Creating Processes Using win32

When Windows creates a process it calls the CreateProcess() API. The CreateProcess() function does the work of instantiating a process object in the object manager subsystem.

The CreateProcess() call creates a new process and its primary thread. The function has a whopping 10 parameters, although many of them accept NULL for arguments.

The first two arguments to CreateProcess() are pointers to strings, lpApplicationName and lpCommandLine.The first argument can be NULL, as long as we specify the executable we wish to run in the second argument, lpCommandLine.

The third and fourth arguments are both pointers to SECURITY_ATTRIBUTES structures. We will pass in NULL for these parameters. The fifth argument is a Boolean value that indicates whether the new process inherits handles from the calling process. We will put FALSE in for this parameter.

The sixth argument, dwCreationFlags, specifies additional flags that control the priority class and the creation of the process. For now, let’s put in 0, indicating no flags.

We will pass NULL for the seventh and eighth arguments. The seventh argument is a pointer to the environment block for the new process. For this parameter we will pass NULL, which makes the new process inherit the environment of the calling process. The eighth argument is supposed to be the full path to the current directory for the process we are creating. We will use NULL for this parameter, which means the process will have the same current directory as the calling process.

The final two parameters are important. The ninth parameter is a pointer to a STARTUPINFO structure. The STARTUPINFO structure has a member, cb, that is a DWORD that indicates the size of the structure in bytes. The final parameter is a pointer to a PROCESS_INFORMATION structure that stores information about the new process.

#include <Windows.h>
#include <stdio.h>

int _tmain(void)
{
	STARTUPINFO structSi;
	PROCESS_INFORMATION structPi;

	memset(&structSi, 0, sizeof(structSi));
	structSi.cb = sizeof(structSi);
	memset(&structPi, 0, sizeof(structPi));

	if(!CreateProcess(
		NULL,
		"notepad.exe",
		NULL, //process handle (not inheritable)
		NULL,//thread handle (not inheritable)
		FALSE,//handle inheritance set to FALSE
		0, // no creation flags
		NULL, //use parent's environment block
		NULL, //use parent's starting directory
		&structSi,
		&structPi)
		){
			printf("Problem creating new process.\n");
			return 1;
	}

	return 0;
}

Remember, the final parameter to CreateProcess() is the return buffer for handles and IDs of the new process object and its main thread.

The dwCreationFlags parameter, the sixth parameter, indicates what behavior the system should give to the new process. An often-used flag is CREATE_SUSPENDED, which tells the main thread in the new process to suspend immediately. Another frequently used flag is CREATE_NEW_CONSOLE, which tells the new process to start its own console window rather than use the parent’s.

#include <Windows.h>
#include <stdio.h>

int _tmain(void)
{
	STARTUPINFO structStartInfo;
	ZeroMemory(&structStartInfo, sizeof(structStartInfo));
	structStartInfo.cb = sizeof(structStartInfo);

	PROCESS_INFORMATION structProcInfo;
	ZeroMemory(&structProcInfo, sizeof(structProcInfo));

	BOOL bOK;

	bOK = CreateProcess(
		NULL,
		"cmd.exe",
		NULL, //default security for process
		NULL, //default security for thread
		FALSE, //don't inherit the handle,
		CREATE_NEW_CONSOLE, //create new console
		NULL, //new environment
		NULL, //current directory
		&structStartInfo,
		&structProcInfo);

	if(bOK){
		printf("Process created successfully.\n");
		printf("Process has ID %u.\n", structProcInfo.dwProcessId);
	}

	return 0;
}

Note that creating a new process object also creates its main thread.

The WaitForSingleObject() function takes two arguments. The first argument is the handle of an object to wait for. The second argument is the time-out interval in milliseconds; we can pass INFINITE as the second argument, so that the function’s time-out interval never lapses. The WaitForSingleObject() function returns when either the specified object is in the signaled state, or the time out interval elapses. A process object’s state is signaled when the process terminates.

#include 
#include 

int _tmain(void)
{
	STARTUPINFO structSInfo;
	PROCESS_INFORMATION structPInfo;
	HANDLE hProcess;

	memset(&structSInfo, 0, sizeof(structSInfo));
	structSInfo.cb = sizeof(structSInfo);

	memset(&structPInfo, 0, sizeof(structPInfo));

	if(!CreateProcess(NULL, "mspaint.exe", NULL, NULL, FALSE, 0, NULL, NULL, &structSInfo, &structPInfo)){
		printf("Process failed.\n");
		return 1;
	} else {
		printf("Process created with PID %u.\n", structPInfo.dwProcessId);
	}

	if(WaitForSingleObject(structPInfo.hProcess, INFINITE)==STATUS_WAIT_0){
		printf("Process %u ended.\n", structPInfo.dwProcessId);
	}
	
	return 0;
}

Note that a process ID is not the same thing as a process handle. We cannot directly manipulate a process from outside the process unless we have the handle.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s