По PID (ИД процесса), получаем путь к файлу процесса который его запустил.
1 2 3 4 5 6 7 8 |
var procPath: UnicodeString; pid: Integer; begin pid:= 864; procPath:= getParentProcessPath(pid); ShowMessage(procPath);; end; |
Параметры
pid - ИД процесса
Результат
Путь к к файлу родителя процесса или пустую строку в случае неудачи или если родительский процесс уже не существует.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 |
function NtQueryInformationProcess( ProcessHandle : THandle; ProcessInformationClass : Byte; ProcessInformation : Pointer; ProcessInformationLength : ULONG; ReturnLength : PULONG ): DWORD; stdcall; external 'ntdll.dll'; function getParentProcessPath(dwProcessHandle: DWORD): UnicodeString; type PROCESS_BASIC_INFORMATION = packed record ExitStatus: DWORD; PebBaseAddress: Pointer; AffinityMask: DWORD; BasePriority: DWORD; uUniqueProcessId: Ulong; uInheritedFromUniqueProcessId: Ulong; end; type TQueryFullProcessImageNameW = function(AProcess: THANDLE; AFlags: DWORD; AFileName: PWideChar; var ASize: DWORD): BOOL; stdcall; TGetModuleFileNameExW = function(AProcess: THANDLE; AModule: HMODULE; AFilename: PWideChar; ASize: DWORD): DWORD; stdcall; const ProcessBasicInformation = 0; PROCESS_QUERY_LIMITED_INFORMATION = $00001000; var Info: PROCESS_BASIC_INFORMATION; hnd: Cardinal; procHandle: DWORD; HProcess: THandle; Lib: HMODULE; QueryFullProcessImageNameW: TQueryFullProcessImageNameW; S: DWORD; pid: dword; begin Result := ''; hnd:= OpenProcess(PROCESS_QUERY_INFORMATION or PROCESS_VM_READ, False, dwProcessHandle); DuplicateHandle(GetCurrentProcess, hnd, GetCurrentProcess, @procHandle, 0, False, DUPLICATE_SAME_ACCESS); if NtQueryInformationProcess(procHandle, ProcessBasicInformation, @Info, SizeOf(Info), nil) = NO_ERROR then pid := Info.uInheritedFromUniqueProcessId; Lib := GetModuleHandle('kernel32.dll'); if Lib = 0 then exit; @QueryFullProcessImageNameW := GetProcAddress(Lib, 'QueryFullProcessImageNameW'); if not Assigned(QueryFullProcessImageNameW) then exit; HProcess := OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, False, pid); if HProcess = 0 then exit; try S := MAX_PATH; SetLength(Result, S + 1); while not QueryFullProcessImageNameW(HProcess, 0, PWideChar(Result), S) and (GetLastError = ERROR_INSUFFICIENT_BUFFER) do begin S := S * 2; SetLength(Result, S + 1); end; SetLength(Result, S); Inc(S); if not QueryFullProcessImageNameW(HProcess, 0, PWideChar(Result), S) then exit; finally CloseHandle(HProcess); end; end; |