#ifndef _NT_PROCESS_H_ #define _NT_PROCESS_H_ #include "nt_abi.h" #include "nt_pe.h" #include "nt_compiler.h" #include "nt_object.h" #include "nt_memory.h" #include "nt_section.h" #include "nt_sync.h" typedef enum _nt_process_info_class { NT_PROCESS_BASIC_INFORMATION, NT_PROCESS_QUOTA_LIMITS, NT_PROCESS_IO_COUNTERS, NT_PROCESS_VM_COUNTERS, NT_PROCESS_TIMES, NT_PROCESS_BASE_PRIORITY, NT_PROCESS_RAISE_PRIORITY, NT_PROCESS_DEBUG_PORT, NT_PROCESS_EXCEPTION_PORT, NT_PROCESS_ACCESS_TOKEN, NT_PROCESS_LDT_INFORMATION, NT_PROCESS_LDT_SIZE, NT_PROCESS_DEFAULT_HARD_ERROR_MODE, NT_PROCESS_IO_PORT_HANDLERS, NT_PROCESS_POOLED_USAGE_AND_LIMITS, NT_PROCESS_WORKING_SET_WATCH, NT_PROCESS_USER_MODE_IOPL, NT_PROCESS_ENABLE_ALIGNMENT_FAULT_FIXUP, NT_PROCESS_PRIORITY_CLASS, NT_PROCESS_WX86_INFORMATION, NT_PROCESS_HANDLE_COUNT, NT_PROCESS_AFFINITY_MASK, NT_PROCESS_PRIORITY_BOOST, NT_PROCESS_DEVICE_MAP, NT_PROCESS_SESSION_INFORMATION, NT_PROCESS_FOREGROUND_INFORMATION, NT_PROCESS_WOW64_INFORMATION, NT_PROCESS_IMAGE_FILE_NAME } nt_process_info_class; typedef enum _nt_process_create_info_class { NT_PROCESS_CREATE_INITIAL_STATE, NT_PROCESS_CREATE_FAIL_ON_FILE_OPEN, NT_PROCESS_CREATE_FAIL_ON_SECTION_CREATE, NT_PROCESS_CREATE_FAIL_EXE_FORMAT, NT_PROCESS_CREATE_FAIL_MACHINE_MISMATCH, NT_PROCESS_CREATE_FAIL_EXE_NAME, NT_PROCESS_CREATE_SUCCESS, NT_PROCESS_CREATE_MAXIMUM_STATES, } nt_process_create_info_class; /* friendly process synchronization opcode indexes */ typedef enum _nt_process_opcode_idx { NT_PROCESS_OPCODE_IDX_FORK, NT_PROCESS_OPCODE_IDX_EXECVE, NT_PROCESS_OPCODE_IDX_STOPPED, NT_PROCESS_OPCODE_IDX_CONTINUED, NT_PROCESS_OPCODE_IDX_CLIENT, NT_PROCESS_OPCODE_IDX_SERVER, } nt_process_opcode_idx; /* special handles */ #define NT_CURRENT_PROCESS_HANDLE (void *)(uintptr_t)-1 /* process access bits */ #define NT_PROCESS_CREATE_PROCESS 0x00000080U #define NT_PROCESS_CREATE_THREAD 0x00000002U #define NT_PROCESS_DUP_HANDLE 0x00000040U #define NT_PROCESS_QUERY_INFORMATION 0x00000400U #define NT_PROCESS_SET_INFORMATION 0x00000200U #define NT_PROCESS_SET_QUOTA 0x00000100U #define NT_PROCESS_SUSPEND_RESUME 0x00000800U #define NT_PROCESS_TERMINATE 0x00000001U #define NT_PROCESS_VM_OPERATION 0x00000008U #define NT_PROCESS_VM_READ 0x00000010U #define NT_PROCESS_VM_WRITE 0x00000020U #define NT_PROCESS_SYNCHRONIZE 0x00100000U #define NT_PROCESS_PRESERVE_AUTHZ_LEVEL 0x02000000U #define NT_PROCESS_ALL_ACCESS NT_PROCESS_CREATE_PROCESS \ | NT_PROCESS_CREATE_THREAD \ | NT_PROCESS_DUP_HANDLE \ | NT_PROCESS_QUERY_INFORMATION \ | NT_PROCESS_SET_INFORMATION \ | NT_PROCESS_SET_QUOTA \ | NT_PROCESS_SUSPEND_RESUME \ | NT_PROCESS_TERMINATE \ | NT_PROCESS_VM_OPERATION \ | NT_PROCESS_VM_READ \ | NT_PROCESS_VM_WRITE \ | NT_PROCESS_SYNCHRONIZE /* set error mode */ #define NT_SEM_FAIL_CRITICAL_ERRORS 0x0001 #define NT_SEM_NO_GP_FAULT_ERROR_BOX 0x0002 #define NT_SEM_NO_ALIGNMENT_FAULT_EXCEPT 0x0004 #define NT_SEM_NO_OPEN_FILE_ERROR_BOX 0x8000 /* process priority class (information class) */ #define NT_PC_IDLE 0x00 #define NT_PC_NORMAL 0x02 #define NT_PC_HIGH 0x03 #define NT_PC_REALTIME 0x04 #define NT_PC_BELOW_NORMAL 0x05 #define NT_PC_ABOVE_NORMAL 0x05 /* process device map drive type */ #define NT_DRIVE_UNKNOWN 0x00 #define NT_NO_ROOT_DIR 0x01 #define NT_DRIVE_REMOVABLE 0x02 #define NT_DRIVE_FIXED 0x03 #define NT_DRIVE_REMOTE 0x04 #define NT_DRIVE_CDROM 0x05 #define NT_DRIVE_RAMDISK 0x06 /* process debug info class mask */ #define NT_PDI_MODULES 0x0001 #define NT_PDI_BACKTRACE 0x0002 #define NT_PDI_HEAPS 0x0004 #define NT_PDI_HEAP_TAGS 0x0008 #define NT_PDI_HEAP_BLOCKS 0x0010 #define NT_PDI_LOCKS 0x0020 /* process debug module information flags */ #define NT_LDRP_STATIC_LINK 0x00000002 #define NT_LDRP_IMAGE_DLL 0x00000004 #define NT_LDRP_LOAD_IN_PROGRESS 0x00001000 #define NT_LDRP_UNLOAD_IN_PROGRESS 0x00002000 #define NT_LDRP_ENTRY_PROCESSED 0x00004000 #define NT_LDRP_ENTRY_INSERTED 0x00008000 #define NT_LDRP_CURRENT_LOAD 0x00010000 #define NT_LDRP_FAILED_BUILTIN_LOAD 0x00020000 #define NT_LDRP_DONT_CALL_FOR_THREADS 0x00040000 #define NT_LDRP_PROCESS_ATTACH_CALLED 0x00080000 #define NT_LDRP_DEBUG_SYMBOLS_LOADED 0x00100000 #define NT_LDRP_IMAGE_NOT_AT_BASE 0x00200000 #define NT_LDRP_WX86_IGNORE_MACHINETYPE 0x00400000 /* create process info bits */ #define NT_PROCESS_CREATE_INFO_WRITE_OUTPUT 0x00000001 #define NT_PROCESS_CREATE_INFO_OBTAIN_OUTPUT 0x20000003 /* zw_create_user_process: creation flags */ #define NT_PROCESS_CREATE_FLAGS_CREATE_THREAD_SUSPENDED (0x00000001) #define NT_PROCESS_CREATE_FLAGS_RESET_DEBUG_PORT (0x00000002) #define NT_PROCESS_CREATE_FLAGS_INHERIT_HANDLES (0x00000004) #define NT_PROCESS_CREATE_FLAGS_NO_OBJECT_SYNC (0x00000100) /* zw_create_user_process: extended parameters */ #define NT_CREATE_PROCESS_EXT_PARAM_SET_FILE_NAME (0x00020005) #define NT_CREATE_PROCESS_EXT_PARAM_SET_VIRTUAL_ADDR_RANGES (0x00020007) #define NT_CREATE_PROCESS_EXT_PARAM_SET_BASE_PRIORITY (0x00020008) #define NT_CREATE_PROCESS_EXT_PARAM_SET_HARD_ERROR_MODE (0x00020009) #define NT_CREATE_PROCESS_EXT_PARAM_SET_CONSOLE_FLAGS (0x0002000A) #define NT_CREATE_PROCESS_EXT_PARAM_SET_INHERITED_HANDLES (0x0002000B) #define NT_CREATE_PROCESS_EXT_PARAM_SET_PARENT (0x00060000) #define NT_CREATE_PROCESS_EXT_PARAM_SET_DEBUG (0x00060001) #define NT_CREATE_PROCESS_EXT_PARAM_SET_TOKEN (0x00060002) #define NT_CREATE_PROCESS_EXT_PARAM_GET_SECTION_IMAGE_INFO (0x00000006) #define NT_CREATE_PROCESS_EXT_PARAM_GET_CLIENT_ID (0x00010003) #define NT_CREATE_PROCESS_EXT_PARAM_GET_TEB_ADDRESS (0x00010004) /* nt_startup_info flag bits */ #define NT_PROCESS_STARTUP_INFO_USE_SHOW_WINDOW (0x00000001) #define NT_PROCESS_STARTUP_INFO_USE_SIZE (0x00000002) #define NT_PROCESS_STARTUP_INFO_USE_POSITION (0x00000004) #define NT_PROCESS_STARTUP_INFO_USE_COUNT_CHARS (0x00000008) #define NT_PROCESS_STARTUP_INFO_USE_FILL_ATTRIBUTE (0x00000010) #define NT_PROCESS_STARTUP_INFO_RUN_FULL_SCREEN (0x00000020) #define NT_PROCESS_STARTUP_INFO_FORCE_ON_FEEDBACK (0x00000040) #define NT_PROCESS_STARTUP_INFO_FORCE_OFF_FEEDBACK (0x00000080) #define NT_PROCESS_STARTUP_INFO_USE_STD_HANDLES (0x00000100) #define NT_PROCESS_STARTUP_INFO_USE_HOT_KEY (0x00000200) #define NT_PROCESS_STARTUP_INFO_TITLE_IS_LINK_NAME (0x00000800) #define NT_PROCESS_STARTUP_INFO_TITLE_IS_APP_ID (0x00001000) #define NT_PROCESS_STARTUP_INFO_PREVENT_PINNING (0x00002000) #define NT_PROCESS_STARTUP_INFO_UNTRUSTED_SOURCE (0x00008000) /* foreign process creation flags */ #define NT_PROCESS_INTEROP_FLAG_DEBUG_PROCESS_TREE (0x00000001) #define NT_PROCESS_INTEROP_FLAG_DEBUG_ONLY_THIS_PROCESS (0x00000002) #define NT_PROCESS_INTEROP_FLAG_SUSPENDED (0x00000004) #define NT_PROCESS_INTEROP_FLAG_DETACHED_PROCESS (0x00000008) #define NT_PROCESS_INTEROP_FLAG_NEW_CONSOLE (0x00000010) #define NT_PROCESS_INTEROP_FLAG_NEW_PROCESS_GROUP (0x00000200) #define NT_PROCESS_INTEROP_FLAG_UNICODE_ENVIRONMENT (0x00000400) #define NT_PROCESS_INTEROP_FLAG_SEPARATE_WOW_VDM (0x00000800) #define NT_PROCESS_INTEROP_FLAG_SHARED_WOW_VDM (0x00001000) #define NT_PROCESS_INTEROP_FLAG_INHERIT_PARENT_AFFINITY (0x00010000) #define NT_PROCESS_INTEROP_FLAG_PROTECTED_PROCESS (0x00040000) #define NT_PROCESS_INTEROP_FLAG_EXTENDED_STARTUPINFO_PRESENT (0x00080000) #define NT_PROCESS_INTEROP_FLAG_BREAKAWAY_FROM_JOB (0x01000000) #define NT_PROCESS_INTEROP_FLAG_PRESERVE_CODE_AUTHZ_LEVEL (0x02000000) #define NT_PROCESS_INTEROP_FLAG_DEFAULT_ERROR_MODE (0x04000000) #define NT_PROCESS_INTEROP_FLAG_NO_WINDOW (0x08000000) /* zw_create_user_process: console flag bits */ #define NT_CREATE_PROCESS_EXT_CONSOLE_FLAG_DEFAULT (0x00) #define NT_CREATE_PROCESS_EXT_CONSOLE_FLAG_DO_NOT_USE_HANDLES (0x00) #define NT_CREATE_PROCESS_EXT_CONSOLE_FLAG_INHERIT_HANDLES (0x01) #define NT_CREATE_PROCESS_EXT_CONSOLE_FLAG_USE_ARG_HANDLES (0x02) #define NT_CREATE_PROCESS_EXT_CONSOLE_FLAG_INHERIT_STDIN (0x04) #define NT_CREATE_PROCESS_EXT_CONSOLE_FLAG_INHERIT_STDOUT (0x08) #define NT_CREATE_PROCESS_EXT_CONSOLE_FLAG_INHERIT_STDERR (0x10) /* tt_spawn_native_process / tt_spawn_foreign_process flags */ #define NT_PROCESS_SPAWN_FLAG_DELEGATE_TO_SYSTEM_LIBRARY (0x00000001) #define NT_PROCESS_SPAWN_FLAG_DELEGATE_TO_PTY_SERVER (0x00000002) #define NT_PROCESS_SPAWN_FLAG_DELEGATE_TO_BRIDGE_PROCESS (0x00000004) /* nt_runtime_data_block flag bits */ #define NT_RUNTIME_DATA_DUPLICATE_SESSION_HANDLES (0x01) /* nt_runtime_data flag bits */ #define NT_RUNTIME_DATA_INTEGRAL_PROCESS (0x01) /* runtime data convenience storage */ #define NT_RUNTIME_DATA_SYNC_OPCODES (0x08) #define NT_RUNTIME_DATA_USER_PTRS (0x10) #define NT_RUNTIME_DATA_USER_INT32_SLOTS (0x10) #define NT_RUNTIME_DATA_USER_INT64_SLOTS (0x10) /* friendly process abi guid */ #define NT_PROCESS_GUID_UNSPEC {0x00000000,0x0000,0x0000,{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}} #define NT_PROCESS_GUID_RTDATA {0x3e43ec84,0x1af1,0x4ede,{0xac,0xd8,0xc3,0xd9,0x20,0xaf,0xc8,0x68}} /* friendly process guids */ #define NT_PROCESS_GUID_NTPGRP {0xfa383cc0,0xa25b,0x4448,{0x83,0x45,0x51,0x45,0x4d,0xa8,0x2f,0x30}} #define NT_PROCESS_GUID_PIDMAP {0xba054c90,0x8b4f,0x4989,{0xa0,0x52,0x32,0xce,0x41,0x9e,0xbf,0x97}} #define NT_PROCESS_GUID_PIDANY {0x431bf6a6,0x65c4,0x4eb0,{0x88,0xca,0x16,0xfe,0xc0,0x18,0xc8,0xb7}} #define NT_PROCESS_GUID_NTPIPC {0xc37f1735,0x693d,0x4695,{0xbc,0x54,0x03,0xfd,0xa2,0x7d,0x43,0x0a}} /* friendly process object directory prefixes */ #define NT_PROCESS_OBJDIR_PREFIX_NTPGRP {'n','t','p','g','r','p'} #define NT_PROCESS_OBJDIR_PREFIX_PIDMAP {'p','i','d','m','a','p'} #define NT_PROCESS_OBJDIR_PREFIX_PIDANY {'p','i','d','a','n','y'} #define NT_PROCESS_OBJDIR_PREFIX_NTPIPC {'n','t','p','i','p','c'} typedef struct _nt_process_information { void * hprocess; void * hthread; uintptr_t process_id; uintptr_t thread_id; } nt_process_information, nt_process_info; typedef struct _nt_process_parameters { uint32_t alloc_size; uint32_t used_size; uint32_t flags; uint32_t reserved; void * hconsole; uintptr_t console_flags; void * hstdin; void * hstdout; void * hstderr; nt_unicode_string cwd_name; void * cwd_handle; nt_unicode_string __attr_ptr_size_aligned__ dll_path; nt_unicode_string __attr_ptr_size_aligned__ image_file_name; nt_unicode_string __attr_ptr_size_aligned__ command_line; wchar16_t * environment; uint32_t dwx; uint32_t dwy; uint32_t dwx_size; uint32_t dwy_size; uint32_t dwx_count_chars; uint32_t dwy_count_chars; uint32_t dw_fill_attribute; uint32_t dw_flags; uint32_t wnd_show; nt_unicode_string wnd_title; nt_unicode_string __attr_ptr_size_aligned__ desktop; nt_unicode_string __attr_ptr_size_aligned__ shell_info; nt_unicode_string __attr_ptr_size_aligned__ runtime_data; } nt_process_parameters; typedef struct _nt_peb { unsigned char reserved_1st[2]; unsigned char debugged; unsigned char reserved_2nd[1]; void * reserved_3rd[2]; struct pe_peb_ldr_data* peb_ldr_data; nt_process_parameters * process_params; unsigned char reserved_4th[104]; void * reserved_5th[52]; void * post_process_init_routine; unsigned char reserved_6th[128]; void * reserved_7th[1]; uint32_t session_id; } nt_peb; typedef struct _nt_process_basic_information { int32_t exit_status; nt_peb * peb_base_address; intptr_t affinity_mask; uint32_t base_priority; uintptr_t unique_process_id; uintptr_t inherited_from_unique_process_id; } nt_process_basic_information, nt_pbi; typedef struct _nt_process_access_token { void * token; void * thread; } nt_process_access_token; typedef struct _nt_process_ws_watch_information { void * faulting_pc; void * faulting_va; } nt_process_ws_watch_information; typedef struct _nt_process_priority_class { int32_t foreground; uint32_t priority; } nt_process_priority_class; typedef struct _nt_process_device_map_information { union { struct { void * directory_handle; } set; struct { uint32_t drive_map; unsigned char drive_type[32]; } query; }; } nt_process_device_map_information; typedef struct _nt_process_startup_info { uint32_t size; wchar16_t * reserved; wchar16_t * desktop; wchar16_t * title; uint32_t dwx; uint32_t dwy; uint32_t dwxsize; uint32_t dwysize; uint32_t dwxcntchars; uint32_t dwycntchars; uint32_t dwfileattr; uint32_t dwflags; uint16_t wndshow; uint16_t pad; uint8_t * unknown; void * hstdin; void * hstdout; void * hstderr; } nt_process_startup_info; typedef struct _nt_debug_buffer { void * hsection; void * section_base; void * remote_section_base; size_t section_base_delta; void * hevent_pair; void * unknown[2]; void * hthread_remote; uint32_t info_class_mask; size_t info_size; size_t allocated_size; size_t section_size; void * module_information; void * back_trace_information; void * heap_information; void * lock_information; void * reserved[8]; } nt_debug_buffer; typedef struct _nt_debug_module_information { void * reserved[2]; size_t base; size_t size; uint32_t flags; uint16_t index; uint16_t unknown; uint16_t load_count; uint16_t module_name_offset; char image_name[256]; } nt_debug_module_information; typedef struct _nt_debug_heap_information { size_t base; uint32_t flags; uint16_t granularity; uint16_t unknown; size_t allocated; size_t committed; uint32_t tag_count; uint32_t block_count; void * reserved[7]; void * tags; void * blocks; } nt_debug_heap_information; typedef struct _nt_debug_lock_information { void * address; uint16_t type; uint16_t creator_back_trace_index; uintptr_t owner_thread_id; uint32_t active_count; uint32_t contention_count; uint32_t entry_count; uint32_t recursion_count; uint32_t number_of_share_waiters; uint32_t number_of_exclusive_waiters; } nt_debug_lock_information; typedef struct _nt_executable_image { void * hfile; void * hsection; void * addr; size_t size; uint16_t characteristics; uint16_t magic; uint16_t subsystem; uint16_t uflags; } nt_executable_image; typedef struct _nt_process_session_information { uintptr_t session_id; } nt_process_session_information; typedef struct _nt_create_process_info { size_t size; size_t state; union { struct { uint32_t init_flags; uint32_t file_access_ext; uintptr_t unused[8]; } init_state; struct { uintptr_t output_flags; void * hfile; void * hsection; uint64_t unknown[6]; } success_state; }; } nt_create_process_info; typedef struct _nt_create_process_ext_param { size_t ext_param_type; size_t ext_param_size; union { uint32_t ext_param_value; void * ext_param_addr; }; size_t ext_param_returned_length; } nt_create_process_ext_param; typedef struct _nt_create_process_ext_params { size_t ext_params_size; nt_create_process_ext_param ext_param[]; } nt_create_process_ext_params; typedef struct _nt_user_process_info { uint32_t size; void * hprocess; void * hthread; nt_cid cid; nt_section_image_information sec_image_info; } nt_user_process_info; typedef struct _nt_process_alternate_client_id { void * hpgrp; void * hentry; void * hsession; void * hdaemon; void * hpidany; void * hevent; int32_t tid; int32_t pid; int32_t pgid; int32_t sid; uintptr_t reserved[8]; } nt_process_alternate_client_id, nt_alt_cid; typedef struct _nt_runtime_data { nt_guid abi; void * hself; void * hparent; void * himage; void * hroot; void * hdsodir; void * hloader; void * hexec; void * hpeer; void * hcwd; void * hdrive; void * hldrctx[__SIZEOF_POINTER__>>1]; /**************************/ /* loader abi ends here */ /**************************/ void * hpidanydir; void * hbnorootdir; void * hsemctl; void * hsempid; void * hsemctldir; void * hsemkeydir; void * hsempiddir; void * hmsqctl; void * hmsqpid; void * hmsqctldir; void * hmsqkeydir; void * hmsqpiddir; void * hshmctlroot; void * hshmctldir; void * hshmkeyroot; void * hshmkeydir; void * htmpfslroot; void * htmpfsldir; nt_cid cid_self; nt_cid cid_parent; nt_alt_cid alt_cid_self; nt_alt_cid alt_cid_parent; uint32_t flags; uint32_t reserved; void * hstdin; void * hstdout; void * hstderr; void * hctty; void * hjob; void * hsession; void * hdebug; void * hlog; void * hready; void * hsync; void * hswap; void * hserver; nt_guid port_guid; int32_t port_type; int32_t port_subtype; uint32_t port_keys[6]; nt_guid srv_guid; int32_t srv_type; int32_t srv_subtype; uint32_t srv_keys[6]; nt_guid tty_guid; int32_t tty_type; int32_t tty_subtype; uint32_t tty_keys[6]; nt_guid grp_guid; int32_t grp_type; int32_t grp_subtype; uint32_t grp_keys[6]; nt_guid ppid_guid; int32_t ppid_type; int32_t ppid_subtype; uint32_t ppid_keys[6]; nt_guid ipc_guid; int32_t ipc_type; int32_t ipc_subtype; uint32_t ipc_keys[6]; nt_guid semctl_guid; int32_t semctl_type; int32_t semctl_subtype; uint32_t semctl_keys[6]; nt_guid msqctl_guid; int32_t msqctl_type; int32_t msqctl_subtype; uint32_t msqctl_keys[6]; int32_t stdin_type; int32_t stdout_type; int32_t stderr_type; int32_t session_type; uint32_t dbg_type; uint32_t log_type; void * ctx_hsection; void * ctx_addr; size_t ctx_size; size_t ctx_commit; ptrdiff_t ctx_offset; size_t ctx_counter; size_t ctx_meta_size; size_t ctx_buffer_size; uint32_t ctx_options; uint32_t ctx_flags; uint32_t meta_hash; uint32_t block_hash; size_t stack_reserve; size_t stack_commit; size_t heap_reserve; size_t heap_commit; int32_t envc; int32_t argc; char ** argv; char ** envp; wchar16_t ** wargv; wchar16_t ** wenvp; int32_t peb_envc; int32_t peb_argc; wchar16_t ** peb_wargv; wchar16_t ** peb_wenvp; uintptr_t ptyin [4]; uintptr_t ptyout[4]; uintptr_t ptyerr[4]; uintptr_t ptyctl[4]; uint32_t sa_queue [2]; uint32_t sa_block [2]; void * sa_handler[64]; uintptr_t sa_flags [64]; uint32_t sa_mask [64][2]; int32_t opcode[NT_RUNTIME_DATA_SYNC_OPCODES]; void * uptr [NT_RUNTIME_DATA_USER_PTRS]; void * uclose[NT_RUNTIME_DATA_USER_PTRS]; int32_t udat32[NT_RUNTIME_DATA_USER_INT32_SLOTS]; int64_t udat64[NT_RUNTIME_DATA_USER_INT64_SLOTS]; uintptr_t buffer[]; } nt_runtime_data, nt_rtdata; typedef struct _nt_runtime_data_block { void * addr; size_t size; void * remote_addr; size_t remote_size; int32_t flags; } nt_runtime_data_block; typedef struct _nt_create_process_params { __out void * hprocess; __out void * hthread; __out nt_client_id cid; __out nt_process_basic_information pbi; __in void * himage; __in wchar16_t * image_name; __in wchar16_t * cmd_line; __in wchar16_t * environment; __in void * hsession; __in nt_runtime_data_block * rtblock; __in uint32_t desired_access_process; __in uint32_t desired_access_thread; __in nt_object_attributes * obj_attr_process; __in nt_object_attributes * obj_attr_thread; __in uint32_t creation_flags_process; __in uint32_t creation_flags_thread; __in nt_process_parameters * process_params; __in_out nt_create_process_info * create_process_info; __in nt_create_process_ext_params * create_process_ext_params; __in_out uintptr_t * buffer; __in size_t buflen; } nt_create_process_params; typedef struct _nt_spawn_process_params { __out void * hprocess; __out void * hthread; __out void * rdata; __out nt_client_id cid; __out nt_process_basic_information pbi; __out nt_event_basic_information eready; __in nt_runtime_data * rtctx; __in void * hroot; __in void * hcwd; __in void * hsession; __in void * htoken; __in void * himage; __in char * patharg; __in const char * interp; __in const char * optarg; __in const char * script; __in char ** argv; __in char ** envp; __in void * hready; __in nt_timeout * timeout; __in uint32_t processflags; __in uint32_t threadflags; __in uint32_t spawnflags; __in uint32_t interopflags; __in nt_process_startup_info * startupinfo; } nt_spawn_process_params; typedef int32_t __stdcall ntapi_zw_create_process( __out void ** hprocess, __in uint32_t desired_access, __in nt_object_attributes * obj_attr, __in void * hinherit_from_process, __in unsigned char inherit_handles, __in void * hsection __optional, __in void * hdebug_port __optional, __in void * hexception_port __optional); /* zw_create_user_process: newer OS versions only */ typedef int32_t __stdcall ntapi_zw_create_user_process( __out void ** hprocess, __out void ** hthread, __in uint32_t desired_access_process, __in uint32_t desired_access_thread, __in nt_object_attributes * obj_attr_process __optional, __in nt_object_attributes * obj_attr_thread __optional, __in uint32_t creation_flags_process, __in uint32_t creation_flags_thread, __in nt_process_parameters * process_params __optional, __in_out nt_create_process_info * create_process_info, __in nt_create_process_ext_params * create_process_ext_params); typedef int32_t __stdcall ntapi_zw_open_process( __out void ** hprocess, __in uint32_t desired_access, __in nt_object_attributes * obj_attr, __in nt_client_id * cid __optional); typedef int32_t __stdcall ntapi_zw_terminate_process( __in void * hprocess __optional, __in int32_t status); typedef int32_t __stdcall ntapi_zw_query_information_process( __in void * hprocess, __in nt_process_info_class process_info_class, __out void * process_info, __in size_t process_info_length, __out uint32_t * returned_length __optional); typedef int32_t __stdcall ntapi_zw_set_information_process( __in void * hprocess, __in nt_process_info_class process_info_class, __in void * process_info, __in uint32_t process_info_length); typedef int32_t __stdcall ntapi_zw_flush_instruction_cache( __in void * hprocess, __in void * base_addr __optional, __in size_t flush_size); typedef int32_t __stdcall ntapi_rtl_create_process_parameters( __out nt_process_parameters ** process_params, __in nt_unicode_string * image_file, __in nt_unicode_string * dll_path __optional, __in nt_unicode_string * current_directory __optional, __in nt_unicode_string * command_line __optional, __in wchar16_t * environment __optional, __in nt_unicode_string * window_title __optional, __in nt_unicode_string * desktop_info __optional, __in nt_unicode_string * shell_info __optional, __in nt_unicode_string * runtime_info __optional); typedef void * __stdcall ntapi_rtl_normalize_process_params( __in nt_process_parameters * process_params); typedef int32_t __stdcall ntapi_rtl_destroy_process_parameters( __in nt_process_parameters * process_params); typedef nt_debug_buffer * __stdcall ntapi_rtl_create_query_debug_buffer( __in size_t size, __in int32_t event_pair); typedef int32_t __stdcall ntapi_rtl_destroy_query_debug_buffer( __in nt_debug_buffer * debug_buffer); typedef int32_t __stdcall ntapi_rtl_query_process_debug_information( __in uintptr_t process_id, __in uint32_t debug_info_class_mask, __in_out nt_debug_buffer * debug_buffer); typedef int32_t __stdcall ntapi_rtl_clone_user_process( __in uint32_t process_flags, __in nt_sd * process_sec_desc __optional, __in nt_sd * thread_sec_desc __optional, __in void * hport_debug __optional, __out nt_user_process_info * process_info); /* extensions */ typedef intptr_t __fastcall ntapi_tt_fork( __out void ** hprocess, __out void ** hthread); typedef int32_t __stdcall ntapi_tt_create_remote_process_params( __in void * hprocess, __out nt_process_parameters ** rprocess_params, __in nt_unicode_string * image_file, __in nt_unicode_string * dll_path __optional, __in nt_unicode_string * current_directory __optional, __in nt_unicode_string * command_line __optional, __in wchar16_t * environment __optional, __in nt_unicode_string * window_title __optional, __in nt_unicode_string * desktop_info __optional, __in nt_unicode_string * shell_info __optional, __in nt_unicode_string * runtime_data __optional); typedef int32_t __stdcall ntapi_tt_create_native_process( __out nt_create_process_params * params); typedef int32_t __stdcall ntapi_tt_spawn_native_process( __in_out nt_spawn_process_params * sparams); typedef int32_t __stdcall ntapi_tt_spawn_foreign_process( __in_out nt_spawn_process_params * sparams); typedef int32_t __stdcall ntapi_tt_get_runtime_data( __out nt_runtime_data ** pdata, __in wchar16_t ** argv); typedef int32_t __stdcall ntapi_tt_init_runtime_data( __in_out nt_runtime_data * rtdata); typedef int32_t __stdcall ntapi_tt_update_runtime_data( __in_out nt_runtime_data * rtdata); typedef int32_t __stdcall ntapi_tt_exec_map_image_as_data( __in_out nt_executable_image * image); typedef int32_t __stdcall ntapi_tt_exec_unmap_image( __in nt_executable_image * image); #endif