From ReactOS Wiki
Revision as of 11:43, 5 February 2011 by Mna. (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Amongst the functions involved in process creation there is also LdrQueryImageFileExecutionOptions that maintains trace of IFEO (Image File Execution Options) structure, this struct is located in Registry under the path HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\

The various possible values are:

  • Debugger
  • DisableHeapLookaside
  • ShutdownFlags
  • MinimumStackCommitInBytes
  • ExecuteOptions
  • GlobalFlag
  • DebugProcessHeapOnly
  • ApplicationGoo
  • RpcThreadPoolThrottle

GlobalFlag is used to modify NtGlobalFlag for processes of specific image.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\%SomeExeName%.exe]

Where instead of FLG_* should be integer value of ORed Global Flags defined in include\ndk\pstypes.h and in include\psdk\winternl.h