Hi!
I am Trying to get all the threads ID’s of my process threads in kernel mode.
Is there any way to enumerate threads like CreateToolhelp32Snapshot() in my driver?
SapGr
Unfortunately there is no documented method of achieving this in kernel
mode. If you want to use undocumented functions (strongly advised against)
you could look into ZwQuerySytemInformation - if you specify
SystemProcessInformation as SystemInformationClass it gives you a list of
all the processes active in the system and for each of them it also
provides the list of threads.
But the safer and cleaner method would be to call the
CreateToolhelp32Snapshot function in a user mode application and send the
results to your driver.
On 20 September 2015 at 15:10, wrote:
> Hi!
> I am Trying to get all the threads ID’s of my process threads in kernel
> mode.
> Is there any way to enumerate threads like CreateToolhelp32Snapshot() in
> my driver?
>
> SapGr
>
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
>
> OSR is HIRING!! See http://www.osr.com/careers
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
Why do you need this and what type of driver do you have ?
If you have boot driver I would suggest calling
PsSetCreateThreadNotifyRoutine (and process notify of course ) and keep
track yourself of all the threads in the processes that way.
Then when you need to query some information like that just use your own
internal queues of processes/threads.
Gabriel.
On Sun, Sep 20, 2015 at 3:34 PM, Gurzou Alexandru <
xxxxx@gmail.com> wrote:
Unfortunately there is no documented method of achieving this in kernel
mode. If you want to use undocumented functions (strongly advised against)
you could look into ZwQuerySytemInformation - if you specify
SystemProcessInformation as SystemInformationClass it gives you a list of
all the processes active in the system and for each of them it also
provides the list of threads.But the safer and cleaner method would be to call the
CreateToolhelp32Snapshot function in a user mode application and send the
results to your driver.On 20 September 2015 at 15:10, wrote:
>
>> Hi!
>> I am Trying to get all the threads ID’s of my process threads in kernel
>> mode.
>> Is there any way to enumerate threads like CreateToolhelp32Snapshot() in
>> my driver?
>>
>> SapGr
>>
>>
>> —
>> NTDEV is sponsored by OSR
>>
>> Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
>>
>> OSR is HIRING!! See http://www.osr.com/careers
>>
>> For our schedule of WDF, WDM, debugging and other seminars visit:
>> http://www.osr.com/seminars
>>
>> To unsubscribe, visit the List Server section of OSR Online at
>> http://www.osronline.com/page.cfm?name=ListServer
>>
>
> — NTDEV is sponsored by OSR Visit the list at:
> http://www.osronline.com/showlists.cfm?list=ntdev OSR is HIRING!! See
> http://www.osr.com/careers For our schedule of WDF, WDM, debugging and
> other seminars visit: http://www.osr.com/seminars To unsubscribe, visit
> the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
–
Bercea. G.
really use ZwQuerySystemInformation(SystemProcessesAndThreadsInformation,…) absolute safe and clean method. CreateToolhelp32Snapshot() - use it internal. not need use any user mode assistance here or use self DB with PsSetCreateThreadNotifyRoutine
AuxKLib?
I think it is a documented wrapper over ZwQuerySystemInformation
–
Maxim S. Shatskih
Microsoft MVP on File System And Storage
xxxxx@storagecraft.com
http://www.storagecraft.com
wrote in message news:xxxxx@ntdev…
> really use ZwQuerySystemInformation(SystemProcessesAndThreadsInformation,…) absolute safe and clean method. CreateToolhelp32Snapshot() - use it internal. not need use any user mode assistance here or use self DB with PsSetCreateThreadNotifyRoutine
>
AuxKlibQueryModuleInformation works for drivers, not processes, IIRC.