获得调用者进程信息

 

 1 DWORD ShowParentProcessInfo()  
 2 {
 3     typedef LONG (WINAPI *PROCNTQSIP)(HANDLE,UINT,PVOID,ULONG,PULONG);  
 4     PROCNTQSIP NtQueryInformationProcess;  
 5     NtQueryInformationProcess = (PROCNTQSIP)GetProcAddress(  
 6         GetModuleHandle(_T("ntdll")),  
 7         "NtQueryInformationProcess"  
 8         );  
 9 
10     if (!NtQueryInformationProcess)  
11         return 0;  
12 
13     DWORD dwId = ::GetCurrentProcessId();
14     LONG                      status;  
15     DWORD                     dwParentPID = 0;  
16     HANDLE                    hProcess;  
17     W_PROCESS_BASIC_INFORMATION pbi;  
18 
19     // Get process handle  
20     hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, NULL, dwId);  
21     if (!hProcess)  
22         return 0;  
23 
24     // Retrieve information  
25     status = NtQueryInformationProcess( hProcess,  
26         ProcessBasicInformation,  
27         (PVOID)&pbi,  
28         sizeof(W_PROCESS_BASIC_INFORMATION),  
29         NULL  
30         );  
31 
32     // Copy parent Id on success  
33     if  (!status)  
34     {
35         dwParentPID = pbi.InheritedFromUniqueProcessId;  
36         HANDLE hParentProcess = NULL;
37         hParentProcess = OpenProcess(PROCESS_QUERY_INFORMATION|PROCESS_VM_READ, NULL, dwParentPID);  
38         if (hParentProcess)
39         {
40             TCHAR szTemp[MAX_PATH] = {0};
41             TCHAR szProcessName[MAX_PATH] = {0};
42             DWORD dwErr = ::GetModuleFileNameEx(hParentProcess,NULL,szTemp,MAX_PATH);
43             ::GetLongPathName(szTemp, szProcessName, MAX_PATH);
44             if (dwErr)
45                 Log4cxx(LOG4CXX__INFO, MODULENAME , _T("Caller=%s, ParentProcessID=%d"), szProcessName, dwParentPID);
46             else
47                 Log4cxx(LOG4CXX__INFO, MODULENAME , _T("Caller=%s, ParentProcessID=%d, LastError=%d"), szProcessName, dwParentPID, dwErr);
48         }
49         CloseHandle (hParentProcess);
50     }
51 
52     CloseHandle (hProcess);  
53 
54     return dwParentPID;  
55 }  

 

结果

Caller=C:\Program Files (x86)\Wind\Wind.NET.Client\WindNET\bin\wmain.exe, ParentProcessID=6012

 

posted @ 2015-08-07 10:57  醉游  阅读(401)  评论(0编辑  收藏  举报