. 这个功能是最开始用在怼某款软件时用到的,因为需要做某款软件的插件获取一些数据信息,但是某款软件的某些数据是从服务器拿到主进程上然后在通过自己封装的一套内存共享或者其他XX方式传递到某款软件的子进程而不是直接从服务器发送到子进程上的。所以我也一样只能主进程和子进程都要怼,并且需要获取某款软件的子进程ID。因为需要从主进程获取消息后通过共享内存发送给子进程。
. 下面的代码就是获取一个进程的子进程ID的功能。不过后来发现某款软件并不会有多开的情况。所以又不需要用到了。工程中代码删除了,不过还是放在这里保留一份。要是以后能在用得到呢?并且为博客添砖板瓦。
typedef enum enumSYSTEM_INFORMATION_CLASS
{
SystemBasicInformation,
SystemProcessorInformation,
SystemPerformanceInformation,
SystemTimeOfDayInformation,
}SYSTEM_INFORMATION_CLASS;
typedef struct tagPROCESS_BASIC_INFORMATION
{
DWORD ExitStatus;
DWORD PebBaseAddress;
DWORD AffinityMask;
DWORD BasePriority;
ULONG UniqueProcessId;
ULONG InheritedFromUniqueProcessId;
}PROCESS_BASIC_INFORMATION;
typedef LONG (WINAPI *PNTQUERYINFORMATIONPROCESS)(HANDLE,UINT,PVOID,ULONG,PULONG);
PNTQUERYINFORMATIONPROCESS NtQueryInformationProcess;
int MemShare::GetHelperPID()
{
DWORD pid = GetCurrentProcessId();
map<unsigned int, HString> map_pid_exe;
get_process_list(map_pid_exe); //这个函数就是得到枚举进程的函数就不放了。
map<unsigned int, HString>::iterator it = map_pid_exe.begin();
for (it; it != map_pid_exe.end(); it++)
{
if (it->second.get_short_name().compare(L"XXXXXX.exe") == 0)
{
DWORD ppid = GetParentProcessID(it->first);
if (ppid == pid)
{
return it->first;
}
}
}
return 0;
}
int MemShare::GetParentProcessID(DWORD dwId)
{
PNTQUERYINFORMATIONPROCESS NtQueryInformationProcess = (PNTQUERYINFORMATIONPROCESS)GetProcAddress(
GetModuleHandle(L"ntdll"),
"NtQueryInformationProcess");
if (!NtQueryInformationProcess)
return 0;
LONG status;
DWORD dwParentPID = 0;
HANDLE hProcess;
PROCESS_BASIC_INFORMATION pbi;
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,dwId);
if(!hProcess)
return -1;
status = NtQueryInformationProcess(
hProcess,
SystemBasicInformation,
(PVOID)&pbi,
sizeof(PROCESS_BASIC_INFORMATION),
NULL);
if(!status)
dwParentPID = pbi.InheritedFromUniqueProcessId;
CloseHandle (hProcess);
return dwParentPID;
}
发表评论