While trying to figure out why windbg was modifying the current directory in this structure under certain scenarios, I took note of the flags members and wondered if they were possibly based off of certain process creation flags. Sure enough, and this doesn't seem to be documented anywhere.
The flags member is at 0x8 in the RTL_USER_PROCESS_PARAMETERS structure. Note, it is it not the DebugFlags member.
If the process is started using either the DEBUG_PROCESS or DEBUG_ONLY_THIS_PROCESS flags with CreateProcess(), bit 14 of this value will not be set. If these flags aren't used then bit 14 of this value will be set.
Caesars Casino | Dr. Maryland
ReplyDeleteFind out why we are so impressed 안동 출장마사지 with the game variety at CaesarsCasino.com. choegocasino Don't 충청북도 출장마사지 miss out! 전라북도 출장안마 Our daily slot & casino offers tons 강릉 출장샵 of free