Home Library Learn Downloads Support Community
Sign in | United States - English | |
This topic has not yet been rated - Rate this topic

PS_CREATE_NOTIFY_INFO structure

The PS_CREATE_NOTIFY_INFO structure provides information about a newly created process.

Syntax

Copy 
typedef struct _PS_CREATE_NOTIFY_INFO {
  SIZE_T              Size;
  union {
    ULONG  Flags;
    struct {
      ULONG FileOpenNameAvailable  :1;
      ULONG Reserved  :31;
    };
  };
  HANDLE              ParentProcessId;
  CLIENT_ID           CreatingThreadId;
  struct _FILE_OBJECT  *FileObject;
  PCUNICODE_STRING    ImageFileName;
  PCUNICODE_STRING    CommandLine;
  NTSTATUS            CreationStatus;
} PS_CREATE_NOTIFY_INFO, *PPS_CREATE_NOTIFY_INFO;

Members

Size

The size, in bytes, of this structure. The operating system uses this size to indicate the type of structure that it passes to CreateProcessNotifyEx. Currently, this member is always sizeof(PS_CREATE_NOTIFY_INFO).

Flags

Reserved. Use the FileOpenNameAvailable member instead.

FileOpenNameAvailable

A Boolean value that specifies whether the ImageFileName member contains the exact file name that is used to open the process executable file.

Reserved

Reserved for system use.

ParentProcessId

The process ID of the parent process for the new process. Note that the parent process is not necessarily the same process as the process that created the new process. The new process can inherit certain properties of the parent process, such as handles or shared memory. (The process ID of the process creator is given by CreatingThreadId->UniqueProcess.)

CreatingThreadId

The process ID and thread ID of the process and thread that created the new process. CreatingThreadId->UniqueProcess contains the process ID, and CreatingThreadId->UniqueThread contains the thread ID.

FileObject

A pointer to the file object for the process executable file.

ImageFileName

A pointer to a UNICODE_STRING string that holds the file name of the executable. If the FileOpenNameAvailable member is TRUE, the string specifies the exact file name that is used to open the executable file. If FileOpenNameAvailable is FALSE, the operating system might provide only a partial name.

CommandLine

A pointer to a UNICODE_STRING string that holds the command that is used to execute the process. If the command is not available, CommandLine is NULL.

CreationStatus

The NTSTATUS value to return for the process-creation operation. Drivers can change this value to an error code to prevent the process from being created.

Requirements

Version

Available in Windows Vista and later versions of the Windows operating system.

Header
Ntddk.h (include Ntddk.h)

See also

CreateProcessNotifyEx
PsSetCreateProcessNotifyRoutineEx
UNICODE_STRING

 

 

Send comments about this topic to Microsoft

Build date: 4/2/2012

Did you find this helpful?
(1500 characters remaining)