From ReactOS Wiki
Jump to: navigation, search

Amongst the functions involved in process creation there is also LdrQueryImageFileExecutionOptions that maintains trace of IFEO (Image File Execution Options) structure, this struct is located in Registry under the path HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\

The various possible values are:

  • Debugger
  • DisableHeapLookaside
  • ShutdownFlags
  • MinimumStackCommitInBytes
  • ExecuteOptions
  • GlobalFlag
  • DebugProcessHeapOnly
  • ApplicationGoo
  • RpcThreadPoolThrottle

GlobalFlag is used to modify NtGlobalFlag for processes of specific image.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\%SomeExeName%.exe]

Where instead of FLG_* should be integer value of ORed Global Flags defined in include\ndk\pstypes.h and in include\psdk\winternl.h