监视线程创建
[英]Monitoring the thread creation
问题描述
I've been working on a driver for versions of Windows starting from Windows XP. 
我一直在研究从Windows XP开始的Windows版本的驱动程序。 for this, I'm using the routine PsSetCreateThreadNotifyRoutine. 为此,我使用了例程PsSetCreateThreadNotifyRoutine。 In the registered callback, I'm trying to access the context of threads and I'm not getting. 在注册的回调中,我试图访问线程的上下文,但没有得到。 I found the information that when the callback function is called, the threads are not still in the context that will be used. 我发现以下信息:调用回调函数时,线程仍不在将要使用的上下文中。
I wonder if there is a function like kewaitforsingleobject that will signal when those threads get context? 我想知道是否有像kewaitforsingleobject这样的函数会在这些线程获取上下文时发出信号?
I tried creating a new thread for each thread that arise and making them wait but do not think it is the best solution. 我尝试为出现的每个线程创建一个新线程,并让它们等待,但认为这不是最佳解决方案。
in this case, what is the best way to wait for the threads receive their contexts? 在这种情况下,等待线程接收其上下文的最佳方法是什么?
1 个解决方案
解决方案1
0 2013-10-19 22:03:07
The driver's thread-notify routine runs at IRQL = PASSIVE_LEVEL.
so you have access to the parent thread's context when the new thread is created. 因此,在创建新线程时,您可以访问父线程的上下文。 I'm not sure, but it seems that you also have access to the deleting thread's context on it's deletion. 我不确定,但是似乎您也可以在删除线程上访问该删除线程的上下文。 (or maybe the parent again) (或者可能是父母)
so, you can use a list for storing the Thread-IDs and have a worker thread to check each TID. 因此,您可以使用一个列表来存储线程ID,并使用一个工作线程来检查每个TID。 don't forget about mutual exclusion. 不要忘记相互排斥。 you can use a MUTEX or a SPINLOCK (don't know their actual name in the WDK). 您可以使用MUTEX或SPINLOCK(在WDK中不知道其实际名称)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.