doxy/a00149_source.html

 //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 // Project: uLib - User mode library.
 // Module: Kernel32 utility functions (Migrated from UtilFunc.cpp)
 // Author: Copyright (c) Love Nystrom
 // License: NNOSL (BSD descendant, see NNOSL.txt in the base directory).
 //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 #include <uLib/Common.h>
 #include <uLib/UtilFunc.h>
 #include <uLib/Debug.h>
 #include <uLib/StrFunc.h>
 #ifndef NO_NDK_FILES
 #include <uLib/NtFunc.h> // GetProcDllData()
 #endif
 #ifdef __cplusplus // FILETIME comparators...
 #include <uLib/LargeInt.h>
 #endif

 //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 // Kernel32 functions
 //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 UINT GlobalPurgeAtom( CSTR Name )
 {
     ATOM A; UINT N = 0;

     while( 0 != (A = GlobalFindAtom( Name ))) {
         GlobalDeleteAtom( A );
         N++;
     }
     return N;
 }

 // Retrieve the name of an atom

 CSTR GlobalAtomName( ATOM Atom )
 {
     static TCHAR buf[ 80 ];
     if (!GlobalGetAtomName( Atom, buf, dimof(buf) )) buf[0] = 0;
     return buf;
 }

 CSTR LocalAtomName( ATOM Atom )
 {
     static TCHAR buf[ 80 ];
     if (!GetAtomName( Atom, buf, dimof(buf) )) buf[0] = 0;
     return buf;
 }

 //-----------------------------------------------------------------------------
 // Get real handles for current process and thread.
 //-----------------------------------------------------------------------------

 HANDLE GetCurrentThreadHandle()
 {
     HANDLE hThread = GetCurrentThread(), hProc = GetCurrentProcess(); // Pseudo
     // Get a real handle to the thread.
     DuplicateHandle( hProc, hThread, hProc, &hThread, 0, FALSE, DUPLICATE_SAME_ACCESS );
     return hThread;
 }

 HANDLE GetCurrentProcessHandle()
 {
     HANDLE hProc = GetCurrentProcess(); // Pseudo handle
     // Get a real handle to the process.
     DuplicateHandle( hProc, hProc, hProc, &hProc, 0, FALSE, DUPLICATE_SAME_ACCESS );
     return hProc;
 }

 //-----------------------------------------------------------------------------
 // Hnd = CheckHandle( CreateFile( ... ));
 // Hnd = CloseHandleEx( Hnd );
 //-----------------------------------------------------------------------------

 HANDLE CheckHandle( HANDLE Hnd )
 {
     return BAD_HANDLE( Hnd ) ? NULL : Hnd;
 }

 HANDLE CloseHandleEx( HANDLE Hnd )
 {
     if (Hnd == INVALID_HANDLE_VALUE) Hnd = NULL;
     else if (Hnd != NULL)
     {
        #ifdef HAVE_STRUCTURED_EH
         __try { if (CloseHandle( Hnd )) Hnd = NULL; }
         __except_execute { Hnd = NULL; }
        #else
         if (CloseHandle( Hnd )) Hnd = NULL;
        #endif
     }
     return Hnd;
 }

 bool WaitFor( HANDLE hObj, DWORD msWait )
 {
     DWORD rc = WaitForSingleObjectEx( hObj, msWait, true );
     bool ok = (rc == WAIT_OBJECT_0);
     if (!ok) SetLastError( rc );
     return ok;
 }

 //-----------------------------------------------------------------------------
 // Additional global heap functions (add-on to the WindowsX macros)
 // Mostly useful for clipboard operations and DDE.
 //-----------------------------------------------------------------------------

 ASTR GlobalAllocStrA( UINT Count )
 {
     return (ASTR) GlobalAllocPtr( GHND, Count ); // NOTA BENE: GHND (movable).
 }
 WSTR GlobalAllocStrW( UINT Count )
 {
     return (WSTR) GlobalAllocPtr( GHND, Count * WCHAR_SIZE );
 }

 BEGIN_STRSAFE_OVERRIDE

 ASTR GlobalDupStrA( ACSTR Str, bool isMulti )
 {
     ASTR pDup = NULL;
     if (Str)
     {
         UINT Len = isMulti ? MultiSzLengthA( Str ) : UINT( 1+strlen( Str ));
         pDup = GlobalAllocStrA( Len );
         if (pDup) memcpy( pDup, Str, Len );
     }
     return pDup;
 }
 //ASTR GlobalDupStrA( ACSTR Str )
 //{
 //    ASTR pDup = NULL;
 //    if (Str)
 //    {
 //        UINT Len = (UINT) strlen( Str );
 //        pDup = GlobalAllocStrA( Len + 1 );
 //        if (pDup) strcpy( pDup, Str );
 //    }
 //    return pDup;
 //}

 WSTR GlobalDupStrW( WCSTR Str, bool isMulti )
 {
     WSTR pDup = NULL;
     if (Str)
     {
         UINT Len = isMulti ? MultiSzLengthW( Str ) : UINT( 1+wcslen( Str ));
         pDup = GlobalAllocStrW( Len );
         if (pDup) memcpy( pDup, Str, Len * WCHAR_SIZE );
     }
     return pDup;
 }

 END_STRSAFE_OVERRIDE

 HANDLE GlobalUnlockedHandle( PVOID Ptr, PUINT pCount )
 {
     UINT lockCount = 0;
     HANDLE hMem = GlobalHandle( Ptr );
     if (hMem)
     {
         BOOL locked = TRUE;
         while( locked )
         {
             lockCount++;
             locked = GlobalUnlock( hMem );
             if (!locked && GetLastError() != 0) hMem = NULL; // Failure
         }
     }
     if (pCount) *pCount = lockCount;
     return hMem;
 }

 //-----------------------------------------------------------------------------
 // Memory access check. MSDN: Success does /not/ guarantee accessibility
 // in a multithreading environment. @sa Intel Asm: VERR and VERW.
 //-----------------------------------------------------------------------------

 bool IsBadReadWritePtr( const PVOID address, UINT_PTR size )
 {
     return (IsBadReadPtr( address, size ) || IsBadWritePtr( address, size ));
 }

 //-----------------------------------------------------------------------------
 // Simplified CreateProcess..
 //-----------------------------------------------------------------------------

 HANDLE Launch( CSTR exePath, CSTR cmdLn, CSTR startDir, int iShow, DWORD Flags )
 {
     LPSECURITY_ATTRIBUTES sa = &DefSec;
     PROCESS_INFORMATION pi = { NULL,NULL, 0,0 };
     STARTUPINFO si = {
         sizeof(STARTUPINFO),
         NULL,NULL,NULL, 0,0,0,0,0,0,0,0,0,0,0, NULL,NULL,NULL
         };
     PVOID pEnv = NULL; // NULL = Use environment of the calling process.

   #if 0 // CreateProcess handles sending the process to the right desktop by default
     si.lpDesktop = _T("winsta0\\default"); // Memo to self (for the string content)
   #endif
     si.wShowWindow = iShow;
     si.dwFlags = STARTF_USESHOWWINDOW;

     if (!CreateProcess( exePath, (TSTR)cmdLn, sa,sa, FALSE, Flags, pEnv, startDir, &si,&pi ))
     {
         TRACE( DP_ERROR, _F("CreateProcess( %s, %s ) failed: %s\n"), exePath, cmdLn, SysErrorMsg() );
         pi.hProcess = NULL;
     }
     if (pi.hThread) CloseHandle( pi.hThread ); // Not used with Launch.
     return pi.hProcess;
 }

 //-----------------------------------------------------------------------------
 // CreateCapturedProc - Create a process who's STDIN/OUT/ERR are redirected
 // to three anonymous pipes. Return handle of the created process, or NULL.
 //-----------------------------------------------------------------------------

 HANDLE CreateCapturedProcess(
     IN  CSTR    cmdLn,      // Command line string
     IN  LPSTARTUPINFO si,   // STARTUPINFO (less the std handles) for the new proc
     IN  DWORD   Flags,      // Creation flags for CreateProcess.
     OPTOUT PHANDLE pRdHnd,  // We read child's stdout from here
     OPTOUT PHANDLE pWrHnd,  // We write child's stdin to here
     OPTOUT PHANDLE pErrHnd, // We read child's stderr from here
     OPTOUT PHANDLE phThread // If you need the thread handle
     )
 {
     PROCESS_INFORMATION ppi = { 0,0,0,0 };
     if (si == NULL)
         SetLastError( ERROR_INVALID_PARAMETER );
     else
     {
         if (pRdHnd) CreatePipe( pRdHnd, &si->hStdOutput, &DefSec, 0 ); // Our read, child's STDOUT
         if (pWrHnd) CreatePipe( &si->hStdInput, pWrHnd, &DefSec, 0 );  // Our write, child's STDIN
         if (pErrHnd) CreatePipe( pErrHnd, &si->hStdError, &DefSec, 0 ); // Our read, child's STDERR

         bool ok = true;
         if (pRdHnd != NULL) ok = (*pRdHnd != NULL);
         if ((pWrHnd != NULL) && ok) ok = (*pWrHnd != NULL);
         if ((pErrHnd != NULL) && ok) ok = (*pErrHnd != NULL);
         if (ok)
         {
             si->dwFlags |= STARTF_USESTDHANDLES;
             if (CreateProcess( NULL, (TSTR)cmdLn, &DefSec, &DefSec, TRUE, Flags, 0,0, si, &ppi ))
             {
                 if (phThread) *phThread = ppi.hThread;
                 else CloseHandleEx( ppi.hThread ); // Don't leak a handle we don't return.
                 return ppi.hProcess;
             }
         }
         // Failure
         if (pErrHnd) {
             *pErrHnd = CloseHandleEx( *pErrHnd );
             si->hStdError = CloseHandleEx( si->hStdError );
             }
         if (pWrHnd) {
             *pWrHnd  = CloseHandleEx( *pWrHnd );
             si->hStdInput = CloseHandleEx( si->hStdInput );
             }
         if (pRdHnd) {
             *pRdHnd  = CloseHandleEx( *pRdHnd );
             si->hStdOutput = CloseHandleEx( si->hStdOutput );
             }
         if (phThread) *phThread = NULL;
     }
     return NULL;
 }

 //-----------------------------------------------------------------------------
 // CreateCapturedProcessEx...
 //-----------------------------------------------------------------------------

 HANDLE CreateCapturedProcessEx(
     OPTIN  CSTR    ExePath,   // Executable path name.
     OPTIN  CSTR    CmdLn,     // Command line string.
     OPTIN  CSTR    EnvStr,    // Environment strings (multi-sz).
     OPTIN  CSTR    WorkDir,   // Working directory.
     IN     LPSTARTUPINFO pSI, // STARTUPINFO (less the std handles) for the new proc.
     IN     DWORD   Flags,     // Creation flags for CreateProcess.
     OPTOUT PHANDLE pRdHnd,    // We read child's stdout from here.
     OPTOUT PHANDLE pWrHnd,    // We write child's stdin to here.
     OPTOUT PHANDLE pErrHnd,   // We read child's stderr from here.
     OPTOUT PHANDLE phThread   // If you need the thread handle.
     )
 {
     PROCESS_INFORMATION pi = { 0,0,0,0 };
     if (pSI == NULL)
         SetLastError( ERROR_INVALID_PARAMETER );
     else
     {
         DWORD err = 0;
         if (pRdHnd) CreatePipe( pRdHnd, &pSI->hStdOutput, &DefSec, 0 ); // Our read, child's STDOUT
         if (pWrHnd) CreatePipe( &pSI->hStdInput, pWrHnd, &DefSec, 0 );  // Our write, child's STDIN
         if (pErrHnd) CreatePipe( pErrHnd, &pSI->hStdError, &DefSec, 0 ); // Our read, child's STDERR

         bool ok = true;
         if (pRdHnd != NULL) ok = (*pRdHnd != NULL);
         if ((pWrHnd != NULL) && ok) ok = (*pWrHnd != NULL);
         if ((pErrHnd != NULL) && ok) ok = (*pErrHnd != NULL);
         if (ok)
         {
             pSI->dwFlags |= STARTF_USESTDHANDLES;

             if (CreateProcess( ExePath, TSTR(CmdLn),
                 &DefSec, &DefSec, true, Flags, PVOID(EnvStr), WorkDir, pSI, &pi
                 ))
             {
                 if (phThread) *phThread = pi.hThread;
                 else CloseHandleEx( pi.hThread ); // Don't leak a handle we don't return.
                 return pi.hProcess;
             }
             else err = GetLastError(); // Carry forward..
         }
         // Failure
         if (pErrHnd) {
             *pErrHnd = CloseHandleEx( *pErrHnd );
             pSI->hStdError = CloseHandleEx( pSI->hStdError );
             }
         if (pWrHnd) {
             *pWrHnd  = CloseHandleEx( *pWrHnd );
             pSI->hStdInput = CloseHandleEx( pSI->hStdInput );
             }
         if (pRdHnd) {
             *pRdHnd  = CloseHandleEx( *pRdHnd );
             pSI->hStdOutput = CloseHandleEx( pSI->hStdOutput );
             }
         if (phThread) *phThread = NULL;
         if (err) SetLastError( err );
     }
     return NULL;
 }

 //-----------------------------------------------------------------------------
 // Do the mentioned closing, and terminate the process..
 //-----------------------------------------------------------------------------

 HANDLE CloseCapturedProcess(
     IN HANDLE hProc,     // Process handle
     IN LPSTARTUPINFO pSi, // STARTUPINFO used in CreateCapturedProcess
     IN PHANDLE pRdHnd,   // The inhnd returned from CreateCapturedProcess
     IN PHANDLE pWrHnd,   // The outhnd returned from CreateCapturedProcess
     IN PHANDLE pErrHnd   // The errhnd returned from CreateCapturedProcess
     )
 {
     if (pErrHnd) *pErrHnd = CloseHandleEx( *pErrHnd );
     if (pWrHnd) *pWrHnd = CloseHandleEx( *pWrHnd );
     if (pRdHnd) *pRdHnd = CloseHandleEx( *pRdHnd );
     if (pSi) // pSi == NULL is an error, but let's be lenient..
     {
         pSi->hStdError = CloseHandleEx( pSi->hStdError );
         pSi->hStdOutput = CloseHandleEx( pSi->hStdOutput );
         pSi->hStdInput = CloseHandleEx( pSi->hStdInput );
     }
     return CloseHandleEx( hProc ); // Note: Null-safe.
 }

 HANDLE TerminateCapturedProcess(
     IN HANDLE hProc,     // Process handle
     IN LPSTARTUPINFO pSi, // STARTUPINFO used in CreateCapturedProcess
     IN PHANDLE pRdHnd,   // The inhnd returned from CreateCapturedProcess
     IN PHANDLE pWrHnd,   // The outhnd returned from CreateCapturedProcess
     IN PHANDLE pErrHnd,  // The errhnd returned from CreateCapturedProcess
     IN UINT   retCode    // Return code
     )
 {
     if (hProc && !TerminateProcess( hProc, retCode ))
         DPrint( DP_ERROR, _F("TerminateProcess(%p): %s\n"), hProc, SysErrorMsg() );

     return CloseCapturedProcess( hProc, pSi, pRdHnd, pWrHnd, pErrHnd );
 }

 //-----------------------------------------------------------------------------
 // LEGACY: GetOrLoadModule.. (Written before I knew that LoadLibrary does this).
 //-----------------------------------------------------------------------------

 HMODULE GetOrLoadModule( CSTR modName )
 {
     HMODULE hMod = GetModuleHandle( modName );
     if (!hMod) hMod = LoadLibrary( modName );
     return hMod;
 }

 //-----------------------------------------------------------------------------
 // LoadProcLibrary loads a DLL into another process.
 // It returns the remote DLL handle, or NULL on failure.
 // Uses a variation of the method invented by Jeff Richter. Clever man :)
 // NOTE: Anti-virus software (correctly) considers this a generic threat.
 //-----------------------------------------------------------------------------

 // TODO: Full test of LoadProcLibrary in x64.

 #ifdef __GNUC__
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wcast-function-type"
 #endif

 HMODULE LoadProcLibrary( HANDLE hProc, LPCSTR DllPathName, DWORD msWait )
 {
     DWORD err = NO_ERROR;
     HMODULE hMod = NULL;
     static HMODULE (WINAPI *_LoadLibrary)( LPCSTR pPathName ) = NULL;

     // This works because kernel32 is always loaded at the same address in each process.
     // If that changes, this needs to use NtCreateThread instead, since ntdll is
     // *guaranteed* to be loaded at the same address in each process.

     if (!_LoadLibrary)
     {
         HMODULE hKernel = GetModuleHandleA( "KERNEL32.DLL" );
         LITERAL( FARPROC, _LoadLibrary ) = GetProcAddress( hKernel, "LoadLibraryA" );
         TRACE( DP_DEBUG, _F("kernel32!LoadLibraryA = %p\n"), _LoadLibrary );
     }
     if (_LoadLibrary)
     {
         PVOID pPath = VirtualAllocEx( hProc, NULL, MAX_PATH, MEM_COMMIT, PAGE_READWRITE );
         TRACE( DP_DEBUG, _F("VirtualAllocEx[%p] = %p\n"), hProc, pPath );
         if (!pPath)
             err = GetLastError();
         else
         {
             SIZE_T cbWr, len = 1+strlen( DllPathName );

             // Copy LoadLibrary parameter to the other process' memory.

             TRACE( DP_VERBOSE, _F("WriteProcessMemory [%p,%p] '%s'\n"), hProc, pPath, DllPathName );
             if (!WriteProcessMemory( hProc, pPath, (PVOID)DllPathName, len, &cbWr ))
                 err = GetLastError();
             else
             {
                 // Call LoadLibraryA in the other process.
                 // This works because LoadLibrary has the same signature as ThreadProc.

                 TRACE( DP_VERBOSE, _F("CreateRemoteThread\n") );
                 HANDLE hThr = CreateRemoteThread(
                     hProc, NULL,0, (LPTHREAD_START_ROUTINE)_LoadLibrary, pPath, 0,NULL
                     );
                 if (!hThr) err = GetLastError();
                 else
                 {
                     DWORD_PTR retCode; // 32/64 in case GetExitCodeThread actually fetch 64 bits on x64.
                     TRACE( DP_VERBOSE, _F("WaitForSingleObject( hThr=%p, %lu )\n"), hThr, msWait );
                     DWORD wr = WaitForSingleObject( hThr, msWait );
                     TRACE( DP_DEBUG, _F("  = %lu (%u)\n"), wr, (wr == WAIT_OBJECT_0) );
                     if (wr == WAIT_OBJECT_0)
                     {
                         if (!GetExitCodeThread( hThr, (LPDWORD)&retCode ))
                         {
                             err = GetLastError();
                             retCode = (-1);
                         }
                     } else {
                         err = ERROR_TIMEOUT;
                         retCode = (-1);
                     }
                     // NOTE: This is on the thin ice in x64, since an x64 handle is 64 bits
                     // and GetExitCodeThread officially only return a DWORD, not DWORD_PTR.
                     // Empiric testing indicates that module handles constrain to 32 bits.
                     // However, there's NO guarantee for that. If the module handle is
                     // indeed truncated, the calling process will not be able to /unload/ it.
                     // Amends: GetProcDLLHandle can be used to retrieve the remote handle.

                     hMod = (HMODULE) retCode;
                     CloseHandle( hThr );
                 }
             }
             TRACE( DP_VERBOSE, _F("VirtualFreeEx [%p] %p\n"), hProc, pPath );
             VirtualFreeEx( hProc, pPath, 0, MEM_RELEASE );
         }
     }
     TRACE( DP_DEBUG, _F("hMod = 0x%p\n"), hMod );
     if (err) SetLastError( err );
     return hMod;
 }
 #ifdef __GNUC__
 #pragma GCC diagnostic pop
 #endif

 //-----------------------------------------------------------------------------
 // UnloadProcLibrary unloads a DLL from another process.
 // The DLL handle has to be a *remote handle* (from LoadProcLibrary/GetProcDLLHandle).
 //-----------------------------------------------------------------------------

 BOOL UnloadProcLibrary( HANDLE hProc, HMODULE hLib, DWORD msWait )
 {
     BOOL ok = FALSE;
     static BOOL (WINAPI *_FreeLibrary)( HMODULE hLib ) = NULL;

     // This works because kernel32 is always loaded at the same address in each process.
     // If that changes, this needs to use the native NtCreateThread instead.

     if (!_FreeLibrary)
     {
         HMODULE hKernel = GetModuleHandleA( "KERNEL32.DLL" );
         LITERAL( FARPROC,_FreeLibrary ) = GetProcAddress( hKernel, "FreeLibrary" );
         TRACE( DP_DEBUG, _F("kernel32!FreeLibrary = %p\n"), _FreeLibrary );
     }
     if (_FreeLibrary)
     {
         // Call FreeLibrary in the other process.
         // This works because FreeLibrary has the same signature as ThreadProc.
         HANDLE hThr = CreateRemoteThread(
             hProc, NULL,0, (LPTHREAD_START_ROUTINE)_FreeLibrary, hLib, 0,NULL
             );
         if (hThr)
         {
             DWORD_PTR retCode;
             if (WaitForSingleObject( hThr, msWait ) == WAIT_OBJECT_0)
                 GetExitCodeThread( hThr, (LPDWORD)&retCode );
             else retCode = 0;
             ok = (BOOL) retCode;
             CloseHandle( hThr );
         }
     }
     return ok;
 }

 //-----------------------------------------------------------------------------
 #ifndef NO_NDK_FILES // These two require native data types.

 SHORT GetProcDLLRefCount( HANDLE hProcess, WCSTR DllName )
 {
     SHORT refCount = 0;
     LDR_MODULE lm;
     IF_DEBUG( memset( &lm, 0, sizeof(lm) ));

     if (GetProcDllData( hProcess, DllName, &lm, false ))
         refCount = lm.LoadCount;
     return refCount;
 }

 HMODULE GetProcDLLHandle( HANDLE hProcess, WCSTR DllName )
 {
     HMODULE hDll = NULL;
     LDR_MODULE lm;
     IF_DEBUG( memset( &lm, 0, sizeof(lm) ));

     if (GetProcDllData( hProcess, DllName, &lm, false ))
         hDll = (HMODULE) lm.BaseAddress;
     return hDll;
 }

 #endif//ndef NO_NDK_FILES
 //-----------------------------------------------------------------------------
 BEGIN_NAMESPACE( uLib ) // FILETIME support
 //-----------------------------------------------------------------------------

 const FILETIME NullFileTime = {0,0};

 FILETIME Now( eTimeType Domain )
 {
     SYSTEMTIME sysTime;
     FILETIME result = {0,0};

     switch( Domain )
     {
         case LOCAL_TIME: GetLocalTime( &sysTime ); break;
         case SYSTEM_TIME: GetSystemTime( &sysTime ); break;
         default: goto __done;
     }
     SystemTimeToFileTime( &sysTime, &result );
     __done: return result;
 }

 FILETIME AddTime( FILETIME Time, SHORT Hr, SHORT Min, SHORT Sec, SHORT mSec )
 {
     SYSTEMTIME st;
     FILETIME result;
     int ms, add;

     static const int ms_Sec   = 1000;
     static const int ms_Min   = 60*1000; // Take advatage of constant folding
     static const int ms_Hour  = 60*60*1000;
     static const int ms_Day   = 24*60*60*1000;

     FileTimeToSystemTime( &Time, &st );
     ms = st.wMilliseconds + (st.wSecond * ms_Sec) + (st.wMinute * ms_Min) + (st.wHour * ms_Hour);
     add = mSec + (Sec * ms_Sec) + (Min * ms_Min) + (Hr * ms_Hour);
     ms += add;

     st.wHour = ms / ms_Hour;
     ms -= (st.wHour * ms_Hour);

     st.wMinute = ms / ms_Min;
     ms -= (st.wMinute * ms_Min);

     st.wSecond = (ms / ms_Sec);
     ms -= (st.wSecond * ms_Sec);

     st.wMilliseconds = ms;

     SystemTimeToFileTime( &st, &result );
     return result;
 }

 FILETIME AddFiletime( FILETIME Time, const FILETIME Add )
 // WIP.. Not public yet.
 {
     SYSTEMTIME st;
     FileTimeToSystemTime( &Add, &st );

     // TODO: Rewrite this to allow adding entire datetime...

     return AddTime( Time, st.wHour, st.wMinute, st.wSecond, st.wMilliseconds );
 }

 FILETIME MakeDateTime( WORD Year, WORD Month, WORD Day, WORD Hr, WORD Min, WORD Sec )
 {
     SYSTEMTIME st;
     FILETIME result;

     st.wYear = Year;
     st.wMonth = Month;
     st.wDay = Day;
     st.wHour = Hr;
     st.wMinute = Min;
     st.wSecond = Sec;
     st.wDayOfWeek = st.wMilliseconds = 0;

     SystemTimeToFileTime( &st, &result );
     return result;
 }

 #ifdef __cplusplus // FILETIME comparators...

 bool operator > ( FILETIME const& A, FILETIME const& B ) // extern "C++"
 {
     LargeInt a( A ), b( B );
     return UINT64( a ) > UINT64( b );
 }
 bool operator < ( FILETIME const& A, FILETIME const& B ) // extern "C++"
 {
     LargeInt a( A ), b( B );
     return UINT64( a ) < UINT64( b );
 }
 bool operator == ( FILETIME const& A, FILETIME const& B ) // extern "C++"
 {
     LargeInt a( A ), b( B );
     return UINT64( a ) == UINT64( b );
 }
 bool operator >= ( FILETIME const& A, FILETIME const& B ) // extern "C++"
 {
     return !operator < ( A,B );
 }
 bool operator <= ( FILETIME const& A, FILETIME const& B ) // extern "C++"
 {
     return !operator > ( A,B );
 }
 bool operator != ( FILETIME const& A, FILETIME const& B ) // extern "C++"
 {
     return !operator == ( A,B );
 }

 #endif
 //==----------------------------------------------------------------------------
 END_NAMESPACE( uLib )
 //-----------------------------------------------------------------------------
 // SYSTEMTIME support
 //-----------------------------------------------------------------------------

 SYSTEMTIME* SystemTimeToLocalTime( SYSTEMTIME* Time )
 {
     TIME_ZONE_INFORMATION tzi;
     SYSTEMTIME local;

     if (Time)
     {
         DWORD rc = GetTimeZoneInformation( &tzi );
         _ASSERTE( rc != TIME_ZONE_ID_INVALID );
         if( SystemTimeToTzSpecificLocalTime( &tzi, Time, &local ))
             *Time = local;
         else Time = NULL;
     }
     return Time;
 }

 SYSTEMTIME* LocalTimeToSystemTime( SYSTEMTIME* Time )
 {
     TIME_ZONE_INFORMATION tzi;
     SYSTEMTIME utc;

     if (Time)
     {
         DWORD rc = GetTimeZoneInformation( &tzi );
         _ASSERTE( rc != TIME_ZONE_ID_INVALID );
         if( TzSpecificLocalTimeToSystemTime( &tzi, Time, &utc ))
             *Time = utc;
         else Time = NULL;
     }
     return Time;
 }

 FILETIME FileTimeToLocalTime( FILETIME utc )
 // It's often more convenient to get the result as a return value.
 {
     FILETIME local;
     if (!FileTimeToLocalFileTime( &utc, &local ))
         local = uLib::NullFileTime;
     return local;
 }

 //==----------------------------------------------------------------------------

 static HMODULE GetNtDll()
 {
     static HMODULE ntDll;
     if (!ntDll) ntDll = GetModuleHandle( _T("NTDLL") );
     return ntDll;
 }

 //==----------------------------------------------------------------------------
 // GetEnvironmentSize
 //==----------------------------------------------------------------------------

 bool GetEnvironmentSize( WSTR pwEnv, PUINT pSize, PUINT pUsed )
 {
     WSTR pzEnv, pEnv = pwEnv ? pwEnv : GetEnvironmentStringsW();
     bool ok = (pEnv != NULL);
     if (pSize) *pSize = 0;
     if (pUsed) *pUsed = 0;
     if ( ok )
     {
         for( pzEnv = pEnv; *pzEnv; pzEnv = 1 + wcschr( pzEnv, 0 )); // Find the end
         UINT ccEnv = UINT( (pzEnv - pEnv) + 1 ); // Incl 2nd null

         MEMORY_BASIC_INFORMATION mbi;
         ok = (VirtualQuery( pEnv, &mbi, sizeof(mbi) ) > 0);
         if ( ok )
         {
             if (pSize) *pSize = UINT( mbi.RegionSize / WCHAR_SIZE );
             if (pUsed) *pUsed = ccEnv;
         }
         if (!pwEnv) FreeEnvironmentStringsW( pEnv );
     }
     return ok;
 }

 //==----------------------------------------------------------------------------
 // Clone/FreeEnvironment
 //==----------------------------------------------------------------------------

 // NOTE: While debugging this function, I found a non-compliance in the
 // environment on Win7 x64. The PATH value was stored *last* in the environment,
 // not in *sorted order* as it's supposed to be.. This holds ramifications for
 // Rtl[Get/Set]EnvironmentVariable() implementors.. (E.g: Can't do binary search.)
 // Caveat Emptor / Love.

 WSTR CloneEnvironment( OPTOUT PUINT pLength, OPTOUT PUINT pUsed )
 {
     static NTSTATUS (NTAPI *_RtlCreateEnvironment)( BOOLEAN Clone, OUT PWSTR* Env );
     if (!_RtlCreateEnvironment)
         (FARPROC&)_RtlCreateEnvironment = GetProcAddress( GetNtDll(), "RtlCreateEnvironment" );

     WSTR pwEnv = NULL, pzEnv;

     if (!_RtlCreateEnvironment)
         SetLastError( ERROR_CALL_NOT_IMPLEMENTED );
     else
     {
         NTSTATUS rc = _RtlCreateEnvironment( true, &pwEnv );
         if (!NT_SUCCESS( rc ))
         {
             pwEnv = NULL;
             SetLastErrorFromNtStatus( rc );
         }
         else
         {
             for( pzEnv = pwEnv; *pzEnv; pzEnv = 1 + wcschr( pzEnv, 0 )); // Find the end.
             UINT_PTR ccUsed = (pzEnv - pwEnv) + 1; // Length incl 2nd null.
             if (pUsed) *pUsed = (UINT) ccUsed;

             MEMORY_BASIC_INFORMATION mbi;
             IF_DEBUG( memset( &mbi, 0, sizeof(mbi) ));
             if (VirtualQuery( pwEnv, &mbi, sizeof(mbi) ))
             {
                 UINT ccEnv = UINT( mbi.RegionSize / WCHAR_SIZE );
                 if (pLength) *pLength = ccEnv;

               #if _DEBUG
                 DPrint( DP_DEBUG,
                     _F("AllocationBase=%#x, BaseAddress=%#x, RegionSize=%lu, State=0x%08X\n"),
                     mbi.AllocationBase, mbi.BaseAddress, mbi.RegionSize, mbi.State
                     );
                 UINT cbUsed = UINT( ccUsed * WCHAR_SIZE );
                 static const UINT  MAX_ENV = 32767 * WCHAR_SIZE; // Max permitted env size, says MSDN doc.
                 if (mbi.RegionSize > MAX_ENV) // Ugh, non-compliant environment :/
                     DPrint( DP_WARNING,
                         _F("Non-compliant environment size: %lu B (%lu ch)! %lu B used\n"),
                         mbi.RegionSize, ccEnv, cbUsed
                         );
               #endif
             }
         }
     }
     return pwEnv;
 }

 WSTR FreeEnvironment( WSTR Env )
 {
     static VOID (NTAPI *_RtlDestroyEnvironment)( PWSTR Env );
     if (!_RtlDestroyEnvironment)
         (FARPROC&)_RtlDestroyEnvironment = GetProcAddress( GetNtDll(), "RtlDestroyEnvironment" );

     if (!_RtlDestroyEnvironment)
         SetLastError( ERROR_CALL_NOT_IMPLEMENTED );
     else
     {
         if ( !Env ) SetLastError( ERROR_INVALID_PARAMETER );
         else
         {
            _RtlDestroyEnvironment( Env );
           #if _DEBUG
             MEMORY_BASIC_INFORMATION mbi;
             memset( &mbi, 0, sizeof(mbi) );
             if (VirtualQuery( Env, &mbi, sizeof(mbi) ))
             {
                 DPrint( DP_DEBUG,
                     _F("After: AllocationBase=%#x, BaseAddress=%#x, RegionSize=%lu, State=%lu\n"),
                     mbi.AllocationBase, mbi.BaseAddress, mbi.RegionSize, mbi.State
                     );
             }
           #endif
             Env = NULL;
         }
     }
     return Env;
 }

 //==----------------------------------------------------------------------------
 // Set/Get/ModifyEnvironmentVar
 //==----------------------------------------------------------------------------
 #ifndef NO_WINTERNAL // UNICODE_STRING

 // NOTA BENE: RtlSetEnvironmentVariable is quirky, and frequently cause GPF
 // read exceptions, which it handles internally and returns status zero.
 // The bug is that it reads one byte /before the beginning of the environment/.
 // The exceptions are not re-raised, so we cannot provide value added handling.

 // NOTE: Even though the env block is always UniCode, these functions
 // work with transmutable strings internally and parameter-wise..

 bool SetEnvironmentVar( OPTIO WSTR* pwEnv, IN CSTR Name, IN CSTR Value )
 {
     static NTSTATUS (NTAPI *_RtlSetEnvironmentVariable)(
         PWSTR* Environment, PUNICODE_STRING Name, PUNICODE_STRING Value );

     if (!_RtlSetEnvironmentVariable) (FARPROC&)_RtlSetEnvironmentVariable =
         GetProcAddress( GetNtDll(), "RtlSetEnvironmentVariable" );

     bool ok = (_RtlSetEnvironmentVariable != NULL);
     if ( !ok ) SetLastError( ERROR_CALL_NOT_IMPLEMENTED );
     else
     {
         UString uName( Name ), uValue; // Auto-convert..
         PUNICODE_STRING puVal = NULL;
         if ( Value )
         {
             uValue = Value;
             puVal = (PUNICODE_STRING) uValue;
         }
         NTSTATUS rc = _RtlSetEnvironmentVariable( pwEnv, uName, puVal );
         ok = NT_SUCCESS( rc );
         if ( !ok ) SetLastErrorFromNtStatus( rc );
     }
     return ok;
 }

 bool GetEnvironmentVar(
     OPTIN WSTR pwEnv, IN CSTR Name, OUT TSTR Value, INOUT PUINT ccValBuf )
 {
     static NTSTATUS (NTAPI *_RtlQueryEnvironmentVariable)(
         PWSTR Environment, PUNICODE_STRING Name, PUNICODE_STRING Value );

     if (!_RtlQueryEnvironmentVariable) (FARPROC&)_RtlQueryEnvironmentVariable =
         GetProcAddress( GetNtDll(), "RtlQueryEnvironmentVariable_U" ); // N.B: Using _U variant.

     bool ok = (_RtlQueryEnvironmentVariable != NULL);
     if ( !ok ) SetLastError( ERROR_CALL_NOT_IMPLEMENTED );
     else
     {
         ok = (ccValBuf != NULL);
         if ( !ok ) SetLastError( ERROR_INVALID_PARAMETER );
         else
         {
             UString uName( Name ); // Auto-convert..
             UNICODE_STRING uValue = { 0, USHORT( *ccValBuf * WCHAR_SIZE ), NULL };

             // Note: RtlQueryEnvironmentVariable_U doesn't touch the Buffer
             // if MaximumLength is smaller than the actual value length.
             // Length is not touched if value don't exist, else it is
             // always set to the actual value size, regardeless of Buffer.

           #ifdef _UNICODE
             uValue.Buffer = Value;
           #else
             uValue.Buffer = *ccValBuf ? mem_AllocWStr( *ccValBuf ) : NULL;
           #endif
             NTSTATUS rc = _RtlQueryEnvironmentVariable( pwEnv, uName, &uValue );

             // 'rc' may be STATUS_SUCCESS, STATUS_VARIABLE_NOT_FOUND,
             // STATUS_BUFFER_TOO_SMALL, or STATUS_ACCESS_VIOLATION.

             UINT ccVal = uValue.Length / WCHAR_SIZE, ccUni = ccVal;
             if (uValue.MaximumLength > uValue.Length) ++ccUni; // Include NUL.

             ok = NT_SUCCESS( rc );
             if ( !ok ) SetLastErrorFromNtStatus( rc );
           #ifndef _UNICODE
             else WideCharToMultiByte(
                 CP_ACP, 0, uValue.Buffer, ccUni, Value, *ccValBuf, NULL, NULL
                 );
             if ( *ccValBuf ) mem_Free( uValue.Buffer );
           #endif
             //*ccValBuf = ccVal + 1; // +1 == null terminator
             if ( ccVal ) ccVal++; // +1 == null terminator
             *ccValBuf = ccVal;
         }
     }
     return ok;
 }

 UINT ModifyEnvironmentVar(
     WSTR* pwEnv, BYTE Option, CSTR Name, CSTR Addendum, TCHAR Sep )
 {
     UINT valueLen = 0;
     if (!IsString( Name ) || !IsString( Addendum ))
         SetLastError( ERROR_INVALID_PARAMETER );
     else
     {
         UINT addLen = (UINT)_tcslen( Addendum );

         bool ok = GetEnvironmentVar( *pwEnv, Name, NULL, &valueLen );
         if (!valueLen ) // Name doesn't exist, so just add it with the Addendum value.
         {
             ok = SetEnvironmentVar( pwEnv, Name, Addendum );
             valueLen = ok ? addLen : 0;
         }
         else
         {
             // A 2kB fixed buffer would probably suffice, but lets play it safe..

             UINT bufLen = valueLen + addLen + 2;
             IF_DEBUG( bufLen = ROUND_UP2( bufLen, 256 ));
             TSTR valueBuf = mem_AllocStr( bufLen );
             if ( !valueBuf ) valueLen = 0;
             else
             {
                 ok = GetEnvironmentVar( *pwEnv, Name, valueBuf, &valueLen );
                 if ( ok )
                 {
                     valueLen = (Option == MEF_PREPEND)
                         ? PrependString( valueBuf, bufLen, Sep, Addendum )
                         : AppendString( valueBuf, bufLen, Sep, Addendum );

                   #ifndef _UNICODE // DeduplicateCharSeparatedText is non-unicode only..
                     if ( Sep ) valueLen =
                         DeduplicateCharSepText( valueBuf, Sep, false, false );
                   #endif

                     if ( valueLen ) ok = SetEnvironmentVar( pwEnv, Name, valueBuf );
                     if ( !ok ) valueLen = 0;
                 }
                 mem_Free( valueBuf );
             }
         }
     }
     return valueLen;
 }

 #endif//ndef NO_WINTERNAL
 //==----------------------------------------------------------------------------
 // DeduplicatePath removes duplicate paths from e.g a PATH variable.
 // Only the first occurence of each duplicate is retained.
 //==----------------------------------------------------------------------------

 #ifndef _UNICODE
 UINT DeduplicatePathStr( TSTR Path )
 {
     return DeduplicateCharSepText( Path, SEMICOLON, false, false );
 }
 #endif

 //==----------------------------------------------------------------------------
 // PE executable header access
 //==----------------------------------------------------------------------------

 #if 0 // old ways..
     static const WORD PE_SIGN = WORD('EP'); // "PE" (LSBF=0x4550)
     static const WORD PE_SIGN = *(PWORD)"PE"; // "PE" (LSBF=0x4550)
 #else // new neat way..
     static const WORD PE_SIGN = MK_TWOCC("PE"); // LSBF=0x4550
     static const WORD MZ_SIGN = MK_TWOCC("MZ"); // aka. IMAGE_DOS_SIGNATURE
 #endif

 bool ReadNTHeaders( CSTR ExeName, IMAGE_NT_HEADERS* Hdr, bool getOptHdr )
 {
     bool ok = false;
     if (!Hdr) SetLastError( ERROR_INVALID_PARAMETER );
     else
     {
         IMAGE_DOS_HEADER DosHdr;
         #define FHDR_SIZE   sizeof(Hdr->FileHeader)
         #define OPTHDR_SIZE sizeof(Hdr->OptionalHeader)

         TCHAR name[ MAX_PATH ];
         if (!ExeName)
         {
             GetModuleFileName( NULL, name, dimof(name) );
             ExeName = name;
         }
         HANDLE hFile = CreateFile(
             ExeName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL
             );
         ok = (hFile != _BAD_HANDLE);
         if (ok)
         {
             ZeroMemory( &DosHdr, sizeof(DosHdr) );
             ok = (BlockRead( hFile, &DosHdr, sizeof(DosHdr) ) == sizeof(DosHdr));
             if (ok) ok = (DosHdr.e_magic == MZ_SIGN); // aka. IMAGE_DOS_SIGNATURE
             if (ok) ok = (DosHdr.e_lfanew > 0);
             if (ok) ok = Seek( hFile, DosHdr.e_lfanew, FILE_BEGIN );
             if (ok) ok = (BlockRead( hFile, &Hdr->Signature, 4 ) == 4);
             if (ok) ok = (LOWORD( Hdr->Signature ) == PE_SIGN);
             if (ok)
             {
                 ok = (BlockRead( hFile, &Hdr->FileHeader, FHDR_SIZE ) == FHDR_SIZE);
                 if (!ok) memset( &Hdr->FileHeader, 0, FHDR_SIZE );
             }
             if (ok && getOptHdr)
             {
                 ok = (Hdr->FileHeader.SizeOfOptionalHeader > 0);
                 if (ok) ok = (BlockRead( hFile, &Hdr->OptionalHeader, OPTHDR_SIZE ) == OPTHDR_SIZE);
                 if (!ok) memset( &Hdr->OptionalHeader, 0, OPTHDR_SIZE );
             }
             CloseHandle( hFile );
         }
     }
     return ok;
     #undef FHDR_SIZE
     #undef OPTHDR_SIZE
 }

 WORD GetTargetMachine( CSTR ExeName )
 {
     IMAGE_NT_HEADERS Hdr; IF_DEBUG( memset( &Hdr, 0, sizeof(Hdr) ));
     bool ok = ReadNTHeaders( ExeName, &Hdr, false );
     return ok ? Hdr.FileHeader.Machine : 0;
 }

 bool Is64BitExecutable( CSTR ExeName )
 {
     IMAGE_NT_HEADERS Hdr; IF_DEBUG( memset( &Hdr, 0, sizeof(Hdr) ));
     bool ok = ReadNTHeaders( ExeName, &Hdr, true );
     if (ok)
     {
         ok = (Hdr.OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR64_MAGIC);
         //IMAGE_NT_OPTIONAL_HDR32_MAGIC  0x10b
         //IMAGE_NT_OPTIONAL_HDR64_MAGIC  0x20b
     }
     return ok;
 }

 WORD GetInstanceTargetMachine( HINSTANCE hInst )
 {
     WORD mach = 0; // Return zero on failure
     PIMAGE_DOS_HEADER pDos = (PIMAGE_DOS_HEADER) hInst;
     if (pDos->e_lfanew > 0)
     {
         PIMAGE_NT_HEADERS pHdr = PIMAGE_NT_HEADERS( PBYTE(pDos) + pDos->e_lfanew );
         if (LOWORD( pHdr->Signature ) == PE_SIGN) mach = pHdr->FileHeader.Machine;
     }
     return mach;
 }

 bool Is64BitInstance( HINSTANCE hInst )
 {
     // TODO: Change this to use OptionalHeader.Magic instead of machine Id.
     WORD mach = GetInstanceTargetMachine( hInst );
     return (mach == IMAGE_FILE_MACHINE_AMD64 || mach == IMAGE_FILE_MACHINE_IA64);
 }

 bool Is32BitInstance( HINSTANCE hInst )
 {
     // TODO: Change this to use OptionalHeader.Magic instead of machine Id.
     WORD mach = GetInstanceTargetMachine( hInst );
     return (mach == IMAGE_FILE_MACHINE_I386);
 }

 // Human readable machine type and subsystem type
 // These might belong in a string module, but live here for proximity reasons.

 #ifndef IMAGE_FILE_MACHINE_ALPHA
   #define IMAGE_FILE_MACHINE_ALPHA    0x0184 // Alpha_AXP
   #define IMAGE_FILE_MACHINE_ALPHA64  0x0284 // ALPHA64, AXP64
 #endif
 #ifndef IMAGE_FILE_MACHINE_R3000
   #define IMAGE_FILE_MACHINE_R3000    0x0162 // MIPS little-endian, 0x160 big-endian
   #define IMAGE_FILE_MACHINE_R4000    0x0166 // MIPS little-endian
   #define IMAGE_FILE_MACHINE_R10000   0x0168 // MIPS little-endian
 #endif

 CSTR GetMachineStr( WORD Machine )
 {
     CSTR smach;
     switch( Machine )
     {
     default:                            smach = _T("Undefined"); break;     // Default
     case IMAGE_FILE_MACHINE_UNKNOWN:    smach = _T("Unknown"); break;       // 0
     case IMAGE_FILE_MACHINE_I386:       smach = _T("32 bit (x86)"); break;  // 0x014c // Intel 386.
     case IMAGE_FILE_MACHINE_AMD64:      smach = _T("64 bit (x64)"); break;  // 0x8664 // AMD64 (K8)
     case IMAGE_FILE_MACHINE_IA64:       smach = _T("64 bit (IA64)"); break; // 0x0200 // Intel 64
   #if 1 // PowerPC
     case IMAGE_FILE_MACHINE_POWERPC:    smach = _T("PowerPC"); break;       // 0x01F0 // IBM PowerPC Little-Endian
     case IMAGE_FILE_MACHINE_POWERPCFP:  smach = _T("PowerPC/FP"); break;    // 0x01f1
     // Alpha
     case IMAGE_FILE_MACHINE_ALPHA:      smach = _T("Alpha AXP"); break;     // 0x0184 // Alpha_AXP
     case IMAGE_FILE_MACHINE_ALPHA64:    smach = _T("64 bit (Alpha)"); break; // 0x0284 // ALPHA64, AXP64
   #endif
   #if 1 // MIPS
     case IMAGE_FILE_MACHINE_R3000:      smach = _T("Mips R3000"); break;    // 0x0162 // MIPS little-endian, 0x160 big-endian
     case IMAGE_FILE_MACHINE_R4000:      smach = _T("Mips R4000"); break;    // 0x0166 // MIPS little-endian
     case IMAGE_FILE_MACHINE_R10000:     smach = _T("Mips R10000"); break;   // 0x0168 // MIPS little-endian
     case IMAGE_FILE_MACHINE_WCEMIPSV2:  smach = _T("Mips WCEv2"); break;    // 0x0169 // MIPS little-endian WCE v2
     case IMAGE_FILE_MACHINE_MIPS16:     smach = _T("Mips 16"); break;       // 0x0266 // MIPS
     case IMAGE_FILE_MACHINE_MIPSFPU:    smach = _T("Mips/Fpu"); break;      // 0x0366 // MIPS
     case IMAGE_FILE_MACHINE_MIPSFPU16:  smach = _T("Mips/Fpu16"); break;    // 0x0466 // MIPS
   #endif
   #if 0 // Other (mobile devices)
     case IMAGE_FILE_MACHINE_SH3:        smach = _T("SH3/le"); break;        // 0x01a2 // SH3 little-endian
     case IMAGE_FILE_MACHINE_SH3DSP:     smach = _T("SH3/dsp"); break;       // 0x01a3
     case IMAGE_FILE_MACHINE_SH3E:       smach = _T("SH3E"); break;          // 0x01a4 // SH3E little-endian
     case IMAGE_FILE_MACHINE_SH4:        smach = _T("SH4/le"); break;        // 0x01a6 // SH4 little-endian
     case IMAGE_FILE_MACHINE_SH5:        smach = _T("SH5"); break;           // 0x01a8 // SH5
     case IMAGE_FILE_MACHINE_ARM:        smach = _T("ARM/le"); break;        // 0x01c0 // ARM Little-Endian
     case IMAGE_FILE_MACHINE_THUMB:      smach = _T("Thumb"); break;         // 0x01c2
     case IMAGE_FILE_MACHINE_AM33:       smach = _T("AM33"); break;          // 0x01d3
     case IMAGE_FILE_MACHINE_TRICORE:    smach = _T("TriCore"); break;       // 0x0520 // Infineon
     case IMAGE_FILE_MACHINE_CEF:        smach = _T("CEF"); break;           // 0x0CEF
     case IMAGE_FILE_MACHINE_EBC:        smach = _T("EFI/BC"); break;        // 0x0EBC // EFI Byte Code
     case IMAGE_FILE_MACHINE_M32R:       smach = _T("M32R/le"); break;       // 0x9041 // M32R little-endian
     case IMAGE_FILE_MACHINE_CEE:        smach = _T("CEE"); break;           // 0xC0EE
   #endif
     }
     return smach;
 }

 #ifndef IMAGE_SUBSYSTEM_WINDOWS_BOOT_APPLICATION
   #define IMAGE_SUBSYSTEM_WINDOWS_BOOT_APPLICATION  16
 #endif

 CSTR GetSubSystemStr( WORD SubSys )
 {
     CSTR ss;
     switch( SubSys )
     {
     default:                                ss = _T("Undef"); break;    // Undefined SubSys code.
     case IMAGE_SUBSYSTEM_UNKNOWN:           ss = _T("?"); break;        //0// Unknown subsystem.
     case IMAGE_SUBSYSTEM_NATIVE:            ss = _T("Native"); break;   //1// Image doesn't require a subsystem.
     case IMAGE_SUBSYSTEM_WINDOWS_GUI:       ss = _T("GUI"); break;      //2// Image runs in the Windows GUI subsystem.
     case IMAGE_SUBSYSTEM_WINDOWS_CUI:       ss = _T("Con"); break;      //3// Image runs in the Windows character subsystem.
     case IMAGE_SUBSYSTEM_OS2_CUI:           ss = _T("OS2"); break;      //5// image runs in the OS/2 character subsystem.
     case IMAGE_SUBSYSTEM_POSIX_CUI:         ss = _T("Posix"); break;    //7// image runs in the Posix character subsystem.
     case IMAGE_SUBSYSTEM_NATIVE_WINDOWS:    ss = _T("Drv9x"); break;    //8// image is a native Win9x driver.
     case IMAGE_SUBSYSTEM_WINDOWS_CE_GUI:    ss = _T("WinCE"); break;    //9// Image runs in the Windows CE subsystem.
     case IMAGE_SUBSYSTEM_EFI_APPLICATION:   ss = _T("EFI App"); break;  //10//
     case IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER: ss = _T("EFI Boot"); break; //11//
     case IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER: ss = _T("EFI Drv"); break; //12//
     case IMAGE_SUBSYSTEM_EFI_ROM:            ss = _T("EFI ROM"); break;  //13//
     case IMAGE_SUBSYSTEM_XBOX:               ss = _T("XBox"); break;     //14//
     case IMAGE_SUBSYSTEM_WINDOWS_BOOT_APPLICATION: ss = _T("Boot"); break; //16//
     }
     return ss;
 }

 // EOF
MultiSzLengthW
UINT MultiSzLengthW(WCSTR MultiSz)
Definition: StrFunc.cpp:430

MultiSzLengthA
UINT MultiSzLengthA(ACSTR MultiSz)
Definition: StrFunc.cpp:423

CloseHandleEx
HANDLE CloseHandleEx(HANDLE Hnd)
Definition: KernelUtil.cpp:80

_RtlDestroyEnvironment
_NTFN_EXTERN VOID _RtlDestroyEnvironment(IN PWSTR Environment)

DWORD
unsigned long DWORD
Definition: Common.h:414

ReadNTHeaders
bool ReadNTHeaders(CSTR ExeName, IMAGE_NT_HEADERS *Hdr, bool getOptHdr)
Definition: KernelUtil.cpp:994

LDR_MODULE::BaseAddress
PVOID BaseAddress
Definition: NtTypes.h:88

CheckHandle
HANDLE CheckHandle(HANDLE Hnd)
Definition: KernelUtil.cpp:75

uLib::LargeInt
Definition: LargeInt.h:26

StrFunc.h

ACSTR
const char * ACSTR
Definition: Common.h:345

AddFiletime
FILETIME AddFiletime(FILETIME Time, const FILETIME Add)
Definition: KernelUtil.cpp:595

DeduplicatePathStr
UINT DeduplicatePathStr(TSTR Path)
Definition: KernelUtil.cpp:976

GetEnvironmentSize
bool GetEnvironmentSize(WSTR pwEnv, PUINT pSize, PUINT pUsed)
Definition: KernelUtil.cpp:714

CSTR
#define CSTR
Definition: Common.h:329

IsBadReadWritePtr
bool IsBadReadWritePtr(const PVOID address, UINT_PTR size)
Definition: KernelUtil.cpp:179

DeduplicateCharSepText
UINT DeduplicateCharSepText(INOUT ASTR Text, CHAR Separator, bool caseSens, bool emitSorted)

GetMachineStr
CSTR GetMachineStr(WORD Machine)
Definition: KernelUtil.cpp:1101

WORD
unsigned short WORD
Definition: Common.h:413

IF_DEBUG
#define IF_DEBUG(code)
Definition: Debug.h:236

GetCurrentThreadHandle
HANDLE GetCurrentThreadHandle()
Definition: KernelUtil.cpp:54

WaitFor
bool WaitFor(HANDLE hObj, DWORD msWait)
Definition: KernelUtil.cpp:95

LocalAtomName
CSTR LocalAtomName(ATOM Atom)
Definition: KernelUtil.cpp:43

SetEnvironmentVar
bool SetEnvironmentVar(OPTIO WSTR *pwEnv, IN CSTR Name, IN CSTR Value)
Definition: KernelUtil.cpp:841

CloneEnvironment
WSTR CloneEnvironment(OPTOUT PUINT pLength, OPTOUT PUINT pUsed)
Definition: KernelUtil.cpp:747

IMAGE_FILE_MACHINE_R10000
#define IMAGE_FILE_MACHINE_R10000
Definition: KernelUtil.cpp:1098

DP_DEBUG
#define DP_DEBUG
Definition: Debug.h:85

NtFunc.h

WSTR
wchar_t * WSTR
Definition: Common.h:366

BEGIN_STRSAFE_OVERRIDE
#define BEGIN_STRSAFE_OVERRIDE
Definition: StrFunc.h:28

TSTR
#define TSTR
Definition: Common.h:328

PBYTE
unsigned char * PBYTE
Definition: Common.h:412

IMAGE_FILE_MACHINE_ALPHA64
#define IMAGE_FILE_MACHINE_ALPHA64
Definition: KernelUtil.cpp:1093

ASTR
char * ASTR
Definition: Common.h:344

dimof
#define dimof(x)
Definition: Common.h:949

END_NAMESPACE
#define END_NAMESPACE(name)
Definition: Common.h:225

OPTOUT
#define OPTOUT
Definition: Common.h:264

DPrint
void __cdecl DPrint(int Level, CSTR Fmt,...)
Definition: Debug.cpp:134

MakeDateTime
FILETIME MakeDateTime(WORD Year, WORD Month, WORD Day, WORD Hr, WORD Min, WORD Sec)
Definition: KernelUtil.cpp:606

CreateCapturedProcessEx
HANDLE CreateCapturedProcessEx(OPTIN CSTR ExePath, OPTIN CSTR CmdLn, OPTIN CSTR EnvStr, OPTIN CSTR WorkDir, IN LPSTARTUPINFO pSI, IN DWORD Flags, OPTOUT PHANDLE pRdHnd, OPTOUT PHANDLE pWrHnd, OPTOUT PHANDLE pErrHnd, OPTOUT PHANDLE phThread)
Definition: KernelUtil.cpp:273

GlobalAtomName
CSTR GlobalAtomName(ATOM Atom)
Definition: KernelUtil.cpp:36

GetCurrentProcessHandle
HANDLE GetCurrentProcessHandle()
Definition: KernelUtil.cpp:62

TRACE
#define TRACE(_lvl,...)
Definition: Debug.h:216

GetProcDllData
UINT GetProcDllData(HANDLE hProcess, WCSTR DllName, OUT PLDR_MODULE pModule, bool Localize)

GetInstanceTargetMachine
WORD GetInstanceTargetMachine(HINSTANCE hInst)
Definition: KernelUtil.cpp:1062

OPTHDR_SIZE
#define OPTHDR_SIZE

LDR_MODULE::LoadCount
SHORT LoadCount
Definition: NtTypes.h:94

GetTargetMachine
WORD GetTargetMachine(CSTR ExeName)
Definition: KernelUtil.cpp:1042

UString
Definition: StrFunc.h:632

operator >
bool operator >(FILETIME const &A, FILETIME const &B)
Definition: KernelUtil.cpp:625

IMAGE_SUBSYSTEM_WINDOWS_BOOT_APPLICATION
#define IMAGE_SUBSYSTEM_WINDOWS_BOOT_APPLICATION
Definition: KernelUtil.cpp:1147

FreeEnvironment
WSTR FreeEnvironment(WSTR Env)
Definition: KernelUtil.cpp:797

IMAGE_FILE_MACHINE_ALPHA
#define IMAGE_FILE_MACHINE_ALPHA
Definition: KernelUtil.cpp:1092

GlobalUnlockedHandle
END_STRSAFE_OVERRIDE HANDLE GlobalUnlockedHandle(PVOID Ptr, PUINT pCount)
Definition: KernelUtil.cpp:156

GlobalPurgeAtom
UINT GlobalPurgeAtom(CSTR Name)
Definition: KernelUtil.cpp:23

GetProcDLLRefCount
SHORT GetProcDLLRefCount(HANDLE hProcess, WCSTR DllName)
Definition: KernelUtil.cpp:520

__except_execute
#define __except_execute
Definition: Common.h:647

PrependString
UINT PrependString(INOUT TSTR String, UINT ccBuf, OPTIN TCHAR Sep, CSTR Prolog)

_RtlSetEnvironmentVariable
_NTFN_EXTERN NTSTATUS _RtlSetEnvironmentVariable(IN PWSTR *Environment, IN PUNICODE_STRING Name, IN PUNICODE_STRING Value)

WCSTR
const wchar_t * WCSTR
Definition: Common.h:367

GlobalAllocStrW
WSTR GlobalAllocStrW(UINT Count)
Definition: KernelUtil.cpp:112

IMAGE_FILE_MACHINE_R3000
#define IMAGE_FILE_MACHINE_R3000
Definition: KernelUtil.cpp:1096

GetOrLoadModule
HMODULE GetOrLoadModule(CSTR modName)
Definition: KernelUtil.cpp:376

AppendString
UINT AppendString(INOUT TSTR String, UINT ccBuf, OPTIN TCHAR Sep, CSTR Epilog)

BOOL
BOOL(WINAPI *SysImgList::Shell_GetImageLists)(HIMAGELIST *pimlLarge

mem_AllocStr
#define mem_AllocStr
Definition: StrFunc.h:142

mem_Free
void * mem_Free(void *pBlk)
Definition: MemFunc.cpp:124

SystemTimeToLocalTime
SYSTEMTIME * SystemTimeToLocalTime(SYSTEMTIME *Time)
Definition: KernelUtil.cpp:660

_BAD_HANDLE
#define _BAD_HANDLE
Definition: Common.h:997

UtilFunc.h

operator >=
bool operator >=(FILETIME const &A, FILETIME const &B)
Definition: KernelUtil.cpp:640

GlobalDupStrA
BEGIN_STRSAFE_OVERRIDE ASTR GlobalDupStrA(ACSTR Str, bool isMulti)
Definition: KernelUtil.cpp:119

uLib
Definition: DynArray.h:18

mem_AllocWStr
WSTR mem_AllocWStr(WORD nChar)
Definition: StrFunc.cpp:264

SetLastErrorFromNtStatus
bool SetLastErrorFromNtStatus(NTSTATUS Status)
Definition: Debug.cpp:74

operator<=
bool operator<=(FILETIME const &A, FILETIME const &B)
Definition: KernelUtil.cpp:644

SysErrorMsg
CSTR SysErrorMsg(DWORD Err=0, TSTR Buf=NULL, UINT Length=0)
Definition: Debug.cpp:39

CloseCapturedProcess
HANDLE CloseCapturedProcess(IN HANDLE hProc, IN LPSTARTUPINFO pSi, IN PHANDLE pRdHnd, IN PHANDLE pWrHnd, IN PHANDLE pErrHnd)
Definition: KernelUtil.cpp:337

LargeInt.h

OPTIO
#define OPTIO
Definition: Common.h:265

NullFileTime
const FILETIME NullFileTime
Definition: KernelUtil.cpp:547

UINT64
unsigned __int64 UINT64
Definition: Common.h:400

SYSTEM_TIME
UTC : GetSystemTime().
Definition: UtilFunc.h:712

DefSec
SECURITY_ATTRIBUTES DefSec
Definition: Common.cpp:20

ModifyEnvironmentVar
UINT ModifyEnvironmentVar(WSTR *pwEnv, BYTE Option, CSTR Name, CSTR Addendum, TCHAR Sep)
Definition: KernelUtil.cpp:921

GetProcDLLHandle
HMODULE GetProcDLLHandle(HANDLE hProcess, WCSTR DllName)
Definition: KernelUtil.cpp:531

GlobalAllocStrA
ASTR GlobalAllocStrA(UINT Count)
Definition: KernelUtil.cpp:108

LOCAL_TIME
GetLocalTime().
Definition: UtilFunc.h:711

DP_ERROR
#define DP_ERROR
Definition: Debug.h:82

LocalTimeToSystemTime
SYSTEMTIME * LocalTimeToSystemTime(SYSTEMTIME *Time)
Definition: KernelUtil.cpp:676

BlockRead
UINT BlockRead(HANDLE hFile, PVOID Buf, UINT nBytes)
Definition: IoUtil.cpp:417

GetEnvironmentVar
bool GetEnvironmentVar(OPTIN WSTR pwEnv, IN CSTR Name, OUT TSTR Value, INOUT PUINT ccValBuf)
Definition: KernelUtil.cpp:867

MK_TWOCC
#define MK_TWOCC(S2)
Definition: Common.h:457

Debug.h
Debug and error handling support.

_RtlCreateEnvironment
_NTFN_EXTERN NTSTATUS _RtlCreateEnvironment(IN BOOLEAN Clone, OUT PWSTR *Environment)

FileTimeToLocalTime
FILETIME FileTimeToLocalTime(FILETIME utc)
Definition: KernelUtil.cpp:692

GetSubSystemStr
CSTR GetSubSystemStr(WORD SubSys)
Definition: KernelUtil.cpp:1150

BEGIN_NAMESPACE
#define BEGIN_NAMESPACE(name)
Definition: Common.h:224

Common.h
Common include; Added types, small "ubiquitous" utilities, et c.

operator<
bool operator<(FILETIME const &A, FILETIME const &B)
Definition: KernelUtil.cpp:630

Now
FILETIME Now(eTimeType Domain=LOCAL_TIME)
Definition: KernelUtil.cpp:549

Is32BitInstance
bool Is32BitInstance(HINSTANCE hInst)
Definition: KernelUtil.cpp:1081

LoadProcLibrary
HMODULE LoadProcLibrary(HANDLE hProc, LPCSTR DllPathName, DWORD msWait)
Definition: KernelUtil.cpp:397

PWORD
unsigned short * PWORD
Definition: Common.h:413

AddTime
FILETIME AddTime(IN FILETIME Time, SHORT Hr, SHORT Min, SHORT Sec, SHORT mSec)

_F
#define _F(s)
Definition: Debug.h:49

eTimeType
eTimeType
Definition: UtilFunc.h:709

Is64BitInstance
bool Is64BitInstance(HINSTANCE hInst)
Definition: KernelUtil.cpp:1074

uLib::operator==
bool operator==(FILETIME const &A, FILETIME const &B)
Definition: KernelUtil.cpp:635

BAD_HANDLE
#define BAD_HANDLE(hnd)
Definition: Common.h:1004

GlobalDupStrW
WSTR GlobalDupStrW(WCSTR Str, bool isMulti)
Definition: KernelUtil.cpp:142

Is64BitExecutable
bool Is64BitExecutable(CSTR ExeName)
Definition: KernelUtil.cpp:1049

WCHAR_SIZE
#define WCHAR_SIZE
Definition: Common.h:379

ROUND_UP2
#define ROUND_UP2(x, chunk)
Definition: Common.h:984

MEF_PREPEND
ModifyEnvironmentVar() prepends the Addendum.
Definition: UtilFunc.h:866

UnloadProcLibrary
BOOL UnloadProcLibrary(HANDLE hProc, HMODULE hLib, DWORD msWait)
Definition: KernelUtil.cpp:483

LITERAL
#define LITERAL(type, x)
Definition: Common.h:969

NT_SUCCESS
#define NT_SUCCESS(Status)
Definition: Common.h:154

FHDR_SIZE
#define FHDR_SIZE

DP_VERBOSE
#define DP_VERBOSE
Definition: Debug.h:86

Launch
HANDLE Launch(CSTR exePath, CSTR cmdLn, CSTR startDir, int iShow, DWORD Flags)
Definition: KernelUtil.cpp:188

LDR_MODULE
Definition: NtTypes.h:77

END_STRSAFE_OVERRIDE
#define END_STRSAFE_OVERRIDE
Definition: StrFunc.h:29

CreateCapturedProcess
HANDLE CreateCapturedProcess(IN CSTR cmdLn, IN LPSTARTUPINFO si, IN DWORD Flags, OPTOUT PHANDLE pRdHnd, OPTOUT PHANDLE pWrHnd, OPTOUT PHANDLE pErrHnd, OPTOUT PHANDLE phThread)
Definition: KernelUtil.cpp:218

Seek
bool Seek(HANDLE hFile, LONG Offs, DWORD How)
Definition: IoUtil.cpp:316

DP_WARNING
#define DP_WARNING
Definition: Debug.h:83

SEMICOLON
#define SEMICOLON
Definition: Common.h:1223

BYTE
unsigned char BYTE
Definition: Common.h:412

IsString
bool __forceinline IsString(CSTR Str)
Definition: StrFunc.h:84

TerminateCapturedProcess
HANDLE TerminateCapturedProcess(IN HANDLE hProc, IN LPSTARTUPINFO pSi, IN PHANDLE pRdHnd, IN PHANDLE pWrHnd, IN PHANDLE pErrHnd, IN UINT retCode)
Definition: KernelUtil.cpp:357

uLib::operator !=
bool operator !=(FILETIME const &A, FILETIME const &B)
Definition: KernelUtil.cpp:648

IMAGE_FILE_MACHINE_R4000
#define IMAGE_FILE_MACHINE_R4000
Definition: KernelUtil.cpp:1097

OPTIN
#define OPTIN
Definition: Common.h:263

INOUT
#define INOUT
Definition: Common.h:262