DWORD GetParentProcessID(DWORD dwProcessId)

	{

		LONG						status;

		DWORD						dwParentPID = (DWORD)-1;

		HANDLE						hProcess;

		PROCESS_BASIC_INFORMATION	pbi;

		PROCNTQSIP NtQueryInformationProcess = (PROCNTQSIP)GetProcAddress(

			GetModuleHandle(L"ntdll"), "NtQueryInformationProcess"); 

		if(NULL == NtQueryInformationProcess)

		{

			return (DWORD)-1;

		}

		// Get process handle

		hProcess = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE, dwProcessId);

		if (!hProcess)

		{

			return (DWORD)-1;

		}

		// Retrieve information

		status = NtQueryInformationProcess( hProcess,

			ProcessBasicInformation,

			(PVOID)&pbi,

			sizeof(PROCESS_BASIC_INFORMATION),

			NULL

			);

		// Copy parent Id on success

		if  (!status)

		{

			dwParentPID = pbi.InheritedFromUniqueProcessId;

		}

		CloseHandle (hProcess);

		return dwParentPID;

	}

控制台中需要加入下面代码

#include <wtypes.h>:

#define ProcessBasicInformation 0  

 typedef struct

 {

	 DWORD ExitStatus;

	 DWORD PebBaseAddress;

	 DWORD AffinityMask;

	 DWORD BasePriority;

	 ULONG UniqueProcessId;

	 ULONG InheritedFromUniqueProcessId;

 }   PROCESS_BASIC_INFORMATION;  

 // ntdll!NtQueryInformationProcess (NT specific!)

 //

 // The function copies the process information of the

 // specified type into a buffer

 //

 // NTSYSAPI

 // NTSTATUS

 // NTAPI

 // NtQueryInformationProcess(

 //    IN HANDLE ProcessHandle,              // handle to process

 //    IN PROCESSINFOCLASS InformationClass, // information type

 //    OUT PVOID ProcessInformation,         // pointer to buffer

 //    IN ULONG ProcessInformationLength,    // buffer size in bytes

 //    OUT PULONG ReturnLength OPTIONAL      // pointer to a 32-bit

 //                                          // variable that receives

 //                                          // the number of bytes

 //                                          // written to the buffer

 // );

 typedef LONG (__stdcall *PROCNTQSIP)(HANDLE,UINT,PVOID,ULONG,PULONG);