internal NtProcessCreateResult(NtStatus status,
ProcessCreateInfoData create_info, ProcessCreateState create_state) : this(status) {
switch (create_state)
{
case ProcessCreateState.FailOnSectionCreate:
if (create_info.FileHandle != IntPtr.Zero)
{
ImageFile = NtFile.FromHandle(create_info.FileHandle).Duplicate();
}
break;
case ProcessCreateState.FailExeName:
if (create_info.IFEOKey != IntPtr.Zero)
{
IFEOKeyHandle = NtKey.FromHandle(create_info.IFEOKey).Duplicate();
}
break;
case ProcessCreateState.FailExeFormat:
DllCharacteristics = (DllCharacteristics)create_info.DllCharacteristics;
break;
}
Status = status;
CreateState = create_state;
Process = null;
Thread = null;
SectionHandle = null;
}
internal LoadDllDebugEvent(DbgUiWaitStatusChange debug_event, NtDebug debug)
: base(debug_event, debug)
{
var info = debug_event.StateInfo.LoadDll;
File = info.FileHandle == IntPtr.Zero ? null : NtFile.FromHandle(info.FileHandle);
BaseOfDll = info.BaseOfDll.ToInt64();
DebugInfoFileOffset = info.DebugInfoFileOffset;
DebugInfoSize = info.DebugInfoSize;
NamePointer = info.NamePointer.ToInt64();
}
internal CreateProcessDebugEvent(DbgUiWaitStatusChange debug_event, NtDebug debug)
: base(debug_event, debug)
{
var info = debug_event.StateInfo.CreateProcess;
Process = info.HandleToProcess == IntPtr.Zero ? null : NtProcess.FromHandle(info.HandleToProcess);
Thread = info.HandleToThread == IntPtr.Zero ? null : NtThread.FromHandle(info.HandleToThread);
var new_proc = info.NewProcess;
ProcessSubSystemKey = new_proc.SubSystemKey;
File = new_proc.FileHandle == IntPtr.Zero ? null : NtFile.FromHandle(new_proc.FileHandle);
BaseOfImage = new_proc.BaseOfImage.ToInt64();
DebugInfoFileOffset = new_proc.DebugInfoFileOffset;
DebugInfoSize = new_proc.DebugInfoSize;
var thread = new_proc.InitialThread;
ThreadSubSystemKey = thread.SubSystemKey;
ThreadStartAddress = thread.StartAddress.ToInt64();
}
internal NtProcessCreateResult(NtStatus status, SafeKernelObjectHandle process_handle, SafeKernelObjectHandle thread_handle,
ProcessCreateInfoData create_info, SectionImageInformation image_info, ClientId client_id, bool terminate_on_dispose)
{
Status = status;
Process = new NtProcess(process_handle);
Thread = new NtThread(thread_handle);
ImageFile = create_info.Success.FileHandle != IntPtr.Zero ?
NtFile.FromHandle(create_info.Success.FileHandle).Duplicate() : null;
SectionHandle = create_info.Success.SectionHandle != IntPtr.Zero ?
NtSection.FromHandle(create_info.Success.SectionHandle).Duplicate() : null;
OutputFlags = create_info.Success.OutputFlags;
UserProcessParametersNative = (long)create_info.Success.UserProcessParametersNative;
UserProcessParametersWow64 = create_info.Success.UserProcessParametersWow64;
CurrentParameterFlags = (int)create_info.Success.CurrentParameterFlags;
PebAddressNative = (long)create_info.Success.PebAddressNative;
PebAddressWow64 = create_info.Success.PebAddressWow64;
ManifestAddress = (long)create_info.Success.ManifestAddress;
ManifestSize = (int)create_info.Success.ManifestSize;
ImageInfo = image_info;
ClientId = client_id;
DllCharacteristics = image_info.DllCharacteristics;
CreateState = ProcessCreateState.Success;
TerminateOnDispose = terminate_on_dispose;
}
