I wanna get some information regarding the usage of this function. I hope someone can help me out because its not documented at all from what I found. The question may rise up why I don't use PssCaptureSnapshot which can fullfill a similar job. It has todo with security reasons why I want to use RtlCreateProcessReflection instead of PssCaptureSnapshot.
RtlCreateProcessReflection((HANDLE process_handle, ULONG flags, PVOID start_routine,
PVOID start_context, HANDLE event_handle, PRTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION reflection_information));
It is self explanatory for myself what most of the arguments are there for but, the exception is with flags, start_routine, start_context, event_handle. I can imagine what start_routine would be but still I can't wrap my hand around those or what flags the argument "flags" would actually take.
I hope someone can help me out. Thanks for reading.
Aucun commentaire:
Enregistrer un commentaire