1 DWORD ShowParentProcessInfo() 2 { 3 typedef LONG (WINAPI *PROCNTQSIP)(HANDLE,UINT,PVOID,ULONG,PULONG); 4 PROCNTQSIP NtQueryInformationProcess; 5 NtQueryInformationProcess = (PROCNTQSIP)GetProcAddress( 6 GetModuleHandle(_T("ntdll")), 7 "NtQueryInformationProcess" 8 ); 9 10 if (!NtQueryInformationProcess) 11 return 0; 12 13 DWORD dwId = ::GetCurrentProcessId(); 14 LONG status; 15 DWORD dwParentPID = 0; 16 HANDLE hProcess; 17 W_PROCESS_BASIC_INFORMATION pbi; 18 19 // Get process handle 20 hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, NULL, dwId); 21 if (!hProcess) 22 return 0; 23 24 // Retrieve information 25 status = NtQueryInformationProcess( hProcess, 26 ProcessBasicInformation, 27 (PVOID)&pbi, 28 sizeof(W_PROCESS_BASIC_INFORMATION), 29 NULL 30 ); 31 32 // Copy parent Id on success 33 if (!status) 34 { 35 dwParentPID = pbi.InheritedFromUniqueProcessId; 36 HANDLE hParentProcess = NULL; 37 hParentProcess = OpenProcess(PROCESS_QUERY_INFORMATION|PROCESS_VM_READ, NULL, dwParentPID); 38 if (hParentProcess) 39 { 40 TCHAR szTemp[MAX_PATH] = {0}; 41 TCHAR szProcessName[MAX_PATH] = {0}; 42 DWORD dwErr = ::GetModuleFileNameEx(hParentProcess,NULL,szTemp,MAX_PATH); 43 ::GetLongPathName(szTemp, szProcessName, MAX_PATH); 44 if (dwErr) 45 Log4cxx(LOG4CXX__INFO, MODULENAME , _T("Caller=%s, ParentProcessID=%d"), szProcessName, dwParentPID); 46 else 47 Log4cxx(LOG4CXX__INFO, MODULENAME , _T("Caller=%s, ParentProcessID=%d, LastError=%d"), szProcessName, dwParentPID, dwErr); 48 } 49 CloseHandle (hParentProcess); 50 } 51 52 CloseHandle (hProcess); 53 54 return dwParentPID; 55 }
结果
Caller=C:Program Files (x86)WindWind.NET.ClientWindNETinwmain.exe, ParentProcessID=6012