using System; using System.Runtime.InteropServices; using System.Text; using Vanara.Extensions; using Vanara.InteropServices; using FILETIME = System.Runtime.InteropServices.ComTypes.FILETIME; namespace Vanara.PInvoke { public static partial class Kernel32 { ///

Value indicating that there are no thread local storage indexes to allocate.

public const uint TLS_OUT_OF_INDEXES = 0xFFFFFFFF; ///

The maximum processors.

public static readonly uint MAXIMUM_PROCESSORS = (uint)IntPtr.Size * 8U; ///

Undocumented.

public static readonly UIntPtr PROC_THREAD_ATTRIBUTE_ALL_APPLICATION_PACKAGES_POLICY = ProcThreadAttributeValue(PROC_THREAD_ATTRIBUTE_NUM.ProcThreadAttributeAllApplicationPackagesPolicy, false, true, false); ///

/// The lpValue parameter is a pointer to a DWORD or DWORD64 value that specifies the child process policy. THe policy specifies /// whether to allow a child process to be created.For information on the possible values for the DWORD or DWORD64 to which lpValue /// points, see Remarks. ///

public static readonly UIntPtr PROC_THREAD_ATTRIBUTE_CHILD_PROCESS_POLICY = ProcThreadAttributeValue(PROC_THREAD_ATTRIBUTE_NUM.ProcThreadAttributeChildProcessPolicy, false, true, false); ///

/// This attribute is relevant only to win32 applications that have been converted to UWP packages by using the Desktop Bridge. The /// lpValue parameter is a pointer to a DWORD value that specifies the desktop app policy. The policy specifies whether descendant /// processes should continue to run in the desktop environment.For information about the possible values for the DWORD to which /// lpValue points, see Remarks. ///

public static readonly UIntPtr PROC_THREAD_ATTRIBUTE_DESKTOP_APP_POLICY = ProcThreadAttributeValue(PROC_THREAD_ATTRIBUTE_NUM.ProcThreadAttributeDesktopAppPolicy, false, true, false); ///

/// The lpValue parameter is a pointer to a GROUP_AFFINITY structure that specifies the processor group affinity for the new /// thread.Windows Server 2008 and Windows Vista: This value is not supported until Windows 7 and Windows Server 2008 R2. ///

public static readonly UIntPtr PROC_THREAD_ATTRIBUTE_GROUP_AFFINITY = ProcThreadAttributeValue(PROC_THREAD_ATTRIBUTE_NUM.ProcThreadAttributeGroupAffinity, true, true, false); ///

/// The lpValue parameter is a pointer to a list of handles to be inherited by the child process.These handles must be created as /// inheritable handles and must not include pseudo handles such as those returned by the GetCurrentProcess or GetCurrentThread function. ///

public static readonly UIntPtr PROC_THREAD_ATTRIBUTE_HANDLE_LIST = ProcThreadAttributeValue(PROC_THREAD_ATTRIBUTE_NUM.ProcThreadAttributeHandleList, false, true, false); ///

/// The lpValue parameter is a pointer to a PROCESSOR_NUMBER structure that specifies the ideal processor for the new thread.Windows /// Server 2008 and Windows Vista: This value is not supported until Windows 7 and Windows Server 2008 R2. ///

public static readonly UIntPtr PROC_THREAD_ATTRIBUTE_IDEAL_PROCESSOR = ProcThreadAttributeValue(PROC_THREAD_ATTRIBUTE_NUM.ProcThreadAttributeIdealProcessor, true, true, false); ///

Undocumented.

public static readonly UIntPtr PROC_THREAD_ATTRIBUTE_JOB_LIST = ProcThreadAttributeValue(PROC_THREAD_ATTRIBUTE_NUM.ProcThreadAttributeJobList, false, true, false); ///

/// The lpValue parameter is a pointer to a DWORD or DWORD64 that specifies the exploit mitigation policy for the child process. /// Starting in Windows 10, version 1703, this parameter can also be a pointer to a two-element DWORD64 array.The specified policy /// overrides the policies set for the application and the system and cannot be changed after the child process starts running. /// Windows Server 2008 and Windows Vista: This value is not supported until Windows 7 and Windows Server 2008 R2.The DWORD or /// DWORD64 pointed to by lpValue can be one or more of the values listed in the remarks. ///

public static readonly UIntPtr PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY = ProcThreadAttributeValue(PROC_THREAD_ATTRIBUTE_NUM.ProcThreadAttributeMitigationPolicy, false, true, false); ///

/// The lpValue parameter is a pointer to a handle to a process to use instead of the calling process as the parent for the process /// being created. The process to use must have the PROCESS_CREATE_PROCESS access right.Attributes inherited from the specified /// process include handles, the device map, processor affinity, priority, quotas, the process token, and job object. (Note that some /// attributes such as the debug port will come from the creating process, not the process specified by this handle.) ///

public static readonly UIntPtr PROC_THREAD_ATTRIBUTE_PARENT_PROCESS = ProcThreadAttributeValue(PROC_THREAD_ATTRIBUTE_NUM.ProcThreadAttributeParentProcess, false, true, false); ///

/// The lpValue parameter is a pointer to the node number of the preferred NUMA node for the new process.Windows Server 2008 and /// Windows Vista: This value is not supported until Windows 7 and Windows Server 2008 R2. ///

public static readonly UIntPtr PROC_THREAD_ATTRIBUTE_PREFERRED_NODE = ProcThreadAttributeValue(PROC_THREAD_ATTRIBUTE_NUM.ProcThreadAttributePreferredNode, false, true, false); ///

/// The lpValue parameter is a pointer to a DWORD value of PROTECTION_LEVEL_SAME. This specifies the protection level of the child /// process to be the same as the protection level of its parent process. ///

public static readonly UIntPtr PROC_THREAD_ATTRIBUTE_PROTECTION_LEVEL = ProcThreadAttributeValue(PROC_THREAD_ATTRIBUTE_NUM.ProcThreadAttributeProtectionLevel, false, true, false); ///

/// The lpValue parameter is a pointer to a SECURITY_CAPABILITIES structure that defines the security capabilities of an app /// container. If this attribute is set the new process will be created as an AppContainer process.Windows 7, Windows Server 2008 R2, /// Windows Server 2008 and Windows Vista: This value is not supported until Windows 8 and Windows Server 2012. ///

public static readonly UIntPtr PROC_THREAD_ATTRIBUTE_SECURITY_CAPABILITIES = ProcThreadAttributeValue(PROC_THREAD_ATTRIBUTE_NUM.ProcThreadAttributeSecurityCapabilities, false, true, false); ///

/// The lpValue parameter is a pointer to a UMS_CREATE_THREAD_ATTRIBUTES structure that specifies a user-mode scheduling (UMS) thread /// context and a UMS completion list to associate with the thread. After the UMS thread is created, the system queues it to the /// specified completion list. The UMS thread runs only when an application's UMS scheduler retrieves the UMS thread from the /// completion list and selects it to run. For more information, see User-Mode Scheduling.Windows Server 2008 and Windows Vista: This /// value is not supported until Windows 7 and Windows Server 2008 R2. ///

public static readonly UIntPtr PROC_THREAD_ATTRIBUTE_UMS_THREAD = ProcThreadAttributeValue(PROC_THREAD_ATTRIBUTE_NUM.ProcThreadAttributeUmsThread, true, true, false); ///

Undocumented.

public static readonly UIntPtr PROC_THREAD_ATTRIBUTE_WIN32K_FILTER = ProcThreadAttributeValue(PROC_THREAD_ATTRIBUTE_NUM.ProcThreadAttributeWin32kFilter, false, true, false); private const uint PROC_THREAD_ATTRIBUTE_ADDITIVE = 0x00040000; private const uint PROC_THREAD_ATTRIBUTE_INPUT = 0x00020000; private const uint PROC_THREAD_ATTRIBUTE_NUMBER = 0x0000FFFF; private const uint PROC_THREAD_ATTRIBUTE_THREAD = 0x00010000; ///

/// An application-defined completion routine. Specify this address when calling the QueueUserAPC function. The PAPCFUNC type defines /// a pointer to this callback function. ///

/// The data passed to the function using the dwData parameter of the QueueUserAPC function. [UnmanagedFunctionPointer(CallingConvention.StdCall)] public delegate void PAPCFUNC(UIntPtr dwParam); ///

Represents the type of information in the SYSTEM_CPU_SET_INFORMATION structure.

// typedef enum _CPU_SET_INFORMATION_TYPE { CpuSetInformation} CPU_SET_INFORMATION_TYPE, *PCPU_SET_INFORMATION_TYPE; https://msdn.microsoft.com/en-us/library/windows/desktop/mt186423(v=vs.85).aspx [PInvokeData("Processthreadapi.h", MSDNShortId = "mt186423")] public enum CPU_SET_INFORMATION_TYPE { ///

The structure contains CPU Set information.

CpuSetInformation } ///

/// The following process creation flags are used by the CreateProcess, CreateProcessAsUser, /// CreateProcessWithLogonW, and CreateProcessWithTokenW functions. They can be specified in any combination, except as noted. ///

// https://msdn.microsoft.com/en-us/library/windows/desktop/ms684863(v=vs.85).aspx [PInvokeData("WinBase.h", MSDNShortId = "ms684863")] [Flags] public enum CREATE_PROCESS : uint { ///

/// The child processes of a process associated with a job are not associated with the job. If the calling process is not /// associated with a job, this constant has no effect. If the calling process is associated with a job, the job must set the /// JOB_OBJECT_LIMIT_BREAKAWAY_OK limit. ///

CREATE_BREAKAWAY_FROM_JOB = 0x01000000, ///

/// The new process does not inherit the error mode of the calling process. Instead, the new process gets the default error mode. /// This feature is particularly useful for multithreaded shell applications that run with hard errors disabled.The default /// behavior is for the new process to inherit the error mode of the caller. Setting this flag changes that default behavior. ///

CREATE_DEFAULT_ERROR_MODE = 0x04000000, ///

/// The new process has a new console, instead of inheriting its parent's console (the default). For more information, see /// Creation of a Console. This flag cannot be used with DETACHED_PROCESS. ///

CREATE_NEW_CONSOLE = 0x00000010, ///

/// The new process is the root process of a new process group. The process group includes all processes that are descendants of /// this root process. The process identifier of the new process group is the same as the process identifier, which is returned /// in the lpProcessInformation parameter. Process groups are used by the GenerateConsoleCtrlEvent function to enable sending a /// CTRL+BREAK signal to a group of console processes.If this flag is specified, CTRL+C signals will be disabled for all /// processes within the new process group.This flag is ignored if specified with CREATE_NEW_CONSOLE. ///

CREATE_NEW_PROCESS_GROUP = 0x00000200, ///

/// The process is a console application that is being run without a console window. Therefore, the console handle for the /// application is not set.This flag is ignored if the application is not a console application, or if it is used with either /// CREATE_NEW_CONSOLE or DETACHED_PROCESS. ///

CREATE_NO_WINDOW = 0x08000000, ///

/// The process is to be run as a protected process. The system restricts access to protected processes and the threads of /// protected processes. For more information on how processes can interact with protected processes, see Process Security and /// Access Rights.To activate a protected process, the binary must have a special signature. This signature is provided by /// Microsoft but not currently available for non-Microsoft binaries. There are currently four protected processes: media /// foundation, audio engine, Windows error reporting, and system. Components that load into these binaries must also be signed. /// Multimedia companies can leverage the first two protected processes. For more information, see Overview of the Protected /// Media Path.Windows Server 2003 and Windows XP: This value is not supported. ///

CREATE_PROTECTED_PROCESS = 0x00040000, ///

/// Allows the caller to execute a child process that bypasses the process restrictions that would normally be applied /// automatically to the process. ///

CREATE_PRESERVE_CODE_AUTHZ_LEVEL = 0x02000000, ///

This flag allows secure processes, that run in the Virtualization-Based Security environment, to launch.

CREATE_SECURE_PROCESS = 0x00400000, ///

/// This flag is valid only when starting a 16-bit Windows-based application. If set, the new process runs in a private Virtual /// DOS Machine (VDM). By default, all 16-bit Windows-based applications run as threads in a single, shared VDM. The advantage of /// running separately is that a crash only terminates the single VDM; any other programs running in distinct VDMs continue to /// function normally. Also, 16-bit Windows-based applications that are run in separate VDMs have separate input queues. That /// means that if one application stops responding momentarily, applications in separate VDMs continue to receive input. The /// disadvantage of running separately is that it takes significantly more memory to do so. You should use this flag only if the /// user requests that 16-bit applications should run in their own VDM. ///

CREATE_SEPARATE_WOW_VDM = 0x00000800, ///

/// The flag is valid only when starting a 16-bit Windows-based application. If the DefaultSeparateVDM switch in the Windows /// section of WIN.INI is TRUE, this flag overrides the switch. The new process is run in the shared Virtual DOS Machine. ///

CREATE_SHARED_WOW_VDM = 0x00001000, ///

/// The primary thread of the new process is created in a suspended state, and does not run until the ResumeThread function is called. ///

CREATE_SUSPENDED = 0x00000004, ///

/// If this flag is set, the environment block pointed to by lpEnvironment uses Unicode characters. Otherwise, the environment /// block uses ANSI characters. ///

CREATE_UNICODE_ENVIRONMENT = 0x00000400, ///

/// The calling thread starts and debugs the new process. It can receive all related debug events using the WaitForDebugEvent function. ///

DEBUG_ONLY_THIS_PROCESS = 0x00000002, ///

/// The calling thread starts and debugs the new process and all child processes created by the new process. It can receive all /// related debug events using the WaitForDebugEvent function. A process that uses DEBUG_PROCESS becomes the root of a debugging /// chain. This continues until another process in the chain is created with DEBUG_PROCESS.If this flag is combined with /// DEBUG_ONLY_THIS_PROCESS, the caller debugs only the new process, not any child processes. ///

DEBUG_PROCESS = 0x00000001, ///

/// For console processes, the new process does not inherit its parent's console (the default). The new process can call the /// AllocConsole function at a later time to create a console. For more information, see Creation of a Console. This value cannot /// be used with CREATE_NEW_CONSOLE. ///

DETACHED_PROCESS = 0x00000008, ///

/// The process is created with extended startup information; the lpStartupInfo parameter specifies a STARTUPINFOEX /// structure.Windows Server 2003 and Windows XP: This value is not supported. ///

EXTENDED_STARTUPINFO_PRESENT = 0x00080000, ///

/// The process inherits its parent's affinity. If the parent process has threads in more than one processor group, the new /// process inherits the group-relative affinity of an arbitrary group in use by the parent.Windows Server 2008, Windows Vista, /// Windows Server 2003 and Windows XP: This value is not supported. ///

INHERIT_PARENT_AFFINITY = 0x00010000, ///

Process with no special scheduling needs.

NORMAL_PRIORITY_CLASS = 0x00000020, ///

/// Process whose threads run only when the system is idle and are preempted by the threads of any process running in a higher /// priority class. An example is a screen saver. The idle priority class is inherited by child processes. ///

IDLE_PRIORITY_CLASS = 0x00000040, ///

/// Process that performs time-critical tasks that must be executed immediately for it to run correctly. The threads of a /// high-priority class process preempt the threads of normal or idle priority class processes. An example is the Task List, /// which must respond quickly when called by the user, regardless of the load on the operating system. Use extreme care when /// using the high-priority class, because a high-priority class CPU-bound application can use nearly all available cycles. ///

HIGH_PRIORITY_CLASS = 0x00000080, ///

/// Process that has the highest possible priority. The threads of a real-time priority class process preempt the threads of all /// other processes, including operating system processes performing important tasks. For example, a real-time process that /// executes for more than a very brief interval can cause disk caches not to flush or cause the mouse to be unresponsive. ///

REALTIME_PRIORITY_CLASS = 0x00000100, ///

Process that has priority above IDLE_PRIORITY_CLASS but below NORMAL_PRIORITY_CLASS.

BELOW_NORMAL_PRIORITY_CLASS = 0x00004000, ///

Process that has priority above NORMAL_PRIORITY_CLASS but below HIGH_PRIORITY_CLASS.

ABOVE_NORMAL_PRIORITY_CLASS = 0x00008000, ///

Undocumented.

CREATE_FORCEDOS = 0x00002000, ///

Creates profiles for the user mode modeuls of the process.

PROFILE_USER = 0x10000000, ///

Undocumented.

PROFILE_KERNEL = 0x20000000, ///

Undocumented.

PROFILE_SERVER = 0x40000000, ///

Undocumented.

CREATE_IGNORE_SYSTEM_DEFAULT = 0x80000000, ///

Undocumented.

INHERIT_CALLER_PRIORITY = 0x00020000, ///

/// Begin background processing mode. The system lowers the resource scheduling priorities of the process (and its threads) so /// that it can perform background work without significantly affecting activity in the foreground. /// /// This value can be specified only if hProcess is a handle to the current process. The function fails if the process is already /// in background processing mode. /// /// Windows Server 2003 and Windows XP: This value is not supported. ///

PROCESS_MODE_BACKGROUND_BEGIN = 0x00100000, ///

/// End background processing mode. The system restores the resource scheduling priorities of the process (and its threads) as /// they were before the process entered background processing mode. /// /// This value can be specified only if hProcess is a handle to the current process. The function fails if the process is not in /// background processing mode. /// /// Windows Server 2003 and Windows XP: This value is not supported. ///

PROCESS_MODE_BACKGROUND_END = 0x00200000, } ///

Flags used by .

[Flags] public enum CREATE_THREAD_FLAGS { /// The thread runs immediately after creation. RUN_IMMEDIATELY = 0, /// The thread is created in a suspended state, and does not run until the ResumeThread function is called. CREATE_SUSPENDED = 4, /// The dwStackSize parameter specifies the initial reserve size of the stack. If this flag is not specified, dwStackSize /// specifies the commit size. STACK_SIZE_PARAM_IS_A_RESERVATION = 0x00010000, } ///

The memory priority for the thread or process.

public enum MEMORY_PRIORITY { ///

Lowest memory priority.

MEMORY_PRIORITY_LOWEST = 0, ///

Very low memory priority.

MEMORY_PRIORITY_VERY_LOW = 1, ///

Low memory priority.

MEMORY_PRIORITY_LOW = 2, ///

Medium memory priority.

MEMORY_PRIORITY_MEDIUM = 3, ///

Below normal memory priority.

MEMORY_PRIORITY_BELOW_NORMAL = 4, ///

Normal memory priority. This is the default priority for all threads and processes on the system.

MEMORY_PRIORITY_NORMAL = 5, } ///

The affinity update mode.

public enum PROCESS_AFFINITY_MODE { ///

Dynamic update of the process affinity by the system is disabled.

PROCESS_AFFINITY_DISABLE_AUTO_UPDATE, ///

Dynamic update of the process affinity by the system is enabled.

PROCESS_AFFINITY_ENABLE_AUTO_UPDATE } ///

Indicates type of structure used in GetProcessInformation and SetProcessInformation calls.

public enum PROCESS_INFORMATION_CLASS { ///

Indicates that a MEMORY_PRIORITY_INFORMATION structure is specified for the operation.

[CorrespondingType(typeof(MEMORY_PRIORITY_INFORMATION))] ProcessMemoryPriority, ///

Indicates that a PROCESS_MEMORY_EXHAUSTION_INFO structure is specified for the operation.

[CorrespondingType(typeof(PROCESS_MEMORY_EXHAUSTION_INFO))] ProcessMemoryExhaustionInfo, ///

Indicates that a APP_MEMORY_INFORMATION structure is specified for the operation.

[CorrespondingType(typeof(APP_MEMORY_INFORMATION))] ProcessAppMemoryInfo, ///

Undocumented.

ProcessInPrivateInfo, ///

Indicates that a PROCESS_POWER_THROTTLING_STATE structure is specified for the operation.

[CorrespondingType(typeof(PROCESS_POWER_THROTTLING_STATE))] ProcessPowerThrottling, ///

Undocumented.

ProcessReservedValue1, ///

Undocumented.

ProcessTelemetryCoverageInfo, ///

Indicates that a PROCESS_PROTECTION_LEVEL_INFORMATION structure is specified for the operation.

[CorrespondingType(typeof(PROCESS_PROTECTION_LEVEL_INFORMATION))] ProcessProtectionLevelInfo, } ///

Represents the different memory exhaustion types.

// typedef enum _PROCESS_MEMORY_EXHAUSTION_TYPE { PMETypeFailFastOnCommitFailure, PMETypeMax} PROCESS_MEMORY_EXHAUSTION_TYPE, // *PPROCESS_MEMORY_EXHAUSTION_TYPE;// https://msdn.microsoft.com/en-us/library/windows/desktop/mt767998(v=vs.85).aspx [PInvokeData("WinBase.h", MSDNShortId = "mt767998")] public enum PROCESS_MEMORY_EXHAUSTION_TYPE { ///

/// Anytime memory management fails an allocation due to an inability to commit memory, it will cause the process to trigger a /// Windows Error Reporting report and then terminate immediately with STATUS_COMMITMENT_LIMIT. The failure cannot be /// caught and handled by the app. ///

PMETypeFailFastOnCommitFailure, ///

The maximum value for this enumeration. This value may change in a future version.

PMETypeMax } ///

Flags used by PROCESS_MITIGATION_ASLR_POLICY

[Flags] public enum PROCESS_MITIGATION_ASLR_POLICY_FLAGS : uint { ///

/// Thread stacks and other bottom-up allocations are subject to randomization by ASLR if this flag is set. This flag is /// read-only and cannot be modified after a process has been created. ///

EnableBottomUpRandomization = 1 << 0, ///

Images that have not been built with /DYNAMICBASE are forcibly relocated on load if this flag is set.

EnableForceRelocateImages = 1 << 1, ///

/// Bottom-up allocations are subject to higher degrees of entropy when randomized by ASLR if this flag is set. This flag only /// applies to 64-bit processes and is read-only. ///

EnableHighEntropy = 1 << 2, ///

/// Images that have not been built with /DYNAMICBASE and do not have relocation information will fail to load if this flag and /// EnableForceRelocateImages are set. ///

DisallowStrippedImages = 1 << 3, } ///

Flags used by PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY.

[Flags] public enum PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY_FLAGS : uint { ///

/// Set (0x1) to prevent the process from loading images that are not signed by Microsoft; otherwise leave unset (0x0). ///

MicrosoftSignedOnly = 1 << 0, ///

/// Set (0x1) to prevent the process from loading images that are not signed by the Windows Store; otherwise leave unset (0x0). ///

StoreSignedOnly = 1 << 1, ///

/// Set (0x1) to prevent the process from loading images that are not signed by Microsoft, the Windows Store and the Windows /// Hardware Quality Labs (WHQL); otherwise leave unset (0x0). ///

MitigationOptIn = 1 << 2, ///

Undocumented

AuditMicrosoftSignedOnly = 1 << 3, ///

Undocumented

AuditStoreSignedOnly = 1 << 4, } ///

Flags used by PROCESS_MITIGATION_CHILD_PROCESS_POLICY.

[Flags] public enum PROCESS_MITIGATION_CHILD_PROCESS_POLICY_FLAGS : uint { ///

If set, the process cannot create child processes.

NoChildProcessCreation = 1 << 0, ///

/// If set, causes audit events to be generated when child processes are created by the process. If both NoChildProcessCreation /// and AuditNoChildProcessCreation are set, NoChildProcessCreation takes precedence over audit setting. ///

AuditNoChildProcessCreation = 1 << 1, ///

/// Denies creation of child processes unless the child process is a secure process and if creation was previously blocked. It /// allows a process to spawn a child process on behalf of another process that cannot itself create child processes. See /// PROCESS_CREATION_CHILD_PROCESS_OVERRIDE in UpdateProcThreadAttribute. ///

AllowSecureProcessCreation = 1 << 2, } ///

Flags used by PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY

[Flags] public enum PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY_FLAGS : uint { ///

CFG is enabled for the process if this flag is set. This field cannot be changed via SetProcessMitigationPolicy.

EnableControlFlowGuard = 1 << 0, ///

/// If TRUE, exported functions will be treated as invalid indirect call targets by default. Exported functions only become valid /// indirect call targets if they are dynamically resolved via GetProcAddress. This field cannot be changed via SetProcessMitigationPolicy. ///

EnableExportSuppression = 1 << 1, ///

/// If TRUE, all DLLs that are loaded must enable CFG. If a DLL does not enable CFG then the image will fail to load. This policy /// can be enabled after a process has started by calling SetProcessMitigationPolicy. It cannot be disabled once enabled. ///

StrictMode = 1 << 2, } ///

Flags used by PROCESS_MITIGATION_DEP_POLICY

[Flags] public enum PROCESS_MITIGATION_DEP_POLICY_FLAGS : uint { ///

DEP is enabled for the process if this flag is set.

Enable = 1 << 0, ///

ATL thunk emulation is disabled for the process if this flag is set.

DisableAtlThunkEmulation = 1 << 1, } ///

Flags used by PROCESS_MITIGATION_DYNAMIC_CODE_POLICY

[Flags] public enum PROCESS_MITIGATION_DYNAMIC_CODE_POLICY_FLAGS : uint { ///

/// Set (0x1) to prevent the process from generating dynamic code or modifying existing executable code; otherwise leave unset (0x0). ///

ProhibitDynamicCode = 1 << 0, ///

/// Set (0x1) to allow threads to opt out of the restrictions on dynamic code generation by calling the /// SetThreadInformation function with the ThreadInformation parameter set to ThreadDynamicCodePolicy; otherwise /// leave unset (0x0). You should not use the AllowThreadOptOut and ThreadDynamicCodePolicy settings together to /// provide strong security. These settings are only intended to enable applications to adapt their code more easily for full /// dynamic code restrictions. ///

AllowThreadOptOut = 1 << 1, ///

/// Set (0x1) to allow non-AppContainer processes to modify all of the dynamic code settings for the calling process, including /// relaxing dynamic code restrictions after they have been set. ///

AllowRemoteDowngrade = 1 << 2, ///

Undocumented

AuditProhibitDynamicCode = 1 << 3, } ///

Flags used by PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY

[Flags] public enum PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY_FLAGS : uint { ///

Prevents legacy extension point DLLs from being loaded into the process.

DisableExtensionPoints = 1 << 0, } ///

Flags used by PROCESS_MITIGATION_FONT_DISABLE_POLICY.

[Flags] public enum PROCESS_MITIGATION_FONT_DISABLE_POLICY_FLAGS : uint { ///

Set (0x1) to prevent the process from loading non-system fonts; otherwise leave unset (0x0).

DisableNonSystemFonts = 1 << 0, ///

/// Set (0x1) to indicate that an Event Tracing for Windows (ETW) event should be logged when the process attempts to load a /// non-system font; leave unset (0x0) to indicate that an ETW event should not be logged. ///

AuditNonSystemFontLoading = 1 << 1, } ///

Flags used by PROCESS_MITIGATION_IMAGE_LOAD_POLICY.

[Flags] public enum PROCESS_MITIGATION_IMAGE_LOAD_POLICY_FLAGS : uint { ///

/// Set (0x1) to prevent the process from loading images from a remote device, such as a UNC share; otherwise leave unset (0x0). ///

NoRemoteImages = 1 << 0, ///

/// Set (0x1) to prevent the process from loading images that have a Low mandatory label, as written by low IL; otherwise leave /// unset (0x0). ///

NoLowMandatoryLabelImages = 1 << 1, ///

/// Set (0x1) to search for images to load in the System32 subfolder of the folder in which Windows is installed first, then in /// the application directory in the standard DLL search order; otherwise leave unset (0x0). ///

PreferSystem32Images = 1 << 2, ///

Undocumented.

AuditNoRemoteImages = 1 << 3, ///

Undocumented.

AuditNoLowMandatoryLabelImages = 1 << 4, } ///

Flags used by PROCESS_MITIGATION_PAYLOAD_RESTRICTION_POLICY.

[Flags] public enum PROCESS_MITIGATION_PAYLOAD_RESTRICTION_POLICY_FLAGS : uint { ///

If set this enables the Export Address Filter mitigation in enforcement mode for the process.

EnableExportAddressFilter = 1 << 0, ///

If set this enables the Export Address Filter mitigation in audit mode for the process.

AuditExportAddressFilter = 1 << 1, ///

If set this enables the Export Address Filter Plus mitigation in enforcement mode for the process.

EnableExportAddressFilterPlus = 1 << 2, ///

If set this enables the Export Address Filter mitigation in audit mode for the process.

AuditExportAddressFilterPlus = 1 << 3, ///

If set this enables the Import Address Filter mitigation in enforcement mode for the process.

EnableImportAddressFilter = 1 << 4, ///

If set this enables the Import Address Filter mitigation in enforcement mode for the process.

AuditImportAddressFilter = 1 << 5, ///

/// If set this enables the stack pivot anti-ROP (Return-oriented-programming) mitigation in enforcement mode for the process. ///

EnableRopStackPivot = 1 << 6, ///

/// If set this enables the stack pivot anti-ROP (Return-oriented-programming) mitigation in audit mode for the process. ///

AuditRopStackPivot = 1 << 7, ///

/// If set this enables the caller check anti-ROP (Return-oriented-programming) mitigation in enforcement mode for the process. /// Applies to 32-bit processes only. ///

EnableRopCallerCheck = 1 << 8, ///

/// If set this enables the caller check anti-ROP (Return-oriented-programming) mitigation in audit mode for the process. Applies /// to 32-bit processes only. ///

AuditRopCallerCheck = 1 << 9, ///

/// If set this enables the simulated execution anti-ROP (Return-oriented-programming) mitigation in enforcement mode for the /// process. Applies to 32-bit processes only. ///

EnableRopSimExec = 1 << 10, ///

/// If set this enables the simulated execution anti-ROP (Return-oriented-programming) mitigation in audit mode for the process. /// Applies to 32-bit processes only. ///

AuditRopSimExec = 1 << 11, } ///

Represents the different process mitigation policies.

[PInvokeData("winnt.h")] public enum PROCESS_MITIGATION_POLICY { ///

The data execution prevention (DEP) policy of the process.

[CorrespondingType(typeof(PROCESS_MITIGATION_DEP_POLICY))] ProcessDEPPolicy, ///

The Address Space Layout Randomization (ASLR) policy of the process.

[CorrespondingType(typeof(PROCESS_MITIGATION_ASLR_POLICY))] ProcessASLRPolicy, ///

/// The policy that turns off the ability of the process to generate dynamic code or modify existing executable code. ///

[CorrespondingType(typeof(PROCESS_MITIGATION_DYNAMIC_CODE_POLICY))] ProcessDynamicCodePolicy, ///

/// The process will receive a fatal error if it manipulates an invalid handle. Useful for preventing downstream problems in a /// process due to handle misuse. ///

[CorrespondingType(typeof(PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY))] ProcessStrictHandleCheckPolicy, ///

Disables the ability to use NTUser/GDI functions at the lowest layer.

[CorrespondingType(typeof(PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY))] ProcessSystemCallDisablePolicy, ///

/// Returns the mask of valid bits for all the mitigation options on the system. An application can set many mitigation options /// without querying the operating system for mitigation options by combining bitwise with the mask to exclude all non-supported /// bits at once. ///

ProcessMitigationOptionsMask, ///

/// The policy that prevents some built-in third party extension points from being turned on, which prevents legacy extension /// point DLLs from being loaded into the process. ///

[CorrespondingType(typeof(PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY))] ProcessExtensionPointDisablePolicy, ///

The Control Flow Guard (CFG) policy of the process.

[CorrespondingType(typeof(PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY))] ProcessControlFlowGuardPolicy, ///

/// The policy of a process that can restrict image loading to those images that are either signed by Microsoft, by the Windows /// Store, or by Microsoft, the Windows Store and the Windows Hardware Quality Labs (WHQL). ///

[CorrespondingType(typeof(PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY))] ProcessSignaturePolicy, ///

The policy that turns off the ability of the process to load non-system fonts.

[CorrespondingType(typeof(PROCESS_MITIGATION_FONT_DISABLE_POLICY))] ProcessFontDisablePolicy, ///

/// The policy that turns off the ability of the process to load images from some locations, such a remote devices or files that /// have the low mandatory label. ///

[CorrespondingType(typeof(PROCESS_MITIGATION_IMAGE_LOAD_POLICY))] ProcessImageLoadPolicy, } ///

Flags used by PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY

[Flags] public enum PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY_FLAGS : uint { ///

/// When set to 1, an exception is raised if an invalid handle to a kernel object is used. Except as noted in the Remarks /// section, once exceptions for invalid handles are enabled for a process, they cannot be disabled. ///

RaiseExceptionOnInvalidHandleReference = 1 << 0, ///

When set to 1, exceptions for invalid kernel handles are permanently enabled.

HandleExceptionsPermanentlyEnabled = 1 << 1, } ///

Flags used by PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY

[Flags] public enum PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY_FLAGS : uint { ///

When set to 1, the process is not permitted to perform GUI system calls.

DisallowWin32kSystemCalls = 1 << 0, ///

Undocumented.

AuditDisallowWin32kSystemCalls = 1 << 1, } [Flags] public enum ProcessAccess : uint { PROCESS_TERMINATE = 0x0001, PROCESS_CREATE_THREAD = 0x0002, PROCESS_SET_SESSIONID = 0x0004, PROCESS_VM_OPERATION = 0x0008, PROCESS_VM_READ = 0x0010, PROCESS_VM_WRITE = 0x0020, PROCESS_DUP_HANDLE = 0x0040, PROCESS_CREATE_PROCESS = 0x0080, PROCESS_SET_QUOTA = 0x0100, PROCESS_SET_INFORMATION = 0x0200, PROCESS_QUERY_INFORMATION = 0x0400, PROCESS_SUSPEND_RESUME = 0x0800, PROCESS_QUERY_LIMITED_INFORMATION = 0x1000, PROCESS_SET_LIMITED_INFORMATION = 0x2000, PROCESS_ALL_ACCESS = ACCESS_MASK.STANDARD_RIGHTS_REQUIRED | ACCESS_MASK.SYNCHRONIZE | 0xFFFF, } ///

The processor feature to be tested.

[PInvokeData("winnt.h", MSDNShortId = "ms724482")] public enum PROCESSOR_FEATURE { ///

The alpha byte instructions are available.

PF_ALPHA_BYTE_INSTRUCTIONS = 5, ///

The 64-bit load/store atomic instructions are available.

PF_ARM_64BIT_LOADSTORE_ATOMIC = 25, ///

The divide instructions are available.

PF_ARM_DIVIDE_INSTRUCTION_AVAILABLE = 24, ///

The external cache is available.

PF_ARM_EXTERNAL_CACHE_AVAILABLE = 26, ///

The floating-point multiply-accumulate instruction is available.

PF_ARM_FMAC_INSTRUCTIONS_AVAILABLE = 27, ///

The neon instructions are available.

PF_ARM_NEON_INSTRUCTIONS_AVAILABLE = 19, ///

The v8 CRC32 instructions are available.

PF_ARM_V8_CRC32_INSTRUCTIONS_AVAILABLE = 31, ///

The v8 Crypto instructions are available.

PF_ARM_V8_CRYPTO_INSTRUCTIONS_AVAILABLE = 30, ///

The v8 instructions are available.

PF_ARM_V8_INSTRUCTIONS_AVAILABLE = 29, ///

The VFP/Neon: 32 x 64bit register bank is present. This flag has the same meaning as PF_ARM_VFP_EXTENDED_REGISTERS.

PF_ARM_VFP_32_REGISTERS_AVAILABLE = 18, ///

The 3D-Now instruction set is available.

PF_3DNOW_INSTRUCTIONS_AVAILABLE = 7, ///

The processor channels are enabled.

PF_CHANNELS_ENABLED = 16, ///

The atomic compare and exchange operation (cmpxchg) is available.

PF_COMPARE_EXCHANGE_DOUBLE = 2, ///

/// The atomic compare and exchange 128-bit operation (cmpxchg16b) is available. /// Windows Server 2003 and Windows XP/2000: This feature is not supported. ///

PF_COMPARE_EXCHANGE128 = 14, ///

/// The atomic compare 64 and exchange 128-bit operation (cmp8xchg16) is available. /// Windows Server 2003 and Windows XP/2000: This feature is not supported. ///

PF_COMPARE64_EXCHANGE128 = 15, ///

_fastfail() is available.

PF_FASTFAIL_AVAILABLE = 23, ///

/// Floating-point operations are emulated using a software emulator. /// This function returns a nonzero value if floating-point operations are emulated; otherwise, it returns zero. ///

PF_FLOATING_POINT_EMULATED = 1, ///

On a Pentium, a floating-point precision error can occur in rare circumstances.

PF_FLOATING_POINT_PRECISION_ERRATA = 0, ///

The MMX instruction set is available.

PF_MMX_INSTRUCTIONS_AVAILABLE = 3, ///

/// Data execution prevention is enabled. /// Windows XP/2000: This feature is not supported until Windows XP with SP2 and Windows Server 2003 with SP1. ///

PF_NX_ENABLED = 12, ///

/// The processor is PAE-enabled. For more information, see Physical Address Extension. /// All x64 processors always return a nonzero value for this feature. ///

PF_PAE_ENABLED = 9, ///

The PPC movemem 64 bit is ok.

PF_PPC_MOVEMEM_64BIT_OK = 4, ///

The pf rdrand instruction available

PF_RDRAND_INSTRUCTION_AVAILABLE = 28, ///

The RDTSC instruction is available.

PF_RDTSC_INSTRUCTION_AVAILABLE = 8, ///

The pf RDTSCP instruction available

PF_RDTSCP_INSTRUCTION_AVAILABLE = 32, ///

RDFSBASE, RDGSBASE, WRFSBASE, and WRGSBASE instructions are available.

PF_RDWRFSGSBASE_AVAILABLE = 22, ///

Second Level Address Translation is supported by the hardware.

PF_SECOND_LEVEL_ADDRESS_TRANSLATION = 20, ///

The pf sse daz mode available

PF_SSE_DAZ_MODE_AVAILABLE = 11, ///

/// The SSE3 instruction set is available. /// Windows Server 2003 and Windows XP/2000: This feature is not supported. ///

PF_SSE3_INSTRUCTIONS_AVAILABLE = 13, ///

Virtualization is enabled in the firmware.

PF_VIRT_FIRMWARE_ENABLED = 21, ///

The SSE instruction set is available.

PF_XMMI_INSTRUCTIONS_AVAILABLE = 6, ///

/// The SSE2 instruction set is available. /// Windows 2000: This feature is not supported. ///

PF_XMMI64_INSTRUCTIONS_AVAILABLE = 10, ///

/// The processor implements the XSAVE and XRSTOR instructions. /// /// Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP/2000: This feature is not supported until Windows 7 /// and Windows Server 2008 R2. /// ///

PF_XSAVE_ENABLED = 17, } ///

Process protection level.

public enum PROTECTION_LEVEL : uint { ///

For internal use only.

PROTECTION_LEVEL_WINTCB_LIGHT = 0x00000000, ///

For internal use only.

PROTECTION_LEVEL_WINDOWS = 0x00000001, ///

For internal use only.

PROTECTION_LEVEL_WINDOWS_LIGHT = 0x00000002, ///

For internal use only.

PROTECTION_LEVEL_ANTIMALWARE_LIGHT = 0x00000003, ///

For internal use only.

PROTECTION_LEVEL_LSA_LIGHT = 0x00000004, ///

Not implemented.

PROTECTION_LEVEL_WINTCB = 0x00000005, ///

Not implemented.

PROTECTION_LEVEL_CODEGEN_LIGHT = 0x00000006, ///

Not implemented.

PROTECTION_LEVEL_AUTHENTICODE = 0x00000007, ///

The process is a third party app that is using process protection.

PROTECTION_LEVEL_PPL_APP = 0x00000008, ///

The protection level same

PROTECTION_LEVEL_SAME = 0xFFFFFFFF, ///

The process is not protected.

PROTECTION_LEVEL_NONE = 0xFFFFFFFE, } ///

Value retrieved by the function.

public enum SHUTDOWN { ///

/// If this process takes longer than the specified timeout to shut down, do not display a retry dialog box for the user. /// Instead, just cause the process to directly exit. ///

SHUTDOWN_NORETRY = 1 } ///

Flags used in the field.

[PInvokeData("WinBase.h")] [Flags] public enum STARTF { ///

/// Indicates that the cursor is in feedback mode for two seconds after CreateProcess is called. The Working in Background cursor /// is displayed (see the Pointers tab in the Mouse control panel utility). If during those two seconds the process makes the /// first GUI call, the system gives five more seconds to the process. If during those five seconds the process shows a window, /// the system gives five more seconds to the process to finish drawing the window.The system turns the feedback cursor off after /// the first call to GetMessage, regardless of whether the process is drawing. ///

STARTF_FORCEONFEEDBACK = 0x00000040, ///

/// Indicates that the feedback cursor is forced off while the process is starting. The Normal Select cursor is displayed. ///

STARTF_FORCEOFFFEEDBACK = 0x00000080, ///

/// Indicates that any windows created by the process cannot be pinned on the taskbar.This flag must be combined with STARTF_TITLEISAPPID. ///

STARTF_PREVENTPINNING = 0x00002000, ///

/// Indicates that the process should be run in full-screen mode, rather than in windowed mode. This flag is only valid for /// console applications running on an x86 computer. ///

STARTF_RUNFULLSCREEN = 0x00000020, ///

/// The lpTitle member contains an AppUserModelID. This identifier controls how the taskbar and Start menu present the /// application, and enables it to be associated with the correct shortcuts and Jump Lists. Generally, applications will use the /// SetCurrentProcessExplicitAppUserModelID and GetCurrentProcessExplicitAppUserModelID functions instead of setting this flag. /// For more information, see Application User Model IDs.If STARTF_PREVENTPINNING is used, application windows cannot be pinned /// on the taskbar. The use of any AppUserModelID-related window properties by the application overrides this setting for that /// window only.This flag cannot be used with STARTF_TITLEISLINKNAME. ///

STARTF_TITLEISAPPID = 0x00001000, ///

/// The lpTitle member contains the path of the shortcut file (.lnk) that the user invoked to start this process. This is /// typically set by the shell when a .lnk file pointing to the launched application is invoked. Most applications will not need /// to set this value.This flag cannot be used with STARTF_TITLEISAPPID. ///

STARTF_TITLEISLINKNAME = 0x00000800, ///

The command line came from an untrusted source. For more information, see Remarks.

STARTF_UNTRUSTEDSOURCE = 0x00008000, ///

The dwXCountChars and dwYCountChars members contain additional information.

STARTF_USECOUNTCHARS = 0x00000008, ///

The dwFillAttribute member contains additional information.

STARTF_USEFILLATTRIBUTE = 0x00000010, ///

The hStdInput member contains additional information. This flag cannot be used with STARTF_USESTDHANDLES.

STARTF_USEHOTKEY = 0x00000200, ///

The dwX and dwY members contain additional information.

STARTF_USEPOSITION = 0x00000004, ///

The wShowWindow member contains additional information.

STARTF_USESHOWWINDOW = 0x00000001, ///

The dwXSize and dwYSize members contain additional information.

STARTF_USESIZE = 0x00000002, ///

/// The hStdInput, hStdOutput, and hStdError members contain additional information. If this flag is specified when calling one /// of the process creation functions, the handles must be inheritable and the function's bInheritHandles parameter must be set /// to TRUE. For more information, see Handle Inheritance.If this flag is specified when calling the GetStartupInfo function, /// these members are either the handle value specified during process creation or INVALID_HANDLE_VALUE.Handles must be closed /// with CloseHandle when they are no longer needed.This flag cannot be used with STARTF_USEHOTKEY. ///

STARTF_USESTDHANDLES = 0x00000100, } ///

Used by the structure.

[Flags] public enum SYSTEM_CPU_SET_FLAGS : byte { ///

/// If set, the home processor of this CPU Set is parked. If the CPU Set is on a parked processor, threads assigned to that set /// may be reassigned to other processors that are selected by the Process Default sets or the Thread Selected sets. If all such /// processors are parked, the threads are reassigned to other available processors on the system. ///

SYSTEM_CPU_SET_INFORMATION_PARKED = 0x1, ///

/// If set, the specified CPU Set is not available for general system use, but instead is allocated for exclusive use of some /// processes. If a non-NULL Process argument is specified in a call to GetSystemCpuSetInformation, it is possible to determine /// if the processor is allocated for use with that process. ///

SYSTEM_CPU_SET_INFORMATION_ALLOCATED = 0x2, ///

/// This is set if the CPU Set is allocated for the exclusive use of some subset of the system processes and if it is allocated /// for the use of the process passed into GetSystemCpuSetInformation. ///

SYSTEM_CPU_SET_INFORMATION_ALLOCATED_TO_TARGET_PROCESS = 0x4, ///

/// This is set of the CPU Set is on a processor that is suitable for low-latency realtime processing. The system takes steps to /// ensure that RealTime CPU Sets are unlikely to be running non-preemptible code, by moving other work like Interrupts and other /// application threads off of those processors. ///

SYSTEM_CPU_SET_INFORMATION_REALTIME = 0x8, } ///

public enum THREAD_INFORMATION_CLASS { ///

The thread memory priority

ThreadMemoryPriority, ///

The thread absolute cpu priority

ThreadAbsoluteCpuPriority, ///

The thread dynamic code policy

ThreadDynamicCodePolicy, ///

The thread power throttling

ThreadPowerThrottling, ///

The thread information class maximum

ThreadInformationClassMax } ///

The thread's priority level.

public enum THREAD_PRIORITY { ///

Priority 2 points below the priority class.

THREAD_PRIORITY_LOWEST = -2, ///

Priority 1 point below the priority class.

THREAD_PRIORITY_BELOW_NORMAL = (THREAD_PRIORITY_LOWEST + 1), ///

Normal priority for the priority class.

THREAD_PRIORITY_NORMAL = 0, ///

Priority 2 points above the priority class.

THREAD_PRIORITY_HIGHEST = 2, ///

Priority 1 point above the priority class.

THREAD_PRIORITY_ABOVE_NORMAL = (THREAD_PRIORITY_HIGHEST - 1), ///

The thread priority error return

THREAD_PRIORITY_ERROR_RETURN = 0x7fffffff, ///

/// Base-priority level of 15 for IDLE_PRIORITY_CLASS, BELOW_NORMAL_PRIORITY_CLASS, NORMAL_PRIORITY_CLASS, /// ABOVE_NORMAL_PRIORITY_CLASS, or HIGH_PRIORITY_CLASS processes, and a base-priority level of 31 for REALTIME_PRIORITY_CLASS processes. ///

THREAD_PRIORITY_TIME_CRITICAL = 15, ///

/// Base priority of 1 for IDLE_PRIORITY_CLASS, BELOW_NORMAL_PRIORITY_CLASS, NORMAL_PRIORITY_CLASS, ABOVE_NORMAL_PRIORITY_CLASS, /// or HIGH_PRIORITY_CLASS processes, and a base priority of 16 for REALTIME_PRIORITY_CLASS processes. ///

THREAD_PRIORITY_IDLE = -15, ///

The thread mode background begin

THREAD_MODE_BACKGROUND_BEGIN = 0x00010000, ///

The thread mode background end

THREAD_MODE_BACKGROUND_END = 0x00020000, } [Flags] public enum ThreadAccess : uint { THREAD_TERMINATE = 0x0001, THREAD_SUSPEND_RESUME = 0x0002, THREAD_GET_CONTEXT = 0x0008, THREAD_SET_CONTEXT = 0x0010, THREAD_QUERY_INFORMATION = 0x0040, THREAD_SET_INFORMATION = 0x0020, THREAD_SET_THREAD_TOKEN = 0x0080, THREAD_IMPERSONATE = 0x0100, THREAD_DIRECT_IMPERSONATION = 0x0200, THREAD_SET_LIMITED_INFORMATION = 0x0400, THREAD_QUERY_LIMITED_INFORMATION = 0x0800, THREAD_RESUME = 0x1000, THREAD_ALL_ACCESS = ACCESS_MASK.STANDARD_RIGHTS_REQUIRED | ACCESS_MASK.SYNCHRONIZE | 0xFFFF } private enum PROC_THREAD_ATTRIBUTE_NUM : uint { ProcThreadAttributeParentProcess = 0, ProcThreadAttributeHandleList = 2, ProcThreadAttributeGroupAffinity = 3, ProcThreadAttributePreferredNode = 4, ProcThreadAttributeIdealProcessor = 5, ProcThreadAttributeUmsThread = 6, ProcThreadAttributeMitigationPolicy = 7, ProcThreadAttributeSecurityCapabilities = 9, ProcThreadAttributeProtectionLevel = 11, ProcThreadAttributeJobList = 13, ProcThreadAttributeChildProcessPolicy = 14, ProcThreadAttributeAllApplicationPackagesPolicy = 15, ProcThreadAttributeWin32kFilter = 16, ProcThreadAttributeSafeOpenPromptOriginClaim = 17, ProcThreadAttributeDesktopAppPolicy = 18, } ///

/// Creates a new process and its primary thread. The new process runs in the security context of the calling process. /// /// If the calling process is impersonating another user, the new process uses the token for the calling process, not the /// impersonation token. To run the new process in the security context of the user represented by the impersonation token, use the /// CreateProcessAsUser or CreateProcessWithLogonW function. /// ///

/// /// /// The name of the module to be executed. This module can be a Windows-based application. It can be some other type of module (for /// example, MS-DOS or OS/2) if the appropriate subsystem is available on the local computer. /// /// /// The string can specify the full path and file name of the module to execute or it can specify a partial name. In the case of a /// partial name, the function uses the current drive and current directory to complete the specification. The function will not use /// the search path. This parameter must include the file name extension; no default extension is assumed. /// /// /// The lpApplicationName parameter can be NULL. In that case, the module name must be the first white space–delimited token /// in the lpCommandLine string. If you are using a long file name that contains a space, use quoted strings to indicate where the /// file name ends and the arguments begin; otherwise, the file name is ambiguous. For example, consider the string "c:\program /// files\sub dir\program name". This string can be interpreted in a number of ways. The system tries to interpret the possibilities /// in the following order: /// /// /// If the executable module is a 16-bit application, lpApplicationName should be NULL, and the string pointed to by /// lpCommandLine should specify the executable module as well as its arguments. /// /// /// To run a batch file, you must start the command interpreter; set lpApplicationName to cmd.exe and set lpCommandLine to the /// following arguments: /c plus the name of the batch file. /// /// /// /// /// The command line to be executed. The maximum length of this string is 32,768 characters, including the Unicode terminating null /// character. If lpApplicationName is NULL, the module name portion of lpCommandLine is limited to MAX_PATH characters. /// /// /// The Unicode version of this function, CreateProcessW, can modify the contents of this string. Therefore, this parameter /// cannot be a pointer to read-only memory (such as a const variable or a literal string). If this parameter is a constant /// string, the function may cause an access violation. /// /// /// The lpCommandLine parameter can be NULL. In that case, the function uses the string pointed to by lpApplicationName as the /// command line. /// /// /// If both lpApplicationName and lpCommandLine are non- NULL, the null-terminated string pointed to by lpApplicationName /// specifies the module to execute, and the null-terminated string pointed to by lpCommandLine specifies the command line. The new /// process can use GetCommandLine to retrieve the entire command line. Console processes written in C can use the argc and /// argv arguments to parse the command line. Because argv[0] is the module name, C programmers generally repeat the module name as /// the first token in the command line. /// /// /// If lpApplicationName is NULL, the first white space–delimited token of the command line specifies the module name. If you are /// using a long file name that contains a space, use quoted strings to indicate where the file name ends and the arguments begin /// (see the explanation for the lpApplicationName parameter). If the file name does not contain an extension, .exe is appended. /// Therefore, if the file name extension is .com, this parameter must include the .com extension. If the file name ends in a period /// (.) with no extension, or if the file name contains a path, .exe is not appended. If the file name does not contain a directory /// path, the system searches for the executable file in the following sequence: /// /// /// The system adds a terminating null character to the command-line string to separate the file name from the arguments. This /// divides the original string into two strings for internal processing. /// /// /// /// /// A pointer to a SECURITY_ATTRIBUTES structure that determines whether the returned handle to the new process object can be /// inherited by child processes. If lpProcessAttributes is NULL, the handle cannot be inherited. /// /// /// The lpSecurityDescriptor member of the structure specifies a security descriptor for the new process. If /// lpProcessAttributes is NULL or lpSecurityDescriptor is NULL, the process gets a default security descriptor. The /// ACLs in the default security descriptor for a process come from the primary token of the creator. /// /// /// Windows XP: The ACLs in the default security descriptor for a process come from the primary or impersonation token of the /// creator. This behavior changed with Windows XP with SP2 and Windows Server 2003. /// /// /// /// /// A pointer to a SECURITY_ATTRIBUTES structure that determines whether the returned handle to the new thread object can be /// inherited by child processes. If lpThreadAttributes is NULL, the handle cannot be inherited. /// /// /// The lpSecurityDescriptor member of the structure specifies a security descriptor for the main thread. If /// lpThreadAttributes is NULL or lpSecurityDescriptor is NULL, the thread gets a default security descriptor. The ACLs in the /// default security descriptor for a thread come from the process token. /// /// /// Windows XP: The ACLs in the default security descriptor for a thread come from the primary or impersonation token of the /// creator. This behavior changed with Windows XP with SP2 and Windows Server 2003. /// /// /// /// /// If this parameter is TRUE, each inheritable handle in the calling process is inherited by the new process. If the parameter is /// FALSE, the handles are not inherited. Note that inherited handles have the same value and access rights as the original handles. /// /// /// Terminal Services: You cannot inherit handles across sessions. Additionally, if this parameter is TRUE, you must create /// the process in the same session as the caller. /// /// /// Protected Process Light (PPL) processes: The generic handle inheritance is blocked when a PPL process creates a non-PPL /// process since PROCESS_DUP_HANDLE is not allowed from a non-PPL process to a PPL process. See Process Security and Access Rights /// /// /// /// /// The flags that control the priority class and the creation of the process. For a list of values, see Process Creation Flags. /// /// /// This parameter also controls the new process's priority class, which is used to determine the scheduling priorities of the /// process's threads. For a list of values, see GetPriorityClass. If none of the priority class flags is specified, the /// priority class defaults to NORMAL_PRIORITY_CLASS unless the priority class of the creating process is /// IDLE_PRIORITY_CLASS or BELOW_NORMAL_PRIORITY_CLASS. In this case, the child process receives the default priority /// class of the calling process. /// /// /// /// /// An array of the environment items for the new process. If this parameter is NULL, the new process uses the environment of /// the calling process. /// /// An environment item is in the following form: /// name=value\0 /// Because the equal sign is used as a separator, it must not be used in the name of an environment variable. /// /// An environment block can contain either Unicode or ANSI characters. If the environment block pointed to by lpEnvironment contains /// Unicode characters, be sure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT. If this parameter is NULL and /// the environment block of the parent process contains Unicode characters, you must also ensure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT. /// /// /// The ANSI version of this function, CreateProcessA fails if the total size of the environment block for the process exceeds /// 32,767 characters. /// /// /// /// The full path to the current directory for the process. The string can also specify a UNC path. /// /// If this parameter is NULL, the new process will have the same current drive and directory as the calling process. (This /// feature is provided primarily for shells that need to start an application and specify its initial drive and working directory.) /// /// /// /// A pointer to a STARTUPINFO or STARTUPINFOEX structure. /// /// To set extended attributes, use a STARTUPINFOEX structure and specify EXTENDED_STARTUPINFO_PRESENT in the dwCreationFlags parameter. /// /// Handles in STARTUPINFO or STARTUPINFOEX must be closed with CloseHandle when they are no longer needed. /// /// /// A pointer to a PROCESS_INFORMATION structure that receives identification information about the new process. /// Handles in PROCESS_INFORMATION must be closed with CloseHandle when they are no longer needed. /// /// /// If the function succeeds, the return value is nonzero. /// If the function fails, the return value is zero. To get extended error information, call GetLastError. /// /// Note that the function returns before the process has finished initialization. If a required DLL cannot be located or fails to /// initialize, the process is terminated. To get the termination status of a process, call GetExitCodeProcess. /// /// // BOOL WINAPI CreateProcess( _In_opt_ LPCTSTR lpApplicationName, _Inout_opt_ LPTSTR lpCommandLine, _In_opt_ LPSECURITY_ATTRIBUTES // lpProcessAttributes, _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, _In_ BOOL bInheritHandles, _In_ DWORD dwCreationFlags, // _In_opt_ LPVOID lpEnvironment, _In_opt_ LPCTSTR lpCurrentDirectory, _In_ LPSTARTUPINFO lpStartupInfo, _Out_ LPPROCESS_INFORMATION // lpProcessInformation); https://msdn.microsoft.com/en-us/library/windows/desktop/ms682425(v=vs.85).aspx [PInvokeData("WinBase.h", MSDNShortId = "ms682425")] public static bool CreateProcess([Optional] string lpApplicationName, [Optional] StringBuilder lpCommandLine, [In, Optional] SECURITY_ATTRIBUTES lpProcessAttributes, [In, Optional] SECURITY_ATTRIBUTES lpThreadAttributes, [Optional] bool bInheritHandles, [Optional] CREATE_PROCESS dwCreationFlags, [In, Optional] string[] lpEnvironment, [Optional] string lpCurrentDirectory, in STARTUPINFO lpStartupInfo, out SafePROCESS_INFORMATION lpProcessInformation) { using (var mEnv = lpEnvironment is null ? SafeHGlobalHandle.Null : SafeHGlobalHandle.CreateFromStringList(lpEnvironment)) { var ret = CreateProcess(lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes, bInheritHandles, dwCreationFlags, (IntPtr)mEnv, lpCurrentDirectory, lpStartupInfo, out var pi); lpProcessInformation = ret ? new SafePROCESS_INFORMATION(pi) : null; return ret; } } ///

/// /// /// The command line to be executed. The maximum length of this string is 32,768 characters, including the Unicode terminating null /// character. The module name portion of lpCommandLine is limited to MAX_PATH characters. /// /// /// The first white space–delimited token of the command line specifies the module name. If you are /// using a long file name that contains a space, use quoted strings to indicate where the file name ends and the arguments begin /// (see the explanation for the lpApplicationName parameter). If the file name does not contain an extension, .exe is appended. /// Therefore, if the file name extension is .com, this parameter must include the .com extension. If the file name ends in a period /// (.) with no extension, or if the file name contains a path, .exe is not appended. If the file name does not contain a directory /// path, the system searches for the executable file in the following sequence: /// /// /// A handle to the created process. [PInvokeData("WinBase.h", MSDNShortId = "ms682425")] public static SafeHPROCESS CreateProcess(string lpCommandLine) { if (CreateProcess(null, new StringBuilder(lpCommandLine ?? throw new ArgumentNullException(nameof(lpCommandLine))), null, null, false, 0, IntPtr.Zero, null, STARTUPINFO.Default, out var pi)) { CloseHandle((IntPtr)pi.hThread); return new SafeHPROCESS(pi.hProcess); } return SafeHPROCESS.Null; } ///

/// /// /// The name of the module to be executed. This module can be a Windows-based application. It can be some other type of module (for /// example, MS-DOS or OS/2) if the appropriate subsystem is available on the local computer. /// /// /// The string can specify the full path and file name of the module to execute or it can specify a partial name. In the case of a /// partial name, the function uses the current drive and current directory to complete the specification. The function will not use /// the search path. This parameter must include the file name extension; no default extension is assumed. /// /// /// The lpApplicationName parameter can be NULL. In that case, the module name must be the first white space–delimited token /// in the lpCommandLine string. If you are using a long file name that contains a space, use quoted strings to indicate where the /// file name ends and the arguments begin; otherwise, the file name is ambiguous. For example, consider the string "c:\program /// files\sub dir\program name". This string can be interpreted in a number of ways. The system tries to interpret the possibilities /// in the following order: /// /// /// If the executable module is a 16-bit application, lpApplicationName should be NULL, and the string pointed to by /// lpCommandLine should specify the executable module as well as its arguments. /// /// /// To run a batch file, you must start the command interpreter; set lpApplicationName to cmd.exe and set lpCommandLine to the /// following arguments: /c plus the name of the batch file. /// /// /// /// /// The command line to be executed. The maximum length of this string is 32,768 characters, including the Unicode terminating null /// character. If lpApplicationName is NULL, the module name portion of lpCommandLine is limited to MAX_PATH characters. /// /// /// The Unicode version of this function, CreateProcessW, can modify the contents of this string. Therefore, this parameter /// cannot be a pointer to read-only memory (such as a const variable or a literal string). If this parameter is a constant /// string, the function may cause an access violation. /// /// /// The lpCommandLine parameter can be NULL. In that case, the function uses the string pointed to by lpApplicationName as the /// command line. /// /// /// If both lpApplicationName and lpCommandLine are non- NULL, the null-terminated string pointed to by lpApplicationName /// specifies the module to execute, and the null-terminated string pointed to by lpCommandLine specifies the command line. The new /// process can use GetCommandLine to retrieve the entire command line. Console processes written in C can use the argc and /// argv arguments to parse the command line. Because argv[0] is the module name, C programmers generally repeat the module name as /// the first token in the command line. /// /// /// If lpApplicationName is NULL, the first white space–delimited token of the command line specifies the module name. If you are /// using a long file name that contains a space, use quoted strings to indicate where the file name ends and the arguments begin /// (see the explanation for the lpApplicationName parameter). If the file name does not contain an extension, .exe is appended. /// Therefore, if the file name extension is .com, this parameter must include the .com extension. If the file name ends in a period /// (.) with no extension, or if the file name contains a path, .exe is not appended. If the file name does not contain a directory /// path, the system searches for the executable file in the following sequence: /// /// /// The system adds a terminating null character to the command-line string to separate the file name from the arguments. This /// divides the original string into two strings for internal processing. /// /// /// /// /// A pointer to a SECURITY_ATTRIBUTES structure that determines whether the returned handle to the new process object can be /// inherited by child processes. If lpProcessAttributes is NULL, the handle cannot be inherited. /// /// /// The lpSecurityDescriptor member of the structure specifies a security descriptor for the new process. If /// lpProcessAttributes is NULL or lpSecurityDescriptor is NULL, the process gets a default security descriptor. The /// ACLs in the default security descriptor for a process come from the primary token of the creator. /// /// /// Windows XP: The ACLs in the default security descriptor for a process come from the primary or impersonation token of the /// creator. This behavior changed with Windows XP with SP2 and Windows Server 2003. /// /// /// /// /// A pointer to a SECURITY_ATTRIBUTES structure that determines whether the returned handle to the new thread object can be /// inherited by child processes. If lpThreadAttributes is NULL, the handle cannot be inherited. /// /// /// The lpSecurityDescriptor member of the structure specifies a security descriptor for the main thread. If /// lpThreadAttributes is NULL or lpSecurityDescriptor is NULL, the thread gets a default security descriptor. The ACLs in the /// default security descriptor for a thread come from the process token. /// /// /// Windows XP: The ACLs in the default security descriptor for a thread come from the primary or impersonation token of the /// creator. This behavior changed with Windows XP with SP2 and Windows Server 2003. /// /// /// /// /// If this parameter is TRUE, each inheritable handle in the calling process is inherited by the new process. If the parameter is /// FALSE, the handles are not inherited. Note that inherited handles have the same value and access rights as the original handles. /// /// /// Terminal Services: You cannot inherit handles across sessions. Additionally, if this parameter is TRUE, you must create /// the process in the same session as the caller. /// /// /// Protected Process Light (PPL) processes: The generic handle inheritance is blocked when a PPL process creates a non-PPL /// process since PROCESS_DUP_HANDLE is not allowed from a non-PPL process to a PPL process. See Process Security and Access Rights /// /// /// /// /// The flags that control the priority class and the creation of the process. For a list of values, see Process Creation Flags. /// /// /// This parameter also controls the new process's priority class, which is used to determine the scheduling priorities of the /// process's threads. For a list of values, see GetPriorityClass. If none of the priority class flags is specified, the /// priority class defaults to NORMAL_PRIORITY_CLASS unless the priority class of the creating process is /// IDLE_PRIORITY_CLASS or BELOW_NORMAL_PRIORITY_CLASS. In this case, the child process receives the default priority /// class of the calling process. /// /// /// /// /// An array of the environment items for the new process. If this parameter is NULL, the new process uses the environment of /// the calling process. /// /// An environment item is in the following form: /// name=value\0 /// Because the equal sign is used as a separator, it must not be used in the name of an environment variable. /// /// An environment block can contain either Unicode or ANSI characters. If the environment block pointed to by lpEnvironment contains /// Unicode characters, be sure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT. If this parameter is NULL and /// the environment block of the parent process contains Unicode characters, you must also ensure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT. /// /// /// The ANSI version of this function, CreateProcessA fails if the total size of the environment block for the process exceeds /// 32,767 characters. /// /// /// /// The full path to the current directory for the process. The string can also specify a UNC path. /// /// If this parameter is NULL, the new process will have the same current drive and directory as the calling process. (This /// feature is provided primarily for shells that need to start an application and specify its initial drive and working directory.) /// /// /// /// A pointer to a STARTUPINFO or STARTUPINFOEX structure. /// /// To set extended attributes, use a STARTUPINFOEX structure and specify EXTENDED_STARTUPINFO_PRESENT in the dwCreationFlags parameter. /// /// Handles in STARTUPINFO or STARTUPINFOEX must be closed with CloseHandle when they are no longer needed. /// /// /// A pointer to a PROCESS_INFORMATION structure that receives identification information about the new process. /// Handles in PROCESS_INFORMATION must be closed with CloseHandle when they are no longer needed. /// /// /// If the function succeeds, the return value is nonzero. /// If the function fails, the return value is zero. To get extended error information, call GetLastError. /// /// Note that the function returns before the process has finished initialization. If a required DLL cannot be located or fails to /// initialize, the process is terminated. To get the termination status of a process, call GetExitCodeProcess. /// /// // BOOL WINAPI CreateProcess( _In_opt_ LPCTSTR lpApplicationName, _Inout_opt_ LPTSTR lpCommandLine, _In_opt_ LPSECURITY_ATTRIBUTES // lpProcessAttributes, _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, _In_ BOOL bInheritHandles, _In_ DWORD dwCreationFlags, // _In_opt_ LPVOID lpEnvironment, _In_opt_ LPCTSTR lpCurrentDirectory, _In_ LPSTARTUPINFO lpStartupInfo, _Out_ LPPROCESS_INFORMATION // lpProcessInformation); https://msdn.microsoft.com/en-us/library/windows/desktop/ms682425(v=vs.85).aspx [PInvokeData("WinBase.h", MSDNShortId = "ms682425")] public static bool CreateProcess([Optional] string lpApplicationName, [Optional] StringBuilder lpCommandLine, [In, Optional] SECURITY_ATTRIBUTES lpProcessAttributes, [In, Optional] SECURITY_ATTRIBUTES lpThreadAttributes, bool bInheritHandles, [Optional] CREATE_PROCESS dwCreationFlags, [In, Optional] string[] lpEnvironment, [Optional] string lpCurrentDirectory, in STARTUPINFOEX lpStartupInfo, out SafePROCESS_INFORMATION lpProcessInformation) { using (var mEnv = lpEnvironment is null ? SafeHGlobalHandle.Null : SafeHGlobalHandle.CreateFromStringList(lpEnvironment)) { var ret = CreateProcess(lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes, bInheritHandles, dwCreationFlags, (IntPtr)mEnv, lpCurrentDirectory, lpStartupInfo, out var pi); lpProcessInformation = ret ? new SafePROCESS_INFORMATION(pi) : null; return ret; } } ///

/// /// Creates a new process and its primary thread. The new process runs in the security context of the user represented by the /// specified token. /// /// /// Typically, the process that calls the CreateProcessAsUser function must have the SE_INCREASE_QUOTA_NAME privilege /// and may require the SE_ASSIGNPRIMARYTOKEN_NAME privilege if the token is not assignable. If this function fails with /// ERROR_PRIVILEGE_NOT_HELD (1314), use the CreateProcessWithLogonW function instead. CreateProcessWithLogonW /// requires no special privileges, but the specified user account must be allowed to log on interactively. Generally, it is best to /// use CreateProcessWithLogonW to create a process with alternate credentials. /// ///

/// /// /// A handle to the primary token that represents a user. The handle must have the TOKEN_QUERY, TOKEN_DUPLICATE, and /// TOKEN_ASSIGN_PRIMARY access rights. For more information, see Access Rights for Access-Token Objects. The user /// represented by the token must have read and execute access to the application specified by the lpApplicationName or the /// lpCommandLine parameter. /// /// /// To get a primary token that represents the specified user, call the LogonUser function. Alternatively, you can call the /// DuplicateTokenEx function to convert an impersonation token into a primary token. This allows a server application that is /// impersonating a client to create a process that has the security context of the client. /// /// /// If hToken is a restricted version of the caller's primary token, the SE_ASSIGNPRIMARYTOKEN_NAME privilege is not required. /// If the necessary privileges are not already enabled, CreateProcessAsUser enables them for the duration of the call. For /// more information, see Running with Special Privileges. /// /// /// Terminal Services: The process is run in the session specified in the token. By default, this is the same session that /// called LogonUser. To change the session, use the SetTokenInformation function. /// /// /// /// /// The name of the module to be executed. This module can be a Windows-based application. It can be some other type of module (for /// example, MS-DOS or OS/2) if the appropriate subsystem is available on the local computer. /// /// /// The string can specify the full path and file name of the module to execute or it can specify a partial name. In the case of a /// partial name, the function uses the current drive and current directory to complete the specification. The function will not use /// the search path. This parameter must include the file name extension; no default extension is assumed. /// /// /// The lpApplicationName parameter can be NULL. In that case, the module name must be the first white space–delimited token /// in the lpCommandLine string. If you are using a long file name that contains a space, use quoted strings to indicate where the /// file name ends and the arguments begin; otherwise, the file name is ambiguous. For example, consider the string "c:\program /// files\sub dir\program name". This string can be interpreted in a number of ways. The system tries to interpret the possibilities /// in the following order: /// /// /// If the executable module is a 16-bit application, lpApplicationName should be NULL, and the string pointed to by /// lpCommandLine should specify the executable module as well as its arguments. By default, all 16-bit Windows-based applications /// created by CreateProcessAsUser are run in a separate VDM (equivalent to CREATE_SEPARATE_WOW_VDM in CreateProcess). /// /// /// /// /// The command line to be executed. The maximum length of this string is 32K characters. If lpApplicationName is NULL, the /// module name portion of lpCommandLine is limited to MAX_PATH characters. /// /// /// The Unicode version of this function, CreateProcessAsUserW, can modify the contents of this string. Therefore, this /// parameter cannot be a pointer to read-only memory (such as a const variable or a literal string). If this parameter is a /// constant string, the function may cause an access violation. /// /// /// The lpCommandLine parameter can be NULL. In that case, the function uses the string pointed to by lpApplicationName as the /// command line. /// /// /// If both lpApplicationName and lpCommandLine are non- NULL, *lpApplicationName specifies the module to execute, and /// *lpCommandLine specifies the command line. The new process can use GetCommandLine to retrieve the entire command line. /// Console processes written in C can use the argc and argv arguments to parse the command line. Because argv[0] is the module name, /// C programmers generally repeat the module name as the first token in the command line. /// /// /// If lpApplicationName is NULL, the first white space–delimited token of the command line specifies the module name. If you /// are using a long file name that contains a space, use quoted strings to indicate where the file name ends and the arguments begin /// (see the explanation for the lpApplicationName parameter). If the file name does not contain an extension, .exe is appended. /// Therefore, if the file name extension is .com, this parameter must include the .com extension. If the file name ends in a period /// (.) with no extension, or if the file name contains a path, .exe is not appended. If the file name does not contain a directory /// path, the system searches for the executable file in the following sequence: /// /// /// The system adds a null character to the command line string to separate the file name from the arguments. This divides the /// original string into two strings for internal processing. /// /// /// /// A pointer to a SECURITY_ATTRIBUTES structure that specifies a security descriptor for the new process object and /// determines whether child processes can inherit the returned handle to the process. If lpProcessAttributes is NULL or /// lpSecurityDescriptor is NULL, the process gets a default security descriptor and the handle cannot be inherited. /// The default security descriptor is that of the user referenced in the hToken parameter. This security descriptor may not allow /// access for the caller, in which case the process may not be opened again after it is run. The process handle is valid and will /// continue to have full access rights. /// /// /// A pointer to a SECURITY_ATTRIBUTES structure that specifies a security descriptor for the new thread object and determines /// whether child processes can inherit the returned handle to the thread. If lpThreadAttributes is NULL or /// lpSecurityDescriptor is NULL, the thread gets a default security descriptor and the handle cannot be inherited. The /// default security descriptor is that of the user referenced in the hToken parameter. This security descriptor may not allow access /// for the caller. /// /// /// /// If this parameter is TRUE, each inheritable handle in the calling process is inherited by the new process. If the /// parameter is FALSE, the handles are not inherited. Note that inherited handles have the same value and access rights as /// the original handles. /// /// /// Terminal Services: You cannot inherit handles across sessions. Additionally, if this parameter is TRUE, you must /// create the process in the same session as the caller. /// /// /// Protected Process Light (PPL) processes: The generic handle inheritance is blocked when a PPL process creates a non-PPL /// process since PROCESS_DUP_HANDLE is not allowed from a non-PPL process to a PPL process. See Process Security and Access Rights /// /// /// /// /// The flags that control the priority class and the creation of the process. For a list of values, see Process Creation Flags. /// /// /// This parameter also controls the new process's priority class, which is used to determine the scheduling priorities of the /// process's threads. For a list of values, see GetPriorityClass. If none of the priority class flags is specified, the /// priority class defaults to NORMAL_PRIORITY_CLASS unless the priority class of the creating process is /// IDLE_PRIORITY_CLASS or BELOW_NORMAL_PRIORITY_CLASS. In this case, the child process receives the default priority /// class of the calling process. /// /// /// /// /// A pointer to an environment block for the new process. If this parameter is NULL, the new process uses the environment of /// the calling process. /// /// An environment block consists of a null-terminated block of null-terminated strings. Each string is in the following form: /// name=value\0 /// Because the equal sign is used as a separator, it must not be used in the name of an environment variable. /// /// An environment block can contain either Unicode or ANSI characters. If the environment block pointed to by lpEnvironment contains /// Unicode characters, be sure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT. If this parameter is NULL and /// the environment block of the parent process contains Unicode characters, you must also ensure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT. /// /// /// The ANSI version of this function, CreateProcessAsUserA fails if the total size of the environment block for the process /// exceeds 32,767 characters. /// /// /// Note that an ANSI environment block is terminated by two zero bytes: one for the last string, one more to terminate the block. A /// Unicode environment block is terminated by four zero bytes: two for the last string, two more to terminate the block. /// /// /// Windows Server 2003 and Windows XP: If the size of the combined user and system environment variable exceeds 8192 bytes, /// the process created by CreateProcessAsUser no longer runs with the environment block passed to the function by the parent /// process. Instead, the child process runs with the environment block returned by the CreateEnvironmentBlock function. /// /// To retrieve a copy of the environment block for a given user, use the CreateEnvironmentBlock function. /// /// /// The full path to the current directory for the process. The string can also specify a UNC path. /// /// If this parameter is NULL, the new process will have the same current drive and directory as the calling process. (This feature /// is provided primarily for shells that need to start an application and specify its initial drive and working directory.) /// /// /// /// A pointer to a STARTUPINFO or STARTUPINFOEX structure. /// /// The user must have full access to both the specified window station and desktop. If you want the process to be interactive, /// specify winsta0\default. If the lpDesktop member is NULL, the new process inherits the desktop and window station of its /// parent process. If this member is an empty string, "", the new process connects to a window station using the rules described in /// Process Connection to a Window Station. /// /// /// To set extended attributes, use a STARTUPINFOEX structure and specify EXTENDED_STARTUPINFO_PRESENT in the /// dwCreationFlags parameter. /// /// Handles in STARTUPINFO or STARTUPINFOEX must be closed with CloseHandle when they are no longer needed. /// /// /// A pointer to a PROCESS_INFORMATION structure that receives identification information about the new process. /// Handles in PROCESS_INFORMATION must be closed with CloseHandle when they are no longer needed. /// /// /// If the function succeeds, the return value is nonzero. /// If the function fails, the return value is zero. To get extended error information, call GetLastError. /// /// Note that the function returns before the process has finished initialization. If a required DLL cannot be located or fails to /// initialize, the process is terminated. To get the termination status of a process, call GetExitCodeProcess. /// /// // BOOL WINAPI CreateProcessAsUser( _In_opt_ HANDLE hToken, _In_opt_ LPCTSTR lpApplicationName, _Inout_opt_ LPTSTR lpCommandLine, // _In_opt_ LPSECURITY_ATTRIBUTES lpProcessAttributes, _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, _In_ BOOL bInheritHandles, // _In_ DWORD dwCreationFlags, _In_opt_ LPVOID lpEnvironment, _In_opt_ LPCTSTR lpCurrentDirectory, _In_ LPSTARTUPINFO lpStartupInfo, // _Out_ LPPROCESS_INFORMATION lpProcessInformation); https://msdn.microsoft.com/en-us/library/windows/desktop/ms682429(v=vs.85).aspx [PInvokeData("WinBase.h", MSDNShortId = "ms682429")] public static bool CreateProcessAsUser(HTOKEN hToken, string lpApplicationName, StringBuilder lpCommandLine, SECURITY_ATTRIBUTES lpProcessAttributes, SECURITY_ATTRIBUTES lpThreadAttributes, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandles, CREATE_PROCESS dwCreationFlags, IntPtr lpEnvironment, string lpCurrentDirectory, in STARTUPINFO lpStartupInfo, out SafePROCESS_INFORMATION lpProcessInformation) { var ret = CreateProcessAsUser(hToken, lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes, bInheritHandles, dwCreationFlags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, out PROCESS_INFORMATION pi); lpProcessInformation = ret ? new SafePROCESS_INFORMATION(pi) : null; return ret; } ///

/// /// /// A handle to the primary token that represents a user. The handle must have the TOKEN_QUERY, TOKEN_DUPLICATE, and /// TOKEN_ASSIGN_PRIMARY access rights. For more information, see Access Rights for Access-Token Objects. The user /// represented by the token must have read and execute access to the application specified by the lpApplicationName or the /// lpCommandLine parameter. /// /// /// To get a primary token that represents the specified user, call the LogonUser function. Alternatively, you can call the /// DuplicateTokenEx function to convert an impersonation token into a primary token. This allows a server application that is /// impersonating a client to create a process that has the security context of the client. /// /// /// If hToken is a restricted version of the caller's primary token, the SE_ASSIGNPRIMARYTOKEN_NAME privilege is not required. /// If the necessary privileges are not already enabled, CreateProcessAsUser enables them for the duration of the call. For /// more information, see Running with Special Privileges. /// /// /// Terminal Services: The process is run in the session specified in the token. By default, this is the same session that /// called LogonUser. To change the session, use the SetTokenInformation function. /// /// /// /// /// The name of the module to be executed. This module can be a Windows-based application. It can be some other type of module (for /// example, MS-DOS or OS/2) if the appropriate subsystem is available on the local computer. /// /// /// The string can specify the full path and file name of the module to execute or it can specify a partial name. In the case of a /// partial name, the function uses the current drive and current directory to complete the specification. The function will not use /// the search path. This parameter must include the file name extension; no default extension is assumed. /// /// /// The lpApplicationName parameter can be NULL. In that case, the module name must be the first white space–delimited token /// in the lpCommandLine string. If you are using a long file name that contains a space, use quoted strings to indicate where the /// file name ends and the arguments begin; otherwise, the file name is ambiguous. For example, consider the string "c:\program /// files\sub dir\program name". This string can be interpreted in a number of ways. The system tries to interpret the possibilities /// in the following order: /// /// /// If the executable module is a 16-bit application, lpApplicationName should be NULL, and the string pointed to by /// lpCommandLine should specify the executable module as well as its arguments. By default, all 16-bit Windows-based applications /// created by CreateProcessAsUser are run in a separate VDM (equivalent to CREATE_SEPARATE_WOW_VDM in CreateProcess). /// /// /// /// /// The command line to be executed. The maximum length of this string is 32K characters. If lpApplicationName is NULL, the /// module name portion of lpCommandLine is limited to MAX_PATH characters. /// /// /// The Unicode version of this function, CreateProcessAsUserW, can modify the contents of this string. Therefore, this /// parameter cannot be a pointer to read-only memory (such as a const variable or a literal string). If this parameter is a /// constant string, the function may cause an access violation. /// /// /// The lpCommandLine parameter can be NULL. In that case, the function uses the string pointed to by lpApplicationName as the /// command line. /// /// /// If both lpApplicationName and lpCommandLine are non- NULL, *lpApplicationName specifies the module to execute, and /// *lpCommandLine specifies the command line. The new process can use GetCommandLine to retrieve the entire command line. /// Console processes written in C can use the argc and argv arguments to parse the command line. Because argv[0] is the module name, /// C programmers generally repeat the module name as the first token in the command line. /// /// /// If lpApplicationName is NULL, the first white space–delimited token of the command line specifies the module name. If you /// are using a long file name that contains a space, use quoted strings to indicate where the file name ends and the arguments begin /// (see the explanation for the lpApplicationName parameter). If the file name does not contain an extension, .exe is appended. /// Therefore, if the file name extension is .com, this parameter must include the .com extension. If the file name ends in a period /// (.) with no extension, or if the file name contains a path, .exe is not appended. If the file name does not contain a directory /// path, the system searches for the executable file in the following sequence: /// /// /// The system adds a null character to the command line string to separate the file name from the arguments. This divides the /// original string into two strings for internal processing. /// /// /// /// A pointer to a SECURITY_ATTRIBUTES structure that specifies a security descriptor for the new process object and /// determines whether child processes can inherit the returned handle to the process. If lpProcessAttributes is NULL or /// lpSecurityDescriptor is NULL, the process gets a default security descriptor and the handle cannot be inherited. /// The default security descriptor is that of the user referenced in the hToken parameter. This security descriptor may not allow /// access for the caller, in which case the process may not be opened again after it is run. The process handle is valid and will /// continue to have full access rights. /// /// /// A pointer to a SECURITY_ATTRIBUTES structure that specifies a security descriptor for the new thread object and determines /// whether child processes can inherit the returned handle to the thread. If lpThreadAttributes is NULL or /// lpSecurityDescriptor is NULL, the thread gets a default security descriptor and the handle cannot be inherited. The /// default security descriptor is that of the user referenced in the hToken parameter. This security descriptor may not allow access /// for the caller. /// /// /// /// If this parameter is TRUE, each inheritable handle in the calling process is inherited by the new process. If the /// parameter is FALSE, the handles are not inherited. Note that inherited handles have the same value and access rights as /// the original handles. /// /// /// Terminal Services: You cannot inherit handles across sessions. Additionally, if this parameter is TRUE, you must /// create the process in the same session as the caller. /// /// /// Protected Process Light (PPL) processes: The generic handle inheritance is blocked when a PPL process creates a non-PPL /// process since PROCESS_DUP_HANDLE is not allowed from a non-PPL process to a PPL process. See Process Security and Access Rights /// /// /// /// /// The flags that control the priority class and the creation of the process. For a list of values, see Process Creation Flags. /// /// /// This parameter also controls the new process's priority class, which is used to determine the scheduling priorities of the /// process's threads. For a list of values, see GetPriorityClass. If none of the priority class flags is specified, the /// priority class defaults to NORMAL_PRIORITY_CLASS unless the priority class of the creating process is /// IDLE_PRIORITY_CLASS or BELOW_NORMAL_PRIORITY_CLASS. In this case, the child process receives the default priority /// class of the calling process. /// /// /// /// /// A pointer to an environment block for the new process. If this parameter is NULL, the new process uses the environment of /// the calling process. /// /// An environment block consists of a null-terminated block of null-terminated strings. Each string is in the following form: /// name=value\0 /// Because the equal sign is used as a separator, it must not be used in the name of an environment variable. /// /// An environment block can contain either Unicode or ANSI characters. If the environment block pointed to by lpEnvironment contains /// Unicode characters, be sure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT. If this parameter is NULL and /// the environment block of the parent process contains Unicode characters, you must also ensure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT. /// /// /// The ANSI version of this function, CreateProcessAsUserA fails if the total size of the environment block for the process /// exceeds 32,767 characters. /// /// /// Note that an ANSI environment block is terminated by two zero bytes: one for the last string, one more to terminate the block. A /// Unicode environment block is terminated by four zero bytes: two for the last string, two more to terminate the block. /// /// /// Windows Server 2003 and Windows XP: If the size of the combined user and system environment variable exceeds 8192 bytes, /// the process created by CreateProcessAsUser no longer runs with the environment block passed to the function by the parent /// process. Instead, the child process runs with the environment block returned by the CreateEnvironmentBlock function. /// /// To retrieve a copy of the environment block for a given user, use the CreateEnvironmentBlock function. /// /// /// The full path to the current directory for the process. The string can also specify a UNC path. /// /// If this parameter is NULL, the new process will have the same current drive and directory as the calling process. (This feature /// is provided primarily for shells that need to start an application and specify its initial drive and working directory.) /// /// /// /// A pointer to a STARTUPINFO or STARTUPINFOEX structure. /// /// The user must have full access to both the specified window station and desktop. If you want the process to be interactive, /// specify winsta0\default. If the lpDesktop member is NULL, the new process inherits the desktop and window station of its /// parent process. If this member is an empty string, "", the new process connects to a window station using the rules described in /// Process Connection to a Window Station. /// /// /// To set extended attributes, use a STARTUPINFOEX structure and specify EXTENDED_STARTUPINFO_PRESENT in the /// dwCreationFlags parameter. /// /// Handles in STARTUPINFO or STARTUPINFOEX must be closed with CloseHandle when they are no longer needed. /// /// /// A pointer to a PROCESS_INFORMATION structure that receives identification information about the new process. /// Handles in PROCESS_INFORMATION must be closed with CloseHandle when they are no longer needed. /// /// /// If the function succeeds, the return value is nonzero. /// If the function fails, the return value is zero. To get extended error information, call GetLastError. /// /// Note that the function returns before the process has finished initialization. If a required DLL cannot be located or fails to /// initialize, the process is terminated. To get the termination status of a process, call GetExitCodeProcess. /// /// // BOOL WINAPI CreateProcessAsUser( _In_opt_ HANDLE hToken, _In_opt_ LPCTSTR lpApplicationName, _Inout_opt_ LPTSTR lpCommandLine, // _In_opt_ LPSECURITY_ATTRIBUTES lpProcessAttributes, _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, _In_ BOOL bInheritHandles, // _In_ DWORD dwCreationFlags, _In_opt_ LPVOID lpEnvironment, _In_opt_ LPCTSTR lpCurrentDirectory, _In_ LPSTARTUPINFO lpStartupInfo, // _Out_ LPPROCESS_INFORMATION lpProcessInformation); https://msdn.microsoft.com/en-us/library/windows/desktop/ms682429(v=vs.85).aspx [PInvokeData("WinBase.h", MSDNShortId = "ms682429")] public static bool CreateProcessAsUser(HTOKEN hToken, string lpApplicationName, StringBuilder lpCommandLine, SECURITY_ATTRIBUTES lpProcessAttributes, SECURITY_ATTRIBUTES lpThreadAttributes, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandles, CREATE_PROCESS dwCreationFlags, IntPtr lpEnvironment, string lpCurrentDirectory, in STARTUPINFOEX lpStartupInfo, out SafePROCESS_INFORMATION lpProcessInformation) { var ret = CreateProcessAsUser(hToken, lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes, bInheritHandles, dwCreationFlags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, out PROCESS_INFORMATION pi); lpProcessInformation = ret ? new SafePROCESS_INFORMATION(pi) : null; return ret; } ///

/// Creates a thread that runs in the virtual address space of another process. /// /// Use the CreateRemoteThreadEx function to create a thread that runs in the virtual address space of another process and /// optionally specify extended attributes. /// ///

/// /// A handle to the process in which the thread is to be created. The handle must have the PROCESS_CREATE_THREAD, /// PROCESS_QUERY_INFORMATION, PROCESS_VM_OPERATION, PROCESS_VM_WRITE, and PROCESS_VM_READ access rights, /// and may fail without these rights on certain platforms. For more information, see Process Security and Access Rights. /// /// /// /// A pointer to a SECURITY_ATTRIBUTES structure that specifies a security descriptor for the new thread and determines /// whether child processes can inherit the returned handle. If lpThreadAttributes is NULL, the thread gets a default security /// descriptor and the handle cannot be inherited. The access control lists (ACL) in the default security descriptor for a thread /// come from the primary token of the creator. /// /// /// Windows XP: The ACLs in the default security descriptor for a thread come from the primary or impersonation token of the /// creator. This behavior changed with Windows XP with SP2 and Windows Server 2003. /// /// /// /// The initial size of the stack, in bytes. The system rounds this value to the nearest page. If this parameter is 0 (zero), the new /// thread uses the default size for the executable. For more information, see Thread Stack Size. /// /// /// A pointer to the application-defined function of type LPTHREAD_START_ROUTINE to be executed by the thread and represents /// the starting address of the thread in the remote process. The function must exist in the remote process. For more information, /// see ThreadProc. /// /// A pointer to a variable to be passed to the thread function. /// /// The flags that control the creation of the thread. /// /// /// /// Value /// Meaning /// /// /// 0 /// The thread runs immediately after creation. /// /// /// CREATE_SUSPENDED0x00000004 /// The thread is created in a suspended state, and does not run until the ResumeThread function is called. /// /// /// STACK_SIZE_PARAM_IS_A_RESERVATION0x00010000 /// /// The dwStackSize parameter specifies the initial reserve size of the stack. If this flag is not specified, dwStackSize specifies /// the commit size. /// /// /// /// /// /// /// A pointer to a variable that receives the thread identifier. /// If this parameter is NULL, the thread identifier is not returned. /// /// /// If the function succeeds, the return value is a handle to the new thread. /// If the function fails, the return value is NULL. To get extended error information, call GetLastError. /// /// Note that CreateRemoteThread may succeed even if lpStartAddress points to data, code, or is not accessible. If the start /// address is invalid when the thread runs, an exception occurs, and the thread terminates. Thread termination due to a invalid /// start address is handled as an error exit for the thread's process. This behavior is similar to the asynchronous nature of /// CreateProcess, where the process is created even if it refers to invalid or missing dynamic-link libraries (DLL). /// /// // HANDLE WINAPI CreateRemoteThread( _In_ HANDLE hProcess, _In_ LPSECURITY_ATTRIBUTES lpThreadAttributes, _In_ SIZE_T dwStackSize, // _In_ LPTHREAD_START_ROUTINE lpStartAddress, _In_ LPVOID lpParameter, _In_ DWORD dwCreationFlags, _Out_ LPDWORD lpThreadId); https://msdn.microsoft.com/en-us/library/windows/desktop/ms682437(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "ms682437")] public static extern SafeHTHREAD CreateRemoteThread([In] HPROCESS hProcess, [In] SECURITY_ATTRIBUTES lpThreadAttributes, SizeT dwStackSize, PTHREAD_START_ROUTINE lpStartAddress, [In] IntPtr lpParameter, CREATE_THREAD_FLAGS dwCreationFlags, out uint lpThreadId); ///

/// /// A handle to the process in which the thread is to be created. The handle must have the PROCESS_CREATE_THREAD, /// PROCESS_QUERY_INFORMATION, PROCESS_VM_OPERATION, PROCESS_VM_WRITE, and PROCESS_VM_READ access rights, /// and may fail without these rights on certain platforms. For more information, see Process Security and Access Rights. /// /// /// /// A pointer to a SECURITY_ATTRIBUTES structure that specifies a security descriptor for the new thread and determines /// whether child processes can inherit the returned handle. If lpThreadAttributes is NULL, the thread gets a default security /// descriptor and the handle cannot be inherited. The access control lists (ACL) in the default security descriptor for a thread /// come from the primary token of the creator. /// /// /// Windows XP: The ACLs in the default security descriptor for a thread come from the primary or impersonation token of the /// creator. This behavior changed with Windows XP with SP2 and Windows Server 2003. /// /// /// /// The initial size of the stack, in bytes. The system rounds this value to the nearest page. If this parameter is 0 (zero), the new /// thread uses the default size for the executable. For more information, see Thread Stack Size. /// /// /// A pointer to the application-defined function of type LPTHREAD_START_ROUTINE to be executed by the thread and represents /// the starting address of the thread in the remote process. The function must exist in the remote process. For more information, /// see ThreadProc. /// /// A pointer to a variable to be passed to the thread function. /// /// The flags that control the creation of the thread. /// /// /// /// Value /// Meaning /// /// /// 0 /// The thread runs immediately after creation. /// /// /// CREATE_SUSPENDED0x00000004 /// The thread is created in a suspended state, and does not run until the ResumeThread function is called. /// /// /// STACK_SIZE_PARAM_IS_A_RESERVATION0x00010000 /// /// The dwStackSize parameter specifies the initial reserve size of the stack. If this flag is not specified, dwStackSize specifies /// the commit size. /// /// /// /// /// /// /// A pointer to a variable that receives the thread identifier. /// If this parameter is NULL, the thread identifier is not returned. /// /// /// If the function succeeds, the return value is a handle to the new thread. /// If the function fails, the return value is NULL. To get extended error information, call GetLastError. /// /// Note that CreateRemoteThread may succeed even if lpStartAddress points to data, code, or is not accessible. If the start /// address is invalid when the thread runs, an exception occurs, and the thread terminates. Thread termination due to a invalid /// start address is handled as an error exit for the thread's process. This behavior is similar to the asynchronous nature of /// CreateProcess, where the process is created even if it refers to invalid or missing dynamic-link libraries (DLL). /// /// // HANDLE WINAPI CreateRemoteThread( _In_ HANDLE hProcess, _In_ LPSECURITY_ATTRIBUTES lpThreadAttributes, _In_ SIZE_T dwStackSize, // _In_ LPTHREAD_START_ROUTINE lpStartAddress, _In_ LPVOID lpParameter, _In_ DWORD dwCreationFlags, _Out_ LPDWORD lpThreadId); https://msdn.microsoft.com/en-us/library/windows/desktop/ms682437(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "ms682437")] public static extern SafeHTHREAD CreateRemoteThread([In] HPROCESS hProcess, [In] SECURITY_ATTRIBUTES lpThreadAttributes, SizeT dwStackSize, IntPtr lpStartAddress, [In] IntPtr lpParameter, CREATE_THREAD_FLAGS dwCreationFlags, out uint lpThreadId); ///

/// Creates a thread that runs in the virtual address space of another process and optionally specifies extended attributes such as /// processor group affinity. ///

/// /// A handle to the process in which the thread is to be created. The handle must have the PROCESS_CREATE_THREAD, /// PROCESS_QUERY_INFORMATION, PROCESS_VM_OPERATION, PROCESS_VM_WRITE, and PROCESS_VM_READ access rights. In Windows 10, version /// 1607, your code must obtain these access rights for the new handle. However, starting in Windows 10, version 1703, if the new /// handle is entitled to these access rights, the system obtains them for you. For more information, see Process Security and Access Rights. /// /// /// A pointer to a SECURITY_ATTRIBUTES structure that specifies a security descriptor for the new thread and determines /// whether child processes can inherit the returned handle. If lpThreadAttributes is NULL, the thread gets a default security /// descriptor and the handle cannot be inherited. The access control lists (ACL) in the default security descriptor for a thread /// come from the primary token of the creator. /// /// /// The initial size of the stack, in bytes. The system rounds this value to the nearest page. If this parameter is 0 (zero), the new /// thread uses the default size for the executable. For more information, see Thread Stack Size. /// /// /// A pointer to the application-defined function of type LPTHREAD_START_ROUTINE to be executed by the thread and represents /// the starting address of the thread in the remote process. The function must exist in the remote process. For more information, /// see ThreadProc. /// /// /// A pointer to a variable to be passed to the thread function pointed to by lpStartAddress. This parameter can be NULL. /// /// /// The flags that control the creation of the thread. /// /// /// /// Value /// Meaning /// /// /// 0 /// The thread runs immediately after creation. /// /// /// CREATE_SUSPENDED0x00000004 /// The thread is created in a suspended state and does not run until the ResumeThread function is called. /// /// /// STACK_SIZE_PARAM_IS_A_RESERVATION0x00010000 /// /// The dwStackSize parameter specifies the initial reserve size of the stack. If this flag is not specified, dwStackSize specifies /// the commit size. /// /// /// /// /// /// /// An attribute list that contains additional parameters for the new thread. This list is created by the /// InitializeProcThreadAttributeList function. /// /// /// A pointer to a variable that receives the thread identifier. /// If this parameter is NULL, the thread identifier is not returned. /// /// /// If the function succeeds, the return value is a handle to the new thread. /// If the function fails, the return value is NULL. To get extended error information, call GetLastError. /// // HANDLE CreateRemoteThreadEx( _In_ HANDLE hProcess, _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, _In_ SIZE_T dwStackSize, // _In_ LPTHREAD_START_ROUTINE lpStartAddress, _In_opt_ LPVOID lpParameter, _In_ DWORD dwCreationFlags, _In_opt_ // LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList, _Out_opt_ LPDWORD lpThreadId); https://msdn.microsoft.com/en-us/library/windows/desktop/dd405484(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "dd405484")] public static extern SafeHTHREAD CreateRemoteThreadEx([In] HPROCESS hProcess, [In] SECURITY_ATTRIBUTES lpThreadAttributes, SizeT dwStackSize, PTHREAD_START_ROUTINE lpStartAddress, [In] IntPtr lpParameter, CREATE_THREAD_FLAGS dwCreationFlags, IntPtr lpAttributeList, out uint lpThreadId); ///

/// Creates a thread that runs in the virtual address space of another process and optionally specifies extended attributes such as /// processor group affinity. ///

/// /// A handle to the process in which the thread is to be created. The handle must have the PROCESS_CREATE_THREAD, /// PROCESS_QUERY_INFORMATION, PROCESS_VM_OPERATION, PROCESS_VM_WRITE, and PROCESS_VM_READ access rights. In Windows 10, version /// 1607, your code must obtain these access rights for the new handle. However, starting in Windows 10, version 1703, if the new /// handle is entitled to these access rights, the system obtains them for you. For more information, see Process Security and Access Rights. /// /// /// A pointer to a SECURITY_ATTRIBUTES structure that specifies a security descriptor for the new thread and determines /// whether child processes can inherit the returned handle. If lpThreadAttributes is NULL, the thread gets a default security /// descriptor and the handle cannot be inherited. The access control lists (ACL) in the default security descriptor for a thread /// come from the primary token of the creator. /// /// /// The initial size of the stack, in bytes. The system rounds this value to the nearest page. If this parameter is 0 (zero), the new /// thread uses the default size for the executable. For more information, see Thread Stack Size. /// /// /// A pointer to the application-defined function of type LPTHREAD_START_ROUTINE to be executed by the thread and represents /// the starting address of the thread in the remote process. The function must exist in the remote process. For more information, /// see ThreadProc. /// /// /// A pointer to a variable to be passed to the thread function pointed to by lpStartAddress. This parameter can be NULL. /// /// /// The flags that control the creation of the thread. /// /// /// /// Value /// Meaning /// /// /// 0 /// The thread runs immediately after creation. /// /// /// CREATE_SUSPENDED0x00000004 /// The thread is created in a suspended state and does not run until the ResumeThread function is called. /// /// /// STACK_SIZE_PARAM_IS_A_RESERVATION0x00010000 /// /// The dwStackSize parameter specifies the initial reserve size of the stack. If this flag is not specified, dwStackSize specifies /// the commit size. /// /// /// /// /// /// /// An attribute list that contains additional parameters for the new thread. This list is created by the /// InitializeProcThreadAttributeList function. /// /// /// A pointer to a variable that receives the thread identifier. /// If this parameter is NULL, the thread identifier is not returned. /// /// /// If the function succeeds, the return value is a handle to the new thread. /// If the function fails, the return value is NULL. To get extended error information, call GetLastError. /// // HANDLE CreateRemoteThreadEx( _In_ HANDLE hProcess, _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, _In_ SIZE_T dwStackSize, // _In_ LPTHREAD_START_ROUTINE lpStartAddress, _In_opt_ LPVOID lpParameter, _In_ DWORD dwCreationFlags, _In_opt_ // LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList, _Out_opt_ LPDWORD lpThreadId); https://msdn.microsoft.com/en-us/library/windows/desktop/dd405484(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "dd405484")] public static extern SafeHTHREAD CreateRemoteThreadEx([In] HPROCESS hProcess, [In] SECURITY_ATTRIBUTES lpThreadAttributes, SizeT dwStackSize, IntPtr lpStartAddress, [In] IntPtr lpParameter, CREATE_THREAD_FLAGS dwCreationFlags, IntPtr lpAttributeList, out uint lpThreadId); ///

/// Creates a thread to execute within the virtual address space of the calling process. /// To create a thread that runs in the virtual address space of another process, use the CreateRemoteThread function. ///

/// /// /// A pointer to a SECURITY_ATTRIBUTES structure that determines whether the returned handle can be inherited by child /// processes. If lpThreadAttributes is NULL, the handle cannot be inherited. /// /// /// The lpSecurityDescriptor member of the structure specifies a security descriptor for the new thread. If lpThreadAttributes /// is NULL, the thread gets a default security descriptor. The ACLs in the default security descriptor for a thread come from the /// primary token of the creator. /// /// /// /// The initial size of the stack, in bytes. The system rounds this value to the nearest page. If this parameter is zero, the new /// thread uses the default size for the executable. For more information, see Thread Stack Size. /// /// /// A pointer to the application-defined function to be executed by the thread. This pointer represents the starting address of the /// thread. For more information on the thread function, see ThreadProc. /// /// A pointer to a variable to be passed to the thread. /// /// The flags that control the creation of the thread. /// /// /// /// Value /// Meaning /// /// /// 0 /// The thread runs immediately after creation. /// /// /// CREATE_SUSPENDED0x00000004 /// The thread is created in a suspended state, and does not run until the ResumeThread function is called. /// /// /// STACK_SIZE_PARAM_IS_A_RESERVATION0x00010000 /// /// The dwStackSize parameter specifies the initial reserve size of the stack. If this flag is not specified, dwStackSize specifies /// the commit size. /// /// /// /// /// /// /// A pointer to a variable that receives the thread identifier. If this parameter is NULL, the thread identifier is not returned. /// /// /// If the function succeeds, the return value is a handle to the new thread. /// If the function fails, the return value is NULL. To get extended error information, call GetLastError. /// /// Note that CreateThread may succeed even if lpStartAddress points to data, code, or is not accessible. If the start address /// is invalid when the thread runs, an exception occurs, and the thread terminates. Thread termination due to a invalid start /// address is handled as an error exit for the thread's process. This behavior is similar to the asynchronous nature of /// CreateProcess, where the process is created even if it refers to invalid or missing dynamic-link libraries (DLLs). /// /// // HANDLE WINAPI CreateThread( _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, _In_ SIZE_T dwStackSize, _In_ // LPTHREAD_START_ROUTINE lpStartAddress, _In_opt_ LPVOID lpParameter, _In_ DWORD dwCreationFlags, _Out_opt_ LPDWORD lpThreadId); https://msdn.microsoft.com/en-us/library/windows/desktop/ms682453(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "ms682453")] public static extern SafeHTHREAD CreateThread([In] SECURITY_ATTRIBUTES lpThreadAttributes, SizeT dwStackSize, PTHREAD_START_ROUTINE lpStartAddress, [In] IntPtr lpParameter, CREATE_THREAD_FLAGS dwCreationFlags, out uint lpThreadId); ///

Deletes the specified list of attributes for process and thread creation.

/// The attribute list. This list is created by the InitializeProcThreadAttributeList function. /// This function does not return a value. // VOID WINAPI DeleteProcThreadAttributeList( _Inout_ LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList); https://msdn.microsoft.com/en-us/library/windows/desktop/ms682559(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = false, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "ms682559")] public static extern void DeleteProcThreadAttributeList(IntPtr lpAttributeList); ///

Ends the calling process and all its threads.

/// The exit code for the process and all threads. /// This function does not return a value. // VOID WINAPI ExitProcess( _In_ UINT uExitCode); https://msdn.microsoft.com/en-us/library/windows/desktop/ms682658(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = false, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "ms682658")] public static extern void ExitProcess(uint uExitCode); ///

Ends the calling thread.

/// The exit code for the thread. /// This function does not return a value. // VOID WINAPI ExitThread( _In_ DWORD dwExitCode); https://msdn.microsoft.com/en-us/library/windows/desktop/ms682659(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = false, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "ms682659")] public static extern void ExitThread(uint dwExitCode); ///

Flushes the instruction cache for the specified process.

/// A handle to a process whose instruction cache is to be flushed. /// A pointer to the base of the region to be flushed. This parameter can be NULL. /// The size of the region to be flushed if the lpBaseAddress parameter is not NULL, in bytes. /// /// If the function succeeds, the return value is nonzero. /// If the function fails, the return value is zero. To get extended error information, call GetLastError. /// // BOOL WINAPI FlushInstructionCache( _In_ HANDLE hProcess, _In_ LPCVOID lpBaseAddress, _In_ SIZE_T dwSize); https://msdn.microsoft.com/en-us/library/windows/desktop/ms679350(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "ms679350")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool FlushInstructionCache([In] HPROCESS hProcess, [In] IntPtr lpBaseAddress, SizeT dwSize); ///

Flushes the write queue of each processor that is running a thread of the current process.

/// This function does not return a value. // VOID WINAPI FlushProcessWriteBuffers(void); https://msdn.microsoft.com/en-us/library/windows/desktop/ms683148(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = false, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "ms683148")] public static extern void FlushProcessWriteBuffers(); ///

Retrieves the process identifier of the calling process.

/// The return value is the process identifier of the calling process. // DWORD WINAPI GetCurrentProcessId(void); https://msdn.microsoft.com/en-us/library/windows/desktop/ms683180(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = false, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "ms683180")] public static extern uint GetCurrentProcessId(); ///

/// Retrieves the number of the processor the current thread was running on during the call to this function. ///

/// /// The function returns the current processor number. /// /// /// This function is used to provide information for estimating process performance. /// /// On systems with more than 64 logical processors, the GetCurrentProcessorNumber function returns the processor number /// within the processor group to which the logical processor is assigned. Use the GetCurrentProcessorNumberEx function to retrieve /// the processor group and number of the current processor. /// /// // https://docs.microsoft.com/en-us/windows/desktop/api/processthreadsapi/nf-processthreadsapi-getcurrentprocessornumber DWORD // GetCurrentProcessorNumber( ); [DllImport(Lib.Kernel32, SetLastError = false, ExactSpelling = true)] [PInvokeData("processthreadsapi.h", MSDNShortId = "1f2bebc7-a548-409a-ab74-78a4b55c8fa7")] public static extern uint GetCurrentProcessorNumber(); ///

Retrieves the processor group and number of the logical processor in which the calling thread is running.

/// /// A pointer to a PROCESSOR_NUMBER structure that receives the processor group to which the logical processor is assigned and /// the number of the logical processor within its group. /// /// /// If the function succeeds, the ProcNumber parameter contains the group and processor number of the processor on which the calling /// thread is running. /// // VOID GetCurrentProcessorNumberEx( _Out_ PPROCESSOR_NUMBER ProcNumber); https://msdn.microsoft.com/en-us/library/windows/desktop/dd405487(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = false, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "dd405487")] public static extern void GetCurrentProcessorNumberEx(out PROCESSOR_NUMBER ProcNumber); ///

Retrieves a pseudo-handle that you can use as a shorthand way to refer to the access token associated with a process.

/// A pseudo-handle that you can use as a shorthand way to refer to the access token associated with a process. [PInvokeData("Processthreadsapi.h", MSDNShortId = "mt643211")] public static HTOKEN GetCurrentProcessToken() => new IntPtr(-4); ///

Retrieves a pseudo handle for the calling thread.

/// The return value is a pseudo handle for the current thread. /// /// A pseudo handle is a special constant that is interpreted as the current thread handle. The calling thread can use this handle to /// specify itself whenever a thread handle is required. Pseudo handles are not inherited by child processes. /// /// This handle has the THREAD_ALL_ACCESS access right to the thread object. For more information, see Thread Security and Access Rights. /// /// /// Windows Server 2003 and Windows XP: This handle has the maximum access allowed by the security descriptor of the thread to the /// primary token of the process. /// /// /// The function cannot be used by one thread to create a handle that can be used by other threads to refer to the first thread. The /// handle is always interpreted as referring to the thread that is using it. A thread can create a "real" handle to itself that can /// be used by other threads, or inherited by other processes, by specifying the pseudo handle as the source handle in a call to the /// DuplicateHandle function. /// /// /// The pseudo handle need not be closed when it is no longer needed. Calling the CloseHandle function with this handle has no /// effect. If the pseudo handle is duplicated by DuplicateHandle, the duplicate handle must be closed. /// /// /// Do not create a thread while impersonating a security context. The call will succeed, however the newly created thread will have /// reduced access rights to itself when calling GetCurrentThread. The access rights granted this thread will be derived from the /// access rights the impersonated user has to the process. Some access rights including THREAD_SET_THREAD_TOKEN and /// THREAD_GET_CONTEXT may not be present, leading to unexpected failures. /// /// [DllImport(Lib.Kernel32, ExactSpelling = true, SetLastError = true)] [PInvokeData("WinBase.h", MSDNShortId = "ms683182")] public static extern HTHREAD GetCurrentThread(); ///

/// Retrieves a pseudo-handle that you can use as a shorthand way to refer to the token that is currently in effect for the thread, /// which is the thread token if one exists and the process token otherwise. ///

/// A pseudo-handle that you can use as a shorthand way to refer to the token that is currently in effect for the thread. // FORCEINLINE HANDLE GetCurrentThreadEffectiveToken(void); https://msdn.microsoft.com/en-us/library/windows/desktop/mt643212(v=vs.85).aspx [PInvokeData("Processthreadsapi.h", MSDNShortId = "mt643212")] public static HTOKEN GetCurrentThreadEffectiveToken() => new IntPtr(-6); ///

Retrieves the thread identifier of the calling thread.

/// The return value is the thread identifier of the calling thread. // DWORD WINAPI GetCurrentThreadId(void); https://msdn.microsoft.com/en-us/library/windows/desktop/ms683183(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = false, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "ms683183")] public static extern uint GetCurrentThreadId(); ///

Retrieves the boundaries of the stack that was allocated by the system for the current thread.

/// A pointer variable that receives the lower boundary of the current thread stack. /// A pointer variable that receives the upper boundary of the current thread stack. /// This function does not return a value. // VOID WINAPI GetCurrentThreadStackLimits( _Out_ PULONG_PTR LowLimit, _Out_ PULONG_PTR HighLimit); https://msdn.microsoft.com/en-us/library/windows/desktop/hh706789(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = false, ExactSpelling = true)] [PInvokeData("Processthreadsapi.h", MSDNShortId = "hh706789")] public static extern void GetCurrentThreadStackLimits(out UIntPtr LowLimit, out UIntPtr HighLimit); ///

/// Retrieves a pseudo-handle that you can use as a shorthand way to refer to the impersonation token that was assigned to the /// current thread. ///

/// /// A pseudo-handle that you can use as a shorthand way to refer to the impersonation token that was assigned to the current thread. /// // FORCEINLINE HANDLE GetCurrentThreadEffectiveToken(void); https://msdn.microsoft.com/en-us/library/windows/desktop/mt643213(v=vs.85).aspx [PInvokeData("Processthreadsapi.h", MSDNShortId = "mt643213")] public static HTOKEN GetCurrentThreadToken() => new IntPtr(-5); ///

Retrieves the termination status of the specified process.

Retrieves the termination status of the specified thread.

/// Retrieves the priority class for the specified process. This value, together with the priority value of each thread of the /// process, determines each thread's base priority level. ///

/// /// A handle to the process. /// /// The handle must have the PROCESS_QUERY_INFORMATION or PROCESS_QUERY_LIMITED_INFORMATION access right. For more /// information, see Process Security and Access Rights. /// /// Windows Server 2003 and Windows XP: The handle must have the PROCESS_QUERY_INFORMATION access right. /// /// /// If the function succeeds, the return value is the priority class of the specified process. /// If the function fails, the return value is zero. To get extended error information, call GetLastError. /// The process's priority class is one of the following values. /// /// /// /// Return code/value /// Description /// /// /// ABOVE_NORMAL_PRIORITY_CLASS0x00008000 /// Process that has priority above NORMAL_PRIORITY_CLASS but below HIGH_PRIORITY_CLASS. /// /// /// BELOW_NORMAL_PRIORITY_CLASS0x00004000 /// Process that has priority above IDLE_PRIORITY_CLASS but below NORMAL_PRIORITY_CLASS. /// /// /// HIGH_PRIORITY_CLASS0x00000080 /// /// Process that performs time-critical tasks that must be executed immediately for it to run correctly. The threads of a /// high-priority class process preempt the threads of normal or idle priority class processes. An example is the Task List, which /// must respond quickly when called by the user, regardless of the load on the operating system. Use extreme care when using the /// high-priority class, because a high-priority class CPU-bound application can use nearly all available cycles. /// /// /// /// IDLE_PRIORITY_CLASS0x00000040 /// /// Process whose threads run only when the system is idle and are preempted by the threads of any process running in a higher /// priority class. An example is a screen saver. The idle priority class is inherited by child processes. /// /// /// /// NORMAL_PRIORITY_CLASS0x00000020 /// Process with no special scheduling needs. /// /// /// REALTIME_PRIORITY_CLASS0x00000100 /// /// Process that has the highest possible priority. The threads of a real-time priority class process preempt the threads of all /// other processes, including operating system processes performing important tasks. For example, a real-time process that executes /// for more than a very brief interval can cause disk caches not to flush or cause the mouse to be unresponsive. /// /// /// /// /// // DWORD WINAPI GetPriorityClass( _In_ HANDLE hProcess); https://msdn.microsoft.com/en-us/library/windows/desktop/ms683211(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "ms683211")] public static extern CREATE_PROCESS GetPriorityClass([In] HPROCESS hProcess); ///

/// Retrieves the list of CPU Sets in the process default set that was set by SetProcessDefaultCpuSets. If no default CPU Sets /// are set for a given process, then the RequiredIdCount is set to 0 and the function succeeds. ///

/// /// Specifies a process handle for the process to query. This handle must have the PROCESS_QUERY_LIMITED_INFORMATION access right. /// The value returned by GetCurrentProcess can also be specified here. /// /// Specifies an optional buffer to retrieve the list of CPU Set identifiers. /// /// Specifies the capacity of the buffer specified in CpuSetIds. If the buffer is NULL, this must be 0. /// /// /// Specifies the required capacity of the buffer to hold the entire list of process default CPU Sets. On successful return, this /// specifies the number of IDs filled into the buffer. /// /// /// This API returns TRUE on success. If the buffer is not large enough the API returns FALSE, and the GetLastError value is /// ERROR_INSUFFICIENT_BUFFER. This API cannot fail when passed valid parameters and the return buffer is large enough. /// // BOOL WINAPI GetProcessDefaultCpuSets( _In_ HANDLE Process, _Out_opt_ PULONG CpuSetIds, _In_ ULONG CpuSetIdCount, _Out_ PULONG // RequiredIdCount); https://msdn.microsoft.com/en-us/library/windows/desktop/mt186424(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("Processthreadapi.h", MSDNShortId = "mt186424")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool GetProcessDefaultCpuSets(HPROCESS Process, IntPtr CpuSetIds, uint CpuSetIdCount, out uint RequiredIdCount); ///

/// Retrieves the list of CPU Sets in the process default set that was set by SetProcessDefaultCpuSets. If no default CPU Sets /// are set for a given process, then an empty array is returned. ///

/// /// Specifies a process handle for the process to query. This handle must have the PROCESS_QUERY_LIMITED_INFORMATION access right. /// The value returned by GetCurrentProcess can also be specified here. /// /// The list of CPU Set identifiers. public static uint[] GetProcessDefaultCpuSets(HPROCESS Process) { var res = GetProcessDefaultCpuSets(Process, IntPtr.Zero, 0, out var cnt); if (!res) { var err = Win32Error.GetLastError(); if (err != Win32Error.ERROR_INSUFFICIENT_BUFFER) err.ThrowIfFailed(); } if (cnt == 0) return new uint[0]; var iptr = new SafeCoTaskMemHandle((int)cnt * Marshal.SizeOf(typeof(uint))); if (!GetProcessDefaultCpuSets(Process, (IntPtr)iptr, cnt, out cnt)) Win32Error.ThrowLastError(); return iptr.ToArray((int)cnt); } ///

Retrieves the number of open handles that belong to the specified process.

/// /// /// A handle to the process whose handle count is being requested. The handle must have the PROCESS_QUERY_INFORMATION or /// PROCESS_QUERY_LIMITED_INFORMATION access right. For more information, see Process Security and Access Rights. /// /// Windows Server 2003 and Windows XP: The handle must have the PROCESS_QUERY_INFORMATION access right. /// /// /// A pointer to a variable that receives the number of open handles that belong to the specified process. /// /// /// If the function succeeds, the return value is nonzero. /// If the function fails, the return value is zero. To get extended error information, call GetLastError. /// // BOOL WINAPI GetProcessHandleCount( _In_ HANDLE hProcess, _Inout_ PDWORD pdwHandleCount); https://msdn.microsoft.com/en-us/library/windows/desktop/ms683214(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "ms683214")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool GetProcessHandleCount([In] HPROCESS hProcess, out uint pdwHandleCount); ///

Retrieves the process identifier of the specified process.

/// /// /// A handle to the process. The handle must have the PROCESS_QUERY_INFORMATION or PROCESS_QUERY_LIMITED_INFORMATION access right. /// For more information, see Process Security and Access Rights. /// /// Windows Server 2003 and Windows XP: The handle must have the PROCESS_QUERY_INFORMATION access right. /// /// // DWORD WINAPI GetProcessId( _In_ HANDLE Process); https://msdn.microsoft.com/en-us/library/windows/desktop/ms683215(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = false, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "ms683215")] public static extern uint GetProcessId([In] HPROCESS Process); ///

Retrieves the process identifier of the process associated with the specified thread.

/// /// /// A handle to the thread. The handle must have the THREAD_QUERY_INFORMATION or THREAD_QUERY_LIMITED_INFORMATION access right. For /// more information, see Thread Security and Access Rights. /// /// Windows Server 2003: The handle must have the THREAD_QUERY_INFORMATION access right. /// /// /// If the function succeeds, the return value is the process identifier of the process associated with the specified thread. /// If the function fails, the return value is zero. To get extended error information, call GetLastError. /// // DWORD WINAPI GetProcessIdOfThread( _In_ HANDLE Thread); https://msdn.microsoft.com/en-us/library/windows/desktop/ms683216(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "ms683216")] public static extern uint GetProcessIdOfThread(HTHREAD Thread); ///

Retrieves information about the specified process.

/// /// A handle to the process. This handle must have the PROCESS_SET_INFORMATION access right. For more information, see Process /// Security and Access Rights. /// /// The kind of information to retrieve. The only supported value is ProcessMemoryPriority /// /// Pointer to an object to receive the type of information specified by the ProcessInformationClass parameter. /// /// If the ProcessInformationClass parameter is ProcessMemoryPriority, this parameter must point to a /// MEMORY_PRIORITY_INFORMATION structure. /// /// /// If the ProcessInformationClass parameter is ProcessPowerThrottling, this parameter must point to a /// PROCESS_POWER_THROTTLING_STATE structure. /// /// /// If the ProcessInformationClass parameter is ProcessProtectionLevelInfo, this parameter must point to a /// PROCESS_PROTECTION_LEVEL_INFORMATION structure. /// /// /// If the ProcessInformationClass parameter is ProcessAppMemoryInfo, this parameter must point to a /// APP_MEMORY_INFORMATION structure. /// /// /// /// The size in bytes of the structure specified by the ProcessInformation parameter. /// If the ProcessInformationClass parameter is ProcessMemoryPriority, this parameter must be . /// If the ProcessInformationClass parameter is ProcessPowerThrottling, this parameter must be . /// If the ProcessInformationClass parameter is ProcessProtectionLevelInfo, this parameter must be . /// If the ProcessInformationClass parameter is ProcessAppMemoryInfo, this parameter must be . /// /// /// If the function succeeds, the return value is nonzero. /// If the function fails, the return value is zero. To get extended error information, call GetLastError. /// // BOOL WINAPI GetProcessInformation( _In_ HANDLE hProcess, _In_ PROCESS_INFORMATION_CLASS ProcessInformationClass, // _Out_writes_bytes_(ProcessInformationSize) ProcessInformation, _In_ DWORD ProcessInformationSize); https://msdn.microsoft.com/en-us/library/windows/desktop/hh448381(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "hh448381")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool GetProcessInformation(HPROCESS hProcess, PROCESS_INFORMATION_CLASS ProcessInformationClass, IntPtr ProcessInformation, uint ProcessInformationSize); ///

Retrieves mitigation policy settings for the calling process.

/// /// A handle to the process. This handle must have the PROCESS_QUERY_INFORMATION access right. For more information, see Process /// Security and Access Rights. /// /// /// The mitigation policy to retrieve. This parameter can be one of the following values. /// /// /// /// Value /// Meaning /// /// /// ProcessDEPPolicy /// /// The data execution prevention (DEP) policy of the process.The lpBuffer parameter points to a PROCESS_MITIGATION_DEP_POLICY /// structure that specifies the DEP policy flags. /// /// /// /// ProcessASLRPolicy /// /// The Address Space Layout Randomization (ASLR) policy of the process.The lpBuffer parameter points to a /// PROCESS_MITIGATION_ASLR_POLICY structure that specifies the ASLR policy flags. /// /// /// /// ProcessDynamicCodePolicy /// /// The dynamic code policy of the process. When turned on, the process cannot generate dynamic code or modify existing executable /// code.The lpBuffer parameter points to a PROCESS_MITIGATION_DYNAMIC_CODE_POLICY structure that specifies the dynamic code policy flags. /// /// /// /// ProcessStrictHandleCheckPolicy /// /// The process will receive a fatal error if it manipulates a handle that is not valid.The lpBuffer parameter points to a /// PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY structure that specifies the handle check policy flags. /// /// /// /// ProcessSystemCallDisablePolicy /// /// Disables the ability to use NTUser/GDI functions at the lowest layer.The lpBuffer parameter points to a /// PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY structure that specifies the system call disable policy flags. /// /// /// /// ProcessMitigationOptionsMask /// /// Returns the mask of valid bits for all the mitigation options on the system. An application can set many mitigation options /// without querying the operating system for mitigation options by combining bitwise with the mask to exclude all non-supported bits /// at once.The lpBuffer parameter points to a ULONG64 bit vector for the mask, or a two-element array of ULONG64 bit vectors. /// /// /// /// ProcessExtensionPointDisablePolicy /// /// Prevents certain built-in third party extension points from being enabled, preventing legacy extension point DLLs from being /// loaded into the process.The lpBuffer parameter points to a PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY structure that /// specifies the extension point disable policy flags. /// /// /// /// ProcessControlFlowGuardPolicy /// /// The Control Flow Guard (CFG) policy of the process.The lpBuffer parameter points to a /// PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY structure that specifies the CFG policy flags. /// /// /// /// ProcessSignaturePolicy /// /// The policy of a process that can restrict image loading to those images that are either signed by Microsoft, by the Windows /// Store, or by Microsoft, the Windows Store and the Windows Hardware Quality Labs (WHQL).he lpBuffer parameter points to a /// PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY structure that specifies the signature policy flags. /// /// /// /// ProcessFontDisablePolicy /// /// The policy regarding font loading for the process. When turned on, the process cannot load non-system fonts.The lpBuffer /// parameter points to a PROCESS_MITIGATION_FONT_DISABLE_POLICY structure that specifies the policy flags for font loading. /// /// /// /// ProcessImageLoadPolicy /// /// The policy regarding image loading for the process, which determines the types of executable images that are allowed to be mapped /// into the process. When turned on, images cannot be loaded from some locations, such a remote devices or files that have the low /// mandatory label.The lpBuffer parameter points to a PROCESS_MITIGATION_IMAGE_LOAD_POLICY structure that specifies the policy flags /// for image loading. /// /// /// /// /// /// /// /// If the MitigationPolicy parameter is ProcessDEPPolicy, this parameter points to a PROCESS_MITIGATION_DEP_POLICY /// structure that receives the DEP policy flags. /// /// /// If the MitigationPolicy parameter is ProcessASLRPolicy, this parameter points to a PROCESS_MITIGATION_ASLR_POLICY /// structure that receives the ASLR policy flags. /// /// /// If the MitigationPolicy parameter is ProcessDynamicCodePolicy, this parameter points to a /// PROCESS_MITIGATION_DYNAMIC_CODE_POLICY structure that receives the dynamic code policy flags. /// /// /// If the MitigationPolicy parameter is ProcessStrictHandleCheckPolicy, this parameter points to a /// PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY structure that specifies the handle check policy flags. /// /// /// If the MitigationPolicy parameter is ProcessSystemCallDisablePolicy, this parameter points to a /// PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY structure that specifies the system call disable policy flags. /// /// /// If the MitigationPolicy parameter is ProcessMitigationOptionsMask, this parameter points to a ULONG64 bit vector /// for the mask or a two-element array of ULONG64 bit vectors. /// /// /// If the MitigationPolicy parameter is ProcessExtensionPointDisablePolicy, this parameter points to a /// PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY structure that specifies the extension point disable policy flags. /// /// /// If the MitigationPolicy parameter is ProcessControlFlowGuardPolicy, this parameter points to a /// PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY structure that specifies the CFG policy flags. /// /// /// If the MitigationPolicy parameter is ProcessSignaturePolicy, this parameter points to a /// PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY structure that receives the signature policy flags. /// /// /// If the MitigationPolicy parameter is ProcessFontDisablePolicy, this parameter points to a /// PROCESS_MITIGATION_FONT_DISABLE_POLICY structure that receives the policy flags for font loading. /// /// /// If the MitigationPolicy parameter is ProcessImageLoadPolicy, this parameter points to a /// PROCESS_MITIGATION_IMAGE_LOAD_POLICY structure that receives the policy flags for image loading. /// /// /// The size of lpBuffer, in bytes. /// /// If the function succeeds, it returns TRUE. If the function fails, it returns FALSE. To retrieve error values /// defined for this function, call GetLastError. /// // BOOL WINAPI GetProcessMitigationPolicy( _In_ HANDLE hProcess, _In_ PROCESS_MITIGATION_POLICY MitigationPolicy, _Out_ PVOID // lpBuffer, _In_ SIZE_T dwLength); https://msdn.microsoft.com/en-us/library/windows/desktop/hh769085(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("Processthreadsapi.h", MSDNShortId = "hh769085")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool GetProcessMitigationPolicy(HPROCESS hProcess, PROCESS_MITIGATION_POLICY MitigationPolicy, IntPtr lpBuffer, SizeT dwLength); ///

Retrieves mitigation policy settings for the calling process.

/// The type of the value to retrieve. /// /// A handle to the process. This handle must have the PROCESS_QUERY_INFORMATION access right. For more information, see Process /// Security and Access Rights. /// /// /// The mitigation policy to retrieve. This parameter can be one of the following values. /// /// /// /// Value /// Meaning /// /// /// ProcessDEPPolicy /// /// The data execution prevention (DEP) policy of the process.The lpBuffer parameter points to a PROCESS_MITIGATION_DEP_POLICY /// structure that specifies the DEP policy flags. /// /// /// /// ProcessASLRPolicy /// /// The Address Space Layout Randomization (ASLR) policy of the process.The lpBuffer parameter points to a /// PROCESS_MITIGATION_ASLR_POLICY structure that specifies the ASLR policy flags. /// /// /// /// ProcessDynamicCodePolicy /// /// The dynamic code policy of the process. When turned on, the process cannot generate dynamic code or modify existing executable /// code.The lpBuffer parameter points to a PROCESS_MITIGATION_DYNAMIC_CODE_POLICY structure that specifies the dynamic code policy flags. /// /// /// /// ProcessStrictHandleCheckPolicy /// /// The process will receive a fatal error if it manipulates a handle that is not valid.The lpBuffer parameter points to a /// PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY structure that specifies the handle check policy flags. /// /// /// /// ProcessSystemCallDisablePolicy /// /// Disables the ability to use NTUser/GDI functions at the lowest layer.The lpBuffer parameter points to a /// PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY structure that specifies the system call disable policy flags. /// /// /// /// ProcessMitigationOptionsMask /// /// Returns the mask of valid bits for all the mitigation options on the system. An application can set many mitigation options /// without querying the operating system for mitigation options by combining bitwise with the mask to exclude all non-supported bits /// at once.The lpBuffer parameter points to a ULONG64 bit vector for the mask, or a two-element array of ULONG64 bit vectors. /// /// /// /// ProcessExtensionPointDisablePolicy /// /// Prevents certain built-in third party extension points from being enabled, preventing legacy extension point DLLs from being /// loaded into the process.The lpBuffer parameter points to a PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY structure that /// specifies the extension point disable policy flags. /// /// /// /// ProcessControlFlowGuardPolicy /// /// The Control Flow Guard (CFG) policy of the process.The lpBuffer parameter points to a /// PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY structure that specifies the CFG policy flags. /// /// /// /// ProcessSignaturePolicy /// /// The policy of a process that can restrict image loading to those images that are either signed by Microsoft, by the Windows /// Store, or by Microsoft, the Windows Store and the Windows Hardware Quality Labs (WHQL).he lpBuffer parameter points to a /// PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY structure that specifies the signature policy flags. /// /// /// /// ProcessFontDisablePolicy /// /// The policy regarding font loading for the process. When turned on, the process cannot load non-system fonts.The lpBuffer /// parameter points to a PROCESS_MITIGATION_FONT_DISABLE_POLICY structure that specifies the policy flags for font loading. /// /// /// /// ProcessImageLoadPolicy /// /// The policy regarding image loading for the process, which determines the types of executable images that are allowed to be mapped /// into the process. When turned on, images cannot be loaded from some locations, such a remote devices or files that have the low /// mandatory label.The lpBuffer parameter points to a PROCESS_MITIGATION_IMAGE_LOAD_POLICY structure that specifies the policy flags /// for image loading. /// /// /// /// /// /// The value. /// /// If the function succeeds, it returns TRUE. If the function fails, it returns FALSE. To retrieve error values /// defined for this function, call GetLastError. /// /// public static bool GetProcessMitigationPolicy(HPROCESS hProcess, PROCESS_MITIGATION_POLICY MitigationPolicy, out T value) { var isMask = MitigationPolicy == PROCESS_MITIGATION_POLICY.ProcessMitigationOptionsMask; if (!isMask && !CorrespondingTypeAttribute.CanGet(MitigationPolicy, typeof(T))) throw new ArgumentException($"{MitigationPolicy} cannot be used to get values of type {typeof(T)}."); var sz = isMask ? 16 : Marshal.SizeOf(typeof(T)); using (var ptr = new SafeCoTaskMemHandle(sz)) { if (GetProcessMitigationPolicy(hProcess, MitigationPolicy, (IntPtr)ptr, (uint)ptr.Size)) { if (isMask && typeof(T).Equals(typeof(ulong[]))) value = (T)(object)ptr.ToArray(2); else value = ptr.ToStructure(); return true; } } value = default; return false; } ///

Retrieves the priority boost control state of the specified process.

/// /// /// A handle to the process. This handle must have the PROCESS_QUERY_INFORMATION or PROCESS_QUERY_LIMITED_INFORMATION /// access right. For more information, see Process Security and Access Rights. /// /// Windows Server 2003 and Windows XP: The handle must have the PROCESS_QUERY_INFORMATION access right. /// /// /// A pointer to a variable that receives the priority boost control state. A value of TRUE indicates that dynamic boosting is /// disabled. A value of FALSE indicates normal behavior. /// /// /// /// If the function succeeds, the return value is nonzero. In that case, the variable pointed to by the pDisablePriorityBoost /// parameter receives the priority boost control state. /// /// If the function fails, the return value is zero. To get extended error information, call GetLastError. /// // BOOL WINAPI GetProcessPriorityBoost( _In_ HANDLE hProcess, _Out_ PBOOL pDisablePriorityBoost); https://msdn.microsoft.com/en-us/library/windows/desktop/ms683220(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "ms683220")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool GetProcessPriorityBoost([In] HPROCESS hProcess, [MarshalAs(UnmanagedType.Bool)] out bool pDisablePriorityBoost); ///

Retrieves the shutdown parameters for the currently calling process.

/// /// /// A pointer to a variable that receives the shutdown priority level. Higher levels shut down first. System level shutdown orders /// are reserved for system components. Higher numbers shut down first. Following are the level conventions. /// /// /// /// /// Value /// Meaning /// /// /// 000-0FF /// System reserved last shutdown range. /// /// /// 100-1FF /// Application reserved last shutdown range. /// /// /// 200-2FF /// Application reserved "in between" shutdown range. /// /// /// 300-3FF /// Application reserved first shutdown range. /// /// /// 400-4FF /// System reserved first shutdown range. /// /// /// /// All processes start at shutdown level 0x280. /// /// /// A pointer to a variable that receives the shutdown flags. This parameter can be the following value. /// /// /// /// Value /// Meaning /// /// /// SHUTDOWN_NORETRY0x00000001 /// /// If this process takes longer than the specified timeout to shut down, do not display a retry dialog box for the user. Instead, /// just cause the process to directly exit. /// /// /// /// /// /// /// If the function succeeds, the return value is nonzero. /// If the function fails, the return value is zero. To get extended error information, call GetLastError. /// // BOOL WINAPI GetProcessShutdownParameters( _Out_ LPDWORD lpdwLevel, _Out_ LPDWORD lpdwFlags); https://msdn.microsoft.com/en-us/library/windows/desktop/ms683221(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "ms683221")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool GetProcessShutdownParameters(out uint lpdwLevel, out SHUTDOWN lpdwFlags); ///

Retrieves timing information for the specified process.

/// /// /// A handle to the process whose timing information is sought. The handle must have the PROCESS_QUERY_INFORMATION or /// PROCESS_QUERY_LIMITED_INFORMATION access right. For more information, see Process Security and Access Rights. /// /// Windows Server 2003 and Windows XP: The handle must have the PROCESS_QUERY_INFORMATION access right. /// /// A pointer to a FILETIME structure that receives the creation time of the process. /// /// A pointer to a FILETIME structure that receives the exit time of the process. If the process has not exited, the content /// of this structure is undefined. /// /// /// A pointer to a FILETIME structure that receives the amount of time that the process has executed in kernel mode. The time /// that each of the threads of the process has executed in kernel mode is determined, and then all of those times are summed /// together to obtain this value. /// /// /// A pointer to a FILETIME structure that receives the amount of time that the process has executed in user mode. The time /// that each of the threads of the process has executed in user mode is determined, and then all of those times are summed together /// to obtain this value. Note that this value can exceed the amount of real time elapsed (between lpCreationTime and lpExitTime) if /// the process executes across multiple CPU cores. /// /// /// If the function succeeds, the return value is nonzero. /// If the function fails, the return value is zero. To get extended error information, call GetLastError. /// // BOOL WINAPI GetProcessTimes( _In_ HANDLE hProcess, _Out_ LPFILETIME lpCreationTime, _Out_ LPFILETIME lpExitTime, _Out_ LPFILETIME // lpKernelTime, _Out_ LPFILETIME lpUserTime); https://msdn.microsoft.com/en-us/library/windows/desktop/ms683223(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "ms683223")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool GetProcessTimes([In] HPROCESS hProcess, out FILETIME lpCreationTime, out FILETIME lpExitTime, out FILETIME lpKernelTime, out FILETIME lpUserTime); ///

Retrieves the major and minor version numbers of the system on which the specified process expects to run.

/// The process identifier of the process of interest. A value of zero specifies the calling process. /// /// /// If the function succeeds, the return value is the version of the system on which the process expects to run. The high word of the /// return value contains the major version number. The low word of the return value contains the minor version number. /// /// /// If the function fails, the return value is zero. To get extended error information, call GetLastError. The function fails /// if ProcessId is an invalid value. /// /// // DWORD WINAPI GetProcessVersion( _In_ DWORD ProcessId); https://msdn.microsoft.com/en-us/library/windows/desktop/ms683224(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "ms683224")] public static extern uint GetProcessVersion(uint ProcessId); ///

Retrieves the contents of the STARTUPINFO structure that was specified when the calling process was created.

/// A pointer to a STARTUPINFO structure that receives the startup information. /// /// This function does not return a value. /// /// If an error occurs, the ANSI version of this function ( GetStartupInfoA) can raise an exception. The Unicode version ( /// GetStartupInfoW) does not fail. /// /// // VOID WINAPI GetStartupInfo( _Out_ LPSTARTUPINFO lpStartupInfo); https://msdn.microsoft.com/en-us/library/windows/desktop/ms683230(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = false, CharSet = CharSet.Auto)] [PInvokeData("WinBase.h", MSDNShortId = "ms683230")] public static extern void GetStartupInfo(out STARTUPINFO lpStartupInfo); ///

Allows an application to query the available CPU Sets on the system, and their current state.

/// /// A pointer to a SYSTEM_CPU_SET_INFORMATION structure that receives the CPU Set data. Pass NULL with a buffer length of 0 to /// determine the required buffer size. /// /// The length, in bytes, of the output buffer passed as the Information argument. /// /// The length, in bytes, of the valid data in the output buffer if the buffer is large enough, or the required size of the output /// buffer. If no CPU Sets exist, this value will be 0. /// /// /// An optional handle to a process. This process is used to determine the value of the AllocatedToTargetProcess flag in the /// SYSTEM_CPU_SET_INFORMATION structure. If a CPU Set is allocated to the specified process, the flag is set. Otherwise, it is /// clear. This handle must have the PROCESS_QUERY_LIMITED_INFORMATION access right. The value returned by GetCurrentProcess /// may also be specified here. /// /// Reserved, must be 0. /// /// If the API succeeds it returns TRUE. If it fails, the error reason is available through GetLastError. If the Information /// buffer was NULL or not large enough, the error code ERROR_INSUFFICIENT_BUFFER is returned. This API cannot fail when passed valid /// parameters and a buffer that is large enough to hold all of the return data. /// // BOOL WINAPI GetSystemCpuSetInformation( _Out_opt_ PSYSTEM_CPU_SET_INFORMATION Information, _In_ ULONG BufferLength, _Out_ PULONG // ReturnedLength, _In_opt_ HANDLE Process, _Reserved_ ULONG Flags); https://msdn.microsoft.com/en-us/library/windows/desktop/mt186425(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("Processthreadapi.h", MSDNShortId = "mt186425")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool GetSystemCpuSetInformation(IntPtr Information, uint BufferLength, out uint ReturnedLength, [Optional] HPROCESS Process, [Optional] uint Flags); ///

Allows an application to query the available CPU Sets on the system, and their current state.

/// /// An optional handle to a process. This process is used to determine the value of the AllocatedToTargetProcess flag in the /// SYSTEM_CPU_SET_INFORMATION structure. If a CPU Set is allocated to the specified process, the flag is set. Otherwise, it is /// clear. This handle must have the PROCESS_QUERY_LIMITED_INFORMATION access right. The value returned by GetCurrentProcess /// may also be specified here. /// /// A SYSTEM_CPU_SET_INFORMATION1 structure that receives the CPU Set data. public static SYSTEM_CPU_SET_INFORMATION1 GetSystemCpuSetInformation([Optional] HPROCESS Process) { var success = false; SafeCoTaskMemHandle ptr = null; for (var sz = (uint)Marshal.SizeOf(typeof(SYSTEM_CPU_SET_INFORMATION)); !success;) { ptr = new SafeCoTaskMemHandle((int)sz); success = GetSystemCpuSetInformation((IntPtr)ptr, sz, out sz, Process); if (!success) { var err = Win32Error.GetLastError(); if (err != Win32Error.ERROR_INSUFFICIENT_BUFFER) err.ThrowIfFailed(); } } return ptr.ToStructure().Union.CpuSet; } ///

/// Retrieves system timing information. On a multiprocessor system, the values returned are the sum of the designated times across /// all processors. ///

/// /// A pointer to a FILETIME structure that receives the amount of time that the system has been idle. /// /// /// A pointer to a FILETIME structure that receives the amount of time that the system has spent executing in Kernel mode /// (including all threads in all processes, on all processors). This time value also includes the amount of time the system has been idle. /// /// /// A pointer to a FILETIME structure that receives the amount of time that the system has spent executing in User mode /// (including all threads in all processes, on all processors). /// /// /// If the function succeeds, the return value is nonzero. /// If the function fails, the return value is zero. To get extended error information, call GetLastError. /// // BOOL WINAPI GetSystemTimes( _Out_opt_ LPFILETIME lpIdleTime, _Out_opt_ LPFILETIME lpKernelTime, _Out_opt_ LPFILETIME lpUserTime); https://msdn.microsoft.com/en-us/library/windows/desktop/ms724400(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("Winbase.h", MSDNShortId = "ms724400")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool GetSystemTimes(out FILETIME lpIdleTime, out FILETIME lpKernelTime, out FILETIME lpUserTime); ///

/// Retrieves the context of the specified thread. /// A 64-bit application can retrieve the context of a WOW64 thread using the Wow64GetThreadContext function. ///

/// /// /// A handle to the thread whose context is to be retrieved. The handle must have THREAD_GET_CONTEXT access to the thread. For /// more information, see Thread Security and Access Rights. /// /// WOW64: The handle must also have THREAD_QUERY_INFORMATION access. /// /// /// A pointer to a CONTEXT structure that receives the appropriate context of the specified thread. The value of the /// ContextFlags member of this structure specifies which portions of a thread's context are retrieved. The CONTEXT /// structure is highly processor specific. Refer to the WinNT.h header file for processor-specific definitions of this structures /// and any alignment requirements. /// /// /// If the function succeeds, the return value is nonzero. /// If the function fails, the return value is zero. To get extended error information, call GetLastError. /// // BOOL WINAPI GetThreadContext( _In_ HANDLE hThread, _Inout_ LPCONTEXT lpContext); https://msdn.microsoft.com/en-us/library/windows/desktop/ms679362(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "ms679362")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool GetThreadContext([In] HTHREAD hThread, IntPtr lpContext); ///

Retrieves the description that was assigned to a thread by calling SetThreadDescription.

/// /// A handle to the thread for which to retrieve the description. The handle must have THREAD_QUERY_LIMITED_INFORMATION access. /// /// A Unicode string that contains the description of the thread. /// /// If the function succeeds, the return value is the HRESULT that denotes a successful operation.If the function fails, the /// return value is an HRESULT that denotes the error. /// // HRESULT WINAPI GetThreadDescription( _In_ HANDLE hThread, _Out_ PWSTR *threadDescription); https://msdn.microsoft.com/en-us/library/windows/desktop/mt774972(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)] [PInvokeData("ProcessThreadsApi.h", MSDNShortId = "mt774972")] public static extern HRESULT GetThreadDescription(HTHREAD hThread, out string threadDescription); ///

Retrieves the thread identifier of the specified thread.

/// /// /// A handle to the thread. The handle must have the THREAD_QUERY_INFORMATION or THREAD_QUERY_LIMITED_INFORMATION access right. For /// more information about access rights, see Thread Security and Access Rights. /// /// Windows Server 2003: The handle must have the THREAD_QUERY_INFORMATION access right. /// /// If the function fails, the return value is zero. To get extended error information, call GetLastError. // DWORD WINAPI GetThreadId( _In_ HANDLE Thread); https://msdn.microsoft.com/en-us/library/windows/desktop/ms683233(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "ms683233")] public static extern uint GetThreadId(IntPtr Thread); ///

Retrieves the processor number of the ideal processor for the specified thread.

/// /// A handle to the thread for which to retrieve the ideal processor. This handle must have been created with the /// THREAD_QUERY_LIMITED_INFORMATION access right. For more information, see Thread Security and Access Rights. /// /// Points to PROCESSOR_NUMBER structure to receive the number of the ideal processor. /// /// If the function succeeds, it returns a nonzero value. /// If the function fails, it returns zero. To get extended error information, use GetLastError. /// // BOOL GetThreadIdealProcessorEx( _In_ HANDLE hThread, _Out_ PPROCESSOR_NUMBER lpIdealProcessor); https://msdn.microsoft.com/en-us/library/windows/desktop/dd405499(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "dd405499")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool GetThreadIdealProcessorEx(HTHREAD hThread, out PROCESSOR_NUMBER lpIdealProcessor); ///

Retrieves information about the specified thread.

/// /// A handle to the thread. The handle must have THREAD_QUERY_INFORMATION access rights. For more information, see Thread Security /// and Access Rights. /// /// /// The class of information to retrieve. The only supported values are ThreadMemoryPriority and ThreadPowerThrottling. /// /// /// Pointer to a structure to receive the type of information specified by the ThreadInformationClass parameter. /// /// If the ThreadInformationClass parameter is ThreadMemoryPriority, this parameter must point to a /// MEMORY_PRIORITY_INFORMATION structure. /// /// /// If the ThreadInformationClass parameter is ThreadPowerThrottling, this parameter must point to a /// THREAD_POWER_THROTTLING_STATE structure. /// /// /// /// The size in bytes of the structure specified by the ThreadInformation parameter. /// If the ThreadInformationClass parameter is ThreadMemoryPriority, this parameter must be . /// If the ThreadInformationClass parameter is ThreadPowerThrottling, this parameter must be . /// /// /// If the function succeeds, the return value is nonzero. /// If the function fails, the return value is zero. To get extended error information, call GetLastError. /// // BOOL GetThreadInformation( _In_ HANDLE hThread, _In_ THREAD_INFORMATION_CLASS ThreadInformationClass, _Out_writes_bytes_ // ThreadInformation, _In_ DWORD ThreadInformationSize);// https://msdn.microsoft.com/en-us/library/windows/desktop/hh448382(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "hh448382")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool GetThreadInformation(HTHREAD hThread, THREAD_INFORMATION_CLASS ThreadInformationClass, IntPtr ThreadInformation, uint ThreadInformationSize); ///

Determines whether a specified thread has any I/O requests pending.

/// /// A handle to the thread in question. This handle must have been created with the THREAD_QUERY_INFORMATION access right. For more /// information, see Thread Security and Access Rights. /// /// /// A pointer to a variable which the function sets to TRUE if the specified thread has one or more I/O requests pending, or to FALSE otherwise. /// /// /// If the function succeeds, the return value is nonzero. /// If the function fails, the return value is zero. To get extended error information, call GetLastError. /// // BOOL WINAPI GetThreadIOPendingFlag( _In_ HANDLE hThread, _Inout_ PBOOL lpIOIsPending); https://msdn.microsoft.com/en-us/library/windows/desktop/ms683234(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "ms683234")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool GetThreadIOPendingFlag([In] HTHREAD hThread, [MarshalAs(UnmanagedType.Bool)] out bool lpIOIsPending); ///

/// Retrieves the priority value for the specified thread. This value, together with the priority class of the thread's process, /// determines the thread's base-priority level. ///

/// /// A handle to the thread. /// /// The handle must have the THREAD_QUERY_INFORMATION or THREAD_QUERY_LIMITED_INFORMATION access right. For more /// information, see Thread Security and Access Rights. /// /// Windows Server 2003: The handle must have the THREAD_QUERY_INFORMATION access right. /// /// /// If the function succeeds, the return value is the thread's priority level. /// /// If the function fails, the return value is THREAD_PRIORITY_ERROR_RETURN. To get extended error information, call GetLastError. /// /// Windows Phone 8.1: This function will always return THREAD_PRIORITY_NORMAL. /// The thread's priority level is one of the following values. /// /// /// /// Return code/value /// Description /// /// /// THREAD_PRIORITY_ABOVE_NORMAL1 /// Priority 1 point above the priority class. /// /// /// THREAD_PRIORITY_BELOW_NORMAL-1 /// Priority 1 point below the priority class. /// /// /// THREAD_PRIORITY_HIGHEST2 /// Priority 2 points above the priority class. /// /// /// THREAD_PRIORITY_IDLE-15 /// /// Base priority of 1 for IDLE_PRIORITY_CLASS, BELOW_NORMAL_PRIORITY_CLASS, NORMAL_PRIORITY_CLASS, ABOVE_NORMAL_PRIORITY_CLASS, or /// HIGH_PRIORITY_CLASS processes, and a base priority of 16 for REALTIME_PRIORITY_CLASS processes. /// /// /// /// THREAD_PRIORITY_LOWEST-2 /// Priority 2 points below the priority class. /// /// /// THREAD_PRIORITY_NORMAL0 /// Normal priority for the priority class. /// /// /// THREAD_PRIORITY_TIME_CRITICAL15 /// /// Base-priority level of 15 for IDLE_PRIORITY_CLASS, BELOW_NORMAL_PRIORITY_CLASS, NORMAL_PRIORITY_CLASS, /// ABOVE_NORMAL_PRIORITY_CLASS, or HIGH_PRIORITY_CLASS processes, and a base-priority level of 31 for REALTIME_PRIORITY_CLASS processes. /// /// /// /// /// /// If the thread has the REALTIME_PRIORITY_CLASS base class, this function can also return one of the following values: -7, /// -6, -5, -4, -3, 3, 4, 5, or 6. For more information, see Scheduling Priorities. /// /// // int WINAPI GetThreadPriority( _In_ HANDLE hThread);// https://msdn.microsoft.com/en-us/library/windows/desktop/ms683235(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "ms683235")] public static extern int GetThreadPriority([In] HTHREAD hThread); ///

Retrieves the priority boost control state of the specified thread.

/// /// /// A handle to the thread. The handle must have the THREAD_QUERY_INFORMATION or THREAD_QUERY_LIMITED_INFORMATION /// access right. For more information, see Thread Security and Access Rights. /// /// Windows Server 2003 and Windows XP: The handle must have the THREAD_QUERY_INFORMATION access right. /// /// /// A pointer to a variable that receives the priority boost control state. A value of TRUE indicates that dynamic boosting is /// disabled. A value of FALSE indicates normal behavior. /// /// /// /// If the function succeeds, the return value is nonzero. In that case, the variable pointed to by the pDisablePriorityBoost /// parameter receives the priority boost control state. /// /// If the function fails, the return value is zero. To get extended error information, call GetLastError. /// // BOOL WINAPI GetThreadPriorityBoost( _In_ HANDLE hThread, _Out_ PBOOL pDisablePriorityBoost); https://msdn.microsoft.com/en-us/library/windows/desktop/ms683236(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "ms683236")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool GetThreadPriorityBoost([In] HTHREAD hThread, [MarshalAs(UnmanagedType.Bool)] out bool pDisablePriorityBoost); ///

/// Returns the explicit CPU Set assignment of the specified thread, if any assignment was set using the /// SetThreadSelectedCpuSets API. If no explicit assignment is set, RequiredIdCount is set to 0 and the function /// returns TRUE. ///

/// /// Specifies the thread for which to query the selected CPU Sets. This handle must have the THREAD_QUERY_LIMITED_INFORMATION access /// right. The value returned by GetCurrentThread can also be specified here. /// /// Specifies an optional buffer to retrieve the list of CPU Set identifiers. /// /// Specifies the capacity of the buffer specified in CpuSetIds. If the buffer is NULL, this must be 0. /// /// /// Specifies the required capacity of the buffer to hold the entire list of thread selected CPU Sets. On successful return, this /// specifies the number of IDs filled into the buffer. /// /// /// This API returns TRUE on success. If the buffer is not large enough, the GetLastError value is ERROR_INSUFFICIENT_BUFFER. /// This API cannot fail when passed valid parameters and the return buffer is large enough. /// // BOOL WINAPI GetThreadSelectedCpuSets( _In_ HANDLE Thread, _Out_opt_ PULONG CpuSetIds, _In_ ULONG CpuSetIdCount, _Out_ PULONG // RequiredIdCount); https://msdn.microsoft.com/en-us/library/windows/desktop/mt186426(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("Processthreadapi.h", MSDNShortId = "mt186426")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool GetThreadSelectedCpuSets(HTHREAD Thread, IntPtr CpuSetIds, uint CpuSetIdCount, out uint RequiredIdCount); ///

Retrieves timing information for the specified thread.

/// /// /// A handle to the thread whose timing information is sought. The handle must have the THREAD_QUERY_INFORMATION or /// THREAD_QUERY_LIMITED_INFORMATION access right. For more information, see Thread Security and Access Rights. /// /// Windows Server 2003 and Windows XP: The handle must have the THREAD_QUERY_INFORMATION access right. /// /// A pointer to a FILETIME structure that receives the creation time of the thread. /// /// A pointer to a FILETIME structure that receives the exit time of the thread. If the thread has not exited, the content of /// this structure is undefined. /// /// /// A pointer to a FILETIME structure that receives the amount of time that the thread has executed in kernel mode. /// /// /// A pointer to a FILETIME structure that receives the amount of time that the thread has executed in user mode. /// /// /// If the function succeeds, the return value is nonzero. /// If the function fails, the return value is zero. To get extended error information, call GetLastError. /// // BOOL WINAPI GetThreadTimes( _In_ HANDLE hThread, _Out_ LPFILETIME lpCreationTime, _Out_ LPFILETIME lpExitTime, _Out_ LPFILETIME // lpKernelTime, _Out_ LPFILETIME lpUserTime);// https://msdn.microsoft.com/en-us/library/windows/desktop/ms683237(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "ms683237")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool GetThreadTimes([In] HTHREAD hThread, out FILETIME lpCreationTime, out FILETIME lpExitTime, out FILETIME lpKernelTime, out FILETIME lpUserTime); ///

Initializes the specified list of attributes for process and thread creation.

/// /// The attribute list. This parameter can be NULL to determine the buffer size required to support the specified number of attributes. /// /// The count of attributes to be added to the list. /// This parameter is reserved and must be zero. /// /// /// If lpAttributeList is not NULL, this parameter specifies the size in bytes of the lpAttributeList buffer on input. On output, /// this parameter receives the size in bytes of the initialized attribute list. /// /// If lpAttributeList is NULL, this parameter receives the required buffer size in bytes. /// /// /// If the function succeeds, the return value is nonzero. /// If the function fails, the return value is zero. To get extended error information, call GetLastError. /// // BOOL WINAPI InitializeProcThreadAttributeList( _Out_opt_ LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList, _In_ DWORD // dwAttributeCount, _Reserved_ DWORD dwFlags, _Inout_ PSIZE_T lpSize); https://msdn.microsoft.com/en-us/library/windows/desktop/ms683481(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "ms683481")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool InitializeProcThreadAttributeList(IntPtr lpAttributeList, uint dwAttributeCount, [Optional] uint dwFlags, ref SizeT lpSize); ///

Determines whether the specified process is considered critical.

/// /// A handle to the process to query. The process must have been opened with PROCESS_QUERY_LIMITED_INFORMATION access. /// /// /// A pointer to the BOOL value this function will use to indicate whether the process is considered critical. /// /// /// This routine returns FALSE on failure. Any other value indicates success. Call GetLastError to query for the specific /// error reason on failure. /// // BOOL WINAPI IsProcessCritical( _In_ HANDLE hProcess, _Out_ PBOOL Critical); https://msdn.microsoft.com/en-us/library/windows/desktop/dn386160(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("Processthreadsapi.h", MSDNShortId = "dn386160")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool IsProcessCritical([In] HPROCESS hProcess, [MarshalAs(UnmanagedType.Bool)] out bool Critical); ///

Determines whether the specified processor feature is supported by the current computer.

/// /// The processor feature to be tested. This parameter can be one of the following values. /// /// /// /// Value /// Meaning /// /// /// PF_ARM_64BIT_LOADSTORE_ATOMIC25 /// The 64-bit load/store atomic instructions are available. /// /// /// PF_ARM_DIVIDE_INSTRUCTION_AVAILABLE24 /// The divide instructions are available. /// /// /// PF_ARM_EXTERNAL_CACHE_AVAILABLE26 /// The external cache is available. /// /// /// PF_ARM_FMAC_INSTRUCTIONS_AVAILABLE27 /// The floating-point multiply-accumulate instruction is available. /// /// /// PF_ARM_VFP_32_REGISTERS_AVAILABLE18 /// The VFP/Neon: 32 x 64bit register bank is present. This flag has the same meaning as PF_ARM_VFP_EXTENDED_REGISTERS. /// /// /// PF_3DNOW_INSTRUCTIONS_AVAILABLE7 /// The 3D-Now instruction set is available. /// /// /// PF_CHANNELS_ENABLED16 /// The processor channels are enabled. /// /// /// PF_COMPARE_EXCHANGE_DOUBLE2 /// The atomic compare and exchange operation (cmpxchg) is available. /// /// /// PF_COMPARE_EXCHANGE12814 /// /// The atomic compare and exchange 128-bit operation (cmpxchg16b) is available.Windows Server 2003 and Windows XP/2000: This feature /// is not supported. /// /// /// /// PF_COMPARE64_EXCHANGE12815 /// /// The atomic compare 64 and exchange 128-bit operation (cmp8xchg16) is available.Windows Server 2003 and Windows XP/2000: This /// feature is not supported. /// /// /// /// PF_FASTFAIL_AVAILABLE23 /// _fastfail() is available. /// /// /// PF_FLOATING_POINT_EMULATED1 /// /// Floating-point operations are emulated using a software emulator.This function returns a nonzero value if floating-point /// operations are emulated; otherwise, it returns zero. /// /// /// /// PF_FLOATING_POINT_PRECISION_ERRATA0 /// On a Pentium, a floating-point precision error can occur in rare circumstances. /// /// /// PF_MMX_INSTRUCTIONS_AVAILABLE3 /// The MMX instruction set is available. /// /// /// PF_NX_ENABLED12 /// /// Data execution prevention is enabled.Windows XP/2000: This feature is not supported until Windows XP with SP2 and Windows Server /// 2003 with SP1. /// /// /// /// PF_PAE_ENABLED9 /// /// The processor is PAE-enabled. For more information, see Physical Address Extension.All x64 processors always return a nonzero /// value for this feature. /// /// /// /// PF_RDTSC_INSTRUCTION_AVAILABLE8 /// The RDTSC instruction is available. /// /// /// PF_RDWRFSGSBASE_AVAILABLE22 /// RDFSBASE, RDGSBASE, WRFSBASE, and WRGSBASE instructions are available. /// /// /// PF_SECOND_LEVEL_ADDRESS_TRANSLATION20 /// Second Level Address Translation is supported by the hardware. /// /// /// PF_SSE3_INSTRUCTIONS_AVAILABLE13 /// The SSE3 instruction set is available.Windows Server 2003 and Windows XP/2000: This feature is not supported. /// /// /// PF_VIRT_FIRMWARE_ENABLED21 /// Virtualization is enabled in the firmware. /// /// /// PF_XMMI_INSTRUCTIONS_AVAILABLE6 /// The SSE instruction set is available. /// /// /// PF_XMMI64_INSTRUCTIONS_AVAILABLE10 /// The SSE2 instruction set is available.Windows 2000: This feature is not supported. /// /// /// PF_XSAVE_ENABLED17 /// /// The processor implements the XSAVE and XRSTOR instructions.Windows Server 2008, Windows Vista, Windows Server 2003 and Windows /// XP/2000: This feature is not supported until Windows 7 and Windows Server 2008 R2. /// /// /// /// /// /// /// If the feature is supported, the return value is a nonzero value. /// If the feature is not supported, the return value is zero. /// /// If the HAL does not support detection of the feature, whether or not the hardware supports the feature, the return value is also zero. /// /// // BOOL WINAPI IsProcessorFeaturePresent( _In_ DWORD ProcessorFeature); https://msdn.microsoft.com/en-us/library/windows/desktop/ms724482(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = false, ExactSpelling = true)] [PInvokeData("Winbase.h", MSDNShortId = "ms724482")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool IsProcessorFeaturePresent(PROCESSOR_FEATURE ProcessorFeature); ///

Opens an existing local process object.

/// /// /// The access to the process object. This access right is checked against the security descriptor for the process. This parameter /// can be one or more of the process access rights. /// /// /// If the caller has enabled the SeDebugPrivilege privilege, the requested access is granted regardless of the contents of the /// security descriptor. /// /// /// /// If this value is TRUE, processes created by this process will inherit the handle. Otherwise, the processes do not inherit this handle. /// /// /// The identifier of the local process to be opened. /// /// If the specified process is the System Process (0x00000000), the function fails and the last error code is /// ERROR_INVALID_PARAMETER. If the specified process is the Idle process or one of the CSRSS processes, this function fails and the /// last error code is ERROR_ACCESS_DENIED because their access restrictions prevent user-level code from opening them. /// /// /// If you are using GetCurrentProcessId as an argument to this function, consider using GetCurrentProcess instead of /// OpenProcess, for improved performance. /// /// /// /// If the function succeeds, the return value is an open handle to the specified process. /// If the function fails, the return value is NULL. To get extended error information, call GetLastError. /// // HANDLE WINAPI OpenProcess( _In_ DWORD dwDesiredAccess, _In_ BOOL bInheritHandle, _In_ DWORD dwProcessId); https://msdn.microsoft.com/en-us/library/windows/desktop/ms684320(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "ms684320")] public static extern SafeHPROCESS OpenProcess(ACCESS_MASK dwDesiredAccess, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, uint dwProcessId); ///

Opens an existing thread object.

/// /// /// The access to the thread object. This access right is checked against the security descriptor for the thread. This parameter can /// be one or more of the thread access rights. /// /// /// If the caller has enabled the SeDebugPrivilege privilege, the requested access is granted regardless of the contents of the /// security descriptor. /// /// /// /// If this value is TRUE, processes created by this process will inherit the handle. Otherwise, the processes do not inherit this handle. /// /// The identifier of the thread to be opened. /// /// If the function succeeds, the return value is an open handle to the specified thread. /// If the function fails, the return value is NULL. To get extended error information, call GetLastError. /// // HANDLE WINAPI OpenThread( _In_ DWORD dwDesiredAccess, _In_ BOOL bInheritHandle, _In_ DWORD dwThreadId); https://msdn.microsoft.com/en-us/library/windows/desktop/ms684335(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "ms684335")] public static extern SafeHTHREAD OpenThread(ACCESS_MASK dwDesiredAccess, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, uint dwThreadId); ///

Retrieves the Remote Desktop Services session associated with a specified process.

/// /// Specifies a process identifier. Use the GetCurrentProcessId function to retrieve the process identifier for the current process. /// /// /// Pointer to a variable that receives the identifier of the Remote Desktop Services session under which the specified process is /// running. To retrieve the identifier of the session currently attached to the console, use the WTSGetActiveConsoleSessionId function. /// /// /// If the function succeeds, the return value is a nonzero value. /// If the function fails, the return value is zero. To get extended error information, call GetLastError. /// // BOOL ProcessIdToSessionId( _In_ DWORD dwProcessId, _Out_ DWORD *pSessionId ); https://msdn.microsoft.com/en-us/library/aa382990(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("Winbase.h", MSDNShortId = "aa382990")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool ProcessIdToSessionId(uint dwProcessId, out uint pSessionId); ///

Retrieves the affinity update mode of the specified process.

/// /// A handle to the process. The handle must have the PROCESS_QUERY_INFORMATION or PROCESS_QUERY_LIMITED_INFORMATION access right. /// For more information, see Process Security and Access Rights. /// /// /// The affinity update mode. This parameter can be one of the following values. /// /// /// /// Value /// Meaning /// /// /// 0 /// Dynamic update of the process affinity by the system is disabled. /// /// /// PROCESS_AFFINITY_ENABLE_AUTO_UPDATE0x00000001UL /// Dynamic update of the process affinity by the system is enabled. /// /// /// /// /// /// If the function succeeds, the return value is nonzero. /// If the function fails, the return value is zero. To get extended error information, call GetLastError. /// // BOOL WINAPI QueryProcessAffinityUpdateMode( _In_ HANDLE ProcessHandle, _Out_opt_ DWORD lpdwFlags); https://msdn.microsoft.com/en-us/library/windows/desktop/bb309062(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "bb309062")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool QueryProcessAffinityUpdateMode(HPROCESS ProcessHandle, out PROCESS_AFFINITY_MODE lpdwFlags); ///

Queries the value associated with a protected policy.

/// The globally-unique identifier of the policy to query. /// Receives the value that the supplied policy is set to. /// True if the function succeeds; otherwise, false. // BOOL WINAPI QueryProtectedPolicy( _In_ LPCGUID PolicyGuid, _Out_ PULONG_PTR PolicyValue); https://msdn.microsoft.com/en-us/library/windows/desktop/dn893591(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = false, ExactSpelling = true)] [PInvokeData("Winbase.h", MSDNShortId = "dn893591")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool QueryProtectedPolicy(in Guid PolicyGuid, out UIntPtr PolicyValue); ///

Adds a user-mode asynchronous procedure call (APC) object to the APC queue of the specified thread.

/// /// A pointer to the application-supplied APC function to be called when the specified thread performs an alertable wait operation. /// For more information, see APCProc. /// /// /// A handle to the thread. The handle must have the THREAD_SET_CONTEXT access right. For more information, see /// Synchronization Object Security and Access Rights. /// /// A single value that is passed to the APC function pointed to by the pfnAPC parameter. /// /// If the function succeeds, the return value is nonzero. /// If the function fails, the return value is zero. To get extended error information, call GetLastError. /// /// Windows Server 2003 and Windows XP: There are no error values defined for this function that can be retrieved by calling GetLastError. /// /// // DWORD WINAPI QueueUserAPC( _In_ PAPCFUNC pfnAPC, _In_ HANDLE hThread, _In_ ULONG_PTR dwData); https://msdn.microsoft.com/en-us/library/windows/desktop/ms684954(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "ms684954")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool QueueUserAPC(PAPCFUNC pfnAPC, [In] HTHREAD hThread, UIntPtr dwData); ///

/// Decrements a thread's suspend count. When the suspend count is decremented to zero, the execution of the thread is resumed. ///

/// /// A handle to the thread to be restarted. /// This handle must have the THREAD_SUSPEND_RESUME access right. For more information, see Thread Security and Access Rights. /// /// /// If the function succeeds, the return value is the thread's previous suspend count. /// If the function fails, the return value is (DWORD) -1. To get extended error information, call GetLastError. /// // DWORD WINAPI ResumeThread( _In_ HANDLE hThread); https://msdn.microsoft.com/en-us/library/windows/desktop/ms685086(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "ms685086")] public static extern uint ResumeThread([In] HTHREAD hThread); ///

/// Sets the priority class for the specified process. This value together with the priority value of each thread of the process /// determines each thread's base priority level. ///

/// /// A handle to the process. /// /// The handle must have the PROCESS_SET_INFORMATION access right. For more information, see Process Security and Access Rights. /// /// /// /// The priority class for the process. This parameter can be one of the following values. /// /// /// /// Priority /// Meaning /// /// /// ABOVE_NORMAL_PRIORITY_CLASS0x00008000 /// Process that has priority above NORMAL_PRIORITY_CLASS but below HIGH_PRIORITY_CLASS. /// /// /// BELOW_NORMAL_PRIORITY_CLASS0x00004000 /// Process that has priority above IDLE_PRIORITY_CLASS but below NORMAL_PRIORITY_CLASS. /// /// /// HIGH_PRIORITY_CLASS0x00000080 /// /// Process that performs time-critical tasks that must be executed immediately. The threads of the process preempt the threads of /// normal or idle priority class processes. An example is the Task List, which must respond quickly when called by the user, /// regardless of the load on the operating system. Use extreme care when using the high-priority class, because a high-priority /// class application can use nearly all available CPU time. /// /// /// /// IDLE_PRIORITY_CLASS0x00000040 /// /// Process whose threads run only when the system is idle. The threads of the process are preempted by the threads of any process /// running in a higher priority class. An example is a screen saver. The idle-priority class is inherited by child processes. /// /// /// /// NORMAL_PRIORITY_CLASS0x00000020 /// Process with no special scheduling needs. /// /// /// PROCESS_MODE_BACKGROUND_BEGIN0x00100000 /// /// Begin background processing mode. The system lowers the resource scheduling priorities of the process (and its threads) so that /// it can perform background work without significantly affecting activity in the foreground.This value can be specified only if /// hProcess is a handle to the current process. The function fails if the process is already in background processing mode.Windows /// Server 2003 and Windows XP: This value is not supported. /// /// /// /// PROCESS_MODE_BACKGROUND_END0x00200000 /// /// End background processing mode. The system restores the resource scheduling priorities of the process (and its threads) as they /// were before the process entered background processing mode.This value can be specified only if hProcess is a handle to the /// current process. The function fails if the process is not in background processing mode.Windows Server 2003 and Windows XP: This /// value is not supported. /// /// /// /// REALTIME_PRIORITY_CLASS0x00000100 /// /// Process that has the highest possible priority. The threads of the process preempt the threads of all other processes, including /// operating system processes performing important tasks. For example, a real-time process that executes for more than a very brief /// interval can cause disk caches not to flush or cause the mouse to be unresponsive. /// /// /// /// /// /// /// If the function succeeds, the return value is nonzero. /// If the function fails, the return value is zero. To get extended error information, call GetLastError. /// // BOOL WINAPI SetPriorityClass( _In_ HANDLE hProcess, _In_ DWORD dwPriorityClass); https://msdn.microsoft.com/en-us/library/windows/desktop/ms686219(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "ms686219")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool SetPriorityClass([In] HPROCESS hProcess, CREATE_PROCESS dwPriorityClass); ///

Sets the affinity update mode of the specified process.

/// A handle to the process. This handle must be returned by the GetCurrentProcess function. /// /// The affinity update mode. This parameter can be one of the following values. /// /// /// /// Value /// Meaning /// /// /// 0 /// Disables dynamic update of the process affinity by the system. /// /// /// PROCESS_AFFINITY_ENABLE_AUTO_UPDATE0x00000001UL /// Enables dynamic update of the process affinity by the system. /// /// /// /// /// /// If the function succeeds, the return value is nonzero. /// If the function fails, the return value is zero. To get extended error information, call GetLastError. /// // BOOL WINAPI SetProcessAffinityUpdateMode( _In_ HANDLE ProcessHandle, _In_ DWORD dwFlags); https://msdn.microsoft.com/en-us/library/windows/desktop/bb309063(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "bb309063")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool SetProcessAffinityUpdateMode([In] HPROCESS ProcessHandle, PROCESS_AFFINITY_MODE dwFlags); ///

/// Sets the default CPU Sets assignment for threads in the specified process. Threads that are created, which don’t have CPU Sets /// explicitly set using SetThreadSelectedCpuSets, will inherit the sets specified by SetProcessDefaultCpuSets automatically. ///

/// /// Specifies the process for which to set the default CPU Sets. This handle must have the PROCESS_SET_LIMITED_INFORMATION access /// right. The value returned by GetCurrentProcess can also be specified here. /// /// /// Specifies the list of CPU Set IDs to set as the process default CPU set. If this is NULL, the SetProcessDefaultCpuSets /// clears out any assignment. /// /// /// Specifies the number of IDs in the list passed in the CpuSetIds argument. If that value is NULL, this should be 0. /// /// This function cannot fail when passed valid parameters. // BOOL WINAPI SetProcessDefaultCpuSets( _In_ HANDLE Process, _In_opt_ ULONG CpuSetIds, _In_ ULONG CpuSetIdCound); https://msdn.microsoft.com/en-us/library/windows/desktop/mt186427(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = false, ExactSpelling = true)] [PInvokeData("Processthreadapi.h", MSDNShortId = "mt186427")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool SetProcessDefaultCpuSets([In] HPROCESS Process, [In, MarshalAs(UnmanagedType.LPArray, SizeParamIndex = 2)] uint[] CpuSetIds, uint CpuSetIdCound); ///

Sets information for the specified process.

/// /// A handle to the process. This handle must have the PROCESS_SET_INFORMATION access right. For more information, see Process /// Security and Access Rights. /// /// /// The class of information to set. The only supported values are ProcessMemoryPriority and ProcessPowerThrottling. /// /// /// Pointer to an object that contains the type of information specified by the ProcessInformationClass parameter. /// /// If the ProcessInformationClass parameter is ProcessMemoryPriority, this parameter must point to a /// MEMORY_PRIORITY_INFORMATION structure. /// /// /// If the ProcessInformationClass parameter is ProcessPowerThrottling, this parameter must point to a /// PROCESS_POWER_THROTTLING_STATE structure. /// /// /// /// The size in bytes of the structure specified by the ProcessInformation parameter. /// If the ProcessInformationClass parameter is ProcessMemoryPriority, this parameter must be . /// If the ProcessInformationClass parameter is ProcessPowerThrottling, this parameter must be . /// /// /// If the function succeeds, the return value is nonzero. /// If the function fails, the return value is zero. To get extended error information, call GetLastError. /// // BOOL WINAPI SetProcessInformation( _In_ HANDLE hProcess, _In_ PROCESS_INFORMATION_CLASS ProcessInformationClass, // _In_reads_bytes_(ProcessInformationSize) ProcessInformation, _In_ DWORD ProcessInformationSize); https://msdn.microsoft.com/en-us/library/windows/desktop/hh448389(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "hh448389")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool SetProcessInformation([In] HPROCESS hProcess, PROCESS_INFORMATION_CLASS ProcessInformationClass, IntPtr ProcessInformation, uint ProcessInformationSize); ///

/// Sets a mitigation policy for the calling process. Mitigation policies enable a process to harden itself against various types of attacks. ///

/// /// The mitigation policy to apply. This parameter can be one of the following values. /// /// /// /// Value /// Meaning /// /// /// ProcessDEPPolicy /// /// The data execution prevention (DEP) policy of the process.The lpBuffer parameter points to a PROCESS_MITIGATION_DEP_POLICY /// structure that specifies the DEP policy flags. /// /// /// /// ProcessASLRPolicy /// /// The Address Space Layout Randomization (ASLR) policy of the process.The lpBuffer parameter points to a /// PROCESS_MITIGATION_ASLR_POLICY structure that specifies the ASLR policy flags. /// /// /// /// ProcessDynamicCodePolicy /// /// The dynamic code policy of the process. When turned on, the process cannot generate dynamic code or modify existing executable /// code.The lpBuffer parameter points to a PROCESS_MITIGATION_DYNAMIC_CODE_POLICY structure that specifies the dynamic code policy flags. /// /// /// /// ProcessStrictHandleCheckPolicy /// /// The process will receive a fatal error if it manipulates a handle that is not valid.The lpBuffer parameter points to a /// PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY structure that specifies the handle check policy flags. /// /// /// /// ProcessSystemCallDisablePolicy /// /// Disables the ability to use NTUser/GDI functions at the lowest layer.The lpBuffer parameter points to a /// PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY structure that specifies the system call disable policy flags. /// /// /// /// ProcessMitigationOptionsMask /// /// Returns the mask of valid bits for all the mitigation options on the system. An application can set many mitigation options /// without querying the operating system for mitigation options by combining bitwise with the mask to exclude all non-supported bits /// at once.The lpBuffer parameter points to a ULONG64 bit vector for the mask, or to accommodate more than 64 bits, a two-element /// array of ULONG64 bit vectors. /// /// /// /// ProcessExtensionPointDisablePolicy /// /// The lpBuffer parameter points to a PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY structure that specifies the extension point /// disable policy flags. /// /// /// /// ProcessControlFlowGuardPolicy /// /// The Control Flow Guard (CFG) policy of the process.The lpBuffer parameter points to a /// PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY structure that specifies the CFG policy flags. /// /// /// /// ProcessSignaturePolicy /// /// The policy of a process that can restrict image loading to those images that are either signed by Microsoft, by the Windows /// Store, or by Microsoft, the Windows Store and the Windows Hardware Quality Labs (WHQL).he lpBuffer parameter points to a /// PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY structure that specifies the signature policy flags. /// /// /// /// ProcessFontDisablePolicy /// /// The policy regarding font loading for the process. When turned on, the process cannot load non-system fonts.The lpBuffer /// parameter points to a PROCESS_MITIGATION_FONT_DISABLE_POLICY structure that specifies the policy flags for font loading. /// /// /// /// ProcessImageLoadPolicy /// /// The policy regarding image loading for the process, which determines the types of executable images that are allowed to be mapped /// into the process. When turned on, images cannot be loaded from some locations, such a remote devices or files that have the low /// mandatory label.The lpBuffer parameter points to a PROCESS_MITIGATION_IMAGE_LOAD_POLICY structure that specifies the policy flags /// for image loading. /// /// /// /// /// /// /// /// If the MitigationPolicy parameter is ProcessDEPPolicy, this parameter points to a PROCESS_MITIGATION_DEP_POLICY /// structure that specifies the DEP policy flags. /// /// /// If the MitigationPolicy parameter is ProcessASLRPolicy, this parameter points to a PROCESS_MITIGATION_ASLR_POLICY /// structure that specifies the ASLR policy flags. /// /// /// If the MitigationPolicy parameter is ProcessImageLoadPolicy, this parameter points to a /// PROCESS_MITIGATION_IMAGE_LOAD_POLICY structure that receives the policy flags for image loading. /// /// /// If the MitigationPolicy parameter is ProcessStrictHandleCheckPolicy, this parameter points to a /// PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY structure that specifies the handle check policy flags. /// /// /// If the MitigationPolicy parameter is ProcessSystemCallDisablePolicy, this parameter points to a /// PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY structure that specifies the system call disable policy flags. /// /// /// If the MitigationPolicy parameter is ProcessMitigationOptionsMask, this parameter points to a ULONG64 bit vector /// for the mask, or to accommodate more than 64 bits, a two-element array of ULONG64 bit vectors. /// /// /// If the MitigationPolicy parameter is ProcessExtensionPointDisablePolicy, this parameter points to a /// PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY structure that specifies the extension point disable policy flags. /// /// /// If the MitigationPolicy parameter is ProcessControlFlowGuardPolicy, this parameter points to a /// PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY structure that specifies the CFG policy flags. /// /// /// If the MitigationPolicy parameter is ProcessSignaturePolicy, this parameter points to a /// PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY structure that specifies the signature policy flags. /// /// /// If the MitigationPolicy parameter is ProcessFontDisablePolicy, this parameter points to a /// PROCESS_MITIGATION_FONT_DISABLE_POLICY structure that specifies the policy flags for font loading. /// /// /// If the MitigationPolicy parameter is ProcessImageLoadPolicy, this parameter points to a /// PROCESS_MITIGATION_IMAGE_LOAD_POLICY structure that specifies the policy flags for image loading. /// /// /// The size of lpBuffer, in bytes. /// /// If the function succeeds, it returns TRUE. If the function fails, it returns FALSE. To retrieve error values /// defined for this function, call GetLastError. /// // BOOL WINAPI SetProcessMitigationPolicy( _In_ PROCESS_MITIGATION_POLICY MitigationPolicy, _In_ PVOID lpBuffer, _In_ SIZE_T // dwLength); https://msdn.microsoft.com/en-us/library/windows/desktop/hh769088(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("Processthreadsapi.h", MSDNShortId = "hh769088")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool SetProcessMitigationPolicy(PROCESS_MITIGATION_POLICY MitigationPolicy, IntPtr lpBuffer, SizeT dwLength); ///

/// Sets a mitigation policy for the calling process. Mitigation policies enable a process to harden itself against various types of attacks. ///

/// The type of the value being set. /// /// The mitigation policy to apply. This parameter can be one of the following values. /// /// /// /// Value /// Meaning /// /// /// ProcessDEPPolicy /// /// The data execution prevention (DEP) policy of the process.The lpBuffer parameter points to a PROCESS_MITIGATION_DEP_POLICY /// structure that specifies the DEP policy flags. /// /// /// /// ProcessASLRPolicy /// /// The Address Space Layout Randomization (ASLR) policy of the process.The lpBuffer parameter points to a /// PROCESS_MITIGATION_ASLR_POLICY structure that specifies the ASLR policy flags. /// /// /// /// ProcessDynamicCodePolicy /// /// The dynamic code policy of the process. When turned on, the process cannot generate dynamic code or modify existing executable /// code.The lpBuffer parameter points to a PROCESS_MITIGATION_DYNAMIC_CODE_POLICY structure that specifies the dynamic code policy flags. /// /// /// /// ProcessStrictHandleCheckPolicy /// /// The process will receive a fatal error if it manipulates a handle that is not valid.The lpBuffer parameter points to a /// PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY structure that specifies the handle check policy flags. /// /// /// /// ProcessSystemCallDisablePolicy /// /// Disables the ability to use NTUser/GDI functions at the lowest layer.The lpBuffer parameter points to a /// PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY structure that specifies the system call disable policy flags. /// /// /// /// ProcessMitigationOptionsMask /// /// Returns the mask of valid bits for all the mitigation options on the system. An application can set many mitigation options /// without querying the operating system for mitigation options by combining bitwise with the mask to exclude all non-supported bits /// at once.The lpBuffer parameter points to a ULONG64 bit vector for the mask, or to accommodate more than 64 bits, a two-element /// array of ULONG64 bit vectors. /// /// /// /// ProcessExtensionPointDisablePolicy /// /// The lpBuffer parameter points to a PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY structure that specifies the extension point /// disable policy flags. /// /// /// /// ProcessControlFlowGuardPolicy /// /// The Control Flow Guard (CFG) policy of the process.The lpBuffer parameter points to a /// PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY structure that specifies the CFG policy flags. /// /// /// /// ProcessSignaturePolicy /// /// The policy of a process that can restrict image loading to those images that are either signed by Microsoft, by the Windows /// Store, or by Microsoft, the Windows Store and the Windows Hardware Quality Labs (WHQL).he lpBuffer parameter points to a /// PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY structure that specifies the signature policy flags. /// /// /// /// ProcessFontDisablePolicy /// /// The policy regarding font loading for the process. When turned on, the process cannot load non-system fonts.The lpBuffer /// parameter points to a PROCESS_MITIGATION_FONT_DISABLE_POLICY structure that specifies the policy flags for font loading. /// /// /// /// ProcessImageLoadPolicy /// /// The policy regarding image loading for the process, which determines the types of executable images that are allowed to be mapped /// into the process. When turned on, images cannot be loaded from some locations, such a remote devices or files that have the low /// mandatory label.The lpBuffer parameter points to a PROCESS_MITIGATION_IMAGE_LOAD_POLICY structure that specifies the policy flags /// for image loading. /// /// /// /// /// /// The value. This must correspond to the value. /// /// If the function succeeds, it returns TRUE. If the function fails, it returns FALSE. To retrieve error values /// defined for this function, call GetLastError. /// public static bool SetProcessMitigationPolicy(PROCESS_MITIGATION_POLICY MitigationPolicy, T value) { if (MitigationPolicy == PROCESS_MITIGATION_POLICY.ProcessMitigationOptionsMask) { if (!(value is ulong || value is ulong[])) throw new ArgumentException($"{MitigationPolicy} cannot be used to set values of type {typeof(T)}."); using (var ptr = new PinnedObject(value)) return SetProcessMitigationPolicy(MitigationPolicy, ptr, value is ulong ? 8U : 16U); } if (!CorrespondingTypeAttribute.CanSet(MitigationPolicy, typeof(T))) throw new ArgumentException($"{MitigationPolicy} cannot be used to set values of type {typeof(T)}."); using (var ptr = SafeCoTaskMemHandle.CreateFromStructure(value)) return SetProcessMitigationPolicy(MitigationPolicy, (IntPtr)ptr, (uint)ptr.Size); } ///

/// Disables or enables the ability of the system to temporarily boost the priority of the threads of the specified process. ///

/// /// A handle to the process. This handle must have the PROCESS_SET_INFORMATION access right. For more information, see Process /// Security and Access Rights. /// /// /// If this parameter is TRUE, dynamic boosting is disabled. If the parameter is FALSE, dynamic boosting is enabled. /// /// /// If the function succeeds, the return value is nonzero. /// If the function fails, the return value is zero. To get extended error information, call GetLastError. /// // BOOL WINAPI SetProcessPriorityBoost( _In_ HANDLE hProcess, _In_ BOOL DisablePriorityBoost); https://msdn.microsoft.com/en-us/library/windows/desktop/ms686225(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "ms686225")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool SetProcessPriorityBoost([In] HPROCESS hProcess, [MarshalAs(UnmanagedType.Bool)] bool DisablePriorityBoost); ///

/// Sets shutdown parameters for the currently calling process. This function sets a shutdown order for a process relative to the /// other processes in the system. ///

/// /// /// The shutdown priority for a process relative to other processes in the system. The system shuts down processes from high dwLevel /// values to low. The highest and lowest shutdown priorities are reserved for system components. This parameter must be in the /// following range of values. /// /// /// /// /// Value /// Meaning /// /// /// 000-0FF /// System reserved last shutdown range. /// /// /// 100-1FF /// Application reserved last shutdown range. /// /// /// 200-2FF /// Application reserved "in between" shutdown range. /// /// /// 300-3FF /// Application reserved first shutdown range. /// /// /// 400-4FF /// System reserved first shutdown range. /// /// /// /// All processes start at shutdown level 0x280. /// /// /// This parameter can be the following value. /// /// /// /// Value /// Meaning /// /// /// SHUTDOWN_NORETRY0x00000001 /// The system terminates the process without displaying a retry dialog box for the user. /// /// /// /// /// /// If the function is succeeds, the return value is nonzero. /// If the function fails, the return value is zero. To get extended error information, call GetLastError. /// // BOOL WINAPI SetProcessShutdownParameters( _In_ DWORD dwLevel, _In_ DWORD dwFlags); https://msdn.microsoft.com/en-us/library/windows/desktop/ms686227(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "ms686227")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool SetProcessShutdownParameters(uint dwLevel, SHUTDOWN dwFlags); ///

Sets a protected policy. This function is for use primarily by Windows, and not designed for external use.

/// The globally-unique identifier of the policy to set. /// The value to set the policy to. /// Optionally receives the original value that was associated with the supplied policy. /// True if the function succeeds; otherwise, false. To retrieve error values for this function, call GetLastError. // BOOL WINAPI SetProtectedPolicy( _In_ LPCGUID PolicyGuid, _In_ ULONG_PTR PolicyValue, _Out_ PULONG_PTR OldPolicyValue); https://msdn.microsoft.com/en-us/library/windows/desktop/dn893592(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("Winbase.h", MSDNShortId = "dn893592")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool SetProtectedPolicy(in Guid PolicyGuid, UIntPtr PolicyValue, out UIntPtr OldPolicyValue); ///

/// Sets the context for the specified thread. /// A 64-bit application can set the context of a WOW64 thread using the Wow64SetThreadContext function. ///

/// /// A handle to the thread whose context is to be set. The handle must have the THREAD_SET_CONTEXT access right to the thread. /// For more information, see Thread Security and Access Rights. /// /// /// A pointer to a CONTEXT structure that contains the context to be set in the specified thread. The value of the /// ContextFlags member of this structure specifies which portions of a thread's context to set. Some values in the /// CONTEXT structure that cannot be specified are silently set to the correct value. This includes bits in the CPU status /// register that specify the privileged processor mode, global enabling bits in the debugging register, and other states that must /// be controlled by the operating system. /// /// /// If the context was set, the return value is nonzero. /// If the function fails, the return value is zero. To get extended error information, call GetLastError. /// // BOOL WINAPI SetThreadContext( _In_ HANDLE hThread, _In_ const CONTEXT *lpContext); https://msdn.microsoft.com/en-us/library/windows/desktop/ms680632(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "ms680632")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool SetThreadContext([In] HTHREAD hThread, [In] IntPtr lpContext); ///

Assigns a description to a thread.

/// /// A handle for the thread for which you want to set the description. The handle must have THREAD_SET_LIMITED_INFORMATION access. /// /// A Unicode string that specifies the description of the thread. /// /// If the function succeeds, the return value is the HRESULT that denotes a successful operation.If the function fails, the /// return value is an HRESULT that denotes the error. /// // HRESULT WINAPI SetThreadDescription( _In_ HANDLE hThread, _In_ PCWSTR lpThreadDescription); https://msdn.microsoft.com/en-us/library/windows/desktop/mt774976(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)] [PInvokeData("ProcessThreadsApi.h", MSDNShortId = "mt774976")] public static extern HRESULT SetThreadDescription(HTHREAD hThread, string lpThreadDescription); ///

/// Sets a preferred processor for a thread. The system schedules threads on their preferred processors whenever possible. /// /// On a system with more than 64 processors, this function sets the preferred processor to a logical processor in the processor /// group to which the calling thread is assigned. Use the SetThreadIdealProcessorEx function to specify a processor group and /// preferred processor. /// ///

/// /// A handle to the thread whose preferred processor is to be set. The handle must have the THREAD_SET_INFORMATION access right. For /// more information, see Thread Security and Access Rights. /// /// /// The number of the preferred processor for the thread. This value is zero-based. If this parameter is MAXIMUM_PROCESSORS, the /// function returns the current ideal processor without changing it. /// /// /// If the function succeeds, the return value is the previous preferred processor. /// If the function fails, the return value is (DWORD) – 1. To get extended error information, call GetLastError. /// // DWORD WINAPI SetThreadIdealProcessor( _In_ HANDLE hThread, _In_ DWORD dwIdealProcessor); https://msdn.microsoft.com/en-us/library/windows/desktop/ms686253(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "ms686253")] public static extern uint SetThreadIdealProcessor([In] HTHREAD hThread, uint dwIdealProcessor); ///

Sets the ideal processor for the specified thread and optionally retrieves the previous ideal processor.

/// /// A handle to the thread for which to set the ideal processor. This handle must have been created with the THREAD_SET_INFORMATION /// access right. For more information, see Thread Security and Access Rights. /// /// /// A pointer to a PROCESSOR_NUMBER structure that specifies the processor number of the desired ideal processor. /// /// /// A pointer to a PROCESSOR_NUMBER structure to receive the previous ideal processor. This parameter can point to the same memory /// location as the lpIdealProcessor parameter. This parameter can be NULL if the previous ideal processor is not required. /// /// /// If the function succeeds, it returns a nonzero value. If the function fails, it returns zero.To get extended error information, /// use GetLastError. /// // https://msdn.microsoft.com/en-us/library/windows/desktop/dd405517(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "dd405517")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool SetThreadIdealProcessorEx([In] HTHREAD hThread, in PROCESSOR_NUMBER lpIdealProcessor, out PROCESSOR_NUMBER lpPreviousIdealProcessor); ///

Sets information for the specified thread.

/// /// A handle to the thread. The handle must have THREAD_QUERY_INFORMATION access right. For more information, see Thread Security and /// Access Rights. /// /// /// The class of information to set. The only supported values are ThreadMemoryPriority and ThreadPowerThrottling. /// /// /// Pointer to a structure that contains the type of information specified by the ThreadInformationClass parameter. /// /// If the ThreadInformationClass parameter is ThreadMemoryPriority, this parameter must point to a /// MEMORY_PRIORITY_INFORMATION structure. /// /// /// If the ThreadInformationClass parameter is ThreadPowerThrottling, this parameter must point to a /// THREAD_POWER_THROTTLING_STATE structure. /// /// /// /// The size in bytes of the structure specified by the ThreadInformation parameter. /// If the ThreadInformationClass parameter is ThreadMemoryPriority, this parameter must be . /// If the ThreadInformationClass parameter is ThreadPowerThrottling, this parameter must be . /// /// /// If the function succeeds, the return value is nonzero. /// If the function fails, the return value is zero. To get extended error information, call GetLastError. /// // BOOL SetThreadInformation( _In_ HANDLE hThread, _In_ THREAD_INFORMATION_CLASS ThreadInformationClass, _In_reads_bytes_ // ThreadInformation, _In_ DWORD ThreadInformationSize); https://msdn.microsoft.com/en-us/library/windows/desktop/hh448390(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "hh448390")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool SetThreadInformation(HTHREAD hThread, THREAD_INFORMATION_CLASS ThreadInformationClass, IntPtr ThreadInformation, uint ThreadInformationSize); ///

/// Sets the priority value for the specified thread. This value, together with the priority class of the thread's process, /// determines the thread's base priority level. ///

/// /// A handle to the thread whose priority value is to be set. /// /// The handle must have the THREAD_SET_INFORMATION or THREAD_SET_LIMITED_INFORMATION access right. For more /// information, see Thread Security and Access Rights. /// /// Windows Server 2003: The handle must have the THREAD_SET_INFORMATION access right. /// /// /// The priority value for the thread. This parameter can be one of the following values. /// /// /// /// Priority /// Meaning /// /// /// THREAD_MODE_BACKGROUND_BEGIN0x00010000 /// /// Begin background processing mode. The system lowers the resource scheduling priorities of the thread so that it can perform /// background work without significantly affecting activity in the foreground.This value can be specified only if hThread is a /// handle to the current thread. The function fails if the thread is already in background processing mode.Windows Server 2003: This /// value is not supported. /// /// /// /// THREAD_MODE_BACKGROUND_END0x00020000 /// /// End background processing mode. The system restores the resource scheduling priorities of the thread as they were before the /// thread entered background processing mode.This value can be specified only if hThread is a handle to the current thread. The /// function fails if the thread is not in background processing mode.Windows Server 2003: This value is not supported. /// /// /// /// THREAD_PRIORITY_ABOVE_NORMAL1 /// Priority 1 point above the priority class. /// /// /// THREAD_PRIORITY_BELOW_NORMAL-1 /// Priority 1 point below the priority class. /// /// /// THREAD_PRIORITY_HIGHEST2 /// Priority 2 points above the priority class. /// /// /// THREAD_PRIORITY_IDLE-15 /// /// Base priority of 1 for IDLE_PRIORITY_CLASS, BELOW_NORMAL_PRIORITY_CLASS, NORMAL_PRIORITY_CLASS, ABOVE_NORMAL_PRIORITY_CLASS, or /// HIGH_PRIORITY_CLASS processes, and a base priority of 16 for REALTIME_PRIORITY_CLASS processes. /// /// /// /// THREAD_PRIORITY_LOWEST-2 /// Priority 2 points below the priority class. /// /// /// THREAD_PRIORITY_NORMAL0 /// Normal priority for the priority class. /// /// /// THREAD_PRIORITY_TIME_CRITICAL15 /// /// Base priority of 15 for IDLE_PRIORITY_CLASS, BELOW_NORMAL_PRIORITY_CLASS, NORMAL_PRIORITY_CLASS, ABOVE_NORMAL_PRIORITY_CLASS, or /// HIGH_PRIORITY_CLASS processes, and a base priority of 31 for REALTIME_PRIORITY_CLASS processes. /// /// /// /// /// /// If the thread has the REALTIME_PRIORITY_CLASS base class, this parameter can also be -7, -6, -5, -4, -3, 3, 4, 5, or 6. /// For more information, see Scheduling Priorities. /// /// /// /// If the function succeeds, the return value is nonzero. /// If the function fails, the return value is zero. To get extended error information, call GetLastError. /// /// Windows Phone 8.1: Windows Phone Store apps may call this function but it has no effect. The function will return a /// nonzero value indicating success. /// /// // BOOL WINAPI SetThreadPriority( _In_ HANDLE hThread, _In_ int nPriority); https://msdn.microsoft.com/en-us/library/windows/desktop/ms686277(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "ms686277")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool SetThreadPriority([In] HTHREAD hThread, int nPriority); ///

Disables or enables the ability of the system to temporarily boost the priority of a thread.

/// /// /// A handle to the thread whose priority is to be boosted. The handle must have the THREAD_SET_INFORMATION or /// THREAD_SET_LIMITED_INFORMATION access right. For more information, see Thread Security and Access Rights. /// /// Windows Server 2003 and Windows XP: The handle must have the THREAD_SET_INFORMATION access right. /// /// /// If this parameter is TRUE, dynamic boosting is disabled. If the parameter is FALSE, dynamic boosting is enabled. /// /// /// If the function succeeds, the return value is nonzero. /// If the function fails, the return value is zero. To get extended error information, call GetLastError. /// // BOOL WINAPI SetThreadPriorityBoost( _In_ HANDLE hThread, _In_ BOOL DisablePriorityBoost); https://msdn.microsoft.com/en-us/library/windows/desktop/ms686280(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "ms686280")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool SetThreadPriorityBoost([In] HTHREAD hThread, [MarshalAs(UnmanagedType.Bool)] bool DisablePriorityBoost); ///

/// Sets the selected CPU Sets assignment for the specified thread. This assignment overrides the process default assignment, if one /// is set. ///

/// /// Specifies the thread on which to set the CPU Set assignment. This handle must have the THREAD_SET_LIMITED_INFORMATION access /// right. The value returned by GetCurrentThread can also be used. /// /// /// Specifies the list of CPU Set IDs to set as the thread selected CPU set. If this is NULL, the API clears out any assignment, /// reverting to process default assignment if one is set. /// /// /// Specifies the number of IDs in the list passed in the CpuSetIds argument. If that value is NULL, this should be 0. /// /// This function cannot fail when passed valid parameters. // BOOL WINAPI SetThreadSelectedCpuSets( _In_ HANDLE Thread, _In_ const ULONG *CpuSetIds, _In_ ULONG CpuSetIdCount); https://msdn.microsoft.com/en-us/library/windows/desktop/mt186428(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = false, ExactSpelling = true)] [PInvokeData("Processthreadapi.h", MSDNShortId = "mt186428")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool SetThreadSelectedCpuSets([In] HTHREAD Thread, [MarshalAs(UnmanagedType.LPArray, SizeParamIndex = 2)] uint[] CpuSetIds, uint CpuSetIdCount); ///

/// Sets the minimum size of the stack associated with the calling thread or fiber that will be available during any stack overflow /// exceptions. This is useful for handling stack overflow exceptions; the application can safely use the specified number of bytes /// during exception handling. ///

/// /// The size of the stack, in bytes. On return, this value is set to the size of the previous stack, in bytes. /// If this parameter is 0 (zero), the function succeeds and the parameter contains the size of the current stack. /// /// If the specified size is less than the current size, the function succeeds but ignores this request. Therefore, you cannot use /// this function to reduce the size of the stack. /// /// This value cannot be larger than the reserved stack size. /// /// /// If the function succeeds, the return value is nonzero. /// If the function fails, the return value is 0 (zero). To get extended error information, call GetLastError. /// // BOOL WINAPI SetThreadStackGuarantee( _Inout_ PULONG StackSizeInBytes); https://msdn.microsoft.com/en-us/library/windows/desktop/ms686283(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "ms686283")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool SetThreadStackGuarantee(ref uint StackSizeInBytes); ///

/// Suspends the specified thread. /// A 64-bit application can suspend a WOW64 thread using the Wow64SuspendThread function. ///

/// /// A handle to the thread that is to be suspended. /// /// The handle must have the THREAD_SUSPEND_RESUME access right. For more information, see Thread Security and Access Rights. /// /// /// /// If the function succeeds, the return value is the thread's previous suspend count; otherwise, it is . To get extended error /// information, use the GetLastError function. /// // DWORD WINAPI SuspendThread( _In_ HANDLE hThread); https://msdn.microsoft.com/en-us/library/windows/desktop/ms686345(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "ms686345")] public static extern uint SuspendThread(HTHREAD hThread); ///

/// Causes the calling thread to yield execution to another thread that is ready to run on the current processor. The operating /// system selects the next thread to be executed. ///

/// /// /// If calling the SwitchToThread function causes the operating system to switch execution to another thread, the return value /// is nonzero. /// /// /// If there are no other threads ready to execute, the operating system does not switch execution to another thread, and the return /// value is zero. /// /// // BOOL WINAPI SwitchToThread(void); https://msdn.microsoft.com/en-us/library/windows/desktop/ms686352(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = false, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "ms686352")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool SwitchToThread(); ///

Terminates the specified process and all of its threads.

/// /// A handle to the process to be terminated. /// /// The handle must have the PROCESS_TERMINATE access right. For more information, see Process Security and Access Rights. /// /// /// /// The exit code to be used by the process and threads terminated as a result of this call. Use the GetExitCodeProcess /// function to retrieve a process's exit value. Use the GetExitCodeThread function to retrieve a thread's exit value. /// /// /// If the function succeeds, the return value is nonzero. /// If the function fails, the return value is zero. To get extended error information, call GetLastError. /// // BOOL WINAPI TerminateProcess( _In_ HANDLE hProcess, _In_ UINT uExitCode); https://msdn.microsoft.com/en-us/library/windows/desktop/ms686714(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "ms686714")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool TerminateProcess([In] HPROCESS hProcess, uint uExitCode); ///

Terminates a thread.

/// /// A handle to the thread to be terminated. /// The handle must have the THREAD_TERMINATE access right. For more information, see Thread Security and Access Rights. /// /// /// The exit code for the thread. Use the GetExitCodeThread function to retrieve a thread's exit value. /// /// /// If the function succeeds, the return value is nonzero. /// If the function fails, the return value is zero. To get extended error information, call GetLastError. /// // BOOL WINAPI TerminateThread( _Inout_ HANDLE hThread, _In_ DWORD dwExitCode); https://msdn.microsoft.com/en-us/library/windows/desktop/ms686717(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "ms686717")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool TerminateThread([In] HTHREAD hThread, uint dwExitCode); ///

/// Allocates a thread local storage (TLS) index. Any thread of the process can subsequently use this index to store and retrieve /// values that are local to the thread, because each thread receives its own slot for the index. ///

/// /// If the function succeeds, the return value is a TLS index. The slots for the index are initialized to zero. /// If the function fails, the return value is TLS_OUT_OF_INDEXES. To get extended error information, call GetLastError. /// // DWORD WINAPI TlsAlloc(void); https://msdn.microsoft.com/en-us/library/windows/desktop/ms686801(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "ms686801")] public static extern uint TlsAlloc(); ///

Releases a thread local storage (TLS) index, making it available for reuse.

/// The TLS index that was allocated by the TlsAlloc function. /// /// If the function succeeds, the return value is nonzero. /// If the function fails, the return value is zero. To get extended error information, call GetLastError. /// // BOOL WINAPI TlsFree( _In_ DWORD dwTlsIndex); https://msdn.microsoft.com/en-us/library/windows/desktop/ms686804(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "ms686804")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool TlsFree(uint dwTlsIndex); ///

/// Retrieves the value in the calling thread's thread local storage (TLS) slot for the specified TLS index. Each thread of a process /// has its own slot for each TLS index. ///

/// The TLS index that was allocated by the TlsAlloc function. /// /// /// If the function succeeds, the return value is the value stored in the calling thread's TLS slot associated with the specified /// index. If dwTlsIndex is a valid index allocated by a successful call to TlsAlloc, this function always succeeds. /// /// If the function fails, the return value is zero. To get extended error information, call GetLastError. /// /// The data stored in a TLS slot can have a value of 0 because it still has its initial value or because the thread called the /// TlsSetValue function with 0. Therefore, if the return value is 0, you must check whether GetLastError returns /// ERROR_SUCCESS before determining that the function has failed. If GetLastError returns ERROR_SUCCESS, then /// the function has succeeded and the data stored in the TLS slot is /// 0. Otherwise, the function has failed. /// /// /// Functions that return indications of failure call SetLastError when they fail. They generally do not call /// SetLastError when they succeed. The TlsGetValue function is an exception to this general rule. The /// TlsGetValue function calls SetLastError to clear a thread's last error when it succeeds. That allows checking for /// the error-free retrieval of zero values. /// /// // LPVOID WINAPI TlsGetValue( _In_ DWORD dwTlsIndex); https://msdn.microsoft.com/en-us/library/windows/desktop/ms686812(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "ms686812")] public static extern IntPtr TlsGetValue(uint dwTlsIndex); ///

/// Stores a value in the calling thread's thread local storage (TLS) slot for the specified TLS index. Each thread of a process has /// its own slot for each TLS index. ///

/// The TLS index that was allocated by the TlsAlloc function. /// The value to be stored in the calling thread's TLS slot for the index. /// /// If the function succeeds, the return value is nonzero. /// If the function fails, the return value is zero. To get extended error information, call GetLastError. /// // BOOL WINAPI TlsSetValue( _In_ DWORD dwTlsIndex, _In_opt_ LPVOID lpTlsValue); https://msdn.microsoft.com/en-us/library/windows/desktop/ms686818(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "ms686818")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool TlsSetValue(uint dwTlsIndex, [In] IntPtr lpTlsValue); ///

Updates the specified attribute in a list of attributes for process and thread creation.

/// A pointer to an attribute list created by the InitializeProcThreadAttributeList function. /// This parameter is reserved and must be zero. /// /// The attribute key to update in the attribute list. This parameter can be one of the following values. /// /// /// /// Value /// Meaning /// /// /// PROC_THREAD_ATTRIBUTE_GROUP_AFFINITY /// /// The lpValue parameter is a pointer to a GROUP_AFFINITY structure that specifies the processor group affinity for the new /// thread.Windows Server 2008 and Windows Vista: This value is not supported until Windows 7 and Windows Server 2008 R2. /// /// /// /// PROC_THREAD_ATTRIBUTE_HANDLE_LIST /// /// The lpValue parameter is a pointer to a list of handles to be inherited by the child process.These handles must be created as /// inheritable handles and must not include pseudo handles such as those returned by the GetCurrentProcess or GetCurrentThread function. /// /// /// /// PROC_THREAD_ATTRIBUTE_IDEAL_PROCESSOR /// /// The lpValue parameter is a pointer to a PROCESSOR_NUMBER structure that specifies the ideal processor for the new thread.Windows /// Server 2008 and Windows Vista: This value is not supported until Windows 7 and Windows Server 2008 R2. /// /// /// /// PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY /// /// The lpValue parameter is a pointer to a DWORD or DWORD64 that specifies the exploit mitigation policy for the child process. /// Starting in Windows 10, version 1703, this parameter can also be a pointer to a two-element DWORD64 array.The specified policy /// overrides the policies set for the application and the system and cannot be changed after the child process starts running. /// Windows Server 2008 and Windows Vista: This value is not supported until Windows 7 and Windows Server 2008 R2.The DWORD or /// DWORD64 pointed to by lpValue can be one or more of the values listed in the remarks. /// /// /// /// PROC_THREAD_ATTRIBUTE_PARENT_PROCESS /// /// The lpValue parameter is a pointer to a handle to a process to use instead of the calling process as the parent for the process /// being created. The process to use must have the PROCESS_CREATE_PROCESS access right.Attributes inherited from the specified /// process include handles, the device map, processor affinity, priority, quotas, the process token, and job object. (Note that some /// attributes such as the debug port will come from the creating process, not the process specified by this handle.) /// /// /// /// PROC_THREAD_ATTRIBUTE_PREFERRED_NODE /// /// The lpValue parameter is a pointer to the node number of the preferred NUMA node for the new process.Windows Server 2008 and /// Windows Vista: This value is not supported until Windows 7 and Windows Server 2008 R2. /// /// /// /// PROC_THREAD_ATTRIBUTE_UMS_THREAD /// /// The lpValue parameter is a pointer to a UMS_CREATE_THREAD_ATTRIBUTES structure that specifies a user-mode scheduling (UMS) thread /// context and a UMS completion list to associate with the thread. After the UMS thread is created, the system queues it to the /// specified completion list. The UMS thread runs only when an application's UMS scheduler retrieves the UMS thread from the /// completion list and selects it to run. For more information, see User-Mode Scheduling.Windows Server 2008 and Windows Vista: This /// value is not supported until Windows 7 and Windows Server 2008 R2. /// /// /// /// PROC_THREAD_ATTRIBUTE_SECURITY_CAPABILITIES /// /// The lpValue parameter is a pointer to a SECURITY_CAPABILITIES structure that defines the security capabilities of an app /// container. If this attribute is set the new process will be created as an AppContainer process.Windows 7, Windows Server 2008 R2, /// Windows Server 2008 and Windows Vista: This value is not supported until Windows 8 and Windows Server 2012. /// /// /// /// PROC_THREAD_ATTRIBUTE_PROTECTION_LEVEL /// /// The lpValue parameter is a pointer to a DWORD value of PROTECTION_LEVEL_SAME. This specifies the protection level of the child /// process to be the same as the protection level of its parent process. /// /// /// /// PROC_THREAD_ATTRIBUTE_CHILD_PROCESS_POLICY /// /// The lpValue parameter is a pointer to a DWORD or DWORD64 value that specifies the child process policy. THe policy specifies /// whether to allow a child process to be created.For information on the possible values for the DWORD or DWORD64 to which lpValue /// points, see Remarks. /// /// /// /// PROC_THREAD_ATTRIBUTE_DESKTOP_APP_POLICY /// /// This attribute is relevant only to win32 applications that have been converted to UWP packages by using the Desktop Bridge. The /// lpValue parameter is a pointer to a DWORD value that specifies the desktop app policy. The policy specifies whether descendant /// processes should continue to run in the desktop environment.For information about the possible values for the DWORD to which /// lpValue points, see Remarks. /// /// /// /// /// /// /// A pointer to the attribute value. This value should persist until the attribute is destroyed using the /// DeleteProcThreadAttributeList function. /// /// The size of the attribute value specified by the lpValue parameter. /// This parameter is reserved and must be NULL. /// This parameter is reserved and must be NULL. /// /// If the function succeeds, the return value is nonzero. /// If the function fails, the return value is zero. To get extended error information, call GetLastError. /// // BOOL WINAPI UpdateProcThreadAttribute( _Inout_ LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList, _In_ DWORD dwFlags, _In_ DWORD_PTR // Attribute, _In_ PVOID lpValue, _In_ SIZE_T cbSize, _Out_opt_ PVOID lpPreviousValue, _In_opt_ PSIZE_T lpReturnSize); https://msdn.microsoft.com/en-us/library/windows/desktop/ms686880(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)] [PInvokeData("WinBase.h", MSDNShortId = "ms686880")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool UpdateProcThreadAttribute(IntPtr lpAttributeList, uint dwFlags, UIntPtr Attribute, IntPtr lpValue, SizeT cbSize, IntPtr lpPreviousValue = default, IntPtr lpReturnSize = default); ///

/// /// /// The name of the module to be executed. This module can be a Windows-based application. It can be some other type of module (for /// example, MS-DOS or OS/2) if the appropriate subsystem is available on the local computer. /// /// /// The string can specify the full path and file name of the module to execute or it can specify a partial name. In the case of a /// partial name, the function uses the current drive and current directory to complete the specification. The function will not use /// the search path. This parameter must include the file name extension; no default extension is assumed. /// /// /// The lpApplicationName parameter can be NULL. In that case, the module name must be the first white space–delimited token /// in the lpCommandLine string. If you are using a long file name that contains a space, use quoted strings to indicate where the /// file name ends and the arguments begin; otherwise, the file name is ambiguous. For example, consider the string "c:\program /// files\sub dir\program name". This string can be interpreted in a number of ways. The system tries to interpret the possibilities /// in the following order: /// /// /// If the executable module is a 16-bit application, lpApplicationName should be NULL, and the string pointed to by /// lpCommandLine should specify the executable module as well as its arguments. /// /// /// To run a batch file, you must start the command interpreter; set lpApplicationName to cmd.exe and set lpCommandLine to the /// following arguments: /c plus the name of the batch file. /// /// /// /// /// The command line to be executed. The maximum length of this string is 32,768 characters, including the Unicode terminating null /// character. If lpApplicationName is NULL, the module name portion of lpCommandLine is limited to MAX_PATH characters. /// /// /// The Unicode version of this function, CreateProcessW, can modify the contents of this string. Therefore, this parameter /// cannot be a pointer to read-only memory (such as a const variable or a literal string). If this parameter is a constant /// string, the function may cause an access violation. /// /// /// The lpCommandLine parameter can be NULL. In that case, the function uses the string pointed to by lpApplicationName as the /// command line. /// /// /// If both lpApplicationName and lpCommandLine are non- NULL, the null-terminated string pointed to by lpApplicationName /// specifies the module to execute, and the null-terminated string pointed to by lpCommandLine specifies the command line. The new /// process can use GetCommandLine to retrieve the entire command line. Console processes written in C can use the argc and /// argv arguments to parse the command line. Because argv[0] is the module name, C programmers generally repeat the module name as /// the first token in the command line. /// /// /// If lpApplicationName is NULL, the first white space–delimited token of the command line specifies the module name. If you are /// using a long file name that contains a space, use quoted strings to indicate where the file name ends and the arguments begin /// (see the explanation for the lpApplicationName parameter). If the file name does not contain an extension, .exe is appended. /// Therefore, if the file name extension is .com, this parameter must include the .com extension. If the file name ends in a period /// (.) with no extension, or if the file name contains a path, .exe is not appended. If the file name does not contain a directory /// path, the system searches for the executable file in the following sequence: /// /// /// The system adds a terminating null character to the command-line string to separate the file name from the arguments. This /// divides the original string into two strings for internal processing. /// /// /// /// /// A pointer to a SECURITY_ATTRIBUTES structure that determines whether the returned handle to the new process object can be /// inherited by child processes. If lpProcessAttributes is NULL, the handle cannot be inherited. /// /// /// The lpSecurityDescriptor member of the structure specifies a security descriptor for the new process. If /// lpProcessAttributes is NULL or lpSecurityDescriptor is NULL, the process gets a default security descriptor. The /// ACLs in the default security descriptor for a process come from the primary token of the creator. /// /// /// Windows XP: The ACLs in the default security descriptor for a process come from the primary or impersonation token of the /// creator. This behavior changed with Windows XP with SP2 and Windows Server 2003. /// /// /// /// /// A pointer to a SECURITY_ATTRIBUTES structure that determines whether the returned handle to the new thread object can be /// inherited by child processes. If lpThreadAttributes is NULL, the handle cannot be inherited. /// /// /// The lpSecurityDescriptor member of the structure specifies a security descriptor for the main thread. If /// lpThreadAttributes is NULL or lpSecurityDescriptor is NULL, the thread gets a default security descriptor. The ACLs in the /// default security descriptor for a thread come from the process token. /// /// /// Windows XP: The ACLs in the default security descriptor for a thread come from the primary or impersonation token of the /// creator. This behavior changed with Windows XP with SP2 and Windows Server 2003. /// /// /// /// /// If this parameter is TRUE, each inheritable handle in the calling process is inherited by the new process. If the parameter is /// FALSE, the handles are not inherited. Note that inherited handles have the same value and access rights as the original handles. /// /// /// Terminal Services: You cannot inherit handles across sessions. Additionally, if this parameter is TRUE, you must create /// the process in the same session as the caller. /// /// /// Protected Process Light (PPL) processes: The generic handle inheritance is blocked when a PPL process creates a non-PPL /// process since PROCESS_DUP_HANDLE is not allowed from a non-PPL process to a PPL process. See Process Security and Access Rights /// /// /// /// /// The flags that control the priority class and the creation of the process. For a list of values, see Process Creation Flags. /// /// /// This parameter also controls the new process's priority class, which is used to determine the scheduling priorities of the /// process's threads. For a list of values, see GetPriorityClass. If none of the priority class flags is specified, the /// priority class defaults to NORMAL_PRIORITY_CLASS unless the priority class of the creating process is /// IDLE_PRIORITY_CLASS or BELOW_NORMAL_PRIORITY_CLASS. In this case, the child process receives the default priority /// class of the calling process. /// /// /// /// /// A pointer to the environment block for the new process. If this parameter is NULL, the new process uses the environment of /// the calling process. /// /// An environment block consists of a null-terminated block of null-terminated strings. Each string is in the following form: /// name=value\0 /// Because the equal sign is used as a separator, it must not be used in the name of an environment variable. /// /// An environment block can contain either Unicode or ANSI characters. If the environment block pointed to by lpEnvironment contains /// Unicode characters, be sure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT. If this parameter is NULL and /// the environment block of the parent process contains Unicode characters, you must also ensure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT. /// /// /// The ANSI version of this function, CreateProcessA fails if the total size of the environment block for the process exceeds /// 32,767 characters. /// /// /// Note that an ANSI environment block is terminated by two zero bytes: one for the last string, one more to terminate the block. A /// Unicode environment block is terminated by four zero bytes: two for the last string, two more to terminate the block. /// /// /// /// The full path to the current directory for the process. The string can also specify a UNC path. /// /// If this parameter is NULL, the new process will have the same current drive and directory as the calling process. (This /// feature is provided primarily for shells that need to start an application and specify its initial drive and working directory.) /// /// /// /// A pointer to a STARTUPINFO or STARTUPINFOEX structure. /// /// To set extended attributes, use a STARTUPINFOEX structure and specify EXTENDED_STARTUPINFO_PRESENT in the dwCreationFlags parameter. /// /// Handles in STARTUPINFO or STARTUPINFOEX must be closed with CloseHandle when they are no longer needed. /// /// /// A pointer to a PROCESS_INFORMATION structure that receives identification information about the new process. /// Handles in PROCESS_INFORMATION must be closed with CloseHandle when they are no longer needed. /// /// /// If the function succeeds, the return value is nonzero. /// If the function fails, the return value is zero. To get extended error information, call GetLastError. /// /// Note that the function returns before the process has finished initialization. If a required DLL cannot be located or fails to /// initialize, the process is terminated. To get the termination status of a process, call GetExitCodeProcess. /// /// // BOOL WINAPI CreateProcess( _In_opt_ LPCTSTR lpApplicationName, _Inout_opt_ LPTSTR lpCommandLine, _In_opt_ LPSECURITY_ATTRIBUTES // lpProcessAttributes, _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, _In_ BOOL bInheritHandles, _In_ DWORD dwCreationFlags, // _In_opt_ LPVOID lpEnvironment, _In_opt_ LPCTSTR lpCurrentDirectory, _In_ LPSTARTUPINFO lpStartupInfo, _Out_ LPPROCESS_INFORMATION // lpProcessInformation); https://msdn.microsoft.com/en-us/library/windows/desktop/ms682425(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, CharSet = CharSet.Auto)] [PInvokeData("WinBase.h", MSDNShortId = "ms682425")] [return: MarshalAs(UnmanagedType.Bool)] private static extern bool CreateProcess(string lpApplicationName, StringBuilder lpCommandLine, [In] SECURITY_ATTRIBUTES lpProcessAttributes, [In] SECURITY_ATTRIBUTES lpThreadAttributes, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandles, CREATE_PROCESS dwCreationFlags, [In] IntPtr lpEnvironment, string lpCurrentDirectory, in STARTUPINFO lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); ///

/// /// /// The name of the module to be executed. This module can be a Windows-based application. It can be some other type of module (for /// example, MS-DOS or OS/2) if the appropriate subsystem is available on the local computer. /// /// /// The string can specify the full path and file name of the module to execute or it can specify a partial name. In the case of a /// partial name, the function uses the current drive and current directory to complete the specification. The function will not use /// the search path. This parameter must include the file name extension; no default extension is assumed. /// /// /// The lpApplicationName parameter can be NULL. In that case, the module name must be the first white space–delimited token /// in the lpCommandLine string. If you are using a long file name that contains a space, use quoted strings to indicate where the /// file name ends and the arguments begin; otherwise, the file name is ambiguous. For example, consider the string "c:\program /// files\sub dir\program name". This string can be interpreted in a number of ways. The system tries to interpret the possibilities /// in the following order: /// /// /// If the executable module is a 16-bit application, lpApplicationName should be NULL, and the string pointed to by /// lpCommandLine should specify the executable module as well as its arguments. /// /// /// To run a batch file, you must start the command interpreter; set lpApplicationName to cmd.exe and set lpCommandLine to the /// following arguments: /c plus the name of the batch file. /// /// /// /// /// The command line to be executed. The maximum length of this string is 32,768 characters, including the Unicode terminating null /// character. If lpApplicationName is NULL, the module name portion of lpCommandLine is limited to MAX_PATH characters. /// /// /// The Unicode version of this function, CreateProcessW, can modify the contents of this string. Therefore, this parameter /// cannot be a pointer to read-only memory (such as a const variable or a literal string). If this parameter is a constant /// string, the function may cause an access violation. /// /// /// The lpCommandLine parameter can be NULL. In that case, the function uses the string pointed to by lpApplicationName as the /// command line. /// /// /// If both lpApplicationName and lpCommandLine are non- NULL, the null-terminated string pointed to by lpApplicationName /// specifies the module to execute, and the null-terminated string pointed to by lpCommandLine specifies the command line. The new /// process can use GetCommandLine to retrieve the entire command line. Console processes written in C can use the argc and /// argv arguments to parse the command line. Because argv[0] is the module name, C programmers generally repeat the module name as /// the first token in the command line. /// /// /// If lpApplicationName is NULL, the first white space–delimited token of the command line specifies the module name. If you are /// using a long file name that contains a space, use quoted strings to indicate where the file name ends and the arguments begin /// (see the explanation for the lpApplicationName parameter). If the file name does not contain an extension, .exe is appended. /// Therefore, if the file name extension is .com, this parameter must include the .com extension. If the file name ends in a period /// (.) with no extension, or if the file name contains a path, .exe is not appended. If the file name does not contain a directory /// path, the system searches for the executable file in the following sequence: /// /// /// The system adds a terminating null character to the command-line string to separate the file name from the arguments. This /// divides the original string into two strings for internal processing. /// /// /// /// /// A pointer to a SECURITY_ATTRIBUTES structure that determines whether the returned handle to the new process object can be /// inherited by child processes. If lpProcessAttributes is NULL, the handle cannot be inherited. /// /// /// The lpSecurityDescriptor member of the structure specifies a security descriptor for the new process. If /// lpProcessAttributes is NULL or lpSecurityDescriptor is NULL, the process gets a default security descriptor. The /// ACLs in the default security descriptor for a process come from the primary token of the creator. /// /// /// Windows XP: The ACLs in the default security descriptor for a process come from the primary or impersonation token of the /// creator. This behavior changed with Windows XP with SP2 and Windows Server 2003. /// /// /// /// /// A pointer to a SECURITY_ATTRIBUTES structure that determines whether the returned handle to the new thread object can be /// inherited by child processes. If lpThreadAttributes is NULL, the handle cannot be inherited. /// /// /// The lpSecurityDescriptor member of the structure specifies a security descriptor for the main thread. If /// lpThreadAttributes is NULL or lpSecurityDescriptor is NULL, the thread gets a default security descriptor. The ACLs in the /// default security descriptor for a thread come from the process token. /// /// /// Windows XP: The ACLs in the default security descriptor for a thread come from the primary or impersonation token of the /// creator. This behavior changed with Windows XP with SP2 and Windows Server 2003. /// /// /// /// /// If this parameter is TRUE, each inheritable handle in the calling process is inherited by the new process. If the parameter is /// FALSE, the handles are not inherited. Note that inherited handles have the same value and access rights as the original handles. /// /// /// Terminal Services: You cannot inherit handles across sessions. Additionally, if this parameter is TRUE, you must create /// the process in the same session as the caller. /// /// /// Protected Process Light (PPL) processes: The generic handle inheritance is blocked when a PPL process creates a non-PPL /// process since PROCESS_DUP_HANDLE is not allowed from a non-PPL process to a PPL process. See Process Security and Access Rights /// /// /// /// /// The flags that control the priority class and the creation of the process. For a list of values, see Process Creation Flags. /// /// /// This parameter also controls the new process's priority class, which is used to determine the scheduling priorities of the /// process's threads. For a list of values, see GetPriorityClass. If none of the priority class flags is specified, the /// priority class defaults to NORMAL_PRIORITY_CLASS unless the priority class of the creating process is /// IDLE_PRIORITY_CLASS or BELOW_NORMAL_PRIORITY_CLASS. In this case, the child process receives the default priority /// class of the calling process. /// /// /// /// /// A pointer to the environment block for the new process. If this parameter is NULL, the new process uses the environment of /// the calling process. /// /// An environment block consists of a null-terminated block of null-terminated strings. Each string is in the following form: /// name=value\0 /// Because the equal sign is used as a separator, it must not be used in the name of an environment variable. /// /// An environment block can contain either Unicode or ANSI characters. If the environment block pointed to by lpEnvironment contains /// Unicode characters, be sure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT. If this parameter is NULL and /// the environment block of the parent process contains Unicode characters, you must also ensure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT. /// /// /// The ANSI version of this function, CreateProcessA fails if the total size of the environment block for the process exceeds /// 32,767 characters. /// /// /// Note that an ANSI environment block is terminated by two zero bytes: one for the last string, one more to terminate the block. A /// Unicode environment block is terminated by four zero bytes: two for the last string, two more to terminate the block. /// /// /// /// The full path to the current directory for the process. The string can also specify a UNC path. /// /// If this parameter is NULL, the new process will have the same current drive and directory as the calling process. (This /// feature is provided primarily for shells that need to start an application and specify its initial drive and working directory.) /// /// /// /// A pointer to a STARTUPINFO or STARTUPINFOEX structure. /// /// To set extended attributes, use a STARTUPINFOEX structure and specify EXTENDED_STARTUPINFO_PRESENT in the dwCreationFlags parameter. /// /// Handles in STARTUPINFO or STARTUPINFOEX must be closed with CloseHandle when they are no longer needed. /// /// /// A pointer to a PROCESS_INFORMATION structure that receives identification information about the new process. /// Handles in PROCESS_INFORMATION must be closed with CloseHandle when they are no longer needed. /// /// /// If the function succeeds, the return value is nonzero. /// If the function fails, the return value is zero. To get extended error information, call GetLastError. /// /// Note that the function returns before the process has finished initialization. If a required DLL cannot be located or fails to /// initialize, the process is terminated. To get the termination status of a process, call GetExitCodeProcess. /// /// // BOOL WINAPI CreateProcess( _In_opt_ LPCTSTR lpApplicationName, _Inout_opt_ LPTSTR lpCommandLine, _In_opt_ LPSECURITY_ATTRIBUTES // lpProcessAttributes, _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, _In_ BOOL bInheritHandles, _In_ DWORD dwCreationFlags, // _In_opt_ LPVOID lpEnvironment, _In_opt_ LPCTSTR lpCurrentDirectory, _In_ LPSTARTUPINFO lpStartupInfo, _Out_ LPPROCESS_INFORMATION // lpProcessInformation); https://msdn.microsoft.com/en-us/library/windows/desktop/ms682425(v=vs.85).aspx [DllImport(Lib.Kernel32, SetLastError = true, CharSet = CharSet.Auto)] [PInvokeData("WinBase.h", MSDNShortId = "ms682425")] [return: MarshalAs(UnmanagedType.Bool)] private static extern bool CreateProcess(string lpApplicationName, StringBuilder lpCommandLine, [In] SECURITY_ATTRIBUTES lpProcessAttributes, [In] SECURITY_ATTRIBUTES lpThreadAttributes, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandles, CREATE_PROCESS dwCreationFlags, [In] IntPtr lpEnvironment, string lpCurrentDirectory, in STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); ///

/// /// /// A handle to the primary token that represents a user. The handle must have the TOKEN_QUERY, TOKEN_DUPLICATE, and /// TOKEN_ASSIGN_PRIMARY access rights. For more information, see Access Rights for Access-Token Objects. The user /// represented by the token must have read and execute access to the application specified by the lpApplicationName or the /// lpCommandLine parameter. /// /// /// To get a primary token that represents the specified user, call the LogonUser function. Alternatively, you can call the /// DuplicateTokenEx function to convert an impersonation token into a primary token. This allows a server application that is /// impersonating a client to create a process that has the security context of the client. /// /// /// If hToken is a restricted version of the caller's primary token, the SE_ASSIGNPRIMARYTOKEN_NAME privilege is not required. /// If the necessary privileges are not already enabled, CreateProcessAsUser enables them for the duration of the call. For /// more information, see Running with Special Privileges. /// /// /// Terminal Services: The process is run in the session specified in the token. By default, this is the same session that /// called LogonUser. To change the session, use the SetTokenInformation function. /// /// /// /// /// The name of the module to be executed. This module can be a Windows-based application. It can be some other type of module (for /// example, MS-DOS or OS/2) if the appropriate subsystem is available on the local computer. /// /// /// The string can specify the full path and file name of the module to execute or it can specify a partial name. In the case of a /// partial name, the function uses the current drive and current directory to complete the specification. The function will not use /// the search path. This parameter must include the file name extension; no default extension is assumed. /// /// /// The lpApplicationName parameter can be NULL. In that case, the module name must be the first white space–delimited token /// in the lpCommandLine string. If you are using a long file name that contains a space, use quoted strings to indicate where the /// file name ends and the arguments begin; otherwise, the file name is ambiguous. For example, consider the string "c:\program /// files\sub dir\program name". This string can be interpreted in a number of ways. The system tries to interpret the possibilities /// in the following order: /// /// /// If the executable module is a 16-bit application, lpApplicationName should be NULL, and the string pointed to by /// lpCommandLine should specify the executable module as well as its arguments. By default, all 16-bit Windows-based applications /// created by CreateProcessAsUser are run in a separate VDM (equivalent to CREATE_SEPARATE_WOW_VDM in CreateProcess). /// /// /// /// /// The command line to be executed. The maximum length of this string is 32K characters. If lpApplicationName is NULL, the /// module name portion of lpCommandLine is limited to MAX_PATH characters. /// /// /// The Unicode version of this function, CreateProcessAsUserW, can modify the contents of this string. Therefore, this /// parameter cannot be a pointer to read-only memory (such as a const variable or a literal string). If this parameter is a /// constant string, the function may cause an access violation. /// /// /// The lpCommandLine parameter can be NULL. In that case, the function uses the string pointed to by lpApplicationName as the /// command line. /// /// /// If both lpApplicationName and lpCommandLine are non- NULL, *lpApplicationName specifies the module to execute, and /// *lpCommandLine specifies the command line. The new process can use GetCommandLine to retrieve the entire command line. /// Console processes written in C can use the argc and argv arguments to parse the command line. Because argv[0] is the module name, /// C programmers generally repeat the module name as the first token in the command line. /// /// /// If lpApplicationName is NULL, the first white space–delimited token of the command line specifies the module name. If you /// are using a long file name that contains a space, use quoted strings to indicate where the file name ends and the arguments begin /// (see the explanation for the lpApplicationName parameter). If the file name does not contain an extension, .exe is appended. /// Therefore, if the file name extension is .com, this parameter must include the .com extension. If the file name ends in a period /// (.) with no extension, or if the file name contains a path, .exe is not appended. If the file name does not contain a directory /// path, the system searches for the executable file in the following sequence: /// /// /// The system adds a null character to the command line string to separate the file name from the arguments. This divides the /// original string into two strings for internal processing. /// /// /// /// A pointer to a SECURITY_ATTRIBUTES structure that specifies a security descriptor for the new process object and /// determines whether child processes can inherit the returned handle to the process. If lpProcessAttributes is NULL or /// lpSecurityDescriptor is NULL, the process gets a default security descriptor and the handle cannot be inherited. /// The default security descriptor is that of the user referenced in the hToken parameter. This security descriptor may not allow /// access for the caller, in which case the process may not be opened again after it is run. The process handle is valid and will /// continue to have full access rights. /// /// /// A pointer to a SECURITY_ATTRIBUTES structure that specifies a security descriptor for the new thread object and determines /// whether child processes can inherit the returned handle to the thread. If lpThreadAttributes is NULL or /// lpSecurityDescriptor is NULL, the thread gets a default security descriptor and the handle cannot be inherited. The /// default security descriptor is that of the user referenced in the hToken parameter. This security descriptor may not allow access /// for the caller. /// /// /// /// If this parameter is TRUE, each inheritable handle in the calling process is inherited by the new process. If the /// parameter is FALSE, the handles are not inherited. Note that inherited handles have the same value and access rights as /// the original handles. /// /// /// Terminal Services: You cannot inherit handles across sessions. Additionally, if this parameter is TRUE, you must /// create the process in the same session as the caller. /// /// /// Protected Process Light (PPL) processes: The generic handle inheritance is blocked when a PPL process creates a non-PPL /// process since PROCESS_DUP_HANDLE is not allowed from a non-PPL process to a PPL process. See Process Security and Access Rights /// /// /// /// /// The flags that control the priority class and the creation of the process. For a list of values, see Process Creation Flags. /// /// /// This parameter also controls the new process's priority class, which is used to determine the scheduling priorities of the /// process's threads. For a list of values, see GetPriorityClass. If none of the priority class flags is specified, the /// priority class defaults to NORMAL_PRIORITY_CLASS unless the priority class of the creating process is /// IDLE_PRIORITY_CLASS or BELOW_NORMAL_PRIORITY_CLASS. In this case, the child process receives the default priority /// class of the calling process. /// /// /// /// /// A pointer to an environment block for the new process. If this parameter is NULL, the new process uses the environment of /// the calling process. /// /// An environment block consists of a null-terminated block of null-terminated strings. Each string is in the following form: /// name=value\0 /// Because the equal sign is used as a separator, it must not be used in the name of an environment variable. /// /// An environment block can contain either Unicode or ANSI characters. If the environment block pointed to by lpEnvironment contains /// Unicode characters, be sure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT. If this parameter is NULL and /// the environment block of the parent process contains Unicode characters, you must also ensure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT. /// /// /// The ANSI version of this function, CreateProcessAsUserA fails if the total size of the environment block for the process /// exceeds 32,767 characters. /// /// /// Note that an ANSI environment block is terminated by two zero bytes: one for the last string, one more to terminate the block. A /// Unicode environment block is terminated by four zero bytes: two for the last string, two more to terminate the block. /// /// /// Windows Server 2003 and Windows XP: If the size of the combined user and system environment variable exceeds 8192 bytes, /// the process created by CreateProcessAsUser no longer runs with the environment block passed to the function by the parent /// process. Instead, the child process runs with the environment block returned by the CreateEnvironmentBlock function. /// /// To retrieve a copy of the environment block for a given user, use the CreateEnvironmentBlock function. /// /// /// The full path to the current directory for the process. The string can also specify a UNC path. /// /// If this parameter is NULL, the new process will have the same current drive and directory as the calling process. (This feature /// is provided primarily for shells that need to start an application and specify its initial drive and working directory.) /// /// /// /// A pointer to a STARTUPINFO or STARTUPINFOEX structure. /// /// The user must have full access to both the specified window station and desktop. If you want the process to be interactive, /// specify winsta0\default. If the lpDesktop member is NULL, the new process inherits the desktop and window station of its /// parent process. If this member is an empty string, "", the new process connects to a window station using the rules described in /// Process Connection to a Window Station. /// /// /// To set extended attributes, use a STARTUPINFOEX structure and specify EXTENDED_STARTUPINFO_PRESENT in the /// dwCreationFlags parameter. /// /// Handles in STARTUPINFO or STARTUPINFOEX must be closed with CloseHandle when they are no longer needed. /// /// /// A pointer to a PROCESS_INFORMATION structure that receives identification information about the new process. /// Handles in PROCESS_INFORMATION must be closed with CloseHandle when they are no longer needed. /// /// /// If the function succeeds, the return value is nonzero. /// If the function fails, the return value is zero. To get extended error information, call GetLastError. /// /// Note that the function returns before the process has finished initialization. If a required DLL cannot be located or fails to /// initialize, the process is terminated. To get the termination status of a process, call GetExitCodeProcess. /// /// // BOOL WINAPI CreateProcessAsUser( _In_opt_ HANDLE hToken, _In_opt_ LPCTSTR lpApplicationName, _Inout_opt_ LPTSTR lpCommandLine, // _In_opt_ LPSECURITY_ATTRIBUTES lpProcessAttributes, _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, _In_ BOOL bInheritHandles, // _In_ DWORD dwCreationFlags, _In_opt_ LPVOID lpEnvironment, _In_opt_ LPCTSTR lpCurrentDirectory, _In_ LPSTARTUPINFO lpStartupInfo, // _Out_ LPPROCESS_INFORMATION lpProcessInformation); https://msdn.microsoft.com/en-us/library/windows/desktop/ms682429(v=vs.85).aspx [DllImport(Lib.AdvApi32, SetLastError = true, CharSet = CharSet.Auto)] [PInvokeData("WinBase.h", MSDNShortId = "ms682429")] [return: MarshalAs(UnmanagedType.Bool)] private static extern bool CreateProcessAsUser(HTOKEN hToken, string lpApplicationName, StringBuilder lpCommandLine, SECURITY_ATTRIBUTES lpProcessAttributes, SECURITY_ATTRIBUTES lpThreadAttributes, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandles, CREATE_PROCESS dwCreationFlags, IntPtr lpEnvironment, string lpCurrentDirectory, in STARTUPINFO lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); ///

/// /// /// A handle to the primary token that represents a user. The handle must have the TOKEN_QUERY, TOKEN_DUPLICATE, and /// TOKEN_ASSIGN_PRIMARY access rights. For more information, see Access Rights for Access-Token Objects. The user /// represented by the token must have read and execute access to the application specified by the lpApplicationName or the /// lpCommandLine parameter. /// /// /// To get a primary token that represents the specified user, call the LogonUser function. Alternatively, you can call the /// DuplicateTokenEx function to convert an impersonation token into a primary token. This allows a server application that is /// impersonating a client to create a process that has the security context of the client. /// /// /// If hToken is a restricted version of the caller's primary token, the SE_ASSIGNPRIMARYTOKEN_NAME privilege is not required. /// If the necessary privileges are not already enabled, CreateProcessAsUser enables them for the duration of the call. For /// more information, see Running with Special Privileges. /// /// /// Terminal Services: The process is run in the session specified in the token. By default, this is the same session that /// called LogonUser. To change the session, use the SetTokenInformation function. /// /// /// /// /// The name of the module to be executed. This module can be a Windows-based application. It can be some other type of module (for /// example, MS-DOS or OS/2) if the appropriate subsystem is available on the local computer. /// /// /// The string can specify the full path and file name of the module to execute or it can specify a partial name. In the case of a /// partial name, the function uses the current drive and current directory to complete the specification. The function will not use /// the search path. This parameter must include the file name extension; no default extension is assumed. /// /// /// The lpApplicationName parameter can be NULL. In that case, the module name must be the first white space–delimited token /// in the lpCommandLine string. If you are using a long file name that contains a space, use quoted strings to indicate where the /// file name ends and the arguments begin; otherwise, the file name is ambiguous. For example, consider the string "c:\program /// files\sub dir\program name". This string can be interpreted in a number of ways. The system tries to interpret the possibilities /// in the following order: /// /// /// If the executable module is a 16-bit application, lpApplicationName should be NULL, and the string pointed to by /// lpCommandLine should specify the executable module as well as its arguments. By default, all 16-bit Windows-based applications /// created by CreateProcessAsUser are run in a separate VDM (equivalent to CREATE_SEPARATE_WOW_VDM in CreateProcess). /// /// /// /// /// The command line to be executed. The maximum length of this string is 32K characters. If lpApplicationName is NULL, the /// module name portion of lpCommandLine is limited to MAX_PATH characters. /// /// /// The Unicode version of this function, CreateProcessAsUserW, can modify the contents of this string. Therefore, this /// parameter cannot be a pointer to read-only memory (such as a const variable or a literal string). If this parameter is a /// constant string, the function may cause an access violation. /// /// /// The lpCommandLine parameter can be NULL. In that case, the function uses the string pointed to by lpApplicationName as the /// command line. /// /// /// If both lpApplicationName and lpCommandLine are non- NULL, *lpApplicationName specifies the module to execute, and /// *lpCommandLine specifies the command line. The new process can use GetCommandLine to retrieve the entire command line. /// Console processes written in C can use the argc and argv arguments to parse the command line. Because argv[0] is the module name, /// C programmers generally repeat the module name as the first token in the command line. /// /// /// If lpApplicationName is NULL, the first white space–delimited token of the command line specifies the module name. If you /// are using a long file name that contains a space, use quoted strings to indicate where the file name ends and the arguments begin /// (see the explanation for the lpApplicationName parameter). If the file name does not contain an extension, .exe is appended. /// Therefore, if the file name extension is .com, this parameter must include the .com extension. If the file name ends in a period /// (.) with no extension, or if the file name contains a path, .exe is not appended. If the file name does not contain a directory /// path, the system searches for the executable file in the following sequence: /// /// /// The system adds a null character to the command line string to separate the file name from the arguments. This divides the /// original string into two strings for internal processing. /// /// /// /// A pointer to a SECURITY_ATTRIBUTES structure that specifies a security descriptor for the new process object and /// determines whether child processes can inherit the returned handle to the process. If lpProcessAttributes is NULL or /// lpSecurityDescriptor is NULL, the process gets a default security descriptor and the handle cannot be inherited. /// The default security descriptor is that of the user referenced in the hToken parameter. This security descriptor may not allow /// access for the caller, in which case the process may not be opened again after it is run. The process handle is valid and will /// continue to have full access rights. /// /// /// A pointer to a SECURITY_ATTRIBUTES structure that specifies a security descriptor for the new thread object and determines /// whether child processes can inherit the returned handle to the thread. If lpThreadAttributes is NULL or /// lpSecurityDescriptor is NULL, the thread gets a default security descriptor and the handle cannot be inherited. The /// default security descriptor is that of the user referenced in the hToken parameter. This security descriptor may not allow access /// for the caller. /// /// /// /// If this parameter is TRUE, each inheritable handle in the calling process is inherited by the new process. If the /// parameter is FALSE, the handles are not inherited. Note that inherited handles have the same value and access rights as /// the original handles. /// /// /// Terminal Services: You cannot inherit handles across sessions. Additionally, if this parameter is TRUE, you must /// create the process in the same session as the caller. /// /// /// Protected Process Light (PPL) processes: The generic handle inheritance is blocked when a PPL process creates a non-PPL /// process since PROCESS_DUP_HANDLE is not allowed from a non-PPL process to a PPL process. See Process Security and Access Rights /// /// /// /// /// The flags that control the priority class and the creation of the process. For a list of values, see Process Creation Flags. /// /// /// This parameter also controls the new process's priority class, which is used to determine the scheduling priorities of the /// process's threads. For a list of values, see GetPriorityClass. If none of the priority class flags is specified, the /// priority class defaults to NORMAL_PRIORITY_CLASS unless the priority class of the creating process is /// IDLE_PRIORITY_CLASS or BELOW_NORMAL_PRIORITY_CLASS. In this case, the child process receives the default priority /// class of the calling process. /// /// /// /// /// A pointer to an environment block for the new process. If this parameter is NULL, the new process uses the environment of /// the calling process. /// /// An environment block consists of a null-terminated block of null-terminated strings. Each string is in the following form: /// name=value\0 /// Because the equal sign is used as a separator, it must not be used in the name of an environment variable. /// /// An environment block can contain either Unicode or ANSI characters. If the environment block pointed to by lpEnvironment contains /// Unicode characters, be sure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT. If this parameter is NULL and /// the environment block of the parent process contains Unicode characters, you must also ensure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT. /// /// /// The ANSI version of this function, CreateProcessAsUserA fails if the total size of the environment block for the process /// exceeds 32,767 characters. /// /// /// Note that an ANSI environment block is terminated by two zero bytes: one for the last string, one more to terminate the block. A /// Unicode environment block is terminated by four zero bytes: two for the last string, two more to terminate the block. /// /// /// Windows Server 2003 and Windows XP: If the size of the combined user and system environment variable exceeds 8192 bytes, /// the process created by CreateProcessAsUser no longer runs with the environment block passed to the function by the parent /// process. Instead, the child process runs with the environment block returned by the CreateEnvironmentBlock function. /// /// To retrieve a copy of the environment block for a given user, use the CreateEnvironmentBlock function. /// /// /// The full path to the current directory for the process. The string can also specify a UNC path. /// /// If this parameter is NULL, the new process will have the same current drive and directory as the calling process. (This feature /// is provided primarily for shells that need to start an application and specify its initial drive and working directory.) /// /// /// /// A pointer to a STARTUPINFO or STARTUPINFOEX structure. /// /// The user must have full access to both the specified window station and desktop. If you want the process to be interactive, /// specify winsta0\default. If the lpDesktop member is NULL, the new process inherits the desktop and window station of its /// parent process. If this member is an empty string, "", the new process connects to a window station using the rules described in /// Process Connection to a Window Station. /// /// /// To set extended attributes, use a STARTUPINFOEX structure and specify EXTENDED_STARTUPINFO_PRESENT in the /// dwCreationFlags parameter. /// /// Handles in STARTUPINFO or STARTUPINFOEX must be closed with CloseHandle when they are no longer needed. /// /// /// A pointer to a PROCESS_INFORMATION structure that receives identification information about the new process. /// Handles in PROCESS_INFORMATION must be closed with CloseHandle when they are no longer needed. /// /// /// If the function succeeds, the return value is nonzero. /// If the function fails, the return value is zero. To get extended error information, call GetLastError. /// /// Note that the function returns before the process has finished initialization. If a required DLL cannot be located or fails to /// initialize, the process is terminated. To get the termination status of a process, call GetExitCodeProcess. /// /// // BOOL WINAPI CreateProcessAsUser( _In_opt_ HANDLE hToken, _In_opt_ LPCTSTR lpApplicationName, _Inout_opt_ LPTSTR lpCommandLine, // _In_opt_ LPSECURITY_ATTRIBUTES lpProcessAttributes, _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, _In_ BOOL bInheritHandles, // _In_ DWORD dwCreationFlags, _In_opt_ LPVOID lpEnvironment, _In_opt_ LPCTSTR lpCurrentDirectory, _In_ LPSTARTUPINFO lpStartupInfo, // _Out_ LPPROCESS_INFORMATION lpProcessInformation); https://msdn.microsoft.com/en-us/library/windows/desktop/ms682429(v=vs.85).aspx [DllImport(Lib.AdvApi32, SetLastError = true, CharSet = CharSet.Auto)] [PInvokeData("WinBase.h", MSDNShortId = "ms682429")] [return: MarshalAs(UnmanagedType.Bool)] private static extern bool CreateProcessAsUser(HTOKEN hToken, string lpApplicationName, StringBuilder lpCommandLine, SECURITY_ATTRIBUTES lpProcessAttributes, SECURITY_ATTRIBUTES lpThreadAttributes, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandles, CREATE_PROCESS dwCreationFlags, IntPtr lpEnvironment, string lpCurrentDirectory, in STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); // Attribute may be used with thread creation Attribute is input only Attribute may be "accumulated," e.g. bitmasks, counters, etc. private static UIntPtr ProcThreadAttributeValue(PROC_THREAD_ATTRIBUTE_NUM Number, bool Thread, bool Input, bool Additive) => (UIntPtr)(((uint)Number & PROC_THREAD_ATTRIBUTE_NUMBER) | (Thread ? PROC_THREAD_ATTRIBUTE_THREAD : 0) | (Input ? PROC_THREAD_ATTRIBUTE_INPUT : 0) | (Additive ? PROC_THREAD_ATTRIBUTE_ADDITIVE : 0)); ///

/// Represents app memory usage at a single point in time. This structure is used by the PROCESS_INFORMATION_CLASS class. ///

// typedef struct _APP_MEMORY_INFORMATION { ULONG64 AvailableCommit; ULONG64 PrivateCommitUsage; ULONG64 PeakPrivateCommitUsage; // ULONG64 TotalCommitUsage;} APP_MEMORY_INFORMATION, *PAPP_MEMORY_INFORMATION; https://msdn.microsoft.com/en-us/library/windows/desktop/mt767995(v=vs.85).aspx [PInvokeData("WinBase.h", MSDNShortId = "mt767995")] [StructLayout(LayoutKind.Sequential)] public struct APP_MEMORY_INFORMATION { ///

Total commit available to the app.

public ulong AvailableCommit; ///

The app's usage of private commit.

public ulong PrivateCommitUsage; ///

The app's peak usage of private commit.

public ulong PeakPrivateCommitUsage; ///

The app's total usage of private plus shared commit.

public ulong TotalCommitUsage; } ///

/// Contains processor-specific register data. The system uses CONTEXT structures to perform various internal operations. Refer to /// the header file WinNT.h for definitions of this structure for each processor architecture. ///

// https://msdn.microsoft.com/en-us/library/windows/desktop/ms679284(v=vs.85).aspx [StructLayout(LayoutKind.Sequential)] public struct CONTEXT { public uint ContextFlags; public uint Dr0; public uint Dr1; public uint Dr2; public uint Dr3; public uint Dr6; public uint Dr7; // Retrieved by CONTEXT_FLOATING_POINT public FLOATING_SAVE_AREA FloatSave; // Retrieved by CONTEXT_SEGMENTS public uint SegGs; public uint SegFs; public uint SegEs; public uint SegDs; // Retrieved by CONTEXT_INTEGER public uint Edi; public uint Esi; public uint Ebx; public uint Edx; public uint Ecx; public uint Eax; // Retrieved by CONTEXT_CONTROL public uint Ebp; public uint Eip; public uint SegCs; public uint EFlags; public uint Esp; public uint SegSs; // Retrieved by CONTEXT_EXTENDED_REGISTERS [MarshalAs(UnmanagedType.ByValArray, SizeConst = 512)] public byte[] ExtendedRegisters; ///

Represents the 80387 save area on WOW64. Refer to the header file WinNT.h for the definition of this structure.

// https://msdn.microsoft.com/en-us/library/windows/desktop/ms681671(v=vs.85).aspx [PInvokeData("WinNT.h", MSDNShortId = "ms681671")] [StructLayout(LayoutKind.Sequential)] public struct FLOATING_SAVE_AREA { public int ControlWord; public int StatusWord; public int TagWord; public int ErrorOffset; public int ErrorSelector; public int DataOffset; public int DataSelector; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 80)] public byte[] RegisterArea; public int Cr0NpxState; } } [StructLayout(LayoutKind.Sequential, Pack = 16)] public struct CONTEXT64 { public ulong P1Home; public ulong P2Home; public ulong P3Home; public ulong P4Home; public ulong P5Home; public ulong P6Home; public uint ContextFlags; public uint MxCsr; public ushort SegCs; public ushort SegDs; public ushort SegEs; public ushort SegFs; public ushort SegGs; public ushort SegSs; public uint EFlags; public ulong Dr0; public ulong Dr1; public ulong Dr2; public ulong Dr3; public ulong Dr6; public ulong Dr7; public ulong Rax; public ulong Rcx; public ulong Rdx; public ulong Rbx; public ulong Rsp; public ulong Rbp; public ulong Rsi; public ulong Rdi; public ulong R8; public ulong R9; public ulong R10; public ulong R11; public ulong R12; public ulong R13; public ulong R14; public ulong R15; public ulong Rip; public XSAVE_FORMAT64 DUMMYUNIONNAME; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 26)] public M128A[] VectorRegister; public ulong VectorControl; public ulong DebugControl; public ulong LastBranchToRip; public ulong LastBranchFromRip; public ulong LastExceptionToRip; public ulong LastExceptionFromRip; [StructLayout(LayoutKind.Sequential)] public struct M128A { public ulong High; public long Low; } [StructLayout(LayoutKind.Sequential, Pack = 16)] public struct XSAVE_FORMAT64 { public ushort ControlWord; public ushort StatusWord; public byte TagWord; public byte Reserved1; public ushort ErrorOpcode; public uint ErrorOffset; public ushort ErrorSelector; public ushort Reserved2; public uint DataOffset; public ushort DataSelector; public ushort Reserved3; public uint MxCsr; public uint MxCsr_Mask; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 8)] public M128A[] FloatRegisters; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)] public M128A[] XmmRegisters; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 96)] public byte[] Reserved4; } } ///

/// Specifies the memory priority for a thread or process. This structure is used by the GetProcessInformation, /// SetProcessInformation, GetThreadInformation, and SetThreadInformation functions. ///

// typedef struct _MEMORY_PRIORITY_INFORMATION { ULONG MemoryPriority;} MEMORY_PRIORITY_INFORMATION, *PMEMORY_PRIORITY_INFORMATION; https://msdn.microsoft.com/en-us/library/windows/desktop/hh448387(v=vs.85).aspx [PInvokeData("WinBase.h", MSDNShortId = "hh448387")] [StructLayout(LayoutKind.Sequential)] public struct MEMORY_PRIORITY_INFORMATION { ///

/// The memory priority for the thread or process. This member can be one of the following values. /// /// /// /// Value /// Meaning /// /// /// MEMORY_PRIORITY_VERY_LOW1 /// Very low memory priority. /// /// /// MEMORY_PRIORITY_LOW2 /// Low memory priority. /// /// /// MEMORY_PRIORITY_MEDIUM3 /// Medium memory priority. /// /// /// MEMORY_PRIORITY_BELOW_NORMAL4 /// Below normal memory priority. /// /// /// MEMORY_PRIORITY_NORMAL5 /// Normal memory priority. This is the default priority for all threads and processes on the system. /// /// /// ///

public MEMORY_PRIORITY MemoryPriority; } ///

/// Contains information about a newly created process and its primary thread. It is used with the CreateProcess, /// CreateProcessAsUser, CreateProcessWithLogonW, or CreateProcessWithTokenW function. ///

// typedef struct _PROCESS_INFORMATION { HANDLE hProcess; HANDLE hThread; DWORD dwProcessId; DWORD dwThreadId;} PROCESS_INFORMATION, // *LPPROCESS_INFORMATION; https://msdn.microsoft.com/en-us/library/windows/desktop/ms684873(v=vs.85).aspx [PInvokeData("WinBase.h", MSDNShortId = "ms684873")] [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { ///

/// A handle to the newly created process. The handle is used to specify the process in all functions that perform operations on /// the process object. ///

public HPROCESS hProcess; ///

/// A handle to the primary thread of the newly created process. The handle is used to specify the thread in all functions that /// perform operations on the thread object. ///

public HTHREAD hThread; ///

/// A value that can be used to identify a process. The value is valid from the time the process is created until all handles to /// the process are closed and the process object is freed; at this point, the identifier may be reused. ///

public uint dwProcessId; ///

/// A value that can be used to identify a thread. The value is valid from the time the thread is created until all handles to /// the thread are closed and the thread object is freed; at this point, the identifier may be reused. ///

public uint dwThreadId; } ///

/// Allows applications to configure a process to terminate if an allocation fails to commit memory. This structure is used by the /// PROCESS_INFORMATION_CLASS class. ///

// typedef struct _PROCESS_MEMORY_EXHAUSTION_INFO { USHORT Version; USHORT Reserved; PROCESS_MEMORY_EXHAUSTION_TYPE Type; ULONG_PTR // Value;} PROCESS_MEMORY_EXHAUSTION_INFO, *PPROCESS_MEMORY_EXHAUSTION_INFO;// https://msdn.microsoft.com/en-us/library/windows/desktop/mt767997(v=vs.85).aspx [PInvokeData("WinBase.h", MSDNShortId = "mt767997")] [StructLayout(LayoutKind.Sequential)] public struct PROCESS_MEMORY_EXHAUSTION_INFO { ///

Version should be set to PME_CURRENT_VERSION.

public ushort Version; ///

Reserved.

public ushort Reserved; ///

/// Type of failure. /// Type should be set to PMETypeFailFastOnCommitFailure (this is the only type available). ///

public PROCESS_MEMORY_EXHAUSTION_TYPE Type; ///

/// Used to turn the feature on or off. /// /// /// /// Function /// Setting /// /// /// Enable /// PME_FAILFAST_ON_COMMIT_FAIL_ENABLE /// /// /// Disable /// PME_FAILFAST_ON_COMMIT_FAIL_DISABLE /// /// /// ///

public UIntPtr Value; } ///

/// Contains process mitigation policy settings for Address Space Randomization Layout (ASLR). The GetProcessMitigationPolicy /// and SetProcessMitigationPolicy functions use this structure. ///

// typedef struct _PROCESS_MITIGATION_ASLR_POLICY { union { DWORD Flags; struct { DWORD EnableBottomUpRandomization : 1; DWORD // EnableForceRelocateImages : 1; DWORD EnableHighEntropy : 1; DWORD DisallowStrippedImages : 1; DWORD ReservedFlags : 28; }; };} PROCESS_MITIGATION_ASLR_POLICY, // *PPROCESS_MITIGATION_ASLR_POLICY; https://msdn.microsoft.com/en-us/library/windows/desktop/hh769086(v=vs.85).aspx [PInvokeData("WinNT.h", MSDNShortId = "hh769086")] [StructLayout(LayoutKind.Sequential)] public struct PROCESS_MITIGATION_ASLR_POLICY { ///

The flags

public PROCESS_MITIGATION_ASLR_POLICY_FLAGS Flags; } ///

Contains process mitigation policy settings for the loading of images depending on the signatures for the image.

// typedef struct _PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY { union { DWORD Flags; struct { DWORD MicrosoftSignedOnly :1; DWORD // StoreSignedOnly :1; DWORD MitigationOptIn :1; DWORD ReservedFlags :29; }; };} PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY, // *PPROCESS_MITIGATION_BINARY_SIGNATURE_POLICY; https://msdn.microsoft.com/en-us/library/windows/desktop/mt706242(v=vs.85).aspx [PInvokeData("WinNT.h", MSDNShortId = "mt706242")] [StructLayout(LayoutKind.Sequential)] public struct PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY { ///

The flags

public PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY_FLAGS Flags; } ///

Stores policy information about creating child processes.

// https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/content/ntddk/ns-ntddk-_process_mitigation_child_process_policy [PInvokeData("WinNT.h", MSDNShortId = "")] [StructLayout(LayoutKind.Sequential)] public struct PROCESS_MITIGATION_CHILD_PROCESS_POLICY { ///

The flags

public PROCESS_MITIGATION_CHILD_PROCESS_POLICY_FLAGS Flags; } ///

/// Contains process mitigation policy settings for Control Flow Guard (CFG). The GetProcessMitigationPolicy and /// SetProcessMitigationPolicy functions use this structure. ///

// typedef struct _PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY { union { DWORD Flags; struct { DWORD EnableControlFlowGuard :1; // DWORD EnableExportSuppression :1; DWORD StrictMode :1; DWORD ReservedFlags :29; }; };} PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY, // *PPROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY; https://msdn.microsoft.com/en-us/library/windows/desktop/mt654121(v=vs.85).aspx [PInvokeData("WinNT.h", MSDNShortId = "mt654121")] [StructLayout(LayoutKind.Sequential)] public struct PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY { ///

The flags

public PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY_FLAGS Flags; } ///

/// Contains process mitigation policy settings for data execution prevention (DEP). The GetProcessMitigationPolicy and /// SetProcessMitigationPolicy functions use this structure. ///

// typedef struct _PROCESS_MITIGATION_DEP_POLICY { union { DWORD Flags; struct { DWORD Enable : 1; DWORD DisableAtlThunkEmulation : // 1; DWORD ReservedFlags : 30; }; }; BOOLEAN Permanent;} PROCESS_MITIGATION_DEP_POLICY, *PPROCESS_MITIGATION_DEP_POLICY; https://msdn.microsoft.com/en-us/library/windows/desktop/hh769087(v=vs.85).aspx [PInvokeData("WinNT.h", MSDNShortId = "hh769087")] [StructLayout(LayoutKind.Sequential, Pack = 1)] public struct PROCESS_MITIGATION_DEP_POLICY { ///

The flags

public PROCESS_MITIGATION_DEP_POLICY_FLAGS Flags; ///

DEP is permanently enabled and cannot be disabled if this field is set to TRUE.

public byte Permanent; } ///

Contains process mitigation policy settings for restricting dynamic code generation and modification.

// typedef struct _PROCESS_MITIGATION_DYNAMIC_CODE_POLICY { union { DWORD Flags; struct { DWORD ProhibitDynamicCode :1; DWORD // AllowThreadOptOut :1; DWORD AllowRemoteDowngrade :1; DWORD ReservedFlags :30; }; };} PROCESS_MITIGATION_DYNAMIC_CODE_POLICY, // *PPROCESS_MITIGATION_DYNAMIC_CODE_POLICY; https://msdn.microsoft.com/en-us/library/windows/desktop/mt706243(v=vs.85).aspx [PInvokeData("WinNT.h", MSDNShortId = "mt706243")] [StructLayout(LayoutKind.Sequential)] public struct PROCESS_MITIGATION_DYNAMIC_CODE_POLICY { ///

The flags

public PROCESS_MITIGATION_DYNAMIC_CODE_POLICY_FLAGS Flags; } ///

/// Contains process mitigation policy settings for legacy extension point DLLs. The GetProcessMitigationPolicy and /// SetProcessMitigationPolicy functions use this structure. ///

// typedef struct _PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY { union { DWORD Flags; struct { DWORD DisableExtensionPoints : // 1; DWORD ReservedFlags : 31; }; };} PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY, // *PPROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY; https://msdn.microsoft.com/en-us/library/windows/desktop/jj200586(v=vs.85).aspx [PInvokeData("Winnt.h", MSDNShortId = "jj200586")] [StructLayout(LayoutKind.Sequential)] public struct PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY { ///

The flags

public PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY_FLAGS Flags; } ///

Contains process mitigation policy settings for the loading of non-system fonts.

// typedef struct _PROCESS_MITIGATION_FONT_DISABLE_POLICY { union { DWORD Flags; struct { DWORD DisableNonSystemFonts :1; DWORD // AuditNonSystemFontLoading :1; DWORD ReservedFlags :30; }; };} PROCESS_MITIGATION_FONT_DISABLE_POLICY, // *PPROCESS_MITIGATION_FONT_DISABLE_POLICY; https://msdn.microsoft.com/en-us/library/windows/desktop/mt706244(v=vs.85).aspx [PInvokeData("WinNT.h", MSDNShortId = "mt706244")] [StructLayout(LayoutKind.Sequential)] public struct PROCESS_MITIGATION_FONT_DISABLE_POLICY { ///

The flags

public PROCESS_MITIGATION_FONT_DISABLE_POLICY_FLAGS Flags; } ///

Contains process mitigation policy settings for the loading of images from a remote device.

// typedef struct _PROCESS_MITIGATION_IMAGE_LOAD_POLICY { union { DWORD Flags; struct { DWORD NoRemoteImages :1; DWORD // NoLowMandatoryLabelImages :1; DWORD PreferSystem32Images :1; DWORD ReservedFlags :29; }; };} PROCESS_MITIGATION_IMAGE_LOAD_POLICY, // *PPROCESS_MITIGATION_IMAGE_LOAD_POLICY; https://msdn.microsoft.com/en-us/library/windows/desktop/mt706245(v=vs.85).aspx [PInvokeData("WinNT.h", MSDNShortId = "mt706245")] [StructLayout(LayoutKind.Sequential)] public struct PROCESS_MITIGATION_IMAGE_LOAD_POLICY { ///

The flags

public PROCESS_MITIGATION_IMAGE_LOAD_POLICY_FLAGS Flags; } ///

Stores information about process mitigation policy.

// https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/content/ntddk/ns-ntddk-_process_mitigation_payload_restriction_policy [PInvokeData("WinNT.h", MSDNShortId = "")] [StructLayout(LayoutKind.Sequential)] public struct PROCESS_MITIGATION_PAYLOAD_RESTRICTION_POLICY { ///

The flags

public PROCESS_MITIGATION_PAYLOAD_RESTRICTION_POLICY_FLAGS Flags; } ///

Used to impose new behavior on handle references that are not valid.

// typedef struct _PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY { union { DWORD Flags; struct { DWORD // RaiseExceptionOnInvalidHandleReference : 1; DWORD HandleExceptionsPermanentlyEnabled : 1; DWORD ReservedFlags : 30; }; };} PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY, // *PPROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY; https://msdn.microsoft.com/en-us/library/windows/desktop/hh871471(v=vs.85).aspx [PInvokeData("WinNT.h", MSDNShortId = "hh871471")] [StructLayout(LayoutKind.Sequential)] public struct PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY { ///

The flags

public PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY_FLAGS Flags; } ///

Used to impose restrictions on what system calls can be invoked by a process.

// typedef struct _PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY { union { DWORD Flags; struct { DWORD DisallowWin32kSystemCalls : 1; // DWORD ReservedFlags : 31; }; };} PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY, *PPROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY; https://msdn.microsoft.com/en-us/library/windows/desktop/hh871472(v=vs.85).aspx [PInvokeData("WinNT.h", MSDNShortId = "hh871472")] [StructLayout(LayoutKind.Sequential)] public struct PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY { ///

The flags

public PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY_FLAGS Flags; } ///

This structure is not supported.

// https://msdn.microsoft.com/en-us/library/windows/hardware/mt843942(v=vs.85).aspx [PInvokeData("WinNT.h", MSDNShortId = "mt843942")] [StructLayout(LayoutKind.Sequential)] public struct PROCESS_MITIGATION_SYSTEM_CALL_FILTER_POLICY { ///

Undocumented.

public uint FilterId; // Only lowest 4 bits } ///

/// Specifies the throttling policies and how to apply them to a target process when that process is subject to power management. ///

// typedef struct _PROCESS_POWER_THROTTLING_STATE { ULONG Version; ULONG ControlMask; ULONG StateMask;} PROCESS_POWER_THROTTLING_STATE, // *PPROCESS_POWER_THROTTLING_STATE;// https://msdn.microsoft.com/en-us/library/windows/desktop/mt804324(v=vs.85).aspx [PInvokeData("Processthreadsapi.h", MSDNShortId = "mt804324")] [StructLayout(LayoutKind.Sequential)] public struct PROCESS_POWER_THROTTLING_STATE { ///

/// The version of the PROCESS_POWER_THROTTLING_STATE structure. /// /// /// /// Value /// Meaning /// /// /// PROCESS_POWER_THROTTLING_CURRENT_VERSION /// The current version. /// /// /// ///

public uint Version; ///

/// This field enables the caller to take control of the power throttling mechanism. /// /// /// /// Value /// Meaning /// /// /// PROCESS_POWER_THROTTLING_EXECUTION_SPEED /// Manages the execution speed of the process. /// /// /// ///

public uint ControlMask; ///

/// Manages the power throttling mechanism on/off state. /// /// /// /// Value /// Meaning /// /// /// PROCESS_POWER_THROTTLING_EXECUTION_SPEED /// Manages the execution speed of the process. /// /// /// ///

public uint StateMask; } ///

Specifies whether Protected Process Light (PPL) is enabled.

// typedef struct _PROCESS_PROTECTION_LEVEL_INFORMATION { DWORD ProtectionLevel;} PROCESS_PROTECTION_LEVEL_INFORMATION, // *PPROCESS_PROTECTION_LEVEL_INFORMATION;// https://msdn.microsoft.com/en-us/library/windows/desktop/mt823702(v=vs.85).aspx [PInvokeData("Processthreadsapi.h", MSDNShortId = "mt823702")] [StructLayout(LayoutKind.Sequential)] public struct PROCESS_PROTECTION_LEVEL_INFORMATION { ///

/// The one of the following values. /// /// /// /// Value /// Meaning /// /// /// PROTECTION_LEVEL_WINTCB_LIGHT /// For internal use only. /// /// /// PROTECTION_LEVEL_WINDOWS /// For internal use only. /// /// /// PROTECTION_LEVEL_WINDOWS_LIGHT /// For internal use only. /// /// /// PROTECTION_LEVEL_ANTIMALWARE_LIGHT /// For internal use only. /// /// /// PROTECTION_LEVEL_LSA_LIGHT /// For internal use only. /// /// /// PROTECTION_LEVEL_WINTCB /// Not implemented. /// /// /// PROTECTION_LEVEL_CODEGEN_LIGHT /// Not implemented. /// /// /// PROTECTION_LEVEL_AUTHENTICODE /// Not implemented. /// /// /// PROTECTION_LEVEL_PPL_APP /// The process is a third party app that is using process protection. /// /// /// PROTECTION_LEVEL_NONE /// The process is not protected. /// /// /// ///

public PROTECTION_LEVEL ProtectionLevel; } ///

Represents a logical processor in a processor group.

[PInvokeData("WinNT.h", MSDNShortId = "dd405505")] [StructLayout(LayoutKind.Sequential, Pack = 1)] public struct PROCESSOR_NUMBER { ///

The processor group to which the logical processor is assigned.

public ushort Group; ///

The number of the logical processor relative to the group.

public byte Number; ///

This parameter is reserved.

public byte Reserved; } ///

/// Specifies the window station, desktop, standard handles, and appearance of the main window for a process at creation time. ///

// typedef struct _STARTUPINFO { DWORD cb; LPTSTR lpReserved; LPTSTR lpDesktop; LPTSTR lpTitle; DWORD dwX; DWORD dwY; DWORD dwXSize; // DWORD dwYSize; DWORD dwXCountChars; DWORD dwYCountChars; DWORD dwFillAttribute; DWORD dwFlags; WORD wShowWindow; WORD cbReserved2; // LPBYTE lpReserved2; HANDLE hStdInput; HANDLE hStdOutput; HANDLE hStdError;} STARTUPINFO, *LPSTARTUPINFO; https://msdn.microsoft.com/en-us/library/windows/desktop/ms686331(v=vs.85).aspx [PInvokeData("WinBase.h", MSDNShortId = "ms686331")] [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)] public struct STARTUPINFO { ///

The size of the structure, in bytes.

public uint cb; ///

Reserved; must be NULL.

public IntPtr lpReserved; ///

/// The name of the desktop, or the name of both the desktop and window station for this process. A backslash in the string /// indicates that the string includes both the desktop and window station names. For more information, see Thread Connection to /// a Desktop. ///

public string lpDesktop; ///

/// For console processes, this is the title displayed in the title bar if a new console window is created. If NULL, the name of /// the executable file is used as the window title instead. This parameter must be NULL for GUI or console processes that do not /// create a new console window. ///

public string lpTitle; ///

/// /// If dwFlags specifies STARTF_USEPOSITION, this member is the x offset of the upper left corner of a window if a new /// window is created, in pixels. Otherwise, this member is ignored. /// /// /// The offset is from the upper left corner of the screen. For GUI processes, the specified position is used the first time the /// new process calls CreateWindow to create an overlapped window if the x parameter of CreateWindow is CW_USEDEFAULT. /// ///

public uint dwX; ///

/// /// If dwFlags specifies STARTF_USEPOSITION, this member is the y offset of the upper left corner of a window if a new /// window is created, in pixels. Otherwise, this member is ignored. /// /// /// The offset is from the upper left corner of the screen. For GUI processes, the specified position is used the first time the /// new process calls CreateWindow to create an overlapped window if the y parameter of CreateWindow is CW_USEDEFAULT. /// ///

public uint dwY; ///

/// /// If dwFlags specifies STARTF_USESIZE, this member is the width of the window if a new window is created, in pixels. /// Otherwise, this member is ignored. /// /// /// For GUI processes, this is used only the first time the new process calls CreateWindow to create an overlapped window /// if the nWidth parameter of CreateWindow is CW_USEDEFAULT. /// ///

public uint dwXSize; ///

/// /// If dwFlags specifies STARTF_USESIZE, this member is the height of the window if a new window is created, in pixels. /// Otherwise, this member is ignored. /// /// /// For GUI processes, this is used only the first time the new process calls CreateWindow to create an overlapped window /// if the nHeight parameter of CreateWindow is CW_USEDEFAULT. /// ///

public uint dwYSize; ///

/// If dwFlags specifies STARTF_USECOUNTCHARS, if a new console window is created in a console process, this member /// specifies the screen buffer width, in character columns. Otherwise, this member is ignored. ///

public uint dwXCountChars; ///

/// If dwFlags specifies STARTF_USECOUNTCHARS, if a new console window is created in a console process, this member /// specifies the screen buffer height, in character rows. Otherwise, this member is ignored. ///

public uint dwYCountChars; ///

/// /// If dwFlags specifies STARTF_USEFILLATTRIBUTE, this member is the initial text and background colors if a new console /// window is created in a console application. Otherwise, this member is ignored. /// /// /// This value can be any combination of the following values: FOREGROUND_BLUE, FOREGROUND_GREEN, FOREGROUND_RED, /// FOREGROUND_INTENSITY, BACKGROUND_BLUE, BACKGROUND_GREEN, BACKGROUND_RED, and BACKGROUND_INTENSITY. For example, the following /// combination of values produces red text on a white background: /// ///

public CHARACTER_ATTRIBUTE dwFillAttribute; ///

/// /// A bitfield that determines whether certain STARTUPINFO members are used when the process creates a window. This member /// can be one or more of the following values. /// /// /// /// /// Value /// Meaning /// /// /// STARTF_FORCEONFEEDBACK0x00000040 /// /// Indicates that the cursor is in feedback mode for two seconds after CreateProcess is called. The Working in Background cursor /// is displayed (see the Pointers tab in the Mouse control panel utility). If during those two seconds the process makes the /// first GUI call, the system gives five more seconds to the process. If during those five seconds the process shows a window, /// the system gives five more seconds to the process to finish drawing the window.The system turns the feedback cursor off after /// the first call to GetMessage, regardless of whether the process is drawing. /// /// /// /// STARTF_FORCEOFFFEEDBACK0x00000080 /// Indicates that the feedback cursor is forced off while the process is starting. The Normal Select cursor is displayed. /// /// /// STARTF_PREVENTPINNING0x00002000 /// /// Indicates that any windows created by the process cannot be pinned on the taskbar.This flag must be combined with STARTF_TITLEISAPPID. /// /// /// /// STARTF_RUNFULLSCREEN0x00000020 /// /// Indicates that the process should be run in full-screen mode, rather than in windowed mode. This flag is only valid for /// console applications running on an x86 computer. /// /// /// /// STARTF_TITLEISAPPID0x00001000 /// /// The lpTitle member contains an AppUserModelID. This identifier controls how the taskbar and Start menu present the /// application, and enables it to be associated with the correct shortcuts and Jump Lists. Generally, applications will use the /// SetCurrentProcessExplicitAppUserModelID and GetCurrentProcessExplicitAppUserModelID functions instead of setting this flag. /// For more information, see Application User Model IDs.If STARTF_PREVENTPINNING is used, application windows cannot be pinned /// on the taskbar. The use of any AppUserModelID-related window properties by the application overrides this setting for that /// window only.This flag cannot be used with STARTF_TITLEISLINKNAME. /// /// /// /// STARTF_TITLEISLINKNAME0x00000800 /// /// The lpTitle member contains the path of the shortcut file (.lnk) that the user invoked to start this process. This is /// typically set by the shell when a .lnk file pointing to the launched application is invoked. Most applications will not need /// to set this value.This flag cannot be used with STARTF_TITLEISAPPID. /// /// /// /// STARTF_UNTRUSTEDSOURCE0x00008000 /// The command line came from an untrusted source. For more information, see Remarks. /// /// /// /// /// /// /// STARTF_USECOUNTCHARS0x00000008 /// The dwXCountChars and dwYCountChars members contain additional information. /// /// /// STARTF_USEFILLATTRIBUTE0x00000010 /// The dwFillAttribute member contains additional information. /// /// /// STARTF_USEHOTKEY0x00000200 /// The hStdInput member contains additional information. This flag cannot be used with STARTF_USESTDHANDLES. /// /// /// STARTF_USEPOSITION0x00000004 /// The dwX and dwY members contain additional information. /// /// /// STARTF_USESHOWWINDOW0x00000001 /// The wShowWindow member contains additional information. /// /// /// STARTF_USESIZE0x00000002 /// The dwXSize and dwYSize members contain additional information. /// /// /// STARTF_USESTDHANDLES0x00000100 /// /// The hStdInput, hStdOutput, and hStdError members contain additional information. If this flag is specified when calling one /// of the process creation functions, the handles must be inheritable and the function's bInheritHandles parameter must be set /// to TRUE. For more information, see Handle Inheritance.If this flag is specified when calling the GetStartupInfo function, /// these members are either the handle value specified during process creation or INVALID_HANDLE_VALUE.Handles must be closed /// with CloseHandle when they are no longer needed.This flag cannot be used with STARTF_USEHOTKEY. /// /// /// /// ///

public STARTF dwFlags; ///

/// /// If dwFlags specifies STARTF_USESHOWWINDOW, this member can be any of the values that can be specified in the nCmdShow /// parameter for the ShowWindow function, except for SW_SHOWDEFAULT. Otherwise, this member is ignored. /// /// /// For GUI processes, the first time ShowWindow is called, its nCmdShow parameter is ignored wShowWindow specifies /// the default value. In subsequent calls to ShowWindow, the wShowWindow member is used if the nCmdShow parameter /// of ShowWindow is set to SW_SHOWDEFAULT. /// ///

//[MarshalAs(UnmanagedType.U2)] public ushort wShowWindow; // ShowWindowCommand ///

Reserved for use by the C Run-time; must be zero.

public ushort cbReserved2; ///

Reserved for use by the C Run-time; must be NULL.

public IntPtr lpReserved2; ///

/// /// If dwFlags specifies STARTF_USESTDHANDLES, this member is the standard input handle for the process. If /// STARTF_USESTDHANDLES is not specified, the default for standard input is the keyboard buffer. /// /// /// If dwFlags specifies STARTF_USEHOTKEY, this member specifies a hotkey value that is sent as the wParam parameter of a /// WM_SETHOTKEY message to the first eligible top-level window created by the application that owns the process. If the window /// is created with the WS_POPUP window style, it is not eligible unless the WS_EX_APPWINDOW extended window style is also set. /// For more information, see CreateWindowEx. /// /// Otherwise, this member is ignored. ///

public IntPtr hStdInput; ///

/// /// If dwFlags specifies STARTF_USESTDHANDLES, this member is the standard output handle for the process. Otherwise, this /// member is ignored and the default for standard output is the console window's buffer. /// /// /// If a process is launched from the taskbar or jump list, the system sets hStdOutput to a handle to the monitor that /// contains the taskbar or jump list used to launch the process. For more information, see Remarks. /// /// /// Windows 7, Windows Server 2008 R2, Windows Vista, Windows Server 2008, Windows XP and Windows Server 2003: This /// behavior was introduced in Windows 8 and Windows Server 2012. /// ///

public IntPtr hStdOutput; ///

/// If dwFlags specifies STARTF_USESTDHANDLES, this member is the standard error handle for the process. Otherwise, this /// member is ignored and the default for standard error is the console window's buffer. ///

public IntPtr hStdError; ///

/// The x and y offset of the upper left corner of a window if a new window is created, in pixels. /// /// The offset is from the upper left corner of the screen. For GUI processes, the specified position is used the first time the /// new process calls CreateWindow to create an overlapped window if the x or y parameter of CreateWindow is CW_USEDEFAULT. /// ///

public System.Drawing.Point WindowPosition { get => new System.Drawing.Point((int)dwX, (int)dwY); set { dwX = (uint)value.X; dwY = (uint)value.Y; dwFlags = dwFlags.SetFlags(STARTF.STARTF_USEPOSITION, value != System.Drawing.Point.Empty); } } ///

/// /// This member can be any of the values that can be specified in the nCmdShow parameter for the ShowWindow function, /// except for SW_SHOWDEFAULT. /// /// /// For GUI processes, the first time ShowWindow is called, its nCmdShow parameter is ignored wShowWindow specifies /// the default value. In subsequent calls to ShowWindow, the wShowWindow member is used if the nCmdShow parameter /// of ShowWindow is set to SW_SHOWDEFAULT. /// ///

public ShowWindowCommand ShowWindowCommand { get => (ShowWindowCommand)wShowWindow; set { wShowWindow = (ushort)value; dwFlags = dwFlags.SetFlags(STARTF.STARTF_USESHOWWINDOW, value != 0); } } ///

/// The height of the window if a new window is created, in pixels. /// /// For GUI processes, this is used only the first time the new process calls CreateWindow to create an overlapped window /// if the nHeight or nWidth parameter of CreateWindow is CW_USEDEFAULT. /// ///

public SIZE WindowSize { get => new SIZE((int)dwXSize, (int)dwYSize); set { dwXSize = (uint)value.cx; dwYSize = (uint)value.cy; dwFlags = dwFlags.SetFlags(STARTF.STARTF_USESIZE, value != SIZE.Empty); } } ///

Gets the default value for this structure with the cb field set to the size of the structure.

public static STARTUPINFO Default => new STARTUPINFO { cb = (uint)Marshal.SizeOf(typeof(STARTUPINFO)) }; } ///

/// /// Specifies the window station, desktop, standard handles, and attributes for a new process. It is used with the CreateProcess and /// CreateProcessAsUser functions. /// ///

/// /// Be sure to set the cb member of the STARTUPINFO structure to . /// // https://docs.microsoft.com/en-us/windows/desktop/api/winbase/ns-winbase-_startupinfoexa typedef struct _STARTUPINFOEXA { // STARTUPINFOA StartupInfo; LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList; } STARTUPINFOEXA, *LPSTARTUPINFOEXA; [PInvokeData("winbase.h", MSDNShortId = "61203f57-292d-4ea1-88f4-a3b05012d7a3")] [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)] public struct STARTUPINFOEX { ///

/// A STARTUPINFO structure. ///

public STARTUPINFO StartupInfo; ///

/// An attribute list. This list is created by the InitializeProcThreadAttributeList function. ///

public IntPtr lpAttributeList; ///

Gets the default value for this structure with the cb field set to the size of the structure.

public static STARTUPINFOEX Default => new STARTUPINFOEX { StartupInfo = new STARTUPINFO { cb = (uint)Marshal.SizeOf(typeof(STARTUPINFOEX)) } }; } ///

/// /// This structure is returned by GetSystemCpuSetInformation. It is used to enumerate the CPU Sets on the system and determine /// their current state. /// /// /// This is a variable-sized structure designed for future expansion. When iterating over this structure, use the size field to /// determine the offset to the next structure. /// ///

// typedef struct _SYSTEM_CPU_SET_INFORMATION { DWORD Size; CPU_SET_INFORMATION_TYPE Type; union { struct { DWORD Id; WORD Group; // BYTE LogicalProcessorIndex; BYTE CoreIndex; BYTE LastLevelCacheIndex; BYTE NumaNodeIndex; BYTE EfficiencyClass; struct { BOOLEAN // Parked : 1; BOOLEAN Allocated : 1; BOOLEAN AllocatedToTargetProcess : 1; BOOLEAN RealTime : 1; BYTE ReservedFlags : 4; }; DWORD // Reserved; DWORD64 AllocationTag; } CpuSet; };} SYSTEM_CPU_SET_INFORMATION, *PSYSTEM_CPU_SET_INFORMATION;// https://msdn.microsoft.com/en-us/library/windows/desktop/mt186429(v=vs.85).aspx [PInvokeData("Winnt.h", MSDNShortId = "mt186429")] [StructLayout(LayoutKind.Sequential)] public struct SYSTEM_CPU_SET_INFORMATION { ///

This is the size, in bytes, of this information structure.

public uint Size; ///

/// This is the type of information in the structure. Applications should skip any structures with unrecognized types. ///

public CPU_SET_INFORMATION_TYPE Type; ///

Union of structures that can be specified by Type.

public SYSTEM_CPU_UNION Union; ///

Defines structures that can be specified by Type.

[StructLayout(LayoutKind.Explicit)] public struct SYSTEM_CPU_UNION { ///

Value used when Type is CpuSetInformation.

[FieldOffset(0)] public SYSTEM_CPU_SET_INFORMATION1 CpuSet; } } ///

Defines values used when Type is CpuSetInformation.

[StructLayout(LayoutKind.Sequential)] public struct SYSTEM_CPU_SET_INFORMATION1 { ///

/// The ID of the specified CPU Set. This identifier can be used with SetProcessDefaultCpuSets or SetThreadSelectedCpuSets when /// specifying a list of CPU Sets to affinitize to. ///

public uint Id; ///

/// Specifies the Processor Group of the CPU Set. All other values in the CpuSet structure are relative to the processor group. ///

public ushort Group; ///

/// Specifies the group-relative index of the home processor of the CPU Set. Unless the CPU Set is parked for thermal or power /// management reasons or assigned for exclusive use to another application, threads will run on the home processor of one of /// their CPU Sets. The Group and LogicalProcessorIndex fields are the same as the ones found in the PROCESSOR_NUMBER structure /// and they correspond to the Group field and Mask field of the GROUP_AFFINITY structure. ///

public byte LogicalProcessorIndex; ///

/// A group-relative value indicating which "Core" has the home processor of the CPU Set. This number is the same for all CPU /// Sets in the same group that share significant execution resources with each other, such as different hardware threads on a /// single core that supports simultaneous multi-threading. ///

public byte CoreIndex; ///

/// A group-relative value indicating which CPU Sets share at least one level of cache with each other. This value is the same /// for all CPU Sets in a group that are on processors that share cache with each other. ///

public byte LastLevelCacheIndex; ///

/// A group-relative value indicating which NUMA node a CPU Set is on. All CPU Sets in a given group that are on the same NUMA /// node will have the same value for this field. ///

public byte NumaNodeIndex; ///

/// A value indicating the intrinsic energy efficiency of a processor for systems that support heterogeneous processors (such as /// ARM big.LITTLE systems). CPU Sets with higher numerical values of this field have home processors that are faster but less /// power-efficient than ones with lower values. ///

public byte EfficiencyClass; ///

All flags

public SYSTEM_CPU_SET_FLAGS AllFlags; ///

Reserved

private readonly uint Reserved; ///

/// Specifies a tag used by Core Allocation to communicate a given allocated CPU Set between threads in different components. ///

public ulong AllocationTag; } ///

/// Specifies the throttling policies and how to apply them to a target thread when that thread is subject to power management. ///

// typedef struct _THREAD_POWER_THROTTLING_STATE { ULONG Version; ULONG ControlMask; ULONG StateMask;} THREAD_POWER_THROTTLING_STATE, // *PTHREAD_POWER_THROTTLING_STATE; https://msdn.microsoft.com/en-us/library/windows/desktop/mt804325(v=vs.85).aspx [PInvokeData("Processthreadsapi.h", MSDNShortId = "mt804325")] [StructLayout(LayoutKind.Sequential)] public struct THREAD_POWER_THROTTLING_STATE { ///

/// The version of the THREAD_POWER_THROTTLING_STATE structure. /// /// /// /// Value /// Meaning /// /// /// THREAD_POWER_THROTTLING_CURRENT_VERSION /// The current version. /// /// /// ///

public uint Version; ///

/// This field enables the caller to take control of the power throttling mechanism. /// /// /// /// Value /// Meaning /// /// /// THREAD_POWER_THROTTLING_EXECUTION_SPEED /// Manages the execution speed of the thread. /// /// /// ///

public uint ControlMask; ///

/// Manages the power throttling mechanism on/off state. /// /// /// /// Value /// Meaning /// /// /// THREAD_POWER_THROTTLING_EXECUTION_SPEED /// Manages the execution speed of the thread. /// /// /// ///

public uint StateMask; } ///

Provides a to a process that releases a created HPROCESS instance at disposal using CloseHandle.

public class SafeHPROCESS : SafeSyncHandle { ///

Initializes a new instance of the class and assigns an existing handle.

/// An object that represents the pre-existing handle to use. /// /// to reliably release the handle during the finalization phase; otherwise, (not recommended). /// public SafeHPROCESS(HPROCESS preexistingHandle, bool ownsHandle = true) : base((IntPtr)preexistingHandle, ownsHandle) { } private SafeHPROCESS() : base() { } ///

Gets a handle to the current process that can be used across processes.

/// The current process handle. public static SafeHPROCESS Current => new SafeHPROCESS(GetCurrentProcess().Duplicate()); ///

Represents a or invalid process.

public static SafeHPROCESS Null => new SafeHPROCESS(); ///

Performs an implicit conversion from to .

/// The safe handle instance. /// The result of the conversion. public static implicit operator HPROCESS(SafeHPROCESS h) => h.handle; } ///

Provides a to a thread that releases a created HTHREAD instance at disposal using CloseHandle.

public class SafeHTHREAD : SafeSyncHandle { ///

Initializes a new instance of the class and assigns an existing handle.

/// An object that represents the pre-existing handle to use. /// /// to reliably release the handle during the finalization phase; otherwise, (not recommended). /// public SafeHTHREAD(HTHREAD preexistingHandle, bool ownsHandle = true) : base((IntPtr)preexistingHandle, ownsHandle) { } private SafeHTHREAD() : base() { } ///

Gets a handle to the current thread that can be used across processes.

/// The current thread handle. public static SafeHTHREAD Current => new SafeHTHREAD(GetCurrentThread().Duplicate()); ///

Performs an implicit conversion from to .

/// The safe handle instance. /// The result of the conversion. public static implicit operator HTHREAD(SafeHTHREAD h) => h.handle; } ///

// typedef struct _PROCESS_INFORMATION { HANDLE hProcess; HANDLE hThread; DWORD dwProcessId; DWORD dwThreadId;} PROCESS_INFORMATION, // *LPPROCESS_INFORMATION; https://msdn.microsoft.com/en-us/library/windows/desktop/ms684873(v=vs.85).aspx [PInvokeData("WinBase.h", MSDNShortId = "ms684873")] public sealed class SafePROCESS_INFORMATION : IDisposable { ///

/// Initializes a new instance of the class. ///

/// The pi. public SafePROCESS_INFORMATION(in PROCESS_INFORMATION pi) { hProcess = new SafeHPROCESS(pi.hProcess); hThread = new SafeHTHREAD(pi.hThread); dwProcessId = pi.dwProcessId; dwThreadId = pi.dwThreadId; } ///

Initializes an empty instance of the class.

public SafePROCESS_INFORMATION() { hProcess = new SafeHPROCESS(IntPtr.Zero); hThread = new SafeHTHREAD(IntPtr.Zero); } ///

public uint dwProcessId { get; } ///

public uint dwThreadId { get; } ///

/// A handle to the newly created process. The handle is used to specify the process in all functions that perform operations on /// the process object. ///

public SafeHPROCESS hProcess { get; private set; } ///

/// A handle to the primary thread of the newly created process. The handle is used to specify the thread in all functions that /// perform operations on the thread object. ///

public SafeHTHREAD hThread { get; private set; } ///

Performs application-defined tasks associated with freeing, releasing, or resetting unmanaged resources.

void IDisposable.Dispose() { hProcess.Dispose(); hThread.Dispose(); } } } }