true, false
    else
      return false, err
    end
  end

  stop(smbstate)
  return true, true
end


---Get all the details we can about the share. These details are stored in a table and returned.
--
--@param host   The host object.
--@param share An array of shares to check.
--@return (status, result) If status is false, result is an error message. Otherwise, result is a boolean value:
--        true if the file was successfully written, false if it was not.
function share_get_details(host, share)
  local msrpc2 = require "msrpc2" -- avoid require cycle
  local smbstate, status, result
  local i
  local details = {}

  -- Save the name
  details['name'] = share

  -- Check if the current user can read the share
  stdnse.debug1("SMB2: Checking if share %s can be read by the current user", share)
  status, result = share_user_can_read(host, share)
  if(status == false) then
    return false, result
  end
  details['user_can_read'] = result

  -- Check if the anonymous reader can read the share
  stdnse.debug1("SMB2: Checking if share %s can be read by the anonymous user", share)
  status, result = share_anonymous_can_read(host, share)
  if(status == true) then
    details['anonymous_can_read'] = result
  end

  -- Check if the current user can write to the share
  stdnse.debug1("SMB2: Checking if share %s can be written by the current user", share)
  status, result = share_user_can_write(host, share)
  if(status == false) then
    if(result == "NT_STATUS_OBJECT_NAME_NOT_FOUND") then
      details['user_can_write'] = "NT_STATUS_OBJECT_NAME_NOT_FOUND"
    else
      return false, result
    end
  end
  details['user_can_write'] = result

  -- Check if the anonymous user can write to the share
  stdnse.debug1("SMB: Checking if share %s can be written by the anonymous user", share)
  status, result = share_anonymous_can_write(host, share)
  status, result = share_anonymous_can_write(host, share)
  if(status == false and result == "NT_STATUS_OBJECT_NAME_NOT_FOUND") then
    details['anonymous_can_write'] = "NT_STATUS_OBJECT_NAME_NOT_FOUND"
  elseif( status == true ) then
    details['anonymous_can_write'] = result
  end

  -- Try and get full details about the share
  status, result = msrpc2.get_share_info(host, share)
  if(status == false) then
    -- We don't stop for this error (it's pretty common since administrative privileges are required here)
    stdnse.debug1("SMB: Failed to get share info for %s: %s", share, result)
    details['details'] = result
  else
    -- Process the result a bit
    result = result['info']
    if(result['max_users'] == 0xFFFFFFFF) then
      result['max_users'] = "<unlimited>"
    end
    details['details'] = result
  end

  return true, details
end


function share_get_list(host)
  local msrpc2 = require "msrpc2" -- avoid require cycle
  local status, result
  local enum_status
  local extra = ""
  local shares = {}
  local share_details = {}

  -- Try and do this the good way, make a MSRPC call to get the shares
  stdnse.debug1("SMB2: Attempting to log into the system to enumerate shares")
  enum_status, shares = msrpc2.enum_shares(host)
  print(enum_status, shares)
  -- If that failed, try doing it with brute force. This almost certainly won't find everything, but it's the
  -- best we can do.
  if(enum_status == false) then
    stdnse.debug1("SMB2: Enumerating shares failed, guessing at common ones (%s)", shares)
    extra = string.format("ERROR: Enumerating shares failed, guessing at common ones (%s)", shares)

    -- Take some common share names I've seen (thanks to Brandon Enright for most of these, except the last few)
    shares = {"ADMIN", "BACKUP", "DATA", "DESKTOP", "DOCS", "FILES", "GROUPS", "HD", "HOME", "INFO", "IPC", "MEDIA", "MY DOCUMENTS", "NETLOGON", "PICTURES", "PORN", "PR0N", "PRINT", "PROGRAMS", "PRON", "PUBLIC", "SHARE", "SHARED", "SOFTWARE", "STMP", "TEMP", "TEST", "TMP", "USERS", "WEB DOCUMENTS","WEBSERVER", "WWW", "XSERVE" }

    -- Try every alphabetic share
    for i = string.byte("A", 1), string.byte("Z", 1), 1 do
      shares[#shares + 1] = string.char(i)
    end
    -- For each share, add one with the same name and a trailing '$'
    local sharesLength = #shares
    for shareItr = 1, sharesLength, 1 do
      shares[ sharesLength + shareItr ] = shares[ shareItr ] .. '$'
    end
  else
    stdnse.debug1("SMB: Found %d shares, will attempt to find more information", #shares)
  end

  -- Sort the shares
  table.sort(shares)

  -- Ensure that the server returns the proper error message
  -- first try anonymously, then using a user account (in case anonymous connections are not supported)
  for _, anon in ipairs({true, false}) do
    status, result = share_host_returns_proper_error(host)

    if(status == true and result == false) then
      return false, "Server doesn't return proper value for non-existent shares; can't enumerate shares"
    end
  end

  if(status == false) then
    return false, result
  end
  -- Get more information on each share
  for i = 1, #shares, 1 do
    local status, result
    stdnse.debug(3,"SMB2: Getting information for share: %s", shares[i])
    status, result = share_get_details(host, shares[i])
    if(status == false and result == 'NT_STATUS_BAD_NETWORK_NAME') then
      stdnse.debug1("SMB2: Share doesn't exist: %s", shares[i])
    elseif(status == false) then
      stdnse.debug1("SMB2: Error while getting share details: %s", result)
      return false, result
    else
      -- Save the share details
      table.insert(share_details, result)
    end
  end

  return true, share_details, extra
end


function close_file(smb, overrides)
  overrides = overrides or {}
  local header = smb_encode_header_sync(smb, command_codes['SMB2_COM_CLOSE'], overrides)   
  local StructureSize = 24
  local Flags = 0x0000
  local Reserved = 0
  local response = {}
  local data = bin.pack("<SSILL",
                        StructureSize,    --2 bytes
                        Flags,            --2 bytes
                        Reserved,         --4 bytes
                        smb['FileId1'],   --8 bytes
                        smb['FileId2'])   --8 bytes
  local result, err
  result, err = smb_send(smb, header, data, overrides)
  if(result == false) then
    return false, err
  end  
  local status
  status, header, data = smb2_read(smb)
  local pos, header1, header2, header3, header4, h_StructureSize, CreditCharge, Status, Command, CreditR, h_Flags, NextCommand, MessageId, Reserved, Signature1, Signature2
  pos, header1, header2, header3, header4, h_StructureSize, CreditCharge, Status, Command, CreditR, h_Flags, NextCommand, MessageId, Reserved, smb["TreeId"], smb['SessionId'], Signature1, Signature2 = bin.unpack("<CCCCSSISSIILIILLL", header)
  if(Status ~= 0) then
    return false, get_status_name(Status)
  end
  return true, response
end

function flush_file(smb, overrides)
  overrides = overrides or {}
  local header = smb_encode_header_sync(smb, command_codes['SMB2_COM_FLUSH'], overrides)   
  local StructureSize = 24
  local Reserved1 = 0
  local Reserved2 = 0
  local data = bin.pack("<SSILL",
                        StructureSize,    --2 bytes
                        Reserved1,         --2 bytes
                        Reserved2,         --4 bytes
                        smb['FileId1'],   --8 bytes
                        smb['FileId2'])   --8 bytes
  local result, err
  result, err = smb_send(smb, header, data, overrides)
  if(result == false) then
    return false, err
  end   
  local status
  status, header, data = smb2_read(smb)
  local pos, header1, header2, header3, header4, h_StructureSize, CreditCharge, Status, Command, CreditR, h_Flags, NextCommand, MessageId, Reserved, Signature1, Signature2
  pos, header1, header2, header3, header4, h_StructureSize, CreditCharge, Status, Command, CreditR, h_Flags, NextCommand, MessageId, Reserved, smb["TreeId"], smb['SessionId'], Signature1, Signature2 = bin.unpack("<CCCCSSISSIILIILLL", header)
  if(Status ~= 0) then
    stdnse.debug1("Flush: %s", get_status_name(Status))
    return false, get_status_name(Status)
  end
  return true, data
end

smb2_ImpersonationLevel = 
{
  Anonymous       = 0x00000000,
  Identification  = 0x00000001,
  Impersonation   = 0x00000002,
  Delegate        = 0x00000003
}
smb2_OplockLevel = 
{
  SMB2_OPLOCK_LEVEL_NONE      = 0x00,   -- No oplock is requested.
  SMB2_OPLOCK_LEVEL_II        = 0x01,   -- A level II oplock is requested.
  SMB2_OPLOCK_LEVEL_EXCLUSIVE = 0x08,   -- An exclusive oplock is requested.
  SMB2_OPLOCK_LEVEL_BATCH     = 0x09,   -- A batch oplock is requested.
  SMB2_OPLOCK_LEVEL_LEASE     = 0xff    -- A lease is requested. If set, 
            -- the request packet MUST contain an SMB2_CREATE_REQUEST_LEASE 
            -- (section 2.2.13.2.8) create context. 
            -- This value is not valid for the SMB 2.002 dialect.
}
smb2_flags = 
{
  SMB2_FLAGS_SERVER_TO_REDIR    = 0x00000001,
  SMB2_FLAGS_ASYNC_COMMAND      = 0x00000002,
  SMB2_FLAGS_RELATED_OPERATIONS = 0x00000004,
  SMB2_FLAGS_SIGNED             = 0x00000008,
  SMB2_FLAGS_DFS_OPERATIONS     = 0x10000000,
  SMB2_FLAGS_REPLAY_OPERATION   = 0x20000000,
  -- SMB2 FLAG MASKS 
  SMB2_FLAGS_ATTR_ENCRYPTED    = 0x00004000,
  SMB2_FLAGS_ATTR_INDEXED      = 0x00002000,
  SMB2_FLAGS_ATTR_OFFLINE      = 0x00001000,
  SMB2_FLAGS_ATTR_COMPRESSED   = 0x00000800,
  SMB2_FLAGS_ATTR_REPARSEPOINT = 0x00000400,
  SMB2_FLAGS_ATTR_SPARSE       = 0x00000200,
  SMB2_FLAGS_ATTR_TEMPORARY    = 0x00000100,
  SMB2_FLAGS_PRIORITY_MASK     = 0x00000070,
  SMB2_FLAGS_ATTR_NORMAL       = 0x00000080,
  SMB2_FLAGS_ATTR_DEVICE       = 0x00000040,
  SMB2_FLAGS_ATTR_ARCHIVE      = 0x00000020,
  SMB2_FLAGS_ATTR_DIRECTORY    = 0x00000010
}

command_codes =
{
  SMB2_COM_NEGOTIATE              = 0x0000,
  SMB2_COM_SESSION_SETUP          = 0x0001,
  SMB2_COM_LOGOFF                 = 0x0002,
  SMB2_COM_TREE_CONNECT           = 0x0003,
  SMB2_COM_TREE_DISCONNECT        = 0x0004,
  SMB2_COM_CREATE                 = 0x0005,
  SMB2_COM_CLOSE                  = 0x0006,
  SMB2_COM_FLUSH                  = 0x0007,
  SMB2_COM_READ                   = 0x0008,
  SMB2_COM_WRITE                  = 0x0009,
  SMB2_COM_LOCK                   = 0x000A,
  SMB2_COM_IOCTL                  = 0x000B,
  SMB2_COM_CANCEL                 = 0x000C,
  SMB2_COM_ECHO                   = 0x000D,
  SMB2_COM_QUERY_DIRECTORY        = 0x000E,
  SMB2_COM_CHANGE_NOTIFY          = 0x000F,
  SMB2_COM_QUERY_INFO             = 0x0010,
  SMB2_COM_SET_INFO               = 0x0011,
  SMB2_COM_OPLOCK_BREAK           = 0x0012
}

for i, v in pairs(command_codes) do
  command_names[v] = i
end


-- see http://msdn.microsoft.com/en-us/library/cc231196(v=prot.10).aspx
status_codes =
{
  NT_STATUS_SUCCESS                           = 0x00000000,
  NT_STATUS_WERR_BADFILE                      = 0x00000002,
  NT_STATUS_WERR_ACCESS_DENIED                = 0x00000005,
  NT_STATUS_WERR_INVALID_PARAMETER            = 0x00000057,
  NT_STATUS_WERR_INVALID_NAME                 = 0x0000007b,
  NT_STATUS_WERR_UNKNOWN_LEVEL                = 0x0000007c,
  NT_STATUS_WERR_MORE_DATA                    = 0x000000ea,
  NT_STATUS_NO_MORE_ITEMS                     = 0x00000103,
  NT_STATUS_MORE_ENTRIES                      = 0x00000105,
  NT_STATUS_SOME_NOT_MAPPED                   = 0x00000107,
  NT_STATUS_SERVICE_REQUEST_TIMEOUT           = 0x0000041D,
  NT_STATUS_SERVICE_NO_THREAD                 = 0x0000041E,
  NT_STATUS_SERVICE_DATABASE_LOCKED           = 0x0000041F,
  NT_STATUS_SERVICE_ALREADY_RUNNING           = 0x00000420,
  NT_STATUS_INVALID_SERVICE_ACCOUNT           = 0x00000421,
  NT_STATUS_SERVICE_DISABLED                  = 0x00000422,
  NT_STATUS_CIRCULAR_DEPENDENCY               = 0x00000423,
  NT_STATUS_SERVICE_DOES_NOT_EXIST            = 0x00000424,
  NT_STATUS_SERVICE_CANNOT_ACCEPT_CTRL        = 0x00000425,
  NT_STATUS_SERVICE_NOT_ACTIVE                = 0x00000426,
  NT_STATUS_FAILED_SERVICE_CONTROLLER_CONNECT = 0x00000427,
  NT_STATUS_EXCEPTION_IN_SERVICE              = 0x00000428,
  NT_STATUS_DATABASE_DOES_NOT_EXIST           = 0x00000429,
  NT_STATUS_SERVICE_SPECIFIC_ERROR            = 0x0000042a,
  NT_STATUS_PROCESS_ABORTED                   = 0x0000042b,
  NT_STATUS_SERVICE_DEPENDENCY_FAIL           = 0x0000042c,
  NT_STATUS_SERVICE_LOGON_FAILED              = 0x0000042d,
  NT_STATUS_SERVICE_START_HANG                = 0x0000042e,
  NT_STATUS_INVALID_SERVICE_LOCK              = 0x0000042f,
  NT_STATUS_SERVICE_MARKED_FOR_DELETE         = 0x00000430,
  NT_STATUS_SERVICE_EXISTS                    = 0x00000431,
  NT_STATUS_ALREADY_RUNNING_LKG               = 0x00000432,
  NT_STATUS_SERVICE_DEPENDENCY_DELETED        = 0x00000433,
  NT_STATUS_BOOT_ALREADY_ACCEPTED             = 0x00000434,
  NT_STATUS_SERVICE_NEVER_STARTED             = 0x00000435,
  NT_STATUS_DUPLICATE_SERVICE_NAME            = 0x00000436,
  NT_STATUS_DIFFERENT_SERVICE_ACCOUNT         = 0x00000437,
  NT_STATUS_CANNOT_DETECT_DRIVER_FAILURE      = 0x00000438,
  DOS_STATUS_UNKNOWN_ERROR                    = 0x00010001,
  DOS_STATUS_NONSPECIFIC_ERROR                = 0x00010002,
  DOS_STATUS_DIRECTORY_NOT_FOUND              = 0x00030001,
  DOS_STATUS_ACCESS_DENIED                    = 0x00050001,
  DOS_STATUS_INVALID_FID                      = 0x00060001,
  DOS_STATUS_INVALID_NETWORK_NAME             = 0x00060002,
  NT_STATUS_BUFFER_OVERFLOW                   = 0x80000005,
  NT_STATUS_UNSUCCESSFUL                      = 0xc0000001,
  NT_STATUS_NOT_IMPLEMENTED                   = 0xc0000002,
  NT_STATUS_INVALID_INFO_CLASS                = 0xc0000003,
  NT_STATUS_INFO_LENGTH_MISMATCH              = 0xc0000004,
  NT_STATUS_ACCESS_VIOLATION                  = 0xc0000005,
  NT_STATUS_IN_PAGE_ERROR                     = 0xc0000006,
  NT_STATUS_PAGEFILE_QUOTA                    = 0xc0000007,
  NT_STATUS_INVALID_HANDLE                    = 0xc0000008,
  NT_STATUS_BAD_INITIAL_STACK                 = 0xc0000009,
  NT_STATUS_BAD_INITIAL_PC                    = 0xc000000a,
  NT_STATUS_INVALID_CID                       = 0xc000000b,
  NT_STATUS_TIMER_NOT_CANCELED                = 0xc000000c,
  NT_STATUS_INVALID_PARAMETER                 = 0xc000000d,
  NT_STATUS_NO_SUCH_DEVICE                    = 0xc000000e,
  NT_STATUS_NO_SUCH_FILE                      = 0xc000000f,
  NT_STATUS_INVALID_DEVICE_REQUEST            = 0xc0000010,
  NT_STATUS_END_OF_FILE                       = 0xc0000011,
  NT_STATUS_WRONG_VOLUME                      = 0xc0000012,
  NT_STATUS_NO_MEDIA_IN_DEVICE                = 0xc0000013,
  NT_STATUS_UNRECOGNIZED_MEDIA                = 0xc0000014,
  NT_STATUS_NONEXISTENT_SECTOR                = 0xc0000015,
  NT_STATUS_MORE_PROCESSING_REQUIRED          = 0xc0000016,
  NT_STATUS_NO_MEMORY                         = 0xc0000017,
  NT_STATUS_CONFLICTING_ADDRESSES             = 0xc0000018,
  NT_STATUS_NOT_MAPPED_VIEW                   = 0xc0000019,
  NT_STATUS_UNABLE_TO_FREE_VM                 = 0xc000001a,
  NT_STATUS_UNABLE_TO_DELETE_SECTION          = 0xc000001b,
  NT_STATUS_INVALID_SYSTEM_SERVICE            = 0xc000001c,
  NT_STATUS_ILLEGAL_INSTRUCTION               = 0xc000001d,
  NT_STATUS_INVALID_LOCK_SEQUENCE             = 0xc000001e,
  NT_STATUS_INVALID_VIEW_SIZE                 = 0xc000001f,
  NT_STATUS_INVALID_FILE_FOR_SECTION          = 0xc0000020,
  NT_STATUS_ALREADY_COMMITTED                 = 0xc0000021,
  NT_STATUS_ACCESS_DENIED                     = 0xc0000022,
  NT_STATUS_BUFFER_TOO_SMALL                  = 0xc0000023,
  NT_STATUS_OBJECT_TYPE_MISMATCH              = 0xc0000024,
  NT_STATUS_NONCONTINUABLE_EXCEPTION          = 0xc0000025,
  NT_STATUS_INVALID_DISPOSITION               = 0xc0000026,
  NT_STATUS_UNWIND                            = 0xc0000027,
  NT_STATUS_BAD_STACK                         = 0xc0000028,
  NT_STATUS_INVALID_UNWIND_TARGET             = 0xc0000029,
  NT_STATUS_NOT_LOCKED                        = 0xc000002a,
  NT_STATUS_PARITY_ERROR                      = 0xc000002b,
  NT_STATUS_UNABLE_TO_DECOMMIT_VM             = 0xc000002c,
  NT_STATUS_NOT_COMMITTED                     = 0xc000002d,
  NT_STATUS_INVALID_PORT_ATTRIBUTES           = 0xc000002e,
  NT_STATUS_PORT_MESSAGE_TOO_LONG             = 0xc000002f,
  NT_STATUS_INVALID_PARAMETER_MIX             = 0xc0000030,
  NT_STATUS_INVALID_QUOTA_LOWER               = 0xc0000031,
  NT_STATUS_DISK_CORRUPT_ERROR                = 0xc0000032,
  NT_STATUS_OBJECT_NAME_INVALID               = 0xc0000033,
  NT_STATUS_OBJECT_NAME_NOT_FOUND             = 0xc0000034,
  NT_STATUS_OBJECT_NAME_COLLISION             = 0xc0000035,
  NT_STATUS_HANDLE_NOT_WAITABLE               = 0xc0000036,
  NT_STATUS_PORT_DISCONNECTED                 = 0xc0000037,
  NT_STATUS_DEVICE_ALREADY_ATTACHED           = 0xc0000038,
  NT_STATUS_OBJECT_PATH_INVALID               = 0xc0000039,
  NT_STATUS_OBJECT_PATH_NOT_FOUND             = 0xc000003a,
  NT_STATUS_OBJECT_PATH_SYNTAX_BAD            = 0xc000003b,
  NT_STATUS_DATA_OVERRUN                      = 0xc000003c,
  NT_STATUS_DATA_LATE_ERROR                   = 0xc000003d,
  NT_STATUS_DATA_ERROR                        = 0xc000003e,
  NT_STATUS_CRC_ERROR                         = 0xc000003f,
  NT_STATUS_SECTION_TOO_BIG                   = 0xc0000040,
  NT_STATUS_PORT_CONNECTION_REFUSED           = 0xc0000041,
  NT_STATUS_INVALID_PORT_HANDLE               = 0xc0000042,
  NT_STATUS_SHARING_VIOLATION                 = 0xc0000043,
  NT_STATUS_QUOTA_EXCEEDED                    = 0xc0000044,
  NT_STATUS_INVALID_PAGE_PROTECTION           = 0xc0000045,
  NT_STATUS_MUTANT_NOT_OWNED                  = 0xc0000046,
  NT_STATUS_SEMAPHORE_LIMIT_EXCEEDED          = 0xc0000047,
  NT_STATUS_PORT_ALREADY_SET                  = 0xc0000048,
  NT_STATUS_SECTION_NOT_IMAGE                 = 0xc0000049,
  NT_STATUS_SUSPEND_COUNT_EXCEEDED            = 0xc000004a,
  NT_STATUS_THREAD_IS_TERMINATING             = 0xc000004b,
  NT_STATUS_BAD_WORKING_SET_LIMIT             = 0xc000004c,
  NT_STATUS_INCOMPATIBLE_FILE_MAP             = 0xc000004d,
  NT_STATUS_SECTION_PROTECTION                = 0xc000004e,
  NT_STATUS_EAS_NOT_SUPPORTED                 = 0xc000004f,
  NT_STATUS_EA_TOO_LARGE                      = 0xc0000050,
  NT_STATUS_NONEXISTENT_EA_ENTRY              = 0xc0000051,
  NT_STATUS_NO_EAS_ON_FILE                    = 0xc0000052,
  NT_STATUS_EA_CORRUPT_ERROR                  = 0xc0000053,
  NT_STATUS_FILE_LOCK_CONFLICT                = 0xc0000054,
  NT_STATUS_LOCK_NOT_GRANTED                  = 0xc0000055,
  NT_STATUS_DELETE_PENDING                    = 0xc0000056,
  NT_STATUS_CTL_FILE_NOT_SUPPORTED            = 0xc0000057,
  NT_STATUS_UNKNOWN_REVISION                  = 0xc0000058,
  NT_STATUS_REVISION_MISMATCH                 = 0xc0000059,
  NT_STATUS_INVALID_OWNER                     = 0xc000005a,
  NT_STATUS_INVALID_PRIMARY_GROUP             = 0xc000005b,
  NT_STATUS_NO_IMPERSONATION_TOKEN            = 0xc000005c,
  NT_STATUS_CANT_DISABLE_MANDATORY            = 0xc000005d,
  NT_STATUS_NO_LOGON_SERVERS                  = 0xc000005e,
  NT_STATUS_NO_SUCH_LOGON_SESSION             = 0xc000005f,
  NT_STATUS_NO_SUCH_PRIVILEGE                 = 0xc0000060,
  NT_STATUS_PRIVILEGE_NOT_HELD                = 0xc0000061,
  NT_STATUS_INVALID_ACCOUNT_NAME              = 0xc0000062,
  NT_STATUS_USER_EXISTS                       = 0xc0000063,
  NT_STATUS_NO_SUCH_USER                      = 0xc0000064,
  NT_STATUS_GROUP_EXISTS                      = 0xc0000065,
  NT_STATUS_NO_SUCH_GROUP                     = 0xc0000066,
  NT_STATUS_MEMBER_IN_GROUP                   = 0xc0000067,
  NT_STATUS_MEMBER_NOT_IN_GROUP               = 0xc0000068,
  NT_STATUS_LAST_ADMIN                        = 0xc0000069,
  NT_STATUS_WRONG_PASSWORD                    = 0xc000006a,
  NT_STATUS_ILL_FORMED_PASSWORD               = 0xc000006b,
  NT_STATUS_PASSWORD_RESTRICTION              = 0xc000006c,
  NT_STATUS_LOGON_FAILURE                     = 0xc000006d,
  NT_STATUS_ACCOUNT_RESTRICTION               = 0xc000006e,
  NT_STATUS_INVALID_LOGON_HOURS               = 0xc000006f,
  NT_STATUS_INVALID_WORKSTATION               = 0xc0000070,
  NT_STATUS_PASSWORD_EXPIRED                  = 0xc0000071,
  NT_STATUS_ACCOUNT_DISABLED                  = 0xc0000072,
  NT_STATUS_NONE_MAPPED                       = 0xc0000073,
  NT_STATUS_TOO_MANY_LUIDS_REQUESTED          = 0xc0000074,
  NT_STATUS_LUIDS_EXHAUSTED                   = 0xc0000075,
  NT_STATUS_INVALID_SUB_AUTHORITY             = 0xc0000076,
  NT_STATUS_INVALID_ACL                       = 0xc0000077,
  NT_STATUS_INVALID_SID                       = 0xc0000078,
  NT_STATUS_INVALID_SECURITY_DESCR            = 0xc0000079,
  NT_STATUS_PROCEDURE_NOT_FOUND               = 0xc000007a,
  NT_STATUS_INVALID_IMAGE_FORMAT              = 0xc000007b,
  NT_STATUS_NO_TOKEN                          = 0xc000007c,
  NT_STATUS_BAD_INHERITANCE_ACL               = 0xc000007d,
  NT_STATUS_RANGE_NOT_LOCKED                  = 0xc000007e,
  NT_STATUS_DISK_FULL                         = 0xc000007f,
  NT_STATUS_SERVER_DISABLED                   = 0xc0000080,
  NT_STATUS_SERVER_NOT_DISABLED               = 0xc0000081,
  NT_STATUS_TOO_MANY_GUIDS_REQUESTED          = 0xc0000082,
  NT_STATUS_GUIDS_EXHAUSTED                   = 0xc0000083,
  NT_STATUS_INVALID_ID_AUTHORITY              = 0xc0000084,
  NT_STATUS_AGENTS_EXHAUSTED                  = 0xc0000085,
  NT_STATUS_INVALID_VOLUME_LABEL              = 0xc0000086,
  NT_STATUS_SECTION_NOT_EXTENDED              = 0xc0000087,
  NT_STATUS_NOT_MAPPED_DATA                   = 0xc0000088,
  NT_STATUS_RESOURCE_DATA_NOT_FOUND           = 0xc0000089,
  NT_STATUS_RESOURCE_TYPE_NOT_FOUND           = 0xc000008a,
  NT_STATUS_RESOURCE_NAME_NOT_FOUND           = 0xc000008b,
  NT_STATUS_ARRAY_BOUNDS_EXCEEDED             = 0xc000008c,
  NT_STATUS_FLOAT_DENORMAL_OPERAND            = 0xc000008d,
  NT_STATUS_FLOAT_DIVIDE_BY_ZERO              = 0xc000008e,
  NT_STATUS_FLOAT_INEXACT_RESULT              = 0xc000008f,
  NT_STATUS_FLOAT_INVALID_OPERATION           = 0xc0000090,
  NT_STATUS_FLOAT_OVERFLOW                    = 0xc0000091,
  NT_STATUS_FLOAT_STACK_CHECK                 = 0xc0000092,
  NT_STATUS_FLOAT_UNDERFLOW                   = 0xc0000093,
  NT_STATUS_INTEGER_DIVIDE_BY_ZERO            = 0xc0000094,
  NT_STATUS_INTEGER_OVERFLOW                  = 0xc0000095,
  NT_STATUS_PRIVILEGED_INSTRUCTION            = 0xc0000096,
  NT_STATUS_TOO_MANY_PAGING_FILES             = 0xc0000097,
  NT_STATUS_FILE_INVALID                      = 0xc0000098,
  NT_STATUS_ALLOTTED_SPACE_EXCEEDED           = 0xc0000099,
  NT_STATUS_INSUFFICIENT_RESOURCES            = 0xc000009a,
  NT_STATUS_DFS_EXIT_PATH_FOUND               = 0xc000009b,
  NT_STATUS_DEVICE_DATA_ERROR                 = 0xc000009c,
  NT_STATUS_DEVICE_NOT_CONNECTED              = 0xc000009d,
  NT_STATUS_DEVICE_POWER_FAILURE              = 0xc000009e,
  NT_STATUS_FREE_VM_NOT_AT_BASE               = 0xc000009f,
  NT_STATUS_MEMORY_NOT_ALLOCATED              = 0xc00000a0,
  NT_STATUS_WORKING_SET_QUOTA                 = 0xc00000a1,
  NT_STATUS_MEDIA_WRITE_PROTECTED             = 0xc00000a2,
  NT_STATUS_DEVICE_NOT_READY                  = 0xc00000a3,
  NT_STATUS_INVALID_GROUP_ATTRIBUTES          = 0xc00000a4,
  NT_STATUS_BAD_IMPERSONATION_LEVEL           = 0xc00000a5,
  NT_STATUS_CANT_OPEN_ANONYMOUS               = 0xc00000a6,
  NT_STATUS_BAD_VALIDATION_CLASS              = 0xc00000a7,
  NT_STATUS_BAD_TOKEN_TYPE                    = 0xc00000a8,
  NT_STATUS_BAD_MASTER_BOOT_RECORD            = 0xc00000a9,
  NT_STATUS_INSTRUCTION_MISALIGNMENT          = 0xc00000aa,
  NT_STATUS_INSTANCE_NOT_AVAILABLE            = 0xc00000ab,
  NT_STATUS_PIPE_NOT_AVAILABLE                = 0xc00000ac,
  NT_STATUS_INVALID_PIPE_STATE                = 0xc00000ad,
  NT_STATUS_PIPE_BUSY                         = 0xc00000ae,
  NT_STATUS_ILLEGAL_FUNCTION                  = 0xc00000af,
  NT_STATUS_PIPE_DISCONNECTED                 = 0xc00000b0,
  NT_STATUS_PIPE_CLOSING                      = 0xc00000b1,
  NT_STATUS_PIPE_CONNECTED                    = 0xc00000b2,
  NT_STATUS_PIPE_LISTENING                    = 0xc00000b3,
  NT_STATUS_INVALID_READ_MODE                 = 0xc00000b4,
  NT_STATUS_IO_TIMEOUT                        = 0xc00000b5,
  NT_STATUS_FILE_FORCED_CLOSED                = 0xc00000b6,
  NT_STATUS_PROFILING_NOT_STARTED             = 0xc00000b7,
  NT_STATUS_PROFILING_NOT_STOPPED             = 0xc00000b8,
  NT_STATUS_COULD_NOT_INTERPRET               = 0xc00000b9,
  NT_STATUS_FILE_IS_A_DIRECTORY               = 0xc00000ba,
  NT_STATUS_NOT_SUPPORTED                     = 0xc00000bb,
  NT_STATUS_REMOTE_NOT_LISTENING              = 0xc00000bc,
  NT_STATUS_DUPLICATE_NAME                    = 0xc00000bd,
  NT_STATUS_BAD_NETWORK_PATH                  = 0xc00000be,
  NT_STATUS_NETWORK_BUSY                      = 0xc00000bf,
  NT_STATUS_DEVICE_DOES_NOT_EXIST             = 0xc00000c0,
  NT_STATUS_TOO_MANY_COMMANDS                 = 0xc00000c1,
  NT_STATUS_ADAPTER_HARDWARE_ERROR            = 0xc00000c2,
  NT_STATUS_INVALID_NETWORK_RESPONSE          = 0xc00000c3,
  NT_STATUS_UNEXPECTED_NETWORK_ERROR          = 0xc00000c4,
  NT_STATUS_BAD_REMOTE_ADAPTER                = 0xc00000c5,
  NT_STATUS_PRINT_QUEUE_FULL                  = 0xc00000c6,
  NT_STATUS_NO_SPOOL_SPACE                    = 0xc00000c7,
  NT_STATUS_PRINT_CANCELLED                   = 0xc00000c8,
  NT_STATUS_NETWORK_NAME_DELETED              = 0xc00000c9,
  NT_STATUS_NETWORK_ACCESS_DENIED             = 0xc00000ca,
  NT_STATUS_BAD_DEVICE_TYPE                   = 0xc00000cb,
  NT_STATUS_BAD_NETWORK_NAME                  = 0xc00000cc,
  NT_STATUS_TOO_MANY_NAMES                    = 0xc00000cd,
  NT_STATUS_TOO_MANY_SESSIONS                 = 0xc00000ce,
  NT_STATUS_SHARING_PAUSED                    = 0xc00000cf,
  NT_STATUS_REQUEST_NOT_ACCEPTED              = 0xc00000d0,
  NT_STATUS_REDIRECTOR_PAUSED                 = 0xc00000d1,
  NT_STATUS_NET_WRITE_FAULT                   = 0xc00000d2,
  NT_STATUS_PROFILING_AT_LIMIT                = 0xc00000d3,
  NT_STATUS_NOT_SAME_DEVICE                   = 0xc00000d4,
  NT_STATUS_FILE_RENAMED                      = 0xc00000d5,
  NT_STATUS_VIRTUAL_CIRCUIT_CLOSED            = 0xc00000d6,
  NT_STATUS_NO_SECURITY_ON_OBJECT             = 0xc00000d7,
  NT_STATUS_CANT_WAIT                         = 0xc00000d8,
  NT_STATUS_PIPE_EMPTY                        = 0xc00000d9,
  NT_STATUS_CANT_ACCESS_DOMAIN_INFO           = 0xc00000da,
  NT_STATUS_CANT_TERMINATE_SELF               = 0xc00000db,
  NT_STATUS_INVALID_SERVER_STATE              = 0xc00000dc,
  NT_STATUS_INVALID_DOMAIN_STATE              = 0xc00000dd,
  NT_STATUS_INVALID_DOMAIN_ROLE               = 0xc00000de,
  NT_STATUS_NO_SUCH_DOMAIN                    = 0xc00000df,
  NT_STATUS_DOMAIN_EXISTS                     = 0xc00000e0,
  NT_STATUS_DOMAIN_LIMIT_EXCEEDED             = 0xc00000e1,
  NT_STATUS_OPLOCK_NOT_GRANTED                = 0xc00000e2,
  NT_STATUS_INVALID_OPLOCK_PROTOCOL           = 0xc00000e3,
  NT_STATUS_INTERNAL_DB_CORRUPTION            = 0xc00000e4,
  NT_STATUS_INTERNAL_ERROR                    = 0xc00000e5,
  NT_STATUS_GENERIC_NOT_MAPPED                = 0xc00000e6,
  NT_STATUS_BAD_DESCRIPTOR_FORMAT             = 0xc00000e7,
  NT_STATUS_INVALID_USER_BUFFER               = 0xc00000e8,
  NT_STATUS_UNEXPECTED_IO_ERROR               = 0xc00000e9,
  NT_STATUS_UNEXPECTED_MM_CREATE_ERR          = 0xc00000ea,
  NT_STATUS_UNEXPECTED_MM_MAP_ERROR           = 0xc00000eb,
  NT_STATUS_UNEXPECTED_MM_EXTEND_ERR          = 0xc00000ec,
  NT_STATUS_NOT_LOGON_PROCESS                 = 0xc00000ed,
  NT_STATUS_LOGON_SESSION_EXISTS              = 0xc00000ee,
  NT_STATUS_INVALID_PARAMETER_1               = 0xc00000ef,
  NT_STATUS_INVALID_PARAMETER_2               = 0xc00000f0,
  NT_STATUS_INVALID_PARAMETER_3               = 0xc00000f1,
  NT_STATUS_INVALID_PARAMETER_4               = 0xc00000f2,
  NT_STATUS_INVALID_PARAMETER_5               = 0xc00000f3,
  NT_STATUS_INVALID_PARAMETER_6               = 0xc00000f4,
  NT_STATUS_INVALID_PARAMETER_7               = 0xc00000f5,
  NT_STATUS_INVALID_PARAMETER_8               = 0xc00000f6,
  NT_STATUS_INVALID_PARAMETER_9               = 0xc00000f7,
  NT_STATUS_INVALID_PARAMETER_10              = 0xc00000f8,
  NT_STATUS_INVALID_PARAMETER_11              = 0xc00000f9,
  NT_STATUS_INVALID_PARAMETER_12              = 0xc00000fa,
  NT_STATUS_REDIRECTOR_NOT_STARTED            = 0xc00000fb,
  NT_STATUS_REDIRECTOR_STARTED                = 0xc00000fc,
  NT_STATUS_STACK_OVERFLOW                    = 0xc00000fd,
  NT_STATUS_NO_SUCH_PACKAGE                   = 0xc00000fe,
  NT_STATUS_BAD_FUNCTION_TABLE                = 0xc00000ff,
  NT_STATUS_DIRECTORY_NOT_EMPTY               = 0xc0000101,
  NT_STATUS_FILE_CORRUPT_ERROR                = 0xc0000102,
  NT_STATUS_NOT_A_DIRECTORY                   = 0xc0000103,
  NT_STATUS_BAD_LOGON_SESSION_STATE           = 0xc0000104,
  NT_STATUS_LOGON_SESSION_COLLISION           = 0xc0000105,
  NT_STATUS_NAME_TOO_LONG                     = 0xc0000106,
  NT_STATUS_FILES_OPEN                        = 0xc0000107,
  NT_STATUS_CONNECTION_IN_USE                 = 0xc0000108,
  NT_STATUS_MESSAGE_NOT_FOUND                 = 0xc0000109,
  NT_STATUS_PROCESS_IS_TERMINATING            = 0xc000010a,
  NT_STATUS_INVALID_LOGON_TYPE                = 0xc000010b,
  NT_STATUS_NO_GUID_TRANSLATION               = 0xc000010c,
  NT_STATUS_CANNOT_IMPERSONATE                = 0xc000010d,
  NT_STATUS_IMAGE_ALREADY_LOADED              = 0xc000010e,
  NT_STATUS_ABIOS_NOT_PRESENT                 = 0xc000010f,
  NT_STATUS_ABIOS_LID_NOT_EXIST               = 0xc0000110,
  NT_STATUS_ABIOS_LID_ALREADY_OWNED           = 0xc0000111,
  NT_STATUS_ABIOS_NOT_LID_OWNER               = 0xc0000112,
  NT_STATUS_ABIOS_INVALID_COMMAND             = 0xc0000113,
  NT_STATUS_ABIOS_INVALID_LID                 = 0xc0000114,
  NT_STATUS_ABIOS_SELECTOR_NOT_AVAILABLE      = 0xc0000115,
  NT_STATUS_ABIOS_INVALID_SELECTOR            = 0xc0000116,
  NT_STATUS_NO_LDT                            = 0xc0000117,
  NT_STATUS_INVALID_LDT_SIZE                  = 0xc0000118,
  NT_STATUS_INVALID_LDT_OFFSET                = 0xc0000119,
  NT_STATUS_INVALID_LDT_DESCRIPTOR            = 0xc000011a,
  NT_STATUS_INVALID_IMAGE_NE_FORMAT           = 0xc000011b,
  NT_STATUS_RXACT_INVALID_STATE               = 0xc000011c,
  NT_STATUS_RXACT_COMMIT_FAILURE              = 0xc000011d,
  NT_STATUS_MAPPED_FILE_SIZE_ZERO             = 0xc000011e,
  NT_STATUS_TOO_MANY_OPENED_FILES             = 0xc000011f,
  NT_STATUS_CANCELLED                         = 0xc0000120,
  NT_STATUS_CANNOT_DELETE                     = 0xc0000121,
  NT_STATUS_INVALID_COMPUTER_NAME             = 0xc0000122,
  NT_STATUS_FILE_DELETED                      = 0xc0000123,
  NT_STATUS_SPECIAL_ACCOUNT                   = 0xc0000124,
  NT_STATUS_SPECIAL_GROUP                     = 0xc0000125,
  NT_STATUS_SPECIAL_USER                      = 0xc0000126,
  NT_STATUS_MEMBERS_PRIMARY_GROUP             = 0xc0000127,
  NT_STATUS_FILE_CLOSED                       = 0xc0000128,
  NT_STATUS_TOO_MANY_THREADS                  = 0xc0000129,
  NT_STATUS_THREAD_NOT_IN_PROCESS             = 0xc000012a,
  NT_STATUS_TOKEN_ALREADY_IN_USE              = 0xc000012b,
  NT_STATUS_PAGEFILE_QUOTA_EXCEEDED           = 0xc000012c,
  NT_STATUS_COMMITMENT_LIMIT                  = 0xc000012d,
  NT_STATUS_INVALID_IMAGE_LE_FORMAT           = 0xc000012e,
  NT_STATUS_INVALID_IMAGE_NOT_MZ              = 0xc000012f,
  NT_STATUS_INVALID_IMAGE_PROTECT             = 0xc0000130,
  NT_STATUS_INVALID_IMAGE_WIN_16              = 0xc0000131,
  NT_STATUS_LOGON_SERVER_CONFLICT             = 0xc0000132,
  NT_STATUS_TIME_DIFFERENCE_AT_DC             = 0xc0000133,
  NT_STATUS_SYNCHRONIZATION_REQUIRED          = 0xc0000134,
  NT_STATUS_DLL_NOT_FOUND                     = 0xc0000135,
  NT_STATUS_OPEN_FAILED                       = 0xc0000136,
  NT_STATUS_IO_PRIVILEGE_FAILED               = 0xc0000137,
  NT_STATUS_ORDINAL_NOT_FOUND                 = 0xc0000138,
  NT_STATUS_ENTRYPOINT_NOT_FOUND              = 0xc0000139,
  NT_STATUS_CONTROL_C_EXIT                    = 0xc000013a,
  NT_STATUS_LOCAL_DISCONNECT                  = 0xc000013b,
  NT_STATUS_REMOTE_DISCONNECT                 = 0xc000013c,
  NT_STATUS_REMOTE_RESOURCES                  = 0xc000013d,
  NT_STATUS_LINK_FAILED                       = 0xc000013e,
  NT_STATUS_LINK_TIMEOUT                      = 0xc000013f,
  NT_STATUS_INVALID_CONNECTION                = 0xc0000140,
  NT_STATUS_INVALID_ADDRESS                   = 0xc0000141,
  NT_STATUS_DLL_INIT_FAILED                   = 0xc0000142,
  NT_STATUS_MISSING_SYSTEMFILE                = 0xc0000143,
  NT_STATUS_UNHANDLED_EXCEPTION               = 0xc0000144,
  NT_STATUS_APP_INIT_FAILURE                  = 0xc0000145,
  NT_STATUS_PAGEFILE_CREATE_FAILED            = 0xc0000146,
  NT_STATUS_NO_PAGEFILE                       = 0xc0000147,
  NT_STATUS_INVALID_LEVEL                     = 0xc0000148,
  NT_STATUS_WRONG_PASSWORD_CORE               = 0xc0000149,
  NT_STATUS_ILLEGAL_FLOAT_CONTEXT             = 0xc000014a,
  NT_STATUS_PIPE_BROKEN                       = 0xc000014b,
  NT_STATUS_REGISTRY_CORRUPT                  = 0xc000014c,
  NT_STATUS_REGISTRY_IO_FAILED                = 0xc000014d,
  NT_STATUS_NO_EVENT_PAIR                     = 0xc000014e,
  NT_STATUS_UNRECOGNIZED_VOLUME               = 0xc000014f,
  NT_STATUS_SERIAL_NO_DEVICE_INITED           = 0xc0000150,
  NT_STATUS_NO_SUCH_ALIAS                     = 0xc0000151,
  NT_STATUS_MEMBER_NOT_IN_ALIAS               = 0xc0000152,
  NT_STATUS_MEMBER_IN_ALIAS                   = 0xc0000153,
  NT_STATUS_ALIAS_EXISTS                      = 0xc0000154,
  NT_STATUS_LOGON_NOT_GRANTED                 = 0xc0000155,
  NT_STATUS_TOO_MANY_SECRETS                  = 0xc0000156,
  NT_STATUS_SECRET_TOO_LONG                   = 0xc0000157,
  NT_STATUS_INTERNAL_DB_ERROR                 = 0xc0000158,
  NT_STATUS_FULLSCREEN_MODE                   = 0xc0000159,
  NT_STATUS_TOO_MANY_CONTEXT_IDS              = 0xc000015a,
  NT_STATUS_LOGON_TYPE_NOT_GRANTED            = 0xc000015b,
  NT_STATUS_NOT_REGISTRY_FILE                 = 0xc000015c,
  NT_STATUS_NT_CROSS_ENCRYPTION_REQUIRED      = 0xc000015d,
  NT_STATUS_DOMAIN_CTRLR_CONFIG_ERROR         = 0xc000015e,
  NT_STATUS_FT_MISSING_MEMBER                 = 0xc000015f,
  NT_STATUS_ILL_FORMED_SERVICE_ENTRY          = 0xc0000160,
  NT_STATUS_ILLEGAL_CHARACTER                 = 0xc0000161,
  NT_STATUS_UNMAPPABLE_CHARACTER              = 0xc0000162,
  NT_STATUS_UNDEFINED_CHARACTER               = 0xc0000163,
  NT_STATUS_FLOPPY_VOLUME                     = 0xc0000164,
  NT_STATUS_FLOPPY_ID_MARK_NOT_FOUND          = 0xc0000165,
  NT_STATUS_FLOPPY_WRONG_CYLINDER             = 0xc0000166,
  NT_STATUS_FLOPPY_UNKNOWN_ERROR              = 0xc0000167,
  NT_STATUS_FLOPPY_BAD_REGISTERS              = 0xc0000168,
  NT_STATUS_DISK_RECALIBRATE_FAILED           = 0xc0000169,
  NT_STATUS_DISK_OPERATION_FAILED             = 0xc000016a,
  NT_STATUS_DISK_RESET_FAILED                 = 0xc000016b,
  NT_STATUS_SHARED_IRQ_BUSY                   = 0xc000016c,
  NT_STATUS_FT_ORPHANING                      = 0xc000016d,
  NT_STATUS_PARTITION_FAILURE                 = 0xc0000172,
  NT_STATUS_INVALID_BLOCK_LENGTH              = 0xc0000173,
  NT_STATUS_DEVICE_NOT_PARTITIONED            = 0xc0000174,
  NT_STATUS_UNABLE_TO_LOCK_MEDIA              = 0xc0000175,
  NT_STATUS_UNABLE_TO_UNLOAD_MEDIA            = 0xc0000176,
  NT_STATUS_EOM_OVERFLOW                      = 0xc0000177,
  NT_STATUS_NO_MEDIA                          = 0xc0000178,
  NT_STATUS_NO_SUCH_MEMBER                    = 0xc000017a,
  NT_STATUS_INVALID_MEMBER                    = 0xc000017b,
  NT_STATUS_KEY_DELETED                       = 0xc000017c,
  NT_STATUS_NO_LOG_SPACE                      = 0xc000017d,
  NT_STATUS_TOO_MANY_SIDS                     = 0xc000017e,
  NT_STATUS_LM_CROSS_ENCRYPTION_REQUIRED      = 0xc000017f,
  NT_STATUS_KEY_HAS_CHILDREN                  = 0xc0000180,
  NT_STATUS_CHILD_MUST_BE_VOLATILE            = 0xc0000181,
  NT_STATUS_DEVICE_CONFIGURATION_ERROR        = 0xc0000182,
  NT_STATUS_DRIVER_INTERNAL_ERROR             = 0xc0000183,
  NT_STATUS_INVALID_DEVICE_STATE              = 0xc0000184,
  NT_STATUS_IO_DEVICE_ERROR                   = 0xc0000185,
  NT_STATUS_DEVICE_PROTOCOL_ERROR             = 0xc0000186,
  NT_STATUS_BACKUP_CONTROLLER                 = 0xc0000187,
  NT_STATUS_LOG_FILE_FULL                     = 0xc0000188,
  NT_STATUS_TOO_LATE                          = 0xc0000189,
  NT_STATUS_NO_TRUST_LSA_SECRET               = 0xc000018a,
  NT_STATUS_NO_TRUST_SAM_ACCOUNT              = 0xc000018b,
  NT_STATUS_TRUSTED_DOMAIN_FAILURE            = 0xc000018c,
  NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE      = 0xc000018d,
  NT_STATUS_EVENTLOG_FILE_CORRUPT             = 0xc000018e,
  NT_STATUS_EVENTLOG_CANT_START               = 0xc000018f,
  NT_STATUS_TRUST_FAILURE                     = 0xc0000190,
  NT_STATUS_MUTANT_LIMIT_EXCEEDED             = 0xc0000191,
  NT_STATUS_NETLOGON_NOT_STARTED              = 0xc0000192,
  NT_STATUS_ACCOUNT_EXPIRED                   = 0xc0000193,
  NT_STATUS_POSSIBLE_DEADLOCK                 = 0xc0000194,
  NT_STATUS_NETWORK_CREDENTIAL_CONFLICT       = 0xc0000195,
  NT_STATUS_REMOTE_SESSION_LIMIT              = 0xc0000196,
  NT_STATUS_EVENTLOG_FILE_CHANGED             = 0xc0000197,
  NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT = 0xc0000198,
  NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT = 0xc0000199,
  NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT      = 0xc000019a,
  NT_STATUS_DOMAIN_TRUST_INCONSISTENT         = 0xc000019b,
  NT_STATUS_FS_DRIVER_REQUIRED                = 0xc000019c,
  NT_STATUS_NO_USER_SESSION_KEY               = 0xc0000202,
  NT_STATUS_USER_SESSION_DELETED              = 0xc0000203,
  NT_STATUS_RESOURCE_LANG_NOT_FOUND           = 0xc0000204,
  NT_STATUS_INSUFF_SERVER_RESOURCES           = 0xc0000205,
  NT_STATUS_INVALID_BUFFER_SIZE               = 0xc0000206,
  NT_STATUS_INVALID_ADDRESS_COMPONENT         = 0xc0000207,
  NT_STATUS_INVALID_ADDRESS_WILDCARD          = 0xc0000208,
  NT_STATUS_TOO_MANY_ADDRESSES                = 0xc0000209,
  NT_STATUS_ADDRESS_ALREADY_EXISTS            = 0xc000020a,
  NT_STATUS_ADDRESS_CLOSED                    = 0xc000020b,
  NT_STATUS_CONNECTION_DISCONNECTED           = 0xc000020c,
  NT_STATUS_CONNECTION_RESET                  = 0xc000020d,
  NT_STATUS_TOO_MANY_NODES                    = 0xc000020e,
  NT_STATUS_TRANSACTION_ABORTED               = 0xc000020f,
  NT_STATUS_TRANSACTION_TIMED_OUT             = 0xc0000210,
  NT_STATUS_TRANSACTION_NO_RELEASE            = 0xc0000211,
  NT_STATUS_TRANSACTION_NO_MATCH              = 0xc0000212,
  NT_STATUS_TRANSACTION_RESPONDED             = 0xc0000213,
  NT_STATUS_TRANSACTION_INVALID_ID            = 0xc0000214,
  NT_STATUS_TRANSACTION_INVALID_TYPE          = 0xc0000215,
  NT_STATUS_NOT_SERVER_SESSION                = 0xc0000216,
  NT_STATUS_NOT_CLIENT_SESSION                = 0xc0000217,
  NT_STATUS_CANNOT_LOAD_REGISTRY_FILE         = 0xc0000218,
  NT_STATUS_DEBUG_ATTACH_FAILED               = 0xc0000219,
  NT_STATUS_SYSTEM_PROCESS_TERMINATED         = 0xc000021a,
  NT_STATUS_DATA_NOT_ACCEPTED                 = 0xc000021b,
  NT_STATUS_NO_BROWSER_SERVERS_FOUND          = 0xc000021c,
  NT_STATUS_VDM_HARD_ERROR                    = 0xc000021d,
  NT_STATUS_DRIVER_CANCEL_TIMEOUT             = 0xc000021e,
  NT_STATUS_REPLY_MESSAGE_MISMATCH            = 0xc000021f,
  NT_STATUS_MAPPED_ALIGNMENT                  = 0xc0000220,
  NT_STATUS_IMAGE_CHECKSUM_MISMATCH           = 0xc0000221,
  NT_STATUS_LOST_WRITEBEHIND_DATA             = 0xc0000222,
  NT_STATUS_CLIENT_SERVER_PARAMETERS_INVALID  = 0xc0000223,
  NT_STATUS_PASSWORD_MUST_CHANGE              = 0xc0000224,
  NT_STATUS_NOT_FOUND                         = 0xc0000225,
  NT_STATUS_NOT_TINY_STREAM                   = 0xc0000226,
  NT_STATUS_RECOVERY_FAILURE                  = 0xc0000227,
  NT_STATUS_STACK_OVERFLOW_READ               = 0xc0000228,
  NT_STATUS_FAIL_CHECK                        = 0xc0000229,
  NT_STATUS_DUPLICATE_OBJECTID                = 0xc000022a,
  NT_STATUS_OBJECTID_EXISTS                   = 0xc000022b,
  NT_STATUS_CONVERT_TO_LARGE                  = 0xc000022c,
  NT_STATUS_RETRY                             = 0xc000022d,
  NT_STATUS_FOUND_OUT_OF_SCOPE                = 0xc000022e,
  NT_STATUS_ALLOCATE_BUCKET                   = 0xc000022f,
  NT_STATUS_PROPSET_NOT_FOUND                 = 0xc0000230,
  NT_STATUS_MARSHALL_OVERFLOW                 = 0xc0000231,
  NT_STATUS_INVALID_VARIANT                   = 0xc0000232,
  NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND       = 0xc0000233,
  NT_STATUS_ACCOUNT_LOCKED_OUT                = 0xc0000234,
  NT_STATUS_HANDLE_NOT_CLOSABLE               = 0xc0000235,
  NT_STATUS_CONNECTION_REFUSED                = 0xc0000236,
  NT_STATUS_GRACEFUL_DISCONNECT               = 0xc0000237,
  NT_STATUS_ADDRESS_ALREADY_ASSOCIATED        = 0xc0000238,
  NT_STATUS_ADDRESS_NOT_ASSOCIATED            = 0xc0000239,
  NT_STATUS_CONNECTION_INVALID                = 0xc000023a,
  NT_STATUS_CONNECTION_ACTIVE                 = 0xc000023b,
  NT_STATUS_NETWORK_UNREACHABLE               = 0xc000023c,
  NT_STATUS_HOST_UNREACHABLE                  = 0xc000023d,
  NT_STATUS_PROTOCOL_UNREACHABLE              = 0xc000023e,
  NT_STATUS_PORT_UNREACHABLE                  = 0xc000023f,
  NT_STATUS_REQUEST_ABORTED                   = 0xc0000240,
  NT_STATUS_CONNECTION_ABORTED                = 0xc0000241,
  NT_STATUS_BAD_COMPRESSION_BUFFER            = 0xc0000242,
  NT_STATUS_USER_MAPPED_FILE                  = 0xc0000243,
  NT_STATUS_AUDIT_FAILED                      = 0xc0000244,
  NT_STATUS_TIMER_RESOLUTION_NOT_SET          = 0xc0000245,
  NT_STATUS_CONNECTION_COUNT_LIMIT            = 0xc0000246,
  NT_STATUS_LOGIN_TIME_RESTRICTION            = 0xc0000247,
  NT_STATUS_LOGIN_WKSTA_RESTRICTION           = 0xc0000248,
  NT_STATUS_IMAGE_MP_UP_MISMATCH              = 0xc0000249,
  NT_STATUS_INSUFFICIENT_LOGON_INFO           = 0xc0000250,
  NT_STATUS_BAD_DLL_ENTRYPOINT                = 0xc0000251,
  NT_STATUS_BAD_SERVICE_ENTRYPOINT            = 0xc0000252,
  NT_STATUS_LPC_REPLY_LOST                    = 0xc0000253,
  NT_STATUS_IP_ADDRESS_CONFLICT1              = 0xc0000254,
  NT_STATUS_IP_ADDRESS_CONFLICT2              = 0xc0000255,
  NT_STATUS_REGISTRY_QUOTA_LIMIT              = 0xc0000256,
  NT_STATUS_PATH_NOT_COVERED                  = 0xc0000257,
  NT_STATUS_NO_CALLBACK_ACTIVE                = 0xc0000258,
  NT_STATUS_LICENSE_QUOTA_EXCEEDED            = 0xc0000259,
  NT_STATUS_PWD_TOO_SHORT                     = 0xc000025a,
  NT_STATUS_PWD_TOO_RECENT                    = 0xc000025b,
  NT_STATUS_PWD_HISTORY_CONFLICT              = 0xc000025c,
  NT_STATUS_PLUGPLAY_NO_DEVICE                = 0xc000025e,
  NT_STATUS_UNSUPPORTED_COMPRESSION           = 0xc000025f,
  NT_STATUS_INVALID_HW_PROFILE                = 0xc0000260,
  NT_STATUS_INVALID_PLUGPLAY_DEVICE_PATH      = 0xc0000261,
  NT_STATUS_DRIVER_ORDINAL_NOT_FOUND          = 0xc0000262,
  NT_STATUS_DRIVER_ENTRYPOINT_NOT_FOUND       = 0xc0000263,
  NT_STATUS_RESOURCE_NOT_OWNED                = 0xc0000264,
  NT_STATUS_TOO_MANY_LINKS                    = 0xc0000265,
  NT_STATUS_QUOTA_LIST_INCONSISTENT           = 0xc0000266,
  NT_STATUS_FILE_IS_OFFLINE                   = 0xc0000267,
  NT_STATUS_DS_NO_MORE_RIDS                   = 0xc00002a8,
  NT_STATUS_NOT_A_REPARSE_POINT               = 0xc0000275,
  NT_STATUS_NO_SUCH_JOB                       = 0xc000EDE
}

for i, v in pairs(status_codes) do
  status_names[v] = i
end


filetype_codes =
{
  FILE_TYPE_DISK              = 0x00,
  FILE_TYPE_BYTE_MODE_PIPE    = 0x01,
  FILE_TYPE_MESSAGE_MODE_PIPE = 0x02,
  FILE_TYPE_PRINTER           = 0x03,
  FILE_TYPE_UNKNOWN           = 0xFF
}

for i, v in pairs(filetype_codes) do
  filetype_names[v] = i
end

file_Pipe_Printer_Access_Mask = 
{
  FILE_READ_DATA              = 0x00000001,
  FILE_WRITE_DATA             = 0x00000002,
  FILE_APPEND_DATA            = 0x00000004,
  FILE_READ_EA                = 0x00000008,
  FILE_WRITE_EA               = 0x00000010,
  FILE_DELETE_CHILD           = 0x00000040,
  FILE_EXECUTE                = 0x00000020,
  FILE_READ_ATTRIBUTES        = 0x00000080,
  FILE_WRITE_ATTRIBUTES       = 0x00000100,
  DELETE                      = 0x00010000,
  READ_CONTROL                = 0x00020000,
  WRITE_DAC                   = 0x00040000,
  WRITE_OWNER                 = 0x00080000,
  SYNCHRONIZE                 = 0x00100000,
  ACCESS_SYSTEM_SECURITY      = 0x01000000,
  MAXIMUM_ALLOWED             = 0x02000000,
  GENERIC_ALL                 = 0x10000000,
  GENERIC_EXECUTE             = 0x20000000,
  GENERIC_WRITE               = 0x40000000,
  GENERIC_READ                = 0x80000000
}

directory_Access_Mask =
{
  FILE_LIST_DIRECTORY         = 0x00000001,
  FILE_ADD_FILE               = 0x00000002,
  FILE_ADD_SUBDIRECTORY       = 0x00000004,
  FILE_READ_EA                = 0x00000008,
  FILE_WRITE_EA               = 0x00000010,
  FILE_TRAVERSE               = 0x00000020,
  FILE_DELETE_CHILD           = 0x00000040,
  FILE_READ_ATTRIBUTES        = 0x00000080,
  FILE_WRITE_ATTRIBUTES       = 0x00000100,
  DELETE                      = 0x00010000,
  READ_CONTROL                = 0x00020000,
  WRITE_DAC                   = 0x00040000,
  WRITE_OWNER                 = 0x00080000,
  SYNCHRONIZE                 = 0x00100000,
  ACCESS_SYSTEM_SECURITY      = 0x01000000,
  MAXIMUM_ALLOWED             = 0x02000000,
  GENERIC_ALL                 = 0x10000000,
  GENERIC_EXECUTE             = 0x20000000,
  GENERIC_WRITE               = 0x40000000,
  GENERIC_READ                = 0x80000000
}

file_attributes =
{
  FILE_ATTRIBUTE_ARCHIVE              = 0x00000020,
  FILE_ATTRIBUTE_COMPRESSED           = 0x00000800,
  FILE_ATTRIBUTE_DIRECTORY            = 0x00000010,
  FILE_ATTRIBUTE_ENCRYPTED            = 0x00004000,
  FILE_ATTRIBUTE_HIDDEN               = 0x00000002,
  FILE_ATTRIBUTE_NORMAL               = 0x00000080,
  FILE_ATTRIBUTE_NOT_CONTENT_INDEXED  = 0x00002000,
  FILE_ATTRIBUTE_OFFLINE              = 0x00001000,
  FILE_ATTRIBUTE_READONLY             = 0x00000001,
  FILE_ATTRIBUTE_REPARSE_POINT        = 0x00000400,
  FILE_ATTRIBUTE_SPARSE_FILE          = 0x00000200,
  FILE_ATTRIBUTE_SYSTEM               = 0x00000004,
  FILE_ATTRIBUTE_TEMPORARY            = 0x00000100,
  FILE_ATTRIBUTE_INTEGRITY_STREAM     = 0x00008000,
  FILE_ATTRIBUTE_NO_SCRUB_DATA        = 0x00020000
}

file_share_access = 
{
  FILE_SHARE_READ             = 0x00000001,
  FILE_SHARE_WRITE            = 0x00000002,
  FILE_SHARE_DELETE           = 0x00000004
}

create_disposition =
{
  FILE_SUPERSEDE            = 0x00000000,
  FILE_OPEN                 = 0x00000001,
  FILE_CREATE               = 0x00000002,
  FILE_OPEN_IF              = 0x00000003,
  FILE_OVERWRITE            = 0x00000004,
  FILE_OVERWRITE_IF         = 0x00000005
}

create_options =
{
  FILE_DIRECTORY_FILE                 = 0x00000001,
  FILE_WRITE_THROUGH                  = 0x00000002,
  FILE_SEQUENTIAL_ONLY                = 0x00000004,
  FILE_NO_INTERMEDIATE_BUFFERING      = 0x00000008,
  FILE_SYNCHRONOUS_IO_ALERT           = 0x00000010,
  FILE_SYNCHRONOUS_IO_NONALERT        = 0x00000020,
  FILE_NON_DIRECTORY_FILE             = 0x00000040,
  FILE_COMPLETE_IF_OPLOCKED           = 0x00000100,
  FILE_NO_EA_KNOWLEDGE                = 0x00000200,
  FILE_RANDOM_ACCESS                  = 0x00000800,
  FILE_DELETE_ON_CLOSE                = 0x00001000,
  FILE_OPEN_BY_FILE_ID                = 0x00002000,
  FILE_OPEN_FOR_BACKUP_INTENT         = 0x00004000,
  FILE_NO_COMPRESSION                 = 0x00008000,
  FILE_OPEN_REMOTE_INSTANCE           = 0x00000400,
  FILE_OPEN_REQUIRING_OPLOCK          = 0x00010000,
  FILE_DISALLOW_EXCLUSIVE             = 0x00020000,
  FILE_RESERVE_OPFILTER               = 0x00100000,
  FILE_OPEN_REPARSE_POINT             = 0x00200000,
  FILE_OPEN_NO_RECALL                 = 0x00400000,
  FILE_OPEN_FOR_FREE_SPACE_QUERY      = 0x00800000
}

fsctl_codes = 
{
  FSCTL_DFS_GET_REFERRALS = 0x00060194,
  FSCTL_PIPE_PEEK = 0x0011400C,
  FSCTL_PIPE_WAIT = 0x00110018,
  FSCTL_PIPE_TRANSCEIVE = 0x0011C017,
  FSCTL_SRV_COPYCHUNK = 0x001440F2,
  FSCTL_SRV_ENUMERATE_SNAPSHOTS = 0x00144064,
  FSCTL_SRV_REQUEST_RESUME_KEY = 0x00140078,
  FSCTL_SRV_READ_HASH = 0x001441bb,
  FSCTL_SRV_COPYCHUNK_WRITE = 0x001480F2,
  FSCTL_LMR_REQUEST_RESILIENCY = 0x001401D4,
  FSCTL_QUERY_NETWORK_INTERFACE_INFO = 0x001401FC,
  FSCTL_SET_REPARSE_POINT = 0x000900A4,
  FSCTL_DFS_GET_REFERRALS_EX = 0x000601B0,
  FSCTL_FILE_LEVEL_TRIM = 0x00098208,
  FSCTL_VALIDATE_NEGOTIATE_INFO = 0x00140204
}

return _ENV;