// 获取进程线程列表
private void GetProcessThreads()
{
string[] str = Regex.Split(ProcessBox.Text, "--");
int pid = int.Parse(str[1].Trim());
Process pr = Process.GetProcessById(pid);
label3.Text = pr.Threads.Count + "";
//获取线程模块
CSTools.EnableDebugPrivilege(true);
ProcessModuleCollection pm = pr.Modules;
for (int i = 0; i < pr.Threads.Count; i++)
{
CSTools.EnableDebugPrivilege(true);
IntPtr handle = CSTools.OpenThread(CSTools.ThreadAccess.PROCESS_ALL_ACCESS, false, pr.Threads[i].Id);
CSTools.EnableDebugPrivilege(true);
int addr = 0;
int res = CSTools.NtQueryInformationThread(handle, CSTools.ThreadInfoClass.ThreadQuerySetWin32StartAddress, out addr, sizeof(int), 0);
string name = "";
for (int j = 0; j < pr.Modules.Count; j++)
{
if (addr >= pr.Modules[j].BaseAddress.ToInt32() && addr <= (pr.Modules[j].BaseAddress.ToInt32() + pr.Modules[j].ModuleMemorySize))
{
name = pr.Modules[j].ModuleName.PadRight(40, ' ');
}
}
var thread = pr.Threads[i];
string status = CSTools.GetThreadStatus(thread);
string reason = "";
if (thread.ThreadState == ThreadState.Wait)
{
reason = CSTools.GetThreadWaitReason(thread);
}
ListViewItem li = new ListViewItem();
li.Text = pr.Threads[i].Id.ToString().PadLeft(4, '0').PadRight(2, ' ');
li.SubItems.Add(pr.Threads[i].BasePriority.ToString().PadLeft(2, '0').PadRight(1, ' '));
li.SubItems.Add("0x" + addr.ToString("X8"));
li.SubItems.Add(name);
li.SubItems.Add(status.PadLeft(4, ' '));
li.SubItems.Add(reason);
if (thread.WaitReason == ThreadWaitReason.Suspended)
{
li.ForeColor = Color.Red;
}
ThreadInfo.Items.Add(li);
CSTools.CloseHandle(handle);
}
}
private bool resuThread(ListViewItem item)
{
var tid = int.Parse(item.Text);
var handle = CSTools.OpenThread(CSTools.ThreadAccess.PROCESS_ALL_ACCESS, false, tid);
var resumeRes = CSTools.ResumeThread(handle);
var closeFlag = CSTools.CloseHandle(handle);
if (closeFlag)
{
Console.WriteLine("关闭线程句柄成功");
}
if (resumeRes == 1)
{
return(true);
}
return(false);
}