能力值:
( LV2,RANK:10 )
|
-
-
2 楼
用NtGetContextThread
BOOL WINAPI GetThreadContext(IN HANDLE hThread, OUT LPCONTEXT lpContext) { NTSTATUS Status; Status =NtGetContextThread(hThread, lpContext); if (!NT_SUCCESS(Status)) { BaseSetLastNTError(Status); return FALSE; } return TRUE; }
reactos的源码
最后于 2018-8-9 16:30
被downfall编辑
,原因: 增补内容
|
能力值:
( LV2,RANK:10 )
|
-
-
3 楼
我也想问,要NtQueryInformationThread的方法
|
能力值:
( LV2,RANK:10 )
|
-
-
4 楼
自己解决了 但意义不大.
特别注意是 本执行进程必须64位 然后线程目标id 必须是32位 否则失败
typedef NTSTATUS(WINAPI *NTQUERYINFORMATIONTHREAD)(
HANDLE ThreadHandle,
ULONG ThreadInformationClass,
PVOID ThreadInformation,
ULONG ThreadInformationLength,
PULONG ReturnLength);
typedef enum _THREADINFOCLASS {
ThreadBasicInformation,
ThreadTimes,
ThreadPriority,
ThreadBasePriority,
ThreadAffinityMask,
ThreadImpersonationToken,
ThreadDescriptorTableEntry,
ThreadEnableAlignmentFaultFixup,
ThreadEventPair_Reusable,
ThreadQuerySetWin32StartAddress,
ThreadZeroTlsCell,
ThreadPerformanceCount,
ThreadAmILastThread,
ThreadIdealProcessor,
ThreadPriorityBoost,
ThreadSetTlsArrayAddress, // Obsolete
ThreadIsIoPending,
ThreadHideFromDebugger,
ThreadBreakOnTermination,
ThreadSwitchLegacyState,
ThreadIsTerminated,
ThreadLastSystemCall,
ThreadIoPriority,
ThreadCycleTime,
ThreadPagePriority,
ThreadActualBasePriority,
ThreadTebInformation,
ThreadCSwitchMon, // Obsolete
ThreadCSwitchPmu,
ThreadWow64Context,
ThreadGroupInformation,
ThreadUmsInformation, // UMS
ThreadCounterProfiling,
ThreadIdealProcessorEx,
MaxThreadInfoClass
} THREADINFOCLASS;
ThreadHandle = OpenThread(THREAD_ALL_ACCESS | THREAD_GET_CONTEXT | THREAD_SET_CONTEXT, FALSE, dwThreadId); dwThreadId必须是目标32位的
if (!ThreadHandle)
{
return 0;
}
WOW64_CONTEXT wow64Context = {};
wow64Context.ContextFlags = CONTEXT_FULL | CONTEXT_DEBUG_REGISTERS | CONTEXT_SEGMENTS;
NTSTATUS status = NtQueryInformationThread(ThreadHandle, ThreadWow64Context, &wow64Context, sizeof(WOW64_CONTEXT), NULL);
|
