Monday, August 3, 2009

Process Creation API Functions Path (XP)


NTSTATUS: STATUS_CREATE_PROCESS_NT51


Following up on the previous post on the Win32 API's process creation functions in Windows Vista SP1, now let's take a look at how it was in Windows XP SP2.

Following are the process creation functions available in the Win32 API:

kernel32.dll:
  • CreateProcessA()
  • CreateProcessW()
  • CreateProcessInternalA()
  • CreateProcessInternalW()
  • CreateProcessInternalWSecure()

advapi32.dll:
  • CreateProcessAsUserA()
  • CreateProcessAsUserW()
  • CreateProcessWithLogonW()
  • CreateProcessAsUserSecure()

Of note are CreateProcessInternalWSecure() and CreateProcessAsUserSecure(). These two functions do absolutely nothing. They just return zero. It's also worth noting that these two functions do not appear in Windows Vista. I suppose as a joke, it means that there is no secure way to create processes in Windows XP! GYAHAHA!!!

Below is a diagram that shows how these functions are related to each other, with the exception of
CreateProcessWithLogonW():



Win32 API Process Creation Functions


The general workings of these functions are the same as they were described in the previous post for Windows Vista.


No comments:

Post a Comment