滴水 2.28 进程创建 终止 继承
一、进程的创建过程:
当系统启动后,创建一个进程:Explorer.exe 也就是桌面进程.
当用户双击某一个EXE时,Explorer 进程使用CreateProcess函数创建被双击的EXE,也就是说,我们在桌面上双击创建的进程都是Explorer进程的子进程.
父进程挂了 子进程不会挂 进程不能单独创建
2.CreateProcess 创建进程过程
3.CreateProcess实操-参数介绍
用自己写的软件 创建进程
第一个参数传递
#include "stdafx.h"
#include <windows.h>
VOID TestCreateProcessByAPPName()
{
STARTUPINFO si = {0};
PROCESS_INFORMATION pi;
si.cb = sizeof(si);
TCHAR szApplicationName[] =TEXT("C:\\Program Files\\PCHunter32.exe");
BOOL res = CreateProcess(
szApplicationName,
NULL,
NULL,
NULL,
FALSE,
CREATE_NEW_CONSOLE,
NULL,
NULL, &si, &pi);
}
参数2打开
#include "stdafx.h"
#include <windows.h>
VOID TestCreateProcessByCmdline()
{
STARTUPINFO si = {0};
PROCESS_INFORMATION pi;
si.cb = sizeof(si);
TCHAR szCmdline[] =TEXT("C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\360Chrome\\Chrome\\Application\\360chrome.exe http://www.ifeng.com");
BOOL res = CreateProcess(
NULL,
szCmdline,
NULL,
NULL,
FALSE,
CREATE_NEW_CONSOLE,
NULL,
NULL, &si, &pi);
}
参数1 参数2 合并打开
VOID TestCreateProcess()
{
STARTUPINFO si = {0};
PROCESS_INFORMATION pi;
si.cb = sizeof(si);
TCHAR szCmdline[] =TEXT(" http://www.ifeng.com");
BOOL res = CreateProcess(
TEXT("c://program files//internet explorer//iexplore.exe"),
szCmdline,
NULL,
NULL,
FALSE,
CREATE_NEW_CONSOLE,
NULL,
NULL, &si, &pi);
}
ppiProcInfo指向一个PROCESS_INFORMATION,该结构体包含新创建的进程和线程内核对象的句柄以及id
3.句柄和ID--进程销毁
4.句柄继承
进程1
// ZZZZ.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
#include <stdio.h>
#include <windows.h>
VOID TestCreateProcessByCmdline()
{
char szBuffer[256] = {0};
char szHandle[8] = {0};
//若要创建能继承的句柄,父进程必须指定一个SECURITY_ATTRIBUTES结构并对它进行初始化
//三个成员的意义:大小、默认安全属性、是否可以继承
SECURITY_ATTRIBUTES sa;
sa.nLength = sizeof(sa);
sa.lpSecurityDescriptor = NULL;
sa.bInheritHandle = TRUE;
//创建一个可以被继承的内核对象
HANDLE g_hEvent = CreateEvent(&sa, TRUE, FALSE, NULL);
//组织命令行参数
sprintf(szHandle,"%x",g_hEvent);
sprintf(szBuffer,"C:/z2.exe %s",szHandle);
//定义创建进程需要用的结构体
STARTUPINFO si = {0};
PROCESS_INFORMATION pi;
si.cb = sizeof(si);
BOOL res = CreateProcess(
NULL,
szBuffer,
NULL,
NULL,
TRUE,
CREATE_NEW_CONSOLE,
NULL,
NULL, &si, &pi);
//设置事件为已通知
SetEvent(g_hEvent);
//关闭句柄 内核对象是否会被销毁?
CloseHandle(g_hEvent);
}
int main(int argc, char* argv[])
{
TestCreateProcessByCmdline();
printf("Hello World!\n");
getchar();
return 0;
}
进程2
| char szBuffer[256] = {0}; |
| ---------------------------------------- |
| memcpy(szBuffer,argv[1],8); |
| |
| DWORD dwHandle = 0; |
| |
| sscanf(szBuffer,"%x",&dwHandle); |
| |
| printf("%s\n",argv[0]); |
| |
| printf("%x\n",dwHandle); |
| |
| HANDLE g_hEvent = (HANDLE)dwHandle; |
| |
| |
| printf("开始等待.....\n"); |
| //当事件变成已通知时 |
| WaitForSingleObject(g_hEvent, INFINITE); |
| |
| DWORD dwCode = GetLastError(); |
| |
| printf("等到消息.....%x\n",dwCode); |
| |
| getchar(); |
本文来自博客园,作者:逆向狗,转载请注明原文链接:https://www.cnblogs.com/Agtw/p/17163376.html
浙公网安备 33010602011771号