Determining the parent Process
CodeGuru Home VC++ / MFC / C++ .NET / C# Visual Basic VB Forums Developer.com
Results 1 to 2 of 2

Thread: Determining the parent Process

  1. #1
    Join Date
    Jun 2010
    Location
    Germany
    Posts
    2,591

    Question Determining the parent Process

    I have written a small process lister that is meant to gather some specific information I want for debugging on a user's machine. It basically gets me anything I want by now except the parent process of a specific process (i.e. the one that started it). Despite the wealth of information offered by the System::Diagnostics::Process and ...::ProcessModule classes I didn't find a way to find that out. (Maybe there's a way to do that using Windows API?)

    I know there are apps that are able to do that, like for instance Sysinternals' Process Explorer or my AV. What I don't know is: Do they rely on some service being started earier that monitors process starts (which I would consider overkill in my scenario)? Or do they need to enumerate the entire process tree (which Process Explorer obviously does anyway and might be an effort I'm willing to take)?
    I was thrown out of college for cheating on the metaphysics exam; I looked into the soul of the boy sitting next to me.

    This is a snakeskin jacket! And for me it's a symbol of my individuality, and my belief... in personal freedom.

  2. #2
    Join Date
    Jun 2010
    Location
    Germany
    Posts
    2,591

    Lightbulb Re: Determining the parent Process

    Ok, today I gave up the idea of finding a .NET way of doing this, so I removed ".NET" from my list of MSDN search terms. And I was amply surprised to find this as the last item on the first page of hits: http://msdn.microsoft.com/en-us/netf...aspx#Question3

    I wonder why I didn't find that while searching for related .NET stuff. Obviously MSDN search doesn't always return the same set of hits for the same query (even in rapid succession), just like Google, BTW. But can that be the only explanation?

    In this FAQ it suddenly looked really simple and it even was a completely .NET-ish approach. However, it wasn't really that simple, especially if there's more than one process of the same name running on the system at the same time (which just happens to be exactly the case I want to investigate with this program... ). In this case of course these processes all have their own performance counter instance and only the first one is named exactly like the process. The others are made distinct by appending a # and a number. (See http://msdn.microsoft.com/en-us/library/ms803837.aspx)

    I saw no way out of this dilemma except enumerating the various performance counter instances of the equally-named processes myself, trying to match the process ids. This is the code I'm currently using:

    Code:
      for each (Process ^proc in aproc) {
        Console::WriteLine("Name: {0}", proc->ProcessName);
        Console::WriteLine("  ID: {0}", proc->Id);
        if (proc->Id > 4) {  // Skip details for system kinda processes
          // ...
    
          String ^strParentName = "(unknown)";
          try {
            String ^strPerfcInstance = proc->ProcessName;
            PerformanceCounter ^pcThisId = gcnew PerformanceCounter("Process", "ID Process", strPerfcInstance);
            int i = 0;
            while (pcThisId->RawValue != proc->Id) {
              strPerfcInstance = String::Format("{0}#{1}", proc->ProcessName, ++i);
              pcThisId = gcnew PerformanceCounter("Process", "ID Process", strPerfcInstance);
            }
            PerformanceCounter ^pcParentId = gcnew PerformanceCounter("Process", "Creating Process ID", strPerfcInstance);
            Process ^procParent = Process::GetProcessById(pcParentId->RawValue);
            strParentName = String::Format("{0} (ID {1})", procParent->MainModule->FileName, procParent->Id);
          }
          catch (...) {}
          Console::WriteLine("  Parent process file name: {0}", strParentName);
        }
        Console::WriteLine();
      }
    However, I don't find that really elegant and I'm probably not aware of all the pitfalls lurking in this precedure. One potential pitfall I am aware of but that I don't account for yet: What if the performance counter instances of a given process name are not numbered contigously?

    Any advice and comments welcome.

    For further reference:
    Last edited by Eri523; June 7th, 2011 at 06:28 PM.
    I was thrown out of college for cheating on the metaphysics exam; I looked into the soul of the boy sitting next to me.

    This is a snakeskin jacket! And for me it's a symbol of my individuality, and my belief... in personal freedom.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  


Windows Mobile Development Center


Click Here to Expand Forum to Full Width

This is a CodeGuru survey question.


Featured


HTML5 Development Center