是否可以通过CreateProcess或ShellExecute找出某个进程是由用户启动还是由其他进程启动? [英] Is it possible to find out whether a process was started by a user or by another process via CreateProcess or ShellExecute?

问题描述

我想知道是否有任何方法可以检查用户是否通过双击用户，在cmd中键入所需命令，通过资源管理器中的地址栏等启动了某个特定进程，或者由其他程序启动了该进程使用CreateProcess()或ShellExecute().

I wanted to know if there was any way of checking if a particular process was started by the user by him/her double clicking, typing the required commands in cmd, via the address bar in explorer, etc. or by another program using CreateProcess() or ShellExecute().

我尝试检查创建的进程的父进程ID，但是看不到用户启动的进程的父pid之间的任何一致性.我想知道使用ppid是否还有其他方法或简单的方法.

I tried checking the parent process id of the created process but failed to see any consistency among the parent pids of the user initiated processes. I wanted to know if there was any other way or a fool proof way using the ppids.

推荐答案

首先，您必须确定用户启动的进程"对您而言意味着什么.从Windows的角度来看，所有进程都是由另一个进程启动的，无论它是否是由用户触发的.

First you have to determine what the "process started by user" means to you. From Windows' point of view all the processes are started by another processes, whether it was somehow triggered by user or not.

这篇关于是否可以通过CreateProcess或ShellExecute找出某个进程是由用户启动还是由其他进程启动?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！