internal CreateUserProcessResult(NtStatus status, ProcessCreateInfoData create_info, ProcessCreateState create_state)
{
ImageFile = null;
if (create_state == ProcessCreateState.FailOnSectionCreate)
{
ImageFile = new NtFile(new SafeKernelObjectHandle(create_info.FileHandle, true));
}
else if (create_state == ProcessCreateState.FailExeName)
{
IFEOKeyHandle = RegistryKey.FromHandle(new SafeRegistryHandle(create_info.IFEOKey, true));
}
Status = status;
CreateInfo = create_info;
CreateState = create_state;
Process = null;
Thread = null;
SectionHandle = null;
ImageInfo = new SectionImageInformation();
ClientId = new ClientId();
}
internal NtProcessCreateResult(NtStatus status, SafeKernelObjectHandle process_handle, SafeKernelObjectHandle thread_handle,
ProcessCreateInfoData create_info, SectionImageInformation image_info, ClientId client_id, bool terminate_on_dispose)
{
Status = status;
Process = new NtProcess(process_handle);
Thread = new NtThread(thread_handle);
ImageFile = create_info.Success.FileHandle != IntPtr.Zero ?
NtFile.FromHandle(create_info.Success.FileHandle).Duplicate() : null;
SectionHandle = create_info.Success.SectionHandle != IntPtr.Zero ?
NtSection.FromHandle(create_info.Success.SectionHandle).Duplicate() : null;
OutputFlags = create_info.Success.OutputFlags;
UserProcessParametersNative = (long)create_info.Success.UserProcessParametersNative;
UserProcessParametersWow64 = create_info.Success.UserProcessParametersWow64;
CurrentParameterFlags = (int)create_info.Success.CurrentParameterFlags;
PebAddressNative = (long)create_info.Success.PebAddressNative;
PebAddressWow64 = create_info.Success.PebAddressWow64;
ManifestAddress = (long)create_info.Success.ManifestAddress;
ManifestSize = (int)create_info.Success.ManifestSize;
ImageInfo = image_info;
ClientId = client_id;
DllCharacteristics = image_info.DllCharacteristics;
CreateState = ProcessCreateState.Success;
TerminateOnDispose = terminate_on_dispose;
}
public static extern NtStatus NtOpenProcess(
out SafeKernelObjectHandle ProcessHandle,
ProcessAccessRights DesiredAccess,
[In] ObjectAttributes ObjectAttributes,
[In] ClientId ClientId
);
public static extern NtStatus NtOpenThread(out SafeKernelObjectHandle ThreadHandle,
ThreadAccessRights DesiredAccess, ObjectAttributes ObjectAttributes, ClientId ClientId);
/// <summary>
/// Continue the debugged process.
/// </summary>
/// <param name="client_id">The client ID for the process and thread IDs.</param>
/// <param name="continue_status">The continue status code.</param>
public void Continue(ClientId client_id, NtStatus continue_status)
{
Continue(client_id, continue_status, true);
}
/// <summary>
/// Continue the debugged process.
/// </summary>
/// <param name="client_id">The client ID for the process and thread IDs.</param>
/// <param name="continue_status">The continue status code.</param>
/// <param name="throw_on_error">True to throw on error.</param>
/// <returns>The NT status code.</returns>
public NtStatus Continue(ClientId client_id, NtStatus continue_status, bool throw_on_error)
{
return(NtSystemCalls.NtDebugContinue(Handle, client_id, continue_status).ToNtException(throw_on_error));
}
public static extern NtStatus NtDebugContinue(
SafeKernelObjectHandle DebugObjectHandle,
ClientId ClientId,
NtStatus ContinueStatus
);