[DllImport("ntdll.dll", SetLastError=true)]
static extern void ZwCreateThreadEx(ref IntPtr threadHandle, AccessMask desiredAccess, IntPtr objectAttributes, IntPtr processHandle, IntPtr startAddress, IntPtr parameter, bool inCreateSuspended, Int32 stackZeroBits, Int32 sizeOfStack, Int32 maximumStackSize, IntPtr attributeList);
[DllImport("ntdll.dll", SetLastError : true)]
def ZwCreateThreadEx(ref threadHandle as IntPtr, desiredAccess as AccessMask, objectAttributes as IntPtr, processHandle as IntPtr, startAddress as IntPtr, parameter as IntPtr, inCreateSuspended as bool, stackZeroBits as Int32, sizeOfStack as Int32, maximumStackSize as Int32, attributeList as IntPtr):
pass
enum AccessMask:
DELETE = 0x00010000
READ_CONTROL = 0x00020000
WRITE_DAC = 0x00040000
WRITE_OWNER = 0x00080000
SYNCHRONIZE = 0x00100000
STANDARD_RIGHTS_REQUIRED = 0x000F0000
STANDARD_RIGHTS_READ = 0x00020000
STANDARD_RIGHTS_WRITE = 0x00020000
STANDARD_RIGHTS_EXECUTE = 0x00020000
STANDARD_RIGHTS_ALL = 0x001F0000
SPECIFIC_RIGHTS_ALL = 0x0000FFFF
ACCESS_SYSTEM_SECURITY = 0x01000000
MAXIMUM_ALLOWED = 0x02000000
GENERIC_READ = 0x80000000
GENERIC_WRITE = 0x40000000
GENERIC_EXECUTE = 0x20000000
GENERIC_ALL = 0x10000000
DESKTOP_READOBJECTS = 0x00000001
DESKTOP_CREATEWINDOW = 0x00000002
DESKTOP_CREATEMENU = 0x00000004
DESKTOP_HOOKCONTROL = 0x00000008
DESKTOP_JOURNALRECORD = 0x00000010
DESKTOP_JOURNALPLAYBACK = 0x00000020
DESKTOP_ENUMERATE = 0x00000040
DESKTOP_WRITEOBJECTS = 0x00000080
DESKTOP_SWITCHDESKTOP = 0x00000100
WINSTA_ENUMDESKTOPS = 0x00000001
WINSTA_READATTRIBUTES = 0x00000002
WINSTA_ACCESSCLIPBOARD = 0x00000004
WINSTA_CREATEDESKTOP = 0x00000008
WINSTA_WRITEATTRIBUTES = 0x00000010
WINSTA_ACCESSGLOBALATOMS = 0x00000020
WINSTA_EXITWINDOWS = 0x00000040
WINSTA_ENUMERATE = 0x00000100
WINSTA_READSCREEN = 0x00000200
WINSTA_ALL_ACCESS = 0x0000037F
Do you know one? Please contribute it!
None.
Please add some!
Please add some!