Processes
This section provides information about managing processes in Windows. Processes are instances of running programs, each with its own memory space, resources, and execution context.
Key Concepts
- Process Creation: How to create new processes using functions like
CreateProcess. - Process Information: Retrieving details about running processes, such as their IDs, names, and status.
- Process Termination: Gracefully or forcefully ending processes.
- Inter-Process Communication (IPC): Mechanisms for processes to communicate with each other.
- Process Security and Permissions: Understanding access rights and privileges associated with processes.
Core Functions
Process Creation
The primary function for creating a new process is CreateProcess. It allows you to specify the executable image, command-line arguments, environment, security attributes, and handles for the new process and its primary thread.
BOOL CreateProcess(
LPCSTR lpApplicationName,
LPSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCSTR lpCurrentDirectory,
LPSTARTUPINFOA lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation
);
Refer to the CreateProcess documentation for detailed parameter descriptions and usage examples.
Process Management
GetCurrentProcessId: Retrieves the process identifier of the calling process.GetCurrentProcess: Returns a pseudo-handle for the current process.TerminateProcess: Terminates the specified process and any threads in it.EnumProcesses: Enumerates the processes that are currently running on the local computer.
Process Information Structures
Various structures are used to hold information about processes:
PROCESS_INFORMATION: Contains information about the newly created process.STARTUPINFO: Specifies the window station, standard handles, and visual properties of the process's main thread.