private void inspectTEBMenuItem_Click(object sender, EventArgs e)
{
if (!Program.Structs.ContainsKey("TEB"))
{
PhUtils.ShowError("The struct 'TEB' has not been loaded. Make sure structs.txt was loaded successfully.");
return;
}
try
{
using (ThreadHandle thandle = new ThreadHandle(int.Parse(listThreads.SelectedItems[0].Text)))
{
IntPtr tebBaseAddress = thandle.GetBasicInformation().TebBaseAddress;
Program.HackerWindow.BeginInvoke(new MethodInvoker(delegate
{
StructWindow sw = new StructWindow(_pid, tebBaseAddress, Program.Structs["TEB"]);
try
{
sw.Show();
sw.Activate();
}
catch (Exception ex)
{
Logging.Log(ex);
}
}));
}
}
catch (Exception ex)
{
PhUtils.ShowException("Unable to inspect the TEB of the thread", ex);
}
}
private void listThreads_SelectedIndexChanged(object sender, System.EventArgs e)
{
if (listThreads.SelectedItems.Count == 1)
{
try
{
int tid = int.Parse(listThreads.SelectedItems[0].Name);
var thread = Windows.GetProcessThreads(_pid)[tid];
ProcessThread processThread = null;
try
{
processThread = Utils.GetThreadFromId(Process.GetProcessById(_pid), tid);
}
catch
{ }
fileModule.Text = _provider.Dictionary[tid].FileName;
fileModule.Enabled = !string.IsNullOrEmpty(fileModule.Text);
if (processThread != null)
{
try
{
if (processThread.ThreadState == ThreadState.Wait)
{
labelState.Text = "Wait: " + thread.WaitReason.ToString();
}
else
{
labelState.Text = processThread.ThreadState.ToString();
}
labelKernelTime.Text = Utils.FormatTimeSpan(processThread.PrivilegedProcessorTime);
labelUserTime.Text = Utils.FormatTimeSpan(processThread.UserProcessorTime);
labelTotalTime.Text = Utils.FormatTimeSpan(processThread.TotalProcessorTime);
}
catch
{
labelState.Text = thread.WaitReason.ToString();
}
}
labelPriority.Text = thread.Priority.ToString();
labelBasePriority.Text = thread.BasePriority.ToString();
labelContextSwitches.Text = thread.ContextSwitchCount.ToString("N0");
using (ThreadHandle thandle = new ThreadHandle(tid, ThreadAccess.QueryInformation))
labelTEBAddress.Text = Utils.FormatAddress(thandle.GetBasicInformation().TebBaseAddress);
}
catch
{ }
}
else
{
fileModule.Text = "";
fileModule.Enabled = false;
labelState.Text = "";
labelKernelTime.Text = "";
labelUserTime.Text = "";
labelTotalTime.Text = "";
labelTEBAddress.Text = "";
labelPriority.Text = "";
labelBasePriority.Text = "";
labelContextSwitches.Text = "";
}
if (this.SelectedIndexChanged != null)
this.SelectedIndexChanged(sender, e);
}