Everhart, Glenn From: Rick Howard [rickh@mijenix.com] Sent: Monday, January 25, 1999 11:03 AM To: Dell Setzer; ntdev@atria.com Subject: RE: [ntdev] Enumerating Threads This takes advantage of the undocumented NTDLL function NTQuerySystemInformation. usage: XYZ() { THREADINFO tiList[ 128 ]; DWORD dwCount; dwCount = GetThreadList( tiList, 128, ); } //////////// The code /////////////// typedef struct _tagThreadInfo { FILETIME ftCreationTime; DWORD dwUnknown1; DWORD dwStartAddress; DWORD dwOwningPID; DWORD dwThreadID; DWORD dwCurrentPriority; DWORD dwBasePriority; DWORD dwContextSwitches; DWORD dwThreadState; DWORD dwWaitReason; DWORD dwUnknown2[ 5 ]; } THREADINFO, *PTHREADINFO; #pragma warning( disable:4200 ) // Zero sized array typedef struct _tagProcessInfo { DWORD dwOffset; DWORD dwThreadCount; DWORD dwUnknown1[ 6 ]; FILETIME ftCreationTime; DWORD dwUnknown2[ 5 ]; WCHAR* pszProcessName; DWORD dwBasePriority; DWORD dwProcessID; DWORD dwParentProcessID; DWORD dwHandleCount; DWORD dwUnknown3; DWORD dwUnknown4; DWORD dwVirtualBytesPeak; DWORD dwVirtualBytes; DWORD dwPageFaults; DWORD dwWorkingSetPeak; DWORD dwWorkingSet; DWORD dwUnknown5; DWORD dwPagedPool; DWORD dwUnknown6; DWORD dwNonPagedPool; DWORD dwPageFileBytesPeak; DWORD dwPrivateBytes; DWORD dwPageFileBytes; DWORD dwUnknown7[ 4 ]; THREADINFO ti[ 0 ]; } _PROCESSINFO, *PPROCESSINFO; #pragma warning( default:4200 ) long ( __stdcall *NtQuerySystemInformation )( ULONG, PVOID, ULONG, ULONG ) = NULL; DWORD GetThreadList( PTHREADINFO pThreadList, DWORD dwSize, DWORD dwProcessId ) { PBYTE pbyInfo = NULL; DWORD cInfoSize = 0x2000; DWORD dwCount = 0; if ( !NtQuerySystemInformation ) NtQuerySystemInformation = ( long ( __stdcall * )( ULONG, PVOID, ULONG, ULONG ) ) GetProcAddress( GetModuleHandle( "ntdll.dll" ), "NtQuerySystemInformation" ); pbyInfo = ( PBYTE ) malloc( cInfoSize ); if ( pbyInfo ) { while ( NtQuerySystemInformation( 5, pbyInfo, cInfoSize, 0 ) == STATUS_INFO_LENGTH_MISMATCH ) { cInfoSize += 0x2000; pbyInfo = ( PBYTE ) realloc( pbyInfo, cInfoSize ); } PPROCESSINFO pProcessInfo = ( PPROCESSINFO ) pbyInfo; bool bLast = false; do { if ( pProcessInfo->dwOffset == 0 ) bLast = true; if ( pProcessInfo->dwProcessID == dwProcessId ) { PTHREADINFO pThreadInfo = NULL; dwCount= pProcessInfo->dwThreadCount; for ( DWORD i = 0; i < pProcessInfo->dwThreadCount && i < dwSize; ++i ) { pThreadInfo = &pProcessInfo->ti[ i ]; pThreadList[ i ] = *pThreadInfo; } break; } pProcessInfo = ( PPROCESSINFO ) ( ( PBYTE ) pProcessInfo + pProcessInfo->dwOffset ); } while( bLast == false ); free( pbyInfo ); } return dwCount; } Rick Howard Mijenix Corporation > -----Original Message----- > From: owner-ntdev@atria.com [mailto:owner-ntdev@atria.com]On Behalf Of > Dell Setzer > Sent: Friday, January 22, 1999 8:54 AM > To: ntdev@atria.com > Subject: [ntdev] Enumerating Threads > > > Does anyone know a relatively painless way to enumerate all the threads > in a process? I want to > generate a list of all the thread IDs belonging to the calling process, > and the only way I've found so far is to > grovel through the performance registry entries (yuck). Is there an > easier way? If not, can anyone show > me a code snippet that will do this? > > TIA, > > Dell Setzer > Track Data Corp > dws@tdc.com > > > > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > [ To unsubscribe, send email to ntdev-request@atria.com with body > UNSUBSCRIBE (the subject is ignored). ] > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - [ To unsubscribe, send email to ntdev-request@atria.com with body UNSUBSCRIBE (the subject is ignored). ]