eracross Posted November 22, 2010 Share Posted November 22, 2010 Hi i jst want to ask if its possible to supend a thread by his StratAddress, Im not good at DllCall so i asked you Like this but not by TID.( MostafaGamal) Func _ThreadSuspend($TID) $Handle = DllCall("kernel32.dll","ptr", "OpenThread","dword", "0x0002","int", "0","dword",$TID) $i_sucess = DllCall("kernel32.dll","dword","SuspendThread","ptr",$Handle[0]) DllCall("kernel32.dll", "ptr", "CloseHandle", "ptr", $Handle) EndFunc Link to comment Share on other sites More sharing options...
Ascend4nt Posted November 22, 2010 Share Posted November 22, 2010 Suspending a thread 'parks' the thread inside the ntdll.dll module. You can't change that behavior. Redirecting code execution flow, on the other hand, is another story (and would be hacking). My contributions: Performance Counters in Windows - Measure CPU, Disk, Network etc Performance | Network Interface Info, Statistics, and Traffic | CPU Multi-Processor Usage w/o Performance Counters | Disk and Device Read/Write Statistics | Atom Table Functions | Process, Thread, & DLL Functions UDFs | Process CPU Usage Trackers | PE File Overlay Extraction | A3X Script Extract | File + Process Imports/Exports Information | Windows Desktop Dimmer Shade | Spotlight + Focus GUI - Highlight and Dim for Eyestrain Relief | CrossHairs (FullScreen) | Rubber-Band Boxes using GUI's (_GUIBox) | GUI Fun! | IE Embedded Control Versioning (use IE9+ and HTML5 in a GUI) | Magnifier (Vista+) Functions UDF | _DLLStructDisplay (Debug!) | _EnumChildWindows (controls etc) | _FileFindEx | _ClipGetHTML | _ClipPutHTML + ClipPutHyperlink | _FileGetShortcutEx | _FilePropertiesDialog | I/O Port Functions | File(s) Drag & Drop | _RunWithReducedPrivileges | _ShellExecuteWithReducedPrivileges | _WinAPI_GetSystemInfo | dotNETGetVersions | Drive(s) Power Status | _WinGetDesktopHandle | _StringParseParameters | Screensaver, Sleep, Desktop Lock Disable | Full-Screen Crash Recovery Wrappers/Modifications of others' contributions: _DOSWildcardsToPCRegEx (original code: RobSaunder's) | WinGetAltTabWinList (original: Authenticity) UDF's added support/programming to: _ExplorerWinGetSelectedItems | MIDIEx UDF (original code: eynstyne) (All personal code/wrappers centrally located at Ascend4nt's AutoIT Code) Link to comment Share on other sites More sharing options...
eracross Posted November 22, 2010 Author Share Posted November 22, 2010 Suspending a thread 'parks' the thread inside the ntdll.dll module. You can't change that behavior. Redirecting code execution flow, on the other hand, is another story (and would be hacking).Thanks but i didnt get it. if im wrong the Tid is always change thats why i want to know if its possible to suspend it by startaddress. I think i need to know more about Dllcalls.. Link to comment Share on other sites More sharing options...
Ascend4nt Posted November 23, 2010 Share Posted November 23, 2010 Process ID #'s and Thread ID #'s don't change. They remain consistent until termination of the thread or process. If you need to actually get Thread ID #'s for a process, then you'll need to use other API calls to achieve that. My Processes, Threads & DLL's UDFs contain all kinds of API calls to get all the information you could possibly want from a process or thread. My contributions: Performance Counters in Windows - Measure CPU, Disk, Network etc Performance | Network Interface Info, Statistics, and Traffic | CPU Multi-Processor Usage w/o Performance Counters | Disk and Device Read/Write Statistics | Atom Table Functions | Process, Thread, & DLL Functions UDFs | Process CPU Usage Trackers | PE File Overlay Extraction | A3X Script Extract | File + Process Imports/Exports Information | Windows Desktop Dimmer Shade | Spotlight + Focus GUI - Highlight and Dim for Eyestrain Relief | CrossHairs (FullScreen) | Rubber-Band Boxes using GUI's (_GUIBox) | GUI Fun! | IE Embedded Control Versioning (use IE9+ and HTML5 in a GUI) | Magnifier (Vista+) Functions UDF | _DLLStructDisplay (Debug!) | _EnumChildWindows (controls etc) | _FileFindEx | _ClipGetHTML | _ClipPutHTML + ClipPutHyperlink | _FileGetShortcutEx | _FilePropertiesDialog | I/O Port Functions | File(s) Drag & Drop | _RunWithReducedPrivileges | _ShellExecuteWithReducedPrivileges | _WinAPI_GetSystemInfo | dotNETGetVersions | Drive(s) Power Status | _WinGetDesktopHandle | _StringParseParameters | Screensaver, Sleep, Desktop Lock Disable | Full-Screen Crash Recovery Wrappers/Modifications of others' contributions: _DOSWildcardsToPCRegEx (original code: RobSaunder's) | WinGetAltTabWinList (original: Authenticity) UDF's added support/programming to: _ExplorerWinGetSelectedItems | MIDIEx UDF (original code: eynstyne) (All personal code/wrappers centrally located at Ascend4nt's AutoIT Code) Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now