1 / 6

Remote Process Explorer

Remote Process Explorer. Processes Windows. The Microsoft Windows NT operating system supports both models of process creation : the parent's address space may be duplicated then the program be loaded into new address space,

rlorraine
Télécharger la présentation

Remote Process Explorer

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Remote Process Explorer

  2. Processes Windows • The Microsoft Windows NT operating system supports both models of process creation: • the parent's address space may be duplicated then the program be loaded into new address space, • or the parent may specify the name of a program for the operating system to load into the newly created address space at once. • In Windows CreateProcess() starts execution of the new process from the beginning • but in unix fork() starts execution after the point fork() was called. • there is no equivalent function for fork() in win32API. • The underlying API in Windows NT is certainly capable of performing a "fork“ • However, this is not exposed by the Win32 API. • So, you need to bypass Win32 and call the native API ({Nt|Zw}CreateProcess) • The book "Windows Nt/2000 Native Api Reference" has an example "Forking a Win32 Process".

  3. Create Processes

  4. Parent Process if(CreateProcess(".\\hello1.exe", NULL, NULL, NULL, FALSE, 0, NULL, NULL, &si, &pi)) { printf( "This is Parent, my PID=(%d): Creating Child1: PID=(%d)\n", _getpid(), pi.dwProcessId ); } else { printf( "CreateProcess1 failed (%d)\n", GetLastError() ); getch(); return; } if(CreateProcess(".\\hello2.exe", NULL, NULL, NULL, FALSE, 0, NULL, NULL, &sj, &pj)) { printf( "This is Parent, my PID=(%d): Creating Child2: PID=(%d)\n", _getpid(), pj.dwProcessId ); } else {printf( "CreateProcess2 failed (%d)\n", GetLastError() ); getch(); return; } // Wait until child processes exit. WaitForSingleObject( pi.hProcess, INFINITE ); WaitForSingleObject( pj.hProcess, INFINITE );

  5. Child “Hello.exe”

More Related