0x01 进程创建

// 20180104_02.cpp : Defines the entry point for the console application.

//



#include "stdafx.h"

#include <Windows.h>



/*

BOOL CreateProcess(

  LPCTSTR lpApplicationName,                 // name of executable module

  LPTSTR lpCommandLine,                      // command line string

  LPSECURITY_ATTRIBUTES lpProcessAttributes, // SD

  LPSECURITY_ATTRIBUTES lpThreadAttributes,  // SD

  BOOL bInheritHandles,                      // handle inheritance option

  DWORD dwCreationFlags,                     // creation flags

  LPVOID lpEnvironment,                      // new environment block

  LPCTSTR lpCurrentDirectory,                // current directory name

  LPSTARTUPINFO lpStartupInfo,               // startup information

  LPPROCESS_INFORMATION lpProcessInformation // process information

);



*/



VOID testCreateProcess()

{

	STARTUPINFO si={0};

	si.cb = sizeof(si);

	PROCESS_INFORMATION pi;

	TCHAR lpApplicationName[] = TEXT("c:\\Program Files\\Internet Explorer\\IEXPLORE.EXE");

	TCHAR lpCommandLine[] =TEXT("  http://www.gyarmy.com");

	

	CreateProcess(

		lpApplicationName,

		lpCommandLine,

		NULL,

		NULL,

		FALSE,

		CREATE_NEW_CONSOLE,

		NULL,

		NULL,

		&si,

		&pi);



	//输出 pi中的信息

	

	printf("%x,%x,%x,%x\n",pi.dwProcessId,pi.dwThreadId,pi.hProcess,pi.hThread);



}



int main(int argc, char* argv[])

{

	

	//C:\Program Files\Internet Explorer\\IEXPLORE.EXE



	testCreateProcess();



	//printf("Hello World!\n");

	return 0;

}

0x02 进程句柄的继承

涉及到内核的知识

首先创建一个进程，打开另一个进程， 在另一个进程中读取传递过去的信号

进程一的代码：

// 20180104_02.cpp : Defines the entry point for the console application.

//



#include "stdafx.h"

#include <Windows.h>



int main(int argc, char* argv[])

{

	

	//C:\Program Files\Internet Explorer\\IEXPLORE.EXE

	SECURITY_ATTRIBUTES sa;

	sa.nLength = sizeof(sa);

	sa.lpSecurityDescriptor = NULL;

	sa.bInheritHandle = TRUE;



	HANDLE hEvent = CreateEvent(&sa,TRUE,FALSE,NULL);

	

	TCHAR szEventChar[8];

	sprintf(szEventChar," %x",(DWORD)hEvent);



	printf("Event: %s \n",szEventChar);



	STARTUPINFO si={0};

	si.cb = sizeof(si);

	PROCESS_INFORMATION pi;

	TCHAR lpApplicationName[] = TEXT("c:\\zzz.exe");

	TCHAR lpCommandLine[256] ={0};



	

	CreateProcess(

		lpApplicationName,

		szEventChar,

		NULL,

		NULL,

		TRUE,

		CREATE_NEW_CONSOLE,

		NULL,

		NULL,

		&si,

		&pi);



	//printf("Hello World!\n");



	//开始运行

	SetEvent(hEvent);

	CloseHandle(hEvent);

	return 0;

}

进程二的代码：

// zzz.cpp : Defines the entry point for the console application.

//



#include "stdafx.h"

#include <windows.h>



int main(int argc, char* argv[])

{

	TCHAR szHandleTCHAR[256]={0};

	sprintf(szHandleTCHAR,"%s",argv[1]);

	

	printf("eventHandle: %s \n",szHandleTCHAR);



	DWORD eHandle=0;

	sscanf(szHandleTCHAR,"%x",&eHandle);



	printf("handle: %d\n",eHandle);

	

	HANDLE myEventHandle = (HANDLE)eHandle;



	WaitForSingleObject(myEventHandle,INFINITE);



	printf("继续执行。。。。\n");



	printf("Hello World!\n");

	getchar();



	return 0;

}