From 95cd480a8ab49f82a28c4675ed90bcb5d6521be8 Mon Sep 17 00:00:00 2001
From: midipix <writeonce@midipix.org>
Date: Aug 22 2016 12:59:55 +0000
Subject: struct _nt_runtime_data: added parent process daemon identification data.


---

diff --git a/include/ntapi/nt_process.h b/include/ntapi/nt_process.h
index e03dec0..d594a27 100644
--- a/include/ntapi/nt_process.h
+++ b/include/ntapi/nt_process.h
@@ -466,6 +466,10 @@ typedef struct _nt_runtime_data {
 	int32_t		grp_type;
 	int32_t		grp_subtype;
 	uint32_t	grp_keys[6];
+	nt_guid		ppid_guid;
+	int32_t		ppid_type;
+	int32_t		ppid_subtype;
+	uint32_t	ppid_keys[6];
 	int32_t		stdin_type;
 	int32_t		stdout_type;
 	int32_t		stderr_type;