TProcessEntry32和TThreadEntry32,高分200！！(200分)

engleking · 2001-06-02

用Thread32First取出的是一个Thread的ID号；用OpenPorcess可以将TProcessEntry32中的 ProcessID转化为Process的Handle，可是如何将ThreadID转化为Thread的Handle呢？

engleking · 2001-06-02

怎么了？？没人回答？

bbkxjy · 2001-06-03

从 "Win32 Programmer's Referenct" -> "Thread Handles and Identifiers" 的说明中 C&P 来的一段话： The Win32 API *does not* provide a way to get the thread handle from the thread identifier. If the handles were made available this way, the owning process could fail because another process unexpectedly performed an operation on one of its threads, such as suspending it, resuming it, adjusting its priority, or terminating it. Instead, you must request the handle from the thread creator or  the thread itself. 好象没办法了

iamfly · 2001-06-03

请问拿到个THREAD HANDLE有什么用呢？我记得用到THREAD的地方都是调用THREAD ID而已， 有必要调用THREAD HANDLE吗？况且，ID也好HANDLE也罢，都只是为了唯一标识一个THREAD 而已(虽说两者的长度不同)，所以有时我也不清楚为什么MS要给PROCESS来个ID又来个HANDLE， 莫非是为了兼容性？不清楚

engleking · 2001-06-04

能够拿到每个Thread的Handle用处多多。。

wql · 2001-06-04

to iamfly:    你没有编过用我的进程控制其他进程的线程的程序，当然不知道线程句柄 的好处了！！！ to engleking:    通过知己CreateProcess可以得到主线程的Handle，但是无论如何都得不到 其他线程的Handle的。死心吧，我也没有办法！！！

bbkxjy · 2001-06-04

在别的地方看到一种办法是利用系统范围的钩子，在钩子中取得可以获得其它线程的Handle, 再通过消息发给自己的程序。一种是利用 OpenProcess API 的 Undocumented 的功能，却没 说到底怎么使用。有谁知道？

engleking · 2001-06-04

unit HookInst; interface uses   Windows; type   THookCall = packed record     Code   : integer;     WParam : WPARAM;     LParam : LPARAM;     Result : LResult   end;   THookMethod = procedure (var HookCall: THookCall) of object; function  MakeHookInstance (Method: THookMethod): pointer; procedure FreeHookInstance (ObjectInstance: pointer); implementation const   InstanceCount = 313;  // set so that sizeof (TInstanceBlock) < PageSize type   PObjectInstance = ^TObjectInstance;   TObjectInstance = packed record     Code: Byte;     Offset: Integer;     case Integer of       0: (Next: PObjectInstance);       1: (Method: THookMethod);   end; type   PInstanceBlock = ^TInstanceBlock;   TInstanceBlock = packed record     Next: PInstanceBlock;     Code: array[1..2] of Byte;     WndProcPtr: Pointer;     Instances: array[0..InstanceCount] of TObjectInstance;   end; var   InstBlockList : PInstanceBlock  = nil;   InstFreeList  : PObjectInstance = nil; function StdHookProc (Code, WParam: WPARAM; LParam:   LPARAM): LResult; stdcall; assembler; asm         XOR     EAX,EAX         PUSH    EAX         PUSH    LParam         PUSH    WParam         PUSH    Code         MOV     EDX,ESP         MOV     EAX,[ECX].Longint[4]         CALL    [ECX].Pointer         ADD     ESP,12         POP     EAX end; { Allocate a hook method instance } function CalcJmpOffset(Src, Dest: Pointer): Longint; begin   Result := Longint(Dest) - (Longint(Src) + 5); end; function MakeHookInstance(Method: THookMethod): Pointer; const   BlockCode: array [1..2] of Byte = ($59, $E9);   PageSize = 4096; var   Block: PInstanceBlock;   Instance: PObjectInstance; begin   if InstFreeList = nil then   begin     Block := VirtualAlloc (nil, PageSize, MEM_COMMIT,       PAGE_EXECUTE_READWRITE);     Block^.Next := InstBlockList;     Move(BlockCode, Block^.Code, SizeOf(BlockCode));     Block^.WndProcPtr :=       Pointer(CalcJmpOffset(@Block^.Code[2], @StdHookProc));     Instance := @Block^.Instances;     repeat       Instance^.Code := $E8;       Instance^.Offset := CalcJmpOffset(Instance,         @Block^.Code);       Instance^.Next := InstFreeList;       InstFreeList := Instance;       Inc(Longint(Instance), SizeOf(TObjectInstance));     until Longint(Instance) - Longint(Block) >=       SizeOf(TInstanceBlock);     InstBlockList := Block   end;   Result := InstFreeList;   Instance := InstFreeList;   InstFreeList := Instance^.Next;   Instance^.Method := Method end; { Free a hook method instance } procedure FreeHookInstance (ObjectInstance: Pointer); begin   if ObjectInstance <> nil then   begin     PObjectInstance(ObjectInstance)^.Next := InstFreeList;     InstFreeList := ObjectInstance   end end; end. 修改一个通用函数入口地址；然后找调用这个函数的线程。。可是取出来的合实际的不一样呀。

bbkxjy · 2001-06-04

to engleking:   你从 UNDU 拷一段代码干吗？全局钩子函数应放在 Dll 中，再贴： In WinME/2K there is a new avaiable API called OpenThread(). However there are two different solutions even if you do not have WinME/2K ... the first idea is based upon the documentation of GetCurrentThread() function: "The function cannot be used by one thread to create a handle that can be used by other threads to refer to the first thread. The handle is always interpreted as referring to the thread that is using it. A thread can create a "real" handle of itself that can be used by other threads, or inherited by other processes, by specifying the pseudohandle as the source handle in a call to the DuplicateHandle function." The idea is the following: 1 - You install an Hook into the interested Thread (you have its Thread ID) 2 - From the remote process you call the DuplicateHandle passing the PseudoHandle retrieved by GetCurrentThread 3 - You "export" the real handle The only problem is that if the interested Thread does not have a message queue the Hook will never be installed and you will not be able to call the DuplicateHandle ... Source Code: {钩子 DLL} library hThreadFromTid; {Copyright (c) by Carlo Bertuccini -- 2001} uses   Dialogs,   SysUtils,   ClipBrd,   Windows; {$R *.RES} var hHook : THandle; OnlyOnce : Boolean = True; WM_NOTIFICA : Cardinal; Function HookProc(Code:Integer; WPar : Wparam; LPar :Lparam) : Integer; Stdcall; var hThread, hNewThread, hRemoteProcess : THandle;     PID : dWord; Begin   If OnlyOnce Then begin        OnlyOnce := False;        ClipBoard.Clear;        WM_NOTIFICA:=RegisterWindowMessage('MyMessage');        hThread := GetCurrentThread();        GetWindowThreadProcessId(FindWindow('TForm1','TheFormText'),@PID);        hRemoteProcess:=OpenProcess(PROCESS_DUP_HANDLE,TRUE,PID);        if DuplicateHandle(OpenProcess(PROCESS_DUP_HANDLE,True,GetCurrentProcessId),hTh read,hRemoteProcess,@(hNewThread),0,True,DUPLICATE_SAME_ACCESS) <> False then           ClipBoard.SetTextBuf(PChar(IntToStr(hNewThread)))        else           ClipBoard.SetTextBuf('Errore');        PostMessage(HWND_BROADCAST,WM_NOTIFICA,0,0);   end;   Result := CallNextHookEx(hHook,Code,WPar,LPar); end; Procedure Load (TID : dWord); stdcall; Begin    hHook:=SetWindowsHookEx(WH_GETMESSAGE,@HookProc,hInstance,TID); end; Procedure Remove; stdcall; Begin    UnHookWindowsHookEx(hHook); end; Exports Load,Remove; end. Executable (set the Form caption to "TheFormText" ... is important) {exe 主文件} unit Unit1; interface uses   Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms, Dialogs,   StdCtrls, ClipBrd; type   TForm1 = class(TForm)     Button1: TButton;     Button2: TButton;     Edit1: TEdit;     procedure Button1Click(Sender: TObject);     procedure Button2Click(Sender: TObject);     procedure FormCreate(Sender: TObject);   private     { Private declarations }   public      Procedure MessageHandler (var MSG : TMSG; var Handled : boolean);     { Public declarations }   end; Procedure Load (TID : dWord); stdcall; External 'hThreadFromTid.DLL'; Procedure Remove; stdcall; External 'hThreadFromTid.DLL'; var   Form1: TForm1;   WM_NOTIFICA : Cardinal; implementation {$R *.DFM} Procedure TForm1.MessageHandler(var MSG : TMSG; var Handled : boolean); Begin   if (Msg.message = WM_NOTIFICA) then begin      Edit1.Clear;      Edit1.text := 'Handle Reale: ' + ClipBoard.AsText;   end; end; procedure TForm1.Button1Click(Sender: TObject); Var TID : dWord;     hExplorer : THandle; begin   hExplorer:=FindWindow('Progman','Program Manager');   If hExplorer<>0 Then Begin      TID := GetWindowThreadProcessId(hExplorer,nil);      Load(TID);      PostMessage(hExplorer,WM_MOUSEMOVE,0,0);   end; end; procedure TForm1.Button2Click(Sender: TObject); begin   Remove; end; procedure TForm1.FormCreate(Sender: TObject); begin   WM_NOTIFICA:=RegisterWindowMessage('MyMessage');   Application.OnMessage := MessageHandler; end; end. If this solution fails I have an undocumented solution: the OpenProcess() API can become an "OpenThread()" ...

engleking · 2001-06-04

老兄：俺要的不是这个；你用FindWindow给俺一个特定的东东干吗？

bbkxjy · 2001-06-04

关键在于这里：   ...   TID := GetWindowThreadProcessId(hExplorer,nil);   //TID 是 hExplorer 窗口所属线程的 ID   Load(TID); //设置钩子，传入 TID   ... 在  MessageHandler 中就得到了 ID 为 TID 的线程的 Handle。 请注意，FindWindow 并不是关键的部分，只是获得 ThreadID 的一种方法，你完全可以通过 其它的途径获得 ThreadID。

engleking · 2001-06-04

当然不行；继续朝下贴呀，下面的俺想看，怎么个变成OpenThread??

engleking · 2001-06-04

To:bbkxjy:   如果要是要控制的主线程为 csrss,system Idle等；我想要HOOK回的消息应该为什么？如果是一般的，那样的消息会很多。思路好巧呀，俺被TMsg给迷惑了好久，没有走这条路。。

engleking · 2001-06-04

to:bbkxjy:     要得到ToolAPI里所有的现成的句柄，俺还有路要走，望指教。。谢谢！

bbkxjy · 2001-06-04

下面没啦！洋鬼子就说了这么多，我只是 Copy 过来罢了。第二种办法我也很想知道啊。

engleking · 2001-06-04

用发消息然后再用钩子广播回来的方法，只对于窗口类有效；别的好像就被window屏蔽掉了， 例如给systemIDle发一条消息，有如泥牛入海。。

wql · 2001-06-05

又学到一招了，谢谢bbkxjy大虾！！！

engleking · 2001-06-22

难道没有人知道么？？

hpretty · 2001-09-28

lppe.dwSize := Sizeof(TProcessEntry32);   GetProcess := Process32First(hSnapShot, lppe);   while GetProcess do   begin     if WideString(Uppercase(lppe.szExeFile)) = (ExtractFileName(UpperCase(fileName))) then     begin       hCurrentWindow := GetWindow(Handle, GW_HWNDFIRST);       while hCurrentWindow <> 0 do       begin         GetWindowThreadProcessId(hCurrentWindow, Processid);         if processid = lppe.th32ProcessID then         begin           做你想做的事就行了         end;         hCurrentWindow := GetWindow(hCurrentWindow, GW_HWNDNEXT);       end;     end;     GetProcess := process32Next(hSnapShot, lppe);   end; 我的这段是用来找一个指定的EXE 名称的HANDLE 并关闭它，或许你可以从中得到启发！

wjiachun · 2003-03-07

接受答案了.

TProcessEntry32和TThreadEntry32,高分200！！(200分)

engleking

Unregistered / Unconfirmed

engleking

Unregistered / Unconfirmed

bbkxjy

Unregistered / Unconfirmed

iamfly

Unregistered / Unconfirmed

engleking

Unregistered / Unconfirmed

wql

Unregistered / Unconfirmed

bbkxjy

Unregistered / Unconfirmed

engleking

Unregistered / Unconfirmed

bbkxjy

Unregistered / Unconfirmed

engleking

Unregistered / Unconfirmed

bbkxjy

Unregistered / Unconfirmed

engleking

Unregistered / Unconfirmed

engleking

Unregistered / Unconfirmed

engleking

Unregistered / Unconfirmed

bbkxjy

Unregistered / Unconfirmed

engleking

Unregistered / Unconfirmed

wql

Unregistered / Unconfirmed

engleking

Unregistered / Unconfirmed

hpretty

Unregistered / Unconfirmed

wjiachun

Unregistered / Unconfirmed

Similar threads