waliedassar

Get Main ThreadId Of A Process

Jan 19th, 2013
164
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. //http://waleedassar.blogspot.com/
  2. //http://www.twitter.com/waleedassar
  3.  
  4. //Use the following code to extract the thread id of the main thread
  5. // of a given process.
  6. //I'm using a very old compiler. In case you use a newer one, you should delete
  7. //the already-defined structures.
  8.  
  9. #include "stdafx.h"
  10. #include "windows.h"
  11. #include "stdio.h"
  12.  
  13.  
  14. #define SystemProcessesAndThreadsInformation 0x5
  15. #define STATUS_INFO_LENGTH_MISMATCH          0xC0000004
  16.  
  17. extern "C"
  18. {
  19.     int __stdcall ZwQuerySystemInformation(unsigned long,void*,unsigned long,unsigned long*);
  20. }
  21.  
  22. struct CLIENT_ID
  23. {
  24.      unsigned long UniqueProcess;
  25.      unsigned long UniqueThread;
  26. };
  27.  
  28. struct UNICODE_STRING
  29. {
  30.  unsigned short Length;
  31.  unsigned short MaximumLength;
  32.  wchar_t*  Buffer;
  33. };
  34.  
  35. struct VM_COUNTERS
  36. {
  37.     unsigned long PeakVirtualSize;
  38.     unsigned long VirtualSize;
  39.     unsigned long PageFaultCount;
  40.     unsigned long PeakWorkingSetSize;
  41.     unsigned long WorkingSetSize;
  42.     unsigned long QuotaPeakPagedPoolUsage;
  43.     unsigned long QuotaPagedPoolUsage;
  44.     unsigned long QuotaPeakNonPagedPoolUsage;
  45.     unsigned long QuotaNonPagedPoolUsage;
  46.     unsigned long PagefileUsage;
  47.     unsigned long PeakPagefileUsage;
  48. };
  49.  
  50. struct IO_COUNTERS
  51. {
  52.   ULONGLONG ReadOperationCount;
  53.   ULONGLONG WriteOperationCount;
  54.   ULONGLONG OtherOperationCount;
  55.   ULONGLONG ReadTransferCount;
  56.   ULONGLONG WriteTransferCount;
  57.   ULONGLONG OtherTransferCount;
  58. };
  59.  
  60. struct SYSTEM_THREAD_INFORMATION
  61. {
  62.     LARGE_INTEGER KernelTime;
  63.     LARGE_INTEGER UserTime;
  64.     LARGE_INTEGER CreateTime;
  65.     unsigned long WaitTime;
  66.     unsigned long StartAddress;
  67.     CLIENT_ID ClientId;
  68.     long Priority;
  69.     long BasePriority;
  70.     unsigned long ContextSwitchCount;
  71.     long State;
  72.     long WaitReason;
  73. };
  74.  
  75.  
  76. struct SYSTEM_PROCESS_INFORMATION
  77. {
  78.     unsigned long NextEntryDelta;
  79.     unsigned long ThreadCount;
  80.     unsigned long Reserved1[6];
  81.     LARGE_INTEGER CreateTime;
  82.     LARGE_INTEGER UserTime;
  83.     LARGE_INTEGER KernelTime;
  84.     UNICODE_STRING ProcessName;
  85.     long BasePriority;
  86.     unsigned long ProcessId;
  87.     unsigned long InheritedFromProcessId;
  88.     unsigned long HandleCount;
  89.     unsigned long Reserved2[2];
  90.     VM_COUNTERS VmCounters;
  91.     IO_COUNTERS IoCounters;
  92.     SYSTEM_THREAD_INFORMATION Threads[5]; //Here, 5 is a random number
  93. };
  94.  
  95.  
  96.  
  97. unsigned long GetMainThreadId(unsigned long ProcessId)
  98. {
  99.     unsigned long cbBuffer=0x5000;  //Initial Buffer Size
  100.     void* Buffer=(void*)LocalAlloc(0,cbBuffer);
  101.     if(Buffer==0) return 0;
  102.     bool x=false;
  103.     bool error=false;
  104.     while(x==false)
  105.     {
  106.         int ret=ZwQuerySystemInformation(SystemProcessesAndThreadsInformation,Buffer,cbBuffer,0);
  107.         if(ret<0)
  108.         {
  109.             if(ret==STATUS_INFO_LENGTH_MISMATCH)
  110.             {
  111.                 cbBuffer=cbBuffer+cbBuffer;
  112.                 LocalFree(Buffer);
  113.                 Buffer=(void*)LocalAlloc(0,cbBuffer);
  114.                 if(Buffer==0) return 0;
  115.                 x=false;
  116.             }
  117.             else
  118.             {
  119.                 x=true;
  120.                 error=true;
  121.             }
  122.         }
  123.         else x=true;
  124.     }
  125.     if(error==false)
  126.     {
  127.         SYSTEM_PROCESS_INFORMATION* p=(SYSTEM_PROCESS_INFORMATION*)Buffer;
  128.         while(1)
  129.         {
  130.             if(p->ProcessId==ProcessId)
  131.             {
  132.                 unsigned long ThreadId=p->Threads[0].ClientId.UniqueThread;
  133.                         LocalFree(Buffer);
  134.                 return ThreadId;
  135.             }
  136.             if(p->NextEntryDelta==0) break;
  137.             p=(SYSTEM_PROCESS_INFORMATION*)((unsigned char*)p+(p->NextEntryDelta));
  138.         }
  139.     }
  140.     LocalFree(Buffer);
  141.     return 0;
  142. }
  143.  
  144. int main()
  145. {
  146.     unsigned long pid=0;
  147.     printf("Enter Process Id ");
  148.     scanf("%d",&pid);
  149.     if(!pid) return printf("Error: Invalid Process Id\r\n");
  150.     //------------------------------------------------------
  151.     unsigned long ThreadId=GetMainThreadId(pid);
  152.     printf("Main thread id of process %x is: %x\r\n",pid,ThreadId);
  153. }
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×