Windows获取线程起始地址

Posted on 2014-05-22 14:51 codeape 阅读(3200) 评论(0) 编辑收藏举报

typedef enum _THREADINFOCLASS {
    ThreadBasicInformation,
    ThreadTimes,
    ThreadPriority,
    ThreadBasePriority,
    ThreadAffinityMask,
    ThreadImpersonationToken,
    ThreadDescriptorTableEntry,
    ThreadEnableAlignmentFaultFixup,
    ThreadEventPair_Reusable,
    ThreadQuerySetWin32StartAddress,
    ThreadZeroTlsCell,
    ThreadPerformanceCount,
    ThreadAmILastThread,
    ThreadIdealProcessor,
    ThreadPriorityBoost,
    ThreadSetTlsArrayAddress,
    ThreadIsIoPending,
    ThreadHideFromDebugger,
    ThreadBreakOnTermination,
    MaxThreadInfoClass
} THREADINFOCLASS;

typedef LONG (WINAPI *NtQueryInformationThreadProc)(
    _In_       HANDLE ThreadHandle,
    _In_       THREADINFOCLASS ThreadInformationClass,
    _Inout_    PVOID ThreadInformation,
    _In_       ULONG ThreadInformationLength,
    _Out_opt_  PULONG ReturnLength
    );

NtQueryInformationThreadProc   NtQueryInformationThread = NULL;
hNtdll                      = GetModuleHandleW(L"ntdll.dll");
NtQueryInformationThread    = (NtQueryInformationThreadProc)GetProcAddress(hNtdll, "NtQueryInformationThread");

HANDLE  hThread = NULL;
PVOID   pvStart = NULL;
hThread = OpenThread(THREAD_QUERY_INFORMATION | THREAD_TERMINATE, FALSE, te32.th32ThreadID);
NtQueryInformationThread(hThread, ThreadQuerySetWin32StartAddress, &pvStart, sizeof(pvStart), NULL);

会员力量，点亮园子希望

刷新页面返回顶部

memset

导航

公告

Windows获取线程起始地址