Petr Beneš wbenny

## versioninfo.cpp
#define _CRT_SECURE_NO_WARNINGS
#define _SILENCE_CXX17_CODECVT_HEADER_DEPRECATION_WARNING
#define _SILENCE_CXX20_CODECVT_FACETS_DEPRECATION_WARNING
#define NOMINMAX
#include <cassert>
#include <cstddef>
#include <cstdlib>

#include <algorithm>
#include <codecvt>

## KCONTINUE.h
//
// NtContinueEx is now used by ntdll!KiUserApcDispatcher.
// The KCONTINUE_ARGUMENT structure is built in the KiInitializeUserApc
// function.
//

typedef enum _KCONTINUE_TYPE
{
  KCONTINUE_UNWIND,
  KCONTINUE_RESUME,

## wordpad_startup_callstack.txt
USER32!GetWindowRect+0x7
wordpad!CAppletZoomControl::CenterControl+0x44
wordpad!CAppletZoomControl::OnSize+0x15
MFC42u!CWnd::OnWndMsg+0x6a1
MFC42u!CWnd::WindowProc+0x51
MFC42u!AfxCallWndProc+0x149
MFC42u!AfxWndProcBase+0x150
USER32!UserCallWinProcCheckWow+0x266
USER32!DispatchClientMessage+0x9c
USER32!_fnDWORD+0x33

## user32_undoc.txt
AlignRects
AllowForegroundActivation
BroadcastSystemMessage
BuildReasonArray
CalcMenuBar
CallMsgFilter
CascadeChildWindows
CheckDBCSEnabledExt
CheckProcessForClipboardAccess
CheckProcessSession

## kernel32_undoc.txt
ActivateActCtxWorker
AddLocalAlternateComputerNameA
AddLocalAlternateComputerNameW
AddRefActCtxWorker
AdjustCalendarDate
AppXGetOSMaxVersionTested
BaseCheckAppcompatCache
BaseCheckAppcompatCacheEx
BaseCheckAppcompatCacheExWorker
BaseCheckAppcompatCacheWorker

## intel-sdm-201805-201811.diff
diff --git a/2018may.txt b/2018nov.txt
index f007f17..4270c98 100644
--- a/2018may.txt
+++ b/2018nov.txt
@@ -8,8 +8,8 @@ Developer's Manual: Basic Architecture, Order Number 253665; Instruction Set Ref
 Number 325383; System Programming Guide, Order Number 325384; Model-Specific Registers, Order
 Number 335592. Refer to all four volumes when evaluating your design needs.

-Order Number: 325462-067US
-May 2018

## NtGenericCall.h
#include <ntdll_windows.h>
#include <ntdll.h>

// extern "C"
// UINT_PTR
// NTAPI
// MwGenericCall(
//   ULONG SyscallNumber,
//   ULONG ArgumentCount,
//   va_list ArgumentList

## 2_NtWow64CallFunction64_Wow64FunctionTurboThunkControl.h
#define WOW64_TURBO_THUNK_DISABLE 0
#define WOW64_TURBO_THUNK_ENABLE  1   // STATUS_NOT_SUPPORTED :(

    ThunkInput = WOW64_TURBO_THUNK_DISABLE;
    Status = NtWow64CallFunction64(Wow64FunctionTurboThunkControl,
                                   0,
                                   sizeof(ThunkInput),
                                   &ThunkInput,
                                   0,
                                   NULL,

## 2_NtWow64CallFunction64.h
typedef enum _WOW64_FUNCTION {
    Wow64Function64Nop,
    Wow64FunctionQueryProcessDebugInfo,
    Wow64FunctionTurboThunkControl,
    Wow64FunctionCfgDispatchControl,
    Wow64FunctionOptimizeChpeImportThunks,
} WOW64_FUNCTION;

NTSYSCALLAPI
NTSTATUS

## 2_WOW64_SERVICE_TABLE_DESCRIPTOR.h
typedef struct _WOW64_ERROR_CASE {

    ULONG     Case;
    NTSTATUS  TransformedStatus;

} WOW64_ERROR_CASE, *PWOW64_ERROR_CASE;

typedef struct _WOW64_SERVICE_TABLE_DESCRIPTOR {

    KSERVICE_TABLE_DESCRIPTOR Descriptor;
	#define _CRT_SECURE_NO_WARNINGS
	#define _SILENCE_CXX17_CODECVT_HEADER_DEPRECATION_WARNING
	#define _SILENCE_CXX20_CODECVT_FACETS_DEPRECATION_WARNING
	#define NOMINMAX
	#include <cassert>
	#include <cstddef>
	#include <cstdlib>

	#include <algorithm>
	#include <codecvt>
	//
	// NtContinueEx is now used by ntdll!KiUserApcDispatcher.
	// The KCONTINUE_ARGUMENT structure is built in the KiInitializeUserApc
	// function.
	//

	typedef enum _KCONTINUE_TYPE
	{
	KCONTINUE_UNWIND,
	KCONTINUE_RESUME,
	USER32!GetWindowRect+0x7
	wordpad!CAppletZoomControl::CenterControl+0x44
	wordpad!CAppletZoomControl::OnSize+0x15
	MFC42u!CWnd::OnWndMsg+0x6a1
	MFC42u!CWnd::WindowProc+0x51
	MFC42u!AfxCallWndProc+0x149
	MFC42u!AfxWndProcBase+0x150
	USER32!UserCallWinProcCheckWow+0x266
	USER32!DispatchClientMessage+0x9c
	USER32!_fnDWORD+0x33
	AlignRects
	AllowForegroundActivation
	BroadcastSystemMessage
	BuildReasonArray
	CalcMenuBar
	CallMsgFilter
	CascadeChildWindows
	CheckDBCSEnabledExt
	CheckProcessForClipboardAccess
	CheckProcessSession
	ActivateActCtxWorker
	AddLocalAlternateComputerNameA
	AddLocalAlternateComputerNameW
	AddRefActCtxWorker
	AdjustCalendarDate
	AppXGetOSMaxVersionTested
	BaseCheckAppcompatCache
	BaseCheckAppcompatCacheEx
	BaseCheckAppcompatCacheExWorker
	BaseCheckAppcompatCacheWorker
	diff --git a/2018may.txt b/2018nov.txt
	index f007f17..4270c98 100644
	--- a/2018may.txt
	+++ b/2018nov.txt
	@@ -8,8 +8,8 @@ Developer's Manual: Basic Architecture, Order Number 253665; Instruction Set Ref
	Number 325383; System Programming Guide, Order Number 325384; Model-Specific Registers, Order
	Number 335592. Refer to all four volumes when evaluating your design needs.

	-Order Number: 325462-067US
	-May 2018
	#include <ntdll_windows.h>
	#include <ntdll.h>

	// extern "C"
	// UINT_PTR
	// NTAPI
	// MwGenericCall(
	// ULONG SyscallNumber,
	// ULONG ArgumentCount,
	// va_list ArgumentList
	#define WOW64_TURBO_THUNK_DISABLE 0
	#define WOW64_TURBO_THUNK_ENABLE 1 // STATUS_NOT_SUPPORTED :(

	ThunkInput = WOW64_TURBO_THUNK_DISABLE;
	Status = NtWow64CallFunction64(Wow64FunctionTurboThunkControl,
	0,
	sizeof(ThunkInput),
	&ThunkInput,
	0,
	NULL,
	typedef enum _WOW64_FUNCTION {
	Wow64Function64Nop,
	Wow64FunctionQueryProcessDebugInfo,
	Wow64FunctionTurboThunkControl,
	Wow64FunctionCfgDispatchControl,
	Wow64FunctionOptimizeChpeImportThunks,
	} WOW64_FUNCTION;

	NTSYSCALLAPI
	NTSTATUS
	typedef struct _WOW64_ERROR_CASE {

	ULONG Case;
	NTSTATUS TransformedStatus;

	} WOW64_ERROR_CASE, *PWOW64_ERROR_CASE;

	typedef struct _WOW64_SERVICE_TABLE_DESCRIPTOR {

	KSERVICE_TABLE_DESCRIPTOR Descriptor;