Пример #1
2
/*
=======================================
    进程启停
=======================================
*/
CR_API BOOL WINAPI
ProcessCtrl (
  __CR_IN__ DWORD   prcss_id,
  __CR_IN__ BOOL    suspend
    )
{
    HANDLE          snap;
    THREADENTRY32   te32;

    /* 取得指定进程的所有线程信息 */
    snap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, prcss_id);
    if (snap == INVALID_HANDLE_VALUE)
        return (HLB_ERROR);

    /* 枚举线程 */
    te32.dwSize = sizeof(THREADENTRY32);
    if(!Thread32First(snap, &te32)) {
        CloseHandle(snap);
        return (HLB_ERROR);
    }

    do {
        if (te32.th32OwnerProcessID == prcss_id)
        {
            HANDLE  handle;

            handle = OpenThread(THREAD_SUSPEND_RESUME, FALSE,
                                te32.th32ThreadID);
            if (suspend)
                SuspendThread(handle);
            else
                ResumeThread(handle);
            CloseHandle(handle);
        }
    } while (Thread32Next(snap, &te32));

    CloseHandle(snap);
    return (HLB_OKAY);
}
Пример #2
0
BOOL CDemo_ClipView_VCDlg::GetThreadIdList(CList<int>& tIdList) {
	int pID = _getpid();
	HANDLE hThreadSnap = INVALID_HANDLE_VALUE;
	THREADENTRY32 te32;
	hThreadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, pID);
	if (hThreadSnap == INVALID_HANDLE_VALUE) {
		return FALSE;
	}
	te32.dwSize = sizeof(THREADENTRY32);
	BOOL bGetThread = Thread32First(hThreadSnap, &te32);
	while (bGetThread) {
		if (te32.th32OwnerProcessID == pID) {
			tIdList.AddTail(te32.th32ThreadID);
		}
		bGetThread = Thread32Next(hThreadSnap, &te32);
	}
	CloseHandle(hThreadSnap);
	return TRUE;
}
Пример #3
0
int Ten18::Util::EnumerateNativeThreads(bool traceFullInfo, const char* msg)
{
    Ten18_UNUSED(traceFullInfo);
    DebugOut(msg);

    int numThreads = 0;
    auto snapshot = MakeScoped(CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0), [] (HANDLE snapshot) { Ten18_HOPE_FOR.True = CloseHandle(snapshot); });
    Ten18_EXPECT.Not(INVALID_HANDLE_VALUE) = static_cast<HANDLE>(snapshot);
    
    THREADENTRY32 te = {};
    te.dwSize = sizeof(te);
    const auto minSizeOfInterest = (std::min)((FIELD_OFFSET(THREADENTRY32, th32OwnerProcessID) + sizeof(te.th32OwnerProcessID)),
                                              (FIELD_OFFSET(THREADENTRY32, th32OwnerProcessID) + sizeof(te.th32ThreadID)));
    if (Thread32First(snapshot, &te))
    {
        do
        {
            if (te.dwSize >= minSizeOfInterest)
                if (te.th32OwnerProcessID == GetCurrentProcessId())
                {                
                    ++numThreads;
                    auto thread = MakeScoped(OpenThread(THREAD_QUERY_INFORMATION, FALSE, te.th32ThreadID), [] (HANDLE t) { Ten18_HOPE_FOR.NotZero = CloseHandle(t); });
                    Ten18_EXPECT.NotNull = static_cast<HANDLE>(thread);

                    ULONG64 cycleTime = 0;
                    Ten18_EXPECT.True = QueryThreadCycleTime(thread, &cycleTime);
                    
                    FILETIME create, exit, kernel, user;
                    Ten18_EXPECT.True = GetThreadTimes(thread, &create, &exit, &kernel, &user);

                    Format("\tNative Thread %0 - Create: %1, Exit: %2, Kernel: %3, User: %4, Cycles: %5",
                        te.th32ThreadID, create.dwLowDateTime, exit.dwLowDateTime, kernel.dwLowDateTime, user.dwLowDateTime, static_cast<int>(cycleTime)).DebugOut();
                }
                
            te.dwSize = sizeof(te);
        }
        while (Thread32Next(snapshot, &te));
    }
    
    Format("Number of Native Threads: %0", numThreads).DebugOut();

    return numThreads;
}
Пример #4
0
void GetAllThreadsCallstacks(str::Str<char>& s)
{
    HANDLE threadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
    if (threadSnap == INVALID_HANDLE_VALUE)
        return;

    THREADENTRY32 te32;
    te32.dwSize = sizeof(THREADENTRY32);

    DWORD pid = GetCurrentProcessId();
    BOOL ok = Thread32First(threadSnap, &te32);
    while (ok) {
        if (te32.th32OwnerProcessID == pid)
            GetThreadCallstack(s, te32.th32ThreadID);
        ok = Thread32Next(threadSnap, &te32);
    }

    CloseHandle(threadSnap);
}
Пример #5
0
BOOL process_suspendOrResumeAllThreads(DWORD dwPID, BOOL bSuspend) {
	HANDLE hSnapT;
	HANDLE hT;
	THREADENTRY32 te32;

	if (INVALID_HANDLE_VALUE == (hSnapT = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0)))
		return FALSE;

	te32.dwSize = sizeof(THREADENTRY32);
	if (FALSE == Thread32First(hSnapT, &te32)) {
		return TRUE;
	}

	while (TRUE) {
		if (dwPID == te32.th32OwnerProcessID) {
			if (NULL == (hT = OpenThread(THREAD_SUSPEND_RESUME, FALSE, te32.th32ThreadID))) {
				utils_debugOutputErrCode(GetLastError());
				return FALSE;
			}

			if (bSuspend) {
				if (-1 == SuspendThread(hT)) {
					utils_debugOutputErrCode(GetLastError());
					CloseHandle(hT);
					return FALSE;
				}
			}
			else {
				if (-1 == ResumeThread(hT)) {
					utils_debugOutputErrCode(GetLastError());
					CloseHandle(hT);
					return FALSE;
				}
			}

			CloseHandle(hT);
		}
		if (FALSE == (Thread32Next(hSnapT, &te32)))
			break;
	}

	return TRUE;
}
Пример #6
0
void injecta_apc(DWORD pid,char *dllname,opt *options) {
	//MessageBox(0,"injecta_apc","",MB_OK);
    HANDLE hProcess = OpenProcess (MAXIMUM_ALLOWED,0,pid);
	//WaitForInputIdle(hProcess,2000);//fix some bugs on REINJECT
	HANDLE hThreadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
	BOOL threadFound=FALSE;
	if (hThreadSnap != INVALID_HANDLE_VALUE) {
		THREADENTRY32 th32;
		th32.dwSize = sizeof(THREADENTRY32);
		BOOL bOK = TRUE;
		for (bOK = Thread32First(hThreadSnap, &th32); bOK; bOK = Thread32Next(hThreadSnap, &th32)) {
			if (th32.th32OwnerProcessID == pid) {
				//printf("[info] DLL Injected into thread ID %d\n",th32.th32ThreadID);
				HANDLE h = OpenThread (THREAD_ALL_ACCESS , 0, th32.th32ThreadID);
				if(h){
					threadFound=TRUE;
					HANDLE addr = (HANDLE)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");
					//Allocate new memory region inside the process's address space.
					LPVOID arg = (LPVOID)VirtualAllocEx(hProcess, NULL, strlen(dllname), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
					if(arg == NULL) {
					printf("Error: the memory could not be allocated inside the chosen process\n");
					}
					 
					//Write the argument to LoadLibraryA to the process's newly allocated memory region.
					int n = WriteProcessMemory(hProcess, arg, dllname, strlen(dllname), NULL);
					if(n == 0) {
					printf("Error: there was no bytes written to the process's address space\n");
					}
					QueueUserAPC((HANDLE)addr, h, (DWORD)arg);
					//MessageBox(0,dllname,"APC Injection done",MB_OK);
					//printf("[error] QueueUserAPC. Code: %d\n",GetLastError());
				}else{
					printf("[error] OpenThread. Code: %d\n",GetLastError());
				}
				CloseHandle(h);
				//break;
			}
		}
		CloseHandle(hThreadSnap);
	}
	CloseHandle(hProcess);
	if(!threadFound) printf("[ERROR] THREAD NOT FOUND!\n");
}
Пример #7
0
//-------------------------------------------------------------------------
static void EnumerateThreads(void)
{
    HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
    if (hSnapshot != INVALID_HANDLE_VALUE)
    {
        THREADENTRY32 te;
        __stosb((PBYTE)&te, 0, sizeof(THREADENTRY32));
        te.dwSize = sizeof(THREADENTRY32);

        if (Thread32First(hSnapshot, &te))
        {
            do
            {
                if (te.th32OwnerProcessID == GetCurrentProcessId()
                    && te.th32ThreadID != GetCurrentThreadId())
                {
                    if (g_threads.items == NULL)
                    {
                        g_threads.capacity = MH_INITIAL_THREAD_CAPACITY;
                        g_threads.items
                            = (LPDWORD)HeapAlloc(g_hHeap, 0, g_threads.capacity * sizeof(DWORD));
                        if (g_threads.items == NULL)
                            break;
                    }
                    else if (g_threads.size >= g_threads.capacity)
                    {
                        LPDWORD p;
                        g_threads.capacity *= 2;
                        p = (LPDWORD)HeapReAlloc(
                            g_hHeap, 0, g_threads.items, g_threads.capacity * sizeof(DWORD));
                        if (p != NULL)
                            g_threads.items = p;
                        else
                            break;
                    }
                    g_threads.items[g_threads.size++] = te.th32ThreadID;
                }
            } while (Thread32Next(hSnapshot, &te));
        }
    }
    CloseHandle(hSnapshot);
}
Пример #8
0
//-------------------------------------------------------------------------
static VOID EnumerateThreads(PFROZEN_THREADS pThreads)
{
    HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
    if (hSnapshot != INVALID_HANDLE_VALUE)
    {
        THREADENTRY32 te;
        te.dwSize = sizeof(THREADENTRY32);
        if (Thread32First(hSnapshot, &te))
        {
            do
            {
                if (te.dwSize >= (FIELD_OFFSET(THREADENTRY32, th32OwnerProcessID) + sizeof(DWORD))
                    && te.th32OwnerProcessID == GetCurrentProcessId()
                    && te.th32ThreadID != GetCurrentThreadId())
                {
                    if (pThreads->pItems == NULL)
                    {
                        pThreads->capacity = MH_INITIAL_THREAD_CAPACITY;
                        pThreads->pItems
                            = (LPDWORD)HeapAlloc(g_hHeap, 0, pThreads->capacity * sizeof(DWORD));
                        if (pThreads->pItems == NULL)
                            break;
                    }
                    else if (pThreads->size >= pThreads->capacity)
                    {
                        LPDWORD p = (LPDWORD)HeapReAlloc(
                            g_hHeap, 0, pThreads->pItems, (pThreads->capacity * 2) * sizeof(DWORD));
                        if (p == NULL)
                            break;

                        pThreads->capacity *= 2;
                        pThreads->pItems = p;
                    }
                    pThreads->pItems[pThreads->size++] = te.th32ThreadID;
                }

                te.dwSize = sizeof(THREADENTRY32);
            } while (Thread32Next(hSnapshot, &te));
        }
        CloseHandle(hSnapshot);
    }
}
Пример #9
0
BOOL ListProcessThreads( DWORD dwOwnerPID ) 
{ 
  HANDLE hThreadSnap = INVALID_HANDLE_VALUE; 
  THREADENTRY32 te32; 
 
  // Take a snapshot of all running threads  
  hThreadSnap = CreateToolhelp32Snapshot( TH32CS_SNAPTHREAD, 0 ); 
  if( hThreadSnap == INVALID_HANDLE_VALUE ) 
    return( FALSE ); 
 
  // Fill in the size of the structure before using it. 
  te32.dwSize = sizeof(THREADENTRY32); 
 
  // Retrieve information about the first thread,
  // and exit if unsuccessful
  if( !Thread32First( hThreadSnap, &te32 ) ) 
  {
    //printError( TEXT("Thread32First") ); // show cause of failure
	printf( "Thread32First" );
    CloseHandle( hThreadSnap );          // clean the snapshot object
    return( FALSE );
  }

  // Now walk the thread list of the system,
  // and display information about each thread
  // associated with the specified process
  do 
  { 
    if( te32.th32OwnerProcessID == dwOwnerPID )
    {
	/*
      _tprintf( TEXT("\n\n     THREAD ID      = 0x%08X"), te32.th32ThreadID ); 
      _tprintf( TEXT("\n     Base priority  = %d"), te32.tpBasePri ); 
      _tprintf( TEXT("\n     Delta priority = %d"), te32.tpDeltaPri ); 
      _tprintf( TEXT("\n"));
		*/
    }
  } while( Thread32Next(hThreadSnap, &te32 ) ); 

  CloseHandle( hThreadSnap );
  return( TRUE );
}
Пример #10
0
 DWORD GetMainThreadId() {
     const std::shared_ptr<void> hThreadSnapshot(
         CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0), CloseHandle);
     if (hThreadSnapshot.get() == INVALID_HANDLE_VALUE) {
         throw std::runtime_error("GetMainThreadId failed");
     }
     THREADENTRY32 tEntry;
     tEntry.dwSize = sizeof(THREADENTRY32);
     DWORD result = 0;
     DWORD currentPID = GetCurrentProcessId();
     for (BOOL success = Thread32First(hThreadSnapshot.get(), &tEntry);
     !result && success && GetLastError() != ERROR_NO_MORE_FILES;
         success = Thread32Next(hThreadSnapshot.get(), &tEntry))
     {
         if (tEntry.th32OwnerProcessID == currentPID) {
             result = tEntry.th32ThreadID;
         }
     }
     return result;
 }
Пример #11
0
static inline void write_thread_traces(struct exception_handler_data *data)
{
	THREADENTRY32 entry = {0};
	HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD,
			GetCurrentProcessId());
	bool success;

	if (snapshot == INVALID_HANDLE_VALUE)
		return;

	entry.dwSize = sizeof(entry);
	success = !!Thread32First(snapshot, &entry);

	while (success) {
		write_thread_trace(data, &entry);
		success = !!Thread32Next(snapshot, &entry);
	}

	CloseHandle(snapshot);
}
Пример #12
0
/*
This method is used to get a thread id for a process.
It loops through all of the threads and compares their pid with the desired pid
*/
DWORD getThreadID(DWORD pid)
{
    puts("Getting Thread ID");
    HANDLE h = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
    if(h != INVALID_HANDLE_VALUE)
    {
        THREADENTRY32 te;
        te.dwSize = sizeof(te);
        if( Thread32First(h, &te))
        {
            do
            {
                if (te.dwSize >= FIELD_OFFSET(THREADENTRY32, th32OwnerProcessID) + sizeof(te.th32OwnerProcessID))
                {
                    if(te.th32OwnerProcessID == pid)
                    {
                        HANDLE hThread = OpenThread(READ_CONTROL, FALSE, te.th32ThreadID);
                        if(!hThread)
                        {
                            puts("Couldn't get thread handle");
                        }
                        else
                        {
                            //DWORD tpid = GetProcessIdOfThread(hThread);
                            //printf("Got one: %u\n", tpid);
                            return te.th32ThreadID;
                        }

                    }
                    //printf("hello");
                }

            }
            while( Thread32Next(h, &te));
        }

    }
    CloseHandle(h);
    return (DWORD)0;

}
Пример #13
0
BOOL SuspendAllThreads(BOOL stop)
{
	HANDLE hThreadSnap = INVALID_HANDLE_VALUE; 
	THREADENTRY32 te32;
	DWORD dwOwnerPID = GetCurrentProcessId();
	DWORD dwOwnerTID = GetCurrentThreadId();
	HANDLE hThread;

	hThreadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0); 
	if (hThreadSnap == INVALID_HANDLE_VALUE)
	{
		dbg_msg("[-] SuspendAllThreads - CreateToolhelp32Snapshot() failed\n");
		return FALSE;
	}
	te32.dwSize = sizeof(THREADENTRY32);
	if (!Thread32First(hThreadSnap, &te32)) 
	{
		dbg_msg("[-] SuspendAllThreads - Thread32First() failed\n");
		CloseHandle(hThreadSnap);
		return FALSE;
	}
	do 
	{ 
		if (te32.th32OwnerProcessID == dwOwnerPID && te32.th32ThreadID != dwOwnerTID)
		{
			hThread = OpenThread(THREAD_ALL_ACCESS, FALSE, te32.th32ThreadID);
			if (stop == TRUE)
			{
 				SuspendThread(hThread);
			}
			else
			{
				ResumeThread(hThread);
			}
			CloseHandle(hThread);
		}
	} while (Thread32Next(hThreadSnap, &te32));

	CloseHandle(hThreadSnap);
	return TRUE;
}
Пример #14
0
static DWORD GetMainThreadId() {
  std::vector<ThreadInfo> threads;

  HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
  if (snapshot != INVALID_HANDLE_VALUE) {
    THREADENTRY32 thread_entry;
    thread_entry.dwSize = sizeof(thread_entry);
    if (Thread32First(snapshot, &thread_entry)) {
      DWORD process_id = GetProcessId(GetCurrentProcess());
      do {
        if (thread_entry.dwSize >=
            FIELD_OFFSET(THREADENTRY32, th32OwnerProcessID) +
                         sizeof(thread_entry.th32OwnerProcessID)) {
          if (thread_entry.th32OwnerProcessID == process_id) {
            ThreadInfo thread = {0};
            thread.id = thread_entry.th32ThreadID;
            threads.push_back(thread);
          }
        }
        thread_entry.dwSize = sizeof(thread_entry);
      } while (Thread32Next(snapshot, &thread_entry));
    }
    CloseHandle(snapshot);
  }

  for (std::vector<ThreadInfo>::iterator it = threads.begin();
       it != threads.end(); it++) {
    ThreadInfo &info = *it;
    HANDLE handle = GetThreadHandle(info.id, THREAD_QUERY_INFORMATION);
    GetThreadTimes(handle, &info.creation_time, &info.exit_time,
                           &info.kernel_time,   &info.user_time);
  }

  threads.erase(std::remove_if(threads.begin(), threads.end(),
                               InvalidThread()), threads.end());
  if (!threads.empty()) {
    return std::min_element(threads.begin(), threads.end(),
                            CompareThreads())->id;
  }
  return 0;
}
Пример #15
0
//-------------------------------------------------------------
LONG WINAPI ExceptionFilter(EXCEPTION_POINTERS* pExceptionInfo)
{
	if (IsDebuggerPresent())
		return EXCEPTION_CONTINUE_SEARCH;

	THREADENTRY32 te32;
	DWORD myThreadId = GetCurrentThreadId();
	DWORD myProcessId = GetCurrentProcessId();

	HANDLE hThreadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
	if (hThreadSnap != INVALID_HANDLE_VALUE)
	{
		te32.dwSize = sizeof(THREADENTRY32);

		if (Thread32First(hThreadSnap, &te32))
		{
			do
			{
				if (te32.th32OwnerProcessID == myProcessId && te32.th32ThreadID != myThreadId)
				{
					HANDLE hThread = OpenThread(THREAD_ALL_ACCESS, FALSE, te32.th32ThreadID);
					if (hThread)
					{
						SuspendThread(hThread);
					}
				}

			} while (Thread32Next(hThreadSnap, &te32));

		}

		CloseHandle(hThreadSnap);
	}

	// dump文件
	MakeDump(pExceptionInfo);
	// 强制进程退出
	ExitProcess(1);

	return EXCEPTION_EXECUTE_HANDLER;
}
Пример #16
0
DWORD ListThreadProcess(DWORD PID)
{
	HANDLE hThreadSnap;
	THREADENTRY32 t;
	hThreadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
	t.dwSize = sizeof(THREADENTRY32);
	if (!Thread32First(hThreadSnap, &t))
		return (-1);
	do
	{
		if (t.th32OwnerProcessID == PID)
		{
			printf("#### THREAD %d ####\n",t.th32ThreadID);
			printf("\tThread FLAG           : %d\n", t.dwFlags);
			printf("\tThread USAGE          : %d\n", t.cntUsage);
			printf("\tThread BASE PRIORITY  : %d\n", t.tpBasePri);
			printf("\tThread DELTA PRIORITY : %d\n\n", t.tpDeltaPri);
		}
	} while (Thread32Next(hThreadSnap, &t));
	return(1);
}
Пример #17
0
static void get_main_thread_id(void)
{
	HANDLE hThreadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
	THREADENTRY32 th32;
	DWORD currentPID;
	BOOL  bOk;

	if (hThreadSnap == INVALID_HANDLE_VALUE)
		return;
	currentPID = GetCurrentProcessId();
	th32.dwSize = sizeof(THREADENTRY32);

	for (bOk = Thread32First(hThreadSnap, &th32); bOk;
		bOk = Thread32Next(hThreadSnap, &th32))
	{
		if (th32.th32OwnerProcessID == currentPID) {
			acl_var_main_tid = th32.th32ThreadID;
			break;
		}
	}
}
Пример #18
0
DWORD RMS_Socket::GetMainThreadId(DWORD processId)
{
	if (processId == 0)
		processId = GetCurrentProcessId();

	DWORD threadId = 0;
	THREADENTRY32 te32 = { sizeof(te32) };
	HANDLE threadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
	if (Thread32First(threadSnap, &te32))
	{
		do
		{
			if (processId == te32.th32OwnerProcessID)
			{
				threadId = te32.th32ThreadID;
				break;
			}
		} while (Thread32Next(threadSnap, &te32));
	}
	return threadId;
}
Пример #19
0
std::vector<CONTEXT> get_threads(DWORD dwPid)
{
	HANDLE h = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);

	std::vector<CONTEXT> threads;

	if (h != INVALID_HANDLE_VALUE) 
	{
		THREADENTRY32 te;
		te.dwSize = sizeof(te);

		if (Thread32First(h, &te)) 
		{
			do 
			{
				if (te.th32OwnerProcessID == dwPid)
				{
					CONTEXT context = { 0 };
					context.ContextFlags = CONTEXT_FULL;

					HANDLE hThread = OpenThread(THREAD_ALL_ACCESS, FALSE, te.th32ThreadID);

					SuspendThread(hThread);

					if (GetThreadContext(hThread, &context))
						threads.push_back(context);

					DWORD dwError = GetLastError();

					ResumeThread(hThread);
				}
				te.dwSize = sizeof(te); /* see: http://blogs.msdn.com/b/oldnewthing/archive/2006/02/23/537856.aspx */
			} while (Thread32Next(h, &te));
		}

		CloseHandle(h);
	}

	return threads;
}
Пример #20
0
BOOL HwDetourDetach( DWORD dwLineAddress, DWORD dwType )
{
	HANDLE hThreadSnap;
	THREADENTRY32 te32;

	static BOOL bExceptionHandlerUnSet = FALSE;

	if (bExceptionHandlerUnSet == FALSE)
	{
		RemoveVectoredExceptionHandler(g_hVectorHandle);
		bExceptionHandlerUnSet = !bExceptionHandlerUnSet;
	}

	hThreadSnap =  CreateToolhelp32Snapshot(  TH32CS_SNAPTHREAD, NULL  );
	if( hThreadSnap == INVALID_HANDLE_VALUE ) return  FALSE; 

	te32.dwSize = sizeof(  THREADENTRY32  ); 
	if(  Thread32First(  hThreadSnap, &te32 ) )
	{
		do
		{  
			if(  te32.th32OwnerProcessID != GetCurrentProcessId() || 
				 te32.th32ThreadID == GetCurrentThreadId() )
				continue;

			UninstDbgBreakfromThrd( te32.th32ThreadID,dwLineAddress, dwType);

		} while(  Thread32Next(  hThreadSnap, &te32 ) );
	}

	for(int i = 0; i < 4; i++)
	{
		if( dwLineAddress == g_ExceptionInfo[i].dwLineAddr)
		{
			g_ExceptionInfo[i].bIsFree = TRUE;
			break;
		}
	} 
	return TRUE;
}
Пример #21
0
/*	Lists threads of the running process plus
*	Some information about them. */
BOOL GetThreadsList(INT NumberOfProcess,DWORD dwTID){
	//	Initializing Number of threads.
	INT NumberOfThreads=0;
	THREADENTRY32 th32;
	HANDLE hThreadSnap = INVALID_HANDLE_VALUE;
	HANDLE hThread=INVALID_HANDLE_VALUE;
	//	Taking a sanpshot from threads of the process.
	hThreadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD,0);
	//	Setting size of the structure before using it.
	th32.dwSize=sizeof(THREADENTRY32);
	//	obtaining the first process and checking for error.
	if(!Thread32First(hThreadSnap,&th32)){
		//	If there was an error ( because each process has at least one thread ).
		PeInfo[NumberOfProcess].ThreadCount = NumberOfThreads;
		// Clean the snapshot object.
		CloseHandle(hThreadSnap);
		return FALSE;
	}
	do{
		if(th32.th32OwnerProcessID == dwTID){
			//	Opens an existing thread object.
			hThread = OpenThread(THREAD_QUERY_INFORMATION ,FALSE,th32.th32ThreadID);
			//	Obtaining thread PIDs.
			PeInfo[NumberOfProcess].Threads[NumberOfThreads].dwTID = th32.th32ThreadID;
			//	Obtaining Thread Priority.
			PeInfo[NumberOfProcess].Threads[NumberOfThreads].ThreadPriority = GetThreadPriority(hThread);
			//	The number of CPU clock cycles used by the thread. This value includes cycles spent in both user mode and kernel mode.
			QueryThreadCycleTime(hThread,&PeInfo[NumberOfProcess].Threads[NumberOfThreads].CycleTime);
		//	Closes the handle.
		CloseHandle(hThread);
			//	Adding NumberOfThreads.
			++NumberOfThreads;
		}
	}while(Thread32Next(hThreadSnap,&th32));
	//	Closing the handle object.
	CloseHandle(hThreadSnap);
	//	assigning number of threads to the variable of that process.
	PeInfo[NumberOfProcess].ThreadCount = NumberOfThreads;
	return TRUE;
}
Пример #22
0
/*
=======================================
    线程枚举
=======================================
*/
CR_API UINT WINAPI
ThreadList (
  __CR_IN__ DWORD           prcss_id,
  __CR_OT__ THREADENTRY32** list
    )
{
    BOOL            goon;
    HANDLE          snap;
    THREADENTRY32   temp;

    /* 取得指定进程的所有线程信息 */
    snap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, prcss_id);
    if (snap == INVALID_HANDLE_VALUE)
        return (0);

    std::vector<THREADENTRY32>  vlist;

    /* 枚举线程 */
    temp.dwSize = sizeof(THREADENTRY32);
    goon = Thread32First(snap, &temp);
    while (goon) {
        if (temp.th32OwnerProcessID == prcss_id)
            vlist.push_back(temp);
        temp.dwSize = sizeof(THREADENTRY32);
        goon = Thread32Next(snap, &temp);
    }
    CloseHandle(snap);

    size_t  size = vlist.size();

    /* 返回线程列表 */
    if (size == 0)
        return (0);
    size *= sizeof(THREADENTRY32);
    *list = (THREADENTRY32*)mem_malloc(size);
    if (*list == NULL)
        return (0);
    memcpy(*list, &vlist[0], size);
    return (vlist.size());
}
Пример #23
0
void set_breakpoints(void) {
    HANDLE hTool32 = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
    if(hTool32 != INVALID_HANDLE_VALUE) {
        THREADENTRY32 thread_entry32;
        thread_entry32.dwSize = sizeof(THREADENTRY32);
        FILETIME exit_time, kernel_time, user_time;
        FILETIME creation_time;
        FILETIME prev_creation_time;
        prev_creation_time.dwLowDateTime = 0xFFFFFFFF;
        prev_creation_time.dwHighDateTime = INT_MAX;
        HANDLE hMainThread = NULL;
        if(Thread32First(hTool32, &thread_entry32)) {
            do {
                if(thread_entry32.dwSize >= FIELD_OFFSET(THREADENTRY32, th32OwnerProcessID) + sizeof(thread_entry32.th32OwnerProcessID)
                    && thread_entry32.th32OwnerProcessID == GetCurrentProcessId()
                    && thread_entry32.th32ThreadID != GetCurrentThreadId()) {
                        HANDLE hThread = OpenThread(THREAD_SET_CONTEXT | THREAD_GET_CONTEXT | THREAD_QUERY_INFORMATION,
                            FALSE, thread_entry32.th32ThreadID);
                        GetThreadTimes(hThread, &creation_time, &exit_time, &kernel_time, &user_time);
                        if(CompareFileTime(&creation_time, &prev_creation_time) == -1) {
                            memcpy(&prev_creation_time, &creation_time, sizeof(FILETIME));
                            if(hMainThread != NULL)
                                CloseHandle(hMainThread);
                            hMainThread = hThread;
                        }
                        else
                            CloseHandle(hThread);
                }
                thread_entry32.dwSize = sizeof(THREADENTRY32);
            } while(Thread32Next(hTool32, &thread_entry32));
            AddVectoredExceptionHandler(1, ExceptionFilter);
            CONTEXT thread_context = {CONTEXT_DEBUG_REGISTERS};
            thread_context.Dr0 = func_addr;
            thread_context.Dr7 = (1 << 0);
            SetThreadContext(hMainThread, &thread_context);
            CloseHandle(hMainThread);
        }
        CloseHandle(hTool32);
    }
}
Пример #24
0
HWND GetMainWindow( DWORD dwOwnerPID ) 
{ 
	HWND hWnd = 0; 
	HANDLE hThreadSnap = INVALID_HANDLE_VALUE; 
	THREADENTRY32 te32; 

	// Take a snapshot of all running threads  
	hThreadSnap = CreateToolhelp32Snapshot( TH32CS_SNAPTHREAD, 0 ); 
	if( hThreadSnap == INVALID_HANDLE_VALUE ) 
		return( 0 ); 

	// Fill in the size of the structure before using it. 
	te32.dwSize = sizeof(THREADENTRY32 ); 

	// Retrieve information about the first thread,
	// and exit if unsuccessful
	if( !Thread32First( hThreadSnap, &te32 ) ) 
	{
		CloseHandle( hThreadSnap );     // Must clean up the snapshot object!
		return( 0 );
	}

	// Now walk the thread list of the system,
	// and display information about each thread
	// associated with the specified process
	do 
	{ 
		if( te32.th32OwnerProcessID == dwOwnerPID )
		{

			EnumThreadWindows(te32.th32ThreadID, EnumProc, (LPARAM)&hWnd); 
			if(hWnd) break;

		}
	} while( Thread32Next(hThreadSnap, &te32 ) ); 

	//  Don't forget to clean up the snapshot object.
	CloseHandle( hThreadSnap );
	return( hWnd );
}
Пример #25
0
void
gum_process_enumerate_threads (GumFoundThreadFunc func,
                               gpointer user_data)
{
  DWORD this_process_id;
  HANDLE snapshot;
  THREADENTRY32 entry;

  this_process_id = GetCurrentProcessId ();

  snapshot = CreateToolhelp32Snapshot (TH32CS_SNAPTHREAD, 0);
  if (snapshot == INVALID_HANDLE_VALUE)
    goto beach;

  entry.dwSize = sizeof (entry);
  if (!Thread32First (snapshot, &entry))
    goto beach;

  do
  {
    if (RTL_CONTAINS_FIELD (&entry, entry.dwSize, th32OwnerProcessID) &&
        entry.th32OwnerProcessID == this_process_id)
    {
      GumThreadDetails details;

      if (gum_windows_get_thread_details (entry.th32ThreadID, &details))
      {
        if (!func (&details, user_data))
          break;
      }
    }

    entry.dwSize = sizeof (entry);
  }
  while (Thread32Next (snapshot, &entry));

beach:
  if (snapshot != INVALID_HANDLE_VALUE)
    CloseHandle (snapshot);
}
Пример #26
0
		List<THREADENTRY32> GetThreads(DWORD dwOwnerPID)
		{
			List<THREADENTRY32> ret;

			HANDLE hThreadSnap = INVALID_HANDLE_VALUE;
			THREADENTRY32 te32;

			// Take a snapshot of all running threads  
			hThreadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
			if (hThreadSnap == INVALID_HANDLE_VALUE)
				return ret;

			// Fill in the size of the structure before using it. 
			te32.dwSize = sizeof(THREADENTRY32);

			// Retrieve information about the first thread,
			// and exit if unsuccessful
			if (!Thread32First(hThreadSnap, &te32))
			{
				printError("Thread32First");  // Show cause of failure
				CloseHandle(hThreadSnap);     // Must clean up the snapshot object!
				return ret;
			}

			// Now walk the thread list of the system,
			// and display information about each thread
			// associated with the specified process
			do
			{
				if (te32.th32OwnerProcessID == dwOwnerPID)
				{
					ret.push_back(te32);
				}
			} while (Thread32Next(hThreadSnap, &te32));

			//  Don't forget to clean up the snapshot object.
			CloseHandle(hThreadSnap);
			return ret;
		}
Пример #27
0
	void ScopedThreadExclusive::GetThreads(std::vector<DWORD>& threads)
	{
		ScopedHandle hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
		if (hSnapshot == INVALID_HANDLE_VALUE)
		{
			return;
		}
		
		THREADENTRY32 te = { sizeof(te) };
		if (Thread32First(hSnapshot, &te))
		{
			do 
			{
				if (te.th32OwnerProcessID == GetCurrentProcessId()
					&& te.th32ThreadID != GetCurrentThreadId())
				{
					threads.push_back(te.th32ThreadID);
				}
			} 
			while (Thread32Next(hSnapshot, &te));
		}
	}
Пример #28
0
//////////////////////////////////////////////////////////////////////////
//
// ¸ðµç ¾²·¹µå¸¦ °¡µ¿½ÃŲ´Ù
//
//////////////////////////////////////////////////////////////////////////
void CRawHookMgr::ResumeAllThread()
{
	// ¸ðµç ¾²·¹µåµéÀÇ ½º³À¼¦À» ¸¸µì´Ï´Ù.
	HANDLE hThreadSnap = INVALID_HANDLE_VALUE;
	hThreadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, GetCurrentProcessId());

	if(hThreadSnap == INVALID_HANDLE_VALUE) return;


	THREADENTRY32 te32;
	memset(&te32, 0,sizeof(THREADENTRY32));
	te32.dwSize = sizeof(THREADENTRY32);

	// ÇöÀç ÇÁ·Î¼¼½ºID¿Í ¾²·¹µåID
	DWORD dwCurPID = GetCurrentProcessId();
	DWORD dwCurTID = GetCurrentThreadId();

	// ¾²·¹µå ¼øȸ
	BOOL bNext = Thread32First(hThreadSnap, &te32);
	while(bNext)
	{
		if( te32.th32OwnerProcessID == dwCurPID && te32.th32ThreadID != dwCurTID )
		{
			// ¾²·¹µå Á¤Áö
			HANDLE hThread = OpenThread(THREAD_SUSPEND_RESUME, FALSE, te32.th32ThreadID);
			if(hThread)
			{
				ResumeThread(hThread);
				//CloseHandle(hThread);
			}
		}

		bNext = Thread32Next(hThreadSnap, &te32);
	}
	CloseHandle (hThreadSnap);

	m_bIsAllThreadSuspended = FALSE;
}
Пример #29
0
void thresume(DWORD processId)
{
	HANDLE hThreadSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);

	THREADENTRY32 threadEntry;
	threadEntry.dwSize = sizeof(THREADENTRY32);

	Thread32First(hThreadSnapshot, &threadEntry);

	do
	{
		if (threadEntry.th32OwnerProcessID == processId)
		{
			HANDLE hThread = OpenThread(THREAD_ALL_ACCESS, FALSE,
				threadEntry.th32ThreadID);
			ResumeThread(hThread);
			//SuspendThread(hThread);
			CloseHandle(hThread);
		}
	} while (Thread32Next(hThreadSnapshot, &threadEntry));

	CloseHandle(hThreadSnapshot);
}
Пример #30
0
int TraceAllThreadByPid(const DWORD Pid,DWORD *Tid)
{
	int count=0;
	THREADENTRY32 th32;
	th32.dwSize=sizeof(th32);//指定结构的长度,以字节为单位。在调用Thread32First时,设置这个成员为SIZEOF(THREADENTRY32)。如果你不初始化的dwSize,Thread32First将调用失败。 
	HANDLE hThreadSnap=::CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD,0);
	//CreateToolhelp32Snapshot可以通过获取进程信息为指定的进程、进程使用的堆[HEAP]、模块[MODULE]、线程建立一个快照。
	if(hThreadSnap==INVALID_HANDLE_VALUE)
	{
		return -1;
	}
	bool more=Thread32First(hThreadSnap,&th32);
	while(more)
	{
		if(th32.th32OwnerProcessID==Pid)
		{
			Tid[count++]=th32.th32ThreadID;
		}
		more=Thread32Next(hThreadSnap,&th32);//hTreadSnap快照句柄
	}
	CloseHandle(hThreadSnap);
	return count;
}