示例#1
0
        // 获取进程线程列表
        private void GetProcessThreads()
        {
            string[] str = Regex.Split(ProcessBox.Text, "--");
            int      pid = int.Parse(str[1].Trim());
            Process  pr  = Process.GetProcessById(pid);

            label3.Text = pr.Threads.Count + "";

            //获取线程模块
            CSTools.EnableDebugPrivilege(true);
            ProcessModuleCollection pm = pr.Modules;

            for (int i = 0; i < pr.Threads.Count; i++)
            {
                CSTools.EnableDebugPrivilege(true);
                IntPtr handle = CSTools.OpenThread(CSTools.ThreadAccess.PROCESS_ALL_ACCESS, false, pr.Threads[i].Id);
                CSTools.EnableDebugPrivilege(true);
                int    addr = 0;
                int    res  = CSTools.NtQueryInformationThread(handle, CSTools.ThreadInfoClass.ThreadQuerySetWin32StartAddress, out addr, sizeof(int), 0);
                string name = "";
                for (int j = 0; j < pr.Modules.Count; j++)
                {
                    if (addr >= pr.Modules[j].BaseAddress.ToInt32() && addr <= (pr.Modules[j].BaseAddress.ToInt32() + pr.Modules[j].ModuleMemorySize))
                    {
                        name = pr.Modules[j].ModuleName.PadRight(40, ' ');
                    }
                }

                var    thread = pr.Threads[i];
                string status = CSTools.GetThreadStatus(thread);
                string reason = "";
                if (thread.ThreadState == ThreadState.Wait)
                {
                    reason = CSTools.GetThreadWaitReason(thread);
                }
                ListViewItem li = new ListViewItem();
                li.Text = pr.Threads[i].Id.ToString().PadLeft(4, '0').PadRight(2, ' ');
                li.SubItems.Add(pr.Threads[i].BasePriority.ToString().PadLeft(2, '0').PadRight(1, ' '));
                li.SubItems.Add("0x" + addr.ToString("X8"));
                li.SubItems.Add(name);
                li.SubItems.Add(status.PadLeft(4, ' '));
                li.SubItems.Add(reason);

                if (thread.WaitReason == ThreadWaitReason.Suspended)
                {
                    li.ForeColor = Color.Red;
                }

                ThreadInfo.Items.Add(li);
                CSTools.CloseHandle(handle);
            }
        }
示例#2
0
        private void ThreadInfo_MouseClick(object sender, MouseEventArgs e)
        {
            if (e.Button == MouseButtons.Right && this.ThreadInfo.SelectedItems.Count > 0)
            {
                string[] str = Regex.Split(ProcessBox.Text, "--");
                int      pid = int.Parse(str[1].Trim());
                Process  pr  = Process.GetProcessById(pid);

                this.ThreadInfo.ContextMenuStrip = this.ThreadOpt;
                ListViewItem li  = this.ThreadInfo.SelectedItems[0];
                int          tid = int.Parse(li.Text);


                //获取线程模块
                CSTools.EnableDebugPrivilege(true);

                for (int i = 0; i < pr.Threads.Count; i++)
                {
                    if (tid == pr.Threads[i].Id)
                    {
                        //MessageBox.Show(pr.Threads[i].WaitReason.ToString());
                        switch (pr.Threads[i].WaitReason)
                        {
                        case ThreadWaitReason.EventPairLow:
                        case ThreadWaitReason.EventPairHigh:
                        case ThreadWaitReason.UserRequest:
                        case ThreadWaitReason.ExecutionDelay:
                        case ThreadWaitReason.Executive:
                        case ThreadWaitReason.FreePage:
                            this.ThreadOpt.Items[1].Enabled = true;
                            this.ThreadOpt.Items[2].Enabled = false;
                            break;

                        case ThreadWaitReason.Suspended:
                            this.ThreadOpt.Items[1].Enabled = false;
                            this.ThreadOpt.Items[2].Enabled = true;
                            break;

                        default:
                            this.ThreadOpt.Items[2].Enabled = false;
                            break;
                        }
                    }
                }
            }
            else
            {
                this.ThreadInfo.ContextMenuStrip = null;
            }
        }
示例#3
0
        private bool resuThread(ListViewItem item)
        {
            var tid       = int.Parse(item.Text);
            var handle    = CSTools.OpenThread(CSTools.ThreadAccess.PROCESS_ALL_ACCESS, false, tid);
            var resumeRes = CSTools.ResumeThread(handle);
            var closeFlag = CSTools.CloseHandle(handle);

            if (closeFlag)
            {
                Console.WriteLine("关闭线程句柄成功");
            }
            if (resumeRes == 1)
            {
                return(true);
            }

            return(false);
        }
示例#4
0
        private void GetProcessModules()
        {
            string[] str = Regex.Split(ProcessBox.Text, "--");
            int      pid = int.Parse(str[1].Trim());
            Process  pr  = Process.GetProcessById(pid);

            label5.Text = pr.Modules.Count + "";

            //获取线程模块
            CSTools.EnableDebugPrivilege(true);
            ProcessModuleCollection pm = pr.Modules;

            for (int i = 0; i < pm.Count; i++)
            {
                ListViewItem li = new ListViewItem();
                li.Text = pm[i].ModuleName.PadRight(35, ' ');
                li.SubItems.Add("0x" + pm[i].BaseAddress.ToString("X8"));
                li.SubItems.Add("0x" + pm[i].EntryPointAddress.ToString("X8"));
                li.SubItems.Add("0x" + pm[i].ModuleMemorySize.ToString("X8"));
                li.SubItems.Add(pm[i].FileVersionInfo.CompanyName == null ? " ":pm[i].FileVersionInfo.CompanyName.PadRight(21, ' '));
                li.SubItems.Add(pm[i].FileName);
                ModuleInfo.Items.Add(li);
            }
        }