All geek questions in one place

Determine which process / program starts my process / program

Is there a way in the code to determine which process or application starts my process or application. Any decryption of .net, vb6 or C ++ code would be great

+3
source share
5 answers

In .Net,

Assembly.GetEntryAssembly()

returns the assembly from which the currently running assembly process was launched. But if you have more than one process, I do not believe that there is any way to determine which one was the first who started ...

To get the record assembly version,

 Assembly.GetEntryAssembly().GetName().Version
+1
source

. !

+1

"ProcessTree" , :

http://www.catch22.net/content/snippets

C-ish, .

ZwQuerySystemInformation(), SYSTEM_PROCESSES . , .. InheritiedFromProcessId, .

+1

:

public class ParentProc { 

[DllImport("KERNEL32.dll")] //[DllImport("toolhelp.dll")] 
public static extern int CreateToolhelp32Snapshot(uint flags, uint processid); 

[DllImport("KERNEL32.DLL")] //[DllImport("toolhelp.dll")] 
public static extern int CloseHandle(int handle); 

[DllImport("KERNEL32.DLL")] //[DllImport("toolhelp.dll") 
public static extern int Process32Next(int handle, ref ProcessEntry32 pe); 

[StructLayout(LayoutKind.Sequential)] 
public struct ProcessEntry32 { 
public uint dwSize; 
public uint cntUsage; 
public uint th32ProcessID; 
public IntPtr th32DefaultHeapID; 
public uint th32ModuleID; 
public uint cntThreads; 
public uint th32ParentProcessID; 
public int pcPriClassBase; 
public uint dwFlags; 
[MarshalAs(UnmanagedType.ByValTStr, SizeConst=256)] public string szExeFile; 
}; 

public static Process FindParentProcess() { 

int SnapShot = CreateToolhelp32Snapshot(0x00000002, 0); //2 = SNAPSHOT of all procs 
try{ 
ProcessEntry32 pe32 = new ProcessEntry32(); 
pe32.dwSize = 296; 
int procid = System.Diagnostics.Process.GetCurrentProcess().Id; 
while(Process32Next(SnapShot, ref pe32) != 0) { 
string xname = pe32.szExeFile.ToString(); 
if(procid==pe32.th32ProcessID) { 
return System.Diagnostics.Process.GetProcessById(Convert.ToInt32(pe32.th32ParentProcessID)); 
} 
} 

}catch(Exception ex){ 
throw new Exception(System.Reflection.MethodBase.GetCurrentMethod() + " failed! [Type:"+ex.GetType().ToString()+", Msg:"+ex.Message+"]"); 
}finally{ 
CloseHandle(SnapShot); 
} 
return null; 
} 

}
0

, WMI , , 100% (#/VB.NET), .

Example (only WMI requests, actual C # / VB.NET code is omitted):

   // First get figure the ID of your parent process
   SELECT ParentProcessID FROM Win32_Process WHERE ProcessID = <MYPROCESSID>

   // Than use that the get any attribute, e.g. the Name, of it
   SELECT Name FROM Win32_Process WHERE ProcessID = <PARENTPROCESSID>
0
source

Source: https://habr.com/ru/post/1717870/

More articles:


All Articles