www.pudn.com > remote_thread.zip > ntthread.h
#ifndef __NT_THREAD_H__
#define __NT_THREAD_H__
class NtThread
{
//------------------------------------------------------------
// NtOpenThread和NtQuerySystemInformation用到的一些数据结构
//------------------------------------------------------------
typedef struct _VM_COUNTERS {
DWORD PeakVirtualSize;
DWORD VirtualSize;
DWORD PageFaultCount;
DWORD PeakWorkingSetSize;
DWORD WorkingSetSize;
DWORD QuotaPeakPagedPoolUsage;
DWORD QuotaPagedPoolUsage;
DWORD QuotaPeakNonPagedPoolUsage;
DWORD QuotaNonPagedPoolUsage;
DWORD PagefileUsage;
DWORD PeakPagefileUsage;
} VM_COUNTERS;
typedef struct _IO_COUNTERS {
LARGE_INTEGER ReadOperationCount;
LARGE_INTEGER WriteOperationCount;
LARGE_INTEGER OtherOperationCount;
LARGE_INTEGER ReadTransferCount;
LARGE_INTEGER WriteTransferCount;
LARGE_INTEGER OtherTransferCount;
}IO_COUNTERS;
typedef struct _UNICODE_STRING
{
WORD Length;
WORD MaximumLength;
PWSTR Buffer;
} UNICODE_STRING;
typedef LARGE_INTEGER QWORD;
typedef struct _SYSTEM_PROCESS_INFORMATION {
DWORD dNext;
DWORD dThreadCount;
DWORD dReserved01;
DWORD dReserved02;
DWORD dReserved03;
DWORD dReserved04;
DWORD dReserved05;
DWORD dReserved06;
QWORD qCreateTime;
QWORD qUserTime;
QWORD qKernelTime;
UNICODE_STRING usName;
DWORD BasePriority;
DWORD dUniqueProcessId;
DWORD dInheritedFromUniqueProcessId;
DWORD dHandleCount;
DWORD dReserved07;
DWORD dReserved08;
VM_COUNTERS VmCounters;
DWORD dCommitCharge;
} SYSTEM_PROCESS_INFORMATION, *PSYSTEM_PROCESS_INFORMATION;
//------------------------------------------------
// windows 2000和windows NT 4.0有一些不同
//------------------------------------------------
typedef struct _SYSTEM_PROCESS_INFORMATION_2K {
SYSTEM_PROCESS_INFORMATION process;
IO_COUNTERS IoCounters;
} SYSTEM_PROCESS_INFORMATION_2K, *PSYSTEM_PROCESS_INFORMATION_2K;
typedef struct _CLIENT_ID {
HANDLE UniqueProcess;
HANDLE UniqueThread;
} CLIENT_ID, *PCLIENT_ID;
typedef struct _SYSTEM_THREAD {
LARGE_INTEGER KernelTime;
LARGE_INTEGER UserTime;
LARGE_INTEGER CreateTime;
ULONG WaitTime;
PVOID StartAddress;
CLIENT_ID ClientId;
LONG Priority;
LONG BasePriority;
ULONG ContextSwitches;
ULONG ThreadState; // 2=running; 5=waiting
ULONG WaitReason;
} SYSTEM_THREAD;
//-------------------------------------------
// NtOpenThread和NtOpenProcess使用的数据结构
//-------------------------------------------
typedef struct _OPEN_PROCESS_THREAD {
DWORD cbSize; // = 0x18
DWORD dwReserved01;
DWORD dwReserved02;
BOOL bInheritHandle;
DWORD dwReserved03;
DWORD dwReserved04;
}OPEN_PROCESS_THREAD, *POPEN_PROCESS_THREAD;
typedef DWORD (WINAPI *PNtQuerySystemInformation)( DWORD, VOID*, DWORD, ULONG* );
typedef DWORD (WINAPI *PNtOpenThread)(HANDLE*, DWORD, VOID*, VOID* );
public:
//----------------------------------------------
// 枚举指定线程的所有线程,返回线程ID
//----------------------------------------------
static BOOL EnumThread(DWORD processId, DWORD* pdwThread, DWORD* pnMaxCount );
//----------------------------------------------
// 从线程ID中得到线程句柄
//----------------------------------------------
static HANDLE NtOpenThread( DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD threadId, DWORD processId );
};
#endif // __NT_THREAD_H__