一个进程的诞生与死亡

我爱北京天安门

天安门上太阳升

伟大领袖毛主席

指引我们向前进

<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><font size="2"><span style="FONT-FAMILY: 宋体">&nbsp;&nbsp;&nbsp; 执行一个程序，必然就产生一个进程（<span lang="EN">Process</span>）。最直接的程序执行方式就是在<span lang="EN">shell</span>（如<span lang="EN"> Windows 9x</span>的资源管理器或<span lang="EN">Windows 3.x</span>的文件管理器）中以鼠标双击某一个可执行文件图标（假设其为<span lang="EN">App.exe</span>），执行起来的<span lang="EN">App</span>进程其实是<span lang="EN">shell</span>调用<span lang="EN">CreateProcess</span>激活的。让我们看看整个流程：<span lang="EN"><?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p></span></span></font></p> <p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN" style="FONT-FAMILY: 宋体"><o:p><font size="2">&nbsp;</font></o:p></span></p> <p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><font size="2"><span lang="EN" style="FONT-FAMILY: 宋体"><span style="mso-tab-count: 1">&nbsp;&nbsp;&nbsp; </span><span style="mso-tab-count: 1">&nbsp;&nbsp;&nbsp; </span>1</span><span style="FONT-FAMILY: 宋体">、<span lang="EN">shell</span>调用<span lang="EN">CreateProcess</span>激活<span lang="EN">App.exe</span>。<span lang="EN"><o:p></o:p></span></span></font></p> <p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><font size="2"><span lang="EN" style="FONT-FAMILY: 宋体"><span style="mso-tab-count: 1">&nbsp;&nbsp;&nbsp; </span><span style="mso-tab-count: 1">&nbsp;&nbsp;&nbsp; </span>2</span><span style="FONT-FAMILY: 宋体">、系统产生一个“进程核心对象”，计数值为<span lang="EN">1</span>。<span lang="EN"><o:p></o:p></span></span></font></p> <p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><font size="2"><span lang="EN" style="FONT-FAMILY: 宋体"><span style="mso-tab-count: 1">&nbsp;&nbsp;&nbsp; </span><span style="mso-tab-count: 1">&nbsp;&nbsp;&nbsp; </span>3</span><span style="FONT-FAMILY: 宋体">、系统为此进程建立一个<span lang="EN"> 4GB </span>地址空间。<span lang="EN"><o:p></o:p></span></span></font></p> <p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt 57.75pt; TEXT-INDENT: -15.75pt; mso-para-margin-left: 4.0gd; mso-char-indent-count: -1.5"><font size="2"><span lang="EN" style="FONT-FAMILY: 宋体">4</span><span style="FONT-FAMILY: 宋体">、加载器将必要的码加载到上述地址空间中，包括<span lang="EN">App.exe</span>的程序、数据，以及所需的动态链接函数库（<span lang="EN">DLLs</span>）。加载器如何知道要加载哪些<span lang="EN">DLLs</span>呢？它们被记录在可执行文件（<span lang="EN">PE</span>档案格式）的<span lang="EN"> .idata section </span>中。<span lang="EN"><o:p></o:p></span></span></font></p> <p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt 57.75pt; TEXT-INDENT: -15.75pt; mso-para-margin-left: 4.0gd; mso-char-indent-count: -1.5"><font size="2"><span lang="EN" style="FONT-FAMILY: 宋体">5</span><span style="FONT-FAMILY: 宋体">、系统为些进程建立一个线程，称为主线程（<span lang="EN">primary thread</span>）。线程才是<span lang="EN">CPU</span>时间分配的对象。<span lang="EN"><o:p></o:p></span></span></font></p> <p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt 21pt; TEXT-INDENT: 21pt; mso-para-margin-left: 2.0gd"><font size="2"><span lang="EN" style="FONT-FAMILY: 宋体">6</span><span style="FONT-FAMILY: 宋体">、系统调用<span lang="EN">C Runtime</span>函数库的<span lang="EN">Startup code</span>。<span lang="EN"><o:p></o:p></span></span></font></p> <p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt 21pt; TEXT-INDENT: 21pt; mso-para-margin-left: 2.0gd"><font size="2"><span lang="EN" style="FONT-FAMILY: 宋体">7</span><span style="FONT-FAMILY: 宋体">、<span lang="EN">Startup code</span>调用<span lang="EN">App</span>程序的<span lang="EN">WinMain</span>函数。<span lang="EN"><o:p></o:p></span></span></font></p> <p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt 21pt; TEXT-INDENT: 21pt; mso-para-margin-left: 2.0gd"><font size="2"><span lang="EN" style="FONT-FAMILY: 宋体">8</span><span style="FONT-FAMILY: 宋体">、<span lang="EN">App</span>程序开始运行。<span lang="EN"><o:p></o:p></span></span></font></p> <p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt 21pt; TEXT-INDENT: 21pt; mso-para-margin-left: 2.0gd"><font size="2"><span lang="EN" style="FONT-FAMILY: 宋体">9</span><span style="FONT-FAMILY: 宋体">、用户关闭<span lang="EN">App</span>主窗口，使<span lang="EN">WinMain</span>中的消息循环结束掉，于是<span lang="EN">WinMain</span>结束。<span lang="EN"><o:p></o:p></span></span></font></p> <p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt 21pt; TEXT-INDENT: 21pt; mso-para-margin-left: 2.0gd"><font size="2"><span lang="EN" style="FONT-FAMILY: 宋体">10</span><span style="FONT-FAMILY: 宋体">、回到<span lang="EN">Startup code</span>。<span lang="EN"><o:p></o:p></span></span></font></p> <p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt 21pt; TEXT-INDENT: 21pt; mso-para-margin-left: 2.0gd"><font size="2"><span lang="EN" style="FONT-FAMILY: 宋体">11</span><span style="FONT-FAMILY: 宋体">、回到系统，系统调用<span lang="EN">ExitProcess</span>结束进程。<span lang="EN"><o:p></o:p></span></span></font></p> <p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt 36.75pt; TEXT-INDENT: -15.75pt; mso-para-margin-left: 2.0gd; mso-char-indent-count: -1.5"><span lang="EN" style="FONT-FAMILY: 宋体"><o:p><font size="2">&nbsp;</font></o:p></span></p> <p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt; TEXT-INDENT: 21pt"><span style="FONT-FAMILY: 宋体"><font size="2">可以说，通过这种方式执行起来的所有<span lang="EN">Windows</span>程序，都是<span lang="EN">shell</span>的子进程。本来，母进程与子进程之间可能有某些关系存在，但<span lang="EN">shell</span>在调用<span lang="EN">CreateProcess</span>时已经把母子之间的脐带关系剪断了，因此它们事实上是独立个体。<span lang="EN"><o:p></o:p></span></font></span></p>