---
-- Implements functionality related to Server Message Block (SMB, an extension
-- of CIFS) version 2 traffic, which is a Windows protocol.
--
-- SMB traffic is normally sent to/from ports 139 or 445 of Windows systems. Microsoft's
-- extensive documentation is available at the following URL:
-- * SMB2: https://msdn.microsoft.com/en-us/library/cc246482.aspx
-----------------------------------------------------------------------
local asn1 = require "asn1"
local bin = require "bin"
local bit = require "bit"
local coroutine = require "coroutine"
local io = require "io"
local math = require "math"
local match = require "match"
local netbios = require "netbios"
local nmap = require "nmap"
local os = require "os"
local smbauth = require "smbauth"
local stdnse = require "stdnse"
local string = require "string"
local table = require "table"
local unicode = require "unicode"
local smb = require "smb"
_ENV = stdnse.module("smb2", stdnse.seeall)

-- These arrays are filled in with constants at the bottom of this file
command_codes = {}
command_names = {}
status_codes = {}
status_names = {}
filetype_codes = {}
filetype_names = {}
file_attributes = {}
smb2_flags = {}
smb2_OplockLevel = {}
smb2_ImpersonationLevel = {}
file_share_access = {}
create_disposition = {}
create_options = {}

local TIMEOUT = 10000

---Wrapper around <code>smbauth.add_account</code>.
function add_account(host, username, domain, password, password_hash, hash_type, is_admin)
  smbauth.add_account(host, username, domain, password, password_hash, hash_type, is_admin)
end

---Wrapper around <code>smbauth.get_account</code>.
function get_account(host)
  return smbauth.get_account(host)
end

---Get an 'overrides' table for the anonymous user
--
--@param overrides [optional] A base table of overrides. The appropriate fields will be added.
function get_overrides_anonymous(overrides)
  if(not(overrides)) then
    return {username='', domain='', password='', password_hash=nil, hash_type='none'}
  else
    overrides['username'] = ''
    overrides['domain'] = ''
    overrides['password'] = ''
    overrides['password_hash'] = ''
    overrides['hash_type'] = 'none'
  end
end

---Convert a status number from the SMB header into a status name, returning an error message (not nil) if
-- it wasn't found.
--
--@param status The numerical status.
--@return A string representing the error. Never nil.
function get_status_name(status)

  if(status_names[status] == nil) then
    -- If the name wasn't found in the array, do a linear search on it
    for i, v in pairs(status_names) do
      if(v == status) then
        return i
      end
    end

    return string.format("NT_STATUS_UNKNOWN (0x%08x)", status)
  else
    return status_names[status]
  end
end

--- Begins a SMB session, automatically determining the best way to connect.
--
-- @param host The host object
-- @return (status, smb) if the status is true, result is the newly crated smb object;
--         otherwise, socket is the error message.
function start(host)
  local port = smb.get_port(host)
  local status, result
  local state = {}

  state['uid']      = 0
  state['tid']      = 0
  state['mid']      = 1
  state['pid']      = math.random(32766) + 1
  state['host']     = host
  state['ip']       = host.ip
  state['sequence'] = -1
  state['MessageId']      = -1

  -- Store the name of the server
  local nbcache_mutex = nmap.mutex("Netbios lookup mutex")
  nbcache_mutex "lock"
  if ( not(host.registry['netbios_name']) ) then
    status, result = netbios.get_server_name(host.ip)
    if(status == true) then
      host.registry['netbios_name'] = result
      state['name'] = result
    end
  else
    stdnse.debug2("SMB: Resolved netbios name from cache")
    state['name'] = host.registry['netbios_name']
  end
  nbcache_mutex "done"

  stdnse.debug2("SMB: Starting SMB2 session for %s (%s)", host.name, host.ip)

  if(port == nil) then
    return false, "SMB: Couldn't find a valid port to check"
  end

  -- Initialize the accounts for logging on
  smbauth.init_account(host)

  if(port ~= 139) then
    status, state['socket'] = start_raw(host, port)
    state['port'] = port

    if(status == false) then
      return false, state['socket']
    end
    return true, state

  else
    status, state['socket'] = start_netbios(host, port)
    state['port'] = port
    if(status == false) then
      return false, state['socket']
    end
    return true, state

  end

  return false, "SMB: Couldn't find a valid port to check"
end

--- Kills the SMB connection and closes the socket.
--
--  In addition to killing the connection, this function will log off the user and disconnect
--  the connected tree, if possible.
--
--@param smb    The SMB object associated with the connection
--@return (status, result) If status is false, result is an error message. Otherwise, result
--        is undefined.
function stop(smb)

  if(smb['TreeId'] ~= 0) then
    tree_disconnect(smb)
  end

  if(smb['MessageId'] ~= -1) then
    logoff(smb)
  end

  stdnse.debug2("SMB: Closing socket")
  if(smb['socket'] ~= nil) then
    local status, err = smb['socket']:close()

    if(status == false) then
      return false, "SMB: Failed to close socket: " .. err
    end
  end

  return true
end

--- Begins a raw SMB session, likely over port 445. Since nothing extra is required, this
--  function simply makes a connection and returns the socket.
--
--@param host The host object to check.
--@param port The port to use (most likely 445).
--@return (status, socket) if status is true, result is the newly created socket.
--        Otherwise, socket is the error message.
function start_raw(host, port)
  local status, err
  local socket = nmap.new_socket()

  socket:set_timeout(TIMEOUT)
  status, err = socket:connect(host, port, "tcp")

  if(status == false) then
    return false, "SMB: Failed to connect to host: " .. err
  end

  return true, socket
end

--- Begins a SMB session over NetBIOS.
--
-- This requires a NetBIOS Session Start message to be sent first, which in
-- turn requires the NetBIOS name. The name can be provided as a parameter, or
-- it can be automatically determined.
--
-- Automatically determining the name is interesting, to say the least. Here
-- are the names it tries, and the order it tries them in:
-- * The name the user provided, if present
-- * The name pulled from NetBIOS (udp/137), if possible
-- * The generic name "*SMBSERVER"
-- * Each subset of the domain name (for example, scanme.insecure.org would
--   attempt "scanme", "scanme.insecure", and "scanme.insecure.org")
--
-- This whole sequence is a little hackish, but it's the standard way of doing
-- it.
--
--@param host The host object to check.
--@param port The port to use (most likely 139).
--@param name [optional] The NetBIOS name of the host. Will attempt to
--            automatically determine if it isn't given.
--@return (status, socket) if status is true, result is the port
--        Otherwise, socket is the error message.
function start_netbios(host, port, name)
  local i
  local status, err
  local pos, result, flags, length
  local socket = nmap.new_socket()

  -- First, populate the name array with all possible names, in order of significance
  local names = {}

  -- Use the name parameter
  if(name ~= nil) then
    names[#names + 1] = name
  end

  -- Get the name of the server from NetBIOS
  status, name = netbios.get_server_name(host.ip)
  if(status == true) then
    names[#names + 1] = name
  end

  -- "*SMBSERVER" is a special name that any server should respond to
  names[#names + 1] = "*SMBSERVER"

  -- If all else fails, use each substring of the DNS name (this is a HUGE hack, but is actually
  -- a recommended way of doing this!)
  if(host.name ~= nil and host.name ~= "") then
    local new_names = get_subnames(host.name)
    for i = 1, #new_names, 1 do
      names[#names + 1] = new_names[i]
    end
  end

  -- This loop will try all the NetBIOS names we've collected, hoping one of them will work. Yes,
  -- this is a hackish way, but it's actually the recommended way.
  i = 1
  repeat

    -- Use the current name
    name = names[i]

    -- Some debug information
    stdnse.debug1("SMB: Trying to start NetBIOS session with name = '%s'", name)
    -- Request a NetBIOS session
    local session_request = bin.pack(">CCSzz",
      0x81,                        -- session request
      0x00,                        -- flags
      0x44,                        -- length
      netbios.name_encode(name),   -- server name
      netbios.name_encode("NMAP")  -- client name
      );

    stdnse.debug3("SMB: Connecting to %s", host.ip)
    socket:set_timeout(TIMEOUT)
    status, err = socket:connect(host, port, "tcp")
    if(status == false) then
      socket:close()
      return false, "SMB: Failed to connect: " .. err
    end

    -- Send the session request
    stdnse.debug3("SMB: Sending NetBIOS session request with name %s", name)
    status, err = socket:send(session_request)
    if(status == false) then
      socket:close()
      return false, "SMB: Failed to send: " .. err
    end
    socket:set_timeout(TIMEOUT)

    -- Receive the session response
    stdnse.debug3("SMB: Receiving NetBIOS session response")
    status, result = socket:receive_buf(match.numbytes(4), true);
    if(status == false) then
      socket:close()
      return false, "SMB: Failed to close socket: " .. result
    end
    pos, result, flags, length = bin.unpack(">CCS", result)
    if(result == nil or length == nil) then
      return false, "SMB: ERROR: Server returned less data than it was supposed to (one or more fields are missing); aborting [1]"
    end

    -- Check for a positive session response (0x82)
    if result == 0x82 then
      stdnse.debug3("SMB: Successfully established NetBIOS session with server name %s", name)
      return true, socket
    end

    -- If the session failed, close the socket and try the next name
    stdnse.debug1("SMB: Session request failed, trying next name")
    socket:close()

    -- Try the next name
    i = i + 1

  until i > #names

  -- We reached the end of our names list
  stdnse.debug1("SMB: None of the NetBIOS names worked!")
  return false, "SMB: Couldn't find a NetBIOS name that works for the server. Sorry!"
end

--- Creates a string containing a SMB packet header - async. The header looks like this:
--
--<code>
-- --------------------------------------------------------------------------------------------------
-- | 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9  8  7  6  5  4  3  2  1  0 |
-- --------------------------------------------------------------------------------------------------
-- |         0xFE           |          'S'          |        'M'            |         'B'           |
-- --------------------------------------------------------------------------------------------------
-- |                   StructureSize                |                  CreditCharge                 |
-- --------------------------------------------------------------------------------------------------
-- |                                 (ChannelSequence/Reserved)/Status                              |
-- --------------------------------------------------------------------------------------------------
-- |                    Command                     |            CreditRequest/CreditResponse       |
-- --------------------------------------------------------------------------------------------------
-- |                                              Flags                                             |
-- --------------------------------------------------------------------------------------------------
-- |                                           NextCommand                                          |
-- --------------------------------------------------------------------------------------------------
-- |                                             MessageId                                          |
-- --------------------------------------------------------------------------------------------------
-- |                                               ...                                              |
-- --------------------------------------------------------------------------------------------------
-- |                                              AsyncId                                           |
-- --------------------------------------------------------------------------------------------------
-- |                                               ...                                              |
-- --------------------------------------------------------------------------------------------------
-- |                                             MessageId                                          |
-- --------------------------------------------------------------------------------------------------
-- |                                               ...                                              |
-- --------------------------------------------------------------------------------------------------
-- |                                             SessionId                                          |
-- --------------------------------------------------------------------------------------------------
-- |                                               ...                                              |
-- --------------------------------------------------------------------------------------------------
-- |                                             Signature                                          |
-- --------------------------------------------------------------------------------------------------
-- |                                               ...                                              |
-- --------------------------------------------------------------------------------------------------
-- |                                               ...                                              |
-- --------------------------------------------------------------------------------------------------
-- |                                               ...                                              |
-- --------------------------------------------------------------------------------------------------
--</code>
--
-- All fields are, incidentally, encoded in little endian byte order.
--
-- For the purposes here, the program doesn't care about most of the fields so they're given default
-- values. The "command" field is the only one we ever have to set manually, in my experience. The TID
-- and UID need to be set, but those are stored in the smb state and don't require user intervention.
--
--@param smb     The smb state table.
--@param command The command to use.
--@param overrides The overrides table. Keep in mind that overriding things like flags is generally a very bad idea, unless you know what you're doing.
--@return A binary string containing the packed packet header.
function smb_encode_header_async(smb, command, overrides)
  -- TODO
end

--- Creates a string containing a SMB packet header - sync. The header looks like this:
--
--<code>
-- --------------------------------------------------------------------------------------------------
-- | 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9  8  7  6  5  4  3  2  1  0 |
-- --------------------------------------------------------------------------------------------------
-- |         0xFE           |          'S'          |        'M'            |         'B'           |
-- --------------------------------------------------------------------------------------------------
-- |                   StructureSize                |                  CreditCharge                 |
-- --------------------------------------------------------------------------------------------------
-- |                                 (ChannelSequence/Reserved)/Status                              |
-- --------------------------------------------------------------------------------------------------
-- |                    Command                     |            CreditRequest/CreditResponse       |
-- --------------------------------------------------------------------------------------------------
-- |                                              Flags                                             |
-- --------------------------------------------------------------------------------------------------
-- |                                           NextCommand                                          |
-- --------------------------------------------------------------------------------------------------
-- |                                             MessageId                                          |
-- --------------------------------------------------------------------------------------------------
-- |                                               ...                                              |
-- --------------------------------------------------------------------------------------------------
-- |                                              Reserved                                          |
-- --------------------------------------------------------------------------------------------------
-- |                                               TreeId                                           |
-- --------------------------------------------------------------------------------------------------
-- |                                             SessionId                                          |
-- --------------------------------------------------------------------------------------------------
-- |                                               ...                                              |
-- --------------------------------------------------------------------------------------------------
-- |                                             Signature                                          |
-- --------------------------------------------------------------------------------------------------
-- |                                               ...                                              |
-- --------------------------------------------------------------------------------------------------
-- |                                               ...                                              |
-- --------------------------------------------------------------------------------------------------
-- |                                               ...                                              |
-- --------------------------------------------------------------------------------------------------
--</code>
--
-- All fields are, incidentally, encoded in little endian byte order.
--
-- For the purposes here, the program doesn't care about most of the fields so they're given default
-- values. The "command" field is the only one we ever have to set manually, in my experience. The TID
-- and UID need to be set, but those are stored in the smb state and don't require user intervention.
--
--@param smb     The smb state table.
--@param command The command to use.
--@param overrides The overrides table. Keep in mind that overriding things like flags is generally a very bad idea, unless you know what you're doing.
--@return A binary string containing the packed packet header.
function smb_encode_header_sync(smb, command, overrides)
  -- Make sure we have an overrides array
  overrides = overrides or {}

  -- Used for the ProtocolId
  local sig = "\xFESMB"

  local structureSize = 64
  local flags = 0

  if smb['MessageId'] then
    smb['MessageId'] = smb['MessageId'] + 1
  end

  -- -- Pretty much every flags is deprecated. We set these two because they're required to be on.
  -- local flags  = bit.bor(0x10, 0x08) -- SMB_FLAGS_CANONICAL_PATHNAMES | SMB_FLAGS_CASELESS_PATHNAMES
  -- -- These flags are less deprecated. We negotiate 32-bit status codes and long names. We also don't include Unicode, which tells
  -- -- the server that we deal in ASCII.
  -- local flags2 = bit.bor(0x4000, 0x2000, 0x0040, 0x0001) -- SMB_FLAGS2_32BIT_STATUS | SMB_FLAGS2_EXECUTE_ONLY_READS | SMB_FLAGS2_IS_LONG_NAME | SMB_FLAGS2_KNOWS_LONG_NAMES

  -- -- Unless the user's disabled the security signature, add it
  -- if(nmap.registry.args.smbsign ~= "disable") then
  --   flags2 = bit.bor(flags2, 0x0004) -- SMB_FLAGS2_SECURITY_SIGNATURE
  -- end

  -- -- TreeID should never ever be 'nil', but it seems to happen once in awhile so print an error
  -- if(smb['tid'] == nil) then
  --   return false, string.format("SMB: ERROR: TreeID value was set to nil on host %s", smb['ip'])
  -- end

  local header = bin.pack("<CCCCSSISSIILIILLL",
    sig:byte(1),  -- Header
    sig:byte(2),  -- Header
    sig:byte(3),  -- Header
    sig:byte(4),  -- Header
    structureSize,                      -- 2 bytes. StructureSize.
    (overrides['CreditCharge'] or 0),   -- 2 bytes. CreditCharge. In the SMB 2.002, the sender MUST set this to 0
    (overrides['Status'] or 0),         -- 4 bytes. (ChannelSequence/Reserved)/Status. 
    command,                            -- 2 bytes. Commands.
    (overrides['CreditR'] or 0),        -- 2 bytes. CreditRequest/CreditResponse.
    (overrides['Flags'] or flags),      -- 4 bytes. Flags. TODO
    (overrides['NextCommand'] or 0),    -- 4 bytes. NextCommand.
    (overrides['MessageId'] or smb['MessageId']),       -- 8 bytes. MessageId.
    (overrides['Reserved'] or 0x0000feff),       -- 4 bytes. Reserved.
    (overrides['TreeId'] or smb['TreeId'] or 0),         -- 4 bytes. TreeId.
    (overrides['SessionId'] or smb['SessionId'] or 0),      -- 8 bytes. SessionId.
    (overrides['Signature1'] or 0),     -- 8 bytes. Signature1.
    (overrides['Signature2'] or 0)      -- 8 bytes. Signature2.
    )

  return header
end

--- Prepends the NetBIOS header to the packet, which is essentially the length, encoded
--  in 4 bytes of big endian, and sends it out.
--
--  The length field is actually 17 or 24 bits wide, depending on whether or
--  not we're using raw, but that shouldn't matter.
--
--@param smb        The SMB object associated with the connection
--@param header     The header, encoded with <code>smb_get_header</code>.
--@param data       The data.
--@param overrides  Overrides table.
--@return (result, err) If result is false, err is the error message. Otherwise, err is
--        undefined
function smb_send(smb, header, data, overrides)
  overrides = overrides or {}
  local body               = header .. data
  local attempts           = 5
  local status, err

  local out = bin.pack(">I<A", #body, body)
  repeat
    attempts = attempts - 1
    stdnse.debug3("SMB: Sending SMB packet (len: %d, attempts remaining: %d)", #out, attempts)
    status, err = smb['socket']:send(out)
  until(status or (attempts == 0))

  if(attempts == 0) then
    stdnse.debug1("SMB: Sending packet failed after 5 tries! Giving up.")
  end

  return status, err
end



--- Reads the next packet from the socket, and parses it into the header, parameters,
--  and data.
--@return (status, header, data) If status is true, the header,
--        , and data are all the raw arrays (with the lengths already
--        removed). If status is false, header contains an error message and 
--        data are undefined.
function smb_read(smb, read_data)
  local status
  local pos, netbios_data, netbios_length, length, header, parameter_length, parameters, data_length, data
  local attempts = 5

  stdnse.debug3("SMB: Receiving SMB packet")

  -- Receive the response -- we make sure to receive at least 4 bytes, the length of the NetBIOS length
  smb['socket']:set_timeout(TIMEOUT)

  -- perform 5 attempt to read the Netbios header
  local netbios
  repeat
    attempts = attempts - 1
    status, netbios_data = smb['socket']:receive_buf(match.numbytes(4), true);

    if ( not(status) and netbios_data == "EOF" ) then
      return false, "SMB: ERROR: Server disconnected the connection"
    end
  until(status or (attempts == 0))

  -- Make sure the connection is still alive
  if(status ~= true) then
    return false, "SMB: Failed to receive bytes after 5 attempts: " .. netbios_data
  end

  -- The length of the packet is 4 bytes of big endian (for our purposes).
  -- The NetBIOS header is 24 bits, big endian
  pos, netbios_length   = bin.unpack(">I", netbios_data)
  if(netbios_length == nil) then
    return false, "SMB: ERROR: Server returned less data than it was supposed to (one or more fields are missing); aborting [2]"
  end
  -- Make the length 24 bits
  netbios_length = bit.band(netbios_length, 0x00FFFFFF)

  -- The total length is the netbios_length, plus 4 (for the length itself)
  length = netbios_length + 4

  local attempts = 5
  local smb_data
  repeat
    attempts = attempts - 1
    status, smb_data = smb['socket']:receive_buf(match.numbytes(netbios_length), true)
  until(status or (attempts == 0))

  -- Make sure the connection is still alive
  if(status ~= true) then
    return false, "SMB: Failed to receive bytes after 5 attempts: " .. smb_data
  end

  local result = netbios_data .. smb_data
  if(#result ~= length) then
    stdnse.debug1("SMB: ERROR: Received wrong number of bytes, there will likely be issues (received %d, expected %d)", #result, length)
    return false, string.format("SMB: ERROR: Didn't receive the expected number of bytes; received %d, expected %d. This will almost certainly cause some errors.", #result, length)
  end


  -- The header is 64 bytes.
  pos, header = bin.unpack("<A64", result, pos)
  if(header == nil) then
    return false, "SMB: ERROR: Server returned less data than it was supposed to (one or more fields are missing); aborting [3]"
  end

  -- Read that many bytes of data.
  if(read_data == nil or read_data == true) then
    pos, data = bin.unpack("<A" .. #result - pos + 1, result, pos)
    if(data == nil) then
      return false, "SMB: ERROR: Server returned less data than it was supposed to (one or more fields are missing); aborting [7]"
    end
  else
    data = nil
  end

  stdnse.debug3("SMB: Received %d bytes", #result)
  return true, header, data
end

--- Sends out <code>SMB2 NEGOTIATE</code>, which is typically the first SMB packet sent out.
function negotiate_protocol(smb, overrides)
  local header, data
  -- Make sure we have overrides
  overrides = overrides or {}  
  header = smb_encode_header_sync(smb, command_codes['SMB2_COM_NEGOTIATE'], overrides)

  local StructureSize = 36
  local DialectCount
  -- Data is a list of strings, terminated by a blank one.
  if(overrides['Dialects'] == nil) then
    DialectCount = 2
  else
    DialectCount = #overrides['Dialects']
  end

  local SecurityMode = overrides["SecurityMode"] or 0x01
  local Reserved = 0
  local Capabilities = overrides["SecurityMode"] or 0
  local GUID1 = overrides["GUID1"] or 1
  local GUID2 = overrides["GUID2"] or 1
  local ClientStartTime = overrides["ClientStartTime"] or 0x010
  local Dialects1 = 0x0202
  local Dialects2 = 0x0210

  local data = bin.pack("<SSSSILLL", 
    StructureSize,  --2 bytes
    DialectCount,   --2 bytes
    SecurityMode,   --2 bytes
    Reserved,       --2 bytes
    Capabilities,   --4 bytes
    GUID1,          --8 bytes
    GUID2,          --8 bytes
    ClientStartTime  --8 bytes
    )

  if(overrides['Dialects'] == nil) then
    data = data .. bin.pack("<I", Dialects1)
    data = data .. bin.pack("<I", Dialects2)    
  else
    for _, v in ipairs(overrides['Dialects']) do
      data = data .. bin.pack("<I", v)
    end
  end

  -- Send the negotiate request
  stdnse.debug2("SMB: Sending SMB2_COM_NEGOTIATE")
  local status, err = smb_send(smb, header, data)
  if(status == false) then
    return false, err
  end

  -- Read the result
  status, header, data = smb_read(smb)
  if(status ~= true) then
    return false, header
  end

  -- Parse out the header
  local pos, header1, header2, header3, header4, h_StructureSize, CreditCharge, Status, Command, CreditR, Flags, NextCommand, MessageId, Reserved, TreeId, SessionId, Signature1, Signature2 = bin.unpack("<CCCCSSISSIILIILLL", header)

  -- Get the protocol version
  local protocol_version = string.char(header1, header2, header3, header4)

  -- Check if we fell off the packet (if that happened, the last parameter will be nil)
  if(header1 == nil) then
    return false, "SMB: ERROR: Server returned less data than it was supposed to (one or more fields are missing); aborting [8]"
  end

  local SecurityBufferOffset, SecurityBufferLength, Reserved2, d_StructureSize
  pos, d_StructureSize, smb['SecurityMode'], smb['Dialect'], Reserved, smb['GUID1'], smb['GUID2'], smb['Capabilities']  = bin.unpack("<SSSSLLI", data)
  pos, smb['MaxTransactSize'], smb['MaxReadSize'], smb['MaxWriteSize'], smb['SystemTime'], smb['ServerStartTime'], 
        SecurityBufferOffset, SecurityBufferLength, Reserved2 = 
        bin.unpack("<IIILLSSI", data, pos)
  -- Check if we ran off the packet
  if(smb['Dialect'] == nil) then
    return false, "SMB: ERROR: Server returned less data than it was supposed to (one or more fields are missing); aborting [10]"
  end

  if(smb['SecurityMode'] == nil or smb['Capabilities'] == nil) then
    return false, "SMB: ERROR: Server returned less data than it was supposed to (one or more fields are missing); aborting [11]"
  end
  -- Some broken implementations of SMB don't send these variables
  if(smb['SystemTime'] == nil) then
    smb['SystemTime'] = 0
  end

  -- Convert the time and timezone to more useful values
  -- TODO: Time
  -- smb['SystemTime'] = (smb['SystemTime'] / 10000000) - 11644473600
  -- smb['Date'] = os.date("%Y-%m-%d %H:%M:%S", smb['SystemTime'])
  -- smb['timezone'] = -(smb['timezone'] / 60)
  -- if(smb['timezone'] == 0) then
  --   smb['timezone_str'] = "UTC+0"
  -- elseif(smb['timezone'] < 0) then
  --   smb['timezone_str'] = "UTC-" .. math.abs(smb['timezone'])
  -- else
  --   smb['timezone_str'] = "UTC+" .. smb['timezone']
  -- end

  -- do we have a security blob?
  if ( SecurityBufferLength > 0 ) then
    pos, smb['SecurityBlob'] = bin.unpack("<A" .. SecurityBufferLength, data, pos)
  end
  return true
end

function start_session(smb, log_errors, overrides)
  local header, data
    -- Make sure we have overrides
  overrides = overrides or {}
  local StructureSize = 25
  local Flags = 0x00
  local SecurityMode = 0x01
  local Capabilities = overrides["Capabilities"] or 0
  local Channel = 0
  local SecurityBufferOffset = 0x58
  local PreviousSessionId = 0

  -- Set a default status_name, in case everything fails
  local status_name = "An unknown error has occurred"

  local username, domain, password, password_hash, hash_type
  local result
  -- Get the first account, unless they overrode it
  if(overrides ~= nil and overrides['username'] ~= nil) then
    result = true
    username      = overrides['username']
    domain        = overrides['domain']
    password      = overrides['password']
    password_hash = overrides['password_hash']
    hash_type     = overrides['hash_type']
  else
    result, username, domain, password, password_hash, hash_type = smbauth.get_account(smb['host'])
    stdnse.debug1("password_hash: %s; hash_type: %s", password_hash, hash_type)
    if(not(result)) then
      return result, username
    end
  end

  -- check what kind of security blob we were given in the negotiate protocol request
  local sp_nego = false
  if ( smb['SecurityBlob'] and #smb['SecurityBlob'] > 11 ) then
    local pos, oid = bin.unpack(">A6", smb['SecurityBlob'], 5)
    sp_nego = ( oid == "\x2b\x06\x01\x05\x05\x02" ) -- check for SPNEGO OID 1.3.6.1.5.5.2
  end

  while result ~= false do
    -- These are loop variables
    local security_blob = nil
    local security_blob_length = 0

    repeat
      -- Get the new security blob, passing the old security blob as a parameter. If there was no previous security blob, then nil is passed, which creates a new one
      if ( not(security_blob) ) then
        status, security_blob, smb['mac_key'] = smbauth.get_security_blob(security_blob, smb['ip'], username, domain, password, password_hash, hash_type, (sp_nego and 0x00088215))
        if ( sp_nego ) then
          local enc = asn1.ASN1Encoder:new()
          local mechtype = enc:encode( { type = 'A0', value = enc:encode( { type = '30', value = enc:encode( { type = '06', value = bin.pack("H", "2b06010401823702020a") } ) } ) } )
          local oid = enc:encode( { type = '06', value = bin.pack("H", "2b0601050502") } )

          security_blob = enc:encode(security_blob)
          security_blob = enc:encode( { type = 'A2', value = security_blob } )
          security_blob = mechtype .. security_blob
          security_blob = enc:encode( { type = '30', value = security_blob } )
          security_blob = enc:encode( { type = 'A0', value = security_blob } )
          security_blob = oid .. security_blob
          security_blob = enc:encode( { type = '60', value = security_blob } )
        end
      else
        if ( sp_nego ) then
          if ( smb['domain'] or smb['server'] and ( not(domain) or #domain == 0 ) ) then
            domain = smb['domain'] or smb['server']
          end
          hash_type = "ntlm"
        end
        status, security_blob, smb['mac_key'] = smbauth.get_security_blob(security_blob, smb['ip'], username, domain, password, password_hash, hash_type, (sp_nego and 0x00088215))
        if ( sp_nego ) then
          local enc = asn1.ASN1Encoder:new()
          security_blob = enc:encode(security_blob)
          security_blob = enc:encode( { type = 'A2', value = security_blob } )
          security_blob = enc:encode( { type = '30', value = security_blob } )
          security_blob = enc:encode( { type = 'A1', value = security_blob } )
        end
      end

      -- There was an error processing the security blob
      if(status == false) then
        return false, string.format("SMB: ERROR: Security blob: %s", security_blob)
      end

      local data = bin.pack("<SCCIISSL", 
                            StructureSize,  --2 bytes
                            Flags,   --1 bytes
                            SecurityMode,   --1 bytes
                            Capabilities,       --4 bytes
                            Channel,   --4 bytes
                            SecurityBufferOffset,          --2 bytes
                            #security_blob,          --2 bytes
                            PreviousSessionId  --8 bytes
                            )

      header     = smb_encode_header_sync(smb, command_codes['SMB2_COM_SESSION_SETUP'], overrides)

      -- Data is a list of strings, terminated by a blank one.
      data = data .. bin.pack("<A",
        security_blob         -- Security blob
        )
      -- Send the session setup request
      stdnse.debug2("SMB: Sending SMB2_COM_SESSION_SETUP")
      result, err = smb_send(smb, header, data, overrides)
      if(result == false) then
        return false, err
      end

      -- Read the result
      status, header, data = smb_read(smb)
      if(status ~= true) then
        return false, header
      end

      -- Parse out the header
      pos, header1, header2, header3, header4, h_StructureSize, CreditCharge, Status, Command, CreditR, h_Flags, NextCommand, MessageId, Reserved, TreeId, smb['SessionId'], Signature1, Signature2 = bin.unpack("<CCCCSSISSIILIILLL", header)
      if(header1 == nil) then
        return false, "SMB: ERROR: Server returned less data than it was supposed to (one or more fields are missing); aborting [17]"
      end

      -- Get a human readable name
      status_name = get_status_name(Status)

      -- Only parse the parameters if it's ok or if we're going to keep going
      if(status_name == "NT_STATUS_SUCCESS" or status_name == "NT_STATUS_MORE_PROCESSING_REQUIRED") then
        -- Parse the parameters
        local s_StructureSize, s_SessionFlags, s_SecurityBufferOffset, s_SecurityBufferLength
        pos, s_StructureSize, s_SessionFlags, s_SecurityBufferOffset, s_SecurityBufferLength = bin.unpack("<SSSS", data)
        if(s_SecurityBufferLength == nil) then
          return false, "SMB: ERROR: Server returned less data than it was supposed to (one or more fields are missing); aborting [18]"
        end
        smb['is_guest']   = bit.band(s_SessionFlags, 1)

        -- Parse the data
        pos, security_blob = bin.unpack(string.format("<A%d", s_SecurityBufferLength), data, pos)

        if ( status_name == "NT_STATUS_MORE_PROCESSING_REQUIRED" and sp_nego ) then
          local start = security_blob:find("NTLMSSP")
          security_blob = security_blob:sub(start)
        end

        if(security_blob == nil) then
          return false, "SMB: ERROR: Server returned less data than it was supposed to (one or more fields are missing); aborting [19]"
        end
        if(status_name == "NT_STATUS_MORE_PROCESSING_REQUIRED") then
          local host_info = smbauth.get_host_info_from_security_blob(security_blob)
          if ( host_info ) then
            smb['fqdn'] = host_info['fqdn']
            smb['domain_dns'] = host_info['dns_domain_name']
            smb['forest_dns'] = host_info['dns_forest_name']
            smb['server'] = host_info['netbios_computer_name']
            smb['domain'] = host_info['netbios_domain_name']
          end
        end

        -- If it's ok, do a cleanup and return true
        if(status_name == "NT_STATUS_SUCCESS") then
          -- Check if they were logged in as a guest
          if(log_errors == nil or log_errors == true) then
            if(smb['is_guest'] == 1) then
              stdnse.debug1("SMB: Extended login to %s as %s\\%s failed, but was given guest access (username may be wrong, or system may only allow guest)", smb['ip'], domain, stdnse.string_or_blank(username))
            else
              stdnse.debug2("SMB: Extended login to %s as %s\\%s succeeded", smb['ip'], domain, stdnse.string_or_blank(username))
            end
          end

          -- Set the initial sequence number
          smb['sequence'] = 1

          return true
        end -- Status is ok
      end -- Should we parse the parameters/data?
    until status_name ~= "NT_STATUS_MORE_PROCESSING_REQUIRED"

    -- Check if we got the error NT_STATUS_REQUEST_NOT_ACCEPTED
    if(status == 0xc00000d0) then
      busy_count = busy_count + 1

      if(busy_count > 9) then
        return false, "SMB: ERROR: Server has too many active connections; giving up."
      end

      local backoff = math.random() * 10
      stdnse.debug1("SMB: Server has too many active connections; pausing for %s seconds.", math.floor(backoff * 100) / 100)
      stdnse.sleep(backoff)
    else
      -- Display a message to the user, and try the next account
      if(log_errors == nil or log_errors == true) then
        stdnse.debug1("SMB: Extended login to %s as %s\\%s failed (%s)", smb['ip'], domain, stdnse.string_or_blank(username), status_name)
      end

      --Go to the next account
      if(overrides == nil or overrides['username'] == nil) then
        smbauth.next_account(smb['host'])
        result, username, domain, password, password_hash, hash_type = smbauth.get_account(smb['host'])
        if(not(result)) then
          return false, username
        end
      else
        result = false
      end
      result = false
    end

  end -- Loop over the accounts

  if(log_errors == nil or log_errors == true) then
    stdnse.debug1("SMB: ERROR: All logins failed, sorry it didn't work out!")
  end

  return false, status_name
end

function tree_connect(smb, path, overrides)
  overrides = overrides or {}
  local buffer = ""
  for i = 1, #path do 
    buffer = buffer .. bin.pack("<S", path:byte(i))
  end
  local header = smb_encode_header_sync(smb, command_codes['SMB2_COM_TREE_CONNECT'], overrides)
  local StructureSize = 9
  local Reserved = 0
  local PathOffset = 0x48
  local PathLength = #buffer
  local data = bin.pack("<SSSS", 
                      StructureSize,  --2 bytes
                      Reserved,   --2 bytes
                      PathOffset,   --2 bytes
                      PathLength       --2 bytes
                      )
  data = data .. buffer
  stdnse.debug2("SMB: Sending SMB2_COM_TREE_CONNECT")
  local result, err, status
  result, err = smb_send(smb, header, data, overrides)
  if(result == false) then
    return false, err
  end

  -- Read the result
  status, header, data = smb_read(smb)
  if(status ~= true) then
    return false, header
  end

  -- Parse out the header
  local pos, header1, header2, header3, header4, h_StructureSize, CreditCharge, Status, Command, CreditR, h_Flags, NextCommand, MessageId, Reserved, Signature1, Signature2
  pos, header1, header2, header3, header4, h_StructureSize, CreditCharge, Status, Command, CreditR, h_Flags, NextCommand, MessageId, Reserved, smb["TreeId"], smb['SessionId'], Signature1, Signature2 = bin.unpack("<CCCCSSISSIILIILLL", header)
  if(header1 == nil) then
    return false, "SMB: ERROR: Server returned less data than it was supposed to (one or more fields are missing); aborting [17]"
  end

  if(Status ~= 0) then
    return false, get_status_name(Status)
  end

  return true
end

--- Disconnects a tree session. Should be called before logging off and disconnecting.
function tree_disconnect(smb, overrides)
  overrides = overrides or {}
  local header = smb_encode_header_sync(smb, command_codes['SMB2_COM_TREE_DISCONNECT'], overrides)
  local StructureSize = 4
  local Reserved = 0
  local data = bin.pack("<SS",
                        StructureSize,  -- 2 bytes
                        Reserved        -- 2 bytes
                        )
  local result, err
  result, err = smb_send(smb, header, data, overrides)
  if(result == false) then
    return false, err
  end 
  local status
  status, header, data = smb_read(smb)
  local pos, header1, header2, header3, header4, h_StructureSize, CreditCharge, Status, Command, CreditR, h_Flags, NextCommand, MessageId, Reserved, Signature1, Signature2
  pos, header1, header2, header3, header4, h_StructureSize, CreditCharge, Status, Command, CreditR, h_Flags, NextCommand, MessageId, Reserved, smb["TreeId"], smb['SessionId'], Signature1, Signature2 = bin.unpack("<CCCCSSISSIILIILLL", header)
  if(Status ~= 0) then
    return false, get_status_name(Status)
  end
  smb["TreeId"] = 0
  return true
end

---Logs off the current user. Strictly speaking this isn't necessary, but it's the polite thing to do.
--@return (status, result) If status is false, result is an error message. If status is true,
--              the logoff was successful.
function logoff(smb, overrides)
  overrides = overrides or {}
  local header = smb_encode_header_sync(smb, command_codes['SMB2_COM_LOGOFF'], overrides)
  local StructureSize = 4
  local Reserved = 0
  local data = bin.pack("<SS",
                        StructureSize,  -- 2 bytes
                        Reserved        -- 2 bytes
                        )
  local result, err
  result, err = smb_send(smb, header, data, overrides)
  if(result == false) then
    return false, err
  end 
  local status
  status, header, data = smb_read(smb)
  local pos, header1, header2, header3, header4, h_StructureSize, CreditCharge, Status, Command, CreditR, h_Flags, NextCommand, MessageId, Reserved, Signature1, Signature2
  pos, header1, header2, header3, header4, h_StructureSize, CreditCharge, Status, Command, CreditR, h_Flags, NextCommand, MessageId, Reserved, smb["TreeId"], smb['SessionId'], Signature1, Signature2 = bin.unpack("<CCCCSSISSIILIILLL", header)
  if(Status ~= 0) then
    return false, get_status_name(Status)
  end
  smb['MessageId'] = -1
  return true
end

function create_file(smb, path, overrides)
  overrides = overrides or {}
  local buffer = ""
  for i = 1, #path do 
    buffer = buffer .. bin.pack("<S", path:byte(i))
  end
  local header = smb_encode_header_sync(smb, command_codes['SMB2_COM_CREATE'], overrides)  
  local StructureSize = 57
  local SecurityFlags = 0
  local RequestedOplockLevel = smb2_OplockLevel['SMB2_OPLOCK_LEVEL_NONE']
  local ImpersonationLevel = smb2_ImpersonationLevel['Anonymous']
  local SmbCreateFlags = 0x0000000000000000
  local Reserved = 0x0000000000000000
  local DesiredAccess = bit.bor(directory_Access_Mask['GENERIC_WRITE'], directory_Access_Mask['GENERIC_READ'])
  local FileAttributes = file_attributes['FILE_ATTRIBUTE_NORMAL']
  local ShareAccess = bit.bor(file_share_access['FILE_SHARE_READ'], file_share_access['FILE_SHARE_WRITE'])
  local CreateDisposition = create_disposition['FILE_OPEN']
  local CreateOptions = 0x00000000
  local NameOffset = 0x0078
  local NameLength = #buffer
  local CreateContextsOffset = 0x0000
  local CreateContextsLength = 0
  local data = bin.pack("<SCCILLIIIIISSII", 
                      StructureSize,  --2 bytes
                      SecurityFlags,   --1 bytes
                      RequestedOplockLevel,   --1 bytes
                      ImpersonationLevel,       --4 bytes
                      SmbCreateFlags,   --8 bytes
                      Reserved,          --8 bytes
                      DesiredAccess,     --4 bytes
                      FileAttributes,     --4 bytes
                      ShareAccess,     --4 bytes
                      CreateDisposition,     --4 bytes
                      CreateOptions,     --4 bytes
                      NameOffset,     --2 bytes
                      NameLength,     --2 bytes
                      CreateContextsOffset,     --4 bytes
                      CreateContextsLength     --4 bytes
                      )
  data = data .. bin.pack("<A", buffer)
  local result, err
  result, err = smb_send(smb, header, data, overrides)
  if(result == false) then
    return false, err
  end 
  local status
  status, header, data = smb_read(smb)
  local pos, header1, header2, header3, header4, h_StructureSize, CreditCharge, Status, Command, CreditR, h_Flags, NextCommand, MessageId, Reserved, Signature1, Signature2
  pos, header1, header2, header3, header4, h_StructureSize, CreditCharge, Status, Command, CreditR, h_Flags, NextCommand, MessageId, Reserved, smb["TreeId"], smb['SessionId'], Signature1, Signature2 = bin.unpack("<CCCCSSISSIILIILLL", header)
  if(Status ~= 0) then
    return false, get_status_name(Status)
  end
  pos, _, smb['OplockLevel'], _, smb['CreateAction'], smb['CreationTime'], smb['LastAccessTime'],
   smb['LastWriteTime'], smb['ChangeTime'], smb['AllocationSize'], smb['EndofFile'], 
   smb['FileAttributes'], _, smb['FileId1'], smb['FileId2'] = bin.unpack("<SCCILLLLLLIILL", data)
end

function close_file(smb, overrides)
  overrides = overrides or {}
  local header = smb_encode_header_sync(smb, command_codes['SMB2_COM_CLOSE'], overrides)   
  local StructureSize = 24
  local Flags = 0x0000
  local Reserved = 0
  local response = {}
  local data = bin.pack("<SSILL",
                        StructureSize,    --2 bytes
                        Flags,            --2 bytes
                        Reserved,         --4 bytes
                        smb['FileId1'],   --8 bytes
                        smb['FileId2'])   --8 bytes
  local result, err
  result, err = smb_send(smb, header, data, overrides)
  if(result == false) then
    return false, err
  end  
  local status
  status, header, data = smb_read(smb)
  local pos, header1, header2, header3, header4, h_StructureSize, CreditCharge, Status, Command, CreditR, h_Flags, NextCommand, MessageId, Reserved, Signature1, Signature2
  pos, header1, header2, header3, header4, h_StructureSize, CreditCharge, Status, Command, CreditR, h_Flags, NextCommand, MessageId, Reserved, smb["TreeId"], smb['SessionId'], Signature1, Signature2 = bin.unpack("<CCCCSSISSIILIILLL", header)
  if(Status ~= 0) then
    return false, get_status_name(Status)
  end
  return true, response
end

function flush_file(smb, overrides)
  overrides = overrides or {}
  local header = smb_encode_header_sync(smb, command_codes['SMB2_COM_FLUSH'], overrides)   
  local StructureSize = 24
  local Reserved1 = 0
  local Reserved2 = 0
  local data = bin.pack("<SSILL",
                        StructureSize,    --2 bytes
                        Reserved1,         --2 bytes
                        Reserved2,         --4 bytes
                        smb['FileId1'],   --8 bytes
                        smb['FileId2'])   --8 bytes
  local result, err
  result, err = smb_send(smb, header, data, overrides)
  if(result == false) then
    return false, err
  end   
  local status
  status, header, data = smb_read(smb)
  local pos, header1, header2, header3, header4, h_StructureSize, CreditCharge, Status, Command, CreditR, h_Flags, NextCommand, MessageId, Reserved, Signature1, Signature2
  pos, header1, header2, header3, header4, h_StructureSize, CreditCharge, Status, Command, CreditR, h_Flags, NextCommand, MessageId, Reserved, smb["TreeId"], smb['SessionId'], Signature1, Signature2 = bin.unpack("<CCCCSSISSIILIILLL", header)
  if(Status ~= 0) then
    stdnse.debug1("Flush: %s", get_status_name(Status))
    return false, get_status_name(Status)
  end
  return true, data
end


smb2_ImpersonationLevel = 
{
  Anonymous       = 0x00000000,
  Identification  = 0x00000001,
  Impersonation   = 0x00000002,
  Delegate        = 0x00000003
}
smb2_OplockLevel = 
{
  SMB2_OPLOCK_LEVEL_NONE      = 0x00,   -- No oplock is requested.
  SMB2_OPLOCK_LEVEL_II        = 0x01,   -- A level II oplock is requested.
  SMB2_OPLOCK_LEVEL_EXCLUSIVE = 0x08,   -- An exclusive oplock is requested.
  SMB2_OPLOCK_LEVEL_BATCH     = 0x09,   -- A batch oplock is requested.
  SMB2_OPLOCK_LEVEL_LEASE     = 0xff    -- A lease is requested. If set, 
            -- the request packet MUST contain an SMB2_CREATE_REQUEST_LEASE 
            -- (section 2.2.13.2.8) create context. 
            -- This value is not valid for the SMB 2.002 dialect.
}
smb2_flags = 
{
  SMB2_FLAGS_RESPONSE          = 0x00000001,
  SMB2_FLAGS_ASYNC_CMD         = 0x00000002,
  SMB2_FLAGS_CHAINED           = 0x00000004,
  SMB2_FLAGS_SIGNATURE         = 0x00000008,
  SMB2_FLAGS_DFS_OP            = 0x10000000,
  SMB2_FLAGS_REPLAY_OPERATION  = 0x20000000,

  -- SMB2 FLAG MASKS 
  SMB2_FLAGS_ATTR_ENCRYPTED    = 0x00004000,
  SMB2_FLAGS_ATTR_INDEXED      = 0x00002000,
  SMB2_FLAGS_ATTR_OFFLINE      = 0x00001000,
  SMB2_FLAGS_ATTR_COMPRESSED   = 0x00000800,
  SMB2_FLAGS_ATTR_REPARSEPOINT = 0x00000400,
  SMB2_FLAGS_ATTR_SPARSE       = 0x00000200,
  SMB2_FLAGS_ATTR_TEMPORARY    = 0x00000100,
  SMB2_FLAGS_ATTR_NORMAL       = 0x00000080,
  SMB2_FLAGS_ATTR_DEVICE       = 0x00000040,
  SMB2_FLAGS_ATTR_ARCHIVE      = 0x00000020,
  SMB2_FLAGS_ATTR_DIRECTORY    = 0x00000010,
  SMB2_FLAGS_ATTR_VOLUMEID     = 0x00000008,
  SMB2_FLAGS_ATTR_SYSTEM       = 0x00000004,
  SMB2_FLAGS_ATTR_HIDDEN       = 0x00000002,
  SMB2_FLAGS_ATTR_READONLY     = 0x00000001

}

command_codes =
{
  SMB2_COM_NEGOTIATE              = 0x0000,
  SMB2_COM_SESSION_SETUP          = 0x0001,
  SMB2_COM_LOGOFF                 = 0x0002,
  SMB2_COM_TREE_CONNECT           = 0x0003,
  SMB2_COM_TREE_DISCONNECT        = 0x0004,
  SMB2_COM_CREATE                 = 0x0005,
  SMB2_COM_CLOSE                  = 0x0006,
  SMB2_COM_FLUSH                  = 0x0007,
  SMB2_COM_READ                   = 0x0008,
  SMB2_COM_WRITE                  = 0x0009,
  SMB2_COM_LOCK                   = 0x000A,
  SMB2_COM_IOCTL                  = 0x000B,
  SMB2_COM_CANCEL                 = 0x000C,
  SMB2_COM_ECHO                   = 0x000D,
  SMB2_COM_QUERY_DIRECTORY        = 0x000E,
  SMB2_COM_CHANGE_NOTIFY          = 0x000F,
  SMB2_COM_QUERY_INFO             = 0x0010,
  SMB2_COM_SET_INFO               = 0x0011,
  SMB2_COM_OPLOCK_BREAK           = 0x0012
}

for i, v in pairs(command_codes) do
  command_names[v] = i
end


-- see http://msdn.microsoft.com/en-us/library/cc231196(v=prot.10).aspx
status_codes =
{
  NT_STATUS_SUCCESS                           = 0x00000000,
  NT_STATUS_WERR_BADFILE                      = 0x00000002,
  NT_STATUS_WERR_ACCESS_DENIED                = 0x00000005,
  NT_STATUS_WERR_INVALID_PARAMETER            = 0x00000057,
  NT_STATUS_WERR_INVALID_NAME                 = 0x0000007b,
  NT_STATUS_WERR_UNKNOWN_LEVEL                = 0x0000007c,
  NT_STATUS_WERR_MORE_DATA                    = 0x000000ea,
  NT_STATUS_NO_MORE_ITEMS                     = 0x00000103,
  NT_STATUS_MORE_ENTRIES                      = 0x00000105,
  NT_STATUS_SOME_NOT_MAPPED                   = 0x00000107,
  NT_STATUS_SERVICE_REQUEST_TIMEOUT           = 0x0000041D,
  NT_STATUS_SERVICE_NO_THREAD                 = 0x0000041E,
  NT_STATUS_SERVICE_DATABASE_LOCKED           = 0x0000041F,
  NT_STATUS_SERVICE_ALREADY_RUNNING           = 0x00000420,
  NT_STATUS_INVALID_SERVICE_ACCOUNT           = 0x00000421,
  NT_STATUS_SERVICE_DISABLED                  = 0x00000422,
  NT_STATUS_CIRCULAR_DEPENDENCY               = 0x00000423,
  NT_STATUS_SERVICE_DOES_NOT_EXIST            = 0x00000424,
  NT_STATUS_SERVICE_CANNOT_ACCEPT_CTRL        = 0x00000425,
  NT_STATUS_SERVICE_NOT_ACTIVE                = 0x00000426,
  NT_STATUS_FAILED_SERVICE_CONTROLLER_CONNECT = 0x00000427,
  NT_STATUS_EXCEPTION_IN_SERVICE              = 0x00000428,
  NT_STATUS_DATABASE_DOES_NOT_EXIST           = 0x00000429,
  NT_STATUS_SERVICE_SPECIFIC_ERROR            = 0x0000042a,
  NT_STATUS_PROCESS_ABORTED                   = 0x0000042b,
  NT_STATUS_SERVICE_DEPENDENCY_FAIL           = 0x0000042c,
  NT_STATUS_SERVICE_LOGON_FAILED              = 0x0000042d,
  NT_STATUS_SERVICE_START_HANG                = 0x0000042e,
  NT_STATUS_INVALID_SERVICE_LOCK              = 0x0000042f,
  NT_STATUS_SERVICE_MARKED_FOR_DELETE         = 0x00000430,
  NT_STATUS_SERVICE_EXISTS                    = 0x00000431,
  NT_STATUS_ALREADY_RUNNING_LKG               = 0x00000432,
  NT_STATUS_SERVICE_DEPENDENCY_DELETED        = 0x00000433,
  NT_STATUS_BOOT_ALREADY_ACCEPTED             = 0x00000434,
  NT_STATUS_SERVICE_NEVER_STARTED             = 0x00000435,
  NT_STATUS_DUPLICATE_SERVICE_NAME            = 0x00000436,
  NT_STATUS_DIFFERENT_SERVICE_ACCOUNT         = 0x00000437,
  NT_STATUS_CANNOT_DETECT_DRIVER_FAILURE      = 0x00000438,
  DOS_STATUS_UNKNOWN_ERROR                    = 0x00010001,
  DOS_STATUS_NONSPECIFIC_ERROR                = 0x00010002,
  DOS_STATUS_DIRECTORY_NOT_FOUND              = 0x00030001,
  DOS_STATUS_ACCESS_DENIED                    = 0x00050001,
  DOS_STATUS_INVALID_FID                      = 0x00060001,
  DOS_STATUS_INVALID_NETWORK_NAME             = 0x00060002,
  NT_STATUS_BUFFER_OVERFLOW                   = 0x80000005,
  NT_STATUS_UNSUCCESSFUL                      = 0xc0000001,
  NT_STATUS_NOT_IMPLEMENTED                   = 0xc0000002,
  NT_STATUS_INVALID_INFO_CLASS                = 0xc0000003,
  NT_STATUS_INFO_LENGTH_MISMATCH              = 0xc0000004,
  NT_STATUS_ACCESS_VIOLATION                  = 0xc0000005,
  NT_STATUS_IN_PAGE_ERROR                     = 0xc0000006,
  NT_STATUS_PAGEFILE_QUOTA                    = 0xc0000007,
  NT_STATUS_INVALID_HANDLE                    = 0xc0000008,
  NT_STATUS_BAD_INITIAL_STACK                 = 0xc0000009,
  NT_STATUS_BAD_INITIAL_PC                    = 0xc000000a,
  NT_STATUS_INVALID_CID                       = 0xc000000b,
  NT_STATUS_TIMER_NOT_CANCELED                = 0xc000000c,
  NT_STATUS_INVALID_PARAMETER                 = 0xc000000d,
  NT_STATUS_NO_SUCH_DEVICE                    = 0xc000000e,
  NT_STATUS_NO_SUCH_FILE                      = 0xc000000f,
  NT_STATUS_INVALID_DEVICE_REQUEST            = 0xc0000010,
  NT_STATUS_END_OF_FILE                       = 0xc0000011,
  NT_STATUS_WRONG_VOLUME                      = 0xc0000012,
  NT_STATUS_NO_MEDIA_IN_DEVICE                = 0xc0000013,
  NT_STATUS_UNRECOGNIZED_MEDIA                = 0xc0000014,
  NT_STATUS_NONEXISTENT_SECTOR                = 0xc0000015,
  NT_STATUS_MORE_PROCESSING_REQUIRED          = 0xc0000016,
  NT_STATUS_NO_MEMORY                         = 0xc0000017,
  NT_STATUS_CONFLICTING_ADDRESSES             = 0xc0000018,
  NT_STATUS_NOT_MAPPED_VIEW                   = 0xc0000019,
  NT_STATUS_UNABLE_TO_FREE_VM                 = 0xc000001a,
  NT_STATUS_UNABLE_TO_DELETE_SECTION          = 0xc000001b,
  NT_STATUS_INVALID_SYSTEM_SERVICE            = 0xc000001c,
  NT_STATUS_ILLEGAL_INSTRUCTION               = 0xc000001d,
  NT_STATUS_INVALID_LOCK_SEQUENCE             = 0xc000001e,
  NT_STATUS_INVALID_VIEW_SIZE                 = 0xc000001f,
  NT_STATUS_INVALID_FILE_FOR_SECTION          = 0xc0000020,
  NT_STATUS_ALREADY_COMMITTED                 = 0xc0000021,
  NT_STATUS_ACCESS_DENIED                     = 0xc0000022,
  NT_STATUS_BUFFER_TOO_SMALL                  = 0xc0000023,
  NT_STATUS_OBJECT_TYPE_MISMATCH              = 0xc0000024,
  NT_STATUS_NONCONTINUABLE_EXCEPTION          = 0xc0000025,
  NT_STATUS_INVALID_DISPOSITION               = 0xc0000026,
  NT_STATUS_UNWIND                            = 0xc0000027,
  NT_STATUS_BAD_STACK                         = 0xc0000028,
  NT_STATUS_INVALID_UNWIND_TARGET             = 0xc0000029,
  NT_STATUS_NOT_LOCKED                        = 0xc000002a,
  NT_STATUS_PARITY_ERROR                      = 0xc000002b,
  NT_STATUS_UNABLE_TO_DECOMMIT_VM             = 0xc000002c,
  NT_STATUS_NOT_COMMITTED                     = 0xc000002d,
  NT_STATUS_INVALID_PORT_ATTRIBUTES           = 0xc000002e,
  NT_STATUS_PORT_MESSAGE_TOO_LONG             = 0xc000002f,
  NT_STATUS_INVALID_PARAMETER_MIX             = 0xc0000030,
  NT_STATUS_INVALID_QUOTA_LOWER               = 0xc0000031,
  NT_STATUS_DISK_CORRUPT_ERROR                = 0xc0000032,
  NT_STATUS_OBJECT_NAME_INVALID               = 0xc0000033,
  NT_STATUS_OBJECT_NAME_NOT_FOUND             = 0xc0000034,
  NT_STATUS_OBJECT_NAME_COLLISION             = 0xc0000035,
  NT_STATUS_HANDLE_NOT_WAITABLE               = 0xc0000036,
  NT_STATUS_PORT_DISCONNECTED                 = 0xc0000037,
  NT_STATUS_DEVICE_ALREADY_ATTACHED           = 0xc0000038,
  NT_STATUS_OBJECT_PATH_INVALID               = 0xc0000039,
  NT_STATUS_OBJECT_PATH_NOT_FOUND             = 0xc000003a,
  NT_STATUS_OBJECT_PATH_SYNTAX_BAD            = 0xc000003b,
  NT_STATUS_DATA_OVERRUN                      = 0xc000003c,
  NT_STATUS_DATA_LATE_ERROR                   = 0xc000003d,
  NT_STATUS_DATA_ERROR                        = 0xc000003e,
  NT_STATUS_CRC_ERROR                         = 0xc000003f,
  NT_STATUS_SECTION_TOO_BIG                   = 0xc0000040,
  NT_STATUS_PORT_CONNECTION_REFUSED           = 0xc0000041,
  NT_STATUS_INVALID_PORT_HANDLE               = 0xc0000042,
  NT_STATUS_SHARING_VIOLATION                 = 0xc0000043,
  NT_STATUS_QUOTA_EXCEEDED                    = 0xc0000044,
  NT_STATUS_INVALID_PAGE_PROTECTION           = 0xc0000045,
  NT_STATUS_MUTANT_NOT_OWNED                  = 0xc0000046,
  NT_STATUS_SEMAPHORE_LIMIT_EXCEEDED          = 0xc0000047,
  NT_STATUS_PORT_ALREADY_SET                  = 0xc0000048,
  NT_STATUS_SECTION_NOT_IMAGE                 = 0xc0000049,
  NT_STATUS_SUSPEND_COUNT_EXCEEDED            = 0xc000004a,
  NT_STATUS_THREAD_IS_TERMINATING             = 0xc000004b,
  NT_STATUS_BAD_WORKING_SET_LIMIT             = 0xc000004c,
  NT_STATUS_INCOMPATIBLE_FILE_MAP             = 0xc000004d,
  NT_STATUS_SECTION_PROTECTION                = 0xc000004e,
  NT_STATUS_EAS_NOT_SUPPORTED                 = 0xc000004f,
  NT_STATUS_EA_TOO_LARGE                      = 0xc0000050,
  NT_STATUS_NONEXISTENT_EA_ENTRY              = 0xc0000051,
  NT_STATUS_NO_EAS_ON_FILE                    = 0xc0000052,
  NT_STATUS_EA_CORRUPT_ERROR                  = 0xc0000053,
  NT_STATUS_FILE_LOCK_CONFLICT                = 0xc0000054,
  NT_STATUS_LOCK_NOT_GRANTED                  = 0xc0000055,
  NT_STATUS_DELETE_PENDING                    = 0xc0000056,
  NT_STATUS_CTL_FILE_NOT_SUPPORTED            = 0xc0000057,
  NT_STATUS_UNKNOWN_REVISION                  = 0xc0000058,
  NT_STATUS_REVISION_MISMATCH                 = 0xc0000059,
  NT_STATUS_INVALID_OWNER                     = 0xc000005a,
  NT_STATUS_INVALID_PRIMARY_GROUP             = 0xc000005b,
  NT_STATUS_NO_IMPERSONATION_TOKEN            = 0xc000005c,
  NT_STATUS_CANT_DISABLE_MANDATORY            = 0xc000005d,
  NT_STATUS_NO_LOGON_SERVERS                  = 0xc000005e,
  NT_STATUS_NO_SUCH_LOGON_SESSION             = 0xc000005f,
  NT_STATUS_NO_SUCH_PRIVILEGE                 = 0xc0000060,
  NT_STATUS_PRIVILEGE_NOT_HELD                = 0xc0000061,
  NT_STATUS_INVALID_ACCOUNT_NAME              = 0xc0000062,
  NT_STATUS_USER_EXISTS                       = 0xc0000063,
  NT_STATUS_NO_SUCH_USER                      = 0xc0000064,
  NT_STATUS_GROUP_EXISTS                      = 0xc0000065,
  NT_STATUS_NO_SUCH_GROUP                     = 0xc0000066,
  NT_STATUS_MEMBER_IN_GROUP                   = 0xc0000067,
  NT_STATUS_MEMBER_NOT_IN_GROUP               = 0xc0000068,
  NT_STATUS_LAST_ADMIN                        = 0xc0000069,
  NT_STATUS_WRONG_PASSWORD                    = 0xc000006a,
  NT_STATUS_ILL_FORMED_PASSWORD               = 0xc000006b,
  NT_STATUS_PASSWORD_RESTRICTION              = 0xc000006c,
  NT_STATUS_LOGON_FAILURE                     = 0xc000006d,
  NT_STATUS_ACCOUNT_RESTRICTION               = 0xc000006e,
  NT_STATUS_INVALID_LOGON_HOURS               = 0xc000006f,
  NT_STATUS_INVALID_WORKSTATION               = 0xc0000070,
  NT_STATUS_PASSWORD_EXPIRED                  = 0xc0000071,
  NT_STATUS_ACCOUNT_DISABLED                  = 0xc0000072,
  NT_STATUS_NONE_MAPPED                       = 0xc0000073,
  NT_STATUS_TOO_MANY_LUIDS_REQUESTED          = 0xc0000074,
  NT_STATUS_LUIDS_EXHAUSTED                   = 0xc0000075,
  NT_STATUS_INVALID_SUB_AUTHORITY             = 0xc0000076,
  NT_STATUS_INVALID_ACL                       = 0xc0000077,
  NT_STATUS_INVALID_SID                       = 0xc0000078,
  NT_STATUS_INVALID_SECURITY_DESCR            = 0xc0000079,
  NT_STATUS_PROCEDURE_NOT_FOUND               = 0xc000007a,
  NT_STATUS_INVALID_IMAGE_FORMAT              = 0xc000007b,
  NT_STATUS_NO_TOKEN                          = 0xc000007c,
  NT_STATUS_BAD_INHERITANCE_ACL               = 0xc000007d,
  NT_STATUS_RANGE_NOT_LOCKED                  = 0xc000007e,
  NT_STATUS_DISK_FULL                         = 0xc000007f,
  NT_STATUS_SERVER_DISABLED                   = 0xc0000080,
  NT_STATUS_SERVER_NOT_DISABLED               = 0xc0000081,
  NT_STATUS_TOO_MANY_GUIDS_REQUESTED          = 0xc0000082,
  NT_STATUS_GUIDS_EXHAUSTED                   = 0xc0000083,
  NT_STATUS_INVALID_ID_AUTHORITY              = 0xc0000084,
  NT_STATUS_AGENTS_EXHAUSTED                  = 0xc0000085,
  NT_STATUS_INVALID_VOLUME_LABEL              = 0xc0000086,
  NT_STATUS_SECTION_NOT_EXTENDED              = 0xc0000087,
  NT_STATUS_NOT_MAPPED_DATA                   = 0xc0000088,
  NT_STATUS_RESOURCE_DATA_NOT_FOUND           = 0xc0000089,
  NT_STATUS_RESOURCE_TYPE_NOT_FOUND           = 0xc000008a,
  NT_STATUS_RESOURCE_NAME_NOT_FOUND           = 0xc000008b,
  NT_STATUS_ARRAY_BOUNDS_EXCEEDED             = 0xc000008c,
  NT_STATUS_FLOAT_DENORMAL_OPERAND            = 0xc000008d,
  NT_STATUS_FLOAT_DIVIDE_BY_ZERO              = 0xc000008e,
  NT_STATUS_FLOAT_INEXACT_RESULT              = 0xc000008f,
  NT_STATUS_FLOAT_INVALID_OPERATION           = 0xc0000090,
  NT_STATUS_FLOAT_OVERFLOW                    = 0xc0000091,
  NT_STATUS_FLOAT_STACK_CHECK                 = 0xc0000092,
  NT_STATUS_FLOAT_UNDERFLOW                   = 0xc0000093,
  NT_STATUS_INTEGER_DIVIDE_BY_ZERO            = 0xc0000094,
  NT_STATUS_INTEGER_OVERFLOW                  = 0xc0000095,
  NT_STATUS_PRIVILEGED_INSTRUCTION            = 0xc0000096,
  NT_STATUS_TOO_MANY_PAGING_FILES             = 0xc0000097,
  NT_STATUS_FILE_INVALID                      = 0xc0000098,
  NT_STATUS_ALLOTTED_SPACE_EXCEEDED           = 0xc0000099,
  NT_STATUS_INSUFFICIENT_RESOURCES            = 0xc000009a,
  NT_STATUS_DFS_EXIT_PATH_FOUND               = 0xc000009b,
  NT_STATUS_DEVICE_DATA_ERROR                 = 0xc000009c,
  NT_STATUS_DEVICE_NOT_CONNECTED              = 0xc000009d,
  NT_STATUS_DEVICE_POWER_FAILURE              = 0xc000009e,
  NT_STATUS_FREE_VM_NOT_AT_BASE               = 0xc000009f,
  NT_STATUS_MEMORY_NOT_ALLOCATED              = 0xc00000a0,
  NT_STATUS_WORKING_SET_QUOTA                 = 0xc00000a1,
  NT_STATUS_MEDIA_WRITE_PROTECTED             = 0xc00000a2,
  NT_STATUS_DEVICE_NOT_READY                  = 0xc00000a3,
  NT_STATUS_INVALID_GROUP_ATTRIBUTES          = 0xc00000a4,
  NT_STATUS_BAD_IMPERSONATION_LEVEL           = 0xc00000a5,
  NT_STATUS_CANT_OPEN_ANONYMOUS               = 0xc00000a6,
  NT_STATUS_BAD_VALIDATION_CLASS              = 0xc00000a7,
  NT_STATUS_BAD_TOKEN_TYPE                    = 0xc00000a8,
  NT_STATUS_BAD_MASTER_BOOT_RECORD            = 0xc00000a9,
  NT_STATUS_INSTRUCTION_MISALIGNMENT          = 0xc00000aa,
  NT_STATUS_INSTANCE_NOT_AVAILABLE            = 0xc00000ab,
  NT_STATUS_PIPE_NOT_AVAILABLE                = 0xc00000ac,
  NT_STATUS_INVALID_PIPE_STATE                = 0xc00000ad,
  NT_STATUS_PIPE_BUSY                         = 0xc00000ae,
  NT_STATUS_ILLEGAL_FUNCTION                  = 0xc00000af,
  NT_STATUS_PIPE_DISCONNECTED                 = 0xc00000b0,
  NT_STATUS_PIPE_CLOSING                      = 0xc00000b1,
  NT_STATUS_PIPE_CONNECTED                    = 0xc00000b2,
  NT_STATUS_PIPE_LISTENING                    = 0xc00000b3,
  NT_STATUS_INVALID_READ_MODE                 = 0xc00000b4,
  NT_STATUS_IO_TIMEOUT                        = 0xc00000b5,
  NT_STATUS_FILE_FORCED_CLOSED                = 0xc00000b6,
  NT_STATUS_PROFILING_NOT_STARTED             = 0xc00000b7,
  NT_STATUS_PROFILING_NOT_STOPPED             = 0xc00000b8,
  NT_STATUS_COULD_NOT_INTERPRET               = 0xc00000b9,
  NT_STATUS_FILE_IS_A_DIRECTORY               = 0xc00000ba,
  NT_STATUS_NOT_SUPPORTED                     = 0xc00000bb,
  NT_STATUS_REMOTE_NOT_LISTENING              = 0xc00000bc,
  NT_STATUS_DUPLICATE_NAME                    = 0xc00000bd,
  NT_STATUS_BAD_NETWORK_PATH                  = 0xc00000be,
  NT_STATUS_NETWORK_BUSY                      = 0xc00000bf,
  NT_STATUS_DEVICE_DOES_NOT_EXIST             = 0xc00000c0,
  NT_STATUS_TOO_MANY_COMMANDS                 = 0xc00000c1,
  NT_STATUS_ADAPTER_HARDWARE_ERROR            = 0xc00000c2,
  NT_STATUS_INVALID_NETWORK_RESPONSE          = 0xc00000c3,
  NT_STATUS_UNEXPECTED_NETWORK_ERROR          = 0xc00000c4,
  NT_STATUS_BAD_REMOTE_ADAPTER                = 0xc00000c5,
  NT_STATUS_PRINT_QUEUE_FULL                  = 0xc00000c6,
  NT_STATUS_NO_SPOOL_SPACE                    = 0xc00000c7,
  NT_STATUS_PRINT_CANCELLED                   = 0xc00000c8,
  NT_STATUS_NETWORK_NAME_DELETED              = 0xc00000c9,
  NT_STATUS_NETWORK_ACCESS_DENIED             = 0xc00000ca,
  NT_STATUS_BAD_DEVICE_TYPE                   = 0xc00000cb,
  NT_STATUS_BAD_NETWORK_NAME                  = 0xc00000cc,
  NT_STATUS_TOO_MANY_NAMES                    = 0xc00000cd,
  NT_STATUS_TOO_MANY_SESSIONS                 = 0xc00000ce,
  NT_STATUS_SHARING_PAUSED                    = 0xc00000cf,
  NT_STATUS_REQUEST_NOT_ACCEPTED              = 0xc00000d0,
  NT_STATUS_REDIRECTOR_PAUSED                 = 0xc00000d1,
  NT_STATUS_NET_WRITE_FAULT                   = 0xc00000d2,
  NT_STATUS_PROFILING_AT_LIMIT                = 0xc00000d3,
  NT_STATUS_NOT_SAME_DEVICE                   = 0xc00000d4,
  NT_STATUS_FILE_RENAMED                      = 0xc00000d5,
  NT_STATUS_VIRTUAL_CIRCUIT_CLOSED            = 0xc00000d6,
  NT_STATUS_NO_SECURITY_ON_OBJECT             = 0xc00000d7,
  NT_STATUS_CANT_WAIT                         = 0xc00000d8,
  NT_STATUS_PIPE_EMPTY                        = 0xc00000d9,
  NT_STATUS_CANT_ACCESS_DOMAIN_INFO           = 0xc00000da,
  NT_STATUS_CANT_TERMINATE_SELF               = 0xc00000db,
  NT_STATUS_INVALID_SERVER_STATE              = 0xc00000dc,
  NT_STATUS_INVALID_DOMAIN_STATE              = 0xc00000dd,
  NT_STATUS_INVALID_DOMAIN_ROLE               = 0xc00000de,
  NT_STATUS_NO_SUCH_DOMAIN                    = 0xc00000df,
  NT_STATUS_DOMAIN_EXISTS                     = 0xc00000e0,
  NT_STATUS_DOMAIN_LIMIT_EXCEEDED             = 0xc00000e1,
  NT_STATUS_OPLOCK_NOT_GRANTED                = 0xc00000e2,
  NT_STATUS_INVALID_OPLOCK_PROTOCOL           = 0xc00000e3,
  NT_STATUS_INTERNAL_DB_CORRUPTION            = 0xc00000e4,
  NT_STATUS_INTERNAL_ERROR                    = 0xc00000e5,
  NT_STATUS_GENERIC_NOT_MAPPED                = 0xc00000e6,
  NT_STATUS_BAD_DESCRIPTOR_FORMAT             = 0xc00000e7,
  NT_STATUS_INVALID_USER_BUFFER               = 0xc00000e8,
  NT_STATUS_UNEXPECTED_IO_ERROR               = 0xc00000e9,
  NT_STATUS_UNEXPECTED_MM_CREATE_ERR          = 0xc00000ea,
  NT_STATUS_UNEXPECTED_MM_MAP_ERROR           = 0xc00000eb,
  NT_STATUS_UNEXPECTED_MM_EXTEND_ERR          = 0xc00000ec,
  NT_STATUS_NOT_LOGON_PROCESS                 = 0xc00000ed,
  NT_STATUS_LOGON_SESSION_EXISTS              = 0xc00000ee,
  NT_STATUS_INVALID_PARAMETER_1               = 0xc00000ef,
  NT_STATUS_INVALID_PARAMETER_2               = 0xc00000f0,
  NT_STATUS_INVALID_PARAMETER_3               = 0xc00000f1,
  NT_STATUS_INVALID_PARAMETER_4               = 0xc00000f2,
  NT_STATUS_INVALID_PARAMETER_5               = 0xc00000f3,
  NT_STATUS_INVALID_PARAMETER_6               = 0xc00000f4,
  NT_STATUS_INVALID_PARAMETER_7               = 0xc00000f5,
  NT_STATUS_INVALID_PARAMETER_8               = 0xc00000f6,
  NT_STATUS_INVALID_PARAMETER_9               = 0xc00000f7,
  NT_STATUS_INVALID_PARAMETER_10              = 0xc00000f8,
  NT_STATUS_INVALID_PARAMETER_11              = 0xc00000f9,
  NT_STATUS_INVALID_PARAMETER_12              = 0xc00000fa,
  NT_STATUS_REDIRECTOR_NOT_STARTED            = 0xc00000fb,
  NT_STATUS_REDIRECTOR_STARTED                = 0xc00000fc,
  NT_STATUS_STACK_OVERFLOW                    = 0xc00000fd,
  NT_STATUS_NO_SUCH_PACKAGE                   = 0xc00000fe,
  NT_STATUS_BAD_FUNCTION_TABLE                = 0xc00000ff,
  NT_STATUS_DIRECTORY_NOT_EMPTY               = 0xc0000101,
  NT_STATUS_FILE_CORRUPT_ERROR                = 0xc0000102,
  NT_STATUS_NOT_A_DIRECTORY                   = 0xc0000103,
  NT_STATUS_BAD_LOGON_SESSION_STATE           = 0xc0000104,
  NT_STATUS_LOGON_SESSION_COLLISION           = 0xc0000105,
  NT_STATUS_NAME_TOO_LONG                     = 0xc0000106,
  NT_STATUS_FILES_OPEN                        = 0xc0000107,
  NT_STATUS_CONNECTION_IN_USE                 = 0xc0000108,
  NT_STATUS_MESSAGE_NOT_FOUND                 = 0xc0000109,
  NT_STATUS_PROCESS_IS_TERMINATING            = 0xc000010a,
  NT_STATUS_INVALID_LOGON_TYPE                = 0xc000010b,
  NT_STATUS_NO_GUID_TRANSLATION               = 0xc000010c,
  NT_STATUS_CANNOT_IMPERSONATE                = 0xc000010d,
  NT_STATUS_IMAGE_ALREADY_LOADED              = 0xc000010e,
  NT_STATUS_ABIOS_NOT_PRESENT                 = 0xc000010f,
  NT_STATUS_ABIOS_LID_NOT_EXIST               = 0xc0000110,
  NT_STATUS_ABIOS_LID_ALREADY_OWNED           = 0xc0000111,
  NT_STATUS_ABIOS_NOT_LID_OWNER               = 0xc0000112,
  NT_STATUS_ABIOS_INVALID_COMMAND             = 0xc0000113,
  NT_STATUS_ABIOS_INVALID_LID                 = 0xc0000114,
  NT_STATUS_ABIOS_SELECTOR_NOT_AVAILABLE      = 0xc0000115,
  NT_STATUS_ABIOS_INVALID_SELECTOR            = 0xc0000116,
  NT_STATUS_NO_LDT                            = 0xc0000117,
  NT_STATUS_INVALID_LDT_SIZE                  = 0xc0000118,
  NT_STATUS_INVALID_LDT_OFFSET                = 0xc0000119,
  NT_STATUS_INVALID_LDT_DESCRIPTOR            = 0xc000011a,
  NT_STATUS_INVALID_IMAGE_NE_FORMAT           = 0xc000011b,
  NT_STATUS_RXACT_INVALID_STATE               = 0xc000011c,
  NT_STATUS_RXACT_COMMIT_FAILURE              = 0xc000011d,
  NT_STATUS_MAPPED_FILE_SIZE_ZERO             = 0xc000011e,
  NT_STATUS_TOO_MANY_OPENED_FILES             = 0xc000011f,
  NT_STATUS_CANCELLED                         = 0xc0000120,
  NT_STATUS_CANNOT_DELETE                     = 0xc0000121,
  NT_STATUS_INVALID_COMPUTER_NAME             = 0xc0000122,
  NT_STATUS_FILE_DELETED                      = 0xc0000123,
  NT_STATUS_SPECIAL_ACCOUNT                   = 0xc0000124,
  NT_STATUS_SPECIAL_GROUP                     = 0xc0000125,
  NT_STATUS_SPECIAL_USER                      = 0xc0000126,
  NT_STATUS_MEMBERS_PRIMARY_GROUP             = 0xc0000127,
  NT_STATUS_FILE_CLOSED                       = 0xc0000128,
  NT_STATUS_TOO_MANY_THREADS                  = 0xc0000129,
  NT_STATUS_THREAD_NOT_IN_PROCESS             = 0xc000012a,
  NT_STATUS_TOKEN_ALREADY_IN_USE              = 0xc000012b,
  NT_STATUS_PAGEFILE_QUOTA_EXCEEDED           = 0xc000012c,
  NT_STATUS_COMMITMENT_LIMIT                  = 0xc000012d,
  NT_STATUS_INVALID_IMAGE_LE_FORMAT           = 0xc000012e,
  NT_STATUS_INVALID_IMAGE_NOT_MZ              = 0xc000012f,
  NT_STATUS_INVALID_IMAGE_PROTECT             = 0xc0000130,
  NT_STATUS_INVALID_IMAGE_WIN_16              = 0xc0000131,
  NT_STATUS_LOGON_SERVER_CONFLICT             = 0xc0000132,
  NT_STATUS_TIME_DIFFERENCE_AT_DC             = 0xc0000133,
  NT_STATUS_SYNCHRONIZATION_REQUIRED          = 0xc0000134,
  NT_STATUS_DLL_NOT_FOUND                     = 0xc0000135,
  NT_STATUS_OPEN_FAILED                       = 0xc0000136,
  NT_STATUS_IO_PRIVILEGE_FAILED               = 0xc0000137,
  NT_STATUS_ORDINAL_NOT_FOUND                 = 0xc0000138,
  NT_STATUS_ENTRYPOINT_NOT_FOUND              = 0xc0000139,
  NT_STATUS_CONTROL_C_EXIT                    = 0xc000013a,
  NT_STATUS_LOCAL_DISCONNECT                  = 0xc000013b,
  NT_STATUS_REMOTE_DISCONNECT                 = 0xc000013c,
  NT_STATUS_REMOTE_RESOURCES                  = 0xc000013d,
  NT_STATUS_LINK_FAILED                       = 0xc000013e,
  NT_STATUS_LINK_TIMEOUT                      = 0xc000013f,
  NT_STATUS_INVALID_CONNECTION                = 0xc0000140,
  NT_STATUS_INVALID_ADDRESS                   = 0xc0000141,
  NT_STATUS_DLL_INIT_FAILED                   = 0xc0000142,
  NT_STATUS_MISSING_SYSTEMFILE                = 0xc0000143,
  NT_STATUS_UNHANDLED_EXCEPTION               = 0xc0000144,
  NT_STATUS_APP_INIT_FAILURE                  = 0xc0000145,
  NT_STATUS_PAGEFILE_CREATE_FAILED            = 0xc0000146,
  NT_STATUS_NO_PAGEFILE                       = 0xc0000147,
  NT_STATUS_INVALID_LEVEL                     = 0xc0000148,
  NT_STATUS_WRONG_PASSWORD_CORE               = 0xc0000149,
  NT_STATUS_ILLEGAL_FLOAT_CONTEXT             = 0xc000014a,
  NT_STATUS_PIPE_BROKEN                       = 0xc000014b,
  NT_STATUS_REGISTRY_CORRUPT                  = 0xc000014c,
  NT_STATUS_REGISTRY_IO_FAILED                = 0xc000014d,
  NT_STATUS_NO_EVENT_PAIR                     = 0xc000014e,
  NT_STATUS_UNRECOGNIZED_VOLUME               = 0xc000014f,
  NT_STATUS_SERIAL_NO_DEVICE_INITED           = 0xc0000150,
  NT_STATUS_NO_SUCH_ALIAS                     = 0xc0000151,
  NT_STATUS_MEMBER_NOT_IN_ALIAS               = 0xc0000152,
  NT_STATUS_MEMBER_IN_ALIAS                   = 0xc0000153,
  NT_STATUS_ALIAS_EXISTS                      = 0xc0000154,
  NT_STATUS_LOGON_NOT_GRANTED                 = 0xc0000155,
  NT_STATUS_TOO_MANY_SECRETS                  = 0xc0000156,
  NT_STATUS_SECRET_TOO_LONG                   = 0xc0000157,
  NT_STATUS_INTERNAL_DB_ERROR                 = 0xc0000158,
  NT_STATUS_FULLSCREEN_MODE                   = 0xc0000159,
  NT_STATUS_TOO_MANY_CONTEXT_IDS              = 0xc000015a,
  NT_STATUS_LOGON_TYPE_NOT_GRANTED            = 0xc000015b,
  NT_STATUS_NOT_REGISTRY_FILE                 = 0xc000015c,
  NT_STATUS_NT_CROSS_ENCRYPTION_REQUIRED      = 0xc000015d,
  NT_STATUS_DOMAIN_CTRLR_CONFIG_ERROR         = 0xc000015e,
  NT_STATUS_FT_MISSING_MEMBER                 = 0xc000015f,
  NT_STATUS_ILL_FORMED_SERVICE_ENTRY          = 0xc0000160,
  NT_STATUS_ILLEGAL_CHARACTER                 = 0xc0000161,
  NT_STATUS_UNMAPPABLE_CHARACTER              = 0xc0000162,
  NT_STATUS_UNDEFINED_CHARACTER               = 0xc0000163,
  NT_STATUS_FLOPPY_VOLUME                     = 0xc0000164,
  NT_STATUS_FLOPPY_ID_MARK_NOT_FOUND          = 0xc0000165,
  NT_STATUS_FLOPPY_WRONG_CYLINDER             = 0xc0000166,
  NT_STATUS_FLOPPY_UNKNOWN_ERROR              = 0xc0000167,
  NT_STATUS_FLOPPY_BAD_REGISTERS              = 0xc0000168,
  NT_STATUS_DISK_RECALIBRATE_FAILED           = 0xc0000169,
  NT_STATUS_DISK_OPERATION_FAILED             = 0xc000016a,
  NT_STATUS_DISK_RESET_FAILED                 = 0xc000016b,
  NT_STATUS_SHARED_IRQ_BUSY                   = 0xc000016c,
  NT_STATUS_FT_ORPHANING                      = 0xc000016d,
  NT_STATUS_PARTITION_FAILURE                 = 0xc0000172,
  NT_STATUS_INVALID_BLOCK_LENGTH              = 0xc0000173,
  NT_STATUS_DEVICE_NOT_PARTITIONED            = 0xc0000174,
  NT_STATUS_UNABLE_TO_LOCK_MEDIA              = 0xc0000175,
  NT_STATUS_UNABLE_TO_UNLOAD_MEDIA            = 0xc0000176,
  NT_STATUS_EOM_OVERFLOW                      = 0xc0000177,
  NT_STATUS_NO_MEDIA                          = 0xc0000178,
  NT_STATUS_NO_SUCH_MEMBER                    = 0xc000017a,
  NT_STATUS_INVALID_MEMBER                    = 0xc000017b,
  NT_STATUS_KEY_DELETED                       = 0xc000017c,
  NT_STATUS_NO_LOG_SPACE                      = 0xc000017d,
  NT_STATUS_TOO_MANY_SIDS                     = 0xc000017e,
  NT_STATUS_LM_CROSS_ENCRYPTION_REQUIRED      = 0xc000017f,
  NT_STATUS_KEY_HAS_CHILDREN                  = 0xc0000180,
  NT_STATUS_CHILD_MUST_BE_VOLATILE            = 0xc0000181,
  NT_STATUS_DEVICE_CONFIGURATION_ERROR        = 0xc0000182,
  NT_STATUS_DRIVER_INTERNAL_ERROR             = 0xc0000183,
  NT_STATUS_INVALID_DEVICE_STATE              = 0xc0000184,
  NT_STATUS_IO_DEVICE_ERROR                   = 0xc0000185,
  NT_STATUS_DEVICE_PROTOCOL_ERROR             = 0xc0000186,
  NT_STATUS_BACKUP_CONTROLLER                 = 0xc0000187,
  NT_STATUS_LOG_FILE_FULL                     = 0xc0000188,
  NT_STATUS_TOO_LATE                          = 0xc0000189,
  NT_STATUS_NO_TRUST_LSA_SECRET               = 0xc000018a,
  NT_STATUS_NO_TRUST_SAM_ACCOUNT              = 0xc000018b,
  NT_STATUS_TRUSTED_DOMAIN_FAILURE            = 0xc000018c,
  NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE      = 0xc000018d,
  NT_STATUS_EVENTLOG_FILE_CORRUPT             = 0xc000018e,
  NT_STATUS_EVENTLOG_CANT_START               = 0xc000018f,
  NT_STATUS_TRUST_FAILURE                     = 0xc0000190,
  NT_STATUS_MUTANT_LIMIT_EXCEEDED             = 0xc0000191,
  NT_STATUS_NETLOGON_NOT_STARTED              = 0xc0000192,
  NT_STATUS_ACCOUNT_EXPIRED                   = 0xc0000193,
  NT_STATUS_POSSIBLE_DEADLOCK                 = 0xc0000194,
  NT_STATUS_NETWORK_CREDENTIAL_CONFLICT       = 0xc0000195,
  NT_STATUS_REMOTE_SESSION_LIMIT              = 0xc0000196,
  NT_STATUS_EVENTLOG_FILE_CHANGED             = 0xc0000197,
  NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT = 0xc0000198,
  NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT = 0xc0000199,
  NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT      = 0xc000019a,
  NT_STATUS_DOMAIN_TRUST_INCONSISTENT         = 0xc000019b,
  NT_STATUS_FS_DRIVER_REQUIRED                = 0xc000019c,
  NT_STATUS_NO_USER_SESSION_KEY               = 0xc0000202,
  NT_STATUS_USER_SESSION_DELETED              = 0xc0000203,
  NT_STATUS_RESOURCE_LANG_NOT_FOUND           = 0xc0000204,
  NT_STATUS_INSUFF_SERVER_RESOURCES           = 0xc0000205,
  NT_STATUS_INVALID_BUFFER_SIZE               = 0xc0000206,
  NT_STATUS_INVALID_ADDRESS_COMPONENT         = 0xc0000207,
  NT_STATUS_INVALID_ADDRESS_WILDCARD          = 0xc0000208,
  NT_STATUS_TOO_MANY_ADDRESSES                = 0xc0000209,
  NT_STATUS_ADDRESS_ALREADY_EXISTS            = 0xc000020a,
  NT_STATUS_ADDRESS_CLOSED                    = 0xc000020b,
  NT_STATUS_CONNECTION_DISCONNECTED           = 0xc000020c,
  NT_STATUS_CONNECTION_RESET                  = 0xc000020d,
  NT_STATUS_TOO_MANY_NODES                    = 0xc000020e,
  NT_STATUS_TRANSACTION_ABORTED               = 0xc000020f,
  NT_STATUS_TRANSACTION_TIMED_OUT             = 0xc0000210,
  NT_STATUS_TRANSACTION_NO_RELEASE            = 0xc0000211,
  NT_STATUS_TRANSACTION_NO_MATCH              = 0xc0000212,
  NT_STATUS_TRANSACTION_RESPONDED             = 0xc0000213,
  NT_STATUS_TRANSACTION_INVALID_ID            = 0xc0000214,
  NT_STATUS_TRANSACTION_INVALID_TYPE          = 0xc0000215,
  NT_STATUS_NOT_SERVER_SESSION                = 0xc0000216,
  NT_STATUS_NOT_CLIENT_SESSION                = 0xc0000217,
  NT_STATUS_CANNOT_LOAD_REGISTRY_FILE         = 0xc0000218,
  NT_STATUS_DEBUG_ATTACH_FAILED               = 0xc0000219,
  NT_STATUS_SYSTEM_PROCESS_TERMINATED         = 0xc000021a,
  NT_STATUS_DATA_NOT_ACCEPTED                 = 0xc000021b,
  NT_STATUS_NO_BROWSER_SERVERS_FOUND          = 0xc000021c,
  NT_STATUS_VDM_HARD_ERROR                    = 0xc000021d,
  NT_STATUS_DRIVER_CANCEL_TIMEOUT             = 0xc000021e,
  NT_STATUS_REPLY_MESSAGE_MISMATCH            = 0xc000021f,
  NT_STATUS_MAPPED_ALIGNMENT                  = 0xc0000220,
  NT_STATUS_IMAGE_CHECKSUM_MISMATCH           = 0xc0000221,
  NT_STATUS_LOST_WRITEBEHIND_DATA             = 0xc0000222,
  NT_STATUS_CLIENT_SERVER_PARAMETERS_INVALID  = 0xc0000223,
  NT_STATUS_PASSWORD_MUST_CHANGE              = 0xc0000224,
  NT_STATUS_NOT_FOUND                         = 0xc0000225,
  NT_STATUS_NOT_TINY_STREAM                   = 0xc0000226,
  NT_STATUS_RECOVERY_FAILURE                  = 0xc0000227,
  NT_STATUS_STACK_OVERFLOW_READ               = 0xc0000228,
  NT_STATUS_FAIL_CHECK                        = 0xc0000229,
  NT_STATUS_DUPLICATE_OBJECTID                = 0xc000022a,
  NT_STATUS_OBJECTID_EXISTS                   = 0xc000022b,
  NT_STATUS_CONVERT_TO_LARGE                  = 0xc000022c,
  NT_STATUS_RETRY                             = 0xc000022d,
  NT_STATUS_FOUND_OUT_OF_SCOPE                = 0xc000022e,
  NT_STATUS_ALLOCATE_BUCKET                   = 0xc000022f,
  NT_STATUS_PROPSET_NOT_FOUND                 = 0xc0000230,
  NT_STATUS_MARSHALL_OVERFLOW                 = 0xc0000231,
  NT_STATUS_INVALID_VARIANT                   = 0xc0000232,
  NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND       = 0xc0000233,
  NT_STATUS_ACCOUNT_LOCKED_OUT                = 0xc0000234,
  NT_STATUS_HANDLE_NOT_CLOSABLE               = 0xc0000235,
  NT_STATUS_CONNECTION_REFUSED                = 0xc0000236,
  NT_STATUS_GRACEFUL_DISCONNECT               = 0xc0000237,
  NT_STATUS_ADDRESS_ALREADY_ASSOCIATED        = 0xc0000238,
  NT_STATUS_ADDRESS_NOT_ASSOCIATED            = 0xc0000239,
  NT_STATUS_CONNECTION_INVALID                = 0xc000023a,
  NT_STATUS_CONNECTION_ACTIVE                 = 0xc000023b,
  NT_STATUS_NETWORK_UNREACHABLE               = 0xc000023c,
  NT_STATUS_HOST_UNREACHABLE                  = 0xc000023d,
  NT_STATUS_PROTOCOL_UNREACHABLE              = 0xc000023e,
  NT_STATUS_PORT_UNREACHABLE                  = 0xc000023f,
  NT_STATUS_REQUEST_ABORTED                   = 0xc0000240,
  NT_STATUS_CONNECTION_ABORTED                = 0xc0000241,
  NT_STATUS_BAD_COMPRESSION_BUFFER            = 0xc0000242,
  NT_STATUS_USER_MAPPED_FILE                  = 0xc0000243,
  NT_STATUS_AUDIT_FAILED                      = 0xc0000244,
  NT_STATUS_TIMER_RESOLUTION_NOT_SET          = 0xc0000245,
  NT_STATUS_CONNECTION_COUNT_LIMIT            = 0xc0000246,
  NT_STATUS_LOGIN_TIME_RESTRICTION            = 0xc0000247,
  NT_STATUS_LOGIN_WKSTA_RESTRICTION           = 0xc0000248,
  NT_STATUS_IMAGE_MP_UP_MISMATCH              = 0xc0000249,
  NT_STATUS_INSUFFICIENT_LOGON_INFO           = 0xc0000250,
  NT_STATUS_BAD_DLL_ENTRYPOINT                = 0xc0000251,
  NT_STATUS_BAD_SERVICE_ENTRYPOINT            = 0xc0000252,
  NT_STATUS_LPC_REPLY_LOST                    = 0xc0000253,
  NT_STATUS_IP_ADDRESS_CONFLICT1              = 0xc0000254,
  NT_STATUS_IP_ADDRESS_CONFLICT2              = 0xc0000255,
  NT_STATUS_REGISTRY_QUOTA_LIMIT              = 0xc0000256,
  NT_STATUS_PATH_NOT_COVERED                  = 0xc0000257,
  NT_STATUS_NO_CALLBACK_ACTIVE                = 0xc0000258,
  NT_STATUS_LICENSE_QUOTA_EXCEEDED            = 0xc0000259,
  NT_STATUS_PWD_TOO_SHORT                     = 0xc000025a,
  NT_STATUS_PWD_TOO_RECENT                    = 0xc000025b,
  NT_STATUS_PWD_HISTORY_CONFLICT              = 0xc000025c,
  NT_STATUS_PLUGPLAY_NO_DEVICE                = 0xc000025e,
  NT_STATUS_UNSUPPORTED_COMPRESSION           = 0xc000025f,
  NT_STATUS_INVALID_HW_PROFILE                = 0xc0000260,
  NT_STATUS_INVALID_PLUGPLAY_DEVICE_PATH      = 0xc0000261,
  NT_STATUS_DRIVER_ORDINAL_NOT_FOUND          = 0xc0000262,
  NT_STATUS_DRIVER_ENTRYPOINT_NOT_FOUND       = 0xc0000263,
  NT_STATUS_RESOURCE_NOT_OWNED                = 0xc0000264,
  NT_STATUS_TOO_MANY_LINKS                    = 0xc0000265,
  NT_STATUS_QUOTA_LIST_INCONSISTENT           = 0xc0000266,
  NT_STATUS_FILE_IS_OFFLINE                   = 0xc0000267,
  NT_STATUS_DS_NO_MORE_RIDS                   = 0xc00002a8,
  NT_STATUS_NOT_A_REPARSE_POINT               = 0xc0000275,
  NT_STATUS_NO_SUCH_JOB                       = 0xc000EDE
}

for i, v in pairs(status_codes) do
  status_names[v] = i
end


filetype_codes =
{
  FILE_TYPE_DISK              = 0x00,
  FILE_TYPE_BYTE_MODE_PIPE    = 0x01,
  FILE_TYPE_MESSAGE_MODE_PIPE = 0x02,
  FILE_TYPE_PRINTER           = 0x03,
  FILE_TYPE_UNKNOWN           = 0xFF
}

for i, v in pairs(filetype_codes) do
  filetype_names[v] = i
end

file_Pipe_Printer_Access_Mask = 
{
  FILE_READ_DATA              = 0x00000001,
  FILE_WRITE_DATA             = 0x00000002,
  FILE_APPEND_DATA            = 0x00000004,
  FILE_READ_EA                = 0x00000008,
  FILE_WRITE_EA               = 0x00000010,
  FILE_DELETE_CHILD           = 0x00000040,
  FILE_EXECUTE                = 0x00000020,
  FILE_READ_ATTRIBUTES        = 0x00000080,
  FILE_WRITE_ATTRIBUTES       = 0x00000100,
  DELETE                      = 0x00010000,
  READ_CONTROL                = 0x00020000,
  WRITE_DAC                   = 0x00040000,
  WRITE_OWNER                 = 0x00080000,
  SYNCHRONIZE                 = 0x00100000,
  ACCESS_SYSTEM_SECURITY      = 0x01000000,
  MAXIMUM_ALLOWED             = 0x02000000,
  GENERIC_ALL                 = 0x10000000,
  GENERIC_EXECUTE             = 0x20000000,
  GENERIC_WRITE               = 0x40000000,
  GENERIC_READ                = 0x80000000
}

directory_Access_Mask =
{
  FILE_LIST_DIRECTORY         = 0x00000001,
  FILE_ADD_FILE               = 0x00000002,
  FILE_ADD_SUBDIRECTORY       = 0x00000004,
  FILE_READ_EA                = 0x00000008,
  FILE_WRITE_EA               = 0x00000010,
  FILE_TRAVERSE               = 0x00000020,
  FILE_DELETE_CHILD           = 0x00000040,
  FILE_READ_ATTRIBUTES        = 0x00000080,
  FILE_WRITE_ATTRIBUTES       = 0x00000100,
  DELETE                      = 0x00010000,
  READ_CONTROL                = 0x00020000,
  WRITE_DAC                   = 0x00040000,
  WRITE_OWNER                 = 0x00080000,
  SYNCHRONIZE                 = 0x00100000,
  ACCESS_SYSTEM_SECURITY      = 0x01000000,
  MAXIMUM_ALLOWED             = 0x02000000,
  GENERIC_ALL                 = 0x10000000,
  GENERIC_EXECUTE             = 0x20000000,
  GENERIC_WRITE               = 0x40000000,
  GENERIC_READ                = 0x80000000
}

file_attributes =
{
  FILE_ATTRIBUTE_ARCHIVE              = 0x00000020,
  FILE_ATTRIBUTE_COMPRESSED           = 0x00000800,
  FILE_ATTRIBUTE_DIRECTORY            = 0x00000010,
  FILE_ATTRIBUTE_ENCRYPTED            = 0x00004000,
  FILE_ATTRIBUTE_HIDDEN               = 0x00000002,
  FILE_ATTRIBUTE_NORMAL               = 0x00000080,
  FILE_ATTRIBUTE_NOT_CONTENT_INDEXED  = 0x00002000,
  FILE_ATTRIBUTE_OFFLINE              = 0x00001000,
  FILE_ATTRIBUTE_READONLY             = 0x00000001,
  FILE_ATTRIBUTE_REPARSE_POINT        = 0x00000400,
  FILE_ATTRIBUTE_SPARSE_FILE          = 0x00000200,
  FILE_ATTRIBUTE_SYSTEM               = 0x00000004,
  FILE_ATTRIBUTE_TEMPORARY            = 0x00000100,
  FILE_ATTRIBUTE_INTEGRITY_STREAM     = 0x00008000,
  FILE_ATTRIBUTE_NO_SCRUB_DATA        = 0x00020000
}

file_share_access = 
{
  FILE_SHARE_READ             = 0x00000001,
  FILE_SHARE_WRITE            = 0x00000002,
  FILE_SHARE_DELETE           = 0x00000004
}

create_disposition =
{
  FILE_SUPERSEDE            = 0x00000000,
  FILE_OPEN                 = 0x00000001,
  FILE_CREATE               = 0x00000002,
  FILE_OPEN_IF              = 0x00000003,
  FILE_OVERWRITE            = 0x00000004,
  FILE_OVERWRITE_IF         = 0x00000005
}

create_options =
{
  FILE_DIRECTORY_FILE                 = 0x00000001,
  FILE_WRITE_THROUGH                  = 0x00000002,
  FILE_SEQUENTIAL_ONLY                = 0x00000004,
  FILE_NO_INTERMEDIATE_BUFFERING      = 0x00000008,
  FILE_SYNCHRONOUS_IO_ALERT           = 0x00000010,
  FILE_SYNCHRONOUS_IO_NONALERT        = 0x00000020,
  FILE_NON_DIRECTORY_FILE             = 0x00000040,
  FILE_COMPLETE_IF_OPLOCKED           = 0x00000100,
  FILE_NO_EA_KNOWLEDGE                = 0x00000200,
  FILE_RANDOM_ACCESS                  = 0x00000800,
  FILE_DELETE_ON_CLOSE                = 0x00001000,
  FILE_OPEN_BY_FILE_ID                = 0x00002000,
  FILE_OPEN_FOR_BACKUP_INTENT         = 0x00004000,
  FILE_NO_COMPRESSION                 = 0x00008000,
  FILE_OPEN_REMOTE_INSTANCE           = 0x00000400,
  FILE_OPEN_REQUIRING_OPLOCK          = 0x00010000,
  FILE_DISALLOW_EXCLUSIVE             = 0x00020000,
  FILE_RESERVE_OPFILTER               = 0x00100000,
  FILE_OPEN_REPARSE_POINT             = 0x00200000,
  FILE_OPEN_NO_RECALL                 = 0x00400000,
  FILE_OPEN_FOR_FREE_SPACE_QUERY      = 0x00800000
}

return _ENV;