我把所有函数的线程ID都打印了,可就是找不到是哪个函数新建的线程!程序除了主线程外还有个,希望大家能帮我出个主意
线程的Start Address 叫mswsock 看它的栈里面有:ntkrnlpa.exe!KeSetEvent+0x2a1ntkrnlpa.exe!KeDelayExecutionThread+0x5ccntkrnlpa.exe!KeWaitForMutexObject+0x393ntkrnlpa.exe!KiDeliverApc+0x664ntkrnlpa.exe!KeRemoveQueueEx+0x990ntkrnlpa.exe!KeDelayExecutionThread+0x5ccntkrnlpa.exe!KeRemoveQueueEx+0x4f8ntkrnlpa.exe!ProbeForWrite+0x7fntkrnlpa.exe!FsRtlIncrementCcFastReadNotPossible+0x519ntkrnlpa.exe!ZwYieldExecution+0xb66ntdll.dll!KiFastSystemCallRetkernel32.dll!BaseThreadInitThunk+0x12ntdll.dll!RtlInitializeExceptionChain+0xefntdll.dll!RtlInitializeExceptionChain+0xc2
貌似没一个是我的函数里面的...
线程的Start Address 叫mswsock 看它的栈里面有:ntkrnlpa.exe!KeSetEvent+0x2a1ntkrnlpa.exe!KeDelayExecutionThread+0x5ccntkrnlpa.exe!KeWaitForMutexObject+0x393ntkrnlpa.exe!KiDeliverApc+0x664ntkrnlpa.exe!KeRemoveQueueEx+0x990ntkrnlpa.exe!KeDelayExecutionThread+0x5ccntkrnlpa.exe!KeRemoveQueueEx+0x4f8ntkrnlpa.exe!ProbeForWrite+0x7fntkrnlpa.exe!FsRtlIncrementCcFastReadNotPossible+0x519ntkrnlpa.exe!ZwYieldExecution+0xb66ntdll.dll!KiFastSystemCallRetkernel32.dll!BaseThreadInitThunk+0x12ntdll.dll!RtlInitializeExceptionChain+0xefntdll.dll!RtlInitializeExceptionChain+0xc2
貌似没一个是我的函数里面的...
系统自带的