2OOO, 2 December
typedef struct _RTL_USER_PROCESS_PARAMETERS {
ULONG MaximumLength;
ULONG Length;
ULONG Flags;
ULONG DebugFlags;
PVOID ConsoleHandle;
ULONG ConsoleFlags;
HANDLE StdInputHandle;
HANDLE StdOutputHandle;
HANDLE StdErrorHandle;
UNICODE_STRING CurrentDirectoryPath;
HANDLE CurrentDirectoryHandle;
UNICODE_STRING DllPath;
UNICODE_STRING ImagePathName;
UNICODE_STRING CommandLine;
PVOID Environment;
ULONG StartingPositionLeft;
ULONG StartingPositionTop;
ULONG Width;
ULONG Height;
ULONG CharWidth;
ULONG CharHeight;
ULONG ConsoleTextAttributes;
ULONG WindowFlags;
ULONG ShowWindowFlags;
UNICODE_STRING WindowTitle;
UNICODE_STRING DesktopName;
UNICODE_STRING ShellInfo;
UNICODE_STRING RuntimeData;
RTL_DRIVE_LETTER_CURDIR DLCurrentDirectory[0x20];
} RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS;
Should be set before call RtlCreateProcessParameters.
Length of valid structure.
Currently only one flag is known:
PPF_NORMALIZED (1) // Means that structure is normalized by call RtlNormalizeProcessParams
HWND to console window associated with process (if any).
Specified in DOS-like symbolic link path, ex: "C:\WinNT\SYSTEM32"
Handle to FILE object.
DOS-like paths separated by ';' where system shoult search for DLL files.
Full path in DOS-like format to process'es file image.
Command line.
Pointer to environment block (see RtlCreateEnvironment).
Name of WindowStation and Desktop objects, where process is assigned.
- ???
RTL_USER_PROCESS_PARAMETERS is located at address 0x20000 (for all processes created by call WIN32 API CreateProcess).