helping constants (previously I liked NTDDI constants, but I dissapointed in them in case of suppot pre NTs too)
; File flags for version info
VS_FF_DEBUG = $00000001 ; file contain debug info
VS_FF_PRERELEASE = $00000002 ; under development
VS_FF_PATCHED = $00000004 ; not identical to original with same version
VS_FF_PRIVATEBUILD = $00000008 ; assembled differently
VS_FF_INFOINFERRED = $00000010 ; version info may be incorrect
VS_FF_SPECIALBUILD = $00000020 ; branch
; OS types for version info
VOS_UNKNOWN = $00000000
VOS_BASE = $00000000
VOS__WINDOWS16 = $00000001
VOS__PM16 = $00000002 ; targeted to Presentation Manager (16 bit)
VOS__PM32 = $00000003 ; targeted to Presentation Manager (32 bit)
VOS__WINDOWS32 = $00000004
VOS__WINDOWS64 = $00000005
VOS_DOS = $00010000
VOS_DOS_WINDOWS16 = $00010001 ; targeted to Win16 subsistem under DOS
VOS_DOS_WINDOWS32 = $00010004 ; targeted to Win32 subsistem under DOS
VOS_OS216 = $00020000 ; targeted to OS/2 (16 bit)
VOS_OS216_PM16 = $00020002 ; targeted to OS/2 (16 bit) & Presentation Manager (16 bit)
VOS_OS232 = $00030000 ; targeted to OS/2 (32 bit)
VOS_OS232_PM32 = $00030003 ; targeted to OS/2 (32 bit) & Presentation Manager (32 bit)
VOS_NT = $00040000 ; targeted to Windows NT(/2000)
VOS_NT_WINDOWS32 = $00040004 ; targeted to Windows NT(/2000)
VOS_NT_WINDOWS64 = $00040005 ; targeted to Windows XP64+
VOS_CE_WINDOWS32 = $00000004
; File types for version info
VFT_UNKNOWN = $00000000
VFT_APP = $00000001
VFT_DLL = $00000002
VFT_DRV = $00000003
VFT_FONT = $00000004
VFT_VXD = $00000005
VFT_STATIC_LIB = $00000007
; Driver file subtypes for version info
VFT2_UNKNOWN = $00000000
VFT2_DRV_PRINTER = $00000001
VFT2_DRV_KEYBOARD = $00000002
VFT2_DRV_LANGUAGE = $00000003
VFT2_DRV_DISPLAY = $00000004
VFT2_DRV_MOUSE = $00000005
VFT2_DRV_NETWORK = $00000006
VFT2_DRV_SYSTEM = $00000007
VFT2_DRV_INSTALLLABLE = $00000008
VFT2_DRV_SOUND = $00000009
VFT2_DRV_COMM = $0000000A
VFT2_DRV_INPUTMETHOD = $0000000B
; Font file subtypes for version info
;VFT2_UNKNOWN = $00000000
VFT2_FONT_RASTER = $00000001
VFT2_FONT_VECTOR = $00000002
VFT2_FONT_TRUETYPE = $00000003
; X86 workstation family under DOS
VWINDOWS_1 = $01010000
VWINDOWS_102 = $01020000
VWINDOWS_103 = $01030000
VWINDOWS_104 = $01040000
VWINDOWS_203 = $02030000
VWINDOWS_210 = $020A0000
VWINDOWS_211 = $020B0000
VWINDOWS_3 = $03000000
VWINDOWS_31 = $030A0000
VWINDOWS_32 = $030A0200
VWINDOWS_311 = $030B0000
; X86 workstation family of win9x
VWINDOWS_95 = $04000000
VWINDOWS_98 = $040A0000
VWINDOWS_ME = $045A0000
; X86 workstation family of NTs
VWINDOWS_NT31 = $03010000
VWINDOWS_NT35 = $03050000
VWINDOWS_NT351 = $03330000
VWINDOWS_NT4 = $04000000
VWINDOWS_NT4SP1 = $04000100
VWINDOWS_NT4SP2 = $04000200
VWINDOWS_NT4SP3 = $04000300
VWINDOWS_NT4SP4 = $04000400
VWINDOWS_NT4SP5 = $04000500
VWINDOWS_NT4SP6 = $04000600
VWINDOWS_2K = $05000000
VWINDOWS_2KSP1 = $05000100
VWINDOWS_2KSP2 = $05000200
VWINDOWS_2KSP3 = $05000300
VWINDOWS_2KSP4 = $05000400
VWINDOWS_XP = $05010000
VWINDOWS_XPSP1 = $05010100
VWINDOWS_XPSP2 = $05010200
VWINDOWS_XPSP3 = $05010300
VWINDOWS_XP64 = $05020000
VWINDOWS_VISTA = $06000000
VWINDOWS_VISTASP1 = $06000100
VWINDOWS_VISTASP2 = $06000200
VWINDOWS_7 = $06010000
VWINDOWS_7SP1 = $06010100
VWINDOWS_8 = $06020000
VWINDOWS_81 = $06030000
VWINDOWS_10 = $0A000000
VWINDOWS_10B1511 = $0A0005E7
VWINDOWS_10B1709 = $0A0006AD
; X86 server family of NTs
VWINDOWS_SERVER_NT31 = $03010000
VWINDOWS_SERVER_NT35 = $03050000
VWINDOWS_SERVER_NT351 = $03330000
VWINDOWS_SERVER_2K = $05000000
VWINDOWS_SERVER_2KSP1 = $05000100
VWINDOWS_SERVER_2KSP2 = $05000200
VWINDOWS_SERVER_2KSP3 = $05000300
VWINDOWS_SERVER_2KSP4 = $05000400
VWINDOWS_SERVER_2K3 = $05020000
VWINDOWS_SERVER_2K3SP1 = $05020100
VWINDOWS_SERVER_2K3SP2 = $05020200
VWINDOWS_SERVER_2K3SP3 = $05020300
VWINDOWS_SERVER_2K3SP4 = $05020400
VWINDOWS_SERVER_2K8 = $06000000
VWINDOWS_SERVER_2K8_R2 = $06010000
VWINDOWS_SERVER_2K12 = $06020000
VWINDOWS_SERVER_2K12_R2 = $06030000
VWINDOWS_SERVER_2K16 = $0A000000
VWINDOWS_SERVER_2K19 = $0A000000
; mobile CE family
VWINDOWS_CE_1 = $01000000
VWINDOWS_CE_101 = $01010000
VWINDOWS_CE_2 = $02000000
VWINDOWS_CE_201 = $02010000
VWINDOWS_CE_211 = $020B0000
VWINDOWS_CE_212 = $020C0000
VWINDOWS_CE_3 = $03000000
VWINDOWS_CE_35 = $03050000
VWINDOWS_CE_4 = $04000000
VWINDOWS_CE_41 = $04010000
VWINDOWS_CE_42 = $04020000
VWINDOWS_CE_5 = $05000000
VWINDOWS_CE_6 = $06000000
VWINDOWS_CE_7 = $07000000
VWINDOWS_MOBILE_5 = $05000000
VWINDOWS_MOBILE_6 = $06000000
VWINDOWS_MOBILE_7 = $07000000
; mobile NT family
VWINDOWS_RT = $06020000
VWINDOWS_RT81 = $06030000
VWINDOWS_MOBILE_10 = $0A000000
; platforms
VER_PLATFORM_WIN32S = $0000
VER_PLATFORM_WIN32_WINDOWS = $0001
VER_PLATFORM_WIN32_NT = $0002
VER_PLATFORM_WIN32_CE = $0003
VER_PLATFORM_UNIX = $8000
VER_PLATFORM_MACOSX = $8101
VER_PLATFORM_IOS = $8102
VER_PLATFORM_LINUX = $8201
VER_PLATFORM_SOLARIS = $8202
VER_PLATFORM_ANDROID = $8203
VER_PLATFORM_PS3 = $8204
VER_PLATFORM_NACL = $8205
helping structs:
struct LIST_ENTRY
Flink dd ?
Blink dd ?
ends
struct UNICODE_STRING
Length dw ?
MaxLength dw ?
Buffer dd ?
ends
struct PEB
InheritedAddressSpace db ?
ReadImageFileExecOptions db ?
BeingDebugged db ?
InProcessFlags db ?
Mutant dd ?
ImageBaseAddress dd ?
Ldr dd ?
ProcessParameters dd ?
SubSystemData dd ?
ProcessHeap dd ?
FastPebLock dd ?
union
struct ;up to 5.1
FastPebLockRoutine dd ?
FastPebUnlockRoutine dd ?
ends
struct ;5.2
SparePtr1 dd ?
SparePtr2 dd ?
ends
struct ;6.0 and higher
AtlThunkSListPtr dd ?
IFEOKey dd ?
ends
ends
union
EnvironmentUpdateCount dd ?
CrossProcessFlags db ?
ends
union
KernelCallbackTable dd ?
UserSharedInfoPtr dd ?
ends
union
EventLogSection dd ?
SystemReserved dd ?
ends
union
SpareUlong dd ?
AtlThunkSListPtr32 dd ?
ends
union
FreeList dd ?
SparePebPtr0 dd ?
ApiSetMap dd ?
ends
TlsExpansionCounter dd ?
TlsBitmap dd ?
TlsBitmapBits dd ?,?
ReadOnlySharedMemoryBase dd ?
union
ReadOnlySharedMemoryHeap dd ?
HotpatchInformation dd ?
SparePvoid0 dd ?
SharedData dd ?
ends
ReadOnlyStaticServerData dd ?
AnsiCodePageData dd ?
OemCodePageData dd ?
UnicodeCaseTableData dd ?
NumberOfProcessors dd ?
if defined %targetOS% & %targetOS%<VWINDOWS_NT351
else
union
NtGlobalFlag dd ?
dq ?
ends
end if
CriticalSectionTimeout dq ?
if defined %targetOS% & %targetOS%<VWINDOWS_NT351
else
HeapSegmentReserve dd ?
HeapSegmentCommit dd ?
HeapDeCommitTotalFreeThreshold dd ?
HeapDeCommitFreeBlockThreshold dd ?
NumberOfHeaps dd ?
MaximumNumberOfHeaps dd ?
ProcessHeaps dd ?
GdiSharedHandleTable dd ?
if defined %targetOS% & %targetOS%<VWINDOWS_NT4
else
ProcessStarterHelper dd ?
GdiDCAttributeList dd ?
LoaderLock dd ?
OSMajorVersion dd ?
OSMinorVersion dd ?
OSBuildNumber dw ?
OSCSDVersion dw ?
OSPlatformId dd ?
ImageSubsystem dd ?
ImageSubsystemMajorVersion dd ?
ImageSubsystemMinorVersion dd ?
union
ImageProcessAffinityMask dd ?
ActiveProcessAffinityMask dd ?
ends
GdiHandleBuffer dd $22 dup (?)
if defined %targetOS% & %targetOS%<VWINDOWS_2K
dd ?
else
PostProcessInitRoutine dd ?
TlsExpansionBitmap dd ?
TlsExpansionBitmapBits dd $20 dup (?)
SessionId dd ?
if defined %targetOS% & %targetOS%<VWINDOWS_XP
else
AppCompatFlags dq ?
AppCompatFlagsUser dq ?
pShimData dd ?
end if
AppCompatInfo dd ?
CSDVersion UNICODE_STRING
if defined %targetOS% & %targetOS%<VWINDOWS_XP
dd ?
else
ActivationContextData dd ?
ProcessAssemblyStorageMap dd ?
SystemDefaultActivationContextData dd ?
SystemAssemblyStorageMap dd ?
MinimumStackCommit dd ?
if defined %targetOS% & %targetOS%<VWINDOWS_SERVER_2K3
dd ?
else
FlsCallback dd ?
FlsListHead dd ?
FlsBitmap dd ?
FlsBitmapBits dd 4 dup (?)
FlsHighIndex dd ?
if defined %targetOS% & %targetOS%<VWINDOWS_VISTA
else
WerRegistrationData dd ?
WerShipAssertPtr dd ?
if defined %targetOS% & %targetOS%<VWINDOWS_7
else
union
pContextData dd ?
pUnused dd ?
ends
pImageHeaderHash dd ?
TracingFlags dd ?
dd ?
if defined %targetOS% & %targetOS%<VWINDOWS_8
else
CsrServerReadOnlySharedMemoryBase dq ?
if defined %targetOS% & %targetOS%<VWINDOWS_10B1511
else
TppWorkerpListLock dd ?
TppWorkerpList LIST_ENTRY
WaitOnAddressHashTable dd 128 dup (?)
if defined %targetOS% & %targetOS%<VWINDOWS_10B1709
dd ?
else
TelemetryCoverageHeader dd ?
CloudFileFlags dd ?
dd ?
end if
end if
end if
end if
end if
end if
end if
end if
end if
end if
ends
of cource there are stage intermixing.
Thanks if there any way exists.
Just struct extending dosn`t work with NT351 there was first insertion in ancestor fields, than with XP was second insertion.