Win32 API Note 1

==================hook Hook =========================

Can be used to hook off the system's calls to certain functions.

================== terminating the system process =====================

4 Ways to terminate:

1, the main thread of the entry function returned

2, a thread in the process calls the ExitProcess function, can only end the current process, cannot be used to end other processes.

3. All threads in the process are finished

4. One thread in the other process called the TerminateProcess function

The TerminateProcess function terminates the specified process and all its threads.

BOOL TerminateProcess (

HANDLE hprocess,//Process Handle

UINT Uexitcode//Process Termination code

);

The OpenProcess function is used to open an existing process object and return a handle to the process.

HANDLE OpenProcess (

DWORD dwdesiredaccess,//Gain access (flag), can say process_all_access,process_query_information etc.

BOOL bInheritHandle,//whether the handle is inherited

DWORD dwprocessid//Process Identifier

);

================== getting the system process =====================

Get system process: toolhelp function and enumprocess function

PROCESSENTRY32 pe32;

HANDLE Hprocesssnap =:: CreateToolhelp32Snapshot (th32cs_snapprocess,0); System processes take snapshots, return values as formal parameters to Process32First and Process32Next

BOOL bmore=::P rocess32first (HPROCESSSNAP,&PE32)

Bmore =::P rocess32next (HPROCESSSNAP,&PE32)

CloseHandle (HPROCESSSNAP);

The TOOLHELP function is not the only way to get system process information, you can also use the Enumprocess function.

Th32cs_snapheaplist//enum TH32PROCESSID parameter specifies the heap in the process

Th32cs_snapmodule//Enumerate modules in the process specified by the TH32PROCESSID parameter

Th32cs_snapprocess//Enumerates system-wide processes at which time the Th32processid parameter is ignored

Th32cs_snapthread//Enumerate system-wide threads at which time the Th32processid parameter is ignored

HANDLE WINAPI CreateToolhelp32Snapshot (

DWORD dwFlags,//used to specify the object to be returned in the snapshot, which can be th32cs_snapprocess, etc.

DWORD TH32PROCESSID//A process ID number that specifies the snapshot of which process to get, which can be set to 0 when getting a list of system processes or getting a snapshot of the current process

);

typedef struct TAGPROCESSENTRY32

{

DWORD dwsize; The length of the structure must be pre-set

DWORD Cntusage; Reference count of the process

DWORD Th32processid; ID of the process

ULONG_PTR Th32defaultheapid; ID of the process default heap

DWORD Th32moduleid; ID of the process module

DWORD cntthreads; Number of threads created by the process

DWORD Th32parentprocessid; The parent thread ID of the process

LONG pcpriclassbase; The basic priority of the thread created by the process

DWORD DwFlags; Internal use

TCHAR Szexefile[max_path]; Executable file name for the process

} PROCESSENTRY32, *pprocessentry32;

================== application Start-up process =====================

The application startup process is the process creation process, calling the CreateProcess function to create the process

When a new process is created, a variable of type startupinfo is specified for the new process, which contains some display information that the parent process passes to the child process.

A process can call the Getstartupinfo function to get the STARTUPINFO structure that the parent process uses when creating itself. For example:

VOID Getstartupinfo (Lpstartupinfo lpstarupinfo);//Gets the STARTUPINFO structure specified when the current process is created

Initializes the size of the STARTUPINFO structure, for example:

Startupinfo si = {sizeof (SI)}; Initializes the CB member to sizeof (SI), and the other member is initialized to 0

:: Getstartupinfo (&SI);

Si.dwflags = Startf_useshowwindow; Specifies that the Wshowwindow member is valid

Si.wshowwindow = TRUE; If this member is set to Ture, the main window of the new process is displayed, false to not display

CloseHandle (Pi.hthread); The thread handle needs to be closed after creation

CloseHandle (pi.hprocess); Process handle needs to be closed after creation

Because the version of Windows needs to be compatible with older versions, Windows needs to determine the number of its members through the size of the struct

The STARTUPINFO structure is used to specify the main window properties of the new process

typedef struct _STARTUPINFO {

DWORD CB;

LPTSTR lpreserved;

LPTSTR LpDesktop;

LPTSTR Lptitle;

DWORD DwX;

DWORD DwY;

DWORD dwxsize;

DWORD dwysize;

DWORD Dwxcountchars;

DWORD Dwycountchars;

DWORD Dwfillattribute;

DWORD DwFlags;

WORD Wshowwindow;

WORD CbReserved2;

Lpbyte LpReserved2;

HANDLE hStdInput;

HANDLE Hstdoutput;

HANDLE Hstderror;

} startupinfo, *lpstartupinfo;

BOOL CreateProcess

(

LPCTSTR Lpapplicationname,

LPTSTR lpCommandLine,

Lpsecurity_attributes lpprocessattributes.

Lpsecurity_attributes Lpthreadattributes,

BOOL bInheritHandles,

DWORD dwCreationFlags,

LPVOID Lpenvironment,

LPCTSTR Lpcurrentdirectory,

Lpstartupinfo Lpstartupinfo,

Lpprocess_informationlpprocessinformation

);

Related data structures when creating a process

typedef struct _process_information{

HANDLE hprocess; Kernel handle for newly created process

HANDLE Hthread; Kernel handle of the main thread in the newly created process

DWORD Dwprocessid; ID of the newly created process

DWORD dwThreadID; The main thread ID of the newly created process

}process_information,*lpprocess_information;

========================== other ===============================

Before the API function, add:: Symbol, indicating that this is a global function to distinguish it from the member functions of C + + classes

Move the cursor to the API function, press F1 to open the MSDN documentation

============================= Code Style =======================

G_ prefixes represent global variables

M_ prefixes represent member variables of a class

B_ prefix denotes bool type

N_ prefix denotes integral type

The P_ prefix represents the pointer

The LP_ prefix represents the long pointer

============================= Creating Threads =======================

CreateThread

============================= dialog Box =========================

The MessageBox displays a dialog box of the specified style, judging by whether the return value is click OK or cancel or something else.

//============================================================

Win32 API Note 1