我正在用C开发一个小型Windows进程资源管理器,我有一个线程句柄。
如何获取该线程的起始地址?像这样的东西:
最佳答案
几天前已经问过这样的问题。这是一个示例解决方案:
DWORD WINAPI GetThreadStartAddress(HANDLE hThread)
{
NTSTATUS ntStatus;
HANDLE hDupHandle;
DWORD dwStartAddress;
pNtQIT NtQueryInformationThread = (pNtQIT)GetProcAddress(GetModuleHandle("ntdll.dll"), "NtQueryInformationThread");
if(NtQueryInformationThread == NULL)
return 0;
HANDLE hCurrentProcess = GetCurrentProcess();
if(!DuplicateHandle(hCurrentProcess, hThread, hCurrentProcess, &hDupHandle, THREAD_QUERY_INFORMATION, FALSE, 0)){
SetLastError(ERROR_ACCESS_DENIED);
return 0;
}
ntStatus = NtQueryInformationThread(hDupHandle, ThreadQuerySetWin32StartAddress, &dwStartAddress, sizeof(DWORD), NULL);
CloseHandle(hDupHandle);
if(ntStatus != STATUS_SUCCESS)
return 0;
return dwStartAddress;
}
资料来源:http://forum.sysinternals.com/how-to-get-the-start-address-and-modu_topic5127_post18072.html#18072
您可能必须包括此文件:http://pastebin.com/ieEqR0eL
相关问题:How to add ntdll.dll to project libraries with LoadLibrary() and GetProcAddress() functions?