CreateProcess function details

Source: Internet
Author: User

CreateProcess
Note:
The CreateProcess function of WIN32API is used to create a new process and its main thread. The new process runs the specified executable file.

Function prototype:
Bool CreateProcess
(
Lptstr lpapplicationname,
Lptstr lpcommandline,
Lpsecurity_attributes lpprocessattributes.
Lpsecurity_attributes lpthreadattributes,
Bool binherithandles,
DWORD dwcreationflags,
Lpvoid lpenvironment,
Maid directory,
Lpstartupinfo,
Lpprocess_information lpprocessinformation
);

Parameters:
Lpapplicationname: a string that points to a null end and is used to specify the executable module.
This string can make the absolute or relative path of the executable module. In the latter case, the function uses the current drive and directory to create the path of the executable module.
This parameter can be set to null. In this case, the name of the executable module must be at the beginning of the lpcommandline parameter and separated by a space character from the subsequent characters.
The specified module can be a Win32 application. If the appropriate subsystem is available on the current computer, it can also be another type of module (such as MS-DOS or OS/2 ).
In Windows NT, if the executable module is a 16-bit application, this parameter should be set to null because the name of the executable module should be specified in the lpcommandline parameter. A 16-bit application runs in a DOS virtual machine or Windows (WOW) on Win32.

Lpcommandline: Specifies the command line to be run at the end of a null value.
This parameter can be blank, so the function uses the string specified by the parameter as the command line of the program to be run.
If the lpapplicationname and lpcommandline parameters are not empty, the lpapplicationname parameter specifies the module to be run, and the lpcommandline parameter specifies the command line of the module to be run. The newly running process can use the getcommandline function to obtain the entire command line. The argc and argv parameters can be used in C language programs.
If the lpapplicationname parameter is null, the first space-separated element in the string specifies the executable module name. If the file name does not include the extension name, then .exe is assumed to be the default extension. If the file name ends with a dot (.) and no extension name exists, or the file name is included in the extension, .exe will not be added to the end. If the file name does not contain a path, Windows searches for the executable file in the following order:
1. The directory of the current application.
2. Parent process directory.
3. Windows 95: Windows System directory, which can be obtained using the getsystemdirectory function.
Windows NT: 32-bit Windows System directory. You can use the getsystemdirectory function to obtain the directory name system32.
4. in Windows NT: 16-bit Windows System directory. You cannot use the Win32 function to obtain this directory, but it will be searched. The directory name is system.
5. Windows directory. You can use the getwindowsdirectory function to obtain this directory.
6. The directory listed in the PATH environment variable.
If the created process is an application based on a MS-DOS or a 16-bit windows, the lpcommandline parameter should be an absolute path to an executable file name as the first element, this can make the 32-bit windows program work well, So setting the lpcommandline parameter is the strongest.

Lpprocessattributes: points to a security_attributes struct, which determines whether the returned handle can be inherited by the quilt process. If the lpprocessattributes parameter is null, the handle cannot be inherited.
In Windows NT, The lpsecuritydescriptor Member of the security_attributes structure specifies the security descriptor of the new process. If the parameter is blank, the new process uses the default security descriptor.
In Windows95, The lpsecuritydescriptor Member of the security_attributes structure is ignored.

Lpthreadattributes: points to a security_attributes struct, which determines whether the returned handle can be inherited by the quilt process. If the lpthreadattributes parameter is null, the handle cannot be inherited.
In Windows NT, The lpsecuritydescriptor Member of the security_attributes structure specifies the security descriptor of the main thread. If the parameter is blank, the main thread uses the default security descriptor.
In Windows95, The lpsecuritydescriptor Member of the security_attributes structure is ignored.

Binherithandles: indicates whether the new process inherits the handle from the called process. If the value of the parameter is true, every inherited open handle in the calling process inherits the quilt process. The inherited handle has the same value and access permissions as the original process.

Dwcreationflags: Specifies the appended identifier used to control priority classes and Process Creation. The following creation flag can be combined in any way except the method listed below.

Value: create_default_error_mode
Meaning: the new process does not inherit the Error Mode of the called process. The CreateProcess function allows the new process to replace the current default error mode. Applications can call the seterrormode function to set the current default error mode.
This flag is useful for Multithreaded Shell programs running in environments without hardware errors.
For the CreateProcess function, the default behavior is to inherit the caller's error mode for the new process. Set this flag to change the default processing method.

Value: create_new_console
Meaning: a new process uses a new console instead of inheriting the console of the parent process. This flag cannot be used with the detached_process flag.

Value: create_new_process_group
Meaning: the root process of a new process tree. All processes of the Process tree are the sub processes of the root process. The User Identifier of the new process tree is the same as that of the process, which is returned by the lpprocessinformation parameter. The generateconsolectrlevent function is often used in the process tree to send Ctrl + C or Ctrl + break signals to a group of console processes.

Value: create_separate_wow_vdm
Meaning: (only applicable to Windows NT) this flag is valid only when a 16-bit windows application is running. If set, the new process runs on a private virtual DOS host (vdm. In addition, by default, all 16-bit Windows applications run in the same shared vdm as threads. The advantage of running a 16-bit program separately is that the crash of an application will only end the running of this vdm; other programs running in different vdm will continue to run normally. Similarly, the 16-bit Windows applications running in different vdm have different input queues, which means that if a program temporarily loses response, applications in independent vdm can continue to obtain input.

Value: create_shared_wow_vdm
Meaning: (only applicable to Windows NT) this flag is valid only when a 16-bit windows application is running. If the defaultseparatevdm option of windows in win. ini is set to true, this identifier causes the CreateProcess function to bypass this option and run a new process on the shared virtual DOS host.

Value: create_suincluded
Meaning: the main thread of the new process will be created in the paused State and will not run until the resumethread function is called.

Value: create_unicode_environment
Description: If this parameter is set, the Environment block specified by the lpenvironment parameter uses Unicode characters. If it is null, the Environment block uses ANSI characters.

Value: debug_process
Meaning: If this flag is set, the calling process will be treated as a debugging program, and the new process will be treated as a debugged process. The system notifies the debugger of all debugging events of the program to be debugged.
If you use this flag to create a process, only the process that calls the CreateProcess function can call the waitfordebugevent function.

Value: debug_only_this_process
Meaning: If this flag is not set and the calling process is being debugged, the new process will become another debugging object of the debugger for debugging the calling process. If the calling process is not debugged, the related debugging behaviors will not be generated.

Value: detached_process
Meaning: For console processes, the new process has no permission to access the console of the parent process. You can use the allocconsole function to create a new console. This flag cannot be used with the create_new_console flag.

The dwcreationflags parameter is also used to control the priority of a new process. The priority class is used to determine the priority of the thread scheduling of the process. If none of the following priority class labels are specified, the default priority class is normal_priority_class unless the created process is idle_priority_class. In this case, the default priority class of the sub-process is idle_priority_class.
It can be one of the following signs:

Priority: high_priority_class
Meaning: indicates that the process will execute a time critical task, so it must be run immediately to ensure correctness. Programs with this priority take precedence over programs with normal or idle priority. One example is the Windows Task List. To ensure immediate response when a user calls the task, the system load is not considered. Be sure to exercise caution when using a high-priority CPU because a high-priority CPU-associated application can take up almost all of the CPU availability time.

Priority: idle_priority_class
Meaning: indicates that the thread of the process runs only when the system is idle and can be interrupted by any high-priority task. For example, screen saver. The idle priority is inherited by the quilt process.

Priority: normal_priority_class
Meaning: indicates that this process has no special task scheduling requirements.

Priority: realtime_priority_class
Meaning: indicates that the process has the highest priority available. A thread with a real-time priority can interrupt the execution of all other process threads, including the system processes that are executing important tasks. For example, a real-time process with a longer execution time may cause insufficient disk cache or slow mouse response.

Lpenvironment: point to the Environment block of a new process. If this parameter is null, the new process uses the environment of the called process.
An environment block exists in a block consisting of a string ending with null. This block also ends with null. Each string is in the form of name = value.
Because the equal sign is used as a separator, it cannot be used as a variable name by environment variables.
Instead of using the environment block provided by the application, it is better to set this parameter to null directly, and the current directory information on the system drive will not be automatically passed to the newly created process. For more information about this situation and how to handle it, see the Notes section.
The environment block can contain Unicode or ANSI characters. If the environment block to which lpenvironment points contains Unicode characters, the create_unicode_environment flag of the dwcreationflags field will be set. If the block contains ANSI characters, the flag is cleared.
Note that an ANSI environment block ends with two zero Bytes: one is the end of the string, and the other is used to end the fast. One Unicode environment block ends with four zero bytes of oil: Two represents the end of the string, and the other two are used to end the block.

Lpcurrentdirectory: point to a null-ending string used to indicate the working path of the child process. This string must be an absolute path containing the drive name. If this parameter is blank, the new process uses the same drive and directory as the called process. This option is the primary condition for a shell that needs to start the application and specify their drives and working directories.

Lpstartupinfo: point to the startupinfo struct used to determine how the new process's main form is displayed.

Lpprocessinformation: point to a process_information structure used to receive the recognition information of new processes.

Return Value:
If the function is successfully executed, a non-zero value is returned.

If the function fails to be executed and zero is returned, you can use the getlasterror function to obtain additional error information.

Note:
The CreateProcess function is used to run a new program. The winexec and loadmodule functions are still available, but they are also implemented by calling the CreateProcess function.

In addition, the CreateProcess function creates a process and a thread object. This thread will be created together with an initialized stack. The size of the stack is determined by the description in the executable file header. The thread starts execution at the file header.

The handles of new processes and new threads are created with global access permissions. If there is no security descriptor for either of the two handles, the handle can be used in any function that requires the handle type as a parameter. When the security descriptor is provided, when the handle is used in the next step, the access permission check is always performed first. If the access permission check denies access, the requested process cannot use this handle to access this process.

This process is assigned a 32-bit process identifier. The identifier is valid until the process is aborted. It can be used to identify the process or be specified in the OpenProcess function to open the handle of the process. A 32-bit thread identifier will be allocated to the initialized thread in the process. This identifier is valid until the county seat is terminated and can be used to uniquely identify this thread in the system. These identifiers are returned in the process_information struct.

When you specify an application name in the lpapplicationname or lpcommandline parameter, whether or not the application name contains an extension name does not affect the operation. The exception is. the MS-DOS program or Windows program with COM Extension must contain. COM Extension.

You can call the waitforinputidle function to wait for the new process to complete its initialization and wait for user input. This is extremely useful for synchronization between the parent process and the child process, because the CreateProcess function does not wait for the new process to complete its initialization. For example, before attempting to associate a window with a new process, the process should call waitforinputidle.

The preferred way to end a process is to call the exitprocess function, because this function notifies all the dynamic link library (DLLs) programs of the process to end. Other methods to terminate the process do not notify the associated dynamic link library. Note that when a process calls exitprocess, other counties of the process do not have the opportunity to run any other code (including the termination code associated with the dynamic link library ).

Exitprocess, exitthread, createthread, and createremotethread are serialized in the process when a process is started (the CreateProcess result is called. In an address space, only one of these events can occur at a time. This means that the following restrictions will be retained:
* New Threads can be created during the start and DLL initialization phases, but they cannot start running until the process's dll Initialization is complete.
* There can be only one thread in the Process of DLL initialization or removal.
* The exitprocess function does not return until all threads initialize or unload the DLL.

Before all threads in a process terminate and all handles of the process and their threads are terminated by calling the closehandle function, the process will remain in the system. Both process and main thread handles must be closed by calling the closehandle function. If you no longer need these handles, you 'd better close them immediately after creating the process.

When the last thread in the process is terminated, the following events occur:
* All objects opened by the process are closed.
* The termination status of a process (returned by the getexitcodeprocess function) changes from its initial value still_active to the end status of the last terminated thread.
* The thread object of the main thread is set to the flag State for other threads waiting for this object to use.
* The process object is set to the flag State for use by other threads waiting for this object.

Assume that the current directory on disk C is/msvc/MFC and there is an environment variable called C:. Its value is C:/msvc/mfc, as previously mentioned in lpenvironment, directory information on such a system drive is not automatically transmitted to the new process when the lpenvironment parameter of the CreateProcess function is not empty. An application must manually pass the current directory information to the new process. To do this, the application must directly create environment strings and arrange them alphabetically (because Windows NT and Windows 95 use a simple environment variable ), and put them into the environment block specified in lpenvironment. Similarly, they need to find the beginning of the Environment block and repeat the sorting of the Environment block mentioned above.

One way to get the current directory variable of drive X is to call getfullpathname ("X :",..). This avoids the need for an application to scan the environment block. If the absolute path returned is X:/, you do not need to pass this value as an environment data because the root directory is the default current directory of the new process on drive X.

The handle returned by the CreateProcess function has the process_all_access permission on the process object.

The current directory of the sub-process object in the current directory specified by the lpcurrentdirectory parameter. The second project specified by the lpcommandline parameter is the current directory of the parent process.

For Windows NT, when a process is created with create_new_process_group specified, a call to setconsolectrlhandler (null, true) is used in the new process, this means that Ctrl + C is invalid for the new process. This allows upper-level surgical programs to process Ctrl + C information themselves and selectively transmit these signals to sub-processes. CTRL + break is still valid and can be used to interrupt the execution of the Process/process tree.

See
Allocconsole, closehandle, handler, createthread, exitprocess, exitthread, response, getcommandline, response, getexitcodeprocess, response, getstartupinfo, getsystemdirectory, getwindowsdirectory, loadmodule, OpenProcess, process_information, response, seterrormode, startupinfo, terminateprocess, waitforinputidle, waitfordebugevent, winexec

Quick info:
Import to database: kernel32.lib
Header file: WINBASE. h
 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.