您好我正在尝试获取系统上64位进程的线程上下文。我尝试使用具有正确功能的32位和64位解决方案。但我总是得到错误'0x57',无效的参数。来自64位代码的简短样本。
// open a handle to the thread
HANDLE hThread = OpenThread(THREAD_GET_CONTEXT | THREAD_SET_CONTEXT |
THREAD_SUSPEND_RESUME | THREAD_QUERY_INFORMATION, FALSE,
atoi(argv[1]));
if(hThread == NULL) {
printf("Error opening thread handle.. 0x%08x\n", GetLastError());
return 0;
}
// suspend the thread
if(Wow64SuspendThread(hThread ) == -1) {
printf("Error suspending thread.. 0x%08x\n", GetLastError());
CloseHandle(hThread );
return 0;
}
// get the thread context
WOW64_CONTEXT orig_ctx = {WOW64_CONTEXT_FULL };
if(GetThreadContext(hThread , &orig_ctx) == FALSE) {
printf("Error 0x%08x\n", GetLastError());
CloseHandle(hThread );
return 0;
}
我怀疑句柄是错误的,代码在32位进程上正常工作。我非常感谢任何帮助或建议。提前谢谢!
答案 0 :(得分:0)
以下代码在编译为64位应用程序时成功检索64位线程的线程上下文。
// threadcontext.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
#include <Windows.h>
#include <tchar.h>
int _tmain(int argc, _TCHAR* argv[])
{
// open a handle to the thread
HANDLE hThread = OpenThread(THREAD_GET_CONTEXT | THREAD_SET_CONTEXT |
THREAD_SUSPEND_RESUME | THREAD_QUERY_INFORMATION, FALSE, _ttoi(argv[1]));
if(hThread == NULL) {
printf("Error opening thread handle.. 0x%08x\n", GetLastError());
return 0;
}
// suspend the thread
if(SuspendThread(hThread ) == -1) {
printf("Error suspending thread.. 0x%08x\n", GetLastError());
CloseHandle(hThread );
return 0;
}
// get the thread context
CONTEXT orig_ctx = { 0 };
orig_ctx.ContextFlags = CONTEXT_FULL;
if(GetThreadContext(hThread , &orig_ctx) == FALSE) {
printf("Error 0x%08x\n", GetLastError());
CloseHandle(hThread );
return 0;
}
return 0;
}
有一点需要注意的是,没有混合普通电话和Wow64电话。 Wow64调用用于获取有关在64位系统上运行的32位进程的信息。
另一个更正是ContextFlags成员的设置。您试图在初始化期间设置它,但ContextFlags成员不是结构中的第一个成员。