From ec0b962a70d7ffe8606d2fa553c328aa43186a1d Mon Sep 17 00:00:00 2001
From: midipix <writeonce@midipix.org>
Date: Sun, 29 Oct 2017 18:11:14 +0000
Subject: __ntapi_tt_spawn_foreign_process(): optionally use kernel32 as the
 backend.

---
 src/process/ntapi_tt_spawn_native_process.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'src/process/ntapi_tt_spawn_native_process.c')

diff --git a/src/process/ntapi_tt_spawn_native_process.c b/src/process/ntapi_tt_spawn_native_process.c
index 1458e78..ae62d35 100644
--- a/src/process/ntapi_tt_spawn_native_process.c
+++ b/src/process/ntapi_tt_spawn_native_process.c
@@ -67,6 +67,7 @@ int32_t __stdcall __ntapi_tt_spawn_native_process(nt_spawn_process_params * spar
 	void *				hchild[2];
 	uint32_t			written;
 	wchar16_t *			imgbuf;
+	uint32_t			fsuspended;
 
 	/* rtctx (convenience) */
 	rtctx = sparams->rtctx;
@@ -229,6 +230,13 @@ int32_t __stdcall __ntapi_tt_spawn_native_process(nt_spawn_process_params * spar
 				&rtblock,0,0,status);
 	}
 
+	/* process flags */
+	if (sparams->processflags & NT_PROCESS_CREATE_FLAGS_CREATE_THREAD_SUSPENDED)
+		fsuspended = NT_CREATE_SUSPENDED;
+
+	else if (sparams->threadflags & NT_CREATE_SUSPENDED)
+		fsuspended = NT_CREATE_SUSPENDED;
+
 	/* cparams */
 	__ntapi->tt_aligned_block_memset(
 		&cparams,0,sizeof(cparams));
@@ -293,7 +301,7 @@ int32_t __stdcall __ntapi_tt_spawn_native_process(nt_spawn_process_params * spar
 		sizeof(nt_pbi));
 
 	/* create suspended? */
-	if (sparams->fsuspended)
+	if (fsuspended)
 		return __tt_spawn_return(
 			&rtblock,0,0,NT_STATUS_SUCCESS);
 
-- 
cgit v1.2.3