Construct Process Tree in Windows

To construct a process tree in Windows "C" given a PID, which one is a good approach to go for Win2k, XP, Windows Server 2008, Windows 7.

1. ZwQuerySystemInformation
2. NtQuerySystemInformation
3. CreateToolhelp32Snapshot

I rememb开发者_开发问答er ToolHelp had issue in leaking memory for win2k. Please correct me if I am wrong.

And using ZwQuerySystemInformation/NtQuerySystemInformation, I am not sure what the // System Information Class 5 structure should be for 64-bit architecture. Can someone provide pointers to it?

-Karthik

Off the top of my head, the documented ways to list processes include:

• WTSEnumerateProcesses (Must delayload, call will fail if Terminal Services/Fastuserswitching is off)
• EnumProcesses (Only a list of PID's)
• CreateToolhelp32Snapshot
• Performance Counters
• WMI