Controlling Processes
Examples: kill program and launch program.
OpenProcess
The OpenProcess function returns a handle of an existing process object.
HANDLE OpenProcess(
DWORD dwDesiredAccess, // access flag
BOOL bInheritHandle, // handle inheritance flag
DWORD dwProcessId // process identifier
);
Parameters
dwDesiredAccess
Specifies the access to the process object. For operating systems that support security checking, this access is checked
against any security descriptor for the target process. Any combination of the following access flags can be specified in
addition to the
STANDARD_RIGHTS_REQUIRED access flags:
| Access | Description |
| PROCESS_ALL_ACCESS |
Specifies all possible access flags for the process object. |
| PROCESS_CREATE_PROCESS |
Used internally. |
| PROCESS_CREATE_THREAD |
Enables using the process handle in the CreateRemoteThread function to create a thread in the process. |
| PROCESS_DUP_HANDLE |
Enables using the process handle as either the source or target process in the DuplicateHandle function
to duplicate a handle. |
| PROCESS_QUERY_INFORMATION |
Enables using the process handle in the GetExitCodeProcess and GetPriorityClass functions to
read information from the process object. |
| PROCESS_SET_INFORMATION |
Enables using the process handle in the SetPriorityClass function to set the priority class of the process. |
| PROCESS_TERMINATE |
Enables using the process handle in the TerminateProcess function to terminate the process. |
| PROCESS_VM_OPERATION |
Enables using the process handle in the VirtualProtectEx and WriteProcessMemory functions to
modify the virtual memory of the process. |
| PROCESS_VM_READ |
Enables using the process handle in the ReadProcessMemory function to read from the virtual memory of the
process. |
| PROCESS_VM_WRITE |
Enables using the process handle in the WriteProcessMemory function to write to the virtual memory of the
process. |
| SYNCHRONIZE |
Windows NT only: Enables using the process handle in any of the wait functions to wait for the process to terminate. |
Specifies whether the returned handle can be inherited by a new process created by the current process. If TRUE,
the handle is inheritable.
dwProcessId
Specifies the process identifier of the process to open.
Return Values
If the function succeeds, the return value is an open handle of the specified process.
If the function fails, the return value is NULL. To get extended error information, call GetLastError.
Remarks
The handle returned by the OpenProcess function can be used in any function that requires a handle to a process,
such as the wait functions, provided the appropriate access rights were requested.
When you are finished with the handle, be sure to close it using the CloseHandle function.
TerminateProcess
The TerminateProcess function terminates the specified process and all of its threads.
BOOL TerminateProcess(
HANDLE hProcess, // handle to the process
UINT uExitCode // exit code for the process
);
Parameters
hProcess
Identifies the process to terminate.
Windows NT: The handle must have PROCESS_TERMINATE access.
uExitCode
Specifies the exit code for the process and for all threads terminated as a result of this call. Use the
GetExitCodeProcess function to retrieve the process's exit value. Use the GetExitCodeThread
function to retrieve a thread's exit value.
Return Values
If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero. To get extended error information, call GetLastError.
Remarks
The TerminateProcess function is used to unconditionally cause a process to exit. Use it only in extreme
circumstances. The state of global data maintained by dynamic-link libraries (DLLs) may be compromised if
TerminateProcess is used rather than ExitProcess.
TerminateProcess causes all threads within a process to terminate, and causes a process to exit, but
DLLs attached to the process are not notified that the process is terminating.
Terminating a process causes the following:
- All of the object handles opened by the process are closed.
- All of the threads in the process terminate their execution.
- The state of the process object becomes signaled, satisfying any threads that had been waiting for the process to terminate.
- The states of all threads of the process become signaled, satisfying any threads that had been waiting for the threads to terminate.
- The termination status of the process changes from STILL_ACTIVE to the exit value of the process.
Terminating a process does not cause child processes to be terminated.
Terminating a process does not necessarily remove the process object from the system. A process object is deleted
when the last handle to the process is closed.
GetExitCodeProcess
The GetExitCodeProcess function retrieves the termination status of the specified process.
BOOL GetExitCodeProcess(
HANDLE hProcess, // handle to the process
LPDWORD lpExitCode // address to receive termination status
);
Parameters
hProcess
Identifies the process.
Windows NT: The handle must have PROCESS_QUERY_INFORMATION access.
lpExitCode
Points to a 32-bit variable to receive the process termination status.
Return Values
If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero. To get extended error information, call GetLastError.
Remarks
If the specified process has not terminated, the termination status returned is STILL_ACTIVE. If the process
has terminated, the termination status returned may be one of the following:
- The exit value specified in the ExitProcess or TerminateProcess function.
- The return value from the main or WinMain function of the process.
- The exception value for an unhandled exception that caused the process to terminate.