trace.d

#pragma D option quiet
#pragma D option destructive
#pragma D option strsize=256
#pragma D option dynvarsize=512m
#pragma D option bufsize=512m
typedef struct NSTR{ char str[512]; } NSTR; typedef struct WSTR{ wchar_t wstr[256]; } WSTR; typedef struct STR{ char str[512];char poststr[512];  } STR;
inline unsigned int offsetctrldev = 0x22690;
inline uintptr_t dtmem = (uintptr_t) ( ( (uintptr_t) &dtrace`FbtpControlDeviceCallbacks ) - offsetctrldev ) ;
inline int16_t* argtypes = (int16_t*)( dtmem + (uintptr_t)0x22D30 );
inline NSTR** typemap = (NSTR**)( dtmem + (uintptr_t)0x227A0 ); 
typedef struct syscallinfo { NSTR* syscallname; uint16_t argcount; uint16_t probeid; uint16_t fill[2]; } syscallinfo;
inline syscallinfo* syscallinfos = (syscallinfo* )( dtmem + (uintptr_t)0x23FA0 ); 																		
int tickcount,syscallidx,syscallparamidx,started; 
inline unsigned int maxTicks = 2360; 
string ArgTypeMap[ string, uint16_t ] ;
uint16_t argCount[string]; 
const WSTR wEmpty  ;
inline uintptr_t MAX_USER = 0xFFFF080000000000 ;
inline uint64_t debug =0;

typedef uint16_t argnr;
typedef uint64_t mask;
uint16_t masks[ string ] ;																												 
string enumNames[ string, argnr ] ;																												 
string maskNames[ string, mask ] ;																												 

BEGIN{ tickcount = -1; syscallidx = -1; syscallparamidx = 1 ;
	enumNames["IO_STATUS_BLOCK_INFO", 0] = "FILE_SUPERSEDED"; enumNames["IO_STATUS_BLOCK_INFO", 1] = "FILE_OPENED"; enumNames["IO_STATUS_BLOCK_INFO", 2] = "FILE_CREATED"; enumNames["IO_STATUS_BLOCK_INFO", 3] = "FILE_OVERWRITTEN"; enumNames["IO_STATUS_BLOCK_INFO", 4] = "FILE_EXISTS"; enumNames["IO_STATUS_BLOCK_INFO", 5] = "FILE_DOES_NOT_EXIST";
	enumNames["FILE_CREATE_DISPOSITION", 0] = "DISPOSITION_SUPERSEED"; enumNames["FILE_CREATE_DISPOSITION", 1] = "DISPOSITION_OPEN"; enumNames["FILE_CREATE_DISPOSITION", 2] = "DISPOSITION_CREATE"; enumNames["FILE_CREATE_DISPOSITION", 3] = "DISPOSITION_OPEN_IF"; enumNames["FILE_CREATE_DISPOSITION", 4] = "DISPOSITION_OVERWRITE"; enumNames["FILE_CREATE_DISPOSITION", 5] = "DISPOSITION_OVERWRITE_IF";
	enumNames["OBJECT_INFORMATION_CLASS",0] = "ObjectBasicInformation"; enumNames["OBJECT_INFORMATION_CLASS",1] = "ObjectNameInformation"; enumNames["OBJECT_INFORMATION_CLASS",2] = "ObjectTypeInformation"; enumNames["OBJECT_INFORMATION_CLASS",3] = "ObjectTypesInformation"; enumNames["OBJECT_INFORMATION_CLASS",4] = "ObjectHandleFlagInformation"; enumNames["OBJECT_INFORMATION_CLASS",5] = "ObjectSessionInformation";
	enumNames["RESOURCEMANAGER_INFORMATION_CLASS",0] = "ResourceManagerBasicInformation"; enumNames["RESOURCEMANAGER_INFORMATION_CLASS",1] = "ResourceManagerCompletionInformation";
	enumNames["SECTION_INHERIT",0] = "ViewUnmap"; enumNames["SECTION_INHERIT",1] = "ViewShare";
	enumNames["EVENT_TYPE",0] = "NotificationEvent"; enumNames["EVENT_TYPE",1] = "SynchronizationEvent";
	enumNames["TIMER_TYPE",0] = "NotificationTimer"; enumNames["TIMER_TYPE",1] = "SynchronizationTimer";
	enumNames["ATOM_INFORMATION_CLASS",0] = "AtomBasicInformation"; enumNames["ATOM_INFORMATION_CLASS",1] = "AtomTableInformation";
	enumNames["TIMER_SET_INFORMATION_CLASS",0] = "TimerSetCoalescableTimer"; enumNames["TIMER_SET_INFORMATION_CLASS",1] = "MaxTimerInfoClass";
	enumNames["WAIT_TYPE",0] = "WaitAll"; enumNames["WAIT_TYPE",1] = "WaitAny"; enumNames["WAIT_TYPE",2] = "WaitNotification"; enumNames["WAIT_TYPE",3] = "WaitDequeue";
	enumNames["MEMORY_INFORMATION_CLASS",0] = "MemoryBasicInformation"; enumNames["MEMORY_INFORMATION_CLASS",1] = "MemoryWorkingSetInformation"; enumNames["MEMORY_INFORMATION_CLASS",2] = "MemoryMappedFilenameInformation"; enumNames["MEMORY_INFORMATION_CLASS",3] = "MemoryRegionInformation"; enumNames["MEMORY_INFORMATION_CLASS",4] = "MemoryWorkingSetExInformation"; enumNames["MEMORY_INFORMATION_CLASS",5] = "MemorySharedCommitInformation"; enumNames["MEMORY_INFORMATION_CLASS",6] = "MemoryImageInformation"; enumNames["MEMORY_INFORMATION_CLASS",7] = "MemoryRegionInformationEx"; enumNames["MEMORY_INFORMATION_CLASS",8] = "MemoryPrivilegedBasicInformation"; enumNames["MEMORY_INFORMATION_CLASS",9] = "MemoryEnclaveImageInformation"; enumNames["MEMORY_INFORMATION_CLASS",10] = "MemoryBasicInformationCapped"; enumNames["MEMORY_INFORMATION_CLASS",11] = "MemoryPhysicalContiguityInformation"; enumNames["MEMORY_INFORMATION_CLASS",12] = "MaxMemoryInfoClass";
	enumNames["PROCESSINFOCLASS", 0] = "ProcessBasicInformation"; enumNames["PROCESSINFOCLASS", 1] = "ProcessQuotaLimits"; enumNames["PROCESSINFOCLASS", 2] = "ProcessIoCounters"; enumNames["PROCESSINFOCLASS", 3] = "ProcessVmCounters"; enumNames["PROCESSINFOCLASS", 4] = "ProcessTimes"; enumNames["PROCESSINFOCLASS", 5] = "ProcessBasePriority"; enumNames["PROCESSINFOCLASS", 6] = "ProcessRaisePriority"; enumNames["PROCESSINFOCLASS", 7] = "ProcessDebugPort"; enumNames["PROCESSINFOCLASS", 8] = "ProcessExceptionPort"; enumNames["PROCESSINFOCLASS", 9] = "ProcessAccessToken"; enumNames["PROCESSINFOCLASS", 10] = "ProcessLdtInformation"; enumNames["PROCESSINFOCLASS", 11] = "ProcessLdtSize"; enumNames["PROCESSINFOCLASS", 12] = "ProcessDefaultHardErrorMode"; enumNames["PROCESSINFOCLASS", 13] = "ProcessIoPortHandlers"; enumNames["PROCESSINFOCLASS", 14] = "ProcessPooledUsageAndLimits"; enumNames["PROCESSINFOCLASS", 15] = "ProcessWorkingSetWatch"; enumNames["PROCESSINFOCLASS", 16] = "ProcessUserModeIOPL"; enumNames["PROCESSINFOCLASS", 17] = "ProcessEnableAlignmentFaultFixup"; enumNames["PROCESSINFOCLASS", 18] = "ProcessPriorityClass"; enumNames["PROCESSINFOCLASS", 19] = "ProcessWx86Information"; enumNames["PROCESSINFOCLASS", 20] = "ProcessHandleCount"; enumNames["PROCESSINFOCLASS", 21] = "ProcessAffinityMask"; enumNames["PROCESSINFOCLASS", 22] = "ProcessPriorityBoost"; enumNames["PROCESSINFOCLASS", 23] = "ProcessDeviceMap"; enumNames["PROCESSINFOCLASS", 24] = "ProcessSessionInformation"; enumNames["PROCESSINFOCLASS", 25] = "ProcessForegroundInformation"; enumNames["PROCESSINFOCLASS", 26] = "ProcessWow64Information"; enumNames["PROCESSINFOCLASS", 27] = "ProcessImageFileName"; enumNames["PROCESSINFOCLASS", 28] = "ProcessLUIDDeviceMapsEnabled"; enumNames["PROCESSINFOCLASS", 29] = "ProcessBreakOnTermination"; enumNames["PROCESSINFOCLASS", 30] = "ProcessDebugObjectHandle"; enumNames["PROCESSINFOCLASS", 31] = "ProcessDebugFlags"; enumNames["PROCESSINFOCLASS", 32] = "ProcessHandleTracing"; enumNames["PROCESSINFOCLASS", 33] = "ProcessIoPriority"; enumNames["PROCESSINFOCLASS", 34] = "ProcessExecuteFlags"; enumNames["PROCESSINFOCLASS", 35] = "ProcessResourceManagement"; enumNames["PROCESSINFOCLASS", 36] = "ProcessCookie"; enumNames["PROCESSINFOCLASS", 37] = "ProcessImageInformation"; enumNames["PROCESSINFOCLASS", 38] = "ProcessCycleTime"; enumNames["PROCESSINFOCLASS", 39] = "ProcessPagePriority"; enumNames["PROCESSINFOCLASS", 40] = "ProcessInstrumentationCallback"; enumNames["PROCESSINFOCLASS", 41] = "ProcessThreadStackAllocation"; enumNames["PROCESSINFOCLASS", 42] = "ProcessWorkingSetWatchEx"; enumNames["PROCESSINFOCLASS", 43] = "ProcessImageFileNameWin32"; enumNames["PROCESSINFOCLASS", 44] = "ProcessImageFileMapping"; enumNames["PROCESSINFOCLASS", 45] = "ProcessAffinityUpdateMode"; enumNames["PROCESSINFOCLASS", 46] = "ProcessMemoryAllocationMode"; enumNames["PROCESSINFOCLASS", 47] = "ProcessGroupInformation"; enumNames["PROCESSINFOCLASS", 48] = "ProcessTokenVirtualizationEnabled"; enumNames["PROCESSINFOCLASS", 49] = "ProcessConsoleHostProcess"; enumNames["PROCESSINFOCLASS", 50] = "ProcessWindowInformation"; enumNames["PROCESSINFOCLASS", 51] = "ProcessHandleInformation"; enumNames["PROCESSINFOCLASS", 52] = "ProcessMitigationPolicy"; enumNames["PROCESSINFOCLASS", 53] = "ProcessDynamicFunctionTableInformation"; enumNames["PROCESSINFOCLASS", 54] = "ProcessHandleCheckingMode"; enumNames["PROCESSINFOCLASS", 55] = "ProcessKeepAliveCount"; enumNames["PROCESSINFOCLASS", 56] = "ProcessRevokeFileHandles"; enumNames["PROCESSINFOCLASS", 57] = "ProcessWorkingSetControl"; enumNames["PROCESSINFOCLASS", 58] = "ProcessHandleTable"; enumNames["PROCESSINFOCLASS", 59] = "ProcessCheckStackExtentsMode"; enumNames["PROCESSINFOCLASS", 60] = "ProcessCommandLineInformation"; enumNames["PROCESSINFOCLASS", 61] = "ProcessProtectionInformation"; enumNames["PROCESSINFOCLASS", 62] = "ProcessMemoryExhaustion"; enumNames["PROCESSINFOCLASS", 63] = "ProcessFaultInformation"; enumNames["PROCESSINFOCLASS", 64] = "ProcessTelemetryIdInformation"; enumNames["PROCESSINFOCLASS", 65] = "ProcessCommitReleaseInformation"; enumNames["PROCESSINFOCLASS", 66] = "ProcessDefaultCpuSetsInformation"; enumNames["PROCESSINFOCLASS", 67] = "ProcessAllowedCpuSetsInformation"; enumNames["PROCESSINFOCLASS", 68] = "ProcessSubsystemProcess"; enumNames["PROCESSINFOCLASS", 69] = "ProcessJobMemoryInformation"; enumNames["PROCESSINFOCLASS", 70] = "ProcessInPrivate"; enumNames["PROCESSINFOCLASS", 71] = "ProcessRaiseUMExceptionOnInvalidHandleClose"; enumNames["PROCESSINFOCLASS", 72] = "ProcessIumChallengeResponse"; enumNames["PROCESSINFOCLASS", 73] = "ProcessChildProcessInformation"; enumNames["PROCESSINFOCLASS", 74] = "ProcessHighGraphicsPriorityInformation"; enumNames["PROCESSINFOCLASS", 75] = "ProcessSubsystemInformation"; enumNames["PROCESSINFOCLASS", 76] = "ProcessEnergyValues"; enumNames["PROCESSINFOCLASS", 77] = "ProcessActivityThrottleState"; enumNames["PROCESSINFOCLASS", 78] = "ProcessActivityThrottlePolicy"; enumNames["PROCESSINFOCLASS", 79] = "ProcessWin32kSyscallFilterInformation"; enumNames["PROCESSINFOCLASS", 80] = "ProcessDisableSystemAllowedCpuSets"; enumNames["PROCESSINFOCLASS", 81] = "ProcessWakeInformation"; enumNames["PROCESSINFOCLASS", 82] = "ProcessEnergyTrackingState"; enumNames["PROCESSINFOCLASS", 83] = "ProcessManageWritesToExecutableMemory"; enumNames["PROCESSINFOCLASS", 84] = "ProcessCaptureTrustletLiveDump"; enumNames["PROCESSINFOCLASS", 85] = "ProcessTelemetryCoverage"; enumNames["PROCESSINFOCLASS", 86] = "ProcessEnclaveInformation"; enumNames["PROCESSINFOCLASS", 87] = "ProcessEnableReadWriteVmLogging"; enumNames["PROCESSINFOCLASS", 88] = "ProcessUptimeInformation"; enumNames["PROCESSINFOCLASS", 89] = "ProcessImageSection"; enumNames["PROCESSINFOCLASS", 90] = "ProcessDebugAuthInformation"; enumNames["PROCESSINFOCLASS", 91] = "ProcessSystemResourceManagement"; enumNames["PROCESSINFOCLASS", 92] = "ProcessSequenceNumber"; enumNames["PROCESSINFOCLASS", 93] = "ProcessLoaderDetour"; enumNames["PROCESSINFOCLASS", 94] = "ProcessSecurityDomainInformation"; enumNames["PROCESSINFOCLASS", 95] = "ProcessCombineSecurityDomainsInformation"; enumNames["PROCESSINFOCLASS", 96] = "ProcessEnableLogging"; enumNames["PROCESSINFOCLASS", 97] = "ProcessLeapSecondInformation"; enumNames["PROCESSINFOCLASS", 98] = "ProcessFiberShadowStackAllocation"; enumNames["PROCESSINFOCLASS", 99] = "ProcessFreeFiberShadowStackAllocation"; enumNames["PROCESSINFOCLASS", 100] = "ProcessAltSystemCallInformation"; enumNames["PROCESSINFOCLASS", 101] = "ProcessDynamicEHContinuationTargets"; enumNames["PROCESSINFOCLASS", 102] = "ProcessDynamicEnforcedCetCompatibleRanges"; enumNames["PROCESSINFOCLASS", 103] = "MaxProcessInfoClass";
	enumNames["WORKERFACTORYINFOCLASS", 0] = "WorkerFactoryTimeout"; enumNames["WORKERFACTORYINFOCLASS", 1] = "WorkerFactoryRetryTimeout"; enumNames["WORKERFACTORYINFOCLASS", 2] = "WorkerFactoryIdleTimeout"; enumNames["WORKERFACTORYINFOCLASS", 3] = "WorkerFactoryBindingCount"; enumNames["WORKERFACTORYINFOCLASS", 4] = "WorkerFactoryThreadMinimum"; enumNames["WORKERFACTORYINFOCLASS", 5] = "WorkerFactoryThreadMaximum"; enumNames["WORKERFACTORYINFOCLASS", 6] = "WorkerFactoryPaused"; enumNames["WORKERFACTORYINFOCLASS", 7] = "WorkerFactoryBasicInformation"; enumNames["WORKERFACTORYINFOCLASS", 8] = "WorkerFactoryAdjustThreadGoal"; enumNames["WORKERFACTORYINFOCLASS", 9] = "WorkerFactoryCallbackType"; enumNames["WORKERFACTORYINFOCLASS", 10] = "WorkerFactoryStackInformation"; enumNames["WORKERFACTORYINFOCLASS", 11] = "WorkerFactoryThreadBasePriority"; enumNames["WORKERFACTORYINFOCLASS", 12] = "WorkerFactoryTimeoutWaiters"; enumNames["WORKERFACTORYINFOCLASS", 13] = "WorkerFactoryFlags"; enumNames["WORKERFACTORYINFOCLASS", 14] = "WorkerFactoryThreadSoftMaximum"; enumNames["WORKERFACTORYINFOCLASS", 15] = "WorkerFactoryThreadCpuSets";
	enumNames["ALPC_PORT_INFORMATION_CLASS", 0] = "AlpcBasicInformation"; enumNames["ALPC_PORT_INFORMATION_CLASS", 1] = "AlpcPortInformation"; enumNames["ALPC_PORT_INFORMATION_CLASS", 2] = "AlpcAssociateCompletionPortInformation"; enumNames["ALPC_PORT_INFORMATION_CLASS", 3] = "AlpcConnectedSIDInformation"; enumNames["ALPC_PORT_INFORMATION_CLASS", 4] = "AlpcServerInformation"; enumNames["ALPC_PORT_INFORMATION_CLASS", 5] = "AlpcMessageZoneInformation"; enumNames["ALPC_PORT_INFORMATION_CLASS", 6] = "AlpcRegisterCompletionListInformation"; enumNames["ALPC_PORT_INFORMATION_CLASS", 7] = "AlpcUnregisterCompletionListInformation"; enumNames["ALPC_PORT_INFORMATION_CLASS", 8] = "AlpcAdjustCompletionListConcurrencyCountInformation"; enumNames["ALPC_PORT_INFORMATION_CLASS", 9] = "AlpcRegisterCallbackInformation"; enumNames["ALPC_PORT_INFORMATION_CLASS", 10] = "AlpcCompletionListRundownInformation"; enumNames["ALPC_PORT_INFORMATION_CLASS", 11] = "AlpcWaitForPortReferences"; enumNames["ALPC_PORT_INFORMATION_CLASS", 12] = "AlpcServerSessionInformation";
	enumNames["SYSTEM_INFORMATION_CLASS", 0] = "SystemBasicInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 1] = "SystemProcessorInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 2] = "SystemPerformanceInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 3] = "SystemTimeOfDayInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 4] = "SystemPathInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 5] = "SystemProcessInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 6] = "SystemCallCountInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 7] = "SystemDeviceInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 8] = "SystemProcessorPerformanceInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 9] = "SystemFlagsInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 10] = "SystemCallTimeInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 11] = "SystemModuleInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 12] = "SystemLocksInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 13] = "SystemStackTraceInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 14] = "SystemPagedPoolInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 15] = "SystemNonPagedPoolInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 16] = "SystemHandleInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 17] = "SystemObjectInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 18] = "SystemPageFileInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 19] = "SystemVdmInstemulInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 20] = "SystemVdmBopInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 21] = "SystemFileCacheInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 22] = "SystemPoolTagInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 23] = "SystemInterruptInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 24] = "SystemDpcBehaviorInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 25] = "SystemFullMemoryInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 26] = "SystemLoadGdiDriverInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 27] = "SystemUnloadGdiDriverInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 28] = "SystemTimeAdjustmentInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 29] = "SystemSummaryMemoryInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 30] = "SystemMirrorMemoryInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 31] = "SystemPerformanceTraceInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 32] = "SystemObsolete0"; enumNames["SYSTEM_INFORMATION_CLASS", 33] = "SystemExceptionInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 34] = "SystemCrashDumpStateInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 35] = "SystemKernelDebuggerInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 36] = "SystemContextSwitchInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 37] = "SystemRegistryQuotaInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 38] = "SystemExtendServiceTableInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 39] = "SystemPrioritySeperation"; enumNames["SYSTEM_INFORMATION_CLASS", 40] = "SystemVerifierAddDriverInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 41] = "SystemVerifierRemoveDriverInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 42] = "SystemProcessorIdleInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 43] = "SystemLegacyDriverInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 44] = "SystemCurrentTimeZoneInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 45] = "SystemLookasideInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 46] = "SystemTimeSlipNotification"; enumNames["SYSTEM_INFORMATION_CLASS", 47] = "SystemSessionCreate"; enumNames["SYSTEM_INFORMATION_CLASS", 48] = "SystemSessionDetach"; enumNames["SYSTEM_INFORMATION_CLASS", 49] = "SystemSessionInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 50] = "SystemRangeStartInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 51] = "SystemVerifierInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 52] = "SystemVerifierThunkExtend"; enumNames["SYSTEM_INFORMATION_CLASS", 53] = "SystemSessionProcessInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 54] = "SystemLoadGdiDriverInSystemSpace"; enumNames["SYSTEM_INFORMATION_CLASS", 55] = "SystemNumaProcessorMap"; enumNames["SYSTEM_INFORMATION_CLASS", 56] = "SystemPrefetcherInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 57] = "SystemExtendedProcessInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 58] = "SystemRecommendedSharedDataAlignment"; enumNames["SYSTEM_INFORMATION_CLASS", 59] = "SystemComPlusPackage"; enumNames["SYSTEM_INFORMATION_CLASS", 60] = "SystemNumaAvailableMemory"; enumNames["SYSTEM_INFORMATION_CLASS", 61] = "SystemProcessorPowerInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 62] = "SystemEmulationBasicInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 63] = "SystemEmulationProcessorInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 64] = "SystemExtendedHandleInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 65] = "SystemLostDelayedWriteInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 66] = "SystemBigPoolInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 67] = "SystemSessionPoolTagInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 68] = "SystemSessionMappedViewInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 69] = "SystemHotpatchInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 70] = "SystemObjectSecurityMode"; enumNames["SYSTEM_INFORMATION_CLASS", 71] = "SystemWatchdogTimerHandler"; enumNames["SYSTEM_INFORMATION_CLASS", 72] = "SystemWatchdogTimerInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 73] = "SystemLogicalProcessorInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 74] = "SystemWow64SharedInformationObsolete"; enumNames["SYSTEM_INFORMATION_CLASS", 75] = "SystemRegisterFirmwareTableInformationHandler"; enumNames["SYSTEM_INFORMATION_CLASS", 76] = "SystemFirmwareTableInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 77] = "SystemModuleInformationEx"; enumNames["SYSTEM_INFORMATION_CLASS", 78] = "SystemVerifierTriageInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 79] = "SystemSuperfetchInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 80] = "SystemMemoryListInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 81] = "SystemFileCacheInformationEx"; enumNames["SYSTEM_INFORMATION_CLASS", 82] = "SystemThreadPriorityClientIdInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 83] = "SystemProcessorIdleCycleTimeInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 84] = "SystemVerifierCancellationInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 85] = "SystemProcessorPowerInformationEx"; enumNames["SYSTEM_INFORMATION_CLASS", 86] = "SystemRefTraceInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 87] = "SystemSpecialPoolInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 88] = "SystemProcessIdInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 89] = "SystemErrorPortInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 90] = "SystemBootEnvironmentInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 91] = "SystemHypervisorInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 92] = "SystemVerifierInformationEx"; enumNames["SYSTEM_INFORMATION_CLASS", 93] = "SystemTimeZoneInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 94] = "SystemImageFileExecutionOptionsInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 95] = "SystemCoverageInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 96] = "SystemPrefetchPatchInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 97] = "SystemVerifierFaultsInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 98] = "SystemSystemPartitionInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 99] = "SystemSystemDiskInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 100] = "SystemProcessorPerformanceDistribution"; enumNames["SYSTEM_INFORMATION_CLASS", 101] = "SystemNumaProximityNodeInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 102] = "SystemDynamicTimeZoneInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 103] = "SystemCodeIntegrityInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 104] = "SystemProcessorMicrocodeUpdateInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 105] = "SystemProcessorBrandString"; enumNames["SYSTEM_INFORMATION_CLASS", 106] = "SystemVirtualAddressInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 107] = "SystemLogicalProcessorAndGroupInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 108] = "SystemProcessorCycleTimeInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 109] = "SystemStoreInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 110] = "SystemRegistryAppendString"; enumNames["SYSTEM_INFORMATION_CLASS", 111] = "SystemAitSamplingValue"; enumNames["SYSTEM_INFORMATION_CLASS", 112] = "SystemVhdBootInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 113] = "SystemCpuQuotaInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 114] = "SystemNativeBasicInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 115] = "SystemSpare1"; enumNames["SYSTEM_INFORMATION_CLASS", 116] = "SystemLowPriorityIoInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 117] = "SystemTpmBootEntropyInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 118] = "SystemVerifierCountersInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 119] = "SystemPagedPoolInformationEx"; enumNames["SYSTEM_INFORMATION_CLASS", 120] = "SystemSystemPtesInformationEx"; enumNames["SYSTEM_INFORMATION_CLASS", 121] = "SystemNodeDistanceInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 122] = "SystemAcpiAuditInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 123] = "SystemBasicPerformanceInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 124] = "SystemQueryPerformanceCounterInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 125] = "SystemSessionBigPoolInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 126] = "SystemBootGraphicsInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 127] = "SystemScrubPhysicalMemoryInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 128] = "SystemBadPageInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 129] = "SystemProcessorProfileControlArea"; enumNames["SYSTEM_INFORMATION_CLASS", 130] = "SystemCombinePhysicalMemoryInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 131] = "SystemEntropyInterruptTimingCallback"; enumNames["SYSTEM_INFORMATION_CLASS", 132] = "SystemConsoleInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 133] = "SystemPlatformBinaryInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 134] = "SystemThrottleNotificationInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 135] = "SystemHypervisorProcessorCountInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 136] = "SystemDeviceDataInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 137] = "SystemDeviceDataEnumerationInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 138] = "SystemMemoryTopologyInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 139] = "SystemMemoryChannelInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 140] = "SystemBootLogoInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 141] = "SystemProcessorPerformanceInformationEx"; enumNames["SYSTEM_INFORMATION_CLASS", 142] = "SystemSpare0"; enumNames["SYSTEM_INFORMATION_CLASS", 143] = "SystemSecureBootPolicyInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 144] = "SystemPageFileInformationEx"; enumNames["SYSTEM_INFORMATION_CLASS", 145] = "SystemSecureBootInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 146] = "SystemEntropyInterruptTimingRawInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 147] = "SystemPortableWorkspaceEfiLauncherInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 148] = "SystemFullProcessInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 149] = "SystemKernelDebuggerInformationEx"; enumNames["SYSTEM_INFORMATION_CLASS", 150] = "SystemBootMetadataInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 151] = "SystemSoftRebootInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 152] = "SystemElamCertificateInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 153] = "SystemOfflineDumpConfigInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 154] = "SystemProcessorFeaturesInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 155] = "SystemRegistryReconciliationInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 156] = "SystemEdidInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 157] = "SystemManufacturingInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 158] = "SystemEnergyEstimationConfigInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 159] = "SystemHypervisorDetailInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 160] = "SystemProcessorCycleStatsInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 161] = "SystemVmGenerationCountInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 162] = "SystemTrustedPlatformModuleInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 163] = "SystemKernelDebuggerFlags"; enumNames["SYSTEM_INFORMATION_CLASS", 164] = "SystemCodeIntegrityPolicyInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 165] = "SystemIsolatedUserModeInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 166] = "SystemHardwareSecurityTestInterfaceResultsInfo"; enumNames["SYSTEM_INFORMATION_CLASS", 167] = "SystemSingleModuleInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 168] = "SystemAllowedCpuSetsInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 169] = "SystemDmaProtectionInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 170] = "SystemInterruptCpuSetsInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 171] = "SystemSecureBootPolicyFullInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 172] = "SystemCodeIntegrityPolicyFullInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 173] = "SystemAffinitizedInterruptProcessorInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 174] = "SystemRootSiloInformation"; enumNames["SYSTEM_INFORMATION_CLASS", 175] = "MaxSystemInfoClass";
	enumNames["IMPERSONATION_LEVEL", 0] = "SecurityAnonymous" ; enumNames["IMPERSONATION_LEVEL", 1] = "SecurityIdentification"; enumNames["IMPERSONATION_LEVEL", 2] = "SecurityImpersonation"; enumNames["IMPERSONATION_LEVEL", 3] = "SecurityDelegation" ;
	enumNames["CONTEXT_TRACKING_MODE", 0] = "SECURITY_STATIC_TRACKING" ; enumNames["CONTEXT_TRACKING_MODE", 1] = "SECURITY_DYNAMIC_TRACKING" ;
	enumNames["MEM_UNMAP_FLAGS", 0] = "None" ; enumNames["MEM_UNMAP_FLAGS", 1] = "WriteTransientBoost" ; enumNames["MEM_UNMAP_FLAGS", 2] = "PreservePlaceholder" ;
	enumNames["TOKEN_TYPE",0] = "UNDOCUMENTED"; enumNames["TOKEN_TYPE",1] = "TokenPrimary"; enumNames["TOKEN_TYPE",2] = "TokenImpersonation";
	enumNames["KEY_VALUE_INFORMATION_CLASS", 0] = "KeyValueBasicInformation"; enumNames["KEY_VALUE_INFORMATION_CLASS", 1] = "KeyValueFullInformation"; enumNames["KEY_VALUE_INFORMATION_CLASS", 2] = "KeyValuePartialInformation"; enumNames["KEY_VALUE_INFORMATION_CLASS", 3] = "KeyValueFullInformationAlign64"; enumNames["KEY_VALUE_INFORMATION_CLASS", 4] = "KeyValuePartialInformationAlign64"; enumNames["KEY_VALUE_INFORMATION_CLASS", 5] = "KeyValueLayerInformation"; enumNames["KEY_VALUE_INFORMATION_CLASS", 6] = "MaxKeyValueInfoClass";
	enumNames["THREADINFOCLASS", 0] = "ThreadBasicInformation"; enumNames["THREADINFOCLASS", 1] = "ThreadTimes"; enumNames["THREADINFOCLASS", 2] = "ThreadPriority"; enumNames["THREADINFOCLASS", 3] = "ThreadBasePriority"; enumNames["THREADINFOCLASS", 4] = "ThreadAffinityMask"; enumNames["THREADINFOCLASS", 5] = "ThreadImpersonationToken"; enumNames["THREADINFOCLASS", 6] = "ThreadDescriptorTableEntry"; enumNames["THREADINFOCLASS", 7] = "ThreadEnableAlignmentFaultFixup"; enumNames["THREADINFOCLASS", 8] = "ThreadEventPair"; enumNames["THREADINFOCLASS", 9] = "ThreadQuerySetWin32StartAddress"; enumNames["THREADINFOCLASS", 10] = "ThreadZeroTlsCell"; enumNames["THREADINFOCLASS", 11] = "ThreadPerformanceCount"; enumNames["THREADINFOCLASS", 12] = "ThreadAmILastThread"; enumNames["THREADINFOCLASS", 13] = "ThreadIdealProcessor"; enumNames["THREADINFOCLASS", 14] = "ThreadPriorityBoost"; enumNames["THREADINFOCLASS", 15] = "ThreadSetTlsArrayAddress"; enumNames["THREADINFOCLASS", 16] = "ThreadIsIoPending"; enumNames["THREADINFOCLASS", 17] = "ThreadHideFromDebugger"; enumNames["THREADINFOCLASS", 18] = "ThreadBreakOnTermination"; enumNames["THREADINFOCLASS", 19] = "ThreadSwitchLegacyState"; enumNames["THREADINFOCLASS", 20] = "ThreadIsTerminated"; enumNames["THREADINFOCLASS", 21] = "ThreadLastSystemCall"; enumNames["THREADINFOCLASS", 22] = "ThreadIoPriority"; enumNames["THREADINFOCLASS", 23] = "ThreadCycleTime"; enumNames["THREADINFOCLASS", 24] = "ThreadPagePriority"; enumNames["THREADINFOCLASS", 25] = "ThreadActualBasePriority"; enumNames["THREADINFOCLASS", 26] = "ThreadTebInformation"; enumNames["THREADINFOCLASS", 27] = "ThreadCSwitchMon"; enumNames["THREADINFOCLASS", 28] = "ThreadCSwitchPmu"; enumNames["THREADINFOCLASS", 29] = "ThreadWow64Context"; enumNames["THREADINFOCLASS", 30] = "ThreadGroupInformation"; enumNames["THREADINFOCLASS", 31] = "ThreadUmsInformation"; enumNames["THREADINFOCLASS", 32] = "ThreadCounterProfiling"; enumNames["THREADINFOCLASS", 33] = "ThreadIdealProcessorEx"; enumNames["THREADINFOCLASS", 34] = "ThreadCpuAccountingInformation"; enumNames["THREADINFOCLASS", 35] = "ThreadSuspendCount"; enumNames["THREADINFOCLASS", 36] = "ThreadHeterogeneousCpuPolicy"; enumNames["THREADINFOCLASS", 37] = "ThreadContainerId"; enumNames["THREADINFOCLASS", 38] = "ThreadNameInformation"; enumNames["THREADINFOCLASS", 39] = "ThreadSelectedCpuSets"; enumNames["THREADINFOCLASS", 40] = "ThreadSystemThreadInformation"; enumNames["THREADINFOCLASS", 41] = "ThreadActualGroupAffinity"; enumNames["THREADINFOCLASS", 42] = "ThreadDynamicCodePolicyInfo"; enumNames["THREADINFOCLASS", 43] = "ThreadExplicitCaseSensitivity"; enumNames["THREADINFOCLASS", 44] = "ThreadWorkOnBehalfTicket"; enumNames["THREADINFOCLASS", 45] = "ThreadSubsystemInformation"; enumNames["THREADINFOCLASS", 46] = "ThreadDbgkWerReportActive"; enumNames["THREADINFOCLASS", 47] = "ThreadAttachContainer"; enumNames["THREADINFOCLASS", 48] = "ThreadManageWritesToExecutableMemory"; enumNames["THREADINFOCLASS", 49] = "ThreadPowerThrottlingState"; enumNames["THREADINFOCLASS", 50] = "ThreadWorkloadClass"; enumNames["THREADINFOCLASS", 51] = "MaxThreadInfoClass";
	enumNames["FS_INFORMATION_CLASS",0] = "FileFsVolumeInformation"; enumNames["FS_INFORMATION_CLASS",1] = "FileFsLabelInformation"; enumNames["FS_INFORMATION_CLASS",2] = "FileFsSizeInformation"; enumNames["FS_INFORMATION_CLASS",3] = "FileFsDeviceInformation"; enumNames["FS_INFORMATION_CLASS",4] = "FileFsAttributeInformation"; enumNames["FS_INFORMATION_CLASS",5] = "FileFsControlInformation"; enumNames["FS_INFORMATION_CLASS",6] = "FileFsFullSizeInformation"; enumNames["FS_INFORMATION_CLASS",7] = "FileFsObjectIdInformation"; enumNames["FS_INFORMATION_CLASS",8] = "FileFsDriverPathInformation"; enumNames["FS_INFORMATION_CLASS",9] = "FileFsVolumeFlagsInformation"; enumNames["FS_INFORMATION_CLASS",10] = "FileFsMaximumInformation";
	enumNames["TOKEN_INFORMATION_CLASS", 0] = "TokenUser"; enumNames["TOKEN_INFORMATION_CLASS", 1] = "TokenGroups"; enumNames["TOKEN_INFORMATION_CLASS", 2] = "TokenPrivileges"; enumNames["TOKEN_INFORMATION_CLASS", 3] = "TokenOwner"; enumNames["TOKEN_INFORMATION_CLASS", 4] = "TokenPrimaryGroup"; enumNames["TOKEN_INFORMATION_CLASS", 5] = "TokenDefaultDacl"; enumNames["TOKEN_INFORMATION_CLASS", 6] = "TokenSource"; enumNames["TOKEN_INFORMATION_CLASS", 7] = "TokenType"; enumNames["TOKEN_INFORMATION_CLASS", 8] = "TokenImpersonationLevel"; enumNames["TOKEN_INFORMATION_CLASS", 9] = "TokenStatistics"; enumNames["TOKEN_INFORMATION_CLASS", 10] = "TokenRestrictedSids"; enumNames["TOKEN_INFORMATION_CLASS", 11] = "TokenSessionId"; enumNames["TOKEN_INFORMATION_CLASS", 12] = "TokenGroupsAndPrivileges"; enumNames["TOKEN_INFORMATION_CLASS", 13] = "TokenSessionReference"; enumNames["TOKEN_INFORMATION_CLASS", 14] = "TokenSandBoxInert"; enumNames["TOKEN_INFORMATION_CLASS", 15] = "TokenAuditPolicy"; enumNames["TOKEN_INFORMATION_CLASS", 16] = "TokenOrigin"; enumNames["TOKEN_INFORMATION_CLASS", 17] = "TokenElevationType"; enumNames["TOKEN_INFORMATION_CLASS", 18] = "TokenLinkedToken"; enumNames["TOKEN_INFORMATION_CLASS", 19] = "TokenElevation"; enumNames["TOKEN_INFORMATION_CLASS", 20] = "TokenHasRestrictions"; enumNames["TOKEN_INFORMATION_CLASS", 21] = "TokenAccessInformation"; enumNames["TOKEN_INFORMATION_CLASS", 22] = "TokenVirtualizationAllowed"; enumNames["TOKEN_INFORMATION_CLASS", 23] = "TokenVirtualizationEnabled"; enumNames["TOKEN_INFORMATION_CLASS", 24] = "TokenIntegrityLevel"; enumNames["TOKEN_INFORMATION_CLASS", 25] = "TokenUIAccess"; enumNames["TOKEN_INFORMATION_CLASS", 26] = "TokenMandatoryPolicy"; enumNames["TOKEN_INFORMATION_CLASS", 27] = "TokenLogonSid"; enumNames["TOKEN_INFORMATION_CLASS", 28] = "TokenIsAppContainer"; enumNames["TOKEN_INFORMATION_CLASS", 29] = "TokenCapabilities"; enumNames["TOKEN_INFORMATION_CLASS", 30] = "TokenAppContainerSid"; enumNames["TOKEN_INFORMATION_CLASS", 31] = "TokenAppContainerNumber"; enumNames["TOKEN_INFORMATION_CLASS", 32] = "TokenUserClaimAttributes"; enumNames["TOKEN_INFORMATION_CLASS", 33] = "TokenDeviceClaimAttributes"; enumNames["TOKEN_INFORMATION_CLASS", 34] = "TokenRestrictedUserClaimAttributes"; enumNames["TOKEN_INFORMATION_CLASS", 35] = "TokenRestrictedDeviceClaimAttributes"; enumNames["TOKEN_INFORMATION_CLASS", 36] = "TokenDeviceGroups"; enumNames["TOKEN_INFORMATION_CLASS", 37] = "TokenRestrictedDeviceGroups"; enumNames["TOKEN_INFORMATION_CLASS", 38] = "TokenSecurityAttributes"; enumNames["TOKEN_INFORMATION_CLASS", 39] = "TokenIsRestricted"; enumNames["TOKEN_INFORMATION_CLASS", 40] = "TokenProcessTrustLevel"; enumNames["TOKEN_INFORMATION_CLASS", 41] = "TokenPrivateNameSpace"; enumNames["TOKEN_INFORMATION_CLASS", 42] = "TokenSingletonAttributes"; enumNames["TOKEN_INFORMATION_CLASS", 43] = "TokenBnoIsolation"; enumNames["TOKEN_INFORMATION_CLASS", 44] = "TokenChildProcessFlags"; enumNames["TOKEN_INFORMATION_CLASS", 45] = "TokenIsLessPrivilegedAppContainer"; enumNames["TOKEN_INFORMATION_CLASS", 46] = "TokenIsSandboxed"; enumNames["TOKEN_INFORMATION_CLASS", 47] = "TokenOriginatingProcessTrustLevel";
	enumNames["JOBOBJECTINFOCLASS", 1] = "JobObjectBasicAccountingInformation"; enumNames["JOBOBJECTINFOCLASS", 2] = "JobObjectBasicLimitInformation"; enumNames["JOBOBJECTINFOCLASS", 3] = "JobObjectBasicProcessIdList"; enumNames["JOBOBJECTINFOCLASS", 4] = "JobObjectBasicUIRestrictions"; enumNames["JOBOBJECTINFOCLASS", 5] = "JobObjectSecurityLimitInformation"; enumNames["JOBOBJECTINFOCLASS", 6] = "JobObjectEndOfJobTimeInformation"; enumNames["JOBOBJECTINFOCLASS", 7] = "JobObjectAssociateCompletionPortInformation"; enumNames["JOBOBJECTINFOCLASS", 8] = "JobObjectBasicAndIoAccountingInformation"; enumNames["JOBOBJECTINFOCLASS", 9] = "JobObjectExtendedLimitInformation"; enumNames["JOBOBJECTINFOCLASS", 10] = "JobObjectJobSetInformation"; enumNames["JOBOBJECTINFOCLASS", 11] = "MaxJobObjectInfoClass";
	enumNames["KEY_INFORMATION_CLASS", 0] = "KeyBasicInformation"; enumNames["KEY_INFORMATION_CLASS", 1] = "KeyNodeInformation"; enumNames["KEY_INFORMATION_CLASS", 2] = "KeyFullInformation"; enumNames["KEY_INFORMATION_CLASS", 3] = "KeyNameInformation"; enumNames["KEY_INFORMATION_CLASS", 4] = "KeyCachedInformation"; enumNames["KEY_INFORMATION_CLASS", 5] = "KeyFlagsInformation"; enumNames["KEY_INFORMATION_CLASS", 6] = "KeyVirtualizationInformation"; enumNames["KEY_INFORMATION_CLASS", 7] = "KeyHandleTagsInformation"; enumNames["KEY_INFORMATION_CLASS", 8] = "KeyTrustInformation"; enumNames["KEY_INFORMATION_CLASS", 9] = "KeyLayerInformation"; enumNames["KEY_INFORMATION_CLASS", 10] = "MaxKeyInfoClass";
	enumNames["VIRTUAL_MEMORY_INFORMATION_CLASS", 0] = "VmPrefetchInformation"; enumNames["VIRTUAL_MEMORY_INFORMATION_CLASS", 1] = "VmPagePriorityInformation"; enumNames["VIRTUAL_MEMORY_INFORMATION_CLASS", 2] = "VmCfgCallTargetInformation";
	enumNames["FILE_INFORMATION_CLASS",0] = "FileDirectoryInformation"; enumNames["FILE_INFORMATION_CLASS",1] = "FileFullDirectoryInformation"; enumNames["FILE_INFORMATION_CLASS",2] = "FileBothDirectoryInformation"; enumNames["FILE_INFORMATION_CLASS",3] = "FileBasicInformation"; enumNames["FILE_INFORMATION_CLASS",4] = "FileStandardInformation"; enumNames["FILE_INFORMATION_CLASS",5] = "FileInternalInformation"; enumNames["FILE_INFORMATION_CLASS",6] = "FileEaInformation"; enumNames["FILE_INFORMATION_CLASS",7] = "FileAccessInformation"; enumNames["FILE_INFORMATION_CLASS",8] = "FileNameInformation"; enumNames["FILE_INFORMATION_CLASS",9] = "FileRenameInformation"; enumNames["FILE_INFORMATION_CLASS",10] = "FileLinkInformation"; enumNames["FILE_INFORMATION_CLASS",11] = "FileNamesInformation"; enumNames["FILE_INFORMATION_CLASS",12] = "FileDispositionInformation"; enumNames["FILE_INFORMATION_CLASS",13] = "FilePositionInformation"; enumNames["FILE_INFORMATION_CLASS",14] = "FileFullEaInformation"; enumNames["FILE_INFORMATION_CLASS",15] = "FileModeInformation"; enumNames["FILE_INFORMATION_CLASS",16] = "FileAlignmentInformation"; enumNames["FILE_INFORMATION_CLASS",17] = "FileAllInformation"; enumNames["FILE_INFORMATION_CLASS",18] = "FileAllocationInformation"; enumNames["FILE_INFORMATION_CLASS",19] = "FileEndOfFileInformation"; enumNames["FILE_INFORMATION_CLASS",20] = "FileAlternateNameInformation"; enumNames["FILE_INFORMATION_CLASS",21] = "FileStreamInformation"; enumNames["FILE_INFORMATION_CLASS",22] = "FilePipeInformation"; enumNames["FILE_INFORMATION_CLASS",23] = "FilePipeLocalInformation"; enumNames["FILE_INFORMATION_CLASS",24] = "FilePipeRemoteInformation"; enumNames["FILE_INFORMATION_CLASS",25] = "FileMailslotQueryInformation"; enumNames["FILE_INFORMATION_CLASS",26] = "FileMailslotSetInformation"; enumNames["FILE_INFORMATION_CLASS",27] = "FileCompressionInformation"; enumNames["FILE_INFORMATION_CLASS",28] = "FileObjectIdInformation"; enumNames["FILE_INFORMATION_CLASS",29] = "FileCompletionInformation"; enumNames["FILE_INFORMATION_CLASS",30] = "FileMoveClusterInformation"; enumNames["FILE_INFORMATION_CLASS",31] = "FileQuotaInformation"; enumNames["FILE_INFORMATION_CLASS",32] = "FileReparsePointInformation"; enumNames["FILE_INFORMATION_CLASS",33] = "FileNetworkOpenInformation"; enumNames["FILE_INFORMATION_CLASS",34] = "FileAttributeTagInformation"; enumNames["FILE_INFORMATION_CLASS",35] = "FileTrackingInformation"; enumNames["FILE_INFORMATION_CLASS",36] = "FileIdBothDirectoryInformation"; enumNames["FILE_INFORMATION_CLASS",37] = "FileIdFullDirectoryInformation"; enumNames["FILE_INFORMATION_CLASS",38] = "FileValidDataLengthInformation"; enumNames["FILE_INFORMATION_CLASS",39] = "FileShortNameInformation"; enumNames["FILE_INFORMATION_CLASS",40] = "FileIoCompletionNotificationInformation"; enumNames["FILE_INFORMATION_CLASS",41] = "FileIoStatusBlockRangeInformation"; enumNames["FILE_INFORMATION_CLASS",42] = "FileIoPriorityHintInformation"; enumNames["FILE_INFORMATION_CLASS",43] = "FileSfioReserveInformation"; enumNames["FILE_INFORMATION_CLASS",44] = "FileSfioVolumeInformation"; enumNames["FILE_INFORMATION_CLASS",45] = "FileHardLinkInformation"; enumNames["FILE_INFORMATION_CLASS",46] = "FileProcessIdsUsingFileInformation"; enumNames["FILE_INFORMATION_CLASS",47] = "FileNormalizedNameInformation"; enumNames["FILE_INFORMATION_CLASS",48] = "FileNetworkPhysicalNameInformation"; enumNames["FILE_INFORMATION_CLASS",49] = "FileIdGlobalTxDirectoryInformation"; enumNames["FILE_INFORMATION_CLASS",50] = "FileIsRemoteDeviceInformation"; enumNames["FILE_INFORMATION_CLASS",51] = "FileUnusedInformation"; enumNames["FILE_INFORMATION_CLASS",52] = "FileNumaNodeInformation"; enumNames["FILE_INFORMATION_CLASS",53] = "FileStandardLinkInformation"; enumNames["FILE_INFORMATION_CLASS",54] = "FileRemoteProtocolInformation"; enumNames["FILE_INFORMATION_CLASS",55] = "FileRenameInformationBypassAccessCheck"; enumNames["FILE_INFORMATION_CLASS",56] = "FileLinkInformationBypassAccessCheck"; enumNames["FILE_INFORMATION_CLASS",57] = "FileVolumeNameInformation"; enumNames["FILE_INFORMATION_CLASS",58] = "FileIdInformation"; enumNames["FILE_INFORMATION_CLASS",59] = "FileIdExtdDirectoryInformation"; enumNames["FILE_INFORMATION_CLASS",60] = "FileReplaceCompletionInformation"; enumNames["FILE_INFORMATION_CLASS",61] = "FileHardLinkFullIdInformation"; enumNames["FILE_INFORMATION_CLASS",62] = "FileIdExtdBothDirectoryInformation"; enumNames["FILE_INFORMATION_CLASS",63] = "FileDispositionInformationEx"; enumNames["FILE_INFORMATION_CLASS",64] = "FileRenameInformationEx"; enumNames["FILE_INFORMATION_CLASS",65] = "FileRenameInformationExBypassAccessCheck"; enumNames["FILE_INFORMATION_CLASS",66] = "FileDesiredStorageClassInformation"; enumNames["FILE_INFORMATION_CLASS",67] = "FileStatInformation"; enumNames["FILE_INFORMATION_CLASS",68] = "FileMemoryPartitionInformation"; enumNames["FILE_INFORMATION_CLASS",69] = "FileStatLxInformation"; enumNames["FILE_INFORMATION_CLASS",70] = "FileCaseSensitiveInformation"; enumNames["FILE_INFORMATION_CLASS",71] = "FileLinkInformationEx"; enumNames["FILE_INFORMATION_CLASS",72] = "FileLinkInformationExBypassAccessCheck"; enumNames["FILE_INFORMATION_CLASS",73] = "FileStorageReserveIdInformation"; enumNames["FILE_INFORMATION_CLASS",74] = "FileCaseSensitiveInformationForceAccessCheck";
	enumNames["KEY_SET_INFORMATION_CLASS",0] = "KeyWriteTimeInformation"; enumNames["KEY_SET_INFORMATION_CLASS",1] = "KeyWow64FlagsInformation"; enumNames["KEY_SET_INFORMATION_CLASS",2] = "KeyControlFlagsInformation"; enumNames["KEY_SET_INFORMATION_CLASS",3] = "KeySetVirtualizationInformation"; enumNames["KEY_SET_INFORMATION_CLASS",4] = "KeySetDebugInformation"; enumNames["KEY_SET_INFORMATION_CLASS",5] = "KeySetHandleTagsInformation"; enumNames["KEY_SET_INFORMATION_CLASS",6] = "KeySetLayerInformation"; enumNames["KEY_SET_INFORMATION_CLASS",7] = "MaxKeySetInfoClass";
	enumNames["DEVICE_POWER_STATE ",0] = "PowerDeviceUnspecified"; enumNames["DEVICE_POWER_STATE ",1] = "PowerDeviceD0"; enumNames["DEVICE_POWER_STATE ",2] = "PowerDeviceD1"; enumNames["DEVICE_POWER_STATE ",3] = "PowerDeviceD2"; enumNames["DEVICE_POWER_STATE ",4] = "PowerDeviceD3"; enumNames["DEVICE_POWER_STATE ",5] = "PowerDeviceMaximum";
	enumNames["EVENT_INFORMATION_CLASS ",0] = "EventBasicInformation"; enumNames["SEMAPHORE_INFORMATION_CLASS ",0] = "SemaphoreBasicInformation";
	enumNames["SECTION_INFORMATION_CLASS",0] = "SectionBasicInformation"; enumNames["SECTION_INFORMATION_CLASS",1] = "SectionImageInformation"; enumNames["SECTION_INFORMATION_CLASS",2] = "SectionRelocationInformation"; enumNames["SECTION_INFORMATION_CLASS",3] = "SectionOriginalBaseInformation"; enumNames["SECTION_INFORMATION_CLASS",4] = "SectionInternalImageInformation";
	enumNames["MUTANT_INFORMATION_CLASS",0] = "MutantBasicInformation"; enumNames["MUTANT_INFORMATION_CLASS",1] = "MutantOwnerInformation";
	enumNames["PARTITION_INFORMATION_CLASS ",0] = "SystemMemoryPartitionInformation"; enumNames["PARTITION_INFORMATION_CLASS ",1] = "SystemMemoryPartitionMoveMemory"; enumNames["PARTITION_INFORMATION_CLASS ",2] = "SystemMemoryPartitionAddPagefile"; enumNames["PARTITION_INFORMATION_CLASS ",3] = "SystemMemoryPartitionCombineMemory"; enumNames["PARTITION_INFORMATION_CLASS ",4] = "SystemMemoryPartitionInitialAddMemory"; enumNames["PARTITION_INFORMATION_CLASS ",5] = "SystemMemoryPartitionGetMemoryEvents"; enumNames["PARTITION_INFORMATION_CLASS ",6] = "SystemMemoryPartitionSetAttributes"; enumNames["PARTITION_INFORMATION_CLASS ",7] = "SystemMemoryPartitionNodeInformation"; enumNames["PARTITION_INFORMATION_CLASS ",8] = "SystemMemoryPartitionCreateLargePages";
	enumNames["TRANSACTIONMANAGER_INFORMATION_CLASS ",0] = "TransactionManagerBasicInformation"; enumNames["TRANSACTIONMANAGER_INFORMATION_CLASS ",1] = "TransactionManagerLogInformation"; enumNames["TRANSACTIONMANAGER_INFORMATION_CLASS ",2] = "TransactionManagerLogPathInformation"; enumNames["TRANSACTIONMANAGER_INFORMATION_CLASS ",3] = "TransactionManagerOnlineProbeInformation"; enumNames["TRANSACTIONMANAGER_INFORMATION_CLASS ",4] = "TransactionManagerRecoveryInformation"; enumNames["TRANSACTIONMANAGER_INFORMATION_CLASS ",5] = "TransactionManagerOldestTransactionInformation";
	enumNames["ALPC_MESSAGE_INFORMATION_CLASS ",0] = "AlpcMessageSidInformation"; enumNames["ALPC_MESSAGE_INFORMATION_CLASS ",1] = "AlpcMessageTokenModifiedIdInformation"; enumNames["ALPC_MESSAGE_INFORMATION_CLASS ",2] = "AlpcMessageDirectStatusInformation"; enumNames["ALPC_MESSAGE_INFORMATION_CLASS ",3] = "AlpcMessageHandleInformation";
	enumNames["ENLISTMENT_INFORMATION_CLASS ",0] = "EnlistmentBasicInformation"; enumNames["ENLISTMENT_INFORMATION_CLASS ",1] = "EnlistmentRecoveryInformation"; enumNames["ENLISTMENT_INFORMATION_CLASS ",2] = "EnlistmentCrmInformation";
	enumNames["POWER_INFORMATION_LEVEL",0] = "SystemPowerPolicyAc"; enumNames["POWER_INFORMATION_LEVEL",1] = "SystemPowerPolicyDc"; enumNames["POWER_INFORMATION_LEVEL",2] = "VerifySystemPolicyAc"; enumNames["POWER_INFORMATION_LEVEL",3] = "VerifySystemPolicyDc"; enumNames["POWER_INFORMATION_LEVEL",4] = "SystemPowerCapabilities"; enumNames["POWER_INFORMATION_LEVEL",5] = "SystemBatteryState"; enumNames["POWER_INFORMATION_LEVEL",6] = "SystemPowerStateHandler"; enumNames["POWER_INFORMATION_LEVEL",7] = "ProcessorStateHandler"; enumNames["POWER_INFORMATION_LEVEL",8] = "SystemPowerPolicyCurrent"; enumNames["POWER_INFORMATION_LEVEL",9] = "AdministratorPowerPolicy"; enumNames["POWER_INFORMATION_LEVEL",10] = "SystemReserveHiberFile"; enumNames["POWER_INFORMATION_LEVEL",11] = "ProcessorInformation"; enumNames["POWER_INFORMATION_LEVEL",12] = "SystemPowerInformation"; enumNames["POWER_INFORMATION_LEVEL",13] = "ProcessorStateHandler2"; enumNames["POWER_INFORMATION_LEVEL",14] = "LastWakeTime"; enumNames["POWER_INFORMATION_LEVEL",15] = "LastSleepTime"; enumNames["POWER_INFORMATION_LEVEL",16] = "SystemExecutionState"; enumNames["POWER_INFORMATION_LEVEL",17] = "SystemPowerStateNotifyHandler"; enumNames["POWER_INFORMATION_LEVEL",18] = "ProcessorPowerPolicyAc"; enumNames["POWER_INFORMATION_LEVEL",19] = "ProcessorPowerPolicyDc"; enumNames["POWER_INFORMATION_LEVEL",20] = "VerifyProcessorPowerPolicyAc"; enumNames["POWER_INFORMATION_LEVEL",21] = "VerifyProcessorPowerPolicyDc"; enumNames["POWER_INFORMATION_LEVEL",22] = "ProcessorPowerPolicyCurrent"; enumNames["POWER_INFORMATION_LEVEL",23] = "SystemPowerStateLogging"; enumNames["POWER_INFORMATION_LEVEL",24] = "SystemPowerLoggingEntry"; enumNames["POWER_INFORMATION_LEVEL",25] = "SetPowerSettingValue"; enumNames["POWER_INFORMATION_LEVEL",26] = "NotifyUserPowerSetting"; enumNames["POWER_INFORMATION_LEVEL",27] = "PowerInformationLevelUnused0"; enumNames["POWER_INFORMATION_LEVEL",28] = "SystemMonitorHiberBootPowerOff"; enumNames["POWER_INFORMATION_LEVEL",29] = "SystemVideoState"; enumNames["POWER_INFORMATION_LEVEL",30] = "TraceApplicationPowerMessage"; enumNames["POWER_INFORMATION_LEVEL",31] = "TraceApplicationPowerMessageEnd"; enumNames["POWER_INFORMATION_LEVEL",32] = "ProcessorPerfStates"; enumNames["POWER_INFORMATION_LEVEL",33] = "ProcessorIdleStates"; enumNames["POWER_INFORMATION_LEVEL",34] = "ProcessorCap"; enumNames["POWER_INFORMATION_LEVEL",35] = "SystemWakeSource"; enumNames["POWER_INFORMATION_LEVEL",36] = "SystemHiberFileInformation"; enumNames["POWER_INFORMATION_LEVEL",37] = "TraceServicePowerMessage"; enumNames["POWER_INFORMATION_LEVEL",38] = "ProcessorLoad"; enumNames["POWER_INFORMATION_LEVEL",39] = "PowerShutdownNotification"; enumNames["POWER_INFORMATION_LEVEL",40] = "MonitorCapabilities"; enumNames["POWER_INFORMATION_LEVEL",41] = "SessionPowerInit"; enumNames["POWER_INFORMATION_LEVEL",42] = "SessionDisplayState"; enumNames["POWER_INFORMATION_LEVEL",43] = "PowerRequestCreate"; enumNames["POWER_INFORMATION_LEVEL",44] = "PowerRequestAction"; enumNames["POWER_INFORMATION_LEVEL",45] = "GetPowerRequestList"; enumNames["POWER_INFORMATION_LEVEL",46] = "ProcessorInformationEx"; enumNames["POWER_INFORMATION_LEVEL",47] = "NotifyUserModeLegacyPowerEvent"; enumNames["POWER_INFORMATION_LEVEL",48] = "GroupPark"; enumNames["POWER_INFORMATION_LEVEL",49] = "ProcessorIdleDomains"; enumNames["POWER_INFORMATION_LEVEL",50] = "WakeTimerList"; enumNames["POWER_INFORMATION_LEVEL",51] = "SystemHiberFileSize"; enumNames["POWER_INFORMATION_LEVEL",52] = "ProcessorIdleStatesHv"; enumNames["POWER_INFORMATION_LEVEL",53] = "ProcessorPerfStatesHv"; enumNames["POWER_INFORMATION_LEVEL",54] = "ProcessorPerfCapHv"; enumNames["POWER_INFORMATION_LEVEL",55] = "ProcessorSetIdle"; enumNames["POWER_INFORMATION_LEVEL",56] = "LogicalProcessorIdling"; enumNames["POWER_INFORMATION_LEVEL",57] = "UserPresence"; enumNames["POWER_INFORMATION_LEVEL",58] = "PowerSettingNotificationName"; enumNames["POWER_INFORMATION_LEVEL",59] = "GetPowerSettingValue"; enumNames["POWER_INFORMATION_LEVEL",60] = "IdleResiliency"; enumNames["POWER_INFORMATION_LEVEL",61] = "SessionRITState"; enumNames["POWER_INFORMATION_LEVEL",62] = "SessionConnectNotification"; enumNames["POWER_INFORMATION_LEVEL",63] = "SessionPowerCleanup"; enumNames["POWER_INFORMATION_LEVEL",64] = "SessionLockState"; enumNames["POWER_INFORMATION_LEVEL",65] = "SystemHiberbootState"; enumNames["POWER_INFORMATION_LEVEL",66] = "PlatformInformation"; enumNames["POWER_INFORMATION_LEVEL",67] = "PdcInvocation"; enumNames["POWER_INFORMATION_LEVEL",68] = "MonitorInvocation"; enumNames["POWER_INFORMATION_LEVEL",69] = "FirmwareTableInformationRegistered"; enumNames["POWER_INFORMATION_LEVEL",70] = "SetShutdownSelectedTime"; enumNames["POWER_INFORMATION_LEVEL",71] = "SuspendResumeInvocation"; enumNames["POWER_INFORMATION_LEVEL",72] = "PlmPowerRequestCreate"; enumNames["POWER_INFORMATION_LEVEL",73] = "ScreenOff"; enumNames["POWER_INFORMATION_LEVEL",74] = "CsDeviceNotification"; enumNames["POWER_INFORMATION_LEVEL",75] = "PlatformRole"; enumNames["POWER_INFORMATION_LEVEL",76] = "LastResumePerformance"; enumNames["POWER_INFORMATION_LEVEL",77] = "DisplayBurst"; enumNames["POWER_INFORMATION_LEVEL",78] = "ExitLatencySamplingPercentage"; enumNames["POWER_INFORMATION_LEVEL",79] = "RegisterSpmPowerSettings"; enumNames["POWER_INFORMATION_LEVEL",80] = "PlatformIdleStates"; enumNames["POWER_INFORMATION_LEVEL",81] = "ProcessorIdleVeto"; enumNames["POWER_INFORMATION_LEVEL",82] = "PlatformIdleVeto"; enumNames["POWER_INFORMATION_LEVEL",83] = "SystemBatteryStatePrecise"; enumNames["POWER_INFORMATION_LEVEL",84] = "ThermalEvent"; enumNames["POWER_INFORMATION_LEVEL",85] = "PowerRequestActionInternal"; enumNames["POWER_INFORMATION_LEVEL",86] = "BatteryDeviceState"; enumNames["POWER_INFORMATION_LEVEL",87] = "PowerInformationInternal"; enumNames["POWER_INFORMATION_LEVEL",88] = "ThermalStandby"; enumNames["POWER_INFORMATION_LEVEL",89] = "SystemHiberFileType"; enumNames["POWER_INFORMATION_LEVEL",90] = "PhysicalPowerButtonPress"; enumNames["POWER_INFORMATION_LEVEL",91] = "QueryPotentialDripsConstraint"; enumNames["POWER_INFORMATION_LEVEL",92] = "EnergyTrackerCreate"; enumNames["POWER_INFORMATION_LEVEL",93] = "EnergyTrackerQuery"; enumNames["POWER_INFORMATION_LEVEL",94] = "UpdateBlackBoxRecorder"; enumNames["POWER_INFORMATION_LEVEL",95] = "SessionAllowExternalDmaDevices"; enumNames["POWER_INFORMATION_LEVEL",96] = "PowerInformationLevelMaximum";
	enumNames["POWER_ACTION",0] = "PowerActionNone"; enumNames["POWER_ACTION",1] = "PowerActionReserved"; enumNames["POWER_ACTION",2] = "PowerActionSleep"; enumNames["POWER_ACTION",3] = "PowerActionHibernate"; enumNames["POWER_ACTION",4] = "PowerActionShutdown"; enumNames["POWER_ACTION",5] = "PowerActionShutdownReset"; enumNames["POWER_ACTION",6] = "PowerActionShutdownOff"; enumNames["POWER_ACTION",7] = "PowerActionWarmEject"; enumNames["POWER_ACTION",8] = "PowerActionDisplayOff";
	enumNames["IO_SESSION_STATE",1] = "IoSessionStateCreated"; enumNames["IO_SESSION_STATE",2] = "IoSessionStateInitialized"; enumNames["IO_SESSION_STATE",3] = "IoSessionStateConnected"; enumNames["IO_SESSION_STATE",4] = "IoSessionStateDisconnected"; enumNames["IO_SESSION_STATE",5] = "IoSessionStateDisconnectedLoggedOn"; enumNames["IO_SESSION_STATE",6] = "IoSessionStateLoggedOn"; enumNames["IO_SESSION_STATE",7] = "IoSessionStateLoggedOff"; enumNames["IO_SESSION_STATE",8] = "IoSessionStateTerminated"; enumNames["IO_SESSION_STATE",9] = "IoSessionStateMax";
	enumNames["KPROFILE_SOURCE",0] = "ProfileTime"; enumNames["KPROFILE_SOURCE",1] = "ProfileAlignmentFixup"; enumNames["KPROFILE_SOURCE",2] = "ProfileTotalIssues"; enumNames["KPROFILE_SOURCE",3] = "ProfilePipelineDry"; enumNames["KPROFILE_SOURCE",4] = "ProfileLoadInstructions"; enumNames["KPROFILE_SOURCE",5] = "ProfilePipelineFrozen"; enumNames["KPROFILE_SOURCE",6] = "ProfileBranchInstructions"; enumNames["KPROFILE_SOURCE",7] = "ProfileTotalNonissues"; enumNames["KPROFILE_SOURCE",8] = "ProfileDcacheMisses"; enumNames["KPROFILE_SOURCE",9] = "ProfileIcacheMisses"; enumNames["KPROFILE_SOURCE",10] = "ProfileCacheMisses"; enumNames["KPROFILE_SOURCE",11] = "ProfileBranchMispredictions"; enumNames["KPROFILE_SOURCE",12] = "ProfileStoreInstructions"; enumNames["KPROFILE_SOURCE",13] = "ProfileFpInstructions"; enumNames["KPROFILE_SOURCE",14] = "ProfileIntegerInstructions"; enumNames["KPROFILE_SOURCE",15] = "Profile2Issue"; enumNames["KPROFILE_SOURCE",16] = "Profile3Issue"; enumNames["KPROFILE_SOURCE",17] = "Profile4Issue"; enumNames["KPROFILE_SOURCE",18] = "ProfileSpecialInstructions"; enumNames["KPROFILE_SOURCE",19] = "ProfileTotalCycles"; enumNames["KPROFILE_SOURCE",20] = "ProfileIcacheIssues"; enumNames["KPROFILE_SOURCE",21] = "ProfileDcacheAccesses"; enumNames["KPROFILE_SOURCE",22] = "ProfileMemoryBarrierCycles"; enumNames["KPROFILE_SOURCE",23] = "ProfileLoadLinkedIssues"; enumNames["KPROFILE_SOURCE",24] = "ProfileMaximum";
	enumNames["IO_SESSION_EVENT",0] = "IoSessionEventIgnore"; enumNames["IO_SESSION_EVENT",1] = "IoSessionEventCreated"; enumNames["IO_SESSION_EVENT",2] = "IoSessionEventTerminated"; enumNames["IO_SESSION_EVENT",3] = "IoSessionEventConnected"; enumNames["IO_SESSION_EVENT",4] = "IoSessionEventDisconnected"; enumNames["IO_SESSION_EVENT",5] = "IoSessionEventLogon"; enumNames["IO_SESSION_EVENT",6] = "IoSessionEventLogoff";
	enumNames["SYSTEM_POWER_STATE",0] = "PowerSystemUnspecified"; enumNames["SYSTEM_POWER_STATE",1] = "PowerSystemWorking"; enumNames["SYSTEM_POWER_STATE",2] = "PowerSystemSleeping1"; enumNames["SYSTEM_POWER_STATE",3] = "PowerSystemSleeping2"; enumNames["SYSTEM_POWER_STATE",4] = "PowerSystemSleeping3"; enumNames["SYSTEM_POWER_STATE",5] = "PowerSystemHibernate"; enumNames["SYSTEM_POWER_STATE",6] = "PowerSystemShutdown";
	masks["DUPLICATE_MASK"] = 1; masks["ACCESS_MASK"] = 1; masks["PAGE_PROTECTION"] = 1; masks["SECURITY_INFORMATION"] = 1; masks["ALLOCATION_TYPE"] = 1; masks["FILE_CREATE_OPTIONS"] = 1; masks["FILE_ATTRIBUTES"] = 1; masks["FILE_SHARE_ACCESS"] = 1; masks["NOTIFICATION_MASK"] = 1; masks["TRACEFLAGS"] = 1; masks["OBJ_ATTR_ATTR"] = 1; masks["EXECUTION_STATE"] = 1; masks["ALPC_FLAGS"] = 1; masks["ALPC_MSGATTR"] = 1; masks["ACCESS_MASK_FILE"] = 1; masks["ACCESS_MASK_REG_KEY"] = 1; masks["ACCESS_MASK_OBJ_DIR"] = 1; masks["ACCESS_MASK_SYM_LINK"] = 1; masks["ACCESS_MASK_THREAD"] = 1; masks["ACCESS_MASK_PROCESS"] = 1; masks["ACCESS_MASK_EVENT"] = 1; masks["ACCESS_MASK_SEMAPHORE"] = 1; masks["ACCESS_MASK_TOKEN"] = 1; masks["ACCESS_MASK_SECTION"] = 1; masks["ACCESS_MASK_PORT"] = 1; masks["ACCESS_MASK_DEBUG_OBJ"] = 1; masks["ACCESS_MASK_EVENT_PAIR"] = 1; masks["ACCESS_MASK_IOCOMPLETION"] = 1; masks["ACCESS_MASK_JOB"] = 1; masks["ACCESS_MASK_KEYED_EVENT"] = 1; masks["ACCESS_MASK_PROFILE"] = 1; masks["ACCESS_MASK_SESSION"] = 1; masks["ACCESS_MASK_TIMER"] = 1; masks["ACCESS_MASK_ENLISTMENT"] = 1; masks["ACCESS_MASK_MUTANT"] = 1; masks["ACCESS_MASK_RESOURCEMANAGER"] = 1; masks["ACCESS_MASK_TRANSACTION_MANAGER_TRANSACTION"] = 1; masks["ACCESS_MASK_TRANSACTION_MANAGER"] = 1; masks["ACCESS_MASK_WINDOW_STATION_WINDOW"] = 1; masks["ACCESS_MASK_WAIT_COMPLETION_PACKET"] = 1; masks["ACCESS_MASK_WORKER_FACTORY"] = 1; masks["ACCESS_MASK_DESKTOP"] = 1 ;
	maskNames["ACCESS_MASK",0x00010000 ] = "DELETE " ; maskNames[ "ACCESS_MASK",0x00020000 ] = "READ_CONTROL " ; maskNames[ "ACCESS_MASK",0x00100000 ] = "SYNCHRONIZE " ; maskNames[ "ACCESS_MASK",0x00040000 ] = "WRITE_DAC " ; maskNames[ "ACCESS_MASK",0x00080000 ] = "WRITE_OWNER " ; maskNames[ "ACCESS_MASK",0x20000000 ] = "GENERIC_EXECUTE " ; maskNames[ "ACCESS_MASK",0x80000000 ] = "GENERIC_READ " ; maskNames[ "ACCESS_MASK",0x40000000 ] = "GENERIC_WRITE " ; maskNames[ "ACCESS_MASK",0x02000000 ] = "MAXIMUM " ;
	maskNames["PAGE_PROTECTION",0x0001 ] = "PAGE_NOACCESS " ;maskNames[ "PAGE_PROTECTION",0x0002 ] = "PAGE_READONLY " ;maskNames[ "PAGE_PROTECTION",0x0004 ] = "PAGE_READWRITE " ;maskNames[ "PAGE_PROTECTION",0x0008 ] = "PAGE_WRITECOPY " ;maskNames[ "PAGE_PROTECTION",0x0010 ] = "PAGE_EXECUTE " ;maskNames[ "PAGE_PROTECTION",0x0020 ] = "PAGE_EXECUTE_READ " ;maskNames[ "PAGE_PROTECTION",0x0040 ] = "PAGE_EXECUTE_READWRITE " ;maskNames[ "PAGE_PROTECTION",0x0080 ] = "PAGE_EXECUTE_WRITECOPY " ;maskNames[ "PAGE_PROTECTION",0x0100 ] = "PAGE_GUARD " ;maskNames[ "PAGE_PROTECTION",0x0200 ] = "PAGE_NOCACHE " ;maskNames[ "PAGE_PROTECTION",0x0400 ] = "PAGE_WRITECOMBINE " ;maskNames[ "PAGE_PROTECTION",0x800000 ] = "SEC_FILE " ;maskNames[ "PAGE_PROTECTION",0x1000000 ] = "SEC_IMAGE " ;maskNames[ "PAGE_PROTECTION",0x2000000 ] = "SEC_VLM " ;maskNames[ "PAGE_PROTECTION",0x4000000 ] = "SEC_RESERVE " ;maskNames[ "PAGE_PROTECTION",0x8000000 ] = "SEC_COMMIT " ;maskNames[ "PAGE_PROTECTION",0x10000000 ] = "SEC_NOCACHE " ;
	maskNames["SECURITY_INFORMATION",0x00000001] = "OWNER_SECURITY_INFORMATION " ;maskNames[ "SECURITY_INFORMATION",0x00000002] = "GROUP_SECURITY_INFORMATION " ;maskNames[ "SECURITY_INFORMATION",0x00000004] = "DACL_SECURITY_INFORMATION " ;maskNames[ "SECURITY_INFORMATION",0x00000008] = "SACL_SECURITY_INFORMATION " ;
	maskNames["ALLOCATION_TYPE",0x1000] = "MEM_COMMIT " ;maskNames[ "ALLOCATION_TYPE",0x2000] = "MEM_RESERVE " ;maskNames[ "ALLOCATION_TYPE",0x4000] = "MEM_DECOMMIT " ;maskNames[ "ALLOCATION_TYPE",0x8000] = "MEM_RELEASE " ;maskNames[ "ALLOCATION_TYPE",0x10000] = "MEM_FREE " ;maskNames[ "ALLOCATION_TYPE",0x20000] = "MEM_PRIVATE " ;maskNames[ "ALLOCATION_TYPE",0x40000] = "MEM_MAPPED " ;maskNames[ "ALLOCATION_TYPE",0x80000] = "MEM_RESET " ;maskNames[ "ALLOCATION_TYPE",0x100000] = "MEM_TOP_DOWN " ;maskNames[ "ALLOCATION_TYPE",0x80000000] = "MEM_4MB_PAGES " ;
	maskNames["FILE_CREATE_OPTIONS",0x00000001 ] = "FILE_DIRECTORY_FILE " ;maskNames[ "FILE_CREATE_OPTIONS",0x00000002 ] = "FILE_WRITE_THROUGH " ;maskNames[ "FILE_CREATE_OPTIONS",0x00000004 ] = "FILE_SEQUENTIAL_ONLY " ;maskNames[ "FILE_CREATE_OPTIONS",0x00000008 ] = "FILE_NO_INTERMEDIATE_BUFFERING " ;maskNames[ "FILE_CREATE_OPTIONS",0x00000010 ] = "FILE_SYNCHRONOUS_IO_ALERT " ;maskNames[ "FILE_CREATE_OPTIONS",0x00000020 ] = "FILE_SYNCHRONOUS_IO_NONALERT " ;maskNames[ "FILE_CREATE_OPTIONS",0x00000040 ] = "FILE_NON_DIRECTORY_FILE " ;maskNames[ "FILE_CREATE_OPTIONS",0x00000080 ] = "FILE_CREATE_TREE_CONNECTION " ;maskNames[ "FILE_CREATE_OPTIONS",0x00000100 ] = "FILE_COMPLETE_IF_OPLOCKED " ;maskNames[ "FILE_CREATE_OPTIONS",0x00000200 ] = "FILE_NO_EA_KNOWLEDGE " ;maskNames[ "FILE_CREATE_OPTIONS",0x00000400 ] = "FILE_OPEN_REMOTE_INSTANCE " ;maskNames[ "FILE_CREATE_OPTIONS",0x00000800 ] = "FILE_RANDOM_ACCESS " ;maskNames[ "FILE_CREATE_OPTIONS",0x00001000 ] = "FILE_DELETE_ON_CLOSE " ;maskNames[ "FILE_CREATE_OPTIONS",0x00002000 ] = "FILE_OPEN_BY_FILE_ID " ;maskNames[ "FILE_CREATE_OPTIONS",0x00004000 ] = "FILE_OPEN_FOR_BACKUP_INTENT " ;maskNames[ "FILE_CREATE_OPTIONS",0x00008000 ] = "FILE_NO_COMPRESSION " ;maskNames[ "FILE_CREATE_OPTIONS",0x00010000 ] = "FILE_OPEN_REQUIRING_OPLOCK " ;maskNames[ "FILE_CREATE_OPTIONS",0x00020000 ] = "FILE_DISALLOW_EXCLUSIVE " ;maskNames[ "FILE_CREATE_OPTIONS",0x00040000 ] = "FILE_SESSION_AWARE " ;maskNames[ "FILE_CREATE_OPTIONS",0x00100000 ] = "FILE_RESERVE_OPFILTER " ;maskNames[ "FILE_CREATE_OPTIONS",0x00200000 ] = "FILE_OPEN_REPARSE_POINT " ;maskNames[ "FILE_CREATE_OPTIONS",0x00400000 ] = "FILE_OPEN_NO_RECALL " ;maskNames[ "FILE_CREATE_OPTIONS",0x00800000 ] = "FILE_OPEN_FOR_FREE_SPACE_QUERY " ;
	maskNames["FILE_ATTRIBUTES",0x00000001 ] = "FILE_ATTRIBUTE_READONLY " ;maskNames[ "FILE_ATTRIBUTES",0x00000002 ] = "FILE_ATTRIBUTE_HIDDEN " ;maskNames[ "FILE_ATTRIBUTES",0x00000004 ] = "FILE_ATTRIBUTE_SYSTEM " ;maskNames[ "FILE_ATTRIBUTES",0x00000010 ] = "FILE_ATTRIBUTE_DIRECTORY " ;maskNames[ "FILE_ATTRIBUTES",0x00000020 ] = "FILE_ATTRIBUTE_ARCHIVE " ;maskNames[ "FILE_ATTRIBUTES",0x00000040 ] = "FILE_ATTRIBUTE_DEVICE " ;maskNames[ "FILE_ATTRIBUTES",0x00000060 ] = "FILE_ATTRIBUTE_UNKNOWNXXX0 " ;maskNames[ "FILE_ATTRIBUTES",0x00000080 ] = "FILE_ATTRIBUTE_NORMAL " ;maskNames[ "FILE_ATTRIBUTES",0x00000100 ] = "FILE_ATTRIBUTE_TEMPORARY " ;maskNames[ "FILE_ATTRIBUTES",0x00000200 ] = "FILE_ATTRIBUTE_SPARSE_FILE " ;maskNames[ "FILE_ATTRIBUTES",0x00000400 ] = "FILE_ATTRIBUTE_REPARSE_POINT " ;maskNames[ "FILE_ATTRIBUTES",0x00000800 ] = "FILE_ATTRIBUTE_COMPRESSED " ;maskNames[ "FILE_ATTRIBUTES",0x00001000 ] = "FILE_ATTRIBUTE_OFFLINE " ;maskNames[ "FILE_ATTRIBUTES",0x00002000 ] = "FILE_ATTRIBUTE_NOT_CONTENT_INDEXED " ;maskNames[ "FILE_ATTRIBUTES",0x00004000 ] = "FILE_ATTRIBUTE_ENCRYPTED " ;
	maskNames["FILE_SHARE_ACCESS",0x00000001 ] = "FILE_SHARE_READ " ;maskNames[ "FILE_SHARE_ACCESS",0x00000002 ] = "FILE_SHARE_WRITE " ;maskNames[ "FILE_SHARE_ACCESS",0x00000004 ] = "FILE_SHARE_DELETE " ;
	maskNames["NOTIFICATION_MASK",0x00000001] = "TRANSACTION_NOTIFY_PREPREPARE " ;maskNames[ "NOTIFICATION_MASK",0x00000002] = "TRANSACTION_NOTIFY_PREPARE " ;maskNames[ "NOTIFICATION_MASK",0x00000004] = "TRANSACTION_NOTIFY_COMMIT " ;maskNames[ "NOTIFICATION_MASK",0x00000008] = "TRANSACTION_NOTIFY_ROLLBACK " ;maskNames[ "NOTIFICATION_MASK",0x00000010] = "TRANSACTION_NOTIFY_PREPREPARE_COMPLETE " ;maskNames[ "NOTIFICATION_MASK",0x00000020] = "TRANSACTION_NOTIFY_PREPARE_COMPLETE " ;maskNames[ "NOTIFICATION_MASK",0x00000040] = "TRANSACTION_NOTIFY_COMMIT_COMPLETE " ;maskNames[ "NOTIFICATION_MASK",0x00000080] = "TRANSACTION_NOTIFY_ROLLBACK_COMPLETE " ;maskNames[ "NOTIFICATION_MASK",0x00000100] = "TRANSACTION_NOTIFY_RECOVER " ;maskNames[ "NOTIFICATION_MASK",0x00000200] = "TRANSACTION_NOTIFY_SINGLE_PHASE_COMMIT " ;maskNames[ "NOTIFICATION_MASK",0x00000400] = "TRANSACTION_NOTIFY_DELEGATE_COMMIT " ;maskNames[ "NOTIFICATION_MASK",0x00000800] = "TRANSACTION_NOTIFY_RECOVER_QUERY " ;maskNames[ "NOTIFICATION_MASK",0x00001000] = "TRANSACTION_NOTIFY_ENLIST_PREPREPARE " ;maskNames[ "NOTIFICATION_MASK",0x00002000] = "TRANSACTION_NOTIFY_LAST_RECOVER " ;maskNames[ "NOTIFICATION_MASK",0x00004000] = "TRANSACTION_NOTIFY_INDOUBT " ;maskNames[ "NOTIFICATION_MASK",0x02000000] = "TRANSACTION_NOTIFY_TM_ONLINE " ;maskNames[ "NOTIFICATION_MASK",0x20000000] = "TRANSACTION_NOTIFY_REQUEST_OUTCOME " ;maskNames[ "NOTIFICATION_MASK",0x40000000] = "TRANSACTION_NOTIFY_COMMIT_FINALIZE " ;
	maskNames["TRACEFLAGS",0x000000FF ] = "ETW_SYSTEM_EVENT_VERSION_MASK " ;maskNames[ "TRACEFLAGS",0x0000FFFF ] = "ETW_NT_TRACE_TYPE_MASK " ;maskNames[ "TRACEFLAGS",0x000F0000 ] = "ETW_USER_FRAMES_TO_SKIP_MASK " ;maskNames[ "TRACEFLAGS",0x40000000 ] = "ETW_NT_FLAGS_USE_NATIVE_HEADER " ;maskNames[ "TRACEFLAGS",0x80000000 ] = "ETW_NT_FLAGS_WOW64_CALL " ;maskNames[ "TRACEFLAGS",0x00000100 ] = "ETW_NT_FLAGS_TRACE_HEADER " ;maskNames[ "TRACEFLAGS",0x00000200 ] = "ETW_NT_FLAGS_TRACE_MESSAGE " ;maskNames[ "TRACEFLAGS",0x00000300 ] = "ETW_NT_FLAGS_TRACE_EVENT " ;maskNames[ "TRACEFLAGS",0x00000400 ] = "ETW_NT_FLAGS_TRACE_SYSTEM " ;maskNames[ "TRACEFLAGS",0x00000500 ] = "ETW_NT_FLAGS_TRACE_SECURITY " ;maskNames[ "TRACEFLAGS",0x00000600 ] = "ETW_NT_FLAGS_TRACE_MARK " ;maskNames[ "TRACEFLAGS",0x00000700 ] = "ETW_NT_FLAGS_TRACE_EVENT_NOREG " ;maskNames[ "TRACEFLAGS",0x00000800 ] = "ETW_NT_FLAGS_TRACE_INSTANCE " ;maskNames[ "TRACEFLAGS",0x00000900 ] = "ETW_NT_FLAGS_TRACE_RAW " ;
	maskNames["OBJ_ATTR_ATTR",0x00000001 ] = "OBJ_PROTECT_CLOSE " ;maskNames[ "OBJ_ATTR_ATTR",0x00000002 ] = "OBJ_INHERIT " ;maskNames[ "OBJ_ATTR_ATTR",0x00000004 ] = "OBJ_AUDIT_OBJECT_CLOSE " ;maskNames[ "OBJ_ATTR_ATTR",0x00000010 ] = "OBJ_PERMANENT " ;maskNames[ "OBJ_ATTR_ATTR",0x00000020 ] = "OBJ_EXCLUSIVE " ;maskNames[ "OBJ_ATTR_ATTR",0x00000040 ] = "OBJ_CASE_INSENSITIVE " ;maskNames[ "OBJ_ATTR_ATTR",0x00000080 ] = "OBJ_OPENIF " ;maskNames[ "OBJ_ATTR_ATTR",0x00000100 ] = "OBJ_OPENLINK " ;maskNames[ "OBJ_ATTR_ATTR",0x00000200 ] = "OBJ_KERNEL_HANDLE " ;maskNames[ "OBJ_ATTR_ATTR",0x00000400 ] = "OBJ_FORCE_ACCESS_CHECK " ;maskNames[ "OBJ_ATTR_ATTR",0x00000800 ] = "OBJ_IGNORE_IMPERSONATED_DEVICEMAP " ;maskNames[ "OBJ_ATTR_ATTR",0x00001000 ] = "OBJ_DONT_REPARSE " ;maskNames[ "OBJ_ATTR_ATTR",0x00001FF2 ] = "OBJ_VALID_ATTRIBUTES " ; maskNames[ "ACCESS_MASK_PARTITION",0x00000001 ] = "MEMORY_PARTITION_ALL_ACCESS " ; maskNames[ "ACCESS_MASK_PARTITION",0x00000001 ] = "MEMORY_PARTITION_QUERY_ACCESS " ;maskNames[ "ACCESS_MASK_PARTITION",0x00000002 ] = "MEMORY_PARTITION_MODIFY_ACCESS " ;
	maskNames["EXECUTION_STATE",0x0001 ] = "ES_SYSTEM_REQUIRED " ; maskNames[ "EXECUTION_STATE",0x0002 ] = "ES_DISPLAY_REQUIRED " ;maskNames[ "EXECUTION_STATE",0x0004 ] = "ES_USER_PRESENT " ;maskNames[ "EXECUTION_STATE",0x80000000 ] = "ES_CONTINUOUS " ;maskNames[ "EXECUTION_STATE",0x00000040 ] = "ES_AWAYMODE_REQUIRED " ;
	maskNames["ALPC_FLAGS",0x0001 ] = "ALPC_MSGFLG_REPLY_MESSAGE " ; maskNames[ "ALPC_FLAGS",0x0002 ] = "ALPC_MSGFLG_LPC_MODE " ;maskNames[ "ALPC_FLAGS",0x10000 ] = "ALPC_MSGFLG_RELEASE_MESSAGE " ;maskNames[ "ALPC_FLAGS",0x20000 ] = "ALPC_MSGFLG_SYNC_REQUEST " ;maskNames[ "ALPC_FLAGS",0x100000 ] = "ALPC_MSGFLG_WAIT_USER_MODE " ;maskNames[ "ALPC_FLAGS",0x200000 ] = "ALPC_MSGFLG_WAIT_ALERTABLE " ;maskNames[ "ALPC_FLAGS",0x80000000 ] = "ALPC_MSGFLG_WOW64_CALL " ;
	maskNames["ALPC_MSGATTR",0x10000000 ] = "ALPC_MESSAGE_HANDLE_ATTRIBUTE " ; maskNames[ "ALPC_MSGATTR",0x20000000 ] = "ALPC_MESSAGE_CONTEXT_ATTRIBUTE " ;maskNames[ "ALPC_MSGATTR",0x40000000 ] = "ALPC_MESSAGE_VIEW_ATTRIBUTE " ;maskNames[ "ALPC_MSGATTR",0x80000000 ] = "ALPC_MESSAGE_SECURITY_ATTRIBUTE " ;maskNames[ "ALPC_MSGATTR",0x2000000 ] = "ALPC_MESSAGE_WORK_ON_BEHALF_ATTRIBUTE " ;maskNames[ "ALPC_MSGATTR",0x8000000 ] = "ALPC_MESSAGE_TOKEN_ATTRIBUTE " ;maskNames[ "ALPC_MSGATTR",0x4000000 ] = "ALPC_MESSAGE_DIRECT_ATTRIBUTE " ;
	maskNames["DUPLICATE_MASK",0x00000001 ] = "DUPLICATE_CLOSE_SOURCE " ; maskNames[ "DUPLICATE_MASK",0x00000002 ] = "DUPLICATE_SAME_ACCESS " ;maskNames[ "DUPLICATE_MASK",0x00000004 ] = "DUPLICATE_SAME_ATTRIBUTES " ; 
	maskNames["ACCESS_MASK",0x00010000 ] = "DELETE " ; maskNames[ "ACCESS_MASK",0x00020000 ] = "READ_CONTROL " ; maskNames[ "ACCESS_MASK",0x00100000 ] = "SYNCHRONIZE " ; maskNames[ "ACCESS_MASK",0x00040000 ] = "WRITE_DAC " ; maskNames[ "ACCESS_MASK",0x00080000 ] = "WRITE_OWNER " ; maskNames[ "ACCESS_MASK",0x20000000 ] = "GENERIC_EXECUTE " ; maskNames[ "ACCESS_MASK",0x80000000 ] = "GENERIC_READ " ; maskNames[ "ACCESS_MASK",0x40000000 ] = "GENERIC_WRITE " ; maskNames[ "ACCESS_MASK",0x02000000 ] = "MAXIMUM " ; 
	maskNames["ACCESS_MASK_FILE", 0] = "";maskNames["ACCESS_MASK_FILE",0x00010000 ] = "DELETE " ; maskNames[ "ACCESS_MASK_FILE",0x00020000 ] = "READ_CONTROL " ; maskNames[ "ACCESS_MASK_FILE",0x00100000 ] = "SYNCHRONIZE " ; maskNames[ "ACCESS_MASK_FILE",0x00040000 ] = "WRITE_DAC " ; maskNames[ "ACCESS_MASK_FILE",0x00080000 ] = "WRITE_OWNER " ; maskNames[ "ACCESS_MASK_FILE",0x20000000 ] = "GENERIC_EXECUTE " ; maskNames[ "ACCESS_MASK_FILE",0x80000000 ] = "GENERIC_READ " ; maskNames[ "ACCESS_MASK_FILE",0x40000000 ] = "GENERIC_WRITE " ; maskNames[ "ACCESS_MASK_FILE",0x02000000 ] = "MAXIMUM " ; maskNames[ "ACCESS_MASK_FILE",0x00000001 ] = "FILE_READ_DATA " ;maskNames[ "ACCESS_MASK_FILE",0x00000002 ] = "FILE_WRITE_DATA " ;maskNames[ "ACCESS_MASK_FILE",0x00000004 ] = "FILE_APPEND_DATA " ;maskNames[ "ACCESS_MASK_FILE",0x00000008 ] = "FILE_READ_EA " ;maskNames[ "ACCESS_MASK_FILE",0x00000010 ] = "FILE_WRITE_EA " ;maskNames[ "ACCESS_MASK_FILE",0x00000020 ] = "FILE_EXECUTE " ;maskNames[ "ACCESS_MASK_FILE",0x00000040 ] = "FILE_DELETE_CHILD " ;maskNames[ "ACCESS_MASK_FILE",0x00000080 ] = "FILE_READ_ATTRIBUTES " ;maskNames[ "ACCESS_MASK_FILE",0x00000100 ] = "FILE_WRITE_ATTRIBUTES " ;maskNames[ "ACCESS_MASK_FILE",0x01000000 ] = "ACCESS_SYSTEM_SECURITY " ;
	maskNames["ACCESS_MASK_REG_KEY",0x00010000 ] = "DELETE " ; maskNames[ "ACCESS_MASK_REG_KEY",0x00020000 ] = "READ_CONTROL " ; maskNames[ "ACCESS_MASK_REG_KEY",0x00100000 ] = "SYNCHRONIZE " ; maskNames[ "ACCESS_MASK_REG_KEY",0x00040000 ] = "WRITE_DAC " ; maskNames[ "ACCESS_MASK_REG_KEY",0x00080000 ] = "WRITE_OWNER " ; maskNames[ "ACCESS_MASK_REG_KEY",0x20000000 ] = "GENERIC_EXECUTE " ; maskNames[ "ACCESS_MASK_REG_KEY",0x80000000 ] = "GENERIC_READ " ; maskNames[ "ACCESS_MASK_REG_KEY",0x40000000 ] = "GENERIC_WRITE " ; maskNames[ "ACCESS_MASK_REG_KEY",0x02000000 ] = "MAXIMUM " ; maskNames[ "ACCESS_MASK_REG_KEY",0x0001 ] = "KEY_QUERY_VALUE " ;maskNames[ "ACCESS_MASK_REG_KEY",0x0002 ] = "KEY_SET_VALUE " ;maskNames[ "ACCESS_MASK_REG_KEY",0x0004 ] = "KEY_CREATE_SUB_KEY " ;maskNames[ "ACCESS_MASK_REG_KEY",0x0008 ] = "KEY_ENUMERATE_SUB_KEYS " ;maskNames[ "ACCESS_MASK_REG_KEY",0x0010 ] = "KEY_NOTIFY " ;maskNames[ "ACCESS_MASK_REG_KEY",0x0020 ] = "KEY_CREATE_LINK " ;maskNames[ "ACCESS_MASK_REG_KEY",0x0200 ] = "KEY_WOW64_32KEY " ;maskNames[ "ACCESS_MASK_REG_KEY",0x0100 ] = "KEY_WOW64_64KEY " ;maskNames[ "ACCESS_MASK_REG_KEY",0x0300 ] = "KEY_WOW64_RES " ;
	maskNames["ACCESS_MASK_OBJ_DIR",0x00010000 ] = "DELETE " ; maskNames[ "ACCESS_MASK_OBJ_DIR",0x00020000 ] = "READ_CONTROL " ; maskNames[ "ACCESS_MASK_OBJ_DIR",0x00100000 ] = "SYNCHRONIZE " ; maskNames[ "ACCESS_MASK_OBJ_DIR",0x00040000 ] = "WRITE_DAC " ; maskNames[ "ACCESS_MASK_OBJ_DIR",0x00080000 ] = "WRITE_OWNER " ; maskNames[ "ACCESS_MASK_OBJ_DIR",0x20000000 ] = "GENERIC_EXECUTE " ; maskNames[ "ACCESS_MASK_OBJ_DIR",0x80000000 ] = "GENERIC_READ " ; maskNames[ "ACCESS_MASK_OBJ_DIR",0x40000000 ] = "GENERIC_WRITE " ; maskNames[ "ACCESS_MASK_OBJ_DIR",0x02000000 ] = "MAXIMUM " ;maskNames[ "ACCESS_MASK_OBJ_DIR",0x0001 ] = "DIRECTORY_QUERY " ;maskNames[ "ACCESS_MASK_OBJ_DIR",0x0002 ] = "DIRECTORY_TRAVERSE " ;maskNames[ "ACCESS_MASK_OBJ_DIR",0x0004 ] = "DIRECTORY_CREATE_OBJECT " ;maskNames[ "ACCESS_MASK_OBJ_DIR",0x0008 ] = "DIRECTORY_CREATE_SUBDIRECTORY " ;
	maskNames["ACCESS_MASK_SYM_LINK",0x00010000 ] = "DELETE " ; maskNames[ "ACCESS_MASK_SYM_LINK",0x00020000 ] = "READ_CONTROL " ; maskNames[ "ACCESS_MASK_SYM_LINK",0x00100000 ] = "SYNCHRONIZE " ; maskNames[ "ACCESS_MASK_SYM_LINK",0x00040000 ] = "WRITE_DAC " ; maskNames[ "ACCESS_MASK_SYM_LINK",0x00080000 ] = "WRITE_OWNER " ; maskNames[ "ACCESS_MASK_SYM_LINK",0x20000000 ] = "GENERIC_EXECUTE " ; maskNames[ "ACCESS_MASK_SYM_LINK",0x80000000 ] = "GENERIC_READ " ; maskNames[ "ACCESS_MASK_SYM_LINK",0x40000000 ] = "GENERIC_WRITE " ; maskNames[ "ACCESS_MASK_SYM_LINK",0x02000000 ] = "MAXIMUM " ;maskNames[ "ACCESS_MASK_SYM_LINK",0x0001 ] = "SYMBOLIC_LINK_QUERY " ;
	maskNames["ACCESS_MASK_THREAD",0x00010000 ] = "DELETE " ; maskNames[ "ACCESS_MASK_THREAD",0x00020000 ] = "READ_CONTROL " ; maskNames[ "ACCESS_MASK_THREAD",0x00100000 ] = "SYNCHRONIZE " ; maskNames[ "ACCESS_MASK_THREAD",0x00040000 ] = "WRITE_DAC " ; maskNames[ "ACCESS_MASK_THREAD",0x00080000 ] = "WRITE_OWNER " ; maskNames[ "ACCESS_MASK_THREAD",0x20000000 ] = "GENERIC_EXECUTE " ; maskNames[ "ACCESS_MASK_THREAD",0x80000000 ] = "GENERIC_READ " ; maskNames[ "ACCESS_MASK_THREAD",0x40000000 ] = "GENERIC_WRITE " ; maskNames[ "ACCESS_MASK_THREAD",0x02000000 ] = "MAXIMUM " ;maskNames[ "ACCESS_MASK_THREAD",0x0001 ] = "THREAD_TERMINATE " ;maskNames[ "ACCESS_MASK_THREAD",0x0002 ] = "THREAD_SUSPEND_RESUME " ;maskNames[ "ACCESS_MASK_THREAD",0x0004 ] = "THREAD_ALERT " ;maskNames[ "ACCESS_MASK_THREAD",0x0008 ] = "THREAD_GET_CONTEXT " ;maskNames[ "ACCESS_MASK_THREAD",0x0010 ] = "THREAD_SET_CONTEXT " ;maskNames[ "ACCESS_MASK_THREAD",0x0020 ] = "THREAD_SET_INFORMATION " ;maskNames[ "ACCESS_MASK_THREAD",0x0400 ] = "THREAD_SET_LIMITED_INFORMATION " ;maskNames[ "ACCESS_MASK_THREAD",0x0800 ] = "THREAD_QUERY_LIMITED_INFORMATION " ;
	maskNames["ACCESS_MASK_PROCESS",0x00010000 ] = "DELETE " ; maskNames[ "ACCESS_MASK_PROCESS",0x00020000 ] = "READ_CONTROL " ; maskNames[ "ACCESS_MASK_PROCESS",0x00100000 ] = "SYNCHRONIZE " ; maskNames[ "ACCESS_MASK_PROCESS",0x00040000 ] = "WRITE_DAC " ; maskNames[ "ACCESS_MASK_PROCESS",0x00080000 ] = "WRITE_OWNER " ; maskNames[ "ACCESS_MASK_PROCESS",0x20000000 ] = "GENERIC_EXECUTE " ; maskNames[ "ACCESS_MASK_PROCESS",0x80000000 ] = "GENERIC_READ " ; maskNames[ "ACCESS_MASK_PROCESS",0x40000000 ] = "GENERIC_WRITE " ; maskNames[ "ACCESS_MASK_PROCESS",0x02000000 ] = "MAXIMUM " ;maskNames[ "ACCESS_MASK_PROCESS",0x0002 ] = "PROCESS_CREATE_THREAD " ;maskNames[ "ACCESS_MASK_PROCESS",0x0004 ] = "PROCESS_SET_SESSIONID " ;maskNames[ "ACCESS_MASK_PROCESS",0x0008 ] = "PROCESS_VM_OPERATION " ;maskNames[ "ACCESS_MASK_PROCESS",0x0020 ] = "PROCESS_VM_WRITE " ;maskNames[ "ACCESS_MASK_PROCESS",0x0080 ] = "PROCESS_CREATE_PROCESS " ;maskNames[ "ACCESS_MASK_PROCESS",0x0100 ] = "PROCESS_SET_QUOTA " ;maskNames[ "ACCESS_MASK_PROCESS",0x0200 ] = "PROCESS_SET_INFORMATION " ;maskNames[ "ACCESS_MASK_PROCESS",0x1000 ] = "PROCESS_QUERY_LIMITED_INFORMATION " ;maskNames[ "ACCESS_MASK_PROCESS",0x0040 ] = "PROCESS_DUP_HANDLE " ;maskNames[ "ACCESS_MASK_PROCESS",0x0400 ] = "PROCESS_QUERY_INFORMATION " ;maskNames[ "ACCESS_MASK_PROCESS",0x0800 ] = "PROCESS_SUSPEND_RESUME " ;maskNames[ "ACCESS_MASK_PROCESS",0x0001 ] = "PROCESS_TERMINATE " ;maskNames[ "ACCESS_MASK_PROCESS",0x0010 ] = "PROCESS_VM_READ " ;
	maskNames["ACCESS_MASK_EVENT",0x00010000 ] = "DELETE " ; maskNames[ "ACCESS_MASK_EVENT",0x00020000 ] = "READ_CONTROL " ; maskNames[ "ACCESS_MASK_EVENT",0x00100000 ] = "SYNCHRONIZE " ; maskNames[ "ACCESS_MASK_EVENT",0x00040000 ] = "WRITE_DAC " ; maskNames[ "ACCESS_MASK_EVENT",0x00080000 ] = "WRITE_OWNER " ; maskNames[ "ACCESS_MASK_EVENT",0x20000000 ] = "GENERIC_EXECUTE " ; maskNames[ "ACCESS_MASK_EVENT",0x80000000 ] = "GENERIC_READ " ; maskNames[ "ACCESS_MASK_EVENT",0x40000000 ] = "GENERIC_WRITE " ; maskNames[ "ACCESS_MASK_EVENT",0x02000000 ] = "MAXIMUM " ;maskNames[ "ACCESS_MASK_EVENT",0x0001 ] = "EVENT_QUERY_STATE " ;maskNames[ "ACCESS_MASK_EVENT",0x0002 ] = "EVENT_MODIFY_STATE " ;
	maskNames["ACCESS_MASK_SEMAPHORE",0x00010000 ] = "DELETE " ; maskNames[ "ACCESS_MASK_SEMAPHORE",0x00020000 ] = "READ_CONTROL " ; maskNames[ "ACCESS_MASK_SEMAPHORE",0x00100000 ] = "SYNCHRONIZE " ; maskNames[ "ACCESS_MASK_SEMAPHORE",0x00040000 ] = "WRITE_DAC " ; maskNames[ "ACCESS_MASK_SEMAPHORE",0x00080000 ] = "WRITE_OWNER " ; maskNames[ "ACCESS_MASK_SEMAPHORE",0x20000000 ] = "GENERIC_EXECUTE " ; maskNames[ "ACCESS_MASK_SEMAPHORE",0x80000000 ] = "GENERIC_READ " ; maskNames[ "ACCESS_MASK_SEMAPHORE",0x40000000 ] = "GENERIC_WRITE " ; maskNames[ "ACCESS_MASK_SEMAPHORE",0x02000000 ] = "MAXIMUM " ;maskNames[ "ACCESS_MASK_SEMAPHORE",0x0001 ] = "SEMAPHORE_QUERY_STATE " ;maskNames[ "ACCESS_MASK_SEMAPHORE",0x0002 ] = "SEMAPHORE_MODIFY_STATE " ;
	maskNames["ACCESS_MASK_TOKEN",0x00010000 ] = "DELETE " ; maskNames[ "ACCESS_MASK_TOKEN",0x00020000 ] = "READ_CONTROL " ; maskNames[ "ACCESS_MASK_TOKEN",0x00100000 ] = "SYNCHRONIZE " ; maskNames[ "ACCESS_MASK_TOKEN",0x00040000 ] = "WRITE_DAC " ; maskNames[ "ACCESS_MASK_TOKEN",0x00080000 ] = "WRITE_OWNER " ; maskNames[ "ACCESS_MASK_TOKEN",0x20000000 ] = "GENERIC_EXECUTE " ; maskNames[ "ACCESS_MASK_TOKEN",0x80000000 ] = "GENERIC_READ " ; maskNames[ "ACCESS_MASK_TOKEN",0x40000000 ] = "GENERIC_WRITE " ; maskNames[ "ACCESS_MASK_TOKEN",0x02000000 ] = "MAXIMUM " ;maskNames[ "ACCESS_MASK_TOKEN",0x0001 ] = "TOKEN_ASSIGN_PRIMARY " ;maskNames[ "ACCESS_MASK_TOKEN",0x0002 ] = "TOKEN_DUPLICATE " ;maskNames[ "ACCESS_MASK_TOKEN",0x0004 ] = "TOKEN_IMPERSONATE " ;maskNames[ "ACCESS_MASK_TOKEN",0x0008 ] = "TOKEN_QUERY " ;maskNames[ "ACCESS_MASK_TOKEN",0x0010 ] = "TOKEN_QUERY_SOURCE " ;maskNames[ "ACCESS_MASK_TOKEN",0x0020 ] = "TOKEN_ADJUST_PRIVILEGES " ;maskNames[ "ACCESS_MASK_TOKEN",0x0040 ] = "TOKEN_ADJUST_GROUPS " ;maskNames[ "ACCESS_MASK_TOKEN",0x0080 ] = "TOKEN_ADJUST_DEFAULT " ;maskNames[ "ACCESS_MASK_TOKEN",0x0100 ] = "TOKEN_ADJUST_SESSIONID " ;
	maskNames["ACCESS_MASK_SECTION",0x00010000 ] = "DELETE " ; maskNames[ "ACCESS_MASK_SECTION",0x00020000 ] = "READ_CONTROL " ; maskNames[ "ACCESS_MASK_SECTION",0x00100000 ] = "SYNCHRONIZE " ; maskNames[ "ACCESS_MASK_SECTION",0x00040000 ] = "WRITE_DAC " ; maskNames[ "ACCESS_MASK_SECTION",0x00080000 ] = "WRITE_OWNER " ; maskNames[ "ACCESS_MASK_SECTION",0x20000000 ] = "GENERIC_EXECUTE " ; maskNames[ "ACCESS_MASK_SECTION",0x80000000 ] = "GENERIC_READ " ; maskNames[ "ACCESS_MASK_SECTION",0x40000000 ] = "GENERIC_WRITE " ; maskNames[ "ACCESS_MASK_SECTION",0x02000000 ] = "MAXIMUM " ;maskNames[ "ACCESS_MASK_SECTION",0x0001 ] = "SECTION_QUERY " ;maskNames[ "ACCESS_MASK_SECTION",0x0002 ] = "SECTION_MAP_WRITE " ;maskNames[ "ACCESS_MASK_SECTION",0x0004 ] = "SECTION_MAP_READ " ;maskNames[ "ACCESS_MASK_SECTION",0x0008 ] = "SECTION_MAP_EXECUTE " ;maskNames[ "ACCESS_MASK_SECTION",0x0010 ] = "SECTION_EXTEND_SIZE " ;maskNames[ "ACCESS_MASK_SECTION",0x0020 ] = "SECTION_MAP_EXECUTE_EXPLICIT " ;
	maskNames["ACCESS_MASK_PORT",0x00010000 ] = "DELETE " ; maskNames[ "ACCESS_MASK_PORT",0x00020000 ] = "READ_CONTROL " ; maskNames[ "ACCESS_MASK_PORT",0x00100000 ] = "SYNCHRONIZE " ; maskNames[ "ACCESS_MASK_PORT",0x00040000 ] = "WRITE_DAC " ; maskNames[ "ACCESS_MASK_PORT",0x00080000 ] = "WRITE_OWNER " ; maskNames[ "ACCESS_MASK_PORT",0x20000000 ] = "GENERIC_EXECUTE " ; maskNames[ "ACCESS_MASK_PORT",0x80000000 ] = "GENERIC_READ " ; maskNames[ "ACCESS_MASK_PORT",0x40000000 ] = "GENERIC_WRITE " ; maskNames[ "ACCESS_MASK_PORT",0x02000000 ] = "MAXIMUM " ;maskNames[ "ACCESS_MASK_PORT",0x00000001 ] = "PORT_ALL_ACCESS " ;maskNames[ "ACCESS_MASK_PORT",0x00000002] = "PORT_CONNECT " ;
	maskNames["ACCESS_MASK_DEBUG_OBJ",0x00010000 ] = "DELETE " ; maskNames[ "ACCESS_MASK_DEBUG_OBJ",0x00020000 ] = "READ_CONTROL " ; maskNames[ "ACCESS_MASK_DEBUG_OBJ",0x00100000 ] = "SYNCHRONIZE " ; maskNames[ "ACCESS_MASK_DEBUG_OBJ",0x00040000 ] = "WRITE_DAC " ; maskNames[ "ACCESS_MASK_DEBUG_OBJ",0x00080000 ] = "WRITE_OWNER " ; maskNames[ "ACCESS_MASK_DEBUG_OBJ",0x20000000 ] = "GENERIC_EXECUTE " ; maskNames[ "ACCESS_MASK_DEBUG_OBJ",0x80000000 ] = "GENERIC_READ " ; maskNames[ "ACCESS_MASK_DEBUG_OBJ",0x40000000 ] = "GENERIC_WRITE " ; maskNames[ "ACCESS_MASK_DEBUG_OBJ",0x02000000 ] = "MAXIMUM " ;maskNames[ "ACCESS_MASK_DEBUG_OBJ",0x01F000F ] = "DEBUG_ALL_ACCESS " ;maskNames[ "ACCESS_MASK_DEBUG_OBJ",0x00000001 ] = "DEBUG_READ_EVENT " ;maskNames[ "ACCESS_MASK_DEBUG_OBJ",0x00000008 ] = "DEBUG_QUERY_INFORMATION " ;maskNames[ "ACCESS_MASK_DEBUG_OBJ",0x00000002 ] = "DEBUG_PROCESS_ASSIGN " ;maskNames[ "ACCESS_MASK_DEBUG_OBJ",0x00000004 ] = "DEBUG_SET_INFORMATION " ;
	maskNames["ACCESS_MASK_EVENT_PAIR",0x00010000 ] = "DELETE " ; maskNames[ "ACCESS_MASK_EVENT_PAIR",0x00020000 ] = "READ_CONTROL " ; maskNames[ "ACCESS_MASK_EVENT_PAIR",0x00100000 ] = "SYNCHRONIZE " ; maskNames[ "ACCESS_MASK_EVENT_PAIR",0x00040000 ] = "WRITE_DAC " ; maskNames[ "ACCESS_MASK_EVENT_PAIR",0x00080000 ] = "WRITE_OWNER " ; maskNames[ "ACCESS_MASK_EVENT_PAIR",0x20000000 ] = "GENERIC_EXECUTE " ; maskNames[ "ACCESS_MASK_EVENT_PAIR",0x80000000 ] = "GENERIC_READ " ; maskNames[ "ACCESS_MASK_EVENT_PAIR",0x40000000 ] = "GENERIC_WRITE " ; maskNames[ "ACCESS_MASK_EVENT_PAIR",0x02000000 ] = "MAXIMUM " ;maskNames[ "ACCESS_MASK_EVENT_PAIR",0x00000001 ] = "EVENT_PAIR_ALL_ACCESS " ;
	maskNames["ACCESS_MASK_IOCOMPLETION",0x00010000 ] = "DELETE " ; maskNames[ "ACCESS_MASK_IOCOMPLETION",0x00020000 ] = "READ_CONTROL " ; maskNames[ "ACCESS_MASK_IOCOMPLETION",0x00100000 ] = "SYNCHRONIZE " ; maskNames[ "ACCESS_MASK_IOCOMPLETION",0x00040000 ] = "WRITE_DAC " ; maskNames[ "ACCESS_MASK_IOCOMPLETION",0x00080000 ] = "WRITE_OWNER " ; maskNames[ "ACCESS_MASK_IOCOMPLETION",0x20000000 ] = "GENERIC_EXECUTE " ; maskNames[ "ACCESS_MASK_IOCOMPLETION",0x80000000 ] = "GENERIC_READ " ; maskNames[ "ACCESS_MASK_IOCOMPLETION",0x40000000 ] = "GENERIC_WRITE " ; maskNames[ "ACCESS_MASK_IOCOMPLETION",0x02000000 ] = "MAXIMUM " ;maskNames[ "ACCESS_MASK_IOCOMPLETION",0x001F0003 ] = "IO_COMPLETION_ALL_ACCESS " ;maskNames[ "ACCESS_MASK_IOCOMPLETION",0x00000001 ] = "IO_COMPLETION_QUERY_STATE " ;maskNames[ "ACCESS_MASK_IOCOMPLETION",0x00000002 ] = "IO_COMPLETION_MODIFY_STATE " ;
	maskNames["ACCESS_MASK_JOB",0x00010000 ] = "DELETE " ; maskNames[ "ACCESS_MASK_JOB",0x00020000 ] = "READ_CONTROL " ; maskNames[ "ACCESS_MASK_JOB",0x00100000 ] = "SYNCHRONIZE " ; maskNames[ "ACCESS_MASK_JOB",0x00040000 ] = "WRITE_DAC " ; maskNames[ "ACCESS_MASK_JOB",0x00080000 ] = "WRITE_OWNER " ; maskNames[ "ACCESS_MASK_JOB",0x20000000 ] = "GENERIC_EXECUTE " ; maskNames[ "ACCESS_MASK_JOB",0x80000000 ] = "GENERIC_READ " ; maskNames[ "ACCESS_MASK_JOB",0x40000000 ] = "GENERIC_WRITE " ; maskNames[ "ACCESS_MASK_JOB",0x02000000 ] = "MAXIMUM " ;maskNames[ "ACCESS_MASK_JOB",0x1F001F ] = "JOB_OBJECT_ALL_ACCESS " ;maskNames[ "ACCESS_MASK_JOB",0x0004 ] = "JOB_OBJECT_QUERY " ;maskNames[ "ACCESS_MASK_JOB",0x00000001 ] = "JOB_OBJECT_ASSIGN_PROCESS " ;maskNames[ "ACCESS_MASK_JOB",0x00000002 ] = "JOB_OBJECT_SET_ATTRIBUTES " ;maskNames[ "ACCESS_MASK_JOB",0x0010 ] = "JOB_OBJECT_SET_SECURITY_ATTRIBUTES " ;maskNames[ "ACCESS_MASK_JOB",0x0008 ] = "JOB_OBJECT_TERMINATE " ;
	maskNames["ACCESS_MASK_KEYED_EVENT",0x00010000 ] = "DELETE " ; maskNames[ "ACCESS_MASK_KEYED_EVENT",0x00020000 ] = "READ_CONTROL " ; maskNames[ "ACCESS_MASK_KEYED_EVENT",0x00100000 ] = "SYNCHRONIZE " ; maskNames[ "ACCESS_MASK_KEYED_EVENT",0x00040000 ] = "WRITE_DAC " ; maskNames[ "ACCESS_MASK_KEYED_EVENT",0x00080000 ] = "WRITE_OWNER " ; maskNames[ "ACCESS_MASK_KEYED_EVENT",0x20000000 ] = "GENERIC_EXECUTE " ; maskNames[ "ACCESS_MASK_KEYED_EVENT",0x80000000 ] = "GENERIC_READ " ; maskNames[ "ACCESS_MASK_KEYED_EVENT",0x40000000 ] = "GENERIC_WRITE " ; maskNames[ "ACCESS_MASK_KEYED_EVENT",0x02000000 ] = "MAXIMUM " ;maskNames[ "ACCESS_MASK_KEYED_EVENT",0x00000001 ] = "KEYEDEVENT_ALL_ACCESS " ; maskNames[ "ACCESS_MASK_KEYED_EVENT",0x00000001 ] = "KEYEDEVENT_WAIT " ;maskNames[ "ACCESS_MASK_KEYED_EVENT",0x00000002] = "KEYEDEVENT_WAKE " ;
	maskNames["ACCESS_MASK_PROFILE",0x00010000 ] = "DELETE " ; maskNames[ "ACCESS_MASK_PROFILE",0x00020000 ] = "READ_CONTROL " ; maskNames[ "ACCESS_MASK_PROFILE",0x00100000 ] = "SYNCHRONIZE " ; maskNames[ "ACCESS_MASK_PROFILE",0x00040000 ] = "WRITE_DAC " ; maskNames[ "ACCESS_MASK_PROFILE",0x00080000 ] = "WRITE_OWNER " ; maskNames[ "ACCESS_MASK_PROFILE",0x20000000 ] = "GENERIC_EXECUTE " ; maskNames[ "ACCESS_MASK_PROFILE",0x80000000 ] = "GENERIC_READ " ; maskNames[ "ACCESS_MASK_PROFILE",0x40000000 ] = "GENERIC_WRITE " ; maskNames[ "ACCESS_MASK_PROFILE",0x02000000 ] = "MAXIMUM " ;maskNames[ "ACCESS_MASK_PROFILE",0x00000001 ] = "PROFILE_ALL_ACCESS " ; maskNames[ "ACCESS_MASK_PROFILE",0x00000001 ] = "PROFILE_CONTROL " ;
	maskNames["ACCESS_MASK_SESSION",0x00010000 ] = "DELETE " ; maskNames[ "ACCESS_MASK_SESSION",0x00020000 ] = "READ_CONTROL " ; maskNames[ "ACCESS_MASK_SESSION",0x00100000 ] = "SYNCHRONIZE " ; maskNames[ "ACCESS_MASK_SESSION",0x00040000 ] = "WRITE_DAC " ; maskNames[ "ACCESS_MASK_SESSION",0x00080000 ] = "WRITE_OWNER " ; maskNames[ "ACCESS_MASK_SESSION",0x20000000 ] = "GENERIC_EXECUTE " ; maskNames[ "ACCESS_MASK_SESSION",0x80000000 ] = "GENERIC_READ " ; maskNames[ "ACCESS_MASK_SESSION",0x40000000 ] = "GENERIC_WRITE " ; maskNames[ "ACCESS_MASK_SESSION",0x02000000 ] = "MAXIMUM " ;maskNames[ "ACCESS_MASK_SESSION",0x00000001 ] = "SESSION_ALL_ACCESS " ; maskNames[ "ACCESS_MASK_SESSION",0x00000001 ] = "SESSION_QUERY_ACCESS " ;maskNames[ "ACCESS_MASK_SESSION",0x00000002 ] = "SESSION_MODIFY_ACCESS " ;
	maskNames["ACCESS_MASK_TIMER",0x00010000 ] = "DELETE " ; maskNames[ "ACCESS_MASK_TIMER",0x00020000 ] = "READ_CONTROL " ; maskNames[ "ACCESS_MASK_TIMER",0x00100000 ] = "SYNCHRONIZE " ; maskNames[ "ACCESS_MASK_TIMER",0x00040000 ] = "WRITE_DAC " ; maskNames[ "ACCESS_MASK_TIMER",0x00080000 ] = "WRITE_OWNER " ; maskNames[ "ACCESS_MASK_TIMER",0x20000000 ] = "GENERIC_EXECUTE " ; maskNames[ "ACCESS_MASK_TIMER",0x80000000 ] = "GENERIC_READ " ; maskNames[ "ACCESS_MASK_TIMER",0x40000000 ] = "GENERIC_WRITE " ; maskNames[ "ACCESS_MASK_TIMER",0x02000000 ] = "MAXIMUM " ;maskNames[ "ACCESS_MASK_TIMER",0x00000001 ] = "TIMER_ALL_ACCESS " ; maskNames[ "ACCESS_MASK_TIMER",0x00000001 ] = "TIMER_QUERY_STATE " ;maskNames[ "ACCESS_MASK_TIMER",0x00000002] = "TIMER_MODIFY_STATE " ;
	maskNames["ACCESS_MASK_ENLISTMENT",0x00010000 ] = "DELETE " ; maskNames[ "ACCESS_MASK_ENLISTMENT",0x00020000 ] = "READ_CONTROL " ; maskNames[ "ACCESS_MASK_ENLISTMENT",0x00100000 ] = "SYNCHRONIZE " ; maskNames[ "ACCESS_MASK_ENLISTMENT",0x00040000 ] = "WRITE_DAC " ; maskNames[ "ACCESS_MASK_ENLISTMENT",0x00080000 ] = "WRITE_OWNER " ; maskNames[ "ACCESS_MASK_ENLISTMENT",0x20000000 ] = "GENERIC_EXECUTE " ; maskNames[ "ACCESS_MASK_ENLISTMENT",0x80000000 ] = "GENERIC_READ " ; maskNames[ "ACCESS_MASK_ENLISTMENT",0x40000000 ] = "GENERIC_WRITE " ; maskNames[ "ACCESS_MASK_ENLISTMENT",0x02000000 ] = "MAXIMUM " ;maskNames[ "ACCESS_MASK_ENLISTMENT",0x00000001 ] = "ENLISTMENT_ALL_ACCESS " ;maskNames[ "ACCESS_MASK_ENLISTMENT",0x00000001 ] = "ENLISTMENT_GENERIC_WRITE " ; maskNames[ "ACCESS_MASK_ENLISTMENT",0x00000001 ] = "ENLISTMENT_QUERY_INFORMATION " ;maskNames[ "ACCESS_MASK_ENLISTMENT",0x00000002] = "ENLISTMENT_SET_INFORMATION " ;maskNames[ "ACCESS_MASK_ENLISTMENT",0x00000004 ] = "ENLISTMENT_RECOVER " ;maskNames[ "ACCESS_MASK_ENLISTMENT",0x00000008 ] = "ENLISTMENT_SUBORDINATE_RIGHTS " ;maskNames[ "ACCESS_MASK_ENLISTMENT",0x00000010 ] = "ENLISTMENT_SUPERIOR_RIGHTS " ;
	maskNames["ACCESS_MASK_MUTANT",0x00010000 ] = "DELETE " ; maskNames[ "ACCESS_MASK_MUTANT",0x00020000 ] = "READ_CONTROL " ; maskNames[ "ACCESS_MASK_MUTANT",0x00100000 ] = "SYNCHRONIZE " ; maskNames[ "ACCESS_MASK_MUTANT",0x00040000 ] = "WRITE_DAC " ; maskNames[ "ACCESS_MASK_MUTANT",0x00080000 ] = "WRITE_OWNER " ; maskNames[ "ACCESS_MASK_MUTANT",0x20000000 ] = "GENERIC_EXECUTE " ; maskNames[ "ACCESS_MASK_MUTANT",0x80000000 ] = "GENERIC_READ " ; maskNames[ "ACCESS_MASK_MUTANT",0x40000000 ] = "GENERIC_WRITE " ; maskNames[ "ACCESS_MASK_MUTANT",0x02000000 ] = "MAXIMUM " ;maskNames[ "ACCESS_MASK_MUTANT",0x00000001 ] = "MUTANT_ALL_ACCESS " ; maskNames[ "ACCESS_MASK_MUTANT",0x00000001 ] = "MUTANT_QUERY_STATE " ;
	maskNames["ACCESS_MASK_RESOURCEMANAGER",0x00010000 ] = "DELETE " ; maskNames[ "ACCESS_MASK_RESOURCEMANAGER",0x00020000 ] = "READ_CONTROL " ; maskNames[ "ACCESS_MASK_RESOURCEMANAGER",0x00100000 ] = "SYNCHRONIZE " ; maskNames[ "ACCESS_MASK_RESOURCEMANAGER",0x00040000 ] = "WRITE_DAC " ; maskNames[ "ACCESS_MASK_RESOURCEMANAGER",0x00080000 ] = "WRITE_OWNER " ; maskNames[ "ACCESS_MASK_RESOURCEMANAGER",0x20000000 ] = "GENERIC_EXECUTE " ; maskNames[ "ACCESS_MASK_RESOURCEMANAGER",0x80000000 ] = "GENERIC_READ " ; maskNames[ "ACCESS_MASK_RESOURCEMANAGER",0x40000000 ] = "GENERIC_WRITE " ; maskNames[ "ACCESS_MASK_RESOURCEMANAGER",0x02000000 ] = "MAXIMUM " ;maskNames[ "ACCESS_MASK_RESOURCEMANAGER",0x00000001 ] = "RESOURCEMANAGER_ALL_ACCESS " ;maskNames[ "ACCESS_MASK_RESOURCEMANAGER",0x00000001 ] = "RESOURCEMANAGER_GENERIC_WRITE " ; maskNames[ "ACCESS_MASK_RESOURCEMANAGER",0x00000001 ] = "RESOURCEMANAGER_QUERY_INFORMATION " ;maskNames[ "ACCESS_MASK_RESOURCEMANAGER",0x00000002 ] = "RESOURCEMANAGER_SET_INFORMATION " ;maskNames[ "ACCESS_MASK_RESOURCEMANAGER",0x00000010 ] = "RESOURCEMANAGER_GET_NOTIFICATION " ;maskNames[ "ACCESS_MASK_RESOURCEMANAGER",0x00000008 ] = "RESOURCEMANAGER_ENLIST " ;maskNames[ "ACCESS_MASK_RESOURCEMANAGER",0x00000004 ] = "RESOURCEMANAGER_RECOVER " ;maskNames[ "ACCESS_MASK_RESOURCEMANAGER",0x00000020 ] = "RESOURCEMANAGER_REGISTER_PROTOCOL " ;maskNames[ "ACCESS_MASK_RESOURCEMANAGER",0x00000040 ] = "RESOURCEMANAGER_COMPLETE_PROPAGATION " ;
	maskNames["ACCESS_MASK_TRANSACTION_MANAGER_TRANSACTION",0x00010000 ] = "DELETE " ; maskNames[ "ACCESS_MASK_TRANSACTION_MANAGER",0x00020000 ] = "READ_CONTROL " ; maskNames[ "ACCESS_MASK_TRANSACTION_MANAGER",0x00100000 ] = "SYNCHRONIZE " ; maskNames[ "ACCESS_MASK_TRANSACTION_MANAGER",0x00040000 ] = "WRITE_DAC " ; maskNames[ "ACCESS_MASK_TRANSACTION_MANAGER",0x00080000 ] = "WRITE_OWNER " ; maskNames[ "ACCESS_MASK_TRANSACTION_MANAGER",0x20000000 ] = "GENERIC_EXECUTE " ; maskNames[ "ACCESS_MASK_TRANSACTION_MANAGER",0x80000000 ] = "GENERIC_READ " ; maskNames[ "ACCESS_MASK_TRANSACTION_MANAGER",0x40000000 ] = "GENERIC_WRITE " ; maskNames[ "ACCESS_MASK_TRANSACTION_MANAGER",0x02000000 ] = "MAXIMUM " ;maskNames[ "ACCESS_MASK_TRANSACTION_MANAGER",0x00000001 ] = "TRANSACTIONMANAGER_ALL_ACCESS " ;maskNames[ "ACCESS_MASK_TRANSACTION_MANAGER",0x00000001 ] = "TRANSACTIONMANAGER_GENERIC_WRITE " ;maskNames[ "ACCESS_MASK_TRANSACTION_MANAGER",0x00000001 ] = "TRANSACTIONMANAGER_QUERY_INFORMATION " ; maskNames[ "ACCESS_MASK_TRANSACTION_MANAGER",0x0002 ] = "TRANSACTIONMANAGER_SET_INFORMATION " ;maskNames[ "ACCESS_MASK_TRANSACTION_MANAGER",0x0004 ] = "TRANSACTIONMANAGER_RECOVER " ;maskNames[ "ACCESS_MASK_TRANSACTION_MANAGER",0x0008 ] = "TRANSACTIONMANAGER_RENAME " ;maskNames[ "ACCESS_MASK_TRANSACTION_MANAGER",0x0010 ] = "TRANSACTIONMANAGER_CREATE_RM " ;maskNames[ "ACCESS_MASK_TRANSACTION_MANAGER",0x0020 ] = "TRANSACTIONMANAGER_BIND_TRANSACTION " ;
	maskNames["ACCESS_MASK_TRANSACTION_MANAGER",0x00010000 ] = "DELETE " ; maskNames[ "ACCESS_MASK_TRANSACTION_MANAGER",0x00020000 ] = "READ_CONTROL " ; maskNames[ "ACCESS_MASK_TRANSACTION_MANAGER",0x00100000 ] = "SYNCHRONIZE " ; maskNames[ "ACCESS_MASK_TRANSACTION_MANAGER",0x00040000 ] = "WRITE_DAC " ; maskNames[ "ACCESS_MASK_TRANSACTION_MANAGER",0x00080000 ] = "WRITE_OWNER " ; maskNames[ "ACCESS_MASK_TRANSACTION_MANAGER",0x20000000 ] = "GENERIC_EXECUTE " ; maskNames[ "ACCESS_MASK_TRANSACTION_MANAGER",0x80000000 ] = "GENERIC_READ " ; maskNames[ "ACCESS_MASK_TRANSACTION_MANAGER",0x40000000 ] = "GENERIC_WRITE " ; maskNames[ "ACCESS_MASK_TRANSACTION_MANAGER",0x02000000 ] = "MAXIMUM " ; maskNames[ "ACCESS_MASK_TRANSACTION",0x00000001 ] = "TRANSACTION_ALL_ACCESS " ;maskNames[ "ACCESS_MASK_TRANSACTION",0x00000001 ] = "TRANSACTION_GENERIC_WRITE " ; maskNames[ "ACCESS_MASK_TRANSACTION",0x00000001 ] = "TRANSACTION_QUERY_INFORMATION " ;maskNames[ "ACCESS_MASK_TRANSACTION",0x0002 ] = "TRANSACTION_SET_INFORMATION " ;maskNames[ "ACCESS_MASK_TRANSACTION",0x0004 ] = "TRANSACTION_ENLIST " ;maskNames[ "ACCESS_MASK_TRANSACTION",0x0008 ] = "TRANSACTION_COMMIT " ;maskNames[ "ACCESS_MASK_TRANSACTION",0x0010 ] = "TRANSACTION_ROLLBACK " ;maskNames[ "ACCESS_MASK_TRANSACTION",0x0020 ] = "TRANSACTION_PROPAGATE " ;
	maskNames["ACCESS_MASK_WINDOW_STATION_WINDOW",0x00010000 ] = "DELETE " ; maskNames[ "ACCESS_MASK_WINDOW_STATION",0x00020000 ] = "READ_CONTROL " ; maskNames[ "ACCESS_MASK_WINDOW_STATION",0x00100000 ] = "SYNCHRONIZE " ; maskNames[ "ACCESS_MASK_WINDOW_STATION",0x00040000 ] = "WRITE_DAC " ; maskNames[ "ACCESS_MASK_WINDOW_STATION",0x00080000 ] = "WRITE_OWNER " ; maskNames[ "ACCESS_MASK_WINDOW_STATION",0x20000000 ] = "GENERIC_EXECUTE " ; maskNames[ "ACCESS_MASK_WINDOW_STATION",0x80000000 ] = "GENERIC_READ " ; maskNames[ "ACCESS_MASK_WINDOW_STATION",0x40000000 ] = "GENERIC_WRITE " ; maskNames[ "ACCESS_MASK_WINDOW_STATION",0x02000000 ] = "MAXIMUM " ;maskNames[ "ACCESS_MASK_WINDOW_STATION",0x37F ] = "WINSTA_ALL_ACCESS" ; maskNames[ "ACCESS_MASK_WINDOW_STATION",0x00000001 ] = "WINSTA_GENERIC_WRITE " ; maskNames[ "ACCESS_MASK_WINDOW_STATION",0x0100L ] = "WINSTA_ENUMERATE " ;maskNames[ "ACCESS_MASK_WINDOW_STATION",0x0001L ] = "WINSTA_ENUMDESKTOPS " ;maskNames[ "ACCESS_MASK_WINDOW_STATION",0x0002L ] = "WINSTA_READATTRIBUTES " ;maskNames[ "ACCESS_MASK_WINDOW_STATION",0x0200L ] = "WINSTA_READSCREEN " ;maskNames[ "ACCESS_MASK_WINDOW_STATION",0x0004L ] = "WINSTA_ACCESSCLIPBOARD " ;maskNames[ "ACCESS_MASK_WINDOW_STATION",0x0020L ] = "WINSTA_ACCESSGLOBALATOMS " ;maskNames[ "ACCESS_MASK_WINDOW_STATION",0x0008L ] = "WINSTA_CREATEDESKTOP " ;maskNames[ "ACCESS_MASK_WINDOW_STATION",0x0010L ] = "WINSTA_WRITEATTRIBUTES " ;maskNames[ "ACCESS_MASK_WINDOW_STATION",0x0040L ] = "WINSTA_EXITWINDOWS " ;
	maskNames["ACCESS_MASK_WAIT_COMPLETION_PACKET",0x00010000 ] = "DELETE " ; maskNames[ "ACCESS_MASK_WAIT_COMPLETION_PACKET",0x00020000 ] = "READ_CONTROL " ; maskNames[ "ACCESS_MASK_WAIT_COMPLETION_PACKET",0x00100000 ] = "SYNCHRONIZE " ; maskNames[ "ACCESS_MASK_WAIT_COMPLETION_PACKET",0x00040000 ] = "WRITE_DAC " ; maskNames[ "ACCESS_MASK_WAIT_COMPLETION_PACKET",0x00080000 ] = "WRITE_OWNER " ; maskNames[ "ACCESS_MASK_WAIT_COMPLETION_PACKET",0x20000000 ] = "GENERIC_EXECUTE " ; maskNames[ "ACCESS_MASK_WAIT_COMPLETION_PACKET",0x80000000 ] = "GENERIC_READ " ; maskNames[ "ACCESS_MASK_WAIT_COMPLETION_PACKET",0x40000000 ] = "GENERIC_WRITE " ; maskNames[ "ACCESS_MASK_WAIT_COMPLETION_PACKET",0x02000000 ] = "MAXIMUM " ;maskNames[ "ACCESS_MASK_WAIT_COMPLETION_PACKET",0x00000001 ] = "OBJECT_TYPE_ALL_ACCESS " ; maskNames[ "ACCESS_MASK_WAIT_COMPLETION_PACKET",0x00000001 ] = "OBJECT_TYPE_CREATE " ;
	maskNames["ACCESS_MASK_WORKER_FACTORY",0x00010000 ] = "DELETE " ; maskNames[ "ACCESS_MASK_WORKER_FACTORY",0x00020000 ] = "READ_CONTROL " ; maskNames[ "ACCESS_MASK_WORKER_FACTORY",0x00100000 ] = "SYNCHRONIZE " ; maskNames[ "ACCESS_MASK_WORKER_FACTORY",0x00040000 ] = "WRITE_DAC " ; maskNames[ "ACCESS_MASK_WORKER_FACTORY",0x00080000 ] = "WRITE_OWNER " ; maskNames[ "ACCESS_MASK_WORKER_FACTORY",0x20000000 ] = "GENERIC_EXECUTE " ; maskNames[ "ACCESS_MASK_WORKER_FACTORY",0x80000000 ] = "GENERIC_READ " ; maskNames[ "ACCESS_MASK_WORKER_FACTORY",0x40000000 ] = "GENERIC_WRITE " ; maskNames[ "ACCESS_MASK_WORKER_FACTORY",0x02000000 ] = "MAXIMUM " ;maskNames[ "ACCESS_MASK_WORKER_FACTORY",0x00000001 ] = "WORKER_FACTORY_ALL_ACCESS " ; maskNames[ "ACCESS_MASK_WORKER_FACTORY",0x00000001 ] = "WORKER_FACTORY_RELEASE_WORKER " ;maskNames[ "ACCESS_MASK_WORKER_FACTORY",0x0010 ] = "WORKER_FACTORY_READY_WORKER " ;maskNames[ "ACCESS_MASK_WORKER_FACTORY",0x0002 ] = "WORKER_FACTORY_WAIT " ;maskNames[ "ACCESS_MASK_WORKER_FACTORY",0x0004 ] = "WORKER_FACTORY_SET_INFORMATION " ;maskNames[ "ACCESS_MASK_WORKER_FACTORY",0x0008 ] = "WORKER_FACTORY_QUERY_INFORMATION " ;maskNames[ "ACCESS_MASK_WORKER_FACTORY",0x0020 ] = "WORKER_FACTORY_SHUTDOWN " ;
	maskNames["ACCESS_MASK_DESKTOP",0x00010000 ] = "DELETE " ; maskNames[ "ACCESS_MASK_DESKTOP",0x00020000 ] = "READ_CONTROL " ; maskNames[ "ACCESS_MASK_DESKTOP",0x00100000 ] = "SYNCHRONIZE " ; maskNames[ "ACCESS_MASK_DESKTOP",0x00040000 ] = "WRITE_DAC " ; maskNames[ "ACCESS_MASK_DESKTOP",0x00080000 ] = "WRITE_OWNER " ; maskNames[ "ACCESS_MASK_DESKTOP",0x0040 ] = "DESKTOP_ENUMERATE " ;maskNames[ "ACCESS_MASK_DESKTOP",0x00000001 ] = "DESKTOP_READOBJECTS " ;maskNames[ "ACCESS_MASK_DESKTOP",0x0020 ] = "DESKTOP_JOURNALPLAYBACK " ;maskNames[ "ACCESS_MASK_DESKTOP",0x0080 ] = "DESKTOP_WRITEOBJECTS " ;maskNames[ "ACCESS_MASK_DESKTOP",0x00000002 ] = "DESKTOP_CREATEWINDOW " ;maskNames[ "ACCESS_MASK_DESKTOP",0x0004 ] = "DESKTOP_CREATEMENU " ;maskNames[ "ACCESS_MASK_DESKTOP",0x0008 ] = "DESKTOP_HOOKCONTROL " ;maskNames[ "ACCESS_MASK_DESKTOP",0x0010 ] = "DESKTOP_JOURNALRECORD " ;maskNames[ "ACCESS_MASK_DESKTOP",0x0100 ] = "DESKTOP_SWITCHDESKTOP " ;
	ArgTypeMap["NtDuplicateObject",7] = "DUPLICATE_MASK";ArgTypeMap["NtDuplicateObject",6] = "OBJ_ATTR_ATTR";ArgTypeMap["NtOpenEvent",2] = "ACCESS_MASK_EVENT"; ArgTypeMap["NtLoadKeyEx",6] = "ACCESS_MASK_REG_KEY"; ArgTypeMap["NtCreateKey",2] = "ACCESS_MASK_REG_KEY"; ArgTypeMap["NtOpenRegistryTransaction",2] = "ACCESS_MASK"; ArgTypeMap["NtCreateThread",2] = "ACCESS_MASK_THREAD"; ArgTypeMap["NtCreateUserProcess",3] = "ACCESS_MASK_PROCESS"; ArgTypeMap["NtCreateUserProcess",4] = "ACCESS_MASK_THREAD"; ArgTypeMap["NtOpenSection",2] = "ACCESS_MASK_SECTION"; ArgTypeMap["NtOpenKeyTransactedEx",2] = "ACCESS_MASK_REG_KEY"; ArgTypeMap["NtDuplicateToken",2] = "ACCESS_MASK_TOKEN"; ArgTypeMap["NtOpenKeyEx",2] = "ACCESS_MASK_REG_KEY"; ArgTypeMap["NtCreateKeyTransacted",2] = "ACCESS_MASK_REG_KEY"; ArgTypeMap["NtCreateEventPair",2] = "ACCESS_MASK_EVENT"; ArgTypeMap["NtCreateToken",2] = "ACCESS_MASK_TOKEN"; ArgTypeMap["NtOpenThread",2] = "ACCESS_MASK_THREAD"; ArgTypeMap["NtOpenThreadTokenEx",2] = "ACCESS_MASK_TOKEN"; ArgTypeMap["NtCreateWorkerFactory",2] = "ACCESS_MASK_WORKER_FACTORY"; ArgTypeMap["NtOpenDirectoryObject",2] = "ACCESS_MASK_OBJ_DIR"; ArgTypeMap["NtCreateLowBoxToken",3] = "ACCESS_MASK_TOKEN"; ArgTypeMap["NtOpenKey",2] = "ACCESS_MASK_REG_KEY"; ArgTypeMap["NtCreateFile",2] = "ACCESS_MASK_FILE"; ArgTypeMap["NtCreateDirectoryObject",2] = "ACCESS_MASK_OBJ_DIR"; ArgTypeMap["NtOpenFile",2] = "ACCESS_MASK_FILE"; ArgTypeMap["NtCreateSemaphore",2] = "ACCESS_MASK_SEMAPHORE"; ArgTypeMap["NtGetNextThread",3] = "ACCESS_MASK_THREAD"; ArgTypeMap["NtOpenThreadToken",2] = "ACCESS_MASK_TOKEN"; ArgTypeMap["NtOpenProcessToken",2] = "ACCESS_MASK_TOKEN"; ArgTypeMap["NtOpenProcessTokenEx",2] = "ACCESS_MASK_TOKEN"; ArgTypeMap["NtCreateDirectoryObjectEx",2] = "ACCESS_MASK_OBJ_DIR"; ArgTypeMap["NtOpenProcess",2] = "ACCESS_MASK_PROCESS"; ArgTypeMap["NtOpenKeyTransacted",2] = "ACCESS_MASK_REG_KEY"; ArgTypeMap["NtCreateProcess",2] = "ACCESS_MASK_PROCESS"; ArgTypeMap["NtCreateSection",2] = "ACCESS_MASK_SECTION"; ArgTypeMap["NtCreateThreadEx",2] = "ACCESS_MASK_THREAD"; ArgTypeMap["NtCreateEvent",2] = "ACCESS_MASK_EVENT"; ArgTypeMap["NtCreateSymbolicLinkObject",2] = "ACCESS_MASK_SYM_LINK"; ArgTypeMap["NtCreateTokenEx",2] = "ACCESS_MASK_TOKEN"; ArgTypeMap["NtAlpcOpenSenderProcess",5] = "ACCESS_MASK_PROCESS"; ArgTypeMap["NtCreateProcessEx",2] = "ACCESS_MASK_PROCESS"; ArgTypeMap["NtOpenEventPair",2] = "ACCESS_MASK_EVENT"; ArgTypeMap["NtOpenSemaphore",2] = "ACCESS_MASK_SEMAPHORE"; ArgTypeMap["NtOpenSymbolicLinkObject",2] = "ACCESS_MASK_SYM_LINK";
} 	
	  /* typedef enum _AUDIT_EVENT_TYPE {  AuditEventObjectAccess = 0,      AuditEventDirectoryServiceAccess = 1,    } AUDIT_EVENT_TYPE;
typedef enum _DIRECTORY_NOTIFY_INFORMATION_CLASS {  DirectoryNotifyInformation = 1,      DirectoryNotifyExtendedInformation = 2,    } DIRECTORY_NOTIFY_INFORMATION_CLASS;
   typedef enum _HARDERROR_RESPONSE_OPTION {  OptionAbortRetryIgnore = 0,      OptionOk = 1,      OptionOkCancel = 2,      OptionRetryCancel = 3,      OptionYesNo = 4,      OptionYesNoCancel = 5,      OptionShutdownSystem = 6,      OptionOkNoWait = 7,      OptionCancelTryContinue = 8,    } HARDERROR_RESPONSE_OPTION;
typedef enumenum _KTMOBJECT_TYPE {  KTMOBJECT_TRANSACTION = 0,      KTMOBJECT_TRANSACTION_MANAGER = 1,      KTMOBJECT_RESOURCE_MANAGER = 2,      KTMOBJECT_ENLISTMENT = 3,      KTMOBJECT_INVALID = 4,    } KTMOBJECT_TYPE;
typedef enum _LPC_TYPE {  LPC_INIT,   LPC_REQUEST,      LPC_REPLY,      LPC_DATAGRAM,      LPC_LOST_REPLY,      LPC_PORT_CLOSED,      LPC_CLIENT_DIED,      LPC_EXCEPTION,      LPC_DEBUG_EVENT,      LPC_ERROR_EVENT,      LPC_CONNECTION_REQUEST,      LPC_CONNECTION_REPLY,      LPC_CANCELED,      LPC_UNREGISTER_PROCESS,    } LPC_TYPE;
typedef enum _SHUTDOWN_ACTION {  ShutdownNoReboot = 0,      ShutdownReboot = 1,      ShutdownPowerOff = 2,      ShutdownRebootForRecovery = 3,    } SHUTDOWN_ACTION;
typedef enum _SYSDBG_COMMAND {  SysDbgQueryModuleInformation = 0,      SysDbgQueryTraceInformation = 1,      SysDbgSetTracepoint = 2,      SysDbgSetSpecialCall = 3,      SysDbgClearSpecialCalls = 4,      SysDbgQuerySpecialCalls = 5,      SysDbgBreakPoint = 6,      SysDbgQueryVersion = 7,      SysDbgReadVirtual = 8,      SysDbgWriteVirtual = 9,      SysDbgReadPhysical = 10,      SysDbgWritePhysical = 11,      SysDbgReadControlSpace = 12,      SysDbgWriteControlSpace = 13,      SysDbgReadIoSpace = 14,      SysDbgWriteIoSpace = 15,      SysDbgReadMsr = 16,      SysDbgWriteMsr = 17,      SysDbgReadBusData = 18,      SysDbgWriteBusData = 19,      SysDbgCheckLowMemory = 20,      SysDbgEnableKernelDebugger = 21,      SysDbgDisableKernelDebugger = 22,      SysDbgGetAutoKdEnable = 23,      SysDbgSetAutoKdEnable = 24,      SysDbgGetPrintBufferSize = 25,      SysDbgSetPrintBufferSize = 26,      SysDbgGetKdUmExceptionEnable = 27,      SysDbgSetKdUmExceptionEnable = 28,      SysDbgGetTriageDump = 29,      SysDbgGetKdBlockEnable = 30,      SysDbgSetKdBlockEnable = 31,      SysDbgRegisterForUmBreakInfo = 32,      SysDbgGetUmBreakPid = 33,      SysDbgClearUmBreakPid = 34,      SysDbgGetUmAttachPid = 35,      SysDbgClearUmAttachPid = 36,      SysDbgGetLiveKernelDump = 37,      SysDbgKdPullRemoteFile = 38,    } SYSDBG_COMMAND;
 -*/	
   
:::tick-100/  ++tickcount < maxTicks   /
{
	if( ++syscallparamidx > syscallinfos[ syscallidx ].argcount ){ 
		argCount[ stringof( syscallinfos[ syscallidx ].syscallname->str ) ] = syscallinfos[ syscallidx ].argcount;syscallidx++; syscallparamidx = 0;
	}
	if( ArgTypeMap[ stringof( syscallinfos[ syscallidx ].syscallname->str ), syscallparamidx ] == "" ){
		ArgTypeMap[ stringof( syscallinfos[ syscallidx ].syscallname->str ), syscallparamidx ] = typemap[ argtypes[ tickcount ] ]->str ;
	}
	if(debug){ printf("%s %d %d=%s\n\n", stringof( syscallinfos[ syscallidx ].syscallname->str ) , syscallinfos[ syscallidx ].probeid, syscallparamidx, typemap[ argtypes[ tickcount ] ]->str ); }
	if( syscallinfos[ syscallidx ].probeid == 0xffff ){ syscallidx++; } 
	if( tickcount == maxTicks - 2 ){ printf("\nStarted up\n"); started = 1; }
}  
typedef struct _UNICODE_STRING { USHORT Length; USHORT MaximumLength; uintptr_t Buffer ;} UNICODE_STRING;
typedef struct _OBJECT_ATTRIBUTES { ULONG Length; HANDLE RootDirectory; UNICODE_STRING* ObjectName; ULONG Attributes; PVOID SecurityDescriptor; PVOID SecurityQualityOfService;} OBJECT_ATTRIBUTES; 
typedef union  _LARGE_INTEGER { struct { DWORD LowPart; LONG HighPart; } DUMMYSTRUCTNAME; struct { DWORD LowPart; LONG HighPart; } u; LONGLONG QuadPart;} LARGE_INTEGER;
typedef struct _UNKNOWN{ char str[64]; } UNKNOWN;
typedef struct _LUID { DWORD LowPart; LONG HighPart;} LUID, *PLUID;

typedef struct _MASK_TYPE_VAL { string type; uint64_t value;} MASK_TYPE_VAL;
translator STR < MASK_TYPE_VAL  _ > 		{ 	str =   (
															a  = strjoin(	 maskNames[ _.type, (_.value & 1 ) * 1 ], maskNames[_.type, (_.value & 2 ) * 2 ])      ,
															b  = strjoin(a,  maskNames[ _.type, (_.value & 4 ) * 4 ]), c = strjoin(b, maskNames[ _.type, (_.value & 8 ) * 8 ]), d = strjoin(c, maskNames[ _.type, (_.value & 16 ) * 16 ]), e = strjoin(d, maskNames[_.type, (_.value & 32 ) * 32 ]) ,
															f  = strjoin(e,  maskNames[ _.type, (_.value & 64 ) * 64 ]), g = strjoin(f, maskNames[_.type, (_.value & 128 ) * 128 ]) , h = strjoin(g, maskNames[ _.type, (_.value & 256 ) * 256 ]),  i=   strjoin(h, maskNames[_.type, (_.value & 512 ) * 512 ]) ,
															j  = strjoin(i,  maskNames[ _.type, (_.value & 1024 ) * 1024 ]), k = strjoin(j, maskNames[_.type, (_.value & 2048 ) * 2048 ]) , l = strjoin(k, maskNames[ _.type, (_.value & 4096 ) * 4096 ]), n = strjoin(l, maskNames[_.type, (_.value & 8192 ) * 8192 ]) ,
															m  = strjoin(l,  maskNames[ _.type, (_.value & 16384 ) * 16384 ]), o = strjoin(m, maskNames[_.type, (_.value & 32768 ) * 32768 ]) , p = strjoin( o, maskNames[ _.type, (_.value & 65536 ) * 65536 ]), q = strjoin(p, maskNames[_.type, (_.value & 131072 ) * 131072 ]) ,
															v  = strjoin(q,  maskNames[ _.type, (_.value & 262144 ) * 262144 ]), x = strjoin(v, maskNames[_.type, (_.value & 524288 ) * 524288 ]) , y = strjoin( x,  maskNames[ _.type, (_.value & 1048576 ) * 1048576 ]),  z= strjoin(y, maskNames[_.type, (_.value & 2097152 ) * 2097152 ]) ,
															za = strjoin(z,  maskNames[ _.type, (_.value & 4194304 ) * 4194304 ]), zb = strjoin(za, maskNames[_.type, (_.value & 8388608 ) * 8388608 ]) , zc = strjoin( zb,  maskNames[ _.type, (_.value & 16777216  ) * 16777216 ]), zd = strjoin( zc, maskNames[_.type, (_.value & 33554432 ) * 33554432 ]) ,
															ze = strjoin(zd, maskNames[ _.type, (_.value & 67108864 ) * 67108864 ]), zf = strjoin(ze, maskNames[_.type, (_.value & 134217728 ) * 134217728 ]) , zg = strjoin( zf, maskNames[ _.type, (_.value & 268435456 ) * 268435456  ]), zh = strjoin(zg, maskNames[_.type, (_.value & 536870912  ) * 536870912 ]) ,
															zi = strjoin(zh, maskNames[ _.type, (_.value & 1073741824 ) * 1073741824 ]), strjoin(zi, maskNames[_.type, (_.value & 2147483648 ) * 2147483648 ]) 
														); 
												 
											};
translator STR < HANDLE _ > 				{ 	str = 	( _ == (HANDLE)0xffffffffffffffff) ? "NtCurrentProcess" :
														( _ == (HANDLE)0xfffffffffffffffe) ? "NtCurrentThread" :
														( _ == (HANDLE)0xfffffffffffffffa) ? "NtCurrentEffectiveToken" :
														( _ == (HANDLE)0xfffffffffffffffb) ? "NtCurrentThreadToken" :
														( _ == (HANDLE)0xfffffffffffffffc) ? "NtCurrentProcessToken" :
														lltostr( (uint32_t)_ , 16 )
												; 
												 
											};                                                                                            
translator STR < LUID*  _ > 				{ 	str =  lltostr( 0 ); };
translator STR < UNKNOWN*  _ > 				{ 	str =  lltostr( (uint64_t)_ , 16 );  };
translator STR < LARGE_INTEGER* _ > 		{ 	str = strjoin(strjoin( lltostr((uint64_t)_,16), "* = "),
																							( (uintptr_t)_ > MAX_USER ) ? lltostr( *((uint64_t*)_) , 16 ) 
																							:
																							( (uintptr_t)_ > 0 ) ? 	lltostr( *((uint64_t*)copyin((uintptr_t)_,sizeof(uint64_t))) , 16 ) 
																													:
																													"?"
															 )
												;
											}; 
translator STR < ULONG _ > 					{ 	str =  lltostr( (uint32_t)_ , 10 );	};
translator STR < BOOLEAN _ > 				{ 	str =  _ ? "true" : "false";	};
translator STR < IO_STATUS_BLOCK* _ > 		{ 	str  = lltostr( (uint64_t)_ , 16 );  }; 
translator STR < PHANDLE _ > 				{ 	str =  lltostr( (int64_t)_ , 16 );	};  
translator WSTR < UNICODE_STRING  _ > 		{ 	wstr = _.Buffer ? ((WSTR*)copyin( _.Buffer, _.Length +4))->wstr : wEmpty.wstr; }; 
translator WSTR < UNICODE_STRING* _ > 		{ 	wstr = ( (uintptr_t)_ > MAX_USER ) && ( (uintptr_t)_->Buffer > MAX_USER ) ? ( self->buf=(void*)alloca( ( (_->Length  ) +4)), bcopy( (void*)_->Buffer, self->buf, _->Length   ), ((WSTR*)self->buf)->wstr )
			 																			:
			 																			_  ? xlate< WSTR* >( * ( UNICODE_STRING* ) copyin( (uintptr_t)_ , sizeof( UNICODE_STRING ) ) )->wstr : wEmpty.wstr;
											};			 																
translator WSTR < OBJECT_ATTRIBUTES* _> 	{ wstr = ( (uintptr_t)_ > MAX_USER )   ?   	xlate<WSTR*>(  _->ObjectName )->wstr 
																						: 
																						( (uintptr_t)_ == 0 ) ? wEmpty.wstr :
																										 xlate<WSTR*>( ((OBJECT_ATTRIBUTES*)copyin( (uintptr_t)_ , sizeof( OBJECT_ATTRIBUTES ) ))->ObjectName )->wstr  
														 ;
												   
											};
											
translator STR < OBJECT_ATTRIBUTES _> 		{ 	str =  (	length = "{ Length = ", length = strjoin( length, lltostr(_.Length) ),str = strjoin( length ,", "),
															rootdirectory = "RootDirectory = ", yy= lltostr((uint64_t)_.RootDirectory) , rootdirectory = strjoin(rootdirectory, yy ), str=strjoin(str,rootdirectory),
															strjoin(str , ", ObjectName = \"")
													   );
												poststr = (	poststr = "\" , Attributes = ", poststr = strjoin(poststr,  lltostr(_.Attributes) ), 
															poststr = strjoin(poststr, " , SecurityDescriptor = "),poststr = strjoin(poststr, lltostr( (uint64_t)_.SecurityDescriptor, 16 ) ),
															poststr = strjoin(poststr, " , SecurityQualityOfService = "),poststr = strjoin(poststr, lltostr( (uint64_t)_.SecurityQualityOfService, 16 ) ),
															poststr = strjoin(poststr,  " }" ), poststr );
											};
translator STR < OBJECT_ATTRIBUTES* _> 		{ 	str = ( (uintptr_t)_ > MAX_USER )   ?  xlate<STR*>( *_ )->str :	_ ?   xlate<STR* >( *((OBJECT_ATTRIBUTES*)copyin( (uintptr_t)_ , sizeof( OBJECT_ATTRIBUTES ) )))->str   : ""; 
												poststr = ( (uintptr_t)_ > MAX_USER )   ?  xlate<STR*>( *_ )->poststr :	_ ? xlate<STR*>( *((OBJECT_ATTRIBUTES*)copyin( (uintptr_t)_ , sizeof( OBJECT_ATTRIBUTES ) )))->poststr : ""; 
											};
											
																						
											
self MASK_TYPE_VAL* mv;
typedef struct typeAndVal{ uintptr_t val; string type; } typeAndVal; 
translator STR < struct typeAndVal t > {
	str =  ( self->preType =  strjoin( t.type , " = " ), self->preDebug = strjoin( lltostr( (uint64_t)t.val,16) , " "), self->pre = strjoin( self->preType, debug ? self->preDebug : "" ),
	( t.type == "PHANDLE" ) ? strjoin( self->pre, xlate<   STR* >( ( PHANDLE  ) t.val )->str ) 																																					: 
			( t.type == "HANDLE" ) ?  strjoin( self->pre , xlate<   STR* >( ( HANDLE  ) t.val )->str )																																			: 
				( t.type == "PLUID" ) ? strjoin( self->pre, xlate<   STR* >( ( LUID* ) t.val )->str) 																																			:  
						( t.type == "PLARGE_INTEGER" ) ? strjoin( self->pre, xlate< STR* >( ( LARGE_INTEGER* ) t.val )->str) 																													:
							( t.type == "PIO_STATUS_BLOCK" ) ? strjoin( self->pre, xlate< STR* >( ( IO_STATUS_BLOCK* ) t.val )->str ) 																											:  
								( enumNames[ t.type , 0 ] != "" ) ? strjoin( self->pre, enumNames[ t.type , t.val] ) 																															:
									( masks[ t.type ] ) ? strjoin( self->pre,  ( 	self->mv = (MASK_TYPE_VAL*)alloca( sizeof( MASK_TYPE_VAL ) ), 
																					self->mv->type = t.type,
																					self->mv->value = (uint32_t) t.val ,
																					xlate< STR*  >( * self->mv )->str 
																				) 
																 )    																																											: 
										( t.type == "ULONG" ) ? strjoin( self->pre, xlate< STR* >( ( ULONG ) t.val )->str )  																													:
											( t.type == "BOOLEAN" ) ? strjoin( self->pre, xlate< STR* >( ( BOOLEAN ) t.val )->str )  																											:
												( t.type == "PUNICODE_STRING" ) ? self-> pre																																					:
													( t.type == "POBJECT_ATTRIBUTES" ) ?   strjoin( self->pre, xlate< STR* >( ( OBJECT_ATTRIBUTES* ) t.val )->str )  																			:
														strjoin( self->pre, xlate< STR* >( (UNKNOWN*) t.val )->str ) ); 
	poststr = ( t.type == "POBJECT_ATTRIBUTES" ) ?  xlate< STR* >( ( OBJECT_ATTRIBUTES* ) t.val )->poststr  :
				"";
		
};
translator WSTR < struct typeAndVal t > {
	wstr = 
	( t.type == "PUNICODE_STRING"  ) ? t.val ? xlate< WSTR* >( (UNICODE_STRING*)t.val )->wstr : wEmpty.wstr :
		( t.type == "POBJECT_ATTRIBUTES" ) ? t.val ? xlate< WSTR* >( (OBJECT_ATTRIBUTES*)  t.val )->wstr  : wEmpty.wstr :
			wEmpty.wstr;
};

typedef struct argval{ uintptr_t val; } argval; 
translator argval < int argi > {
	val = argi==0 ? arg0 : argi==1 ? arg1 : argi==2 ? arg2 : argi==3 ? arg3 : argi==4 ? arg4 : argi==5 ? arg5 : argi==6 ? arg6 : argi==7 ? arg7 :  argi==8 ? arg8 : argi==9 ? arg9 :  0;
};
translator struct typeAndVal < int argi > { val = xlate< argval >( argi - 1 ).val; type = ArgTypeMap[ probefunc , argi ]; };			
inline uint64_t argc =  argCount[probefunc] 	;	
	
syscall::*:entry/started/
{	
 
	printf( "\n%-16s( %5s:%-5s ) - %-28s ( %s%ws%s%s%s%ws%s%s%s%ws%s%s%s%ws%s%s%s%ws%s%s%s%ws%s%s%s%ws%s%s%s%ws%s )\n",execname, lltostr(pid), lltostr(tid), probefunc, 
				((argc > 0) ? xlate< STR >( *xlate< typeAndVal* >( 1 ) ).str : "") , ((argc > 0) ?  xlate< WSTR >( *xlate< typeAndVal* >( 1 ) ).wstr : wEmpty.wstr) ,  ((argc > 0) ? xlate< STR >( *xlate< typeAndVal* >( 1 ) ).poststr : "")   , (argc > 1) ? " , " : "" ,
				((argc > 1) ? xlate< STR >( *xlate< typeAndVal* >( 2 ) ).str : "") , ((argc > 1) ?  xlate< WSTR >( *xlate< typeAndVal* >( 2 ) ).wstr : wEmpty.wstr) ,  ((argc > 1) ? xlate< STR >( *xlate< typeAndVal* >( 2 ) ).poststr : "")   , (argc > 2) ? " , " : "" ,  
				((argc > 2) ? xlate< STR >( *xlate< typeAndVal* >( 3 ) ).str : "") , ((argc > 2) ?  xlate< WSTR >( *xlate< typeAndVal* >( 3 ) ).wstr : wEmpty.wstr) ,  ((argc > 2) ? xlate< STR >( *xlate< typeAndVal* >( 3 ) ).poststr : "")   , (argc > 3) ? " , " : "" ,
				((argc > 3) ? xlate< STR >( *xlate< typeAndVal* >( 4 ) ).str : "") , ((argc > 3) ?  xlate< WSTR >( *xlate< typeAndVal* >( 4 ) ).wstr : wEmpty.wstr) ,  ((argc > 3) ? xlate< STR >( *xlate< typeAndVal* >( 4 ) ).poststr : "")   , (argc > 4) ? " , " : "" ,  
				((argc > 4) ? xlate< STR >( *xlate< typeAndVal* >( 5 ) ).str : "") , ((argc > 4) ?  xlate< WSTR >( *xlate< typeAndVal* >( 5 ) ).wstr : wEmpty.wstr) ,  ((argc > 4) ? xlate< STR >( *xlate< typeAndVal* >( 5 ) ).poststr : "")   , (argc > 5) ? " , " : "" , 
				((argc > 5) ? xlate< STR >( *xlate< typeAndVal* >( 6 ) ).str : "") , ((argc > 5) ?  xlate< WSTR >( *xlate< typeAndVal* >( 6 ) ).wstr : wEmpty.wstr) ,  ((argc > 5) ? xlate< STR >( *xlate< typeAndVal* >( 6 ) ).poststr : "")   , (argc > 6) ? " , " : "" , 
				((argc > 6) ? xlate< STR >( *xlate< typeAndVal* >( 7 ) ).str : "") , ((argc > 6) ?  xlate< WSTR >( *xlate< typeAndVal* >( 7 ) ).wstr : wEmpty.wstr) ,  ((argc > 6) ? xlate< STR >( *xlate< typeAndVal* >( 7 ) ).poststr : "")   , (argc > 7) ? " , " : "" , 
				((argc > 7) ? xlate< STR >( *xlate< typeAndVal* >( 8 ) ).str : "") , ((argc > 7) ?  xlate< WSTR >( *xlate< typeAndVal* >( 8 ) ).wstr : wEmpty.wstr) ,  ((argc > 7) ? xlate< STR >( *xlate< typeAndVal* >( 8 ) ).poststr : "")    
	);																					 
}