Jump to content
Tuts 4 You

Main Application State

StreamLine

By StreamLine
in Programming and Coding

Recommended Posts

StreamLine

StreamLine

Posted
Posted

Hey guys.

I am currently coding a process manager in delphi, I am researching way in which i can get the state of an application. I have experimented with NTQuerySystemInformation and found i can list process with and get there thread states which i have currently done however. how can i determining which thread is the main(parent) thread for that process.

example

-------->Thread #2

|

(thread 0) Notepad.exe ----> Thread #1

in this stupid example thread 0 is the main application, then i could return the state of this to display to my end user. is this possible? i saw a "hack" so to speak or an ugly way of getting a application state by calling ResumeThread() Followed by SuspendThread() and returning the Thread Counter from either API if counter is 0 thread is running else suspened.

so the main question is can i get the main or parent thread of a process to query for the overall application state.

thanks

{Doesnt matter what programming langauge}

atom0s

atom0s

Posted
Posted

You can use CreateToolhelp32Snapshot to obtain the thread information for the process, the first thread retrieved from the function is the main thread of the process (from what I recall when I learned about the API). So you can do something such as:

(I wrote this real quick in Notepad so it may have some mistakes you need to fix up real quick.)

DWORD GetMainThreadId( DWORD dwProcessId )
{
	THREADENTRY32 te32 = { sizeof( THREADENTRY32 ) };
	HANDLE hSnapshot = CreateToolhelp32Snapshot( TH32CS_SNAPTHREAD, dwProcessId );	if( hSnapshot == INVALID_HANDLE_VALUE )
		return NULL;	if( Thread32First( hSnapshot, &te32 ) )
	{
		do {
			if( te32.th32OwnerProcessID == dwProcessId )
			{
				CloseHandle( hSnapshot );
				return te32.th32ThreadID;
			}
		} while( Thread32Next( hSnapThreads, &te32 ) );
	}	CloseHandle( hSnapshot );
	return NULL;
}
StreamLine

StreamLine

Posted
  • Author
Posted (edited)

Thank you for your reply, you confirmed what i suspected then that the first thread is the main thread, i was under the conclusion that the thread would be ordered randomly depending on when the api's where called. So know now that when i call NTQuerySystemInformation the structure has thread array so [0] in the array must be the application thread. I have read the thread wait and state from this article http://technet.micro...28WS.10%29.aspx from this my application lists the threads as per screenshot.

11768405.png

need to resolve file paths now so it works on x64bit an x32 :P

Edited by StreamLine

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go to topic listing
×
×
  • Create New...