Parent Process ID

There's, surprisingly, very little information about the Parent Process ID in VB .NET and even MS' beloved C# ;)

While doing some research, I found that C++ has a built in method that they can use to grab the Parent PID super easy.

I know that WMI has a Parent Process ID... thing... built into it, but I was wondering if anyone knew how to manipulate the Process Class in .NET so I could grab the Parent Process and list all child processes.

Any information is appreciated.

Thanks

Found this. You might be able to use API's to help you out...but no native .net support it appears...

Edit: Found this too, and a Code Project link that might help you too...

I've looked at this before and dont think I ever got it working... so I'd be interested to see your code if you do get it working properly :)

[QUOTE=formlesstree4;3707349]Found [url= You might be able to use API's to help you out...but no native .net support it appears...

Edit: [url= this too[/url], and a Code Project [url= that might help you too...[/QUOTE]

Yeah. I was hoping to avoid APIs as well, since I'm already grabbing them with the process class. But, it seems I won't have much of a choice :p

Yeah there is definitely no way to do it in managed code, but even when looking into Windows APIs that do it I couldnt get it working. It was a while ago though so maybe it was just because I hadnt used Windows APIs much, it might not be that hard (dont want to put you off! :))

Quote:

---

Originally Posted by weirddemon

Yeah. I was hoping to avoid APIs as well, since I'm already grabbing them with the process class. But, it seems I won't have much of a choice :p

---

What happened to that quote :ehh:

Anyway, like chris said, there's probably no avoiding it. Guess Microsoft figured you wouldn't need to find out the Parent Process ID.

It does seem odd that you cant get it via managed code, considering the amount of detail you can get from a process in managed code (as weirddemons's process manager program demonstrates).

Quote:

---

Originally Posted by formlesstree4

What happened to that quote :ehh:

Anyway, like chris said, there's probably no avoiding it. Guess Microsoft figured you wouldn't need to find out the Parent Process ID.

---

Yeah. I have no idea what happened with that quote. I was on my phone, so that may be it. The Pre sucks ;)

What's funny about this situation is that I remembering reading an article from MS stating that they were going to add that feature into the framework. That article, if I remember correctly, was from 2 years ago :P

I also remember them saying they wanted to add it to the 4.0 Framework, but I haven't seen any documents on that yet. So, go MS! ;)

OK so I fancied another go at this and it has taken a lot longer than I thought lol couldnt find any complete working examples anywhere that showed how to use any Windows APIs to do this in .NET. There were a few examples but they either had the wrong definitions for the structure or only showed the definition for the method etc, so I've put together my own example now that I have finally got it working. Here's the API definition:

vb Code:

Public Const PROCESSBASICINFORMATION As UInteger = 0
 
    <System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential, Pack:=1)> _
    Public Structure Process_Basic_Information
        Public ExitStatus As IntPtr
        Public PepBaseAddress As IntPtr
        Public AffinityMask As IntPtr
        Public BasePriority As IntPtr
        Public UniqueProcessID As IntPtr
        Public InheritedFromUniqueProcessId As IntPtr
    End Structure
 
    <System.Runtime.InteropServices.DllImport("ntdll.dll", EntryPoint:="NtQueryInformationProcess")> _
    Public Shared Function NtQueryInformationProcess(ByVal handle As IntPtr, ByVal processinformationclass As UInteger, ByRef ProcessInformation As Process_Basic_Information, ByVal ProcessInformationLength As Integer, ByRef ReturnLength As UInteger) As Integer
    End Function

Now this is one of the weirdest Windows APIs I have ever worked with - according to the MSDN documentation all of those members of the Process_Basic_Information structure should not be able to just be declared as IntPtr but that is the ONLY way that I can find to make this thing work in .NET (the only other way that worked was declaring them all as Integer if on a 32 bit system or UInt64 on a 64 bit system). Anyway, here's an example of how to use it:

vb Code:

'Create an instance of our API structure - we will pass
        'this to the API function in a moment
        Dim ProccessInfo As New Process_Basic_Information
 
        'A quick and dirty example of getting the handle of a specific process
        Dim ProcHandle As IntPtr = Process.GetProcessesByName("Notepad")(0).Handle
 
        'Used as an output parameter by the API function
        Dim RetLength As UInteger
 
        'Here we actually call the function and pass in the relevant information
        NtQueryInformationProcess(ProcHandle, PROCESSBASICINFORMATION, ProccessInfo, Marshal.SizeOf(ProccessInfo), RetLength)
        'We should really check to make sure the function returned 0 before we try to
        'use the data but this is just an example
 
        'Show the parent process ID in a messagebox
        MessageBox.Show("Parent ID: " & ProccessInfo.InheritedFromUniqueProcessId.ToString)

Hope that helps someone out in the future!

EDIT: on second thoughts perhaps this belongs in the codebank more than it does here..