Windows Kernel Documentation

Microsoft Developer Network

Process and Thread Functions

This section details the core functions used to manage processes and threads within the Windows operating system kernel. Understanding these functions is crucial for developing robust and efficient multithreaded applications.

Processes

A process is an instance of a running program. It comprises one or more threads, its own virtual address space, system resources (like file handles and network connections), and security context.

Threads

A thread is the basic unit of CPU utilization; it's a sequence of instructions within a process that can be executed independently. Threads within the same process share the process's resources.

Process Functions

The following are key kernel-level functions for managing processes:

CreateProcess (Win32 API)

Creates a new process and its primary thread to execute in the virtual address space of the new process.
BOOL CreateProcess(
  LPCTSTR               lpApplicationName,
  LPTSTR                lpCommandLine,
  LPSECURITY_ATTRIBUTES lpProcessAttributes,
  LPSECURITY_ATTRIBUTES lpThreadAttributes,
  BOOL                  bInheritHandles,
  DWORD                 dwCreationFlags,
  LPVOID                lpEnvironment,
  LPCTSTR               lpCurrentDirectory,
  LPSTARTUPINFO         lpStartupInfo,
  LPPROCESS_INFORMATION lpProcessInformation
);

OpenProcess (Win32 API)

Opens an existing local process object.
HANDLE OpenProcess(
  DWORD dwDesiredAccess,
  BOOL  bInheritHandle,
  DWORD dwProcessId
);

TerminateProcess (Win32 API)

Terminates the specified process and any threads that it owns.
BOOL TerminateProcess(
  HANDLE hProcess,
  UINT   uExitCode
);

GetProcessId (Win32 API)

Retrieves the identifier of the process that created the specified thread.
DWORD GetProcessId(
  HANDLE Process
);

Thread Functions

These functions manage the lifecycle and attributes of threads:

CreateThread (Win32 API)

Creates a thread to execute within the virtual address space of the calling process.
HANDLE CreateThread(
  LPSECURITY_ATTRIBUTES   lpThreadAttributes,
  SIZE_T                  dwStackSize,
  LPTHREAD_START_ROUTINE  lpStartAddress,
  LPVOID                  lpParameter,
  DWORD                   dwCreationFlags,
  LPDWORD                 lpThreadId
);

OpenThread (Win32 API)

Opens an existing thread object.
HANDLE OpenThread(
  DWORD dwDesiredAccess,
  BOOL  bInheritHandle,
  DWORD dwThreadId
);

TerminateThread (Win32 API)

Terminates the specified thread.
BOOL TerminateThread(
  HANDLE hThread,
  DWORD  dwExitCode
);

GetThreadId (Win32 API)

Retrieves the thread identifier of the specified thread.
DWORD GetThreadId(
  HANDLE Thread
);

Sleep (Win32 API)

Suspends the current thread for a specified interval.
VOID Sleep(
  DWORD dwMilliseconds
);

Synchronization Objects

To prevent race conditions and ensure data integrity in multithreaded environments, the kernel provides synchronization primitives:

  • Mutexes (Mutual Exclusion objects)
  • Semaphores
  • Events
  • Critical Sections (User-mode synchronization)

Context Switching

The Windows scheduler manages context switching between threads, saving the state of the current thread and loading the state of the next thread to be executed on a CPU core.