本文介绍了如何在windows中检索线程的起始地址?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在用 C 语言开发一个迷你 Windows 进程资源管理器,我有一个线程的句柄.
如何检索该线程的起始地址?像这样:
I'm working on a mini windows process explorer in C, I have a handle to a thread.
How can I retrieve starting address of that thread? Something like this:
推荐答案
这样的问题几天前已经有人问过了.这是一个示例解决方案:
Such question was already asked a few days ago. Here is a sample solution:
DWORD WINAPI GetThreadStartAddress(HANDLE hThread)
{
NTSTATUS ntStatus;
HANDLE hDupHandle;
DWORD dwStartAddress;
pNtQIT NtQueryInformationThread = (pNtQIT)GetProcAddress(GetModuleHandle("ntdll.dll"), "NtQueryInformationThread");
if(NtQueryInformationThread == NULL)
return 0;
HANDLE hCurrentProcess = GetCurrentProcess();
if(!DuplicateHandle(hCurrentProcess, hThread, hCurrentProcess, &hDupHandle, THREAD_QUERY_INFORMATION, FALSE, 0)){
SetLastError(ERROR_ACCESS_DENIED);
return 0;
}
ntStatus = NtQueryInformationThread(hDupHandle, ThreadQuerySetWin32StartAddress, &dwStartAddress, sizeof(DWORD), NULL);
CloseHandle(hDupHandle);
if(ntStatus != STATUS_SUCCESS)
return 0;
return dwStartAddress;
}
来源:http:///forum.sysinternals.com/how-to-get-the-start-address-and-modu_topic5127_post18072.html#18072
您可能需要包含此文件:http://pastebin.com/ieEqR0eL
You might have to include this file: http://pastebin.com/ieEqR0eL
相关问题:如何使用 LoadLibrary() 和 GetProcAddress() 函数将 ntdll.dll 添加到项目库中?
这篇关于如何在windows中检索线程的起始地址?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!