在一个线程出现异常行为时,比如说CPU占用率过高,抛出异常等,你一定想知道这个线程是由哪个模块创建的。因此无论在哪个操作系统上,获取线程名称是诊断线程相关问题的重要一步。 从线程ID获取线程名称通常的方法是,先获取该线程的入口地址,然后枚举进程内所有已加载模块,最后判断线程入口地址落在哪个加载模块范围内。枚举进程内已加载模块可用Win32标准的CreateToolhelp32Snapshot/Module32First/Module32Next系列ToolHelp API得到。获取线程入口地址则没有线程的Win32 API可用。不过在Windows NT based操作系统上(包括Windows NT 4.0/2000/XP/2003,等),有一个未公开的Native API可用:NtQueryInformationThread。其声明如下:
DWORD WINAPI NtQueryInformationThread( HANDLE ThreadHandle, THREAD_INFORMATION_CLASS ThreadInformationClass, PVOID ThreadInformation, ULONG ThreadInformationLength, PULONG ReturnLength );获取线程入口地址可用:
DWORD GetThreadStartAddress(DWORD dwThreadId)...{ HANDLE hThread = OpenThread(THREAD_ALL_ACCESS, FALSE, dwThreadId); DWORD retaddr, len, error; retaddr = len = 0; error = NtQueryInformationThread( hThread, 9, &retaddr, sizeof(retaddr), &len ); CloseHandle(hThread); if( error != 0 ) retaddr = 0; return retaddr;}在Windows CE上就没这么幸运了,没有任何现成的API可用。官方Windows CE Base Team的blog对这个问题的回答是可以用Remote Kernel Tracker,不过这需要你build一个特殊的kernel image,enable一些profiler功能-这在显示的问题诊断中显然是不实际的。那么有没有办法不需要什么特殊的配置就可像Windows桌面操作系统那样获得入口地址呢?有是有的,不过需要一些hack手段。仔细研究CE下的Thread内核数据结构,就会发现Thread结构中有一项是记录线程入口地址的。
typedef struct Thread ...{ DWORD _1[3]; PPROCESS pProc; /**//* 0C: pointer to current process */ PPROCESS pOwnerProc; /**//* 10: pointer to owner process */ DWORD _2[18]; DWORD dwStartAddr; /**//* 5c: thread PC at creation, used to get thread name */ DWORD _3[10];}THREAD, *PTHREAD; /**//* Thread */因此要做的就是想办法根据线程ID或handle得到这个数据。再研究,发现线程的Thread内核数据结构可通过句柄得到:
PTHREAD pTh = HandleToThread(ThreadHandle);而且,在Windows CE下,线程ID和其handle的值是一样的!!因此我们可以写一个这样的函数从线程ID拿到入口地址:
DWORD GetThreadStartAddress(DWORD dwThreadId)...{ DWORD dwStartAddress = 0; BOOL fOldMode = SetKMode(TRUE); PTHREAD pTh = HandleToThread((HANDLE)dwThreadId); if (pTh) ...{ dwStartAddress = (DWORD)MapPtrToProcess((LPVOID)pTh->dwStartAddr, pTh->pOwnerProc->hProc); } return dwStartAddress;}为了使用这些内核数据结构,我们还需要另外一些辅助结构和函数,比较完整的代码如下。当然,官方肯定是不建议这么做的,但是重要的是解决问题,你说呢。
typedef struct Process ...{ DWORD _1[2]; HANDLE hProc; /**//* 08: handle for this process, needed only for SC_GetProcFromPtr */}PROCESS, *PPROCESS;typedef struct Thread ...{ DWORD _1[3]; PPROCESS pProc; /**//* 0C: pointer to current process */ PPROCESS pOwnerProc; /**//* 10: pointer to owner process */ DWORD _2[18]; DWORD dwStartAddr; /**//* 5c: thread PC at creation, used to get thread name */ DWORD _3[10];}THREAD, *PTHREAD; /**//* Thread */
typedef struct cinfo ...{ char acName[4]; /**//* 00: object type ID string */ uchar disp; /**//* 04: type of dispatch */ uchar type; /**//* 05: api handle type */ ushort cMethods; /**//* 06: # of methods in dispatch table */ const PFNVOID *ppfnMethods;/**//* 08: ptr to array of methods (in server address space) */ const DWORD *pdwSig; /**//* 0C: ptr to array of method signatures */ PPROCESS pServer; /**//* 10: ptr to server process */} CINFO; /**//* cinfo */typedef CINFO *PCINFO;
typedef struct _HDATA HDATA, *PHDATA;struct _HDATA ...{ DWORD _1[2]; /**//* 00: links for active handle list */ HANDLE hValue; /**//* 08: Current value of handle (nonce) */ DWORD lock; /**//* 0C: access information */ DWORD ref; /**//* 10: reference information */ const CINFO *pci; /**//* 14: ptr to object class description structure */ PVOID pvObj; /**//* 18: ptr to object */ DWORD dwInfo; /**//* 1C: extra handle info */}; /**//* 20: sizeof(HDATA) */
#ifdef x86struct KDataStruct ...{ LPDWORD lpvTls; /**//* 0x000 Current thread local storage pointer */ HANDLE ahSys[NUM_SYS_HANDLES]; /**//* 0x004 If this moves, change kapi.h */ DWORD _1[4]; ulong handleBase; /**//* 0x094 base address of handle table */}; /**//* KDataStruct */#endif#ifdef ARMstruct KDataStruct ...{ LPDWORD lpvTls; /**//* 0x000 Current thread local storage pointer */ HANDLE ahSys[NUM_SYS_HANDLES]; /**//* 0x004 If this moves, change kapi.h */ DWORD _1[6]; ulong handleBase; /**//* 0x09c handle table base address */}; /**//* KDataStruct */#endif
#define HandleToThread(h) ((THREAD *)GetObjectPtrByType((h),SH_CURTHREAD))#define HANDLE_ADDRESS_MASK 0x1ffffffc
void h2p(HANDLE h, PHDATA& phdRet)...{ if ((ulong)h < NUM_SYS_HANDLES+SYS_HANDLE_BASE && (ulong)h >= SYS_HANDLE_BASE) h = ((KDataStruct*)PUserKData)->ahSys[(uint)h-SYS_HANDLE_BASE]; if (h) ...{ phdRet = (PHDATA)(((ulong)h & HANDLE_ADDRESS_MASK) + ((KDataStruct*)PUserKData)->handleBase); if (phdRet->hValue != h) phdRet = 0; } else phdRet = 0;}
PVOID GetObjectPtrByType(HANDLE h, int type)...{ PHDATA phd; h2p(h, phd); return (phd && phd->pci && phd->pci->type==type) ? phd->pvObj : 0;}
extern "C" LPVOID WINAPI MapPtrToProcess(LPVOID lpv, HANDLE hProc);extern "C" BOOL WINAPI SetKMode(BOOL fMode);
DWORD GetThreadStartAddress(DWORD dwThreadId)...{ DWORD dwStartAddress = 0; BOOL fOldMode = SetKMode(TRUE); PTHREAD pTh = HandleToThread((HANDLE)dwThreadId); if (pTh) ...{ dwStartAddress = (DWORD)MapPtrToProcess((LPVOID)pTh->dwStartAddr, pTh->pOwnerProc->hProc); } return dwStartAddress;}
本文来自博客,转载请标明出处:http://blog.csdn.net/singlerace/archive/2006/11/11/1379453.aspx
