CreateToolhelp32Snapshot
HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
if(hProcessSnap == INVALID_HANDLE_VALUE){
cout << "创建进程快照失败" << endl;
return FALSE;
}
PROCESSENTRY32 process = {
sizeof(PROCESSENTRY32)};
for(Process32First(hProcessSnap,&process);Process32Next(hProcessSnap,&process);){
if(process.th32ProcessID != 你的PID){
continue;
}
HANDLE hThreadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
if (hThreadSnap == INVALID_HANDLE_VALUE){
cout << "创建线程快照失败" << endl;
return FALSE;
}
THREADENTRY32 thread = {
sizeof(THREADENTRY32)};
for(Thread32First(hThreadSnap, &thread);Thread32Next(hThreadSnap, &thread);){
/*
typedef struct tagTHREADENTRY32
{
DWORD dwSize;
DWORD cntUsage;
DWORD th32ThreadID; // this thread
DWORD th32OwnerProcessID; // Process this thread is associated with
LONG tpBasePri;
LONG tpDeltaPri;
DWORD dwFlags;
} THREADENTRY32;
*/
}
}
ZwQuerySystemInformation
第一个参数传 SystemProcessInformation 。
参考文章
相对于快照,可以获取到更多进程和线程的信息:
typedef struct _SYSTEM_THREADS{
LARGE_INTEGER KernelTime;
LARGE_INTEGER UserTime;
LARGE_INTEGER CreateTime;
ULONG WaitTime;
PVOID StartAddress;
CLIENT_ID ClientId;
KPRIORITY Priority;
LONG BasePriority;
ULONG ContextSwitches;
ULONG ThreadState;
ULONG WaitReason;
ULONG Reversed;
} SYSTEM_THREAD_INFORMATION,*PSYSTEM_THREADS;
typedef struct _SYSTEM_PROCESSES {
ULONG NextEntryDelta;
ULONG ThreadCount;
LARGE_INTEGER Reserved1[3];
LARGE_INTEGER CreateTime;
LARGE_INTEGER UserTime;
LARGE_INTEGER KernelTime;
UNICODE_STRING ProcessName;
KPRIORITY BasePriority;
ULONG ProcessId;
ULONG InheritedFromProcessId;
ULONG HandleCount;
ULONG SessionId;
ULONG_PTR PageDirectoryBase;
VM_COUNTERS VmCounters;
ULONG PrivatePageCount;
IO_COUNTERS IoCounters;
SYSTEM_THREADS Threads[1];
} SYSTEM_PROCESSES, *PSYSTEM_PROCESSES;