==================hook Hook =========================
Can be used to hook off the system's calls to certain functions.
================== terminating the system process =====================
4 Ways to terminate:
1, the main thread of the entry function returned
2, a thread in the process calls the ExitProcess function, can only end the current process, cannot be used to end other processes.
3. All threads in the process are finished
4. One thread in the other process called the TerminateProcess function
The TerminateProcess function terminates the specified process and all its threads.
BOOL TerminateProcess (
HANDLE hprocess,//Process Handle
UINT Uexitcode//Process Termination code
);
The OpenProcess function is used to open an existing process object and return a handle to the process.
HANDLE OpenProcess (
DWORD dwdesiredaccess,//Gain access (flag), can say process_all_access,process_query_information etc.
BOOL bInheritHandle,//whether the handle is inherited
DWORD dwprocessid//Process Identifier
);
================== getting the system process =====================
Get system process: toolhelp function and enumprocess function
PROCESSENTRY32 pe32;
HANDLE Hprocesssnap =:: CreateToolhelp32Snapshot (th32cs_snapprocess,0); System processes take snapshots, return values as formal parameters to Process32First and Process32Next
BOOL bmore=::P rocess32first (HPROCESSSNAP,&PE32)
Bmore =::P rocess32next (HPROCESSSNAP,&PE32)
CloseHandle (HPROCESSSNAP);
The TOOLHELP function is not the only way to get system process information, you can also use the Enumprocess function.
Th32cs_snapheaplist//enum TH32PROCESSID parameter specifies the heap in the process
Th32cs_snapmodule//Enumerate modules in the process specified by the TH32PROCESSID parameter
Th32cs_snapprocess//Enumerates system-wide processes at which time the Th32processid parameter is ignored
Th32cs_snapthread//Enumerate system-wide threads at which time the Th32processid parameter is ignored
HANDLE WINAPI CreateToolhelp32Snapshot (
DWORD dwFlags,//used to specify the object to be returned in the snapshot, which can be th32cs_snapprocess, etc.
DWORD TH32PROCESSID//A process ID number that specifies the snapshot of which process to get, which can be set to 0 when getting a list of system processes or getting a snapshot of the current process
);
typedef struct TAGPROCESSENTRY32
{
DWORD dwsize; The length of the structure must be pre-set
DWORD Cntusage; Reference count of the process
DWORD Th32processid; ID of the process
ULONG_PTR Th32defaultheapid; ID of the process default heap
DWORD Th32moduleid; ID of the process module
DWORD cntthreads; Number of threads created by the process
DWORD Th32parentprocessid; The parent thread ID of the process
LONG pcpriclassbase; The basic priority of the thread created by the process
DWORD DwFlags; Internal use
TCHAR Szexefile[max_path]; Executable file name for the process
} PROCESSENTRY32, *pprocessentry32;
================== application Start-up process =====================
The application startup process is the process creation process, calling the CreateProcess function to create the process
When a new process is created, a variable of type startupinfo is specified for the new process, which contains some display information that the parent process passes to the child process.
A process can call the Getstartupinfo function to get the STARTUPINFO structure that the parent process uses when creating itself. For example:
VOID Getstartupinfo (Lpstartupinfo lpstarupinfo);//Gets the STARTUPINFO structure specified when the current process is created
Initializes the size of the STARTUPINFO structure, for example:
Startupinfo si = {sizeof (SI)}; Initializes the CB member to sizeof (SI), and the other member is initialized to 0
:: Getstartupinfo (&SI);
Si.dwflags = Startf_useshowwindow; Specifies that the Wshowwindow member is valid
Si.wshowwindow = TRUE; If this member is set to Ture, the main window of the new process is displayed, false to not display
CloseHandle (Pi.hthread); The thread handle needs to be closed after creation
CloseHandle (pi.hprocess); Process handle needs to be closed after creation
Because the version of Windows needs to be compatible with older versions, Windows needs to determine the number of its members through the size of the struct
The STARTUPINFO structure is used to specify the main window properties of the new process
typedef struct _STARTUPINFO {
DWORD CB;
LPTSTR lpreserved;
LPTSTR LpDesktop;
LPTSTR Lptitle;
DWORD DwX;
DWORD DwY;
DWORD dwxsize;
DWORD dwysize;
DWORD Dwxcountchars;
DWORD Dwycountchars;
DWORD Dwfillattribute;
DWORD DwFlags;
WORD Wshowwindow;
WORD CbReserved2;
Lpbyte LpReserved2;
HANDLE hStdInput;
HANDLE Hstdoutput;
HANDLE Hstderror;
} startupinfo, *lpstartupinfo;
BOOL CreateProcess
(
LPCTSTR Lpapplicationname,
LPTSTR lpCommandLine,
Lpsecurity_attributes lpprocessattributes.
Lpsecurity_attributes Lpthreadattributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID Lpenvironment,
LPCTSTR Lpcurrentdirectory,
Lpstartupinfo Lpstartupinfo,
Lpprocess_informationlpprocessinformation
);
Related data structures when creating a process
typedef struct _process_information{
HANDLE hprocess; Kernel handle for newly created process
HANDLE Hthread; Kernel handle of the main thread in the newly created process
DWORD Dwprocessid; ID of the newly created process
DWORD dwThreadID; The main thread ID of the newly created process
}process_information,*lpprocess_information;
========================== other ===============================
Before the API function, add:: Symbol, indicating that this is a global function to distinguish it from the member functions of C + + classes
Move the cursor to the API function, press F1 to open the MSDN documentation
============================= Code Style =======================
G_ prefixes represent global variables
M_ prefixes represent member variables of a class
B_ prefix denotes bool type
N_ prefix denotes integral type
The P_ prefix represents the pointer
The LP_ prefix represents the long pointer
============================= Creating Threads =======================
CreateThread
============================= dialog Box =========================
The MessageBox displays a dialog box of the specified style, judging by whether the return value is click OK or cancel or something else.
//============================================================
Win32 API Note 1