private void ThreadOpt_ItemClicked(object sender, ToolStripItemClickedEventArgs e)
{
ListViewItem li = this.ThreadInfo.SelectedItems[0];
int tid = int.Parse(li.Text);
IntPtr handle = CSTools.OpenThread(CSTools.ThreadAccess.THREAD_ALL_ACCESS, false, tid);
switch (e.ClickedItem.Text)
{
case "结束线程":
CSTools.TerminateThread(handle, 0);
this.ThreadInfo.Items.Remove(li);
this.label3.Text = int.Parse(this.label3.Text) - 1 + "";
break;
case "挂起线程":
CSTools.SuspendThread(handle);
li.ForeColor = Color.Red;
break;
case "恢复线程":
CSTools.ResumeThread(handle);
li.ForeColor = Color.Black;
break;
}
CSTools.CloseHandle(handle);
}
private void GetProcessThreads()
{
string[] str = Regex.Split(ProcessBox.Text, "--");
int pid = int.Parse(str[1].Trim());
Process pr = Process.GetProcessById(pid);
label3.Text = pr.Threads.Count + "";
//获取线程模块
CSTools.EnableDebugPrivilege(true);
ProcessModuleCollection pm = pr.Modules;
for (int i = 0; i < pr.Threads.Count; i++)
{
CSTools.EnableDebugPrivilege(true);
IntPtr handle = CSTools.OpenThread(CSTools.ThreadAccess.THREAD_ALL_ACCESS, false, pr.Threads[i].Id);
CSTools.EnableDebugPrivilege(true);
int addr = 0;
CSTools.NtQueryInformationThread(handle, CSTools.ThreadInfoClass.ThreadQuerySetWin32StartAddress, out addr, sizeof(int), 0);
string name = "";
for (int j = 0; j < pr.Modules.Count; j++)
{
if (addr >= pr.Modules[j].BaseAddress.ToInt32() && addr <= (pr.Modules[j].BaseAddress.ToInt32() + pr.Modules[j].ModuleMemorySize))
{
name = pr.Modules[j].ModuleName.PadRight(40, ' ');
}
}
string status = CSTools.GetThreadStatus(pr.Threads[i]);
ListViewItem li = new ListViewItem();
li.Text = pr.Threads[i].Id.ToString().PadLeft(4, '0').PadRight(2, ' ');
li.SubItems.Add(pr.Threads[i].BasePriority.ToString().PadLeft(2, '0').PadRight(1, ' '));
li.SubItems.Add("0x" + addr.ToString("X8"));
li.SubItems.Add(name);
li.SubItems.Add(status.PadLeft(4, ' '));
ThreadInfo.Items.Add(li);
CSTools.CloseHandle(handle);
}
}