Register for your free account! | Forgot your password?

Go Back   elitepvpers Coders Den AutoIt
How Find Thread Start Address? How Find Thread Start Address?
You last visited: Today at 07:32

  • Please register to post and access all features, it's quick, easy and FREE!

Advertisement


Advertise with us!

How Find Thread Start Address?

Discussion on How Find Thread Start Address? within the AutoIt forum part of the Coders Den category.

Reply
 
Old   #1
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Aug 2009
Posts: 17
Received Thanks: 1
How Find Thread Start Address?

hi guys, please, i need your help for find thread start address, i got script for find tid's, now i need find how get start adress from tid's, thank you.

example of TID Start Address
rakerkiller is offline  
Old   #2
 
elite*gold: 0
The Black Market: 9/0/0
Join Date: Mar 2009
Posts: 7,260
Received Thanks: 33,149
PHP Code:
Func GetThreadStartAddress($hThread)
    $StartAddress DllStructCreate("DWORD")
    If @error Then Return SetError(1""False)

    $ntdll DllOpen("ntdll.dll")
    If @error Then Return SetError(2""False)

    DllCall($ntdll"none""NtQueryInformationThread""HANDLE"$hThread"int"9"ptr"DllStructGetPtr($StartAddress), "int"4"int"0)
    If @error Then Return SetError(3""False)

    Return SetError(0""DllStructGetData($StartAddress1))
EndFunc 
KDeluxe is offline  
Old   #3
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Aug 2009
Posts: 17
Received Thanks: 1
hi KillerDeluxe ty for help me, I tested the script with

MsgBox(0,'',GetThreadStartAddress(1960)) ;1960 example of TID

and this return me 0, maybe u give me a example how use the code, ty
rakerkiller is offline  
Old   #4
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Aug 2009
Posts: 17
Received Thanks: 1
here is the code for get the thread(TID's) from PID, I need get the StartAddress from the TID's returned, thank you for help!

PHP Code:
#include <WinAPi.au3>
#include <Array.au3>

Global Const $TH32CS_SNAPTHREAD 0x00000004
Global Const $THREADENTRY32 "dword dwSize;dword cntUsage;dword th32ThreadId;dword th32OwnerProcessID;long tpBasePri;long tpDeltaPri;dword dwFlags;"

$pid ProcessExists("game.exe")

$arr=_GetAllProcessThreads($pid)

_ArrayDisplay($arr)

Func _GetAllProcessThreads($iPid)
        $call DllCall("Kernel32.dll""ptr""CreateToolhelp32Snapshot""dword"$TH32CS_SNAPTHREAD"dword"0)
    $handle $call[0]
    Local $RetArr[1][1]
    ConsoleWrite("Handle: " $handle & @CRLF)

    $te32=DllStructCreate($THREADENTRY32)
    DllStructSetData($te32,"dwSize",DllStructGetSize($te32))
    $call=DllCall("Kernel32.dll","int","Thread32First","ptr",$handle,"ptr",DllStructGetPtr($te32))
    If DllStructGetData($te32,"th32OwnerProcessID")=$iPid Then _GetAllThreads_ArrHelper($RetArr,$te32)
    Do
        $call=DllCall("Kernel32.dll","int","Thread32Next","ptr",$handle,"ptr",DllStructGetPtr($te32))
        If Not $call[0Then ExitLoop
        If DllStructGetData($te32,"th32OwnerProcessID")=$iPid Then  _GetAllThreads_ArrHelper($RetArr,$te32)
    Until True And False
    _ArrayDelete($RetArr,0)
    _WinAPI_CloseHandle($handle)
    Return $RetArr
EndFunc


Func _GetAllThreads_ArrHelper(ByRef $Arr,$TE32_Struct)
    $ub=Ubound($Arr)
    ReDim $Arr[$ub+1][1]
    $Arr[$ub][0]=DllStructGetData($TE32_Struct,"th32ThreadId")
EndFunc 
rakerkiller is offline  
Old   #5
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Aug 2009
Posts: 17
Received Thanks: 1
any1 got idea for help me, pls?
rakerkiller is offline  
Old   #6
 
elite*gold: 0
The Black Market: 9/0/0
Join Date: Mar 2009
Posts: 7,260
Received Thanks: 33,149
Use "OpenThread" to get the required handle.




PHP Code:
;=================================================================================================
; Function:            GetAllThreadsStartAddress($ProcessId)
Description:        Retrieves a list of threads.
; Return Value(s):    On Success Returns an array of matching thread identifiers and handles.
;                    On Failure Returns false
;                    @Error:    No error.
;                            Failed to open 'ntdll.dll'.
;                            Failed to open 'Kernel32.dll'.
;                            Failed to create a snapshot.
;                            Failed to copie the first entry of the thread list.
;                            Failed to open a thread.
;                            Failed to get the start address.
;                            Failed to close the opened thread.
;                            Failed to copie the next entry of the thread list.
;                            Failed to close the created snapshot.
Author(s):        KillerDeluxe
;=================================================================================================

Func GetAllThreadsStartAddress($ProcessId)
    $StartAddress DllStructCreate("DWORD")

    $TE32 DllStructCreate("DWORD;DWORD;DWORD;DWORD;LONG;LONG;DWORD")
    DllStructSetData($TE321DllStructGetSize($TE32))

    $ntdll DllOpen("ntdll.dll")
    If @error Then Return SetError(1""False)

    $Kernel32 DllOpen("Kernel32.dll")
    If @error Then Return SetError(2""False)

    $hSnapshot DllCall($Kernel32"HANDLE""CreateToolhelp32Snapshot""int"4"DWORD"$ProcessId)
    If @error Then Return SetError(3""False)

    DllCall($Kernel32"int""Thread32First""HANDLE"$hSnapshot[0], "ptr"DllStructGetPtr($TE32))
    If @error Then Return SetError(4""False)

    $ThreadCount 1
    Dim $ReturnArray[2][2]

    While True
        If DllStructGetData($TE324) == $ProcessId Then
            $ReturnArray[0][0] = $ThreadCount
            $ReturnArray[0][1] = $ThreadCount

            $hThread DllCall($Kernel32"HANDLE""OpenThread""int"0x60"bool"False"DWORD"DllStructGetData($TE323))
            If @error Then Return SetError(5""False)

            DllCall($ntdll"none""NtQueryInformationThread""HANDLE"$hThread[0], "int"9"ptr"DllStructGetPtr($StartAddress), "int"4"int"0)
            If @error Then Return SetError(6""False)

            ReDim $ReturnArray[$ThreadCount 1][2]
            $ReturnArray[$ThreadCount][0] = DllStructGetData($TE323)
            $ReturnArray[$ThreadCount][1] = Hex(DllStructGetData($StartAddress1))
            $ThreadCount += 1

            DllCall($Kernel32"int""CloseHandle""HANDLE"$hThread[0])
            If @error Then Return SetError(7""False)
        EndIf

        $ret DllCall($Kernel32"int""Thread32Next""HANDLE"$hSnapshot[0], "ptr"DllStructGetPtr($TE32))
        If @error Then Return SetError(8""False)
        If Not $ret[0Then ExitLoop
    WEnd

    DllCall($Kernel32"int""CloseHandle""HANDLE"$hSnapshot[0])
    If @error Then Return SetError(9""False)

    DllClose($ntdll)
    DllClose($Kernel32)
    Return SetError(0""$ReturnArray)
EndFunc 
Example:

You have to compile the script as a 32 bit application. Otherwise the returned StartAddress will be 0.
KDeluxe is offline  
Old   #7
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Aug 2009
Posts: 17
Received Thanks: 1
sry i was at one travel, I will test today at night and post the results, thanks very much for attention.
rakerkiller is offline  
Old   #8
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Aug 2009
Posts: 17
Received Thanks: 1
wow cool, works fine, alot thank you bro KillerDeluxe, you are PRO!
rakerkiller is offline  
Reply

« AutoIT Keybinder? | [Anfänger] Timer mit Hotkeys & Sounds erstellen »

Similar Threads Similar Threads
How to find a npc address via UCE
03/06/2010 - Kal Online - 1 Replies
As the name of the post say i looking the npc address with uce If someone could be so kind to tell me how to find tham by myself or you can post some address here
How to find AOE address
09/26/2009 - Cabal Online - 0 Replies
How can I find the AOE address? Any previous thread mentioned it?
How to find the server address
03/04/2009 - Dekaron Private Server - 0 Replies
Me and MANY others would LOVE if someone would come and help us out. I was following the codes for CE and finally got the concept. Then i found out that i need to have a server adress for it to go to. But somehow everyone failed to show us how. If you have already said it just post it here, and if not, now would be the perfect time! Thanks to all of you hardworkers! ;)
Find the address
02/14/2009 - Perfect World - 4 Replies
If i wan to use zPW v1.25 for perfect world private server, how do i find their address ??
Need Help Find IP Address
03/19/2008 - Lineage 2 - 3 Replies
hi gys need some help to find the ip address and protcol version of this server a friend plays on l2 memories and was asking i told him i would try i know there is the old programs to do it but not sure about karmael if any can help it would be greatly appreciated or point me in the right direction



All times are GMT +2. The time now is 07:35.

elitepvpers - play less, get more - Top

Powered by vBulletin®
Copyright ©2000 - 2026, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.

Support | Contact Us | FAQ | Advertising | Privacy Policy | Terms of Service | Abuse
Copyright ©2026 elitepvpers All Rights Reserved.