W
wuhansen
Unregistered / Unconfirmed
GUEST, unregistred user!
我想用NtQuerySystemInformation获得主线程的ID
代码如下
到
T:=PInfo^.ThreadInfo^;
MainThreadID:=T.ThreadID;
发现会出错
看信息PInfo^.ThreadInfo^指向的地址未分配?
这个是为什么呢?
大家帮帮我好么
代码如下
到
T:=PInfo^.ThreadInfo^;
MainThreadID:=T.ThreadID;
发现会出错
看信息PInfo^.ThreadInfo^指向的地址未分配?
这个是为什么呢?
大家帮帮我好么
代码:
type
PProcessInfo = ^TProcessInfo;
TProcessInfo=record
dwOffset : dword; // an ofset to the next Process structure
dwThreadCount : dword;
dwUnkown1 : array[0..5] of dword;
ftCreationTime : TFileTime;
dwUnkown2 : dword;
dwUnkown3 : dword;
dwUnkown4 : dword;
dwUnkown5 : dword;
dwUnkown6 : dword;
pszProcessName : PWideChar;
dwBasePriority : dword;
dwProcessID : dword;
dwParentProcessID : dword;
dwHandleCount : dword;
dwUnkown7 : dword;
dwUnkown8 : dword;
dwVirtualBytesPeak : dword;
dwVirtualBytes : dword;
dwPageFaults : dword;
dwWorkingSetPeak : dword;
dwWorkingSet : dword;
dwUnkown9 : dword;
dwPagedPool : dword; // kbytes
dwUnkown10 : dword;
dwNonPagedPool : dword; // kbytes
dwPageFileBytesPeak : dword;
dwPageFileBytes : dword;
dwPrivateBytes : dword;
dwUnkown11 : dword;
dwUnkown12 : dword;
dwUnkown13 : dword;
dwUnkown14 : dword;
ThreadInfo : PThreadInfo; // Thread list
end;
procedure TForm1.Button1Click(Sender: TObject);
Const BufSize=5*1024*1024;
type
PBA = ^TBA;
TBA = array[0..1000000] of byte;
Var
Buf:PBA;
Pid,MainThreadID,Cp:Dword;
PInfo:PProcessInfo;
T:TThreadInfo;
begin
GetMem(Buf,BufSize);
ZeroMemory(Buf,BufSize);
GetWindowThreadProcessId(FindWindow('Shell_TrayWnd', nil), @Pid);
NtQuerySystemInformation(SYSTEM_INFORMATION_CLASS(5),//枚举进程信息
Buf,//返回
BufSize,//缓冲区域大小
nil
);
cp:=0;
PInfo:=PProcessInfo(@Buf[cp]);
if not (PInfo^.dwProcessID=Pid ) then
repeat
cp:=cp+PInfo^.dwOffset;
PInfo:=PProcessInfo(@Buf[cp]);
until (PInfo^.dwProcessID=Pid) or(Pinfo^.dwOffset = 0);
T:=PInfo^.ThreadInfo^;
MainThreadID:=T.ThreadID;
FreeMem(buf);
Edit1.Text:=inttostr(MainThreadID);
end;