Windows core programming-process-related

Describes how the system manages all running applications.

1. Process explanation:

An instance of a running program is defined as a process.

A process generally contains two parts:

* A kernel object used by the operating system to manage processes. It is also the place where the operating system saves process statistics.

*An address space that contains the code and data of all executable files or DLL modules. It also includes dynamic memory allocation, such as thread stack and heap allocation.

When a process is doing one thing, it is not actually a process, but as long as the process is created, it will immediately create a thread, which is usually called the main thread and other things, or all the things that really need to be done are done by this thread, including creating more threads or executing code in the address space. Of course, each thread has its own unique CPU register and stack, and the operating system allocates time slices for each thread through polling, thus achieving the illusion that all threads execute simultaneously.

 

2. Windows applications:

Windows supports two types of applications: Gui and Cui. The two are vague. Only when vs is used for creation, there will be different linker switches. At the same time, Cui is not very friendly. Different linker Switches

The system will find the correct entry function. If the entry function cannot be found, an external command error will be prompted. When such a link error occurs, you can configure properties-linker-system-subsystem and change

Off. Change the character set at the same time.

You can find the source code of the C entry function in crtexe. C.

After the entry function is returned, the start function calls the exit function of the C Runtime Library.

 

3. Process instance handle:

Each executable or DLL file loaded into the process address space is assigned a unique instance handle. The instance of the executable file is passed in as hiinstanceexe, the first parameter of the winmain function.

The value is a memory base address. The system loads the executable file image to a location in the process address space. You can use the getmodulehandle function to check the address space of the main call process to obtain the specific location. Of course, the getmodulehandle function can also return the base address of the executable file of the main process.

For example, the first hmodule and hinstance parameters of the loadicon and getmodlefilename functions are exactly the same, but they are written to a 16-bit Windows system. This parameter contains the unique instance handle.

 

4. process command line:

When the system creates a new process, it will send a command line to the new process.

First, the buffer should not be written out of the border in any case.

You can also use the getcommandline function to obtain a buffer pointer, which contains a complete command line.

By using the commandlinetoargvw function declared in the shellapi. h file and exported in shell32.dll, any Unicode string can be decomposed into separate tags (What do you need to understand)

 

5. process environment variables

Each process has an environment block associated with it, which is a piece of memory allocated in the process address space.

There are two ways to access this environment block. The first is to use the getenvironmentstring function to obtain the complete environment block. After using this function, remember to release it with the free * function.

The second is that the Cui program is exclusive, which is obtained through the main entry function parameter Env.

Generally, a child process inherits copies of the same environment variables as the parent process. Not share the same.

There are three functions for environment variable operations. The getenvironmentvariable function can determine whether the expected environment variable exists.

Execute the expandenvironmentstrings function that replaces the string.

You can use the setenvironmentvariable function to add, delete, and modify the value of a variable.

 

6. Process Error Mode:

By default, a child process inherits the error pattern flag of the parent process. However, you can also inherit the Error Mode of the parent process (yourself) by setting the parameter when creating a child process.

A process can call the seterromode function to tell the system how to handle these errors.

 

 7. The current drive and directory of the process

If the complete path name is not provided, various Windows functions will find files and directories in the current directory of the current drive.

A thread can call the following two functions to obtain and set the current drive and directory of the process in which the thread is located.

Getcurrentdirectory and setcurrentdirectory Functions

The operating system tracks the drives and directories of the current process and stores the information in the environment variables of the process's Environment block.

If the path name passed in by calling a function is not the drive of the current process, the system will find in the process environment block whether the input drive exists. If yes, the system uses the variable value as the current directory, as shown in figure

If it is not found, the system assumes that the current directory of the specified drive is its root directory.

In Windows, file functions never add or change the drive letter environment variable. It only reads this variable. You can also use the C Runtime library function _ chdir to change the current directory so that the current directory of different drives can be retained.

Generally, a child process inherits the environment block of the parent process. If the parent process wants to assign a separate environment variable to the child process, the parent process must be created before the child process is created, create an environment variable for the drive and write it to the Environment block. The parent process can call the getfullpathname function to obtain its current directory.

 

8. System Version:

You can use the getversionex function to obtain information about the system version number. The parameters are complex struct parameters;

The verifyversioninfo function can be used to compare whether the version of the host system is the same as the required version.

 

9. CreateProcess Function

10. Terminate the process:

There are four methods to terminate a process,

First, the entry point function of the main thread returns

Second: a thread in the process calls the exitprocess function. Of course, there are also exitthread functions to end the thread. Both methods have some potential risks. The previous function may cause the cleaning to fail, and the second function may cause the memory.

Leakage.

Third: any thread can call the terminateprocess function, which can terminate another process or its own process.

This function is executed asynchronously (what does this mean ?), To determine whether the process has been terminated, call the waitforsingleobject function to capture the process.

 

11. When all threads in the process terminate:

When the operating system knows that no thread in a process is being executed, it will end the existence of the process. The launch code of the process is set as the exit code of the last terminated thread.

 

12. When the process stops running:

When a process stops running, the system will clean up and release the process and collect statistics,In short, the process creates a kernel object to manage the running mechanism of the process. The process ends with the code in the address space of no thread execution in the process itself, the end of the kernel object is whether the count is 0.

You can use the getexitcodeprocess function to obtain the exit code of a terminated process. This function can be used at any time to monitor whether a process has ended.

 

13. Sub-processes:

Work execution mechanism encountered during application design:

First:Call a function or call a subroutine. This is called a single task synchronization mechanism.

Second:You can create a new thread in the process to let the thread do some work. This is called asynchronous mechanism.

Third:A new sub-process can be generated to allow the sub-process to do some work. This is the so-called synchronous or asynchronous mechanism, but the advantage is that, the address space of the master process can be protected during work.

This involves a problem, that is, how different processes transmit data. Windows provides Dynamic Data Exchange (DDE), Ole, pipeline, and mail slot. One of the most convenient ways to share data is to use memory ing files.

Several other functions are involved here. The waiteforsingleobject function will wait until the object identified by the first parameter changes to triggered, when the process is terminated, it becomes triggered.

In addition, it is a good programming habit. After CreateProcess creates a sub-process and returns a result, it immediately closes the handle of the main thread of the sub-process (instead of using the closehandle function.

 

14. Run the sub-process independently:

Independent running means that once a process is created and executed, the parent process and the child process no longer communicate with each other. Such as Windows Resource Manager.

To achieve this independent running effect, the process and main thread handles are immediately closed once the creation is successful.

 

15. When the user runs with standard user permissions: (not very understandable, to be supplemented)

16. Automatically elevation of process permissions:

You can use the following three methods to automatically elevate user permissions:

1. embed the inventory file (rt_manifest) into the executable file, and the system will automatically check the valid fields in the inventory file.

Second: Save the list in the directory of the executable file at the same level. The suffix is. manifest.

Third: manually in the executable file attributes, the following compatibility can be set.

 

17. Manually escalate the process permissions:

You can set it through the shellexecuteex function.

18. Current permission context:

Here, the getprocesselevation function can return the lifting type and a bool value indicating whether the process is running as an administrator.

19. Enumeration of processes in the system:

Several functions can be used to enumerate running processes:

First, the Windows NT Development Team developed the enumprocesses function, which is included in psapi. dll.

2. process32first and process32next functions in the toolhelp API.

20. Sample Process Information Program