Interceptor.attach(Module.findExportByName(null, 'NtCreateUserProcess'), {
    onEnter: function(args) {
        // Get the base pointer to RTL_USER_PROCESS_PARAMETERS from args[8]
        var paramsBasePtr = args[8];
        
        // Read 4-byte segments starting from paramsBasePtr
        for (var i = 0; i < 16; i++) {
            var fieldPtr = paramsBasePtr.add(i * 4);  // 4-byte increments for a 32-bit process
            var value = Memory.readU32(fieldPtr);
            console.log("Offset 0x" + (i * 4).toString(16) + ": 0x" + value.toString(16));
        }
    },
    onLeave: function(retval) {
        // Cleanup or any other actions after function returns
    }
});