This commit is contained in:
coco
2026-07-03 16:05:30 +08:00
commit df489d5640
1101 changed files with 779140 additions and 0 deletions
@@ -0,0 +1,169 @@
// GetProcessInfo.cpp: implementation of the CGetProcessInfo class.
//
//////////////////////////////////////////////////////////////////////
#include "geomative.h"
#include "GetProcessInfo.h"
#include <tlhelp32.h>
#ifdef _DEBUG
#undef THIS_FILE
static char THIS_FILE[]=__FILE__;
#define new DEBUG_NEW
#endif
#ifndef PSAPI_VERSION
#define PSAPI_VERSION 1
#endif
#include <Psapi.h>
#pragma comment (lib,"Psapi.lib")
#define ProcessBasicInformation 0
//////////////////////////////////////////////////////////////////////
// Construction/Destruction
//////////////////////////////////////////////////////////////////////
CGetProcessInfo* CGetProcessInfo::m_pGetProcessInfo = NULL;
CGetProcessInfo::CGetProcessInfo()
{
}
CGetProcessInfo::~CGetProcessInfo()
{
if (m_pGetProcessInfo)
{
delete m_pGetProcessInfo;
}
}
CGetProcessInfo* CGetProcessInfo::CreateInstance()
{
if (NULL == m_pGetProcessInfo)
{
m_pGetProcessInfo = new CGetProcessInfo();
}
return m_pGetProcessInfo;
}
DWORD CGetProcessInfo :: GetProcessIdFromName(CString strProcessName, DWORD &dwParentProcessId)
{
DWORD dwProcessID =0;
//进行一个进程快照
HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
if (hProcessSnap == INVALID_HANDLE_VALUE)
{
OutputDebugString(_T("进程快照失败!"));
return FALSE;
}
PROCESSENTRY32 pe;
pe.dwSize = sizeof(pe);
BOOL bProcess = Process32First(hProcessSnap,&pe);
while (bProcess)
{
if (strProcessName.CompareNoCase(pe.szExeFile) == 0)
{
dwProcessID = pe.th32ProcessID;
dwParentProcessId = pe.th32ParentProcessID; //pe结构中包含有父进程的ID
}
bProcess = Process32Next(hProcessSnap,&pe);
}
CloseHandle(hProcessSnap);
return dwProcessID;
}
DWORD CGetProcessInfo :: GetParentProcessId(DWORD dwChildProcessId)
{
//NtQueryInformationProcess函数的使用需要加载进ntdll.dll
PROCNTQSIP NtQueryInformationProcess = (PROCNTQSIP)GetProcAddress(GetModuleHandle(_T("ntdll.dll")), "NtQueryInformationProcess");
if(!NtQueryInformationProcess)
{
OutputDebugString(_T("ntdll.dll中检索NtQueryInformationProcess失败!"));
}
DWORD dwParentProcessId = 0;
LONG status;
PROCESS_BASIC_INFORMATION pbi;
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,dwChildProcessId);
if (!hProcess)
{
OutputDebugString(_T("OpenProcess Error"));
return FALSE;
}
status = NtQueryInformationProcess( hProcess, ProcessBasicInformation, (PVOID)&pbi, sizeof(PROCESS_BASIC_INFORMATION), NULL);
if (!status)
{
dwParentProcessId = (DWORD)pbi.InheritedFromUniqueProcessId;
CString strParentID;
strParentID.Format(_T("%d"), dwParentProcessId);
OutputDebugString(_T("ParentProcessID:")+strParentID);
}
return dwParentProcessId;
}
CString CGetProcessInfo :: GetProcessNameFromId(DWORD dwProcessId)
{
CString strProcessName;
HANDLE hProcess = OpenProcess( PROCESS_QUERY_INFORMATION|PROCESS_VM_READ, FALSE, dwProcessId);
if (NULL != hProcess )
{
HMODULE hMod;
DWORD cbNeeded;
if ( EnumProcessModules( hProcess, &hMod, sizeof(hMod), &cbNeeded) )
{
GetModuleBaseName( hProcess, hMod, strProcessName.GetBuffer(MAX_PATH), MAX_PATH);
strProcessName.ReleaseBuffer();
}
}
return strProcessName;
}
DWORD CGetProcessInfo :: GetSpcialProcessIdFromName(CString strProcessName, DWORD dwParentProcessId)
{
DWORD dwProcessID =0;
//进行一个进程快照
HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
if (hProcessSnap == INVALID_HANDLE_VALUE)
{
OutputDebugString(_T("进程快照失败!"));
return FALSE;
}
PROCESSENTRY32 pe;
pe.dwSize = sizeof(pe);
BOOL bProcess = Process32First(hProcessSnap,&pe);
CString strInfo = _T("");
while (bProcess)
{
if (strProcessName.CompareNoCase(pe.szExeFile) == 0)
{
if (dwParentProcessId == pe.th32ParentProcessID)
{
dwProcessID = pe.th32ProcessID;
break;
}
}
bProcess = Process32Next(hProcessSnap,&pe);
}
CloseHandle(hProcessSnap);
return dwProcessID;
}