获取某个进程的所有线程ID和入口地址

因为有个要定位线程头部特征的需要（有些游戏调试器一附加就立马死掉，多半是有个线程在搞鬼，杀掉这个线程就可以正常附加调试了），首先要找到线程入口地址，在网上找了下，发现在获取64位程序的线程信息时，入口地址是错的（64位的地址溢出了），稍稍改动了一下（要编译为64位）

#include <windows.h>
#include <tlhelp32.h>
#include "iostream"
using namespace std;

typedef LONG NTSTATUS;
typedef NTSTATUS(WINAPI* NTQUERYINFORMATIONTHREAD)(
    HANDLE ThreadHandle,
    ULONG ThreadInformationClass,
    PVOID ThreadInformation,
    ULONG ThreadInformationLength,
    PULONG ReturnLength);
typedef enum _THREADINFOCLASS
{
    ThreadBasicInformation,
    ThreadTimes,
    ThreadPriority,
    ThreadBasePriority,
    ThreadAffinityMask,
    ThreadImpersonationToken,
    ThreadDescriptorTableEntry,
    ThreadEnableAlignmentFaultFixup,
    ThreadEventPair_Reusable,
    ThreadQuerySetWin32StartAddress,
    ThreadZeroTlsCell,
    ThreadPerformanceCount,
    ThreadAmILastThread,
    ThreadIdealProcessor,
    ThreadPriorityBoost,
    ThreadSetTlsArrayAddress,   // Obsolete
    ThreadIsIoPending,
    ThreadHideFromDebugger,
    ThreadBreakOnTermination,
    ThreadSwitchLegacyState,
    ThreadIsTerminated,
    ThreadLastSystemCall,
    ThreadIoPriority,
    ThreadCycleTime,
    ThreadPagePriority,
    ThreadActualBasePriority,
    ThreadTebInformation,
    ThreadCSwitchMon,          // Obsolete
    ThreadCSwitchPmu,
    ThreadWow64Context,
    ThreadGroupInformation,
    ThreadUmsInformation,      // UMS
    ThreadCounterProfiling,
    ThreadIdealProcessorEx,
    MaxThreadInfoClass
} THREADINFOCLASS;

void GetProcessThreadInfo(DWORD PID)
{
    UINT64 起始地址 = NULL;
    DWORD dwReturnLength = NULL;
    HANDLE 线程句柄 = NULL;
    THREADENTRY32 te32;
    te32.dwSize = sizeof(te32);
    HMODULE hNtdll = LoadLibraryW(L"ntdll.dll");
    NTQUERYINFORMATIONTHREAD NtQueryInformationThread = NULL;
    NtQueryInformationThread = (NTQUERYINFORMATIONTHREAD)GetProcAddress(hNtdll, "NtQueryInformationThread");

    HANDLE Snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, NULL);
    if (Thread32First(Snapshot, &te32))
    {
        do
        {
            线程句柄 = OpenThread(THREAD_ALL_ACCESS, FALSE, te32.th32ThreadID);
            NtQueryInformationThread(线程句柄, ThreadQuerySetWin32StartAddress,
                &起始地址, sizeof(起始地址), &dwReturnLength);

            if (PID == GetProcessIdOfThread(线程句柄))
            {
                cout.setf(ios::showbase | ios::uppercase);
                cout << dec << "线程ID:" << te32.th32ThreadID;
                cout << hex << "\t入口地址:" << 起始地址 << endl;;
            }

        } while (Thread32Next(Snapshot, &te32));
    }
}

int main()
{
    while (1)
    {
        DWORD pid = 0;
        cout << "请输入进程ID：";
        cin >> pid;
        GetProcessThreadInfo(pid);
    }
}

参考自：https://www.cnblogs.com/IMyLife/p/4826260.html