Nei*_*her 3 c windows winapi process
我试图在Windows控制台应用程序(C/C++)中获取父进程的名称(完整路径).它看起来应该有效,但它失败了,我看不出我做错了什么.它成功获取父PID,但未获取名称.任何更正将不胜感激.
#include <Windows.h>
#include <stdio.h>
#include <tlhelp32.h>
#include <Psapi.h>
DWORD getParentPID(DWORD pid)
{
HANDLE h = NULL;
PROCESSENTRY32 pe = { 0 };
DWORD ppid = 0;
pe.dwSize = sizeof(PROCESSENTRY32);
h = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if( Process32First(h, &pe))
{
do
{
if (pe.th32ProcessID == pid)
{
ppid = pe.th32ParentProcessID;
break;
}
} while( Process32Next(h, &pe));
}
CloseHandle(h);
return (ppid);
}
int getProcessName(DWORD pid, PUCHAR fname, DWORD sz)
{
HANDLE h = NULL;
int e = 0;
h = OpenProcess
(
PROCESS_QUERY_INFORMATION,
FALSE,
pid
);
if (h)
{
if (GetModuleFileNameEx(h, NULL, fname, sz) == 0)
e = GetLastError();
CloseHandle(h);
}
else
{
e = GetLastError();
}
return (e);
}
int main(int argc, char *argv[])
{
DWORD pid, ppid;
int e;
char fname[MAX_PATH] = {0};
pid = GetCurrentProcessId();
ppid = getParentPID(pid);
e = getProcessName(ppid, fname, MAX_PATH);
printf("PPID=%d Err=%d EXE={%s}\n", ppid, e, fname);
}
附加信息:OpenProcess返回5(ERROR_ACCESS_DENIED).如果我按照建议添加PROCESS_VM_READ,则返回299(ERROR_PARTIAL_COPY).我可以打开当前进程,但不能打开父进程.
OpenProcess使用附加PROCESS_VM_READ标志调用它应该可以工作:
h = OpenProcess
(
PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,
FALSE,
pid
);
另请查看 Mekap 提到的可能重复项
在Windows Vista +上,您可以使用QueryFullProcessImageName而不是GetModuleFileNameEx.OpenProcess然后只需要使用较少特权的PROCESS_QUERY_LIMITED_INFORMATION标志来调用.
| 归档时间: |
|
| 查看次数: |
5327 次 |
| 最近记录: |