//
// #include <Windows.h>
#include <winnt.h>
#include <winternl.h> typedef NTSTATUS (__stdcall * NTQUERYINFORMATIONPROCESS)
(
HANDLE ProcessHandle,
PROCESSINFOCLASS ProcessInformationClass,
PVOID ProcessInformation,
ULONG ProcessInformationLength,
PULONG ReturnLength
); int _tmain(int argc, _TCHAR* argv[])
{
int errCode = ; HMODULE hMod = GetModuleHandle(L"NTDLL.DLL");
if (hMod == NULL)
{
return ;
} NTQUERYINFORMATIONPROCESS ptrNtQueryInformationProcess = (NTQUERYINFORMATIONPROCESS)GetProcAddress(hMod, NtQueryInformationProcess");
if (ptrNtQueryInformationProcess == NULL)
{
return ;
} PROCESS_BASIC_INFORMATION processBasicInformation;
ULONG retLength = ;
NTSTATUS status = ptrNtQueryInformationProcess(GetCurrentProcess(), ProcessBasicInformation, processBasicInformation, sizeof(processBasicInformation), retLength); return errCode;
} //
在 PROCESS_BASIC_INFORMATION 结构体中,Reserved3字段保存的是父进程ID,强制转换成DWORD即可。