Home > Articles > Programming > Windows Programming

  • Print
  • + Share This
This chapter is from the book

Process Creation

The fundamental Windows process management function is CreateProcess, which creates a process with a single thread. Specify the name of an executable program file as part of the CreateProcess call.

It is common to speak of parent and child processes, but Windows does not actually maintain these relationships. It is simply convenient to refer to the process that creates a child process as the parent.

CreateProcess has 10 parameters to support its flexibility and power. Initially, it is simplest to use default values. Just as with CreateFile, it is appropriate to explain all the CreateProcess parameters. Related functions are then easier to understand.

Note first that the function does not return a HANDLE; rather, two separate handles, one each for the process and the thread, are returned in a structure specified in the call. CreateProcess creates a new process with a single primary thread (which might create additional threads). The example programs are always very careful to close both of these handles when they are no longer needed in order to avoid resource leaks; a common defect is to neglect to close the thread handle. Closing a thread handle, for instance, does not terminate the thread; the CloseHandle function only deletes the reference to the thread within the process that called CreateProcess.

BOOL CreateProcess (
   LPCTSTR lpApplicationName,
   LPTSTR lpCommandLine,
   LPSECURITY_ATTRIBUTES lpsaProcess,
   LPSECURITY_ATTRIBUTES lpsaThread,
   BOOL bInheritHandles,
   DWORD dwCreationFlags,
   LPVOID lpEnvironment,
   LPCTSTR lpCurDir,
   LPSTARTUPINFO lpStartupInfo,
   LPPROCESS_INFORMATION lpProcInfo)

Return: TRUE only if the process and thread are successfully created.

Parameters

Some parameters require extensive explanations in the following sections, and many are illustrated in the program examples.

lpApplicationName and lpCommandLine (this is an LPTSTR and not an LPCTSTR) together specify the executable program and the command line arguments, as explained in the next section.

lpsaProcess and lpsaThread point to the process and thread security attribute structures. NULL values imply default security and will be used until Chapter 15, which covers Windows security.

bInheritHandles indicates whether the new process inherits copies of the calling process's inheritable open handles (files, mappings, and so on). Inherited handles have the same attributes as the originals and are discussed in detail in a later section.

dwCreationFlags combines several flags, including the following.

  • CREATE_SUSPENDED indicates that the primary thread is in a suspended state and will run only when the program calls ResumeThread.
  • DETACHED_PROCESS and CREATE_NEW_CONSOLE are mutually exclusive; don't set both. The first flag creates a process without a console, and the second flag gives the new process a console of its own. If neither flag is set, the process inherits the parent's console.
  • CREATE_UNICODE_ENVIRONMENT should be set if UNICODE is defined.
  • CREATE_NEW_PROCESS_GROUP specifies that the new process is the root of a new process group. All processes in a group receive a console control signal (Ctrl-c or Ctrl-break) if they all share the same console. Console control handlers were described in Chapter 4 and illustrated in Program 4-5. These process groups have limited similarities to UNIX process groups and are described later in the "Generating Console Control Events" section.

Several of the flags control the priority of the new process's threads. The possible values are explained in more detail at the end of Chapter 7. For now, just use the parent's priority (specify nothing) or NORMAL_PRIORITY_CLASS.

lpEnvironment points to an environment block for the new process. If NULL, the process uses the parent's environment. The environment block contains name and value strings, such as the search path.

lpCurDir specifies the drive and directory for the new process. If NULL, the parent's working directory is used.

lpStartupInfo is complex and specifies the main window appearance and standard device handles for the new process. We'll use two principal techniques to set the start up information. Programs 6-1, 6-2, 6-3, and others show the proper sequence of operations, which can be confusing.

  • Use the parent's information, which is obtained from GetStartupInfo.
  • First, clear the associated STARTUPINFO structure before calling CreateProcess, and then specify the standard input, output, and error handles by setting the STARTUPINFO standard handler fields (hStdInput, hStdOutput, and hStdError). For this to be effective, also set another STARTUPINFO member, dwFlags, to STARTF_USESTDHANDLES, and set all the handles that the child process will require. Be certain that the handles are inheritable and that the CreateProcess bInheritHandles flag is set. The "Inheritable Handles" subsection gives more information.

Program 6-1. grepMP: Parallel Searching

/* Chapter 6. grepMP. */
/* Multiple process version of grep command. */

#include "Everything.h"
int _tmain (DWORD argc, LPTSTR argv[])
/* Create a separate process to search each file on the
   command line. Each process is given a temporary file,
   in the current directory, to receive the results. */
{
   HANDLE hTempFile;
   SECURITY_ATTRIBUTES stdOutSA = /* SA for inheritable handle. */
          {sizeof (SECURITY_ATTRIBUTES), NULL, TRUE};
   TCHAR commandLine[MAX_PATH + 100];
   STARTUPINFO startUpSearch, startUp;
   PROCESS_INFORMATION processInfo;
   DWORD iProc, exitCode, dwCreationFlags = 0;
   HANDLE *hProc; /* Pointer to an array of proc handles. */
   typedef struct {TCHAR tempFile[MAX_PATH];} PROCFILE;
   PROCFILE *procFile; /* Pointer to array of temp file names. */

   GetStartupInfo (&startUpSearch);
   GetStartupInfo (&startUp);
   procFile = malloc ((argc - 2) * sizeof (PROCFILE));
   hProc = malloc ((argc - 2) * sizeof (HANDLE));

   /* Create a separate "grep" process for each file. */
   for (iProc = 0; iProc < argc - 2; iProc++) {
      _stprintf (commandLine, _T ("grep \"%s\" \"%s\""),
             argv[1], argv[iProc + 2]);
      GetTempFileName (_T ("."), _T ("gtm"), 0,
             procFile[iProc].tempFile); /* For search results. */
      hTempFile = /* This handle is inheritable */
         CreateFile (procFile[iProc].tempFile,
             GENERIC_WRITE,
             FILE_SHARE_READ | FILE_SHARE_WRITE, &stdOutSA,
             CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
      startUpSearch.dwFlags = STARTF_USESTDHANDLES;
      startUpSearch.hStdOutput = hTempFile;
      startUpSearch.hStdError = hTempFile;
      startUpSearch.hStdInput = GetStdHandle (STD_INPUT_HANDLE);

      /* Create a process to execute the command line. */
      CreateProcess (NULL, commandLine, NULL, NULL, TRUE,
         dwCreationFlags, NULL, NULL, &startUpSearch, &processInfo);
      /* Close unwanted handles. */
      CloseHandle (hTempFile); CloseHandle (processInfo.hThread);
      hProc[iProc] = processInfo.hProcess;
   }

   /* Processes are all running. Wait for them to complete. */
   for (iProc = 0; iProc < argc - 2; iProc += MAXIMUM_WAIT_OBJECTS)
      WaitForMultipleObjects ( /* Allows a large # of processes */
             min (MAXIMUM_WAIT_OBJECTS, argc - 2 - iProc),
             &hProc[iProc], TRUE, INFINITE);
   /* Result files sent to std output using "cat." */
   for (iProc = 0; iProc < argc - 2; iProc++) {
      if (GetExitCodeProcess(hProc[iProc], &exitCode) && exitCode==0)
      {
         /* Pattern was detected -- List results. */
         if (argc > 3) _tprintf (_T ("%s:\n"), argv[iProc + 2]);
         _stprintf (commandLine, _T ("cat \"%s\""),
                procFile[iProc].tempFile);
         CreateProcess (NULL, commandLine, NULL, NULL, TRUE,
             dwCreationFlags, NULL, NULL, &startUp, &processInfo);
         WaitForSingleObject (processInfo.hProcess, INFINITE);
         CloseHandle (processInfo.hProcess);
         CloseHandle (processInfo.hThread);
      }
      CloseHandle (hProc[iProc]);
      DeleteFile (procFile[iProc].tempFile);
   }
   free (procFile);
   free (hProc);
   return 0;
 }

Program 6-2. timep: Process Times

/* Chapter 6. timep. */

#include "Everything.h"
int _tmain (int argc, LPTSTR argv[])
{
   STARTUPINFO startUp;
   PROCESS_INFORMATION procInfo;
   union { /* Structure required for file time arithmetic. */
      LONGLONG li;
      FILETIME ft;
   } createTime, exitTime, elapsedTime;
   FILETIME kernelTime, userTime;
   SYSTEMTIME elTiSys, keTiSys, usTiSys, startTimeSys;
   LPTSTR targv = SkipArg (GetCommandLine ());
   HANDLE hProc;

   GetStartupInfo (&startUp);
   GetSystemTime (&startTimeSys);

   /* Execute the command line; wait for process to complete. */
   CreateProcess (NULL, targv, NULL, NULL, TRUE,
          NORMAL_PRIORITY_CLASS, NULL, NULL, &startUp, &procInfo);
   hProc = procInfo.hProcess;
   WaitForSingleObject (hProc, INFINITE);

   GetProcessTimes (hProc, &createTime.ft,
          &exitTime.ft, &kernelTime, &userTime);
   elapsedTime.li = exitTime.li - createTime.li;
   FileTimeToSystemTime (&elapsedTime.ft, &elTiSys);
   FileTimeToSystemTime (&kernelTime, &keTiSys);
   FileTimeToSystemTime (&userTime, &usTiSys);
   _tprintf (_T ("Real Time: %02d:%02d:%02d:%03d\n"),
          elTiSys.wHour, elTiSys.wMinute, elTiSys.wSecond,
          elTiSys.wMilliseconds);
   _tprintf (_T ("User Time: %02d:%02d:%02d:%03d\n"),
          usTiSys.wHour, usTiSys.wMinute, usTiSys.wSecond,
          usTiSys.wMilliseconds);
   _tprintf (_T ("Sys Time: %02d:%02d:%02d:%03d\n"),
          keTiSys.wHour, keTiSys.wMinute, keTiSys.wSecond,
          keTiSys.wMilliseconds);

   CloseHandle (procInfo.hThread); CloseHandle (procInfo.hProcess);
   CloseHandle (hProc);
   return 0;
}

Program 6-3. JobShell: Create, List, and Kill Background Jobs

/* Chapter 6. */
/* JobShell.c -- job management commands:
   jobbg -- Run a job in the background.
   jobs -- List all background jobs.
   kill -- Terminate a specified job of job family.
         There is an option to generate a console control signal. */

#include "Everything.h"
#include "JobMgt.h"

int _tmain (int argc, LPTSTR argv[])
{
   BOOL exitFlag = FALSE;
   TCHAR command[MAX_COMMAND_LINE], *pc;
   DWORD i, localArgc; /* Local argc. */
   TCHAR argstr[MAX_ARG][MAX_COMMAND_LINE];
   LPTSTR pArgs[MAX_ARG];

   for (i = 0; i < MAX_ARG; i++) pArgs[i] = argstr[i];
   /* Prompt user, read command, and execute it. */
   _tprintf (_T ("Windows Job Management\n"));
   while (!exitFlag) {
      _tprintf (_T ("%s"), _T ("JM$"));
      _fgetts (command, MAX_COMMAND_LINE, stdin);
      pc = strchr (command, '\n');
      *pc = '\0';
      /* Parse the input to obtain command line for new job. */
      GetArgs (command, &localArgc, pArgs); /* See Appendix A. */
      CharLower (argstr[0]);
      if (_tcscmp (argstr[0], _T ("jobbg")) == 0) {
         Jobbg (localArgc, pArgs, command);
      }
      else if (_tcscmp (argstr[0], _T ("jobs")) == 0) {
         Jobs (localArgc, pArgs, command);
      }
      else if (_tcscmp (argstr[0], _T ("kill")) == 0) {
         Kill (localArgc, pArgs, command);
      }
      else if (_tcscmp (argstr[0], _T ("quit")) == 0) {
         exitFlag = TRUE;
      }
      else _tprintf (_T ("Illegal command. Try again\n"));
   }
   return 0;
}

/* jobbg [options] command-line [Options are mutually exclusive]
      -c: Give the new process a console.
      -d: The new process is detached, with no console.
      If neither is set, the process shares console with jobbg. */
int Jobbg (int argc, LPTSTR argv[], LPTSTR command)
{
   DWORD fCreate;
   LONG jobNumber;
   BOOL flags[2];
   STARTUPINFO startUp;
   PROCESS_INFORMATION processInfo;
   LPTSTR targv = SkipArg (command);

   GetStartupInfo (&startUp);
   Options (argc, argv, _T ("cd"), &flags[0], &flags[1], NULL);
      /* Skip over the option field as well, if it exists. */
   if (argv[1][0] == '-') targv = SkipArg (targv);

   fCreate = flags[0] ? CREATE_NEW_CONSOLE :
         flags[1] ? DETACHED_PROCESS : 0;

      /* Create job/thread suspended. Resume once job entered. */
   CreateProcess (NULL, targv, NULL, NULL, TRUE,
         fCreate | CREATE_SUSPENDED | CREATE_NEW_PROCESS_GROUP,
         NULL, NULL, &startUp, &processInfo);
      /* Create a job number and enter the process ID and handle
         into the job "data base." */

   jobNumber = GetJobNumber (&processInfo, targv); /* See JobMgt.h */
   if (jobNumber >= 0)
      ResumeThread (processInfo.hThread);
   else {
      TerminateProcess (processInfo.hProcess, 3);
      CloseHandle (processInfo.hProcess);
      ReportError (_T ("Error: No room in job list."), 0, FALSE);
      return 5;
   }
   CloseHandle (processInfo.hThread);
   CloseHandle (processInfo.hProcess);
   _tprintf (_T (" [%d] %d\n"), jobNumber, processInfo.dwProcessId);
   return 0;
}

/* jobs: List all running or stopped jobs. */
int Jobs (int argc, LPTSTR argv[], LPTSTR command)
{
   if (!DisplayJobs ()) return 1; /* See job mgmt functions. */
   return 0;
}

/* kill [options] jobNumber
   -b Generate a Ctrl-Break
   -c Generate a Ctrl-C
      Otherwise, terminate the process. */
int Kill (int argc, LPTSTR argv[], LPTSTR command)
{
   DWORD ProcessId, jobNumber, iJobNo;
   HANDLE hProcess;
   BOOL cntrlC, cntrlB;

   iJobNo =
      Options (argc, argv, _T ("bc"), &cntrlB, &cntrlC, NULL);

   /* Find the process ID associated with this job. */
   jobNumber = _ttoi (argv[iJobNo]);
   ProcessId = FindProcessId (jobNumber); /* See job mgmt. */
   hProcess = OpenProcess (PROCESS_TERMINATE, FALSE, ProcessId);
   if (hProcess == NULL) { /* Process ID may not be in use. */
      ReportError (_T ("Process already terminated.\n"), 0, FALSE);
      return 2;
   }
   if (cntrlB)
      GenerateConsoleCtrlEvent (CTRL_BREAK_EVENT, ProcessId);
   else if (cntrlC)
      GenerateConsoleCtrlEvent (CTRL_C_EVENT, ProcessId);
   else
      TerminateProcess (hProcess, JM_EXIT_CODE);
   WaitForSingleObject (hProcess, 5000);
   CloseHandle (hProcess);
   _tprintf (_T ("Job [%d] terminated or timed out\n"), jobNumber);
   return 0;
}

lpProcInfo specifies the structure for containing the returned process, thread handles, and identification. The PROCESS_INFORMATION structure is as follows:

typedef struct _PROCESS_INFORMATION {
   HANDLE hProcess;
   HANDLE hThread;
   DWORD dwProcessId;
   DWORD dwThreadId;
} PROCESS_INFORMATION;

Why do processes and threads need handles in addition to IDs? The ID is unique to the object for its entire lifetime and in all processes, although the ID is invalid when the process or thread is destroyed and the ID may be reused. On the other hand, a given process may have several handles, each having distinct attributes, such as security access. For this reason, some process management functions require IDs, and others require handles. Furthermore, process handles are required for the general-purpose, handle-based functions. Examples include the wait functions discussed later in this chapter, which allow waiting on handles for several different object types, including processes. Just as with file handles, process and thread handles should be closed when no longer required.

Specifying the Executable Image and the Command Line

Either lpApplicationName or lpCommandLine specifies the executable image name. Usually, only lpCommandLine is specified, with lpApplicationName being NULL. Nonetheless, there are detailed rules for lpApplicationName.

  • If lpApplicationName is not NULL, it specifies the executable module. Specify the full path and file name, or use a partial name and the current drive and directory will be used; there is no additional searching. Include the file extension, such as .EXE or .BAT, in the name. This is not a command line, and it should not be enclosed with quotation marks.
  • If the lpApplicationName string is NULL, the first white-space-delimited token in lpCommandLine is the program name. If the name does not contain a full directory path, the search sequence is as follows:
    1. The directory of the current process's image
    2. The current directory
    3. The Windows system directory, which can be retrieved with GetSystemDirectory
    4. The Windows directory, which is retrievable with GetWindowsDirectory
    5. The directories as specified in the environment variable PATH

The new process can obtain the command line using the usual argv mechanism, or it can invoke GetCommandLine to obtain the command line as a single string.

Notice that the command line is not a constant string. A program could modify its arguments, although it is advisable to make any changes in a copy of the argument string.

It is not necessary to build the new process with the same UNICODE definition as that of the parent process. All combinations are possible. Using _tmain as described in Chapter 2 is helpful in developing code for either Unicode or ASCII operation.

Inheritable Handles

Frequently, a child process requires access to an object referenced by a handle in the parent; if this handle is inheritable, the child can receive a copy of the parent's open handle. The standard input and output handles are frequently shared with the child in this way, and Program 6-1 is the first of several examples. To make a handle inheritable so that a child receives and can use a copy requires several steps.

  • The bInheritHandles flag on the CreateProcess call determines whether the child process will inherit copies of the inheritable handles of open files, processes, and so on. The flag can be regarded as a master switch applying to all handles.
  • It is also necessary to make an individual handle inheritable, which is not the default. To create an inheritable handle, use a SECURITY_ATTRIBUTES structure at creation time or duplicate an existing handle.
  • The SECURITY_ATTRIBUTES structure has a flag, bInheritHandle, that should be set to TRUE. Also, set nLength to sizeof (SECURITY_ATTRIBUTES).

The following code segment shows how to create an inheritable file or other handle. In this example, the security descriptor within the security attributes structure is NULL; Chapter 15 shows how to include a security descriptor.

HANDLE h1, h2, h3;
SECURITY_ATTRIBUTES sa =
   {sizeof(SECURITY_ATTRIBUTES), NULL, TRUE };
...
h1 = CreateFile (..., &sa, ... ); /* Inheritable. */
h2 = CreateFile (..., NULL, ... ); /* Not inheritable. */
h3 = CreateFile (..., &sa, ...);
   /* Inheritable. You can reuse sa. */

A child process still needs to know the value of an inheritable handle, so the parent needs to communicate handle values to the child using an interprocess communication (IPC) mechanism or by assigning the handle to standard I/O in the STARTUPINFO structure, as in the next example (Program 6-1) and in several additional examples throughout the book. This is generally the preferred technique because it allows I/O redirection in a standard way and no changes are needed in the child program.

Alternatively, nonfile handles and handles that are not used to redirect standard I/O can be converted to text and placed in a command line or in an environment variable. This approach is valid if the handle is inheritable because both parent and child processes identify the handle with the same handle value. Exercise 6–2 suggests how to demonstrate this, and a solution is presented in the Examples file.

The inherited handles are distinct copies. Therefore, a parent and child might be accessing the same file using different file pointers. Furthermore, each of the two processes can and should close its own handle.

Figure 6-2 shows how two processes can have distinct handle tables with two distinct handles associated with the same file or other object. Process 1 is the parent, and Process 2 is the child. The handles will have identical values in both processes if the child's handle has been inherited, as is the case with Handles 1 and 3.

Figure 6-2

Figure 6-2 Process Handle Tables

On the other hand, the handle values may be distinct. For example, there are two handles for File D, where Process 2 obtained a handle by calling CreateFile rather than by inheritance. Also, as is the case with Files B and E, one process may have a handle to an object while the other does not. This would be the case when the child process creates the handle. Finally, while not shown in the figure, a process can have multiple handles to refer to the same object.

  • + Share This
  • 🔖 Save To Your Account