Re: Using ZwCreateProcess

AFAIK this is not defined in any DDK include file, it is an undocumented
call that will not do what you want. The steps to create a process involve
a lot of calls and the is no kernel equivalent of the user "CreateProcess"
call. While I have heard claims by people having done this in kernel, I
have never been able to find a working solution (most of the claims end up,
well we did these steps and it is obvious we could finish it).

By the way the executable is not specified in the OBJECT_ATTRIBUTES that is
for the attributes of the process object.

Now tell the group why you think you need this, and maybe we can suggest a
solution that works.

Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply

"Jon" <TheFakeJon@xxxxxxxxx> wrote in message

I am trying to call ZwCreateProcess defined in the Windows DDK, and I
was curious how I would go about using this to create a process. I
cannot find the parameter in which I provide the path to the executable
I would like to run. I am pretty certain though that I must fill the
struct. I am not sure which information must be provided though.