Add callback for NtProcess creation.

Author: tyranid

NtApiDotNet/CreateUserProcess.cs

@@ -307,7 +307,7 @@ public CreateUserProcessResult Start(string image_path)
             if (image_path == null)
                 throw new ArgumentNullException("image_path");
 
-            using (var process_params = SafeProcessParametersHandle.Create(ConfigImagePath ?? image_path, DllPath, CurrentDirectory,
+            using (var process_params = SafeProcessParametersBuffer.Create(ConfigImagePath ?? image_path, DllPath, CurrentDirectory,
                   CommandLine, Environment, WindowTitle, DesktopInfo, ShellInfo, RuntimeData, CreateProcessParametersFlags.Normalize))
             {
                 using (var attrs = new DisposableList<ProcessAttribute>())

NtApiDotNet/NtApiDotNet.csproj

@@ -71,7 +71,7 @@
     <Compile Include="SafeArrayBuffer.cs" />
     <Compile Include="SafeHandleListHandle.cs" />
     <Compile Include="SafeIoStatusBuffer.cs" />
-    <Compile Include="SafeProcessParametersHandle.cs" />
+    <Compile Include="SafeProcessParametersBuffer.cs" />
     <Compile Include="SafeStringBuffer.cs" />
     <Compile Include="SidIdentifierAuthority.cs" />
     <Compile Include="Utilities\Memory\CrossBitnessProcessMemoryReader.cs" />

NtApiDotNet/NtProcess.cs

@@ -122,16 +122,20 @@ private static NtProcessCreateResult Create(NtProcessCreateConfig config, string
         {
             using (var dispose = new DisposableList())
             {
-                var process_params = SafeProcessParametersHandle.Null;
+                var process_params = SafeProcessParametersBuffer.Null;
                 if (!fork)
                 {
-                    var result = dispose.AddResource(SafeProcessParametersHandle.Create(config.ConfigImagePath ?? image_path,
+                    var result = dispose.AddResource(SafeProcessParametersBuffer.Create(config.ConfigImagePath ?? image_path,
                         config.DllPath, config.CurrentDirectory, config.CommandLine, config.Environment,
                         config.WindowTitle, config.DesktopInfo, config.ShellInfo, config.RuntimeData,
                         CreateProcessParametersFlags.Normalize, throw_on_error));
                     if (!result.IsSuccess)
                         return new NtProcessCreateResult(result.Status);
                     process_params = result.Result;
+                    if (config.ProcessParametersCallback != null)
+                    {
+                        process_params = config.ProcessParametersCallback(process_params, dispose);
+                    }
                 }
 
                 ProcessCreateInfo create_info = dispose.AddResource(new ProcessCreateInfo());

NtApiDotNet/NtProcessCreateConfig.cs

@@ -12,6 +12,7 @@
 //  See the License for the specific language governing permissions and
 //  limitations under the License.
 
+using System;
 using System.Collections.Generic;
 
 namespace NtApiDotNet
@@ -157,6 +158,11 @@ public sealed class NtProcessCreateConfig
         /// Capture additional information when NtProcess.Create returns.
         /// </summary>
         public bool CaptureAdditionalInformation { get; set; }
+
+        /// <summary>
+        /// Specify callback to update process parameters.
+        /// </summary>
+        public Func<SafeProcessParametersBuffer, DisposableList, SafeProcessParametersBuffer> ProcessParametersCallback { get; set; }
         #endregion
 
         #region Public Methods

…ApiDotNet/SafeProcessParametersHandle.cs …ApiDotNet/SafeProcessParametersBuffer.csNtApiDotNet/SafeProcessParametersHandle.cs renamed to NtApiDotNet/SafeProcessParametersBuffer.cs NtApiDotNet/SafeProcessParametersHandle.cs renamed to NtApiDotNet/SafeProcessParametersBuffer.cs

@@ -12,27 +12,26 @@
 //  See the License for the specific language governing permissions and
 //  limitations under the License.
 
-using Microsoft.Win32.SafeHandles;
 using System;
+using System.Runtime.InteropServices;
 
 namespace NtApiDotNet
 {
 #pragma warning disable 1591
-
-    public sealed class SafeProcessParametersHandle : SafeHandleZeroOrMinusOneIsInvalid
+    public sealed class SafeProcessParametersBuffer : SafeBuffer
     {
-        public SafeProcessParametersHandle(IntPtr proc_params, bool owns_handle) : base(owns_handle)
+        public SafeProcessParametersBuffer(IntPtr proc_params, bool owns_handle) : base(owns_handle)
         {
             SetHandle(proc_params);
+            uint size = 0;
+            if (proc_params != IntPtr.Zero)
+                size = (uint)Marshal.ReadInt32(proc_params);
+            Initialize(size);
         }
 
-        public SafeProcessParametersHandle() : base(true)
-        {
-        }
-
-        public static SafeProcessParametersHandle Null
+        public static SafeProcessParametersBuffer Null
         {
-            get => new SafeProcessParametersHandle(IntPtr.Zero, false);
+            get => new SafeProcessParametersBuffer(IntPtr.Zero, false);
         }
 
         protected override bool ReleaseHandle()
@@ -50,7 +49,7 @@ private static UnicodeString GetString(string s)
             return s != null ? new UnicodeString(s) : null;
         }
 
-        public static NtResult<SafeProcessParametersHandle> Create(
+        public static NtResult<SafeProcessParametersBuffer> Create(
                 string image_path_name,
                 string dll_path,
                 string current_directory,
@@ -65,10 +64,10 @@ public static NtResult<SafeProcessParametersHandle> Create(
         {
             return NtRtl.RtlCreateProcessParametersEx(out IntPtr ret, GetString(image_path_name), GetString(dll_path), GetString(current_directory),
               GetString(command_line), environment, GetString(window_title), GetString(desktop_info), GetString(shell_info),
-              GetString(runtime_data), flags).CreateResult(throw_on_error, () => new SafeProcessParametersHandle(ret, true));
+              GetString(runtime_data), flags).CreateResult(throw_on_error, () => new SafeProcessParametersBuffer(ret, true));
         }
 
-        public static SafeProcessParametersHandle Create(
+        public static SafeProcessParametersBuffer Create(
                 string image_path_name,
                 string dll_path,
                 string current_directory,