PPH_THREAD_PROVIDER PhCreateThreadProvider( __in HANDLE ProcessId ) { PPH_THREAD_PROVIDER threadProvider; if (!NT_SUCCESS(PhCreateObject( &threadProvider, sizeof(PH_THREAD_PROVIDER), 0, PhThreadProviderType ))) return NULL; threadProvider->ThreadHashtable = PhCreateHashtable( sizeof(PPH_THREAD_ITEM), PhpThreadHashtableCompareFunction, PhpThreadHashtableHashFunction, 20 ); PhInitializeFastLock(&threadProvider->ThreadHashtableLock); PhInitializeCallback(&threadProvider->ThreadAddedEvent); PhInitializeCallback(&threadProvider->ThreadModifiedEvent); PhInitializeCallback(&threadProvider->ThreadRemovedEvent); PhInitializeCallback(&threadProvider->UpdatedEvent); PhInitializeCallback(&threadProvider->LoadingStateChangedEvent); threadProvider->ProcessId = ProcessId; threadProvider->SymbolProvider = PhCreateSymbolProvider(ProcessId); if (threadProvider->SymbolProvider) { if (threadProvider->SymbolProvider->IsRealHandle) threadProvider->ProcessHandle = threadProvider->SymbolProvider->ProcessHandle; } PhInitializeEvent(&threadProvider->SymbolsLoadedEvent); threadProvider->SymbolsLoading = 0; RtlInitializeSListHead(&threadProvider->QueryListHead); threadProvider->RunId = 1; // Begin loading symbols for the process' modules. PhReferenceObject(threadProvider); PhpQueueThreadWorkQueueItem(PhpThreadProviderLoadSymbols, threadProvider); return threadProvider; }
VOID PhpQueueThreadQuery( _In_ PPH_THREAD_PROVIDER ThreadProvider, _In_ PPH_THREAD_ITEM ThreadItem ) { PPH_THREAD_QUERY_DATA data; data = PhAllocate(sizeof(PH_THREAD_QUERY_DATA)); memset(data, 0, sizeof(PH_THREAD_QUERY_DATA)); PhSetReference(&data->ThreadProvider, ThreadProvider); PhSetReference(&data->ThreadItem, ThreadItem); data->RunId = ThreadProvider->RunId; PhpQueueThreadWorkQueueItem(PhpThreadQueryWorker, data); }
VOID PhpQueueThreadQuery( __in PPH_THREAD_PROVIDER ThreadProvider, __in PPH_THREAD_ITEM ThreadItem ) { PPH_THREAD_QUERY_DATA data; data = PhAllocate(sizeof(PH_THREAD_QUERY_DATA)); memset(data, 0, sizeof(PH_THREAD_QUERY_DATA)); data->ThreadProvider = ThreadProvider; data->ThreadItem = ThreadItem; PhReferenceObject(ThreadProvider); PhReferenceObject(ThreadItem); PhpQueueThreadWorkQueueItem(PhpThreadQueryWorker, data); }