获取父进程的名称与信息-优快云博客

（转）获取父进程的名称

    本文来源于：
   http://hi.baidu.com/lbird/item/8aedf60794c11c6cd45a1101
  

    
    #include 
    "
    winternl.h
    "
    
    #define NT_SUCCESS(Status) ((NTSTATUS)(Status) >= 0)
    
 NTSTATUS
    
 NtQueryInformationProcess (
    
     IN HANDLE ProcessHandle,
    
     IN PROCESSINFOCLASS ProcessInformationClass,
    
     OUT PVOID ProcessInformation,
    
     IN ULONG ProcessInformationLength,
    
     OUT PULONG ReturnLength OPTIONAL
    
     )
    
 {
    
 NTSTATUS rc = -
    1;
    
 HMODULE hInst = LoadLibrary( _T(
    "
    ntdll.dll
    ") ) ;
    
    if (hInst)
    
 {
    
 typedef NTSTATUS (WINAPI *NTQUERYINFORMATIONPROCESS)(HANDLE, PROCESSINFOCLASS,PVOID,ULONG,PULONG) ;
    
 NTQUERYINFORMATIONPROCESS pfn = (NTQUERYINFORMATIONPROCESS) GetProcAddress( hInst, 
    "
    NtQueryInformationProcess
    " ) ;
    
    if (pfn)
    
 rc = pfn (ProcessHandle, ProcessInformationClass, ProcessInformation, ProcessInformationLength, ReturnLength) ;
    
 FreeLibrary(hInst) ;
    
 }
    
    return rc ;
    
 }
    
 HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, GetCurrentProcessId()) ;
    
    if (hProcess)
    
 {
    
 DWORD dwParentPID;
    
 LONG status;
    
 PROCESS_BASIC_INFORMATION pbi;
    
 status = NtQueryInformationProcess( hProcess,
    
 ProcessBasicInformation,
    
 (PVOID)&pbi,
    
    sizeof(PROCESS_BASIC_INFORMATION),
    
 NULL );
    
    if (NT_SUCCESS(status))
    
 {
    
 dwParentPID = (UINT) pbi.Reserved3 ;
    
 HANDLE hParentProcess = OpenProcess( PROCESS_QUERY_INFORMATION, FALSE, dwParentPID ) ;
    
    if (hParentProcess)
    
 {
    
 CHAR szBuf [
    512] ;
    
 memset(szBuf, 
    0, 
    sizeof(szBuf)) ;
    
 status = NtQueryInformationProcess( hParentProcess, 
    
 (PROCESSINFOCLASS) 
    27,
    
 (PVOID)szBuf,
    
    sizeof(szBuf),
    
 NULL) ;
    
    if (NT_SUCCESS(status))
    
 {
    
 PUNICODE_STRING lpuImageFileName = (PUNICODE_STRING)szBuf ;
    
 MessageBoxW(
    0, lpuImageFileName->Buffer, 
    0, 
    0) ;
    
 }
    
 CloseHandle(hParentProcess) ;
    
 }
    
 }
    
 CloseHandle(hProcess) ;
    
 }

分类: Win32 编程

好文要顶关注我收藏该文

牛B的小芹
关注 - 2
粉丝 - 0

+加关注

(请您对文章做出评价)

« 上一篇：（转）使用Win32API函数保护你的文件
» 下一篇： (转)终止进程的多种方法

#include "winternl.h"

//#define NT_SUCCESS(Status) ((NTSTATUS)(Status) >= 0) 
/*
NTSTATUS
NtQueryInformationProcess (
    IN HANDLE ProcessHandle,
    IN PROCESSINFOCLASS ProcessInformationClass,
    OUT PVOID ProcessInformation,
    IN ULONG ProcessInformationLength,
    OUT PULONG ReturnLength OPTIONAL
    )
*/
__kernel_entry NTSTATUS
NTAPI 
NtQueryInformationProcess (
    IN HANDLE ProcessHandle,
    IN PROCESSINFOCLASS ProcessInformationClass,
    OUT PVOID ProcessInformation,
    IN ULONG ProcessInformationLength,
    OUT PULONG ReturnLength OPTIONAL
    )
{
	NTSTATUS rc = -1;
	HMODULE hInst = LoadLibrary( _T("ntdll.dll") ) ;
	if (hInst)
	{
		typedef NTSTATUS (WINAPI *NTQUERYINFORMATIONPROCESS)(HANDLE, PROCESSINFOCLASS,PVOID,ULONG,PULONG) ;
		NTQUERYINFORMATIONPROCESS pfn = (NTQUERYINFORMATIONPROCESS) GetProcAddress( hInst, "NtQueryInformationProcess" ) ;
		if (pfn)
			rc = pfn (ProcessHandle, ProcessInformationClass, ProcessInformation, ProcessInformationLength, ReturnLength) ;
		FreeLibrary(hInst) ;
	}
	return rc ;

}
//*/

 
void GetParentName()
{
	HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, GetCurrentProcessId()) ;
	if (hProcess)
	{
		DWORD dwParentPID;
		LONG status;
		PROCESS_BASIC_INFORMATION pbi;
		status = NtQueryInformationProcess( hProcess,
		ProcessBasicInformation,
		(PVOID)&pbi,
		sizeof(PROCESS_BASIC_INFORMATION),
		NULL );

		if (NT_SUCCESS(status))
		{
			dwParentPID = (UINT) pbi.Reserved3 ;

			HANDLE hParentProcess = OpenProcess( PROCESS_QUERY_INFORMATION, FALSE, dwParentPID ) ;
			if (hParentProcess)
			{
				CHAR szBuf [512] ;
				memset(szBuf, 0, sizeof(szBuf)) ;
				status = NtQueryInformationProcess( hParentProcess, 
				(PROCESSINFOCLASS) 27,
				(PVOID)szBuf,
				sizeof(szBuf),
				NULL) ;  

				if (NT_SUCCESS(status))
				{
				PUNICODE_STRING lpuImageFileName = (PUNICODE_STRING)szBuf ;
				MessageBoxW(0, lpuImageFileName->Buffer, 0, 0) ;
				}
				CloseHandle(hParentProcess) ;
			}
		}
		CloseHandle(hProcess) ;

	}
}


void CparentToTxtDlg::OnBnClickedBtnGetParent()
{
	// TODO: 在此添加控件通知处理程序代码
	GetParentName();
}


#include <iostream> 
#include <fstream> 
#include <string> 
using namespace std;
void AppendTxtToFile(char* filePath,char* txt)
{
	ofstream ofresult( filePath,ios::app); 
	//cout<<"这个在写文件"<<endl;
	//ofresult<<"123"<<"你是好孩子"<<endl;
	//cout<<"第二次写文件"<<endl;
	//ofresult<<"第二次写文件"<<endl;
	ofresult<<txt<<endl;
	ofresult.close();
}

void AppendTxtToFile(char* filePath,LPCWSTR txt)
{
	ofstream ofresult( filePath,ios::app); 

	//从宽字符串转换窄字符串  
//wchar_t sBuf[25]={0};  
//wcscpy(sBuf, L"我最棒");  
  
//获取转换所需的目标缓存大小  
//DWORD dBufSize=WideCharToMultiByte(CP_OEMCP, 0, sBuf, -1, NULL,0,NULL, FALSE);  
	DWORD dBufSize=WideCharToMultiByte(CP_OEMCP, 0,txt, -1, NULL,0,NULL, FALSE); 
  
//分配目标缓存  
char *dBuf = new char[dBufSize];  
memset(dBuf, 0, dBufSize);  
  
//转换  
int nRet=WideCharToMultiByte(CP_OEMCP, 0,txt, -1, dBuf, dBufSize, NULL, FALSE);  
  
if(nRet<=0)  
{  
    //printf("转换失败\n");  
}  
else  
{  
    //printf("转换成功\nAfter Convert: %s\n", dBuf);  
	ofresult<<dBuf<<endl;
}  
delete []dBuf; 
ofresult.close();
	
}

#include <iostream> 
#include <fstream>
#include <iomanip>
#include <windows.h>
using namespace std;

int UnicodeEndian()
{
WCHAR ch = 0x4e00;
  
ofstream outFile("test.txt", 
                         ios::out | ios::app | ios::binary);

WORD uniFlag = 0xFEFF;

outFile.write((char *) &uniFlag, sizeof(uniFlag));

outFile.write((char *) &ch, sizeof(ch));
if(*(char *) &ch==0x4e)
{
	MessageBox(0,_T("4e"),_T("4e"),MB_OK);
}
else if(*(char *) &ch==0x00)
{
	MessageBox(0,_T("00"),_T("00"),MB_OK);
}

outFile.close();

return 0;
} 

void CparentToTxtDlg::OnBnClickedBtnAppendTxt()
{
	// TODO: 在此添加控件通知处理程序代码
	void AppendTxtToFile(char* filePath,char* txt);
	char* filePath="result.txt";
	//ofstream ofresult( filePath,ios::app); 
	//cout<<"这个在写文件"<<endl;
	//ofresult<<"123"<<"你是好孩子"<<endl;
	AppendTxtToFile(filePath,"123 你是好孩子");
	//cout<<"第二次写文件"<<endl;
	//ofresult<<"第二次写文件"<<endl;
	AppendTxtToFile(filePath,"第二次写文件");

}

void GetParentNameAppendToTxt(char* filePath)
{
	HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, GetCurrentProcessId()) ;
	if (hProcess)
	{
		DWORD dwParentPID;
		LONG status;
		PROCESS_BASIC_INFORMATION pbi;
		status = NtQueryInformationProcess( hProcess,
		ProcessBasicInformation,
		(PVOID)&pbi,
		sizeof(PROCESS_BASIC_INFORMATION),
		NULL );

		if (NT_SUCCESS(status))
		{
			dwParentPID = (UINT) pbi.Reserved3 ;
			char tmpBuff[20];
			memset(tmpBuff,0,20);
			sprintf(tmpBuff,"PID:%ld->",dwParentPID);
			AppendTxtToFile(filePath, tmpBuff);
			HANDLE hParentProcess = OpenProcess( PROCESS_QUERY_INFORMATION, FALSE, dwParentPID ) ;
			if (hParentProcess)
			{
				CHAR szBuf [512] ;
				memset(szBuf, 0, sizeof(szBuf)) ;
				status = NtQueryInformationProcess( hParentProcess, 
				(PROCESSINFOCLASS) 27,
				(PVOID)szBuf,
				sizeof(szBuf),
				NULL) ;  

				if (NT_SUCCESS(status))
				{
				PUNICODE_STRING lpuImageFileName = (PUNICODE_STRING)szBuf ;
				//MessageBoxW(0, lpuImageFileName->Buffer, 0, 0) ;
				AppendTxtToFile(filePath,lpuImageFileName->Buffer);
				}
				CloseHandle(hParentProcess) ;
			}
		}
		CloseHandle(hProcess) ;

	}
}

void CparentToTxtDlg::OnBnClickedBtnParentToTxt()
{
	// TODO: 在此添加控件通知处理程序代码
	GetParentNameAppendToTxt("parentInfo.txt");
	//UnicodeEndian();
}