源实现:
// https://learn.microsoft.com/en-us/windows/win32/api/winternl/nf-winternl-ntqueryinformationprocess
typedef struct KERNEL_PROCESS_BASIC_INFORMATION
{
NTSTATUS ExitStatus;
PPEB PebBaseAddress;
ULONG_PTR AffinityMask;
KPRIORITY BasePriority;
ULONG_PTR UniqueProcessId;
ULONG_PTR InheritedFromUniqueProcessId;
} KERNEL_PROCESS_BASIC_INFORMATION, * KERNEL_PPROCESS_BASIC_INFORMATION;
int Win32Native::GetInheritedFromUniqueProcessId(int process_id) noexcept
{
typedef NTSTATUS(WINAPI* NtQueryInformationProcess_Proc)(HANDLE, UINT, PVOID, ULONG, PULONG);
DWORD dwInheritedFromUniqueProcessId = 0;
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, process_id);
if (NULL != hProcess)
{
KERNEL_PROCESS_BASIC_INFORMATION pbi;
ZeroMemory(&pbi, sizeof(pbi));
static NtQueryInformationProcess_Proc NtQueryInformationProcess = (NtQueryInformationProcess_Proc)GetProcAddress("ntdll.dll", "NtQueryInformationProcess");
if (NULL != NtQueryInformationProcess)
{
NTSTATUS status = NtQueryInformationProcess(hProcess, 0, &pbi, sizeof(pbi), NULL);
if (status == 0)
{
dwInheritedFromUniqueProcessId = (DWORD)pbi.InheritedFromUniqueProcessId;
}
}
CloseHandle(hProcess);
}
return dwInheritedFromUniqueProcessId;
} void* Win32Native::GetProcAddress(const char* moduleName, const char* functionName) noexcept
{
if (NULL != moduleName && *moduleName == '\x0')
{
moduleName = NULL;
}
HMODULE hModule = GetModuleHandleA(moduleName);
if (NULL == hModule)
{
hModule = LoadLibraryA(moduleName);
if (NULL == hModule)
{
return NULL;
}
}
if (NULL == functionName || *functionName == '\x0')
{
return NULL;
}
return ::GetProcAddress(hModule, functionName);
}
1325
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
