Results 1 to 7 of 7

Thread: Getting hold of handles and/or ID:s for threads of running processes

  1. #1
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,204
    Blog Entries
    5

    Getting hold of handles and/or ID:s for threads of running processes

    Does anyone know if it's really not possible to get hold of an ID or handle to an arbitrary thread in a running process by way of "normal" win32 API commands (i.e. without using the ToolHelp or PSAPI libraries)?

    When you create a process with CreateProcess, you are handed 4 numbers, the ID and handle of the process itself and the ID and handle of the main thread of the process, but when you attach to a running process with OpenProcess, you only get the ID and handle of the process itself, no thread info (which is of course quite understandable, since no thread can be considered "more main" than another in a process once it is running).

    But the problem is that I cannot find any combination of "normal" win32 API commands for enumerating threads of a running process or in any other way getting hold of an arbitrary thread of a running process.

    So, does anybody know for sure if this is impossible or not?

    I don't really have high hopes about it after looking around on the net, but it seems like such a missing piece of the native debug API to me, that's all.

    Thanks.
    dELTA
    Last edited by dELTA; March 15th, 2003 at 13:13.

  2. #2
    <script>alert(0)</script> disavowed's Avatar
    Join Date
    Apr 2002
    Posts
    1,281
    why not disassemble the toolhelp functions and see what api they use?

  3. #3
    foxthree
    Guest

    Why?

    Why do you want to avoid ToolHelp32 APIs?CreateToolhelp32Snapshot works admirably... Also, to get hold of a thread in arbitrary process... use OpenThread() API.

    ... trivial unless I'm missing something here...

    Signed,
    -- FoxThree
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,204
    Blog Entries
    5
    The OpenThread API does not work on Windows 9x (ok, it works on ME, but who cares).

    The ToolHelp functions only work on Windows 9x.

    Disassembling the ToolHelp functions, I'm sure its code would boild down to parsing some 9x-dependent undocumented system structures.


    The reason I wanted to do it with the "genuine" Win32API was to make it platform independent, which none of the above is.

    Thanks for the tips anyway guys! Sadly, I've already considered and rejected them all before though.

    dELTA

  5. #5
    <script>alert(0)</script> disavowed's Avatar
    Join Date
    Apr 2002
    Posts
    1,281
    so what if you can't figure out the structures? find what api functions are being called, and the work from there.

  6. #6
    : Code Injector : nikolatesla20's Avatar
    Join Date
    Apr 2002
    Location
    :ether:
    Posts
    815
    Toolhelp is included in Win9X, Win2K and above. SO unless you plan on developing for NT4 (which is a waste of time) you can use the toolhelp functions just fine.

    As a guess, Toolhelp no doubt calls NtQuerySystemInformation for what it wants.


    -nt20

  7. #7
    foxthree
    Guest

    EliCZ...

    You should checkout the latest proggie from none other than our friend EliCZ... EliRT ...

    You would be amazed how this guy does all this

    Signed,
    -- FoxThree
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Replies: 0
    Last Post: July 18th, 2009, 21:21
  2. How does this cdrom driver hold the read data before return?
    By kcynice in forum Advanced Reversing and Programming
    Replies: 13
    Last Post: October 21st, 2008, 21:42
  3. The handles button...
    By y0verflow in forum OllyDbg Support Forums
    Replies: 5
    Last Post: April 10th, 2008, 19:28
  4. Window handles
    By Quell in forum Tools of Our Trade (TOT) Messageboard
    Replies: 2
    Last Post: December 26th, 2004, 12:17
  5. NtQuerySystemInformation and open handles
    By omega_red in forum Advanced Reversing and Programming
    Replies: 10
    Last Post: September 5th, 2004, 09:43

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •