Listing Thread Module Names and Base Addresses
-
Hey, I have a program that lists processes running on the system. For each Process I can get the Thread IDs of all the threads running in that process... Is it possible for me to use the thread ID for some process X to get that threads Module Name (like a loaded dll it uses) and/or Base address of the execution of that thread ?? Any help here would be appreciated. Thanks, Abhishek
-
Hey, I have a program that lists processes running on the system. For each Process I can get the Thread IDs of all the threads running in that process... Is it possible for me to use the thread ID for some process X to get that threads Module Name (like a loaded dll it uses) and/or Base address of the execution of that thread ?? Any help here would be appreciated. Thanks, Abhishek
-
Hi, You need to use ToolHelp stuff. See: MODULENTRY32 Module32First Module32Next IMAGE_DOS_HEADER IMAGE_NT_HEADER ToolHelp32ReadProcessMemory -- ====== Arman
-
Hi, You need to use ToolHelp stuff. See: MODULENTRY32 Module32First Module32Next IMAGE_DOS_HEADER IMAGE_NT_HEADER ToolHelp32ReadProcessMemory -- ====== Arman
Hey, I had a look at the Module Function.....it gives me a list of the Modules that are being used by the process.....More specifically I need to find the start address of where a thread begins execution. So I have a list of Threads .... how do I know the baseAddress of where they begin execution. I don't know if you've used process explorer....When you right click on a process in Process Explorer and select properties, it pops up a tabbed window........Clicking on "Threads " in that window we get a listing of Threads for the process in the form of Module!function....which basically gives the "Thread Start Address" and module name. Regards :), Abhishek
-
Hey, I had a look at the Module Function.....it gives me a list of the Modules that are being used by the process.....More specifically I need to find the start address of where a thread begins execution. So I have a list of Threads .... how do I know the baseAddress of where they begin execution. I don't know if you've used process explorer....When you right click on a process in Process Explorer and select properties, it pops up a tabbed window........Clicking on "Threads " in that window we get a listing of Threads for the process in the form of Module!function....which basically gives the "Thread Start Address" and module name. Regards :), Abhishek
Have you checked the www.sysinternals.com website? I know they have process explorer there, not sure if they have source code for it or not. ............................. There's nothing like the sound of incoming rifle and mortar rounds to cure the blues. No matter how down you are, you take an active and immediate interest in life. Fiat justitia, et ruat cælum
-
Have you checked the www.sysinternals.com website? I know they have process explorer there, not sure if they have source code for it or not. ............................. There's nothing like the sound of incoming rifle and mortar rounds to cure the blues. No matter how down you are, you take an active and immediate interest in life. Fiat justitia, et ruat cælum
hey, I don't think sysinternals has the code for ProcessExplorer....... Thanks