CreateProcess

BOOL WINAPI CreateProcess(

  __in_opt     LPCTSTR lpApplicationName,

  __inout_opt  LPTSTR lpCommandLine,

  __in_opt     LPSECURITY_ATTRIBUTES lpProcessAttributes,

  __in_opt     LPSECURITY_ATTRIBUTES lpThreadAttributes,

  __in         BOOL bInheritHandles,

  __in         DWORD dwCreationFlags,

  __in_opt     LPVOID lpEnvironment,

  __in_opt     LPCTSTR lpCurrentDirectory,

  __in         LPSTARTUPINFO lpStartupInfo,

  __out        LPPROCESS_INFORMATION lpProcessInformation

);

 

Creates a new process and its primary thread. The new process runs in the security context of the calling process.

//创建一个新进程和这个新进程的主线程。新进程在主叫进程的安全环境中运行。

 

If the calling process is impersonating another user, the new process uses the token for the calling process, not the impersonation token. To run the new process in the security context of the user represented by the impersonation token, use the CreateProcessAsUser or CreateProcessWithLogonW function.

//???????

 

Parameters

lpApplicationName [in, optional]

The name of the module to be executed. This module can be a Windows-based application. It can be some other type of module (for example, MS-DOS or OS/2) if the appropriate subsystem is available on the local computer.

//将被执行的模块的名字[输入参数，可选项]

//这个模块可以是基于windows的应用程序，如果本地计算机指定合适的子系统//(subsystem)，也可以是其他类型的模块（例如MS-DOS 或者 OS/2）。

 

The string can specify the full path and file name of the module to execute or it can specify a partial name. In the case of a partial name, the function uses the current drive and current directory to complete the specification. The function will not use the search path. This parameter must include the file name extension; no default extension is assumed.

//字符串可以指定被执行模块的（全路径＋文件名）或者（部分名）。在指定（部分名）的

//情况下，函数用当前驱动和当前路径来完成指定。函数将不会用搜索路径。参数必须包含//文件的扩展名，因为函数不会假定默认的扩展名。

 

The lpApplicationName parameter can be NULL. In that case, the module name must be the first white space-delimited token in the lpCommandLine string. If you are using a long file name that contains a space, use quoted strings to indicate where the file name ends and the arguments begin; otherwise, the file name is ambiguous. For example, consider the string "c:/program files/sub dir/program name". This string can be interpreted in a number of ways. The system tries to interpret the possibilities in the following order:

c:/program.exe files/sub dir/program name

c:/program files/sub.exe dir/program name

c:/program files/sub dir/program.exe name

c:/program files/sub dir/program name.exe

If the executable module is a 16-bit application, lpApplicationName should be NULL, and the string pointed to by lpCommandLine should specify the executable module as well as its arguments.

To run a batch file, you must start the command interpreter; set lpApplicationName to cmd.exe and set lpCommandLine to the following arguments: /c plus the name of the batch file.

// lpApplicationName参数可以为NULL。这种情况下，模块名字必须为命令行参数字符串的//第一个 space-delimited token。如果你用一个包含空格的长文件名，应该用引用字符串标志//哪里是文件名的结尾和参数的开始。另外，文件名是含糊不清的。例如，字符串

//"c:/program files/sub dir/program name"可能被解释成以下几种方式：

//c:/program.exe files/sub dir/program name

//c:/program files/sub.exe dir/program name

//c:/program files/sub dir/program.exe name

//c:/program files/sub dir/program name.exe

//16位应用程序的处理。

//若要运行批处理文件，必须启动命令解释器。将lpApplicationName和lpCommandLine分

//别指定为cmd.exe和（/c＋批处理文件名）。

 

lpCommandLine [in, out, optional]

The command line to be executed. The maximum length of this string is 32,768 characters, including the Unicode terminating null character. If lpApplicationName is NULL, the module name portion of lpCommandLine is limited to MAX_PATH characters.

//被执行的命令行。最大长度为32768个字符，包括NULL结束符。如果lpApplicationName

//为空，lpCommandLine中执行模块的文件名部分被限制在MAX_PATH之内。

 

The Unicode version of this function, CreateProcessW, can modify the contents of this string. Therefore, this parameter cannot be a pointer to read-only memory (such as a const variable or a literal string). If this parameter is a constant string, the function may cause an access violation.

//函数的Unicode版本CreateProcessW,可能改变字符串的内容，因此参数不能为一共指向只//读内存的指针。如果参数为常量字符串，将引起访问违规。

 

The lpCommandLine parameter can be NULL. In that case, the function uses the string pointed to by lpApplicationName as the command line.

//lpCommandLine参数可以为NULL。此时函数用lpApplicationName作为命令行参数。

 

If both lpApplicationName and lpCommandLine are non-NULL, the null-terminated string pointed to by lpApplicationName specifies the module to execute, and the null-terminated string pointed to by lpCommandLine specifies the command line. The new process can use GetCommandLine to retrieve the entire command line. Console processes written in C can use the argc and argv arguments to parse the command line. Because argv[0] is the module name, C programmers generally repeat the module name as the first token in the command line.

//如果lpApplicationName 和lpCommandLine均非空，前者指向执行模块，后者指向命令行，//新进程可以用GetCommandLine获得完整的命令行。因为argv[0]为模块名，C程序员通常//在命令行的第一个token串中重复模块名。

 

If lpApplicationName is NULL, the first white space-delimited token of the command line specifies the module name. If you are using a long file name that contains a space, use quoted strings to indicate where the file name ends and the arguments begin (see the explanation for the lpApplicationName parameter). If the file name does not contain an extension, .exe is appended. Therefore, if the file name extension is .com, this parameter must include the .com extension. If the file name ends in a period (.) with no extension, or if the file name contains a path, .exe is not appended. If the file name does not contain a directory path, the system searches for the executable file in the following sequence:

The directory from which the application loaded.

The current directory for the parent process.

The 32-bit Windows system directory. Use the GetSystemDirectory function to get the path of this directory.

The 16-bit Windows system directory. There is no function that obtains the path of this directory, but it is searched. The name of this directory is System.

The Windows directory. Use the GetWindowsDirectory function to get the path of this directory.

//这种情况下，模块名字必须为命令行参数字符串的第一个 space-delimited token。如果你用//一个包含空格的长文件名，应该用引用字符串标志哪里是文件名的结尾和参数的开始。如//果文件名没有包含扩展名，.exe被附加为扩展名。因此，如果文件扩展名为.com，这个参//数必须包含.com扩展名。如果文件名尽有个(.)而没扩展名，或者文件名包含路径，.exe将//不被附加。如果文件名不包含路径，系统按下面顺序查找可执行文件。

//1.应用程序指定

//2.父进程的当前路径

//3.32位windows系统路径。用函数GetSystemDirectory获得此路径。

//4.16位Windows系统路径。无函数用于获得此路径，但是可以搜索路径名 System。

//5.Windows路径。用函数GetWindowsDirectory获得此路径。

 

The directories that are listed in the PATH environment variable. Note that this function does not search the per-application path specified by the App Paths registry key. To include this per-application path in the search sequence, use the ShellExecute function.

The system adds a terminating null character to the command-line string to separate the file name from the arguments. This divides the original string into two strings for internal processing.

//路径名被列到PATH环境变量中。注意这个函数不搜索被App Path注册表关键字所指定的// per-application path。用ShellExecute函数可以将per-application path加入搜索序列中。系

//统在文件名之后添加了null结束字符以分隔arguments。它为内部进程的原始字符串拆分为//两个字符串

 

lpProcessAttributes [in, optional]

A pointer to a SECURITY_ATTRIBUTES structure that determines whether the returned handle to the new process object can be inherited by child processes. If lpProcessAttributes is NULL, the handle cannot be inherited.

//一个指向安全结构体的指针。它决定所返回的新进程对象的句柄是否能被子进程所继承。//如果是NULL，句柄不能被子进程继承。

 

The lpSecurityDescriptor member of the structure specifies a security descriptor for the new process. If lpProcessAttributes is NULL or lpSecurityDescriptor is NULL, the process gets a default security descriptor. The ACLs in the default security descriptor for a process come from the primary token of the creator.

//结构体的lpSecurityDescriptor成员指定了新进程的安全描述。如果lpProcessAttributes

//为空，或者lpSecurityDescriptor为空，进程获得默认安全描述。

 

Windows XP/2000:  The ACLs in the default security descriptor for a process come from the primary or impersonation token of the creator. This behavior changed with Windows XP with SP2 and Windows Server 2003.

 

lpThreadAttributes [in, optional]

A pointer to a SECURITY_ATTRIBUTES structure that determines whether the returned handle to the new thread object can be inherited by child processes. If lpThreadAttributes is NULL, the handle cannot be inherited.

//一个指向安全结构体的指针。它决定所返回的新线程对象的句柄是否能被子进程所继承。//如果是NULL，句柄不能被子进程继承。

 

The lpSecurityDescriptor member of the structure specifies a security descriptor for the main thread. If lpThreadAttributes is NULL or lpSecurityDescriptor is NULL, the thread gets a default security descriptor. The ACLs in the default security descriptor for a thread come from the process token.

//结构体的lpSecurityDescriptor成员指定了主线程的安全描述。如果lpProcessAttributes

//为空，或者lpSecurityDescriptor为空，进程获得默认安全描述。

 

Windows XP/2000:  The ACLs in the default security descriptor for a thread come from the primary or impersonation token of the creator. This behavior changed with Windows XP with SP2 and Windows Server 2003.

 

bInheritHandles [in]

If this parameter TRUE, each inheritable handle in the calling process is inherited by the new process. If the parameter is FALSE, the handles are not inherited. Note that inherited handles have the same value and access rights as the original handles.

//如果参数为真，主叫进程中的每个可以被继承的句柄都可以被新进程继承。参数为假，

//句柄不能被新进程继承。注意被继承的句柄有与原始句柄相同的值和访问权限。

 

 

dwCreationFlags [in]

The flags that control the priority class and the creation of the process. For a list of values, see Process Creation Flags.

This parameter also controls the new process's priority class, which is used to determine the scheduling priorities of the process's threads. For a list of values, see GetPriorityClass. If none of the priority class flags is specified, the priority class defaults to NORMAL_PRIORITY_CLASS unless the priority class of the creating process is IDLE_PRIORITY_CLASS or BELOW_NORMAL_PRIORITY_CLASS. In this case, the child process receives the default priority class of the calling process.

//标志控制进程的产生和优先权。

//参数控制新进程的优先权，以决定进程的线程的调度优先权。GetPriorityClass查看列表。//如果没有优先权标志被指定，默认为NORMAL_PRIORITY_CLASS除非创建进程优先权

//指定为IDLE_PRIORITY_CLASS或者 BELOW_NORMAL_PRIORITY_CLASS。此时，子//进程获得主叫进程的默认优先权。

 

lpEnvironment [in, optional]

A pointer to the environment block for the new process. If this parameter is NULL, the new process uses the environment of the calling process.

An environment block consists of a null-terminated block of null-terminated strings. Each string is in the following form:

name=value/0

Because the equal sign is used as a separator, it must not be used in the name of an environment variable.

An environment block can contain either Unicode or ANSI characters. If the environment block pointed to by lpEnvironment contains Unicode characters, be sure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT. If this parameter is NULL and the environment block of the parent process contains Unicode characters, you must also ensure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT.

//一个指针指向新进程的环境块。如果参数为空，则新进程使用主叫进程的环境。

//一个环境块包含一组以null结尾的字符串。

//因为等号用于分隔，所以环境变量名不能有等号。

//一个环境块中可以包含Unicode或者ANSI字符。如果lpEnvironment指向Unicode字符，//确定dwCreationFlags包含。如果此参数为空但是主叫进程是上述情况，也要确定包含。

 

The ANSI version of this function, CreateProcessA fails if the total size of the environment block for the process exceeds 32,767 characters.

Note that an ANSI environment block is terminated by two zero bytes: one for the last string, one more to terminate the block. A Unicode environment block is terminated by four zero bytes: two for the last string, two more to terminate the block.

//函数的ANSI版本CreateProcessA，如果环境块大小超过32767个字符，调用识别。

//注意ANSI环境块以2个零bytes结束，一个为字符串结束标志，一个为block结束标志。//Unicode环境块以4个零bytes结束。两个为字符串结束标志，两个为block结束标志。

 

lpCurrentDirectory [in, optional]

The full path to the current directory for the process. The string can also specify a UNC path.

If this parameter is NULL, the new process will have the same current drive and directory as the calling process. (This feature is provided primarily for shells that need to start an application and specify its initial drive and working directory.)

//进程当前目录的全路径。字符串也可指定一个UNC路径。

//如果参数为空，新进程拥有与主叫进程一样的当前驱动和路径。（这一特点主要是针对shells //中需要启动一个应用程序并且指定它的出师驱动和路径。）

 

lpStartupInfo [in]

A pointer to a STARTUPINFO or STARTUPINFO structure.

To set extended attributes, use a STARTUPINFOEX structure and specify EXTENDED_STARTUPINFO_PRESENT in the dwCreationFlags parameter.

//指向STARTUPINFO或 STARTUPINFO的结构体指针。

//设置扩展属性请用STARTUPINFOEX结构体并且在dwCreationFlags参数中加上//EXTENDED_STARTUPINFO_PRESENT标志。

 

lpProcessInformation [out]

A pointer to a PROCESS_INFORMATION structure that receives identification information about the new process.

Handles in PROCESS_INFORMATION must be closed with CloseHandle when they are no longer needed.

//指向PROCESS_INFORMATION结构体的指针用于新获得进程的id信息。

// 当PROCESS_INFORMATION中的句柄不再使用是，应使用CloseHandle关闭句柄。

Return Value

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To get extended error information, call GetLastError.

Remarks

The process is assigned a process identifier. The identifier is valid until the process terminates. It can be used to identify the process, or specified in the OpenProcess function to open a handle to the process. The initial thread in the process is also assigned a thread identifier. It can be specified in the OpenThread function to open a handle to the thread. The identifier is valid until the thread terminates and can be used to uniquely identify the thread within the system. These identifiers are returned in the PROCESS_INFORMATION structure.

//进程被分配一个进程ID，ID是有效的，直到进程终止。它可以标识一个进程，或者在//OpenProcess函数打开一个进程句柄时被指定。进程内的初始线程也被分配一个线程ID，//可以在OpenThread打开线程句柄是被指定。线程ID的有效性维持到线程终止，并且可以//唯一标识系统内的一个进程。

 

The name of the executable in the command line that the operating system provides to a process is not necessarily identical to that in the command line that the calling process gives to the CreateProcess function. The operating system may prepend a fully qualified path to an executable name that is provided without a fully qualified path.

//操作系统提供的可执行的命令行名字不必与CreateProcess提供的命令行相同。如果没有提//供一个完全有效的路径，操作系统会给执行名假设一个完全有效的路径

 

The calling thread can use the WaitForInputIdle function to wait until the new process has finished its initialization and is waiting for user input with no input pending. This can be useful for synchronization between parent and child processes, because CreateProcess returns without waiting for the new process to finish its initialization. For example, the creating process would use WaitForInputIdle before trying to find a window associated with the new process.

 

The preferred way to shut down a process is by using the ExitProcess function, because this function sends notification of approaching termination to all DLLs attached to the process. Other means of shutting down a process do not notify the attached DLLs. Note that when a thread calls ExitProcess, other threads of the process are terminated without an opportunity to execute any additional code (including the thread termination code of attached DLLs). For more information, see Terminating a Process.

A parent process can directly alter the environment variables of a child process during process creation. This is the only situation when a process can directly change the environment settings of another process. For more information, see Changing Environment Variables.

If an application provides an environment block, the current directory information of the system drives is not automatically propagated to the new process. For example, there is an environment variable named =C: whose value is the current directory on drive C. An application must manually pass the current directory information to the new process. To do so, the application must explicitly create these environment variable strings, sort them alphabetically (because the system uses a sorted environment), and put them into the environment block. Typically, they will go at the front of the environment block, due to the environment block sort order.

One way to obtain the current directory information for a drive X is to make the following call: GetFullPathName("X:", ...). That avoids an application having to scan the environment block. If the full path returned is X:/, there is no need to pass that value on as environment data, since the root directory is the default current directory for drive X of a new process.

When a process is created with CREATE_NEW_PROCESS_GROUP specified, an implicit call to SetConsoleCtrlHandler(NULL,TRUE) is made on behalf of the new process; this means that the new process has CTRL+C disabled. This lets shells handle CTRL+C themselves, and selectively pass that signal on to sub-processes. CTRL+BREAK is not disabled, and may be used to interrupt the process/process group.

For an example, see Creating Processes.

#include <windows.h>

#include <stdio.h>

#include <tchar.h>

 

void _tmain( int argc, TCHAR *argv[] )

{

    STARTUPINFO si;

    PROCESS_INFORMATION pi;

 

    ZeroMemory( &si, sizeof(si) );

    si.cb = sizeof(si);

    ZeroMemory( &pi, sizeof(pi) );

 

    if( argc != 2 )

    {

        printf("Usage: %s [cmdline]/n", argv[0]);

        return;

    }

 

    // Start the child process.

    if( !CreateProcess( NULL,   // No module name (use command line)

        argv[1],                  // Command line

        NULL,                  // Process handle not inheritable

        NULL,                 // Thread handle not inheritable

        FALSE,                // Set handle inheritance to FALSE

        0,                      // No creation flags

        NULL,                 // Use parent's environment block

        NULL,                 // Use parent's starting directory

        &si,                    // Pointer to STARTUPINFO structure

        &pi )                  // Pointer to PROCESS_INFORMATION structure

    )

    {

        printf( "CreateProcess failed (%d)./n", GetLastError() );

        return;

    }

 

    // Wait until child process exits.

    WaitForSingleObject( pi.hProcess, INFINITE );

 

    // Close process and thread handles.

    CloseHandle( pi.hProcess );

    CloseHandle( pi.hThread );

}