After creating a job, you will typically want to set up the sandbox (set restrictions) on what processes within the job can do. You can place several different types of restrictions on a job:
The basic limit and extended basic limit prevent processes within a job from monopolizing the system's resources.
Basic UI restrictions prevent processes within a job from altering the user interface.
Security limits prevent processes within a job from accessing secure resources (files, registry subkeys, and so on).
You place restrictions on a job by calling the following:
BOOL SetInformationJobObject( HANDLE hJob, JOBOBJECTINFOCLASS JobObjectInformationClass, PVOID pJobObjectInformation, DWORD cbJobObjectInformationSize);
有些作業系統不能直接調用CreateJobObject的,需要從Kernel32.dll中匯入:
//從動態連結程式庫匯出函數 CreateJobObject HINSTANCE hInstance = ::LoadLibrary("Kernel32.dll"); //載入動態連結程式庫typedef HANDLE (__stdcall* funCreateJobObject)(LPSECURITY_ATTRIBUTES lpJobAttributes,LPCTSTR lpName) ;funCreateJobObject CreateJobObject = (funCreateJobObject)GetProcAddress(hInstance,"CreateJobObjectA");HANDLE hJob = CreateJobObject(NULL,"ProcessGroup"); ::FreeLibrary(hInstance);
或者定義一個宏:
#define _WIN32_WINNT 0x0500
執行個體:
#define _WIN32_WINNT 0x0500 // 方法一#include <windows.h> #include <winbase.h>#include <iostream.h>#pragma comment(lib, "Kernel32.lib ") void main() {/* Windows NT: Requires version 5.0 or later. Windows: Unsupported. Windows CE: Unsupported. CreateJobObject [This is preliminary documentation and subject to change.] The CreateJobObject function creates a job object. HANDLE CreateJobObject( LPSECURITY_ATTRIBUTES lpJobAttributes, LPCTSTR lpName );所以要使用 CreateJobObject等函數,必須在Windows NT 5.0或以上,但是我們在Windows要想使用,就可以從動態連結程式庫中匯出或者在開頭定義 #define _WIN32_WINNT 0x0500 *///===============================================================================================================/* // 方法二 HANDLE hJob;HINSTANCE hInstance = ::LoadLibrary("Kernel32.dll"); //載入動態連結程式庫 //從動態連結程式庫匯出函數 CreateJobObjecttypedef HANDLE (__stdcall* funCreateJobObject)(LPSECURITY_ATTRIBUTES lpJobAttributes,LPCTSTR lpName) ;funCreateJobObject CreateJobObject = (funCreateJobObject)GetProcAddress(hInstance,"CreateJobObjectA");hJob = CreateJobObject(NULL,"ProcessGroup"); //從動態連結程式庫匯出函數 SetInformationJobObject typedef BOOL (__stdcall * funSetInformationJobObject)(HANDLE hJob, // handle to jobJOBOBJECTINFOCLASS JobObjectInfoClass, // information classLPVOID lpJobObjectInfo, // limit informationDWORD cbJobObjectInfoLength // size of limit information );funSetInformationJobObject SetInformationJobObject = (funSetInformationJobObject)GetProcAddress(hInstance,"SetInformationJobObjectA");//從動態連結程式庫匯出函數 AssignProcessToJobObjecttypedef BOOL (__stdcall *funAssignProcessToJobObject)( HANDLE hJob, // handle to job HANDLE hProcess // handle to process );funAssignProcessToJobObject AssignProcessToJobObject = (funAssignProcessToJobObject)GetProcAddress(hInstance,"AssignProcessToJobObjectA");typedef BOOL (__stdcall *funOpenJobObjectToken)(HANDLE hJob,ACCESS_MASK DesiredAccess,HANDLE *phToken); funOpenJobObjectToken OpenJobObjectToken=(funOpenJobObjectToken)GetProcAddress(hInstance,"OpenJobObjectTokenA"); ::FreeLibrary(hInstance);*///===================================================================================================HANDLE hJob=CreateJobObject(NULL,"Global\\My_Job_ago"); if(hJob==NULL){cout<<"CreateJobObject Error !\nError Code is"<<GetLastError()<<endl;}JOBOBJECT_SECURITY_LIMIT_INFORMATION jobsec={0};jobsec.SecurityLimitFlags =JOB_OBJECT_SECURITY_RESTRICTED_TOKEN;jobsec.PrivilegesToDelete=NULL;jobsec.RestrictedSids=NULL;jobsec.SidsToDisable=NULL;BOOL ret=SetInformationJobObject(hJob, JobObjectSecurityLimitInformation, \ &jobsec, \ sizeof(JOBOBJECT_SECURITY_LIMIT_INFORMATION)); \//===============================================================================================================STARTUPINFO si={sizeof(STARTUPINFO)};PROCESS_INFORMATION pi={0};BOOL bret=CreateProcess(NULL,"notepad test.txt",NULL,NULL,FALSE,CREATE_SUSPENDED,NULL,NULL,&si,π);AssignProcessToJobObject(hJob,pi.hProcess); Sleep(1000);ResumeThread(pi.hThread);CloseHandle(pi.hThread);WaitForSingleObject(pi.hProcess,INFINITE);CloseHandle(pi.hProcess);CloseHandle(hJob);}
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
