Loading

获取进程及父进程的两种方式

#include <windows.h>
#include <TlHelp32.h>
#include <stdio.h>
#include <wtypes.h>
#include <iostream>

#define ProcessBasicInformation 0  

typedef struct
{
	DWORD ExitStatus;
	DWORD PebBaseAddress;
	DWORD AffinityMask;
	DWORD BasePriority;
	ULONG UniqueProcessId;
	ULONG InheritedFromUniqueProcessId;
}   PROCESS_BASIC_INFORMATION;


// ntdll!NtQueryInformationProcess (NT specific!)  
//  
// The function copies the process information of the  
// specified type into a buffer  
//  
// NTSYSAPI  
// NTSTATUS  
// NTAPI  
// NtQueryInformationProcess(  
//    IN HANDLE ProcessHandle,              // handle to process  
//    IN PROCESSINFOCLASS InformationClass, // information type  
//    OUT PVOID ProcessInformation,         // pointer to buffer  
//    IN ULONG ProcessInformationLength,    // buffer size in bytes  
//    OUT PULONG ReturnLength OPTIONAL      // pointer to a 32-bit  
//                                          // variable that receives  
//                                          // the number of bytes  
//                                          // written to the buffer   
// ); 
typedef LONG(__stdcall *PROCNTQSIP)(HANDLE, UINT, PVOID, ULONG, PULONG);


DWORD GetParentProcessIDBYID(DWORD dwProcessId)
{
	LONG                        status;
	DWORD                       dwParentPID = (DWORD)-1;
	HANDLE                      hProcess;
	PROCESS_BASIC_INFORMATION   pbi;

	PROCNTQSIP NtQueryInformationProcess = (PROCNTQSIP)GetProcAddress(
		GetModuleHandle(L"ntdll"), "NtQueryInformationProcess");

	if (NULL == NtQueryInformationProcess)
	{
		return (DWORD)-1;
	}
	// Get process handle
	hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, dwProcessId);
	if (!hProcess)
	{
		return (DWORD)-1;
	}

	// Retrieve information
	status = NtQueryInformationProcess(hProcess,
		ProcessBasicInformation,
		(PVOID)&pbi,
		sizeof(PROCESS_BASIC_INFORMATION),
		NULL
		);

	// Copy parent Id on success
	if (!status)
	{
		dwParentPID = pbi.InheritedFromUniqueProcessId;
	}

	CloseHandle(hProcess);

	return dwParentPID;

}






int GetProcessID(WCHAR* ProcessName)
{

	HANDLE PHANDLE = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
	if (PHANDLE == INVALID_HANDLE_VALUE)
	{
		printf_s("创建进行快照失败\n");
		return -1;
	}

	PROCESSENTRY32 pe32;
	pe32.dwSize = sizeof(pe32);
	pe32.dwFlags = sizeof(pe32);
	BOOL hProcess = Process32First(PHANDLE, &pe32);

	while (hProcess)
	{
		//std::wcout << pe32.szExeFile << "\r\n";
		//std::wcout << pe32.th32ParentProcessID << "\r\n";

		if (!wcscmp(pe32.szExeFile, ProcessName))
		{
			return pe32.th32ProcessID;
		}

		hProcess = Process32Next(PHANDLE, &pe32);
	}

	return 0; // operation failed (process was not found)
}

int GetParentProcessID(WCHAR* ProcessName)
{

	HANDLE PHANDLE = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
	if (PHANDLE == INVALID_HANDLE_VALUE)
	{
		printf_s("创建进行快照失败\n");
		return -1;
	}

	PROCESSENTRY32 pe32;
	pe32.dwSize = sizeof(pe32);
	pe32.dwFlags = sizeof(pe32);
	BOOL hProcess = Process32First(PHANDLE, &pe32);

	while (hProcess)
	{
		//std::wcout << pe32.szExeFile << "\r\n";
		//std::wcout << pe32.th32ParentProcessID << "\r\n";

		if (!wcscmp(pe32.szExeFile, ProcessName))
		{
			return pe32.th32ParentProcessID;
		}

		hProcess = Process32Next(PHANDLE, &pe32);
	}

	return 0; // operation failed (process was not found)
}



void C2W(const char* szSrc, WCHAR* wszDst, int nMaxLen)

{

	int vMinLen = MultiByteToWideChar(CP_ACP, 0, szSrc, -1, NULL, 0);

	if (vMinLen > nMaxLen)

	{

		MessageBoxA(NULL, szSrc, "转换成UNICODE字串失败", MB_ICONWARNING);

		return;

	}

	MultiByteToWideChar(CP_ACP, 0, szSrc, -1, wszDst, vMinLen);

}

void main()
{
	
	char proc[64];
	WCHAR buf[64];
	scanf_s("%s", &proc, 63);
	
	//printf("进程:%s\n", proc);

	C2W(proc, buf, sizeof(buf));

	int pid = GetProcessID(buf);
	printf("进程ID:%d\n", pid);

	int ppid = GetParentProcessID(buf);
	printf("父进程ID:%d\n", ppid);

	int ppid2 = GetParentProcessIDBYID(pid);
	printf("父进程ID2:%d\n", ppid2);
	//printf("%d", Attach(buf));
	system("pause\n");
}



posted @ 2017-09-01 15:36  纯白、色  阅读(4697)  评论(0编辑  收藏  举报