Valid HTML 4.01 Transitional Valid CSS Valid SVG 1.0

Me, myself & IT

Tidbits – Tiny Console Applications plus some Scripts

Click the appropriate button to select and display your tidbit, or the last (empty) button to reset your selection and hide the tidbit.

All console applications are presented with their (self-contained) ANSI C source code and build without the MSVCRT runtime library.

Group Policy Scripts Client Registration

Process Launcher Privilege Twiddler

Really Known SIDs Enumerator Security Descriptor Definition Language Decoder

Security Descriptor Inspector 8.3 File and Directory Name Changer

Directory Change Notifier Debug String Monitor

Product Key Validator Shim Database Decoder

Registry Policy Reader Registry INF Dumper Offline Registry Reader

Portable Executable Version Information Reader Portable Executable Resource Enumerator

UU Encoder Base64 Encoder

MSVC Helper Library  • 

Process Launcher

Purpose
Demonstration

Purpose

Launch an arbitrary process with arbitrary command line, customised environment variables and arbitrary privileges enabled in an arbitrary working directory.

Note: only privileges already assigned to a user user account can be enabled!

.

Demonstration

Perform the following 2 simple steps to launch the Command Processor Cmd.exe with the privileges SeAuditPrivilege, SeBackupPrivilege, SeDebugPrivilege, SeRestorePrivilege, SeSecurityPrivilege and SeTakeOwnershipPrivilege enabled in the directory C:\System Volume Information\ and list its contents.

  1. Create the text file PROCESS.VBS with the following content in an arbitrary directory: 

    Rem Copyright © 1999-2023, Stefan Kanthak <‍stefan‍.‍kanthak‍@‍nexgo‍.‍de‍>

Rem * The software is provided "as is" without any warranty, neither express
Rem   nor implied.
Rem * In no event will the author be held liable for any damage(s) arising
Rem   from the use of the software.
Rem * Redistribution of the software is allowed only in unmodified form.
Rem * Permission is granted to use the software solely for personal private
Rem   and non-commercial purposes.
Rem * An individuals use of the software in his or her capacity or function
Rem   as an agent, (independent) contractor, employee, member or officer of
Rem   a business, corporation or organization (commercial or non-commercial)
Rem   does not qualify as personal private and non-commercial purpose.
Rem * Without written approval from the author the software must not be used
Rem   for a business, for commercial, corporate, governmental, military or
Rem   organizational purposes of any kind, or in a commercial, corporate,
Rem   governmental, military or organizational environment of any kind.

Option Explicit

Const strCommandLine = "C:\Windows\System32\Cmd.exe /D /K DIR /A"
Const strCurrentDirectory = "C:\System Volume Information"

Dim arrEnvironment(10)
arrEnvironment(0) = "NoDefaultCurrentDirectoryInExePath=*"

With WScript.CreateObject("Scripting.FileSystemObject")
	Const fsoWindowsFolder   = 0
	Const fsoSystemFolder    = 1
	Const fsoTemporaryFolder = 2

	arrEnvironment(1) = "SYSTEMDRIVE=" & .GetSpecialFolder(fsoWindowsFolder).Drive
	arrEnvironment(2) = "SYSTEMROOT=" & .GetSpecialFolder(fsoWindowsFolder).Path
	arrEnvironment(3) = "PATH=" & .GetSpecialFolder(fsoSystemFolder).Path & ";" & .GetSpecialFolder(fsoWindowsFolder).Path
	arrEnvironment(4) = "TEMP=" & .GetSpecialFolder(fsoTemporaryFolder).Path
	arrEnvironment(5) = "LOCALAPPDATA=" & .GetSpecialFolder(fsoTemporaryFolder).ParentFolder.Path
	arrEnvironment(6) = "USERPROFILE=" & .GetSpecialFolder(fsoTemporaryFolder).ParentFolder.ParentFolder.ParentFolder.Path
End With

With WScript.CreateObject("WScript.Network")
	arrEnvironment(7) = "COMPUTERNAME=" & .ComputerName
	arrEnvironment(8) = "USERDOMAIN=" & .UserDomain
	arrEnvironment(9) = "USERNAME=" & .UserName
End With

With GetObject("WinMgmts:{impersonationLevel=Impersonate, (Audit, Backup, Debug, Restore, Security, TakeOwnership)}!\\.\Root\CIMv2")
	Dim objProcessStartup
	Set objProcessStartup = .Get("Win32_ProcessStartup").SpawnInstance_
	With objProcessStartup
	'	.CreateFlags = 8	' Detached_Process
		.EnvironmentVariables = arrEnvironment
		.ErrorMode = 2		' Fail_Critical_Errors
		.FillAttribute = 240	' Black on White
		.PriorityClass = 32	' Normal
		.ShowWindow = 1		' SW_NORMAL
		.Title = vbNullString
		.WinstationDesktop = vbNullString
	'	.X = 0
		.XCountChars = 80
	'	.XSize = 640
	'	.Y = 240
		.YCountChars = 50
	'	.YSize = 480
	End With

	Dim intReturn, intProcessID
	intReturn = .Get("Win32_Process").Create(strCommandLine, strCurrentDirectory, objProcessStartup, intProcessID)
	If intReturn <> 0 Then
		WScript.Echo "Error " & intReturn
	Else
		WScript.Echo "Process " & intProcessID & " created"
	End If
End With

  2. Execute the VBScript PROCESS.VBS created in step 1. per double-click.

    Note: PROCESS.VBS must be run under a user account which has the privileges to enable assigned, typically any member of the BUILTIN\Administrators user group!

Group Policy Scripts

Purpose
Operation

Purpose

Add startup, shutdown, logon and logoff scripts (really: arbitrary command lines, which are executed during shutdown, startup, logoff and logon) programmatically, without a Group Policy, using just what’s already installed with Windows®.

Note: startup and shutdown scripts run under the NT AUTHORITY\SYSTEM alias LocalSystem account; logon and logoff scripts run under the current user account.

Operation

Download the setup script SCRIPTS.INF and save it in an arbitrary directory, then right-click the downloaded file to display its context menu and click Install to run it.

Note: on Windows Vista and newer versions of Windows NT, InfDefaultInstall.exe, the application registered for the Install verb of *.inf files, requests administrative privileges and access rights.

Client Registration

Purpose
Background Information
Operation

Purpose

Demonstrate how to add an additional WWW browser, an additional USENET news reader, an additional mail client and an additional calendar with all bells and whistles so that Windows 2000 and newer versions of Windows NT recognise them as fully functional client programs which can be selected by every user as the default program for their associated file types and URL protocols.

Background Information

The MSDN article Default Programs provides background information.

Operation

Download the setup script CLIENTS.INF and save it in an arbitrary directory, then right-click the downloaded file to display its context menu and click Install to run it.

Note: on Windows Vista and newer versions of Windows NT, InfDefaultInstall.exe, the application registered for the Install verb of *.inf files, requests administrative privileges.

Shim Database Decoder

Purpose
Synopsis
Implementation and Build Details
Source and Build Instructions

Purpose

Decode an Application Compatibility Shim Database (.sdb) file and print its contents in UTF-16LE encoding on standard output (which must be redirected to a file or piped into an application that reads from standard input, like Clip or More).

Synopsis

APPHELP.COM ‹input file name› >‹output file name›
APPHELP.COM ‹input file name› | MORE.COM

Implementation and Build Details

Shim Database Decoder is a pure Win32 console application, written in ANSI C, built with the Platform SDK for Windows Server 2003 R2 Microsoft Visual C++ Compiler 2010 SP1 from update 2519277, but without the MSVCRT libraries, for use on Windows 2000 and newer versions of Windows NT as well as Windows PE 1.0 and newer versions.

Note: due to the design and implementation of Windows’ (classic alias legacy) console, the Win32 function WriteConsole() can only write to a console, not to a file nor a pipe, i.e. redirection of standard error is not supported!

The MSDN article Console Handles provides background information.

Source and Build Instructions

Perform the following 3 simple steps to build the console application Shim Database Decoder from the source presented hereafter.

  1. Create the text file APPHELP.C with the following content in an arbitrary, preferable empty directory: 

    // Copyright © 2004-2023, Stefan Kanthak <‍stefan‍.‍kanthak‍@‍nexgo‍.‍de‍>

// * The software is provided "as is" without any warranty, neither express
//   nor implied.
// * In no event will the author be held liable for any damage(s) arising
//   from the use of the software.
// * Redistribution of the software is allowed only in unmodified form.
// * Permission is granted to use the software solely for personal private
//   and non-commercial purposes.
// * An individuals use of the software in his or her capacity or function
//   as an agent, (independent) contractor, employee, member or officer of
//   a business, corporation or organization (commercial or non-commercial)
//   does not qualify as personal private and non-commercial purpose.
// * Without written approval from the author the software must not be used
//   for a business, for commercial, corporate, governmental, military or
//   organizational purposes of any kind, or in a commercial, corporate,
//   governmental, military or organizational environment of any kind.

#ifndef _DLL
#define STRICT
#define UNICODE
#define WIN32_LEAN_AND_MEAN

#include <windows.h>
#include <shellapi.h>

typedef	enum	_PATH_TYPE
{
	DOS_PATH,
	NT_PATH
} PATH_TYPE;

#define PATCH_STOP	0UL
#define PATCH_REPLACE	2UL
#define PATCH_MATCH	4UL

typedef	struct	_PATCH_ACTION
{
	DWORD	Opcode;
	DWORD	ActionSize;		// size of structure
	DWORD	PatternSize;
	DWORD	RVA;
	DWORD	Reserved;
	WCHAR	ModuleName[32];
	BYTE	Pattern[ANYSIZE_ARRAY];
} PATCH_ACTION, *LPPATCH_ACTION;

typedef	LPVOID	PDB;

typedef	ULONGLONG	QWORD;

typedef WORD	TAG;

#define TAG_TYPE_NULL		0x1000	// no value associated with the TAG
#define TAG_TYPE_BYTE		0x2000	// BYTE value
#define TAG_TYPE_WORD		0x3000	// WORD value
#define TAG_TYPE_DWORD		0x4000	// DWORD value
#define TAG_TYPE_QWORD		0x5000	// ULONGLONG value
#define TAG_TYPE_STRINGREF	0x6000	// tokenized string value
#define TAG_TYPE_LIST		0x7000	// list of TAG values
#define TAG_TYPE_STRING		0x8000	// UNICODE string value
#define TAG_TYPE_BINARY		0x9000	// binary value
#define TAG_TYPE_MASK		0xF000

#define TAG_LINK_DATE			(TAG_TYPE_DWORD | 0x001D)	// link date attribute of a file
#define TAG_UPTO_LINK_DATE		(TAG_TYPE_DWORD | 0x001E)	// link date attribute of a file; matching is done up to and including this link date
#define TAG_APP_NAME_RC_ID		(TAG_TYPE_DWORD | 0x0024)	// application name resource identifier attribute for AppHelp entries
#define TAG_VENDOR_NAME_RC_ID		(TAG_TYPE_DWORD | 0x0025)	// vendor name resource identifier attribute for AppHelp entries
#define TAG_SUMMARY_MSG_RC_ID		(TAG_TYPE_DWORD | 0x0026)	// summary message resource identifier attribute for AppHelp entries
#define TAG_DESCRIPTION_RC_ID		(TAG_TYPE_DWORD | 0x0028)	// description resource identifier attribute for AppHelp entries
#define TAG_PARAMETER1_RC_ID		(TAG_TYPE_DWORD | 0x0029)	// parameter1 resource identifier attribute for AppHelp entries

#define TAG_TIME			(TAG_TYPE_QWORD | 0x0001)	// time attribute
#define TAG_BIN_FILE_VERSION		(TAG_TYPE_QWORD | 0x0002)	// bin file version attribute for file entries
#define TAG_BIN_PRODUCT_VERSION		(TAG_TYPE_QWORD | 0x0003)	// bin product version attribute for file entries
#define TAG_UPTO_BIN_PRODUCT_VERSION	(TAG_TYPE_QWORD | 0x0006)	// bin product version attribute of a file; matching is done up to and including this product version
#define TAG_UPTO_BIN_FILE_VERSION	(TAG_TYPE_QWORD | 0x000D)	// bin file version attribute of a file; matching is done up to and including this file version

#define TAG_PATCH_BITS			(TAG_TYPE_BINARY | 0x0002)	// patch file bits attribute
#define TAG_EXE_ID			(TAG_TYPE_BINARY | 0x0004)	// GUID attribute of an executable entry
#define TAG_MSI_PACKAGE_ID		(TAG_TYPE_BINARY | 0x0006)	// MSI package identifier attribute of an MSI package
#define TAG_DATABASE_ID			(TAG_TYPE_BINARY | 0x0007)	// GUID attribute of a database
#define TAG_CONTEXT_PLATFORM_ID		(TAG_TYPE_BINARY | 0x0008)
#define TAG_CONTEXT_BRANCH_ID		(TAG_TYPE_BINARY | 0x0009)
#define TAG_FIX_ID			(TAG_TYPE_BINARY | 0x0010)
#define TAG_APP_ID			(TAG_TYPE_BINARY | 0x0011)

typedef DWORD	TAGID;

#define TAGID_NULL	0UL
#define TAGID_ROOT	0UL

__declspec(dllimport)
VOID	WINAPI	SdbCloseDatabase(PDB lpdb);

__declspec(dllimport)
LPVOID	WINAPI	SdbGetBinaryTagData(PDB   lpdb,
		                    TAGID tiWhich);

__declspec(dllimport)
BOOL	WINAPI	SdbGetDatabaseVersion(LPCWSTR lpwszFileName,
		                      LPDWORD dwMajorversion,
		                      LPDWORD dwMinorversion);

__declspec(dllimport)
TAGID	WINAPI	SdbGetFirstChild(PDB   lpdb,
		                 TAGID tiParent);

__declspec(dllimport)
TAGID	WINAPI	SdbGetNextChild(PDB   lpdb,
		                TAGID tiParent,
		                TAGID tiPrevious);

__declspec(dllimport)
LPWSTR	WINAPI	SdbGetStringTagPtr(PDB   lpdb,
		                   TAGID tiWhich);

__declspec(dllimport)
DWORD	WINAPI	SdbGetTagDataSize(PDB   lpdb,
		                  TAGID tiWhich);

__declspec(dllimport)
TAG	WINAPI	SdbGetTagFromTagID(PDB   lpdb,
		                   TAGID tiWhich);

__declspec(dllimport)
BOOL	WINAPI	SdbGUIDToString(GUID   *lpGuid,
		                LPWSTR lpwszGuidString);

__declspec(dllimport)
PDB	WINAPI	SdbOpenDatabase(LPCWSTR   lpwszPath,
		                PATH_TYPE eType);

__declspec(dllimport)
DWORD	WINAPI	SdbReadDWORDTag(PDB   lpdb,
		                TAGID tiWhich,
		                DWORD dwDefault);

__declspec(dllimport)
QWORD	WINAPI	SdbReadQWORDTag(PDB   lpdb,
		                TAGID tiWhich,
		                QWORD qwDefault);

__declspec(dllimport)
WORD	WINAPI	SdbReadWORDTag(PDB   lpdb,
		               TAGID tiWhich,
		               WORD  wDefault);

__declspec(dllimport)
LPCWSTR	WINAPI	SdbTagToString(TAG tag);

__declspec(safebuffers)
BOOL	PrintConsole(HANDLE hConsole, [SA_FormatString(Style="printf")] LPCWSTR lpFormat, ...)
{
	WCHAR	szBuffer[1025];
	DWORD	dwBuffer;
	DWORD	dwConsole;

	va_list	vaInput;
	va_start(vaInput, lpFormat);

	dwBuffer = wvsprintf(szBuffer, lpFormat, vaInput);

	va_end(vaInput);

	if (dwBuffer == 0)
		return FALSE;

	if (!WriteConsole(hConsole, szBuffer, dwBuffer, &dwConsole, NULL))
		return FALSE;

	return dwConsole == dwBuffer;
}

__declspec(safebuffers)
BOOL	PrintFormat(HANDLE hFile, [SA_FormatString(Style="printf")] LPCWSTR lpFormat, ...)
{
	WCHAR	szBuffer[1025];
	LPBYTE	lpBuffer = (LPBYTE) szBuffer;
	DWORD	dwBuffer;
	DWORD	dwFile;

	va_list	vaInput;
	va_start(vaInput, lpFormat);

	dwBuffer = wvsprintf(szBuffer, lpFormat, vaInput);

	va_end(vaInput);

	if (dwBuffer == 0)
		return FALSE;

	dwBuffer *= sizeof(*szBuffer);

	do
	{
		if (!WriteFile(hFile, lpBuffer, dwBuffer, &dwFile, (LPOVERLAPPED) NULL))
			return FALSE;

		lpBuffer += dwFile;
		dwBuffer -= dwFile;
	} while (dwBuffer > 0);

	return TRUE;
}

#define PrintString(HANDLE, LITERAL)	PrintDirect(HANDLE, LITERAL, sizeof(LITERAL) / sizeof(*LITERAL) - 1UL)

__inline
BOOL	WINAPI	PrintDirect(HANDLE hFile, LPCWSTR lpString, DWORD dwString)
{
	DWORD	dwFile;

	dwString *= sizeof(*lpString);

	do
	{
		if (!WriteFile(hFile, lpString, dwString, &dwFile, (LPOVERLAPPED) NULL))
			return FALSE;

		lpString = (LPCWSTR) ((LPBYTE) lpString + dwFile);
		dwString -= dwFile;
	} while (dwString > 0);

	return TRUE;
}

const	LPCWSTR	szDayOfWeek[7] = {L"Sunday",
		                  L"Monday",
		                  L"Tuesday",
		                  L"Wednesday",
		                  L"Thursday",
		                  L"Friday",
		                  L"Saturday"};

__declspec(safebuffers)
VOID	WINAPI	Children(HANDLE hConsole, HANDLE hOutput, PDB lpdb, TAGID tiParent, DWORD dwLevel)
{
	SYSTEMTIME	st;
	PATCH_ACTION	*lpPatch;

	BOOL	bOutput = TRUE;
	DWORD	dw;
	LPBYTE	lpData;
	WORD	wData;
	DWORD	dwData;
	QWORD	qwData;
	WCHAR	szGUID[sizeof("{00000000-0000-0000-0000-000000000000}")];
	TAG	tChild;
	TAGID	tiChild = SdbGetFirstChild(lpdb, tiParent);

	while (tiChild != TAGID_NULL)
	{
		tChild = SdbGetTagFromTagID(lpdb, tiChild);

		bOutput &= PrintFormat(hOutput,
		                       L"0x%08lX%ls0x%04hX = %ls",
		                       tiChild,
		                       L"\t\t\t\t\t\t\t\t\t\t" + 9 - dwLevel,
		                       tChild,
		                       SdbTagToString(tChild));

		switch (tChild & TAG_TYPE_MASK)
		{
		case TAG_TYPE_NULL:

			bOutput &= PrintString(hOutput, L"\r\n");

			break;

		case TAG_TYPE_WORD:

			wData = SdbReadWORDTag(lpdb, tiChild, ~0U);

			if (wData == ~0U)
				bOutput &= PrintString(hOutput, L"\r\n");
			else
				bOutput &= PrintFormat(hOutput, L": 0x%04hX\r\n", wData);
			break;

		case TAG_TYPE_DWORD:

			dwData = SdbReadDWORDTag(lpdb, tiChild, ~0UL);

			if (dwData == ~0UL)
				bOutput &= PrintString(hOutput, L"\r\n");
			else
				if ((tChild == TAG_LINK_DATE)
				 || (tChild == TAG_UPTO_LINK_DATE))
				{
					qwData = __emulu(dwData, 10000000)	// seconds since 1970-01-01 to
					       + 116444736000000000;		//  100 nano-seconds since 1601-01-01

					if (!FileTimeToSystemTime((LPFILETIME) &qwData, &st))
						PrintConsole(hConsole,
						             L"FileTimeToSystemTime() returned error %lu\n",
						             GetLastError());
					else
						bOutput &= PrintFormat(hOutput,
						                       L": %ls, %04hu-%02hu-%02hu %02hu:%02hu:%02hu.%03hu UTC\r\n",
						                       szDayOfWeek[st.wDayOfWeek],
						                       st.wYear, st.wMonth, st.wDay, st.wHour,
						                       st.wMinute, st.wSecond, st.wMilliseconds);
				}
#if 0	// NOTE: Windows Vista or newer!
				else if ((tChild == TAG_APP_NAME_RC_ID)
				      || (tChild == TAG_VENDOR_NAME_RC_ID)
				      || (tChild == TAG_SUMMARY_MSG_RC_ID)
				      || (tChild == TAG_DESCRIPTION_RC_ID)
				      || (tChild == TAG_PARAMETER1_RC_ID))
					bOutput &= PrintFormat(hOutput, L": 0x%08lX\r\n", dwData);
#endif
				else
					bOutput &= PrintFormat(hOutput, L": 0x%08lX\r\n", dwData);
			break;

		case TAG_TYPE_QWORD:

			qwData = SdbReadQWORDTag(lpdb, tiChild, ~0ULL);

			if (qwData == ~0ULL)
				bOutput &= PrintString(hOutput, L"\r\n");
			else
				if ((tChild == TAG_BIN_FILE_VERSION)
				 || (tChild == TAG_BIN_PRODUCT_VERSION)
				 || (tChild == TAG_UPTO_BIN_PRODUCT_VERSION)
				 || (tChild == TAG_UPTO_BIN_FILE_VERSION))
					bOutput &= PrintFormat(hOutput,
					                       L": %hu.%hu.%hu.%hu\r\n",
					                       (WORD) (qwData >> 48), (WORD) (qwData >> 32), (WORD) (qwData >> 16), (WORD) qwData);
				else if (tChild != TAG_TIME)
					bOutput &= PrintFormat(hOutput, L": 0x%016I64X\r\n", qwData);
				else
					if (!FileTimeToSystemTime((LPFILETIME) &qwData, &st))
						PrintConsole(hConsole,
						             L"FileTimeToSystemTime() returned error %lu\n",
						             GetLastError());
					else
						bOutput &= PrintFormat(hOutput,
						                       L": %ls, %04hu-%02hu-%02hu %02hu:%02hu:%02hu.%03hu UTC\r\n",
						                       szDayOfWeek[st.wDayOfWeek],
						                       st.wYear, st.wMonth, st.wDay, st.wHour,
						                       st.wMinute, st.wSecond, st.wMilliseconds);
			break;

		case TAG_TYPE_STRING:
		case TAG_TYPE_STRINGREF:

			bOutput &= PrintFormat(hOutput,
			                       L": %ls\r\n",
			                       SdbGetStringTagPtr(lpdb, tiChild));
			break;

		case TAG_TYPE_BYTE:
		case TAG_TYPE_BINARY:

			lpData = SdbGetBinaryTagData(lpdb, tiChild);
			dwData = SdbGetTagDataSize(lpdb, tiChild);

			if ((dwData == sizeof(GUID))
			 && ((tChild == TAG_EXE_ID)
			  || (tChild == TAG_MSI_PACKAGE_ID)
			  || (tChild == TAG_DATABASE_ID)
			  || (tChild == TAG_CONTEXT_PLATFORM_ID)
			  || (tChild == TAG_CONTEXT_BRANCH_ID)
			  || (tChild == TAG_FIX_ID)
			  || (tChild == TAG_APP_ID)))
				if (!SdbGUIDToString((LPGUID) lpData, szGUID))
					PrintConsole(hConsole,
					             L"SdbGUIDToString() returned FALSE!\n");
				else
					bOutput &= PrintFormat(hOutput, L": %ls\r\n", szGUID);
			else if (tChild == TAG_PATCH_BITS)
			{
				bOutput &= PrintString(hOutput, L":\r\n");

				while (dwData > 0)
				{
					lpPatch = (LPPATCH_ACTION) lpData;

					if ((lpPatch->Opcode == PATCH_STOP)
					 && (lpPatch->ActionSize == 0))
						break;

					dwData -= lpPatch->ActionSize;
					lpData += lpPatch->ActionSize;

					if ((lpPatch->Opcode != PATCH_REPLACE)
					 && (lpPatch->Opcode != PATCH_MATCH))
						continue;

					bOutput &= PrintFormat(hOutput,
					                       L"%ls Action  = %lu (%ls)\r\n"
					                       L"%ls Module  = %.32ls\r\n"
					                       L"%ls RVA     = 0x%08lX\r\n"
					                       L"%ls Length  = %lu\r\n"
					                       L"%ls Pattern = 0x",
					                       L"\t\t\t\t\t\t\t\t\t\t" + 7 - dwLevel,
					                       lpPatch->Opcode,
					                       lpPatch->Opcode == PATCH_MATCH ? L"MATCH" : L"REPLACE",
					                       L"\t\t\t\t\t\t\t\t\t\t" + 7 - dwLevel,
					                       lpPatch->ModuleName,
					                       L"\t\t\t\t\t\t\t\t\t\t" + 7 - dwLevel,
					                       lpPatch->RVA,
					                       L"\t\t\t\t\t\t\t\t\t\t" + 7 - dwLevel,
					                       lpPatch->PatternSize,
					                       L"\t\t\t\t\t\t\t\t\t\t" + 7 - dwLevel);

					for (dw = 0; dw < lpPatch->PatternSize; dw++)
						bOutput &= PrintFormat(hOutput, L"%02X", lpPatch->Pattern[dw]);

					bOutput &= PrintFormat(hOutput,
					                       L"\r\n"
					                       L"%ls Unknown = 0x%08lX\r\n",
					                       L"\t\t\t\t\t\t\t\t\t\t" + 7 - dwLevel,
					                       lpPatch->Reserved);
				}
#if 0
				if (dwData != 8)
					PrintConsole(hConsole,
					             L"Sequence of \'PATCH_ACTION\' structures not properly terminated!\n");
#endif
			}
			else
			{
				if (dwData > 0)
					bOutput &= PrintString(hOutput, L": 0x");

				for (dw = 0; dw < dwData; dw++)
					bOutput &= PrintFormat(hOutput, L"%02X", lpData[dw]);

				bOutput &= PrintString(hOutput, L"\r\n");
			}

			break;

		case TAG_TYPE_LIST:

			bOutput &= PrintString(hOutput, L"\r\n");

			Children(hConsole, hOutput, lpdb, tiChild, dwLevel + 1);

			break;

		default:
			bOutput &= PrintString(hOutput, L"\r\n");

			PrintConsole(hConsole,
			             L"Undefined TAG_TYPE 0x%04hX for TAGID 0x%08lX\n",
			             tChild, tiChild);
		}

		tiChild = SdbGetNextChild(lpdb, tiParent, tiChild);
	}

	if (!bOutput)
		PrintConsole(hConsole,
		             L"WriteFile() returned error %lu for level %lu\n",
		             GetLastError(), dwLevel);
}

__declspec(noreturn)
VOID	WINAPI	wmainCRTStartup(VOID)
{
	PDB	lpdb;
	LPWSTR	*lpArguments;
	INT	nArguments;
	DWORD	dwError = ERROR_BAD_ARGUMENTS;
	DWORD	dwMajor, dwMinor;
	HANDLE	hOutput;
	HANDLE	hConsole = GetStdHandle(STD_ERROR_HANDLE);

	if (hConsole == INVALID_HANDLE_VALUE)
		dwError = GetLastError();
	else
	{
		lpArguments = CommandLineToArgvW(GetCommandLine(), &nArguments);

		if (lpArguments == NULL)
			PrintConsole(hConsole,
			             L"CommandLineToArgv() returned error %lu\n",
			             dwError = GetLastError());
		else
		{
			if (nArguments != 2)
				PrintConsole(hConsole,
				             L"Bad arguments: a single file or path name of a shim database must be given!\n");
			else
			{
				hOutput = GetStdHandle(STD_OUTPUT_HANDLE);

				if (hOutput == INVALID_HANDLE_VALUE)
					PrintConsole(hConsole,
					             L"GetStdHandle() returned error %lu\n",
					             dwError = GetLastError());
				else
				{
					if (!FlushFileBuffers(hOutput))
						PrintConsole(hConsole,
						             L"FlushFileBuffers() returned error %lu: standard output is not redirected to a file!\n",
						             dwError = GetLastError());
					else
					{
						dwError = ERROR_SUCCESS;

						if (SdbGetDatabaseVersion(lpArguments[1], &dwMajor, &dwMinor))
							PrintConsole(hConsole,
							             L"Shim database version: %lu.%lu\n",
							             dwMajor, dwMinor);

						lpdb = SdbOpenDatabase(lpArguments[1], DOS_PATH);

						if (lpdb == NULL)
							PrintConsole(hConsole,
							             L"SdbOpenDatabase() returned NULL for file \'%ls\'\n",
							             lpArguments[1]);
						else
						{
							if (!PrintFormat(hOutput,
							                 L"\xFEFF"	// UTF-16LE BOM
							                 L"Shim database file:\t%ls\r\n"
							                 L"Shim database version:\t%lu.%lu\r\n"
							                 L"\r\n"
							                 L"TAGID\t\tTAG    = TAGSTRING: TAGVALUE\r\n"
							                 L"\r\n",
							                 lpArguments[1],
							                 dwMajor, dwMinor))
								PrintConsole(hConsole,
								             L"WriteFile() returned error %lu\n",
								             dwError = GetLastError());

							Children(hConsole, hOutput, lpdb, TAGID_ROOT, 0);

							SdbCloseDatabase(lpdb);
						}
					}

					if (!CloseHandle(hOutput))
						PrintConsole(hConsole,
						             L"CloseHandle() returned error %lu\n",
						             GetLastError());
				}
			}

			if (LocalFree(lpArguments) != NULL)
				PrintConsole(hConsole,
				             L"LocalFree() returned error %lu\n",
				             GetLastError());
		}

		if (!CloseHandle(hConsole))
			PrintConsole(hConsole,
			             L"CloseHandle() returned error %lu\n",
			             GetLastError());
	}

	ExitProcess(dwError);
}
#else // _DLL
__declspec(dllexport)
long	SdbCloseDatabase(void *_1)
{ return 0; }

__declspec(dllexport)
long	SdbGetBinaryTagData(void *_1, long _2)
{ return 0; }

__declspec(dllexport)
long	SdbGetDatabaseVersion(void *_1, void *_2, void *_3)
{ return 0; }

__declspec(dllexport)
long	SdbGetFirstChild(void *_1, long _2)
{ return 0; }

__declspec(dllexport)
long	SdbGetNextChild(void *_1, long _2, long _3)
{ return 0; }

__declspec(dllexport)
long	SdbGetStringTagPtr(void *_1, long _2)
{ return 0; }

__declspec(dllexport)
long	SdbGetTagDataSize(void *_1, long _2)
{ return 0; }

__declspec(dllexport)
long	SdbGetTagFromTagID(void *_1, long _2)
{ return 0; }

__declspec(dllexport)
long	SdbGUIDToString(void *_1, void *_2)
{ return 0; }

__declspec(dllexport)
long	SdbOpenDatabase(void *_1, long _2)
{ return 0; }

__declspec(dllexport)
long	SdbReadDWORDTag(void *_1, long _2, long _3)
{ return 0; }

__declspec(dllexport)
long	SdbReadQWORDTag(void *_1, long _2, long long _3)
{ return 0; }

__declspec(dllexport)
long	SdbReadWORDTag(void *_1, long _2, short _3)
{ return 0; }

__declspec(dllexport)
long	SdbTagToString(short _1)
{ return 0; }
#endif // _DLL

  2. Run the following four command lines to compile the source file APPHELP.C created in step 1. a first time, generate the import library APPHELP.LIB from the compiled object file APPHELP.OBJ and cleanup afterwards: 

    SET CL=/Gz /LD /MD /W4 /wd4100 /X /Zl
SET LINK=/EXPORT:SdbCloseDatabase /EXPORT:SdbGetBinaryTagData /EXPORT:SdbGetDatabaseVersion /EXPORT:SdbGetFirstChild /EXPORT:SdbGetNextChild /EXPORT:SdbGetStringTagPtr /EXPORT:SdbGetTagDataSize /EXPORT:SdbGetTagFromTagID /EXPORT:SdbGUIDToString /EXPORT:SdbOpenDatabase /EXPORT:SdbReadDWORDTag /EXPORT:SdbReadQWORDTag /EXPORT:SdbReadWORDTag /EXPORT:SdbTagToString /NODEFAULTLIB /NOENTRY
CL.EXE APPHELP.C
ERASE APPHELP.DLL APPHELP.EXP APPHELP.OBJ
    For details and reference see the MSDN articles Compiler Options and Linker Options.

    Note: if necessary, see the MSDN article Use the Microsoft C++ toolset from the command line for an introduction.

    Note: the command lines can be copied and pasted as block into a Command Processor window! 

    Microsoft (R) C/C++ Optimizing Compiler Version 16.00.40219.01 for 80x86
Copyright (C) Microsoft Corporation.  All rights reserved.

APPHELP.C

Microsoft (R) Incremental Linker Version 10.00.40219.386
Copyright (C) Microsoft Corporation.  All rights reserved.

…
   Creating library APPHELP.lib and object APPHELP.exp

  3. Run the following four command lines to compile the source file APPHELP.C created in step 1. a second time, link the compiled object file APPHELP.OBJ with the import library APPHELP.LIB generated in step 2. and cleanup afterwards: 

    SET CL=/GA /GF /GS /Gy /O1 /Oi /Os /Oy /W4 /Zl
SET LINK=/DEFAULTLIB:APPHELP.LIB /DEFAULTLIB:KERNEL32.LIB /DEFAULTLIB:SHELL32.LIB /DEFAULTLIB:USER32.LIB /ENTRY:wmainCRTStartup /LARGEADDRESSAWARE /NOCOFFGRPINFO /OSVERSION:5.1 /RELEASE /SUBSYSTEM:CONSOLE /SWAPRUN:CD,NET /VERSION:0.815
CL.EXE /FeAPPHELP.COM APPHELP.C
ERASE APPHELP.OBJ
    For details and reference see the MSDN articles Compiler Options and Linker Options.

    Note: if necessary, see the MSDN article Use the Microsoft C++ toolset from the command line for an introduction.

    Note: the command lines can be copied and pasted as block into a Command Processor window! 

    Microsoft (R) C/C++ Optimizing Compiler Version 16.00.40219.01 for 80x86
Copyright (C) Microsoft Corporation.  All rights reserved.

APPHELP.C
APPHELP.C(221) : warning C4213: nonstandard extension used : cast on l-value
APPHELP.C(273) : warning C4310: cast truncates constant value

Microsoft (R) Incremental Linker Version 10.00.40219.386
Copyright (C) Microsoft Corporation.  All rights reserved.

…

Debug String Monitor

Purpose
Background Information
Synopsis
Implementation and Build Details
Source and Build Instructions

Purpose

Monitor debug strings written from all processes running in the current (user) session with the Win32 function OutputDebugString().

Background Information

In Win32 processes that are run under a debugger, debug strings written with the Win32 function OutputDebugString() are catched and typically displayed by the debugger.

In Win32 processes that are not run under a debugger, the Win32 function OutputDebugString() checks whether the shared memory section DBWIN_BUFFER as well as the events DBWIN_BUFFER_READY and DBWIN_DATA_READY exist; if yes, it waits until the event DBWIN_BUFFER_READY is signaled, writes the process identification and its argument into the shared memory section DBWIN_BUFFER, signals the event DBWIN_DATA_READY and returns to its caller.

Synopsis

DBWINNER.COM

Implementation and Build Details

Debug String Monitor is a pure Win32 console application, written in ANSI C, built with the Platform SDK for Windows Server 2003 R2 Microsoft Visual C++ Compiler 2010 SP1 from update 2519277, but without the MSVCRT libraries, for use on Windows 2000 and newer versions of Windows NT as well as Windows PE 1.0 and newer versions.

Note: due to the design and implementation of Windows’ (classic alias legacy) console, the Win32 function WriteConsole() can only write to a console, not to a file nor a pipe, i.e. redirection of standard error or standard output is not supported!

The MSDN article Console Handles provides background information.

Source and Build Instructions

Perform the following 2 simple steps to build the console application Debug String Monitor from the source presented hereafter.

  1. Create the text file DBWINNER.C with the following content in an arbitrary, preferable empty directory: 

    // Copyright © 2004-2023, Stefan Kanthak <‍stefan‍.‍kanthak‍@‍nexgo‍.‍de‍>

// * The software is provided "as is" without any warranty, neither express
//   nor implied.
// * In no event will the author be held liable for any damage(s) arising
//   from the use of the software.
// * Redistribution of the software is allowed only in unmodified form.
// * Permission is granted to use the software solely for personal private
//   and non-commercial purposes.
// * An individuals use of the software in his or her capacity or function
//   as an agent, (independent) contractor, employee, member or officer of
//   a business, corporation or organization (commercial or non-commercial)
//   does not qualify as personal private and non-commercial purpose.
// * Without written approval from the author the software must not be used
//   for a business, for commercial, corporate, governmental, military or
//   organizational purposes of any kind, or in a commercial, corporate,
//   governmental, military or organizational environment of any kind.

#define STRICT
#define UNICODE
#define WIN32_LEAN_AND_MEAN

#include <windows.h>

const	LPCSTR	szCtrlType[] = {"Ctrl-C",
		                "Ctrl-Break",
		                "Ctrl-Close",
		                NULL,
		                NULL,
		                "Ctrl-Logoff",
		                "Ctrl-Shutdown"};

BOOL	WINAPI	CtrlHandler(DWORD dwCtrlType)
{
	switch (dwCtrlType)
	{
	case CTRL_C_EVENT:
	case CTRL_BREAK_EVENT:
	case CTRL_CLOSE_EVENT:
	case CTRL_LOGOFF_EVENT:
	case CTRL_SHUTDOWN_EVENT:

		OutputDebugStringA(szCtrlType[dwCtrlType]);

		return TRUE;

	default:
		return FALSE;
	}
}

__declspec(safebuffers)
BOOL	PrintConsole(HANDLE hConsole, [SA_FormatString(Style="printf")] LPCWSTR lpFormat, ...)
{
	WCHAR	szBuffer[1025];
	DWORD	dwBuffer;
	DWORD	dwConsole;

	va_list	vaInput;
	va_start(vaInput, lpFormat);

	dwBuffer = wvsprintf(szBuffer, lpFormat, vaInput);

	va_end(vaInput);

	if (dwBuffer == 0)
		return FALSE;

	if (!WriteConsole(hConsole, szBuffer, dwBuffer, &dwConsole, NULL))
		return FALSE;

	return dwConsole == dwBuffer;
}

typedef	struct	_dbwin_buffer
{
	DWORD	dwProcessId;
	CHAR	szString[4096 - sizeof(DWORD)];
} DBWIN_BUFFER;

__declspec(noreturn)
VOID	WINAPI	wmainCRTStartup(VOID)
{
	DBWIN_BUFFER	*lpDBWin;

	HANDLE	hDBWin;
	HANDLE	hDBWinBuffer;
	HANDLE	hDBWinData;
	DWORD	dwDBWinData;
	DWORD	dwString;
	DWORD	dwError = ERROR_SUCCESS;
	DWORD	dwProcessId = 0;
	DWORD	dwCurrentProcessId = GetCurrentProcessId();
	HANDLE	hConsole = GetStdHandle(STD_ERROR_HANDLE);

	if (hConsole == INVALID_HANDLE_VALUE)
		dwError = GetLastError();
	else
	{
		hDBWin = CreateFileMapping(INVALID_HANDLE_VALUE,
		                           (LPSECURITY_ATTRIBUTES) NULL,
		                           PAGE_READWRITE,
		                           0,
		                           sizeof(DBWIN_BUFFER),
		                           L"DBWIN_BUFFER");
		dwError = GetLastError();

		if (hDBWin == NULL)
			PrintConsole(hConsole,
			             L"CreateFileMapping() returned error %lu\n",
			             dwError);
		else
		{
			if (dwError == ERROR_ALREADY_EXISTS)
				PrintConsole(hConsole,
				             L"Shared section \'DBWIN_BUFFER\' already created by another process!\n");
			else
			{
				hDBWinBuffer = CreateEvent((LPSECURITY_ATTRIBUTES) NULL,
				                           FALSE,
				                           FALSE,
				                           L"DBWIN_BUFFER_READY");
				dwError = GetLastError();

				if (hDBWinBuffer == NULL)
					PrintConsole(hConsole,
					             L"CreateEvent() returned error %lu\n",
					             dwError);
				else
				{
					if (dwError == ERROR_ALREADY_EXISTS)
						PrintConsole(hConsole,
						             L"Event \'DBWIN_BUFFER_READY\' already created by another process!\n");
					else
					{
						hDBWinData = CreateEvent((LPSECURITY_ATTRIBUTES) NULL,
						                         FALSE,
						                         FALSE,
						                         L"DBWIN_DATA_READY");
						dwError = GetLastError();

						if (hDBWinData == NULL)
							PrintConsole(hConsole,
							             L"CreateEvent() returned error %lu\n",
							             dwError);
						else
						{
							if (dwError == ERROR_ALREADY_EXISTS)
								PrintConsole(hConsole,
								             L"Event \'DBWIN_DATA_READY\' already created by another process!\n");
							else
							{
								lpDBWin = MapViewOfFile(hDBWin,
								                        SECTION_MAP_READ | SECTION_MAP_WRITE,
								                        0, 0, 0);

								if (lpDBWin == NULL)
									PrintConsole(hConsole,
									             L"MapViewOfFile() returned error %lu\n",
									             dwError = GetLastError());
								else
								{
									if (!SetConsoleCtrlHandler(CtrlHandler, TRUE))
										PrintConsole(hConsole,
										             L"SetConsoleCtrlHandler() returned error %lu\n",
										             dwError = GetLastError());

									PrintConsole(hConsole,
									             L"Press \'Ctrl-C\' or \'Ctrl-Break\' to terminate!\n"
									             L"\n"
									             L"Process\tDebug String\n");

									do
									{
										dwDBWinData = SignalObjectAndWait(hDBWinBuffer,
										                                  hDBWinData,
										                                  INFINITE,
										                                  FALSE);

										if (dwDBWinData != WAIT_OBJECT_0)
											break;

										dwString = strlen(lpDBWin->szString);

										while ((dwString-- > 0)
										    && ((lpDBWin->szString[dwString] == ' ')
										     || (lpDBWin->szString[dwString] == '\a')
										     || (lpDBWin->szString[dwString] == '\b')
										     || (lpDBWin->szString[dwString] == '\f')
										     || (lpDBWin->szString[dwString] == '\n')
										     || (lpDBWin->szString[dwString] == '\r')
										     || (lpDBWin->szString[dwString] == '\t')
										     || (lpDBWin->szString[dwString] == '\v')))
											/* lpDBWin->szString[dwString] = '\0' */;

										lpDBWin->szString[++dwString] = '\0';

										if (lpDBWin->dwProcessId != dwProcessId)
											PrintConsole(hConsole,
											             L"\n"
											             L"%7lu\t%hs\n",
											             dwProcessId = lpDBWin->dwProcessId,
											             lpDBWin->szString);
										else
											PrintConsole(hConsole,
											             L"\t%hs\n",
											             lpDBWin->szString);
									} while (dwProcessId != dwCurrentProcessId);

									if (dwDBWinData == WAIT_FAILED)
										PrintConsole(hConsole,
										             L"SignalObjectAndWait() returned error %lu\n",
										             dwError = GetLastError());

									if (!SetConsoleCtrlHandler(CtrlHandler, FALSE))
										PrintConsole(hConsole,
										             L"SetConsoleCtrlHandler() returned error %lu\n",
										             GetLastError());

									if (!UnmapViewOfFile(lpDBWin))
										PrintConsole(hConsole,
										             L"UnmapViewOfFile() returned error %lu\n",
										             GetLastError());
								}
							}

							if (!CloseHandle(hDBWinData))
								PrintConsole(hConsole,
								             L"CloseHandle() returned error %lu\n",
								             GetLastError());
						}
					}

					if (!CloseHandle(hDBWinBuffer))
						PrintConsole(hConsole,
						             L"CloseHandle() returned error %lu\n",
						             GetLastError());
				}
			}

			if (!CloseHandle(hDBWin))
				PrintConsole(hConsole,
				             L"CloseHandle() returned error %lu\n",
				             GetLastError());
		}

		if (!CloseHandle(hConsole))
			PrintConsole(hConsole,
			             L"CloseHandle() returned error %lu\n",
			             GetLastError());
	}

	ExitProcess(dwError);
}

  2. Run the following four command lines to compile the source file DBWINNER.C created in step 1., link the compiled object file DBWINNER.OBJ and cleanup afterwards: 

    SET CL=/GA /GF /GS /Gy /O1 /Oi /Os /Oy /W4 /Zl
SET LINK=/DEFAULTLIB:KERNEL32.LIB /DEFAULTLIB:USER32.LIB /ENTRY:wmainCRTStartup /LARGEADDRESSAWARE /NOCOFFGRPINFO /OSVERSION:5.0 /RELEASE /SUBSYSTEM:CONSOLE /SWAPRUN:CD,NET /VERSION:0.815
CL.EXE /FeDBWINNER.COM DBWINNER.C
ERASE DBWINNER.OBJ
    For details and reference see the MSDN articles Compiler Options and Linker Options.

    Note: if necessary, see the MSDN article Use the Microsoft C++ toolset from the command line for an introduction.

    Note: the command lines can be copied and pasted as block into a Command Processor window! 

    Microsoft (R) C/C++ Optimizing Compiler Version 16.00.40219.01 for 80x86
Copyright (C) Microsoft Corporation.  All rights reserved.

DBWINNER.C

Microsoft (R) Incremental Linker Version 10.00.40219.386
Copyright (C) Microsoft Corporation.  All rights reserved.

…

Language Enumerator

Purpose
Synopsis
Implementation and Build Details
Source and Build Instructions

Purpose

Enumerate Languages via Language Identifiers and print the (localised) Language Names.

Synopsis

LANGUAGE.COM

Implementation and Build Details

Language Enumerator is a pure Win32 console application, written in ANSI C, built with the Platform SDK for Windows Server 2003 R2 Microsoft Visual C++ Compiler 2010 SP1 from update 2519277, but without the MSVCRT libraries, for use on Windows 2000 and newer versions of Windows NT as well as Windows PE 1.0 and newer versions.

Note: due to the design and implementation of Windows’ (classic alias legacy) console, the Win32 function WriteConsole() can only write to a console, not to a file nor a pipe, i.e. redirection of standard error or standard output is not supported!

The MSDN article Console Handles provides background information.

Source and Build Instructions

Perform the following 2 simple steps to build the console application Language Enumerator from the source presented hereafter.

  1. Create the text file LANGUAGE.C with the following content in an arbitrary, preferable empty directory: 

    // Copyright © 2004-2023, Stefan Kanthak <‍stefan‍.‍kanthak‍@‍nexgo‍.‍de‍>

// * The software is provided "as is" without any warranty, neither express
//   nor implied.
// * In no event will the author be held liable for any damage(s) arising
//   from the use of the software.
// * Redistribution of the software is allowed only in unmodified form.
// * Permission is granted to use the software solely for personal private
//   and non-commercial purposes.
// * An individuals use of the software in his or her capacity or function
//   as an agent, (independent) contractor, employee, member or officer of
//   a business, corporation or organization (commercial or non-commercial)
//   does not qualify as personal private and non-commercial purpose.
// * Without written approval from the author the software must not be used
//   for a business, for commercial, corporate, governmental, military or
//   organizational purposes of any kind, or in a commercial, corporate,
//   governmental, military or organizational environment of any kind.

#define STRICT
#define UNICODE
#define WIN32_LEAN_AND_MEAN

#include <windows.h>

__declspec(safebuffers)
BOOL	PrintConsole(HANDLE hConsole, [SA_FormatString(Style="printf")] LPCWSTR lpFormat, ...)
{
	WCHAR	szBuffer[1025];
	DWORD	dwBuffer;
	DWORD	dwConsole;

	va_list	vaInput;
	va_start(vaInput, lpFormat);

	dwBuffer = wvsprintf(szBuffer, lpFormat, vaInput);

	va_end(vaInput);

	if (dwBuffer == 0)
		return FALSE;

	if (!WriteConsole(hConsole, szBuffer, dwBuffer, &dwConsole, NULL))
		return FALSE;

	return dwConsole == dwBuffer;
}

__declspec(noreturn)
VOID	WINAPI	wmainCRTStartup(VOID)
{
	DWORD	dwError = ERROR_SUCCESS;
	DWORD	dwPrimaryLanguage;
	DWORD	dwLanguage;
	WCHAR	szLanguage[123];
	WCHAR	szNeutral[123];
	HANDLE	hConsole = GetStdHandle(STD_ERROR_HANDLE);

	if (hConsole == INVALID_HANDLE_VALUE)
		dwError = GetLastError();
	else
	{
		if (VerLanguageName(0,
		                    szNeutral,
		                    sizeof(szNeutral) / sizeof(*szNeutral)) == 0)
			PrintConsole(hConsole,
			             L"VerLanguageName() returned error %lu for LCID 0x%04lX\n",
			             dwError = GetLastError(), 0);
		else
		{
			PrintConsole(hConsole,
			             L"\n0x%04lX = %ls\n",
			             0, szNeutral);

			for (dwPrimaryLanguage = 0; dwPrimaryLanguage < 0x0200; dwPrimaryLanguage++)
				for (dwLanguage = dwPrimaryLanguage; dwLanguage < 0x8000; dwLanguage += 0x0400)
					if (VerLanguageName(dwLanguage,
					                    szLanguage,
					                    sizeof(szLanguage) / sizeof(*szLanguage)) == 0)
						PrintConsole(hConsole,
						             L"VerLanguageName() returned error %lu for LCID 0x%04lX\n",
						             dwError = GetLastError(), dwLanguage);
					else
						if (wcscmp(szLanguage, szNeutral) != 0)
							PrintConsole(hConsole,
							             L"\n0x%04lX = %ls\n" + (dwLanguage != dwPrimaryLanguage),
							             dwLanguage, szLanguage);
						else
							if ((dwLanguage != 0)
							 && (dwLanguage == dwPrimaryLanguage))
								break;
		}

		if (!CloseHandle(hConsole))
			PrintConsole(hConsole,
			             L"CloseHandle() returned error %lu\n",
			             GetLastError());
	}

	ExitProcess(dwError);
}

  2. Run the following four command lines to compile the source file LANGUAGE.C created in step 1., link the compiled object file LANGUAGE.OBJ and cleanup afterwards: 

    SET CL=/GA /GF /GS /Gy /O1 /Oi /Os /Oy /W4 /Zl
SET LINK=/DEFAULTLIB:KERNEL32.LIB /DEFAULTLIB:USER32.LIB /ENTRY:wmainCRTStartup /LARGEADDRESSAWARE /NOCOFFGRPINFO /OSVERSION:5.0 /RELEASE /SUBSYSTEM:CONSOLE /SWAPRUN:CD,NET /VERSION:0.815
CL.EXE /FeLANGUAGE.COM LANGUAGE.C
ERASE LANGUAGE.OBJ
    For details and reference see the MSDN articles Compiler Options and Linker Options.

    Note: if necessary, see the MSDN article Use the Microsoft C++ toolset from the command line for an introduction.

    Note: the command lines can be copied and pasted as block into a Command Processor window! 

    Microsoft (R) C/C++ Optimizing Compiler Version 16.00.40219.01 for 80x86
Copyright (C) Microsoft Corporation.  All rights reserved.

LANGUAGE.C

Microsoft (R) Incremental Linker Version 10.00.40219.386
Copyright (C) Microsoft Corporation.  All rights reserved.

…

Locale Enumerator

Purpose
Synopsis
Implementation and Build Details
Source and Build Instructions

Purpose

Enumerate Locales via Locale Identifiers and print the localised, english plus native Locale Names.

Synopsis

LOCALE.COM

Implementation and Build Details

Locale Enumerator is a pure Win32 console application, written in ANSI C, built with the Platform SDK for Windows Server 2003 R2 Microsoft Visual C++ Compiler 2010 SP1 from update 2519277, but without the MSVCRT libraries, for use on Windows 2000 and newer versions of Windows NT as well as Windows PE 1.0 and newer versions.

Note: due to the design and implementation of Windows’ (classic alias legacy) console, the Win32 function WriteConsole() can only write to a console, not to a file nor a pipe, i.e. redirection of standard error or standard output is not supported!

The MSDN article Console Handles provides background information.

Source and Build Instructions

Perform the following 2 simple steps to build the console application Locale Enumerator from the source presented hereafter.

  1. Create the text file LOCALE.C with the following content in an arbitrary, preferable empty directory: 

    // Copyright © 2004-2023, Stefan Kanthak <‍stefan‍.‍kanthak‍@‍nexgo‍.‍de‍>

// * The software is provided "as is" without any warranty, neither express
//   nor implied.
// * In no event will the author be held liable for any damage(s) arising
//   from the use of the software.
// * Redistribution of the software is allowed only in unmodified form.
// * Permission is granted to use the software solely for personal private
//   and non-commercial purposes.
// * An individuals use of the software in his or her capacity or function
//   as an agent, (independent) contractor, employee, member or officer of
//   a business, corporation or organization (commercial or non-commercial)
//   does not qualify as personal private and non-commercial purpose.
// * Without written approval from the author the software must not be used
//   for a business, for commercial, corporate, governmental, military or
//   organizational purposes of any kind, or in a commercial, corporate,
//   governmental, military or organizational environment of any kind.

#define STRICT
#define UNICODE
#define WIN32_LEAN_AND_MEAN

#include <windows.h>

__declspec(safebuffers)
BOOL	PrintConsole(HANDLE hConsole, [SA_FormatString(Style="printf")] LPCWSTR lpFormat, ...)
{
	WCHAR	szBuffer[1025];
	DWORD	dwBuffer;
	DWORD	dwConsole;

	va_list	vaInput;
	va_start(vaInput, lpFormat);

	dwBuffer = wvsprintf(szBuffer, lpFormat, vaInput);

	va_end(vaInput);

	if (dwBuffer == 0)
		return FALSE;

	if (!WriteConsole(hConsole, szBuffer, dwBuffer, &dwConsole, NULL))
		return FALSE;

	return dwConsole == dwBuffer;
}

__declspec(noreturn)
VOID	WINAPI	wmainCRTStartup(VOID)
{
	DWORD	dwError = ERROR_SUCCESS;
	DWORD	dwPrimaryLanguage;
	DWORD	dwLanguage;
	BOOL	bLanguage;
	WCHAR	szLanguage[123];
	WCHAR	szEnglishLanguage[123];
	WCHAR	szEnglishCountry[123];
#ifdef NATIVE
	WCHAR	szNativeLanguage[80];
	WCHAR	szNativeCountry[80];
#endif
	WCHAR	szISO639[9];
	WCHAR	szISO3166[9];
	HANDLE	hConsole = GetStdHandle(STD_ERROR_HANDLE);

	if (hConsole == INVALID_HANDLE_VALUE)
		dwError = GetLastError();
	else
	{
		for (dwPrimaryLanguage = 0; ++dwPrimaryLanguage < 0x0200;)
		{
			bLanguage = FALSE;

			for (dwLanguage = dwPrimaryLanguage; dwLanguage += 0x0400, dwLanguage < 0x8000;)
				if (GetLocaleInfo(dwLanguage,
				                  LOCALE_SLANGUAGE,
				                  szLanguage,
				                  sizeof(szLanguage) / sizeof(*szLanguage)) == 0)
				{
					dwError = GetLastError();

					if (dwError == ERROR_INVALID_PARAMETER)
						dwError = ERROR_SUCCESS;
					else
						PrintConsole(hConsole,
						             L"GetLocaleInfo() returned error %lu for LCID 0x%04lX\n",
						             dwError, dwLanguage);
				}
				else
				{
					if (GetLocaleInfo(dwLanguage,
					                  LOCALE_SISO639LANGNAME,
					                  szISO639,
					                  sizeof(szISO3166) / sizeof(*szISO3166)) == 0)
						PrintConsole(hConsole,
						             L"GetLocaleInfo() returned error %lu for LCID 0x%04lX\n",
						             dwError = GetLastError(), dwLanguage);

					if (GetLocaleInfo(dwLanguage,
					                  LOCALE_SISO3166CTRYNAME,
					                  szISO3166,
					                  sizeof(szISO3166) / sizeof(*szISO3166)) == 0)
						PrintConsole(hConsole,
						             L"GetLocaleInfo() returned error %lu for LCID 0x%04lX\n",
						             dwError = GetLastError(), dwLanguage);

					if (GetLocaleInfo(dwLanguage,
					                  LOCALE_SENGLANGUAGE,
					                  szEnglishLanguage,
					                  sizeof(szEnglishLanguage) / sizeof(*szEnglishLanguage)) == 0)
						PrintConsole(hConsole,
						             L"GetLocaleInfo() returned error %lu for LCID 0x%04lX\n",
						             dwError = GetLastError(), dwLanguage);

					if (GetLocaleInfo(dwLanguage,
					                  LOCALE_SENGCOUNTRY,
					                  szEnglishCountry,
					                  sizeof(szEnglishCountry) / sizeof(*szEnglishCountry)) == 0)
						PrintConsole(hConsole,
						             L"GetLocaleInfo() returned error %lu for LCID 0x%04lX\n",
						             dwError = GetLastError(), dwLanguage);
#ifdef NATIVE
					if (GetLocaleInfo(dwLanguage,
					                  LOCALE_SNATIVELANGNAME,
					                  szNativeLanguage,
					                  sizeof(szNativeLanguage) / sizeof(*szNativeLanguage)) == 0)
						PrintConsole(hConsole,
						             L"GetLocaleInfo() returned error %lu for LCID 0x%04lX\n",
						             dwError = GetLastError(), dwLanguage);

					if (GetLocaleInfo(dwLanguage,
					                  LOCALE_SNATIVECTRYNAME,
					                  szNativeCountry,
					                  sizeof(szNativeCountry) / sizeof(*szNativeCountry)) == 0)
						PrintConsole(hConsole,
						             L"GetLocaleInfo() returned error %lu for LCID 0x%04lX\n",
						             dwError = GetLastError(), dwLanguage);

					PrintConsole(hConsole,
					             L"\n0x%04lX = %ls // %ls-%ls;%ls (%ls), %ls (%ls)\n" + bLanguage,
					             dwLanguage,
					             szLanguage,
					             szISO639,
					             szISO3166,
					             szEnglishLanguage,
					             szEnglishCountry,
					             szNativeLanguage,
					             szNativeCountry);
#else
					PrintConsole(hConsole,
					             L"\n0x%04lX = %ls // %ls-%ls;%ls (%ls)\n" + bLanguage,
					             dwLanguage,
					             szLanguage,
					             szISO639,
					             szISO3166,
					             szEnglishLanguage,
					             szEnglishCountry);
#endif
					bLanguage = TRUE;

				}
		}

		if (!CloseHandle(hConsole))
			PrintConsole(hConsole,
			             L"CloseHandle() returned error %lu\n",
			             GetLastError());
	}

	ExitProcess(dwError);
}

  2. Run the following four command lines to compile the source file LOCALE.C created in step 1., link the compiled object file LOCALE.OBJ and cleanup afterwards: 

    SET CL=/DNATIVE /GA /GF /GS /Gy /O1 /Oi /Os /Oy /W4 /Zl
SET LINK=/DEFAULTLIB:KERNEL32.LIB /DEFAULTLIB:USER32.LIB /ENTRY:wmainCRTStartup /LARGEADDRESSAWARE /NOCOFFGRPINFO /OSVERSION:5.0 /RELEASE /SUBSYSTEM:CONSOLE /SWAPRUN:CD,NET /VERSION:0.815
CL.EXE /FeLOCALE.COM LOCALE.C
ERASE LOCALE.OBJ
    For details and reference see the MSDN articles Compiler Options and Linker Options.

    Note: if necessary, see the MSDN article Use the Microsoft C++ toolset from the command line for an introduction.

    Note: the command lines can be copied and pasted as block into a Command Processor window! 

    Microsoft (R) C/C++ Optimizing Compiler Version 16.00.40219.01 for 80x86
Copyright (C) Microsoft Corporation.  All rights reserved.

LOCALE.C

Microsoft (R) Incremental Linker Version 10.00.40219.386
Copyright (C) Microsoft Corporation.  All rights reserved.

…

Network Enumerator

Purpose
Synopsis
Implementation and Build Details
Source and Build Instructions

Purpose

Enumerate network resources.

Synopsis

NETWORK.COM

Implementation and Build Details

Network Enumerator is a pure Win32 console application, written in ANSI C, built with the Platform SDK for Windows Server 2003 R2 Microsoft Visual C++ Compiler 2010 SP1 from update 2519277, but without the MSVCRT libraries, for use on Windows 2000 and newer versions of Windows NT as well as Windows PE 1.0 and newer versions.

Note: due to the design and implementation of Windows’ (classic alias legacy) console, the Win32 function WriteConsole() can only write to a console, not to a file nor a pipe, i.e. redirection of standard error or standard output is not supported!

The MSDN article Console Handles provides background information.

Source and Build Instructions

Perform the following 2 simple steps to build the console application Network Enumerator from the source presented hereafter.

  1. Create the text file NETWORK.C with the following content in an arbitrary, preferable empty directory: 

    // Copyright © 2004-2023, Stefan Kanthak <‍stefan‍.‍kanthak‍@‍nexgo‍.‍de‍>

// * The software is provided "as is" without any warranty, neither express
//   nor implied.
// * In no event will the author be held liable for any damage(s) arising
//   from the use of the software.
// * Redistribution of the software is allowed only in unmodified form.
// * Permission is granted to use the software solely for personal private
//   and non-commercial purposes.
// * An individuals use of the software in his or her capacity or function
//   as an agent, (independent) contractor, employee, member or officer of
//   a business, corporation or organization (commercial or non-commercial)
//   does not qualify as personal private and non-commercial purpose.
// * Without written approval from the author the software must not be used
//   for a business, for commercial, corporate, governmental, military or
//   organizational purposes of any kind, or in a commercial, corporate,
//   governmental, military or organizational environment of any kind.

#define STRICT
#define UNICODE
#define WIN32_LEAN_AND_MEAN

#include <windows.h>
#include <winnetwk.h>

__declspec(safebuffers)
BOOL	PrintConsole(HANDLE hConsole, [SA_FormatString(Style="printf")] LPCWSTR lpFormat, ...)
{
	WCHAR	szBuffer[1025];
	DWORD	dwBuffer;
	DWORD	dwConsole;

	va_list	vaInput;
	va_start(vaInput, lpFormat);

	dwBuffer = wvsprintf(szBuffer, lpFormat, vaInput);

	va_end(vaInput);

	if (dwBuffer == 0)
		return FALSE;

	if (!WriteConsole(hConsole, szBuffer, dwBuffer, &dwConsole, NULL))
		return FALSE;

	return dwConsole == dwBuffer;
}

const	LPCWSTR	szDisplayType[] = {L"Generic",
		                   L"Domain",
		                   L"Server",
		                   L"Share",
		                   L"File",
		                   L"Group",
		                   L"Network",
		                   L"Root",
		                   L"Administrative Share",
		                   L"Directory",
		                   L"Tree",
		                   L"NDS Container"};

__declspec(safebuffers)
VOID	Network(HANDLE hConsole, LPNETRESOURCE lpNR, DWORD dwLevel)
{
	NETRESOURCE	nr[80];

	HANDLE	hNetwork;
	DWORD	dwCount;
	DWORD	dwSize;

	DWORD	dwError = WNetOpenEnum(RESOURCE_GLOBALNET,
		                       RESOURCETYPE_ANY,
#if 0
		                       RESOURCEUSAGE_ALL,
#else
		                       0,
#endif
		                       lpNR,
		                       &hNetwork);

	if (dwError != ERROR_SUCCESS)
		PrintConsole(hConsole,
		             L"WNetOpenEnum() returned error %lu\n",
	                     dwError);
	else
	{
		for (;;)
		{
			dwCount = 1;
			dwSize = sizeof(nr);
			dwError = WNetEnumResource(hNetwork,
			                           &dwCount,
			                           nr,
			                           &dwSize);

			if (dwError != ERROR_SUCCESS)
				break;

			PrintConsole(hConsole,
			             L"\n"
			             L"%lsScope:\t\t%lu\n"
			             L"%lsType:\t\t%lu\n"
			             L"%lsDisplay Type:\t%lu = %ls\n"
			             L"%lsUsage:\t\t0x%08lX\n"
			             L"%lsLocal Name:\t%ls\n"
			             L"%lsRemote Name:\t%ls\n"
			             L"%lsComment:\t%ls\n"
			             L"%lsProvider:\t%ls\n",
			             L"\t\t\t" + 3 + dwLevel, nr->dwScope,
			             L"\t\t\t" + 3 + dwLevel, nr->dwType,
			             L"\t\t\t" + 3 + dwLevel, nr->dwDisplayType,
			             nr->dwDisplayType < sizeof(szDisplayType) / sizeof(*szDisplayType) ? szDisplayType[nr->dwDisplayType] : L"Unknown",
			             L"\t\t\t" + 3 + dwLevel, nr->dwUsage,
			             L"\t\t\t" + 3 + dwLevel, nr->lpLocalName,
			             L"\t\t\t" + 3 + dwLevel, nr->lpRemoteName,
			             L"\t\t\t" + 3 + dwLevel, nr->lpComment,
			             L"\t\t\t" + 3 + dwLevel, nr->lpProvider);

			if (nr->dwUsage & RESOURCEUSAGE_CONTAINER)
				Network(hConsole, nr, dwLevel - 1);
		}

		if (dwError != ERROR_NO_MORE_ITEMS)
			PrintConsole(hConsole,
			             L"WNetEnumResource() returned error %lu\n",
			             dwError);

		dwError = WNetCloseEnum(hNetwork);

		if (dwError != ERROR_SUCCESS)
			PrintConsole(hConsole,
			             L"WNetCloseEnum() returned error %lu\n",
			             dwError);
	}
}

__declspec(noreturn)
VOID	WINAPI	wmainCRTStartup(VOID)
{
	DWORD	dwError = ERROR_SUCCESS;
	HANDLE	hConsole = GetStdHandle(STD_ERROR_HANDLE);

	if (hConsole == INVALID_HANDLE_VALUE)
		dwError = GetLastError();
	else
	{
		Network(hConsole, (LPNETRESOURCE) NULL, 0);

		if (!CloseHandle(hConsole))
			PrintConsole(hConsole,
			             L"CloseHandle() returned error %lu\n",
			             GetLastError());
	}

	ExitProcess(dwError);
}

  2. Run the following four command lines to compile the source file NETWORK.C created in step 1., link the compiled object file NETWORK.OBJ and cleanup afterwards: 

    SET CL=/GA /GF /GS /Gy /O1 /Oi /Os /Oy /W4 /Zl
SET LINK=/DEFAULTLIB:KERNEL32.LIB /DEFAULTLIB:MPR.LIB /DEFAULTLIB:USER32.LIB /ENTRY:wmainCRTStartup /LARGEADDRESSAWARE /NOCOFFGRPINFO /OSVERSION:5.0 /RELEASE /SUBSYSTEM:CONSOLE /SWAPRUN:CD,NET /VERSION:0.815
CL.EXE /FeNETWORK.COM NETWORK.C
ERASE NETWORK.OBJ
    For details and reference see the MSDN articles Compiler Options and Linker Options.

    Note: if necessary, see the MSDN article Use the Microsoft C++ toolset from the command line for an introduction.

    Note: the command lines can be copied and pasted as block into a Command Processor window! 

    Microsoft (R) C/C++ Optimizing Compiler Version 16.00.40219.01 for 80x86
Copyright (C) Microsoft Corporation.  All rights reserved.

NETWORK.C

Microsoft (R) Incremental Linker Version 10.00.40219.386
Copyright (C) Microsoft Corporation.  All rights reserved.

…

Directory Change Notifier

Purpose
Synopsis
Implementation and Build Details
Source and Build Instructions

Purpose

Monitor up to 64 directory trees, specified by their absolute or relative pathnames, for changes.

Synopsis

NOTIFIER.COM ‹directory name› …

Implementation and Build Details

Directory Change Notifier is a pure Win32 console application, written in ANSI C, built with the Platform SDK for Windows Server 2003 R2 Microsoft Visual C++ Compiler 2010 SP1 from update 2519277, but without the MSVCRT libraries, for use on Windows Vista and newer versions of Windows NT as well as Windows PE 2.0 and newer versions.

Note: due to the design and implementation of Windows’ (classic alias legacy) console, the Win32 function WriteConsole() can only write to a console, not to a file nor a pipe, i.e. redirection of standard error or standard output is not supported!

The MSDN article Console Handles provides background information.

Source and Build Instructions

Perform the following 2 simple steps to build the console application Directory Change Notifier from the source presented hereafter.

  1. Create the text file NOTIFIER.C with the following content in an arbitrary, preferable empty directory: 

    // Copyright © 2004-2023, Stefan Kanthak <‍stefan‍.‍kanthak‍@‍nexgo‍.‍de‍>

// * The software is provided "as is" without any warranty, neither express
//   nor implied.
// * In no event will the author be held liable for any damage(s) arising
//   from the use of the software.
// * Redistribution of the software is allowed only in unmodified form.
// * Permission is granted to use the software solely for personal private
//   and non-commercial purposes.
// * An individuals use of the software in his or her capacity or function
//   as an agent, (independent) contractor, employee, member or officer of
//   a business, corporation or organization (commercial or non-commercial)
//   does not qualify as personal private and non-commercial purpose.
// * Without written approval from the author the software must not be used
//   for a business, for commercial, corporate, governmental, military or
//   organizational purposes of any kind, or in a commercial, corporate,
//   governmental, military or organizational environment of any kind.

#define STRICT
#define UNICODE
#define WIN32_LEAN_AND_MEAN

#include <windows.h>
#include <shellapi.h>

#define FILE_NOTIFY_CHANGE_UNDOCUMENTED	0x00000E80UL
#define FILE_NOTIFY_CHANGE_ANY		0x00000FFFUL
#define FILE_NOTIFY_CHANGE_INVALID	0xFFFFF000UL

__declspec(safebuffers)
BOOL	PrintConsole(HANDLE hConsole, [SA_FormatString(Style="printf")] LPCWSTR lpFormat, ...)
{
	WCHAR	szBuffer[1025];
	DWORD	dwBuffer;
	DWORD	dwConsole;

	va_list	vaInput;
	va_start(vaInput, lpFormat);

	dwBuffer = wvsprintf(szBuffer, lpFormat, vaInput);

	va_end(vaInput);

	if (dwBuffer == 0)
		return FALSE;

	if (!WriteConsole(hConsole, szBuffer, dwBuffer, &dwConsole, NULL))
		return FALSE;

	return dwConsole == dwBuffer;
}

HANDLE	hThreads[MAXIMUM_WAIT_OBJECTS];
DWORD	dwThreads = 0;

const	LPCWSTR	szCtrlType[] = {L"C",
		                L"Break",
		                L"Close",
		                NULL,
		                NULL,
		                L"Logoff",
		                L"Shutdown"};

BOOL	WINAPI	CtrlHandler(DWORD dwCtrlType)
{
	DWORD	dwThread = dwThreads;
	HANDLE	hConsole = GetStdHandle(STD_ERROR_HANDLE);

	switch (dwCtrlType)
	{
	case CTRL_C_EVENT:
	case CTRL_BREAK_EVENT:
	case CTRL_CLOSE_EVENT:
	case CTRL_LOGOFF_EVENT:
	case CTRL_SHUTDOWN_EVENT:

		PrintConsole(hConsole,
		             L"Ctrl-%ls\n",
		             szCtrlType[dwCtrlType]);

		while (dwThread-- > 0)
			if (!CancelSynchronousIo(hThreads[dwThread]))
				PrintConsole(hConsole,
				             L"CancelSynchronousIo() returned error %lu for thread 0x%p\n",
				             GetLastError(), hThreads[dwThread]);

		return TRUE;

	default:
		return FALSE;
	}
}

const	LPCWSTR	lpAction[] = {NULL,
		              L"Added",
		              L"Removed",
		              L"Modified",
		              L"Renamed from",
		              L"Renamed to"};

__declspec(safebuffers)
DWORD	WINAPI	ThreadProc(LPCWSTR lpArgument)
{
	FILE_NOTIFY_INFORMATION	*lpEntry;
#if 0
	BY_HANDLE_FILE_INFORMATION	bhfi;
#else
	FILE_ATTRIBUTE_TAG_INFO		fati;
#endif
	HANDLE	hArgument;
	WCHAR	szArgument[MAX_PATH];
	DWORD	dwArgument;
	DWORD	dwError = ERROR_SUCCESS;
	DWORD	dwEntry;
	DWORD	dwBuffer[65536 / sizeof(DWORD)];
	HANDLE	hConsole = GetStdHandle(STD_ERROR_HANDLE);

	if (hConsole == INVALID_HANDLE_VALUE)
		dwError = GetLastError();
	else
	{
		hArgument = CreateFile(lpArgument,
		                       FILE_LIST_DIRECTORY,
		                       FILE_SHARE_DELETE | FILE_SHARE_READ | FILE_SHARE_WRITE,
		                       (LPSECURITY_ATTRIBUTES) NULL,
		                       OPEN_EXISTING,
		                       FILE_FLAG_BACKUP_SEMANTICS,
		                       (HANDLE) NULL);

		if (hArgument == INVALID_HANDLE_VALUE)
			PrintConsole(hConsole,
			             L"CreateFile() returned error %lu for argument \'%ls\'\n",
			             dwError = GetLastError(), lpArgument);
		else
		{
#if 0
			if (!GetFileInformationByHandle(hArgument,
			                                &bhfi))
				PrintConsole(hConsole,
				             L"GetFileInformationByHandle() returned error %lu for argument \'%ls\'\n",
				             dwError = GetLastError(), lpArgument);
			else
				if (((bhfi.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) != FILE_ATTRIBUTE_DIRECTORY)
				 || ((bhfi.dwFileAttributes & FILE_ATTRIBUTE_REPARSE_POINT) == FILE_ATTRIBUTE_REPARSE_POINT))
#else
			if (!GetFileInformationByHandleEx(hArgument,
			                                  FileAttributeTagInfo,
			                                  &fati,
			                                  sizeof(fati)))
				PrintConsole(hConsole,
				             L"GetFileInformationByHandleEx() returned error %lu for argument \'%ls\'\n",
				             dwError = GetLastError(), lpArgument);
			else
				if (((fati.FileAttributes & FILE_ATTRIBUTE_DIRECTORY) != FILE_ATTRIBUTE_DIRECTORY)
				 || ((fati.FileAttributes & FILE_ATTRIBUTE_REPARSE_POINT) == FILE_ATTRIBUTE_REPARSE_POINT))
#endif
					PrintConsole(hConsole,
					             L"Argument \'%ls\' is not a directory!\n",
					             lpArgument);
				else
				{
					dwArgument = GetFinalPathNameByHandle(hArgument,
					                                      szArgument,
					                                      sizeof(szArgument) / sizeof(*szArgument),
					                                      FILE_NAME_NORMALIZED | VOLUME_NAME_DOS);

					if (dwArgument == 0)
						PrintConsole(hConsole,
						             L"GetFinalPathNameByHandle() returned error %lu for argument \'%ls\'\n",
						             dwError = GetLastError(), lpArgument);
					else
					{
						while (ReadDirectoryChangesW(hArgument,
						                             dwBuffer,
						                             sizeof(dwBuffer),
						                             TRUE,
#ifdef FILE_NOTIFY_CHANGE_ALL
						                             FILE_NOTIFY_CHANGE_ALL,
#else
						                             FILE_NOTIFY_CHANGE_ATTRIBUTES | FILE_NOTIFY_CHANGE_CREATION | FILE_NOTIFY_CHANGE_DIR_NAME | FILE_NOTIFY_CHANGE_FILE_NAME | FILE_NOTIFY_CHANGE_LAST_ACCESS | FILE_NOTIFY_CHANGE_LAST_WRITE | FILE_NOTIFY_CHANGE_SECURITY | FILE_NOTIFY_CHANGE_SIZE,
#endif
						                             &dwEntry,
						                             (LPOVERLAPPED) NULL,
						                             (LPOVERLAPPED_COMPLETION_ROUTINE) NULL))
							for (lpEntry = (PFILE_NOTIFY_INFORMATION) dwBuffer;
							     dwEntry != 0;
							     lpEntry = (PFILE_NOTIFY_INFORMATION) ((LPBYTE) lpEntry + dwEntry))
							{
								dwEntry = lpEntry->NextEntryOffset;
								lpEntry->FileName[lpEntry->FileNameLength / sizeof(lpEntry->FileName[0])] = L'\0';

								PrintConsole(hConsole,
								             L"%ls %ls\\%ls\n",
								             lpAction[lpEntry->Action], szArgument + 4, lpEntry->FileName);
							}

						PrintConsole(hConsole,
						             L"ReadDirectoryChanges() returned error %lu for directory \'%ls\'\n",
						             dwError = GetLastError(), szArgument + 4);
					}
				}

			if (!CloseHandle(hArgument))
				PrintConsole(hConsole,
				             L"CloseHandle() returned error %lu\n",
				             GetLastError());
		}
	}

	return dwError;
}

__declspec(noreturn)
VOID	WINAPI	wmainCRTStartup(VOID)
{
	LPWSTR	*lpArguments;
	INT	nArguments;
	INT	nArgument = 1;
	DWORD	dwError = ERROR_BAD_ARGUMENTS;
	DWORD	dwThreadId;
	HANDLE	hThread;
	HANDLE	hConsole = GetStdHandle(STD_ERROR_HANDLE);

	if (hConsole == INVALID_HANDLE_VALUE)
		dwError = GetLastError();
	else
	{
		lpArguments = CommandLineToArgvW(GetCommandLine(), &nArguments);

		if (lpArguments == NULL)
			PrintConsole(hConsole,
			             L"CommandLineToArgv() returned error %lu\n",
			             dwError = GetLastError());
		else
		{
			if (nArguments < 2)
				PrintConsole(hConsole,
				             L"Too few arguments: at least one directory name must be given!\n");
			else if (nArguments > sizeof(hThreads) / sizeof(*hThreads) + 1)
				PrintConsole(hConsole,
				             L"Too many arguments: at most %lu directory names may be given!\n",
				             sizeof(hThreads) / sizeof(*hThreads));
			else
			{
				do
				{
					hThread = CreateThread((LPSECURITY_ATTRIBUTES) NULL,
					                       (SIZE_T) 65536,
					                       ThreadProc,
					                       lpArguments[nArgument],
					                       0,
					                       &dwThreadId);

					if (hThread == NULL)
						PrintConsole(hConsole,
						             L"CreateThread() returned error %lu\n",
						             dwError = GetLastError());
					else
					{
						hThreads[dwThreads++] = hThread;

						PrintConsole(hConsole,
						             L"Thread %lu created for argument \'%ls\'\n",
						             dwThreadId, lpArguments[nArgument]);
					}
				} while (++nArgument < nArguments);

				if (dwThreads > 0)
				{
					if (!SetConsoleCtrlHandler(CtrlHandler, TRUE))
						PrintConsole(hConsole,
						             L"SetConsoleCtrlHandler() returned error %lu\n",
						             dwError = GetLastError());

					PrintConsole(hConsole,
					             L"Press \'Ctrl-C\' or \'Ctrl-Break\' to terminate!\n"
					             L"\n");

					if (WaitForMultipleObjects(dwThreads,
					                           hThreads,
					                           TRUE,
					                           INFINITE) == WAIT_FAILED)
						PrintConsole(hConsole,
						             L"WaitForMultipleObjects() returned error %lu\n",
						             dwError = GetLastError());
					else
						do
							if (!CloseHandle(hThreads[--dwThreads]))
								PrintConsole(hConsole,
								             L"CloseHandle() returned error %lu\n",
								             GetLastError());
						while (dwThreads > 0);

					if (!SetConsoleCtrlHandler(CtrlHandler, FALSE))
						PrintConsole(hConsole,
						             L"SetConsoleCtrlHandler() returned error %lu\n",
						             GetLastError());
				}
			}

			if (LocalFree(lpArguments) != NULL)
				PrintConsole(hConsole,
				             L"LocalFree() returned error %lu\n",
				             GetLastError());
		}

		if (!CloseHandle(hConsole))
			PrintConsole(hConsole,
			             L"CloseHandle() returned error %lu\n",
			             GetLastError());
	}

	ExitProcess(dwError);
}

  2. Run the following four command lines to compile the source file NOTIFIER.C created in step 1., link the compiled object file NOTIFIER.OBJ and cleanup afterwards: 

    SET CL=/GA /GF /GS /Gs69632 /Gy /O1 /Oi /Os /Oy /W4 /Zl
SET LINK=/DEFAULTLIB:KERNEL32.LIB /DEFAULTLIB:SHELL32.LIB /DEFAULTLIB:USER32.LIB /ENTRY:wmainCRTStartup /LARGEADDRESSAWARE /NOCOFFGRPINFO /OSVERSION:6.0 /RELEASE /SUBSYSTEM:CONSOLE /SWAPRUN:CD,NET /VERSION:0.815
CL.EXE /FeNOTIFIER.COM NOTIFIER.C
ERASE NOTIFIER.OBJ
    For details and reference see the MSDN articles Compiler Options and Linker Options.

    Note: if necessary, see the MSDN article Use the Microsoft C++ toolset from the command line for an introduction.

    Note: the command lines can be copied and pasted as block into a Command Processor window! 

    Microsoft (R) C/C++ Optimizing Compiler Version 16.00.40219.01 for 80x86
Copyright (C) Microsoft Corporation.  All rights reserved.

NOTIFIER.C

Microsoft (R) Incremental Linker Version 10.00.40219.386
Copyright (C) Microsoft Corporation.  All rights reserved.

…

Product Key Validator

Purpose
Synopsis
Implementation and Build Details
Variant 1
Variant 2
Source and Build Instructions – Variant 1
Source and Build Instructions – Variant 2

Purpose

Test (and decode) product keys for Windows Vista and newer versions of Windows NT as well as Microsoft Office 2010 and newer versions.

Synopsis

PIDGENX.COM ‹pidgenx.dll› ‹pkeyconfig.xrm-ms› ‹product key› …

Implementation and Build Details

Product Key Validator is a pure Win32 console application, written in ANSI C, built with the Platform SDK for Windows Server 2003 R2 Microsoft Visual C++ Compiler 2010 SP1 from update 2519277, but without the MSVCRT libraries, for use on Windows 2000 and newer versions of Windows NT as well as Windows PE 1.0 and newer versions.

Note: due to the design and implementation of Windows’ (classic alias legacy) console, the Win32 function WriteConsole() can only write to a console, not to a file nor a pipe, i.e. redirection of standard error or standard output is not supported!

The MSDN article Console Handles provides background information.

Variant 1

The first variant is statically linked with an import library; PIDGENX.DLL is loaded with the application PIDGENX.COM and located per DLL search order.

Variant 2

The second variant loads the module specified as first command-line argument dynamically; unless specified with an absolute path name, it is also located per DLL search order, but restricted to safe directories.

Source and Build Instructions – Variant 1

Perform the following 3 simple steps to build variant 1 of the console application Product Key Validator from the source presented hereafter.

  1. Create the text file PIDGENX.C with the following content in an arbitrary, preferable empty directory: 

    // Copyright © 2004-2023, Stefan Kanthak <‍stefan‍.‍kanthak‍@‍nexgo‍.‍de‍>

// * The software is provided "as is" without any warranty, neither express
//   nor implied.
// * In no event will the author be held liable for any damage(s) arising
//   from the use of the software.
// * Redistribution of the software is allowed only in unmodified form.
// * Permission is granted to use the software solely for personal private
//   and non-commercial purposes.
// * An individuals use of the software in his or her capacity or function
//   as an agent, (independent) contractor, employee, member or officer of
//   a business, corporation or organization (commercial or non-commercial)
//   does not qualify as personal private and non-commercial purpose.
// * Without written approval from the author the software must not be used
//   for a business, for commercial, corporate, governmental, military or
//   organizational purposes of any kind, or in a commercial, corporate,
//   governmental, military or organizational environment of any kind.

#ifndef _DLL
#define STRICT
#define UNICODE
#define WIN32_LEAN_AND_MEAN

#include <windows.h>
#include <shellapi.h>

#ifndef E_FILENOTFOUND
#define E_FILENOTFOUND	0x80070002L	// file not found
#endif

#ifndef E_PATHNOTFOUND
#define E_PATHNOTFOUND	0x80070003L	// path not found
#endif

#ifndef E_RESERVEDKEY
#define E_RESERVEDKEY	0x8A010001L	// reserved product key
#endif

#ifndef E_INVALIDKEY
#define E_INVALIDKEY	0x8A010101L	// invalid product key
#endif

#define VS_BINARY	0U
#define VS_TEXT		1U

typedef	struct	_VS_VERSIONINFO
{
	WORD	wSize;			// size of 'VERSION' resource
	WORD	wCount;			// = sizeof(VS_FIXEDFILEINFO)
					//   (number of bytes in binary value)
	WORD	wType;			// = VS_BINARY
	WCHAR	szKey[16];		// = L"VS_VERSION_INFO"
	WORD	wPadding;		// = 0 (alignment to DWORD)

	VS_FIXEDFILEINFO	vsFFI;
} VS_VERSIONINFO;

typedef	struct	_DigitalProductId
{
	DWORD	dwSize;			// 0x000000A4 = 164
	WORD	wMajorVersion;		// 0x0003
	WORD	wMinorVersion;		// 0x0000
	CHAR	szProductId[24];	// "DUMMY-OEM-0123456-78901"
	DWORD	dwKeyIdx;
	CHAR	szEditionId[16];
	BYTE	bCdKey[16];
	DWORD	dwCloneStatus;
	DWORD	dwTime;
	DWORD	dwRandom;
	DWORD	dwLt;
	DWORD	dwLicenseData[2];
	CHAR	sOemId[8];
	DWORD	dwBundleId;
	CHAR	sHardwareIdStatic[8];
	DWORD	dwHardwareIdTypeStatic;
	DWORD	dwBiosChecksumStatic;
	DWORD	dwVolumeSerialStatic;
	DWORD	dwTotalRamStatic;
	DWORD	dwVideoBiosChecksumStatic;
	CHAR	sHardwareIdDynamic[8];
	DWORD	dwHardwareIdTypeDynamic;
	DWORD	dwBiosChecksumDynamic;
	DWORD	dwVolumeSerialDynamic;
	DWORD	dwTotalRamDynamic;
	DWORD	dwVideoBiosChecksumDynamic;
	DWORD	dwCRC32;
} DPI, *LPDPI;

typedef	struct	_DigitalProductId4
{
	DWORD	dwSize;			// 0x000004F8 = 1272
	WORD	wMajorVersion;		// 0x0004
	WORD	wMinorVersion;		// 0x0000
	WCHAR	szAdvancedPid[64];
	WCHAR	szActivationId[64];
	WCHAR	szOemId[8];
	WCHAR	szEditionType[260];
	BYTE	bIsUpgrade;
	BYTE	bReserved[7];
	BYTE	bCdKey[16];
	BYTE	bCdKey256Hash[32];
	BYTE	b256Hash[32];
	WCHAR	szEditionId[64];
	WCHAR	szKeyType[64];
	WCHAR	szEULA[64];
} DPI4, *LPDPI4;

__declspec(dllimport)
HRESULT	WINAPI	PidGenX(LPCWSTR lpProductKey,
		        LPCWSTR lpPKeyConfig,
		        LPCWSTR lpMPC,
		        LPCWSTR lpOEMId,
		        LPCWSTR lpProductId,
		        LPDPI   lpDigitalProductId,
		        LPDPI4  lpDigitalProductId4);

__declspec(safebuffers)
BOOL	PrintConsole(HANDLE hConsole, [SA_FormatString(Style="printf")] LPCWSTR lpFormat, ...)
{
	WCHAR	szBuffer[1025];
	DWORD	dwBuffer;
	DWORD	dwConsole;

	va_list	vaInput;
	va_start(vaInput, lpFormat);

	dwBuffer = wvsprintf(szBuffer, lpFormat, vaInput);

	va_end(vaInput);

	if (dwBuffer == 0)
		return FALSE;

	if (!WriteConsole(hConsole, szBuffer, dwBuffer, &dwConsole, NULL))
		return FALSE;

	return dwConsole == dwBuffer;
}

__declspec(noreturn)
VOID	WINAPI	wmainCRTStartup(VOID)
{
	VS_VERSIONINFO	*lpVersion;

	LPWSTR	*lpArguments;
	INT	nArguments;
	INT	nArgument = 2;
	DWORD	dwError = ERROR_BAD_ARGUMENTS;
	HMODULE	hPidGenX;
	HRSRC	hResInfo;
	HGLOBAL	hResData;
	WCHAR	szPidGenX[MAX_PATH];
	WCHAR	szPid[24];
	DPI	dpi;
	DPI4	dpi4;
	HRESULT	hr;
	HANDLE	hConsole = GetStdHandle(STD_ERROR_HANDLE);

	if (hConsole == INVALID_HANDLE_VALUE)
		dwError = GetLastError();
	else
	{
		lpArguments = CommandLineToArgvW(GetCommandLine(), &nArguments);

		if (lpArguments == NULL)
			PrintConsole(hConsole,
			             L"CommandLineToArgv() returned error %lu\n",
			             dwError = GetLastError());
		else
		{
			if (nArguments < 3)
				PrintConsole(hConsole,
				             L"Bad arguments: the file or path name of a \'PKeyConfig[*].xrm-ms\' data file plus\n"
				             L"               at least one product key must be given!\n");
			else
			{
				hPidGenX = GetModuleHandle(L"PidGenX");

				if (hPidGenX == NULL)
					PrintConsole(hConsole,
					             L"GetModuleHandle() returned error %lu\n",
					             dwError = GetLastError());
				else
				{
					if (GetModuleFileName(hPidGenX, szPidGenX, sizeof(szPidGenX) / sizeof(*szPidGenX)) == 0)
						PrintConsole(hConsole,
						             L"GetModuleFileName() returned error %lu\n",
						             dwError = GetLastError());
					else
						PrintConsole(hConsole,
						             L"Module \'%ls\'\n",
						             szPidGenX);

					hResInfo = FindResource(hPidGenX, MAKEINTRESOURCE(VS_VERSION_INFO), RT_VERSION);

					if (hResInfo == NULL)
						PrintConsole(hConsole,
						             L"FindResource() returned error %lu\n",
						             dwError = GetLastError());
					else
					{
						hResData = LoadResource(hPidGenX, hResInfo);

						if (hResData == NULL)
							PrintConsole(hConsole,
							             L"LoadResource() returned error %lu\n",
							             dwError = GetLastError());
						else
						{
							lpVersion = LockResource(hResData);

							if (lpVersion == NULL)
								PrintConsole(hConsole,
								             L"LockResource() returned NULL\n");
							else
								PrintConsole(hConsole,
								             L"\tModule version:\t\t%hu.%hu:%hu.%hu\n"
								             L"\tProduct version:\t%hu.%hu:%hu.%hu\n",
								             HIWORD(lpVersion->vsFFI.dwFileVersionMS), LOWORD(lpVersion->vsFFI.dwFileVersionMS),
								             HIWORD(lpVersion->vsFFI.dwFileVersionLS), LOWORD(lpVersion->vsFFI.dwFileVersionLS),
								             HIWORD(lpVersion->vsFFI.dwProductVersionMS), LOWORD(lpVersion->vsFFI.dwProductVersionMS),
								             HIWORD(lpVersion->vsFFI.dwProductVersionLS), LOWORD(lpVersion->vsFFI.dwProductVersionLS));
						}
					}
				}

				dpi.dwSize = sizeof(dpi);
				dpi4.dwSize = sizeof(dpi4);

				do
				{
					hr = PidGenX(lpArguments[nArgument],
					             lpArguments[1],
					             L"DUMMY",
					             (LPCWSTR) NULL,
					             szPid,
					             &dpi,
					             &dpi4);

					switch (hr)
					{
					case ERROR_FILE_NOT_FOUND:
					case ERROR_PATH_NOT_FOUND:
					case E_FILENOTFOUND:		// file 'PKeyConfig.xrm-ms' not found
					case E_PATHNOTFOUND:		// path of 'PKeyConfig.xrm-ms' not found

						PrintConsole(hConsole,
						             L"Data file \'%ls\' not found!\n",
						             lpArguments[1]);
						nArguments = 0;
						break;

					case ERROR_INVALID_PARAMETER:
					case E_INVALIDARG:		// malformed product key

						PrintConsole(hConsole,
						             L"Product key \'%ls\' is malformed!\n",
						             lpArguments[nArgument]);
						break;

					case E_RESERVEDKEY:		// reserved product key

						PrintConsole(hConsole,
						             L"Product key \'%ls\' is reserved!\n",
						             lpArguments[nArgument]);
						break;

					case E_INVALIDKEY:		// invalid product key

						PrintConsole(hConsole,
						             L"Product key \'%ls\' is invalid!\n",
						             lpArguments[nArgument]);
						break;

					case S_OK:

						PrintConsole(hConsole,
						             L"Product key \'%ls\' is valid!\n",
						             lpArguments[nArgument]);
#ifdef VERBOSE
						if ((dpi.dwSize != sizeof(dpi))
						 || (dpi.wMajorVersion != 3)
						 || (dpi.wMinorVersion != 0))
							PrintConsole(hConsole,
							             L"Size of \'DigitalProductId\' not equal %lu or version not equal 3.0\n",
							             sizeof(dpi));
						else
							PrintConsole(hConsole,
							             L"\n"
							             L"DigitalProductId: size = %lu\n"
							             L"\tProduct ID:\t\t%hs\n"
							             L"\tEdition ID:\t\t%hs\n"
							             L"\tOEM ID:\t\t\t%.8hs\n"
							             L"\tHardware ID (static):\t%.8hs\n"
							             L"\tHardware ID (dynamic):\t%.8hs\n",
							             dpi.dwSize,
							             dpi.szProductId,
							             dpi.szEditionId,
							             dpi.sOemId,
							             dpi.sHardwareIdStatic,
							             dpi.sHardwareIdDynamic);

						if ((dpi4.dwSize != sizeof(dpi4))
						 || (dpi4.wMajorVersion != 4)
						 || (dpi4.wMinorVersion != 0))
							PrintConsole(hConsole,
							             L"Size of \'DigitalProductId4\' not equal %lu or version not equal 4.0\n",
							             sizeof(dpi4));
						else
							PrintConsole(hConsole,
							             L"\n"
							             L"DigitalProductId4: size = %lu\n"
							             L"\tAdvanced Product ID:\t%ls\n"
							             L"\tActivation ID:\t\t%ls\n"
							             L"\tOEM ID:\t\t\t%ls\n"
							             L"\tEdition Type:\t\t%ls\n"
							             L"\tEdition ID:\t\t%ls\n"
							             L"\tKey Type:\t\t%ls\n"
							             L"\tEULA:\t\t\t%ls\n",
							             dpi4.dwSize,
							             dpi4.szAdvancedPid,
							             dpi4.szActivationId,
							             dpi4.szOemId,
							             dpi4.szEditionType,
							             dpi4.szEditionId,
							             dpi4.szKeyType,
							             dpi4.szEULA);
#endif
						break;

					default:
						PrintConsole(hConsole,
						             L"PidGenX() returned error 0x%08lX\n",
						             dwError = hr);
					}
				} while (++nArgument < nArguments);
			}

			if (LocalFree(lpArguments) != NULL)
				PrintConsole(hConsole,
				             L"LocalFree() returned error %lu\n",
				             GetLastError());
		}

		if (!CloseHandle(hConsole))
			PrintConsole(hConsole,
			             L"CloseHandle() returned error %lu\n",
			             GetLastError());
	}

	ExitProcess(dwError);
}
#else // _DLL
__declspec(dllexport)
long	PidGenX(void *_1, void *_2, void *_3, void *_4, void *_5, void *_6, void *_7)
{ return 0; }
#endif // _DLL

  2. Run the following four command lines to compile the source file PIDGENX.C created in step 1. a first time, generate the import library PIDGENX.LIB from the compiled object file PIDGENX.OBJ and cleanup afterwards: 

    SET CL=/Gz /LD /MD /W4 /wd4100 /X /Zl
SET LINK=/EXPORT:PidGenX /NODEFAULTLIB /NOENTRY
CL.EXE PIDGENX.C
ERASE PIDGENX.DLL PIDGENX.EXP PIDGENX.OBJ
    For details and reference see the MSDN articles Compiler Options and Linker Options.

    Note: if necessary, see the MSDN article Use the Microsoft C++ toolset from the command line for an introduction.

    Note: the command lines can be copied and pasted as block into a Command Processor window! 

    Microsoft (R) C/C++ Optimizing Compiler Version 16.00.40219.01 for 80x86
Copyright (C) Microsoft Corporation.  All rights reserved.

PIDGENX.C

Microsoft (R) Incremental Linker Version 10.00.40219.386
Copyright (C) Microsoft Corporation.  All rights reserved.

…
   Creating library PIDGENX.lib and object PIDGENX.exp

  3. Run the following four command lines to compile the source file PIDGENX.C created in step 1. a second time, link the compiled object file PIDGENX.OBJ with the import library PIDGENX.LIB generated in step 2. and cleanup afterwards: 

    SET CL=/DVERBOSE /GA /GF /GS /Gy /O1 /Oi /Os /Oy /W4 /Zl
SET LINK=/DEFAULTLIB:KERNEL32.LIB /DEFAULTLIB:PIDGENX.LIB /DEFAULTLIB:SHELL32.LIB /DEFAULTLIB:USER32.LIB /ENTRY:wmainCRTStartup /LARGEADDRESSAWARE /NOCOFFGRPINFO /OSVERSION:5.1 /RELEASE /SUBSYSTEM:CONSOLE /SWAPRUN:CD,NET /VERSION:0.815
CL.EXE /FePIDGENX.COM PIDGENX.C
ERASE PIDGENX.OBJ
    For details and reference see the MSDN articles Compiler Options and Linker Options.

    Note: if necessary, see the MSDN article Use the Microsoft C++ toolset from the command line for an introduction.

    Note: the command lines can be copied and pasted as block into a Command Processor window! 

    Microsoft (R) C/C++ Optimizing Compiler Version 16.00.40219.01 for 80x86
Copyright (C) Microsoft Corporation.  All rights reserved.

PIDGENX.C

Microsoft (R) Incremental Linker Version 10.00.40219.386
Copyright (C) Microsoft Corporation.  All rights reserved.

…

Source and Build Instructions – Variant 2

Perform the following 2 simple steps to build variant 2 of the console application Product Key Validator from the source presented hereafter.

  1. Overwrite the text file PIDGENX.C with the following content: 

    // Copyright © 2004-2023, Stefan Kanthak <‍stefan‍.‍kanthak‍@‍nexgo‍.‍de‍>

// * The software is provided "as is" without any warranty, neither express
//   nor implied.
// * In no event will the author be held liable for any damage(s) arising
//   from the use of the software.
// * Redistribution of the software is allowed only in unmodified form.
// * Permission is granted to use the software solely for personal private
//   and non-commercial purposes.
// * An individuals use of the software in his or her capacity or function
//   as an agent, (independent) contractor, employee, member or officer of
//   a business, corporation or organization (commercial or non-commercial)
//   does not qualify as personal private and non-commercial purpose.
// * Without written approval from the author the software must not be used
//   for a business, for commercial, corporate, governmental, military or
//   organizational purposes of any kind, or in a commercial, corporate,
//   governmental, military or organizational environment of any kind.

#define STRICT
#define UNICODE
#define WIN32_LEAN_AND_MEAN

#include <windows.h>
#include <shellapi.h>

#ifndef LOAD_LIBRARY_SAFE_CURRENT_DIRS
#define LOAD_LIBRARY_SAFE_CURRENT_DIRS	0x00002000UL
#endif

#ifndef E_FILENOTFOUND
#define E_FILENOTFOUND	0x80070002L	// file not found
#endif

#ifndef E_PATHNOTFOUND
#define E_PATHNOTFOUND	0x80070003L	// path not found
#endif

#ifndef E_RESERVEDKEY
#define E_RESERVEDKEY	0x8A010001L	// reserved product key
#endif

#ifndef E_INVALIDKEY
#define E_INVALIDKEY	0x8A010101L	// invalid product key
#endif

#define VS_BINARY	0U
#define VS_TEXT		1U

typedef	struct	_VS_VERSIONINFO
{
	WORD	wSize;			// size of 'VERSION' resource
	WORD	wCount;			// = sizeof(VS_FIXEDFILEINFO)
					//   (number of bytes in binary value)
	WORD	wType;			// = VS_BINARY
	WCHAR	szKey[16];		// = L"VS_VERSION_INFO"
	WORD	wPadding;		// = 0 (alignment to DWORD)

	VS_FIXEDFILEINFO	vsFFI;
} VS_VERSIONINFO;

typedef	struct	_DigitalProductId
{
	DWORD	dwSize;			// 0x000000A4 = 164
	WORD	wMajorVersion;		// 0x0003
	WORD	wMinorVersion;		// 0x0000
	CHAR	szProductId[24];	// "DUMMY-OEM-0123456-78901"
	DWORD	dwKeyIdx;
	CHAR	szEditionId[16];
	BYTE	bCdKey[16];
	DWORD	dwCloneStatus;
	DWORD	dwTime;
	DWORD	dwRandom;
	DWORD	dwLt;
	DWORD	dwLicenseData[2];
	CHAR	sOemId[8];
	DWORD	dwBundleId;
	CHAR	sHardwareIdStatic[8];
	DWORD	dwHardwareIdTypeStatic;
	DWORD	dwBiosChecksumStatic;
	DWORD	dwVolumeSerialStatic;
	DWORD	dwTotalRamStatic;
	DWORD	dwVideoBiosChecksumStatic;
	CHAR	sHardwareIdDynamic[8];
	DWORD	dwHardwareIdTypeDynamic;
	DWORD	dwBiosChecksumDynamic;
	DWORD	dwVolumeSerialDynamic;
	DWORD	dwTotalRamDynamic;
	DWORD	dwVideoBiosChecksumDynamic;
	DWORD	dwCRC32;
} DPI, *LPDPI;

typedef	struct	_DigitalProductId4
{
	DWORD	dwSize;			// 0x000004F8 = 1272
	WORD	wMajorVersion;		// 0x0004
	WORD	wMinorVersion;		// 0x0000
	WCHAR	szAdvancedPid[64];
	WCHAR	szActivationId[64];
	WCHAR	szOemId[8];
	WCHAR	szEditionType[260];
	BYTE	bIsUpgrade;
	BYTE	bReserved[7];
	BYTE	bCdKey[16];
	BYTE	bCdKey256Hash[32];
	BYTE	b256Hash[32];
	WCHAR	szEditionId[64];
	WCHAR	szKeyType[64];
	WCHAR	szEULA[64];
} DPI4, *LPDPI4;

typedef	HRESULT	(WINAPI	PIDGENX) (LPCWSTR lpProductKey,
			          LPCWSTR lpPKeyConfig,
			          LPCWSTR lpMPC,
			          LPCWSTR lpOEMId,
			          LPCWSTR lpProductId,
			          LPDPI   lpDigitalProductId,
			          LPDPI4  lpDigitalProductId4);

__declspec(safebuffers)
BOOL	PrintConsole(HANDLE hConsole, [SA_FormatString(Style="printf")] LPCWSTR lpFormat, ...)
{
	WCHAR	szBuffer[1025];
	DWORD	dwBuffer;
	DWORD	dwConsole;

	va_list	vaInput;
	va_start(vaInput, lpFormat);

	dwBuffer = wvsprintf(szBuffer, lpFormat, vaInput);

	va_end(vaInput);

	if (dwBuffer == 0)
		return FALSE;

	if (!WriteConsole(hConsole, szBuffer, dwBuffer, &dwConsole, NULL))
		return FALSE;

	return dwConsole == dwBuffer;
}

__declspec(noreturn)
VOID	WINAPI	wmainCRTStartup(VOID)
{
	VS_VERSIONINFO	*lpVersion;

	LPWSTR	*lpArguments;
	INT	nArguments;
	INT	nArgument = 3;
	DWORD	dwError = ERROR_BAD_ARGUMENTS;
	WCHAR	szPid[24];
	DPI	dpi;
	DPI4	dpi4;
	HMODULE	hPidGenX;
	FARPROC	fpPidGenX;
	HRESULT	hr;
	HRSRC	hResInfo;
	HGLOBAL	hResData;
	HANDLE	hConsole = GetStdHandle(STD_ERROR_HANDLE);

	if (hConsole == INVALID_HANDLE_VALUE)
		dwError = GetLastError();
	else
	{
		lpArguments = CommandLineToArgvW(GetCommandLine(), &nArguments);

		if (lpArguments == NULL)
			PrintConsole(hConsole,
			             L"CommandLineToArgv() returned error %lu\n",
			             dwError = GetLastError());
		else
		{
			if (nArguments < 4)
				PrintConsole(hConsole,
				             L"Bad arguments: the (absolute or relative) path names of a \'PidGenX.dll\' and\n"
				             L"               its associated \'PKeyConfig[*].xrm-ms\' data file plus at least\n"
				             L"               one product key \'23467-89BCD-FGHJK-MNPQR-TVWXY\' must be given!\n");
			else
			{
				hPidGenX = LoadLibraryEx(lpArguments[1], (HANDLE) NULL, LOAD_LIBRARY_SAFE_CURRENT_DIRS);

				if (hPidGenX == NULL)
					PrintConsole(hConsole,
					             L"LoadLibraryEx() returned error %lu\n",
					             dwError = GetLastError());
				else
				{
					fpPidGenX = GetProcAddress(hPidGenX, "PidGenX");

					if (fpPidGenX == NULL)
						PrintConsole(hConsole,
						             L"GetProcAddress() returned error %lu\n",
						             dwError = GetLastError());
					else
					{
						hResInfo = FindResource(hPidGenX, MAKEINTRESOURCE(VS_VERSION_INFO), RT_VERSION);

						if (hResInfo == NULL)
							PrintConsole(hConsole,
							             L"FindResource() returned error %lu\n",
							             dwError = GetLastError());
						else
						{
							hResData = LoadResource(hPidGenX, hResInfo);

							if (hResData == NULL)
								PrintConsole(hConsole,
								             L"LoadResource() returned error %lu\n",
								             dwError = GetLastError());
							else
							{
								lpVersion = LockResource(hResData);

								if (lpVersion == NULL)
									PrintConsole(hConsole,
									             L"LockResource() returned NULL\n");
								else
									PrintConsole(hConsole,
									             L"Library version = %hu.%hu:%hu.%hu\n"
									             L"Product version = %hu.%hu:%hu.%hu\n",
									             HIWORD(lpVersion->vsFFI.dwFileVersionMS), LOWORD(lpVersion->vsFFI.dwFileVersionMS),
									             HIWORD(lpVersion->vsFFI.dwFileVersionLS), LOWORD(lpVersion->vsFFI.dwFileVersionLS),
									             HIWORD(lpVersion->vsFFI.dwProductVersionMS), LOWORD(lpVersion->vsFFI.dwProductVersionMS),
									             HIWORD(lpVersion->vsFFI.dwProductVersionLS), LOWORD(lpVersion->vsFFI.dwProductVersionLS));
							}
						}

						dpi.dwSize = sizeof(dpi);
						dpi4.dwSize = sizeof(dpi4);

						do
						{
							hr = ((PIDGENX *) fpPidGenX)(lpArguments[nArgument],
							                             lpArguments[2],
							                             L"DUMMY",
							                             (LPCWSTR) NULL,
							                             szPid,
							                             &dpi,
							                             &dpi4);

							switch (hr)
							{
							case ERROR_FILE_NOT_FOUND:
							case ERROR_PATH_NOT_FOUND:
							case E_FILENOTFOUND:		// file 'PKeyConfig.xrm-ms' not found
							case E_PATHNOTFOUND:		// path of 'PKeyConfig.xrm-ms' not found

								PrintConsole(hConsole,
								             L"Data file \'%ls\' not found!\n",
								             lpArguments[2]);
								nArguments = 0;
								break;

							case ERROR_INVALID_PARAMETER:
							case E_INVALIDARG:		// malformed product key

								PrintConsole(hConsole,
								             L"Product key \'%ls\' is malformed!\n",
								             lpArguments[nArgument]);
								break;

							case E_RESERVEDKEY:		// reserved product key

								PrintConsole(hConsole,
								             L"Product key \'%ls\' is reserved!\n",
								             lpArguments[nArgument]);
								break;

							case E_INVALIDKEY:		// invalid product key

								PrintConsole(hConsole,
								             L"Product key \'%ls\' is invalid!\n",
								             lpArguments[nArgument]);
								break;

							case S_OK:

								PrintConsole(hConsole,
								             L"Product key \'%ls\' is valid!\n",
								             lpArguments[nArgument]);
#ifdef VERBOSE
								if ((dpi.dwSize != sizeof(dpi))
								 || (dpi.wMajorVersion != 3)
								 || (dpi.wMinorVersion != 0))
									PrintConsole(hConsole,
									             L"Size of \'DigitalProductId\' not equal %lu or version not equal 3.0\n",
									             sizeof(dpi));
								else
									PrintConsole(hConsole,
									             L"\n"
									             L"DigitalProductId: size = %lu\n"
									             L"\tProduct ID:\t\t%hs\n"
									             L"\tEdition ID:\t\t%hs\n"
									             L"\tOEM ID:\t\t\t%.8hs\n"
									             L"\tHardware ID (static):\t%.8hs\n"
									             L"\tHardware ID (dynamic):\t%.8hs\n",
									             dpi.dwSize,
									             dpi.szProductId,
									             dpi.szEditionId,
									             dpi.sOemId,
									             dpi.sHardwareIdStatic,
									             dpi.sHardwareIdDynamic);

								if ((dpi4.dwSize != sizeof(dpi4))
								 || (dpi4.wMajorVersion != 4)
								 || (dpi4.wMinorVersion != 0))
									PrintConsole(hConsole,
									             L"Size of \'DigitalProductId4\' not equal %lu or version not equal 4.0\n",
									             sizeof(dpi4));
								else
									PrintConsole(hConsole,
									             L"\n"
									             L"DigitalProductId4: size = %lu\n"
									             L"\tAdvanced Product ID:\t%ls\n"
									             L"\tActivation ID:\t\t%ls\n"
									             L"\tOEM ID:\t\t\t%ls\n"
									             L"\tEdition Type:\t\t%ls\n"
									             L"\tEdition ID:\t\t%ls\n"
									             L"\tKey Type:\t\t%ls\n"
									             L"\tEULA:\t\t\t%ls\n",
									             dpi4.dwSize,
									             dpi4.szAdvancedPid,
									             dpi4.szActivationId,
									             dpi4.szOemId,
									             dpi4.szEditionType,
									             dpi4.szEditionId,
									             dpi4.szKeyType,
									             dpi4.szEULA);
#endif
								break;

							default:
								PrintConsole(hConsole,
								             L"PidGenX() returned error 0x%08lX\n",
								             dwError = hr);
							}
						} while (++nArgument < nArguments);
					}

					if (!FreeLibrary(hPidGenX))
						PrintConsole(hConsole,
						             L"FreeLibrary() returned error %lu\n",
						             GetLastError());
				}
			}

			if (LocalFree(lpArguments) != NULL)
				PrintConsole(hConsole,
				             L"LocalFree() returned error %lu\n",
				             GetLastError());
		}

		if (!CloseHandle(hConsole))
			PrintConsole(hConsole,
			             L"CloseHandle() returned error %lu\n",
			             GetLastError());
	}

	ExitProcess(dwError);
}

  2. Run the following four command lines to compile the source file PIDGENX.C created in step 1., link the compiled object file PIDGENX.OBJ and cleanup afterwards: 

    SET CL=/DVERBOSE /GA /GF /GS /Gy /O1 /Oi /Os /Oy /W4 /Zl
SET LINK=/DEFAULTLIB:KERNEL32.LIB /DEFAULTLIB:SHELL32.LIB /DEFAULTLIB:USER32.LIB /ENTRY:wmainCRTStartup /LARGEADDRESSAWARE /NOCOFFGRPINFO /OSVERSION:5.0 /RELEASE /SUBSYSTEM:CONSOLE /SWAPRUN:CD,NET /VERSION:0.815
CL.EXE /FePIDGENX.COM PIDGENX.C
ERASE PIDGENX.OBJ
    For details and reference see the MSDN articles Compiler Options and Linker Options.

    Note: if necessary, see the MSDN article Use the Microsoft C++ toolset from the command line for an introduction.

    Note: the command lines can be copied and pasted as block into a Command Processor window! 

    Microsoft (R) C/C++ Optimizing Compiler Version 16.00.40219.01 for 80x86
Copyright (C) Microsoft Corporation.  All rights reserved.

PIDGENX.C

Microsoft (R) Incremental Linker Version 10.00.40219.386
Copyright (C) Microsoft Corporation.  All rights reserved.

…

Registry Policy Reader

Purpose
Background Information
Synopsis
Implementation and Build Details
Source, Build Instructions and Demonstration

Purpose

Display the content of Registry Policy files in text format similar to that of Registry Editor script files, and optionally compare their contents against the machines’s or the (current) user’s Registry.

Background Information

Registry Policy files, typically created with the extension .pol, are used either to store the Registry keys and entries (to be) applied by Group Policies as well as Local Security Policies, or to restore the previous contents of Registry keys and entries modified by Group Policies as well as Local Security Policies.

The MSDN article Registry Policy File Format documents their format.

The MSKB article How to add, modify, or delete registry subkeys and values by using a .reg file documents the format of Registry Editor script files, typically created with the extension .reg.

Synopsis

POLYGLOT.COM [ /MACHINE | /USER ] ‹file name› …

Implementation and Build Details

Registry Policy Reader is a pure Win32 console application, written in ANSI C, built with the Platform SDK for Windows Server 2003 R2 Microsoft Visual C++ Compiler 2010 SP1 from update 2519277, but without the MSVCRT libraries, for use on Windows 2000 and newer versions of Windows NT as well as Windows PE 1.0 and newer versions.

Note: due to the design and implementation of Windows’ (classic alias legacy) console, the Win32 function WriteConsole() can only write to a console, not to a file nor a pipe, i.e. redirection of standard error or standard output is not supported!

The MSDN article Console Handles provides background information.

Source, Build Instructions and Demonstration

Perform the following 3 simple steps to build the console application Registry Policy Reader from the source presented hereafter and execute it.

  1. Create the text file POLYGLOT.C with the following content in an arbitrary, preferable empty directory: 

    // Copyright © 2004-2023, Stefan Kanthak <‍stefan‍.‍kanthak‍@‍nexgo‍.‍de‍>

// * The software is provided "as is" without any warranty, neither express
//   nor implied.
// * In no event will the author be held liable for any damage(s) arising
//   from the use of the software.
// * Redistribution of the software is allowed only in unmodified form.
// * Permission is granted to use the software solely for personal private
//   and non-commercial purposes.
// * An individuals use of the software in his or her capacity or function
//   as an agent, (independent) contractor, employee, member or officer of
//   a business, corporation or organization (commercial or non-commercial)
//   does not qualify as personal private and non-commercial purpose.
// * Without written approval from the author the software must not be used
//   for a business, for commercial, corporate, governmental, military or
//   organizational purposes of any kind, or in a commercial, corporate,
//   governmental, military or organizational environment of any kind.

#define STRICT
#define UNICODE
#define WIN32_LEAN_AND_MEAN

#include <windows.h>
#include <shellapi.h>

#define REGFILE_SIGNATURE	'geRP'
#define REGISTRY_FILE_VERSION	1UL

typedef	unsigned __int64	QWORD, *LPQWORD;

__declspec(safebuffers)
BOOL	PrintConsole(HANDLE hConsole, [SA_FormatString(Style="printf")] LPCWSTR lpFormat, ...)
{
	WCHAR	szBuffer[1025];
	DWORD	dwBuffer;
	DWORD	dwConsole;

	va_list	vaInput;
	va_start(vaInput, lpFormat);

	dwBuffer = wvsprintf(szBuffer, lpFormat, vaInput);

	va_end(vaInput);

	if (dwBuffer == 0)
		return FALSE;

	if (!WriteConsole(hConsole, szBuffer, dwBuffer, &dwConsole, NULL))
		return FALSE;

	return dwConsole == dwBuffer;
}

const	LPCWSTR	szHKEY[8] = {L"HKEY_CLASSES_ROOT",
		             L"HKEY_CURRENT_USER",
		             L"HKEY_LOCAL_MACHINE",
		             L"HKEY_USERS",
		             L"HKEY_PERFORMANCE_DATA",
		             L"HKEY_CURRENT_CONFIG",
		             L"HKEY_DYN_DATA",
		             L"HKEY_CURRENT_USER_LOCAL_SETTINGS"};

const	LPCWSTR	szTYPE[12] = {L"NONE",
		              L"SZ",
		              L"EXPAND_SZ",
		              L"BINARY",
		              L"DWORD",		// alias DWORD_LITTLE_ENDIAN
		              L"DWORD_BIG_ENDIAN",
		              L"LINK",
		              L"MULTI_SZ",
		              L"RESOURCE_LIST",
		              L"FULL_RESOURCE_DESCRIPTOR",
		              L"RESOURCE_REQUIREMENTS_LIST",
		              L"QWORD"};	// alias QWORD_LITTLE_ENDIAN

const	LPCWSTR	szType[12] = {L"none:",
		              L"",
		              L"expand:",
		              L"hex:",
		              L"dword:",
		              L"dword:",
		              L"link:",
		              L"multi:",
		              L"hex(8):",
		              L"hex(9):",
		              L"hex(a):",
		              L"qword:"};

DWORD	WINAPI	Polyglot(HANDLE hConsole, HKEY hkHKEY, LPCWSTR lpArgument)
{
#ifdef REGISTRY
	LPCWSTR	lpHKEY = szHKEY[(DWORD) hkHKEY ^ (DWORD) HKEY_CLASSES_ROOT];
	HKEY	hkKey;
	BYTE	cbData[65536];
#endif
	HANDLE	hInput;
	DWORD	dwInput;
	LPCWSTR	lpInput;
	WCHAR	cwInput;
	HANDLE	hPolicy;
	DWORD	dwPolicy;
	LPDWORD	lpPolicy;
	LPCWSTR	lpKey, lpValue, lpData, lp;
	DWORD	dwKey, dwValue, dwData, dwType, dwSize;
	DWORD	dwError = ERROR_SUCCESS;

	hInput = CreateFile(lpArgument,
	                    FILE_READ_DATA,
	                    FILE_SHARE_READ,
	                    (LPSECURITY_ATTRIBUTES) NULL,
	                    OPEN_EXISTING,
	                    FILE_FLAG_SEQUENTIAL_SCAN,
	                    (HANDLE) NULL);

	if (hInput == INVALID_HANDLE_VALUE)
		PrintConsole(hConsole,
		             L"CreateFile() returned error %lu for file \'%ls\'\n",
		             dwError = GetLastError(), lpArgument);
	else
	{
		dwInput = GetFileSize(hInput, (LPDWORD) NULL);

		if (dwInput == INVALID_FILE_SIZE)
			PrintConsole(hConsole,
			             L"GetFileSize() returned error %lu for file \'%ls\'\n",
			             dwError = GetLastError(), lpArgument);
		else
		{
			hPolicy = CreateFileMapping(hInput,
			                            (LPSECURITY_ATTRIBUTES) NULL,
			                            PAGE_READONLY,
			                            0, 0,
			                            (LPCWSTR) NULL);

			if (hPolicy == NULL)
				PrintConsole(hConsole,
				             L"CreateFileMapping() returned error %lu for file \'%ls\'\n",
				             dwError = GetLastError(), lpArgument);
			else
			{
				lpPolicy = MapViewOfFile(hPolicy,
				                         FILE_MAP_READ,
				                         0, 0,
				                         (SIZE_T) 0);

				if (lpPolicy == NULL)
					PrintConsole(hConsole,
					             L"MapViewOfFile() returned error %lu for file \'%ls\'\n",
					             dwError = GetLastError(), lpArgument);
				else
				{
					if ((lpPolicy[0] != REGFILE_SIGNATURE)
					 || (lpPolicy[1] != REGISTRY_FILE_VERSION))
						PrintConsole(hConsole,
						             L"Signature \'PReg\\1\\0\\0\\0\' missing in file \'%ls\'!\n",
						             lpArgument);
					else
					{
						PrintConsole(hConsole,
						             L"Windows Registry Editor Version 5.00\n"
						             L"\n"
						             L"; Registry Policy File \'%ls\'\n",
						             lpArgument);

						// L'[' key L']'
						// L'[' key L';'           value L';' type L';' size L';' data L']'
						// L'[' key L';' L"**Del." value L';' type L';' size L';' data L']'
						// L'[' key L';' L"**DeleteKeys" { L';' key } ... L']'
						// L'[' key L';' L"**DeleteVals" L']'
						// L'[' key L';' L"**DeleteValues" { L';' value } ... L']'
						// L'[' key L';' L"**SecureKey=0" L']'
						// L'[' key L';' L"**SecureKey=1" L']'
						//
						// WCHAR key[]    NUL-terminated path of registry key beneath
						//                HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER
						//
						// WCHAR value[]  NUL-terminated name of registry entry
						//
						// DWORD type     registry data type
						//
						// DWORD size     size of registry data in bytes
						//
						// BYTE  data[]   registry data

						lpInput = (LPCWSTR) (lpPolicy + 2);
						lpKey = NULL;
						dwKey = 0;
						dwPolicy = dwInput;

						while ((LPBYTE) lpInput < (LPBYTE) lpPolicy + dwPolicy)
						{
							if (*lpInput++ != L'[')
								break;

							dwInput = wcslen(lpInput);

							if ((dwKey == 0)
							 || (dwKey != dwInput)
							 || (memcmp(lpInput, lpKey, dwKey * sizeof(L'\0')) != 0))
								PrintConsole(hConsole,
								             L"\n"
								             L"[HKEY_RELATIVE\\%ls]\n",
								             lpInput);

							lpKey = lpInput;
							dwKey = dwInput;
							lpInput += dwInput + 1;
							cwInput = *lpInput++;

							if (cwInput == L']')
								continue;

							if (cwInput != L';')
								break;

							lpValue = lpInput;
							dwValue = wcslen(lpInput);
							lpInput += dwValue + 1;

							if ((dwValue == sizeof("**securekey=1") - 1)
							 && ((memcmp(lpValue, L"**securekey=1", sizeof(L"**securekey=1") - sizeof(L"")) == 0)
							  || (memcmp(lpValue, L"**SecureKey=1", sizeof(L"**securekey=1") - sizeof(L"")) == 0)))
							{
								PrintConsole(hConsole,
								             L"; SecureKey=1\n");

								if (*lpInput++ != L']')
									break;
							}
							else if ((dwValue == sizeof("**securekey=0") - 1)
							      && ((memcmp(lpValue, L"**securekey=0", sizeof(L"**securekey=0") - sizeof(L"")) == 0)
							       || (memcmp(lpValue, L"**SecureKey=0", sizeof(L"**securekey=0") - sizeof(L"")) == 0)))
							{
								PrintConsole(hConsole,
								             L"; SecureKey=0\n");

								if (*lpInput++ != L']')
									break;
							}
							else if ((dwValue == sizeof("**deletevals") - 1)
							      && ((memcmp(lpValue, L"**deletevals", sizeof(L"**deletevals") - sizeof(L"")) == 0)
							       || (memcmp(lpValue, L"**Deletevals", sizeof(L"**Deletevals") - sizeof(L"")) == 0)))
							{
								PrintConsole(hConsole,
								             L"*=-\n");

								if (*lpInput++ != L']')
									break;
							}
							else if ((dwValue == sizeof("**deletevalues") - 1)
							      && ((memcmp(lpValue, L"**deletevalues", sizeof(L"**deletevalues") - sizeof(L"")) == 0)
							       || (memcmp(lpValue, L"**Deletevalues", sizeof(L"**Deletevalues") - sizeof(L"")) == 0)))
							{
								while (*lpInput == L';')
								{
									PrintConsole(hConsole,
									             L"\'%ls\'=-\n",
									             ++lpInput);

									lpInput += wcslen(lpInput) + 1;
								}

								if (*lpInput++ != L']')
									break;
							}
							else if ((dwValue == sizeof("**deletekeys") - 1)
							      && ((memcmp(lpValue, L"**deletekeys", sizeof(L"**deletekeys") - sizeof(L"")) == 0)
							       || (memcmp(lpValue, L"**Deletekeys", sizeof(L"**Deletekeys") - sizeof(L"")) == 0)))
							{
								while (*lpInput == L';')
								{
									PrintConsole(hConsole,
									             L"[-HKEY_RELATIVE\\%ls\\%ls]\n",
									             lpKey, ++lpInput);

									lpInput += wcslen(lpInput) + 1;
								}

								if (*lpInput++ != L']')
									break;
							}
							else
							{
								if ((dwValue > sizeof("**del."))
								 && ((memcmp(lpValue, L"**del.", sizeof(L"**del.") - sizeof(L"")) == 0)
								  || (memcmp(lpValue, L"**Del.", sizeof(L"**Del.") - sizeof(L"")) == 0)))
								{
									lpValue += sizeof("**Del.") - 1;

									if (dwValue == sizeof("**Del.") - 1)
										PrintConsole(hConsole,
										             L"@=- ; =");
									else
										PrintConsole(hConsole,
										             L"\'%ls\'=- ; =", lpValue);
								}
								else
									if (dwValue == 0)
										PrintConsole(hConsole,
										             L"@=");
									else
										PrintConsole(hConsole,
										             L"\'%ls\'=", lpValue);

								cwInput = *lpInput++;

								if (cwInput == L']')
									continue;

								if (cwInput != L';')
									break;

								dwType = *((LPDWORD) lpInput)++;

								if (dwType < sizeof(szType) / sizeof(*szType))
									PrintConsole(hConsole,
									             L"%ls", szType[dwType]);
								else
									PrintConsole(hConsole,
									             L"hex(%lx):", dwType);

								cwInput = *lpInput++;

								if (cwInput == L']')
									continue;

								if (cwInput != L';')
									break;

								dwSize = *((LPDWORD) lpInput)++;

								cwInput = *lpInput++;

								if (cwInput == L']')
									continue;

								if (cwInput != L';')
									break;

								lpData = lpInput;
								(LPBYTE) lpInput += dwSize;

								switch (dwType)
								{
								case REG_SZ:
								case REG_EXPAND_SZ:
								case REG_LINK:

									if (dwSize == 0)
										goto NEWLINE;

									PrintConsole(hConsole,
									             L"\'%ls\'\n",
									             lpData);

									dwData = wcslen(lpData);

									if (dwSize != (dwData + 1) * sizeof(L'\0'))
										PrintConsole(hConsole,
										             L"Size %lu of REG_%ls value data not equal length %lu of string plus terminating \'NUL\' character!\n",
										             dwSize, szTYPE[dwType], dwData);
									break;

								case REG_DWORD_BIG_ENDIAN:

									*(LPDWORD) lpData = _byteswap_ulong(*(LPDWORD) lpData);

								case REG_DWORD_LITTLE_ENDIAN:
							//	case REG_DWORD:

									PrintConsole(hConsole,
									             L"%08lx\n",
									             *(LPDWORD) lpData);

									if (dwSize != sizeof(DWORD))
										PrintConsole(hConsole,
										             L"Size %lu of REG_%ls value data not equal \'sizeof(DWORD)\'!\n",
										             dwSize, szTYPE[dwType]);
									break;

								case REG_QWORD_LITTLE_ENDIAN:
							//	case REG_QWORD:

									PrintConsole(hConsole,
									             L"%016I64x\n",
									             *(LPQWORD) lpData);

									if (dwSize != sizeof(QWORD))
										PrintConsole(hConsole,
										             L"Size %lu of REG_QWORD value data not equal \'sizeof(QWORD)\'!\n",
										             dwSize);
									break;

								case REG_MULTI_SZ:

									if (dwSize == 0)
										goto NEWLINE;

									for (lp = lpData; (lp < lpInput) && (*lp != L'\0'); lp += wcslen(lp) + 1)
										PrintConsole(hConsole,
										             L",\'%ls\'" + (lp == lpData),
										             lp);

									PrintConsole(hConsole,
									             L"\n");

									if ((lp > lpInput) || (*lp != L'\0'))
										PrintConsole(hConsole,
										             L"REG_MULTI_SZ value data not terminated with extra \'NUL\' character!\n");
									else
										lp++;

									if (lp != lpInput)
										PrintConsole(hConsole,
										             L"Size %lu of REG_MULTI_SZ value data not equal sum of string lengths plus terminating \'NUL\' characters!\n",
										             dwSize);
									break;

							//	case REG_NONE:
							//	case REG_BINARY:
							//	case REG_RESOURCE_LIST:
							//	case REG_FULL_RESOURCE_DESCRIPTOR:
							//	case REG_RESOURCE_REQUIREMENTS_LIST:
								default:
									for (lp = lpData; lp < lpInput; (LPBYTE) lp += 1)
										PrintConsole(hConsole,
										             L",%02x" + (lp == lpData),
										             *(LPBYTE) lp);
								NEWLINE:
									PrintConsole(hConsole,
									             L"\n");
								}
#ifdef REGISTRY
								if (hkHKEY != HKEY_CLASSES_ROOT)
								{
									dwError = RegOpenKeyEx(hkHKEY,
									                       lpKey,
									                       REG_OPTION_RESERVED,
									                       KEY_QUERY_VALUE,
									                       &hkKey);

									if (dwError != ERROR_SUCCESS)
										PrintConsole(hConsole,
										             L"RegOpenKeyEx() returned error %lu for registry key \'%ls\\%ls\'\n",
										             dwError, lpHKEY, lpKey);
									else
									{
										dwData = sizeof(cbData);

										dwError = RegQueryValueEx(hkKey,
										                          lpValue,
										                          (LPDWORD) NULL,
										                          &dwValue,
										                          cbData,
										                          &dwData);

										if (dwError != ERROR_SUCCESS)
											PrintConsole(hConsole,
											             L"RegQueryValueEx() returned error %lu for value \'%ls\' of registry key \'%ls\\%ls\'\n",
											             dwError, lpValue, lpHKEY, lpKey);
										else
											if ((dwValue != dwType)
											 || (dwData != dwSize)
											 || (memcmp(lpData, cbData, dwData) != 0))
												PrintConsole(hConsole,
												             L"MISMATCH: data type, size or value in policy file differs from registry!\n");

										dwError = RegCloseKey(hkKey);

										if (dwError != ERROR_SUCCESS)
											PrintConsole(hConsole,
											             L"RegCloseKey() returned error %lu for registry key \'%ls\\%ls\'\n",
											             dwError, lpHKEY, lpKey);
									}
								}
#endif // REGISTRY
								if (*lpInput++ != L']')
									break;
							}
						}

						if ((LPBYTE) lpInput != (LPBYTE) lpPolicy + dwPolicy)
							PrintConsole(hConsole,
							             L"Format error in policy file \'%ls\'!\n",
							             lpArgument);
					}

					if (!UnmapViewOfFile(lpPolicy))
						PrintConsole(hConsole,
						             L"UnmapViewOfFile() returned error %lu for file \'%ls\'\n",
						             GetLastError(), lpArgument);
				}

				if (!CloseHandle(hPolicy))
					PrintConsole(hConsole,
					             L"CloseHandle() returned error %lu for file mapping \'%ls\'\n",
					             GetLastError(), lpArgument);
			}
		}

		if (!CloseHandle(hInput))
			PrintConsole(hConsole,
			             L"CloseHandle() returned error %lu for file \'%ls\'\n",
			             GetLastError(), lpArgument);
	}

	return dwError;
}

__declspec(noreturn)
VOID	WINAPI	wmainCRTStartup(VOID)
{
#ifdef WILDCARD
	WIN32_FIND_DATA	wfd;

	HANDLE	hWildCard;
	DWORD	dwWildCard;
	WCHAR	szWildCard[32768];
	LPWSTR	lpWildCard;
#endif
	LPWSTR	*lpArguments;
	INT	nArguments;
	INT	nArgument = 1;
	DWORD	dwError = ERROR_BAD_ARGUMENTS;
	HKEY	hkHKEY = HKEY_CLASSES_ROOT;
	HANDLE	hConsole = GetStdHandle(STD_ERROR_HANDLE);

	if (hConsole == INVALID_HANDLE_VALUE)
		dwError = GetLastError();
	else
	{
		lpArguments = CommandLineToArgvW(GetCommandLine(), &nArguments);

		if (lpArguments == NULL)
			PrintConsole(hConsole,
			             L"CommandLineToArgv() returned error %lu\n",
			             dwError = GetLastError());
		else
		{
#ifdef REGISTRY
			if ((nArguments > 1)
			 && (*lpArguments[1] == L'/'))
				if (wcscmp(lpArguments[1], L"/MACHINE") == 0)
				{
					hkHKEY = HKEY_LOCAL_MACHINE;
					nArgument = 2;
				}
				else if (wcscmp(lpArguments[1], L"/USER") == 0)
				{
					hkHKEY = HKEY_CURRENT_USER;
					nArgument = 2;
				}
				else
				{
					PrintConsole(hConsole,
					             L"Bad arguments: optional first argument must be \'%ls\' or \'%ls\'!\n",
					             L"/MACHINE", L"/USER");
					nArguments = 0;
				}

			if (nArguments <= nArgument)
#else
			if (nArguments < 2)
#endif
				PrintConsole(hConsole,
				             L"No arguments: at least one \'.pol\' file name must be given!\n");
			else
#ifndef WILDCARD
				do
					dwError = Polyglot(hConsole, hkHKEY, lpArguments[nArgument]);
				while (++nArgument < nArguments);
#else
				do
				{
					hWildCard = FindFirstFile(lpArguments[nArgument], &wfd);

					if (hWildCard == INVALID_HANDLE_VALUE)
						PrintConsole(hConsole,
						             L"FindFirstFile() returned error %lu for argument \'%ls\'\n",
						             dwError = GetLastError(), lpArguments[nArgument]);
					else
					{
						wcscpy(szWildCard, lpArguments[nArgument]);

						dwWildCard = 0;
						lpWildCard = NULL;

						do
							if (szWildCard[dwWildCard] == L'\\')
								lpWildCard = szWildCard + dwWildCard;
						while (szWildCard[dwWildCard++] != L'\0');

						if (dwWildCard > MAX_PATH)
							PrintConsole(hConsole,
							             L"Argument \'%ls\' exceeds MAX_PATH!\n",
							             lpArguments[nArgument]);

						if (lpWildCard != NULL)
							lpWildCard++;
						else
							lpWildCard = szWildCard + 2 * (szWildCard[1] == L':');

						dwWildCard = 0;

						do
						{
							if ((wfd.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) != 0)
								continue;

							dwWildCard++;

							wcscpy(lpWildCard, wfd.cFileName);

							dwError = Polyglot(hConsole, hkHKEY, szWildCard);

						} while (FindNextFile(hWildCard, &wfd));

						dwError = GetLastError();

						if (dwError == ERROR_NO_MORE_FILES)
							dwError = ERROR_SUCCESS;
						else
							PrintConsole(hConsole,
							             L"FindNextFile() returned error %lu for argument \'%ls\'\n",
							             dwError, lpArguments[nArgument]);

						if (dwWildCard == 0)
							PrintConsole(hConsole,
							             L"No match for argument \'%ls\'!\n",
							             lpArguments[nArgument]);

						if (!FindClose(hWildCard))
							PrintConsole(hConsole,
							             L"FindClose() returned error %lu for argument \'%ls\'\n",
							             GetLastError(), lpArguments[nArgument]);
					}
				} while (++nArgument < nArguments);
#endif // WILDCARD
			if (LocalFree(lpArguments) != NULL)
				PrintConsole(hConsole,
				             L"LocalFree() returned error %lu\n",
				             GetLastError());
		}

		if (!CloseHandle(hConsole))
			PrintConsole(hConsole,
			             L"CloseHandle() returned error %lu\n",
			             GetLastError());
	}

	ExitProcess(dwError);
}
    Note: with the preprocessor macro REGISTRY defined, an optional /MACHINE or /USER is accepted as first command line argument to compare the settings against the HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER branch of the Registry!

    Note: with the preprocessor macro WILDCARD defined, wildcard expansion of matching file names is performed for the command line arguments!

  2. Run the following four command lines to compile the source file POLYGLOT.C created in step 1., link the compiled object file POLYGLOT.OBJ and cleanup afterwards: 

    SET CL=/DREGISTRY /GA /GF /GS /Gs69632 /Gy /O1 /Oi /Os /Oy /W4 /Zl
SET LINK=/DEFAULTLIB:ADVAPI32.LIB /DEFAULTLIB:KERNEL32.LIB /DEFAULTLIB:SHELL32.LIB /DEFAULTLIB:USER32.LIB /ENTRY:wmainCRTStartup /LARGEADDRESSAWARE /NOCOFFGRPINFO /OSVERSION:5.0 /RELEASE /STACK:1048576,65536 /SUBSYSTEM:CONSOLE /SWAPRUN:CD,NET /VERSION:0.815
CL.EXE /FePOLYGLOT.COM POLYGLOT.C
ERASE POLYGLOT.OBJ
    For details and reference see the MSDN articles Compiler Options and Linker Options.

    Note: if necessary, see the MSDN article Use the Microsoft C++ toolset from the command line for an introduction.

    Note: the command lines can be copied and pasted as block into a Command Processor window! 

    Microsoft (R) C/C++ Optimizing Compiler Version 16.00.40219.01 for 80x86
Copyright (C) Microsoft Corporation.  All rights reserved.

POLYGLOT.C
POLYGLOT.C(313) : warning C4213: nonstandard extension used : cast on l-value
POLYGLOT.C(330) : warning C4213: nonstandard extension used : cast on l-value
POLYGLOT.C(341) : warning C4213: nonstandard extension used : cast on l-value
POLYGLOT.C(425) : warning C4213: nonstandard extension used : cast on l-value

Microsoft (R) Incremental Linker Version 10.00.40219.386
Copyright (C) Microsoft Corporation.  All rights reserved.

…

  3. Finally execute the console application POLYGLOT.COM built in step 2. to display the contents of some NTUser.pol and Registry.pol files that eventually are (not yet) present on your machine: 

    VER
.\POLYGLOT.COM "%USERPROFILE%\NTUser.pol" "%ALLUSERSPROFILE%\NTUser.pol" "%SystemRoot%\System32\GroupPolicy\Machine\Registry.pol" "%SystemRoot%\System32\GroupPolicy\User\Registry.pol"
NET.EXE HelpMsg %ERRORLEVEL%
    Microsoft Windows [Version 10.0.19044]

Windows Registry Editor Version 5.00

; Registry Policy File 'C:\Users\Stefan\NTUser.pol'

[HKEY_RELATIVE\Software\Policies\Microsoft\Windows\Group Policy Objects\Local Group Policy Objects]
'**Comment:GPO Name: Local Group Policy Objects'=

[HKEY_RELATIVE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
'LogonHoursAction'=dword:00000002
'DontDisplayLogonHoursWarnings'=dword:00000001

Windows Registry Editor Version 5.00

; Registry Policy File 'C:\ProgramData\NTUser.pol'

[HKEY_RELATIVE\Software\Policies\Microsoft\Windows\Group Policy Objects\Local Group Policy Objects]
'**Comment:GPO Name: Local Group Policy Objects'=

Windows Registry Editor Version 5.00

; Registry Policy File 'C:\Windows\System32\GroupPolicy\Machine\Registry.pol'

[HKEY_RELATIVE\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer]
'AuthentiCodeFlags'=dword:00000300

[HKEY_RELATIVE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers]
'PolicyScope'=dword:00000001
'TransparentEnabled'=dword:00000002
'ExecutableTypes'=multi:'WSF','WSC','VBS','VBE','VB','TMP','SHS','SCR','PIF','PCD','OCX','MST','MSP','MSI','MDE','MDB','JSE','JS','ISP','INS','HTA','HLP','EXE','DLL','CRT','CPL','COM','CMD','BAT','BAS','AX','ADP','ADE'
'DefaultLevel'=dword:00000000
'Levels'=dword:00071000
'LogFileName'='C:\Windows\System32\LogFiles\SAFER.Log'
'AuthenticodeEnabled'=dword:00000001

[HKEY_RELATIVE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes]
@=none:

[HKEY_RELATIVE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{191cd7fa-f240-4a17-8986-94d480a6c8ca}]
'LastModified'=qword:01cf68d87b202417
'Description'=''
'SaferFlags'=dword:00000000
'ItemData'=expand:'%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%'

[HKEY_RELATIVE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{d2c34ab2-529a-46b2-b293-fc853fce72ea}]
'LastModified'=qword:01cf68d87b202417
'Description'=''
'SaferFlags'=dword:00000000
'ItemData'=expand:'%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir%'

[HKEY_RELATIVE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{4fcf2556-cf02-4356-ad71-f82ca93ccd0b}]
'LastModified'=qword:01cf68d979215214
'Description'=''
'SaferFlags'=dword:00000000
'ItemData'=expand:'%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)%'

[HKEY_RELATIVE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{21c0b260-2d89-4fe0-8275-1c76746b3d2b}]
'LastModified'=qword:01d57587bb48c5c4
'Description'=''
'SaferFlags'=dword:00000000
'ItemData'=expand:'%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramW6432Dir%'

CreateFile() returned error 3 for file 'C:\Windows\System32\GroupPolicy\User\Registry.pol'

The system cannot find the path specified.

Offline Registry Reader

Purpose
Synopsis
Implementation and Build Details
Source and Build Instructions

Purpose

Print an offline registry hive formatted as .inf file in UTF-16LE encoding on standard output (which must be redirected to a file or piped into an application that reads from standard input, like Clip or More).

Synopsis

OFFREG.COM ‹input file name› >‹output file name›
OFFREG.COM ‹input file name› | MORE.COM

Implementation and Build Details

Offline Registry Reader is a pure Win32 console application, written in ANSI C, built with the Platform SDK for Windows Server 2003 R2 Microsoft Visual C++ Compiler 2010 SP1 from update 2519277, but without the MSVCRT libraries, for use on Windows 2000 and newer versions of Windows NT as well as Windows PE 1.0 and newer versions.

Note: due to the design and implementation of Windows’ (classic alias legacy) console, the Win32 function WriteConsole() can only write to a console, not to a file nor a pipe, i.e. redirection of standard error is not supported!

The MSDN article Console Handles provides background information.

Source and Build Instructions

Perform the following 3 simple steps to build the console application Offline Registry Reader from the source presented hereafter and execute it.

  1. Create the text file OFFREG.C with the following content in an arbitrary, preferable empty directory: 

    // Copyright © 2004-2023, Stefan Kanthak <‍stefan‍.‍kanthak‍@‍nexgo‍.‍de‍>

// * The software is provided "as is" without any warranty, neither express
//   nor implied.
// * In no event will the author be held liable for any damage(s) arising
//   from the use of the software.
// * Redistribution of the software is allowed only in unmodified form.
// * Permission is granted to use the software solely for personal private
//   and non-commercial purposes.
// * An individuals use of the software in his or her capacity or function
//   as an agent, (independent) contractor, employee, member or officer of
//   a business, corporation or organization (commercial or non-commercial)
//   does not qualify as personal private and non-commercial purpose.
// * Without written approval from the author the software must not be used
//   for a business, for commercial, corporate, governmental, military or
//   organizational purposes of any kind, or in a commercial, corporate,
//   governmental, military or organizational environment of any kind.

#define STRICT
#define UNICODE
#define WIN32_LEAN_AND_MEAN

#include <windows.h>
#include <shellapi.h>
#include <sddl.h>
#include <offreg.h>

#define MAX_DEPTH		512UL
#define MAX_KEY_LENGTH		255UL
#define MAX_VALUE_NAME		16383UL
#define MAX_VALUE_DATA		1048576UL

typedef	unsigned __int64	QWORD, *LPQWORD;

BYTE	cbData[MAX_VALUE_DATA];
WCHAR	szKey[(MAX_KEY_LENGTH + 1) * MAX_DEPTH];
WCHAR	szValue[MAX_VALUE_NAME + 1];

__declspec(safebuffers)
BOOL	PrintConsole(HANDLE hConsole, [SA_FormatString(Style="printf")] LPCWSTR lpFormat, ...)
{
	WCHAR	szBuffer[1025];
	DWORD	dwBuffer;
	DWORD	dwConsole;

	va_list	vaInput;
	va_start(vaInput, lpFormat);

	dwBuffer = wvsprintf(szBuffer, lpFormat, vaInput);

	va_end(vaInput);

	if (dwBuffer == 0)
		return FALSE;

	if (!WriteConsole(hConsole, szBuffer, dwBuffer, &dwConsole, NULL))
		return FALSE;

	return dwConsole == dwBuffer;
}

__declspec(safebuffers)
BOOL	PrintFormat(HANDLE hFile, [SA_FormatString(Style="printf")] LPCWSTR lpFormat, ...)
{
	WCHAR	szBuffer[1025];
	LPBYTE	lpBuffer;
	DWORD	dwBuffer;
	DWORD	dwFile;

	va_list	vaInput;
	va_start(vaInput, lpFormat);

	dwBuffer = wvsprintf(szBuffer, lpFormat, vaInput);

	va_end(vaInput);

	if (dwBuffer == 0)
		return FALSE;

	dwBuffer *= sizeof(*szBuffer);
	lpBuffer = (LPBYTE) szBuffer;

	do
	{
		if (!WriteFile(hFile, lpBuffer, dwBuffer, &dwFile, (LPOVERLAPPED) NULL))
			return FALSE;

		lpBuffer += dwFile;
		dwBuffer -= dwFile;
	} while (dwBuffer > 0);

	return TRUE;
}

#define PrintString(HANDLE, LITERAL)	PrintDirect(HANDLE, LITERAL, sizeof(LITERAL) / sizeof(*LITERAL) - 1UL)

__inline
BOOL	WINAPI	PrintDirect(HANDLE hFile, LPCWSTR lpString, DWORD dwString)
{
	DWORD	dwFile;

	dwString *= sizeof(*lpString);

	do
	{
		if (!WriteFile(hFile, lpString, dwString, &dwFile, (LPOVERLAPPED) NULL))
			return FALSE;

		lpString = (LPCWSTR) ((LPBYTE) lpString + dwFile);
		dwString -= dwFile;
	} while (dwString > 0);

	return TRUE;
}

__inline
LPCWSTR	WINAPI	InfEscape(LPCWSTR lpString)
{
	do
		if ((*lpString == L'"')
		 || (*lpString == L'%'))
			return lpString;
	while (*lpString++ != L'\0');

	return NULL;
}

#ifndef TINY
const	WCHAR	szBytes[256][4] = {L",00", L",01", L",02", L",03", L",04", L",05", L",06", L",07", L",08", L",09", L",0a", L",0b", L",0c", L",0d", L",0e", L",0f",
		                   L",10", L",11", L",12", L",13", L",14", L",15", L",16", L",17", L",18", L",19", L",1a", L",1b", L",1c", L",1d", L",1e", L",1f",
		                   L",20", L",21", L",22", L",23", L",24", L",25", L",26", L",27", L",28", L",29", L",2a", L",2b", L",2c", L",2d", L",2e", L",2f",
		                   L",30", L",31", L",32", L",33", L",34", L",35", L",36", L",37", L",38", L",39", L",3a", L",3b", L",3c", L",3d", L",3e", L",3f",
		                   L",40", L",41", L",42", L",43", L",44", L",45", L",46", L",47", L",48", L",49", L",4a", L",4b", L",4c", L",4d", L",4e", L",4f",
		                   L",50", L",51", L",52", L",53", L",54", L",55", L",56", L",57", L",58", L",59", L",5a", L",5b", L",5c", L",5d", L",5e", L",5f",
		                   L",60", L",61", L",62", L",63", L",64", L",65", L",66", L",67", L",68", L",69", L",6a", L",6b", L",6c", L",6d", L",6e", L",6f",
		                   L",70", L",71", L",72", L",73", L",74", L",75", L",76", L",77", L",78", L",79", L",7a", L",7b", L",7c", L",7d", L",7e", L",7f",
		                   L",80", L",81", L",82", L",83", L",84", L",85", L",86", L",87", L",88", L",89", L",8a", L",8b", L",8c", L",8d", L",8e", L",8f",
		                   L",90", L",91", L",92", L",93", L",94", L",95", L",96", L",97", L",98", L",99", L",9a", L",9b", L",9c", L",9d", L",9e", L",9f",
		                   L",a0", L",a1", L",a2", L",a3", L",a4", L",a5", L",a6", L",a7", L",a8", L",a9", L",aa", L",ab", L",ac", L",ad", L",ae", L",af",
		                   L",b0", L",b1", L",b2", L",b3", L",b4", L",b5", L",b6", L",b7", L",b8", L",b9", L",ba", L",bb", L",bc", L",bd", L",be", L",bf",
		                   L",c0", L",c1", L",c2", L",c3", L",c4", L",c5", L",c6", L",c7", L",c8", L",c9", L",ca", L",cb", L",cc", L",cd", L",ce", L",cf",
		                   L",d0", L",d1", L",d2", L",d3", L",d4", L",d5", L",d6", L",d7", L",d8", L",d9", L",da", L",db", L",dc", L",dd", L",de", L",df",
		                   L",e0", L",e1", L",e2", L",e3", L",e4", L",e5", L",e6", L",e7", L",e8", L",e9", L",ea", L",eb", L",ec", L",ed", L",ee", L",ef",
		                   L",f0", L",f1", L",f2", L",f3", L",f4", L",f5", L",f6", L",f7", L",f8", L",f9", L",fa", L",fb", L",fc", L",fd", L",fe", L",ff"};
#endif

const	LPCWSTR	szType[12] = {L"NONE",
		              L"SZ",
		              L"EXPAND_SZ",
		              L"BINARY",
		              L"DWORD",		// alias DWORD_LITTLE_ENDIAN
		              L"DWORD_BIG_ENDIAN",
		              L"LINK",
		              L"MULTI_SZ",
		              L"RESOURCE_LIST",
		              L"FULL_RESOURCE_DESCRIPTOR",
		              L"RESOURCE_REQUIREMENTS_LIST",
		              L"QWORD"};	// alias QWORD_LITTLE_ENDIAN

DWORD	WINAPI	Offline(HANDLE hConsole, HANDLE hOutput, ORHKEY hkKey, DWORD dwKey)
{
	BOOL	bOutput;
	ORHKEY	hkSubKey;
	LPCWSTR	lpSubKey = szKey + dwKey + 1;
	LPCWSTR	lpData, lpEscape, lpLast, lpMulti;
#ifdef SANITY
	LPCWSTR	lpCount;
	DWORD	dwCount, dwChars;
#endif
	DWORD	dwError;
	DWORD	dwSubKeys, dwSubKey;
	DWORD	dwValues, dwValue, dwType, dwData, dwBytes;
#ifdef SECURITY
	dwData = sizeof(cbData);

	dwError = ORGetKeySecurity(hkKey,
	                           OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION | LABEL_SECURITY_INFORMATION,
	                           cbData,
	                           &dwData);

	if (dwError != ERROR_SUCCESS)
		PrintConsole(hConsole,
		             L"ORGetKeySecurity() returned error %lu for registry key \'%ls\'\n",
		             dwError, szKey);
	else
		if (!ConvertSecurityDescriptorToStringSecurityDescriptor(cbData,
		                                                         SDDL_REVISION_1,
		                                                         OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION | LABEL_SECURITY_INFORMATION,
		                                                         &lpData,
		                                                         (LPDWORD) NULL))
			PrintConsole(hConsole,
			             L"ConvertSecurityDescriptorToStringSecurityDescriptor() returned error %lu for registry key \'%ls\'\n",
			             dwError = GetLastError(), szKey);
		else
		{
			if (dwKey < sizeof("HKEY_OFFLINE"))
				bOutput = PrintString(hOutput,
				                      L"HKO,,,%REG_KEYONLY%\r\n");
			else
				bOutput = PrintFormat(hOutput,
				                      L"HKO,\"%ls\",,%%REG_KEYONLY%%\r\n",
				                      szKey + sizeof("HKEY_OFFLINE"));

			bOutput &= PrintString(hOutput, L"; ");
			bOutput &= PrintDirect(hOutput, lpData, wcslen(lpData));
			bOutput &= PrintString(hOutput, L"\r\n");

			if (!bOutput)
				PrintConsole(hConsole,
				             L"WriteFile() returned error %lu for registry key \'%ls\'\n",
				             dwError = GetLastError(), szKey);

			if (LocalFree(lpData) != NULL)
				PrintConsole(hConsole,
				             L"LocalFree() returned error %lu\n",
				             GetLastError());
		}
#endif
	for (dwValues = 0;; dwValues++)
	{
	//	*szValue = L'\0';
		dwValue = sizeof(szValue) / sizeof(*szValue);
		dwData = sizeof(cbData);

		dwError = OREnumValue(hkKey,
		                      dwValues,
		                      szValue,
		                      &dwValue,
		                      &dwType,
		                      cbData,
		                      &dwData);

		if (dwError == ERROR_NO_MORE_ITEMS)
			break;

		if (dwError != ERROR_SUCCESS)
			PrintConsole(hConsole,
			             L"OREnumValue() returned error %lu for registry key \'%ls\'\n",
			             dwError, szKey);
		else
		{
#ifdef SANITY
			dwChars = wcslen(szValue);

			if (dwValue < dwChars)
				PrintConsole(hConsole,
				             L"ERROR: size (%lu characters) of value name \'%ls\' in registry key \'%ls\' smaller than actual string length (%lu characters)!\n",
				             dwValue, szValue, dwChars, szKey);
			else if (dwValue > dwChars)
				PrintConsole(hConsole,
				             L"WARNING: size (%lu characters) of value name \'%ls\' in registry key \'%ls\' greater than actual string length (%lu characters)\n",
				             dwValue, szValue, dwChars, szKey);

			if (dwData == 0)
				PrintConsole(hConsole,
				             L"WARNING: no value data for value name \'%ls\' in registry key \'%ls\'\n",
				             szValue, szKey);
			else
				switch (dwType)
				{
				case REG_LINK:

					if (dwData % sizeof(L'\0'))
						PrintConsole(hConsole,
						             L"ERROR: size (%lu bytes) of value data for value name \'%ls\' in registry key \'%ls\' not a multiple of WCHAR size!\n",
						             dwData, szValue, szKey);
					break;

				case REG_DWORD_BIG_ENDIAN:
				case REG_DWORD_LITTLE_ENDIAN:
			//	case REG_DWORD:

					if (dwData < sizeof(DWORD))
						PrintConsole(hConsole,
						             L"ERROR: size (%lu bytes) of value data for value name \'%ls\' in registry key \'%ls\' smaller than DWORD size!\n",
						             dwData, szValue, szKey);
					else if (dwData > sizeof(DWORD))
						PrintConsole(hConsole,
						             L"WARNING: size (%lu bytes) of value data for value name \'%ls\' in registry key \'%ls\' greater than DWORD size\n",
						             dwData, szValue, szKey);
					break;

				case REG_QWORD_LITTLE_ENDIAN:
			//	case REG_QWORD:

					if (dwData < sizeof(QWORD))
						PrintConsole(hConsole,
						             L"ERROR: size (%lu bytes) of value data for value name \'%ls\' in registry key \'%ls\' smaller than QWORD size!\n",
						             dwData, szValue, szKey);
					else if (dwData > sizeof(QWORD))
						PrintConsole(hConsole,
						             L"WARNING: size (%lu bytes) of value data for value name \'%ls\' in registry key \'%ls\' greater than QWORD size\n",
						             dwData, szValue, szKey);
					break;

				case REG_SZ:
				case REG_EXPAND_SZ:

					dwChars = wcslen((LPCWSTR) cbData);
					dwBytes = (dwChars + 1) * sizeof(L'\0');

					if (dwData < dwBytes)
						PrintConsole(hConsole,
						             L"ERROR: size (%lu bytes) of value data for value name \'%ls\' in registry key \'%ls\' smaller than actual string length (%lu + 1 characters = %lu bytes)\n",
						             dwData, szValue, szKey, dwChars, dwBytes);
					else if (dwData > dwBytes)
						PrintConsole(hConsole,
						             L"WARNING: size (%lu bytes) of value data for value name \'%ls\' in registry key \'%ls\' greater than actual string length (%lu + 1 characters = %lu bytes)\n",
						             dwData, szValue, szKey, dwChars, dwBytes);
					break;

				case REG_MULTI_SZ:

					dwChars = 0;
					dwCount = 1;
					lpCount = (LPCWSTR) cbData;

					while (*lpCount != L'\0')
					{
						dwChars += wcslen(lpCount);
						dwCount++;
						lpCount += wcslen(lpCount) + 1;
					}

					dwBytes = (dwChars + dwCount) * sizeof(L'\0');

					if (dwData < dwBytes)
						PrintConsole(hConsole,
						             L"ERROR: size (%lu bytes) of value data for value name \'%ls\' in registry key \'%ls\' smaller than sum of actual string lengths (%lu + %lu characters = %lu bytes)\n",
						             dwData, szValue, szKey, dwChars, dwCount, dwBytes);
					else if (dwData > dwBytes)
						PrintConsole(hConsole,
						             L"WARNING: size (%lu bytes) of value data for value name \'%ls\' in registry key \'%ls\' greater than sum of actual string lengths (%lu + %lu characters = %lu bytes)\n",
						             dwData, szValue, szKey, dwChars, dwCount, dwBytes);
					break;

			//	case REG_NONE:
			//	case REG_BINARY:
			//	case REG_RESOURCE_LIST:
			//	case REG_FULL_RESOURCE_DESCRIPTOR:
			//	case REG_RESOURCE_REQUIREMENTS_LIST:
				}
#ifdef UNKNOWN
			if (dwType > REG_QWORD)
				PrintConsole(hConsole,
				             L"WARNING: unknown data type (0x%08lx) for value name \'%ls\' in registry key \'%ls\'\n",
				             dwType, szValue, szKey);
#endif
#endif // SANITY
			if (dwKey < sizeof("HKEY_OFFLINE"))
				bOutput = PrintFormat(hOutput,
				                      L"HKO,,");
			else
				bOutput = PrintFormat(hOutput,
				                      L"HKO,\"%ls\",",
				                      szKey + sizeof("HKEY_OFFLINE"));

			if (dwType < sizeof(szType) / sizeof(*szType))
				if (dwValue == 0)
					bOutput &= PrintFormat(hOutput, L",%%REG_%ls%%", szType[dwType]);
				else
					bOutput &= PrintFormat(hOutput, L"\"%ls\",%%REG_%ls%%", szValue, szType[dwType]);
			else
				if (dwValue == 0)
					bOutput &= PrintFormat(hOutput, L",0x%08lx", dwType);
				else
					bOutput &= PrintFormat(hOutput, L"\"%ls\",0x%08lx", szValue, dwType);

			if (dwData == 0)
				bOutput &= PrintString(hOutput, L"\r\n");
			else
				switch (dwType)
				{
				case REG_LINK:

					if (dwData % sizeof(L'\0'))
						goto DEFAULT;

					bOutput &= PrintString(hOutput, L",\"");
					bOutput &= PrintDirect(hOutput, (LPCWSTR) cbData, dwData / sizeof(L'\0'));
					bOutput &= PrintString(hOutput, L"\"\r\n");

					break;

				case REG_SZ:
				case REG_EXPAND_SZ:

					if (dwData % sizeof(L'\0'))
						goto DEFAULT;

					if (*(LPCWSTR) cbData == L'\0')
						bOutput &= PrintString(hOutput, L",\"\"\r\n");
					else
					{
						lpData = (LPCWSTR) cbData;
						((LPWSTR) lpData)[dwData / sizeof(L'\0')] = L'\0';

						dwData = wcslen(lpData);

						bOutput &= PrintString(hOutput, L",\"");

						for (lpEscape = InfEscape(lpData); lpEscape != NULL; lpData = lpEscape, lpEscape = InfEscape(lpEscape + 1))
							bOutput &= PrintDirect(hOutput, lpData, lpEscape + 1 - lpData);

						bOutput &= PrintDirect(hOutput, lpData, (LPCWSTR) cbData + dwData - lpData);
						bOutput &= PrintString(hOutput, L"\"\r\n");
					}

					break;

				case REG_MULTI_SZ:

					if (dwData % sizeof(L'\0'))
						goto DEFAULT;

					if ((dwData == sizeof(L'\0'))
					 && (*(LPCWSTR) cbData == L'\0'))
						bOutput &= PrintString(hOutput, L";\r\n");
					else
					{
						lpData = (LPCWSTR) cbData;
						dwData /= sizeof(L'\0');
						lpLast = lpData + dwData;

						if ((dwData > 1)
						 && (lpData[dwData - 1] == L'\0')
						 && (lpData[dwData - 2] == L'\0'))
							lpLast--;
						else
							*(LPWSTR) lpLast = L'\0';

						do
							if (*lpData == L'\0')
								bOutput &= PrintString(hOutput, L";\"\"");
							else
							{
								dwData = wcslen(lpData);

								bOutput &= PrintString(hOutput, L",\"");

								for (lpEscape = InfEscape(lpMulti = lpData), lpData += dwData;
								     lpEscape != NULL; lpMulti = lpEscape,
								     lpEscape = InfEscape(lpEscape + 1))
									bOutput &= PrintDirect(hOutput, lpMulti, lpEscape + 1 - lpMulti);

								bOutput &= PrintDirect(hOutput, lpMulti, lpData - lpMulti);
								bOutput &= PrintString(hOutput, L"\"");
							}
						while (++lpData < lpLast);

						bOutput &= PrintString(hOutput, L"\r\n");
					}

					break;

				case REG_DWORD_BIG_ENDIAN:

					if (dwData != sizeof(DWORD))
						goto DEFAULT;
#if 0
					bOutput &= PrintFormat(hOutput, L",%lu\r\n", _byteswap_ulong(*(LPDWORD) cbData));
#else
					bOutput &= PrintFormat(hOutput, L",%lu ; 0x%08lx\r\n", _byteswap_ulong(*(LPDWORD) cbData), *(LPDWORD) cbData);
#endif
					break;

				case REG_DWORD_LITTLE_ENDIAN:
			//	case REG_DWORD:

					if (dwData != sizeof(DWORD))
						goto DEFAULT;
#if 0
					bOutput &= PrintFormat(hOutput, L",%lu\r\n", *(LPDWORD) cbData);
#else
					bOutput &= PrintFormat(hOutput, L",%lu ; 0x%08lx\r\n", *(LPDWORD) cbData, *(LPDWORD) cbData);
#endif
					break;

				case REG_QWORD_LITTLE_ENDIAN:
			//	case REG_QWORD:

					if (dwData != sizeof(QWORD))
						goto DEFAULT;
#if 0
					bOutput &= PrintFormat(hOutput, L",%I64u\r\n", *(LPQWORD) cbData);
#else
					bOutput &= PrintFormat(hOutput, L",%I64u ; 0x%016I64x\r\n", *(LPQWORD) cbData, *(LPQWORD) cbData);
#endif
					break;

			//	case REG_NONE:
			//	case REG_BINARY:
			//	case REG_RESOURCE_LIST:
			//	case REG_FULL_RESOURCE_DESCRIPTOR:
			//	case REG_RESOURCE_REQUIREMENTS_LIST:
				default:
				DEFAULT:
					for (dwBytes = 0; dwBytes < dwData; dwBytes++)
#ifdef TINY
						bOutput &= PrintFormat(hOutput, L",%02x", cbData[dwBytes]);
#else
						bOutput &= PrintDirect(hOutput, szBytes[cbData[dwBytes]], 3);
#endif
					bOutput &= PrintString(hOutput, L"\r\n");
				}

			if (!bOutput)
				PrintConsole(hConsole,
				             L"WriteFile() returned error %lu for value \'%ls\' of registry key \'%ls\'\n",
				             dwError = GetLastError(), szValue, szKey);
		}
	}

	for (dwSubKeys = 0;; dwSubKeys++)
	{
		dwSubKey = sizeof(szKey) / sizeof(*szKey) - dwKey - 1;

		dwError = OREnumKey(hkKey,
		                    dwSubKeys,
		                    lpSubKey,
		                    &dwSubKey,
		                    (LPWSTR) NULL,
		                    (LPDWORD) NULL,
		                    (LPFILETIME) NULL);

		if (dwError == ERROR_NO_MORE_ITEMS)
			break;

		if (dwError != ERROR_SUCCESS)
			PrintConsole(hConsole,
			             L"OREnumKey() returned error %lu for registry key \'%ls\'\n",
			             dwError, szKey);
		else
		{
#ifdef SANITY
			dwChars = wcslen(lpSubKey);

			if (dwChars > dwSubKey)
				PrintConsole(hConsole,
				             L"ERROR: size (%lu characters) of subkey name \'%ls\' in registry key \'%ls\' smaller than actual string length (%lu characters)\n",
				             dwSubKey, lpSubKey, szKey, dwChars);
			else if (dwChars < dwSubKey)
				PrintConsole(hConsole,
				             L"WARNING: size (%lu characters) of subkey name \'%ls\' in registry key \'%ls\' greater than actual string length (%lu characters)\n",
				             dwSubKey, lpSubKey, szKey, dwChars);
#endif // SANITY
			szKey[dwKey] = L'\\';

			dwError = OROpenKey(hkKey,
			                    lpSubKey,
			                    &hkSubKey);

			if (dwError != ERROR_SUCCESS)
				PrintConsole(hConsole,
				             L"OROpenKey() returned error %lu for registry key \'%ls\'\n",
				             dwError, szKey);
			else
			{
				dwError = Offline(hConsole, hOutput, hkSubKey, dwKey + 1 + dwSubKey);

				dwValue = ORCloseKey(hkSubKey);

				if (dwValue != ERROR_SUCCESS)
					PrintConsole(hConsole,
					             L"ORCloseKey() returned error %lu for registry key \'%ls\'\n",
					             dwValue, szKey);
			}

			szKey[dwKey] = L'\0';
		}
	}
#ifndef SECURITY
	if ((dwValues == 0) && (dwSubKeys == 0))
	{
		if (dwKey < sizeof("HKEY_OFFLINE"))
			bOutput = PrintString(hOutput,
			                      L"HKO,,,%REG_KEYONLY%\r\n");
		else
			bOutput = PrintFormat(hOutput,
			                      L"HKO,\"%ls\",,%%REG_KEYONLY%%\r\n",
			                      szKey + sizeof("HKEY_OFFLINE"));

		if (!bOutput)
			PrintConsole(hConsole,
			             L"WriteFile() returned error %lu for empty registry key \'%ls\'\n",
			             dwError = GetLastError(), szKey);
	}
#endif
	return dwError;
}

__declspec(noreturn)
VOID	WINAPI	wmainCRTStartup(VOID)
{
	SYSTEMTIME	st;

	LPWSTR	*lpArguments;
	INT	nArguments;
	DWORD	dwError = ERROR_BAD_ARGUMENTS;
	DWORD	dwMajor, dwMinor;
	HKEY	hkRoot;
	HANDLE	hOutput;
	HANDLE	hConsole = GetStdHandle(STD_ERROR_HANDLE);

	if (hConsole == INVALID_HANDLE_VALUE)
		dwError = GetLastError();
	else
	{
		lpArguments = CommandLineToArgvW(GetCommandLine(), &nArguments);

		if (lpArguments == NULL)
			PrintConsole(hConsole,
			             L"CommandLineToArgv() returned error %lu\n",
			             dwError = GetLastError());
		else
		{
			if (nArguments != 2)
				PrintConsole(hConsole,
				             L"Bad arguments: a single file or path name of a registry hive must be given!\n");
			else
			{
				hOutput = GetStdHandle(STD_OUTPUT_HANDLE);

				if (hOutput == INVALID_HANDLE_VALUE)
					PrintConsole(hConsole,
					             L"GetStdHandle() returned error %lu\n",
					             dwError = GetLastError());
				else
				{
					if (!FlushFileBuffers(hOutput))
						PrintConsole(hConsole,
						             L"FlushFileBuffers() returned error %lu: standard output is not redirected to a file!\n",
						             dwError = GetLastError());
					else
					{
						ORGetVersion(&dwMajor, &dwMinor);

						PrintConsole(hConsole,
						             L"OFFREG.DLL version %lu.%lu\n",
						             dwMajor, dwMinor);

						dwError = OROpenHive(lpArguments[1], &hkRoot);

						if (dwError != ERROR_SUCCESS)
							PrintConsole(hConsole,
							             L"OROpenHive() returned error %lu\n",
							             dwError);
						else
						{
							GetSystemTime(&st);

							if (!PrintFormat(hOutput,
							                 L"\xFEFF"	// UTF-16LE BOM
							                 L"[Version]\r\n"
							                 L"DriverVer = %02hu/%02hu/%04hu,%02hu.%02hu.%02hu.%03hu ; UTC\r\n"
							                 L"Provider  = \"Stefan Kanthak\"\r\n"
							                 L"Signature = \"$Windows NT$\"\r\n"
							                 L"\r\n"
							                 L"[Strings]\r\n"
							                 L"REG_SZ                         = 0x00000000\r\n"
							                 L"REG_BINARY                     = 0x00000001\r\n"
							                 L"REG_KEYONLY                    = 0x00000010\r\n"
							                 L"REG_MULTI_SZ                   = 0x00010000\r\n"
							                 L"REG_DWORD                      = 0x00010001\r\n"
							                 L"REG_EXPAND_SZ                  = 0x00020000\r\n"
							                 L"REG_NONE                       = 0x00020001\r\n"
							                 L"REG_COMPATIBLE                 = 0x00030001 ; same as REG_BINARY\r\n"
							                 L"REG_DWORD_LITTLE_ENDIAN        = 0x00040001 ; same as REG_DWORD\r\n"
							                 L"REG_DWORD_BIG_ENDIAN           = 0x00050001\r\n"
							                 L"REG_LINK                       = 0x00060000\r\n"
							                 L"REG_RESOURCE_LIST              = 0x00080001\r\n"
							                 L"REG_FULL_RESOURCE_DESCRIPTOR   = 0x00090001\r\n"
							                 L"REG_RESOURCE_REQUIREMENTS_LIST = 0x000a0001\r\n"
							                 L"REG_QWORD                      = 0x000b0001\r\n"
							                 L"REG_QWORD_LITTLE_ENDIAN        = 0x000b0001 ; same as REG_QWORD\r\n"
							                 L"\r\n"
							                 L"[DefaultInstall.NT]\r\n"
							                 L";AddReg = AddReg.HKO\r\n"
							                 L"\r\n"
							                 L"[AddReg.HKO]\r\n",
							                 st.wMonth, st.wDay, st.wYear, st.wHour, st.wMinute, st.wSecond, st.wMilliseconds))
								PrintConsole(hConsole,
								             L"WriteFile() returned error %lu\n",
								             dwError = GetLastError());

							memcpy(szKey, L"HKEY_OFFLINE", sizeof(L"HKEY_OFFLINE"));

							dwError = Offline(hConsole, hOutput, hkRoot, sizeof("HKEY_OFFLINE") - 1);

							if (!PrintString(hOutput,
							                 L"\r\n"
							                 L"; EOF\r\n"))
								PrintConsole(hConsole,
								             L"WriteFile() returned error %lu\n",
								             dwError = GetLastError());

							dwError = ORCloseHive(hkRoot);

							if (dwError != ERROR_SUCCESS)
								PrintConsole(hConsole,
								             L"ORCloseHive() returned error %lu\n",
								             dwError);
						}
					}

					if (!CloseHandle(hOutput))
						PrintConsole(hConsole,
						             L"CloseHandle() returned error %lu\n",
						             GetLastError());
				}
			}

			if (LocalFree(lpArguments) != NULL)
				PrintConsole(hConsole,
				             L"LocalFree() returned error %lu\n",
				             GetLastError());
		}

		if (!CloseHandle(hConsole))
			PrintConsole(hConsole,
			             L"CloseHandle() returned error %lu\n",
			             GetLastError());
	}

	ExitProcess(dwError);
}
    Note: with the preprocessor macro SANITY defined, several consistency and sanity checks regarding the size of key and value names as well as value data and value data types are performed.

    Note: with the preprocessor macro SECURITY defined, the security descriptors of enumerated keys are printed in Security Descriptor Definition Language notation.

    Note: with the preprocessor macro TINY defined, the application gets 2036 bytes smaller, but also a little slower!

  2. Run the following four command lines to compile the source file OFFREG.C created in step 1., link the compiled object file OFFREG.OBJ and cleanup afterwards: 

    SET CL=/GA /GF /GS /Gy /O1 /Oi /Os /Oy /W4 /Zl
SET LINK=/DEFAULTLIB:ADVAPI32.LIB /DEFAULTLIB:KERNEL32.LIB /DEFAULTLIB:OFFREG.LIB /DEFAULTLIB:SHELL32.LIB /DEFAULTLIB:USER32.LIB /ENTRY:mainCRTStartup /LARGEADDRESSAWARE /NOCOFFGRPINFO /OSVERSION:5.0 /RELEASE /SUBSYSTEM:CONSOLE /SWAPRUN:CD,NET /VERSION:0.815
CL.EXE /FeOFFREG.COM OFFREG.C
ERASE OFFREG.OBJ
    For details and reference see the MSDN articles Compiler Options and Linker Options.

    Note: if necessary, see the MSDN article Use the Microsoft C++ toolset from the command line for an introduction.

    Note: the command lines can be copied and pasted as block into a Command Processor window! 

    Microsoft (R) C/C++ Optimizing Compiler Version 16.00.40219.01 for 80x86
Copyright (C) Microsoft Corporation.  All rights reserved.

OFFREG.C
OFFREG.C(520) : warning C4090: 'function' : different 'const' qualifiers

Microsoft (R) Incremental Linker Version 10.00.40219.386
Copyright (C) Microsoft Corporation.  All rights reserved.

…

  3. Finally execute the console application OFFREG.COM built in step 2. to dump the contents of the registry hive %SystemDrive%\Users\Default\NTUSER.DAT to the file ntuser.inf and display it afterwards: 

    VER
.\OFFREG.COM "%SystemDrive%\Users\Default\NTUSER.DAT" 1>ntuser.inf
NET.EXE HelpMsg %ERRORLEVEL%
TYPE ntuser.inf
    Microsoft Windows [Version 10.0.19041]

OFFREG.DLL version 1.0

The operation completed successfully.

[Version]
DriverVer = 08/15/2021,12.34.56.789 ; UTC
Provider  = "Stefan Kanthak"
Signature = "$Windows NT$"

[Strings]
REG_SZ                         = 0x00000000
REG_BINARY                     = 0x00000001
REG_KEYONLY                    = 0x00000010
REG_MULTI_SZ                   = 0x00010000
REG_DWORD                      = 0x00010001
REG_EXPAND_SZ                  = 0x00020000
REG_NONE                       = 0x00020001
REG_COMPATIBLE                 = 0x00030001 ; same as REG_BINARY
REG_DWORD_LITTLE_ENDIAN        = 0x00040001 ; same as REG_DWORD
REG_DWORD_BIG_ENDIAN           = 0x00050001
REG_LINK                       = 0x00060000
REG_RESOURCE_LIST              = 0x00080001
REG_FULL_RESOURCE_DESCRIPTOR   = 0x00090001
REG_RESOURCE_REQUIREMENTS_LIST = 0x000a0001
REG_QWORD                      = 0x000b0001
REG_QWORD_LITTLE_ENDIAN        = 0x000b0001 ; same as REG_QWORD

[DefaultInstall.NT]
;AddReg = AddReg.HKO

[AddReg.HKO]
HKO,"AppEvents\EventLabels\.Default",,%REG_SZ%,"Default Beep"
HKO,"AppEvents\EventLabels\.Default","DispFileName",%REG_SZ%,"@mmres.dll,-5824"
HKO,"AppEvents\EventLabels\ActivatingDocument",,%REG_SZ%,"Complete Navigation"
HKO,"AppEvents\EventLabels\ActivatingDocument","DispFileName",%REG_SZ%,"@ieframe.dll,-10321"
HKO,"AppEvents\EventLabels\AppGPFault",,%REG_SZ%,"Program Error"
HKO,"AppEvents\EventLabels\AppGPFault","DispFileName",%REG_SZ%,"@mmres.dll,-5825"
HKO,"AppEvents\EventLabels\BlockedPopup",,%REG_SZ%,"Blocked Pop-up Window"
HKO,"AppEvents\EventLabels\BlockedPopup","DispFileName",%REG_SZ%,"@ieframe.dll,-10325"
HKO,"AppEvents\EventLabels\CCSelect",,%REG_SZ%,"Select"
HKO,"AppEvents\EventLabels\CCSelect","DispFileName",%REG_SZ%,"@ieframe.dll,-10323"
HKO,"AppEvents\EventLabels\ChangeTheme",,%REG_SZ%,"Change Theme"
HKO,"AppEvents\EventLabels\ChangeTheme","DispFileName",%REG_SZ%,"@mmres.dll,-5860"
HKO,"AppEvents\EventLabels\Close",,%REG_SZ%,"Close Program"
HKO,"AppEvents\EventLabels\Close","DispFileName",%REG_SZ%,"@mmres.dll,-5826"
HKO,"AppEvents\EventLabels\CriticalBatteryAlarm",,%REG_SZ%,"Critical Battery Alarm"
HKO,"AppEvents\EventLabels\CriticalBatteryAlarm","DispFileName",%REG_SZ%,"@mmres.dll,-5827"
HKO,"AppEvents\EventLabels\DeviceConnect",,%REG_SZ%,"Device Connect"
HKO,"AppEvents\EventLabels\DeviceConnect","DispFileName",%REG_SZ%,"@mmres.dll,-5828"
HKO,"AppEvents\EventLabels\DeviceDisconnect",,%REG_SZ%,"Device Disconnect"
HKO,"AppEvents\EventLabels\DeviceDisconnect","DispFileName",%REG_SZ%,"@mmres.dll,-5829"
HKO,"AppEvents\EventLabels\DeviceFail",,%REG_SZ%,"Device Failed to Connect"
HKO,"AppEvents\EventLabels\DeviceFail","DispFileName",%REG_SZ%,"@mmres.dll,-5830"
HKO,"AppEvents\EventLabels\DisNumbersSound",,%REG_SZ%,"Disambiguation Numbers"
HKO,"AppEvents\EventLabels\DisNumbersSound","DispFileName",%REG_SZ%,"@C:\Windows\System32\speech\speechux\sapi.cpl,-5566"
HKO,"AppEvents\EventLabels\EmptyRecycleBin",,%REG_SZ%,"Empty Recycle Bin"
HKO,"AppEvents\EventLabels\EmptyRecycleBin","DispFileName",%REG_SZ%,"@mmres.dll,-5831"
HKO,"AppEvents\EventLabels\FaxBeep",,%REG_SZ%,"New Fax Notification"
HKO,"AppEvents\EventLabels\FaxBeep","DispFileName",%REG_SZ%,"@mmres.dll,-5858"
HKO,"AppEvents\EventLabels\FeedDiscovered",,%REG_SZ%,"Feed Discovered"
HKO,"AppEvents\EventLabels\FeedDiscovered","DispFileName",%REG_SZ%,"@ieframe.dll,-17315"
HKO,"AppEvents\EventLabels\HubOffSound",,%REG_SZ%,"Off"
HKO,"AppEvents\EventLabels\HubOffSound","DispFileName",%REG_SZ%,"@C:\Windows\System32\speech\speechux\sapi.cpl,-5563"
HKO,"AppEvents\EventLabels\HubOnSound",,%REG_SZ%,"On"
HKO,"AppEvents\EventLabels\HubOnSound","DispFileName",%REG_SZ%,"@C:\Windows\System32\speech\speechux\sapi.cpl,-5562"
HKO,"AppEvents\EventLabels\HubSleepSound",,%REG_SZ%,"Sleep"
HKO,"AppEvents\EventLabels\HubSleepSound","DispFileName",%REG_SZ%,"@C:\Windows\System32\speech\speechux\sapi.cpl,-5564"
HKO,"AppEvents\EventLabels\LowBatteryAlarm",,%REG_SZ%,"Low Battery Alarm"
HKO,"AppEvents\EventLabels\LowBatteryAlarm","DispFileName",%REG_SZ%,"@mmres.dll,-5832"
HKO,"AppEvents\EventLabels\MailBeep",,%REG_SZ%,"Desktop Mail Notification"
HKO,"AppEvents\EventLabels\MailBeep","DispFileName",%REG_SZ%,"@mmres.dll,-5837"
HKO,"AppEvents\EventLabels\Maximize",,%REG_SZ%,"Maximize"
HKO,"AppEvents\EventLabels\Maximize","DispFileName",%REG_SZ%,"@mmres.dll,-5833"
HKO,"AppEvents\EventLabels\MenuCommand",,%REG_SZ%,"Menu Command"
HKO,"AppEvents\EventLabels\MenuCommand","DispFileName",%REG_SZ%,"@mmres.dll,-5834"
HKO,"AppEvents\EventLabels\MenuPopup",,%REG_SZ%,"Menu Pop-up"
HKO,"AppEvents\EventLabels\MenuPopup","DispFileName",%REG_SZ%,"@mmres.dll,-5835"
HKO,"AppEvents\EventLabels\MessageNudge",,%REG_SZ%,"Message Nudge"
HKO,"AppEvents\EventLabels\MessageNudge","DispFileName",%REG_SZ%,"@mmres.dll,-5866"
HKO,"AppEvents\EventLabels\Minimize",,%REG_SZ%,"Minimize"
HKO,"AppEvents\EventLabels\Minimize","DispFileName",%REG_SZ%,"@mmres.dll,-5836"
HKO,"AppEvents\EventLabels\MisrecoSound",,%REG_SZ%,"Misrecognition"
HKO,"AppEvents\EventLabels\MisrecoSound","DispFileName",%REG_SZ%,"@C:\Windows\System32\speech\speechux\sapi.cpl,-5561"
HKO,"AppEvents\EventLabels\MoveMenuItem",,%REG_SZ%,"Move Menu Item"
HKO,"AppEvents\EventLabels\MoveMenuItem","DispFileName",%REG_SZ%,"@ieframe.dll,-10322"
HKO,"AppEvents\EventLabels\Navigating",,%REG_SZ%,"Start Navigation"
HKO,"AppEvents\EventLabels\Navigating","DispFileName",%REG_SZ%,"@ieframe.dll,-10320"
HKO,"AppEvents\EventLabels\Notification.Default",,%REG_SZ%,"Notification"
HKO,"AppEvents\EventLabels\Notification.Default","DispFileName",%REG_SZ%,"@mmres.dll,-5865"
HKO,"AppEvents\EventLabels\Notification.IM",,%REG_SZ%,"Instant Message Notification"
HKO,"AppEvents\EventLabels\Notification.IM","DispFileName",%REG_SZ%,"@mmres.dll,-5863"
HKO,"AppEvents\EventLabels\Notification.Looping.Alarm",,%REG_SZ%,"Alarm 1"
HKO,"AppEvents\EventLabels\Notification.Looping.Alarm","DispFileName",%REG_SZ%,"@mmres.dll,-5888"
HKO,"AppEvents\EventLabels\Notification.Looping.Alarm","ExcludeFromCPL",%REG_DWORD%,1 ; 0x00000001
HKO,"AppEvents\EventLabels\Notification.Looping.Alarm10",,%REG_SZ%,"Alarm 10"
HKO,"AppEvents\EventLabels\Notification.Looping.Alarm10","DispFileName",%REG_SZ%,"@mmres.dll,-5897"
HKO,"AppEvents\EventLabels\Notification.Looping.Alarm10","ExcludeFromCPL",%REG_DWORD%,1 ; 0x00000001
HKO,"AppEvents\EventLabels\Notification.Looping.Alarm2",,%REG_SZ%,"Alarm 2"
HKO,"AppEvents\EventLabels\Notification.Looping.Alarm2","DispFileName",%REG_SZ%,"@mmres.dll,-5889"
HKO,"AppEvents\EventLabels\Notification.Looping.Alarm2","ExcludeFromCPL",%REG_DWORD%,1 ; 0x00000001
HKO,"AppEvents\EventLabels\Notification.Looping.Alarm3",,%REG_SZ%,"Alarm 3"
HKO,"AppEvents\EventLabels\Notification.Looping.Alarm3","DispFileName",%REG_SZ%,"@mmres.dll,-5890"
HKO,"AppEvents\EventLabels\Notification.Looping.Alarm3","ExcludeFromCPL",%REG_DWORD%,1 ; 0x00000001
HKO,"AppEvents\EventLabels\Notification.Looping.Alarm4",,%REG_SZ%,"Alarm 4"
HKO,"AppEvents\EventLabels\Notification.Looping.Alarm4","DispFileName",%REG_SZ%,"@mmres.dll,-5891"
HKO,"AppEvents\EventLabels\Notification.Looping.Alarm4","ExcludeFromCPL",%REG_DWORD%,1 ; 0x00000001
HKO,"AppEvents\EventLabels\Notification.Looping.Alarm5",,%REG_SZ%,"Alarm 5"
HKO,"AppEvents\EventLabels\Notification.Looping.Alarm5","DispFileName",%REG_SZ%,"@mmres.dll,-5892"
HKO,"AppEvents\EventLabels\Notification.Looping.Alarm5","ExcludeFromCPL",%REG_DWORD%,1 ; 0x00000001
HKO,"AppEvents\EventLabels\Notification.Looping.Alarm6",,%REG_SZ%,"Alarm 6"
HKO,"AppEvents\EventLabels\Notification.Looping.Alarm6","DispFileName",%REG_SZ%,"@mmres.dll,-5893"
HKO,"AppEvents\EventLabels\Notification.Looping.Alarm6","ExcludeFromCPL",%REG_DWORD%,1 ; 0x00000001
HKO,"AppEvents\EventLabels\Notification.Looping.Alarm7",,%REG_SZ%,"Alarm 7"
HKO,"AppEvents\EventLabels\Notification.Looping.Alarm7","DispFileName",%REG_SZ%,"@mmres.dll,-5894"
HKO,"AppEvents\EventLabels\Notification.Looping.Alarm7","ExcludeFromCPL",%REG_DWORD%,1 ; 0x00000001
HKO,"AppEvents\EventLabels\Notification.Looping.Alarm8",,%REG_SZ%,"Alarm 8"
HKO,"AppEvents\EventLabels\Notification.Looping.Alarm8","DispFileName",%REG_SZ%,"@mmres.dll,-5895"
HKO,"AppEvents\EventLabels\Notification.Looping.Alarm8","ExcludeFromCPL",%REG_DWORD%,1 ; 0x00000001
HKO,"AppEvents\EventLabels\Notification.Looping.Alarm9",,%REG_SZ%,"Alarm 9"
HKO,"AppEvents\EventLabels\Notification.Looping.Alarm9","DispFileName",%REG_SZ%,"@mmres.dll,-5896"
HKO,"AppEvents\EventLabels\Notification.Looping.Alarm9","ExcludeFromCPL",%REG_DWORD%,1 ; 0x00000001
HKO,"AppEvents\EventLabels\Notification.Looping.Call",,%REG_SZ%,"Incoming Call Notification 1"
HKO,"AppEvents\EventLabels\Notification.Looping.Call","DispFileName",%REG_SZ%,"@mmres.dll,-5872"
HKO,"AppEvents\EventLabels\Notification.Looping.Call","ExcludeFromCPL",%REG_DWORD%,1 ; 0x00000001
HKO,"AppEvents\EventLabels\Notification.Looping.Call10",,%REG_SZ%,"Incoming Call Notification 10"
HKO,"AppEvents\EventLabels\Notification.Looping.Call10","DispFileName",%REG_SZ%,"@mmres.dll,-5881"
HKO,"AppEvents\EventLabels\Notification.Looping.Call10","ExcludeFromCPL",%REG_DWORD%,1 ; 0x00000001
HKO,"AppEvents\EventLabels\Notification.Looping.Call2",,%REG_SZ%,"Incoming Call Notification 2"
HKO,"AppEvents\EventLabels\Notification.Looping.Call2","DispFileName",%REG_SZ%,"@mmres.dll,-5873"
HKO,"AppEvents\EventLabels\Notification.Looping.Call2","ExcludeFromCPL",%REG_DWORD%,1 ; 0x00000001
HKO,"AppEvents\EventLabels\Notification.Looping.Call3",,%REG_SZ%,"Incoming Call Notification 3"
HKO,"AppEvents\EventLabels\Notification.Looping.Call3","DispFileName",%REG_SZ%,"@mmres.dll,-5874"
HKO,"AppEvents\EventLabels\Notification.Looping.Call3","ExcludeFromCPL",%REG_DWORD%,1 ; 0x00000001
HKO,"AppEvents\EventLabels\Notification.Looping.Call4",,%REG_SZ%,"Incoming Call Notification 4"
HKO,"AppEvents\EventLabels\Notification.Looping.Call4","DispFileName",%REG_SZ%,"@mmres.dll,-5875"
HKO,"AppEvents\EventLabels\Notification.Looping.Call4","ExcludeFromCPL",%REG_DWORD%,1 ; 0x00000001
HKO,"AppEvents\EventLabels\Notification.Looping.Call5",,%REG_SZ%,"Incoming Call Notification 5"
HKO,"AppEvents\EventLabels\Notification.Looping.Call5","DispFileName",%REG_SZ%,"@mmres.dll,-5876"
HKO,"AppEvents\EventLabels\Notification.Looping.Call5","ExcludeFromCPL",%REG_DWORD%,1 ; 0x00000001
HKO,"AppEvents\EventLabels\Notification.Looping.Call6",,%REG_SZ%,"Incoming Call Notification 6"
HKO,"AppEvents\EventLabels\Notification.Looping.Call6","DispFileName",%REG_SZ%,"@mmres.dll,-5877"
HKO,"AppEvents\EventLabels\Notification.Looping.Call6","ExcludeFromCPL",%REG_DWORD%,1 ; 0x00000001
HKO,"AppEvents\EventLabels\Notification.Looping.Call7",,%REG_SZ%,"Incoming Call Notification 7"
HKO,"AppEvents\EventLabels\Notification.Looping.Call7","DispFileName",%REG_SZ%,"@mmres.dll,-5878"
HKO,"AppEvents\EventLabels\Notification.Looping.Call7","ExcludeFromCPL",%REG_DWORD%,1 ; 0x00000001
HKO,"AppEvents\EventLabels\Notification.Looping.Call8",,%REG_SZ%,"Incoming Call Notification 8"
HKO,"AppEvents\EventLabels\Notification.Looping.Call8","DispFileName",%REG_SZ%,"@mmres.dll,-5879"
HKO,"AppEvents\EventLabels\Notification.Looping.Call8","ExcludeFromCPL",%REG_DWORD%,1 ; 0x00000001
HKO,"AppEvents\EventLabels\Notification.Looping.Call9",,%REG_SZ%,"Incoming Call Notification 9"
HKO,"AppEvents\EventLabels\Notification.Looping.Call9","DispFileName",%REG_SZ%,"@mmres.dll,-5880"
HKO,"AppEvents\EventLabels\Notification.Looping.Call9","ExcludeFromCPL",%REG_DWORD%,1 ; 0x00000001
HKO,"AppEvents\EventLabels\Notification.Mail",,%REG_SZ%,"New Mail Notification"
HKO,"AppEvents\EventLabels\Notification.Mail","DispFileName",%REG_SZ%,"@mmres.dll,-5861"
HKO,"AppEvents\EventLabels\Notification.Proximity",,%REG_SZ%,"NFP Completion"
HKO,"AppEvents\EventLabels\Notification.Proximity","DispFileName",%REG_SZ%,"@mmres.dll,-5868"
HKO,"AppEvents\EventLabels\Notification.Reminder",,%REG_SZ%,"Calendar Reminder"
HKO,"AppEvents\EventLabels\Notification.Reminder","DispFileName",%REG_SZ%,"@mmres.dll,-5864"
HKO,"AppEvents\EventLabels\Notification.SMS",,%REG_SZ%,"New Text Message Notification"
HKO,"AppEvents\EventLabels\Notification.SMS","DispFileName",%REG_SZ%,"@mmres.dll,-5862"
HKO,"AppEvents\EventLabels\Open",,%REG_SZ%,"Open Program"
HKO,"AppEvents\EventLabels\Open","DispFileName",%REG_SZ%,"@mmres.dll,-5839"
HKO,"AppEvents\EventLabels\PanelSound",,%REG_SZ%,"Disambiguation Panel"
HKO,"AppEvents\EventLabels\PanelSound","DispFileName",%REG_SZ%,"@C:\Windows\System32\speech\speechux\sapi.cpl,-5565"
HKO,"AppEvents\EventLabels\PrintComplete",,%REG_SZ%,"Print Complete"
HKO,"AppEvents\EventLabels\PrintComplete","DispFileName",%REG_SZ%,"@mmres.dll,-5840"
HKO,"AppEvents\EventLabels\ProximityConnection",,%REG_SZ%,"NFP Connection"
HKO,"AppEvents\EventLabels\ProximityConnection","DispFileName",%REG_SZ%,"@mmres.dll,-5867"
HKO,"AppEvents\EventLabels\RestoreDown",,%REG_SZ%,"Restore Down"
HKO,"AppEvents\EventLabels\RestoreDown","DispFileName",%REG_SZ%,"@mmres.dll,-5841"
HKO,"AppEvents\EventLabels\RestoreUp",,%REG_SZ%,"Restore Up"
HKO,"AppEvents\EventLabels\RestoreUp","DispFileName",%REG_SZ%,"@mmres.dll,-5842"
HKO,"AppEvents\EventLabels\SecurityBand",,%REG_SZ%,"Information Bar"
HKO,"AppEvents\EventLabels\SecurityBand","DispFileName",%REG_SZ%,"@ieframe.dll,-10326"
HKO,"AppEvents\EventLabels\ShowBand",,%REG_SZ%,"Show Toolbar Band"
HKO,"AppEvents\EventLabels\ShowBand","DispFileName",%REG_SZ%,"@ieframe.dll,-10324"
HKO,"AppEvents\EventLabels\SystemAsterisk",,%REG_SZ%,"Asterisk"
HKO,"AppEvents\EventLabels\SystemAsterisk","DispFileName",%REG_SZ%,"@mmres.dll,-5843"
HKO,"AppEvents\EventLabels\SystemExclamation",,%REG_SZ%,"Exclamation"
HKO,"AppEvents\EventLabels\SystemExclamation","DispFileName",%REG_SZ%,"@mmres.dll,-5845"
HKO,"AppEvents\EventLabels\SystemExit",,%REG_SZ%,"Exit Windows"
HKO,"AppEvents\EventLabels\SystemExit","DispFileName",%REG_SZ%,"@mmres.dll,-5846"
HKO,"AppEvents\EventLabels\SystemExit","ExcludeFromCPL",%REG_DWORD%,1 ; 0x00000001
HKO,"AppEvents\EventLabels\SystemHand",,%REG_SZ%,"Critical Stop"
HKO,"AppEvents\EventLabels\SystemHand","DispFileName",%REG_SZ%,"@mmres.dll,-5847"
HKO,"AppEvents\EventLabels\SystemNotification",,%REG_SZ%,"System Notification"
HKO,"AppEvents\EventLabels\SystemNotification","DispFileName",%REG_SZ%,"@mmres.dll,-5848"
HKO,"AppEvents\EventLabels\SystemQuestion",,%REG_SZ%,"Question"
HKO,"AppEvents\EventLabels\SystemQuestion","DispFileName",%REG_SZ%,"@mmres.dll,-5849"
HKO,"AppEvents\EventLabels\WindowsLogoff",,%REG_SZ%,"Windows Logoff"
HKO,"AppEvents\EventLabels\WindowsLogoff","DispFileName",%REG_SZ%,"@mmres.dll,-5852"
HKO,"AppEvents\EventLabels\WindowsLogoff","ExcludeFromCPL",%REG_DWORD%,1 ; 0x00000001
HKO,"AppEvents\EventLabels\WindowsLogon",,%REG_SZ%,"Windows Logon"
HKO,"AppEvents\EventLabels\WindowsLogon","DispFileName",%REG_SZ%,"@mmres.dll,-5853"
HKO,"AppEvents\EventLabels\WindowsLogon","ExcludeFromCPL",%REG_DWORD%,1 ; 0x00000001
HKO,"AppEvents\EventLabels\WindowsUAC",,%REG_SZ%,"Windows User Account Control"
HKO,"AppEvents\EventLabels\WindowsUAC","DispFileName",%REG_SZ%,"@mmres.dll,-5859"
HKO,"AppEvents\EventLabels\WindowsUnlock",,%REG_SZ%,"Windows Unlock"
HKO,"AppEvents\EventLabels\WindowsUnlock","DispFileName",%REG_SZ%,"@mmres.dll,-5869"
HKO,"AppEvents\EventLabels\WindowsUnlock","ExcludeFromCPL",%REG_DWORD%,1 ; 0x00000001
HKO,"AppEvents\Schemes",,%REG_SZ%,".Default"
HKO,"AppEvents\Schemes\Apps\.Default",,%REG_SZ%,"Windows"
HKO,"AppEvents\Schemes\Apps\.Default","DispFileName",%REG_SZ%,"@mmres.dll,-5856"
HKO,"AppEvents\Schemes\Apps\.Default\.Default\.Current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Windows Background.wav"
HKO,"AppEvents\Schemes\Apps\.Default\.Default\.Default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Windows Background.wav"
HKO,"AppEvents\Schemes\Apps\.Default\AppGPFault\.Current",,%REG_KEYONLY%
HKO,"AppEvents\Schemes\Apps\.Default\AppGPFault\.Default",,%REG_KEYONLY%
HKO,"AppEvents\Schemes\Apps\.Default\CCSelect",,%REG_KEYONLY%
HKO,"AppEvents\Schemes\Apps\.Default\ChangeTheme\.Current",,%REG_KEYONLY%
HKO,"AppEvents\Schemes\Apps\.Default\ChangeTheme\.Default",,%REG_KEYONLY%
HKO,"AppEvents\Schemes\Apps\.Default\Close\.Current",,%REG_KEYONLY%
HKO,"AppEvents\Schemes\Apps\.Default\Close\.Default",,%REG_KEYONLY%
HKO,"AppEvents\Schemes\Apps\.Default\CriticalBatteryAlarm\.Current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Windows Foreground.wav"
HKO,"AppEvents\Schemes\Apps\.Default\CriticalBatteryAlarm\.Default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Windows Foreground.wav"
HKO,"AppEvents\Schemes\Apps\.Default\DeviceConnect\.Current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Windows Hardware Insert.wav"
HKO,"AppEvents\Schemes\Apps\.Default\DeviceConnect\.Default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Windows Hardware Insert.wav"
HKO,"AppEvents\Schemes\Apps\.Default\DeviceDisconnect\.Current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Windows Hardware Remove.wav"
HKO,"AppEvents\Schemes\Apps\.Default\DeviceDisconnect\.Default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Windows Hardware Remove.wav"
HKO,"AppEvents\Schemes\Apps\.Default\DeviceFail\.Current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Windows Hardware Fail.wav"
HKO,"AppEvents\Schemes\Apps\.Default\DeviceFail\.Default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Windows Hardware Fail.wav"
HKO,"AppEvents\Schemes\Apps\.Default\FaxBeep\.Current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Windows Notify Email.wav"
HKO,"AppEvents\Schemes\Apps\.Default\FaxBeep\.Default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Windows Notify Email.wav"
HKO,"AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\.Current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Windows Background.wav"
HKO,"AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\.Default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Windows Background.wav"
HKO,"AppEvents\Schemes\Apps\.Default\MailBeep\.Current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Windows Notify Email.wav"
HKO,"AppEvents\Schemes\Apps\.Default\MailBeep\.Default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Windows Notify Email.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Maximize\.Current",,%REG_KEYONLY%
HKO,"AppEvents\Schemes\Apps\.Default\Maximize\.Default",,%REG_KEYONLY%
HKO,"AppEvents\Schemes\Apps\.Default\MenuCommand\.Current",,%REG_KEYONLY%
HKO,"AppEvents\Schemes\Apps\.Default\MenuCommand\.Default",,%REG_KEYONLY%
HKO,"AppEvents\Schemes\Apps\.Default\MenuPopup\.Current",,%REG_KEYONLY%
HKO,"AppEvents\Schemes\Apps\.Default\MenuPopup\.Default",,%REG_KEYONLY%
HKO,"AppEvents\Schemes\Apps\.Default\MessageNudge\.Current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Windows Message Nudge.wav"
HKO,"AppEvents\Schemes\Apps\.Default\MessageNudge\.Default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Windows Message Nudge.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Minimize\.Current",,%REG_KEYONLY%
HKO,"AppEvents\Schemes\Apps\.Default\Minimize\.Default",,%REG_KEYONLY%
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Default\.Current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Windows Notify System Generic.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Default\.Default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Windows Notify System Generic.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.IM\.Current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Windows Notify Messaging.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.IM\.Default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Windows Notify Messaging.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Looping.Alarm\.Current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Alarm01.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Looping.Alarm\.Default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Alarm01.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Looping.Alarm10\.Current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Alarm10.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Looping.Alarm10\.Default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Alarm10.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Looping.Alarm2\.Current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Alarm02.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Looping.Alarm2\.Default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Alarm02.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Looping.Alarm3\.Current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Alarm03.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Looping.Alarm3\.Default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Alarm03.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Looping.Alarm4\.Current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Alarm04.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Looping.Alarm4\.Default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Alarm04.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Looping.Alarm5\.Current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Alarm05.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Looping.Alarm5\.Default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Alarm05.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Looping.Alarm6\.Current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Alarm06.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Looping.Alarm6\.Default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Alarm06.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Looping.Alarm7\.Current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Alarm07.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Looping.Alarm7\.Default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Alarm07.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Looping.Alarm8\.Current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Alarm08.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Looping.Alarm8\.Default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Alarm08.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Looping.Alarm9\.Current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Alarm09.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Looping.Alarm9\.Default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Alarm09.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Looping.Call\.Current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Ring01.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Looping.Call\.Default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Ring01.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Looping.Call10\.Current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Ring10.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Looping.Call10\.Default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Ring10.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Looping.Call2\.Current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Ring02.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Looping.Call2\.Default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Ring02.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Looping.Call3\.Current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Ring03.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Looping.Call3\.Default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Ring03.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Looping.Call4\.Current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Ring04.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Looping.Call4\.Default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Ring04.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Looping.Call5\.Current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Ring05.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Looping.Call5\.Default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Ring05.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Looping.Call6\.Current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Ring06.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Looping.Call6\.Default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Ring06.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Looping.Call7\.Current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Ring07.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Looping.Call7\.Default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Ring07.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Looping.Call8\.Current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Ring08.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Looping.Call8\.Default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Ring08.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Looping.Call9\.Current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Ring09.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Looping.Call9\.Default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Ring09.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Mail\.Current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Windows Notify Email.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Mail\.Default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Windows Notify Email.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Proximity\.Current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Windows Proximity Notification.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Proximity\.Default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Windows Proximity Notification.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Reminder\.Current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Windows Notify Calendar.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.Reminder\.Default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Windows Notify Calendar.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.SMS\.Current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Windows Notify Messaging.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Notification.SMS\.Default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Windows Notify Messaging.wav"
HKO,"AppEvents\Schemes\Apps\.Default\Open\.Current",,%REG_KEYONLY%
HKO,"AppEvents\Schemes\Apps\.Default\Open\.Default",,%REG_KEYONLY%
HKO,"AppEvents\Schemes\Apps\.Default\PrintComplete\.Current",,%REG_KEYONLY%
HKO,"AppEvents\Schemes\Apps\.Default\PrintComplete\.Default",,%REG_KEYONLY%
HKO,"AppEvents\Schemes\Apps\.Default\ProximityConnection\.Current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Windows Proximity Connection.wav"
HKO,"AppEvents\Schemes\Apps\.Default\ProximityConnection\.Default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Windows Proximity Connection.wav"
HKO,"AppEvents\Schemes\Apps\.Default\RestoreDown\.Current",,%REG_KEYONLY%
HKO,"AppEvents\Schemes\Apps\.Default\RestoreDown\.Default",,%REG_KEYONLY%
HKO,"AppEvents\Schemes\Apps\.Default\RestoreUp\.Current",,%REG_KEYONLY%
HKO,"AppEvents\Schemes\Apps\.Default\RestoreUp\.Default",,%REG_KEYONLY%
HKO,"AppEvents\Schemes\Apps\.Default\ShowBand",,%REG_KEYONLY%
HKO,"AppEvents\Schemes\Apps\.Default\SystemAsterisk\.Current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Windows Background.wav"
HKO,"AppEvents\Schemes\Apps\.Default\SystemAsterisk\.Default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Windows Background.wav"
HKO,"AppEvents\Schemes\Apps\.Default\SystemExclamation\.Current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Windows Background.wav"
HKO,"AppEvents\Schemes\Apps\.Default\SystemExclamation\.Default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Windows Background.wav"
HKO,"AppEvents\Schemes\Apps\.Default\SystemExit\.Current",,%REG_KEYONLY%
HKO,"AppEvents\Schemes\Apps\.Default\SystemExit\.Default",,%REG_KEYONLY%
HKO,"AppEvents\Schemes\Apps\.Default\SystemHand\.Current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Windows Foreground.wav"
HKO,"AppEvents\Schemes\Apps\.Default\SystemHand\.Default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Windows Foreground.wav"
HKO,"AppEvents\Schemes\Apps\.Default\SystemNotification\.Current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Windows Background.wav"
HKO,"AppEvents\Schemes\Apps\.Default\SystemNotification\.Default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Windows Background.wav"
HKO,"AppEvents\Schemes\Apps\.Default\SystemQuestion\.Current",,%REG_KEYONLY%
HKO,"AppEvents\Schemes\Apps\.Default\SystemQuestion\.Default",,%REG_KEYONLY%
HKO,"AppEvents\Schemes\Apps\.Default\WindowsLogoff\.Current",,%REG_KEYONLY%
HKO,"AppEvents\Schemes\Apps\.Default\WindowsLogoff\.Default",,%REG_KEYONLY%
HKO,"AppEvents\Schemes\Apps\.Default\WindowsLogon\.Current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Windows Logon.wav"
HKO,"AppEvents\Schemes\Apps\.Default\WindowsLogon\.Default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Windows Logon.wav"
HKO,"AppEvents\Schemes\Apps\.Default\WindowsUAC\.Current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Windows User Account Control.wav"
HKO,"AppEvents\Schemes\Apps\.Default\WindowsUAC\.Default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Windows User Account Control.wav"
HKO,"AppEvents\Schemes\Apps\.Default\WindowsUnlock\.Current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Windows Unlock.wav"
HKO,"AppEvents\Schemes\Apps\.Default\WindowsUnlock\.Default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Windows Unlock.wav"
HKO,"AppEvents\Schemes\Apps\Explorer",,%REG_SZ%,"File Explorer"
HKO,"AppEvents\Schemes\Apps\Explorer","DispFileName",%REG_SZ%,"@mmres.dll,-5854"
HKO,"AppEvents\Schemes\Apps\Explorer\ActivatingDocument",,%REG_KEYONLY%
HKO,"AppEvents\Schemes\Apps\Explorer\BlockedPopup\.current",,%REG_KEYONLY%
HKO,"AppEvents\Schemes\Apps\Explorer\BlockedPopup\.default",,%REG_KEYONLY%
HKO,"AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\.Current",,%REG_KEYONLY%
HKO,"AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\.Default",,%REG_KEYONLY%
HKO,"AppEvents\Schemes\Apps\Explorer\FeedDiscovered\.current",,%REG_KEYONLY%
HKO,"AppEvents\Schemes\Apps\Explorer\FeedDiscovered\.default",,%REG_KEYONLY%
HKO,"AppEvents\Schemes\Apps\Explorer\MoveMenuItem",,%REG_KEYONLY%
HKO,"AppEvents\Schemes\Apps\Explorer\Navigating\.Current",,%REG_KEYONLY%
HKO,"AppEvents\Schemes\Apps\Explorer\Navigating\.Default",,%REG_KEYONLY%
HKO,"AppEvents\Schemes\Apps\Explorer\SecurityBand\.current",,%REG_KEYONLY%
HKO,"AppEvents\Schemes\Apps\Explorer\SecurityBand\.default",,%REG_KEYONLY%
HKO,"AppEvents\Schemes\Apps\sapisvr",,%REG_SZ%,"Speech Recognition"
HKO,"AppEvents\Schemes\Apps\sapisvr","DispFileName",%REG_SZ%,"@C:\Windows\System32\speech\speechux\sapi.cpl,-5555"
HKO,"AppEvents\Schemes\Apps\sapisvr\DisNumbersSound\.current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Speech Disambiguation.wav"
HKO,"AppEvents\Schemes\Apps\sapisvr\DisNumbersSound\.default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Speech Disambiguation.wav"
HKO,"AppEvents\Schemes\Apps\sapisvr\HubOffSound\.current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Speech Off.wav"
HKO,"AppEvents\Schemes\Apps\sapisvr\HubOffSound\.default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Speech Off.wav"
HKO,"AppEvents\Schemes\Apps\sapisvr\HubOnSound\.current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Speech On.wav"
HKO,"AppEvents\Schemes\Apps\sapisvr\HubOnSound\.default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Speech On.wav"
HKO,"AppEvents\Schemes\Apps\sapisvr\HubSleepSound\.current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Speech Sleep.wav"
HKO,"AppEvents\Schemes\Apps\sapisvr\HubSleepSound\.default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Speech Sleep.wav"
HKO,"AppEvents\Schemes\Apps\sapisvr\MisrecoSound\.current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Speech Misrecognition.wav"
HKO,"AppEvents\Schemes\Apps\sapisvr\MisrecoSound\.default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Speech Misrecognition.wav"
HKO,"AppEvents\Schemes\Apps\sapisvr\PanelSound\.current",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Speech Disambiguation.wav"
HKO,"AppEvents\Schemes\Apps\sapisvr\PanelSound\.default",,%REG_EXPAND_SZ%,"%%SystemRoot%%\media\Speech Disambiguation.wav"
HKO,"AppEvents\Schemes\Names\.Default",,%REG_SZ%,"@mmres.dll,-800"
HKO,"AppEvents\Schemes\Names\.None",,%REG_SZ%,"@mmres.dll,-801"
HKO,"Console","ColorTable00",%REG_DWORD%,789516 ; 0x000c0c0c
HKO,"Console","ColorTable01",%REG_DWORD%,14300928 ; 0x00da3700
HKO,"Console","ColorTable02",%REG_DWORD%,958739 ; 0x000ea113
HKO,"Console","ColorTable03",%REG_DWORD%,14521914 ; 0x00dd963a
HKO,"Console","ColorTable04",%REG_DWORD%,2035653 ; 0x001f0fc5
HKO,"Console","ColorTable05",%REG_DWORD%,9967496 ; 0x00981788
HKO,"Console","ColorTable06",%REG_DWORD%,40129 ; 0x00009cc1
HKO,"Console","ColorTable07",%REG_DWORD%,13421772 ; 0x00cccccc
HKO,"Console","ColorTable08",%REG_DWORD%,7763574 ; 0x00767676
HKO,"Console","ColorTable09",%REG_DWORD%,16742459 ; 0x00ff783b
HKO,"Console","ColorTable10",%REG_DWORD%,837142 ; 0x000cc616
HKO,"Console","ColorTable11",%REG_DWORD%,14079585 ; 0x00d6d661
HKO,"Console","ColorTable12",%REG_DWORD%,5654759 ; 0x005648e7
HKO,"Console","ColorTable13",%REG_DWORD%,10354868 ; 0x009e00b4
HKO,"Console","ColorTable14",%REG_DWORD%,10875385 ; 0x00a5f1f9
HKO,"Console","ColorTable15",%REG_DWORD%,15921906 ; 0x00f2f2f2
HKO,"Console","CtrlKeyShortcutsDisabled",%REG_DWORD%,0 ; 0x00000000
HKO,"Console","CursorColor",%REG_DWORD%,4294967295 ; 0xffffffff
HKO,"Console","CursorSize",%REG_DWORD%,25 ; 0x00000019
HKO,"Console","DefaultBackground",%REG_DWORD%,4294967295 ; 0xffffffff
HKO,"Console","DefaultForeground",%REG_DWORD%,4294967295 ; 0xffffffff
HKO,"Console","EnableColorSelection",%REG_DWORD%,0 ; 0x00000000
HKO,"Console","ExtendedEditKey",%REG_DWORD%,1 ; 0x00000001
HKO,"Console","ExtendedEditKeyCustom",%REG_DWORD%,0 ; 0x00000000
HKO,"Console","FaceName",%REG_SZ%,"__DefaultTTFont__"
HKO,"Console","FilterOnPaste",%REG_DWORD%,1 ; 0x00000001
HKO,"Console","FontFamily",%REG_DWORD%,0 ; 0x00000000
HKO,"Console","FontSize",%REG_DWORD%,1048576 ; 0x00100000
HKO,"Console","FontWeight",%REG_DWORD%,0 ; 0x00000000
HKO,"Console","ForceV2",%REG_DWORD%,1 ; 0x00000001
HKO,"Console","FullScreen",%REG_DWORD%,0 ; 0x00000000
HKO,"Console","HistoryBufferSize",%REG_DWORD%,50 ; 0x00000032
HKO,"Console","HistoryNoDup",%REG_DWORD%,0 ; 0x00000000
HKO,"Console","InsertMode",%REG_DWORD%,1 ; 0x00000001
HKO,"Console","LineSelection",%REG_DWORD%,1 ; 0x00000001
HKO,"Console","LineWrap",%REG_DWORD%,1 ; 0x00000001
HKO,"Console","LoadConIme",%REG_DWORD%,1 ; 0x00000001
HKO,"Console","NumberOfHistoryBuffers",%REG_DWORD%,4 ; 0x00000004
HKO,"Console","PopupColors",%REG_DWORD%,245 ; 0x000000f5
HKO,"Console","QuickEdit",%REG_DWORD%,1 ; 0x00000001
HKO,"Console","ScreenBufferSize",%REG_DWORD%,589889656 ; 0x23290078
HKO,"Console","ScreenColors",%REG_DWORD%,7 ; 0x00000007
HKO,"Console","ScrollScale",%REG_DWORD%,1 ; 0x00000001
HKO,"Console","TerminalScrolling",%REG_DWORD%,0 ; 0x00000000
HKO,"Console","TrimLeadingZeros",%REG_DWORD%,0 ; 0x00000000
HKO,"Console","WindowAlpha",%REG_DWORD%,255 ; 0x000000ff
HKO,"Console","WindowSize",%REG_DWORD%,1966200 ; 0x001e0078
HKO,"Console","WordDelimiters",%REG_DWORD%,0 ; 0x00000000
HKO,"Console\%SystemRoot%_System32_WindowsPowerShell_v1.0_powershell.exe","ColorTable05",%REG_DWORD%,5645313 ; 0x00562401
HKO,"Console\%SystemRoot%_System32_WindowsPowerShell_v1.0_powershell.exe","ColorTable06",%REG_DWORD%,15789550 ; 0x00f0edee
HKO,"Console\%SystemRoot%_System32_WindowsPowerShell_v1.0_powershell.exe","FaceName",%REG_SZ%,"Lucida Console"
HKO,"Console\%SystemRoot%_System32_WindowsPowerShell_v1.0_powershell.exe","FontFamily",%REG_DWORD%,54 ; 0x00000036
HKO,"Console\%SystemRoot%_System32_WindowsPowerShell_v1.0_powershell.exe","FontWeight",%REG_DWORD%,400 ; 0x00000190
HKO,"Console\%SystemRoot%_System32_WindowsPowerShell_v1.0_powershell.exe","PopupColors",%REG_DWORD%,243 ; 0x000000f3
HKO,"Console\%SystemRoot%_System32_WindowsPowerShell_v1.0_powershell.exe","QuickEdit",%REG_DWORD%,1 ; 0x00000001
HKO,"Console\%SystemRoot%_System32_WindowsPowerShell_v1.0_powershell.exe","ScreenBufferSize",%REG_DWORD%,196608120 ; 0x0bb80078
HKO,"Console\%SystemRoot%_System32_WindowsPowerShell_v1.0_powershell.exe","ScreenColors",%REG_DWORD%,86 ; 0x00000056
HKO,"Console\%SystemRoot%_System32_WindowsPowerShell_v1.0_powershell.exe","WindowSize",%REG_DWORD%,3276920 ; 0x00320078
HKO,"Console\%SystemRoot%_SysWOW64_WindowsPowerShell_v1.0_powershell.exe","ColorTable05",%REG_DWORD%,5645313 ; 0x00562401
HKO,"Console\%SystemRoot%_SysWOW64_WindowsPowerShell_v1.0_powershell.exe","ColorTable06",%REG_DWORD%,15789550 ; 0x00f0edee
HKO,"Console\%SystemRoot%_SysWOW64_WindowsPowerShell_v1.0_powershell.exe","FaceName",%REG_SZ%,"Lucida Console"
HKO,"Console\%SystemRoot%_SysWOW64_WindowsPowerShell_v1.0_powershell.exe","FontFamily",%REG_DWORD%,54 ; 0x00000036
HKO,"Console\%SystemRoot%_SysWOW64_WindowsPowerShell_v1.0_powershell.exe","FontWeight",%REG_DWORD%,400 ; 0x00000190
HKO,"Console\%SystemRoot%_SysWOW64_WindowsPowerShell_v1.0_powershell.exe","PopupColors",%REG_DWORD%,243 ; 0x000000f3
HKO,"Console\%SystemRoot%_SysWOW64_WindowsPowerShell_v1.0_powershell.exe","QuickEdit",%REG_DWORD%,1 ; 0x00000001
HKO,"Console\%SystemRoot%_SysWOW64_WindowsPowerShell_v1.0_powershell.exe","ScreenBufferSize",%REG_DWORD%,196608120 ; 0x0bb80078
HKO,"Console\%SystemRoot%_SysWOW64_WindowsPowerShell_v1.0_powershell.exe","ScreenColors",%REG_DWORD%,86 ; 0x00000056
HKO,"Console\%SystemRoot%_SysWOW64_WindowsPowerShell_v1.0_powershell.exe","WindowSize",%REG_DWORD%,3276920 ; 0x00320078
HKO,"Control Panel\Accessibility","MessageDuration",%REG_DWORD%,5 ; 0x00000005
HKO,"Control Panel\Accessibility","MinimumHitRadius",%REG_DWORD%,0 ; 0x00000000
HKO,"Control Panel\Accessibility\AudioDescription","Locale",%REG_SZ%,""
HKO,"Control Panel\Accessibility\AudioDescription","On",%REG_SZ%,"0"
HKO,"Control Panel\Accessibility\Blind Access","On",%REG_SZ%,"0"
HKO,"Control Panel\Accessibility\HighContrast","Flags",%REG_SZ%,"126"
HKO,"Control Panel\Accessibility\HighContrast","High Contrast Scheme",%REG_SZ%,""
HKO,"Control Panel\Accessibility\Keyboard Preference","On",%REG_SZ%,"0"
HKO,"Control Panel\Accessibility\Keyboard Response","AutoRepeatDelay",%REG_SZ%,"1000"
HKO,"Control Panel\Accessibility\Keyboard Response","AutoRepeatRate",%REG_SZ%,"500"
HKO,"Control Panel\Accessibility\Keyboard Response","BounceTime",%REG_SZ%,"0"
HKO,"Control Panel\Accessibility\Keyboard Response","DelayBeforeAcceptance",%REG_SZ%,"1000"
HKO,"Control Panel\Accessibility\Keyboard Response","Flags",%REG_SZ%,"126"
HKO,"Control Panel\Accessibility\Keyboard Response","Last BounceKey Setting",%REG_DWORD%,0 ; 0x00000000
HKO,"Control Panel\Accessibility\Keyboard Response","Last Valid Delay",%REG_DWORD%,0 ; 0x00000000
HKO,"Control Panel\Accessibility\Keyboard Response","Last Valid Repeat",%REG_DWORD%,0 ; 0x00000000
HKO,"Control Panel\Accessibility\Keyboard Response","Last Valid Wait",%REG_DWORD%,1000 ; 0x000003e8
HKO,"Control Panel\Accessibility\MouseKeys","Flags",%REG_SZ%,"62"
HKO,"Control Panel\Accessibility\MouseKeys","MaximumSpeed",%REG_SZ%,"80"
HKO,"Control Panel\Accessibility\MouseKeys","TimeToMaximumSpeed",%REG_SZ%,"3000"
HKO,"Control Panel\Accessibility\On","Locale",%REG_DWORD%,0 ; 0x00000000
HKO,"Control Panel\Accessibility\On","On",%REG_DWORD%,0 ; 0x00000000
HKO,"Control Panel\Accessibility\ShowSounds","On",%REG_SZ%,"0"
HKO,"Control Panel\Accessibility\SlateLaunch","ATapp",%REG_SZ%,"narrator"
HKO,"Control Panel\Accessibility\SlateLaunch","LaunchAT",%REG_DWORD%,1 ; 0x00000001
HKO,"Control Panel\Accessibility\SoundSentry","Flags",%REG_SZ%,"2"
HKO,"Control Panel\Accessibility\SoundSentry","FSTextEffect",%REG_SZ%,"0"
HKO,"Control Panel\Accessibility\SoundSentry","TextEffect",%REG_SZ%,"0"
HKO,"Control Panel\Accessibility\SoundSentry","WindowsEffect",%REG_SZ%,"1"
HKO,"Control Panel\Accessibility\StickyKeys","Flags",%REG_SZ%,"510"
HKO,"Control Panel\Accessibility\TimeOut","Flags",%REG_SZ%,"2"
HKO,"Control Panel\Accessibility\TimeOut","TimeToWait",%REG_SZ%,"300000"
HKO,"Control Panel\Accessibility\ToggleKeys","Flags",%REG_SZ%,"62"
HKO,"Control Panel\Appearance\New Schemes",,%REG_KEYONLY%
HKO,"Control Panel\Appearance\Schemes","@themeui.dll,-850",%REG_BINARY%,02,00,00,00,46,00,00,00,01,00,00,00,11,00,00,00,11,00,00,00,14,00,00,00,14,00,00,00,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,bc,02,00,00,00,00,00,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,53,00,61,00,6e,00,73,00,20,00,53,00,65,00,72,00,69,00,66,00,00,00,fc,7f,22,14,fc,7f,b0,fe,12,00,00,00,00,00,00,00,00,00,98,23,eb,77,0f,00,00,00,0f,00,00,00,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,bc,02,00,00,00,00,00,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,53,00,61,00,6e,00,73,00,20,00,53,00,65,00,72,00,69,00,66,00,00,00,f0,77,00,20,14,00,00,00,00,10,80,05,14,00,f0,1f,14,00,00,00,14,00,12,00,00,00,12,00,00,00,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,00,00,00,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,53,00,61,00,6e,00,73,00,20,00,53,00,65,00,72,00,69,00,66,00,00,00,14,00,88,fb,e8,77,02,02,00,00,ac,b9,f0,77,00,00,00,00,20,00,00,00,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,00,00,00,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,53,00,61,00,6e,00,73,00,20,00,53,00,65,00,72,00,69,00,66,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,7c,6b,e8,77,00,00,00,00,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,00,00,00,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,53,00,61,00,6e,00,73,00,20,00,53,00,65,00,72,00,69,00,66,00,00,00,00,00,06,00,00,00,18,00,00,00,ff,ff,ff,ff,f0,4b,21,fc,00,c4,f0,77,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,bc,02,00,00,00,00,00,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,53,00,61,00,6e,00,73,00,20,00,53,00,65,00,72,00,69,00,66,00,00,00,14,00,0b,00,00,00,00,ff,12,00,50,00,00,00,c0,fe,12,00,0c,10,00,01,00,00,00,00,00,00,00,00,00,00,ff,00,00,ff,ff,00,00,00,00,00,00,00,00,00,ff,ff,ff,00,ff,ff,ff,00,ff,ff,00,00,ff,ff,ff,00,00,00,ff,00,00,ff,ff,00,00,00,00,00,00,80,00,00,ff,ff,ff,00,00,00,00,00,80,80,80,00,00,ff,00,00,ff,ff,ff,00,00,00,00,00,c0,c0,c0,00,ff,ff,ff,00,ff,ff,ff,00,ff,ff,00,00,00,00,00,00,c0,c0,c0,00,80,80,ff,00,00,00,ff,00,00,ff,ff,00
HKO,"Control Panel\Appearance\Schemes","@themeui.dll,-851",%REG_BINARY%,02,00,00,00,46,00,00,00,01,00,00,00,11,00,00,00,11,00,00,00,14,00,00,00,14,00,00,00,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,bc,02,00,00,00,00,00,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,53,00,61,00,6e,00,73,00,20,00,53,00,65,00,72,00,69,00,66,00,00,00,fc,7f,22,14,fc,7f,b0,fe,12,00,00,00,00,00,00,00,00,00,98,23,eb,77,0f,00,00,00,0f,00,00,00,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,bc,02,00,00,00,00,00,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,53,00,61,00,6e,00,73,00,20,00,53,00,65,00,72,00,69,00,66,00,00,00,f0,77,00,20,14,00,00,00,00,10,80,05,14,00,f0,1f,14,00,00,00,14,00,12,00,00,00,12,00,00,00,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,00,00,00,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,53,00,61,00,6e,00,73,00,20,00,53,00,65,00,72,00,69,00,66,00,00,00,14,00,88,fb,e8,77,02,02,00,00,ac,b9,f0,77,00,00,00,00,20,00,00,00,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,00,00,00,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,53,00,61,00,6e,00,73,00,20,00,53,00,65,00,72,00,69,00,66,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,7c,6b,e8,77,00,00,00,00,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,00,00,00,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,53,00,61,00,6e,00,73,00,20,00,53,00,65,00,72,00,69,00,66,00,00,00,00,00,06,00,00,00,18,00,00,00,ff,ff,ff,ff,f0,4b,21,fc,00,c4,f0,77,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,bc,02,00,00,00,00,00,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,53,00,61,00,6e,00,73,00,20,00,53,00,65,00,72,00,69,00,66,00,00,00,14,00,0b,00,00,00,00,ff,12,00,50,00,00,00,c0,fe,12,00,0c,10,00,01,00,00,00,00,00,00,00,00,00,ff,ff,00,00,00,ff,00,00,00,00,00,00,00,00,00,ff,ff,ff,00,00,ff,00,00,00,ff,00,00,00,00,00,00,00,ff,ff,00,00,00,ff,00,ff,ff,ff,00,00,00,ff,00,ff,ff,ff,00,00,00,00,00,80,80,80,00,c0,c0,c0,00,00,ff,00,00,ff,ff,ff,00,c0,c0,c0,00,ff,ff,ff,00,ff,ff,ff,00,00,00,00,00,ff,ff,00,00,c0,c0,c0,00,80,80,ff,00,00,ff,ff,00,00,00,ff,00
HKO,"Control Panel\Appearance\Schemes","@themeui.dll,-852",%REG_BINARY%,02,00,00,00,46,00,00,00,01,00,00,00,11,00,00,00,11,00,00,00,14,00,00,00,14,00,00,00,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,bc,02,00,00,00,00,00,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,53,00,61,00,6e,00,73,00,20,00,53,00,65,00,72,00,69,00,66,00,00,00,fc,7f,22,14,fc,7f,b0,fe,12,00,00,00,00,00,00,00,00,00,98,23,eb,77,0f,00,00,00,0f,00,00,00,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,bc,02,00,00,00,00,00,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,53,00,61,00,6e,00,73,00,20,00,53,00,65,00,72,00,69,00,66,00,00,00,f0,77,00,20,14,00,00,00,00,10,80,05,14,00,f0,1f,14,00,00,00,14,00,12,00,00,00,12,00,00,00,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,00,00,00,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,53,00,61,00,6e,00,73,00,20,00,53,00,65,00,72,00,69,00,66,00,00,00,14,00,88,fb,e8,77,02,02,00,00,ac,b9,f0,77,00,00,00,00,20,00,00,00,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,00,00,00,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,53,00,61,00,6e,00,73,00,20,00,53,00,65,00,72,00,69,00,66,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,7c,6b,e8,77,00,00,00,00,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,00,00,00,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,53,00,61,00,6e,00,73,00,20,00,53,00,65,00,72,00,69,00,66,00,00,00,00,00,06,00,00,00,18,00,00,00,ff,ff,ff,ff,f0,4b,21,fc,00,c4,f0,77,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,bc,02,00,00,00,00,00,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,53,00,61,00,6e,00,73,00,20,00,53,00,65,00,72,00,69,00,66,00,00,00,14,00,0b,00,00,00,00,ff,12,00,50,00,00,00,c0,fe,12,00,0c,10,00,01,00,00,00,00,00,00,00,00,80,00,80,00,00,80,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,00,ff,ff,ff,00,ff,ff,ff,00,ff,ff,ff,00,ff,ff,00,00,00,80,00,00,00,00,00,00,80,00,80,00,ff,ff,ff,00,00,00,00,00,80,80,80,00,00,ff,00,00,ff,ff,ff,00,ff,ff,ff,00,c0,c0,c0,00,ff,ff,ff,00,ff,ff,ff,00,ff,ff,ff,00,00,00,00,00,c0,c0,c0,00,80,80,ff,00,80,00,80,00,00,80,00,00
HKO,"Control Panel\Appearance\Schemes","@themeui.dll,-853",%REG_BINARY%,02,00,00,00,46,00,00,00,01,00,00,00,11,00,00,00,11,00,00,00,14,00,00,00,14,00,00,00,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,bc,02,00,00,00,00,00,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,53,00,61,00,6e,00,73,00,20,00,53,00,65,00,72,00,69,00,66,00,00,00,fc,7f,22,14,fc,7f,b0,fe,12,00,00,00,00,00,00,00,00,00,98,23,eb,77,0f,00,00,00,0f,00,00,00,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,bc,02,00,00,00,00,00,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,53,00,61,00,6e,00,73,00,20,00,53,00,65,00,72,00,69,00,66,00,00,00,f0,77,00,20,14,00,00,00,00,10,80,05,14,00,f0,1f,14,00,00,00,14,00,12,00,00,00,12,00,00,00,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,bc,02,00,00,00,00,00,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,53,00,61,00,6e,00,73,00,20,00,53,00,65,00,72,00,69,00,66,00,00,00,14,00,88,fb,e8,77,02,02,00,00,ac,b9,f0,77,00,00,00,00,20,00,00,00,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,00,00,00,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,53,00,61,00,6e,00,73,00,20,00,53,00,65,00,72,00,69,00,66,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,7c,6b,e8,77,00,00,00,00,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,bc,02,00,00,00,00,00,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,53,00,61,00,6e,00,73,00,20,00,53,00,65,00,72,00,69,00,66,00,00,00,00,00,06,00,00,00,18,00,00,00,ff,ff,ff,ff,f0,4b,21,fc,00,c4,f0,77,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,bc,02,00,00,00,00,00,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,53,00,61,00,6e,00,73,00,20,00,53,00,65,00,72,00,69,00,66,00,00,00,14,00,0b,00,00,00,00,ff,12,00,50,00,00,00,c0,fe,12,00,0c,10,00,01,ff,ff,ff,00,ff,ff,ff,00,00,00,00,00,ff,ff,ff,00,ff,ff,ff,00,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,00,80,80,80,00,c0,c0,c0,00,80,80,80,00,00,00,00,00,ff,ff,ff,00,ff,ff,ff,00,80,80,80,00,00,80,00,00,00,00,00,00,00,00,00,00,c0,c0,c0,00,00,00,00,00,c0,c0,c0,00,00,00,00,00,ff,ff,ff,00,c0,c0,c0,00,00,00,00,00,00,00,00,00,ff,ff,ff,00
HKO,"Control Panel\Appearance\Schemes","@themeui.dll,-854",%REG_BINARY%,02,00,00,00,f4,01,00,00,01,00,00,00,10,00,00,00,10,00,00,00,12,00,00,00,12,00,00,00,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,bc,02,00,00,00,00,00,00,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,0c,00,00,00,0f,00,00,00,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,bc,02,00,00,00,00,00,00,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,12,00,00,00,12,00,00,00,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,00,00,00,00,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,00,00,00,00,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,00,00,00,00,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,00,00,00,00,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,d4,d0,c8,00,3a,6e,a5,00,0a,24,6a,00,80,80,80,00,d4,d0,c8,00,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,00,d4,d0,c8,00,d4,d0,c8,00,80,80,80,00,0a,24,6a,00,ff,ff,ff,00,d4,d0,c8,00,80,80,80,00,80,80,80,00,00,00,00,00,d4,d0,c8,00,ff,ff,ff,00,40,40,40,00,d4,d0,c8,00,00,00,00,00,ff,ff,e1,00,b5,b5,b5,00,00,00,80,00,a6,ca,f0,00,c0,c0,c0,00
HKO,"Control Panel\Colors","ActiveBorder",%REG_SZ%,"180 180 180"
HKO,"Control Panel\Colors","ActiveTitle",%REG_SZ%,"153 180 209"
HKO,"Control Panel\Colors","AppWorkspace",%REG_SZ%,"171 171 171"
HKO,"Control Panel\Colors","Background",%REG_SZ%,"0 0 0"
HKO,"Control Panel\Colors","ButtonAlternateFace",%REG_SZ%,"0 0 0"
HKO,"Control Panel\Colors","ButtonDkShadow",%REG_SZ%,"105 105 105"
HKO,"Control Panel\Colors","ButtonFace",%REG_SZ%,"240 240 240"
HKO,"Control Panel\Colors","ButtonHilight",%REG_SZ%,"255 255 255"
HKO,"Control Panel\Colors","ButtonLight",%REG_SZ%,"227 227 227"
HKO,"Control Panel\Colors","ButtonShadow",%REG_SZ%,"160 160 160"
HKO,"Control Panel\Colors","ButtonText",%REG_SZ%,"0 0 0"
HKO,"Control Panel\Colors","GradientActiveTitle",%REG_SZ%,"185 209 234"
HKO,"Control Panel\Colors","GradientInactiveTitle",%REG_SZ%,"215 228 242"
HKO,"Control Panel\Colors","GrayText",%REG_SZ%,"109 109 109"
HKO,"Control Panel\Colors","Hilight",%REG_SZ%,"51 153 255"
HKO,"Control Panel\Colors","HilightText",%REG_SZ%,"255 255 255"
HKO,"Control Panel\Colors","HotTrackingColor",%REG_SZ%,"0 102 204"
HKO,"Control Panel\Colors","InactiveBorder",%REG_SZ%,"244 247 252"
HKO,"Control Panel\Colors","InactiveTitle",%REG_SZ%,"191 205 219"
HKO,"Control Panel\Colors","InactiveTitleText",%REG_SZ%,"0 0 0"
HKO,"Control Panel\Colors","InfoText",%REG_SZ%,"0 0 0"
HKO,"Control Panel\Colors","InfoWindow",%REG_SZ%,"255 255 225"
HKO,"Control Panel\Colors","Menu",%REG_SZ%,"240 240 240"
HKO,"Control Panel\Colors","MenuBar",%REG_SZ%,"240 240 240"
HKO,"Control Panel\Colors","MenuHilight",%REG_SZ%,"51 153 255"
HKO,"Control Panel\Colors","MenuText",%REG_SZ%,"0 0 0"
HKO,"Control Panel\Colors","Scrollbar",%REG_SZ%,"200 200 200"
HKO,"Control Panel\Colors","TitleText",%REG_SZ%,"0 0 0"
HKO,"Control Panel\Colors","Window",%REG_SZ%,"255 255 255"
HKO,"Control Panel\Colors","WindowFrame",%REG_SZ%,"100 100 100"
HKO,"Control Panel\Colors","WindowText",%REG_SZ%,"0 0 0"
HKO,"Control Panel\Cursors","AppStarting",%REG_EXPAND_SZ%,"%%SystemRoot%%\cursors\aero_working.ani"
HKO,"Control Panel\Cursors","Arrow",%REG_EXPAND_SZ%,"%%SystemRoot%%\cursors\aero_arrow.cur"
HKO,"Control Panel\Cursors","ContactVisualization",%REG_DWORD%,1 ; 0x00000001
HKO,"Control Panel\Cursors","Crosshair",%REG_EXPAND_SZ%,""
HKO,"Control Panel\Cursors","CursorBaseSize",%REG_DWORD%,32 ; 0x00000020
HKO,"Control Panel\Cursors","GestureVisualization",%REG_DWORD%,31 ; 0x0000001f
HKO,"Control Panel\Cursors","Hand",%REG_EXPAND_SZ%,"%%SystemRoot%%\cursors\aero_link.cur"
HKO,"Control Panel\Cursors","Help",%REG_EXPAND_SZ%,"%%SystemRoot%%\cursors\aero_helpsel.cur"
HKO,"Control Panel\Cursors","IBeam",%REG_EXPAND_SZ%,""
HKO,"Control Panel\Cursors","No",%REG_EXPAND_SZ%,"%%SystemRoot%%\cursors\aero_unavail.cur"
HKO,"Control Panel\Cursors","NWPen",%REG_EXPAND_SZ%,"%%SystemRoot%%\cursors\aero_pen.cur"
HKO,"Control Panel\Cursors","Scheme Source",%REG_DWORD%,2 ; 0x00000002
HKO,"Control Panel\Cursors","SizeAll",%REG_EXPAND_SZ%,"%%SystemRoot%%\cursors\aero_move.cur"
HKO,"Control Panel\Cursors","SizeNESW",%REG_EXPAND_SZ%,"%%SystemRoot%%\cursors\aero_nesw.cur"
HKO,"Control Panel\Cursors","SizeNS",%REG_EXPAND_SZ%,"%%SystemRoot%%\cursors\aero_ns.cur"
HKO,"Control Panel\Cursors","SizeNWSE",%REG_EXPAND_SZ%,"%%SystemRoot%%\cursors\aero_nwse.cur"
HKO,"Control Panel\Cursors","SizeWE",%REG_EXPAND_SZ%,"%%SystemRoot%%\cursors\aero_ew.cur"
HKO,"Control Panel\Cursors","UpArrow",%REG_EXPAND_SZ%,"%%SystemRoot%%\cursors\aero_up.cur"
HKO,"Control Panel\Cursors","Wait",%REG_EXPAND_SZ%,"%%SystemRoot%%\cursors\aero_busy.ani"
HKO,"Control Panel\Desktop","ActiveWndTrackTimeout",%REG_DWORD%,0 ; 0x00000000
HKO,"Control Panel\Desktop","BlockSendInputResets",%REG_SZ%,"0"
HKO,"Control Panel\Desktop","CaretTimeout",%REG_DWORD%,5000 ; 0x00001388
HKO,"Control Panel\Desktop","CaretWidth",%REG_DWORD%,1 ; 0x00000001
HKO,"Control Panel\Desktop","ClickLockTime",%REG_DWORD%,1200 ; 0x000004b0
HKO,"Control Panel\Desktop","CoolSwitchColumns",%REG_SZ%,"7"
HKO,"Control Panel\Desktop","CoolSwitchRows",%REG_SZ%,"3"
HKO,"Control Panel\Desktop","CursorBlinkRate",%REG_SZ%,"530"
HKO,"Control Panel\Desktop","DockMoving",%REG_SZ%,"1"
HKO,"Control Panel\Desktop","DragFromMaximize",%REG_SZ%,"1"
HKO,"Control Panel\Desktop","DragFullWindows",%REG_SZ%,"1"
HKO,"Control Panel\Desktop","DragHeight",%REG_SZ%,"4"
HKO,"Control Panel\Desktop","DragWidth",%REG_SZ%,"4"
HKO,"Control Panel\Desktop","FocusBorderHeight",%REG_DWORD%,1 ; 0x00000001
HKO,"Control Panel\Desktop","FocusBorderWidth",%REG_DWORD%,1 ; 0x00000001
HKO,"Control Panel\Desktop","FontSmoothing",%REG_SZ%,"2"
HKO,"Control Panel\Desktop","FontSmoothingGamma",%REG_DWORD%,0 ; 0x00000000
HKO,"Control Panel\Desktop","FontSmoothingOrientation",%REG_DWORD%,1 ; 0x00000001
HKO,"Control Panel\Desktop","FontSmoothingType",%REG_DWORD%,2 ; 0x00000002
HKO,"Control Panel\Desktop","ForegroundFlashCount",%REG_DWORD%,7 ; 0x00000007
HKO,"Control Panel\Desktop","ForegroundLockTimeout",%REG_DWORD%,200000 ; 0x00030d40
HKO,"Control Panel\Desktop","LeftOverlapChars",%REG_SZ%,"3"
HKO,"Control Panel\Desktop","MenuShowDelay",%REG_SZ%,"400"
HKO,"Control Panel\Desktop","MouseWheelRouting",%REG_DWORD%,2 ; 0x00000002
HKO,"Control Panel\Desktop","PaintDesktopVersion",%REG_DWORD%,0 ; 0x00000000
HKO,"Control Panel\Desktop","Pattern",%REG_DWORD%,0 ; 0x00000000
HKO,"Control Panel\Desktop","RightOverlapChars",%REG_SZ%,"3"
HKO,"Control Panel\Desktop","ScreenSaveActive",%REG_SZ%,"1"
HKO,"Control Panel\Desktop","SnapSizing",%REG_SZ%,"1"
HKO,"Control Panel\Desktop","TileWallpaper",%REG_SZ%,"0"
HKO,"Control Panel\Desktop","WallPaper",%REG_SZ%,"C:\Windows\Web\Wallpaper\Windows\img0.jpg"
HKO,"Control Panel\Desktop","WallpaperOriginX",%REG_DWORD%,0 ; 0x00000000
HKO,"Control Panel\Desktop","WallpaperOriginY",%REG_DWORD%,0 ; 0x00000000
HKO,"Control Panel\Desktop","WallpaperStyle",%REG_SZ%,"10"
HKO,"Control Panel\Desktop","WheelScrollChars",%REG_SZ%,"3"
HKO,"Control Panel\Desktop","WheelScrollLines",%REG_SZ%,"3"
HKO,"Control Panel\Desktop","WindowArrangementActive",%REG_SZ%,"1"
HKO,"Control Panel\Desktop\Colors","ActiveBorder",%REG_SZ%,"212 208 200"
HKO,"Control Panel\Desktop\Colors","ActiveTitle",%REG_SZ%,"10 36 106"
HKO,"Control Panel\Desktop\Colors","AppWorkSpace",%REG_SZ%,"128 128 128"
HKO,"Control Panel\Desktop\Colors","ButtonAlternateFace",%REG_SZ%,"181 181 181"
HKO,"Control Panel\Desktop\Colors","ButtonDkShadow",%REG_SZ%,"64 64 64"
HKO,"Control Panel\Desktop\Colors","ButtonFace",%REG_SZ%,"212 208 200"
HKO,"Control Panel\Desktop\Colors","ButtonHiLight",%REG_SZ%,"255 255 255"
HKO,"Control Panel\Desktop\Colors","ButtonLight",%REG_SZ%,"212 208 200"
HKO,"Control Panel\Desktop\Colors","ButtonShadow",%REG_SZ%,"128 128 128"
HKO,"Control Panel\Desktop\Colors","ButtonText",%REG_SZ%,"0 0 0"
HKO,"Control Panel\Desktop\Colors","GradientActiveTitle",%REG_SZ%,"166 202 240"
HKO,"Control Panel\Desktop\Colors","GradientInactiveTitle",%REG_SZ%,"192 192 192"
HKO,"Control Panel\Desktop\Colors","GrayText",%REG_SZ%,"128 128 128"
HKO,"Control Panel\Desktop\Colors","Hilight",%REG_SZ%,"10 36 106"
HKO,"Control Panel\Desktop\Colors","HilightText",%REG_SZ%,"255 255 255"
HKO,"Control Panel\Desktop\Colors","HotTrackingColor",%REG_SZ%,"0 0 128"
HKO,"Control Panel\Desktop\Colors","InactiveBorder",%REG_SZ%,"212 208 200"
HKO,"Control Panel\Desktop\Colors","InactiveTitle",%REG_SZ%,"128 128 128"
HKO,"Control Panel\Desktop\Colors","InactiveTitleText",%REG_SZ%,"212 208 200"
HKO,"Control Panel\Desktop\Colors","InfoText",%REG_SZ%,"0 0 0"
HKO,"Control Panel\Desktop\Colors","InfoWindow",%REG_SZ%,"255 255 255"
HKO,"Control Panel\Desktop\Colors","Menu",%REG_SZ%,"212 208 200"
HKO,"Control Panel\Desktop\Colors","MenuText",%REG_SZ%,"0 0 0"
HKO,"Control Panel\Desktop\Colors","Scrollbar",%REG_SZ%,"212 208 200"
HKO,"Control Panel\Desktop\Colors","TitleText",%REG_SZ%,"255 255 255"
HKO,"Control Panel\Desktop\Colors","Window",%REG_SZ%,"255 255 255"
HKO,"Control Panel\Desktop\Colors","WindowFrame",%REG_SZ%,"0 0 0"
HKO,"Control Panel\Desktop\Colors","WindowText",%REG_SZ%,"0 0 0"
HKO,"Control Panel\Desktop\WindowMetrics","BorderWidth",%REG_SZ%,"#USR:Control Panel\Desktop\WindowMetrics"
HKO,"Control Panel\Desktop\WindowMetrics","CaptionFont",%REG_BINARY%,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,bc,02,00,00,00,00,00,00,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
HKO,"Control Panel\Desktop\WindowMetrics","CaptionHeight",%REG_SZ%,"-270"
HKO,"Control Panel\Desktop\WindowMetrics","CaptionWidth",%REG_SZ%,"-270"
HKO,"Control Panel\Desktop\WindowMetrics","IconFont",%REG_BINARY%,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,00,00,00,00,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
HKO,"Control Panel\Desktop\WindowMetrics","IconTitleWrap",%REG_SZ%,"1"
HKO,"Control Panel\Desktop\WindowMetrics","MenuFont",%REG_BINARY%,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,00,00,00,00,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
HKO,"Control Panel\Desktop\WindowMetrics","MenuHeight",%REG_SZ%,"-270"
HKO,"Control Panel\Desktop\WindowMetrics","MenuWidth",%REG_SZ%,"-270"
HKO,"Control Panel\Desktop\WindowMetrics","MessageFont",%REG_BINARY%,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,00,00,00,00,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
HKO,"Control Panel\Desktop\WindowMetrics","ScrollHeight",%REG_SZ%,"-240"
HKO,"Control Panel\Desktop\WindowMetrics","ScrollWidth",%REG_SZ%,"-240"
HKO,"Control Panel\Desktop\WindowMetrics","Shell Icon Size",%REG_SZ%,"32"
HKO,"Control Panel\Desktop\WindowMetrics","SmCaptionFont",%REG_BINARY%,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,bc,02,00,00,00,00,00,00,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
HKO,"Control Panel\Desktop\WindowMetrics","SmCaptionHeight",%REG_SZ%,"-180"
HKO,"Control Panel\Desktop\WindowMetrics","SmCaptionWidth",%REG_SZ%,"-180"
HKO,"Control Panel\Desktop\WindowMetrics","StatusFont",%REG_BINARY%,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,00,00,00,00,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
HKO,"Control Panel\Input Method","Show Status",%REG_SZ%,"1"
HKO,"Control Panel\Input Method\Hot Keys\00000010","Key Modifiers",%REG_BINARY%,02,c0,00,00
HKO,"Control Panel\Input Method\Hot Keys\00000010","Target IME",%REG_BINARY%,00,00,00,00
HKO,"Control Panel\Input Method\Hot Keys\00000010","Virtual Key",%REG_BINARY%,20,00,00,00
HKO,"Control Panel\Input Method\Hot Keys\00000011","Key Modifiers",%REG_BINARY%,04,c0,00,00
HKO,"Control Panel\Input Method\Hot Keys\00000011","Target IME",%REG_BINARY%,00,00,00,00
HKO,"Control Panel\Input Method\Hot Keys\00000011","Virtual Key",%REG_BINARY%,20,00,00,00
HKO,"Control Panel\Input Method\Hot Keys\00000012","Key Modifiers",%REG_BINARY%,02,c0,00,00
HKO,"Control Panel\Input Method\Hot Keys\00000012","Target IME",%REG_BINARY%,00,00,00,00
HKO,"Control Panel\Input Method\Hot Keys\00000012","Virtual Key",%REG_BINARY%,be,00,00,00
HKO,"Control Panel\Input Method\Hot Keys\00000070","Key Modifiers",%REG_BINARY%,02,c0,00,00
HKO,"Control Panel\Input Method\Hot Keys\00000070","Target IME",%REG_BINARY%,00,00,00,00
HKO,"Control Panel\Input Method\Hot Keys\00000070","Virtual Key",%REG_BINARY%,20,00,00,00
HKO,"Control Panel\Input Method\Hot Keys\00000071","Key Modifiers",%REG_BINARY%,04,c0,00,00
HKO,"Control Panel\Input Method\Hot Keys\00000071","Target IME",%REG_BINARY%,00,00,00,00
HKO,"Control Panel\Input Method\Hot Keys\00000071","Virtual Key",%REG_BINARY%,20,00,00,00
HKO,"Control Panel\Input Method\Hot Keys\00000072","Key Modifiers",%REG_BINARY%,03,c0,00,00
HKO,"Control Panel\Input Method\Hot Keys\00000072","Target IME",%REG_BINARY%,00,00,00,00
HKO,"Control Panel\Input Method\Hot Keys\00000072","Virtual Key",%REG_BINARY%,bc,00,00,00
HKO,"Control Panel\Input Method\Hot Keys\00000104","Key Modifiers",%REG_BINARY%,06,c0,00,00
HKO,"Control Panel\Input Method\Hot Keys\00000104","Target IME",%REG_BINARY%,11,04,01,e0
HKO,"Control Panel\Input Method\Hot Keys\00000104","Virtual Key",%REG_BINARY%,30,00,00,00
HKO,"Control Panel\Input Method\Hot Keys\00000200","Key Modifiers",%REG_BINARY%,03,c0,00,00
HKO,"Control Panel\Input Method\Hot Keys\00000200","Target IME",%REG_BINARY%,00,00,00,00
HKO,"Control Panel\Input Method\Hot Keys\00000200","Virtual Key",%REG_BINARY%,47,00,00,00
HKO,"Control Panel\Input Method\Hot Keys\00000201","Key Modifiers",%REG_BINARY%,03,c0,00,00
HKO,"Control Panel\Input Method\Hot Keys\00000201","Target IME",%REG_BINARY%,00,00,00,00
HKO,"Control Panel\Input Method\Hot Keys\00000201","Virtual Key",%REG_BINARY%,4b,00,00,00
HKO,"Control Panel\Input Method\Hot Keys\00000202","Key Modifiers",%REG_BINARY%,03,c0,00,00
HKO,"Control Panel\Input Method\Hot Keys\00000202","Target IME",%REG_BINARY%,00,00,00,00
HKO,"Control Panel\Input Method\Hot Keys\00000202","Virtual Key",%REG_BINARY%,4c,00,00,00
HKO,"Control Panel\Input Method\Hot Keys\00000203","Key Modifiers",%REG_BINARY%,03,c0,00,00
HKO,"Control Panel\Input Method\Hot Keys\00000203","Target IME",%REG_BINARY%,00,00,00,00
HKO,"Control Panel\Input Method\Hot Keys\00000203","Virtual Key",%REG_BINARY%,56,00,00,00
HKO,"Control Panel\International","Locale",%REG_SZ%,"00000407"
HKO,"Control Panel\International","LocaleName",%REG_SZ%,"de-DE"
HKO,"Control Panel\International","s1159",%REG_SZ%,""
HKO,"Control Panel\International","s2359",%REG_SZ%,""
HKO,"Control Panel\International","sCurrency",%REG_SZ%,"€"
HKO,"Control Panel\International","sDate",%REG_SZ%,"."
HKO,"Control Panel\International","sDecimal",%REG_SZ%,","
HKO,"Control Panel\International","sGrouping",%REG_SZ%,"3;0"
HKO,"Control Panel\International","sLanguage",%REG_SZ%,"DEU"
HKO,"Control Panel\International","sList",%REG_SZ%,";"
HKO,"Control Panel\International","sLongDate",%REG_SZ%,"dddd, d. MMMM yyyy"
HKO,"Control Panel\International","sMonDecimalSep",%REG_SZ%,","
HKO,"Control Panel\International","sMonGrouping",%REG_SZ%,"3;0"
HKO,"Control Panel\International","sMonThousandSep",%REG_SZ%,"."
HKO,"Control Panel\International","sNativeDigits",%REG_SZ%,"0123456789"
HKO,"Control Panel\International","sNegativeSign",%REG_SZ%,"-"
HKO,"Control Panel\International","sPositiveSign",%REG_SZ%,""
HKO,"Control Panel\International","sShortDate",%REG_SZ%,"dd.MM.yyyy"
HKO,"Control Panel\International","sThousand",%REG_SZ%,"."
HKO,"Control Panel\International","sTime",%REG_SZ%,":"
HKO,"Control Panel\International","sTimeFormat",%REG_SZ%,"HH:mm:ss"
HKO,"Control Panel\International","sShortTime",%REG_SZ%,"HH:mm"
HKO,"Control Panel\International","sYearMonth",%REG_SZ%,"MMMM yyyy"
HKO,"Control Panel\International","iCalendarType",%REG_SZ%,"1"
HKO,"Control Panel\International","iCountry",%REG_SZ%,"49"
HKO,"Control Panel\International","iCurrDigits",%REG_SZ%,"2"
HKO,"Control Panel\International","iCurrency",%REG_SZ%,"3"
HKO,"Control Panel\International","iDate",%REG_SZ%,"1"
HKO,"Control Panel\International","iDigits",%REG_SZ%,"2"
HKO,"Control Panel\International","NumShape",%REG_SZ%,"1"
HKO,"Control Panel\International","iFirstDayOfWeek",%REG_SZ%,"0"
HKO,"Control Panel\International","iFirstWeekOfYear",%REG_SZ%,"2"
HKO,"Control Panel\International","iLZero",%REG_SZ%,"1"
HKO,"Control Panel\International","iMeasure",%REG_SZ%,"0"
HKO,"Control Panel\International","iNegCurr",%REG_SZ%,"8"
HKO,"Control Panel\International","iNegNumber",%REG_SZ%,"1"
HKO,"Control Panel\International","iPaperSize",%REG_SZ%,"9"
HKO,"Control Panel\International","iTime",%REG_SZ%,"1"
HKO,"Control Panel\International","iTimePrefix",%REG_SZ%,"0"
HKO,"Control Panel\International","iTLZero",%REG_SZ%,"1"
HKO,"Control Panel\International\Geo","Nation",%REG_SZ%,"94"
HKO,"Control Panel\International\Geo","Name",%REG_SZ%,"DE"
HKO,"Control Panel\International\User Profile","Languages",%REG_MULTI_SZ%,"de-DE"
HKO,"Control Panel\International\User Profile","ShowAutoCorrection",%REG_DWORD%,1 ; 0x00000001
HKO,"Control Panel\International\User Profile","ShowTextPrediction",%REG_DWORD%,1 ; 0x00000001
HKO,"Control Panel\International\User Profile","ShowCasing",%REG_DWORD%,1 ; 0x00000001
HKO,"Control Panel\International\User Profile","ShowShiftLock",%REG_DWORD%,1 ; 0x00000001
HKO,"Control Panel\International\User Profile\de-DE","0407:00000407",%REG_DWORD%,1 ; 0x00000001
HKO,"Control Panel\International\User Profile System Backup","Languages",%REG_MULTI_SZ%,"de-DE"
HKO,"Control Panel\International\User Profile System Backup","ShowAutoCorrection",%REG_DWORD%,1 ; 0x00000001
HKO,"Control Panel\International\User Profile System Backup","ShowTextPrediction",%REG_DWORD%,1 ; 0x00000001
HKO,"Control Panel\International\User Profile System Backup","ShowCasing",%REG_DWORD%,1 ; 0x00000001
HKO,"Control Panel\International\User Profile System Backup","ShowShiftLock",%REG_DWORD%,1 ; 0x00000001
HKO,"Control Panel\International\User Profile System Backup\de-DE","0407:00000407",%REG_DWORD%,1 ; 0x00000001
HKO,"Control Panel\Keyboard","InitialKeyboardIndicators",%REG_SZ%,"2147483648"
HKO,"Control Panel\Keyboard","KeyboardDelay",%REG_SZ%,"1"
HKO,"Control Panel\Keyboard","KeyboardSpeed",%REG_SZ%,"31"
HKO,"Control Panel\Mouse","ActiveWindowTracking",%REG_DWORD%,0 ; 0x00000000
HKO,"Control Panel\Mouse","Beep",%REG_SZ%,"No"
HKO,"Control Panel\Mouse","DoubleClickHeight",%REG_SZ%,"4"
HKO,"Control Panel\Mouse","DoubleClickSpeed",%REG_SZ%,"500"
HKO,"Control Panel\Mouse","DoubleClickWidth",%REG_SZ%,"4"
HKO,"Control Panel\Mouse","ExtendedSounds",%REG_SZ%,"No"
HKO,"Control Panel\Mouse","MouseHoverHeight",%REG_SZ%,"4"
HKO,"Control Panel\Mouse","MouseHoverTime",%REG_SZ%,"400"
HKO,"Control Panel\Mouse","MouseHoverWidth",%REG_SZ%,"4"
HKO,"Control Panel\Mouse","MouseSensitivity",%REG_SZ%,"10"
HKO,"Control Panel\Mouse","MouseSpeed",%REG_SZ%,"1"
HKO,"Control Panel\Mouse","MouseThreshold1",%REG_SZ%,"6"
HKO,"Control Panel\Mouse","MouseThreshold2",%REG_SZ%,"10"
HKO,"Control Panel\Mouse","MouseTrails",%REG_SZ%,"0"
HKO,"Control Panel\Mouse","SmoothMouseXCurve",%REG_BINARY%,00,00,00,00,00,00,00,00,15,6e,00,00,00,00,00,00,00,40,01,00,00,00,00,00,29,dc,03,00,00,00,00,00,00,00,28,00,00,00,00,00
HKO,"Control Panel\Mouse","SmoothMouseYCurve",%REG_BINARY%,00,00,00,00,00,00,00,00,fd,11,01,00,00,00,00,00,00,24,04,00,00,00,00,00,00,fc,12,00,00,00,00,00,00,c0,bb,01,00,00,00,00
HKO,"Control Panel\Mouse","SnapToDefaultButton",%REG_SZ%,"0"
HKO,"Control Panel\Mouse","SwapMouseButtons",%REG_SZ%,"0"
HKO,"Control Panel\PowerCfg","CurrentPowerPolicy",%REG_SZ%,"0"
HKO,"Control Panel\PowerCfg\GlobalPowerPolicy","Policies",%REG_BINARY%,01,00,00,00,00,00,00,00,03,00,00,00,10,00,00,00,00,00,00,00,03,00,00,00,10,00,00,00,02,00,00,00,03,00,00,00,00,00,00,00,02,00,00,00,03,00,00,00,00,00,00,00,02,00,00,00,01,00,00,00,00,00,00,00,02,00,00,00,01,00,00,00,00,00,00,00,01,00,00,00,03,00,00,00,03,00,00,00,00,00,00,c0,01,00,00,00,05,00,00,00,01,00,00,00,0a,00,00,00,00,00,00,00,03,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,16,00,00,00
HKO,"Control Panel\PowerCfg\PowerPolicies\0","Description",%REG_SZ%,"This scheme is suited to most home or desktop computers that are left plugged in all the time."
HKO,"Control Panel\PowerCfg\PowerPolicies\0","Name",%REG_SZ%,"Home/Office Desk"
HKO,"Control Panel\PowerCfg\PowerPolicies\0","Policies",%REG_BINARY%,01,00,00,00,02,00,00,00,01,00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,2c,01,00,00,32,32,00,03,04,00,00,00,04,00,00,00,00,00,00,00,00,00,00,00,b0,04,00,00,2c,01,00,00,00,00,00,00,58,02,00,00,01,01,64,50,64,64,00,00
HKO,"Control Panel\PowerCfg\PowerPolicies\1","Description",%REG_SZ%,"This scheme is designed for extended battery life for portable computers on the road."
HKO,"Control Panel\PowerCfg\PowerPolicies\1","Name",%REG_SZ%,"Portable/Laptop"
HKO,"Control Panel\PowerCfg\PowerPolicies\1","Policies",%REG_BINARY%,01,00,00,00,02,00,00,00,01,00,00,00,00,00,00,00,02,00,00,00,01,00,00,00,00,00,00,00,b0,04,00,00,2c,01,00,00,32,32,03,03,04,00,00,00,04,00,00,00,00,00,00,00,00,00,00,00,84,03,00,00,2c,01,00,00,08,07,00,00,2c,01,00,00,01,01,64,50,64,64,00,00
HKO,"Control Panel\PowerCfg\PowerPolicies\2","Description",%REG_SZ%,"This scheme keeps the monitor on for doing presentations."
HKO,"Control Panel\PowerCfg\PowerPolicies\2","Name",%REG_SZ%,"Presentation"
HKO,"Control Panel\PowerCfg\PowerPolicies\2","Policies",%REG_BINARY%,01,00,00,00,02,00,00,00,01,00,00,00,00,00,00,00,02,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,84,03,00,00,32,32,03,02,04,00,00,00,04,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,2c,01,00,00,01,01,50,50,64,64,00,00
HKO,"Control Panel\PowerCfg\PowerPolicies\3","Description",%REG_SZ%,"This scheme keeps the computer running so that it can be accessed from the network.  Use this scheme if you do not have network wakeup hardware."
HKO,"Control Panel\PowerCfg\PowerPolicies\3","Name",%REG_SZ%,"Always On"
HKO,"Control Panel\PowerCfg\PowerPolicies\3","Policies",%REG_BINARY%,01,00,00,00,02,00,00,00,01,00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,32,32,00,00,04,00,00,00,04,00,00,00,00,00,00,00,00,00,00,00,b0,04,00,00,84,03,00,00,00,00,00,00,08,07,00,00,00,01,64,64,64,64,00,00
HKO,"Control Panel\PowerCfg\PowerPolicies\4","Description",%REG_SZ%,"This scheme keeps the computer on and optimizes it for high performance."
HKO,"Control Panel\PowerCfg\PowerPolicies\4","Name",%REG_SZ%,"Minimal Power Management"
HKO,"Control Panel\PowerCfg\PowerPolicies\4","Policies",%REG_BINARY%,01,00,00,00,02,00,00,00,01,00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,2c,01,00,00,32,32,03,03,04,00,00,00,04,00,00,00,00,00,00,00,00,00,00,00,84,03,00,00,2c,01,00,00,00,00,00,00,84,03,00,00,00,01,64,64,64,64,00,00
HKO,"Control Panel\PowerCfg\PowerPolicies\5","Description",%REG_SZ%,"This scheme is extremely aggressive for saving power."
HKO,"Control Panel\PowerCfg\PowerPolicies\5","Name",%REG_SZ%,"Max Battery"
HKO,"Control Panel\PowerCfg\PowerPolicies\5","Policies",%REG_BINARY%,01,00,00,00,02,00,00,00,01,00,00,00,00,00,00,00,02,00,00,00,05,00,00,00,00,00,00,00,b0,04,00,00,78,00,00,00,32,32,03,02,04,00,00,00,04,00,00,00,00,00,00,00,00,00,00,00,84,03,00,00,3c,00,00,00,00,00,00,00,b4,00,00,00,01,01,64,32,64,64,00,00
HKO,"Control Panel\Quick Actions\Pinned",,%REG_KEYONLY%
HKO,"Control Panel\Sound","Beep",%REG_SZ%,"yes"
HKO,"Control Panel\Sound","ExtendedSounds",%REG_SZ%,"yes"
HKO,"Environment","Path",%REG_EXPAND_SZ%,"%%USERPROFILE%%\AppData\Local\Microsoft\WindowsApps;"
HKO,"Environment","TEMP",%REG_EXPAND_SZ%,"%%USERPROFILE%%\AppData\Local\Temp"
HKO,"Environment","TMP",%REG_EXPAND_SZ%,"%%USERPROFILE%%\AppData\Local\Temp"
HKO,"EUDC\932","SystemDefaultEUDCFont",%REG_SZ%,"EUDC.TTE"
HKO,"EUDC\936","SystemDefaultEUDCFont",%REG_SZ%,"EUDC.TTE"
HKO,"EUDC\949","SystemDefaultEUDCFont",%REG_SZ%,"EUDC.TTE"
HKO,"EUDC\950","SystemDefaultEUDCFont",%REG_SZ%,"EUDC.TTE"
HKO,"Keyboard Layout\Preload","1",%REG_SZ%,"00000407"
HKO,"Keyboard Layout\Substitutes",,%REG_KEYONLY%
HKO,"Keyboard Layout\Toggle",,%REG_KEYONLY%
HKO,"Network",,%REG_KEYONLY%
HKO,"SOFTWARE\Google\Chrome\NativeMessagingHosts\com.microsoft.browsercore",,%REG_SZ%,"C:\Program Files\Windows Security\BrowserCore\manifest.json"
HKO,"SOFTWARE\Microsoft\Accessibility",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\Assistance\Client\1.0\Settings","FirstTimeHelppaneStartup",%REG_DWORD%,1 ; 0x00000001
HKO,"SOFTWARE\Microsoft\Assistance\Client\1.0\Settings","Height",%REG_DWORD%,340 ; 0x00000154
HKO,"SOFTWARE\Microsoft\Assistance\Client\1.0\Settings","ImplicitFeedback",%REG_DWORD%,0 ; 0x00000000
HKO,"SOFTWARE\Microsoft\Assistance\Client\1.0\Settings","OnlineAssist",%REG_DWORD%,0 ; 0x00000000
HKO,"SOFTWARE\Microsoft\Assistance\Client\1.0\Settings","PositionX",%REG_DWORD%,4294967295 ; 0xffffffff
HKO,"SOFTWARE\Microsoft\Assistance\Client\1.0\Settings","PositionY",%REG_DWORD%,4294967295 ; 0xffffffff
HKO,"SOFTWARE\Microsoft\Assistance\Client\1.0\Settings","UserID",%REG_SZ%,""
HKO,"SOFTWARE\Microsoft\Assistance\Client\1.0\Settings","Width",%REG_DWORD%,510 ; 0x000001fe
HKO,"SOFTWARE\Microsoft\Avalon.Graphics",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\CommsAPHost\Test",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\CTF\Assemblies\0x00000407\{34745C63-B2F0-4784-8B67-5E12C8701A31}","Default",%REG_SZ%,"{00000000-0000-0000-0000-000000000000}"
HKO,"SOFTWARE\Microsoft\CTF\Assemblies\0x00000407\{34745C63-B2F0-4784-8B67-5E12C8701A31}","Profile",%REG_SZ%,"{00000000-0000-0000-0000-000000000000}"
HKO,"SOFTWARE\Microsoft\CTF\Assemblies\0x00000407\{34745C63-B2F0-4784-8B67-5E12C8701A31}","KeyboardLayout",%REG_DWORD%,67568647 ; 0x04070407
HKO,"SOFTWARE\Microsoft\CTF\DirectSwitchHotkeys",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\CTF\HiddenDummyLayouts",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\CTF\SortOrder\AssemblyItem\0x00000407\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000","CLSID",%REG_SZ%,"{00000000-0000-0000-0000-000000000000}"
HKO,"SOFTWARE\Microsoft\CTF\SortOrder\AssemblyItem\0x00000407\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000","KeyboardLayout",%REG_DWORD%,67568647 ; 0x04070407
HKO,"SOFTWARE\Microsoft\CTF\SortOrder\AssemblyItem\0x00000407\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000","Profile",%REG_SZ%,"{00000000-0000-0000-0000-000000000000}"
HKO,"SOFTWARE\Microsoft\CTF\SortOrder\Language","00000000",%REG_SZ%,"00000407"
HKO,"SOFTWARE\Microsoft\CTF\TIP",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\Fax\FaxOptions",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\Fax\fxsclnt\Archive",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\Fax\fxsclnt\Confirm",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\Fax\Setup",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\Fax\UserInfo",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\GameBarApi",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\IME",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\Input\TIPC",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\Input\TSF\Tsf3Override",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\InputMethod",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\InputPersonalization","RestrictImplicitInkCollection",%REG_DWORD%,0 ; 0x00000000
HKO,"SOFTWARE\Microsoft\InputPersonalization","RestrictImplicitTextCollection",%REG_DWORD%,0 ; 0x00000000
HKO,"SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore","HarvestContacts",%REG_DWORD%,1 ; 0x00000001
HKO,"SOFTWARE\Microsoft\Internet Connection Wizard","Completed",%REG_DWORD%,1 ; 0x00000001
HKO,"SOFTWARE\Microsoft\Internet Explorer\Document Windows","height",%REG_BINARY%,00,00,00,00
HKO,"SOFTWARE\Microsoft\Internet Explorer\Document Windows","Maximized",%REG_SZ%,"no"
HKO,"SOFTWARE\Microsoft\Internet Explorer\Document Windows","width",%REG_BINARY%,00,00,00,80
HKO,"SOFTWARE\Microsoft\Internet Explorer\Document Windows","x",%REG_BINARY%,00,00,00,80
HKO,"SOFTWARE\Microsoft\Internet Explorer\Document Windows","y",%REG_BINARY%,00,00,00,00
HKO,"SOFTWARE\Microsoft\Internet Explorer\International","AcceptLanguage",%REG_SZ%,"de-DE,de;q=0.5"
HKO,"SOFTWARE\Microsoft\Internet Explorer\Main","Anchor Underline",%REG_SZ%,"yes"
HKO,"SOFTWARE\Microsoft\Internet Explorer\Main","Cache_Update_Frequency",%REG_SZ%,"yes"
HKO,"SOFTWARE\Microsoft\Internet Explorer\Main","Disable Script Debugger",%REG_SZ%,"yes"
HKO,"SOFTWARE\Microsoft\Internet Explorer\Main","DisableScriptDebuggerIE",%REG_SZ%,"yes"
HKO,"SOFTWARE\Microsoft\Internet Explorer\Main","Display Inline Images",%REG_SZ%,"yes"
HKO,"SOFTWARE\Microsoft\Internet Explorer\Main","Do404Search",%REG_BINARY%,01,00,00,00
HKO,"SOFTWARE\Microsoft\Internet Explorer\Main","Local Page",%REG_SZ%,"%%11%%\blank.htm"
HKO,"SOFTWARE\Microsoft\Internet Explorer\Main","Save_Session_History_On_Exit",%REG_SZ%,"no"
HKO,"SOFTWARE\Microsoft\Internet Explorer\Main","Search Page",%REG_SZ%,"http://go.microsoft.com/fwlink/?LinkId=54896"
HKO,"SOFTWARE\Microsoft\Internet Explorer\Main","Show_FullURL",%REG_SZ%,"no"
HKO,"SOFTWARE\Microsoft\Internet Explorer\Main","Show_StatusBar",%REG_SZ%,"yes"
HKO,"SOFTWARE\Microsoft\Internet Explorer\Main","Show_ToolBar",%REG_SZ%,"yes"
HKO,"SOFTWARE\Microsoft\Internet Explorer\Main","Show_URLinStatusBar",%REG_SZ%,"yes"
HKO,"SOFTWARE\Microsoft\Internet Explorer\Main","Show_URLToolBar",%REG_SZ%,"yes"
HKO,"SOFTWARE\Microsoft\Internet Explorer\Main","Use_DlgBox_Colors",%REG_SZ%,"yes"
HKO,"SOFTWARE\Microsoft\Internet Explorer\Main","UseClearType",%REG_SZ%,"no"
HKO,"SOFTWARE\Microsoft\Internet Explorer\Main","XMLHTTP",%REG_DWORD%,1 ; 0x00000001
HKO,"SOFTWARE\Microsoft\Internet Explorer\New Windows","PopupMgr",%REG_SZ%,"yes"
HKO,"SOFTWARE\Microsoft\Internet Explorer\New Windows","Use Anchor Hover Color",%REG_SZ%,"1"
HKO,"SOFTWARE\Microsoft\Internet Explorer\New Windows","UseSecBand",%REG_SZ%,"1"
HKO,"SOFTWARE\Microsoft\Internet Explorer\Security","Safety Warning Level",%REG_SZ%,"Query"
HKO,"SOFTWARE\Microsoft\Internet Explorer\Security","Sending_Security",%REG_SZ%,"Medium"
HKO,"SOFTWARE\Microsoft\Internet Explorer\Security","Viewing_Security",%REG_SZ%,"Low"
HKO,"SOFTWARE\Microsoft\Internet Explorer\Services",,%REG_SZ%,""
HKO,"SOFTWARE\Microsoft\Internet Explorer\Settings","Anchor Color",%REG_SZ%,"0,0,255"
HKO,"SOFTWARE\Microsoft\Internet Explorer\Settings","Anchor Color Visited",%REG_SZ%,"128,0,128"
HKO,"SOFTWARE\Microsoft\Internet Explorer\Settings","Background Color",%REG_SZ%,"192,192,192"
HKO,"SOFTWARE\Microsoft\Internet Explorer\Settings","Text Color",%REG_SZ%,"0,0,0"
HKO,"SOFTWARE\Microsoft\Internet Explorer\Settings","Use Anchor Hover Color",%REG_SZ%,"No"
HKO,"SOFTWARE\Microsoft\Internet Explorer\TypedURLs","url1",%REG_SZ%,"http://go.microsoft.com/fwlink/p/?LinkId=255141"
HKO,"SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks","{CFBFAE00-17A6-11D0-99CB-00C04FD64497}",%REG_SZ%,""
HKO,"SOFTWARE\Microsoft\MobilePC\AdaptableSettings",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\Multimedia\Audio\DefaultEndpoint",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\Narrator\NoRoam","RunningState",%REG_DWORD%,0 ; 0x00000000
HKO,"SOFTWARE\Microsoft\OneDrive","EnableDownlevelInstallOnBluePlus",%REG_DWORD%,0 ; 0x00000000
HKO,"SOFTWARE\Microsoft\OneDrive","EnableTHDFFeatures",%REG_DWORD%,1 ; 0x00000001
HKO,"SOFTWARE\Microsoft\Osk","RunningState",%REG_DWORD%,0 ; 0x00000000
HKO,"SOFTWARE\Microsoft\PeerNet\Event_Config",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\Personalization\Settings","AcceptedPrivacyPolicy",%REG_DWORD%,1 ; 0x00000001
HKO,"SOFTWARE\Microsoft\Phone\ShellUI",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\Remote Assistance",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\ScreenMagnifier","RunningState",%REG_DWORD%,0 ; 0x00000000
HKO,"SOFTWARE\Microsoft\Sensors",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\Speech\Preferences\AppCompatDisableDictation","dwm.exe",%REG_SZ%,""
HKO,"SOFTWARE\Microsoft\Speech\Preferences\AppCompatDisableDictation","tabtip.exe",%REG_SZ%,""
HKO,"SOFTWARE\Microsoft\Speech\Preferences\AppCompatDisableMSAA","devenv.exe",%REG_SZ%,""
HKO,"SOFTWARE\Microsoft\Speech\Preferences\AppCompatDisableMSAA","taskmgr.exe",%REG_SZ%,""
HKO,"SOFTWARE\Microsoft\TabletTip\1.7",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\UEV\Agent","UserConsoleVersion",%REG_SZ%,"10.0.19041.1387"
HKO,"SOFTWARE\Microsoft\WAB\WAB4\Wab File Name",,%REG_SZ%,""
HKO,"SOFTWARE\Microsoft\WcmSvc\Tethering\Roaming",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\wfs\DraftsView",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\wfs\InboxView",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\wfs\IncomingView",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\wfs\OutboxView",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\wfs\SentItemsView",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\Windows\AssignedAccessConfiguration",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ClickNote\UserCustomization\DoubleClickBelowLock","Override",%REG_DWORD%,5 ; 0x00000005
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ClickNote\UserCustomization\DoubleClickBelowLock","PenWorkspaceVerb",%REG_DWORD%,3 ; 0x00000003
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ClickNote\UserCustomization\LongPressBelowLock","Override",%REG_DWORD%,5 ; 0x00000005
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ClickNote\UserCustomization\LongPressBelowLock","PenWorkspaceVerb",%REG_DWORD%,1 ; 0x00000001
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ClickNote\UserCustomization\SingleClickBelowLock","Override",%REG_DWORD%,8 ; 0x00000008
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ClickNote\UserCustomization\SingleClickBelowLock","PenWorkspaceVerb",%REG_DWORD%,0 ; 0x00000000
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager","FeatureManagementEnabled",%REG_DWORD%,0 ; 0x00000000
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager","OemPreInstalledAppsEnabled",%REG_DWORD%,1 ; 0x00000001
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager","PreInstalledAppsEnabled",%REG_DWORD%,1 ; 0x00000001
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager","RotatingLockScreenEnabled",%REG_DWORD%,1 ; 0x00000001
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager","RotatingLockScreenOverlayEnabled",%REG_DWORD%,1 ; 0x00000001
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager","SilentInstalledAppsEnabled",%REG_DWORD%,1 ; 0x00000001
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager","SoftLandingEnabled",%REG_DWORD%,1 ; 0x00000001
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager","SystemPaneSuggestionsEnabled",%REG_DWORD%,1 ; 0x00000001
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager","SlideshowEnabled",%REG_DWORD%,0 ; 0x00000000
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Renderers\SubscribedContent-310091","Version",%REG_SZ%,"2"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Renderers\SubscribedContent-310092","Version",%REG_SZ%,"2"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Renderers\SubscribedContent-338380","Version",%REG_SZ%,"2"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Renderers\SubscribedContent-338381","Version",%REG_SZ%,"2"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Renderers\SubscribedContent-338387","Version",%REG_SZ%,"2"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Renderers\SubscribedContent-338388","Version",%REG_SZ%,"2"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Subscriptions",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced","Start_SearchFiles",%REG_DWORD%,2 ; 0x00000002
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers","DisableAutoplay",%REG_DWORD%,0 ; 0x00000000
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlersDefaultSelection",,%REG_SZ%,""
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\UserChosenExecuteHandlers",,%REG_SZ%,""
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon","empty",%REG_EXPAND_SZ%,"%%SystemRoot%%\System32\imageres.dll,-55"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon","full",%REG_EXPAND_SZ%,"%%SystemRoot%%\System32\imageres.dll,-54"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SearchPlatform\Preferences","BreadCrumbBarSearchDefault",%REG_SZ%,"MSNSearch"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SearchPlatform\Preferences","DisableAutoNavigateURL",%REG_DWORD%,0 ; 0x00000000
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SearchPlatform\Preferences","DisableAutoResolveEmailAddrs",%REG_DWORD%,0 ; 0x00000000
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SearchPlatform\Preferences","DisableResultsInNewWindow",%REG_DWORD%,0 ; 0x00000000
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SearchPlatform\Preferences","DisableTabbedBrowsing",%REG_DWORD%,0 ; 0x00000000
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SearchPlatform\Preferences","EditSavedSearch",%REG_DWORD%,0 ; 0x00000000
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SearchPlatform\Preferences","IEAddressBarSearchDefault",%REG_SZ%,"MSNSearch"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders","!Do not use this registry key",%REG_SZ%,"Use the SHGetFolderPath or SHGetKnownFolderPath function instead"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","AppData",%REG_EXPAND_SZ%,"%%USERPROFILE%%\AppData\Roaming"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","Cache",%REG_EXPAND_SZ%,"%%USERPROFILE%%\AppData\Local\Microsoft\Windows\INetCache"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","Cookies",%REG_EXPAND_SZ%,"%%USERPROFILE%%\AppData\Local\Microsoft\Windows\INetCookies"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","Desktop",%REG_EXPAND_SZ%,"%%USERPROFILE%%\Desktop"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","Favorites",%REG_EXPAND_SZ%,"%%USERPROFILE%%\Favorites"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","History",%REG_EXPAND_SZ%,"%%USERPROFILE%%\AppData\Local\Microsoft\Windows\History"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","Local AppData",%REG_EXPAND_SZ%,"%%USERPROFILE%%\AppData\Local"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","My Music",%REG_EXPAND_SZ%,"%%USERPROFILE%%\Music"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","My Pictures",%REG_EXPAND_SZ%,"%%USERPROFILE%%\Pictures"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","My Video",%REG_EXPAND_SZ%,"%%USERPROFILE%%\Videos"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","NetHood",%REG_EXPAND_SZ%,"%%USERPROFILE%%\AppData\Roaming\Microsoft\Windows\Network Shortcuts"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","Personal",%REG_EXPAND_SZ%,"%%USERPROFILE%%\Documents"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","PrintHood",%REG_EXPAND_SZ%,"%%USERPROFILE%%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","Programs",%REG_EXPAND_SZ%,"%%USERPROFILE%%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","Recent",%REG_EXPAND_SZ%,"%%USERPROFILE%%\AppData\Roaming\Microsoft\Windows\Recent"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SendTo",%REG_EXPAND_SZ%,"%%USERPROFILE%%\AppData\Roaming\Microsoft\Windows\SendTo"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","Start Menu",%REG_EXPAND_SZ%,"%%USERPROFILE%%\AppData\Roaming\Microsoft\Windows\Start Menu"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","Startup",%REG_EXPAND_SZ%,"%%USERPROFILE%%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","Templates",%REG_EXPAND_SZ%,"%%USERPROFILE%%\AppData\Roaming\Microsoft\Windows\Templates"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","{374DE290-123F-4565-9164-39C4925E467B}",%REG_EXPAND_SZ%,"%%USERPROFILE%%\Downloads"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\FileHistory\RestoreUI","FolderViewType",%REG_SZ%,"MediumIcons"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\FileHistory\RestoreUI","SearchResultsViewType",%REG_SZ%,"Content"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\FileHistory\RestoreUI","WindowLocation",%REG_SZ%,""
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Holographic","FirstRunSucceeded",%REG_DWORD%,0 ; 0x00000000
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Holographic\StageManagement","DisableQuickRoomSetup",%REG_DWORD%,0 ; 0x00000000
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Holographic\StageManagement","DisableStageNearbyRequirement",%REG_DWORD%,0 ; 0x00000000
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","ActiveLearning",%REG_SZ%,"0x00000001"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","AnsiChar",%REG_SZ%,"0x00000001"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","AutoCandState",%REG_SZ%,"0x00000000"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","BallonUI",%REG_SZ%,"0x00000001"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","BeepEnable",%REG_SZ%,"0x00000001"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","Big5CharOnly",%REG_SZ%,"0x00000000"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","CandidateLargeFont",%REG_SZ%,"0x00000000"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","CandidateSortType",%REG_SZ%,"0x00000001"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","ChangJie.All.ActiveAlphaNum",%REG_SZ%,"0x00000000"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","ChangJie.All.ZkeyAsWildCard",%REG_SZ%,"0x00000001"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","ChangJie.AssociatedWord",%REG_SZ%,"0x00000001"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","ChangJie.IsOfflineReading",%REG_SZ%,"0x00000000"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","ChangJie.ReadLayout",%REG_SZ%,"0x00010030"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","CharMode",%REG_SZ%,"0x00000001"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","CustomLayout",%REG_BINARY%,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","DefaultLanguage",%REG_SZ%,"0x00000001"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","Delemiter",%REG_SZ%,"0x00000001"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","Domain",%REG_SZ%,"0x00000001"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","EnableCNSReading",%REG_SZ%,"0x00000000"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","EnableExtensionA_Char",%REG_SZ%,"0x00000000"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","EnableExtensionB_Char",%REG_SZ%,"0x00000000"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","EudpSCK",%REG_SZ%,"0x00000001"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","Fuzzy",%REG_SZ%,"0x00000000"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","HFTLearning",%REG_SZ%,"0x00000000"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","Intellegnt.Eudp",%REG_SZ%,"0x00000001"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","Intelligent.AssociatedWord",%REG_SZ%,"0x00000000"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","Intelligent.AutoFinalize",%REG_SZ%,"0x00000000"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","Intelligent.AutoInputSwitch",%REG_SZ%,"0x00000000"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","Intelligent.EnableFinal",%REG_SZ%,"0x00000001"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","Intelligent.EscapeFunc",%REG_SZ%,"0x00000000"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","LeadingIndicator",%REG_SZ%,"0x00000001"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","Legacy.AutoFinalize",%REG_SZ%,"0x00000000"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","Legacy.AutoInputSwitch",%REG_SZ%,"0x00000000"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","Legacy.EnableFinal",%REG_SZ%,"0x00000000"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","Legacy.EscapeFunc",%REG_SZ%,"0x00000000"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","Legacy.Eudp",%REG_SZ%,"0x00000000"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","Legacy.Modeless",%REG_SZ%,"0x00000000"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","MaxCharPerSentence",%REG_SZ%,"0x00000020"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","NewChangJie.Modeless",%REG_SZ%,"0x00000000"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","NewPhonetic.IntCharMode",%REG_SZ%,"0x00000000"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","NewPhonetic.Modeless",%REG_SZ%,"0x00000000"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","NewQuick.Modeless",%REG_SZ%,"0x00000000"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","Phonetic.All.ActiveAlphaNum",%REG_SZ%,"0x00000000"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","Phonetic.All.ZkeyAsWildCard",%REG_SZ%,"0x00000001"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","Phonetic.AssociatedWord",%REG_SZ%,"0x00000001"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","Phonetic.IntCharMode",%REG_SZ%,"0x00000001"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","Phonetic.IsOfflineReading",%REG_SZ%,"0x00000000"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","Phonetic.ReadLayout",%REG_SZ%,"0x00020010"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","PhrManEudpSortType",%REG_SZ%,"0x00000000"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","PhrManSelfLearnSortType",%REG_SZ%,"0x00000000"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","PluginLexiconInfo",%REG_BINARY%,00,00,00,00,00,00,00,00
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","PuncEnable",%REG_SZ%,"0x00000001"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","Quick.AssociatedWord",%REG_SZ%,"0x00000001"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","Quick.ZkeyAsWildCard",%REG_SZ%,"0x00000000"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","ReconvertLength",%REG_SZ%,"0x00000020"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","ReservedWord",%REG_BINARY%,08,00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,2f,00,2f,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,66,00,69,00,6c,00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,66,00,74,00,70,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,68,00,74,00,74,00,70,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,6d,00,61,00,69,00,6c,00,74,00,6f,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,6e,00,65,00,77,00,73,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,77,00,69,00,6e,00,64,00,6f,00,77,00,73,00,00,00,00,00,00,00,00,00,00,00,00,00,77,00,77,00,77,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","ReversedReadingType",%REG_SZ%,"0x00000000"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","SelfLearning",%REG_SZ%,"0x00000001"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","SharedEudp",%REG_SZ%,"0x00000000"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","ShiftLeft",%REG_SZ%,"0x00000000"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","ShiftRight",%REG_SZ%,"0x00000001"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","Surrogate",%REG_SZ%,"0x00000000"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","Trigram",%REG_SZ%,"0x00000000"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","UserSymbolMapping",%REG_BINARY%,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,20,00,31,00,32,00,33,00,34,00,35,00,36,00,37,00,38,00,39,00,30,00,61,00,62,00,63,00,64,00,65,00,66,00,67,00,68,00,69,00,6a,00,6b,00,6c,00,6d,00,6e,00,6f,00,70,00,71,00,72,00,73,00,74,00,75,00,76,00,77,00,78,00,79,00,7a,00,2d,00,3d,00,5c,00,5b,00,5d,00,3b,00,27,00,2c,00,2e,00,2f,00,60,00,00,30,11,ff,12,ff,13,ff,14,ff,15,ff,16,ff,17,ff,18,ff,19,ff,10,ff,41,ff,42,ff,43,ff,44,ff,45,ff,46,ff,47,ff,48,ff,49,ff,4a,ff,4b,ff,4c,ff,4d,ff,4e,ff,4f,ff,50,ff,51,ff,52,ff,53,ff,54,ff,55,ff,56,ff,57,ff,58,ff,59,ff,5a,ff,00,25,1d,ff,3c,ff,14,30,15,30,54,fe,19,20,0c,ff,02,30,0f,ff,35,20,20,00,21,00,40,00,23,00,24,00,25,00,5e,00,26,00,2a,00,28,00,29,00,41,00,42,00,43,00,44,00,45,00,46,00,47,00,48,00,49,00,4a,00,4b,00,4c,00,4d,00,4e,00,4f,00,50,00,51,00,52,00,53,00,54,00,55,00,56,00,57,00,58,00,59,00,5a,00,5f,00,2b,00,7c,00,7b,00,7d,00,3a,00,22,00,3c,00,3e,00,3f,00,7e,00,00,30,01,ff,20,ff,03,ff,04,ff,05,ff,3f,fe,06,ff,0a,ff,08,ff,09,ff,21,ff,22,ff,23,ff,24,ff,25,ff,26,ff,27,ff,28,ff,29,ff,2a,ff,2b,ff,2c,ff,2d,ff,2e,ff,2f,ff,30,ff,31,ff,32,ff,33,ff,34,ff,35,ff,36,ff,37,ff,38,ff,39,ff,3a,ff,3f,ff,0b,ff,5c,ff,5b,ff,5d,ff,1a,ff,1d,20,1c,ff,1e,ff,1f,ff,5e,ff,20,00,31,00,32,00,33,00,34,00,35,00,36,00,37,00,38,00,39,00,30,00,61,00,62,00,63,00,64,00,65,00,66,00,67,00,68,00,69,00,6a,00,6b,00,6c,00,6d,00,6e,00,6f,00,70,00,71,00,72,00,73,00,74,00,75,00,76,00,77,00,78,00,79,00,7a,00,2d,00,3d,00,5c,00,5b,00,5d,00,3b,00,27,00,2c,00,2e,00,2f,00,60,00,00,30,11,ff,12,ff,13,ff,14,ff,15,ff,16,ff,17,ff,18,ff,19,ff,10,ff,41,ff,42,ff,43,ff,44,ff,45,ff,46,ff,47,ff,48,ff,49,ff,4a,ff,4b,ff,4c,ff,4d,ff,4e,ff,4f,ff,50,ff,51,ff,52,ff,53,ff,54,ff,55,ff,56,ff,57,ff,58,ff,59,ff,5a,ff,00,25,1d,ff,3c,ff,14,30,15,30,54,fe,19,20,0c,ff,02,30,0f,ff,35,20,20,00,21,00,40,00,23,00,24,00,25,00,5e,00,26,00,2a,00,28,00,29,00,41,00,42,00,43,00,44,00,45,00,46,00,47,00,48,00,49,00,4a,00,4b,00,4c,00,4d,00,4e,00,4f,00,50,00,51,00,52,00,53,00,54,00,55,00,56,00,57,00,58,00,59,00,5a,00,5f,00,2b,00,7c,00,7b,00,7d,00,3a,00,22,00,3c,00,3e,00,3f,00,7e,00,00,30,01,ff,20,ff,03,ff,04,ff,05,ff,3f,fe,06,ff,0a,ff,08,ff,09,ff,21,ff,22,ff,23,ff,24,ff,25,ff,26,ff,27,ff,28,ff,29,ff,2a,ff,2b,ff,2c,ff,2d,ff,2e,ff,2f,ff,30,ff,31,ff,32,ff,33,ff,34,ff,35,ff,36,ff,37,ff,38,ff,39,ff,3a,ff,3f,ff,0b,ff,5c,ff,5b,ff,5d,ff,1a,ff,1d,20,1c,ff,1e,ff,1f,ff,5e,ff,20,00,31,00,32,00,33,00,34,00,35,00,36,00,37,00,38,00,39,00,30,00,61,00,62,00,63,00,64,00,65,00,66,00,67,00,68,00,69,00,6a,00,6b,00,6c,00,6d,00,6e,00,6f,00,70,00,71,00,72,00,73,00,74,00,75,00,76,00,77,00,78,00,79,00,7a,00,2d,00,3d,00,5c,00,5b,00,5d,00,3b,00,27,00,2c,00,2e,00,2f,00,60,00,00,30,11,ff,12,ff,13,ff,14,ff,15,ff,16,ff,17,ff,18,ff,19,ff,10,ff,41,ff,42,ff,43,ff,44,ff,45,ff,46,ff,47,ff,48,ff,49,ff,4a,ff,4b,ff,4c,ff,4d,ff,4e,ff,4f,ff,50,ff,51,ff,52,ff,53,ff,54,ff,55,ff,56,ff,57,ff,58,ff,59,ff,5a,ff,00,25,1d,ff,3c,ff,14,30,15,30,54,fe,19,20,0c,ff,02,30,0f,ff,35,20,20,00,21,00,40,00,23,00,24,00,25,00,5e,00,26,00,2a,00,28,00,29,00,41,00,42,00,43,00,44,00,45,00,46,00,47,00,48,00,49,00,4a,00,4b,00,4c,00,4d,00,4e,00,4f,00,50,00,51,00,52,00,53,00,54,00,55,00,56,00,57,00,58,00,59,00,5a,00,5f,00,2b,00,7c,00,7b,00,7d,00,3a,00,22,00,3c,00,3e,00,3f,00,7e,00,00,30,01,ff,20,ff,03,ff,04,ff,05,ff,3f,fe,06,ff,0a,ff,08,ff,09,ff,21,ff,22,ff,23,ff,24,ff,25,ff,26,ff,27,ff,28,ff,29,ff,2a,ff,2b,ff,2c,ff,2d,ff,2e,ff,2f,ff,30,ff,31,ff,32,ff,33,ff,34,ff,35,ff,36,ff,37,ff,38,ff,39,ff,3a,ff,3f,ff,0b,ff,5c,ff,5b,ff,5d,ff,1a,ff,1d,20,1c,ff,1e,ff,1f,ff,5e,ff
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70","VirtualInputMode",%REG_SZ%,"0x00000000"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70\FuzzyScheme","Data",%REG_BINARY%,87,3f,00,00
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70\FuzzyScheme","Name",%REG_SZ%,"{EF8C6C27-997A-4af2-BC0E-A15C84790F8C}"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings","CertificateRevocation",%REG_DWORD%,1 ; 0x00000001
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings","DisableCachingOfSSLPages",%REG_DWORD%,0 ; 0x00000000
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings","IE5_UA_Backup_Flag",%REG_SZ%,"5.0"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings","PrivacyAdvanced",%REG_DWORD%,1 ; 0x00000001
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings","SecureProtocols",%REG_DWORD%,2688 ; 0x00000a80
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings","User Agent",%REG_SZ%,"Mozilla/5.0 (compatible; MSIE 9.0; Win32)"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache","Persistent",%REG_DWORD%,1 ; 0x00000001
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters\RPA",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Passport",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Lock Screen","LockAppAumId",%REG_SZ%,"Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Mobility",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\PenWorkspace\Notes","NotesApp",%REG_SZ%,"Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe!App"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\PrecisionTouchPad","AAPThreshold",%REG_DWORD%,2 ; 0x00000002
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\PrecisionTouchPad","CursorSpeed",%REG_DWORD%,10 ; 0x0000000a
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\PrecisionTouchPad","EnableEdgy",%REG_DWORD%,1 ; 0x00000001
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\PrecisionTouchPad","LeaveOnWithMouse",%REG_DWORD%,1 ; 0x00000001
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\PrecisionTouchPad","PanEnabled",%REG_DWORD%,1 ; 0x00000001
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\PrecisionTouchPad","RightClickZoneEnabled",%REG_DWORD%,1 ; 0x00000001
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\PrecisionTouchPad","ScrollDirection",%REG_DWORD%,0 ; 0x00000000
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\PrecisionTouchPad","TapAndDrag",%REG_DWORD%,1 ; 0x00000001
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\PrecisionTouchPad","TapsEnabled",%REG_DWORD%,1 ; 0x00000001
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\PrecisionTouchPad","TwoFingerTapEnabled",%REG_DWORD%,1 ; 0x00000001
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\PrecisionTouchPad","ZoomEnabled",%REG_DWORD%,1 ; 0x00000001
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\PrecisionTouchPad\Status","Enabled",%REG_DWORD%,1 ; 0x00000001
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Privacy","TailoredExperiencesWithDiagnosticDataEnabled",%REG_DWORD%,2 ; 0x00000002
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\Applications\Windows.SystemToast.CloudExperienceHostLauncher","ApplicationType",%REG_DWORD%,1073741824 ; 0x40000000
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\Applications\Windows.SystemToast.CloudExperienceHostLauncher","Capabilities",%REG_DWORD%,9471 ; 0x000024ff
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\Applications\Windows.SystemToast.CloudExperienceHostLauncher","PackageMoniker",%REG_SZ%,"System"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\Applications\Windows.SystemToast.CloudExperienceHostLauncherCustom","ApplicationType",%REG_DWORD%,1073741824 ; 0x40000000
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\Applications\Windows.SystemToast.CloudExperienceHostLauncherCustom","Capabilities",%REG_DWORD%,9471 ; 0x000024ff
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\Applications\Windows.SystemToast.CloudExperienceHostLauncherCustom","PackageMoniker",%REG_SZ%,"System"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\Applications\Windows.SystemToast.DisplaySettings","ApplicationType",%REG_DWORD%,1073741824 ; 0x40000000
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\Applications\Windows.SystemToast.DisplaySettings","Capabilities",%REG_DWORD%,9471 ; 0x000024ff
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\Applications\Windows.SystemToast.DisplaySettings","PackageMoniker",%REG_SZ%,"System"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\Applications\Windows.SystemToast.FodHelper","ApplicationType",%REG_DWORD%,1073741824 ; 0x40000000
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\Applications\Windows.SystemToast.FodHelper","Capabilities",%REG_DWORD%,9471 ; 0x000024ff
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\Applications\Windows.SystemToast.FodHelper","PackageMoniker",%REG_SZ%,"System"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\Applications\Windows.SystemToast.MobilityExperience","ApplicationType",%REG_DWORD%,1073741824 ; 0x40000000
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\Applications\Windows.SystemToast.MobilityExperience","Capabilities",%REG_DWORD%,9471 ; 0x000024ff
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\Applications\Windows.SystemToast.MobilityExperience","PackageMoniker",%REG_SZ%,"System"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\Applications\Windows.SystemToast.Suggested","ApplicationType",%REG_DWORD%,1073741824 ; 0x40000000
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\Applications\Windows.SystemToast.Suggested","Capabilities",%REG_DWORD%,9471 ; 0x000024ff
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\Applications\Windows.SystemToast.Suggested","PackageMoniker",%REG_SZ%,"System"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\Applications\Windows.SystemToast.WindowsTip","ApplicationType",%REG_DWORD%,1073741824 ; 0x40000000
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\Applications\Windows.SystemToast.WindowsTip","Capabilities",%REG_DWORD%,9471 ; 0x000024ff
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\Applications\Windows.SystemToast.WindowsTip","PackageMoniker",%REG_SZ%,"System"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\RADAR","CLResolutionInterval",%REG_DWORD%,5 ; 0x00000005
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\RADAR","DisplayInterval",%REG_DWORD%,1440 ; 0x000005a0
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Run","OneDriveSetup",%REG_SZ%,"C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Screensavers\Bubbles\Screen 1",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Screensavers\Bubbles\Screen 2",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Screensavers\Mystify\Screen 1",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Screensavers\Mystify\Screen 2",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Screensavers\Ribbons\Screen 1",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Screensavers\Ribbons\Screen 2",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Screensavers\ssText3d\Screen 1",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Screensavers\ssText3d\Screen 2",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\AppSync","Enabled",%REG_DWORD%,1 ; 0x00000001
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\SmartGlass","UserAuthPolicy",%REG_DWORD%,1 ; 0x00000001
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\HandoffPriorities","RequestMakeCall",%REG_SZ%,"DIALER.EXE"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\HandoffPriorities\MediaModes",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager","DllName",%REG_EXPAND_SZ%,"%%SystemRoot%%\resources\themes\Aero\Aero.msstyles"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager","PrePolicy-DllName",%REG_SZ%,"C:\Windows\resources\themes\Aero\Aero.msstyles"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Themes","InstallVisualStyleColor",%REG_SZ%,"NormalColor"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Themes","InstallVisualStyleSize",%REG_SZ%,"NormalSize"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Themes","LastHighContrastTheme",%REG_EXPAND_SZ%,"%%SystemRoot%%\resources\Ease of Access Themes\hcblack.theme"
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Themes","ThemeChangesDesktopIcons",%REG_DWORD%,1 ; 0x00000001
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Themes","ThemeChangesMousePointers",%REG_DWORD%,1 ; 0x00000001
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize","ColorPrevalence",%REG_DWORD%,0 ; 0x00000000
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize","EnableTransparency",%REG_DWORD%,1 ; 0x00000001
HKO,"SOFTWARE\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing","State",%REG_DWORD%,146432 ; 0x00023c00
HKO,"SOFTWARE\Microsoft\Windows\DWM","Composition",%REG_DWORD%,1 ; 0x00000001
HKO,"SOFTWARE\Microsoft\Windows\TabletPC\Snipping Tool",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\Windows\TabletPC\TabSetup",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\Windows\Windows Error Reporting\Hangs",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Devices","Microsoft XPS Document Writer",%REG_SZ%,"winspool,Ne00:"
HKO,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Devices","Microsoft Print to PDF",%REG_SZ%,"winspool,Ne01:"
HKO,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Devices","Fax",%REG_SZ%,"winspool,Ne02:"
HKO,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\EFS",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\MsiCorruptedFileRecovery\RepairedProducts","AnyIdMax",%REG_DWORD%,5 ; 0x00000005
HKO,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\MsiCorruptedFileRecovery\RepairedProducts","SameIdMax",%REG_DWORD%,1 ; 0x00000001
HKO,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\MsiCorruptedFileRecovery\RepairedProducts","TimeWindowMinutes",%REG_DWORD%,1440 ; 0x000005a0
HKO,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\PrinterPorts","Microsoft XPS Document Writer",%REG_SZ%,"winspool,Ne00:,15,45"
HKO,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\PrinterPorts","Microsoft Print to PDF",%REG_SZ%,"winspool,Ne01:,15,45"
HKO,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\PrinterPorts","Fax",%REG_SZ%,"winspool,Ne02:,15,45"
HKO,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\TileDataModel\Migration",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows","Device",%REG_SZ%,""
HKO,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows","IsMRUEstablished",%REG_DWORD%,4294967295 ; 0xffffffff
HKO,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows","LegacyDefaultPrinterMode",%REG_DWORD%,4294967295 ; 0xffffffff
HKO,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Pen","PenArbitrationType",%REG_DWORD%,3 ; 0x00000003
HKO,"SOFTWARE\Microsoft\Wisp\MultiTouch",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\Wisp\Pen\SysEventParameters","DblDist",%REG_DWORD%,20 ; 0x00000014
HKO,"SOFTWARE\Microsoft\Wisp\Pen\SysEventParameters","DblTime",%REG_DWORD%,300 ; 0x0000012c
HKO,"SOFTWARE\Microsoft\Wisp\Pen\SysEventParameters","EraseEnable",%REG_DWORD%,1 ; 0x00000001
HKO,"SOFTWARE\Microsoft\Wisp\Pen\SysEventParameters","FlickMode",%REG_DWORD%,1 ; 0x00000001
HKO,"SOFTWARE\Microsoft\Wisp\Pen\SysEventParameters","FlickTolerance",%REG_DWORD%,50 ; 0x00000032
HKO,"SOFTWARE\Microsoft\Wisp\Pen\SysEventParameters","HoldMode",%REG_DWORD%,1 ; 0x00000001
HKO,"SOFTWARE\Microsoft\Wisp\Pen\SysEventParameters","HoldTime",%REG_DWORD%,2300 ; 0x000008fc
HKO,"SOFTWARE\Microsoft\Wisp\Pen\SysEventParameters","RightMaskEnable",%REG_DWORD%,1 ; 0x00000001
HKO,"SOFTWARE\Microsoft\Wisp\Pen\SysEventParameters","Splash",%REG_DWORD%,50 ; 0x00000032
HKO,"SOFTWARE\Microsoft\Wisp\Pen\SysEventParameters","TapTime",%REG_DWORD%,100 ; 0x00000064
HKO,"SOFTWARE\Microsoft\Wisp\Pen\SysEventParameters","WaitTime",%REG_DWORD%,300 ; 0x0000012c
HKO,"SOFTWARE\Microsoft\Wisp\Pen\SysEventParameters\CustomFlickCommands",,%REG_KEYONLY%
HKO,"SOFTWARE\Microsoft\Wisp\Pen\SysEventParameters\FlickCommands","down",%REG_SZ%,"{00000000-0000-0000-0000-000000000000}"
HKO,"SOFTWARE\Microsoft\Wisp\Pen\SysEventParameters\FlickCommands","downLeft",%REG_SZ%,"{00000000-0000-0000-0000-000000000000}"
HKO,"SOFTWARE\Microsoft\Wisp\Pen\SysEventParameters\FlickCommands","downRight",%REG_SZ%,"{00000000-0000-0000-0000-000000000000}"
HKO,"SOFTWARE\Microsoft\Wisp\Pen\SysEventParameters\FlickCommands","left",%REG_SZ%,"{00000000-0000-0000-0000-000000000000}"
HKO,"SOFTWARE\Microsoft\Wisp\Pen\SysEventParameters\FlickCommands","right",%REG_SZ%,"{00000000-0000-0000-0000-000000000000}"
HKO,"SOFTWARE\Microsoft\Wisp\Pen\SysEventParameters\FlickCommands","up",%REG_SZ%,"{00000000-0000-0000-0000-000000000000}"
HKO,"SOFTWARE\Microsoft\Wisp\Pen\SysEventParameters\FlickCommands","upLeft",%REG_SZ%,"{00000000-0000-0000-0000-000000000000}"
HKO,"SOFTWARE\Microsoft\Wisp\Pen\SysEventParameters\FlickCommands","upRight",%REG_SZ%,"{00000000-0000-0000-0000-000000000000}"
HKO,"SOFTWARE\Microsoft\Wisp\Touch","Bouncing",%REG_DWORD%,1 ; 0x00000001
HKO,"SOFTWARE\Microsoft\Wisp\Touch","Friction",%REG_DWORD%,50 ; 0x00000032
HKO,"SOFTWARE\Microsoft\Wisp\Touch","Inertia",%REG_DWORD%,1 ; 0x00000001
HKO,"SOFTWARE\Microsoft\Wisp\Touch","TouchMode_hold",%REG_DWORD%,1 ; 0x00000001
HKO,"SOFTWARE\Microsoft\Wisp\Touch","TouchModeN_DtapDist",%REG_DWORD%,50 ; 0x00000032
HKO,"SOFTWARE\Microsoft\Wisp\Touch","TouchModeN_DtapTime",%REG_DWORD%,50 ; 0x00000032
HKO,"SOFTWARE\Microsoft\Wisp\Touch","TouchModeN_HoldTime_Animation",%REG_DWORD%,50 ; 0x00000032
HKO,"SOFTWARE\Microsoft\Wisp\Touch","TouchModeN_HoldTime_BeforeAnimation",%REG_DWORD%,50 ; 0x00000032
HKO,"SOFTWARE\Microsoft\Wisp\Touch","TouchUI",%REG_DWORD%,0 ; 0x00000000
HKO,"SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache",,%REG_KEYONLY%
HKO,"SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Cache",,%REG_KEYONLY%
HKO,"SOFTWARE\Policies\Power\PowerSettings",,%REG_KEYONLY%
HKO,"System\CurrentControlSet\Control\Network\NetworkLocationWizard","ShowCount",%REG_DWORD%,0 ; 0x00000000

; EOF

Registry INF Dumper

Purpose
Synopsis
Implementation and Build Details
Source, Build Instructions and Demonstration

Purpose

Enumerate all keys and values of one or more predefined Registry branches (HKCC, HKCR, HKCU, HKLM, HKLS, HKPD, HKU) and print them as an .inf file in UTF-16LE encoding on standard output (which must be redirected to a file or piped into an application that reads from standard input, like Clip or More).

Note: to dump the entire Registry specify the branches HKLM and HKU.

Synopsis

REGISTRY.COM { HKCC | HKEY_CURRENT_CONFIG | HKCR | HKEY_CLASSES_ROOT | HKCU | HKEY_CURRENT_USER | HKDD | HKEY_DYN_DATA | HKLM | HKEY_LOCAL_MACHINE | HKLS | HKEY_CURRENT_USER_LOCAL_SETTINGS | HKPD | HKEY_PERFORMANCE_DATA | HKU | HKEY_USERS } … >‹output file name›
REGISTRY.COM { HKCC | HKEY_CURRENT_CONFIG | HKCR | HKEY_CLASSES_ROOT | HKCU | HKEY_CURRENT_USER | HKDD | HKEY_DYN_DATA | HKLM | HKEY_LOCAL_MACHINE | HKLS | HKEY_CURRENT_USER_LOCAL_SETTINGS | HKPD | HKEY_PERFORMANCE_DATA | HKU | HKEY_USERS } … | MORE.COM
Note: when run under a user account which has the privilege SeBackupPrivilege assigned, the Registry INF Dumper enables it to enumerate all registry keys below the specified branch(es).

Note: when run under a user account which has the privilege SeSecurityPrivilege assigned, the Registry INF Dumper enables it to include the system access control list in the optionally printed security descriptors.

Implementation and Build Details

Registry INF Dumper is a pure Win32 console application, written in ANSI C, built with the Platform SDK for Windows Server 2003 R2 Microsoft Visual C++ Compiler 2010 SP1 from update 2519277, but without the MSVCRT libraries, for use on Windows 2000 and newer versions of Windows NT as well as Windows PE 1.0 and newer versions.

Note: due to the design and implementation of Windows’ (classic alias legacy) console, the Win32 function WriteConsole() can only write to a console, not to a file nor a pipe, i.e. redirection of standard error is not supported!

The MSDN article Console Handles provides background information.

Source, Build Instructions and Demonstration

Perform the following 3 simple steps to build the console application Registry INF Dumper from the source presented hereafter and execute it.

  1. Create the text file REGISTRY.C with the following content in an arbitrary, preferable empty directory: 

    // Copyright © 2004-2023, Stefan Kanthak <‍stefan‍.‍kanthak‍@‍nexgo‍.‍de‍>

// * The software is provided "as is" without any warranty, neither express
//   nor implied.
// * In no event will the author be held liable for any damage(s) arising
//   from the use of the software.
// * Redistribution of the software is allowed only in unmodified form.
// * Permission is granted to use the software solely for personal private
//   and non-commercial purposes.
// * An individuals use of the software in his or her capacity or function
//   as an agent, (independent) contractor, employee, member or officer of
//   a business, corporation or organization (commercial or non-commercial)
//   does not qualify as personal private and non-commercial purpose.
// * Without written approval from the author the software must not be used
//   for a business, for commercial, corporate, governmental, military or
//   organizational purposes of any kind, or in a commercial, corporate,
//   governmental, military or organizational environment of any kind.

#define _CRT_SECURE_NO_WARNINGS
#define STRICT
#define UNICODE
#define WIN32_LEAN_AND_MEAN

#include <windows.h>
#include <shellapi.h>
#include <sddl.h>

#define memcpy	__movsb
#define wmemcpy	__movsw

#define MAX_DEPTH		512UL
#define MAX_KEY_LENGTH		255UL
#define MAX_VALUE_NAME		16383UL
#define MAX_VALUE_DATA		1048576UL

#define SE_SECURITY_PRIVILEGE	8UL	// "SeSecurityPrivilege"
#define SE_BACKUP_PRIVILEGE	17UL	// "SeBackupPrivilege"

const	TOKEN_PRIVILEGES	tpBackup = {1UL, {SE_BACKUP_PRIVILEGE, 0L, SE_PRIVILEGE_ENABLED}};

#ifdef SECURITY
const	TOKEN_PRIVILEGES	tpSecurity = {1UL, {SE_SECURITY_PRIVILEGE, 0L, SE_PRIVILEGE_ENABLED}};
#endif

typedef	unsigned __int64	QWORD, *LPQWORD;

BYTE	cbData[MAX_VALUE_DATA];
WCHAR	szKey[(MAX_KEY_LENGTH + 1) * MAX_DEPTH];
WCHAR	szValue[MAX_VALUE_NAME + 1];

__declspec(safebuffers)
BOOL	PrintConsole(HANDLE hConsole, [SA_FormatString(Style="printf")] LPCWSTR lpFormat, ...)
{
	WCHAR	szBuffer[1025];
	DWORD	dwBuffer;
	DWORD	dwConsole;

	va_list	vaInput;
	va_start(vaInput, lpFormat);

	dwBuffer = wvsprintf(szBuffer, lpFormat, vaInput);

	va_end(vaInput);

	if (dwBuffer == 0)
		return FALSE;

	if (!WriteConsole(hConsole, szBuffer, dwBuffer, &dwConsole, NULL))
		return FALSE;

	return dwConsole == dwBuffer;
}

__declspec(safebuffers)
BOOL	PrintFormat(HANDLE hFile, [SA_FormatString(Style="printf")] LPCWSTR lpFormat, ...)
{
	WCHAR	szBuffer[1025];
	LPBYTE	lpBuffer;
	DWORD	dwBuffer;
	DWORD	dwFile;

	va_list	vaInput;
	va_start(vaInput, lpFormat);

	dwBuffer = wvsprintf(szBuffer, lpFormat, vaInput);

	va_end(vaInput);

	if (dwBuffer == 0)
		return FALSE;

	dwBuffer *= sizeof(*szBuffer);
	lpBuffer = (LPBYTE) szBuffer;

	do
	{
		if (!WriteFile(hFile, lpBuffer, dwBuffer, &dwFile, (LPOVERLAPPED) NULL))
			return FALSE;

		lpBuffer += dwFile;
		dwBuffer -= dwFile;
	} while (dwBuffer > 0);

	return TRUE;
}

#define PrintString(HANDLE, LITERAL)	PrintDirect(HANDLE, LITERAL, sizeof(LITERAL) / sizeof(*LITERAL) - 1UL)

__inline
BOOL	WINAPI	PrintDirect(HANDLE hFile, LPCWSTR lpString, DWORD dwString)
{
	DWORD	dwFile;

	dwString *= sizeof(*lpString);

	do
	{
		if (!WriteFile(hFile, lpString, dwString, &dwFile, (LPOVERLAPPED) NULL))
			return FALSE;

		lpString = (LPCWSTR) ((LPBYTE) lpString + dwFile);
		dwString -= dwFile;
	} while (dwString > 0);

	return TRUE;
}

__inline
LPCWSTR	WINAPI	InfEscape(LPCWSTR lpString)
{
	do
		if ((*lpString == L'"')
		 || (*lpString == L'%'))
			return lpString;
	while (*lpString++ != L'\0');

	return NULL;
}

#ifndef TINY
const	WCHAR	szBytes[256][4] = {L",00", L",01", L",02", L",03", L",04", L",05", L",06", L",07", L",08", L",09", L",0a", L",0b", L",0c", L",0d", L",0e", L",0f",
		                   L",10", L",11", L",12", L",13", L",14", L",15", L",16", L",17", L",18", L",19", L",1a", L",1b", L",1c", L",1d", L",1e", L",1f",
		                   L",20", L",21", L",22", L",23", L",24", L",25", L",26", L",27", L",28", L",29", L",2a", L",2b", L",2c", L",2d", L",2e", L",2f",
		                   L",30", L",31", L",32", L",33", L",34", L",35", L",36", L",37", L",38", L",39", L",3a", L",3b", L",3c", L",3d", L",3e", L",3f",
		                   L",40", L",41", L",42", L",43", L",44", L",45", L",46", L",47", L",48", L",49", L",4a", L",4b", L",4c", L",4d", L",4e", L",4f",
		                   L",50", L",51", L",52", L",53", L",54", L",55", L",56", L",57", L",58", L",59", L",5a", L",5b", L",5c", L",5d", L",5e", L",5f",
		                   L",60", L",61", L",62", L",63", L",64", L",65", L",66", L",67", L",68", L",69", L",6a", L",6b", L",6c", L",6d", L",6e", L",6f",
		                   L",70", L",71", L",72", L",73", L",74", L",75", L",76", L",77", L",78", L",79", L",7a", L",7b", L",7c", L",7d", L",7e", L",7f",
		                   L",80", L",81", L",82", L",83", L",84", L",85", L",86", L",87", L",88", L",89", L",8a", L",8b", L",8c", L",8d", L",8e", L",8f",
		                   L",90", L",91", L",92", L",93", L",94", L",95", L",96", L",97", L",98", L",99", L",9a", L",9b", L",9c", L",9d", L",9e", L",9f",
		                   L",a0", L",a1", L",a2", L",a3", L",a4", L",a5", L",a6", L",a7", L",a8", L",a9", L",aa", L",ab", L",ac", L",ad", L",ae", L",af",
		                   L",b0", L",b1", L",b2", L",b3", L",b4", L",b5", L",b6", L",b7", L",b8", L",b9", L",ba", L",bb", L",bc", L",bd", L",be", L",bf",
		                   L",c0", L",c1", L",c2", L",c3", L",c4", L",c5", L",c6", L",c7", L",c8", L",c9", L",ca", L",cb", L",cc", L",cd", L",ce", L",cf",
		                   L",d0", L",d1", L",d2", L",d3", L",d4", L",d5", L",d6", L",d7", L",d8", L",d9", L",da", L",db", L",dc", L",dd", L",de", L",df",
		                   L",e0", L",e1", L",e2", L",e3", L",e4", L",e5", L",e6", L",e7", L",e8", L",e9", L",ea", L",eb", L",ec", L",ed", L",ee", L",ef",
		                   L",f0", L",f1", L",f2", L",f3", L",f4", L",f5", L",f6", L",f7", L",f8", L",f9", L",fa", L",fb", L",fc", L",fd", L",fe", L",ff"};
#endif

const	LPCWSTR	szHKey[8] = {L"HKCR",
		             L"HKCU",
		             L"HKLM",
		             L"HKU",
		             L"HKPD",
		             L"HKCC",
		             L"HKDD",
		             L"HKLS"};

const	LPCWSTR	szHKEY[8] = {L"HKEY_CLASSES_ROOT",
		             L"HKEY_CURRENT_USER",
		             L"HKEY_LOCAL_MACHINE",
		             L"HKEY_USERS",
		             L"HKEY_PERFORMANCE_DATA",
		             L"HKEY_CURRENT_CONFIG",
		             L"HKEY_DYN_DATA",
		             L"HKEY_CURRENT_USER_LOCAL_SETTINGS"};

const	DWORD	dwHKEY[8] = {sizeof("HKEY_CLASSES_ROOT"),
		             sizeof("HKEY_CURRENT_USER"),
		             sizeof("HKEY_LOCAL_MACHINE"),
		             sizeof("HKEY_USERS"),
		             sizeof("HKEY_PERFORMANCE_DATA"),
		             sizeof("HKEY_CURRENT_CONFIG"),
		             sizeof("HKEY_DYN_DATA"),
		             sizeof("HKEY_CURRENT_USER_LOCAL_SETTINGS")};

const	LPCWSTR	szType[12] = {L"NONE",
		              L"SZ",
		              L"EXPAND_SZ",
		              L"BINARY",
		              L"DWORD",		// alias DWORD_LITTLE_ENDIAN
		              L"DWORD_BIG_ENDIAN",
		              L"LINK",
		              L"MULTI_SZ",
		              L"RESOURCE_LIST",
		              L"FULL_RESOURCE_DESCRIPTOR",
		              L"RESOURCE_REQUIREMENTS_LIST",
		              L"QWORD"};	// alias QWORD_LITTLE_ENDIAN

DWORD	WINAPI	Registry(HANDLE hConsole, HANDLE hOutput, QWORD qwPrivileges, HKEY hkHKEY, DWORD dwKey)
{
	HKEY	hkKey;
	BOOL	bOutput;
	DWORD	dwError;
	DWORD	dwIndex = (DWORD) hkHKEY ^ (DWORD) HKEY_CLASSES_ROOT;
	DWORD	dwSubKeys, dwSubKey;
	DWORD	dwValues, dwValue, dwType, dwData, dwBytes;
#ifdef SANITY
	DWORD	dwCount, dwChars;
	LPCWSTR	lpCount;
#endif
	LPCWSTR	lpHKey = szHKey[dwIndex];
	LPCWSTR	lpKey = dwKey < dwHKEY[dwIndex] ? NULL : szKey + dwHKEY[dwIndex];
	LPCWSTR	lpSubKey = szKey + dwKey + 1;
	LPCWSTR	lpData, lpEscape, lpLast, lpMulti;

	dwError = RegOpenKeyEx(hkHKEY,
	                       lpKey,
	                       qwPrivileges & (1ULL << SE_BACKUP_PRIVILEGE) ? REG_OPTION_BACKUP_RESTORE | REG_OPTION_OPEN_LINK : REG_OPTION_OPEN_LINK,
#ifdef SECURITY
	                       qwPrivileges & (1ULL << SE_SECURITY_PRIVILEGE) ? ACCESS_SYSTEM_SECURITY | KEY_READ | KEY_WOW64_64KEY : KEY_READ | KEY_WOW64_64KEY,
#else
	                       KEY_READ | KEY_WOW64_64KEY,
#endif
	                       &hkKey);

	if (dwError != ERROR_SUCCESS)
		PrintConsole(hConsole,
		             L"RegOpenKeyEx() returned error %lu for registry key \'%ls\'\n",
		             dwError, szKey);
	else
	{
#ifdef SECURITY
		dwData = sizeof(cbData);

		dwError = RegGetKeySecurity(hkHKEY,
		                            qwPrivileges & (1ULL << SE_SECURITY_PRIVILEGE) ? OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION | LABEL_SECURITY_INFORMATION : OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION | LABEL_SECURITY_INFORMATION,
		                            cbData,
		                            &dwData);

		if (dwError != ERROR_SUCCESS)
			PrintConsole(hConsole,
			             L"RegGetKeySecurity() returned error %lu for registry key \'%ls\'\n",
			             dwError, szKey);
		else
			if (!ConvertSecurityDescriptorToStringSecurityDescriptor(cbData,
			                                                         SDDL_REVISION_1,
			                                                         OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION | LABEL_SECURITY_INFORMATION,
			                                                         &lpData,
			                                                         (LPDWORD) NULL))
				PrintConsole(hConsole,
				             L"ConvertSecurityDescriptorToStringSecurityDescriptor() returned error %lu for registry key \'%ls\'\n",
				             dwError = GetLastError(), szKey);
			else
			{
				if (lpKey == NULL)
					bOutput = PrintFormat(hOutput,
					                      L"%ls,,,%%REG_KEYONLY%%\r\n",
					                      lpHKey);
				else
					bOutput = PrintFormat(hOutput,
					                      L"%ls,\"%ls\",,%%REG_KEYONLY%%\r\n",
					                      lpHKey, lpKey);

				bOutput &= PrintString(hOutput, L"; ");
				bOutput &= PrintDirect(hOutput, lpData, wcslen(lpData));
				bOutput &= PrintString(hOutput, L"\r\n");

				if (!bOutput)
					PrintConsole(hConsole,
					             L"WriteFile() returned error %lu for registry key \'%ls\'\n",
					             dwError = GetLastError(), szKey);

				if (LocalFree(lpData) != NULL)
					PrintConsole(hConsole,
					             L"LocalFree() returned error %lu\n",
					             GetLastError());
			}
#endif
		for (dwValues = 0;; dwValues++)
		{
		//	*szValue = L'\0';
			dwValue = sizeof(szValue) / sizeof(*szValue);
			dwData = sizeof(cbData);

			dwError = RegEnumValue(hkKey,
			                       dwValues,
			                       szValue,
			                       &dwValue,
			                       (LPDWORD) NULL,
			                       &dwType,
			                       cbData,
			                       &dwData);

			if (dwError != ERROR_SUCCESS)
			{
				if (dwError == ERROR_NO_MORE_ITEMS)
					break;

				PrintConsole(hConsole,
				             L"RegEnumValue() returned error %lu for registry key \'%ls\'\n",
				             dwError, szKey);

				if (dwError == ERROR_ACCESS_DENIED)
					break;
			}
			else
			{
#ifdef SANITY
				dwChars = wcslen(szValue);

				if (dwValue < dwChars)
					PrintConsole(hConsole,
					             L"ERROR: size (%lu characters) of value name \'%ls\' in registry key \'%ls\' smaller than actual string length (%lu characters)!\n",
					             dwValue, szValue, dwChars, szKey);
				else if (dwValue > dwChars)
					PrintConsole(hConsole,
					             L"WARNING: size (%lu characters) of value name \'%ls\' in registry key \'%ls\' greater than actual string length (%lu characters)\n",
					             dwValue, szValue, dwChars, szKey);

				if (dwData == 0)
					PrintConsole(hConsole,
					             L"WARNING: no value data for value name \'%ls\' in registry key \'%ls\'\n",
					             szValue, szKey);
				else
					switch (dwType)
					{
					case REG_LINK:

						if (dwData % sizeof(L'\0'))
							PrintConsole(hConsole,
							             L"ERROR: size (%lu bytes) of value data for value name \'%ls\' in registry key \'%ls\' not a multiple of WCHAR size!\n",
							             dwData, szValue, szKey);
						break;

					case REG_DWORD_BIG_ENDIAN:
					case REG_DWORD_LITTLE_ENDIAN:
				//	case REG_DWORD:

						if (dwData < sizeof(DWORD))
							PrintConsole(hConsole,
							             L"ERROR: size (%lu bytes) of value data for value name \'%ls\' in registry key \'%ls\' smaller than DWORD size!\n",
							             dwData, szValue, szKey);
						else if (dwData > sizeof(DWORD))
							PrintConsole(hConsole,
							             L"WARNING: size (%lu bytes) of value data for value name \'%ls\' in registry key \'%ls\' greater than DWORD size\n",
							             dwData, szValue, szKey);
						break;

					case REG_QWORD_LITTLE_ENDIAN:
				//	case REG_QWORD:

						if (dwData < sizeof(QWORD))
							PrintConsole(hConsole,
							             L"ERROR: size (%lu bytes) of value data for value name \'%ls\' in registry key \'%ls\' smaller than QWORD size!\n",
							             dwData, szValue, szKey);
						else if (dwData > sizeof(QWORD))
							PrintConsole(hConsole,
							             L"WARNING: size (%lu bytes) of value data for value name \'%ls\' in registry key \'%ls\' greater than QWORD size\n",
							             dwData, szValue, szKey);
						break;

					case REG_SZ:
					case REG_EXPAND_SZ:

						dwChars = wcslen((LPCWSTR) cbData);
						dwBytes = (dwChars + 1) * sizeof(L'\0');

						if (dwData < dwBytes)
							PrintConsole(hConsole,
							             L"ERROR: size (%lu bytes) of value data for value name \'%ls\' in registry key \'%ls\' smaller than actual string length (%lu + 1 characters = %lu bytes)\n",
							             dwData, szValue, szKey, dwChars, dwBytes);
						else if (dwData > dwBytes)
							PrintConsole(hConsole,
							             L"WARNING: size (%lu bytes) of value data for value name \'%ls\' in registry key \'%ls\' greater than actual string length (%lu + 1 characters = %lu bytes)\n",
							             dwData, szValue, szKey, dwChars, dwBytes);
						break;

					case REG_MULTI_SZ:

						dwChars = 0;
						dwCount = 1;
						lpCount = (LPCWSTR) cbData;

						while (*lpCount != L'\0')
						{
							dwChars += wcslen(lpCount);
							dwCount++;
							lpCount += wcslen(lpCount) + 1;
						}

						dwBytes = (dwChars + dwCount) * sizeof(L'\0');

						if (dwData < dwBytes)
							PrintConsole(hConsole,
							             L"ERROR: size (%lu bytes) of value data for value name \'%ls\' in registry key \'%ls\' smaller than sum of actual string lengths (%lu + %lu characters = %lu bytes)\n",
							             dwData, szValue, szKey, dwChars, dwCount, dwBytes);
						else if (dwData > dwBytes)
							PrintConsole(hConsole,
							             L"WARNING: size (%lu bytes) of value data for value name \'%ls\' in registry key \'%ls\' greater than sum of actual string lengths (%lu + %lu characters = %lu bytes)\n",
							             dwData, szValue, szKey, dwChars, dwCount, dwBytes);
						break;

				//	case REG_NONE:
				//	case REG_BINARY:
				//	case REG_RESOURCE_LIST:
				//	case REG_FULL_RESOURCE_DESCRIPTOR:
				//	case REG_RESOURCE_REQUIREMENTS_LIST:
					}
#ifdef UNKNOWN
				if (dwType > REG_QWORD)
					PrintConsole(hConsole,
					             L"WARNING: unknown data type (0x%08lx) for value name \'%ls\' in registry key \'%ls\'\n",
					             dwType, szValue, szKey);
#endif
#endif // SANITY
				if (lpKey == NULL)
					bOutput = PrintFormat(hOutput, L"%ls,,", lpHKey);
				else
					bOutput = PrintFormat(hOutput, L"%ls,\"%ls\",", lpHKey, lpKey);

				if (dwType < sizeof(szType) / sizeof(*szType))
					if (dwValue == 0)
						bOutput &= PrintFormat(hOutput, L",%%REG_%ls%%", szType[dwType]);
					else
						bOutput &= PrintFormat(hOutput, L"\"%ls\",%%REG_%ls%%", szValue, szType[dwType]);
				else
					if (dwValue == 0)
						bOutput &= PrintFormat(hOutput, L",0x%08lx", dwType);
					else
						bOutput &= PrintFormat(hOutput, L"\"%ls\",0x%08lx", dwType);

				if (dwData == 0)
					bOutput &= PrintString(hOutput, L"\r\n");
				else
					switch (dwType)
					{
					case REG_LINK:

						if (dwData % sizeof(L'\0'))
							goto DEFAULT;

						bOutput &= PrintString(hOutput, L",\"");
						bOutput &= PrintDirect(hOutput, (LPCWSTR) cbData, dwData / sizeof(L'\0'));
						bOutput &= PrintString(hOutput, L"\"\r\n");

						break;

					case REG_SZ:
					case REG_EXPAND_SZ:

						if (dwData % sizeof(L'\0'))
							goto DEFAULT;

						if (*(LPCWSTR) cbData == L'\0')
							bOutput &= PrintString(hOutput, L",\"\"\r\n");
						else
						{
							lpData = (LPCWSTR) cbData;
							((LPWSTR) lpData)[dwData / sizeof(L'\0')] = L'\0';
							dwData = wcslen(lpData);

							bOutput &= PrintString(hOutput, L",\"");

							for (lpEscape = InfEscape(lpData); lpEscape != NULL; lpData = lpEscape, lpEscape = InfEscape(lpData + 1))
								bOutput &= PrintDirect(hOutput, lpData, lpEscape + 1 - lpData);

							bOutput &= PrintDirect(hOutput, lpData, (LPCWSTR) cbData + dwData - lpData);
							bOutput &= PrintString(hOutput, L"\"\r\n");
						}

						break;

					case REG_MULTI_SZ:

						if (dwData % sizeof(L'\0'))
							goto DEFAULT;

						if ((dwData == sizeof(L'\0'))
						 && (*(LPCWSTR) cbData == L'\0'))
							bOutput &= PrintString(hOutput, L";\r\n");
						else
						{
							lpData = (LPCWSTR) cbData;
							dwData /= sizeof(L'\0');
							lpLast = lpData + dwData;

							if ((dwData > 1)
							 && (lpData[dwData - 1] == L'\0')
							 && (lpData[dwData - 2] == L'\0'))
								lpLast--;
							else
								*(LPWSTR) lpLast = L'\0';

							do
								if (*lpData == L'\0')
									bOutput &= PrintString(hOutput, L";\"\"");
								else
								{
									dwData = wcslen(lpData);

									bOutput &= PrintString(hOutput, L",\"");

									for (lpEscape = InfEscape(lpMulti = lpData), lpData += dwData;
									     lpEscape != NULL; lpMulti = lpEscape,
									     lpEscape = InfEscape(lpEscape + 1))
										bOutput &= PrintDirect(hOutput, lpMulti, lpEscape + 1 - lpMulti);

									bOutput &= PrintDirect(hOutput, lpMulti, lpData - lpMulti);
									bOutput &= PrintString(hOutput, L"\"");
								}
							while (++lpData < lpLast);

							bOutput &= PrintString(hOutput, L"\r\n");
						}

						break;

					case REG_DWORD_BIG_ENDIAN:

						if (dwData != sizeof(DWORD))
							goto DEFAULT;
#if 0
						bOutput &= PrintFormat(hOutput, L",%lu\r\n", _byteswap_ulong(*(LPDWORD) cbData));
#else
						bOutput &= PrintFormat(hOutput, L",%lu ; 0x%08lx\r\n", _byteswap_ulong(*(LPDWORD) cbData), *(LPDWORD) cbData);
#endif
						break;

					case REG_DWORD_LITTLE_ENDIAN:
				//	case REG_DWORD:

						if (dwData != sizeof(DWORD))
							goto DEFAULT;
#if 0
						bOutput &= PrintFormat(hOutput, L",%lu\r\n", *(LPDWORD) cbData);
#else
						bOutput &= PrintFormat(hOutput, L",%lu ; 0x%08lx\r\n", *(LPDWORD) cbData, *(LPDWORD) cbData);
#endif
						break;

					case REG_QWORD_LITTLE_ENDIAN:
				//	case REG_QWORD:

						if (dwData != sizeof(QWORD))
							goto DEFAULT;
#if 0
						bOutput &= PrintFormat(hOutput, L",%I64u\r\n", *(LPQWORD) cbData);
#else
						bOutput &= PrintFormat(hOutput, L",%I64u ; 0x%016I64x\r\n", *(LPQWORD) cbData, *(LPQWORD) cbData);
#endif
						break;

				//	case REG_NONE:
				//	case REG_BINARY:
				//	case REG_RESOURCE_LIST:
				//	case REG_FULL_RESOURCE_DESCRIPTOR:
				//	case REG_RESOURCE_REQUIREMENTS_LIST:
					default:
					DEFAULT:
						for (dwBytes = 0; dwBytes < dwData; dwBytes++)
#ifdef TINY
							bOutput &= PrintFormat(hOutput, L",%02x", cbData[dwBytes]);
#else
							bOutput &= PrintDirect(hOutput, szBytes[cbData[dwBytes]], 3);
#endif
						bOutput &= PrintString(hOutput, L"\r\n");
					}

				if (!bOutput)
					PrintConsole(hConsole,
					             L"WriteFile() returned error %lu for value \'%ls\' of registry key \'%ls\'\n",
					             dwError = GetLastError(), szValue, szKey);
			}
		}

		for (dwSubKeys = 0;; dwSubKeys++)
		{
			dwSubKey = sizeof(szKey) / sizeof(*szKey) - dwKey - 1;
#if 0
			dwError = RegEnumKey(hkKey,
			                     dwSubKeys,
			                     lpSubKey,
			                     dwSubKey);
#else
			dwError = RegEnumKeyEx(hkKey,
			                       dwSubKeys,
			                       lpSubKey,
			                       &dwSubKey,
			                       (LPDWORD) NULL,
			                       (LPWSTR) NULL,
			                       (LPDWORD) NULL,
			                       (LPFILETIME) NULL);
#endif
			if (dwError != ERROR_SUCCESS)
			{
				if (dwError == ERROR_NO_MORE_ITEMS)
					break;

				PrintConsole(hConsole,
#if 0
				             L"RegEnumKey() returned error %lu for registry key \'%ls\'\n",
#else
				             L"RegEnumKeyEx() returned error %lu for registry key \'%ls\'\n",
#endif
				             dwError, szKey);

				if (dwError == ERROR_ACCESS_DENIED)
					break;
			}
			else
			{
#ifdef SANITY
				dwChars = wcslen(lpSubKey);

				if (dwChars > dwSubKey)
					PrintConsole(hConsole,
					             L"ERROR: size (%lu characters) of subkey name \'%ls\' in registry key \'%ls\' smaller than actual string length (%lu characters)\n",
					             dwSubKey, lpSubKey, szKey, dwChars);
				else if (dwChars < dwSubKey)
					PrintConsole(hConsole,
					             L"WARNING: size (%lu characters) of subkey name \'%ls\' in registry key \'%ls\' greater than actual string length (%lu characters)\n",
					             dwSubKey, lpSubKey, szKey, dwChars);
#endif
				szKey[dwKey] = L'\\';

				dwError = Registry(hConsole, hOutput, qwPrivileges, hkHKEY, dwKey + 1 + dwSubKey);

				szKey[dwKey] = L'\0';
			}
		}
#ifndef SECURITY
		if ((dwValues == 0) && (dwSubKeys == 0))
		{
			if (lpKey == NULL)
				bOutput = PrintFormat(hOutput,
				                      L"%ls,,,%%REG_KEYONLY%%\r\n",
				                      lpHKey);
			else
				bOutput = PrintFormat(hOutput,
				                      L"%ls,\"%ls\",,%%REG_KEYONLY%%\r\n",
				                      lpHKey, lpKey);

			if (!bOutput)
				PrintConsole(hConsole,
				             L"WriteFile() returned error %lu for empty registry key \'%ls\'\n",
				             dwError = GetLastError(), szKey);
		}
#endif
		dwValue = RegCloseKey(hkKey);

		if (dwValue != ERROR_SUCCESS)
			PrintConsole(hConsole,
			             L"RegCloseKey() returned error %lu for registry key \'%ls\'\n",
			             dwValue, szKey);
	}

	return dwError;
}

__declspec(noreturn)
VOID	WINAPI	wmainCRTStartup(VOID)
{
	SYSTEMTIME	st;

	INT	nArgument = 1;
	INT	nArguments;
	LPWSTR	*lpArguments;
	WCHAR	szComputer[MAX_COMPUTERNAME_LENGTH + 1] = L"<unknown>";
	DWORD	dwComputer = sizeof(szComputer) / sizeof(*szComputer);
	DWORD	dwError = ERROR_BAD_ARGUMENTS;
	DWORD	dwIndex;
	QWORD	qwPrivileges = 0;
	HKEY	hkHKEY;
	HANDLE	hToken;
	HANDLE	hProcess = GetCurrentProcess();
	HANDLE	hOutput;
	HANDLE	hConsole = GetStdHandle(STD_ERROR_HANDLE);

	if (hConsole == INVALID_HANDLE_VALUE)
		dwError = GetLastError();
	else
	{
		lpArguments = CommandLineToArgvW(GetCommandLine(), &nArguments);

		if (lpArguments == NULL)
			PrintConsole(hConsole,
			             L"CommandLineToArgv() returned error %lu\n",
			             dwError = GetLastError());
		else
		{
			if (nArguments < 2)
				PrintConsole(hConsole,
				             L"No arguments: at least one predefined registry key name must be given!\n");
			else
			{
				hOutput = GetStdHandle(STD_OUTPUT_HANDLE);

				if (hOutput == INVALID_HANDLE_VALUE)
					PrintConsole(hConsole,
					             L"GetStdHandle() returned error %lu\n",
					             dwError = GetLastError());
				else
				{
					if (!FlushFileBuffers(hOutput))
						PrintConsole(hConsole,
						             L"FlushFileBuffers() returned error %lu: standard output is not redirected to a file!\n",
						             dwError = GetLastError());
					else
					{
						dwError = ERROR_SUCCESS;

						if (!GetComputerName(szComputer, &dwComputer))
							PrintConsole(hConsole,
							             L"GetComputerName() returned error %lu\n",
							             dwError = GetLastError());

						GetSystemTime(&st);

						if (!PrintFormat(hOutput,
						                 L"\xFEFF"	// UTF-16LE BOM
						                 L"; Registry of \'%ls\'\r\n"
						                 L"\r\n"
						                 L"[Version]\r\n"
						                 L"DriverVer = %02hu/%02hu/%04hu,%02hu.%02hu.%02hu.%03hu ; UTC\r\n"
						                 L"Provider  = \"Stefan Kanthak\"\r\n"
						                 L"Signature = \"$Windows NT$\"\r\n"
						                 L"\r\n"
						                 L"[Strings]\r\n"
						                 L"REG_SZ                         = 0x00000000\r\n"
						                 L"REG_BINARY                     = 0x00000001\r\n"
						                 L"REG_KEYONLY                    = 0x00000010\r\n"
						                 L"REG_MULTI_SZ                   = 0x00010000\r\n"
						                 L"REG_DWORD                      = 0x00010001\r\n"
						                 L"REG_EXPAND_SZ                  = 0x00020000\r\n"
						                 L"REG_NONE                       = 0x00020001\r\n"
						                 L"REG_COMPATIBLE                 = 0x00030001 ; same as REG_BINARY\r\n"
						                 L"REG_DWORD_LITTLE_ENDIAN        = 0x00040001 ; same as REG_DWORD\r\n"
						                 L"REG_DWORD_BIG_ENDIAN           = 0x00050001\r\n"
						                 L"REG_LINK                       = 0x00060000\r\n"
						                 L"REG_RESOURCE_LIST              = 0x00080001\r\n"
						                 L"REG_FULL_RESOURCE_DESCRIPTOR   = 0x00090001\r\n"
						                 L"REG_RESOURCE_REQUIREMENTS_LIST = 0x000a0001\r\n"
						                 L"REG_QWORD                      = 0x000b0001\r\n"
						                 L"REG_QWORD_LITTLE_ENDIAN        = 0x000b0001 ; same as REG_QWORD\r\n"
						                 L"\r\n"
						                 L"[DefaultInstall.NT]\r\n"
						                 L";AddReg = AddReg.HKU,AddReg.HKLM;AddReg.HKCU,AddReg.HKCR\r\n",
						                 szComputer,
						                 st.wMonth, st.wDay, st.wYear, st.wHour, st.wMinute, st.wSecond, st.wMilliseconds))
							PrintConsole(hConsole,
							             L"WriteFile() returned error %lu\n",
							             dwError = GetLastError());

						if (!OpenProcessToken(hProcess,
						                      TOKEN_ADJUST_PRIVILEGES,
						                      &hToken))
							PrintConsole(hConsole,
							             L"OpenProcessToken() returned error %lu\n",
							             dwError = GetLastError());
						else
						{
							if (!AdjustTokenPrivileges(hToken,
							                           FALSE,
							                           &tpBackup,
							                           sizeof(TOKEN_PRIVILEGES),
							                           (TOKEN_PRIVILEGES *) NULL,
							                           (LPDWORD) NULL))
								PrintConsole(hConsole,
								             L"AdjustTokenPrivileges() returned error %lu\n",
								             dwError = GetLastError());
							else
								if (GetLastError() == ERROR_SUCCESS)
									qwPrivileges |= 1ULL << SE_BACKUP_PRIVILEGE;
#ifdef SECURITY
							if (!AdjustTokenPrivileges(hToken,
							                           FALSE,
							                           &tpSecurity,
							                           sizeof(TOKEN_PRIVILEGES),
							                           (TOKEN_PRIVILEGES *) NULL,
							                           (LPDWORD) NULL))
								PrintConsole(hConsole,
								             L"AdjustTokenPrivileges() returned error %lu\n",
								             dwError = GetLastError());
							else
								if (GetLastError() == ERROR_SUCCESS)
									qwPrivileges |= 1ULL << SE_SECURITY_PRIVILEGE;
#endif
							if (!CloseHandle(hToken))
								PrintConsole(hConsole,
								             L"CloseHandle() returned error %lu\n",
								             GetLastError());
						}

						do
						{
							hkHKEY = HKEY_CLASSES_ROOT;

							do
							{
								dwIndex = (DWORD) hkHKEY ^ (DWORD) HKEY_CLASSES_ROOT;

								if ((wcscmp(szHKey[dwIndex], lpArguments[nArgument]) == 0)
								 || (wcscmp(szHKEY[dwIndex], lpArguments[nArgument]) == 0))
								{
									memcpy(szKey, szHKEY[dwIndex], dwHKEY[dwIndex] * sizeof(*szKey));

									if (!PrintFormat(hOutput,
									                 L"\r\n"
									                 L"[AddReg.%ls]\r\n",
									                 szHKey[dwIndex]))
										PrintConsole(hConsole,
										             L"WriteFile() returned error %lu\n",
										             dwError = GetLastError());

									dwError = Registry(hConsole, hOutput, qwPrivileges, hkHKEY, dwHKEY[dwIndex] - 1);

									break;
								}
							} while (++(DWORD) hkHKEY <= (DWORD) HKEY_CURRENT_USER_LOCAL_SETTINGS);

							if ((DWORD) hkHKEY > (DWORD) HKEY_CURRENT_USER_LOCAL_SETTINGS)
								PrintConsole(hConsole,
								             L"Argument \'%ls\' is not a predefined registry key name!\n",
								             lpArguments[nArgument]);
						} while (++nArgument < nArguments);

						if (!PrintString(hOutput,
						                 L"\r\n"
						                 L"; EOF\r\n"))
							PrintConsole(hConsole,
							             L"WriteFile() returned error %lu\n",
							             dwError = GetLastError());
					}

					if (!CloseHandle(hOutput))
						PrintConsole(hConsole,
						             L"CloseHandle() returned error %lu\n",
						             GetLastError());
				}
			}

			if (LocalFree(lpArguments) != NULL)
				PrintConsole(hConsole,
				             L"LocalFree() returned error %lu\n",
				             GetLastError());
		}

		if (!CloseHandle(hConsole))
			PrintConsole(hConsole,
			             L"CloseHandle() returned error %lu\n",
			             GetLastError());
	}

	ExitProcess(dwError);
}
    Note: the output format allows to detect Registry values without data, REG_SZ, REG_EXPAND_SZ and REG_MULTI_SZ values with empty strings, REG_LINK, REG_SZ, REG_EXPAND_SZ and REG_MULTI_SZ values with (invalid) odd size, and REG_DWORD_BIG_ENDIAN, REG_DWORD_LITTLE_ENDIAN alias REG_DWORD as well as REG_QWORD_LITTLE_ENDIAN alias REG_QWORD values with sizes not matching their data type.

    Note: with the preprocessor macro SANITY defined, several consistency and sanity checks regarding the size of key and value names as well as value data and value data types are performed.

    Note: with the preprocessor macro SECURITY defined, the security descriptors of enumerated keys are printed in Security Descriptor Definition Language notation.

    Note: with the preprocessor macro TINY defined, the application gets 2036 bytes smaller, but also a little slower!

  2. Run the following four command lines to compile the source file REGISTRY.C created in step 1., link the compiled object file REGISTRY.OBJ and cleanup afterwards: 

    SET CL=/GA /GF /GS /Gy /O1 /Oi /Os /Oy /W4 /Zl
SET LINK=/DEFAULTLIB:ADVAPI32.LIB /DEFAULTLIB:KERNEL32.LIB /DEFAULTLIB:SHELL32.LIB /DEFAULTLIB:USER32.LIB /ENTRY:wmainCRTStartup /LARGEADDRESSAWARE /NOCOFFGRPINFO /OSVERSION:5.0 /RELEASE /SUBSYSTEM:CONSOLE /SWAPRUN:CD,NET /VERSION:0.815
CL.EXE /FeREGISTRY.COM REGISTRY.C
ERASE REGISTRY.OBJ
    For details and reference see the MSDN articles Compiler Options and Linker Options.

    Note: if necessary, see the MSDN article Use the Microsoft C++ toolset from the command line for an introduction.

    Note: the command lines can be copied and pasted as block into a Command Processor window! 

    Microsoft (R) C/C++ Optimizing Compiler Version 16.00.40219.01 for 80x86
Copyright (C) Microsoft Corporation.  All rights reserved.

REGISTRY.C
REGISTRY.C(587) : warning C4090: 'function' : different 'const' qualifiers
REGISTRY.C(764) : warning C4090: 'function' : different 'const' qualifiers
REGISTRY.C(819) : warning C4213: nonstandard extension used : cast on l-value

Microsoft (R) Incremental Linker Version 10.00.40219.386
Copyright (C) Microsoft Corporation.  All rights reserved.

…

  3. Finally execute the console application REGISTRY.COM built in step 2. to dump the HKCC branch to the file HKCC.inf and display it afterwards: 

    VER
.\REGISTRY.COM HKCC 1>HKCC.inf
NET.EXE HelpMsg %ERRORLEVEL%
TYPE HKCC.inf
    Microsoft Windows [Version 6.1.7601]

The operation completed successfully.

; Registry of 'AMNESIAC'

[Version]
DriverVer = 04/27/2022,08.15.00.815 ; UTC
Provider  = "Stefan Kanthak"
Signature = "$Windows NT$"

[Strings]
REG_SZ                         = 0x00000000
REG_BINARY                     = 0x00000001
REG_KEYONLY                    = 0x00000010
REG_MULTI_SZ                   = 0x00010000
REG_DWORD                      = 0x00010001
REG_EXPAND_SZ                  = 0x00020000
REG_NONE                       = 0x00020001
REG_COMPATIBLE                 = 0x00030001 ; same as REG_BINARY
REG_DWORD_LITTLE_ENDIAN        = 0x00040001 ; same as REG_DWORD
REG_DWORD_BIG_ENDIAN           = 0x00050001
REG_LINK                       = 0x00060000
REG_RESOURCE_LIST              = 0x00080001
REG_FULL_RESOURCE_DESCRIPTOR   = 0x00090001
REG_RESOURCE_REQUIREMENTS_LIST = 0x000a0001
REG_QWORD                      = 0x000b0001
REG_QWORD_LITTLE_ENDIAN        = 0x000b0001 ; same as REG_QWORD

[DefaultInstall.NT]
;AddReg = AddReg.HKU,AddReg.HKLM;AddReg.HKCU,AddReg.HKCR

[AddReg.HKCC]
HKCC,"Software\Fonts","LogPixels",%REG_DWORD%,96 ; 0x00000060
HKCC,"System\CurrentControlSet\Control\Print\Printers",,%REG_KEYONLY%;
HKCC,"System\CurrentControlSet\Control\VIDEO",,%REG_KEYONLY%;
HKCC,"System\CurrentControlSet\Enum\IDE\DISKFUJITSU_MHZ2320BJ_G2____________________0000001E\5&2223391E&0&0.0.0","CSConfigFlags",%REG_DWORD%,0 ; 0x00000000
HKCC,"System\CurrentControlSet\Enum\USBSTOR\DISK&VEN_GENERIC&PROD_FLASH_DISK&REV_8.07\4E0B595B&0","CSConfigFlags",%REG_DWORD%,0 ; 0x00000000
HKCC,"System\CurrentControlSet\SERVICES\TSDDD\DEVICE0","Attach.ToDesktop",%REG_DWORD%,1 ; 0x00000001
HKCC,"System\CurrentControlSet\SERVICES\VGASAVE\DEVICE0","Attach.ToDesktop",%REG_DWORD%,1 ; 0x00000001
HKCC,"System\CurrentControlSet\SERVICES\VGASAVE\DEVICE0","DefaultSettings.BitsPerPel",%REG_DWORD%,32 ; 0x00000020
HKCC,"System\CurrentControlSet\SERVICES\VGASAVE\DEVICE0","DefaultSettings.XResolution",%REG_DWORD%,1920 ; 0x00000780
HKCC,"System\CurrentControlSet\SERVICES\VGASAVE\DEVICE0","DefaultSettings.YResolution",%REG_DWORD%,1200 ; 0x000004b0
HKCC,"System\CurrentControlSet\SERVICES\VGASAVE\DEVICE0","DefaultSettings.VRefresh",%REG_DWORD%,1 ; 0x00000001
HKCC,"System\CurrentControlSet\SERVICES\VGASAVE\DEVICE0","DefaultSettings.Flags",%REG_DWORD%,0 ; 0x00000000
HKCC,"System\CurrentControlSet\SERVICES\VGASAVE\DEVICE0","DefaultSettings.XPanning",%REG_DWORD%,0 ; 0x00000000
HKCC,"System\CurrentControlSet\SERVICES\VGASAVE\DEVICE0","DefaultSettings.YPanning",%REG_DWORD%,0 ; 0x00000000
HKCC,"System\CurrentControlSet\SERVICES\VGASAVE\DEVICE0","DefaultSettings.Orientation",%REG_DWORD%,0 ; 0x00000000
HKCC,"System\CurrentControlSet\SERVICES\VGASAVE\DEVICE0","DefaultSettings.FixedOutput",%REG_DWORD%,0 ; 0x00000000
HKCC,"System\CurrentControlSet\SERVICES\VGASAVE\DEVICE0","Attach.RelativeX",%REG_DWORD%,0 ; 0x00000000
HKCC,"System\CurrentControlSet\SERVICES\VGASAVE\DEVICE0","Attach.RelativeY",%REG_DWORD%,0 ; 0x00000000

; EOF

Portable Executable Resource Enumerator

Purpose
Synopsis
Implementation and Build Details
Variant 1
Variant 2
Source and Build Instructions – Variant 1
Source and Build Instructions – Variant 2

Purpose

Enumerate resources embedded in portable executable image files, i.e. applications and DLLs, print their metadata and information representable as text in UTF-16LE encoding on standard output (which must be redirected to a file or piped into an application that reads from standard input, like Clip or More).

Synopsis

RESOURCE.COM ‹image file name› >‹output file name›
RESOURCE.COM ‹image file name› | MORE.COM
Note: the image file is located via DLL search order!

Implementation and Build Details

Portable Executable Resource Enumerator is a pure Win32 console application, written in ANSI C, built with the Platform SDK for Windows Server 2003 R2 Microsoft Visual C++ Compiler 2010 SP1 from update 2519277, but without the MSVCRT libraries, for use on Windows Vista and newer versions of Windows NT as well as Windows PE 2.0 and newer versions.

Note: due to the design and implementation of Windows’ (classic alias legacy) console, the Win32 function WriteConsole() can only write to a console, not to a file nor a pipe, i.e. redirection of standard error is not supported!

The MSDN article Console Handles provides background information.

Variant 1

The first, canonical variant uses the Win32 function LoadLibraryEx() to load an arbitrary portable executable module into memory, then either the functions EnumResourceTypes(), EnumResourceNames() and EnumResourceLanguages() or the functions EnumResourceTypesEx(), EnumResourceNamesEx() and EnumResourceLanguagesEx() to enumerate all resources, followed by FindResourceEx(), SizeofResource(), LoadResource() and LockResource() to provide access to them, and finally FreeLibrary() to unload the module.

Variant 2

The second, custom variant uses the Win32 functions CreateFile(), CreateFileMapping() and MapViewOfFile() to open an arbitrary file for reading and map it into memory, accesses the structures IMAGE_DOS_HEADER, IMAGE_FILE_HEADER, IMAGE_NT_HEADERS, IMAGE_OPTIONAL_HEADER plus IMAGE_SECTION_HEADER which describe portable executable image files to locate the .rsrc section, then calls its custom function Resource() to enumerate and access all resources; finally it uses the Win32 functions UnmapViewOfFile() and CloseHandle() to unmap the file from memory and close it.

The MSDN articles PE Format, Peering Inside the PE: A Tour of the Win32 Portable Executable File Format, An In-Depth Look into the Win32 Portable Executable File Format and An In-Depth Look into the Win32 Portable Executable File Format, Part 2 document and explain the layout and the structures of portable executable image files.

Source and Build Instructions – Variant 1

Perform the following 2 simple steps to build variant 1 of the console application Portable Executable Resource Enumerator from the source presented hereafter.

  1. Create the text file RESOURCE.C with the following content in an arbitrary, preferable empty directory: 

    // Copyright © 2004-2023, Stefan Kanthak <‍stefan‍.‍kanthak‍@‍nexgo‍.‍de‍>

// * The software is provided "as is" without any warranty, neither express
//   nor implied.
// * In no event will the author be held liable for any damage(s) arising
//   from the use of the software.
// * Redistribution of the software is allowed only in unmodified form.
// * Permission is granted to use the software solely for personal private
//   and non-commercial purposes.
// * An individuals use of the software in his or her capacity or function
//   as an agent, (independent) contractor, employee, member or officer of
//   a business, corporation or organization (commercial or non-commercial)
//   does not qualify as personal private and non-commercial purpose.
// * Without written approval from the author the software must not be used
//   for a business, for commercial, corporate, governmental, military or
//   organizational purposes of any kind, or in a commercial, corporate,
//   governmental, military or organizational environment of any kind.

#define STRICT
#define UNICODE
#define WIN32_LEAN_AND_MEAN

#include <windows.h>
#include <shellapi.h>

#define memcpy	__movsb
#define wmemcpy	__movsw

#ifndef MESSAGE_RESOURCE_ANSI
#define MESSAGE_RESOURCE_ANSI	0
#endif

#ifndef RT_MENUEX
#define RT_MENUEX	MAKEINTRESOURCE(13)
#endif

#ifndef RT_NAMETABLE
#define RT_NAMETABLE	MAKEINTRESOURCE(15)
#endif

#ifndef RT_DIALOGEX
#define RT_DIALOGEX	MAKEINTRESOURCE(18)
#endif

#ifndef RT_DLGINIT
#define RT_DLGINIT	MAKEINTRESOURCE(240)
#endif

#ifndef RT_TOOLBAR
#define RT_TOOLBAR	MAKEINTRESOURCE(241)
#endif

#ifndef RT_LOCALE
#define RT_LOCALE	MAKEINTRESOURCE(255)
#endif

#define VS_BINARY	0U
#define VS_TEXT		1U

typedef	struct	_VS_VERSIONINFO
{
	WORD	wSize;			// size of 'VERSION' resource
	WORD	wCount;			// = sizeof(VS_FIXEDFILEINFO)
					//   (number of bytes in binary value)
	WORD	wType;			// = VS_BINARY
	WCHAR	szKey[16];		// = L"VS_VERSION_INFO"
	WORD	wPadding;		// = 0 (alignment to DWORD)

	VS_FIXEDFILEINFO	vsFFI;
} VS_VERSIONINFO;

typedef	struct	_MUI_RESOURCE
{
	DWORD	dwSignature;		// = 0xFECDFECD
	DWORD	dwSize;			// size of "MUI" resource configuration data
	DWORD	dwVersion;		// = 0x00010000
	DWORD	dwUnknown;
	DWORD	dwFileType;		// = 0x00000011: LN, language-neutral main file
					// = 0x00000012: MUI, language-specific satellite file
	DWORD	dwSystemAttributes;
	DWORD	dwFallbackLocation;	// = 0x00000000: none
					// = 0x00000001: internal
					// = 0x00000002: external
	BYTE	bServiceChecksum[16];
	BYTE	bMainChecksum[16];
	DWORD	dwReserved[6];
	DWORD	dwTypeNameMainOffset;	// offset and size of named resource types
	DWORD	dwTypeNameMainSize;	//  in main file (MULTI_SZ list)
	DWORD	dwTypeIDMainOffset;	// offset and size of unnamed resource types
	DWORD	dwTypeIDMainSize;	//  in main file (DWORD array)
	DWORD	dwTypeNameMUIOffset;	// offset and size of named resource types
	DWORD	dwTypeNameMUISize;	//  in satellite file (MULTI_SZ list)
	DWORD	dwTypeIDMUIOffset;	// offset and size of unnamed resource types
	DWORD	dwTypeIDMUISize;	//  in satellite file (DWORD array)
	DWORD	dwLanguageNameOffset;	// offset and size of language string
	DWORD	dwLanguageNameSize;
	DWORD	dwFallbackNameOffset;	// offset and size of (ultimate) fallback
	DWORD	dwFallbackNameSize;	//  language string
	DWORD	dwPadding;
//	DWORD	dwData[0];
} MUI_RESOURCE;

#define MUI_RESOURCE_SIGNATURE		0xFECDFECDUL
#define MUI_RESOURCE_FILETYPE_MAIN	0x00000011UL
#define MUI_RESOURCE_FILETYPE_SATELLITE	0x00000012UL
#define MUI_RESOURCE_FALLBACK_NONE	0x00000000UL
#define MUI_RESOURCE_FALLBACK_INTERNAL	0x00000001UL
#define MUI_RESOURCE_FALLBACK_EXTERNAL	0x00000002UL

__declspec(safebuffers)
BOOL	PrintConsole(HANDLE hConsole, [SA_FormatString(Style="printf")] LPCWSTR lpFormat, ...)
{
	WCHAR	szBuffer[1025];
	DWORD	dwBuffer;
	DWORD	dwConsole;

	va_list	vaInput;
	va_start(vaInput, lpFormat);

	dwBuffer = wvsprintf(szBuffer, lpFormat, vaInput);

	va_end(vaInput);

	if (dwBuffer == 0)
		return FALSE;

	if (!WriteConsole(hConsole, szBuffer, dwBuffer, &dwConsole, NULL))
		return FALSE;

	return dwConsole == dwBuffer;
}

__declspec(safebuffers)
BOOL	PrintFormat(HANDLE hFile, [SA_FormatString(Style="printf")] LPCWSTR lpFormat, ...)
{
	WCHAR	szBuffer[1025];
	LPBYTE	lpBuffer = (LPBYTE) szBuffer;
	DWORD	dwBuffer;
	DWORD	dwFile;

	va_list	vaInput;
	va_start(vaInput, lpFormat);

	dwBuffer = wvsprintf(szBuffer, lpFormat, vaInput);

	va_end(vaInput);

	if (dwBuffer == 0)
		return FALSE;

	dwBuffer *= sizeof(*szBuffer);

	do
	{
		if (!WriteFile(hFile, lpBuffer, dwBuffer, &dwFile, (LPOVERLAPPED) NULL))
			return FALSE;

		lpBuffer += dwFile;
		dwBuffer -= dwFile;
	} while (dwBuffer > 0);

	return TRUE;
}

#define PrintString(HANDLE, LITERAL)	PrintDirect(HANDLE, LITERAL, sizeof(LITERAL) / sizeof(*LITERAL) - 1UL)

__inline
BOOL	WINAPI	PrintDirect(HANDLE hFile, LPCWSTR lpString, DWORD dwString)
{
	DWORD	dwFile;

	dwString *= sizeof(*lpString);

	do
	{
		if (!WriteFile(hFile, lpString, dwString, &dwFile, (LPOVERLAPPED) NULL))
			return FALSE;

		lpString = (LPCWSTR) ((LPBYTE) lpString + dwFile);
		dwString -= dwFile;
	} while (dwString > 0);

	return TRUE;
}

const	LPCWSTR	szDayOfWeek[7] = {L"Sunday",
		                  L"Monday",
		                  L"Tuesday",
		                  L"Wednesday",
		                  L"Thursday",
		                  L"Friday",
		                  L"Saturday"};

const	LPCWSTR	szFileOSHigh[] = {L"Unknown",				// VOS_UNKNOWN
		                  L"MS-DOS",				// VOS_DOS
		                  L"OS/2 (16-bit)",			// VOS_OS216
		                  L"OS/2 (32-bit)",			// VOS_OS232
		                  L"Windows NT",			// VOS_NT
		                  L"Windows CE"};			// VOS_WINCE

const	LPCWSTR	szFileOSLow[] = {L"Base",				// VOS__BASE
		                 L"Windows (16-bit)",			// VOS__WINDOWS16
		                 L"Presentation Manager (16-bit)",	// VOS__PM16
		                 L"Presentation Manager (32-bit)",	// VOS__PM32
		                 L"Windows (32-bit)"};			// VOS__WINDOWS32

const	LPCWSTR	szFileType[] = {L"Unknown",				// VFT_UNKNOWN
		                L"Application",				// VFT_APP
		                L"DLL",					// VFT_DLL
		                L"Driver",				// VFT_DRV
		                L"Font",				// VFT_FONT
		                L"Virtual Device",			// VFT_VXD
		                L"Undefined",
		                L"Static Library"};			// VFT_STATIC_LIB

const	LPCWSTR	szFileDriverType[] = {L"Unknown",			// VFT2_UNKNOWN
		                      L"Printer",			// VFT2_DRV_PRINTER
		                      L"Keyboard",			// VFT2_DRV_KEYBOARD
		                      L"Language",			// VFT2_DRV_LANGUAGE
		                      L"Display",			// VFT2_DRV_DISPLAY
		                      L"Mouse",				// VFT2_DRV_MOUSE
		                      L"Network",			// VFT2_DRV_NETWORK
		                      L"System",			// VFT2_DRV_SYSTEM
		                      L"Installable",			// VFT2_DRV_INSTALLABLE
		                      L"Sound",				// VFT2_DRV_SOUND
		                      L"Communications",		// VFT2_DRV_COMM
		                      L"Input Method",			// VFT2_DRV_INPUTMETHOD
		                      L"Versioned Printer"};		// VFT2_DRV_VERSIONED_PRINTER

const	LPCWSTR	szFileFontType[] = {L"Unknown",				// VFT2_UNKNOWN
		                    L"Raster",				// VFT2_FONT_RASTER
		                    L"Vector",				// VFT2_FONT_VECTOR
		                    L"TrueType"};			// VFT2_FONT_TRUETYPE

__inline
LPCWSTR	WINAPI	MUIFileType(DWORD dwFileType)
{
	switch (dwFileType)
	{
	case MUI_RESOURCE_FILETYPE_MAIN:
		return L"LN: language-neutral main file";

	case MUI_RESOURCE_FILETYPE_SATELLITE:
		return L"MUI: language-specific satellite file";

	default:
		return NULL;
	}
}

__inline
LPCWSTR	WINAPI	MUIFallbackLocation(DWORD dwFallbackLocation)
{
	switch (dwFallbackLocation)
	{
	case MUI_RESOURCE_FALLBACK_NONE:
		return L"none";

	case MUI_RESOURCE_FALLBACK_INTERNAL:
		return L"internal";

	case MUI_RESOURCE_FALLBACK_EXTERNAL:
		return L"external";

	default:
		return NULL;
	}
}

LPCWSTR	WINAPI	ResourceTypeName(WORD wResType)
{
	switch (wResType)
	{
	case RT_CURSOR:		// MAKEINTRESOURCE(1)
		return L"RT_CURSOR";

	case RT_BITMAP:		// MAKEINTRESOURCE(2)
		return L"RT_BITMAP";

	case RT_ICON:		// MAKEINTRESOURCE(3)
		return L"RT_ICON";

	case RT_MENU:		// MAKEINTRESOURCE(4)
		return L"RT_MENU";

	case RT_DIALOG:		// MAKEINTRESOURCE(5)
		return L"RT_DIALOG";

	case RT_STRING:		// MAKEINTRESOURCE(6)
#if 1
		return L"RT_STRING";
#else
		return L"RT_STRINGTABLE";
#endif
	case RT_FONTDIR:	// MAKEINTRESOURCE(7)
		return L"RT_FONTDIR";

	case RT_FONT:		// MAKEINTRESOURCE(8)
		return L"RT_FONT";

	case RT_ACCELERATOR:	// MAKEINTRESOURCE(9)
		return L"RT_ACCELERATOR";

	case RT_RCDATA:		// MAKEINTRESOURCE(10)
		return L"RT_RCDATA";

	case RT_MESSAGETABLE:	// MAKEINTRESOURCE(11)
		return L"RT_MESSAGETABLE";

	case RT_GROUP_CURSOR:	// MAKEINTRESOURCE(12)
		return L"RT_GROUP_CURSOR";

	case RT_MENUEX:		// MAKEINTRESOURCE(13)
		return L"RT_MENUEX";

	case RT_GROUP_ICON:	// MAKEINTRESOURCE(14)
		return L"RT_GROUP_ICON";

	case RT_NAMETABLE:	// MAKEINTRESOURCE(15)
		return L"RT_NAMETABLE";

	case RT_VERSION:	// MAKEINTRESOURCE(16)
		return L"RT_VERSION";

	case RT_DLGINCLUDE:	// MAKEINTRESOURCE(17)
		return L"RT_DLGINCLUDE";

	case RT_DIALOGEX:	// MAKEINTRESOURCE(18)
		return L"RT_DIALOGEX";

	case RT_PLUGPLAY:	// MAKEINTRESOURCE(19)
		return L"RT_PLUGPLAY";

	case RT_VXD:		// MAKEINTRESOURCE(20)
		return L"RT_VXD";

	case RT_ANICURSOR:	// MAKEINTRESOURCE(21)
		return L"RT_ANICURSOR";

	case RT_ANIICON:	// MAKEINTRESOURCE(22)
		return L"RT_ANIICON";

	case RT_HTML:		// MAKEINTRESOURCE(23)
		return L"RT_HTML";

	case RT_MANIFEST:	// MAKEINTRESOURCE(24)
		return L"RT_MANIFEST";

	case RT_DLGINIT:	// MAKEINTRESOURCE(240)
		return L"RT_DLGINIT";

	case RT_TOOLBAR:	// MAKEINTRESOURCE(241)
		return L"RT_TOOLBAR";

	case RT_LOCALE:		// MAKEINTRESOURCE(255)
		return L"RT_LOCALE";

	default:
		return NULL;
	}
}

__declspec(safebuffers)
BOOL	WINAPI	EnumResLangProc(HMODULE hModule,
		                LPCWSTR lpType,
		                LPCWSTR lpName,
		                WORD    wIDLanguage,
		                LPARAM  lParam)
{
	BOOL	bOutput;
	HANDLE	hOutput = ((HANDLE *) lParam)[1];
	HANDLE	hConsole = ((HANDLE *) lParam)[2];
	HRSRC	hResInfo;	// address of an IMAGE_RESOURCE_DATA_ENTRY structure
	HGLOBAL	hResData;
	DWORD	dwResource;
	LPVOID	lpResource;
	LPCWSTR	lpUnicode;
	DWORD	dwUnicode;
	DWORD	dwBlock;
	DWORD	dwEntry;
	WCHAR	szLanguage[123];
#ifdef LOCALE
	WCHAR	szCountry[123];
#endif
	WCHAR	szFileFlags[sizeof(", Debug, Inferred, Patched, Pre-Release, Private Build, Special Build")];
	LPWSTR	lpFileFlags;
	LPCWSTR	lpFileOSLow, lpFileOSHigh;
	LPCWSTR	lpFileType, lpFileSubtype;
	LPCWSTR	lpValue;
	DWORD	dwValue;
	DWORD	dwSize;
	DWORD	dwKey;
	DWORD	dw;
	LPVOID	lp;

	FILETIME	ft;
	SYSTEMTIME	st;
	VS_VERSIONINFO	*lpVersionInfo;
	MUI_RESOURCE	*lpMUI;

	MESSAGE_RESOURCE_DATA	*lpTable;
	MESSAGE_RESOURCE_BLOCK	*lpBlock;
	MESSAGE_RESOURCE_ENTRY	*lpEntry;

	hResInfo = FindResourceEx(hModule, lpType, lpName, wIDLanguage);

	if (hResInfo == NULL)
		PrintConsole(hConsole,
		             L"FindResourceEx() returned error %lu\n",
		             GetLastError());
	else
	{
#ifdef LOCALE
		if (wIDLanguage == 0)
			bOutput = PrintString(hOutput,
			                      L"\t\tLanguageID: 0 = 0x0000 ; Neutral\r\n");
		else
			if ((GetLocaleInfo(MAKELCID(wIDLanguage, SORT_DEFAULT), LOCALE_SENGLANGUAGE, szLanguage, sizeof(szLanguage) / sizeof(*szLanguage)) == 0)
			 || (GetLocaleInfo(MAKELCID(wIDLanguage, SORT_DEFAULT), LOCALE_SENGCOUNTRY, szCountry, sizeof(szCountry) / sizeof(*szCountry)) == 0))
			{
				PrintConsole(hConsole,
				             L"GetLocaleInfo() returned error %lu\n",
				             GetLastError());

				bOutput = PrintFormat(hOutput,
				                      L"\t\tLanguageID: %hu = 0x%04hX\r\n",
				                      wIDLanguage, wIDLanguage);
			}
			else
				bOutput = PrintFormat(hOutput,
				                      L"\t\tLanguageID: %hu = 0x%04hX ; %ls, %ls\r\n",
				                      wIDLanguage, wIDLanguage, szLanguage, szCountry);
#else
		if (VerLanguageName(wIDLanguage, szLanguage, sizeof(szLanguage) / sizeof(*szLanguage)) == 0)
		{
			PrintConsole(hConsole,
			             L"VerLanguageName() returned 0\n");

			bOutput = PrintFormat(hOutput,
			                      L"\t\tLanguageID: %hu = 0x%04hX\r\n",
			                      wIDLanguage, wIDLanguage);
		}
		else
			bOutput = PrintFormat(hOutput,
			                      L"\t\tLanguageID: %hu = 0x%04hX ; %ls\r\n",
			                      wIDLanguage, wIDLanguage, szLanguage);
#endif
		dwResource = SizeofResource(hModule, hResInfo);

		if (dwResource == 0)
			PrintConsole(hConsole,
			             L"SizeofResource() returned error %lu\n",
			             GetLastError());

		bOutput &= PrintFormat(hOutput,
		                       L"\t\t\tInfo Handle = 0x%p: Length = %lu\r\n",
		                       hResInfo, dwResource);

		hResData = LoadResource(hModule, hResInfo);

		if (hResData == NULL)
			PrintConsole(hConsole,
			             L"LoadResource() returned error %lu\n",
			             GetLastError());
		else
		{
			lpResource = LockResource(hResData);

			if (lpResource == NULL)
				PrintConsole(hConsole,
				             L"LockResource() returned NULL\n");
			else
			{
				bOutput &= PrintFormat(hOutput,
				                       L"\t\t\tData Handle = 0x%p: Offset = 0x%08lX\r\n",
				                       hResData,
				                       (DWORD) ((BYTE *) lpResource - (BYTE *) hModule) + ((DWORD) ((BYTE *) lpResource - (BYTE *) hModule) & 1));

				if (IS_INTRESOURCE(lpType))
					switch ((WORD) lpType)
					{
					case RT_STRING:

						// NOTE: every RT_STRING resource, a STRINGTABLE, holds 16 UNICODE strings
						//       IMAGE_RESOURCE_DIR_STRING_U of up to 65535 characters each, which
						//       need not be L'\0' terminated and may contain L'\0', with their
						//       character count (including the terminating L'\0' if present)
						//       stored in front of them.

						for (lpUnicode = lpResource,
						     dwUnicode = 16; dwUnicode > 0; dwUnicode--,
						     lpUnicode += 1 + lpUnicode[0])
						{
							dw = lpUnicode[0];

							if (dw == 0)
								continue;

							bOutput &= PrintFormat(hOutput,
							                       L"\t\t\t%6lu:\tLength = %lu\r\n"
							                       L"\t\t\t\tString = ",
							                       IS_INTRESOURCE(lpName) ? (WORD) lpName * 16 - dwUnicode : 16 - dwUnicode, dw);

							while (lpUnicode[dw] == L'\0')
								dw--;

							bOutput &= PrintDirect(hOutput, lpUnicode + 1, dw);
							bOutput &= PrintString(hOutput, L"\r\n");
						}

						break;

					case RT_MESSAGETABLE:

						for (lpTable = lpResource,
						     lpBlock = lpTable->Blocks,
						     dwBlock = 0; dwBlock < lpTable->NumberOfBlocks; dwBlock++)
						{
							if (lpBlock[dwBlock].LowId == lpBlock[dwBlock].HighId)
								bOutput &= PrintFormat(hOutput,
								                       L"\t\t\t%6lu:\tMessage ID 0x%08lX\r\n",
								                       dwBlock, lpBlock[dwBlock].LowId);
							else
								bOutput &= PrintFormat(hOutput,
								                       L"\t\t\t%6lu:\tMessage IDs 0x%08lX to 0x%08lX\r\n",
								                       dwBlock, lpBlock[dwBlock].LowId, lpBlock[dwBlock].HighId);

							for (lpEntry = (MESSAGE_RESOURCE_ENTRY *) ((BYTE *) lpTable + lpBlock[dwBlock].OffsetToEntries),
							     dwEntry = lpBlock[dwBlock].LowId; dwEntry <= lpBlock[dwBlock].HighId; dwEntry++,
							     lpEntry = (MESSAGE_RESOURCE_ENTRY *) ((BYTE *) lpEntry + lpEntry->Length))
								if (lpEntry->Flags == MESSAGE_RESOURCE_UNICODE)
									bOutput &= PrintFormat(hOutput,
									                       L"\t\t\t\t0x%08lX:\tSize = %hu\r\n"
									                       L"\t\t\t\t\t\tText = %.999ls\r\n",
									                       dwEntry, lpEntry->Length, lpEntry->Text);
								else if (lpEntry->Flags == MESSAGE_RESOURCE_ANSI)
									bOutput &= PrintFormat(hOutput,
									                       L"\t\t\t\t0x%08lX:\tSize = %hu\r\n"
									                       L"\t\t\t\t\t\tText = %.999hs\r\n",
									                       dwEntry, lpEntry->Length, lpEntry->Text);
								else
									PrintConsole(hConsole,
									             L"Text type %hu of message 0x%08lX neither UNICODE nor ANSI!\n",
									             lpEntry->Flags, dwEntry);
						}

						break;

					case RT_VERSION:

						lpVersionInfo = lpResource;

						if (lpVersionInfo->wSize != dwResource)
							PrintConsole(hConsole,
							             L"Size %hu in \'VERSIONINFO\' differs from size of \'VERSION\' resource!\n",
							             lpVersionInfo->wSize);

						if (lpVersionInfo->wCount != sizeof(VS_FIXEDFILEINFO))
							PrintConsole(hConsole,
							             L"Size %hu of value in \'VERSIONINFO\' differs from size %lu of \'VS_FIXEDFILEINFO\'!\n",
							             lpVersionInfo->wCount, sizeof(VS_FIXEDFILEINFO));

						if (lpVersionInfo->wType != VS_BINARY)
							PrintConsole(hConsole,
							             L"Type %hu of value in \'VERSIONINFO\' not \'VS_BINARY\'!\n",
							             lpVersionInfo->wType);

						if (wcscmp(lpVersionInfo->szKey, L"VS_VERSION_INFO") != 0)
							PrintConsole(hConsole,
							             L"Key string \"%ls\" in \'VERSIONINFO\' not \"VS_VERSION_INFO\"!\n",
							             lpVersionInfo->szKey);

						if (lpVersionInfo->wPadding != 0)
							PrintConsole(hConsole,
							             L"Padding %hu in \'VERSIONINFO\' not 0!\n",
							             lpVersionInfo->wPadding);

						if (lpVersionInfo->vsFFI.dwSignature != VS_FFI_SIGNATURE)
							PrintConsole(hConsole,
							             L"Signature 0x%08lX in \'FIXEDFILEINFO\' not 0x%08lX!\n",
							             lpVersionInfo->vsFFI.dwSignature, VS_FFI_SIGNATURE);

						if (lpVersionInfo->vsFFI.dwStrucVersion != VS_FFI_STRUCVERSION)
							PrintConsole(hConsole,
							             L"Structure version 0x%08lX in \'FIXEDFILEINFO\' not 0x%08lX!\n",
							             lpVersionInfo->vsFFI.dwStrucVersion, VS_FFI_STRUCVERSION);

						if ((lpVersionInfo->vsFFI.dwFileFlags & lpVersionInfo->vsFFI.dwFileFlagsMask) == 0)
#ifdef _CRT_SECURE_NO_WARNINGS
							wcscpy(szFileFlags, L", None");
#elif 0
							wmemcpy(szFileFlags, L", None", sizeof(", None"));
#else
							memcpy(szFileFlags, L", None", sizeof(L", None"));
#endif
						else
						{
#ifdef _CRT_SECURE_NO_WARNINGS
							*szFileFlags = L'\0';

							if ((lpVersionInfo->vsFFI.dwFileFlags & VS_FF_DEBUG) == VS_FF_DEBUG)
								wcscat(szFileFlags, L", Debug");

							if ((lpVersionInfo->vsFFI.dwFileFlags & VS_FF_INFOINFERRED) == VS_FF_INFOINFERRED)
								wcscat(szFileFlags, L", Inferred");

							if ((lpVersionInfo->vsFFI.dwFileFlags & VS_FF_PATCHED) == VS_FF_PATCHED)
								wcscat(szFileFlags, L", Patched");

							if ((lpVersionInfo->vsFFI.dwFileFlags & VS_FF_PRERELEASE) == VS_FF_PRERELEASE)
								wcscat(szFileFlags, L", Pre-Release");

							if ((lpVersionInfo->vsFFI.dwFileFlags & VS_FF_PRIVATEBUILD) == VS_FF_PRIVATEBUILD)
								wcscat(szFileFlags, L", Private Build");

							if ((lpVersionInfo->vsFFI.dwFileFlags & VS_FF_SPECIALBUILD) == VS_FF_SPECIALBUILD)
								wcscat(szFileFlags, L", Special Build");
#else
							lpFileFlags = szFileFlags;

							if ((lpVersionInfo->vsFFI.dwFileFlags & VS_FF_DEBUG) == VS_FF_DEBUG)
							{
								memcpy(lpFileFlags, L", Debug", sizeof(L", Debug"));

								lpFileFlags += sizeof(" Debug");
							}

							if ((lpVersionInfo->vsFFI.dwFileFlags & VS_FF_INFOINFERRED) == VS_FF_INFOINFERRED)
							{
								memcpy(lpFileFlags, L", Inferred", sizeof(L", Inferred"));

								lpFileFlags += sizeof(" Inferred");
							}

							if ((lpVersionInfo->vsFFI.dwFileFlags & VS_FF_PATCHED) == VS_FF_PATCHED)
							{
								memcpy(lpFileFlags, L", Patched", sizeof(L", Patched"));

								lpFileFlags += sizeof(" Patched");
							}

							if ((lpVersionInfo->vsFFI.dwFileFlags & VS_FF_PRERELEASE) == VS_FF_PRERELEASE)
							{
								memcpy(lpFileFlags, L", Pre-Release", sizeof(L", Pre-Release"));

								lpFileFlags += sizeof(" Pre-Release");
							}

							if ((lpVersionInfo->vsFFI.dwFileFlags & VS_FF_PRIVATEBUILD) == VS_FF_PRIVATEBUILD)
							{
								memcpy(lpFileFlags, L", Private Build", sizeof(L", Private Build"));

								lpFileFlags += sizeof(" Private Build");
							}

							if ((lpVersionInfo->vsFFI.dwFileFlags & VS_FF_SPECIALBUILD) == VS_FF_SPECIALBUILD)
							{
								memcpy(lpFileFlags, L", Special Build", sizeof(L", Special Build"));

								lpFileFlags += sizeof(" Special Build");
							}
#endif
						}

						if (lpVersionInfo->vsFFI.dwFileType < sizeof(szFileType) / sizeof(*szFileType))
							lpFileType = szFileType[lpVersionInfo->vsFFI.dwFileType];
						else
							lpFileType = L"Undefined";

						if ((lpVersionInfo->vsFFI.dwFileType == VFT_DRV)
						 && (lpVersionInfo->vsFFI.dwFileSubtype < sizeof(szFileDriverType) / sizeof(*szFileDriverType)))
							lpFileSubtype = szFileDriverType[lpVersionInfo->vsFFI.dwFileSubtype];
						else if ((lpVersionInfo->vsFFI.dwFileType == VFT_FONT)
						      && (lpVersionInfo->vsFFI.dwFileSubtype < sizeof(szFileFontType) / sizeof(*szFileFontType)))
							lpFileSubtype = szFileFontType[lpVersionInfo->vsFFI.dwFileSubtype];
						else
							lpFileSubtype = L"Undefined";

						if (HIWORD(lpVersionInfo->vsFFI.dwFileOS) < sizeof(szFileOSHigh) / sizeof(*szFileOSHigh))
							lpFileOSHigh = szFileOSHigh[HIWORD(lpVersionInfo->vsFFI.dwFileOS)];
						else
							lpFileOSHigh = L"Undefined";

						if (LOWORD(lpVersionInfo->vsFFI.dwFileOS) < sizeof(szFileOSLow) / sizeof(*szFileOSLow))
							lpFileOSLow = szFileOSLow[LOWORD(lpVersionInfo->vsFFI.dwFileOS)];
						else
							lpFileOSLow = L"Undefined";

						bOutput &= PrintFormat(hOutput,
						                       L"\t\t\tFixedFileInfo:\r\n"
						                       L"\t\t\t\tProduct Version   = %hu.%hu:%hu.%hu\r\n"
						                       L"\t\t\t\tModule Version    = %hu.%hu:%hu.%hu\r\n"
						                       L"\t\t\t\tModule Flags      = %ls\r\n"
						                       L"\t\t\t\tModule Type       = %ls\r\n"
						                       L"\t\t\t\tModule Subtype    = %ls\r\n",
						                       HIWORD(lpVersionInfo->vsFFI.dwProductVersionMS), LOWORD(lpVersionInfo->vsFFI.dwProductVersionMS),
						                       HIWORD(lpVersionInfo->vsFFI.dwProductVersionLS), LOWORD(lpVersionInfo->vsFFI.dwProductVersionLS),
						                       HIWORD(lpVersionInfo->vsFFI.dwFileVersionMS), LOWORD(lpVersionInfo->vsFFI.dwFileVersionMS),
						                       HIWORD(lpVersionInfo->vsFFI.dwFileVersionLS), LOWORD(lpVersionInfo->vsFFI.dwFileVersionLS),
						                       szFileFlags + 2,
						                       lpFileType,
						                       lpFileSubtype);

						if ((lpVersionInfo->vsFFI.dwFileDateMS == 0)
						 && (lpVersionInfo->vsFFI.dwFileDateLS == 0))
							bOutput &= PrintString(hOutput, L"\t\t\t\tModule Time Stamp = None\r\n");
						else
						{
							ft.dwHighDateTime = lpVersionInfo->vsFFI.dwFileDateMS;
							ft.dwLowDateTime = lpVersionInfo->vsFFI.dwFileDateLS;

							if (!FileTimeToSystemTime(&ft, &st))
								PrintConsole(hConsole,
								             L"FileTimeToSystemTime() returned error %lu\n",
								             GetLastError());
							else
								bOutput &= PrintFormat(hOutput,
								                       L"\t\t\t\tModule Time Stamp = %ls, %04hu-%02hu-%02hu %02hu:%02hu:%02hu.%03hu UTC\r\n",
								                       szDayOfWeek[st.wDayOfWeek],
								                       st.wYear, st.wMonth, st.wDay, st.wHour, st.wMinute, st.wSecond, st.wMilliseconds);
						}

						bOutput &= PrintFormat(hOutput,
						                       L"\t\t\t\tTarget OS         = %ls, %ls\r\n",
						                       lpFileOSHigh, lpFileOSLow);

						for (lp = (LPBYTE) lpVersionInfo + lpVersionInfo->wSize,
						     lpVersionInfo += 1;
						     lpVersionInfo < (VS_VERSIONINFO *) lp;
						     lpVersionInfo = (VS_VERSIONINFO *) ((LPBYTE) lpVersionInfo + dwSize))
						{
							dwKey = wcslen(lpVersionInfo->szKey);
							lpValue = lpVersionInfo->szKey + (dwKey + dwKey % 2 + 1);
							dwSize = lpValue - (LPWSTR) lpVersionInfo;

							if ((lpVersionInfo->wCount == 0)
							 && (lpVersionInfo->wSize > dwSize))
								bOutput &= PrintFormat(hOutput,
								                       L"\t\t\t\t%ls:\r\n" + (dwKey != 8),
								                       lpVersionInfo->szKey);
							else
							{
								dwSize = lpVersionInfo->wSize + lpVersionInfo->wSize % sizeof(DWORD);

								if (lpVersionInfo->wType == VS_TEXT)
									bOutput &= PrintFormat(hOutput,
									                       lpVersionInfo->wCount == 0 ? L"\t\t\t\t\t%-16ls =\r\n" : L"\t\t\t\t\t%-16ls = %ls\r\n",
									                       lpVersionInfo->szKey, lpValue);
								else
								{
									bOutput &= PrintFormat(hOutput,
									                       L"\t\t\t\t%ls =",
									                       lpVersionInfo->szKey);

									for (dwValue = 0; dwValue < lpVersionInfo->wCount / 2; dwValue++)
										bOutput &= PrintFormat(hOutput,
										                       dwValue & 1 ? L":%hu" : L" 0x%04hX",
										                       lpValue[dwValue]);

									bOutput &= PrintString(hOutput, L"\r\n");
								}
							}
						}

						break;

					case RT_HTML:
					case RT_MANIFEST:

						if (*(DWORD *) lpResource == 0xFFFE0000)
							bOutput &= PrintString(hOutput, L"\t\t\tUTF-32BE\r\n");
						else if (*(DWORD *) lpResource == 0x0000FEFF)
							bOutput &= PrintString(hOutput, L"\t\t\tUTF-32LE\r\n");
						else if (*(WORD *) lpResource == 0xFFFE)
							bOutput &= PrintString(hOutput, L"\t\t\tUTF-16BE\r\n");
						else if (*(WORD *) lpResource == 0xFEFF)
							bOutput &= PrintFormat(hOutput,
							                       L"\t\t\tUTF-16LE = %.999ls\r\n",
							                       (WCHAR *) lpResource + 1);
						else if ((*(DWORD *) lpResource & 0x00FFFFFF) == 0x00BFBBEF)
							bOutput &= PrintFormat(hOutput,
							                       L"\t\t\tUTF-8 = %.999hs\r\n",
							                       (CHAR *) lpResource + 3);
						else if ((*(DWORD *) lpResource == 0x2B762F2B)
						      || (*(DWORD *) lpResource == 0x2F762F2B)
						      || (*(DWORD *) lpResource == 0x38762F2B)
						      || (*(DWORD *) lpResource == 0x39762F2B))
							bOutput &= PrintString(hOutput, L"\t\t\tUTF-7\r\n");
						else
							bOutput &= PrintFormat(hOutput,
							                       L"\t\t\tASCII = %.999hs\r\n",
							                       (CHAR *) lpResource);
						break;

					case RT_LOCALE:

						if (dwResource == sizeof(DWORD))
							bOutput &= PrintFormat(hOutput,
							                       L"\t\t\t%lu = 0x%04lX\r\n",
							                       *(DWORD *) lpResource, *(DWORD *) lpResource);
						break;

				//	default:
					}
				else
#if 0
					if (wcscmp(lpType, L"MUI") == 0)
#elif 0
					if (wmemcmp(lpType, L"MUI", sizeof("MUI")) == 0)
#else
					if (memcmp(lpType, L"MUI", sizeof(L"MUI")) == 0)
#endif
					{
						lpMUI = (MUI_RESOURCE *) lpResource;

						if (lpMUI->dwSignature != MUI_RESOURCE_SIGNATURE)
							PrintConsole(hConsole,
							             L"Signature 0x%08lX of resource configuration data not 0x%08lX!\n",
							             lpMUI->dwSignature, MUI_RESOURCE_SIGNATURE);
						else
							bOutput &= PrintFormat(hOutput,
							                       L"\t\t\tResource Configuration Data:\r\n"
							                       L"\t\t\t\tVersion           = %hu.%hu\r\n"
							                       L"\t\t\t\tType              = %lu (%ls)\r\n"
							                       L"\t\t\t\tLanguage          = %ls\r\n"
							                       L"\t\t\t\tFallback Language = %ls\r\n"
							                       L"\t\t\t\tFallback Location = %lu (%ls)\r\n"
							                       L"\t\t\t\tSystem Attributes = 0x%08lX\r\n"
							                       L"\t\t\t\tMain Checksum     = %08lX %08lX %08lX %08lX\r\n"
							                       L"\t\t\t\tService Checksum  = %08lX %08lX %08lX %08lX\r\n",
							                       HIWORD(lpMUI->dwVersion), LOWORD(lpMUI->dwVersion),
							                       lpMUI->dwFileType, MUIFileType(lpMUI->dwFileType),
							                       lpMUI->dwLanguageNameOffset == 0 ? NULL : (BYTE *) lpMUI + lpMUI->dwLanguageNameOffset,
							                       lpMUI->dwFallbackNameOffset == 0 ? NULL : (BYTE *) lpMUI + lpMUI->dwFallbackNameOffset,
							                       lpMUI->dwFallbackLocation, MUIFallbackLocation(lpMUI->dwFallbackLocation),
							                       lpMUI->dwSystemAttributes,
							                       _byteswap_ulong(((DWORD *) lpMUI->bMainChecksum)[0]),
							                       _byteswap_ulong(((DWORD *) lpMUI->bMainChecksum)[1]),
							                       _byteswap_ulong(((DWORD *) lpMUI->bMainChecksum)[2]),
							                       _byteswap_ulong(((DWORD *) lpMUI->bMainChecksum)[3]),
							                       _byteswap_ulong(((DWORD *) lpMUI->bServiceChecksum)[0]),
							                       _byteswap_ulong(((DWORD *) lpMUI->bServiceChecksum)[1]),
							                       _byteswap_ulong(((DWORD *) lpMUI->bServiceChecksum)[2]),
							                       _byteswap_ulong(((DWORD *) lpMUI->bServiceChecksum)[3]));
					}
#if 0	// OBSOLETE!
				if (!UnlockResource(lpResource))
					PrintConsole(hConsole,
					             L"UnlockResource() returned FALSE\n");
#endif
			}
#if 0	// OBSOLETE!
			if (!FreeResource(hResData))
				PrintConsole(hConsole,
				             L"FreeResource() returned FALSE\n");
#endif
		}

		if (!bOutput)
			PrintConsole(hConsole,
			             L"WriteFile() returned error %lu\n",
			             GetLastError());
	}

	return TRUE;
}

BOOL	WINAPI	EnumResNameProc(HMODULE hModule,
		                LPCWSTR lpType,
		                LPWSTR  lpName,
		                LPARAM  lParam)
{
	BOOL	bOutput;
	HANDLE	hOutput = ((HANDLE *) lParam)[1];
	HANDLE	hConsole = ((HANDLE *) lParam)[2];

	if (IS_INTRESOURCE(lpName))
		bOutput = PrintFormat(hOutput,
		                      L"\tID: %hu\r\n",
		                      (WORD) lpName);
	else
		bOutput = PrintFormat(hOutput,
		                      L"\tName: %ls\r\n",
		                      lpName);

	if (!bOutput)
		PrintConsole(hConsole,
		             L"WriteFile() returned error %lu\n",
		             GetLastError());
#ifdef NEUTRAL
	if (!EnumResourceLanguagesEx(hModule,
	                             lpType,
	                             lpName,
	                             EnumResLangProc,
	                             lParam,
	                             RESOURCE_ENUM_LN,
	                             MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL)))
		PrintConsole(hConsole,
		             L"EnumResourceLanguagesEx() returned error %lu\n",
		             GetLastError());
#else
	if (!EnumResourceLanguages(hModule,
	                           lpType,
	                           lpName,
	                           EnumResLangProc,
	                           lParam))
		PrintConsole(hConsole,
		             L"EnumResourceLanguages() returned error %lu\n",
		             GetLastError());
#endif
	return TRUE;
}

BOOL	WINAPI	EnumResTypeProc(HMODULE hModule,
		                LPWSTR  lpType,
		                LPARAM  lParam)
{
	BOOL	bOutput;
	HANDLE	hOutput = ((HANDLE *) lParam)[1];
	HANDLE	hConsole = ((HANDLE *) lParam)[2];

	if (IS_INTRESOURCE(lpType))
		bOutput = PrintFormat(hOutput,
		                      L"Type: %hu ; %ls\r\n",
		                      (WORD) lpType, ResourceTypeName((WORD) lpType));
	else
		bOutput = PrintFormat(hOutput,
		                      L"Name: %ls\r\n",
		                      lpType);

	if (!bOutput)
		PrintConsole(hConsole,
		             L"WriteFile() returned error %lu\n",
		             GetLastError());
#ifdef NEUTRAL
	if (!EnumResourceNamesEx(hModule,
	                         lpType,
	                         EnumResNameProc,
	                         lParam,
	                         RESOURCE_ENUM_LN,
	                         MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL)))
		PrintConsole(hConsole,
		             L"EnumResourceNamesEx() returned error %lu\n",
		             GetLastError());
#else
	if (!EnumResourceNames(hModule,
	                       lpType,
	                       EnumResNameProc,
	                       lParam))
		PrintConsole(hConsole,
		             L"EnumResourceNames() returned error %lu\n",
		             GetLastError());
#endif
	return TRUE;
}

__declspec(noreturn)
VOID	WINAPI	wmainCRTStartup(VOID)
{
	HANDLE	*hHandles[3];
	LPWSTR	*lpArguments;
	INT	nArguments;
	DWORD	dwError = ERROR_BAD_ARGUMENTS;
	HMODULE	hModule;
	HANDLE	hOutput;
	HANDLE	hConsole = GetStdHandle(STD_ERROR_HANDLE);

	if (hConsole == INVALID_HANDLE_VALUE)
		dwError = GetLastError();
	else
	{
		lpArguments = CommandLineToArgvW(GetCommandLine(), &nArguments);

		if (lpArguments == NULL)
			PrintConsole(hConsole,
			             L"CommandLineToArgv() returned error %lu\n",
			             dwError = GetLastError());
		else
		{
			if (nArguments != 2)
				PrintConsole(hConsole,
				             L"No argument: a single (absolute or relative) path name of a binary module\n"
				             L"             (eventually located per DLL search order) must be given!\n");
			else
			{
				hOutput = GetStdHandle(STD_OUTPUT_HANDLE);

				if (hOutput == INVALID_HANDLE_VALUE)
					PrintConsole(hConsole,
					             L"GetStdHandle() returned error %lu\n",
					             dwError = GetLastError());
				else
				{
					if (!FlushFileBuffers(hOutput))
						PrintConsole(hConsole,
						             L"FlushFileBuffers() returned error %lu: standard output is not redirected to a file!\n",
						             dwError = GetLastError());
					else
					{
						hModule = LoadLibraryEx(lpArguments[1],
						                        (HANDLE) NULL,
						                        LOAD_LIBRARY_AS_DATAFILE);

						if (hModule == NULL)
							PrintConsole(hConsole,
							             L"LoadLibraryEx() returned error %lu\n",
							             dwError = GetLastError());
						else
						{
							PrintConsole(hConsole,
							             L"Module \'%ls\' loaded at address 0x%p\n",
							             lpArguments[1], hModule);

							if (!PrintFormat(hOutput,
							                 L"\xFEFF"	// UTF-16LE BOM
							                 L"Module \'%ls\'\r\n"
							                 L"\r\n",
							                 lpArguments[1]))
								PrintConsole(hConsole,
								             L"WriteFile() returned error %lu\n",
								             dwError = GetLastError());

							hHandles[0] = NULL;
							hHandles[1] = hOutput;
							hHandles[2] = hConsole;
#ifdef NEUTRAL
							if (!EnumResourceTypesEx(hModule,
							                         EnumResTypeProc,
							                         (LPARAM) hHandles,
							                         RESOURCE_ENUM_LN,
							                         MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL)))
								PrintConsole(hConsole,
								             L"EnumResourceTypesEx() returned error %lu\n",
								             dwError = GetLastError());
#else
							if (!EnumResourceTypes(hModule,
							                       EnumResTypeProc,
							                       (LPARAM) hHandles))
								PrintConsole(hConsole,
								             L"EnumResourceTypes() returned error %lu\n",
								             dwError = GetLastError());
#endif
							else
								dwError = ERROR_SUCCESS;

							if (!FreeLibrary(hModule))
								PrintConsole(hConsole,
								             L"FreeLibrary() returned error %lu\n",
								             GetLastError());
							else
								PrintConsole(hConsole,
								             L"Module \'%ls\' unloaded\n",
								             lpArguments[1]);
						}
					}
				}
			}

			if (LocalFree(lpArguments) != NULL)
				PrintConsole(hConsole,
				             L"LocalFree() returned error %lu\n",
				             GetLastError());
		}

		if (!CloseHandle(hConsole))
			PrintConsole(hConsole,
			             L"CloseHandle() returned error %lu\n",
			             GetLastError());
	}

	ExitProcess(dwError);
}

  2. Run the following four command lines to compile the source file RESOURCE.C created in step 1., link the compiled object file RESOURCE.OBJ and cleanup afterwards: 

    SET CL=/DLOCALE /DNEUTRAL /GA /GF /GS /Gy /O1 /Oi /Os /Oy /W4 /Zl
SET LINK=/DEFAULTLIB:KERNEL32.LIB /DEFAULTLIB:SHELL32.LIB /DEFAULTLIB:USER32.LIB /ENTRY:wmainCRTStartup /LARGEADDRESSAWARE /NOCOFFGRPINFO /OSVERSION:6.0 /RELEASE /SUBSYSTEM:CONSOLE /SWAPRUN:CD,NET /VERSION:0.815
CL.EXE /FeRESOURCE.COM RESOURCE.C
ERASE RESOURCE.OBJ
    For details and reference see the MSDN articles Compiler Options and Linker Options.

    Note: if necessary, see the MSDN article Use the Microsoft C++ toolset from the command line for an introduction.

    Note: the command lines can be copied and pasted as block into a Command Processor window! 

    Microsoft (R) C/C++ Optimizing Compiler Version 16.00.40219.01 for 80x86
Copyright (C) Microsoft Corporation.  All rights reserved.

RESOURCE.C
RESOURCE.C(476) : warning C4305: 'type cast' : truncation from 'LPWSTR' to 'WORD'
RESOURCE.C(498) : warning C4305: 'type cast' : truncation from 'LPWSTR' to 'WORD'
RESOURCE.C(751) : warning C4018: '<' : signed/unsigned mismatch
RESOURCE.C(876) : warning C4305: 'type cast' : truncation from 'LPWSTR' to 'WORD'
RESOURCE.C(921) : warning C4305: 'type cast' : truncation from 'LPWSTR' to 'WORD'
RESOURCE.C(921) : warning C4305: 'type cast' : truncation from 'LPWSTR' to 'WORD'

Microsoft (R) Incremental Linker Version 10.00.40219.386
Copyright (C) Microsoft Corporation.  All rights reserved.

…

Source and Build Instructions – Variant 2

Perform the following 2 simple steps to build variant 2 of the console application Portable Executable Resource Enumerator from the source presented hereafter.

  1. Overwrite the text file RESOURCE.C with the following content: 

    // Copyright © 2004-2023, Stefan Kanthak <‍stefan‍.‍kanthak‍@‍nexgo‍.‍de‍>

// * The software is provided "as is" without any warranty, neither express
//   nor implied.
// * In no event will the author be held liable for any damage(s) arising
//   from the use of the software.
// * Redistribution of the software is allowed only in unmodified form.
// * Permission is granted to use the software solely for personal private
//   and non-commercial purposes.
// * An individuals use of the software in his or her capacity or function
//   as an agent, (independent) contractor, employee, member or officer of
//   a business, corporation or organization (commercial or non-commercial)
//   does not qualify as personal private and non-commercial purpose.
// * Without written approval from the author the software must not be used
//   for a business, for commercial, corporate, governmental, military or
//   organizational purposes of any kind, or in a commercial, corporate,
//   governmental, military or organizational environment of any kind.

#define STRICT
#define UNICODE
#define WIN32_LEAN_AND_MEAN

#include <windows.h>
#include <shellapi.h>

#ifndef MESSAGE_RESOURCE_ANSI
#define MESSAGE_RESOURCE_ANSI	0
#endif

#ifndef RT_MENUEX
#define RT_MENUEX	MAKEINTRESOURCE(13)
#endif

#ifndef RT_NAMETABLE
#define RT_NAMETABLE	MAKEINTRESOURCE(15)
#endif

#ifndef RT_DIALOGEX
#define RT_DIALOGEX	MAKEINTRESOURCE(18)
#endif

#ifndef RT_DLGINIT
#define RT_DLGINIT	MAKEINTRESOURCE(240)
#endif

#ifndef RT_TOOLBAR
#define RT_TOOLBAR	MAKEINTRESOURCE(241)
#endif

#ifndef RT_LOCALE
#define RT_LOCALE	MAKEINTRESOURCE(255)
#endif

typedef	struct	_VS_VERSIONINFO
{
	WORD	wSize;		// size of 'VERSION' resource
	WORD	wCount;		// = sizeof(VS_FIXEDFILEINFO)
				//   (number of bytes in binary value)
	WORD	wType;		// = VS_BINARY
	WCHAR	szKey[16];	// = L"VS_VERSION_INFO"
	WORD	wPadding;	// = 0 (alignment to DWORD)
#if 0
	DWORD	dwValue[13];
#else
	VS_FIXEDFILEINFO	vsFFI;
#endif
} VS_VERSIONINFO;

typedef	struct	_MUI_RESOURCE
{
	DWORD	dwSignature;		// = 0xFECDFECD
	DWORD	dwSize;			// size of "MUI" resource configuration data
	DWORD	dwVersion;		// = 0x00010000
	DWORD	dwUnknown;
	DWORD	dwFileType;		// = 0x00000011: LN, language-neutral main file
					// = 0x00000012: MUI, language-specific satellite file
	DWORD	dwSystemAttributes;
	DWORD	dwFallbackLocation;	// = 0x00000000: none
					// = 0x00000001: internal
					// = 0x00000002: external
	BYTE	bServiceChecksum[16];
	BYTE	bMainChecksum[16];
	DWORD	dwReserved[6];
	DWORD	dwTypeNameMainOffset;	// offset and size of named resource types
	DWORD	dwTypeNameMainSize;	//  in main file (MULTI_SZ list)
	DWORD	dwTypeIDMainOffset;	// offset and size of unnamed resource types
	DWORD	dwTypeIDMainSize;	//  in main file (DWORD array)
	DWORD	dwTypeNameMUIOffset;	// offset and size of named resource types
	DWORD	dwTypeNameMUISize;	//  in satellite file (MULTI_SZ list)
	DWORD	dwTypeIDMUIOffset;	// offset and size of unnamed resource types
	DWORD	dwTypeIDMUISize;	//  in satellite file (DWORD array)
	DWORD	dwLanguageNameOffset;	// offset and size of language string
	DWORD	dwLanguageNameSize;
	DWORD	dwFallbackNameOffset;	// offset and size of (ultimate) fallback
	DWORD	dwFallbackNameSize;	//  language string
	DWORD	dwPadding;
//	DWORD	dwData[0];
} MUI_RESOURCE;

#define MUI_RESOURCE_SIGNATURE		0xFECDFECDUL
#define MUI_RESOURCE_FILETYPE_MAIN	0x00000011UL
#define MUI_RESOURCE_FILETYPE_SATELLITE	0x00000012UL
#define MUI_RESOURCE_FALLBACK_NONE	0x00000000UL
#define MUI_RESOURCE_FALLBACK_INTERNAL	0x00000001UL
#define MUI_RESOURCE_FALLBACK_EXTERNAL	0x00000002UL

__declspec(safebuffers)
BOOL	PrintConsole(HANDLE hConsole, [SA_FormatString(Style="printf")] LPCWSTR lpFormat, ...)
{
	WCHAR	szBuffer[1025];
	DWORD	dwBuffer;
	DWORD	dwConsole;

	va_list	vaInput;
	va_start(vaInput, lpFormat);

	dwBuffer = wvsprintf(szBuffer, lpFormat, vaInput);

	va_end(vaInput);

	if (dwBuffer == 0)
		return FALSE;

	if (!WriteConsole(hConsole, szBuffer, dwBuffer, &dwConsole, NULL))
		return FALSE;

	return dwConsole == dwBuffer;
}

__declspec(safebuffers)
BOOL	PrintFormat(HANDLE hFile, [SA_FormatString(Style="printf")] LPCWSTR lpFormat, ...)
{
	WCHAR	szBuffer[1025];
	LPBYTE	lpBuffer = (LPBYTE) szBuffer;
	DWORD	dwBuffer;
	DWORD	dwFile;

	va_list	vaInput;
	va_start(vaInput, lpFormat);

	dwBuffer = wvsprintf(szBuffer, lpFormat, vaInput);

	va_end(vaInput);

	if (dwBuffer == 0)
		return FALSE;

	dwBuffer *= sizeof(*szBuffer);

	do
	{
		if (!WriteFile(hFile, lpBuffer, dwBuffer, &dwFile, (LPOVERLAPPED) NULL))
			return FALSE;

		lpBuffer += dwFile;
		dwBuffer -= dwFile;
	} while (dwBuffer > 0);

	return TRUE;
}

#define PrintString(HANDLE, LITERAL)	PrintDirect(HANDLE, LITERAL, sizeof(LITERAL) / sizeof(*LITERAL) - 1UL)

__inline
BOOL	WINAPI	PrintDirect(HANDLE hFile, LPCWSTR lpString, DWORD dwString)
{
	DWORD	dwFile;

	dwString *= sizeof(*lpString);

	do
	{
		if (!WriteFile(hFile, lpString, dwString, &dwFile, (LPOVERLAPPED) NULL))
			return FALSE;

		lpString = (LPCWSTR) ((LPBYTE) lpString + dwFile);
		dwString -= dwFile;
	} while (dwString > 0);

	return TRUE;
}

__inline
LPCWSTR	WINAPI	MUIFileType(DWORD dwFileType)
{
	switch (dwFileType)
	{
	case MUI_RESOURCE_FILETYPE_MAIN:
		return L"LN: language-neutral main file";

	case MUI_RESOURCE_FILETYPE_SATELLITE:
		return L"MUI: language-specific satellite file";

	default:
		return NULL;
	}
}

__inline
LPCWSTR	WINAPI	MUIFallbackLocation(DWORD dwFallbackLocation)
{
	switch (dwFallbackLocation)
	{
	case MUI_RESOURCE_FALLBACK_NONE:
		return L"none";

	case MUI_RESOURCE_FALLBACK_INTERNAL:
		return L"internal";

	case MUI_RESOURCE_FALLBACK_EXTERNAL:
		return L"external";

	default:
		return NULL;
	}
}

LPCWSTR	WINAPI	ResourceTypeName(WORD wResType)
{
	switch (wResType)
	{
	case RT_CURSOR:		// MAKEINTRESOURCE(1)
		return L"RT_CURSOR";

	case RT_BITMAP:		// MAKEINTRESOURCE(2)
		return L"RT_BITMAP";

	case RT_ICON:		// MAKEINTRESOURCE(3)
		return L"RT_ICON";

	case RT_MENU:		// MAKEINTRESOURCE(4)
		return L"RT_MENU";

	case RT_DIALOG:		// MAKEINTRESOURCE(5)
		return L"RT_DIALOG";

	case RT_STRING:		// MAKEINTRESOURCE(6)
#if 1
		return L"RT_STRING";
#else
		return L"RT_STRINGTABLE";
#endif
	case RT_FONTDIR:	// MAKEINTRESOURCE(7)
		return L"RT_FONTDIR";

	case RT_FONT:		// MAKEINTRESOURCE(8)
		return L"RT_FONT";

	case RT_ACCELERATOR:	// MAKEINTRESOURCE(9)
		return L"RT_ACCELERATOR";

	case RT_RCDATA:		// MAKEINTRESOURCE(10)
		return L"RT_RCDATA";

	case RT_MESSAGETABLE:	// MAKEINTRESOURCE(11)
		return L"RT_MESSAGETABLE";

	case RT_GROUP_CURSOR:	// MAKEINTRESOURCE(12)
		return L"RT_GROUP_CURSOR";

	case RT_MENUEX:		// MAKEINTRESOURCE(13)
		return L"RT_MENUEX";

	case RT_GROUP_ICON:	// MAKEINTRESOURCE(14)
		return L"RT_GROUP_ICON";

	case RT_NAMETABLE:	// MAKEINTRESOURCE(15)
		return L"RT_NAMETABLE";

	case RT_VERSION:	// MAKEINTRESOURCE(16)
		return L"RT_VERSION";

	case RT_DLGINCLUDE:	// MAKEINTRESOURCE(17)
		return L"RT_DLGINCLUDE";

	case RT_DIALOGEX:	// MAKEINTRESOURCE(18)
		return L"RT_DIALOGEX";

	case RT_PLUGPLAY:	// MAKEINTRESOURCE(19)
		return L"RT_PLUGPLAY";

	case RT_VXD:		// MAKEINTRESOURCE(20)
		return L"RT_VXD";

	case RT_ANICURSOR:	// MAKEINTRESOURCE(21)
		return L"RT_ANICURSOR";

	case RT_ANIICON:	// MAKEINTRESOURCE(22)
		return L"RT_ANIICON";

	case RT_HTML:		// MAKEINTRESOURCE(23)
		return L"RT_HTML";

	case RT_MANIFEST:	// MAKEINTRESOURCE(24)
		return L"RT_MANIFEST";

	case RT_DLGINIT:	// MAKEINTRESOURCE(240)
		return L"RT_DLGINIT";

	case RT_TOOLBAR:	// MAKEINTRESOURCE(241)
		return L"RT_TOOLBAR";

	case RT_LOCALE:		// MAKEINTRESOURCE(255)
		return L"RT_LOCALE";

	default:
		return NULL;
	}
}

LPCWSTR	WINAPI	ResourceLanguageName(WORD wLanguageID, BOOL bSymbolic)
{
	switch (wLanguageID)
	{
	case 0x0000: // = MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_NEUTRAL, SUBLANG_NEUTRAL"
		                 : L"Neutral locale language, neutral sublanguage";
	case 0x0400: // = MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT) = LANG_USER_DEFAULT
		return bSymbolic ? L"LANG_NEUTRAL, SUBLANG_DEFAULT"
		                 : L"User default locale language, user default sublanguage";
	case 0x0800: // = MAKELANGID(LANG_NEUTRAL, SUBLANG_SYS_DEFAULT) = LANG_SYSTEM_DEFAULT
		return bSymbolic ? L"LANG_NEUTRAL, SUBLANG_SYS_DEFAULT"
		                 : L"System default locale language, system default sublanguage";
	case 0x0C00: // = MAKELANGID(LANG_NEUTRAL, SUBLANG_CUSTOM_DEFAULT)
		return bSymbolic ? L"LANG_NEUTRAL, SUBLANG_CUSTOM_DEFAULT"
		                 : L"Default custom locale language, default custom sublanguage";
	case 0x1000: // = MAKELANGID(LANG_NEUTRAL, SUBLANG_CUSTOM_UNSPECIFIED)
		return bSymbolic ? L"LANG_NEUTRAL, SUBLANG_CUSTOM_UNSPECIFIED"
		                 : L"Unspecified custom locale language, unspecified custom sublanguage";
	case 0x1400: // = MAKELANGID(LANG_NEUTRAL, SUBLANG_UI_CUSTOM_DEFAULT)
		return bSymbolic ? L"LANG_NEUTRAL, SUBLANG_UI_CUSTOM_DEFAULT"
		                 : L"Default custom MUI locale language, default custom MUI sublanguage";

	case 0x0001: // = MAKELANGID(LANG_ARABIC, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_ARABIC, SUBLANG_NEUTRAL"
		                 : L"Arabic (ar)";
	case 0x0401: // = MAKELANGID(LANG_ARABIC, SUBLANG_ARABIC_SAUDI_ARABIA)
		return bSymbolic ? L"LANG_ARABIC, SUBLANG_ARABIC_SAUDI_ARABIA"
		                 : L"Arabic (ar), Saudi Arabia (SA)";
	case 0x0801: // = MAKELANGID(LANG_ARABIC, SUBLANG_ARABIC_IRAQ)
		return bSymbolic ? L"LANG_ARABIC, SUBLANG_ARABIC_IRAQ"
		                 : L"Arabic (ar), Iraq (IQ)";
	case 0x0C01: // = MAKELANGID(LANG_ARABIC, SUBLANG_ARABIC_EGYPT)
		return bSymbolic ? L"LANG_ARABIC, SUBLANG_ARABIC_EGYPT"
		                 : L"Arabic (ar), Egypt (EG)";
	case 0x1001: // = MAKELANGID(LANG_ARABIC, SUBLANG_ARABIC_LIBYA)
		return bSymbolic ? L"LANG_ARABIC, SUBLANG_ARABIC_LIBYA"
		                 : L"Arabic (ar), Libya (LY)";
	case 0x1401: // = MAKELANGID(LANG_ARABIC, SUBLANG_ARABIC_ALGERIA)
		return bSymbolic ? L"LANG_ARABIC, SUBLANG_ARABIC_ALGERIA"
		                 : L"Arabic (ar), Algeria (DZ)";
	case 0x1801: // = MAKELANGID(LANG_ARABIC, SUBLANG_ARABIC_MOROCCO)
		return bSymbolic ? L"LANG_ARABIC, SUBLANG_ARABIC_MOROCCO"
		                 : L"Arabic (ar), Morocco (MA)";
	case 0x1C01: // = MAKELANGID(LANG_ARABIC, SUBLANG_ARABIC_TUNISIA)
		return bSymbolic ? L"LANG_ARABIC, SUBLANG_ARABIC_TUNISIA"
		                 : L"Arabic (ar), Tunisia (TN)";
	case 0x2001: // = MAKELANGID(LANG_ARABIC, SUBLANG_ARABIC_OMAN)
		return bSymbolic ? L"LANG_ARABIC, SUBLANG_ARABIC_OMAN"
		                 : L"Arabic (ar), Oman (OM)";
	case 0x2401: // = MAKELANGID(LANG_ARABIC, SUBLANG_ARABIC_YEMEN)
		return bSymbolic ? L"LANG_ARABIC, SUBLANG_ARABIC_YEMEN"
		                 : L"Arabic (ar), Yemen (YE)";
	case 0x2801: // = MAKELANGID(LANG_ARABIC, SUBLANG_ARABIC_SYRIA)
		return bSymbolic ? L"LANG_ARABIC, SUBLANG_ARABIC_SYRIA"
		                 : L"Arabic (ar), Syria (SY)";
	case 0x2C01: // = MAKELANGID(LANG_ARABIC, SUBLANG_ARABIC_JORDAN)
		return bSymbolic ? L"LANG_ARABIC, SUBLANG_ARABIC_JORDAN"
		                 : L"Arabic (ar), Jordan (JO)";
	case 0x3001: // = MAKELANGID(LANG_ARABIC, SUBLANG_ARABIC_LEBANON)
		return bSymbolic ? L"LANG_ARABIC, SUBLANG_ARABIC_LEBANON"
		                 : L"Arabic (ar), Lebanon (LB)";
	case 0x3401: // = MAKELANGID(LANG_ARABIC, SUBLANG_ARABIC_KUWAIT)
		return bSymbolic ? L"LANG_ARABIC, SUBLANG_ARABIC_KUWAIT"
		                 : L"Arabic (ar), Kuwait (KW)";
	case 0x3801: // = MAKELANGID(LANG_ARABIC, SUBLANG_ARABIC_UAE)
		return bSymbolic ? L"LANG_ARABIC, SUBLANG_ARABIC_UAE"
		                 : L"Arabic (ar), United Arab Emirates (AE)";
	case 0x3C01: // = MAKELANGID(LANG_ARABIC, SUBLANG_ARABIC_BAHRAIN)
		return bSymbolic ? L"LANG_ARABIC, SUBLANG_ARABIC_BAHRAIN"
		                 : L"Arabic (ar), Bahrain (BH)";
	case 0x4001: // = MAKELANGID(LANG_ARABIC, SUBLANG_ARABIC_QATAR)
		return bSymbolic ? L"LANG_ARABIC, SUBLANG_ARABIC_QATAR"
		                 : L"Arabic (ar), Qatar (QA)";
	case 0x4401: // = MAKELANGID(LANG_ARABIC, SUBLANG_ARABIC_PSEUDO_SAUDI_ARABIA)
		return bSymbolic ? L"LANG_ARABIC, SUBLANG_ARABIC_PSEUDO_SAUDI_ARABIA"
		                 : L"Arabic (ar), Pseudo locale (Ploc), Saudi Arabia (SA)";
	case 0x4801: // = MAKELANGID(LANG_ARABIC, SUBLANG_ARABIC_PALESTINE)
		return bSymbolic ? L"LANG_ARABIC, SUBLANG_ARABIC_PALESTINE"
		                 : L"Arabic (ar), Occupied Palestinian Territory (145)";

	case 0x0002: // = MAKELANGID(LANG_BULGARIAN, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_BULGARIAN, SUBLANG_NEUTRAL"
		                 : L"Bulgarian (bg)";
	case 0x0402: // = MAKELANGID(LANG_BULGARIAN, SUBLANG_BULGARIAN_BULGARIA)
		return bSymbolic ? L"LANG_BULGARIAN, SUBLANG_BULGARIAN_BULGARIA"
		                 : L"Bulgarian (bg), Bulgaria (BG)";

	case 0x0003: // = MAKELANGID(LANG_CATALAN, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_CATALAN, SUBLANG_NEUTRAL"
		                 : L"Catalan (ca)";
	case 0x0403: // = MAKELANGID(LANG_CATALAN, SUBLANG_CATALAN_CATALAN)
		return bSymbolic ? L"LANG_CATALAN, SUBLANG_CATALAN_CATALAN"
		                 : L"Catalan (ca), Spain (ES)";
	case 0x0803: // = MAKELANGID(LANG_VALENCIAN, SUBLANG_VALENCIAN_VALENCIA)
		return bSymbolic ? L"LANG_VALENCIAN, SUBLANG_VALENCIAN_VALENCIA"
		                 : L"Valencian (ca), Valencia (ES-Valencia)";

	case 0x0004: // = MAKELANGID(LANG_CHINESE, SUBLANG_CHINESE_SIMPLIFIED)
		return bSymbolic ? L"LANG_CHINESE, SUBLANG_CHINESE_SIMPLIFIED"
		                 : L"Chinese (zh), Simplified (Hans)";
	case 0x0404: // = MAKELANGID(LANG_CHINESE, SUBLANG_CHINESE_TAIWAN)
		return bSymbolic ? L"LANG_CHINESE, SUBLANG_CHINESE_TAIWAN"
		                 : L"Chinese (zh), Taiwan (TW)";
	case 0x0804: // = MAKELANGID(LANG_CHINESE, SUBLANG_CHINESE_PRC)
		return bSymbolic ? L"LANG_CHINESE, SUBLANG_CHINESE_PRC"
		                 : L"Chinese (zh), People\'s Republic of China (CN)";
	case 0x0C04: // = MAKELANGID(LANG_CHINESE, SUBLANG_CHINESE_HONGKONG)
		return bSymbolic ? L"LANG_CHINESE, SUBLANG_CHINESE_HONGKONG"
		                 : L"Chinese (zh), Hongkong S.A.R. (HK)";
	case 0x1004: // = MAKELANGID(LANG_CHINESE, SUBLANG_CHINESE_SINGAPORE)
		return bSymbolic ? L"LANG_CHINESE, SUBLANG_CHINESE_SINGAPORE"
		                 : L"Chinese (zh), Singapore (SG)";
	case 0x1404: // = MAKELANGID(LANG_CHINESE, SUBLANG_CHINESE_MACAU)
		return bSymbolic ? L"LANG_CHINESE, SUBLANG_CHINESE_MACAU"
		                 : L"Chinese (zh), Macao S.A.R. (MO)";
	case 0x7804: // = MAKELANGID(LANG_CHINESE, SUBLANG_CHINESE)
		return bSymbolic ? L"LANG_CHINESE, SUBLANG_CHINESE"
		                 : L"Chinese (zh)";
	case 0x7C04: // = MAKELANGID(LANG_CHINESE, SUBLANG_CHINESE_TRADITIONAL) = LANG_CHINESE_TRADITIONAL
		return bSymbolic ? L"LANG_CHINESE, SUBLANG_CHINESE_TRADITIONAL"
		                 : L"Chinese (zh), Traditional (Hant)";

	case 0x0005: // = MAKELANGID(LANG_CZECH, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_CZECH, SUBLANG_NEUTRAL"
		                 : L"Czech (cs)";
	case 0x0405: // = MAKELANGID(LANG_CZECH, SUBLANG_CZECH_CZECH_REPUBLIC)
		return bSymbolic ? L"LANG_CZECH, SUBLANG_CZECH_CZECH_REPUBLIC"
		                 : L"Czech (cs), Czech Republic (CZ)";

	case 0x0006: // = MAKELANGID(LANG_DANISH, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_DANISH, SUBLANG_NEUTRAL"
		                 : L"Danish (da)";
	case 0x0406: // = MAKELANGID(LANG_DANISH, SUBLANG_DANISH_DENMARK)
		return bSymbolic ? L"LANG_DANISH, SUBLANG_DANISH_DENMARK"
		                 : L"Danish (da), Denmark (DK)";

	case 0x0007: // = MAKELANGID(LANG_GERMAN, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_GERMAN, SUBLANG_NEUTRAL"
		                 : L"German (de)";
#if 0
	case 0x0407: // = MAKELANGID(LANG_GERMAN, SUBLANG_GERMAN)
		return bSymbolic ? L"LANG_GERMAN, SUBLANG_GERMAN"
		                 : L"German (de), Germany (DE)";
#else
	case 0x0407: // = MAKELANGID(LANG_GERMAN, SUBLANG_GERMAN_GERMANY)
		return bSymbolic ? L"LANG_GERMAN, SUBLANG_GERMAN_GERMANY"
		                 : L"German (de), Germany (DE)";
#endif
	case 0x0807: // = MAKELANGID(LANG_GERMAN, SUBLANG_GERMAN_SWISS)
		return bSymbolic ? L"LANG_GERMAN, SUBLANG_GERMAN_SWISS"
		                 : L"German (de), Switzerland (CH)";
	case 0x0C07: // = MAKELANGID(LANG_GERMAN, SUBLANG_GERMAN_AUSTRIAN)
		return bSymbolic ? L"LANG_GERMAN, SUBLANG_GERMAN_AUSTRIAN"
		                 : L"German (de), Austria (AT)";
	case 0x1007: // = MAKELANGID(LANG_GERMAN, SUBLANG_GERMAN_LUXEMBOURG)
		return bSymbolic ? L"LANG_GERMAN, SUBLANG_GERMAN_LUXEMBOURG"
		                 : L"German (de), Luxembourg (LU)";
	case 0x1407: // = MAKELANGID(LANG_GERMAN, SUBLANG_GERMAN_LIECHTENSTEIN)
		return bSymbolic ? L"LANG_GERMAN, SUBLANG_GERMAN_LIECHTENSTEIN"
		                 : L"German (de), Liechtenstein (LI)";

	case 0x0008: // = MAKELANGID(LANG_GREEK, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_GREEK, SUBLANG_NEUTRAL"
		                 : L"Greek (el)";
	case 0x0408: // = MAKELANGID(LANG_GREEK, SUBLANG_GREEK_GREECE)
		return bSymbolic ? L"LANG_GREEK, SUBLANG_GREEK_GREECE"
		                 : L"Greek (el), Greece (GR)";

	case 0x0009: // = MAKELANGID(LANG_ENGLISH, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_ENGLISH, SUBLANG_NEUTRAL"
		                 : L"English (en)";
	case 0x0409: // = MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_US)
		return bSymbolic ? L"LANG_ENGLISH, SUBLANG_ENGLISH_US"
		                 : L"English (en), United States (US)";
	case 0x0809: // = MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_UK)
		return bSymbolic ? L"LANG_ENGLISH, SUBLANG_ENGLISH_UK"
		                 : L"English (en), United Kingdom (GB)";
	case 0x0C09: // = MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_AUS)
		return bSymbolic ? L"LANG_ENGLISH, SUBLANG_ENGLISH_AUS"
		                 : L"English (en), Australia (AU)";
	case 0x1009: // = MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_CAN)
		return bSymbolic ? L"LANG_ENGLISH, SUBLANG_ENGLISH_CAN"
		                 : L"English (en), Canada (CA)";
	case 0x1409: // = MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_NZ)
		return bSymbolic ? L"LANG_ENGLISH, SUBLANG_ENGLISH_NZ"
		                 : L"English (en), New Zealand (NZ)";
#if 0
	case 0x1809: // = MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_EIRE)
		return bSymbolic ? L"LANG_ENGLISH, SUBLANG_ENGLISH_EIRE"
		                 : L"English (en), Ireland (IE)";
#else
	case 0x1809: // = MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_IRELAND)
		return bSymbolic ? L"LANG_ENGLISH, SUBLANG_ENGLISH_IRELAND"
		                 : L"English (en), Ireland (IE)";
#endif
	case 0x1C09: // = MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_SOUTH_AFRICA)
		return bSymbolic ? L"LANG_ENGLISH, SUBLANG_ENGLISH_SOUTH_AFRICA"
		                 : L"English (en), South Africa (ZA)";
	case 0x2009: // = MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_JAMAICA)
		return bSymbolic ? L"LANG_ENGLISH, SUBLANG_ENGLISH_JAMAICA"
		                 : L"English (en), Jamaica (JM)";
	case 0x2409: // = MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_CARIBBEAN)
		return bSymbolic ? L"LANG_ENGLISH, SUBLANG_ENGLISH_CARIBBEAN"
		                 : L"English (en), Caribbean (029)";
	case 0x2809: // = MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_BELIZE)
		return bSymbolic ? L"LANG_ENGLISH, SUBLANG_ENGLISH_BELIZE"
		                 : L"English (en), Belize (BZ)";
	case 0x2C09: // = MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_TRINIDAD)
		return bSymbolic ? L"LANG_ENGLISH, SUBLANG_ENGLISH_TRINIDAD"
		                 : L"English (en), Trinidad and Tobago (TT)";
	case 0x3009: // = MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_ZIMBABWE)
		return bSymbolic ? L"LANG_ENGLISH, SUBLANG_ENGLISH_ZIMBABWE"
		                 : L"English (en), Zimbabwe (ZW)";
	case 0x3409: // = MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_PHILIPPINES)
		return bSymbolic ? L"LANG_ENGLISH, SUBLANG_ENGLISH_PHILIPPINES"
		                 : L"English (en), Philippines (PH)";
	case 0x3809: // = MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_INDONESIA)
		return bSymbolic ? L"LANG_ENGLISH, SUBLANG_ENGLISH_INDONESIO"
		                 : L"English (en), Indonesia (ID)";
	case 0x3C09: // = MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_HONGKONG)
		return bSymbolic ? L"LANG_ENGLISH, SUBLANG_ENGLISH_HONGKONG"
		                 : L"English (en), Hongkong S.A.R. (HK)";
	case 0x4009: // = MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_INDIA)
		return bSymbolic ? L"LANG_ENGLISH, SUBLANG_ENGLISH_INDIA"
		                 : L"English (en), India (IN)";
	case 0x4409: // = MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_MALAYSIA)
		return bSymbolic ? L"LANG_ENGLISH, SUBLANG_ENGLISH_MALAYSIA"
		                 : L"English (en), Malaysia (MY)";
	case 0x4809: // = MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_SINGAPORE)
		return bSymbolic ? L"LANG_ENGLISH, SUBLANG_ENGLISH_SINGAPORE"
		                 : L"English (en), Singapore (SG)";
	case 0x4C09: // = MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_UAE)
		return bSymbolic ? L"LANG_ENGLISH, SUBLANG_ENGLISH_UAE"
		                 : L"English (en), United Arab Emirates (AE)";
	case 0x5009: // = MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_BAHRAIN)
		return bSymbolic ? L"LANG_ENGLISH, SUBLANG_ENGLISH_BAHRAIN"
		                 : L"English (en), Bahrain (BH)";
	case 0x5409: // = MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_EGYPT)
		return bSymbolic ? L"LANG_ENGLISH, SUBLANG_ENGLISH_EGYPT"
		                 : L"English (en), Egypt (EG)";
	case 0x5809: // = MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_JORDAN)
		return bSymbolic ? L"LANG_ENGLISH, SUBLANG_ENGLISH_JORDAN"
		                 : L"English (en), Jordan (JO)";
	case 0x5C09: // = MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_KUWAIT)
		return bSymbolic ? L"LANG_ENGLISH, SUBLANG_ENGLISH_KUWAIT"
		                 : L"English (en), Kuwait (KW)";
	case 0x6009: // = MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_TURKEY)
		return bSymbolic ? L"LANG_ENGLISH, SUBLANG_ENGLISH_TURKEY"
		                 : L"English (en), Turkey (TR)";
	case 0x6409: // = MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_YEMEN)
		return bSymbolic ? L"LANG_ENGLISH, SUBLANG_ENGLISH_YEMEN"
		                 : L"English (en), Yemen (YE)";

	case 0x000A: // = MAKELANGID(LANG_SPANISH, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_SPANISH, SUBLANG_NEUTRAL"
		                 : L"Spanish (es)";
#if 0
	case 0x040A: // = MAKELANGID(LANG_SPANISH, SUBLANG_SPANISH)
		return bSymbolic ? L"LANG_SPANISH, SUBLANG_SPANISH"
		                 : L"Spanish (es), Spain (ES), Traditional Sort";
#else
	case 0x040A: // = MAKELANGID(LANG_SPANISH, SUBLANG_SPANISH_SPAIN)
		return bSymbolic ? L"LANG_SPANISH, SUBLANG_SPANISH_SPAIN"
		                 : L"Spanish (es), Spain (ES), Traditional Sort";
#endif
	case 0x080A: // = MAKELANGID(LANG_SPANISH, SUBLANG_SPANISH_MEXICAN)
		return bSymbolic ? L"LANG_SPANISH, SUBLANG_SPANISH_MEXICAN"
		                 : L"Spanish (es), Mexico (MX)";
	case 0x0C0A: // = MAKELANGID(LANG_SPANISH, SUBLANG_SPANISH_MODERN)
		return bSymbolic ? L"LANG_SPANISH, SUBLANG_SPANISH_MODERN"
		                 : L"Spanish (es), Spain (ES), Modern Sort";
	case 0x100A: // = MAKELANGID(LANG_SPANISH, SUBLANG_SPANISH_GUATEMALA)
		return bSymbolic ? L"LANG_SPANISH, SUBLANG_SPANISH_GUATEMALA"
		                 : L"Spanish (es), Guatemala (GT)";
	case 0x140A: // = MAKELANGID(LANG_SPANISH, SUBLANG_SPANISH_COSTA_RICA)
		return bSymbolic ? L"LANG_SPANISH, SUBLANG_SPANISH_COSTA_RICA"
		                 : L"Spanish (es), Costa Rica (CR)";
	case 0x180A: // = MAKELANGID(LANG_SPANISH, SUBLANG_SPANISH_PANAMA)
		return bSymbolic ? L"LANG_SPANISH, SUBLANG_SPANISH_PANAMA"
		                 : L"Spanish (es), Panama (PA)";
	case 0x1C0A: // = MAKELANGID(LANG_SPANISH, SUBLANG_SPANISH_DOMINICAN_REPUBLIC)
		return bSymbolic ? L"LANG_SPANISH, SUBLANG_SPANISH_DOMINICAN_REPUBLIC"
		                 : L"Spanish (es), Dominican Republic (DO)";
	case 0x200A: // = MAKELANGID(LANG_SPANISH, SUBLANG_SPANISH_VENEZUELA)
		return bSymbolic ? L"LANG_SPANISH, SUBLANG_SPANISH_VENEZUELA"
		                 : L"Spanish (es), Venezuela (VE)";
	case 0x240A: // = MAKELANGID(LANG_SPANISH, SUBLANG_SPANISH_COLOMBIA)
		return bSymbolic ? L"LANG_SPANISH, SUBLANG_SPANISH_COLOMBIA"
		                 : L"Spanish (es), Colombia (CO)";
	case 0x280A: // = MAKELANGID(LANG_SPANISH, SUBLANG_SPANISH_PERU)
		return bSymbolic ? L"LANG_SPANISH, SUBLANG_SPANISH_PERU"
		                 : L"Spanish (es), Peru (PE)";
	case 0x2C0A: // = MAKELANGID(LANG_SPANISH, SUBLANG_SPANISH_ARGENTINA)
		return bSymbolic ? L"LANG_SPANISH, SUBLANG_SPANISH_ARGENTINA"
		                 : L"Spanish (es), Argentina (AR)";
	case 0x300A: // = MAKELANGID(LANG_SPANISH, SUBLANG_SPANISH_ECUADOR)
		return bSymbolic ? L"LANG_SPANISH, SUBLANG_SPANISH_ECUADOR"
		                 : L"Spanish (es), Ecuador (EC)";
	case 0x340A: // = MAKELANGID(LANG_SPANISH, SUBLANG_SPANISH_CHILE)
		return bSymbolic ? L"LANG_SPANISH, SUBLANG_SPANISH_CHILE"
		                 : L"Spanish (es), Chile (CL)";
	case 0x380A: // = MAKELANGID(LANG_SPANISH, SUBLANG_SPANISH_URUGUAY)
		return bSymbolic ? L"LANG_SPANISH, SUBLANG_SPANISH_URUGUAY"
		                 : L"Spanish (es), Uruguay (UY)";
	case 0x3C0A: // = MAKELANGID(LANG_SPANISH, SUBLANG_SPANISH_PARAGUAY)
		return bSymbolic ? L"LANG_SPANISH, SUBLANG_SPANISH_PARAGUAY"
		                 : L"Spanish (es), Paraguay (PY)";
	case 0x400A: // = MAKELANGID(LANG_SPANISH, SUBLANG_SPANISH_BOLIVIA)
		return bSymbolic ? L"LANG_SPANISH, SUBLANG_SPANISH_BOLIVIA"
		                 : L"Spanish (es), Bolivia (BO)";
	case 0x440A: // = MAKELANGID(LANG_SPANISH, SUBLANG_SPANISH_EL_SALVADOR)
		return bSymbolic ? L"LANG_SPANISH, SUBLANG_SPANISH_EL_SALVADOR"
		                 : L"Spanish (es), El Salvador (SV)";
	case 0x480A: // = MAKELANGID(LANG_SPANISH, SUBLANG_SPANISH_HONDURAS)
		return bSymbolic ? L"LANG_SPANISH, SUBLANG_SPANISH_HONDURAS"
		                 : L"Spanish (es), Honduras (HN)";
	case 0x4C0A: // = MAKELANGID(LANG_SPANISH, SUBLANG_SPANISH_NICARAGUA)
		return bSymbolic ? L"LANG_SPANISH, SUBLANG_SPANISH_NICARAGUA"
		                 : L"Spanish (es), Nicaragua (NI)";
	case 0x500A: // = MAKELANGID(LANG_SPANISH, SUBLANG_SPANISH_PUERTO_RICO)
		return bSymbolic ? L"LANG_SPANISH, SUBLANG_SPANISH_PUERTO_RICO"
		                 : L"Spanish (es), Puerto Rico (PR)";
	case 0x540A: // = MAKELANGID(LANG_SPANISH, SUBLANG_SPANISH_US)
		return bSymbolic ? L"LANG_SPANISH, SUBLANG_SPANISH_US"
		                 : L"Spanish (es), United States (US)";
	case 0x580A: // = MAKELANGID(LANG_SPANISH, SUBLANG_SPANISH_LATIN_AMERICA)
		return bSymbolic ? L"LANG_SPANISH, SUBLANG_SPANISH_LATIN_AMERICA"
		                 : L"Spanish (es), Latin America (419)";
	case 0x5C0A: // = MAKELANGID(LANG_SPANISH, SUBLANG_SPANISH_CUBA)
		return bSymbolic ? L"LANG_SPANISH, SUBLANG_SPANISH_CUBA"
		                 : L"Spanish (es), Cuba (CU)";

	case 0x000B: // = MAKELANGID(LANG_FINNISH, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_FINNISH, SUBLANG_NEUTRAL"
		                 : L"Finnish (fi)";
	case 0x040B: // = MAKELANGID(LANG_FINNISH, SUBLANG_FINNISH_FINLAND)
		return bSymbolic ? L"LANG_FINNISH, SUBLANG_FINNISH_FINLAND"
		                 : L"Finnish (fi), Finland (FI)";

	case 0x000C: // = MAKELANGID(LANG_FRENCH, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_FRENCH, SUBLANG_NEUTRAL"
		                 : L"French (fr)";
#if 0
	case 0x040C: // = MAKELANGID(LANG_FRENCH, SUBLANG_FRENCH)
		return bSymbolic ? L"LANG_FRENCH, SUBLANG_FRENCH"
		                 : L"French (fr), France (FR)";
#else
	case 0x040C: // = MAKELANGID(LANG_FRENCH, SUBLANG_FRENCH_FRANCE)
		return bSymbolic ? L"LANG_FRENCH, SUBLANG_FRENCH_FRANCE"
		                 : L"French (fr), France (FR)";
#endif
	case 0x080C: // = MAKELANGID(LANG_FRENCH, SUBLANG_FRENCH_BELGIAN)
		return bSymbolic ? L"LANG_FRENCH, SUBLANG_FRENCH_BELGIAN"
		                 : L"French (fr), Belgium (BE)";
	case 0x0C0C: // = MAKELANGID(LANG_FRENCH, SUBLANG_FRENCH_CANADIAN)
		return bSymbolic ? L"LANG_FRENCH, SUBLANG_FRENCH_CANADIAN"
		                 : L"French (fr), Canada (CA)";
	case 0x100C: // = MAKELANGID(LANG_FRENCH, SUBLANG_FRENCH_SWISS)
		return bSymbolic ? L"LANG_FRENCH, SUBLANG_FRENCH_SWISS"
		                 : L"French (fr), Switzerland (CH)";
	case 0x140C: // = MAKELANGID(LANG_FRENCH, SUBLANG_FRENCH_LUXEMBOURG)
		return bSymbolic ? L"LANG_FRENCH, SUBLANG_FRENCH_LUXEMBOURG"
		                 : L"French (fr), Luxembourg (LU)";
	case 0x180C: // = MAKELANGID(LANG_FRENCH, SUBLANG_FRENCH_MONACO)
		return bSymbolic ? L"LANG_FRENCH, SUBLANG_FRENCH_MONACO"
		                 : L"French (fr), Monaco (MC)";
#if 0
	case 0x1C0C: // = MAKELANGID(LANG_FRENCH, SUBLANG_FRENCH_WEST_INDIES)
		return bSymbolic ? L"LANG_FRENCH, SUBLANG_FRENCH_WEST_INDIES"
		                 : L"French (fr), West Indies (WI)";
#else
	case 0x1C0C: // = MAKELANGID(LANG_FRENCH, SUBLANG_FRENCH_CARIBBEAN)
		return bSymbolic ? L"LANG_FRENCH, SUBLANG_FRENCH_CARIBBEAN"
		                 : L"French (fr), Caribbean (029)";
#endif
	case 0x200C: // = MAKELANGID(LANG_FRENCH, SUBLANG_FRENCH_REUNION)
		return bSymbolic ? L"LANG_FRENCH, SUBLANG_FRENCH_REUNION"
		                 : L"French (fr), Reunion (RE)";
	case 0x240C: // = MAKELANGID(LANG_FRENCH, SUBLANG_FRENCH_CONGO)
		return bSymbolic ? L"LANG_FRENCH, SUBLANG_FRENCH_CONGO"
		                 : L"French (fr), Congo (CD)";
	case 0x280C: // = MAKELANGID(LANG_FRENCH, SUBLANG_FRENCH_SENEGAL)
		return bSymbolic ? L"LANG_FRENCH, SUBLANG_FRENCH_SENEGAL"
		                 : L"French (fr), Senegal (SN)";
	case 0x2C0C: // = MAKELANGID(LANG_FRENCH, SUBLANG_FRENCH_CAMEROON)
		return bSymbolic ? L"LANG_FRENCH, SUBLANG_FRENCH_CAMEROON"
		                 : L"French (fr), Cameroon (CM)";
	case 0x300C: // = MAKELANGID(LANG_FRENCH, SUBLANG_FRENCH_COTE_DE_IVOIRE)
		return bSymbolic ? L"LANG_FRENCH, SUBLANG_FRENCH_COTE_DE_IVOIRE"
		                 : L"French (fr), Côte d’Ivoire (CI)";
	case 0x340C: // = MAKELANGID(LANG_FRENCH, SUBLANG_FRENCH_MALI)
		return bSymbolic ? L"LANG_FRENCH, SUBLANG_FRENCH_MALI"
		                 : L"French (fr), Mali (ML)";
	case 0x380C: // = MAKELANGID(LANG_FRENCH, SUBLANG_FRENCH_MOROCCO)
		return bSymbolic ? L"LANG_FRENCH, SUBLANG_FRENCH_MORROCO"
		                 : L"French (fr), Morroco (MA)";
	case 0x3C0C: // = MAKELANGID(LANG_FRENCH, SUBLANG_FRENCH_HAITI)
		return bSymbolic ? L"LANG_FRENCH, SUBLANG_FRENCH_HAITI"
		                 : L"French (fr), Haiti (HT)";
#if 0
	case 0xE40C: // = MAKELANGID(LANG_FRENCH, SUBLANG_FRENCH_NORTH_AFRICA)
		return bSymbolic ? L"LANG_FRENCH, SUBLANG_FRENCH_NORTH_AFRICA"
		                 : L"French (fr), North Africa (015)";
#endif
	case 0x000D: // = MAKELANGID(LANG_HEBREW, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_HEBREW, SUBLANG_NEUTRAL"
		                 : L"Hebrew (he)";
	case 0x040D: // = MAKELANGID(LANG_HEBREW, SUBLANG_HEBREW_ISRAEL)
		return bSymbolic ? L"LANG_HEBREW, SUBLANG_HEBREW_ISRAEL"
		                 : L"Hebrew (he), Israel (IL)";

	case 0x000E: // = MAKELANGID(LANG_HUNGARIAN, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_HUNGARIAN, SUBLANG_NEUTRAL"
		                 : L"Hungarian (hu)";
	case 0x040E: // = MAKELANGID(LANG_HUNGARIAN, SUBLANG_HUNGARIAN_HUNGARY)
		return bSymbolic ? L"LANG_HUNGARIAN, SUBLANG_HUNGARIAN_HUNGARY"
		                 : L"Hungarian (hu), Hungary (HU)";

	case 0x000F: // = MAKELANGID(LANG_ICELANDIC, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_ICELANDIC, SUBLANG_NEUTRAL"
		                 : L"Icelandic (is)";
	case 0x040F: // = MAKELANGID(LANG_ICELANDIC, SUBLANG_ICELANDIC_ICELAND)
		return bSymbolic ? L"LANG_ICELANDIC, SUBLANG_ICELANDIC_ICELAND"
		                 : L"Icelandic (is), Iceland (IS)";

	case 0x0010: // = MAKELANGID(LANG_ITALIAN, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_ITALIAN, SUBLANG_NEUTRAL"
		                 : L"Italian (it)";
#if 0
	case 0x0410: // = MAKELANGID(LANG_ITALIAN, SUBLANG_ITALIAN)
		return bSymbolic ? L"LANG_ITALIAN, SUBLANG_ITALIAN"
		                 : L"Italian (it), Italy (IT)";
#else
	case 0x0410: // = MAKELANGID(LANG_ITALIAN, SUBLANG_ITALIAN_ITALY)
		return bSymbolic ? L"LANG_ITALIAN, SUBLANG_ITALIAN_ITALY"
		                 : L"Italian (it), Italy (IT)";
#endif
	case 0x0810: // = MAKELANGID(LANG_ITALIAN, SUBLANG_ITALIAN_SWISS)
		return bSymbolic ? L"LANG_ITALIAN, SUBLANG_ITALIAN_SWISS"
		                 : L"Italian (it), Switzerland (CH)";

	case 0x0011: // = MAKELANGID(LANG_JAPANESE, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_JAPANESE, SUBLANG_NEUTRAL"
		                 : L"Japanese (ja)";
	case 0x0411: // = MAKELANGID(LANG_JAPANESE, SUBLANG_JAPANESE_JAPAN)
		return bSymbolic ? L"LANG_JAPANESE, SUBLANG_JAPANESE_JAPAN"
		                 : L"Japanese (ja), Japan (JP)";
	case 0x0811: // = MAKELANGID(LANG_JAPANESE, SUBLANG_JAPANESE_PSEUDO_JAPAN)
		return bSymbolic ? L"LANG_JAPANESE, SUBLANG_JAPANESE_PSEUDO_JAPAN"
		                 : L"Japanese (ja), Pseudo locale (Ploc), Japan (JP)";

	case 0x0012: // = MAKELANGID(LANG_KOREAN, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_KOREAN, SUBLANG_NEUTRAL"
		                 : L"Korean (ko)";
#if 0
	case 0x0412: // = MAKELANGID(LANG_KOREAN, SUBLANG_KOREAN)
		return bSymbolic ? L"LANG_KOREAN, SUBLANG_KOREAN"
		                 : L"Korean (ko), Korea (KR)";
#else
	case 0x0412: // = MAKELANGID(LANG_KOREAN, SUBLANG_KOREAN_KOREA)
		return bSymbolic ? L"LANG_KOREAN, SUBLANG_KOREAN_KOREA"
		                 : L"Korean (ko), Korea (KR)";
#endif
	case 0x0013: // = MAKELANGID(LANG_DUTCH, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_DUTCH, SUBLANG_NEUTRAL"
		                 : L"Dutch (nl)";
#if 0
	case 0x0413: // = MAKELANGID(LANG_DUTCH, SUBLANG_DUTCH)
		return bSymbolic ? L"LANG_DUTCH, SUBLANG_DUTCH"
		                 : L"Dutch (nl), Netherlands (NL)";
#else
	case 0x0413: // = MAKELANGID(LANG_DUTCH, SUBLANG_DUTCH_NETHERLANDS)
		return bSymbolic ? L"LANG_DUTCH, SUBLANG_DUTCH_NETHERLANDS"
		                 : L"Dutch (nl), Netherlands (NL)";
#endif
	case 0x0813: // = MAKELANGID(LANG_DUTCH, SUBLANG_DUTCH_BELGIAN)
		return bSymbolic ? L"LANG_DUTCH, SUBLANG_DUTCH_BELGIAN"
		                 : L"Dutch (nl), Belgium (BE)";

	case 0x0014: // = MAKELANGID(LANG_NORWEGIAN, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_NORWEGIAN, SUBLANG_NEUTRAL"
		                 : L"Norwegian (no)";
	case 0x0414: // = MAKELANGID(LANG_NORWEGIAN, SUBLANG_NORWEGIAN_BOKMAL)
		return bSymbolic ? L"LANG_NORWEGIAN, SUBLANG_NORWEGIAN_BOKMAL"
		                 : L"Bokmål (nb), Norway (NO)";
	case 0x0814: // = MAKELANGID(LANG_NORWEGIAN, SUBLANG_NORWEGIAN_NYNORSK)
		return bSymbolic ? L"LANG_NORWEGIAN, SUBLANG_NORWEGIAN_NYNORSK"
		                 : L"Nynorsk (nn), Norway (NO)";
	case 0x7814: // = MAKELANGID(LANG_NORWEGIAN, SUBLANG_NYNORSK)
		return bSymbolic ? L"LANG_NORWEGIAN, SUBLANG_NYNORSK"
		                 : L"Nynorsk (nn)";
	case 0x7C14: // = MAKELANGID(LANG_NORWEGIAN, SUBLANG_BOKMAL)
		return bSymbolic ? L"LANG_NORWEGIAN, SUBLANG_BOKMAL"
		                 : L"Bokmål (nb)";

	case 0x0015: // = MAKELANGID(LANG_POLISH, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_POLISH, SUBLANG_NEUTRAL"
		                 : L"Polish (pl)";
	case 0x0415: // = MAKELANGID(LANG_POLISH, SUBLANG_POLISH_POLAND)
		return bSymbolic ? L"LANG_POLISH, SUBLANG_POLISH_POLAND"
		                 : L"Polish (pl), Poland (PL)";

	case 0x0016: // = MAKELANGID(LANG_PORTUGUESE, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_PORTUGUESE, SUBLANG_NEUTRAL"
		                 : L"Portuguese (pt)";
	case 0x0416: // = MAKELANGID(LANG_PORTUGUESE, SUBLANG_PORTUGUESE_BRAZILIAN)
		return bSymbolic ? L"LANG_PORTUGUESE, SUBLANG_PORTUGUESE_BRAZILIAN"
		                 : L"Portuguese (pt), Brazil (BR)";
#if 0
	case 0x0816: // = MAKELANGID(LANG_PORTUGUESE, SUBLANG_PORTUGUESE)
		return bSymbolic ? L"LANG_PORTUGUESE, SUBLANG_PORTUGUESE"
		                 : L"Portuguese (pt), Portugal (PT)";
#else
	case 0x0816: // = MAKELANGID(LANG_PORTUGUESE, SUBLANG_PORTUGUESE_PORTUGAL)
		return bSymbolic ? L"LANG_PORTUGUESE, SUBLANG_PORTUGUESE_PORTUGAL"
		                 : L"Portuguese (pt), Portugal (PT)";
#endif
	case 0x0017: // = MAKELANGID(LANG_ROMANSH, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_ROMANSH, SUBLANG_NEUTRAL"
		                 : L"Romansh (rm)";
	case 0x0417: // = MAKELANGID(LANG_ROMANSH, SUBLANG_ROMANSH_SWITZERLAND)
		return bSymbolic ? L"LANG_ROMANSH, SUBLANG_ROMANSH_SWITZERLAND"
		                 : L"Romansh (rm), Switzerland (CH)";

	case 0x0018: // = MAKELANGID(LANG_ROMANIAN, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_ROMANIAN, SUBLANG_NEUTRAL"
		                 : L"Romanian (ro)";
	case 0x0418: // = MAKELANGID(LANG_ROMANIAN, SUBLANG_ROMANIAN_ROMANIA)
		return bSymbolic ? L"LANG_ROMANIAN, SUBLANG_ROMANIAN_ROMANIA"
		                 : L"Romanian (ro), Romania (RO)";
	case 0x0818: // = MAKELANGID(LANG_ROMANIAN, SUBLANG_ROMANIAN_MOLDAVIA)
		return bSymbolic ? L"LANG_ROMANIAN, SUBLANG_ROMANIAN_MOLDAVIA"
		                 : L"Romanian (ro), Moldova (MD)";

	case 0x0019: // = MAKELANGID(LANG_RUSSIAN, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_RUSSIAN, SUBLANG_NEUTRAL"
		                 : L"Russian (ru)";
	case 0x0419: // = MAKELANGID(LANG_RUSSIAN, SUBLANG_RUSSIAN_RUSSIA)
		return bSymbolic ? L"LANG_RUSSIAN, SUBLANG_RUSSIAN_RUSSIA"
		                 : L"Russian (ru), Russia (RU)";
	case 0x0819: // = MAKELANGID(LANG_RUSSIAN, SUBLANG_RUSSIAN_MOLDAVIA)
		return bSymbolic ? L"LANG_RUSSIAN, SUBLANG_RUSSIAN_MOLDAVIA"
		                 : L"Russian (ru), Moldova (MD)";

	case 0x001A: // = MAKELANGID(LANG_CROATIAN, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_CROATIAN, SUBLANG_NEUTRAL"
		                 : L"Croatian (hr)";
	case 0x041A: // = MAKELANGID(LANG_CROATIAN, SUBLANG_CROATIAN_CROATIA)
		return bSymbolic ? L"LANG_CROATIAN, SUBLANG_CROATIAN_CROATIA"
		                 : L"Croatian (hr), Croatia (HR)";
	case 0x081A: // = MAKELANGID(LANG_SERBIAN, SUBLANG_SERBIAN_LATIN)
		return bSymbolic ? L"LANG_SERBIAN, SUBLANG_SERBIAN_LATIN"
		                 : L"Serbian (sr), Latin (Latn), Serbia and Montenegro, Former (CS)";
	case 0x0C1A: // = MAKELANGID(LANG_SERBIAN, SUBLANG_SERBIAN_CYRILLIC)
		return bSymbolic ? L"LANG_SERBIAN, SUBLANG_SERBIAN_CYRILLIC"
		                 : L"Serbian (sr), Cyrillic (Cyrl), Serbia and Montenegro, Former (CS)";
	case 0x101A: // = MAKELANGID(LANG_CROATIAN, SUBLANG_CROATIAN_BOSNIA_HERZEGOVINA_LATIN)
		return bSymbolic ? L"LANG_CROATIAN, SUBLANG_CROATIAN_BOSNIA_HERZEGOVINA_LATIN"
		                 : L"Croatian (hr), Latin (Latn), Bosnia and Herzegovina (BA)";
	case 0x141A: // = MAKELANGID(LANG_BOSNIAN, SUBLANG_BOSNIAN_BOSNIA_HERZEGOVINA_LATIN)
		return bSymbolic ? L"LANG_BOSNIAN, SUBLANG_BOSNIAN_BOSNIA_HERZEGOVINA_LATIN"
		                 : L"Bosnian (bs), Latin (Latn), Bosnia and Herzegovina (BA)";
	case 0x181A: // = MAKELANGID(LANG_SERBIAN, SUBLANG_SERBIAN_BOSNIA_HERZEGOVINA_LATIN)
		return bSymbolic ? L"LANG_SERBIAN, SUBLANG_SERBIAN_BOSNIA_HERZEGOVINA_LATIN"
		                 : L"Serbian (sr), Latin (Latn), Bosnia and Herzegovina (BA)";
	case 0x1C1A: // = MAKELANGID(LANG_SERBIAN, SUBLANG_SERBIAN_BOSNIA_HERZEGOVINA_CYRILLIC)
		return bSymbolic ? L"LANG_SERBIAN, SUBLANG_SERBIAN_BOSNIA_HERZEGOVINA_CYRILLIC"
		                 : L"Serbian (sr), Cyrillic (Cyrl), Bosnia and Herzegovina (BA)";
	case 0x201A: // = MAKELANGID(LANG_BOSNIAN, SUBLANG_BOSNIAN_BOSNIA_HERZEGOVINA_CYRILLIC)
		return bSymbolic ? L"LANG_BOSNIAN, SUBLANG_BOSNIAN_BOSNIA_HERZEGOVINA_CYRILLIC"
		                 : L"Bosnian (bs), Cyrillic (Cyrl), Bosnia and Herzegovina (BA)";
	case 0x241A: // = MAKELANGID(LANG_SERBIAN, SUBLANG_SERBIAN_SERBIA_LATIN)
		return bSymbolic ? L"LANG_SERBIAN, SUBLANG_SERBIAN_SERBIA_LATIN"
		                 : L"Serbian (sr), Latin (Latn), Serbia (RS)";
	case 0x281A: // = MAKELANGID(LANG_SERBIAN, SUBLANG_SERBIAN_SERBIA_CYRILLIC)
		return bSymbolic ? L"LANG_SERBIAN, SUBLANG_SERBIAN_SERBIA_CYRILLIC"
		                 : L"Serbian (sr), Cyrillic (Cyrl), Serbia (RS)";
	case 0x2C1A: // = MAKELANGID(LANG_SERBIAN, SUBLANG_SERBIAN_MONTENEGRO_LATIN)
		return bSymbolic ? L"LANG_SERBIAN, SUBLANG_SERBIAN_MONTENEGRO_LATIN"
		                 : L"Serbian (sr), Latin (Latn), Montenegro (ME)";
	case 0x301A: // = MAKELANGID(LANG_SERBIAN, SUBLANG_SERBIAN_MONTENEGRO_CYRILLIC)
		return bSymbolic ? L"LANG_SERBIAN, SUBLANG_SERBIAN_MONTENEGRO_CYRILLIC"
		                 : L"Serbian (sr), Cyrillic (Cyrl), Montenegro (ME)";
	case 0x641A: // = MAKELANGID(LANG_BOSNIAN, SUBLANG_BOSNIAN_CYRILLIC)
		return bSymbolic ? L"LANG_BOSNIAN, SUBLANG_BOSNIAN_CYRILLIC"
		                 : L"Bosnian (bs), Cyrillic (Cyrl)";
	case 0x681A: // = MAKELANGID(LANG_BOSNIAN, SUBLANG_BOSNIAN_LATIN)
		return bSymbolic ? L"LANG_BOSNIAN, SUBLANG_BOSNIAN_LATIN"
		                 : L"Bosnian (bs), Latin (Latn)";
	case 0x6C1A: // = MAKELANGID(LANG_SERBIAN, SUBLANG_SERBIAN_CYRILLIC)
		return bSymbolic ? L"LANG_SERBIAN, SUBLANG_SERBIAN_CYRILLIC"
		                 : L"Serbian (sr), Cyrillic (Cyrl)";
	case 0x701A: // = MAKELANGID(LANG_SERBIAN, SUBLANG_SERBIAN_LATIN)
		return bSymbolic ? L"LANG_SERBIAN, SUBLANG_SERBIAN_LATIN"
		                 : L"Serbian (sr), Latin (Latn)";
	case 0x741A: // = MAKELANGID(LANG_SERBIAN, SUBLANG_SERBIAN_CROATIA)
		return bSymbolic ? L"LANG_SERBIAN, SUBLANG_SERBIAN_CROATIA"
		                 : L"Serbian (sr), Croatia (HR)";
	case 0x781A: // = MAKELANGID(LANG_BOSNIAN, SUBLANG_BOSNIAN) = LANG_BOSNIAN_NEUTRAL
		return bSymbolic ? L"LANG_BOSNIAN, SUBLANG_BOSNIAN"
		                 : L"Bosnian (bs)";
	case 0x7C1A: // = MAKELANGID(LANG_SERBIAN, SUBLANG_SERBIAN) = LANG_SERBIAN_NEUTRAL
		return bSymbolic ? L"LANG_SERBIAN, SUBLANG_SERBIAN"
		                 : L"Serbian (sr)";

	case 0x001B: // = MAKELANGID(LANG_SLOVAK, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_SLOVAK, SUBLANG_NEUTRAL"
		                 : L"Slovak (sk)";
	case 0x041B: // = MAKELANGID(LANG_SLOVAK, SUBLANG_SLOVAK_SLOVAKIA)
		return bSymbolic ? L"LANG_SLOVAK, SUBLANG_SLOVAK_SLOVAKIA"
		                 : L"Slovak (sk), Slovakia (SK)";

	case 0x001C: // = MAKELANGID(LANG_ALBANIAN, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_ALBANIAN, SUBLANG_NEUTRAL"
		                 : L"Albanian (sq)";
	case 0x041C: // = MAKELANGID(LANG_ALBANIAN, SUBLANG_ALBANIAN_ALBANIA)
		return bSymbolic ? L"LANG_ALBANIAN, SUBLANG_ALBANIAN_ALBANIA"
		                 : L"Albanian (sq), Albania (AL)";

	case 0x001D: // = MAKELANGID(LANG_SWEDISH, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_SWEDISH, SUBLANG_NEUTRAL"
		                 : L"Swedish (sv)";
#if 0
	case 0x041D: // = MAKELANGID(LANG_SWEDISH, SUBLANG_SWEDISH)
		return bSymbolic ? L"LANG_SWEDISH, SUBLANG_SWEDISH"
		                 : L"Swedish (sv), Sweden (SE)";
#else
	case 0x041D: // = MAKELANGID(LANG_SWEDISH, SUBLANG_SWEDISH_SWEDEN)
		return bSymbolic ? L"LANG_SWEDISH, SUBLANG_SWEDISH_SWEDEN"
		                 : L"Swedish (sv), Sweden (SE)";
#endif
	case 0x081D: // = MAKELANGID(LANG_SWEDISH, SUBLANG_SWEDISH_FINLAND)
		return bSymbolic ? L"LANG_SWEDISH, SUBLANG_SWEDISH_FINLAND"
		                 : L"Swedish (sv), Finland (FI)";

	case 0x001E: // = MAKELANGID(LANG_THAI, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_THAI, SUBLANG_NEUTRAL"
		                 : L"Thai (th)";
	case 0x041E: // = MAKELANGID(LANG_THAI, SUBLANG_THAI_THAILAND)
		return bSymbolic ? L"LANG_THAI, SUBLANG_THAI_THAILAND"
		                 : L"Thai (th), Thailand (TH)";

	case 0x001F: // = MAKELANGID(LANG_TURKISH, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_TURKISH, SUBLANG_NEUTRAL"
		                 : L"Turkish (tr)";
	case 0x041F: // = MAKELANGID(LANG_TURKISH, SUBLANG_TURKISH_TURKEY)
		return bSymbolic ? L"LANG_TURKISH, SUBLANG_TURKISH_TURKEY"
		                 : L"Turkish (tr), Turkey (TR)";

	case 0x0020: // = MAKELANGID(LANG_URDU, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_URDU, SUBLANG_NEUTRAL"
		                 : L"Urdu (ur)";
	case 0x0420: // = MAKELANGID(LANG_URDU, SUBLANG_URDU_PAKISTAN)
		return bSymbolic ? L"LANG_URDU, SUBLANG_URDU_PAKISTAN"
		                 : L"Urdu (ur), Pakistan (PK)";
	case 0x0820: // = MAKELANGID(LANG_URDU, SUBLANG_URDU_INDIA)
		return bSymbolic ? L"LANG_URDU, SUBLANG_URDU_INDIA"
		                 : L"Urdu (ur), India (IN)";

	case 0x0021: // = MAKELANGID(LANG_INDONESIAN, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_INDONESIAN, SUBLANG_NEUTRAL"
		                 : L"Indonesian (id)";
	case 0x0421: // = MAKELANGID(LANG_INDONESIAN, SUBLANG_INDONESIAN_INDONESIA)
		return bSymbolic ? L"LANG_INDONESIAN, SUBLANG_INDONESIAN_INDONESIA"
		                 : L"Indonesian (id), Indonesia (ID)";

	case 0x0022: // = MAKELANGID(LANG_UKRAINIAN, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_UKRAINIAN, SUBLANG_NEUTRAL"
		                 : L"Ukrainian (uk)";
	case 0x0422: // = MAKELANGID(LANG_UKRAINIAN, SUBLANG_UKRAINIAN_UKRAINE)
		return bSymbolic ? L"LANG_UKRAINIAN, SUBLANG_UKRAINIAN_UKRAINE"
		                 : L"Ukrainian (uk), Ukraine (UA)";

	case 0x0023: // = MAKELANGID(LANG_BELARUSIAN, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_BELARUSIAN, SUBLANG_NEUTRAL"
		                 : L"Belarusian (be)";
	case 0x0423: // = MAKELANGID(LANG_BELARUSIAN, SUBLANG_BELARUSIAN_BELARUS)
		return bSymbolic ? L"LANG_BELARUSIAN, SUBLANG_BELARUSIAN_BELARUS"
		                 : L"Belarusian (be), Belarus (BY)";

	case 0x0024: // = MAKELANGID(LANG_SLOVENIAN, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_SLOVENIAN, SUBLANG_NEUTRAL"
		                 : L"Slovenian (sl)";
	case 0x0424: // = MAKELANGID(LANG_SLOVENIAN, SUBLANG_SLOVENIAN_SLOVENIA)
		return bSymbolic ? L"LANG_SLOVENIAN, SUBLANG_SLOVENIAN_SLOVENIA"
		                 : L"Slovenian (sl), Slovenia (SI)";

	case 0x0025: // = MAKELANGID(LANG_ESTONIAN, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_ESTONIAN, SUBLANG_NEUTRAL"
		                 : L"Estonian (et)";
	case 0x0425: // = MAKELANGID(LANG_ESTONIAN, SUBLANG_ESTONIAN_ESTONIA)
		return bSymbolic ? L"LANG_ESTONIAN, SUBLANG_ESTONIAN_ESTONIA"
		                 : L"Estonian (et), Estonia (EE)";

	case 0x0026: // = MAKELANGID(LANG_LATVIAN, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_LATVIAN, SUBLANG_NEUTRAL"
		                 : L"Latvian (lv)";
	case 0x0426: // = MAKELANGID(LANG_LATVIAN, SUBLANG_LATVIAN_LATVIA)
		return bSymbolic ? L"LANG_LATVIAN, SUBLANG_LATVIAN_LATVIA"
		                 : L"Latvian (lv), Latvia (LV)";

	case 0x0027: // = MAKELANGID(LANG_LITHUANIAN, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_LITHUANIAN, SUBLANG_NEUTRAL"
		                 : L"Lithuanian (lt)";
	case 0x0427: // = MAKELANGID(LANG_LITHUANIAN, SUBLANG_LITHUANIAN_LITHUANIA)
		return bSymbolic ? L"LANG_LITHUANIAN, SUBLANG_LITHUANIAN_LITHUANIA"
		                 : L"Lithuanian (lt), Lithuania (LT)";

	case 0x0028: // = MAKELANGID(LANG_TAJIK, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_TAJIK, SUBLANG_NEUTRAL"
		                 : L"Tajik (tg)";
	case 0x0428: // = MAKELANGID(LANG_TAJIK, SUBLANG_TAJIK_TAJIKISTAN)
		return bSymbolic ? L"LANG_TAJIK, SUBLANG_TAJIK_TAJIKISTAN"
		                 : L"Tajik (tg), Cyrillic (Cyrl), Tajikistan (TJ)";
	case 0x7C28: // = MAKELANGID(LANG_TAJIK, SUBLANG_TAJIK_CYRILLIC)
		return bSymbolic ? L"LANG_TAJIK, SUBLANG_TAJIK_CYRILLIC"
		                 : L"Tajik (tg), Cyrillic (Cyrl)";
#if 0
	case 0x0029: // = MAKELANGID(LANG_FARSI, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_FARSI, SUBLANG_NEUTRAL"
		                 : L"Farsi (fa)";
	case 0x0429: // = MAKELANGID(LANG_FARSI, SUBLANG_FARSI_IRAN)
		return bSymbolic ? L"LANG_FARSI, SUBLANG_FARSI_IRAN"
		                 : L"Farsi (fa), Iran (IR)";
#else
	case 0x0029: // = MAKELANGID(LANG_PERSIAN, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_PERSIAN, SUBLANG_NEUTRAL"
		                 : L"Persian (fa)";
	case 0x0429: // = MAKELANGID(LANG_PERSIAN, SUBLANG_PERSIAN_IRAN)
		return bSymbolic ? L"LANG_PERSIAN, SUBLANG_PERSIAN_IRAN"
		                 : L"Persian (fa), Iran (IR)";
#endif
	case 0x002A: // = MAKELANGID(LANG_VIETNAMESE, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_VIETNAMESE, SUBLANG_NEUTRAL"
		                 : L"Vietnamese (vi)";
	case 0x042A: // = MAKELANGID(LANG_VIETNAMESE, SUBLANG_VIETNAMESE_VIETNAM)
		return bSymbolic ? L"LANG_VIETNAMESE, SUBLANG_VIETNAMESE_VIETNAM"
		                 : L"Vietnamese (vi), Vietnam (VN)";

	case 0x002B: // = MAKELANGID(LANG_ARMENIAN, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_ARMENIAN, SUBLANG_NEUTRAL"
		                 : L"Armenian (hy)";
	case 0x042B: // = MAKELANGID(LANG_ARMENIAN, SUBLANG_ARMENIAN_ARMENIA)
		return bSymbolic ? L"LANG_ARMENIAN, SUBLANG_ARMENIAN_ARMENIA"
		                 : L"Armenian (hy), Armenia (AM)";
#if 0
	case 0x002C: // = MAKELANGID(LANG_AZERI, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_AZERI, SUBLANG_NEUTRAL"
		                 : L"Azeri (az)";
	case 0x042C: // = MAKELANGID(LANG_AZERI, SUBLANG_AZERI_AZERBAIJAN_LATIN)
		return bSymbolic ? L"LANG_AZERI, SUBLANG_AZERI_AZERBAIJAN_LATIN"
		                 : L"Azeri (az), Latin (Latn), Azerbaijan (AZ)";
	case 0x082C: // = MAKELANGID(LANG_AZERI, SUBLANG_AZERI_AZERBAIJAN_CYRILLIC)
		return bSymbolic ? L"LANG_AZERI, SUBLANG_AZERI_AZERBAIJAN_CYRILLIC"
		                 : L"Azeri (az), Cyrillic (Cyrl), Azerbaijan (AZ)";
	case 0x742C: // = MAKELANGID(LANG_AZERI, SUBLANG_AZERI_CYRILLIC)
		return bSymbolic ? L"LANG_AZERI, SUBLANG_AZERI_CYRILLIC"
		                 : L"Azeri (az), Cyrillic (Cyrl)";
	case 0x782C: // = MAKELANGID(LANG_AZERI, SUBLANG_AZERI_LATIN)
		return bSymbolic ? L"LANG_AZERI, SUBLANG_AZERI_LATIN"
		                 : L"Azeri (az), Latin (Latn)";
#else
	case 0x002C: // = MAKELANGID(LANG_AZERBAIJANI, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_AZERBAIJANI, SUBLANG_NEUTRAL"
		                 : L"Azerbaijani (az)";
	case 0x042C: // = MAKELANGID(LANG_AZERBAIJANI, SUBLANG_AZERBAIJANI_AZERBAIJAN_LATIN)
		return bSymbolic ? L"LANG_AZERBAIJANI, SUBLANG_AZERBAIJANI_AZERBAIJAN_LATIN"
		                 : L"Azerbaijani (az), Latin (Latn), Azerbaijan (AZ)";
	case 0x082C: // = MAKELANGID(LANG_AZERBAIJANI, SUBLANG_AZERBAIJANI_AZERBAIJAN_CYRILLIC)
		return bSymbolic ? L"LANG_AZERBAIJANI, SUBLANG_AZERBAIJANI_AZERBAIJAN_CYRILLIC"
		                 : L"Azerbaijani (az), Cyrillic (Cyrl), Azerbaijan (AZ)";
	case 0x742C: // = MAKELANGID(LANG_AZERBAIJANI, SUBLANG_AZERBAIJANI_CYRILLIC)
		return bSymbolic ? L"LANG_AZERBAIJANI, SUBLANG_AZERBAIJANI_CYRILLIC"
		                 : L"Azerbaijani (az), Cyrillic (Cyrl)";
	case 0x782C: // = MAKELANGID(LANG_AZERBAIJANI, SUBLANG_AZERBAIJANI_LATIN)
		return bSymbolic ? L"LANG_AZERBAIJANI, SUBLANG_AZERBAIJANI_LATIN"
		                 : L"Azerbaijani (az), Latin (Latn)";
#endif
	case 0x002D: // = MAKELANGID(LANG_BASQUE, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_BASQUE, SUBLANG_NEUTRAL"
		                 : L"Basque (eu)";
#if 0
	case 0x042D: // = MAKELANGID(LANG_BASQUE, SUBLANG_BASQUE_BASQUE)
		return bSymbolic ? L"LANG_BASQUE, SUBLANG_BASQUE_BASQUE"
		                 : L"Basque (eu), Basque (ES)";
#else
	case 0x042D: // = MAKELANGID(LANG_BASQUE, SUBLANG_BASQUE_SPAIN)
		return bSymbolic ? L"LANG_BASQUE, SUBLANG_BASQUE_SPAIN"
		                 : L"Basque (eu), Spain (ES)";
#endif
	case 0x002E: // = MAKELANGID(LANG_UPPER_SORBIAN, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_UPPER_SORBIAN, SUBLANG_NEUTRAL"
		                 : L"Upper Sorbian (hsb)";
	case 0x042E: // = MAKELANGID(LANG_UPPER_SORBIAN, SUBLANG_UPPER_SORBIAN_GERMANY)
		return bSymbolic ? L"LANG_UPPER_SORBIAN, SUBLANG_UPPER_SORBIAN_GERMANY"
		                 : L"Upper Sorbian (hsb), Germany (DE)";
	case 0x082E: // = MAKELANGID(LANG_LOWER_SORBIAN, SUBLANG_LOWER_SORBIAN_GERMANY)
		return bSymbolic ? L"LANG_LOWER_SORBIAN, SUBLANG_LOWER_SORBIAN_GERMANY"
		                 : L"Lower Sorbian (dsb), Germany (DE)";
	case 0x7C2E: // = MAKELANGID(LANG_LOWER_SORBIAN, SUBLANG_LOWER_SORBIAN)
		return bSymbolic ? L"LANG_LOWER_SORBIAN, SUBLANG_LOWER_SORBIAN"
		                 : L"Lower Sorbian (dsb)";

	case 0x002F: // = MAKELANGID(LANG_MACEDONIAN, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_MACEDONIAN, SUBLANG_NEUTRAL"
		                 : L"Macedonian (mk)";
	case 0x042F: // = MAKELANGID(LANG_MACEDONIAN, SUBLANG_MACEDONIAN_MACEDONIA)
		return bSymbolic ? L"LANG_MACEDONIAN, SUBLANG_MACEDONIAN_MACEDONIA"
		                 : L"Macedonian (mk), Macedonia, FYROM (MK)";
#if 0
	case 0x0030: // = MAKELANGID(LANG_SUTU, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_SUTU, SUBLANG_NEUTRAL"
		                 : L"Sutu (st)";
	case 0x0430: // = MAKELANGID(LANG_SUTU, SUBLANG_SUTU_SOUTH_AFRICA)
		return bSymbolic ? L"LANG_SUTU, SUBLANG_SUTU_SOUTH_AFRICA"
		                 : L"Sutu (st), South Africa (ZA)";
	case 0x0830: // = MAKELANGID(LANG_SUTU, SUBLANG_SUTU_BOTSWANA)
		return bSymbolic ? L"LANG_SUTU, SUBLANG_SUTU_BOTSWANA"
		                 : L"Sutu (st), Botswana (BW)";
#else
	case 0x0030: // = MAKELANGID(LANG_SESOTHO, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_SESOTHO, SUBLANG_NEUTRAL"
		                 : L"Sesotho (st)";
	case 0x0430: // = MAKELANGID(LANG_SESOTHO, SUBLANG_SESOTHO_SOUTH_AFRICA)
		return bSymbolic ? L"LANG_SESOTHO, SUBLANG_SESOTHO_SOUTH_AFRICA"
		                 : L"Sesotho (st), South Africa (ZA)";
	case 0x0830: // = MAKELANGID(LANG_SESOTHO, SUBLANG_SESOTHO_BOTSWANA)
		return bSymbolic ? L"LANG_SESOTHO, SUBLANG_SESOTHO_BOTSWANA"
		                 : L"Sesotho (st), Botswana (BW)";
#endif
	case 0x0031: // = MAKELANGID(LANG_TSONGA, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_TSONGA, SUBLANG_NEUTRAL"
		                 : L"Tsonga (ts)";
	case 0x0431: // = MAKELANGID(LANG_TSONGA, SUBLANG_TSONGA_SOUTH_AFRICA)
		return bSymbolic ? L"LANG_TSONGA, SUBLANG_TSONGA_SOUTH_AFRICA"
		                 : L"Tsonga (ts), South Africa (ZA)";
	case 0x0831: // = MAKELANGID(LANG_TSONGA, SUBLANG_TSONGA_BOTSWANA)
		return bSymbolic ? L"LANG_TSONGA, SUBLANG_TSONGA_BOTSWANA"
		                 : L"Tsonga (ts), Botswana (BW)";
#if 0
	case 0x0032: // = MAKELANGID(LANG_TSWANA, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_TSWANA, SUBLANG_NEUTRAL"
		                 : L"Tswana (tn)";
	case 0x0432: // = MAKELANGID(LANG_TSWANA, SUBLANG_TSWANA_SOUTH_AFRICA)
		return bSymbolic ? L"LANG_TSWANA, SUBLANG_TSWANA_SOUTH_AFRICA"
		                 : L"Tswana (tn), South Africa (ZA)";
	case 0x0832: // = MAKELANGID(LANG_TSWANA, SUBLANG_TSWANA_BOTSWANA)
		return bSymbolic ? L"LANG_TSWANA, SUBLANG_TSWANA_BOTSWANA"
		                 : L"Tswana (tn), Botswana (BW)";
#else
	case 0x0032: // = MAKELANGID(LANG_SETSWANA, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_SETSWANA, SUBLANG_NEUTRAL"
		                 : L"Setswana (tn)";
	case 0x0432: // = MAKELANGID(LANG_SETSWANA, SUBLANG_SETSWANA_SOUTH_AFRICA)
		return bSymbolic ? L"LANG_SETSWANA, SUBLANG_SETSWANA_SOUTH_AFRICA"
		                 : L"Setswana (tn), South Africa (ZA)";
	case 0x0832: // = MAKELANGID(LANG_SETSWANA, SUBLANG_SETSWANA_BOTSWANA)
		return bSymbolic ? L"LANG_SETSWANA, SUBLANG_SETSWANA_BOTSWANA"
		                 : L"Setswana (tn), Botswana (BW)";
#endif
	case 0x0033: // = MAKELANGID(LANG_VENDA, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_VENDA, SUBLANG_NEUTRAL"
		                 : L"Venda (ve)";
	case 0x0433: // = MAKELANGID(LANG_VENDA, SUBLANG_VENDA_SOUTH_AFRICA)
		return bSymbolic ? L"LANG_VENDA, SUBLANG_VENDA_SOUTH_AFRICA"
		                 : L"Venda (ve), South Africa (ZA)";

	case 0x0034: // = MAKELANGID(LANG_XHOSA, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_XHOSA, SUBLANG_NEUTRAL"
		                 : L"Xhosa (xh)";
	case 0x0434: // = MAKELANGID(LANG_XHOSA, SUBLANG_XHOSA_SOUTH_AFRICA)
		return bSymbolic ? L"LANG_XHOSA, SUBLANG_XHOSA_SOUTH_AFRICA"
		                 : L"Xhosa (xh), South Africa (ZA)";

	case 0x0035: // = MAKELANGID(LANG_ZULU, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_ZULU, SUBLANG_NEUTRAL"
		                 : L"Zulu (zu)";
	case 0x0435: // = MAKELANGID(LANG_ZULU, SUBLANG_ZULU_SOUTH_AFRICA)
		return bSymbolic ? L"LANG_ZULU, SUBLANG_ZULU_SOUTH_AFRICA"
		                 : L"Zulu (zu), South Africa (ZA)";

	case 0x0036: // = MAKELANGID(LANG_AFRIKAANS, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_AFRIKAANS, SUBLANG_NEUTRAL"
		                 : L"Afrikaans (af)";
	case 0x0436: // = MAKELANGID(LANG_AFRIKAANS, SUBLANG_AFRIKAANS_SOUTH_AFRICA)
		return bSymbolic ? L"LANG_AFRIKAANS, SUBLANG_AFRIKAANS_SOUTH_AFRICA"
		                 : L"Afrikaans (af), South Africa (ZA)";

	case 0x0037: // = MAKELANGID(LANG_GEORGIAN, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_GEORGIAN, SUBLANG_NEUTRAL"
		                 : L"Georgian (ka)";
	case 0x0437: // = MAKELANGID(LANG_GEORGIAN, SUBLANG_GEORGIAN_GEORGIA)
		return bSymbolic ? L"LANG_GEORGIAN, SUBLANG_GEORGIAN_GEORGIA"
		                 : L"Georgian (ka), Georgia (GE)";

	case 0x0038: // = MAKELANGID(LANG_FAEROESE, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_FAEROESE, SUBLANG_NEUTRAL"
		                 : L"Faroese (fo)";
	case 0x0438: // = MAKELANGID(LANG_FAEROESE, SUBLANG_FAEROESE_FAROE_ISLANDS)
		return bSymbolic ? L"LANG_FAEROESE, SUBLANG_FAEROESE_FAROE_ISLANDS"
		                 : L"Faroese (fo), Faroe Islands (FO)";

	case 0x0039: // = MAKELANGID(LANG_HINDI, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_HINDI, SUBLANG_NEUTRAL"
		                 : L"Hindi (hi)";
	case 0x0439: // = MAKELANGID(LANG_HINDI, SUBLANG_HINDI_INDIA)
		return bSymbolic ? L"LANG_HINDI, SUBLANG_HINDI_INDIA"
		                 : L"Hindi (hi), India (IN)";

	case 0x003A: // = MAKELANGID(LANG_MALTESE, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_MALTESE, SUBLANG_NEUTRAL"
		                 : L"Maltese (mt)";
	case 0x043A: // = MAKELANGID(LANG_MALTESE, SUBLANG_MALTESE_MALTA)
		return bSymbolic ? L"LANG_MALTESE, SUBLANG_MALTESE_MALTA"
		                 : L"Maltese (mt), Malta (MT)";

	case 0x003B: // = MAKELANGID(LANG_SAMI, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_SAMI, SUBLANG_NEUTRAL"
		                 : L"Sami (se)";
	case 0x043B: // = MAKELANGID(LANG_SAMI, SUBLANG_SAMI_NORTHERN_NORWAY)
		return bSymbolic ? L"LANG_SAMI, SUBLANG_SAMI_NORTHERN_NORWAY"
		                 : L"Sami (se), Northern, Norway (NO)";
	case 0x083B: // = MAKELANGID(LANG_SAMI, SUBLANG_SAMI_NORTHERN_SWEDEN)
		return bSymbolic ? L"LANG_SAMI, SUBLANG_SAMI_NORTHERN_SWEDEN"
		                 : L"Sami (se), Northern, Sweden (SE)";
	case 0x0C3B: // = MAKELANGID(LANG_SAMI, SUBLANG_SAMI_NORTHERN_FINLAND)
		return bSymbolic ? L"LANG_SAMI, SUBLANG_SAMI_NORTHERN_FINLAND"
		                 : L"Sami (se), Northern, Finland (FI)";
	case 0x103B: // = MAKELANGID(LANG_SAMI, SUBLANG_SAMI_LULE_NORWAY)
		return bSymbolic ? L"LANG_SAMI, SUBLANG_SAMI_LULE_NORWAY"
		                 : L"Sami (smj), Lule, Norway (NO)";
	case 0x143B: // = MAKELANGID(LANG_SAMI, SUBLANG_SAMI_LULE_SWEDEN)
		return bSymbolic ? L"LANG_SAMI, SUBLANG_SAMI_LULE_SWEDEN"
		                 : L"Sami (smj), Lule, Sweden (SE)";
	case 0x183B: // = MAKELANGID(LANG_SAMI, SUBLANG_SAMI_SOUTHERN_NORWAY)
		return bSymbolic ? L"LANG_SAMI, SUBLANG_SAMI_SOUTHERN_NORWAY"
		                 : L"Sami (sma), Southern, Norway (NO)";
	case 0x1C3B: // = MAKELANGID(LANG_SAMI, SUBLANG_SAMI_SOUTHERN_SWEDEN)
		return bSymbolic ? L"LANG_SAMI, SUBLANG_SAMI_SOUTHERN_SWEDEN"
		                 : L"Sami (sma), Southern, Sweden (SE)";
	case 0x203B: // = MAKELANGID(LANG_SAMI, SUBLANG_SAMI_SKOLT_FINLAND)
		return bSymbolic ? L"LANG_SAMI, SUBLANG_SAMI_SKOLT_FINLAND"
		                 : L"Sami (sms), Skolt, Finland (FI)";
	case 0x243B: // = MAKELANGID(LANG_SAMI, SUBLANG_SAMI_INARI_FINLAND)
		return bSymbolic ? L"LANG_SAMI, SUBLANG_SAMI_INARI_FINLAND"
		                 : L"Sami (smn), Inari, Finland (FI)";
	case 0x703B: // = MAKELANGID(LANG_SAMI, SUBLANG_SAMI_INARI)
		return bSymbolic ? L"LANG_SAMI, SUBLANG_SAMI_INARI"
		                 : L"Sami (smn), Inari";
	case 0x743B: // = MAKELANGID(LANG_SAMI, SUBLANG_SAMI_SKOLT)
		return bSymbolic ? L"LANG_SAMI, SUBLANG_SAMI_SKOLT"
		                 : L"Sami (sms), Skolt";
	case 0x783B: // = MAKELANGID(LANG_SAMI, SUBLANG_SAMI)
		return bSymbolic ? L"LANG_SAMI, SUBLANG_SAMI"
		                 : L"Sami (sma)";
	case 0x7C3B: // = MAKELANGID(LANG_SAMI, SUBLANG_SAMI_LULE)
		return bSymbolic ? L"LANG_SAMI, SUBLANG_SAMI_LULE"
		                 : L"Sami (smj), Lule";

	case 0x003C: // = MAKELANGID(LANG_IRISH, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_IRISH, SUBLANG_NEUTRAL"
		                 : L"Irish (ga)";
	case 0x083C: // = MAKELANGID(LANG_IRISH, SUBLANG_IRISH_IRELAND)
		return bSymbolic ? L"LANG_IRISH, SUBLANG_IRISH_IRELAND"
		                 : L"Irish (ga), Ireland (IE)";

	case 0x003D: // = MAKELANGID(LANG_YIDDISH, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_YIDDISH, SUBLANG_NEUTRAL"
		                 : L"Yiddish (yi)";
	case 0x043D: // = MAKELANGID(LANG_YIDDISH, SUBLANG_YIDDISH_HEBREW)
		return bSymbolic ? L"LANG_YIDDISH, SUBLANG_YIDDISH_HEBREW"
		                 : L"Yiddish (yi), Hebrew (Hebr)";

	case 0x003E: // = MAKELANGID(LANG_MALAY, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_MALAY, SUBLANG_NEUTRAL"
		                 : L"Malay (ms)";
	case 0x043E: // = MAKELANGID(LANG_MALAY, SUBLANG_MALAY_MALAYSIA)
		return bSymbolic ? L"LANG_MALAY, SUBLANG_MALAY_MALAYSIA"
		                 : L"Malay (ms), Malaysia (MY)";
	case 0x083E: // = MAKELANGID(LANG_MALAY, SUBLANG_MALAY_BRUNEI_DARUSSALAM)
		return bSymbolic ? L"LANG_MALAY, SUBLANG_MALAY_BRUNEI_DARUSSALAM"
		                 : L"Malay (ms), Brunei Darussalam (BN)";

	case 0x003F: // = MAKELANGID(LANG_KAZAK, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_KAZAK, SUBLANG_NEUTRAL"
		                 : L"Kazakh (kk)";
	case 0x043F: // = MAKELANGID(LANG_KAZAK, SUBLANG_KAZAK_KAZAKHSTAN)
		return bSymbolic ? L"LANG_KAZAK, SUBLANG_KAZAK_KAZAKHSTAN"
		                 : L"Kazakh (kk), Kazakhstan (KZ)";

	case 0x0040: // = MAKELANGID(LANG_KYRGYZ, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_KYRGYZ, SUBLANG_NEUTRAL"
		                 : L"Kyrgyz (ky)";
	case 0x0440: // = MAKELANGID(LANG_KYRGYZ, SUBLANG_KYRGYZ_KYRGYZSTAN)
		return bSymbolic ? L"LANG_KYRGYZ, SUBLANG_KYRGYZ_KYRGYZSTAN"
		                 : L"Kyrgyz (ky), Kyrgyzstan (KG)";

	case 0x0041: // = MAKELANGID(LANG_SWAHILI, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_SWAHILI, SUBLANG_NEUTRAL"
		                 : L"Kiswahili (sw)";
#if 0
	case 0x0441: // = MAKELANGID(LANG_SWAHILI, SUBLANG_SWAHILI)
		return bSymbolic ? L"LANG_SWAHILI, SUBLANG_SWAHILI"
		                 : L"Kiswahili (sw), Kenya (KE)";
#else
	case 0x0441: // = MAKELANGID(LANG_SWAHILI, SUBLANG_SWAHILI_KENYA)
		return bSymbolic ? L"LANG_SWAHILI, SUBLANG_SWAHILI_KENYA"
		                 : L"Kiswahili (sw), Kenya (KE)";
#endif
	case 0x0042: // = MAKELANGID(LANG_TURKMEN, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_TURKMEN, SUBLANG_NEUTRAL"
		                 : L"Turkmen (tk)";
	case 0x0442: // = MAKELANGID(LANG_TURKMEN, SUBLANG_TURKMEN_TURKMENISTAN)
		return bSymbolic ? L"LANG_TURKMEN, SUBLANG_TURKMEN_TURKMENISTAN"
		                 : L"Turkmen (tk), Turkmenistan (TM)";

	case 0x0043: // = MAKELANGID(LANG_UZBEK, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_UZBEK, SUBLANG_NEUTRAL"
		                 : L"Uzbek (uz)";
	case 0x0443: // = MAKELANGID(LANG_UZBEK, SUBLANG_UZBEK_UZBEKISTAN_LATIN)
		return bSymbolic ? L"LANG_UZBEK, SUBLANG_UZBEK_UZBEKISTAN_LATIN"
		                 : L"Uzbek (uz), Latin (Latn), Uzbekistan (UZ)";
	case 0x0843: // = MAKELANGID(LANG_UZBEK, SUBLANG_UZBEK_UZBEKISTAN_CYRILLIC)
		return bSymbolic ? L"LANG_UZBEK, SUBLANG_UZBEK_UZBEKISTAN_CYRILLIC"
		                 : L"Uzbek (uz), Cyrillic (Cyrl), Uzbekistan (UZ)";
	case 0x7843: // = MAKELANGID(LANG_UZBEK, SUBLANG_UZBEK_CYRILLIC)
		return bSymbolic ? L"LANG_UZBEK, SUBLANG_UZBEK_CYRILLIC"
		                 : L"Uzbek (uz), Cyrillic (Cyrl)";
	case 0x7C43: // = MAKELANGID(LANG_UZBEK, SUBLANG_UZBEK_LATIN)
		return bSymbolic ? L"LANG_UZBEK, SUBLANG_UZBEK_LATIN"
		                 : L"Uzbek (uz), Latin (Latn)";

	case 0x0044: // = MAKELANGID(LANG_TATAR, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_TATAR, SUBLANG_NEUTRAL"
		                 : L"Tatar (tt)";
	case 0x0444: // = MAKELANGID(LANG_TATAR, SUBLANG_TATAR_RUSSIA)
		return bSymbolic ? L"LANG_TATAR, SUBLANG_TATAR_RUSSIA"
		                 : L"Tatar (tt), Russia (RU)";
	case 0x0844: // = MAKELANGID(LANG_TATAR, SUBLANG_TATAR_MONGOLIA)
		return bSymbolic ? L"LANG_TATAR, SUBLANG_TATAR_MONGOLIA"
		                 : L"Tatar (tt), Mongolia (MN)";
#if 0
	case 0x0045: // = MAKELANGID(LANG_BENGALI, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_BENGALI, SUBLANG_NEUTRAL"
		                 : L"Bengali (bn)";
	case 0x0445: // = MAKELANGID(LANG_BENGALI, SUBLANG_BENGALI_INDIA)
		return bSymbolic ? L"LANG_BENGALI, SUBLANG_BENGALI_INDIA"
		                 : L"Bengali (bn), India (IN)";
	case 0x0845: // = MAKELANGID(LANG_BENGALI, SUBLANG_BENGALI_BANGLADESH)
		return bSymbolic ? L"LANG_BENGALI, SUBLANG_BENGALI_BANGLADESH"
		                 : L"Bengali (bn), Bangladesh (BD)";
#else
	case 0x0045: // = MAKELANGID(LANG_BANGLA, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_BANGLA, SUBLANG_NEUTRAL"
		                 : L"Bangla (bn)";
	case 0x0445: // = MAKELANGID(LANG_BANGLA, SUBLANG_BANGLA_INDIA)
		return bSymbolic ? L"LANG_BANGLA, SUBLANG_BANGLA_INDIA"
		                 : L"Bangla (bn), India (IN)";
	case 0x0845: // = MAKELANGID(LANG_BANGLA, SUBLANG_BANGLA_BANGLADESH)
		return bSymbolic ? L"LANG_BANGLA, SUBLANG_BANGLA_BANGLADESH"
		                 : L"Bangla (bn), Bangladesh (BD)";
#endif
	case 0x0046: // = MAKELANGID(LANG_PUNJABI, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_PUNJABI, SUBLANG_NEUTRAL"
		                 : L"Punjabi (pa)";
	case 0x0446: // = MAKELANGID(LANG_PUNJABI, SUBLANG_PUNJABI_INDIA)
		return bSymbolic ? L"LANG_PUNJABI, SUBLANG_PUNJABI_INDIA"
		                 : L"Punjabi (pa), Gurmukhi script, India (IN)";
	case 0x0846: // = MAKELANGID(LANG_PUNJABI, SUBLANG_PUNJABI_PAKISTAN)
		return bSymbolic ? L"LANG_PUNJABI, SUBLANG_PUNJABI_PAKISTAN"
		                 : L"Punjabi (pa), Arabic (Arab), Pakistan (PK)";
	case 0x7C46: // = MAKELANGID(LANG_PUNJABI, SUBLANG_PUNJABI_ARABIC)
		return bSymbolic ? L"LANG_PUNJABI, SUBLANG_PUNJABI_ARABIC"
		                 : L"Punjabi (pa), Arabic (Arab)";

	case 0x0047: // = MAKELANGID(LANG_GUJARATI, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_GUJARATI, SUBLANG_NEUTRAL"
		                 : L"Gujarati (gu)";
	case 0x0447: // = MAKELANGID(LANG_GUJARATI, SUBLANG_GUJARATI_INDIA)
		return bSymbolic ? L"LANG_GUJARATI, SUBLANG_GUJARATI_INDIA"
		                 : L"Gujarati (gu), India (IN)";
#if 0
	case 0x0048: // = MAKELANGID(LANG_ORIYA, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_ORIYA, SUBLANG_NEUTRAL"
		                 : L"Oriya (or)";
	case 0x0448: // = MAKELANGID(LANG_ORIYA, SUBLANG_ORIYA_INDIA)
		return bSymbolic ? L"LANG_ORIYA, SUBLANG_ORIYA_INDIA"
		                 : L"Oriya (or), India (IN)";
#else
	case 0x0048: // = MAKELANGID(LANG_ODIA, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_ODIA, SUBLANG_NEUTRAL"
		                 : L"Odia (or)";
	case 0x0448: // = MAKELANGID(LANG_ODIA, SUBLANG_ODIA_INDIA)
		return bSymbolic ? L"LANG_ODIA, SUBLANG_ODIA_INDIA"
		                 : L"Odia (or), India (IN)";
#endif
	case 0x0049: // = MAKELANGID(LANG_TAMIL, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_TAMIL, SUBLANG_NEUTRAL"
		                 : L"Tamil (ta)";
	case 0x0449: // = MAKELANGID(LANG_TAMIL, SUBLANG_TAMIL_INDIA)
		return bSymbolic ? L"LANG_TAMIL, SUBLANG_TAMIL_INDIA"
		                 : L"Tamil (ta), India (IN)";
	case 0x0849: // = MAKELANGID(LANG_TAMIL, SUBLANG_TAMIL_SRI_LANKA)
		return bSymbolic ? L"LANG_TAMIL, SUBLANG_TAMIL_SRI_LANKA"
		                 : L"Tamil (ta), Sri Lanka (LK)";

	case 0x004A: // = MAKELANGID(LANG_TELUGU, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_TELUGU, SUBLANG_NEUTRAL"
		                 : L"Telugu (te)";
	case 0x044A: // = MAKELANGID(LANG_TELUGU, SUBLANG_TELUGU_INDIA)
		return bSymbolic ? L"LANG_TELUGU, SUBLANG_TELUGU_INDIA"
		                 : L"Telugu (te), India (IN)";

	case 0x004B: // = MAKELANGID(LANG_KANNADA, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_KANNADA, SUBLANG_NEUTRAL"
		                 : L"Kannada (kn)";
	case 0x044B: // = MAKELANGID(LANG_KANNADA, SUBLANG_KANNADA_INDIA)
		return bSymbolic ? L"LANG_KANNADA, SUBLANG_KANNADA_INDIA"
		                 : L"Kannada (kn), India (IN)";

	case 0x004C: // = MAKELANGID(LANG_MALAYALAM, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_MALAYALAM, SUBLANG_NEUTRAL"
		                 : L"Malayalam (ml)";
	case 0x044C: // = MAKELANGID(LANG_MALAYALAM, SUBLANG_MALAYALAM_INDIA)
		return bSymbolic ? L"LANG_MALAYALAM, SUBLANG_MALAYALAM_INDIA"
		                 : L"Malayalam (ml), India (IN)";

	case 0x004D: // = MAKELANGID(LANG_ASSAMESE, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_ASSAMESE, SUBLANG_NEUTRAL"
		                 : L"Assamese (as)";
	case 0x044D: // = MAKELANGID(LANG_ASSAMESE, SUBLANG_ASSAMESE_INDIA)
		return bSymbolic ? L"LANG_ASSAMESE, SUBLANG_ASSAMESE_INDIA"
		                 : L"Assamese (as), India (IN)";

	case 0x004E: // = MAKELANGID(LANG_MARATHI, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_MARATHI, SUBLANG_NEUTRAL"
		                 : L"Marathi (mr)";
	case 0x044E: // = MAKELANGID(LANG_MARATHI, SUBLANG_MARATHI_INDIA)
		return bSymbolic ? L"LANG_MARATHI, SUBLANG_MARATHI_INDIA"
		                 : L"Marathi (mr), India (IN)";

	case 0x004F: // = MAKELANGID(LANG_SANSKRIT, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_SANSKRIT, SUBLANG_NEUTRAL"
		                 : L"Sanskrit (sa)";
	case 0x044F: // = MAKELANGID(LANG_SANSKRIT, SUBLANG_SANSKRIT_INDIA)
		return bSymbolic ? L"LANG_SANSKRIT, SUBLANG_SANSKRIT_INDIA"
		                 : L"Sanskrit (sa), India (IN)";

	case 0x0050: // = MAKELANGID(LANG_MONGOLIAN, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_MONGOLIAN, SUBLANG_NEUTRAL"
		                 : L"Mongolian (mn)";
	case 0x0450: // = MAKELANGID(LANG_MONGOLIAN, SUBLANG_MONGOLIAN_CYRILLIC_MONGOLIA)
		return bSymbolic ? L"LANG_MONGOLIAN, SUBLANG_MONGOLIAN_CYRILLIC_MONGOLIA"
		                 : L"Mongolian (mn), Cyrillic (Cyrl), Mongolia (MN)";
	case 0x0850: // = MAKELANGID(LANG_MONGOLIAN, SUBLANG_MONGOLIAN_PRC)
		return bSymbolic ? L"LANG_MONGOLIAN, SUBLANG_MONGOLIAN_PRC"
		                 : L"Mongolian (mn), Mongolian (Mong), People\'s Republic of China (CN)";
	case 0x0C50: // = MAKELANGID(LANG_MONGOLIAN, SUBLANG_MONGOLIAN_MONGOLIAN_MONGOLIA)
		return bSymbolic ? L"LANG_MONGOLIAN, SUBLANG_MONGOLIAN_MONGOLIAN_MONGOLIA"
		                 : L"Mongolian (mn), Mongolian (Mong), Mongolia (MN)";
	case 0x7850: // = MAKELANGID(LANG_MONGOLIAN, SUBLANG_MONGOLIAN_CYRILLIC)
		return bSymbolic ? L"LANG_MONGOLIAN, SUBLANG_MONGOLIAN_CYRILLIC"
		                 : L"Mongolian (mn), Cyrillic (Cyrl)";
	case 0x7C50: // = MAKELANGID(LANG_MONGOLIAN, SUBLANG_MONGOLIAN_MONGOLIAN)
		return bSymbolic ? L"LANG_MONGOLIAN, SUBLANG_MONGOLIAN_MONGOLIAN"
		                 : L"Mongolian (mn), Mongolian (Mong)";

	case 0x0051: // = MAKELANGID(LANG_TIBETAN, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_TIBETAN, SUBLANG_NEUTRAL"
		                 : L"Tibetan (bo)";
	case 0x0451: // = MAKELANGID(LANG_TIBETAN, SUBLANG_TIBETAN_PRC)
		return bSymbolic ? L"LANG_TIBETAN, SUBLANG_TIBETAN_PRC"
		                 : L"Tibetan (bo), People\'s Republic of China (CN)";
	case 0x0851: // = MAKELANGID(LANG_TIBETAN, SUBLANG_TIBETAN_BHUTAN)
		return bSymbolic ? L"LANG_TIBETAN, SUBLANG_TIBETAN_BHUTAN"
		                 : L"Tibetan (bo), Bhutan (BT)";
	case 0x0C51: // = MAKELANGID(LANG_DZONGKHA, SUBLANG_DZONGKHA_BHUTAN)
		return bSymbolic ? L"LANG_DZONGKHA, SUBLANG_DZONGKHA_BHUTAN"
		                 : L"Dzongkha (dz), Bhutan (BT)";

	case 0x0052: // = MAKELANGID(LANG_WELSH, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_WELSH, SUBLANG_NEUTRAL"
		                 : L"Welsh (cy)";
	case 0x0452: // = MAKELANGID(LANG_WELSH, SUBLANG_WELSH_UNITED_KINGDOM)
		return bSymbolic ? L"LANG_WELSH, SUBLANG_WELSH_UNITED_KINGDOM"
		                 : L"Welsh (cy), United Kingdom (GB)";

	case 0x0053: // = MAKELANGID(LANG_KHMER, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_KHMER, SUBLANG_NEUTRAL"
		                 : L"Khmer (kh)";
	case 0x0453: // = MAKELANGID(LANG_KHMER, SUBLANG_KHMER_CAMBODIA)
		return bSymbolic ? L"LANG_KHMER, SUBLANG_KHMER_CAMBODIA"
		                 : L"Khmer (kh), Cambodia (KH)";

	case 0x0054: // = MAKELANGID(LANG_LAO, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_LAO, SUBLANG_NEUTRAL"
		                 : L"Lao (lo)";
	case 0x0454: // = MAKELANGID(LANG_LAO, SUBLANG_LAO_LAO)
		return bSymbolic ? L"LANG_LAO, SUBLANG_LAO_LAO"
		                 : L"Lao (lo), Lao P.D.R. (LA)";
#if 0
	case 0x0055: // = MAKELANGID(LANG_BIRMESE, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_BIRMESE, SUBLANG_NEUTRAL"
		                 : L"Birmese (my)";
	case 0x0455: // = MAKELANGID(LANG_BIRMESE, SUBLANG_BIRMESE_MYANMAR)
		return bSymbolic ? L"LANG_BIRMESE, SUBLANG_BIRMESE_MYANMAR"
		                 : L"Birmese (my), Myanmar (MM)";
#else
	case 0x0055: // = MAKELANGID(LANG_BURMESE, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_BURMESE, SUBLANG_NEUTRAL"
		                 : L"Burmese (my)";
	case 0x0455: // = MAKELANGID(LANG_BURMESE, SUBLANG_BURMESE_MYANMAR)
		return bSymbolic ? L"LANG_BURMESE, SUBLANG_BURMESE_MYANMAR"
		                 : L"Burmese (my), Myanmar (MM)";
#endif
	case 0x0056: // = MAKELANGID(LANG_GALICIAN, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_GALICIAN, SUBLANG_NEUTRAL"
		                 : L"Galician (gl)";
	case 0x0456: // = MAKELANGID(LANG_GALICIAN, SUBLANG_GALICIAN_GALICIAN)
		return bSymbolic ? L"LANG_GALICIAN, SUBLANG_GALICIAN_GALICIAN"
		                 : L"Galician (gl), Spain (ES)";

	case 0x0057: // = MAKELANGID(LANG_KONKANI, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_KONKANI, SUBLANG_NEUTRAL"
		                 : L"Konkani (kok)";
	case 0x0457: // = MAKELANGID(LANG_KONKANI, SUBLANG_KONKANI_INDIA)
		return bSymbolic ? L"LANG_KONKANI, SUBLANG_KONKANI_INDIA"
		                 : L"Konkani (kok), India (IN)";

	case 0x0058: // = MAKELANGID(LANG_MANIPURI, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_MANIPURI, SUBLANG_NEUTRAL"
		                 : L"Manipuri (mni)";
	case 0x0458: // = MAKELANGID(LANG_MANIPURI, SUBLANG_MANIPURI_INDIA)
		return bSymbolic ? L"LANG_MANIPURI, SUBLANG_MANIPURI_INDIA"
		                 : L"Manipuri (mni), India (IN)";

	case 0x0059: // = MAKELANGID(LANG_SINDHI, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_SINDHI, SUBLANG_NEUTRAL"
		                 : L"Sindhi (sd)";
	case 0x0459: // = MAKELANGID(LANG_SINDHI, SUBLANG_SINDHI_INDIA_DEVANAGARI)
		return bSymbolic ? L"LANG_SINDHI, SUBLANG_SINDHI_INDIA_DEVANAGARI"
		                 : L"Sindhi (sd), Devanagari (Deva), India (IN)";
	case 0x0859: // = MAKELANGID(LANG_SINDHI, SUBLANG_SINDHI_PAKISTAN)
		return bSymbolic ? L"LANG_SINDHI, SUBLANG_SINDHI_PAKISTAN"
		                 : L"Sindhi (sd), Arabic (Arab), Pakistan (PK)";
	case 0x0C59: // = MAKELANGID(LANG_SINDHI, SUBLANG_SINDHI_AFGHANISTAN)
		return bSymbolic ? L"LANG_SINDHI, SUBLANG_SINDHI_AFGHANISTAN"
		                 : L"Sindhi (sd), Afghanistan (AF)";
	case 0x7C59: // = MAKELANGID(LANG_SINDHI, SUBLANG_SINDHI_ARABIC)
		return bSymbolic ? L"LANG_SINDHI, SUBLANG_SINDHI_ARABIC"
		                 : L"Sindhi (sd), Arabic (Arab)";

	case 0x005A: // = MAKELANGID(LANG_SYRIAC, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_SYRIAC, SUBLANG_NEUTRAL"
		                 : L"Syriac (syr)";
#if 0
	case 0x045A: // = MAKELANGID(LANG_SYRIAC, SUBLANG_SYRIAC)
		return bSymbolic ? L"LANG_SYRIAC, SUBLANG_SYRIAC"
		                 : L"Syriac (syr), Syria (SY)";
#else
	case 0x045A: // = MAKELANGID(LANG_SYRIAC, SUBLANG_SYRIAC_SYRIA)
		return bSymbolic ? L"LANG_SYRIAC, SUBLANG_SYRIAC_SYRIA"
		                 : L"Syriac (syr), Syria (SY)";
#endif
	case 0x005B: // = MAKELANGID(LANG_SINHALESE, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_SINHALESE, SUBLANG_NEUTRAL"
		                 : L"Sinhala (si)";
	case 0x045B: // = MAKELANGID(LANG_SINHALESE, SUBLANG_SINHALESE_SRI_LANKA)
		return bSymbolic ? L"LANG_SINHALESE, SUBLANG_SINHALESE_SRI_LANKA"
		                 : L"Sinhala (si), Sri Lanka (LK)";

	case 0x005C: // = MAKELANGID(LANG_CHEROKEE, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_CHEROKEE, SUBLANG_NEUTRAL"
		                 : L"Cherokee (chr)";
	case 0x045C: // = MAKELANGID(LANG_CHEROKEE, SUBLANG_CHEROKEE_US)
		return bSymbolic ? L"LANG_CHEROKEE, SUBLANG_CHEROKEE_US"
		                 : L"Cherokee (chr), Cherokee (Cher), United States (US)";
	case 0x7C5C: // = MAKELANGID(LANG_CHEROKEE, SUBLANG_CHEROKEE_CHEROKEE)
		return bSymbolic ? L"LANG_CHEROKEE, SUBLANG_CHEROKEE_CHEROKEE"
		                 : L"Cherokee (chr), Cherokee (Cher)";

	case 0x005D: // = MAKELANGID(LANG_INUKTITUT, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_INUKTITUT, SUBLANG_NEUTRAL"
		                 : L"Inuktitut (iu)";
	case 0x045D: // = MAKELANGID(LANG_INUKTITUT, SUBLANG_INUKTITUT_CANADA)
		return bSymbolic ? L"LANG_INUKTITUT, SUBLANG_INUKTITUT_CANADA"
		                 : L"Inuktitut (iu), Syllabic (Cans), Canada (CA)";
	case 0x085D: // = MAKELANGID(LANG_INUKTITUT, SUBLANG_INUKTITUT_CANADA_LATIN)
		return bSymbolic ? L"LANG_INUKTITUT, SUBLANG_INUKTITUT_CANADA_LATIN"
		                 : L"Inuktitut (iu), Latin (Latn), Canada (CA)";
	case 0x785D: // = MAKELANGID(LANG_INUKTITUT, SUBLANG_INUKTITUT)
		return bSymbolic ? L"LANG_INUKTITUT, SUBLANG_INUKTITUT"
		                 : L"Inuktitut (iu), Syllabic (Cans)";
	case 0x7C5D: // = MAKELANGID(LANG_INUKTITUT, SUBLANG_INUKTITUT_LATIN)
		return bSymbolic ? L"LANG_INUKTITUT, SUBLANG_INUKTITUT_LATIN"
		                 : L"Inuktitut (iu), Latin (Latn)";

	case 0x005E: // = MAKELANGID(LANG_AMHARIC, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_AMHARIC, SUBLANG_NEUTRAL"
		                 : L"Amharic (am)";
	case 0x045E: // = MAKELANGID(LANG_AMHARIC, SUBLANG_AMHARIC_ETHIOPIA)
		return bSymbolic ? L"LANG_AMHARIC, SUBLANG_AMHARIC_ETHIOPIA"
		                 : L"Amharic (am), Ethiopia (ET)";

	case 0x005F: // = MAKELANGID(LANG_TAMAZIGHT, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_TAMAZIGHT, SUBLANG_NEUTRAL"
		                 : L"Tamazight (tzm)";
	case 0x045F: // = MAKELANGID(LANG_TAMAZIGHT, SUBLANG_TAMAZIGHT_MOROCCO_ARABIC)
		return bSymbolic ? L"LANG_TAMAZIGHT, SUBLANG_TAMAZIGHT_MOROCCO_ARABIC"
		                 : L"Tamazight (tmz), Arabic (Arab), Morocco (MA)";
	case 0x085F: // = MAKELANGID(LANG_TAMAZIGHT, SUBLANG_TAMAZIGHT_ALGERIA_LATIN)
		return bSymbolic ? L"LANG_TAMAZIGHT, SUBLANG_TAMAZIGHT_ALGERIA_LATIN"
		                 : L"Tamazight (tzm), Latin (Latn), Algeria (DZ)";
	case 0x0C5F: // = MAKELANGID(LANG_TAMANAKU, SUBLANG_TAMANAKU_MOROCCO)
		return bSymbolic ? L"LANG_TAMANAKU, SUBLANG_TAMANAKU_MOROCCO"
		                 : L"Tamanaku (tmz), Morocco (MA)";
	case 0x105F: // = MAKELANGID(LANG_TAMAZIGHT, SUBLANG_TAMAZIGHT_MOROCCO_TIFINAGH)
		return bSymbolic ? L"LANG_TAMAZIGHT, SUBLANG_TAMAZIGHT_MOROCCO_TIFINAGH"
		                 : L"Tamazight (tzm), Tifinagh (Tfng), Morocco (MA)";
	case 0x785F: // = MAKELANGID(LANG_TAMAZIGHT, SUBLANG_TAMAZIGHT_TIFINAGH)
		return bSymbolic ? L"LANG_TAMAZIGHT, SUBLANG_TAMAZIGHT_TIFINAGH"
		                 : L"Tamazight (tzm), Tifinagh (Tfng)";
	case 0x7C5F: // = MAKELANGID(LANG_TAMAZIGHT, SUBLANG_TAMAZIGHT_LATIN)
		return bSymbolic ? L"LANG_TAMAZIGHT, SUBLANG_TAMAZIGHT_LATIN"
		                 : L"Tamazight (tzm), Latin (Latn)";

	case 0x0060: // = MAKELANGID(LANG_KASHMIRI, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_KASHMIRI, SUBLANG_NEUTRAL"
		                 : L"Kashmiri (ks)";
	case 0x0460: // = MAKELANGID(LANG_KASHMIRI, SUBLANG_KASHMIRI_ARABIC)
		return bSymbolic ? L"LANG_KASHMIRI, SUBLANG_KASHMIRI_ARABIC"
		                 : L"Kashmiri (ks), Arabic (Arab)";
#if 0
	case 0x0860: // = MAKELANGID(LANG_KASHMIRI, SUBLANG_KASHMIRI_INDIA)
		return bSymbolic ? L"LANG_KASHMIRI, SUBLANG_KASHMIRI_INDIA"
		                 : L"Kashmiri (ks), India (IN)";
#elif 0
	case 0x0860: // = MAKELANGID(LANG_KASHMIRI, SUBLANG_KASHMIRI_SASIA)
		return bSymbolic ? L"LANG_KASHMIRI, SUBLANG_KASHMIRI_SASIA"
		                 : L"Kashmiri (ks), South Asia";
#else
	case 0x0860: // = MAKELANGID(LANG_KASHMIRI, SUBLANG_KASHMIRI_DEVANAGARI)
		return bSymbolic ? L"LANG_KASHMIRI, SUBLANG_KASHMIRI_DEVANAGARI"
		                 : L"Kashmiri (ks), Devanagari (Deva)";
#endif
	case 0x0061: // = MAKELANGID(LANG_NEPALI, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_NEPALI, SUBLANG_NEUTRAL"
		                 : L"Nepali (ne)";
	case 0x0461: // = MAKELANGID(LANG_NEPALI, SUBLANG_NEPALI_NEPAL)
		return bSymbolic ? L"LANG_NEPALI, SUBLANG_NEPALI_NEPAL"
		                 : L"Nepali (ne), Nepal (NP)";
	case 0x0861: // = MAKELANGID(LANG_NEPALI, SUBLANG_NEPALI_INDIA)
		return bSymbolic ? L"LANG_NEPALI, SUBLANG_NEPALI_INDIA"
		                 : L"Nepali (ne), India (IN)";

	case 0x0062: // = MAKELANGID(LANG_FRISIAN, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_FRISIAN, SUBLANG_NEUTRAL"
		                 : L"Frisian (fy)";
	case 0x0462: // = MAKELANGID(LANG_FRISIAN, SUBLANG_FRISIAN_NETHERLANDS)
		return bSymbolic ? L"LANG_FRISIAN, SUBLANG_FRISIAN_NETHERLANDS"
		                 : L"Frisian (fy), Netherlands (NL)";

	case 0x0063: // = MAKELANGID(LANG_PASHTO, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_PASHTO, SUBLANG_NEUTRAL"
		                 : L"Pashto (ps)";
	case 0x0463: // = MAKELANGID(LANG_PASHTO, SUBLANG_PASHTO_AFGHANISTAN)
		return bSymbolic ? L"LANG_PASHTO, SUBLANG_PASHTO_AFGHANISTAN"
		                 : L"Pashto (ps), Afghanistan (AF)";

	case 0x0064: // = MAKELANGID(LANG_FILIPINO, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_FILIPINO, SUBLANG_NEUTRAL"
		                 : L"Filipino (fil)";
	case 0x0464: // = MAKELANGID(LANG_FILIPINO, SUBLANG_FILIPINO_PHILIPPINES)
		return bSymbolic ? L"LANG_FILIPINO, SUBLANG_FILIPINO_PHILIPPINES"
		                 : L"Filipino (fil), Philippines (PH)";

	case 0x0065: // = MAKELANGID(LANG_DIVEHI, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_DIVEHI, SUBLANG_NEUTRAL"
		                 : L"Divehi (div)";
	case 0x0465: // = MAKELANGID(LANG_DIVEHI, SUBLANG_DIVEHI_MALDIVES)
		return bSymbolic ? L"LANG_DIVEHI, SUBLANG_DIVEHI_MALDIVES"
		                 : L"Divehi (div), Maldives (MV)";

	case 0x0066: // = MAKELANGID(LANG_EDO, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_EDO, SUBLANG_NEUTRAL"
		                 : L"Bini / Edo (bin)";
	case 0x0466: // = MAKELANGID(LANG_EDO, SUBLANG_EDO_NIGERIA)
		return bSymbolic ? L"LANG_EDO, SUBLANG_EDO_NIGERIA"
		                 : L"Bini / Edo (bin), Nigeria (NG)";

	case 0x0067: // = MAKELANGID(LANG_FULAH, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_FULAH, SUBLANG_NEUTRAL"
		                 : L"Fulah (ff)";
	case 0x0467: // = MAKELANGID(LANG_FULAH, SUBLANG_FULAH_NIGERIA)
		return bSymbolic ? L"LANG_FULAH, SUBLANG_FULAH_NIGERIA"
		                 : L"Fulah (ff), Nigeria (NG)";
	case 0x0867: // = MAKELANGID(LANG_FULAH, SUBLANG_FULAH_SENEGAL)
		return bSymbolic ? L"LANG_FULAH, SUBLANG_FULAH_SENEGAL"
		                 : L"Fulah (ff), Latin (Latn), Senegal (SN)";
	case 0x7C67: // = MAKELANGID(LANG_FULAH, SUBLANG_FULAH_LATIN)
		return bSymbolic ? L"LANG_FULAH, SUBLANG_FULAH_LATIN"
		                 : L"Fulah (ff), Latin (Latn)";

	case 0x0068: // = MAKELANGID(LANG_HAUSA, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_HAUSA, SUBLANG_NEUTRAL"
		                 : L"Hausa (ha)";
	case 0x0468: // = MAKELANGID(LANG_HAUSA, SUBLANG_HAUSA_NIGERIA_LATIN)
		return bSymbolic ? L"LANG_HAUSA, SUBLANG_HAUSA_NIGERIA_LATIN"
		                 : L"Hausa (ha), Latin (Latn), Nigeria (NG)";
	case 0x7C68: // = MAKELANGID(LANG_HAUSA, SUBLANG_HAUSA_LATIN)
		return bSymbolic ? L"LANG_HAUSA, SUBLANG_HAUSA_LATIN"
		                 : L"Hausa (ha), Latin (Latn)";

	case 0x0069: // = MAKELANGID(LANG_IBIBIO, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_IBIBIO, SUBLANG_NEUTRAL"
		                 : L"Ibibio (ibb)";
	case 0x0469: // = MAKELANGID(LANG_IBIBIO, SUBLANG_IBIBIO_NIGERIA)
		return bSymbolic ? L"LANG_IBIBIO, SUBLANG_IBIBIO_NIGERIA"
		                 : L"Ibibio (ibb), Nigeria (NG)";

	case 0x006A: // = MAKELANGID(LANG_YORUBA, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_YORUBA, SUBLANG_NEUTRAL"
		                 : L"Yoruba (yo)";
	case 0x046A: // = MAKELANGID(LANG_YORUBA, SUBLANG_YORUBA_NIGERIA)
		return bSymbolic ? L"LANG_YORUBA, SUBLANG_YORUBA_NIGERIA"
		                 : L"Yoruba (yo), Nigeria (NG)";

	case 0x006B: // = MAKELANGID(LANG_QUECHUA, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_QUECHUA, SUBLANG_NEUTRAL"
		                 : L"Quechua (quz)";
	case 0x046B: // = MAKELANGID(LANG_QUECHUA, SUBLANG_QUECHUA_BOLIVIA)
		return bSymbolic ? L"LANG_QUECHUA, SUBLANG_QUECHUA_BOLIVIA"
		                 : L"Quechua (quz), Bolivia (BO)";
	case 0x086B: // = MAKELANGID(LANG_QUECHUA, SUBLANG_QUECHUA_ECUADOR)
		return bSymbolic ? L"LANG_QUECHUA, SUBLANG_QUECHUA_ECUADOR"
		                 : L"Quechua (quz), Ecuador (EC)";
	case 0x0C6B: // = MAKELANGID(LANG_QUECHUA, SUBLANG_QUECHUA_PERU)
		return bSymbolic ? L"LANG_QUECHUA, SUBLANG_QUECHUA_PERU"
		                 : L"Quechua (quz), Peru (PE)";
#if 0
	case 0x006C: // = MAKELANGID(LANG_SOTHO, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_SOTHO, SUBLANG_NEUTRAL"
		                 : L"Sesotho sa Leboa (nso)";
	case 0x046C: // = MAKELANGID(LANG_SOTHO, SUBLANG_SOTHO_NORTHERN_SOUTH_AFRICA)
		return bSymbolic ? L"LANG_SOTHO, SUBLANG_SOTHO_NORTHERN_SOUTH_AFRICA"
		                 : L"Sesotho sa Leboa (nso), South Africa (ZA)";
#else
	case 0x006C: // = MAKELANGID(LANG_SESOTHO, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_SESOTHO, SUBLANG_NEUTRAL"
		                 : L"Sesotho sa Leboa (nso)";
	case 0x046C: // = MAKELANGID(LANG_SESOTHO, SUBLANG_SESOTHO_NORTHERN_SOUTH_AFRICA)
		return bSymbolic ? L"LANG_SESOTHO, SUBLANG_SESOTHO_NORTHERN_SOUTH_AFRICA"
		                 : L"Sesotho sa Leboa (nso), South Africa (ZA)";
#endif
	case 0x006D: // = MAKELANGID(LANG_BASHKIR, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_BASHKIR, SUBLANG_NEUTRAL"
		                 : L"Bashkir (ba)";
	case 0x046D: // = MAKELANGID(LANG_BASHKIR, SUBLANG_BASHKIR_RUSSIA)
		return bSymbolic ? L"LANG_BASHKIR, SUBLANG_BASHKIR_RUSSIA"
		                 : L"Bashkir (ba), Russia (RU)";

	case 0x006E: // = MAKELANGID(LANG_LUXEMBOURGISH, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_LUXEMBOURGISH, SUBLANG_NEUTRAL"
		                 : L"Luxembourgish (lb)";
	case 0x046E: // = MAKELANGID(LANG_LUXEMBOURGISH, SUBLANG_LUXEMBOURGISH_LUXEMBOURG)
		return bSymbolic ? L"LANG_LUXEMBOURGISH, SUBLANG_LUXEMBOURGISH_LUXEMBOURG"
		                 : L"Luxembourgish (lb), Luxembourg (LU)";
#if 0
	case 0x006F: // = MAKELANGID(LANG_GREENLANDIC, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_GREENLANDIC, SUBLANG_NEUTRAL"
		                 : L"Greenlandic (kl)";
	case 0x046F: // = MAKELANGID(LANG_GREENLANDIC, SUBLANG_GREENLANDIC_GREENLAND)
		return bSymbolic ? L"LANG_GREENLANDIC, SUBLANG_GREENLANDIC_GREENLAND"
		                 : L"Greenlandic (kl), Greenland (GL)";
#else
	case 0x006F: // = MAKELANGID(LANG_KALAALLISUT, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_KALAALLISUT, SUBLANG_NEUTRAL"
		                 : L"Kalaallisut (kl)";
	case 0x046F: // = MAKELANGID(LANG_KALAALLISUT, SUBLANG_KALAALLISUT_GREENLAND)
		return bSymbolic ? L"LANG_KALAALLISUT, SUBLANG_KALAALLISUT_GREENLAND"
		                 : L"Kalaallisut (kl), Greenland (GL)";
#endif
	case 0x0070: // = MAKELANGID(LANG_IGBO, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_IGBO, SUBLANG_NEUTRAL"
		                 : L"Igbo (ig)";
	case 0x0470: // = MAKELANGID(LANG_IGBO, SUBLANG_IGBO_NIGERIA)
		return bSymbolic ? L"LANG_IGBO, SUBLANG_IGBO_NIGERIA"
		                 : L"Igbo (ig), Nigeria (NG)";

	case 0x0071: // = MAKELANGID(LANG_KANURI, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_KANURI, SUBLANG_NEUTRAL"
		                 : L"Kanuri (kr)";
	case 0x0471: // = MAKELANGID(LANG_KANURI, SUBLANG_KANURI_NIGERIA)
		return bSymbolic ? L"LANG_KANURI, SUBLANG_KANURI_NIGERIA"
		                 : L"Kanuri (kr), Nigeria (NG)";

	case 0x0072: // = MAKELANGID(LANG_OROMO, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_OROMO, SUBLANG_NEUTRAL"
		                 : L"Oromo (om)";
	case 0x0472: // = MAKELANGID(LANG_OROMO, SUBLANG_OROMO_ETHIOPIA)
		return bSymbolic ? L"LANG_OROMO, SUBLANG_OROMO_ETHIOPIA"
		                 : L"Oromo (om), Ethiopia (ET)";
#if 0
	case 0x0073: // = MAKELANGID(LANG_TIGRIGNA, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_TIGRIGNA, SUBLANG_NEUTRAL"
		                 : L"Tigrigna (ti)";
	case 0x0473: // = MAKELANGID(LANG_TIGRIGNA, SUBLANG_TIGRIGNA_ETHIOPIA)
		return bSymbolic ? L"LANG_TIGRIGNA, SUBLANG_TIGRIGNA_ETHIOPIA"
		                 : L"Tigrigna (ti), Ethiopia (ET)";
	case 0x0873: // = MAKELANGID(LANG_TIGRIGNA, SUBLANG_TIGRIGNA_ERITREA)
		return bSymbolic ? L"LANG_TIGRIGNA, SUBLANG_TIGRIGNA_ERITREA"
		                 : L"Tigrigna (ti), Eritrea (ER)";
#else
	case 0x0073: // = MAKELANGID(LANG_TIGRINYA, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_TIGRINYA, SUBLANG_NEUTRAL"
		                 : L"Tigrinya (ti)";
	case 0x0473: // = MAKELANGID(LANG_TIGRINYA, SUBLANG_TIGRINYA_ETHIOPIA)
		return bSymbolic ? L"LANG_TIGRINYA, SUBLANG_TIGRINYA_ETHIOPIA"
		                 : L"Tigrinya (ti), Ethiopia (ET)";
	case 0x0873: // = MAKELANGID(LANG_TIGRINYA, SUBLANG_TIGRINYA_ERITREA)
		return bSymbolic ? L"LANG_TIGRINYA, SUBLANG_TIGRINYA_ERITREA"
		                 : L"Tigrinya (ti), Eritrea (ER)";
#endif
	case 0x0074: // = MAKELANGID(LANG_GUARANI, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_GUARANI, SUBLANG_NEUTRAL"
		                 : L"Guarani (gn)";
	case 0x0474: // = MAKELANGID(LANG_GUARANI, SUBLANG_GUARANI_PARAGUAY)
		return bSymbolic ? L"LANG_GUARANI, SUBLANG_GUARANI_PARAGUAY"
		                 : L"Guarani (gn), Paraguay (PY)";

	case 0x0075: // = MAKELANGID(LANG_HAWAIIAN, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_HAWAIIAN, SUBLANG_NEUTRAL"
		                 : L"Hawaiian (haw)";
	case 0x0475: // = MAKELANGID(LANG_HAWAIIAN, SUBLANG_HAWAIIAN_US)
		return bSymbolic ? L"LANG_HAWAIIAN, SUBLANG_HAWAIIAN_US"
		                 : L"Hawaiian (haw), United States (US)";

	case 0x0076: // = MAKELANGID(LANG_LATIN, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_LATIN, SUBLANG_NEUTRAL"
		                 : L"Latin (la)";
	case 0x0476: // = MAKELANGID(LANG_LATIN, SUBLANG_LATIN_VATICAN)
		return bSymbolic ? L"LANG_LATIN, SUBLANG_LATIN_VATICAN"
		                 : L"Latin (la), Vatican (VA)";

	case 0x0077: // = MAKELANGID(LANG_SOMALI, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_SOMALI, SUBLANG_NEUTRAL"
		                 : L"Somali (so)";
	case 0x0477: // = MAKELANGID(LANG_SOMALI, SUBLANG_SOMALI_SOMALIA)
		return bSymbolic ? L"LANG_SOMALI, SUBLANG_SOMALI_SOMALIA"
		                 : L"Somali (so), Somalia (SO)";

	case 0x0078: // = MAKELANGID(LANG_YI, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_YI, SUBLANG_NEUTRAL"
		                 : L"Yi (ii)";
	case 0x0478: // = MAKELANGID(LANG_YI, SUBLANG_YI_PRC)
		return bSymbolic ? L"LANG_YI, SUBLANG_YI_PRC"
		                 : L"Yi (ii), People\'s Republic of China (CN)";

	case 0x0079: // = MAKELANGID(LANG_PAPIAMENTU, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_PAPIAMENTU, SUBLANG_NEUTRAL"
		                 : L"Papiamentu (pap)";
	case 0x0479: // = MAKELANGID(LANG_PAPIAMENTU, SUBLANG_PAPIAMENTU_ANTILLES)
		return bSymbolic ? L"LANG_PAPIAMENTU, SUBLANG_PAPIAMENTU_ANTILLES"
		                 : L"Papiamentu (pap), Netherlands Antilles (AN)";
	case 0x0879: // = MAKELANGID(LANG_PAPIAMENTU, SUBLANG_PAPIAMENTU_ARUBA)
		return bSymbolic ? L"LANG_PAPIAMENTU, SUBLANG_PAPIAMENTU_ARUBA"
		                 : L"Papiamentu (pap), Aruba (AW)";
#if 0
	case 0x007A: // = MAKELANGID(LANG_MAPUDUNGUN, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_MAPUDUNGUN, SUBLANG_NEUTRAL"
		                 : L"Mapudungun (arn)";
	case 0x047A: // = MAKELANGID(LANG_MAPUDUNGUN, SUBLANG_MAPUDUNGUN_CHILE)
		return bSymbolic ? L"LANG_MAPUDUNGUN, SUBLANG_MAPUDUNGUN_CHILE"
		                 : L"Mapudungun (arn), Chile (CL)";
#else
	case 0x007A: // = MAKELANGID(LANG_MAPUCHE, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_MAPUCHE, SUBLANG_NEUTRAL"
		                 : L"Mapuche (arn)";
	case 0x047A: // = MAKELANGID(LANG_MAPUCHE, SUBLANG_MAPUCHE_CHILE)
		return bSymbolic ? L"LANG_MAPUCHE, SUBLANG_MAPUCHE_CHILE"
		                 : L"Mapuche (arn), Chile (CL)";
#endif
	case 0x007C: // = MAKELANGID(LANG_MOHAWK, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_MOHAWK, SUBLANG_NEUTRAL"
		                 : L"Mohawk (moh)";
	case 0x047C: // = MAKELANGID(LANG_MOHAWK, SUBLANG_MOHAWK_MOHAWK)
		return bSymbolic ? L"LANG_MOHAWK, SUBLANG_MOHAWK_MOHAWK"
		                 : L"Mohawk (moh), Canada (CA)";

	case 0x007E: // = MAKELANGID(LANG_BRETON, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_BRETON, SUBLANG_NEUTRAL"
		                 : L"Breton (br)";
	case 0x047E: // = MAKELANGID(LANG_BRETON, SUBLANG_BRETON_FRANCE)
		return bSymbolic ? L"LANG_BRETON, SUBLANG_BRETON_FRANCE"
		                 : L"Breton (br), France (FR)";

	case 0x007F: // = MAKELANGID(LANG_INVARIANT, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_INVARIANT, SUBLANG_NEUTRAL"
		                 : L"Invariant Language, Invariant Country";

	case 0x0080: // = MAKELANGID(LANG_UIGHUR, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_UIGHUR, SUBLANG_NEUTRAL"
		                 : L"Uyghur (ug)";
	case 0x0480: // = MAKELANGID(LANG_UIGHUR, SUBLANG_UIGHUR_PRC)
		return bSymbolic ? L"LANG_UIGHUR, SUBLANG_UIGHUR_PRC"
		                 : L"Uyghur (ug), People\'s Republic of China (CN)";

	case 0x0081: // = MAKELANGID(LANG_MAORI, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_MAORI, SUBLANG_NEUTRAL"
		                 : L"Maori (mi)";
	case 0x0481: // = MAKELANGID(LANG_MAORI, SUBLANG_MAORI_NEW_ZEALAND)
		return bSymbolic ? L"LANG_MAORI, SUBLANG_MAORI_NEW_ZEALAND"
		                 : L"Maori (mi), New Zealand (NZ)";

	case 0x0082: // = MAKELANGID(LANG_OCCITAN, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_OCCITAN, SUBLANG_NEUTRAL"
		                 : L"Occitan (oc)";
	case 0x0482: // = MAKELANGID(LANG_OCCITAN, SUBLANG_OCCITAN_FRANCE)
		return bSymbolic ? L"LANG_OCCITAN, SUBLANG_OCCITAN_FRANCE"
		                 : L"Occitan (oc), France (FR)";

	case 0x0083: // = MAKELANGID(LANG_CORSICAN, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_CORSICAN, SUBLANG_NEUTRAL"
		                 : L"Corsican (co)";
	case 0x0483: // = MAKELANGID(LANG_CORSICAN, SUBLANG_CORSICAN_FRANCE)
		return bSymbolic ? L"LANG_CORSICAN, SUBLANG_CORSICAN_FRANCE"
		                 : L"Corsican (co), France (FR)";

	case 0x0084: // = MAKELANGID(LANG_ALSATIAN, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_ALSATIAN, SUBLANG_NEUTRAL"
		                 : L"Alsatian (gsw)";
	case 0x0484: // = MAKELANGID(LANG_ALSATIAN, SUBLANG_ALSATIAN_FRANCE)
		return bSymbolic ? L"LANG_ALSATIAN, SUBLANG_ALSATIAN_FRANCE"
		                 : L"Alsatian (gsw), France (FR)";
#if 0
	case 0x0085: // = MAKELANGID(LANG_YAKUT, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_YAKUT, SUBLANG_NEUTRAL"
		                 : L"Yakut (sah)";
	case 0x0485: // = MAKELANGID(LANG_YAKUT, SUBLANG_YAKUT_RUSSIA)
		return bSymbolic ? L"LANG_YAKUT, SUBLANG_YAKUT_RUSSIA"
		                 : L"Yakut (sah), Russia (RU)";
#else
	case 0x0085: // = MAKELANGID(LANG_SAKHA, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_SAKHA, SUBLANG_NEUTRAL"
		                 : L"Sakha (sah)";
	case 0x0485: // = MAKELANGID(LANG_SAKHA, SUBLANG_SAKHA_RUSSIA)
		return bSymbolic ? L"LANG_SAKHA, SUBLANG_SAKHA_RUSSIA"
		                 : L"Sakha (sah), Russia (RU)";
#endif
	case 0x0086: // = MAKELANGID(LANG_KICHE, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_KICHE, SUBLANG_NEUTRAL"
		                 : L"K\'iche (qut)";
	case 0x0486: // = MAKELANGID(LANG_KICHE, SUBLANG_KICHE_GUATEMALA)
		return bSymbolic ? L"LANG_KICHE, SUBLANG_KICHE_GUATEMALA"
		                 : L"K\'iche (qut), Guatemala (GT)";
	case 0x7C86: // = MAKELANGID(LANG_KICHE, SUBLANG_KICHE_GUATEMALA)
		return bSymbolic ? L"LANG_KICHE, SUBLANG_KICHE_GUATEMALA"
		                 : L"K\'iche (qut), Guatemala (GT)";

	case 0x0087: // = MAKELANGID(LANG_KINYARWANDA, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_KINYARWANDA, SUBLANG_NEUTRAL"
		                 : L"Kinyarwanda (rw)";
	case 0x0487: // = MAKELANGID(LANG_KINYARWANDA, SUBLANG_KINYARWANDA_RWANDA)
		return bSymbolic ? L"LANG_KINYARWANDA, SUBLANG_KINYARWANDA_RWANDA"
		                 : L"Kinyarwanda (rw), Rwanda (RW)";

	case 0x0088: // = MAKELANGID(LANG_WOLOF, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_WOLOF, SUBLANG_NEUTRAL"
		                 : L"Wolof (wo)";
	case 0x0488: // = MAKELANGID(LANG_WOLOF, SUBLANG_WOLOF_SENEGAL)
		return bSymbolic ? L"LANG_WOLOF, SUBLANG_WOLOF_SENEGAL"
		                 : L"Wolof (wo), Senegal (SN)";

	case 0x008C: // = MAKELANGID(LANG_DARI, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_DARI, SUBLANG_NEUTRAL"
		                 : L"Dari (prs)";
	case 0x048C: // = MAKELANGID(LANG_DARI, SUBLANG_DARI_AFGHANISTAN)
		return bSymbolic ? L"LANG_DARI, SUBLANG_DARI_AFGHANISTAN"
		                 : L"Dari (prs), Afghanistan (AF)";

	case 0x008D: // = MAKELANGID(LANG_MALAGASY, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_MALAGASY, SUBLANG_NEUTRAL"
		                 : L"Plateau Malagasy (plt)";
	case 0x048D: // = MAKELANGID(LANG_MALAGASY, SUBLANG_MALAGASY_MADAGASCAR)
		return bSymbolic ? L"LANG_MALAGASY, SUBLANG_MALAGASY_MADAGASCAR"
		                 : L"Plateau Malagasy (plt), Madagascar (MG)";

	case 0x008E: // = MAKELANGID(LANG_YUE, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_YUE, SUBLANG_NEUTRAL"
		                 : L"Yue (yue)";
	case 0x048E: // = MAKELANGID(LANG_YUE, SUBLANG_YUE_HONGKONG)
		return bSymbolic ? L"LANG_YUE, SUBLANG_YUE_HONGKONG"
		                 : L"Yue (yue), Hongkong S.A.R. (HK)";

	case 0x008F: // = MAKELANGID(LANG_SHAN, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_SHAN, SUBLANG_NEUTRAL"
		                 : L"Tai Nüa (tdd)";
	case 0x048F: // = MAKELANGID(LANG_SHAN, SUBLANG_SHAN_PRC)
		return bSymbolic ? L"LANG_SHAN, SUBLANG_SHAN_PRC"
		                 : L"Tai Nüa (tdd), People\'s Republic of China (CN)";

	case 0x0090: // = MAKELANGID(LANG_TAILUE, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_TAILUE, SUBLANG_NEUTRAL"
		                 : L"Tai Lü (khb)";
	case 0x0490: // = MAKELANGID(LANG_TAILUE, SUBLANG_TAILUE_PRC)
		return bSymbolic ? L"LANG_TAILUE, SUBLANG_TAILUE_PRC"
		                 : L"Tai Lü (khb), People\'s Republic of China (CN)";

	case 0x0091: // = MAKELANGID(LANG_SCOTTISH_GAELIC, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_SCOTTISH_GAELIC, SUBLANG_NEUTRAL"
		                 : L"Scottish Gaelic (gd)";
	case 0x0491: // = MAKELANGID(LANG_SCOTTISH_GAELIC, SUBLANG_SCOTTISH_GAELIC)
		return bSymbolic ? L"LANG_SCOTTISH_GAELIC, SUBLANG_SCOTTISH_GAELIC"
		                 : L"Scottish Gaelic (gd), Great Britain (GB)";

	case 0x0092: // = MAKELANGID(LANG_CENTRAL_KURDISH, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_CENTRAL_KURDISH, SUBLANG_NEUTRAL"
		                 : L"Central Kurdish (ku)";
	case 0x0492: // = MAKELANGID(LANG_CENTRAL_KURDISH, SUBLANG_CENTRAL_KURDISH_IRAQ)
		return bSymbolic ? L"LANG_CENTRAL_KURDISH, SUBLANG_CENTRAL_KURDISH_IRAQ"
		                 : L"Central Kurdish (ku), Arabic (Arab), Iraq (IQ)";
	case 0x7C92: // = MAKELANGID(LANG_CENTRAL_KURDISH, SUBLANG_CENTRAL_KURDISH_ARABIC)
		return bSymbolic ? L"LANG_CENTRAL_KURDISH, SUBLANG_CENTRAL_KURDISH_ARABIC"
		                 : L"Central Kurdish (ku), Arabic (Arab)";

	case 0x0093: // = MAKELANGID(LANG_QUICHE, SUBLANG_NEUTRAL)
		return bSymbolic ? L"LANG_QUICHE, SUBLANG_NEUTRAL"
		                 : L"Quiche (quc)";
	case 0x0493: // = MAKELANGID(LANG_QUICHE, SUBLANG_QUICHE_COLOMBIA)
		return bSymbolic ? L"LANG_QUICHE, SUBLANG_QUICHE_COLOMBIA"
		                 : L"Quiche (quc), Colombia (CO)";

	case 0x0501: // = MAKELANGID(LANG_PSEUDO_BASE, SUBLANG_DEFAULT)
		return bSymbolic ? L"LANG_PSEUDO_BASE, SUBLANG_DEFAULT"
		                 : L"Pseudo locale language (qps), Base (ploc)";

	case 0x0901: // = MAKELANGID(LANG_PSEUDO_SELFHOST, SUBLANG_DEFAULT)
		return bSymbolic ? L"LANG_PSEUDO_SELFHOST, SUBLANG_DEFAULT"
		                 : L"Pseudo locale language (qps), Latin (Latn)";

	case 0x05FE: // = MAKELANGID(LANG_PSEUDO_EAST_ASIA, SUBLANG_DEFAULT)
		return bSymbolic ? L"LANG_PSEUDO_EAST_ASIA, SUBLANG_DEFAULT"
		                 : L"Pseudo locale language (qps), East Asian (ploca)";

	case 0x09FF: // = MAKELANGID(LANG_PSEUDO_MIRRORED, SUBLANG_PSEUDO_MIRRORED)
		return bSymbolic ? L"LANG_PSEUDO_MIRRORED, SUBLANG_PSEUDO_MIRRORED"
		                 : L"Pseudo locale language (qps), Mirrored (plocm)";

	default:
		return NULL;
	}
}

const	LPCWSTR	szFileOSHigh[] = {L"Unknown",				// VOS_UNKNOWN
		                  L"MS-DOS",				// VOS_DOS
		                  L"OS/2 (16-bit)",			// VOS_OS216
		                  L"OS/2 (32-bit)",			// VOS_OS232
		                  L"Windows NT",			// VOS_NT
		                  L"Windows CE"};			// VOS_WINCE

const	LPCWSTR	szFileOSLow[] = {L"Base",				// VOS__BASE
		                 L"Windows (16-bit)",			// VOS__WINDOWS16
		                 L"Presentation Manager (16-bit)",	// VOS__PM16
		                 L"Presentation Manager (32-bit)",	// VOS__PM32
		                 L"Windows (32-bit)"};			// VOS__WINDOWS32

const	LPCWSTR	szFileType[] = {L"Unknown",				// VFT_UNKNOWN
		                L"Application",				// VFT_APP
		                L"DLL",					// VFT_DLL
		                L"Driver",				// VFT_DRV
		                L"Font",				// VFT_FONT
		                L"Virtual Device",			// VFT_VXD
		                L"Undefined",
		                L"Static Library"};			// VFT_STATIC_LIB

const	LPCWSTR	szFileDriverType[] = {L"Unknown",			// VFT2_UNKNOWN
		                      L"Printer",			// VFT2_DRV_PRINTER
		                      L"Keyboard",			// VFT2_DRV_KEYBOARD
		                      L"Language",			// VFT2_DRV_LANGUAGE
		                      L"Display",			// VFT2_DRV_DISPLAY
		                      L"Mouse",				// VFT2_DRV_MOUSE
		                      L"Network",			// VFT2_DRV_NETWORK
		                      L"System",			// VFT2_DRV_SYSTEM
		                      L"Installable",			// VFT2_DRV_INSTALLABLE
		                      L"Sound",				// VFT2_DRV_SOUND
		                      L"Communications",		// VFT2_DRV_COMM
		                      L"Input Method",			// VFT2_DRV_INPUTMETHOD
		                      L"Versioned Printer"};		// VFT2_DRV_VERSIONED_PRINTER

const	LPCWSTR	szFileFontType[] = {L"Unknown",				// VFT2_UNKNOWN
		                    L"Raster",				// VFT2_FONT_RASTER
		                    L"Vector",				// VFT2_FONT_VECTOR
		                    L"TrueType"};			// VFT2_FONT_TRUETYPE

BOOL	WINAPI	Resource(HANDLE                   hConsole,
		         HANDLE                   hOutput,
		         BYTE                     *lpAddress,
		         IMAGE_RESOURCE_DIRECTORY *lpRoot,
		         IMAGE_RESOURCE_DIRECTORY *lpLevel,
		         LPCWSTR                  lpType,
		         LPCWSTR                  lpName,
		         DWORD                    dwLevel)	// 0, 1, 2
{
	BOOL	bOutput = TRUE;
	DWORD	dwUnicode;
	DWORD	dwMessage;
	DWORD	dwBlock;
	DWORD	dwEntry;
	DWORD	dw;
	LPVOID	lpManifest;

	VS_VERSIONINFO	*lpVersion;
	MUI_RESOURCE	*lpMUI;

	MESSAGE_RESOURCE_DATA	*lpTable;
	MESSAGE_RESOURCE_BLOCK	*lpBlock;
	MESSAGE_RESOURCE_ENTRY	*lpMessage;

	IMAGE_RESOURCE_DATA_ENTRY	*lpData;
	IMAGE_RESOURCE_DIR_STRING_U	*lpUnicode;
	IMAGE_RESOURCE_DIRECTORY_ENTRY	*lpEntry;

	for (lpEntry = (IMAGE_RESOURCE_DIRECTORY_ENTRY *) (lpLevel + 1),
	     dwEntry = 0;
	     dwEntry < lpLevel->NumberOfNamedEntries + lpLevel->NumberOfIdEntries;
	     dwEntry++)
	{
		if ((lpEntry[dwEntry].Name & IMAGE_RESOURCE_NAME_IS_STRING) == IMAGE_RESOURCE_NAME_IS_STRING)
		{
			lpUnicode = (IMAGE_RESOURCE_DIR_STRING_U *) ((BYTE *) lpRoot + (lpEntry[dwEntry].Name ^ IMAGE_RESOURCE_NAME_IS_STRING));

			bOutput &= PrintDirect(hOutput, L"\t\t\t\tName   = " + 2 - dwLevel, dwLevel + 11);
			bOutput &= PrintDirect(hOutput, lpUnicode->NameString, lpUnicode->Length);
			bOutput &= PrintString(hOutput, L"\r\n");
			bOutput &= PrintFormat(hOutput, L"\t\t\t\tOffset = 0x%08lX\r\n" + 2 - dwLevel, lpEntry[dwEntry].OffsetToData);

			if (dwLevel == 1)
				lpName = lpEntry[dwEntry].Id;
			else if (dwLevel == 0)
				lpType = lpEntry[dwEntry].Id;
		}
		else
			if (dwLevel > 1)
				bOutput &= PrintFormat(hOutput,
				                       L"\t\t\t\tLanguage = %hu (%ls)\r\n"
				                       L"\t\t\t\tOffset   = 0x%08lX\r\n",
				                       lpEntry[dwEntry].Id, ResourceLanguageName(lpEntry[dwEntry].Id, TRUE),
				                       lpEntry[dwEntry].OffsetToData);
			else if (dwLevel > 0)
			{
				bOutput &= PrintFormat(hOutput,
				                       L"\t\t\tId     = %hu\r\n"
				                       L"\t\t\tOffset = 0x%08lX\r\n",
				                       lpEntry[dwEntry].Id,
				                       lpEntry[dwEntry].OffsetToData);

				lpName = MAKEINTRESOURCE(lpEntry[dwEntry].Id);
			}
			else
			{
				bOutput &= PrintFormat(hOutput,
				                       L"\t\tType   = %hu (%ls)\r\n"
				                       L"\t\tOffset = 0x%08lX\r\n",
				                       lpEntry[dwEntry].Id, ResourceTypeName(lpEntry[dwEntry].Id),
				                       lpEntry[dwEntry].OffsetToData);

				lpType = MAKEINTRESOURCE(lpEntry[dwEntry].Id);
			}

		if ((lpEntry[dwEntry].OffsetToData & IMAGE_RESOURCE_DATA_IS_DIRECTORY) == IMAGE_RESOURCE_DATA_IS_DIRECTORY)
			bOutput &= Resource(hConsole,
			                    hOutput,
			                    lpAddress,
			                    lpRoot,
			                    (IMAGE_RESOURCE_DIRECTORY *) ((BYTE *) lpRoot + (lpEntry[dwEntry].OffsetToData ^ IMAGE_RESOURCE_DATA_IS_DIRECTORY)),
			                    lpType,
			                    lpName,
			                    dwLevel + 1);
		else
		{
			lpData = (IMAGE_RESOURCE_DATA_ENTRY *) ((BYTE *) lpRoot + lpEntry[dwEntry].OffsetToData);

			bOutput &= PrintFormat(hOutput,
			                       L"\t\t\t\t\tAddress   = 0x%08lX\r\n"
			                       L"\t\t\t\t\tSize      = %lu\r\n"
			                       L"\t\t\t\t\tCode Page = %lu\r\n"
			                       L"\t\t\t\t\tReserved  = 0x%08lX\r\n",
			                       lpData->OffsetToData,
			                       lpData->Size,
			                       lpData->CodePage,
			                       lpData->Reserved);

			if (IS_INTRESOURCE(lpType))
				switch ((WORD) lpType)
				{
				case RT_STRING:

					// NOTE: every RT_STRING resource, a STRINGTABLE, holds 16 UNICODE strings
					//       IMAGE_RESOURCE_DIR_STRING_U of up to 65535 characters each, which
					//       need not be L'\0' terminated and may contain L'\0', with their
					//       character count (including the terminating L'\0' if present)
					//       stored in front of them.

					for (lpUnicode = (IMAGE_RESOURCE_DIR_STRING_U *) (lpAddress + lpData->OffsetToData),
					     dwUnicode = 16; dwUnicode > 0; dwUnicode--,
					     lpUnicode = (IMAGE_RESOURCE_DIR_STRING_U *) (lpUnicode->NameString + lpUnicode->Length))
					{
						dw = lpUnicode->Length;

						if (dw == 0)
							continue;

						bOutput &= PrintFormat(hOutput,
						                       L"\t\t\t\t\t%6lu:\tLength = %lu\r\n"
						                       L"\t\t\t\t\t\tString = ",
							               IS_INTRESOURCE(lpName) ? (WORD) lpName * 16 - dwUnicode : 16 - dwUnicode, dw);

						while (dw-- > 0)
							if (lpUnicode->NameString[dw] < L' ')
								lpUnicode->NameString[dw] += L'\x2400';

						bOutput &= PrintDirect(hOutput, lpUnicode->NameString, lpUnicode->Length);
						bOutput &= PrintString(hOutput, L"\r\n");
					}

					break;

				case RT_MESSAGETABLE:

					for (lpTable = (MESSAGE_RESOURCE_DATA *) (lpAddress + lpData->OffsetToData),
					     lpBlock = lpTable->Blocks,
					     dwBlock = 0; dwBlock < lpTable->NumberOfBlocks; dwBlock++)
					{
						if (lpBlock[dwBlock].LowId == lpBlock[dwBlock].HighId)
							bOutput &= PrintFormat(hOutput,
							                       L"\t\t\t%6lu:\tMessage ID 0x%08lX\r\n",
							                       dwBlock, lpBlock[dwBlock].LowId);
						else
							bOutput &= PrintFormat(hOutput,
							                       L"\t\t\t%6lu:\tMessage IDs 0x%08lX to 0x%08lX\r\n",
							                       dwBlock, lpBlock[dwBlock].LowId, lpBlock[dwBlock].HighId);

						for (lpMessage = (MESSAGE_RESOURCE_ENTRY *) ((BYTE *) lpTable + lpBlock[dwBlock].OffsetToEntries),
						     dwMessage = lpBlock[dwBlock].LowId; dwMessage <= lpBlock[dwBlock].HighId; dwMessage++,
						     lpMessage = (MESSAGE_RESOURCE_ENTRY *) ((BYTE *) lpMessage + lpMessage->Length))
							if (lpMessage->Flags == MESSAGE_RESOURCE_UNICODE)
							{
								bOutput &= PrintFormat(hOutput,
								                       L"\t\t\t\t0x%08lX:\tSize = %hu\r\n"
								                       L"\t\t\t\t\t\tText = ",
								                       dwMessage, lpMessage->Length);

								for (dw = 0; dw < ((BYTE *) lpMessage + lpMessage->Length - lpMessage->Text) / sizeof(L'\0'); dw++)
									if (((LPWSTR) lpMessage->Text)[dw] < L' ')
										((LPWSTR) lpMessage->Text)[dw] += L'\x2400';

								bOutput &= PrintDirect(hOutput, lpMessage->Text, dw);
								bOutput &= PrintString(hOutput, L"\r\n");
							}
							else if (lpMessage->Flags == MESSAGE_RESOURCE_ANSI)
								bOutput &= PrintFormat(hOutput,
								                       L"\t\t\t\t0x%08lX:\tSize = %hu\r\n"
								                       L"\t\t\t\t\t\tText = %.999hs\r\n",
								                       dwMessage, lpMessage->Length, lpMessage->Text);
							else
								PrintConsole(hConsole,
								             L"Text type %hu of message 0x%08lX neither UNICODE nor ANSI!\n",
								             lpMessage->Flags, dwMessage);
					}

					break;

				case RT_VERSION:

					lpVersion = (VS_VERSIONINFO *) (lpAddress + lpData->OffsetToData);

					bOutput &= PrintFormat(hOutput,
					                       L"\t\t\t\t\tFixedFileInfo:\r\n"
					                       L"\t\t\t\t\t\tProduct Version   = %hu.%hu:%hu.%hu\r\n"
					                       L"\t\t\t\t\t\tModule Version    = %hu.%hu:%hu.%hu\r\n"
					                       L"\t\t\t\t\t\tModule Flags      = 0x%08lX\r\n"
					                       L"\t\t\t\t\t\tModule Type       = 0x%08lX (%ls)\r\n"
					                       L"\t\t\t\t\t\tModule Subtype    = 0x%08lX (%ls)\r\n"
					                       L"\t\t\t\t\t\tModule Time Stamp = 0x%08lX:%08lX\r\n"
					                       L"\t\t\t\t\t\tTarget OS         = %hu:%hu (%ls, %ls)\r\n",
					                       HIWORD(lpVersion->vsFFI.dwProductVersionMS), LOWORD(lpVersion->vsFFI.dwProductVersionMS),
					                       HIWORD(lpVersion->vsFFI.dwProductVersionLS), LOWORD(lpVersion->vsFFI.dwProductVersionLS),
					                       HIWORD(lpVersion->vsFFI.dwFileVersionMS), LOWORD(lpVersion->vsFFI.dwFileVersionMS),
					                       HIWORD(lpVersion->vsFFI.dwFileVersionLS), LOWORD(lpVersion->vsFFI.dwFileVersionLS),
					                       lpVersion->vsFFI.dwFileFlags,
					                       lpVersion->vsFFI.dwFileType,
					                       lpVersion->vsFFI.dwFileType < sizeof(szFileType) / sizeof(*szFileType) ? szFileType[lpVersion->vsFFI.dwFileType] : L"Undefined",
					                       lpVersion->vsFFI.dwFileSubtype,
					                       lpVersion->vsFFI.dwFileType == VFT_DRV ? (lpVersion->vsFFI.dwFileSubtype < sizeof(szFileDriverType) / sizeof(*szFileDriverType) ? szFileDriverType[lpVersion->vsFFI.dwFileSubtype] : L"Undefined") :
							       lpVersion->vsFFI.dwFileType == VFT_FONT ? (lpVersion->vsFFI.dwFileSubtype < sizeof(szFileFontType) / sizeof(*szFileFontType) ? szFileFontType[lpVersion->vsFFI.dwFileSubtype] : L"Undefined") : L"Undefined",
					                       lpVersion->vsFFI.dwFileDateMS,
					                       lpVersion->vsFFI.dwFileDateLS,
					                       HIWORD(lpVersion->vsFFI.dwFileOS), LOWORD(lpVersion->vsFFI.dwFileOS),
					                       HIWORD(lpVersion->vsFFI.dwFileOS) < sizeof(szFileOSHigh) / sizeof(*szFileOSHigh) ? szFileOSHigh[HIWORD(lpVersion->vsFFI.dwFileOS)] : L"Undefined",
					                       LOWORD(lpVersion->vsFFI.dwFileOS) < sizeof(szFileOSLow) / sizeof(*szFileOSLow) ? szFileOSLow[LOWORD(lpVersion->vsFFI.dwFileOS)] : L"Undefined");
					break;

				case RT_HTML:
				case RT_MANIFEST:

					lpManifest = lpAddress + lpData->OffsetToData;

					if (*(DWORD *) lpManifest == 0xFFFE0000)
						bOutput &= PrintString(hOutput, L"\t\t\t\t\tUTF-32BE\r\n");
					else if (*(DWORD *) lpManifest == 0x0000FEFF)
						bOutput &= PrintString(hOutput, L"\t\t\t\t\tUTF-32LE\r\n");
					else if (*(WCHAR *) lpManifest == L'\xFFFE')
						bOutput &= PrintString(hOutput, L"\t\t\t\t\tUTF-16BE\r\n");
					else if (*(WCHAR *) lpManifest == L'\xFEFF')
						bOutput &= PrintFormat(hOutput,
						                       L"\t\t\t\t\tUTF-16LE = %.999ls\r\n",
						                       (WCHAR *) lpManifest + 1);
					else if ((*(DWORD *) lpManifest & 0x00FFFFFF) == 0x00BFBBEF)
						bOutput &= PrintFormat(hOutput,
						                       L"\t\t\t\t\tUTF-8 = %.999hs\r\n",
						                       (CHAR *) lpManifest + 3);
					else if ((*(DWORD *) lpManifest == 0x2B762F2B)
					      || (*(DWORD *) lpManifest == 0x2F762F2B)
					      || (*(DWORD *) lpManifest == 0x38762F2B)
					      || (*(DWORD *) lpManifest == 0x39762F2B))
						bOutput &= PrintString(hOutput, L"\t\t\t\t\tUTF-7\r\n");
					else
						bOutput &= PrintFormat(hOutput,
						                       L"\t\t\t\t\tASCII = %.999hs\r\n",
						                       (CHAR *) lpManifest);
					break;

				// NOTE: insert code to handle other RT_* resource types here!

				default:
					break;
				}
			else
#if 0
				if (wcscmp(lpType, L"MUI") == 0)
#elif 0
				if (wmemcmp(lpType, L"MUI", sizeof("MUI")) == 0)
#else
				if (memcmp(lpType, L"MUI", sizeof(L"MUI")) == 0)
#endif
				{
					lpMUI = (MUI_RESOURCE *) (lpAddress + lpData->OffsetToData);

					if (lpMUI->dwSignature != MUI_RESOURCE_SIGNATURE)
						PrintConsole(hConsole,
						             L"Signature 0x%08lX of resource configuration data not 0x%08lX!\n",
						             lpMUI->dwSignature, MUI_RESOURCE_SIGNATURE);
					else
						bOutput &= PrintFormat(hOutput,
						                       L"\t\t\t\t\tResource Configuration Data:\r\n"
						                       L"\t\t\t\t\t\tVersion           = %hu.%hu\r\n"
						                       L"\t\t\t\t\t\tType              = %lu (%ls)\r\n"
						                       L"\t\t\t\t\t\tLanguage          = %ls\r\n"
						                       L"\t\t\t\t\t\tFallback Language = %ls\r\n"
						                       L"\t\t\t\t\t\tFallback Location = %lu (%ls)\r\n"
						                       L"\t\t\t\t\t\tSystem Attributes = 0x%08lX\r\n"
						                       L"\t\t\t\t\t\tMain Checksum     = %08lX %08lX %08lX %08lX\r\n"
						                       L"\t\t\t\t\t\tService Checksum  = %08lX %08lX %08lX %08lX\r\n",
						                       HIWORD(lpMUI->dwVersion), LOWORD(lpMUI->dwVersion),
						                       lpMUI->dwFileType, MUIFileType(lpMUI->dwFileType),
						                       lpMUI->dwLanguageNameOffset == 0 ? NULL : (BYTE *) lpMUI + lpMUI->dwLanguageNameOffset,
						                       lpMUI->dwFallbackNameOffset == 0 ? NULL : (BYTE *) lpMUI + lpMUI->dwFallbackNameOffset,
						                       lpMUI->dwFallbackLocation, MUIFallbackLocation(lpMUI->dwFallbackLocation),
						                       lpMUI->dwSystemAttributes,
						                       _byteswap_ulong(((DWORD *) lpMUI->bMainChecksum)[0]),
						                       _byteswap_ulong(((DWORD *) lpMUI->bMainChecksum)[1]),
						                       _byteswap_ulong(((DWORD *) lpMUI->bMainChecksum)[2]),
						                       _byteswap_ulong(((DWORD *) lpMUI->bMainChecksum)[3]),
						                       _byteswap_ulong(((DWORD *) lpMUI->bServiceChecksum)[0]),
						                       _byteswap_ulong(((DWORD *) lpMUI->bServiceChecksum)[1]),
						                       _byteswap_ulong(((DWORD *) lpMUI->bServiceChecksum)[2]),
						                       _byteswap_ulong(((DWORD *) lpMUI->bServiceChecksum)[3]));
				}
		}
	}

	return bOutput;
}

__declspec(noreturn)
VOID	WINAPI	wmainCRTStartup(VOID)
{
	IMAGE_DOS_HEADER	*lpMZ;
	IMAGE_NT_HEADERS	*lpPE;
	IMAGE_NT_HEADERS32	*lpPE32;
	IMAGE_NT_HEADERS64	*lpPE64;
	IMAGE_DATA_DIRECTORY	*lpDirectory;
	IMAGE_SECTION_HEADER	*lpSection;

	IMAGE_RESOURCE_DIRECTORY	*lpResource;

	LPWSTR	*lpArguments;
	INT	nArguments;
	HANDLE	hOutput;
	HANDLE	hInput;
	DWORD	dwInput;
	DWORD	dwError = ERROR_BAD_ARGUMENTS;
	DWORD	dwSection;
	DWORD	dwResource;
	LPBYTE	lpImage;
	HANDLE	hImage;
	HANDLE	hConsole = GetStdHandle(STD_ERROR_HANDLE);

	if (hConsole == INVALID_HANDLE_VALUE)
		dwError = GetLastError();
	else
	{
		lpArguments = CommandLineToArgvW(GetCommandLine(), &nArguments);

		if (lpArguments == NULL)
			PrintConsole(hConsole,
			             L"CommandLineToArgv() returned error %lu\n",
			             dwError = GetLastError());
		else
		{
			if (nArguments != 2)
				PrintConsole(hConsole,
				             L"No argument: a single file or path name of an image file must be given!\n");
			else
			{
				hOutput = GetStdHandle(STD_OUTPUT_HANDLE);

				if (hOutput == INVALID_HANDLE_VALUE)
					PrintConsole(hConsole,
					             L"GetStdHandle() returned error %lu\n",
					             dwError = GetLastError());
				else
				{
					if (!FlushFileBuffers(hOutput))
						PrintConsole(hConsole,
						             L"FlushFileBuffers() returned error %lu: standard output is not redirected to a file!\n",
						             dwError = GetLastError());
					else
					{
						hInput = CreateFile(lpArguments[1],
						                    FILE_READ_DATA,
						                    FILE_SHARE_READ,
						                    (SECURITY_ATTRIBUTES *) NULL,
						                    OPEN_EXISTING,
						                    FILE_FLAG_SEQUENTIAL_SCAN,
						                    (HANDLE) NULL);

						if (hInput == INVALID_HANDLE_VALUE)
							PrintConsole(hConsole,
							             L"CreateFile() returned error %lu\n",
							             dwError = GetLastError());
						else
						{
							dwInput = GetFileSize(hInput, (DWORD *) NULL);

							if (dwInput == INVALID_FILE_SIZE)
								PrintConsole(hConsole,
								             L"GetFileSize() returned error %lu\n",
								             dwError = GetLastError());
							else
							{
								hImage = CreateFileMapping(hInput,
								                           (LPSECURITY_ATTRIBUTES) NULL,
								                           PAGE_WRITECOPY,
								                           0, 0,
								                           (LPCWSTR) NULL);

								if (hImage == NULL)
									PrintConsole(hConsole,
									             L"CreateFileMapping() returned error %lu\n",
									             dwError = GetLastError());
								else
								{
									lpImage = MapViewOfFile(hImage,
									                        FILE_MAP_COPY,
									                        0, 0,
									                        0);

									if (lpImage == NULL)
										PrintConsole(hConsole,
										             L"MapViewOfFile() returned error %lu\n",
										             dwError = GetLastError());
									else
									{
										dwError = ERROR_INVALID_EXE_SIGNATURE;

										lpMZ = (IMAGE_DOS_HEADER *) lpImage;

										if (lpMZ->e_magic != IMAGE_DOS_SIGNATURE)
											PrintConsole(hConsole,
											             L"No signature \'%ls\' at offset 0x%08lX in file \'%ls\'!\n",
											             L"MZ", 0, lpArguments[1]);
										else
										{
											lpPE = (IMAGE_NT_HEADERS *) ((BYTE *) lpMZ + lpMZ->e_lfanew);

											if (((DWORD) lpMZ->e_lfanew > dwInput)
											 || (lpPE->Signature != IMAGE_NT_SIGNATURE))
												PrintConsole(hConsole,
												             L"No signature \'%ls\' at offset 0x%08lX in file \'%ls\'!\n",
												             L"PE\\0\\0", lpMZ->e_lfanew, lpArguments[1]);
											else
											{
												dwError = ERROR_BAD_EXE_FORMAT;

												if (lpPE->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR64_MAGIC)
												{
													lpPE64 = (IMAGE_NT_HEADERS64 *) lpPE;
													lpDirectory = (IMAGE_DATA_DIRECTORY *) lpPE64->OptionalHeader.DataDirectory;
													lpSection = (IMAGE_SECTION_HEADER *) (lpPE64 + 1);
												}
												else if (lpPE->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC)
												{
													lpPE32 = (IMAGE_NT_HEADERS32 *) lpPE;
													lpDirectory = (IMAGE_DATA_DIRECTORY *) lpPE32->OptionalHeader.DataDirectory;
													lpSection = (IMAGE_SECTION_HEADER *) (lpPE32 + 1);
												}
												else
													lpSection = NULL;

												if (lpSection == NULL)
													PrintConsole(hConsole,
													             L"Invalid \'PE\' image format 0x%04hX in file \'%ls\'!\n",
														     lpPE->OptionalHeader.Magic, lpArguments[1]);
												else
												{
													dwError = ERROR_RESOURCE_DATA_NOT_FOUND;

													for (dwSection = 0;
													     dwSection < lpPE->FileHeader.NumberOfSections;
													     dwSection++)
														if (memcmp(lpSection[dwSection].Name, ".rsrc", sizeof(".rsrc")) == 0)
															break;

													if (dwSection == lpPE->FileHeader.NumberOfSections)
														PrintConsole(hConsole,
														             L"No section \'.rsrc\' in file \'%ls\'!\n",
															     lpArguments[1]);
													else if ((lpSection[dwSection].VirtualAddress != lpDirectory[IMAGE_DIRECTORY_ENTRY_RESOURCE].VirtualAddress)
													      || (lpSection[dwSection].Misc.VirtualSize != lpDirectory[IMAGE_DIRECTORY_ENTRY_RESOURCE].Size))
														PrintConsole(hConsole,
														             L"Address/size in \'IMAGE_DATA_DIRECTORY[IMAGE_DIRECTORY_ENTRY_RESOURCE]\' differ from address/size of section \'.rsrc\' in file \'%ls\'!\n",
															     lpArguments[1]);
													else
													{
														lpResource = (IMAGE_RESOURCE_DIRECTORY *) (lpImage + lpSection[dwSection].PointerToRawData);
														dwResource = lpSection[dwSection].VirtualAddress - lpSection[dwSection].PointerToRawData;

														if (!PrintFormat(hOutput,
														                 L"\xFEFF"	// UTF-16LE BOM
														                 L"Image File = %ls\r\n"
														                 L"Image Size = %lu\r\n"
														                 L"\r\n"
														                 L"Section \'.rsrc\':\r\n"
														                 L"\tOffset  = 0x%08lX\r\n"
														                 L"\tSize    = 0x%08lX\r\n"
														                 L"\tAddress = 0x%08lX\r\n"
														                 L"\tData    = 0x%08lX\r\n"
														                 L"\r\n"
														                 L"Resource Directory:\r\n"
														                 L"\tCharacteristics = 0x%08lX\r\n"
														                 L"\tTime/Date Stamp = 0x%08lX\r\n"
														                 L"\tVersion         = %hu.%hu\r\n"
														                 L"\tNamed Entries   = %hu\r\n"
														                 L"\tUnnamed Entries = %hu\r\n"
														                 L"\tEntries:\r\n",
														                 lpArguments[1],
														                 dwInput,
														                 lpSection[dwSection].PointerToRawData,
														                 lpSection[dwSection].SizeOfRawData,
														                 lpSection[dwSection].VirtualAddress,
														                 lpSection[dwSection].Misc.VirtualSize,
														                 lpResource->Characteristics,
														                 lpResource->TimeDateStamp,
														                 lpResource->MajorVersion,
														                 lpResource->MinorVersion,
														                 lpResource->NumberOfNamedEntries,
														                 lpResource->NumberOfIdEntries)
														 || !Resource(hConsole, hOutput,
														              lpImage - dwResource,
														              lpResource, lpResource,
														              MAKEINTRESOURCE(0), MAKEINTRESOURCE(0), 0))
															PrintConsole(hConsole,
															             L"WriteFile() returned error %lu\n",
															             dwError = GetLastError());
														else
															dwError = ERROR_SUCCESS;
													}
												}
											}
										}

										if (!UnmapViewOfFile(lpImage))
											PrintConsole(hConsole,
											             L"UnmapViewOfFile() returned error %lu\n",
											             GetLastError());
									}

									if (!CloseHandle(hImage))
										PrintConsole(hConsole,
										             L"CloseHandle() returned error %lu\n",
										             GetLastError());
								}
							}

							if (!CloseHandle(hInput))
								PrintConsole(hConsole,
								             L"CloseHandle() returned error %lu\n",
								             GetLastError());
						}
					}
				}
			}

			if (LocalFree(lpArguments) != NULL)
				PrintConsole(hConsole,
				             L"LocalFree() returned error %lu\n",
				             GetLastError());
		}

		if (!CloseHandle(hConsole))
			PrintConsole(hConsole,
			             L"CloseHandle() returned error %lu\n",
			             GetLastError());
	}

	ExitProcess(dwError);
}
    Note: this variant prints control characters within Unicode strings of RT_MESSAGETABLE and RT_STRING resources, especially the formatting L'\a', L'\b', L'\t', L'\n', L'\v', L'\f' and L'\r' characters plus the terminating L'\0' character, as , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , and respectively.

  2. Run the following four command lines to compile the source file RESOURCE.C created in step 1., link the compiled object file RESOURCE.OBJ and cleanup afterwards: 

    SET CL=/GA /GF /GS /Gy /O1 /Oi /Os /Oy /W4 /Zl
SET LINK=/DEFAULTLIB:KERNEL32.LIB /DEFAULTLIB:SHELL32.LIB /DEFAULTLIB:USER32.LIB /ENTRY:wmainCRTStartup /LARGEADDRESSAWARE /NOCOFFGRPINFO /OSVERSION:6.0 /RELEASE /SUBSYSTEM:CONSOLE /SWAPRUN:CD,NET /VERSION:0.815
CL.EXE /FeRESOURCE.COM RESOURCE.C
ERASE RESOURCE.OBJ
    For details and reference see the MSDN articles Compiler Options and Linker Options.

    Note: if necessary, see the MSDN article Use the Microsoft C++ toolset from the command line for an introduction.

    Note: the command lines can be copied and pasted as block into a Command Processor window! 

    Microsoft (R) C/C++ Optimizing Compiler Version 16.00.40219.01 for 80x86
Copyright (C) Microsoft Corporation.  All rights reserved.

RESOURCE.C
RESOURCE.C(2115) : warning C4018: '<' : signed/unsigned mismatch
RESOURCE.C(2128) : warning C4047: '=' : 'LPCWSTR' differs in levels of indirection from 'WORD'
RESOURCE.C(2130) : warning C4047: '=' : 'LPCWSTR' differs in levels of indirection from 'WORD'
RESOURCE.C(2184) : warning C4305: 'type cast' : truncation from 'LPCWSTR' to 'WORD'
RESOURCE.C(2206) : warning C4305: 'type cast' : truncation from 'LPCWSTR' to 'WORD'
RESOURCE.C(2247) : warning C4133: 'function' : incompatible types - from 'BYTE [1]' to 'LPCWSTR'
RESOURCE.C(2530) : warning C4701: potentially uninitialized local variable 'lpDirectory' used

Microsoft (R) Incremental Linker Version 10.00.40219.386
Copyright (C) Microsoft Corporation.  All rights reserved.

…

Security Descriptor Definition Language Decoder

Purpose
Background Information
Synopsis
Implementation and Build Details
Source, Build Instructions and Demonstration

Purpose

Decode SDDL strings.

Background Information

The MSDN articles Security Descriptor String Format, ACE Strings and SID Strings plus Security Descriptor Definition Language for Conditional ACEs specify the format of SDDL strings.

Synopsis

SDDL.COM ‹SDDL string› …

Implementation and Build Details

Security Descriptor Definition Language Decoder is a pure Win32 console application, written in ANSI C, built with the Platform SDK for Windows Server 2003 R2 Microsoft Visual C++ Compiler 2010 SP1 from update 2519277, but without the MSVCRT libraries, for use on Windows 2000 and newer versions of Windows NT as well as Windows PE 1.0 and newer versions.

Note: due to the design and implementation of Windows’ (classic alias legacy) console, the Win32 function WriteConsole() can only write to a console, not to a file nor a pipe, i.e. redirection of standard error or standard output is not supported!

The MSDN article Console Handles provides background information.

Source, Build Instructions and Demonstration

Perform the following 3 simple steps to build the console application Security Descriptor Definition Language Decoder from the source presented hereafter and execute it.

  1. Create the text file SDDL.C with the following content in an arbitrary, preferable empty directory: 

    // Copyright © 2004-2023, Stefan Kanthak <‍stefan‍.‍kanthak‍@‍nexgo‍.‍de‍>

// * The software is provided "as is" without any warranty, neither express
//   nor implied.
// * In no event will the author be held liable for any damage(s) arising
//   from the use of the software.
// * Redistribution of the software is allowed only in unmodified form.
// * Permission is granted to use the software solely for personal private
//   and non-commercial purposes.
// * An individuals use of the software in his or her capacity or function
//   as an agent, (independent) contractor, employee, member or officer of
//   a business, corporation or organization (commercial or non-commercial)
//   does not qualify as personal private and non-commercial purpose.
// * Without written approval from the author the software must not be used
//   for a business, for commercial, corporate, governmental, military or
//   organizational purposes of any kind, or in a commercial, corporate,
//   governmental, military or organizational environment of any kind.

#define STRICT
#define UNICODE
#define WIN32_LEAN_AND_MEAN

#include <windows.h>
#include <shellapi.h>
#include <sddl.h>
#include <lmcons.h>
#include <aclapi.h>

#ifndef LABEL_SECURITY_INFORMATION
#define LABEL_SECURITY_INFORMATION			0x00000010UL
#endif

#ifndef ATTRIBUTE_SECURITY_INFORMATION
#define ATTRIBUTE_SECURITY_INFORMATION			0x00000020UL
#endif

#ifndef SCOPE_SECURITY_INFORMATION
#define SCOPE_SECURITY_INFORMATION			0x00000040UL
#endif

#ifndef PROCESS_TRUST_LABEL_SECURITY_INFORMATION
#define PROCESS_TRUST_LABEL_SECURITY_INFORMATION	0x00000080UL
#endif

#ifndef BACKUP_SECURITY_INFORMATION
#define BACKUP_SECURITY_INFORMATION			0x00010000UL
#endif

#ifndef CRITICAL_ACE_FLAG
#define CRITICAL_ACE_FLAG	0x20
#endif

#ifndef SYSTEM_MANDATORY_LABEL_ACE_TYPE
#define SYSTEM_MANDATORY_LABEL_ACE_TYPE		0x11

typedef	struct	_SYSTEM_MANDATORY_LABEL_ACE
{
	ACE_HEADER	Header;
	ACCESS_MASK	Mask;
	DWORD		SidStart;
} SYSTEM_MANDATORY_LABEL_ACE;
#endif

#ifndef SYSTEM_RESOURCE_ATTRIBUTE_ACE_TYPE
#define SYSTEM_RESOURCE_ATTRIBUTE_ACE_TYPE	0x12

typedef	struct	_SYSTEM_RESOURCE_ATTRIBUTE_ACE
{
	ACE_HEADER	Header;
	ACCESS_MASK	Mask;
	DWORD		SidStart;
} SYSTEM_RESOURCE_ATTRIBUTE_ACE;
#endif

#ifndef SYSTEM_SCOPED_POLICY_ID_ACE_TYPE
#define SYSTEM_SCOPED_POLICY_ID_ACE_TYPE	0x13

typedef	struct	_SYSTEM_SCOPED_POLICY_ID_ACE
{
	ACE_HEADER	Header;
	ACCESS_MASK	Mask;
	DWORD		SidStart;
} SYSTEM_SCOPED_POLICY_ID_ACE;
#endif

#ifndef SYSTEM_PROCESS_TRUST_LABEL_ACE_TYPE
#define SYSTEM_PROCESS_TRUST_LABEL_ACE_TYPE	0x14

typedef	struct	_SYSTEM_PROCESS_TRUST_LABEL_ACE
{
	ACE_HEADER	Header;
	ACCESS_MASK	Mask;
	DWORD		SidStart;
} SYSTEM_PROCESS_TRUST_LABEL_ACE;
#endif

#ifndef SYSTEM_ACCESS_FILTER_ACE_TYPE
#define SYSTEM_ACCESS_FILTER_ACE_TYPE		0x15

typedef	struct	_SYSTEM_ACCESS_FILTER_ACE
{
	ACE_HEADER	Header;
	ACCESS_MASK	Mask;
	DWORD		SidStart;
} SYSTEM_ACCESS_FILTER_ACE;
#endif

__declspec(safebuffers)
BOOL	PrintConsole(HANDLE hConsole, [SA_FormatString(Style="printf")] LPCWSTR lpFormat, ...)
{
	WCHAR	szBuffer[1025];
	DWORD	dwBuffer;
	DWORD	dwConsole;

	va_list	vaInput;
	va_start(vaInput, lpFormat);

	dwBuffer = wvsprintf(szBuffer, lpFormat, vaInput);

	va_end(vaInput);

	if (dwBuffer == 0)
		return FALSE;

	if (!WriteConsole(hConsole, szBuffer, dwBuffer, &dwConsole, NULL))
		return FALSE;

	return dwConsole == dwBuffer;
}

const	LPCWSTR	szSNU[] = {NULL,
		           L"user",
		           L"group",
		           L"domain",
		           L"alias",
		           L"well-known group",
		           L"deleted account",
		           L"invalid",
		           L"unknown",
		           L"computer",
		           L"label",
		           L"logon session"};

__declspec(safebuffers)
BOOL	PrintSID(HANDLE hConsole, SID *sid, LPCWSTR lpWhich)
{
	LPWSTR	lpSID;
	DWORD	dwError = ERROR_SUCCESS;
	WCHAR	szAccount[UNLEN + 1];
	DWORD	dwAccount = sizeof(szAccount) / sizeof(*szAccount);
	WCHAR	szDomain[GNLEN + 1];
	DWORD	dwDomain = sizeof(szDomain) / sizeof(*szDomain);

	SID_NAME_USE	snu = 0;

	if (!ConvertSidToStringSid(sid, &lpSID))
		PrintConsole(hConsole,
		             L"ConvertSidToStringSid() returned error %lu\n",
		             dwError = GetLastError());
	else
	{
		if (!LookupAccountSid((LPCWSTR) NULL,
		                      sid,
		                      szAccount, &dwAccount,
		                      szDomain, &dwDomain,
		                      &snu))
		{
			dwError = GetLastError();

			if (dwError != ERROR_NONE_MAPPED)
				PrintConsole(hConsole,
				             L"LookupAccountSid() returned error %lu for security identifier \'%ls\'\n",
				             dwError, lpSID);

			PrintConsole(hConsole,
			             L"%ls\'%ls\'\n",
			             lpWhich, lpSID);
		}
		else
			if (*szDomain == L'\0')
				PrintConsole(hConsole,
				             L"%ls\'%ls\' = %ls \'%ls\'\n",
				             lpWhich, lpSID, szSNU[snu], szAccount);
			else if (*szAccount == L'\0')
				PrintConsole(hConsole,
				             L"%ls\'%ls\' = %ls \'%ls\'\n",
				             lpWhich, lpSID, szSNU[snu], szDomain);
			else
				PrintConsole(hConsole,
				             L"%ls\'%ls\' = %ls \'%ls\\%ls\'\n",
				             lpWhich, lpSID, szSNU[snu], szDomain, szAccount);

		if (LocalFree(lpSID) != NULL)
			PrintConsole(hConsole,
			             L"LocalFree() returned error %lu\n",
			             GetLastError());
	}

//	SetLastError(dwError);

	return dwError == ERROR_SUCCESS;
}

const	LPCWSTR	szSDC[16] = {L"Owner Defaulted",		// SE_OWNER_DEFAULTED
		             L"Group Defaulted",		// SE_GROUP_DEFAULTED
		             L"DACL Present",			// SE_DACL_PRESENT
		             L"DACL Defaulted",			// SE_DACL_DEFAULTED
		             L"SACL Present",			// SE_SACL_PRESENT
		             L"SACL Defaulted",			// SE_SACL_DEFAULTED
		             NULL,
		             NULL,
		             L"DACL Auto Inheritance Request",	// SE_DACL_AUTO_INHERIT_REQ
		             L"SACL Auto Inheritance Request",	// SE_SACL_AUTO_INHERIT_REQ
		             L"DACL Auto Inherited",		// SE_DACL_AUTO_INHERITED
		             L"SACL Auto Inherited",		// SE_SACL_AUTO_INHERITED
		             L"DACL Protected",			// SE_DACL_PROTECTED
		             L"SACL Protected",			// SE_SACL_PROTECTED
		             L"Resource Manager Control",	// SE_RM_CONTROL_VALID
		             L"Self Relative"};			// SE_SELF_RELATIVE

const	LPCWSTR	szType[22] = {L"Access Allowed",
		              L"Access Denied",
		              L"Access Audit",
		              L"Access Alarm",
		              L"Compound Access Allowed",
		              L"Object Access Allowed",
		              L"Object Access Denied",
		              L"Object Access Audit",
		              L"Object Access Alarm",
		              L"Access Allowed Callback",
		              L"Access Denied Callback",
		              L"Object Access Allowed Callback",
		              L"Object Access Denied Callback",
		              L"Access Audit Callback",
		              L"Access Alarm Callback",
		              L"Object Access Audit Callback",
		              L"Object Access Alarm Callback",
		              L"Mandatory Label",
		              L"Resource Attribute",
		              L"Scoped Policy Identification",
		              L"Process Trust Label",
		              L"Access Filter"};

const	LPCWSTR	szFlag[8] = {L"Object Inherit",		// OBJECT_INHERIT_ACE
		             L"Container Inherit",	// CONTAINER_INHERIT_ACE
		             L"No Propagate Inherit",	// NO_PROPAGATE_INHERIT_ACE
		             L"Inherit Only",		// INHERIT_ONLY_ACE
		             L"Inherited",		// INHERITED_ACE
		             L"Critical",		// CRITICAL_ACE_FLAG
		             L"Access Success",		// SUCCESSFUL_ACCESS_ACE_FLAG
		             L"Access Failure"};	// FAILED_ACCESS_ACE_FLAG

const	LPCWSTR	szMask[32] = {L"Directory List Directory, File/Pipe Read Data, Key Query Value, Event/Mutant/Semaphore/Timer Query State, Job Assign Process, Process Terminate, Section Query, Service Query Configuration, Session Query Access, Thread Terminate, Token Assign Primary",
		              L"Directory Add File, File/Pipe Write Data, Key Set Value, Event/IO Completion/Mutant/Semaphore/Timer Modify State, Job Set Attributes, Process Create Thread, Section Map Write, Service Change Configuration, Session Modify Access, Thread Suspend/Resume, Token Duplicate",
		              L"Directory Add Subdirectory, File Append Data, Pipe Create Instance, Key Create Subkey, Job Query, Process Set Session Id, Section Map Read, Service Query Status, Token Impersonate",
		              L"Directory/File Read Extended Attributes, Key Enumerate Subkeys, Job Terminate, Process Virtual Memory Operation, Section Map Execute, Service Enumerate Dependencies, Thread Get Context, Token Query",
		              L"Directory/File Write Extended Attributes, Key Notify, Job Set Security Attributes, Process Virtual Memory Read, Section Extend Size, Service Start, Thread Set Context, Token Query Source",
		              L"Directory Traverse, File Execute, Key Create Link, Job Impersonate, Process Virtual Memory Write, Section Map Execute Explicit, Service Stop, Thread Set Information, Token Adjust Privileges",
		              L"Directory Delete Child, Process Duplicate Handle, Service Pause, Thread Query Information, Token Adjust Groups",
		              L"Directory/File/Pipe Read Attributes, Process Create Process, Service Interrogate, Thread Set Thread Token, Token Adjust Default",
		              L"Directory/File/Pipe Write Attributes, Process Set Quota, Service User Defined, Thread Impersonate, Token Adjust Session Id",
		              L"Process Set Information, Thread Direct Impersonation",
		              L"Process Query Information, Thread Set Limited Information",
		              L"Process Suspend/Resume, Thread Query Limited Information",
		              L"Process Query Limited Information, Thread Resume",
		              L"Process Set Limited Information",
		              NULL,
		              NULL,
		              L"Standard Delete",
		              L"Read Control",
		              L"Write DACL",
		              L"Write Owner",
		              L"Synchronize",
		              NULL,
		              NULL,
		              NULL,
		              L"Access SACL",
		              L"Maximum Allowed",
		              NULL,
		              NULL,
		              L"Generic All",
		              L"Generic Execute/Traverse",
		              L"Generic Write",
		              L"Generic Read"};

__declspec(noreturn)
VOID	WINAPI	wmainCRTStartup(VOID)
{
	SECURITY_DESCRIPTOR	*lpSD;
	SECURITY_DESCRIPTOR_CONTROL	sdc;
	SID	*lpSID;
	ACL	*lpACL;
	ACE_HEADER	*lpACE;

	INT	nArgument = 1;
	INT	nArguments;
	LPWSTR	*lpArguments;
	BYTE	rmControl;
	BOOL	bDefaulted;
	BOOL	bPresent;
	WORD	wACE;
	DWORD	dwError = ERROR_BAD_ARGUMENTS;
	DWORD	dwIndex;
	DWORD	dwValue;
	DWORD	dwLength;
	DWORD	dwRevision;
	DWORD	dwSD;
	HANDLE	hConsole = GetStdHandle(STD_ERROR_HANDLE);

	if (hConsole == INVALID_HANDLE_VALUE)
		dwError = GetLastError();
	else
	{
		lpArguments = CommandLineToArgvW(GetCommandLine(), &nArguments);

		if (lpArguments == NULL)
			PrintConsole(hConsole,
			             L"CommandLineToArgv() returned error %lu\n",
			             dwError = GetLastError());
		else
		{
			if (nArguments < 2)
				PrintConsole(hConsole,
				             L"No arguments: at least one SDDL string must be given!\n");
			else
				do
					if (!ConvertStringSecurityDescriptorToSecurityDescriptor(lpArguments[nArgument],
					                                                         SDDL_REVISION_1,
					                                                         &lpSD,
					                                                         &dwSD))
						PrintConsole(hConsole,
						             L"ConvertStringSecurityDescriptorToSecurityDescriptor() returned error %lu for argument \'%ls\'\n",
						             dwError = GetLastError(), lpArguments[nArgument]);
					else
					{
						PrintConsole(hConsole,
						             L"\n"
						             L"%ls\n",
						             lpArguments[nArgument]);

						dwLength = GetSecurityDescriptorLength(lpSD);

						if (dwSD != dwLength)
							PrintConsole(hConsole,
							             L"ConvertStringSecurityDescriptorToSecurityDescriptor() returned a security descriptor of %lu bytes, but GetSecurityDescriptorLength() returned %lu bytes\n",
							             dwSD, dwLength);

						if (!GetSecurityDescriptorControl(lpSD, &sdc, &dwRevision))
							PrintConsole(hConsole,
							             L"GetSecurityDescriptorControl() returned error %lu\n",
							             dwError = GetLastError());
						else
						{
							PrintConsole(hConsole,
							             L"\tRevision:\t%lu\n"
							             L"\tControl:\t0x%04hX\n",
							             dwRevision,
							             sdc);

							for (dwValue = sdc & ~SE_SELF_RELATIVE;
							     _BitScanForward(&dwIndex, dwValue);
							     dwValue &= dwValue - 1)
								PrintConsole(hConsole, L"\t\t%ls\n", szSDC[dwIndex]);
						}

						if (sdc & SE_RM_CONTROL_VALID)
						{
							dwError = GetSecurityDescriptorRMControl(lpSD, &rmControl);

							if (dwError != ERROR_SUCCESS)
								PrintConsole(hConsole,
								             L"GetSecurityDescriptorRMControl() returned error %lu\n",
								             dwError);
							else
								PrintConsole(hConsole,
								             L"\tRM Control:\t0x%02X\n",
								             rmControl);
						}

						if (!GetSecurityDescriptorOwner(lpSD, &lpSID, &bDefaulted))
							PrintConsole(hConsole,
							             L"GetSecurityDescriptorOwner() returned error %lu\n",
							             dwError = GetLastError());
						else
							if (lpSID != NULL)
								PrintSID(hConsole, lpSID, L"\tOwner:\t\t");

						if (!GetSecurityDescriptorGroup(lpSD, &lpSID, &bDefaulted))
							PrintConsole(hConsole,
							             L"GetSecurityDescriptorGroup() returned error %lu\n",
							             dwError = GetLastError());
						else
							if (lpSID != NULL)
								PrintSID(hConsole, lpSID, L"\tGroup:\t\t");

						if (!GetSecurityDescriptorDacl(lpSD, &bPresent, &lpACL, &bDefaulted))
							PrintConsole(hConsole,
							             L"GetSecurityDescriptorDacl() returned error %lu\n",
							             dwError = GetLastError());
						else
							if (!bPresent)
								PrintConsole(hConsole,
								             L"\tDACL:\t\tNONE\n");
							else
								if (lpACL == NULL)
									PrintConsole(hConsole,
									             L"\tDACL:\t\tNULL\n");
								else
									if (lpACL->AceCount == 0)
										PrintConsole(hConsole,
										             L"\tDACL:\t\tEMPTY\n");
									else
									{
										PrintConsole(hConsole,
										             L"\tDACL:\t\t%hu bytes, %hu ACE(s)\n",
										             lpACL->AclSize, lpACL->AceCount);

										for (lpACE = (ACE_HEADER *) (lpACL + 1),
										     wACE = 0; wACE < lpACL->AceCount; wACE++,
										     lpACE = (ACE_HEADER *) ((BYTE *) lpACE + lpACE->AceSize))
										{
											switch (lpACE->AceType)
											{
											case ACCESS_ALLOWED_ACE_TYPE:

												lpSID = (SID *) &(((ACCESS_ALLOWED_ACE *) lpACE)->SidStart);

												break;

											case ACCESS_DENIED_ACE_TYPE:

												lpSID = (SID *) &(((ACCESS_DENIED_ACE *) lpACE)->SidStart);

												break;

											case ACCESS_ALLOWED_COMPOUND_ACE_TYPE:

												continue;

											case ACCESS_ALLOWED_OBJECT_ACE_TYPE:

												if (((((ACCESS_ALLOWED_OBJECT_ACE *) lpACE)->Flags & ACE_OBJECT_TYPE_PRESENT) == ACE_OBJECT_TYPE_PRESENT)
												 == ((((ACCESS_ALLOWED_OBJECT_ACE *) lpACE)->Flags & ACE_INHERITED_OBJECT_TYPE_PRESENT) == ACE_INHERITED_OBJECT_TYPE_PRESENT))
													if ((((ACCESS_ALLOWED_OBJECT_ACE *) lpACE)->Flags & ACE_OBJECT_TYPE_PRESENT) == ACE_OBJECT_TYPE_PRESENT)
														lpSID = (SID *) &(((ACCESS_ALLOWED_OBJECT_ACE *) lpACE)->SidStart);
													else
														lpSID = (SID *) &(((ACCESS_ALLOWED_OBJECT_ACE *) lpACE)->ObjectType);
												else
													lpSID = (SID *) &(((ACCESS_ALLOWED_OBJECT_ACE *) lpACE)->InheritedObjectType);
												break;

											case ACCESS_DENIED_OBJECT_ACE_TYPE:

												if (((((ACCESS_DENIED_OBJECT_ACE *) lpACE)->Flags & ACE_OBJECT_TYPE_PRESENT) == ACE_OBJECT_TYPE_PRESENT)
												 == ((((ACCESS_DENIED_OBJECT_ACE *) lpACE)->Flags & ACE_INHERITED_OBJECT_TYPE_PRESENT) == ACE_INHERITED_OBJECT_TYPE_PRESENT))
													if ((((ACCESS_DENIED_OBJECT_ACE *) lpACE)->Flags & ACE_OBJECT_TYPE_PRESENT) == ACE_OBJECT_TYPE_PRESENT)
														lpSID = (SID *) &(((ACCESS_DENIED_OBJECT_ACE *) lpACE)->SidStart);
													else
														lpSID = (SID *) &(((ACCESS_DENIED_OBJECT_ACE *) lpACE)->ObjectType);
												else
													lpSID = (SID *) &(((ACCESS_DENIED_OBJECT_ACE *) lpACE)->InheritedObjectType);
												break;

											case ACCESS_ALLOWED_CALLBACK_ACE_TYPE:

												lpSID = (SID *) &(((ACCESS_ALLOWED_CALLBACK_ACE *) lpACE)->SidStart);

												break;

											case ACCESS_DENIED_CALLBACK_ACE_TYPE:

												lpSID = (SID *) &(((ACCESS_DENIED_CALLBACK_ACE *) lpACE)->SidStart);

												break;

											case ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE:

												if (((((ACCESS_ALLOWED_CALLBACK_OBJECT_ACE *) lpACE)->Flags & ACE_OBJECT_TYPE_PRESENT) == ACE_OBJECT_TYPE_PRESENT)
												 == ((((ACCESS_ALLOWED_CALLBACK_OBJECT_ACE *) lpACE)->Flags & ACE_INHERITED_OBJECT_TYPE_PRESENT) == ACE_INHERITED_OBJECT_TYPE_PRESENT))
													if ((((ACCESS_ALLOWED_CALLBACK_OBJECT_ACE *) lpACE)->Flags & ACE_OBJECT_TYPE_PRESENT) == ACE_OBJECT_TYPE_PRESENT)
														lpSID = (SID *) &(((ACCESS_ALLOWED_CALLBACK_OBJECT_ACE *) lpACE)->SidStart);
													else
														lpSID = (SID *) &(((ACCESS_ALLOWED_CALLBACK_OBJECT_ACE *) lpACE)->ObjectType);
												else
													lpSID = (SID *) &(((ACCESS_ALLOWED_CALLBACK_OBJECT_ACE *) lpACE)->InheritedObjectType);
												break;

											case ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE:

												if (((((ACCESS_DENIED_CALLBACK_OBJECT_ACE *) lpACE)->Flags & ACE_OBJECT_TYPE_PRESENT) == ACE_OBJECT_TYPE_PRESENT)
												 == ((((ACCESS_DENIED_CALLBACK_OBJECT_ACE *) lpACE)->Flags & ACE_INHERITED_OBJECT_TYPE_PRESENT) == ACE_INHERITED_OBJECT_TYPE_PRESENT))
													if ((((ACCESS_DENIED_CALLBACK_OBJECT_ACE *) lpACE)->Flags & ACE_OBJECT_TYPE_PRESENT) == ACE_OBJECT_TYPE_PRESENT)
														lpSID = (SID *) &(((ACCESS_DENIED_CALLBACK_OBJECT_ACE *) lpACE)->SidStart);
													else
														lpSID = (SID *) &(((ACCESS_DENIED_CALLBACK_OBJECT_ACE *) lpACE)->ObjectType);
												else
													lpSID = (SID *) &(((ACCESS_DENIED_CALLBACK_OBJECT_ACE *) lpACE)->InheritedObjectType);
												break;

											default:
												PrintConsole(hConsole,
												             L"Unknown ACE type %u in DACL\n",
												             lpACE->AceType);
												continue;
											}

											PrintConsole(hConsole,
											             L"\t[%hu]\tACE:\t%hu bytes\n"
											             L"\t\tType:\t\t0x%02X = %ls\n"
											             L"\t\tFlags:\t\t0x%02X\n",
											             wACE, lpACE->AceSize,
											             lpACE->AceType, szType[lpACE->AceType],
											             lpACE->AceFlags);

											for (dwValue = lpACE->AceFlags & (VALID_INHERIT_FLAGS | CRITICAL_ACE_FLAG);
											     _BitScanForward(&dwIndex, dwValue);
											     dwValue &= dwValue - 1)
												PrintConsole(hConsole, L"\t\t\t\t%ls\n", szFlag[dwIndex]);

											PrintConsole(hConsole,
											             L"\t\tAccess Mask:\t0x%08lX\n",
											             ((ACCESS_ALLOWED_ACE *) lpACE)->Mask);

											for (dwValue = ((ACCESS_ALLOWED_ACE *) lpACE)->Mask;
											     _BitScanForward(&dwIndex, dwValue);
											     dwValue &= dwValue - 1)
												PrintConsole(hConsole, L"\t\t\t\t%ls\n", szMask[dwIndex]);

											PrintSID(hConsole, lpSID, L"\t\tTrustee:\t");
										}
									}

						if (!GetSecurityDescriptorSacl(lpSD, &bPresent, &lpACL, &bDefaulted))
							PrintConsole(hConsole,
							             L"GetSecurityDescriptorSacl() returned error %lu\n",
							             dwError = GetLastError());
						else
							if (!bPresent)
								PrintConsole(hConsole,
								             L"\tSACL:\t\tNONE\n");
							else
								if (lpACL == NULL)
									PrintConsole(hConsole,
									             L"\tSACL:\t\tNULL\n");
								else
									if (lpACL->AceCount == 0)
										PrintConsole(hConsole,
										             L"\tSACL:\t\tEMPTY\n");
									else
									{
										PrintConsole(hConsole,
										             L"\tSACL:\t\t%hu bytes, %hu ACE(s)\n",
										             lpACL->AclSize, lpACL->AceCount);

										for (lpACE = (ACE_HEADER *) (lpACL + 1),
										     wACE = 0; wACE < lpACL->AceCount; wACE++,
										     lpACE = (ACE_HEADER *) ((BYTE *) lpACE + lpACE->AceSize))
										{
											switch (lpACE->AceType)
											{
											case SYSTEM_AUDIT_ACE_TYPE:

												lpSID = (SID *) &(((SYSTEM_AUDIT_ACE *) lpACE)->SidStart);

												break;

											case SYSTEM_ALARM_ACE_TYPE:

												lpSID = (SID *) &(((SYSTEM_ALARM_ACE *) lpACE)->SidStart);

												break;

											case SYSTEM_AUDIT_OBJECT_ACE_TYPE:

												if (((((SYSTEM_AUDIT_OBJECT_ACE *) lpACE)->Flags & ACE_OBJECT_TYPE_PRESENT) == ACE_OBJECT_TYPE_PRESENT)
												 == ((((SYSTEM_AUDIT_OBJECT_ACE *) lpACE)->Flags & ACE_INHERITED_OBJECT_TYPE_PRESENT) == ACE_INHERITED_OBJECT_TYPE_PRESENT))
													if ((((SYSTEM_AUDIT_OBJECT_ACE *) lpACE)->Flags & ACE_OBJECT_TYPE_PRESENT) == ACE_OBJECT_TYPE_PRESENT)
														lpSID = (SID *) &(((SYSTEM_AUDIT_OBJECT_ACE *) lpACE)->SidStart);
													else
														lpSID = (SID *) &(((SYSTEM_AUDIT_OBJECT_ACE *) lpACE)->ObjectType);
												else
													lpSID = (SID *) &(((SYSTEM_AUDIT_OBJECT_ACE *) lpACE)->InheritedObjectType);
												break;

											case SYSTEM_ALARM_OBJECT_ACE_TYPE:

												if (((((SYSTEM_ALARM_OBJECT_ACE *) lpACE)->Flags & ACE_OBJECT_TYPE_PRESENT) == ACE_OBJECT_TYPE_PRESENT)
												 == ((((SYSTEM_ALARM_OBJECT_ACE *) lpACE)->Flags & ACE_INHERITED_OBJECT_TYPE_PRESENT) == ACE_INHERITED_OBJECT_TYPE_PRESENT))
													if ((((SYSTEM_ALARM_OBJECT_ACE *) lpACE)->Flags & ACE_OBJECT_TYPE_PRESENT) == ACE_OBJECT_TYPE_PRESENT)
														lpSID = (SID *) &(((SYSTEM_ALARM_OBJECT_ACE *) lpACE)->SidStart);
													else
														lpSID = (SID *) &(((SYSTEM_ALARM_OBJECT_ACE *) lpACE)->ObjectType);
												else
													lpSID = (SID *) &(((SYSTEM_ALARM_OBJECT_ACE *) lpACE)->InheritedObjectType);
												break;

											case SYSTEM_AUDIT_CALLBACK_ACE_TYPE:

												lpSID = (SID *) &(((SYSTEM_AUDIT_CALLBACK_ACE *) lpACE)->SidStart);

												break;

											case SYSTEM_ALARM_CALLBACK_ACE_TYPE:

												lpSID = (SID *) &(((SYSTEM_ALARM_CALLBACK_ACE *) lpACE)->SidStart);

												break;

											case SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE:

												if (((((SYSTEM_AUDIT_CALLBACK_OBJECT_ACE *) lpACE)->Flags & ACE_OBJECT_TYPE_PRESENT) == ACE_OBJECT_TYPE_PRESENT)
												 == ((((SYSTEM_AUDIT_CALLBACK_OBJECT_ACE *) lpACE)->Flags & ACE_INHERITED_OBJECT_TYPE_PRESENT) == ACE_INHERITED_OBJECT_TYPE_PRESENT))
													if ((((SYSTEM_AUDIT_CALLBACK_OBJECT_ACE *) lpACE)->Flags & ACE_OBJECT_TYPE_PRESENT) == ACE_OBJECT_TYPE_PRESENT)
														lpSID = (SID *) &(((SYSTEM_AUDIT_CALLBACK_OBJECT_ACE *) lpACE)->SidStart);
													else
														lpSID = (SID *) &(((SYSTEM_AUDIT_CALLBACK_OBJECT_ACE *) lpACE)->ObjectType);
												else
													lpSID = (SID *) &(((SYSTEM_AUDIT_CALLBACK_OBJECT_ACE *) lpACE)->InheritedObjectType);
												break;

											case SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE:

												if (((((SYSTEM_ALARM_CALLBACK_OBJECT_ACE *) lpACE)->Flags & ACE_OBJECT_TYPE_PRESENT) == ACE_OBJECT_TYPE_PRESENT)
												 == ((((SYSTEM_ALARM_CALLBACK_OBJECT_ACE *) lpACE)->Flags & ACE_INHERITED_OBJECT_TYPE_PRESENT) == ACE_INHERITED_OBJECT_TYPE_PRESENT))
													if ((((SYSTEM_ALARM_CALLBACK_OBJECT_ACE *) lpACE)->Flags & ACE_OBJECT_TYPE_PRESENT) == ACE_OBJECT_TYPE_PRESENT)
														lpSID = (SID *) &(((SYSTEM_ALARM_CALLBACK_OBJECT_ACE *) lpACE)->SidStart);
													else
														lpSID = (SID *) &(((SYSTEM_ALARM_CALLBACK_OBJECT_ACE *) lpACE)->ObjectType);
												else
													lpSID = (SID *) &(((SYSTEM_ALARM_CALLBACK_OBJECT_ACE *) lpACE)->InheritedObjectType);
												break;

											case SYSTEM_MANDATORY_LABEL_ACE_TYPE:

												lpSID = (SID *) &(((SYSTEM_MANDATORY_LABEL_ACE *) lpACE)->SidStart);

												break;

											case SYSTEM_RESOURCE_ATTRIBUTE_ACE_TYPE:

												lpSID = (SID *) &(((SYSTEM_RESOURCE_ATTRIBUTE_ACE *) lpACE)->SidStart);

												break;

											case SYSTEM_SCOPED_POLICY_ID_ACE_TYPE:

												lpSID = (SID *) &(((SYSTEM_SCOPED_POLICY_ID_ACE *) lpACE)->SidStart);

												break;

											case SYSTEM_PROCESS_TRUST_LABEL_ACE_TYPE:

												lpSID = (SID *) &(((SYSTEM_PROCESS_TRUST_LABEL_ACE *) lpACE)->SidStart);

												break;

											case SYSTEM_ACCESS_FILTER_ACE_TYPE:

												lpSID = (SID *) &(((SYSTEM_ACCESS_FILTER_ACE *) lpACE)->SidStart);

												break;

											default:
												PrintConsole(hConsole,
												             L"Unknown ACE type %u in SACL\n",
												             lpACE->AceType);
												continue;
											}

											PrintConsole(hConsole,
											             L"\t[%hu]\tACE:\t%hu bytes\n"
											             L"\t\tType:\t\t0x%02X = %ls\n"
											             L"\t\tFlags:\t\t0x%02X\n",
											             wACE, lpACE->AceSize,
											             lpACE->AceType, szType[lpACE->AceType],
											             lpACE->AceFlags);

											for (dwValue = lpACE->AceFlags & (SUCCESSFUL_ACCESS_ACE_FLAG | FAILED_ACCESS_ACE_FLAG);
											     _BitScanForward(&dwIndex, dwValue);
											     dwValue &= dwValue - 1)
												PrintConsole(hConsole, L"\t\t\t\t%ls\n", szFlag[dwIndex]);

											PrintConsole(hConsole,
											             L"\t\tAccess Mask:\t0x%08lX\n",
											             ((SYSTEM_MANDATORY_LABEL_ACE *) lpACE)->Mask);

											if (lpACE->AceType == SYSTEM_MANDATORY_LABEL_ACE_TYPE)
											{
												if (((SYSTEM_MANDATORY_LABEL_ACE *) lpACE)->Mask & SYSTEM_MANDATORY_LABEL_NO_WRITE_UP)
													PrintConsole(hConsole,
													             L"\t\t\t\tNo Write Up\n");

												if (((SYSTEM_MANDATORY_LABEL_ACE *) lpACE)->Mask & SYSTEM_MANDATORY_LABEL_NO_READ_UP)
													PrintConsole(hConsole,
													             L"\t\t\t\tNo Read Up\n");

												if (((SYSTEM_MANDATORY_LABEL_ACE *) lpACE)->Mask & SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP)
													PrintConsole(hConsole,
													             L"\t\t\t\tNo Execute Up\n");
											}
											else
												for (dwValue = ((SYSTEM_AUDIT_ACE *) lpACE)->Mask;
												     _BitScanForward(&dwIndex, dwValue);
												     dwValue &= dwValue - 1)
													PrintConsole(hConsole, L"\t\t\t\t%ls\n", szMask[dwIndex]);

											PrintSID(hConsole, lpSID, L"\t\tTrustee:\t");
										}
									}

						if (LocalFree(lpSD) != NULL)
							PrintConsole(hConsole,
							             L"LocalFree() returned error %lu\n",
							             dwError = GetLastError());
					}
				while (++nArgument < nArguments);

			if (LocalFree(lpArguments) != NULL)
				PrintConsole(hConsole,
				             L"LocalFree() returned error %lu\n",
				             GetLastError());
		}

		if (!CloseHandle(hConsole))
			PrintConsole(hConsole,
			             L"CloseHandle() returned error %lu\n",
			             GetLastError());
	}

	ExitProcess(dwError);
}

  2. Run the following four command lines to compile the source file SDDL.C created in step 1., link the compiled object file SDDL.OBJ and cleanup afterwards: 

    SET CL=/GA /GF /GS /Gy /O1 /Oi /Os /Oy /W4 /Zl
SET LINK=/DEFAULTLIB:ADVAPI32.LIB /DEFAULTLIB:KERNEL32.LIB /DEFAULTLIB:SHELL32.LIB /DEFAULTLIB:USER32.LIB /ENTRY:wmainCRTStartup /LARGEADDRESSAWARE /NOCOFFGRPINFO /OSVERSION:5.0 /RELEASE /SUBSYSTEM:CONSOLE /SWAPRUN:CD,NET /VERSION:0.815
CL.EXE /FeSDDL.COM SDDL.C
ERASE SDDL.OBJ
    For details and reference see the MSDN articles Compiler Options and Linker Options.

    Note: if necessary, see the MSDN article Use the Microsoft C++ toolset from the command line for an introduction.

    Note: the command lines can be copied and pasted as block into a Command Processor window! 

    Microsoft (R) C/C++ Optimizing Compiler Version 16.00.40219.01 for 80x86
Copyright (C) Microsoft Corporation.  All rights reserved.

SDDL.C

Microsoft (R) Incremental Linker Version 10.00.40219.386
Copyright (C) Microsoft Corporation.  All rights reserved.

…

  3. Finally execute the console application REGISTRY.COM built in step 2. to decode two SDDL strings: 

    .\SDDL.COM O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0) O:DAG:DAD:(A;;RPWPCCDCLCRCWOWDSDSW;;;SY)(A;;RPWPCCDCLCRCWOWDSDSW;;;DA)(OA;;CCDC;BF967ABA-0DE6-11D0-A285-00AA003049E2;;AO)(OA;;CCDC;BF967A9C-0DE6-11D0-A285-00AA003049E2;;AO)(OA;;CCDC;6DA8A4FF-0E52-11D0-A286-00AA003049E2;;AO)(OA;;CCDC;BF967AA8-0DE6-11D0-A285-00AA003049E2;;PO)(A;;RPLCRC;;;AU)S:(AU;SAFA;WDWOSDWPCCDCSW;;;WD)
    
O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)
        Revision:       1
        Control:        0x8004
                DACL Present
        Owner:          'S-1-5-32-548' = alias 'BUILTIN\Account Operators'
        Group:          'S-1-5-21-820728443-44925810-1835867902-512' = group 'AMNESIAC\Domain Administrators'
        DACL:           28 bytes, 1 ACE(s)
        [0]     ACE:    20 bytes
                Type:           0x00 = Access Allowed
                Flags:          0x00
                Access Mask:    0x100E003F
                                Directory List Directory, File/Pipe Read Data, Key Query Value, Event/Mutant/Semaphore/Timer Query State, Job Assign Process, Process Terminate, Section Query, Service Query Configuration, Session Query Access, Thread Terminate, Token Assign Primary
                                Directory Add File, File/Pipe Write Data, Key Set Value, Event/IO Completion/Mutant/Semaphore/Timer Modify State, Job Set Attributes, Process Create Thread, Section Map Write, Service Change Configuration, Session Modify Access, Thread Suspend/Resume, Token Duplicate
                                Directory Add Subdirectory, File Append Data, Pipe Create Instance, Key Create Subkey, Job Query, Process Set Session Id, Section Map Read, Service Query Status, Token Impersonate
                                Directory/File Read Extended Attributes, Key Enumerate Subkeys, Job Terminate, Process Virtual Memory Operation, Section Map Execute, Service Enumerate Dependencies, Thread Get Context, Token Query
                                Directory/File Write Extended Attributes, Key Notify, Job Set Security Attributes, Process Virtual Memory Read, Section Extend Size, Service Start, Thread Set Context, Token Query Source
                                Directory Traverse, File Execute, Key Create Link, Job Impersonate, Process Virtual Memory Write, Section Map Execute Explicit, Service Stop, Thread Set Information, Token Adjust Privileges
                                Read Control
                                Write DACL
                                Write Owner
                                Generic All
                Trustee:        'S-1-0-0' = well-known group 'NULL SID'
        SACL:           NONE

O:DAG:DAD:(A;;RPWPCCDCLCRCWOWDSDSW;;;SY)(A;;RPWPCCDCLCRCWOWDSDSW;;;DA)(OA;;CCDC;BF967ABA-0DE6-11D0-A285-00AA003049E2;;AO)(OA;;CCDC;BF967A9C-0DE6-11D0-A285-00AA003049E2;;AO)(OA;;CCDC;6DA8A4FF-0E52-11D0-A286-00AA003049E2;;AO)(OA;;CCDC;BF967AA8-0DE6-11D0-A285-00AA003049E2;;PO)(A;;RPLCRC;;;AU)S:(AU;SAFA;WDWOSDWPCCDCSW;;;WD)
        Revision:       1
        Control:        0x8014
                DACL Present
                SACL Present
        Owner:          'S-1-5-21-820728443-44925810-1835867902-512' = group 'AMNESIAC\Domain Administrators'
        Group:          'S-1-5-21-820728443-44925810-1835867902-512' = group 'AMNESIAC\Domain Administrators'
        DACL:           248 bytes, 7 ACE(s)
        [0]     ACE:    20 bytes
                Type:           0x00 = Access Allowed
                Flags:          0x00
                Access Mask:    0x000F003F
                                Directory List Directory, File/Pipe Read Data, Key Query Value, Event/Mutant/Semaphore/Timer Query State, Job Assign Process, Process Terminate, Section Query, Service Query Configuration, Session Query Access, Thread Terminate, Token Assign Primary
                                Directory Add File, File/Pipe Write Data, Key Set Value, Event/IO Completion/Mutant/Semaphore/Timer Modify State, Job Set Attributes, Process Create Thread, Section Map Write, Service Change Configuration, Session Modify Access, Thread Suspend/Resume, Token Duplicate
                                Directory Add Subdirectory, File Append Data, Pipe Create Instance, Key Create Subkey, Job Query, Process Set Session Id, Section Map Read, Service Query Status, Token Impersonate
                                Directory/File Read Extended Attributes, Key Enumerate Subkeys, Job Terminate, Process Virtual Memory Operation, Section Map Execute, Service Enumerate Dependencies, Thread Get Context, Token Query
                                Directory/File Write Extended Attributes, Key Notify, Job Set Security Attributes, Process Virtual Memory Read, Section Extend Size, Service Start, Thread Set Context, Token Query Source
                                Directory Traverse, File Execute, Key Create Link, Job Impersonate, Process Virtual Memory Write, Section Map Execute Explicit, Service Stop, Thread Set Information, Token Adjust Privileges
                                Standard Delete
                                Read Control
                                Write DACL
                                Write Owner
                Trustee:        'S-1-5-18' = well-known group 'NT AUTHORITY\SYSTEM'
        [1]     ACE:    24 bytes
                Type:           0x00 = Access Allowed
                Flags:          0x00
                Access Mask:    0x000F003F
                                Directory List Directory, File/Pipe Read Data, Key Query Value, Event/Mutant/Semaphore/Timer Query State, Job Assign Process, Process Terminate, Section Query, Service Query Configuration, Session Query Access, Thread Terminate, Token Assign Primary
                                Directory Add File, File/Pipe Write Data, Key Set Value, Event/IO Completion/Mutant/Semaphore/Timer Modify State, Job Set Attributes, Process Create Thread, Section Map Write, Service Change Configuration, Session Modify Access, Thread Suspend/Resume, Token Duplicate
                                Directory Add Subdirectory, File Append Data, Pipe Create Instance, Key Create Subkey, Job Query, Process Set Session Id, Section Map Read, Service Query Status, Token Impersonate
                                Directory/File Read Extended Attributes, Key Enumerate Subkeys, Job Terminate, Process Virtual Memory Operation, Section Map Execute, Service Enumerate Dependencies, Thread Get Context, Token Query
                                Directory/File Write Extended Attributes, Key Notify, Job Set Security Attributes, Process Virtual Memory Read, Section Extend Size, Service Start, Thread Set Context, Token Query Source
                                Directory Traverse, File Execute, Key Create Link, Job Impersonate, Process Virtual Memory Write, Section Map Execute Explicit, Service Stop, Thread Set Information, Token Adjust Privileges
                                Standard Delete
                                Read Control
                                Write DACL
                                Write Owner
                Trustee:        'S-1-5-21-820728443-44925810-1835867902-512' = group 'AMNESIAC\Domain Administrators'
        [2]     ACE:    44 bytes
                Type:           0x05 = Object Access Allowed
                Flags:          0x00
                Access Mask:    0x00000003
                                Directory List Directory, File/Pipe Read Data, Key Query Value, Event/Mutant/Semaphore/Timer Query State, Job Assign Process, Process Terminate, Section Query, Service Query Configuration, Session Query Access, Thread Terminate, Token Assign Primary
                                Directory Add File, File/Pipe Write Data, Key Set Value, Event/IO Completion/Mutant/Semaphore/Timer Modify State, Job Set Attributes, Process Create Thread, Section Map Write, Service Change Configuration, Session Modify Access, Thread Suspend/Resume, Token Duplicate
                Trustee:        'S-1-5-32-548' = alias 'BUILTIN\Account Operators'
        [3]     ACE:    44 bytes
                Type:           0x05 = Object Access Allowed
                Flags:          0x00
                Access Mask:    0x00000003
                                Directory List Directory, File/Pipe Read Data, Key Query Value, Event/Mutant/Semaphore/Timer Query State, Job Assign Process, Process Terminate, Section Query, Service Query Configuration, Session Query Access, Thread Terminate, Token Assign Primary
                                Directory Add File, File/Pipe Write Data, Key Set Value, Event/IO Completion/Mutant/Semaphore/Timer Modify State, Job Set Attributes, Process Create Thread, Section Map Write, Service Change Configuration, Session Modify Access, Thread Suspend/Resume, Token Duplicate
                Trustee:        'S-1-5-32-548' = alias 'BUILTIN\Account Operators'
        [4]     ACE:    44 bytes
                Type:           0x05 = Object Access Allowed
                Flags:          0x00
                Access Mask:    0x00000003
                                Directory List Directory, File/Pipe Read Data, Key Query Value, Event/Mutant/Semaphore/Timer Query State, Job Assign Process, Process Terminate, Section Query, Service Query Configuration, Session Query Access, Thread Terminate, Token Assign Primary
                                Directory Add File, File/Pipe Write Data, Key Set Value, Event/IO Completion/Mutant/Semaphore/Timer Modify State, Job Set Attributes, Process Create Thread, Section Map Write, Service Change Configuration, Session Modify Access, Thread Suspend/Resume, Token Duplicate
                Trustee:        'S-1-5-32-548' = alias 'BUILTIN\Account Operators'
        [5]     ACE:    44 bytes
                Type:           0x05 = Object Access Allowed
                Flags:          0x00
                Access Mask:    0x00000003
                                Directory List Directory, File/Pipe Read Data, Key Query Value, Event/Mutant/Semaphore/Timer Query State, Job Assign Process, Process Terminate, Section Query, Service Query Configuration, Session Query Access, Thread Terminate, Token Assign Primary
                                Directory Add File, File/Pipe Write Data, Key Set Value, Event/IO Completion/Mutant/Semaphore/Timer Modify State, Job Set Attributes, Process Create Thread, Section Map Write, Service Change Configuration, Session Modify Access, Thread Suspend/Resume, Token Duplicate
                Trustee:        'S-1-5-32-550' = alias 'BUILTIN\Print Operators'
        [6]     ACE:    20 bytes
                Type:           0x00 = Access Allowed
                Flags:          0x00
                Access Mask:    0x00020014
                                Directory Add Subdirectory, File Append Data, Pipe Create Instance, Key Create Subkey, Job Query, Process Set Session Id, Section Map Read, Service Query Status, Token Impersonate
                                Directory/File Write Extended Attributes, Key Notify, Job Set Security Attributes, Process Virtual Memory Read, Section Extend Size, Service Start, Thread Set Context, Token Query Source
                                Read Control
                Trustee:        'S-1-5-11' = well-known group 'NT AUTHORITY\Authenticated Users'
        SACL:           28 bytes, 1 ACE(s)
        [0]     ACE:    20 bytes
                Type:           0x02 = Access Audit
                Flags:          0xC0
                                Access Success
                                Access Failure
                Access Mask:    0x000D002B
                                Directory List Directory, File/Pipe Read Data, Key Query Value, Event/Mutant/Semaphore/Timer Query State, Job Assign Process, Process Terminate, Section Query, Service Query Configuration, Session Query Access, Thread Terminate, Token Assign Primary
                                Directory Add File, File/Pipe Write Data, Key Set Value, Event/IO Completion/Mutant/Semaphore/Timer Modify State, Job Set Attributes, Process Create Thread, Section Map Write, Service Change Configuration, Session Modify Access, Thread Suspend/Resume, Token Duplicate
                                Directory/File Read Extended Attributes, Key Enumerate Subkeys, Job Terminate, Process Virtual Memory Operation, Section Map Execute, Service Enumerate Dependencies, Thread Get Context, Token Query
                                Directory Traverse, File Execute, Key Create Link, Job Impersonate, Process Virtual Memory Write, Section Map Execute Explicit, Service Stop, Thread Set Information, Token Adjust Privileges
                                Standard Delete
                                Write DACL
                                Write Owner
                Trustee:        'S-1-1-0' = well-known group 'Everyone'

Security Descriptor Inspector

Purpose
Synopsis
Implementation and Build Details
Source and Build Instructions

Purpose

Find directories and files on NTFS filesystems that have a security descriptor which contains unknown security principals, i.e. user or group accounts that don’t exist on the local machine.

Synopsis

SECURITY.COM { ‹directory name› | ‹file name› } …
Note: when run under a user account which has the privileges SeBackupPrivilege and SeSecurityPrivilege assigned, the Security Descriptor Inspector enables them to access all directories and files.

Implementation and Build Details

Security Descriptor Inspector is a pure Win32 console application, written in ANSI C, built with the Platform SDK for Windows Server 2003 R2 Microsoft Visual C++ Compiler 2010 SP1 from update 2519277, but without the MSVCRT libraries, for use on Windows 2000 and newer versions of Windows NT as well as Windows PE 1.0 and newer versions.

Note: due to the design and implementation of Windows’ (classic alias legacy) console, the Win32 func