waliedassar

Get Main ThreadId Of A Process

Jan 19th, 2013
180
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. //http://waleedassar.blogspot.com/
  2. //http://www.twitter.com/waleedassar
  3.  
  4. //Use the following code to extract the thread id of the main thread
  5. // of a given process.
  6. //I'm using a very old compiler. In case you use a newer one, you should delete
  7. //the already-defined structures.
  8.  
  9. #include "stdafx.h"
  10. #include "windows.h"
  11. #include "stdio.h"
  12.  
  13.  
  14. #define SystemProcessesAndThreadsInformation 0x5
  15. #define STATUS_INFO_LENGTH_MISMATCH          0xC0000004
  16.  
  17. extern "C"
  18. {
  19.     int __stdcall ZwQuerySystemInformation(unsigned long,void*,unsigned long,unsigned long*);
  20. }
  21.  
  22. struct CLIENT_ID
  23. {
  24.      unsigned long UniqueProcess;
  25.      unsigned long UniqueThread;
  26. };
  27.  
  28. struct UNICODE_STRING
  29. {
  30.  unsigned short Length;
  31.  unsigned short MaximumLength;
  32.  wchar_t*  Buffer;
  33. };
  34.  
  35. struct VM_COUNTERS
  36. {
  37.     unsigned long PeakVirtualSize;
  38.     unsigned long VirtualSize;
  39.     unsigned long PageFaultCount;
  40.     unsigned long PeakWorkingSetSize;
  41.     unsigned long WorkingSetSize;
  42.     unsigned long QuotaPeakPagedPoolUsage;
  43.     unsigned long QuotaPagedPoolUsage;
  44.     unsigned long QuotaPeakNonPagedPoolUsage;
  45.     unsigned long QuotaNonPagedPoolUsage;
  46.     unsigned long PagefileUsage;
  47.     unsigned long PeakPagefileUsage;
  48. };
  49.  
  50. struct IO_COUNTERS
  51. {
  52.   ULONGLONG ReadOperationCount;
  53.   ULONGLONG WriteOperationCount;
  54.   ULONGLONG OtherOperationCount;
  55.   ULONGLONG ReadTransferCount;
  56.   ULONGLONG WriteTransferCount;
  57.   ULONGLONG OtherTransferCount;
  58. };
  59.  
  60. struct SYSTEM_THREAD_INFORMATION
  61. {
  62.     LARGE_INTEGER KernelTime;
  63.     LARGE_INTEGER UserTime;
  64.     LARGE_INTEGER CreateTime;
  65.     unsigned long WaitTime;
  66.     unsigned long StartAddress;
  67.     CLIENT_ID ClientId;
  68.     long Priority;
  69.     long BasePriority;
  70.     unsigned long ContextSwitchCount;
  71.     long State;
  72.     long WaitReason;
  73. };
  74.  
  75.  
  76. struct SYSTEM_PROCESS_INFORMATION
  77. {
  78.     unsigned long NextEntryDelta;
  79.     unsigned long ThreadCount;
  80.     unsigned long Reserved1[6];
  81.     LARGE_INTEGER CreateTime;
  82.     LARGE_INTEGER UserTime;
  83.     LARGE_INTEGER KernelTime;
  84.     UNICODE_STRING ProcessName;
  85.     long BasePriority;
  86.     unsigned long ProcessId;
  87.     unsigned long InheritedFromProcessId;
  88.     unsigned long HandleCount;
  89.     unsigned long Reserved2[2];
  90.     VM_COUNTERS VmCounters;
  91.     IO_COUNTERS IoCounters;
  92.     SYSTEM_THREAD_INFORMATION Threads[5]; //Here, 5 is a random number
  93. };
  94.  
  95.  
  96.  
  97. unsigned long GetMainThreadId(unsigned long ProcessId)
  98. {
  99.     unsigned long cbBuffer=0x5000;  //Initial Buffer Size
  100.     void* Buffer=(void*)LocalAlloc(0,cbBuffer);
  101.     if(Buffer==0) return 0;
  102.     bool x=false;
  103.     bool error=false;
  104.     while(x==false)
  105.     {
  106.         int ret=ZwQuerySystemInformation(SystemProcessesAndThreadsInformation,Buffer,cbBuffer,0);
  107.         if(ret<0)
  108.         {
  109.             if(ret==STATUS_INFO_LENGTH_MISMATCH)
  110.             {
  111.                 cbBuffer=cbBuffer+cbBuffer;
  112.                 LocalFree(Buffer);
  113.                 Buffer=(void*)LocalAlloc(0,cbBuffer);
  114.                 if(Buffer==0) return 0;
  115.                 x=false;
  116.             }
  117.             else
  118.             {
  119.                 x=true;
  120.                 error=true;
  121.             }
  122.         }
  123.         else x=true;
  124.     }
  125.     if(error==false)
  126.     {
  127.         SYSTEM_PROCESS_INFORMATION* p=(SYSTEM_PROCESS_INFORMATION*)Buffer;
  128.         while(1)
  129.         {
  130.             if(p->ProcessId==ProcessId)
  131.             {
  132.                 unsigned long ThreadId=p->Threads[0].ClientId.UniqueThread;
  133.                         LocalFree(Buffer);
  134.                 return ThreadId;
  135.             }
  136.             if(p->NextEntryDelta==0) break;
  137.             p=(SYSTEM_PROCESS_INFORMATION*)((unsigned char*)p+(p->NextEntryDelta));
  138.         }
  139.     }
  140.     LocalFree(Buffer);
  141.     return 0;
  142. }
  143.  
  144. int main()
  145. {
  146.     unsigned long pid=0;
  147.     printf("Enter Process Id ");
  148.     scanf("%d",&pid);
  149.     if(!pid) return printf("Error: Invalid Process Id\r\n");
  150.     //------------------------------------------------------
  151.     unsigned long ThreadId=GetMainThreadId(pid);
  152.     printf("Main thread id of process %x is: %x\r\n",pid,ThreadId);
  153. }
RAW Paste Data