C# Signature:
[DllImport("ntdll.dll", SetLastError=true)]
static extern UInt32 NtCreateUserProcess(ref IntPtr ProcessHandle, ref IntPtr ThreadHandle, AccessMask ProcessDesiredAccess, AccessMask ThreadDesiredAccess, IntPtr ProcessObjectAttributes, IntPtr ThreadObjectAttributes, UInt32 ProcessFlags, UInt32 ThreadFlags, IntPtr ProcessParameters, ref PS_CREATE_INFO CreateInfo, ref PS_ATTRIBUTE_LIST AttributeList);
Boo Signature:
[DllImport("ntdll.dll", SetLastError : true)]
def NtCreateUserProcess(
ref ProcessHandle as IntPtr,
ref ThreadHandle as IntPtr,
ProcessDesiredAccess as AccessMask,
ThreadDesiredAccess as AccessMask,
ProcessObjectAttributes as IntPtr,
ThreadObjectAttributes as IntPtr,
ProcessFlags as UInt32,
ThreadFlags as UInt32,
ProcessParameters as IntPtr,
ref CreateInfo as PS_CREATE_INFO,
ref AttributeList as PS_ATTRIBUTE_LIST) as UInt32:
pass
User-Defined Types:
// https://www.geoffchappell.com/studies/windows/km/ntoskrnl/api/ps/psexec/create_info.htm
// simplified version
struct PS_CREATE_INFO:
Size as UIntPtr
State as PS_CREATE_STATE
InitFlags as UInt32
AdditionalFileAccess as UInt32
struct PS_ATTRIBUTE:
Attribute as UInt64
Size as UIntPtr
Value as IntPtr
ReturnLength as IntPtr
// you might need more or less elements than 3
struct PS_ATTRIBUTE_LIST:
TotalLength as UIntPtr
[MarshalAs(UnmanagedType.ByValArray, SizeConst : 3)]
Attributes as (PS_ATTRIBUTE)
Alternative Managed API:
Do you know one? Please contribute it!
Notes:
None.
Tips & Tricks:
Please add some!
Sample Code:
Please add some!
