# CreateProcessA

CreateProcess는 현재 프로세스 컨텍스트에서 새로운 프로세스와 스레드를 생성합니다. 기존 프로세스의 컨텍스트에서 생성되기 때문에, 생성된 프로세스의 부모는 호출한 프로세스를 가리킵니다.

<figure><img src="/files/6DLrBAHdJ1iomFKr6HLU" alt=""><figcaption></figcaption></figure>

```cpp
BOOL CreateProcessA(
  [in, optional]      LPCSTR                lpApplicationName,
  [in, out, optional] LPSTR                 lpCommandLine,
  [in, optional]      LPSECURITY_ATTRIBUTES lpProcessAttributes,
  [in, optional]      LPSECURITY_ATTRIBUTES lpThreadAttributes,
  [in]                BOOL                  bInheritHandles,
  [in]                DWORD                 dwCreationFlags,
  [in, optional]      LPVOID                lpEnvironment,
  [in, optional]      LPCSTR                lpCurrentDirectory,
  [in]                LPSTARTUPINFOA        lpStartupInfo,
  [out]               LPPROCESS_INFORMATION lpProcessInformation
);
```

<table><thead><tr><th width="184">인자</th><th width="219">설명</th><th>보편적인 값</th></tr></thead><tbody><tr><td>lpApplicationName</td><td>실행할 프로그램 경로</td><td></td></tr><tr><td>lpCommandLine</td><td>명령줄 인수</td><td></td></tr><tr><td>lpProcessAttributes</td><td>프로세스 보안 속성</td><td>NULL</td></tr><tr><td>lpThreadAttributes</td><td>쓰레드 보안 속성</td><td>NULL</td></tr><tr><td>bInheritHandles</td><td>핸들 상속 여부</td><td>FALSE</td></tr><tr><td>dwCreationFlags</td><td>생성 플래그</td><td><code>CREATE_SUSPENDED | CREATE_NO_WINDOW</code></td></tr><tr><td>lpEnvironment</td><td>환경 변수</td><td>NULL</td></tr><tr><td>lpCurrentDirectory</td><td>작업 디렉토리</td><td>NULL</td></tr><tr><td>lpStartupInfo</td><td>시작 정보</td><td></td></tr><tr><td>lpProcessInformation</td><td>프로세스 정보</td><td></td></tr></tbody></table>

## Example

```cpp
#include <windows.h>
#include <iostream>
using namespace std;

struct ProcessHandles {
	HANDLE hProcess;
	HANDLE hThread;
	DWORD processId;
	DWORD threadId;
};

ProcessHandles* createSuspendedProcess(const char* processPath) {
	if (!processPath) {
		cout << "processPath is null" << endl;
		return nullptr;
	}

	STARTUPINFOA si = { sizeof(si) };
	PROCESS_INFORMATION pi = { 0 };
	si.dwFlags = STARTF_USESHOWWINDOW;
	si.wShowWindow = SW_HIDE;

	if (!CreateProcessA(
		processPath, NULL, NULL, NULL, FALSE,
		CREATE_SUSPENDED | CREATE_NO_WINDOW,
		NULL, NULL, &si, &pi
	)) {
		cout << "CreateProcessA failed. Error: " << GetLastError() << endl;
		return nullptr;
	}
	cout << "Process created (PID: " << pi.dwProcessId << ")" << endl;
	ProcessHandles* handles = new ProcessHandles;
	handles->hProcess = pi.hProcess;
	handles->hThread = pi.hThread;
	handles->processId = pi.dwProcessId;
	handles->threadId = pi.dwThreadId;
	return handles;
}

int main(){
    ProcessHandles* proc = createSuspendedProcess("C:\\Windows\\System32\\notepad.exe");
    if (!proc) return 0;
    CloseHandle(proc->hThread);
    CloseHandle(proc->hProcess);
    delete proc;
    return 0;
}
```

## References

{% embed url="<https://learn.microsoft.com/ko-kr/windows/win32/api/processthreadsapi/nf-processthreadsapi-createprocessa>" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.pentestwiki.com/defense-evasion/windows-api/createprocessa.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.