Win32 Processes API Reference
This document provides detailed information on the Win32 API functions related to process management in Windows. Processes are fundamental units of execution within the operating system.
Core Concepts
A process is an instance of a running program. It comprises:
- An address space (virtual memory).
- One or more threads, which are the sequences of instructions executed within the process.
- System resources such as handles to objects (files, devices, etc.).
- Security context.
Key Functions
Process Creation
CreateProcess
Creates a new process and its primary thread. The new process runs in the same 32-bit or 64-bit virtual address space as the calling process.
Syntax: BOOL CreateProcess(LPCTSTR lpApplicationName, LPTSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCTSTR lpCurrentDirectory, LPSTARTUPINFO lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation);
Return Value: Nonzero if the function succeeds, zero otherwise. Call GetLastError for more information.
Parameters:
lpApplicationName: Name of the module to be executed.lpCommandLine: Command line string.lpProcessAttributes: Security attributes for the process.lpThreadAttributes: Security attributes for the primary thread.bInheritHandles: Whether the new process inherits handles.dwCreationFlags: Flags that control the priority class and the way the application is displayed.lpEnvironment: Environment block for the new process.lpCurrentDirectory: Current directory for the process.lpStartupInfo:STARTUPINFOstructure specifying window and console properties.lpProcessInformation:PROCESS_INFORMATIONstructure that receives identification.
Process Information
GetCurrentProcess
Returns a pseudo-handle for the current process. A pseudo-handle is a special constant that is equal to the actual handle of the process in which it is embedded.
Syntax: HANDLE GetCurrentProcess(void);
Return Value: The return value is a pseudo-handle for the current process.
GetCurrentProcessId
Returns the process identifier of the calling process.
Syntax: DWORD GetCurrentProcessId(void);
Return Value: The return value is the process identifier of the calling process.
Process Termination
ExitProcess
Terminates the calling process and all of its threads.
Syntax: VOID ExitProcess(_In_ UINT uExitCode);
Return Value: This function does not return.
Process Management
OpenProcess
Gets a handle to an existing local process object. This handle can be used to specify the process in calls to the process-manipulation functions.
Syntax: HANDLE OpenProcess(DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwProcessId);
Return Value: If the function succeeds, the return value is an open handle to the specified process. If the function fails, the return value is NULL.
TerminateProcess
Marks a process and all of its threads for termination. The calling process must have the appropriate access rights to the target process.
Syntax: BOOL TerminateProcess(HANDLE hProcess, UINT uExitCode);
Return Value: If the function succeeds, the return value is nonzero. If the function fails, the return value is zero.
Process Security and Access Rights
Processes have security descriptors that control access. Common access rights include:
PROCESS_QUERY_INFORMATION: Query process information.PROCESS_VM_OPERATION: Perform operations on the address space of the process.PROCESS_TERMINATE: Terminate the process.PROCESS_ALL_ACCESS: All available access rights.