1 // 2 // 3 4 #include <Windows.h> 5 #include <winnt.h> 6 #include <winternl.h> 7 8 typedef NTSTATUS (__stdcall * NTQUERYINFORMATIONPROCESS) 9 ( 10 HANDLE ProcessHandle, 11 PROCESSINFOCLASS ProcessInformationClass, 12 PVOID ProcessInformation, 13 ULONG ProcessInformationLength, 14 PULONG ReturnLength 15 ); 16 17 int _tmain(int argc, _TCHAR* argv[]) 18 { 19 int errCode = 0; 20 21 HMODULE hMod = GetModuleHandle(L"NTDLL.DLL"); 22 if (hMod == NULL) 23 { 24 return 0; 25 } 26 27 NTQUERYINFORMATIONPROCESS ptrNtQueryInformationProcess = (NTQUERYINFORMATIONPROCESS)GetProcAddress(hMod, NtQueryInformationProcess"); 28 if (ptrNtQueryInformationProcess == NULL) 29 { 30 return 0; 31 } 32 33 PROCESS_BASIC_INFORMATION processBasicInformation; 34 ULONG retLength = 0; 35 NTSTATUS status = ptrNtQueryInformationProcess(GetCurrentProcess(), ProcessBasicInformation, processBasicInformation, sizeof(processBasicInformation), retLength); 36 37 return errCode; 38 } 39 40 //
在 PROCESS_BASIC_INFORMATION 结构体中,Reserved3字段保存的是父进程ID,强制转换成DWORD即可。