直接把代码放上。
#include "stdafx.h"
#include <windows.h>
#include <tlhelp32.h>
#include <tchar.h>
DWORD get_parent_processid(DWORD pid)//获取指定进程的父进程ID
{
DWORD ParentProcessID=-1;
PROCESSENTRY32 pe;
HANDLE hkz;
HMODULE hModule = LoadLibrary(_T("Kernel32.dll"));
if (hModule == NULL)
{
OutputDebugString(_T("Load dll error"));
return -1;
}
FARPROC Address = GetProcAddress(hModule, "CreateToolhelp32Snapshot");
if (Address == NULL)
{
OutputDebugString(_T("Get Proc error"));
return -1;
}
_asm
{
push 0
push 2
call Address
mov hkz,eax
}
pe.dwSize=sizeof(PROCESSENTRY32);
if (Process32First(hkz,&pe))
{
do
{
if (pe.th32ProcessID==pid)//进程ID找到
{
ParentProcessID=pe.th32ParentProcessID;
break;
}
}
while(Process32Next(hkz,&pe));
}
return ParentProcessID;
}
DWORD get_explorer_processid()
{
DWORD explorer_id=-1;
PROCESSENTRY32 pe;
HANDLE hkz;
HMODULE hModule = LoadLibrary(_T("Kernel32.dll"));
if (hModule == NULL)
{
OutputDebugString(_T("Load dll error"));
return -1;
}
FARPROC Address = GetProcAddress(hModule, "CreateToolhelp32Snapshot");
if (Address == NULL)
{
OutputDebugString(_T("Get Proc error"));
return -1;
}
_asm
{
push 0
push 2
call Address
mov hkz,eax
}
pe.dwSize=sizeof(PROCESSENTRY32);
if (Process32First(hkz,&pe))
{
do
{
if (_stricmp(pe.szExeFile,"explorer.exe")==0)
{
explorer_id=pe.th32ProcessID;
break;
}
}
while(Process32Next(hkz,&pe));
}
return explorer_id;
}
int main(int argc, char* argv[])
{
DWORD explorer_id=get_explorer_processid();
DWORD parent_id=get_parent_processid(GetCurrentProcessId());
if (explorer_id==parent_id)
{
printf("the parent process is explorer\n");
}else{
printf("the parent process not explorer\n");
}
getchar(0);
return 0;
}
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
