The Windows Processes and Threads 11

 

 

 

 

 

Setting Window Properties Using STARTUPINFO

 

A parent process can specify properties associated with the main window of its child process. The CreateProcess() function takes a pointer to a STARTUPINFO structure as one of its parameters. Use the members of this structure to specify characteristics of the child process's main window. The dwFlags member contains a bit field that determines which other members of the structure are used. This allows you to specify values for any subset of the window properties. The system uses default values for the properties you do not specify. The dwFlags member can also force a feedback cursor to be displayed during the initialization of the new process. For GUI processes, the STARTUPINFO structure specifies the default values to be used the first time the new process calls the CreateWindow() and ShowWindow() functions to create and display an overlapped window. The following default values can be specified:

 

  1. The width and height, in pixels, of the window created by CreateWindow().
  2. The location, in screen coordinates of the window created by CreateWindow().
  3. The nCmdShow parameter of ShowWindow().

 

For console processes, use the STARTUPINFO structure to specify window properties only when creating a new console (either using CreateProcess() with CREATE_NEW_CONSOLE or with the AllocConsole() function). The STARTUPINFO structure can be used to specify the following console window properties:

 

  1. The size of the new console window, in character cells.
  2. The location of the new console window, in screen coordinates.
  3. The size, in character cells, of the new console's screen buffer.
  4. The text and background color attributes of the new console's screen buffer.
  5. The title of the new console's window.

 

Process Handles and Identifiers

 

When a new process is created by the CreateProcess() function, handles of the new process and its primary thread are returned. These handles are created with full access rights, and subject to security access checking, can be used in any of the functions that accept thread or process handles. These handles can be inherited by child processes, depending on the inheritance flag specified when they are created. The handles are valid until closed, even after the process or thread they represent has been terminated. The CreateProcess() function also returns an identifier that uniquely identifies the process throughout the system. A process can use the GetCurrentProcessId() function to get its own process identifier (also known as the process ID or PID). The identifier is valid from the time the process is created until the process has been terminated. A process can use the Process32First() function to obtain the process identifier of its parent process.

If you have a process identifier, you can get the process handle by calling the OpenProcess() function. OpenProcess() enables you to specify the handle's access rights and whether it can be inherited. A process can use the GetCurrentProcess() function to retrieve a pseudo handle to its own process object. This pseudo handle is valid only for the calling process; it cannot be inherited or duplicated for use by other processes. To get the real handle to the process, call the DuplicateHandle() function.

 

Process Enumeration

 

All users have read access to the list of processes in the system and there are a number of different functions that enumerate the active processes. The function you should use will depend on factors such as desired platform support. The following functions are used to enumerate processes.

 

Function

Description

EnumProcesses()

Retrieves the process identifier for each process object in the system.

Process32First()

Retrieves information about the first process encountered in a system snapshot.

Process32Next()

Retrieves information about the next process recorded in a system snapshot.

WTSEnumerateProcesses()

Retrieves information about the active processes on the specified terminal server.

 

The toolhelp functions and EnumProcesses() enumerate all process. To list the processes that are running in a specific user account, use WTSEnumerateProcesses() and filter on the user SID. You can filter on the session ID to hide processes running in other terminal server sessions. You can also filter processes by user account, regardless of the enumeration function, by calling OpenProcess(), OpenProcessToken(), and GetTokenInformation() with TokenUser. However, you cannot open a process that is protected by a security descriptor unless you have been granted access.

 

Obtaining Additional Process Information

 

There are a variety of functions for obtaining information about processes. Some of these functions can be used only for the calling process, because they do not take a process handle as a parameter. You can use functions that take a process handle to obtain information about other processes.

 

  1. To obtain the command-line string for the current process, use the GetCommandLine() function.
  2. To retrieve the STARTUPINFO structure specified when the current process was created, use the GetStartupInfo() function.
  3. To obtain the version information from the executable header, use the GetProcessVersion() function.
  4. To obtain the full path and file name for the executable file containing the process code, use the GetModuleFileName() function.
  5. To obtain the count of handles to graphical user interface (GUI) objects in use, use the GetGuiResources() function.
  6. To determine whether a process is being debugged, use the IsDebuggerPresent() function.
  7. To retrieve accounting information for all I/O operations performed by the process, use the GetProcessIoCounters() function.

 

 

 

< Processes & Threads 10 | Win32 Process & Thread Programming | Win32 Programming | Processes & Threads 12 >