mimikatz/inc/globals.h

/*	Benjamin DELPY `gentilkiwi`
	https://blog.gentilkiwi.com
	benjamin@gentilkiwi.com
	Licence : https://creativecommons.org/licenses/by/4.0/
*/
#pragma once
#include <ntstatus.h>
#define WIN32_NO_STATUS
#define SECURITY_WIN32
#define CINTERFACE
#define COBJMACROS
#include <windows.h>
#include <sspi.h>
#include <sddl.h>
#include <wincred.h>
#include <ntsecapi.h>
#include <ntsecpkg.h>
#include <stdio.h>
#include <wchar.h>
#include "../modules/kull_m_output.h"
//#define KERBEROS_TOOLS
//#define SERVICE_INCONTROL
#define NET_MODULE
#if defined(_M_ARM64)
	#define MIMIKATZ_ARCH L"arm64"
#elif defined(_M_X64)
	#define MIMIKATZ_ARCH L"x64"
#elif defined(_M_IX86)
	#define MIMIKATZ_ARCH L"x86"
#endif

#define MIMIKATZ				L"mimikatz"
#define MIMIKATZ_VERSION		L"2.2.0"
#define MIMIKATZ_CODENAME		L"A La Vie, A L\'Amour"
#define MIMIKATZ_MAX_WINBUILD	L"19041"
#define MIMIKATZ_FULL			MIMIKATZ L" " MIMIKATZ_VERSION L" (" MIMIKATZ_ARCH L") #" MIMIKATZ_MAX_WINBUILD L" " TEXT(__DATE__) L" " TEXT(__TIME__)
#define MIMIKATZ_SECOND			L"\"" MIMIKATZ_CODENAME L"\""
#define MIMIKATZ_DEFAULT_LOG	MIMIKATZ L".log"
#define MIMIKATZ_DRIVER			L"mimidrv"
#define MIMIKATZ_KERBEROS_EXT	L"kirbi"
#define MIMIKATZ_SERVICE		MIMIKATZ L"svc"

#if defined(_WINDLL)
	#define MIMIKATZ_AUTO_COMMAND_START		0
#else
	#define MIMIKATZ_AUTO_COMMAND_START		1
#endif

#if defined(_POWERKATZ)
	#define MIMIKATZ_AUTO_COMMAND_STRING	L"powershell"
#else
	#define MIMIKATZ_AUTO_COMMAND_STRING	L"commandline"
#endif

#if !defined(NT_SUCCESS)
#define NT_SUCCESS(Status) ((NTSTATUS)(Status) >= 0)
#endif

#if !defined(PRINT_ERROR)
#define PRINT_ERROR(...) (kprintf(L"ERROR " TEXT(__FUNCTION__) L" ; " __VA_ARGS__))
#endif

#if !defined(PRINT_ERROR_AUTO)
#define PRINT_ERROR_AUTO(func) (kprintf(L"ERROR " TEXT(__FUNCTION__) L" ; " func L" (0x%08x)\n", GetLastError()))
#endif

#if !defined(W00T)
#define W00T(...) (kprintf(TEXT(__FUNCTION__) L" w00t! ; " __VA_ARGS__))
#endif

DWORD MIMIKATZ_NT_MAJOR_VERSION, MIMIKATZ_NT_MINOR_VERSION, MIMIKATZ_NT_BUILD_NUMBER;

#if !defined(MS_ENH_RSA_AES_PROV_XP)
#define MS_ENH_RSA_AES_PROV_XP	L"Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)"
#endif

#if !defined(MS_PLATFORM_CRYPTO_PROVIDER)
#define MS_PLATFORM_CRYPTO_PROVIDER	L"Microsoft Platform Crypto Provider"
#endif

#if !defined(NCRYPT_PCP_PLATFORM_TYPE_PROPERTY)
#define NCRYPT_PCP_PLATFORM_TYPE_PROPERTY    L"PCP_PLATFORM_TYPE"
#endif

#if !defined(TPM_RSA_SRK_SEAL_KEY)
#define TPM_RSA_SRK_SEAL_KEY			L"MICROSOFT_PCP_KSP_RSA_SEAL_KEY_3BD1C4BF-004E-4E2F-8A4D-0BF633DCB074"
#endif

#if !defined(NCRYPT_SEALING_FLAG)
#define NCRYPT_SEALING_FLAG				0x00000100
#endif

#if !defined(SCARD_PROVIDER_CARD_MODULE)
#define SCARD_PROVIDER_CARD_MODULE 0x80000001
#endif

#define RtlEqualGuid(L1, L2) (RtlEqualMemory(L1, L2, sizeof(GUID)))

#define SIZE_ALIGN(size, alignment)	(size + ((size % alignment) ? (alignment - (size % alignment)) : 0))
#define KIWI_NEVERTIME(filetime)	(*(PLONGLONG) filetime = MAXLONGLONG)

#define LM_NTLM_HASH_LENGTH	16

#define KULL_M_WIN_BUILD_XP		2600
#define KULL_M_WIN_BUILD_2K3	3790
#define KULL_M_WIN_BUILD_VISTA	6000
#define KULL_M_WIN_BUILD_7		7600
#define KULL_M_WIN_BUILD_8		9200
#define KULL_M_WIN_BUILD_BLUE	9600
#define KULL_M_WIN_BUILD_10_1507	10240
#define KULL_M_WIN_BUILD_10_1511	10586
#define KULL_M_WIN_BUILD_10_1607	14393
#define KULL_M_WIN_BUILD_10_1703	15063
#define KULL_M_WIN_BUILD_10_1709	16299
#define KULL_M_WIN_BUILD_10_1803	17134
#define KULL_M_WIN_BUILD_10_1809	17763
#define KULL_M_WIN_BUILD_10_1903	18362
#define KULL_M_WIN_BUILD_10_1909	18363
#define KULL_M_WIN_BUILD_10_2004	19041
#define KULL_M_WIN_BUILD_10_20H2	19042
#define KULL_M_WIN_BUILD_10_21H2	19044
#define KULL_M_WIN_BUILD_2022		20348
#define KULL_M_WIN_BUILD_11_22H2	22621

#define KULL_M_WIN_MIN_BUILD_XP		2500
#define KULL_M_WIN_MIN_BUILD_2K3	3000
#define KULL_M_WIN_MIN_BUILD_VISTA	5000
#define KULL_M_WIN_MIN_BUILD_7		7000
#define KULL_M_WIN_MIN_BUILD_8		8000
#define KULL_M_WIN_MIN_BUILD_BLUE	9400
#define KULL_M_WIN_MIN_BUILD_10		9800
#define KULL_M_WIN_MIN_BUILD_11		22000

/* mimikatz 3 transition */
#define PRINT_ERROR_NUMBER(func, error)	PRINT_ERROR(func L": 0x%08x\n", error)

#define GET_CLI_ARG(name, var) (kull_m_string_args_byName(argc, argv, name, var, NULL))
#define GET_CLI_ARG_DEF(name, var, def) (kull_m_string_args_byName(argc, argv, name, var, def))
#define GET_CLI_ARG_PRESENT(name) (kull_m_string_args_byName(argc, argv, name, NULL, NULL))

#define kprintf_level(subject, ...)	kprintf(L"%*s" subject, level << 1, L"", __VA_ARGS__)

#define kprinthex(lpData, cbData) kull_m_string_wprintf_hex(lpData, (DWORD) cbData, 0); kprintf(L"\n")
#define kprinthex16(lpData, cbData) kull_m_string_wprintf_hex(lpData, (DWORD) cbData, 1 | (16 << 16)); kprintf(L"\n")

#define kull_m_cli_guid(pGuid, bNewLine) kull_m_string_displayGUID(pGuid); if(bNewLine) kprintf(L"\n")
#define kull_m_cli_sid(pSid, bNewLine) kull_m_string_displaySID(pSid); if(bNewLine) kprintf(L"\n")

#define kull_m_crypto_Base64StringToBinary kull_m_string_quick_base64_to_Binary
Initial upload 2014-04-06 18:31:53 +00:00			/* Benjamin DELPY `gentilkiwi`
[new] mimikatz lsadump::postzerologon, to reinit DC password both in local store and AD [change] https instead of http for blog :) 2020-09-17 01:17:11 +00:00			`https://blog.gentilkiwi.com`
Initial upload 2014-04-06 18:31:53 +00:00			`benjamin@gentilkiwi.com`
Global licence update, credits to Vincent LE TOUX for DCSync, and lsadump::hash moved to crypto::hash 2015-08-25 09:19:01 +00:00			`Licence : https://creativecommons.org/licenses/by/4.0/`
Initial upload 2014-04-06 18:31:53 +00:00			`*/`
			`#pragma once`
			`#include <ntstatus.h>`
			`#define WIN32_NO_STATUS`
			`#define SECURITY_WIN32`
[new] mimikatz IIS module, to deal with passwords in applicationHost.config [new/internal] tiny xml module (msxml2) [internal] mimikatz::lsadump cast fix to build on v140 2016-07-10 22:32:51 +00:00			`#define CINTERFACE`
			`#define COBJMACROS`
Initial upload 2014-04-06 18:31:53 +00:00			`#include <windows.h>`
			`#include <sspi.h>`
			`#include <sddl.h>`
			`#include <wincred.h>`
			`#include <ntsecapi.h>`
			`#include <ntsecpkg.h>`
			`#include <stdio.h>`
			`#include <wchar.h>`
			`#include "../modules/kull_m_output.h"`
			`//#define KERBEROS_TOOLS`
One PowerShell fix and better service/token functions [fix #83] mimikatz - No ExitProcess when using DLL (for PowerShell) [new] mimikatz - service::+ & service::- to install/uninstall [enhancement] token::elevate & token::run 2017-03-26 00:35:32 +00:00			`//#define SERVICE_INCONTROL`
Some cosmetic fixes (output, unicode detect, vault "pause", ...) 2014-04-25 00:03:55 +00:00			`#define NET_MODULE`
Big update :) [new] mimikatz & mimilib very experimental support for ARM64 [better] code for Mifare protocol [better] code for sekurlsa WinDBG plugin (credential keys, still not good enough) [new] mimilib sub authentication package for @vletoux with 'bad password knocking' and magic password [new] mimikatz: unmarshalling usernames when marshalled [fix] mimikatz SR98/RDM/Busylight could previously crash [fix #184] again and again ;) [fix #172] swscanf_s VS ARRAYSIZE macro [fix #127] stdout/stdin/stderr vs modern Visual Studio and Windows XP support (thank you @Crypt0-M3lon) [code] refactor for defined / !defined 2019-03-25 00:57:56 +00:00			`#if defined(_M_ARM64)`
			`#define MIMIKATZ_ARCH L"arm64"`
			`#elif defined(_M_X64)`
Initial upload 2014-04-06 18:31:53 +00:00			`#define MIMIKATZ_ARCH L"x64"`
Big update :) [new] mimikatz & mimilib very experimental support for ARM64 [better] code for Mifare protocol [better] code for sekurlsa WinDBG plugin (credential keys, still not good enough) [new] mimilib sub authentication package for @vletoux with 'bad password knocking' and magic password [new] mimikatz: unmarshalling usernames when marshalled [fix] mimikatz SR98/RDM/Busylight could previously crash [fix #184] again and again ;) [fix #172] swscanf_s VS ARRAYSIZE macro [fix #127] stdout/stdin/stderr vs modern Visual Studio and Windows XP support (thank you @Crypt0-M3lon) [code] refactor for defined / !defined 2019-03-25 00:57:56 +00:00			`#elif defined(_M_IX86)`
Initial upload 2014-04-06 18:31:53 +00:00			`#define MIMIKATZ_ARCH L"x86"`
			`#endif`

			`#define MIMIKATZ L"mimikatz"`
Big update :) [new] mimikatz & mimilib very experimental support for ARM64 [better] code for Mifare protocol [better] code for sekurlsa WinDBG plugin (credential keys, still not good enough) [new] mimilib sub authentication package for @vletoux with 'bad password knocking' and magic password [new] mimikatz: unmarshalling usernames when marshalled [fix] mimikatz SR98/RDM/Busylight could previously crash [fix #184] again and again ;) [fix #172] swscanf_s VS ARRAYSIZE macro [fix #127] stdout/stdin/stderr vs modern Visual Studio and Windows XP support (thank you @Crypt0-M3lon) [code] refactor for defined / !defined 2019-03-25 00:57:56 +00:00			`#define MIMIKATZ_VERSION L"2.2.0"`
MSV & Kerberos fixes, LSA and Privilege enhancements - [fix] sekurlsa::msv & mimilib for Windows 10 build 10586 - [fix #20] sekurlsa::tickets (display & export) for NT 6 != Windows 10 - [close #16] kerberos::golden now with ~NetBios name in LogonDomainName field of the PAC - [new] privilege module shortcuts (driver, security, tcb, backup, restore) and functions (by id or name) - [new] lsadump::dcsync and lsadump::lsa /inject 'NTLM-Strong-NTOWF' in Supplemental Credentials structures (Windows 2016 TP 4) - [internal] NtSetSystemInformation can now be used in code 2016-01-06 01:46:28 +00:00			`#define MIMIKATZ_CODENAME L"A La Vie, A L\'Amour"`
[new] mimikatz & mimidrv support for Windows 10 2004 (build 19041) 2020-05-18 22:56:24 +00:00			`#define MIMIKATZ_MAX_WINBUILD L"19041"`
[new] mimikatz eventlog patch for 1803 ( for @darkoperator ) [new] mimikatz version includes maximum Windows build number tested 2018-12-09 23:03:02 +00:00			`#define MIMIKATZ_FULL MIMIKATZ L" " MIMIKATZ_VERSION L" (" MIMIKATZ_ARCH L") #" MIMIKATZ_MAX_WINBUILD L" " TEXT(__DATE__) L" " TEXT(__TIME__)`
[fix #65] mimikatz sekurlsa::* for old 2012r2 version [fix #66] mimikatz sekurlsa::kerberos CSP/Pin data for Windows 10 1607 2016-10-05 18:37:29 +00:00			`#define MIMIKATZ_SECOND L"\"" MIMIKATZ_CODENAME L"\""`
Code cleaning & Base64 output 2014-04-23 20:00:29 +00:00			`#define MIMIKATZ_DEFAULT_LOG MIMIKATZ L".log"`
Initial upload 2014-04-06 18:31:53 +00:00			`#define MIMIKATZ_DRIVER L"mimidrv"`
			`#define MIMIKATZ_KERBEROS_EXT L"kirbi"`
mimikatz 2.1.1 (rpc/service/process) [new] RPC support (client & server, multi users) [new] Windows service support [new] token::elevate can run process with impersonate token (when enough privileges and without interactions) [new] process::run [new] standard::hostname 2017-03-19 15:03:54 +00:00			`#define MIMIKATZ_SERVICE MIMIKATZ L"svc"`
Initial upload 2014-04-06 18:31:53 +00:00
Big update :) [new] mimikatz & mimilib very experimental support for ARM64 [better] code for Mifare protocol [better] code for sekurlsa WinDBG plugin (credential keys, still not good enough) [new] mimilib sub authentication package for @vletoux with 'bad password knocking' and magic password [new] mimikatz: unmarshalling usernames when marshalled [fix] mimikatz SR98/RDM/Busylight could previously crash [fix #184] again and again ;) [fix #172] swscanf_s VS ARRAYSIZE macro [fix #127] stdout/stdin/stderr vs modern Visual Studio and Windows XP support (thank you @Crypt0-M3lon) [code] refactor for defined / !defined 2019-03-25 00:57:56 +00:00			`#if defined(_WINDLL)`
Pass-The-Hash enhancements, 'powerkatz', Kerberos keys better ouptut 2014-05-04 23:24:54 +00:00			`#define MIMIKATZ_AUTO_COMMAND_START 0`
			`#else`
			`#define MIMIKATZ_AUTO_COMMAND_START 1`
mimikatz as a DLL, DLL delay loading for bcrypt/ncrypt, some crypto stuff... 2017-07-19 23:33:50 +00:00			`#endif`

Big update :) [new] mimikatz & mimilib very experimental support for ARM64 [better] code for Mifare protocol [better] code for sekurlsa WinDBG plugin (credential keys, still not good enough) [new] mimilib sub authentication package for @vletoux with 'bad password knocking' and magic password [new] mimikatz: unmarshalling usernames when marshalled [fix] mimikatz SR98/RDM/Busylight could previously crash [fix #184] again and again ;) [fix #172] swscanf_s VS ARRAYSIZE macro [fix #127] stdout/stdin/stderr vs modern Visual Studio and Windows XP support (thank you @Crypt0-M3lon) [code] refactor for defined / !defined 2019-03-25 00:57:56 +00:00			`#if defined(_POWERKATZ)`
mimikatz as a DLL, DLL delay loading for bcrypt/ncrypt, some crypto stuff... 2017-07-19 23:33:50 +00:00			`#define MIMIKATZ_AUTO_COMMAND_STRING L"powershell"`
			`#else`
Pass-The-Hash enhancements, 'powerkatz', Kerberos keys better ouptut 2014-05-04 23:24:54 +00:00			`#define MIMIKATZ_AUTO_COMMAND_STRING L"commandline"`
			`#endif`

Big update :) [new] mimikatz & mimilib very experimental support for ARM64 [better] code for Mifare protocol [better] code for sekurlsa WinDBG plugin (credential keys, still not good enough) [new] mimilib sub authentication package for @vletoux with 'bad password knocking' and magic password [new] mimikatz: unmarshalling usernames when marshalled [fix] mimikatz SR98/RDM/Busylight could previously crash [fix #184] again and again ;) [fix #172] swscanf_s VS ARRAYSIZE macro [fix #127] stdout/stdin/stderr vs modern Visual Studio and Windows XP support (thank you @Crypt0-M3lon) [code] refactor for defined / !defined 2019-03-25 00:57:56 +00:00			`#if !defined(NT_SUCCESS)`
Initial upload 2014-04-06 18:31:53 +00:00			`#define NT_SUCCESS(Status) ((NTSTATUS)(Status) >= 0)`
			`#endif`

Big update :) [new] mimikatz & mimilib very experimental support for ARM64 [better] code for Mifare protocol [better] code for sekurlsa WinDBG plugin (credential keys, still not good enough) [new] mimilib sub authentication package for @vletoux with 'bad password knocking' and magic password [new] mimikatz: unmarshalling usernames when marshalled [fix] mimikatz SR98/RDM/Busylight could previously crash [fix #184] again and again ;) [fix #172] swscanf_s VS ARRAYSIZE macro [fix #127] stdout/stdin/stderr vs modern Visual Studio and Windows XP support (thank you @Crypt0-M3lon) [code] refactor for defined / !defined 2019-03-25 00:57:56 +00:00			`#if !defined(PRINT_ERROR)`
Initial upload 2014-04-06 18:31:53 +00:00			`#define PRINT_ERROR(...) (kprintf(L"ERROR " TEXT(__FUNCTION__) L" ; " __VA_ARGS__))`
			`#endif`

Big update :) [new] mimikatz & mimilib very experimental support for ARM64 [better] code for Mifare protocol [better] code for sekurlsa WinDBG plugin (credential keys, still not good enough) [new] mimilib sub authentication package for @vletoux with 'bad password knocking' and magic password [new] mimikatz: unmarshalling usernames when marshalled [fix] mimikatz SR98/RDM/Busylight could previously crash [fix #184] again and again ;) [fix #172] swscanf_s VS ARRAYSIZE macro [fix #127] stdout/stdin/stderr vs modern Visual Studio and Windows XP support (thank you @Crypt0-M3lon) [code] refactor for defined / !defined 2019-03-25 00:57:56 +00:00			`#if !defined(PRINT_ERROR_AUTO)`
Initial upload 2014-04-06 18:31:53 +00:00			`#define PRINT_ERROR_AUTO(func) (kprintf(L"ERROR " TEXT(__FUNCTION__) L" ; " func L" (0x%08x)\n", GetLastError()))`
			`#endif`

Big update :) [new] mimikatz & mimilib very experimental support for ARM64 [better] code for Mifare protocol [better] code for sekurlsa WinDBG plugin (credential keys, still not good enough) [new] mimilib sub authentication package for @vletoux with 'bad password knocking' and magic password [new] mimikatz: unmarshalling usernames when marshalled [fix] mimikatz SR98/RDM/Busylight could previously crash [fix #184] again and again ;) [fix #172] swscanf_s VS ARRAYSIZE macro [fix #127] stdout/stdin/stderr vs modern Visual Studio and Windows XP support (thank you @Crypt0-M3lon) [code] refactor for defined / !defined 2019-03-25 00:57:56 +00:00			`#if !defined(W00T)`
Initial upload 2014-04-06 18:31:53 +00:00			`#define W00T(...) (kprintf(TEXT(__FUNCTION__) L" w00t! ; " __VA_ARGS__))`
			`#endif`

			`DWORD MIMIKATZ_NT_MAJOR_VERSION, MIMIKATZ_NT_MINOR_VERSION, MIMIKATZ_NT_BUILD_NUMBER;`

Big update :) [new] mimikatz & mimilib very experimental support for ARM64 [better] code for Mifare protocol [better] code for sekurlsa WinDBG plugin (credential keys, still not good enough) [new] mimilib sub authentication package for @vletoux with 'bad password knocking' and magic password [new] mimikatz: unmarshalling usernames when marshalled [fix] mimikatz SR98/RDM/Busylight could previously crash [fix #184] again and again ;) [fix #172] swscanf_s VS ARRAYSIZE macro [fix #127] stdout/stdin/stderr vs modern Visual Studio and Windows XP support (thank you @Crypt0-M3lon) [code] refactor for defined / !defined 2019-03-25 00:57:56 +00:00			`#if !defined(MS_ENH_RSA_AES_PROV_XP)`
Initial upload 2014-04-06 18:31:53 +00:00			`#define MS_ENH_RSA_AES_PROV_XP L"Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)"`
			`#endif`

[new] mimikatz & mimidrv support for Windows 10 2004 (build 19041) 2020-05-18 22:56:24 +00:00			`#if !defined(MS_PLATFORM_CRYPTO_PROVIDER)`
			`#define MS_PLATFORM_CRYPTO_PROVIDER L"Microsoft Platform Crypto Provider"`
			`#endif`

			`#if !defined(NCRYPT_PCP_PLATFORM_TYPE_PROPERTY)`
			`#define NCRYPT_PCP_PLATFORM_TYPE_PROPERTY L"PCP_PLATFORM_TYPE"`
			`#endif`

[new] sekurlsa::cloudap to dump Azure PRT, session keys and DPAPI keys [new] ngc::logondata to dump authentication slot pin and various data (kiwi use only - 2004 up to date) [new] token::elevate option to impersonate special users [internal] file reading support reading with backup privilege 2020-08-04 12:06:21 +00:00			`#if !defined(TPM_RSA_SRK_SEAL_KEY)`
			`#define TPM_RSA_SRK_SEAL_KEY L"MICROSOFT_PCP_KSP_RSA_SEAL_KEY_3BD1C4BF-004E-4E2F-8A4D-0BF633DCB074"`
			`#endif`

			`#if !defined(NCRYPT_SEALING_FLAG)`
			`#define NCRYPT_SEALING_FLAG 0x00000100`
			`#endif`

Big update :) [new] mimikatz & mimilib very experimental support for ARM64 [better] code for Mifare protocol [better] code for sekurlsa WinDBG plugin (credential keys, still not good enough) [new] mimilib sub authentication package for @vletoux with 'bad password knocking' and magic password [new] mimikatz: unmarshalling usernames when marshalled [fix] mimikatz SR98/RDM/Busylight could previously crash [fix #184] again and again ;) [fix #172] swscanf_s VS ARRAYSIZE macro [fix #127] stdout/stdin/stderr vs modern Visual Studio and Windows XP support (thank you @Crypt0-M3lon) [code] refactor for defined / !defined 2019-03-25 00:57:56 +00:00			`#if !defined(SCARD_PROVIDER_CARD_MODULE)`
[new] mimilib now supports DHCP Callout, DNS Plugin, Coffee 2017-05-08 20:12:31 +00:00			`#define SCARD_PROVIDER_CARD_MODULE 0x80000001`
			`#endif`

Initial upload 2014-04-06 18:31:53 +00:00			`#define RtlEqualGuid(L1, L2) (RtlEqualMemory(L1, L2, sizeof(GUID)))`
Crypto and DPAPI cleaning 2015-06-03 00:13:43 +00:00
[internal] modules RPC directory & cleaning 2016-07-19 15:48:55 +00:00			`#define SIZE_ALIGN(size, alignment) (size + ((size % alignment) ? (alignment - (size % alignment)) : 0))`
Global update with few things [net] List network sessions & user sessions to a server [internal] arguments default behavior can NULL a value 2017-02-26 01:10:41 +00:00			`#define KIWI_NEVERTIME(filetime) (*(PLONGLONG) filetime = MAXLONGLONG)`
[internal] modules RPC directory & cleaning 2016-07-19 15:48:55 +00:00
Initial upload 2014-04-06 18:31:53 +00:00			`#define LM_NTLM_HASH_LENGTH 16`

			`#define KULL_M_WIN_BUILD_XP 2600`
			`#define KULL_M_WIN_BUILD_2K3 3790`
			`#define KULL_M_WIN_BUILD_VISTA 6000`
			`#define KULL_M_WIN_BUILD_7 7600`
			`#define KULL_M_WIN_BUILD_8 9200`
			`#define KULL_M_WIN_BUILD_BLUE 9600`
[new] mimikatz & mimidrv full support for Windows 1809 2018-12-03 01:06:10 +00:00			`#define KULL_M_WIN_BUILD_10_1507 10240`
			`#define KULL_M_WIN_BUILD_10_1511 10586`
			`#define KULL_M_WIN_BUILD_10_1607 14393`
			`#define KULL_M_WIN_BUILD_10_1703 15063`
			`#define KULL_M_WIN_BUILD_10_1709 16299`
			`#define KULL_M_WIN_BUILD_10_1803 17134`
			`#define KULL_M_WIN_BUILD_10_1809 17763`
[new] mimikatz Windows 10 1903 (build 18362) support 2019-05-12 23:17:31 +00:00			`#define KULL_M_WIN_BUILD_10_1903 18362`
[new] mimikatz & mimidrv support for Windows 10 2004 (build 19041) 2020-05-18 22:56:24 +00:00			`#define KULL_M_WIN_BUILD_10_1909 18363`
			`#define KULL_M_WIN_BUILD_10_2004 19041`
[new] misc:sccm to decrypt SC_UserAccount credentials when SCCM private key access 2021-05-11 18:34:56 +00:00			`#define KULL_M_WIN_BUILD_10_20H2 19042`
Add #define for Windows 10 21H2 (November 2021 Update) build version 19044 2022-07-26 07:38:10 +00:00			`#define KULL_M_WIN_BUILD_10_21H2 19044`
[new] lsadump::dcsync try to support /laps [internal] ldap supports authentication [internal] rpc cleanup for EFS [internal] sekurlsa skeleton for 11/2022 2021-09-06 22:19:15 +00:00			`#define KULL_M_WIN_BUILD_2022 20348`
Updated LsaSrvReferences and LsaInitializeProtectedMemory_KEY for parsing Windows 11's dump file 2023-08-03 08:55:55 +00:00			`#define KULL_M_WIN_BUILD_11_22H2 22621`
Initial upload 2014-04-06 18:31:53 +00:00
			`#define KULL_M_WIN_MIN_BUILD_XP 2500`
			`#define KULL_M_WIN_MIN_BUILD_2K3 3000`
minor file function change 2015-01-13 21:08:23 +00:00			`#define KULL_M_WIN_MIN_BUILD_VISTA 5000`
Initial upload 2014-04-06 18:31:53 +00:00			`#define KULL_M_WIN_MIN_BUILD_7 7000`
			`#define KULL_M_WIN_MIN_BUILD_8 8000`
Microsoft BlueHat edition Windows 10 Technical Preview inside, but some kernel parts are missing 2014-10-10 08:53:03 +00:00			`#define KULL_M_WIN_MIN_BUILD_BLUE 9400`
[fix] mimikatz ts::logonpasswords search routines for Web credentials, thank you Lawrence Abrams (@Bleeping) 2021-08-09 23:59:35 +00:00			`#define KULL_M_WIN_MIN_BUILD_10 9800`
Add #define for Windows 10 21H2 (November 2021 Update) build version 19044 2022-07-26 07:38:10 +00:00			`#define KULL_M_WIN_MIN_BUILD_11 22000`
[legacy] Backport djoin parser & citrix SSO password extractor 2022-09-19 12:57:55 +00:00
			`/* mimikatz 3 transition */`
[legacy] Some love for Windows XP (RtlDecryptMemory instead of CryptUnprotectMemory - did not exist) 2022-09-19 20:50:46 +00:00			`#define PRINT_ERROR_NUMBER(func, error) PRINT_ERROR(func L": 0x%08x\n", error)`

[legacy] Backport djoin parser & citrix SSO password extractor 2022-09-19 12:57:55 +00:00			`#define GET_CLI_ARG(name, var) (kull_m_string_args_byName(argc, argv, name, var, NULL))`
			`#define GET_CLI_ARG_DEF(name, var, def) (kull_m_string_args_byName(argc, argv, name, var, def))`
			`#define GET_CLI_ARG_PRESENT(name) (kull_m_string_args_byName(argc, argv, name, NULL, NULL))`

			`#define kprintf_level(subject, ...) kprintf(L"%*s" subject, level << 1, L"", __VA_ARGS__)`

			`#define kprinthex(lpData, cbData) kull_m_string_wprintf_hex(lpData, (DWORD) cbData, 0); kprintf(L"\n")`
			`#define kprinthex16(lpData, cbData) kull_m_string_wprintf_hex(lpData, (DWORD) cbData, 1 \| (16 << 16)); kprintf(L"\n")`

			`#define kull_m_cli_guid(pGuid, bNewLine) kull_m_string_displayGUID(pGuid); if(bNewLine) kprintf(L"\n")`
			`#define kull_m_cli_sid(pSid, bNewLine) kull_m_string_displaySID(pSid); if(bNewLine) kprintf(L"\n")`

			`#define kull_m_crypto_Base64StringToBinary kull_m_string_quick_base64_to_Binary`