diff --git a/include/ntapi/nt_process.h b/include/ntapi/nt_process.h index 5430b46..2aef7ee 100644 --- a/include/ntapi/nt_process.h +++ b/include/ntapi/nt_process.h @@ -175,6 +175,9 @@ typedef enum _nt_process_create_info_class { /* nt_runtime_data_block flag bits */ #define NT_RUNTIME_DATA_DUPLICATE_SESSION_HANDLES (0x01) +/* nt_runtime_data flag bits */ +#define NT_RUNTIME_DATA_INTEGRAL_PROCESS (0x01) + /* runtime data convenience storage */ #define NT_RUNTIME_DATA_USER_PTRS (0x10) #define NT_RUNTIME_DATA_USER_INT32_SLOTS (0x10) @@ -439,6 +442,8 @@ typedef struct _nt_runtime_data { nt_cid cid_parent; nt_alt_cid alt_cid_self; nt_alt_cid alt_cid_parent; + uint32_t flags; + uint32_t reserved; void * himage; void * hroot; void * hcwd; diff --git a/src/process/ntapi_tt_get_runtime_data.c b/src/process/ntapi_tt_get_runtime_data.c index e5a7d55..5dc2366 100644 --- a/src/process/ntapi_tt_get_runtime_data.c +++ b/src/process/ntapi_tt_get_runtime_data.c @@ -69,6 +69,9 @@ int32_t __stdcall __ntapi_tt_get_runtime_data( sizeof(buffer),0))) return status; + /* update state */ + prtdata->flags |= NT_RUNTIME_DATA_INTEGRAL_PROCESS; + /* avoid confusion :-) */ process_params = ((nt_peb *)pe_get_peb_address())->process_params;