info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
NtCreateProcess
2,513 views
Skip to first unread message
J.T. Bloch
Nov 29, 1999, 3:00:00 AM11/29/99
to
Does anyone know the signature of the kernel-mode equivalent of
NtCreateProcess? The function takes 32 bytes of parameter, and returns
an NTSTATUS, but what do the parameters look like? Some are constant
values, but the others are mysterious...
NtCreateProcess? The function takes 32 bytes of parameter, and returns
an NTSTATUS, but what do the parameters look like? Some are constant
values, but the others are mysterious...
thanks,
jt bloch
Maxim S. Shatskih
Nov 30, 1999, 3:00:00 AM11/30/99
to
The most important parameter here is SectionHandle. If this parameter is
NULL, the kernel will fork the current process. Otherwise, this parameter
must
be a handle of the SEC_IMAGE section object created on the EXE file before
calling ZwCreateProcess().
NULL, the kernel will fork the current process. Otherwise, this parameter
must
be a handle of the SEC_IMAGE section object created on the EXE file before
calling ZwCreateProcess().
NTSYSAPI
NTSTATUS
NTAPI
ZwCreateProcess(
OUT PHANDLE ProcessHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
IN HANDLE ParentProcess,
IN BOOLEAN InheritObjectTable,
IN HANDLE SectionHandle OPTIONAL,
IN HANDLE DebugPort OPTIONAL,
IN HANDLE ExceptionPort OPTIONAL
);
J.T. Bloch <jtb...@rstcorp.com> wrote in message
news:3842EF25...@rstcorp.com...
0 new messages