Onega

a lot of VC++ posts, a few C# posts, and some miscellaneous stuff

Thursday, December 18, 2008

Windows handle information

some posts on this topic:
http://forum.sysinternals.com/forum_posts.asp?TID=3577&PN=2
http://forum.sysinternals.com/forum_posts.asp?TID=1193&PN=1

posted by Onega | 8:56 AM | 0 comments

Windows thread information

NtQuerySystemInformation (SystemProcessesAndThreadsInformation...) works, GetThreadStartAddress working not as expected/named. NtQueryInformationThread is too. As the bottom of the stack in pre-Vista systems is kernel32!BaseProcessStart or kernel32!BaseThreadStart, one can usually look up one frame in the stack to find the module containing the "ThreadProc".

posted by Onega | 8:12 AM | 0 comments