根据线程ID找出其所在的模块名
来源:互联网 发布:复旦大数据学院怎么样 编辑:程序博客网 时间:2024/05/16 10:43
从硬盘中找出来的一段代码。已不知道原始出处了。贴出来。
#define WIN32_LEAN_AND_MEAN
#define _WIN32_WINNT 0x400
#include <stdio.h>
#include <tchar.h>
#include <locale.h>
#include <windows.h>
#include <psapi.h>
#include <Tlhelp32.h>
#pragma comment (lib, "psapi.lib")
//
// Thread Information Classes
//
typedef enum _THREADINFOCLASS {
ThreadBasicInformation,
ThreadTimes,
ThreadPriority,
ThreadBasePriority,
ThreadAffinityMask,
ThreadImpersonationToken,
ThreadDescriptorTableEntry,
ThreadEnableAlignmentFaultFixup,
ThreadEventPair_Reusable,
ThreadQuerySetWin32StartAddress,
ThreadZeroTlsCell,
ThreadPerformanceCount,
ThreadAmILastThread,
ThreadIdealProcessor,
ThreadPriorityBoost,
ThreadSetTlsArrayAddress,
ThreadIsIoPending,
ThreadHideFromDebugger,
ThreadBreakOnTermination,
MaxThreadInfoClass
} THREADINFOCLASS;
typedef struct _CLIENT_ID {
HANDLE UniqueProcess;
HANDLE UniqueThread;
} CLIENT_ID;
typedef CLIENT_ID *PCLIENT_ID;
typedef struct _THREAD_BASIC_INFORMATION { // Information Class 0
LONG ExitStatus;
PVOID TebBaseAddress;
CLIENT_ID ClientId;
LONG AffinityMask;
LONG Priority;
LONG BasePriority;
} THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
extern "C" LONG (__stdcall *ZwQueryInformationThread) (
IN HANDLE ThreadHandle,
IN THREADINFOCLASS ThreadInformationClass,
OUT PVOID ThreadInformation,
IN ULONG ThreadInformationLength,
OUT PULONG ReturnLength OPTIONAL
) = NULL;
extern "C" LONG (__stdcall *RtlNtStatusToDosError) (
IN ULONG status) = NULL;
BOOL ShowThreadInfo (DWORD tid)
{
THREAD_BASIC_INFORMATION tbi;
PVOID startaddr;
LONG status;
HANDLE thread, process;
thread = ::OpenThread (THREAD_ALL_ACCESS, FALSE, tid);
if (thread == NULL)
return FALSE;
status = ZwQueryInformationThread (thread,
ThreadQuerySetWin32StartAddress,
&startaddr,
sizeof (startaddr),
NULL);
if (status < 0)
{
CloseHandle (thread);
SetLastError (RtlNtStatusToDosError (status));
return FALSE;
};
_tprintf (TEXT ("线程 %08x 的起始地址为 %p\n"),
tid,
startaddr);
status = ZwQueryInformationThread (thread,
ThreadBasicInformation,
&tbi,
sizeof (tbi),
NULL);
if (status < 0)
{
CloseHandle (thread);
SetLastError (RtlNtStatusToDosError (status));
return FALSE;
};
_tprintf (TEXT ("线程 %08x 所在进程ID为 %08x\n"),
tid,
(DWORD)tbi.ClientId.UniqueProcess);
process = ::OpenProcess (PROCESS_ALL_ACCESS,
FALSE,
(DWORD)tbi.ClientId.UniqueProcess);
if (process == NULL)
{
DWORD error = ::GetLastError ();
CloseHandle (thread);
SetLastError (error);
return FALSE;
};
TCHAR modname [0x100];
::GetModuleFileNameEx (process, NULL, modname, 0x100);
_tprintf (TEXT ("线程 %08x 所在进程映象为 %s\n"),
tid,
modname);
GetMappedFileName(process,
startaddr,
modname,
0x100);
_tprintf (TEXT ("线程 %08x 可执行代码所在模块为 %s\n"),
tid,
modname);
CloseHandle (process);
CloseHandle (thread);
return TRUE;
};
int main (void)
{
setlocale (LC_ALL, ".ACP");
HINSTANCE hNTDLL = ::GetModuleHandle (TEXT ("ntdll"));
(FARPROC&)ZwQueryInformationThread =
::GetProcAddress (hNTDLL, "ZwQueryInformationThread");
(FARPROC&)RtlNtStatusToDosError =
::GetProcAddress (hNTDLL, "RtlNtStatusToDosError");
HANDLE h = CreateToolhelp32Snapshot (TH32CS_SNAPTHREAD, 0);
THREADENTRY32 te;
te.dwSize = sizeof (te);
if (Thread32First (h, &te))
{
do
{
if (ShowThreadInfo (te.th32ThreadID))
{
}
else
{
_tprintf (TEXT("无法获得线程 %08x 的相关信息,错误代码为 %d\n"),
te.th32ThreadID, GetLastError ());
};
} while (Thread32Next (h, &te));
};
CloseHandle (h);
}
- 根据线程ID找出其所在的模块名
- 根据进程名获取其加载的所有可执行模块
- 根据线程ID获取其Handle
- 根据表名查找所在的数据库名(用游标)
- 根据屏幕中的控件获得其所在的屏幕号
- 根据字段值查询其所在的表、字段
- 根据td的内容查找其所在tr
- c#怎样根据文件名获取其所在的绝对路径
- 根据页面的id隐藏当前元素所在的tr
- Oracle根据表名获得其主键的字段名
- 根据分区表名查找所在的文件及文件组
- 根据资源的名字获取其ID值
- Android 如何根据资源的名字获取其ID值
- linux 根据进程名查看其占用的端口
- linux 根据进程名查看其占用的端口
- linux 根据进程名查看其占用的端口
- linux 根据进程名查看其占用的端口
- linux 根据进程名查看其占用的端口
- android退出
- vi命令
- 各种正则表达式
- File input 浏览上传按钮样式和文字的更改方法
- 《大话数据结构》之算法笔记
- 根据线程ID找出其所在的模块名
- VS2005利用正则表达统计代码行数(免安装插件)
- cookie 跟 Request.IsAuthenticated 之间的关系
- cs小院
- jesperReport测试pdf粗体代码
- 从公交塞车,看C# 多线程同步问题
- 从非资源文件中构建NinePatchDrawable对象(android – Create a NinePatch/NinePatchDrawable in runtime
- Wininet.dll中导出的几个函数
- C++对象池
