进程句柄和线程句柄的继承

//CreateProcess的第3、4个参数为结构体，控制子进程，是否能继承主进程句柄表中存储的，其它子进程的进程句柄或线程句柄  
//创建进程时，会产生一个进程内核对象和线程的内核对象，进程和线程也是内核对象  
//例如，主进程A创建了1、2子进程， 1、2的进程句柄和线程句柄，就存储在主进程A的内核对象句柄表中
BOOL CreateProcess(								
  LPCTSTR lpApplicationName,                 // name of executable module								
  LPTSTR lpCommandLine,                      // command line string								
  LPSECURITY_ATTRIBUTES lpProcessAttributes, // SD								
  LPSECURITY_ATTRIBUTES lpThreadAttributes,  // SD								
  BOOL bInheritHandles,                      // handle inheritance option								
  DWORD dwCreationFlags,                     // creation flags								
  LPVOID lpEnvironment,                      // new environment block								
  LPCTSTR lpCurrentDirectory,                // current directory name								
  LPSTARTUPINFO lpStartupInfo,               // startup information								
  LPPROCESS_INFORMATION lpProcessInformation // process information								
);								
								
								
								
实现功能：								
								
在A进程中创建一个进程(比如浏览器进程IE)，并设定该子进程的进程内核句柄与主线程内核句柄为可继承								
								
在A进程中再创建一个进程B，在B中对IE进程控制								
								
进程A代码：								
								
char szBuffer[256] = {0};								
char szHandle[8] = {0};								
								
SECURITY_ATTRIBUTES ie_sa_p;								
ie_sa_p.nLength = sizeof(ie_sa_p);								
ie_sa_p.lpSecurityDescriptor = NULL;								
ie_sa_p.bInheritHandle = TRUE; 								
								
SECURITY_ATTRIBUTES ie_sa_t;								
ie_sa_t.nLength = sizeof(ie_sa_t);								
ie_sa_t.lpSecurityDescriptor = NULL;								
ie_sa_t.bInheritHandle = TRUE; 								
//创建一个可以被继承的内核对象,此处是个进程								
STARTUPINFO ie_si = {0};   								
PROCESS_INFORMATION ie_pi;								
ie_si.cb = sizeof(ie_si);								
								
TCHAR szCmdline[] =TEXT("c://program files//internet explorer//iexplore.exe");								
CreateProcess(								
	NULL, 							
	szCmdline, 							
	&ie_sa_p, 							
	&ie_sa_t, 							
	TRUE, 							
	CREATE_NEW_CONSOLE, 							
	NULL, 							
	NULL, &ie_si, &ie_pi); 							
								
//组织命令行参数								
sprintf(szHandle,"%x %x",ie_pi.hProcess,ie_pi.hThread);								
sprintf(szBuffer,"C:/z2.exe %s",szHandle);								
								
//定义创建进程需要用的结构体								
STARTUPINFO si = {0};   								
PROCESS_INFORMATION pi;								
si.cb = sizeof(si);								
								
//创建子进程								
BOOL res = CreateProcess(								
	NULL, 							
	szBuffer, 							
	NULL, 							
	NULL, 							
	TRUE, 							
	CREATE_NEW_CONSOLE, 							
	NULL, 							
	NULL, &si, &pi); 							
								
								
进程B代码：								
								
DWORD dwProcessHandle = -1;								
DWORD dwThreadHandle = -1;								
char szBuffer[256] = {0};								
								
								
memcpy(szBuffer,argv[1],8);								
sscanf(szBuffer,"%x",&dwProcessHandle);								
								
memset(szBuffer,0,256);								
memcpy(szBuffer,argv[2],8);								
sscanf(szBuffer,"%x",&dwThreadHandle);								
								
printf("获取IE进程、主线程句柄\n");								
Sleep(2000);								
//挂起主线程								
printf("挂起主线程\n");								
::SuspendThread((HANDLE)dwThreadHandle);								
								
Sleep(5000);								
								
//恢复主线程								
::ResumeThread((HANDLE)dwThreadHandle);								
printf("恢复主线程\n");								
								
Sleep(5000);								
								
//关闭ID进程								
::TerminateProcess((HANDLE)dwProcessHandle,1);								
::WaitForSingleObject((HANDLE)dwProcessHandle, INFINITE);								
								
printf("ID进程已经关闭.....\n");