OpenThread() through diiferent thread numbers ?

Question

Hi there . I'm confusing about opening different threads with OpenThread Function and examining them with NtQueryInformationThread native function . I have no problem with NtQueryInformationThread & I can examine them finely. the problem is I don't know how to loop through different number of threads using OpenThread (with SetDebugPrivilege Consideration) . suppose we have different threads from number 5100 to 5200 & we want to examine them sequentially : for example 5100, 5101, 5102, 5103, 5104, 5105 ... 5200 ... . I don't know how to use OpenThread Function in delphi in right way ... . I'm using this syntax & I found it wrong :

OpenThread(THREAD_ALL_ACCESS,false,(DWORD)5100)

. if anyone could guide me how to use OpenThread though different number of threads it would be great .

thanks alot .

Answer 1

I'm not sure how'd you get threads with stricly sequential IDs, cause Windows doesn't (have to) assing thread IDs in any pattern.
If you want to loop through a set of threads, you'll have to use the Tool Help API:

1. call CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0) to get system state snapshot
2. loop through the threads with Thread32First and Thread32Next and select the threads you want to work with (eg. by its process' ID)
3. use OpenThread with an appropriate access mask, eg. THREAD_QUERY_INFORMATION
   do NOT use THREAD_ALL_ACCESS unless you created the thread in the current process and you know exactly what you're doing
   (restrain yourself to read-only access, if you touch threads of another process)
4. do what you want to, eg. call NtQueryInformationThread
5. don't forget CloseHandle

You have to handle the possibility of any of the threads terminating (and being replaced with a new thread with the same ID) as long as you don't hold the threads handle.

Edit (further clarification by request)
The CreateToolhelp32Snapshot with dwFlags == TH32CS_SNAPTHREAD gives you a system-wide snapshot (the th32ProcessID argument is ignored in this case) of all threads existing in the moment, regardless of their state, and the THREADENTRY32 structure subsequently returned by Thread32[First|Next] contains the th32ThreadID and th32OwnerProcessID fields, which you can use to identify the thread.

Answer 2

Thank you for your nice reply, but there's some problem still exist. let me say ..., I think using CreateToolHelp32SnapShot getting Snap from the current system state with regarding to a specific process ID but the matter is in our application we want to examine Thread ID and & with identifying the thread (whether it's live or dead) examing it's process ID with NtQueryInformationThread . I'm not still examine & implement your idea about using CreateToolHelp32SnapShot but as I read some source codes It's getting the current system state & it's related to the process ID, but suppose a time we have not the Process ID or any other process information . this is our problem while using OpenProcess or any other function related to opening or any other thing doing with threads .