Get a real process/thread handle

The simplest way to get a process/thread handle is first described before starting the body. That is, you can get a handle when you create a process/thread.

The Create process/thread is the get handle.

Process creation function

BOOL CreateProcess (

Pctstr Pszapplicationname,

Ptstr pszCommandLine,

Psecurity_attributes psaprocess,

Psecurity_attributes Psathread,

BOOL bInheritHandles,

DWORD Fdwcreate,

PVOID Pvenvironment,

Pctstr Pszcurdir,

Pstartupinfo Psistartinfo,

Pprocess_information ppiprocinfo);

Parameter many ah, if you want to understand the specific meaning of the parameters can go to the MSDN, this article does not explain the parameters, but the last parameter, which can get the process and the main thread of the kernel handle and ID. First look at the pprocess_information structure:

typedef struct _process_information{

HANDLE hprocess;

HANDLE Hthread;

DWORD Dwprocessid;

DWORD dwThreadID;

}process_information;

Before creating a process, we first define a process_information variable and then use its address to call the CreateProcess () function, and the CreateProcess function will have an accident before returning the struct member. This allows us to handle and ID the process with the main thread.

Process_information Pi;

CreateProcess (..., &pi);

Next, you can get the handle and ID of the process and the main thread through PI.

Create a thread function

HANDLE CreateThread (

Psecurity_attributes PSA,

DWORD Cbstacksize,

Pthread_start_routine Pfnstartaddr,

PVOID Pvparam,

DWORD Dwcreateflags,

Pdword Pdwthreadid

);

The return value of the function is the handle to the new thread that was created, and the last parameter is the thread ID.

Here's how to get a pseudo handle of a process/thread in a Windows system.

Windows provides two functions to get the pseudo handle of a process/thread.

HANDLE getcurrentprocess (); Get process pseudo handle

HANDLE GetCurrentThread (); Get thread pseudo handle

Calling these functions returns a pseudo-handle to the process/thread kernel object, does not create a new handle in the process handle table, and does not increase the process/thread kernel object count.

Of course, if you use a pseudo-handle for the CloseHandle () function call, CloseHandle ignores this call.

The next step is to convert the pseudo-handle to a real handle.

Copy Kernel object handle function

BOOL DuplicateHandle (

HANDLE hsourceprocess,

HANDLE Hsource,

HANDLE htargetprocess,

HANDLE Phtarget,

DWORD dwDesiredAccess,

BOOL bInheritHandle,

DWORD dwoptions

);

This function obtains a record entry in a process handle table, and then creates a copy of the record entry in the other handle table.

The first parameter, Hsourceprocess, and the third parameter, htargetprocess, is a kernel object handle and must be a process kernel object.

The second parameter, Hsource, can be a handle to any type of kernel object, but must be related to the process represented by the first parameter.

The fourth parameter is used to receive a copy of the handle value.

The last three parameters are used to specify which access permissions and inheritance flags are used by the kernel object in the target process's handle table entry.

If the last parameter is specified as duplicate_same_access, the copied handle has the same access rights as the original handle.

Get thread handle

HANDLE Hthread;

DuplicateHandle (

GetCurrentProcess (),

GetCurrentThread (),

GetCurrentProcess (),

&hthread,

0,

FALSE,

Duplicate_same_access

);

Get process Handle

HANDLE hprocess;

DuplicateHandle (

GetCurrentProcess (),

GetCurrentProcess (),

GetCurrentProcess (),

&hprocess,

0,

FALSE,

Duplicate_same_access

);

As you can see, getting the process and thread handles is just the second parameter of passing in DuplicateHandle (). However, this function increases the count of kernel objects, so you need to call CloseHandle () to reduce the handle count by one after you have finished using the handle.

Get a real process/thread handle