/// <summary>
/// Get parent process.
/// </summary>
public static Process GetParentProcess(this Process process, ITracer tracer)
{
IntPtr processHandle;
if (!process.TryGetProcessHandle(out processHandle))
{
return(null);
}
var pbi = new ProcessNativeMethods.ProcessInformation();
try
{
int returnLength;
int status = ProcessNativeMethods.NtQueryInformationProcess(processHandle, 0, ref pbi, Marshal.SizeOf(pbi), out returnLength);
if (status != 0)
{
throw new Win32Exception(status);
}
return(Process.GetProcessById(pbi.InheritedFromUniqueProcessId.ToInt32()));
}
catch (Exception ex)
{
if (!process.ProcessName.Equals("w3wp", StringComparison.OrdinalIgnoreCase))
{
tracer.Trace("GetParentProcess of {0}({1}) failed with {2}", process.ProcessName, process.Id, ex);
}
return(null);
}
}
public static Process GetParentProcess(this Process process)
{
IntPtr processHandle;
if (!process.TryGetProcessHandle(out processHandle))
{
return(null);
}
var pbi = new ProcessNativeMethods.ProcessInformation();
try
{
int returnLength;
int status = ProcessNativeMethods.NtQueryInformationProcess(processHandle, 0, ref pbi, Marshal.SizeOf(pbi), out returnLength);
if (status != 0)
{
throw new Win32Exception(status);
}
return(Process.GetProcessById(pbi.InheritedFromUniqueProcessId.ToInt32()));
}
catch
{
return(null);
}
}
/// <summary>
/// Get parent process.
/// </summary>
public static Process GetParentProcess(this Process process, ITracer tracer)
{
try
{
if (!OSDetector.IsOnWindows())
{
return(process.GetParentProcessLinux(tracer));
}
IntPtr processHandle;
if (!process.TryGetProcessHandle(out processHandle))
{
return(null);
}
var pbi = new ProcessNativeMethods.ProcessInformation();
int returnLength;
int status = ProcessNativeMethods.NtQueryInformationProcess(processHandle, 0, ref pbi, Marshal.SizeOf(pbi), out returnLength);
if (status != 0)
{
throw new Win32Exception(status);
}
return(Process.GetProcessById(pbi.InheritedFromUniqueProcessId.ToInt32()));
}
catch (Exception ex)
{
var processName = process.SafeGetProcessName() ?? "(null)";
if (!processName.Equals("w3wp", StringComparison.OrdinalIgnoreCase))
{
tracer.TraceError(ex, "GetParentProcess of {0}({1}) failed.", processName, process.Id);
}
return(null);
}
}
private static IntPtr GetPebNative(IntPtr hProcess)
{
var pbi = new ProcessNativeMethods.ProcessInformation();
int res_len = 0;
int pbiSize = Marshal.SizeOf(pbi);
ProcessNativeMethods.NtQueryInformationProcess(
hProcess,
ProcessNativeMethods.ProcessBasicInformation,
ref pbi,
pbiSize,
out res_len);
if (res_len != pbiSize)
{
throw new Win32Exception("Unable to query process information.");
}
return(pbi.PebBaseAddress);
}
private static IntPtr GetPebNative(IntPtr hProcess)
{
var pbi = new ProcessNativeMethods.ProcessInformation();
int res_len = 0;
int pbiSize = Marshal.SizeOf(pbi);
ProcessNativeMethods.NtQueryInformationProcess(
hProcess,
ProcessNativeMethods.ProcessBasicInformation,
ref pbi,
pbiSize,
out res_len);
if (res_len != pbiSize)
{
throw new Win32Exception("Unable to query process information.");
}
return pbi.PebBaseAddress;
}
/// <summary>
/// Get parent process.
/// </summary>
public static Process GetParentProcess(this Process process, ITracer tracer)
{
IntPtr processHandle;
if (!process.TryGetProcessHandle(out processHandle))
{
return null;
}
var pbi = new ProcessNativeMethods.ProcessInformation();
try
{
int returnLength;
int status = ProcessNativeMethods.NtQueryInformationProcess(processHandle, 0, ref pbi, Marshal.SizeOf(pbi), out returnLength);
if (status != 0)
{
throw new Win32Exception(status);
}
return Process.GetProcessById(pbi.InheritedFromUniqueProcessId.ToInt32());
}
catch (Exception ex)
{
if (!process.ProcessName.Equals("w3wp", StringComparison.OrdinalIgnoreCase))
{
tracer.Trace("GetParentProcess of {0}({1}) failed with {2}", process.ProcessName, process.Id, ex);
}
return null;
}
}
