RtlCreateUserProcess - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
#ifndef _NTRTL_H

// private
NTSYSAPI
NTSTATUS
NTAPI
RtlCreateUserProcess(
    _In_ PUNICODE_STRING NtImagePathName,
    _In_ ULONG AttributesDeprecated,
    _In_ PRTL_USER_PROCESS_PARAMETERS ProcessParameters,
    _In_opt_ PSECURITY_DESCRIPTOR ProcessSecurityDescriptor,
    _In_opt_ PSECURITY_DESCRIPTOR ThreadSecurityDescriptor,
    _In_opt_ HANDLE ParentProcess,
    _In_ BOOLEAN InheritHandles,
    _In_opt_ HANDLE DebugPort,
    _In_opt_ HANDLE TokenHandle, // used to be ExceptionPort
    _Out_ PRTL_USER_PROCESS_INFORMATION ProcessInformation
    );

#endif

View code on GitHub

ImagePath

Full path to executable image, in NT format (ex: "\??\C:\WinNT\SYSTEM32\cmd.exe").

ObjectAttributes

Used in File object creation. Valid are OBJ_INHERIT and OBJ_CASE_INSENSITIVE.

ProcessParameters

Normalized RTL_USER_PROCESS_PARAMETERS structure pointer. See RtlCreateProcessParameters for more information.

ParentProcess

Handle to object Process, opened with PROCESS_CREATE_PROCESS access.

ProcessInformation

Pointer to user-allocated structure RTL_USER_PROCESS_INFORMATION.

Documented by

See also

Edit description on GitHub