NtCreateUserProcess.hh

Go to the documentation of this file.

/*
 * Copyright 2021 Assured Information Security, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *         http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 
/* This file is automatically generated. Do not edit. */
#pragma once
 
#include "NtSystemCall.hh"
#include <introvirt/windows/kernel/nt/types/objects/PROCESS.hh>
#include <introvirt/windows/kernel/nt/types/objects/THREAD.hh>
 
#include <introvirt/windows/kernel/nt/const/ProcessCreateFlags.hh>
#include <introvirt/windows/kernel/nt/const/ThreadCreateFlags.hh>
#include <introvirt/windows/kernel/nt/syscall/types/OBJECT_ATTRIBUTES.hh>
#include <introvirt/windows/kernel/nt/syscall/types/PS_ATTRIBUTE_LIST.hh>
#include <introvirt/windows/kernel/nt/syscall/types/PS_CREATE_INFO.hh>
#include <introvirt/windows/kernel/nt/types/RTL_USER_PROCESS_PARAMETERS.hh>
#include <introvirt/windows/kernel/nt/types/access_mask/PROCESS_ACCESS_MASK.hh>
#include <introvirt/windows/kernel/nt/types/access_mask/THREAD_ACCESS_MASK.hh>
 
#include <memory>
 
namespace introvirt {
namespace windows {
namespace nt {
 
class NtCreateUserProcess : public NtSystemCall {
  public:
    /* Direct parameter getters */
 
    virtual guest_ptr<void> ProcessHandlePtr() const = 0;
    virtual guest_ptr<void> ThreadHandlePtr() const = 0;
    virtual PROCESS_ACCESS_MASK ProcessDesiredAccess() const = 0;
    virtual THREAD_ACCESS_MASK ThreadDesiredAccess() const = 0;
    virtual guest_ptr<void> ProcessObjectAttributesPtr() const = 0;
    virtual guest_ptr<void> ThreadObjectAttributesPtr() const = 0;
    virtual ProcessCreateFlags ProcessFlags() const = 0;
    virtual ThreadCreateFlags ThreadFlags() const = 0;
    virtual guest_ptr<void> ProcessParametersPtr() const = 0;
    virtual guest_ptr<void> CreateInfoPtr() const = 0;
    virtual guest_ptr<void> AttributeListPtr() const = 0;
 
    /* Direct parameter setters */
 
    virtual void ProcessHandlePtr(const guest_ptr<void>& pProcessHandle) = 0;
    virtual void ThreadHandlePtr(const guest_ptr<void>& pThreadHandle) = 0;
    virtual void ProcessDesiredAccess(PROCESS_ACCESS_MASK ProcessDesiredAccess) = 0;
    virtual void ThreadDesiredAccess(THREAD_ACCESS_MASK ThreadDesiredAccess) = 0;
    virtual void ProcessObjectAttributesPtr(const guest_ptr<void>& pProcessObjectAttributes) = 0;
    virtual void ThreadObjectAttributesPtr(const guest_ptr<void>& pThreadObjectAttributes) = 0;
    virtual void ProcessFlags(ProcessCreateFlags ProcessFlags) = 0;
    virtual void ThreadFlags(ThreadCreateFlags ThreadFlags) = 0;
    virtual void ProcessParametersPtr(const guest_ptr<void>& pProcessParameters) = 0;
    virtual void CreateInfoPtr(const guest_ptr<void>& pCreateInfo) = 0;
    virtual void AttributeListPtr(const guest_ptr<void>& pAttributeList) = 0;
 
    /* Helper methods */
    virtual uint64_t ProcessHandle() const = 0;
    virtual void ProcessHandle(uint64_t ProcessHandle) = 0;
    virtual uint64_t ThreadHandle() const = 0;
    virtual void ThreadHandle(uint64_t ThreadHandle) = 0;
    virtual const OBJECT_ATTRIBUTES* ProcessObjectAttributes() const = 0;
    virtual OBJECT_ATTRIBUTES* ProcessObjectAttributes() = 0;
    virtual const OBJECT_ATTRIBUTES* ThreadObjectAttributes() const = 0;
    virtual OBJECT_ATTRIBUTES* ThreadObjectAttributes() = 0;
    virtual const RTL_USER_PROCESS_PARAMETERS* ProcessParameters() const = 0;
    virtual RTL_USER_PROCESS_PARAMETERS* ProcessParameters() = 0;
    virtual const PS_CREATE_INFO* CreateInfo() const = 0;
    virtual PS_CREATE_INFO* CreateInfo() = 0;
    virtual const PS_ATTRIBUTE_LIST* AttributeList() const = 0;
    virtual PS_ATTRIBUTE_LIST* AttributeList() = 0;
    virtual std::shared_ptr<PROCESS> get_new_process() = 0;
 
    virtual const std::shared_ptr<PROCESS> get_new_process() const = 0;
 
    virtual std::shared_ptr<THREAD> get_new_thread() = 0;
 
    virtual const std::shared_ptr<THREAD> get_new_thread() const = 0;
 
    /*
     * System call injection support. You probably want to use
     * inject::system_call<NtCreateUserProcess>.
     */
    static NTSTATUS inject(uint64_t& ProcessHandle, uint64_t& ThreadHandle,
                           PROCESS_ACCESS_MASK ProcessDesiredAccess,
                           THREAD_ACCESS_MASK ThreadDesiredAccess,
                           const guest_ptr<void>& pProcessObjectAttributes,
                           const guest_ptr<void>& pThreadObjectAttributes,
                           ProcessCreateFlags ProcessFlags, ThreadCreateFlags ThreadFlags,
                           const RTL_USER_PROCESS_PARAMETERS* ProcessParameters,
                           PS_CREATE_INFO& CreateInfo, const guest_ptr<void>& pAttributeList);
};
 
} /* namespace nt */
} /* namespace windows */
} /* namespace introvirt */