public static NtQueryInformationThread ( |
||
threadHandle | A handle to the thread to query. | |
Résultat |
public static ThreadBasicInformation NtQueryInformationThread(SafeMemoryHandle threadHandle)
{
// Check if the handle is valid
HandleManipulator.ValidateAsArgument(threadHandle, "threadHandle");
// Create a structure to store thread info
var info = new ThreadBasicInformation();
// Get the thread info
var ret = NativeMethods.NtQueryInformationThread(threadHandle, 0, ref info, MarshalType<ThreadBasicInformation>.Size, IntPtr.Zero);
// If the function succeeded
if (ret == 0)
return info;
// Else, couldn't get the thread info, throws an exception
throw new ApplicationException(string.Format("Couldn't get the information from the thread, error code '{0}'.", ret));
}
/// <summary> /// Creates a thread that runs in the remote process. /// </summary> /// <param name="address"> /// A pointer to the application-defined function to be executed by the thread and represents /// the starting address of the thread in the remote process. /// </param> /// <param name="isStarted">Sets if the thread must be started just after being created.</param> /// <returns>A new instance of the <see cref="RemoteThread"/> class.</returns> public RemoteThread Create(IntPtr address, bool isStarted = true) { // Create the thread var ret = ThreadCore.NtQueryInformationThread( ThreadCore.CreateRemoteThread(MemorySharp.Handle, address, IntPtr.Zero, ThreadCreationFlags.Suspended)); // Get the native thread previously created // Loop until the native thread is retrieved ProcessThread nativeThread; do { nativeThread = MemorySharp.Threads.NativeThreads.FirstOrDefault(t => t.Id == ret.ThreadId); } while (nativeThread == null); // Wrap the native thread in an object of the library var result = new RemoteThread(MemorySharp, nativeThread); // If the thread must be started if (isStarted) { result.Resume(); } return(result); }