Windows provides a job kernel object that allows you to combine processes and create a "sandbox" to limit what processes can do. it is best to think of a job object as a process container. however, even if the job contains only one process, it is also very useful because it can impose a limit that is not commonly applied to the process.
1, Createjobobject
Function: Create a new job Kernel Object (if the job already exists, a handle pointing to the job is returned)
Function Definition:
Handle winapi createjobobject (
_ In lpsecurity_attributes lpjobattributes,
_ In lpctstr lpname
);
_ In lpsecurity_attributes lpjobattributes security descriptor for job Modification
_ In lpctstr lpname: Job name
2, Openjobobject
Function: open a job kernel object.
Function Definition:
Handle winapi openjobobject (
_ In DWORD dwdesiredaccess,
_ In bool binherithandles,
_ In lpctstr lpname
);
_ In DWORD dwdesiredaccess: permission to access the job
_ In bool binherithandles indicates whether the job can be inherited by quilt processes.
_ In lpctstr lpname: Job Object Name
3, Isprocessinjob
Function: verify whether a process exists in a job.
Function Definition:
Bool winapi isprocessinjob (
_ In handle processhandle,
_ In handle jobhandle,
_ Out pbool result
);
_ In handle processhandle handle of the tested process
_ In handle jobhandle job handle. If it is null, test whether the process exists in any job.
_ Out pbool result stores the pointer of the test result
4, Setinformationjobobject
Function: adds various restrictions to a job.
Function Definition:
Bool winapi setinformationjobobject (
_ In handle hjob,
_ In jobobjectinfoclass,
_ In lpvoid lpjobobjectinfo,
_ In DWORD cbjobobjectinfolength
);
_ In handle hjob identifies the job to be restricted
_ In jobobjectinfoclass Enumeration type, used to specify the type of restriction to be used
_ In lpvoid lpjobobjectinfo: Address of the data structure containing the restriction setting value
_ In DWORD cbjobobjectinfolength indicates the size of the third parameter.
Restriction type |
Value of the second parameter |
Structure of the third parameter |
Basic limits |
Jobobjectbasiclimitinformation |
Jobobject_basic_limit_information |
Extended basic limits |
Jobobjectextendedlimitinformation |
Jobobject_extended_limit_information |
Basic UI restrictions |
Jobobjectbasicuirestrictions |
Jobobject_basic_ui_restrictions |
Security restrictions |
Jobobjectsecuritylimitinformation |
Jobobject_security_limit_information |
Connection completion port limit |
Jobobjectassociatecompletionportinformation |
Jobobject_associate_completion_port |
5. queryinformationjobobject
Function: Query job object information.
Function Definition:
Bool winapi queryinformationjobobject (
_ In handle hjob,
_ In jobobjectinfoclass,
_ Out lpvoid lpjobobjectinfo,
_ In DWORD cbjobobjectinfolength,
_ Out lpdword lpreturnlength
);
_ In handle hjob identifies the job to be queried
_ In jobobjectinfoclass Enumeration type, used to specify the type of restriction to be used
_ Out lpvoid lpjobobjectinfo address of the data structure containing the limit value
_ In DWORD cbjobobjectinfolength indicates the size of the third parameter.
_ Out lpdword lpreturnlength indicates the number of bytes in the cache. If you want to, you can (and usually) pass n u L for this parameter.
The third and fourth parameters have the same relationship with setinformationjobobject.
6,Assignprocesstojobobject
Function: adds a process to a job.
Function Definition:
Bool winapi assignprocesstojobobject (
_ In handle hjob,
_ In handle hprocess
);
_ In handle hjob stores the job of the process
_ In handle hprocess
7,Terminatejobobject
Function: kills all processes in a job.
Function Definition:
Bool winapi terminatejobobject (
_ In handle hjob,
_ In uint uexitcode
);
_ In handle hjob
_ In uint uexitcode exit code for all processes