Public Member Functions
BLACKBONE_API NTSTATUS	Attach (DWORD pid, DWORD access=DEFAULT_ACCESS_P)
	Attach to existing process More...

BLACKBONE_API NTSTATUS	Attach (HANDLE hProc)
	Attach to existing process More...

BLACKBONE_API NTSTATUS	CreateAndAttach (const std::wstring &path, bool suspended=false, bool forceInit=true, const std::wstring &cmdLine=L"", const wchar_t currentDir=nullptr, STARTUPINFOW pStartup=nullptr)
	Create new process and attach to it More...

BLACKBONE_API NTSTATUS	Detach ()
	Detach form current process, if any More...

BLACKBONE_API DWORD	pid () const
	Get process ID More...

BLACKBONE_API bool	valid ()
	Checks if process still exists More...

BLACKBONE_API NTSTATUS	Terminate (uint32_t code=0)
	Terminate process More...

BLACKBONE_API ProcessCore &	core ()

BLACKBONE_API ProcessMemory &	memory ()

BLACKBONE_API ProcessModules &	modules ()

BLACKBONE_API ProcessThreads &	threads ()

BLACKBONE_API RemoteHook &	hooks ()

BLACKBONE_API RemoteExec &	remote ()

BLACKBONE_API MMap &	mmap ()

BLACKBONE_API NtLdr &	nativeLdr ()

Static Public Member Functions
static BLACKBONE_API void	EnumByName (const std::wstring &name, std::vector< DWORD > &found)
	Search for process by executable name More...

static BLACKBONE_API NTSTATUS	EnumByNameOrPID (uint32_t pid, const std::wstring &name, std::vector< ProcessInfo > &found, bool includeThreads=false)
	Search for process by executable name or by process ID More...

Member Function Documentation

NTSTATUS blackbone::Process::Attach	(	DWORD	pid,
		DWORD	access = `DEFAULT_ACCESS_P`
	)

Attach to existing process

Parameters

pid	Process ID
access	Access mask

Returns: Status code

NTSTATUS blackbone::Process::Attach ( HANDLE hProc )

Attach to existing process

Parameters

pid	Process handle

Returns: Status code

NTSTATUS blackbone::Process::CreateAndAttach	(	const std::wstring &	path,
		bool	suspended = `false`,
		bool	forceInit = `true`,
		const std::wstring &	cmdLine = `L""`,
		const wchar_t *	currentDir = `nullptr`,
		STARTUPINFOW *	pStartup = `nullptr`
	)

Create new process and attach to it

Parameters

path	Executable path
suspended	Leave process in suspended state. To resume process one should resume its main thread
forceInit	If 'suspended' is true, this flag will enforce process initialization via second thread
cmdLine	Process command line
currentDir	Startup directory
pStartup	Additional startup params

Returns: Status code

NTSTATUS blackbone::Process::Detach ( )

Detach form current process, if any

Returns: Status code

void blackbone::Process::EnumByName	(	const std::wstring &	name,
		std::vector< DWORD > &	found
	)

static

Search for process by executable name

Parameters

name	Process name. If empty - function will retrieve all existing processes
found	Found processses

NTSTATUS blackbone::Process::EnumByNameOrPID	(	uint32_t	pid,
		const std::wstring &	name,
		std::vector< ProcessInfo > &	found,
		bool	includeThreads = `false`
	)

static

Search for process by executable name or by process ID

Parameters

pid	Target process ID. rocess name. If empty - function will retrieve all existing processes
name	Process executable name. If empty - function will retrieve all existing processes
found	Found processses
includeThreads	If set to true, function will retrieve info ablout process threads

Returns: Status code

BLACKBONE_API DWORD blackbone::Process::pid ( ) const

inline

Get process ID

Returns: Process ID

NTSTATUS blackbone::Process::Terminate ( uint32_t code = 0 )

Terminate process

Parameters

code Exit code

Returns: Stratus code

bool blackbone::Process::valid ( )

Checks if process still exists

Returns: true if process is valid and exists

Returns

The documentation for this class was generated from the following files:

C:/Users/Ton/Documents/Visual Studio 2013/Projects/BlackBone/src/BlackBone/Process/Process.h
C:/Users/Ton/Documents/Visual Studio 2013/Projects/BlackBone/src/BlackBone/Process/Process.cpp

Public Member Functions

Static Public Member Functions

Member Function Documentation