功能描述:首先获得当前运行进程的PID,然后获取其父进程PID,再层层递归获取上一级父进程PID。
#include <windows.h>
#include <stdio.h>
typedef enum enumSYSTEM_INFORMATION_CLASS
{
SystemBasicInformation,
SystemProcessorInformation,
SystemPerformanceInformation,
SystemTimeOfDayInformation,
}SYSTEM_INFORMATION_CLASS;
typedef struct tagPROCESS_BASIC_INFORMATION
{
DWORD ExitStatus;
DWORD PebBaseAddress;
DWORD AffinityMask;
DWORD BasePriority;
ULONG UniqueProcessId;
ULONG InheritedFromUniqueProcessId;
}PROCESS_BASIC_INFORMATION;
typedef LONG (WINAPI *PNTQUERYINFORMATIONPROCESS)(HANDLE,UINT,PVOID,ULONG,PULONG);
PNTQUERYINFORMATIONPROCESS NtQueryInformationProcess = NULL;
int GetParentProcessID(DWORD dwId)
{
LONG status;
DWORD dwParentPID = 0;
HANDLE hProcess;
PROCESS_BASIC_INFORMATION pbi;
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,dwId);
if(!hProcess)
{
return -1;
}
status = NtQueryInformationProcess(hProcess,SystemBasicInformation,(PVOID)&pbi,sizeof(PROCESS_BASIC_INFORMATION),NULL);
if(!status)
{
dwParentPID = pbi.InheritedFromUniqueProcessId;
}
CloseHandle(hProcess);
return dwParentPID;
}
void main(int argc, char* argv[])
{
NtQueryInformationProcess = (PNTQUERYINFORMATIONPROCESS)GetProcAddress(GetModuleHandle("ntdll"),"NtQueryInformationProcess");
if (!NtQueryInformationProcess)
{
return;
}
int nID = GetCurrentProcessId();
int nTemp = 0;
nTemp = GetParentProcessID(nID);
if(nTemp == -1)
{
printf("获取失败!\n");
return;
}
printf("当前进程[%lu]的父进程为PID为:%lu\n",nID,nTemp);
while (true)
{
nID = GetParentProcessID(nTemp);
if(nID == -1)
{
break;
}
printf("再上一级父进程PID为:%lu\n",nID);
nTemp = nID;
}
getchar();
}