| |

VerySource

 Forgot password?
 Register
Search
View: 942|Reply: 4

How to get the start address of a thread of other processes in the system? ?

[Copy link]

1

Threads

1

Posts

2.00

Credits

Newbie

Rank: 1

Credits
2.00

 China

Post time: 2020-1-2 16:10:01
| Show all posts |Read mode
rtrtrt
Reply

Use magic Report

0

Threads

30

Posts

22.00

Credits

Newbie

Rank: 1

Credits
22.00

 United States

Post time: 2020-1-2 22:24:01
| Show all posts
First use EnumProcesses or CreateToolHelp32SnapShot to enumerate the desired thread id
Then use AdjustPrivillege to adjust access to this thread id, at least including THREAD_GET_CONTEXT
OpenThread returns a thread handle
Then use OpenThreadContext to get the thread context CONTEXT
The EiP (instruction register) value in CONTEXT is the thread start address.
Reply

Use magic Report

0

Threads

24

Posts

19.00

Credits

Newbie

Rank: 1

Credits
19.00

 China

Post time: 2020-1-2 22:39:01
| Show all posts
startAddress, has such a performance counter, which can be done with PSAPI.
Reply

Use magic Report

0

Threads

1

Posts

2.00

Credits

Newbie

Rank: 1

Credits
2.00

 Japan

Post time: 2020-8-18 13:15:01
| Show all posts
PSAPI seems to be in trouble
Reply

Use magic Report

0

Threads

2

Posts

3.00

Credits

Newbie

Rank: 1

Credits
3.00

 China

Post time: 2020-8-18 13:45:01
| Show all posts
Use ZwQueryInformationThread
Reply

Use magic Report

You have to log in before you can reply Login | Register

Points Rules

Contact us|Archive|Mobile|CopyRight © 2008-2023|verysource.com ( 京ICP备17048824号-1 )

Quick Reply To Top Return to the list