libintrovirt v0.57.4
IntroVirt introspection library
Loading...
Searching...
No Matches
Public Member Functions | Static Public Member Functions | List of all members
introvirt::windows::nt::NtCreateUserProcess Class Referenceabstract

Handler class for the NtCreateUserProcess system call. More...

#include <NtCreateUserProcess.hh>

Inheritance diagram for introvirt::windows::nt::NtCreateUserProcess:
Inheritance graph
[legend]
Collaboration diagram for introvirt::windows::nt::NtCreateUserProcess:
Collaboration graph
[legend]

Public Member Functions

virtual guest_ptr< void > ProcessHandlePtr () const =0
 Getter for ProcessHandlePtr.
 
virtual guest_ptr< void > ThreadHandlePtr () const =0
 Getter for ThreadHandlePtr.
 
virtual PROCESS_ACCESS_MASK ProcessDesiredAccess () const =0
 Getter for ProcessDesiredAccess.
 
virtual THREAD_ACCESS_MASK ThreadDesiredAccess () const =0
 Getter for ThreadDesiredAccess.
 
virtual guest_ptr< void > ProcessObjectAttributesPtr () const =0
 Getter for ProcessObjectAttributesPtr.
 
virtual guest_ptr< void > ThreadObjectAttributesPtr () const =0
 Getter for ThreadObjectAttributesPtr.
 
virtual ProcessCreateFlags ProcessFlags () const =0
 Getter for ProcessFlags.
 
virtual ThreadCreateFlags ThreadFlags () const =0
 Getter for ThreadFlags.
 
virtual guest_ptr< void > ProcessParametersPtr () const =0
 Getter for ProcessParametersPtr.
 
virtual guest_ptr< void > CreateInfoPtr () const =0
 Getter for CreateInfoPtr.
 
virtual guest_ptr< void > AttributeListPtr () const =0
 Getter for AttributeListPtr.
 
virtual void ProcessHandlePtr (const guest_ptr< void > &pProcessHandle)=0
 Setter for ProcessHandlePtr.
 
virtual void ThreadHandlePtr (const guest_ptr< void > &pThreadHandle)=0
 Setter for ThreadHandlePtr.
 
virtual void ProcessDesiredAccess (PROCESS_ACCESS_MASK ProcessDesiredAccess)=0
 Setter for ProcessDesiredAccess.
 
virtual void ThreadDesiredAccess (THREAD_ACCESS_MASK ThreadDesiredAccess)=0
 Setter for ThreadDesiredAccess.
 
virtual void ProcessObjectAttributesPtr (const guest_ptr< void > &pProcessObjectAttributes)=0
 Setter for ProcessObjectAttributesPtr.
 
virtual void ThreadObjectAttributesPtr (const guest_ptr< void > &pThreadObjectAttributes)=0
 Setter for ThreadObjectAttributesPtr.
 
virtual void ProcessFlags (ProcessCreateFlags ProcessFlags)=0
 Setter for ProcessFlags.
 
virtual void ThreadFlags (ThreadCreateFlags ThreadFlags)=0
 Setter for ThreadFlags.
 
virtual void ProcessParametersPtr (const guest_ptr< void > &pProcessParameters)=0
 Setter for ProcessParametersPtr.
 
virtual void CreateInfoPtr (const guest_ptr< void > &pCreateInfo)=0
 Setter for CreateInfoPtr.
 
virtual void AttributeListPtr (const guest_ptr< void > &pAttributeList)=0
 Setter for AttributeListPtr.
 
virtual uint64_t ProcessHandle () const =0
 
virtual void ProcessHandle (uint64_t ProcessHandle)=0
 
virtual uint64_t ThreadHandle () const =0
 
virtual void ThreadHandle (uint64_t ThreadHandle)=0
 
virtual const OBJECT_ATTRIBUTESProcessObjectAttributes () const =0
 
virtual OBJECT_ATTRIBUTESProcessObjectAttributes ()=0
 
virtual const OBJECT_ATTRIBUTESThreadObjectAttributes () const =0
 
virtual OBJECT_ATTRIBUTESThreadObjectAttributes ()=0
 
virtual const RTL_USER_PROCESS_PARAMETERSProcessParameters () const =0
 
virtual RTL_USER_PROCESS_PARAMETERSProcessParameters ()=0
 
virtual const PS_CREATE_INFOCreateInfo () const =0
 
virtual PS_CREATE_INFOCreateInfo ()=0
 
virtual const PS_ATTRIBUTE_LISTAttributeList () const =0
 
virtual PS_ATTRIBUTE_LISTAttributeList ()=0
 
virtual std::shared_ptr< PROCESSget_new_process ()=0
 Get the newly created PROCESS object.
 
virtual const std::shared_ptr< PROCESSget_new_process () const =0
 Get the newly created PROCESS object.
 
virtual std::shared_ptr< THREADget_new_thread ()=0
 Get the newly created THREAD object.
 
virtual const std::shared_ptr< THREADget_new_thread () const =0
 Get the newly created THREAD object.
 
- Public Member Functions inherited from introvirt::windows::nt::NtSystemCall
virtual NTSTATUS result () const =0
 Get the result code.
 
virtual void result (NTSTATUS_CODE code)=0
 Set the result code.
 
- Public Member Functions inherited from introvirt::windows::WindowsSystemCall
virtual SystemCallIndex index () const =0
 Get the system call number.
 
- Public Member Functions inherited from introvirt::SystemCall
virtual const std::string & name () const =0
 Get the name of the system call.
 
virtual void write (std::ostream &os=std::cout) const =0
 Write a human-readable description of this system call.
 
virtual Json::Value json () const =0
 
virtual bool will_return () const =0
 
virtual void data (const std::string &key, const std::shared_ptr< void > &value)=0
 Store arbitrary data with the SystemCall.
 
virtual void data (const std::string &key, std::shared_ptr< void > &&value)=0
 Store arbitrary data with the SystemCall.
 
virtual std::shared_ptr< void > data (const std::string &key)=0
 Retrieve arbitrary data stored with the SystemCall.
 
virtual std::shared_ptr< const void > data (const std::string &key) const =0
 Retrieve arbitrary data stored with the SystemCall.
 
virtual bool supported () const =0
 Check if this system call is supported by a more specific handler.
 
virtual void handle_return_event (Event &event)=0
 Handle a system call return event.
 
virtual ~SystemCall ()=default
 Destroy the instance.
 

Static Public Member Functions

static NTSTATUS inject (uint64_t &ProcessHandle, uint64_t &ThreadHandle, PROCESS_ACCESS_MASK ProcessDesiredAccess, THREAD_ACCESS_MASK ThreadDesiredAccess, const guest_ptr< void > &pProcessObjectAttributes, const guest_ptr< void > &pThreadObjectAttributes, ProcessCreateFlags ProcessFlags, ThreadCreateFlags ThreadFlags, const RTL_USER_PROCESS_PARAMETERS *ProcessParameters, PS_CREATE_INFO &CreateInfo, const guest_ptr< void > &pAttributeList)
 

Detailed Description

Handler class for the NtCreateUserProcess system call.

Member Function Documentation

◆ AttributeList() [1/2]

virtual const PS_ATTRIBUTE_LIST * introvirt::windows::nt::NtCreateUserProcess::AttributeList ( ) const
pure virtual

◆ AttributeList() [2/2]

virtual PS_ATTRIBUTE_LIST * introvirt::windows::nt::NtCreateUserProcess::AttributeList ( )
pure virtual

◆ AttributeListPtr() [1/2]

virtual guest_ptr< void > introvirt::windows::nt::NtCreateUserProcess::AttributeListPtr ( ) const
pure virtual

Getter for AttributeListPtr.

Returns
The address pointed to by the the AttributeListPtr parameter

◆ AttributeListPtr() [2/2]

virtual void introvirt::windows::nt::NtCreateUserProcess::AttributeListPtr ( const guest_ptr< void > &  pAttributeList)
pure virtual

Setter for AttributeListPtr.

Parameters
pAttributeListThe address to set for the AttributeListPtr parameter

◆ CreateInfo() [1/2]

virtual const PS_CREATE_INFO * introvirt::windows::nt::NtCreateUserProcess::CreateInfo ( ) const
pure virtual

◆ CreateInfo() [2/2]

virtual PS_CREATE_INFO * introvirt::windows::nt::NtCreateUserProcess::CreateInfo ( )
pure virtual

◆ CreateInfoPtr() [1/2]

virtual guest_ptr< void > introvirt::windows::nt::NtCreateUserProcess::CreateInfoPtr ( ) const
pure virtual

Getter for CreateInfoPtr.

Returns
The address pointed to by the the CreateInfoPtr parameter

◆ CreateInfoPtr() [2/2]

virtual void introvirt::windows::nt::NtCreateUserProcess::CreateInfoPtr ( const guest_ptr< void > &  pCreateInfo)
pure virtual

Setter for CreateInfoPtr.

Parameters
pCreateInfoThe address to set for the CreateInfoPtr parameter

◆ get_new_process() [1/2]

virtual const std::shared_ptr< PROCESS > introvirt::windows::nt::NtCreateUserProcess::get_new_process ( ) const
pure virtual

Get the newly created PROCESS object.

Returns
The newly created process, or nullptr on error
Exceptions
InvalidMethodExceptionif the system call has not returned

◆ get_new_process() [2/2]

virtual std::shared_ptr< PROCESS > introvirt::windows::nt::NtCreateUserProcess::get_new_process ( )
pure virtual

Get the newly created PROCESS object.

Returns
The newly created process, or nullptr on error
Exceptions
InvalidMethodExceptionif the system call has not returned

◆ get_new_thread() [1/2]

virtual const std::shared_ptr< THREAD > introvirt::windows::nt::NtCreateUserProcess::get_new_thread ( ) const
pure virtual

Get the newly created THREAD object.

Returns
The newly created thread, or nullptr on error
Exceptions
InvalidMethodExceptionif the system call has not returned

◆ get_new_thread() [2/2]

virtual std::shared_ptr< THREAD > introvirt::windows::nt::NtCreateUserProcess::get_new_thread ( )
pure virtual

Get the newly created THREAD object.

Returns
The newly created thread, or nullptr on error
Exceptions
InvalidMethodExceptionif the system call has not returned

◆ inject()

static NTSTATUS introvirt::windows::nt::NtCreateUserProcess::inject ( uint64_t &  ProcessHandle,
uint64_t &  ThreadHandle,
PROCESS_ACCESS_MASK  ProcessDesiredAccess,
THREAD_ACCESS_MASK  ThreadDesiredAccess,
const guest_ptr< void > &  pProcessObjectAttributes,
const guest_ptr< void > &  pThreadObjectAttributes,
ProcessCreateFlags  ProcessFlags,
ThreadCreateFlags  ThreadFlags,
const RTL_USER_PROCESS_PARAMETERS ProcessParameters,
PS_CREATE_INFO CreateInfo,
const guest_ptr< void > &  pAttributeList 
)
static

◆ ProcessDesiredAccess() [1/2]

virtual PROCESS_ACCESS_MASK introvirt::windows::nt::NtCreateUserProcess::ProcessDesiredAccess ( ) const
pure virtual

Getter for ProcessDesiredAccess.

Returns
The value of the ProcessDesiredAccess parameter

◆ ProcessDesiredAccess() [2/2]

virtual void introvirt::windows::nt::NtCreateUserProcess::ProcessDesiredAccess ( PROCESS_ACCESS_MASK  ProcessDesiredAccess)
pure virtual

Setter for ProcessDesiredAccess.

Parameters
ProcessDesiredAccessThe value to set for the ProcessDesiredAccess parameter

◆ ProcessFlags() [1/2]

virtual ProcessCreateFlags introvirt::windows::nt::NtCreateUserProcess::ProcessFlags ( ) const
pure virtual

Getter for ProcessFlags.

Returns
The value of the ProcessFlags parameter

◆ ProcessFlags() [2/2]

virtual void introvirt::windows::nt::NtCreateUserProcess::ProcessFlags ( ProcessCreateFlags  ProcessFlags)
pure virtual

Setter for ProcessFlags.

Parameters
ProcessFlagsThe value to set for the ProcessFlags parameter

◆ ProcessHandle() [1/2]

virtual uint64_t introvirt::windows::nt::NtCreateUserProcess::ProcessHandle ( ) const
pure virtual

◆ ProcessHandle() [2/2]

virtual void introvirt::windows::nt::NtCreateUserProcess::ProcessHandle ( uint64_t  ProcessHandle)
pure virtual

◆ ProcessHandlePtr() [1/2]

virtual guest_ptr< void > introvirt::windows::nt::NtCreateUserProcess::ProcessHandlePtr ( ) const
pure virtual

Getter for ProcessHandlePtr.

Returns
The address pointed to by the the ProcessHandlePtr parameter

◆ ProcessHandlePtr() [2/2]

virtual void introvirt::windows::nt::NtCreateUserProcess::ProcessHandlePtr ( const guest_ptr< void > &  pProcessHandle)
pure virtual

Setter for ProcessHandlePtr.

Parameters
pProcessHandleThe address to set for the ProcessHandlePtr parameter

◆ ProcessObjectAttributes() [1/2]

virtual const OBJECT_ATTRIBUTES * introvirt::windows::nt::NtCreateUserProcess::ProcessObjectAttributes ( ) const
pure virtual

◆ ProcessObjectAttributes() [2/2]

virtual OBJECT_ATTRIBUTES * introvirt::windows::nt::NtCreateUserProcess::ProcessObjectAttributes ( )
pure virtual

◆ ProcessObjectAttributesPtr() [1/2]

virtual guest_ptr< void > introvirt::windows::nt::NtCreateUserProcess::ProcessObjectAttributesPtr ( ) const
pure virtual

Getter for ProcessObjectAttributesPtr.

Returns
The address pointed to by the the ProcessObjectAttributesPtr parameter

◆ ProcessObjectAttributesPtr() [2/2]

virtual void introvirt::windows::nt::NtCreateUserProcess::ProcessObjectAttributesPtr ( const guest_ptr< void > &  pProcessObjectAttributes)
pure virtual

Setter for ProcessObjectAttributesPtr.

Parameters
pProcessObjectAttributesThe address to set for the ProcessObjectAttributesPtr parameter

◆ ProcessParameters() [1/2]

virtual const RTL_USER_PROCESS_PARAMETERS * introvirt::windows::nt::NtCreateUserProcess::ProcessParameters ( ) const
pure virtual

◆ ProcessParameters() [2/2]

virtual RTL_USER_PROCESS_PARAMETERS * introvirt::windows::nt::NtCreateUserProcess::ProcessParameters ( )
pure virtual

◆ ProcessParametersPtr() [1/2]

virtual guest_ptr< void > introvirt::windows::nt::NtCreateUserProcess::ProcessParametersPtr ( ) const
pure virtual

Getter for ProcessParametersPtr.

Returns
The address pointed to by the the ProcessParametersPtr parameter

◆ ProcessParametersPtr() [2/2]

virtual void introvirt::windows::nt::NtCreateUserProcess::ProcessParametersPtr ( const guest_ptr< void > &  pProcessParameters)
pure virtual

Setter for ProcessParametersPtr.

Parameters
pProcessParametersThe address to set for the ProcessParametersPtr parameter

◆ ThreadDesiredAccess() [1/2]

virtual THREAD_ACCESS_MASK introvirt::windows::nt::NtCreateUserProcess::ThreadDesiredAccess ( ) const
pure virtual

Getter for ThreadDesiredAccess.

Returns
The value of the ThreadDesiredAccess parameter

◆ ThreadDesiredAccess() [2/2]

virtual void introvirt::windows::nt::NtCreateUserProcess::ThreadDesiredAccess ( THREAD_ACCESS_MASK  ThreadDesiredAccess)
pure virtual

Setter for ThreadDesiredAccess.

Parameters
ThreadDesiredAccessThe value to set for the ThreadDesiredAccess parameter

◆ ThreadFlags() [1/2]

virtual ThreadCreateFlags introvirt::windows::nt::NtCreateUserProcess::ThreadFlags ( ) const
pure virtual

Getter for ThreadFlags.

Returns
The value of the ThreadFlags parameter

◆ ThreadFlags() [2/2]

virtual void introvirt::windows::nt::NtCreateUserProcess::ThreadFlags ( ThreadCreateFlags  ThreadFlags)
pure virtual

Setter for ThreadFlags.

Parameters
ThreadFlagsThe value to set for the ThreadFlags parameter

◆ ThreadHandle() [1/2]

virtual uint64_t introvirt::windows::nt::NtCreateUserProcess::ThreadHandle ( ) const
pure virtual

◆ ThreadHandle() [2/2]

virtual void introvirt::windows::nt::NtCreateUserProcess::ThreadHandle ( uint64_t  ThreadHandle)
pure virtual

◆ ThreadHandlePtr() [1/2]

virtual guest_ptr< void > introvirt::windows::nt::NtCreateUserProcess::ThreadHandlePtr ( ) const
pure virtual

Getter for ThreadHandlePtr.

Returns
The address pointed to by the the ThreadHandlePtr parameter

◆ ThreadHandlePtr() [2/2]

virtual void introvirt::windows::nt::NtCreateUserProcess::ThreadHandlePtr ( const guest_ptr< void > &  pThreadHandle)
pure virtual

Setter for ThreadHandlePtr.

Parameters
pThreadHandleThe address to set for the ThreadHandlePtr parameter

◆ ThreadObjectAttributes() [1/2]

virtual const OBJECT_ATTRIBUTES * introvirt::windows::nt::NtCreateUserProcess::ThreadObjectAttributes ( ) const
pure virtual

◆ ThreadObjectAttributes() [2/2]

virtual OBJECT_ATTRIBUTES * introvirt::windows::nt::NtCreateUserProcess::ThreadObjectAttributes ( )
pure virtual

◆ ThreadObjectAttributesPtr() [1/2]

virtual guest_ptr< void > introvirt::windows::nt::NtCreateUserProcess::ThreadObjectAttributesPtr ( ) const
pure virtual

Getter for ThreadObjectAttributesPtr.

Returns
The address pointed to by the the ThreadObjectAttributesPtr parameter

◆ ThreadObjectAttributesPtr() [2/2]

virtual void introvirt::windows::nt::NtCreateUserProcess::ThreadObjectAttributesPtr ( const guest_ptr< void > &  pThreadObjectAttributes)
pure virtual

Setter for ThreadObjectAttributesPtr.

Parameters
pThreadObjectAttributesThe address to set for the ThreadObjectAttributesPtr parameter
The documentation for this class was generated from the following file: