snapshot으로 구해도 되지만, NATIVE API 가 훨 유용하다.
#include "winternl.h"
typedef NTSTATUS(NTAPI* ZwQueryInformationProcessT)(IN HANDLE, IN PVOID, OUT PVOID, IN ULONG, OUT PULONG );
typedef DWORD (WINAPI * GetProcessImageFileNameWT)(HANDLE,LPWSTR,DWORD);
static ZwQueryInformationProcessT ZwQueryInformationProcess = NULL;
static GetProcessImageFileNameWT _GetProcessImageFileNameWT = NULL;
//ProcessBasicInformation
//ProcessImageFileName
BOOL GetParentProcessName(LPWSTR lpwProcessName, DWORD size)
{
HANDLE h = INVALID_HANDLE_VALUE;
PROCESS_BASIC_INFORMATION basicinfo = {0,};
DWORD bytesIO = 0;
BOOL bRet = TRUE;
HMODULE psapi = NULL;
ZwQueryInformationProcess = (ZwQueryInformationProcessT)GetProcAddress(GetModuleHandle(_T("ntdll.dll")), "ZwQueryInformationProcess" );
if(!ZwQueryInformationProcess)
return FALSE;
ZwQueryInformationProcess(GetCurrentProcess(), 0, &basicinfo, sizeof(basicinfo), &bytesIO);
h = OpenProcess(PROCESS_ALL_ACCESS, TRUE, (DWORD)basicinfo.Reserved3);
if(!h)
return FALSE;
psapi = GetModuleHandleA("psapi.dll");
if(!psapi)
{
psapi = LoadLibraryW(L"Psapi.dll");
}
_GetProcessImageFileNameWT = (GetProcessImageFileNameWT)GetProcAddress(GetModuleHandleA("psapi.dll"), "GetProcessImageFileNameW");
if(_GetProcessImageFileNameWT == NULL)
goto $cleanup;
DWORD dwRet = _GetProcessImageFileNameWT(h, lpwProcessName, size);
if(!dwRet )
bRet = FALSE;
$cleanup:
if(h)
CloseHandle(h);
return bRet;
}