Проблема c RtlCreateUserProcess

Код (Text):

1. CSR_CREATE_PROCESS struct
2. ProcessHandle   HANDLE ?
3. ThreadHandle    HANDLE ?
4. ProcessId   HANDLE ?
5. ThreadId    HANDLE ?
6. CSR_CREATE_PROCESS ends
7. PCSR_CREATE_PROCESS typedef ptr CSR_CREATE_PROCESS
8.  
9. CSR_SERVICE_INFORMATION struct  ;Size=10h
10. CaptureBuffer   ULONG ?     ;PCSR_CAPTURE_HEADER
11. ServiceCode ULONG ?     ;+1Ch
12. Status      NTSTATUS ?  ;+20h
13. Reserved1   ULONG ?
14. CSR_SERVICE_INFORMATION ends
15. PCSR_SERVICE_INFORMATION typedef ptr CSR_SERVICE_INFORMATION
16.  
17. CSR_PORT_MESSAGE struct     ;Size=28h +
18. Header      PORT_MESSAGE <>
19. Service     CSR_SERVICE_INFORMATION <>  ;+18h
20. Information CSR_CREATE_PROCESS ?
21. CSR_PORT_MESSAGE ends
22. PCSR_PORT_MESSAGE typedef ptr CSR_PORT_MESSAGE
23.  
24. CsrpCreateProcess   equ 10000h
25.  
26. NotifySubsystem proc ProcessInformation:PRTL_PROCESS_INFORMATION
27. Local Message:CSR_PORT_MESSAGE
28.     mov eax,ProcessInformation
29.     assume eax:PRTL_PROCESS_INFORMATION
30.     push [eax].ProcessHandle
31.     push [eax].ThreadHandle
32.     push [eax].ProcessId
33.     push [eax].ThreadId
34.  
35.     pop Message.Information.ThreadId
36.     pop Message.Information.ProcessId
37.     pop Message.Information.ThreadHandle
38.     pop Message.Information.ProcessHandle
39.  
40.     invoke CsrClientCallServer, addr Message, NULL, CsrpCreateProcess, sizeof CSR_CREATE_PROCESS
41.     ret
42. NotifySubsystem endp

Так как там в коде q_q указываются нули подсистема возвращает STATUS_INVALID_PARAMETER в сообщении и соответственно из CsrClientCallServer().

 

Спасибо Господа