//
//
#include <Windows.h>
#include <winnt.h>
#include <winternl.h>
typedef NTSTATUS (__stdcall * NTQUERYINFORMATIONPROCESS)
(
HANDLE ProcessHandle,
PROCESSINFOCLASS ProcessInformationClass,
PVOID ProcessInformation,
ULONG ProcessInformationLength,
PULONG ReturnLength
);
int _tmain(int argc, _TCHAR* argv[])
{
int errCode = 0;
HMODULE hMod = GetModuleHandle(L"NTDLL.DLL");
if (hMod == NULL)
{
return 0;
}
NTQUERYINFORMATIONPROCESS ptrNtQueryInformationProcess = (NTQUERYINFORMATIONPROCESS)GetProcAddress(hMod, NtQueryInformationProcess");
if (ptrNtQueryInformationProcess == NULL)
{
return 0;
}
PROCESS_BASIC_INFORMATION processBasicInformation;
ULONG retLength = 0;
NTSTATUS status = ptrNtQueryInformationProcess(GetCurrentProcess(), ProcessBasicInformation, processBasicInformation, sizeof(processBasicInformation), retLength);
return errCode;
}
//
在 PROCESS_BASIC_INFORMATION 结构体中,Reserved3字段保存的是父进程ID,强制转换成DWORD即可。