Hi!
Does anybody know if it's possible to identify a thread creation in another process?
The process must be asking it from the OS, so can we intercept this request somehow?
thanks :)
Identifying a new thread in another process...
Sure; there's a couple of ways at least. The easiest is probably to attach to the process as a debugger; that'll get you a list of events such as forking of threads that you can monitor. At the other end of the scale is kernel API hooking, although I'm not personally up to date on the techniques for that so I can't make any specific recommendations offhand.
Author
Ok, then I will need to start that process with "DEBUG_PROCESS". will it affect the performance of the debugged process?
Quote:Original post by Idov
Ok, then I will need to start that process with "DEBUG_PROCESS". will it affect the performance of the debugged process?
Possibly.
What are you really trying to do?
Quote:Original post by AntheusQuote:Original post by Idov
Ok, then I will need to start that process with "DEBUG_PROCESS". will it affect the performance of the debugged process?
Possibly. Or it might not be possible to attach any useful debugging hook at all, either due to security or due to active counter-measures within application itself.
What are you really trying to do?
Author
Quote:Original post by AntheusQuote:Original post by AntheusQuote:Original post by Idov
Ok, then I will need to start that process with "DEBUG_PROCESS". will it affect the performance of the debugged process?
Possibly. Or it might not be possible to attach any useful debugging hook at all, either due to security or due to active counter-measures within application itself.
What are you really trying to do?
I'm trying to write a little profiler, so instead of going through all the threads in the system and picking those which belong to the other process, I'm trying to get them directly. :)
So you just need a list of running threads, but not a thread fork event monitor?
Look at Thread32First and Thread32Next.
Look at Thread32First and Thread32Next.
Author
Quote:Original post by ApochPiQ
So you just need a list of running threads, but not a thread fork event monitor?
Look at Thread32First and Thread32Next.
yes, I know these methods, but why go through all the threads if I can get only the ones I want?
I don't understand your question. A snapshot is of a single process, and you need all the threads from a process, so how is that different from "the ones you want"?
Author
Quote:Original post by ApochPiQ
I don't understand your question. A snapshot is of a single process, and you need all the threads from a process, so how is that different from "the ones you want"?
Because it returns all the threads from all the processes in the time of the snapshot.
"Includes all threads in the system in the snapshot. To enumerate the threads, see Thread32First.
To identify the threads that belong to a specific process, compare its process identifier to the th32OwnerProcessID member of the THREADENTRY32 structure when enumerating the threads."
I want to know only about a specific process without getting threads I really don't care about...
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
