windows - Get Thread's Start Address for External Process in C# -


i've setup simple c# program. have imported kernel32.dll openprocess, readprocessmemory , writeprocessmemory.

i've acquired external process process class.

how can startaddress thread #0 specific processthread?

process process = process.getprocessesbyname("calculator")[0]; if (process == null) {     console.writeline("process not found");     return; }  foreach (processthread thread in process.threads) {     console.writeline(thread.startaddress); }

the result of code above is:

-157479632 -157479632 -157479632 -157479632 0 -157479632 -157479632 -157479632 -157479632 -157479632 -157479632 -157479632

why there 0's , rest same , negative?

in thread object (struct _ethread) exist 2 different start address - startaddress - address thread begin execute after walk throughout dlls via ldrinitializethunk. exist second address - win32startaddress. sense of address - when create thread win32 function create[remothe]thread (or shell) - win32 level set common thread startaddress ntdll.rtlthreadthreadstart (name of function depend windows version, on xp - name) , actual lpstartaddress passed create[remothe]thread parameter. rtlthreadthreadstart call actual lpstartaddress. lpstartaddress , stored in win32startaddress.

because threads created via win32 create[remothe]thread - have same startaddress (for have startaddress need direct call low-level api rtlcreateuserthread. in system process - startaddress actual thread start address in kernel)

when use code

foreach (processthread thread in process.threads) {     console.writeline(thread.startaddress); }

you got startaddress - , absolute normal in case give same address. in case can got 0 or incorrect value - because in version windows startaddress saved in union member , can overwritten.

for win32startaddress must have opened thread handle thread_query_limited_information or thread_query_information , call zwqueryinformationthread threadquerysetwin32startaddress

    pvoid pv;     zwqueryinformationthread(hthread, threadquerysetwin32startaddress, &pv, sizeof(pv), 0);

and all negative?

because incorrect print thread address - pointer. print signed integer. must print in hex pointer %p format


Comments

Post a Comment

Popular posts from this blog

resizing Telegram inline keyboard -

telegram's inline keyboard great feature lots of different use cases. inline buttons added list of items this: inline_keyboard = [[inlinekeyboardbutton(text="button", callback_data="button"), inlinekeyboardbutton(text="reset",callback_data="reset")]] inline_keyboard_markup = inlinekeyboardmarkup(inline_keyboard) update.message.reply_text("hi", reply_markup=inline_keyboard_markup) the above code adds 2 buttons each half width of chat screen. i know the normal keyboard button there resize_keyboard parameter somehow can used. my question is there way resize inline buttons ? example make full width or quarter width. unfortunately, can't now. :( you can suggest @botsupport , might add feature next version.
Read more

command line - How can a Python program background itself? -

consider following python command-line program. doesn't work because incomplete, think illustrates problem: #!/usr/bin/python3 import multiprocessing pool = multiprocessing.pool() task in expensive_iterator_with_user_interaction(): pool.call_async(expensive_computation, (task,)) pool.close() print("dear user, may press ctrl-z , bg script.") pool.join() thus, problem scripts needs user input while it's launching expensive parallel processes. there moment when user interaction not needed anymore. then, ask user background process shell actions. however, can achieved program itself? (side note: core of problem entanglement of user input firing “expensive computations”. therefore, cannot separate both in 2 scripts, , letting 1 spawning other daemon.) the command screen may you. use screen -l create new session , run application. after inputting data, can press " ctrl-a " , press " d " on keyboard detach session. now
Read more

php - "cURL error 28: Resolving timed out" on Wordpress on Azure App Service on Linux -

Image
my wordpress installation on azure app service on linux using custom docker container has slow response times. pages take around 20-40 seconds load. i have troubleshooting plugin installed indicates problem "curl error 28: resolving timed out after n milliseconds" when making requests following urls https://api.wordpress.org/core/version-check/1.7/ http://api.wordpress.org/core/version-check/1.7/ https://api.wordpress.org/plugins/update-check/1.1/ http://api.wordpress.org/plugins/update-check/1.1/ https://api.wordpress.org/themes/update-check/1.1/ http://api.wordpress.org/themes/update-check/1.1/ curl works fine on scm-site command line. example works ok. curl -x post http://api.wordpress.org/core/version-check/1.7/ edit if ssh container , run php code, works fine. <?php $url = 'http://api.wordpress.org/core/version-check/1.7/'; $fields = array( 'version' => urlencode('4.8.1'), 'php' => urlencode(
Read more