using System;
using System.Runtime.InteropServices;
using System.Text;
using Vanara.Extensions;
using Vanara.InteropServices;
using FILETIME = System.Runtime.InteropServices.ComTypes.FILETIME;
namespace Vanara.PInvoke
{
public static partial class Kernel32
{
/// Value indicating that there are no thread local storage indexes to allocate.
public const uint TLS_OUT_OF_INDEXES = 0xFFFFFFFF;
/// The maximum processors.
public static readonly uint MAXIMUM_PROCESSORS = (uint)IntPtr.Size * 8U;
/// Undocumented.
public static readonly UIntPtr PROC_THREAD_ATTRIBUTE_ALL_APPLICATION_PACKAGES_POLICY = ProcThreadAttributeValue(PROC_THREAD_ATTRIBUTE_NUM.ProcThreadAttributeAllApplicationPackagesPolicy, false, true, false);
///
/// The lpValue parameter is a pointer to a DWORD or DWORD64 value that specifies the child process policy. THe policy specifies
/// whether to allow a child process to be created.For information on the possible values for the DWORD or DWORD64 to which lpValue
/// points, see Remarks.
///
public static readonly UIntPtr PROC_THREAD_ATTRIBUTE_CHILD_PROCESS_POLICY = ProcThreadAttributeValue(PROC_THREAD_ATTRIBUTE_NUM.ProcThreadAttributeChildProcessPolicy, false, true, false);
///
/// This attribute is relevant only to win32 applications that have been converted to UWP packages by using the Desktop Bridge. The
/// lpValue parameter is a pointer to a DWORD value that specifies the desktop app policy. The policy specifies whether descendant
/// processes should continue to run in the desktop environment.For information about the possible values for the DWORD to which
/// lpValue points, see Remarks.
///
public static readonly UIntPtr PROC_THREAD_ATTRIBUTE_DESKTOP_APP_POLICY = ProcThreadAttributeValue(PROC_THREAD_ATTRIBUTE_NUM.ProcThreadAttributeDesktopAppPolicy, false, true, false);
///
/// The lpValue parameter is a pointer to a GROUP_AFFINITY structure that specifies the processor group affinity for the new
/// thread.Windows Server 2008 and Windows Vista: This value is not supported until Windows 7 and Windows Server 2008 R2.
///
public static readonly UIntPtr PROC_THREAD_ATTRIBUTE_GROUP_AFFINITY = ProcThreadAttributeValue(PROC_THREAD_ATTRIBUTE_NUM.ProcThreadAttributeGroupAffinity, true, true, false);
///
/// The lpValue parameter is a pointer to a list of handles to be inherited by the child process.These handles must be created as
/// inheritable handles and must not include pseudo handles such as those returned by the GetCurrentProcess or GetCurrentThread function.
///
public static readonly UIntPtr PROC_THREAD_ATTRIBUTE_HANDLE_LIST = ProcThreadAttributeValue(PROC_THREAD_ATTRIBUTE_NUM.ProcThreadAttributeHandleList, false, true, false);
///
/// The lpValue parameter is a pointer to a PROCESSOR_NUMBER structure that specifies the ideal processor for the new thread.Windows
/// Server 2008 and Windows Vista: This value is not supported until Windows 7 and Windows Server 2008 R2.
///
public static readonly UIntPtr PROC_THREAD_ATTRIBUTE_IDEAL_PROCESSOR = ProcThreadAttributeValue(PROC_THREAD_ATTRIBUTE_NUM.ProcThreadAttributeIdealProcessor, true, true, false);
/// Undocumented.
public static readonly UIntPtr PROC_THREAD_ATTRIBUTE_JOB_LIST = ProcThreadAttributeValue(PROC_THREAD_ATTRIBUTE_NUM.ProcThreadAttributeJobList, false, true, false);
///
/// The lpValue parameter is a pointer to a DWORD or DWORD64 that specifies the exploit mitigation policy for the child process.
/// Starting in Windows 10, version 1703, this parameter can also be a pointer to a two-element DWORD64 array.The specified policy
/// overrides the policies set for the application and the system and cannot be changed after the child process starts running.
/// Windows Server 2008 and Windows Vista: This value is not supported until Windows 7 and Windows Server 2008 R2.The DWORD or
/// DWORD64 pointed to by lpValue can be one or more of the values listed in the remarks.
///
public static readonly UIntPtr PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY = ProcThreadAttributeValue(PROC_THREAD_ATTRIBUTE_NUM.ProcThreadAttributeMitigationPolicy, false, true, false);
///
/// The lpValue parameter is a pointer to a handle to a process to use instead of the calling process as the parent for the process
/// being created. The process to use must have the PROCESS_CREATE_PROCESS access right.Attributes inherited from the specified
/// process include handles, the device map, processor affinity, priority, quotas, the process token, and job object. (Note that some
/// attributes such as the debug port will come from the creating process, not the process specified by this handle.)
///
public static readonly UIntPtr PROC_THREAD_ATTRIBUTE_PARENT_PROCESS = ProcThreadAttributeValue(PROC_THREAD_ATTRIBUTE_NUM.ProcThreadAttributeParentProcess, false, true, false);
///
/// The lpValue parameter is a pointer to the node number of the preferred NUMA node for the new process.Windows Server 2008 and
/// Windows Vista: This value is not supported until Windows 7 and Windows Server 2008 R2.
///
public static readonly UIntPtr PROC_THREAD_ATTRIBUTE_PREFERRED_NODE = ProcThreadAttributeValue(PROC_THREAD_ATTRIBUTE_NUM.ProcThreadAttributePreferredNode, false, true, false);
///
/// The lpValue parameter is a pointer to a DWORD value of PROTECTION_LEVEL_SAME. This specifies the protection level of the child
/// process to be the same as the protection level of its parent process.
///
public static readonly UIntPtr PROC_THREAD_ATTRIBUTE_PROTECTION_LEVEL = ProcThreadAttributeValue(PROC_THREAD_ATTRIBUTE_NUM.ProcThreadAttributeProtectionLevel, false, true, false);
///
/// The lpValue parameter is a pointer to a SECURITY_CAPABILITIES structure that defines the security capabilities of an app
/// container. If this attribute is set the new process will be created as an AppContainer process.Windows 7, Windows Server 2008 R2,
/// Windows Server 2008 and Windows Vista: This value is not supported until Windows 8 and Windows Server 2012.
///
public static readonly UIntPtr PROC_THREAD_ATTRIBUTE_SECURITY_CAPABILITIES = ProcThreadAttributeValue(PROC_THREAD_ATTRIBUTE_NUM.ProcThreadAttributeSecurityCapabilities, false, true, false);
///
/// The lpValue parameter is a pointer to a UMS_CREATE_THREAD_ATTRIBUTES structure that specifies a user-mode scheduling (UMS) thread
/// context and a UMS completion list to associate with the thread. After the UMS thread is created, the system queues it to the
/// specified completion list. The UMS thread runs only when an application's UMS scheduler retrieves the UMS thread from the
/// completion list and selects it to run. For more information, see User-Mode Scheduling.Windows Server 2008 and Windows Vista: This
/// value is not supported until Windows 7 and Windows Server 2008 R2.
///
public static readonly UIntPtr PROC_THREAD_ATTRIBUTE_UMS_THREAD = ProcThreadAttributeValue(PROC_THREAD_ATTRIBUTE_NUM.ProcThreadAttributeUmsThread, true, true, false);
/// Undocumented.
public static readonly UIntPtr PROC_THREAD_ATTRIBUTE_WIN32K_FILTER = ProcThreadAttributeValue(PROC_THREAD_ATTRIBUTE_NUM.ProcThreadAttributeWin32kFilter, false, true, false);
private const uint PROC_THREAD_ATTRIBUTE_ADDITIVE = 0x00040000;
private const uint PROC_THREAD_ATTRIBUTE_INPUT = 0x00020000;
private const uint PROC_THREAD_ATTRIBUTE_NUMBER = 0x0000FFFF;
private const uint PROC_THREAD_ATTRIBUTE_THREAD = 0x00010000;
///
/// An application-defined completion routine. Specify this address when calling the QueueUserAPC function. The PAPCFUNC type defines
/// a pointer to this callback function.
///
/// The data passed to the function using the dwData parameter of the QueueUserAPC function.
[UnmanagedFunctionPointer(CallingConvention.StdCall)]
public delegate void PAPCFUNC(UIntPtr dwParam);
/// Represents the type of information in the SYSTEM_CPU_SET_INFORMATION structure.
// typedef enum _CPU_SET_INFORMATION_TYPE { CpuSetInformation} CPU_SET_INFORMATION_TYPE, *PCPU_SET_INFORMATION_TYPE; https://msdn.microsoft.com/en-us/library/windows/desktop/mt186423(v=vs.85).aspx
[PInvokeData("Processthreadapi.h", MSDNShortId = "mt186423")]
public enum CPU_SET_INFORMATION_TYPE
{
/// The structure contains CPU Set information.
CpuSetInformation
}
///
/// The following process creation flags are used by the CreateProcess, CreateProcessAsUser,
/// CreateProcessWithLogonW, and CreateProcessWithTokenW functions. They can be specified in any combination, except as noted.
///
// https://msdn.microsoft.com/en-us/library/windows/desktop/ms684863(v=vs.85).aspx
[PInvokeData("WinBase.h", MSDNShortId = "ms684863")]
[Flags]
public enum CREATE_PROCESS : uint
{
///
/// The child processes of a process associated with a job are not associated with the job. If the calling process is not
/// associated with a job, this constant has no effect. If the calling process is associated with a job, the job must set the
/// JOB_OBJECT_LIMIT_BREAKAWAY_OK limit.
///
CREATE_BREAKAWAY_FROM_JOB = 0x01000000,
///
/// The new process does not inherit the error mode of the calling process. Instead, the new process gets the default error mode.
/// This feature is particularly useful for multithreaded shell applications that run with hard errors disabled.The default
/// behavior is for the new process to inherit the error mode of the caller. Setting this flag changes that default behavior.
///
CREATE_DEFAULT_ERROR_MODE = 0x04000000,
///
/// The new process has a new console, instead of inheriting its parent's console (the default). For more information, see
/// Creation of a Console. This flag cannot be used with DETACHED_PROCESS.
///
CREATE_NEW_CONSOLE = 0x00000010,
///
/// The new process is the root process of a new process group. The process group includes all processes that are descendants of
/// this root process. The process identifier of the new process group is the same as the process identifier, which is returned
/// in the lpProcessInformation parameter. Process groups are used by the GenerateConsoleCtrlEvent function to enable sending a
/// CTRL+BREAK signal to a group of console processes.If this flag is specified, CTRL+C signals will be disabled for all
/// processes within the new process group.This flag is ignored if specified with CREATE_NEW_CONSOLE.
///
CREATE_NEW_PROCESS_GROUP = 0x00000200,
///
/// The process is a console application that is being run without a console window. Therefore, the console handle for the
/// application is not set.This flag is ignored if the application is not a console application, or if it is used with either
/// CREATE_NEW_CONSOLE or DETACHED_PROCESS.
///
CREATE_NO_WINDOW = 0x08000000,
///
/// The process is to be run as a protected process. The system restricts access to protected processes and the threads of
/// protected processes. For more information on how processes can interact with protected processes, see Process Security and
/// Access Rights.To activate a protected process, the binary must have a special signature. This signature is provided by
/// Microsoft but not currently available for non-Microsoft binaries. There are currently four protected processes: media
/// foundation, audio engine, Windows error reporting, and system. Components that load into these binaries must also be signed.
/// Multimedia companies can leverage the first two protected processes. For more information, see Overview of the Protected
/// Media Path.Windows Server 2003 and Windows XP: This value is not supported.
///
CREATE_PROTECTED_PROCESS = 0x00040000,
///
/// Allows the caller to execute a child process that bypasses the process restrictions that would normally be applied
/// automatically to the process.
///
CREATE_PRESERVE_CODE_AUTHZ_LEVEL = 0x02000000,
/// This flag allows secure processes, that run in the Virtualization-Based Security environment, to launch.
CREATE_SECURE_PROCESS = 0x00400000,
///
/// This flag is valid only when starting a 16-bit Windows-based application. If set, the new process runs in a private Virtual
/// DOS Machine (VDM). By default, all 16-bit Windows-based applications run as threads in a single, shared VDM. The advantage of
/// running separately is that a crash only terminates the single VDM; any other programs running in distinct VDMs continue to
/// function normally. Also, 16-bit Windows-based applications that are run in separate VDMs have separate input queues. That
/// means that if one application stops responding momentarily, applications in separate VDMs continue to receive input. The
/// disadvantage of running separately is that it takes significantly more memory to do so. You should use this flag only if the
/// user requests that 16-bit applications should run in their own VDM.
///
CREATE_SEPARATE_WOW_VDM = 0x00000800,
///
/// The flag is valid only when starting a 16-bit Windows-based application. If the DefaultSeparateVDM switch in the Windows
/// section of WIN.INI is TRUE, this flag overrides the switch. The new process is run in the shared Virtual DOS Machine.
///
CREATE_SHARED_WOW_VDM = 0x00001000,
///
/// The primary thread of the new process is created in a suspended state, and does not run until the ResumeThread function is called.
///
CREATE_SUSPENDED = 0x00000004,
///
/// If this flag is set, the environment block pointed to by lpEnvironment uses Unicode characters. Otherwise, the environment
/// block uses ANSI characters.
///
CREATE_UNICODE_ENVIRONMENT = 0x00000400,
///
/// The calling thread starts and debugs the new process. It can receive all related debug events using the WaitForDebugEvent function.
///
DEBUG_ONLY_THIS_PROCESS = 0x00000002,
///
/// The calling thread starts and debugs the new process and all child processes created by the new process. It can receive all
/// related debug events using the WaitForDebugEvent function. A process that uses DEBUG_PROCESS becomes the root of a debugging
/// chain. This continues until another process in the chain is created with DEBUG_PROCESS.If this flag is combined with
/// DEBUG_ONLY_THIS_PROCESS, the caller debugs only the new process, not any child processes.
///
DEBUG_PROCESS = 0x00000001,
///
/// For console processes, the new process does not inherit its parent's console (the default). The new process can call the
/// AllocConsole function at a later time to create a console. For more information, see Creation of a Console. This value cannot
/// be used with CREATE_NEW_CONSOLE.
///
DETACHED_PROCESS = 0x00000008,
///
/// The process is created with extended startup information; the lpStartupInfo parameter specifies a STARTUPINFOEX
/// structure.Windows Server 2003 and Windows XP: This value is not supported.
///
EXTENDED_STARTUPINFO_PRESENT = 0x00080000,
///
/// The process inherits its parent's affinity. If the parent process has threads in more than one processor group, the new
/// process inherits the group-relative affinity of an arbitrary group in use by the parent.Windows Server 2008, Windows Vista,
/// Windows Server 2003 and Windows XP: This value is not supported.
///
INHERIT_PARENT_AFFINITY = 0x00010000,
/// Process with no special scheduling needs.
NORMAL_PRIORITY_CLASS = 0x00000020,
///
/// Process whose threads run only when the system is idle and are preempted by the threads of any process running in a higher
/// priority class. An example is a screen saver. The idle priority class is inherited by child processes.
///
IDLE_PRIORITY_CLASS = 0x00000040,
///
/// Process that performs time-critical tasks that must be executed immediately for it to run correctly. The threads of a
/// high-priority class process preempt the threads of normal or idle priority class processes. An example is the Task List,
/// which must respond quickly when called by the user, regardless of the load on the operating system. Use extreme care when
/// using the high-priority class, because a high-priority class CPU-bound application can use nearly all available cycles.
///
HIGH_PRIORITY_CLASS = 0x00000080,
///
/// Process that has the highest possible priority. The threads of a real-time priority class process preempt the threads of all
/// other processes, including operating system processes performing important tasks. For example, a real-time process that
/// executes for more than a very brief interval can cause disk caches not to flush or cause the mouse to be unresponsive.
///
REALTIME_PRIORITY_CLASS = 0x00000100,
/// Process that has priority above IDLE_PRIORITY_CLASS but below NORMAL_PRIORITY_CLASS.
BELOW_NORMAL_PRIORITY_CLASS = 0x00004000,
/// Process that has priority above NORMAL_PRIORITY_CLASS but below HIGH_PRIORITY_CLASS.
ABOVE_NORMAL_PRIORITY_CLASS = 0x00008000,
/// Undocumented.
CREATE_FORCEDOS = 0x00002000,
/// Creates profiles for the user mode modeuls of the process.
PROFILE_USER = 0x10000000,
/// Undocumented.
PROFILE_KERNEL = 0x20000000,
/// Undocumented.
PROFILE_SERVER = 0x40000000,
/// Undocumented.
CREATE_IGNORE_SYSTEM_DEFAULT = 0x80000000,
/// Undocumented.
INHERIT_CALLER_PRIORITY = 0x00020000,
///
/// Begin background processing mode. The system lowers the resource scheduling priorities of the process (and its threads) so
/// that it can perform background work without significantly affecting activity in the foreground.
///
/// This value can be specified only if hProcess is a handle to the current process. The function fails if the process is already
/// in background processing mode.
///
/// Windows Server 2003 and Windows XP: This value is not supported.
///
PROCESS_MODE_BACKGROUND_BEGIN = 0x00100000,
///
/// End background processing mode. The system restores the resource scheduling priorities of the process (and its threads) as
/// they were before the process entered background processing mode.
///
/// This value can be specified only if hProcess is a handle to the current process. The function fails if the process is not in
/// background processing mode.
///
/// Windows Server 2003 and Windows XP: This value is not supported.
///
PROCESS_MODE_BACKGROUND_END = 0x00200000,
}
/// Flags used by .
[Flags]
public enum CREATE_THREAD_FLAGS
{
/// The thread runs immediately after creation.
RUN_IMMEDIATELY = 0,
/// The thread is created in a suspended state, and does not run until the ResumeThread function is called.
CREATE_SUSPENDED = 4,
/// The dwStackSize parameter specifies the initial reserve size of the stack. If this flag is not specified, dwStackSize
/// specifies the commit size.
STACK_SIZE_PARAM_IS_A_RESERVATION = 0x00010000,
}
/// The memory priority for the thread or process.
public enum MEMORY_PRIORITY
{
/// Lowest memory priority.
MEMORY_PRIORITY_LOWEST = 0,
/// Very low memory priority.
MEMORY_PRIORITY_VERY_LOW = 1,
/// Low memory priority.
MEMORY_PRIORITY_LOW = 2,
/// Medium memory priority.
MEMORY_PRIORITY_MEDIUM = 3,
/// Below normal memory priority.
MEMORY_PRIORITY_BELOW_NORMAL = 4,
/// Normal memory priority. This is the default priority for all threads and processes on the system.
MEMORY_PRIORITY_NORMAL = 5,
}
/// The affinity update mode.
public enum PROCESS_AFFINITY_MODE
{
/// Dynamic update of the process affinity by the system is disabled.
PROCESS_AFFINITY_DISABLE_AUTO_UPDATE,
/// Dynamic update of the process affinity by the system is enabled.
PROCESS_AFFINITY_ENABLE_AUTO_UPDATE
}
/// Indicates type of structure used in GetProcessInformation and SetProcessInformation calls.
public enum PROCESS_INFORMATION_CLASS
{
/// Indicates that a MEMORY_PRIORITY_INFORMATION structure is specified for the operation.
[CorrespondingType(typeof(MEMORY_PRIORITY_INFORMATION))]
ProcessMemoryPriority,
/// Indicates that a PROCESS_MEMORY_EXHAUSTION_INFO structure is specified for the operation.
[CorrespondingType(typeof(PROCESS_MEMORY_EXHAUSTION_INFO))]
ProcessMemoryExhaustionInfo,
/// Indicates that a APP_MEMORY_INFORMATION structure is specified for the operation.
[CorrespondingType(typeof(APP_MEMORY_INFORMATION))]
ProcessAppMemoryInfo,
/// Undocumented.
ProcessInPrivateInfo,
/// Indicates that a PROCESS_POWER_THROTTLING_STATE structure is specified for the operation.
[CorrespondingType(typeof(PROCESS_POWER_THROTTLING_STATE))]
ProcessPowerThrottling,
/// Undocumented.
ProcessReservedValue1,
/// Undocumented.
ProcessTelemetryCoverageInfo,
/// Indicates that a PROCESS_PROTECTION_LEVEL_INFORMATION structure is specified for the operation.
[CorrespondingType(typeof(PROCESS_PROTECTION_LEVEL_INFORMATION))]
ProcessProtectionLevelInfo,
}
/// Represents the different memory exhaustion types.
// typedef enum _PROCESS_MEMORY_EXHAUSTION_TYPE { PMETypeFailFastOnCommitFailure, PMETypeMax} PROCESS_MEMORY_EXHAUSTION_TYPE,
// *PPROCESS_MEMORY_EXHAUSTION_TYPE;// https://msdn.microsoft.com/en-us/library/windows/desktop/mt767998(v=vs.85).aspx
[PInvokeData("WinBase.h", MSDNShortId = "mt767998")]
public enum PROCESS_MEMORY_EXHAUSTION_TYPE
{
///
/// Anytime memory management fails an allocation due to an inability to commit memory, it will cause the process to trigger a
/// Windows Error Reporting report and then terminate immediately with STATUS_COMMITMENT_LIMIT. The failure cannot be
/// caught and handled by the app.
///
PMETypeFailFastOnCommitFailure,
/// The maximum value for this enumeration. This value may change in a future version.
PMETypeMax
}
/// Flags used by PROCESS_MITIGATION_ASLR_POLICY
[Flags]
public enum PROCESS_MITIGATION_ASLR_POLICY_FLAGS : uint
{
///
/// Thread stacks and other bottom-up allocations are subject to randomization by ASLR if this flag is set. This flag is
/// read-only and cannot be modified after a process has been created.
///
EnableBottomUpRandomization = 1 << 0,
/// Images that have not been built with /DYNAMICBASE are forcibly relocated on load if this flag is set.
EnableForceRelocateImages = 1 << 1,
///
/// Bottom-up allocations are subject to higher degrees of entropy when randomized by ASLR if this flag is set. This flag only
/// applies to 64-bit processes and is read-only.
///
EnableHighEntropy = 1 << 2,
///
/// Images that have not been built with /DYNAMICBASE and do not have relocation information will fail to load if this flag and
/// EnableForceRelocateImages are set.
///
DisallowStrippedImages = 1 << 3,
}
/// Flags used by PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY.
[Flags]
public enum PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY_FLAGS : uint
{
///
/// Set (0x1) to prevent the process from loading images that are not signed by Microsoft; otherwise leave unset (0x0).
///
MicrosoftSignedOnly = 1 << 0,
///
/// Set (0x1) to prevent the process from loading images that are not signed by the Windows Store; otherwise leave unset (0x0).
///
StoreSignedOnly = 1 << 1,
///
/// Set (0x1) to prevent the process from loading images that are not signed by Microsoft, the Windows Store and the Windows
/// Hardware Quality Labs (WHQL); otherwise leave unset (0x0).
///
MitigationOptIn = 1 << 2,
/// Undocumented
AuditMicrosoftSignedOnly = 1 << 3,
/// Undocumented
AuditStoreSignedOnly = 1 << 4,
}
/// Flags used by PROCESS_MITIGATION_CHILD_PROCESS_POLICY.
[Flags]
public enum PROCESS_MITIGATION_CHILD_PROCESS_POLICY_FLAGS : uint
{
/// If set, the process cannot create child processes.
NoChildProcessCreation = 1 << 0,
///
/// If set, causes audit events to be generated when child processes are created by the process. If both NoChildProcessCreation
/// and AuditNoChildProcessCreation are set, NoChildProcessCreation takes precedence over audit setting.
///
AuditNoChildProcessCreation = 1 << 1,
///
/// Denies creation of child processes unless the child process is a secure process and if creation was previously blocked. It
/// allows a process to spawn a child process on behalf of another process that cannot itself create child processes. See
/// PROCESS_CREATION_CHILD_PROCESS_OVERRIDE in UpdateProcThreadAttribute.
///
AllowSecureProcessCreation = 1 << 2,
}
/// Flags used by PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY
[Flags]
public enum PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY_FLAGS : uint
{
/// CFG is enabled for the process if this flag is set. This field cannot be changed via SetProcessMitigationPolicy.
EnableControlFlowGuard = 1 << 0,
///
/// If TRUE, exported functions will be treated as invalid indirect call targets by default. Exported functions only become valid
/// indirect call targets if they are dynamically resolved via GetProcAddress. This field cannot be changed via SetProcessMitigationPolicy.
///
EnableExportSuppression = 1 << 1,
///
/// If TRUE, all DLLs that are loaded must enable CFG. If a DLL does not enable CFG then the image will fail to load. This policy
/// can be enabled after a process has started by calling SetProcessMitigationPolicy. It cannot be disabled once enabled.
///
StrictMode = 1 << 2,
}
/// Flags used by PROCESS_MITIGATION_DEP_POLICY
[Flags]
public enum PROCESS_MITIGATION_DEP_POLICY_FLAGS : uint
{
/// DEP is enabled for the process if this flag is set.
Enable = 1 << 0,
/// ATL thunk emulation is disabled for the process if this flag is set.
DisableAtlThunkEmulation = 1 << 1,
}
/// Flags used by PROCESS_MITIGATION_DYNAMIC_CODE_POLICY
[Flags]
public enum PROCESS_MITIGATION_DYNAMIC_CODE_POLICY_FLAGS : uint
{
///
/// Set (0x1) to prevent the process from generating dynamic code or modifying existing executable code; otherwise leave unset (0x0).
///
ProhibitDynamicCode = 1 << 0,
///
/// Set (0x1) to allow threads to opt out of the restrictions on dynamic code generation by calling the
/// SetThreadInformation function with the ThreadInformation parameter set to ThreadDynamicCodePolicy; otherwise
/// leave unset (0x0). You should not use the AllowThreadOptOut and ThreadDynamicCodePolicy settings together to
/// provide strong security. These settings are only intended to enable applications to adapt their code more easily for full
/// dynamic code restrictions.
///
AllowThreadOptOut = 1 << 1,
///
/// Set (0x1) to allow non-AppContainer processes to modify all of the dynamic code settings for the calling process, including
/// relaxing dynamic code restrictions after they have been set.
///
AllowRemoteDowngrade = 1 << 2,
/// Undocumented
AuditProhibitDynamicCode = 1 << 3,
}
/// Flags used by PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY
[Flags]
public enum PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY_FLAGS : uint
{
/// Prevents legacy extension point DLLs from being loaded into the process.
DisableExtensionPoints = 1 << 0,
}
/// Flags used by PROCESS_MITIGATION_FONT_DISABLE_POLICY.
[Flags]
public enum PROCESS_MITIGATION_FONT_DISABLE_POLICY_FLAGS : uint
{
/// Set (0x1) to prevent the process from loading non-system fonts; otherwise leave unset (0x0).
DisableNonSystemFonts = 1 << 0,
///
/// Set (0x1) to indicate that an Event Tracing for Windows (ETW) event should be logged when the process attempts to load a
/// non-system font; leave unset (0x0) to indicate that an ETW event should not be logged.
///
AuditNonSystemFontLoading = 1 << 1,
}
/// Flags used by PROCESS_MITIGATION_IMAGE_LOAD_POLICY.
[Flags]
public enum PROCESS_MITIGATION_IMAGE_LOAD_POLICY_FLAGS : uint
{
///
/// Set (0x1) to prevent the process from loading images from a remote device, such as a UNC share; otherwise leave unset (0x0).
///
NoRemoteImages = 1 << 0,
///
/// Set (0x1) to prevent the process from loading images that have a Low mandatory label, as written by low IL; otherwise leave
/// unset (0x0).
///
NoLowMandatoryLabelImages = 1 << 1,
///
/// Set (0x1) to search for images to load in the System32 subfolder of the folder in which Windows is installed first, then in
/// the application directory in the standard DLL search order; otherwise leave unset (0x0).
///
PreferSystem32Images = 1 << 2,
/// Undocumented.
AuditNoRemoteImages = 1 << 3,
/// Undocumented.
AuditNoLowMandatoryLabelImages = 1 << 4,
}
/// Flags used by PROCESS_MITIGATION_PAYLOAD_RESTRICTION_POLICY.
[Flags]
public enum PROCESS_MITIGATION_PAYLOAD_RESTRICTION_POLICY_FLAGS : uint
{
/// If set this enables the Export Address Filter mitigation in enforcement mode for the process.
EnableExportAddressFilter = 1 << 0,
/// If set this enables the Export Address Filter mitigation in audit mode for the process.
AuditExportAddressFilter = 1 << 1,
/// If set this enables the Export Address Filter Plus mitigation in enforcement mode for the process.
EnableExportAddressFilterPlus = 1 << 2,
/// If set this enables the Export Address Filter mitigation in audit mode for the process.
AuditExportAddressFilterPlus = 1 << 3,
/// If set this enables the Import Address Filter mitigation in enforcement mode for the process.
EnableImportAddressFilter = 1 << 4,
/// If set this enables the Import Address Filter mitigation in enforcement mode for the process.
AuditImportAddressFilter = 1 << 5,
///
/// If set this enables the stack pivot anti-ROP (Return-oriented-programming) mitigation in enforcement mode for the process.
///
EnableRopStackPivot = 1 << 6,
///
/// If set this enables the stack pivot anti-ROP (Return-oriented-programming) mitigation in audit mode for the process.
///
AuditRopStackPivot = 1 << 7,
///
/// If set this enables the caller check anti-ROP (Return-oriented-programming) mitigation in enforcement mode for the process.
/// Applies to 32-bit processes only.
///
EnableRopCallerCheck = 1 << 8,
///
/// If set this enables the caller check anti-ROP (Return-oriented-programming) mitigation in audit mode for the process. Applies
/// to 32-bit processes only.
///
AuditRopCallerCheck = 1 << 9,
///
/// If set this enables the simulated execution anti-ROP (Return-oriented-programming) mitigation in enforcement mode for the
/// process. Applies to 32-bit processes only.
///
EnableRopSimExec = 1 << 10,
///
/// If set this enables the simulated execution anti-ROP (Return-oriented-programming) mitigation in audit mode for the process.
/// Applies to 32-bit processes only.
///
AuditRopSimExec = 1 << 11,
}
/// Represents the different process mitigation policies.
[PInvokeData("winnt.h")]
public enum PROCESS_MITIGATION_POLICY
{
/// The data execution prevention (DEP) policy of the process.
[CorrespondingType(typeof(PROCESS_MITIGATION_DEP_POLICY))]
ProcessDEPPolicy,
/// The Address Space Layout Randomization (ASLR) policy of the process.
[CorrespondingType(typeof(PROCESS_MITIGATION_ASLR_POLICY))]
ProcessASLRPolicy,
///
/// The policy that turns off the ability of the process to generate dynamic code or modify existing executable code.
///
[CorrespondingType(typeof(PROCESS_MITIGATION_DYNAMIC_CODE_POLICY))]
ProcessDynamicCodePolicy,
///
/// The process will receive a fatal error if it manipulates an invalid handle. Useful for preventing downstream problems in a
/// process due to handle misuse.
///
[CorrespondingType(typeof(PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY))]
ProcessStrictHandleCheckPolicy,
/// Disables the ability to use NTUser/GDI functions at the lowest layer.
[CorrespondingType(typeof(PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY))]
ProcessSystemCallDisablePolicy,
///
/// Returns the mask of valid bits for all the mitigation options on the system. An application can set many mitigation options
/// without querying the operating system for mitigation options by combining bitwise with the mask to exclude all non-supported
/// bits at once.
///
ProcessMitigationOptionsMask,
///
/// The policy that prevents some built-in third party extension points from being turned on, which prevents legacy extension
/// point DLLs from being loaded into the process.
///
[CorrespondingType(typeof(PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY))]
ProcessExtensionPointDisablePolicy,
/// The Control Flow Guard (CFG) policy of the process.
[CorrespondingType(typeof(PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY))]
ProcessControlFlowGuardPolicy,
///
/// The policy of a process that can restrict image loading to those images that are either signed by Microsoft, by the Windows
/// Store, or by Microsoft, the Windows Store and the Windows Hardware Quality Labs (WHQL).
///
[CorrespondingType(typeof(PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY))]
ProcessSignaturePolicy,
/// The policy that turns off the ability of the process to load non-system fonts.
[CorrespondingType(typeof(PROCESS_MITIGATION_FONT_DISABLE_POLICY))]
ProcessFontDisablePolicy,
///
/// The policy that turns off the ability of the process to load images from some locations, such a remote devices or files that
/// have the low mandatory label.
///
[CorrespondingType(typeof(PROCESS_MITIGATION_IMAGE_LOAD_POLICY))]
ProcessImageLoadPolicy,
}
/// Flags used by PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY
[Flags]
public enum PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY_FLAGS : uint
{
///
/// When set to 1, an exception is raised if an invalid handle to a kernel object is used. Except as noted in the Remarks
/// section, once exceptions for invalid handles are enabled for a process, they cannot be disabled.
///
RaiseExceptionOnInvalidHandleReference = 1 << 0,
/// When set to 1, exceptions for invalid kernel handles are permanently enabled.
HandleExceptionsPermanentlyEnabled = 1 << 1,
}
/// Flags used by PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY
[Flags]
public enum PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY_FLAGS : uint
{
/// When set to 1, the process is not permitted to perform GUI system calls.
DisallowWin32kSystemCalls = 1 << 0,
/// Undocumented.
AuditDisallowWin32kSystemCalls = 1 << 1,
}
[Flags]
public enum ProcessAccess : uint
{
PROCESS_TERMINATE = 0x0001,
PROCESS_CREATE_THREAD = 0x0002,
PROCESS_SET_SESSIONID = 0x0004,
PROCESS_VM_OPERATION = 0x0008,
PROCESS_VM_READ = 0x0010,
PROCESS_VM_WRITE = 0x0020,
PROCESS_DUP_HANDLE = 0x0040,
PROCESS_CREATE_PROCESS = 0x0080,
PROCESS_SET_QUOTA = 0x0100,
PROCESS_SET_INFORMATION = 0x0200,
PROCESS_QUERY_INFORMATION = 0x0400,
PROCESS_SUSPEND_RESUME = 0x0800,
PROCESS_QUERY_LIMITED_INFORMATION = 0x1000,
PROCESS_SET_LIMITED_INFORMATION = 0x2000,
PROCESS_ALL_ACCESS = ACCESS_MASK.STANDARD_RIGHTS_REQUIRED | ACCESS_MASK.SYNCHRONIZE | 0xFFFF,
}
/// The processor feature to be tested.
[PInvokeData("winnt.h", MSDNShortId = "ms724482")]
public enum PROCESSOR_FEATURE
{
/// The alpha byte instructions are available.
PF_ALPHA_BYTE_INSTRUCTIONS = 5,
/// The 64-bit load/store atomic instructions are available.
PF_ARM_64BIT_LOADSTORE_ATOMIC = 25,
/// The divide instructions are available.
PF_ARM_DIVIDE_INSTRUCTION_AVAILABLE = 24,
/// The external cache is available.
PF_ARM_EXTERNAL_CACHE_AVAILABLE = 26,
/// The floating-point multiply-accumulate instruction is available.
PF_ARM_FMAC_INSTRUCTIONS_AVAILABLE = 27,
/// The neon instructions are available.
PF_ARM_NEON_INSTRUCTIONS_AVAILABLE = 19,
/// The v8 CRC32 instructions are available.
PF_ARM_V8_CRC32_INSTRUCTIONS_AVAILABLE = 31,
/// The v8 Crypto instructions are available.
PF_ARM_V8_CRYPTO_INSTRUCTIONS_AVAILABLE = 30,
/// The v8 instructions are available.
PF_ARM_V8_INSTRUCTIONS_AVAILABLE = 29,
/// The VFP/Neon: 32 x 64bit register bank is present. This flag has the same meaning as PF_ARM_VFP_EXTENDED_REGISTERS.
PF_ARM_VFP_32_REGISTERS_AVAILABLE = 18,
/// The 3D-Now instruction set is available.
PF_3DNOW_INSTRUCTIONS_AVAILABLE = 7,
/// The processor channels are enabled.
PF_CHANNELS_ENABLED = 16,
/// The atomic compare and exchange operation (cmpxchg) is available.
PF_COMPARE_EXCHANGE_DOUBLE = 2,
///
/// The atomic compare and exchange 128-bit operation (cmpxchg16b) is available.
/// Windows Server 2003 and Windows XP/2000: This feature is not supported.
///
PF_COMPARE_EXCHANGE128 = 14,
///
/// The atomic compare 64 and exchange 128-bit operation (cmp8xchg16) is available.
/// Windows Server 2003 and Windows XP/2000: This feature is not supported.
///
PF_COMPARE64_EXCHANGE128 = 15,
/// _fastfail() is available.
PF_FASTFAIL_AVAILABLE = 23,
///
/// Floating-point operations are emulated using a software emulator.
/// This function returns a nonzero value if floating-point operations are emulated; otherwise, it returns zero.
///
PF_FLOATING_POINT_EMULATED = 1,
/// On a Pentium, a floating-point precision error can occur in rare circumstances.
PF_FLOATING_POINT_PRECISION_ERRATA = 0,
/// The MMX instruction set is available.
PF_MMX_INSTRUCTIONS_AVAILABLE = 3,
///
/// Data execution prevention is enabled.
/// Windows XP/2000: This feature is not supported until Windows XP with SP2 and Windows Server 2003 with SP1.
///
PF_NX_ENABLED = 12,
///
/// The processor is PAE-enabled. For more information, see Physical Address Extension.
/// All x64 processors always return a nonzero value for this feature.
///
PF_PAE_ENABLED = 9,
/// The PPC movemem 64 bit is ok.
PF_PPC_MOVEMEM_64BIT_OK = 4,
/// The pf rdrand instruction available
PF_RDRAND_INSTRUCTION_AVAILABLE = 28,
/// The RDTSC instruction is available.
PF_RDTSC_INSTRUCTION_AVAILABLE = 8,
/// The pf RDTSCP instruction available
PF_RDTSCP_INSTRUCTION_AVAILABLE = 32,
/// RDFSBASE, RDGSBASE, WRFSBASE, and WRGSBASE instructions are available.
PF_RDWRFSGSBASE_AVAILABLE = 22,
/// Second Level Address Translation is supported by the hardware.
PF_SECOND_LEVEL_ADDRESS_TRANSLATION = 20,
/// The pf sse daz mode available
PF_SSE_DAZ_MODE_AVAILABLE = 11,
///
/// The SSE3 instruction set is available.
/// Windows Server 2003 and Windows XP/2000: This feature is not supported.
///
PF_SSE3_INSTRUCTIONS_AVAILABLE = 13,
/// Virtualization is enabled in the firmware.
PF_VIRT_FIRMWARE_ENABLED = 21,
/// The SSE instruction set is available.
PF_XMMI_INSTRUCTIONS_AVAILABLE = 6,
///
/// The SSE2 instruction set is available.
/// Windows 2000: This feature is not supported.
///
PF_XMMI64_INSTRUCTIONS_AVAILABLE = 10,
///
/// The processor implements the XSAVE and XRSTOR instructions.
///
/// Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP/2000: This feature is not supported until Windows 7
/// and Windows Server 2008 R2.
///
///
PF_XSAVE_ENABLED = 17,
}
/// Process protection level.
public enum PROTECTION_LEVEL : uint
{
/// For internal use only.
PROTECTION_LEVEL_WINTCB_LIGHT = 0x00000000,
/// For internal use only.
PROTECTION_LEVEL_WINDOWS = 0x00000001,
/// For internal use only.
PROTECTION_LEVEL_WINDOWS_LIGHT = 0x00000002,
/// For internal use only.
PROTECTION_LEVEL_ANTIMALWARE_LIGHT = 0x00000003,
/// For internal use only.
PROTECTION_LEVEL_LSA_LIGHT = 0x00000004,
/// Not implemented.
PROTECTION_LEVEL_WINTCB = 0x00000005,
/// Not implemented.
PROTECTION_LEVEL_CODEGEN_LIGHT = 0x00000006,
/// Not implemented.
PROTECTION_LEVEL_AUTHENTICODE = 0x00000007,
/// The process is a third party app that is using process protection.
PROTECTION_LEVEL_PPL_APP = 0x00000008,
/// The protection level same
PROTECTION_LEVEL_SAME = 0xFFFFFFFF,
/// The process is not protected.
PROTECTION_LEVEL_NONE = 0xFFFFFFFE,
}
/// Value retrieved by the function.
public enum SHUTDOWN
{
///
/// If this process takes longer than the specified timeout to shut down, do not display a retry dialog box for the user.
/// Instead, just cause the process to directly exit.
///
SHUTDOWN_NORETRY = 1
}
/// Flags used in the field.
[PInvokeData("WinBase.h")]
[Flags]
public enum STARTF
{
///
/// Indicates that the cursor is in feedback mode for two seconds after CreateProcess is called. The Working in Background cursor
/// is displayed (see the Pointers tab in the Mouse control panel utility). If during those two seconds the process makes the
/// first GUI call, the system gives five more seconds to the process. If during those five seconds the process shows a window,
/// the system gives five more seconds to the process to finish drawing the window.The system turns the feedback cursor off after
/// the first call to GetMessage, regardless of whether the process is drawing.
///
STARTF_FORCEONFEEDBACK = 0x00000040,
///
/// Indicates that the feedback cursor is forced off while the process is starting. The Normal Select cursor is displayed.
///
STARTF_FORCEOFFFEEDBACK = 0x00000080,
///
/// Indicates that any windows created by the process cannot be pinned on the taskbar.This flag must be combined with STARTF_TITLEISAPPID.
///
STARTF_PREVENTPINNING = 0x00002000,
///
/// Indicates that the process should be run in full-screen mode, rather than in windowed mode. This flag is only valid for
/// console applications running on an x86 computer.
///
STARTF_RUNFULLSCREEN = 0x00000020,
///
/// The lpTitle member contains an AppUserModelID. This identifier controls how the taskbar and Start menu present the
/// application, and enables it to be associated with the correct shortcuts and Jump Lists. Generally, applications will use the
/// SetCurrentProcessExplicitAppUserModelID and GetCurrentProcessExplicitAppUserModelID functions instead of setting this flag.
/// For more information, see Application User Model IDs.If STARTF_PREVENTPINNING is used, application windows cannot be pinned
/// on the taskbar. The use of any AppUserModelID-related window properties by the application overrides this setting for that
/// window only.This flag cannot be used with STARTF_TITLEISLINKNAME.
///
STARTF_TITLEISAPPID = 0x00001000,
///
/// The lpTitle member contains the path of the shortcut file (.lnk) that the user invoked to start this process. This is
/// typically set by the shell when a .lnk file pointing to the launched application is invoked. Most applications will not need
/// to set this value.This flag cannot be used with STARTF_TITLEISAPPID.
///
STARTF_TITLEISLINKNAME = 0x00000800,
/// The command line came from an untrusted source. For more information, see Remarks.
STARTF_UNTRUSTEDSOURCE = 0x00008000,
/// The dwXCountChars and dwYCountChars members contain additional information.
STARTF_USECOUNTCHARS = 0x00000008,
/// The dwFillAttribute member contains additional information.
STARTF_USEFILLATTRIBUTE = 0x00000010,
/// The hStdInput member contains additional information. This flag cannot be used with STARTF_USESTDHANDLES.
STARTF_USEHOTKEY = 0x00000200,
/// The dwX and dwY members contain additional information.
STARTF_USEPOSITION = 0x00000004,
/// The wShowWindow member contains additional information.
STARTF_USESHOWWINDOW = 0x00000001,
/// The dwXSize and dwYSize members contain additional information.
STARTF_USESIZE = 0x00000002,
///
/// The hStdInput, hStdOutput, and hStdError members contain additional information. If this flag is specified when calling one
/// of the process creation functions, the handles must be inheritable and the function's bInheritHandles parameter must be set
/// to TRUE. For more information, see Handle Inheritance.If this flag is specified when calling the GetStartupInfo function,
/// these members are either the handle value specified during process creation or INVALID_HANDLE_VALUE.Handles must be closed
/// with CloseHandle when they are no longer needed.This flag cannot be used with STARTF_USEHOTKEY.
///
STARTF_USESTDHANDLES = 0x00000100,
}
/// Used by the structure.
[Flags]
public enum SYSTEM_CPU_SET_FLAGS : byte
{
///
/// If set, the home processor of this CPU Set is parked. If the CPU Set is on a parked processor, threads assigned to that set
/// may be reassigned to other processors that are selected by the Process Default sets or the Thread Selected sets. If all such
/// processors are parked, the threads are reassigned to other available processors on the system.
///
SYSTEM_CPU_SET_INFORMATION_PARKED = 0x1,
///
/// If set, the specified CPU Set is not available for general system use, but instead is allocated for exclusive use of some
/// processes. If a non-NULL Process argument is specified in a call to GetSystemCpuSetInformation, it is possible to determine
/// if the processor is allocated for use with that process.
///
SYSTEM_CPU_SET_INFORMATION_ALLOCATED = 0x2,
///
/// This is set if the CPU Set is allocated for the exclusive use of some subset of the system processes and if it is allocated
/// for the use of the process passed into GetSystemCpuSetInformation.
///
SYSTEM_CPU_SET_INFORMATION_ALLOCATED_TO_TARGET_PROCESS = 0x4,
///
/// This is set of the CPU Set is on a processor that is suitable for low-latency realtime processing. The system takes steps to
/// ensure that RealTime CPU Sets are unlikely to be running non-preemptible code, by moving other work like Interrupts and other
/// application threads off of those processors.
///
SYSTEM_CPU_SET_INFORMATION_REALTIME = 0x8,
}
///
public enum THREAD_INFORMATION_CLASS
{
/// The thread memory priority
ThreadMemoryPriority,
/// The thread absolute cpu priority
ThreadAbsoluteCpuPriority,
/// The thread dynamic code policy
ThreadDynamicCodePolicy,
/// The thread power throttling
ThreadPowerThrottling,
/// The thread information class maximum
ThreadInformationClassMax
}
/// The thread's priority level.
public enum THREAD_PRIORITY
{
/// Priority 2 points below the priority class.
THREAD_PRIORITY_LOWEST = -2,
/// Priority 1 point below the priority class.
THREAD_PRIORITY_BELOW_NORMAL = (THREAD_PRIORITY_LOWEST + 1),
/// Normal priority for the priority class.
THREAD_PRIORITY_NORMAL = 0,
/// Priority 2 points above the priority class.
THREAD_PRIORITY_HIGHEST = 2,
/// Priority 1 point above the priority class.
THREAD_PRIORITY_ABOVE_NORMAL = (THREAD_PRIORITY_HIGHEST - 1),
/// The thread priority error return
THREAD_PRIORITY_ERROR_RETURN = 0x7fffffff,
///
/// Base-priority level of 15 for IDLE_PRIORITY_CLASS, BELOW_NORMAL_PRIORITY_CLASS, NORMAL_PRIORITY_CLASS,
/// ABOVE_NORMAL_PRIORITY_CLASS, or HIGH_PRIORITY_CLASS processes, and a base-priority level of 31 for REALTIME_PRIORITY_CLASS processes.
///
THREAD_PRIORITY_TIME_CRITICAL = 15,
///
/// Base priority of 1 for IDLE_PRIORITY_CLASS, BELOW_NORMAL_PRIORITY_CLASS, NORMAL_PRIORITY_CLASS, ABOVE_NORMAL_PRIORITY_CLASS,
/// or HIGH_PRIORITY_CLASS processes, and a base priority of 16 for REALTIME_PRIORITY_CLASS processes.
///
THREAD_PRIORITY_IDLE = -15,
/// The thread mode background begin
THREAD_MODE_BACKGROUND_BEGIN = 0x00010000,
/// The thread mode background end
THREAD_MODE_BACKGROUND_END = 0x00020000,
}
[Flags]
public enum ThreadAccess : uint
{
THREAD_TERMINATE = 0x0001,
THREAD_SUSPEND_RESUME = 0x0002,
THREAD_GET_CONTEXT = 0x0008,
THREAD_SET_CONTEXT = 0x0010,
THREAD_QUERY_INFORMATION = 0x0040,
THREAD_SET_INFORMATION = 0x0020,
THREAD_SET_THREAD_TOKEN = 0x0080,
THREAD_IMPERSONATE = 0x0100,
THREAD_DIRECT_IMPERSONATION = 0x0200,
THREAD_SET_LIMITED_INFORMATION = 0x0400,
THREAD_QUERY_LIMITED_INFORMATION = 0x0800,
THREAD_RESUME = 0x1000,
THREAD_ALL_ACCESS = ACCESS_MASK.STANDARD_RIGHTS_REQUIRED | ACCESS_MASK.SYNCHRONIZE | 0xFFFF
}
private enum PROC_THREAD_ATTRIBUTE_NUM : uint
{
ProcThreadAttributeParentProcess = 0,
ProcThreadAttributeHandleList = 2,
ProcThreadAttributeGroupAffinity = 3,
ProcThreadAttributePreferredNode = 4,
ProcThreadAttributeIdealProcessor = 5,
ProcThreadAttributeUmsThread = 6,
ProcThreadAttributeMitigationPolicy = 7,
ProcThreadAttributeSecurityCapabilities = 9,
ProcThreadAttributeProtectionLevel = 11,
ProcThreadAttributeJobList = 13,
ProcThreadAttributeChildProcessPolicy = 14,
ProcThreadAttributeAllApplicationPackagesPolicy = 15,
ProcThreadAttributeWin32kFilter = 16,
ProcThreadAttributeSafeOpenPromptOriginClaim = 17,
ProcThreadAttributeDesktopAppPolicy = 18,
}
///
/// Creates a new process and its primary thread. The new process runs in the security context of the calling process.
///
/// If the calling process is impersonating another user, the new process uses the token for the calling process, not the
/// impersonation token. To run the new process in the security context of the user represented by the impersonation token, use the
/// CreateProcessAsUser or CreateProcessWithLogonW function.
///
///
///
///
/// The name of the module to be executed. This module can be a Windows-based application. It can be some other type of module (for
/// example, MS-DOS or OS/2) if the appropriate subsystem is available on the local computer.
///
///
/// The string can specify the full path and file name of the module to execute or it can specify a partial name. In the case of a
/// partial name, the function uses the current drive and current directory to complete the specification. The function will not use
/// the search path. This parameter must include the file name extension; no default extension is assumed.
///
///
/// The lpApplicationName parameter can be NULL. In that case, the module name must be the first white space–delimited token
/// in the lpCommandLine string. If you are using a long file name that contains a space, use quoted strings to indicate where the
/// file name ends and the arguments begin; otherwise, the file name is ambiguous. For example, consider the string "c:\program
/// files\sub dir\program name". This string can be interpreted in a number of ways. The system tries to interpret the possibilities
/// in the following order:
///
///
/// If the executable module is a 16-bit application, lpApplicationName should be NULL, and the string pointed to by
/// lpCommandLine should specify the executable module as well as its arguments.
///
///
/// To run a batch file, you must start the command interpreter; set lpApplicationName to cmd.exe and set lpCommandLine to the
/// following arguments: /c plus the name of the batch file.
///
///
///
///
/// The command line to be executed. The maximum length of this string is 32,768 characters, including the Unicode terminating null
/// character. If lpApplicationName is NULL, the module name portion of lpCommandLine is limited to MAX_PATH characters.
///
///
/// The Unicode version of this function, CreateProcessW, can modify the contents of this string. Therefore, this parameter
/// cannot be a pointer to read-only memory (such as a const variable or a literal string). If this parameter is a constant
/// string, the function may cause an access violation.
///
///
/// The lpCommandLine parameter can be NULL. In that case, the function uses the string pointed to by lpApplicationName as the
/// command line.
///
///
/// If both lpApplicationName and lpCommandLine are non- NULL, the null-terminated string pointed to by lpApplicationName
/// specifies the module to execute, and the null-terminated string pointed to by lpCommandLine specifies the command line. The new
/// process can use GetCommandLine to retrieve the entire command line. Console processes written in C can use the argc and
/// argv arguments to parse the command line. Because argv[0] is the module name, C programmers generally repeat the module name as
/// the first token in the command line.
///
///
/// If lpApplicationName is NULL, the first white space–delimited token of the command line specifies the module name. If you are
/// using a long file name that contains a space, use quoted strings to indicate where the file name ends and the arguments begin
/// (see the explanation for the lpApplicationName parameter). If the file name does not contain an extension, .exe is appended.
/// Therefore, if the file name extension is .com, this parameter must include the .com extension. If the file name ends in a period
/// (.) with no extension, or if the file name contains a path, .exe is not appended. If the file name does not contain a directory
/// path, the system searches for the executable file in the following sequence:
///
///
/// The system adds a terminating null character to the command-line string to separate the file name from the arguments. This
/// divides the original string into two strings for internal processing.
///
///
///
///
/// A pointer to a SECURITY_ATTRIBUTES structure that determines whether the returned handle to the new process object can be
/// inherited by child processes. If lpProcessAttributes is NULL, the handle cannot be inherited.
///
///
/// The lpSecurityDescriptor member of the structure specifies a security descriptor for the new process. If
/// lpProcessAttributes is NULL or lpSecurityDescriptor is NULL, the process gets a default security descriptor. The
/// ACLs in the default security descriptor for a process come from the primary token of the creator.
///
///
/// Windows XP: The ACLs in the default security descriptor for a process come from the primary or impersonation token of the
/// creator. This behavior changed with Windows XP with SP2 and Windows Server 2003.
///
///
///
///
/// A pointer to a SECURITY_ATTRIBUTES structure that determines whether the returned handle to the new thread object can be
/// inherited by child processes. If lpThreadAttributes is NULL, the handle cannot be inherited.
///
///
/// The lpSecurityDescriptor member of the structure specifies a security descriptor for the main thread. If
/// lpThreadAttributes is NULL or lpSecurityDescriptor is NULL, the thread gets a default security descriptor. The ACLs in the
/// default security descriptor for a thread come from the process token.
///
///
/// Windows XP: The ACLs in the default security descriptor for a thread come from the primary or impersonation token of the
/// creator. This behavior changed with Windows XP with SP2 and Windows Server 2003.
///
///
///
///
/// If this parameter is TRUE, each inheritable handle in the calling process is inherited by the new process. If the parameter is
/// FALSE, the handles are not inherited. Note that inherited handles have the same value and access rights as the original handles.
///
///
/// Terminal Services: You cannot inherit handles across sessions. Additionally, if this parameter is TRUE, you must create
/// the process in the same session as the caller.
///
///
/// Protected Process Light (PPL) processes: The generic handle inheritance is blocked when a PPL process creates a non-PPL
/// process since PROCESS_DUP_HANDLE is not allowed from a non-PPL process to a PPL process. See Process Security and Access Rights
///
///
///
///
/// The flags that control the priority class and the creation of the process. For a list of values, see Process Creation Flags.
///
///
/// This parameter also controls the new process's priority class, which is used to determine the scheduling priorities of the
/// process's threads. For a list of values, see GetPriorityClass. If none of the priority class flags is specified, the
/// priority class defaults to NORMAL_PRIORITY_CLASS unless the priority class of the creating process is
/// IDLE_PRIORITY_CLASS or BELOW_NORMAL_PRIORITY_CLASS. In this case, the child process receives the default priority
/// class of the calling process.
///
///
///
///
/// An array of the environment items for the new process. If this parameter is NULL, the new process uses the environment of
/// the calling process.
///
/// An environment item is in the following form:
/// name=value\0
/// Because the equal sign is used as a separator, it must not be used in the name of an environment variable.
///
/// An environment block can contain either Unicode or ANSI characters. If the environment block pointed to by lpEnvironment contains
/// Unicode characters, be sure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT. If this parameter is NULL and
/// the environment block of the parent process contains Unicode characters, you must also ensure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT.
///
///
/// The ANSI version of this function, CreateProcessA fails if the total size of the environment block for the process exceeds
/// 32,767 characters.
///
///
///
/// The full path to the current directory for the process. The string can also specify a UNC path.
///
/// If this parameter is NULL, the new process will have the same current drive and directory as the calling process. (This
/// feature is provided primarily for shells that need to start an application and specify its initial drive and working directory.)
///
///
///
/// A pointer to a STARTUPINFO or STARTUPINFOEX structure.
///
/// To set extended attributes, use a STARTUPINFOEX structure and specify EXTENDED_STARTUPINFO_PRESENT in the dwCreationFlags parameter.
///
/// Handles in STARTUPINFO or STARTUPINFOEX must be closed with CloseHandle when they are no longer needed.
///
///
/// A pointer to a PROCESS_INFORMATION structure that receives identification information about the new process.
/// Handles in PROCESS_INFORMATION must be closed with CloseHandle when they are no longer needed.
///
///
/// If the function succeeds, the return value is nonzero.
/// If the function fails, the return value is zero. To get extended error information, call GetLastError.
///
/// Note that the function returns before the process has finished initialization. If a required DLL cannot be located or fails to
/// initialize, the process is terminated. To get the termination status of a process, call GetExitCodeProcess.
///
///
// BOOL WINAPI CreateProcess( _In_opt_ LPCTSTR lpApplicationName, _Inout_opt_ LPTSTR lpCommandLine, _In_opt_ LPSECURITY_ATTRIBUTES
// lpProcessAttributes, _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, _In_ BOOL bInheritHandles, _In_ DWORD dwCreationFlags,
// _In_opt_ LPVOID lpEnvironment, _In_opt_ LPCTSTR lpCurrentDirectory, _In_ LPSTARTUPINFO lpStartupInfo, _Out_ LPPROCESS_INFORMATION
// lpProcessInformation); https://msdn.microsoft.com/en-us/library/windows/desktop/ms682425(v=vs.85).aspx
[PInvokeData("WinBase.h", MSDNShortId = "ms682425")]
public static bool CreateProcess([Optional] string lpApplicationName, [Optional] StringBuilder lpCommandLine, [In, Optional] SECURITY_ATTRIBUTES lpProcessAttributes,
[In, Optional] SECURITY_ATTRIBUTES lpThreadAttributes, [Optional] bool bInheritHandles, [Optional] CREATE_PROCESS dwCreationFlags, [In, Optional] string[] lpEnvironment,
[Optional] string lpCurrentDirectory, in STARTUPINFO lpStartupInfo, out SafePROCESS_INFORMATION lpProcessInformation)
{
using (var mEnv = lpEnvironment is null ? SafeHGlobalHandle.Null : SafeHGlobalHandle.CreateFromStringList(lpEnvironment))
{
var ret = CreateProcess(lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes, bInheritHandles, dwCreationFlags, (IntPtr)mEnv,
lpCurrentDirectory, lpStartupInfo, out var pi);
lpProcessInformation = ret ? new SafePROCESS_INFORMATION(pi) : null;
return ret;
}
}
///
/// Creates a new process and its primary thread. The new process runs in the security context of the calling process.
///
/// If the calling process is impersonating another user, the new process uses the token for the calling process, not the
/// impersonation token. To run the new process in the security context of the user represented by the impersonation token, use the
/// CreateProcessAsUser or CreateProcessWithLogonW function.
///
///
///
///
/// The command line to be executed. The maximum length of this string is 32,768 characters, including the Unicode terminating null
/// character. The module name portion of lpCommandLine is limited to MAX_PATH characters.
///
///
/// The first white space–delimited token of the command line specifies the module name. If you are
/// using a long file name that contains a space, use quoted strings to indicate where the file name ends and the arguments begin
/// (see the explanation for the lpApplicationName parameter). If the file name does not contain an extension, .exe is appended.
/// Therefore, if the file name extension is .com, this parameter must include the .com extension. If the file name ends in a period
/// (.) with no extension, or if the file name contains a path, .exe is not appended. If the file name does not contain a directory
/// path, the system searches for the executable file in the following sequence:
///
///
/// A handle to the created process.
[PInvokeData("WinBase.h", MSDNShortId = "ms682425")]
public static SafeHPROCESS CreateProcess(string lpCommandLine)
{
if (CreateProcess(null, new StringBuilder(lpCommandLine ?? throw new ArgumentNullException(nameof(lpCommandLine))), null, null, false, 0, IntPtr.Zero, null, STARTUPINFO.Default, out var pi))
{
CloseHandle((IntPtr)pi.hThread);
return new SafeHPROCESS(pi.hProcess);
}
return SafeHPROCESS.Null;
}
///
/// Creates a new process and its primary thread. The new process runs in the security context of the calling process.
///
/// If the calling process is impersonating another user, the new process uses the token for the calling process, not the
/// impersonation token. To run the new process in the security context of the user represented by the impersonation token, use the
/// CreateProcessAsUser or CreateProcessWithLogonW function.
///
///
///
///
/// The name of the module to be executed. This module can be a Windows-based application. It can be some other type of module (for
/// example, MS-DOS or OS/2) if the appropriate subsystem is available on the local computer.
///
///
/// The string can specify the full path and file name of the module to execute or it can specify a partial name. In the case of a
/// partial name, the function uses the current drive and current directory to complete the specification. The function will not use
/// the search path. This parameter must include the file name extension; no default extension is assumed.
///
///
/// The lpApplicationName parameter can be NULL. In that case, the module name must be the first white space–delimited token
/// in the lpCommandLine string. If you are using a long file name that contains a space, use quoted strings to indicate where the
/// file name ends and the arguments begin; otherwise, the file name is ambiguous. For example, consider the string "c:\program
/// files\sub dir\program name". This string can be interpreted in a number of ways. The system tries to interpret the possibilities
/// in the following order:
///
///
/// If the executable module is a 16-bit application, lpApplicationName should be NULL, and the string pointed to by
/// lpCommandLine should specify the executable module as well as its arguments.
///
///
/// To run a batch file, you must start the command interpreter; set lpApplicationName to cmd.exe and set lpCommandLine to the
/// following arguments: /c plus the name of the batch file.
///
///
///
///
/// The command line to be executed. The maximum length of this string is 32,768 characters, including the Unicode terminating null
/// character. If lpApplicationName is NULL, the module name portion of lpCommandLine is limited to MAX_PATH characters.
///
///
/// The Unicode version of this function, CreateProcessW, can modify the contents of this string. Therefore, this parameter
/// cannot be a pointer to read-only memory (such as a const variable or a literal string). If this parameter is a constant
/// string, the function may cause an access violation.
///
///
/// The lpCommandLine parameter can be NULL. In that case, the function uses the string pointed to by lpApplicationName as the
/// command line.
///
///
/// If both lpApplicationName and lpCommandLine are non- NULL, the null-terminated string pointed to by lpApplicationName
/// specifies the module to execute, and the null-terminated string pointed to by lpCommandLine specifies the command line. The new
/// process can use GetCommandLine to retrieve the entire command line. Console processes written in C can use the argc and
/// argv arguments to parse the command line. Because argv[0] is the module name, C programmers generally repeat the module name as
/// the first token in the command line.
///
///
/// If lpApplicationName is NULL, the first white space–delimited token of the command line specifies the module name. If you are
/// using a long file name that contains a space, use quoted strings to indicate where the file name ends and the arguments begin
/// (see the explanation for the lpApplicationName parameter). If the file name does not contain an extension, .exe is appended.
/// Therefore, if the file name extension is .com, this parameter must include the .com extension. If the file name ends in a period
/// (.) with no extension, or if the file name contains a path, .exe is not appended. If the file name does not contain a directory
/// path, the system searches for the executable file in the following sequence:
///
///
/// The system adds a terminating null character to the command-line string to separate the file name from the arguments. This
/// divides the original string into two strings for internal processing.
///
///
///
///
/// A pointer to a SECURITY_ATTRIBUTES structure that determines whether the returned handle to the new process object can be
/// inherited by child processes. If lpProcessAttributes is NULL, the handle cannot be inherited.
///
///
/// The lpSecurityDescriptor member of the structure specifies a security descriptor for the new process. If
/// lpProcessAttributes is NULL or lpSecurityDescriptor is NULL, the process gets a default security descriptor. The
/// ACLs in the default security descriptor for a process come from the primary token of the creator.
///
///
/// Windows XP: The ACLs in the default security descriptor for a process come from the primary or impersonation token of the
/// creator. This behavior changed with Windows XP with SP2 and Windows Server 2003.
///
///
///
///
/// A pointer to a SECURITY_ATTRIBUTES structure that determines whether the returned handle to the new thread object can be
/// inherited by child processes. If lpThreadAttributes is NULL, the handle cannot be inherited.
///
///
/// The lpSecurityDescriptor member of the structure specifies a security descriptor for the main thread. If
/// lpThreadAttributes is NULL or lpSecurityDescriptor is NULL, the thread gets a default security descriptor. The ACLs in the
/// default security descriptor for a thread come from the process token.
///
///
/// Windows XP: The ACLs in the default security descriptor for a thread come from the primary or impersonation token of the
/// creator. This behavior changed with Windows XP with SP2 and Windows Server 2003.
///
///
///
///
/// If this parameter is TRUE, each inheritable handle in the calling process is inherited by the new process. If the parameter is
/// FALSE, the handles are not inherited. Note that inherited handles have the same value and access rights as the original handles.
///
///
/// Terminal Services: You cannot inherit handles across sessions. Additionally, if this parameter is TRUE, you must create
/// the process in the same session as the caller.
///
///
/// Protected Process Light (PPL) processes: The generic handle inheritance is blocked when a PPL process creates a non-PPL
/// process since PROCESS_DUP_HANDLE is not allowed from a non-PPL process to a PPL process. See Process Security and Access Rights
///
///
///
///
/// The flags that control the priority class and the creation of the process. For a list of values, see Process Creation Flags.
///
///
/// This parameter also controls the new process's priority class, which is used to determine the scheduling priorities of the
/// process's threads. For a list of values, see GetPriorityClass. If none of the priority class flags is specified, the
/// priority class defaults to NORMAL_PRIORITY_CLASS unless the priority class of the creating process is
/// IDLE_PRIORITY_CLASS or BELOW_NORMAL_PRIORITY_CLASS. In this case, the child process receives the default priority
/// class of the calling process.
///
///
///
///
/// An array of the environment items for the new process. If this parameter is NULL, the new process uses the environment of
/// the calling process.
///
/// An environment item is in the following form:
/// name=value\0
/// Because the equal sign is used as a separator, it must not be used in the name of an environment variable.
///
/// An environment block can contain either Unicode or ANSI characters. If the environment block pointed to by lpEnvironment contains
/// Unicode characters, be sure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT. If this parameter is NULL and
/// the environment block of the parent process contains Unicode characters, you must also ensure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT.
///
///
/// The ANSI version of this function, CreateProcessA fails if the total size of the environment block for the process exceeds
/// 32,767 characters.
///
///
///
/// The full path to the current directory for the process. The string can also specify a UNC path.
///
/// If this parameter is NULL, the new process will have the same current drive and directory as the calling process. (This
/// feature is provided primarily for shells that need to start an application and specify its initial drive and working directory.)
///
///
///
/// A pointer to a STARTUPINFO or STARTUPINFOEX structure.
///
/// To set extended attributes, use a STARTUPINFOEX structure and specify EXTENDED_STARTUPINFO_PRESENT in the dwCreationFlags parameter.
///
/// Handles in STARTUPINFO or STARTUPINFOEX must be closed with CloseHandle when they are no longer needed.
///
///
/// A pointer to a PROCESS_INFORMATION structure that receives identification information about the new process.
/// Handles in PROCESS_INFORMATION must be closed with CloseHandle when they are no longer needed.
///
///
/// If the function succeeds, the return value is nonzero.
/// If the function fails, the return value is zero. To get extended error information, call GetLastError.
///
/// Note that the function returns before the process has finished initialization. If a required DLL cannot be located or fails to
/// initialize, the process is terminated. To get the termination status of a process, call GetExitCodeProcess.
///
///
// BOOL WINAPI CreateProcess( _In_opt_ LPCTSTR lpApplicationName, _Inout_opt_ LPTSTR lpCommandLine, _In_opt_ LPSECURITY_ATTRIBUTES
// lpProcessAttributes, _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, _In_ BOOL bInheritHandles, _In_ DWORD dwCreationFlags,
// _In_opt_ LPVOID lpEnvironment, _In_opt_ LPCTSTR lpCurrentDirectory, _In_ LPSTARTUPINFO lpStartupInfo, _Out_ LPPROCESS_INFORMATION
// lpProcessInformation); https://msdn.microsoft.com/en-us/library/windows/desktop/ms682425(v=vs.85).aspx
[PInvokeData("WinBase.h", MSDNShortId = "ms682425")]
public static bool CreateProcess([Optional] string lpApplicationName, [Optional] StringBuilder lpCommandLine, [In, Optional] SECURITY_ATTRIBUTES lpProcessAttributes,
[In, Optional] SECURITY_ATTRIBUTES lpThreadAttributes, bool bInheritHandles, [Optional] CREATE_PROCESS dwCreationFlags, [In, Optional] string[] lpEnvironment,
[Optional] string lpCurrentDirectory, in STARTUPINFOEX lpStartupInfo, out SafePROCESS_INFORMATION lpProcessInformation)
{
using (var mEnv = lpEnvironment is null ? SafeHGlobalHandle.Null : SafeHGlobalHandle.CreateFromStringList(lpEnvironment))
{
var ret = CreateProcess(lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes, bInheritHandles, dwCreationFlags, (IntPtr)mEnv,
lpCurrentDirectory, lpStartupInfo, out var pi);
lpProcessInformation = ret ? new SafePROCESS_INFORMATION(pi) : null;
return ret;
}
}
///
///
/// Creates a new process and its primary thread. The new process runs in the security context of the user represented by the
/// specified token.
///
///
/// Typically, the process that calls the CreateProcessAsUser function must have the SE_INCREASE_QUOTA_NAME privilege
/// and may require the SE_ASSIGNPRIMARYTOKEN_NAME privilege if the token is not assignable. If this function fails with
/// ERROR_PRIVILEGE_NOT_HELD (1314), use the CreateProcessWithLogonW function instead. CreateProcessWithLogonW
/// requires no special privileges, but the specified user account must be allowed to log on interactively. Generally, it is best to
/// use CreateProcessWithLogonW to create a process with alternate credentials.
///
///
///
///
/// A handle to the primary token that represents a user. The handle must have the TOKEN_QUERY, TOKEN_DUPLICATE, and
/// TOKEN_ASSIGN_PRIMARY access rights. For more information, see Access Rights for Access-Token Objects. The user
/// represented by the token must have read and execute access to the application specified by the lpApplicationName or the
/// lpCommandLine parameter.
///
///
/// To get a primary token that represents the specified user, call the LogonUser function. Alternatively, you can call the
/// DuplicateTokenEx function to convert an impersonation token into a primary token. This allows a server application that is
/// impersonating a client to create a process that has the security context of the client.
///
///
/// If hToken is a restricted version of the caller's primary token, the SE_ASSIGNPRIMARYTOKEN_NAME privilege is not required.
/// If the necessary privileges are not already enabled, CreateProcessAsUser enables them for the duration of the call. For
/// more information, see Running with Special Privileges.
///
///
/// Terminal Services: The process is run in the session specified in the token. By default, this is the same session that
/// called LogonUser. To change the session, use the SetTokenInformation function.
///
///
///
///
/// The name of the module to be executed. This module can be a Windows-based application. It can be some other type of module (for
/// example, MS-DOS or OS/2) if the appropriate subsystem is available on the local computer.
///
///
/// The string can specify the full path and file name of the module to execute or it can specify a partial name. In the case of a
/// partial name, the function uses the current drive and current directory to complete the specification. The function will not use
/// the search path. This parameter must include the file name extension; no default extension is assumed.
///
///
/// The lpApplicationName parameter can be NULL. In that case, the module name must be the first white space–delimited token
/// in the lpCommandLine string. If you are using a long file name that contains a space, use quoted strings to indicate where the
/// file name ends and the arguments begin; otherwise, the file name is ambiguous. For example, consider the string "c:\program
/// files\sub dir\program name". This string can be interpreted in a number of ways. The system tries to interpret the possibilities
/// in the following order:
///
///
/// If the executable module is a 16-bit application, lpApplicationName should be NULL, and the string pointed to by
/// lpCommandLine should specify the executable module as well as its arguments. By default, all 16-bit Windows-based applications
/// created by CreateProcessAsUser are run in a separate VDM (equivalent to CREATE_SEPARATE_WOW_VDM in CreateProcess).
///
///
///
///
/// The command line to be executed. The maximum length of this string is 32K characters. If lpApplicationName is NULL, the
/// module name portion of lpCommandLine is limited to MAX_PATH characters.
///
///
/// The Unicode version of this function, CreateProcessAsUserW, can modify the contents of this string. Therefore, this
/// parameter cannot be a pointer to read-only memory (such as a const variable or a literal string). If this parameter is a
/// constant string, the function may cause an access violation.
///
///
/// The lpCommandLine parameter can be NULL. In that case, the function uses the string pointed to by lpApplicationName as the
/// command line.
///
///
/// If both lpApplicationName and lpCommandLine are non- NULL, *lpApplicationName specifies the module to execute, and
/// *lpCommandLine specifies the command line. The new process can use GetCommandLine to retrieve the entire command line.
/// Console processes written in C can use the argc and argv arguments to parse the command line. Because argv[0] is the module name,
/// C programmers generally repeat the module name as the first token in the command line.
///
///
/// If lpApplicationName is NULL, the first white space–delimited token of the command line specifies the module name. If you
/// are using a long file name that contains a space, use quoted strings to indicate where the file name ends and the arguments begin
/// (see the explanation for the lpApplicationName parameter). If the file name does not contain an extension, .exe is appended.
/// Therefore, if the file name extension is .com, this parameter must include the .com extension. If the file name ends in a period
/// (.) with no extension, or if the file name contains a path, .exe is not appended. If the file name does not contain a directory
/// path, the system searches for the executable file in the following sequence:
///
///
/// The system adds a null character to the command line string to separate the file name from the arguments. This divides the
/// original string into two strings for internal processing.
///
///
///
/// A pointer to a SECURITY_ATTRIBUTES structure that specifies a security descriptor for the new process object and
/// determines whether child processes can inherit the returned handle to the process. If lpProcessAttributes is NULL or
/// lpSecurityDescriptor is NULL, the process gets a default security descriptor and the handle cannot be inherited.
/// The default security descriptor is that of the user referenced in the hToken parameter. This security descriptor may not allow
/// access for the caller, in which case the process may not be opened again after it is run. The process handle is valid and will
/// continue to have full access rights.
///
///
/// A pointer to a SECURITY_ATTRIBUTES structure that specifies a security descriptor for the new thread object and determines
/// whether child processes can inherit the returned handle to the thread. If lpThreadAttributes is NULL or
/// lpSecurityDescriptor is NULL, the thread gets a default security descriptor and the handle cannot be inherited. The
/// default security descriptor is that of the user referenced in the hToken parameter. This security descriptor may not allow access
/// for the caller.
///
///
///
/// If this parameter is TRUE, each inheritable handle in the calling process is inherited by the new process. If the
/// parameter is FALSE, the handles are not inherited. Note that inherited handles have the same value and access rights as
/// the original handles.
///
///
/// Terminal Services: You cannot inherit handles across sessions. Additionally, if this parameter is TRUE, you must
/// create the process in the same session as the caller.
///
///
/// Protected Process Light (PPL) processes: The generic handle inheritance is blocked when a PPL process creates a non-PPL
/// process since PROCESS_DUP_HANDLE is not allowed from a non-PPL process to a PPL process. See Process Security and Access Rights
///
///
///
///
/// The flags that control the priority class and the creation of the process. For a list of values, see Process Creation Flags.
///
///
/// This parameter also controls the new process's priority class, which is used to determine the scheduling priorities of the
/// process's threads. For a list of values, see GetPriorityClass. If none of the priority class flags is specified, the
/// priority class defaults to NORMAL_PRIORITY_CLASS unless the priority class of the creating process is
/// IDLE_PRIORITY_CLASS or BELOW_NORMAL_PRIORITY_CLASS. In this case, the child process receives the default priority
/// class of the calling process.
///
///
///
///
/// A pointer to an environment block for the new process. If this parameter is NULL, the new process uses the environment of
/// the calling process.
///
/// An environment block consists of a null-terminated block of null-terminated strings. Each string is in the following form:
/// name=value\0
/// Because the equal sign is used as a separator, it must not be used in the name of an environment variable.
///
/// An environment block can contain either Unicode or ANSI characters. If the environment block pointed to by lpEnvironment contains
/// Unicode characters, be sure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT. If this parameter is NULL and
/// the environment block of the parent process contains Unicode characters, you must also ensure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT.
///
///
/// The ANSI version of this function, CreateProcessAsUserA fails if the total size of the environment block for the process
/// exceeds 32,767 characters.
///
///
/// Note that an ANSI environment block is terminated by two zero bytes: one for the last string, one more to terminate the block. A
/// Unicode environment block is terminated by four zero bytes: two for the last string, two more to terminate the block.
///
///
/// Windows Server 2003 and Windows XP: If the size of the combined user and system environment variable exceeds 8192 bytes,
/// the process created by CreateProcessAsUser no longer runs with the environment block passed to the function by the parent
/// process. Instead, the child process runs with the environment block returned by the CreateEnvironmentBlock function.
///
/// To retrieve a copy of the environment block for a given user, use the CreateEnvironmentBlock function.
///
///
/// The full path to the current directory for the process. The string can also specify a UNC path.
///
/// If this parameter is NULL, the new process will have the same current drive and directory as the calling process. (This feature
/// is provided primarily for shells that need to start an application and specify its initial drive and working directory.)
///
///
///
/// A pointer to a STARTUPINFO or STARTUPINFOEX structure.
///
/// The user must have full access to both the specified window station and desktop. If you want the process to be interactive,
/// specify winsta0\default. If the lpDesktop member is NULL, the new process inherits the desktop and window station of its
/// parent process. If this member is an empty string, "", the new process connects to a window station using the rules described in
/// Process Connection to a Window Station.
///
///
/// To set extended attributes, use a STARTUPINFOEX structure and specify EXTENDED_STARTUPINFO_PRESENT in the
/// dwCreationFlags parameter.
///
/// Handles in STARTUPINFO or STARTUPINFOEX must be closed with CloseHandle when they are no longer needed.
///
///
/// A pointer to a PROCESS_INFORMATION structure that receives identification information about the new process.
/// Handles in PROCESS_INFORMATION must be closed with CloseHandle when they are no longer needed.
///
///
/// If the function succeeds, the return value is nonzero.
/// If the function fails, the return value is zero. To get extended error information, call GetLastError.
///
/// Note that the function returns before the process has finished initialization. If a required DLL cannot be located or fails to
/// initialize, the process is terminated. To get the termination status of a process, call GetExitCodeProcess.
///
///
// BOOL WINAPI CreateProcessAsUser( _In_opt_ HANDLE hToken, _In_opt_ LPCTSTR lpApplicationName, _Inout_opt_ LPTSTR lpCommandLine,
// _In_opt_ LPSECURITY_ATTRIBUTES lpProcessAttributes, _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, _In_ BOOL bInheritHandles,
// _In_ DWORD dwCreationFlags, _In_opt_ LPVOID lpEnvironment, _In_opt_ LPCTSTR lpCurrentDirectory, _In_ LPSTARTUPINFO lpStartupInfo,
// _Out_ LPPROCESS_INFORMATION lpProcessInformation); https://msdn.microsoft.com/en-us/library/windows/desktop/ms682429(v=vs.85).aspx
[PInvokeData("WinBase.h", MSDNShortId = "ms682429")]
public static bool CreateProcessAsUser(HTOKEN hToken, string lpApplicationName, StringBuilder lpCommandLine,
SECURITY_ATTRIBUTES lpProcessAttributes, SECURITY_ATTRIBUTES lpThreadAttributes, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandles,
CREATE_PROCESS dwCreationFlags, IntPtr lpEnvironment, string lpCurrentDirectory, in STARTUPINFO lpStartupInfo, out SafePROCESS_INFORMATION lpProcessInformation)
{
var ret = CreateProcessAsUser(hToken, lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes, bInheritHandles,
dwCreationFlags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, out PROCESS_INFORMATION pi);
lpProcessInformation = ret ? new SafePROCESS_INFORMATION(pi) : null;
return ret;
}
///
///
/// Creates a new process and its primary thread. The new process runs in the security context of the user represented by the
/// specified token.
///
///
/// Typically, the process that calls the CreateProcessAsUser function must have the SE_INCREASE_QUOTA_NAME privilege
/// and may require the SE_ASSIGNPRIMARYTOKEN_NAME privilege if the token is not assignable. If this function fails with
/// ERROR_PRIVILEGE_NOT_HELD (1314), use the CreateProcessWithLogonW function instead. CreateProcessWithLogonW
/// requires no special privileges, but the specified user account must be allowed to log on interactively. Generally, it is best to
/// use CreateProcessWithLogonW to create a process with alternate credentials.
///
///
///
///
/// A handle to the primary token that represents a user. The handle must have the TOKEN_QUERY, TOKEN_DUPLICATE, and
/// TOKEN_ASSIGN_PRIMARY access rights. For more information, see Access Rights for Access-Token Objects. The user
/// represented by the token must have read and execute access to the application specified by the lpApplicationName or the
/// lpCommandLine parameter.
///
///
/// To get a primary token that represents the specified user, call the LogonUser function. Alternatively, you can call the
/// DuplicateTokenEx function to convert an impersonation token into a primary token. This allows a server application that is
/// impersonating a client to create a process that has the security context of the client.
///
///
/// If hToken is a restricted version of the caller's primary token, the SE_ASSIGNPRIMARYTOKEN_NAME privilege is not required.
/// If the necessary privileges are not already enabled, CreateProcessAsUser enables them for the duration of the call. For
/// more information, see Running with Special Privileges.
///
///
/// Terminal Services: The process is run in the session specified in the token. By default, this is the same session that
/// called LogonUser. To change the session, use the SetTokenInformation function.
///
///
///
///
/// The name of the module to be executed. This module can be a Windows-based application. It can be some other type of module (for
/// example, MS-DOS or OS/2) if the appropriate subsystem is available on the local computer.
///
///
/// The string can specify the full path and file name of the module to execute or it can specify a partial name. In the case of a
/// partial name, the function uses the current drive and current directory to complete the specification. The function will not use
/// the search path. This parameter must include the file name extension; no default extension is assumed.
///
///
/// The lpApplicationName parameter can be NULL. In that case, the module name must be the first white space–delimited token
/// in the lpCommandLine string. If you are using a long file name that contains a space, use quoted strings to indicate where the
/// file name ends and the arguments begin; otherwise, the file name is ambiguous. For example, consider the string "c:\program
/// files\sub dir\program name". This string can be interpreted in a number of ways. The system tries to interpret the possibilities
/// in the following order:
///
///
/// If the executable module is a 16-bit application, lpApplicationName should be NULL, and the string pointed to by
/// lpCommandLine should specify the executable module as well as its arguments. By default, all 16-bit Windows-based applications
/// created by CreateProcessAsUser are run in a separate VDM (equivalent to CREATE_SEPARATE_WOW_VDM in CreateProcess).
///
///
///
///
/// The command line to be executed. The maximum length of this string is 32K characters. If lpApplicationName is NULL, the
/// module name portion of lpCommandLine is limited to MAX_PATH characters.
///
///
/// The Unicode version of this function, CreateProcessAsUserW, can modify the contents of this string. Therefore, this
/// parameter cannot be a pointer to read-only memory (such as a const variable or a literal string). If this parameter is a
/// constant string, the function may cause an access violation.
///
///
/// The lpCommandLine parameter can be NULL. In that case, the function uses the string pointed to by lpApplicationName as the
/// command line.
///
///
/// If both lpApplicationName and lpCommandLine are non- NULL, *lpApplicationName specifies the module to execute, and
/// *lpCommandLine specifies the command line. The new process can use GetCommandLine to retrieve the entire command line.
/// Console processes written in C can use the argc and argv arguments to parse the command line. Because argv[0] is the module name,
/// C programmers generally repeat the module name as the first token in the command line.
///
///
/// If lpApplicationName is NULL, the first white space–delimited token of the command line specifies the module name. If you
/// are using a long file name that contains a space, use quoted strings to indicate where the file name ends and the arguments begin
/// (see the explanation for the lpApplicationName parameter). If the file name does not contain an extension, .exe is appended.
/// Therefore, if the file name extension is .com, this parameter must include the .com extension. If the file name ends in a period
/// (.) with no extension, or if the file name contains a path, .exe is not appended. If the file name does not contain a directory
/// path, the system searches for the executable file in the following sequence:
///
///
/// The system adds a null character to the command line string to separate the file name from the arguments. This divides the
/// original string into two strings for internal processing.
///
///
///
/// A pointer to a SECURITY_ATTRIBUTES structure that specifies a security descriptor for the new process object and
/// determines whether child processes can inherit the returned handle to the process. If lpProcessAttributes is NULL or
/// lpSecurityDescriptor is NULL, the process gets a default security descriptor and the handle cannot be inherited.
/// The default security descriptor is that of the user referenced in the hToken parameter. This security descriptor may not allow
/// access for the caller, in which case the process may not be opened again after it is run. The process handle is valid and will
/// continue to have full access rights.
///
///
/// A pointer to a SECURITY_ATTRIBUTES structure that specifies a security descriptor for the new thread object and determines
/// whether child processes can inherit the returned handle to the thread. If lpThreadAttributes is NULL or
/// lpSecurityDescriptor is NULL, the thread gets a default security descriptor and the handle cannot be inherited. The
/// default security descriptor is that of the user referenced in the hToken parameter. This security descriptor may not allow access
/// for the caller.
///
///
///
/// If this parameter is TRUE, each inheritable handle in the calling process is inherited by the new process. If the
/// parameter is FALSE, the handles are not inherited. Note that inherited handles have the same value and access rights as
/// the original handles.
///
///
/// Terminal Services: You cannot inherit handles across sessions. Additionally, if this parameter is TRUE, you must
/// create the process in the same session as the caller.
///
///
/// Protected Process Light (PPL) processes: The generic handle inheritance is blocked when a PPL process creates a non-PPL
/// process since PROCESS_DUP_HANDLE is not allowed from a non-PPL process to a PPL process. See Process Security and Access Rights
///
///
///
///
/// The flags that control the priority class and the creation of the process. For a list of values, see Process Creation Flags.
///
///
/// This parameter also controls the new process's priority class, which is used to determine the scheduling priorities of the
/// process's threads. For a list of values, see GetPriorityClass. If none of the priority class flags is specified, the
/// priority class defaults to NORMAL_PRIORITY_CLASS unless the priority class of the creating process is
/// IDLE_PRIORITY_CLASS or BELOW_NORMAL_PRIORITY_CLASS. In this case, the child process receives the default priority
/// class of the calling process.
///
///
///
///
/// A pointer to an environment block for the new process. If this parameter is NULL, the new process uses the environment of
/// the calling process.
///
/// An environment block consists of a null-terminated block of null-terminated strings. Each string is in the following form:
/// name=value\0
/// Because the equal sign is used as a separator, it must not be used in the name of an environment variable.
///
/// An environment block can contain either Unicode or ANSI characters. If the environment block pointed to by lpEnvironment contains
/// Unicode characters, be sure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT. If this parameter is NULL and
/// the environment block of the parent process contains Unicode characters, you must also ensure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT.
///
///
/// The ANSI version of this function, CreateProcessAsUserA fails if the total size of the environment block for the process
/// exceeds 32,767 characters.
///
///
/// Note that an ANSI environment block is terminated by two zero bytes: one for the last string, one more to terminate the block. A
/// Unicode environment block is terminated by four zero bytes: two for the last string, two more to terminate the block.
///
///
/// Windows Server 2003 and Windows XP: If the size of the combined user and system environment variable exceeds 8192 bytes,
/// the process created by CreateProcessAsUser no longer runs with the environment block passed to the function by the parent
/// process. Instead, the child process runs with the environment block returned by the CreateEnvironmentBlock function.
///
/// To retrieve a copy of the environment block for a given user, use the CreateEnvironmentBlock function.
///
///
/// The full path to the current directory for the process. The string can also specify a UNC path.
///
/// If this parameter is NULL, the new process will have the same current drive and directory as the calling process. (This feature
/// is provided primarily for shells that need to start an application and specify its initial drive and working directory.)
///
///
///
/// A pointer to a STARTUPINFO or STARTUPINFOEX structure.
///
/// The user must have full access to both the specified window station and desktop. If you want the process to be interactive,
/// specify winsta0\default. If the lpDesktop member is NULL, the new process inherits the desktop and window station of its
/// parent process. If this member is an empty string, "", the new process connects to a window station using the rules described in
/// Process Connection to a Window Station.
///
///
/// To set extended attributes, use a STARTUPINFOEX structure and specify EXTENDED_STARTUPINFO_PRESENT in the
/// dwCreationFlags parameter.
///
/// Handles in STARTUPINFO or STARTUPINFOEX must be closed with CloseHandle when they are no longer needed.
///
///
/// A pointer to a PROCESS_INFORMATION structure that receives identification information about the new process.
/// Handles in PROCESS_INFORMATION must be closed with CloseHandle when they are no longer needed.
///
///
/// If the function succeeds, the return value is nonzero.
/// If the function fails, the return value is zero. To get extended error information, call GetLastError.
///
/// Note that the function returns before the process has finished initialization. If a required DLL cannot be located or fails to
/// initialize, the process is terminated. To get the termination status of a process, call GetExitCodeProcess.
///
///
// BOOL WINAPI CreateProcessAsUser( _In_opt_ HANDLE hToken, _In_opt_ LPCTSTR lpApplicationName, _Inout_opt_ LPTSTR lpCommandLine,
// _In_opt_ LPSECURITY_ATTRIBUTES lpProcessAttributes, _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, _In_ BOOL bInheritHandles,
// _In_ DWORD dwCreationFlags, _In_opt_ LPVOID lpEnvironment, _In_opt_ LPCTSTR lpCurrentDirectory, _In_ LPSTARTUPINFO lpStartupInfo,
// _Out_ LPPROCESS_INFORMATION lpProcessInformation); https://msdn.microsoft.com/en-us/library/windows/desktop/ms682429(v=vs.85).aspx
[PInvokeData("WinBase.h", MSDNShortId = "ms682429")]
public static bool CreateProcessAsUser(HTOKEN hToken, string lpApplicationName, StringBuilder lpCommandLine,
SECURITY_ATTRIBUTES lpProcessAttributes, SECURITY_ATTRIBUTES lpThreadAttributes, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandles,
CREATE_PROCESS dwCreationFlags, IntPtr lpEnvironment, string lpCurrentDirectory, in STARTUPINFOEX lpStartupInfo, out SafePROCESS_INFORMATION lpProcessInformation)
{
var ret = CreateProcessAsUser(hToken, lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes, bInheritHandles,
dwCreationFlags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, out PROCESS_INFORMATION pi);
lpProcessInformation = ret ? new SafePROCESS_INFORMATION(pi) : null;
return ret;
}
///
/// Creates a thread that runs in the virtual address space of another process.
///
/// Use the CreateRemoteThreadEx function to create a thread that runs in the virtual address space of another process and
/// optionally specify extended attributes.
///
///
///
/// A handle to the process in which the thread is to be created. The handle must have the PROCESS_CREATE_THREAD,
/// PROCESS_QUERY_INFORMATION, PROCESS_VM_OPERATION, PROCESS_VM_WRITE, and PROCESS_VM_READ access rights,
/// and may fail without these rights on certain platforms. For more information, see Process Security and Access Rights.
///
///
///
/// A pointer to a SECURITY_ATTRIBUTES structure that specifies a security descriptor for the new thread and determines
/// whether child processes can inherit the returned handle. If lpThreadAttributes is NULL, the thread gets a default security
/// descriptor and the handle cannot be inherited. The access control lists (ACL) in the default security descriptor for a thread
/// come from the primary token of the creator.
///
///
/// Windows XP: The ACLs in the default security descriptor for a thread come from the primary or impersonation token of the
/// creator. This behavior changed with Windows XP with SP2 and Windows Server 2003.
///
///
///
/// The initial size of the stack, in bytes. The system rounds this value to the nearest page. If this parameter is 0 (zero), the new
/// thread uses the default size for the executable. For more information, see Thread Stack Size.
///
///
/// A pointer to the application-defined function of type LPTHREAD_START_ROUTINE to be executed by the thread and represents
/// the starting address of the thread in the remote process. The function must exist in the remote process. For more information,
/// see ThreadProc.
///
/// A pointer to a variable to be passed to the thread function.
///
/// The flags that control the creation of the thread.
///
///
///
/// Value
/// Meaning
///
/// -
/// 0
/// The thread runs immediately after creation.
///
/// -
/// CREATE_SUSPENDED0x00000004
/// The thread is created in a suspended state, and does not run until the ResumeThread function is called.
///
/// -
/// STACK_SIZE_PARAM_IS_A_RESERVATION0x00010000
///
/// The dwStackSize parameter specifies the initial reserve size of the stack. If this flag is not specified, dwStackSize specifies
/// the commit size.
///
///
///
///
///
///
/// A pointer to a variable that receives the thread identifier.
/// If this parameter is NULL, the thread identifier is not returned.
///
///
/// If the function succeeds, the return value is a handle to the new thread.
/// If the function fails, the return value is NULL. To get extended error information, call GetLastError.
///
/// Note that CreateRemoteThread may succeed even if lpStartAddress points to data, code, or is not accessible. If the start
/// address is invalid when the thread runs, an exception occurs, and the thread terminates. Thread termination due to a invalid
/// start address is handled as an error exit for the thread's process. This behavior is similar to the asynchronous nature of
/// CreateProcess, where the process is created even if it refers to invalid or missing dynamic-link libraries (DLL).
///
///
// HANDLE WINAPI CreateRemoteThread( _In_ HANDLE hProcess, _In_ LPSECURITY_ATTRIBUTES lpThreadAttributes, _In_ SIZE_T dwStackSize,
// _In_ LPTHREAD_START_ROUTINE lpStartAddress, _In_ LPVOID lpParameter, _In_ DWORD dwCreationFlags, _Out_ LPDWORD lpThreadId); https://msdn.microsoft.com/en-us/library/windows/desktop/ms682437(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms682437")]
public static extern SafeHTHREAD CreateRemoteThread([In] HPROCESS hProcess, [In] SECURITY_ATTRIBUTES lpThreadAttributes, SizeT dwStackSize,
PTHREAD_START_ROUTINE lpStartAddress, [In] IntPtr lpParameter, CREATE_THREAD_FLAGS dwCreationFlags, out uint lpThreadId);
///
/// Creates a thread that runs in the virtual address space of another process.
///
/// Use the CreateRemoteThreadEx function to create a thread that runs in the virtual address space of another process and
/// optionally specify extended attributes.
///
///
///
/// A handle to the process in which the thread is to be created. The handle must have the PROCESS_CREATE_THREAD,
/// PROCESS_QUERY_INFORMATION, PROCESS_VM_OPERATION, PROCESS_VM_WRITE, and PROCESS_VM_READ access rights,
/// and may fail without these rights on certain platforms. For more information, see Process Security and Access Rights.
///
///
///
/// A pointer to a SECURITY_ATTRIBUTES structure that specifies a security descriptor for the new thread and determines
/// whether child processes can inherit the returned handle. If lpThreadAttributes is NULL, the thread gets a default security
/// descriptor and the handle cannot be inherited. The access control lists (ACL) in the default security descriptor for a thread
/// come from the primary token of the creator.
///
///
/// Windows XP: The ACLs in the default security descriptor for a thread come from the primary or impersonation token of the
/// creator. This behavior changed with Windows XP with SP2 and Windows Server 2003.
///
///
///
/// The initial size of the stack, in bytes. The system rounds this value to the nearest page. If this parameter is 0 (zero), the new
/// thread uses the default size for the executable. For more information, see Thread Stack Size.
///
///
/// A pointer to the application-defined function of type LPTHREAD_START_ROUTINE to be executed by the thread and represents
/// the starting address of the thread in the remote process. The function must exist in the remote process. For more information,
/// see ThreadProc.
///
/// A pointer to a variable to be passed to the thread function.
///
/// The flags that control the creation of the thread.
///
///
///
/// Value
/// Meaning
///
/// -
/// 0
/// The thread runs immediately after creation.
///
/// -
/// CREATE_SUSPENDED0x00000004
/// The thread is created in a suspended state, and does not run until the ResumeThread function is called.
///
/// -
/// STACK_SIZE_PARAM_IS_A_RESERVATION0x00010000
///
/// The dwStackSize parameter specifies the initial reserve size of the stack. If this flag is not specified, dwStackSize specifies
/// the commit size.
///
///
///
///
///
///
/// A pointer to a variable that receives the thread identifier.
/// If this parameter is NULL, the thread identifier is not returned.
///
///
/// If the function succeeds, the return value is a handle to the new thread.
/// If the function fails, the return value is NULL. To get extended error information, call GetLastError.
///
/// Note that CreateRemoteThread may succeed even if lpStartAddress points to data, code, or is not accessible. If the start
/// address is invalid when the thread runs, an exception occurs, and the thread terminates. Thread termination due to a invalid
/// start address is handled as an error exit for the thread's process. This behavior is similar to the asynchronous nature of
/// CreateProcess, where the process is created even if it refers to invalid or missing dynamic-link libraries (DLL).
///
///
// HANDLE WINAPI CreateRemoteThread( _In_ HANDLE hProcess, _In_ LPSECURITY_ATTRIBUTES lpThreadAttributes, _In_ SIZE_T dwStackSize,
// _In_ LPTHREAD_START_ROUTINE lpStartAddress, _In_ LPVOID lpParameter, _In_ DWORD dwCreationFlags, _Out_ LPDWORD lpThreadId); https://msdn.microsoft.com/en-us/library/windows/desktop/ms682437(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms682437")]
public static extern SafeHTHREAD CreateRemoteThread([In] HPROCESS hProcess, [In] SECURITY_ATTRIBUTES lpThreadAttributes, SizeT dwStackSize,
IntPtr lpStartAddress, [In] IntPtr lpParameter, CREATE_THREAD_FLAGS dwCreationFlags, out uint lpThreadId);
///
/// Creates a thread that runs in the virtual address space of another process and optionally specifies extended attributes such as
/// processor group affinity.
///
///
/// A handle to the process in which the thread is to be created. The handle must have the PROCESS_CREATE_THREAD,
/// PROCESS_QUERY_INFORMATION, PROCESS_VM_OPERATION, PROCESS_VM_WRITE, and PROCESS_VM_READ access rights. In Windows 10, version
/// 1607, your code must obtain these access rights for the new handle. However, starting in Windows 10, version 1703, if the new
/// handle is entitled to these access rights, the system obtains them for you. For more information, see Process Security and Access Rights.
///
///
/// A pointer to a SECURITY_ATTRIBUTES structure that specifies a security descriptor for the new thread and determines
/// whether child processes can inherit the returned handle. If lpThreadAttributes is NULL, the thread gets a default security
/// descriptor and the handle cannot be inherited. The access control lists (ACL) in the default security descriptor for a thread
/// come from the primary token of the creator.
///
///
/// The initial size of the stack, in bytes. The system rounds this value to the nearest page. If this parameter is 0 (zero), the new
/// thread uses the default size for the executable. For more information, see Thread Stack Size.
///
///
/// A pointer to the application-defined function of type LPTHREAD_START_ROUTINE to be executed by the thread and represents
/// the starting address of the thread in the remote process. The function must exist in the remote process. For more information,
/// see ThreadProc.
///
///
/// A pointer to a variable to be passed to the thread function pointed to by lpStartAddress. This parameter can be NULL.
///
///
/// The flags that control the creation of the thread.
///
///
///
/// Value
/// Meaning
///
/// -
/// 0
/// The thread runs immediately after creation.
///
/// -
/// CREATE_SUSPENDED0x00000004
/// The thread is created in a suspended state and does not run until the ResumeThread function is called.
///
/// -
/// STACK_SIZE_PARAM_IS_A_RESERVATION0x00010000
///
/// The dwStackSize parameter specifies the initial reserve size of the stack. If this flag is not specified, dwStackSize specifies
/// the commit size.
///
///
///
///
///
///
/// An attribute list that contains additional parameters for the new thread. This list is created by the
/// InitializeProcThreadAttributeList function.
///
///
/// A pointer to a variable that receives the thread identifier.
/// If this parameter is NULL, the thread identifier is not returned.
///
///
/// If the function succeeds, the return value is a handle to the new thread.
/// If the function fails, the return value is NULL. To get extended error information, call GetLastError.
///
// HANDLE CreateRemoteThreadEx( _In_ HANDLE hProcess, _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, _In_ SIZE_T dwStackSize,
// _In_ LPTHREAD_START_ROUTINE lpStartAddress, _In_opt_ LPVOID lpParameter, _In_ DWORD dwCreationFlags, _In_opt_
// LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList, _Out_opt_ LPDWORD lpThreadId); https://msdn.microsoft.com/en-us/library/windows/desktop/dd405484(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "dd405484")]
public static extern SafeHTHREAD CreateRemoteThreadEx([In] HPROCESS hProcess, [In] SECURITY_ATTRIBUTES lpThreadAttributes, SizeT dwStackSize,
PTHREAD_START_ROUTINE lpStartAddress, [In] IntPtr lpParameter, CREATE_THREAD_FLAGS dwCreationFlags, IntPtr lpAttributeList,
out uint lpThreadId);
///
/// Creates a thread that runs in the virtual address space of another process and optionally specifies extended attributes such as
/// processor group affinity.
///
///
/// A handle to the process in which the thread is to be created. The handle must have the PROCESS_CREATE_THREAD,
/// PROCESS_QUERY_INFORMATION, PROCESS_VM_OPERATION, PROCESS_VM_WRITE, and PROCESS_VM_READ access rights. In Windows 10, version
/// 1607, your code must obtain these access rights for the new handle. However, starting in Windows 10, version 1703, if the new
/// handle is entitled to these access rights, the system obtains them for you. For more information, see Process Security and Access Rights.
///
///
/// A pointer to a SECURITY_ATTRIBUTES structure that specifies a security descriptor for the new thread and determines
/// whether child processes can inherit the returned handle. If lpThreadAttributes is NULL, the thread gets a default security
/// descriptor and the handle cannot be inherited. The access control lists (ACL) in the default security descriptor for a thread
/// come from the primary token of the creator.
///
///
/// The initial size of the stack, in bytes. The system rounds this value to the nearest page. If this parameter is 0 (zero), the new
/// thread uses the default size for the executable. For more information, see Thread Stack Size.
///
///
/// A pointer to the application-defined function of type LPTHREAD_START_ROUTINE to be executed by the thread and represents
/// the starting address of the thread in the remote process. The function must exist in the remote process. For more information,
/// see ThreadProc.
///
///
/// A pointer to a variable to be passed to the thread function pointed to by lpStartAddress. This parameter can be NULL.
///
///
/// The flags that control the creation of the thread.
///
///
///
/// Value
/// Meaning
///
/// -
/// 0
/// The thread runs immediately after creation.
///
/// -
/// CREATE_SUSPENDED0x00000004
/// The thread is created in a suspended state and does not run until the ResumeThread function is called.
///
/// -
/// STACK_SIZE_PARAM_IS_A_RESERVATION0x00010000
///
/// The dwStackSize parameter specifies the initial reserve size of the stack. If this flag is not specified, dwStackSize specifies
/// the commit size.
///
///
///
///
///
///
/// An attribute list that contains additional parameters for the new thread. This list is created by the
/// InitializeProcThreadAttributeList function.
///
///
/// A pointer to a variable that receives the thread identifier.
/// If this parameter is NULL, the thread identifier is not returned.
///
///
/// If the function succeeds, the return value is a handle to the new thread.
/// If the function fails, the return value is NULL. To get extended error information, call GetLastError.
///
// HANDLE CreateRemoteThreadEx( _In_ HANDLE hProcess, _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, _In_ SIZE_T dwStackSize,
// _In_ LPTHREAD_START_ROUTINE lpStartAddress, _In_opt_ LPVOID lpParameter, _In_ DWORD dwCreationFlags, _In_opt_
// LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList, _Out_opt_ LPDWORD lpThreadId); https://msdn.microsoft.com/en-us/library/windows/desktop/dd405484(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "dd405484")]
public static extern SafeHTHREAD CreateRemoteThreadEx([In] HPROCESS hProcess, [In] SECURITY_ATTRIBUTES lpThreadAttributes, SizeT dwStackSize,
IntPtr lpStartAddress, [In] IntPtr lpParameter, CREATE_THREAD_FLAGS dwCreationFlags, IntPtr lpAttributeList,
out uint lpThreadId);
///
/// Creates a thread to execute within the virtual address space of the calling process.
/// To create a thread that runs in the virtual address space of another process, use the CreateRemoteThread function.
///
///
///
/// A pointer to a SECURITY_ATTRIBUTES structure that determines whether the returned handle can be inherited by child
/// processes. If lpThreadAttributes is NULL, the handle cannot be inherited.
///
///
/// The lpSecurityDescriptor member of the structure specifies a security descriptor for the new thread. If lpThreadAttributes
/// is NULL, the thread gets a default security descriptor. The ACLs in the default security descriptor for a thread come from the
/// primary token of the creator.
///
///
///
/// The initial size of the stack, in bytes. The system rounds this value to the nearest page. If this parameter is zero, the new
/// thread uses the default size for the executable. For more information, see Thread Stack Size.
///
///
/// A pointer to the application-defined function to be executed by the thread. This pointer represents the starting address of the
/// thread. For more information on the thread function, see ThreadProc.
///
/// A pointer to a variable to be passed to the thread.
///
/// The flags that control the creation of the thread.
///
///
///
/// Value
/// Meaning
///
/// -
/// 0
/// The thread runs immediately after creation.
///
/// -
/// CREATE_SUSPENDED0x00000004
/// The thread is created in a suspended state, and does not run until the ResumeThread function is called.
///
/// -
/// STACK_SIZE_PARAM_IS_A_RESERVATION0x00010000
///
/// The dwStackSize parameter specifies the initial reserve size of the stack. If this flag is not specified, dwStackSize specifies
/// the commit size.
///
///
///
///
///
///
/// A pointer to a variable that receives the thread identifier. If this parameter is NULL, the thread identifier is not returned.
///
///
/// If the function succeeds, the return value is a handle to the new thread.
/// If the function fails, the return value is NULL. To get extended error information, call GetLastError.
///
/// Note that CreateThread may succeed even if lpStartAddress points to data, code, or is not accessible. If the start address
/// is invalid when the thread runs, an exception occurs, and the thread terminates. Thread termination due to a invalid start
/// address is handled as an error exit for the thread's process. This behavior is similar to the asynchronous nature of
/// CreateProcess, where the process is created even if it refers to invalid or missing dynamic-link libraries (DLLs).
///
///
// HANDLE WINAPI CreateThread( _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, _In_ SIZE_T dwStackSize, _In_
// LPTHREAD_START_ROUTINE lpStartAddress, _In_opt_ LPVOID lpParameter, _In_ DWORD dwCreationFlags, _Out_opt_ LPDWORD lpThreadId); https://msdn.microsoft.com/en-us/library/windows/desktop/ms682453(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms682453")]
public static extern SafeHTHREAD CreateThread([In] SECURITY_ATTRIBUTES lpThreadAttributes, SizeT dwStackSize, PTHREAD_START_ROUTINE lpStartAddress,
[In] IntPtr lpParameter, CREATE_THREAD_FLAGS dwCreationFlags, out uint lpThreadId);
/// Deletes the specified list of attributes for process and thread creation.
/// The attribute list. This list is created by the InitializeProcThreadAttributeList function.
/// This function does not return a value.
// VOID WINAPI DeleteProcThreadAttributeList( _Inout_ LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList); https://msdn.microsoft.com/en-us/library/windows/desktop/ms682559(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms682559")]
public static extern void DeleteProcThreadAttributeList(IntPtr lpAttributeList);
/// Ends the calling process and all its threads.
/// The exit code for the process and all threads.
/// This function does not return a value.
// VOID WINAPI ExitProcess( _In_ UINT uExitCode); https://msdn.microsoft.com/en-us/library/windows/desktop/ms682658(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms682658")]
public static extern void ExitProcess(uint uExitCode);
/// Ends the calling thread.
/// The exit code for the thread.
/// This function does not return a value.
// VOID WINAPI ExitThread( _In_ DWORD dwExitCode); https://msdn.microsoft.com/en-us/library/windows/desktop/ms682659(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms682659")]
public static extern void ExitThread(uint dwExitCode);
/// Flushes the instruction cache for the specified process.
/// A handle to a process whose instruction cache is to be flushed.
/// A pointer to the base of the region to be flushed. This parameter can be NULL.
/// The size of the region to be flushed if the lpBaseAddress parameter is not NULL, in bytes.
///
/// If the function succeeds, the return value is nonzero.
/// If the function fails, the return value is zero. To get extended error information, call GetLastError.
///
// BOOL WINAPI FlushInstructionCache( _In_ HANDLE hProcess, _In_ LPCVOID lpBaseAddress, _In_ SIZE_T dwSize); https://msdn.microsoft.com/en-us/library/windows/desktop/ms679350(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms679350")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool FlushInstructionCache([In] HPROCESS hProcess, [In] IntPtr lpBaseAddress, SizeT dwSize);
/// Flushes the write queue of each processor that is running a thread of the current process.
/// This function does not return a value.
// VOID WINAPI FlushProcessWriteBuffers(void); https://msdn.microsoft.com/en-us/library/windows/desktop/ms683148(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms683148")]
public static extern void FlushProcessWriteBuffers();
/// Retrieves the process identifier of the calling process.
/// The return value is the process identifier of the calling process.
// DWORD WINAPI GetCurrentProcessId(void); https://msdn.microsoft.com/en-us/library/windows/desktop/ms683180(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms683180")]
public static extern uint GetCurrentProcessId();
///
/// Retrieves the number of the processor the current thread was running on during the call to this function.
///
///
/// The function returns the current processor number.
///
///
/// This function is used to provide information for estimating process performance.
///
/// On systems with more than 64 logical processors, the GetCurrentProcessorNumber function returns the processor number
/// within the processor group to which the logical processor is assigned. Use the GetCurrentProcessorNumberEx function to retrieve
/// the processor group and number of the current processor.
///
///
// https://docs.microsoft.com/en-us/windows/desktop/api/processthreadsapi/nf-processthreadsapi-getcurrentprocessornumber DWORD
// GetCurrentProcessorNumber( );
[DllImport(Lib.Kernel32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("processthreadsapi.h", MSDNShortId = "1f2bebc7-a548-409a-ab74-78a4b55c8fa7")]
public static extern uint GetCurrentProcessorNumber();
/// Retrieves the processor group and number of the logical processor in which the calling thread is running.
///
/// A pointer to a PROCESSOR_NUMBER structure that receives the processor group to which the logical processor is assigned and
/// the number of the logical processor within its group.
///
///
/// If the function succeeds, the ProcNumber parameter contains the group and processor number of the processor on which the calling
/// thread is running.
///
// VOID GetCurrentProcessorNumberEx( _Out_ PPROCESSOR_NUMBER ProcNumber); https://msdn.microsoft.com/en-us/library/windows/desktop/dd405487(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "dd405487")]
public static extern void GetCurrentProcessorNumberEx(out PROCESSOR_NUMBER ProcNumber);
/// Retrieves a pseudo-handle that you can use as a shorthand way to refer to the access token associated with a process.
/// A pseudo-handle that you can use as a shorthand way to refer to the access token associated with a process.
[PInvokeData("Processthreadsapi.h", MSDNShortId = "mt643211")]
public static HTOKEN GetCurrentProcessToken() => new IntPtr(-4);
/// Retrieves a pseudo handle for the calling thread.
/// The return value is a pseudo handle for the current thread.
///
/// A pseudo handle is a special constant that is interpreted as the current thread handle. The calling thread can use this handle to
/// specify itself whenever a thread handle is required. Pseudo handles are not inherited by child processes.
///
/// This handle has the THREAD_ALL_ACCESS access right to the thread object. For more information, see Thread Security and Access Rights.
///
///
/// Windows Server 2003 and Windows XP: This handle has the maximum access allowed by the security descriptor of the thread to the
/// primary token of the process.
///
///
/// The function cannot be used by one thread to create a handle that can be used by other threads to refer to the first thread. The
/// handle is always interpreted as referring to the thread that is using it. A thread can create a "real" handle to itself that can
/// be used by other threads, or inherited by other processes, by specifying the pseudo handle as the source handle in a call to the
/// DuplicateHandle function.
///
///
/// The pseudo handle need not be closed when it is no longer needed. Calling the CloseHandle function with this handle has no
/// effect. If the pseudo handle is duplicated by DuplicateHandle, the duplicate handle must be closed.
///
///
/// Do not create a thread while impersonating a security context. The call will succeed, however the newly created thread will have
/// reduced access rights to itself when calling GetCurrentThread. The access rights granted this thread will be derived from the
/// access rights the impersonated user has to the process. Some access rights including THREAD_SET_THREAD_TOKEN and
/// THREAD_GET_CONTEXT may not be present, leading to unexpected failures.
///
///
[DllImport(Lib.Kernel32, ExactSpelling = true, SetLastError = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms683182")]
public static extern HTHREAD GetCurrentThread();
///
/// Retrieves a pseudo-handle that you can use as a shorthand way to refer to the token that is currently in effect for the thread,
/// which is the thread token if one exists and the process token otherwise.
///
/// A pseudo-handle that you can use as a shorthand way to refer to the token that is currently in effect for the thread.
// FORCEINLINE HANDLE GetCurrentThreadEffectiveToken(void); https://msdn.microsoft.com/en-us/library/windows/desktop/mt643212(v=vs.85).aspx
[PInvokeData("Processthreadsapi.h", MSDNShortId = "mt643212")]
public static HTOKEN GetCurrentThreadEffectiveToken() => new IntPtr(-6);
/// Retrieves the thread identifier of the calling thread.
/// The return value is the thread identifier of the calling thread.
// DWORD WINAPI GetCurrentThreadId(void); https://msdn.microsoft.com/en-us/library/windows/desktop/ms683183(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms683183")]
public static extern uint GetCurrentThreadId();
/// Retrieves the boundaries of the stack that was allocated by the system for the current thread.
/// A pointer variable that receives the lower boundary of the current thread stack.
/// A pointer variable that receives the upper boundary of the current thread stack.
/// This function does not return a value.
// VOID WINAPI GetCurrentThreadStackLimits( _Out_ PULONG_PTR LowLimit, _Out_ PULONG_PTR HighLimit); https://msdn.microsoft.com/en-us/library/windows/desktop/hh706789(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("Processthreadsapi.h", MSDNShortId = "hh706789")]
public static extern void GetCurrentThreadStackLimits(out UIntPtr LowLimit, out UIntPtr HighLimit);
///
/// Retrieves a pseudo-handle that you can use as a shorthand way to refer to the impersonation token that was assigned to the
/// current thread.
///
///
/// A pseudo-handle that you can use as a shorthand way to refer to the impersonation token that was assigned to the current thread.
///
// FORCEINLINE HANDLE GetCurrentThreadEffectiveToken(void); https://msdn.microsoft.com/en-us/library/windows/desktop/mt643213(v=vs.85).aspx
[PInvokeData("Processthreadsapi.h", MSDNShortId = "mt643213")]
public static HTOKEN GetCurrentThreadToken() => new IntPtr(-5);
/// Retrieves the termination status of the specified process.
///
/// A handle to the process.
///
/// The handle must have the PROCESS_QUERY_INFORMATION or PROCESS_QUERY_LIMITED_INFORMATION access right. For more
/// information, see Process Security and Access Rights.
///
/// Windows Server 2003 and Windows XP: The handle must have the PROCESS_QUERY_INFORMATION access right.
///
/// A pointer to a variable to receive the process termination status. For more information, see Remarks.
///
/// If the function succeeds, the return value is nonzero.
/// If the function fails, the return value is zero. To get extended error information, call GetLastError.
///
// BOOL WINAPI GetExitCodeProcess( _In_ HANDLE hProcess, _Out_ LPDWORD lpExitCode); https://msdn.microsoft.com/en-us/library/windows/desktop/ms683189(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms683189")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool GetExitCodeProcess([In] HPROCESS hProcess, out uint lpExitCode);
/// Retrieves the termination status of the specified thread.
///
/// A handle to the thread.
///
/// The handle must have the THREAD_QUERY_INFORMATION or THREAD_QUERY_LIMITED_INFORMATION access right. For more
/// information, see Thread Security and Access Rights.
///
/// Windows Server 2003 and Windows XP: The handle must have the THREAD_QUERY_INFORMATION access right.
///
/// A pointer to a variable to receive the thread termination status. For more information, see Remarks.
///
/// If the function succeeds, the return value is nonzero.
/// If the function fails, the return value is zero. To get extended error information, call GetLastError.
///
// BOOL WINAPI GetExitCodeThread( _In_ HANDLE hThread, _Out_ LPDWORD lpExitCode); https://msdn.microsoft.com/en-us/library/windows/desktop/ms683190(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms683190")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool GetExitCodeThread([In] HTHREAD hThread, out uint lpExitCode);
///
/// Retrieves the priority class for the specified process. This value, together with the priority value of each thread of the
/// process, determines each thread's base priority level.
///
///
/// A handle to the process.
///
/// The handle must have the PROCESS_QUERY_INFORMATION or PROCESS_QUERY_LIMITED_INFORMATION access right. For more
/// information, see Process Security and Access Rights.
///
/// Windows Server 2003 and Windows XP: The handle must have the PROCESS_QUERY_INFORMATION access right.
///
///
/// If the function succeeds, the return value is the priority class of the specified process.
/// If the function fails, the return value is zero. To get extended error information, call GetLastError.
/// The process's priority class is one of the following values.
///
///
///
/// Return code/value
/// Description
///
/// -
/// ABOVE_NORMAL_PRIORITY_CLASS0x00008000
/// Process that has priority above NORMAL_PRIORITY_CLASS but below HIGH_PRIORITY_CLASS.
///
/// -
/// BELOW_NORMAL_PRIORITY_CLASS0x00004000
/// Process that has priority above IDLE_PRIORITY_CLASS but below NORMAL_PRIORITY_CLASS.
///
/// -
/// HIGH_PRIORITY_CLASS0x00000080
///
/// Process that performs time-critical tasks that must be executed immediately for it to run correctly. The threads of a
/// high-priority class process preempt the threads of normal or idle priority class processes. An example is the Task List, which
/// must respond quickly when called by the user, regardless of the load on the operating system. Use extreme care when using the
/// high-priority class, because a high-priority class CPU-bound application can use nearly all available cycles.
///
///
/// -
/// IDLE_PRIORITY_CLASS0x00000040
///
/// Process whose threads run only when the system is idle and are preempted by the threads of any process running in a higher
/// priority class. An example is a screen saver. The idle priority class is inherited by child processes.
///
///
/// -
/// NORMAL_PRIORITY_CLASS0x00000020
/// Process with no special scheduling needs.
///
/// -
/// REALTIME_PRIORITY_CLASS0x00000100
///
/// Process that has the highest possible priority. The threads of a real-time priority class process preempt the threads of all
/// other processes, including operating system processes performing important tasks. For example, a real-time process that executes
/// for more than a very brief interval can cause disk caches not to flush or cause the mouse to be unresponsive.
///
///
///
///
///
// DWORD WINAPI GetPriorityClass( _In_ HANDLE hProcess); https://msdn.microsoft.com/en-us/library/windows/desktop/ms683211(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms683211")]
public static extern CREATE_PROCESS GetPriorityClass([In] HPROCESS hProcess);
///
/// Retrieves the list of CPU Sets in the process default set that was set by SetProcessDefaultCpuSets. If no default CPU Sets
/// are set for a given process, then the RequiredIdCount is set to 0 and the function succeeds.
///
///
/// Specifies a process handle for the process to query. This handle must have the PROCESS_QUERY_LIMITED_INFORMATION access right.
/// The value returned by GetCurrentProcess can also be specified here.
///
/// Specifies an optional buffer to retrieve the list of CPU Set identifiers.
///
/// Specifies the capacity of the buffer specified in CpuSetIds. If the buffer is NULL, this must be 0.
///
///
/// Specifies the required capacity of the buffer to hold the entire list of process default CPU Sets. On successful return, this
/// specifies the number of IDs filled into the buffer.
///
///
/// This API returns TRUE on success. If the buffer is not large enough the API returns FALSE, and the GetLastError value is
/// ERROR_INSUFFICIENT_BUFFER. This API cannot fail when passed valid parameters and the return buffer is large enough.
///
// BOOL WINAPI GetProcessDefaultCpuSets( _In_ HANDLE Process, _Out_opt_ PULONG CpuSetIds, _In_ ULONG CpuSetIdCount, _Out_ PULONG
// RequiredIdCount); https://msdn.microsoft.com/en-us/library/windows/desktop/mt186424(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("Processthreadapi.h", MSDNShortId = "mt186424")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool GetProcessDefaultCpuSets(HPROCESS Process, IntPtr CpuSetIds, uint CpuSetIdCount, out uint RequiredIdCount);
///
/// Retrieves the list of CPU Sets in the process default set that was set by SetProcessDefaultCpuSets. If no default CPU Sets
/// are set for a given process, then an empty array is returned.
///
///
/// Specifies a process handle for the process to query. This handle must have the PROCESS_QUERY_LIMITED_INFORMATION access right.
/// The value returned by GetCurrentProcess can also be specified here.
///
/// The list of CPU Set identifiers.
public static uint[] GetProcessDefaultCpuSets(HPROCESS Process)
{
var res = GetProcessDefaultCpuSets(Process, IntPtr.Zero, 0, out var cnt);
if (!res)
{
var err = Win32Error.GetLastError();
if (err != Win32Error.ERROR_INSUFFICIENT_BUFFER) err.ThrowIfFailed();
}
if (cnt == 0) return new uint[0];
var iptr = new SafeCoTaskMemHandle((int)cnt * Marshal.SizeOf(typeof(uint)));
if (!GetProcessDefaultCpuSets(Process, (IntPtr)iptr, cnt, out cnt)) Win32Error.ThrowLastError();
return iptr.ToArray((int)cnt);
}
/// Retrieves the number of open handles that belong to the specified process.
///
///
/// A handle to the process whose handle count is being requested. The handle must have the PROCESS_QUERY_INFORMATION or
/// PROCESS_QUERY_LIMITED_INFORMATION access right. For more information, see Process Security and Access Rights.
///
/// Windows Server 2003 and Windows XP: The handle must have the PROCESS_QUERY_INFORMATION access right.
///
///
/// A pointer to a variable that receives the number of open handles that belong to the specified process.
///
///
/// If the function succeeds, the return value is nonzero.
/// If the function fails, the return value is zero. To get extended error information, call GetLastError.
///
// BOOL WINAPI GetProcessHandleCount( _In_ HANDLE hProcess, _Inout_ PDWORD pdwHandleCount); https://msdn.microsoft.com/en-us/library/windows/desktop/ms683214(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms683214")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool GetProcessHandleCount([In] HPROCESS hProcess, out uint pdwHandleCount);
/// Retrieves the process identifier of the specified process.
///
///
/// A handle to the process. The handle must have the PROCESS_QUERY_INFORMATION or PROCESS_QUERY_LIMITED_INFORMATION access right.
/// For more information, see Process Security and Access Rights.
///
/// Windows Server 2003 and Windows XP: The handle must have the PROCESS_QUERY_INFORMATION access right.
///
///
// DWORD WINAPI GetProcessId( _In_ HANDLE Process); https://msdn.microsoft.com/en-us/library/windows/desktop/ms683215(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms683215")]
public static extern uint GetProcessId([In] HPROCESS Process);
/// Retrieves the process identifier of the process associated with the specified thread.
///
///
/// A handle to the thread. The handle must have the THREAD_QUERY_INFORMATION or THREAD_QUERY_LIMITED_INFORMATION access right. For
/// more information, see Thread Security and Access Rights.
///
/// Windows Server 2003: The handle must have the THREAD_QUERY_INFORMATION access right.
///
///
/// If the function succeeds, the return value is the process identifier of the process associated with the specified thread.
/// If the function fails, the return value is zero. To get extended error information, call GetLastError.
///
// DWORD WINAPI GetProcessIdOfThread( _In_ HANDLE Thread); https://msdn.microsoft.com/en-us/library/windows/desktop/ms683216(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms683216")]
public static extern uint GetProcessIdOfThread(HTHREAD Thread);
/// Retrieves information about the specified process.
///
/// A handle to the process. This handle must have the PROCESS_SET_INFORMATION access right. For more information, see Process
/// Security and Access Rights.
///
/// The kind of information to retrieve. The only supported value is ProcessMemoryPriority
///
/// Pointer to an object to receive the type of information specified by the ProcessInformationClass parameter.
///
/// If the ProcessInformationClass parameter is ProcessMemoryPriority, this parameter must point to a
/// MEMORY_PRIORITY_INFORMATION structure.
///
///
/// If the ProcessInformationClass parameter is ProcessPowerThrottling, this parameter must point to a
/// PROCESS_POWER_THROTTLING_STATE structure.
///
///
/// If the ProcessInformationClass parameter is ProcessProtectionLevelInfo, this parameter must point to a
/// PROCESS_PROTECTION_LEVEL_INFORMATION structure.
///
///
/// If the ProcessInformationClass parameter is ProcessAppMemoryInfo, this parameter must point to a
/// APP_MEMORY_INFORMATION structure.
///
///
///
/// The size in bytes of the structure specified by the ProcessInformation parameter.
/// If the ProcessInformationClass parameter is ProcessMemoryPriority, this parameter must be .
/// If the ProcessInformationClass parameter is ProcessPowerThrottling, this parameter must be .
/// If the ProcessInformationClass parameter is ProcessProtectionLevelInfo, this parameter must be .
/// If the ProcessInformationClass parameter is ProcessAppMemoryInfo, this parameter must be .
///
///
/// If the function succeeds, the return value is nonzero.
/// If the function fails, the return value is zero. To get extended error information, call GetLastError.
///
// BOOL WINAPI GetProcessInformation( _In_ HANDLE hProcess, _In_ PROCESS_INFORMATION_CLASS ProcessInformationClass,
// _Out_writes_bytes_(ProcessInformationSize) ProcessInformation, _In_ DWORD ProcessInformationSize); https://msdn.microsoft.com/en-us/library/windows/desktop/hh448381(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "hh448381")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool GetProcessInformation(HPROCESS hProcess, PROCESS_INFORMATION_CLASS ProcessInformationClass,
IntPtr ProcessInformation, uint ProcessInformationSize);
/// Retrieves mitigation policy settings for the calling process.
///
/// A handle to the process. This handle must have the PROCESS_QUERY_INFORMATION access right. For more information, see Process
/// Security and Access Rights.
///
///
/// The mitigation policy to retrieve. This parameter can be one of the following values.
///
///
///
/// Value
/// Meaning
///
/// -
/// ProcessDEPPolicy
///
/// The data execution prevention (DEP) policy of the process.The lpBuffer parameter points to a PROCESS_MITIGATION_DEP_POLICY
/// structure that specifies the DEP policy flags.
///
///
/// -
/// ProcessASLRPolicy
///
/// The Address Space Layout Randomization (ASLR) policy of the process.The lpBuffer parameter points to a
/// PROCESS_MITIGATION_ASLR_POLICY structure that specifies the ASLR policy flags.
///
///
/// -
/// ProcessDynamicCodePolicy
///
/// The dynamic code policy of the process. When turned on, the process cannot generate dynamic code or modify existing executable
/// code.The lpBuffer parameter points to a PROCESS_MITIGATION_DYNAMIC_CODE_POLICY structure that specifies the dynamic code policy flags.
///
///
/// -
/// ProcessStrictHandleCheckPolicy
///
/// The process will receive a fatal error if it manipulates a handle that is not valid.The lpBuffer parameter points to a
/// PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY structure that specifies the handle check policy flags.
///
///
/// -
/// ProcessSystemCallDisablePolicy
///
/// Disables the ability to use NTUser/GDI functions at the lowest layer.The lpBuffer parameter points to a
/// PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY structure that specifies the system call disable policy flags.
///
///
/// -
/// ProcessMitigationOptionsMask
///
/// Returns the mask of valid bits for all the mitigation options on the system. An application can set many mitigation options
/// without querying the operating system for mitigation options by combining bitwise with the mask to exclude all non-supported bits
/// at once.The lpBuffer parameter points to a ULONG64 bit vector for the mask, or a two-element array of ULONG64 bit vectors.
///
///
/// -
/// ProcessExtensionPointDisablePolicy
///
/// Prevents certain built-in third party extension points from being enabled, preventing legacy extension point DLLs from being
/// loaded into the process.The lpBuffer parameter points to a PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY structure that
/// specifies the extension point disable policy flags.
///
///
/// -
/// ProcessControlFlowGuardPolicy
///
/// The Control Flow Guard (CFG) policy of the process.The lpBuffer parameter points to a
/// PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY structure that specifies the CFG policy flags.
///
///
/// -
/// ProcessSignaturePolicy
///
/// The policy of a process that can restrict image loading to those images that are either signed by Microsoft, by the Windows
/// Store, or by Microsoft, the Windows Store and the Windows Hardware Quality Labs (WHQL).he lpBuffer parameter points to a
/// PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY structure that specifies the signature policy flags.
///
///
/// -
/// ProcessFontDisablePolicy
///
/// The policy regarding font loading for the process. When turned on, the process cannot load non-system fonts.The lpBuffer
/// parameter points to a PROCESS_MITIGATION_FONT_DISABLE_POLICY structure that specifies the policy flags for font loading.
///
///
/// -
/// ProcessImageLoadPolicy
///
/// The policy regarding image loading for the process, which determines the types of executable images that are allowed to be mapped
/// into the process. When turned on, images cannot be loaded from some locations, such a remote devices or files that have the low
/// mandatory label.The lpBuffer parameter points to a PROCESS_MITIGATION_IMAGE_LOAD_POLICY structure that specifies the policy flags
/// for image loading.
///
///
///
///
///
///
///
/// If the MitigationPolicy parameter is ProcessDEPPolicy, this parameter points to a PROCESS_MITIGATION_DEP_POLICY
/// structure that receives the DEP policy flags.
///
///
/// If the MitigationPolicy parameter is ProcessASLRPolicy, this parameter points to a PROCESS_MITIGATION_ASLR_POLICY
/// structure that receives the ASLR policy flags.
///
///
/// If the MitigationPolicy parameter is ProcessDynamicCodePolicy, this parameter points to a
/// PROCESS_MITIGATION_DYNAMIC_CODE_POLICY structure that receives the dynamic code policy flags.
///
///
/// If the MitigationPolicy parameter is ProcessStrictHandleCheckPolicy, this parameter points to a
/// PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY structure that specifies the handle check policy flags.
///
///
/// If the MitigationPolicy parameter is ProcessSystemCallDisablePolicy, this parameter points to a
/// PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY structure that specifies the system call disable policy flags.
///
///
/// If the MitigationPolicy parameter is ProcessMitigationOptionsMask, this parameter points to a ULONG64 bit vector
/// for the mask or a two-element array of ULONG64 bit vectors.
///
///
/// If the MitigationPolicy parameter is ProcessExtensionPointDisablePolicy, this parameter points to a
/// PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY structure that specifies the extension point disable policy flags.
///
///
/// If the MitigationPolicy parameter is ProcessControlFlowGuardPolicy, this parameter points to a
/// PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY structure that specifies the CFG policy flags.
///
///
/// If the MitigationPolicy parameter is ProcessSignaturePolicy, this parameter points to a
/// PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY structure that receives the signature policy flags.
///
///
/// If the MitigationPolicy parameter is ProcessFontDisablePolicy, this parameter points to a
/// PROCESS_MITIGATION_FONT_DISABLE_POLICY structure that receives the policy flags for font loading.
///
///
/// If the MitigationPolicy parameter is ProcessImageLoadPolicy, this parameter points to a
/// PROCESS_MITIGATION_IMAGE_LOAD_POLICY structure that receives the policy flags for image loading.
///
///
/// The size of lpBuffer, in bytes.
///
/// If the function succeeds, it returns TRUE. If the function fails, it returns FALSE. To retrieve error values
/// defined for this function, call GetLastError.
///
// BOOL WINAPI GetProcessMitigationPolicy( _In_ HANDLE hProcess, _In_ PROCESS_MITIGATION_POLICY MitigationPolicy, _Out_ PVOID
// lpBuffer, _In_ SIZE_T dwLength); https://msdn.microsoft.com/en-us/library/windows/desktop/hh769085(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("Processthreadsapi.h", MSDNShortId = "hh769085")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool GetProcessMitigationPolicy(HPROCESS hProcess, PROCESS_MITIGATION_POLICY MitigationPolicy, IntPtr lpBuffer, SizeT dwLength);
/// Retrieves mitigation policy settings for the calling process.
/// The type of the value to retrieve.
///
/// A handle to the process. This handle must have the PROCESS_QUERY_INFORMATION access right. For more information, see Process
/// Security and Access Rights.
///
///
/// The mitigation policy to retrieve. This parameter can be one of the following values.
///
///
///
/// Value
/// Meaning
///
/// -
/// ProcessDEPPolicy
///
/// The data execution prevention (DEP) policy of the process.The lpBuffer parameter points to a PROCESS_MITIGATION_DEP_POLICY
/// structure that specifies the DEP policy flags.
///
///
/// -
/// ProcessASLRPolicy
///
/// The Address Space Layout Randomization (ASLR) policy of the process.The lpBuffer parameter points to a
/// PROCESS_MITIGATION_ASLR_POLICY structure that specifies the ASLR policy flags.
///
///
/// -
/// ProcessDynamicCodePolicy
///
/// The dynamic code policy of the process. When turned on, the process cannot generate dynamic code or modify existing executable
/// code.The lpBuffer parameter points to a PROCESS_MITIGATION_DYNAMIC_CODE_POLICY structure that specifies the dynamic code policy flags.
///
///
/// -
/// ProcessStrictHandleCheckPolicy
///
/// The process will receive a fatal error if it manipulates a handle that is not valid.The lpBuffer parameter points to a
/// PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY structure that specifies the handle check policy flags.
///
///
/// -
/// ProcessSystemCallDisablePolicy
///
/// Disables the ability to use NTUser/GDI functions at the lowest layer.The lpBuffer parameter points to a
/// PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY structure that specifies the system call disable policy flags.
///
///
/// -
/// ProcessMitigationOptionsMask
///
/// Returns the mask of valid bits for all the mitigation options on the system. An application can set many mitigation options
/// without querying the operating system for mitigation options by combining bitwise with the mask to exclude all non-supported bits
/// at once.The lpBuffer parameter points to a ULONG64 bit vector for the mask, or a two-element array of ULONG64 bit vectors.
///
///
/// -
/// ProcessExtensionPointDisablePolicy
///
/// Prevents certain built-in third party extension points from being enabled, preventing legacy extension point DLLs from being
/// loaded into the process.The lpBuffer parameter points to a PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY structure that
/// specifies the extension point disable policy flags.
///
///
/// -
/// ProcessControlFlowGuardPolicy
///
/// The Control Flow Guard (CFG) policy of the process.The lpBuffer parameter points to a
/// PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY structure that specifies the CFG policy flags.
///
///
/// -
/// ProcessSignaturePolicy
///
/// The policy of a process that can restrict image loading to those images that are either signed by Microsoft, by the Windows
/// Store, or by Microsoft, the Windows Store and the Windows Hardware Quality Labs (WHQL).he lpBuffer parameter points to a
/// PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY structure that specifies the signature policy flags.
///
///
/// -
/// ProcessFontDisablePolicy
///
/// The policy regarding font loading for the process. When turned on, the process cannot load non-system fonts.The lpBuffer
/// parameter points to a PROCESS_MITIGATION_FONT_DISABLE_POLICY structure that specifies the policy flags for font loading.
///
///
/// -
/// ProcessImageLoadPolicy
///
/// The policy regarding image loading for the process, which determines the types of executable images that are allowed to be mapped
/// into the process. When turned on, images cannot be loaded from some locations, such a remote devices or files that have the low
/// mandatory label.The lpBuffer parameter points to a PROCESS_MITIGATION_IMAGE_LOAD_POLICY structure that specifies the policy flags
/// for image loading.
///
///
///
///
///
/// The value.
///
/// If the function succeeds, it returns TRUE. If the function fails, it returns FALSE. To retrieve error values
/// defined for this function, call GetLastError.
///
///
public static bool GetProcessMitigationPolicy(HPROCESS hProcess, PROCESS_MITIGATION_POLICY MitigationPolicy, out T value)
{
var isMask = MitigationPolicy == PROCESS_MITIGATION_POLICY.ProcessMitigationOptionsMask;
if (!isMask && !CorrespondingTypeAttribute.CanGet(MitigationPolicy, typeof(T))) throw new ArgumentException($"{MitigationPolicy} cannot be used to get values of type {typeof(T)}.");
var sz = isMask ? 16 : Marshal.SizeOf(typeof(T));
using (var ptr = new SafeCoTaskMemHandle(sz))
{
if (GetProcessMitigationPolicy(hProcess, MitigationPolicy, (IntPtr)ptr, (uint)ptr.Size))
{
if (isMask && typeof(T).Equals(typeof(ulong[])))
value = (T)(object)ptr.ToArray(2);
else
value = ptr.ToStructure();
return true;
}
}
value = default;
return false;
}
/// Retrieves the priority boost control state of the specified process.
///
///
/// A handle to the process. This handle must have the PROCESS_QUERY_INFORMATION or PROCESS_QUERY_LIMITED_INFORMATION
/// access right. For more information, see Process Security and Access Rights.
///
/// Windows Server 2003 and Windows XP: The handle must have the PROCESS_QUERY_INFORMATION access right.
///
///
/// A pointer to a variable that receives the priority boost control state. A value of TRUE indicates that dynamic boosting is
/// disabled. A value of FALSE indicates normal behavior.
///
///
///
/// If the function succeeds, the return value is nonzero. In that case, the variable pointed to by the pDisablePriorityBoost
/// parameter receives the priority boost control state.
///
/// If the function fails, the return value is zero. To get extended error information, call GetLastError.
///
// BOOL WINAPI GetProcessPriorityBoost( _In_ HANDLE hProcess, _Out_ PBOOL pDisablePriorityBoost); https://msdn.microsoft.com/en-us/library/windows/desktop/ms683220(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms683220")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool GetProcessPriorityBoost([In] HPROCESS hProcess, [MarshalAs(UnmanagedType.Bool)] out bool pDisablePriorityBoost);
/// Retrieves the shutdown parameters for the currently calling process.
///
///
/// A pointer to a variable that receives the shutdown priority level. Higher levels shut down first. System level shutdown orders
/// are reserved for system components. Higher numbers shut down first. Following are the level conventions.
///
///
///
///
/// Value
/// Meaning
///
/// -
/// 000-0FF
/// System reserved last shutdown range.
///
/// -
/// 100-1FF
/// Application reserved last shutdown range.
///
/// -
/// 200-2FF
/// Application reserved "in between" shutdown range.
///
/// -
/// 300-3FF
/// Application reserved first shutdown range.
///
/// -
/// 400-4FF
/// System reserved first shutdown range.
///
///
///
/// All processes start at shutdown level 0x280.
///
///
/// A pointer to a variable that receives the shutdown flags. This parameter can be the following value.
///
///
///
/// Value
/// Meaning
///
/// -
/// SHUTDOWN_NORETRY0x00000001
///
/// If this process takes longer than the specified timeout to shut down, do not display a retry dialog box for the user. Instead,
/// just cause the process to directly exit.
///
///
///
///
///
///
/// If the function succeeds, the return value is nonzero.
/// If the function fails, the return value is zero. To get extended error information, call GetLastError.
///
// BOOL WINAPI GetProcessShutdownParameters( _Out_ LPDWORD lpdwLevel, _Out_ LPDWORD lpdwFlags); https://msdn.microsoft.com/en-us/library/windows/desktop/ms683221(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms683221")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool GetProcessShutdownParameters(out uint lpdwLevel, out SHUTDOWN lpdwFlags);
/// Retrieves timing information for the specified process.
///
///
/// A handle to the process whose timing information is sought. The handle must have the PROCESS_QUERY_INFORMATION or
/// PROCESS_QUERY_LIMITED_INFORMATION access right. For more information, see Process Security and Access Rights.
///
/// Windows Server 2003 and Windows XP: The handle must have the PROCESS_QUERY_INFORMATION access right.
///
/// A pointer to a FILETIME structure that receives the creation time of the process.
///
/// A pointer to a FILETIME structure that receives the exit time of the process. If the process has not exited, the content
/// of this structure is undefined.
///
///
/// A pointer to a FILETIME structure that receives the amount of time that the process has executed in kernel mode. The time
/// that each of the threads of the process has executed in kernel mode is determined, and then all of those times are summed
/// together to obtain this value.
///
///
/// A pointer to a FILETIME structure that receives the amount of time that the process has executed in user mode. The time
/// that each of the threads of the process has executed in user mode is determined, and then all of those times are summed together
/// to obtain this value. Note that this value can exceed the amount of real time elapsed (between lpCreationTime and lpExitTime) if
/// the process executes across multiple CPU cores.
///
///
/// If the function succeeds, the return value is nonzero.
/// If the function fails, the return value is zero. To get extended error information, call GetLastError.
///
// BOOL WINAPI GetProcessTimes( _In_ HANDLE hProcess, _Out_ LPFILETIME lpCreationTime, _Out_ LPFILETIME lpExitTime, _Out_ LPFILETIME
// lpKernelTime, _Out_ LPFILETIME lpUserTime); https://msdn.microsoft.com/en-us/library/windows/desktop/ms683223(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms683223")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool GetProcessTimes([In] HPROCESS hProcess, out FILETIME lpCreationTime, out FILETIME lpExitTime, out FILETIME lpKernelTime,
out FILETIME lpUserTime);
/// Retrieves the major and minor version numbers of the system on which the specified process expects to run.
/// The process identifier of the process of interest. A value of zero specifies the calling process.
///
///
/// If the function succeeds, the return value is the version of the system on which the process expects to run. The high word of the
/// return value contains the major version number. The low word of the return value contains the minor version number.
///
///
/// If the function fails, the return value is zero. To get extended error information, call GetLastError. The function fails
/// if ProcessId is an invalid value.
///
///
// DWORD WINAPI GetProcessVersion( _In_ DWORD ProcessId); https://msdn.microsoft.com/en-us/library/windows/desktop/ms683224(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms683224")]
public static extern uint GetProcessVersion(uint ProcessId);
/// Retrieves the contents of the STARTUPINFO structure that was specified when the calling process was created.
/// A pointer to a STARTUPINFO structure that receives the startup information.
///
/// This function does not return a value.
///
/// If an error occurs, the ANSI version of this function ( GetStartupInfoA) can raise an exception. The Unicode version (
/// GetStartupInfoW) does not fail.
///
///
// VOID WINAPI GetStartupInfo( _Out_ LPSTARTUPINFO lpStartupInfo); https://msdn.microsoft.com/en-us/library/windows/desktop/ms683230(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = false, CharSet = CharSet.Auto)]
[PInvokeData("WinBase.h", MSDNShortId = "ms683230")]
public static extern void GetStartupInfo(out STARTUPINFO lpStartupInfo);
/// Allows an application to query the available CPU Sets on the system, and their current state.
///
/// A pointer to a SYSTEM_CPU_SET_INFORMATION structure that receives the CPU Set data. Pass NULL with a buffer length of 0 to
/// determine the required buffer size.
///
/// The length, in bytes, of the output buffer passed as the Information argument.
///
/// The length, in bytes, of the valid data in the output buffer if the buffer is large enough, or the required size of the output
/// buffer. If no CPU Sets exist, this value will be 0.
///
///
/// An optional handle to a process. This process is used to determine the value of the AllocatedToTargetProcess flag in the
/// SYSTEM_CPU_SET_INFORMATION structure. If a CPU Set is allocated to the specified process, the flag is set. Otherwise, it is
/// clear. This handle must have the PROCESS_QUERY_LIMITED_INFORMATION access right. The value returned by GetCurrentProcess
/// may also be specified here.
///
/// Reserved, must be 0.
///
/// If the API succeeds it returns TRUE. If it fails, the error reason is available through GetLastError. If the Information
/// buffer was NULL or not large enough, the error code ERROR_INSUFFICIENT_BUFFER is returned. This API cannot fail when passed valid
/// parameters and a buffer that is large enough to hold all of the return data.
///
// BOOL WINAPI GetSystemCpuSetInformation( _Out_opt_ PSYSTEM_CPU_SET_INFORMATION Information, _In_ ULONG BufferLength, _Out_ PULONG
// ReturnedLength, _In_opt_ HANDLE Process, _Reserved_ ULONG Flags); https://msdn.microsoft.com/en-us/library/windows/desktop/mt186425(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("Processthreadapi.h", MSDNShortId = "mt186425")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool GetSystemCpuSetInformation(IntPtr Information, uint BufferLength, out uint ReturnedLength, [Optional] HPROCESS Process, [Optional] uint Flags);
/// Allows an application to query the available CPU Sets on the system, and their current state.
///
/// An optional handle to a process. This process is used to determine the value of the AllocatedToTargetProcess flag in the
/// SYSTEM_CPU_SET_INFORMATION structure. If a CPU Set is allocated to the specified process, the flag is set. Otherwise, it is
/// clear. This handle must have the PROCESS_QUERY_LIMITED_INFORMATION access right. The value returned by GetCurrentProcess
/// may also be specified here.
///
/// A SYSTEM_CPU_SET_INFORMATION1 structure that receives the CPU Set data.
public static SYSTEM_CPU_SET_INFORMATION1 GetSystemCpuSetInformation([Optional] HPROCESS Process)
{
var success = false;
SafeCoTaskMemHandle ptr = null;
for (var sz = (uint)Marshal.SizeOf(typeof(SYSTEM_CPU_SET_INFORMATION)); !success;)
{
ptr = new SafeCoTaskMemHandle((int)sz);
success = GetSystemCpuSetInformation((IntPtr)ptr, sz, out sz, Process);
if (!success)
{
var err = Win32Error.GetLastError();
if (err != Win32Error.ERROR_INSUFFICIENT_BUFFER) err.ThrowIfFailed();
}
}
return ptr.ToStructure().Union.CpuSet;
}
///
/// Retrieves system timing information. On a multiprocessor system, the values returned are the sum of the designated times across
/// all processors.
///
///
/// A pointer to a FILETIME structure that receives the amount of time that the system has been idle.
///
///
/// A pointer to a FILETIME structure that receives the amount of time that the system has spent executing in Kernel mode
/// (including all threads in all processes, on all processors). This time value also includes the amount of time the system has been idle.
///
///
/// A pointer to a FILETIME structure that receives the amount of time that the system has spent executing in User mode
/// (including all threads in all processes, on all processors).
///
///
/// If the function succeeds, the return value is nonzero.
/// If the function fails, the return value is zero. To get extended error information, call GetLastError.
///
// BOOL WINAPI GetSystemTimes( _Out_opt_ LPFILETIME lpIdleTime, _Out_opt_ LPFILETIME lpKernelTime, _Out_opt_ LPFILETIME lpUserTime); https://msdn.microsoft.com/en-us/library/windows/desktop/ms724400(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("Winbase.h", MSDNShortId = "ms724400")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool GetSystemTimes(out FILETIME lpIdleTime, out FILETIME lpKernelTime, out FILETIME lpUserTime);
///
/// Retrieves the context of the specified thread.
/// A 64-bit application can retrieve the context of a WOW64 thread using the Wow64GetThreadContext function.
///
///
///
/// A handle to the thread whose context is to be retrieved. The handle must have THREAD_GET_CONTEXT access to the thread. For
/// more information, see Thread Security and Access Rights.
///
/// WOW64: The handle must also have THREAD_QUERY_INFORMATION access.
///
///
/// A pointer to a CONTEXT structure that receives the appropriate context of the specified thread. The value of the
/// ContextFlags member of this structure specifies which portions of a thread's context are retrieved. The CONTEXT
/// structure is highly processor specific. Refer to the WinNT.h header file for processor-specific definitions of this structures
/// and any alignment requirements.
///
///
/// If the function succeeds, the return value is nonzero.
/// If the function fails, the return value is zero. To get extended error information, call GetLastError.
///
// BOOL WINAPI GetThreadContext( _In_ HANDLE hThread, _Inout_ LPCONTEXT lpContext); https://msdn.microsoft.com/en-us/library/windows/desktop/ms679362(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms679362")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool GetThreadContext([In] HTHREAD hThread, IntPtr lpContext);
/// Retrieves the description that was assigned to a thread by calling SetThreadDescription.
///
/// A handle to the thread for which to retrieve the description. The handle must have THREAD_QUERY_LIMITED_INFORMATION access.
///
/// A Unicode string that contains the description of the thread.
///
/// If the function succeeds, the return value is the HRESULT that denotes a successful operation.If the function fails, the
/// return value is an HRESULT that denotes the error.
///
// HRESULT WINAPI GetThreadDescription( _In_ HANDLE hThread, _Out_ PWSTR *threadDescription); https://msdn.microsoft.com/en-us/library/windows/desktop/mt774972(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
[PInvokeData("ProcessThreadsApi.h", MSDNShortId = "mt774972")]
public static extern HRESULT GetThreadDescription(HTHREAD hThread, out string threadDescription);
/// Retrieves the thread identifier of the specified thread.
///
///
/// A handle to the thread. The handle must have the THREAD_QUERY_INFORMATION or THREAD_QUERY_LIMITED_INFORMATION access right. For
/// more information about access rights, see Thread Security and Access Rights.
///
/// Windows Server 2003: The handle must have the THREAD_QUERY_INFORMATION access right.
///
/// If the function fails, the return value is zero. To get extended error information, call GetLastError.
// DWORD WINAPI GetThreadId( _In_ HANDLE Thread); https://msdn.microsoft.com/en-us/library/windows/desktop/ms683233(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms683233")]
public static extern uint GetThreadId(IntPtr Thread);
/// Retrieves the processor number of the ideal processor for the specified thread.
///
/// A handle to the thread for which to retrieve the ideal processor. This handle must have been created with the
/// THREAD_QUERY_LIMITED_INFORMATION access right. For more information, see Thread Security and Access Rights.
///
/// Points to PROCESSOR_NUMBER structure to receive the number of the ideal processor.
///
/// If the function succeeds, it returns a nonzero value.
/// If the function fails, it returns zero. To get extended error information, use GetLastError.
///
// BOOL GetThreadIdealProcessorEx( _In_ HANDLE hThread, _Out_ PPROCESSOR_NUMBER lpIdealProcessor); https://msdn.microsoft.com/en-us/library/windows/desktop/dd405499(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "dd405499")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool GetThreadIdealProcessorEx(HTHREAD hThread, out PROCESSOR_NUMBER lpIdealProcessor);
/// Retrieves information about the specified thread.
///
/// A handle to the thread. The handle must have THREAD_QUERY_INFORMATION access rights. For more information, see Thread Security
/// and Access Rights.
///
///
/// The class of information to retrieve. The only supported values are ThreadMemoryPriority and ThreadPowerThrottling.
///
///
/// Pointer to a structure to receive the type of information specified by the ThreadInformationClass parameter.
///
/// If the ThreadInformationClass parameter is ThreadMemoryPriority, this parameter must point to a
/// MEMORY_PRIORITY_INFORMATION structure.
///
///
/// If the ThreadInformationClass parameter is ThreadPowerThrottling, this parameter must point to a
/// THREAD_POWER_THROTTLING_STATE structure.
///
///
///
/// The size in bytes of the structure specified by the ThreadInformation parameter.
/// If the ThreadInformationClass parameter is ThreadMemoryPriority, this parameter must be .
/// If the ThreadInformationClass parameter is ThreadPowerThrottling, this parameter must be .
///
///
/// If the function succeeds, the return value is nonzero.
/// If the function fails, the return value is zero. To get extended error information, call GetLastError.
///
// BOOL GetThreadInformation( _In_ HANDLE hThread, _In_ THREAD_INFORMATION_CLASS ThreadInformationClass, _Out_writes_bytes_
// ThreadInformation, _In_ DWORD ThreadInformationSize);// https://msdn.microsoft.com/en-us/library/windows/desktop/hh448382(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "hh448382")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool GetThreadInformation(HTHREAD hThread, THREAD_INFORMATION_CLASS ThreadInformationClass, IntPtr ThreadInformation, uint ThreadInformationSize);
/// Determines whether a specified thread has any I/O requests pending.
///
/// A handle to the thread in question. This handle must have been created with the THREAD_QUERY_INFORMATION access right. For more
/// information, see Thread Security and Access Rights.
///
///
/// A pointer to a variable which the function sets to TRUE if the specified thread has one or more I/O requests pending, or to FALSE otherwise.
///
///
/// If the function succeeds, the return value is nonzero.
/// If the function fails, the return value is zero. To get extended error information, call GetLastError.
///
// BOOL WINAPI GetThreadIOPendingFlag( _In_ HANDLE hThread, _Inout_ PBOOL lpIOIsPending); https://msdn.microsoft.com/en-us/library/windows/desktop/ms683234(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms683234")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool GetThreadIOPendingFlag([In] HTHREAD hThread, [MarshalAs(UnmanagedType.Bool)] out bool lpIOIsPending);
///
/// Retrieves the priority value for the specified thread. This value, together with the priority class of the thread's process,
/// determines the thread's base-priority level.
///
///
/// A handle to the thread.
///
/// The handle must have the THREAD_QUERY_INFORMATION or THREAD_QUERY_LIMITED_INFORMATION access right. For more
/// information, see Thread Security and Access Rights.
///
/// Windows Server 2003: The handle must have the THREAD_QUERY_INFORMATION access right.
///
///
/// If the function succeeds, the return value is the thread's priority level.
///
/// If the function fails, the return value is THREAD_PRIORITY_ERROR_RETURN. To get extended error information, call GetLastError.
///
/// Windows Phone 8.1: This function will always return THREAD_PRIORITY_NORMAL.
/// The thread's priority level is one of the following values.
///
///
///
/// Return code/value
/// Description
///
/// -
/// THREAD_PRIORITY_ABOVE_NORMAL1
/// Priority 1 point above the priority class.
///
/// -
/// THREAD_PRIORITY_BELOW_NORMAL-1
/// Priority 1 point below the priority class.
///
/// -
/// THREAD_PRIORITY_HIGHEST2
/// Priority 2 points above the priority class.
///
/// -
/// THREAD_PRIORITY_IDLE-15
///
/// Base priority of 1 for IDLE_PRIORITY_CLASS, BELOW_NORMAL_PRIORITY_CLASS, NORMAL_PRIORITY_CLASS, ABOVE_NORMAL_PRIORITY_CLASS, or
/// HIGH_PRIORITY_CLASS processes, and a base priority of 16 for REALTIME_PRIORITY_CLASS processes.
///
///
/// -
/// THREAD_PRIORITY_LOWEST-2
/// Priority 2 points below the priority class.
///
/// -
/// THREAD_PRIORITY_NORMAL0
/// Normal priority for the priority class.
///
/// -
/// THREAD_PRIORITY_TIME_CRITICAL15
///
/// Base-priority level of 15 for IDLE_PRIORITY_CLASS, BELOW_NORMAL_PRIORITY_CLASS, NORMAL_PRIORITY_CLASS,
/// ABOVE_NORMAL_PRIORITY_CLASS, or HIGH_PRIORITY_CLASS processes, and a base-priority level of 31 for REALTIME_PRIORITY_CLASS processes.
///
///
///
///
///
/// If the thread has the REALTIME_PRIORITY_CLASS base class, this function can also return one of the following values: -7,
/// -6, -5, -4, -3, 3, 4, 5, or 6. For more information, see Scheduling Priorities.
///
///
// int WINAPI GetThreadPriority( _In_ HANDLE hThread);// https://msdn.microsoft.com/en-us/library/windows/desktop/ms683235(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms683235")]
public static extern int GetThreadPriority([In] HTHREAD hThread);
/// Retrieves the priority boost control state of the specified thread.
///
///
/// A handle to the thread. The handle must have the THREAD_QUERY_INFORMATION or THREAD_QUERY_LIMITED_INFORMATION
/// access right. For more information, see Thread Security and Access Rights.
///
/// Windows Server 2003 and Windows XP: The handle must have the THREAD_QUERY_INFORMATION access right.
///
///
/// A pointer to a variable that receives the priority boost control state. A value of TRUE indicates that dynamic boosting is
/// disabled. A value of FALSE indicates normal behavior.
///
///
///
/// If the function succeeds, the return value is nonzero. In that case, the variable pointed to by the pDisablePriorityBoost
/// parameter receives the priority boost control state.
///
/// If the function fails, the return value is zero. To get extended error information, call GetLastError.
///
// BOOL WINAPI GetThreadPriorityBoost( _In_ HANDLE hThread, _Out_ PBOOL pDisablePriorityBoost); https://msdn.microsoft.com/en-us/library/windows/desktop/ms683236(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms683236")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool GetThreadPriorityBoost([In] HTHREAD hThread, [MarshalAs(UnmanagedType.Bool)] out bool pDisablePriorityBoost);
///
/// Returns the explicit CPU Set assignment of the specified thread, if any assignment was set using the
/// SetThreadSelectedCpuSets API. If no explicit assignment is set, RequiredIdCount is set to 0 and the function
/// returns TRUE.
///
///
/// Specifies the thread for which to query the selected CPU Sets. This handle must have the THREAD_QUERY_LIMITED_INFORMATION access
/// right. The value returned by GetCurrentThread can also be specified here.
///
/// Specifies an optional buffer to retrieve the list of CPU Set identifiers.
///
/// Specifies the capacity of the buffer specified in CpuSetIds. If the buffer is NULL, this must be 0.
///
///
/// Specifies the required capacity of the buffer to hold the entire list of thread selected CPU Sets. On successful return, this
/// specifies the number of IDs filled into the buffer.
///
///
/// This API returns TRUE on success. If the buffer is not large enough, the GetLastError value is ERROR_INSUFFICIENT_BUFFER.
/// This API cannot fail when passed valid parameters and the return buffer is large enough.
///
// BOOL WINAPI GetThreadSelectedCpuSets( _In_ HANDLE Thread, _Out_opt_ PULONG CpuSetIds, _In_ ULONG CpuSetIdCount, _Out_ PULONG
// RequiredIdCount); https://msdn.microsoft.com/en-us/library/windows/desktop/mt186426(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("Processthreadapi.h", MSDNShortId = "mt186426")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool GetThreadSelectedCpuSets(HTHREAD Thread, IntPtr CpuSetIds, uint CpuSetIdCount, out uint RequiredIdCount);
/// Retrieves timing information for the specified thread.
///
///
/// A handle to the thread whose timing information is sought. The handle must have the THREAD_QUERY_INFORMATION or
/// THREAD_QUERY_LIMITED_INFORMATION access right. For more information, see Thread Security and Access Rights.
///
/// Windows Server 2003 and Windows XP: The handle must have the THREAD_QUERY_INFORMATION access right.
///
/// A pointer to a FILETIME structure that receives the creation time of the thread.
///
/// A pointer to a FILETIME structure that receives the exit time of the thread. If the thread has not exited, the content of
/// this structure is undefined.
///
///
/// A pointer to a FILETIME structure that receives the amount of time that the thread has executed in kernel mode.
///
///
/// A pointer to a FILETIME structure that receives the amount of time that the thread has executed in user mode.
///
///
/// If the function succeeds, the return value is nonzero.
/// If the function fails, the return value is zero. To get extended error information, call GetLastError.
///
// BOOL WINAPI GetThreadTimes( _In_ HANDLE hThread, _Out_ LPFILETIME lpCreationTime, _Out_ LPFILETIME lpExitTime, _Out_ LPFILETIME
// lpKernelTime, _Out_ LPFILETIME lpUserTime);// https://msdn.microsoft.com/en-us/library/windows/desktop/ms683237(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms683237")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool GetThreadTimes([In] HTHREAD hThread, out FILETIME lpCreationTime, out FILETIME lpExitTime, out FILETIME lpKernelTime,
out FILETIME lpUserTime);
/// Initializes the specified list of attributes for process and thread creation.
///
/// The attribute list. This parameter can be NULL to determine the buffer size required to support the specified number of attributes.
///
/// The count of attributes to be added to the list.
/// This parameter is reserved and must be zero.
///
///
/// If lpAttributeList is not NULL, this parameter specifies the size in bytes of the lpAttributeList buffer on input. On output,
/// this parameter receives the size in bytes of the initialized attribute list.
///
/// If lpAttributeList is NULL, this parameter receives the required buffer size in bytes.
///
///
/// If the function succeeds, the return value is nonzero.
/// If the function fails, the return value is zero. To get extended error information, call GetLastError.
///
// BOOL WINAPI InitializeProcThreadAttributeList( _Out_opt_ LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList, _In_ DWORD
// dwAttributeCount, _Reserved_ DWORD dwFlags, _Inout_ PSIZE_T lpSize); https://msdn.microsoft.com/en-us/library/windows/desktop/ms683481(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms683481")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool InitializeProcThreadAttributeList(IntPtr lpAttributeList, uint dwAttributeCount, [Optional] uint dwFlags, ref SizeT lpSize);
/// Determines whether the specified process is considered critical.
///
/// A handle to the process to query. The process must have been opened with PROCESS_QUERY_LIMITED_INFORMATION access.
///
///
/// A pointer to the BOOL value this function will use to indicate whether the process is considered critical.
///
///
/// This routine returns FALSE on failure. Any other value indicates success. Call GetLastError to query for the specific
/// error reason on failure.
///
// BOOL WINAPI IsProcessCritical( _In_ HANDLE hProcess, _Out_ PBOOL Critical); https://msdn.microsoft.com/en-us/library/windows/desktop/dn386160(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("Processthreadsapi.h", MSDNShortId = "dn386160")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool IsProcessCritical([In] HPROCESS hProcess, [MarshalAs(UnmanagedType.Bool)] out bool Critical);
/// Determines whether the specified processor feature is supported by the current computer.
///
/// The processor feature to be tested. This parameter can be one of the following values.
///
///
///
/// Value
/// Meaning
///
/// -
/// PF_ARM_64BIT_LOADSTORE_ATOMIC25
/// The 64-bit load/store atomic instructions are available.
///
/// -
/// PF_ARM_DIVIDE_INSTRUCTION_AVAILABLE24
/// The divide instructions are available.
///
/// -
/// PF_ARM_EXTERNAL_CACHE_AVAILABLE26
/// The external cache is available.
///
/// -
/// PF_ARM_FMAC_INSTRUCTIONS_AVAILABLE27
/// The floating-point multiply-accumulate instruction is available.
///
/// -
/// PF_ARM_VFP_32_REGISTERS_AVAILABLE18
/// The VFP/Neon: 32 x 64bit register bank is present. This flag has the same meaning as PF_ARM_VFP_EXTENDED_REGISTERS.
///
/// -
/// PF_3DNOW_INSTRUCTIONS_AVAILABLE7
/// The 3D-Now instruction set is available.
///
/// -
/// PF_CHANNELS_ENABLED16
/// The processor channels are enabled.
///
/// -
/// PF_COMPARE_EXCHANGE_DOUBLE2
/// The atomic compare and exchange operation (cmpxchg) is available.
///
/// -
/// PF_COMPARE_EXCHANGE12814
///
/// The atomic compare and exchange 128-bit operation (cmpxchg16b) is available.Windows Server 2003 and Windows XP/2000: This feature
/// is not supported.
///
///
/// -
/// PF_COMPARE64_EXCHANGE12815
///
/// The atomic compare 64 and exchange 128-bit operation (cmp8xchg16) is available.Windows Server 2003 and Windows XP/2000: This
/// feature is not supported.
///
///
/// -
/// PF_FASTFAIL_AVAILABLE23
/// _fastfail() is available.
///
/// -
/// PF_FLOATING_POINT_EMULATED1
///
/// Floating-point operations are emulated using a software emulator.This function returns a nonzero value if floating-point
/// operations are emulated; otherwise, it returns zero.
///
///
/// -
/// PF_FLOATING_POINT_PRECISION_ERRATA0
/// On a Pentium, a floating-point precision error can occur in rare circumstances.
///
/// -
/// PF_MMX_INSTRUCTIONS_AVAILABLE3
/// The MMX instruction set is available.
///
/// -
/// PF_NX_ENABLED12
///
/// Data execution prevention is enabled.Windows XP/2000: This feature is not supported until Windows XP with SP2 and Windows Server
/// 2003 with SP1.
///
///
/// -
/// PF_PAE_ENABLED9
///
/// The processor is PAE-enabled. For more information, see Physical Address Extension.All x64 processors always return a nonzero
/// value for this feature.
///
///
/// -
/// PF_RDTSC_INSTRUCTION_AVAILABLE8
/// The RDTSC instruction is available.
///
/// -
/// PF_RDWRFSGSBASE_AVAILABLE22
/// RDFSBASE, RDGSBASE, WRFSBASE, and WRGSBASE instructions are available.
///
/// -
/// PF_SECOND_LEVEL_ADDRESS_TRANSLATION20
/// Second Level Address Translation is supported by the hardware.
///
/// -
/// PF_SSE3_INSTRUCTIONS_AVAILABLE13
/// The SSE3 instruction set is available.Windows Server 2003 and Windows XP/2000: This feature is not supported.
///
/// -
/// PF_VIRT_FIRMWARE_ENABLED21
/// Virtualization is enabled in the firmware.
///
/// -
/// PF_XMMI_INSTRUCTIONS_AVAILABLE6
/// The SSE instruction set is available.
///
/// -
/// PF_XMMI64_INSTRUCTIONS_AVAILABLE10
/// The SSE2 instruction set is available.Windows 2000: This feature is not supported.
///
/// -
/// PF_XSAVE_ENABLED17
///
/// The processor implements the XSAVE and XRSTOR instructions.Windows Server 2008, Windows Vista, Windows Server 2003 and Windows
/// XP/2000: This feature is not supported until Windows 7 and Windows Server 2008 R2.
///
///
///
///
///
///
/// If the feature is supported, the return value is a nonzero value.
/// If the feature is not supported, the return value is zero.
///
/// If the HAL does not support detection of the feature, whether or not the hardware supports the feature, the return value is also zero.
///
///
// BOOL WINAPI IsProcessorFeaturePresent( _In_ DWORD ProcessorFeature); https://msdn.microsoft.com/en-us/library/windows/desktop/ms724482(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("Winbase.h", MSDNShortId = "ms724482")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool IsProcessorFeaturePresent(PROCESSOR_FEATURE ProcessorFeature);
/// Opens an existing local process object.
///
///
/// The access to the process object. This access right is checked against the security descriptor for the process. This parameter
/// can be one or more of the process access rights.
///
///
/// If the caller has enabled the SeDebugPrivilege privilege, the requested access is granted regardless of the contents of the
/// security descriptor.
///
///
///
/// If this value is TRUE, processes created by this process will inherit the handle. Otherwise, the processes do not inherit this handle.
///
///
/// The identifier of the local process to be opened.
///
/// If the specified process is the System Process (0x00000000), the function fails and the last error code is
/// ERROR_INVALID_PARAMETER. If the specified process is the Idle process or one of the CSRSS processes, this function fails and the
/// last error code is ERROR_ACCESS_DENIED because their access restrictions prevent user-level code from opening them.
///
///
/// If you are using GetCurrentProcessId as an argument to this function, consider using GetCurrentProcess instead of
/// OpenProcess, for improved performance.
///
///
///
/// If the function succeeds, the return value is an open handle to the specified process.
/// If the function fails, the return value is NULL. To get extended error information, call GetLastError.
///
// HANDLE WINAPI OpenProcess( _In_ DWORD dwDesiredAccess, _In_ BOOL bInheritHandle, _In_ DWORD dwProcessId); https://msdn.microsoft.com/en-us/library/windows/desktop/ms684320(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms684320")]
public static extern SafeHPROCESS OpenProcess(ACCESS_MASK dwDesiredAccess, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, uint dwProcessId);
/// Opens an existing thread object.
///
///
/// The access to the thread object. This access right is checked against the security descriptor for the thread. This parameter can
/// be one or more of the thread access rights.
///
///
/// If the caller has enabled the SeDebugPrivilege privilege, the requested access is granted regardless of the contents of the
/// security descriptor.
///
///
///
/// If this value is TRUE, processes created by this process will inherit the handle. Otherwise, the processes do not inherit this handle.
///
/// The identifier of the thread to be opened.
///
/// If the function succeeds, the return value is an open handle to the specified thread.
/// If the function fails, the return value is NULL. To get extended error information, call GetLastError.
///
// HANDLE WINAPI OpenThread( _In_ DWORD dwDesiredAccess, _In_ BOOL bInheritHandle, _In_ DWORD dwThreadId); https://msdn.microsoft.com/en-us/library/windows/desktop/ms684335(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms684335")]
public static extern SafeHTHREAD OpenThread(ACCESS_MASK dwDesiredAccess, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, uint dwThreadId);
/// Retrieves the Remote Desktop Services session associated with a specified process.
///
/// Specifies a process identifier. Use the GetCurrentProcessId function to retrieve the process identifier for the current process.
///
///
/// Pointer to a variable that receives the identifier of the Remote Desktop Services session under which the specified process is
/// running. To retrieve the identifier of the session currently attached to the console, use the WTSGetActiveConsoleSessionId function.
///
///
/// If the function succeeds, the return value is a nonzero value.
/// If the function fails, the return value is zero. To get extended error information, call GetLastError.
///
// BOOL ProcessIdToSessionId( _In_ DWORD dwProcessId, _Out_ DWORD *pSessionId ); https://msdn.microsoft.com/en-us/library/aa382990(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("Winbase.h", MSDNShortId = "aa382990")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool ProcessIdToSessionId(uint dwProcessId, out uint pSessionId);
/// Retrieves the affinity update mode of the specified process.
///
/// A handle to the process. The handle must have the PROCESS_QUERY_INFORMATION or PROCESS_QUERY_LIMITED_INFORMATION access right.
/// For more information, see Process Security and Access Rights.
///
///
/// The affinity update mode. This parameter can be one of the following values.
///
///
///
/// Value
/// Meaning
///
/// -
/// 0
/// Dynamic update of the process affinity by the system is disabled.
///
/// -
/// PROCESS_AFFINITY_ENABLE_AUTO_UPDATE0x00000001UL
/// Dynamic update of the process affinity by the system is enabled.
///
///
///
///
///
/// If the function succeeds, the return value is nonzero.
/// If the function fails, the return value is zero. To get extended error information, call GetLastError.
///
// BOOL WINAPI QueryProcessAffinityUpdateMode( _In_ HANDLE ProcessHandle, _Out_opt_ DWORD lpdwFlags); https://msdn.microsoft.com/en-us/library/windows/desktop/bb309062(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "bb309062")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool QueryProcessAffinityUpdateMode(HPROCESS ProcessHandle, out PROCESS_AFFINITY_MODE lpdwFlags);
/// Queries the value associated with a protected policy.
/// The globally-unique identifier of the policy to query.
/// Receives the value that the supplied policy is set to.
/// True if the function succeeds; otherwise, false.
// BOOL WINAPI QueryProtectedPolicy( _In_ LPCGUID PolicyGuid, _Out_ PULONG_PTR PolicyValue); https://msdn.microsoft.com/en-us/library/windows/desktop/dn893591(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("Winbase.h", MSDNShortId = "dn893591")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool QueryProtectedPolicy(in Guid PolicyGuid, out UIntPtr PolicyValue);
/// Adds a user-mode asynchronous procedure call (APC) object to the APC queue of the specified thread.
///
/// A pointer to the application-supplied APC function to be called when the specified thread performs an alertable wait operation.
/// For more information, see APCProc.
///
///
/// A handle to the thread. The handle must have the THREAD_SET_CONTEXT access right. For more information, see
/// Synchronization Object Security and Access Rights.
///
/// A single value that is passed to the APC function pointed to by the pfnAPC parameter.
///
/// If the function succeeds, the return value is nonzero.
/// If the function fails, the return value is zero. To get extended error information, call GetLastError.
///
/// Windows Server 2003 and Windows XP: There are no error values defined for this function that can be retrieved by calling GetLastError.
///
///
// DWORD WINAPI QueueUserAPC( _In_ PAPCFUNC pfnAPC, _In_ HANDLE hThread, _In_ ULONG_PTR dwData); https://msdn.microsoft.com/en-us/library/windows/desktop/ms684954(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms684954")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool QueueUserAPC(PAPCFUNC pfnAPC, [In] HTHREAD hThread, UIntPtr dwData);
///
/// Decrements a thread's suspend count. When the suspend count is decremented to zero, the execution of the thread is resumed.
///
///
/// A handle to the thread to be restarted.
/// This handle must have the THREAD_SUSPEND_RESUME access right. For more information, see Thread Security and Access Rights.
///
///
/// If the function succeeds, the return value is the thread's previous suspend count.
/// If the function fails, the return value is (DWORD) -1. To get extended error information, call GetLastError.
///
// DWORD WINAPI ResumeThread( _In_ HANDLE hThread); https://msdn.microsoft.com/en-us/library/windows/desktop/ms685086(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms685086")]
public static extern uint ResumeThread([In] HTHREAD hThread);
///
/// Sets the priority class for the specified process. This value together with the priority value of each thread of the process
/// determines each thread's base priority level.
///
///
/// A handle to the process.
///
/// The handle must have the PROCESS_SET_INFORMATION access right. For more information, see Process Security and Access Rights.
///
///
///
/// The priority class for the process. This parameter can be one of the following values.
///
///
///
/// Priority
/// Meaning
///
/// -
/// ABOVE_NORMAL_PRIORITY_CLASS0x00008000
/// Process that has priority above NORMAL_PRIORITY_CLASS but below HIGH_PRIORITY_CLASS.
///
/// -
/// BELOW_NORMAL_PRIORITY_CLASS0x00004000
/// Process that has priority above IDLE_PRIORITY_CLASS but below NORMAL_PRIORITY_CLASS.
///
/// -
/// HIGH_PRIORITY_CLASS0x00000080
///
/// Process that performs time-critical tasks that must be executed immediately. The threads of the process preempt the threads of
/// normal or idle priority class processes. An example is the Task List, which must respond quickly when called by the user,
/// regardless of the load on the operating system. Use extreme care when using the high-priority class, because a high-priority
/// class application can use nearly all available CPU time.
///
///
/// -
/// IDLE_PRIORITY_CLASS0x00000040
///
/// Process whose threads run only when the system is idle. The threads of the process are preempted by the threads of any process
/// running in a higher priority class. An example is a screen saver. The idle-priority class is inherited by child processes.
///
///
/// -
/// NORMAL_PRIORITY_CLASS0x00000020
/// Process with no special scheduling needs.
///
/// -
/// PROCESS_MODE_BACKGROUND_BEGIN0x00100000
///
/// Begin background processing mode. The system lowers the resource scheduling priorities of the process (and its threads) so that
/// it can perform background work without significantly affecting activity in the foreground.This value can be specified only if
/// hProcess is a handle to the current process. The function fails if the process is already in background processing mode.Windows
/// Server 2003 and Windows XP: This value is not supported.
///
///
/// -
/// PROCESS_MODE_BACKGROUND_END0x00200000
///
/// End background processing mode. The system restores the resource scheduling priorities of the process (and its threads) as they
/// were before the process entered background processing mode.This value can be specified only if hProcess is a handle to the
/// current process. The function fails if the process is not in background processing mode.Windows Server 2003 and Windows XP: This
/// value is not supported.
///
///
/// -
/// REALTIME_PRIORITY_CLASS0x00000100
///
/// Process that has the highest possible priority. The threads of the process preempt the threads of all other processes, including
/// operating system processes performing important tasks. For example, a real-time process that executes for more than a very brief
/// interval can cause disk caches not to flush or cause the mouse to be unresponsive.
///
///
///
///
///
///
/// If the function succeeds, the return value is nonzero.
/// If the function fails, the return value is zero. To get extended error information, call GetLastError.
///
// BOOL WINAPI SetPriorityClass( _In_ HANDLE hProcess, _In_ DWORD dwPriorityClass); https://msdn.microsoft.com/en-us/library/windows/desktop/ms686219(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms686219")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool SetPriorityClass([In] HPROCESS hProcess, CREATE_PROCESS dwPriorityClass);
/// Sets the affinity update mode of the specified process.
/// A handle to the process. This handle must be returned by the GetCurrentProcess function.
///
/// The affinity update mode. This parameter can be one of the following values.
///
///
///
/// Value
/// Meaning
///
/// -
/// 0
/// Disables dynamic update of the process affinity by the system.
///
/// -
/// PROCESS_AFFINITY_ENABLE_AUTO_UPDATE0x00000001UL
/// Enables dynamic update of the process affinity by the system.
///
///
///
///
///
/// If the function succeeds, the return value is nonzero.
/// If the function fails, the return value is zero. To get extended error information, call GetLastError.
///
// BOOL WINAPI SetProcessAffinityUpdateMode( _In_ HANDLE ProcessHandle, _In_ DWORD dwFlags); https://msdn.microsoft.com/en-us/library/windows/desktop/bb309063(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "bb309063")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool SetProcessAffinityUpdateMode([In] HPROCESS ProcessHandle, PROCESS_AFFINITY_MODE dwFlags);
///
/// Sets the default CPU Sets assignment for threads in the specified process. Threads that are created, which don’t have CPU Sets
/// explicitly set using SetThreadSelectedCpuSets, will inherit the sets specified by SetProcessDefaultCpuSets automatically.
///
///
/// Specifies the process for which to set the default CPU Sets. This handle must have the PROCESS_SET_LIMITED_INFORMATION access
/// right. The value returned by GetCurrentProcess can also be specified here.
///
///
/// Specifies the list of CPU Set IDs to set as the process default CPU set. If this is NULL, the SetProcessDefaultCpuSets
/// clears out any assignment.
///
///
/// Specifies the number of IDs in the list passed in the CpuSetIds argument. If that value is NULL, this should be 0.
///
/// This function cannot fail when passed valid parameters.
// BOOL WINAPI SetProcessDefaultCpuSets( _In_ HANDLE Process, _In_opt_ ULONG CpuSetIds, _In_ ULONG CpuSetIdCound); https://msdn.microsoft.com/en-us/library/windows/desktop/mt186427(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("Processthreadapi.h", MSDNShortId = "mt186427")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool SetProcessDefaultCpuSets([In] HPROCESS Process, [In, MarshalAs(UnmanagedType.LPArray, SizeParamIndex = 2)] uint[] CpuSetIds, uint CpuSetIdCound);
/// Sets information for the specified process.
///
/// A handle to the process. This handle must have the PROCESS_SET_INFORMATION access right. For more information, see Process
/// Security and Access Rights.
///
///
/// The class of information to set. The only supported values are ProcessMemoryPriority and ProcessPowerThrottling.
///
///
/// Pointer to an object that contains the type of information specified by the ProcessInformationClass parameter.
///
/// If the ProcessInformationClass parameter is ProcessMemoryPriority, this parameter must point to a
/// MEMORY_PRIORITY_INFORMATION structure.
///
///
/// If the ProcessInformationClass parameter is ProcessPowerThrottling, this parameter must point to a
/// PROCESS_POWER_THROTTLING_STATE structure.
///
///
///
/// The size in bytes of the structure specified by the ProcessInformation parameter.
/// If the ProcessInformationClass parameter is ProcessMemoryPriority, this parameter must be .
/// If the ProcessInformationClass parameter is ProcessPowerThrottling, this parameter must be .
///
///
/// If the function succeeds, the return value is nonzero.
/// If the function fails, the return value is zero. To get extended error information, call GetLastError.
///
// BOOL WINAPI SetProcessInformation( _In_ HANDLE hProcess, _In_ PROCESS_INFORMATION_CLASS ProcessInformationClass,
// _In_reads_bytes_(ProcessInformationSize) ProcessInformation, _In_ DWORD ProcessInformationSize); https://msdn.microsoft.com/en-us/library/windows/desktop/hh448389(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "hh448389")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool SetProcessInformation([In] HPROCESS hProcess, PROCESS_INFORMATION_CLASS ProcessInformationClass, IntPtr ProcessInformation, uint ProcessInformationSize);
///
/// Sets a mitigation policy for the calling process. Mitigation policies enable a process to harden itself against various types of attacks.
///
///
/// The mitigation policy to apply. This parameter can be one of the following values.
///
///
///
/// Value
/// Meaning
///
/// -
/// ProcessDEPPolicy
///
/// The data execution prevention (DEP) policy of the process.The lpBuffer parameter points to a PROCESS_MITIGATION_DEP_POLICY
/// structure that specifies the DEP policy flags.
///
///
/// -
/// ProcessASLRPolicy
///
/// The Address Space Layout Randomization (ASLR) policy of the process.The lpBuffer parameter points to a
/// PROCESS_MITIGATION_ASLR_POLICY structure that specifies the ASLR policy flags.
///
///
/// -
/// ProcessDynamicCodePolicy
///
/// The dynamic code policy of the process. When turned on, the process cannot generate dynamic code or modify existing executable
/// code.The lpBuffer parameter points to a PROCESS_MITIGATION_DYNAMIC_CODE_POLICY structure that specifies the dynamic code policy flags.
///
///
/// -
/// ProcessStrictHandleCheckPolicy
///
/// The process will receive a fatal error if it manipulates a handle that is not valid.The lpBuffer parameter points to a
/// PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY structure that specifies the handle check policy flags.
///
///
/// -
/// ProcessSystemCallDisablePolicy
///
/// Disables the ability to use NTUser/GDI functions at the lowest layer.The lpBuffer parameter points to a
/// PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY structure that specifies the system call disable policy flags.
///
///
/// -
/// ProcessMitigationOptionsMask
///
/// Returns the mask of valid bits for all the mitigation options on the system. An application can set many mitigation options
/// without querying the operating system for mitigation options by combining bitwise with the mask to exclude all non-supported bits
/// at once.The lpBuffer parameter points to a ULONG64 bit vector for the mask, or to accommodate more than 64 bits, a two-element
/// array of ULONG64 bit vectors.
///
///
/// -
/// ProcessExtensionPointDisablePolicy
///
/// The lpBuffer parameter points to a PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY structure that specifies the extension point
/// disable policy flags.
///
///
/// -
/// ProcessControlFlowGuardPolicy
///
/// The Control Flow Guard (CFG) policy of the process.The lpBuffer parameter points to a
/// PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY structure that specifies the CFG policy flags.
///
///
/// -
/// ProcessSignaturePolicy
///
/// The policy of a process that can restrict image loading to those images that are either signed by Microsoft, by the Windows
/// Store, or by Microsoft, the Windows Store and the Windows Hardware Quality Labs (WHQL).he lpBuffer parameter points to a
/// PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY structure that specifies the signature policy flags.
///
///
/// -
/// ProcessFontDisablePolicy
///
/// The policy regarding font loading for the process. When turned on, the process cannot load non-system fonts.The lpBuffer
/// parameter points to a PROCESS_MITIGATION_FONT_DISABLE_POLICY structure that specifies the policy flags for font loading.
///
///
/// -
/// ProcessImageLoadPolicy
///
/// The policy regarding image loading for the process, which determines the types of executable images that are allowed to be mapped
/// into the process. When turned on, images cannot be loaded from some locations, such a remote devices or files that have the low
/// mandatory label.The lpBuffer parameter points to a PROCESS_MITIGATION_IMAGE_LOAD_POLICY structure that specifies the policy flags
/// for image loading.
///
///
///
///
///
///
///
/// If the MitigationPolicy parameter is ProcessDEPPolicy, this parameter points to a PROCESS_MITIGATION_DEP_POLICY
/// structure that specifies the DEP policy flags.
///
///
/// If the MitigationPolicy parameter is ProcessASLRPolicy, this parameter points to a PROCESS_MITIGATION_ASLR_POLICY
/// structure that specifies the ASLR policy flags.
///
///
/// If the MitigationPolicy parameter is ProcessImageLoadPolicy, this parameter points to a
/// PROCESS_MITIGATION_IMAGE_LOAD_POLICY structure that receives the policy flags for image loading.
///
///
/// If the MitigationPolicy parameter is ProcessStrictHandleCheckPolicy, this parameter points to a
/// PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY structure that specifies the handle check policy flags.
///
///
/// If the MitigationPolicy parameter is ProcessSystemCallDisablePolicy, this parameter points to a
/// PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY structure that specifies the system call disable policy flags.
///
///
/// If the MitigationPolicy parameter is ProcessMitigationOptionsMask, this parameter points to a ULONG64 bit vector
/// for the mask, or to accommodate more than 64 bits, a two-element array of ULONG64 bit vectors.
///
///
/// If the MitigationPolicy parameter is ProcessExtensionPointDisablePolicy, this parameter points to a
/// PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY structure that specifies the extension point disable policy flags.
///
///
/// If the MitigationPolicy parameter is ProcessControlFlowGuardPolicy, this parameter points to a
/// PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY structure that specifies the CFG policy flags.
///
///
/// If the MitigationPolicy parameter is ProcessSignaturePolicy, this parameter points to a
/// PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY structure that specifies the signature policy flags.
///
///
/// If the MitigationPolicy parameter is ProcessFontDisablePolicy, this parameter points to a
/// PROCESS_MITIGATION_FONT_DISABLE_POLICY structure that specifies the policy flags for font loading.
///
///
/// If the MitigationPolicy parameter is ProcessImageLoadPolicy, this parameter points to a
/// PROCESS_MITIGATION_IMAGE_LOAD_POLICY structure that specifies the policy flags for image loading.
///
///
/// The size of lpBuffer, in bytes.
///
/// If the function succeeds, it returns TRUE. If the function fails, it returns FALSE. To retrieve error values
/// defined for this function, call GetLastError.
///
// BOOL WINAPI SetProcessMitigationPolicy( _In_ PROCESS_MITIGATION_POLICY MitigationPolicy, _In_ PVOID lpBuffer, _In_ SIZE_T
// dwLength); https://msdn.microsoft.com/en-us/library/windows/desktop/hh769088(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("Processthreadsapi.h", MSDNShortId = "hh769088")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool SetProcessMitigationPolicy(PROCESS_MITIGATION_POLICY MitigationPolicy, IntPtr lpBuffer, SizeT dwLength);
///
/// Sets a mitigation policy for the calling process. Mitigation policies enable a process to harden itself against various types of attacks.
///
/// The type of the value being set.
///
/// The mitigation policy to apply. This parameter can be one of the following values.
///
///
///
/// Value
/// Meaning
///
/// -
/// ProcessDEPPolicy
///
/// The data execution prevention (DEP) policy of the process.The lpBuffer parameter points to a PROCESS_MITIGATION_DEP_POLICY
/// structure that specifies the DEP policy flags.
///
///
/// -
/// ProcessASLRPolicy
///
/// The Address Space Layout Randomization (ASLR) policy of the process.The lpBuffer parameter points to a
/// PROCESS_MITIGATION_ASLR_POLICY structure that specifies the ASLR policy flags.
///
///
/// -
/// ProcessDynamicCodePolicy
///
/// The dynamic code policy of the process. When turned on, the process cannot generate dynamic code or modify existing executable
/// code.The lpBuffer parameter points to a PROCESS_MITIGATION_DYNAMIC_CODE_POLICY structure that specifies the dynamic code policy flags.
///
///
/// -
/// ProcessStrictHandleCheckPolicy
///
/// The process will receive a fatal error if it manipulates a handle that is not valid.The lpBuffer parameter points to a
/// PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY structure that specifies the handle check policy flags.
///
///
/// -
/// ProcessSystemCallDisablePolicy
///
/// Disables the ability to use NTUser/GDI functions at the lowest layer.The lpBuffer parameter points to a
/// PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY structure that specifies the system call disable policy flags.
///
///
/// -
/// ProcessMitigationOptionsMask
///
/// Returns the mask of valid bits for all the mitigation options on the system. An application can set many mitigation options
/// without querying the operating system for mitigation options by combining bitwise with the mask to exclude all non-supported bits
/// at once.The lpBuffer parameter points to a ULONG64 bit vector for the mask, or to accommodate more than 64 bits, a two-element
/// array of ULONG64 bit vectors.
///
///
/// -
/// ProcessExtensionPointDisablePolicy
///
/// The lpBuffer parameter points to a PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY structure that specifies the extension point
/// disable policy flags.
///
///
/// -
/// ProcessControlFlowGuardPolicy
///
/// The Control Flow Guard (CFG) policy of the process.The lpBuffer parameter points to a
/// PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY structure that specifies the CFG policy flags.
///
///
/// -
/// ProcessSignaturePolicy
///
/// The policy of a process that can restrict image loading to those images that are either signed by Microsoft, by the Windows
/// Store, or by Microsoft, the Windows Store and the Windows Hardware Quality Labs (WHQL).he lpBuffer parameter points to a
/// PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY structure that specifies the signature policy flags.
///
///
/// -
/// ProcessFontDisablePolicy
///
/// The policy regarding font loading for the process. When turned on, the process cannot load non-system fonts.The lpBuffer
/// parameter points to a PROCESS_MITIGATION_FONT_DISABLE_POLICY structure that specifies the policy flags for font loading.
///
///
/// -
/// ProcessImageLoadPolicy
///
/// The policy regarding image loading for the process, which determines the types of executable images that are allowed to be mapped
/// into the process. When turned on, images cannot be loaded from some locations, such a remote devices or files that have the low
/// mandatory label.The lpBuffer parameter points to a PROCESS_MITIGATION_IMAGE_LOAD_POLICY structure that specifies the policy flags
/// for image loading.
///
///
///
///
///
/// The value. This must correspond to the value.
///
/// If the function succeeds, it returns TRUE. If the function fails, it returns FALSE. To retrieve error values
/// defined for this function, call GetLastError.
///
public static bool SetProcessMitigationPolicy(PROCESS_MITIGATION_POLICY MitigationPolicy, T value)
{
if (MitigationPolicy == PROCESS_MITIGATION_POLICY.ProcessMitigationOptionsMask)
{
if (!(value is ulong || value is ulong[])) throw new ArgumentException($"{MitigationPolicy} cannot be used to set values of type {typeof(T)}.");
using (var ptr = new PinnedObject(value))
return SetProcessMitigationPolicy(MitigationPolicy, ptr, value is ulong ? 8U : 16U);
}
if (!CorrespondingTypeAttribute.CanSet(MitigationPolicy, typeof(T))) throw new ArgumentException($"{MitigationPolicy} cannot be used to set values of type {typeof(T)}.");
using (var ptr = SafeCoTaskMemHandle.CreateFromStructure(value))
return SetProcessMitigationPolicy(MitigationPolicy, (IntPtr)ptr, (uint)ptr.Size);
}
///
/// Disables or enables the ability of the system to temporarily boost the priority of the threads of the specified process.
///
///
/// A handle to the process. This handle must have the PROCESS_SET_INFORMATION access right. For more information, see Process
/// Security and Access Rights.
///
///
/// If this parameter is TRUE, dynamic boosting is disabled. If the parameter is FALSE, dynamic boosting is enabled.
///
///
/// If the function succeeds, the return value is nonzero.
/// If the function fails, the return value is zero. To get extended error information, call GetLastError.
///
// BOOL WINAPI SetProcessPriorityBoost( _In_ HANDLE hProcess, _In_ BOOL DisablePriorityBoost); https://msdn.microsoft.com/en-us/library/windows/desktop/ms686225(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms686225")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool SetProcessPriorityBoost([In] HPROCESS hProcess, [MarshalAs(UnmanagedType.Bool)] bool DisablePriorityBoost);
///
/// Sets shutdown parameters for the currently calling process. This function sets a shutdown order for a process relative to the
/// other processes in the system.
///
///
///
/// The shutdown priority for a process relative to other processes in the system. The system shuts down processes from high dwLevel
/// values to low. The highest and lowest shutdown priorities are reserved for system components. This parameter must be in the
/// following range of values.
///
///
///
///
/// Value
/// Meaning
///
/// -
/// 000-0FF
/// System reserved last shutdown range.
///
/// -
/// 100-1FF
/// Application reserved last shutdown range.
///
/// -
/// 200-2FF
/// Application reserved "in between" shutdown range.
///
/// -
/// 300-3FF
/// Application reserved first shutdown range.
///
/// -
/// 400-4FF
/// System reserved first shutdown range.
///
///
///
/// All processes start at shutdown level 0x280.
///
///
/// This parameter can be the following value.
///
///
///
/// Value
/// Meaning
///
/// -
/// SHUTDOWN_NORETRY0x00000001
/// The system terminates the process without displaying a retry dialog box for the user.
///
///
///
///
///
/// If the function is succeeds, the return value is nonzero.
/// If the function fails, the return value is zero. To get extended error information, call GetLastError.
///
// BOOL WINAPI SetProcessShutdownParameters( _In_ DWORD dwLevel, _In_ DWORD dwFlags); https://msdn.microsoft.com/en-us/library/windows/desktop/ms686227(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms686227")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool SetProcessShutdownParameters(uint dwLevel, SHUTDOWN dwFlags);
/// Sets a protected policy. This function is for use primarily by Windows, and not designed for external use.
/// The globally-unique identifier of the policy to set.
/// The value to set the policy to.
/// Optionally receives the original value that was associated with the supplied policy.
/// True if the function succeeds; otherwise, false. To retrieve error values for this function, call GetLastError.
// BOOL WINAPI SetProtectedPolicy( _In_ LPCGUID PolicyGuid, _In_ ULONG_PTR PolicyValue, _Out_ PULONG_PTR OldPolicyValue); https://msdn.microsoft.com/en-us/library/windows/desktop/dn893592(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("Winbase.h", MSDNShortId = "dn893592")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool SetProtectedPolicy(in Guid PolicyGuid, UIntPtr PolicyValue, out UIntPtr OldPolicyValue);
///
/// Sets the context for the specified thread.
/// A 64-bit application can set the context of a WOW64 thread using the Wow64SetThreadContext function.
///
///
/// A handle to the thread whose context is to be set. The handle must have the THREAD_SET_CONTEXT access right to the thread.
/// For more information, see Thread Security and Access Rights.
///
///
/// A pointer to a CONTEXT structure that contains the context to be set in the specified thread. The value of the
/// ContextFlags member of this structure specifies which portions of a thread's context to set. Some values in the
/// CONTEXT structure that cannot be specified are silently set to the correct value. This includes bits in the CPU status
/// register that specify the privileged processor mode, global enabling bits in the debugging register, and other states that must
/// be controlled by the operating system.
///
///
/// If the context was set, the return value is nonzero.
/// If the function fails, the return value is zero. To get extended error information, call GetLastError.
///
// BOOL WINAPI SetThreadContext( _In_ HANDLE hThread, _In_ const CONTEXT *lpContext); https://msdn.microsoft.com/en-us/library/windows/desktop/ms680632(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms680632")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool SetThreadContext([In] HTHREAD hThread, [In] IntPtr lpContext);
/// Assigns a description to a thread.
///
/// A handle for the thread for which you want to set the description. The handle must have THREAD_SET_LIMITED_INFORMATION access.
///
/// A Unicode string that specifies the description of the thread.
///
/// If the function succeeds, the return value is the HRESULT that denotes a successful operation.If the function fails, the
/// return value is an HRESULT that denotes the error.
///
// HRESULT WINAPI SetThreadDescription( _In_ HANDLE hThread, _In_ PCWSTR lpThreadDescription); https://msdn.microsoft.com/en-us/library/windows/desktop/mt774976(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
[PInvokeData("ProcessThreadsApi.h", MSDNShortId = "mt774976")]
public static extern HRESULT SetThreadDescription(HTHREAD hThread, string lpThreadDescription);
///
/// Sets a preferred processor for a thread. The system schedules threads on their preferred processors whenever possible.
///
/// On a system with more than 64 processors, this function sets the preferred processor to a logical processor in the processor
/// group to which the calling thread is assigned. Use the SetThreadIdealProcessorEx function to specify a processor group and
/// preferred processor.
///
///
///
/// A handle to the thread whose preferred processor is to be set. The handle must have the THREAD_SET_INFORMATION access right. For
/// more information, see Thread Security and Access Rights.
///
///
/// The number of the preferred processor for the thread. This value is zero-based. If this parameter is MAXIMUM_PROCESSORS, the
/// function returns the current ideal processor without changing it.
///
///
/// If the function succeeds, the return value is the previous preferred processor.
/// If the function fails, the return value is (DWORD) – 1. To get extended error information, call GetLastError.
///
// DWORD WINAPI SetThreadIdealProcessor( _In_ HANDLE hThread, _In_ DWORD dwIdealProcessor); https://msdn.microsoft.com/en-us/library/windows/desktop/ms686253(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms686253")]
public static extern uint SetThreadIdealProcessor([In] HTHREAD hThread, uint dwIdealProcessor);
/// Sets the ideal processor for the specified thread and optionally retrieves the previous ideal processor.
///
/// A handle to the thread for which to set the ideal processor. This handle must have been created with the THREAD_SET_INFORMATION
/// access right. For more information, see Thread Security and Access Rights.
///
///
/// A pointer to a PROCESSOR_NUMBER structure that specifies the processor number of the desired ideal processor.
///
///
/// A pointer to a PROCESSOR_NUMBER structure to receive the previous ideal processor. This parameter can point to the same memory
/// location as the lpIdealProcessor parameter. This parameter can be NULL if the previous ideal processor is not required.
///
///
/// If the function succeeds, it returns a nonzero value. If the function fails, it returns zero.To get extended error information,
/// use GetLastError.
///
// https://msdn.microsoft.com/en-us/library/windows/desktop/dd405517(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "dd405517")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool SetThreadIdealProcessorEx([In] HTHREAD hThread, in PROCESSOR_NUMBER lpIdealProcessor, out PROCESSOR_NUMBER lpPreviousIdealProcessor);
/// Sets information for the specified thread.
///
/// A handle to the thread. The handle must have THREAD_QUERY_INFORMATION access right. For more information, see Thread Security and
/// Access Rights.
///
///
/// The class of information to set. The only supported values are ThreadMemoryPriority and ThreadPowerThrottling.
///
///
/// Pointer to a structure that contains the type of information specified by the ThreadInformationClass parameter.
///
/// If the ThreadInformationClass parameter is ThreadMemoryPriority, this parameter must point to a
/// MEMORY_PRIORITY_INFORMATION structure.
///
///
/// If the ThreadInformationClass parameter is ThreadPowerThrottling, this parameter must point to a
/// THREAD_POWER_THROTTLING_STATE structure.
///
///
///
/// The size in bytes of the structure specified by the ThreadInformation parameter.
/// If the ThreadInformationClass parameter is ThreadMemoryPriority, this parameter must be .
/// If the ThreadInformationClass parameter is ThreadPowerThrottling, this parameter must be .
///
///
/// If the function succeeds, the return value is nonzero.
/// If the function fails, the return value is zero. To get extended error information, call GetLastError.
///
// BOOL SetThreadInformation( _In_ HANDLE hThread, _In_ THREAD_INFORMATION_CLASS ThreadInformationClass, _In_reads_bytes_
// ThreadInformation, _In_ DWORD ThreadInformationSize); https://msdn.microsoft.com/en-us/library/windows/desktop/hh448390(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "hh448390")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool SetThreadInformation(HTHREAD hThread, THREAD_INFORMATION_CLASS ThreadInformationClass, IntPtr ThreadInformation, uint ThreadInformationSize);
///
/// Sets the priority value for the specified thread. This value, together with the priority class of the thread's process,
/// determines the thread's base priority level.
///
///
/// A handle to the thread whose priority value is to be set.
///
/// The handle must have the THREAD_SET_INFORMATION or THREAD_SET_LIMITED_INFORMATION access right. For more
/// information, see Thread Security and Access Rights.
///
/// Windows Server 2003: The handle must have the THREAD_SET_INFORMATION access right.
///
///
/// The priority value for the thread. This parameter can be one of the following values.
///
///
///
/// Priority
/// Meaning
///
/// -
/// THREAD_MODE_BACKGROUND_BEGIN0x00010000
///
/// Begin background processing mode. The system lowers the resource scheduling priorities of the thread so that it can perform
/// background work without significantly affecting activity in the foreground.This value can be specified only if hThread is a
/// handle to the current thread. The function fails if the thread is already in background processing mode.Windows Server 2003: This
/// value is not supported.
///
///
/// -
/// THREAD_MODE_BACKGROUND_END0x00020000
///
/// End background processing mode. The system restores the resource scheduling priorities of the thread as they were before the
/// thread entered background processing mode.This value can be specified only if hThread is a handle to the current thread. The
/// function fails if the thread is not in background processing mode.Windows Server 2003: This value is not supported.
///
///
/// -
/// THREAD_PRIORITY_ABOVE_NORMAL1
/// Priority 1 point above the priority class.
///
/// -
/// THREAD_PRIORITY_BELOW_NORMAL-1
/// Priority 1 point below the priority class.
///
/// -
/// THREAD_PRIORITY_HIGHEST2
/// Priority 2 points above the priority class.
///
/// -
/// THREAD_PRIORITY_IDLE-15
///
/// Base priority of 1 for IDLE_PRIORITY_CLASS, BELOW_NORMAL_PRIORITY_CLASS, NORMAL_PRIORITY_CLASS, ABOVE_NORMAL_PRIORITY_CLASS, or
/// HIGH_PRIORITY_CLASS processes, and a base priority of 16 for REALTIME_PRIORITY_CLASS processes.
///
///
/// -
/// THREAD_PRIORITY_LOWEST-2
/// Priority 2 points below the priority class.
///
/// -
/// THREAD_PRIORITY_NORMAL0
/// Normal priority for the priority class.
///
/// -
/// THREAD_PRIORITY_TIME_CRITICAL15
///
/// Base priority of 15 for IDLE_PRIORITY_CLASS, BELOW_NORMAL_PRIORITY_CLASS, NORMAL_PRIORITY_CLASS, ABOVE_NORMAL_PRIORITY_CLASS, or
/// HIGH_PRIORITY_CLASS processes, and a base priority of 31 for REALTIME_PRIORITY_CLASS processes.
///
///
///
///
///
/// If the thread has the REALTIME_PRIORITY_CLASS base class, this parameter can also be -7, -6, -5, -4, -3, 3, 4, 5, or 6.
/// For more information, see Scheduling Priorities.
///
///
///
/// If the function succeeds, the return value is nonzero.
/// If the function fails, the return value is zero. To get extended error information, call GetLastError.
///
/// Windows Phone 8.1: Windows Phone Store apps may call this function but it has no effect. The function will return a
/// nonzero value indicating success.
///
///
// BOOL WINAPI SetThreadPriority( _In_ HANDLE hThread, _In_ int nPriority); https://msdn.microsoft.com/en-us/library/windows/desktop/ms686277(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms686277")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool SetThreadPriority([In] HTHREAD hThread, int nPriority);
/// Disables or enables the ability of the system to temporarily boost the priority of a thread.
///
///
/// A handle to the thread whose priority is to be boosted. The handle must have the THREAD_SET_INFORMATION or
/// THREAD_SET_LIMITED_INFORMATION access right. For more information, see Thread Security and Access Rights.
///
/// Windows Server 2003 and Windows XP: The handle must have the THREAD_SET_INFORMATION access right.
///
///
/// If this parameter is TRUE, dynamic boosting is disabled. If the parameter is FALSE, dynamic boosting is enabled.
///
///
/// If the function succeeds, the return value is nonzero.
/// If the function fails, the return value is zero. To get extended error information, call GetLastError.
///
// BOOL WINAPI SetThreadPriorityBoost( _In_ HANDLE hThread, _In_ BOOL DisablePriorityBoost); https://msdn.microsoft.com/en-us/library/windows/desktop/ms686280(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms686280")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool SetThreadPriorityBoost([In] HTHREAD hThread, [MarshalAs(UnmanagedType.Bool)] bool DisablePriorityBoost);
///
/// Sets the selected CPU Sets assignment for the specified thread. This assignment overrides the process default assignment, if one
/// is set.
///
///
/// Specifies the thread on which to set the CPU Set assignment. This handle must have the THREAD_SET_LIMITED_INFORMATION access
/// right. The value returned by GetCurrentThread can also be used.
///
///
/// Specifies the list of CPU Set IDs to set as the thread selected CPU set. If this is NULL, the API clears out any assignment,
/// reverting to process default assignment if one is set.
///
///
/// Specifies the number of IDs in the list passed in the CpuSetIds argument. If that value is NULL, this should be 0.
///
/// This function cannot fail when passed valid parameters.
// BOOL WINAPI SetThreadSelectedCpuSets( _In_ HANDLE Thread, _In_ const ULONG *CpuSetIds, _In_ ULONG CpuSetIdCount); https://msdn.microsoft.com/en-us/library/windows/desktop/mt186428(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("Processthreadapi.h", MSDNShortId = "mt186428")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool SetThreadSelectedCpuSets([In] HTHREAD Thread, [MarshalAs(UnmanagedType.LPArray, SizeParamIndex = 2)] uint[] CpuSetIds, uint CpuSetIdCount);
///
/// Sets the minimum size of the stack associated with the calling thread or fiber that will be available during any stack overflow
/// exceptions. This is useful for handling stack overflow exceptions; the application can safely use the specified number of bytes
/// during exception handling.
///
///
/// The size of the stack, in bytes. On return, this value is set to the size of the previous stack, in bytes.
/// If this parameter is 0 (zero), the function succeeds and the parameter contains the size of the current stack.
///
/// If the specified size is less than the current size, the function succeeds but ignores this request. Therefore, you cannot use
/// this function to reduce the size of the stack.
///
/// This value cannot be larger than the reserved stack size.
///
///
/// If the function succeeds, the return value is nonzero.
/// If the function fails, the return value is 0 (zero). To get extended error information, call GetLastError.
///
// BOOL WINAPI SetThreadStackGuarantee( _Inout_ PULONG StackSizeInBytes); https://msdn.microsoft.com/en-us/library/windows/desktop/ms686283(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms686283")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool SetThreadStackGuarantee(ref uint StackSizeInBytes);
///
/// Suspends the specified thread.
/// A 64-bit application can suspend a WOW64 thread using the Wow64SuspendThread function.
///
///
/// A handle to the thread that is to be suspended.
///
/// The handle must have the THREAD_SUSPEND_RESUME access right. For more information, see Thread Security and Access Rights.
///
///
///
/// If the function succeeds, the return value is the thread's previous suspend count; otherwise, it is . To get extended error
/// information, use the GetLastError function.
///
// DWORD WINAPI SuspendThread( _In_ HANDLE hThread); https://msdn.microsoft.com/en-us/library/windows/desktop/ms686345(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms686345")]
public static extern uint SuspendThread(HTHREAD hThread);
///
/// Causes the calling thread to yield execution to another thread that is ready to run on the current processor. The operating
/// system selects the next thread to be executed.
///
///
///
/// If calling the SwitchToThread function causes the operating system to switch execution to another thread, the return value
/// is nonzero.
///
///
/// If there are no other threads ready to execute, the operating system does not switch execution to another thread, and the return
/// value is zero.
///
///
// BOOL WINAPI SwitchToThread(void); https://msdn.microsoft.com/en-us/library/windows/desktop/ms686352(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms686352")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool SwitchToThread();
/// Terminates the specified process and all of its threads.
///
/// A handle to the process to be terminated.
///
/// The handle must have the PROCESS_TERMINATE access right. For more information, see Process Security and Access Rights.
///
///
///
/// The exit code to be used by the process and threads terminated as a result of this call. Use the GetExitCodeProcess
/// function to retrieve a process's exit value. Use the GetExitCodeThread function to retrieve a thread's exit value.
///
///
/// If the function succeeds, the return value is nonzero.
/// If the function fails, the return value is zero. To get extended error information, call GetLastError.
///
// BOOL WINAPI TerminateProcess( _In_ HANDLE hProcess, _In_ UINT uExitCode); https://msdn.microsoft.com/en-us/library/windows/desktop/ms686714(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms686714")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool TerminateProcess([In] HPROCESS hProcess, uint uExitCode);
/// Terminates a thread.
///
/// A handle to the thread to be terminated.
/// The handle must have the THREAD_TERMINATE access right. For more information, see Thread Security and Access Rights.
///
///
/// The exit code for the thread. Use the GetExitCodeThread function to retrieve a thread's exit value.
///
///
/// If the function succeeds, the return value is nonzero.
/// If the function fails, the return value is zero. To get extended error information, call GetLastError.
///
// BOOL WINAPI TerminateThread( _Inout_ HANDLE hThread, _In_ DWORD dwExitCode); https://msdn.microsoft.com/en-us/library/windows/desktop/ms686717(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms686717")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool TerminateThread([In] HTHREAD hThread, uint dwExitCode);
///
/// Allocates a thread local storage (TLS) index. Any thread of the process can subsequently use this index to store and retrieve
/// values that are local to the thread, because each thread receives its own slot for the index.
///
///
/// If the function succeeds, the return value is a TLS index. The slots for the index are initialized to zero.
/// If the function fails, the return value is TLS_OUT_OF_INDEXES. To get extended error information, call GetLastError.
///
// DWORD WINAPI TlsAlloc(void); https://msdn.microsoft.com/en-us/library/windows/desktop/ms686801(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms686801")]
public static extern uint TlsAlloc();
/// Releases a thread local storage (TLS) index, making it available for reuse.
/// The TLS index that was allocated by the TlsAlloc function.
///
/// If the function succeeds, the return value is nonzero.
/// If the function fails, the return value is zero. To get extended error information, call GetLastError.
///
// BOOL WINAPI TlsFree( _In_ DWORD dwTlsIndex); https://msdn.microsoft.com/en-us/library/windows/desktop/ms686804(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms686804")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool TlsFree(uint dwTlsIndex);
///
/// Retrieves the value in the calling thread's thread local storage (TLS) slot for the specified TLS index. Each thread of a process
/// has its own slot for each TLS index.
///
/// The TLS index that was allocated by the TlsAlloc function.
///
///
/// If the function succeeds, the return value is the value stored in the calling thread's TLS slot associated with the specified
/// index. If dwTlsIndex is a valid index allocated by a successful call to TlsAlloc, this function always succeeds.
///
/// If the function fails, the return value is zero. To get extended error information, call GetLastError.
///
/// The data stored in a TLS slot can have a value of 0 because it still has its initial value or because the thread called the
/// TlsSetValue function with 0. Therefore, if the return value is 0, you must check whether GetLastError returns
/// ERROR_SUCCESS before determining that the function has failed. If GetLastError returns ERROR_SUCCESS, then
/// the function has succeeded and the data stored in the TLS slot is
/// 0. Otherwise, the function has failed.
///
///
/// Functions that return indications of failure call SetLastError when they fail. They generally do not call
/// SetLastError when they succeed. The TlsGetValue function is an exception to this general rule. The
/// TlsGetValue function calls SetLastError to clear a thread's last error when it succeeds. That allows checking for
/// the error-free retrieval of zero values.
///
///
// LPVOID WINAPI TlsGetValue( _In_ DWORD dwTlsIndex); https://msdn.microsoft.com/en-us/library/windows/desktop/ms686812(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms686812")]
public static extern IntPtr TlsGetValue(uint dwTlsIndex);
///
/// Stores a value in the calling thread's thread local storage (TLS) slot for the specified TLS index. Each thread of a process has
/// its own slot for each TLS index.
///
/// The TLS index that was allocated by the TlsAlloc function.
/// The value to be stored in the calling thread's TLS slot for the index.
///
/// If the function succeeds, the return value is nonzero.
/// If the function fails, the return value is zero. To get extended error information, call GetLastError.
///
// BOOL WINAPI TlsSetValue( _In_ DWORD dwTlsIndex, _In_opt_ LPVOID lpTlsValue); https://msdn.microsoft.com/en-us/library/windows/desktop/ms686818(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms686818")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool TlsSetValue(uint dwTlsIndex, [In] IntPtr lpTlsValue);
/// Updates the specified attribute in a list of attributes for process and thread creation.
/// A pointer to an attribute list created by the InitializeProcThreadAttributeList function.
/// This parameter is reserved and must be zero.
///
/// The attribute key to update in the attribute list. This parameter can be one of the following values.
///
///
///
/// Value
/// Meaning
///
/// -
/// PROC_THREAD_ATTRIBUTE_GROUP_AFFINITY
///
/// The lpValue parameter is a pointer to a GROUP_AFFINITY structure that specifies the processor group affinity for the new
/// thread.Windows Server 2008 and Windows Vista: This value is not supported until Windows 7 and Windows Server 2008 R2.
///
///
/// -
/// PROC_THREAD_ATTRIBUTE_HANDLE_LIST
///
/// The lpValue parameter is a pointer to a list of handles to be inherited by the child process.These handles must be created as
/// inheritable handles and must not include pseudo handles such as those returned by the GetCurrentProcess or GetCurrentThread function.
///
///
/// -
/// PROC_THREAD_ATTRIBUTE_IDEAL_PROCESSOR
///
/// The lpValue parameter is a pointer to a PROCESSOR_NUMBER structure that specifies the ideal processor for the new thread.Windows
/// Server 2008 and Windows Vista: This value is not supported until Windows 7 and Windows Server 2008 R2.
///
///
/// -
/// PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY
///
/// The lpValue parameter is a pointer to a DWORD or DWORD64 that specifies the exploit mitigation policy for the child process.
/// Starting in Windows 10, version 1703, this parameter can also be a pointer to a two-element DWORD64 array.The specified policy
/// overrides the policies set for the application and the system and cannot be changed after the child process starts running.
/// Windows Server 2008 and Windows Vista: This value is not supported until Windows 7 and Windows Server 2008 R2.The DWORD or
/// DWORD64 pointed to by lpValue can be one or more of the values listed in the remarks.
///
///
/// -
/// PROC_THREAD_ATTRIBUTE_PARENT_PROCESS
///
/// The lpValue parameter is a pointer to a handle to a process to use instead of the calling process as the parent for the process
/// being created. The process to use must have the PROCESS_CREATE_PROCESS access right.Attributes inherited from the specified
/// process include handles, the device map, processor affinity, priority, quotas, the process token, and job object. (Note that some
/// attributes such as the debug port will come from the creating process, not the process specified by this handle.)
///
///
/// -
/// PROC_THREAD_ATTRIBUTE_PREFERRED_NODE
///
/// The lpValue parameter is a pointer to the node number of the preferred NUMA node for the new process.Windows Server 2008 and
/// Windows Vista: This value is not supported until Windows 7 and Windows Server 2008 R2.
///
///
/// -
/// PROC_THREAD_ATTRIBUTE_UMS_THREAD
///
/// The lpValue parameter is a pointer to a UMS_CREATE_THREAD_ATTRIBUTES structure that specifies a user-mode scheduling (UMS) thread
/// context and a UMS completion list to associate with the thread. After the UMS thread is created, the system queues it to the
/// specified completion list. The UMS thread runs only when an application's UMS scheduler retrieves the UMS thread from the
/// completion list and selects it to run. For more information, see User-Mode Scheduling.Windows Server 2008 and Windows Vista: This
/// value is not supported until Windows 7 and Windows Server 2008 R2.
///
///
/// -
/// PROC_THREAD_ATTRIBUTE_SECURITY_CAPABILITIES
///
/// The lpValue parameter is a pointer to a SECURITY_CAPABILITIES structure that defines the security capabilities of an app
/// container. If this attribute is set the new process will be created as an AppContainer process.Windows 7, Windows Server 2008 R2,
/// Windows Server 2008 and Windows Vista: This value is not supported until Windows 8 and Windows Server 2012.
///
///
/// -
/// PROC_THREAD_ATTRIBUTE_PROTECTION_LEVEL
///
/// The lpValue parameter is a pointer to a DWORD value of PROTECTION_LEVEL_SAME. This specifies the protection level of the child
/// process to be the same as the protection level of its parent process.
///
///
/// -
/// PROC_THREAD_ATTRIBUTE_CHILD_PROCESS_POLICY
///
/// The lpValue parameter is a pointer to a DWORD or DWORD64 value that specifies the child process policy. THe policy specifies
/// whether to allow a child process to be created.For information on the possible values for the DWORD or DWORD64 to which lpValue
/// points, see Remarks.
///
///
/// -
/// PROC_THREAD_ATTRIBUTE_DESKTOP_APP_POLICY
///
/// This attribute is relevant only to win32 applications that have been converted to UWP packages by using the Desktop Bridge. The
/// lpValue parameter is a pointer to a DWORD value that specifies the desktop app policy. The policy specifies whether descendant
/// processes should continue to run in the desktop environment.For information about the possible values for the DWORD to which
/// lpValue points, see Remarks.
///
///
///
///
///
///
/// A pointer to the attribute value. This value should persist until the attribute is destroyed using the
/// DeleteProcThreadAttributeList function.
///
/// The size of the attribute value specified by the lpValue parameter.
/// This parameter is reserved and must be NULL.
/// This parameter is reserved and must be NULL.
///
/// If the function succeeds, the return value is nonzero.
/// If the function fails, the return value is zero. To get extended error information, call GetLastError.
///
// BOOL WINAPI UpdateProcThreadAttribute( _Inout_ LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList, _In_ DWORD dwFlags, _In_ DWORD_PTR
// Attribute, _In_ PVOID lpValue, _In_ SIZE_T cbSize, _Out_opt_ PVOID lpPreviousValue, _In_opt_ PSIZE_T lpReturnSize); https://msdn.microsoft.com/en-us/library/windows/desktop/ms686880(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("WinBase.h", MSDNShortId = "ms686880")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool UpdateProcThreadAttribute(IntPtr lpAttributeList, uint dwFlags, UIntPtr Attribute, IntPtr lpValue, SizeT cbSize, IntPtr lpPreviousValue = default, IntPtr lpReturnSize = default);
///
/// Creates a new process and its primary thread. The new process runs in the security context of the calling process.
///
/// If the calling process is impersonating another user, the new process uses the token for the calling process, not the
/// impersonation token. To run the new process in the security context of the user represented by the impersonation token, use the
/// CreateProcessAsUser or CreateProcessWithLogonW function.
///
///
///
///
/// The name of the module to be executed. This module can be a Windows-based application. It can be some other type of module (for
/// example, MS-DOS or OS/2) if the appropriate subsystem is available on the local computer.
///
///
/// The string can specify the full path and file name of the module to execute or it can specify a partial name. In the case of a
/// partial name, the function uses the current drive and current directory to complete the specification. The function will not use
/// the search path. This parameter must include the file name extension; no default extension is assumed.
///
///
/// The lpApplicationName parameter can be NULL. In that case, the module name must be the first white space–delimited token
/// in the lpCommandLine string. If you are using a long file name that contains a space, use quoted strings to indicate where the
/// file name ends and the arguments begin; otherwise, the file name is ambiguous. For example, consider the string "c:\program
/// files\sub dir\program name". This string can be interpreted in a number of ways. The system tries to interpret the possibilities
/// in the following order:
///
///
/// If the executable module is a 16-bit application, lpApplicationName should be NULL, and the string pointed to by
/// lpCommandLine should specify the executable module as well as its arguments.
///
///
/// To run a batch file, you must start the command interpreter; set lpApplicationName to cmd.exe and set lpCommandLine to the
/// following arguments: /c plus the name of the batch file.
///
///
///
///
/// The command line to be executed. The maximum length of this string is 32,768 characters, including the Unicode terminating null
/// character. If lpApplicationName is NULL, the module name portion of lpCommandLine is limited to MAX_PATH characters.
///
///
/// The Unicode version of this function, CreateProcessW, can modify the contents of this string. Therefore, this parameter
/// cannot be a pointer to read-only memory (such as a const variable or a literal string). If this parameter is a constant
/// string, the function may cause an access violation.
///
///
/// The lpCommandLine parameter can be NULL. In that case, the function uses the string pointed to by lpApplicationName as the
/// command line.
///
///
/// If both lpApplicationName and lpCommandLine are non- NULL, the null-terminated string pointed to by lpApplicationName
/// specifies the module to execute, and the null-terminated string pointed to by lpCommandLine specifies the command line. The new
/// process can use GetCommandLine to retrieve the entire command line. Console processes written in C can use the argc and
/// argv arguments to parse the command line. Because argv[0] is the module name, C programmers generally repeat the module name as
/// the first token in the command line.
///
///
/// If lpApplicationName is NULL, the first white space–delimited token of the command line specifies the module name. If you are
/// using a long file name that contains a space, use quoted strings to indicate where the file name ends and the arguments begin
/// (see the explanation for the lpApplicationName parameter). If the file name does not contain an extension, .exe is appended.
/// Therefore, if the file name extension is .com, this parameter must include the .com extension. If the file name ends in a period
/// (.) with no extension, or if the file name contains a path, .exe is not appended. If the file name does not contain a directory
/// path, the system searches for the executable file in the following sequence:
///
///
/// The system adds a terminating null character to the command-line string to separate the file name from the arguments. This
/// divides the original string into two strings for internal processing.
///
///
///
///
/// A pointer to a SECURITY_ATTRIBUTES structure that determines whether the returned handle to the new process object can be
/// inherited by child processes. If lpProcessAttributes is NULL, the handle cannot be inherited.
///
///
/// The lpSecurityDescriptor member of the structure specifies a security descriptor for the new process. If
/// lpProcessAttributes is NULL or lpSecurityDescriptor is NULL, the process gets a default security descriptor. The
/// ACLs in the default security descriptor for a process come from the primary token of the creator.
///
///
/// Windows XP: The ACLs in the default security descriptor for a process come from the primary or impersonation token of the
/// creator. This behavior changed with Windows XP with SP2 and Windows Server 2003.
///
///
///
///
/// A pointer to a SECURITY_ATTRIBUTES structure that determines whether the returned handle to the new thread object can be
/// inherited by child processes. If lpThreadAttributes is NULL, the handle cannot be inherited.
///
///
/// The lpSecurityDescriptor member of the structure specifies a security descriptor for the main thread. If
/// lpThreadAttributes is NULL or lpSecurityDescriptor is NULL, the thread gets a default security descriptor. The ACLs in the
/// default security descriptor for a thread come from the process token.
///
///
/// Windows XP: The ACLs in the default security descriptor for a thread come from the primary or impersonation token of the
/// creator. This behavior changed with Windows XP with SP2 and Windows Server 2003.
///
///
///
///
/// If this parameter is TRUE, each inheritable handle in the calling process is inherited by the new process. If the parameter is
/// FALSE, the handles are not inherited. Note that inherited handles have the same value and access rights as the original handles.
///
///
/// Terminal Services: You cannot inherit handles across sessions. Additionally, if this parameter is TRUE, you must create
/// the process in the same session as the caller.
///
///
/// Protected Process Light (PPL) processes: The generic handle inheritance is blocked when a PPL process creates a non-PPL
/// process since PROCESS_DUP_HANDLE is not allowed from a non-PPL process to a PPL process. See Process Security and Access Rights
///
///
///
///
/// The flags that control the priority class and the creation of the process. For a list of values, see Process Creation Flags.
///
///
/// This parameter also controls the new process's priority class, which is used to determine the scheduling priorities of the
/// process's threads. For a list of values, see GetPriorityClass. If none of the priority class flags is specified, the
/// priority class defaults to NORMAL_PRIORITY_CLASS unless the priority class of the creating process is
/// IDLE_PRIORITY_CLASS or BELOW_NORMAL_PRIORITY_CLASS. In this case, the child process receives the default priority
/// class of the calling process.
///
///
///
///
/// A pointer to the environment block for the new process. If this parameter is NULL, the new process uses the environment of
/// the calling process.
///
/// An environment block consists of a null-terminated block of null-terminated strings. Each string is in the following form:
/// name=value\0
/// Because the equal sign is used as a separator, it must not be used in the name of an environment variable.
///
/// An environment block can contain either Unicode or ANSI characters. If the environment block pointed to by lpEnvironment contains
/// Unicode characters, be sure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT. If this parameter is NULL and
/// the environment block of the parent process contains Unicode characters, you must also ensure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT.
///
///
/// The ANSI version of this function, CreateProcessA fails if the total size of the environment block for the process exceeds
/// 32,767 characters.
///
///
/// Note that an ANSI environment block is terminated by two zero bytes: one for the last string, one more to terminate the block. A
/// Unicode environment block is terminated by four zero bytes: two for the last string, two more to terminate the block.
///
///
///
/// The full path to the current directory for the process. The string can also specify a UNC path.
///
/// If this parameter is NULL, the new process will have the same current drive and directory as the calling process. (This
/// feature is provided primarily for shells that need to start an application and specify its initial drive and working directory.)
///
///
///
/// A pointer to a STARTUPINFO or STARTUPINFOEX structure.
///
/// To set extended attributes, use a STARTUPINFOEX structure and specify EXTENDED_STARTUPINFO_PRESENT in the dwCreationFlags parameter.
///
/// Handles in STARTUPINFO or STARTUPINFOEX must be closed with CloseHandle when they are no longer needed.
///
///
/// A pointer to a PROCESS_INFORMATION structure that receives identification information about the new process.
/// Handles in PROCESS_INFORMATION must be closed with CloseHandle when they are no longer needed.
///
///
/// If the function succeeds, the return value is nonzero.
/// If the function fails, the return value is zero. To get extended error information, call GetLastError.
///
/// Note that the function returns before the process has finished initialization. If a required DLL cannot be located or fails to
/// initialize, the process is terminated. To get the termination status of a process, call GetExitCodeProcess.
///
///
// BOOL WINAPI CreateProcess( _In_opt_ LPCTSTR lpApplicationName, _Inout_opt_ LPTSTR lpCommandLine, _In_opt_ LPSECURITY_ATTRIBUTES
// lpProcessAttributes, _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, _In_ BOOL bInheritHandles, _In_ DWORD dwCreationFlags,
// _In_opt_ LPVOID lpEnvironment, _In_opt_ LPCTSTR lpCurrentDirectory, _In_ LPSTARTUPINFO lpStartupInfo, _Out_ LPPROCESS_INFORMATION
// lpProcessInformation); https://msdn.microsoft.com/en-us/library/windows/desktop/ms682425(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, CharSet = CharSet.Auto)]
[PInvokeData("WinBase.h", MSDNShortId = "ms682425")]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool CreateProcess(string lpApplicationName, StringBuilder lpCommandLine, [In] SECURITY_ATTRIBUTES lpProcessAttributes,
[In] SECURITY_ATTRIBUTES lpThreadAttributes, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandles, CREATE_PROCESS dwCreationFlags, [In] IntPtr lpEnvironment,
string lpCurrentDirectory, in STARTUPINFO lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation);
///
/// Creates a new process and its primary thread. The new process runs in the security context of the calling process.
///
/// If the calling process is impersonating another user, the new process uses the token for the calling process, not the
/// impersonation token. To run the new process in the security context of the user represented by the impersonation token, use the
/// CreateProcessAsUser or CreateProcessWithLogonW function.
///
///
///
///
/// The name of the module to be executed. This module can be a Windows-based application. It can be some other type of module (for
/// example, MS-DOS or OS/2) if the appropriate subsystem is available on the local computer.
///
///
/// The string can specify the full path and file name of the module to execute or it can specify a partial name. In the case of a
/// partial name, the function uses the current drive and current directory to complete the specification. The function will not use
/// the search path. This parameter must include the file name extension; no default extension is assumed.
///
///
/// The lpApplicationName parameter can be NULL. In that case, the module name must be the first white space–delimited token
/// in the lpCommandLine string. If you are using a long file name that contains a space, use quoted strings to indicate where the
/// file name ends and the arguments begin; otherwise, the file name is ambiguous. For example, consider the string "c:\program
/// files\sub dir\program name". This string can be interpreted in a number of ways. The system tries to interpret the possibilities
/// in the following order:
///
///
/// If the executable module is a 16-bit application, lpApplicationName should be NULL, and the string pointed to by
/// lpCommandLine should specify the executable module as well as its arguments.
///
///
/// To run a batch file, you must start the command interpreter; set lpApplicationName to cmd.exe and set lpCommandLine to the
/// following arguments: /c plus the name of the batch file.
///
///
///
///
/// The command line to be executed. The maximum length of this string is 32,768 characters, including the Unicode terminating null
/// character. If lpApplicationName is NULL, the module name portion of lpCommandLine is limited to MAX_PATH characters.
///
///
/// The Unicode version of this function, CreateProcessW, can modify the contents of this string. Therefore, this parameter
/// cannot be a pointer to read-only memory (such as a const variable or a literal string). If this parameter is a constant
/// string, the function may cause an access violation.
///
///
/// The lpCommandLine parameter can be NULL. In that case, the function uses the string pointed to by lpApplicationName as the
/// command line.
///
///
/// If both lpApplicationName and lpCommandLine are non- NULL, the null-terminated string pointed to by lpApplicationName
/// specifies the module to execute, and the null-terminated string pointed to by lpCommandLine specifies the command line. The new
/// process can use GetCommandLine to retrieve the entire command line. Console processes written in C can use the argc and
/// argv arguments to parse the command line. Because argv[0] is the module name, C programmers generally repeat the module name as
/// the first token in the command line.
///
///
/// If lpApplicationName is NULL, the first white space–delimited token of the command line specifies the module name. If you are
/// using a long file name that contains a space, use quoted strings to indicate where the file name ends and the arguments begin
/// (see the explanation for the lpApplicationName parameter). If the file name does not contain an extension, .exe is appended.
/// Therefore, if the file name extension is .com, this parameter must include the .com extension. If the file name ends in a period
/// (.) with no extension, or if the file name contains a path, .exe is not appended. If the file name does not contain a directory
/// path, the system searches for the executable file in the following sequence:
///
///
/// The system adds a terminating null character to the command-line string to separate the file name from the arguments. This
/// divides the original string into two strings for internal processing.
///
///
///
///
/// A pointer to a SECURITY_ATTRIBUTES structure that determines whether the returned handle to the new process object can be
/// inherited by child processes. If lpProcessAttributes is NULL, the handle cannot be inherited.
///
///
/// The lpSecurityDescriptor member of the structure specifies a security descriptor for the new process. If
/// lpProcessAttributes is NULL or lpSecurityDescriptor is NULL, the process gets a default security descriptor. The
/// ACLs in the default security descriptor for a process come from the primary token of the creator.
///
///
/// Windows XP: The ACLs in the default security descriptor for a process come from the primary or impersonation token of the
/// creator. This behavior changed with Windows XP with SP2 and Windows Server 2003.
///
///
///
///
/// A pointer to a SECURITY_ATTRIBUTES structure that determines whether the returned handle to the new thread object can be
/// inherited by child processes. If lpThreadAttributes is NULL, the handle cannot be inherited.
///
///
/// The lpSecurityDescriptor member of the structure specifies a security descriptor for the main thread. If
/// lpThreadAttributes is NULL or lpSecurityDescriptor is NULL, the thread gets a default security descriptor. The ACLs in the
/// default security descriptor for a thread come from the process token.
///
///
/// Windows XP: The ACLs in the default security descriptor for a thread come from the primary or impersonation token of the
/// creator. This behavior changed with Windows XP with SP2 and Windows Server 2003.
///
///
///
///
/// If this parameter is TRUE, each inheritable handle in the calling process is inherited by the new process. If the parameter is
/// FALSE, the handles are not inherited. Note that inherited handles have the same value and access rights as the original handles.
///
///
/// Terminal Services: You cannot inherit handles across sessions. Additionally, if this parameter is TRUE, you must create
/// the process in the same session as the caller.
///
///
/// Protected Process Light (PPL) processes: The generic handle inheritance is blocked when a PPL process creates a non-PPL
/// process since PROCESS_DUP_HANDLE is not allowed from a non-PPL process to a PPL process. See Process Security and Access Rights
///
///
///
///
/// The flags that control the priority class and the creation of the process. For a list of values, see Process Creation Flags.
///
///
/// This parameter also controls the new process's priority class, which is used to determine the scheduling priorities of the
/// process's threads. For a list of values, see GetPriorityClass. If none of the priority class flags is specified, the
/// priority class defaults to NORMAL_PRIORITY_CLASS unless the priority class of the creating process is
/// IDLE_PRIORITY_CLASS or BELOW_NORMAL_PRIORITY_CLASS. In this case, the child process receives the default priority
/// class of the calling process.
///
///
///
///
/// A pointer to the environment block for the new process. If this parameter is NULL, the new process uses the environment of
/// the calling process.
///
/// An environment block consists of a null-terminated block of null-terminated strings. Each string is in the following form:
/// name=value\0
/// Because the equal sign is used as a separator, it must not be used in the name of an environment variable.
///
/// An environment block can contain either Unicode or ANSI characters. If the environment block pointed to by lpEnvironment contains
/// Unicode characters, be sure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT. If this parameter is NULL and
/// the environment block of the parent process contains Unicode characters, you must also ensure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT.
///
///
/// The ANSI version of this function, CreateProcessA fails if the total size of the environment block for the process exceeds
/// 32,767 characters.
///
///
/// Note that an ANSI environment block is terminated by two zero bytes: one for the last string, one more to terminate the block. A
/// Unicode environment block is terminated by four zero bytes: two for the last string, two more to terminate the block.
///
///
///
/// The full path to the current directory for the process. The string can also specify a UNC path.
///
/// If this parameter is NULL, the new process will have the same current drive and directory as the calling process. (This
/// feature is provided primarily for shells that need to start an application and specify its initial drive and working directory.)
///
///
///
/// A pointer to a STARTUPINFO or STARTUPINFOEX structure.
///
/// To set extended attributes, use a STARTUPINFOEX structure and specify EXTENDED_STARTUPINFO_PRESENT in the dwCreationFlags parameter.
///
/// Handles in STARTUPINFO or STARTUPINFOEX must be closed with CloseHandle when they are no longer needed.
///
///
/// A pointer to a PROCESS_INFORMATION structure that receives identification information about the new process.
/// Handles in PROCESS_INFORMATION must be closed with CloseHandle when they are no longer needed.
///
///
/// If the function succeeds, the return value is nonzero.
/// If the function fails, the return value is zero. To get extended error information, call GetLastError.
///
/// Note that the function returns before the process has finished initialization. If a required DLL cannot be located or fails to
/// initialize, the process is terminated. To get the termination status of a process, call GetExitCodeProcess.
///
///
// BOOL WINAPI CreateProcess( _In_opt_ LPCTSTR lpApplicationName, _Inout_opt_ LPTSTR lpCommandLine, _In_opt_ LPSECURITY_ATTRIBUTES
// lpProcessAttributes, _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, _In_ BOOL bInheritHandles, _In_ DWORD dwCreationFlags,
// _In_opt_ LPVOID lpEnvironment, _In_opt_ LPCTSTR lpCurrentDirectory, _In_ LPSTARTUPINFO lpStartupInfo, _Out_ LPPROCESS_INFORMATION
// lpProcessInformation); https://msdn.microsoft.com/en-us/library/windows/desktop/ms682425(v=vs.85).aspx
[DllImport(Lib.Kernel32, SetLastError = true, CharSet = CharSet.Auto)]
[PInvokeData("WinBase.h", MSDNShortId = "ms682425")]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool CreateProcess(string lpApplicationName, StringBuilder lpCommandLine, [In] SECURITY_ATTRIBUTES lpProcessAttributes,
[In] SECURITY_ATTRIBUTES lpThreadAttributes, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandles, CREATE_PROCESS dwCreationFlags, [In] IntPtr lpEnvironment,
string lpCurrentDirectory, in STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation);
///
///
/// Creates a new process and its primary thread. The new process runs in the security context of the user represented by the
/// specified token.
///
///
/// Typically, the process that calls the CreateProcessAsUser function must have the SE_INCREASE_QUOTA_NAME privilege
/// and may require the SE_ASSIGNPRIMARYTOKEN_NAME privilege if the token is not assignable. If this function fails with
/// ERROR_PRIVILEGE_NOT_HELD (1314), use the CreateProcessWithLogonW function instead. CreateProcessWithLogonW
/// requires no special privileges, but the specified user account must be allowed to log on interactively. Generally, it is best to
/// use CreateProcessWithLogonW to create a process with alternate credentials.
///
///
///
///
/// A handle to the primary token that represents a user. The handle must have the TOKEN_QUERY, TOKEN_DUPLICATE, and
/// TOKEN_ASSIGN_PRIMARY access rights. For more information, see Access Rights for Access-Token Objects. The user
/// represented by the token must have read and execute access to the application specified by the lpApplicationName or the
/// lpCommandLine parameter.
///
///
/// To get a primary token that represents the specified user, call the LogonUser function. Alternatively, you can call the
/// DuplicateTokenEx function to convert an impersonation token into a primary token. This allows a server application that is
/// impersonating a client to create a process that has the security context of the client.
///
///
/// If hToken is a restricted version of the caller's primary token, the SE_ASSIGNPRIMARYTOKEN_NAME privilege is not required.
/// If the necessary privileges are not already enabled, CreateProcessAsUser enables them for the duration of the call. For
/// more information, see Running with Special Privileges.
///
///
/// Terminal Services: The process is run in the session specified in the token. By default, this is the same session that
/// called LogonUser. To change the session, use the SetTokenInformation function.
///
///
///
///
/// The name of the module to be executed. This module can be a Windows-based application. It can be some other type of module (for
/// example, MS-DOS or OS/2) if the appropriate subsystem is available on the local computer.
///
///
/// The string can specify the full path and file name of the module to execute or it can specify a partial name. In the case of a
/// partial name, the function uses the current drive and current directory to complete the specification. The function will not use
/// the search path. This parameter must include the file name extension; no default extension is assumed.
///
///
/// The lpApplicationName parameter can be NULL. In that case, the module name must be the first white space–delimited token
/// in the lpCommandLine string. If you are using a long file name that contains a space, use quoted strings to indicate where the
/// file name ends and the arguments begin; otherwise, the file name is ambiguous. For example, consider the string "c:\program
/// files\sub dir\program name". This string can be interpreted in a number of ways. The system tries to interpret the possibilities
/// in the following order:
///
///
/// If the executable module is a 16-bit application, lpApplicationName should be NULL, and the string pointed to by
/// lpCommandLine should specify the executable module as well as its arguments. By default, all 16-bit Windows-based applications
/// created by CreateProcessAsUser are run in a separate VDM (equivalent to CREATE_SEPARATE_WOW_VDM in CreateProcess).
///
///
///
///
/// The command line to be executed. The maximum length of this string is 32K characters. If lpApplicationName is NULL, the
/// module name portion of lpCommandLine is limited to MAX_PATH characters.
///
///
/// The Unicode version of this function, CreateProcessAsUserW, can modify the contents of this string. Therefore, this
/// parameter cannot be a pointer to read-only memory (such as a const variable or a literal string). If this parameter is a
/// constant string, the function may cause an access violation.
///
///
/// The lpCommandLine parameter can be NULL. In that case, the function uses the string pointed to by lpApplicationName as the
/// command line.
///
///
/// If both lpApplicationName and lpCommandLine are non- NULL, *lpApplicationName specifies the module to execute, and
/// *lpCommandLine specifies the command line. The new process can use GetCommandLine to retrieve the entire command line.
/// Console processes written in C can use the argc and argv arguments to parse the command line. Because argv[0] is the module name,
/// C programmers generally repeat the module name as the first token in the command line.
///
///
/// If lpApplicationName is NULL, the first white space–delimited token of the command line specifies the module name. If you
/// are using a long file name that contains a space, use quoted strings to indicate where the file name ends and the arguments begin
/// (see the explanation for the lpApplicationName parameter). If the file name does not contain an extension, .exe is appended.
/// Therefore, if the file name extension is .com, this parameter must include the .com extension. If the file name ends in a period
/// (.) with no extension, or if the file name contains a path, .exe is not appended. If the file name does not contain a directory
/// path, the system searches for the executable file in the following sequence:
///
///
/// The system adds a null character to the command line string to separate the file name from the arguments. This divides the
/// original string into two strings for internal processing.
///
///
///
/// A pointer to a SECURITY_ATTRIBUTES structure that specifies a security descriptor for the new process object and
/// determines whether child processes can inherit the returned handle to the process. If lpProcessAttributes is NULL or
/// lpSecurityDescriptor is NULL, the process gets a default security descriptor and the handle cannot be inherited.
/// The default security descriptor is that of the user referenced in the hToken parameter. This security descriptor may not allow
/// access for the caller, in which case the process may not be opened again after it is run. The process handle is valid and will
/// continue to have full access rights.
///
///
/// A pointer to a SECURITY_ATTRIBUTES structure that specifies a security descriptor for the new thread object and determines
/// whether child processes can inherit the returned handle to the thread. If lpThreadAttributes is NULL or
/// lpSecurityDescriptor is NULL, the thread gets a default security descriptor and the handle cannot be inherited. The
/// default security descriptor is that of the user referenced in the hToken parameter. This security descriptor may not allow access
/// for the caller.
///
///
///
/// If this parameter is TRUE, each inheritable handle in the calling process is inherited by the new process. If the
/// parameter is FALSE, the handles are not inherited. Note that inherited handles have the same value and access rights as
/// the original handles.
///
///
/// Terminal Services: You cannot inherit handles across sessions. Additionally, if this parameter is TRUE, you must
/// create the process in the same session as the caller.
///
///
/// Protected Process Light (PPL) processes: The generic handle inheritance is blocked when a PPL process creates a non-PPL
/// process since PROCESS_DUP_HANDLE is not allowed from a non-PPL process to a PPL process. See Process Security and Access Rights
///
///
///
///
/// The flags that control the priority class and the creation of the process. For a list of values, see Process Creation Flags.
///
///
/// This parameter also controls the new process's priority class, which is used to determine the scheduling priorities of the
/// process's threads. For a list of values, see GetPriorityClass. If none of the priority class flags is specified, the
/// priority class defaults to NORMAL_PRIORITY_CLASS unless the priority class of the creating process is
/// IDLE_PRIORITY_CLASS or BELOW_NORMAL_PRIORITY_CLASS. In this case, the child process receives the default priority
/// class of the calling process.
///
///
///
///
/// A pointer to an environment block for the new process. If this parameter is NULL, the new process uses the environment of
/// the calling process.
///
/// An environment block consists of a null-terminated block of null-terminated strings. Each string is in the following form:
/// name=value\0
/// Because the equal sign is used as a separator, it must not be used in the name of an environment variable.
///
/// An environment block can contain either Unicode or ANSI characters. If the environment block pointed to by lpEnvironment contains
/// Unicode characters, be sure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT. If this parameter is NULL and
/// the environment block of the parent process contains Unicode characters, you must also ensure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT.
///
///
/// The ANSI version of this function, CreateProcessAsUserA fails if the total size of the environment block for the process
/// exceeds 32,767 characters.
///
///
/// Note that an ANSI environment block is terminated by two zero bytes: one for the last string, one more to terminate the block. A
/// Unicode environment block is terminated by four zero bytes: two for the last string, two more to terminate the block.
///
///
/// Windows Server 2003 and Windows XP: If the size of the combined user and system environment variable exceeds 8192 bytes,
/// the process created by CreateProcessAsUser no longer runs with the environment block passed to the function by the parent
/// process. Instead, the child process runs with the environment block returned by the CreateEnvironmentBlock function.
///
/// To retrieve a copy of the environment block for a given user, use the CreateEnvironmentBlock function.
///
///
/// The full path to the current directory for the process. The string can also specify a UNC path.
///
/// If this parameter is NULL, the new process will have the same current drive and directory as the calling process. (This feature
/// is provided primarily for shells that need to start an application and specify its initial drive and working directory.)
///
///
///
/// A pointer to a STARTUPINFO or STARTUPINFOEX structure.
///
/// The user must have full access to both the specified window station and desktop. If you want the process to be interactive,
/// specify winsta0\default. If the lpDesktop member is NULL, the new process inherits the desktop and window station of its
/// parent process. If this member is an empty string, "", the new process connects to a window station using the rules described in
/// Process Connection to a Window Station.
///
///
/// To set extended attributes, use a STARTUPINFOEX structure and specify EXTENDED_STARTUPINFO_PRESENT in the
/// dwCreationFlags parameter.
///
/// Handles in STARTUPINFO or STARTUPINFOEX must be closed with CloseHandle when they are no longer needed.
///
///
/// A pointer to a PROCESS_INFORMATION structure that receives identification information about the new process.
/// Handles in PROCESS_INFORMATION must be closed with CloseHandle when they are no longer needed.
///
///
/// If the function succeeds, the return value is nonzero.
/// If the function fails, the return value is zero. To get extended error information, call GetLastError.
///
/// Note that the function returns before the process has finished initialization. If a required DLL cannot be located or fails to
/// initialize, the process is terminated. To get the termination status of a process, call GetExitCodeProcess.
///
///
// BOOL WINAPI CreateProcessAsUser( _In_opt_ HANDLE hToken, _In_opt_ LPCTSTR lpApplicationName, _Inout_opt_ LPTSTR lpCommandLine,
// _In_opt_ LPSECURITY_ATTRIBUTES lpProcessAttributes, _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, _In_ BOOL bInheritHandles,
// _In_ DWORD dwCreationFlags, _In_opt_ LPVOID lpEnvironment, _In_opt_ LPCTSTR lpCurrentDirectory, _In_ LPSTARTUPINFO lpStartupInfo,
// _Out_ LPPROCESS_INFORMATION lpProcessInformation); https://msdn.microsoft.com/en-us/library/windows/desktop/ms682429(v=vs.85).aspx
[DllImport(Lib.AdvApi32, SetLastError = true, CharSet = CharSet.Auto)]
[PInvokeData("WinBase.h", MSDNShortId = "ms682429")]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool CreateProcessAsUser(HTOKEN hToken, string lpApplicationName, StringBuilder lpCommandLine,
SECURITY_ATTRIBUTES lpProcessAttributes, SECURITY_ATTRIBUTES lpThreadAttributes, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandles,
CREATE_PROCESS dwCreationFlags, IntPtr lpEnvironment, string lpCurrentDirectory, in STARTUPINFO lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation);
///
///
/// Creates a new process and its primary thread. The new process runs in the security context of the user represented by the
/// specified token.
///
///
/// Typically, the process that calls the CreateProcessAsUser function must have the SE_INCREASE_QUOTA_NAME privilege
/// and may require the SE_ASSIGNPRIMARYTOKEN_NAME privilege if the token is not assignable. If this function fails with
/// ERROR_PRIVILEGE_NOT_HELD (1314), use the CreateProcessWithLogonW function instead. CreateProcessWithLogonW
/// requires no special privileges, but the specified user account must be allowed to log on interactively. Generally, it is best to
/// use CreateProcessWithLogonW to create a process with alternate credentials.
///
///
///
///
/// A handle to the primary token that represents a user. The handle must have the TOKEN_QUERY, TOKEN_DUPLICATE, and
/// TOKEN_ASSIGN_PRIMARY access rights. For more information, see Access Rights for Access-Token Objects. The user
/// represented by the token must have read and execute access to the application specified by the lpApplicationName or the
/// lpCommandLine parameter.
///
///
/// To get a primary token that represents the specified user, call the LogonUser function. Alternatively, you can call the
/// DuplicateTokenEx function to convert an impersonation token into a primary token. This allows a server application that is
/// impersonating a client to create a process that has the security context of the client.
///
///
/// If hToken is a restricted version of the caller's primary token, the SE_ASSIGNPRIMARYTOKEN_NAME privilege is not required.
/// If the necessary privileges are not already enabled, CreateProcessAsUser enables them for the duration of the call. For
/// more information, see Running with Special Privileges.
///
///
/// Terminal Services: The process is run in the session specified in the token. By default, this is the same session that
/// called LogonUser. To change the session, use the SetTokenInformation function.
///
///
///
///
/// The name of the module to be executed. This module can be a Windows-based application. It can be some other type of module (for
/// example, MS-DOS or OS/2) if the appropriate subsystem is available on the local computer.
///
///
/// The string can specify the full path and file name of the module to execute or it can specify a partial name. In the case of a
/// partial name, the function uses the current drive and current directory to complete the specification. The function will not use
/// the search path. This parameter must include the file name extension; no default extension is assumed.
///
///
/// The lpApplicationName parameter can be NULL. In that case, the module name must be the first white space–delimited token
/// in the lpCommandLine string. If you are using a long file name that contains a space, use quoted strings to indicate where the
/// file name ends and the arguments begin; otherwise, the file name is ambiguous. For example, consider the string "c:\program
/// files\sub dir\program name". This string can be interpreted in a number of ways. The system tries to interpret the possibilities
/// in the following order:
///
///
/// If the executable module is a 16-bit application, lpApplicationName should be NULL, and the string pointed to by
/// lpCommandLine should specify the executable module as well as its arguments. By default, all 16-bit Windows-based applications
/// created by CreateProcessAsUser are run in a separate VDM (equivalent to CREATE_SEPARATE_WOW_VDM in CreateProcess).
///
///
///
///
/// The command line to be executed. The maximum length of this string is 32K characters. If lpApplicationName is NULL, the
/// module name portion of lpCommandLine is limited to MAX_PATH characters.
///
///
/// The Unicode version of this function, CreateProcessAsUserW, can modify the contents of this string. Therefore, this
/// parameter cannot be a pointer to read-only memory (such as a const variable or a literal string). If this parameter is a
/// constant string, the function may cause an access violation.
///
///
/// The lpCommandLine parameter can be NULL. In that case, the function uses the string pointed to by lpApplicationName as the
/// command line.
///
///
/// If both lpApplicationName and lpCommandLine are non- NULL, *lpApplicationName specifies the module to execute, and
/// *lpCommandLine specifies the command line. The new process can use GetCommandLine to retrieve the entire command line.
/// Console processes written in C can use the argc and argv arguments to parse the command line. Because argv[0] is the module name,
/// C programmers generally repeat the module name as the first token in the command line.
///
///
/// If lpApplicationName is NULL, the first white space–delimited token of the command line specifies the module name. If you
/// are using a long file name that contains a space, use quoted strings to indicate where the file name ends and the arguments begin
/// (see the explanation for the lpApplicationName parameter). If the file name does not contain an extension, .exe is appended.
/// Therefore, if the file name extension is .com, this parameter must include the .com extension. If the file name ends in a period
/// (.) with no extension, or if the file name contains a path, .exe is not appended. If the file name does not contain a directory
/// path, the system searches for the executable file in the following sequence:
///
///
/// The system adds a null character to the command line string to separate the file name from the arguments. This divides the
/// original string into two strings for internal processing.
///
///
///
/// A pointer to a SECURITY_ATTRIBUTES structure that specifies a security descriptor for the new process object and
/// determines whether child processes can inherit the returned handle to the process. If lpProcessAttributes is NULL or
/// lpSecurityDescriptor is NULL, the process gets a default security descriptor and the handle cannot be inherited.
/// The default security descriptor is that of the user referenced in the hToken parameter. This security descriptor may not allow
/// access for the caller, in which case the process may not be opened again after it is run. The process handle is valid and will
/// continue to have full access rights.
///
///
/// A pointer to a SECURITY_ATTRIBUTES structure that specifies a security descriptor for the new thread object and determines
/// whether child processes can inherit the returned handle to the thread. If lpThreadAttributes is NULL or
/// lpSecurityDescriptor is NULL, the thread gets a default security descriptor and the handle cannot be inherited. The
/// default security descriptor is that of the user referenced in the hToken parameter. This security descriptor may not allow access
/// for the caller.
///
///
///
/// If this parameter is TRUE, each inheritable handle in the calling process is inherited by the new process. If the
/// parameter is FALSE, the handles are not inherited. Note that inherited handles have the same value and access rights as
/// the original handles.
///
///
/// Terminal Services: You cannot inherit handles across sessions. Additionally, if this parameter is TRUE, you must
/// create the process in the same session as the caller.
///
///
/// Protected Process Light (PPL) processes: The generic handle inheritance is blocked when a PPL process creates a non-PPL
/// process since PROCESS_DUP_HANDLE is not allowed from a non-PPL process to a PPL process. See Process Security and Access Rights
///
///
///
///
/// The flags that control the priority class and the creation of the process. For a list of values, see Process Creation Flags.
///
///
/// This parameter also controls the new process's priority class, which is used to determine the scheduling priorities of the
/// process's threads. For a list of values, see GetPriorityClass. If none of the priority class flags is specified, the
/// priority class defaults to NORMAL_PRIORITY_CLASS unless the priority class of the creating process is
/// IDLE_PRIORITY_CLASS or BELOW_NORMAL_PRIORITY_CLASS. In this case, the child process receives the default priority
/// class of the calling process.
///
///
///
///
/// A pointer to an environment block for the new process. If this parameter is NULL, the new process uses the environment of
/// the calling process.
///
/// An environment block consists of a null-terminated block of null-terminated strings. Each string is in the following form:
/// name=value\0
/// Because the equal sign is used as a separator, it must not be used in the name of an environment variable.
///
/// An environment block can contain either Unicode or ANSI characters. If the environment block pointed to by lpEnvironment contains
/// Unicode characters, be sure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT. If this parameter is NULL and
/// the environment block of the parent process contains Unicode characters, you must also ensure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT.
///
///
/// The ANSI version of this function, CreateProcessAsUserA fails if the total size of the environment block for the process
/// exceeds 32,767 characters.
///
///
/// Note that an ANSI environment block is terminated by two zero bytes: one for the last string, one more to terminate the block. A
/// Unicode environment block is terminated by four zero bytes: two for the last string, two more to terminate the block.
///
///
/// Windows Server 2003 and Windows XP: If the size of the combined user and system environment variable exceeds 8192 bytes,
/// the process created by CreateProcessAsUser no longer runs with the environment block passed to the function by the parent
/// process. Instead, the child process runs with the environment block returned by the CreateEnvironmentBlock function.
///
/// To retrieve a copy of the environment block for a given user, use the CreateEnvironmentBlock function.
///
///
/// The full path to the current directory for the process. The string can also specify a UNC path.
///
/// If this parameter is NULL, the new process will have the same current drive and directory as the calling process. (This feature
/// is provided primarily for shells that need to start an application and specify its initial drive and working directory.)
///
///
///
/// A pointer to a STARTUPINFO or STARTUPINFOEX structure.
///
/// The user must have full access to both the specified window station and desktop. If you want the process to be interactive,
/// specify winsta0\default. If the lpDesktop member is NULL, the new process inherits the desktop and window station of its
/// parent process. If this member is an empty string, "", the new process connects to a window station using the rules described in
/// Process Connection to a Window Station.
///
///
/// To set extended attributes, use a STARTUPINFOEX structure and specify EXTENDED_STARTUPINFO_PRESENT in the
/// dwCreationFlags parameter.
///
/// Handles in STARTUPINFO or STARTUPINFOEX must be closed with CloseHandle when they are no longer needed.
///
///
/// A pointer to a PROCESS_INFORMATION structure that receives identification information about the new process.
/// Handles in PROCESS_INFORMATION must be closed with CloseHandle when they are no longer needed.
///
///
/// If the function succeeds, the return value is nonzero.
/// If the function fails, the return value is zero. To get extended error information, call GetLastError.
///
/// Note that the function returns before the process has finished initialization. If a required DLL cannot be located or fails to
/// initialize, the process is terminated. To get the termination status of a process, call GetExitCodeProcess.
///
///
// BOOL WINAPI CreateProcessAsUser( _In_opt_ HANDLE hToken, _In_opt_ LPCTSTR lpApplicationName, _Inout_opt_ LPTSTR lpCommandLine,
// _In_opt_ LPSECURITY_ATTRIBUTES lpProcessAttributes, _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, _In_ BOOL bInheritHandles,
// _In_ DWORD dwCreationFlags, _In_opt_ LPVOID lpEnvironment, _In_opt_ LPCTSTR lpCurrentDirectory, _In_ LPSTARTUPINFO lpStartupInfo,
// _Out_ LPPROCESS_INFORMATION lpProcessInformation); https://msdn.microsoft.com/en-us/library/windows/desktop/ms682429(v=vs.85).aspx
[DllImport(Lib.AdvApi32, SetLastError = true, CharSet = CharSet.Auto)]
[PInvokeData("WinBase.h", MSDNShortId = "ms682429")]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool CreateProcessAsUser(HTOKEN hToken, string lpApplicationName, StringBuilder lpCommandLine,
SECURITY_ATTRIBUTES lpProcessAttributes, SECURITY_ATTRIBUTES lpThreadAttributes, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandles,
CREATE_PROCESS dwCreationFlags, IntPtr lpEnvironment, string lpCurrentDirectory, in STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation);
// Attribute may be used with thread creation Attribute is input only Attribute may be "accumulated," e.g. bitmasks, counters, etc.
private static UIntPtr ProcThreadAttributeValue(PROC_THREAD_ATTRIBUTE_NUM Number, bool Thread, bool Input, bool Additive) =>
(UIntPtr)(((uint)Number & PROC_THREAD_ATTRIBUTE_NUMBER) | (Thread ? PROC_THREAD_ATTRIBUTE_THREAD : 0) |
(Input ? PROC_THREAD_ATTRIBUTE_INPUT : 0) | (Additive ? PROC_THREAD_ATTRIBUTE_ADDITIVE : 0));
///
/// Represents app memory usage at a single point in time. This structure is used by the PROCESS_INFORMATION_CLASS class.
///
// typedef struct _APP_MEMORY_INFORMATION { ULONG64 AvailableCommit; ULONG64 PrivateCommitUsage; ULONG64 PeakPrivateCommitUsage;
// ULONG64 TotalCommitUsage;} APP_MEMORY_INFORMATION, *PAPP_MEMORY_INFORMATION; https://msdn.microsoft.com/en-us/library/windows/desktop/mt767995(v=vs.85).aspx
[PInvokeData("WinBase.h", MSDNShortId = "mt767995")]
[StructLayout(LayoutKind.Sequential)]
public struct APP_MEMORY_INFORMATION
{
/// Total commit available to the app.
public ulong AvailableCommit;
/// The app's usage of private commit.
public ulong PrivateCommitUsage;
/// The app's peak usage of private commit.
public ulong PeakPrivateCommitUsage;
/// The app's total usage of private plus shared commit.
public ulong TotalCommitUsage;
}
///
/// Contains processor-specific register data. The system uses CONTEXT structures to perform various internal operations. Refer to
/// the header file WinNT.h for definitions of this structure for each processor architecture.
///
// https://msdn.microsoft.com/en-us/library/windows/desktop/ms679284(v=vs.85).aspx
[StructLayout(LayoutKind.Sequential)]
public struct CONTEXT
{
public uint ContextFlags;
public uint Dr0;
public uint Dr1;
public uint Dr2;
public uint Dr3;
public uint Dr6;
public uint Dr7;
// Retrieved by CONTEXT_FLOATING_POINT
public FLOATING_SAVE_AREA FloatSave;
// Retrieved by CONTEXT_SEGMENTS
public uint SegGs;
public uint SegFs;
public uint SegEs;
public uint SegDs;
// Retrieved by CONTEXT_INTEGER
public uint Edi;
public uint Esi;
public uint Ebx;
public uint Edx;
public uint Ecx;
public uint Eax;
// Retrieved by CONTEXT_CONTROL
public uint Ebp;
public uint Eip;
public uint SegCs;
public uint EFlags;
public uint Esp;
public uint SegSs;
// Retrieved by CONTEXT_EXTENDED_REGISTERS
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 512)]
public byte[] ExtendedRegisters;
/// Represents the 80387 save area on WOW64. Refer to the header file WinNT.h for the definition of this structure.
// https://msdn.microsoft.com/en-us/library/windows/desktop/ms681671(v=vs.85).aspx
[PInvokeData("WinNT.h", MSDNShortId = "ms681671")]
[StructLayout(LayoutKind.Sequential)]
public struct FLOATING_SAVE_AREA
{
public int ControlWord;
public int StatusWord;
public int TagWord;
public int ErrorOffset;
public int ErrorSelector;
public int DataOffset;
public int DataSelector;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 80)] public byte[] RegisterArea;
public int Cr0NpxState;
}
}
[StructLayout(LayoutKind.Sequential, Pack = 16)]
public struct CONTEXT64
{
public ulong P1Home;
public ulong P2Home;
public ulong P3Home;
public ulong P4Home;
public ulong P5Home;
public ulong P6Home;
public uint ContextFlags;
public uint MxCsr;
public ushort SegCs;
public ushort SegDs;
public ushort SegEs;
public ushort SegFs;
public ushort SegGs;
public ushort SegSs;
public uint EFlags;
public ulong Dr0;
public ulong Dr1;
public ulong Dr2;
public ulong Dr3;
public ulong Dr6;
public ulong Dr7;
public ulong Rax;
public ulong Rcx;
public ulong Rdx;
public ulong Rbx;
public ulong Rsp;
public ulong Rbp;
public ulong Rsi;
public ulong Rdi;
public ulong R8;
public ulong R9;
public ulong R10;
public ulong R11;
public ulong R12;
public ulong R13;
public ulong R14;
public ulong R15;
public ulong Rip;
public XSAVE_FORMAT64 DUMMYUNIONNAME;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 26)]
public M128A[] VectorRegister;
public ulong VectorControl;
public ulong DebugControl;
public ulong LastBranchToRip;
public ulong LastBranchFromRip;
public ulong LastExceptionToRip;
public ulong LastExceptionFromRip;
[StructLayout(LayoutKind.Sequential)]
public struct M128A
{
public ulong High;
public long Low;
}
[StructLayout(LayoutKind.Sequential, Pack = 16)]
public struct XSAVE_FORMAT64
{
public ushort ControlWord;
public ushort StatusWord;
public byte TagWord;
public byte Reserved1;
public ushort ErrorOpcode;
public uint ErrorOffset;
public ushort ErrorSelector;
public ushort Reserved2;
public uint DataOffset;
public ushort DataSelector;
public ushort Reserved3;
public uint MxCsr;
public uint MxCsr_Mask;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 8)]
public M128A[] FloatRegisters;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]
public M128A[] XmmRegisters;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 96)]
public byte[] Reserved4;
}
}
///
/// Specifies the memory priority for a thread or process. This structure is used by the GetProcessInformation,
/// SetProcessInformation, GetThreadInformation, and SetThreadInformation functions.
///
// typedef struct _MEMORY_PRIORITY_INFORMATION { ULONG MemoryPriority;} MEMORY_PRIORITY_INFORMATION, *PMEMORY_PRIORITY_INFORMATION; https://msdn.microsoft.com/en-us/library/windows/desktop/hh448387(v=vs.85).aspx
[PInvokeData("WinBase.h", MSDNShortId = "hh448387")]
[StructLayout(LayoutKind.Sequential)]
public struct MEMORY_PRIORITY_INFORMATION
{
///
/// The memory priority for the thread or process. This member can be one of the following values.
///
///
///
/// Value
/// Meaning
///
/// -
/// MEMORY_PRIORITY_VERY_LOW1
/// Very low memory priority.
///
/// -
/// MEMORY_PRIORITY_LOW2
/// Low memory priority.
///
/// -
/// MEMORY_PRIORITY_MEDIUM3
/// Medium memory priority.
///
/// -
/// MEMORY_PRIORITY_BELOW_NORMAL4
/// Below normal memory priority.
///
/// -
/// MEMORY_PRIORITY_NORMAL5
/// Normal memory priority. This is the default priority for all threads and processes on the system.
///
///
///
///
public MEMORY_PRIORITY MemoryPriority;
}
///
/// Contains information about a newly created process and its primary thread. It is used with the CreateProcess,
/// CreateProcessAsUser, CreateProcessWithLogonW, or CreateProcessWithTokenW function.
///
// typedef struct _PROCESS_INFORMATION { HANDLE hProcess; HANDLE hThread; DWORD dwProcessId; DWORD dwThreadId;} PROCESS_INFORMATION,
// *LPPROCESS_INFORMATION; https://msdn.microsoft.com/en-us/library/windows/desktop/ms684873(v=vs.85).aspx
[PInvokeData("WinBase.h", MSDNShortId = "ms684873")]
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
///
/// A handle to the newly created process. The handle is used to specify the process in all functions that perform operations on
/// the process object.
///
public HPROCESS hProcess;
///
/// A handle to the primary thread of the newly created process. The handle is used to specify the thread in all functions that
/// perform operations on the thread object.
///
public HTHREAD hThread;
///
/// A value that can be used to identify a process. The value is valid from the time the process is created until all handles to
/// the process are closed and the process object is freed; at this point, the identifier may be reused.
///
public uint dwProcessId;
///
/// A value that can be used to identify a thread. The value is valid from the time the thread is created until all handles to
/// the thread are closed and the thread object is freed; at this point, the identifier may be reused.
///
public uint dwThreadId;
}
///
/// Allows applications to configure a process to terminate if an allocation fails to commit memory. This structure is used by the
/// PROCESS_INFORMATION_CLASS class.
///
// typedef struct _PROCESS_MEMORY_EXHAUSTION_INFO { USHORT Version; USHORT Reserved; PROCESS_MEMORY_EXHAUSTION_TYPE Type; ULONG_PTR
// Value;} PROCESS_MEMORY_EXHAUSTION_INFO, *PPROCESS_MEMORY_EXHAUSTION_INFO;// https://msdn.microsoft.com/en-us/library/windows/desktop/mt767997(v=vs.85).aspx
[PInvokeData("WinBase.h", MSDNShortId = "mt767997")]
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_MEMORY_EXHAUSTION_INFO
{
/// Version should be set to PME_CURRENT_VERSION.
public ushort Version;
/// Reserved.
public ushort Reserved;
///
/// Type of failure.
/// Type should be set to PMETypeFailFastOnCommitFailure (this is the only type available).
///
public PROCESS_MEMORY_EXHAUSTION_TYPE Type;
///
/// Used to turn the feature on or off.
///
///
///
/// Function
/// Setting
///
/// -
/// Enable
/// PME_FAILFAST_ON_COMMIT_FAIL_ENABLE
///
/// -
/// Disable
/// PME_FAILFAST_ON_COMMIT_FAIL_DISABLE
///
///
///
///
public UIntPtr Value;
}
///
/// Contains process mitigation policy settings for Address Space Randomization Layout (ASLR). The GetProcessMitigationPolicy
/// and SetProcessMitigationPolicy functions use this structure.
///
// typedef struct _PROCESS_MITIGATION_ASLR_POLICY { union { DWORD Flags; struct { DWORD EnableBottomUpRandomization : 1; DWORD
// EnableForceRelocateImages : 1; DWORD EnableHighEntropy : 1; DWORD DisallowStrippedImages : 1; DWORD ReservedFlags : 28; }; };} PROCESS_MITIGATION_ASLR_POLICY,
// *PPROCESS_MITIGATION_ASLR_POLICY; https://msdn.microsoft.com/en-us/library/windows/desktop/hh769086(v=vs.85).aspx
[PInvokeData("WinNT.h", MSDNShortId = "hh769086")]
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_MITIGATION_ASLR_POLICY
{
/// The flags
public PROCESS_MITIGATION_ASLR_POLICY_FLAGS Flags;
}
/// Contains process mitigation policy settings for the loading of images depending on the signatures for the image.
// typedef struct _PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY { union { DWORD Flags; struct { DWORD MicrosoftSignedOnly :1; DWORD
// StoreSignedOnly :1; DWORD MitigationOptIn :1; DWORD ReservedFlags :29; }; };} PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY,
// *PPROCESS_MITIGATION_BINARY_SIGNATURE_POLICY; https://msdn.microsoft.com/en-us/library/windows/desktop/mt706242(v=vs.85).aspx
[PInvokeData("WinNT.h", MSDNShortId = "mt706242")]
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY
{
/// The flags
public PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY_FLAGS Flags;
}
/// Stores policy information about creating child processes.
// https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/content/ntddk/ns-ntddk-_process_mitigation_child_process_policy
[PInvokeData("WinNT.h", MSDNShortId = "")]
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_MITIGATION_CHILD_PROCESS_POLICY
{
/// The flags
public PROCESS_MITIGATION_CHILD_PROCESS_POLICY_FLAGS Flags;
}
///
/// Contains process mitigation policy settings for Control Flow Guard (CFG). The GetProcessMitigationPolicy and
/// SetProcessMitigationPolicy functions use this structure.
///
// typedef struct _PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY { union { DWORD Flags; struct { DWORD EnableControlFlowGuard :1;
// DWORD EnableExportSuppression :1; DWORD StrictMode :1; DWORD ReservedFlags :29; }; };} PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY,
// *PPROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY; https://msdn.microsoft.com/en-us/library/windows/desktop/mt654121(v=vs.85).aspx
[PInvokeData("WinNT.h", MSDNShortId = "mt654121")]
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY
{
/// The flags
public PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY_FLAGS Flags;
}
///
/// Contains process mitigation policy settings for data execution prevention (DEP). The GetProcessMitigationPolicy and
/// SetProcessMitigationPolicy functions use this structure.
///
// typedef struct _PROCESS_MITIGATION_DEP_POLICY { union { DWORD Flags; struct { DWORD Enable : 1; DWORD DisableAtlThunkEmulation :
// 1; DWORD ReservedFlags : 30; }; }; BOOLEAN Permanent;} PROCESS_MITIGATION_DEP_POLICY, *PPROCESS_MITIGATION_DEP_POLICY; https://msdn.microsoft.com/en-us/library/windows/desktop/hh769087(v=vs.85).aspx
[PInvokeData("WinNT.h", MSDNShortId = "hh769087")]
[StructLayout(LayoutKind.Sequential, Pack = 1)]
public struct PROCESS_MITIGATION_DEP_POLICY
{
/// The flags
public PROCESS_MITIGATION_DEP_POLICY_FLAGS Flags;
/// DEP is permanently enabled and cannot be disabled if this field is set to TRUE.
public byte Permanent;
}
/// Contains process mitigation policy settings for restricting dynamic code generation and modification.
// typedef struct _PROCESS_MITIGATION_DYNAMIC_CODE_POLICY { union { DWORD Flags; struct { DWORD ProhibitDynamicCode :1; DWORD
// AllowThreadOptOut :1; DWORD AllowRemoteDowngrade :1; DWORD ReservedFlags :30; }; };} PROCESS_MITIGATION_DYNAMIC_CODE_POLICY,
// *PPROCESS_MITIGATION_DYNAMIC_CODE_POLICY; https://msdn.microsoft.com/en-us/library/windows/desktop/mt706243(v=vs.85).aspx
[PInvokeData("WinNT.h", MSDNShortId = "mt706243")]
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_MITIGATION_DYNAMIC_CODE_POLICY
{
/// The flags
public PROCESS_MITIGATION_DYNAMIC_CODE_POLICY_FLAGS Flags;
}
///
/// Contains process mitigation policy settings for legacy extension point DLLs. The GetProcessMitigationPolicy and
/// SetProcessMitigationPolicy functions use this structure.
///
// typedef struct _PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY { union { DWORD Flags; struct { DWORD DisableExtensionPoints :
// 1; DWORD ReservedFlags : 31; }; };} PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY,
// *PPROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY; https://msdn.microsoft.com/en-us/library/windows/desktop/jj200586(v=vs.85).aspx
[PInvokeData("Winnt.h", MSDNShortId = "jj200586")]
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY
{
/// The flags
public PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY_FLAGS Flags;
}
/// Contains process mitigation policy settings for the loading of non-system fonts.
// typedef struct _PROCESS_MITIGATION_FONT_DISABLE_POLICY { union { DWORD Flags; struct { DWORD DisableNonSystemFonts :1; DWORD
// AuditNonSystemFontLoading :1; DWORD ReservedFlags :30; }; };} PROCESS_MITIGATION_FONT_DISABLE_POLICY,
// *PPROCESS_MITIGATION_FONT_DISABLE_POLICY; https://msdn.microsoft.com/en-us/library/windows/desktop/mt706244(v=vs.85).aspx
[PInvokeData("WinNT.h", MSDNShortId = "mt706244")]
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_MITIGATION_FONT_DISABLE_POLICY
{
/// The flags
public PROCESS_MITIGATION_FONT_DISABLE_POLICY_FLAGS Flags;
}
/// Contains process mitigation policy settings for the loading of images from a remote device.
// typedef struct _PROCESS_MITIGATION_IMAGE_LOAD_POLICY { union { DWORD Flags; struct { DWORD NoRemoteImages :1; DWORD
// NoLowMandatoryLabelImages :1; DWORD PreferSystem32Images :1; DWORD ReservedFlags :29; }; };} PROCESS_MITIGATION_IMAGE_LOAD_POLICY,
// *PPROCESS_MITIGATION_IMAGE_LOAD_POLICY; https://msdn.microsoft.com/en-us/library/windows/desktop/mt706245(v=vs.85).aspx
[PInvokeData("WinNT.h", MSDNShortId = "mt706245")]
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_MITIGATION_IMAGE_LOAD_POLICY
{
/// The flags
public PROCESS_MITIGATION_IMAGE_LOAD_POLICY_FLAGS Flags;
}
/// Stores information about process mitigation policy.
// https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/content/ntddk/ns-ntddk-_process_mitigation_payload_restriction_policy
[PInvokeData("WinNT.h", MSDNShortId = "")]
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_MITIGATION_PAYLOAD_RESTRICTION_POLICY
{
/// The flags
public PROCESS_MITIGATION_PAYLOAD_RESTRICTION_POLICY_FLAGS Flags;
}
/// Used to impose new behavior on handle references that are not valid.
// typedef struct _PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY { union { DWORD Flags; struct { DWORD
// RaiseExceptionOnInvalidHandleReference : 1; DWORD HandleExceptionsPermanentlyEnabled : 1; DWORD ReservedFlags : 30; }; };} PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY,
// *PPROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY; https://msdn.microsoft.com/en-us/library/windows/desktop/hh871471(v=vs.85).aspx
[PInvokeData("WinNT.h", MSDNShortId = "hh871471")]
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY
{
/// The flags
public PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY_FLAGS Flags;
}
/// Used to impose restrictions on what system calls can be invoked by a process.
// typedef struct _PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY { union { DWORD Flags; struct { DWORD DisallowWin32kSystemCalls : 1;
// DWORD ReservedFlags : 31; }; };} PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY, *PPROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY; https://msdn.microsoft.com/en-us/library/windows/desktop/hh871472(v=vs.85).aspx
[PInvokeData("WinNT.h", MSDNShortId = "hh871472")]
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY
{
/// The flags
public PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY_FLAGS Flags;
}
/// This structure is not supported.
// https://msdn.microsoft.com/en-us/library/windows/hardware/mt843942(v=vs.85).aspx
[PInvokeData("WinNT.h", MSDNShortId = "mt843942")]
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_MITIGATION_SYSTEM_CALL_FILTER_POLICY
{
/// Undocumented.
public uint FilterId; // Only lowest 4 bits
}
///
/// Specifies the throttling policies and how to apply them to a target process when that process is subject to power management.
///
// typedef struct _PROCESS_POWER_THROTTLING_STATE { ULONG Version; ULONG ControlMask; ULONG StateMask;} PROCESS_POWER_THROTTLING_STATE,
// *PPROCESS_POWER_THROTTLING_STATE;// https://msdn.microsoft.com/en-us/library/windows/desktop/mt804324(v=vs.85).aspx
[PInvokeData("Processthreadsapi.h", MSDNShortId = "mt804324")]
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_POWER_THROTTLING_STATE
{
///
/// The version of the PROCESS_POWER_THROTTLING_STATE structure.
///
///
///
/// Value
/// Meaning
///
/// -
/// PROCESS_POWER_THROTTLING_CURRENT_VERSION
/// The current version.
///
///
///
///
public uint Version;
///
/// This field enables the caller to take control of the power throttling mechanism.
///
///
///
/// Value
/// Meaning
///
/// -
/// PROCESS_POWER_THROTTLING_EXECUTION_SPEED
/// Manages the execution speed of the process.
///
///
///
///
public uint ControlMask;
///
/// Manages the power throttling mechanism on/off state.
///
///
///
/// Value
/// Meaning
///
/// -
/// PROCESS_POWER_THROTTLING_EXECUTION_SPEED
/// Manages the execution speed of the process.
///
///
///
///
public uint StateMask;
}
/// Specifies whether Protected Process Light (PPL) is enabled.
// typedef struct _PROCESS_PROTECTION_LEVEL_INFORMATION { DWORD ProtectionLevel;} PROCESS_PROTECTION_LEVEL_INFORMATION,
// *PPROCESS_PROTECTION_LEVEL_INFORMATION;// https://msdn.microsoft.com/en-us/library/windows/desktop/mt823702(v=vs.85).aspx
[PInvokeData("Processthreadsapi.h", MSDNShortId = "mt823702")]
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_PROTECTION_LEVEL_INFORMATION
{
///
/// The one of the following values.
///
///
///
/// Value
/// Meaning
///
/// -
/// PROTECTION_LEVEL_WINTCB_LIGHT
/// For internal use only.
///
/// -
/// PROTECTION_LEVEL_WINDOWS
/// For internal use only.
///
/// -
/// PROTECTION_LEVEL_WINDOWS_LIGHT
/// For internal use only.
///
/// -
/// PROTECTION_LEVEL_ANTIMALWARE_LIGHT
/// For internal use only.
///
/// -
/// PROTECTION_LEVEL_LSA_LIGHT
/// For internal use only.
///
/// -
/// PROTECTION_LEVEL_WINTCB
/// Not implemented.
///
/// -
/// PROTECTION_LEVEL_CODEGEN_LIGHT
/// Not implemented.
///
/// -
/// PROTECTION_LEVEL_AUTHENTICODE
/// Not implemented.
///
/// -
/// PROTECTION_LEVEL_PPL_APP
/// The process is a third party app that is using process protection.
///
/// -
/// PROTECTION_LEVEL_NONE
/// The process is not protected.
///
///
///
///
public PROTECTION_LEVEL ProtectionLevel;
}
/// Represents a logical processor in a processor group.
[PInvokeData("WinNT.h", MSDNShortId = "dd405505")]
[StructLayout(LayoutKind.Sequential, Pack = 1)]
public struct PROCESSOR_NUMBER
{
/// The processor group to which the logical processor is assigned.
public ushort Group;
/// The number of the logical processor relative to the group.
public byte Number;
/// This parameter is reserved.
public byte Reserved;
}
///
/// Specifies the window station, desktop, standard handles, and appearance of the main window for a process at creation time.
///
// typedef struct _STARTUPINFO { DWORD cb; LPTSTR lpReserved; LPTSTR lpDesktop; LPTSTR lpTitle; DWORD dwX; DWORD dwY; DWORD dwXSize;
// DWORD dwYSize; DWORD dwXCountChars; DWORD dwYCountChars; DWORD dwFillAttribute; DWORD dwFlags; WORD wShowWindow; WORD cbReserved2;
// LPBYTE lpReserved2; HANDLE hStdInput; HANDLE hStdOutput; HANDLE hStdError;} STARTUPINFO, *LPSTARTUPINFO; https://msdn.microsoft.com/en-us/library/windows/desktop/ms686331(v=vs.85).aspx
[PInvokeData("WinBase.h", MSDNShortId = "ms686331")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
public struct STARTUPINFO
{
/// The size of the structure, in bytes.
public uint cb;
/// Reserved; must be NULL.
public IntPtr lpReserved;
///
/// The name of the desktop, or the name of both the desktop and window station for this process. A backslash in the string
/// indicates that the string includes both the desktop and window station names. For more information, see Thread Connection to
/// a Desktop.
///
public string lpDesktop;
///
/// For console processes, this is the title displayed in the title bar if a new console window is created. If NULL, the name of
/// the executable file is used as the window title instead. This parameter must be NULL for GUI or console processes that do not
/// create a new console window.
///
public string lpTitle;
///
///
/// If dwFlags specifies STARTF_USEPOSITION, this member is the x offset of the upper left corner of a window if a new
/// window is created, in pixels. Otherwise, this member is ignored.
///
///
/// The offset is from the upper left corner of the screen. For GUI processes, the specified position is used the first time the
/// new process calls CreateWindow to create an overlapped window if the x parameter of CreateWindow is CW_USEDEFAULT.
///
///
public uint dwX;
///
///
/// If dwFlags specifies STARTF_USEPOSITION, this member is the y offset of the upper left corner of a window if a new
/// window is created, in pixels. Otherwise, this member is ignored.
///
///
/// The offset is from the upper left corner of the screen. For GUI processes, the specified position is used the first time the
/// new process calls CreateWindow to create an overlapped window if the y parameter of CreateWindow is CW_USEDEFAULT.
///
///
public uint dwY;
///
///
/// If dwFlags specifies STARTF_USESIZE, this member is the width of the window if a new window is created, in pixels.
/// Otherwise, this member is ignored.
///
///
/// For GUI processes, this is used only the first time the new process calls CreateWindow to create an overlapped window
/// if the nWidth parameter of CreateWindow is CW_USEDEFAULT.
///
///
public uint dwXSize;
///
///
/// If dwFlags specifies STARTF_USESIZE, this member is the height of the window if a new window is created, in pixels.
/// Otherwise, this member is ignored.
///
///
/// For GUI processes, this is used only the first time the new process calls CreateWindow to create an overlapped window
/// if the nHeight parameter of CreateWindow is CW_USEDEFAULT.
///
///
public uint dwYSize;
///
/// If dwFlags specifies STARTF_USECOUNTCHARS, if a new console window is created in a console process, this member
/// specifies the screen buffer width, in character columns. Otherwise, this member is ignored.
///
public uint dwXCountChars;
///
/// If dwFlags specifies STARTF_USECOUNTCHARS, if a new console window is created in a console process, this member
/// specifies the screen buffer height, in character rows. Otherwise, this member is ignored.
///
public uint dwYCountChars;
///
///
/// If dwFlags specifies STARTF_USEFILLATTRIBUTE, this member is the initial text and background colors if a new console
/// window is created in a console application. Otherwise, this member is ignored.
///
///
/// This value can be any combination of the following values: FOREGROUND_BLUE, FOREGROUND_GREEN, FOREGROUND_RED,
/// FOREGROUND_INTENSITY, BACKGROUND_BLUE, BACKGROUND_GREEN, BACKGROUND_RED, and BACKGROUND_INTENSITY. For example, the following
/// combination of values produces red text on a white background:
///
///
public CHARACTER_ATTRIBUTE dwFillAttribute;
///
///
/// A bitfield that determines whether certain STARTUPINFO members are used when the process creates a window. This member
/// can be one or more of the following values.
///
///
///
///
/// Value
/// Meaning
///
/// -
/// STARTF_FORCEONFEEDBACK0x00000040
///
/// Indicates that the cursor is in feedback mode for two seconds after CreateProcess is called. The Working in Background cursor
/// is displayed (see the Pointers tab in the Mouse control panel utility). If during those two seconds the process makes the
/// first GUI call, the system gives five more seconds to the process. If during those five seconds the process shows a window,
/// the system gives five more seconds to the process to finish drawing the window.The system turns the feedback cursor off after
/// the first call to GetMessage, regardless of whether the process is drawing.
///
///
/// -
/// STARTF_FORCEOFFFEEDBACK0x00000080
/// Indicates that the feedback cursor is forced off while the process is starting. The Normal Select cursor is displayed.
///
/// -
/// STARTF_PREVENTPINNING0x00002000
///
/// Indicates that any windows created by the process cannot be pinned on the taskbar.This flag must be combined with STARTF_TITLEISAPPID.
///
///
/// -
/// STARTF_RUNFULLSCREEN0x00000020
///
/// Indicates that the process should be run in full-screen mode, rather than in windowed mode. This flag is only valid for
/// console applications running on an x86 computer.
///
///
/// -
/// STARTF_TITLEISAPPID0x00001000
///
/// The lpTitle member contains an AppUserModelID. This identifier controls how the taskbar and Start menu present the
/// application, and enables it to be associated with the correct shortcuts and Jump Lists. Generally, applications will use the
/// SetCurrentProcessExplicitAppUserModelID and GetCurrentProcessExplicitAppUserModelID functions instead of setting this flag.
/// For more information, see Application User Model IDs.If STARTF_PREVENTPINNING is used, application windows cannot be pinned
/// on the taskbar. The use of any AppUserModelID-related window properties by the application overrides this setting for that
/// window only.This flag cannot be used with STARTF_TITLEISLINKNAME.
///
///
/// -
/// STARTF_TITLEISLINKNAME0x00000800
///
/// The lpTitle member contains the path of the shortcut file (.lnk) that the user invoked to start this process. This is
/// typically set by the shell when a .lnk file pointing to the launched application is invoked. Most applications will not need
/// to set this value.This flag cannot be used with STARTF_TITLEISAPPID.
///
///
/// -
/// STARTF_UNTRUSTEDSOURCE0x00008000
/// The command line came from an untrusted source. For more information, see Remarks.
///
/// -
///
///
///
/// -
/// STARTF_USECOUNTCHARS0x00000008
/// The dwXCountChars and dwYCountChars members contain additional information.
///
/// -
/// STARTF_USEFILLATTRIBUTE0x00000010
/// The dwFillAttribute member contains additional information.
///
/// -
/// STARTF_USEHOTKEY0x00000200
/// The hStdInput member contains additional information. This flag cannot be used with STARTF_USESTDHANDLES.
///
/// -
/// STARTF_USEPOSITION0x00000004
/// The dwX and dwY members contain additional information.
///
/// -
/// STARTF_USESHOWWINDOW0x00000001
/// The wShowWindow member contains additional information.
///
/// -
/// STARTF_USESIZE0x00000002
/// The dwXSize and dwYSize members contain additional information.
///
/// -
/// STARTF_USESTDHANDLES0x00000100
///
/// The hStdInput, hStdOutput, and hStdError members contain additional information. If this flag is specified when calling one
/// of the process creation functions, the handles must be inheritable and the function's bInheritHandles parameter must be set
/// to TRUE. For more information, see Handle Inheritance.If this flag is specified when calling the GetStartupInfo function,
/// these members are either the handle value specified during process creation or INVALID_HANDLE_VALUE.Handles must be closed
/// with CloseHandle when they are no longer needed.This flag cannot be used with STARTF_USEHOTKEY.
///
///
///
///
///
public STARTF dwFlags;
///
///
/// If dwFlags specifies STARTF_USESHOWWINDOW, this member can be any of the values that can be specified in the nCmdShow
/// parameter for the ShowWindow function, except for SW_SHOWDEFAULT. Otherwise, this member is ignored.
///
///
/// For GUI processes, the first time ShowWindow is called, its nCmdShow parameter is ignored wShowWindow specifies
/// the default value. In subsequent calls to ShowWindow, the wShowWindow member is used if the nCmdShow parameter
/// of ShowWindow is set to SW_SHOWDEFAULT.
///
///
//[MarshalAs(UnmanagedType.U2)]
public ushort wShowWindow; // ShowWindowCommand
/// Reserved for use by the C Run-time; must be zero.
public ushort cbReserved2;
/// Reserved for use by the C Run-time; must be NULL.
public IntPtr lpReserved2;
///
///
/// If dwFlags specifies STARTF_USESTDHANDLES, this member is the standard input handle for the process. If
/// STARTF_USESTDHANDLES is not specified, the default for standard input is the keyboard buffer.
///
///
/// If dwFlags specifies STARTF_USEHOTKEY, this member specifies a hotkey value that is sent as the wParam parameter of a
/// WM_SETHOTKEY message to the first eligible top-level window created by the application that owns the process. If the window
/// is created with the WS_POPUP window style, it is not eligible unless the WS_EX_APPWINDOW extended window style is also set.
/// For more information, see CreateWindowEx.
///
/// Otherwise, this member is ignored.
///
public IntPtr hStdInput;
///
///
/// If dwFlags specifies STARTF_USESTDHANDLES, this member is the standard output handle for the process. Otherwise, this
/// member is ignored and the default for standard output is the console window's buffer.
///
///
/// If a process is launched from the taskbar or jump list, the system sets hStdOutput to a handle to the monitor that
/// contains the taskbar or jump list used to launch the process. For more information, see Remarks.
///
///
/// Windows 7, Windows Server 2008 R2, Windows Vista, Windows Server 2008, Windows XP and Windows Server 2003: This
/// behavior was introduced in Windows 8 and Windows Server 2012.
///
///
public IntPtr hStdOutput;
///
/// If dwFlags specifies STARTF_USESTDHANDLES, this member is the standard error handle for the process. Otherwise, this
/// member is ignored and the default for standard error is the console window's buffer.
///
public IntPtr hStdError;
///
/// The x and y offset of the upper left corner of a window if a new window is created, in pixels.
///
/// The offset is from the upper left corner of the screen. For GUI processes, the specified position is used the first time the
/// new process calls CreateWindow to create an overlapped window if the x or y parameter of CreateWindow is CW_USEDEFAULT.
///
///
public System.Drawing.Point WindowPosition { get => new System.Drawing.Point((int)dwX, (int)dwY); set { dwX = (uint)value.X; dwY = (uint)value.Y; dwFlags = dwFlags.SetFlags(STARTF.STARTF_USEPOSITION, value != System.Drawing.Point.Empty); } }
///
///
/// This member can be any of the values that can be specified in the nCmdShow parameter for the ShowWindow function,
/// except for SW_SHOWDEFAULT.
///
///
/// For GUI processes, the first time ShowWindow is called, its nCmdShow parameter is ignored wShowWindow specifies
/// the default value. In subsequent calls to ShowWindow, the wShowWindow member is used if the nCmdShow parameter
/// of ShowWindow is set to SW_SHOWDEFAULT.
///
///
public ShowWindowCommand ShowWindowCommand { get => (ShowWindowCommand)wShowWindow; set { wShowWindow = (ushort)value; dwFlags = dwFlags.SetFlags(STARTF.STARTF_USESHOWWINDOW, value != 0); } }
///
/// The height of the window if a new window is created, in pixels.
///
/// For GUI processes, this is used only the first time the new process calls CreateWindow to create an overlapped window
/// if the nHeight or nWidth parameter of CreateWindow is CW_USEDEFAULT.
///
///
public SIZE WindowSize { get => new SIZE((int)dwXSize, (int)dwYSize); set { dwXSize = (uint)value.cx; dwYSize = (uint)value.cy; dwFlags = dwFlags.SetFlags(STARTF.STARTF_USESIZE, value != SIZE.Empty); } }
/// Gets the default value for this structure with the cb field set to the size of the structure.
public static STARTUPINFO Default => new STARTUPINFO { cb = (uint)Marshal.SizeOf(typeof(STARTUPINFO)) };
}
///
///
/// Specifies the window station, desktop, standard handles, and attributes for a new process. It is used with the CreateProcess and
/// CreateProcessAsUser functions.
///
///
///
/// Be sure to set the cb member of the STARTUPINFO structure to .
///
// https://docs.microsoft.com/en-us/windows/desktop/api/winbase/ns-winbase-_startupinfoexa typedef struct _STARTUPINFOEXA {
// STARTUPINFOA StartupInfo; LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList; } STARTUPINFOEXA, *LPSTARTUPINFOEXA;
[PInvokeData("winbase.h", MSDNShortId = "61203f57-292d-4ea1-88f4-a3b05012d7a3")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
public struct STARTUPINFOEX
{
///
/// A STARTUPINFO structure.
///
public STARTUPINFO StartupInfo;
///
/// An attribute list. This list is created by the InitializeProcThreadAttributeList function.
///
public IntPtr lpAttributeList;
/// Gets the default value for this structure with the cb field set to the size of the structure.
public static STARTUPINFOEX Default => new STARTUPINFOEX { StartupInfo = new STARTUPINFO { cb = (uint)Marshal.SizeOf(typeof(STARTUPINFOEX)) } };
}
///
///
/// This structure is returned by GetSystemCpuSetInformation. It is used to enumerate the CPU Sets on the system and determine
/// their current state.
///
///
/// This is a variable-sized structure designed for future expansion. When iterating over this structure, use the size field to
/// determine the offset to the next structure.
///
///
// typedef struct _SYSTEM_CPU_SET_INFORMATION { DWORD Size; CPU_SET_INFORMATION_TYPE Type; union { struct { DWORD Id; WORD Group;
// BYTE LogicalProcessorIndex; BYTE CoreIndex; BYTE LastLevelCacheIndex; BYTE NumaNodeIndex; BYTE EfficiencyClass; struct { BOOLEAN
// Parked : 1; BOOLEAN Allocated : 1; BOOLEAN AllocatedToTargetProcess : 1; BOOLEAN RealTime : 1; BYTE ReservedFlags : 4; }; DWORD
// Reserved; DWORD64 AllocationTag; } CpuSet; };} SYSTEM_CPU_SET_INFORMATION, *PSYSTEM_CPU_SET_INFORMATION;// https://msdn.microsoft.com/en-us/library/windows/desktop/mt186429(v=vs.85).aspx
[PInvokeData("Winnt.h", MSDNShortId = "mt186429")]
[StructLayout(LayoutKind.Sequential)]
public struct SYSTEM_CPU_SET_INFORMATION
{
/// This is the size, in bytes, of this information structure.
public uint Size;
///
/// This is the type of information in the structure. Applications should skip any structures with unrecognized types.
///
public CPU_SET_INFORMATION_TYPE Type;
/// Union of structures that can be specified by Type.
public SYSTEM_CPU_UNION Union;
/// Defines structures that can be specified by Type.
[StructLayout(LayoutKind.Explicit)]
public struct SYSTEM_CPU_UNION
{
/// Value used when Type is CpuSetInformation.
[FieldOffset(0)]
public SYSTEM_CPU_SET_INFORMATION1 CpuSet;
}
}
/// Defines values used when Type is CpuSetInformation.
[StructLayout(LayoutKind.Sequential)]
public struct SYSTEM_CPU_SET_INFORMATION1
{
///
/// The ID of the specified CPU Set. This identifier can be used with SetProcessDefaultCpuSets or SetThreadSelectedCpuSets when
/// specifying a list of CPU Sets to affinitize to.
///
public uint Id;
///
/// Specifies the Processor Group of the CPU Set. All other values in the CpuSet structure are relative to the processor group.
///
public ushort Group;
///
/// Specifies the group-relative index of the home processor of the CPU Set. Unless the CPU Set is parked for thermal or power
/// management reasons or assigned for exclusive use to another application, threads will run on the home processor of one of
/// their CPU Sets. The Group and LogicalProcessorIndex fields are the same as the ones found in the PROCESSOR_NUMBER structure
/// and they correspond to the Group field and Mask field of the GROUP_AFFINITY structure.
///
public byte LogicalProcessorIndex;
///
/// A group-relative value indicating which "Core" has the home processor of the CPU Set. This number is the same for all CPU
/// Sets in the same group that share significant execution resources with each other, such as different hardware threads on a
/// single core that supports simultaneous multi-threading.
///
public byte CoreIndex;
///
/// A group-relative value indicating which CPU Sets share at least one level of cache with each other. This value is the same
/// for all CPU Sets in a group that are on processors that share cache with each other.
///
public byte LastLevelCacheIndex;
///
/// A group-relative value indicating which NUMA node a CPU Set is on. All CPU Sets in a given group that are on the same NUMA
/// node will have the same value for this field.
///
public byte NumaNodeIndex;
///
/// A value indicating the intrinsic energy efficiency of a processor for systems that support heterogeneous processors (such as
/// ARM big.LITTLE systems). CPU Sets with higher numerical values of this field have home processors that are faster but less
/// power-efficient than ones with lower values.
///
public byte EfficiencyClass;
/// All flags
public SYSTEM_CPU_SET_FLAGS AllFlags;
/// Reserved
private readonly uint Reserved;
///
/// Specifies a tag used by Core Allocation to communicate a given allocated CPU Set between threads in different components.
///
public ulong AllocationTag;
}
///
/// Specifies the throttling policies and how to apply them to a target thread when that thread is subject to power management.
///
// typedef struct _THREAD_POWER_THROTTLING_STATE { ULONG Version; ULONG ControlMask; ULONG StateMask;} THREAD_POWER_THROTTLING_STATE,
// *PTHREAD_POWER_THROTTLING_STATE; https://msdn.microsoft.com/en-us/library/windows/desktop/mt804325(v=vs.85).aspx
[PInvokeData("Processthreadsapi.h", MSDNShortId = "mt804325")]
[StructLayout(LayoutKind.Sequential)]
public struct THREAD_POWER_THROTTLING_STATE
{
///
/// The version of the THREAD_POWER_THROTTLING_STATE structure.
///
///
///
/// Value
/// Meaning
///
/// -
/// THREAD_POWER_THROTTLING_CURRENT_VERSION
/// The current version.
///
///
///
///
public uint Version;
///
/// This field enables the caller to take control of the power throttling mechanism.
///
///
///
/// Value
/// Meaning
///
/// -
/// THREAD_POWER_THROTTLING_EXECUTION_SPEED
/// Manages the execution speed of the thread.
///
///
///
///
public uint ControlMask;
///
/// Manages the power throttling mechanism on/off state.
///
///
///
/// Value
/// Meaning
///
/// -
/// THREAD_POWER_THROTTLING_EXECUTION_SPEED
/// Manages the execution speed of the thread.
///
///
///
///
public uint StateMask;
}
/// Provides a to a process that releases a created HPROCESS instance at disposal using CloseHandle.
public class SafeHPROCESS : SafeSyncHandle
{
/// Initializes a new instance of the class and assigns an existing handle.
/// An object that represents the pre-existing handle to use.
///
/// to reliably release the handle during the finalization phase; otherwise, (not recommended).
///
public SafeHPROCESS(HPROCESS preexistingHandle, bool ownsHandle = true) : base((IntPtr)preexistingHandle, ownsHandle) { }
private SafeHPROCESS() : base() { }
/// Gets a handle to the current process that can be used across processes.
/// The current process handle.
public static SafeHPROCESS Current => new SafeHPROCESS(GetCurrentProcess().Duplicate());
/// Represents a or invalid process.
public static SafeHPROCESS Null => new SafeHPROCESS();
/// Performs an implicit conversion from to .
/// The safe handle instance.
/// The result of the conversion.
public static implicit operator HPROCESS(SafeHPROCESS h) => h.handle;
}
/// Provides a to a thread that releases a created HTHREAD instance at disposal using CloseHandle.
public class SafeHTHREAD : SafeSyncHandle
{
/// Initializes a new instance of the class and assigns an existing handle.
/// An object that represents the pre-existing handle to use.
///
/// to reliably release the handle during the finalization phase; otherwise, (not recommended).
///
public SafeHTHREAD(HTHREAD preexistingHandle, bool ownsHandle = true) : base((IntPtr)preexistingHandle, ownsHandle) { }
private SafeHTHREAD() : base() { }
/// Gets a handle to the current thread that can be used across processes.
/// The current thread handle.
public static SafeHTHREAD Current => new SafeHTHREAD(GetCurrentThread().Duplicate());
/// Performs an implicit conversion from to .
/// The safe handle instance.
/// The result of the conversion.
public static implicit operator HTHREAD(SafeHTHREAD h) => h.handle;
}
///
/// Contains information about a newly created process and its primary thread. It is used with the CreateProcess,
/// CreateProcessAsUser, CreateProcessWithLogonW, or CreateProcessWithTokenW function. This class will close the
/// process and thread handles at disposal.
///
// typedef struct _PROCESS_INFORMATION { HANDLE hProcess; HANDLE hThread; DWORD dwProcessId; DWORD dwThreadId;} PROCESS_INFORMATION,
// *LPPROCESS_INFORMATION; https://msdn.microsoft.com/en-us/library/windows/desktop/ms684873(v=vs.85).aspx
[PInvokeData("WinBase.h", MSDNShortId = "ms684873")]
public sealed class SafePROCESS_INFORMATION : IDisposable
{
///
/// Initializes a new instance of the class.
///
/// The pi.
public SafePROCESS_INFORMATION(in PROCESS_INFORMATION pi)
{
hProcess = new SafeHPROCESS(pi.hProcess);
hThread = new SafeHTHREAD(pi.hThread);
dwProcessId = pi.dwProcessId;
dwThreadId = pi.dwThreadId;
}
/// Initializes an empty instance of the class.
public SafePROCESS_INFORMATION()
{
hProcess = new SafeHPROCESS(IntPtr.Zero);
hThread = new SafeHTHREAD(IntPtr.Zero);
}
///
/// A value that can be used to identify a process. The value is valid from the time the process is created until all handles to
/// the process are closed and the process object is freed; at this point, the identifier may be reused.
///
public uint dwProcessId { get; }
///
/// A value that can be used to identify a thread. The value is valid from the time the thread is created until all handles to
/// the thread are closed and the thread object is freed; at this point, the identifier may be reused.
///
public uint dwThreadId { get; }
///
/// A handle to the newly created process. The handle is used to specify the process in all functions that perform operations on
/// the process object.
///
public SafeHPROCESS hProcess { get; private set; }
///
/// A handle to the primary thread of the newly created process. The handle is used to specify the thread in all functions that
/// perform operations on the thread object.
///
public SafeHTHREAD hThread { get; private set; }
/// Performs application-defined tasks associated with freeing, releasing, or resetting unmanaged resources.
void IDisposable.Dispose()
{
hProcess.Dispose();
hThread.Dispose();
}
}
}
}