Files
coco df489d5640 a
2026-07-03 16:05:30 +08:00

169 lines
4.4 KiB
C++
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
// GetProcessInfo.cpp: implementation of the CGetProcessInfo class.
//
//////////////////////////////////////////////////////////////////////
#include "geomative.h"
#include "GetProcessInfo.h"
#include <tlhelp32.h>
#ifdef _DEBUG
#undef THIS_FILE
static char THIS_FILE[]=__FILE__;
#define new DEBUG_NEW
#endif
#ifndef PSAPI_VERSION
#define PSAPI_VERSION 1
#endif
#include <Psapi.h>
#pragma comment (lib,"Psapi.lib")
#define ProcessBasicInformation 0
//////////////////////////////////////////////////////////////////////
// Construction/Destruction
//////////////////////////////////////////////////////////////////////
CGetProcessInfo* CGetProcessInfo::m_pGetProcessInfo = NULL;
CGetProcessInfo::CGetProcessInfo()
{
}
CGetProcessInfo::~CGetProcessInfo()
{
if (m_pGetProcessInfo)
{
delete m_pGetProcessInfo;
}
}
CGetProcessInfo* CGetProcessInfo::CreateInstance()
{
if (NULL == m_pGetProcessInfo)
{
m_pGetProcessInfo = new CGetProcessInfo();
}
return m_pGetProcessInfo;
}
DWORD CGetProcessInfo :: GetProcessIdFromName(CString strProcessName, DWORD &dwParentProcessId)
{
DWORD dwProcessID =0;
//进行一个进程快照
HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
if (hProcessSnap == INVALID_HANDLE_VALUE)
{
OutputDebugString(_T("进程快照失败!"));
return FALSE;
}
PROCESSENTRY32 pe;
pe.dwSize = sizeof(pe);
BOOL bProcess = Process32First(hProcessSnap,&pe);
while (bProcess)
{
if (strProcessName.CompareNoCase(pe.szExeFile) == 0)
{
dwProcessID = pe.th32ProcessID;
dwParentProcessId = pe.th32ParentProcessID; //pe结构中包含有父进程的ID
}
bProcess = Process32Next(hProcessSnap,&pe);
}
CloseHandle(hProcessSnap);
return dwProcessID;
}
DWORD CGetProcessInfo :: GetParentProcessId(DWORD dwChildProcessId)
{
//NtQueryInformationProcess函数的使用需要加载进ntdll.dll
PROCNTQSIP NtQueryInformationProcess = (PROCNTQSIP)GetProcAddress(GetModuleHandle(_T("ntdll.dll")), "NtQueryInformationProcess");
if(!NtQueryInformationProcess)
{
OutputDebugString(_T("ntdll.dll中检索NtQueryInformationProcess失败!"));
}
DWORD dwParentProcessId = 0;
LONG status;
PROCESS_BASIC_INFORMATION pbi;
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,dwChildProcessId);
if (!hProcess)
{
OutputDebugString(_T("OpenProcess Error"));
return FALSE;
}
status = NtQueryInformationProcess( hProcess, ProcessBasicInformation, (PVOID)&pbi, sizeof(PROCESS_BASIC_INFORMATION), NULL);
if (!status)
{
dwParentProcessId = (DWORD)pbi.InheritedFromUniqueProcessId;
CString strParentID;
strParentID.Format(_T("%d"), dwParentProcessId);
OutputDebugString(_T("ParentProcessID:")+strParentID);
}
return dwParentProcessId;
}
CString CGetProcessInfo :: GetProcessNameFromId(DWORD dwProcessId)
{
CString strProcessName;
HANDLE hProcess = OpenProcess( PROCESS_QUERY_INFORMATION|PROCESS_VM_READ, FALSE, dwProcessId);
if (NULL != hProcess )
{
HMODULE hMod;
DWORD cbNeeded;
if ( EnumProcessModules( hProcess, &hMod, sizeof(hMod), &cbNeeded) )
{
GetModuleBaseName( hProcess, hMod, strProcessName.GetBuffer(MAX_PATH), MAX_PATH);
strProcessName.ReleaseBuffer();
}
}
return strProcessName;
}
DWORD CGetProcessInfo :: GetSpcialProcessIdFromName(CString strProcessName, DWORD dwParentProcessId)
{
DWORD dwProcessID =0;
//进行一个进程快照
HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
if (hProcessSnap == INVALID_HANDLE_VALUE)
{
OutputDebugString(_T("进程快照失败!"));
return FALSE;
}
PROCESSENTRY32 pe;
pe.dwSize = sizeof(pe);
BOOL bProcess = Process32First(hProcessSnap,&pe);
CString strInfo = _T("");
while (bProcess)
{
if (strProcessName.CompareNoCase(pe.szExeFile) == 0)
{
if (dwParentProcessId == pe.th32ParentProcessID)
{
dwProcessID = pe.th32ProcessID;
break;
}
}
bProcess = Process32Next(hProcessSnap,&pe);
}
CloseHandle(hProcessSnap);
return dwProcessID;
}