def CreateRemoteThread()

in functions/kernel32.py [0:0]

• 28 lines of code
• 6 McCabe index (conditional complexity)

    def CreateRemoteThread(self, is_return=False):
        if is_return:
            lpThreadIdAddr = funcutils.get_func_args(6, self.is_64bit)
            if lpThreadIdAddr != 0:
                thread_id = idc.get_wide_dword(lpThreadIdAddr)
                return f"{hex(funcutils.get_result(self.is_64bit))} -> HANDLE, tid = {hex(thread_id)}"
            return f"{hex(funcutils.get_result(self.is_64bit))} -> HANDLE"

        # 获取参数
        hProcess = funcutils.get_func_args(1, self.is_64bit)
        lpThreadAttributes = funcutils.get_func_args(2, self.is_64bit)
        dwStackSize = funcutils.get_func_args(3, self.is_64bit)
        lpStartAddress = funcutils.get_func_args(4, self.is_64bit)
        lpParameter = funcutils.get_func_args(5, self.is_64bit)
        dwCreationFlags = funcutils.get_func_args(6, self.is_64bit)
        lpThreadId = funcutils.get_func_args(7, self.is_64bit)

        # 解析 dwCreationFlags 标志
        creation_flags_descr = []
        if dwCreationFlags & 0x00000004:  # CREATE_SUSPENDED
            creation_flags_descr.append("CREATE_SUSPENDED")
        if dwCreationFlags & 0x00010000:  # STACK_SIZE_PARAM_IS_A_RESERVATION
            creation_flags_descr.append("STACK_SIZE_PARAM_IS_A_RESERVATION")

        creation_flags_str = '|'.join(creation_flags_descr) if creation_flags_descr else '0'

        _debug_info = (f"hProcess={hex(hProcess)}, "
                    f"lpThreadAttributes={hex(lpThreadAttributes)}, "
                    f"dwStackSize={dwStackSize}, "
                    f"lpStartAddress={hex(lpStartAddress)}, "
                    f"lpParameter={hex(lpParameter)}, "
                    f"dwCreationFlags={creation_flags_str}, "
                    f"lpThreadId={hex(lpThreadId)}) = ")

        return _debug_info