Process resources include an access token, a virtual address space description, and a handle table. Every process has a primary thread, which is the one that begins execution at WinMain, and may create other threads as it runs.
All the threads in one process share a single image of the executable file, but each new process requires the system to map the executable file into a new address space. The command for creating a process asks for the name of an .EXE file. An application that creates child processes to perform part of its work needs to be written and compiled as several distinct programs.
All Win32 processes begin life when some other process invokes them with CreateProcess. The Win32 subsystem starts up all its clients with that command. During CreateProcess, the system sets up a virtual address space, loads an executable file image, and creates a primary thread. CreateProcess returns a handle to the new process and a handle to its primary thread. The parent may close the handles, relinquishing control over its child. Or the parent may keep them to change the child’s priority class, terminate the child, or read the exit code when the child ends by itself. Like threads, even after they’ve finished executing, processes remain in memory until all handles to the process have been closed.
A process remains active until its primary thread reaches the end of its starting procedure and stops executing or until any of its threads call ExitProcess. ExitProcess causes the system to notify all supporting DLLs that this module has stopped. It also causes any other threads in the same process to terminate immediately.