How do I make child processes in Win32 so that they show up as nested in Task Manager?

Question

I have a Win32 C++ application. I'm trying to launch one or several child processes with CreateProcess. I want the children to close when the parent does.

I achieved this by creating a job and enabling JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE:

HANDLE hJob = CreateJobObject(NULL, NULL);

JOBOBJECT_EXTENDED_LIMIT_INFORMATION extendedInfo;
ZeroMemory(&extendedInfo, sizeof(extendedInfo));
extendedInfo.BasicLimitInformation.LimitFlags =
    JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE;

SetInformationJobObject(
        hJob, JOBOBJECTINFOCLASS::JobObjectExtendedLimitInformation,
        &extendedInfo, sizeof(extendedInfo));

Then adding the current (parent) and created (child) process to this job:

// assign parent to job
AssignProcessToJobObject(hJob, GetCurrentProcess());

// launch child with no inherited handles
PROCESS_INFORMATION procInfo;
ZeroMemory(&procInfo, sizeof(procInfo));
STARTUPINFOA startInfo;
ZeroMemory(&startInfo, sizeof(startInfo));
startInfo.cb = sizeof(startInfo);
startInfo.dwFlags |= STARTF_USESTDHANDLES;
bool success = CreateProcessA(NULL,
                              "test.exe",  // command line
                              NULL,     // process security attributes
                              NULL,   // primary thread security attributes
                              FALSE,  // handles are inherited
                              0,      // creation flags
                              NULL,   // use parent's environment
                              NULL,   // use parent's current directory
                              &startInfo,  // STARTUPINFO pointer
                              &procInfo);  // receives PROCESS_INFORMATION
// assign child to job
AssignProcessToJobObject(hJob, procInfo.hProcess);

This works, but the parent app and the child app (main.exe and test.exe) show up as two unrelated processes in the task manager:

(Even though closing main.exe will close test.exe).

What am I doing differently than, say, Microsoft Teams or Chrome, which both have nested processes?

Answer 1

Exactly what Task manager is doing is not documented.

In Windows 8 it does not group child processes, it only organizes based on a process having a window or by being "special".

How does Task Manager categorize processes as App, Background Process, or Windows Process?:

These are terms that Task Manager simply made up. The system itself doesn’t really care what kind of processes they are.

If the process has a visible window, then Task Manager calls it an “App”.

If the process is marked as critical, then Task Manager calls it a “Windows Process”.

Otherwise, Task Manager calls it a “Background Process”.

(I don't believe this is 100% accurate, it clearly knows about services and I suspect it might hard-code some names)

In Windows 10 it tries harder to group things together but I don't exactly know what it is doing.

• It is often (but not always) able to tie the conhost.exe child to its parent console application.

• The new fancy store/packaged versions of Notepad and Paint have all their processes in a single group. The same does not happen with Notepad2 even though it has a Application Model ID set. Neither does it apply to Wordpad (even when one is a child of the other). I also tried setting an AMUI in a little test application and neither process wide AMUI nor per-HWND AMUI seems to trigger the grouping.

• A job object does not seem to enable grouping.

• Depending on your version, Edge might use a special API to tell Task manager about its processes.

In conclusion, I don't know what exactly what it is looking for but Packaged applications and App Containers seem to often trigger it.