# Process, Thread & Handler {% hint style="info" %} The is the beginning of my learning path about **malware development** (aka **maldev**). I will put here my works, the useful resources and some codes to have a sort of blog/source code haven for all of that I was learning. {% endhint %} ### Reference: {% embed url="" %} The video which contains the learning stuffs and the homework of this page {% endembed %} ### Homework: *Hello World! with Win32 API* Here an example of using the `MessageBoxW()` function: ```c #include int main(void) { // MessageBoxW : Unicode MessageBoxW( NULL, L"This is the homework 1", L"Crow Homeworks", MB_OK | MB_ICONINFORMATION ); return EXIT_SUCCESS; } ``` ### Homework : *create a Process* > Now, in the video, if you stayed until the end, you'll have heard that I assigned you some homework. ***I wasn't kidding***. Here's your homework. I want you to, using some of the Win32 API functions covered in the video, develop a program that will do the following: > > Startup a process of your choosing, and print out some values like the `PID, TID` and `Handles` for the subsequent processes/threads. Then, have it wait for the process or thread to finish using an API like [`WaitForSingleObject()`](https://learn.microsoft.com/en-us/windows/win32/api/synchapi/nf-synchapi-waitforsingleobject) before closing the handles to your thread and process, using an API like [`CloseHandle()`](https://learn.microsoft.com/en-us/windows/win32/api/handleapi/nf-handleapi-closehandle). My solution for the homework's crow: ```c #include #include int main(void) { STARTUPINFOW si = { 0 }; PROCESS_INFORMATION pi = { 0 }; // BOOL CreateProcessW( // [in, optional] LPCWSTR lpApplicationName, // [in, out, optional] LPWSTR lpCommandLine, // [in, optional] LPSECURITY_ATTRIBUTES lpProcessAttributes, // [in, optional] LPSECURITY_ATTRIBUTES lpThreadAttributes, // [in] BOOL bInheritHandles, // [in] DWORD dwCreationFlags, // [in, optional] LPVOID lpEnvironment, // [in, optional] LPCWSTR lpCurrentDirectory, // [in] LPSTARTUPINFOW lpStartupInfo, // [out] LPPROCESS_INFORMATION lpProcessInformation // ); // Works only on W10 (mspaint.exe doesn't exist on W11) if(CreateProcessW( L"C:\\Windows\\System32\\mspaint.exe", NULL, NULL, NULL, FALSE, BELOW_NORMAL_PRIORITY_CLASS, NULL, NULL, &si, &pi )) { printf("(+) got handle to process\n"); printf("(+) process started! pid: %ld\n", pi.dwProcessId); printf(" (+) pid: %ld, handle: %ld\n", pi.dwProcessId, pi.hProcess); printf(" (+) tid: %ld, handle: %ld\n", pi.dwThreadId, pi.hThread); WaitForSingleObject(pi.hProcess, 10000); printf("(+) finished! exiting...\n"); CloseHandle(pi.hProcess); return EXIT_SUCCESS; } return EXIT_FAILURE; } ``` ### Homework : *open a Process* TODO ! --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://meitoka.gitbook.io/stash/malware-development-crow/process-thread-and-handler.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.