lordx
asked on
ThreadID to Thread Handle under Windows 9x
Windows 9x does not support the OpenThread function. I obtain the Thread ID via calls to CreateToolhelp32Snapshot, Process32First, Module32First, Thread32First....
But I need to get a handle to the thread, instead of the ID. I can use OpenProcess onthe ProcessID, but still need the thread handle. I am probly overlooking something...
I need the same kind of handle that you get when you do a CreateProcess...the handle stored in the process information block.
Thanks.
But I need to get a handle to the thread, instead of the ID. I can use OpenProcess onthe ProcessID, but still need the thread handle. I am probly overlooking something...
I need the same kind of handle that you get when you do a CreateProcess...the handle stored in the process information block.
Thanks.
jkr
Is this a thread within your own application?
ASKER
No, the thread is in another application. I obtain the process and thread id's via the functions above. From there I am calling other functions that need the process and thread handles..not the id's.
Normally, I can get these handles via a CreateProcess call...but thats when I create the process from inside my program. I need to get the handles from programms already running.
Normally, I can get these handles via a CreateProcess call...but thats when I create the process from inside my program. I need to get the handles from programms already running.
There is no way to get the thread handle from the thread ID. For more information, see
INFO: Thread Handles and Thread IDs
http://support.microsoft.com/support/kb/articles/q127/9/92.asp
INFO: Thread Handles and Thread IDs
http://support.microsoft.com/support/kb/articles/q127/9/92.asp
ASKER
What about using DebugActiveProcess?
I know the MS article said it is not possible to get the thread handle...but the information is available on the system. It is avaiable when the process is created (in the process information block), and unless it is destroyed, it should be somewhere.
I know the MS article said it is not possible to get the thread handle...but the information is available on the system. It is avaiable when the process is created (in the process information block), and unless it is destroyed, it should be somewhere.
'DebugActiveProcess()' works for this, as the debugger will be notified about every active thread. However, there's no way to detach from the debuggee. Alternatively, I'd suggest loading a DLL into the process' address space, as the DLL will be notified also via 'DLL_THREAD_ATTACH'...
ASKER
Well, there's part of the problem. I am using code to 'inject' a DLL into another process. I am doing it to intercept the winsock calls...specifically the send and recieve calls so I can monitor the amount of bandwidth that is being used by an application.
But, in order for me to inject the DLL into the process, I need the handle for both the thread and the process. I have the one for the process via OpenProcess, but not for the thread.
If I am not able to get a solution, I will use CreateProcess and force my users to start their program via my program...but ideally I would like them to be able to just run my program, and have it automatically inject its self into the other apps.
But, in order for me to inject the DLL into the process, I need the handle for both the thread and the process. I have the one for the process via OpenProcess, but not for the thread.
If I am not able to get a solution, I will use CreateProcess and force my users to start their program via my program...but ideally I would like them to be able to just run my program, and have it automatically inject its self into the other apps.
You could try e.g. a hook:
http://msdn.microsoft.com/library/techart/msdn_hooks32.htm
http://msdn.microsoft.com/library/techart/msdn_hooks32.htm
There is a way to open a thread under win9x, but it's quite hacky. Do you know about the magic number (called obfuscator)?
Regards, Madshi.
Regards, Madshi.
ASKER
jkr: I read over the hook information in the link you provided. I can probly use that information for other projects...but I didn't see an obvious way of obtaining the thread handle (unless I missed something). The closest one in the hooks list is WH_DEBUG...but it still only gives the ThreadID. And it would rely on an existing hook in the thread I am tring to get information on.
Madshi: I do not know about the 'magic number'. And until now I have not heard of 'obfuscator'...but am looking it up on the net. I am willing to try any ideas that you have.
If it is necessary, I can increase the point value of the question (double, trippe...whatever). Getting a solution is important, and you will be compensated for your help. So, if your solution does what I need...let me know how much it is worth to you.
Madshi: I do not know about the 'magic number'. And until now I have not heard of 'obfuscator'...but am looking it up on the net. I am willing to try any ideas that you have.
If it is necessary, I can increase the point value of the question (double, trippe...whatever). Getting a solution is important, and you will be compensated for your help. So, if your solution does what I need...let me know how much it is worth to you.
Well, I can give you complete sources for obtaining a thread handle from a thread ID under win9x - but in Delphi!! If you can live with that: Okay. But you should know that it is very hacky and will perhaps not work on Windows Millennium (I have no beta version yet). At least it works under all other win9x versions.
About the points: If you're satisfied with my code you can look how complicated it is and then decide how much it's worth for you... :-)
If you are interested, give me your eMail address. The code is a bit too long to post here...
About the points: If you're satisfied with my code you can look how complicated it is and then decide how much it's worth for you... :-)
If you are interested, give me your eMail address. The code is a bit too long to post here...
P.S: Or write to "madshi@gmx.net".
>>but I didn't see an obvious way of obtaining the thread
>>handle
;-)
extern "C" int APIENTRY DllMain ( HINSTANCE hInstance,
DWORD dwReason,
LPVOID lpReserved
)
{
if ( dwReason == DLL_THREAD_ATTACH)
{
dwTID = GetCurrentThreadId ();
hThread = GetCurrentThread ();
// use 'DuplicateHandle()' on this thread handle and store
// it away with the TID...
}
return ( bRC);
}
>>handle
;-)
extern "C" int APIENTRY DllMain ( HINSTANCE hInstance,
DWORD dwReason,
LPVOID lpReserved
)
{
if ( dwReason == DLL_THREAD_ATTACH)
{
dwTID = GetCurrentThreadId ();
hThread = GetCurrentThread ();
// use 'DuplicateHandle()' on this thread handle and store
// it away with the TID...
}
return ( bRC);
}
Jürgen, lordx needs the handle IN ORDER TO inject the dll (at least that's how I understood him), not AFTER he injected the dll... :-)
Regards, Madshi.
Regards, Madshi.
I know - but it's much easier to install a hook in order to get the handle ;-)
(WOW, I just received the notification on your last comment - 12 HOURS LATER!!! .... Now THAT'S interactivity!)
(WOW, I just received the notification on your last comment - 12 HOURS LATER!!! .... Now THAT'S interactivity!)
By the way - why don't you use Jeffrey Richter's 'injlib' to perform the task?
See http://www.microsoft.com/msj/backissuesindex.htm and download msjmay94.zip ...
See http://www.microsoft.com/msj/backissuesindex.htm and download msjmay94.zip ...
Ooops, MS likes to change URLs :-(
Try ftp://ftp.monash.edu.au/pub/msj/newfiles/MSJMAY94.ZIP instead...
Try ftp://ftp.monash.edu.au/pub/msj/newfiles/MSJMAY94.ZIP instead...
Sorry to disappoint you, Jürgen, but Jeffrey Richter's stuff works only for winNT... It uses CreateRemoteThread which isn't available for win9x. :-(
ASKER
Madshi provided me with the code I was looking for.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the help.
Hi madshi,
I have gone thru the comments and the source code you have provided for lordx is the one I have needed. Could you also send me the source? I am willing to give you points for it.
Thanks.
hakanb@intermat.com.tr
BTW: You can tell me howmany points.
I have gone thru the comments and the source code you have provided for lordx is the one I have needed. Could you also send me the source? I am willing to give you points for it.
Thanks.
hakanb@intermat.com.tr
BTW: You can tell me howmany points.
hakan, did you get the sources? I've sent you the stuff and didn't get any response yet!
Madshi, can you please post the code here?
romi_k, to be honest, I was not too happy with the points I got for this one. I wrote in one comment (when lordx asked me about the points before he had accepted the answer):
>> About the points: If you're satisfied with my code you can look how complicated it is and then decide how much it's worth for you... :-)
And I thought lordx would raise the points. Well, he didn't and I didn't explicitly say he has to. So it was more or less okay for this question. But to be honest I think my solution is worth much more than those 200 points, since I don't know anyone else who knows a way to open a thread in win9x. AFAIK I'm the only one... :-) So I'd rather not post it here. Besides, it's too long to post here... (And furthermore I've worked over it since January 2000 and now it works even for win95 with usb extension (didn't work before) and for winME...)
Regards, Madshi.
>> About the points: If you're satisfied with my code you can look how complicated it is and then decide how much it's worth for you... :-)
And I thought lordx would raise the points. Well, he didn't and I didn't explicitly say he has to. So it was more or less okay for this question. But to be honest I think my solution is worth much more than those 200 points, since I don't know anyone else who knows a way to open a thread in win9x. AFAIK I'm the only one... :-) So I'd rather not post it here. Besides, it's too long to post here... (And furthermore I've worked over it since January 2000 and now it works even for win95 with usb extension (didn't work before) and for winME...)
Regards, Madshi.
ASKER
I appologize for not giving you a fair number of points for your answer. Please accept the points in the windows programming section, since I am unable to change the points after the accepting the answer (this late).
Hi lordx,
well I didn't complain, because I didn't tell you explicitly that I wanted more points. It was my fault.
So the more I thank you very much for the additional points, you're really fair! :-)
Regards, Madshi.
well I didn't complain, because I didn't tell you explicitly that I wanted more points. It was my fault.
So the more I thank you very much for the additional points, you're really fair! :-)
Regards, Madshi.
ASKER
Well, I am sure you put time into developing the code...be it for your own use or to help someone else. I have come to EE many times over the past few years...and asked questions that I didn't think I could ever get an answer too. But to my suprise, someone allways replied (generally within a few hours). My time, like yours, is valuable...and I think you should be compensated for it.
Everytime I get a "there is no way to do that" answer I think it needs to be challenged. The data/information is there, its just a matter of knowing how to manipulate or gain access to it.
Anyways, thanks for your help.
l8r
LX
Everytime I get a "there is no way to do that" answer I think it needs to be challenged. The data/information is there, its just a matter of knowing how to manipulate or gain access to it.
Anyways, thanks for your help.
l8r
LX