typedef LONG NTSTATUS;
typedef LONG KPRIORITY;
#define STATUS_SUCCESS ((NTSTATUS) 0x00000000)
#define NT_SUCCESS(Status) ((NTSTATUS)(Status) >= 0)
#define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS)0xC0000004L)
typedef enum _THREADINFOCLASS {
ThreadBasicInformation,
ThreadTimes,
ThreadPriority,
ThreadBasePriority,
ThreadAffinityMask,
ThreadImpersonationToken,
ThreadDescriptorTableEntry,
ThreadEnableAlignmentFaultFixup,
ThreadEventPair_Reusable,
ThreadQuerySetWin32StartAddress,
ThreadZeroTlsCell,
ThreadPerformanceCount,
ThreadAmILastThread,
ThreadIdealProcessor,
ThreadPriorityBoost,
ThreadSetTlsArrayAddress,
ThreadIsIoPending,
ThreadHideFromDebugger,
ThreadBreakOnTermination,
ThreadSwitchLegacyState,
ThreadIsTerminated,
MaxThreadInfoClass
} THREADINFOCLASS;
typedef NTSTATUS (__stdcall *ZWQUERYINFORMATIONTHREAD)(
__in HANDLE ThreadHandle,
__in THREADINFOCLASS ThreadInformationClass,
__out_bcount(ThreadInformationLength) PVOID ThreadInformation,
__in ULONG ThreadInformationLength,
__out_opt PULONG ReturnLength
);
DWORD GetThreadEntry(IN DWORD dwTid)
{
DWORD ret = 0;
try
{
ZWQUERYINFORMATIONTHREAD ZwQueryInformationThread = (ZWQUERYINFORMATIONTHREAD)GetProcAddress(LoadLibrary(_T("ntdll.dll")), "ZwQueryInformationThread");
if (ZwQueryInformationThread)
{
HANDLE hThread = OpenThread(THREAD_QUERY_INFORMATION, 0, dwTid);
if (hThread)
{
DWORD dw = 0;
ZwQueryInformationThread(hThread,
ThreadQuerySetWin32StartAddress, //THREADINFOCLASS ThreadQuerySetWin32StartAddress, //9 查询线程入口地址
&ret,
sizeof(ret),
&dw);
CloseHandle(hThread);
}
}
}
catch (...)
{
OutputDebugStringA(__FUNCTION__);
return 0;
}
return ret;
}
#include <TlHelp32.h>
#include <vector>
BOOL TraversalThread1(OUT std::vector<THREADENTRY32> &vec)
{
/************************************************************************/
/*
typedef struct tagTHREADENTRY32
{
DWORD dwSize;
DWORD cntUsage;
DWORD th32ThreadID; // this thread
DWORD th32OwnerProcessID; // Process this thread is associated with
LONG tpBasePri;
LONG tpDeltaPri;
DWORD dwFlags;
} THREADENTRY32;
*/
/************************************************************************/
vec.clear();
try
{
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
if (hSnap != INVALID_HANDLE_VALUE)
{
THREADENTRY32 item;
item.dwSize = sizeof(item);
if (Thread32First(hSnap, &item))
{
do
{
vec.push_back(item);
} while (Thread32Next(hSnap, &item));
}
CloseHandle(hSnap);
}
}
catch (...)
{
OutputDebugStringA(__FUNCTION__);
return 0;
}
return vec.size() > 0;
}
int main()
{
std::vector<THREADENTRY32> vec;
std::cout << TraversalThread1(vec) << endl;
INT ret = 0;
for each (THREADENTRY32 var in vec)
{
ret = GetThreadEntry(var.th32ThreadID);
//if (12212 == var.th32OwnerProcessID)
//{
// printf("%08X %08X|%d %08X", var.th32ThreadID, var.th32OwnerProcessID, var.th32OwnerProcessID, ret);
// printf("\r\n");
//}
printf("%08X %08X|%d %08X", var.th32ThreadID, var.th32OwnerProcessID, var.th32OwnerProcessID, ret);
printf("\r\n");
}
return 0;
}
浙公网安备 33010602011771号