-
-
[求助]枚举进程所有线程的问题
-
发表于: 2010-8-30 10:41
-
我是要枚举一个进程的所有线程,然后把每个线程杀掉。但是我的这个枚举线程的函数有问题
#pragma PAGEDCODE
PETHREAD NTAPI GetNextProcessThread(
IN PEPROCESS Process,
IN PETHREAD Thread OPTIONAL
)
{
PETHREAD FoundThread = NULL;
PLIST_ENTRY ListHead, Entry;
KSPIN_LOCK QLock;
KIRQL oldirql;
PAGEDCODE
KeInitializeSpinLock(&QLock);
KeAcquireSpinLock(&QLock, &oldirql);
// KeEnterCriticalRegionThread(&Thread->Tcb);
if (Thread&&MmIsAddressValid(Thread))
{
Entry = (PLIST_ENTRY)((ULONG)(Thread)+uThreadListEntryOffset);
if (MmIsAddressValid(Entry))
{
Entry=Entry->Flink;
}
}
else
{
Entry = (PLIST_ENTRY)((ULONG)(Process)+uThreadListHeadOffset);
if (MmIsAddressValid(Entry))
{
Entry = Entry->Flink;
}
}
ListHead = (PLIST_ENTRY)((ULONG)Process + uThreadListHeadOffset);
while (ListHead != Entry)
{
FoundThread = (PETHREAD)((ULONG)Entry - uThreadListEntryOffset);
if (MmIsAddressValid(FoundThread))
{
if (ObReferenceObject(FoundThread))
//Entry = Entry->Flink;
break;
}else
{
FoundThread = NULL;
if (MmIsAddressValid(Entry))
{
Entry = Entry->Flink; }
break;
//Entry = Entry->Flink;
}
//if (MmIsAddressValid(Entry))
//{
//Entry = Entry->Flink;
//}
//break;
}
KeReleaseSpinLock(&QLock, oldirql);
if (Thread&&MmIsAddressValid(Thread))
ObDereferenceObject(Thread);
return FoundThread;
}
执行后要杀的进程界面没了,但是后台进程仍然在。
外部调用是 for(Thread = GetNextProcessThread(pObjEpro,NULL);
//MmIsAddressValid(Thread);
Thread != NULL;
Thread = GetNextProcessThread(pObjEpro, Thread))
{
Status = (NTSTATUS)(PspTerminateThreadByPt)(Thread,0);
}
求助各位 我单步运行发现加黑的地方都不会执行。。。。。求助
#pragma PAGEDCODE
PETHREAD NTAPI GetNextProcessThread(
IN PEPROCESS Process,
IN PETHREAD Thread OPTIONAL
)
{
PETHREAD FoundThread = NULL;
PLIST_ENTRY ListHead, Entry;
KSPIN_LOCK QLock;
KIRQL oldirql;
PAGEDCODE
KeInitializeSpinLock(&QLock);
KeAcquireSpinLock(&QLock, &oldirql);
// KeEnterCriticalRegionThread(&Thread->Tcb);
if (Thread&&MmIsAddressValid(Thread))
{
Entry = (PLIST_ENTRY)((ULONG)(Thread)+uThreadListEntryOffset);
if (MmIsAddressValid(Entry))
{
Entry=Entry->Flink;
}
}
else
{
Entry = (PLIST_ENTRY)((ULONG)(Process)+uThreadListHeadOffset);
if (MmIsAddressValid(Entry))
{
Entry = Entry->Flink;
}
}
ListHead = (PLIST_ENTRY)((ULONG)Process + uThreadListHeadOffset);
while (ListHead != Entry)
{
FoundThread = (PETHREAD)((ULONG)Entry - uThreadListEntryOffset);
if (MmIsAddressValid(FoundThread))
{
if (ObReferenceObject(FoundThread))
//Entry = Entry->Flink;
break;
}else
{
FoundThread = NULL;
if (MmIsAddressValid(Entry))
{
Entry = Entry->Flink; }
break;
//Entry = Entry->Flink;
}
//if (MmIsAddressValid(Entry))
//{
//Entry = Entry->Flink;
//}
//break;
}
KeReleaseSpinLock(&QLock, oldirql);
if (Thread&&MmIsAddressValid(Thread))
ObDereferenceObject(Thread);
return FoundThread;
}
执行后要杀的进程界面没了,但是后台进程仍然在。
外部调用是 for(Thread = GetNextProcessThread(pObjEpro,NULL);
//MmIsAddressValid(Thread);
Thread != NULL;
Thread = GetNextProcessThread(pObjEpro, Thread))
{
Status = (NTSTATUS)(PspTerminateThreadByPt)(Thread,0);
}
求助各位 我单步运行发现加黑的地方都不会执行。。。。。求助
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
谢谢FypHer我再试试 ,非常感谢
|
