PspCreateProcess
2012-10-08 23:53
489 查看
围观WRK------------------------------------PspCreateProcess
#if defined(_WIN64)
INITIAL_PEB32 InitialPeb32;
#endif
PAGED_CODE();
CurrentThread = PsGetCurrentThread ();
PreviousMode = KeGetPreviousModeByThread(&CurrentThread->Tcb);
CurrentProcess = PsGetCurrentProcessByThread (CurrentThread);
CreatePeb = FALSE;
UseLargePages = FALSE;
DirectoryTableBase[0] = 0;
DirectoryTableBase[1] = 0;
Peb = NULL;
//
// Reject bogus create parameters for future expansion
//
if (Flags&~PROCESS_CREATE_FLAGS_LEGAL_MASK) {
return STATUS_INVALID_PARAMETER;
}
//
// Parent
//
if (ARGUMENT_PRESENT (ParentProcess)) {
Status = ObReferenceObjectByHandle (ParentProcess,
PROCESS_CREATE_PROCESS,
PsProcessType,
PreviousMode,
&Parent,
NULL);
if (!NT_SUCCESS (Status)) {
return Status;
}
if (JobMemberLevel != 0 && Parent->Job == NULL) {
ObDereferenceObject (Parent);
return STATUS_INVALID_PARAMETER;
}
Affinity = Parent->Pcb.Affinity;
WorkingSetMinimum = PsMinimumWorkingSet;
WorkingSetMaximum = PsMaximumWorkingSet;
} else {
Parent = NULL;
Affinity = KeActiveProcessors;
WorkingSetMinimum = PsMinimumWorkingSet;
WorkingSetMaximum = PsMaximumWorkingSet;
}
//
// Create the process object
//
Status = ObCreateObject (PreviousMode,
PsProcessType,
ObjectAttributes,
PreviousMode,
NULL,
sizeof (EPROCESS),
0,
0,
&Process);
if (!NT_SUCCESS (Status)) {
goto exit_and_deref_parent;
}
//
// The process object is created set to NULL. Errors
// That occur after this step cause the process delete
// routine to be entered.
//
// Teardown actions that occur in the process delete routine
// do not need to be performed inline.
//
RtlZeroMemory (Process, sizeof(EPROCESS));
ExInitializeRundownProtection (&Process->RundownProtect);
PspInitializeProcessLock (Process);
InitializeListHead (&Process->ThreadListHead);
#if defined(_WIN64)
if (Flags & PROCESS_CREATE_FLAGS_OVERRIDE_ADDRESS_SPACE) {
PS_SET_BITS (&Process->Flags, PS_PROCESS_FLAGS_OVERRIDE_ADDRESS_SPACE);
}
#endif
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- PspCreateProcessNotifyRoutine,PspCreateThreadNotifyRoutine,PspLoadImageNotifyRoutine表全部清空
- 进程创建过程分析NtCreateProcess-NtCreateProcessEx-PspCreateProcess
- Inlinehook PspCreateProcess
- [转载]关于NtCreateUserProcess和NtCreateThreadEx的参数
- Fatal error in launcher: Unable to create process using '"'
- CreateProcess TerminateProcess 创建与终止进程 demo
- Python:Fatal error in launcher: Unable to create process using pip.exe
- CreateProcessWithLogonW
- 使用Runtime去运行命令行 CreateProcess error=193, %1 不是有效的 Win32 应用程序。
- CreateProcessAsUser Function
- Android_Studio_Checkout_Github_Error"Cannot run program "git.exe":CreateProcess error = 2
- adb连接时出现如下错误CreateProcess failure, error 2 * could not start server *
- CreateProcessAsUser的用法
- PsSetCreateProcessNotifyRoutine进程黑名单
- How to Create Modifiers Using the API QP_MODIFIERS_PUB.PROCESS_MODIFIERS
- adb连接时出现如下错误CreateProcess failure, error 2 * could not start server *
- Only ARCH Bgprocess may create archivelog?
- CreateProcess failure, error 2
- failed to create process.[python]
- (亲测)Error:CreateProcess error=216, 该版本的 %1 与您运行的 Windows 版本不兼容。