/// <summary>
/// For the current process
/// </summary>
/// <returns>The new forked process result</returns>
public static CreateUserProcessResult Fork()
{
List <ProcessAttribute> attrs = new List <ProcessAttribute>();
try
{
ProcessCreateInfo create_info = new ProcessCreateInfo();
SafeStructureInOutBuffer <ClientId> client_id = new SafeStructureInOutBuffer <ClientId>();
attrs.Add(ProcessAttribute.ClientId(client_id));
ProcessAttributeList attr_list = new ProcessAttributeList(attrs);
NtStatus status = NtSystemCalls.NtCreateUserProcess(
out SafeKernelObjectHandle process_handle, out SafeKernelObjectHandle thread_handle,
ProcessAccessRights.MaximumAllowed, ThreadAccessRights.MaximumAllowed,
null, null, ProcessCreateFlags.InheritFromParent,
ThreadCreateFlags.Suspended, IntPtr.Zero, create_info, attr_list).ToNtException();
return(new CreateUserProcessResult(process_handle, thread_handle,
create_info.Data, new SectionImageInformation(), client_id.Result, false));
}
finally
{
foreach (ProcessAttribute attr in attrs)
{
attr.Dispose();
}
}
}
public static extern NtStatus NtCreateUserProcess(
out SafeKernelObjectHandle ProcessHandle,
out SafeKernelObjectHandle ThreadHandle,
ProcessAccessRights ProcessDesiredAccess,
ThreadAccessRights ThreadDesiredAccess,
ObjectAttributes ProcessObjectAttributes,
ObjectAttributes ThreadObjectAttributes,
ProcessCreateFlags ProcessFlags,
ThreadCreateFlags ThreadFlags,
IntPtr ProcessParameters,
[In, Out] ProcessCreateInfo CreateInfo,
[In, Out] ProcessAttributeList AttributeList
);
/// <summary>
/// For the current process
/// </summary>
/// <param name="process_create_flags">Process create flags.</param>
/// <param name="thread_create_flags">Thread create flags.</param>
/// <param name="throw_on_error">True to throw on error.</param>
/// <returns>The new forked process result</returns>
public static NtResult <CreateUserProcessResult> Fork(ProcessCreateFlags process_create_flags,
ThreadCreateFlags thread_create_flags, bool throw_on_error)
{
using (var attrs = new DisposableList <ProcessAttribute>()) {
ProcessCreateInfo create_info = new ProcessCreateInfo();
SafeStructureInOutBuffer <ClientId> client_id = new SafeStructureInOutBuffer <ClientId>();
attrs.Add(ProcessAttribute.ClientId(client_id));
ProcessAttributeList attr_list = new ProcessAttributeList(attrs);
return(NtSystemCalls.NtCreateUserProcess(
out SafeKernelObjectHandle process_handle, out SafeKernelObjectHandle thread_handle,
ProcessAccessRights.MaximumAllowed, ThreadAccessRights.MaximumAllowed,
null, null, process_create_flags | ProcessCreateFlags.InheritFromParent,
thread_create_flags, IntPtr.Zero, create_info, attr_list).CreateResult(throw_on_error,
() => new CreateUserProcessResult(process_handle, thread_handle,
create_info.Data, new SectionImageInformation(), client_id.Result, false)));
}
}
/// <summary>
/// Start the new process
/// </summary>
/// <param name="image_path">The image path to the file to execute</param>
/// <returns>The result of the process creation</returns>
public CreateUserProcessResult Start(string image_path)
{
if (image_path == null)
{
throw new ArgumentNullException("image_path");
}
using (var process_params = SafeProcessParametersBuffer.Create(ConfigImagePath ?? image_path, DllPath, CurrentDirectory,
CommandLine, Environment, WindowTitle, DesktopInfo, ShellInfo, RuntimeData, CreateProcessParametersFlags.Normalize)) {
using (var attrs = new DisposableList <ProcessAttribute>()) {
ProcessCreateInfo create_info = new ProcessCreateInfo();
attrs.Add(ProcessAttribute.ImageName(image_path));
SafeStructureInOutBuffer <SectionImageInformation> image_info = new SafeStructureInOutBuffer <SectionImageInformation>();
attrs.Add(ProcessAttribute.ImageInfo(image_info));
SafeStructureInOutBuffer <ClientId> client_id = new SafeStructureInOutBuffer <ClientId>();
attrs.Add(ProcessAttribute.ClientId(client_id));
attrs.AddRange(AdditionalAttributes);
if (ParentProcess != null)
{
attrs.Add(ProcessAttribute.ParentProcess(ParentProcess.Handle));
}
if (RestrictChildProcess || OverrideRestrictChildProcess)
{
attrs.Add(ProcessAttribute.ChildProcess(RestrictChildProcess, OverrideRestrictChildProcess));
}
if (Token != null)
{
attrs.Add(ProcessAttribute.Token(Token.Handle));
}
using (ProcessAttributeList attr_list = ProcessAttributeList.Create(attrs)) {
create_info.Data.InitFlags = InitFlags | ProcessCreateInitFlag.WriteOutputOnExit;
create_info.Data.ProhibitedImageCharacteristics = ProhibitedImageCharacteristics;
create_info.Data.AdditionalFileAccess = AdditionalFileAccess;
using (ObjectAttributes proc_attr = new ObjectAttributes(null, AttributeFlags.None,
SafeKernelObjectHandle.Null, null, ProcessSecurityDescriptor),
thread_attr = new ObjectAttributes(null, AttributeFlags.None,
SafeKernelObjectHandle.Null, null, ThreadSecurityDescriptor)) {
NtStatus status = NtSystemCalls.NtCreateUserProcess(
out SafeKernelObjectHandle process_handle, out SafeKernelObjectHandle thread_handle,
ProcessDesiredAccess, ThreadDesiredAccess,
proc_attr, thread_attr, ProcessFlags,
ThreadFlags, process_params.DangerousGetHandle(), create_info, attr_list);
if (!status.IsSuccess() && !ReturnOnError)
{
// Close handles which come from errors
switch (create_info.State)
{
case ProcessCreateState.FailOnSectionCreate:
NtSystemCalls.NtClose(create_info.Data.FileHandle);
break;
case ProcessCreateState.FailExeName:
NtSystemCalls.NtClose(create_info.Data.IFEOKey);
break;
}
status.ToNtException();
}
if (create_info.State == ProcessCreateState.Success)
{
return(new CreateUserProcessResult(process_handle, thread_handle,
create_info.Data, image_info.Result, client_id.Result, TerminateOnDispose));
}
else
{
return(new CreateUserProcessResult(status, create_info.Data, create_info.State));
}
}
}
}
}
}
/// <summary>
/// Start the new process
/// </summary>
/// <param name="image_path">The image path to the file to execute</param>
/// <returns>The result of the process creation</returns>
public CreateUserProcessResult Start(string image_path)
{
if (image_path == null)
{
throw new System.ArgumentNullException("image_path");
}
IntPtr process_params = CreateProcessParameters(ImagePath ?? image_path, DllPath, CurrentDirectory,
CommandLine, Environment, WindowTitle, DesktopInfo, ShellInfo, RuntimeData, 1);
List <ProcessAttribute> attrs = new List <ProcessAttribute>();
try
{
ProcessCreateInfo create_info = new ProcessCreateInfo();
SafeKernelObjectHandle process_handle;
SafeKernelObjectHandle thread_handle;
attrs.Add(ProcessAttribute.ImageName(image_path));
SafeStructureInOutBuffer <SectionImageInformation> image_info = new SafeStructureInOutBuffer <SectionImageInformation>();
attrs.Add(ProcessAttribute.ImageInfo(image_info));
SafeStructureInOutBuffer <ClientId> client_id = new SafeStructureInOutBuffer <ClientId>();
attrs.Add(ProcessAttribute.ClientId(client_id));
attrs.AddRange(AdditionalAttributes);
if (ParentProcess != null)
{
attrs.Add(ProcessAttribute.ParentProcess(ParentProcess.Handle));
}
if (RestrictChildProcess || OverrideRestrictChildProcess)
{
attrs.Add(ProcessAttribute.ChildProcess(RestrictChildProcess, OverrideRestrictChildProcess));
}
ProcessAttributeList attr_list = new ProcessAttributeList(attrs);
create_info.Data.InitFlags = InitFlags | ProcessCreateInitFlag.WriteOutputOnExit;
create_info.Data.ProhibitedImageCharacteristics = ProhibitedImageCharacteristics;
create_info.Data.AdditionalFileAccess = AdditionalFileAccess;
NtStatus status = NtSystemCalls.NtCreateUserProcess(
out process_handle, out thread_handle,
ProcessAccessRights.MaximumAllowed, ThreadAccessRights.MaximumAllowed,
null, null, ProcessFlags,
ThreadFlags, process_params, create_info, attr_list);
if (!status.IsSuccess() && !ReturnOnError)
{
// Close handles which come from errors
switch (create_info.State)
{
case ProcessCreateState.FailOnSectionCreate:
NtSystemCalls.NtClose(create_info.Data.FileHandle);
break;
case ProcessCreateState.FailExeName:
NtSystemCalls.NtClose(create_info.Data.IFEOKey);
break;
}
status.ToNtException();
}
if (create_info.State == ProcessCreateState.Success)
{
return(new CreateUserProcessResult(process_handle, thread_handle,
create_info.Data, image_info.Result, client_id.Result, TerminateOnDispose));
}
else
{
return(new CreateUserProcessResult(status, create_info.Data, create_info.State));
}
}
finally
{
NtRtl.RtlDestroyProcessParameters(process_params);
foreach (ProcessAttribute attr in attrs)
{
attr.Dispose();
}
}
}