The basic meaning of the Windows kernel process and the creation of processes

Process

1 Meaning of the process:

1.1 One is the kernel object that the operating system uses to manage processes.

Kernel objects are also places that the system uses to hold statistical information about the process.

1.2 There is also an address space, which includes code and data for all modules that can be run or DL L modules. It also includes the space for dynamic memory allocation.

such as thread stacks and heap allocation space.

2 steps for the operating system to start the application

2.1 Invoking the Startup function when C + + executes

Starting function total 4 kinds, winmaincrtstartup,wwinmaincrtstartup,maincrtstartup,wmaincrtstartup.

The start function is complete such as the following tasks:

<1> retrieves a pointer to the full command line of the new process

<2> retrieves a pointer to the environment variable for the new process

<3> initializes global variables for the C + + execution period.

The hypothesis includes S T d L i B. h file, the code will be able to access these variables

<4> initializes the memory stack used by the cell allocation function (M a l l o C and c a l o C) and other low-level input/output routines in C execution period.

<5> calls constructors for all global and static c+ + class objects.

<6> Invoke entry point function

<7> when the entry point function returns, the START function calls the ex I-t function of the C execution period. Pass the return value (Nmainretval) to it.

<8> invoke any function that is registered by the call of the _onexit function

<9> calling destructors for all global and static C + + class objects

<10> invokes the ExitProcess function of the operating system and passes the nmainretval to it. This allows the operating system to undo the process and set its E x i t code

3 instance handle of the process

3.1 Current instance handle of the process

Each exe or DLL file loaded into the process address space is given a unique handle.

To get the loaded module (Exe,dll) method:

GetModuleFileName (Hmoudlehmodule,lptstr lpfilename,dwrod nSize);

When the value of hmodule is null, all path names of the current calling module are returned.

3. 2 Previous instance handle of a process

C + + code always assigns null to the second parameter of the WinMain function hinstancehpreinstance, because it is reserved for use in a 16-bit program, so it is convenient to switch to a 16-bit program by preserving it.

4 the command line of the process

LPTSTR GetCommandLine (); Get command line string

5 environment variables for the process

Each process has an environment variable block associated with it, and the environment block is a block of memory allocated in the process's address space. Each environment block includes a set of strings, as seen in the following form:

Varname1=varvalue1\0

Varname2=varvalue2\0

Varname3=varvalue3\0

Note that there are no spaces before the equal sign, there are spaces and no spaces represent a completely different environment variable. Such as:

xyz=xxx; and XYZ =xxx. This is the two completely different environment variables.

Functions related to operation of Hua Jing variables

<1>

Lpvoidgetenvironmentstrings (VOID);

<2>

BOOL setenvironmentvariable (LPCTSTR lpname,  //environment variable name LPCTSTR lpvalue  //new value for VARIABL e);

<3>

DWORD getenvironmentvariable (  lpctstr lpname,  //environment variable name LPTSTR lpbuffer,//buffer for VARIABL E value DWORD nSize      //size Ofbuffer);

<4>

BOOL freeenvironmentstrings (Lptstrlpszenvironmentblock  //environmentstrings);

6 current folder of the process

The current folder of the program can be changed, the current folder and the process of the Startup folder is different, the Startup folder is EXE or DLL called folder, we can be processed through the Getmodulefinename function.

<1>

DWORD GetCurrentDirectory (DWORD nbufferlength,    //size of directory buffer LPTSTR lpbuffer            //directory buffer);

<2>

BOOL setcurrentdirectory (  lpctstr lppathname   //new directory name);

7 System version number information obtained

GetVersion ()

But this function has the bug, is the program ape to take the main version. The minor version misplaced the high and low bytes.

BOOL GetVersionEx (lposversioninfo lpversioninfo//versioninformation);

This is a new fix.

8 Creating a process

BOOL WINAPI CreateProcess (  _in_opt_     lpctstr lpapplicationname,  _inout_opt_   LPTSTR lpcommandline,  _in_opt_     Lpsecurity_attributes lpprocessattributes,  _in_opt_     lpsecurity_attributes lpthreadattributes,  _In_         BOOL binherithandles,  _in_         DWORD dwcreationflags,  _in_opt_     lpvoid lpenvironment,  _ In_opt_     lpctstr lpcurrentdirectory,  _in_         lpstartupinfo lpstartupinfo,  _out_        Lpprocess_ Information lpprocessinformation);

Explanation of the parameters:

<1> Lpapplicationname

To be loaded into the module's name, you must format the module, for example EXE. Because the system does not feel the EXE, the module name can be the department name, then the system will be in the current folder to find the module.

It is usually set to NULL, because lpCommandLine has a more powerful function than it is to complete the call of the module.

<2> lpCommandLine

The order in which the system looks for executable EXE files is:

The folder in which the application loads.

The current folder of the parent process;

Windows System folder.

Windows folder;

The folder that the environment variable lists.

Note: When the character set is Unicode, the parameter type cannot be of type Const. If it will be an error.

<3> lpprocessattributes

A pointer to the security_attributes . Determines whether a handle to the new process object returned by the process creation function can be inherited by the quilt process.

When it is null. Gets the default security descriptive descriptor

<4> lpthreadattributes

Pointing A pointer to the security_attributes . The handle to the new thread object that determines the process creation function fan Hu can be inherited by the quilt process.

When NULL, the default security descriptive descriptor is obtained.

<5> binherithandles

Assuming true, any handle that can be inherited will not inherit from the newly created process.

If False, then it is not inherited by the new process.

<6>dwcreationflags

The Create flag bit setting for the newly created process determines the behavior of parent-child process debug information feedback, child process form generation, and so on.

<7> lpenvironment

The environment block that is pointed to in the new process.

Assuming the value is NULL, it means that the new process inherits the environment block of the parent process.

<8>lpcurrentdirectory

A pointer to the current folder of the new process.

If NULL is assumed, then the same current folder as the calling process (parent process) is present.

<9> Lpstartupinfo

Pointing A pointer to startupinfo or startupinfoex . Primary specifies the form's state, appearance, and standard handle.

When wi n d o W s creates a new process, it will use the relevant members of that structure. Most applications will require that the generated application use only the default values. At a minimum, all members of the structure should be initialized to zero. The CB member is then set to the size of the structure.

When the handle created inside is not used. To be closed by CloseHandle.

<10> lpprocessinformation

A pointer to the process_information struct body.

typedef struct _PROCESS_INFORMATION {  HANDLE hprocess;  HANDLE Hthread;  DWORD  Dwprocessid;  DWORD  dwThreadID;} Process_information, *lpprocess_information;

When the handle is not used, it is closed by the CloseHandle function.

When a process kernel object is created, the system gives the object a unique identification number. The same ID number cannot be used by any other kernel object in the system, regardless of the process. The same is true for thread kernel objects.

When a thread kernel object is created, the object is given a unique, system-wide ID number. The process ID and thread ID share the same pool of numbers. This means that processes and threads cannot have the same ID.

9 Create an instance of the process:

#include <Windows.h> #include <iostream>using namespace std;void main () {startupinfo si;    Process_information Pi;    ZeroMemory (&si, sizeof (SI));    SI.CB = sizeof (SI);    ZeroMemory (&pi, sizeof (PI));     Start the child process. if (!         CreateProcess (NULL,//No module name (with command line).         TEXT ("notepad++"),//Command line.         NULL,//Process handle not inheritable.         NULL,//Thread handle not inheritable.         False,//Set handle inheritance to false.         0,//No creation flags.         NULL,//Use the parent ' s environment block.         NULL,//Use parent ' s starting directory.        &si,//Pointer to STARTUPINFO structure.    &AMP;PI)//Pointer to process_information structure.    {Cout<<text ("CreateProcess failed.");    }//Wait until child process exits. WaitForSingleObject (PI.HPROcess, INFINITE);     Close process and thread handles.    CloseHandle (pi.hprocess); CloseHandle (Pi.hthread);}

The basic meaning of the Windows kernel process and the creation of processes