Microsoft Developer Network

MSDN / Documentation / Windows / Processes

Windows Documentation

Understanding Windows Processes

This section provides in-depth documentation on the concept of processes within the Microsoft Windows operating system. A process is an instance of a running program. Each process has its own virtual address space, system resources (such as file handles and registry keys), and security context.

Key Concepts

  • Process Object: The kernel object that represents a running process.
  • Address Space: The range of memory addresses that a process can access.
  • Threads: A unit of execution within a process. A process can have one or more threads.
  • Handles: References to kernel objects that a process can use to interact with the system.
  • Process Lifecycle: The stages a process goes through from creation to termination.
  • Inter-Process Communication (IPC): Mechanisms that allow different processes to communicate and share data.

Process Management APIs

The Windows API provides a rich set of functions for managing processes. These include:

  • Creating and terminating processes.
  • Querying process information (e.g., ID, priority, memory usage).
  • Setting process properties.
  • Managing process security.

Creating and Terminating Processes

The primary functions for creating a new process are CreateProcess and CreateProcessAsUser. Termination can be initiated via TerminateProcess or by the process itself calling ExitProcess.


HANDLE hProcess = NULL;
PROCESS_INFORMATION piProcInfo;
STARTUPINFO siStartInfo;

ZeroMemory(&siStartInfo, sizeof(siStartInfo));
siStartInfo.cb = sizeof(STARTUPINFO);

// Create the child process.
if (CreateProcess(
    NULL,               // Module name.
    "notepad.exe",      // Command line.
    NULL,               // Process handle not inheritable.
    NULL,               // Thread handle not inheritable.
    FALSE,              // Set handle inheritance to FALSE.
    0,                  // No creation flags.
    NULL,               // Use parent's environment block.
    NULL,               // Use parent's starting directory.
    &siStartInfo,       // Pointer to STARTUPINFO structure.
    &piProcInfo))       // Pointer to PROCESS_INFORMATION structure.
{
    // The process was created.
    printf("Process created successfully.\n");

    // Wait until child process exits.
    WaitForSingleObject(piProcInfo.hProcess, INFINITE);

    // Close process and thread handles.
    CloseHandle(piProcInfo.hProcess);
    CloseHandle(piProcInfo.hThread);
}
else
{
    printf("CreateProcess failed (%d).\n", GetLastError());
}

Process Information

You can retrieve detailed information about a process using functions like GetProcessId, GetExitCodeProcess, and by querying process performance data via performance counters or WMI.

Security and Privileges

Processes run with specific security contexts, defined by their associated access token. Understanding process privileges is crucial for developing secure applications.

Process State Transitions

Processes transition through various states during their execution, including:

  • Ready: The process is loaded and waiting to be dispatched to the CPU.
  • Running: The process is currently executing instructions.
  • Blocked: The process is waiting for an event, such as I/O completion or resource availability.
  • Terminated: The process has finished execution.

Advanced Topics

  • Process Affinity: Controlling which CPUs a process can run on.
  • Job Objects: Grouping processes for resource management and control.
  • Session 0 Isolation: Understanding the security boundary between services and user applications.