stackoom
  简体   繁体   中英

How can I reliably check whether one Windows process is the parent of another in C++?

 原文  2011-07-06 07:36:01       c++/ windows/ winapi

Question

I'm working on a function which gets me the PID of the parent process for a given PID. The prototype of the function is 

DWORD getParentPid( DWORD pid );

To do so, I'm using the CreateToolhelp32Snapshot function (and related functions) to get the PROCESSENTRY32 structure for my given PID pid . I can then use the th32ParentProcessId field of the structure to get the PID of the process which created my given process.

However, since the parent process might have been destroyed already (and it's PID might have been reused by Windows), I'm using the GetProcessTimes function to get the creation times of the supposed parent and the child process and then compare those using CompareFileTime .

If CompareFileTime returns -1 , I know that the process with the parent ID was created before my child process, so it's indeed the parent. Otherwise, it's apparently a re-used ID - and the parent PID is invalid (it doesn't reference the original parent anymore).

The issue with this is that it very much relies on a strictly monotonous system clock and the granularity of GetProcessTimes . I did experience cases in which CompareFileTime returned 0 (which means "equal time") even though the process being considered were indeed in a parent-child relationship. I could change my check so that a CompareFileTime result value <= 0 would be considered to indicate a parent, but then I would break the (theoretical) case where a parent created a child process, then the parent was destroyed, and then Windows re-used the PID - all within 100ns (which is the resolution of GetProcessTimes ).

I wonder - is there a different, more reliably, mechanism to verify that some process is indeed the parent of another process in C++?

I need this function in order to determine all child processes (this means including grand-child processes).我需要这个 function 以确定所有子进程(这意味着包括孙子进程)。 The CreateToolhelp32Snapshot lets me iterate over all processes but I need to look at the parent PID of each of them to tell whether it's a child of my process at hand.

2 answers

solution1
 1  2011-07-06 14:32:40

If the process(es) have been created whilst your app is running, you could just iterate over it repeatedly over time and catch PID re-use.

solution2
 0 ACCPTED  2011-07-06 09:15:37

The sample here:

http://msdn.microsoft.com/en-us/library/ms686701(v=vs.85).aspx

Shows calling CreateToolhelp32Snapshot with a parameter of 0 for the processId and it uses the option TH32CS_SNAPPROCESS which says it captures all processes. Then, once you've got the snapshot, as in the sample you can walk the processes as they existed in the snapshot. The parent id's should be valid within the snapshot because you're looking at the state of all the processes as they existed in the single moment when the snapshot was taken. You don't have to bother with your process start time comparison stuff.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Check whether one specific process is running on windows with C++ How do I check whether a file exists in C++ for a Windows program? How to check whether a vector is a subset of another in c++ Windows C++ How can I call a blocking read from one thread to another? c++ how to determine whether one word is before another in the alphabet How can I check whether a user enters the same number twice? C++ Help? How can I check in C++ whether std::cout is redirected to a file? Can I reliably set a function pointer to NULL in C and C++? how can i move pointer of one class to another in c++ How to check if a file is used by another process in C++?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM