a
This commit is contained in:
@@ -0,0 +1,169 @@
|
||||
// GetProcessInfo.cpp: implementation of the CGetProcessInfo class.
|
||||
//
|
||||
//////////////////////////////////////////////////////////////////////
|
||||
|
||||
#include "geomative.h"
|
||||
#include "GetProcessInfo.h"
|
||||
#include <tlhelp32.h>
|
||||
#ifdef _DEBUG
|
||||
#undef THIS_FILE
|
||||
static char THIS_FILE[]=__FILE__;
|
||||
#define new DEBUG_NEW
|
||||
#endif
|
||||
|
||||
#ifndef PSAPI_VERSION
|
||||
#define PSAPI_VERSION 1
|
||||
#endif
|
||||
|
||||
#include <Psapi.h>
|
||||
#pragma comment (lib,"Psapi.lib")
|
||||
|
||||
#define ProcessBasicInformation 0
|
||||
|
||||
//////////////////////////////////////////////////////////////////////
|
||||
// Construction/Destruction
|
||||
//////////////////////////////////////////////////////////////////////
|
||||
|
||||
CGetProcessInfo* CGetProcessInfo::m_pGetProcessInfo = NULL;
|
||||
|
||||
CGetProcessInfo::CGetProcessInfo()
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
CGetProcessInfo::~CGetProcessInfo()
|
||||
{
|
||||
if (m_pGetProcessInfo)
|
||||
{
|
||||
delete m_pGetProcessInfo;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
CGetProcessInfo* CGetProcessInfo::CreateInstance()
|
||||
{
|
||||
if (NULL == m_pGetProcessInfo)
|
||||
{
|
||||
m_pGetProcessInfo = new CGetProcessInfo();
|
||||
}
|
||||
return m_pGetProcessInfo;
|
||||
}
|
||||
|
||||
DWORD CGetProcessInfo :: GetProcessIdFromName(CString strProcessName, DWORD &dwParentProcessId)
|
||||
{
|
||||
DWORD dwProcessID =0;
|
||||
|
||||
//进行一个进程快照
|
||||
HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
|
||||
if (hProcessSnap == INVALID_HANDLE_VALUE)
|
||||
{
|
||||
OutputDebugString(_T("进程快照失败!"));
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
PROCESSENTRY32 pe;
|
||||
pe.dwSize = sizeof(pe);
|
||||
BOOL bProcess = Process32First(hProcessSnap,&pe);
|
||||
while (bProcess)
|
||||
{
|
||||
if (strProcessName.CompareNoCase(pe.szExeFile) == 0)
|
||||
{
|
||||
dwProcessID = pe.th32ProcessID;
|
||||
dwParentProcessId = pe.th32ParentProcessID; //pe结构中包含有父进程的ID
|
||||
}
|
||||
bProcess = Process32Next(hProcessSnap,&pe);
|
||||
}
|
||||
|
||||
CloseHandle(hProcessSnap);
|
||||
|
||||
return dwProcessID;
|
||||
}
|
||||
|
||||
DWORD CGetProcessInfo :: GetParentProcessId(DWORD dwChildProcessId)
|
||||
{
|
||||
//NtQueryInformationProcess函数的使用需要加载进ntdll.dll
|
||||
PROCNTQSIP NtQueryInformationProcess = (PROCNTQSIP)GetProcAddress(GetModuleHandle(_T("ntdll.dll")), "NtQueryInformationProcess");
|
||||
|
||||
if(!NtQueryInformationProcess)
|
||||
{
|
||||
OutputDebugString(_T("ntdll.dll中检索NtQueryInformationProcess失败!"));
|
||||
}
|
||||
|
||||
DWORD dwParentProcessId = 0;
|
||||
LONG status;
|
||||
PROCESS_BASIC_INFORMATION pbi;
|
||||
|
||||
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,dwChildProcessId);
|
||||
if (!hProcess)
|
||||
{
|
||||
OutputDebugString(_T("OpenProcess Error!"));
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
status = NtQueryInformationProcess( hProcess, ProcessBasicInformation, (PVOID)&pbi, sizeof(PROCESS_BASIC_INFORMATION), NULL);
|
||||
|
||||
if (!status)
|
||||
{
|
||||
dwParentProcessId = (DWORD)pbi.InheritedFromUniqueProcessId;
|
||||
CString strParentID;
|
||||
strParentID.Format(_T("%d"), dwParentProcessId);
|
||||
OutputDebugString(_T("ParentProcessID:")+strParentID);
|
||||
}
|
||||
|
||||
return dwParentProcessId;
|
||||
}
|
||||
|
||||
CString CGetProcessInfo :: GetProcessNameFromId(DWORD dwProcessId)
|
||||
{
|
||||
CString strProcessName;
|
||||
HANDLE hProcess = OpenProcess( PROCESS_QUERY_INFORMATION|PROCESS_VM_READ, FALSE, dwProcessId);
|
||||
if (NULL != hProcess )
|
||||
{
|
||||
|
||||
HMODULE hMod;
|
||||
DWORD cbNeeded;
|
||||
if ( EnumProcessModules( hProcess, &hMod, sizeof(hMod), &cbNeeded) )
|
||||
{
|
||||
GetModuleBaseName( hProcess, hMod, strProcessName.GetBuffer(MAX_PATH), MAX_PATH);
|
||||
strProcessName.ReleaseBuffer();
|
||||
}
|
||||
}
|
||||
return strProcessName;
|
||||
}
|
||||
|
||||
|
||||
DWORD CGetProcessInfo :: GetSpcialProcessIdFromName(CString strProcessName, DWORD dwParentProcessId)
|
||||
{
|
||||
DWORD dwProcessID =0;
|
||||
|
||||
//进行一个进程快照
|
||||
HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
|
||||
if (hProcessSnap == INVALID_HANDLE_VALUE)
|
||||
{
|
||||
OutputDebugString(_T("进程快照失败!"));
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
PROCESSENTRY32 pe;
|
||||
pe.dwSize = sizeof(pe);
|
||||
BOOL bProcess = Process32First(hProcessSnap,&pe);
|
||||
CString strInfo = _T("");
|
||||
while (bProcess)
|
||||
{
|
||||
if (strProcessName.CompareNoCase(pe.szExeFile) == 0)
|
||||
{
|
||||
if (dwParentProcessId == pe.th32ParentProcessID)
|
||||
{
|
||||
dwProcessID = pe.th32ProcessID;
|
||||
break;
|
||||
}
|
||||
}
|
||||
bProcess = Process32Next(hProcessSnap,&pe);
|
||||
}
|
||||
|
||||
CloseHandle(hProcessSnap);
|
||||
|
||||
return dwProcessID;
|
||||
}
|
||||
Reference in New Issue
Block a user