Support extended variant of ProcessBasicInformation

2026-01-27 07:11:01 +00:00 · 2025-12-24 12:57:14 +03:00
parent e3efcb9186
commit 8438a1f456
2 changed files with 45 additions and 6 deletions
--- a/src/common/platform/kernel_mapped.hpp
+++ b/src/common/platform/kernel_mapped.hpp
@@ -1640,6 +1640,29 @@ typedef struct _PROCESS_BASIC_INFORMATION64
    EMULATOR_CAST(std::uint64_t, HANDLE) InheritedFromUniqueProcessId;
 } PROCESS_BASIC_INFORMATION64, *PPROCESS_BASIC_INFORMATION64;

+typedef struct _PROCESS_EXTENDED_BASIC_INFORMATION
+{
+    EMULATOR_CAST(std::uint64_t, SIZE_T) Size; // Ignored as input, written with structure size on output
+    PROCESS_BASIC_INFORMATION64 BasicInfo;
+    union
+    {
+        ULONG Flags;
+        struct
+        {
+            ULONG IsProtectedProcess : 1;
+            ULONG IsWow64Process : 1;
+            ULONG IsProcessDeleting : 1;
+            ULONG IsCrossSessionCreate : 1;
+            ULONG IsFrozen : 1;
+            ULONG IsBackground : 1;
+            ULONG IsStronglyNamed : 1;
+            ULONG IsSecureProcess : 1;
+            ULONG IsSubsystemProcess : 1;
+            ULONG SpareBits : 23;
+        };
+    };
+} PROCESS_EXTENDED_BASIC_INFORMATION, *PPROCESS_EXTENDED_BASIC_INFORMATION;
+
 typedef struct _KERNEL_USER_TIMES
 {
    LARGE_INTEGER CreateTime;