1 DWORD ShowParentProcessInfo()
2 {
3 typedef LONG (WINAPI *PROCNTQSIP)(HANDLE,UINT,PVOID,ULONG,PULONG);
4 PROCNTQSIP NtQueryInformationProcess;
5 NtQueryInformationProcess = (PROCNTQSIP)GetProcAddress(
6 GetModuleHandle(_T("ntdll")),
7 "NtQueryInformationProcess"
8 );
9
10 if (!NtQueryInformationProcess)
11 return 0;
12
13 DWORD dwId = ::GetCurrentProcessId();
14 LONG status;
15 DWORD dwParentPID = 0;
16 HANDLE hProcess;
17 W_PROCESS_BASIC_INFORMATION pbi;
18
19 // Get process handle
20 hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, NULL, dwId);
21 if (!hProcess)
22 return 0;
23
24 // Retrieve information
25 status = NtQueryInformationProcess( hProcess,
26 ProcessBasicInformation,
27 (PVOID)&pbi,
28 sizeof(W_PROCESS_BASIC_INFORMATION),
29 NULL
30 );
31
32 // Copy parent Id on success
33 if (!status)
34 {
35 dwParentPID = pbi.InheritedFromUniqueProcessId;
36 HANDLE hParentProcess = NULL;
37 hParentProcess = OpenProcess(PROCESS_QUERY_INFORMATION|PROCESS_VM_READ, NULL, dwParentPID);
38 if (hParentProcess)
39 {
40 TCHAR szTemp[MAX_PATH] = {0};
41 TCHAR szProcessName[MAX_PATH] = {0};
42 DWORD dwErr = ::GetModuleFileNameEx(hParentProcess,NULL,szTemp,MAX_PATH);
43 ::GetLongPathName(szTemp, szProcessName, MAX_PATH);
44 if (dwErr)
45 Log4cxx(LOG4CXX__INFO, MODULENAME , _T("Caller=%s, ParentProcessID=%d"), szProcessName, dwParentPID);
46 else
47 Log4cxx(LOG4CXX__INFO, MODULENAME , _T("Caller=%s, ParentProcessID=%d, LastError=%d"), szProcessName, dwParentPID, dwErr);
48 }
49 CloseHandle (hParentProcess);
50 }
51
52 CloseHandle (hProcess);
53
54 return dwParentPID;
55 }
结果
Caller=C:\Program Files (x86)\Wind\Wind.NET.Client\WindNET\bin\wmain.exe, ParentProcessID=6012
时间: 2024-11-21 04:45:43