NtQuerySystemInformation枚举当前进程所有线程

NtQuerySystemInformation枚举当前进程所有线程

		ULONG size = 0;
		if (NtQuerySystemInformation(SystemProcessInformation, nullptr, 0, &size) !=
			STATUS_INFO_LENGTH_MISMATCH){
			assert(!"failed at"__FUNCTION__);
		}
		ManagedMemoryBlock<byte> sys_info(++size);
		NtQuerySystemInformation(SystemProcessInformation, sys_info, size, &size);

		String filename(MAX_PATH);
		GetModuleFileName(GetModuleHandle(NULL), filename, MAX_PATH);
		filename = filename.Substring(filename.LastIndexOfR(_T("\\")));

		auto si = sys_info.ToAny<SYSTEM_PROCESS_INFORMATION>();
		while (si->NextEntryOffset)
		{
			if (si->ImageName.Buffer != nullptr && wcscmp(si->ImageName.Buffer, filename.ToWideChar()) == 0){
				while (si->NumberOfThreads > 0)
				{
					auto tp = reinterpret_cast<PSYSTEM_THREAD>(&si->Threads[--si->NumberOfThreads]);
// 					auto start_ = global_loader->base_module_handle->headers->OptionalHeader.ImageBase;
// 					auto end_ = start_ + global_loader->base_module_handle->headers->OptionalHeader.SizeOfImage;
// 					if (start_ <= reinterpret_cast<DWORD>(tp->StartAddress) && end_ >= reinterpret_cast<DWORD>(tp->StartAddress))
// 					{
// 						tp->State = tp->State;
// 					} //if
				}
			} //if
			si = reinterpret_cast<SYSTEM_PROCESS_INFORMATION *>(reinterpret_cast<byte *>(si)+si->NextEntryOffset);

		}