d3/d4d/sdk_2lib_2rtl_2process_8c_source.html

 /*
  * COPYRIGHT:         See COPYING in the top level directory
  * PROJECT:           ReactOS system libraries
  * FILE:              lib/rtl/process.c
  * PURPOSE:           Process functions
  * PROGRAMMER:        Alex Ionescu (alex@relsoft.net)
  *                    Ariadne (ariadne@xs4all.nl)
  *                    Eric Kohl
  */

 /* INCLUDES ****************************************************************/

 #include <rtl.h>

 #define NDEBUG
 #include <debug.h>

 /* INTERNAL FUNCTIONS *******************************************************/

 NTSTATUS
 NTAPI
 RtlpMapFile(PUNICODE_STRING ImageFileName,
             ULONG Attributes,
             PHANDLE Section)
 {
     OBJECT_ATTRIBUTES ObjectAttributes;
     NTSTATUS Status;
     HANDLE hFile = NULL;
     IO_STATUS_BLOCK IoStatusBlock;

     /* Open the Image File */
     InitializeObjectAttributes(&ObjectAttributes,
                                ImageFileName,
                                Attributes & (OBJ_CASE_INSENSITIVE | OBJ_INHERIT),
                                NULL,
                                NULL);
     Status = ZwOpenFile(&hFile,
                         SYNCHRONIZE | FILE_EXECUTE | FILE_READ_DATA,
                         &ObjectAttributes,
                         &IoStatusBlock,
                         FILE_SHARE_DELETE | FILE_SHARE_READ,
                         FILE_SYNCHRONOUS_IO_NONALERT | FILE_NON_DIRECTORY_FILE);
     if (!NT_SUCCESS(Status))
     {
         DPRINT1("Failed to read image file from disk, Status = 0x%08X\n", Status);
         return Status;
     }

     /* Now create a section for this image */
     Status = ZwCreateSection(Section,
                              SECTION_ALL_ACCESS,
                              NULL,
                              NULL,
                              PAGE_EXECUTE,
                              SEC_IMAGE,
                              hFile);
     if (!NT_SUCCESS(Status))
     {
         DPRINT1("Failed to create section for image file, Status = 0x%08X\n", Status);
     }

     ZwClose(hFile);
     return Status;
 }

 /* FUNCTIONS ****************************************************************/

 NTSTATUS
 NTAPI
 RtlpInitEnvironment(HANDLE ProcessHandle,
                     PPEB Peb,
                     PRTL_USER_PROCESS_PARAMETERS ProcessParameters)
 {
     NTSTATUS Status;
     PVOID BaseAddress = NULL;
     SIZE_T EnviroSize;
     SIZE_T Size;
     PWCHAR Environment = NULL;
     DPRINT("RtlpInitEnvironment(ProcessHandle: %p, Peb: %p Params: %p)\n",
             ProcessHandle, Peb, ProcessParameters);

     /* Give the caller 1MB if he requested it */
     if (ProcessParameters->Flags & RTL_USER_PROCESS_PARAMETERS_RESERVE_1MB)
     {
         /* Give 1MB starting at 0x4 */
         BaseAddress = (PVOID)4;
         EnviroSize = (1024 * 1024) - 256;
         Status = ZwAllocateVirtualMemory(ProcessHandle,
                                          &BaseAddress,
                                          0,
                                          &EnviroSize,
                                          MEM_RESERVE,
                                          PAGE_READWRITE);
         if (!NT_SUCCESS(Status))
         {
             DPRINT1("Failed to reserve 1MB of space \n");
             return Status;
         }
     }

     /* Find the end of the Enviroment Block */
     if ((Environment = (PWCHAR)ProcessParameters->Environment))
     {
         while (*Environment++) while (*Environment++);

         /* Calculate the size of the block */
         EnviroSize = (ULONG)((ULONG_PTR)Environment -
                              (ULONG_PTR)ProcessParameters->Environment);

         /* Allocate and Initialize new Environment Block */
         Size = EnviroSize;
         Status = ZwAllocateVirtualMemory(ProcessHandle,
                                          &BaseAddress,
                                          0,
                                          &Size,
                                          MEM_RESERVE | MEM_COMMIT,
                                          PAGE_READWRITE);
         if (!NT_SUCCESS(Status))
         {
             DPRINT1("Failed to allocate Environment Block\n");
             return Status;
         }

         /* Write the Environment Block */
         ZwWriteVirtualMemory(ProcessHandle,
                              BaseAddress,
                              ProcessParameters->Environment,
                              EnviroSize,
                              NULL);

         /* Save pointer */
         ProcessParameters->Environment = BaseAddress;
     }

     /* Now allocate space for the Parameter Block */
     BaseAddress = NULL;
     Size = ProcessParameters->MaximumLength;
     Status = ZwAllocateVirtualMemory(ProcessHandle,
                                      &BaseAddress,
                                      0,
                                      &Size,
                                      MEM_COMMIT,
                                      PAGE_READWRITE);
     if (!NT_SUCCESS(Status))
     {
         DPRINT1("Failed to allocate Parameter Block\n");
         return Status;
     }

     /* Write the Parameter Block */
     Status = ZwWriteVirtualMemory(ProcessHandle,
                                   BaseAddress,
                                   ProcessParameters,
                                   ProcessParameters->Length,
                                   NULL);
     if (!NT_SUCCESS(Status))
     {
         DPRINT1("Failed to write the Parameter Block\n");
         return Status;
     }

     /* Write pointer to Parameter Block */
     Status = ZwWriteVirtualMemory(ProcessHandle,
                                   &Peb->ProcessParameters,
                                   &BaseAddress,
                                   sizeof(BaseAddress),
                                   NULL);
     if (!NT_SUCCESS(Status))
     {
         DPRINT1("Failed to write pointer to Parameter Block\n");
         return Status;
     }

     /* Return */
     return STATUS_SUCCESS;
 }

 /*
  * @implemented
  *
  * Creates a process and its initial thread.
  *
  * NOTES:
  *  - The first thread is created suspended, so it needs a manual resume!!!
  *  - If ParentProcess is NULL, current process is used
  *  - ProcessParameters must be normalized
  *  - Attributes are object attribute flags used when opening the ImageFileName.
  *    Valid flags are OBJ_INHERIT and OBJ_CASE_INSENSITIVE.
  *
  * -Gunnar
  */
 NTSTATUS
 NTAPI
 RtlCreateUserProcess(IN PUNICODE_STRING ImageFileName,
                      IN ULONG Attributes,
                      IN OUT PRTL_USER_PROCESS_PARAMETERS ProcessParameters,
                      IN PSECURITY_DESCRIPTOR ProcessSecurityDescriptor OPTIONAL,
                      IN PSECURITY_DESCRIPTOR ThreadSecurityDescriptor OPTIONAL,
                      IN HANDLE ParentProcess OPTIONAL,
                      IN BOOLEAN InheritHandles,
                      IN HANDLE DebugPort OPTIONAL,
                      IN HANDLE ExceptionPort OPTIONAL,
                      OUT PRTL_USER_PROCESS_INFORMATION ProcessInfo)
 {
     NTSTATUS Status;
     HANDLE hSection;
     PROCESS_BASIC_INFORMATION ProcessBasicInfo;
     OBJECT_ATTRIBUTES ObjectAttributes;
     UNICODE_STRING DebugString = RTL_CONSTANT_STRING(L"\\WindowsSS");
     DPRINT("RtlCreateUserProcess: %wZ\n", ImageFileName);

     /* Map and Load the File */
     Status = RtlpMapFile(ImageFileName,
                          Attributes,
                          &hSection);
     if (!NT_SUCCESS(Status))
     {
         DPRINT1("Could not map process image\n");
         return Status;
     }

     /* Clean out the current directory handle if we won't use it */
     if (!InheritHandles) ProcessParameters->CurrentDirectory.Handle = NULL;

     /* Use us as parent if none other specified */
     if (!ParentProcess) ParentProcess = NtCurrentProcess();

     /* Initialize the Object Attributes */
     InitializeObjectAttributes(&ObjectAttributes,
                                NULL,
                                0,
                                NULL,
                                ProcessSecurityDescriptor);

     /*
      * If FLG_ENABLE_CSRDEBUG is used, then CSRSS is created under the
      * watch of WindowsSS
      */
     if ((RtlGetNtGlobalFlags() & FLG_ENABLE_CSRDEBUG) &&
         (wcsstr(ImageFileName->Buffer, L"csrss")))
     {
         ObjectAttributes.ObjectName = &DebugString;
     }

     /* Create Kernel Process Object */
     Status = ZwCreateProcess(&ProcessInfo->ProcessHandle,
                              PROCESS_ALL_ACCESS,
                              &ObjectAttributes,
                              ParentProcess,
                              InheritHandles,
                              hSection,
                              DebugPort,
                              ExceptionPort);
     if (!NT_SUCCESS(Status))
     {
         DPRINT1("Could not create Kernel Process Object\n");
         ZwClose(hSection);
         return Status;
     }

     /* Get some information on the image */
     Status = ZwQuerySection(hSection,
                             SectionImageInformation,
                             &ProcessInfo->ImageInformation,
                             sizeof(SECTION_IMAGE_INFORMATION),
                             NULL);
     if (!NT_SUCCESS(Status))
     {
         DPRINT1("Could not query Section Info\n");
         ZwClose(ProcessInfo->ProcessHandle);
         ZwClose(hSection);
         return Status;
     }

     /* Get some information about the process */
     Status = ZwQueryInformationProcess(ProcessInfo->ProcessHandle,
                                        ProcessBasicInformation,
                                        &ProcessBasicInfo,
                                        sizeof(ProcessBasicInfo),
                                        NULL);
     if (!NT_SUCCESS(Status))
     {
         DPRINT1("Could not query Process Info\n");
         ZwClose(ProcessInfo->ProcessHandle);
         ZwClose(hSection);
         return Status;
     }

     /* Duplicate the standard handles */
     Status = STATUS_SUCCESS;
     _SEH2_TRY
     {
         if (ProcessParameters->StandardInput)
         {
             Status = ZwDuplicateObject(ParentProcess,
                                        ProcessParameters->StandardInput,
                                        ProcessInfo->ProcessHandle,
                                        &ProcessParameters->StandardInput,
                                        0,
                                        0,
                                        DUPLICATE_SAME_ACCESS |
                                        DUPLICATE_SAME_ATTRIBUTES);
             if (!NT_SUCCESS(Status))
             {
                 _SEH2_LEAVE;
             }
         }

         if (ProcessParameters->StandardOutput)
         {
             Status = ZwDuplicateObject(ParentProcess,
                                        ProcessParameters->StandardOutput,
                                        ProcessInfo->ProcessHandle,
                                        &ProcessParameters->StandardOutput,
                                        0,
                                        0,
                                        DUPLICATE_SAME_ACCESS |
                                        DUPLICATE_SAME_ATTRIBUTES);
             if (!NT_SUCCESS(Status))
             {
                 _SEH2_LEAVE;
             }
         }

         if (ProcessParameters->StandardError)
         {
             Status = ZwDuplicateObject(ParentProcess,
                                        ProcessParameters->StandardError,
                                        ProcessInfo->ProcessHandle,
                                        &ProcessParameters->StandardError,
                                        0,
                                        0,
                                        DUPLICATE_SAME_ACCESS |
                                        DUPLICATE_SAME_ATTRIBUTES);
             if (!NT_SUCCESS(Status))
             {
                 _SEH2_LEAVE;
             }
         }
     }
     _SEH2_FINALLY
     {
         if (!NT_SUCCESS(Status))
         {
             ZwClose(ProcessInfo->ProcessHandle);
             ZwClose(hSection);
         }
     }
     _SEH2_END;

     if (!NT_SUCCESS(Status))
         return Status;

     /* Create Process Environment */
     Status = RtlpInitEnvironment(ProcessInfo->ProcessHandle,
                                  ProcessBasicInfo.PebBaseAddress,
                                  ProcessParameters);
     if (!NT_SUCCESS(Status))
     {
         DPRINT1("Could not Create Process Environment\n");
         ZwClose(ProcessInfo->ProcessHandle);
         ZwClose(hSection);
         return Status;
     }

     /* Create the first Thread */
     Status = RtlCreateUserThread(ProcessInfo->ProcessHandle,
                                  ThreadSecurityDescriptor,
                                  TRUE,
                                  ProcessInfo->ImageInformation.ZeroBits,
                                  ProcessInfo->ImageInformation.MaximumStackSize,
                                  ProcessInfo->ImageInformation.CommittedStackSize,
                                  ProcessInfo->ImageInformation.TransferAddress,
                                  ProcessBasicInfo.PebBaseAddress,
                                  &ProcessInfo->ThreadHandle,
                                  &ProcessInfo->ClientId);
     if (!NT_SUCCESS(Status))
     {
         DPRINT1("Could not Create Thread\n");
         ZwClose(ProcessInfo->ProcessHandle);
         ZwClose(hSection); /* Don't try to optimize this on top! */
         return Status;
     }

     /* Close the Section Handle and return */
     ZwClose(hSection);
     return STATUS_SUCCESS;
 }

 /*
  * @implemented
  */
 PVOID
 NTAPI
 RtlEncodePointer(IN PVOID Pointer)
 {
     ULONG Cookie;
     NTSTATUS Status;

     Status = ZwQueryInformationProcess(NtCurrentProcess(),
                                        ProcessCookie,
                                        &Cookie,
                                        sizeof(Cookie),
                                        NULL);
     if(!NT_SUCCESS(Status))
     {
         DPRINT1("Failed to receive the process cookie! Status: 0x%lx\n", Status);
         return Pointer;
     }

     return (PVOID)((ULONG_PTR)Pointer ^ Cookie);
 }

 /*
  * @implemented
  */
 PVOID
 NTAPI
 RtlDecodePointer(IN PVOID Pointer)
 {
     return RtlEncodePointer(Pointer);
 }

 /*
  * @implemented
  */
 PVOID
 NTAPI
 RtlEncodeSystemPointer(IN PVOID Pointer)
 {
     return (PVOID)((ULONG_PTR)Pointer ^ SharedUserData->Cookie);
 }

 /*
  * @implemented
  */
 PVOID
 NTAPI
 RtlDecodeSystemPointer(IN PVOID Pointer)
 {
     return RtlEncodeSystemPointer(Pointer);
 }

 /*
  * @implemented
  *
  * NOTES:
  *   Implementation based on the documentation from:
  *   http://www.geoffchappell.com/studies/windows/win32/ntdll/api/rtl/peb/setprocessiscritical.htm
  */
 NTSTATUS
 __cdecl
 RtlSetProcessIsCritical(IN BOOLEAN NewValue,
                         OUT PBOOLEAN OldValue OPTIONAL,
                         IN BOOLEAN NeedBreaks)
 {
     ULONG BreakOnTermination;

     /* Initialize to FALSE */
     if (OldValue) *OldValue = FALSE;

     /* Fail, if the critical breaks flag is required but is not set */
     if ((NeedBreaks) &&
         !(NtCurrentPeb()->NtGlobalFlag & FLG_ENABLE_SYSTEM_CRIT_BREAKS))
     {
         return STATUS_UNSUCCESSFUL;
     }

     /* Check if the caller wants the old value */
     if (OldValue)
     {
         /* Query and return the old break on termination flag for the process */
         ZwQueryInformationProcess(NtCurrentProcess(),
                                   ProcessBreakOnTermination,
                                   &BreakOnTermination,
                                   sizeof(ULONG),
                                   NULL);
         *OldValue = (BOOLEAN)BreakOnTermination;
     }

     /* Set the break on termination flag for the process */
     BreakOnTermination = NewValue;
     return ZwSetInformationProcess(NtCurrentProcess(),
                                    ProcessBreakOnTermination,
                                    &BreakOnTermination,
                                    sizeof(ULONG));
 }

 ULONG
 NTAPI
 RtlGetCurrentProcessorNumber(VOID)
 {
     /* Forward to kernel */
     return NtGetCurrentProcessorNumber();
 }

 _IRQL_requires_max_(APC_LEVEL)
 ULONG
 NTAPI
 RtlRosGetAppcompatVersion(VOID)
 {
     /* Get the current PEB */
     PPEB Peb = RtlGetCurrentPeb();
     if (Peb == NULL)
     {
         /* Default to Server 2003 */
         return _WIN32_WINNT_WS03;
     }

     /* Calculate OS version from PEB fields */
     return (Peb->OSMajorVersion << 8) | Peb->OSMinorVersion;
 }
_SECURITY_DESCRIPTOR
Definition: ms-dtyp.idl:301

RtlEncodeSystemPointer
PVOID NTAPI RtlEncodeSystemPointer(IN PVOID Pointer)
Definition: process.c:429

ObjectAttributes
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35

Environment
PVOID PVOID PWCHAR PVOID Environment
Definition: env.c:45

IN
#define IN
Definition: typedefs.h:39

RtlpMapFile
NTSTATUS NTAPI RtlpMapFile(PUNICODE_STRING ImageFileName, ULONG Attributes, PHANDLE Section)
Definition: process.c:22

_RTL_USER_PROCESS_PARAMETERS::Length
ULONG Length
Definition: rtltypes.h:1530

Peb
PPEB Peb
Definition: dllmain.c:27

PROCESS_ALL_ACCESS
#define PROCESS_ALL_ACCESS
Definition: nt_native.h:1324

OBJ_CASE_INSENSITIVE
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228

_WIN32_WINNT_WS03
#define _WIN32_WINNT_WS03
Definition: sdkddkver.h:23

__cdecl
#define __cdecl
Definition: accygwin.h:79

TRUE
#define TRUE
Definition: types.h:120

_OBJECT_ATTRIBUTES
Definition: umtypes.h:181

wcsstr
_CONST_RETURN wchar_t *__cdecl wcsstr(_In_z_ const wchar_t *_Str, _In_z_ const wchar_t *_SubStr)

ZwClose
NTSYSAPI NTSTATUS NTAPI ZwClose(_In_ HANDLE Handle)

rtl.h

RtlDecodePointer
PVOID NTAPI RtlDecodePointer(IN PVOID Pointer)
Definition: process.c:419

NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26

ProcessBasicInformation
Definition: winternl.h:394

FLG_ENABLE_CSRDEBUG
#define FLG_ENABLE_CSRDEBUG
Definition: pstypes.h:72

PWCHAR
uint16_t * PWCHAR
Definition: typedefs.h:56

_PEB::ProcessParameters
PRTL_USER_PROCESS_PARAMETERS ProcessParameters
Definition: btrfs_drv.h:1959

FLG_ENABLE_SYSTEM_CRIT_BREAKS
#define FLG_ENABLE_SYSTEM_CRIT_BREAKS
Definition: pstypes.h:78

MEM_COMMIT
#define MEM_COMMIT
Definition: nt_native.h:1313

SectionImageInformation
Definition: mmtypes.h:192

FILE_SHARE_READ
#define FILE_SHARE_READ
Definition: compat.h:136

_RTL_USER_PROCESS_INFORMATION
Definition: rtltypes.h:1565

_SEH2_TRY
_SEH2_TRY
Definition: create.c:4226

ULONG_PTR
uint32_t ULONG_PTR
Definition: typedefs.h:65

RtlCreateUserProcess
NTSTATUS NTAPI RtlCreateUserProcess(IN PUNICODE_STRING ImageFileName, IN ULONG Attributes, IN OUT PRTL_USER_PROCESS_PARAMETERS ProcessParameters, IN PSECURITY_DESCRIPTOR ProcessSecurityDescriptor OPTIONAL, IN PSECURITY_DESCRIPTOR ThreadSecurityDescriptor OPTIONAL, IN HANDLE ParentProcess OPTIONAL, IN BOOLEAN InheritHandles, IN HANDLE DebugPort OPTIONAL, IN HANDLE ExceptionPort OPTIONAL, OUT PRTL_USER_PROCESS_INFORMATION ProcessInfo)
Definition: process.c:194

NtGetCurrentProcessorNumber
ULONG NTAPI NtGetCurrentProcessorNumber(VOID)
Definition: sysinfo.c:3057

_PROCESS_BASIC_INFORMATION::PebBaseAddress
PPEB PebBaseAddress
Definition: winternl.h:404

SECTION_ALL_ACCESS
#define SECTION_ALL_ACCESS
Definition: nt_native.h:1293

DUPLICATE_SAME_ACCESS
#define DUPLICATE_SAME_ACCESS

NTAPI
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
Definition: IoEaTest.cpp:117

FALSE
#define FALSE
Definition: types.h:117

FILE_READ_DATA
#define FILE_READ_DATA
Definition: nt_native.h:628

MEM_RESERVE
#define MEM_RESERVE
Definition: nt_native.h:1314

_RTL_USER_PROCESS_PARAMETERS::MaximumLength
ULONG MaximumLength
Definition: rtltypes.h:1529

BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185

NULL
smooth NULL
Definition: ftsmooth.c:416

PAGE_EXECUTE
#define PAGE_EXECUTE
Definition: nt_native.h:1306

RtlDecodeSystemPointer
PVOID NTAPI RtlDecodeSystemPointer(IN PVOID Pointer)
Definition: process.c:439

DPRINT
void DPRINT(...)
Definition: polytest.cpp:61

ZwWriteVirtualMemory
NTSYSAPI NTSTATUS NTAPI ZwWriteVirtualMemory(_In_ HANDLE ProcessHandle, _In_ PVOID BaseAddress, _In_ PVOID Buffer, _In_ SIZE_T NumberOfBytesToWrite, _Out_opt_ PSIZE_T NumberOfBytesWritten)

RtlEncodePointer
PVOID NTAPI RtlEncodePointer(IN PVOID Pointer)
Definition: process.c:395

RtlSetProcessIsCritical
NTSTATUS __cdecl RtlSetProcessIsCritical(IN BOOLEAN NewValue, OUT PBOOLEAN OldValue OPTIONAL, IN BOOLEAN NeedBreaks)
Definition: process.c:453

NtCurrentProcess
#define NtCurrentProcess()
Definition: nt_native.h:1657

_PROCESS_BASIC_INFORMATION
Definition: winternl.h:401

BaseAddress
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID * BaseAddress
Definition: mmfuncs.h:404

ProcessCookie
Definition: winternl.h:891

RTL_USER_PROCESS_PARAMETERS_RESERVE_1MB
#define RTL_USER_PROCESS_PARAMETERS_RESERVE_1MB
Definition: rtltypes.h:46

ZwQueryInformationProcess
NTSYSAPI NTSTATUS NTAPI ZwQueryInformationProcess(_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _Out_ PVOID ProcessInformation, _In_ ULONG ProcessInformationLength, _Out_opt_ PULONG ReturnLength)

NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32

OBJ_INHERIT
#define OBJ_INHERIT
Definition: winternl.h:225

Cookie
_In_opt_ PVOID _Out_ PLARGE_INTEGER Cookie
Definition: cmfuncs.h:13

RtlGetCurrentPeb
PPEB NTAPI RtlGetCurrentPeb(VOID)
Definition: libsupp.c:63

STATUS_UNSUCCESSFUL
#define STATUS_UNSUCCESSFUL
Definition: udferr_usr.h:132

ZwOpenFile
NTSYSAPI NTSTATUS NTAPI ZwOpenFile(_Out_ PHANDLE FileHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ ULONG ShareAccess, _In_ ULONG OpenOptions)

SharedUserData
#define SharedUserData

PBOOLEAN
char * PBOOLEAN
Definition: retypes.h:11

Status
Status
Definition: gdiplustypes.h:24

FILE_SHARE_DELETE
#define FILE_SHARE_DELETE
Definition: nt_native.h:682

L
static const WCHAR L[]
Definition: oid.c:1250

_RTL_USER_PROCESS_PARAMETERS
Definition: btrfs_drv.h:1944

PHANDLE
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:454

FILE_EXECUTE
#define FILE_EXECUTE
Definition: nt_native.h:642

FILE_NON_DIRECTORY_FILE
#define FILE_NON_DIRECTORY_FILE
Definition: constants.h:492

RtlCreateUserThread
NTSYSAPI NTSTATUS NTAPI RtlCreateUserThread(_In_ PVOID ThreadContext, _Out_ HANDLE *OutThreadHandle, _Reserved_ PVOID Reserved1, _Reserved_ PVOID Reserved2, _Reserved_ PVOID Reserved3, _Reserved_ PVOID Reserved4, _Reserved_ PVOID Reserved5, _Reserved_ PVOID Reserved6, _Reserved_ PVOID Reserved7, _Reserved_ PVOID Reserved8)

Size
IN PVOID IN PVOID IN USHORT IN USHORT Size
Definition: pci.h:361

SYNCHRONIZE
#define SYNCHRONIZE
Definition: nt_native.h:61

hFile
_In_ HANDLE hFile
Definition: mswsock.h:90

_RTL_USER_PROCESS_PARAMETERS::Flags
ULONG Flags
Definition: rtltypes.h:1531

ProcessBreakOnTermination
Definition: winternl.h:398

_IO_STATUS_BLOCK
Definition: env_spec_w32.h:870

SIZE_T
ULONG_PTR SIZE_T
Definition: typedefs.h:80

_UNICODE_STRING
Definition: env_spec_w32.h:368

ULONG
static ULONG
Definition: process.c:83

Attributes
_Must_inspect_result_ _In_ USHORT _In_ PHIDP_PREPARSED_DATA _Out_writes_to_ LengthAttributes PHIDP_EXTENDED_ATTRIBUTES Attributes
Definition: hidpi.h:348

_PEB::OSMinorVersion
ULONG OSMinorVersion
Definition: ntddk_ex.h:301

_SEH2_END
_SEH2_END
Definition: create.c:4400

_PEB
Definition: btrfs_drv.h:1953

NtCurrentPeb
#define NtCurrentPeb()
Definition: FLS.c:20

DUPLICATE_SAME_ATTRIBUTES
#define DUPLICATE_SAME_ATTRIBUTES
Definition: obtypes.h:153

_SEH2_FINALLY
_SEH2_FINALLY
Definition: create.c:4371

IoStatusBlock
static OUT PIO_STATUS_BLOCK IoStatusBlock
Definition: pipe.c:75

RtlGetCurrentProcessorNumber
ULONG NTAPI RtlGetCurrentProcessorNumber(VOID)
Definition: process.c:491

DPRINT1
#define DPRINT1
Definition: precomp.h:8

ZwQuerySection
NTSYSAPI NTSTATUS NTAPI ZwQuerySection(_In_ HANDLE SectionHandle, _In_ SECTION_INFORMATION_CLASS SectionInformationClass, _Out_ PVOID SectionInformation, _In_ SIZE_T Length, _Out_opt_ PSIZE_T ResultLength)

FILE_SYNCHRONOUS_IO_NONALERT
#define FILE_SYNCHRONOUS_IO_NONALERT
Definition: from_kernel.h:31

BOOLEAN
#define BOOLEAN
Definition: pedump.c:73

OUT
#define OUT
Definition: typedefs.h:40

ULONG
unsigned int ULONG
Definition: retypes.h:1

PVOID
static PVOID
Definition: process.c:83

ULONG_PTR
#define ULONG_PTR
Definition: config.h:101

SEC_IMAGE
#define SEC_IMAGE
Definition: mmtypes.h:96

InitializeObjectAttributes
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106

DebugString
CCHAR DebugString[256]
Definition: cmdline.c:22

ZwCreateProcess
NTSYSAPI NTSTATUS NTAPI ZwCreateProcess(_Out_ PHANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ HANDLE ParentProcess, _In_ BOOLEAN InheritObjectTable, _In_opt_ HANDLE SectionHandle, _In_opt_ HANDLE DebugPort, _In_opt_ HANDLE ExceptionPort)

_RTL_USER_PROCESS_PARAMETERS::Environment
PWSTR Environment
Definition: rtltypes.h:1542

_PEB::OSMajorVersion
ULONG OSMajorVersion
Definition: ntddk_ex.h:300

_SEH2_LEAVE
#define _SEH2_LEAVE
Definition: filesup.c:20

void
Definition: nsiface.idl:2306

ProcessHandle
_In_ HANDLE ProcessHandle
Definition: mmfuncs.h:403

RtlpInitEnvironment
NTSTATUS NTAPI RtlpInitEnvironment(HANDLE ProcessHandle, PPEB Peb, PRTL_USER_PROCESS_PARAMETERS ProcessParameters)
Definition: process.c:70

STATUS_SUCCESS
return STATUS_SUCCESS
Definition: btrfs.c:3014

NtGlobalFlag
ULONG NtGlobalFlag
Definition: init.c:52

_SECTION_IMAGE_INFORMATION
Definition: mmtypes.h:336

_IRQL_requires_max_
_IRQL_requires_max_(APC_LEVEL)
Definition: process.c:497

hSection
_In_ const BITMAPINFO _In_ UINT _In_opt_ HANDLE hSection
Definition: wingdi.h:3238

APC_LEVEL
#define APC_LEVEL
Definition: env_spec_w32.h:695

RtlGetNtGlobalFlags
ULONG NTAPI RtlGetNtGlobalFlags(VOID)
Definition: libsupp.c:93

PAGE_READWRITE
#define PAGE_READWRITE
Definition: nt_native.h:1304

RTL_CONSTANT_STRING
#define RTL_CONSTANT_STRING(s)
Definition: tunneltest.c:14

OPTIONAL
PULONG MinorVersion OPTIONAL
Definition: CrossNt.h:68

ZwSetInformationProcess
NTSYSAPI NTSTATUS NTAPI ZwSetInformationProcess(_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _In_ PVOID ProcessInformation, _In_ ULONG ProcessInformationLength)