search

memflow / memflow-kvm

Linux kernel module for memflow's KVM connector
MIT License
36 stars 8 forks source link

Hello! Can we encapsulate a function to enumerate multiple process PID and obtain the number of threads for all process PID? #15

Closed JIUYUE521 closed 8 months ago

JIUYUE521 commented 8 months ago

The project has multiple processes with duplicate PID names. The function can be used to enumerate the number of threads in its process PID to obtain its true process PID

Similar to Windows API functions

DWORD pid = 0, cntThread = 0; HANDLE h = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); if (h != INVALID_HANDLE_VALUE) {

PROCESSENTRY32 Info = { 0 };
Info.dwSize = sizeof(PROCESSENTRY32);
BOOL bRet = FALSE;
bRet = Process32First(h, &Info);
while (bRet)
{
    if (_stricmp("aow_exe.exe", Info.szExeFile) == 0)
    {
        if (Info.cntThreads > cntThread)
        {
            cntThread = Info.cntThreads;
            pid = Info.th32ProcessID;
        }
    }
    bRet = Process32Next(h, &Info);
}
CloseHandle(h);

if (cntThread > 100)
    return pid;
else
    return 0;

}

return 0;