函数原型
HANDLE WINAPI OpenProcess( _In_ DWORD dwDesiredAccess, _In_ BOOL bInheritHandle, _In_ DWORD dwProcessId );
Parameters
-
dwDesiredAccess [in]
-
The access to the process object. This access right is checked against the security descriptor for the process. This parameter can be one or more of the process access rights.
If the caller has enabled the SeDebugPrivilege privilege, the requested access is granted regardless of the contents of the security descriptor.
bInheritHandle [in]
-
If this value is TRUE, processes created by this process will inherit the handle. Otherwise, the processes do not inherit this handle.
dwProcessId [in]
-
The identifier of the local process to be opened.
If the specified process is the System Process (0x00000000), the function fails and the last error code is ERROR_INVALID_PARAMETER. If the specified process is the Idle process or one of the CSRSS processes, this function fails and the last error code is ERROR_ACCESS_DENIED because their access restrictions prevent user-level code from opening them.
Return value
If the function succeeds, the return value is an open handle to the specified process.
If the function fails, the return value is NULL. To get extended error information, call GetLastError.
Remarks
To open a handle to another local process and obtain full access rights, you must enable the SeDebugPrivilege privilege. For more information, see Changing Privileges in a Token.
The handle returned by the OpenProcess function can be used in any function that requires a handle to a process, such as the wait functions, provided the appropriate access rights were requested.
When you are finished with the handle, be sure to close it using the CloseHandle function.
Examples
For an example, see Taking a Snapshot and Viewing Processes.
Requirements
Minimum supported client | Windows XP [desktop apps only] |
---|---|
Minimum supported server | Windows Server 2003 [desktop apps only] |
Header |
|
Library |
|
DLL |
|
All possible access rights for a process object.
Windows Server 2003 and Windows XP: The size of thePROCESS_ALL_ACCESS flag increased on Windows Server 2008 and Windows Vista. If an application compiled for Windows Server 2008 and Windows Vista is run on Windows Server 2003 or Windows XP, the PROCESS_ALL_ACCESS flag is too large and the function specifying this flag fails with ERROR_ACCESS_DENIED. To avoid this problem, specify the minimum set of access rights required for the operation. If PROCESS_ALL_ACCESS must be used, set _WIN32_WINNT to the minimum operating system targeted by your application (for example, #define _WIN32_WINNT _WIN32_WINNT_WINXP
). For more information, see Using the Windows Headers.
Required to create a process.
PROCESS_CREATE_THREAD (0x0002) //dll注入时候可以选这个
Required to create a thread.
PROCESS_DUP_HANDLE (0x0040)
Required to duplicate a handle using DuplicateHandle.
PROCESS_QUERY_INFORMATION (0x0400) //getmodulefilenameex大概需要
Required to retrieve certain information about a process, such as its token, exit code, and priority class (see OpenProcessToken).
PROCESS_QUERY_LIMITED_INFORMATION(0x1000)
Required to retrieve certain information about a process (seeGetExitCodeProcess, GetPriorityClass, IsProcessInJob,QueryFullProcessImageName). A handle that has thePROCESS_QUERY_INFORMATION access right is automatically granted PROCESS_QUERY_LIMITED_INFORMATION.
Windows Server 2003 and Windows XP: This access right is not supported.
Required to set certain information about a process, such as its priority class (see SetPriorityClass).
PROCESS_SET_QUOTA (0x0100)Required to set memory limits using SetProcessWorkingSetSize.
PROCESS_SUSPEND_RESUME (0x0800)Required to suspend or resume a process.
PROCESS_TERMINATE (0x0001)Required to terminate a process using TerminateProcess. //关闭进程所需权限
PROCESS_VM_OPERATION (0x0008)Required to perform an operation on the address space of a process (see VirtualProtectEx and WriteProcessMemory).
PROCESS_VM_READ (0x0010)Required to read memory in a process using ReadProcessMemory. //获取信息
PROCESS_VM_WRITE (0x0020)Required to write to memory in a process using WriteProcessMemory.//写入所需权限
SYNCHRONIZE (0x00100000L)Required to wait for the process to terminate using the wait functions.
参数二:进程句柄是否可以被子进程继承,一般选false(不可被继承)
参数三:要打开进程的进程号,关于获取进程号的方法有1系统快照CreateToolhelp32Snapshot2枚举进程EnumProcesses
返回值:失败返回NULL,成功返回进程handle,使用完记得closehandle