Sign in to follow this  
Followers 0
killaz219

Getting Parent PID

8 posts in this topic

I wana know if there is any way to retrieve the parent PID. I have a way of getting the hwnd but that usually comes back 0x000000, even when I tried running it from Ollydbg or the sort. I have been messing around with API for a little while but I still can't find a way to get the PPID without using hwnd.

Share this post


Link to post
Share on other sites



You could use the API GetProcessTimes and compare from there.


[center]Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.[/center]

Share this post


Link to post
Share on other sites

You could use the API GetProcessTimes and compare from there.

I just tried it but I can't get it to work. Can you give me a code sample?

Share this post


Link to post
Share on other sites

I just tried it but I can't get it to work. Can you give me a code sample?

Unfortunately, I've never played with it, and I'm too tired personally to wrap my head around it... But it seems that is the route you should take.

What do you have so far that isn't working that you've tried?... Maybe it just needs tweaking.


[center]Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.[/center]

Share this post


Link to post
Share on other sites

Unfortunately, I've never played with it, and I'm too tired personally to wrap my head around it... But it seems that is the route you should take.

What do you have so far that isn't working that you've tried?... Maybe it just needs tweaking.

It's not so much that it isn't working as it is I don't know how to set it up to get what I want it to do. MSDN didn't help me at all, and neither did my API helpfile, so I'm lost.

Share this post


Link to post
Share on other sites

It's not so much that it isn't working as it is I don't know how to set it up to get what I want it to do. MSDN didn't help me at all, and neither did my API helpfile, so I'm lost.

WMI can give you that information.

$wbemFlagReturnImmediately = 0x10
$wbemFlagForwardOnly = 0x20

$strComputer = "."
$objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\cimv2")
$colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_Process", "WQL", $wbemFlagReturnImmediately + $wbemFlagForwardOnly)
;$colItems = $objWMIService.ExecQuery("Select * from Win32_Process",,48)

$output = ""

For $objItem in $colItems
$Output = $Output & "Name: " & $objItem.Name & @CRLF
$Output = $Output & "ParentProcessId: " & $objItem.ParentProcessId & @CRLF
$Output = $Output & "ProcessId: " & $objItem.ProcessId & @CRLF
Next

clipPut($output)

Cheers

Kurt


__________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf *

Share this post


Link to post
Share on other sites

WMI can give you that information.

Cheers

Kurt

Thx I'll try it out

Share this post


Link to post
Share on other sites

Thx I'll try it out

O.K. You could start with @AutoItPID, then retrieve the PID and Paren PID of all process and compare the PID to @AutoItPID ==> Parent PID is then known.

Cheers

Kurt


__________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf *

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0