Add NtCreateProcessEx

process.go

@@ -222,6 +222,20 @@ typedef enum _THREAD_INFORMATION_CLASS {
 } THREAD_INFORMATION_CLASS;
 */
 
+/*
+func:
+NTSTATUS NtCreateProcessEx(
+    _Out_ PHANDLE     ProcessHandle,
+    _In_ ACCESS_MASK  DesiredAccess,
+    _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
+    _In_ HANDLE   ParentProcess,
+    _In_ ULONG    Flags,
+    _In_opt_ HANDLE SectionHandle,
+    _In_opt_ HANDLE DebugPort,
+    _In_opt_ HANDLE ExceptionPort,
+    _In_ BOOLEAN  InJob
+);
+*/
 const (
 	PROCESS_TERMINATE                 = 0x0001
 	PROCESS_CREATE_THREAD             = 0x0002

process_generated.go

@@ -110,6 +110,7 @@ var (
 	procNtQueryInformationThread  = modntdll.NewProc("NtQueryInformationThread")
 	procNtSetInformationThread    = modntdll.NewProc("NtSetInformationThread")
 	procNtSetInformationProcess   = modntdll.NewProc("NtSetInformationProcess")
+	procNtCreateProcessEx         = modntdll.NewProc("NtCreateProcessEx")
 )
 
 // Peb has been derived from the PEB struct definition.
@@ -249,3 +250,28 @@ func NtSetInformationProcess(
 		uintptr(ProcessInformationLength))
 	return NtStatus(r0)
 }
+
+// OUT-parameter: ProcessHandle.
+// *OPT-parameter: ObjectAttributes, SectionHandle, DebugPort, ExceptionPort.
+func NtCreateProcessEx(
+	ProcessHandle *Handle,
+	DesiredAccess AccessMask,
+	ObjectAttributes *ObjectAttributes,
+	ParentProcess Handle,
+	Flags uint32,
+	SectionHandle Handle,
+	DebugPort Handle,
+	ExceptionPort Handle,
+	InJob bool,
+) NtStatus {
+	r0, _, _ := procNtCreateProcessEx.Call(uintptr(unsafe.Pointer(ProcessHandle)),
+		uintptr(DesiredAccess),
+		uintptr(unsafe.Pointer(ObjectAttributes)),
+		uintptr(ParentProcess),
+		uintptr(Flags),
+		uintptr(SectionHandle),
+		uintptr(DebugPort),
+		uintptr(ExceptionPort),
+		fromBool(InJob))
+	return NtStatus(r0)
+}