{"id":8873,"date":"2011-12-16T07:00:00","date_gmt":"2011-12-16T07:00:00","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/oldnewthing\/2011\/12\/16\/programmatically-controlling-which-handles-are-inherited-by-new-processes-in-win32\/"},"modified":"2011-12-16T07:00:00","modified_gmt":"2011-12-16T07:00:00","slug":"programmatically-controlling-which-handles-are-inherited-by-new-processes-in-win32","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/oldnewthing\/20111216-00\/?p=8873","title":{"rendered":"Programmatically controlling which handles are inherited by new processes in Win32"},"content":{"rendered":"

\nIn unix, file descriptors are inherited by child processes by default.\nThis wasn’t so much an active decision as it was a consequence\nof the fork\/exec model.\nTo exclude a file descriptor from being inherited by children,\nyou set the FD_CLO­EXEC<\/code> flag on the file descriptor.\n<\/p>\n

\nWin32 sort of works like that, but backwards, and maybe a little\nupside-down.\n\nAnd in high heels<\/a>.\n<\/p>\n

\nIn Win32, handles default to not inherited<\/i>.\nWays to make a handle inherited during\nCreate­Process<\/code>\nhave grown during the evolution of Win32.\n<\/p>\n

\nAs far as I can tell, back in the old days,\ninheritability of handles was established at handle creation time.\nFor most handle creation functions, you do this by passing\na SECURITY_ATTRIBUTES<\/code> structure\nwith bInherit­Handle<\/code> set\nto TRUE<\/code>.\nFunctions which created handles from existing objects don’t have\na SECURITY_ATTRIBUTES<\/code> parameter,\nso they instead have an explicit bInherit­Handle<\/code>\nparameter.\n(For examples, see\nOpen­Event<\/code> and Duplicate­Handle<\/code>.)\n<\/p>\n

\nBut just marking a handle as inheritable isn’t good enough to get\nit inherited.\nYou also have to pass\nTRUE<\/code>\nas the\nbInherit­Handles<\/code> parameter to Create­Process<\/code>.\nA handle will be inherited only if\nif the bInherit­Handles<\/code> parameter is\nTRUE<\/code> and<\/u> the handle is marked as inheritable.\nMiss either of those steps, and you don’t get your inheritance.\n(To make sure you get your inheritance IRL, be nice to your grandmother.)\n<\/p>\n

\nIn Windows 2000,\nWin32 gained the ability to alter the inheritability of a handle\nafter it is created.\nThe\nSet­Handle­Information<\/code> function\nlets you turn the HANDLE_FLAG_INHERIT<\/code>\nflag on and off on a handle.\n<\/p>\n

\nBut all this inheritability fiddling still had a fatal flaw:\nWhat if two threads within the same process both call\nCreate­Process<\/code> but disagree on which handles\nthey want to be inherited?\nFor example, suppose you have a function\nCreate­Process­With­Shared­Memory<\/code>\nwhose job it is to\nlaunch a process, passing it\n\na custom-made shared memory block<\/a>.\nSuppose two threads run this function simultaneously.\n<\/p>\n\n\n\n\n\n\n
A<\/th>\n <\/td>\nB<\/th>\n<\/tr>\n
CreateFileMapping(inheritable=TRUE)<\/td>\nCreateFileMapping(inheritable=TRUE)<\/td>\n<\/tr>\n
returns handle H1<\/td>\nreturns handle H2<\/td>\n<\/tr>\n
CreateProcess(“A”, bInheritHandles=TRUE)<\/td>\nCreateProcess(“B”, bInheritHandles=TRUE)<\/td>\n<\/tr>\n
CloseHandle(H1)<\/td>\nCloseHandle(H2)<\/td>\n<\/tr>\n<\/table>\n

\nWhat just happened?\nSince inheritability is a property of the handle,\nprocesses A and B inherited both<\/i> handles\nH1 and H2, even though what we wanted was\nfor process A to inherit handle H1 and\nfor process B to inherit handle H2.\n<\/p>\n

\nFor a long time, the answer to this problem was the unsatisfactory\n“You’ll just have to serialize your calls to\nCreate­Process­With­Shared­Memory<\/code>\nso that thread B won’t accidentally cause a handle from\nthread A to be inherited by process B.”\nActually, the answer was even worse.\nYou had to serialize all functions that created inheritable\nhandles from the time the handle was created,\nthrough the call to\nCreate­Process<\/code>,\nand waiting until after all those inheritable handles were made\nno longer inheritable.\n<\/p>\n

\nThis was a serious problem since who knows what other parts of\nyour program are going to call Create­Process<\/code>\nwith bInherit­Handles<\/code> set to TRUE<\/code>?\nSure you can control the calls that your own code made,\nbut what about calls from plug-ins or other unknown components?\n(This is\n\nanother case<\/a> of\n\nkernel-colored glasses<\/a>.)\n<\/p>\n

\nWindows Vista addresses this problem by allowing you to\npass an explicit list of handles you want the\nbInherit­Handles<\/code> parameter to apply to.\n(If you pass an explicit list, then you must pass\nTRUE<\/code> for bInherit­Handles<\/code>.)\nAnd as before, for a handle to be inherited, it must be\nalso be marked as inheritable.\n<\/p>\n

\nPassing the list of handles you want to inherit is a multi-step\naffair.\nLet’s walk through it:\n<\/p>\n

\nBOOL CreateProcessWithExplicitHandles(\n  __in_opt     LPCTSTR lpApplicationName,\n  __inout_opt  LPTSTR lpCommandLine,\n  __in_opt     LPSECURITY_ATTRIBUTES lpProcessAttributes,\n  __in_opt     LPSECURITY_ATTRIBUTES lpThreadAttributes,\n  __in         BOOL bInheritHandles,\n  __in         DWORD dwCreationFlags,\n  __in_opt     LPVOID lpEnvironment,\n  __in_opt     LPCTSTR lpCurrentDirectory,\n  __in         LPSTARTUPINFO lpStartupInfo,\n  __out        LPPROCESS_INFORMATION lpProcessInformation,\n    \/\/ here is the new stuff\n  __in         DWORD cHandlesToInherit,\n  __in_ecount(cHandlesToInherit) HANDLE *rgHandlesToInherit)\n{\n BOOL fSuccess;\n BOOL fInitialized = FALSE;\n SIZE_T size = 0;\n LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList = NULL;\n fSuccess = cHandlesToInherit < 0xFFFFFFFF \/ sizeof(HANDLE) &&\n            lpStartupInfo->cb == sizeof(*lpStartupInfo);\n if (!fSuccess) {\n  SetLastError(ERROR_INVALID_PARAMETER);\n }\n if (fSuccess) {\n  fSuccess = InitializeProcThreadAttributeList(NULL, 1, 0, &size) ||\n             GetLastError() == ERROR_INSUFFICIENT_BUFFER;\n }\n if (fSuccess) {\n  lpAttributeList = reinterpret_cast<LPPROC_THREAD_ATTRIBUTE_LIST>\n                                (HeapAlloc(GetProcessHeap(), 0, size));\n  fSuccess = lpAttributeList != NULL;\n }\n if (fSuccess) {\n  fSuccess = InitializeProcThreadAttributeList(lpAttributeList,\n                    1, 0, &size);\n }\n if (fSuccess) {\n  fInitialized = TRUE;\n  fSuccess = UpdateProcThreadAttribute(lpAttributeList,\n                    0, PROC_THREAD_ATTRIBUTE_HANDLE_LIST,\n                    rgHandlesToInherit,\n                    cHandlesToInherit * sizeof(HANDLE), NULL, NULL);\n }\n if (fSuccess) {\n  STARTUPINFOEX info;\n  ZeroMemory<\/a>(&info, sizeof(info));\n  info.StartupInfo = *lpStartupInfo;\n  info.StartupInfo.cb = sizeof(info);\n  info.lpAttributeList = lpAttributeList;\n  fSuccess = CreateProcess(lpApplicationName,\n                           lpCommandLine,\n                           lpProcessAttributes,\n                           lpThreadAttributes,\n                           bInheritHandles,\n                           dwCreationFlags | EXTENDED_STARTUPINFO_PRESENT,\n                           lpEnvironment,\n                           lpCurrentDirectory,\n                           &info.StartupInfo,\n                           lpProcessInformation);\n }\n if (fInitialized) DeleteProcThreadAttributeList(lpAttributeList);\n if (lpAttributeList) HeapFree(GetProcessHeap(), 0, lpAttributeList);\n return fSuccess;\n}\n<\/pre>\n
\nAfter some initial sanity checks, we start doing real work.\n<\/p>\n
\nInitializing a PROC_THREAD_ATTRIBUTE_LIST<\/code>\nis a two-step affair.\nFirst you call\nInitialize­Proc­Thread­Attribute­List<\/code>\nwith a NULL<\/code> attribute list in order to determine how\nmuch memory you need to allocate for a one-entry attribute list.\nAfter allocating the memory, you call\nInitialize­Proc­Thread­Attribute­List<\/code>\na second time to do the actual initialization.\n<\/p>\n
\nAfter creating the attribute list, you set the one entry\nby calling\nUpdate­Proc­Thread­Attribute­List<\/code>.\n<\/p>\n
\nAnd then it’s off to the races.\nPut that attribute list in a STARTUP­INFO­EX<\/code>\nstructure, set the\nEXTENDED_STARTUPINFO_PRESENT<\/code> flag,\nand hand everything off to Create­Process<\/code>.<\/p>\n","protected":false},"excerpt":{"rendered":"
In unix, file descriptors are inherited by child processes by default. This wasn’t so much an active decision as it was a consequence of the fork\/exec model. To exclude a file descriptor from being inherited by children, you set the FD_CLO­EXEC flag on the file descriptor. Win32 sort of works like that, but backwards, and […]<\/p>\n","protected":false},"author":1069,"featured_media":111744,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[25],"class_list":["post-8873","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-oldnewthing","tag-code"],"acf":[],"blog_post_summary":"
In unix, file descriptors are inherited by child processes by default. This wasn’t so much an active decision as it was a consequence of the fork\/exec model. To exclude a file descriptor from being inherited by children, you set the FD_CLO­EXEC flag on the file descriptor. Win32 sort of works like that, but backwards, and […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/8873","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/users\/1069"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/comments?post=8873"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/8873\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media\/111744"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media?parent=8873"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/categories?post=8873"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/tags?post=8873"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}