Chapter 5 windows core programming

Concepts:
A job is similar to a sandbox that limits process operations. (a typical example is chrome or Google's browser. I personally feel that the Chrome sandbox is similar to this job, so that Trojans can run in one process without affecting other processes and improving security)

 

This chapter is not clear

Handle createjobobject (psecurity_attributes PSA, pctstr pszname );
The first parameter is security. The last parameter is named for the handle so that it can be accessed through openjobobject.

Handle openjobobject (DWORD dwdesiredaccess, bool binherithandle, pctstr pszname );

After closehandle is called to close a job, it does not actually stop all processes in the job. It only marks the deletion. Only when all processes in the job are aborted can the job be canceled. Note, after the job handle is disabled, the job cannot be accessed.

You can use setinformationjobobject to add different types of restrictions to a job:
1. Basic restrictions to prevent the process in the job from monopolizing system resources;
2. Basic UI restrictions to prevent the process in the job from changing the user interface;
3. Security restrictions to prevent processes in jobs from accessing confidential resources (files, registries, etc );

Bool setinformationjobobject (handle hjob, jobobjectinfoclass jobobjectinformationclass, pvoid pjobobjectinformation, DWORD cbjobobjectinformationlength );

The first parameter indicates the job to be restricted, the second parameter is an enumeration, specifying the type of restriction to be used, and the third parameter is the address of the data structure containing the restriction setting value, fourth, specify the structure size

Process into job:
Bool assignprocesstojobobject (handle hjob, handle hprocess );
Note: Once a process becomes part of a job, it cannot be transferred to another job. When a process in a job generates a child process, the child process automatically becomes part of the parent job, but it can be changed in two ways:
1. Open the job_object_dreakaway_ OK flag in limitflags of jobobject_basic_limit_information to inform the system that the newly generated process can run outside the job, but the create_breakaway_from_job flag must be used to call CreateProcess.

Open the job_object_silent_breakaway_ OK mark in limitflags of jobobject_basic_limit_information, and tell the system that the new process should not be part of the job.

Process of canceling a job:
Bool terminatejobobject (handle jjob, uint uexitcode );

Get statistics:
Call queryinformationjobobject (). The second parameter passes jobobjectbasicaccountinginformation and the address of the jobobject_basic_accounting_information structure.

Job Notification Information:
Jobobject_associate_completion_port joacp;
Joacp. completionkey = 1;
Joacp. completionport = hiocp;

Setinformationjobobject (hjob, jobobjectassociatecompletionportinformation, & joacp, sizeof (jaocp ));