zoukankan html css js c++ java

获取父进程ID

本程序主要功能是：获取某程序的ParentProcessID

直接上代码:

  1 // parent.cpp (Windows NT/2000)  
  2 //  
  3 // This example will show the method how you can retrieve the parent  
  4 // process ID on Windows NT/2000 using the NT Native API  
  5 //   
  6 //  
  7 // (c)1999 Ashot Oganesyan K, SmartLine, Inc  
  8 // mailto:ashot@aha.ru, http://www.protect-me.com, http://www.codepile.com  
  9   
 10 #include <windows.h>  
 11 #include <stdio.h>  
 12   
 13 #define ProcessBasicInformation 0  
 14   
 15 typedef struct  
 16 {  
 17     DWORD ExitStatus;  
 18     DWORD PebBaseAddress;  
 19     DWORD AffinityMask;  
 20     DWORD BasePriority;  
 21     ULONG UniqueProcessId;  
 22     ULONG InheritedFromUniqueProcessId;  
 23 }   PROCESS_BASIC_INFORMATION;  
 24   
 25   
 26 // ntdll!NtQueryInformationProcess (NT specific!)  
 27 //  
 28 // The function copies the process information of the  
 29 // specified type into a buffer  
 30 //  
 31 // NTSYSAPI  
 32 // NTSTATUS  
 33 // NTAPI  
 34 // NtQueryInformationProcess(  
 35 //    IN HANDLE ProcessHandle,              // handle to process  
 36 //    IN PROCESSINFOCLASS InformationClass, // information type  
 37 //    OUT PVOID ProcessInformation,         // pointer to buffer  
 38 //    IN ULONG ProcessInformationLength,    // buffer size in bytes  
 39 //    OUT PULONG ReturnLength OPTIONAL      // pointer to a 32-bit  
 40 //                                          // variable that receives  
 41 //                                          // the number of bytes  
 42 //                                          // written to the buffer   
 43 // );  
 44 typedef LONG (WINAPI *PROCNTQSIP)(HANDLE,UINT,PVOID,ULONG,PULONG);  
 45   
 46   
 47 PROCNTQSIP NtQueryInformationProcess;  
 48   
 49 DWORD GetParentProcessID(DWORD dwId);  
 50   
 51 void main(int argc, char* argv[])  
 52 {  
 53     if (argc<2)  
 54     {  
 55        printf("Usage:

parent.exe ProcId
");  
 56        return;  
 57     }  
 58   
 59     NtQueryInformationProcess = (PROCNTQSIP)GetProcAddress(  
 60                                             GetModuleHandle("ntdll"),  
 61                                             "NtQueryInformationProcess"  
 62                                             );  
 63   
 64     if (!NtQueryInformationProcess)  
 65        return;  
 66   
 67     DWORD dwId;  
 68     sscanf(argv[1],"%lu",&dwId);  
 69   
 70     printf("Parent PID for %lu is %lu
",dwId,GetParentProcessID(dwId));  
 71   
 72 }  
 73   
 74 DWORD GetParentProcessID(DWORD dwId)  
 75 {  
 76     LONG                      status;  
 77     DWORD                     dwParentPID = (DWORD)-1;  
 78     HANDLE                    hProcess;  
 79     PROCESS_BASIC_INFORMATION pbi;  
 80   
 81     // Get process handle  
 82     hProcess = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,dwId);  
 83     if (!hProcess)  
 84        return (DWORD)-1;  
 85   
 86     // Retrieve information  
 87     status = NtQueryInformationProcess( hProcess,  
 88                                         ProcessBasicInformation,  
 89                                         (PVOID)&pbi,  
 90                                         sizeof(PROCESS_BASIC_INFORMATION),  
 91                                         NULL  
 92                                       );  
 93   
 94     // Copy parent Id on success  
 95     if  (!status)  
 96         dwParentPID = pbi.InheritedFromUniqueProcessId;  
 97   
 98     CloseHandle (hProcess);  
 99   
100    return dwParentPID;  
101 }

查看全文

相关阅读:
DeflateStream类
 BufferedStream类
 FileStream类
 Asp.net MVC Comet 推送
 MVC 读书笔记
 MVC部署
 MVC系统过滤器、自定义过滤器
 MVC 路由规则
 MVC 模型绑定
 边双+点双模板

原文地址：https://www.cnblogs.com/Leoleepz/p/6259249.html