// GetProcessInfo.cpp: implementation of the CGetProcessInfo class. // ////////////////////////////////////////////////////////////////////// #include "geomative.h" #include "GetProcessInfo.h" #include #ifdef _DEBUG #undef THIS_FILE static char THIS_FILE[]=__FILE__; #define new DEBUG_NEW #endif #ifndef PSAPI_VERSION #define PSAPI_VERSION 1 #endif #include #pragma comment (lib,"Psapi.lib") #define ProcessBasicInformation 0 ////////////////////////////////////////////////////////////////////// // Construction/Destruction ////////////////////////////////////////////////////////////////////// CGetProcessInfo* CGetProcessInfo::m_pGetProcessInfo = NULL; CGetProcessInfo::CGetProcessInfo() { } CGetProcessInfo::~CGetProcessInfo() { if (m_pGetProcessInfo) { delete m_pGetProcessInfo; } } CGetProcessInfo* CGetProcessInfo::CreateInstance() { if (NULL == m_pGetProcessInfo) { m_pGetProcessInfo = new CGetProcessInfo(); } return m_pGetProcessInfo; } DWORD CGetProcessInfo :: GetProcessIdFromName(CString strProcessName, DWORD &dwParentProcessId) { DWORD dwProcessID =0; //进行一个进程快照 HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0); if (hProcessSnap == INVALID_HANDLE_VALUE) { OutputDebugString(_T("进程快照失败!")); return FALSE; } PROCESSENTRY32 pe; pe.dwSize = sizeof(pe); BOOL bProcess = Process32First(hProcessSnap,&pe); while (bProcess) { if (strProcessName.CompareNoCase(pe.szExeFile) == 0) { dwProcessID = pe.th32ProcessID; dwParentProcessId = pe.th32ParentProcessID; //pe结构中包含有父进程的ID } bProcess = Process32Next(hProcessSnap,&pe); } CloseHandle(hProcessSnap); return dwProcessID; } DWORD CGetProcessInfo :: GetParentProcessId(DWORD dwChildProcessId) { //NtQueryInformationProcess函数的使用需要加载进ntdll.dll PROCNTQSIP NtQueryInformationProcess = (PROCNTQSIP)GetProcAddress(GetModuleHandle(_T("ntdll.dll")), "NtQueryInformationProcess"); if(!NtQueryInformationProcess) { OutputDebugString(_T("ntdll.dll中检索NtQueryInformationProcess失败!")); } DWORD dwParentProcessId = 0; LONG status; PROCESS_BASIC_INFORMATION pbi; HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,dwChildProcessId); if (!hProcess) { OutputDebugString(_T("OpenProcess Error!")); return FALSE; } status = NtQueryInformationProcess( hProcess, ProcessBasicInformation, (PVOID)&pbi, sizeof(PROCESS_BASIC_INFORMATION), NULL); if (!status) { dwParentProcessId = (DWORD)pbi.InheritedFromUniqueProcessId; CString strParentID; strParentID.Format(_T("%d"), dwParentProcessId); OutputDebugString(_T("ParentProcessID:")+strParentID); } return dwParentProcessId; } CString CGetProcessInfo :: GetProcessNameFromId(DWORD dwProcessId) { CString strProcessName; HANDLE hProcess = OpenProcess( PROCESS_QUERY_INFORMATION|PROCESS_VM_READ, FALSE, dwProcessId); if (NULL != hProcess ) { HMODULE hMod; DWORD cbNeeded; if ( EnumProcessModules( hProcess, &hMod, sizeof(hMod), &cbNeeded) ) { GetModuleBaseName( hProcess, hMod, strProcessName.GetBuffer(MAX_PATH), MAX_PATH); strProcessName.ReleaseBuffer(); } } return strProcessName; } DWORD CGetProcessInfo :: GetSpcialProcessIdFromName(CString strProcessName, DWORD dwParentProcessId) { DWORD dwProcessID =0; //进行一个进程快照 HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0); if (hProcessSnap == INVALID_HANDLE_VALUE) { OutputDebugString(_T("进程快照失败!")); return FALSE; } PROCESSENTRY32 pe; pe.dwSize = sizeof(pe); BOOL bProcess = Process32First(hProcessSnap,&pe); CString strInfo = _T(""); while (bProcess) { if (strProcessName.CompareNoCase(pe.szExeFile) == 0) { if (dwParentProcessId == pe.th32ParentProcessID) { dwProcessID = pe.th32ProcessID; break; } } bProcess = Process32Next(hProcessSnap,&pe); } CloseHandle(hProcessSnap); return dwProcessID; }