Process Management Functions

This section details the Windows API functions used for creating, managing, and terminating processes.

Creating Processes

The primary function for creating a new process is CreateProcess. It allows for fine-grained control over the new process's environment, security, and startup behavior.

CreateProcess

Syntax:

BOOL CreateProcess(
  LPCTSTR               lpApplicationName,
  LPTSTR                lpCommandLine,
  LPSECURITY_ATTRIBUTES lpProcessAttributes,
  LPSECURITY_ATTRIBUTES lpThreadAttributes,
  BOOL                  bInheritHandles,
  DWORD                 dwCreationFlags,
  LPVOID                lpEnvironment,
  LPCTSTR               lpCurrentDirectory,
  LPSTARTUPINFO         lpStartupInfo,
  LPPROCESS_INFORMATION lpProcessInformation
);

Parameters:

  • lpApplicationName: The name of the module to be executed.
  • lpCommandLine: The command line for the executable.
  • lpProcessAttributes: Security attributes for the process.
  • lpThreadAttributes: Security attributes for the primary thread.
  • bInheritHandles: Whether to inherit handles.
  • dwCreationFlags: Flags that control the creation process.
  • lpEnvironment: Environment block for the new process.
  • lpCurrentDirectory: Current directory for the new process.
  • lpStartupInfo: Startup information for the new process.
  • lpProcessInformation: Receives information about the new process and its primary thread.

Return Value: Nonzero if the function succeeds, zero otherwise.

See Also: CreateProcessAsUser, CreateProcessWithLogonW

Process Information and Handles

After a process is created, you often need to work with its handles and identifiers. Functions like OpenProcess allow you to obtain handles to existing processes.

OpenProcess

Syntax:

HANDLE OpenProcess(
  DWORD               dwDesiredAccess,
  BOOL                bInheritHandle,
  DWORD               dwProcessId
);

Parameters:

  • dwDesiredAccess: The access to the process object.
  • bInheritHandle: Whether the handle is inheritable.
  • dwProcessId: The identifier of the process to be opened.

Return Value: A handle to the specified process if successful, or NULL otherwise.

See Also: CloseHandle, GetCurrentProcess

Terminating Processes

To terminate a process, you can use the TerminateProcess function. This function forcefully stops a process.

TerminateProcess

Syntax:

BOOL TerminateProcess(
  HANDLE hProcess,
  UINT   uExitCode
);

Parameters:

  • hProcess: A handle to the process to be terminated.
  • uExitCode: The exit code for the process.

Return Value: Nonzero if the function succeeds, zero otherwise.

Caution: Use this function with extreme care, as it does not allow the target process to perform cleanup operations.

Process Exit Codes

You can retrieve the exit code of a process using GetExitCodeProcess.

GetExitCodeProcess

Syntax:

BOOL GetExitCodeProcess(
  HANDLE  hProcess,
  LPDWORD lpExitCode
);

Parameters:

  • hProcess: A handle to the process.
  • lpExitCode: A pointer to a variable that receives the exit code.

Return Value: Nonzero if the function succeeds, zero otherwise.