2OOO, 2 December
typedef struct _RTL_USER_PROCESS_PARAMETERS {
ULONG MaximumLength;
ULONG Length;
ULONG Flags;
ULONG DebugFlags;
PVOID ConsoleHandle;
ULONG ConsoleFlags;
HANDLE StdInputHandle;
HANDLE StdOutputHandle;
HANDLE StdErrorHandle;
UNICODE_STRING CurrentDirectoryPath;
HANDLE CurrentDirectoryHandle;
UNICODE_STRING DllPath;
UNICODE_STRING ImagePathName;
UNICODE_STRING CommandLine;
PVOID Environment;
ULONG StartingPositionLeft;
ULONG StartingPositionTop;
ULONG Width;
ULONG Height;
ULONG CharWidth;
ULONG CharHeight;
ULONG ConsoleTextAttributes;
ULONG WindowFlags;
ULONG ShowWindowFlags;
UNICODE_STRING WindowTitle;
UNICODE_STRING DesktopName;
UNICODE_STRING ShellInfo;
UNICODE_STRING RuntimeData;
RTL_DRIVE_LETTER_CURDIR DLCurrentDirectory[0x20];
} RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS;
MaximumLength
Should be set before call RtlCreateProcessParameters.Length
Length of valid structure.Flags
Currently only one flag is known: PPF_NORMALIZED (1) // Means that structure is normalized by call RtlNormalizeProcessParamsDebugFlags
ConsoleHandle
HWND to console window associated with process (if any).ConsoleFlags
StdInputHandle
StdOutputHandle
StdErrorHandle
CurrentDirectoryPath
Specified in DOS-like symbolic link path, ex: "C:/WinNT/SYSTEM32"CurrentDirectoryHandle
Handle to FILE object.DllPath
DOS-like paths separated by ';' where system shoult search for DLL files.ImagePathName
Full path in DOS-like format to process'es file image.CommandLine
Command line.Environment
Pointer to environment block (see RtlCreateEnvironment).StartingPositionLeft
StartingPositionTop
Width
Height
CharWidth
CharHeight
ConsoleTextAttributes
WindowFlags
ShowWindowFlags
WindowTitle
DesktopName
Name of WindowStation and Desktop objects, where process is assigned.ShellInfo
RuntimeData
DLCurrentDirectory[0x20]
- ???
RTL_USER_PROCESS_PARAMETERS is located at address 0x20000 (for all processes created by call WIN32 API CreateProcess).