Windows8でCreateProcess系の関数
1: 779b3848 @!"ntdll!RtlCreateProcessParametersEx" 2: 77985c74 @!"ntdll!NtCreateProcessEx" 3: 77985c88 @!"ntdll!NtCreateProcess" 4: 779a151c @!"ntdll!RtlpCreateProcessRegistryInfo" 3: 77985c88 @!"ntdll!ZwCreateProcess" 2: 77985c74 @!"ntdll!ZwCreateProcessEx" 5: 77a4d5e4 @!"ntdll!RtlCreateProcessReflection" 6: 77a4df27 @!"ntdll!RtlCreateProcessParameters" 40: 7509a1a3 @!"KERNELBASE!CreateProcessAsUserW" 49: 750765e3 @!"KERNELBASE!CreateProcessInternalW" 50: 75077ae8 @!"KERNELBASE!CreateProcessA" 51: 75074ba4 @!"KERNELBASE!CreateProcessW" 52: 7507791b @!"KERNELBASE!CreateProcessInternalA" 54: 75495855 @!"advapi32!SeclCreateProcessWithLogonW" 55: 754aa285 @!"advapi32!CreateProcessAsUserA" 56: 754953df @!"advapi32!CreateProcessWithTokenW" 57: 75495c2b @!"advapi32!CreateProcessWithLogonCommonW" 59: 754ab6b2 @!"advapi32!CreateProcessAsUserWStub" 60: 754b7869 @!"advapi32!CreateProcessWithLogonW" 62: 7549559a @!"advapi32!c_SeclCreateProcessWithLogonW" 63: 758558b2 @!"KERNEL32!CreateProcessWStub" 65: 758e67f4 @!"KERNEL32!CreateProcessInternalAStub" 67: 758e67e3 @!"KERNEL32!CreateProcessInternalWStub" 69: 75853165 @!"KERNEL32!CreateProcessAStub" 71: 758530f5 @!"KERNEL32!BasepReleaseSxsCreateProcessUtilityStruct" 72: 75900230 @!"KERNEL32!NtVdm64CreateProcessInternalW" 85: 758535cd @!"KERNEL32!CreateProcessAsUserWStub" 147: 7679b416 @!"SHELL32!CreateProcessWithImpersonation" 216: 764c9929 @!"SHELL32!SHCreateProcessAsUserW"
WinDbgでシンボル(*1)を当てて、「bm /a *!*CreateProcess*」でブレークポイントを張って、その中から必要そうなものだけ取り出した。bmはWINDBG AtoZ(*2)を参照。
他にももっとあるかな?
*1:http://msdn.microsoft.com/ja-jp/windows/hardware/gg463028.aspx
*2:https://docs.google.com/viewer?a=v&q=cache:kGY3m1Pk_ZMJ:www.windbg.info/download/doc/pdf/WinDbg_A_to_Z_mono_JP.pdf+&hl=ja&pid=bl&srcid=ADGEESiPk-90lrRRLyoJI-jQovTQvl_272QRbOvNNeZLTtMzRhYGXxbFh1GzhEzTcWhfCAB1wciwTiDnvzt3ZMiNYk6cwvO-6GN-NXqbYg21zLhjh-SOswshEzxip9fcvbgPk2QN1EGs&sig=AHIEtbRArxu1cpqCiS6kOn6UHDTOuITnvg
