PS_ATTRIBUTE_NUM - NtDoc
Native API online documentation, based on the System Informer
(formerly Process Hacker) phnt
headers
#ifndef _NTPSAPI_H
// User processes and threads
#if (PHNT_MODE != PHNT_MODE_KERNEL)
// Attributes (Native)
// private
typedef enum _PS_ATTRIBUTE_NUM
{
PsAttributeParentProcess, // in HANDLE
PsAttributeDebugObject, // in HANDLE
PsAttributeToken, // in HANDLE
PsAttributeClientId, // out PCLIENT_ID
PsAttributeTebAddress, // out PTEB *
PsAttributeImageName, // in PWSTR
PsAttributeImageInfo, // out PSECTION_IMAGE_INFORMATION
PsAttributeMemoryReserve, // in PPS_MEMORY_RESERVE
PsAttributePriorityClass, // in UCHAR
PsAttributeErrorMode, // in ULONG
PsAttributeStdHandleInfo, // 10, in PPS_STD_HANDLE_INFO
PsAttributeHandleList, // in HANDLE[]
PsAttributeGroupAffinity, // in PGROUP_AFFINITY
PsAttributePreferredNode, // in PUSHORT
PsAttributeIdealProcessor, // in PPROCESSOR_NUMBER
PsAttributeUmsThread, // ? in PUMS_CREATE_THREAD_ATTRIBUTES
PsAttributeMitigationOptions, // in PPS_MITIGATION_OPTIONS_MAP (PROCESS_CREATION_MITIGATION_POLICY_*) // since WIN8
PsAttributeProtectionLevel, // in PS_PROTECTION // since WINBLUE
PsAttributeSecureProcess, // in PPS_TRUSTLET_CREATE_ATTRIBUTES, since THRESHOLD
PsAttributeJobList, // in HANDLE[]
PsAttributeChildProcessPolicy, // 20, in PULONG (PROCESS_CREATION_CHILD_PROCESS_*) // since THRESHOLD2
PsAttributeAllApplicationPackagesPolicy, // in PULONG (PROCESS_CREATION_ALL_APPLICATION_PACKAGES_*) // since REDSTONE
PsAttributeWin32kFilter, // in PWIN32K_SYSCALL_FILTER
PsAttributeSafeOpenPromptOriginClaim, // in SE_SAFE_OPEN_PROMPT_RESULTS
PsAttributeBnoIsolation, // in PPS_BNO_ISOLATION_PARAMETERS // since REDSTONE2
PsAttributeDesktopAppPolicy, // in PULONG (PROCESS_CREATION_DESKTOP_APP_*)
PsAttributeChpe, // in BOOLEAN // since REDSTONE3
PsAttributeMitigationAuditOptions, // in PPS_MITIGATION_AUDIT_OPTIONS_MAP (PROCESS_CREATION_MITIGATION_AUDIT_POLICY_*) // since 21H1
PsAttributeMachineType, // in USHORT // since 21H2
PsAttributeComponentFilter,
PsAttributeEnableOptionalXStateFeatures, // since WIN11
PsAttributeMax
} PS_ATTRIBUTE_NUM;
View code on GitHubThis enumeration defines indexes for process and thread creation attributes. The PsAttributeValue macro is used convert them into usable attribute values.
PS_ATTRIBUTE_PARENT_PROCESS - specifies the handle to the parent process during process creation.PS_ATTRIBUTE_DEBUG_OBJECT - specifies the handle to the debug object to attach to the new process.PS_ATTRIBUTE_TOKEN - specifies the token to the use as the primary token of the new process.PS_ATTRIBUTE_CLIENT_ID - allows retrieving the client ID of the new/initial thread.PS_ATTRIBUTE_TEB_ADDRESS - allows retrieving the TEB address of the new/initial thread.PS_ATTRIBUTE_IMAGE_NAME - provides an NT filename of the executable image to use for the new process.PS_ATTRIBUTE_IMAGE_INFO - allows retrieving information about the executable image used during process creation.PS_ATTRIBUTE_MEMORY_RESERVEPS_ATTRIBUTE_PRIORITY_CLASSPS_ATTRIBUTE_ERROR_MODE - sets the default error mode for the process.PS_ATTRIBUTE_STD_HANDLE_INFO - specifies which standard (console) handles to inherit in the new process.PS_ATTRIBUTE_HANDLE_LIST - indicates a subset of inheritable handles to be inherited by the new process.PS_ATTRIBUTE_GROUP_AFFINITYPS_ATTRIBUTE_PREFERRED_NODEPS_ATTRIBUTE_IDEAL_PROCESSOR - allows specifying the ideal processor for new thread.PS_ATTRIBUTE_UMS_THREAD - controls user-mode thread scheduling.PS_ATTRIBUTE_MITIGATION_OPTIONS - controls which mitigation policies should be applied to the new process.PS_ATTRIBUTE_PROTECTION_LEVEL - specifies which the protection level to use when creating protected/PPL processes.PS_ATTRIBUTE_SECURE_PROCESSPS_ATTRIBUTE_JOB_LIST - specifies the list of handles to job objects to put the new process into.PS_ATTRIBUTE_CHILD_PROCESS_POLICY - specifies whether the new process should be allowed to create child processes.PS_ATTRIBUTE_ALL_APPLICATION_PACKAGES_POLICY - specifies whether the new process should run in LPAC sandbox.PS_ATTRIBUTE_WIN32K_FILTERPS_ATTRIBUTE_SAFE_OPEN_PROMPT_ORIGIN_CLAIM - specifies safe origin claims; used by SmartScreen.PS_ATTRIBUTE_BNO_ISOLATION - controls BNO isolation for the new process.PS_ATTRIBUTE_DESKTOP_APP_POLICYPS_ATTRIBUTE_CHPE - controls CHPE settings on ARM machines.PS_ATTRIBUTE_MITIGATION_AUDIT_OPTIONSPS_ATTRIBUTE_MACHINE_TYPEPS_ATTRIBUTE_COMPONENT_FILTERPS_ATTRIBUTE_ENABLE_OPTIONAL_XSTATE_FEATURES - controls extended thread context features.Check the corresponding pages for more details.