获取线程启动地址 C 源码[收藏]http://www.jm-m.cn/html/366.html
2008-11-03 15:43
232 查看
#define WIN32_LEAN_AND_MEAN
#define _WIN32_WINNT 0x400
#include <stdio.h>
#include <tchar.h>
#include <locale.h>
#include <windows.h>
#include <psapi.h>
#include <Tlhelp32.h>
#pragma comment (lib, "psapi.lib")
//
// Thread Information Classes
//
typedef enum _THREADINFOCLASS {
ThreadBasicInformation,
ThreadTimes,
ThreadPriority,
ThreadBasePriority,
ThreadAffinityMask,
ThreadImpersonationToken,
ThreadDescriptorTableEntry,
ThreadEnableAlignmentFaultFixup,
ThreadEventPair_Reusable,
ThreadQuerySetWin32StartAddress,
ThreadZeroTlsCell,
ThreadPerformanceCount,
ThreadAmILastThread,
ThreadIdealProcessor,
ThreadPriorityBoost,
ThreadSetTlsArrayAddress,
ThreadIsIoPending,
ThreadHideFromDebugger,
ThreadBreakOnTermination,
MaxThreadInfoClass
} THREADINFOCLASS;
typedef struct _CLIENT_ID {
HANDLE UniqueProcess;
HANDLE UniqueThread;
} CLIENT_ID;
typedef CLIENT_ID *PCLIENT_ID;
typedef struct _THREAD_BASIC_INFORMATION { // Information Class 0
LONG ExitStatus;
PVOID TebBaseAddress;
CLIENT_ID ClientId;
LONG AffinityMask;
LONG Priority;
LONG BasePriority;
} THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
extern "C" LONG (__stdcall *ZwQueryInformationThread) (
IN HANDLE ThreadHandle,
IN THREADINFOCLASS ThreadInformationClass,
OUT PVOID ThreadInformation,
IN ULONG ThreadInformationLength,
OUT PULONG ReturnLength OPTIONAL
) = NULL;
extern "C" LONG (__stdcall *RtlNtStatusToDosError) (
IN ULONG status) = NULL;
BOOL ShowThreadInfo (DWORD tid)
{
THREAD_BASIC_INFORMATION tbi;
PVOID startaddr;
LONG status;
HANDLE thread, process;
thread = ::OpenThread (THREAD_ALL_ACCESS, FALSE, tid);
if (thread == NULL)
return FALSE;
status = ZwQueryInformationThread (thread,
ThreadQuerySetWin32StartAddress,
&startaddr,
sizeof (startaddr),
NULL);
if (status < 0)
{
CloseHandle (thread);
SetLastError (RtlNtStatusToDosError (status));
return FALSE;
};
_tprintf (TEXT ("线程 %08x 的起始地址为 %p/n"),
tid,
startaddr);
status = ZwQueryInformationThread (thread,
ThreadBasicInformation,
&tbi,
sizeof (tbi),
NULL);
if (status < 0)
{
CloseHandle (thread);
SetLastError (RtlNtStatusToDosError (status));
return FALSE;
};
_tprintf (TEXT ("线程 %08x 所在进程ID为 %08x/n"),
tid,
(DWORD)tbi.ClientId.UniqueProcess);
process = ::OpenProcess (PROCESS_ALL_ACCESS,
FALSE,
(DWORD)tbi.ClientId.UniqueProcess);
if (process == NULL)
{
DWORD error = ::GetLastError ();
CloseHandle (thread);
SetLastError (error);
return FALSE;
};
TCHAR modname [0x100];
::GetModuleFileNameEx (process, NULL, modname, 0x100);
_tprintf (TEXT ("线程 %08x 所在进程映象为 %s/n"),
tid,
modname);
GetMappedFileName(process,
startaddr,
modname,
0x100);
_tprintf (TEXT ("线程 %08x 可执行代码所在模块为 %s/n"),
tid,
modname);
CloseHandle (process);
CloseHandle (thread);
return TRUE;
};
int main (void)
{
setlocale (LC_ALL, ".ACP");
HINSTANCE hNTDLL = ::GetModuleHandle (TEXT ("ntdll"));
(FARPROC&)ZwQueryInformationThread =
::GetProcAddress (hNTDLL, "ZwQueryInformationThread");
(FARPROC&)RtlNtStatusToDosError =
::GetProcAddress (hNTDLL, "RtlNtStatusToDosError");
HANDLE h = CreateToolhelp32Snapshot (TH32CS_SNAPTHREAD, 0);
THREADENTRY32 te;
te.dwSize = sizeof (te);
if (Thread32First (h, &te))
{
do
{
if (ShowThreadInfo (te.th32ThreadID))
{
}
else
{
_tprintf (TEXT("无法获得线程 %08x 的相关信息,错误代码为 %d/n"),
te.th32ThreadID, GetLastError ());
};
} while (Thread32Next (h, &te));
};
CloseHandle (h);
};
#define _WIN32_WINNT 0x400
#include <stdio.h>
#include <tchar.h>
#include <locale.h>
#include <windows.h>
#include <psapi.h>
#include <Tlhelp32.h>
#pragma comment (lib, "psapi.lib")
//
// Thread Information Classes
//
typedef enum _THREADINFOCLASS {
ThreadBasicInformation,
ThreadTimes,
ThreadPriority,
ThreadBasePriority,
ThreadAffinityMask,
ThreadImpersonationToken,
ThreadDescriptorTableEntry,
ThreadEnableAlignmentFaultFixup,
ThreadEventPair_Reusable,
ThreadQuerySetWin32StartAddress,
ThreadZeroTlsCell,
ThreadPerformanceCount,
ThreadAmILastThread,
ThreadIdealProcessor,
ThreadPriorityBoost,
ThreadSetTlsArrayAddress,
ThreadIsIoPending,
ThreadHideFromDebugger,
ThreadBreakOnTermination,
MaxThreadInfoClass
} THREADINFOCLASS;
typedef struct _CLIENT_ID {
HANDLE UniqueProcess;
HANDLE UniqueThread;
} CLIENT_ID;
typedef CLIENT_ID *PCLIENT_ID;
typedef struct _THREAD_BASIC_INFORMATION { // Information Class 0
LONG ExitStatus;
PVOID TebBaseAddress;
CLIENT_ID ClientId;
LONG AffinityMask;
LONG Priority;
LONG BasePriority;
} THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
extern "C" LONG (__stdcall *ZwQueryInformationThread) (
IN HANDLE ThreadHandle,
IN THREADINFOCLASS ThreadInformationClass,
OUT PVOID ThreadInformation,
IN ULONG ThreadInformationLength,
OUT PULONG ReturnLength OPTIONAL
) = NULL;
extern "C" LONG (__stdcall *RtlNtStatusToDosError) (
IN ULONG status) = NULL;
BOOL ShowThreadInfo (DWORD tid)
{
THREAD_BASIC_INFORMATION tbi;
PVOID startaddr;
LONG status;
HANDLE thread, process;
thread = ::OpenThread (THREAD_ALL_ACCESS, FALSE, tid);
if (thread == NULL)
return FALSE;
status = ZwQueryInformationThread (thread,
ThreadQuerySetWin32StartAddress,
&startaddr,
sizeof (startaddr),
NULL);
if (status < 0)
{
CloseHandle (thread);
SetLastError (RtlNtStatusToDosError (status));
return FALSE;
};
_tprintf (TEXT ("线程 %08x 的起始地址为 %p/n"),
tid,
startaddr);
status = ZwQueryInformationThread (thread,
ThreadBasicInformation,
&tbi,
sizeof (tbi),
NULL);
if (status < 0)
{
CloseHandle (thread);
SetLastError (RtlNtStatusToDosError (status));
return FALSE;
};
_tprintf (TEXT ("线程 %08x 所在进程ID为 %08x/n"),
tid,
(DWORD)tbi.ClientId.UniqueProcess);
process = ::OpenProcess (PROCESS_ALL_ACCESS,
FALSE,
(DWORD)tbi.ClientId.UniqueProcess);
if (process == NULL)
{
DWORD error = ::GetLastError ();
CloseHandle (thread);
SetLastError (error);
return FALSE;
};
TCHAR modname [0x100];
::GetModuleFileNameEx (process, NULL, modname, 0x100);
_tprintf (TEXT ("线程 %08x 所在进程映象为 %s/n"),
tid,
modname);
GetMappedFileName(process,
startaddr,
modname,
0x100);
_tprintf (TEXT ("线程 %08x 可执行代码所在模块为 %s/n"),
tid,
modname);
CloseHandle (process);
CloseHandle (thread);
return TRUE;
};
int main (void)
{
setlocale (LC_ALL, ".ACP");
HINSTANCE hNTDLL = ::GetModuleHandle (TEXT ("ntdll"));
(FARPROC&)ZwQueryInformationThread =
::GetProcAddress (hNTDLL, "ZwQueryInformationThread");
(FARPROC&)RtlNtStatusToDosError =
::GetProcAddress (hNTDLL, "RtlNtStatusToDosError");
HANDLE h = CreateToolhelp32Snapshot (TH32CS_SNAPTHREAD, 0);
THREADENTRY32 te;
te.dwSize = sizeof (te);
if (Thread32First (h, &te))
{
do
{
if (ShowThreadInfo (te.th32ThreadID))
{
}
else
{
_tprintf (TEXT("无法获得线程 %08x 的相关信息,错误代码为 %d/n"),
te.th32ThreadID, GetLastError ());
};
} while (Thread32Next (h, &te));
};
CloseHandle (h);
};
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 推荐免费下载430套大型企业管理源码 下载地址:http://www.hur.cn/tg/linkin.asp?linkid=205389 下载地址:[URL=http://www.hur.cn/t
- Android中HttpURLConnection获取网址源码,子线程里更新UI
- Android源码Demo地址:http://www.apkbus.com
- 推荐免费下载华软源码430套大型企业管理源码,下载地址:http://www.hur.cn/tg/linkin.asp?linkid=205389 源码语言:PB/Delphi/VB/Java/.Ne
- 分享45个android实例源码,很好很强大.收藏吧!!! http://www.apkbus.com/forum.php?mod=viewthread&tid=20978 (出处: Android开
- 推荐免费下载430套大型商业源码 下载地址:http://www.hur.cn/tg/linkin.asp?linkid=205389 下载地址:[URL=http://www.hur.cn/tg/
- C# HttpWebRequest 绝技 根据URL地址获取网页信息
- 一周乱弹(1,HttpReques 获取请求地址2,去掉字符串中首尾空格及换行符、回车符等3,计算代码运行时间4,StringEscapeUtils对字符串进行各种转义与反转义5,分表查询记录总数)
- 获取http 地址URL的方法
- HTTP_X_FORWARDED_FOR获取用户Ip地址通用方法常见安全隐患
- 获取用户Ip地址通用方法常见安全隐患(HTTP_X_FORWARDED_FOR)
- PHP的$_SERVER['HTTP_HOST']获取服务器地址功能详解
- 源码在http://www.edrp.cn可以下载
- 蔡军生先生第二人生的源码分析(四十六)获取纹理图片的线程
- PHP $_SERVER['HTTP_REFERER'] 获取前一页面的 URL 地址
- Java中路径的获取总结以及URL和URI的区别_Java大本营_职场_西祠胡同 http://www.xici.net/d174934654.htm
- Spring在代码中获取bean的几种方式(转:http://www.dexcoder.com/selfly/article/326)
- ActivityManagerService服务线程启动源码分析
- 安卓启动界面源码共享,使用线程实现的!
- TestSuite 0.0.2a源码发布。(http://www.codeplex.com/ts)