internal NtProcessCreateResult(NtStatus status, ProcessCreateInfoData create_info, ProcessCreateState create_state) : this(status) { switch (create_state) { case ProcessCreateState.FailOnSectionCreate: if (create_info.FileHandle != IntPtr.Zero) { ImageFile = NtFile.FromHandle(create_info.FileHandle).Duplicate(); } break; case ProcessCreateState.FailExeName: if (create_info.IFEOKey != IntPtr.Zero) { IFEOKeyHandle = NtKey.FromHandle(create_info.IFEOKey).Duplicate(); } break; case ProcessCreateState.FailExeFormat: DllCharacteristics = (DllCharacteristics)create_info.DllCharacteristics; break; } Status = status; CreateState = create_state; Process = null; Thread = null; SectionHandle = null; }
internal LoadDllDebugEvent(DbgUiWaitStatusChange debug_event, NtDebug debug) : base(debug_event, debug) { var info = debug_event.StateInfo.LoadDll; File = info.FileHandle == IntPtr.Zero ? null : NtFile.FromHandle(info.FileHandle); BaseOfDll = info.BaseOfDll.ToInt64(); DebugInfoFileOffset = info.DebugInfoFileOffset; DebugInfoSize = info.DebugInfoSize; NamePointer = info.NamePointer.ToInt64(); }
internal CreateProcessDebugEvent(DbgUiWaitStatusChange debug_event, NtDebug debug) : base(debug_event, debug) { var info = debug_event.StateInfo.CreateProcess; Process = info.HandleToProcess == IntPtr.Zero ? null : NtProcess.FromHandle(info.HandleToProcess); Thread = info.HandleToThread == IntPtr.Zero ? null : NtThread.FromHandle(info.HandleToThread); var new_proc = info.NewProcess; ProcessSubSystemKey = new_proc.SubSystemKey; File = new_proc.FileHandle == IntPtr.Zero ? null : NtFile.FromHandle(new_proc.FileHandle); BaseOfImage = new_proc.BaseOfImage.ToInt64(); DebugInfoFileOffset = new_proc.DebugInfoFileOffset; DebugInfoSize = new_proc.DebugInfoSize; var thread = new_proc.InitialThread; ThreadSubSystemKey = thread.SubSystemKey; ThreadStartAddress = thread.StartAddress.ToInt64(); }
internal NtProcessCreateResult(NtStatus status, SafeKernelObjectHandle process_handle, SafeKernelObjectHandle thread_handle, ProcessCreateInfoData create_info, SectionImageInformation image_info, ClientId client_id, bool terminate_on_dispose) { Status = status; Process = new NtProcess(process_handle); Thread = new NtThread(thread_handle); ImageFile = create_info.Success.FileHandle != IntPtr.Zero ? NtFile.FromHandle(create_info.Success.FileHandle).Duplicate() : null; SectionHandle = create_info.Success.SectionHandle != IntPtr.Zero ? NtSection.FromHandle(create_info.Success.SectionHandle).Duplicate() : null; OutputFlags = create_info.Success.OutputFlags; UserProcessParametersNative = (long)create_info.Success.UserProcessParametersNative; UserProcessParametersWow64 = create_info.Success.UserProcessParametersWow64; CurrentParameterFlags = (int)create_info.Success.CurrentParameterFlags; PebAddressNative = (long)create_info.Success.PebAddressNative; PebAddressWow64 = create_info.Success.PebAddressWow64; ManifestAddress = (long)create_info.Success.ManifestAddress; ManifestSize = (int)create_info.Success.ManifestSize; ImageInfo = image_info; ClientId = client_id; DllCharacteristics = image_info.DllCharacteristics; CreateState = ProcessCreateState.Success; TerminateOnDispose = terminate_on_dispose; }