How to add ntdll.dll to project libraries with LoadLibrary () and GetProcAddress () functions?

Question

How to add ntdll.dll to project libraries with LoadLibrary () and GetProcAddress () functions?

I want to get the start address of the thread with NtQueryInformationThread , but I need to add its library. How can i do this?

+3

c windows winapi

Mehrdad Jun 20 '12 at 13:28

source share

2 answers

I prefer to add ntdll.lib to the project (you can find it in the Windows DDK / WDK). In this case, you do not need GetProcAddress material.

+5

Sergey Podobry Jun 20 '12 at 15:07

source share

Adam sznajder · Accepted Answer · 2012-06-20T13:51:05+0000

I used NtQueryInformationThread without having to download ntdll (which, in my opinion, loads automatically). I needed to prepare a special header file with this content: http://pastebin.com/ieEqR0eL and include it in my project. After that, I was able to do something like this:

 NTSTATUS status; THREAD_BASIC_INFORMATION basicInfo; typedef NTSTATUS ( WINAPI *NQIT )( HANDLE, LONG, PVOID, ULONG, PULONG ); /* Open thread */ HANDLE thread = OpenThread(THREAD_ALL_ACCESS, false, threadId); /* Get the address of NtQueryInformationThread function. */ NQIT NtQueryInformationThread = ( NQIT )GetProcAddress( GetModuleHandle(TEXT("ntdll.dll")), "NtQueryInformationThread" ); /* Get basic thread information */ status = NtQueryInformationThread(thread, 0, &basicInfo, sizeof(basicInfo), NULL); CloseHandle(thread); /* Get address of the Thread Environment Block, stack start address and last stack address */ tebAddress = (DWORD)basicInfo.TebBaseAddress; DWORD pebAddress = *((DWORD*)(tebAddress+0x30)); /* For example to get stack base address */ stackBase = *((DWORD*)(tebAddress+4)); stackLimit = *((DWORD*)(tebAddress+8));

How to add ntdll.dll to project libraries with LoadLibrary () and GetProcAddress () functions?

More articles: