-------------------------------------------------- ------------------------------ Overview Process Control Simplelined is equivalent to executing another program in a program, you can It imagines to perform another program in DOS with int 21H / 4BH function. If you do a single from the purpose of performing another program, there are many ways in Windows, such as using Shellexecute, but these APIs are just "execution "Moreover, the meaning of process control is to create a process and can end the process through the process handle, and you can also track the program through the process handle, and you can use ReadProcessMemory and WriteProcessMemory to read the memory space of the writing child process. Process Control The relevant API to use has the following: Create a function of the process for CREATEPROCESS, which is more complicated, with ten parameters, but there is a good message to use NULL. BOOL CreateProcess (LPCTSTR lpApplicationName, // execute the program file name LPTSTR lpCommandLine, // parameter line LPSECURITY_ATTRIBUTES lpProcessAttributes, // process safety parameters LPSECURITY_ATTRIBUTES lpThreadAttributes, // thread safety parameters BOOL bInheritHandles, // inheritance flag DWORD dwCreationFlags, // create tags LPVOID LPENVIRONMENT, / / Environment Variable LPCTSTSTAR LPCURRENTDIRECTORY, / / Run the initial directory of the child Process LPStartupinfo LPStartupinfo, // Create the relevant parameter of the child process LPPROCESS_INFORMATION LPPROCESSINFORMATION // created the information used to create sub-process); various parameters As follows: lpapplicationName: To execute the program's file name, you can also include the execution file name in the next parameter lpcommandline, and then set this parameter to NULL. LPCommandline: For parameter line, if the parameters can be null, you can set the following when passing to the process: lpapplicationName = file name; lpchaMMandLine = parameter, or lpApplicationName = Null; lpCommandline = file name parameter. LPPRocessAttributes, LPTHREADATIADATTRIBUTES: The created process and thread security properties are described, and if null is used to represent the default security description. BinheritHandles: Indicates whether the handle in the current process can be inherited by the sub-process that can be created. DWCREATIONFLAGS: Represents the creation tag, which can set the creation status and priority of the process via this tag. Commonly used tags: create_new_console: Create a new console for the child process. CREATE_SUSPENDED: The child process is hang when creating. If this parameter is specified, the process of executing the createProcess is just loaded, but not immediately started, but must wait until the main program is called RESUMETHREAD to continue. High_priority_class / normal_priority_class: High / normal priority.
LpenVironment: Indicates the environment variable used by the child process. If null, the same environment variable is used to use the current process. LpCurrentDirectory: Indicates the initial directory of the sub-process run. LPStartupInfo: STARTUPINFO structure, used to set various properties when creating sub-processes. The LPPROCESSINFORMATION: Process_information structure is used to receive relevant information after the process is created, which is filled out by the system. Calling the CreateProcess function There is three parameters, which is required, one in lpapplicationName or lpCommandline specifies the file name, the second is the LPstartupInfo structure, the third is the Process_information structure, because the process_information structure returns the handle after the process is established, and everything will be used to use these returns. Handle, it is fillised by the system, the structure is described as follows: typedef struct _process_information {handle hthread; // process handle Handle Hthread; // Process main thread handle DWord dWProcessID; // Process IDDWORD DWTHREADID; // Main thread ID } Process_information; there is another key structure Startupinfo, which is defined as follows: typedef struct startupinfo {dWord CB; // Structural length lptstr lpreserved; // Reserved lptstr lpTitle; // If you are console process Then, the title DWORD DWX; // window location dword dwy; // window location DWORD dwysize; // window size DWORD dwysize; // window size DWORD dwxcountchars; // console window word symbol width DWORD DWYCOUNTCHARS; // Control Table window word symbol Height DWORD DWFILLATTRIBUTE; // Console Window Fill mode DWORD DWFLAGS; // Create tag Word wshowWindow; // window display tag, like showWindow's mark word cbreserved2; // lpbyte lpreserved2; // handle hstdinput; // Handle HstdInput; / Stand-input handle Handle HSTDOUTPUT; // Standard Output Handle Handle HSTDERROR; // Standard Error Handle} Startupinfo, * LPStartupInfo; DWFlags DwFLAGS Specifies whether other fields are valid, such as: dwflags contains Startf_USESize to indicate dwxsize and dwysize valid, including Startf_useposition means DWX and DW Y is effective, and so on.
If there is not a special requirement, we don't have to fill in this structure yourself, just use getStartupInfo to make Windows to fill in you, this way, the statement to create a process is: ... StStartup Startupinfo StProcinfo process_information StPROCINFO Process_information ... invoke GetStartupInfo, addr stStartUpinvoke CreateProcess, NULL, addr szFileName, NULL, NULL, NULL, NORMAL_PRIORITY_CLASS, NULL, NULL, offset stStartUp, offset stProcInfo ... If successful, eax will return a non-zero value, attention returns The HProcess in the Process_information structure is used in many operations. Forced an API of a process to TerminateProcessBool TerminateProcess (Handle HProcess // Procedure Code); you can use statements invoke terminateProcess, StructProcinfo.hprocess, 0 to end the process, pay attention to if possible, try to Don't force other processes in the program, because the process ended using TERMINATEPROCESS, it is loaded with the DLL cannot be uninstalled correctly. This may cause an invalid occupancy of system resources. The best way to use EXITPROCESS to exit in the process. Query a process status API is getExitcodeProcess. Bool getExitcodeProcess (Handle HProcess, // Handle To The Process To Receive Termination Status); if the process has not yet quilt, the function will return Still_Active. This API is back. Waiting for the process can use WaitForsingleObject This API is not single for the process, others can also be used in threads, but we generally use it to wait for the execution of the process, its declaration is: DWORD WAITFORSINGLEOBJECT (Handle Hhandle, // handle of object to wait forDWORD dwMilliseconds // time-out interval in milliseconds); if we wait for the process to be executed for one second, you can invoke WaitForSingleObject, stProcInfo.hProcess, 1000 if you want to wait until the end of the process, you can use WaitForSingleObject, stProcInfo.hProcess, Infinite, Infinite in Parameter 2 is defined in Windows.inc, meaning infinity waiting. Finally, when the process handle is no longer used, don't forget to use CloseHandle to close the HProcess and Hthread, otherwise the resource of the system handle will be watted.
Source program - assembly source files .386.Model flat, stdcalloption caseMap: None; Case Sensitive; >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Folder >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>> include windows.incinclude user32.incinclude kernel32.incinclude comctl32.incinclude comdlg32.incinclude gdi32.incincludelib user32.libincludelib kernel32.libincludelib comctl32.libincludelib comdlg32.libincludelib gdi32.lib; >>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Folder data; >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>
ID_BROWSE EQU 3001ID_RUN EQU 3002ID_EXIT EQU 3003ID_Text EQU 3004F_Running EQU 0001H; Process is running; >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> . >>>>>>> data stStartUp STARTUPINFO stProcInfo PROCESS_INFORMATION stOpenFileName OPENFILENAME hRunThread dd hInstance dd hWinMain dd hIcon dd szBuffer db 512 dup dwFlag dd? ???? (?);? >> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> DataSzexcute DB 'Perform (& E)', 0; button text SZKILL DB 'Termination (& E)', 0SZEXCUTEERROR DB 'Start application error! ', 0SZTITLEOPEN DB "Open Executable File ...", 0SZext DB' * .exe ', 0SZFILTER DB' Excutable Files', 0, '*. EXE; *. COM', 0DB 0; >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>; >>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Folder .asmendifinclude win.asm; ********************************************************************** ****************; Execute the thread for the program; 1. Establish a process with CreateProcess; 2. Wait with WaitForsingleOject to wait for the process; **** *********************************************************** ************* _ RUNTHREAD PROC Uses EBX ECX EDX ESI EDI, / DWPARAM: DWordor dwflag, f_running; *************************** ************************************************* Cancel the "exit" button and change the "execution" button to "abort"; ********************************* ******************************************** Invoke Getdlgitem, HwinMain, ID_EXITINVOKE ENABLEWINDOW, EAX, FALSEINVOKE Senddlgitemmessage, HwinMain, ID_Run, WM_SETTEXT, 0, OFFSET SZKILL; ***************************************** *******************; execute file, if success is waiting to end; *********** *********************************************************** ****** invoke GetStartupInfo, addr stStartUpinvoke CreateProcess, NULL, addr szBuffer, NULL, NULL, / NULL, NORMAL_PRIORITY_CLASS, NULL, NULL, offset stStartUp, offset stProcInfo.if eax! = 0invoke WaitForSingleObject, stProcInfo.hProcess, INFINITEinvoke CloseHandle, stProcInfo.hProcessinvoke CloseHandle, stProcInfo.hThread.elseinvoke MessageBox, hWinMain, addr szExcuteError, NULL, MB_OK or MB_ICONERROR.endif; **************** *********************************************************** **; Enable "Exit" button and change the "abort" button to "execution"; ************************************* ************************************* Invoke getdlgitem, hwinmain, id_exitinvoke enableWindow, Eax, Trueinvoke Senddlgitemmessage , hwinmain, id_run, wm_settext, 0, offset szexcuteand dwflag, not f_runningret_runthread endp;
*********************************************************** ****************; Window program; ************************************ ********************************************************** DialogMainProc Proc Uses EBX EDI ESI, / HWND: DWORD, WPARS: DWORD, LPARAM: DWORDMOV EAX, WMSG; ********************************** **********************************. if Eax == WM_INITDIALOGMOV EAX, HWNDMOV HWINMAIN, EAXCALL _INIT; * *********************************************************** ****************. Elseif Eax == WM_CloseInvoke Enddialog, HwinMain, Null; ********************** *****************************************************************. Elseif EAX == WM_COMMANDmov eax, wParam.if ax == ID_BROWSEcall _BrowseFilecall _CheckText.elseif ax == ID_TEXTinvoke GetDlgItemText, hWinMain, ID_TEXT, addr szBuffer, 512call _CheckText.elseif ax == ID_RUN; ************ *********************************************************** ******; If there is nothing in execution (dwflag is not set), the thread is established, executing the program in the thread; if it is already executed, use TerminateProcess to terminate the execution; ********** *********************************************************** ******** TEST DWFLAG, F_Running.if ? ZERO invoke CreateThread, NULL, NULL, offset _RunThread, / NULL, NULL, offset hRunThread.elseinvoke TerminateProcess, stProcInfo.hProcess, -1.endif.elseif ax == ID_EXITinvoke EndDialog, hWinMain, NULL.endif.else; *** *********************************************************** **************; Note: After the message processing of the dialog box, return true, to the unprocessed message; return false; ********** *********************************************************** ******* MOV EAX, FALSERET.ENDIFMOV ENX, TRUERETDIALOGMAINPROC ENDP; ******************************************** **************************; program entry;
*********************************************************** ****************** start: invoke InitCommonControlsinvoke GetModuleHandle, NULLmov hInstance, eaxinvoke DialogBoxParam, hInstance, DLG_MAIN, NULL, offset DialogMainProc, 0invoke ExitProcess, NULL; ****** *********************************************************** ************ _ Init procinvoke _CenterWindow, hWinMaininvoke SendDlgItemMessage, hWinMain, ID_TEXT, EM_LIMITTEXT, 512, NULLinvoke GetDlgItem, hWinMain, ID_RUNinvoke EnableWindow, eax, FALSEret_Init endp; ********** *********************************************************** ********; If there is any homer in Text Control to decide whether to "execute" button disable; *********************** ***************************************************** _ CheckText Procinvoke getdlgitemtext, hwinmain, ID_TEXT, addr szBuffer, 512invoke lstrlen, addr szBuffer.if eax = 0 || (dwFlag & F_RUNNING) invoke GetDlgItem, hWinMain, ID_RUNinvoke EnableWindow, eax, TRUE.elseinvoke GetDlgItem, hWinMain, ID_RUNinvoke EnableWindow, eax, FALSE.endifret_CheckText endp!; ********************************************************* ******************** _ BrowseFile procmov stOpenFileName.Flags, OFN_PATHMUSTEXIST or OFN_FILEMUSTEXISTmov stOpenFileName.lStructSize, SIZEOF stOpenFileNamemov eax, hWinMainmov stOpenFileName.hwndOwner, eaxmov stOpenFileName.lpstrFilter, offset szFilter; extension mov stOpenFileName.lpstrFile, offset szBuffer; filename buffer mov stOpenFileName.nMaxFile, 512; filename buffer length mov stOpenFileName.lpstrInitialDir, 0mov stOpenFileName.lpstrTitle, offset szTitleOpenmov stOpenFileName.lpstrDefExt, offset szExtinvoke GetOpenFileName, offset stOpenFileName.if eax = = Falseret.endifinvoke setdlgitemtext, hwinmain, id_text, addr szbufferret_browsefile endp;
