Thread32... and Corresponding OwnerProcess

[xandaz]

   Hi guys... i making this treeview control with processes and it's thread and it seems theres no way to use Thread32First/Next to list only the threads of a certain process.It just list all threads regardeless of the process. Is this correct? Kays... Thanks and someone feel free to reply.
   Here's a little comething i made some time ago. I think it's still a bit faulty but i'd like to show it so you can tell me what you think. Bye

[donkey]

Hi xandaz,

CreateToolhelp32Snapshot takes a PID (Process ID) as its second parameter.

invoke CreateToolhelp32Snapshot,TH32CS_SNAPALL,NULL << replace the NULL with the PID of the process you want to limit to

Haven't tried it but it should work.

Edgar

[donkey]

If that doesn't work there is an alternative, you can just get the system handles and sort them by process, thread handles are included so you can have all of them by PID. Here's a little example that enumerates and sorts handles by process. It does not use Snap Shots, just low level NT functions, it is written in GoAsm using RadAsm 3 but I am sure others have coded similar examples in MASM that they will offer up.

Edgar

[xandaz]

   Thanks donkey. I tried to use the PID but it always listed all threads. Maybe i've done something wrong. Thanlks for the help. Bye

[donkey]

   Thanks donkey. I tried to use the PID but it always listed all threads. Maybe i've done something wrong. Thanlks for the help. Bye

Hi, good luck. As you can see in my little program I haven't used the tool help stuff for a while, preferring the low level NT stuff but according to the entry at MSDN CreateToolhelp32Snapshot should work with a PID.

[donkey]

Here's some more fun with handles, this addition will also get the names of Named Mutexes used by a program. I added this because I had seen a bunch of questions on C forums that had advised using stack traces and various other weird methods. It's actually pretty easy to get them so I thought I would add the mutex names. Also names of open registry keys are added.

Edgar

[xandaz]

   Check this out donkey. i've put the pe32.th32ProcessID in CreateToolhelp but it always lists the same threads. I was building a new routine to check which threads correspond to what process and fill the treeview but its kinda not working yet. See if theres something wrong with FillControls2 will you? Thanks and bye

[donkey]

Hi xandaz,

I couldn't really take a good look at it as it set off malware alerts but a quick look at the source it looks like in FillControls2 you set hSnap for both the process and thread snap. You are overwriting the handle for the process snap with the handle for the thread snap. The problem should go away if you use a different variable to store each handle.


>> EDIT - didn't notice the push/pop I'll have to take another look.

Edgar

[donkey]

Hi xandaz,

Unfortunately your program is functioning perfectly. The problem is that the PID cannot be used with threads:

The process identifier of the process to be included in the snapshot. This parameter can be zero to indicate the current process. This parameter is used when the TH32CS_SNAPHEAPLIST, TH32CS_SNAPMODULE, TH32CS_SNAPMODULE32, or TH32CS_SNAPALL value is specified. Otherwise, it is ignored and all processes are included in the snapshot.

Note that TH32CS_SNAPTHREAD is not listed. Even using SNAPALL, the threads returned will be all threads without limiting to the PID passed. So there is no way I can see to do what you want with that algorithm, you'll have to address the problem in another way. Hard to say how you can go about it with only ToolHelp functions though. The code I posted above does it, you're welcome to use it if you want, its no big feat to limit it to thread handles.

Edgar