SHD文件结构(print spooler)
#define SHD_SIGNATURE_WIN98 $0000494B //Windows 98
#define SHD_SIGNATURE_WINNT $00004966 //Windows NT
#define SHD_SIGNATURE_WIN2000 $00004967 //Win2000/XP
#define SHD_SIGNATURE_WIN2003 $00004968 //Windows 2003
typedef struct _SHADOW_FILE_HEADER_WIN98 {
DWORD dwSignature; //SHD_SIGNATURE_WIN98
WORD wStatus;
WORD wUnknown1;
DWORD dwJobID;
DWORD dwPriority;
DWORD offUserName; //Offset of WideChar+0
DWORD offNotifyName; //Offset of WideChar+0
DWORD offDocumentName; //Offset of WideChar+0
DWORD offPort; //Offset of WideChar+0
DWORD offPrinterName; //Offset of WideChar+0
DWORD offDriverName; //Offset of WideChar+0
DWORD offDevMode; //Offset of DEVMODE
//Note that the dmCopies in this structure will hold
//the wrong value when the Microsoft Word multiple
//copies bug occurs.
//In this case use the dmCopies from the SPL file
DWORD offPrintProcessor; //Offset of WideChar+0
DWORD offDataFormat; //Offset of WideChar+0
DWORD dwUnknown2;
SYSTEMTIME stSubmitTime;
DWORD dwStartTime;
DWORD dwUntilTime;
DWORD dwSizeSPL; //Size of SPL File
DWORD dwPageCount;
DWORD dwSizeSecurityInfo; //Size of SecurityInfo
DWORD offSecurityInfo; //Offset of SECURITY_DESCRIPTOR
DWORD dwUnknown3;
} SHADOW_FILE_HEADER_WIN98, *PSHADOW_FILE_HEADER_WIN98;
typedef struct _SHADOW_FILE_HEADER_WINNT {
DWORD dwSignature; //SHD_SIGNATURE_WINNT
WORD wStatus;
WORD wUnknown1;
DWORD dwJobID;
DWORD dwPriority;
DWORD offUserName; //Offset of WideChar+0
DWORD offNotifyName; //Offset of WideChar+0
DWORD offDocumentName; //Offset of WideChar+0
DWORD offPort; //Offset of WideChar+0
DWORD offPrinterName; //Offset of WideChar+0
DWORD offDriverName; //Offset of WideChar+0
DWORD offDevMode; //Offset of DEVMODE
//Note that the dmCopies in this structure will hold
//the wrong value when the Microsoft Word multiple
//copies bug occurs.
//In this case use the dmCopies from the SPL file
DWORD offPrintProcessor; //Offset of WideChar+0
DWORD offDataFormat; //Offset of WideChar+0
DWORD dwUnknown2;
SYSTEMTIME stSubmitTime;
DWORD dwStartTime;
DWORD dwUntilTime;
DWORD dwSizeSPL; //Size of SPL File
DWORD dwPageCount;
DWORD dwSizeSecurityInfo; //Size of SecurityInfo
DWORD offSecurityInfo; //Offset of SECURITY_DESCRIPTOR
DWORD dwUnknown3;
DWORD dwUnknown4;
DWORD dwUnknown5;
} SHADOW_FILE_HEADER_WINNT, *PSHADOW_FILE_HEADER_WINNT;
typedef struct _SHADOW_FILE_HEADER_WIN2000 {
DWORD dwSignature; //SHD_SIGNATURE_WIN2000
DWORD dwHeaderSize;
WORD wStatus;
WORD wUnknown1;
DWORD dwJobID;
DWORD dwPriority;
DWORD offUserName; //Offset of WideChar+0
DWORD offNotifyName; //Offset of WideChar+0
DWORD offDocumentName; //Offset of WideChar+0
DWORD offPort; //Offset of WideChar+0
DWORD offPrinterName; //Offset of WideChar+0
DWORD offDriverName; //Offset of WideChar+0
DWORD offDevMode; //Offset of DEVMODE
//Note that the dmCopies in this structure will hold
//the wrong value when the Microsoft Word multiple
//copies bug occurs.
//In this case use the dmCopies from the SPL file
DWORD offPrintProcessor; //Offset of WideChar+0
DWORD offDataFormat; //Offset of WideChar+0
DWORD dwUnknown2;
SYSTEMTIME stSubmitTime;
DWORD dwStartTime;
DWORD dwUntilTime;
DWORD dwSizeSPL; //Size of SPL File
DWORD dwPageCount;
DWORD dwSizeSecurityInfo; //Size of SecurityInfo
DWORD offSecurityInfo; //Offset of SECURITY_DESCRIPTOR
DWORD dwUnknown3;
DWORD dwUnknown4;
DWORD dwUnknown5;
DWORD offComputername; //Offset of WideChar+0
DWORD dwSPLSize2;
} SHADOW_FILE_HEADER_WIN2000, *PSHADOW_FILE_HEADER_WIN2000;
/* _SHADOW_FILE_HEADER_WIN2003 looks similar to _SHADOW_FILE_HEADER_WIN2000 */
typedef _SHADOW_FILE_HEADER_WIN2000 _SHADOW_FILE_HEADER_WIN2003;
typedef _SHADOW_FILE_HEADER_WIN2003 SHADOW_FILE_HEADER_WIN2003, *PSHADOW_FILE_HEADER_WIN2003;
