Guidosoft
March 27th, 2006, 09:58 AM
How to I obtain a thread's handle from it's id?
Click to See Complete Forum and Search --> : Obtain thread handle.
wildfrog
March 27th, 2006, 10:07 AM
Take a look at OpenThread (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/openthread.asp).
- petter
- petter
Guidosoft
March 27th, 2006, 10:40 AM
Its not in my VC6++ Function Popup list. You sure i have it?
wildfrog
March 27th, 2006, 10:44 AM
You sure i have it?I don't have a clue ;)
Maybe you'll need to update your Platform SDK.
- petter
Maybe you'll need to update your Platform SDK.
- petter
golanshahar
March 27th, 2006, 12:40 PM
Its not in my VC6++ Function Popup list. You sure i have it?
You need to update the sdk, or you can try dynamic loading ;)
typedef HANDLE (WINAPI *tOpenThread )(DWORD,BOOL,DWORD );
tOpenThread pOpenThread=0;
HINSTANCE handle = ::LoadLibrary("Kernel32.dll");
if ( handle == 0 )
return;
if (handle)
pOpenThread = (tOpenThread) ::GetProcAddress(handle,"OpenThread");
if ( pOpenThread)
{
// call function
//pOpenThread(,,,);
}
::FreeLibrary(handle);
Cheers
You need to update the sdk, or you can try dynamic loading ;)
typedef HANDLE (WINAPI *tOpenThread )(DWORD,BOOL,DWORD );
tOpenThread pOpenThread=0;
HINSTANCE handle = ::LoadLibrary("Kernel32.dll");
if ( handle == 0 )
return;
if (handle)
pOpenThread = (tOpenThread) ::GetProcAddress(handle,"OpenThread");
if ( pOpenThread)
{
// call function
//pOpenThread(,,,);
}
::FreeLibrary(handle);
Cheers
Guidosoft
March 27th, 2006, 12:46 PM
Can't I just make a header file for it where I can use implicit linking?
philkr
March 27th, 2006, 02:35 PM
If it just doesn't show in the function popup list it could also mean:
You did not include the header file
or
IntelliSense is not working correctly
You did not include the header file
or
IntelliSense is not working correctly
Guidosoft
March 31st, 2006, 11:10 AM
I don't have the function on my system. Is there an alterntivitive way of Obtaining a thread's handle on Win9x?
golanshahar
March 31st, 2006, 12:53 PM
I don't have the function on my system. Is there an alterntivitive way of Obtaining a thread's handle on Win9x?
According to MSDN you cant: Thread handles and thread IDs (http://support.microsoft.com/default.aspx?scid=kb;en-us;Q127992)
Cheers
According to MSDN you cant: Thread handles and thread IDs (http://support.microsoft.com/default.aspx?scid=kb;en-us;Q127992)
Cheers
Bornish
April 2nd, 2006, 04:26 AM
According to MSDN you cant: Thread handles and thread IDs (http://support.microsoft.com/default.aspx?scid=kb;en-us;Q127992)
CheersAccording to MSDN, you can:
Points to Remember When Writing a Debugger for Win32s (http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B121093)
The debugger does not have a handle for the process thread of a process it did not create. To get the handle, Win32s supports a new function, OpenThread(), which is not a part of the Win32 API.
HANDLE OpenThread(dwThreadId);
DWORD dwThreadId; /* The thread ID */
Parameter description:
dwThreadId - Specifies the thread identifier of the thread to open.
Returns:
If the function succeeds, the return value is an open handle of the specified thread; otherwise, it is NULL. To get extended error information, use the GetLastError() API.
Comments:
The handle returned by OpenThread() can be used in any function that requires a handle to a thread.
OpenThread() is exported by KERNEL32.DLL, but is not included in any of the SDK import libraries.Since kernel32.dll exports it, use LoadLibrary("kernel32") to retrieve the handle of the dll, and GetProcAddress(hKernel32,"OpenThread") to get the address of the function.
Have a look with dependency walker at kernel32.dll present on your computer and see if you find the export you need.
Regards,
CheersAccording to MSDN, you can:
Points to Remember When Writing a Debugger for Win32s (http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B121093)
The debugger does not have a handle for the process thread of a process it did not create. To get the handle, Win32s supports a new function, OpenThread(), which is not a part of the Win32 API.
HANDLE OpenThread(dwThreadId);
DWORD dwThreadId; /* The thread ID */
Parameter description:
dwThreadId - Specifies the thread identifier of the thread to open.
Returns:
If the function succeeds, the return value is an open handle of the specified thread; otherwise, it is NULL. To get extended error information, use the GetLastError() API.
Comments:
The handle returned by OpenThread() can be used in any function that requires a handle to a thread.
OpenThread() is exported by KERNEL32.DLL, but is not included in any of the SDK import libraries.Since kernel32.dll exports it, use LoadLibrary("kernel32") to retrieve the handle of the dll, and GetProcAddress(hKernel32,"OpenThread") to get the address of the function.
Have a look with dependency walker at kernel32.dll present on your computer and see if you find the export you need.
Regards,
golanshahar
April 2nd, 2006, 04:37 AM
According to MSDN, you can:
Points to Remember When Writing a Debugger for Win32s (http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B121093)
Since kernel32.dll exports it, use LoadLibrary("kernel32") to retrieve the handle of the dll, and GetProcAddress(hKernel32,"OpenThread") to get the address of the function.
Have a look with dependency walker at kernel32.dll present on your computer and see if you find the export you need.
Regards,
I think you misunderstood me, on windows 2000 and higher you sure can, look at post #5 i even posted a code how to do it.
OP wants to do it on Win98 and this he cant according to the article i posted:
On Windows 95, Windows 98, and Windows NT, there is no way to obtain the thread handle from the thread ID. On these operating systems, a thread handle can be shared with another process by using the DuplicateHandle() function.
Cheers
Points to Remember When Writing a Debugger for Win32s (http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B121093)
Since kernel32.dll exports it, use LoadLibrary("kernel32") to retrieve the handle of the dll, and GetProcAddress(hKernel32,"OpenThread") to get the address of the function.
Have a look with dependency walker at kernel32.dll present on your computer and see if you find the export you need.
Regards,
I think you misunderstood me, on windows 2000 and higher you sure can, look at post #5 i even posted a code how to do it.
OP wants to do it on Win98 and this he cant according to the article i posted:
On Windows 95, Windows 98, and Windows NT, there is no way to obtain the thread handle from the thread ID. On these operating systems, a thread handle can be shared with another process by using the DuplicateHandle() function.
Cheers
Bornish
April 2nd, 2006, 04:50 AM
I think you misunderstood me, on windows 2000 and higher you sure can, look at post #5 i even posted a code how to do it.
OP wants to do it on Win98 and this he cant according to the article i posted:
CheersI have seen that... but do not trust it. There were many functions implemented in Win9x libraries but not "documented" because of the risks of hacking. Moreover, I'm sure there's a way to find that handle, even if that means to try using DuplicateHandle() for all possible inputs (2^32 possibilities). Check MSDN if you don't believe me. DuplicateHandle() is available for Win9x (even Win95). Win9x is returning a handle to a thread when is created... thus, a valid handle associated with the thread exists. A debugger running on Win98 will get notified by thread creation and can store the thread handle for later use. All those related APIs used to get / set thread context, and so on, are available on Win9x and all use a thread handle. Unfortunatelly I don't have a Win9x available to test out some code, but I'm quite sure I could write something to get a thread handle from its ID.
Best regards,
OP wants to do it on Win98 and this he cant according to the article i posted:
CheersI have seen that... but do not trust it. There were many functions implemented in Win9x libraries but not "documented" because of the risks of hacking. Moreover, I'm sure there's a way to find that handle, even if that means to try using DuplicateHandle() for all possible inputs (2^32 possibilities). Check MSDN if you don't believe me. DuplicateHandle() is available for Win9x (even Win95). Win9x is returning a handle to a thread when is created... thus, a valid handle associated with the thread exists. A debugger running on Win98 will get notified by thread creation and can store the thread handle for later use. All those related APIs used to get / set thread context, and so on, are available on Win9x and all use a thread handle. Unfortunatelly I don't have a Win9x available to test out some code, but I'm quite sure I could write something to get a thread handle from its ID.
Best regards,
golanshahar
April 2nd, 2006, 08:31 AM
I have seen that... but do not trust it. There were many functions implemented in Win9x libraries but not "documented" because of the risks of hacking.
Moreover, I'm sure there's a way to find that handle, even if that means to try using DuplicateHandle() for all possible inputs (2^32 possibilities). Check MSDN if you don't believe me. DuplicateHandle() is available for Win9x (even Win95). Win9x is returning a handle to a thread when is created... thus, a valid handle associated with the thread exists. A debugger running on Win98 will get notified by thread creation and can store the thread handle for later use. All those related APIs used to get / set thread context, and so on, are available on Win9x and all use a thread handle. Unfortunatelly I don't have a Win9x available to test out some code, but I'm quite sure I could write something to get a thread handle from its ID.
Best regards,
Undocumented functions is different case, of course there are plenty and the usage of them is somehow risky since its not document from reasons :D but its up to you to take the consequences if problems occurs.
But in this case MSDN says black on white that you cant do it (something that you wont read about undocumented function cause by definition they are not documented :p ).
Maybe there is a way to hack it, but I would think on other alternative cause I don’t think It ok to ship a program to clients when you know you did something that theoretically shouldn’t work and even If you hack it you are not sure what other damage you can make along the away. :wave:
Cheers
Moreover, I'm sure there's a way to find that handle, even if that means to try using DuplicateHandle() for all possible inputs (2^32 possibilities). Check MSDN if you don't believe me. DuplicateHandle() is available for Win9x (even Win95). Win9x is returning a handle to a thread when is created... thus, a valid handle associated with the thread exists. A debugger running on Win98 will get notified by thread creation and can store the thread handle for later use. All those related APIs used to get / set thread context, and so on, are available on Win9x and all use a thread handle. Unfortunatelly I don't have a Win9x available to test out some code, but I'm quite sure I could write something to get a thread handle from its ID.
Best regards,
Undocumented functions is different case, of course there are plenty and the usage of them is somehow risky since its not document from reasons :D but its up to you to take the consequences if problems occurs.
But in this case MSDN says black on white that you cant do it (something that you wont read about undocumented function cause by definition they are not documented :p ).
Maybe there is a way to hack it, but I would think on other alternative cause I don’t think It ok to ship a program to clients when you know you did something that theoretically shouldn’t work and even If you hack it you are not sure what other damage you can make along the away. :wave:
Cheers
Bornish
April 2nd, 2006, 09:36 AM
Undocumented functions is different case, of course there are plenty and the usage of them is somehow risky since its not document from reasons :D but its up to you to take the consequences if problems occurs.
But in this case MSDN says black on white that you cant do it (something that you wont read about undocumented function cause by definition they are not documented :p ).
Maybe there is a way to hack it, but I would think on other alternative cause I don’t think It ok to ship a program to clients when you know you did something that theoretically shouldn’t work and even If you hack it you are not sure what other damage you can make along the away. :wave:
CheersOpenThread isn't an undocumented function. Win98 is one of the Win32s (and the article from MSDN of which link I've posted applies to Debuggers in Win32s) which supports thread handles, as clearly says that article about writing debuggers in Win32s, even that OpenThread was not defined in the SDK. Read the documentation of all the related APIs:
CreateThread (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/createthread.asp)
SuspendThread (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/suspendthread.asp)
ResumeThread (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/resumethread.asp)
TerminateThread (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/terminatethread.asp)
GetThreadPriority (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/getthreadpriority.asp)
SetThreadPriority (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/setthreadpriority.asp)
GetThreadContext (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/debug/base/getthreadcontext.asp)
SetThreadContext (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/debug/base/setthreadcontext.asp)
They all document the thread handle usage under Win98.
Coming back to the paragraph from MSDN that "says black on white that you can't do it":Windows NT and Windows Me/98/95: There is no way to get the thread handle from the thread identifier. If the handles were made available this way, the owning process could fail because another process unexpectedly performed an operation on one of its threads, such as suspending it, resuming it, adjusting its priority, or terminating it. Instead, you must request the handle from the thread creator or the thread itself.So, they are available, but not through the SDK... for security reasons. In fact, debuggers writters are instructed how to get them.
Now is the time to ask Guidosoft why is he trying to retrieve a thread handle from a thread id under Win98. Then we'll see if he should "hack" for these handles or not (since his implementation will crash the system or something) because of some incompatibilities.
Do you agree, golanshahar?
But in this case MSDN says black on white that you cant do it (something that you wont read about undocumented function cause by definition they are not documented :p ).
Maybe there is a way to hack it, but I would think on other alternative cause I don’t think It ok to ship a program to clients when you know you did something that theoretically shouldn’t work and even If you hack it you are not sure what other damage you can make along the away. :wave:
CheersOpenThread isn't an undocumented function. Win98 is one of the Win32s (and the article from MSDN of which link I've posted applies to Debuggers in Win32s) which supports thread handles, as clearly says that article about writing debuggers in Win32s, even that OpenThread was not defined in the SDK. Read the documentation of all the related APIs:
CreateThread (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/createthread.asp)
SuspendThread (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/suspendthread.asp)
ResumeThread (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/resumethread.asp)
TerminateThread (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/terminatethread.asp)
GetThreadPriority (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/getthreadpriority.asp)
SetThreadPriority (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/setthreadpriority.asp)
GetThreadContext (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/debug/base/getthreadcontext.asp)
SetThreadContext (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/debug/base/setthreadcontext.asp)
They all document the thread handle usage under Win98.
Coming back to the paragraph from MSDN that "says black on white that you can't do it":Windows NT and Windows Me/98/95: There is no way to get the thread handle from the thread identifier. If the handles were made available this way, the owning process could fail because another process unexpectedly performed an operation on one of its threads, such as suspending it, resuming it, adjusting its priority, or terminating it. Instead, you must request the handle from the thread creator or the thread itself.So, they are available, but not through the SDK... for security reasons. In fact, debuggers writters are instructed how to get them.
Now is the time to ask Guidosoft why is he trying to retrieve a thread handle from a thread id under Win98. Then we'll see if he should "hack" for these handles or not (since his implementation will crash the system or something) because of some incompatibilities.
Do you agree, golanshahar?
golanshahar
April 2nd, 2006, 11:24 AM
OpenThread isn't an undocumented function. Win98 is one of the Win32s (and the article from MSDN of which link I've posted applies to Debuggers in Win32s) which supports thread handles, as clearly says that article about writing debuggers in Win32s, even that OpenThread was not defined in the SDK. Read the documentation of all the related APIs:
CreateThread (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/createthread.asp)
SuspendThread (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/suspendthread.asp)
ResumeThread (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/resumethread.asp)
TerminateThread (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/terminatethread.asp)
GetThreadPriority (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/getthreadpriority.asp)
SetThreadPriority (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/setthreadpriority.asp)
GetThreadContext (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/debug/base/getthreadcontext.asp)
SetThreadContext (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/debug/base/setthreadcontext.asp)
They all document the thread handle usage under Win98.
Of course there are thread handles under win98 i never said there aren't :D.
And ::OpenThread() is part of the Platform SDK which available from win200 and higher.
One thing that you assume and is not absolutely correct is that win98 is not pure 32 bit ;)
Coming back to the paragraph from MSDN that "says black on white that you can't do it":So, they are available, but not through the SDK... for security reasons. In fact, debuggers writters are instructed how to get them.
Now is the time to ask Guidosoft why is he trying to retrieve a thread handle from a thread id under Win98. Then we'll see if he should "hack" for these handles or not (since his implementation will crash the system or something) because of some incompatibilities.
Do you agree, golanshahar?
I do agree that OP should answer what exactly he is trying to do.
And i do agree that it can probably be done by hacking - what i am saying is that hacking should be the last alternative to write software. (Hey but that’s only my unaccounted opinion :D )
Cheers
CreateThread (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/createthread.asp)
SuspendThread (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/suspendthread.asp)
ResumeThread (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/resumethread.asp)
TerminateThread (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/terminatethread.asp)
GetThreadPriority (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/getthreadpriority.asp)
SetThreadPriority (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/setthreadpriority.asp)
GetThreadContext (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/debug/base/getthreadcontext.asp)
SetThreadContext (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/debug/base/setthreadcontext.asp)
They all document the thread handle usage under Win98.
Of course there are thread handles under win98 i never said there aren't :D.
And ::OpenThread() is part of the Platform SDK which available from win200 and higher.
One thing that you assume and is not absolutely correct is that win98 is not pure 32 bit ;)
Coming back to the paragraph from MSDN that "says black on white that you can't do it":So, they are available, but not through the SDK... for security reasons. In fact, debuggers writters are instructed how to get them.
Now is the time to ask Guidosoft why is he trying to retrieve a thread handle from a thread id under Win98. Then we'll see if he should "hack" for these handles or not (since his implementation will crash the system or something) because of some incompatibilities.
Do you agree, golanshahar?
I do agree that OP should answer what exactly he is trying to do.
And i do agree that it can probably be done by hacking - what i am saying is that hacking should be the last alternative to write software. (Hey but that’s only my unaccounted opinion :D )
Cheers
Bornish
April 2nd, 2006, 11:42 AM
Agree that Win98 can mix 16 bit with 32 bit. :)
Hey, then the op can choose his approach... he's been warned! :D
Cheers,
Hey, then the op can choose his approach... he's been warned! :D
Cheers,
Siddhartha
April 2nd, 2006, 05:31 PM
Its not in my VC6++ Function Popup list. You sure i have it?Instead of asking us whether your environment supports an API... Why not simply include the right header, use the API and compile?
(It takes less time too!)
The (so-called) "Function Popup" is not a replacement for the compiler. It doesn't need to be consistent, and when it works it doesnt mean that your code will compile.
Compilation Success is the proof of the pudding.
Not intellisense support.
(It takes less time too!)
The (so-called) "Function Popup" is not a replacement for the compiler. It doesn't need to be consistent, and when it works it doesnt mean that your code will compile.
Compilation Success is the proof of the pudding.
Not intellisense support.
Guidosoft
April 3rd, 2006, 10:49 AM
I am making a program called System Observatory. It will let me control processes, modules, threads and all the such. I've decided to make a bunch of the things I wanted to do with the system all in what application.
Siddhartha
April 3rd, 2006, 11:01 AM
I am making a program called System Observatory. It will let me control processes, modules, threads and all the such. In that case, these -
Different ways of Enumerating Processes (http://www.alexfedotov.com/articles/enumproc.asp)
Tool Help Library: Enumerating Processes, Threads and Modules on the System (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/perfmon/base/taking_a_snapshot_and_viewing_processes.asp)
Articles are a must-read.
Different ways of Enumerating Processes (http://www.alexfedotov.com/articles/enumproc.asp)
Tool Help Library: Enumerating Processes, Threads and Modules on the System (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/perfmon/base/taking_a_snapshot_and_viewing_processes.asp)
Articles are a must-read.
Guidosoft
April 3rd, 2006, 12:36 PM
I know how to enumerate processes, modules, threads, and windows. What I don't know is how to obtain the thread handles so I can remotley terminate them like I want.
Siddhartha
April 3rd, 2006, 12:39 PM
I know how to enumerate processes, modules, threads, and windows. What I don't know is how to obtain the thread handles so I can remotley terminate them like I want.Well... In the code that enumerates threads, you get the Thread Id... And all you need to do is to call OpenThread (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/openthread.asp) to get the handle... Ditto for the Process (OpenProcess).
Once, you have the handle... Given the correct Privileges, you can control the object.
Once, you have the handle... Given the correct Privileges, you can control the object.
Guidosoft
April 3rd, 2006, 12:46 PM
But I have Windows 98. Its not in my SDK so do I just use GetProcAddress then?
Siddhartha
April 3rd, 2006, 12:48 PM
Okay... If it is not in your SDK - I would first recommend that you update your SDK... Else, GetProcAddress is your only way... As already mentioned.
Guidosoft
April 5th, 2006, 09:26 AM
I checked depends. It's not there.
Siddhartha
April 5th, 2006, 09:27 AM
Well... We have told you whats to be done in that event - right? ;)
codeguru.com
Copyright Internet.com Inc., All Rights Reserved.
Copyright Internet.com Inc., All Rights Reserved.