// 获取进程线程列表 private void GetProcessThreads() { string[] str = Regex.Split(ProcessBox.Text, "--"); int pid = int.Parse(str[1].Trim()); Process pr = Process.GetProcessById(pid); label3.Text = pr.Threads.Count + ""; //获取线程模块 CSTools.EnableDebugPrivilege(true); ProcessModuleCollection pm = pr.Modules; for (int i = 0; i < pr.Threads.Count; i++) { CSTools.EnableDebugPrivilege(true); IntPtr handle = CSTools.OpenThread(CSTools.ThreadAccess.PROCESS_ALL_ACCESS, false, pr.Threads[i].Id); CSTools.EnableDebugPrivilege(true); int addr = 0; int res = CSTools.NtQueryInformationThread(handle, CSTools.ThreadInfoClass.ThreadQuerySetWin32StartAddress, out addr, sizeof(int), 0); string name = ""; for (int j = 0; j < pr.Modules.Count; j++) { if (addr >= pr.Modules[j].BaseAddress.ToInt32() && addr <= (pr.Modules[j].BaseAddress.ToInt32() + pr.Modules[j].ModuleMemorySize)) { name = pr.Modules[j].ModuleName.PadRight(40, ' '); } } var thread = pr.Threads[i]; string status = CSTools.GetThreadStatus(thread); string reason = ""; if (thread.ThreadState == ThreadState.Wait) { reason = CSTools.GetThreadWaitReason(thread); } ListViewItem li = new ListViewItem(); li.Text = pr.Threads[i].Id.ToString().PadLeft(4, '0').PadRight(2, ' '); li.SubItems.Add(pr.Threads[i].BasePriority.ToString().PadLeft(2, '0').PadRight(1, ' ')); li.SubItems.Add("0x" + addr.ToString("X8")); li.SubItems.Add(name); li.SubItems.Add(status.PadLeft(4, ' ')); li.SubItems.Add(reason); if (thread.WaitReason == ThreadWaitReason.Suspended) { li.ForeColor = Color.Red; } ThreadInfo.Items.Add(li); CSTools.CloseHandle(handle); } }
private void ThreadInfo_MouseClick(object sender, MouseEventArgs e) { if (e.Button == MouseButtons.Right && this.ThreadInfo.SelectedItems.Count > 0) { string[] str = Regex.Split(ProcessBox.Text, "--"); int pid = int.Parse(str[1].Trim()); Process pr = Process.GetProcessById(pid); this.ThreadInfo.ContextMenuStrip = this.ThreadOpt; ListViewItem li = this.ThreadInfo.SelectedItems[0]; int tid = int.Parse(li.Text); //获取线程模块 CSTools.EnableDebugPrivilege(true); for (int i = 0; i < pr.Threads.Count; i++) { if (tid == pr.Threads[i].Id) { //MessageBox.Show(pr.Threads[i].WaitReason.ToString()); switch (pr.Threads[i].WaitReason) { case ThreadWaitReason.EventPairLow: case ThreadWaitReason.EventPairHigh: case ThreadWaitReason.UserRequest: case ThreadWaitReason.ExecutionDelay: case ThreadWaitReason.Executive: case ThreadWaitReason.FreePage: this.ThreadOpt.Items[1].Enabled = true; this.ThreadOpt.Items[2].Enabled = false; break; case ThreadWaitReason.Suspended: this.ThreadOpt.Items[1].Enabled = false; this.ThreadOpt.Items[2].Enabled = true; break; default: this.ThreadOpt.Items[2].Enabled = false; break; } } } } else { this.ThreadInfo.ContextMenuStrip = null; } }
private bool resuThread(ListViewItem item) { var tid = int.Parse(item.Text); var handle = CSTools.OpenThread(CSTools.ThreadAccess.PROCESS_ALL_ACCESS, false, tid); var resumeRes = CSTools.ResumeThread(handle); var closeFlag = CSTools.CloseHandle(handle); if (closeFlag) { Console.WriteLine("关闭线程句柄成功"); } if (resumeRes == 1) { return(true); } return(false); }
private void GetProcessModules() { string[] str = Regex.Split(ProcessBox.Text, "--"); int pid = int.Parse(str[1].Trim()); Process pr = Process.GetProcessById(pid); label5.Text = pr.Modules.Count + ""; //获取线程模块 CSTools.EnableDebugPrivilege(true); ProcessModuleCollection pm = pr.Modules; for (int i = 0; i < pm.Count; i++) { ListViewItem li = new ListViewItem(); li.Text = pm[i].ModuleName.PadRight(35, ' '); li.SubItems.Add("0x" + pm[i].BaseAddress.ToString("X8")); li.SubItems.Add("0x" + pm[i].EntryPointAddress.ToString("X8")); li.SubItems.Add("0x" + pm[i].ModuleMemorySize.ToString("X8")); li.SubItems.Add(pm[i].FileVersionInfo.CompanyName == null ? " ":pm[i].FileVersionInfo.CompanyName.PadRight(21, ' ')); li.SubItems.Add(pm[i].FileName); ModuleInfo.Items.Add(li); } }