Tech Off Post

Single Post Permalink

View Thread: How to get the name of the related DLL for a thread in a process like Process Explorer?
  • User profile image

    It's a little unclear what exactly you're asking for here.

    If you're trying to get the list of all modules (i.e. DLLs and EXEs) in a given process, look at"> (you'll need to use PInvoke to access it if you're in C#).


    If you merely want the name of the process that a current thread is in, you'll need to call

    SuspendThread() on the thread that you're interrogating.

    Call GetThreadContext() on that thread to find out its current register state

    Look at Context.Eip (for 32-bit) or Context.Rip (for 64-bit) for the thread.

    Correlate that EIP value against the module list you've just obtained to see if it lies inside any of the modules. If it does - you've found your man, otherwise you're currently running from JITted code.


    If you want an exact method name, you'll need debugging symbols for the module you're debugging. Pass the EIP value (from before) into GetSymbolName to get a "best-match" name for the value (this might help:


    SysInternals uses DbgHelp.dll and GetSymbolName on values obtained from Context.Esp (the stack), so if you want to have information that looks the same as the screenshot you've got, take a stack-trace using Context.Esp and GetSymbolName as described above.