/// <summary> /// Get parent process. /// </summary> public static Process GetParentProcess(this Process process, ITracer tracer) { if (!OSDetector.IsOnWindows()) { return(process.GetParentProcessLinux(tracer)); } IntPtr processHandle; if (!process.TryGetProcessHandle(out processHandle)) { return(null); } var pbi = new ProcessNativeMethods.ProcessInformation(); try { int returnLength; int status = ProcessNativeMethods.NtQueryInformationProcess(processHandle, 0, ref pbi, Marshal.SizeOf(pbi), out returnLength); if (status != 0) { throw new Win32Exception(status); } return(Process.GetProcessById(pbi.InheritedFromUniqueProcessId.ToInt32())); } catch (Exception ex) { var processName = process.SafeGetProcessName() ?? "(null)"; if (!processName.Equals("w3wp", StringComparison.OrdinalIgnoreCase)) { tracer.TraceError(ex, "GetParentProcess of {0}({1}) failed.", processName, process.Id); } return(null); } }
private static bool HasReadAccess(IntPtr hProcess, IntPtr address, out int size) { size = 0; var memInfo = new ProcessNativeMethods.MEMORY_BASIC_INFORMATION(); IntPtr result = ProcessNativeMethods.VirtualQueryEx( hProcess, address, ref memInfo, (IntPtr)Marshal.SizeOf(memInfo)); if (result == IntPtr.Zero) { return(false); } if (memInfo.Protect == ProcessNativeMethods.PAGE_NOACCESS || memInfo.Protect == ProcessNativeMethods.PAGE_EXECUTE) { return(false); } try { size = Convert.ToInt32(memInfo.RegionSize.ToInt64() - (address.ToInt64() - memInfo.BaseAddress.ToInt64())); } catch (OverflowException) { return(false); } if (size <= 0) { return(false); } return(true); }
/// <summary> /// Get parent process. /// </summary> public static Process GetParentProcess(this Process process, ITracer tracer) { var pbi = new ProcessNativeMethods.ProcessInformation(); try { int returnLength; int status = ProcessNativeMethods.NtQueryInformationProcess(process.Handle, 0, ref pbi, Marshal.SizeOf(pbi), out returnLength); if (status != 0) { throw new Win32Exception(status); } return(Process.GetProcessById(pbi.InheritedFromUniqueProcessId.ToInt32())); } catch (Exception ex) { if (!process.ProcessName.Equals("w3wp", StringComparison.OrdinalIgnoreCase)) { tracer.Trace("GetParentProcess of {0}({1}) failed with {2}", process.ProcessName, process.Id, ex); } return(null); } }