If its not doc’d you may find that what it means now will be different in some other release of windows. Go up from that struct to PEB and up from there to EPROCESS. Its huge. It seems like duplication of info everywhere.
+0x06c ShowWindowFlags : 1 from STARTF_USESHOWWIND
si.wShowWindow = SW_SHOWNORMAL;
For other Flags look ar k32.BasePushProcessParameters
ntdll.RtlCreateprocessparameters
they all get into picture when you use the MITIGATION params /
Creation Flags / Security Attributes of Createprocess call
Flags has some #defines in reactos / tomasz undocumented ntinternals
etc google is your best friend
On 9/3/14, xxxxx@gmail.com wrote: > Hi, > > What is the meaning of: > > “ULONG Flags”, “ULONG DebugFlags”, “ULONG ConsoleFlags”, “ULONG > WindowFlags”, “ULONG ShowWindowFlags”,below > > typedef struct _RTL_USER_PROCESS_PARAMETERS > { > ULONG MaximumLength; > ULONG Length; > ULONG Flags; > ULONG DebugFlags; > PVOID ConsoleHandle; > ULONG ConsoleFlags; > PVOID StandardInput; > PVOID StandardOutput; > PVOID StandardError; > CURDIR CurrentDirectory; > UNICODE_STRING DllPath; > UNICODE_STRING ImagePathName; > UNICODE_STRING CommandLine; > PVOID Environment; > ULONG StartingX; > ULONG StartingY; > ULONG CountX; > ULONG CountY; > ULONG CountCharsX; > ULONG CountCharsY; > ULONG FillAttribute; > ULONG WindowFlags; > ULONG ShowWindowFlags; > UNICODE_STRING WindowTitle; > UNICODE_STRING DesktopInfo; > UNICODE_STRING ShellInfo; > UNICODE_STRING RuntimeData; > RTL_DRIVE_LETTER_CURDIR CurrentDirectores[32]; > ULONG EnvironmentSize; > } RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS; > > — > NTDEV is sponsored by OSR > > Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev > > OSR is HIRING!! See http://www.osr.com/careers > > For our schedule of WDF, WDM, debugging and other seminars visit: > http://www.osr.com/seminars > > To unsubscribe, visit the List Server section of OSR Online at > http://www.osronline.com/page.cfm?name=ListServer >