win32api/kernel32typedef.go

package win32api

import "syscall"

type Ulong int32
type Ulong_ptr uintptr

const (
	LOCKFILE_EXCLUSIVE_LOCK   DWORD = 0x00000002
	LOCKFILE_FAIL_IMMEDIATELY DWORD = 0x00000001
)

type PROCESSENTRY32 struct {
	DwSize              Ulong
	CntUsage            Ulong
	Th32ProcessID       Ulong
	Th32DefaultHeapID   Ulong_ptr
	Th32ModuleID        Ulong
	CntThreads          Ulong
	Th32ParentProcessID Ulong
	PcPriClassBase      Ulong
	DwFlags             Ulong
	SzExeFile           [260]byte
}

type THREADENTRY32 struct {
	DwSize             DWORD
	CntUsage           DWORD
	Th32ThreadID       DWORD
	Th32OwnerProcessID DWORD
	TpBasePri          int32
	TpDeltaPri         int32
	DwFlags            DWORD
}

type MODULEENTRY32W struct {
	DwSize        DWORD
	Th32ModuleID  DWORD
	Th32ProcessID DWORD
	GlblcntUsage  DWORD
	ProccntUsage  DWORD
	ModBaseAddr   uintptr
	ModBaseSize   DWORD
	HModule       HMODULE
	SzModule      [MAX_MODULE_NAME32 + 1]uint16
	SzExePath     [syscall.MAX_PATH]uint16
}

type M128A struct {
	Low  uint64
	High int64
}

// AMD64_CONTEXT mirrors the Windows x64 CONTEXT layout closely enough for
// GetThreadContext/SetThreadContext on amd64 processes.
type AMD64_CONTEXT struct {
	P1Home               uint64
	P2Home               uint64
	P3Home               uint64
	P4Home               uint64
	P5Home               uint64
	P6Home               uint64
	ContextFlags         DWORD
	MxCsr                DWORD
	SegCs                WORD
	SegDs                WORD
	SegEs                WORD
	SegFs                WORD
	SegGs                WORD
	SegSs                WORD
	EFlags               DWORD
	Dr0                  uint64
	Dr1                  uint64
	Dr2                  uint64
	Dr3                  uint64
	Dr6                  uint64
	Dr7                  uint64
	Rax                  uint64
	Rcx                  uint64
	Rdx                  uint64
	Rbx                  uint64
	Rsp                  uint64
	Rbp                  uint64
	Rsi                  uint64
	Rdi                  uint64
	R8                   uint64
	R9                   uint64
	R10                  uint64
	R11                  uint64
	R12                  uint64
	R13                  uint64
	R14                  uint64
	R15                  uint64
	Rip                  uint64
	ExtendedRegisters    [512]byte
	VectorRegister       [26]M128A
	VectorControl        uint64
	DebugControl         uint64
	LastBranchToRip      uint64
	LastBranchFromRip    uint64
	LastExceptionToRip   uint64
	LastExceptionFromRip uint64
}

type DEBUG_EVENT_HEADER struct {
	DwDebugEventCode DWORD
	DwProcessId      DWORD
	DwThreadId       DWORD
}

type DebugEventInfo struct {
	Header   DEBUG_EVENT_HEADER
	CodeName string
}

type MEMORYSTATUSEX struct {
	DwLength                DWORD
	DwMemoryLoad            DWORD
	UllTotalPhys            DWORDLONG
	UllAvailPhys            DWORDLONG
	UllTotalPageFile        DWORDLONG
	UllAvailPageFile        DWORDLONG
	UllTotalVirtual         DWORDLONG
	UllAvailVirtual         DWORDLONG
	UllAvailExtendedVirtual DWORDLONG
}

type MEMORY_BASIC_INFORMATION struct {
	BaseAddress       uintptr
	AllocationBase    uintptr
	AllocationProtect DWORD
	RegionSize        uintptr
	State             DWORD
	Protect           DWORD
	Type              DWORD
}

type USN_JOURNAL_DATA struct {
	UsnJournalID    DWORDLONG
	FirstUsn        USN
	NextUsn         USN
	LowestValidUsn  USN
	MaxUsn          USN
	MaximumSize     DWORDLONG
	AllocationDelta DWORDLONG
}

type READ_USN_JOURNAL_DATA struct {
	StartUsn          USN
	ReasonMask        DWORD
	ReturnOnlyOnClose DWORD
	Timeout           DWORDLONG
	BytesToWaitFor    DWORDLONG
	UsnJournalID      DWORDLONG
}

type USN_RECORD struct {
	RecordLength              DWORD
	MajorVersion              WORD
	MinorVersion              WORD
	FileReferenceNumber       DWORDLONG
	ParentFileReferenceNumber DWORDLONG
	Usn                       USN
	TimeStamp                 LARGE_INTEGER
	Reason                    DWORD
	SourceInfo                DWORD
	SecurityId                DWORD
	FileAttributes            DWORD
	FileNameLength            WORD
	FileNameOffset            WORD
	FileName                  [1]WCHAR
}

type MFT_ENUM_DATA struct {
	StartFileReferenceNumber DWORDLONG
	LowUsn                   USN
	HighUsn                  USN
}

const (
	TH32CS_SNAPPROCESS         DWORD = 0x00000002
	TH32CS_SNAPTHREAD          DWORD = 0x00000004
	TH32CS_SNAPMODULE          DWORD = 0x00000008
	TH32CS_SNAPMODULE32        DWORD = 0x00000010
	FSCTL_ENUM_USN_DATA              = 0x900B3
	FSCTL_QUERY_USN_JOURNAL          = 0x900F4
	FSCTL_READ_USN_JOURNAL           = 0x900BB
	O_RDONLY                         = syscall.O_RDONLY
	O_RDWR                           = syscall.O_RDWR
	O_CREAT                          = syscall.O_CREAT
	O_WRONLY                         = syscall.O_WRONLY
	GENERIC_READ                     = syscall.GENERIC_READ
	GENERIC_WRITE                    = syscall.GENERIC_WRITE
	FILE_APPEND_DATA                 = syscall.FILE_APPEND_DATA
	FILE_SHARE_READ                  = syscall.FILE_SHARE_READ
	FILE_SHARE_WRITE                 = syscall.FILE_SHARE_WRITE
	ERROR_NO_MORE_FILES              = syscall.ERROR_NO_MORE_FILES
	ERROR_FILE_NOT_FOUND             = syscall.ERROR_FILE_NOT_FOUND
	O_APPEND                         = syscall.O_APPEND
	O_CLOEXEC                        = syscall.O_CLOEXEC
	O_EXCL                           = syscall.O_EXCL
	O_TRUNC                          = syscall.O_TRUNC
	CREATE_ALWAYS                    = syscall.CREATE_ALWAYS
	CREATE_NEW                       = syscall.CREATE_NEW
	OPEN_ALWAYS                      = syscall.OPEN_ALWAYS
	TRUNCATE_EXISTING                = syscall.TRUNCATE_EXISTING
	OPEN_EXISTING                    = syscall.OPEN_EXISTING
	FILE_ATTRIBUTE_NORMAL            = syscall.FILE_ATTRIBUTE_NORMAL
	FILE_FLAG_BACKUP_SEMANTICS       = syscall.FILE_FLAG_BACKUP_SEMANTICS
	FILE_ATTRIBUTE_DIRECTORY         = syscall.FILE_ATTRIBUTE_DIRECTORY
	MAX_LONG_PATH                    = syscall.MAX_LONG_PATH
)

const (
	MAX_MODULE_NAME32 = 255
)

const (
	PROCESS_CREATE_THREAD             DWORD = 0x0002
	PROCESS_TERMINATE                 DWORD = 0x0001
	PROCESS_VM_OPERATION              DWORD = 0x0008
	PROCESS_VM_READ                   DWORD = 0x0010
	PROCESS_VM_WRITE                  DWORD = 0x0020
	PROCESS_QUERY_INFORMATION         DWORD = 0x0400
	PROCESS_QUERY_LIMITED_INFORMATION DWORD = 0x1000
	PROCESS_SUSPEND_RESUME            DWORD = 0x0800
	SYNCHRONIZE                       DWORD = 0x00100000
	PROCESS_NAME_NATIVE               DWORD = 0x00000001
)

const (
	THREAD_TERMINATE          DWORD = 0x0001
	THREAD_SUSPEND_RESUME     DWORD = 0x0002
	THREAD_GET_CONTEXT        DWORD = 0x0008
	THREAD_SET_CONTEXT        DWORD = 0x0010
	THREAD_QUERY_INFORMATION  DWORD = 0x0040
	THREAD_SET_INFORMATION    DWORD = 0x0020
	THREAD_QUERY_LIMITED_INFO DWORD = 0x0800
	THREAD_SET_LIMITED_INFO   DWORD = 0x0400
)

const (
	CONTEXT_AMD64           DWORD = 0x00100000
	CONTEXT_CONTROL         DWORD = CONTEXT_AMD64 | 0x00000001
	CONTEXT_INTEGER         DWORD = CONTEXT_AMD64 | 0x00000002
	CONTEXT_SEGMENTS        DWORD = CONTEXT_AMD64 | 0x00000004
	CONTEXT_FLOATING_POINT  DWORD = CONTEXT_AMD64 | 0x00000008
	CONTEXT_DEBUG_REGISTERS DWORD = CONTEXT_AMD64 | 0x00000010
	CONTEXT_FULL            DWORD = CONTEXT_CONTROL | CONTEXT_INTEGER | CONTEXT_FLOATING_POINT
	CONTEXT_ALL             DWORD = CONTEXT_CONTROL | CONTEXT_INTEGER | CONTEXT_SEGMENTS | CONTEXT_FLOATING_POINT | CONTEXT_DEBUG_REGISTERS
)

const (
	PAGE_NOACCESS          DWORD = 0x01
	PAGE_READONLY          DWORD = 0x02
	PAGE_READWRITE         DWORD = 0x04
	PAGE_WRITECOPY         DWORD = 0x08
	PAGE_EXECUTE           DWORD = 0x10
	PAGE_EXECUTE_READ      DWORD = 0x20
	PAGE_EXECUTE_READWRITE DWORD = 0x40
	PAGE_EXECUTE_WRITECOPY DWORD = 0x80
	PAGE_GUARD             DWORD = 0x100
	PAGE_NOCACHE           DWORD = 0x200
	PAGE_WRITECOMBINE      DWORD = 0x400
)

const (
	MEM_COMMIT      DWORD = 0x00001000
	MEM_RESERVE     DWORD = 0x00002000
	MEM_DECOMMIT    DWORD = 0x00004000
	MEM_RELEASE     DWORD = 0x00008000
	MEM_FREE        DWORD = 0x00010000
	MEM_PRIVATE     DWORD = 0x00020000
	MEM_MAPPED      DWORD = 0x00040000
	MEM_TOP_DOWN    DWORD = 0x00100000
	MEM_WRITE_WATCH DWORD = 0x00200000
	MEM_PHYSICAL    DWORD = 0x00400000
	MEM_RESET       DWORD = 0x00080000
	MEM_RESET_UNDO  DWORD = 0x01000000
	MEM_LARGE_PAGES DWORD = 0x20000000
	MEM_IMAGE       DWORD = 0x01000000
)

const (
	WAIT_OBJECT_0  DWORD = 0x00000000
	WAIT_ABANDONED       = 0x00000080
	WAIT_TIMEOUT         = 0x00000102
	WAIT_FAILED          = 0xFFFFFFFF
	INFINITE             = 0xFFFFFFFF
)

const (
	STILL_ACTIVE            DWORD = 259
	INVALID_FILE_ATTRIBUTES DWORD = 0xFFFFFFFF
)

const (
	MAXIMUM_WAIT_OBJECTS DWORD = 64
)

const (
	MOVEFILE_REPLACE_EXISTING      DWORD = 0x00000001
	MOVEFILE_COPY_ALLOWED          DWORD = 0x00000002
	MOVEFILE_DELAY_UNTIL_REBOOT    DWORD = 0x00000004
	MOVEFILE_WRITE_THROUGH         DWORD = 0x00000008
	MOVEFILE_CREATE_HARDLINK       DWORD = 0x00000010
	MOVEFILE_FAIL_IF_NOT_TRACKABLE DWORD = 0x00000020
)

type FILE_ID_DESCRIPTOR struct {
	DwSize DWORD
	Type   FILE_ID_TYPE
	FileId DWORDLONG
	_      [8]byte
}

type FILE_ID_TYPE DWORD

const (
	FileIdType FILE_ID_TYPE = iota
	ObjectIdType
	ExtendedFileIdType
	MaximumFileIdType
)

const (
	FORMAT_MESSAGE_ALLOCATE_BUFFER DWORD = 0x00000100
	FORMAT_MESSAGE_IGNORE_INSERTS  DWORD = 0x00000200
	FORMAT_MESSAGE_FROM_SYSTEM     DWORD = 0x00001000
)

const (
	FILE_SHARE_DELETE = syscall.FILE_SHARE_DELETE
)

const (
	CREATE_SUSPENDED        DWORD = 0x00000004
	DEBUG_PROCESS           DWORD = 0x00000001
	DEBUG_ONLY_THIS_PROCESS DWORD = 0x00000002
)

const (
	EXCEPTION_DEBUG_EVENT      DWORD = 1
	CREATE_THREAD_DEBUG_EVENT  DWORD = 2
	CREATE_PROCESS_DEBUG_EVENT DWORD = 3
	EXIT_THREAD_DEBUG_EVENT    DWORD = 4
	EXIT_PROCESS_DEBUG_EVENT   DWORD = 5
	LOAD_DLL_DEBUG_EVENT       DWORD = 6
	UNLOAD_DLL_DEBUG_EVENT     DWORD = 7
	OUTPUT_DEBUG_STRING_EVENT  DWORD = 8
	RIP_EVENT                  DWORD = 9
)

const (
	DBG_CONTINUE              DWORD = 0x00010002
	DBG_EXCEPTION_NOT_HANDLED DWORD = 0x80010001
)

const (
	GMEM_MOVEABLE       = 0x0002
	GMEM_ZEROINIT       = 0x0040
	GMEM_DDESHARE       = 0x2000
	GMEM_SHARE          = GMEM_DDESHARE
	GMEM_FIXED          = 0x0000
	GMEM_DISCARDABLE    = 0x0100
	GMEM_NOT_BANKED     = 0x1000
	GMEM_NOTIFY         = 0x4000
	GMEM_LOWER          = GMEM_NOT_BANKED
	GMEM_VALID_FLAGS    = 0x7F72
	GMEM_INVALID_HANDLE = 0x8000
	GHND                = (GMEM_MOVEABLE | GMEM_ZEROINIT)
	GPTR                = (GMEM_FIXED | GMEM_ZEROINIT)
)
Update New API\ 2019-03-11 14:54:38 +08:00			`package win32api`

new func add 2021-11-15 17:25:42 +08:00			`import "syscall"`

Update New API\ 2019-03-11 14:54:38 +08:00			`type Ulong int32`
			`type Ulong_ptr uintptr`

new function add 2021-09-01 11:03:37 +08:00			`const (`
			`LOCKFILE_EXCLUSIVE_LOCK DWORD = 0x00000002`
			`LOCKFILE_FAIL_IMMEDIATELY DWORD = 0x00000001`
			`)`

Update New API\ 2019-03-11 14:54:38 +08:00			`type PROCESSENTRY32 struct {`
			`DwSize Ulong`
			`CntUsage Ulong`
			`Th32ProcessID Ulong`
			`Th32DefaultHeapID Ulong_ptr`
			`Th32ModuleID Ulong`
			`CntThreads Ulong`
			`Th32ParentProcessID Ulong`
			`PcPriClassBase Ulong`
			`DwFlags Ulong`
			`SzExeFile [260]byte`
			`}`
add new api 2020-10-19 21:14:49 +08:00
修正 Win32 封装语义并补齐关键结构体/进程测试覆盖 - 修正 WTS 会话相关类型、枚举与活动会话选择逻辑 - 对齐 FILE_ID_DESCRIPTOR 布局与 FILE_ID_TYPE 语义，修复 OpenFileById 调用前提 - 修正 user32/shell32/kernel32 部分 API 的返回值、参数个数与错误处理 - 完善剪贴板更新格式读取的缓冲区重试逻辑 - 补充常用进程、线程、调试、桌面与会话 helper - 增加结构体布局、会话查询、剪贴板、CreateProcess 等回归测试 - 将默认 CreateProcess 相关测试切到 helper 进程，并保留显式开启的 cmd.exe 集成覆盖 2026-06-06 17:46:02 +08:00			`type THREADENTRY32 struct {`
			`DwSize DWORD`
			`CntUsage DWORD`
			`Th32ThreadID DWORD`
			`Th32OwnerProcessID DWORD`
			`TpBasePri int32`
			`TpDeltaPri int32`
			`DwFlags DWORD`
			`}`

			`type MODULEENTRY32W struct {`
			`DwSize DWORD`
			`Th32ModuleID DWORD`
			`Th32ProcessID DWORD`
			`GlblcntUsage DWORD`
			`ProccntUsage DWORD`
			`ModBaseAddr uintptr`
			`ModBaseSize DWORD`
			`HModule HMODULE`
			`SzModule [MAX_MODULE_NAME32 + 1]uint16`
			`SzExePath [syscall.MAX_PATH]uint16`
			`}`

			`type M128A struct {`
			`Low uint64`
			`High int64`
			`}`

			`// AMD64_CONTEXT mirrors the Windows x64 CONTEXT layout closely enough for`
			`// GetThreadContext/SetThreadContext on amd64 processes.`
			`type AMD64_CONTEXT struct {`
			`P1Home uint64`
			`P2Home uint64`
			`P3Home uint64`
			`P4Home uint64`
			`P5Home uint64`
			`P6Home uint64`
			`ContextFlags DWORD`
			`MxCsr DWORD`
			`SegCs WORD`
			`SegDs WORD`
			`SegEs WORD`
			`SegFs WORD`
			`SegGs WORD`
			`SegSs WORD`
			`EFlags DWORD`
			`Dr0 uint64`
			`Dr1 uint64`
			`Dr2 uint64`
			`Dr3 uint64`
			`Dr6 uint64`
			`Dr7 uint64`
			`Rax uint64`
			`Rcx uint64`
			`Rdx uint64`
			`Rbx uint64`
			`Rsp uint64`
			`Rbp uint64`
			`Rsi uint64`
			`Rdi uint64`
			`R8 uint64`
			`R9 uint64`
			`R10 uint64`
			`R11 uint64`
			`R12 uint64`
			`R13 uint64`
			`R14 uint64`
			`R15 uint64`
			`Rip uint64`
			`ExtendedRegisters [512]byte`
			`VectorRegister [26]M128A`
			`VectorControl uint64`
			`DebugControl uint64`
			`LastBranchToRip uint64`
			`LastBranchFromRip uint64`
			`LastExceptionToRip uint64`
			`LastExceptionFromRip uint64`
			`}`

			`type DEBUG_EVENT_HEADER struct {`
			`DwDebugEventCode DWORD`
			`DwProcessId DWORD`
			`DwThreadId DWORD`
			`}`

			`type DebugEventInfo struct {`
			`Header DEBUG_EVENT_HEADER`
			`CodeName string`
			`}`

add new api 2020-10-19 21:14:49 +08:00			`type MEMORYSTATUSEX struct {`
			`DwLength DWORD`
			`DwMemoryLoad DWORD`
			`UllTotalPhys DWORDLONG`
			`UllAvailPhys DWORDLONG`
			`UllTotalPageFile DWORDLONG`
			`UllAvailPageFile DWORDLONG`
			`UllTotalVirtual DWORDLONG`
			`UllAvailVirtual DWORDLONG`
			`UllAvailExtendedVirtual DWORDLONG`
			`}`
new func add 2021-11-15 17:25:42 +08:00
修正 Win32 封装语义并补齐关键结构体/进程测试覆盖 - 修正 WTS 会话相关类型、枚举与活动会话选择逻辑 - 对齐 FILE_ID_DESCRIPTOR 布局与 FILE_ID_TYPE 语义，修复 OpenFileById 调用前提 - 修正 user32/shell32/kernel32 部分 API 的返回值、参数个数与错误处理 - 完善剪贴板更新格式读取的缓冲区重试逻辑 - 补充常用进程、线程、调试、桌面与会话 helper - 增加结构体布局、会话查询、剪贴板、CreateProcess 等回归测试 - 将默认 CreateProcess 相关测试切到 helper 进程，并保留显式开启的 cmd.exe 集成覆盖 2026-06-06 17:46:02 +08:00			`type MEMORY_BASIC_INFORMATION struct {`
			`BaseAddress uintptr`
			`AllocationBase uintptr`
			`AllocationProtect DWORD`
			`RegionSize uintptr`
			`State DWORD`
			`Protect DWORD`
			`Type DWORD`
			`}`

new func add 2021-11-15 17:25:42 +08:00			`type USN_JOURNAL_DATA struct {`
			`UsnJournalID DWORDLONG`
			`FirstUsn USN`
			`NextUsn USN`
			`LowestValidUsn USN`
			`MaxUsn USN`
			`MaximumSize DWORDLONG`
			`AllocationDelta DWORDLONG`
			`}`

			`type READ_USN_JOURNAL_DATA struct {`
			`StartUsn USN`
			`ReasonMask DWORD`
			`ReturnOnlyOnClose DWORD`
			`Timeout DWORDLONG`
			`BytesToWaitFor DWORDLONG`
			`UsnJournalID DWORDLONG`
			`}`

			`type USN_RECORD struct {`
			`RecordLength DWORD`
			`MajorVersion WORD`
			`MinorVersion WORD`
			`FileReferenceNumber DWORDLONG`
			`ParentFileReferenceNumber DWORDLONG`
			`Usn USN`
			`TimeStamp LARGE_INTEGER`
			`Reason DWORD`
			`SourceInfo DWORD`
			`SecurityId DWORD`
			`FileAttributes DWORD`
			`FileNameLength WORD`
			`FileNameOffset WORD`
			`FileName [1]WCHAR`
			`}`

			`type MFT_ENUM_DATA struct {`
			`StartFileReferenceNumber DWORDLONG`
			`LowUsn USN`
			`HighUsn USN`
			`}`

			`const (`
修正 Win32 封装语义并补齐关键结构体/进程测试覆盖 - 修正 WTS 会话相关类型、枚举与活动会话选择逻辑 - 对齐 FILE_ID_DESCRIPTOR 布局与 FILE_ID_TYPE 语义，修复 OpenFileById 调用前提 - 修正 user32/shell32/kernel32 部分 API 的返回值、参数个数与错误处理 - 完善剪贴板更新格式读取的缓冲区重试逻辑 - 补充常用进程、线程、调试、桌面与会话 helper - 增加结构体布局、会话查询、剪贴板、CreateProcess 等回归测试 - 将默认 CreateProcess 相关测试切到 helper 进程，并保留显式开启的 cmd.exe 集成覆盖 2026-06-06 17:46:02 +08:00			`TH32CS_SNAPPROCESS DWORD = 0x00000002`
			`TH32CS_SNAPTHREAD DWORD = 0x00000004`
			`TH32CS_SNAPMODULE DWORD = 0x00000008`
			`TH32CS_SNAPMODULE32 DWORD = 0x00000010`
			`FSCTL_ENUM_USN_DATA = 0x900B3`
			`FSCTL_QUERY_USN_JOURNAL = 0x900F4`
			`FSCTL_READ_USN_JOURNAL = 0x900BB`
			`O_RDONLY = syscall.O_RDONLY`
			`O_RDWR = syscall.O_RDWR`
			`O_CREAT = syscall.O_CREAT`
			`O_WRONLY = syscall.O_WRONLY`
			`GENERIC_READ = syscall.GENERIC_READ`
			`GENERIC_WRITE = syscall.GENERIC_WRITE`
			`FILE_APPEND_DATA = syscall.FILE_APPEND_DATA`
			`FILE_SHARE_READ = syscall.FILE_SHARE_READ`
			`FILE_SHARE_WRITE = syscall.FILE_SHARE_WRITE`
			`ERROR_NO_MORE_FILES = syscall.ERROR_NO_MORE_FILES`
			`ERROR_FILE_NOT_FOUND = syscall.ERROR_FILE_NOT_FOUND`
			`O_APPEND = syscall.O_APPEND`
			`O_CLOEXEC = syscall.O_CLOEXEC`
			`O_EXCL = syscall.O_EXCL`
			`O_TRUNC = syscall.O_TRUNC`
			`CREATE_ALWAYS = syscall.CREATE_ALWAYS`
			`CREATE_NEW = syscall.CREATE_NEW`
			`OPEN_ALWAYS = syscall.OPEN_ALWAYS`
			`TRUNCATE_EXISTING = syscall.TRUNCATE_EXISTING`
			`OPEN_EXISTING = syscall.OPEN_EXISTING`
			`FILE_ATTRIBUTE_NORMAL = syscall.FILE_ATTRIBUTE_NORMAL`
			`FILE_FLAG_BACKUP_SEMANTICS = syscall.FILE_FLAG_BACKUP_SEMANTICS`
			`FILE_ATTRIBUTE_DIRECTORY = syscall.FILE_ATTRIBUTE_DIRECTORY`
			`MAX_LONG_PATH = syscall.MAX_LONG_PATH`
			`)`

			`const (`
			`MAX_MODULE_NAME32 = 255`
			`)`

			`const (`
			`PROCESS_CREATE_THREAD DWORD = 0x0002`
			`PROCESS_TERMINATE DWORD = 0x0001`
			`PROCESS_VM_OPERATION DWORD = 0x0008`
			`PROCESS_VM_READ DWORD = 0x0010`
			`PROCESS_VM_WRITE DWORD = 0x0020`
			`PROCESS_QUERY_INFORMATION DWORD = 0x0400`
			`PROCESS_QUERY_LIMITED_INFORMATION DWORD = 0x1000`
			`PROCESS_SUSPEND_RESUME DWORD = 0x0800`
			`SYNCHRONIZE DWORD = 0x00100000`
			`PROCESS_NAME_NATIVE DWORD = 0x00000001`
			`)`

			`const (`
			`THREAD_TERMINATE DWORD = 0x0001`
			`THREAD_SUSPEND_RESUME DWORD = 0x0002`
			`THREAD_GET_CONTEXT DWORD = 0x0008`
			`THREAD_SET_CONTEXT DWORD = 0x0010`
			`THREAD_QUERY_INFORMATION DWORD = 0x0040`
			`THREAD_SET_INFORMATION DWORD = 0x0020`
			`THREAD_QUERY_LIMITED_INFO DWORD = 0x0800`
			`THREAD_SET_LIMITED_INFO DWORD = 0x0400`
			`)`

			`const (`
			`CONTEXT_AMD64 DWORD = 0x00100000`
			`CONTEXT_CONTROL DWORD = CONTEXT_AMD64 \| 0x00000001`
			`CONTEXT_INTEGER DWORD = CONTEXT_AMD64 \| 0x00000002`
			`CONTEXT_SEGMENTS DWORD = CONTEXT_AMD64 \| 0x00000004`
			`CONTEXT_FLOATING_POINT DWORD = CONTEXT_AMD64 \| 0x00000008`
			`CONTEXT_DEBUG_REGISTERS DWORD = CONTEXT_AMD64 \| 0x00000010`
			`CONTEXT_FULL DWORD = CONTEXT_CONTROL \| CONTEXT_INTEGER \| CONTEXT_FLOATING_POINT`
			`CONTEXT_ALL DWORD = CONTEXT_CONTROL \| CONTEXT_INTEGER \| CONTEXT_SEGMENTS \| CONTEXT_FLOATING_POINT \| CONTEXT_DEBUG_REGISTERS`
			`)`

			`const (`
			`PAGE_NOACCESS DWORD = 0x01`
			`PAGE_READONLY DWORD = 0x02`
			`PAGE_READWRITE DWORD = 0x04`
			`PAGE_WRITECOPY DWORD = 0x08`
			`PAGE_EXECUTE DWORD = 0x10`
			`PAGE_EXECUTE_READ DWORD = 0x20`
			`PAGE_EXECUTE_READWRITE DWORD = 0x40`
			`PAGE_EXECUTE_WRITECOPY DWORD = 0x80`
			`PAGE_GUARD DWORD = 0x100`
			`PAGE_NOCACHE DWORD = 0x200`
			`PAGE_WRITECOMBINE DWORD = 0x400`
			`)`

			`const (`
			`MEM_COMMIT DWORD = 0x00001000`
			`MEM_RESERVE DWORD = 0x00002000`
			`MEM_DECOMMIT DWORD = 0x00004000`
			`MEM_RELEASE DWORD = 0x00008000`
			`MEM_FREE DWORD = 0x00010000`
			`MEM_PRIVATE DWORD = 0x00020000`
			`MEM_MAPPED DWORD = 0x00040000`
			`MEM_TOP_DOWN DWORD = 0x00100000`
			`MEM_WRITE_WATCH DWORD = 0x00200000`
			`MEM_PHYSICAL DWORD = 0x00400000`
			`MEM_RESET DWORD = 0x00080000`
			`MEM_RESET_UNDO DWORD = 0x01000000`
			`MEM_LARGE_PAGES DWORD = 0x20000000`
			`MEM_IMAGE DWORD = 0x01000000`
			`)`

			`const (`
			`WAIT_OBJECT_0 DWORD = 0x00000000`
			`WAIT_ABANDONED = 0x00000080`
			`WAIT_TIMEOUT = 0x00000102`
			`WAIT_FAILED = 0xFFFFFFFF`
			`INFINITE = 0xFFFFFFFF`
			`)`

			`const (`
			`STILL_ACTIVE DWORD = 259`
			`INVALID_FILE_ATTRIBUTES DWORD = 0xFFFFFFFF`
			`)`

			`const (`
			`MAXIMUM_WAIT_OBJECTS DWORD = 64`
			`)`

			`const (`
			`MOVEFILE_REPLACE_EXISTING DWORD = 0x00000001`
			`MOVEFILE_COPY_ALLOWED DWORD = 0x00000002`
			`MOVEFILE_DELAY_UNTIL_REBOOT DWORD = 0x00000004`
			`MOVEFILE_WRITE_THROUGH DWORD = 0x00000008`
			`MOVEFILE_CREATE_HARDLINK DWORD = 0x00000010`
			`MOVEFILE_FAIL_IF_NOT_TRACKABLE DWORD = 0x00000020`
new func add 2021-11-15 17:25:42 +08:00			`)`

			`type FILE_ID_DESCRIPTOR struct {`
修正 Win32 封装语义并补齐关键结构体/进程测试覆盖 - 修正 WTS 会话相关类型、枚举与活动会话选择逻辑 - 对齐 FILE_ID_DESCRIPTOR 布局与 FILE_ID_TYPE 语义，修复 OpenFileById 调用前提 - 修正 user32/shell32/kernel32 部分 API 的返回值、参数个数与错误处理 - 完善剪贴板更新格式读取的缓冲区重试逻辑 - 补充常用进程、线程、调试、桌面与会话 helper - 增加结构体布局、会话查询、剪贴板、CreateProcess 等回归测试 - 将默认 CreateProcess 相关测试切到 helper 进程，并保留显式开启的 cmd.exe 集成覆盖 2026-06-06 17:46:02 +08:00			`DwSize DWORD`
			`Type FILE_ID_TYPE`
			`FileId DWORDLONG`
			`_ [8]byte`
new func add 2021-11-15 17:25:42 +08:00			`}`
update 2024-03-30 15:06:00 +08:00
修正 Win32 封装语义并补齐关键结构体/进程测试覆盖 - 修正 WTS 会话相关类型、枚举与活动会话选择逻辑 - 对齐 FILE_ID_DESCRIPTOR 布局与 FILE_ID_TYPE 语义，修复 OpenFileById 调用前提 - 修正 user32/shell32/kernel32 部分 API 的返回值、参数个数与错误处理 - 完善剪贴板更新格式读取的缓冲区重试逻辑 - 补充常用进程、线程、调试、桌面与会话 helper - 增加结构体布局、会话查询、剪贴板、CreateProcess 等回归测试 - 将默认 CreateProcess 相关测试切到 helper 进程，并保留显式开启的 cmd.exe 集成覆盖 2026-06-06 17:46:02 +08:00			`type FILE_ID_TYPE DWORD`

			`const (`
			`FileIdType FILE_ID_TYPE = iota`
			`ObjectIdType`
			`ExtendedFileIdType`
			`MaximumFileIdType`
			`)`

			`const (`
			`FORMAT_MESSAGE_ALLOCATE_BUFFER DWORD = 0x00000100`
			`FORMAT_MESSAGE_IGNORE_INSERTS DWORD = 0x00000200`
			`FORMAT_MESSAGE_FROM_SYSTEM DWORD = 0x00001000`
			`)`

			`const (`
			`FILE_SHARE_DELETE = syscall.FILE_SHARE_DELETE`
			`)`

			`const (`
			`CREATE_SUSPENDED DWORD = 0x00000004`
			`DEBUG_PROCESS DWORD = 0x00000001`
			`DEBUG_ONLY_THIS_PROCESS DWORD = 0x00000002`
			`)`

			`const (`
			`EXCEPTION_DEBUG_EVENT DWORD = 1`
			`CREATE_THREAD_DEBUG_EVENT DWORD = 2`
			`CREATE_PROCESS_DEBUG_EVENT DWORD = 3`
			`EXIT_THREAD_DEBUG_EVENT DWORD = 4`
			`EXIT_PROCESS_DEBUG_EVENT DWORD = 5`
			`LOAD_DLL_DEBUG_EVENT DWORD = 6`
			`UNLOAD_DLL_DEBUG_EVENT DWORD = 7`
			`OUTPUT_DEBUG_STRING_EVENT DWORD = 8`
			`RIP_EVENT DWORD = 9`
			`)`

			`const (`
			`DBG_CONTINUE DWORD = 0x00010002`
			`DBG_EXCEPTION_NOT_HANDLED DWORD = 0x80010001`
			`)`

update 2024-03-30 15:06:00 +08:00			`const (`
			`GMEM_MOVEABLE = 0x0002`
			`GMEM_ZEROINIT = 0x0040`
			`GMEM_DDESHARE = 0x2000`
			`GMEM_SHARE = GMEM_DDESHARE`
			`GMEM_FIXED = 0x0000`
			`GMEM_DISCARDABLE = 0x0100`
			`GMEM_NOT_BANKED = 0x1000`
			`GMEM_NOTIFY = 0x4000`
			`GMEM_LOWER = GMEM_NOT_BANKED`
			`GMEM_VALID_FLAGS = 0x7F72`
			`GMEM_INVALID_HANDLE = 0x8000`
			`GHND = (GMEM_MOVEABLE \| GMEM_ZEROINIT)`
			`GPTR = (GMEM_FIXED \| GMEM_ZEROINIT)`
			`)`