Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Forensics > Key Points for _RTL_PROCESS_PARAMETERS: > Flashcards

Key Points for _RTL_PROCESS_PARAMETERS: Flashcards

1
Q

_RTL_PROCESS_PARAMETERS -

StandardInput

A

The process’ standard input handle

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

_RTL_PROCESS_PARAMETERS - StandardOutput

A

The process’ standard output handle.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

_RTL_PROCESS_PARAMETERS - StandardError

A

The process’ standard error handle.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

_RTL_PROCESS_PARAMETERS - CurrentDirectory

A

The current working directory for the application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

_RTL_PROCESS_PARAMETERS - ImagePathName

A

The unicode full path on disk to the process executable(.exe). You often need to consult this value because the _EPROCESS.ImageFileName (printed by the pslist plugin) contains only the first 16 characters and it does not include Unicode.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

_RTL_PROCESS_PARAMETERS - CommandLine

A

The full command line, including all arguments, used to invoke the process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

_RTL_PROCESS_PARAMETERS - Environment

A

A pointer to the process’ environmental variables.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Forensics (17 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions