获取父进程ID

Tags: /超级猛料/OS.操作系统/浏览器、系统/ Date Created:

获取创建本进程的进程的ID

const

ProcessBasicInformation = 0;

{ NtQueryInformation types }

type

TProcessBasicInformation = packed record

ExitStatus: Integer;

PebBaseAddress: Pointer;

AffinityMask: Integer;

BasePriority: Integer;

UniqueProcessID: Integer;

InheritedFromUniqueProcessID: Integer;

end;

TNtQueryInformationProcess =

function(hProcess: THandle; ProcessInformationClass: Integer;

var ProcessInformation; ProcessInformationLength: Integer;

var ReturnLength: Integer): Integer; stdcall;

{ Retrieve parent process ID from NtQueryInformation }

function GetParentProcessIDForNT: Integer;

var

hNTDLL: Integer;

NtQueryInformationProcess: TNtQueryInformationProcess;

PBI: TProcessBasicInformation;

ReturnLength: Integer;

begin

Result := 0;

// Attempt to load NTDLL

hNTDLL := LoadLibrary('NTDLL.DLL');

if hNTDLL <> 0 then

begin

// Retrieve address of NtQueryInformationProcess

NtQueryInformationProcess := GetProcAddress(hNTDLL,

'NtQueryInformationProcess');

if Assigned(NTQueryInformationProcess) then

begin

// Call NtQueryInformationProcess

NtQueryInformationProcess(GetCurrentProcess,

ProcessBasicInformation,

PBI, SizeOf(PBI), ReturnLength);

// Return parent process ID

Result := PBI.InheritedFromUniqueProcessID;

end;

// Release NTDLL

FreeLibrary(hNTDLL);

end;

{ ToolHelp32 function prototypes }

{ ToolHelp32 constants }

const

TH32CS_SNAPPROCESS = $00000002;

{ ToolHelp32 types }

type

PProcessEntry32 = ^TProcessEntry32;

TProcessEntry32 = record

dwSize: DWORD;

cntUsage: DWORD;

th32ProcessID: DWORD;

th32DefaultHeapID: DWORD;

th32ModuleID: DWORD;

cntThreads: DWORD;

th32ParentProcessID: DWORD;

pcPriClassBase: Longint;

dwFlags: DWORD;

szExeFile: array[0..MAX_PATH - 1] of Char;// Path

end;

type

TCreateToolhelp32Snapshot = function(dwFlags, th32ProcessID: DWORD): THandle; stdcall;

TProcess32First = function(hSnapshot: THandle; var lppe: TProcessEntry32): BOOL;stdcall;

TProcess32Next = function(hSnapshot: THandle; var lppe: TProcessEntry32): BOOL; stdcall;

function GetParentProcessIDForWindows: Integer;

var

Kernel32: THandle;

CreateToolhelp32Snapshot: TCreateToolhelp32Snapshot;

Process32First: TProcess32First;

Process32Next: TProcess32Next;

Snapshot: THandle;

Entry: TProcessEntry32;

WalkResult: Boolean;

ID: ULONG;

begin

Result := 0;

// Attempt to load KERNEL32

Kernel32 := LoadLibrary('KERNEL32.DLL');

if Kernel32 <> 0 then

begin

// Retrieve ToolHelp32 function addresses

CreateToolhelp32Snapshot :=

GetProcAddress(Kernel32, 'CreateToolhelp32Snapshot');

Process32First := GetProcAddress(Kernel32, 'Process32First');

Process32Next := GetProcAddress(Kernel32, 'Process32Next');

if Assigned(CreateToolhelp32Snapshot) and

Assigned(Process32First) and

Assigned(Process32Next) then

begin

// Retrieve current process ID for comparison

ID := GetCurrentProcessId;

// Create processes snapshot

Snapshot := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);

if Integer(Snapshot) <> -1 then

begin

// Start walking list of processes

Entry.dwSize := SizeOf(TProcessEntry32);

WalkResult := Process32First(Snapshot, Entry);

// Walk through entire list until result can be determined

while (GetLastError <> ERROR_NO_MORE_FILES) and (Result = 0)

begin

if WalkResult then

begin

// If this is the current process, return its parent

if Entry.th32ProcessID = ID then

Result := Entry.th32ParentProcessID;

end;

// Move to next item in the process list

Entry.dwSize := SizeOf(TProcessEntry32);

WalkResult := Process32Next(Snapshot, Entry);

end;

// Release handle to the snapshot

CloseHandle(Snapshot);

end;

// Release KERNEL32

FreeLibrary(Kernel32);

end;

function GetParentProcessID: Integer;

begin

// If Windows 95/98 or NT 5.0+, use ToolHelp32

if (Win32Platform = VER_PLATFORM_WIN32_NT) and

(Win32MajorVersion < 5) then

Result := GetParentProcessIDForNT else

Result := GetParentProcessIDForWindows;

end;