码龄10年
暂无认证
34149
访问
1
等级
8
获赞
3
评论
热门文章
-
一.某岛之人物对象及其加密函数解析
2148
-
一.《传奇M》装备栏遍历的突破口
1791
-
二.某龙端游中LUA的分析和调用
1539
-
一.《轩辕传奇》周围遍历之二叉树
1386
-
一.《UE4奥丁》人物最大属性
1331
最新评论
-
20240228阿⑤
积分乍获得
-
20231124ziher
666
-
20230909八月老师
什麼時候發佈易語言支持庫呢
九 .获取指定进程PID的父进程PID
Heart
2024-06-02 10:07:12 发布
245
分类专栏: 获取指定进程PID的父进程PID 文章标签: 获取指定进程PID的父进程PID
#include <Windows.h>
#include <winnt.h>
#include <winternl.h>
typedef NTSTATUS(__stdcall * NTQUERYINFORMATIONPROCESS)
(
HANDLE ProcessHandle,
PROCESSINFOCLASS ProcessInformationClass,
PVOID ProcessInformation,
ULONG ProcessInformationLength,
PULONG ReturnLength
);
typedef struct MY_PROCESS_BASIC_INFORMATION {
NTSTATUS ExitStatus;
PVOID PebBaseAddress;
ULONG_PTR AffinityMask;
KPRIORITY BasePriority;
ULONG_PTR UniqueProcessId;
ULONG_PTR InheritedFromUniqueProcessId;
} MYPROCESS_BASIC_INFORMATION, *MYPPROCESS_BASIC_INFORMATION;
int main()
{
int errCode = 0;
HMODULE hMod = GetModuleHandle(L"NTDLL.DLL");
if (hMod == NULL)
{
return 0;
}
NTQUERYINFORMATIONPROCESS ptrNtQueryInformationProcess = (NTQUERYINFORMATIONPROCESS)GetProcAddress(hMod, "NtQueryInformationProcess");
if (ptrNtQueryInformationProcess == NULL)
{
return 0;
}
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, 25236);
MYPROCESS_BASIC_INFORMATION processBasicInformation;
ULONG retLength = 0;
NTSTATUS status = ptrNtQueryInformationProcess(hProcess, ProcessBasicInformation,&processBasicInformation, sizeof(processBasicInformation), &retLength);
int parentPid = processBasicInformation.InheritedFromUniqueProcessId;
return errCode;
}
//
Heart1
0 
0
网友评论
0条评论 0人参与
评论列表