forked from hasherezade/pe-sieve
-
Notifications
You must be signed in to change notification settings - Fork 0
/
threads_util.h
69 lines (54 loc) · 1.44 KB
/
threads_util.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
#pragma once
#include <windows.h>
#include <map>
#define INVALID_SYSCALL (-1)
namespace pesieve {
namespace util {
typedef struct _thread_info_ext
{
ULONGLONG sys_start_addr;
DWORD state;
DWORD wait_reason;
DWORD wait_time;
_thread_info_ext()
{
this->sys_start_addr = 0;
this->state = 0;
this->wait_reason = 0;
this->wait_time = 0;
}
_thread_info_ext(const _thread_info_ext& other)
{
this->sys_start_addr = other.sys_start_addr;
this->state = other.state;
this->wait_reason = other.wait_reason;
this->wait_time = other.wait_time;
}
} thread_info_ext;
typedef struct _thread_info
{
DWORD tid;
ULONGLONG start_addr;
DWORD last_syscall;
bool is_extended;
thread_info_ext ext;
_thread_info(DWORD _tid = 0)
: tid(_tid),
start_addr(0), last_syscall(INVALID_SYSCALL),
is_extended(false)
{
}
_thread_info(const _thread_info& other)
{
this->tid = other.tid;
this->start_addr = other.start_addr;
this->last_syscall = other.last_syscall;
this->is_extended = other.is_extended;
this->ext = other.ext;
}
} thread_info;
bool query_threads_details(IN OUT std::map<DWORD, thread_info>& threads_info);
bool fetch_threads_info(IN DWORD pid, OUT std::map<DWORD, thread_info>& threads_info);
bool fetch_threads_by_snapshot(IN DWORD pid, OUT std::map<DWORD, thread_info>& threads_info);
}; // namespace util
}; // namespace pesieve