Obtain the master thread ID using the process ID

Obtain the master thread ID using the process ID, which is only applicable to a single thread. Multi-thread should distinguish which is the main thread and distinguish the method to be verified

(1) it seems that the earliest starttime can be used, but the thread execution time is not necessarily reliable. If createthread is started at the beginning, the thread execution time will be the same. The value on the stack can be traced back to determine which thread is the main thread, and the number of stacks of the main thread is somewhat different. The most obvious is the PE entry point on the main thread stack.
Information, This is the sub-thread.
(2) Obtain csrprocessinfo-> clientid. uniquethread from csrprocesslink, which is absolutely reliable.

 

# Include <iostream. h>
# Include <windows. h>
# Include <tlhelp32.h>
Void main ()
{
DWORD dwprocessid, dwthreadid;
While (1)
{
Dwthreadid = 0;
Cout <"Enter the process PID :";
Cin> dwprocessid;
Threadentry32 te32 = {sizeof (te32 )};
Handle hthreadsnap = createconlhelp32snapshot (th32cs_snapthread, 0 );
If (thread32first (hthreadsnap, & te32 ))
{
Do {
If (dwprocessid = te32.th32ownerprocessid)
{
Dwthreadid = te32.th32threadid;
Break;
}
} While (thread32next (hthreadsnap, & te32 ));
}
If (dwthreadid! = 0)
Cout <"main thread ID:" <dwthreadid <Endl;
Else
Cout <"not found" <Endl;
}
}

Assembly Code

Local @ stprocess: processentry32; information of each process
Local @ hsnapshot; snapshot handle

DWORD dwprocessid = XXXXX, dwthreadid = 0;
Threadentry32 te32 = {sizeof (te32 )};
Handle hthreadsnap = createconlhelp32snapshot (th32cs_snapthread, 0 );
If (thread32first (hthreadsnap, & te32 ))
{
Do {
If (dwprocessid = te32.th32ownerprocessid)
{
Dwthreadid = te32.th32threadid;
Break;
}
} While (thread32next (hthreadsnap, & te32 ));
}