PPH_THREAD_PROVIDER PhCreateThreadProvider(
__in HANDLE ProcessId
)
{
PPH_THREAD_PROVIDER threadProvider;
if (!NT_SUCCESS(PhCreateObject(
&threadProvider,
sizeof(PH_THREAD_PROVIDER),
0,
PhThreadProviderType
)))
return NULL;
threadProvider->ThreadHashtable = PhCreateHashtable(
sizeof(PPH_THREAD_ITEM),
PhpThreadHashtableCompareFunction,
PhpThreadHashtableHashFunction,
20
);
PhInitializeFastLock(&threadProvider->ThreadHashtableLock);
PhInitializeCallback(&threadProvider->ThreadAddedEvent);
PhInitializeCallback(&threadProvider->ThreadModifiedEvent);
PhInitializeCallback(&threadProvider->ThreadRemovedEvent);
PhInitializeCallback(&threadProvider->UpdatedEvent);
PhInitializeCallback(&threadProvider->LoadingStateChangedEvent);
threadProvider->ProcessId = ProcessId;
threadProvider->SymbolProvider = PhCreateSymbolProvider(ProcessId);
if (threadProvider->SymbolProvider)
{
if (threadProvider->SymbolProvider->IsRealHandle)
threadProvider->ProcessHandle = threadProvider->SymbolProvider->ProcessHandle;
}
PhInitializeEvent(&threadProvider->SymbolsLoadedEvent);
threadProvider->SymbolsLoading = 0;
RtlInitializeSListHead(&threadProvider->QueryListHead);
threadProvider->RunId = 1;
// Begin loading symbols for the process' modules.
PhReferenceObject(threadProvider);
PhpQueueThreadWorkQueueItem(PhpThreadProviderLoadSymbols, threadProvider);
return threadProvider;
}
VOID PhpQueueThreadQuery(
_In_ PPH_THREAD_PROVIDER ThreadProvider,
_In_ PPH_THREAD_ITEM ThreadItem
)
{
PPH_THREAD_QUERY_DATA data;
data = PhAllocate(sizeof(PH_THREAD_QUERY_DATA));
memset(data, 0, sizeof(PH_THREAD_QUERY_DATA));
PhSetReference(&data->ThreadProvider, ThreadProvider);
PhSetReference(&data->ThreadItem, ThreadItem);
data->RunId = ThreadProvider->RunId;
PhpQueueThreadWorkQueueItem(PhpThreadQueryWorker, data);
}
VOID PhpQueueThreadQuery(
__in PPH_THREAD_PROVIDER ThreadProvider,
__in PPH_THREAD_ITEM ThreadItem
)
{
PPH_THREAD_QUERY_DATA data;
data = PhAllocate(sizeof(PH_THREAD_QUERY_DATA));
memset(data, 0, sizeof(PH_THREAD_QUERY_DATA));
data->ThreadProvider = ThreadProvider;
data->ThreadItem = ThreadItem;
PhReferenceObject(ThreadProvider);
PhReferenceObject(ThreadItem);
PhpQueueThreadWorkQueueItem(PhpThreadQueryWorker, data);
}
