// tt.cpp : 定义控制台应用程序的入口点。
//
#include "stdafx.h"
#include <windows.h>
#include <stdio.h>
typedef enum enumSYSTEM_INFORMATION_CLASS
{
SystemBasicInformation,
SystemProcessorInformation,
SystemPerformanceInformation,
SystemTimeOfDayInformation,
}SYSTEM_INFORMATION_CLASS;
typedef struct tagPROCESS_BASIC_INFORMATION
{
DWORD ExitStatus;
DWORD PebBaseAddress;
DWORD AffinityMask;
DWORD BasePriority;
ULONG UniqueProcessId;
ULONG InheritedFromUniqueProcessId;
}PROCESS_BASIC_INFORMATION;
typedef LONG (WINAPI *PNTQUERYINFORMATIONPROCESS)(HANDLE,UINT,PVOID,ULONG,PULONG);
PNTQUERYINFORMATIONPROCESS NtQueryInformationProcess = NULL;
#define PRINT_LINE printf("---------------------------------------------\n")
int GetParentProcessID(DWORD dwId)
{
LONG status;
DWORD dwParentPID = 0;
HANDLE hProcess;
PROCESS_BASIC_INFORMATION pbi;
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,dwId);
if(!hProcess)
return -1;
status = NtQueryInformationProcess(hProcess,SystemBasicInformation,(PVOID)&pbi,sizeof(PROCESS_BASIC_INFORMATION),NULL);
if(!status)
dwParentPID = pbi.InheritedFromUniqueProcessId;
CloseHandle (hProcess);
return dwParentPID;
}
int _tmain(int argc, _TCHAR* argv[])
{
NtQueryInformationProcess = (PNTQUERYINFORMATIONPROCESS)GetProcAddress(GetModuleHandle("ntdll"),"NtQueryInformationProcess");
if (!NtQueryInformationProcess)
return -1;
int nID = GetCurrentProcessId();
int nTemp = 0;
PRINT_LINE;
nTemp = GetParentProcessID(nID);
if(nTemp == -1)
{
printf(" 获取失败!\n");
return -1;
}
printf("进程:%lu ---->>>>>父进程PID为:%lu\n",nID,nTemp);
while (true)
{
nID = GetParentProcessID(nTemp);
if(nID == -1)
break;
printf("进程:%lu ---->>>>>父进程PID为:%lu\n",nTemp,nID);
nTemp = nID;
}
PRINT_LINE;
getchar();
return 0;
}
