Process and Thread interface

A process is an execution instance of a program that provides independent memory space and resource management, and can execute multiple tasks concurrently; A thread is an execution unit within a process, sharing process resources, achieving concurrent execution, and task collaboration.

get_process_handle

Obtain the process handle of the current loading process, and obtain the handle of the process by calling the get_process_handle function, which has no parameter passing and outputs an integer type.

python

>>> handle = dbg.get_process_handle()
>>> handle
2408

get_process_id

Obtain the process PID number of the current loading process, and obtain the process PID by calling the get_process_id function, which has no parameter passing and outputs an integer type.

python

>>> pid = dbg.get_process_id()
>>> pid
10144

get_peb_address

Obtain the PEB process environment block of the current process, and obtain the PEB structure of the process by calling the get_peb_address function. This function needs to pass in a process PID that defaults to itself, and output an integer type.

python

>>> pid = dbg.get_process_id()
>>> pid
10144
>>> peb = dbg.get_peb_address(pid)
>>> peb
18305024
>>> hex(peb)
'0x1175000'

get_thread_handle

Obtain the thread handle of the current loading process by calling the get_thread_handle function, which does not pass parameters and outputs an integer type.

python

>>> handle = dbg.get_thread_handle()
>>> handle
2372

get_thread_id

Obtain the Thread PID number of the current loading Thread, and obtain the Thread TID by calling the get_thread_id function, which has no parameter passing and outputs an integer type.

python

>>> tid = dbg.get_thread_id()
>>> tid
9148

get_teb_address

Retrieve the TEB thread environment block of the current process and obtain the TEB structure of the process by calling the get_teb_address function. This function needs to pass in a process TID that defaults to itself and output an integer type.

python

>>> tid = dbg.get_thread_id()
>>> tid
9148
>>>
>>> teb = dbg.get_teb_address(tid)
>>>
>>> teb
18317312
>>> hex(teb)
'0x1178000'

get_main_threadid

To obtain the thread ID of one's own process, the get_main_threadid function can be called, which has no parameter passing and returns an integer type upon successful execution.

python

>>> tid = dbg.get_main_threadid()
>>> tid
4572

get_thread_list

Obtain a list of all threads in the current process, which can be implemented by calling the get_thread_list function. This function does not pass any parameters and returns a nested list dictionary upon successful execution. Users can extract their own fields of interest.

python

>>> thread_list = dbg.get_thread_list()
>>>
>>> thread_list[0]
{
	'ThreadNumber': 1, 
	'ThreadID': 10208, 
	'ThreadName': '', 
	'LocalBase': 18329600, 
	'StartAddress': 2003362352, 
	'Cycles': 68934665, 
	'LastError': 0, 
	'SuspendCount': 1, 
	'ThreadCip': 2003509612, 
	'CurrentThread': 1
}

Process and Thread interface ​

Process related ​

get_process_handle ​

get_process_id ​

get_peb_address ​

Thread related ​

get_thread_handle ​

get_thread_id ​

get_teb_address ​

get_main_threadid ​

get_thread_list ​

Process and Thread interface

Process related

get_process_handle

get_process_id

get_peb_address

Thread related

get_thread_handle

get_thread_id

get_teb_address

get_main_threadid

get_thread_list