RTL_USER_PROCESS_PARAMETERS - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
#ifndef _NTRTL_H

typedef struct _RTL_USER_PROCESS_PARAMETERS
{
    ULONG MaximumLength;
    ULONG Length;

    ULONG Flags;
    ULONG DebugFlags;

    HANDLE ConsoleHandle;
    ULONG ConsoleFlags;
    HANDLE StandardInput;
    HANDLE StandardOutput;
    HANDLE StandardError;

    CURDIR CurrentDirectory;
    UNICODE_STRING DllPath;
    UNICODE_STRING ImagePathName;
    UNICODE_STRING CommandLine;
    PVOID Environment;

    ULONG StartingX;
    ULONG StartingY;
    ULONG CountX;
    ULONG CountY;
    ULONG CountCharsX;
    ULONG CountCharsY;
    ULONG FillAttribute;

    ULONG WindowFlags;
    ULONG ShowWindowFlags;
    UNICODE_STRING WindowTitle;
    UNICODE_STRING DesktopInfo;
    UNICODE_STRING ShellInfo;
    UNICODE_STRING RuntimeData;
    RTL_DRIVE_LETTER_CURDIR CurrentDirectories[RTL_MAX_DRIVE_LETTERS];

    ULONG_PTR EnvironmentSize;
    ULONG_PTR EnvironmentVersion;

    PVOID PackageDependencyData;
    ULONG ProcessGroupId;
    ULONG LoaderThreads;

    UNICODE_STRING RedirectionDllName; // REDSTONE4
    UNICODE_STRING HeapPartitionName; // 19H1
    ULONG_PTR DefaultThreadpoolCpuSetMasks;
    ULONG DefaultThreadpoolCpuSetMaskCount;
    ULONG DefaultThreadpoolThreadMaximum;
    ULONG HeapMemoryTypeMask; // WIN11
} RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS;

#endif

View code on GitHub

This structure is documented in Windows SDK.

MaximumLength

Should be set before call RtlCreateProcessParameters.

Length

Length of valid structure.

Flags

Currently only one flag is known:

PPF_NORMALIZED  (1)     // Means that structure is normalized by call RtlNormalizeProcessParams

DebugFlags

ConsoleHandle

HWND to console window associated with process (if any).

ConsoleFlags

StdInputHandle

StdOutputHandle

StdErrorHandle

CurrentDirectoryPath

Specified in DOS-like symbolic link path, ex: "C:\WinNT\SYSTEM32"

CurrentDirectoryHandle

Handle to FILE object.

DllPath

DOS-like paths separated by ';' where system should search for DLL files.

ImagePathName

Full path in DOS-like format to process'es file image.

CommandLine

Command line.

Environment

Pointer to environment block (see RtlCreateEnvironment).

StartingPositionLeft

StartingPositionTop

Width

Height

CharWidth

CharHeight

ConsoleTextAttributes

WindowFlags

ShowWindowFlags

WindowTitle

DesktopName

Name of WindowStation and Desktop objects, where process is assigned.

ShellInfo

RuntimeData

DLCurrentDirectory[0x20]

???

RTL_USER_PROCESS_PARAMETERS is located at address 0x20000 (for all processes created by call WIN32 API CreateProcess).

Documented by

See also

Edit description on GitHub