#include <Windows.h>
int WINAPI WinMain (HINSTANCE hinstExe, HINSTANCE,
PSTR pszCmdLine, int nCmdShow) {
// Prepare a STARTUPINFO structure for spawning processes.
STARTUPINFO si = { sizeof(si) };
SECURITY_ATTRIBUTES saProcess, saThread;
PROCESS_INFORMATION piProcessB, piProcessC;
TCHAR szPath[MAX_PATH];
// Prepare to spawn Process B from Process A.
// The handle identifying the new process
// object should be inheritable.
saProcess.nLength = sizeof(saProcess);
saProcess.lpSecurityDescriptor = NULL;
saProcess.bInheritHandle = TRUE;
// The handle identifying the new thread
// object should NOT be inheritable.
saThread.nLength = sizeof(saThread);
saThread.lpSecurityDescriptor = NULL;
saThread.bInheritHandle = FALSE;
// Spawn Process B.
lstrcpy(szPath, TEXT("ProcessB"));
CreateProcess(NULL, szPath, &saProcess, &saThread,
FALSE, 0, NULL, NULL, &si, &piProcessB);
// The pi structure contains two handles
// relative to Process A:
// hProcess, which identifies Process B's process
// object and is inheritable; and hThread, which identifies
// Process B's primary thread object and is NOT inheritable.
// Prepare to spawn Process C from Process A.
// Since NULL is passed for the psaProcess and psaThread
// parameters, the handles to Process C's process and
// primary thread objects default to "noninheritable."
// If Process A were to spawn another process, this new
// process would NOT inherit handles to Process C's process
// and thread objects.
// Because TRUE is passed for the bInheritHandles parameter,
// Process C will inherit the handle that identifies Process
// B's process object but will not inherit a handle to
// Process B's primary thread object.
lstrcpy(szPath, TEXT("ProcessC"));
CreateProcess(NULL, szPath, NULL, NULL,
TRUE, 0, NULL, NULL, &si, &piProcessC);
return(0);
}
在进程A中创建进程B,由于saProcess.bInheritHandle = TRUE;saThread.bInheritHandle = FALSE;
即在A的句柄表中创建了两个内核对象,其中saProcess是可继承的,而saThread为不可继承的
在CREATEPROCESS中参数BOOL bInheritHandles为FALSE,则B进程是无法从A进程中继承A句柄表中可继承的句柄
当创建C进程的时候,参数BOOL bInheritHandles为TRUE,表示C可以从A进程中继承A句柄表中可继承的句柄,而B的saProcess是可继承的,而saThread为不可继承的
则C进程的句柄表中继承了B的saProcess安全描述符中决定该内核对象是不是能够被继承,而在CREATEPROCESS中参数BOOL bInheritHandles表示是不是执行继承这个动作关于B的saProcess被C继承,我的理解应该是这样,既然进程都维护了一个句柄表,那么A和B都有各自的句柄表,其中A的句柄表中就包含了HANLDER OF PROCESSB 的内容
并且是可继承的,那么C在运行时候发现该表中有可继承的项,统统在自己的句柄表中开辟新的条目来继承A中句柄表可继承的条目同时理解应该--感觉在B创建中,B中的句柄表应该包含一个自己的进程句柄对应的内核对象,同时A句柄表也应该包含一个B的进程句柄对应的内核对象(因为是在A中创建的内核对象),所以B的进程句柄对应的内核对象的开始记数应该为2