WINDOWS

You create a process with the CreateProcess function:

BOOL CreateProcess( PCTSTR pszApplicationName, PTSTR
pszCommandLine, PSECURITY_ATTRIBUTES psaProcess,
PSECURITY_ATTRIBUTES psaThread, BOOL bInheritHandles, DWORD
fdwCreate, PVOID pvEnvironment, PCTSTR pszCurDir,
PSTARTUPINFO psiStartInfo, PPROCESS_INFORMATION ppiProcInfo);

When a thread calls CreateProcess, the system creates a process kernel object with an initial usage
count of 1. This process kernel object is not the process itself but a small data structure that the
operating system uses to manage the process—you can think of the process kernel object as a small
data structure that consists of statistical information about the process. The system then creates a
virtual address space for the new process and loads the code and data for the executable file and any
required DLLs into the process's address space.
The system then creates a thread kernel object (with a usage count of 1) for the new process's
primary thread. Like the process kernel object, the thread kernel object is a small data structure that
the operating system uses to manage the thread. This primary thread begins by executing the C/C++
run-time startup code, which eventually calls your WinMain, wWinMain, main, or wmain function.
If the system successfully creates the new process and primary thread, CreateProcess returns
TRUE.

void ExitProcess( UINT uExitCode);

The exit code for the process and all threads.
ExitProcess is the preferred method of ending a process. This
function provides a clean process shutdown. This includes calling
the entry-point function of all attached dynamic-link libraries
(DLLs) with a value indicating that the process is detaching from
the DLL. If a process terminates by calling TerminateProcess, the
DLLs that the process is attached to are not notified of the
process termination. After all attached DLLs have executed any process termination
value, this function terminates the current process.

DWORD WaitForSingleObject(HANDLE hHandle, DWORD

dwMilliseconds);
A handle to the object. For a list of the object types whose handles can be
specifiedIf this handle is closed while the wait is still pending, the
function's behavior is undefined.The handle must have the SYNCHRONIZE access
right.
The time-out interval, in milliseconds. If a nonzero value is specified, the
function waits until the object is signaled or the interval elapses. If
dwMilliseconds is zero, the function does not enter a wait state if the object
is not signaled; it always returns immediately. If dwMilliseconds is INFINITE,
the function will return only when the object is signaled.
If the function succeeds, the return value indicates the event that caused the
function to return.
The WaitForSingleObject function checks the current state of the specified object. If the object's
state is nonsignaled, the calling thread enters the wait state until the object is signaled or the time-
out interval elapses.The function modifies the state of some types of synchronization objects.
Modification occurs only for the object whose signaled state caused the function to return.

HANDLE CreateFile(
LPCTSTR lpFileName, // pointer to name of the file
DWORD dwDesiredAccess, // access (read-write) mode
DWORD dwShareMode, // share mode
LPSECURITY_ATTRIBUTES lpSecurityAttributes,
// pointer to security attributes
DWORD dwCreationDisposition, // how to create
DWORD dwFlagsAndAttributes, // file attributes
HANDLE hTemplateFile // handle to file with attributes
to
// copy
);
Creates or opens a file or I/O device. The most commonly used I/O devices are
as follows: file, file stream, directory, physical disk, volume, console buffer,
tape drive, communications resource, mailslot, and pipe. The function returns a
handle that can be used to access the file or device for various types of I/O
depending on the file or device and the flags and attributes specified.

If the function succeeds, the return value is an open handle to

the specified file, device, named pipe, or mail slot.

If the function fails, the return value is INVALID_HANDLE_VALUE.

BOOL ReadFile(
HANDLE hFile,
LPVOID lpBuffer,
DWORD nNumberOfBytesToRead,
LPDWORD lpNumberOfBytesRead,
LPOVERLAPPED lpOverlapped
);

If the function succeeds, the return value is nonzero (TRUE).

If the function fails, or is completing asynchronously, the return value is zero (FALSE).

Reads data from the specified file or input/output (I/O) device.

Reads occur at the position specified by the file pointer if
supported by the device.
This function is designed for both synchronous and asynchronous operations.
BOOL WriteFile(
HANDLE hFile,
LPCVOID lpBuffer,
 DWORD nNumberOfBytesToWrite,
LPDWORD lpNumberOfBytesWritten,
LPOVERLAPPED lpOverlapped
);

If the function succeeds, the return value is nonzero (TRUE).

If the function fails, or is completing asynchronously, the return value is zero (FALSE).

The WriteFile function writes data to a file and is designed for

both synchronous and asynchronous operation. The function starts
writing data to the file at the position indicated by the file
pointer. After the write operation has been completed, the file
pointer is adjusted by the number of bytes actually written,
except when the file is opened with FILE_FLAG_OVERLAPPED. If the
file handle was created for overlapped input and output (I/O), the
application must adjust the position of the file pointer after the
write operation is finished.

BOOL CloseHandle( HANDLE hObject);

Nonzero indicates success. Zero indicates failure
CloseHandle invalidates the specified object handle, decrements the
object's handle count, and performs object retention checks. After
the last handle to an object is closed, the object is removed from
the system. Persistent objects such as databases and files will
remain in storage, but must be re-opened to be accessed again.
Closing a thread handle does not terminate the associated thread. To remove a thread object, you
must terminate the thread, then close all handles to the thread

BOOL WINAPI SetConsoleMode(

_In_ HANDLE hConsoleHandle,
_In_ DWORD dwMode
);

If the function succeeds, the return value is nonzero.

A console consists of an input buffer and one or more screen buffers. The mode
of a console buffer determines how the console behaves during input and output
(I/O) operations. One set of flag constants is used with input handles, and
another set is used with screen buffer (output) handles. Setting the output
modes of one screen buffer does not affect the output modes of other screen
buffers.

BOOL WINAPI ReadConsole(

_In_ HANDLE hConsoleInput,
_Out_ LPVOID lpBuffer,
_In_ DWORD nNumberOfCharsToRead,
_Out_ LPDWORD lpNumberOfCharsRead,
_In_opt_ LPVOID pInputControl
);
If the function succeeds, the return value is nonzero.

ReadConsole reads keyboard input from a console's input buffer. It behaves like
the ReadFile function, except that it can read in either Unicode (wide-
character) or ANSI mode. To have applications that maintain a single set of
sources compatible with both modes, use ReadConsole rather than ReadFile.
Although ReadConsole can only be used with a console input buffer handle,
ReadFile can be used with other handles (such as files or pipes). ReadConsole
fails if used with a standard handle that has been redirected to be something
other than a console handle.

BOOL WINAPI WriteConsole(

_In_ HANDLE hConsoleOutput,

_In_ const VOID *lpBuffer,
_In_ DWORD nNumberOfCharsToWrite,
_Out_opt_ LPDWORD lpNumberOfCharsWritten,
_Reserved_ LPVOID lpReserved
);

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero.

The WriteConsole function writes characters to the console screen buffer at the
current cursor position. The cursor position advances as characters are written.

DWORD GetCurrentProcessId();

This function has no parameters.The return value is the process identifier of

the calling process.Retrieves the process identifier of the calling
process.Until the process terminates, the process identifier uniquely identifies
the process throughout the system.

UINT_PTR SetTimer(

HWND hWnd,
UINT_PTR nIDEvent,
UINT uElapse,
TIMERPROC lpTimerFunc
);

Type: UINT_PTR

If the function succeeds and the hWnd parameter is NULL, the return value is an integer identifying
the new timer.If the function succeeds and the hWnd parameter is not NULL, then the return value
is a nonzero integer.Creates a timer with the specified time-out value.An application can process
WM_TIMER messages by including a WM_TIMER case statement in the window procedure or by
specifying a TimerProc callback function when creating the timer.

void Sleep( DWORD dwMilliseconds);

Returns nothing
Suspends the execution of the current thread until the time-out interval elapses. This function causes a thread
to relinquish the remainder of its time slice and become unrunnable for an interval based on the
value of dwMilliseconds. The system clock "ticks" at a constant rate

BOOL CreatePipe(
PHANDLE hReadPipe,
PHANDLE hWritePipe,
LPSECURITY_ATTRIBUTES lpPipeAttributes,
DWORD nSize
);

If the function succeeds, the return value is nonzero.If the function fails, the return value is
zero.Creates an anonymous pipe, and returns handles to the read and write ends of the
pipe.CreatePipe creates the pipe, assigning the specified pipe size to the storage buffer. CreatePipe
also creates handles that the process uses to read from and write to the buffer.

LPVOID MapViewOfFile(
HANDLE hFileMappingObject,
DWORD dwDesiredAccess,
DWORD dwFileOffsetHigh,
DWORD dwFileOffsetLow,
SIZE_T dwNumberOfBytesToMap
);

If the function succeeds, the return value is the starting address

of the mapped view.If the function fails, the return value is NULL. Maps a view of a file
mapping into the address space of a calling process.Mapping a file makes the specified portion of a
file visible in the address space of the calling process. For files that are larger than the address
space, you can only map a small portion of the file data at one time. When the first view is
complete, you can unmap it and map a new view.

HANDLE CreateFileMappingA(

HANDLE hFile,
LPSECURITY_ATTRIBUTES lpFileMappingAttributes,
DWORD flProtect,
DWORD dwMaximumSizeHigh,
DWORD dwMaximumSizeLow,
LPCSTR lpName
);

If the function succeeds, the return value is a handle to the newly created file mapping object.If the
function fails, the return value is NULL.Creates or opens a named or unnamed file mapping object
for a specified file.After a file mapping object is created, the size of the file must not exceed the size
of the file mapping object; if it does, not all of the file contents are available for sharing.
BOOL SetFileSecurityA(
LPCSTR lpFileName,
SECURITY_INFORMATION SecurityInformation,
PSECURITY_DESCRIPTOR pSecurityDescriptor
);

If the function succeeds, the function returns nonzero.If the function fails, it
returns zero. The SetFileSecurity function sets the security of a file or directory object.

BOOL InitializeSecurityDescriptor(

PSECURITY_DESCRIPTOR pSecurityDescriptor,
DWORD dwRevision
);

If the function succeeds, the function returns nonzero.If the function

fails, it returns zero.The InitializeSecurityDescriptor function initializes
a security descriptor in absolute format, rather than self-
relative format.The InitializeSecurityDescriptor function
initializes a new security descriptor.The
InitializeSecurityDescriptor function initializes a security
descriptor in absolute format, rather than self-relative format.It
initializes a security descriptor to have no system access control list (SACL), no discretionary
access control list (DACL), no owner, no primary group, and all control flags set to FALSE
(NULL). Thus, except for its revision level, it is empty.

uint32 SetSecurityDescriptor(

[in] Win32_SecurityDescriptor Descriptor

);

Descriptor [in]

An expression that resolves to an instance of Win32_SecurityDescriptor.

The SetSecurityDescriptorWMI class method sets a security descriptor to the specified structure. A
security descriptor contains information about the owner of the object and the object's primary
group. The security descriptor also contains the discretionary access control list (DACL) and the
system access control list (SACL). DACLs specify which groups and accounts have access to an
object and what type of access to grant. SACLs specify who has access to the auditing entries in the
Security event log.