def CreateProcessW()

in functions/kernel32.py [0:0]

• 57 lines of code
• 17 McCabe index (conditional complexity)

    def CreateProcessW(self, is_return=False):
        def parse_creation_flags(dwCreationFlags):
            flags = []
            if dwCreationFlags & 0x04000000:
                flags.append("CREATE_DEFAULT_ERROR_MODE")
            if dwCreationFlags & 0x00000010:
                flags.append("CREATE_NEW_CONSOLE")
            if dwCreationFlags & 0x00000200:
                flags.append("CREATE_NEW_PROCESS_GROUP")
            if dwCreationFlags & 0x08000000:
                flags.append("CREATE_NO_WINDOW")
            if dwCreationFlags & 0x00000004:
                flags.append("CREATE_SUSPENDED")
            if dwCreationFlags & 0x00000002:
                flags.append("DEBUG_ONLY_THIS_PROCESS")
            if dwCreationFlags & 0x00000001:
                flags.append("DEBUG_PROCESS")
            if dwCreationFlags & 0x00000008:
                flags.append("DETACHED_PROCESS")
            if dwCreationFlags & 0x00010000:
                flags.append("INHERIT_PARENT_AFFINITY")
            return '|'.join(flags) if flags else '0'
        
        if is_return:
            return_value = funcutils.get_result(self.is_64bit)
            success = "Success" if return_value else "Failure"
            return f"{success} -> BOOL"

        lpApplicationName = funcutils.get_func_args(1, self.is_64bit)
        lpCommandLine = funcutils.get_func_args(2, self.is_64bit)
        lpProcessAttributes = funcutils.get_func_args(3, self.is_64bit)
        lpThreadAttributes = funcutils.get_func_args(4, self.is_64bit)
        bInheritHandles = funcutils.get_func_args(5, self.is_64bit)
        dwCreationFlags = funcutils.get_func_args(6, self.is_64bit)
        lpEnvironment = funcutils.get_func_args(7, self.is_64bit)
        lpCurrentDirectory = funcutils.get_func_args(8, self.is_64bit)
        lpStartupInfo = funcutils.get_func_args(9, self.is_64bit)
        lpProcessInformation = funcutils.get_func_args(10, self.is_64bit)

        app_name = idc.get_strlit_contents(ea = lpApplicationName, strtype=idc.STRTYPE_C16).decode('utf-8') if lpApplicationName else "null"
        cmd_line = idc.get_strlit_contents(ea = lpCommandLine, strtype=idc.STRTYPE_C16).decode('utf-8') if lpCommandLine else "null"
        process_attr = f"{hex(lpProcessAttributes)}"
        thread_attr = f"{hex(lpThreadAttributes)}"
        inherit_handles = "TRUE" if bInheritHandles else "FALSE"
        creation_flags = parse_creation_flags(dwCreationFlags)
        environment = f"{hex(lpEnvironment)}"
        current_dir = idc.get_strlit_contents(ea=lpCurrentDirectory, strtype=idc.STRTYPE_C16).decode('utf-8') if lpCurrentDirectory else "null"
        startup_info = f"{hex(lpStartupInfo)}"
        process_info = f"{hex(lpProcessInformation)}"

        _debug_info = (f"lpApplicationName={app_name}, "
                   f"lpCommandLine={cmd_line}, "
                   f"lpProcessAttributes={process_attr}, "
                   f"lpThreadAttributes={thread_attr}, "
                   f"bInheritHandles={inherit_handles}, "
                   f"dwCreationFlags={creation_flags}, "
                   f"lpEnvironment={environment}, "
                   f"lpCurrentDirectory={current_dir}, "
                   f"lpStartupInfo={startup_info}, "
                   f"lpProcessInformation={process_info}) = ")
        
        return _debug_info    # anti debug