WinBatch Tech Support Home

Database Search

If you can't find the information using the categories below, post a question over in our WinBatch Tech Support Forum.

TechHome

WinBatch
UDF - UDS Library
Process UDFs

Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.

Get Information About Parent Process

Keywords: Detect Determine Application Program Process Launched Ran Spawned Parent Child Calling Current Module Name WinExeName ZwQueryInformationProcess GetCurrentProcess GetCurrentProcessId
; GetParentProcId.wbt
; 32-bit
;
; This script makes use of one of the Win32 Kernel API functions to obtain the current process' parent process id number.
; The parent process' id can then be used to get information about the parent process.
#DefineFunction udfGetMyParentProcId()
   ; Get a pseudo-handle to our own process.
   hMyProc = DllCall('KERNEL32.DLL',long:'GetCurrentProcess')
   ; Set up the input parameters for ZwQueryInformationProcess().
   nProcInfoBufSize = 6 * 4
   hProcInfoBuf = BinaryAlloc(nProcInfoBufSize)
   ProcessBasicInformation = 0
   Result = DllCall('NTDLL.DLL',long:'ZwQueryInformationProcess',long:hMyProc,long:ProcessBasicInformation,lpbinary:hProcInfoBuf,long:nProcInfoBufSize,lpnull)
   BinaryEodSet(hProcInfoBuf,nProcInfoBufSize)
   nMyProcId = BinaryPeek4(hProcInfoBuf,16)
   nMyParentProcId = BinaryPeek4(hProcInfoBuf,20)
   ; Sanity check - get our own process id by another method.
   nMyProcId2 = DllCall('KERNEL32.DLL',long:'GetCurrentProcessId')
   hProcInfoBuf = BinaryFree(hProcInfoBuf)
   Return nMyParentProcId
#EndFunction

procid = udfGetMyParentProcId()
windowlist = WinItemProcId(procid, 0, 1)
window = ItemExtract(1,windowlist,@TAB)
exe = WinExename(window)
Message("Parent Process Details",StrCat("Procid: ",procid, @LF, "Title: ",Window,@LF,"Exe: ", exe))
Exit

Article ID:   W17280

File Created: 2012:10:04:12:20:16
Last Updated: 2012:10:04:12:20:16