跨进程边界共享内核的方法:
1 使用对象句柄继承
typedef struct _SECURITY_ATTRIBUTES {
DWORD nLength;
LPVOID lpSecurityDescriptor;
BOOL bInheritHandle;
} SECURITY_ATTRIBUTES, *PSECURITY_ATTRIBUTES, *LPSECURITY_ATTRIBUTES;
句柄中的bInheritHandle设为TRUE,即可被其他进程继承。
再通过父进程生成子进程:
利用CreateProcess:
This function is used to run a new program. It creates a new process and its primary thread. The new process executes the specified executable file.
Note The remote application interface (RAPI) version of this function is named CeCreateProcess (RAPI).
BOOL CreateProcess(
LPCWSTR pszImageName,
LPCWSTR pszCmdLine,
LPSECURITY_ATTRIBUTES psaProcess,
LPSECURITY_ATTRIBUTES psaThread,
BOOL fInheritHandles,
DWORD fdwCreate,
LPVOID pvEnvironment,
LPWSTR pszCurDir,
LPSTARTUPINFOW psiStartInfo,
LPPROCESS_INFORMATION pProcInfo
);
KEY one: 改变句柄标志
Sets certain properties of an object handle.
BOOL WINAPI SetHandleInformation(
__in HANDLE hObject,
__in DWORD dwMask,
__in DWORD dwFlags
);
改变值 DWORD dwFlags:
HANDLE_FLAG_INHERIT
HANDLE_FLAG_PROTECT_FROM_CLOSE
2 为对象命名
如:
CreateMutex
This function creates a named or unnamed mutex object.
HANDLE CreateMutex(
LPSECURITY_ATTRIBUTES lpMutexAttributes,
BOOL bInitialOwner,
LPCTSTR lpName
);
给LPCTSTR lpName设置名字,以让其他进程访问这个有名内核对象。
KEY two:
终端服务命名空间(略)
专有命名空间(略)
3 复制对象句柄
使用DumplicateHandle函数:
原型:
This function duplicates an object handle. The duplicate handle refers to the same object as the original handle. Therefore, any changes to the object are reflected through both handles.
BOOL DuplicateHandle(
HANDLE hSourceProcessHandle,
HANDLE hSourceHandle,
HANDLE hTargetProcessHandle,
LPHANDLE lpTargetHandle,
DWORD dwDesiredAccess,
BOOL bInheritHandle,
DWORD dwOptions
);
Parameters dwOptions
Value | Description |
DUPLICATE_CLOSE_SOURCE | Closes the source handle. This occurs regardless of any error status returned. |
DUPLICATE_SAME_ACCESS | Ignores the dwDesiredAccess parameter. The duplicate handle has the same access as the source handle. This flag must be specified for Windows CE. |
参考资料:MSDN & Windows via C/C++