internal CreateUserProcessResult(SafeKernelObjectHandle process_handle, SafeKernelObjectHandle thread_handle, ProcessCreateInfoData create_info, SectionImageInformation image_info, ClientId client_id) { Process = new NtProcess(process_handle); Thread = new NtThread(thread_handle); ImageFile = new NtFile(new SafeKernelObjectHandle(create_info.Success.FileHandle, true)); SectionHandle = new NtSection(new SafeKernelObjectHandle(create_info.Success.SectionHandle, true)); ImageInfo = image_info; ClientId = client_id; CreateInfo = create_info; CreateState = ProcessCreateState.Success; }
internal CreateUserProcessResult(NtStatus status, ProcessCreateInfoData create_info, ProcessCreateState create_state) { ImageFile = null; if (create_state == ProcessCreateState.FailOnSectionCreate) { ImageFile = new NtFile(new SafeKernelObjectHandle(create_info.FileHandle, true)); } else if (create_state == ProcessCreateState.FailExeName) { IFEOKeyHandle = RegistryKey.FromHandle(new SafeRegistryHandle(create_info.IFEOKey, true)); } Status = status; CreateInfo = create_info; CreateState = create_state; Process = null; Thread = null; SectionHandle = null; ImageInfo = new SectionImageInformation(); ClientId = new ClientId(); }
internal NtProcessCreateResult(NtStatus status, SafeKernelObjectHandle process_handle, SafeKernelObjectHandle thread_handle, ProcessCreateInfoData create_info, SectionImageInformation image_info, ClientId client_id, bool terminate_on_dispose) { Status = status; Process = new NtProcess(process_handle); Thread = new NtThread(thread_handle); ImageFile = create_info.Success.FileHandle != IntPtr.Zero ? NtFile.FromHandle(create_info.Success.FileHandle).Duplicate() : null; SectionHandle = create_info.Success.SectionHandle != IntPtr.Zero ? NtSection.FromHandle(create_info.Success.SectionHandle).Duplicate() : null; OutputFlags = create_info.Success.OutputFlags; UserProcessParametersNative = (long)create_info.Success.UserProcessParametersNative; UserProcessParametersWow64 = create_info.Success.UserProcessParametersWow64; CurrentParameterFlags = (int)create_info.Success.CurrentParameterFlags; PebAddressNative = (long)create_info.Success.PebAddressNative; PebAddressWow64 = create_info.Success.PebAddressWow64; ManifestAddress = (long)create_info.Success.ManifestAddress; ManifestSize = (int)create_info.Success.ManifestSize; ImageInfo = image_info; ClientId = client_id; DllCharacteristics = image_info.DllCharacteristics; CreateState = ProcessCreateState.Success; TerminateOnDispose = terminate_on_dispose; }