Page 1 of 1

Description or get StartAddress thread in process

Posted: Sun Apr 24, 2011 3:58 pm
by wederfs
Hello,

Forgive me for my english, I used google translator, but need help if anyone can help me.

But I come to ask you a help, because my knowledge is limited
and turn to the knowledge of you.

The situation is this, some must know a program called
Process Hacker made a process manager in C. he has an option
interesting in that when you double-click a process listed
Messenger Explorer instance or ... he brings various information including
Threads linked to the process. He has PDD, Delta Cycles, Start
Address Priority. Well I tried to do something similar in Delphi, but only
I get the TID and Priority ... I can not put the info Start
Address as follows: "msiltcfg.dll! 0x258" or can only return
00630EFA.

The Application Process Hacker brings the information in the image below:

Image



How to solve this? based on the example code below. If someone
can help me I thank you.
( weder.fs@gmail.com )

procedure TForm1.Button7Click (Sender: TObject);
var
tbi: THREAD_BASIC_INFORMATION;
hThreadSnap, Process, hThread, ThreadInfo: THandle;
te32: tagTHREADENTRY32;
me32: MODULEENTRY32;
th32: THREADENTRY32;
dwPID: DWORD;

startaddr: Pointer;
Status: LongInt;
Error: DWORD;
modname: String;
hToken: DWORD;
TKP: TOKEN_PRIVILEGES;
otkp: TOKEN_PRIVILEGES;
dwLen: dword;


begin
hThreadSnap: = CreateToolhelp32Snapshot (TH32CS_SNAPTHREAD, 0);
= INVALID_HANDLE_VALUE then if hThreadSnap
Exit;
try
dwPID: = GetProcessID (Trim (Edit1.Text));

te32.dwSize: = SizeOf (THREADENTRY32);

me32.dwSize: = SizeOf (MODULEENTRY32);

ListBox1.Items.Clear;
ListBox2.Items.Clear;

if not Thread32First (hThreadSnap, te32) then
Exit;
repeat
then if te32.th32OwnerProcessID = dwPID
begin
hThread: = OpenThread (THREAD_ALL_ACCESS,
False, te32.th32ThreadID);
status: = ZwQueryInformationThread (hThread,
9, { ThreadQuerySetWin32StartAddress, }
@ Startaddr,
SizeOf (startaddr)
@ DwLen);

listbox1.Items.AddObject (Format ('StartAddress:% p'
[Startaddr]) + 'ID:' + IntToStr (te32.th32ThreadID), TObject (hThread));
if hThread <> 0 then
CloseHandle (hThread);
end;
Until not Thread32Next (hThreadSnap, te32);
finally
CloseHandle (hThreadSnap);
end;
end;

Re: Description or get StartAddress thread in process

Posted: Tue Apr 26, 2011 7:17 am
by madshi
For the "delta cycles" you could look at GetThreadTimes, or maybe at performance counters. For the start address stuff, enumerate the modules (exe+dlls) of the target process, find the module in which the start address is located, then substract the base address of the module from the start address.