static int _GetParentProcessID(IntPtr handle)
{
var pbi = new NativeMethods.PROCESS_BASIC_INFORMATION();
int size = 0;
int status = NativeMethods.NtQueryInformationProcess(handle, 0, ref pbi, Marshal.SizeOf(pbi), ref size);
if (status != 0)
{
throw new Exception("Unable to get parent process. NtQueryInformationProcess failed.");
}
return(pbi.InheritedFromUniqueProcessId.ToInt32());
}
static IntPtr _GetPebNative(IntPtr hProcess)
{
var pbi = new NativeMethods.PROCESS_BASIC_INFORMATION();
int res_len = 0;
int pbiSize = Marshal.SizeOf(pbi);
int status = NativeMethods.NtQueryInformationProcess(
hProcess,
NativeMethods.ProcessBasicInformation,
ref pbi,
pbiSize,
ref res_len);
if (res_len != pbiSize)
{
throw new Exception("Unable to query process information.");
}
return(pbi.PebBaseAddress);
}
