/// <summary>
/// Byte arr to struct arr version 4 字节数组转换成结构体,用于通讯信息转换
/// </summary>
/// <param name="arr"></param>
/// <param name="desArrNum"></param>
/// <param name="desArr"></param>
static internal void fromBytes(byte[] arr, int desArrNum, ref THREADINFO[] desArr)
{
THREADINFO[] _struct = new THREADINFO[desArrNum];
int size = Marshal.SizeOf(typeof(THREADINFO)) * desArrNum;
IntPtr ptr = Marshal.AllocHGlobal(size);
for (int i = 0; i < desArrNum; i++)
{
Marshal.Copy(arr, i * Marshal.SizeOf(typeof(THREADINFO)), ptr, Marshal.SizeOf(typeof(THREADINFO)));
_struct[i] = (THREADINFO)Marshal.PtrToStructure(ptr, _struct[i].GetType());
}
// 需要释放临时非托管区内存
Marshal.FreeHGlobal(ptr);
desArr = _struct;
}
/// <summary>
/// 枚举线程
/// </summary>
static public void EnumThreads()
{
// 定义用于与驱动通信的变量
byte[] IoReturnBuffer = new byte[Marshal.SizeOf(typeof(THREADINFO)) * ThreadNum];
uint BytesReturned = new uint();
System.Threading.NativeOverlapped lpOverlapped = new System.Threading.NativeOverlapped();
// 获取当前选中的进程的pid
uint pid;
uint.TryParse(MainForm.main.ListView_Process.SelectedItems[0].SubItems[1].Text, out pid);
// R0层获取进程的模块信息
bool bRet = DriverManager.IoControl(DriverManager.hDrv, (uint)IOCTL_CODE.GetProcessThreads, pid, sizeof(uint), IoReturnBuffer,
(uint)Marshal.SizeOf(typeof(THREADINFO)) * ThreadNum, ref BytesReturned, ref lpOverlapped);
// 将驱动传过来的字节流转换成进程模块信息结构体
THREADINFO[] _threadArr = new THREADINFO[ThreadNum];
fromBytes(IoReturnBuffer, (int)ThreadNum, ref _threadArr);
// 如果进程列表框占满tab容器
MainForm.main.ListView_ProcessOther.Visible = true;
if (MainForm.isProListViewDock)
{
MainForm.main.ListView_Process.Height = MainForm.main.ListView_Process.Height - MainForm.main.ListView_ProcessOther.Height;
MainForm.isProListViewDock = false;
}
// 枚举线程不需要用到图标
MainForm.main.ListView_ProcessOther.SmallImageList = null;
// 设置mProcOtherListView的表头
MainForm.main.ListView_ProcessOther.Columns.Clear();
MainForm.main.ListView_ProcessOther.Columns.Add("", 0, HorizontalAlignment.Left);
MainForm.main.ListView_ProcessOther.Columns.Add("EThread", 50, HorizontalAlignment.Left);
MainForm.main.ListView_ProcessOther.Columns.Add("Tid", 50, HorizontalAlignment.Left);
MainForm.main.ListView_ProcessOther.Columns.Add("Priority", 50, HorizontalAlignment.Left);
MainForm.main.ListView_ProcessOther.Columns.Add("Teb", 50, HorizontalAlignment.Left);
MainForm.main.ListView_ProcessOther.Columns.Add("Entry", 50, HorizontalAlignment.Left);
MainForm.main.ListView_ProcessOther.Columns.Add("Switch", 50, HorizontalAlignment.Left);
MainForm.main.ListView_ProcessOther.Columns.Add("State", 50, HorizontalAlignment.Left);
// 定位到指定的右键菜单
MainForm.main.ListView_ProcessOther.ContextMenuStrip = MainForm.main.contextMenuStrip_procThreadList;
// 将数据插入到mProcOtherListView中
MainForm.main.ListView_ProcessOther.BeginUpdate();
MainForm.main.ListView_ProcessOther.Items.Clear();
foreach (THREADINFO arr in _threadArr)
{
if (!arr.EThread.Equals(0))
{
ListViewItem lvi = new ListViewItem();
lvi.SubItems.Add("0x" + arr.EThread.ToString("X16"));
lvi.SubItems.Add(arr.Tid.ToString());
lvi.SubItems.Add(arr.Priority.ToString());
lvi.SubItems.Add("0x" + arr.Teb.ToString("X16"));
lvi.SubItems.Add("0x" + arr.Entry.ToString("X16"));
lvi.SubItems.Add(arr.Switch.ToString());
lvi.SubItems.Add(Encoding.ASCII.GetString(arr.State));
MainForm.main.ListView_ProcessOther.Items.Add(lvi);
}
else
{
break;
}
}
MainForm.main.ListView_ProcessOther.AutoResizeColumns(ColumnHeaderAutoResizeStyle.HeaderSize);
MainForm.main.ListView_ProcessOther.EndUpdate();
}
