问题
I wanted to know if there was any way of checking if a particular process was started by the user by him/her double clicking, typing the required commands in cmd, via the address bar in explorer, etc. or by another program using CreateProcess() or ShellExecute().
I tried checking the parent process id of the created process but failed to see any consistency among the parent pids of the user initiated processes. I wanted to know if there was any other way or a fool proof way using the ppids.
回答1:
First you have to determine what the "process started by user" means to you. From Windows' point of view all the processes are started by another processes, whether it was somehow triggered by user or not.
回答2:
I can only think of getting processes belonging to currently logged on user otherwise i doubt that you can distinguish processes created on a system.
来源:https://stackoverflow.com/questions/21136366/is-it-possible-to-find-out-whether-a-process-was-started-by-a-user-or-by-another