ホーム › System.Threading › CreateRemoteThreadEx
CreateRemoteThreadEx
関数別プロセスの仮想アドレス空間でスレッドを作成する(拡張版)。
シグネチャ
// KERNEL32.dll
#include <windows.h>
HANDLE CreateRemoteThreadEx(
HANDLE hProcess,
SECURITY_ATTRIBUTES* lpThreadAttributes, // optional
UINT_PTR dwStackSize,
LPTHREAD_START_ROUTINE lpStartAddress,
void* lpParameter, // optional
DWORD dwCreationFlags,
LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList, // optional
DWORD* lpThreadId // optional
);パラメーター
| 名前 | 型 | 方向 |
|---|---|---|
| hProcess | HANDLE | in |
| lpThreadAttributes | SECURITY_ATTRIBUTES* | inoptional |
| dwStackSize | UINT_PTR | in |
| lpStartAddress | LPTHREAD_START_ROUTINE | in |
| lpParameter | void* | inoptional |
| dwCreationFlags | DWORD | in |
| lpAttributeList | LPPROC_THREAD_ATTRIBUTE_LIST | inoptional |
| lpThreadId | DWORD* | outoptional |
戻り値の型: HANDLE
各言語での呼び出し定義
// KERNEL32.dll
#include <windows.h>
HANDLE CreateRemoteThreadEx(
HANDLE hProcess,
SECURITY_ATTRIBUTES* lpThreadAttributes, // optional
UINT_PTR dwStackSize,
LPTHREAD_START_ROUTINE lpStartAddress,
void* lpParameter, // optional
DWORD dwCreationFlags,
LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList, // optional
DWORD* lpThreadId // optional
);[DllImport("KERNEL32.dll", SetLastError = true, ExactSpelling = true)]
static extern IntPtr CreateRemoteThreadEx(
IntPtr hProcess, // HANDLE
IntPtr lpThreadAttributes, // SECURITY_ATTRIBUTES* optional
UIntPtr dwStackSize, // UINT_PTR
IntPtr lpStartAddress, // LPTHREAD_START_ROUTINE
IntPtr lpParameter, // void* optional
uint dwCreationFlags, // DWORD
IntPtr lpAttributeList, // LPPROC_THREAD_ATTRIBUTE_LIST optional
IntPtr lpThreadId // DWORD* optional, out
);<DllImport("KERNEL32.dll", SetLastError:=True, ExactSpelling:=True)>
Public Shared Function CreateRemoteThreadEx(
hProcess As IntPtr, ' HANDLE
lpThreadAttributes As IntPtr, ' SECURITY_ATTRIBUTES* optional
dwStackSize As UIntPtr, ' UINT_PTR
lpStartAddress As IntPtr, ' LPTHREAD_START_ROUTINE
lpParameter As IntPtr, ' void* optional
dwCreationFlags As UInteger, ' DWORD
lpAttributeList As IntPtr, ' LPPROC_THREAD_ATTRIBUTE_LIST optional
lpThreadId As IntPtr ' DWORD* optional, out
) As IntPtr
End Function' hProcess : HANDLE
' lpThreadAttributes : SECURITY_ATTRIBUTES* optional
' dwStackSize : UINT_PTR
' lpStartAddress : LPTHREAD_START_ROUTINE
' lpParameter : void* optional
' dwCreationFlags : DWORD
' lpAttributeList : LPPROC_THREAD_ATTRIBUTE_LIST optional
' lpThreadId : DWORD* optional, out
Declare PtrSafe Function CreateRemoteThreadEx Lib "kernel32" ( _
ByVal hProcess As LongPtr, _
ByVal lpThreadAttributes As LongPtr, _
ByVal dwStackSize As LongPtr, _
ByVal lpStartAddress As LongPtr, _
ByVal lpParameter As LongPtr, _
ByVal dwCreationFlags As Long, _
ByVal lpAttributeList As LongPtr, _
ByVal lpThreadId As LongPtr) As LongPtr
' VBA7前提(PtrSafe)。32bit Office では LongPtr→Long。Integer=16bit / Long=32bit / LongLong=64bit。import ctypes
from ctypes import wintypes
CreateRemoteThreadEx = ctypes.windll.kernel32.CreateRemoteThreadEx
CreateRemoteThreadEx.restype = ctypes.c_void_p
CreateRemoteThreadEx.argtypes = [
wintypes.HANDLE, # hProcess : HANDLE
ctypes.c_void_p, # lpThreadAttributes : SECURITY_ATTRIBUTES* optional
ctypes.c_size_t, # dwStackSize : UINT_PTR
ctypes.c_void_p, # lpStartAddress : LPTHREAD_START_ROUTINE
ctypes.POINTER(None), # lpParameter : void* optional
wintypes.DWORD, # dwCreationFlags : DWORD
wintypes.HANDLE, # lpAttributeList : LPPROC_THREAD_ATTRIBUTE_LIST optional
ctypes.POINTER(wintypes.DWORD), # lpThreadId : DWORD* optional, out
]
# GetLastError: use ctypes.GetLastError() (or ctypes.WinDLL(use_last_error=True))require 'fiddle'
require 'fiddle/import'
lib = Fiddle.dlopen('KERNEL32.dll')
CreateRemoteThreadEx = Fiddle::Function.new(
lib['CreateRemoteThreadEx'],
[
Fiddle::TYPE_VOIDP, # hProcess : HANDLE
Fiddle::TYPE_VOIDP, # lpThreadAttributes : SECURITY_ATTRIBUTES* optional
Fiddle::TYPE_UINTPTR_T, # dwStackSize : UINT_PTR
Fiddle::TYPE_VOIDP, # lpStartAddress : LPTHREAD_START_ROUTINE
Fiddle::TYPE_VOIDP, # lpParameter : void* optional
-Fiddle::TYPE_INT, # dwCreationFlags : DWORD
Fiddle::TYPE_VOIDP, # lpAttributeList : LPPROC_THREAD_ATTRIBUTE_LIST optional
Fiddle::TYPE_VOIDP, # lpThreadId : DWORD* optional, out
],
Fiddle::TYPE_VOIDP)#[link(name = "kernel32")]
extern "system" {
fn CreateRemoteThreadEx(
hProcess: *mut core::ffi::c_void, // HANDLE
lpThreadAttributes: *mut SECURITY_ATTRIBUTES, // SECURITY_ATTRIBUTES* optional
dwStackSize: usize, // UINT_PTR
lpStartAddress: *const core::ffi::c_void, // LPTHREAD_START_ROUTINE
lpParameter: *mut (), // void* optional
dwCreationFlags: u32, // DWORD
lpAttributeList: *mut core::ffi::c_void, // LPPROC_THREAD_ATTRIBUTE_LIST optional
lpThreadId: *mut u32 // DWORD* optional, out
) -> *mut core::ffi::c_void;
}
// crates: windows-sys provides ready-made bindings for this API.$sig = @"
[DllImport("KERNEL32.dll", SetLastError = true)]
public static extern IntPtr CreateRemoteThreadEx(IntPtr hProcess, IntPtr lpThreadAttributes, UIntPtr dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpAttributeList, IntPtr lpThreadId);
"@
$api = Add-Type -MemberDefinition $sig -Name 'KERNEL32_CreateRemoteThreadEx' -Namespace Win32 -PassThru
# $api::CreateRemoteThreadEx(hProcess, lpThreadAttributes, dwStackSize, lpStartAddress, lpParameter, dwCreationFlags, lpAttributeList, lpThreadId)#uselib "KERNEL32.dll"
#func global CreateRemoteThreadEx "CreateRemoteThreadEx" sptr, sptr, sptr, sptr, sptr, sptr, sptr, sptr
; CreateRemoteThreadEx hProcess, varptr(lpThreadAttributes), dwStackSize, lpStartAddress, lpParameter, dwCreationFlags, lpAttributeList, varptr(lpThreadId) ; 戻り値は stat
; hProcess : HANDLE -> "sptr"
; lpThreadAttributes : SECURITY_ATTRIBUTES* optional -> "sptr"
; dwStackSize : UINT_PTR -> "sptr"
; lpStartAddress : LPTHREAD_START_ROUTINE -> "sptr"
; lpParameter : void* optional -> "sptr"
; dwCreationFlags : DWORD -> "sptr"
; lpAttributeList : LPPROC_THREAD_ATTRIBUTE_LIST optional -> "sptr"
; lpThreadId : DWORD* optional, out -> "sptr"
; ※HSP3.7は #func のため戻り値はシステム変数 stat に格納されます。出力引数:
#uselib "KERNEL32.dll" #cfunc global CreateRemoteThreadEx "CreateRemoteThreadEx" sptr, var, sptr, sptr, sptr, int, sptr, var ; res = CreateRemoteThreadEx(hProcess, lpThreadAttributes, dwStackSize, lpStartAddress, lpParameter, dwCreationFlags, lpAttributeList, lpThreadId) ; hProcess : HANDLE -> "sptr" ; lpThreadAttributes : SECURITY_ATTRIBUTES* optional -> "var" ; dwStackSize : UINT_PTR -> "sptr" ; lpStartAddress : LPTHREAD_START_ROUTINE -> "sptr" ; lpParameter : void* optional -> "sptr" ; dwCreationFlags : DWORD -> "int" ; lpAttributeList : LPPROC_THREAD_ATTRIBUTE_LIST optional -> "sptr" ; lpThreadId : DWORD* optional, out -> "var" ; ※出力/バッファ引数は var 方式(変数を直接渡す)。varptr 方式にも切替可。#uselib "KERNEL32.dll" #cfunc global CreateRemoteThreadEx "CreateRemoteThreadEx" sptr, sptr, sptr, sptr, sptr, int, sptr, sptr ; res = CreateRemoteThreadEx(hProcess, varptr(lpThreadAttributes), dwStackSize, lpStartAddress, lpParameter, dwCreationFlags, lpAttributeList, varptr(lpThreadId)) ; hProcess : HANDLE -> "sptr" ; lpThreadAttributes : SECURITY_ATTRIBUTES* optional -> "sptr" ; dwStackSize : UINT_PTR -> "sptr" ; lpStartAddress : LPTHREAD_START_ROUTINE -> "sptr" ; lpParameter : void* optional -> "sptr" ; dwCreationFlags : DWORD -> "int" ; lpAttributeList : LPPROC_THREAD_ATTRIBUTE_LIST optional -> "sptr" ; lpThreadId : DWORD* optional, out -> "sptr" ; ※出力/バッファ引数はポインタ方式(token=sptr / 呼び出しは varptr(変数))。
出力引数:
; HANDLE CreateRemoteThreadEx(HANDLE hProcess, SECURITY_ATTRIBUTES* lpThreadAttributes, UINT_PTR dwStackSize, LPTHREAD_START_ROUTINE lpStartAddress, void* lpParameter, DWORD dwCreationFlags, LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList, DWORD* lpThreadId) #uselib "KERNEL32.dll" #cfunc global CreateRemoteThreadEx "CreateRemoteThreadEx" intptr, var, intptr, intptr, intptr, int, intptr, var ; res = CreateRemoteThreadEx(hProcess, lpThreadAttributes, dwStackSize, lpStartAddress, lpParameter, dwCreationFlags, lpAttributeList, lpThreadId) ; hProcess : HANDLE -> "intptr" ; lpThreadAttributes : SECURITY_ATTRIBUTES* optional -> "var" ; dwStackSize : UINT_PTR -> "intptr" ; lpStartAddress : LPTHREAD_START_ROUTINE -> "intptr" ; lpParameter : void* optional -> "intptr" ; dwCreationFlags : DWORD -> "int" ; lpAttributeList : LPPROC_THREAD_ATTRIBUTE_LIST optional -> "intptr" ; lpThreadId : DWORD* optional, out -> "var" ; ※出力/バッファ引数は var 方式(変数を直接渡す)。varptr 方式にも切替可。; HANDLE CreateRemoteThreadEx(HANDLE hProcess, SECURITY_ATTRIBUTES* lpThreadAttributes, UINT_PTR dwStackSize, LPTHREAD_START_ROUTINE lpStartAddress, void* lpParameter, DWORD dwCreationFlags, LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList, DWORD* lpThreadId) #uselib "KERNEL32.dll" #cfunc global CreateRemoteThreadEx "CreateRemoteThreadEx" intptr, intptr, intptr, intptr, intptr, int, intptr, intptr ; res = CreateRemoteThreadEx(hProcess, varptr(lpThreadAttributes), dwStackSize, lpStartAddress, lpParameter, dwCreationFlags, lpAttributeList, varptr(lpThreadId)) ; hProcess : HANDLE -> "intptr" ; lpThreadAttributes : SECURITY_ATTRIBUTES* optional -> "intptr" ; dwStackSize : UINT_PTR -> "intptr" ; lpStartAddress : LPTHREAD_START_ROUTINE -> "intptr" ; lpParameter : void* optional -> "intptr" ; dwCreationFlags : DWORD -> "int" ; lpAttributeList : LPPROC_THREAD_ATTRIBUTE_LIST optional -> "intptr" ; lpThreadId : DWORD* optional, out -> "intptr" ; ※出力/バッファ引数はポインタ方式(token=intptr / 呼び出しは varptr(変数))。
import (
"golang.org/x/sys/windows"
"unsafe"
)
var (
kernel32 = windows.NewLazySystemDLL("KERNEL32.dll")
procCreateRemoteThreadEx = kernel32.NewProc("CreateRemoteThreadEx")
)
// hProcess (HANDLE), lpThreadAttributes (SECURITY_ATTRIBUTES* optional), dwStackSize (UINT_PTR), lpStartAddress (LPTHREAD_START_ROUTINE), lpParameter (void* optional), dwCreationFlags (DWORD), lpAttributeList (LPPROC_THREAD_ATTRIBUTE_LIST optional), lpThreadId (DWORD* optional, out)
r1, _, err := procCreateRemoteThreadEx.Call(
uintptr(hProcess),
uintptr(lpThreadAttributes),
uintptr(dwStackSize),
uintptr(lpStartAddress),
uintptr(lpParameter),
uintptr(dwCreationFlags),
uintptr(lpAttributeList),
uintptr(lpThreadId),
)
_ = err // syscall.Errno (valid when the call sets last-error)
_ = r1 // HANDLEfunction CreateRemoteThreadEx(
hProcess: THandle; // HANDLE
lpThreadAttributes: Pointer; // SECURITY_ATTRIBUTES* optional
dwStackSize: NativeUInt; // UINT_PTR
lpStartAddress: Pointer; // LPTHREAD_START_ROUTINE
lpParameter: Pointer; // void* optional
dwCreationFlags: DWORD; // DWORD
lpAttributeList: THandle; // LPPROC_THREAD_ATTRIBUTE_LIST optional
lpThreadId: Pointer // DWORD* optional, out
): THandle; stdcall;
external 'KERNEL32.dll' name 'CreateRemoteThreadEx';result := DllCall("KERNEL32\CreateRemoteThreadEx"
, "Ptr", hProcess ; HANDLE
, "Ptr", lpThreadAttributes ; SECURITY_ATTRIBUTES* optional
, "UPtr", dwStackSize ; UINT_PTR
, "Ptr", lpStartAddress ; LPTHREAD_START_ROUTINE
, "Ptr", lpParameter ; void* optional
, "UInt", dwCreationFlags ; DWORD
, "Ptr", lpAttributeList ; LPPROC_THREAD_ATTRIBUTE_LIST optional
, "Ptr", lpThreadId ; DWORD* optional, out
, "Ptr") ; return: HANDLE●CreateRemoteThreadEx(hProcess, lpThreadAttributes, dwStackSize, lpStartAddress, lpParameter, dwCreationFlags, lpAttributeList, lpThreadId) = DLL("KERNEL32.dll", "void* CreateRemoteThreadEx(void*, void*, int, void*, void*, dword, void*, void*)")
# 呼び出し: CreateRemoteThreadEx(hProcess, lpThreadAttributes, dwStackSize, lpStartAddress, lpParameter, dwCreationFlags, lpAttributeList, lpThreadId)
# hProcess : HANDLE -> "void*"
# lpThreadAttributes : SECURITY_ATTRIBUTES* optional -> "void*"
# dwStackSize : UINT_PTR -> "int"
# lpStartAddress : LPTHREAD_START_ROUTINE -> "void*"
# lpParameter : void* optional -> "void*"
# dwCreationFlags : DWORD -> "dword"
# lpAttributeList : LPPROC_THREAD_ATTRIBUTE_LIST optional -> "void*"
# lpThreadId : DWORD* optional, out -> "void*"
# なでしこ1は32bit・ANSI(Shift_JIS)。文字列=char*(ANSI)、ポインタ/ハンドル=void*(4byte)。