NTCreateProcess Prototype

OSR_Community_User · March 7, 2002, 9:10am

Somebody know NTCreateProcess prototype ?

Thanks in advance,

Heldai

OSR_Community_User · March 7, 2002, 9:39am

Of course ;-)), here it is:

NTSYSAPI
NTSTATUS
NTAPI
NtCreateProcess(
OUT PHANDLE ProcessHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
IN HANDLE ParentProcess,
IN BOOLEAN InheritObjectTable,
IN HANDLE SectionHandle OPTIONAL,
IN HANDLE DebugPort OPTIONAL,
IN HANDLE ExceptionPort OPTIONAL
);

Paul

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Heldai
Sent: Thursday, March 07, 2002 3:07 PM
To: NT Developers Interest List
Subject: [ntdev] NTCreateProcess Prototype

Somebody know NTCreateProcess prototype ?

Thanks in advance,

Heldai

You are currently subscribed to ntdev as: xxxxx@compelson.com
To unsubscribe send a blank email to %%email.unsub%%

OSR_Community_User · March 7, 2002, 9:45am

On Thursday, March 07, 2002 2:07 PM, Heldai
[SMTP:xxxxx@scuasecurity.com.br] wrote:

Somebody know NTCreateProcess prototype ?

Have you tried using Win32 CreateProcess in an application, and stepping
into the disassembler of the function and looking to see how the parameters
to CreateProcess map to those used with ZwCreateProcess?

That’s the way I’ve worked out some of the other undocumented functions.

Don’t forget that the prototype may change in later versions of the
Operating System so there is no guarantee of any sort of compatibility with
other versions of Windows.

Hope this is of some help.

Richie

OSR_Community_User · March 7, 2002, 9:48am

Heldai,

NtCreateProcess prototype is equivalent to ZwCreateProcess.

NTSYSAPI NTSTATUS NTAPI ZwCreateProcess(
OUT PHANDLE ProcessHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
IN HANDLE ParentProcess,
IN BOOLEAN InheritObjectTable,
IN HANDLE SectionHandle OPTIONAL,
IN HANDLE DebugPort OPTIONAL,
IN HANDLE ExceptionPort OPTIONAL
);

Dawoo.

-----Original Message-----
From: Heldai [mailto:xxxxx@scuasecurity.com.br]
Sent: Thursday, March 07, 2002 2:07 PM
To: NT Developers Interest List
Subject: [ntdev] NTCreateProcess Prototype

Somebody know NTCreateProcess prototype ?

Thanks in advance,

Heldai

You are currently subscribed to ntdev as: xxxxx@ggn.hcltech.com
To unsubscribe send a blank email to %%email.unsub%%

OSR_Community_User · March 7, 2002, 10:08am

Heldai,

you wrote on Thursday, March 07, 2002, 15:06:57:

H> Somebody know NTCreateProcess prototype ?

Get http://www.newriders.com/download/1578701996/1578701996.zip . It
contains all the prototypes and samples for the undocumented APIs and
structures discussed in the book “Windows NT/2000 Native API Reference”
by Gary Nebbett. And get that book too, of course. There is also a
“free” version of ntifs.h at http://www.acc.umu.se/~bosse/ , it actually
documents some more functions than the IFS Kit version of ntifs.h.

Ralf.