请问怎样通过Process ID获得Thread handle，不用debug api (100分)

tt.t · 2002-09-09

qsilence · 2002-09-09

//用 TOOL HELP API （TLHelp32） //ThreadsListView 是 TListView procedure TMainForm.BuildThreadsList(ProcessID: DWORD); var   SnapProcHandle: THandle;   ThreadEntry: TThreadEntry32;   Next: Boolean; begin   with ThreadsListView do   try     Items.BeginUpdate;     Items.Clear;     SnapProcHandle := CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);     if SnapProcHandle <> THandle(-1) then     begin       ThreadEntry.dwSize := Sizeof(ThreadEntry);       Next := Thread32First(SnapProcHandle, ThreadEntry);       while Next do       begin         if ThreadEntry.th32OwnerProcessID = ProcessID then           with Items.Add, ThreadEntry do           begin             Caption := Format('%.8x', [th32ThreadID]);             Data := Pointer(th32ThreadID);             SubItems.AddObject(Format('%d', [tpDeltaPri]), Pointer(tpDeltaPri));           end;         Next := Thread32Next(SnapProcHandle, ThreadEntry);       end;       CloseHandle(SnapProcHandle);     end;     AlphaSort;     ListViewFocusFirstItem(ThreadsListView);   finally     Items.EndUpdate;   end; end;

tt.t · 2002-09-09

拜托，我要的是Thread handle，不是Thread ID！ 有人能帮忙么？

DarwinZhang · 2002-09-10

你无法获得其它进程的Handle,除非你对它进行调试。

tt.t · 2002-09-10

哦，大家都这样说。可我这里有能实现通过Process ID获得Thread handle的VC代码， 他是用未公开的的了一个结构。可我看不大懂，先贴出来，希望谁能翻成delphi并 分析一下。 关键代码： #include "stdafx.h" #include "InjectCode.h" #ifdef _DEBUG #define new DEBUG_NEW #undef THIS_FILE static char THIS_FILE[] = __FILE__; #endif typedef struct t_PDB {     WORD  Type;     WORD  Refcount;     DWORD Unk0;     DWORD Unk1;     DWORD Unk2;     DWORD TermStatus;     DWORD Unk3;     DWORD DefaultHeap;     DWORD MemContext;       DWORD Flags;     DWORD pPsp;     WORD  PSPSelector;     WORD  MTEIndex;     WORD  nThreads;     WORD  nThreadsNotTerm;     WORD  Unk5;     WORD  nR0Threads;     DWORD HeapHandle;     WORD  K16TDBSel;     WORD  Unk6;     DWORD Unk7;     DWORD pEDB;     DWORD pHandleTable;     struct t_PDB *ParentPDB;     DWORD MODREFList;     DWORD ThreadList;     DWORD DebugeeCB;     DWORD LHFreeHead;     DWORD InitialR0ID; }PDB, *PPDB; typedef struct t_TCB {     WORD  Type;     WORD  RefCount;     DWORD Unk1;     DWORD pvExcept;     DWORD TopOfStack;     DWORD BaseOfStack;     WORD  K16TDB;     WORD  StackSel16;     DWORD Unk2;     DWORD UserPointer;     DWORD pTIB;     WORD  TIBflags;     WORD  Win16MutxCnt;     DWORD DebugContext;     DWORD PtrToCurPri;     DWORD MsgQueue;     DWORD pTLSarray;     PPDB  pParentPDB;     DWORD SelmanList;     DWORD Unk3;     DWORD Flags;     DWORD Status;     WORD  TIBsel;     WORD  EmulatorSel;     DWORD HandleCount;     DWORD WaitNodeList;     DWORD R0hThread;     DWORD ptdbx; }TCB, *PTCB; typedef DWORD (WINAPI*OTFUNC)(HANDLE*,DWORD,void*,void*); typedef LPVOID (WINAPI *OBFUNC)(DWORD dwPTID); LPVOID WINAPI GetTrueProcAddress(LPSTR lpMod, LPTSTR lpFunc); HANDLE WINAPI OpenThreadNT(DWORD dwThreadID, BOOL bInherit); LPVOID WINAPI XORProcessThreadID(DWORD dwPTID) {     OBFUNC obfuscate;     DWORD dwMain,*lpdw,dw1;     dwMain = (DWORD)GetTrueProcAddress(_T("KERNEL32"),                                        _T("GetCurrentThreadId"));     lpdw = (LPDWORD)((DWORD)dwMain + 8);     dw1 = ((DWORD)dwMain + 12);     obfuscate = (OBFUNC)(dw1+*lpdw);     return(obfuscate(dwPTID)); } //这个函数，传给他ThreadID，返回ThreadHandle HANDLE WINAPI OpenThread2(DWORD dwThreadID, BOOL bInherit) {     HANDLE hThread,hprc;     LPDWORD lp1;     DWORD dwProcessID,dwWhere,dwTable;     BOOL b1;     PTCB lpThreadObj;     PPDB ppdb;     OSVERSIONINFO osvi;     osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);     GetVersionEx(&osvi);     SetLastError(50);     if(osvi.dwPlatformId == VER_PLATFORM_WIN32_NT)         return OpenThreadNT(dwThreadID, bInherit);     ppdb = (PPDB)XORProcessThreadID(GetCurrentProcessId());     lpThreadObj = (PTCB)XORProcessThreadID(dwThreadID);     /* check to make sure its valid */     if(IsBadReadPtr(lpThreadObj, sizeof(TCB))) return NULL;     /* object type */     if(*(LPBYTE)lpThreadObj != 7) return NULL;     dwProcessID =         (DWORD)XORProcessThreadID((DWORD)lpThreadObj->pParentPDB);     if(dwProcessID == GetCurrentProcessId())         hprc = GetCurrentProcess();     else     {         hprc = OpenProcess(PROCESS_ALL_ACCESS,                            FALSE, dwProcessID);         if(!hprc) return NULL;     }     /*      * 4 is the lowest handle in the table.      * All processes have this handle.      */     b1 = DuplicateHandle(hprc,                          (HANDLE)4,                          GetCurrentProcess(),                          &hThread,                          THREAD_ALL_ACCESS,                          bInherit, 0);     if(hprc != GetCurrentProcess())         CloseHandle(hprc);     if(!b1) return NULL;     dwWhere = ((DWORD)hThread) >> 2;     dwTable = ppdb->pHandleTable;     lp1 = (LPDWORD)(dwTable+(dwWhere*8)+8);     *lp1 = (DWORD)lpThreadObj;     return(hThread); } HANDLE WINAPI OpenThreadNT(DWORD dwThreadID, BOOL bInherit) {     HANDLE hThread = NULL;     DWORD struct1[] = {0x18, 0, 0, 0, 0, 0};     DWORD struct2[] = {0,dwThreadID};     HMODULE hLib = LoadLibrary(_T("ntdll.dll"));     OTFUNC OpenThatNTThread =         (OTFUNC)GetProcAddress(hLib, _T("NtOpenThread"));     struct1[3] = bInherit;     OpenThatNTThread(&hThread, THREAD_ALL_ACCESS, struct1, struct2);     FreeLibrary(hLib);     return hThread; } LPVOID WINAPI GetTrueProcAddress(LPSTR lpMod, LPTSTR lpFunc) {     LPVOID bla = GetProcAddress(GetModuleHandle(lpMod), lpFunc);     if(!bla) return NULL;     if(*(LPBYTE)bla == 0x68)         bla = (LPVOID)*(LPDWORD)((DWORD)bla + 1);     return bla; }

tt.t · 2004-05-17

多人接受答案了。

请问怎样通过Process ID获得Thread handle，不用debug api (100分)

tt.t

Unregistered / Unconfirmed

qsilence

Unregistered / Unconfirmed

tt.t

Unregistered / Unconfirmed

DarwinZhang

Unregistered / Unconfirmed

tt.t

Unregistered / Unconfirmed

tt.t

Unregistered / Unconfirmed

Similar threads