/*
=======================================
进程启停
=======================================
*/
CR_API BOOL WINAPI
ProcessCtrl (
__CR_IN__ DWORD prcss_id,
__CR_IN__ BOOL suspend
)
{
HANDLE snap;
THREADENTRY32 te32;
/* 取得指定进程的所有线程信息 */
snap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, prcss_id);
if (snap == INVALID_HANDLE_VALUE)
return (HLB_ERROR);
/* 枚举线程 */
te32.dwSize = sizeof(THREADENTRY32);
if(!Thread32First(snap, &te32)) {
CloseHandle(snap);
return (HLB_ERROR);
}
do {
if (te32.th32OwnerProcessID == prcss_id)
{
HANDLE handle;
handle = OpenThread(THREAD_SUSPEND_RESUME, FALSE,
te32.th32ThreadID);
if (suspend)
SuspendThread(handle);
else
ResumeThread(handle);
CloseHandle(handle);
}
} while (Thread32Next(snap, &te32));
CloseHandle(snap);
return (HLB_OKAY);
}
BOOL CDemo_ClipView_VCDlg::GetThreadIdList(CList<int>& tIdList) {
int pID = _getpid();
HANDLE hThreadSnap = INVALID_HANDLE_VALUE;
THREADENTRY32 te32;
hThreadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, pID);
if (hThreadSnap == INVALID_HANDLE_VALUE) {
return FALSE;
}
te32.dwSize = sizeof(THREADENTRY32);
BOOL bGetThread = Thread32First(hThreadSnap, &te32);
while (bGetThread) {
if (te32.th32OwnerProcessID == pID) {
tIdList.AddTail(te32.th32ThreadID);
}
bGetThread = Thread32Next(hThreadSnap, &te32);
}
CloseHandle(hThreadSnap);
return TRUE;
}
int Ten18::Util::EnumerateNativeThreads(bool traceFullInfo, const char* msg)
{
Ten18_UNUSED(traceFullInfo);
DebugOut(msg);
int numThreads = 0;
auto snapshot = MakeScoped(CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0), [] (HANDLE snapshot) { Ten18_HOPE_FOR.True = CloseHandle(snapshot); });
Ten18_EXPECT.Not(INVALID_HANDLE_VALUE) = static_cast<HANDLE>(snapshot);
THREADENTRY32 te = {};
te.dwSize = sizeof(te);
const auto minSizeOfInterest = (std::min)((FIELD_OFFSET(THREADENTRY32, th32OwnerProcessID) + sizeof(te.th32OwnerProcessID)),
(FIELD_OFFSET(THREADENTRY32, th32OwnerProcessID) + sizeof(te.th32ThreadID)));
if (Thread32First(snapshot, &te))
{
do
{
if (te.dwSize >= minSizeOfInterest)
if (te.th32OwnerProcessID == GetCurrentProcessId())
{
++numThreads;
auto thread = MakeScoped(OpenThread(THREAD_QUERY_INFORMATION, FALSE, te.th32ThreadID), [] (HANDLE t) { Ten18_HOPE_FOR.NotZero = CloseHandle(t); });
Ten18_EXPECT.NotNull = static_cast<HANDLE>(thread);
ULONG64 cycleTime = 0;
Ten18_EXPECT.True = QueryThreadCycleTime(thread, &cycleTime);
FILETIME create, exit, kernel, user;
Ten18_EXPECT.True = GetThreadTimes(thread, &create, &exit, &kernel, &user);
Format("\tNative Thread %0 - Create: %1, Exit: %2, Kernel: %3, User: %4, Cycles: %5",
te.th32ThreadID, create.dwLowDateTime, exit.dwLowDateTime, kernel.dwLowDateTime, user.dwLowDateTime, static_cast<int>(cycleTime)).DebugOut();
}
te.dwSize = sizeof(te);
}
while (Thread32Next(snapshot, &te));
}
Format("Number of Native Threads: %0", numThreads).DebugOut();
return numThreads;
}
void GetAllThreadsCallstacks(str::Str<char>& s)
{
HANDLE threadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
if (threadSnap == INVALID_HANDLE_VALUE)
return;
THREADENTRY32 te32;
te32.dwSize = sizeof(THREADENTRY32);
DWORD pid = GetCurrentProcessId();
BOOL ok = Thread32First(threadSnap, &te32);
while (ok) {
if (te32.th32OwnerProcessID == pid)
GetThreadCallstack(s, te32.th32ThreadID);
ok = Thread32Next(threadSnap, &te32);
}
CloseHandle(threadSnap);
}
BOOL process_suspendOrResumeAllThreads(DWORD dwPID, BOOL bSuspend) {
HANDLE hSnapT;
HANDLE hT;
THREADENTRY32 te32;
if (INVALID_HANDLE_VALUE == (hSnapT = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0)))
return FALSE;
te32.dwSize = sizeof(THREADENTRY32);
if (FALSE == Thread32First(hSnapT, &te32)) {
return TRUE;
}
while (TRUE) {
if (dwPID == te32.th32OwnerProcessID) {
if (NULL == (hT = OpenThread(THREAD_SUSPEND_RESUME, FALSE, te32.th32ThreadID))) {
utils_debugOutputErrCode(GetLastError());
return FALSE;
}
if (bSuspend) {
if (-1 == SuspendThread(hT)) {
utils_debugOutputErrCode(GetLastError());
CloseHandle(hT);
return FALSE;
}
}
else {
if (-1 == ResumeThread(hT)) {
utils_debugOutputErrCode(GetLastError());
CloseHandle(hT);
return FALSE;
}
}
CloseHandle(hT);
}
if (FALSE == (Thread32Next(hSnapT, &te32)))
break;
}
return TRUE;
}
void injecta_apc(DWORD pid,char *dllname,opt *options) {
//MessageBox(0,"injecta_apc","",MB_OK);
HANDLE hProcess = OpenProcess (MAXIMUM_ALLOWED,0,pid);
//WaitForInputIdle(hProcess,2000);//fix some bugs on REINJECT
HANDLE hThreadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
BOOL threadFound=FALSE;
if (hThreadSnap != INVALID_HANDLE_VALUE) {
THREADENTRY32 th32;
th32.dwSize = sizeof(THREADENTRY32);
BOOL bOK = TRUE;
for (bOK = Thread32First(hThreadSnap, &th32); bOK; bOK = Thread32Next(hThreadSnap, &th32)) {
if (th32.th32OwnerProcessID == pid) {
//printf("[info] DLL Injected into thread ID %d\n",th32.th32ThreadID);
HANDLE h = OpenThread (THREAD_ALL_ACCESS , 0, th32.th32ThreadID);
if(h){
threadFound=TRUE;
HANDLE addr = (HANDLE)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");
//Allocate new memory region inside the process's address space.
LPVOID arg = (LPVOID)VirtualAllocEx(hProcess, NULL, strlen(dllname), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
if(arg == NULL) {
printf("Error: the memory could not be allocated inside the chosen process\n");
}
//Write the argument to LoadLibraryA to the process's newly allocated memory region.
int n = WriteProcessMemory(hProcess, arg, dllname, strlen(dllname), NULL);
if(n == 0) {
printf("Error: there was no bytes written to the process's address space\n");
}
QueueUserAPC((HANDLE)addr, h, (DWORD)arg);
//MessageBox(0,dllname,"APC Injection done",MB_OK);
//printf("[error] QueueUserAPC. Code: %d\n",GetLastError());
}else{
printf("[error] OpenThread. Code: %d\n",GetLastError());
}
CloseHandle(h);
//break;
}
}
CloseHandle(hThreadSnap);
}
CloseHandle(hProcess);
if(!threadFound) printf("[ERROR] THREAD NOT FOUND!\n");
}
//-------------------------------------------------------------------------
static void EnumerateThreads(void)
{
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
if (hSnapshot != INVALID_HANDLE_VALUE)
{
THREADENTRY32 te;
__stosb((PBYTE)&te, 0, sizeof(THREADENTRY32));
te.dwSize = sizeof(THREADENTRY32);
if (Thread32First(hSnapshot, &te))
{
do
{
if (te.th32OwnerProcessID == GetCurrentProcessId()
&& te.th32ThreadID != GetCurrentThreadId())
{
if (g_threads.items == NULL)
{
g_threads.capacity = MH_INITIAL_THREAD_CAPACITY;
g_threads.items
= (LPDWORD)HeapAlloc(g_hHeap, 0, g_threads.capacity * sizeof(DWORD));
if (g_threads.items == NULL)
break;
}
else if (g_threads.size >= g_threads.capacity)
{
LPDWORD p;
g_threads.capacity *= 2;
p = (LPDWORD)HeapReAlloc(
g_hHeap, 0, g_threads.items, g_threads.capacity * sizeof(DWORD));
if (p != NULL)
g_threads.items = p;
else
break;
}
g_threads.items[g_threads.size++] = te.th32ThreadID;
}
} while (Thread32Next(hSnapshot, &te));
}
}
CloseHandle(hSnapshot);
}
//-------------------------------------------------------------------------
static VOID EnumerateThreads(PFROZEN_THREADS pThreads)
{
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
if (hSnapshot != INVALID_HANDLE_VALUE)
{
THREADENTRY32 te;
te.dwSize = sizeof(THREADENTRY32);
if (Thread32First(hSnapshot, &te))
{
do
{
if (te.dwSize >= (FIELD_OFFSET(THREADENTRY32, th32OwnerProcessID) + sizeof(DWORD))
&& te.th32OwnerProcessID == GetCurrentProcessId()
&& te.th32ThreadID != GetCurrentThreadId())
{
if (pThreads->pItems == NULL)
{
pThreads->capacity = MH_INITIAL_THREAD_CAPACITY;
pThreads->pItems
= (LPDWORD)HeapAlloc(g_hHeap, 0, pThreads->capacity * sizeof(DWORD));
if (pThreads->pItems == NULL)
break;
}
else if (pThreads->size >= pThreads->capacity)
{
LPDWORD p = (LPDWORD)HeapReAlloc(
g_hHeap, 0, pThreads->pItems, (pThreads->capacity * 2) * sizeof(DWORD));
if (p == NULL)
break;
pThreads->capacity *= 2;
pThreads->pItems = p;
}
pThreads->pItems[pThreads->size++] = te.th32ThreadID;
}
te.dwSize = sizeof(THREADENTRY32);
} while (Thread32Next(hSnapshot, &te));
}
CloseHandle(hSnapshot);
}
}
BOOL ListProcessThreads( DWORD dwOwnerPID )
{
HANDLE hThreadSnap = INVALID_HANDLE_VALUE;
THREADENTRY32 te32;
// Take a snapshot of all running threads
hThreadSnap = CreateToolhelp32Snapshot( TH32CS_SNAPTHREAD, 0 );
if( hThreadSnap == INVALID_HANDLE_VALUE )
return( FALSE );
// Fill in the size of the structure before using it.
te32.dwSize = sizeof(THREADENTRY32);
// Retrieve information about the first thread,
// and exit if unsuccessful
if( !Thread32First( hThreadSnap, &te32 ) )
{
//printError( TEXT("Thread32First") ); // show cause of failure
printf( "Thread32First" );
CloseHandle( hThreadSnap ); // clean the snapshot object
return( FALSE );
}
// Now walk the thread list of the system,
// and display information about each thread
// associated with the specified process
do
{
if( te32.th32OwnerProcessID == dwOwnerPID )
{
/*
_tprintf( TEXT("\n\n THREAD ID = 0x%08X"), te32.th32ThreadID );
_tprintf( TEXT("\n Base priority = %d"), te32.tpBasePri );
_tprintf( TEXT("\n Delta priority = %d"), te32.tpDeltaPri );
_tprintf( TEXT("\n"));
*/
}
} while( Thread32Next(hThreadSnap, &te32 ) );
CloseHandle( hThreadSnap );
return( TRUE );
}
DWORD GetMainThreadId() {
const std::shared_ptr<void> hThreadSnapshot(
CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0), CloseHandle);
if (hThreadSnapshot.get() == INVALID_HANDLE_VALUE) {
throw std::runtime_error("GetMainThreadId failed");
}
THREADENTRY32 tEntry;
tEntry.dwSize = sizeof(THREADENTRY32);
DWORD result = 0;
DWORD currentPID = GetCurrentProcessId();
for (BOOL success = Thread32First(hThreadSnapshot.get(), &tEntry);
!result && success && GetLastError() != ERROR_NO_MORE_FILES;
success = Thread32Next(hThreadSnapshot.get(), &tEntry))
{
if (tEntry.th32OwnerProcessID == currentPID) {
result = tEntry.th32ThreadID;
}
}
return result;
}
static inline void write_thread_traces(struct exception_handler_data *data)
{
THREADENTRY32 entry = {0};
HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD,
GetCurrentProcessId());
bool success;
if (snapshot == INVALID_HANDLE_VALUE)
return;
entry.dwSize = sizeof(entry);
success = !!Thread32First(snapshot, &entry);
while (success) {
write_thread_trace(data, &entry);
success = !!Thread32Next(snapshot, &entry);
}
CloseHandle(snapshot);
}
/*
This method is used to get a thread id for a process.
It loops through all of the threads and compares their pid with the desired pid
*/
DWORD getThreadID(DWORD pid)
{
puts("Getting Thread ID");
HANDLE h = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
if(h != INVALID_HANDLE_VALUE)
{
THREADENTRY32 te;
te.dwSize = sizeof(te);
if( Thread32First(h, &te))
{
do
{
if (te.dwSize >= FIELD_OFFSET(THREADENTRY32, th32OwnerProcessID) + sizeof(te.th32OwnerProcessID))
{
if(te.th32OwnerProcessID == pid)
{
HANDLE hThread = OpenThread(READ_CONTROL, FALSE, te.th32ThreadID);
if(!hThread)
{
puts("Couldn't get thread handle");
}
else
{
//DWORD tpid = GetProcessIdOfThread(hThread);
//printf("Got one: %u\n", tpid);
return te.th32ThreadID;
}
}
//printf("hello");
}
}
while( Thread32Next(h, &te));
}
}
CloseHandle(h);
return (DWORD)0;
}
BOOL SuspendAllThreads(BOOL stop)
{
HANDLE hThreadSnap = INVALID_HANDLE_VALUE;
THREADENTRY32 te32;
DWORD dwOwnerPID = GetCurrentProcessId();
DWORD dwOwnerTID = GetCurrentThreadId();
HANDLE hThread;
hThreadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
if (hThreadSnap == INVALID_HANDLE_VALUE)
{
dbg_msg("[-] SuspendAllThreads - CreateToolhelp32Snapshot() failed\n");
return FALSE;
}
te32.dwSize = sizeof(THREADENTRY32);
if (!Thread32First(hThreadSnap, &te32))
{
dbg_msg("[-] SuspendAllThreads - Thread32First() failed\n");
CloseHandle(hThreadSnap);
return FALSE;
}
do
{
if (te32.th32OwnerProcessID == dwOwnerPID && te32.th32ThreadID != dwOwnerTID)
{
hThread = OpenThread(THREAD_ALL_ACCESS, FALSE, te32.th32ThreadID);
if (stop == TRUE)
{
SuspendThread(hThread);
}
else
{
ResumeThread(hThread);
}
CloseHandle(hThread);
}
} while (Thread32Next(hThreadSnap, &te32));
CloseHandle(hThreadSnap);
return TRUE;
}
static DWORD GetMainThreadId() {
std::vector<ThreadInfo> threads;
HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
if (snapshot != INVALID_HANDLE_VALUE) {
THREADENTRY32 thread_entry;
thread_entry.dwSize = sizeof(thread_entry);
if (Thread32First(snapshot, &thread_entry)) {
DWORD process_id = GetProcessId(GetCurrentProcess());
do {
if (thread_entry.dwSize >=
FIELD_OFFSET(THREADENTRY32, th32OwnerProcessID) +
sizeof(thread_entry.th32OwnerProcessID)) {
if (thread_entry.th32OwnerProcessID == process_id) {
ThreadInfo thread = {0};
thread.id = thread_entry.th32ThreadID;
threads.push_back(thread);
}
}
thread_entry.dwSize = sizeof(thread_entry);
} while (Thread32Next(snapshot, &thread_entry));
}
CloseHandle(snapshot);
}
for (std::vector<ThreadInfo>::iterator it = threads.begin();
it != threads.end(); it++) {
ThreadInfo &info = *it;
HANDLE handle = GetThreadHandle(info.id, THREAD_QUERY_INFORMATION);
GetThreadTimes(handle, &info.creation_time, &info.exit_time,
&info.kernel_time, &info.user_time);
}
threads.erase(std::remove_if(threads.begin(), threads.end(),
InvalidThread()), threads.end());
if (!threads.empty()) {
return std::min_element(threads.begin(), threads.end(),
CompareThreads())->id;
}
return 0;
}
//-------------------------------------------------------------
LONG WINAPI ExceptionFilter(EXCEPTION_POINTERS* pExceptionInfo)
{
if (IsDebuggerPresent())
return EXCEPTION_CONTINUE_SEARCH;
THREADENTRY32 te32;
DWORD myThreadId = GetCurrentThreadId();
DWORD myProcessId = GetCurrentProcessId();
HANDLE hThreadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
if (hThreadSnap != INVALID_HANDLE_VALUE)
{
te32.dwSize = sizeof(THREADENTRY32);
if (Thread32First(hThreadSnap, &te32))
{
do
{
if (te32.th32OwnerProcessID == myProcessId && te32.th32ThreadID != myThreadId)
{
HANDLE hThread = OpenThread(THREAD_ALL_ACCESS, FALSE, te32.th32ThreadID);
if (hThread)
{
SuspendThread(hThread);
}
}
} while (Thread32Next(hThreadSnap, &te32));
}
CloseHandle(hThreadSnap);
}
// dump文件
MakeDump(pExceptionInfo);
// 强制进程退出
ExitProcess(1);
return EXCEPTION_EXECUTE_HANDLER;
}
DWORD ListThreadProcess(DWORD PID)
{
HANDLE hThreadSnap;
THREADENTRY32 t;
hThreadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
t.dwSize = sizeof(THREADENTRY32);
if (!Thread32First(hThreadSnap, &t))
return (-1);
do
{
if (t.th32OwnerProcessID == PID)
{
printf("#### THREAD %d ####\n",t.th32ThreadID);
printf("\tThread FLAG : %d\n", t.dwFlags);
printf("\tThread USAGE : %d\n", t.cntUsage);
printf("\tThread BASE PRIORITY : %d\n", t.tpBasePri);
printf("\tThread DELTA PRIORITY : %d\n\n", t.tpDeltaPri);
}
} while (Thread32Next(hThreadSnap, &t));
return(1);
}
static void get_main_thread_id(void)
{
HANDLE hThreadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
THREADENTRY32 th32;
DWORD currentPID;
BOOL bOk;
if (hThreadSnap == INVALID_HANDLE_VALUE)
return;
currentPID = GetCurrentProcessId();
th32.dwSize = sizeof(THREADENTRY32);
for (bOk = Thread32First(hThreadSnap, &th32); bOk;
bOk = Thread32Next(hThreadSnap, &th32))
{
if (th32.th32OwnerProcessID == currentPID) {
acl_var_main_tid = th32.th32ThreadID;
break;
}
}
}
DWORD RMS_Socket::GetMainThreadId(DWORD processId)
{
if (processId == 0)
processId = GetCurrentProcessId();
DWORD threadId = 0;
THREADENTRY32 te32 = { sizeof(te32) };
HANDLE threadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
if (Thread32First(threadSnap, &te32))
{
do
{
if (processId == te32.th32OwnerProcessID)
{
threadId = te32.th32ThreadID;
break;
}
} while (Thread32Next(threadSnap, &te32));
}
return threadId;
}
std::vector<CONTEXT> get_threads(DWORD dwPid)
{
HANDLE h = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
std::vector<CONTEXT> threads;
if (h != INVALID_HANDLE_VALUE)
{
THREADENTRY32 te;
te.dwSize = sizeof(te);
if (Thread32First(h, &te))
{
do
{
if (te.th32OwnerProcessID == dwPid)
{
CONTEXT context = { 0 };
context.ContextFlags = CONTEXT_FULL;
HANDLE hThread = OpenThread(THREAD_ALL_ACCESS, FALSE, te.th32ThreadID);
SuspendThread(hThread);
if (GetThreadContext(hThread, &context))
threads.push_back(context);
DWORD dwError = GetLastError();
ResumeThread(hThread);
}
te.dwSize = sizeof(te); /* see: http://blogs.msdn.com/b/oldnewthing/archive/2006/02/23/537856.aspx */
} while (Thread32Next(h, &te));
}
CloseHandle(h);
}
return threads;
}
BOOL HwDetourDetach( DWORD dwLineAddress, DWORD dwType )
{
HANDLE hThreadSnap;
THREADENTRY32 te32;
static BOOL bExceptionHandlerUnSet = FALSE;
if (bExceptionHandlerUnSet == FALSE)
{
RemoveVectoredExceptionHandler(g_hVectorHandle);
bExceptionHandlerUnSet = !bExceptionHandlerUnSet;
}
hThreadSnap = CreateToolhelp32Snapshot( TH32CS_SNAPTHREAD, NULL );
if( hThreadSnap == INVALID_HANDLE_VALUE ) return FALSE;
te32.dwSize = sizeof( THREADENTRY32 );
if( Thread32First( hThreadSnap, &te32 ) )
{
do
{
if( te32.th32OwnerProcessID != GetCurrentProcessId() ||
te32.th32ThreadID == GetCurrentThreadId() )
continue;
UninstDbgBreakfromThrd( te32.th32ThreadID,dwLineAddress, dwType);
} while( Thread32Next( hThreadSnap, &te32 ) );
}
for(int i = 0; i < 4; i++)
{
if( dwLineAddress == g_ExceptionInfo[i].dwLineAddr)
{
g_ExceptionInfo[i].bIsFree = TRUE;
break;
}
}
return TRUE;
}
/* Lists threads of the running process plus
* Some information about them. */
BOOL GetThreadsList(INT NumberOfProcess,DWORD dwTID){
// Initializing Number of threads.
INT NumberOfThreads=0;
THREADENTRY32 th32;
HANDLE hThreadSnap = INVALID_HANDLE_VALUE;
HANDLE hThread=INVALID_HANDLE_VALUE;
// Taking a sanpshot from threads of the process.
hThreadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD,0);
// Setting size of the structure before using it.
th32.dwSize=sizeof(THREADENTRY32);
// obtaining the first process and checking for error.
if(!Thread32First(hThreadSnap,&th32)){
// If there was an error ( because each process has at least one thread ).
PeInfo[NumberOfProcess].ThreadCount = NumberOfThreads;
// Clean the snapshot object.
CloseHandle(hThreadSnap);
return FALSE;
}
do{
if(th32.th32OwnerProcessID == dwTID){
// Opens an existing thread object.
hThread = OpenThread(THREAD_QUERY_INFORMATION ,FALSE,th32.th32ThreadID);
// Obtaining thread PIDs.
PeInfo[NumberOfProcess].Threads[NumberOfThreads].dwTID = th32.th32ThreadID;
// Obtaining Thread Priority.
PeInfo[NumberOfProcess].Threads[NumberOfThreads].ThreadPriority = GetThreadPriority(hThread);
// The number of CPU clock cycles used by the thread. This value includes cycles spent in both user mode and kernel mode.
QueryThreadCycleTime(hThread,&PeInfo[NumberOfProcess].Threads[NumberOfThreads].CycleTime);
// Closes the handle.
CloseHandle(hThread);
// Adding NumberOfThreads.
++NumberOfThreads;
}
}while(Thread32Next(hThreadSnap,&th32));
// Closing the handle object.
CloseHandle(hThreadSnap);
// assigning number of threads to the variable of that process.
PeInfo[NumberOfProcess].ThreadCount = NumberOfThreads;
return TRUE;
}
/*
=======================================
线程枚举
=======================================
*/
CR_API UINT WINAPI
ThreadList (
__CR_IN__ DWORD prcss_id,
__CR_OT__ THREADENTRY32** list
)
{
BOOL goon;
HANDLE snap;
THREADENTRY32 temp;
/* 取得指定进程的所有线程信息 */
snap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, prcss_id);
if (snap == INVALID_HANDLE_VALUE)
return (0);
std::vector<THREADENTRY32> vlist;
/* 枚举线程 */
temp.dwSize = sizeof(THREADENTRY32);
goon = Thread32First(snap, &temp);
while (goon) {
if (temp.th32OwnerProcessID == prcss_id)
vlist.push_back(temp);
temp.dwSize = sizeof(THREADENTRY32);
goon = Thread32Next(snap, &temp);
}
CloseHandle(snap);
size_t size = vlist.size();
/* 返回线程列表 */
if (size == 0)
return (0);
size *= sizeof(THREADENTRY32);
*list = (THREADENTRY32*)mem_malloc(size);
if (*list == NULL)
return (0);
memcpy(*list, &vlist[0], size);
return (vlist.size());
}
void set_breakpoints(void) {
HANDLE hTool32 = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
if(hTool32 != INVALID_HANDLE_VALUE) {
THREADENTRY32 thread_entry32;
thread_entry32.dwSize = sizeof(THREADENTRY32);
FILETIME exit_time, kernel_time, user_time;
FILETIME creation_time;
FILETIME prev_creation_time;
prev_creation_time.dwLowDateTime = 0xFFFFFFFF;
prev_creation_time.dwHighDateTime = INT_MAX;
HANDLE hMainThread = NULL;
if(Thread32First(hTool32, &thread_entry32)) {
do {
if(thread_entry32.dwSize >= FIELD_OFFSET(THREADENTRY32, th32OwnerProcessID) + sizeof(thread_entry32.th32OwnerProcessID)
&& thread_entry32.th32OwnerProcessID == GetCurrentProcessId()
&& thread_entry32.th32ThreadID != GetCurrentThreadId()) {
HANDLE hThread = OpenThread(THREAD_SET_CONTEXT | THREAD_GET_CONTEXT | THREAD_QUERY_INFORMATION,
FALSE, thread_entry32.th32ThreadID);
GetThreadTimes(hThread, &creation_time, &exit_time, &kernel_time, &user_time);
if(CompareFileTime(&creation_time, &prev_creation_time) == -1) {
memcpy(&prev_creation_time, &creation_time, sizeof(FILETIME));
if(hMainThread != NULL)
CloseHandle(hMainThread);
hMainThread = hThread;
}
else
CloseHandle(hThread);
}
thread_entry32.dwSize = sizeof(THREADENTRY32);
} while(Thread32Next(hTool32, &thread_entry32));
AddVectoredExceptionHandler(1, ExceptionFilter);
CONTEXT thread_context = {CONTEXT_DEBUG_REGISTERS};
thread_context.Dr0 = func_addr;
thread_context.Dr7 = (1 << 0);
SetThreadContext(hMainThread, &thread_context);
CloseHandle(hMainThread);
}
CloseHandle(hTool32);
}
}
HWND GetMainWindow( DWORD dwOwnerPID )
{
HWND hWnd = 0;
HANDLE hThreadSnap = INVALID_HANDLE_VALUE;
THREADENTRY32 te32;
// Take a snapshot of all running threads
hThreadSnap = CreateToolhelp32Snapshot( TH32CS_SNAPTHREAD, 0 );
if( hThreadSnap == INVALID_HANDLE_VALUE )
return( 0 );
// Fill in the size of the structure before using it.
te32.dwSize = sizeof(THREADENTRY32 );
// Retrieve information about the first thread,
// and exit if unsuccessful
if( !Thread32First( hThreadSnap, &te32 ) )
{
CloseHandle( hThreadSnap ); // Must clean up the snapshot object!
return( 0 );
}
// Now walk the thread list of the system,
// and display information about each thread
// associated with the specified process
do
{
if( te32.th32OwnerProcessID == dwOwnerPID )
{
EnumThreadWindows(te32.th32ThreadID, EnumProc, (LPARAM)&hWnd);
if(hWnd) break;
}
} while( Thread32Next(hThreadSnap, &te32 ) );
// Don't forget to clean up the snapshot object.
CloseHandle( hThreadSnap );
return( hWnd );
}
void
gum_process_enumerate_threads (GumFoundThreadFunc func,
gpointer user_data)
{
DWORD this_process_id;
HANDLE snapshot;
THREADENTRY32 entry;
this_process_id = GetCurrentProcessId ();
snapshot = CreateToolhelp32Snapshot (TH32CS_SNAPTHREAD, 0);
if (snapshot == INVALID_HANDLE_VALUE)
goto beach;
entry.dwSize = sizeof (entry);
if (!Thread32First (snapshot, &entry))
goto beach;
do
{
if (RTL_CONTAINS_FIELD (&entry, entry.dwSize, th32OwnerProcessID) &&
entry.th32OwnerProcessID == this_process_id)
{
GumThreadDetails details;
if (gum_windows_get_thread_details (entry.th32ThreadID, &details))
{
if (!func (&details, user_data))
break;
}
}
entry.dwSize = sizeof (entry);
}
while (Thread32Next (snapshot, &entry));
beach:
if (snapshot != INVALID_HANDLE_VALUE)
CloseHandle (snapshot);
}
List<THREADENTRY32> GetThreads(DWORD dwOwnerPID)
{
List<THREADENTRY32> ret;
HANDLE hThreadSnap = INVALID_HANDLE_VALUE;
THREADENTRY32 te32;
// Take a snapshot of all running threads
hThreadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
if (hThreadSnap == INVALID_HANDLE_VALUE)
return ret;
// Fill in the size of the structure before using it.
te32.dwSize = sizeof(THREADENTRY32);
// Retrieve information about the first thread,
// and exit if unsuccessful
if (!Thread32First(hThreadSnap, &te32))
{
printError("Thread32First"); // Show cause of failure
CloseHandle(hThreadSnap); // Must clean up the snapshot object!
return ret;
}
// Now walk the thread list of the system,
// and display information about each thread
// associated with the specified process
do
{
if (te32.th32OwnerProcessID == dwOwnerPID)
{
ret.push_back(te32);
}
} while (Thread32Next(hThreadSnap, &te32));
// Don't forget to clean up the snapshot object.
CloseHandle(hThreadSnap);
return ret;
}
void ScopedThreadExclusive::GetThreads(std::vector<DWORD>& threads)
{
ScopedHandle hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
if (hSnapshot == INVALID_HANDLE_VALUE)
{
return;
}
THREADENTRY32 te = { sizeof(te) };
if (Thread32First(hSnapshot, &te))
{
do
{
if (te.th32OwnerProcessID == GetCurrentProcessId()
&& te.th32ThreadID != GetCurrentThreadId())
{
threads.push_back(te.th32ThreadID);
}
}
while (Thread32Next(hSnapshot, &te));
}
}
//////////////////////////////////////////////////////////////////////////
//
// ¸ðµç ¾²·¹µå¸¦ °¡µ¿½ÃŲ´Ù
//
//////////////////////////////////////////////////////////////////////////
void CRawHookMgr::ResumeAllThread()
{
// ¸ðµç ¾²·¹µåµéÀÇ ½º³À¼¦À» ¸¸µì´Ï´Ù.
HANDLE hThreadSnap = INVALID_HANDLE_VALUE;
hThreadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, GetCurrentProcessId());
if(hThreadSnap == INVALID_HANDLE_VALUE) return;
THREADENTRY32 te32;
memset(&te32, 0,sizeof(THREADENTRY32));
te32.dwSize = sizeof(THREADENTRY32);
// ÇöÀç ÇÁ·Î¼¼½ºID¿Í ¾²·¹µåID
DWORD dwCurPID = GetCurrentProcessId();
DWORD dwCurTID = GetCurrentThreadId();
// ¾²·¹µå ¼øȸ
BOOL bNext = Thread32First(hThreadSnap, &te32);
while(bNext)
{
if( te32.th32OwnerProcessID == dwCurPID && te32.th32ThreadID != dwCurTID )
{
// ¾²·¹µå Á¤Áö
HANDLE hThread = OpenThread(THREAD_SUSPEND_RESUME, FALSE, te32.th32ThreadID);
if(hThread)
{
ResumeThread(hThread);
//CloseHandle(hThread);
}
}
bNext = Thread32Next(hThreadSnap, &te32);
}
CloseHandle (hThreadSnap);
m_bIsAllThreadSuspended = FALSE;
}
void thresume(DWORD processId)
{
HANDLE hThreadSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
THREADENTRY32 threadEntry;
threadEntry.dwSize = sizeof(THREADENTRY32);
Thread32First(hThreadSnapshot, &threadEntry);
do
{
if (threadEntry.th32OwnerProcessID == processId)
{
HANDLE hThread = OpenThread(THREAD_ALL_ACCESS, FALSE,
threadEntry.th32ThreadID);
ResumeThread(hThread);
//SuspendThread(hThread);
CloseHandle(hThread);
}
} while (Thread32Next(hThreadSnapshot, &threadEntry));
CloseHandle(hThreadSnapshot);
}
int TraceAllThreadByPid(const DWORD Pid,DWORD *Tid)
{
int count=0;
THREADENTRY32 th32;
th32.dwSize=sizeof(th32);//指定结构的长度,以字节为单位。在调用Thread32First时,设置这个成员为SIZEOF(THREADENTRY32)。如果你不初始化的dwSize,Thread32First将调用失败。
HANDLE hThreadSnap=::CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD,0);
//CreateToolhelp32Snapshot可以通过获取进程信息为指定的进程、进程使用的堆[HEAP]、模块[MODULE]、线程建立一个快照。
if(hThreadSnap==INVALID_HANDLE_VALUE)
{
return -1;
}
bool more=Thread32First(hThreadSnap,&th32);
while(more)
{
if(th32.th32OwnerProcessID==Pid)
{
Tid[count++]=th32.th32ThreadID;
}
more=Thread32Next(hThreadSnap,&th32);//hTreadSnap快照句柄
}
CloseHandle(hThreadSnap);
return count;
}